admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:v3.3.0
Branches Tags
admin:master admin:dependabot/go_modules/staging/src/kubesphere.io/utils/github.com/containerd/containerd-1.7.29 admin:dependabot/go_modules/staging/src/kubesphere.io/utils/helm.sh/helm/v3-3.18.5 admin:release-4.1 admin:release-3.2 admin:release-3.3 admin:release-3.4 admin:release-3.1 admin:release-3.0 admin:release-2.1 admin:advanced-2.0 admin:advanced-1.0 admin:express
admin:helm-chart-1.1.5 admin:v4.1.3 admin:v4.1.3-rc.0 admin:helm-chart-1.1.3 admin:v4.1.2 admin:helm-chart-1.1.2 admin:v4.1.1 admin:v3.4.1 admin:v3.4.1-alpha.0 admin:v3.4.1-alpha.1 admin:v3.4.0 admin:v3.4.0-rc.0 admin:v3.3.2 admin:v3.3.2-rc.2 admin:v3.3.2-rc.0 admin:v3.3.2-rc.1 admin:v3.3.1-rc.5 admin:v3.3.1 admin:v3.3.1-rc.4 admin:v3.3.1-rc.3 admin:v3.3.1-rc.2 admin:v3.3.1-rc.1 admin:v3.3.1-rc.0 admin:v3.3.0 admin:v3.3.0-rc.3 admin:v3.3.0-rc.2 admin:v3.3.0-rc.1 admin:v3.3.0-rc.0 admin:v3.3.0-alpha.1 admin:v3.3.0-alpha.0 admin:v3.2.1 admin:v3.2.1-rc.3 admin:v3.2.1-rc.2 admin:v3.2.1-rc.1 admin:v3.2.0 admin:v3.2.0-rc.1 admin:v3.2.0-alpha.1 admin:v3.2.0-alpha.0 admin:v3.1.1 admin:v3.1.1-rc.1 admin:v3.1.1-rc.0 admin:v3.1.0 admin:v3.1.0-alpha.0 admin:v3.0.0 admin:v2.1.1 admin:v2.1.0 admin:advanced-2.0.2 admin:advanced-2.0.0 admin:advanced-1.0.1 admin:advanced-1.0.0 admin:express-1.0.0-alpha
..
compare: admin:express-1.0.0-alpha
Branches Tags
admin:dependabot/go_modules/staging/src/kubesphere.io/utils/github.com/containerd/containerd-1.7.29 admin:master admin:dependabot/go_modules/staging/src/kubesphere.io/utils/helm.sh/helm/v3-3.18.5 admin:release-4.1 admin:release-3.2 admin:release-3.3 admin:release-3.4 admin:release-3.1 admin:release-3.0 admin:release-2.1 admin:advanced-2.0 admin:advanced-1.0 admin:express
admin:helm-chart-1.1.5 admin:v4.1.3 admin:v4.1.3-rc.0 admin:helm-chart-1.1.3 admin:v4.1.2 admin:helm-chart-1.1.2 admin:v4.1.1 admin:v3.4.1 admin:v3.4.1-alpha.0 admin:v3.4.1-alpha.1 admin:v3.4.0 admin:v3.4.0-rc.0 admin:v3.3.2 admin:v3.3.2-rc.2 admin:v3.3.2-rc.0 admin:v3.3.2-rc.1 admin:v3.3.1-rc.5 admin:v3.3.1 admin:v3.3.1-rc.4 admin:v3.3.1-rc.3 admin:v3.3.1-rc.2 admin:v3.3.1-rc.1 admin:v3.3.1-rc.0 admin:v3.3.0 admin:v3.3.0-rc.3 admin:v3.3.0-rc.2 admin:v3.3.0-rc.1 admin:v3.3.0-rc.0 admin:v3.3.0-alpha.1 admin:v3.3.0-alpha.0 admin:v3.2.1 admin:v3.2.1-rc.3 admin:v3.2.1-rc.2 admin:v3.2.1-rc.1 admin:v3.2.0 admin:v3.2.0-rc.1 admin:v3.2.0-alpha.1 admin:v3.2.0-alpha.0 admin:v3.1.1 admin:v3.1.1-rc.1 admin:v3.1.1-rc.0 admin:v3.1.0 admin:v3.1.0-alpha.0 admin:v3.0.0 admin:v2.1.1 admin:v2.1.0 admin:advanced-2.0.2 admin:advanced-2.0.0 admin:advanced-1.0.1 admin:advanced-1.0.0 admin:express-1.0.0-alpha

2 Commits
v3.3.0 ... express-1.

Author SHA1 Message Date
jeff
2b031861d6 update vendor 2018-07-11 20:01:08 +08:00
yanmingfan
88b5fb3186 alter components function to filter uncomponents svc 2018-07-11 19:42:23 +08:00
12112 changed files with 349270 additions and 2507873 deletions
Expand all files Collapse all files

1
.dockerignore Normal file
View File

@@ -0,0 +1 @@
tmp/

2
.env Normal file
View File

@@ -0,0 +1,2 @@
DATA_PATH=./tmp
KUBESPHERE_LOG_LEVEL=debug

4
.gitattributes vendored
View File

@@ -1,6 +1,2 @@
pkg/cmd/api/spec/api.swagger.json linguist-generated=true
pkg/cmd/api/spec/static.go linguist-generated=true
pkg/client/* linguist-generated=true
config/crds/* linguist-generated=true
config/rbac/* linguist-generated=true
zz_generated.deepcopy.go linguist-generated=true

42
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@@ -1,42 +0,0 @@
---
name: Bug report
labels: ["kind/bug"]
about: Create a report to help us improve
---
<!--
You don't need to remove this comment section, it's invisible on the issues page.
## General remarks
* Attention, please fill out this issues form using English only!
* 注意GitHub Issue 仅支持英文,中文 Issue 请在 [论坛](https://kubesphere.com.cn/forum/) 提交。
* This form is to report bugs. For general usage questions you can join our Slack channel
[KubeSphere-users](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE)
-->
**Describe the Bug**
A clear and concise description of what the bug is.
For UI issues please also add a screenshot that shows the issue.
**Versions Used**
KubeSphere:
Kubernetes: (If KubeSphere installer used, you can skip this)
**Environment**
How many nodes and their hardware configuration:
For example: CentOS 7.5 / 3 masters: 8cpu/8g; 3 nodes: 8cpu/16g
(and other info are welcomed to help us debugging)
**How To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen.

69
.github/ISSUE_TEMPLATE/feature_request.md vendored
View File

@@ -1,69 +0,0 @@
---
name: Feature Request
about: Have a good idea? Please don't hesitate to write it down, describe the new feature.
---
<!--
You don't need to remove this comment section, it's invisible on the issues page.
## General remarks
* Attention, please fill out this issues form using English only!
* 注意GitHub Issue 仅支持英文,中文 Issue 请在 [论坛](https://kubesphere.com.cn/forum/) 提交。
* This form is to report bugs. For general usage questions, you can join our Slack channel
[KubeSphere-users](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE)
-->
**What's it about?**
<!--
A clear and concise description of what this feature request is.
-->
**What's the reason why we need it?**
<!--
Please tell us if you think it's a necessary feature for Kubesphere. Give us as many details about it as you can.
Two or more use cases might be very helpful when other contributors try to go through this request. If you have some references,
please just add it below.
-->
I believe this is an important feature for Kubesphere. There're a few use cases:
* case one
* case two
* ...
Please leave your comments below if there's anyone agrees with me. Or just give me a thumb up.
**Area Suggestion**
<!--
In order to have a clear issue list, giving an accuracy area is necessary. If you are not sure about it, please just leave it alone.
You can find some possible areas below. Please attention, sometimes crossing multiple areas might be possible. So, you
can keep one or more areas in this issue.
> /area alerting
> /area api
> /area apiserver
> /area app-management
> /area audit
> /area console
> /area devops
> /area documentation
> /area edge
> /area iam
> /area installation
> /area logging
> /area microservice
> /area monitoring
> /area multicluster
> /area networking
> /area notification
> /area observability
> /area performance
> /area security
> /area storage
> /area test
> /area upgrade
-->
/kind feature-request

30
.github/ISSUE_TEMPLATE/installation_failure.md vendored
View File

@@ -1,30 +0,0 @@
---
name: Installation Issue
about: Create an issue to help us improve installation
---
## English only!
**注意GitHub Issue 仅支持英文,中文 Issue 请在 [论坛](https://kubesphere.com.cn/forum/) 提交。**
**General remarks**
> Please delete this section including header before submitting
>
> This form is to report installation issues. For general usage questions you can refer to [KubeSphere Documentation](https://kubesphere.io/docs) or join our Slack channel
> [KubeSphere-users](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE)
**What's your question**
**Environment: OS & Hardware Information**
> Important: You must describe your environment clearly, e.g. VMware or Bare Metal, CentOS 7.5, 8 C / 16 G (If you install on Linux), Or Kubernetes v1.16 (If you install on K8s).
**Error logs or message (Attach logs or screenshot)**
**Installer Version**
> e.g. v2.1.0, v2.1.1, v3.0.0

62
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -1,62 +0,0 @@
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If you want **faster** PR reviews, read how: https://github.com/kubesphere/community/blob/master/developer-guide/development/the-pr-author-guide-to-getting-through-code-review.md
2. In case you want to know how your PR got reviewed, read: https://github.com/kubesphere/community/blob/master/developer-guide/development/code-review-guide.md
3. Here are some coding convetions followed by KubeSphere community: https://github.com/kubesphere/community/blob/master/developer-guide/development/coding-conventions.md
-->
### What type of PR is this?
<!--
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind design
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
### What this PR does / why we need it:
### Which issue(s) this PR fixes:
<!--
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
_If PR is about `failing-tests or flakes`, please post the related issues/tests in a comment and do not use `Fixes`_*
-->
Fixes #
### Special notes for reviewers:
```
```
### Does this PR introduced a user-facing change?
<!--
If no, just write "None" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
For more information on release notes see: https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md
-->
```release-note
```
### Additional documentation, usage docs, etc.:
<!--
This section can be blank if this pull request does not require a release note.
Please use the following format for linking documentation or pass the
section below:
- [KEP]: <link>
- [Usage]: <link>
- [Other doc]: <link>
-->
```docs
```

20
.github/stale.yml vendored
View File

@@ -1,20 +0,0 @@
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 90
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 30
# Issues with these labels will never be considered stale
exemptLabels:
- frozen
- kind/feature-request
- kind/feature
- kind/security
- kind/design
staleLabel: stale
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs. Any further update will
cause the issue/pull request to no longer be considered stale. Thank you for your contributions.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: >
This issue is being automatically closed due to inactivity.

42
.github/workflows/build-multiarch.yaml vendored
View File

@@ -1,42 +0,0 @@
name: BuildContainerImage
on:
push:
branches:
- 'master'
- 'release-*'
tags:
- 'v*'
pull_request:
branches:
- 'master'
- 'release-*'
jobs:
build:
name: Build
runs-on: ubuntu-latest
env:
GO111MODULE: on
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: all
- name: Set up Docker buildx
uses: docker/setup-buildx-action@v1
- name: Build and push docker images
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
if: github.event_name == 'push'
run: |
echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
REPO=kubespheredev TAG="${GITHUB_REF#refs/*/}" make container-cross-push

44
.github/workflows/e2e-test.yml vendored
View File

@@ -1,44 +0,0 @@
name: e2e
on:
schedule:
# run e2e test every 4 hours
- cron: 0 */4 * * *
workflow_dispatch:
jobs:
build:
name: Test
runs-on: ubuntu-latest
env:
GO111MODULE: on
steps:
- name: Set up Go 1.16
uses: actions/setup-go@v2
with:
go-version: 1.16
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Create kind cluster
uses: helm/kind-action@v1.2.0
with:
config: .github/workflows/kind/kind.yaml
- name: Deploy KubeSphere to Kind
run: KIND_CLUSTER_NAME=chart-testing hack/deploy-kubesphere.sh
- name: Run e2e testing
run: go test ./test/e2e
- name: slack
uses: 8398a7/action-slack@v3
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
fields: repo,message,commit,author,action,eventName,ref,workflow,job,took
if: failure()

11
.github/workflows/kind/kind.yaml vendored
View File

@@ -1,11 +0,0 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
image: kindest/node:v1.21.1
extraMounts:
- hostPath: /etc/localtime
containerPath: /etc/localtime
extraPortMappings:
- containerPort: 30881
hostPort: 9090

53
.github/workflows/nightly-builds.yml vendored
View File

@@ -1,53 +0,0 @@
name: NightlyBuild
on:
schedule:
# This is a UTC time
- cron: "0 16 * * *"
# Keep it only for test purpose, comment it once everything is ok
workflow_dispatch:
jobs:
build:
name: Build
runs-on: ubuntu-latest
env:
GO111MODULE: on
steps:
- name: Set up Go 1.16
uses: actions/setup-go@v2
with:
go-version: 1.16
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: all
- name: Set up Docker buildx
uses: docker/setup-buildx-action@v1
- name: Build and push docker images
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
tag=nightly-$(date '+%Y%m%d')
REPO=kubespheredev TAG=${tag} make container-cross-push
- name: slack
uses: 8398a7/action-slack@v3
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
fields: repo,message,commit,author,action,eventName,ref,workflow,job,took
if: failure()

14
.gitignore vendored
View File

@@ -4,7 +4,6 @@
*.dll
*.so
*.dylib
*.a
# Test binary, build with `go test -c`
*.test
@@ -19,17 +18,8 @@ bin/
# Vscode files
.vscode/
__debug_bin
tmp/
# OSX trash
.DS_Store
api.json
*.coverprofile
cover.out
coverage.txt
kustomize/network/etcd
apiserver.local.config
tmp/
kubesphere.yaml
testbin/

62
.licenserc.yaml
View File

@@ -1,62 +0,0 @@
#
# Copyright 2022 The KubeSphere Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
header:
license:
spdx-id: Apache-2.0
copyright-owner: KubeSphere Authors
content: |
Copyright 2022 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
paths-ignore:
- 'api'
- 'build'
- 'docs'
- 'config'
- 'test'
- 'install'
- 'hack'
- 'vendor'
- 'staging'
- 'LICENSE'
- 'OWNERS'
- 'Makefile'
- 'pkg/client/**'
- 'pkg/simple/client/**'
- '**/*.md'
- '**/*.json'
- '**/go.mod'
- '**/go.sum'
- '.github/**'
- '.gitignore'
- '.gitattributes'
- 'pkg/controller/application/status.go'
comment: on-failure

32
.travis.yml Normal file
View File

@@ -0,0 +1,32 @@
sudo: required
services:
- docker
language: go
go:
- 1.10
- tip
go_import_path: kubesphere.io/kubesphere
before_install:
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- sudo apt-get update
- sudo apt-get -y install docker-ce
- dep ensure -v
before_script:
- docker --version
script:
- make fmt-check && make build
deploy:
provider: script
script: bash install/scripts/docker_push
on:
branch: master

13
AUTHORS Normal file
View File

@@ -0,0 +1,13 @@
# This is the official list of KubeSphere authors for copyright purposes.
# This file is distinct from the CONTRIBUTORS files.
# See the latter for an explanation.
# Names should be added to this file as one of
# Organization's name
# Individual's name <submission email address>
# Individual's name <submission email address> <email2> <emailN>
# See CONTRIBUTORS for the meaning of multiple email addresses.
# Please keep the list sorted.
Yunify Inc.

3
CONTRIBUTING.md
View File

@@ -1,3 +0,0 @@
# Guide
This [document](https://github.com/kubesphere/community) walks you through how to get started contributing KubeSphere.

20
CONTRIBUTORS Normal file
View File

@@ -0,0 +1,20 @@
# This is the official list of people who can contribute
# (and typically have contributed) code to the KubeSphere repository.
# The AUTHORS file lists the copyright holders; this file
# lists people. For example, Yunify employees are listed here
# but not in AUTHORS, because Yunify holds the copyright.
#
# When adding J Random Contributor's name to this file,
# either J's name or J's organization's name should be
# added to the AUTHORS file.
# Names should be added to this file like so:
# Individual's name <submission email address>
# Individual's name <submission email address> <email2> <emailN>
#
# An entry with multiple email addresses specifies that the
# first address should be used in the submit logs.
# Please keep the list sorted.
Ray@qingcloud <ray@yunify.com>

17
Dockerfile Normal file
View File

@@ -0,0 +1,17 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
FROM kubesphere/kubesphere-builder as builder
WORKDIR /go/src/kubesphere.io/kubesphere/
COPY . .
RUN go generate kubesphere.io/kubesphere/pkg/version && \
go install kubesphere.io/kubesphere/cmd/...
FROM alpine:3.6
RUN apk add --update ca-certificates && update-ca-certificates
COPY --from=builder /go/bin/* /usr/local/bin/
CMD ["sh"]

10
Dockerfile.dev Normal file
View File

@@ -0,0 +1,10 @@
FROM alpine:3.6
RUN apk add --update ca-certificates \
&& update-ca-certificates \
&& mkdir -p /etc/kubesphere/ingress-controller
COPY ./bin/* /usr/local/bin/
COPY ./install/ingress-controller /etc/kubesphere/ingress-controller
CMD ["sh"]

596
Gopkg.lock generated Normal file
View File

@@ -0,0 +1,596 @@
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
[[projects]]
name = "github.com/Microsoft/go-winio"
packages = ["."]
revision = "7da180ee92d8bd8bb8c37fc560e673e6557c392f"
version = "v0.4.7"
[[projects]]
name = "github.com/Sirupsen/logrus"
packages = ["."]
revision = "c155da19408a8799da419ed3eeb0cb5db0ad5dbc"
version = "v1.0.5"
[[projects]]
name = "github.com/antonholmquist/jason"
packages = ["."]
revision = "c23cef7eaa75a6a5b8810120e167bd590d8fd2ab"
version = "v1.0.0"
[[projects]]
name = "github.com/coreos/etcd"
packages = [
"auth/authpb",
"clientv3",
"etcdserver/api/v3rpc/rpctypes",
"etcdserver/etcdserverpb",
"mvcc/mvccpb",
"pkg/tlsutil",
"pkg/transport",
"pkg/types"
]
revision = "33245c6b5b49130ca99280408fadfab01aac0e48"
version = "v3.3.8"
[[projects]]
name = "github.com/davecgh/go-spew"
packages = ["spew"]
revision = "346938d642f2ec3594ed81d874461961cd0faa76"
version = "v1.1.0"
[[projects]]
branch = "master"
name = "github.com/docker/distribution"
packages = [
"digestset",
"reference"
]
revision = "749f6afb4572201e3c37325d0ffedb6f32be8950"
[[projects]]
name = "github.com/docker/docker"
packages = [
"api",
"api/types",
"api/types/blkiodev",
"api/types/container",
"api/types/events",
"api/types/filters",
"api/types/image",
"api/types/mount",
"api/types/network",
"api/types/registry",
"api/types/strslice",
"api/types/swarm",
"api/types/time",
"api/types/versions",
"api/types/volume",
"client",
"pkg/ioutils",
"pkg/longpath",
"pkg/system",
"pkg/tlsconfig"
]
revision = "90d35abf7b3535c1c319c872900fbd76374e521c"
version = "v17.05.0-ce-rc3"
[[projects]]
branch = "master"
name = "github.com/docker/go-connections"
packages = [
"nat",
"sockets",
"tlsconfig"
]
revision = "7395e3f8aa162843a74ed6d48e79627d9792ac55"
[[projects]]
name = "github.com/docker/go-units"
packages = ["."]
revision = "47565b4f722fb6ceae66b95f853feed578a4a51c"
version = "v0.3.3"
[[projects]]
branch = "master"
name = "github.com/docker/libtrust"
packages = ["."]
revision = "aabc10ec26b754e797f9028f4589c5b7bd90dc20"
[[projects]]
branch = "master"
name = "github.com/docker/spdystream"
packages = [
".",
"spdy"
]
revision = "bc6354cbbc295e925e4c611ffe90c1f287ee54db"
[[projects]]
name = "github.com/emicklei/go-restful"
packages = [
".",
"log"
]
revision = "3658237ded108b4134956c1b3050349d93e7b895"
version = "v2.7.1"
[[projects]]
name = "github.com/ghodss/yaml"
packages = ["."]
revision = "0ca9ea5df5451ffdf184b4428c902747c2c11cd7"
version = "v1.0.0"
[[projects]]
name = "github.com/go-sql-driver/mysql"
packages = ["."]
revision = "d523deb1b23d913de5bdada721a6071e71283618"
version = "v1.4.0"
[[projects]]
name = "github.com/gogo/protobuf"
packages = [
"gogoproto",
"proto",
"protoc-gen-gogo/descriptor",
"sortkeys"
]
revision = "1adfc126b41513cc696b209667c8656ea7aac67c"
version = "v1.0.0"
[[projects]]
branch = "master"
name = "github.com/golang/glog"
packages = ["."]
revision = "23def4e6c14b4da8ac2ed8007337bc5eb5007998"
[[projects]]
name = "github.com/golang/protobuf"
packages = [
"proto",
"ptypes",
"ptypes/any",
"ptypes/duration",
"ptypes/timestamp"
]
revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265"
version = "v1.1.0"
[[projects]]
branch = "master"
name = "github.com/google/gofuzz"
packages = ["."]
revision = "24818f796faf91cd76ec7bddd72458fbced7a6c1"
[[projects]]
name = "github.com/googleapis/gnostic"
packages = [
"OpenAPIv2",
"compiler",
"extensions"
]
revision = "7c663266750e7d82587642f65e60bc4083f1f84e"
version = "v0.2.0"
[[projects]]
name = "github.com/gorilla/websocket"
packages = ["."]
revision = "ea4d1f681babbce9545c9c5f3d5194a789c89f5b"
version = "v1.2.0"
[[projects]]
branch = "master"
name = "github.com/hashicorp/golang-lru"
packages = [
".",
"simplelru"
]
revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3"
[[projects]]
branch = "master"
name = "github.com/howeyc/gopass"
packages = ["."]
revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8"
[[projects]]
name = "github.com/imdario/mergo"
packages = ["."]
revision = "9316a62528ac99aaecb4e47eadd6dc8aa6533d58"
version = "v0.3.5"
[[projects]]
name = "github.com/jinzhu/gorm"
packages = ["."]
revision = "6ed508ec6a4ecb3531899a69cbc746ccf65a4166"
version = "v1.9.1"
[[projects]]
branch = "master"
name = "github.com/jinzhu/inflection"
packages = ["."]
revision = "04140366298a54a039076d798123ffa108fff46c"
[[projects]]
name = "github.com/json-iterator/go"
packages = ["."]
revision = "ca39e5af3ece67bbcda3d0f4f56a8e24d9f2dad4"
version = "1.1.3"
[[projects]]
name = "github.com/modern-go/concurrent"
packages = ["."]
revision = "bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94"
version = "1.0.3"
[[projects]]
name = "github.com/modern-go/reflect2"
packages = ["."]
revision = "1df9eeb2bb81f327b96228865c5687bc2194af3f"
version = "1.0.0"
[[projects]]
name = "github.com/opencontainers/go-digest"
packages = ["."]
revision = "279bed98673dd5bef374d3b6e4b09e2af76183bf"
version = "v1.0.0-rc1"
[[projects]]
name = "github.com/pkg/errors"
packages = ["."]
revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
version = "v0.8.0"
[[projects]]
name = "github.com/spf13/pflag"
packages = ["."]
revision = "583c0c0531f06d5278b7d917446061adc344b5cd"
version = "v1.0.1"
[[projects]]
branch = "master"
name = "golang.org/x/crypto"
packages = ["ssh/terminal"]
revision = "7f39a6fea4fe9364fb61e1def6a268a51b4f3a06"
[[projects]]
branch = "master"
name = "golang.org/x/net"
packages = [
"context",
"context/ctxhttp",
"http/httpguts",
"http2",
"http2/hpack",
"idna",
"internal/socks",
"internal/timeseries",
"proxy",
"trace"
]
revision = "db08ff08e8622530d9ed3a0e8ac279f6d4c02196"
[[projects]]
branch = "master"
name = "golang.org/x/sys"
packages = [
"unix",
"windows"
]
revision = "fc8bd948cf46f9c7af0f07d34151ce25fe90e477"
[[projects]]
name = "golang.org/x/text"
packages = [
"collate",
"collate/build",
"internal/colltab",
"internal/gen",
"internal/tag",
"internal/triegen",
"internal/ucd",
"language",
"secure/bidirule",
"transform",
"unicode/bidi",
"unicode/cldr",
"unicode/norm",
"unicode/rangetable"
]
revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
version = "v0.3.0"
[[projects]]
branch = "master"
name = "golang.org/x/time"
packages = ["rate"]
revision = "fbb02b2291d28baffd63558aa44b4b56f178d650"
[[projects]]
name = "google.golang.org/appengine"
packages = ["cloudsql"]
revision = "b1f26356af11148e710935ed1ac8a7f5702c7612"
version = "v1.1.0"
[[projects]]
branch = "master"
name = "google.golang.org/genproto"
packages = ["googleapis/rpc/status"]
revision = "32ee49c4dd805befd833990acba36cb75042378c"
[[projects]]
name = "google.golang.org/grpc"
packages = [
".",
"balancer",
"balancer/base",
"balancer/roundrobin",
"codes",
"connectivity",
"credentials",
"encoding",
"encoding/proto",
"grpclog",
"health/grpc_health_v1",
"internal",
"internal/backoff",
"internal/channelz",
"internal/grpcrand",
"keepalive",
"metadata",
"naming",
"peer",
"resolver",
"resolver/dns",
"resolver/passthrough",
"stats",
"status",
"tap",
"transport"
]
revision = "168a6198bcb0ef175f7dacec0b8691fc141dc9b8"
version = "v1.13.0"
[[projects]]
name = "gopkg.in/igm/sockjs-go.v2"
packages = ["sockjs"]
revision = "d276e9ffe5cc5c271b81198cc77a2adf6c4482d2"
version = "v2.0.0"
[[projects]]
name = "gopkg.in/inf.v0"
packages = ["."]
revision = "d2d2541c53f18d2a059457998ce2876cc8e67cbf"
version = "v0.9.1"
[[projects]]
name = "gopkg.in/yaml.v2"
packages = ["."]
revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183"
version = "v2.2.1"
[[projects]]
name = "k8s.io/api"
packages = [
"admissionregistration/v1alpha1",
"admissionregistration/v1beta1",
"apps/v1",
"apps/v1beta1",
"apps/v1beta2",
"authentication/v1",
"authentication/v1beta1",
"authorization/v1",
"authorization/v1beta1",
"autoscaling/v1",
"autoscaling/v2beta1",
"batch/v1",
"batch/v1beta1",
"batch/v2alpha1",
"certificates/v1beta1",
"core/v1",
"events/v1beta1",
"extensions/v1beta1",
"networking/v1",
"policy/v1beta1",
"rbac/v1",
"rbac/v1alpha1",
"rbac/v1beta1",
"scheduling/v1alpha1",
"settings/v1alpha1",
"storage/v1",
"storage/v1alpha1",
"storage/v1beta1"
]
revision = "73d903622b7391f3312dcbac6483fed484e185f8"
version = "kubernetes-1.10.0"
[[projects]]
name = "k8s.io/apimachinery"
packages = [
"pkg/api/errors",
"pkg/api/meta",
"pkg/api/resource",
"pkg/apis/meta/internalversion",
"pkg/apis/meta/v1",
"pkg/apis/meta/v1/unstructured",
"pkg/apis/meta/v1beta1",
"pkg/conversion",
"pkg/conversion/queryparams",
"pkg/fields",
"pkg/labels",
"pkg/runtime",
"pkg/runtime/schema",
"pkg/runtime/serializer",
"pkg/runtime/serializer/json",
"pkg/runtime/serializer/protobuf",
"pkg/runtime/serializer/recognizer",
"pkg/runtime/serializer/streaming",
"pkg/runtime/serializer/versioning",
"pkg/selection",
"pkg/types",
"pkg/util/cache",
"pkg/util/clock",
"pkg/util/diff",
"pkg/util/errors",
"pkg/util/framer",
"pkg/util/httpstream",
"pkg/util/httpstream/spdy",
"pkg/util/intstr",
"pkg/util/json",
"pkg/util/net",
"pkg/util/rand",
"pkg/util/remotecommand",
"pkg/util/runtime",
"pkg/util/sets",
"pkg/util/validation",
"pkg/util/validation/field",
"pkg/util/wait",
"pkg/util/yaml",
"pkg/version",
"pkg/watch",
"third_party/forked/golang/netutil",
"third_party/forked/golang/reflect"
]
revision = "302974c03f7e50f16561ba237db776ab93594ef6"
version = "kubernetes-1.10.0"
[[projects]]
name = "k8s.io/client-go"
packages = [
"discovery",
"informers",
"informers/admissionregistration",
"informers/admissionregistration/v1alpha1",
"informers/admissionregistration/v1beta1",
"informers/apps",
"informers/apps/v1",
"informers/apps/v1beta1",
"informers/apps/v1beta2",
"informers/autoscaling",
"informers/autoscaling/v1",
"informers/autoscaling/v2beta1",
"informers/batch",
"informers/batch/v1",
"informers/batch/v1beta1",
"informers/batch/v2alpha1",
"informers/certificates",
"informers/certificates/v1beta1",
"informers/core",
"informers/core/v1",
"informers/events",
"informers/events/v1beta1",
"informers/extensions",
"informers/extensions/v1beta1",
"informers/internalinterfaces",
"informers/networking",
"informers/networking/v1",
"informers/policy",
"informers/policy/v1beta1",
"informers/rbac",
"informers/rbac/v1",
"informers/rbac/v1alpha1",
"informers/rbac/v1beta1",
"informers/scheduling",
"informers/scheduling/v1alpha1",
"informers/settings",
"informers/settings/v1alpha1",
"informers/storage",
"informers/storage/v1",
"informers/storage/v1alpha1",
"informers/storage/v1beta1",
"kubernetes",
"kubernetes/scheme",
"kubernetes/typed/admissionregistration/v1alpha1",
"kubernetes/typed/admissionregistration/v1beta1",
"kubernetes/typed/apps/v1",
"kubernetes/typed/apps/v1beta1",
"kubernetes/typed/apps/v1beta2",
"kubernetes/typed/authentication/v1",
"kubernetes/typed/authentication/v1beta1",
"kubernetes/typed/authorization/v1",
"kubernetes/typed/authorization/v1beta1",
"kubernetes/typed/autoscaling/v1",
"kubernetes/typed/autoscaling/v2beta1",
"kubernetes/typed/batch/v1",
"kubernetes/typed/batch/v1beta1",
"kubernetes/typed/batch/v2alpha1",
"kubernetes/typed/certificates/v1beta1",
"kubernetes/typed/core/v1",
"kubernetes/typed/events/v1beta1",
"kubernetes/typed/extensions/v1beta1",
"kubernetes/typed/networking/v1",
"kubernetes/typed/policy/v1beta1",
"kubernetes/typed/rbac/v1",
"kubernetes/typed/rbac/v1alpha1",
"kubernetes/typed/rbac/v1beta1",
"kubernetes/typed/scheduling/v1alpha1",
"kubernetes/typed/settings/v1alpha1",
"kubernetes/typed/storage/v1",
"kubernetes/typed/storage/v1alpha1",
"kubernetes/typed/storage/v1beta1",
"listers/admissionregistration/v1alpha1",
"listers/admissionregistration/v1beta1",
"listers/apps/v1",
"listers/apps/v1beta1",
"listers/apps/v1beta2",
"listers/autoscaling/v1",
"listers/autoscaling/v2beta1",
"listers/batch/v1",
"listers/batch/v1beta1",
"listers/batch/v2alpha1",
"listers/certificates/v1beta1",
"listers/core/v1",
"listers/events/v1beta1",
"listers/extensions/v1beta1",
"listers/networking/v1",
"listers/policy/v1beta1",
"listers/rbac/v1",
"listers/rbac/v1alpha1",
"listers/rbac/v1beta1",
"listers/scheduling/v1alpha1",
"listers/settings/v1alpha1",
"listers/storage/v1",
"listers/storage/v1alpha1",
"listers/storage/v1beta1",
"pkg/apis/clientauthentication",
"pkg/apis/clientauthentication/v1alpha1",
"pkg/version",
"plugin/pkg/client/auth/exec",
"rest",
"rest/watch",
"tools/auth",
"tools/cache",
"tools/clientcmd",
"tools/clientcmd/api",
"tools/clientcmd/api/latest",
"tools/clientcmd/api/v1",
"tools/metrics",
"tools/pager",
"tools/reference",
"tools/remotecommand",
"transport",
"transport/spdy",
"util/buffer",
"util/cert",
"util/exec",
"util/flowcontrol",
"util/homedir",
"util/integer",
"util/retry"
]
revision = "23781f4d6632d88e869066eaebb743857aa1ef9b"
version = "v7.0.0"
[[projects]]
name = "k8s.io/kubernetes"
packages = ["pkg/util/slice"]
revision = "5ca598b4ba5abb89bb773071ce452e33fb66339d"
version = "v1.10.4"
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "afd0a3a0e96a5054e6b99afd53b78888125726fc89c62f121984cd73a6ca4fb3"
solver-name = "gps-cdcl"
solver-version = 1

