Merge pull request #3806 from yunkunrao/master

Fix metering chart display error when switched into network flows consumption.
Merge pull request #3799 from LinuxSuRen/clean-up-devops-roadmap
2021-04-26 10:09:03 +08:00 · 2021-04-26 10:00:04 +08:00 · 2021-04-25 15:07:39 +08:00 · 2021-04-23 22:15:37 +08:00 · 2021-04-23 22:14:46 +08:00 · 2021-04-23 17:02:02 +08:00
5162 changed files with 646981 additions and 251596 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +1,3 @@
-tmp/
-.github
+# exclude all files and folders except bin folder
+**
+!bin
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -3,16 +3,16 @@ name: Bug report
 about: Create a report to help us improve
 ---

-## English only!
+<!--
+You don't need to remove this comment section, it's invisible on the issues page.

-**注意！GitHub Issue 仅支持英文，中文 Issue 请在 [论坛](https://kubesphere.com.cn/forum/) 提交。**
+## General remarks

-**General remarks**
-
-> Please delete this section including header before submitting
->
-> This form is to report bugs. For general usage questions refer to our Slack channel
->        [KubeSphere-users](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTdkNTc3OTdmNzdiODViZjViNTU5ZDY3M2I2MzY4MTI4OGZlOTJmMDg5ZTFiMDAwYzNlZDY5NjA0NzZlNDU5NmY)
+* Attention, please fill out this issues form using English only!
+* 注意！GitHub Issue 仅支持英文，中文 Issue 请在 [论坛](https://kubesphere.com.cn/forum/) 提交。
+* This form is to report bugs. For general usage questions you can join our Slack channel
+       [KubeSphere-users](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE)
+-->

 **Describe the Bug**
 A clear and concise description of what the bug is.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,69 @@
+---
+name: Feature Request
+about: Have a good idea? Please don't hesitate to write it down, describe the new feature.
+---
+
+<!--
+You don't need to remove this comment section, it's invisible on the issues page.
+
+## General remarks
+
+* Attention, please fill out this issues form using English only!
+* 注意！GitHub Issue 仅支持英文，中文 Issue 请在 [论坛](https://kubesphere.com.cn/forum/) 提交。
+* This form is to report bugs. For general usage questions, you can join our Slack channel
+       [KubeSphere-users](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE)
+-->
+
+**What's it about?**
+<!--
+A clear and concise description of what this feature request is.
+-->
+
+**What's the reason why we need it?**
+<!--
+Please tell us if you think it's a necessary feature for Kubesphere. Give us as many details about it as you can. 
+Two or more use cases might be very helpful when other contributors try to go through this request. If you have some references,
+please just add it below.
+-->
+
+I believe this is an important feature for Kubesphere. There're a few use cases:
+
+* case one
+* case two
+* ...
+
+Please leave your comments below if there's anyone agrees with me. Or just give me a thumb up.
+
+**Area Suggestion**
+<!--
+In order to have a clear issue list, giving an accuracy area is necessary. If you are not sure about it, please just leave it alone.
+
+You can find some possible areas below. Please attention, sometimes crossing multiple areas might be possible. So, you 
+can keep one or more areas in this issue.
+
+> /area alerting
+> /area api
+> /area apiserver
+> /area app-management
+> /area audit
+> /area console
+> /area devops
+> /area documentation
+> /area edge
+> /area iam
+> /area installation
+> /area logging
+> /area microservice
+> /area monitoring
+> /area multicluster
+> /area networking
+> /area notification
+> /area observability
+> /area performance
+> /area security
+> /area storage
+> /area test
+> /area upgrade
+-->
+
+/kind feature-request
--- a/.github/ISSUE_TEMPLATE/installation_failure.md
+++ b/.github/ISSUE_TEMPLATE/installation_failure.md
@@ -7,6 +7,13 @@ about: Create an issue to help us improve installation

 **注意！GitHub Issue 仅支持英文，中文 Issue 请在 [论坛](https://kubesphere.com.cn/forum/) 提交。**

+**General remarks**
+
+> Please delete this section including header before submitting
+>
+> This form is to report installation issues. For general usage questions you can refer to [KubeSphere Documentation](https://kubesphere.io/docs) or join our Slack channel
+>        [KubeSphere-users](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE)
+
 **What's your question**


@@ -20,4 +27,4 @@ about: Create an issue to help us improve installation

 **Installer Version**

-> e.g. v2.1.0, v2.1.1
+> e.g. v2.1.0, v2.1.1, v3.0.0
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,6 +10,7 @@ on:
  pull_request:
    branches:
      - 'master'
+      - 'release*'

 jobs:
  build:
@@ -18,19 +19,23 @@ jobs:
    env:
      GO111MODULE: on
    steps:
-
      - name: Set up Go 1.13
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v2
        with:
          go-version: 1.13
        id: go

      - name: Check out code into the Go module directory
        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0

      - name: Check pr is properly formatted
        run: diff -u <(echo -n) <(gofmt -d ./pkg ./cmd ./tools ./test)

+      - name: Verify goimports
+        run: go get -u golang.org/x/tools/cmd/goimports && bash hack/verify-goimports.sh
+
      - name: Downloading go dependencies
        run: go mod vendor

@@ -62,4 +67,6 @@ jobs:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
        if: github.event_name == 'push'
-        run: bash hack/docker_build.sh ${{ steps.extract_branch.outputs.branch }}
+        run: |
+          echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+          bash hack/docker_build.sh ${{ steps.extract_branch.outputs.branch }}
--- a/.github/workflows/e2e-test.yml
+++ b/.github/workflows/e2e-test.yml
@@ -0,0 +1,37 @@
+name: e2e
+
+on:
+  schedule:
+    # run e2e test every 4 hours
+    - cron: 0 */4 * * *
+  workflow_dispatch:
+jobs:
+  build:
+    name: Test
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+
+      - name: Set up Go 1.13
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.13
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Downloading go dependencies
+        run: go mod vendor
+
+      - name: Create kind cluster
+        uses: helm/kind-action@v1.0.0-rc.1
+        with:
+          config: .github/workflows/kind/kind.yaml
+
+      - name: Deploy KubeSphere to Kind
+        run: KIND_CLUSTER_NAME=chart-testing hack/deploy-kubesphere.sh
+
+      - name: Run e2e testing
+        run: go test ./test/e2e
--- a/.github/workflows/kind/kind.yaml
+++ b/.github/workflows/kind/kind.yaml
@@ -0,0 +1,11 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  image: kindest/node:v1.19.7
+  extraMounts:
+  - hostPath: /etc/localtime
+    containerPath: /etc/localtime
+  extraPortMappings:
+  - containerPort: 30881
+    hostPort: 9090
--- a/.github/workflows/nightly-builds.yml
+++ b/.github/workflows/nightly-builds.yml
@@ -0,0 +1,68 @@
+name: NightlyBuild
+
+on:
+  schedule:
+    # This is a UTC time
+    - cron: "0 16 * * *"
+  # Keep it only for test purpose, comment it once everything is ok
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+
+      - name: Set up Go 1.13
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.13
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Downloading go dependencies
+        run: go mod vendor
+
+      - name: Install kubebuilder
+        run: bash hack/install_kubebuilder.sh
+
+      - name: Build
+        run: make all
+
+      - name: Make OpenAPI Spec
+        run: make openapi
+
+      - name: Build and push docker images
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        run: |
+          echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+          bash hack/docker_build.sh master
+
+          if [[ $? == 0 ]]; then
+            tag=nightly-$(date '+%Y%m%d')
+
+            docker tag kubespheredev/ks-apiserver kubespheredev/ks-apiserver:${tag}
+            docker tag kubespheredev/ks-controller-manager kubespheredev/ks-controller-manager:${tag}
+
+            docker push kubespheredev/ks-apiserver:${tag}
+            docker push kubespheredev/ks-controller-manager:${tag}
+          else
+            exit -1
+          fi
+
+      - name: slack
+        uses: 8398a7/action-slack@v3
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        with:
+          status: ${{ job.status }}
+          fields: repo,message,commit,author,action,eventName,ref,workflow,job,took
+        if: always()
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,7 @@ bin/

 # Vscode files
 .vscode/
+__debug_bin

 # OSX trash
 .DS_Store
@@ -30,4 +31,4 @@ coverage.txt
 kustomize/network/etcd
 apiserver.local.config
 tmp/
-
+kubesphere.yaml
--- a/26
+++ b/26
@@ -34,22 +34,29 @@ define ALL_HELP_INFO
 #           debugging tools like delve.
 endef
 .PHONY: all
-all: test ks-apiserver controller-manager
+all: test ks-apiserver ks-controller-manager

 # Build ks-apiserver binary
 ks-apiserver: fmt vet
 	hack/gobuild.sh cmd/ks-apiserver

-# Build controller-manager binary
-controller-manager: fmt vet
+# Build ks-controller-manager binary
+ks-controller-manager: fmt vet
 	hack/gobuild.sh cmd/controller-manager

+# Build e2e binary
+e2e: fmt vet
+	hack/build_e2e.sh test/e2e
+
 # Run go fmt against code 
-fmt: generate
+fmt:
 	gofmt -w ./pkg ./cmd ./tools ./api

+goimports:
+	@hack/update-goimports.sh
+
 # Run go vet against code
-vet: generate
+vet:
 	go vet ./pkg/... ./cmd/...

 # Generate manifests e.g. CRD, RBAC etc.
@@ -60,11 +67,6 @@ deploy: manifests
 	kubectl apply -f config/crds
 	kustomize build config/default | kubectl apply -f -

-# generate will generate crds' deepcopy & go openapi structs
-# Futher more about go:genreate . https://blog.golang.org/generate
-generate:
-	go generate ./pkg/... ./cmd/...
-
 mockgen:
 	mockgen -package=openpitrix -source=pkg/simple/client/openpitrix/openpitrix.go -destination=pkg/simple/client/openpitrix/mock.go

@@ -84,10 +86,12 @@ openapi:
 # Build the docker image
 docker-build: all
 	hack/docker_build.sh
+docker-build-no-test: ks-apiserver ks-controller-manager
+	hack/docker_build.sh

 # Run tests
 test: fmt vet
-	export KUBEBUILDER_CONTROLPLANE_START_TIMEOUT=1m; go test ./pkg/... ./cmd/... -covermode=atomic -coverprofile=coverage.txt
+	export KUBEBUILDER_CONTROLPLANE_START_TIMEOUT=2m; go test ./pkg/... ./cmd/... -covermode=atomic -coverprofile=coverage.txt

 .PHONY: clean
 clean:
--- a/2
+++ b/2
@@ -19,3 +19,5 @@ reviewers:
    - zheng1
    - soulseen
    - shaowenchen
+    - stoneshi-yunify
+    - linuxsuren
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 [![License](http://img.shields.io/badge/license-apache%20v2-blue.svg)](https://github.com/KubeSphere/KubeSphere/blob/master/LICENSE)
 [![Build Status](https://travis-ci.org/kubesphere/kubesphere.svg?branch=master)](https://travis-ci.org/kubesphere/kubesphere)
 [![Go Report Card](https://goreportcard.com/badge/github.com/kubesphere/kubesphere)](https://goreportcard.com/report/github.com/kubesphere/kubesphere)
-[![KubeSphere release](https://img.shields.io/github/release/kubesphere/kubesphere.svg?color=release&label=release&logo=release&logoColor=release)](https://github.com/kubesphere/kubesphere/releases/tag/v2.1.1)
+[![KubeSphere release](https://img.shields.io/github/release/kubesphere/kubesphere.svg?color=release&label=release&logo=release&logoColor=release)](https://github.com/kubesphere/kubesphere/releases/tag/v3.0.0)

 ![logo](docs/images/kubesphere-logo.png)

@@ -51,112 +51,65 @@ KubeSphere uses a loosely-coupled architecture that separates the [frontend](htt
 |Feature|Description|
 |---|---|
 | Provisioning Kubernetes Cluster|Support deploy Kubernetes on your infrastructure out of box, including online and air gapped installation|
+| Multi-cluster Management | Provide a centralized control plane to manage multiple Kubernetes Clusters, support application distribution across multiple clusters and cloud providers|
 | Kubernetes Resource Management | Provide web console for creating and managing Kubernetes resources, with powerful observability including monitoring, logging, events, alerting and notification |
 | DevOps System | Provide out-of-box CI/CD based on Jenkins, and offers automated workflow tools including binary-to-image (B2I) and source-to-image (S2I) |
 | Application Store | Provide application store for Helm-based applications, and offers application lifecycle management |
 | Service Mesh (Istio-based) | Provide fine-grained traffic management, observability and tracing for distributed microservice applications, provides visualization for traffic topology |
-| Rich Observability | Provide multi-dimensional monitoring metrics, and provides multi-tenant log query and collection, support alerting and notification for both application and infrastructure |
+| Rich Observability | Provide multi-dimensional monitoring metrics, and provides multi-tenant logging, events and [auditing](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) management, support alerting and notification for both application and infrastructure |
 | Multi-tenant Management | Provide unified authentication with fine-grained roles and three-tier authorization system, supports AD/LDAP authentication |
 | Infrastructure Management | Support node management and monitoring, and supports adding new nodes for Kubernetes cluster |
-| Storage Support | Support GlusterFS, CephRBD, NFS, Local (default) etc. open source storage solutions, provide CSI plugins to consume storage from cloud providers |
-| Network Support | Support Calico, Flannel, etc. open source network solutions, provides load balancer plug-in [Porter](https://github.com/kubesphere/porter) for Kubernetes installed on physical machines |
+| Storage Support | Support GlusterFS, CephRBD, NFS, LocalPV (default), etc. open source storage solutions, provides CSI plugins to consume storage from cloud providers |
+| Network Support | Support Calico, Flannel, etc., provides [Network Policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) management, and load balancer plug-in [Porter](https://github.com/kubesphere/porter) for bare metal.|
 | GPU Support | Support add GPU node, support vGPU, enables running ML applications on Kubernetes, e.g. TensorFlow |

-Please See the [Feature and Benefits](https://kubesphere.io/docs/introduction/features/) for further information.
+Please see the [Feature and Benefits](https://kubesphere.io/docs/introduction/features/) for further information.

 ----

 ## Latest Release

-KubeSphere 2.1.1 was released on **February 23rd, 2020**. See the [Release Notes For 2.1.1](https://kubesphere.io/docs/release/release-v211/) for the updates.
+KubeSphere 3.0.0 is now generally available! See the [Release Notes For 3.0.0](https://kubesphere.io/docs/release/release-v300/) for the updates.

 ## Installation

 KubeSphere can run anywhere from on-premise datacenter to any cloud to edge. In addition, it can be deployed on any version-compatible running Kubernetes cluster.

-### Deploy on Existing Kubernetes Cluster
+### QuickStarts

-#### Prerequisites
+[Quickstarts](https://kubesphere.io/docs/quick-start/) include six hands-on lab exercises that help you quickly get started with KubeSphere.

- `Kubernetes version`： `1.15.x, 1.16.x, 1.17.x`
- `2.10.0 ≤ Helm Version ＜ 3.0.0` excluding 2.16.0 because of [#6894](https://github.com/helm/helm/issues/6894). Please see [Install and Configure Helm in Kubernetes](https://devopscube.com/install-configure-helm-kubernetes/). Helm v3 will be supported in KubeSphere 3.0.0.
- An existing Storage Class in your Kubernetes cluster, use `kubectl get sc` to verify it
- The CSR signing feature is activated in kube-apiserver, see [RKE installation issue](https://github.com/kubesphere/kubesphere/issues/1925#issuecomment-591698309).
+### Installing on Existing Kubernetes Cluster

-Install KubeSphere using kubectl.
+- [Installing KubeSphere on Amazon EKS](https://v3-0.docs.kubesphere.io/docs/installing-on-kubernetes/hosted-kubernetes/install-kubesphere-on-eks/)
+- [Installing KubeSphere on Azure AKS](https://v3-0.docs.kubesphere.io/docs/installing-on-kubernetes/hosted-kubernetes/install-kubesphere-on-aks/)
+- [Installing KubeSphere on Google GKE](https://v3-0.docs.kubesphere.io/docs/installing-on-kubernetes/hosted-kubernetes/install-kubesphere-on-gke/)
+- [Installing KubeSphere on DigitalOcean Kubernetes](https://v3-0.docs.kubesphere.io/docs/installing-on-kubernetes/hosted-kubernetes/install-kubesphere-on-do/)
+- [Installing KubeSphere on Oracle OKE](https://v3-0.docs.kubesphere.io/docs/installing-on-kubernetes/hosted-kubernetes/install-kubesphere-on-oke/)
+- [Installing KubeSphere on Tencent TKE](https://v3-0.docs.kubesphere.io/docs/installing-on-kubernetes/hosted-kubernetes/install-ks-on-tencent-tke/)
+- [Installing KubeSphere on Huaweicloud CCE](https://v3-0.docs.kubesphere.io/docs/installing-on-kubernetes/hosted-kubernetes/install-ks-on-huawei-cce/)

- If there are 1 Core and 2 GB RAM available in your cluster, use the command below to set up a default minimal installation only. You can enable other components after installation if more resource added in later on. See [Pluggable Components Installation](https://kubesphere.io/docs/installation/pluggable-components/) for detailed information.
+### Installing on Linux

-```bash
-kubectl apply -f https://raw.githubusercontent.com/kubesphere/ks-installer/master/kubesphere-minimal.yaml
-```
-
- If there are 8 Cores and 16 GB RAM available in your cluster, use the command below to install a complete KubeSphere, i.e. with all components enabled:
-
-```bash
-kubectl apply -f https://raw.githubusercontent.com/kubesphere/ks-installer/master/kubesphere-complete-setup.yaml
-```
-
-Wait the installation logs using the following command till showing `"Successful"`, then you can log in the console using the default username and password.
-
-```bash
-kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
-```
-
-### Deploy on Linux
-
-KubeSphere Installer can help you to install KubeSphere and Kubernetes on your linux machines. It provides [All-in-One](https://kubesphere.io/docs/installation/all-in-one/) and [Multi-Node](https://kubesphere.io/docs/installation/multi-node/) installation options.
-
-#### Minimum Requirements
-
- Operating Systems
-  - CentOS 7.4~7.7 (64 bit)
-  - Ubuntu 16.04/18.04 LTS (64 bit)
-  - Red Hat Enterprise Linux Server 7.4 (64 bit)
-  - Debian Stretch 9.5 (64 bit)
- Hardware
-  - CPU：2 Cores,  Memory：4 GB, Disk Space：100 GB
-
-> Note:  Please disable the firewall, or ensure your firewall meets the [port requirements](https://kubesphere.io/docs/installation/port-firewall/).
-
-#### All-in-One (QuickStart)
-
-```bash
-curl -L https://kubesphere.io/download/stable/latest > installer.tar.gz \
-&& tar -zxf installer.tar.gz && cd kubesphere-all-v2.1.1/scripts
-$ ./install.sh
-```
-
-Choose `"1) All-in-one"` to start the default minimal installation.
-
-You can enable other components after installation, see [Pluggable Components Installation](https://kubesphere.io/docs/installation/pluggable-components/).
-
-## To start using KubeSphere
-
- KubeSphere Documentation ([En](https://kubesphere.io/docs/)/[中](https://kubesphere.io/docs/zh-CN/)）
- [API Documentation](https://kubesphere.io/docs/api-reference/api-docs/)
+- [Installing KubeSphere on Azure VM](https://v3-0.docs.kubesphere.io/docs/installing-on-linux/public-cloud/install-ks-on-azure-vms/)
+- [Installing KubeSphere on VMware vSphere](https://v3-0.docs.kubesphere.io/docs/installing-on-linux/on-premises/install-kubesphere-on-vmware-vsphere/)
+- [Installing KubeSphere on QingCloud Instance](https://v3-0.docs.kubesphere.io/docs/installing-on-linux/public-cloud/kubesphere-on-qingcloud-instance/)
+- [Installing on Alibaba Cloud ECS](https://v3-0.docs.kubesphere.io/docs/installing-on-linux/public-cloud/install-kubesphere-on-ali-ecs/)
+- [Installing on Huaweicloud VM](https://v3-0.docs.kubesphere.io/docs/installing-on-linux/public-cloud/install-ks-on-huaweicloud-ecs/)

 ## Contributing, Support, Discussion, and Community

-This [community](https://github.com/kubesphere/community) walks you through how to get started contributing KubeSphere. The [development guide](https://github.com/kubesphere/community/tree/master/developer-guide/development) explains how to set up development environment.
+We :heart: your contribution. The [community](https://github.com/kubesphere/community) walks you through how to get started contributing KubeSphere. The [development guide](https://github.com/kubesphere/community/tree/master/developer-guide/development) explains how to set up development environment.

-If you need any help with KubeSphere, please join us at [Slack Channel](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE).
-
-We also communicate through [Google Group](https://groups.google.com/forum/#!forum/kubesphere).
+- [Slack Channel](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE)
+- [Youtube](https://www.youtube.com/channel/UCyTdUQUYjf7XLjxECx63Hpw)
+- [Follow us on Twitter](https://twitter.com/KubeSphere)

 Please submit any KubeSphere bugs, issues, and feature requests to [KubeSphere GitHub Issue](https://github.com/kubesphere/kubesphere/issues).

 ## Who are using KubeSphere

-The [Powered by KubeSphere](https://kubesphere.io/case/) page includes the user list of the project. You can submit your institution name and homepage if you are using KubeSphere.
-
-## RoadMap
-
-Currently, KubeSphere has released the following 5 major editions. The future releases include multicluster, big data, AI, SDN, etc. See [Plans for 2.1.1 and 3.0.0](https://github.com/kubesphere/kubesphere/issues/1368) for more details.
-
-**Express Edition** => **v1.0.x** => **v2.0.x**  => **v2.1.0** => **v2.1.1** => **v3.0.0**
-
-![Roadmap](https://pek3b.qingstor.com/kubesphere-docs/png/20190926000413.png)
+The [user case studies](https://kubesphere.io/case/) page includes the user list of the project. You can [submit a PR](https://github.com/kubesphere/kubesphere/blob/master/docs/powered-by-kubesphere.md) to add your institution name and homepage if you are using KubeSphere.

 ## Landscapes

--- a/README_zh.md
+++ b/README_zh.md
@@ -2,7 +2,7 @@

 [![License](http://img.shields.io/badge/license-apache%20v2-blue.svg)](https://github.com/KubeSphere/KubeSphere/blob/master/LICENSE)
 [![Build Status](https://travis-ci.org/kubesphere/kubesphere.svg?branch=master)](https://travis-ci.org/kubesphere/kubesphere)
-[![KubeSphere release](https://img.shields.io/github/release/kubesphere/kubesphere.svg?color=release&label=release&logo=release&logoColor=release)](https://github.com/kubesphere/kubesphere/releases/tag/v2.1.1)
+[![KubeSphere release](https://img.shields.io/github/release/kubesphere/kubesphere.svg?color=release&label=release&logo=release&logoColor=release)](https://github.com/kubesphere/kubesphere/releases/tag/v3.0.0)

 ![logo](docs/images/kubesphere-logo.png)

@@ -12,9 +12,9 @@

 > [English](README.md) | 中文

-[KubeSphere](https://kubesphere.com.cn) 是在 [Kubernetes](https://kubernetes.io) 之上构建的以**应用为中心的**多租户容器平台，提供全栈的 IT 自动化运维的能力，简化企业的 DevOps 工作流。KubeSphere 提供了运维友好的向导式操作界面，帮助企业快速构建一个强大和功能丰富的容器云平台。KubeSphere 愿景是打造一个基于 Kubernetes 的云原生分布式操作系统，它的架构可以很方便地与云原生生态进行即插即用（plug-and-play）的集成。
+[KubeSphere](https://kubesphere.com.cn) 是在 [Kubernetes](https://kubernetes.io) 之上构建的面向云原生应用的 **容器混合云**，支持多云与多集群管理，提供全栈的 IT 自动化运维的能力，简化企业的 DevOps 工作流。KubeSphere 提供了运维友好的向导式操作界面，帮助企业快速构建一个强大和功能丰富的容器云平台。KubeSphere 愿景是打造一个基于 Kubernetes 的云原生分布式操作系统，它的架构可以很方便地与云原生生态进行即插即用（plug-and-play）的集成。

-KubeSphere 目前最新的版本为 2.1.1，所有版本 100% 开源，关于 KubeSphere 更详细的介绍与说明请参阅 [什么是 KubeSphere](https://kubesphere.com.cn/docs/zh-CN/introduction/what-is-kubesphere/)。
+KubeSphere 目前最新的版本为 3.0.0，所有版本 100% 开源，关于 KubeSphere 更详细的介绍与说明请参阅 [什么是 KubeSphere](https://kubesphere.com.cn/docs/introduction/what-is-kubesphere/)。

 <table>
  <tr>
@@ -49,16 +49,17 @@ KubeSphere 采用了前后端分离的架构设计，后端的各个功能组件

 |功能 |介绍 |
 | --- | ---|
+|多云与多集群管理|提供多云与多集群的中央管理面板，支持集群导入，支持应用在多云与多集群一键分发|
 | Kubernetes 集群搭建与运维 | 支持在线 & 离线安装、升级与扩容 K8s 集群，支持安装 “云原生全家桶” |
 | Kubernetes 资源可视化管理 | 可视化纳管原生 Kubernetes 资源，支持向导式创建与管理 K8s 资源 |
 | 基于 Jenkins 的 DevOps 系统 | 支持图形化与脚本两种方式构建 CI/CD 流水线，内置 Source to Image（S2I）和 Binary to Image（B2I）等 CD 工具 |
-| 应用商店与应用生命周期管理 | 提供应用商店，内置 Redis、MySQL 等九个常用应用，支持应用的生命周期管理 |
+| 应用商店与应用生命周期管理 | 提供应用商店，内置 Redis、MySQL 等 15 个常用应用，支持应用的生命周期管理 |
 | 基于 Istio 的微服务治理 (Service Mesh) | 提供可视化无代码侵入的 **灰度发布、熔断、流量治理与流量拓扑、分布式 Tracing** |
 | 多租户管理 | 提供基于角色的细粒度多租户统一认证，支持 **对接企业 LDAP/AD**，提供多层级的权限管理 |
 | 丰富的可观察性功能 | 提供集群/工作负载/Pod/容器等多维度的监控，提供基于多租户的日志查询与日志收集，支持节点与应用层级的告警与通知 |
 |基础设施管理|支持 Kubernetes 节点管理，支持节点扩容与集群升级，提供基于节点的多项监控指标与告警规则 |
-| 存储管理 | 支持对接 Ceph、GlusterFS、NFS、Local PV，支持可视化管理 PVC、PV、StorageClass，提供 CSI 插件对接云平台存储 |
-| 网络管理 | 支持 Calico、Flannel，提供 Porter LB 插件用于暴露物理环境 K8s 集群的 LoadBalancer 服务 |
+| 存储管理 | 支持对接 Ceph、GlusterFS、NFS、Local PV，支持可视化运维管理 PVC、StorageClass，提供 CSI 插件对接云平台存储 |
+| 网络管理 | 提供租户网络隔离与 K8s [Network Policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) 管理，支持 Calico、Flannel，提供 [Porter LB](https://github.com/kubesphere/porter) 用于暴露物理环境 K8s 集群的 LoadBalancer 服务 |
 | GPU support | 集群支持添加 GPU 与 vGPU，可运行 TensorFlow 等 ML 框架 |

 以上功能说明详见 [产品功能](https://kubesphere.com.cn/docs/zh-CN/introduction/features/)。
@@ -67,92 +68,48 @@ KubeSphere 采用了前后端分离的架构设计，后端的各个功能组件

 ## 最新发布

-KubeSphere 2.1.1 已于 2020 年 02 月 23 日 正式发布，点击 [Release Notes For 2.1.1](https://kubesphere.com.cn/docs/zh-CN/release/release-v211/) 查看 2.1.1 版本的更新详情。
+KubeSphere 3.0.0 已于 2020 年 8 月 31 日正式 GA！点击 [Release Notes For 3.0.0](https://kubesphere.com.cn/docs/release/release-v300/) 查看 3.0.0 版本的更新详情。

-## 快速安装
+## 安装 3.0.0

-### 部署在 Linux
+### 快速入门

- 操作系统
-  - CentOS 7.5 (64 bit)
-  - Ubuntu 16.04/18.04 LTS (64 bit)
-  - Red Hat Enterprise Linux Server 7.4 (64 bit)
-  - Debian Stretch 9.5 (64 bit)
- 配置规格（最低）
-  - CPU：2 Cores， 内存：4 GB， 硬盘：100 GB
+[快速入门系列](https://kubesphere.com.cn/docs/quick-start/) 提供了快速安装与入门示例，供初次安装体验参考。

-#### All-in-One
+### 在已有 Kubernetes 之上安装 KubeSphere

-执行以下命令下载 Installer，请关闭防火墙或 [开放指定的端口](https://kubesphere.com.cn/docs/zh-CN/installation/port-firewall/)，建议使用干净的机器并使用 `root` 用户安装：
+- [基于 Kubernetes 的安装介绍](https://kubesphere.com.cn/docs/installing-on-kubernetes/introduction/overview/)
+- [在阿里云 ACK 安装 KubeSphere](https://kubesphere.com.cn/forum/d/1745-kubesphere-v3-0-0-dev-on-ack)
+- [在腾讯云 TKE 安装 KubeSphere](https://kubesphere.com.cn/docs/installing-on-kubernetes/hosted-kubernetes/install-ks-on-tencent-tke/)
+- [在华为云 CCE 安装 KubeSphere](https://kubesphere.com.cn/docs/installing-on-kubernetes/hosted-kubernetes/install-ks-on-huawei-cce/)
+- [在 AWS EKS 安装 KubeSphere](https://kubesphere.com.cn/docs/installing-on-kubernetes/hosted-kubernetes/install-kubesphere-on-eks/)
+- [在 Google GKE 安装 KubeSphere](https://kubesphere.com.cn/docs/installing-on-kubernetes/hosted-kubernetes/install-kubesphere-on-gke/)
+- [在 Azure AKS 安装 KubeSphere](https://kubesphere.com.cn/docs/installing-on-kubernetes/hosted-kubernetes/install-kubesphere-on-aks/)
+- [在 DigitalOcean 安装 KubeSphere](https://kubesphere.com.cn/docs/installing-on-kubernetes/hosted-kubernetes/install-kubesphere-on-do/)
+- [在 Oracle OKE 安装 KubeSphere](https://kubesphere.com.cn/docs/installing-on-kubernetes/hosted-kubernetes/install-kubesphere-on-oke/)

-```bash
-curl -L https://kubesphere.io/download/stable/latest > installer.tar.gz \
-&& tar -zxf installer.tar.gz && cd kubesphere-all-v2.1.1/scripts
+### 基于 Linux 安装 KubeSphere

-./install.sh
-```
+- [多节点安装介绍（以三节点为例）](https://kubesphere.com.cn/docs/installing-on-linux/introduction/multioverview/)
+- [在 VMware vSphere 安装高可用集群](https://kubesphere.com.cn/docs/installing-on-linux/on-premises/install-kubesphere-on-vmware-vsphere/)
+- [在青云QingCloud 安装高可用集群](https://kubesphere.com.cn/docs/installing-on-linux/public-cloud/kubesphere-on-qingcloud-instance/)
+- [在阿里云 ECS 部署高可用集群](https://kubesphere.com.cn/docs/installing-on-linux/public-cloud/install-kubesphere-on-ali-ecs/)

-直接选择 `"1) All-in-one"` 即可开始快速安装。默认仅开启最小安装，请参考 [开启可插拔功能功能组件](https://kubesphere.com.cn/docs/zh-CN/installation/pluggable-components/) 按需开启其它功能组件。
-
-> 注意：All-in-One 仅适用于**测试环境**，**正式环境** 安装和使用请参考 [安装说明](https://kubesphere.com.cn/docs/zh-CN/installation/intro/)。
-
-### 部署在已有 Kubernetes 集群上
-
-可参考 [前提条件](https://kubesphere.com.cn/docs/zh-CN/installation/prerequisites/) 验证是否满足以下条件：
-
-#### 前提条件
-
- `Kubernetes` 版本： `1.15.x、1.16.x、1.17.x`；
- `Helm`版本： `2.10.0 ≤ Helm Version ＜ 3.0.0`（不支持 helm 2.16.0 [#6894](https://github.com/helm/helm/issues/6894)），且已安装了 Tiller，参考 [如何安装与配置 Helm](https://devopscube.com/install-configure-helm-kubernetes/) （预计 3.0 支持 Helm v3）；
- 集群已有默认的存储类型（StorageClass），若还没有准备存储请参考 [安装 OpenEBS 创建 LocalPV 存储类型](../../appendix/install-openebs) 用作开发测试环境。
-
-用 kubectl 安装
-
- 若您的集群可用的资源符合 CPU >= 1 Core，可用内存 >= 2 G，可参考以下命令开启 KubeSphere 最小化安装。后续如果您的集群资源足够可以参考 [开启可插拔功能功能组件](https://kubesphere.com.cn/docs/zh-CN/installation/pluggable-components/) 按需开启其它功能组件。
-
-```yaml
-kubectl apply -f https://raw.githubusercontent.com/kubesphere/ks-installer/master/kubesphere-minimal.yaml
-```
-
- 若您的集群可用的资源符合 CPU ≥ 8 Core，可用内存 ≥ 16 G，建议参考以下命令开启 KubeSphere 完整安装，即开启所有功能组件的安装：
-
-```yaml
-kubectl apply -f https://raw.githubusercontent.com/kubesphere/ks-installer/master/kubesphere-complete-setup.yaml
-```
-
-查看滚动刷新的安装日志，请耐心等待安装成功。当看到 `"Successful"` 的日志与登录信息提示，则说明 KubeSphere 安装成功，请使用日志提示的管理员账号登陆控制台。
-
-```bash
-kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
-```
-
-## 开始使用 KubeSphere
-
- KubeSphere 文档中心 ([En](https://kubesphere.com.cn/docs/)/[中](https://kubesphere.com.cn/docs/zh-CN/))
- [API 文档](https://kubesphere.com.cn/docs/zh-CN/api-reference/api-docs/)
+- [在华为云 VM 部署高可用集群](https://kubesphere.com.cn/docs/installing-on-linux/public-cloud/install-kubesphere-on-huaweicloud-ecs/)
+- [在 Azure VM 安装高可用集群](https://kubesphere.com.cn/docs/installing-on-linux/public-cloud/install-kubesphere-on-azure-vms/)

 ## 技术社区

-[KubeSphere 社区](https://github.com/kubesphere/community)包含所有社区的信息，包括如何开发，兴趣小组(SIG)等。比如[开发指南](https://github.com/kubesphere/community/tree/master/developer-guide/development) 详细说明了如何从源码编译、KubeSphere 的 GitHub 工作流、如何贡献代码以及如何测试等。
+[KubeSphere 社区](https://github.com/kubesphere/community) 包含所有社区的信息，包括如何开发，兴趣小组(SIG)等。比如[开发指南](https://github.com/kubesphere/community/tree/master/developer-guide/development) 详细说明了如何从源码编译、KubeSphere 的 GitHub 工作流、如何贡献代码以及如何测试等。

- [论坛](https://kubesphere.com.cn/forum/)
+- [中文论坛](https://kubesphere.com.cn/forum/)
 - [Slack Channel](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE)
-
-## Bug 与建议反馈
-
-欢迎在 [GitHub Issue](https://github.com/kubesphere/kubesphere/issues) 提交 Issue。
+- [社区微信群（见官网底部）](https://kubesphere.com.cn/)
+- [Bug 与建议反馈（GitHub Issue）](https://github.com/kubesphere/kubesphere/issues)

 ## 谁在使用 KubeSphere

-[Powered by KubeSphere](docs/powered-by-kubesphere.md) 列出了哪些企业在使用 KubeSphere，如果您所在的企业已安装使用了 KubeSphere，欢迎提交 PR 至该页面。
-
-## 路线图
-
-目前，KubeSphere 已发布了 3 个大版本和 1 个小版本和 4 个 fixpack，所有版本都是完全开源的，参考 [Plans for 2.1.1 and 3.0.0](https://github.com/kubesphere/kubesphere/issues/1368) 了解后续版本的规划，欢迎在 GitHub issue 中提交需求。
-
-**Express Edition** => **v1.0.x** => **v2.0.x**  => **v2.1.0** => **v2.1.1** => **v3.0.0**
-
-![Roadmap](https://pek3b.qingstor.com/kubesphere-docs/png/20190926000514.png)
+[Powered by KubeSphere](https://kubesphere.com.cn/case/) 列出了哪些企业在使用 KubeSphere，如果您所在的企业已安装使用了 KubeSphere，欢迎[提交 PR](https://github.com/kubesphere/kubesphere/blob/master/docs/powered-by-kubesphere.md)。

