chore: refine ks-core helm chart (#2128)
Signed-off-by: hongming <coder.scala@gmail.com>
This commit is contained in:
hongming
@@ -2,8 +2,7 @@
|
||||
|
||||
CRDS_PATH=$1
|
||||
echo "ks-crds pre upgrade..."
|
||||
# shellcheck disable=SC1060
|
||||
for crd in `ls $CRDS_PATH|grep \.yaml$`; do
|
||||
echo $crd
|
||||
kubectl apply -f $CRDS_PATH/$crd
|
||||
for crd in "$CRDS_PATH"/*.yaml; do
|
||||
basename "$crd"
|
||||
kubectl apply -f "$crd"
|
||||
done
|
||||
@@ -1,48 +1,39 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# set -x
|
||||
|
||||
CRD_NAMES=$1
|
||||
MAPPING_CONFIG=$2
|
||||
|
||||
for extension in `kubectl get installplan -o json | jq -r '.items[] | select(.status.state == "Installed") | .metadata.name'`
|
||||
do
|
||||
namespace=$(kubectl get installplan $extension -o=jsonpath='{.status.targetNamespace}')
|
||||
version=$(kubectl get extension $extension -o=jsonpath='{.status.installedVersion}')
|
||||
extensionversion=$extension-$version
|
||||
echo "Found extension $extensionversion installed"
|
||||
helm status $extension --namespace $namespace
|
||||
if [ $? -eq 0 ]; then
|
||||
helm mapkubeapis $extension --namespace $namespace --mapfile $MAPPING_CONFIG
|
||||
for extension in $(kubectl get installplan -o json | jq -r '.items[] | select(.status.state == "Installed") | .metadata.name'); do
|
||||
namespace=$(kubectl get installplan "$extension" -o=jsonpath='{.status.targetNamespace}')
|
||||
version=$(kubectl get extension "$extension" -o=jsonpath='{.status.installedVersion}')
|
||||
extensionVersion="$extension-$version"
|
||||
echo "Found extension $extensionVersion installed"
|
||||
if helm status "$extension" --namespace "$namespace" &>/dev/null; then
|
||||
helm mapkubeapis "$extension" --namespace "$namespace" --mapfile "$MAPPING_CONFIG"
|
||||
fi
|
||||
helm status $extension-agent --namespace $namespace
|
||||
if [ $? -eq 0 ]; then
|
||||
helm mapkubeapis $extension-agent --namespace $namespace --mapfile $MAPPING_CONFIG
|
||||
if helm status "$extension-agent" --namespace "$namespace" &>/dev/null; then
|
||||
helm mapkubeapis "$extension-agent" --namespace "$namespace" --mapfile "$MAPPING_CONFIG"
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
# remove namespace's finalizers && ownerReferences
|
||||
kubectl patch workspaces.tenant.kubesphere.io system-workspace -p '{"metadata":{"finalizers":[]}}' --type=merge
|
||||
kubectl patch workspacetemplates.tenant.kubesphere.io system-workspace -p '{"metadata":{"finalizers":[]}}' --type=merge
|
||||
for ns in $(kubectl get ns -o jsonpath='{.items[*].metadata.name}' -l 'kubesphere.io/managed=true')
|
||||
do
|
||||
kubectl label ns $ns kubesphere.io/workspace- && \
|
||||
kubectl patch ns $ns -p '{"metadata":{"ownerReferences":[]}}' --type=merge && \
|
||||
echo "{\"kind\":\"Namespace\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"$ns\",\"finalizers\":null}}" | kubectl replace --raw "/api/v1/namespaces/$ns/finalize" -f -
|
||||
|
||||
for ns in $(kubectl get ns -o jsonpath='{.items[*].metadata.name}' -l 'kubesphere.io/managed=true'); do
|
||||
kubectl label ns "$ns" kubesphere.io/workspace- && \
|
||||
kubectl patch ns "$ns" -p '{"metadata":{"ownerReferences":[]}}' --type=merge && \
|
||||
echo '{"kind":"Namespace","apiVersion":"v1","metadata":{"name":"'"$ns"'","finalizers":null}}' | kubectl replace --raw "/api/v1/namespaces/$ns/finalize" -f -
|
||||
done
|
||||
|
||||
|
||||
# delete crds
|
||||
for crd in `kubectl get crds -o jsonpath="{.items[*].metadata.name}"`
|
||||
do
|
||||
if [[ ${CRD_NAMES[@]/${crd}/} != ${CRD_NAMES[@]} ]]; then
|
||||
scop=$(eval echo $(kubectl get crd ${crd} -o jsonpath="{.spec.scope}"))
|
||||
if [[ $scop =~ "Namespaced" ]] ; then
|
||||
kubectl get $crd -A --no-headers | awk '{print $1" "$2" ""'$crd'"}' | xargs -n 3 sh -c 'kubectl patch $2 -n $0 $1 -p "{\"metadata\":{\"finalizers\":null}}" --type=merge 2>/dev/null && kubectl delete $2 -n $0 $1 2>/dev/null'
|
||||
else
|
||||
kubectl get $crd -A --no-headers | awk '{print $1" ""'$crd'"}' | xargs -n 2 sh -c 'kubectl patch $1 $0 -p "{\"metadata\":{\"finalizers\":null}}" --type=merge 2>/dev/null && kubectl delete $1 $0 2>/dev/null'
|
||||
fi
|
||||
kubectl delete crd $crd 2>/dev/null;
|
||||
for crd in $(kubectl get crds -o jsonpath='{.items[*].metadata.name}'); do
|
||||
if [[ " ${CRD_NAMES[*]} " =~ ${crd} ]]; then
|
||||
echo "Deleting CRD $crd"
|
||||
scope=$(kubectl get crd "$crd" -o jsonpath='{.spec.scope}')
|
||||
if [[ $scope == "Namespaced" ]]; then
|
||||
kubectl get "$crd" -A --no-headers | awk '{print $1" "$2" ""'"$crd"'"}' | xargs -n 3 sh -c 'kubectl patch $2 -n $0 $1 -p "{\"metadata\":{\"finalizers\":null}}" --type=merge 2>/dev/null && kubectl delete $2 -n $0 $1 2>/dev/null'
|
||||
else
|
||||
kubectl get "$crd" -A --no-headers | awk '{print $1" ""'"$crd"'"}' | xargs -n 2 sh -c 'kubectl patch $1 $0 -p "{\"metadata\":{\"finalizers\":null}}" --type=merge 2>/dev/null && kubectl delete $1 $0 2>/dev/null'
|
||||
fi
|
||||
kubectl delete crd "$crd" 2>/dev/null
|
||||
fi
|
||||
done
|
||||
done
|
||||
@@ -1,21 +0,0 @@
|
||||
{{- define "kubectl.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.kubectl.image "global" (default .Values.global (dict "imageRegistry" "docker.io"))) }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "common.images.image" -}}
|
||||
{{- $registryName := .global.imageRegistry -}}
|
||||
{{- $repositoryName := .imageRoot.repository -}}
|
||||
{{- $separator := ":" -}}
|
||||
{{- $termination := .global.tag | toString -}}
|
||||
{{- if .imageRoot.registry }}
|
||||
{{- $registryName = .imageRoot.registry -}}
|
||||
{{- end -}}
|
||||
{{- if .imageRoot.tag }}
|
||||
{{- $termination = .imageRoot.tag | toString -}}
|
||||
{{- end -}}
|
||||
{{- if .imageRoot.digest }}
|
||||
{{- $separator = "@" -}}
|
||||
{{- $termination = .imageRoot.digest | toString -}}
|
||||
{{- end -}}
|
||||
{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
|
||||
{{- end -}}
|
||||
@@ -47,7 +47,6 @@ subjects:
|
||||
name: "{{ .Release.Name }}-post-delete-crd"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
---
|
||||
{{- $crdNameList := list }}
|
||||
{{- range $path, $_ := .Files.Glob "crds/**" }}
|
||||
{{- $crd := $.Files.Get $path | fromYaml }}
|
||||
@@ -68,6 +67,9 @@ spec:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: "{{ .Release.Name }}-post-delete-crd"
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: post-delete-job
|
||||
image: {{ template "kubectl.image" . }}
|
||||
@@ -79,7 +81,6 @@ spec:
|
||||
volumeMounts:
|
||||
- mountPath: /scripts
|
||||
name: scripts
|
||||
resources: {{- toYaml .Values.kubectl.resources | nindent 12 }}
|
||||
volumes:
|
||||
- name: scripts
|
||||
configMap:
|
||||
|
||||
@@ -52,6 +52,9 @@ spec:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: "{{ .Release.Name }}-pre-upgrade-crd"
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: crd-install
|
||||
image: {{ template "kubectl.image" . }}
|
||||
@@ -62,7 +65,6 @@ spec:
|
||||
volumeMounts:
|
||||
- mountPath: /scripts
|
||||
name: scripts
|
||||
resources: {{- toYaml .Values.kubectl.resources | nindent 12 }}
|
||||
volumes:
|
||||
- name: scripts
|
||||
configMap:
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
# Default values for ks-crds.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
global:
|
||||
imageRegistry: ""
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
kubectl:
|
||||
image:
|
||||
registry: ""
|
||||
|
||||
@@ -102,8 +102,8 @@ spec:
|
||||
release: {{ .Release.Name }}
|
||||
{{ template "redis-ha.fullname" . }}: replica
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext: {{ toYaml .Values.securityContext | nindent 8 }}
|
||||
serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}
|
||||
|
||||
@@ -109,8 +109,8 @@ spec:
|
||||
readOnly: true
|
||||
- name: data
|
||||
mountPath: /data
|
||||
{{- if .Values.haproxy.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.haproxy.imagePullSecrets | nindent 8 }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: haproxy
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
|
||||
global:
|
||||
imageRegistry: ""
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
image:
|
||||
registry: ""
|
||||
@@ -12,13 +14,6 @@ image:
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## Reference to one or more secrets to be used when pulling images
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## This imagePullSecrets is only for redis images
|
||||
##
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
## replicas number for each component
|
||||
replicas: 3
|
||||
|
||||
@@ -102,13 +97,6 @@ haproxy:
|
||||
|
||||
## Custom labels for the haproxy pod
|
||||
labels: {}
|
||||
|
||||
## Reference to one or more secrets to be used when pulling images
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
##
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
annotations: {}
|
||||
resources: {}
|
||||
emptyDir: {}
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
{{/*
|
||||
Return the proper image name
|
||||
*/}}
|
||||
{{- define "ks-apiserver.image" -}}
|
||||
{{- define "apiserver.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.apiserver.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "ks-console.image" -}}
|
||||
{{- define "console.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.console.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "ks-controller-manager.image" -}}
|
||||
{{- define "controller.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.controller.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -33,7 +33,7 @@ Return the proper image name
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.redis.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "extensions_museum.image" -}}
|
||||
{{- define "extensionRepo.image" -}}
|
||||
{{ include "common.images.image" (dict "imageRoot" .Values.ksExtensionRepository.image "global" .Values.global) }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -53,46 +53,4 @@ Return the proper image name
|
||||
{{- $termination = .imageRoot.digest | toString -}}
|
||||
{{- end -}}
|
||||
{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Docker Image Registry Secret Names
|
||||
*/}}
|
||||
{{- define "apiserver.imagePullSecrets" -}}
|
||||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.apiserver.image) "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "console.imagePullSecrets" -}}
|
||||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.console.image) "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "controller.imagePullSecrets" -}}
|
||||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.controller.image) "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "extensions_museum.imagePullSecrets" -}}
|
||||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.ksExtensionRepository.image) "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "common.images.pullSecrets" -}}
|
||||
{{- $pullSecrets := list }}
|
||||
|
||||
{{- if .global }}
|
||||
{{- range .global.imagePullSecrets -}}
|
||||
{{- $pullSecrets = append $pullSecrets . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range .images -}}
|
||||
{{- range .pullSecrets -}}
|
||||
{{- $pullSecrets = append $pullSecrets . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if (not (empty $pullSecrets)) }}
|
||||
imagePullSecrets:
|
||||
{{- range $pullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -15,7 +15,6 @@ apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
acme:
|
||||
email: {{ .Values.letsEncrypt.email }}
|
||||
@@ -55,7 +54,6 @@ apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: self-signed
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
selfSigned: {}
|
||||
{{- end }}
|
||||
@@ -79,7 +77,6 @@ apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: ks-apiserver-certificate
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
# Secret names are always required.
|
||||
secretName: ks-apiserver-tls-certs
|
||||
@@ -124,7 +121,6 @@ apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: ks-console-certificate
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
# Secret names are always required.
|
||||
secretName: ks-console-tls-certs
|
||||
|
||||
@@ -10,5 +10,4 @@ stringData:
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: extensions.customresourcefilters
|
||||
namespace: kubesphere-system
|
||||
type: config.kubesphere.io/custom-resource-filter
|
||||
57
config/ks-core/templates/dynamic-upgrade-job.yaml
Normal file
57
config/ks-core/templates/dynamic-upgrade-job.yaml
Normal file
@@ -0,0 +1,57 @@
|
||||
{{- if .Values.upgrade.enabled }}
|
||||
{{- if .Values.upgrade.dynamic }}
|
||||
{{- if .Values.upgrade.config }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ks-upgrade-dynamic-config
|
||||
data:
|
||||
config-patch.yaml: |
|
||||
{{- toYaml .Values.upgrade.config | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: dynamic-upgrade
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: dynamic-upgrade-job
|
||||
image: {{ template "upgrade.image" . }}
|
||||
imagePullPolicy: {{ .Values.upgrade.image.pullPolicy }}
|
||||
command:
|
||||
- ks-upgrade
|
||||
- dynamic-upgrade
|
||||
- --logtostderr=true
|
||||
- --config=/etc/kubesphere/config.yaml
|
||||
{{- if .Values.upgrade.config }}
|
||||
- --config=/etc/kubesphere/config-patch.yaml
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- mountPath: /tmp/ks-upgrade
|
||||
name: data
|
||||
{{- if .Values.upgrade.config }}
|
||||
- mountPath: /etc/kubesphere/config-patch.yaml
|
||||
name: config
|
||||
subPath: config-patch.yaml
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.upgrade.persistenceVolume.name }}
|
||||
{{- if .Values.upgrade.config }}
|
||||
- name: config
|
||||
configMap:
|
||||
name: ks-upgrade-dynamic-config
|
||||
defaultMode: 420
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -10,7 +10,6 @@ apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: extensions-museum
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: extensions-museum
|
||||
spec:
|
||||
@@ -26,10 +25,12 @@ spec:
|
||||
# force restart ks-apiserver after the upgrade is complete if kubesphere-config changes
|
||||
checksum/cert: {{ sha256sum $cert.Cert }}
|
||||
spec:
|
||||
{{- include "extensions_museum.imagePullSecrets" . | nindent 6 }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: extensions-museum
|
||||
image: {{ template "extensions_museum.image" . }}
|
||||
image: {{ template "extensionRepo.image" . }}
|
||||
command:
|
||||
- "/chartmuseum"
|
||||
- "--storage-local-rootdir"
|
||||
@@ -55,7 +56,6 @@ apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: extensions-museum-certs
|
||||
namespace: {{ .Release.Namespace }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
ca.crt: {{ b64enc $ca.Cert }}
|
||||
@@ -67,7 +67,6 @@ apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: extensions-museum
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
selector:
|
||||
app: extensions-museum
|
||||
|
||||
@@ -3,7 +3,6 @@ apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ks-console
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- if .Values.internalTLS }}
|
||||
{{- if eq .Values.ingress.ingressClassName "nginx" }}
|
||||
|
||||
@@ -4,10 +4,8 @@ kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: ks-agent
|
||||
tier: backend
|
||||
version: {{ .Chart.AppVersion }}
|
||||
name: ks-agent
|
||||
namespace: kubesphere-system
|
||||
spec:
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
@@ -31,7 +29,9 @@ spec:
|
||||
tier: backend
|
||||
spec:
|
||||
serviceAccountName: {{ template "ks-core.serviceAccountName" . }}
|
||||
{{- include "controller.imagePullSecrets" . | nindent 6 }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
@@ -48,7 +48,7 @@ spec:
|
||||
terminationGracePeriodSeconds: 30
|
||||
containers:
|
||||
- name: ks-apiserver
|
||||
image: {{ template "ks-apiserver.image" . }}
|
||||
image: {{ template "apiserver.image" . }}
|
||||
imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
|
||||
{{- if .Values.apiserver.containerPorts }}
|
||||
ports: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.containerPorts "context" $) | nindent 12 }}
|
||||
@@ -81,7 +81,7 @@ spec:
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.apiserver.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: ks-controller-manager
|
||||
image: {{ template "ks-controller-manager.image" . }}
|
||||
image: {{ template "controller.image" . }}
|
||||
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
||||
{{- if .Values.controller.containerPorts }}
|
||||
ports: {{- include "common.tplvalues.render" (dict "value" .Values.controller.containerPorts "context" $) | nindent 12 }}
|
||||
@@ -100,7 +100,7 @@ spec:
|
||||
- mountPath: /etc/kubesphere/
|
||||
name: kubesphere-config
|
||||
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
||||
name: webhook-secret
|
||||
name: webhook-cert
|
||||
- mountPath: /etc/localtime
|
||||
name: host-time
|
||||
readOnly: true
|
||||
@@ -112,7 +112,7 @@ spec:
|
||||
configMap:
|
||||
name: kubesphere-config
|
||||
defaultMode: 420
|
||||
- name: webhook-secret
|
||||
- name: webhook-cert
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: ks-controller-manager-webhook-cert
|
||||
|
||||
@@ -4,10 +4,8 @@ kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: ks-apiserver
|
||||
tier: backend
|
||||
version: {{ .Chart.AppVersion }}
|
||||
name: ks-apiserver
|
||||
namespace: kubesphere-system
|
||||
spec:
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
@@ -29,7 +27,9 @@ spec:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/kubesphere-config.yaml") . | sha256sum }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "ks-core.serviceAccountName" . }}
|
||||
{{- include "apiserver.imagePullSecrets" . | nindent 6 }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
affinity:
|
||||
{{- with .Values.affinity }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
@@ -62,7 +62,7 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: ks-apiserver
|
||||
image: {{ template "ks-apiserver.image" . }}
|
||||
image: {{ template "apiserver.image" . }}
|
||||
imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
|
||||
{{- if .Values.apiserver.containerPorts }}
|
||||
ports: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.containerPorts "context" $) | nindent 12 }}
|
||||
@@ -107,14 +107,14 @@ spec:
|
||||
- name: tls-cert
|
||||
mountPath: /etc/kubesphere/pki/
|
||||
{{- end }}
|
||||
{{ if .Values.ha.enabled }}
|
||||
{{- if .Values.ha.enabled }}
|
||||
env:
|
||||
- name: KUBESPHERE_CACHE_OPTIONS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: redis-secret
|
||||
key: auth
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
|
||||
@@ -31,5 +31,4 @@ data:
|
||||
enableNodeListTerminal: {{ .Values.console.config.enableNodeListTerminal }}
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ks-console-config
|
||||
namespace: kubesphere-system
|
||||
name: ks-console-config
|
||||
@@ -4,10 +4,8 @@ kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: ks-console
|
||||
tier: frontend
|
||||
version: {{ .Chart.AppVersion }}
|
||||
name: ks-console
|
||||
namespace: kubesphere-system
|
||||
spec:
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
@@ -28,9 +26,9 @@ spec:
|
||||
# force restart ks-console after the upgrade is complete if ks-console-config changes
|
||||
checksum/config: {{ include (print $.Template.BasePath "/ks-console-config.yaml") . | sha256sum }}
|
||||
spec:
|
||||
serviceAccount: {{ template "ks-core.serviceAccountName" . }}
|
||||
serviceAccountName: {{ template "ks-core.serviceAccountName" . }}
|
||||
{{- include "console.imagePullSecrets" . | nindent 6 }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
@@ -79,7 +77,7 @@ spec:
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: ks-console
|
||||
image: {{ template "ks-console.image" . }}
|
||||
image: {{ template "console.image" . }}
|
||||
imagePullPolicy: {{ .Values.console.image.pullPolicy }}
|
||||
{{- if .Values.console.containerPorts }}
|
||||
ports: {{- include "common.tplvalues.render" (dict "value" .Values.console.containerPorts "context" $) | nindent 12 }}
|
||||
@@ -154,7 +152,6 @@ kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: ks-console
|
||||
tier: frontend
|
||||
version: {{ .Chart.AppVersion }}
|
||||
annotations:
|
||||
{{- if .Values.internalTLS }}
|
||||
@@ -179,7 +176,6 @@ spec:
|
||||
{{- end }}
|
||||
selector:
|
||||
app: ks-console
|
||||
tier: frontend
|
||||
{{- if .Values.console.nodePort }}
|
||||
type: NodePort
|
||||
{{- else}}
|
||||
|
||||
@@ -4,10 +4,8 @@ kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: ks-controller-manager
|
||||
tier: backend
|
||||
version: {{ .Chart.AppVersion }}
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
spec:
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
@@ -31,7 +29,9 @@ spec:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/kubesphere-config.yaml") . | sha256sum }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "ks-core.serviceAccountName" . }}
|
||||
{{- include "controller.imagePullSecrets" . | nindent 6 }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
@@ -68,7 +68,7 @@ spec:
|
||||
terminationGracePeriodSeconds: 30
|
||||
containers:
|
||||
- name: ks-controller-manager
|
||||
image: {{ template "ks-controller-manager.image" . }}
|
||||
image: {{ template "controller.image" . }}
|
||||
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
||||
{{- if .Values.controller.containerPorts }}
|
||||
ports: {{- include "common.tplvalues.render" (dict "value" .Values.controller.containerPorts "context" $) | nindent 12 }}
|
||||
@@ -87,7 +87,7 @@ spec:
|
||||
- mountPath: /etc/kubesphere/
|
||||
name: kubesphere-config
|
||||
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
||||
name: webhook-secret
|
||||
name: webhook-cert
|
||||
- mountPath: /etc/localtime
|
||||
name: host-time
|
||||
readOnly: true
|
||||
@@ -99,7 +99,7 @@ spec:
|
||||
configMap:
|
||||
name: kubesphere-config
|
||||
defaultMode: 420
|
||||
- name: webhook-secret
|
||||
- name: webhook-cert
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: ks-controller-manager-webhook-cert
|
||||
|
||||
@@ -39,15 +39,15 @@ data:
|
||||
hostClusterName: {{ include "multicluster.hostClusterName" . | include "validateHostClusterName" | quote }}
|
||||
kubeconfig:
|
||||
# service-account-token client-certificate oidc-token webhook-token
|
||||
authMode: {{ .Values.kubeconfig.authMode | default "client-certificate" }}
|
||||
authMode: {{ (.Values.kubeconfig).authMode | default "client-certificate" }}
|
||||
terminal:
|
||||
kubectl:
|
||||
image: {{ template "kubectl.image" . }}
|
||||
image: {{ include "kubectl.image" . | quote }}
|
||||
node:
|
||||
image: {{ template "nodeShell.image" . }}
|
||||
image: {{ include "nodeShell.image" . | quote }}
|
||||
uploadFileLimit: 100Mi
|
||||
helmExecutor:
|
||||
image: {{ template "helm.image" . }}
|
||||
image: {{ include "helm.image" . | quote }}
|
||||
timeout: {{ .Values.helmExecutor.timeout }}
|
||||
historyMax: {{ .Values.helmExecutor.historyMax }}
|
||||
jobTTLAfterFinished: {{ .Values.helmExecutor.jobTTLAfterFinished }}
|
||||
|
||||
@@ -13,7 +13,6 @@ stringData:
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: oauthclient-kubesphere
|
||||
namespace: kubesphere-system
|
||||
labels:
|
||||
config.kubesphere.io/type: oauthclient
|
||||
type: config.kubesphere.io/oauthclient
|
||||
|
||||
@@ -10,7 +10,6 @@ data:
|
||||
{{ (.Files.Glob "scripts/post-delete.sh").AsConfig | indent 2 }}
