update ks-core helm chart (#6401)

fix: cherrypick update ks-core helm chart Signed-off-by: peng wu <2030047311@qq.com>
2025-03-11 09:57:48 +08:00
parent 41fdd0f4eb
commit 7e2cafd15b
18 changed files with 46 additions and 37 deletions
--- a/config/ks-core/templates/NOTES.txt
+++ b/config/ks-core/templates/NOTES.txt
@@ -8,7 +8,7 @@ Please be patient and wait for several seconds for the KubeSphere deployment to

    kubectl get pods -n {{ .Release.Namespace }}

-{{- if or (eq .Values.role "") (eq .Values.role "host") }}
+{{- if or (eq .Values.multicluster.role "") (eq .Values.multicluster.role "host") }}
 2. Access the KubeSphere Console

    Once the deployment is complete, you can access the KubeSphere console using the following URL:  {{"\n"}}
--- a/config/ks-core/templates/_helpers.tpl
+++ b/config/ks-core/templates/_helpers.tpl
@@ -116,8 +116,8 @@ Create the name of the secret of sa token.
 {{- end }}
 {{- end }}

-{{- define "role" -}}
-{{- if eq .Values.role "" }}
+{{- define "multicluster.role" -}}
+{{- if eq $.Values.multicluster.role "" }}
 {{- with lookup "v1" "ConfigMap" (printf "%s" .Release.Namespace) "kubesphere-config" }}
 {{- with (fromYaml (index .data "kubesphere.yaml")) }}
 {{- if and .multicluster (.multicluster).clusterRole }}
@@ -127,36 +127,36 @@ Create the name of the secret of sa token.
 {{- .multicluster.clusterRole }}
 {{- end }}
 {{- else }}
-{{- $.Values.role | default "host" }}
+{{- $.Values.multicluster.role | default "host" }}
 {{- end }}
 {{- else }}
-{{- $.Values.role | default "host" }}
+{{- $.Values.multicluster.role | default "host" }}
 {{- end }}
 {{- else }}
-{{- $.Values.role | default "host" }}
+{{- $.Values.multicluster.role | default "host" }}
 {{- end }}
 {{- else }}
-{{- .Values.role }}
+{{- $.Values.multicluster.role }}
 {{- end }}
 {{- end }}

-{{- define "hostClusterName" -}}
-{{- if eq .Values.hostClusterName "" }}
+{{- define "multicluster.hostClusterName" -}}
+{{- if eq $.Values.multicluster.hostClusterName "" }}
 {{- with lookup "v1" "ConfigMap" (printf "%s" .Release.Namespace) "kubesphere-config" }}
 {{- with (fromYaml (index .data "kubesphere.yaml")) }}
 {{- if and .multicluster (.multicluster).hostClusterName }}
 {{- .multicluster.hostClusterName }}
 {{- else }}
-{{- $.Values.hostClusterName | default "host" }}
+{{- $.Values.multicluster.hostClusterName | default "host" }}
 {{- end }}
 {{- else }}
-{{- $.Values.hostClusterName | default "host" }}
+{{- $.Values.multicluster.hostClusterName | default "host" }}
 {{- end }}
 {{- else }}
-{{- $.Values.hostClusterName | default "host" }}
+{{- $.Values.multicluster.hostClusterName | default "host" }}
 {{- end }}
 {{- else }}
-{{- .Values.hostClusterName }}
+{{- $.Values.multicluster.hostClusterName }}
 {{- end }}
 {{- end }}

--- a/config/ks-core/templates/extension-categories.yaml
+++ b/config/ks-core/templates/extension-categories.yaml
@@ -1,4 +1,4 @@
-{{ if eq (include "role" .) "host" }}
+{{ if eq (include "multicluster.role" .) "host" }}
 ---
 apiVersion: kubesphere.io/v1alpha1
 kind: Category
--- a/config/ks-core/templates/extension-museum.yaml
+++ b/config/ks-core/templates/extension-museum.yaml
@@ -1,4 +1,4 @@
-{{- if and (eq (include "role" .) "host") .Values.ksExtensionRepository.enabled  }}
+{{- if and (eq (include "multicluster.role" .) "host") .Values.ksExtensionRepository.enabled }}