 ## Landscapes

--- a/api/api-rules/violation_exceptions.list
+++ b/api/api-rules/violation_exceptions.list
@@ -1,3 +1,6 @@
+API rule violation: list_type_missing,./pkg/apis/devops/v1alpha3,DevOpsProjectList,Items
+API rule violation: list_type_missing,./pkg/apis/devops/v1alpha3,NoScmPipeline,Parameters
+API rule violation: list_type_missing,./pkg/apis/devops/v1alpha3,PipelineList,Items
 API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroup,ServerAddressByClientCIDRs
 API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroup,Versions
 API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroupList,Groups
@@ -26,9 +29,63 @@ API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,Table
 API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,UpdateOptions,DryRun
 API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,RawExtension,Raw
 API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,Unknown,Raw
-API rule violation: list_type_missing,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,DevOpsProjectList,Items
-API rule violation: list_type_missing,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,NoScmPipeline,Parameters
-API rule violation: list_type_missing,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,PipelineList,Items
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,BitbucketServerSource,ApiUri
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,BitbucketServerSource,CloneOption
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,BitbucketServerSource,CredentialId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,BitbucketServerSource,DiscoverBranches
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,BitbucketServerSource,DiscoverPRFromForks
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,BitbucketServerSource,DiscoverPRFromOrigin
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,BitbucketServerSource,DiscoverTags
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,BitbucketServerSource,RegexFilter
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,BitbucketServerSource,ScmId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,DiscarderProperty,DaysToKeep
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,DiscarderProperty,NumToKeep
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitSource,CloneOption
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitSource,CredentialId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitSource,DiscoverBranches
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitSource,DiscoverTags
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitSource,RegexFilter
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitSource,ScmId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GithubSource,ApiUri
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GithubSource,CloneOption
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GithubSource,CredentialId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GithubSource,DiscoverBranches
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GithubSource,DiscoverPRFromForks
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GithubSource,DiscoverPRFromOrigin
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GithubSource,DiscoverTags
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GithubSource,RegexFilter
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GithubSource,ScmId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitlabSource,ApiUri
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitlabSource,CloneOption
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitlabSource,CredentialId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitlabSource,DiscoverBranches
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitlabSource,DiscoverPRFromForks
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitlabSource,DiscoverPRFromOrigin
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitlabSource,DiscoverTags
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitlabSource,RegexFilter
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitlabSource,ScmId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,GitlabSource,ServerName
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchJobTrigger,CreateActionJobsToTrigger
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchJobTrigger,DeleteActionJobsToTrigger
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchPipeline,BitbucketServerSource
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchPipeline,GitHubSource
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchPipeline,GitSource
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchPipeline,GitlabSource
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchPipeline,MultiBranchJobTrigger
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchPipeline,ScriptPath
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchPipeline,SingleSvnSource
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchPipeline,SourceType
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchPipeline,SvnSource
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,MultiBranchPipeline,TimerTrigger
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,NoScmPipeline,DisableConcurrent
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,NoScmPipeline,RemoteTrigger
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,NoScmPipeline,TimerTrigger
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,Parameter,DefaultValue
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,PipelineSpec,MultiBranchPipeline
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,SingleSvnSource,CredentialId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,SingleSvnSource,ScmId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,SvnSource,CredentialId
+API rule violation: names_match,./pkg/apis/devops/v1alpha3,SvnSource,ScmId
 API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,APIResourceList,APIResources
 API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,Duration,Duration
 API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,InternalEvent,Object
@@ -39,46 +96,3 @@ API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,Time,Time
 API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,ContentEncoding
 API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,ContentType
 API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,Raw
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,ApiUri
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,CloneOption
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,CredentialId
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,DiscoverBranches
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,DiscoverPRFromForks
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,DiscoverPRFromOrigin
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,RegexFilter
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,BitbucketServerSource,ScmId
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,DiscarderProperty,DaysToKeep
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,DiscarderProperty,NumToKeep
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GitSource,CloneOption
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GitSource,CredentialId
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GitSource,DiscoverBranches
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GitSource,RegexFilter
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GitSource,ScmId
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,ApiUri
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,CloneOption
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,CredentialId
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,DiscoverBranches
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,DiscoverPRFromForks
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,DiscoverPRFromOrigin
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,RegexFilter
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,GithubSource,ScmId
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchJobTrigger,CreateActionJobsToTrigger
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchJobTrigger,DeleteActionJobsToTrigger
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,BitbucketServerSource
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,GitHubSource
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,GitSource
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,MultiBranchJobTrigger
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,ScriptPath
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,SingleSvnSource
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,SourceType
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,SvnSource
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,MultiBranchPipeline,TimerTrigger
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,NoScmPipeline,DisableConcurrent
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,NoScmPipeline,RemoteTrigger
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,NoScmPipeline,TimerTrigger
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,Parameter,DefaultValue
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,PipelineSpec,MultiBranchPipeline
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,SingleSvnSource,CredentialId
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,SingleSvnSource,ScmId
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,SvnSource,CredentialId
-API rule violation: names_match,kubesphere.io/kubesphere/pkg/apis/devops/v1alpha3,SvnSource,ScmId
--- a/api/ks-openapi-spec/swagger.json
+++ b/api/ks-openapi-spec/swagger.json
--- a/api/openapi-spec/swagger.json
+++ b/api/openapi-spec/swagger.json
--- a/build/ks-apiserver/Dockerfile
+++ b/build/ks-apiserver/Dockerfile
@@ -3,8 +3,15 @@
 # that can be found in the LICENSE file.
 FROM alpine:3.11

-RUN apk add --no-cache ca-certificates 
+ARG HELM_VERSION=v3.5.2

+RUN apk add --no-cache ca-certificates
+# install helm
+RUN wget https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz && \
+    tar xvf helm-${HELM_VERSION}-linux-amd64.tar.gz && \
+    rm helm-${HELM_VERSION}-linux-amd64.tar.gz && \
+    mv linux-amd64/helm /usr/bin/ && \
+    rm -rf linux-amd64
 # To speed up building process, we copy binary directly from make
 # result instead of building it again, so make sure you run the 
 # following command first before building docker image
--- a/build/ks-controller-manager/Dockerfile
+++ b/build/ks-controller-manager/Dockerfile
@@ -3,9 +3,23 @@
 # that can be found in the LICENSE file.
 FROM alpine:3.11

-COPY  /bin/cmd/controller-manager /usr/local/bin/
+ARG HELM_VERSION=v3.5.2
+ARG KUSTOMIZE_VERSION=v4.1.0

 RUN apk add --no-cache ca-certificates
+# install helm
+RUN wget https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz && \
+    tar xvf helm-${HELM_VERSION}-linux-amd64.tar.gz && \
+    rm helm-${HELM_VERSION}-linux-amd64.tar.gz && \
+    mv linux-amd64/helm /usr/bin/ && \
+    rm -rf linux-amd64
+# install kustomize
+RUN wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
+    tar xvf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
+    rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
+    mv kustomize /usr/bin
+    
+COPY  /bin/cmd/controller-manager /usr/local/bin/

 EXPOSE 8443 8080

--- a/cmd/controller-manager/app/controllers.go
+++ b/cmd/controller-manager/app/controllers.go
@@ -20,9 +20,11 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/klog"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/kubefed/pkg/controller/util"
+
 	iamv1alpha2 "kubesphere.io/kubesphere/pkg/apis/iam/v1alpha2"
 	authoptions "kubesphere.io/kubesphere/pkg/apiserver/authentication/options"
-	"kubesphere.io/kubesphere/pkg/controller/application"
 	"kubesphere.io/kubesphere/pkg/controller/certificatesigningrequest"
 	"kubesphere.io/kubesphere/pkg/controller/cluster"
 	"kubesphere.io/kubesphere/pkg/controller/clusterrolebinding"
@@ -31,9 +33,14 @@ import (
 	"kubesphere.io/kubesphere/pkg/controller/devopsproject"
 	"kubesphere.io/kubesphere/pkg/controller/globalrole"
 	"kubesphere.io/kubesphere/pkg/controller/globalrolebinding"
+	"kubesphere.io/kubesphere/pkg/controller/group"
+	"kubesphere.io/kubesphere/pkg/controller/groupbinding"
 	"kubesphere.io/kubesphere/pkg/controller/job"
+	"kubesphere.io/kubesphere/pkg/controller/loginrecord"
+	"kubesphere.io/kubesphere/pkg/controller/network/ippool"
 	"kubesphere.io/kubesphere/pkg/controller/network/nsnetworkpolicy"
-	"kubesphere.io/kubesphere/pkg/controller/network/provider"
+	"kubesphere.io/kubesphere/pkg/controller/network/nsnetworkpolicy/provider"
+	"kubesphere.io/kubesphere/pkg/controller/notification"
 	"kubesphere.io/kubesphere/pkg/controller/pipeline"
 	"kubesphere.io/kubesphere/pkg/controller/s2ibinary"
 	"kubesphere.io/kubesphere/pkg/controller/s2irun"
@@ -41,18 +48,14 @@ import (
 	"kubesphere.io/kubesphere/pkg/controller/storage/expansion"
 	"kubesphere.io/kubesphere/pkg/controller/user"
 	"kubesphere.io/kubesphere/pkg/controller/virtualservice"
-	"kubesphere.io/kubesphere/pkg/controller/workspacerole"
-	"kubesphere.io/kubesphere/pkg/controller/workspacerolebinding"
-	"kubesphere.io/kubesphere/pkg/controller/workspacetemplate"
 	"kubesphere.io/kubesphere/pkg/informers"
 	"kubesphere.io/kubesphere/pkg/simple/client/devops"
 	"kubesphere.io/kubesphere/pkg/simple/client/k8s"
 	ldapclient "kubesphere.io/kubesphere/pkg/simple/client/ldap"
+	"kubesphere.io/kubesphere/pkg/simple/client/multicluster"
 	"kubesphere.io/kubesphere/pkg/simple/client/network"
-	"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
+	ippoolclient "kubesphere.io/kubesphere/pkg/simple/client/network/ippool"
 	"kubesphere.io/kubesphere/pkg/simple/client/s3"
-	"sigs.k8s.io/controller-runtime/pkg/manager"
-	"sigs.k8s.io/kubefed/pkg/controller/util"
 )

 func addControllers(
@@ -62,9 +65,9 @@ func addControllers(
 	devopsClient devops.Interface,
 	s3Client s3.Interface,
 	ldapClient ldapclient.Interface,
+	options *k8s.KubernetesOptions,
 	authenticationOptions *authoptions.AuthenticationOptions,
-	openpitrixClient openpitrix.Client,
-	multiClusterEnabled bool,
+	multiClusterOptions *multicluster.Options,
 	networkOptions *network.Options,
 	serviceMeshEnabled bool,
 	kubectlImage string,
@@ -73,7 +76,8 @@ func addControllers(
 	kubernetesInformer := informerFactory.KubernetesSharedInformerFactory()
 	istioInformer := informerFactory.IstioSharedInformerFactory()
 	kubesphereInformer := informerFactory.KubeSphereSharedInformerFactory()
-	applicationInformer := informerFactory.ApplicationSharedInformerFactory()
+
+	multiClusterEnabled := multiClusterOptions.Enable

 	var vsController, drController manager.Runnable
 	if serviceMeshEnabled {
@@ -94,15 +98,6 @@ func addControllers(
 			client.KubeSphere())
 	}

-	apController := application.NewApplicationController(kubernetesInformer.Core().V1().Services(),
-		kubernetesInformer.Apps().V1().Deployments(),
-		kubernetesInformer.Apps().V1().StatefulSets(),
-		kubesphereInformer.Servicemesh().V1alpha2().Strategies(),
-		kubesphereInformer.Servicemesh().V1alpha2().ServicePolicies(),
-		applicationInformer.App().V1beta1().Applications(),
-		client.Kubernetes(),
-		client.Application())
-
 	jobController := job.NewJobController(kubernetesInformer.Batch().V1().Jobs(), client.Kubernetes())

 	var s2iBinaryController, s2iRunController, devopsProjectController, devopsPipelineController, devopsCredentialController manager.Runnable
@@ -157,10 +152,8 @@ func addControllers(
 		kubernetesInformer.Apps().V1().ReplicaSets(),
 		kubernetesInformer.Apps().V1().StatefulSets())

-	var fedUserCache, fedGlobalRoleBindingCache, fedGlobalRoleCache,
-		fedWorkspaceRoleCache, fedWorkspaceRoleBindingCache cache.Store
-	var fedUserCacheController, fedGlobalRoleBindingCacheController, fedGlobalRoleCacheController,
-		fedWorkspaceRoleCacheController, fedWorkspaceRoleBindingCacheController cache.Controller
+	var fedUserCache, fedGlobalRoleBindingCache, fedGlobalRoleCache cache.Store
+	var fedUserCacheController, fedGlobalRoleBindingCacheController, fedGlobalRoleCacheController cache.Controller

 	if multiClusterEnabled {
 		fedUserClient, err := util.NewResourceClient(client.Config(), &iamv1alpha2.FedUserResource)
@@ -178,44 +171,31 @@ func addControllers(
 			klog.Error(err)
 			return err
 		}
-		fedWorkspaceRoleClient, err := util.NewResourceClient(client.Config(), &iamv1alpha2.FedWorkspaceRoleResource)
-		if err != nil {
-			klog.Error(err)
-			return err
-		}
-		fedWorkspaceRoleBindingClient, err := util.NewResourceClient(client.Config(), &iamv1alpha2.FedWorkspaceRoleBindingResource)
-		if err != nil {
-			klog.Error(err)
-			return err
-		}

 		fedUserCache, fedUserCacheController = util.NewResourceInformer(fedUserClient, "", &iamv1alpha2.FedUserResource, func(object runtime.Object) {})
 		fedGlobalRoleCache, fedGlobalRoleCacheController = util.NewResourceInformer(fedGlobalRoleClient, "", &iamv1alpha2.FedGlobalRoleResource, func(object runtime.Object) {})
 		fedGlobalRoleBindingCache, fedGlobalRoleBindingCacheController = util.NewResourceInformer(fedGlobalRoleBindingClient, "", &iamv1alpha2.FedGlobalRoleBindingResource, func(object runtime.Object) {})
-		fedWorkspaceRoleCache, fedWorkspaceRoleCacheController = util.NewResourceInformer(fedWorkspaceRoleClient, "", &iamv1alpha2.FedWorkspaceRoleResource, func(object runtime.Object) {})
-		fedWorkspaceRoleBindingCache, fedWorkspaceRoleBindingCacheController = util.NewResourceInformer(fedWorkspaceRoleBindingClient, "", &iamv1alpha2.FedWorkspaceRoleBindingResource, func(object runtime.Object) {})

 		go fedUserCacheController.Run(stopCh)
 		go fedGlobalRoleCacheController.Run(stopCh)
 		go fedGlobalRoleBindingCacheController.Run(stopCh)
-		go fedWorkspaceRoleCacheController.Run(stopCh)
-		go fedWorkspaceRoleBindingCacheController.Run(stopCh)
 	}

-	userController := user.NewUserController(client.Kubernetes(), client.KubeSphere(),
-		client.Config(),
+	userController := user.NewUserController(client.Kubernetes(), client.KubeSphere(), client.Config(),
 		kubesphereInformer.Iam().V1alpha2().Users(),
-		fedUserCache, fedUserCacheController,
 		kubesphereInformer.Iam().V1alpha2().LoginRecords(),
+		fedUserCache, fedUserCacheController,
 		kubernetesInformer.Core().V1().ConfigMaps(),
 		ldapClient, devopsClient,
 		authenticationOptions, multiClusterEnabled)

-	loginRecordController := user.NewLoginRecordController(
+	loginRecordController := loginrecord.NewLoginRecordController(
 		client.Kubernetes(),
 		client.KubeSphere(),
 		kubesphereInformer.Iam().V1alpha2().LoginRecords(),
-		authenticationOptions.LoginHistoryRetentionPeriod)
+		kubesphereInformer.Iam().V1alpha2().Users(),
+		authenticationOptions.LoginHistoryRetentionPeriod,
+		authenticationOptions.LoginHistoryMaximumEntries)

 	csrController := certificatesigningrequest.NewController(client.Kubernetes(),
 		kubernetesInformer.Certificates().V1beta1().CertificateSigningRequests(),
@@ -231,27 +211,19 @@ func addControllers(
 	globalRoleController := globalrole.NewController(client.Kubernetes(), client.KubeSphere(),
 		kubesphereInformer.Iam().V1alpha2().GlobalRoles(), fedGlobalRoleCache, fedGlobalRoleCacheController)

-	workspaceRoleController := workspacerole.NewController(client.Kubernetes(), client.KubeSphere(),
-		kubesphereInformer.Iam().V1alpha2().WorkspaceRoles(),
-		fedWorkspaceRoleCache, fedWorkspaceRoleCacheController,
-		kubesphereInformer.Tenant().V1alpha2().WorkspaceTemplates(), multiClusterEnabled)
-
 	globalRoleBindingController := globalrolebinding.NewController(client.Kubernetes(), client.KubeSphere(),
 		kubesphereInformer.Iam().V1alpha2().GlobalRoleBindings(),
 		fedGlobalRoleBindingCache, fedGlobalRoleBindingCacheController,
 		multiClusterEnabled)

-	workspaceRoleBindingController := workspacerolebinding.NewController(client.Kubernetes(), client.KubeSphere(),
-		kubesphereInformer.Iam().V1alpha2().WorkspaceRoleBindings(),
-		fedWorkspaceRoleBindingCache, fedWorkspaceRoleBindingCacheController,
-		kubesphereInformer.Tenant().V1alpha2().WorkspaceTemplates(), multiClusterEnabled)
+	groupBindingController := groupbinding.NewController(client.Kubernetes(), client.KubeSphere(),
+		kubesphereInformer.Iam().V1alpha2().GroupBindings(),
+		kubesphereInformer.Types().V1beta1().FederatedGroupBindings(),
+		multiClusterEnabled)

-	workspaceTemplateController := workspacetemplate.NewController(client.Kubernetes(), client.KubeSphere(),
-		kubesphereInformer.Tenant().V1alpha2().WorkspaceTemplates(),
-		kubesphereInformer.Tenant().V1alpha1().Workspaces(),
-		kubesphereInformer.Iam().V1alpha2().RoleBases(),
-		kubesphereInformer.Iam().V1alpha2().WorkspaceRoles(),
-		kubesphereInformer.Types().V1beta1().FederatedWorkspaces(),
+	groupController := group.NewController(client.Kubernetes(), client.KubeSphere(),
+		kubesphereInformer.Iam().V1alpha2().Groups(),
+		kubesphereInformer.Types().V1beta1().FederatedGroups(),
 		multiClusterEnabled)

 	var clusterController manager.Runnable
@@ -261,7 +233,7 @@ func addControllers(
 			client.Config(),
 			kubesphereInformer.Cluster().V1alpha1().Clusters(),
 			client.KubeSphere().ClusterV1alpha1().Clusters(),
-			openpitrixClient)
+			multiClusterOptions.ClusterControllerResyncSecond)
 	}

 	var nsnpController manager.Runnable
@@ -280,25 +252,30 @@ func addControllers(
 			kubernetesInformer.Core().V1().Namespaces(), nsnpProvider, networkOptions.NSNPOptions)
 	}

+	var ippoolController manager.Runnable
+	ippoolProvider := ippoolclient.NewProvider(kubernetesInformer, client.KubeSphere(), client.Kubernetes(), networkOptions.IPPoolType, options)
+	if ippoolProvider != nil {
+		ippoolController = ippool.NewIPPoolController(kubesphereInformer, kubernetesInformer, client.Kubernetes(), client.KubeSphere(), ippoolProvider)
+	}
+
 	controllers := map[string]manager.Runnable{
-		"virtualservice-controller":       vsController,
-		"destinationrule-controller":      drController,
-		"application-controller":          apController,
-		"job-controller":                  jobController,
-		"s2ibinary-controller":            s2iBinaryController,
-		"s2irun-controller":               s2iRunController,
-		"storagecapability-controller":    storageCapabilityController,
-		"volumeexpansion-controller":      volumeExpansionController,
-		"user-controller":                 userController,
-		"loginrecord-controller":          loginRecordController,
-		"cluster-controller":              clusterController,
-		"nsnp-controller":                 nsnpController,
-		"csr-controller":                  csrController,
-		"clusterrolebinding-controller":   clusterRoleBindingController,
-		"globalrolebinding-controller":    globalRoleBindingController,
-		"workspacetemplate-controller":    workspaceTemplateController,
-		"workspacerole-controller":        workspaceRoleController,
-		"workspacerolebinding-controller": workspaceRoleBindingController,
+		"virtualservice-controller":     vsController,
+		"destinationrule-controller":    drController,
+		"job-controller":                jobController,
+		"s2ibinary-controller":          s2iBinaryController,
+		"s2irun-controller":             s2iRunController,
+		"storagecapability-controller":  storageCapabilityController,
+		"volumeexpansion-controller":    volumeExpansionController,
+		"user-controller":               userController,
+		"loginrecord-controller":        loginRecordController,
+		"cluster-controller":            clusterController,
+		"nsnp-controller":               nsnpController,
+		"csr-controller":                csrController,
+		"clusterrolebinding-controller": clusterRoleBindingController,
+		"globalrolebinding-controller":  globalRoleBindingController,
+		"ippool-controller":             ippoolController,
+		"groupbinding-controller":       groupBindingController,
+		"group-controller":              groupController,
 	}

 	if devopsClient != nil {
@@ -309,6 +286,11 @@ func addControllers(

 	if multiClusterEnabled {
 		controllers["globalrole-controller"] = globalRoleController
+		notificationController, err := notification.NewController(client.Kubernetes(), mgr.GetClient(), mgr.GetCache())
+		if err != nil {
+			return err
+		}
+		controllers["notification-controller"] = notificationController
 	}

 	for name, ctrl := range controllers {
--- a/cmd/controller-manager/app/helper.go
+++ b/cmd/controller-manager/app/helper.go
@@ -17,12 +17,14 @@ limitations under the License.
 package app

 import (
+	"context"
 	"fmt"
+	"net/http"
+	"time"
+
 	"k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/klog"
-	"net/http"
-	"time"
 )

 // WaitForAPIServer waits for the API Server's /healthz endpoint to report "ok" before timeout.
@@ -31,7 +33,7 @@ func WaitForAPIServer(client clientset.Interface, timeout time.Duration) error {

 	err := wait.PollImmediate(time.Second, timeout, func() (bool, error) {
 		healthStatus := 0
-		result := client.Discovery().RESTClient().Get().AbsPath("/healthz").Do().StatusCode(&healthStatus)
+		result := client.Discovery().RESTClient().Get().AbsPath("/healthz").Do(context.Background()).StatusCode(&healthStatus)
 		if result.Error() != nil {
 			lastErr = fmt.Errorf("failed to get apiserver /healthz status: %v", result.Error())
 			return false, nil
--- a/cmd/controller-manager/app/options/options.go
+++ b/cmd/controller-manager/app/options/options.go
@@ -18,10 +18,16 @@ package options

 import (
 	"flag"
+	"strings"
+	"time"
+
+	"k8s.io/apimachinery/pkg/labels"
+
 	"github.com/spf13/pflag"
 	"k8s.io/client-go/tools/leaderelection"
 	cliflag "k8s.io/component-base/cli/flag"
 	"k8s.io/klog"
+
 	authoptions "kubesphere.io/kubesphere/pkg/apiserver/authentication/options"
 	"kubesphere.io/kubesphere/pkg/simple/client/devops/jenkins"
 	"kubesphere.io/kubesphere/pkg/simple/client/k8s"
@@ -31,8 +37,6 @@ import (
 	"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
 	"kubesphere.io/kubesphere/pkg/simple/client/s3"
 	"kubesphere.io/kubesphere/pkg/simple/client/servicemesh"
-	"strings"
-	"time"
 )

 type KubeSphereControllerManagerOptions struct {
@@ -48,6 +52,15 @@ type KubeSphereControllerManagerOptions struct {
 	LeaderElect           bool
 	LeaderElection        *leaderelection.LeaderElectionConfig
 	WebhookCertDir        string
+
+	// KubeSphere is using sigs.k8s.io/application as fundamental object to implement Application Management.
+	// There are other projects also built on sigs.k8s.io/application, when KubeSphere installed along side
+	// them, conflicts happen. So we leave an option to only reconcile applications  matched with the given
+	// selector. Default will reconcile all applications.
+	//    For example
+	//      "kubesphere.io/creator=" means reconcile applications with this label key
+	//      "!kubesphere.io/creator" means exclude applications with this key
+	ApplicationSelector string
 }

 func NewKubeSphereControllerManagerOptions() *KubeSphereControllerManagerOptions {
@@ -66,8 +79,9 @@ func NewKubeSphereControllerManagerOptions() *KubeSphereControllerManagerOptions
 			RenewDeadline: 15 * time.Second,
 			RetryPeriod:   5 * time.Second,
 		},
-		LeaderElect:    false,
-		WebhookCertDir: "",
+		LeaderElect:         false,
+		WebhookCertDir:      "",
+		ApplicationSelector: "",
 	}

 	return s
@@ -98,6 +112,11 @@ func (s *KubeSphereControllerManagerOptions) Flags() cliflag.NamedFlagSets {
 		"if not set, webhook server would look up the server key and certificate in"+
 		"{TempDir}/k8s-webhook-server/serving-certs")

+	gfs := fss.FlagSet("generic")
+	gfs.StringVar(&s.ApplicationSelector, "application-selector", s.ApplicationSelector, ""+
+		"Only reconcile application(sigs.k8s.io/application) objects match given selector, this could avoid conflicts with "+
+		"other projects built on top of sig-application. Default behavior is to reconcile all of application objects.")
+
 	kfs := fss.FlagSet("klog")
 	local := flag.NewFlagSet("klog", flag.ExitOnError)
 	klog.InitFlags(local)
@@ -117,6 +136,14 @@ func (s *KubeSphereControllerManagerOptions) Validate() []error {
 	errs = append(errs, s.OpenPitrixOptions.Validate()...)
 	errs = append(errs, s.NetworkOptions.Validate()...)
 	errs = append(errs, s.LdapOptions.Validate()...)
+
+	if len(s.ApplicationSelector) != 0 {
+		_, err := labels.Parse(s.ApplicationSelector)
+		if err != nil {
+			errs = append(errs, err)
+		}
+	}
+
 	return errs
 }

--- a/cmd/controller-manager/app/server.go
+++ b/cmd/controller-manager/app/server.go
@@ -18,31 +18,46 @@ package app

 import (
 	"fmt"
+	"os"
+
 	"github.com/spf13/cobra"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	cliflag "k8s.io/component-base/cli/flag"
 	"k8s.io/klog"
 	"k8s.io/klog/klogr"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/runtime/signals"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+
 	"kubesphere.io/kubesphere/cmd/controller-manager/app/options"
 	"kubesphere.io/kubesphere/pkg/apis"
 	controllerconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
+	"kubesphere.io/kubesphere/pkg/controller/application"
 	"kubesphere.io/kubesphere/pkg/controller/namespace"
-	"kubesphere.io/kubesphere/pkg/controller/network/nsnetworkpolicy"
+	"kubesphere.io/kubesphere/pkg/controller/network/webhooks"
+	"kubesphere.io/kubesphere/pkg/controller/openpitrix/helmapplication"
+	"kubesphere.io/kubesphere/pkg/controller/openpitrix/helmcategory"
+	"kubesphere.io/kubesphere/pkg/controller/openpitrix/helmrelease"
+	"kubesphere.io/kubesphere/pkg/controller/openpitrix/helmrepo"
+	"kubesphere.io/kubesphere/pkg/controller/quota"
+	"kubesphere.io/kubesphere/pkg/controller/serviceaccount"
 	"kubesphere.io/kubesphere/pkg/controller/user"
 	"kubesphere.io/kubesphere/pkg/controller/workspace"
+	"kubesphere.io/kubesphere/pkg/controller/workspacerole"
+	"kubesphere.io/kubesphere/pkg/controller/workspacerolebinding"
+	"kubesphere.io/kubesphere/pkg/controller/workspacetemplate"
 	"kubesphere.io/kubesphere/pkg/informers"
 	"kubesphere.io/kubesphere/pkg/simple/client/devops"
 	"kubesphere.io/kubesphere/pkg/simple/client/devops/jenkins"
 	"kubesphere.io/kubesphere/pkg/simple/client/k8s"
 	ldapclient "kubesphere.io/kubesphere/pkg/simple/client/ldap"
-	"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
 	"kubesphere.io/kubesphere/pkg/simple/client/s3"
+	"kubesphere.io/kubesphere/pkg/utils/metrics"
 	"kubesphere.io/kubesphere/pkg/utils/term"
-	"os"
-	application "sigs.k8s.io/application/controllers"
-	"sigs.k8s.io/controller-runtime/pkg/manager"
-	"sigs.k8s.io/controller-runtime/pkg/runtime/signals"
-	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"kubesphere.io/kubesphere/pkg/version"
 )

 func NewControllerManagerCommand() *cobra.Command {
@@ -98,10 +113,22 @@ func NewControllerManagerCommand() *cobra.Command {
 		_, _ = fmt.Fprintf(cmd.OutOrStdout(), "%s\n\n"+usageFmt, cmd.Long, cmd.UseLine())
 		cliflag.PrintSections(cmd.OutOrStdout(), namedFlagSets, cols)
 	})
+
+	versionCmd := &cobra.Command{
+		Use:   "version",
+		Short: "Print the version of KubeSphere ks-apiserver",
+		Run: func(cmd *cobra.Command, args []string) {
+			cmd.Println(version.Get())
+		},
+	}
+
+	cmd.AddCommand(versionCmd)
+
 	return cmd
 }

 func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{}) error {
+
 	kubernetesClient, err := k8s.NewKubernetesClient(s.KubernetesOptions)
 	if err != nil {
 		klog.Errorf("Failed to create kubernetes clientset %v", err)
@@ -117,9 +144,8 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 	}

 	var ldapClient ldapclient.Interface
-	if s.LdapOptions == nil || len(s.LdapOptions.Host) == 0 {
-		return fmt.Errorf("ldap service address MUST not be empty")
-	} else {
+	// when there is no ldapOption, we set ldapClient as nil, which means we don't need to sync user info into ldap.
+	if s.LdapOptions != nil && len(s.LdapOptions.Host) != 0 {
 		if s.LdapOptions.Host == ldapclient.FAKE_HOST { // for debug only
 			ldapClient = ldapclient.NewSimpleLdap()
 		} else {
@@ -128,14 +154,8 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 				return fmt.Errorf("failed to connect to ldap service, please check ldap status, error: %v", err)
 			}
 		}
-	}
-
-	var openpitrixClient openpitrix.Client
-	if s.OpenPitrixOptions != nil && !s.OpenPitrixOptions.IsEmpty() {
-		openpitrixClient, err = openpitrix.NewClient(s.OpenPitrixOptions)
-		if err != nil {
-			return fmt.Errorf("failed to connect to openpitrix, please check openpitrix status, error: %v", err)
-		}
+	} else {
+		klog.Warning("ks-controller-manager starts without ldap provided, it will not sync user into ldap")
 	}

 	var s3Client s3.Interface
@@ -150,9 +170,9 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 		kubernetesClient.Kubernetes(),
 		kubernetesClient.KubeSphere(),
 		kubernetesClient.Istio(),
-		kubernetesClient.Application(),
 		kubernetesClient.Snapshot(),
-		kubernetesClient.ApiExtensions())
+		kubernetesClient.ApiExtensions(),
+		kubernetesClient.Prometheus())

 	mgrOptions := manager.Options{
 		CertDir: s.WebhookCertDir,
@@ -173,7 +193,7 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 	}

 	klog.V(0).Info("setting up manager")
-
+	ctrl.SetLogger(klogr.New())
 	// Use 8443 instead of 443 cause we need root permission to bind port 443
 	mgr, err := manager.New(kubernetesClient.Config(), mgrOptions)
 	if err != nil {
@@ -184,24 +204,94 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 		klog.Fatalf("unable add APIs to scheme: %v", err)
 	}

-	err = workspace.Add(mgr)
-	if err != nil {
-		klog.Fatal("Unable to create workspace controller")
+	// register common meta types into schemas.
+	metav1.AddToGroupVersion(mgr.GetScheme(), metav1.SchemeGroupVersion)
+
+	workspaceTemplateReconciler := &workspacetemplate.Reconciler{MultiClusterEnabled: s.MultiClusterOptions.Enable}
+	if err = workspaceTemplateReconciler.SetupWithManager(mgr); err != nil {
+		klog.Fatalf("Unable to create workspace template controller: %v", err)
 	}

-	err = namespace.Add(mgr)
-	if err != nil {
-		klog.Fatal("Unable to create namespace controller")
+	workspaceReconciler := &workspace.Reconciler{}
+	if err = workspaceReconciler.SetupWithManager(mgr); err != nil {
+		klog.Fatalf("Unable to create workspace controller: %v", err)
 	}

-	err = (&application.ApplicationReconciler{
-		Scheme: mgr.GetScheme(),
-		Client: mgr.GetClient(),
-		Mapper: mgr.GetRESTMapper(),
-		Log:    klogr.New(),
+	workspaceRoleReconciler := &workspacerole.Reconciler{MultiClusterEnabled: s.MultiClusterOptions.Enable}
+	if err = workspaceRoleReconciler.SetupWithManager(mgr); err != nil {
+		klog.Fatalf("Unable to create workspace role controller: %v", err)
+	}
+
+	workspaceRoleBindingReconciler := &workspacerolebinding.Reconciler{MultiClusterEnabled: s.MultiClusterOptions.Enable}
+	if err = workspaceRoleBindingReconciler.SetupWithManager(mgr); err != nil {
+		klog.Fatalf("Unable to create workspace role binding controller: %v", err)
+	}
+
+	namespaceReconciler := &namespace.Reconciler{}
+	if err = namespaceReconciler.SetupWithManager(mgr); err != nil {
+		klog.Fatalf("Unable to create namespace controller: %v", err)
+	}
+
+	err = helmrepo.Add(mgr)
+	if err != nil {
+		klog.Fatal("Unable to create helm repo controller")
+	}
+
+	err = helmcategory.Add(mgr)
+	if err != nil {
+		klog.Fatal("Unable to create helm category controller")
+	}
+
+	var opS3Client s3.Interface
+	if !s.OpenPitrixOptions.AppStoreConfIsEmpty() {
+		opS3Client, err = s3.NewS3Client(s.OpenPitrixOptions.S3Options)
+		if err != nil {
+			klog.Fatalf("failed to connect to s3, please check openpitrix s3 service status, error: %v", err)
+		}
+		err = (&helmapplication.ReconcileHelmApplication{}).SetupWithManager(mgr)
+		if err != nil {
+			klog.Fatalf("Unable to create helm application controller, error: %s", err)
+		}
+
+		err = (&helmapplication.ReconcileHelmApplicationVersion{}).SetupWithManager(mgr)
+		if err != nil {
+			klog.Fatalf("Unable to create helm application version controller, error: %s ", err)
+		}
+	}
+
+	err = (&helmrelease.ReconcileHelmRelease{
+		// nil interface is valid value.
+		StorageClient:      opS3Client,
+		KsFactory:          informerFactory.KubeSphereSharedInformerFactory(),
+		MultiClusterEnable: s.MultiClusterOptions.Enable,
+		WaitTime:           s.OpenPitrixOptions.ReleaseControllerOptions.WaitTime,
+		MaxConcurrent:      s.OpenPitrixOptions.ReleaseControllerOptions.MaxConcurrent,
+		StopChan:           stopCh,
 	}).SetupWithManager(mgr)
+
 	if err != nil {
-		klog.Fatal("Unable to create application controller")
+		klog.Fatalf("Unable to create helm release controller, error: %s", err)
+	}
+
+	selector, _ := labels.Parse(s.ApplicationSelector)
+	applicationReconciler := &application.ApplicationReconciler{
+		Scheme:              mgr.GetScheme(),
+		Client:              mgr.GetClient(),
+		Mapper:              mgr.GetRESTMapper(),
+		ApplicationSelector: selector,
+	}
+	if err = applicationReconciler.SetupWithManager(mgr); err != nil {
+		klog.Fatalf("Unable to create application controller: %v", err)
+	}
+
+	saReconciler := &serviceaccount.Reconciler{}
+	if err = saReconciler.SetupWithManager(mgr); err != nil {
+		klog.Fatalf("Unable to create ServiceAccount controller: %v", err)
+	}
+
+	resourceQuotaReconciler := quota.Reconciler{}
+	if err := resourceQuotaReconciler.SetupWithManager(mgr, quota.DefaultMaxConcurrentReconciles, quota.DefaultResyncPeriod, informerFactory.KubernetesSharedInformerFactory()); err != nil {
+		klog.Fatalf("Unable to create ResourceQuota controller: %v", err)
 	}