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
@@ -21,7 +20,6 @@ metadata:
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
||||
---
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
@@ -40,7 +38,6 @@ subjects:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
---
|
||||
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@@ -54,6 +51,9 @@ spec:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: "{{ .Release.Name }}-post-delete"
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: post-delete-job
|
||||
image: {{ template "kubectl.image" . }}
|
||||
|
||||
@@ -11,6 +11,9 @@ spec:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: post-patch-system-ns
|
||||
image: {{ template "kubectl.image" . }}
|
||||
|
||||
@@ -11,6 +11,9 @@ spec:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: post-patch-user
|
||||
image: {{ template "kubectl.image" . }}
|
||||
@@ -35,4 +38,3 @@ spec:
|
||||
echo "Updated user ${username} with annotation ${annotation_key}=${uid}"
|
||||
fi
|
||||
done
|
||||
resources: {{- toYaml .Values.upgrade.resources | nindent 12 }}
|
||||
|
||||
48
config/ks-core/templates/post-upgrade-job.yaml
Normal file
48
config/ks-core/templates/post-upgrade-job.yaml
Normal file
@@ -0,0 +1,48 @@
|
||||
{{- if .Values.upgrade.enabled }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-post-upgrade
|
||||
annotations:
|
||||
"helm.sh/hook": post-upgrade
|
||||
"helm.sh/hook-weight": "0"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: post-upgrade-job
|
||||
image: {{ template "upgrade.image" . }}
|
||||
imagePullPolicy: {{ .Values.upgrade.image.pullPolicy }}
|
||||
command:
|
||||
- ks-upgrade
|
||||
- post-upgrade
|
||||
- --logtostderr=true
|
||||
- --config=/etc/kubesphere/config.yaml
|
||||
{{- if .Values.upgrade.config }}
|
||||
- --config=/etc/kubesphere/config-patch.yaml
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if .Values.upgrade.config }}
|
||||
- mountPath: /etc/kubesphere/config-patch.yaml
|
||||
name: config
|
||||
subPath: config-patch.yaml
|
||||
{{- end }}
|
||||
- mountPath: /tmp/ks-upgrade
|
||||
name: data
|
||||
volumes:
|
||||
{{- if .Values.upgrade.config }}
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ .Release.Name }}-upgrade-config
|
||||
defaultMode: 420
|
||||
{{- end }}
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.upgrade.persistenceVolume.name }}
|
||||
{{- end }}
|
||||
83
config/ks-core/templates/pre-upgrade-job.yaml
Normal file
83
config/ks-core/templates/pre-upgrade-job.yaml
Normal file
@@ -0,0 +1,83 @@
|
||||
{{- if .Values.upgrade.enabled }}
|
||||
{{- if .Values.upgrade.config }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-upgrade-config
|
||||
annotations:
|
||||
"helm.sh/hook": pre-upgrade
|
||||
"helm.sh/hook-weight": "-1"
|
||||
data:
|
||||
config-patch.yaml: |
|
||||
{{- toYaml .Values.upgrade.config | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
{{- if not (lookup "v1" "PersistentVolumeClaim" .Release.Namespace .Values.upgrade.persistenceVolume.name) }}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ .Values.upgrade.persistenceVolume.name }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-upgrade
|
||||
"helm.sh/hook-weight": "-1"
|
||||
labels:
|
||||
app: ks-upgrade
|
||||
version: {{ .Chart.AppVersion }}
|
||||
spec:
|
||||
accessModes:
|
||||
- {{ .Values.upgrade.persistenceVolume.accessMode | quote }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.upgrade.persistenceVolume.size | quote }}
|
||||
storageClassName: {{ .Values.upgrade.persistenceVolume.storageClassName }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-pre-upgrade
|
||||
annotations:
|
||||
"helm.sh/hook": pre-upgrade
|
||||
"helm.sh/hook-weight": "0"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: pre-upgrade-job
|
||||
image: {{ template "upgrade.image" . }}
|
||||
imagePullPolicy: {{ .Values.upgrade.image.pullPolicy }}
|
||||
command:
|
||||
- ks-upgrade
|
||||
- pre-upgrade
|
||||
- --logtostderr=true
|
||||
- --config=/etc/kubesphere/config.yaml
|
||||
{{- if .Values.upgrade.config }}
|
||||
- --config=/etc/kubesphere/config-patch.yaml
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if .Values.upgrade.config }}
|
||||
- mountPath: /etc/kubesphere/config-patch.yaml
|
||||
name: config
|
||||
subPath: config-patch.yaml
|
||||
{{- end }}
|
||||
- mountPath: /tmp/ks-upgrade
|
||||
name: data
|
||||
volumes:
|
||||
{{- if .Values.upgrade.config }}
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ .Release.Name }}-upgrade-config
|
||||
defaultMode: 420
|
||||
{{- end }}
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.upgrade.persistenceVolume.name }}
|
||||
{{- end }}
|
||||
52
