diff --git a/config/ks-core/charts/ks-crds/scripts/install.sh b/config/ks-core/charts/ks-crds/scripts/install.sh index 711eeeceb..698f7d1f6 100644 --- a/config/ks-core/charts/ks-crds/scripts/install.sh +++ b/config/ks-core/charts/ks-crds/scripts/install.sh @@ -2,8 +2,7 @@ CRDS_PATH=$1 echo "ks-crds pre upgrade..." -# shellcheck disable=SC1060 -for crd in `ls $CRDS_PATH|grep \.yaml$`; do - echo $crd - kubectl apply -f $CRDS_PATH/$crd +for crd in "$CRDS_PATH"/*.yaml; do + basename "$crd" + kubectl apply -f "$crd" done \ No newline at end of file diff --git a/config/ks-core/charts/ks-crds/scripts/post-delete.sh b/config/ks-core/charts/ks-crds/scripts/post-delete.sh index bf07838f7..0deebd61c 100755 --- a/config/ks-core/charts/ks-crds/scripts/post-delete.sh +++ b/config/ks-core/charts/ks-crds/scripts/post-delete.sh @@ -1,48 +1,39 @@ #!/usr/bin/env bash -# set -x - CRD_NAMES=$1 MAPPING_CONFIG=$2 -for extension in `kubectl get installplan -o json | jq -r '.items[] | select(.status.state == "Installed") | .metadata.name'` -do - namespace=$(kubectl get installplan $extension -o=jsonpath='{.status.targetNamespace}') - version=$(kubectl get extension $extension -o=jsonpath='{.status.installedVersion}') - extensionversion=$extension-$version - echo "Found extension $extensionversion installed" - helm status $extension --namespace $namespace - if [ $? -eq 0 ]; then - helm mapkubeapis $extension --namespace $namespace --mapfile $MAPPING_CONFIG +for extension in $(kubectl get installplan -o json | jq -r '.items[] | select(.status.state == "Installed") | .metadata.name'); do + namespace=$(kubectl get installplan "$extension" -o=jsonpath='{.status.targetNamespace}') + version=$(kubectl get extension "$extension" -o=jsonpath='{.status.installedVersion}') + extensionVersion="$extension-$version" + echo "Found extension $extensionVersion installed" + if helm status "$extension" --namespace "$namespace" &>/dev/null; then + helm mapkubeapis "$extension" --namespace "$namespace" --mapfile "$MAPPING_CONFIG" fi - helm status $extension-agent --namespace $namespace - if [ $? -eq 0 ]; then - helm mapkubeapis $extension-agent --namespace $namespace --mapfile $MAPPING_CONFIG + if helm status "$extension-agent" --namespace "$namespace" &>/dev/null; then + helm mapkubeapis "$extension-agent" --namespace "$namespace" --mapfile "$MAPPING_CONFIG" fi done - -# remove namespace's finalizers && ownerReferences kubectl patch workspaces.tenant.kubesphere.io system-workspace -p '{"metadata":{"finalizers":[]}}' --type=merge kubectl patch workspacetemplates.tenant.kubesphere.io system-workspace -p '{"metadata":{"finalizers":[]}}' --type=merge -for ns in $(kubectl get ns -o jsonpath='{.items[*].metadata.name}' -l 'kubesphere.io/managed=true') -do - kubectl label ns $ns kubesphere.io/workspace- && \ - kubectl patch ns $ns -p '{"metadata":{"ownerReferences":[]}}' --type=merge && \ - echo "{\"kind\":\"Namespace\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"$ns\",\"finalizers\":null}}" | kubectl replace --raw "/api/v1/namespaces/$ns/finalize" -f - + +for ns in $(kubectl get ns -o jsonpath='{.items[*].metadata.name}' -l 'kubesphere.io/managed=true'); do + kubectl label ns "$ns" kubesphere.io/workspace- && \ + kubectl patch ns "$ns" -p '{"metadata":{"ownerReferences":[]}}' --type=merge && \ + echo '{"kind":"Namespace","apiVersion":"v1","metadata":{"name":"'"$ns"'","finalizers":null}}' | kubectl replace --raw "/api/v1/namespaces/$ns/finalize" -f - done - -# delete crds -for crd in `kubectl get crds -o jsonpath="{.items[*].metadata.name}"` -do - if [[ ${CRD_NAMES[@]/${crd}/} != ${CRD_NAMES[@]} ]]; then - scop=$(eval echo $(kubectl get crd ${crd} -o jsonpath="{.spec.scope}")) - if [[ $scop =~ "Namespaced" ]] ; then - kubectl get $crd -A --no-headers | awk '{print $1" "$2" ""'$crd'"}' | xargs -n 3 sh -c 'kubectl patch $2 -n $0 $1 -p "{\"metadata\":{\"finalizers\":null}}" --type=merge 2>/dev/null && kubectl delete $2 -n $0 $1 2>/dev/null' - else - kubectl get $crd -A --no-headers | awk '{print $1" ""'$crd'"}' | xargs -n 2 sh -c 'kubectl patch $1 $0 -p "{\"metadata\":{\"finalizers\":null}}" --type=merge 2>/dev/null && kubectl delete $1 $0 2>/dev/null' - fi - kubectl delete crd $crd 2>/dev/null; +for crd in $(kubectl get crds -o jsonpath='{.items[*].metadata.name}'); do + if [[ " ${CRD_NAMES[*]} " =~ ${crd} ]]; then + echo "Deleting CRD $crd" + scope=$(kubectl get crd "$crd" -o jsonpath='{.spec.scope}') + if [[ $scope == "Namespaced" ]]; then + kubectl get "$crd" -A --no-headers | awk '{print $1" "$2" ""'"$crd"'"}' | xargs -n 3 sh -c 'kubectl patch $2 -n $0 $1 -p "{\"metadata\":{\"finalizers\":null}}" --type=merge 2>/dev/null && kubectl delete $2 -n $0 $1 2>/dev/null' + else + kubectl get "$crd" -A --no-headers | awk '{print $1" ""'"$crd"'"}' | xargs -n 2 sh -c 'kubectl patch $1 $0 -p "{\"metadata\":{\"finalizers\":null}}" --type=merge 2>/dev/null && kubectl delete $1 $0 2>/dev/null' + fi + kubectl delete crd "$crd" 2>/dev/null fi -done +done \ No newline at end of file diff --git a/config/ks-core/charts/ks-crds/templates/_images.tpl b/config/ks-core/charts/ks-crds/templates/_images.tpl deleted file mode 100644 index d27be2fde..000000000 --- a/config/ks-core/charts/ks-crds/templates/_images.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{- define "kubectl.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.kubectl.image "global" (default .Values.global (dict "imageRegistry" "docker.io"))) }} -{{- end -}} - -{{- define "common.images.image" -}} -{{- $registryName := .global.imageRegistry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .global.tag | toString -}} -{{- if .imageRoot.registry }} - {{- $registryName = .imageRoot.registry -}} -{{- end -}} -{{- if .imageRoot.tag }} - {{- $termination = .imageRoot.tag | toString -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- end -}} diff --git a/config/ks-core/charts/ks-crds/templates/post-delete-crd-job.yaml b/config/ks-core/charts/ks-crds/templates/post-delete-crd-job.yaml index ae286dcee..eef74130f 100644 --- a/config/ks-core/charts/ks-crds/templates/post-delete-crd-job.yaml +++ b/config/ks-core/charts/ks-crds/templates/post-delete-crd-job.yaml @@ -47,7 +47,6 @@ subjects: name: "{{ .Release.Name }}-post-delete-crd" namespace: {{ .Release.Namespace }} ---- {{- $crdNameList := list }} {{- range $path, $_ := .Files.Glob "crds/**" }} {{- $crd := $.Files.Get $path | fromYaml }} @@ -68,6 +67,9 @@ spec: spec: restartPolicy: Never serviceAccountName: "{{ .Release.Name }}-post-delete-crd" + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} containers: - name: post-delete-job image: {{ template "kubectl.image" . }} @@ -79,7 +81,6 @@ spec: volumeMounts: - mountPath: /scripts name: scripts - resources: {{- toYaml .Values.kubectl.resources | nindent 12 }} volumes: - name: scripts configMap: diff --git a/config/ks-core/charts/ks-crds/templates/pre-upgrade-crd-job.yaml b/config/ks-core/charts/ks-crds/templates/pre-upgrade-crd-job.yaml index c9fb0b4f2..38d5aee61 100644 --- a/config/ks-core/charts/ks-crds/templates/pre-upgrade-crd-job.yaml +++ b/config/ks-core/charts/ks-crds/templates/pre-upgrade-crd-job.yaml @@ -52,6 +52,9 @@ spec: spec: restartPolicy: Never serviceAccountName: "{{ .Release.Name }}-pre-upgrade-crd" + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} containers: - name: crd-install image: {{ template "kubectl.image" . }} @@ -62,7 +65,6 @@ spec: volumeMounts: - mountPath: /scripts name: scripts - resources: {{- toYaml .Values.kubectl.resources | nindent 12 }} volumes: - name: scripts configMap: diff --git a/config/ks-core/charts/ks-crds/values.yaml b/config/ks-core/charts/ks-crds/values.yaml index 5816ade14..a61ac6f1a 100644 --- a/config/ks-core/charts/ks-crds/values.yaml +++ b/config/ks-core/charts/ks-crds/values.yaml @@ -1,6 +1,8 @@ -# Default values for ks-crds. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. +global: + imageRegistry: "" + imagePullSecrets: [] + # - name: "image-pull-secret" + kubectl: image: registry: "" diff --git a/config/ks-core/charts/redis-ha/templates/redis-ha-statefulset.yaml b/config/ks-core/charts/redis-ha/templates/redis-ha-statefulset.yaml index 750db52a0..dd0b50c2e 100644 --- a/config/ks-core/charts/redis-ha/templates/redis-ha-statefulset.yaml +++ b/config/ks-core/charts/redis-ha/templates/redis-ha-statefulset.yaml @@ -102,8 +102,8 @@ spec: release: {{ .Release.Name }} {{ template "redis-ha.fullname" . }}: replica {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} {{- end }} securityContext: {{ toYaml .Values.securityContext | nindent 8 }} serviceAccountName: {{ template "redis-ha.serviceAccountName" . }} diff --git a/config/ks-core/charts/redis-ha/templates/redis-haproxy-deployment.yaml b/config/ks-core/charts/redis-ha/templates/redis-haproxy-deployment.yaml index 493bd805d..5f77006de 100644 --- a/config/ks-core/charts/redis-ha/templates/redis-haproxy-deployment.yaml +++ b/config/ks-core/charts/redis-ha/templates/redis-haproxy-deployment.yaml @@ -109,8 +109,8 @@ spec: readOnly: true - name: data mountPath: /data - {{- if .Values.haproxy.imagePullSecrets }} - imagePullSecrets: {{ toYaml .Values.haproxy.imagePullSecrets | nindent 8 }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} {{- end }} containers: - name: haproxy diff --git a/config/ks-core/charts/redis-ha/values.yaml b/config/ks-core/charts/redis-ha/values.yaml index 841324927..5cb82d455 100644 --- a/config/ks-core/charts/redis-ha/values.yaml +++ b/config/ks-core/charts/redis-ha/values.yaml @@ -4,6 +4,8 @@ global: imageRegistry: "" + imagePullSecrets: [] + # - name: "image-pull-secret" image: registry: "" @@ -12,13 +14,6 @@ image: digest: "" pullPolicy: IfNotPresent -## Reference to one or more secrets to be used when pulling images -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -## This imagePullSecrets is only for redis images -## -imagePullSecrets: [] -# - name: "image-pull-secret" - ## replicas number for each component replicas: 3 @@ -102,13 +97,6 @@ haproxy: ## Custom labels for the haproxy pod labels: {} - - ## Reference to one or more secrets to be used when pulling images - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - imagePullSecrets: [] - # - name: "image-pull-secret" - annotations: {} resources: {} emptyDir: {} diff --git a/config/ks-core/templates/_images.tpl b/config/ks-core/templates/_images.tpl index cb9fd0d57..66e546ff0 100644 --- a/config/ks-core/templates/_images.tpl +++ b/config/ks-core/templates/_images.tpl @@ -1,15 +1,15 @@ {{/* Return the proper image name */}} -{{- define "ks-apiserver.image" -}} +{{- define "apiserver.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.apiserver.image "global" .Values.global) }} {{- end -}} -{{- define "ks-console.image" -}} +{{- define "console.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.console.image "global" .Values.global) }} {{- end -}} -{{- define "ks-controller-manager.image" -}} +{{- define "controller.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.controller.image "global" .Values.global) }} {{- end -}} @@ -33,7 +33,7 @@ Return the proper image name {{ include "common.images.image" (dict "imageRoot" .Values.redis.image "global" .Values.global) }} {{- end -}} -{{- define "extensions_museum.image" -}} +{{- define "extensionRepo.image" -}} {{ include "common.images.image" (dict "imageRoot" .Values.ksExtensionRepository.image "global" .Values.global) }} {{- end -}} @@ -53,46 +53,4 @@ Return the proper image name {{- $termination = .imageRoot.digest | toString -}} {{- end -}} {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "apiserver.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.apiserver.image) "global" .Values.global) -}} -{{- end -}} - -{{- define "console.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.console.image) "global" .Values.global) -}} -{{- end -}} - -{{- define "controller.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.controller.image) "global" .Values.global) -}} -{{- end -}} - -{{- define "extensions_museum.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.ksExtensionRepository.image) "global" .Values.global) -}} -{{- end -}} - -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/config/ks-core/templates/cert-manager.yaml b/config/ks-core/templates/cert-manager.yaml index 8796bc78d..b5efc0d8d 100644 --- a/config/ks-core/templates/cert-manager.yaml +++ b/config/ks-core/templates/cert-manager.yaml @@ -15,7 +15,6 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: letsencrypt - namespace: {{ .Release.Namespace }} spec: acme: email: {{ .Values.letsEncrypt.email }} @@ -55,7 +54,6 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: self-signed - namespace: {{ .Release.Namespace }} spec: selfSigned: {} {{- end }} @@ -79,7 +77,6 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: ks-apiserver-certificate - namespace: {{ .Release.Namespace }} spec: # Secret names are always required. secretName: ks-apiserver-tls-certs @@ -124,7 +121,6 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: ks-console-certificate - namespace: {{ .Release.Namespace }} spec: # Secret names are always required. secretName: ks-console-tls-certs diff --git a/config/ks-core/templates/customresourcefilters.yaml b/config/ks-core/templates/customresourcefilters.yaml index 49cfa46ac..55ce4ded7 100644 --- a/config/ks-core/templates/customresourcefilters.yaml +++ b/config/ks-core/templates/customresourcefilters.yaml @@ -10,5 +10,4 @@ stringData: kind: Secret metadata: name: extensions.customresourcefilters - namespace: kubesphere-system type: config.kubesphere.io/custom-resource-filter \ No newline at end of file diff --git a/config/ks-core/templates/dynamic-upgrade-job.yaml b/config/ks-core/templates/dynamic-upgrade-job.yaml new file mode 100644 index 000000000..6ff131930 --- /dev/null +++ b/config/ks-core/templates/dynamic-upgrade-job.yaml @@ -0,0 +1,57 @@ +{{- if .Values.upgrade.enabled }} +{{- if .Values.upgrade.dynamic }} +{{- if .Values.upgrade.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: ks-upgrade-dynamic-config +data: + config-patch.yaml: | + {{- toYaml .Values.upgrade.config | nindent 4 }} +{{- end }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: dynamic-upgrade +spec: + template: + spec: + restartPolicy: Never + serviceAccountName: {{ include "ks-core.serviceAccountName" . }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} + containers: + - name: dynamic-upgrade-job + image: {{ template "upgrade.image" . }} + imagePullPolicy: {{ .Values.upgrade.image.pullPolicy }} + command: + - ks-upgrade + - dynamic-upgrade + - --logtostderr=true + - --config=/etc/kubesphere/config.yaml + {{- if .Values.upgrade.config }} + - --config=/etc/kubesphere/config-patch.yaml + {{- end }} + volumeMounts: + - mountPath: /tmp/ks-upgrade + name: data + {{- if .Values.upgrade.config }} + - mountPath: /etc/kubesphere/config-patch.yaml + name: config + subPath: config-patch.yaml + {{- end }} + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ .Values.upgrade.persistenceVolume.name }} + {{- if .Values.upgrade.config }} + - name: config + configMap: + name: ks-upgrade-dynamic-config + defaultMode: 420 + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/config/ks-core/templates/extension-museum.yaml b/config/ks-core/templates/extension-museum.yaml index 977b9543c..cb3a7d2e9 100644 --- a/config/ks-core/templates/extension-museum.yaml +++ b/config/ks-core/templates/extension-museum.yaml @@ -10,7 +10,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: extensions-museum - namespace: {{ .Release.Namespace }} labels: app: extensions-museum spec: @@ -26,10 +25,12 @@ spec: # force restart ks-apiserver after the upgrade is complete if kubesphere-config changes checksum/cert: {{ sha256sum $cert.Cert }} spec: -{{- include "extensions_museum.imagePullSecrets" . | nindent 6 }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} containers: - name: extensions-museum - image: {{ template "extensions_museum.image" . }} + image: {{ template "extensionRepo.image" . }} command: - "/chartmuseum" - "--storage-local-rootdir" @@ -55,7 +56,6 @@ apiVersion: v1 kind: Secret metadata: name: extensions-museum-certs - namespace: {{ .Release.Namespace }} type: kubernetes.io/tls data: ca.crt: {{ b64enc $ca.Cert }} @@ -67,7 +67,6 @@ apiVersion: v1 kind: Service metadata: name: extensions-museum - namespace: {{ .Release.Namespace }} spec: selector: app: extensions-museum diff --git a/config/ks-core/templates/ingress.yaml b/config/ks-core/templates/ingress.yaml index 84a9ac851..4cc77d9b9 100644 --- a/config/ks-core/templates/ingress.yaml +++ b/config/ks-core/templates/ingress.yaml @@ -3,7 +3,6 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ks-console - namespace: {{ .Release.Namespace }} annotations: {{- if .Values.internalTLS }} {{- if eq .Values.ingress.ingressClassName "nginx" }} diff --git a/config/ks-core/templates/ks-agent.yaml b/config/ks-core/templates/ks-agent.yaml index c3c00ec26..9ebe2816d 100644 --- a/config/ks-core/templates/ks-agent.yaml +++ b/config/ks-core/templates/ks-agent.yaml @@ -4,10 +4,8 @@ kind: Deployment metadata: labels: app: ks-agent - tier: backend version: {{ .Chart.AppVersion }} name: ks-agent - namespace: kubesphere-system spec: strategy: rollingUpdate: @@ -31,7 +29,9 @@ spec: tier: backend spec: serviceAccountName: {{ template "ks-core.serviceAccountName" . }} - {{- include "controller.imagePullSecrets" . | nindent 6 }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} @@ -48,7 +48,7 @@ spec: terminationGracePeriodSeconds: 30 containers: - name: ks-apiserver - image: {{ template "ks-apiserver.image" . }} + image: {{ template "apiserver.image" . }} imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }} {{- if .Values.apiserver.containerPorts }} ports: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.containerPorts "context" $) | nindent 12 }} @@ -81,7 +81,7 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} - name: ks-controller-manager - image: {{ template "ks-controller-manager.image" . }} + image: {{ template "controller.image" . }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.containerPorts }} ports: {{- include "common.tplvalues.render" (dict "value" .Values.controller.containerPorts "context" $) | nindent 12 }} @@ -100,7 +100,7 @@ spec: - mountPath: /etc/kubesphere/ name: kubesphere-config - mountPath: /tmp/k8s-webhook-server/serving-certs - name: webhook-secret + name: webhook-cert - mountPath: /etc/localtime name: host-time readOnly: true @@ -112,7 +112,7 @@ spec: configMap: name: kubesphere-config defaultMode: 420 - - name: webhook-secret + - name: webhook-cert secret: defaultMode: 420 secretName: ks-controller-manager-webhook-cert diff --git a/config/ks-core/templates/ks-apiserver.yaml b/config/ks-core/templates/ks-apiserver.yaml index 650972c2a..cae136cc0 100644 --- a/config/ks-core/templates/ks-apiserver.yaml +++ b/config/ks-core/templates/ks-apiserver.yaml @@ -4,10 +4,8 @@ kind: Deployment metadata: labels: app: ks-apiserver - tier: backend version: {{ .Chart.AppVersion }} name: ks-apiserver - namespace: kubesphere-system spec: strategy: rollingUpdate: @@ -29,7 +27,9 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/kubesphere-config.yaml") . | sha256sum }} spec: serviceAccountName: {{ template "ks-core.serviceAccountName" . }} - {{- include "apiserver.imagePullSecrets" . | nindent 6 }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} affinity: {{- with .Values.affinity }} {{- toYaml . | nindent 8 }} @@ -62,7 +62,7 @@ spec: {{- end }} containers: - name: ks-apiserver - image: {{ template "ks-apiserver.image" . }} + image: {{ template "apiserver.image" . }} imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }} {{- if .Values.apiserver.containerPorts }} ports: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.containerPorts "context" $) | nindent 12 }} @@ -107,14 +107,14 @@ spec: - name: tls-cert mountPath: /etc/kubesphere/pki/ {{- end }} - {{ if .Values.ha.enabled }} + {{- if .Values.ha.enabled }} env: - name: KUBESPHERE_CACHE_OPTIONS_PASSWORD valueFrom: secretKeyRef: name: redis-secret key: auth - {{ end }} + {{- end }} volumes: - configMap: defaultMode: 420 diff --git a/config/ks-core/templates/ks-console-config.yaml b/config/ks-core/templates/ks-console-config.yaml index 5d431e3bd..824c20838 100644 --- a/config/ks-core/templates/ks-console-config.yaml +++ b/config/ks-core/templates/ks-console-config.yaml @@ -31,5 +31,4 @@ data: enableNodeListTerminal: {{ .Values.console.config.enableNodeListTerminal }} kind: ConfigMap metadata: - name: ks-console-config - namespace: kubesphere-system + name: ks-console-config \ No newline at end of file diff --git a/config/ks-core/templates/ks-console.yaml b/config/ks-core/templates/ks-console.yaml index 64b4e22a2..91705f6cf 100644 --- a/config/ks-core/templates/ks-console.yaml +++ b/config/ks-core/templates/ks-console.yaml @@ -4,10 +4,8 @@ kind: Deployment metadata: labels: app: ks-console - tier: frontend version: {{ .Chart.AppVersion }} name: ks-console - namespace: kubesphere-system spec: strategy: rollingUpdate: @@ -28,9 +26,9 @@ spec: # force restart ks-console after the upgrade is complete if ks-console-config changes checksum/config: {{ include (print $.Template.BasePath "/ks-console-config.yaml") . | sha256sum }} spec: - serviceAccount: {{ template "ks-core.serviceAccountName" . }} - serviceAccountName: {{ template "ks-core.serviceAccountName" . }} - {{- include "console.imagePullSecrets" . | nindent 6 }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} @@ -79,7 +77,7 @@ spec: {{- end }} containers: - name: ks-console - image: {{ template "ks-console.image" . }} + image: {{ template "console.image" . }} imagePullPolicy: {{ .Values.console.image.pullPolicy }} {{- if .Values.console.containerPorts }} ports: {{- include "common.tplvalues.render" (dict "value" .Values.console.containerPorts "context" $) | nindent 12 }} @@ -154,7 +152,6 @@ kind: Service metadata: labels: app: ks-console - tier: frontend version: {{ .Chart.AppVersion }} annotations: {{- if .Values.internalTLS }} @@ -179,7 +176,6 @@ spec: {{- end }} selector: app: ks-console - tier: frontend {{- if .Values.console.nodePort }} type: NodePort {{- else}} diff --git a/config/ks-core/templates/ks-controller-manager.yaml b/config/ks-core/templates/ks-controller-manager.yaml index 2011cb46b..8d2ce56f5 100644 --- a/config/ks-core/templates/ks-controller-manager.yaml +++ b/config/ks-core/templates/ks-controller-manager.yaml @@ -4,10 +4,8 @@ kind: Deployment metadata: labels: app: ks-controller-manager - tier: backend version: {{ .Chart.AppVersion }} name: ks-controller-manager - namespace: kubesphere-system spec: strategy: rollingUpdate: @@ -31,7 +29,9 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/kubesphere-config.yaml") . | sha256sum }} spec: serviceAccountName: {{ template "ks-core.serviceAccountName" . }} - {{- include "controller.imagePullSecrets" . | nindent 6 }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} @@ -68,7 +68,7 @@ spec: terminationGracePeriodSeconds: 30 containers: - name: ks-controller-manager - image: {{ template "ks-controller-manager.image" . }} + image: {{ template "controller.image" . }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} {{- if .Values.controller.containerPorts }} ports: {{- include "common.tplvalues.render" (dict "value" .Values.controller.containerPorts "context" $) | nindent 12 }} @@ -87,7 +87,7 @@ spec: - mountPath: /etc/kubesphere/ name: kubesphere-config - mountPath: /tmp/k8s-webhook-server/serving-certs - name: webhook-secret + name: webhook-cert - mountPath: /etc/localtime name: host-time readOnly: true @@ -99,7 +99,7 @@ spec: configMap: name: kubesphere-config defaultMode: 420 - - name: webhook-secret + - name: webhook-cert secret: defaultMode: 420 secretName: ks-controller-manager-webhook-cert diff --git a/config/ks-core/templates/kubesphere-config.yaml b/config/ks-core/templates/kubesphere-config.yaml index 5916fa7da..b255f6833 100644 --- a/config/ks-core/templates/kubesphere-config.yaml +++ b/config/ks-core/templates/kubesphere-config.yaml @@ -39,15 +39,15 @@ data: hostClusterName: {{ include "multicluster.hostClusterName" . | include "validateHostClusterName" | quote }} kubeconfig: # service-account-token client-certificate oidc-token webhook-token - authMode: {{ .Values.kubeconfig.authMode | default "client-certificate" }} + authMode: {{ (.Values.kubeconfig).authMode | default "client-certificate" }} terminal: kubectl: - image: {{ template "kubectl.image" . }} + image: {{ include "kubectl.image" . | quote }} node: - image: {{ template "nodeShell.image" . }} + image: {{ include "nodeShell.image" . | quote }} uploadFileLimit: 100Mi helmExecutor: - image: {{ template "helm.image" . }} + image: {{ include "helm.image" . | quote }} timeout: {{ .Values.helmExecutor.timeout }} historyMax: {{ .Values.helmExecutor.historyMax }} jobTTLAfterFinished: {{ .Values.helmExecutor.jobTTLAfterFinished }} diff --git a/config/ks-core/templates/oauthclient-config.yaml b/config/ks-core/templates/oauthclient-config.yaml index 484a06654..d10f7fcef 100644 --- a/config/ks-core/templates/oauthclient-config.yaml +++ b/config/ks-core/templates/oauthclient-config.yaml @@ -13,7 +13,6 @@ stringData: kind: Secret metadata: name: oauthclient-kubesphere - namespace: kubesphere-system labels: config.kubesphere.io/type: oauthclient type: config.kubesphere.io/oauthclient diff --git a/config/ks-core/templates/post-delete-job.yaml b/config/ks-core/templates/post-delete-job.yaml index cacb32d37..443f21afa 100644 --- a/config/ks-core/templates/post-delete-job.yaml +++ b/config/ks-core/templates/post-delete-job.yaml @@ -10,7 +10,6 @@ data: {{ (.Files.Glob "scripts/post-delete.sh").AsConfig | indent 2 }} --- - apiVersion: v1 kind: ServiceAccount metadata: @@ -21,7 +20,6 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -40,7 +38,6 @@ subjects: namespace: {{ .Release.Namespace }} --- - apiVersion: batch/v1 kind: Job metadata: @@ -54,6 +51,9 @@ spec: spec: restartPolicy: Never serviceAccountName: "{{ .Release.Name }}-post-delete" + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} containers: - name: post-delete-job image: {{ template "kubectl.image" . }} diff --git a/config/ks-core/templates/post-patch-system-ns-job.yaml b/config/ks-core/templates/post-patch-system-ns-job.yaml index b13cf0d4f..bdc0586c4 100644 --- a/config/ks-core/templates/post-patch-system-ns-job.yaml +++ b/config/ks-core/templates/post-patch-system-ns-job.yaml @@ -11,6 +11,9 @@ spec: spec: restartPolicy: Never serviceAccountName: {{ include "ks-core.serviceAccountName" . }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} containers: - name: post-patch-system-ns image: {{ template "kubectl.image" . }} diff --git a/config/ks-core/templates/post-patch-user-job.yaml b/config/ks-core/templates/post-patch-user-job.yaml index 0f8183994..1aaa9a96d 100644 --- a/config/ks-core/templates/post-patch-user-job.yaml +++ b/config/ks-core/templates/post-patch-user-job.yaml @@ -11,6 +11,9 @@ spec: spec: restartPolicy: Never serviceAccountName: {{ include "ks-core.serviceAccountName" . }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} containers: - name: post-patch-user image: {{ template "kubectl.image" . }} @@ -35,4 +38,3 @@ spec: echo "Updated user ${username} with annotation ${annotation_key}=${uid}" fi done - resources: {{- toYaml .Values.upgrade.resources | nindent 12 }} diff --git a/config/ks-core/templates/post-upgrade-job.yaml b/config/ks-core/templates/post-upgrade-job.yaml new file mode 100644 index 000000000..eadee183d --- /dev/null +++ b/config/ks-core/templates/post-upgrade-job.yaml @@ -0,0 +1,48 @@ +{{- if .Values.upgrade.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-post-upgrade + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + template: + spec: + restartPolicy: Never + serviceAccountName: {{ include "ks-core.serviceAccountName" . }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} + containers: + - name: post-upgrade-job + image: {{ template "upgrade.image" . }} + imagePullPolicy: {{ .Values.upgrade.image.pullPolicy }} + command: + - ks-upgrade + - post-upgrade + - --logtostderr=true + - --config=/etc/kubesphere/config.yaml + {{- if .Values.upgrade.config }} + - --config=/etc/kubesphere/config-patch.yaml + {{- end }} + volumeMounts: + {{- if .Values.upgrade.config }} + - mountPath: /etc/kubesphere/config-patch.yaml + name: config + subPath: config-patch.yaml + {{- end }} + - mountPath: /tmp/ks-upgrade + name: data + volumes: + {{- if .Values.upgrade.config }} + - name: config + configMap: + name: {{ .Release.Name }}-upgrade-config + defaultMode: 420 + {{- end }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.upgrade.persistenceVolume.name }} +{{- end }} \ No newline at end of file diff --git a/config/ks-core/templates/pre-upgrade-job.yaml b/config/ks-core/templates/pre-upgrade-job.yaml new file mode 100644 index 000000000..012162f2c --- /dev/null +++ b/config/ks-core/templates/pre-upgrade-job.yaml @@ -0,0 +1,83 @@ +{{- if .Values.upgrade.enabled }} +{{- if .Values.upgrade.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-upgrade-config + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "-1" +data: + config-patch.yaml: | + {{- toYaml .Values.upgrade.config | nindent 4 }} +{{- end }} + +--- +{{- if not (lookup "v1" "PersistentVolumeClaim" .Release.Namespace .Values.upgrade.persistenceVolume.name) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.upgrade.persistenceVolume.name }} + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "-1" + labels: + app: ks-upgrade + version: {{ .Chart.AppVersion }} +spec: + accessModes: + - {{ .Values.upgrade.persistenceVolume.accessMode | quote }} + resources: + requests: + storage: {{ .Values.upgrade.persistenceVolume.size | quote }} + storageClassName: {{ .Values.upgrade.persistenceVolume.storageClassName }} +{{- end }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-pre-upgrade + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + template: + spec: + restartPolicy: Never + serviceAccountName: {{ include "ks-core.serviceAccountName" . }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} + containers: + - name: pre-upgrade-job + image: {{ template "upgrade.image" . }} + imagePullPolicy: {{ .Values.upgrade.image.pullPolicy }} + command: + - ks-upgrade + - pre-upgrade + - --logtostderr=true + - --config=/etc/kubesphere/config.yaml + {{- if .Values.upgrade.config }} + - --config=/etc/kubesphere/config-patch.yaml + {{- end }} + volumeMounts: + {{- if .Values.upgrade.config }} + - mountPath: /etc/kubesphere/config-patch.yaml + name: config + subPath: config-patch.yaml + {{- end }} + - mountPath: /tmp/ks-upgrade + name: data + volumes: + {{- if .Values.upgrade.config }} + - name: config + configMap: + name: {{ .Release.Name }}-upgrade-config + defaultMode: 420 + {{- end }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.upgrade.persistenceVolume.name }} +{{- end }} \ No newline at end of file diff --git a/config/ks-core/templates/prepare-upgrade-job.yaml b/config/ks-core/templates/prepare-upgrade-job.yaml new file mode 100644 index 000000000..fa8995a4f --- /dev/null +++ b/config/ks-core/templates/prepare-upgrade-job.yaml @@ -0,0 +1,52 @@ +{{- if .Values.upgrade.enabled }} +{{- if .Values.upgrade.prepare }} +{{- if .Values.upgrade.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: ks-upgrade-prepare-config +data: + config-patch.yaml: | + {{- toYaml .Values.upgrade.config | nindent 4 }} +{{- end }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: prepare-upgrade +spec: + template: + spec: + restartPolicy: Never + serviceAccountName: {{ include "ks-core.serviceAccountName" . }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }} + {{- end }} + containers: + - name: prepare-upgrade-job + image: {{ template "upgrade.image" . }} + imagePullPolicy: {{ .Values.upgrade.image.pullPolicy }} + command: + - ks-upgrade + - prepare-upgrade + - --logtostderr=true + - --config=/etc/kubesphere/config.yaml + {{- if .Values.upgrade.config }} + - --config=/etc/kubesphere/config-patch.yaml + {{- end }} + {{- if .Values.upgrade.config }} + volumeMounts: + - mountPath: /etc/kubesphere/config-patch.yaml + name: config + subPath: config-patch.yaml + {{- end }} + {{- if .Values.upgrade.config }} + volumes: + - name: config + configMap: + name: ks-upgrade-prepare-config + defaultMode: 420 + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/config/ks-core/templates/serviceaccount.yaml b/config/ks-core/templates/serviceaccount.yaml index 946c908dc..642b37262 100644 --- a/config/ks-core/templates/serviceaccount.yaml +++ b/config/ks-core/templates/serviceaccount.yaml @@ -3,7 +3,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "ks-core.serviceAccountName" . }} - namespace: kubesphere-system labels: {{- include "ks-core.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} @@ -45,5 +44,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "ks-core.serviceAccountName" . }} - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/config/ks-core/templates/services.yaml b/config/ks-core/templates/services.yaml index 128fa0b1f..55e0af084 100644 --- a/config/ks-core/templates/services.yaml +++ b/config/ks-core/templates/services.yaml @@ -1,14 +1,10 @@ apiVersion: v1 kind: Service metadata: - annotations: - kubernetes.io/created-by: kubesphere.io/ks-apiserver labels: app: ks-apiserver - tier: backend version: {{ .Chart.AppVersion }} name: ks-apiserver - namespace: kubesphere-system spec: ports: - protocol: TCP @@ -28,24 +24,20 @@ spec: {{- else }} app: ks-agent {{- end }} - tier: backend - # version: {{ .Chart.AppVersion }} {{- if .Values.apiserver.nodePort }} type: NodePort {{- else}} type: ClusterIP {{- end}} ---- +--- apiVersion: v1 kind: Service metadata: labels: app: ks-controller-manager - tier: backend version: {{ .Chart.AppVersion }} name: ks-controller-manager - namespace: kubesphere-system spec: ports: - port: 443 @@ -57,7 +49,5 @@ spec: {{- else }} app: ks-agent {{- end }} - tier: backend - # version: {{ .Chart.AppVersion }} sessionAffinity: None type: ClusterIP diff --git a/config/ks-core/templates/tls-secrets.yaml b/config/ks-core/templates/tls-secrets.yaml index 5c1067d28..4e2046482 100644 --- a/config/ks-core/templates/tls-secrets.yaml +++ b/config/ks-core/templates/tls-secrets.yaml @@ -7,7 +7,6 @@ apiVersion: v1 kind: Secret metadata: name: ks-apiserver-tls-certs - namespace: {{ .Release.Namespace }} type: Opaque data: ca.crt: {{ b64enc $ca.Cert }} @@ -22,7 +21,6 @@ apiVersion: v1 kind: Secret metadata: name: ks-console-tls-certs - namespace: {{ .Release.Namespace }} type: Opaque data: ca.crt: {{ b64enc $ca.Cert }} @@ -37,7 +35,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Values.ingress.tls.secretName }} - namespace: {{ .Release.Namespace }} type: Opaque data: ca.crt: {{ b64enc $ca.Cert }} diff --git a/config/ks-core/templates/traefik.yaml b/config/ks-core/templates/traefik.yaml index 7a5fbd228..9871eb246 100644 --- a/config/ks-core/templates/traefik.yaml +++ b/config/ks-core/templates/traefik.yaml @@ -4,7 +4,6 @@ apiVersion: traefik.containo.us/v1alpha1 kind: ServersTransport metadata: name: ks-console-transport - namespace: {{ .Release.Namespace }} spec: serverName: ks-console insecureSkipVerify: false diff --git a/config/ks-core/templates/webhook.yaml b/config/ks-core/templates/webhook.yaml index 72dfdd00c..91077f954 100644 --- a/config/ks-core/templates/webhook.yaml +++ b/config/ks-core/templates/webhook.yaml @@ -19,7 +19,7 @@ type: Opaque apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - name: users.iam.kubesphere.io + name: validator.user.iam.kubesphere.io webhooks: - admissionReviewVersions: - v1 @@ -27,7 +27,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /validate-iam-kubesphere-io-v1beta1-user port: 443 failurePolicy: Ignore @@ -54,6 +54,45 @@ webhooks: sideEffects: None timeoutSeconds: 30 +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: defaulter.user.iam.kubesphere.io +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: {{ b64enc $ca.Cert | quote }} + service: + name: ks-controller-manager + namespace: {{ .Release.Namespace }} + path: /mutate-iam-kubesphere-io-v1beta1-user + port: 443 + failurePolicy: Ignore + matchPolicy: Exact + name: users.iam.kubesphere.io + namespaceSelector: {} + objectSelector: + matchExpressions: + - key: app.kubernetes.io/managed-by + operator: NotIn + values: + - Helm + rules: + - apiGroups: + - iam.kubesphere.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - users + scope: '*' + sideEffects: None + timeoutSeconds: 30 + --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration @@ -66,7 +105,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /mutate-kubesphere-io-v1alpha1-installplan port: 443 failurePolicy: Fail @@ -105,7 +144,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /validate-kubesphere-io-v1alpha1-installplan port: 443 failurePolicy: Fail @@ -145,7 +184,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /validate-quota-kubesphere-io-v1alpha2 port: 443 failurePolicy: Ignore @@ -180,7 +219,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /validate-extensions-kubesphere-io-v1alpha1-jsbundle port: 443 failurePolicy: Fail @@ -208,7 +247,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /validate-extensions-kubesphere-io-v1alpha1-apiservice port: 443 failurePolicy: Fail @@ -235,7 +274,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /validate-extensions-kubesphere-io-v1alpha1-reverseproxy port: 443 failurePolicy: Fail @@ -262,7 +301,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /validate-extensions-kubesphere-io-v1alpha1-extensionentry port: 443 failurePolicy: Fail @@ -296,7 +335,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /validate--v1-secret port: 443 failurePolicy: Ignore @@ -334,7 +373,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /mutate-extensions-kubesphere-io-v1alpha1-jsbundle port: 443 failurePolicy: Fail @@ -358,7 +397,6 @@ webhooks: {{- end }} --- - apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -370,7 +408,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /serviceaccount-pod-injector port: 443 failurePolicy: Ignore @@ -403,7 +441,7 @@ webhooks: caBundle: {{ b64enc $ca.Cert | quote }} service: name: ks-controller-manager - namespace: kubesphere-system + namespace: {{ .Release.Namespace }} path: /mutate--v1-secret port: 443 failurePolicy: Ignore diff --git a/config/ks-core/values.yaml b/config/ks-core/values.yaml index 91417b7a9..b1e4fc05d 100644 --- a/config/ks-core/values.yaml +++ b/config/ks-core/values.yaml @@ -4,6 +4,8 @@ global: imageRegistry: docker.io tag: v4.1.2 imagePullSecrets: [] + # - name: "image-pull-secret" + ## @param nameOverride String to partially override common.names.fullname ## @@ -113,14 +115,6 @@ apiserver: tag: "" digest: "" pullPolicy: IfNotPresent - ## Optionally, specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g.: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] ## @param containerPorts [array] List of container ports to enable in the ks-apiserver container ## containerPorts: @@ -166,14 +160,6 @@ console: tag: "" digest: "" pullPolicy: IfNotPresent - ## Optionally, specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g.: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] config: enableNodeListTerminal: true ## @param containerPorts [array] List of container ports to enable in the ks-console container @@ -213,14 +199,6 @@ controller: tag: "" digest: "" pullPolicy: IfNotPresent - ## Optionally, specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g.: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] ## @param containerPorts [array] List of container ports to enable in the ks-controller-manager container ## containerPorts: @@ -348,14 +326,34 @@ extension: httpPort: 80 httpsPort: 443 -hook: - resources: - limits: - cpu: 1 - memory: 1024Mi - requests: - cpu: 20m - memory: 100Mi +upgrade: + enabled: false + image: + registry: "" + repository: kubesphere/ks-upgrade + tag: "" + pullPolicy: IfNotPresent + persistenceVolume: + name: ks-upgrade + storageClassName: "" + accessMode: ReadWriteOnce + size: 5Gi + config: {} +# storage: +# local: +# path: /tmp/ks-upgrade +# download: +# globalRegistryUrl: "https://extensions-museum.kubesphere-system.svc/charts" +# file: {} +# http: +# timeout: 20 +# oci: {} +# skipValidator: false +# jobs: +# core: +# disabled: false +# priority: 10000 + ha: enabled: false @@ -453,4 +451,4 @@ ksExtensionRepository: registry: "" repository: kubesphere/ks-extensions-museum tag: "latest" - pullPolicy: Always + pullPolicy: IfNotPresent