 	// TODO(jeff): refactor config with CRD
@@ -212,9 +302,9 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 		devopsClient,
 		s3Client,
 		ldapClient,
+		s.KubernetesOptions,
 		s.AuthenticationOptions,
-		openpitrixClient,
-		s.MultiClusterOptions.Enable,
+		s.MultiClusterOptions,
 		s.NetworkOptions,
 		servicemeshEnabled,
 		s.AuthenticationOptions.KubectlImage, stopCh); err != nil {
@@ -230,8 +320,20 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 	hookServer := mgr.GetWebhookServer()

 	klog.V(2).Info("registering webhooks to the webhook server")
-	hookServer.Register("/validate-email-iam-kubesphere-io-v1alpha2-user", &webhook.Admission{Handler: &user.EmailValidator{Client: mgr.GetClient()}})
-	hookServer.Register("/validate-nsnp-kubesphere-io-v1alpha1-network", &webhook.Admission{Handler: &nsnetworkpolicy.NSNPValidator{Client: mgr.GetClient()}})
+	hookServer.Register("/validate-email-iam-kubesphere-io-v1alpha2", &webhook.Admission{Handler: &user.EmailValidator{Client: mgr.GetClient()}})
+	hookServer.Register("/validate-network-kubesphere-io-v1alpha1", &webhook.Admission{Handler: &webhooks.ValidatingHandler{C: mgr.GetClient()}})
+	hookServer.Register("/mutate-network-kubesphere-io-v1alpha1", &webhook.Admission{Handler: &webhooks.MutatingHandler{C: mgr.GetClient()}})
+
+	resourceQuotaAdmission, err := quota.NewResourceQuotaAdmission(mgr.GetClient(), mgr.GetScheme())
+	if err != nil {
+		klog.Fatalf("unable to create resource quota admission: %v", err)
+	}
+	hookServer.Register("/validate-quota-kubesphere-io-v1alpha2", &webhook.Admission{Handler: resourceQuotaAdmission})
+
+	klog.V(2).Info("registering metrics to the webhook server")
+	// Add an extra metric endpoint, so we can use the the same metric definition with ks-apiserver
+	// /kapis/metrics is independent of controller-manager's built-in /metrics
+	mgr.AddMetricsExtraHandler("/kapis/metrics", metrics.Handler())

 	klog.V(0).Info("Starting the controllers.")
 	if err = mgr.Start(stopCh); err != nil {
--- a/cmd/controller-manager/controller-manager.go
+++ b/cmd/controller-manager/controller-manager.go
@@ -17,8 +17,9 @@ limitations under the License.
 package main

 import (
-	"kubesphere.io/kubesphere/cmd/controller-manager/app"
 	"os"
+
+	"kubesphere.io/kubesphere/cmd/controller-manager/app"
 )

 func main() {
--- a/cmd/ks-apiserver/apiserver.go
+++ b/cmd/ks-apiserver/apiserver.go
@@ -17,8 +17,9 @@ limitations under the License.
 package main

 import (
-	"kubesphere.io/kubesphere/cmd/ks-apiserver/app"
 	"log"
+
+	"kubesphere.io/kubesphere/cmd/ks-apiserver/app"
 )

 func main() {
--- a/cmd/ks-apiserver/app/options/options.go
+++ b/cmd/ks-apiserver/app/options/options.go
@@ -20,25 +20,33 @@ import (
 	"crypto/tls"
 	"flag"
 	"fmt"
+
 	cliflag "k8s.io/component-base/cli/flag"
 	"k8s.io/klog"
+	runtimecache "sigs.k8s.io/controller-runtime/pkg/cache"
+
+	"kubesphere.io/kubesphere/pkg/apis"
 	"kubesphere.io/kubesphere/pkg/apiserver"
 	apiserverconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
+	"kubesphere.io/kubesphere/pkg/client/clientset/versioned/scheme"
 	"kubesphere.io/kubesphere/pkg/informers"
 	genericoptions "kubesphere.io/kubesphere/pkg/server/options"
+	"kubesphere.io/kubesphere/pkg/simple/client/alerting"
 	auditingclient "kubesphere.io/kubesphere/pkg/simple/client/auditing/elasticsearch"
 	"kubesphere.io/kubesphere/pkg/simple/client/cache"
+
+	"net/http"
+	"strings"
+
 	"kubesphere.io/kubesphere/pkg/simple/client/devops/jenkins"
 	eventsclient "kubesphere.io/kubesphere/pkg/simple/client/events/elasticsearch"
 	"kubesphere.io/kubesphere/pkg/simple/client/k8s"
 	esclient "kubesphere.io/kubesphere/pkg/simple/client/logging/elasticsearch"
+	"kubesphere.io/kubesphere/pkg/simple/client/monitoring/metricsserver"
 	"kubesphere.io/kubesphere/pkg/simple/client/monitoring/prometheus"
-	"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
 	"kubesphere.io/kubesphere/pkg/simple/client/s3"
 	fakes3 "kubesphere.io/kubesphere/pkg/simple/client/s3/fake"
 	"kubesphere.io/kubesphere/pkg/simple/client/sonarqube"
-	"net/http"
-	"strings"
 )

 type ServerRunOptions struct {
@@ -78,6 +86,7 @@ func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
 	s.MultiClusterOptions.AddFlags(fss.FlagSet("multicluster"), s.MultiClusterOptions)
 	s.EventsOptions.AddFlags(fss.FlagSet("events"), s.EventsOptions)
 	s.AuditingOptions.AddFlags(fss.FlagSet("auditing"), s.AuditingOptions)
+	s.AlertingOptions.AddFlags(fss.FlagSet("alerting"), s.AlertingOptions)

 	fs = fss.FlagSet("klog")
 	local := flag.NewFlagSet("klog", flag.ExitOnError)
@@ -105,7 +114,7 @@ func (s *ServerRunOptions) NewAPIServer(stopCh <-chan struct{}) (*apiserver.APIS
 	apiServer.KubernetesClient = kubernetesClient

 	informerFactory := informers.NewInformerFactories(kubernetesClient.Kubernetes(), kubernetesClient.KubeSphere(),
-		kubernetesClient.Istio(), kubernetesClient.Application(), kubernetesClient.Snapshot(), kubernetesClient.ApiExtensions())
+		kubernetesClient.Istio(), kubernetesClient.Snapshot(), kubernetesClient.ApiExtensions(), kubernetesClient.Prometheus())
 	apiServer.InformerFactory = informerFactory

 	if s.MonitoringOptions == nil || len(s.MonitoringOptions.Endpoint) == 0 {
@@ -118,8 +127,10 @@ func (s *ServerRunOptions) NewAPIServer(stopCh <-chan struct{}) (*apiserver.APIS
 		apiServer.MonitoringClient = monitoringClient
 	}

+	apiServer.MetricsClient = metricsserver.NewMetricsClient(kubernetesClient.Kubernetes(), s.KubernetesOptions)
+
 	if s.LoggingOptions.Host != "" {
-		loggingClient, err := esclient.NewElasticsearch(s.LoggingOptions)
+		loggingClient, err := esclient.NewClient(s.LoggingOptions)
 		if err != nil {
 			return nil, fmt.Errorf("failed to connect to elasticsearch, please check elasticsearch status, error: %v", err)
 		}
@@ -155,9 +166,7 @@ func (s *ServerRunOptions) NewAPIServer(stopCh <-chan struct{}) (*apiserver.APIS
 	}

 	var cacheClient cache.Interface
-	if s.RedisOptions == nil || len(s.RedisOptions.Host) == 0 {
-		return nil, fmt.Errorf("redis service address MUST not be empty, please check configmap/kubesphere-config in kubesphere-system namespace")
-	} else {
+	if s.RedisOptions != nil && len(s.RedisOptions.Host) != 0 {
 		if s.RedisOptions.Host == fakeInterface && s.DebugMode {
 			apiServer.CacheClient = cache.NewSimpleCache()
 		} else {
@@ -167,6 +176,10 @@ func (s *ServerRunOptions) NewAPIServer(stopCh <-chan struct{}) (*apiserver.APIS
 			}
 			apiServer.CacheClient = cacheClient
 		}
+	} else {
+		klog.Warning("ks-apiserver starts without redis provided, it will use in memory cache. " +
+			"This may cause inconsistencies when running ks-apiserver with multiple replicas.")
+		apiServer.CacheClient = cache.NewSimpleCache()
 	}

 	if s.EventsOptions.Host != "" {
@@ -185,12 +198,12 @@ func (s *ServerRunOptions) NewAPIServer(stopCh <-chan struct{}) (*apiserver.APIS
 		apiServer.AuditingClient = auditingClient
 	}

-	if s.OpenPitrixOptions != nil && !s.OpenPitrixOptions.IsEmpty() {
-		opClient, err := openpitrix.NewClient(s.OpenPitrixOptions)
+	if s.AlertingOptions != nil && (s.AlertingOptions.PrometheusEndpoint != "" || s.AlertingOptions.ThanosRulerEndpoint != "") {
+		alertingClient, err := alerting.NewRuleClient(s.AlertingOptions)
 		if err != nil {
-			return nil, fmt.Errorf("failed to connect to openpitrix, please check openpitrix status, error: %v", err)
+			return nil, fmt.Errorf("failed to init alerting client: %v", err)
 		}
-		apiServer.OpenpitrixClient = opClient
+		apiServer.AlertingClient = alertingClient
 	}

 	server := &http.Server{
@@ -205,6 +218,16 @@ func (s *ServerRunOptions) NewAPIServer(stopCh <-chan struct{}) (*apiserver.APIS
 		server.TLSConfig.Certificates = []tls.Certificate{certificate}
 	}

+	sch := scheme.Scheme
+	if err := apis.AddToScheme(sch); err != nil {
+		klog.Fatalf("unable add APIs to scheme: %v", err)
+	}
+
+	apiServer.RuntimeCache, err = runtimecache.New(apiServer.KubernetesClient.Config(), runtimecache.Options{Scheme: sch})
+	if err != nil {
+		klog.Fatalf("unable to create runtime cache: %v", err)
+	}
+
 	apiServer.Server = server

 	return apiServer, nil
--- a/cmd/ks-apiserver/app/options/validation.go
+++ b/cmd/ks-apiserver/app/options/validation.go
@@ -31,9 +31,11 @@ func (s *ServerRunOptions) Validate() []error {
 	errors = append(errors, s.OpenPitrixOptions.Validate()...)
 	errors = append(errors, s.NetworkOptions.Validate()...)
 	errors = append(errors, s.LoggingOptions.Validate()...)
+	errors = append(errors, s.AuthenticationOptions.Validate()...)
 	errors = append(errors, s.AuthorizationOptions.Validate()...)
 	errors = append(errors, s.EventsOptions.Validate()...)
 	errors = append(errors, s.AuditingOptions.Validate()...)
+	errors = append(errors, s.AlertingOptions.Validate()...)

 	return errors
 }
--- a/cmd/ks-apiserver/app/server.go
+++ b/cmd/ks-apiserver/app/server.go
@@ -18,14 +18,17 @@ package app

 import (
 	"fmt"
-	kconfig "github.com/kiali/kiali/config"
+
 	"github.com/spf13/cobra"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	cliflag "k8s.io/component-base/cli/flag"
+	"k8s.io/klog"
+
 	"kubesphere.io/kubesphere/cmd/ks-apiserver/app/options"
 	apiserverconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
 	"kubesphere.io/kubesphere/pkg/utils/signals"
 	"kubesphere.io/kubesphere/pkg/utils/term"
+	"kubesphere.io/kubesphere/pkg/version"

 	tracing "kubesphere.io/kubesphere/pkg/kapis/servicemesh/metrics/v1alpha2"
 )
@@ -40,6 +43,8 @@ func NewAPIServerCommand() *cobra.Command {
 			GenericServerRunOptions: s.GenericServerRunOptions,
 			Config:                  conf,
 		}
+	} else {
+		klog.Fatal("Failed to load configuration from disk", err)
 	}

 	cmd := &cobra.Command{
@@ -69,6 +74,17 @@ cluster's shared state through which all other components interact.`,
 		fmt.Fprintf(cmd.OutOrStdout(), "%s\n\n"+usageFmt, cmd.Long, cmd.UseLine())
 		cliflag.PrintSections(cmd.OutOrStdout(), namedFlagSets, cols)
 	})
+
+	versionCmd := &cobra.Command{
+		Use:   "version",
+		Short: "Print the version of KubeSphere ks-apiserver",
+		Run: func(cmd *cobra.Command, args []string) {
+			cmd.Println(version.Get())
+		},
+	}
+
+	cmd.AddCommand(versionCmd)
+
 	return cmd
 }

@@ -90,24 +106,13 @@ func Run(s *options.ServerRunOptions, stopCh <-chan struct{}) error {
 }

 func initializeServicemeshConfig(s *options.ServerRunOptions) {
-	// Initialize kiali config
-	config := kconfig.NewConfig()
-
 	// Config jaeger query endpoint address
 	if s.ServiceMeshOptions != nil && len(s.ServiceMeshOptions.JaegerQueryHost) != 0 {
 		tracing.JaegerQueryUrl = s.ServiceMeshOptions.JaegerQueryHost
 	}

-	// Exclude system namespaces
-	config.API.Namespaces.Exclude = []string{"istio-system", "kubesphere*", "kube*"}
-	config.InCluster = true
-
-	// Set default prometheus service url
-	config.ExternalServices.PrometheusServiceURL = s.ServiceMeshOptions.ServicemeshPrometheusHost
-	config.ExternalServices.PrometheusCustomMetricsURL = config.ExternalServices.PrometheusServiceURL
-
-	// Set istio pilot discovery service url
-	config.ExternalServices.Istio.UrlServiceVersion = s.ServiceMeshOptions.IstioPilotHost
-
-	kconfig.Set(config)
+	// Set the kiali query endpoint address
+	if s.ServiceMeshOptions != nil && len(s.ServiceMeshOptions.KialiQueryHost) != 0 {
+		tracing.KialiQueryUrl = s.ServiceMeshOptions.KialiQueryHost
+	}
 }
--- a/config/crd/bases/cluster.kubesphere.io_agents.yaml
+++ b/config/crd/bases/cluster.kubesphere.io_agents.yaml
@@ -1,114 +0,0 @@
-
---
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: agents.cluster.kubesphere.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.Paused
-    name: Paused
-    type: bool
-  group: cluster.kubesphere.io
-  names:
-    kind: Agent
-    listKind: AgentList
-    plural: agents
-    singular: agent
-  scope: Cluster
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      description: Agent is the Schema for the agents API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: AgentSpec defines the desired state of Agent
-          properties:
-            kubernetesAPIServerPort:
-              description: KubeAPIServerPort is the port which listens for forwarding
-                kube-apiserver traffic
-              type: integer
-            kubesphereAPIServerPort:
-              description: KubeSphereAPIServerPort is the port which listens for forwarding
-                kubesphere apigateway traffic
-              type: integer
-            paused:
-              description: Indicates that the agent is paused.
-              type: boolean
-            proxy:
-              description: Proxy address
-              type: string
-            token:
-              description: Token used by agents to connect to proxy.
-              type: string
-          type: object
-        status:
-          description: AgentStatus defines the observed state of Agent
-          properties:
-            conditions:
-              description: Represents the latest available observations of a agent's
-                current state.
-              items:
-                properties:
-                  lastTransitionTime:
-                    description: Last time the condition transitioned from one status
-                      to another.
-                    format: date-time
-                    type: string
-                  lastUpdateTime:
-                    description: The last time this condition was updated.
-                    format: date-time
-                    type: string
-                  message:
-                    description: A human readable message indicating details about
-                      the transition.
-                    type: string
-                  reason:
-                    description: The reason for the condition's last transition.
-                    type: string
-                  status:
-                    description: Status of the condition, one of True, False, Unknown.
-                    type: string
-                  type:
-                    description: Type of AgentCondition
-                    type: string
-                required:
-                - status
-                type: object
-              type: array
-            kubeconfig:
-              description: Issued new kubeconfig by proxy server
-              format: byte
-              type: string
-            ping:
-              description: Represents the connection quality, in ms
-              format: int64
-              type: integer
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/config/crd/bases/cluster.kubesphere.io_clusters.yaml
+++ b/config/crd/bases/cluster.kubesphere.io_clusters.yaml
@@ -1,168 +0,0 @@
-
---
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: clusters.cluster.kubesphere.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.joinFederation
-    name: Federated
-    type: boolean
-  - JSONPath: .spec.provider
-    name: Provider
-    type: string
-  - JSONPath: .spec.enable
-    name: Active
-    type: boolean
-  - JSONPath: .status.kubernetesVersion
-    name: Version
-    type: string
-  group: cluster.kubesphere.io
-  names:
-    kind: Cluster
-    listKind: ClusterList
-    plural: clusters
-    singular: cluster
-  scope: Cluster
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      description: Cluster is the schema for the clusters API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          properties:
-            connection:
-              description: Connection holds info to connect to the member cluster
-              properties:
-                kubeconfig:
-                  description: KubeConfig content used to connect to cluster api server
-                    Should provide this field explicitly if connection type is direct.
-                    Will be populated by ks-proxy if connection type is proxy.
-                  format: byte
-                  type: string
-                kubernetesAPIEndpoint:
-                  description: Kubernetes API Server endpoint. This can be a hostname,
-                    hostname:port, IP or IP:port. Should provide this field explicitly
-                    if connection type is direct. Will be populated by ks-apiserver
-                    if connection type is proxy.
-                  type: string
-                kubernetesAPIServerPort:
-                  description: KubeAPIServerPort is the port which listens for forwarding
-                    kube-apiserver traffic Only applicable when connection type is
-                    proxy.
-                  type: integer
-                kubesphereAPIEndpoint:
-                  description: KubeSphere API Server endpoint. This can be a hostname,
-                    hostname:port, IP or IP:port. Should provide this field explicitly
-                    if connection type is direct. Will be populated by ks-apiserver
-                    if connection type is proxy.
-                  type: string
-                kubesphereAPIServerPort:
-                  description: KubeSphereAPIServerPort is the port which listens for
-                    forwarding kubesphere apigateway traffic Only applicable when
-                    connection type is proxy.
-                  type: integer
-                token:
-                  description: Token used by agents of member cluster to connect to
-                    host cluster proxy. This field is populated by apiserver only
-                    if connection type is proxy.
-                  type: string
-                type:
-                  description: type defines how host cluster will connect to host
-                    cluster ConnectionTypeDirect means direct connection, this requires   kubeconfig
-                    and kubesphere apiserver endpoint provided ConnectionTypeProxy
-                    means using kubesphere proxy, no kubeconfig   or kubesphere apiserver
-                    endpoint required
-                  type: string
-              type: object
-            enable:
-              description: Desired state of the cluster
-              type: boolean
-            joinFederation:
-              description: Join cluster as a kubefed cluster
-              type: boolean
-            provider:
-              description: Provider of the cluster, this field is just for description
-              type: string
-          type: object
-        status:
-          properties:
-            conditions:
-              description: Represents the latest available observations of a cluster's
-                current state.
-              items:
-                properties:
-                  lastTransitionTime:
-                    description: Last time the condition transitioned from one status
-                      to another.
-                    format: date-time
-                    type: string
-                  lastUpdateTime:
-                    description: The last time this condition was updated.
-                    format: date-time
-                    type: string
-                  message:
-                    description: A human readable message indicating details about
-                      the transition.
-                    type: string
-                  reason:
-                    description: The reason for the condition's last transition.
-                    type: string
-                  status:
-                    description: Status of the condition, one of True, False, Unknown.
-                    type: string
-                  type:
-                    description: Type of the condition
-                    type: string
-                required:
-                - status
-                - type
-                type: object
-              type: array
-            kubernetesVersion:
-              description: GitVersion of the kubernetes cluster, this field is populated
-                by cluster controller
-              type: string
-            nodeCount:
-              description: Count of the kubernetes cluster nodes This field may not
-                reflect the instant status of the cluster.
-              type: integer
-            region:
-              description: Region is the name of the region in which all of the nodes
-                in the cluster exist.  e.g. 'us-east1'.
-              type: string
-            zones:
-              description: Zones are the names of availability zones in which the
-                nodes of the cluster exist, e.g. 'us-east1-a'.
-              items:
-                type: string
-              type: array
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/config/crd/bases/devops.kubesphere.io_devopsprojects.yaml
+++ b/config/crd/bases/devops.kubesphere.io_devopsprojects.yaml
@@ -1,59 +0,0 @@
-
---
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: devopsprojects.devops.kubesphere.io
-spec:
-  group: devops.kubesphere.io
-  names:
-    categories:
-    - devops
-    kind: DevOpsProject
-    listKind: DevOpsProjectList
-    plural: devopsprojects
-    singular: devopsproject
-  scope: Cluster
-  validation:
-    openAPIV3Schema:
-      description: DevOpsProject is the Schema for the devopsprojects API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: DevOpsProjectSpec defines the desired state of DevOpsProject
-          type: object
-        status:
-          description: DevOpsProjectStatus defines the observed state of DevOpsProject
-          properties:
-            adminNamespace:
-              description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
-                of cluster Important: Run "make" to regenerate code after modifying
-                this file'
-              type: string
-          type: object
-      type: object
-  version: v1alpha3
-  versions:
-  - name: v1alpha3
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/config/crd/bases/devops.kubesphere.io_pipelines.yaml
+++ b/config/crd/bases/devops.kubesphere.io_pipelines.yaml
@@ -1,260 +0,0 @@
-
---
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: pipelines.devops.kubesphere.io
-spec:
-  group: devops.kubesphere.io
-  names:
-    kind: Pipeline
-    listKind: PipelineList
-    plural: pipelines
-    singular: pipeline
-  scope: Namespaced
-  validation:
-    openAPIV3Schema:
-      description: Pipeline is the Schema for the pipelines API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: PipelineSpec defines the desired state of Pipeline
-          properties:
-            multi_branch_pipeline:
-              properties:
-                bitbucket_server_source:
-                  properties:
-                    api_uri:
-                      type: string
-                    credential_id:
-                      type: string
-                    discover_branches:
-                      type: integer
-                    discover_pr_from_forks:
-                      properties:
-                        strategy:
-                          type: integer
-                        trust:
-                          type: integer
-                      type: object
-                    discover_pr_from_origin:
-                      type: integer
-                    git_clone_option:
-                      properties:
-                        depth:
-                          type: integer
-                        shallow:
-                          type: boolean
-                        timeout:
-                          type: integer
-                      type: object
-                    owner:
-                      type: string
-                    regex_filter:
-                      type: string
-                    repo:
-                      type: string
-                    scm_id:
-                      type: string
-                  type: object
-                descriptio:
-                  type: string
-                discarder:
-                  properties:
-                    days_to_keep:
-                      type: string
-                    num_to_keep:
-                      type: string
-                  type: object
-                git_source:
-                  properties:
-                    credential_id:
-                      type: string
-                    discover_branches:
-                      type: boolean
-                    git_clone_option:
-                      properties:
-                        depth:
-                          type: integer
-                        shallow:
-                          type: boolean
-                        timeout:
-                          type: integer
-                      type: object
-                    regex_filter:
-                      type: string
-                    scm_id:
-                      type: string
-                    url:
-                      type: string
-                  type: object
-                github_source:
-                  properties:
-                    api_uri:
-                      type: string
-                    credential_id:
-                      type: string
-                    discover_branches:
-                      type: integer
-                    discover_pr_from_forks:
-                      properties:
-                        strategy:
-                          type: integer
-                        trust:
-                          type: integer
-                      type: object
-                    discover_pr_from_origin:
-                      type: integer
-                    git_clone_option:
-                      properties:
-                        depth:
-                          type: integer
-                        shallow:
-                          type: boolean
-                        timeout:
-                          type: integer
-                      type: object
-                    owner:
-                      type: string
-                    regex_filter:
-                      type: string
-                    repo:
-                      type: string
-                    scm_id:
-                      type: string
-                  type: object
-                multibranch_job_trigger:
-                  properties:
-                    create_action_job_to_trigger:
-                      type: string
-                    delete_action_job_to_trigger:
-                      type: string
-                  type: object
-                name:
-                  type: string
-                script_path:
-                  type: string
-                single_svn_source:
-                  properties:
-                    credential_id:
-                      type: string
-                    remote:
-                      type: string
-                    scm_id:
-                      type: string
-                  type: object
-                source_type:
-                  type: string
-                svn_source:
-                  properties:
-                    credential_id:
-                      type: string
-                    excludes:
-                      type: string
-                    includes:
-                      type: string
-                    remote:
-                      type: string
-                    scm_id:
-                      type: string
-                  type: object
-                timer_trigger:
-                  properties:
-                    cron:
-                      description: user in no scm job
-                      type: string
-                    interval:
-                      description: use in multi-branch job
-                      type: string
-                  type: object
-              required:
-              - name
-              - script_path
-              - source_type
-              type: object
-            pipeline:
-              properties:
-                descriptio:
-                  type: string
-                disable_concurrent:
-                  type: boolean
-                discarder:
-                  properties:
-                    days_to_keep:
-                      type: string
-                    num_to_keep:
-                      type: string
-                  type: object
-                jenkinsfile:
-                  type: string
-                name:
-                  type: string
-                parameters:
-                  items:
-                    properties:
-                      default_value:
-                        type: string
-                      description:
-                        type: string
-                      name:
-                        type: string
-                      type:
-                        type: string
-                    required:
-                    - name
-                    - type
-                    type: object
-                  type: array
-                remote_trigger:
-                  properties:
-                    token:
-                      type: string
-                  type: object
-                timer_trigger:
-                  properties:
-                    cron:
-                      description: user in no scm job
-                      type: string
-                    interval:
-                      description: use in multi-branch job
-                      type: string
-                  type: object
-              required:
-              - name
-              type: object
-            type:
-              description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-                Important: Run "make" to regenerate code after modifying this file'
-              type: string
-          required:
-          - type
-          type: object
-        status:
-          description: PipelineStatus defines the observed state of Pipeline
-          type: object
-      type: object
-  version: v1alpha3
-  versions:
-  - name: v1alpha3
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/config/crd/bases/devops.kubesphere.io_s2ibinaries.yaml
+++ b/config/crd/bases/devops.kubesphere.io_s2ibinaries.yaml
@@ -1,86 +0,0 @@
-
---
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: s2ibinaries.devops.kubesphere.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.fileName
-    name: FileName
-    type: string
-  - JSONPath: .spec.md5
-    name: MD5
-    type: string
-  - JSONPath: .spec.size
-    name: Size
-    type: string
-  - JSONPath: .status.phase
-    name: Phase
-    type: string
-  group: devops.kubesphere.io
-  names:
-    kind: S2iBinary
-    listKind: S2iBinaryList
-    plural: s2ibinaries
-    singular: s2ibinary
-  scope: Namespaced
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      description: S2iBinary is the Schema for the s2ibinaries API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: S2iBinarySpec defines the desired state of S2iBinary
-          properties:
-            downloadURL:
-              description: DownloadURL in KubeSphere
-              type: string
-            fileName:
-              description: FileName is filename of binary
-              type: string
-            md5:
-              description: MD5 is Binary's MD5 Hash
-              type: string
-            size:
-              description: Size is the file size of file
-              type: string
-            uploadTimeStamp:
-              description: UploadTime is last upload time
-              format: date-time
-              type: string
-          type: object
-        status:
-          description: S2iBinaryStatus defines the observed state of S2iBinary
-          properties:
-            phase:
-              description: Phase is status of S2iBinary . Possible value is "Ready","UnableToDownload"
-              type: string
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/config/crd/bases/devops.kubesphere.io_s2ibuilders.yaml
+++ b/config/crd/bases/devops.kubesphere.io_s2ibuilders.yaml
@@ -1,578 +0,0 @@
-
---
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: s2ibuilders.devops.kubesphere.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.runCount
-    name: RunCount
-    type: integer
-  - JSONPath: .status.lastRunState
-    name: LastRunState
-    type: string
-  - JSONPath: .status.lastRunName
-    name: LastRunName
-    type: string
-  - JSONPath: .status.lastRunStartTime
-    name: LastRunStartTime
-    type: date
-  group: devops.kubesphere.io
-  names:
-    kind: S2iBuilder
-    listKind: S2iBuilderList
-    plural: s2ibuilders
-    shortNames:
-    - s2ib
-    singular: s2ibuilder
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: S2iBuilder is the Schema for the s2ibuilders API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: S2iBuilderSpec defines the desired state of S2iBuilder
-          properties:
-            config:
-              description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-                Important: Run "make" to regenerate code after modifying this file'
-              properties:
-                addHost:
-                  description: AddHost Add a line to /etc/hosts for test purpose or
-                    private use in LAN. Its format is host:IP,muliple hosts can be
-                    added  by using multiple --add-host
-                  items:
-                    type: string
-                  type: array
-                asDockerfile:
-                  description: AsDockerfile indicates the path where the Dockerfile
-                    should be written instead of building a new image.
-                  type: string
-                assembleUser:
-                  description: AssembleUser specifies the user to run the assemble
-                    script in container
-                  type: string
-                blockOnBuild:
-                  description: BlockOnBuild prevents s2i from performing a docker
-                    build operation if one is necessary to execute ONBUILD commands,
-                    or to layer source code into the container for images that don't
-                    have a tar binary available, if the image contains ONBUILD commands
-                    that would be executed.
-                  type: boolean
-                branchExpression:
-                  description: Regular expressions, ignoring names that do not match
-                    the provided regular expression
-                  type: string
-                buildVolumes:
-                  description: BuildVolumes specifies a list of volumes to mount to
-                    container running the build.
-                  items:
-                    type: string
-                  type: array
-                builderBaseImageVersion:
-                  description: BuilderBaseImageVersion provides optional version information
-                    about the builder base image.
-                  type: string
-                builderImage:
-                  description: BuilderImage describes which image is used for building
-                    the result images.
-                  type: string
-                builderImageVersion:
-                  description: BuilderImageVersion provides optional version information
-                    about the builder image.
-                  type: string
-                builderPullPolicy:
-                  description: BuilderPullPolicy specifies when to pull the builder
-                    image
-                  type: string
-                callbackUrl:
-                  description: CallbackURL is a URL which is called upon successful
-                    build to inform about that fact.
-                  type: string
-                cgroupLimits:
-                  description: CGroupLimits describes the cgroups limits that will
-                    be applied to any containers run by s2i.
-                  properties:
-                    cpuPeriod:
-                      format: int64
-                      type: integer
-                    cpuQuota:
-                      format: int64
-                      type: integer
-                    cpuShares:
-                      format: int64
-                      type: integer
-                    memoryLimitBytes:
-                      format: int64
-                      type: integer
-                    memorySwap:
-                      format: int64
-                      type: integer
-                    parent:
-                      type: string
-                  required:
-                  - cpuPeriod
-                  - cpuQuota
-                  - cpuShares
-                  - memoryLimitBytes
-                  - memorySwap
-                  - parent
-                  type: object
-                contextDir:
-                  description: Specify a relative directory inside the application
-                    repository that should be used as a root directory for the application.
-                  type: string
-                description:
-                  description: Description is a result image description label. The
-                    default is no description.
-                  type: string
-                destination:
-                  description: Destination specifies a location where the untar operation
-                    will place its artifacts.
-                  type: string
-                displayName:
-                  description: DisplayName is a result image display-name label. This
-                    defaults to the output image name.
-                  type: string
-                dockerConfig:
-                  description: DockerConfig describes how to access host docker daemon.
-                  properties:
-                    caFile:
-                      description: CAFile is the certificate authority file path for
-                        a TLS connection
-                      type: string
-                    certFile:
-                      description: CertFile is the certificate file path for a TLS
-                        connection
-                      type: string
-                    endPoint:
-                      description: Endpoint is the docker network endpoint or socket
-                      type: string
-                    keyFile:
-                      description: KeyFile is the key file path for a TLS connection
-                      type: string
-                    tlsVerify:
-                      description: TLSVerify indicates if TLS peer must be verified
-                      type: boolean
-                    useTLS:
-                      description: UseTLS indicates if TLS must be used
-                      type: boolean
-                  required:
-                  - caFile
-                  - certFile
-                  - endPoint
-                  - keyFile
-                  - tlsVerify
-                  - useTLS
-                  type: object
-                dockerNetworkMode:
-                  description: DockerNetworkMode is used to set the docker network
-                    setting to --net=container:<id> when the builder is invoked from
-                    a container.
-                  type: string
-                dropCapabilities:
-                  description: DropCapabilities contains a list of capabilities to
-                    drop when executing containers
-                  items:
-                    type: string
-                  type: array
-                environment:
-                  description: Environment is a map of environment variables to be
-                    passed to the image.
-                  items:
-                    description: EnvironmentSpec specifies a single environment variable.
-                    properties:
-                      name:
-                        type: string
-                      value:
-                        type: string
-                    required:
-                    - name
-                    - value
-                    type: object
-                  type: array
-                excludeRegExp:
-                  description: ExcludeRegExp contains a string representation of the
-                    regular expression desired for deciding which files to exclude
-                    from the tar stream
-                  type: string
-                export:
-                  description: Export Push the result image to specify image registry
-                    in tag
-                  type: boolean
-                gitSecretRef:
-                  description: GitSecretRef is the BasicAuth Secret of Git Clone
-                  properties:
-                    name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                        TODO: Add other useful fields. apiVersion, kind, uid?'
-                      type: string
-                  type: object
-                hasOnBuild:
-                  description: HasOnBuild will be set to true if the builder image
-                    contains ONBUILD instructions
-                  type: boolean
-                imageName:
-                  description: ImageName Contains the registry address and reponame,
-                    tag should set by field tag alone
-                  type: string
-                imageScriptsUrl:
-                  description: ImageScriptsURL is the default location to find the
-                    assemble/run scripts for a builder image. This url can be a reference
-                    within the builder image if the scheme is specified as image://
-                  type: string
-                imageWorkDir:
-                  description: ImageWorkDir is the default working directory for the
-                    builder image.
-                  type: string
-                incremental:
-                  description: Incremental describes whether to try to perform incremental
-                    build.
-                  type: boolean
-                incrementalAuthentication:
-                  description: IncrementalAuthentication holds the authentication
-                    information for pulling the previous image from private repositories
-                  properties:
-                    email:
-                      type: string
-                    password:
-                      type: string
-                    secretRef:
-                      description: LocalObjectReference contains enough information
-                        to let you locate the referenced object inside the same namespace.
-                      properties:
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            TODO: Add other useful fields. apiVersion, kind, uid?'
-                          type: string
-                      type: object
-                    serverAddress:
-                      type: string
-                    username:
-                      type: string
-                  type: object
-                incrementalFromTag:
-                  description: IncrementalFromTag sets an alternative image tag to
-                    look for existing artifacts. Tag is used by default if this is
-                    not set.
-                  type: string
-                injections:
-                  description: Injections specifies a list source/destination folders
-                    that are injected to the container that runs assemble. All files
-                    we inject will be truncated after the assemble script finishes.
-                  items:
-                    description: VolumeSpec represents a single volume mount point.
-                    properties:
-                      destination:
-                        description: Destination is the path to mount the volume to
-                          - absolute or relative.
-                        type: string
-                      keep:
-                        description: Keep indicates if the mounted data should be
-                          kept in the final image.
-                        type: boolean
-                      source:
-                        description: Source is a reference to the volume source.
-                        type: string
-                    type: object
-                  type: array
-                isBinaryURL:
-                  description: IsBinaryURL explain the type of SourceURL. If it is
-                    IsBinaryURL, it will download the file directly without using
-                    git.
-                  type: boolean
-                keepSymlinks:
-                  description: KeepSymlinks indicates to copy symlinks as symlinks.
-                    Default behavior is to follow symlinks and copy files by content.
-                  type: boolean
-                labelNamespace:
-                  description: LabelNamespace provides the namespace under which the
-                    labels will be generated.
-                  type: string
-                labels:
-                  additionalProperties:
-                    type: string
-                  description: Labels specify labels and their values to be applied
-                    to the resulting image. Label keys must have non-zero length.
-                    The labels defined here override generated labels in case they
-                    have the same name.
-                  type: object
-                layeredBuild:
-                  description: LayeredBuild describes if this is build which layered
-                    scripts and sources on top of BuilderImage.
-                  type: boolean
-                nodeAffinityKey:
-                  description: The key of Node Affinity.
-                  type: string
-                nodeAffinityValues:
-                  description: The values of Node Affinity.
-                  items:
-                    type: string
-                  type: array
-                outputBuildResult:
-                  description: Whether output build result to status.
-                  type: boolean
-                outputImageName:
-                  description: OutputImageName is a result image name without tag,
-                    default is latest. tag will append to ImageName in the end
-                  type: string
-                preserveWorkingDir:
-                  description: PreserveWorkingDir describes if working directory should
-                    be left after processing.
-                  type: boolean
-                previousImagePullPolicy:
-                  description: PreviousImagePullPolicy specifies when to pull the
-                    previously build image when doing incremental build
-                  type: string
-                pullAuthentication:
-                  description: PullAuthentication holds the authentication information
-                    for pulling the Docker images from private repositories
-                  properties:
-                    email:
-                      type: string
-                    password:
-                      type: string
-                    secretRef:
-                      description: LocalObjectReference contains enough information
-                        to let you locate the referenced object inside the same namespace.
-                      properties:
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            TODO: Add other useful fields. apiVersion, kind, uid?'
-                          type: string
-                      type: object
-                    serverAddress:
-                      type: string
-                    username:
-                      type: string
-                  type: object
-                pushAuthentication:
-                  description: PullAuthentication holds the authentication information
-                    for pulling the Docker images from private repositories
-                  properties:
-                    email:
-                      type: string
-                    password:
-                      type: string
-                    secretRef:
-                      description: LocalObjectReference contains enough information
-                        to let you locate the referenced object inside the same namespace.
-                      properties:
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            TODO: Add other useful fields. apiVersion, kind, uid?'
-                          type: string
-                      type: object
-                    serverAddress:
-                      type: string
-                    username:
-                      type: string
-                  type: object
-                removePreviousImage:
-                  description: RemovePreviousImage describes if previous image should
-                    be removed after successful build. This applies only to incremental
-                    builds.
-                  type: boolean
-                revisionId:
-                  description: The RevisionId is a branch name or a SHA-1 hash of
-                    every important thing about the commit
-                  type: string
-                runImage:
-                  description: RunImage will trigger a "docker run ..." invocation
-                    of the produced image so the user can see if it operates as he
-                    would expect
-                  type: boolean
-                runtimeArtifacts:
-                  description: RuntimeArtifacts specifies a list of source/destination
-                    pairs that will be copied from builder to a runtime image. Source
-                    can be a file or directory. Destination must be a directory. Regardless
-                    whether it is an absolute or relative path, it will be placed
-                    into image's WORKDIR. Destination also can be empty or equals
-                    to ".", in this case it just refers to a root of WORKDIR. In case
-                    it's empty, S2I will try to get this list from io.openshift.s2i.assemble-input-files
-                    label on a RuntimeImage.
-                  items:
-                    description: VolumeSpec represents a single volume mount point.
-                    properties:
-                      destination:
-                        description: Destination is the path to mount the volume to
-                          - absolute or relative.
-                        type: string
-                      keep:
-                        description: Keep indicates if the mounted data should be
-                          kept in the final image.
-                        type: boolean
-                      source:
-                        description: Source is a reference to the volume source.
-                        type: string
-                    type: object
-                  type: array
-                runtimeAuthentication:
-                  description: RuntimeAuthentication holds the authentication information
-                    for pulling the runtime Docker images from private repositories.
-                  properties:
-                    email:
-                      type: string
-                    password:
-                      type: string
-                    secretRef:
-                      description: LocalObjectReference contains enough information
-                        to let you locate the referenced object inside the same namespace.
-                      properties:
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                            TODO: Add other useful fields. apiVersion, kind, uid?'
-                          type: string
-                      type: object
-                    serverAddress:
-                      type: string
-                    username:
-                      type: string
-                  type: object
-                runtimeImage:
-                  description: RuntimeImage specifies the image that will be a base
-                    for resulting image and will be used for running an application.
-                    By default, BuilderImage is used for building and running, but
-                    the latter may be overridden.
-                  type: string
-                runtimeImagePullPolicy:
-                  description: RuntimeImagePullPolicy specifies when to pull a runtime
-                    image.
-                  type: string
-                scriptDownloadProxyConfig:
-                  description: ScriptDownloadProxyConfig optionally specifies the
-                    http and https proxy to use when downloading scripts
-                  properties:
-                    httpProxy:
-                      type: string
-                    httpsProxy:
-                      type: string
-                  type: object
-                scriptsUrl:
-                  description: ScriptsURL is a URL describing where to fetch the S2I
-                    scripts from during build process. This url can be a reference
-                    within the builder image if the scheme is specified as image://
-                  type: string
-                secretCode:
-                  description: SecretCode
-                  type: string
-                securityOpt:
-                  description: SecurityOpt are passed as options to the docker containers
-                    launched by s2i.
-                  items:
-                    type: string
-                  type: array
-                sourceUrl:
-                  description: SourceURL is  url of the codes such as https://github.com/a/b.git
-                  type: string
-                tag:
-                  description: Tag is a result image tag name.
-                  type: string
-                taintKey:
-                  description: The name of taint.
-                  type: string
-                usage:
-                  description: Usage allows for properly shortcircuiting s2i logic
-                    when `s2i usage` is invoked
-                  type: boolean
-                workingDir:
-                  description: WorkingDir describes temporary directory used for downloading
-                    sources, scripts and tar operations.
-                  type: string
-                workingSourceDir:
-                  description: WorkingSourceDir describes the subdirectory off of
-                    WorkingDir set up during the repo download that is later used
-                    as the root for ignore processing
-                  type: string
-              required:
-              - imageName
-              - sourceUrl
-              type: object
-            fromTemplate:
-              description: FromTemplate define some inputs from user
-              properties:
-                builderImage:
-                  description: BaseImage specify which version of this template to
-                    use
-                  type: string
-                name:
-                  description: Name specify a template to use, so many fields in Config
-                    can left empty
-                  type: string
-                parameters:
-                  description: Parameters must use with `template`, fill some parameters
-                    which template will use
-                  items:
-                    properties:
-                      defaultValue:
-                        type: string
-                      description:
-                        type: string
-                      key:
-                        type: string
-                      optValues:
-                        items:
-                          type: string
-                        type: array
-                      required:
-                        type: boolean
-                      type:
-                        type: string
-                      value:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object
-        status:
-          description: S2iBuilderStatus defines the observed state of S2iBuilder
-          properties:
-            lastRunName:
-              description: LastRunState return the name of the newest run of this
-                builder
-              type: string
-            lastRunStartTime:
-              description: LastRunStartTime return the startTime of the newest run
-                of this builder
-              format: date-time
-              type: string
-            lastRunState:
-              description: LastRunState return the state of the newest run of this
-                builder
-              type: string
-            runCount:
-              description: RunCount represent the sum of s2irun of this builder
-              type: integer
-          required:
-          - runCount
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/config/crd/bases/devops.kubesphere.io_s2ibuildertemplates.yaml
+++ b/config/crd/bases/devops.kubesphere.io_s2ibuildertemplates.yaml
@@ -1,141 +0,0 @@
-
---
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: s2ibuildertemplates.devops.kubesphere.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.codeFramework
-    name: Framework
-    type: string
-  - JSONPath: .spec.defaultBaseImage
-    name: DefaultBaseImage
-    type: string
-  - JSONPath: .spec.version
-    name: Version
-    type: string
-  group: devops.kubesphere.io
-  names:
-    categories:
-    - devops
-    kind: S2iBuilderTemplate
-    listKind: S2iBuilderTemplateList
-    plural: s2ibuildertemplates
-    shortNames:
-    - s2ibt
-    singular: s2ibuildertemplate
-  scope: Cluster
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      description: S2iBuilderTemplate is the Schema for the s2ibuildertemplates API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: S2iBuilderTemplateSpec defines the desired state of S2iBuilderTemplate
-          properties:
-            codeFramework:
-              description: CodeFramework means which language this template is designed
-                for and which framework is using if has framework. Like Java, NodeJS
-                etc
-              type: string
-            containerInfo:
-              description: Images are the images this template will use.
-              items:
-                properties:
-                  buildVolumes:
-                    description: BuildVolumes specifies a list of volumes to mount
-                      to container running the build.
-                    items:
-                      type: string
-                    type: array
-                  builderImage:
-                    description: BaseImage are the images this template will use.
-                    type: string
-                  runtimeArtifacts:
-                    items:
-                      description: VolumeSpec represents a single volume mount point.
-                      properties:
-                        destination:
-                          description: Destination is the path to mount the volume
-                            to - absolute or relative.
-                          type: string
-                        keep:
-                          description: Keep indicates if the mounted data should be
-                            kept in the final image.
-                          type: boolean
-                        source:
-                          description: Source is a reference to the volume source.
-                          type: string
-                      type: object
-                    type: array
-                  runtimeImage:
-                    type: string
-                type: object
-              type: array
-            defaultBaseImage:
-              description: DefaultBaseImage is the image that will be used by default
-              type: string
-            description:
-              description: Description illustrate the purpose of this template
-              type: string
-            environment:
-              description: Parameters is a set of environment variables to be passed
-                to the image.
-              items:
-                properties:
-                  defaultValue:
-                    type: string
-                  description:
-                    type: string
-                  key:
-                    type: string
-                  optValues:
-                    items:
-                      type: string
-                    type: array
-                  required:
-                    type: boolean
-                  type:
-                    type: string
-                  value:
-                    type: string
-                type: object
-              type: array
-            iconPath:
-              description: IconPath is used for frontend display
-              type: string
-            version:
-              description: Version of template
-              type: string
-          type: object
-        status:
-          description: S2iBuilderTemplateStatus defines the observed state of S2iBuilderTemplate
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/config/crd/bases/devops.kubesphere.io_s2iruns.yaml
+++ b/config/crd/bases/devops.kubesphere.io_s2iruns.yaml
@@ -1,181 +0,0 @@
-
---
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: (devel)
-  creationTimestamp: null
-  name: s2iruns.devops.kubesphere.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.runState
-    name: State
-    type: string
-  - JSONPath: .status.kubernetesJobName
-    name: K8sJobName
-    type: string
-  - JSONPath: .status.startTime
-    name: StartTime
-    type: date
-  - JSONPath: .status.completionTime
-    name: CompletionTime
-    type: date
-  - JSONPath: .status.s2iBuildResult.imageName
-    name: ImageName
-    type: string
-  group: devops.kubesphere.io
-  names:
-    kind: S2iRun
-    listKind: S2iRunList
-    plural: s2iruns
-    shortNames:
-    - s2ir
-    singular: s2irun
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: S2iRun is the Schema for the s2iruns API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: S2iRunSpec defines the desired state of S2iRun
-          properties:
-            backoffLimit:
-              description: BackoffLimit limits the restart count of each s2irun. Default
-                is 0
-              format: int32
-              type: integer
-            builderName:
-              description: BuilderName specify the name of s2ibuilder, required
-              type: string
-            newRevisionId:
-              description: NewRevisionId override the default NewRevisionId in its
-                s2ibuilder.
-              type: string
-            newSourceURL:
-              description: NewSourceURL is used to download new binary artifacts
-              type: string
-            newTag:
-              description: NewTag override the default tag in its s2ibuilder, image
-                name cannot be changed.
-              type: string
-            secondsAfterFinished:
-              description: SecondsAfterFinished if is set and greater than zero, and
-                the job created by s2irun become successful or failed , the job will
-                be auto deleted after SecondsAfterFinished
-              format: int32
-              type: integer
-          required:
-          - builderName
-          type: object
-        status:
-          description: S2iRunStatus defines the observed state of S2iRun
-          properties:
-            completionTime:
-              description: Represents time when the job was completed. It is not guaranteed
-                to be set in happens-before order across separate operations. It is
-                represented in RFC3339 form and is in UTC.
-              format: date-time
-              type: string
-            kubernetesJobName:
-              description: KubernetesJobName is the job name in k8s
-              type: string
-            logURL:
-              description: LogURL is uesd for external log handler to let user know
-                where is log located in
-              type: string
-            runState:
-              description: RunState  indicates whether this job is done or failed
-              type: string
-            s2iBuildResult:
-              description: S2i build result info.
-              properties:
-                commandPull:
-                  description: Command for pull image.
-                  type: string
-                imageCreated:
-                  description: Image created time.
-                  type: string
-                imageID:
-                  description: Image ID.
-                  type: string
-                imageName:
-                  description: ImageName is the name of artifact
-                  type: string
-                imageRepoTags:
-                  description: image tags.
-                  items:
-                    type: string
-                  type: array
-                imageSize:
-                  description: The size in bytes of the image
-                  format: int64
-                  type: integer
-              type: object
-            s2iBuildSource:
-              description: S2i build source info.
-              properties:
-                binaryName:
-                  description: Binary file Name
-                  type: string
-                binarySize:
-                  description: Binary file Size
-                  format: int64
-                  type: integer
-                builderImage:
-                  description: // BuilderImage describes which image is used for building
-                    the result images.
-                  type: string
-                commitID:
-                  description: CommitID represents an arbitrary extended object reference
-                    in Git as SHA-1
-                  type: string
-                committerEmail:
-                  description: CommitterEmail contains the e-mail of the committer
-                  type: string
-                committerName:
-                  description: CommitterName contains the name of the committer
-                  type: string
-                description:
-                  description: Description is a result image description label. The
-                    default is no description.
-                  type: string
-                revisionId:
-                  description: The RevisionId is a branch name or a SHA-1 hash of
-                    every important thing about the commit
-                  type: string
-                sourceUrl:
-                  description: SourceURL is  url of the codes such as https://github.com/a/b.git
-                  type: string
-              type: object
-            startTime:
-              description: StartTime represent when this run began
-              format: date-time
-              type: string
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/config/crd/bases/servicemesh.kubesphere.io_servicepolicies.yaml
+++ b/config/crd/bases/servicemesh.kubesphere.io_servicepolicies.yaml
--- a/config/crd/bases/servicemesh.kubesphere.io_strategies.yaml
+++ b/config/crd/bases/servicemesh.kubesphere.io_strategies.yaml
--- a/config/crds/app_v1beta1_application.yaml
+++ b/config/crds/app_v1beta1_application.yaml
@@ -1,236 +1,529 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+# Copyright 2020 The Kubernetes Authors.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    api-approved.kubernetes.io: https://github.com/kubernetes-sigs/application/pull/2
+    controller-gen.kubebuilder.io/version: v0.4.0
  creationTimestamp: null
-  labels:
-    controller-tools.k8s.io: "1.0"
  name: applications.app.k8s.io
 spec:
  group: app.k8s.io
  names:
+    categories:
+    - all
    kind: Application
+    listKind: ApplicationList
    plural: applications
+    shortNames:
+    - app
+    singular: application
  scope: Namespaced
-  validation:
-    openAPIV3Schema:
-      properties:
-        apiVersion:
-          type: string
-        kind:
-          type: string
-        metadata:
-          type: object
-        spec:
-          properties:
-            assemblyPhase:
-              type: string
-            componentKinds:
-              items:
-                type: object
-              type: array
-            descriptor:
-              properties:
-                description:
-                  type: string
-                icons:
-                  items:
-                    properties:
-                      size:
-                        type: string
-                      src:
-                        type: string
-                      type:
-                        type: string
-                    required:
-                    - src
-                    type: object
-                  type: array
-                keywords:
-                  items:
-                    type: string
-                  type: array
-                links:
-                  items:
-                    properties:
-                      description:
-                        type: string
-                      url:
-                        type: string
-                    type: object
-                  type: array
-                maintainers:
-                  items:
-                    properties:
-                      email:
-                        type: string
-                      name:
-                        type: string
-                      url:
-                        type: string
-                    type: object
-                  type: array
-                notes:
-                  type: string
-                owners:
-                  items:
-                    properties:
-                      email:
-                        type: string
-                      name:
-                        type: string
-                      url:
-                        type: string
-                    type: object
-                  type: array
-                type:
-                  type: string
-                version:
-                  type: string
-              type: object
-            info:
-              items:
+  versions:
+  - additionalPrinterColumns:
+    - description: The type of the application
+      jsonPath: .spec.descriptor.type
+      name: Type
+      type: string
+    - description: The creation date
+      jsonPath: .spec.descriptor.version
+      name: Version
+      type: string
+    - description: The application object owns the matched resources
+      jsonPath: .spec.addOwnerRef
+      name: Owner
+      type: boolean
+    - description: Numbers of components ready
+      jsonPath: .status.componentsReady
+      name: Ready
+      type: string
+    - description: The creation date
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Application is the Schema for the applications API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ApplicationSpec defines the specification for an Application.
+            properties:
+              addOwnerRef:
+                description: AddOwnerRef objects - flag to indicate if we need to
+                  add OwnerRefs to matching objects Matching is done by using Selector
+                  to query all ComponentGroupKinds
+                type: boolean
+              assemblyPhase:
+                description: AssemblyPhase represents the current phase of the application's
+                  assembly. An empty value is equivalent to "Succeeded".
+                type: string
+              componentKinds:
+                description: ComponentGroupKinds is a list of Kinds for Application's
+                  components (e.g. Deployments, Pods, Services, CRDs). It can be used
+                  in conjunction with the Application's Selector to list or watch
+                  the Applications components.
+                items:
+                  description: GroupKind specifies a Group and a Kind, but does not
+                    force a version.  This is useful for identifying concepts during
+                    lookup stages without having partially valid types
+                  properties:
+                    group:
+                      type: string
+                    kind:
+                      type: string
+                  required:
+                  - group
+                  - kind
+                  type: object
+                type: array
+              descriptor:
+                description: Descriptor regroups information and metadata about an
+                  application.
                properties:
-                  name:
+                  description:
+                    description: Description is a brief string description of the
+                      Application.
                    type: string
+                  icons:
+                    description: Icons is an optional list of icons for an application.
+                      Icon information includes the source, size, and mime type.
+                    items:
+                      description: ImageSpec contains information about an image used
+                        as an icon.
+                      properties:
+                        size:
+                          description: (optional) The size of the image in pixels
+                            (e.g., 25x25).
+                          type: string
+                        src:
+                          description: The source for image represented as either
+                            an absolute URL to the image or a Data URL containing
+                            the image. Data URLs are defined in RFC 2397.
+                          type: string
+                        type:
+                          description: (optional) The mine type of the image (e.g.,
+                            "image/png").
+                          type: string
+                      required:
+                      - src
+                      type: object
+                    type: array
+                  keywords:
+                    description: Keywords is an optional list of key words associated
+                      with the application (e.g. MySQL, RDBMS, database).
+                    items:
+                      type: string
+                    type: array
+                  links:
+                    description: Links are a list of descriptive URLs intended to
+                      be used to surface additional documentation, dashboards, etc.
+                    items:
+                      description: Link contains information about an URL to surface
+                        documentation, dashboards, etc.
+                      properties:
+                        description:
+                          description: Description is human readable content explaining
+                            the purpose of the link.
+                          type: string
+                        url:
+                          description: Url typically points at a website address.
+                          type: string
+                      type: object
+                    type: array
+                  maintainers:
+                    description: Maintainers is an optional list of maintainers of
+                      the application. The maintainers in this list maintain the the
+                      source code, images, and package for the application.
+                    items:
+                      description: ContactData contains information about an individual
+                        or organization.
+                      properties:
+                        email:
+                          description: Email is the email address.
+                          type: string
+                        name:
+                          description: Name is the descriptive name.
+                          type: string
+                        url:
+                          description: Url could typically be a website address.
+                          type: string
+                      type: object
+                    type: array
+                  notes:
+                    description: Notes contain a human readable snippets intended
+                      as a quick start for the users of the Application. CommonMark
+                      markdown syntax may be used for rich text representation.
+                    type: string
+                  owners:
+                    description: Owners is an optional list of the owners of the installed
+                      application. The owners of the application should be contacted
+                      in the event of a planned or unplanned disruption affecting
+                      the application.
+                    items:
+                      description: ContactData contains information about an individual
+                        or organization.
+                      properties:
+                        email:
+                          description: Email is the email address.
+                          type: string
+                        name:
+                          description: Name is the descriptive name.
+                          type: string
+                        url:
+                          description: Url could typically be a website address.
+                          type: string
+                      type: object
+                    type: array
                  type:
+                    description: Type is the type of the application (e.g. WordPress,
+                      MySQL, Cassandra).
                    type: string
-                  value:
+                  version:
+                    description: Version is an optional version indicator for the
+                      Application.
                    type: string
-                  valueFrom:
-                    properties:
-                      configMapKeyRef:
-                        properties:
-                          apiVersion:
+                type: object
+              info:
+                description: Info contains human readable key,value pairs for the
+                  Application.
+                items:
+                  description: InfoItem is a human readable key,value pair containing
+                    important information about how to access the Application.
+                  properties:
+                    name:
+                      description: Name is a human readable title for this piece of
+                        information.
+                      type: string
+                    type:
+                      description: Type of the value for this InfoItem.
+                      type: string
+                    value:
+                      description: Value is human readable content.
+                      type: string
+                    valueFrom:
+                      description: ValueFrom defines a reference to derive the value
+                        from another source.
+                      properties:
+                        configMapKeyRef:
+                          description: Selects a key of a ConfigMap.
+                          properties:
+                            apiVersion:
+                              description: API version of the referent.
+                              type: string
+                            fieldPath:
+                              description: 'If referring to a piece of an object instead
+                                of an entire object, this string should contain a
+                                valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                                For example, if the object reference is to a container
+                                within a pod, this would take on a value like: "spec.containers{name}"
+                                (where "name" refers to the name of the container
+                                that triggered the event) or if no container name
+                                is specified "spec.containers[2]" (container with
+                                index 2 in this pod). This syntax is chosen only to
+                                have some well-defined way of referencing a part of
+                                an object. TODO: this design is not final and this