 {{- $ca := genCA "self-signed-ca" 3650 }}
 {{- $cn := printf "%s-extensions-museum" .Release.Name }}
--- a/config/ks-core/templates/globalroles.yaml
+++ b/config/ks-core/templates/globalroles.yaml
@@ -10,6 +10,14 @@ rules:
    verbs:
      - get
      - list
+  - apiGroups:
+      - extensions.kubesphere.io
+    resources:
+      - '*'
+    verbs:
+      - get
+      - list
+      - watch
  - nonResourceURLs:
      - '/static/images/*'
    verbs:
--- a/config/ks-core/templates/ks-agent.yaml
+++ b/config/ks-core/templates/ks-agent.yaml
@@ -1,4 +1,4 @@
-{{ if eq (include "role" .) "member" }}
+{{ if eq (include "multicluster.role" .) "member" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
--- a/config/ks-core/templates/ks-apiserver.yaml
+++ b/config/ks-core/templates/ks-apiserver.yaml
@@ -1,4 +1,4 @@
-{{ if eq (include "role" .) "host" }}
+{{ if eq (include "multicluster.role" .) "host" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
--- a/config/ks-core/templates/ks-console.yaml
+++ b/config/ks-core/templates/ks-console.yaml
@@ -1,4 +1,4 @@
-{{ if eq (include "role" .) "host" }}
+{{ if eq (include "multicluster.role" .) "host" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
--- a/config/ks-core/templates/ks-controller-manager.yaml
+++ b/config/ks-core/templates/ks-controller-manager.yaml
@@ -1,4 +1,4 @@
-{{ if eq (include "role" .) "host" }}
+{{ if eq (include "multicluster.role" .) "host" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
--- a/config/ks-core/templates/kubesphere-config.yaml
+++ b/config/ks-core/templates/kubesphere-config.yaml
@@ -18,7 +18,7 @@ data:
        url: {{ include "portal.url" . | quote }}
        jwtSecret: {{ include "jwtSecret" . | quote }}
        maximumClockSkew: {{ .Values.authentication.issuer.maximumClockSkew | default "10s" }}
-        {{- if eq (include "role" .) "member" }}
+        {{- if eq (include "multicluster.role" .) "member" }}
        accessTokenMaxAge: 0s
        {{- else }}
        accessTokenMaxAge: {{ .Values.authentication.issuer.accessTokenMaxAge }}
@@ -35,8 +35,8 @@ data:
      bucket: {{ .Values.s3.bucket | default "uploads"  }}
      {{- end }}
    multicluster:
-      clusterRole: {{ include "role" . | quote }}
-      hostClusterName: {{ include "hostClusterName" . | include "validateHostClusterName" | quote }}
+      clusterRole: {{ include "multicluster.role" . | quote }}
+      hostClusterName: {{ include "multicluster.hostClusterName" . | include "validateHostClusterName" | quote }}
    terminal:
      kubectl:
        image: {{ template "kubectl.image" . }}
@@ -77,7 +77,7 @@ data:
      appSelector: {{ .Values.composedApp.appSelector | quote }}
    kubesphere:
      tls: {{ .Values.internalTLS }}
-    {{- if and (eq (include "role" .) "host") .Values.ha.enabled -}}
+    {{- if and (eq (include "multicluster.role" .) "host") .Values.ha.enabled -}}
    {{- if .Values.ha.cache }}
    cache: {{- toYaml .Values.ha.cache | nindent 6}}
    {{- else }}
--- a/config/ks-core/templates/oauthclient-config.yaml
+++ b/config/ks-core/templates/oauthclient-config.yaml
@@ -1,4 +1,4 @@
-{{ if eq (include "role" .) "host" }}
+{{ if eq (include "multicluster.role" .) "host" }}
 apiVersion: v1
 stringData:
  configuration.yaml: |
--- a/config/ks-core/templates/platformconfig-telemetry.yaml
+++ b/config/ks-core/templates/platformconfig-telemetry.yaml
@@ -1,4 +1,4 @@
-{{- if eq (include "role" .) "host" }}
+{{- if eq (include "multicluster.role" .) "host" }}
 apiVersion: v1
 kind: Secret
 metadata:
--- a/config/ks-core/templates/redis.yaml
+++ b/config/ks-core/templates/redis.yaml
@@ -1,4 +1,4 @@
-{{- if eq (include "role" .) "host" }}
+{{- if eq (include "multicluster.role" .) "host" }}
 {{- if and .Values.ha.enabled (not .Values.ha.cache) }}
 {{- if lookup "v1" "Secret" "kubesphere-system" "redis-secret" }}
 {{- lookup "v1" "Secret" "kubesphere-system" "redis-secret" | toYaml }}
--- a/config/ks-core/templates/services.yaml
+++ b/config/ks-core/templates/services.yaml
@@ -23,7 +23,7 @@ spec:
      {{- toYaml . | nindent 8 }}
    {{- end }}
  selector:
-    {{- if eq (include "role" .) "host" }}
+    {{- if eq (include "multicluster.role" .) "host" }}
    app: ks-apiserver
    {{- else }}
    app: ks-agent
@@ -52,7 +52,7 @@ spec:
      protocol: TCP
      targetPort: 8443
  selector:
-    {{- if eq (include "role" .) "host" }}
+    {{- if eq (include "multicluster.role" .) "host" }}
    app: ks-controller-manager
    {{- else }}
    app: ks-agent
--- a/config/ks-core/templates/webhook.yaml
+++ b/config/ks-core/templates/webhook.yaml
@@ -14,7 +14,7 @@ metadata:
  name: ks-controller-manager-webhook-cert
 type: Opaque

-{{ if eq (include "role" .) "host" }}
+{{ if eq (include "multicluster.role" .) "host" }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
@@ -173,7 +173,7 @@ kind: ValidatingWebhookConfiguration
 metadata:
  name: extensions.kubesphere.io
 webhooks:
-  {{- if eq (include "role" .) "host" }}
+  {{- if eq (include "multicluster.role" .) "host" }}
  - admissionReviewVersions:
      - v1
    clientConfig:
@@ -321,7 +321,7 @@ webhooks:
    sideEffects: None
    timeoutSeconds: 30

-{{- if eq (include "role" .) "host" }}
+{{- if eq (include "multicluster.role" .) "host" }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
--- a/config/ks-core/templates/workspace.yaml
+++ b/config/ks-core/templates/workspace.yaml
@@ -1,4 +1,4 @@
-{{ if eq (include "role" .) "host" }}
+{{ if eq (include "multicluster.role" .) "host" }}
 apiVersion: tenant.kubesphere.io/v1beta1
 kind: WorkspaceTemplate
 metadata:
--- a/config/ks-core/values.yaml
+++ b/config/ks-core/values.yaml
@@ -21,10 +21,10 @@ commonAnnotations: {}
 ## Role represents the role of the current cluster,
 ## and it can have one of two values: "host" or "member".
 ## Priority: specified in values > get from kubesphere-config > default role (host)
-role: ""
-
-## Priority: specified in values > get from kubesphere-config > default name (host)
-hostClusterName: ""
+multicluster:
+  role: ""
+  ## Priority: specified in values > get from kubesphere-config > default name (host)
+  hostClusterName: ""

 portal:
  ## The IP address or hostname to access ks-console service.
--- a/pkg/controller/cluster/helper.go
+++ b/pkg/controller/cluster/helper.go
@@ -72,7 +72,8 @@ func installKSCoreInMemberCluster(kubeConfig []byte, jwtSecret, chartPath string

 	// Override some necessary values
 	values["role"] = "member"
-	// disable upgrade to prevent execution of ks-upgrade
+	values["multicluster"] = map[string]string{"role": "member"}
+	// disable upgrade to prevent execution of kse-upgrade
 	values["upgrade"] = map[string]interface{}{
 		"enabled": false,
 	}