diff --git a/config/ks-core/templates/cert-manager.yaml b/config/ks-core/templates/cert-manager.yaml index b5efc0d8d..1b48a3008 100644 --- a/config/ks-core/templates/cert-manager.yaml +++ b/config/ks-core/templates/cert-manager.yaml @@ -26,7 +26,7 @@ spec: privateKeySecretRef: name: letsencrypt-{{ .Values.letsEncrypt.environment }} {{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }} - http01: { } + http01: {} {{- else }} solvers: - http01: diff --git a/config/ks-core/templates/ks-apiserver.yaml b/config/ks-core/templates/ks-apiserver.yaml index cae136cc0..2204e14a3 100644 --- a/config/ks-core/templates/ks-apiserver.yaml +++ b/config/ks-core/templates/ks-apiserver.yaml @@ -133,4 +133,4 @@ spec: secretName: ks-apiserver-tls-certs defaultMode: 420 {{- end }} -{{ end }} \ No newline at end of file +{{ end }} diff --git a/config/ks-core/templates/ks-console.yaml b/config/ks-core/templates/ks-console.yaml index 655d67d24..0d0684550 100644 --- a/config/ks-core/templates/ks-console.yaml +++ b/config/ks-core/templates/ks-console.yaml @@ -70,7 +70,7 @@ spec: app: ks-console topologyKey: kubernetes.io/hostname namespaces: - - {{ .Release.Namespace | quote }} + - {{ .Release.Namespace | quote }} {{- else }} preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 @@ -82,24 +82,24 @@ spec: namespaces: - {{ .Release.Namespace | quote }} {{- end }} - {{- if .Values.tolerations }} + {{- if .Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} {{- end }} {{- if .Values.internalTLS }} initContainers: - name: init-ca image: {{ template "kubectl.image" . }} - command: [ "/bin/sh", "-c" ] - args: [ "cp /tmp/ca.crt /usr/local/share/ca-certificates/ \ + command: ["/bin/sh", "-c"] + args: ["cp /tmp/ca.crt /usr/local/share/ca-certificates/ \ && update-ca-certificates && cp /etc/ssl/certs/ca-certificates.crt /certs/"] volumeMounts: - - name: tls-cert - mountPath: /tmp/ca.crt - subPath: ca.crt - readOnly: false - - name: sys-cert - mountPath: /certs - readOnly: false + - name: tls-cert + mountPath: /tmp/ca.crt + subPath: ca.crt + readOnly: false + - name: sys-cert + mountPath: /certs + readOnly: false {{- end }} containers: - name: ks-console @@ -171,8 +171,8 @@ spec: - name: sys-cert emptyDir: {} {{- end }} ---- +--- apiVersion: v1 kind: Service metadata: @@ -188,18 +188,17 @@ metadata: name: ks-console spec: ports: - - name: nginx - {{- if .Values.internalTLS }} - port: 443 - {{- else }} - port: 80 + - name: nginx +{{- if .Values.internalTLS }} + port: 443 +{{- else }} + port: 80 +{{- end }} + protocol: TCP + targetPort: 8000 + {{- with .Values.console.nodePort }} + nodePort: {{ . }} {{- end }} - protocol: TCP - targetPort: 8000 - {{- with .Values.console.nodePort }} - nodePort: - {{- toYaml . | nindent 6 }} - {{- end }} selector: app: ks-console {{- if .Values.console.nodePort }} diff --git a/config/ks-core/templates/kubesphere-config.yaml b/config/ks-core/templates/kubesphere-config.yaml index b255f6833..42d9fbfae 100644 --- a/config/ks-core/templates/kubesphere-config.yaml +++ b/config/ks-core/templates/kubesphere-config.yaml @@ -81,11 +81,6 @@ data: kubesphere: tls: {{ .Values.internalTLS }} {{- if and (eq (include "multicluster.role" .) "host") .Values.ha.enabled -}} - {{- if and .Values.telemetry.enabled (eq (include "multicluster.role" .) "host") }} - telemetry: - ksCloudURL: "https://kubesphere.cloud" - {{- end }} - {{- if and (eq (include "multicluster.role" .) "host") .Values.ha.enabled -}} {{- if .Values.ha.cache }} cache: {{- toYaml .Values.ha.cache | nindent 6}} {{- else }} @@ -98,5 +93,4 @@ data: db: 0 {{- end }} {{- end }} - {{- end }} auditing: {{- toYaml .Values.auditing | nindent 6}} diff --git a/config/ks-core/templates/post-patch-system-ns-job.yaml b/config/ks-core/templates/post-patch-system-ns-job.yaml index 