+                                field is subject to change in the future.'
+                              type: string
+                            key:
+                              description: The key to select.
+                              type: string
+                            kind:
+                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                              type: string
+                            name:
+                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                              type: string
+                            namespace:
+                              description: 'Namespace of the referent. More info:
+                                https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                              type: string
+                            resourceVersion:
+                              description: 'Specific resourceVersion to which this
+                                reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                              type: string
+                            uid:
+                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                              type: string
+                          type: object
+                        ingressRef:
+                          description: Select an Ingress.
+                          properties:
+                            apiVersion:
+                              description: API version of the referent.
+                              type: string
+                            fieldPath:
+                              description: 'If referring to a piece of an object instead
+                                of an entire object, this string should contain a
+                                valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                                For example, if the object reference is to a container
+                                within a pod, this would take on a value like: "spec.containers{name}"
+                                (where "name" refers to the name of the container
+                                that triggered the event) or if no container name
+                                is specified "spec.containers[2]" (container with
+                                index 2 in this pod). This syntax is chosen only to
+                                have some well-defined way of referencing a part of
+                                an object. TODO: this design is not final and this
+                                field is subject to change in the future.'
+                              type: string
+                            host:
+                              description: The optional host to select.
+                              type: string
+                            kind:
+                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                              type: string
+                            name:
+                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                              type: string
+                            namespace:
+                              description: 'Namespace of the referent. More info:
+                                https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                              type: string
+                            path:
+                              description: The optional HTTP path.
+                              type: string
+                            protocol:
+                              description: Protocol for the ingress
+                              type: string
+                            resourceVersion:
+                              description: 'Specific resourceVersion to which this
+                                reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                              type: string
+                            uid:
+                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                              type: string
+                          type: object
+                        secretKeyRef:
+                          description: Selects a key of a Secret.
+                          properties:
+                            apiVersion:
+                              description: API version of the referent.
+                              type: string
+                            fieldPath:
+                              description: 'If referring to a piece of an object instead
+                                of an entire object, this string should contain a
+                                valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                                For example, if the object reference is to a container
+                                within a pod, this would take on a value like: "spec.containers{name}"
+                                (where "name" refers to the name of the container
+                                that triggered the event) or if no container name
+                                is specified "spec.containers[2]" (container with
+                                index 2 in this pod). This syntax is chosen only to
+                                have some well-defined way of referencing a part of
+                                an object. TODO: this design is not final and this
+                                field is subject to change in the future.'
+                              type: string
+                            key:
+                              description: The key to select.
+                              type: string
+                            kind:
+                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                              type: string
+                            name:
+                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                              type: string
+                            namespace:
+                              description: 'Namespace of the referent. More info:
+                                https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                              type: string
+                            resourceVersion:
+                              description: 'Specific resourceVersion to which this
+                                reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                              type: string
+                            uid:
+                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                              type: string
+                          type: object
+                        serviceRef:
+                          description: Select a Service.
+                          properties:
+                            apiVersion:
+                              description: API version of the referent.
+                              type: string
+                            fieldPath:
+                              description: 'If referring to a piece of an object instead
+                                of an entire object, this string should contain a
+                                valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                                For example, if the object reference is to a container
+                                within a pod, this would take on a value like: "spec.containers{name}"
+                                (where "name" refers to the name of the container
+                                that triggered the event) or if no container name
+                                is specified "spec.containers[2]" (container with
+                                index 2 in this pod). This syntax is chosen only to
+                                have some well-defined way of referencing a part of
+                                an object. TODO: this design is not final and this
+                                field is subject to change in the future.'
+                              type: string
+                            kind:
+                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                              type: string
+                            name:
+                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                              type: string
+                            namespace:
+                              description: 'Namespace of the referent. More info:
+                                https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                              type: string
+                            path:
+                              description: The optional HTTP path.
+                              type: string
+                            port:
+                              description: The optional port to select.
+                              format: int32
+                              type: integer
+                            protocol:
+                              description: Protocol for the service
+                              type: string
+                            resourceVersion:
+                              description: 'Specific resourceVersion to which this
+                                reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                              type: string
+                            uid:
+                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                              type: string
+                          type: object
+                        type:
+                          description: Type of source.
+                          type: string
+                      type: object
+                  type: object
+                type: array
+              selector:
+                description: 'Selector is a label query over kinds that created by
+                  the application. It must match the component objects'' labels. More
+                  info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
                            type: string
-                          fieldPath:
-                            type: string
-                          key:
-                            type: string
-                          kind:
-                            type: string
-                          name:
-                            type: string
-                          namespace:
-                            type: string
-                          resourceVersion:
-                            type: string
-                          uid:
-                            type: string
-                        type: object
-                      ingressRef:
-                        properties:
-                          apiVersion:
-                            type: string
-                          fieldPath:
-                            type: string
-                          host:
-                            type: string
-                          kind:
-                            type: string
-                          name:
-                            type: string
-                          namespace:
-                            type: string
-                          path:
-                            type: string
-                          resourceVersion:
-                            type: string
-                          uid:
-                            type: string
-                        type: object
-                      secretKeyRef:
-                        properties:
-                          apiVersion:
-                            type: string
-                          fieldPath:
-                            type: string
-                          key:
-                            type: string
-                          kind:
-                            type: string
-                          name:
-                            type: string
-                          namespace:
-                            type: string
-                          resourceVersion:
-                            type: string
-                          uid:
-                            type: string
-                        type: object
-                      serviceRef:
-                        properties:
-                          apiVersion:
-                            type: string
-                          fieldPath:
-                            type: string
-                          kind:
-                            type: string
-                          name:
-                            type: string
-                          namespace:
-                            type: string
-                          path:
-                            type: string
-                          port:
-                            format: int32
-                            type: integer
-                          resourceVersion:
-                            type: string
-                          uid:
-                            type: string
-                        type: object
-                      type:
-                        type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
                    type: object
                type: object
-              type: array
-            selector:
-              type: object
-          type: object
-        status:
-          properties:
-            components:
-              items:
-                properties:
-                  group:
-                    type: string
-                  kind:
-                    type: string
-                  link:
-                    type: string
-                  name:
-                    type: string
-                  status:
-                    type: string
-                type: object
-              type: array
-            conditions:
-              items:
-                properties:
-                  lastTransitionTime:
-                    format: date-time
-                    type: string
-                  lastUpdateTime:
-                    format: date-time
-                    type: string
-                  message:
-                    type: string
-                  reason:
-                    type: string
-                  status:
-                    type: string
-                  type:
-                    type: string
-                required:
-                - type
-                - status
-                type: object
-              type: array
-            observedGeneration:
-              format: int64
-              type: integer
-          type: object
-  version: v1beta1
+            type: object
+          status:
+            description: ApplicationStatus defines controller's the observed state
+              of Application
+            properties:
+              components:
+                description: Object status array for all matching objects
+                items:
+                  description: ObjectStatus is a generic status holder for objects
+                  properties:
+                    group:
+                      description: Object group
+                      type: string
+                    kind:
+                      description: Kind of object
+                      type: string
+                    link:
+                      description: Link to object
+                      type: string
+                    name:
+                      description: Name of object
+                      type: string
+                    status:
+                      description: 'Status. Values: InProgress, Ready, Unknown'
+                      type: string
+                  type: object
+                type: array
+              componentsReady:
+                description: 'ComponentsReady: status of the components in the format
+                  ready/total'
+                type: string
+              conditions:
+                description: Conditions represents the latest state of the object
+                items:
+                  description: Condition describes the state of an object at a certain
+                    point.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another.
+                      format: date-time
+                      type: string
+                    lastUpdateTime:
+                      description: Last time the condition was probed
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                description: ObservedGeneration is the most recent generation observed.
+                  It corresponds to the Object's generation, which is updated on mutation
+                  by the API Server.
+                format: int64
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/application.kubesphere.io_helmapplications.yaml
+++ b/config/crds/application.kubesphere.io_helmapplications.yaml
@@ -0,0 +1,101 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: helmapplications.application.kubesphere.io
+spec:
+  group: application.kubesphere.io
+  names:
+    kind: HelmApplication
+    listKind: HelmApplicationList
+    plural: helmapplications
+    shortNames:
+    - happ
+    singular: helmapplication
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.name
+      name: application name
+      type: string
+    - jsonPath: .metadata.labels.kubesphere\.io/workspace
+      name: workspace
+      type: string
+    - jsonPath: .status.state
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: HelmApplication is the Schema for the helmapplications API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HelmApplicationSpec defines the desired state of HelmApplication
+            properties:
+              abstraction:
+                description: info from frontend
+                type: string
+              appHome:
+                type: string
+              attachments:
+                description: attachments id
+                items:
+                  type: string
+                type: array
+              description:
+                description: description from chart's description or frontend
+                type: string
+              icon:
+                description: The attachment id of the icon
+                type: string
+              name:
+                description: the name of the helm application
+                type: string
+            required:
+            - name
+            type: object
+          status:
+            description: HelmApplicationStatus defines the observed state of HelmApplication
+            properties:
+              latestVersion:
+                description: If this application belong to appStore, latestVersion is the the latest version of the active application version. otherwise latestVersion is the latest version of all application version
+                type: string
+              state:
+                description: 'the state of the helm application: draft, submitted, passed, rejected, suspended, active'
+                type: string
+              statusTime:
+                format: date-time
+                type: string
+              updateTime:
+                format: date-time
+                type: string
+            required:
+            - statusTime
+            - updateTime
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/application.kubesphere.io_helmapplicationversions.yaml
+++ b/config/crds/application.kubesphere.io_helmapplicationversions.yaml
@@ -0,0 +1,205 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: helmapplicationversions.application.kubesphere.io
+spec:
+  group: application.kubesphere.io
+  names:
+    kind: HelmApplicationVersion
+    listKind: HelmApplicationVersionList
+    plural: helmapplicationversions
+    shortNames:
+    - happver
+    singular: helmapplicationversion
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.name
+      name: application name
+      type: string
+    - jsonPath: .status.state
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: HelmApplicationVersion is the Schema for the helmapplicationversions API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HelmApplicationVersionSpec defines the desired state of HelmApplicationVersion
+            properties:
+              annotations:
+                additionalProperties:
+                  type: string
+                description: Annotations are additional mappings uninterpreted by Helm, made available for inspection by other applications.
+                type: object
+              apiVersion:
+                description: The API Version of this chart.
+                type: string
+              appVersion:
+                description: The version of the application enclosed inside of this chart.
+                type: string
+              condition:
+                description: The condition to check to enable chart
+                type: string
+              created:
+                description: chart create time
+                format: date-time
+                type: string
+              data:
+                description: raw data of chart, it will !!!NOT!!! be save to etcd
+                format: byte
+                type: string
+              dataKey:
+                description: dataKey in the storage
+                type: string
+              dependencies:
+                description: Dependencies are a list of dependencies for a chart.
+                items:
+                  description: Dependency describes a chart upon which another chart depends. Dependencies can be used to express developer intent, or to capture the state of a chart.
+                  properties:
+                    alias:
+                      description: Alias usable alias to be used for the chart
+                      type: string
+                    condition:
+                      description: A yaml path that resolves to a boolean, used for enabling/disabling charts (e.g. subchart1.enabled )
+                      type: string
+                    enabled:
+                      description: Enabled bool determines if chart should be loaded
+                      type: boolean
+                    name:
+                      description: Name is the name of the dependency. This must mach the name in the dependency's Chart.yaml.
+                      type: string
+                    repository:
+                      description: The URL to the repository. Appending `index.yaml` to this string should result in a URL that can be used to fetch the repository index.
+                      type: string
+                    tags:
+                      description: Tags can be used to group charts for enabling/disabling together
+                      items:
+                        type: string
+                      type: array
+                    version:
+                      description: Version is the version (range) of this chart. A lock file will always produce a single version, while a dependency may contain a semantic version range.
+                      type: string
+                  required:
+                  - name
+                  - repository
+                  type: object
+                type: array
+              deprecated:
+                description: Whether or not this chart is deprecated
+                type: boolean
+              description:
+                description: A one-sentence description of the chart
+                type: string
+              digest:
+                description: chart digest
+                type: string
+              home:
+                description: The URL to a relevant project page, git repo, or contact person
+                type: string
+              icon:
+                description: The URL to an icon file.
+                type: string
+              keywords:
+                description: A list of string keywords
+                items:
+                  type: string
+                type: array
+              kubeVersion:
+                description: KubeVersion is a SemVer constraint specifying the version of Kubernetes required.
+                type: string
+              maintainers:
+                description: A list of name and URL/email address combinations for the maintainer(s)
+                items:
+                  description: Maintainer describes a Chart maintainer.
+                  properties:
+                    email:
+                      description: Email is an optional email address to contact the named maintainer
+                      type: string
+                    name:
+                      description: Name is a user name or organization name
+                      type: string
+                    url:
+                      description: URL is an optional URL to an address for the named maintainer
+                      type: string
+                  type: object
+                type: array
+              name:
+                description: The name of the chart
+                type: string
+              sources:
+                description: Source is the URL to the source code of this chart
+                items:
+                  type: string
+                type: array
+              tags:
+                description: The tags to check to enable chart
+                type: string
+              type:
+                description: 'Specifies the chart type: application or library'
+                type: string
+              urls:
+                description: chart url
+                items:
+                  type: string
+                type: array
+              version:
+                description: A SemVer 2 conformant version string of the chart
+                type: string
+            type: object
+          status:
+            description: HelmApplicationVersionStatus defines the observed state of HelmApplicationVersion
+            properties:
+              audit:
+                items:
+                  properties:
+                    message:
+                      description: audit message
+                      type: string
+                    operator:
+                      description: audit operator
+                      type: string
+                    operatorType:
+                      type: string
+                    state:
+                      description: 'audit state: submitted, passed, draft, active, rejected, suspended'
+                      type: string
+                    time:
+                      description: audit time
+                      format: date-time
+                      type: string
+                  required:
+                  - time
+                  type: object
+                type: array
+              state:
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/application.kubesphere.io_helmcategories.yaml
+++ b/config/crds/application.kubesphere.io_helmcategories.yaml
@@ -0,0 +1,76 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: helmcategories.application.kubesphere.io
+spec:
+  group: application.kubesphere.io
+  names:
+    kind: HelmCategory
+    listKind: HelmCategoryList
+    plural: helmcategories
+    shortNames:
+    - hctg
+    singular: helmcategory
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.name
+      name: name
+      type: string
+    - jsonPath: .status.total
+      name: total
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: HelmCategory is the Schema for the helmcategories API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HelmCategorySpec defines the desired state of HelmRepo
+            properties:
+              description:
+                description: info from frontend
+                type: string
+              locale:
+                type: string
+              name:
+                description: name of the category
+                type: string
+            required:
+            - name
+            type: object
+          status:
+            properties:
+              total:
+                description: total helmapplications belong to this category
+                type: integer
+            required:
+            - total
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/application.kubesphere.io_helmreleases.yaml
+++ b/config/crds/application.kubesphere.io_helmreleases.yaml
@@ -0,0 +1,145 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: helmreleases.application.kubesphere.io
+spec:
+  group: application.kubesphere.io
+  names:
+    kind: HelmRelease
+    listKind: HelmReleaseList
+    plural: helmreleases
+    shortNames:
+    - hrls
+    singular: helmrelease
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.name
+      name: Release Name
+      type: string
+    - jsonPath: .metadata.labels.kubesphere\.io/workspace
+      name: Workspace
+      type: string
+    - jsonPath: .metadata.labels.kubesphere\.io/cluster
+      name: Cluster
+      type: string
+    - jsonPath: .metadata.labels.kubesphere\.io/namespace
+      name: Namespace
+      type: string
+    - jsonPath: .status.state
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: HelmRelease is the Schema for the helmreleases API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HelmReleaseSpec defines the desired state of HelmRelease
+            properties:
+              appId:
+                description: id of the helmapplication
+                type: string
+              appVerId:
+                description: application version id
+                type: string
+              chartAppVer:
+                description: appVersion from Chart.yaml
+                type: string
+              chartName:
+                description: The name of the chart which will be installed.
+                type: string
+              chartVersion:
+                description: Specify the exact chart version to install. If this is not specified, the latest version is installed
+                type: string
+              description:
+                description: Message got from frontend
+                type: string
+              name:
+                description: Name of the release
+                type: string
+              repoId:
+                description: id of  the repo
+                type: string
+              values:
+                description: helm release values.yaml
+                format: byte
+                type: string
+              version:
+                description: expected release version, when this version is not equal status.version, the release need upgrade this filed should be modified when any filed of the spec modified.
+                type: integer
+            required:
+            - chartName
+            - chartVersion
+            - name
+            - version
+            type: object
+          status:
+            description: HelmReleaseStatus defines the observed state of HelmRelease
+            properties:
+              deployStatus:
+                description: deploy status list of history, which will store at most 10 state
+                items:
+                  properties:
+                    deployTime:
+                      description: deploy time, upgrade time or check status time
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about why the release is in this state.
+                      type: string
+                    state:
+                      description: current state of the release
+                      type: string
+                  required:
+                  - deployTime
+                  - state
+                  type: object
+                type: array
+              lastDeployed:
+                description: last deploy time or upgrade time
+                format: date-time
+                type: string
+              lastUpdate:
+                description: last update time
+                format: date-time
+                type: string
+              message:
+                description: A human readable message indicating details about why the release is in this state.
+                type: string
+              state:
+                description: current state
+                type: string
+              version:
+                description: current release version
+                type: integer
+            required:
+            - state
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/application.kubesphere.io_helmrepos.yaml
+++ b/config/crds/application.kubesphere.io_helmrepos.yaml
@@ -0,0 +1,142 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: helmrepos.application.kubesphere.io
+spec:
+  group: application.kubesphere.io
+  names:
+    kind: HelmRepo
+    listKind: HelmRepoList
+    plural: helmrepos
+    shortNames:
+    - hrepo
+    singular: helmrepo
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.name
+      name: name
+      type: string
+    - jsonPath: .metadata.labels.kubesphere\.io/workspace
+      name: Workspace
+      type: string
+    - jsonPath: .spec.url
+      name: url
+      type: string
+    - jsonPath: .status.state
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: HelmRepo is the Schema for the helmrepoes API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HelmRepoSpec defines the desired state of HelmRepo
+            properties:
+              credential:
+                description: helm repo credential
+                properties:
+                  accessKeyID:
+                    type: string
+                  caFile:
+                    description: verify certificates of HTTPS-enabled servers using this CA bundle
+                    type: string
+                  certFile:
+                    description: identify HTTPS client using this SSL certificate file
+                    type: string
+                  insecureSkipTLSVerify:
+                    description: skip tls certificate checks for the repository, default is ture
+                    type: boolean
+                  keyFile:
+                    description: identify HTTPS client using this SSL key file
+                    type: string
+                  password:
+                    description: chart repository password
+                    type: string
+                  secretAccessKey:
+                    type: string
+                  username:
+                    description: chart repository username
+                    type: string
+                type: object
+              description:
+                description: chart repo description from frontend
+                type: string
+              name:
+                description: name of the repo
+                type: string
+              syncPeriod:
+                description: sync period in seconds, no sync when SyncPeriod=0, the minimum SyncPeriod is 180s
+                type: integer
+              url:
+                description: helm repo url
+                type: string
+              version:
+                description: expected repo version, when this version is not equal status.version, the repo need upgrade this filed should be modified when any filed of the spec modified.
+                type: integer
+            required:
+            - name
+            - url
+            type: object
+          status:
+            description: HelmRepoStatus defines the observed state of HelmRepo
+            properties:
+              data:
+                description: repo index
+                type: string
+              lastUpdateTime:
+                description: status last update time
+                format: date-time
+                type: string
+              state:
+                description: current state of the repo, successful, failed or syncing
+                type: string
+              syncState:
+                description: sync state list of history, which will store at most 10 state
+                items:
+                  properties:
+                    message:
+                      description: A human readable message indicating details about why the repo is in this state.
+                      type: string
+                    state:
+                      description: 'last sync state, valid state are: "failed", "success", and ""'
+                      type: string
+                    syncTime:
+                      format: date-time
+                      type: string
+                  required:
+                  - syncTime
+                  type: object
+                type: array
+              version:
+                description: if status.version!=spec.Version, we need sync the repo now
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/auditing.kubesphere.io_rules.yaml
+++ b/config/crds/auditing.kubesphere.io_rules.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -15,73 +15,67 @@ spec:
    plural: rules
    singular: rule
  scope: Namespaced
-  validation:
-    openAPIV3Schema:
-      description: Rule is the Schema for the rules API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: AuditRuleSpec defines the desired state of Rule
-          properties:
-            rules:
-              items:
-                properties:
-                  alias:
-                    description: This effective When the rule type is alias
-                    type: string
-                  condition:
-                    description: Rule condition This effective When the rule type
-                      is rule
-                    type: string
-                  desc:
-                    description: Rule describe
-                    type: string
-                  enable:
-                    description: Is the rule enable
-                    type: boolean
-                  list:
-                    description: This effective When the rule type is list
-                    items:
-                      type: string
-                    type: array
-                  macro:
-                    description: This effective When the rule type is macro
-                    type: string
-                  name:
-                    description: Rule name
-                    type: string
-                  output:
-                    description: The output formater of message which send to user
-                    type: string
-                  priority:
-                    description: Rule priority, DEBUG, INFO, WARNING
-                    type: string
-                  type:
-                    description: Rule type, rule, macro,list,alias
-                    type: string
-                required:
-                - enable
-                type: object
-              type: array
-          type: object
-        status:
-          description: AuditRuleStatus defines the observed state of Rule
-          type: object
-      type: object
-  version: v1alpha1
  versions:
  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Rule is the Schema for the rules API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AuditRuleSpec defines the desired state of Rule
+            properties:
+              rules:
+                items:
+                  properties:
+                    alias:
+                      description: This effective When the rule type is alias
+                      type: string
+                    condition:
+                      description: Rule condition This effective When the rule type is rule
+                      type: string
+                    desc:
+                      description: Rule describe
+                      type: string
+                    enable:
+                      description: Is the rule enable
+                      type: boolean
+                    list:
+                      description: This effective When the rule type is list
+                      items:
+                        type: string
+                      type: array
+                    macro:
+                      description: This effective When the rule type is macro
+                      type: string
+                    name:
+                      description: Rule name
+                      type: string
+                    output:
+                      description: The output formater of message which send to user
+                      type: string
+                    priority:
+                      description: Rule priority, DEBUG, INFO, WARNING
+                      type: string
+                    type:
+                      description: Rule type, rule, macro,list,alias
+                      type: string
+                  required:
+                  - enable
+                  type: object
+                type: array
+            type: object
+          status:
+            description: AuditRuleStatus defines the observed state of Rule
+            type: object
+        type: object
    served: true
    storage: true
 status:
--- a/config/crds/auditing.kubesphere.io_webhooks.yaml
+++ b/config/crds/auditing.kubesphere.io_webhooks.yaml
--- a/config/crds/cluster.kubesphere.io_clusters.yaml
+++ b/config/crds/cluster.kubesphere.io_clusters.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -8,19 +8,6 @@ metadata:
  creationTimestamp: null
  name: clusters.cluster.kubesphere.io
 spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.joinFederation
-    name: Federated
-    type: boolean
-  - JSONPath: .spec.provider
-    name: Provider
-    type: string
-  - JSONPath: .spec.enable
-    name: Active
-    type: boolean
-  - JSONPath: .status.kubernetesVersion
-    name: Version
-    type: string
  group: cluster.kubesphere.io
  names:
    kind: Cluster
@@ -28,143 +15,129 @@ spec:
    plural: clusters
    singular: cluster
  scope: Cluster
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      description: Cluster is the schema for the clusters API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          properties:
-            connection:
-              description: Connection holds info to connect to the member cluster
-              properties:
-                kubeconfig:
-                  description: KubeConfig content used to connect to cluster api server
-                    Should provide this field explicitly if connection type is direct.
-                    Will be populated by ks-proxy if connection type is proxy.
-                  format: byte
-                  type: string
-                kubernetesAPIEndpoint:
-                  description: 'Kubernetes API Server endpoint. Example: https://10.10.0.1:6443
-                    Should provide this field explicitly if connection type is direct.
-                    Will be populated by ks-apiserver if connection type is proxy.'
-                  type: string
-                kubernetesAPIServerPort:
-                  description: KubeAPIServerPort is the port which listens for forwarding
-                    kube-apiserver traffic Only applicable when connection type is
-                    proxy.
-                  type: integer
-                kubesphereAPIEndpoint:
-                  description: 'KubeSphere API Server endpoint. Example: http://10.10.0.11:8080
-                    Should provide this field explicitly if connection type is direct.
-                    Will be populated by ks-apiserver if connection type is proxy.'
-                  type: string
-                kubesphereAPIServerPort:
-                  description: KubeSphereAPIServerPort is the port which listens for
-                    forwarding kubesphere apigateway traffic Only applicable when
-                    connection type is proxy.
-                  type: integer
-                token:
-                  description: Token used by agents of member cluster to connect to
-                    host cluster proxy. This field is populated by apiserver only
-                    if connection type is proxy.
-                  type: string
-                type:
-                  description: type defines how host cluster will connect to host
-                    cluster ConnectionTypeDirect means direct connection, this requires   kubeconfig
-                    and kubesphere apiserver endpoint provided ConnectionTypeProxy
-                    means using kubesphere proxy, no kubeconfig   or kubesphere apiserver
-                    endpoint required
-                  type: string
-              type: object
-            enable:
-              description: Desired state of the cluster
-              type: boolean
-            joinFederation:
-              description: Join cluster as a kubefed cluster
-              type: boolean
-            provider:
-              description: Provider of the cluster, this field is just for description
-              type: string
-          type: object
-        status:
-          properties:
-            conditions:
-              description: Represents the latest available observations of a cluster's
-                current state.
-              items:
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.joinFederation
+      name: Federated
+      type: boolean
+    - jsonPath: .spec.provider
+      name: Provider
+      type: string
+    - jsonPath: .spec.enable
+      name: Active
+      type: boolean
+    - jsonPath: .status.kubernetesVersion
+      name: Version
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Cluster is the schema for the clusters API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              connection:
+                description: Connection holds info to connect to the member cluster
                properties:
-                  lastTransitionTime:
-                    description: Last time the condition transitioned from one status
-                      to another.
-                    format: date-time
+                  kubeconfig:
+                    description: KubeConfig content used to connect to cluster api server Should provide this field explicitly if connection type is direct. Will be populated by ks-proxy if connection type is proxy.
+                    format: byte
                    type: string
-                  lastUpdateTime:
-                    description: The last time this condition was updated.
-                    format: date-time
+                  kubernetesAPIEndpoint:
+                    description: 'Kubernetes API Server endpoint. Example: https://10.10.0.1:6443 Should provide this field explicitly if connection type is direct. Will be populated by ks-apiserver if connection type is proxy.'
                    type: string
-                  message:
-                    description: A human readable message indicating details about
-                      the transition.
+                  kubernetesAPIServerPort:
+                    description: KubeAPIServerPort is the port which listens for forwarding kube-apiserver traffic Only applicable when connection type is proxy.
+                    type: integer
+                  kubesphereAPIEndpoint:
+                    description: 'KubeSphere API Server endpoint. Example: http://10.10.0.11:8080 Should provide this field explicitly if connection type is direct. Will be populated by ks-apiserver if connection type is proxy.'
                    type: string
-                  reason:
-                    description: The reason for the condition's last transition.
-                    type: string
-                  status:
-                    description: Status of the condition, one of True, False, Unknown.
+                  kubesphereAPIServerPort:
+                    description: KubeSphereAPIServerPort is the port which listens for forwarding kubesphere apigateway traffic Only applicable when connection type is proxy.
+                    type: integer
+                  token:
+                    description: Token used by agents of member cluster to connect to host cluster proxy. This field is populated by apiserver only if connection type is proxy.
                    type: string
                  type:
-                    description: Type of the condition
+                    description: type defines how host cluster will connect to host cluster ConnectionTypeDirect means direct connection, this requires   kubeconfig and kubesphere apiserver endpoint provided ConnectionTypeProxy means using kubesphere proxy, no kubeconfig   or kubesphere apiserver endpoint required
                    type: string
-                required:
-                - status
-                - type
                type: object
-              type: array
-            configz:
-              additionalProperties:
+              enable:
+                description: Desired state of the cluster
                type: boolean
-              description: Configz is status of components enabled in the member cluster.
-                This is synchronized with member cluster every amount of time, like
-                5 minutes.
-              type: object
-            kubernetesVersion:
-              description: GitVersion of the kubernetes cluster, this field is populated
-                by cluster controller
-              type: string
-            nodeCount:
-              description: Count of the kubernetes cluster nodes This field may not
-                reflect the instant status of the cluster.
-              type: integer
-            region:
-              description: Region is the name of the region in which all of the nodes
-                in the cluster exist.  e.g. 'us-east1'.
-              type: string
-            zones:
-              description: Zones are the names of availability zones in which the
-                nodes of the cluster exist, e.g. 'us-east1-a'.
-              items:
+              joinFederation:
+                description: Join cluster as a kubefed cluster
+                type: boolean
+              provider:
+                description: Provider of the cluster, this field is just for description
                type: string
-              type: array
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
+            type: object
+          status:
+            properties:
+              conditions:
+                description: Represents the latest available observations of a cluster's current state.
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    lastUpdateTime:
+                      description: The last time this condition was updated.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of the condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              configz:
+                additionalProperties:
+                  type: boolean
+                description: Configz is status of components enabled in the member cluster. This is synchronized with member cluster every amount of time, like 5 minutes.
+                type: object
+              kubeSphereVersion:
+                description: GitVersion of the /kapis/version api response, this field is populated by cluster controller
+                type: string
+              kubernetesVersion:
+                description: GitVersion of the kubernetes cluster, this field is populated by cluster controller
+                type: string
+              nodeCount:
+                description: Count of the kubernetes cluster nodes This field may not reflect the instant status of the cluster.
+                type: integer
+              region:
+                description: Region is the name of the region in which all of the nodes in the cluster exist.  e.g. 'us-east1'.
+                type: string
+              zones:
+                description: Zones are the names of availability zones in which the nodes of the cluster exist, e.g. 'us-east1-a'.
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
    served: true
    storage: true
+    subresources: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/crd.projectcalico.org_blockaffinities.yaml
+++ b/config/crds/crd.projectcalico.org_blockaffinities.yaml
@@ -0,0 +1,56 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: blockaffinities.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: BlockAffinity
+    listKind: BlockAffinityList
+    plural: blockaffinities
+    singular: blockaffinity
+  scope: Cluster
+  versions:
+  - name: calicov3
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: BlockAffinitySpec contains the specification for a BlockAffinity resource.
+            properties:
+              cidr:
+                type: string
+              deleted:
+                type: string
+              node:
+                type: string
+              state:
+                type: string
+            required:
+            - cidr
+            - deleted
+            - node
+            - state
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/crd.projectcalico.org_ipamblocks.yaml
+++ b/config/crds/crd.projectcalico.org_ipamblocks.yaml
@@ -0,0 +1,81 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: ipamblocks.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: IPAMBlock
+    listKind: IPAMBlockList
+    plural: ipamblocks
+    singular: ipamblock
+  scope: Cluster
+  versions:
+  - name: calicov3
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IPAMBlockSpec contains the specification for a IPAMBlock resource.
+            properties:
+              affinity:
+                type: string
+              allocations:
+                items:
+                  type: integer
+                type: array
+              attributes:
+                items:
+                  properties:
+                    handle_id:
+                      type: string
+                    secondary:
+                      additionalProperties:
+                        type: string
+                      type: object
+                  required:
+                  - handle_id
+                  - secondary
+                  type: object
+                type: array
+              cidr:
+                type: string
+              deleted:
+                type: boolean
+              strictAffinity:
+                type: boolean
+              unallocated:
+                items:
+                  type: integer
+                type: array
+            required:
+            - affinity
+            - allocations
+            - attributes
+            - cidr
+            - deleted
+            - strictAffinity
+            - unallocated
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/crd.projectcalico.org_ippools.yaml
+++ b/config/crds/crd.projectcalico.org_ippools.yaml
@@ -0,0 +1,79 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: ippools.crd.projectcalico.org
+spec:
+  group: crd.projectcalico.org
+  names:
+    kind: IPPool
+    listKind: IPPoolList
+    plural: ippools
+    singular: ippool
+  scope: Cluster
+  versions:
+  - name: calicov3
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IPPoolSpec contains the specification for an IPPool resource.
+            properties:
+              blockSize:
+                description: The block size to use for IP address assignments from this pool. Defaults to 26 for IPv4 and 112 for IPv6.
+                type: integer
+              cidr:
+                description: The pool CIDR.
+                type: string
+              disabled:
+                description: When disabled is true, Calico IPAM will not assign addresses from this pool.
+                type: boolean
+              ipip:
+                description: 'Deprecated: this field is only used for APIv1 backwards compatibility. Setting this field is not allowed, this field is for internal use only.'
+                properties:
+                  enabled:
+                    description: When enabled is true, ipip tunneling will be used to deliver packets to destinations within this pool.
+                    type: boolean
+                  mode:
+                    description: The IPIP mode.  This can be one of "always" or "cross-subnet".  A mode of "always" will also use IPIP tunneling for routing to destination IP addresses within this pool.  A mode of "cross-subnet" will only use IPIP tunneling when the destination node is on a different subnet to the originating node.  The default value (if not specified) is "always".
+                    type: string
+                type: object
+              ipipMode:
+                description: Contains configuration for IPIP tunneling for this pool. If not specified, then this is defaulted to "Never" (i.e. IPIP tunelling is disabled).
+                type: string
+              nat-outgoing:
+                description: 'Deprecated: this field is only used for APIv1 backwards compatibility. Setting this field is not allowed, this field is for internal use only.'
+                type: boolean
+              natOutgoing:
+                description: When nat-outgoing is true, packets sent from Calico networked containers in this pool to destinations outside of this pool will be masqueraded.
+                type: boolean
+              nodeSelector:
+                description: Allows IPPool to allocate for a specific node by label selector.
+                type: string
+              vxlanMode:
+                description: Contains configuration for VXLAN tunneling for this pool. If not specified, then this is defaulted to "Never" (i.e. VXLAN tunelling is disabled).
+                type: string
+            required:
+            - cidr
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/devops.kubesphere.io_devopsprojects.yaml
+++ b/config/crds/devops.kubesphere.io_devopsprojects.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -17,38 +17,31 @@ spec:
    plural: devopsprojects
    singular: devopsproject
  scope: Cluster
-  validation:
-    openAPIV3Schema:
-      description: DevOpsProject is the Schema for the devopsprojects API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: DevOpsProjectSpec defines the desired state of DevOpsProject
-          type: object
-        status:
-          description: DevOpsProjectStatus defines the observed state of DevOpsProject
-          properties:
-            adminNamespace:
-              description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
-                of cluster Important: Run "make" to regenerate code after modifying
-                this file'
-              type: string
-          type: object
-      type: object
-  version: v1alpha3
  versions:
  - name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: DevOpsProject is the Schema for the devopsprojects API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DevOpsProjectSpec defines the desired state of DevOpsProject
+            type: object
+          status:
+            description: DevOpsProjectStatus defines the observed state of DevOpsProject
+            properties:
+              adminNamespace:
+                description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
+                type: string
+            type: object
+        type: object
    served: true
    storage: true
 status:
--- a/config/crds/devops.kubesphere.io_pipelines.yaml
+++ b/config/crds/devops.kubesphere.io_pipelines.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -15,241 +15,281 @@ spec:
    plural: pipelines
    singular: pipeline
  scope: Namespaced
-  validation:
-    openAPIV3Schema:
-      description: Pipeline is the Schema for the pipelines API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: PipelineSpec defines the desired state of Pipeline
-          properties:
-            multi_branch_pipeline:
-              properties:
-                bitbucket_server_source:
-                  properties:
-                    api_uri:
-                      type: string
-                    credential_id:
-                      type: string
-                    discover_branches:
-                      type: integer
-                    discover_pr_from_forks:
-                      properties:
-                        strategy:
-                          type: integer
-                        trust:
-                          type: integer
-                      type: object
-                    discover_pr_from_origin:
-                      type: integer
-                    git_clone_option:
-                      properties:
-                        depth:
-                          type: integer
-                        shallow:
-                          type: boolean
-                        timeout:
-                          type: integer
-                      type: object
-                    owner:
-                      type: string
-                    regex_filter:
-                      type: string
-                    repo:
-                      type: string
-                    scm_id:
-                      type: string
-                  type: object
-                description:
-                  type: string
-                discarder:
-                  properties:
-                    days_to_keep:
-                      type: string
-                    num_to_keep:
-                      type: string
-                  type: object
-                git_source:
-                  properties:
-                    credential_id:
-                      type: string
-                    discover_branches:
-                      type: boolean
-                    git_clone_option:
-                      properties:
-                        depth:
-                          type: integer
-                        shallow:
-                          type: boolean
-                        timeout:
-                          type: integer
-                      type: object
-                    regex_filter:
-                      type: string
-                    scm_id:
-                      type: string
-                    url:
-                      type: string
-                  type: object
-                github_source:
-                  properties:
-                    api_uri:
-                      type: string
-                    credential_id:
-                      type: string
-                    discover_branches:
-                      type: integer
-                    discover_pr_from_forks:
-                      properties:
-                        strategy:
-                          type: integer
-                        trust:
-                          type: integer
-                      type: object
-                    discover_pr_from_origin:
-                      type: integer
-                    git_clone_option:
-                      properties:
-                        depth:
-                          type: integer
-                        shallow:
-                          type: boolean
-                        timeout:
-                          type: integer
-                      type: object
-                    owner:
-                      type: string
-                    regex_filter:
-                      type: string
-                    repo:
-                      type: string
-                    scm_id:
-                      type: string
-                  type: object
-                multibranch_job_trigger:
-                  properties:
-                    create_action_job_to_trigger:
-                      type: string
-                    delete_action_job_to_trigger:
-                      type: string
-                  type: object
-                name:
-                  type: string
-                script_path:
-                  type: string
-                single_svn_source:
-                  properties:
-                    credential_id:
-                      type: string
-                    remote:
-                      type: string
-                    scm_id:
-                      type: string
-                  type: object
-                source_type:
-                  type: string
-                svn_source:
-                  properties:
-                    credential_id:
-                      type: string
-                    excludes:
-                      type: string
-                    includes:
-                      type: string
-                    remote:
-                      type: string
-                    scm_id:
-                      type: string
-                  type: object
-                timer_trigger:
-                  properties:
-                    cron:
-                      description: user in no scm job
-                      type: string
-                    interval:
-                      description: use in multi-branch job
-                      type: string
-                  type: object
-              required:
-              - name
-              - script_path
-              - source_type
-              type: object
-            pipeline:
-              properties:
-                description:
-                  type: string
-                disable_concurrent:
-                  type: boolean
-                discarder:
-                  properties:
-                    days_to_keep:
-                      type: string
-                    num_to_keep:
-                      type: string
-                  type: object
-                jenkinsfile:
-                  type: string
-                name:
-                  type: string
-                parameters:
-                  items:
-                    properties:
-                      default_value:
-                        type: string
-                      description:
-                        type: string
-                      name:
-                        type: string
-                      type:
-                        type: string
-                    required:
-                    - name
-                    - type
-                    type: object
-                  type: array
-                remote_trigger:
-                  properties:
-                    token:
-                      type: string
-                  type: object
-                timer_trigger:
-                  properties:
-                    cron:
-                      description: user in no scm job
-                      type: string
-                    interval:
-                      description: use in multi-branch job
-                      type: string
-                  type: object
-              required:
-              - name
-              type: object
-            type:
-              description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-                Important: Run "make" to regenerate code after modifying this file'
-              type: string
-          required:
-          - type
-          type: object
-        status:
-          description: PipelineStatus defines the observed state of Pipeline
-          type: object
-      type: object
-  version: v1alpha3
  versions:
  - name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: Pipeline is the Schema for the pipelines API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: PipelineSpec defines the desired state of Pipeline
+            properties:
+              multi_branch_pipeline:
+                properties:
+                  bitbucket_server_source:
+                    properties:
+                      api_uri:
+                        type: string
+                      credential_id:
+                        type: string
+                      discover_branches:
+                        type: integer
+                      discover_pr_from_forks:
+                        properties:
+                          strategy:
+                            type: integer
+                          trust:
+                            type: integer
+                        type: object
+                      discover_pr_from_origin:
+                        type: integer
+                      discover_tags:
+                        type: boolean
+                      git_clone_option:
+                        properties:
+                          depth:
+                            type: integer
+                          shallow:
+                            type: boolean
+                          timeout:
+                            type: integer
+                        type: object
+                      owner:
+                        type: string
+                      regex_filter:
+                        type: string
+                      repo:
+                        type: string
+                      scm_id:
+                        type: string
+                    type: object
+                  description:
+                    type: string
+                  discarder:
+                    properties:
+                      days_to_keep:
+                        type: string
+                      num_to_keep:
+                        type: string
+                    type: object
+                  git_source:
+                    properties:
+                      credential_id:
+                        type: string
+                      discover_branches:
+                        type: boolean
+                      discover_tags:
+                        type: boolean
+                      git_clone_option:
+                        properties:
+                          depth:
+                            type: integer
+                          shallow:
+                            type: boolean
+                          timeout:
+                            type: integer
+                        type: object
+                      regex_filter:
+                        type: string
+                      scm_id:
+                        type: string