90
Gopkg.toml Normal file
View File

@@ -0,0 +1,90 @@
# Gopkg.toml example
#
# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
#
# [[constraint]]
# name = "github.com/user/project"
# version = "1.0.0"
#
# [[constraint]]
# name = "github.com/user/project2"
# branch = "dev"
# source = "github.com/myfork/project2"
#
# [[override]]
# name = "github.com/x/y"
# version = "2.4.0"
#
# [prune]
# non-go = false
# go-tests = true
# unused-packages = true
[[constraint]]
name = "github.com/coreos/etcd"
version = "3.3.7"
[[constraint]]
name = "github.com/docker/docker"
version = "v17.05.0-ce"
[[constraint]]
name = "github.com/emicklei/go-restful"
version = "2.7.1"
[[constraint]]
branch = "master"
name = "github.com/golang/glog"
[[constraint]]
name = "github.com/spf13/pflag"
version = "1.0.1"
[[constraint]]
name = "gopkg.in/igm/sockjs-go.v2"
version = "2.0.0"
[[constraint]]
name = "gopkg.in/yaml.v2"
version = "2.2.1"
[[constraint]]
name = "k8s.io/api"
version = "kubernetes-1.10.0"
[[constraint]]
name = "k8s.io/apimachinery"
version = "kubernetes-1.10.0"
[[constraint]]
name = "k8s.io/client-go"
version = "7.0.0"
[[constraint]]
name = "k8s.io/kubernetes"
version = "1.10.4"
[prune]
go-tests = true
unused-packages = true
# To use reference package:
# vendor/github.com/docker/docker/client/container_commit.go:17: undefined: reference.ParseNormalizedNamed
# vendor/github.com/docker/docker/client/container_commit.go:25: undefined: reference.TagNameOnly
# vendor/github.com/docker/docker/client/container_commit.go:30: undefined: reference.FamiliarNam
[[override]]
name = "github.com/docker/distribution"
branch = "master"
# To use reference package:
# vendor/github.com/docker/docker/registry/registry.go:30: cannot call non-function tlsconfig.ServerDefault (type tls.Config)
# vendor/github.com/docker/docker/registry/registry.go:66: undefined: tlsconfig.SystemCertPool
# vendor/github.com/docker/docker/registry/registry.go:168: cannot call non-function tlsconfig.ServerDefault (type tls.Config)
# vendor/github.com/docker/docker/registry/service_v2.go:11: cannot call non-function tlsconfig.ServerDefault (type tls.Config)
[[override]]
name = "github.com/docker/go-connections"
branch = "master"

219
Makefile
View File

@@ -2,160 +2,105 @@
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
TRAG.Org:=kubesphere
TRAG.Name:=ks-apiserver
TRAG.Gopkg:=kubesphere.io/kubesphere
TRAG.Version:=$(TRAG.Gopkg)/pkg/version
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= "crd:trivialVersions=true"
DOCKER_TAGS=latest
RUN_IN_DOCKER:=docker run -it --rm -v `pwd`:/go/src/$(TRAG.Gopkg) -v `pwd`/tmp/cache:/root/.cache/go-build -w /go/src/$(TRAG.Gopkg) -e GOBIN=/go/src/$(TRAG.Gopkg)/tmp/bin -e USER_ID=`id -u` -e GROUP_ID=`id -g` kubesphere/kubesphere-builder
GO_FMT:=goimports -l -w -e -local=kubesphere -srcdir=/go/src/$(TRAG.Gopkg)
GO_FILES:=./cmd ./pkg
GV="network:v1alpha1 servicemesh:v1alpha2 tenant:v1alpha1 tenant:v1alpha2 devops:v1alpha1 iam:v1alpha2 devops:v1alpha3 cluster:v1alpha1 storage:v1alpha1 auditing:v1alpha1 types:v1beta1 quota:v1alpha2 application:v1alpha1 notification:v2beta1 gateway:v1alpha1"
MANIFESTS="application/* cluster/* iam/* network/v1alpha1 quota/* storage/* tenant/* gateway/*"
# App Version
APP_VERSION = v3.2.0
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
else
GOBIN=$(shell go env GOBIN)
endif
OUTPUT_DIR=bin
ifeq (${GOFLAGS},)
# go build with vendor by default.
export GOFLAGS=-mod=vendor
endif
define ALL_HELP_INFO
# Build code.
#
# Args:
# WHAT: Directory names to build. If any of these directories has a 'main'
# package, the build will produce executable files under $(OUT_DIR).
# If not specified, "everything" will be built.
# GOFLAGS: Extra flags to pass to 'go' when building.
# GOLDFLAGS: Extra linking flags passed to 'go' when building.
# GOGCFLAGS: Additional go compile flags passed to 'go' when building.
#
# Example:
# make
# make all
# make all WHAT=cmd/ks-apiserver
# Note: Use the -N -l options to disable compiler optimizations an inlining.
# Using these build options allows you to subsequently use source
# debugging tools like delve.
define get_diff_files
$(eval DIFF_FILES=$(shell git diff --name-only --diff-filter=ad | grep -E "^(test|cmd|pkg)/.+\.go"))
endef
define get_build_flags
$(eval SHORT_VERSION=$(shell git describe --tags --always --dirty="-dev"))
$(eval SHA1_VERSION=$(shell git show --quiet --pretty=format:%H))
$(eval DATE=$(shell date +'%Y-%m-%dT%H:%M:%S'))
$(eval BUILD_FLAG= -X $(TRAG.Version).ShortVersion="$(SHORT_VERSION)" \
-X $(TRAG.Version).GitSha1Version="$(SHA1_VERSION)" \
-X $(TRAG.Version).BuildDate="$(DATE)")
endef
.PHONY: all
all: test ks-apiserver ks-controller-manager;$(info $(M)...Begin to test and build all of binary.) @ ## Test and build all of binary.
all: generate build
.PHONY: help
help:
@grep -hE '^[ a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \
awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-17s\033[0m %s\n", $$1, $$2}'
# TODO: update help info to last version
@echo "TODO"
.PHONY: binary
# Build all of binary
binary: | ks-apiserver ks-controller-manager; $(info $(M)...Build all of binary.) @ ## Build all of binary.
.PHONY: init-vendor
init-vendor:
@if [[ ! -f "$$(which govendor)" ]]; then \
go get -u github.com/kardianos/govendor; \
fi
govendor init
govendor add +external
@echo "init-vendor done"
# Build ks-apiserver binary
ks-apiserver: ; $(info $(M)...Begin to build ks-apiserver binary.) @ ## Build ks-apiserver.
hack/gobuild.sh cmd/ks-apiserver;
.PHONY: update-vendor
update-vendor:
@if [[ ! -f "$$(which govendor)" ]]; then \
go get -u github.com/kardianos/govendor; \
fi
govendor update +external
govendor list
@echo "update-vendor done"
# Build ks-controller-manager binary
ks-controller-manager: ; $(info $(M)...Begin to build ks-controller-manager binary.) @ ## Build ks-controller-manager.
hack/gobuild.sh cmd/controller-manager
.PHONY: update-builder
update-builder:
docker pull kubesphere/kubesphere-builder
@echo "update-builder done"
# Run all verify scripts hack/verify-*.sh
verify-all: ; $(info $(M)...Begin to run all verify scripts hack/verify-*.sh.) @ ## Run all verify scripts hack/verify-*.sh.
hack/verify-all.sh
.PHONY: generate-in-local
generate-in-local:
go generate ./pkg/version/
# Build e2e binary
e2e: ;$(info $(M)...Begin to build e2e binary.) @ ## Build e2e binary.
hack/build_e2e.sh test/e2e
.PHONY: generate
generate:
$(RUN_IN_DOCKER) make generate-in-local
@echo "generate done"
kind-e2e: ;$(info $(M)...Run e2e test.) @ ## Run e2e test in kind.
hack/kind_e2e.sh
.PHONY: fmt-all
fmt-all:
mkdir -p ./tmp/bin && cp -r ./install ./tmp/
$(RUN_IN_DOCKER) $(GO_FMT) $(GO_FILES)
@echo "fmt done"
# Run go fmt against code
fmt: ;$(info $(M)...Begin to run go fmt against code.) @ ## Run go fmt against code.
gofmt -w ./pkg ./cmd ./tools ./api
.PHONY: fmt
fmt:
$(call get_diff_files)
$(if $(DIFF_FILES), \
$(RUN_IN_DOCKER) $(GO_FMT) ${DIFF_FILES}, \
$(info cannot find modified files from git) \
)
@echo "fmt done"
# Format all import, `goimports` is required.
goimports: ;$(info $(M)...Begin to Format all import.) @ ## Format all import, `goimports` is required.
@hack/update-goimports.sh
.PHONY: fmt-check
fmt-check: fmt-all
$(call get_diff_files)
$(if $(DIFF_FILES), \
exit 2 \
)
# Run go vet against code
vet: ;$(info $(M)...Begin to run go vet against code.) @ ## Run go vet against code.
go vet ./pkg/... ./cmd/...
.PHONY: build
build: fmt
mkdir -p ./tmp/bin && cp -r ./install/ ./tmp/
$(call get_build_flags)
$(RUN_IN_DOCKER) time go install -ldflags '$(BUILD_FLAG)' $(TRAG.Gopkg)/cmd/...
mv ./tmp/bin/cmd ./tmp/bin/$(TRAG.Name)
@docker build -t $(TRAG.Org)/$(TRAG.Name) -f ./Dockerfile.dev ./tmp
@docker image prune -f 1>/dev/null 2>&1
@echo "build done"
# Generate manifests e.g. CRD, RBAC etc.
manifests: ;$(info $(M)...Begin to generate manifests e.g. CRD, RBAC etc..) @ ## Generate manifests e.g. CRD, RBAC etc.
hack/generate_manifests.sh ${CRD_OPTIONS} ${MANIFESTS}
deploy: manifests ;$(info $(M)...Begin to deploy.) @ ## Deploy.
kubectl apply -f config/crds
kustomize build config/default | kubectl apply -f -
mockgen: ;$(info $(M)...Begin to mockgen.) @ ## Mockgen.
mockgen -package=openpitrix -source=pkg/simple/client/openpitrix/openpitrix.go -destination=pkg/simple/client/openpitrix/mock.go
deepcopy: ;$(info $(M)...Begin to deepcopy.) @ ## Deepcopy.
hack/generate_group.sh "deepcopy" kubesphere.io/api kubesphere.io/api ${GV} --output-base=staging/src/ -h "hack/boilerplate.go.txt"
openapi: ;$(info $(M)...Begin to openapi.) @ ## Openapi.
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./vendor/kubesphere.io/api/tenant/v1alpha1 -p kubesphere.io/api/tenant/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list --output-base=staging/src/
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./vendor/kubesphere.io/api/network/v1alpha1 -p kubesphere.io/api/network/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list --output-base=staging/src/
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./vendor/kubesphere.io/api/servicemesh/v1alpha2 -p kubesphere.io/api/servicemesh/v1alpha2 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list --output-base=staging/src/
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/api/networking/v1,./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./vendor/k8s.io/apimachinery/pkg/util/intstr,./vendor/kubesphere.io/api/network/v1alpha1 -p kubesphere.io/api/network/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list --output-base=staging/src/
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./vendor/kubesphere.io/api/devops/v1alpha1,./vendor/k8s.io/apimachinery/pkg/runtime,./vendor/k8s.io/api/core/v1 -p kubesphere.io/api/devops/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list --output-base=staging/src/
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./vendor/kubesphere.io/api/cluster/v1alpha1,./vendor/k8s.io/apimachinery/pkg/runtime,./vendor/k8s.io/api/core/v1 -p kubesphere.io/api/cluster/v1alpha1 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list --output-base=staging/src/
go run ./vendor/k8s.io/kube-openapi/cmd/openapi-gen/openapi-gen.go -O openapi_generated -i ./vendor/k8s.io/apimachinery/pkg/apis/meta/v1,./vendor/kubesphere.io/api/devops/v1alpha3,./vendor/k8s.io/apimachinery/pkg/runtime -p kubesphere.io/api/devops/v1alpha3 -h ./hack/boilerplate.go.txt --report-filename ./api/api-rules/violation_exceptions.list --output-base=staging/src/
go run ./tools/cmd/crd-doc-gen/main.go
go run ./tools/cmd/doc-gen/main.go
container: ;$(info $(M)...Begin to build the docker image.) @ ## Build the docker image.
DRY_RUN=true hack/docker_build.sh
container-push: ;$(info $(M)...Begin to build and push.) @ ## Build and Push.
hack/docker_build.sh
container-cross: ; $(info $(M)...Begin to build container images for multiple platforms.) @ ## Build container images for multiple platforms. Currently, only linux/amd64,linux/arm64 are supported.
DRY_RUN=true hack/docker_build_multiarch.sh
container-cross-push: ; $(info $(M)...Begin to build and push.) @ ## Build and Push.
hack/docker_build_multiarch.sh
helm-package: ; $(info $(M)...Begin to helm-package.) @ ## Helm-package.
ls config/crds/ | xargs -i cp -r config/crds/{} config/ks-core/crds/
helm package config/ks-core --app-version=${APP_VERSION} --version=0.1.0 -d ./bin
helm-deploy: ; $(info $(M)...Begin to helm-deploy.) @ ## Helm-deploy.
ls config/crds/ | xargs -i cp -r config/crds/{} config/ks-core/crds/
- kubectl create ns kubesphere-controls-system
helm upgrade --install ks-core ./config/ks-core -n kubesphere-system --create-namespace
kubectl apply -f https://raw.githubusercontent.com/kubesphere/ks-installer/master/roles/ks-core/prepare/files/ks-init/role-templates.yaml
helm-uninstall: ; $(info $(M)...Begin to helm-uninstall.) @ ## Helm-uninstall.
- kubectl delete ns kubesphere-controls-system
helm uninstall ks-core -n kubesphere-system
kubectl delete -f https://raw.githubusercontent.com/kubesphere/ks-installer/master/roles/ks-core/prepare/files/ks-init/role-templates.yaml
# Run tests
ENVTEST_ASSETS_DIR=$(shell pwd)/testbin
test: vet test-env ;$(info $(M)...Begin to run tests.) @ ## Run tests.
export KUBEBUILDER_ASSETS=$(shell pwd)/testbin/bin; go test ./pkg/... ./cmd/... -covermode=atomic -coverprofile=coverage.txt
cd staging/src/kubesphere.io/api ; GOFLAGS="" go test ./...
cd staging/src/kubesphere.io/client-go ; GOFLAGS="" go test ./...
.PHONY: test-env
test-env: ;$(info $(M)...Begin to setup test env) @ ## Download unit test libraries e.g. kube-apiserver etcd.
@hack/setup-kubebuilder-env.sh
.PHONY: release
release:
@echo "TODO"
.PHONY: clean
clean: ;$(info $(M)...Begin to clean.) @ ## Clean.
clean:
-make -C ./pkg/version clean
@echo "ok"
clientset: ;$(info $(M)...Begin to find or download controller-gen.) @ ## Find or download controller-gen,download controller-gen if necessary.
./hack/generate_client.sh ${GV}
# Fix invalid file's license.
update-licenses: ;$(info $(M)...Begin to update licenses.)
@hack/update-licenses.sh

26
OWNERS
View File

@@ -1,26 +0,0 @@
approvers:
- zryfish #oncall
- rayzhou2017
- wansir
- zheng1
- benjaminhuo
reviewers:
- rayzhou2017
- zryfish
- benjaminhuo
- calvinyv
- FeynmanZhou
- pixiake
- wansir
- zheng1
- stoneshi-yunify
- linuxsuren
- RolandMa1986
- wanjunlei
- xyz-li
- junotx
- yuswift
- zhu733756
- JohnNiang
- dkeven

202
README.md
View File

@@ -1,190 +1,38 @@
<p align="center">
<a href="https://kubesphere.io/"><img src="docs/images/kubesphere-icon.gif" alt="banner" width="200px"></a>
</p>
<p align="center">
<b>The container platform tailored for <i>Kubernetes multi-cloud, datacenter, and edge</i> management</b>
</p>
<p align=center>
<a href="https://goreportcard.com/report/github.com/kubesphere/kubesphere"><img src="https://goreportcard.com/badge/github.com/kubesphere/kubesphere" alt="A+"></a>
<a href="https://hub.docker.com/r/kubesphere/ks-installer"><img src="https://img.shields.io/docker/pulls/kubesphere/ks-installer"></a>
<a href="https://github.com/search?q=user%3Akubesphere+user%3Akubesphere-sigs+label%3A%22good+first+issue%22+state%3Aopen&type=Issues&ref=advsearch&l=&l="><img src="https://img.shields.io/github/issues/badges/shields/good%20first%20issue" alt="good first"></a>
<a href="https://twitter.com/intent/follow?screen_name=KubeSphere"><img src="https://img.shields.io/twitter/follow/KubeSphere?style=social" alt="follow on Twitter"></a>
<a href="https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE"><img src="https://img.shields.io/badge/Slack-600%2B-blueviolet?logo=slack&amp;logoColor=white"></a>
<a href="https://www.youtube.com/channel/UCyTdUQUYjf7XLjxECx63Hpw"><img src="https://img.shields.io/youtube/channel/subscribers/UCyTdUQUYjf7XLjxECx63Hpw?style=social"></a>
</p>
# KubeSphere
[![License](http://img.shields.io/badge/license-apache%20v2-blue.svg)](https://github.com/KubeSphere/KubeSphere/blob/master/LICENSE)
[![Build Status](https://travis-ci.org/kubesphere/kubesphere.svg?branch=master)](https://travis-ci.org/kubesphere/kubesphere)
----
***KubeSphere*** is a distribution of [Kubernetes](https://kubernetes.io), aimed to provide quick setup, friendly and easily use, and powerful management features for Kubernetes clusters, which could help both personal and enterprise users, reduce their learning curve of Kubernetes, accelerate their transform process from other container platforms to Kubernetes.  
## What is KubeSphere
> English | [中文](README_zh.md)
[KubeSphere](https://kubesphere.io/) is a **distributed operating system for cloud-native application management**, using [Kubernetes](https://kubernetes.io) as its kernel. It provides a plug-and-play architecture, allowing third-party applications to be seamlessly integrated into its ecosystem. KubeSphere is also a multi-tenant container platform with full-stack automated IT operation and streamlined DevOps workflows. It provides developer-friendly wizard web UI, helping enterprises to build out a more robust and feature-rich platform, which includes most common functionalities needed for enterprise Kubernetes strategy, see [Feature List](#features) for details.
The following screenshots give a close insight into KubeSphere. Please check [What is KubeSphere](https://kubesphere.io/docs/introduction/what-is-kubesphere/) for further information.
<table>
<tr>
<td width="50%" align="center"><b>Workbench</b></td>
<td width="50%" align="center"><b>Project Resources</b></td>
</tr>
<tr>
<td><img src="docs/images/console.png"/></td>
<td><img src="docs/images/project.png"/></td>
</tr>
<tr>
<td width="50%" align="center"><b>CI/CD Pipeline</b></td>
<td width="50%" align="center"><b>App Store</b></td>
</tr>
<tr>
<td><img src="docs/images/cicd.png"/></td>
<td><img src="docs/images/app-store.png"/></td>
</tr>
</table>
## Demo environment
🎮 Using the account `demo1 / Demo123` to log in the [demo environment](https://demo.kubesphere.io/). Please note the account is granted view access.
🖥 You can also have a quick view of [Demo video](https://youtu.be/YxZ1YUv0CYs).
## Features
<details>
<summary><b>🕸 Provisioning Kubernetes Cluster</b></summary>
Support deploy Kubernetes on any infrastructure, support online and air-gapped installation, <a href="https://kubesphere.io/docs/installing-on-linux/introduction/intro/">learn more</a>.
</details>
<details>
<summary><b>🔗 Kubernetes Multi-cluster Management</b></summary>
Provide a centralized control plane to manage multiple Kubernetes clusters, support propagate an app to multiple K8s clusters across different cloud providers.
</details>
<details>
<summary><b>🤖 Kubernetes DevOps</b></summary>
Provide out-of-box CI/CD based on Jenkins, and offers automated workflow tools including binary-to-image (B2I) and source-to-image (S2I), <a href="https://kubesphere.io/devops/">learn more</a>.
</details>
<details>
<summary><b>🔎 Cloud Native Observability</b></summary>
Multi-dimensional monitoring, events and auditing logs are supported; multi-tenant log query and collection, alerting and notification are built-in, <a href="https://kubesphere.io/observability/">learn more</a>.
</details>
<details>
<summary><b>🧩 Service Mesh (Istio-based)</b></summary>
Provide fine-grained traffic management, observability and tracing for distributed microservice applications, provides visualization for traffic topology, <a href="https://kubesphere.io/service-mesh/">learn more</a>.
</details>
<details>
<summary><b>💻 App Store</b></summary>
Provide an App Store for Helm-based applications, and offer application lifecycle management on Kubernetes platform, <a href="https://kubesphere.io/docs/pluggable-components/app-store/">learn more</a>.
</details>
<details>
<summary><b>💡 Edge Computing Platform</b></summary>
KubeSphere integrates <a href="https://kubeedge.io/en/">KubeEdge</a> to enable users to deploy applications on the edge devices and view logs and monitoring metrics of them on the console, <a href="https://kubesphere.io/docs/pluggable-components/kubeedge/">learn more</a>.
</details>
<details>
<summary><b>📊 Metering and Billing</b></summary>
Track resource consumption at different levels on a unified dashboard, which helps you make better-informed decisions on planning and reduce the cost, <a href="https://kubesphere.io/docs/toolbox/metering-and-billing/view-resource-consumption/">learn more</a>.
</details>
<details>
<summary><b>🗃 Support Multiple Storage and Networking Solutions</b></summary>
<li>Support GlusterFS, CephRBD, NFS, LocalPV solutions, and provide CSI plugins to consume storage from multiple cloud providers.</li><li>Provide Load Balancer Implementation <a href="https://github.com/kubesphere/openelb">OpenELB</a> for Kubernetes in bare-metal, edge, and virtualization.</li><li> Provides network policy and Pod IP pools management, support Calico, Flannel, Kube-OVN</li>.</li>.
</details>
<details>
<summary><b>🏘 Multi-tenancy</b></summary>
Provide unified authentication with fine-grained roles and three-tier authorization system, and support AD/LDAP authentication.
</details>
<details>
<summary><b>🧠 GPU Workloads Scheduling and Monitoring</b></summary>
Create GPU workloads on the GUI, schedule GPU resources, and manage GPU resource quotas by tenant.
</details>
## Architecture
KubeSphere uses a loosely-coupled architecture that separates the [frontend](https://github.com/kubesphere/console) from the [backend](https://github.com/kubesphere/kubesphere). External systems can access the components of the backend through the REST APIs.
![Architecture](docs/images/architecture.png)
**Features:**
- Multiple IaaS platform support, including baremetal/KVM/QingCloud, and more will be supported in future release.
- Easy setup of Kubernetes standalone(only one master node) and cluster environment(including High Availability support).
- Powerful management console to help business users to manage and monitor the Kubernetes environment.
- Integrate with [OpenPitrix](https://github.com/openpitrix) to provide full life cycle of application management and be compatible of helm package.
- Support popular open source network solutions, including calico and flannel, also could use [qingcloud hostnic solution](https://github.com/yunify/hostnic-cni) if the Kubernetes is deployed on QingCloud platform.
- Support popular open source storage solutions, including Glusterfs and Cephfs, also could use [qingcloud storage solution](https://github.com/yunify/qingcloud-volume-provisioner) if the Kubernetes is deployed on QingCloud platform.
- CI/CD support.
- Service Mesh support.
- Multiple image registries support.
- Federation support.
- Integrate with QingCloud IAM.
----
## Latest release
## Motivation
🎉 KubeSphere 3.2.1 was released on Dec 20! It brought enhancements and better user experience, see the [Release Notes For 3.2.1](https://kubesphere.io/docs/release/release-v321/) for the updates.
## Installation
The project originates from the requirement and pains we heard from our customers on public and private QingCloud platform, who have strong will to deploy Kubernetes in their IT system but struggle on completed setup process and long learning curve. With help of KubeSphere, their IT operators could setup Kubernetes environment quickly and use an easy management UI interface to mange their applications.
KubeSphere can run anywhere from on-premise datacenter to any cloud to edge. In addition, it can be deployed on any version-compatible Kubernetes cluster. The installer will start a minimal installation by default, you can [enable other pluggable components before or after installation](https://kubesphere.io/docs/quick-start/enable-pluggable-components/).
### Quick start
#### Installing on K8s/K3s
Getting Started
---------------
**TBD**
If your cluster meets the [prerequisites](https://kubesphere.io/docs/quick-start/minimal-kubesphere-on-k8s/#prerequisites), then run the following commands to install KubeSphere on an exiting Kubernetes cluster:
## Design
```yaml
kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/kubesphere-installer.yaml
kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/cluster-configuration.yaml
```
#### All-in-one
## Contributing to the project
👨‍💻 No Kubernetes? You can use [KubeKey](https://github.com/kubesphere/kubekey) to install both KubeSphere and Kubernetes/K3s in single-node mode on your Linux machine. Let's take K3s as an example:
All [members](docs/members.md) of the KubeSphere community must abide by [Code of Conduct](code-of-conduct.md). Only by respecting each other can we develop a productive, collaborative community.
```yaml
# Download KubeKey
curl -sfL https://get-kk.kubesphere.io | VERSION=v2.0.0 sh -
# Make kk executable
chmod +x kk
# Create a cluster
./kk create cluster --with-kubernetes v1.21.4-k3s --with-kubesphere v3.2.1
```
You can then check out how to [setup for development](docs/development.md).
You can run the following command to view the installation logs. After KubeSphere is successfully installed, you can access the KubeSphere web console at `http://IP:30880` and log in using the default administrator account (admin/P@88w0rd).
```yaml
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
```
### 🐯 Katacoda for quick learning
[Katacoda](https://www.katacoda.com/) allows you to explore how to install KubeSphere on an existing Kubernetes cluster in a browser. You can start the [Katacoda scenario with KubeSphere](https://www.katacoda.com/kubesphere/scenarios/install-kubesphere-on-kubernetes) in minutes.
### KubeSphere for hosted Kubernetes services
KubeSphere is hosted on the following cloud providers, you can try KubeSphere by one-click installation on their hosted Kubernetes services.
- [KubeSphere for Amazon EKS](https://aws.amazon.com/quickstart/architecture/qingcloud-kubesphere/)
- [KubeSphere for Azure AKS](https://market.azure.cn/marketplace/apps/qingcloud.kubesphere)
- [KubeSphere for DigitalOcean Kubernetes](https://marketplace.digitalocean.com/apps/kubesphere)
- [KubeSphere on QingCloud AppCenter(QKE)](https://www.qingcloud.com/products/kubesphereqke)
You can also install KubeSphere on other hosted Kubernetes services within minutes, see the [step-by-step guides](https://kubesphere.io/docs/installing-on-kubernetes/) to get started.
> 👨‍💻 No internet access? Refer to the [Air-gapped Installation on Kubernetes](https://kubesphere.io/docs/installing-on-kubernetes/on-prem-kubernetes/install-ks-on-linux-airgapped/) or [Air-gapped Installation on Linux](https://kubesphere.io/docs/installing-on-linux/introduction/air-gapped-installation/) for instructions on how to use private registry to install KubeSphere.
## Contributing, support, discussion, and community
We :heart: your contribution. The [community](https://github.com/kubesphere/community) walks you through how to get started contributing KubeSphere. The [development guide](https://github.com/kubesphere/community/tree/master/developer-guide/development) explains how to set up development environment.
- [Slack Channel](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE)
- [Youtube](https://www.youtube.com/channel/UCyTdUQUYjf7XLjxECx63Hpw)
- [Follow us on Twitter](https://twitter.com/KubeSphere)
Please submit any KubeSphere bugs, issues, and feature requests to [KubeSphere GitHub Issue](https://github.com/kubesphere/kubesphere/issues).
## Who are using KubeSphere
The [user case studies](https://kubesphere.io/case/) page includes the user list of the project. You can [leave a comment](https://github.com/kubesphere/kubesphere/issues/4123) to let us know your use case.
## Landscapes
<p align="center">
<br/><br/>
<img src="https://landscape.cncf.io/images/left-logo.svg" width="150"/>&nbsp;&nbsp;<img src="https://landscape.cncf.io/images/right-logo.svg" width="200"/>&nbsp;&nbsp;
<br/><br/>
KubeSphere is a member of CNCF and a <a href="https://www.cncf.io/certification/software-conformance/#logos">Kubernetes Conformance Certified platform
</a>, which enriches the <a href="https://landscape.cncf.io/?landscape=observability-and-analysis&license=apache-license-2-0">CNCF CLOUD NATIVE Landscape.
</a>
</p>

194
README_zh.md
View File

@@ -1,194 +0,0 @@
<p align="center">
<a href="https://kubesphere.com.cn/"><img src="docs/images/kubesphere-icon.gif" alt="banner" width="200px"></a>
</p>
<p align="center">
<b>适用于<i> Kubernetes 多云、数据中心和边缘 </i>管理的容器平台</b>
</p>
<p align=center>
<a href="https://goreportcard.com/report/github.com/kubesphere/kubesphere"><img src="https://goreportcard.com/badge/github.com/kubesphere/kubesphere" alt="A+"></a>
<a href="https://hub.docker.com/r/kubesphere/ks-installer"><img src="https://img.shields.io/docker/pulls/kubesphere/ks-installer"></a>
<a href="https://github.com/search?q=user%3Akubesphere+user%3Akubesphere-sigs+label%3A%22good+first+issue%22+state%3Aopen&type=Issues&ref=advsearch&l=&l="><img src="https://img.shields.io/github/issues/badges/shields/good%20first%20issue" alt="good first"></a>
<a href="https://twitter.com/intent/follow?screen_name=KubeSphere"><img src="https://img.shields.io/twitter/follow/KubeSphere?style=social" alt="follow on Twitter"></a>
<a href="https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE"><img src="https://img.shields.io/badge/Slack-600%2B-blueviolet?logo=slack&amp;logoColor=white"></a>
<a href="https://www.youtube.com/channel/UCyTdUQUYjf7XLjxECx63Hpw"><img src="https://img.shields.io/youtube/channel/subscribers/UCyTdUQUYjf7XLjxECx63Hpw?style=social"></a>
</p>
----
## KubeSphere 是什么
> [English](README.md) | 中文
[KubeSphere](https://kubesphere.io/zh/) 愿景是打造一个以 [Kubernetes](https://kubernetes.io/zh/) 为内核的 **云原生分布式操作系统**它的架构可以非常方便地使第三方应用与云原生生态组件进行即插即用plug-and-play的集成支持云原生应用在多云与多集群的统一分发和运维管理。 KubeSphere 也是一个多租户容器平台,提供全栈的 IT 自动化运维的能力,简化企业的 DevOps 工作流。KubeSphere 提供了运维友好的向导式操作界面,帮助企业快速构建一个强大和功能丰富的容器云平台,详情请参阅 [平台功能](#平台功能) 。
下面的屏幕截图让我们进一步了解 KubeSphere关于 KubeSphere 更详细的介绍与说明请参阅 [什么是 KubeSphere](https://kubesphere.io/zh/docs/introduction/what-is-kubesphere/) 。
<table>
<tr>
<td width="50%" align="center"><b>工作台</b></td>
<td width="50%" align="center"><b>项目资源</b></td>
</tr>
<tr>
<td><img src="docs/images/console.png"/></td>
<td><img src="docs/images/project.png"/></td>
</tr>
<tr>
<td width="50%" align="center"><b>CI/CD 流水线</b></td>
<td width="50%" align="center"><b>应用商店</b></td>
</tr>
<tr>
<td><img src="docs/images/cicd.png"/></td>
<td><img src="docs/images/app-store.png"/></td>
</tr>
</table>
## Demo 环境
🎮 使用账号 `demo1 / Demo123` 登录 [Demo 环境](https://demo.kubesphere.io/) 。请注意,该帐户仅授予了 view 权限。
🖥 您还可以快速查看[Demo 视频](https://youtu.be/YxZ1YUv0CYs) 。
## 平台功能
<details>
<summary><b>🕸 部署 Kubernetes 集群</b></summary>
支持在任何基础设施上部署 Kubernetes支持在线安装和离线安装<a href="https://kubesphere.io/zh/docs/installing-on-linux/introduction/intro/">了解更多</a>。
</details>
<details>
<summary><b>🔗 Kubernetes 多集群管理</b></summary>
提供集中控制平台来管理多个 Kubernetes 集群,支持将应用程序发布到跨不同云供应商的多个 k8s 集群上。
</details>
<details>
<summary><b>🤖 Kubernetes DevOps</b></summary>
提供开箱即用的基于 Jenkins 的 CI/CD并内置自动化流水线插件包括 Binary-to-Image (B2I) 和 Source-to-Image (S2I)<a href="https://kubesphere.io/zh/devops/">了解更多</a>。
</details>
<details>
<summary><b>🔎 云原生可观测性</b></summary>
支持多维度监控、事件和审计日志;内置多租户日志查询和收集,告警和通知,<a href="https://kubesphere.io/zh/observability/">了解更多</a>。
</details>
<details>
<summary><b>🧩 基于 Istio 的微服务治理</b></summary>
为分布式微服务应用程序提供细粒度的流量管理、可观测性和服务跟踪,支持可视化的流量拓扑,<a href="https://kubesphere.io/zh/service-mesh/">了解更多</a>。
</details>
<details>
<summary><b>💻 应用商店</b></summary>
为基于 Helm 的应用程序提供应用商店,并在 Kubernetes 平台上提供应用程序生命周期管理功能,<a href="https://kubesphere.io/zh/docs/pluggable-components/app-store/">了解更多</a>。
</details>
<details>
<summary><b>💡 Kubernetes 边缘节点管理</b></summary>
基于 <a href="https://kubeedge.io/zh/">KubeEdge</a> 实现应用与工作负载在云端与边缘节点的统一分发与管理,解决在海量边、端设备上完成应用交付、运维、管控的需求,<a href= "https://kubesphere.io/zh/docs/pluggable-components/kubeedge/">了解更多</a>。
</details>
<details>
<summary><b>📊 多维度计量与计费</b></summary>
提供基于集群与租户的多维度资源计量与计费的监控报表,让 Kubernetes 运营成本更透明,<a href="https://kubesphere.io/zh/docs/toolbox/metering-and-billing/view-resource-consumption/">了解更多</a>。
</details>
<details>
<summary><b>🗃 支持多种存储和网络解决方案</b></summary>
<li>支持 GlusterFS、CephRBD、NFS、LocalPV ,并提供多个 CSI 插件对接公有云与企业级存储。</li><li>提供 Kubernetes 在裸机、边缘和虚拟化中的负载均衡器实现 <a href="https://github.com/kubesphere/openelb">OpenELB</a> 。</li><li>提供网络策略和容器组 IP 池管理,支持 Calico、Flannel、Kube-OVN。</li>
</details>
<details>
<summary><b>🏘 多租户与统一鉴权认证</b></summary>
提供统一的认证鉴权与细粒度的基于角色的授权系统,支持对接 AD/LDAP 。
</details>
<details>
<summary><b>🧠 GPU 工作负载调度与监控</b></summary>
支持可视化创建 GPU 工作负载,支持 GPU 监控,同时还支持对 GPU 资源进行租户级配额管理。
</details>
## 架构说明
KubeSphere 使用前后端分离的架构,将 [前端](https://github.com/kubesphere/console) 与 [后端](https://github.com/kubesphere/kubesphere) 分开。后端的各个功能组件可通过 REST API 对接外部系统。
![Architecture](docs/images/architecture.png)
----
## 最新版本
🎉 KubeSphere 3.2.1 全新发布!!多项功能优化,带来更好的用户体验,详见 [v3.2.1 发行记录](https://kubesphere.com.cn/docs/release/release-v321/) 。
## 安装
KubeSphere 支持在任意平台运行从本地数据中心到混合多云再走向边缘。此外KubeSphere 可以部署在任何版本兼容的 Kubernetes 集群上。Installer 默认将执行最小化安装,您可以在安装前或安装后自定义[安装可插拔功能组件](https://kubesphere.com.cn/docs/quick-start/enable-pluggable-components/)。
### 快速入门
#### 在 K8s/K3s 上安装
请确保您的集群满足安装的[前提条件](https://kubesphere.io/zh/docs/quick-start/minimal-kubesphere-on-k8s/),运行以下命令以在现有 Kubernetes 集群上安装 KubeSphere
```yaml
kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/kubesphere-installer.yaml
kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/cluster-configuration.yaml
```
#### All-in-oneLinux 单节点安装)
👨‍💻 没有 Kubernetes 集群? 可以用 [KubeKey](https://github.com/kubesphere/kubekey) 在 Linux 环境以 All-in-one 快速安装单节点 K8s/K3s 和 KubeSphere下面以 K3s 为例:
```yaml
# 下载 KubeKey
curl -sfL https://get-kk.kubesphere.io | VERSION=v1.2.0 sh -
# 为 kk 赋予可执行权限
chmod +x kk
# 创建集群
./kk create cluster --with-kubernetes v1.21.4-k3s --with-kubesphere v3.2.1
```
可使用以下命令查看安装日志。如果安装成功,可使用 `http://IP:30880` 访问 KubeSphere Console管理员登录帐密为 `admin/P@88w0rd`
```yaml
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
```
### 🐯 使用 Katacoda 在线安装体验 KubeSphere
[Katacoda](https://www.katacoda.com/) 是一个在线的云原生技术学习实验平台,你可以使用它在浏览器中快速 [安装体验 KubeSphere](https://www.katacoda.com/kubesphere/scenarios/install-kubesphere-on-kubernetes) 。
### 在托管 Kubernetes 上部署 KubeSphere
KubeSphere 托管在以下云供应商上,您可以通过在其托管的 Kubernetes 服务上一键安装来部署 KubeSphere。
- [在 Amazon EKS 上部署 KubeSphere](https://aws.amazon.com/quickstart/architecture/qingcloud-kubesphere/)
- [在 Azure AKS 上部署 KubeSphere](https://market.azure.cn/marketplace/apps/qingcloud.kubesphere)
- [在 DigitalOcean 上部署 KubeSphere](https://marketplace.digitalocean.com/apps/kubesphere)
- [在青云QingCloud QKE 上部署 KubeSphere](https://www.qingcloud.com/products/kubesphereqke)
您还可以在几分钟内在其他托管的 Kubernetes 服务上安装 KubeSphere请参阅 [官方文档](https://kubesphere.io/zh/docs/installing-on-kubernetes/) 以开始使用。
> 👨‍💻 不能访问网络?参考 [在Kubernetes上离线安装](https://kubesphere.io/zh/docs/installing-on-kubernetes/on-prem-kubernetes/install-ks-on-linux-airgapped/) 或者 [在 Linux 上离线安装](https://kubesphere.io/zh/docs/installing-on-linux/introduction/air-gapped-installation/) 了解如何使用私有仓库来安装 KubeSphere。
## 贡献、支持、讨论和社区
我们 :heart: 您的贡献。[社区](https://github.com/kubesphere/community) 将引导您了解如何开始贡献 KubeSphere。[开发指南](https://github.com/kubesphere/community/tree/master/developer-guide/development) 说明了如何安装开发环境。
- [中文论坛](https://kubesphere.com.cn/forum/)
- [社区微信群(见官网底部)](https://kubesphere.com.cn/)
- [Slack Channel](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTZkNTdkYWNiYTVkMTM5ZThhODY1MjAyZmVlYWEwZmQ3ODQ1NmM1MGVkNWEzZTRhNzk0MzM5MmY4NDc3ZWVhMjE)
- [Bilibili](https://space.bilibili.com/438908638)
- [在推特上关注我们](https://twitter.com/KubeSphere)
请将任何 KubeSphere 的 Bug、问题和需求提交到 [KubeSphere GitHub Issue](https://github.com/kubesphere/kubesphere/issues) 。
## 谁在使用 KubeSphere
[用户案例学习](https://kubesphere.com.cn/case/) 列出了哪些企业在使用 KubeSphere。欢迎 [发表评论](https://github.com/kubesphere/kubesphere/issues/4123) 来分享您的使用案例。
## Landscapes
<p align="center">
<br/><br/>
<img src="https://landscape.cncf.io/images/left-logo.svg" width="150"/>&nbsp;&nbsp;<img src="https://landscape.cncf.io/images/right-logo.svg" width="200"/>&nbsp;&nbsp;
<br/><br/>
KubeSphere 是 CNCF 基金会成员并且通过了 <a href="https://www.cncf.io/certification/software-conformance/#logos">Kubernetes 一致性认证
</a>,进一步丰富了 <a href="https://landscape.cncf.io/?landscape=observability-and-analysis&license=apache-license-2-0">CNCF 云原生的生态。
</a>
</p>

50
SECURITY.md
View File

@@ -1,50 +0,0 @@
# Security Policy
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
| Version | Supported |
| ------- | ------------------ |
| 3.2.x | :white_check_mark: |
| 3.1.x | :white_check_mark: |
| 3.0.x | :white_check_mark: |
| 2.1.x | :white_check_mark: |
| < 2.1.x | :x: |
## Reporting a Vulnerability
# Security Vulnerability Disclosure and Response Process
To ensure KubeSphere security, a security vulnerability disclosure and response process is adopted. And the security team is set up in KubeSphere community, also any issue and PR is welcome for every contributors.
The primary goal of this process is to reduce the total exposure time of users to publicly known vulnerabilities. To quickly fix vulnerabilities of KubeSphere, the security team is responsible for the entire vulnerability management process, including internal communication and external disclosure.
If you find a vulnerability or encounter a security incident involving vulnerabilities of KubeSphere, please report it as soon as possible to the KubeSphere security team (security@kubesphere.io).
Please kindly help provide as much vulnerability information as possible in the following format:
- Issue title(Please add 'Security' lable)*:
- Overview*:
- Affected components and version number*:
- CVE number (if any):
- Vulnerability verification process*:
- Contact information*:
The asterisk (*) indicates the required field.
# Response Time
The KubeSphere security team will confirm the vulnerabilities and contact you within 2 working days after your submission.
We will publicly thank you after fixing the security vulnerability. To avoid negative impact, please keep the vulnerability confidential until we fix it. We would appreciate it if you could obey the following code of conduct:
The vulnerability will not be disclosed until KubeSphere releases a patch for it.
The details of the vulnerability, for example, exploits code, will not be disclosed.

95
api/api-rules/violation_exceptions.list
View File

@@ -1,95 +0,0 @@
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroup,ServerAddressByClientCIDRs
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroup,Versions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroupList,Groups
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIResource,Categories
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIResource,ShortNames
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIResourceList,APIResources
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIVersions,ServerAddressByClientCIDRs
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIVersions,Versions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ApplyOptions,DryRun
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,CreateOptions,DryRun
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,DeleteOptions,DryRun
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,FieldsV1,Raw
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,LabelSelector,MatchExpressions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,LabelSelectorRequirement,Values
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ObjectMeta,Finalizers
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ObjectMeta,ManagedFields
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ObjectMeta,OwnerReferences
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,PatchOptions,DryRun
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,RootPaths,Paths
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,StatusDetails,Causes
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,Table,ColumnDefinitions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,Table,Rows
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,TableRow,Cells
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,TableRow,Conditions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,UpdateOptions,DryRun
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,RawExtension,Raw
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,Unknown,Raw
API rule violation: list_type_missing,kubesphere.io/api/devops/v1alpha3,NoScmPipeline,Parameters
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,APIResourceList,APIResources
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,Duration,Duration
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,InternalEvent,Object
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,InternalEvent,Type
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,MicroTime,Time
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,StatusCause,Type
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,Time,Time
API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,ContentEncoding
API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,ContentType
API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,Raw
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,BitbucketServerSource,ApiUri
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,BitbucketServerSource,CloneOption
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,BitbucketServerSource,CredentialId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,BitbucketServerSource,DiscoverBranches
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,BitbucketServerSource,DiscoverPRFromForks
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,BitbucketServerSource,DiscoverPRFromOrigin
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,BitbucketServerSource,DiscoverTags
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,BitbucketServerSource,RegexFilter
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,BitbucketServerSource,ScmId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,DiscarderProperty,DaysToKeep
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,DiscarderProperty,NumToKeep
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitSource,CloneOption
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitSource,CredentialId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitSource,DiscoverBranches
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitSource,DiscoverTags
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitSource,RegexFilter
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitSource,ScmId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GithubSource,ApiUri
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GithubSource,CloneOption
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GithubSource,CredentialId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GithubSource,DiscoverBranches
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GithubSource,DiscoverPRFromForks
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GithubSource,DiscoverPRFromOrigin
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GithubSource,DiscoverTags
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GithubSource,RegexFilter
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GithubSource,ScmId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitlabSource,ApiUri
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitlabSource,CloneOption
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitlabSource,CredentialId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitlabSource,DiscoverBranches
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitlabSource,DiscoverPRFromForks
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitlabSource,DiscoverPRFromOrigin
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitlabSource,DiscoverTags
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitlabSource,RegexFilter
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitlabSource,ScmId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,GitlabSource,ServerName
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchJobTrigger,CreateActionJobsToTrigger
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchJobTrigger,DeleteActionJobsToTrigger
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchPipeline,BitbucketServerSource
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchPipeline,GitHubSource
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchPipeline,GitSource
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchPipeline,GitlabSource
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchPipeline,MultiBranchJobTrigger
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchPipeline,ScriptPath
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchPipeline,SingleSvnSource
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchPipeline,SourceType
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchPipeline,SvnSource
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,MultiBranchPipeline,TimerTrigger
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,NoScmPipeline,DisableConcurrent
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,NoScmPipeline,RemoteTrigger
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,NoScmPipeline,TimerTrigger
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,Parameter,DefaultValue
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,PipelineSpec,MultiBranchPipeline
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,SingleSvnSource,CredentialId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,SingleSvnSource,ScmId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,SvnSource,CredentialId
API rule violation: names_match,kubesphere.io/api/devops/v1alpha3,SvnSource,ScmId

22289
api/ks-openapi-spec/swagger.json
View File

File diff suppressed because it is too large Load Diff

12933
api/openapi-spec/swagger.json
View File

File diff suppressed because it is too large Load Diff

3
build/builder-docker/.ash_history Normal file
View File

@@ -0,0 +1,3 @@
ls /go/bin
go version
exit

19
build/builder-docker/Dockerfile Normal file
View File

@@ -0,0 +1,19 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
FROM golang:1.10.2-alpine3.7 as builder
RUN apk add --no-cache git curl openssl
RUN go get github.com/tools/godep
#RUN go get github.com/emicklei/go-restful
#RUN go get github.com/golang/glog
#RUN go get github.com/spf13/pflag
RUN go get golang.org/x/tools/cmd/goimports
FROM golang:1.10.2-alpine3.7
RUN apk add --no-cache git make curl openssl jq rsync godep
COPY --from=builder /go/bin /go/bin

17
build/builder-docker/Makefile Normal file
View File

@@ -0,0 +1,17 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
default:
docker build -t kubesphere/kubesphere-builder .
@echo "ok"
pull:
docker pull kubesphere/kubesphere-builder
@echo "ok"
run:
docker run --rm -it -v `pwd`:/root kubesphere/kubesphere-builder
clean:
@echo "ok"

48
build/ks-apiserver/Dockerfile
View File

@@ -1,48 +0,0 @@
# Copyright 2020 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by an Apache license
# that can be found in the LICENSE file.
# Download dependencies
FROM alpine:3.11 as base_os_context
ARG TARGETARCH
ARG TARGETOS
ARG HELM_VERSION=v3.5.2
ENV OUTDIR=/out
RUN mkdir -p ${OUTDIR}/usr/local/bin/
WORKDIR /tmp
RUN apk add --no-cache ca-certificates
# install helm
ADD https://get.helm.sh/helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /tmp
RUN tar xvzf /tmp/helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz -C /tmp
RUN mv /tmp/${TARGETOS}-${TARGETARCH}/helm ${OUTDIR}/usr/local/bin/
# Build
FROM golang:1.16.3 as build_context
ENV OUTDIR=/out
RUN mkdir -p ${OUTDIR}/usr/local/bin/
WORKDIR /workspace
ADD . /workspace/
RUN make ks-apiserver
RUN mv /workspace/bin/cmd/ks-apiserver ${OUTDIR}/usr/local/bin/
##############
# Final image
#############
FROM alpine:3.11
COPY --from=base_os_context /out/ /
COPY --from=build_context /out/ /
WORKDIR /
EXPOSE 9090
CMD ["sh"]

67
build/ks-controller-manager/Dockerfile
View File

@@ -1,67 +0,0 @@
# Copyright 2020 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by an Apache license
# that can be found in the LICENSE file.
# Download dependencies
FROM alpine:3.11 as base_os_context
ARG TARGETARCH
ARG TARGETOS
ARG HELM_VERSION=v3.5.2
ARG KUSTOMIZE_VERSION=v4.2.0
ARG INGRESS_NGINX_VERSION=4.0.13
ENV OUTDIR=/out
RUN mkdir -p ${OUTDIR}/usr/local/bin
RUN mkdir -p ${OUTDIR}/var/helm-charts
WORKDIR /tmp
RUN apk add --no-cache ca-certificates
# Install helm
ADD https://get.helm.sh/helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz /tmp
RUN tar xvzf /tmp/helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz -C /tmp
RUN mv /tmp/${TARGETOS}-${TARGETARCH}/helm ${OUTDIR}/usr/local/bin/
# install kustomize
ADD https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz /tmp
RUN tar xvzf /tmp/kustomize_${KUSTOMIZE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz -C /tmp
RUN mv /tmp/kustomize ${OUTDIR}/usr/local/bin/
# Install Nginx Ingress Helm Chart
ADD https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-${INGRESS_NGINX_VERSION}/ingress-nginx-${INGRESS_NGINX_VERSION}.tgz /tmp
RUN tar xvzf /tmp/ingress-nginx-${INGRESS_NGINX_VERSION}.tgz -C /tmp
RUN mv /tmp/ingress-nginx ${OUTDIR}/var/helm-charts/
# Build
FROM golang:1.16.3 as build_context
ENV OUTDIR=/out
RUN mkdir -p ${OUTDIR}/usr/local/bin/
RUN mkdir -p ${OUTDIR}/var/helm-charts
WORKDIR /workspace
ADD . /workspace/
RUN make ks-controller-manager
RUN mv /workspace/bin/cmd/controller-manager ${OUTDIR}/usr/local/bin/
# Copy gateway config and helm chart
RUN mv /workspace/config/gateway ${OUTDIR}/var/helm-charts/
RUN mv /workspace/config/watches.yaml ${OUTDIR}/var/helm-charts/
# Final Image
FROM alpine:3.11
COPY --from=base_os_context /out/ /
COPY --from=build_context /out/ /
WORKDIR /
EXPOSE 8443 8080
CMD ["sh"]

577
cmd/controller-manager/app/controllers.go
View File

@@ -1,577 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app
import (
"fmt"
"time"
"github.com/kubesphere/pvc-autoresizer/runners"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/client-go/tools/cache"
"k8s.io/klog"
ctrl "sigs.k8s.io/controller-runtime"
runtimeclient "sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/manager"
"sigs.k8s.io/kubefed/pkg/controller/util"
"kubesphere.io/kubesphere/cmd/controller-manager/app/options"
"kubesphere.io/kubesphere/pkg/controller/application"
"kubesphere.io/kubesphere/pkg/controller/helm"
"kubesphere.io/kubesphere/pkg/controller/namespace"
"kubesphere.io/kubesphere/pkg/controller/openpitrix/helmapplication"
"kubesphere.io/kubesphere/pkg/controller/openpitrix/helmcategory"
"kubesphere.io/kubesphere/pkg/controller/openpitrix/helmrelease"
"kubesphere.io/kubesphere/pkg/controller/openpitrix/helmrepo"
"kubesphere.io/kubesphere/pkg/controller/quota"
"kubesphere.io/kubesphere/pkg/controller/serviceaccount"
"kubesphere.io/kubesphere/pkg/controller/user"
"kubesphere.io/kubesphere/pkg/controller/workspace"
"kubesphere.io/kubesphere/pkg/controller/workspacerole"
"kubesphere.io/kubesphere/pkg/controller/workspacerolebinding"
"kubesphere.io/kubesphere/pkg/controller/workspacetemplate"
"kubesphere.io/kubesphere/pkg/models/kubeconfig"
"kubesphere.io/kubesphere/pkg/simple/client/devops"
"kubesphere.io/kubesphere/pkg/simple/client/devops/jenkins"
ldapclient "kubesphere.io/kubesphere/pkg/simple/client/ldap"
"kubesphere.io/kubesphere/pkg/simple/client/s3"
"kubesphere.io/kubesphere/pkg/controller/storage/snapshotclass"
iamv1alpha2 "kubesphere.io/api/iam/v1alpha2"
"kubesphere.io/kubesphere/pkg/controller/certificatesigningrequest"
"kubesphere.io/kubesphere/pkg/controller/cluster"
"kubesphere.io/kubesphere/pkg/controller/clusterrolebinding"
"kubesphere.io/kubesphere/pkg/controller/destinationrule"
"kubesphere.io/kubesphere/pkg/controller/globalrole"
"kubesphere.io/kubesphere/pkg/controller/globalrolebinding"
"kubesphere.io/kubesphere/pkg/controller/group"
"kubesphere.io/kubesphere/pkg/controller/groupbinding"
"kubesphere.io/kubesphere/pkg/controller/job"
"kubesphere.io/kubesphere/pkg/controller/loginrecord"
"kubesphere.io/kubesphere/pkg/controller/network/ippool"
"kubesphere.io/kubesphere/pkg/controller/network/nsnetworkpolicy"
"kubesphere.io/kubesphere/pkg/controller/network/nsnetworkpolicy/provider"
"kubesphere.io/kubesphere/pkg/controller/notification"
"kubesphere.io/kubesphere/pkg/controller/storage/capability"
"kubesphere.io/kubesphere/pkg/controller/virtualservice"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
ippoolclient "kubesphere.io/kubesphere/pkg/simple/client/network/ippool"
)
var allControllers = []string{
"user",
"workspacetemplate",
"workspace",
"workspacerole",
"workspacerolebinding",
"namespace",
"helmrepo",
"helmcategory",
"helmapplication",
"helmapplicationversion",
"helmrelease",
"helm",
"application",
"serviceaccount",
"resourcequota",
"virtualservice",
"destinationrule",
"job",
"storagecapability",
"volumesnapshot",
"pvcautoresizer",
"workloadrestart",
"loginrecord",
"cluster",
"nsnp",
"ippool",
"csr",
"clusterrolebinding",
"fedglobalrolecache",
"globalrole",
"fedglobalrolebindingcache",
"globalrolebinding",
"groupbinding",
"group",
"notification",
}
// setup all available controllers one by one
func addAllControllers(mgr manager.Manager, client k8s.Client, informerFactory informers.InformerFactory,
cmOptions *options.KubeSphereControllerManagerOptions,
stopCh <-chan struct{}) error {
var err error
////////////////////////////////////
// begin init necessary informers
////////////////////////////////////
kubernetesInformer := informerFactory.KubernetesSharedInformerFactory()
istioInformer := informerFactory.IstioSharedInformerFactory()
kubesphereInformer := informerFactory.KubeSphereSharedInformerFactory()
////////////////////////////////////
// end informers
////////////////////////////////////
////////////////////////////////////
// begin init necessary clients
////////////////////////////////////
kubeconfigClient := kubeconfig.NewOperator(client.Kubernetes(),
informerFactory.KubernetesSharedInformerFactory().Core().V1().ConfigMaps().Lister(),
client.Config())
var devopsClient devops.Interface
if cmOptions.DevopsOptions != nil && len(cmOptions.DevopsOptions.Host) != 0 {
devopsClient, err = jenkins.NewDevopsClient(cmOptions.DevopsOptions)
if err != nil {
return fmt.Errorf("failed to connect jenkins, please check jenkins status, error: %v", err)
}
}
var ldapClient ldapclient.Interface
// when there is no ldapOption, we set ldapClient as nil, which means we don't need to sync user info into ldap.
if cmOptions.LdapOptions != nil && len(cmOptions.LdapOptions.Host) != 0 {
if cmOptions.LdapOptions.Host == ldapclient.FAKE_HOST { // for debug only
ldapClient = ldapclient.NewSimpleLdap()
} else {
ldapClient, err = ldapclient.NewLdapClient(cmOptions.LdapOptions, stopCh)
if err != nil {
return fmt.Errorf("failed to connect to ldap service, please check ldap status, error: %v", err)
}
}
} else {
klog.Warning("ks-controller-manager starts without ldap provided, it will not sync user into ldap")
}
////////////////////////////////////
// end init clients
////////////////////////////////////
////////////////////////////////////////////////////////
// begin init controller and add to manager one by one
////////////////////////////////////////////////////////
// "user" controller
if cmOptions.IsControllerEnabled("user") {
userController := &user.Reconciler{
MultiClusterEnabled: cmOptions.MultiClusterOptions.Enable,
MaxConcurrentReconciles: 4,
LdapClient: ldapClient,
DevopsClient: devopsClient,
KubeconfigClient: kubeconfigClient,
AuthenticationOptions: cmOptions.AuthenticationOptions,
}
addControllerWithSetup(mgr, "user", userController)
}
// "workspacetemplate" controller
if cmOptions.IsControllerEnabled("workspacetemplate") {
workspaceTemplateReconciler := &workspacetemplate.Reconciler{MultiClusterEnabled: cmOptions.MultiClusterOptions.Enable}
addControllerWithSetup(mgr, "workspacetemplate", workspaceTemplateReconciler)
}
// "workspace" controller
if cmOptions.IsControllerEnabled("workspace") {
workspaceReconciler := &workspace.Reconciler{}
addControllerWithSetup(mgr, "workspace", workspaceReconciler)
}
// "workspacerole" controller
if cmOptions.IsControllerEnabled("workspacerole") {
workspaceRoleReconciler := &workspacerole.Reconciler{MultiClusterEnabled: cmOptions.MultiClusterOptions.Enable}
addControllerWithSetup(mgr, "workspacerole", workspaceRoleReconciler)
}
// "workspacerolebinding" controller
if cmOptions.IsControllerEnabled("workspacerolebinding") {
workspaceRoleBindingReconciler := &workspacerolebinding.Reconciler{MultiClusterEnabled: cmOptions.MultiClusterOptions.Enable}
addControllerWithSetup(mgr, "workspacerolebinding", workspaceRoleBindingReconciler)
}
// "namespace" controller
if cmOptions.IsControllerEnabled("namespace") {
namespaceReconciler := &namespace.Reconciler{GatewayOptions: cmOptions.GatewayOptions}
addControllerWithSetup(mgr, "namespace", namespaceReconciler)
}
// "helmrepo" controller
if cmOptions.IsControllerEnabled("helmrepo") {
helmRepoReconciler := &helmrepo.ReconcileHelmRepo{}
addControllerWithSetup(mgr, "helmrepo", helmRepoReconciler)
}
// "helmcategory" controller
if cmOptions.IsControllerEnabled("helmcategory") {
helmCategoryReconciler := &helmcategory.ReconcileHelmCategory{}
addControllerWithSetup(mgr, "helmcategory", helmCategoryReconciler)
}
var opS3Client s3.Interface
if !cmOptions.OpenPitrixOptions.AppStoreConfIsEmpty() {
opS3Client, err = s3.NewS3Client(cmOptions.OpenPitrixOptions.S3Options)
if err != nil {
klog.Fatalf("failed to connect to s3, please check openpitrix s3 service status, error: %v", err)
}
// "helmapplication" controller
if cmOptions.IsControllerEnabled("helmapplication") {
reconcileHelmApp := (&helmapplication.ReconcileHelmApplication{})
addControllerWithSetup(mgr, "helmapplication", reconcileHelmApp)
}
// "helmapplicationversion" controller
if cmOptions.IsControllerEnabled("helmapplicationversion") {
reconcileHelmAppVersion := (&helmapplication.ReconcileHelmApplicationVersion{})
addControllerWithSetup(mgr, "helmapplicationversion", reconcileHelmAppVersion)
}
}
// "helmrelease" controller
if cmOptions.IsControllerEnabled("helmrelease") {
reconcileHelmRelease := &helmrelease.ReconcileHelmRelease{
// nil interface is valid value.
StorageClient: opS3Client,
KsFactory: informerFactory.KubeSphereSharedInformerFactory(),
MultiClusterEnable: cmOptions.MultiClusterOptions.Enable,
WaitTime: cmOptions.OpenPitrixOptions.ReleaseControllerOptions.WaitTime,
MaxConcurrent: cmOptions.OpenPitrixOptions.ReleaseControllerOptions.MaxConcurrent,
StopChan: stopCh,
}
addControllerWithSetup(mgr, "helmrelease", reconcileHelmRelease)
}
// "helm" controller
if cmOptions.IsControllerEnabled("helm") {
if !cmOptions.GatewayOptions.IsEmpty() {
helmReconciler := &helm.Reconciler{GatewayOptions: cmOptions.GatewayOptions}
addControllerWithSetup(mgr, "helm", helmReconciler)
}
}
// "application" controller
if cmOptions.IsControllerEnabled("application") {
selector, _ := labels.Parse(cmOptions.ApplicationSelector)
applicationReconciler := &application.ApplicationReconciler{
Scheme: mgr.GetScheme(),
Client: mgr.GetClient(),
Mapper: mgr.GetRESTMapper(),
ApplicationSelector: selector,
}
addControllerWithSetup(mgr, "application", applicationReconciler)
}
// "serviceaccount" controller
if cmOptions.IsControllerEnabled("serviceaccount") {
saReconciler := &serviceaccount.Reconciler{}
addControllerWithSetup(mgr, "serviceaccount", saReconciler)
}
// "resourcequota" controller
if cmOptions.IsControllerEnabled("resourcequota") {
resourceQuotaReconciler := &quota.Reconciler{
MaxConcurrentReconciles: quota.DefaultMaxConcurrentReconciles,
ResyncPeriod: quota.DefaultResyncPeriod,
InformerFactory: informerFactory.KubernetesSharedInformerFactory(),
}
addControllerWithSetup(mgr, "resourcequota", resourceQuotaReconciler)
}
serviceMeshEnabled := cmOptions.ServiceMeshOptions != nil && len(cmOptions.ServiceMeshOptions.IstioPilotHost) != 0
if serviceMeshEnabled {
// "virtualservice" controller
if cmOptions.IsControllerEnabled("virtualservice") {
vsController := virtualservice.NewVirtualServiceController(kubernetesInformer.Core().V1().Services(),
istioInformer.Networking().V1alpha3().VirtualServices(),
istioInformer.Networking().V1alpha3().DestinationRules(),
kubesphereInformer.Servicemesh().V1alpha2().Strategies(),
client.Kubernetes(),
client.Istio(),
client.KubeSphere())
addController(mgr, "virtualservice", vsController)
}
// "destinationrule" controller
if cmOptions.IsControllerEnabled("destinationrule") {
drController := destinationrule.NewDestinationRuleController(kubernetesInformer.Apps().V1().Deployments(),
istioInformer.Networking().V1alpha3().DestinationRules(),
kubernetesInformer.Core().V1().Services(),
kubesphereInformer.Servicemesh().V1alpha2().ServicePolicies(),
client.Kubernetes(),
client.Istio(),
client.KubeSphere())
addController(mgr, "destinationrule", drController)
}
}
// "job" controller
if cmOptions.IsControllerEnabled("job") {
jobController := job.NewJobController(kubernetesInformer.Batch().V1().Jobs(), client.Kubernetes())
addController(mgr, "job", jobController)
}
// "storagecapability" controller
if cmOptions.IsControllerEnabled("storagecapability") {
storageCapabilityController := capability.NewController(
client.Kubernetes().StorageV1().StorageClasses(),
kubernetesInformer.Storage().V1().StorageClasses(),
kubernetesInformer.Storage().V1().CSIDrivers(),
)
addController(mgr, "storagecapability", storageCapabilityController)
}
// "volumesnapshot" controller
if cmOptions.IsControllerEnabled("volumesnapshot") {
volumeSnapshotController := snapshotclass.NewController(
kubernetesInformer.Storage().V1().StorageClasses(),
client.Snapshot().SnapshotV1().VolumeSnapshotClasses(),
informerFactory.SnapshotSharedInformerFactory().Snapshot().V1().VolumeSnapshotClasses(),
)
addController(mgr, "volumesnapshot", volumeSnapshotController)
}
// "pvc-autoresizer"
monitoringOptionsEnable := cmOptions.MonitoringOptions != nil && len(cmOptions.MonitoringOptions.Endpoint) != 0
if monitoringOptionsEnable {
if cmOptions.IsControllerEnabled("pvc-autoresizer") {
if err := runners.SetupIndexer(mgr, false); err != nil {
return err
}
promClient, err := runners.NewPrometheusClient(cmOptions.MonitoringOptions.Endpoint)
if err != nil {
return err
}
pvcAutoResizerController := runners.NewPVCAutoresizer(
promClient,
mgr.GetClient(),
ctrl.Log.WithName("pvc-autoresizer"),
1*time.Minute,
mgr.GetEventRecorderFor("pvc-autoresizer"),
)
addController(mgr, "pvcautoresizer", pvcAutoResizerController)
}
}
if cmOptions.IsControllerEnabled("pvc-workload-restarter") {
restarter := runners.NewRestarter(
mgr.GetClient(),
ctrl.Log.WithName("pvc-workload-restarter"),
1*time.Minute,
mgr.GetEventRecorderFor("pvc-workload-restarter"),
)
addController(mgr, "pvcworkloadrestarter", restarter)
}
// "loginrecord" controller
if cmOptions.IsControllerEnabled("loginrecord") {
loginRecordController := loginrecord.NewLoginRecordController(
client.Kubernetes(),
client.KubeSphere(),
kubesphereInformer.Iam().V1alpha2().LoginRecords(),
kubesphereInformer.Iam().V1alpha2().Users(),
cmOptions.AuthenticationOptions.LoginHistoryRetentionPeriod,
cmOptions.AuthenticationOptions.LoginHistoryMaximumEntries)
addController(mgr, "loginrecord", loginRecordController)
}
// "csr" controller
if cmOptions.IsControllerEnabled("csr") {
csrController := certificatesigningrequest.NewController(client.Kubernetes(),
kubernetesInformer.Certificates().V1().CertificateSigningRequests(),
kubernetesInformer.Core().V1().ConfigMaps(), client.Config())
addController(mgr, "csr", csrController)
}
// "clusterrolebinding" controller
if cmOptions.IsControllerEnabled("clusterrolebinding") {
clusterRoleBindingController := clusterrolebinding.NewController(client.Kubernetes(),
kubernetesInformer.Rbac().V1().ClusterRoleBindings(),
kubernetesInformer.Apps().V1().Deployments(),
kubernetesInformer.Core().V1().Pods(),
kubesphereInformer.Iam().V1alpha2().Users(),
cmOptions.AuthenticationOptions.KubectlImage)
addController(mgr, "clusterrolebinding", clusterRoleBindingController)
}
// "fedglobalrolecache" controller
var fedGlobalRoleCache cache.Store
var fedGlobalRoleCacheController cache.Controller
if cmOptions.IsControllerEnabled("fedglobalrolecache") {
if cmOptions.MultiClusterOptions.Enable {
fedGlobalRoleClient, err := util.NewResourceClient(client.Config(), &iamv1alpha2.FedGlobalRoleResource)
if err != nil {
klog.Fatalf("Unable to create FedGlobalRole controller: %v", err)
}
fedGlobalRoleCache, fedGlobalRoleCacheController = util.NewResourceInformer(fedGlobalRoleClient, "",
&iamv1alpha2.FedGlobalRoleResource, func(object runtimeclient.Object) {})
go fedGlobalRoleCacheController.Run(stopCh)
addSuccessfullyControllers.Insert("fedglobalrolecache")
}
}
// "globalrole" controller
if cmOptions.IsControllerEnabled("globalrole") {
if cmOptions.MultiClusterOptions.Enable {
globalRoleController := globalrole.NewController(client.Kubernetes(), client.KubeSphere(),
kubesphereInformer.Iam().V1alpha2().GlobalRoles(), fedGlobalRoleCache, fedGlobalRoleCacheController)
addController(mgr, "globalrole", globalRoleController)
}
}
// "fedglobalrolebindingcache" controller
var fedGlobalRoleBindingCache cache.Store
var fedGlobalRoleBindingCacheController cache.Controller
if cmOptions.IsControllerEnabled("fedglobalrolebindingcache") {
if cmOptions.MultiClusterOptions.Enable {
fedGlobalRoleBindingClient, err := util.NewResourceClient(client.Config(), &iamv1alpha2.FedGlobalRoleBindingResource)
if err != nil {
klog.Fatalf("Unable to create FedGlobalRoleBinding controller: %v", err)
}
fedGlobalRoleBindingCache, fedGlobalRoleBindingCacheController = util.NewResourceInformer(fedGlobalRoleBindingClient, "",
&iamv1alpha2.FedGlobalRoleBindingResource, func(object runtimeclient.Object) {})
go fedGlobalRoleBindingCacheController.Run(stopCh)
addSuccessfullyControllers.Insert("fedglobalrolebindingcache")
}
}
// "globalrolebinding" controller
if cmOptions.IsControllerEnabled("globalrolebinding") {
globalRoleBindingController := globalrolebinding.NewController(client.Kubernetes(), client.KubeSphere(),
kubesphereInformer.Iam().V1alpha2().GlobalRoleBindings(),
fedGlobalRoleBindingCache, fedGlobalRoleBindingCacheController,
cmOptions.MultiClusterOptions.Enable)
addController(mgr, "globalrolebinding", globalRoleBindingController)
}
// "groupbinding" controller
if cmOptions.IsControllerEnabled("groupbinding") {
groupBindingController := groupbinding.NewController(client.Kubernetes(), client.KubeSphere(),
kubesphereInformer.Iam().V1alpha2().GroupBindings(),
kubesphereInformer.Types().V1beta1().FederatedGroupBindings(),
cmOptions.MultiClusterOptions.Enable)
addController(mgr, "groupbinding", groupBindingController)
}
// "group" controller
if cmOptions.IsControllerEnabled("group") {
groupController := group.NewController(client.Kubernetes(), client.KubeSphere(),
kubesphereInformer.Iam().V1alpha2().Groups(),
kubesphereInformer.Types().V1beta1().FederatedGroups(),
cmOptions.MultiClusterOptions.Enable)
addController(mgr, "group", groupController)
}
// "cluster" controller
if cmOptions.IsControllerEnabled("cluster") {
if cmOptions.MultiClusterOptions.Enable {
clusterController := cluster.NewClusterController(
client.Kubernetes(),
client.KubeSphere(),
client.Config(),
kubesphereInformer.Cluster().V1alpha1().Clusters(),
kubesphereInformer.Iam().V1alpha2().Users().Lister(),
cmOptions.MultiClusterOptions.ClusterControllerResyncPeriod,
cmOptions.MultiClusterOptions.HostClusterName,
)
addController(mgr, "cluster", clusterController)
}
}
// "nsnp" controller
if cmOptions.IsControllerEnabled("nsnp") {
if cmOptions.NetworkOptions.EnableNetworkPolicy {
nsnpProvider, err := provider.NewNsNetworkPolicyProvider(client.Kubernetes(), kubernetesInformer.Networking().V1().NetworkPolicies())
if err != nil {
klog.Fatalf("Unable to create NSNetworkPolicy controller: %v", err)
}
nsnpController := nsnetworkpolicy.NewNSNetworkPolicyController(client.Kubernetes(),
client.KubeSphere().NetworkV1alpha1(),
kubesphereInformer.Network().V1alpha1().NamespaceNetworkPolicies(),
kubernetesInformer.Core().V1().Services(),
kubernetesInformer.Core().V1().Nodes(),
kubesphereInformer.Tenant().V1alpha1().Workspaces(),
kubernetesInformer.Core().V1().Namespaces(), nsnpProvider, cmOptions.NetworkOptions.NSNPOptions)
addController(mgr, "nsnp", nsnpController)
}
}
// "ippool" controller
if cmOptions.IsControllerEnabled("ippool") {
ippoolProvider := ippoolclient.NewProvider(kubernetesInformer, client.KubeSphere(), client.Kubernetes(),
cmOptions.NetworkOptions.IPPoolType, cmOptions.KubernetesOptions)
if ippoolProvider != nil {
ippoolController := ippool.NewIPPoolController(kubesphereInformer, kubernetesInformer, client.Kubernetes(),
client.KubeSphere(), ippoolProvider)
addController(mgr, "ippool", ippoolController)
}
}
// "notification" controller
if cmOptions.IsControllerEnabled("notification") {
if cmOptions.MultiClusterOptions.Enable {
notificationController, err := notification.NewController(client.Kubernetes(), mgr.GetClient(), mgr.GetCache())
if err != nil {
klog.Fatalf("Unable to create Notification controller: %v", err)
}
addController(mgr, "notification", notificationController)
}
}
// log all controllers process result
for _, name := range allControllers {
if cmOptions.IsControllerEnabled(name) {
if addSuccessfullyControllers.Has(name) {
klog.Infof("%s controller is enabled and added successfully.", name)
} else {
klog.Infof("%s controller is enabled but is not going to run due to its dependent component being disabled.", name)
}
} else {
klog.Infof("%s controller is disabled by controller selectors.", name)
}
}
return nil
}
var addSuccessfullyControllers = sets.NewString()
type setupableController interface {
SetupWithManager(mgr ctrl.Manager) error
}
func addControllerWithSetup(mgr manager.Manager, name string, controller setupableController) {
if err := controller.SetupWithManager(mgr); err != nil {
klog.Fatalf("Unable to create %v controller: %v", name, err)
}
addSuccessfullyControllers.Insert(name)
}
func addController(mgr manager.Manager, name string, controller manager.Runnable) {
if err := mgr.Add(controller); err != nil {
klog.Fatalf("Unable to create %v controller: %v", name, err)
}
addSuccessfullyControllers.Insert(name)
}

56
cmd/controller-manager/app/helper.go
View File

@@ -1,56 +0,0 @@
/*
Copyright 2020 KubeSphere Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app
import (
"context"
"fmt"
"net/http"
"time"
"k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/klog"
)
// WaitForAPIServer waits for the API Server's /healthz endpoint to report "ok" before timeout.
func WaitForAPIServer(client clientset.Interface, timeout time.Duration) error {
var lastErr error
err := wait.PollImmediate(time.Second, timeout, func() (bool, error) {
healthStatus := 0
result := client.Discovery().RESTClient().Get().AbsPath("/healthz").Do(context.Background()).StatusCode(&healthStatus)
if result.Error() != nil {
lastErr = fmt.Errorf("failed to get apiserver /healthz status: %v", result.Error())
return false, nil
}
if healthStatus != http.StatusOK {
content, _ := result.Raw()
lastErr = fmt.Errorf("APIServer isn't healthy: %v", string(content))
klog.Warningf("APIServer isn't healthy yet: %v. Waiting a little while.", string(content))
return false, nil
}
return true, nil
})
if err != nil {
return fmt.Errorf("%v: %v", err, lastErr)
}
return nil
}

245
cmd/controller-manager/app/options/options.go
View File

@@ -1,245 +0,0 @@
/*
Copyright 2020 KubeSphere Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
import (
"flag"
"fmt"
"strings"
"time"
"kubesphere.io/kubesphere/pkg/simple/client/monitoring/prometheus"
controllerconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
"k8s.io/apimachinery/pkg/util/sets"
"kubesphere.io/kubesphere/pkg/apiserver/authentication"
"k8s.io/apimachinery/pkg/labels"
"github.com/spf13/pflag"
"k8s.io/client-go/tools/leaderelection"
cliflag "k8s.io/component-base/cli/flag"
"k8s.io/klog"
"kubesphere.io/kubesphere/pkg/simple/client/devops/jenkins"
"kubesphere.io/kubesphere/pkg/simple/client/gateway"
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
ldapclient "kubesphere.io/kubesphere/pkg/simple/client/ldap"
"kubesphere.io/kubesphere/pkg/simple/client/multicluster"
"kubesphere.io/kubesphere/pkg/simple/client/network"
"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
"kubesphere.io/kubesphere/pkg/simple/client/s3"
"kubesphere.io/kubesphere/pkg/simple/client/servicemesh"
)
type KubeSphereControllerManagerOptions struct {
KubernetesOptions *k8s.KubernetesOptions
DevopsOptions *jenkins.Options
S3Options *s3.Options
AuthenticationOptions *authentication.Options
LdapOptions *ldapclient.Options
OpenPitrixOptions *openpitrix.Options
NetworkOptions *network.Options
MultiClusterOptions *multicluster.Options
ServiceMeshOptions *servicemesh.Options
GatewayOptions *gateway.Options
MonitoringOptions *prometheus.Options
LeaderElect bool
LeaderElection *leaderelection.LeaderElectionConfig
WebhookCertDir string
// KubeSphere is using sigs.k8s.io/application as fundamental object to implement Application Management.
// There are other projects also built on sigs.k8s.io/application, when KubeSphere installed along side
// them, conflicts happen. So we leave an option to only reconcile applications matched with the given
// selector. Default will reconcile all applications.
// For example
// "kubesphere.io/creator=" means reconcile applications with this label key
// "!kubesphere.io/creator" means exclude applications with this key
ApplicationSelector string
// ControllerGates is the list of controller gates to enable or disable controller.
// '*' means "all enabled by default controllers"
// 'foo' means "enable 'foo'"
// '-foo' means "disable 'foo'"
// first item for a particular name wins.
// e.g. '-foo,foo' means "disable foo", 'foo,-foo' means "enable foo"
// * has the lowest priority.
// e.g. *,-foo, means "disable 'foo'"
ControllerGates []string
// Enable gops or not.
GOPSEnabled bool
}
func NewKubeSphereControllerManagerOptions() *KubeSphereControllerManagerOptions {
s := &KubeSphereControllerManagerOptions{
KubernetesOptions: k8s.NewKubernetesOptions(),
DevopsOptions: jenkins.NewDevopsOptions(),
S3Options: s3.NewS3Options(),
LdapOptions: ldapclient.NewOptions(),
OpenPitrixOptions: openpitrix.NewOptions(),
NetworkOptions: network.NewNetworkOptions(),
MultiClusterOptions: multicluster.NewOptions(),
ServiceMeshOptions: servicemesh.NewServiceMeshOptions(),
AuthenticationOptions: authentication.NewOptions(),
GatewayOptions: gateway.NewGatewayOptions(),
LeaderElection: &leaderelection.LeaderElectionConfig{
LeaseDuration: 30 * time.Second,
RenewDeadline: 15 * time.Second,
RetryPeriod: 5 * time.Second,
},
LeaderElect: false,
WebhookCertDir: "",
ApplicationSelector: "",
ControllerGates: []string{"*"},
}
return s
}
func (s *KubeSphereControllerManagerOptions) Flags(allControllerNameSelectors []string) cliflag.NamedFlagSets {
fss := cliflag.NamedFlagSets{}
s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes"), s.KubernetesOptions)
s.DevopsOptions.AddFlags(fss.FlagSet("devops"), s.DevopsOptions)
s.S3Options.AddFlags(fss.FlagSet("s3"), s.S3Options)
s.AuthenticationOptions.AddFlags(fss.FlagSet("authentication"), s.AuthenticationOptions)
s.LdapOptions.AddFlags(fss.FlagSet("ldap"), s.LdapOptions)
s.OpenPitrixOptions.AddFlags(fss.FlagSet("openpitrix"), s.OpenPitrixOptions)
s.NetworkOptions.AddFlags(fss.FlagSet("network"), s.NetworkOptions)
s.MultiClusterOptions.AddFlags(fss.FlagSet("multicluster"), s.MultiClusterOptions)
s.ServiceMeshOptions.AddFlags(fss.FlagSet("servicemesh"), s.ServiceMeshOptions)
s.GatewayOptions.AddFlags(fss.FlagSet("gateway"), s.GatewayOptions)
fs := fss.FlagSet("leaderelection")
s.bindLeaderElectionFlags(s.LeaderElection, fs)
fs.BoolVar(&s.LeaderElect, "leader-elect", s.LeaderElect, ""+
"Whether to enable leader election. This field should be enabled when controller manager"+
"deployed with multiple replicas.")
fs.StringVar(&s.WebhookCertDir, "webhook-cert-dir", s.WebhookCertDir, ""+
"Certificate directory used to setup webhooks, need tls.crt and tls.key placed inside."+
"if not set, webhook server would look up the server key and certificate in"+
"{TempDir}/k8s-webhook-server/serving-certs")
gfs := fss.FlagSet("generic")
gfs.StringVar(&s.ApplicationSelector, "application-selector", s.ApplicationSelector, ""+
"Only reconcile application(sigs.k8s.io/application) objects match given selector, this could avoid conflicts with "+
"other projects built on top of sig-application. Default behavior is to reconcile all of application objects.")
gfs.StringSliceVar(&s.ControllerGates, "controllers", []string{"*"}, fmt.Sprintf(""+
"A list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller "+
"named 'foo', '-foo' disables the controller named 'foo'.\nAll controllers: %s",
strings.Join(allControllerNameSelectors, ", ")))
gfs.BoolVar(&s.GOPSEnabled, "gops", s.GOPSEnabled, "Whether to enable gops or not. When enabled this option, "+
"controller-manager will listen on a random port on 127.0.0.1, then you can use the gops tool to list and diagnose the controller-manager currently running.")
kfs := fss.FlagSet("klog")
local := flag.NewFlagSet("klog", flag.ExitOnError)
klog.InitFlags(local)
local.VisitAll(func(fl *flag.Flag) {
fl.Name = strings.Replace(fl.Name, "_", "-", -1)
kfs.AddGoFlag(fl)
})
return fss
}
// Validate Options and Genetic Options
func (o *KubeSphereControllerManagerOptions) Validate(allControllerNameSelectors []string) []error {
var errs []error
errs = append(errs, o.DevopsOptions.Validate()...)
errs = append(errs, o.KubernetesOptions.Validate()...)
errs = append(errs, o.S3Options.Validate()...)
errs = append(errs, o.OpenPitrixOptions.Validate()...)
errs = append(errs, o.NetworkOptions.Validate()...)
errs = append(errs, o.LdapOptions.Validate()...)
errs = append(errs, o.MultiClusterOptions.Validate()...)
// genetic option: application-selector
if len(o.ApplicationSelector) != 0 {
_, err := labels.Parse(o.ApplicationSelector)
if err != nil {
errs = append(errs, err)
}
}
// genetic option: controllers, check all selectors are valid
allControllersNameSet := sets.NewString(allControllerNameSelectors...)
for _, selector := range o.ControllerGates {
if selector == "*" {
continue
}
selector = strings.TrimPrefix(selector, "-")
if !allControllersNameSet.Has(selector) {
errs = append(errs, fmt.Errorf("%q is not in the list of known controllers", selector))
}
}
return errs
}
// IsControllerEnabled check if a specified controller enabled or not.
func (o *KubeSphereControllerManagerOptions) IsControllerEnabled(name string) bool {
hasStar := false
for _, ctrl := range o.ControllerGates {
if ctrl == name {
return true
}
if ctrl == "-"+name {
return false
}
if ctrl == "*" {
hasStar = true
}
}
return hasStar
}
func (s *KubeSphereControllerManagerOptions) bindLeaderElectionFlags(l *leaderelection.LeaderElectionConfig, fs *pflag.FlagSet) {
fs.DurationVar(&l.LeaseDuration, "leader-elect-lease-duration", l.LeaseDuration, ""+
"The duration that non-leader candidates will wait after observing a leadership "+
"renewal until attempting to acquire leadership of a led but unrenewed leader "+
"slot. This is effectively the maximum duration that a leader can be stopped "+
"before it is replaced by another candidate. This is only applicable if leader "+
"election is enabled.")
fs.DurationVar(&l.RenewDeadline, "leader-elect-renew-deadline", l.RenewDeadline, ""+
"The interval between attempts by the acting master to renew a leadership slot "+
"before it stops leading. This must be less than or equal to the lease duration. "+
"This is only applicable if leader election is enabled.")
fs.DurationVar(&l.RetryPeriod, "leader-elect-retry-period", l.RetryPeriod, ""+
"The duration the clients should wait between attempting acquisition and renewal "+
"of a leadership. This is only applicable if leader election is enabled.")
}
// MergeConfig merge new config without validation
// When misconfigured, the app should just crash directly
func (s *KubeSphereControllerManagerOptions) MergeConfig(cfg *controllerconfig.Config) {
s.KubernetesOptions = cfg.KubernetesOptions
s.DevopsOptions = cfg.DevopsOptions
s.S3Options = cfg.S3Options
s.AuthenticationOptions = cfg.AuthenticationOptions
s.LdapOptions = cfg.LdapOptions
s.OpenPitrixOptions = cfg.OpenPitrixOptions
s.NetworkOptions = cfg.NetworkOptions
s.MultiClusterOptions = cfg.MultiClusterOptions
s.ServiceMeshOptions = cfg.ServiceMeshOptions
s.GatewayOptions = cfg.GatewayOptions
}

81
cmd/controller-manager/app/options/options_test.go
View File

@@ -1,81 +0,0 @@
// Copyright 2022 The KubeSphere Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
package options
import (
"testing"
"github.com/stretchr/testify/assert"
)
// ref: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/controller-manager/app/helper_test.go
func TestIsControllerEnabled(t *testing.T) {
testcases := []struct {
name string
controllerName string
controllerFlags []string
expected bool
}{
{
name: "on by name",
controllerName: "bravo",
controllerFlags: []string{"alpha", "bravo", "-charlie"},
expected: true,
},
{
name: "off by name",
controllerName: "charlie",
controllerFlags: []string{"alpha", "bravo", "-charlie"},
expected: false,
},
{
name: "on by default",
controllerName: "alpha",
controllerFlags: []string{"*"},
expected: true,
},
{
name: "on by star, not off by name",
controllerName: "alpha",
controllerFlags: []string{"*", "-charlie"},
expected: true,
},
{
name: "off by name with star",
controllerName: "charlie",
controllerFlags: []string{"*", "-charlie"},
expected: false,
},
{
name: "off then on",
controllerName: "alpha",
controllerFlags: []string{"-alpha", "alpha"},
expected: false,
},
{
name: "on then off",
controllerName: "alpha",
controllerFlags: []string{"alpha", "-alpha"},
expected: true,
},
}
for _, tc := range testcases {
option := NewKubeSphereControllerManagerOptions()
option.ControllerGates = tc.controllerFlags
actual := option.IsControllerEnabled(tc.controllerName)
assert.Equal(t, tc.expected, actual, "%v: expected %v, got %v", tc.name, tc.expected, actual)
}
}

258
cmd/controller-manager/app/server.go
View File

@@ -1,258 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app
import (
"context"
"fmt"
"os"
"github.com/google/gops/agent"
"github.com/spf13/cobra"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
cliflag "k8s.io/component-base/cli/flag"
"k8s.io/klog"
"k8s.io/klog/klogr"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/manager"
"sigs.k8s.io/controller-runtime/pkg/manager/signals"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"kubesphere.io/kubesphere/cmd/controller-manager/app/options"
"kubesphere.io/kubesphere/pkg/apis"
controllerconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
"kubesphere.io/kubesphere/pkg/controller/network/webhooks"
"kubesphere.io/kubesphere/pkg/controller/quota"
"kubesphere.io/kubesphere/pkg/controller/user"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
"kubesphere.io/kubesphere/pkg/simple/client/s3"
"kubesphere.io/kubesphere/pkg/utils/metrics"
"kubesphere.io/kubesphere/pkg/utils/term"
"kubesphere.io/kubesphere/pkg/version"
)
func NewControllerManagerCommand() *cobra.Command {
s := options.NewKubeSphereControllerManagerOptions()
conf, err := controllerconfig.TryLoadFromDisk()
if err == nil {
// make sure LeaderElection is not nil
s = &options.KubeSphereControllerManagerOptions{
KubernetesOptions: conf.KubernetesOptions,
DevopsOptions: conf.DevopsOptions,
S3Options: conf.S3Options,
AuthenticationOptions: conf.AuthenticationOptions,
LdapOptions: conf.LdapOptions,
OpenPitrixOptions: conf.OpenPitrixOptions,
NetworkOptions: conf.NetworkOptions,
MultiClusterOptions: conf.MultiClusterOptions,
ServiceMeshOptions: conf.ServiceMeshOptions,
GatewayOptions: conf.GatewayOptions,
MonitoringOptions: conf.MonitoringOptions,
LeaderElection: s.LeaderElection,
LeaderElect: s.LeaderElect,
WebhookCertDir: s.WebhookCertDir,
}
} else {
klog.Fatal("Failed to load configuration from disk", err)
}
cmd := &cobra.Command{
Use: "controller-manager",
Long: `KubeSphere controller manager is a daemon that embeds the control loops shipped with KubeSphere.`,
Run: func(cmd *cobra.Command, args []string) {
if errs := s.Validate(allControllers); len(errs) != 0 {
klog.Error(utilerrors.NewAggregate(errs))
os.Exit(1)
}
if s.GOPSEnabled {
// Add agent to report additional information such as the current stack trace, Go version, memory stats, etc.
// Bind to a random port on address 127.0.0.1
if err := agent.Listen(agent.Options{}); err != nil {
klog.Fatal(err)
}
}
if err = Run(s, controllerconfig.WatchConfigChange(), signals.SetupSignalHandler()); err != nil {
klog.Error(err)
os.Exit(1)
}
},
SilenceUsage: true,
}
fs := cmd.Flags()
namedFlagSets := s.Flags(allControllers)
for _, f := range namedFlagSets.FlagSets {
fs.AddFlagSet(f)
}
usageFmt := "Usage:\n %s\n"
cols, _, _ := term.TerminalSize(cmd.OutOrStdout())
cmd.SetHelpFunc(func(cmd *cobra.Command, args []string) {
_, _ = fmt.Fprintf(cmd.OutOrStdout(), "%s\n\n"+usageFmt, cmd.Long, cmd.UseLine())
cliflag.PrintSections(cmd.OutOrStdout(), namedFlagSets, cols)
})
versionCmd := &cobra.Command{
Use: "version",
Short: "Print the version of KubeSphere controller-manager",
Run: func(cmd *cobra.Command, args []string) {
cmd.Println(version.Get())
},
}
cmd.AddCommand(versionCmd)
return cmd
}
func Run(s *options.KubeSphereControllerManagerOptions, configCh <-chan controllerconfig.Config, ctx context.Context) error {
ictx, cancelFunc := context.WithCancel(context.TODO())
errCh := make(chan error)
defer close(errCh)
go func() {
if err := run(s, ictx); err != nil {
errCh <- err
}
}()
// The ctx (signals.SetupSignalHandler()) is to control the entire program life cycle,
// The ictx(internal context) is created here to control the life cycle of the controller-manager(all controllers, sharedInformer, webhook etc.)
// when config changed, stop server and renew context, start new server
for {
select {
case <-ctx.Done():
cancelFunc()
return nil
case cfg := <-configCh:
cancelFunc()
s.MergeConfig(&cfg)
ictx, cancelFunc = context.WithCancel(context.TODO())
go func() {
if err := run(s, ictx); err != nil {
errCh <- err
}
}()
case err := <-errCh:
cancelFunc()
return err
}
}
}
func run(s *options.KubeSphereControllerManagerOptions, ctx context.Context) error {
kubernetesClient, err := k8s.NewKubernetesClient(s.KubernetesOptions)
if err != nil {
klog.Errorf("Failed to create kubernetes clientset %v", err)
return err
}
if s.S3Options != nil && len(s.S3Options.Endpoint) != 0 {
_, err = s3.NewS3Client(s.S3Options)
if err != nil {
return fmt.Errorf("failed to connect to s3, please check s3 service status, error: %v", err)
}
}
informerFactory := informers.NewInformerFactories(
kubernetesClient.Kubernetes(),
kubernetesClient.KubeSphere(),
kubernetesClient.Istio(),
kubernetesClient.Snapshot(),
kubernetesClient.ApiExtensions(),
kubernetesClient.Prometheus())
mgrOptions := manager.Options{
CertDir: s.WebhookCertDir,
Port: 8443,
}
if s.LeaderElect {
mgrOptions = manager.Options{
CertDir: s.WebhookCertDir,
Port: 8443,
LeaderElection: s.LeaderElect,
LeaderElectionNamespace: "kubesphere-system",
LeaderElectionID: "ks-controller-manager-leader-election",
LeaseDuration: &s.LeaderElection.LeaseDuration,
RetryPeriod: &s.LeaderElection.RetryPeriod,
RenewDeadline: &s.LeaderElection.RenewDeadline,
}
}
klog.V(0).Info("setting up manager")
ctrl.SetLogger(klogr.New())
// Use 8443 instead of 443 cause we need root permission to bind port 443
mgr, err := manager.New(kubernetesClient.Config(), mgrOptions)
if err != nil {
klog.Fatalf("unable to set up overall controller manager: %v", err)
}
if err = apis.AddToScheme(mgr.GetScheme()); err != nil {
klog.Fatalf("unable add APIs to scheme: %v", err)
}
// register common meta types into schemas.
metav1.AddToGroupVersion(mgr.GetScheme(), metav1.SchemeGroupVersion)
// TODO(jeff): refactor config with CRD
// install all controllers
if err = addAllControllers(mgr,
kubernetesClient,
informerFactory,
s,
ctx.Done()); err != nil {
klog.Fatalf("unable to register controllers to the manager: %v", err)
}
// Start cache data after all informer is registered
klog.V(0).Info("Starting cache resource from apiserver...")
informerFactory.Start(ctx.Done())
// Setup webhooks
klog.V(2).Info("setting up webhook server")
hookServer := mgr.GetWebhookServer()
klog.V(2).Info("registering webhooks to the webhook server")
hookServer.Register("/validate-email-iam-kubesphere-io-v1alpha2", &webhook.Admission{Handler: &user.EmailValidator{Client: mgr.GetClient()}})
hookServer.Register("/validate-network-kubesphere-io-v1alpha1", &webhook.Admission{Handler: &webhooks.ValidatingHandler{C: mgr.GetClient()}})
hookServer.Register("/mutate-network-kubesphere-io-v1alpha1", &webhook.Admission{Handler: &webhooks.MutatingHandler{C: mgr.GetClient()}})
hookServer.Register("/persistentvolumeclaims", &webhook.Admission{Handler: &webhooks.AccessorHandler{C: mgr.GetClient()}})
resourceQuotaAdmission, err := quota.NewResourceQuotaAdmission(mgr.GetClient(), mgr.GetScheme())
if err != nil {
klog.Fatalf("unable to create resource quota admission: %v", err)
}
hookServer.Register("/validate-quota-kubesphere-io-v1alpha2", &webhook.Admission{Handler: resourceQuotaAdmission})
klog.V(2).Info("registering metrics to the webhook server")
// Add an extra metric endpoint, so we can use the the same metric definition with ks-apiserver
// /kapis/metrics is independent of controller-manager's built-in /metrics
mgr.AddMetricsExtraHandler("/kapis/metrics", metrics.Handler())
klog.V(0).Info("Starting the controllers.")
if err = mgr.Start(ctx); err != nil {
klog.Fatalf("unable to run the manager: %v", err)
}
return nil
}

31
cmd/controller-manager/controller-manager.go
View File

@@ -1,31 +0,0 @@
/*
Copyright 2020 KubeSphere Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"os"
"kubesphere.io/kubesphere/cmd/controller-manager/app"
)
func main() {
command := app.NewControllerManagerCommand()
if err := command.Execute(); err != nil {
os.Exit(1)
}
}

32
cmd/ks-apiserver/apiserver.go
View File

@@ -1,32 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"log"
"kubesphere.io/kubesphere/cmd/ks-apiserver/app"
)
func main() {
cmd := app.NewAPIServerCommand()
if err := cmd.Execute(); err != nil {
log.Fatalln(err)
}
}

266
cmd/ks-apiserver/app/options/options.go
View File

@@ -1,266 +0,0 @@
/*
Copyright 2020 KubeSphere Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
import (
"crypto/tls"
"flag"
"fmt"
openpitrixv1 "kubesphere.io/kubesphere/pkg/kapis/openpitrix/v1"
"kubesphere.io/kubesphere/pkg/utils/clusterclient"
"kubesphere.io/kubesphere/pkg/apiserver/authentication/token"
"k8s.io/client-go/kubernetes/scheme"
cliflag "k8s.io/component-base/cli/flag"
"k8s.io/klog"
runtimecache "sigs.k8s.io/controller-runtime/pkg/cache"
runtimeclient "sigs.k8s.io/controller-runtime/pkg/client"
"kubesphere.io/kubesphere/pkg/apis"
"kubesphere.io/kubesphere/pkg/apiserver"
apiserverconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
"kubesphere.io/kubesphere/pkg/informers"
genericoptions "kubesphere.io/kubesphere/pkg/server/options"
"kubesphere.io/kubesphere/pkg/simple/client/alerting"
auditingclient "kubesphere.io/kubesphere/pkg/simple/client/auditing/elasticsearch"
"kubesphere.io/kubesphere/pkg/simple/client/cache"
"net/http"
"strings"
"kubesphere.io/kubesphere/pkg/simple/client/devops/jenkins"
eventsclient "kubesphere.io/kubesphere/pkg/simple/client/events/elasticsearch"
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
esclient "kubesphere.io/kubesphere/pkg/simple/client/logging/elasticsearch"
"kubesphere.io/kubesphere/pkg/simple/client/monitoring/metricsserver"
"kubesphere.io/kubesphere/pkg/simple/client/monitoring/prometheus"
"kubesphere.io/kubesphere/pkg/simple/client/s3"
fakes3 "kubesphere.io/kubesphere/pkg/simple/client/s3/fake"
"kubesphere.io/kubesphere/pkg/simple/client/sonarqube"
)
type ServerRunOptions struct {
ConfigFile string
GenericServerRunOptions *genericoptions.ServerRunOptions
*apiserverconfig.Config
//
DebugMode bool
// Enable gops or not.
GOPSEnabled bool
}
func NewServerRunOptions() *ServerRunOptions {
s := &ServerRunOptions{
GenericServerRunOptions: genericoptions.NewServerRunOptions(),
Config: apiserverconfig.New(),
}
return s
}
func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
fs := fss.FlagSet("generic")
fs.BoolVar(&s.DebugMode, "debug", false, "Don't enable this if you don't know what it means.")
fs.BoolVar(&s.GOPSEnabled, "gops", false, "Whether to enable gops or not. When enabled this option, "+
"ks-apiserver will listen on a random port on 127.0.0.1, then you can use the gops tool to list and diagnose the ks-apiserver currently running.")
s.GenericServerRunOptions.AddFlags(fs, s.GenericServerRunOptions)
s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes"), s.KubernetesOptions)
s.AuthenticationOptions.AddFlags(fss.FlagSet("authentication"), s.AuthenticationOptions)
s.AuthorizationOptions.AddFlags(fss.FlagSet("authorization"), s.AuthorizationOptions)
s.DevopsOptions.AddFlags(fss.FlagSet("devops"), s.DevopsOptions)
s.SonarQubeOptions.AddFlags(fss.FlagSet("sonarqube"), s.SonarQubeOptions)
s.RedisOptions.AddFlags(fss.FlagSet("redis"), s.RedisOptions)
s.S3Options.AddFlags(fss.FlagSet("s3"), s.S3Options)
s.OpenPitrixOptions.AddFlags(fss.FlagSet("openpitrix"), s.OpenPitrixOptions)
s.NetworkOptions.AddFlags(fss.FlagSet("network"), s.NetworkOptions)
s.ServiceMeshOptions.AddFlags(fss.FlagSet("servicemesh"), s.ServiceMeshOptions)
s.MonitoringOptions.AddFlags(fss.FlagSet("monitoring"), s.MonitoringOptions)
s.LoggingOptions.AddFlags(fss.FlagSet("logging"), s.LoggingOptions)
s.MultiClusterOptions.AddFlags(fss.FlagSet("multicluster"), s.MultiClusterOptions)
s.EventsOptions.AddFlags(fss.FlagSet("events"), s.EventsOptions)
s.AuditingOptions.AddFlags(fss.FlagSet("auditing"), s.AuditingOptions)
s.AlertingOptions.AddFlags(fss.FlagSet("alerting"), s.AlertingOptions)
fs = fss.FlagSet("klog")
local := flag.NewFlagSet("klog", flag.ExitOnError)
klog.InitFlags(local)
local.VisitAll(func(fl *flag.Flag) {
fl.Name = strings.Replace(fl.Name, "_", "-", -1)
fs.AddGoFlag(fl)
})
return fss
}
const fakeInterface string = "FAKE"
// NewAPIServer creates an APIServer instance using given options
func (s *ServerRunOptions) NewAPIServer(stopCh <-chan struct{}) (*apiserver.APIServer, error) {
apiServer := &apiserver.APIServer{
Config: s.Config,
}
kubernetesClient, err := k8s.NewKubernetesClient(s.KubernetesOptions)
if err != nil {
return nil, err
}
apiServer.KubernetesClient = kubernetesClient
informerFactory := informers.NewInformerFactories(kubernetesClient.Kubernetes(), kubernetesClient.KubeSphere(),
kubernetesClient.Istio(), kubernetesClient.Snapshot(), kubernetesClient.ApiExtensions(), kubernetesClient.Prometheus())
apiServer.InformerFactory = informerFactory
if s.MonitoringOptions == nil || len(s.MonitoringOptions.Endpoint) == 0 {
return nil, fmt.Errorf("moinitoring service address in configuration MUST not be empty, please check configmap/kubesphere-config in kubesphere-system namespace")
} else {
monitoringClient, err := prometheus.NewPrometheus(s.MonitoringOptions)
if err != nil {
return nil, fmt.Errorf("failed to connect to prometheus, please check prometheus status, error: %v", err)
}
apiServer.MonitoringClient = monitoringClient
}
apiServer.MetricsClient = metricsserver.NewMetricsClient(kubernetesClient.Kubernetes(), s.KubernetesOptions)
if s.LoggingOptions.Host != "" {
loggingClient, err := esclient.NewClient(s.LoggingOptions)
if err != nil {
return nil, fmt.Errorf("failed to connect to elasticsearch, please check elasticsearch status, error: %v", err)
}
apiServer.LoggingClient = loggingClient
}
if s.S3Options.Endpoint != "" {
if s.S3Options.Endpoint == fakeInterface && s.DebugMode {
apiServer.S3Client = fakes3.NewFakeS3()
} else {
s3Client, err := s3.NewS3Client(s.S3Options)
if err != nil {
return nil, fmt.Errorf("failed to connect to s3, please check s3 service status, error: %v", err)
}
apiServer.S3Client = s3Client
}
}
if s.DevopsOptions.Host != "" {
devopsClient, err := jenkins.NewDevopsClient(s.DevopsOptions)
if err != nil {
return nil, fmt.Errorf("failed to connect to jenkins, please check jenkins status, error: %v", err)
}
apiServer.DevopsClient = devopsClient
}
if s.SonarQubeOptions.Host != "" {
sonarClient, err := sonarqube.NewSonarQubeClient(s.SonarQubeOptions)
if err != nil {
return nil, fmt.Errorf("failed to connecto to sonarqube, please check sonarqube status, error: %v", err)
}
apiServer.SonarClient = sonarqube.NewSonar(sonarClient.SonarQube())
}
var cacheClient cache.Interface
if s.RedisOptions != nil && len(s.RedisOptions.Host) != 0 {
if s.RedisOptions.Host == fakeInterface && s.DebugMode {
apiServer.CacheClient = cache.NewSimpleCache()
} else {
cacheClient, err = cache.NewRedisClient(s.RedisOptions, stopCh)
if err != nil {
return nil, fmt.Errorf("failed to connect to redis service, please check redis status, error: %v", err)
}
apiServer.CacheClient = cacheClient
}
} else {
klog.Warning("ks-apiserver starts without redis provided, it will use in memory cache. " +
"This may cause inconsistencies when running ks-apiserver with multiple replicas.")
apiServer.CacheClient = cache.NewSimpleCache()
}
if s.EventsOptions.Host != "" {
eventsClient, err := eventsclient.NewClient(s.EventsOptions)
if err != nil {
return nil, fmt.Errorf("failed to connect to elasticsearch, please check elasticsearch status, error: %v", err)
}
apiServer.EventsClient = eventsClient
}
if s.AuditingOptions.Host != "" {
auditingClient, err := auditingclient.NewClient(s.AuditingOptions)
if err != nil {
return nil, fmt.Errorf("failed to connect to elasticsearch, please check elasticsearch status, error: %v", err)
}
apiServer.AuditingClient = auditingClient
}
if s.AlertingOptions != nil && (s.AlertingOptions.PrometheusEndpoint != "" || s.AlertingOptions.ThanosRulerEndpoint != "") {
alertingClient, err := alerting.NewRuleClient(s.AlertingOptions)
if err != nil {
return nil, fmt.Errorf("failed to init alerting client: %v", err)
}
apiServer.AlertingClient = alertingClient
}
if s.Config.MultiClusterOptions.Enable {
cc := clusterclient.NewClusterClient(informerFactory.KubeSphereSharedInformerFactory().Cluster().V1alpha1().Clusters())
apiServer.ClusterClient = cc
}
apiServer.OpenpitrixClient = openpitrixv1.NewOpenpitrixClient(informerFactory, apiServer.KubernetesClient.KubeSphere(), s.OpenPitrixOptions, apiServer.ClusterClient, stopCh)
server := &http.Server{
Addr: fmt.Sprintf(":%d", s.GenericServerRunOptions.InsecurePort),
}
if s.GenericServerRunOptions.SecurePort != 0 {
certificate, err := tls.LoadX509KeyPair(s.GenericServerRunOptions.TlsCertFile, s.GenericServerRunOptions.TlsPrivateKey)
if err != nil {
return nil, err
}
server.TLSConfig = &tls.Config{
Certificates: []tls.Certificate{certificate},
}
server.Addr = fmt.Sprintf(":%d", s.GenericServerRunOptions.SecurePort)
}
sch := scheme.Scheme
if err := apis.AddToScheme(sch); err != nil {
klog.Fatalf("unable add APIs to scheme: %v", err)
}
apiServer.RuntimeCache, err = runtimecache.New(apiServer.KubernetesClient.Config(), runtimecache.Options{Scheme: sch})
if err != nil {
klog.Fatalf("unable to create controller runtime cache: %v", err)
}
apiServer.RuntimeClient, err = runtimeclient.New(apiServer.KubernetesClient.Config(), runtimeclient.Options{Scheme: sch})
if err != nil {
klog.Fatalf("unable to create controller runtime client: %v", err)
}
apiServer.Issuer, err = token.NewIssuer(s.AuthenticationOptions)
if err != nil {
klog.Fatalf("unable to create issuer: %v", err)
}
apiServer.Server = server
return apiServer, nil
}

41
cmd/ks-apiserver/app/options/validation.go
View File

@@ -1,41 +0,0 @@
/*
Copyright 2020 KubeSphere Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
// Validate validates server run options, to find
// options' misconfiguration
func (s *ServerRunOptions) Validate() []error {
var errors []error
errors = append(errors, s.GenericServerRunOptions.Validate()...)
errors = append(errors, s.DevopsOptions.Validate()...)
errors = append(errors, s.KubernetesOptions.Validate()...)
errors = append(errors, s.ServiceMeshOptions.Validate()...)
errors = append(errors, s.MonitoringOptions.Validate()...)
errors = append(errors, s.SonarQubeOptions.Validate()...)
errors = append(errors, s.S3Options.Validate()...)
errors = append(errors, s.OpenPitrixOptions.Validate()...)
errors = append(errors, s.NetworkOptions.Validate()...)
errors = append(errors, s.LoggingOptions.Validate()...)
errors = append(errors, s.AuthenticationOptions.Validate()...)
errors = append(errors, s.AuthorizationOptions.Validate()...)
errors = append(errors, s.EventsOptions.Validate()...)
errors = append(errors, s.AuditingOptions.Validate()...)
errors = append(errors, s.AlertingOptions.Validate()...)
return errors
}

151
cmd/ks-apiserver/app/server.go
View File

@@ -1,151 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app
import (
"context"
"fmt"
"net/http"
"github.com/google/gops/agent"
"github.com/spf13/cobra"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
cliflag "k8s.io/component-base/cli/flag"
"k8s.io/klog"
"sigs.k8s.io/controller-runtime/pkg/manager/signals"
"kubesphere.io/kubesphere/cmd/ks-apiserver/app/options"
apiserverconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
"kubesphere.io/kubesphere/pkg/utils/term"
"kubesphere.io/kubesphere/pkg/version"
)
func NewAPIServerCommand() *cobra.Command {
s := options.NewServerRunOptions()
// Load configuration from file
conf, err := apiserverconfig.TryLoadFromDisk()
if err == nil {
s = &options.ServerRunOptions{
GenericServerRunOptions: s.GenericServerRunOptions,
Config: conf,
}
} else {
klog.Fatal("Failed to load configuration from disk", err)
}
cmd := &cobra.Command{
Use: "ks-apiserver",
Long: `The KubeSphere API server validates and configures data for the API objects.
The API Server services REST operations and provides the frontend to the
cluster's shared state through which all other components interact.`,
RunE: func(cmd *cobra.Command, args []string) error {
if errs := s.Validate(); len(errs) != 0 {
return utilerrors.NewAggregate(errs)
}
if s.GOPSEnabled {
// Add agent to report additional information such as the current stack trace, Go version, memory stats, etc.
// Bind to a random port on address 127.0.0.1.
if err := agent.Listen(agent.Options{}); err != nil {
klog.Fatal(err)
}
}
return Run(s, apiserverconfig.WatchConfigChange(), signals.SetupSignalHandler())
},
SilenceUsage: true,
}
fs := cmd.Flags()
namedFlagSets := s.Flags()
for _, f := range namedFlagSets.FlagSets {
fs.AddFlagSet(f)
}
usageFmt := "Usage:\n %s\n"
cols, _, _ := term.TerminalSize(cmd.OutOrStdout())
cmd.SetHelpFunc(func(cmd *cobra.Command, args []string) {
fmt.Fprintf(cmd.OutOrStdout(), "%s\n\n"+usageFmt, cmd.Long, cmd.UseLine())
cliflag.PrintSections(cmd.OutOrStdout(), namedFlagSets, cols)
})
versionCmd := &cobra.Command{
Use: "version",
Short: "Print the version of KubeSphere ks-apiserver",
Run: func(cmd *cobra.Command, args []string) {
cmd.Println(version.Get())
},
}
cmd.AddCommand(versionCmd)
return cmd
}
func Run(s *options.ServerRunOptions, configCh <-chan apiserverconfig.Config, ctx context.Context) error {
ictx, cancelFunc := context.WithCancel(context.TODO())
errCh := make(chan error)
defer close(errCh)
go func() {
if err := run(s, ictx); err != nil {
errCh <- err
}
}()
// The ctx (signals.SetupSignalHandler()) is to control the entire program life cycle,
// The ictx(internal context) is created here to control the life cycle of the ks-apiserver(http server, sharedInformer etc.)
// when config change, stop server and renew context, start new server
for {
select {
case <-ctx.Done():
cancelFunc()
return nil
case cfg := <-configCh:
cancelFunc()
s.Config = &cfg
ictx, cancelFunc = context.WithCancel(context.TODO())
go func() {
if err := run(s, ictx); err != nil {
errCh <- err
}
}()
case err := <-errCh:
cancelFunc()
return err
}
}
}
func run(s *options.ServerRunOptions, ctx context.Context) error {
apiserver, err := s.NewAPIServer(ctx.Done())
if err != nil {
return err
}
err = apiserver.PrepareRun(ctx.Done())
if err != nil {
return err
}
err = apiserver.Run(ctx)
if err == http.ErrServerClosed {
return nil
}
return err
}

40
cmd/kubesphere.go Normal file
View File

@@ -0,0 +1,40 @@
/*
Copyright 2018 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"github.com/spf13/pflag"
"kubesphere.io/kubesphere/pkg/app"
"kubesphere.io/kubesphere/pkg/logs"
"kubesphere.io/kubesphere/pkg/options"
"kubesphere.io/kubesphere/pkg/version"
)
func main() {
options.AddFlags(pflag.CommandLine)
pflag.Parse()
logs.InitLogs()
defer logs.FlushLogs()
version.PrintAndExitIfRequested()
app.Run()
}

14
code-of-conduct.md Normal file
View File

@@ -0,0 +1,14 @@
# KubeSphere Code of Conduct
KubeSphere follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
# Best practice of committing code
Besides following above conduct from CNCF, we also hope every contributor in this project could help us to improve the quality of code, something you should know before checking in any new code:
- As gopher, make sure you already read [the conduct of Go language](https://golang.org/conduct) and [the instruction of writting Go](https://golang.org/doc/effective_go.html).
- Fork the project under your account and make the changes you want there.
- Execute 'go fmt' for every piece of new code.
- Every pulling request(PR) would be better constructed with only one commit, this could help code reviewer to go through your code efficiently, also helpful for every follower of this project to understand what happens in this PR. If you need to make any further code change to address the comments from reviewers, which means some new commits will be generated under this PR, you need to use 'git rebase' to combine those commits together.
- Every PR should only solve one problem or provide one feature, don't put several different fixes into one PR.
- At lease two code reviewers should involve into code reviewing process.
- Please introduce new third-party packages as little as possible to reduce the vendor dependency of this project. For example, don't import a full unit converting package but only use one function from it. For this case, you'd better write that function by yourself.
- more.

532
config/crds/app_v1beta1_application.yaml
View File

@@ -1,532 +0,0 @@
# Copyright 2020 The Kubernetes Authors.
# SPDX-License-Identifier: Apache-2.0
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/application/pull/2
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: applications.app.k8s.io
spec:
group: app.k8s.io
names:
categories:
- all
kind: Application
listKind: ApplicationList
plural: applications
shortNames:
- app
singular: application
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The type of the application
jsonPath: .spec.descriptor.type
name: Type
type: string
- description: The creation date
jsonPath: .spec.descriptor.version
name: Version
type: string
- description: The application object owns the matched resources
jsonPath: .spec.addOwnerRef
name: Owner
type: boolean
- description: Numbers of components ready
jsonPath: .status.componentsReady
name: Ready
type: string
- description: The creation date
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: Application is the Schema for the applications API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ApplicationSpec defines the specification for an Application.
properties:
addOwnerRef:
description: AddOwnerRef objects - flag to indicate if we need to
add OwnerRefs to matching objects Matching is done by using Selector
to query all ComponentGroupKinds
type: boolean
assemblyPhase:
description: AssemblyPhase represents the current phase of the application's
assembly. An empty value is equivalent to "Succeeded".
type: string
componentKinds:
description: ComponentGroupKinds is a list of Kinds for Application's
components (e.g. Deployments, Pods, Services, CRDs). It can be used
in conjunction with the Application's Selector to list or watch
the Applications components.
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
descriptor:
description: Descriptor regroups information and metadata about an
application.
properties:
description:
description: Description is a brief string description of the
Application.
type: string
icons:
description: Icons is an optional list of icons for an application.
Icon information includes the source, size, and mime type.
items:
description: ImageSpec contains information about an image used
as an icon.
properties:
size:
description: (optional) The size of the image in pixels
(e.g., 25x25).
type: string
src:
description: The source for image represented as either
an absolute URL to the image or a Data URL containing
the image. Data URLs are defined in RFC 2397.
type: string
type:
description: (optional) The mine type of the image (e.g.,
"image/png").
type: string
required:
- src
type: object
type: array
keywords:
description: Keywords is an optional list of key words associated
with the application (e.g. MySQL, RDBMS, database).
items:
type: string
type: array
links:
description: Links are a list of descriptive URLs intended to
be used to surface additional documentation, dashboards, etc.
items:
description: Link contains information about an URL to surface
documentation, dashboards, etc.
properties:
description:
description: Description is human readable content explaining
the purpose of the link.
type: string
url:
description: Url typically points at a website address.
type: string
type: object
type: array
maintainers:
description: Maintainers is an optional list of maintainers of
the application. The maintainers in this list maintain the the
source code, images, and package for the application.
items:
description: ContactData contains information about an individual
or organization.
properties:
email:
description: Email is the email address.
type: string
name:
description: Name is the descriptive name.
type: string
url:
description: Url could typically be a website address.
type: string
type: object
type: array
notes:
description: Notes contain a human readable snippets intended
as a quick start for the users of the Application. CommonMark
markdown syntax may be used for rich text representation.
type: string
owners:
description: Owners is an optional list of the owners of the installed
application. The owners of the application should be contacted
in the event of a planned or unplanned disruption affecting
the application.
items:
description: ContactData contains information about an individual
or organization.
properties:
email:
description: Email is the email address.
type: string
name:
description: Name is the descriptive name.
type: string
url:
description: Url could typically be a website address.
type: string
type: object
type: array
type:
description: Type is the type of the application (e.g. WordPress,
MySQL, Cassandra).
type: string
version:
description: Version is an optional version indicator for the
Application.
type: string
type: object
info:
description: Info contains human readable key,value pairs for the
Application.
items:
description: InfoItem is a human readable key,value pair containing
important information about how to access the Application.
properties:
name:
description: Name is a human readable title for this piece of
information.
type: string
type:
description: Type of the value for this InfoItem.
type: string
value:
description: Value is human readable content.
type: string
valueFrom:
description: ValueFrom defines a reference to derive the value
from another source.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a
valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to
have some well-defined way of referencing a part of
an object. TODO: this design is not final and this
field is subject to change in the future.'
type: string
key:
description: The key to select.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
ingressRef:
description: Select an Ingress.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a
valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to
have some well-defined way of referencing a part of
an object. TODO: this design is not final and this
field is subject to change in the future.'
type: string
host:
description: The optional host to select.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
path:
description: The optional HTTP path.
type: string
protocol:
description: Protocol for the ingress
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
secretKeyRef:
description: Selects a key of a Secret.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a
valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to
have some well-defined way of referencing a part of
an object. TODO: this design is not final and this
field is subject to change in the future.'
type: string
key:
description: The key to select.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
serviceRef:
description: Select a Service.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a
valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to
have some well-defined way of referencing a part of
an object. TODO: this design is not final and this
field is subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
path:
description: The optional HTTP path.
type: string
port:
description: The optional port to select.
format: int32
type: integer
protocol:
description: Protocol for the service
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type:
description: Type of source.
type: string
type: object
type: object
type: array
selector:
description: 'Selector is a label query over kinds that created by
the application. It must match the component objects'' labels. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
type: object
status:
description: ApplicationStatus defines controller's the observed state
of Application
properties:
components:
description: Object status array for all matching objects
items:
description: ObjectStatus is a generic status holder for objects
properties:
group:
description: Object group
type: string
kind:
description: Kind of object
type: string
link:
description: Link to object
type: string
name:
description: Name of object
type: string
status:
description: 'Status. Values: InProgress, Ready, Unknown'
type: string
type: object
type: array
componentsReady:
description: 'ComponentsReady: status of the components in the format
ready/total'
type: string
conditions:
description: Conditions represents the latest state of the object
items:
description: Condition describes the state of an object at a certain
point.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
lastUpdateTime:
description: Last time the condition was probed
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: ObservedGeneration is the most recent generation observed.
It corresponds to the Object's generation, which is updated on mutation
by the API Server.
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

108
config/crds/application.kubesphere.io_helmapplications.yaml
View File

@@ -1,108 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: helmapplications.application.kubesphere.io
spec:
group: application.kubesphere.io
names:
kind: HelmApplication
listKind: HelmApplicationList
plural: helmapplications
shortNames:
- happ
singular: helmapplication
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.name
name: application name
type: string
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: workspace
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: HelmApplication is the Schema for the helmapplications API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HelmApplicationSpec defines the desired state of HelmApplication
properties:
abstraction:
description: info from frontend
type: string
appHome:
type: string
attachments:
description: attachments id
items:
type: string
type: array
description:
description: description from chart's description or frontend
type: string
icon:
description: The attachment id of the icon
type: string
name:
description: the name of the helm application
type: string
required:
- name
type: object
status:
description: HelmApplicationStatus defines the observed state of HelmApplication
properties:
latestVersion:
description: If this application belong to appStore, latestVersion
is the the latest version of the active application version. otherwise
latestVersion is the latest version of all application version
type: string
state:
description: 'the state of the helm application: draft, submitted,
passed, rejected, suspended, active'
type: string
statusTime:
format: date-time
type: string
updateTime:
format: date-time
type: string
required:
- statusTime
- updateTime
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

228
config/crds/application.kubesphere.io_helmapplicationversions.yaml
View File

@@ -1,228 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: helmapplicationversions.application.kubesphere.io
spec:
group: application.kubesphere.io
names:
kind: HelmApplicationVersion
listKind: HelmApplicationVersionList
plural: helmapplicationversions
shortNames:
- happver
singular: helmapplicationversion
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.name
name: application name
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: HelmApplicationVersion is the Schema for the helmapplicationversions
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HelmApplicationVersionSpec defines the desired state of HelmApplicationVersion
properties:
annotations:
additionalProperties:
type: string
description: Annotations are additional mappings uninterpreted by
Helm, made available for inspection by other applications.
type: object
apiVersion:
description: The API Version of this chart.
type: string
appVersion:
description: The version of the application enclosed inside of this
chart.
type: string
condition:
description: The condition to check to enable chart
type: string
created:
description: chart create time
format: date-time
type: string
data:
description: raw data of chart, it will !!!NOT!!! be save to etcd
format: byte
type: string
dataKey:
description: dataKey in the storage
type: string
dependencies:
description: Dependencies are a list of dependencies for a chart.
items:
description: Dependency describes a chart upon which another chart
depends. Dependencies can be used to express developer intent,
or to capture the state of a chart.
properties:
alias:
description: Alias usable alias to be used for the chart
type: string
condition:
description: A yaml path that resolves to a boolean, used for
enabling/disabling charts (e.g. subchart1.enabled )
type: string
enabled:
description: Enabled bool determines if chart should be loaded
type: boolean
name:
description: Name is the name of the dependency. This must mach
the name in the dependency's Chart.yaml.
type: string
repository:
description: The URL to the repository. Appending `index.yaml`
to this string should result in a URL that can be used to
fetch the repository index.
type: string
tags:
description: Tags can be used to group charts for enabling/disabling
together
items:
type: string
type: array
version:
description: Version is the version (range) of this chart. A
lock file will always produce a single version, while a dependency
may contain a semantic version range.
type: string
required:
- name
- repository
type: object
type: array
deprecated:
description: Whether or not this chart is deprecated
type: boolean
description:
description: A one-sentence description of the chart
type: string
digest:
description: chart digest
type: string
home:
description: The URL to a relevant project page, git repo, or contact
person
type: string
icon:
description: The URL to an icon file.
type: string
keywords:
description: A list of string keywords
items:
type: string
type: array
kubeVersion:
description: KubeVersion is a SemVer constraint specifying the version
of Kubernetes required.
type: string
maintainers:
description: A list of name and URL/email address combinations for
the maintainer(s)
items:
description: Maintainer describes a Chart maintainer.
properties:
email:
description: Email is an optional email address to contact the
named maintainer
type: string
name:
description: Name is a user name or organization name
type: string
url:
description: URL is an optional URL to an address for the named
maintainer
type: string
type: object
type: array
name:
description: The name of the chart
type: string
sources:
description: Source is the URL to the source code of this chart
items:
type: string
type: array
tags:
description: The tags to check to enable chart
type: string
type:
description: 'Specifies the chart type: application or library'
type: string
urls:
description: chart url
items:
type: string
type: array
version:
description: A SemVer 2 conformant version string of the chart
type: string
type: object
status:
description: HelmApplicationVersionStatus defines the observed state of
HelmApplicationVersion
properties:
audit:
items:
properties:
message:
description: audit message
type: string
operator:
description: audit operator
type: string
operatorType:
type: string
state:
description: 'audit state: submitted, passed, draft, active,
rejected, suspended'
type: string
time:
description: audit time
format: date-time
type: string
required:
- time
type: object
type: array
state:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

80
config/crds/application.kubesphere.io_helmcategories.yaml
View File

@@ -1,80 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: helmcategories.application.kubesphere.io
spec:
group: application.kubesphere.io
names:
kind: HelmCategory
listKind: HelmCategoryList
plural: helmcategories
shortNames:
- hctg
singular: helmcategory
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.name
name: name
type: string
- jsonPath: .status.total
name: total
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: HelmCategory is the Schema for the helmcategories API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HelmCategorySpec defines the desired state of HelmRepo
properties:
description:
description: info from frontend
type: string
locale:
type: string
name:
description: name of the category
type: string
required:
- name
type: object
status:
properties:
total:
description: total helmapplications belong to this category
type: integer
required:
- total
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

155
config/crds/application.kubesphere.io_helmreleases.yaml
View File

@@ -1,155 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: helmreleases.application.kubesphere.io
spec:
group: application.kubesphere.io
names:
kind: HelmRelease
listKind: HelmReleaseList
plural: helmreleases
shortNames:
- hrls
singular: helmrelease
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.name
name: Release Name
type: string
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
- jsonPath: .metadata.labels.kubesphere\.io/cluster
name: Cluster
type: string
- jsonPath: .metadata.labels.kubesphere\.io/namespace
name: Namespace
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: HelmRelease is the Schema for the helmreleases API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HelmReleaseSpec defines the desired state of HelmRelease
properties:
appId:
description: id of the helmapplication
type: string
appVerId:
description: application version id
type: string
chartAppVer:
description: appVersion from Chart.yaml
type: string
chartName:
description: The name of the chart which will be installed.
type: string
chartVersion:
description: Specify the exact chart version to install. If this is
not specified, the latest version is installed
type: string
description:
description: Message got from frontend
type: string
name:
description: Name of the release
type: string
repoId:
description: id of the repo
type: string
values:
description: helm release values.yaml
format: byte
type: string
version:
description: expected release version, when this version is not equal
status.version, the release need upgrade this filed should be modified
when any filed of the spec modified.
type: integer
required:
- chartName
- chartVersion
- name
- version
type: object
status:
description: HelmReleaseStatus defines the observed state of HelmRelease
properties:
deployStatus:
description: deploy status list of history, which will store at most
10 state
items:
properties:
deployTime:
description: deploy time, upgrade time or check status time
format: date-time
type: string
message:
description: A human readable message indicating details about
why the release is in this state.
type: string
state:
description: current state of the release
type: string
required:
- deployTime
- state
type: object
type: array
lastDeployed:
description: last deploy time or upgrade time
format: date-time
type: string
lastUpdate:
description: last update time
format: date-time
type: string
message:
description: A human readable message indicating details about why
the release is in this state.
type: string
state:
description: current state
type: string
version:
description: current release version
type: integer
required:
- state
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

156
config/crds/application.kubesphere.io_helmrepos.yaml
View File

@@ -1,156 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: helmrepos.application.kubesphere.io
spec:
group: application.kubesphere.io
names:
kind: HelmRepo
listKind: HelmRepoList
plural: helmrepos
shortNames:
- hrepo
singular: helmrepo
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.name
name: name
type: string
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
- jsonPath: .spec.url
name: url
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: HelmRepo is the Schema for the helmrepoes API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HelmRepoSpec defines the desired state of HelmRepo
properties:
credential:
description: helm repo credential
properties:
accessKeyID:
type: string
caFile:
description: verify certificates of HTTPS-enabled servers using
this CA bundle
type: string
certFile:
description: identify HTTPS client using this SSL certificate
file
type: string
insecureSkipTLSVerify:
description: skip tls certificate checks for the repository, default
is ture
type: boolean
keyFile:
description: identify HTTPS client using this SSL key file
type: string
password:
description: chart repository password
type: string
secretAccessKey:
type: string
username:
description: chart repository username
type: string
type: object
description:
description: chart repo description from frontend
type: string
name:
description: name of the repo
type: string
syncPeriod:
description: sync period in seconds, no sync when SyncPeriod=0, the
minimum SyncPeriod is 180s
type: integer
url:
description: helm repo url
type: string
version:
description: expected repo version, when this version is not equal
status.version, the repo need upgrade this filed should be modified
when any filed of the spec modified.
type: integer
required:
- name
- url
type: object
status:
description: HelmRepoStatus defines the observed state of HelmRepo
properties:
data:
description: repo index
type: string
lastUpdateTime:
description: status last update time
format: date-time
type: string
state:
description: current state of the repo, successful, failed or syncing
type: string
syncState:
description: sync state list of history, which will store at most
10 state
items:
properties:
message:
description: A human readable message indicating details about
why the repo is in this state.
type: string
state:
description: 'last sync state, valid state are: "failed", "success",
and ""'
type: string
syncTime:
format: date-time
type: string
required:
- syncTime
type: object
type: array
version:
description: if status.version!=spec.Version, we need sync the repo
now
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

190
config/crds/cluster.kubesphere.io_clusters.yaml
View File

@@ -1,190 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: clusters.cluster.kubesphere.io
spec:
group: cluster.kubesphere.io
names:
kind: Cluster
listKind: ClusterList
plural: clusters
singular: cluster
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.joinFederation
name: Federated
type: boolean
- jsonPath: .spec.provider
name: Provider
type: string
- jsonPath: .spec.enable
name: Active
type: boolean
- jsonPath: .status.kubernetesVersion
name: Version
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Cluster is the schema for the clusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
connection:
description: Connection holds info to connect to the member cluster
properties:
externalKubernetesAPIEndpoint:
description: External Kubernetes API Server endpoint Will be populated
by ks-apiserver if connection type is proxy and ExternalKubeAPIEnabled
is true.
type: string
kubeconfig:
description: KubeConfig content used to connect to cluster api
server Should provide this field explicitly if connection type
is direct. Will be populated by ks-proxy if connection type
is proxy.
format: byte
type: string
kubernetesAPIEndpoint:
description: 'Kubernetes API Server endpoint. Example: https://10.10.0.1:6443
Should provide this field explicitly if connection type is direct.
Will be populated by ks-apiserver if connection type is proxy.'
type: string
kubernetesAPIServerPort:
description: KubeAPIServerPort is the port which listens for forwarding
kube-apiserver traffic Only applicable when connection type
is proxy.
type: integer
kubesphereAPIEndpoint:
description: 'KubeSphere API Server endpoint. Example: http://10.10.0.11:8080
Should provide this field explicitly if connection type is direct.
Will be populated by ks-apiserver if connection type is proxy.'
type: string
kubesphereAPIServerPort:
description: KubeSphereAPIServerPort is the port which listens
for forwarding kubesphere apigateway traffic Only applicable
when connection type is proxy.
type: integer
token:
description: Token used by agents of member cluster to connect
to host cluster proxy. This field is populated by apiserver
only if connection type is proxy.
type: string
type:
description: type defines how host cluster will connect to host
cluster ConnectionTypeDirect means direct connection, this requires kubeconfig
and kubesphere apiserver endpoint provided ConnectionTypeProxy
means using kubesphere proxy, no kubeconfig or kubesphere
apiserver endpoint required
type: string
type: object
enable:
description: Desired state of the cluster
type: boolean
externalKubeAPIEnabled:
description: ExternalKubeAPIEnabled export kubeapiserver to public
use a lb type service if connection type is proxy
type: boolean
joinFederation:
description: Join cluster as a kubefed cluster
type: boolean
provider:
description: Provider of the cluster, this field is just for description
type: string
type: object
status:
properties:
conditions:
description: Represents the latest available observations of a cluster's
current state.
items:
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of the condition
type: string
required:
- status
- type
type: object
type: array
configz:
additionalProperties:
type: boolean
description: Configz is status of components enabled in the member
cluster. This is synchronized with member cluster every amount of
time, like 5 minutes.
type: object
kubeSphereVersion:
description: GitVersion of the /kapis/version api response, this field
is populated by cluster controller
type: string
kubernetesVersion:
description: GitVersion of the kubernetes cluster, this field is populated
by cluster controller
type: string
nodeCount:
description: Count of the kubernetes cluster nodes This field may
not reflect the instant status of the cluster.
type: integer
region:
description: Region is the name of the region in which all of the
nodes in the cluster exist. e.g. 'us-east1'.
type: string
uid:
description: UID is the kube-system namespace UID of the cluster,
which represents the unique ID of the cluster.
type: string
zones:
description: Zones are the names of availability zones in which the
nodes of the cluster exist, e.g. 'us-east1-a'.
items:
type: string
type: array
type: object
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

52
config/crds/devops.kubesphere.io_devopsprojects.yaml
View File

@@ -1,52 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: devopsprojects.devops.kubesphere.io
spec:
group: devops.kubesphere.io
names:
categories:
- devops
kind: DevOpsProject
listKind: DevOpsProjectList
plural: devopsprojects
singular: devopsproject
scope: Cluster
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: DevOpsProject is the Schema for the devopsprojects API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DevOpsProjectSpec defines the desired state of DevOpsProject
type: object
status:
description: DevOpsProjectStatus defines the observed state of DevOpsProject
properties:
adminNamespace:
description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
type: string
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

300
config/crds/devops.kubesphere.io_pipelines.yaml
View File

@@ -1,300 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: pipelines.devops.kubesphere.io
spec:
group: devops.kubesphere.io
names:
kind: Pipeline
listKind: PipelineList
plural: pipelines
singular: pipeline
scope: Namespaced
versions:
- name: v1alpha3
schema:
openAPIV3Schema:
description: Pipeline is the Schema for the pipelines API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PipelineSpec defines the desired state of Pipeline
properties:
multi_branch_pipeline:
properties:
bitbucket_server_source:
properties:
api_uri:
type: string
credential_id:
type: string
discover_branches:
type: integer
discover_pr_from_forks:
properties:
strategy:
type: integer
trust:
type: integer
type: object
discover_pr_from_origin:
type: integer
discover_tags:
type: boolean
git_clone_option:
properties:
depth:
type: integer
shallow:
type: boolean
timeout:
type: integer
type: object
owner:
type: string
regex_filter:
type: string
repo:
type: string
scm_id:
type: string
type: object
description:
type: string
discarder:
properties:
days_to_keep:
type: string
num_to_keep:
type: string
type: object
git_source:
properties:
credential_id:
type: string
discover_branches:
type: boolean
discover_tags:
type: boolean
git_clone_option:
properties:
depth:
type: integer
shallow:
type: boolean
timeout:
type: integer
type: object
regex_filter:
type: string
scm_id:
type: string
url:
type: string
type: object
github_source:
description: GithubSource and BitbucketServerSource have the same structure, but we don't use one due to crd errors
properties:
api_uri:
type: string
credential_id:
type: string
discover_branches:
type: integer
discover_pr_from_forks:
properties:
strategy:
type: integer
trust:
type: integer
type: object
discover_pr_from_origin:
type: integer
discover_tags:
type: boolean
git_clone_option:
properties:
depth:
type: integer
shallow:
type: boolean
timeout:
type: integer
type: object
owner:
type: string
regex_filter:
type: string
repo:
type: string
scm_id:
type: string
type: object
gitlab_source:
properties:
api_uri:
type: string
credential_id:
type: string
discover_branches:
type: integer
discover_pr_from_forks:
properties:
strategy:
type: integer
trust:
type: integer
type: object
discover_pr_from_origin:
type: integer
discover_tags:
type: boolean
git_clone_option:
properties:
depth:
type: integer
shallow:
type: boolean
timeout:
type: integer
type: object
owner:
type: string
regex_filter:
type: string
repo:
type: string
scm_id:
type: string
server_name:
type: string
type: object
multibranch_job_trigger:
properties:
create_action_job_to_trigger:
type: string
delete_action_job_to_trigger:
type: string
type: object
name:
type: string
script_path:
type: string
single_svn_source:
properties:
credential_id:
type: string
remote:
type: string
scm_id:
type: string
type: object
source_type:
type: string
svn_source:
properties:
credential_id:
type: string
excludes:
type: string
includes:
type: string
remote:
type: string
scm_id:
type: string
type: object
timer_trigger:
properties:
cron:
description: user in no scm job
type: string
interval:
description: use in multi-branch job
type: string
type: object
required:
- name
- script_path
- source_type
type: object
pipeline:
properties:
description:
type: string
disable_concurrent:
type: boolean
discarder:
properties:
days_to_keep:
type: string
num_to_keep:
type: string
type: object
jenkinsfile:
type: string
name:
type: string
parameters:
items:
properties:
default_value:
type: string
description:
type: string
name:
type: string
type:
type: string
required:
- name
- type
type: object
type: array
remote_trigger:
properties:
token:
type: string
type: object
timer_trigger:
properties:
cron:
description: user in no scm job
type: string
interval:
description: use in multi-branch job
type: string
type: object
required:
- name
type: object
type:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file'
type: string
required:
- type
type: object
status:
description: PipelineStatus defines the observed state of Pipeline
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

81
config/crds/devops.kubesphere.io_s2ibinaries.yaml
View File

@@ -1,81 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: s2ibinaries.devops.kubesphere.io
spec:
group: devops.kubesphere.io
names:
kind: S2iBinary
listKind: S2iBinaryList
plural: s2ibinaries
singular: s2ibinary
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.fileName
name: FileName
type: string
- jsonPath: .spec.md5
name: MD5
type: string
- jsonPath: .spec.size
name: Size
type: string
- jsonPath: .status.phase
name: Phase
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: S2iBinary is the Schema for the s2ibinaries API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iBinarySpec defines the desired state of S2iBinary
properties:
downloadURL:
description: DownloadURL in KubeSphere
type: string
fileName:
description: FileName is filename of binary
type: string
md5:
description: MD5 is Binary's MD5 Hash
type: string
size:
description: Size is the file size of file
type: string
uploadTimeStamp:
description: UploadTime is last upload time
format: date-time
type: string
type: object
status:
description: S2iBinaryStatus defines the observed state of S2iBinary
properties:
phase:
description: Phase is status of S2iBinary . Possible value is "Ready","UnableToDownload"
type: string
type: object
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

475
config/crds/devops.kubesphere.io_s2ibuilders.yaml
View File

@@ -1,475 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: s2ibuilders.devops.kubesphere.io
spec:
group: devops.kubesphere.io
names:
kind: S2iBuilder
listKind: S2iBuilderList
plural: s2ibuilders
shortNames:
- s2ib
singular: s2ibuilder
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.runCount
name: RunCount
type: integer
- jsonPath: .status.lastRunState
name: LastRunState
type: string
- jsonPath: .status.lastRunName
name: LastRunName
type: string
- jsonPath: .status.lastRunStartTime
name: LastRunStartTime
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: S2iBuilder is the Schema for the s2ibuilders API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iBuilderSpec defines the desired state of S2iBuilder
properties:
config:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file'
properties:
addHost:
description: AddHost Add a line to /etc/hosts for test purpose or private use in LAN. Its format is host:IP,multiple hosts can be added by using multiple --add-host
items:
type: string
type: array
asDockerfile:
description: AsDockerfile indicates the path where the Dockerfile should be written instead of building a new image.
type: string
assembleUser:
description: AssembleUser specifies the user to run the assemble script in container
type: string
blockOnBuild:
description: BlockOnBuild prevents s2i from performing a docker build operation if one is necessary to execute ONBUILD commands, or to layer source code into the container for images that don't have a tar binary available, if the image contains ONBUILD commands that would be executed.
type: boolean
branchExpression:
description: Regular expressions, ignoring names that do not match the provided regular expression
type: string
buildVolumes:
description: BuildVolumes specifies a list of volumes to mount to container running the build.
items:
type: string
type: array
builderBaseImageVersion:
description: BuilderBaseImageVersion provides optional version information about the builder base image.
type: string
builderImage:
description: BuilderImage describes which image is used for building the result images.
type: string
builderImageVersion:
description: BuilderImageVersion provides optional version information about the builder image.
type: string
builderPullPolicy:
description: BuilderPullPolicy specifies when to pull the builder image
type: string
callbackUrl:
description: CallbackURL is a URL which is called upon successful build to inform about that fact.
type: string
cgroupLimits:
description: CGroupLimits describes the cgroups limits that will be applied to any containers run by s2i.
properties:
cpuPeriod:
format: int64
type: integer
cpuQuota:
format: int64
type: integer
cpuShares:
format: int64
type: integer
memoryLimitBytes:
format: int64
type: integer
memorySwap:
format: int64
type: integer
parent:
type: string
required:
- cpuPeriod
- cpuQuota
- cpuShares
- memoryLimitBytes
- memorySwap
- parent
type: object
contextDir:
description: Specify a relative directory inside the application repository that should be used as a root directory for the application.
type: string
description:
description: Description is a result image description label. The default is no description.
type: string
destination:
description: Destination specifies a location where the untar operation will place its artifacts.
type: string
displayName:
description: DisplayName is a result image display-name label. This defaults to the output image name.
type: string
dockerConfig:
description: DockerConfig describes how to access host docker daemon.
properties:
caFile:
description: CAFile is the certificate authority file path for a TLS connection
type: string
certFile:
description: CertFile is the certificate file path for a TLS connection
type: string
endPoint:
description: Endpoint is the docker network endpoint or socket
type: string
keyFile:
description: KeyFile is the key file path for a TLS connection
type: string
tlsVerify:
description: TLSVerify indicates if TLS peer must be verified
type: boolean
useTLS:
description: UseTLS indicates if TLS must be used
type: boolean
required:
- caFile
- certFile
- endPoint
- keyFile
- tlsVerify
- useTLS
type: object
dockerNetworkMode:
description: DockerNetworkMode is used to set the docker network setting to --net=container:<id> when the builder is invoked from a container.
type: string
dropCapabilities:
description: DropCapabilities contains a list of capabilities to drop when executing containers
items:
type: string
type: array
environment:
description: Environment is a map of environment variables to be passed to the image.
items:
description: EnvironmentSpec specifies a single environment variable.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
excludeRegExp:
description: ExcludeRegExp contains a string representation of the regular expression desired for deciding which files to exclude from the tar stream
type: string
export:
description: Export Push the result image to specify image registry in tag
type: boolean
gitSecretRef:
description: GitSecretRef is the BasicAuth Secret of Git Clone
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
hasOnBuild:
description: HasOnBuild will be set to true if the builder image contains ONBUILD instructions
type: boolean
imageName:
description: ImageName Contains the registry address and reponame, tag should set by field tag alone
type: string
imageScriptsUrl:
description: ImageScriptsURL is the default location to find the assemble/run scripts for a builder image. This url can be a reference within the builder image if the scheme is specified as image://
type: string
imageWorkDir:
description: ImageWorkDir is the default working directory for the builder image.
type: string
incremental:
description: Incremental describes whether to try to perform incremental build.
type: boolean
incrementalAuthentication:
description: IncrementalAuthentication holds the authentication information for pulling the previous image from private repositories
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
incrementalFromTag:
description: IncrementalFromTag sets an alternative image tag to look for existing artifacts. Tag is used by default if this is not set.
type: string
injections:
description: Injections specifies a list source/destination folders that are injected to the container that runs assemble. All files we inject will be truncated after the assemble script finishes.
items:
description: VolumeSpec represents a single volume mount point.
properties:
destination:
description: Destination is the path to mount the volume to - absolute or relative.
type: string
keep:
description: Keep indicates if the mounted data should be kept in the final image.
type: boolean
source:
description: Source is a reference to the volume source.
type: string
type: object
type: array
isBinaryURL:
description: IsBinaryURL explain the type of SourceURL. If it is IsBinaryURL, it will download the file directly without using git.
type: boolean
keepSymlinks:
description: KeepSymlinks indicates to copy symlinks as symlinks. Default behavior is to follow symlinks and copy files by content.
type: boolean
labelNamespace:
description: LabelNamespace provides the namespace under which the labels will be generated.
type: string
labels:
additionalProperties:
type: string
description: Labels specify labels and their values to be applied to the resulting image. Label keys must have non-zero length. The labels defined here override generated labels in case they have the same name.
type: object
layeredBuild:
description: LayeredBuild describes if this is build which layered scripts and sources on top of BuilderImage.
type: boolean
nodeAffinityKey:
description: The key of Node Affinity.
type: string
nodeAffinityValues:
description: The values of Node Affinity.
items:
type: string
type: array
outputBuildResult:
description: Whether output build result to status.
type: boolean
outputImageName:
description: OutputImageName is a result image name without tag, default is latest. tag will append to ImageName in the end
type: string
preserveWorkingDir:
description: PreserveWorkingDir describes if working directory should be left after processing.
type: boolean
previousImagePullPolicy:
description: PreviousImagePullPolicy specifies when to pull the previously build image when doing incremental build
type: string
pullAuthentication:
description: PullAuthentication holds the authentication information for pulling the Docker images from private repositories
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
pushAuthentication:
description: PullAuthentication holds the authentication information for pulling the Docker images from private repositories
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
removePreviousImage:
description: RemovePreviousImage describes if previous image should be removed after successful build. This applies only to incremental builds.
type: boolean
revisionId:
description: The RevisionId is a branch name or a SHA-1 hash of every important thing about the commit
type: string
runImage:
description: RunImage will trigger a "docker run ..." invocation of the produced image so the user can see if it operates as he would expect
type: boolean
runtimeArtifacts:
description: RuntimeArtifacts specifies a list of source/destination pairs that will be copied from builder to a runtime image. Source can be a file or directory. Destination must be a directory. Regardless whether it is an absolute or relative path, it will be placed into image's WORKDIR. Destination also can be empty or equals to ".", in this case it just refers to a root of WORKDIR. In case it's empty, S2I will try to get this list from io.openshift.s2i.assemble-input-files label on a RuntimeImage.
items:
description: VolumeSpec represents a single volume mount point.
properties:
destination:
description: Destination is the path to mount the volume to - absolute or relative.
type: string
keep:
description: Keep indicates if the mounted data should be kept in the final image.
type: boolean
source:
description: Source is a reference to the volume source.
type: string
type: object
type: array
runtimeAuthentication:
description: RuntimeAuthentication holds the authentication information for pulling the runtime Docker images from private repositories.
properties:
email:
type: string
password:
type: string
secretRef:
description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
serverAddress:
type: string
username:
type: string
type: object
runtimeImage:
description: RuntimeImage specifies the image that will be a base for resulting image and will be used for running an application. By default, BuilderImage is used for building and running, but the latter may be overridden.
type: string
runtimeImagePullPolicy:
description: RuntimeImagePullPolicy specifies when to pull a runtime image.
type: string
scriptDownloadProxyConfig:
description: ScriptDownloadProxyConfig optionally specifies the http and https proxy to use when downloading scripts
properties:
httpProxy:
type: string
httpsProxy:
type: string
type: object
scriptsUrl:
description: ScriptsURL is a URL describing where to fetch the S2I scripts from during build process. This url can be a reference within the builder image if the scheme is specified as image://
type: string
secretCode:
description: SecretCode
type: string
securityOpt:
description: SecurityOpt are passed as options to the docker containers launched by s2i.
items:
type: string
type: array
sourceUrl:
description: SourceURL is url of the codes such as https://github.com/a/b.git
type: string
tag:
description: Tag is a result image tag name.
type: string
taintKey:
description: The name of taint.
type: string
usage:
description: Usage allows for properly shortcircuiting s2i logic when `s2i usage` is invoked
type: boolean
workingDir:
description: WorkingDir describes temporary directory used for downloading sources, scripts and tar operations.
type: string
workingSourceDir:
description: WorkingSourceDir describes the subdirectory off of WorkingDir set up during the repo download that is later used as the root for ignore processing
type: string
required:
- imageName
- sourceUrl
type: object
fromTemplate:
description: FromTemplate define some inputs from user
properties:
builderImage:
description: BaseImage specify which version of this template to use
type: string
name:
description: Name specify a template to use, so many fields in Config can left empty
type: string
parameters:
description: Parameters must use with `template`, fill some parameters which template will use
items:
properties:
defaultValue:
type: string
description:
type: string
key:
type: string
optValues:
items:
type: string
type: array
required:
type: boolean
type:
type: string
value:
type: string
type: object
type: array
type: object
type: object
status:
description: S2iBuilderStatus defines the observed state of S2iBuilder
properties:
lastRunName:
description: LastRunState return the name of the newest run of this builder
type: string
lastRunStartTime:
description: LastRunStartTime return the startTime of the newest run of this builder
format: date-time
type: string
lastRunState:
description: LastRunState return the state of the newest run of this builder
type: string
runCount:
description: RunCount represent the sum of s2irun of this builder
type: integer
required:
- runCount
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

130
config/crds/devops.kubesphere.io_s2ibuildertemplates.yaml
View File

@@ -1,130 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: s2ibuildertemplates.devops.kubesphere.io
spec:
group: devops.kubesphere.io
names:
categories:
- devops
kind: S2iBuilderTemplate
listKind: S2iBuilderTemplateList
plural: s2ibuildertemplates
shortNames:
- s2ibt
singular: s2ibuildertemplate
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.codeFramework
name: Framework
type: string
- jsonPath: .spec.defaultBaseImage
name: DefaultBaseImage
type: string
- jsonPath: .spec.version
name: Version
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: S2iBuilderTemplate is the Schema for the s2ibuildertemplates API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iBuilderTemplateSpec defines the desired state of S2iBuilderTemplate
properties:
codeFramework:
description: CodeFramework means which language this template is designed for and which framework is using if has framework. Like Java, NodeJS etc
type: string
containerInfo:
description: Images are the images this template will use.
items:
properties:
buildVolumes:
description: BuildVolumes specifies a list of volumes to mount to container running the build.
items:
type: string
type: array
builderImage:
description: BaseImage are the images this template will use.
type: string
runtimeArtifacts:
items:
description: VolumeSpec represents a single volume mount point.
properties:
destination:
description: Destination is the path to mount the volume to - absolute or relative.
type: string
keep:
description: Keep indicates if the mounted data should be kept in the final image.
type: boolean
source:
description: Source is a reference to the volume source.
type: string
type: object
type: array
runtimeImage:
type: string
type: object
type: array
defaultBaseImage:
description: DefaultBaseImage is the image that will be used by default
type: string
description:
description: Description illustrate the purpose of this template
type: string
environment:
description: Parameters is a set of environment variables to be passed to the image.
items:
properties:
defaultValue:
type: string
description:
type: string
key:
type: string
optValues:
items:
type: string
type: array
required:
type: boolean
type:
type: string
value:
type: string
type: object
type: array
iconPath:
description: IconPath is used for frontend display
type: string
version:
description: Version of template
type: string
type: object
status:
description: S2iBuilderTemplateStatus defines the observed state of S2iBuilderTemplate
type: object
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

164
config/crds/devops.kubesphere.io_s2iruns.yaml
View File

@@ -1,164 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: s2iruns.devops.kubesphere.io
spec:
group: devops.kubesphere.io
names:
kind: S2iRun
listKind: S2iRunList
plural: s2iruns
shortNames:
- s2ir
singular: s2irun
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.runState
name: State
type: string
- jsonPath: .status.kubernetesJobName
name: K8sJobName
type: string
- jsonPath: .status.startTime
name: StartTime
type: date
- jsonPath: .status.completionTime
name: CompletionTime
type: date
- jsonPath: .status.s2iBuildResult.imageName
name: ImageName
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: S2iRun is the Schema for the s2iruns API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: S2iRunSpec defines the desired state of S2iRun
properties:
backoffLimit:
description: BackoffLimit limits the restart count of each s2irun. Default is 0
format: int32
type: integer
builderName:
description: BuilderName specify the name of s2ibuilder, required
type: string
newRevisionId:
description: NewRevisionId override the default NewRevisionId in its s2ibuilder.
type: string
newSourceURL:
description: NewSourceURL is used to download new binary artifacts
type: string
newTag:
description: NewTag override the default tag in its s2ibuilder, image name cannot be changed.
type: string
secondsAfterFinished:
description: SecondsAfterFinished if is set and greater than zero, and the job created by s2irun become successful or failed , the job will be auto deleted after SecondsAfterFinished
format: int32
type: integer
required:
- builderName
type: object
status:
description: S2iRunStatus defines the observed state of S2iRun
properties:
completionTime:
description: Represents time when the job was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
kubernetesJobName:
description: KubernetesJobName is the job name in k8s
type: string
logURL:
description: LogURL is uesd for external log handler to let user know where is log located in
type: string
runState:
description: RunState indicates whether this job is done or failed
type: string
s2iBuildResult:
description: S2i build result info.
properties:
commandPull:
description: Command for pull image.
type: string
imageCreated:
description: Image created time.
type: string
imageID:
description: Image ID.
type: string
imageName:
description: ImageName is the name of artifact
type: string
imageRepoTags:
description: image tags.
items:
type: string
type: array
imageSize:
description: The size in bytes of the image
format: int64
type: integer
type: object
s2iBuildSource:
description: S2i build source info.
properties:
binaryName:
description: Binary file Name
type: string
binarySize:
description: Binary file Size
format: int64
type: integer
builderImage:
description: // BuilderImage describes which image is used for building the result images.
type: string
commitID:
description: CommitID represents an arbitrary extended object reference in Git as SHA-1
type: string
committerEmail:
description: CommitterEmail contains the e-mail of the committer
type: string
committerName:
description: CommitterName contains the name of the committer
type: string
description:
description: Description is a result image description label. The default is no description.
type: string
revisionId:
description: The RevisionId is a branch name or a SHA-1 hash of every important thing about the commit
type: string
sourceUrl:
description: SourceURL is url of the codes such as https://github.com/a/b.git
type: string
type: object
startTime:
description: StartTime represent when this run began
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

122
config/crds/gateway.kubesphere.io_gateways.yaml
View File

@@ -1,122 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: gateways.gateway.kubesphere.io
spec:
group: gateway.kubesphere.io
names:
kind: Gateway
listKind: GatewayList
plural: gateways
singular: gateway
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Gateway is the Schema for the gateways API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: GatewaySpec defines the desired state of Gateway
properties:
controller:
properties:
annotations:
additionalProperties:
type: string
type: object
config:
additionalProperties:
type: string
type: object
replicas:
format: int32
type: integer
scope:
properties:
enabled:
type: boolean
namespace:
type: string
type: object
type: object
deployment:
properties:
annotations:
additionalProperties:
type: string
type: object
replicas:
format: int32
type: integer
resources:
description: ResourceRequirements describes the compute resource
requirements.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
type: object
service:
properties:
annotations:
additionalProperties:
type: string
type: object
type:
description: Service Type string describes ingress methods for
a service
type: string
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

44
config/crds/gateway.kubesphere.io_nginxes.yaml
View File

@@ -1,44 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: nginxes.gateway.kubesphere.io
spec:
group: gateway.kubesphere.io
names:
kind: Nginx
listKind: NginxList
plural: nginxes
singular: nginx
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Nginx is the Schema for the nginxes API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the desired state of Nginx
type: object
x-kubernetes-preserve-unknown-fields: true
status:
description: Status defines the observed state of Nginx
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
subresources:
status: {}

128
config/crds/iam.kubesphere.io_federatedrolebindings.yaml
View File

@@ -1,128 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: federatedrolebindings.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
kind: FederatedRoleBinding
listKind: FederatedRoleBindingList
plural: federatedrolebindings
singular: federatedrolebinding
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
placement:
properties:
clusterSelector:
properties:
matchLabels:
additionalProperties:
type: string
type: object
type: object
clusters:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
type: object
template:
properties:
metadata:
type: object
roleRef:
description: RoleRef contains information that points to the role
being used
properties:
apiGroup:
description: APIGroup is the group for the resource being
referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
subjects:
items:
description: Subject contains a reference to the object or user
identities a role binding applies to. This can either hold
a direct API object reference, or a value for non-objects
such as user and group names.
properties:
apiGroup:
description: APIGroup holds the API group of the referenced
subject. Defaults to "" for ServiceAccount subjects. Defaults
to "rbac.authorization.k8s.io" for User and Group subjects.
type: string
kind:
description: Kind of object being referenced. Values defined
by this API group are "User", "Group", and "ServiceAccount".
If the Authorizer does not recognized the kind value,
the Authorizer should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: Namespace of the referenced object. If the
object kind is non-namespace, such as "User" or "Group",
and this value is not empty the Authorizer should report
an error.
type: string
required:
- kind
- name
type: object
type: array
required:
- roleRef
type: object
required:
- placement
- template
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

125
config/crds/iam.kubesphere.io_federatedroles.yaml
View File

@@ -1,125 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: federatedroles.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
kind: FederatedRole
listKind: FederatedRoleList
plural: federatedroles
singular: federatedrole
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
placement:
properties:
clusterSelector:
properties:
matchLabels:
additionalProperties:
type: string
type: object
type: object
clusters:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
type: object
template:
properties:
metadata:
type: object
rules:
items:
description: PolicyRule holds information that describes a policy
rule, but does not contain information about who the rule
applies to or which namespace the rule applies to.
properties:
apiGroups:
description: APIGroups is the name of the APIGroup that
contains the resources. If multiple API groups are specified,
any action requested against one of the enumerated resources
in any API group will be allowed.
items:
type: string
type: array
nonResourceURLs:
description: NonResourceURLs is a set of partial urls that
a user should have access to. *s are allowed, but only
as the full, final step in the path Since non-resource
URLs are not namespaced, this field is only applicable
for ClusterRoles referenced from a ClusterRoleBinding.
Rules can either apply to API resources (such as "pods"
or "secrets") or non-resource URL paths (such as "/api"), but
not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of
names that the rule applies to. An empty set means that
everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule
applies to. ResourceAll represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL
the ResourceKinds and AttributeRestrictions contained
in this rule. VerbAll represents all kinds.
items:
type: string
type: array
required:
- verbs
type: object
type: array
type: object
required:
- placement
- template
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

139
config/crds/iam.kubesphere.io_federatedusers.yaml
View File

@@ -1,139 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: federatedusers.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
kind: FederatedUser
listKind: FederatedUserList
plural: federatedusers
singular: federateduser
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
placement:
properties:
clusterSelector:
properties:
matchLabels:
additionalProperties:
type: string
type: object
type: object
clusters:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
type: object
template:
properties:
metadata:
type: object
spec:
description: UserSpec defines the desired state of User
properties:
description:
description: Description of the user.
type: string
displayName:
type: string
email:
description: Unique email address(https://www.ietf.org/rfc/rfc5322.txt).
type: string
groups:
items:
type: string
type: array
lang:
description: The preferred written or spoken language for
the user.
type: string
password:
description: 'password will be encrypted by mutating admission
webhook Password pattern is tricky here. The rule is simple:
length between [6,64], at least one uppercase letter, one
lowercase letter, one digit. The regexp in console(javascript)
is quite straightforward: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[^]{6,64}$
But in Go, we don''t have ?= (back tracking) capability
in regexp (also in CRD validation pattern) So we adopted
an alternative scheme to achieve. Use 6 different regexp
to combine to achieve the same effect. These six schemes
enumerate the arrangement of numbers, uppercase letters,
and lowercase letters that appear for the first time. -
^(.*[a-z].*[A-Z].*[0-9].*)$ stands for lowercase letter
comes first, then followed by an uppercase letter, then
a digit. - ^(.*[a-z].*[0-9].*[A-Z].*)$ stands for lowercase
letter comes first, then followed by a digit, then an uppercase
leeter. - ^(.*[A-Z].*[a-z].*[0-9].*)$ ... - ^(.*[A-Z].*[0-9].*[a-z].*)$
... - ^(.*[0-9].*[a-z].*[A-Z].*)$ ... - ^(.*[0-9].*[A-Z].*[a-z].*)$
... Last but not least, the bcrypt string is also included
to match the encrypted password. ^(\$2[ayb]\$.{56})$'
maxLength: 64
minLength: 6
pattern: ^(.*[a-z].*[A-Z].*[0-9].*)$|^(.*[a-z].*[0-9].*[A-Z].*)$|^(.*[A-Z].*[a-z].*[0-9].*)$|^(.*[A-Z].*[0-9].*[a-z].*)$|^(.*[0-9].*[a-z].*[A-Z].*)$|^(.*[0-9].*[A-Z].*[a-z].*)$|^(\$2[ayb]\$.{56})$
type: string
required:
- email
type: object
status:
description: UserStatus defines the observed state of User
properties:
lastLoginTime:
description: Last login attempt timestamp
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
reason:
type: string
state:
description: The user status
type: string
type: object
required:
- spec
type: object
required:
- placement
- template
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

98
config/crds/iam.kubesphere.io_globalrolebindings.yaml
View File

@@ -1,98 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: globalrolebindings.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: GlobalRoleBinding
listKind: GlobalRoleBindingList
plural: globalrolebindings
singular: globalrolebinding
scope: Cluster
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: GlobalRoleBinding is the Schema for the globalrolebindings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
roleRef:
description: RoleRef can only reference a GlobalRole. If the RoleRef cannot
be resolved, the Authorizer must return an error.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
subjects:
description: Subjects holds references to the objects the role applies
to.
items:
description: Subject contains a reference to the object or user identities
a role binding applies to. This can either hold a direct API object
reference, or a value for non-objects such as user and group names.
properties:
apiGroup:
description: APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
for User and Group subjects.
type: string
kind:
description: Kind of object being referenced. Values defined by
this API group are "User", "Group", and "ServiceAccount". If the
Authorizer does not recognized the kind value, the Authorizer
should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: Namespace of the referenced object. If the object
kind is non-namespace, such as "User" or "Group", and this value
is not empty the Authorizer should report an error.
type: string
required:
- kind
- name
type: object
type: array
required:
- roleRef
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

94
config/crds/iam.kubesphere.io_globalroles.yaml
View File

@@ -1,94 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: globalroles.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: GlobalRole
listKind: GlobalRoleList
plural: globalroles
singular: globalrole
scope: Cluster
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
rules:
description: Rules holds all the PolicyRules for this GlobalRole
items:
description: PolicyRule holds information that describes a policy rule,
but does not contain information about who the rule applies to or
which namespace the rule applies to.
properties:
apiGroups:
description: APIGroups is the name of the APIGroup that contains
the resources. If multiple API groups are specified, any action
requested against one of the enumerated resources in any API group
will be allowed.
items:
type: string
type: array
nonResourceURLs:
description: NonResourceURLs is a set of partial urls that a user
should have access to. *s are allowed, but only as the full,
final step in the path Since non-resource URLs are not namespaced,
this field is only applicable for ClusterRoles referenced from
a ClusterRoleBinding. Rules can either apply to API resources
(such as "pods" or "secrets") or non-resource URL paths (such
as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names that
the rule applies to. An empty set means that everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies
to. ResourceAll represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
and AttributeRestrictions contained in this rule. VerbAll represents
all kinds.
items:
type: string
type: array
required:
- verbs
type: object
type: array
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

68
config/crds/iam.kubesphere.io_groupbindings.yaml
View File

@@ -1,68 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: groupbindings.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- group
kind: GroupBinding
listKind: GroupBindingList
plural: groupbindings
singular: groupbinding
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .groupRef.name
name: Group
type: string
- jsonPath: .users
name: Users
type: string
name: v1alpha2
schema:
openAPIV3Schema:
description: GroupBinding is the Schema for the groupbindings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
groupRef:
description: GroupRef defines the desired relation of GroupBinding
properties:
apiGroup:
type: string
kind:
type: string
name:
type: string
type: object
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
users:
items:
type: string
type: array
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

57
config/crds/iam.kubesphere.io_groups.yaml
View File

@@ -1,57 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: groups.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- group
kind: Group
listKind: GroupList
plural: groups
singular: group
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
name: v1alpha2
schema:
openAPIV3Schema:
description: Group is the Schema for the groups API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: GroupSpec defines the desired state of Group
type: object
status:
description: GroupStatus defines the observed state of Group
type: object
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

94
config/crds/iam.kubesphere.io_loginrecords.yaml
View File

@@ -1,94 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: loginrecords.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: LoginRecord
listKind: LoginRecordList
plural: loginrecords
singular: loginrecord
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.type
name: Type
type: string
- jsonPath: .spec.provider
name: Provider
type: string
- jsonPath: .spec.sourceIP
name: From
type: string
- jsonPath: .spec.success
name: Success
type: string
- jsonPath: .spec.reason
name: Reason
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
provider:
description: Provider of authentication, Ldap/Github etc.
type: string
reason:
description: States failed login attempt reason
type: string
sourceIP:
description: Source IP of client
type: string
success:
description: Successful login attempt or not
type: boolean
type:
description: Which authentication method used, BasicAuth/OAuth
type: string
userAgent:
description: User agent of login attempt
type: string
required:
- provider
- reason
- sourceIP
- success
- type
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

51
config/crds/iam.kubesphere.io_rolebases.yaml
View File

@@ -1,51 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: rolebases.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: RoleBase
listKind: RoleBaseList
plural: rolebases
singular: rolebase
scope: Cluster
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
role:
type: object
x-kubernetes-embedded-resource: true
x-kubernetes-preserve-unknown-fields: true
required:
- role
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

115
config/crds/iam.kubesphere.io_users.yaml
View File

@@ -1,115 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: users.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: User
listKind: UserList
plural: users
singular: user
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.email
name: Email
type: string
- jsonPath: .status.state
name: Status
type: string
name: v1alpha2
schema:
openAPIV3Schema:
description: User is the Schema for the users API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: UserSpec defines the desired state of User
properties:
description:
description: Description of the user.
type: string
displayName:
type: string
email:
description: Unique email address(https://www.ietf.org/rfc/rfc5322.txt).
type: string
groups:
items:
type: string
type: array
lang:
description: The preferred written or spoken language for the user.
type: string
password:
description: 'password will be encrypted by mutating admission webhook
Password pattern is tricky here. The rule is simple: length between
[6,64], at least one uppercase letter, one lowercase letter, one
digit. The regexp in console(javascript) is quite straightforward:
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[^]{6,64}$ But in Go, we don''t have
?= (back tracking) capability in regexp (also in CRD validation
pattern) So we adopted an alternative scheme to achieve. Use 6 different
regexp to combine to achieve the same effect. These six schemes
enumerate the arrangement of numbers, uppercase letters, and lowercase
letters that appear for the first time. - ^(.*[a-z].*[A-Z].*[0-9].*)$
stands for lowercase letter comes first, then followed by an uppercase
letter, then a digit. - ^(.*[a-z].*[0-9].*[A-Z].*)$ stands for lowercase
letter comes first, then followed by a digit, then an uppercase
leeter. - ^(.*[A-Z].*[a-z].*[0-9].*)$ ... - ^(.*[A-Z].*[0-9].*[a-z].*)$
... - ^(.*[0-9].*[a-z].*[A-Z].*)$ ... - ^(.*[0-9].*[A-Z].*[a-z].*)$
... Last but not least, the bcrypt string is also included to match
the encrypted password. ^(\$2[ayb]\$.{56})$'
maxLength: 64
minLength: 6
pattern: ^(.*[a-z].*[A-Z].*[0-9].*)$|^(.*[a-z].*[0-9].*[A-Z].*)$|^(.*[A-Z].*[a-z].*[0-9].*)$|^(.*[A-Z].*[0-9].*[a-z].*)$|^(.*[0-9].*[a-z].*[A-Z].*)$|^(.*[0-9].*[A-Z].*[a-z].*)$|^(\$2[ayb]\$.{56})$
type: string
required:
- email
type: object
status:
description: UserStatus defines the observed state of User
properties:
lastLoginTime:
description: Last login attempt timestamp
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
reason:
type: string
state:
description: The user status
type: string
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

104
config/crds/iam.kubesphere.io_workspacerolebindings.yaml
View File

@@ -1,104 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: workspacerolebindings.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: WorkspaceRoleBinding
listKind: WorkspaceRoleBindingList
plural: workspacerolebindings
singular: workspacerolebinding
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
name: v1alpha2
schema:
openAPIV3Schema:
description: WorkspaceRoleBinding is the Schema for the workspacerolebindings
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
roleRef:
description: RoleRef can only reference a WorkspaceRole. If the RoleRef
cannot be resolved, the Authorizer must return an error.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
subjects:
description: Subjects holds references to the objects the role applies
to.
items:
description: Subject contains a reference to the object or user identities
a role binding applies to. This can either hold a direct API object
reference, or a value for non-objects such as user and group names.
properties:
apiGroup:
description: APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
for User and Group subjects.
type: string
kind:
description: Kind of object being referenced. Values defined by
this API group are "User", "Group", and "ServiceAccount". If the
Authorizer does not recognized the kind value, the Authorizer
should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: Namespace of the referenced object. If the object
kind is non-namespace, such as "User" or "Group", and this value
is not empty the Authorizer should report an error.
type: string
required:
- kind
- name
type: object
type: array
required:
- roleRef
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

102
config/crds/iam.kubesphere.io_workspaceroles.yaml
View File

@@ -1,102 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: workspaceroles.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: WorkspaceRole
listKind: WorkspaceRoleList
plural: workspaceroles
singular: workspacerole
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
- jsonPath: .metadata.annotations.kubesphere\.io/alias-name
name: Alias
type: string
name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
rules:
description: Rules holds all the PolicyRules for this WorkspaceRole
items:
description: PolicyRule holds information that describes a policy rule,
but does not contain information about who the rule applies to or
which namespace the rule applies to.
properties:
apiGroups:
description: APIGroups is the name of the APIGroup that contains
the resources. If multiple API groups are specified, any action
requested against one of the enumerated resources in any API group
will be allowed.
items:
type: string
type: array
nonResourceURLs:
description: NonResourceURLs is a set of partial urls that a user
should have access to. *s are allowed, but only as the full,
final step in the path Since non-resource URLs are not namespaced,
this field is only applicable for ClusterRoles referenced from
a ClusterRoleBinding. Rules can either apply to API resources
(such as "pods" or "secrets") or non-resource URL paths (such
as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names that
the rule applies to. An empty set means that everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies
to. ResourceAll represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
and AttributeRestrictions contained in this rule. VerbAll represents
all kinds.
items:
type: string
type: array
required:
- verbs
type: object
type: array
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

80
config/crds/network.kubesphere.io_ipamblocks.yaml
View File

@@ -1,80 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: ipamblocks.network.kubesphere.io
spec:
group: network.kubesphere.io
names:
kind: IPAMBlock
listKind: IPAMBlockList
plural: ipamblocks
singular: ipamblock
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of the IPAMBlock.
properties:
allocations:
items:
type: integer
type: array
attributes:
items:
properties:
handle_id:
type: string
secondary:
additionalProperties:
type: string
type: object
type: object
type: array
cidr:
type: string
deleted:
type: boolean
id:
format: int32
type: integer
unallocated:
items:
type: integer
type: array
required:
- allocations
- attributes
- cidr
- deleted
- id
- unallocated
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

59
config/crds/network.kubesphere.io_ipamhandles.yaml
View File

@@ -1,59 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: ipamhandles.network.kubesphere.io
spec:
group: network.kubesphere.io
names:
kind: IPAMHandle
listKind: IPAMHandleList
plural: ipamhandles
singular: ipamhandle
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of the IPAMHandle.
properties:
block:
additionalProperties:
type: integer
type: object
deleted:
type: boolean
handleID:
type: string
required:
- block
- deleted
- handleID
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

136
config/crds/network.kubesphere.io_ippools.yaml
View File

@@ -1,136 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: ippools.network.kubesphere.io
spec:
group: network.kubesphere.io
names:
kind: IPPool
listKind: IPPoolList
plural: ippools
singular: ippool
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
blockSize:
description: The block size to use for IP address assignments from
this pool. Defaults to 26 for IPv4 and 112 for IPv6.
type: integer
cidr:
description: The pool CIDR.
type: string
disabled:
description: When disabled is true, IPAM will not assign addresses
from this pool.
type: boolean
dns:
description: DNS contains values interesting for DNS resolvers
properties:
domain:
type: string
nameservers:
items:
type: string
type: array
options:
items:
type: string
type: array
search:
items:
type: string
type: array
type: object
gateway:
type: string
rangeEnd:
description: The last ip, inclusive
type: string
rangeStart:
description: The first ip, inclusive
type: string
routes:
items:
properties:
dst:
type: string
gateway:
type: string
type: object
type: array
type:
type: string
vlanConfig:
properties:
master:
type: string
vlanId:
format: int32
type: integer
required:
- master
- vlanId
type: object
required:
- cidr
- type
type: object
status:
properties:
allocations:
type: integer
capacity:
type: integer
reserved:
type: integer
synced:
type: boolean
unallocated:
type: integer
workspaces:
additionalProperties:
properties:
allocations:
type: integer
required:
- allocations
type: object
type: object
required:
- allocations
- capacity
- unallocated
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

286
config/crds/network.kubesphere.io_namespacenetworkpolicies.yaml
View File

@@ -1,286 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: namespacenetworkpolicies.network.kubesphere.io
spec:
group: network.kubesphere.io
names:
categories:
- networking
kind: NamespaceNetworkPolicy
listKind: NamespaceNetworkPolicyList
plural: namespacenetworkpolicies
shortNames:
- nsnp
singular: namespacenetworkpolicy
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NamespaceNetworkPolicy is the Schema for the namespacenetworkpolicies
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: NamespaceNetworkPolicySpec provides the specification of
a NamespaceNetworkPolicy
properties:
egress:
description: List of egress rules to be applied to the selected pods.
Outgoing traffic is allowed if there are no NetworkPolicies selecting
the pod (and cluster policy otherwise allows the traffic), OR if
the traffic matches at least one egress rule across all of the NetworkPolicy
objects whose podSelector matches the pod. If this field is empty
then this NetworkPolicy limits all outgoing traffic (and serves
solely to ensure that the pods it selects are isolated by default).
This field is beta-level in 1.8
items:
description: NetworkPolicyEgressRule describes a particular set
of traffic that is allowed out of pods matched by a NetworkPolicySpec's
podSelector. The traffic must match both ports and to. This type
is beta-level in 1.8
properties:
ports:
description: List of destination ports for outgoing traffic.
Each item in this list is combined using a logical OR. If
this field is empty or missing, this rule matches all ports
(traffic not restricted by port). If this field is present
and contains at least one item, then this rule allows traffic
only if the traffic matches at least one port in the list.
items:
description: NetworkPolicyPort describes a port to allow traffic
on
properties:
endPort:
description: If set, indicates that the range of ports
from port to endPort, inclusive, should be allowed by
the policy. This field cannot be defined if the port
field is not defined or if the port field is defined
as a named (string) port. The endPort must be equal
or greater than port. This feature is in Alpha state
and should be enabled using the Feature Gate "NetworkPolicyEndPort".
format: int32
type: integer
port:
anyOf:
- type: integer
- type: string
description: The port on the given protocol. This can
either be a numerical or named port on a pod. If this
field is not provided, this matches all port names and
numbers. If present, only traffic on the specified protocol
AND port will be matched.
x-kubernetes-int-or-string: true
protocol:
default: TCP
description: The protocol (TCP, UDP, or SCTP) which traffic
must match. If not specified, this field defaults to
TCP.
type: string
type: object
type: array
to:
description: List of destinations for outgoing traffic of pods
selected for this rule. Items in this list are combined using
a logical OR operation. If this field is empty or missing,
this rule matches all destinations (traffic not restricted
by destination). If this field is present and contains at
least one item, this rule allows traffic only if the traffic
matches at least one item in the to list.
items:
description: NetworkPolicyPeer describes a peer to allow traffic
from. Only certain combinations of fields are allowed
properties:
ipBlock:
description: IPBlock defines policy on a particular IPBlock.
If this field is set then neither of the other fields
can be.
properties:
cidr:
description: CIDR is a string representing the IP
Block Valid examples are "192.168.1.1/24" or "2001:db9::/64"
type: string
except:
description: Except is a slice of CIDRs that should
not be included within an IP Block Valid examples
are "192.168.1.1/24" or "2001:db9::/64" Except values
will be rejected if they are outside the CIDR range
items:
type: string
type: array
required:
- cidr
type: object
namespace:
properties:
name:
type: string
required:
- name
type: object
service:
properties:
name:
type: string
namespace:
type: string
required:
- name
- namespace
type: object
type: object
type: array
type: object
type: array
ingress:
description: List of ingress rules to be applied to the selected pods.
Traffic is allowed to a pod if there are no NetworkPolicies selecting
the pod (and cluster policy otherwise allows the traffic), OR if
the traffic source is the pod's local node, OR if the traffic matches
at least one ingress rule across all of the NetworkPolicy objects
whose podSelector matches the pod. If this field is empty then this
NetworkPolicy does not allow any traffic (and serves solely to ensure
that the pods it selects are isolated by default)
items:
description: NetworkPolicyIngressRule describes a particular set
of traffic that is allowed to the pods matched by a NetworkPolicySpec's
podSelector. The traffic must match both ports and from.
properties:
from:
description: List of sources which should be able to access
the pods selected for this rule. Items in this list are combined
using a logical OR operation. If this field is empty or missing,
this rule matches all sources (traffic not restricted by source).
If this field is present and contains at least one item, this
rule allows traffic only if the traffic matches at least one
item in the from list.
items:
description: NetworkPolicyPeer describes a peer to allow traffic
from. Only certain combinations of fields are allowed
properties:
ipBlock:
description: IPBlock defines policy on a particular IPBlock.
If this field is set then neither of the other fields
can be.
properties:
cidr:
description: CIDR is a string representing the IP
Block Valid examples are "192.168.1.1/24" or "2001:db9::/64"
type: string
except:
description: Except is a slice of CIDRs that should
not be included within an IP Block Valid examples
are "192.168.1.1/24" or "2001:db9::/64" Except values
will be rejected if they are outside the CIDR range
items:
type: string
type: array
required:
- cidr
type: object
namespace:
properties:
name:
type: string
required:
- name
type: object
service:
properties:
name:
type: string
namespace:
type: string
required:
- name
- namespace
type: object
type: object
type: array
ports:
description: List of ports which should be made accessible on
the pods selected for this rule. Each item in this list is
combined using a logical OR. If this field is empty or missing,
this rule matches all ports (traffic not restricted by port).
If this field is present and contains at least one item, then
this rule allows traffic only if the traffic matches at least
one port in the list.
items:
description: NetworkPolicyPort describes a port to allow traffic
on
properties:
endPort:
description: If set, indicates that the range of ports
from port to endPort, inclusive, should be allowed by
the policy. This field cannot be defined if the port
field is not defined or if the port field is defined
as a named (string) port. The endPort must be equal
or greater than port. This feature is in Alpha state
and should be enabled using the Feature Gate "NetworkPolicyEndPort".
format: int32
type: integer
port:
anyOf:
- type: integer
- type: string
description: The port on the given protocol. This can
either be a numerical or named port on a pod. If this
field is not provided, this matches all port names and
numbers. If present, only traffic on the specified protocol
AND port will be matched.
x-kubernetes-int-or-string: true
protocol:
default: TCP
description: The protocol (TCP, UDP, or SCTP) which traffic
must match. If not specified, this field defaults to
TCP.
type: string
type: object
type: array
type: object
type: array
policyTypes:
description: List of rule types that the NetworkPolicy relates to.
Valid options are "Ingress", "Egress", or "Ingress,Egress". If this
field is not specified, it will default based on the existence of
Ingress or Egress rules; policies that contain an Egress section
are assumed to affect Egress, and all policies (whether or not they
contain an Ingress section) are assumed to affect Ingress. If you
want to write an egress-only policy, you must explicitly specify
policyTypes [ "Egress" ]. Likewise, if you want to write a policy
that specifies that no egress is allowed, you must specify a policyTypes
value that include "Egress" (since such a policy would not include
an Egress section and would otherwise default to just [ "Ingress"
]). This field is beta-level in 1.8
items:
description: PolicyType string describes the NetworkPolicy type
This type is beta-level in 1.8
type: string
type: array
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