config/ks-core/templates/prepare-upgrade-job.yaml
Normal file
52
config/ks-core/templates/prepare-upgrade-job.yaml
Normal file
@@ -0,0 +1,52 @@
|
||||
{{- if .Values.upgrade.enabled }}
|
||||
{{- if .Values.upgrade.prepare }}
|
||||
{{- if .Values.upgrade.config }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ks-upgrade-prepare-config
|
||||
data:
|
||||
config-patch.yaml: |
|
||||
{{- toYaml .Values.upgrade.config | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: prepare-upgrade
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: prepare-upgrade-job
|
||||
image: {{ template "upgrade.image" . }}
|
||||
imagePullPolicy: {{ .Values.upgrade.image.pullPolicy }}
|
||||
command:
|
||||
- ks-upgrade
|
||||
- prepare-upgrade
|
||||
- --logtostderr=true
|
||||
- --config=/etc/kubesphere/config.yaml
|
||||
{{- if .Values.upgrade.config }}
|
||||
- --config=/etc/kubesphere/config-patch.yaml
|
||||
{{- end }}
|
||||
{{- if .Values.upgrade.config }}
|
||||
volumeMounts:
|
||||
- mountPath: /etc/kubesphere/config-patch.yaml
|
||||
name: config
|
||||
subPath: config-patch.yaml
|
||||
{{- end }}
|
||||
{{- if .Values.upgrade.config }}
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: ks-upgrade-prepare-config
|
||||
defaultMode: 420
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -3,7 +3,6 @@ apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "ks-core.serviceAccountName" . }}
|
||||
namespace: kubesphere-system
|
||||
labels:
|
||||
{{- include "ks-core.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
@@ -45,5 +44,5 @@ roleRef:
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ks-core.serviceAccountName" . }}
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,14 +1,10 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
kubernetes.io/created-by: kubesphere.io/ks-apiserver
|
||||
labels:
|
||||
app: ks-apiserver
|
||||
tier: backend
|
||||
version: {{ .Chart.AppVersion }}
|
||||
name: ks-apiserver
|
||||
namespace: kubesphere-system
|
||||
spec:
|
||||
ports:
|
||||
- protocol: TCP
|
||||
@@ -28,24 +24,20 @@ spec:
|
||||
{{- else }}
|
||||
app: ks-agent
|
||||
{{- end }}
|
||||
tier: backend
|
||||
# version: {{ .Chart.AppVersion }}
|
||||
{{- if .Values.apiserver.nodePort }}
|
||||
type: NodePort
|
||||
{{- else}}
|
||||
type: ClusterIP
|
||||
{{- end}}
|
||||
---
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: ks-controller-manager
|
||||
tier: backend
|
||||
version: {{ .Chart.AppVersion }}
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
@@ -57,7 +49,5 @@ spec:
|
||||
{{- else }}
|
||||
app: ks-agent
|
||||
{{- end }}
|
||||
tier: backend
|
||||
# version: {{ .Chart.AppVersion }}
|
||||
sessionAffinity: None
|
||||
type: ClusterIP
|
||||
|
||||
@@ -7,7 +7,6 @@ apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: ks-apiserver-tls-certs
|
||||
namespace: {{ .Release.Namespace }}
|
||||
type: Opaque
|
||||
data:
|
||||
ca.crt: {{ b64enc $ca.Cert }}
|
||||
@@ -22,7 +21,6 @@ apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: ks-console-tls-certs
|
||||
namespace: {{ .Release.Namespace }}
|
||||
type: Opaque
|
||||
data:
|
||||
ca.crt: {{ b64enc $ca.Cert }}
|
||||
@@ -37,7 +35,6 @@ apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.ingress.tls.secretName }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
type: Opaque
|
||||
data:
|
||||
ca.crt: {{ b64enc $ca.Cert }}
|
||||
|
||||
@@ -4,7 +4,6 @@ apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: ServersTransport
|
||||
metadata:
|
||||
name: ks-console-transport
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
serverName: ks-console
|
||||
insecureSkipVerify: false
|
||||
|
||||
@@ -19,7 +19,7 @@ type: Opaque
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: users.iam.kubesphere.io
|
||||
name: validator.user.iam.kubesphere.io
|
||||
webhooks:
|
||||
- admissionReviewVersions:
|
||||
- v1
|
||||
@@ -27,7 +27,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-iam-kubesphere-io-v1beta1-user
|
||||
port: 443
|
||||
failurePolicy: Ignore
|
||||
@@ -54,6 +54,45 @@ webhooks:
|
||||
sideEffects: None
|
||||
timeoutSeconds: 30
|
||||
|
||||
---
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
name: defaulter.user.iam.kubesphere.io
|
||||
webhooks:
|
||||
- admissionReviewVersions:
|
||||
- v1
|
||||
clientConfig:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /mutate-iam-kubesphere-io-v1beta1-user
|
||||
port: 443
|
||||
failurePolicy: Ignore
|
||||
matchPolicy: Exact
|
||||
name: users.iam.kubesphere.io
|
||||
namespaceSelector: {}
|
||||
objectSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/managed-by
|
||||
operator: NotIn
|
||||
values:
|
||||
- Helm
|
||||
rules:
|
||||
- apiGroups:
|
||||
- iam.kubesphere.io
|
||||
apiVersions:
|
||||
- v1beta1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- users
|
||||
scope: '*'
|
||||
sideEffects: None
|
||||
timeoutSeconds: 30
|
||||
|
||||
---
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: MutatingWebhookConfiguration
|
||||
@@ -66,7 +105,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /mutate-kubesphere-io-v1alpha1-installplan
|
||||
port: 443
|
||||
failurePolicy: Fail
|
||||
@@ -105,7 +144,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-kubesphere-io-v1alpha1-installplan
|
||||
port: 443
|
||||
failurePolicy: Fail
|
||||
@@ -145,7 +184,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-quota-kubesphere-io-v1alpha2
|
||||
port: 443
|
||||
failurePolicy: Ignore
|
||||
@@ -180,7 +219,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-extensions-kubesphere-io-v1alpha1-jsbundle
|
||||
port: 443
|
||||
failurePolicy: Fail
|
||||
@@ -208,7 +247,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-extensions-kubesphere-io-v1alpha1-apiservice
|
||||
port: 443
|
||||
failurePolicy: Fail
|
||||
@@ -235,7 +274,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-extensions-kubesphere-io-v1alpha1-reverseproxy
|
||||
port: 443
|
||||
failurePolicy: Fail
|
||||
@@ -262,7 +301,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-extensions-kubesphere-io-v1alpha1-extensionentry
|
||||
port: 443
|
||||
failurePolicy: Fail
|
||||
@@ -296,7 +335,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate--v1-secret
|
||||
port: 443
|
||||
failurePolicy: Ignore
|
||||
@@ -334,7 +373,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /mutate-extensions-kubesphere-io-v1alpha1-jsbundle
|
||||
port: 443
|
||||
failurePolicy: Fail
|
||||
@@ -358,7 +397,6 @@ webhooks:
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
@@ -370,7 +408,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /serviceaccount-pod-injector
|
||||
port: 443
|
||||
failurePolicy: Ignore
|
||||
@@ -403,7 +441,7 @@ webhooks:
|
||||
caBundle: {{ b64enc $ca.Cert | quote }}
|
||||
service:
|
||||
name: ks-controller-manager
|
||||
namespace: kubesphere-system
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /mutate--v1-secret
|
||||
port: 443
|
||||
failurePolicy: Ignore
|
||||
|
||||
@@ -4,6 +4,8 @@ global:
|
||||
imageRegistry: docker.io
|
||||
tag: v4.1.1
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
|
||||
## @param nameOverride String to partially override common.names.fullname
|
||||
##
|
||||
@@ -113,14 +115,6 @@ apiserver:
|
||||
tag: ""
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally, specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## e.g.:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## @param containerPorts [array] List of container ports to enable in the ks-apiserver container
|
||||
##
|
||||
containerPorts:
|
||||
@@ -166,14 +160,6 @@ console:
|
||||
tag: ""
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally, specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## e.g.:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
config:
|
||||
enableNodeListTerminal: true
|
||||
## @param containerPorts [array] List of container ports to enable in the ks-console container
|
||||
@@ -213,14 +199,6 @@ controller:
|
||||
tag: ""
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally, specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## e.g.:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## @param containerPorts [array] List of container ports to enable in the ks-controller-manager container
|
||||
##
|
||||
containerPorts:
|
||||
@@ -348,14 +326,34 @@ extension:
|
||||
httpPort: 80
|
||||
httpsPort: 443
|
||||
|
||||
hook:
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: 1024Mi
|
||||
requests:
|
||||
cpu: 20m
|
||||
memory: 100Mi
|
||||
upgrade:
|
||||
enabled: false
|
||||
image:
|
||||
registry: ""
|
||||
repository: kubesphere/ks-upgrade
|
||||
tag: ""
|
||||
pullPolicy: IfNotPresent
|
||||
persistenceVolume:
|
||||
name: ks-upgrade
|
||||
storageClassName: ""
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
config: {}
|
||||
# storage:
|
||||
# local:
|
||||
# path: /tmp/ks-upgrade
|
||||
# download:
|
||||
# globalRegistryUrl: "https://extensions-museum.kubesphere-system.svc/charts"
|
||||
# file: {}
|
||||
# http:
|
||||
# timeout: 20
|
||||
# oci: {}
|
||||
# skipValidator: false
|
||||
# jobs:
|
||||
# core:
|
||||
# disabled: false
|
||||
# priority: 10000
|
||||
|
||||
|
||||
ha:
|
||||
enabled: false
|
||||
@@ -453,4 +451,4 @@ ksExtensionRepository:
|
||||
registry: ""
|
||||
repository: kubesphere/ks-extensions-museum
|
||||
tag: "latest"
|
||||
pullPolicy: Always
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
Reference in New Issue
Block a user