9a357148d..736582511 100644 --- a/config/ks-core/templates/post-patch-system-ns-job.yaml +++ b/config/ks-core/templates/post-patch-system-ns-job.yaml @@ -3,7 +3,7 @@ kind: Job metadata: name: "{{ .Release.Name }}-post-patch-system-ns" annotations: - "helm.sh/hook": post-install + "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-weight": "-5" "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed spec: @@ -16,7 +16,7 @@ spec: {{- end }} containers: - name: post-patch-system-ns - image: {{ template "kubectl.image" . }} + image: {{ template "kubectl.image" . }} command: - /bin/bash - -c @@ -27,6 +27,4 @@ spec: kubectl label ns $ns kubesphere.io/workspace=system-workspace kubectl label ns $ns kubesphere.io/managed=true kubectl label ns $ns kubesphere.io/protected-resource=true - done - kubectl get ns -l 'kubesphere.io/workspace,!kubesphere.io/managed' --no-headers -o custom-columns=NAME:.metadata.name | \ - xargs -I {} kubectl label ns {} kubesphere.io/managed=true + done \ No newline at end of file diff --git a/config/ks-core/templates/roletemplates.yaml b/config/ks-core/templates/roletemplates.yaml index 1ce14478f..abe7e28c4 100644 --- a/config/ks-core/templates/roletemplates.yaml +++ b/config/ks-core/templates/roletemplates.yaml @@ -1569,64 +1569,6 @@ spec: --- apiVersion: iam.kubesphere.io/v1beta1 kind: RoleTemplate -metadata: - annotations: - iam.kubesphere.io/role-template-rules: '{"workloadtemplates": "view"}' - labels: - iam.kubesphere.io/aggregate-to-operator: "" - iam.kubesphere.io/aggregate-to-viewer: "" - iam.kubesphere.io/aggregate-to-regular: "" - iam.kubesphere.io/category: namespace-configuration-management - iam.kubesphere.io/scope: "namespace" - kubesphere.io/managed: "true" - name: namespace-view-workloadtemplates -spec: - description: - en: 'View workloadtemplates in the project.' - zh: '查看项目中的工作负载模板。' - displayName: - en: WorkloadTemplate Viewing - zh: '工作负载模板查看' - rules: - - apiGroups: - - 'workloadtemplate.kubesphere.io' - resources: - - "*" - verbs: - - get - - list - - watch - ---- -apiVersion: iam.kubesphere.io/v1beta1 -kind: RoleTemplate -metadata: - annotations: - iam.kubesphere.io/dependencies: '["namespace-view-workloadtemplates"]' - iam.kubesphere.io/role-template-rules: '{"workloadtemplates": "manage"}' - labels: - iam.kubesphere.io/aggregate-to-operator: "" - iam.kubesphere.io/category: namespace-configuration-management - iam.kubesphere.io/scope: "namespace" - kubesphere.io/managed: "true" - name: namespace-manage-workloadtemplates -spec: - description: - en: 'Create, edit, and delete workloadtemplates in the project.' - zh: '创建、编辑和删除项目中的工作负载模板。' - displayName: - en: WorkloadTemplate Management - zh: '工作负载模板管理' - rules: - - apiGroups: - - 'workloadtemplate.kubesphere.io' - resources: - - "*" - verbs: - - '*' ---- -apiVersion: iam.kubesphere.io/v1beta1 -kind: RoleTemplate metadata: annotations: iam.kubesphere.io/role-template-rules: '{"secrets": "view"}' diff --git a/config/ks-core/templates/services.yaml b/config/ks-core/templates/services.yaml index 55e0af084..063e7dd92 100644 --- a/config/ks-core/templates/services.yaml +++ b/config/ks-core/templates/services.yaml @@ -15,8 +15,7 @@ spec: {{- end }} targetPort: 9090 {{- with .Values.apiserver.nodePort }} - nodePort: - {{- toYaml . | nindent 8 }} + nodePort: {{ . }} {{- end }} selector: {{- if eq (include "multicluster.role" .) "host" }} diff --git a/config/ks-core/values.yaml b/config/ks-core/values.yaml index b1e4fc05d..8daa39195 100644 --- a/config/ks-core/values.yaml +++ b/config/ks-core/values.yaml @@ -436,13 +436,6 @@ ksCRDs: repository: kubesphere/kubectl tag: "v1.27.16" pullPolicy: IfNotPresent - resources: - limits: - cpu: 1 - memory: 1024Mi - requests: - cpu: 20m - memory: 100Mi # add museum for all ks-extensions ksExtensionRepository: