diff --git a/config/ks-core/templates/ks-apiserver.yml b/config/ks-core/templates/ks-apiserver.yml index 77e9691bc..59a6d2773 100644 --- a/config/ks-core/templates/ks-apiserver.yml +++ b/config/ks-core/templates/ks-apiserver.yml @@ -103,8 +103,15 @@ spec: - port: 80 protocol: TCP targetPort: 9090 + {{- with .Values.apiserver.nodePort }} + nodePort: + {{- toYaml . | nindent 6 }} + {{- end }} selector: app: ks-apiserver tier: backend - # version: {{ .Chart.AppVersion }} +{{- if .Values.apiserver.nodePort }} + type: NodePort +{{- else}} type: ClusterIP +{{- end}} diff --git a/config/ks-core/templates/ks-console.yml b/config/ks-core/templates/ks-console.yml index f107a1b5b..8cc1a89f0 100644 --- a/config/ks-core/templates/ks-console.yml +++ b/config/ks-core/templates/ks-console.yml @@ -98,11 +98,15 @@ spec: port: 80 protocol: TCP targetPort: 8000 - {{- with .Values.console.port }} + {{- with .Values.console.nodePort }} nodePort: {{- toYaml . | nindent 6 }} {{- end }} selector: app: ks-console tier: frontend - type: {{ .Values.console.type }} \ No newline at end of file +{{- if .Values.console.nodePort }} + type: NodePort +{{- else}} + type: ClusterIP +{{- end}} \ No newline at end of file diff --git a/config/ks-core/templates/ks-controller-manager.yaml b/config/ks-core/templates/ks-controller-manager.yaml index 2469d446b..eebeb8ccc 100644 --- a/config/ks-core/templates/ks-controller-manager.yaml +++ b/config/ks-core/templates/ks-controller-manager.yaml @@ -35,6 +35,7 @@ spec: - controller-manager - --logtostderr=true - --leader-elect=true + - --controllers=user,workspacetemplate,workspace,workspacerole,workspacerolebinding,namespace image: {{ .Values.image.ks_controller_manager_repo }}:{{ .Values.image.ks_controller_manager_tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.image.pullPolicy }} name: ks-controller-manager diff --git a/config/ks-core/templates/kubesphere-controls-system.yaml b/config/ks-core/templates/kubesphere-controls-system.yaml deleted file mode 100644 index e5a17ac72..000000000 --- a/config/ks-core/templates/kubesphere-controls-system.yaml +++ /dev/null @@ -1,243 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:kubesphere-router-clusterrole - annotations: - kubernetes.io/created-by: kubesphere.io/ks-router -rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch - - get - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - "extensions" - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - "extensions" - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - "networking.k8s.io" - resources: - - ingresses/status - verbs: - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: system:kubesphere-router-role - namespace: kubesphere-controls-system - annotations: - kubernetes.io/created-by: kubesphere.io/ks-router -rules: - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - # Defaults to "-" - # Here: "-" - # This has to be adapted if you change either parameter - # when launching the nginx-ingress-controller. - - "ingress-controller-leader-nginx" - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubesphere-router-serviceaccount - namespace: kubesphere-controls-system - annotations: - kubernetes.io/created-by: kubesphere.io/ks-router ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:nginx-ingress-clusterrole-nisa-binding - annotations: - kubernetes.io/created-by: kubesphere.io/ks-router -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:kubesphere-router-clusterrole -subjects: - - kind: ServiceAccount - name: kubesphere-router-serviceaccount - namespace: kubesphere-controls-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: nginx-ingress-role-nisa-binding - namespace: kubesphere-controls-system - annotations: - kubernetes.io/created-by: kubesphere.io/ks-router -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system:kubesphere-router-role -subjects: - - kind: ServiceAccount - name: kubesphere-router-serviceaccount - namespace: kubesphere-controls-system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: default-http-backend - namespace: kubesphere-controls-system - labels: - app: kubesphere - component: kubesphere-router - version: express-1.0.alpha - annotations: - kubernetes.io/created-by: kubesphere.io/ks-router -spec: - replicas: 1 - selector: - matchLabels: - app: kubesphere - component: kubesphere-router - template: - metadata: - labels: - app: kubesphere - component: kubesphere-router - spec: - terminationGracePeriodSeconds: 60 - containers: - - name: default-http-backend - # Any image is permissible as long as: - # 1. It serves a 404 page at / - # 2. It serves 200 on a /healthz endpoint - image: {{ .Values.image.defaultbackend_repo }}:{{ .Values.image.defaultbackend_tag | default "latest" }} - livenessProbe: - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 5 - ports: - - containerPort: 8080 - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi ---- -apiVersion: v1 -kind: Service -metadata: - name: default-http-backend - namespace: kubesphere-controls-system - labels: - app: kubesphere - component: kubesphere-router - annotations: - kubernetes.io/created-by: kubesphere.io/ks-router -spec: - ports: - - port: 80 - targetPort: 8080 - selector: - app: kubesphere - component: kubesphere-router - ---- -# create a seviceaccount for kubectl pod -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubesphere-cluster-admin - namespace: kubesphere-controls-system - annotations: - kubernetes.io/created-by: kubesphere.io/kubectl ---- -# bind kubesphere-cluster-admin sa to clusterrole cluster-admin -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:kubesphere-cluster-admin - annotations: - kubernetes.io/created-by: kubesphere.io/kubectl -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: kubesphere-cluster-admin - namespace: kubesphere-controls-system diff --git a/config/ks-core/templates/role-templates.yaml b/config/ks-core/templates/role-templates.yaml index cd06bb1c5..8e37f706d 100644 --- a/config/ks-core/templates/role-templates.yaml +++ b/config/ks-core/templates/role-templates.yaml @@ -18,6 +18,26 @@ rules: verbs: - '*' +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRole +metadata: + name: anonymous +rules: [] + +--- +apiVersion: iam.kubesphere.io/v1alpha2 +kind: GlobalRoleBinding +metadata: + name: anonymous +roleRef: + apiGroup: iam.kubesphere.io/v1alpha2 + kind: GlobalRole + name: anonymous +subjects: + - apiGroup: iam.kubesphere.io/v1alpha2 + kind: Group + name: system:unauthenticated --- apiVersion: iam.kubesphere.io/v1alpha2 diff --git a/config/ks-core/values.yaml b/config/ks-core/values.yaml index cbc1f3286..c4fd7dc4e 100644 --- a/config/ks-core/values.yaml +++ b/config/ks-core/values.yaml @@ -17,8 +17,6 @@ image: nginx_ingress_controller_repo: kubesphere/nginx-ingress-controller nginx_ingress_controller_tag: "v1.1.0" - defaultbackend_repo: "mirrorgooglecontainers/defaultbackend-amd64" - defaultbackend_tag: "1.4" bookinfo_productpage_v1_repo: kubesphere/examples-bookinfo-productpage-v1 bookinfo_productpage_v1_tag: "1.16.2" @@ -122,8 +120,7 @@ apiserver: # emptyDir: {} console: - port: 30880 - type: NodePort + nodePort: 30880 defaultClusterName: "default" resources: limits: