From 965dbb5ca76c12b91119b203308cd72a808f1426 Mon Sep 17 00:00:00 2001 From: hongming Date: Wed, 27 Jul 2022 18:31:53 +0800 Subject: [PATCH] Fix ks-core helm chart (#5101) --- config/ks-core/templates/role-templates.yaml | 227 +++++++++++++++++++ config/ks-core/values.yaml | 8 +- pkg/apiserver/apiserver.go | 6 +- 3 files changed, 239 insertions(+), 2 deletions(-) create mode 100644 config/ks-core/templates/role-templates.yaml diff --git a/config/ks-core/templates/role-templates.yaml b/config/ks-core/templates/role-templates.yaml new file mode 100644 index 000000000..cd06bb1c5 --- /dev/null +++ b/config/ks-core/templates/role-templates.yaml @@ -0,0 +1,227 @@ +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/aggregation-roles: '["role-template-manage-clusters","role-template-view-clusters","role-template-view-roles","role-template-view-workspaces","role-template-manage-workspaces","role-template-manage-users","role-template-view-users","role-template-manage-app-templates","role-template-view-app-templates","role-template-manage-platform-settings"]' + kubesphere.io/creator: admin + name: platform-admin +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' + + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/role-template-rules: '{"basic": "view"}' + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-view-basic +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/module: Clusters Management + iam.kubesphere.io/role-template-rules: '{"clusters": "view"}' + kubesphere.io/alias-name: Clusters View + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-view-clusters +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/dependencies: '["role-template-view-clusters"]' + iam.kubesphere.io/module: Clusters Management + iam.kubesphere.io/role-template-rules: '{"clusters": "manage"}' + kubesphere.io/alias-name: Clusters Management + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-manage-clusters +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/module: Access Control + iam.kubesphere.io/role-template-rules: '{"workspaces": "view"}' + kubesphere.io/alias-name: Workspaces View + labels: + iam.kubesphere.io/role-template: "true" + kubefed.io/managed: "true" + name: role-template-view-workspaces +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/dependencies: '["role-template-view-workspaces"]' + iam.kubesphere.io/module: Access Control + iam.kubesphere.io/role-template-rules: '{"workspaces": "manage"}' + kubesphere.io/alias-name: Workspaces Management + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-manage-workspaces +rules: [] + + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/module: Access Control + iam.kubesphere.io/role-template-rules: '{"users": "view"}' + kubesphere.io/alias-name: Users View + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-view-users +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/dependencies: '["role-template-view-users","role-template-view-roles"]' + iam.kubesphere.io/module: Access Control + iam.kubesphere.io/role-template-rules: '{"users": "manage"}' + kubesphere.io/alias-name: Users Management + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-manage-users +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/dependencies: '["role-template-view-users"]' + iam.kubesphere.io/module: Access Control + iam.kubesphere.io/role-template-rules: '{"roles": "view"}' + kubesphere.io/alias-name: Roles View + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-view-roles +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/dependencies: '["role-template-view-roles"]' + iam.kubesphere.io/module: Access Control + iam.kubesphere.io/role-template-rules: '{"roles": "manage"}' + kubesphere.io/alias-name: Roles Management + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-manage-roles +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/module: Apps Management + iam.kubesphere.io/role-template-rules: '{"app-templates": "view"}' + kubesphere.io/alias-name: App Templates View + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-view-app-templates +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/dependencies: '["role-template-view-app-templates"]' + iam.kubesphere.io/module: Apps Management + iam.kubesphere.io/role-template-rules: '{"app-templates": "manage"}' + kubesphere.io/alias-name: App Templates Management + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-manage-app-templates +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + annotations: + iam.kubesphere.io/module: Platform Settings + iam.kubesphere.io/role-template-rules: '{"platform-settings": "manage"}' + kubesphere.io/alias-name: Platform Settings Management + labels: + iam.kubesphere.io/role-template: "true" + name: role-template-manage-platform-settings +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRoleBinding +metadata: + name: admin +roleRef: + apiGroup: iam.kubesphere.io/v1alpha2 + kind: GlobalRole + name: platform-admin +subjects: + - apiGroup: iam.kubesphere.io/v1alpha2 + kind: User + name: admin + +--- +apiVersion: tenant.kubesphere.io/v1alpha2 +kind: WorkspaceTemplate +metadata: + labels: + kubefed.io/managed: "false" + annotations: + kubesphere.io/creator: admin + kubesphere.io/description: "system-workspace is a built-in workspace automatically created by KubeSphere. It contains all system components to run KubeSphere." + name: system-workspace +spec: + placement: + clusterSelector: {} + template: + spec: + manager: admin + networkIsolation: false + +--- +apiVersion: tenant.kubesphere.io/v1alpha1 +kind: Workspace +metadata: + labels: + kubefed.io/managed: "false" + annotations: + kubesphere.io/creator: admin + name: system-workspace +spec: + manager: admin + networkIsolation: false \ No newline at end of file diff --git a/config/ks-core/values.yaml b/config/ks-core/values.yaml index 0e3dc6233..cbc1f3286 100644 --- a/config/ks-core/values.yaml +++ b/config/ks-core/values.yaml @@ -38,7 +38,13 @@ image: config: # Specifies whether the kubesphere-config configmap should be created create: true - authentication: {} + authentication: + oauthOptions: + clients: + - name: kubesphere + secret: kubesphere + redirectURIs: + - '*' # Jwt Secret is required by ks-apiserver, a random string would be generated if it's empty jwtSecret: "" multicluster: {} diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 625ea8a67..fdd34ec7c 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -401,7 +401,11 @@ func waitForCacheSync(discoveryClient discovery.DiscoveryInterface, sharedInform return err }) if err != nil { - return fmt.Errorf("failed to fetch group version resources %s: %s", groupVersion, err) + if errors.IsNotFound(err) { + klog.Warningf("group version %s not exists in the cluster", groupVersion) + return nil + } + return fmt.Errorf("failed to fetch group version %s: %s", groupVersion, err) } for _, resourceName := range resourceNames { groupVersionResource := groupVersion.WithResource(resourceName)