+                      url:
+                        type: string
+                    type: object
+                  github_source:
+                    description: GithubSource and BitbucketServerSource have the same structure, but we don't use one due to crd errors
+                    properties:
+                      api_uri:
+                        type: string
+                      credential_id:
+                        type: string
+                      discover_branches:
+                        type: integer
+                      discover_pr_from_forks:
+                        properties:
+                          strategy:
+                            type: integer
+                          trust:
+                            type: integer
+                        type: object
+                      discover_pr_from_origin:
+                        type: integer
+                      discover_tags:
+                        type: boolean
+                      git_clone_option:
+                        properties:
+                          depth:
+                            type: integer
+                          shallow:
+                            type: boolean
+                          timeout:
+                            type: integer
+                        type: object
+                      owner:
+                        type: string
+                      regex_filter:
+                        type: string
+                      repo:
+                        type: string
+                      scm_id:
+                        type: string
+                    type: object
+                  gitlab_source:
+                    properties:
+                      api_uri:
+                        type: string
+                      credential_id:
+                        type: string
+                      discover_branches:
+                        type: integer
+                      discover_pr_from_forks:
+                        properties:
+                          strategy:
+                            type: integer
+                          trust:
+                            type: integer
+                        type: object
+                      discover_pr_from_origin:
+                        type: integer
+                      discover_tags:
+                        type: boolean
+                      git_clone_option:
+                        properties:
+                          depth:
+                            type: integer
+                          shallow:
+                            type: boolean
+                          timeout:
+                            type: integer
+                        type: object
+                      owner:
+                        type: string
+                      regex_filter:
+                        type: string
+                      repo:
+                        type: string
+                      scm_id:
+                        type: string
+                      server_name:
+                        type: string
+                    type: object
+                  multibranch_job_trigger:
+                    properties:
+                      create_action_job_to_trigger:
+                        type: string
+                      delete_action_job_to_trigger:
+                        type: string
+                    type: object
+                  name:
+                    type: string
+                  script_path:
+                    type: string
+                  single_svn_source:
+                    properties:
+                      credential_id:
+                        type: string
+                      remote:
+                        type: string
+                      scm_id:
+                        type: string
+                    type: object
+                  source_type:
+                    type: string
+                  svn_source:
+                    properties:
+                      credential_id:
+                        type: string
+                      excludes:
+                        type: string
+                      includes:
+                        type: string
+                      remote:
+                        type: string
+                      scm_id:
+                        type: string
+                    type: object
+                  timer_trigger:
+                    properties:
+                      cron:
+                        description: user in no scm job
+                        type: string
+                      interval:
+                        description: use in multi-branch job
+                        type: string
+                    type: object
+                required:
+                - name
+                - script_path
+                - source_type
+                type: object
+              pipeline:
+                properties:
+                  description:
+                    type: string
+                  disable_concurrent:
+                    type: boolean
+                  discarder:
+                    properties:
+                      days_to_keep:
+                        type: string
+                      num_to_keep:
+                        type: string
+                    type: object
+                  jenkinsfile:
+                    type: string
+                  name:
+                    type: string
+                  parameters:
+                    items:
+                      properties:
+                        default_value:
+                          type: string
+                        description:
+                          type: string
+                        name:
+                          type: string
+                        type:
+                          type: string
+                      required:
+                      - name
+                      - type
+                      type: object
+                    type: array
+                  remote_trigger:
+                    properties:
+                      token:
+                        type: string
+                    type: object
+                  timer_trigger:
+                    properties:
+                      cron:
+                        description: user in no scm job
+                        type: string
+                      interval:
+                        description: use in multi-branch job
+                        type: string
+                    type: object
+                required:
+                - name
+                type: object
+              type:
+                description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file'
+                type: string
+            required:
+            - type
+            type: object
+          status:
+            description: PipelineStatus defines the observed state of Pipeline
+            type: object
+        type: object
    served: true
    storage: true
 status:
--- a/config/crds/devops.kubesphere.io_s2ibinaries.yaml
+++ b/config/crds/devops.kubesphere.io_s2ibinaries.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -8,19 +8,6 @@ metadata:
  creationTimestamp: null
  name: s2ibinaries.devops.kubesphere.io
 spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.fileName
-    name: FileName
-    type: string
-  - JSONPath: .spec.md5
-    name: MD5
-    type: string
-  - JSONPath: .spec.size
-    name: Size
-    type: string
-  - JSONPath: .status.phase
-    name: Phase
-    type: string
  group: devops.kubesphere.io
  names:
    kind: S2iBinary
@@ -28,56 +15,64 @@ spec:
    plural: s2ibinaries
    singular: s2ibinary
  scope: Namespaced
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      description: S2iBinary is the Schema for the s2ibinaries API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: S2iBinarySpec defines the desired state of S2iBinary
-          properties:
-            downloadURL:
-              description: DownloadURL in KubeSphere
-              type: string
-            fileName:
-              description: FileName is filename of binary
-              type: string
-            md5:
-              description: MD5 is Binary's MD5 Hash
-              type: string
-            size:
-              description: Size is the file size of file
-              type: string
-            uploadTimeStamp:
-              description: UploadTime is last upload time
-              format: date-time
-              type: string
-          type: object
-        status:
-          description: S2iBinaryStatus defines the observed state of S2iBinary
-          properties:
-            phase:
-              description: Phase is status of S2iBinary . Possible value is "Ready","UnableToDownload"
-              type: string
-          type: object
-      type: object
-  version: v1alpha1
  versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .spec.fileName
+      name: FileName
+      type: string
+    - jsonPath: .spec.md5
+      name: MD5
+      type: string
+    - jsonPath: .spec.size
+      name: Size
+      type: string
+    - jsonPath: .status.phase
+      name: Phase
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: S2iBinary is the Schema for the s2ibinaries API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: S2iBinarySpec defines the desired state of S2iBinary
+            properties:
+              downloadURL:
+                description: DownloadURL in KubeSphere
+                type: string
+              fileName:
+                description: FileName is filename of binary
+                type: string
+              md5:
+                description: MD5 is Binary's MD5 Hash
+                type: string
+              size:
+                description: Size is the file size of file
+                type: string
+              uploadTimeStamp:
+                description: UploadTime is last upload time
+                format: date-time
+                type: string
+            type: object
+          status:
+            description: S2iBinaryStatus defines the observed state of S2iBinary
+            properties:
+              phase:
+                description: Phase is status of S2iBinary . Possible value is "Ready","UnableToDownload"
+                type: string
+            type: object
+        type: object
    served: true
    storage: true
+    subresources: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/devops.kubesphere.io_s2ibuilders.yaml
+++ b/config/crds/devops.kubesphere.io_s2ibuilders.yaml
--- a/config/crds/devops.kubesphere.io_s2ibuildertemplates.yaml
+++ b/config/crds/devops.kubesphere.io_s2ibuildertemplates.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -8,16 +8,6 @@ metadata:
  creationTimestamp: null
  name: s2ibuildertemplates.devops.kubesphere.io
 spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.codeFramework
-    name: Framework
-    type: string
-  - JSONPath: .spec.defaultBaseImage
-    name: DefaultBaseImage
-    type: string
-  - JSONPath: .spec.version
-    name: Version
-    type: string
  group: devops.kubesphere.io
  names:
    categories:
@@ -29,110 +19,109 @@ spec:
    - s2ibt
    singular: s2ibuildertemplate
  scope: Cluster
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      description: S2iBuilderTemplate is the Schema for the s2ibuildertemplates API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: S2iBuilderTemplateSpec defines the desired state of S2iBuilderTemplate
-          properties:
-            codeFramework:
-              description: CodeFramework means which language this template is designed
-                for and which framework is using if has framework. Like Java, NodeJS
-                etc
-              type: string
-            containerInfo:
-              description: Images are the images this template will use.
-              items:
-                properties:
-                  buildVolumes:
-                    description: BuildVolumes specifies a list of volumes to mount
-                      to container running the build.
-                    items:
-                      type: string
-                    type: array
-                  builderImage:
-                    description: BaseImage are the images this template will use.
-                    type: string
-                  runtimeArtifacts:
-                    items:
-                      description: VolumeSpec represents a single volume mount point.
-                      properties:
-                        destination:
-                          description: Destination is the path to mount the volume
-                            to - absolute or relative.
-                          type: string
-                        keep:
-                          description: Keep indicates if the mounted data should be
-                            kept in the final image.
-                          type: boolean
-                        source:
-                          description: Source is a reference to the volume source.
-                          type: string
-                      type: object
-                    type: array
-                  runtimeImage:
-                    type: string
-                type: object
-              type: array
-            defaultBaseImage:
-              description: DefaultBaseImage is the image that will be used by default
-              type: string
-            description:
-              description: Description illustrate the purpose of this template
-              type: string
-            environment:
-              description: Parameters is a set of environment variables to be passed
-                to the image.
-              items:
-                properties:
-                  defaultValue:
-                    type: string
-                  description:
-                    type: string
-                  key:
-                    type: string
-                  optValues:
-                    items:
-                      type: string
-                    type: array
-                  required:
-                    type: boolean
-                  type:
-                    type: string
-                  value:
-                    type: string
-                type: object
-              type: array
-            iconPath:
-              description: IconPath is used for frontend display
-              type: string
-            version:
-              description: Version of template
-              type: string
-          type: object
-        status:
-          description: S2iBuilderTemplateStatus defines the observed state of S2iBuilderTemplate
-          type: object
-      type: object
-  version: v1alpha1
  versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .spec.codeFramework
+      name: Framework
+      type: string
+    - jsonPath: .spec.defaultBaseImage
+      name: DefaultBaseImage
+      type: string
+    - jsonPath: .spec.version
+      name: Version
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: S2iBuilderTemplate is the Schema for the s2ibuildertemplates API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: S2iBuilderTemplateSpec defines the desired state of S2iBuilderTemplate
+            properties:
+              codeFramework:
+                description: CodeFramework means which language this template is designed for and which framework is using if has framework. Like Java, NodeJS etc
+                type: string
+              containerInfo:
+                description: Images are the images this template will use.
+                items:
+                  properties:
+                    buildVolumes:
+                      description: BuildVolumes specifies a list of volumes to mount to container running the build.
+                      items:
+                        type: string
+                      type: array
+                    builderImage:
+                      description: BaseImage are the images this template will use.
+                      type: string
+                    runtimeArtifacts:
+                      items:
+                        description: VolumeSpec represents a single volume mount point.
+                        properties:
+                          destination:
+                            description: Destination is the path to mount the volume to - absolute or relative.
+                            type: string
+                          keep:
+                            description: Keep indicates if the mounted data should be kept in the final image.
+                            type: boolean
+                          source:
+                            description: Source is a reference to the volume source.
+                            type: string
+                        type: object
+                      type: array
+                    runtimeImage:
+                      type: string
+                  type: object
+                type: array
+              defaultBaseImage:
+                description: DefaultBaseImage is the image that will be used by default
+                type: string
+              description:
+                description: Description illustrate the purpose of this template
+                type: string
+              environment:
+                description: Parameters is a set of environment variables to be passed to the image.
+                items:
+                  properties:
+                    defaultValue:
+                      type: string
+                    description:
+                      type: string
+                    key:
+                      type: string
+                    optValues:
+                      items:
+                        type: string
+                      type: array
+                    required:
+                      type: boolean
+                    type:
+                      type: string
+                    value:
+                      type: string
+                  type: object
+                type: array
+              iconPath:
+                description: IconPath is used for frontend display
+                type: string
+              version:
+                description: Version of template
+                type: string
+            type: object
+          status:
+            description: S2iBuilderTemplateStatus defines the observed state of S2iBuilderTemplate
+            type: object
+        type: object
    served: true
    storage: true
+    subresources: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/devops.kubesphere.io_s2iruns.yaml
+++ b/config/crds/devops.kubesphere.io_s2iruns.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -8,22 +8,6 @@ metadata:
  creationTimestamp: null
  name: s2iruns.devops.kubesphere.io
 spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.runState
-    name: State
-    type: string
-  - JSONPath: .status.kubernetesJobName
-    name: K8sJobName
-    type: string
-  - JSONPath: .status.startTime
-    name: StartTime
-    type: date
-  - JSONPath: .status.completionTime
-    name: CompletionTime
-    type: date
-  - JSONPath: .status.s2iBuildResult.imageName
-    name: ImageName
-    type: string
  group: devops.kubesphere.io
  names:
    kind: S2iRun
@@ -33,146 +17,145 @@ spec:
    - s2ir
    singular: s2irun
  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: S2iRun is the Schema for the s2iruns API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: S2iRunSpec defines the desired state of S2iRun
-          properties:
-            backoffLimit:
-              description: BackoffLimit limits the restart count of each s2irun. Default
-                is 0
-              format: int32
-              type: integer
-            builderName:
-              description: BuilderName specify the name of s2ibuilder, required
-              type: string
-            newRevisionId:
-              description: NewRevisionId override the default NewRevisionId in its
-                s2ibuilder.
-              type: string
-            newSourceURL:
-              description: NewSourceURL is used to download new binary artifacts
-              type: string
-            newTag:
-              description: NewTag override the default tag in its s2ibuilder, image
-                name cannot be changed.
-              type: string
-            secondsAfterFinished:
-              description: SecondsAfterFinished if is set and greater than zero, and
-                the job created by s2irun become successful or failed , the job will
-                be auto deleted after SecondsAfterFinished
-              format: int32
-              type: integer
-          required:
-          - builderName
-          type: object
-        status:
-          description: S2iRunStatus defines the observed state of S2iRun
-          properties:
-            completionTime:
-              description: Represents time when the job was completed. It is not guaranteed
-                to be set in happens-before order across separate operations. It is
-                represented in RFC3339 form and is in UTC.
-              format: date-time
-              type: string
-            kubernetesJobName:
-              description: KubernetesJobName is the job name in k8s
-              type: string
-            logURL:
-              description: LogURL is uesd for external log handler to let user know
-                where is log located in
-              type: string
-            runState:
-              description: RunState  indicates whether this job is done or failed
-              type: string
-            s2iBuildResult:
-              description: S2i build result info.
-              properties:
-                commandPull:
-                  description: Command for pull image.
-                  type: string
-                imageCreated:
-                  description: Image created time.
-                  type: string
-                imageID:
-                  description: Image ID.
-                  type: string
-                imageName:
-                  description: ImageName is the name of artifact
-                  type: string
-                imageRepoTags:
-                  description: image tags.
-                  items:
-                    type: string
-                  type: array
-                imageSize:
-                  description: The size in bytes of the image
-                  format: int64
-                  type: integer
-              type: object
-            s2iBuildSource:
-              description: S2i build source info.
-              properties:
-                binaryName:
-                  description: Binary file Name
-                  type: string
-                binarySize:
-                  description: Binary file Size
-                  format: int64
-                  type: integer
-                builderImage:
-                  description: // BuilderImage describes which image is used for building
-                    the result images.
-                  type: string
-                commitID:
-                  description: CommitID represents an arbitrary extended object reference
-                    in Git as SHA-1
-                  type: string
-                committerEmail:
-                  description: CommitterEmail contains the e-mail of the committer
-                  type: string
-                committerName:
-                  description: CommitterName contains the name of the committer
-                  type: string
-                description:
-                  description: Description is a result image description label. The
-                    default is no description.
-                  type: string
-                revisionId:
-                  description: The RevisionId is a branch name or a SHA-1 hash of
-                    every important thing about the commit
-                  type: string
-                sourceUrl:
-                  description: SourceURL is  url of the codes such as https://github.com/a/b.git
-                  type: string
-              type: object
-            startTime:
-              description: StartTime represent when this run began
-              format: date-time
-              type: string
-          type: object
-      type: object
-  version: v1alpha1
  versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .status.runState
+      name: State
+      type: string
+    - jsonPath: .status.kubernetesJobName
+      name: K8sJobName
+      type: string
+    - jsonPath: .status.startTime
+      name: StartTime
+      type: date
+    - jsonPath: .status.completionTime
+      name: CompletionTime
+      type: date
+    - jsonPath: .status.s2iBuildResult.imageName
+      name: ImageName
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: S2iRun is the Schema for the s2iruns API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: S2iRunSpec defines the desired state of S2iRun
+            properties:
+              backoffLimit:
+                description: BackoffLimit limits the restart count of each s2irun. Default is 0
+                format: int32
+                type: integer
+              builderName:
+                description: BuilderName specify the name of s2ibuilder, required
+                type: string
+              newRevisionId:
+                description: NewRevisionId override the default NewRevisionId in its s2ibuilder.
+                type: string
+              newSourceURL:
+                description: NewSourceURL is used to download new binary artifacts
+                type: string
+              newTag:
+                description: NewTag override the default tag in its s2ibuilder, image name cannot be changed.
+                type: string
+              secondsAfterFinished:
+                description: SecondsAfterFinished if is set and greater than zero, and the job created by s2irun become successful or failed , the job will be auto deleted after SecondsAfterFinished
+                format: int32
+                type: integer
+            required:
+            - builderName
+            type: object
+          status:
+            description: S2iRunStatus defines the observed state of S2iRun
+            properties:
+              completionTime:
+                description: Represents time when the job was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              kubernetesJobName:
+                description: KubernetesJobName is the job name in k8s
+                type: string
+              logURL:
+                description: LogURL is uesd for external log handler to let user know where is log located in
+                type: string
+              runState:
+                description: RunState  indicates whether this job is done or failed
+                type: string
+              s2iBuildResult:
+                description: S2i build result info.
+                properties:
+                  commandPull:
+                    description: Command for pull image.
+                    type: string
+                  imageCreated:
+                    description: Image created time.
+                    type: string
+                  imageID:
+                    description: Image ID.
+                    type: string
+                  imageName:
+                    description: ImageName is the name of artifact
+                    type: string
+                  imageRepoTags:
+                    description: image tags.
+                    items:
+                      type: string
+                    type: array
+                  imageSize:
+                    description: The size in bytes of the image
+                    format: int64
+                    type: integer
+                type: object
+              s2iBuildSource:
+                description: S2i build source info.
+                properties:
+                  binaryName:
+                    description: Binary file Name
+                    type: string
+                  binarySize:
+                    description: Binary file Size
+                    format: int64
+                    type: integer
+                  builderImage:
+                    description: // BuilderImage describes which image is used for building the result images.
+                    type: string
+                  commitID:
+                    description: CommitID represents an arbitrary extended object reference in Git as SHA-1
+                    type: string
+                  committerEmail:
+                    description: CommitterEmail contains the e-mail of the committer
+                    type: string
+                  committerName:
+                    description: CommitterName contains the name of the committer
+                    type: string
+                  description:
+                    description: Description is a result image description label. The default is no description.
+                    type: string
+                  revisionId:
+                    description: The RevisionId is a branch name or a SHA-1 hash of every important thing about the commit
+                    type: string
+                  sourceUrl:
+                    description: SourceURL is  url of the codes such as https://github.com/a/b.git
+                    type: string
+                type: object
+              startTime:
+                description: StartTime represent when this run began
+                format: date-time
+                type: string
+            type: object
+        type: object
    served: true
    storage: true
+    subresources:
+      status: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/iam.kubesphere.io_federatedrolebindings.yaml
+++ b/config/crds/iam.kubesphere.io_federatedrolebindings.yaml
@@ -0,0 +1,111 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedrolebindings.iam.kubesphere.io
+spec:
+  group: iam.kubesphere.io
+  names:
+    kind: FederatedRoleBinding
+    listKind: FederatedRoleBindingList
+    plural: federatedrolebindings
+    singular: federatedrolebinding
+  scope: Namespaced
+  versions:
+  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              placement:
+                properties:
+                  clusterSelector:
+                    properties:
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  metadata:
+                    type: object
+                  roleRef:
+                    description: RoleRef contains information that points to the role being used
+                    properties:
+                      apiGroup:
+                        description: APIGroup is the group for the resource being referenced
+                        type: string
+                      kind:
+                        description: Kind is the type of resource being referenced
+                        type: string
+                      name:
+                        description: Name is the name of resource being referenced
+                        type: string
+                    required:
+                    - apiGroup
+                    - kind
+                    - name
+                    type: object
+                  subjects:
+                    items:
+                      description: Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
+                      properties:
+                        apiGroup:
+                          description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+                          type: string
+                        kind:
+                          description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+                          type: string
+                        name:
+                          description: Name of the object being referenced.
+                          type: string
+                        namespace:
+                          description: Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
+                          type: string
+                      required:
+                      - kind
+                      - name
+                      type: object
+                    type: array
+                required:
+                - roleRef
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/iam.kubesphere.io_federatedroles.yaml
+++ b/config/crds/iam.kubesphere.io_federatedroles.yaml
@@ -0,0 +1,104 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedroles.iam.kubesphere.io
+spec:
+  group: iam.kubesphere.io
+  names:
+    kind: FederatedRole
+    listKind: FederatedRoleList
+    plural: federatedroles
+    singular: federatedrole
+  scope: Namespaced
+  versions:
+  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              placement:
+                properties:
+                  clusterSelector:
+                    properties:
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  metadata:
+                    type: object
+                  rules:
+                    items:
+                      description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
+                      properties:
+                        apiGroups:
+                          description: APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
+                          items:
+                            type: string
+                          type: array
+                        nonResourceURLs:
+                          description: NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
+                          items:
+                            type: string
+                          type: array
+                        resourceNames:
+                          description: ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
+                          items:
+                            type: string
+                          type: array
+                        resources:
+                          description: Resources is a list of resources this rule applies to.  ResourceAll represents all resources.
+                          items:
+                            type: string
+                          type: array
+                        verbs:
+                          description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - verbs
+                      type: object
+                    type: array
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/iam.kubesphere.io_federatedusers.yaml
+++ b/config/crds/iam.kubesphere.io_federatedusers.yaml
@@ -0,0 +1,113 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedusers.iam.kubesphere.io
+spec:
+  group: iam.kubesphere.io
+  names:
+    kind: FederatedUser
+    listKind: FederatedUserList
+    plural: federatedusers
+    singular: federateduser
+  scope: Namespaced
+  versions:
+  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              placement:
+                properties:
+                  clusterSelector:
+                    properties:
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  metadata:
+                    type: object
+                  spec:
+                    description: UserSpec defines the desired state of User
+                    properties:
+                      description:
+                        description: Description of the user.
+                        type: string
+                      displayName:
+                        type: string
+                      email:
+                        description: Unique email address(https://www.ietf.org/rfc/rfc5322.txt).
+                        type: string
+                      groups:
+                        items:
+                          type: string
+                        type: array
+                      lang:
+                        description: The preferred written or spoken language for the user.
+                        type: string
+                      password:
+                        description: password will be encrypted by mutating admission webhook
+                        type: string
+                    required:
+                    - email
+                    type: object
+                  status:
+                    description: UserStatus defines the observed state of User
+                    properties:
+                      lastLoginTime:
+                        description: Last login attempt timestamp
+                        format: date-time
+                        type: string
+                      lastTransitionTime:
+                        format: date-time
+                        type: string
+                      reason:
+                        type: string
+                      state:
+                        description: The user status
+                        type: string
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/iam.kubesphere.io_globalrolebindings.yaml
+++ b/config/crds/iam.kubesphere.io_globalrolebindings.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -17,78 +17,62 @@ spec:
    plural: globalrolebindings
    singular: globalrolebinding
  scope: Cluster
-  validation:
-    openAPIV3Schema:
-      description: GlobalRoleBinding is the Schema for the globalrolebindings API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          description: Standard object's metadata.
-          type: object
-        roleRef:
-          description: RoleRef can only reference a GlobalRole. If the RoleRef cannot
-            be resolved, the Authorizer must return an error.
-          properties:
-            apiGroup:
-              description: APIGroup is the group for the resource being referenced
-              type: string
-            kind:
-              description: Kind is the type of resource being referenced
-              type: string
-            name:
-              description: Name is the name of resource being referenced
-              type: string
-          required:
-          - apiGroup
-          - kind
-          - name
-          type: object
-        subjects:
-          description: Subjects holds references to the objects the role applies to.
-          items:
-            description: Subject contains a reference to the object or user identities
-              a role binding applies to.  This can either hold a direct API object
-              reference, or a value for non-objects such as user and group names.
+  versions:
+  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: GlobalRoleBinding is the Schema for the globalrolebindings API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          roleRef:
+            description: RoleRef can only reference a GlobalRole. If the RoleRef cannot be resolved, the Authorizer must return an error.
            properties:
              apiGroup:
-                description: APIGroup holds the API group of the referenced subject.
-                  Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
-                  for User and Group subjects.
+                description: APIGroup is the group for the resource being referenced
                type: string
              kind:
-                description: Kind of object being referenced. Values defined by this
-                  API group are "User", "Group", and "ServiceAccount". If the Authorizer
-                  does not recognized the kind value, the Authorizer should report
-                  an error.
+                description: Kind is the type of resource being referenced
                type: string
              name:
-                description: Name of the object being referenced.
-                type: string
-              namespace:
-                description: Namespace of the referenced object.  If the object kind
-                  is non-namespace, such as "User" or "Group", and this value is not
-                  empty the Authorizer should report an error.
+                description: Name is the name of resource being referenced
                type: string
            required:
+            - apiGroup
            - kind
            - name
            type: object
-          type: array
-      required:
-      - roleRef
-      type: object
-  version: v1alpha2
-  versions:
-  - name: v1alpha2
+          subjects:
+            description: Subjects holds references to the objects the role applies to.
+            items:
+              description: Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
+              properties:
+                apiGroup:
+                  description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+                  type: string
+                kind:
+                  description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+                  type: string
+                name:
+                  description: Name of the object being referenced.
+                  type: string
+                namespace:
+                  description: Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
+                  type: string
+              required:
+              - kind
+              - name
+              type: object
+            type: array
+        required:
+        - roleRef
+        type: object
    served: true
    storage: true
 status:
--- a/config/crds/iam.kubesphere.io_globalroles.yaml
+++ b/config/crds/iam.kubesphere.io_globalroles.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -17,74 +17,54 @@ spec:
    plural: globalroles
    singular: globalrole
  scope: Cluster
-  validation:
-    openAPIV3Schema:
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          description: Standard object's metadata.
-          type: object
-        rules:
-          description: Rules holds all the PolicyRules for this GlobalRole
-          items:
-            description: PolicyRule holds information that describes a policy rule,
-              but does not contain information about who the rule applies to or which
-              namespace the rule applies to.
-            properties:
-              apiGroups:
-                description: APIGroups is the name of the APIGroup that contains the
-                  resources.  If multiple API groups are specified, any action requested
-                  against one of the enumerated resources in any API group will be
-                  allowed.
-                items:
-                  type: string
-                type: array
-              nonResourceURLs:
-                description: NonResourceURLs is a set of partial urls that a user
-                  should have access to.  *s are allowed, but only as the full, final
-                  step in the path Since non-resource URLs are not namespaced, this
-                  field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
-                  Rules can either apply to API resources (such as "pods" or "secrets")
-                  or non-resource URL paths (such as "/api"),  but not both.
-                items:
-                  type: string
-                type: array
-              resourceNames:
-                description: ResourceNames is an optional white list of names that
-                  the rule applies to.  An empty set means that everything is allowed.
-                items:
-                  type: string
-                type: array
-              resources:
-                description: Resources is a list of resources this rule applies to.  ResourceAll
-                  represents all resources.
-                items:
-                  type: string
-                type: array
-              verbs:
-                description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
-                  and AttributeRestrictions contained in this rule.  VerbAll represents
-                  all kinds.
-                items:
-                  type: string
-                type: array
-            required:
-            - verbs
-            type: object
-          type: array
-      type: object
-  version: v1alpha2
  versions:
  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          rules:
+            description: Rules holds all the PolicyRules for this GlobalRole
+            items:
+              description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
+              properties:
+                apiGroups:
+                  description: APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
+                  items:
+                    type: string
+                  type: array
+                nonResourceURLs:
+                  description: NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
+                  items:
+                    type: string
+                  type: array
+                resourceNames:
+                  description: ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
+                  items:
+                    type: string
+                  type: array
+                resources:
+                  description: Resources is a list of resources this rule applies to.  ResourceAll represents all resources.
+                  items:
+                    type: string
+                  type: array
+                verbs:
+                  description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
+                  items:
+                    type: string
+                  type: array
+              required:
+              - verbs
+              type: object
+            type: array
+        type: object
    served: true
    storage: true
 status:
--- a/config/crds/iam.kubesphere.io_groupbindings.yaml
+++ b/config/crds/iam.kubesphere.io_groupbindings.yaml
@@ -0,0 +1,64 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: groupbindings.iam.kubesphere.io
+spec:
+  group: iam.kubesphere.io
+  names:
+    categories:
+    - group
+    kind: GroupBinding
+    listKind: GroupBindingList
+    plural: groupbindings
+    singular: groupbinding
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .groupRef.name
+      name: Group
+      type: string
+    - jsonPath: .users
+      name: Users
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: GroupBinding is the Schema for the groupbindings API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          groupRef:
+            description: GroupRef defines the desired relation of GroupBinding
+            properties:
+              apiGroup:
+                type: string
+              kind:
+                type: string
+              name:
+                type: string
+            type: object
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          users:
+            items:
+              type: string
+            type: array
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/iam.kubesphere.io_groups.yaml
+++ b/config/crds/iam.kubesphere.io_groups.yaml
@@ -0,0 +1,53 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: groups.iam.kubesphere.io
+spec:
+  group: iam.kubesphere.io
+  names:
+    categories:
+    - group
+    kind: Group
+    listKind: GroupList
+    plural: groups
+    singular: group
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.labels.kubesphere\.io/workspace
+      name: Workspace
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: Group is the Schema for the groups API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GroupSpec defines the desired state of Group
+            type: object
+          status:
+            description: GroupStatus defines the observed state of Group
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/iam.kubesphere.io_loginrecords.yaml
+++ b/config/crds/iam.kubesphere.io_loginrecords.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -8,25 +8,6 @@ metadata:
  creationTimestamp: null
  name: loginrecords.iam.kubesphere.io
 spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.type
-    name: Type
-    type: string
-  - JSONPath: .spec.provider
-    name: Provider
-    type: string
-  - JSONPath: .spec.sourceIP
-    name: From
-    type: string
-  - JSONPath: .spec.success
-    name: Success
-    type: string
-  - JSONPath: .spec.reason
-    name: Reason
-    type: string
-  - JSONPath: .metadata.creationTimestamp
-    name: Age
-    type: date
  group: iam.kubesphere.io
  names:
    categories:
@@ -36,57 +17,71 @@ spec:
    plural: loginrecords
    singular: loginrecord
  scope: Cluster
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          properties:
-            provider:
-              description: Provider of authentication, Ldap/Github etc.
-              type: string
-            reason:
-              description: States failed login attempt reason
-              type: string
-            sourceIP:
-              description: Source IP of client
-              type: string
-            success:
-              description: Successful login attempt or not
-              type: boolean
-            type:
-              description: Which authentication method used, BasicAuth/OAuth
-              type: string
-            userAgent:
-              description: User agent of login attempt
-              type: string
-          required:
-          - provider
-          - reason
-          - sourceIP
-          - success
-          - type
-          type: object
-      required:
-      - spec
-      type: object
-  version: v1alpha2
  versions:
-  - name: v1alpha2
+  - additionalPrinterColumns:
+    - jsonPath: .spec.type
+      name: Type
+      type: string
+    - jsonPath: .spec.provider
+      name: Provider
+      type: string
+    - jsonPath: .spec.sourceIP
+      name: From
+      type: string
+    - jsonPath: .spec.success
+      name: Success
+      type: string
+    - jsonPath: .spec.reason
+      name: Reason
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              provider:
+                description: Provider of authentication, Ldap/Github etc.
+                type: string
+              reason:
+                description: States failed login attempt reason
+                type: string
+              sourceIP:
+                description: Source IP of client
+                type: string
+              success:
+                description: Successful login attempt or not
+                type: boolean
+              type:
+                description: Which authentication method used, BasicAuth/OAuth
+                type: string
+              userAgent:
+                description: User agent of login attempt
+                type: string
+            required:
+            - provider
+            - reason
+            - sourceIP
+            - success
+            - type
+            type: object
+        required:
+        - spec
+        type: object
    served: true
    storage: true
+    subresources: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/iam.kubesphere.io_rolebases.yaml
+++ b/config/crds/iam.kubesphere.io_rolebases.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -17,29 +17,24 @@ spec:
    plural: rolebases
    singular: rolebase
  scope: Cluster
-  validation:
-    openAPIV3Schema:
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        role:
-          type: object
-      required:
-      - role
-      type: object
-  version: v1alpha2
  versions:
  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          role:
+            type: object
+        required:
+        - role
+        type: object
    served: true
    storage: true
 status:
--- a/config/crds/iam.kubesphere.io_users.yaml
+++ b/config/crds/iam.kubesphere.io_users.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -8,13 +8,6 @@ metadata:
  creationTimestamp: null
  name: users.iam.kubesphere.io
 spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.email
-    name: Email
-    type: string
-  - JSONPath: .status.state
-    name: Status
-    type: string
  group: iam.kubesphere.io
  names:
    categories:
@@ -24,72 +17,73 @@ spec:
    plural: users
    singular: user
  scope: Cluster
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      description: User is the Schema for the users API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          description: Standard object's metadata.
-          type: object
-        spec:
-          description: UserSpec defines the desired state of User
-          properties:
-            description:
-              description: Description of the user.
-              type: string
-            displayName:
-              type: string
-            email:
-              description: Unique email address(https://www.ietf.org/rfc/rfc5322.txt).
-              type: string
-            groups:
-              items:
-                type: string
-              type: array
-            lang:
-              description: The preferred written or spoken language for the user.
-              type: string
-            password:
-              description: password will be encrypted by mutating admission webhook
-              type: string
-          required:
-          - email
-          type: object
-        status:
-          description: UserStatus defines the observed state of User
-          properties:
-            lastLoginTime:
-              description: Last login attempt timestamp
-              format: date-time
-              type: string
-            lastTransitionTime:
-              format: date-time
-              type: string
-            reason:
-              type: string
-            state:
-              description: The user status
-              type: string
-          type: object
-      required:
-      - spec
-      type: object
-  version: v1alpha2
  versions:
-  - name: v1alpha2
+  - additionalPrinterColumns:
+    - jsonPath: .spec.email
+      name: Email
+      type: string
+    - jsonPath: .status.state
+      name: Status
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: User is the Schema for the users API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: UserSpec defines the desired state of User
+            properties:
+              description:
+                description: Description of the user.
+                type: string
+              displayName:
+                type: string
+              email:
+                description: Unique email address(https://www.ietf.org/rfc/rfc5322.txt).
+                type: string
+              groups:
+                items:
+                  type: string
+                type: array
+              lang:
+                description: The preferred written or spoken language for the user.
+                type: string
+              password:
+                description: password will be encrypted by mutating admission webhook
+                type: string
+            required:
+            - email
+            type: object
+          status:
+            description: UserStatus defines the observed state of User
+            properties:
+              lastLoginTime:
+                description: Last login attempt timestamp
+                format: date-time
+                type: string
+              lastTransitionTime:
+                format: date-time
+                type: string
+              reason:
+                type: string
+              state:
+                description: The user status
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
    served: true
    storage: true
+    subresources: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/iam.kubesphere.io_workspacerolebindings.yaml
+++ b/config/crds/iam.kubesphere.io_workspacerolebindings.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -8,10 +8,6 @@ metadata:
  creationTimestamp: null
  name: workspacerolebindings.iam.kubesphere.io
 spec:
-  additionalPrinterColumns:
-  - JSONPath: .metadata.labels.kubesphere\.io/workspace
-    name: Workspace
-    type: string
  group: iam.kubesphere.io
  names:
    categories:
@@ -21,81 +17,69 @@ spec:
    plural: workspacerolebindings
    singular: workspacerolebinding
  scope: Cluster
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      description: WorkspaceRoleBinding is the Schema for the workspacerolebindings
-        API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        roleRef:
-          description: RoleRef can only reference a WorkspaceRole. If the RoleRef
-            cannot be resolved, the Authorizer must return an error.
-          properties:
-            apiGroup:
-              description: APIGroup is the group for the resource being referenced
-              type: string
-            kind:
-              description: Kind is the type of resource being referenced
-              type: string
-            name:
-              description: Name is the name of resource being referenced
-              type: string
-          required:
-          - apiGroup
-          - kind
-          - name
-          type: object
-        subjects:
-          description: Subjects holds references to the objects the role applies to.
-          items:
-            description: Subject contains a reference to the object or user identities
-              a role binding applies to.  This can either hold a direct API object
-              reference, or a value for non-objects such as user and group names.
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.labels.kubesphere\.io/workspace
+      name: Workspace
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: WorkspaceRoleBinding is the Schema for the workspacerolebindings API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          roleRef:
+            description: RoleRef can only reference a WorkspaceRole. If the RoleRef cannot be resolved, the Authorizer must return an error.
            properties:
              apiGroup:
-                description: APIGroup holds the API group of the referenced subject.
-                  Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
-                  for User and Group subjects.
+                description: APIGroup is the group for the resource being referenced
                type: string
              kind:
-                description: Kind of object being referenced. Values defined by this
-                  API group are "User", "Group", and "ServiceAccount". If the Authorizer
-                  does not recognized the kind value, the Authorizer should report
-                  an error.
+                description: Kind is the type of resource being referenced
                type: string
              name:
-                description: Name of the object being referenced.
-                type: string
-              namespace:
-                description: Namespace of the referenced object.  If the object kind
-                  is non-namespace, such as "User" or "Group", and this value is not
-                  empty the Authorizer should report an error.
+                description: Name is the name of resource being referenced
                type: string
            required:
+            - apiGroup
            - kind
            - name
            type: object
-          type: array
-      required:
-      - roleRef
-      type: object
-  version: v1alpha2
-  versions:
-  - name: v1alpha2
+          subjects:
+            description: Subjects holds references to the objects the role applies to.
+            items:
+              description: Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
+              properties:
+                apiGroup:
+                  description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+                  type: string
+                kind:
+                  description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+                  type: string
+                name:
+                  description: Name of the object being referenced.
+                  type: string
+                namespace:
+                  description: Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
+                  type: string
+              required:
+              - kind
+              - name
+              type: object
+            type: array
+        required:
+        - roleRef
+        type: object
    served: true
    storage: true
+    subresources: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/iam.kubesphere.io_workspaceroles.yaml
+++ b/config/crds/iam.kubesphere.io_workspaceroles.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -8,13 +8,6 @@ metadata:
  creationTimestamp: null
  name: workspaceroles.iam.kubesphere.io
 spec:
-  additionalPrinterColumns:
-  - JSONPath: .metadata.labels.kubesphere\.io/workspace
-    name: Workspace
-    type: string
-  - JSONPath: .metadata.annotations.kubesphere\.io/alias-name
-    name: Alias
-    type: string
  group: iam.kubesphere.io
  names:
    categories:
@@ -24,77 +17,64 @@ spec:
    plural: workspaceroles
    singular: workspacerole
  scope: Cluster
-  subresources: {}
-  validation:
-    openAPIV3Schema:
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          description: Standard object's metadata.
-          type: object
-        rules:
-          description: Rules holds all the PolicyRules for this WorkspaceRole
-          items:
-            description: PolicyRule holds information that describes a policy rule,
-              but does not contain information about who the rule applies to or which
-              namespace the rule applies to.
-            properties:
-              apiGroups:
-                description: APIGroups is the name of the APIGroup that contains the
-                  resources.  If multiple API groups are specified, any action requested
-                  against one of the enumerated resources in any API group will be
-                  allowed.
-                items:
-                  type: string
-                type: array
-              nonResourceURLs:
-                description: NonResourceURLs is a set of partial urls that a user
-                  should have access to.  *s are allowed, but only as the full, final
-                  step in the path Since non-resource URLs are not namespaced, this
-                  field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
-                  Rules can either apply to API resources (such as "pods" or "secrets")
-                  or non-resource URL paths (such as "/api"),  but not both.
-                items:
-                  type: string
-                type: array
-              resourceNames:
-                description: ResourceNames is an optional white list of names that
-                  the rule applies to.  An empty set means that everything is allowed.
-                items:
-                  type: string
-                type: array
-              resources:
-                description: Resources is a list of resources this rule applies to.  ResourceAll
-                  represents all resources.
-                items:
-                  type: string
-                type: array
-              verbs:
-                description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
-                  and AttributeRestrictions contained in this rule.  VerbAll represents
-                  all kinds.
-                items:
-                  type: string
-                type: array
-            required:
-            - verbs
-            type: object
-          type: array
-      type: object
-  version: v1alpha2
  versions:
-  - name: v1alpha2
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.labels.kubesphere\.io/workspace
+      name: Workspace
+      type: string
+    - jsonPath: .metadata.annotations.kubesphere\.io/alias-name
+      name: Alias
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          rules:
+            description: Rules holds all the PolicyRules for this WorkspaceRole
+            items:
+              description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
+              properties:
+                apiGroups:
+                  description: APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
+                  items:
+                    type: string
+                  type: array
+                nonResourceURLs:
+                  description: NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
+                  items:
+                    type: string
+                  type: array
+                resourceNames:
+                  description: ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
+                  items:
+                    type: string
+                  type: array
+                resources:
+                  description: Resources is a list of resources this rule applies to.  ResourceAll represents all resources.
+                  items:
+                    type: string
+                  type: array
+                verbs:
+                  description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
+                  items:
+                    type: string
+                  type: array
+              required:
+              - verbs
+              type: object
+            type: array
+        type: object
    served: true
    storage: true
+    subresources: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/monitoring.kubesphere.io_clusterdashboards.yaml
+++ b/config/crds/monitoring.kubesphere.io_clusterdashboards.yaml
@@ -0,0 +1,184 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
+  creationTimestamp: null
+  name: clusterdashboards.monitoring.kubesphere.io
+spec:
+  group: monitoring.kubesphere.io
+  names:
+    kind: ClusterDashboard
+    listKind: ClusterDashboardList
+    plural: clusterdashboards
+    singular: clusterdashboard
+  scope: Cluster
+  validation:
+    openAPIV3Schema:
+      description: ClusterDashboard is the Schema for the culsterdashboards API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: DashboardSpec defines the desired state of Dashboard
+          properties:
+            datasource:
+              description: Dashboard datasource
+              type: string
+            description:
+              description: Dashboard description
+              type: string
+            panels:
+              description: Collection of panels. Panel is one of [Row](row.md), [Singlestat](#singlestat.md)
+                or [Graph](graph.md)
+              items:
+                description: Supported panel type
+                properties:
+                  bars:
+                    description: Display as a bar chart
+                    type: boolean
+                  colors:
+                    description: Set series color
+                    items:
+                      type: string
+                    type: array
+                  decimals:
+                    description: Limit the decimal numbers
+                    format: int64
+                    type: integer
+                  description:
+                    description: Panel description
+                    type: string
+                  format:
+                    description: Display unit
+                    type: string
+                  id:
+                    description: Panel ID
+                    format: int64
+                    type: integer
+                  lines:
+                    description: Display as a line chart
+                    type: boolean
+                  stack:
+                    description: Display as a stacked chart
+                    type: boolean
+                  targets:
+                    allOf:
+                    - items:
+                        description: Query editor options
+                        properties:
+                          expr:
+                            description: Input for fetching metrics.
+                            type: string
+                          legendFormat:
+                            description: Legend format for outputs. You can make a
+                              dynamic legend with templating variables.
+                            type: string
+                          refId:
+                            description: Reference ID
+                            format: int64
+                            type: integer
+                          step:
+                            description: Set series time interval
+                            type: string
+                        type: object
+                    - items:
+                        description: Query editor options
+                        properties:
+                          expr:
+                            description: Input for fetching metrics.
+                            type: string
+                          legendFormat:
+                            description: Legend format for outputs. You can make a
+                              dynamic legend with templating variables.
+                            type: string
+                          refId:
+                            description: Reference ID
+                            format: int64
+                            type: integer
+                          step:
+                            description: Set series time interval
+                            type: string
+                        type: object
+                    description: A collection of queries
+                    type: array
+                  title:
+                    description: Name of the row panel
+                    type: string
+                  type:
+                    description: Must be `row`
+                    type: string
+                  yaxes:
+                    description: Y-axis options
+                    items:
+                      properties:
+                        decimals:
+                          description: Limit the decimal numbers
+                          format: int64
+                          type: integer
+                        format:
+                          description: Display unit
+                          type: string
+                      type: object
+                    type: array
+                required:
+                - type
+                type: object
+              type: array
+            templating:
+              description: Templating variables
+              items:
+                description: Templating defines a variable, which can be used as a
+                  placeholder in query
+                properties:
+                  name:
+                    description: Variable name
+                    type: string
+                  query:
+                    description: Set variable values to be the return result of the
+                      query
+                    type: string
+                type: object
+              type: array
+            time:
+              description: Time range for display
+              properties:
+                from:
+                  description: Start time in the format of `^now([+-][0-9]+[smhdwMy])?$`,
+                    eg. `now-1M`. It denotes the end time is set to the last month
+                    since now.
+                  type: string
+                to:
+                  description: End time in the format of `^now([+-][0-9]+[smhdwMy])?$`,
+                    eg. `now-1M`. It denotes the start time is set to the last month
+                    since now.
+                  type: string
+              type: object
+            title:
+              description: Dashboard title
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/monitoring.kubesphere.io_dashboards.yaml
+++ b/config/crds/monitoring.kubesphere.io_dashboards.yaml
@@ -0,0 +1,184 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
+  creationTimestamp: null
+  name: dashboards.monitoring.kubesphere.io
+spec:
+  group: monitoring.kubesphere.io
+  names:
+    kind: Dashboard
+    listKind: DashboardList
+    plural: dashboards
+    singular: dashboard
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      description: Dashboard is the Schema for the dashboards API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: DashboardSpec defines the desired state of Dashboard
+          properties:
+            datasource:
+              description: Dashboard datasource
+              type: string
+            description:
+              description: Dashboard description
+              type: string
+            panels:
+              description: Collection of panels. Panel is one of [Row](row.md), [Singlestat](#singlestat.md)
+                or [Graph](graph.md)
+              items:
+                description: Supported panel type
+                properties:
+                  bars:
+                    description: Display as a bar chart
+                    type: boolean
+                  colors:
+                    description: Set series color
+                    items:
+                      type: string
+                    type: array
+                  decimals:
+                    description: Limit the decimal numbers
+                    format: int64
+                    type: integer
+                  description:
+                    description: Panel description
+                    type: string
+                  format:
+                    description: Display unit
+                    type: string
+                  id:
+                    description: Panel ID
+                    format: int64
+                    type: integer
+                  lines:
+                    description: Display as a line chart
+                    type: boolean
+                  stack:
+                    description: Display as a stacked chart
+                    type: boolean
+                  targets:
+                    allOf:
+                    - items:
+                        description: Query editor options
+                        properties:
+                          expr:
+                            description: Input for fetching metrics.
+                            type: string
+                          legendFormat:
+                            description: Legend format for outputs. You can make a
+                              dynamic legend with templating variables.
+                            type: string
+                          refId:
+                            description: Reference ID
+                            format: int64
+                            type: integer
+                          step:
+                            description: Set series time interval
+                            type: string
+                        type: object
+                    - items:
+                        description: Query editor options
+                        properties:
+                          expr:
+                            description: Input for fetching metrics.
+                            type: string
+                          legendFormat:
+                            description: Legend format for outputs. You can make a
+                              dynamic legend with templating variables.
+                            type: string
+                          refId:
+                            description: Reference ID
+                            format: int64
+                            type: integer
+                          step:
+                            description: Set series time interval
+                            type: string
+                        type: object
+                    description: A collection of queries
+                    type: array
+                  title:
+                    description: Name of the row panel
+                    type: string
+                  type:
+                    description: Must be `row`
+                    type: string
+                  yaxes:
+                    description: Y-axis options
+                    items:
+                      properties:
+                        decimals:
+                          description: Limit the decimal numbers
+                          format: int64
+                          type: integer
+                        format:
+                          description: Display unit
+                          type: string
+                      type: object
+                    type: array
+                required:
+                - type
+                type: object
+              type: array
+            templating:
+              description: Templating variables
+              items:
+                description: Templating defines a variable, which can be used as a
+                  placeholder in query
+                properties:
+                  name:
+                    description: Variable name
+                    type: string
+                  query:
+                    description: Set variable values to be the return result of the
+                      query
+                    type: string
+                type: object
+              type: array
+            time:
+              description: Time range for display
+              properties:
+                from:
+                  description: Start time in the format of `^now([+-][0-9]+[smhdwMy])?$`,
+                    eg. `now-1M`. It denotes the end time is set to the last month
+                    since now.
+                  type: string
+                to:
+                  description: End time in the format of `^now([+-][0-9]+[smhdwMy])?$`,
+                    eg. `now-1M`. It denotes the start time is set to the last month
+                    since now.
+                  type: string
+              type: object
+            title:
+              description: Dashboard title
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/network.kubesphere.io_ipamblocks.yaml
+++ b/config/crds/network.kubesphere.io_ipamblocks.yaml
@@ -0,0 +1,76 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: ipamblocks.network.kubesphere.io
+spec:
+  group: network.kubesphere.io
+  names:
+    kind: IPAMBlock
+    listKind: IPAMBlockList
+    plural: ipamblocks
+    singular: ipamblock
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of the IPAMBlock.
+            properties:
+              allocations:
+                items:
+                  type: integer
+                type: array
+              attributes:
+                items:
+                  properties:
+                    handle_id:
+                      type: string
+                    secondary:
+                      additionalProperties:
+                        type: string
+                      type: object
+                  type: object
+                type: array
+              cidr:
+                type: string
+              deleted:
+                type: boolean
+              id:
+                format: int32
+                type: integer
+              unallocated:
+                items:
+                  type: integer
+                type: array
+            required:
+            - allocations
+            - attributes
+            - cidr
+            - deleted
+            - id
+            - unallocated
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/network.kubesphere.io_ipamhandles.yaml
+++ b/config/crds/network.kubesphere.io_ipamhandles.yaml
@@ -0,0 +1,55 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: ipamhandles.network.kubesphere.io
+spec:
+  group: network.kubesphere.io
+  names:
+    kind: IPAMHandle
+    listKind: IPAMHandleList
+    plural: ipamhandles
+    singular: ipamhandle
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of the IPAMHandle.
+            properties:
+              block:
+                additionalProperties:
+                  type: integer
+                type: object
+              deleted:
+                type: boolean
+              handleID:
+                type: string
+            required:
+            - block
+            - deleted
+            - handleID
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/network.kubesphere.io_ippools.yaml
+++ b/config/crds/network.kubesphere.io_ippools.yaml
@@ -0,0 +1,130 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: ippools.network.kubesphere.io
+spec:
+  group: network.kubesphere.io
+  names:
+    kind: IPPool
+    listKind: IPPoolList
+    plural: ippools
+    singular: ippool
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              blockSize:
+                description: The block size to use for IP address assignments from this pool. Defaults to 26 for IPv4 and 112 for IPv6.
+                type: integer
+              cidr:
+                description: The pool CIDR.
+                type: string
+              disabled:
+                description: When disabled is true, IPAM will not assign addresses from this pool.
+                type: boolean
+              dns:
+                description: DNS contains values interesting for DNS resolvers
+                properties:
+                  domain:
+                    type: string
+                  nameservers:
+                    items:
+                      type: string
+                    type: array
+                  options:
+                    items:
+                      type: string
+                    type: array
+                  search:
+                    items:
+                      type: string
+                    type: array
+                type: object
+              gateway:
+                type: string
+              rangeEnd:
+                description: The last ip, inclusive
+                type: string
+              rangeStart:
+                description: The first ip, inclusive
+                type: string
+              routes:
+                items:
+                  properties:
+                    dst:
+                      type: string
+                    gateway:
+                      type: string
+                  type: object
+                type: array
+              type:
+                type: string
+              vlanConfig:
+                properties:
+                  master:
+                    type: string
+                  vlanId:
+                    format: int32
+                    type: integer
+                required:
+                - master
+                - vlanId
+                type: object
+            required:
+            - cidr
+            - type
+            type: object
+          status:
+            properties:
+              allocations:
+                type: integer
+              capacity:
+                type: integer
+              reserved:
+                type: integer
+              synced:
+                type: boolean
+              unallocated:
+                type: integer
+              workspaces:
+                additionalProperties:
+                  properties:
+                    allocations:
+                      type: integer
+                  required:
+                  - allocations
+                  type: object
+                type: object
+            required:
+            - allocations
+            - capacity
+            - unallocated
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/network.kubesphere.io_namespacenetworkpolicies.yaml
+++ b/config/crds/network.kubesphere.io_namespacenetworkpolicies.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -19,236 +19,156 @@ spec:
    - nsnp
    singular: namespacenetworkpolicy
  scope: Namespaced
-  validation:
-    openAPIV3Schema:
-      description: NamespaceNetworkPolicy is the Schema for the namespacenetworkpolicies
-        API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: NamespaceNetworkPolicySpec provides the specification of a
-            NamespaceNetworkPolicy
-          properties:
-            egress:
-              description: List of egress rules to be applied to the selected pods.
-                Outgoing traffic is allowed if there are no NetworkPolicies selecting
-                the pod (and cluster policy otherwise allows the traffic), OR if the
-                traffic matches at least one egress rule across all of the NetworkPolicy
-                objects whose podSelector matches the pod. If this field is empty
-                then this NetworkPolicy limits all outgoing traffic (and serves solely
-                to ensure that the pods it selects are isolated by default). This
-                field is beta-level in 1.8
-              items:
-                description: NetworkPolicyEgressRule describes a particular set of
-                  traffic that is allowed out of pods matched by a NetworkPolicySpec's
-                  podSelector. The traffic must match both ports and to. This type
-                  is beta-level in 1.8
-                properties:
-                  ports:
-                    description: List of destination ports for outgoing traffic. Each
-                      item in this list is combined using a logical OR. If this field
-                      is empty or missing, this rule matches all ports (traffic not
-                      restricted by port). If this field is present and contains at
-                      least one item, then this rule allows traffic only if the traffic
-                      matches at least one port in the list.
-                    items:
-                      description: NetworkPolicyPort describes a port to allow traffic
-                        on
-                      properties:
-                        port:
-                          anyOf:
-                          - type: integer
-                          - type: string
-                          description: The port on the given protocol. This can either
-                            be a numerical or named port on a pod. If this field is
-                            not provided, this matches all port names and numbers.
-                          x-kubernetes-int-or-string: true
-                        protocol:
-                          description: The protocol (TCP, UDP, or SCTP) which traffic
-                            must match. If not specified, this field defaults to TCP.
-                          type: string
-                      type: object
-                    type: array
-                  to:
-                    description: List of destinations for outgoing traffic of pods
-                      selected for this rule. Items in this list are combined using
-                      a logical OR operation. If this field is empty or missing, this
-                      rule matches all destinations (traffic not restricted by destination).
-                      If this field is present and contains at least one item, this
-                      rule allows traffic only if the traffic matches at least one
-                      item in the to list.
-                    items:
-                      description: NetworkPolicyPeer describes a peer to allow traffic
-                        from. Only certain combinations of fields are allowed
-                      properties:
-                        ipBlock:
-                          description: IPBlock defines policy on a particular IPBlock.
-                            If this field is set then neither of the other fields
-                            can be.
-                          properties:
-                            cidr:
-                              description: CIDR is a string representing the IP Block
-                                Valid examples are "192.168.1.1/24"
-                              type: string
-                            except:
-                              description: Except is a slice of CIDRs that should
-                                not be included within an IP Block Valid examples
-                                are "192.168.1.1/24" Except values will be rejected
-                                if they are outside the CIDR range
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - cidr
-                          type: object
-                        namespace:
-                          properties:
-                            name:
-                              type: string
-                          required:
-                          - name
-                          type: object
-                        service:
-                          properties:
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                          required:
-                          - name
-                          - namespace
-                          type: object
-                      type: object
-                    type: array
-                type: object
-              type: array
-            ingress:
-              description: List of ingress rules to be applied to the selected pods.
-                Traffic is allowed to a pod if there are no NetworkPolicies selecting
-                the pod (and cluster policy otherwise allows the traffic), OR if the
-                traffic source is the pod's local node, OR if the traffic matches
-                at least one ingress rule across all of the NetworkPolicy objects
-                whose podSelector matches the pod. If this field is empty then this
-                NetworkPolicy does not allow any traffic (and serves solely to ensure
-                that the pods it selects are isolated by default)
-              items:
-                description: NetworkPolicyIngressRule describes a particular set of
-                  traffic that is allowed to the pods matched by a NetworkPolicySpec's
-                  podSelector. The traffic must match both ports and from.
-                properties:
-                  from:
-                    description: List of sources which should be able to access the
-                      pods selected for this rule. Items in this list are combined
-                      using a logical OR operation. If this field is empty or missing,
-                      this rule matches all sources (traffic not restricted by source).
-                      If this field is present and contains at least one item, this
-                      rule allows traffic only if the traffic matches at least one
-                      item in the from list.
-                    items:
-                      description: NetworkPolicyPeer describes a peer to allow traffic
-                        from. Only certain combinations of fields are allowed
-                      properties:
-                        ipBlock:
-                          description: IPBlock defines policy on a particular IPBlock.
-                            If this field is set then neither of the other fields
-                            can be.
-                          properties:
-                            cidr:
-                              description: CIDR is a string representing the IP Block
-                                Valid examples are "192.168.1.1/24"
-                              type: string
-                            except:
-                              description: Except is a slice of CIDRs that should
-                                not be included within an IP Block Valid examples
-                                are "192.168.1.1/24" Except values will be rejected
-                                if they are outside the CIDR range
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - cidr
-                          type: object
-                        namespace:
-                          properties:
-                            name:
-                              type: string
-                          required:
-                          - name
-                          type: object
-                        service:
-                          properties:
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                          required:
-                          - name
-                          - namespace
-                          type: object
-                      type: object
-                    type: array
-                  ports:
-                    description: List of ports which should be made accessible on
-                      the pods selected for this rule. Each item in this list is combined
-                      using a logical OR. If this field is empty or missing, this
-                      rule matches all ports (traffic not restricted by port). If
-                      this field is present and contains at least one item, then this
-                      rule allows traffic only if the traffic matches at least one
-                      port in the list.
-                    items:
-                      description: NetworkPolicyPort describes a port to allow traffic
-                        on
-                      properties:
-                        port:
-                          anyOf:
-                          - type: integer
-                          - type: string
-                          description: The port on the given protocol. This can either
-                            be a numerical or named port on a pod. If this field is
-                            not provided, this matches all port names and numbers.
-                          x-kubernetes-int-or-string: true
-                        protocol:
-                          description: The protocol (TCP, UDP, or SCTP) which traffic
-                            must match. If not specified, this field defaults to TCP.
-                          type: string
-                      type: object
-                    type: array
-                type: object
-              type: array
-            policyTypes:
-              description: List of rule types that the NetworkPolicy relates to. Valid
-                options are "Ingress", "Egress", or "Ingress,Egress". If this field
-                is not specified, it will default based on the existence of Ingress
-                or Egress rules; policies that contain an Egress section are assumed
-                to affect Egress, and all policies (whether or not they contain an
-                Ingress section) are assumed to affect Ingress. If you want to write
-                an egress-only policy, you must explicitly specify policyTypes [ "Egress"
-                ]. Likewise, if you want to write a policy that specifies that no
-                egress is allowed, you must specify a policyTypes value that include
-                "Egress" (since such a policy would not include an Egress section
-                and would otherwise default to just [ "Ingress" ]). This field is
-                beta-level in 1.8
-              items:
-                description: Policy Type string describes the NetworkPolicy type This
-                  type is beta-level in 1.8
-                type: string
-              type: array
-          type: object
-      type: object
-  version: v1alpha1
+  preserveUnknownFields: false
  versions:
  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: NamespaceNetworkPolicy is the Schema for the namespacenetworkpolicies API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: NamespaceNetworkPolicySpec provides the specification of a NamespaceNetworkPolicy
+            properties:
+              egress:
+                description: List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8
+                items:
+                  description: NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8
+                  properties:
+                    ports:
+                      description: List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+                      items:
+                        description: NetworkPolicyPort describes a port to allow traffic on
+                        properties:
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers.
+                            x-kubernetes-int-or-string: true
+                          protocol:
+                            default: TCP
+                            description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.
+                            type: string
+                        type: object
+                      type: array
+                    to:
+                      description: List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
+                      items:
+                        description: NetworkPolicyPeer describes a peer to allow traffic from. Only certain combinations of fields are allowed
+                        properties:
+                          ipBlock:
+                            description: IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.
+                            properties:
+                              cidr:
+                                description: CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64"
+                                type: string
+                              except:
+                                description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will be rejected if they are outside the CIDR range
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - cidr
+                            type: object
+                          namespace:
+                            properties:
+                              name:
+                                type: string
+                            required:
+                            - name
+                            type: object
+                          service:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                        type: object
+                      type: array
+                  type: object
+                type: array
+              ingress:
+                description: List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)
+                items:
+                  description: NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
+                  properties:
+                    from:
+                      description: List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.
+                      items:
+                        description: NetworkPolicyPeer describes a peer to allow traffic from. Only certain combinations of fields are allowed
+                        properties:
+                          ipBlock:
+                            description: IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.
+                            properties:
+                              cidr:
+                                description: CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64"
+                                type: string
+                              except:
+                                description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will be rejected if they are outside the CIDR range
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - cidr
+                            type: object
+                          namespace:
+                            properties:
+                              name:
+                                type: string
+                            required:
+                            - name
+                            type: object
+                          service:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                        type: object
+                      type: array
+                    ports:
+                      description: List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+                      items:
+                        description: NetworkPolicyPort describes a port to allow traffic on
+                        properties:
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers.
+                            x-kubernetes-int-or-string: true
+                          protocol:
+                            default: TCP
+                            description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.
+                            type: string
+                        type: object
+                      type: array
+                  type: object
+                type: array
+              policyTypes:
+                description: List of rule types that the NetworkPolicy relates to. Valid options are "Ingress", "Egress", or "Ingress,Egress". If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an Egress section and would otherwise default to just [ "Ingress" ]). This field is beta-level in 1.8
+                items:
+                  description: Policy Type string describes the NetworkPolicy type This type is beta-level in 1.8
+                  type: string
+                type: array
+            type: object
+        type: object
    served: true
    storage: true
 status:
--- a/config/crds/notification.kubesphere.io_configs.yaml
+++ b/config/crds/notification.kubesphere.io_configs.yaml
@@ -0,0 +1,283 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: configs.notification.kubesphere.io
+spec:
+  group: notification.kubesphere.io
+  names:
+    categories:
+    - notification-manager
+    kind: Config
+    listKind: ConfigList
+    plural: configs
+    shortNames:
+    - nc
+    singular: config
+  scope: Cluster
+  versions:
+  - name: v2beta1
+    schema:
+      openAPIV3Schema:
+        description: DingTalkConfig is the Schema for the dingtalkconfigs API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ConfigSpec defines the desired state of Config
+            properties:
+              dingtalk:
+                properties:
+                  conversation:
+                    description: Only needed when send alerts to the conversation.
+                    properties:
+                      appkey:
+                        description: The key of the application with which to send messages.
+                        properties:
+                          key:
+                            description: The key of the secret to select from.  Must be a valid secret key.
+                            type: string
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: The namespace of the secret, default to the pod's namespace.
+                            type: string
+                        required:
+                        - key
+                        type: object
+                      appsecret:
+                        description: The key in the secret to be used. Must be a valid secret key.
+                        properties:
+                          key:
+                            description: The key of the secret to select from.  Must be a valid secret key.
+                            type: string
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: The namespace of the secret, default to the pod's namespace.
+                            type: string
+                        required:
+                        - key
+                        type: object
+                    type: object
+                  labels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                type: object
+              email:
+                properties:
+                  authIdentify:
+                    description: The identity for PLAIN authentication.
+                    type: string
+                  authPassword:
+                    description: The secret contains the SMTP password for LOGIN and PLAIN authentications.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be a valid secret key.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: The namespace of the secret, default to the pod's namespace.
+                        type: string
+                    required:
+                    - key
+                    type: object
+                  authSecret:
+                    description: The secret contains the SMTP secret for CRAM-MD5 authentication.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be a valid secret key.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: The namespace of the secret, default to the pod's namespace.
+                        type: string
+                    required:
+                    - key
+                    type: object
+                  authUsername:
+                    description: The username for CRAM-MD5, LOGIN and PLAIN authentications.
+                    type: string
+                  from:
+                    description: The sender address.
+                    type: string
+                  hello:
+                    description: The hostname to use when identifying to the SMTP server.
+                    type: string
+                  labels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  requireTLS:
+                    description: The default SMTP TLS requirement.
+                    type: boolean
+                  smartHost:
+                    description: The address of the SMTP server.
+                    properties:
+                      host:
+                        type: string
+                      port:
+                        type: integer
+                    required:
+                    - host
+                    - port
+                    type: object
+                  tls:
+                    description: TLSConfig configures the options for TLS connections.
+                    properties:
+                      clientCertificate:
+                        description: The certificate of the client.
+                        properties:
+                          cert:
+                            description: The client cert file for the targets.
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must be a valid secret key.
+                                type: string
+                              name:
+                                description: Name of the secret.
+                                type: string
+                              namespace:
+                                description: The namespace of the secret, default to the pod's namespace.
+                                type: string
+                            required:
+                            - key
+                            type: object
+                          key:
+                            description: The client key file for the targets.
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must be a valid secret key.
+                                type: string
+                              name:
+                                description: Name of the secret.
+                                type: string
+                              namespace:
+                                description: The namespace of the secret, default to the pod's namespace.
+                                type: string
+                            required:
+                            - key
+                            type: object
+                        type: object
+                      insecureSkipVerify:
+                        description: Disable target certificate validation.
+                        type: boolean
+                      rootCA:
+                        description: RootCA defines the root certificate authorities that clients use when verifying server certificates.
+                        properties:
+                          key:
+                            description: The key of the secret to select from.  Must be a valid secret key.
+                            type: string
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: The namespace of the secret, default to the pod's namespace.
+                            type: string
+                        required:
+                        - key
+                        type: object
+                      serverName:
+                        description: Used to verify the hostname for the targets.
+                        type: string
+                    type: object
+                required:
+                - from
+                - smartHost
+                type: object
+              slack:
+                properties:
+                  labels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  slackTokenSecret:
+                    description: The token of user or bot.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be a valid secret key.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: The namespace of the secret, default to the pod's namespace.
+                        type: string
+                    required:
+                    - key
+                    type: object
+                type: object
+              webhook:
+                properties:
+                  labels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                type: object
+              wechat:
+                properties:
+                  labels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  wechatApiAgentId:
+                    description: The id of the application which sending message.
+                    type: string
+                  wechatApiCorpId:
+                    description: The corp id for authentication.
+                    type: string
+                  wechatApiSecret:
+                    description: The API key to use when talking to the WeChat API.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be a valid secret key.
+                        type: string
+                      name:
+                        description: Name of the secret.
+                        type: string
+                      namespace:
+                        description: The namespace of the secret, default to the pod's namespace.
+                        type: string
+                    required:
+                    - key
+                    type: object
+                  wechatApiUrl:
+                    description: The WeChat API URL.
+                    type: string
+                required:
+                - wechatApiAgentId
+                - wechatApiCorpId
+                - wechatApiSecret
+                type: object
+            type: object
+          status:
+            description: ConfigStatus defines the observed state of Config
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/notification.kubesphere.io_notificationmanagers.yaml
+++ b/config/crds/notification.kubesphere.io_notificationmanagers.yaml
--- a/config/crds/notification.kubesphere.io_receivers.yaml
+++ b/config/crds/notification.kubesphere.io_receivers.yaml
@@ -0,0 +1,590 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: receivers.notification.kubesphere.io
+spec:
+  group: notification.kubesphere.io
+  names:
+    categories:
+    - notification-manager
+    kind: Receiver
+    listKind: ReceiverList
+    plural: receivers
+    shortNames:
+    - nr
+    singular: receiver
+  scope: Cluster
+  versions:
+  - name: v2beta1
+    schema:
+      openAPIV3Schema:
+        description: Receiver is the Schema for the receivers API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ReceiverSpec defines the desired state of Receiver
+            properties:
+              dingtalk:
+                properties:
+                  alertSelector:
+                    description: Selector to filter alerts.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  chatbot:
+                    description: Be careful, a ChatBot only can send 20 message per minute.
+                    properties:
+                      keywords:
+                        description: Custom keywords of ChatBot
+                        items:
+                          type: string
+                        type: array
+                      secret:
+                        description: Secret of ChatBot, you can get it after enabled Additional Signature of ChatBot.
+                        properties:
+                          key:
+                            description: The key of the secret to select from.  Must be a valid secret key.
+                            type: string
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: The namespace of the secret, default to the pod's namespace.
+                            type: string
+                        required:
+                        - key
+                        type: object
+                      webhook:
+                        description: The webhook of ChatBot which the message will send to.
+                        properties:
+                          key:
+                            description: The key of the secret to select from.  Must be a valid secret key.
+                            type: string
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: The namespace of the secret, default to the pod's namespace.
+                            type: string
+                        required:
+                        - key
+                        type: object
+                    required:
+                    - webhook
+                    type: object
+                  conversation:
+                    description: The conversation which message will send to.
+                    properties:
+                      chatids:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - chatids
+                    type: object
+                  dingtalkConfigSelector:
+                    description: DingTalkConfig to be selected for this receiver
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  enabled:
+                    description: whether the receiver is enabled
+                    type: boolean
+                type: object
+              email:
+                properties:
+                  alertSelector:
+                    description: Selector to filter alerts.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  emailConfigSelector:
+                    description: EmailConfig to be selected for this receiver
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  enabled:
+                    description: whether the receiver is enabled
+                    type: boolean
+                  to:
+                    description: Receivers' email addresses
+                    items:
+                      type: string
+                    type: array
+                required:
+                - to
+                type: object
+              slack:
+                properties:
+                  alertSelector:
+                    description: Selector to filter alerts.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  channels:
+                    description: The channel or user to send notifications to.
+                    items:
+                      type: string
+                    type: array
+                  enabled:
+                    description: whether the receiver is enabled
+                    type: boolean
+                  slackConfigSelector:
+                    description: SlackConfig to be selected for this receiver
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                required:
+                - channels
+                type: object
+              webhook:
+                properties:
+                  alertSelector:
+                    description: Selector to filter alerts.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  enabled:
+                    description: whether the receiver is enabled
+                    type: boolean
+                  httpConfig:
+                    description: HTTPClientConfig configures an HTTP client.
+                    properties:
+                      basicAuth:
+                        description: The HTTP basic authentication credentials for the targets.
+                        properties:
+                          password:
+                            description: SecretKeySelector selects a key of a Secret.
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must be a valid secret key.
+                                type: string
+                              name:
+                                description: Name of the secret.
+                                type: string
+                              namespace:
+                                description: The namespace of the secret, default to the pod's namespace.
+                                type: string
+                            required:
+                            - key
+                            type: object
+                          username:
+                            type: string
+                        required:
+                        - username
+                        type: object
+                      bearerToken:
+                        description: The bearer token for the targets.
+                        properties:
+                          key:
+                            description: The key of the secret to select from.  Must be a valid secret key.
+                            type: string
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: The namespace of the secret, default to the pod's namespace.
+                            type: string
+                        required:
+                        - key
+                        type: object
+                      proxyUrl:
+                        description: HTTP proxy server to use to connect to the targets.
+                        type: string
+                      tlsConfig:
+                        description: TLSConfig to use to connect to the targets.
+                        properties:
+                          clientCertificate:
+                            description: The certificate of the client.
+                            properties:
+                              cert:
+                                description: The client cert file for the targets.
+                                properties:
+                                  key:
+                                    description: The key of the secret to select from.  Must be a valid secret key.
+                                    type: string
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: The namespace of the secret, default to the pod's namespace.
+                                    type: string
+                                required:
+                                - key
+                                type: object
+                              key:
+                                description: The client key file for the targets.
+                                properties:
+                                  key:
+                                    description: The key of the secret to select from.  Must be a valid secret key.
+                                    type: string
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: The namespace of the secret, default to the pod's namespace.
+                                    type: string
+                                required:
+                                - key
+                                type: object
+                            type: object
+                          insecureSkipVerify:
+                            description: Disable target certificate validation.
+                            type: boolean
+                          rootCA:
+                            description: RootCA defines the root certificate authorities that clients use when verifying server certificates.
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must be a valid secret key.
+                                type: string
+                              name:
+                                description: Name of the secret.
+                                type: string
+                              namespace:
+                                description: The namespace of the secret, default to the pod's namespace.
+                                type: string
+                            required:
+                            - key
+                            type: object
+                          serverName:
+                            description: Used to verify the hostname for the targets.
+                            type: string
+                        type: object
+                    type: object
+                  service:
+                    description: "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified. \n If the webhook is running within the cluster, then you should use `service`."
+                    properties:
+                      name:
+                        description: '`name` is the name of the service. Required'
+                        type: string
+                      namespace:
+                        description: '`namespace` is the namespace of the service. Required'
+                        type: string
+                      path:
+                        description: '`path` is an optional URL path which will be sent in any request to this service.'
+                        type: string
+                      port:
+                        description: If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+                        format: int32
+                        type: integer
+                      scheme:
+                        description: Http scheme, default is http.
+                        type: string
+                    required:
+                    - name
+                    - namespace
+                    type: object
+                  url:
+                    description: "`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified. \n The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some api servers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address. \n Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster. \n A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier. \n Attempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either."
+                    type: string
+                  webhookConfigSelector:
+                    description: WebhookConfig to be selected for this receiver
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                type: object
+              wechat:
+                properties:
+                  alertSelector:
+                    description: Selector to filter alerts.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  enabled:
+                    description: whether the receiver is enabled
+                    type: boolean
+                  toParty:
+                    items:
+                      type: string
+                    type: array
+                  toTag:
+                    items:
+                      type: string
+                    type: array
+                  toUser:
+                    items:
+                      type: string
+                    type: array
+                  wechatConfigSelector:
+                    description: WechatConfig to be selected for this receiver
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                type: object
+            type: object
+          status:
+            description: ReceiverStatus defines the observed state of Receiver
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/quota.kubesphere.io_resourcequotas.yaml
+++ b/config/crds/quota.kubesphere.io_resourcequotas.yaml
@@ -0,0 +1,161 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: resourcequotas.quota.kubesphere.io
+spec:
+  group: quota.kubesphere.io
+  names:
+    categories:
+    - quota
+    kind: ResourceQuota
+    listKind: ResourceQuotaList
+    plural: resourcequotas
+    singular: resourcequota
+  scope: Cluster
+  versions:
+  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: WorkspaceResourceQuota sets aggregate quota restrictions enforced per workspace
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec defines the desired quota
+            properties:
+              quota:
+                description: Quota defines the desired quota
+                properties:
+                  hard:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: 'hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
+                    type: object
+                  scopeSelector:
+                    description: scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
+                    properties:
+                      matchExpressions:
+                        description: A list of scope selector requirements by scope of the resources.
+                        items:
+                          description: A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.
+                          properties:
+                            operator:
+                              description: Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+                              type: string
+                            scopeName:
+                              description: The name of the scope that the selector applies to.
+                              type: string
+                            values:
+                              description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - operator
+                          - scopeName
+                          type: object
+                        type: array
+                    type: object
+                  scopes:
+                    description: A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.
+                    items:
+                      description: A ResourceQuotaScope defines a filter that must match each object tracked by a quota
+                      type: string
+                    type: array
+                type: object
+              selector:
+                additionalProperties:
+                  type: string
+                description: LabelSelector is used to select projects by label.
+                type: object
+            required:
+            - quota
+            - selector
+            type: object
+          status:
+            description: Status defines the actual enforced quota and its current usage
+            properties:
+              namespaces:
+                description: Namespaces slices the usage by project.
+                items:
+                  description: ResourceQuotaStatusByNamespace gives status for a particular project
+                  properties:
+                    hard:
+                      additionalProperties:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      description: 'Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
+                      type: object
+                    namespace:
+                      description: Namespace the project this status applies to
+                      type: string
+                    used:
+                      additionalProperties:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      description: Used is the current observed total usage of the resource in the namespace.
+                      type: object
+                  required:
+                  - namespace
+                  type: object
+                type: array
+              total:
+                description: Total defines the actual enforced quota and its current usage across all projects
+                properties:
+                  hard:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: 'Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
+                    type: object
+                  used:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: Used is the current observed total usage of the resource in the namespace.
+                    type: object
+                type: object
+            required:
+            - namespaces
+            - total
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/servicemesh.kubesphere.io_servicepolicies.yaml
+++ b/config/crds/servicemesh.kubesphere.io_servicepolicies.yaml
--- a/config/crds/servicemesh.kubesphere.io_strategies.yaml
+++ b/config/crds/servicemesh.kubesphere.io_strategies.yaml
--- a/config/crds/storage.kubesphere.io_provisionercapabilities.yaml
+++ b/config/crds/storage.kubesphere.io_provisionercapabilities.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -14,94 +14,104 @@ spec:
    listKind: ProvisionerCapabilityList
    plural: provisionercapabilities
    singular: provisionercapability
-  scope: Namespaced
-  validation:
-    openAPIV3Schema:
-      description: ProvisionerCapability is the schema for the provisionercapability
-        API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: ProvisionerCapabilitySpec defines the desired state of ProvisionerCapability
-          properties:
-            features:
-              description: CapabilityFeatures describe storage features
-              properties:
-                snapshot:
-                  description: SnapshotFeature describe snapshot features
-                  properties:
-                    create:
-                      type: boolean
-                    list:
-                      type: boolean
-                  required:
-                  - create
-                  - list
-                  type: object
-                topology:
-                  type: boolean
-                volume:
-                  description: VolumeFeature describe volume features
-                  properties:
-                    attach:
-                      type: boolean
-                    clone:
-                      type: boolean
-                    create:
-                      type: boolean
-                    expandMode:
-                      type: string
-                    list:
-                      type: boolean
-                    stats:
-                      type: boolean
-                  required:
-                  - attach
-                  - clone
-                  - create
-                  - expandMode
-                  - list
-                  - stats
-                  type: object
-              required:
-              - snapshot
-              - topology
-              - volume
-              type: object
-            pluginInfo:
-              description: PluginInfo describes plugin info
-              properties:
-                name:
-                  type: string
-                version:
-                  type: string
-              required:
-              - name
-              - version
-              type: object
-          required:
-          - features
-          - pluginInfo
-          type: object
-      required:
-      - spec
-      type: object
-  version: v1alpha1
+  scope: Cluster
  versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .spec.pluginInfo.name
+      name: Provisioner
+      type: string
+    - jsonPath: .spec.features.volume.expandMode
+      name: Expand
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ProvisionerCapability is the schema for the provisionercapability
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ProvisionerCapabilitySpec defines the desired state of ProvisionerCapability
+            properties:
+              features:
+                description: CapabilityFeatures describe storage features
+                properties:
+                  snapshot:
+                    description: SnapshotFeature describe snapshot features
+                    properties:
+                      create:
+                        type: boolean
+                      list:
+                        type: boolean
+                    required:
+                    - create
+                    - list
+                    type: object
+                  topology:
+                    type: boolean
+                  volume:
+                    description: VolumeFeature describe volume features
+                    properties:
+                      attach:
+                        type: boolean
+                      clone:
+                        type: boolean
+                      create:
+                        type: boolean
+                      expandMode:
+                        type: string
+                      list:
+                        type: boolean
+                      stats:
+                        type: boolean
+                    required:
+                    - attach
+                    - clone
+                    - create
+                    - expandMode
+                    - list
+                    - stats
+                    type: object
+                required:
+                - snapshot
+                - topology
+                - volume
+                type: object
+              pluginInfo:
+                description: PluginInfo describes plugin info
+                properties:
+                  name:
+                    type: string
+                  version:
+                    type: string
+                required:
+                - name
+                - version
+                type: object
+            required:
+            - features
+            - pluginInfo
+            type: object
+        required:
+        - spec
+        type: object
    served: true
    storage: true
+    subresources: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/storage.kubesphere.io_storageclasscapabilities.yaml
+++ b/config/crds/storage.kubesphere.io_storageclasscapabilities.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -14,85 +14,104 @@ spec:
    listKind: StorageClassCapabilityList
    plural: storageclasscapabilities
    singular: storageclasscapability
-  scope: Namespaced
-  validation:
-    openAPIV3Schema:
-      description: StorageClassCapability is the Schema for the storage class capability
-        API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: StorageClassCapabilitySpec defines the desired state of StorageClassCapability
-          properties:
-            features:
-              description: CapabilityFeatures describe storage features
-              properties:
-                snapshot:
-                  description: SnapshotFeature describe snapshot features
-                  properties:
-                    create:
-                      type: boolean
-                    list:
-                      type: boolean
-                  required:
-                  - create
-                  - list
-                  type: object
-                topology:
-                  type: boolean
-                volume:
-                  description: VolumeFeature describe volume features
-                  properties:
-                    attach:
-                      type: boolean
-                    clone:
-                      type: boolean
-                    create:
-                      type: boolean
-                    expandMode:
-                      type: string
-                    list:
-                      type: boolean
-                    stats:
-                      type: boolean
-                  required:
-                  - attach
-                  - clone
-                  - create
-                  - expandMode
-                  - list
-                  - stats
-                  type: object
-              required:
-              - snapshot
-              - topology
-              - volume
-              type: object
-            provisioner:
-              type: string
-          required:
-          - features
-          - provisioner
-          type: object
-      required:
-      - spec
-      type: object
-  version: v1alpha1
+  scope: Cluster
  versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .spec.provisioner
+      name: Provisioner
+      type: string
+    - jsonPath: .spec.features.volume.create
+      name: Volume
+      type: boolean
+    - jsonPath: .spec.features.volume.expandMode
+      name: Expand
+      type: string
+    - jsonPath: .spec.features.volume.clone
+      name: Clone
+      type: boolean
+    - jsonPath: .spec.features.snapshot.create
+      name: Snapshot
+      type: boolean
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: StorageClassCapability is the Schema for the storage class capability
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: StorageClassCapabilitySpec defines the desired state of StorageClassCapability
+            properties:
+              features:
+                description: CapabilityFeatures describe storage features
+                properties:
+                  snapshot:
+                    description: SnapshotFeature describe snapshot features
+                    properties:
+                      create:
+                        type: boolean
+                      list:
+                        type: boolean
+                    required:
+                    - create
+                    - list
+                    type: object
+                  topology:
+                    type: boolean
+                  volume:
+                    description: VolumeFeature describe volume features
+                    properties:
+                      attach:
+                        type: boolean
+                      clone:
+                        type: boolean
+                      create:
+                        type: boolean
+                      expandMode:
+                        type: string
+                      list:
+                        type: boolean
+                      stats:
+                        type: boolean
+                    required:
+                    - attach
+                    - clone
+                    - create
+                    - expandMode
+                    - list
+                    - stats
+                    type: object
+                required:
+                - snapshot
+                - topology
+                - volume
+                type: object
+              provisioner:
+                type: string
+            required:
+            - features
+            - provisioner
+            type: object
+        required:
+        - spec
+        type: object
    served: true
    storage: true
+    subresources: {}
 status:
  acceptedNames:
    kind: ""
--- a/config/crds/tenant.kubesphere.io_workspaces.yaml
+++ b/config/crds/tenant.kubesphere.io_workspaces.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -17,37 +17,32 @@ spec:
    plural: workspaces
    singular: workspace
  scope: Cluster
-  validation:
-    openAPIV3Schema:
-      description: Workspace is the Schema for the workspaces API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: WorkspaceSpec defines the desired state of Workspace
-          properties:
-            manager:
-              type: string
-            networkIsolation:
-              type: boolean
-          type: object
-        status:
-          description: WorkspaceStatus defines the observed state of Workspace
-          type: object
-      type: object
-  version: v1alpha1
  versions:
  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Workspace is the Schema for the workspaces API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: WorkspaceSpec defines the desired state of Workspace
+            properties:
+              manager:
+                type: string
+              networkIsolation:
+                type: boolean
+            type: object
+          status:
+            description: WorkspaceStatus defines the observed state of Workspace
+            type: object
+        type: object
    served: true
    storage: true
 status:
--- a/config/crds/tenant.kubesphere.io_workspacetemplates.yaml
+++ b/config/crds/tenant.kubesphere.io_workspacetemplates.yaml
@@ -1,6 +1,6 @@

