Fix ks-core helm chart (#5101)

config/ks-core/templates/role-templates.yaml

@@ -0,0 +1,227 @@
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/aggregation-roles: '["role-template-manage-clusters","role-template-view-clusters","role-template-view-roles","role-template-view-workspaces","role-template-manage-workspaces","role-template-manage-users","role-template-view-users","role-template-manage-app-templates","role-template-view-app-templates","role-template-manage-platform-settings"]'
+    kubesphere.io/creator: admin
+  name: platform-admin
+rules:
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - nonResourceURLs:
+      - '*'
+    verbs:
+      - '*'
+
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/role-template-rules: '{"basic": "view"}'
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-view-basic
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/module: Clusters Management
+    iam.kubesphere.io/role-template-rules: '{"clusters": "view"}'
+    kubesphere.io/alias-name: Clusters View
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-view-clusters
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/dependencies: '["role-template-view-clusters"]'
+    iam.kubesphere.io/module: Clusters Management
+    iam.kubesphere.io/role-template-rules: '{"clusters": "manage"}'
+    kubesphere.io/alias-name: Clusters Management
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-manage-clusters
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/module: Access Control
+    iam.kubesphere.io/role-template-rules: '{"workspaces": "view"}'
+    kubesphere.io/alias-name: Workspaces View
+  labels:
+    iam.kubesphere.io/role-template: "true"
+    kubefed.io/managed: "true"
+  name: role-template-view-workspaces
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/dependencies: '["role-template-view-workspaces"]'
+    iam.kubesphere.io/module: Access Control
+    iam.kubesphere.io/role-template-rules: '{"workspaces": "manage"}'
+    kubesphere.io/alias-name: Workspaces Management
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-manage-workspaces
+rules: []
+
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/module: Access Control
+    iam.kubesphere.io/role-template-rules: '{"users": "view"}'
+    kubesphere.io/alias-name: Users View
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-view-users
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/dependencies: '["role-template-view-users","role-template-view-roles"]'
+    iam.kubesphere.io/module: Access Control
+    iam.kubesphere.io/role-template-rules: '{"users": "manage"}'
+    kubesphere.io/alias-name: Users Management
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-manage-users
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/dependencies: '["role-template-view-users"]'
+    iam.kubesphere.io/module: Access Control
+    iam.kubesphere.io/role-template-rules: '{"roles": "view"}'
+    kubesphere.io/alias-name: Roles View
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-view-roles
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/dependencies: '["role-template-view-roles"]'
+    iam.kubesphere.io/module: Access Control
+    iam.kubesphere.io/role-template-rules: '{"roles": "manage"}'
+    kubesphere.io/alias-name: Roles Management
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-manage-roles
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/module: Apps Management
+    iam.kubesphere.io/role-template-rules: '{"app-templates": "view"}'
+    kubesphere.io/alias-name: App Templates View
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-view-app-templates
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/dependencies: '["role-template-view-app-templates"]'
+    iam.kubesphere.io/module: Apps Management
+    iam.kubesphere.io/role-template-rules: '{"app-templates": "manage"}'
+    kubesphere.io/alias-name: App Templates Management
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-manage-app-templates
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  annotations:
+    iam.kubesphere.io/module: Platform Settings
+    iam.kubesphere.io/role-template-rules: '{"platform-settings": "manage"}'
+    kubesphere.io/alias-name: Platform Settings Management
+  labels:
+    iam.kubesphere.io/role-template: "true"
+  name: role-template-manage-platform-settings
+rules: []
+
+---
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRoleBinding
+metadata:
+  name: admin
+roleRef:
+  apiGroup: iam.kubesphere.io/v1alpha2
+  kind: GlobalRole
+  name: platform-admin
+subjects:
+  - apiGroup: iam.kubesphere.io/v1alpha2
+    kind: User
+    name: admin
+
+---
+apiVersion: tenant.kubesphere.io/v1alpha2
+kind: WorkspaceTemplate
+metadata:
+  labels:
+    kubefed.io/managed: "false"
+  annotations:
+    kubesphere.io/creator: admin
+    kubesphere.io/description: "system-workspace is a built-in workspace automatically created by KubeSphere. It contains all system components to run KubeSphere."
+  name: system-workspace
+spec:
+  placement:
+    clusterSelector: {}
+  template:
+    spec:
+      manager: admin
+      networkIsolation: false
+
+---
+apiVersion: tenant.kubesphere.io/v1alpha1
+kind: Workspace
+metadata:
+  labels:
+    kubefed.io/managed: "false"
+  annotations:
+    kubesphere.io/creator: admin
+  name: system-workspace
+spec:
+  manager: admin
+  networkIsolation: false

config/ks-core/values.yaml

@@ -38,7 +38,13 @@ image:
 config:
   # Specifies whether the kubesphere-config configmap should be created
   create: true
-  authentication: {}
+  authentication:
+    oauthOptions:
+      clients:
+      - name: kubesphere
+        secret: kubesphere
+        redirectURIs:
+        - '*'
   # Jwt Secret is required by ks-apiserver, a random string would be generated if it's empty
   jwtSecret: ""
   multicluster: {}

pkg/apiserver/apiserver.go

@@ -401,7 +401,11 @@ func waitForCacheSync(discoveryClient discovery.DiscoveryInterface, sharedInform
 			return err
 		})
 		if err != nil {
-			return fmt.Errorf("failed to fetch group version resources %s: %s", groupVersion, err)
+			if errors.IsNotFound(err) {
+				klog.Warningf("group version %s not exists in the cluster", groupVersion)
+				return nil
+			}
+			return fmt.Errorf("failed to fetch group version %s: %s", groupVersion, err)
 		}
 		for _, resourceName := range resourceNames {
 			groupVersionResource := groupVersion.WithResource(resourceName)