 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
@@ -17,90 +17,104 @@ spec:
    plural: workspacetemplates
    singular: workspacetemplate
  scope: Cluster
-  validation:
-    openAPIV3Schema:
-      description: WorkspaceTemplate is the Schema for the workspacetemplates API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          properties:
-            overrides:
-              items:
-                properties:
-                  clusterName:
-                    type: string
-                  clusterOverrides:
-                    items:
-                      properties:
-                        op:
-                          type: string
-                        path:
-                          type: string
-                        value:
-                          type: object
-                      required:
-                      - path
-                      - value
-                      type: object
-                    type: array
-                required:
-                - clusterName
-                - clusterOverrides
-                type: object
-              type: array
-            placement:
-              properties:
-                clusterSelector:
-                  properties:
-                    matchLabels:
-                      additionalProperties:
-                        type: string
-                      type: object
-                  type: object
-                clusters:
-                  items:
-                    properties:
-                      name:
-                        type: string
-                    required:
-                    - name
-                    type: object
-                  type: array
-              type: object
-            template:
-              properties:
-                metadata:
-                  type: object
-                spec:
-                  description: WorkspaceSpec defines the desired state of Workspace
-                  properties:
-                    manager:
-                      type: string
-                    networkIsolation:
-                      type: boolean
-                  type: object
-              required:
-              - spec
-              type: object
-          required:
-          - placement
-          - template
-          type: object
-      type: object
-  version: v1alpha2
  versions:
  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: WorkspaceTemplate is the Schema for the workspacetemplates API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  metadata:
+                    type: object
+                  spec:
+                    description: WorkspaceSpec defines the desired state of Workspace
+                    properties:
+                      manager:
+                        type: string
+                      networkIsolation:
+                        type: boolean
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+        type: object
    served: true
    storage: true
 status:
--- a/config/crds/types.kubefed.io_federatedapplications.yaml
+++ b/config/crds/types.kubefed.io_federatedapplications.yaml
@@ -0,0 +1,440 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedapplications.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedApplication
+    listKind: FederatedApplicationList
+    plural: federatedapplications
+    singular: federatedapplication
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  spec:
+                    description: ApplicationSpec defines the specification for an Application.
+                    properties:
+                      addOwnerRef:
+                        description: AddOwnerRef objects - flag to indicate if we need to add OwnerRefs to matching objects Matching is done by using Selector to query all ComponentGroupKinds
+                        type: boolean
+                      assemblyPhase:
+                        description: AssemblyPhase represents the current phase of the application's assembly. An empty value is equivalent to "Succeeded".
+                        type: string
+                      componentKinds:
+                        description: ComponentGroupKinds is a list of Kinds for Application's components (e.g. Deployments, Pods, Services, CRDs). It can be used in conjunction with the Application's Selector to list or watch the Applications components.
+                        items:
+                          description: GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying concepts during lookup stages without having partially valid types
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          type: object
+                        type: array
+                      descriptor:
+                        description: Descriptor regroups information and metadata about an application.
+                        properties:
+                          description:
+                            description: Description is a brief string description of the Application.
+                            type: string
+                          icons:
+                            description: Icons is an optional list of icons for an application. Icon information includes the source, size, and mime type.
+                            items:
+                              description: ImageSpec contains information about an image used as an icon.
+                              properties:
+                                size:
+                                  description: (optional) The size of the image in pixels (e.g., 25x25).
+                                  type: string
+                                src:
+                                  description: The source for image represented as either an absolute URL to the image or a Data URL containing the image. Data URLs are defined in RFC 2397.
+                                  type: string
+                                type:
+                                  description: (optional) The mine type of the image (e.g., "image/png").
+                                  type: string
+                              required:
+                              - src
+                              type: object
+                            type: array
+                          keywords:
+                            description: Keywords is an optional list of key words associated with the application (e.g. MySQL, RDBMS, database).
+                            items:
+                              type: string
+                            type: array
+                          links:
+                            description: Links are a list of descriptive URLs intended to be used to surface additional documentation, dashboards, etc.
+                            items:
+                              description: Link contains information about an URL to surface documentation, dashboards, etc.
+                              properties:
+                                description:
+                                  description: Description is human readable content explaining the purpose of the link.
+                                  type: string
+                                url:
+                                  description: Url typically points at a website address.
+                                  type: string
+                              type: object
+                            type: array
+                          maintainers:
+                            description: Maintainers is an optional list of maintainers of the application. The maintainers in this list maintain the the source code, images, and package for the application.
+                            items:
+                              description: ContactData contains information about an individual or organization.
+                              properties:
+                                email:
+                                  description: Email is the email address.
+                                  type: string
+                                name:
+                                  description: Name is the descriptive name.
+                                  type: string
+                                url:
+                                  description: Url could typically be a website address.
+                                  type: string
+                              type: object
+                            type: array
+                          notes:
+                            description: Notes contain a human readable snippets intended as a quick start for the users of the Application. CommonMark markdown syntax may be used for rich text representation.
+                            type: string
+                          owners:
+                            description: Owners is an optional list of the owners of the installed application. The owners of the application should be contacted in the event of a planned or unplanned disruption affecting the application.
+                            items:
+                              description: ContactData contains information about an individual or organization.
+                              properties:
+                                email:
+                                  description: Email is the email address.
+                                  type: string
+                                name:
+                                  description: Name is the descriptive name.
+                                  type: string
+                                url:
+                                  description: Url could typically be a website address.
+                                  type: string
+                              type: object
+                            type: array
+                          type:
+                            description: Type is the type of the application (e.g. WordPress, MySQL, Cassandra).
+                            type: string
+                          version:
+                            description: Version is an optional version indicator for the Application.
+                            type: string
+                        type: object
+                      info:
+                        description: Info contains human readable key,value pairs for the Application.
+                        items:
+                          description: InfoItem is a human readable key,value pair containing important information about how to access the Application.
+                          properties:
+                            name:
+                              description: Name is a human readable title for this piece of information.
+                              type: string
+                            type:
+                              description: Type of the value for this InfoItem.
+                              type: string
+                            value:
+                              description: Value is human readable content.
+                              type: string
+                            valueFrom:
+                              description: ValueFrom defines a reference to derive the value from another source.
+                              properties:
+                                configMapKeyRef:
+                                  description: Selects a key of a ConfigMap.
+                                  properties:
+                                    apiVersion:
+                                      description: API version of the referent.
+                                      type: string
+                                    fieldPath:
+                                      description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
+                                      type: string
+                                    key:
+                                      description: The key to select.
+                                      type: string
+                                    kind:
+                                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                      type: string
+                                    namespace:
+                                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                      type: string
+                                    resourceVersion:
+                                      description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                      type: string
+                                    uid:
+                                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                      type: string
+                                  type: object
+                                ingressRef:
+                                  description: Select an Ingress.
+                                  properties:
+                                    apiVersion:
+                                      description: API version of the referent.
+                                      type: string
+                                    fieldPath:
+                                      description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
+                                      type: string
+                                    host:
+                                      description: The optional host to select.
+                                      type: string
+                                    kind:
+                                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                      type: string
+                                    namespace:
+                                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                      type: string
+                                    path:
+                                      description: The optional HTTP path.
+                                      type: string
+                                    protocol:
+                                      description: Protocol for the ingress
+                                      type: string
+                                    resourceVersion:
+                                      description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                      type: string
+                                    uid:
+                                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                      type: string
+                                  type: object
+                                secretKeyRef:
+                                  description: Selects a key of a Secret.
+                                  properties:
+                                    apiVersion:
+                                      description: API version of the referent.
+                                      type: string
+                                    fieldPath:
+                                      description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
+                                      type: string
+                                    key:
+                                      description: The key to select.
+                                      type: string
+                                    kind:
+                                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                      type: string
+                                    namespace:
+                                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                      type: string
+                                    resourceVersion:
+                                      description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                      type: string
+                                    uid:
+                                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                      type: string
+                                  type: object
+                                serviceRef:
+                                  description: Select a Service.
+                                  properties:
+                                    apiVersion:
+                                      description: API version of the referent.
+                                      type: string
+                                    fieldPath:
+                                      description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
+                                      type: string
+                                    kind:
+                                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                      type: string
+                                    namespace:
+                                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                      type: string
+                                    path:
+                                      description: The optional HTTP path.
+                                      type: string
+                                    port:
+                                      description: The optional port to select.
+                                      format: int32
+                                      type: integer
+                                    protocol:
+                                      description: Protocol for the service
+                                      type: string
+                                    resourceVersion:
+                                      description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                      type: string
+                                    uid:
+                                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                      type: string
+                                  type: object
+                                type:
+                                  description: Type of source.
+                                  type: string
+                              type: object
+                          type: object
+                        type: array
+                      selector:
+                        description: 'Selector is a label query over kinds that created by the application. It must match the component objects'' labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                            items:
+                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              properties:
+                                key:
+                                  description: key is the label key that the selector applies to.
+                                  type: string
+                                operator:
+                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  type: string
+                                values:
+                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - key
+                              - operator
+                              type: object
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              type: string
+                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            type: object
+                        type: object
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatedclusterrolebindings.yaml
+++ b/config/crds/types.kubefed.io_federatedclusterrolebindings.yaml
@@ -0,0 +1,194 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedclusterrolebindings.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedClusterRoleBinding
+    listKind: FederatedClusterRoleBindingList
+    plural: federatedclusterrolebindings
+    singular: federatedclusterrolebinding
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  roleRef:
+                    description: RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.
+                    properties:
+                      apiGroup:
+                        description: APIGroup is the group for the resource being referenced
+                        type: string
+                      kind:
+                        description: Kind is the type of resource being referenced
+                        type: string
+                      name:
+                        description: Name is the name of resource being referenced
+                        type: string
+                    required:
+                    - apiGroup
+                    - kind
+                    - name
+                    type: object
+                  subjects:
+                    items:
+                      description: Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
+                      properties:
+                        apiGroup:
+                          description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+                          type: string
+                        kind:
+                          description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+                          type: string
+                        name:
+                          description: Name of the object being referenced.
+                          type: string
+                        namespace:
+                          description: Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
+                          type: string
+                      required:
+                      - kind
+                      - name
+                      type: object
+                    type: array
+                required:
+                - roleRef
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatedclusterroles.yaml
+++ b/config/crds/types.kubefed.io_federatedclusterroles.yaml
@@ -0,0 +1,224 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedclusterroles.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedClusterRole
+    listKind: FederatedClusterRoleList
+    plural: federatedclusterroles
+    singular: federatedclusterrole
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  aggregationRule:
+                    description: AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
+                    properties:
+                      clusterRoleSelectors:
+                        description: ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added
+                        items:
+                          description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                          properties:
+                            matchExpressions:
+                              description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                              items:
+                                description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                properties:
+                                  key:
+                                    description: key is the label key that the selector applies to.
+                                    type: string
+                                  operator:
+                                    description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                    type: string
+                                  values:
+                                    description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                    items:
+                                      type: string
+                                    type: array
+                                required:
+                                - key
+                                - operator
+                                type: object
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                              type: object
+                          type: object
+                        type: array
+                    type: object
+                  rules:
+                    items:
+                      description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
+                      properties:
+                        apiGroups:
+                          description: APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
+                          items:
+                            type: string
+                          type: array
+                        nonResourceURLs:
+                          description: NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
+                          items:
+                            type: string
+                          type: array
+                        resourceNames:
+                          description: ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
+                          items:
+                            type: string
+                          type: array
+                        resources:
+                          description: Resources is a list of resources this rule applies to.  ResourceAll represents all resources.
+                          items:
+                            type: string
+                          type: array
+                        verbs:
+                          description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - verbs
+                      type: object
+                    type: array
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatedconfigmaps.yaml
+++ b/config/crds/types.kubefed.io_federatedconfigmaps.yaml
@@ -0,0 +1,163 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedconfigmaps.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedConfigMap
+    listKind: FederatedConfigMapList
+    plural: federatedconfigmaps
+    singular: federatedconfigmap
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  binaryData:
+                    additionalProperties:
+                      format: byte
+                      type: string
+                    type: object
+                  data:
+                    additionalProperties:
+                      type: string
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federateddeployments.yaml
+++ b/config/crds/types.kubefed.io_federateddeployments.yaml
--- a/config/crds/types.kubefed.io_federatedgroupbindings.yaml
+++ b/config/crds/types.kubefed.io_federatedgroupbindings.yaml
@@ -0,0 +1,170 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedgroupbindings.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedGroupBinding
+    listKind: FederatedGroupBindingList
+    plural: federatedgroupbindings
+    singular: federatedgroupbinding
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  groupRef:
+                    description: GroupRef defines the desired relation of GroupBinding
+                    properties:
+                      apiGroup:
+                        type: string
+                      kind:
+                        type: string
+                      name:
+                        type: string
+                    type: object
+                  metadata:
+                    type: object
+                  users:
+                    items:
+                      type: string
+                    type: array
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatedgroups.yaml
+++ b/config/crds/types.kubefed.io_federatedgroups.yaml
@@ -0,0 +1,159 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedgroups.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedGroup
+    listKind: FederatedGroupList
+    plural: federatedgroups
+    singular: federatedgroup
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  metadata:
+                    type: object
+                  spec:
+                    description: GroupSpec defines the desired state of Group
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatedingresses.yaml
+++ b/config/crds/types.kubefed.io_federatedingresses.yaml
@@ -0,0 +1,265 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedingresses.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedIngress
+    listKind: FederatedIngressList
+    plural: federatedingresses
+    singular: federatedingress
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  spec:
+                    description: IngressSpec describes the Ingress the user wishes to exist.
+                    properties:
+                      backend:
+                        description: A default backend capable of servicing requests that don't match any rule. At least one of 'backend' or 'rules' must be specified. This field is optional to allow the loadbalancer controller or defaulting logic to specify a global default.
+                        properties:
+                          resource:
+                            description: Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, serviceName and servicePort must not be specified.
+                            properties:
+                              apiGroup:
+                                description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+                                type: string
+                              kind:
+                                description: Kind is the type of resource being referenced
+                                type: string
+                              name:
+                                description: Name is the name of resource being referenced
+                                type: string
+                            required:
+                            - kind
+                            - name
+                            type: object
+                          serviceName:
+                            description: Specifies the name of the referenced service.
+                            type: string
+                          servicePort:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Specifies the port of the referenced service.
+                            x-kubernetes-int-or-string: true
+                        type: object
+                      ingressClassName:
+                        description: IngressClassName is the name of the IngressClass cluster resource. The associated IngressClass defines which controller will implement the resource. This replaces the deprecated `kubernetes.io/ingress.class` annotation. For backwards compatibility, when that annotation is set, it must be given precedence over this field. The controller may emit a warning if the field and annotation have different values. Implementations of this API should ignore Ingresses without a class specified. An IngressClass resource may be marked as default, which can be used to set a default value for this field. For more information, refer to the IngressClass documentation.
+                        type: string
+                      rules:
+                        description: A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.
+                        items:
+                          description: IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.
+                          properties:
+                            host:
+                              description: "Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to    the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. \t  Currently the port of an Ingress is implicitly :80 for http and \t  :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. \n Host can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. \"*.foo.com\"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule."
+                              type: string
+                            http:
+                              description: 'HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://<host>/<path>?<searchpart> -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last ''/'' and before the first ''?'' or ''#''.'
+                              properties:
+                                paths:
+                                  description: A collection of paths that map requests to backends.
+                                  items:
+                                    description: HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend.
+                                    properties:
+                                      backend:
+                                        description: Backend defines the referenced service endpoint to which the traffic will be forwarded to.
+                                        properties:
+                                          resource:
+                                            description: Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, serviceName and servicePort must not be specified.
+                                            properties:
+                                              apiGroup:
+                                                description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+                                                type: string
+                                              kind:
+                                                description: Kind is the type of resource being referenced
+                                                type: string
+                                              name:
+                                                description: Name is the name of resource being referenced
+                                                type: string
+                                            required:
+                                            - kind
+                                            - name
+                                            type: object
+                                          serviceName:
+                                            description: Specifies the name of the referenced service.
+                                            type: string
+                                          servicePort:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: Specifies the port of the referenced service.
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                      path:
+                                        description: Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. When unspecified, all paths from incoming requests are matched.
+                                        type: string
+                                      pathType:
+                                        description: 'PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by ''/''. Matching is   done on a path element by element basis. A path element refers is the   list of labels in the path split by the ''/'' separator. A request is a   match for path p if every p is an element-wise prefix of p of the   request path. Note that if the last element of the path is a substring   of the last element in request path, it is not a match (e.g. /foo/bar   matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to   the IngressClass. Implementations can treat this as a separate PathType   or treat it identically to Prefix or Exact path types. Implementations are required to support all path types. Defaults to ImplementationSpecific.'
+                                        type: string
+                                    required:
+                                    - backend
+                                    type: object
+                                  type: array
+                              required:
+                              - paths
+                              type: object
+                          type: object
+                        type: array
+                      tls:
+                        description: TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.
+                        items:
+                          description: IngressTLS describes the transport layer security associated with an Ingress.
+                          properties:
+                            hosts:
+                              description: Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
+                              items:
+                                type: string
+                              type: array
+                            secretName:
+                              description: SecretName is the name of the secret used to terminate SSL traffic on 443. Field is left optional to allow SSL routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing.
+                              type: string
+                          type: object
+                        type: array
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatedjobs.yaml
+++ b/config/crds/types.kubefed.io_federatedjobs.yaml
--- a/config/crds/types.kubefed.io_federatedlimitranges.yaml
+++ b/config/crds/types.kubefed.io_federatedlimitranges.yaml
@@ -0,0 +1,217 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedlimitranges.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedLimitRange
+    listKind: FederatedLimitRangeList
+    plural: federatedlimitranges
+    singular: federatedlimitrange
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  spec:
+                    description: LimitRangeSpec defines a min/max usage limit for resources that match on kind.
+                    properties:
+                      limits:
+                        description: Limits is the list of LimitRangeItem objects that are enforced.
+                        items:
+                          description: LimitRangeItem defines a min/max usage limit for any resource that matches on kind.
+                          properties:
+                            default:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: Default resource requirement limit value by resource name if resource limit is omitted.
+                              type: object
+                            defaultRequest:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.
+                              type: object
+                            max:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: Max usage constraints on this kind by resource name.
+                              type: object
+                            maxLimitRequestRatio:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
+                              type: object
+                            min:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: Min usage constraints on this kind by resource name.
+                              type: object
+                            type:
+                              description: Type of resource that this limit applies to.
+                              type: string
+                          required:
+                          - type
+                          type: object
+                        type: array
+                    required:
+                    - limits
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatednamespaces.yaml
+++ b/config/crds/types.kubefed.io_federatednamespaces.yaml
@@ -0,0 +1,164 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatednamespaces.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedNamespace
+    listKind: FederatedNamespaceList
+    plural: federatednamespaces
+    singular: federatednamespace
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  spec:
+                    description: NamespaceSpec describes the attributes on a Namespace.
+                    properties:
+                      finalizers:
+                        description: 'Finalizers is an opaque list of values that must be empty to permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/'
+                        items:
+                          description: FinalizerName is the name identifying a finalizer during namespace lifecycle.
+                          type: string
+                        type: array
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatednotificationconfigs.yaml
+++ b/config/crds/types.kubefed.io_federatednotificationconfigs.yaml
@@ -0,0 +1,393 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatednotificationconfigs.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedNotificationConfig
+    listKind: FederatedNotificationConfigList
+    plural: federatednotificationconfigs
+    singular: federatednotificationconfig
+  scope: Cluster
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  metadata:
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                  spec:
+                    description: ConfigSpec defines the desired state of Config
+                    properties:
+                      dingtalk:
+                        properties:
+                          conversation:
+                            description: Only needed when send alerts to the conversation.
+                            properties:
+                              appkey:
+                                description: The key of the application with which to send messages.
+                                properties:
+                                  key:
+                                    description: The key of the secret to select from.  Must be a valid secret key.
+                                    type: string
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: The namespace of the secret, default to the pod's namespace.
+                                    type: string
+                                required:
+                                - key
+                                type: object
+                              appsecret:
+                                description: The key in the secret to be used. Must be a valid secret key.
+                                properties:
+                                  key:
+                                    description: The key of the secret to select from.  Must be a valid secret key.
+                                    type: string
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: The namespace of the secret, default to the pod's namespace.
+                                    type: string
+                                required:
+                                - key
+                                type: object
+                            type: object
+                          labels:
+                            additionalProperties:
+                              type: string
+                            type: object
+                        type: object
+                      email:
+                        properties:
+                          authIdentify:
+                            description: The identity for PLAIN authentication.
+                            type: string
+                          authPassword:
+                            description: The secret contains the SMTP password for LOGIN and PLAIN authentications.
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must be a valid secret key.
+                                type: string
+                              name:
+                                description: Name of the secret.
+                                type: string
+                              namespace:
+                                description: The namespace of the secret, default to the pod's namespace.
+                                type: string
+                            required:
+                            - key
+                            type: object
+                          authSecret:
+                            description: The secret contains the SMTP secret for CRAM-MD5 authentication.
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must be a valid secret key.
+                                type: string
+                              name:
+                                description: Name of the secret.
+                                type: string
+                              namespace:
+                                description: The namespace of the secret, default to the pod's namespace.
+                                type: string
+                            required:
+                            - key
+                            type: object
+                          authUsername:
+                            description: The username for CRAM-MD5, LOGIN and PLAIN authentications.
+                            type: string
+                          from:
+                            description: The sender address.
+                            type: string
+                          hello:
+                            description: The hostname to use when identifying to the SMTP server.
+                            type: string
+                          labels:
+                            additionalProperties:
+                              type: string
+                            type: object
+                          requireTLS:
+                            description: The default SMTP TLS requirement.
+                            type: boolean
+                          smartHost:
+                            description: The address of the SMTP server.
+                            properties:
+                              host:
+                                type: string
+                              port:
+                                type: integer
+                            required:
+                            - host
+                            - port
+                            type: object
+                          tls:
+                            description: TLSConfig configures the options for TLS connections.
+                            properties:
+                              clientCertificate:
+                                description: The certificate of the client.
+                                properties:
+                                  cert:
+                                    description: The client cert file for the targets.
+                                    properties:
+                                      key:
+                                        description: The key of the secret to select from.  Must be a valid secret key.
+                                        type: string
+                                      name:
+                                        description: Name of the secret.
+                                        type: string
+                                      namespace:
+                                        description: The namespace of the secret, default to the pod's namespace.
+                                        type: string
+                                    required:
+                                    - key
+                                    type: object
+                                  key:
+                                    description: The client key file for the targets.
+                                    properties:
+                                      key:
+                                        description: The key of the secret to select from.  Must be a valid secret key.
+                                        type: string
+                                      name:
+                                        description: Name of the secret.
+                                        type: string
+                                      namespace:
+                                        description: The namespace of the secret, default to the pod's namespace.
+                                        type: string
+                                    required:
+                                    - key
+                                    type: object
+                                type: object
+                              insecureSkipVerify:
+                                description: Disable target certificate validation.
+                                type: boolean
+                              rootCA:
+                                description: RootCA defines the root certificate authorities that clients use when verifying server certificates.
+                                properties:
+                                  key:
+                                    description: The key of the secret to select from.  Must be a valid secret key.
+                                    type: string
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: The namespace of the secret, default to the pod's namespace.
+                                    type: string
+                                required:
+                                - key
+                                type: object
+                              serverName:
+                                description: Used to verify the hostname for the targets.
+                                type: string
+                            type: object
+                        required:
+                        - from
+                        - smartHost
+                        type: object
+                      slack:
+                        properties:
+                          labels:
+                            additionalProperties:
+                              type: string
+                            type: object
+                          slackTokenSecret:
+                            description: The token of user or bot.
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must be a valid secret key.
+                                type: string
+                              name:
+                                description: Name of the secret.
+                                type: string
+                              namespace:
+                                description: The namespace of the secret, default to the pod's namespace.
+                                type: string
+                            required:
+                            - key
+                            type: object
+                        type: object
+                      webhook:
+                        properties:
+                          labels:
+                            additionalProperties:
+                              type: string
+                            type: object
+                        type: object
+                      wechat:
+                        properties:
+                          labels:
+                            additionalProperties:
+                              type: string
+                            type: object
+                          wechatApiAgentId:
+                            description: The id of the application which sending message.
+                            type: string
+                          wechatApiCorpId:
+                            description: The corp id for authentication.
+                            type: string
+                          wechatApiSecret:
+                            description: The API key to use when talking to the WeChat API.
+                            properties:
+                              key:
+                                description: The key of the secret to select from.  Must be a valid secret key.
+                                type: string
+                              name:
+                                description: Name of the secret.
+                                type: string
+                              namespace:
+                                description: The namespace of the secret, default to the pod's namespace.
+                                type: string
+                            required:
+                            - key
+                            type: object
+                          wechatApiUrl:
+                            description: The WeChat API URL.
+                            type: string
+                        required:
+                        - wechatApiAgentId
+                        - wechatApiCorpId
+                        - wechatApiSecret
+                        type: object
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatednotificationreceivers.yaml
+++ b/config/crds/types.kubefed.io_federatednotificationreceivers.yaml
@@ -0,0 +1,700 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatednotificationreceivers.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedNotificationReceiver
+    listKind: FederatedNotificationReceiverList
+    plural: federatednotificationreceivers
+    singular: federatednotificationreceiver
+  scope: Cluster
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  metadata:
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                  spec:
+                    description: ReceiverSpec defines the desired state of Receiver
+                    properties:
+                      dingtalk:
+                        properties:
+                          alertSelector:
+                            description: Selector to filter alerts.
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                                items:
+                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector applies to.
+                                      type: string
+                                    operator:
+                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                      type: string
+                                    values:
+                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - key
+                                  - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                type: object
+                            type: object
+                          chatbot:
+                            description: Be careful, a ChatBot only can send 20 message per minute.
+                            properties:
+                              keywords:
+                                description: Custom keywords of ChatBot
+                                items:
+                                  type: string
+                                type: array
+                              secret:
+                                description: Secret of ChatBot, you can get it after enabled Additional Signature of ChatBot.
+                                properties:
+                                  key:
+                                    description: The key of the secret to select from.  Must be a valid secret key.
+                                    type: string
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: The namespace of the secret, default to the pod's namespace.
+                                    type: string
+                                required:
+                                - key
+                                type: object
+                              webhook:
+                                description: The webhook of ChatBot which the message will send to.
+                                properties:
+                                  key:
+                                    description: The key of the secret to select from.  Must be a valid secret key.
+                                    type: string
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: The namespace of the secret, default to the pod's namespace.
+                                    type: string
+                                required:
+                                - key
+                                type: object
+                            required:
+                            - webhook
+                            type: object
+                          conversation:
+                            description: The conversation which message will send to.
+                            properties:
+                              chatids:
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - chatids
+                            type: object
+                          dingtalkConfigSelector:
+                            description: DingTalkConfig to be selected for this receiver
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                                items:
+                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector applies to.
+                                      type: string
+                                    operator:
+                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                      type: string
+                                    values:
+                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - key
+                                  - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                type: object
+                            type: object
+                          enabled:
+                            description: whether the receiver is enabled
+                            type: boolean
+                        type: object
+                      email:
+                        properties:
+                          alertSelector:
+                            description: Selector to filter alerts.
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                                items:
+                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector applies to.
+                                      type: string
+                                    operator:
+                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                      type: string
+                                    values:
+                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - key
+                                  - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                type: object
+                            type: object
+                          emailConfigSelector:
+                            description: EmailConfig to be selected for this receiver
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                                items:
+                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector applies to.
+                                      type: string
+                                    operator:
+                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                      type: string
+                                    values:
+                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - key
+                                  - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                type: object
+                            type: object
+                          enabled:
+                            description: whether the receiver is enabled
+                            type: boolean
+                          to:
+                            description: Receivers' email addresses
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - to
+                        type: object
+                      slack:
+                        properties:
+                          alertSelector:
+                            description: Selector to filter alerts.
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                                items:
+                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector applies to.
+                                      type: string
+                                    operator:
+                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                      type: string
+                                    values:
+                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - key
+                                  - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                type: object
+                            type: object
+                          channels:
+                            description: The channel or user to send notifications to.
+                            items:
+                              type: string
+                            type: array
+                          enabled:
+                            description: whether the receiver is enabled
+                            type: boolean
+                          slackConfigSelector:
+                            description: SlackConfig to be selected for this receiver
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                                items:
+                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector applies to.
+                                      type: string
+                                    operator:
+                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                      type: string
+                                    values:
+                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - key
+                                  - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                type: object
+                            type: object
+                        required:
+                        - channels
+                        type: object
+                      webhook:
+                        properties:
+                          alertSelector:
+                            description: Selector to filter alerts.
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                                items:
+                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector applies to.
+                                      type: string
+                                    operator:
+                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                      type: string
+                                    values:
+                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - key
+                                  - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                type: object
+                            type: object
+                          enabled:
+                            description: whether the receiver is enabled
+                            type: boolean
+                          httpConfig:
+                            description: HTTPClientConfig configures an HTTP client.
+                            properties:
+                              basicAuth:
+                                description: The HTTP basic authentication credentials for the targets.
+                                properties:
+                                  password:
+                                    description: SecretKeySelector selects a key of a Secret.
+                                    properties:
+                                      key:
+                                        description: The key of the secret to select from.  Must be a valid secret key.
+                                        type: string
+                                      name:
+                                        description: Name of the secret.
+                                        type: string
+                                      namespace:
+                                        description: The namespace of the secret, default to the pod's namespace.
+                                        type: string
+                                    required:
+                                    - key
+                                    type: object
+                                  username:
+                                    type: string
+                                required:
+                                - username
+                                type: object
+                              bearerToken:
+                                description: The bearer token for the targets.
+                                properties:
+                                  key:
+                                    description: The key of the secret to select from.  Must be a valid secret key.
+                                    type: string
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: The namespace of the secret, default to the pod's namespace.
+                                    type: string
+                                required:
+                                - key
+                                type: object
+                              proxyUrl:
+                                description: HTTP proxy server to use to connect to the targets.
+                                type: string
+                              tlsConfig:
+                                description: TLSConfig to use to connect to the targets.
+                                properties:
+                                  clientCertificate:
+                                    description: The certificate of the client.
+                                    properties:
+                                      cert:
+                                        description: The client cert file for the targets.
+                                        properties:
+                                          key:
+                                            description: The key of the secret to select from.  Must be a valid secret key.
+                                            type: string
+                                          name:
+                                            description: Name of the secret.
+                                            type: string
+                                          namespace:
+                                            description: The namespace of the secret, default to the pod's namespace.
+                                            type: string
+                                        required:
+                                        - key
+                                        type: object
+                                      key:
+                                        description: The client key file for the targets.
+                                        properties:
+                                          key:
+                                            description: The key of the secret to select from.  Must be a valid secret key.
+                                            type: string
+                                          name:
+                                            description: Name of the secret.
+                                            type: string
+                                          namespace:
+                                            description: The namespace of the secret, default to the pod's namespace.
+                                            type: string
+                                        required:
+                                        - key
+                                        type: object
+                                    type: object
+                                  insecureSkipVerify:
+                                    description: Disable target certificate validation.
+                                    type: boolean
+                                  rootCA:
+                                    description: RootCA defines the root certificate authorities that clients use when verifying server certificates.
+                                    properties:
+                                      key:
+                                        description: The key of the secret to select from.  Must be a valid secret key.
+                                        type: string
+                                      name:
+                                        description: Name of the secret.
+                                        type: string
+                                      namespace:
+                                        description: The namespace of the secret, default to the pod's namespace.
+                                        type: string
+                                    required:
+                                    - key
+                                    type: object
+                                  serverName:
+                                    description: Used to verify the hostname for the targets.
+                                    type: string
+                                type: object
+                            type: object
+                          service:
+                            description: "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified. \n If the webhook is running within the cluster, then you should use `service`."
+                            properties:
+                              name:
+                                description: '`name` is the name of the service. Required'
+                                type: string
+                              namespace:
+                                description: '`namespace` is the namespace of the service. Required'
+                                type: string
+                              path:
+                                description: '`path` is an optional URL path which will be sent in any request to this service.'
+                                type: string
+                              port:
+                                description: If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+                                format: int32
+                                type: integer
+                              scheme:
+                                description: Http scheme, default is http.
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                          url:
+                            description: "`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified. \n The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some api servers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address. \n Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster. \n A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier. \n Attempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either."
+                            type: string
+                          webhookConfigSelector:
+                            description: WebhookConfig to be selected for this receiver
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                                items:
+                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector applies to.
+                                      type: string
+                                    operator:
+                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                      type: string
+                                    values:
+                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - key
+                                  - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                type: object
+                            type: object
+                        type: object
+                      wechat:
+                        properties:
+                          alertSelector:
+                            description: Selector to filter alerts.
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                                items:
+                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector applies to.
+                                      type: string
+                                    operator:
+                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                      type: string
+                                    values:
+                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - key
+                                  - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                type: object
+                            type: object
+                          enabled:
+                            description: whether the receiver is enabled
+                            type: boolean
+                          toParty:
+                            items:
+                              type: string
+                            type: array
+                          toTag:
+                            items:
+                              type: string
+                            type: array
+                          toUser:
+                            items:
+                              type: string
+                            type: array
+                          wechatConfigSelector:
+                            description: WechatConfig to be selected for this receiver
+                            properties:
+                              matchExpressions:
+                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                                items:
+                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                                  properties:
+                                    key:
+                                      description: key is the label key that the selector applies to.
+                                      type: string
+                                    operator:
+                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                      type: string
+                                    values:
+                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - key
+                                  - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                type: object
+                            type: object
+                        type: object
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatedpersistentvolumeclaims.yaml
+++ b/config/crds/types.kubefed.io_federatedpersistentvolumeclaims.yaml
@@ -0,0 +1,248 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedpersistentvolumeclaims.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedPersistentVolumeClaim
+    listKind: FederatedPersistentVolumeClaimList
+    plural: federatedpersistentvolumeclaims
+    singular: federatedpersistentvolumeclaim
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  kind:
+                    description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  metadata:
+                    type: object
+                  spec:
+                    description: PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+                    properties:
+                      accessModes:
+                        description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+                        items:
+                          type: string
+                        type: array
+                      dataSource:
+                        description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.'
+                        properties:
+                          apiGroup:
+                            description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+                            type: string
+                          kind:
+                            description: Kind is the type of resource being referenced
+                            type: string
+                          name:
+                            description: Name is the name of resource being referenced
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                      resources:
+                        description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+                        properties:
+                          limits:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+                            type: object
+                          requests:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+                            type: object
+                        type: object
+                      selector:
+                        description: A label query over volumes to consider for binding.
+                        properties:
+                          matchExpressions:
+                            description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                            items:
+                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                              properties:
+                                key:
+                                  description: key is the label key that the selector applies to.
+                                  type: string
+                                operator:
+                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                                  type: string
+                                values:
+                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - key
+                              - operator
+                              type: object
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              type: string
+                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                            type: object
+                        type: object
+                      storageClassName:
+                        description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+                        type: string
+                      volumeMode:
+                        description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+                        type: string
+                      volumeName:
+                        description: VolumeName is the binding reference to the PersistentVolume backing this claim.
+                        type: string
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatedresourcequota.yaml
+++ b/config/crds/types.kubefed.io_federatedresourcequota.yaml
@@ -0,0 +1,198 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedresourcequota.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedResourceQuota
+    listKind: FederatedResourceQuotaList
+    plural: federatedresourcequota
+    singular: federatedresourcequota
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  spec:
+                    description: ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
+                    properties:
+                      hard:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
+                        type: object
+                      scopeSelector:
+                        description: scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
+                        properties:
+                          matchExpressions:
+                            description: A list of scope selector requirements by scope of the resources.
+                            items:
+                              description: A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.
+                              properties:
+                                operator:
+                                  description: Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+                                  type: string
+                                scopeName:
+                                  description: The name of the scope that the selector applies to.
+                                  type: string
+                                values:
+                                  description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - operator
+                              - scopeName
+                              type: object
+                            type: array
+                        type: object
+                      scopes:
+                        description: A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.
+                        items:
+                          description: A ResourceQuotaScope defines a filter that must match each object tracked by a quota
+                          type: string
+                        type: array
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatedsecrets.yaml
+++ b/config/crds/types.kubefed.io_federatedsecrets.yaml
@@ -0,0 +1,165 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedsecrets.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedSecret
+    listKind: FederatedSecretList
+    plural: federatedsecrets
+    singular: federatedsecret
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  data:
+                    additionalProperties:
+                      format: byte
+                      type: string
+                    type: object
+                  stringData:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  type:
+                    type: string
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/config/crds/types.kubefed.io_federatedservices.yaml
+++ b/config/crds/types.kubefed.io_federatedservices.yaml
@@ -0,0 +1,263 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  creationTimestamp: null
+  name: federatedservices.types.kubefed.io
+spec:
+  group: types.kubefed.io
+  names:
+    kind: FederatedService
+    listKind: FederatedServiceList
+    plural: federatedservices
+    singular: federatedservice
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              overrides:
+                items:
+                  properties:
+                    clusterName:
+                      type: string
+                    clusterOverrides:
+                      items:
+                        properties:
+                          op:
+                            type: string
+                          path:
+                            type: string
+                          value:
+                            type: object
+                        required:
+                        - path
+                        type: object
+                      type: array
+                  required:
+                  - clusterName
+                  type: object
+                type: array
+              placement:
+                properties:
+                  clusterSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  clusters:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              template:
+                properties:
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  kind:
+                    description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  metadata:
+                    type: object
+                  spec:
+                    description: ServiceSpec describes the attributes that a user creates on a service.
+                    properties:
+                      clusterIP:
+                        description: 'clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are "None", empty string (""), or a valid IP address. "None" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+                        type: string
+                      externalIPs:
+                        description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service.  These IPs are not managed by Kubernetes.  The user is responsible for ensuring that traffic arrives at a node with this IP.  A common example is external load-balancers that are not part of the Kubernetes system.
+                        items:
+                          type: string
+                        type: array
+                      externalName:
+                        description: externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Type to be ExternalName.
+                        type: string
+                      externalTrafficPolicy:
+                        description: externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.
+                        type: string
+                      healthCheckNodePort:
+                        description: healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set to Local.
+                        format: int32
+                        type: integer
+                      ipFamily:
+                        description: ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. IPv6).  If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is available in the cluster.  If no IP family is requested, the cluster's primary IP family will be used. Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which allocate external load-balancers should use the same IP family.  Endpoints for this Service will be of this family.  This field is immutable after creation. Assigning a ServiceIPFamily not available in the cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment.
+                        type: string
+                      loadBalancerIP:
+                        description: 'Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.'
+                        type: string
+                      loadBalancerSourceRanges:
+                        description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/'
+                        items:
+                          type: string
+                        type: array
+                      ports:
+                        description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+                        items:
+                          description: ServicePort contains information on service's port.
+                          properties:
+                            appProtocol:
+                              description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. Field can be enabled with ServiceAppProtocol feature gate.
+                              type: string
+                            name:
+                              description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+                              type: string
+                            nodePort:
+                              description: 'The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+                              format: int32
+                              type: integer
+                            port:
+                              description: The port that will be exposed by this service.
+                              format: int32
+                              type: integer
+                            protocol:
+                              default: TCP
+                              description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+                              type: string
+                            targetPort:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+                              x-kubernetes-int-or-string: true
+                          required:
+                          - port
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - port
+                        - protocol
+                        x-kubernetes-list-type: map
+                      publishNotReadyAddresses:
+                        description: publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery.
+                        type: boolean
+                      selector:
+                        additionalProperties:
+                          type: string
+                        description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+                        type: object
+                      sessionAffinity:
+                        description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+                        type: string
+                      sessionAffinityConfig:
+                        description: sessionAffinityConfig contains the configurations of session affinity.
+                        properties:
+                          clientIP:
+                            description: clientIP contains the configurations of Client IP based session affinity.
+                            properties:
+                              timeoutSeconds:
+                                description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+                                format: int32
+                                type: integer
+                            type: object
+                        type: object
+                      topologyKeys:
+                        description: topologyKeys is a preference-order list of topology keys which implementations of services should use to preferentially sort endpoints when accessing this Service, it can not be used at the same time as externalTrafficPolicy=Local. Topology keys must be valid label keys and at most 16 keys may be specified. Endpoints are chosen based on the first topology key with available backends. If this field is specified and all entries have no backends that match the topology of the client, the service has no backends for that client and connections should fail. The special value "*" may be used to mean "any topology". This catch-all value, if used, only makes sense as the last value in the list. If this is not specified or empty, no topology constraints will be applied.
+                        items:
+                          type: string
+                        type: array
+                      type:
+                        description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ExternalName" maps to the specified externalName. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+                        type: string
+                    type: object
+                type: object
+            required:
+            - placement
+            - template
+            type: object
+          status:
+            properties:
+              clusters:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status to another.
+                      type: string
+                    lastUpdateTime:
+                      description: Last time reconciliation resulted in an error or the last time a change was propagated to member clusters.
+                      type: string
+                    reason:
+                      description: (brief) reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of cluster condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                format: int64
+                type: integer
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/Show More
+++ b/Show More