191
config/crds/quota.kubesphere.io_resourcequotas.yaml
View File

@@ -1,191 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: resourcequotas.quota.kubesphere.io
spec:
group: quota.kubesphere.io
names:
categories:
- quota
kind: ResourceQuota
listKind: ResourceQuotaList
plural: resourcequotas
singular: resourcequota
scope: Cluster
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: WorkspaceResourceQuota sets aggregate quota restrictions enforced
per workspace
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the desired quota
properties:
quota:
description: Quota defines the desired quota
properties:
hard:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'hard is the set of desired hard limits for each
named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
type: object
scopeSelector:
description: scopeSelector is also a collection of filters like
scopes that must match each object tracked by a quota but expressed
using ScopeSelectorOperator in combination with possible values.
For a resource to match, both scopes AND scopeSelector (if specified
in spec), must be matched.
properties:
matchExpressions:
description: A list of scope selector requirements by scope
of the resources.
items:
description: A scoped-resource selector requirement is a
selector that contains values, a scope name, and an operator
that relates the scope name and values.
properties:
operator:
description: Represents a scope's relationship to a
set of values. Valid operators are In, NotIn, Exists,
DoesNotExist.
type: string
scopeName:
description: The name of the scope that the selector
applies to.
type: string
values:
description: An array of string values. If the operator
is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during
a strategic merge patch.
items:
type: string
type: array
required:
- operator
- scopeName
type: object
type: array
type: object
scopes:
description: A collection of filters that must match each object
tracked by a quota. If not specified, the quota matches all
objects.
items:
description: A ResourceQuotaScope defines a filter that must
match each object tracked by a quota
type: string
type: array
type: object
selector:
additionalProperties:
type: string
description: LabelSelector is used to select projects by label.
type: object
required:
- quota
- selector
type: object
status:
description: Status defines the actual enforced quota and its current
usage
properties:
namespaces:
description: Namespaces slices the usage by project.
items:
description: ResourceQuotaStatusByNamespace gives status for a particular
project
properties:
hard:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Hard is the set of enforced hard limits for each
named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
type: object
namespace:
description: Namespace the project this status applies to
type: string
used:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Used is the current observed total usage of the
resource in the namespace.
type: object
required:
- namespace
type: object
type: array
total:
description: Total defines the actual enforced quota and its current
usage across all projects
properties:
hard:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Hard is the set of enforced hard limits for each
named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
type: object
used:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Used is the current observed total usage of the resource
in the namespace.
type: object
type: object
required:
- namespaces
- total
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

1251
config/crds/servicemesh.kubesphere.io_servicepolicies.yaml
View File

File diff suppressed because it is too large Load Diff

911
config/crds/servicemesh.kubesphere.io_strategies.yaml
View File

@@ -1,911 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: strategies.servicemesh.kubesphere.io
spec:
group: servicemesh.kubesphere.io
names:
kind: Strategy
listKind: StrategyList
plural: strategies
singular: strategy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: type of strategy
jsonPath: .spec.type
name: Type
type: string
- description: destination hosts
jsonPath: .spec.template.spec.hosts
name: Hosts
type: string
- description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha2
schema:
openAPIV3Schema:
description: Strategy is the Schema for the strategies API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: StrategySpec defines the desired state of Strategy
properties:
governor:
description: Governor version, the version takes control of all incoming traffic label version value
type: string
principal:
description: Principal version, the one as reference version label version value
type: string
selector:
description: Label selector for virtual services.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
strategyPolicy:
description: strategy policy, how the strategy will be applied by the strategy controller
type: string
template:
description: Template describes the virtual service that will be created.
properties:
metadata:
description: Metadata of the virtual services created from this template
type: object
spec:
description: 'Configuration affecting label/content routing, sni routing,
etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
properties:
exportTo:
description: A list of namespaces to which this virtual service is
exported.
items:
format: string
type: string
type: array
gateways:
description: The names of gateways and sidecars that should apply
these routes.
items:
format: string
type: string
type: array
hosts:
description: The destination hosts to which traffic is being sent.
items:
format: string
type: string
type: array
http:
description: An ordered list of route rules for HTTP traffic.
items:
properties:
corsPolicy:
description: Cross-Origin Resource Sharing policy (CORS).
properties:
allowCredentials:
nullable: true
type: boolean
allowHeaders:
items:
format: string
type: string
type: array
allowMethods:
description: List of HTTP methods allowed to access the
resource.
items:
format: string
type: string
type: array
allowOrigin:
description: The list of origins that are allowed to perform
CORS requests.
items:
format: string
type: string
type: array
allowOrigins:
description: String patterns that match allowed origins.
items:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
type: array
exposeHeaders:
items:
format: string
type: string
type: array
maxAge:
type: string
type: object
delegate:
properties:
name:
description: Name specifies the name of the delegate VirtualService.
format: string
type: string
namespace:
description: Namespace specifies the namespace where the
delegate VirtualService resides.
format: string
type: string
type: object
fault:
description: Fault injection policy to apply on HTTP traffic
at the client side.
properties:
abort:
oneOf:
- not:
anyOf:
- required:
- httpStatus
- required:
- grpcStatus
- required:
- http2Error
- required:
- httpStatus
- required:
- grpcStatus
- required:
- http2Error
properties:
grpcStatus:
format: string
type: string
http2Error:
format: string
type: string
httpStatus:
description: HTTP status code to use to abort the Http
request.
format: int32
type: integer
percentage:
description: Percentage of requests to be aborted with
the error code provided.
properties:
value:
format: double
type: number
type: object
type: object
delay:
oneOf:
- not:
anyOf:
- required:
- fixedDelay
- required:
- exponentialDelay
- required:
- fixedDelay
- required:
- exponentialDelay
properties:
exponentialDelay:
type: string
fixedDelay:
description: Add a fixed delay before forwarding the
request.
type: string
percent:
description: Percentage of requests on which the delay
will be injected (0-100).
format: int32
type: integer
percentage:
description: Percentage of requests on which the delay
will be injected.
properties:
value:
format: double
type: number
type: object
type: object
type: object
headers:
properties:
request:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
response:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
match:
items:
properties:
authority:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
gateways:
description: Names of gateways where the rule should be
applied.
items:
format: string
type: string
type: array
headers:
additionalProperties:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
type: object
ignoreUriCase:
description: Flag to specify whether the URI matching
should be case-insensitive.
type: boolean
method:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
name:
description: The name assigned to a match.
format: string
type: string
port:
description: Specifies the ports on the host that is being
addressed.
type: integer
queryParams:
additionalProperties:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
description: Query parameters for matching.
type: object
scheme:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
sourceLabels:
additionalProperties:
format: string
type: string
type: object
sourceNamespace:
description: Source namespace constraining the applicability
of a rule to workloads in that namespace.
format: string
type: string
uri:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
withoutHeaders:
additionalProperties:
oneOf:
- not:
anyOf:
- required:
- exact
- required:
- prefix
- required:
- regex
- required:
- exact
- required:
- prefix
- required:
- regex
properties:
exact:
format: string
type: string
prefix:
format: string
type: string
regex:
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
format: string
type: string
type: object
description: withoutHeader has the same syntax with the
header, but has opposite meaning.
type: object
type: object
type: array
mirror:
properties:
host:
description: The name of a service from the service registry.
format: string
type: string
port:
description: Specifies the port on the host that is being
addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
mirror_percent:
description: Percentage of the traffic to be mirrored by the
`mirror` field.
nullable: true
type: integer
mirrorPercent:
description: Percentage of the traffic to be mirrored by the
`mirror` field.
nullable: true
type: integer
mirrorPercentage:
description: Percentage of the traffic to be mirrored by the
`mirror` field.
properties:
value:
format: double
type: number
type: object
name:
description: The name assigned to the route for debugging purposes.
format: string
type: string
redirect:
description: A HTTP rule can either redirect or forward (default)
traffic.
properties:
authority:
format: string
type: string
redirectCode:
type: integer
uri:
format: string
type: string
type: object
retries:
description: Retry policy for HTTP requests.
properties:
attempts:
description: Number of retries to be allowed for a given
request.
format: int32
type: integer
perTryTimeout:
description: Timeout per attempt for a given request, including
the initial call and any retries.
type: string
retryOn:
description: Specifies the conditions under which retry
takes place.
format: string
type: string
retryRemoteLocalities:
description: Flag to specify whether the retries should
retry to other localities.
nullable: true
type: boolean
type: object
rewrite:
description: Rewrite HTTP URIs and Authority headers.
properties:
authority:
description: rewrite the Authority/Host header with this
value.
format: string
type: string
uri:
format: string
type: string
type: object
route:
description: A HTTP rule can either redirect or forward (default)
traffic.
items:
properties:
destination:
properties:
host:
description: The name of a service from the service
registry.
format: string
type: string
port:
description: Specifies the port on the host that is
being addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
headers:
properties:
request:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
response:
properties:
add:
additionalProperties:
format: string
type: string
type: object
remove:
items:
format: string
type: string
type: array
set:
additionalProperties:
format: string
type: string
type: object
type: object
type: object
weight:
format: int32
type: integer
type: object
type: array
timeout:
description: Timeout for HTTP requests, default is disabled.
type: string
type: object
type: array
tcp:
description: An ordered list of route rules for opaque TCP traffic.
items:
properties:
match:
items:
properties:
destinationSubnets:
description: IPv4 or IPv6 ip addresses of destination
with optional subnet.
items:
format: string
type: string
type: array
gateways:
description: Names of gateways where the rule should be
applied.
items:
format: string
type: string
type: array
port:
description: Specifies the port on the host that is being
addressed.
type: integer
sourceLabels:
additionalProperties:
format: string
type: string
type: object
sourceNamespace:
description: Source namespace constraining the applicability
of a rule to workloads in that namespace.
format: string
type: string
sourceSubnet:
description: IPv4 or IPv6 ip address of source with optional
subnet.
format: string
type: string
type: object
type: array
route:
description: The destination to which the connection should
be forwarded to.
items:
properties:
destination:
properties:
host:
description: The name of a service from the service
registry.
format: string
type: string
port:
description: Specifies the port on the host that is
being addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
weight:
format: int32
type: integer
type: object
type: array
type: object
type: array
tls:
items:
properties:
match:
items:
properties:
destinationSubnets:
description: IPv4 or IPv6 ip addresses of destination
with optional subnet.
items:
format: string
type: string
type: array
gateways:
description: Names of gateways where the rule should be
applied.
items:
format: string
type: string
type: array
port:
description: Specifies the port on the host that is being
addressed.
type: integer
sniHosts:
description: SNI (server name indicator) to match on.
items:
format: string
type: string
type: array
sourceLabels:
additionalProperties:
format: string
type: string
type: object
sourceNamespace:
description: Source namespace constraining the applicability
of a rule to workloads in that namespace.
format: string
type: string
type: object
type: array
route:
description: The destination to which the connection should
be forwarded to.
items:
properties:
destination:
properties:
host:
description: The name of a service from the service
registry.
format: string
type: string
port:
description: Specifies the port on the host that is
being addressed.
properties:
number:
type: integer
type: object
subset:
description: The name of a subset within the service.
format: string
type: string
type: object
weight:
format: int32
type: integer
type: object
type: array
type: object
type: array
type: object
type: object
type:
description: Strategy type
type: string
type: object
status:
description: StrategyStatus defines the observed state of Strategy
properties:
completionTime:
description: Represents time when the strategy was completed. It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
conditions:
description: The latest available observations of an object's current state.
items:
description: StrategyCondition describes current state of a strategy.
properties:
lastProbeTime:
description: Last time the condition was checked.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transit from one status to another
format: date-time
type: string
message:
description: Human readable message indicating details about last transition.
type: string
reason:
description: reason for the condition's last transition
type: string
status:
description: Status of the condition, one of True, False, Unknown
type: string
type:
description: Type of strategy condition, Complete or Failed.
type: string
type: object
type: array
startTime:
description: Represents time when the strategy was acknowledged by the controller. It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

120
config/crds/storage.kubesphere.io_provisionercapabilities.yaml
View File

@@ -1,120 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: provisionercapabilities.storage.kubesphere.io
spec:
group: storage.kubesphere.io
names:
kind: ProvisionerCapability
listKind: ProvisionerCapabilityList
plural: provisionercapabilities
singular: provisionercapability
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.pluginInfo.name
name: Provisioner
type: string
- jsonPath: .spec.features.volume.expandMode
name: Expand
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: ProvisionerCapability is the schema for the provisionercapability
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ProvisionerCapabilitySpec defines the desired state of ProvisionerCapability
properties:
features:
description: CapabilityFeatures describe storage features
properties:
snapshot:
description: SnapshotFeature describe snapshot features
properties:
create:
type: boolean
list:
type: boolean
required:
- create
- list
type: object
topology:
type: boolean
volume:
description: VolumeFeature describe volume features
properties:
attach:
type: boolean
clone:
type: boolean
create:
type: boolean
expandMode:
type: string
list:
type: boolean
stats:
type: boolean
required:
- attach
- clone
- create
- expandMode
- list
- stats
type: object
required:
- snapshot
- topology
- volume
type: object
pluginInfo:
description: PluginInfo describes plugin info
properties:
name:
type: string
version:
type: string
required:
- name
- version
type: object
required:
- features
- pluginInfo
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

120
config/crds/storage.kubesphere.io_storageclasscapabilities.yaml
View File

@@ -1,120 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: storageclasscapabilities.storage.kubesphere.io
spec:
group: storage.kubesphere.io
names:
kind: StorageClassCapability
listKind: StorageClassCapabilityList
plural: storageclasscapabilities
singular: storageclasscapability
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.provisioner
name: Provisioner
type: string
- jsonPath: .spec.features.volume.create
name: Volume
type: boolean
- jsonPath: .spec.features.volume.expandMode
name: Expand
type: string
- jsonPath: .spec.features.volume.clone
name: Clone
type: boolean
- jsonPath: .spec.features.snapshot.create
name: Snapshot
type: boolean
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: StorageClassCapability is the Schema for the storage class capability
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: StorageClassCapabilitySpec defines the desired state of StorageClassCapability
properties:
features:
description: CapabilityFeatures describe storage features
properties:
snapshot:
description: SnapshotFeature describe snapshot features
properties:
create:
type: boolean
list:
type: boolean
required:
- create
- list
type: object
topology:
type: boolean
volume:
description: VolumeFeature describe volume features
properties:
attach:
type: boolean
clone:
type: boolean
create:
type: boolean
expandMode:
type: string
list:
type: boolean
stats:
type: boolean
required:
- attach
- clone
- create
- expandMode
- list
- stats
type: object
required:
- snapshot
- topology
- volume
type: object
provisioner:
type: string
required:
- features
- provisioner
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

180
config/crds/storage.kubesphere.io_storageclasseraccessor.yaml
View File

@@ -1,180 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: accessors.storage.kubesphere.io
spec:
group: storage.kubesphere.io
names:
kind: Accessor
listKind: AccessorList
plural: accessors
singular: accessor
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.storageClassName
name: StorageClass
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: Accessor is the Schema for the accessors API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AccessorSpec defines the desired state of Accessor
properties:
namespaceSelector:
properties:
fieldSelector:
items:
properties:
fieldExpressions:
items:
properties:
field:
enum:
- Name
- Status
type: string
operator:
enum:
- In
- NotIn
type: string
values:
items:
type: string
type: array
required:
- field
- operator
- values
type: object
type: array
required:
- fieldExpressions
type: object
type: array
labelSelector:
items:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
enum:
- In
- NotIn
type: string
values:
items:
type: string
type: array
required:
- key
- operator
- values
type: object
type: array
required:
- matchExpressions
type: object
type: array
type: object
storageClassName:
type: string
workspaceSelector:
properties:
fieldSelector:
items:
properties:
fieldExpressions:
items:
properties:
field:
enum:
- Name
- Status
type: string
operator:
enum:
- In
- NotIn
type: string
values:
items:
type: string
type: array
required:
- field
- operator
- values
type: object
type: array
required:
- fieldExpressions
type: object
type: array
labelSelector:
items:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
enum:
- In
- NotIn
type: string
values:
items:
type: string
type: array
required:
- key
- operator
- values
type: object
type: array
required:
- matchExpressions
type: object
type: array
type: object
required:
- storageClassName
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

57
config/crds/tenant.kubesphere.io_workspaces.yaml
View File

@@ -1,57 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: workspaces.tenant.kubesphere.io
spec:
group: tenant.kubesphere.io
names:
categories:
- tenant
kind: Workspace
listKind: WorkspaceList
plural: workspaces
singular: workspace
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Workspace is the Schema for the workspaces API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: WorkspaceSpec defines the desired state of Workspace
properties:
manager:
type: string
networkIsolation:
type: boolean
type: object
status:
description: WorkspaceStatus defines the observed state of Workspace
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

147
config/crds/tenant.kubesphere.io_workspacetemplates.yaml
View File

@@ -1,147 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: workspacetemplates.tenant.kubesphere.io
spec:
group: tenant.kubesphere.io
names:
categories:
- tenant
kind: WorkspaceTemplate
listKind: WorkspaceTemplateList
plural: workspacetemplates
singular: workspacetemplate
scope: Cluster
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: WorkspaceTemplate is the Schema for the workspacetemplates API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
overrides:
items:
properties:
clusterName:
type: string
clusterOverrides:
items:
properties:
op:
type: string
path:
type: string
value:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- path
type: object
type: array
required:
- clusterName
type: object
type: array
placement:
properties:
clusterSelector:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An
empty label selector matches all objects. A null label selector
matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
clusters:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
type: object
template:
properties:
metadata:
type: object
spec:
description: WorkspaceSpec defines the desired state of Workspace
properties:
manager:
type: string
networkIsolation:
type: boolean
type: object
type: object
required:
- placement
- template
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

23
config/gateway/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
config/gateway/Chart.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v2
appVersion: 1.16.0
description: The Gateway helm Chart creates a Nginx Ingress Controller release by render a Nginx.gateway.kubesphere.io Kind.
name: gateway
type: application
version: 0.1.0

272
config/gateway/templates/nginx-ingress.yaml
View File

@@ -1,272 +0,0 @@
apiVersion: gateway.kubesphere.io/v1alpha1
kind: Nginx
metadata:
name: {{ .Release.Name }}-ingress
spec:
fullnameOverride: {{ .Release.Name }}
controller:
# To rolling upgrade from old nginx ingress controller, we have to overide the name pattern
name: ""
image:
{{- with .Values.controller.image }}
{{- toYaml . | nindent 6 }}
{{- end }}
watchIngressWithoutClass: true
publishService:
enabled: {{ eq .Values.service.type "LoadBalancer" }}
# Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
{{- if .Values.controller.config }}
config: {{ toYaml .Values.controller.config | nindent 6 }}
{{- end }}
{{- if hasKey .Values.deployment.annotations "servicemesh.kubesphere.io/enabled" }}
podAnnotations:
sidecar.istio.io/inject: {{ get .Values.deployment.annotations "servicemesh.kubesphere.io/enabled" }}
{{- end }}
## Annotations to be added to the controller config configuration configmap
##
configAnnotations: {}
# Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
proxySetHeaders: {}
# Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
addHeaders: {}
# Optionally customize the pod dnsConfig.
dnsConfig: {}
# Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
# Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
reportNodeInternalIp: false
## Election ID to use for status update
##
electionID: ingress-controller-leader-{{ .Release.Name }}
## Name of the ingress class to route through this controller
##
ingressClass: nginx
# This section refers to the creation of the IngressClass resource
# IngressClass resources are supported since k8s >= 1.18
ingressClassResource:
enabled: false
default: false
# Parameters is a link to a custom resource containing additional
# configuration for the controller. This is optional if the controller
# does not require extra parameters.
parameters: {}
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Limit the scope of the controller
##
{{- if .Values.controller.scope.enabled }}
scope:
enabled: true
namespace: {{ default .Release.Namespace .Values.controller.scope.namespace }} # defaults to .Release.Namespace
{{- end }}
## Allows customization of the configmap / nginx-configmap namespace
##
configMapNamespace: "" # defaults to .Release.Namespace
## Allows customization of the tcp-services-configmap
##
tcp:
configMapNamespace: "" # defaults to .Release.Namespace
## Annotations to be added to the tcp config configmap
annotations: {}
## Allows customization of the udp-services-configmap
##
udp:
configMapNamespace: "" # defaults to .Release.Namespace
## Annotations to be added to the udp config configmap
annotations: {}
## Additional command line arguments to pass to nginx-ingress-controller
## E.g. to specify the default SSL certificate you can use
## extraArgs:
## default-ssl-certificate: "<namespace>/<secret_name>"
extraArgs: {}
## Additional environment variables to set
extraEnvs: []
kind: Deployment
## Annotations to be added to the controller Deployment or DaemonSet
##
{{- if .Values.deployment.annotations }}
annotations: {{ toYaml .Values.deployment.annotations | nindent 6 }}
{{- end }}
## Labels to be added to the controller Deployment or DaemonSet
##
labels: {}
# keel.sh/policy: patch
# keel.sh/trigger: poll
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Affinity and anti-affinity
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- ingress-nginx
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}-ingress
- key: app.kubernetes.io/component
operator: In
values:
- controller
topologyKey: kubernetes.io/hostname
# # An example of required pod anti-affinity
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app.kubernetes.io/name
# operator: In
# values:
# - ingress-nginx
# - key: app.kubernetes.io/instance
# operator: In
# values:
# - ingress-nginx
# - key: app.kubernetes.io/component
# operator: In
# values:
# - controller
# topologyKey: "kubernetes.io/hostname"
## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
##
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: failure-domain.beta.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: ingress-nginx-internal
replicaCount: {{.Values.deployment.replicas}}
minAvailable: 1
# Define requests resources to avoid probe issues due to CPU utilization in busy nodes
# ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903
# Ideally, there should be no limits.
# https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/
resources: {{ toYaml .Values.deployment.resources | nindent 6 }}
# Mutually exclusive with keda autoscaling
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 11
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
## Override NGINX template
customTemplate:
configMapName: ""
configMapKey: ""
service:
enabled: true
{{- if .Values.service.annotations }}
annotations: {{ toYaml .Values.service.annotations | nindent 8 }}
{{- end }}
labels: {}
# clusterIP: ""
## List of IP addresses at which the controller services are available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
# loadBalancerIP: ""
loadBalancerSourceRanges: []
## Set external traffic policy to: "Local" to preserve source IP on
## providers supporting it
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
# externalTrafficPolicy: ""
# Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
# sessionAffinity: ""
type: {{ .Values.service.type }}
# type: NodePort
# nodePorts:
# http: 32080
# https: 32443
# tcp:
# 8080: 32808
nodePorts:
http: ""
https: ""
tcp: {}
udp: {}
admissionWebhooks:
enabled: false
metrics:
port: 10254
enabled: true
serviceMonitor:
enabled: true
prometheusRule:
enabled: false
## Optional array of imagePullSecrets containing private registry credentials
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: secretName

37
config/gateway/values.yaml
View File

@@ -1,37 +0,0 @@
# Default values for gateway.
controller:
replicas: 1
annotations: {}
# add custom configuration options
config: {}
## Limit the scope of the controller
##
scope:
enabled: false
namespace: "" # defaults to .Release.Namespace
image:
repository: kubesphere/nginx-ingress-controller
tag: "v1.1.0"
pullPolicy: IfNotPresent
digest: ""
service:
## annotations for Services, used for config Cloud LoadBalancer
annotations: {}
type: LoadBalancer
## for nginx controller, same with controller
deployment:
annotations: {}
replicas: 1
resources:
# limits:
# cpu: 100m
# memory: 90Mi
requests:
cpu: 100m
memory: 90Mi

23
config/ks-core/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

15
config/ks-core/Chart.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v2
name: ks-core
description: A Helm chart for KubeSphere Core components
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: "v3.2.1"

0
config/ks-core/crds/.gitkeep
View File

0
config/ks-core/templates/NOTES.txt
View File

75
config/ks-core/templates/_helpers.tpl
View File

@@ -1,75 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "ks-core.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ks-core.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ks-core.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "ks-core.labels" -}}
helm.sh/chart: {{ include "ks-core.chart" . }}
{{ include "ks-core.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "ks-core.selectorLabels" -}}
app.kubernetes.io/name: {{ include "ks-core.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "ks-core.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "ks-core.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Returns user's password or use default
*/}}
{{- define "getOrDefaultPass" }}
{{- $pws := (lookup "iam.kubesphere.io/v1alpha2" "User" "" .Name) -}}
{{- if $pws }}
{{- $pws.spec.password -}}
{{- else -}}
{{- .Default -}}
{{- end -}}
{{- end }}

13
config/ks-core/templates/account.yaml
View File

@@ -1,13 +0,0 @@
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: User
metadata:
name: admin
annotations:
iam.kubesphere.io/uninitialized: "true"
helm.sh/resource-policy: keep
spec:
email: admin@kubesphere.io
password: "{{ include "getOrDefaultPass" (dict "Name" "admin" "Default" "$2a$10$zcHepmzfKPoxCVCYZr5K7ORPZZ/ySe9p/7IUb/8u./xHrnSX2LOCO") }}"
status:
state: Active

110
config/ks-core/templates/ks-apiserver.yml
View File

@@ -1,110 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ks-apiserver
tier: backend
version: {{ .Chart.AppVersion }}
name: ks-apiserver
spec:
strategy:
rollingUpdate:
maxSurge: 0
type: RollingUpdate
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: ks-apiserver
tier: backend
# version: {{ .Chart.AppVersion }}
template:
metadata:
labels:
app: ks-apiserver
tier: backend
# version: {{ .Chart.AppVersion }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- command:
- ks-apiserver
- --logtostderr=true
image: {{ .Values.image.ks_apiserver_repo }}:{{ .Values.image.ks_apiserver_tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: ks-apiserver
ports:
- containerPort: 9090
protocol: TCP
resources:
{{- toYaml .Values.apiserver.resources | nindent 12 }}
volumeMounts:
- mountPath: /etc/kubesphere/
name: kubesphere-config
- mountPath: /etc/localtime
name: host-time
readOnly: true
{{- if .Values.apiserver.extraVolumeMounts }}
{{- toYaml .Values.apiserver.extraVolumeMounts | nindent 8 }}
{{- end }}
env:
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 8 }}
{{- end }}
livenessProbe:
failureThreshold: 8
httpGet:
path: /kapis/version
port: 9090
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- configMap:
defaultMode: 420
name: kubesphere-config
name: kubesphere-config
- hostPath:
path: /etc/localtime
type: ""
name: host-time
{{- if .Values.apiserver.extraVolumes }}
{{ toYaml .Values.apiserver.extraVolumes | nindent 6 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
annotations:
kubernetes.io/created-by: kubesphere.io/ks-apiserver
labels:
app: ks-apiserver
tier: backend
version: {{ .Chart.AppVersion }}
name: ks-apiserver
spec:
ports:
- port: 80
protocol: TCP
targetPort: 9090
selector:
app: ks-apiserver
tier: backend
# version: {{ .Chart.AppVersion }}
type: ClusterIP

28
config/ks-core/templates/ks-console-config.yml
View File

@@ -1,28 +0,0 @@
apiVersion: v1
data:
local_config.yaml: |
server:
http:
hostname: localhost
port: 8000
static:
production:
/public: server/public
/assets: dist/assets
/dist: dist
redis:
port: 6379
host: redis.kubesphere-system.svc
redisTimeout: 5000
sessionTimeout: 7200000
client:
version:
kubesphere: {{ .Chart.AppVersion }}
kubernetes: {{ .Values.kube_version }}
openpitrix: {{ .Chart.AppVersion }}
enableKubeConfig: true
defaultClusterName: {{ .Values.console.defaultClusterName }}
kind: ConfigMap
metadata:
name: ks-console-config

108
config/ks-core/templates/ks-console.yml
View File

@@ -1,108 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ks-console
tier: frontend
version: {{ .Chart.AppVersion }}
name: ks-console
spec:
strategy:
rollingUpdate:
maxSurge: 0
type: RollingUpdate
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: ks-console
tier: frontend
template:
metadata:
labels:
app: ks-console
tier: frontend
spec:
containers:
- image: {{ .Values.image.ks_console_repo }}:{{ .Values.image.ks_console_tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: ks-console
resources:
{{- toYaml .Values.console.resources | nindent 12 }}
volumeMounts:
- mountPath: /opt/kubesphere/console/server/local_config.yaml
name: ks-console-config
subPath: local_config.yaml
- mountPath: /opt/kubesphere/console/server/sample
name: sample-bookinfo
- mountPath: /etc/localtime
name: host-time
readOnly: true
{{- if .Values.console.extraVolumeMounts }}
{{- toYaml .Values.console.extraVolumeMounts | nindent 8 }}
{{- end }}
livenessProbe:
tcpSocket:
port: 8000
initialDelaySeconds: 15
timeoutSeconds: 15
periodSeconds: 10
successThreshold: 1
failureThreshold: 8
serviceAccount: {{ include "ks-core.serviceAccountName" . }}
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- configMap:
defaultMode: 420
name: ks-console-config
items:
- key: local_config.yaml
path: local_config.yaml
name: ks-console-config
- configMap:
defaultMode: 420
name: sample-bookinfo
name: sample-bookinfo
- hostPath:
path: /etc/localtime
type: ""
name: host-time
{{- if .Values.console.extraVolumes }}
{{ toYaml .Values.console.extraVolumes | nindent 6 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ks-console
tier: frontend
version: {{ .Chart.AppVersion }}
name: ks-console
spec:
ports:
- name: nginx
port: 80
protocol: TCP
targetPort: 8000
{{- with .Values.console.port }}
nodePort:
{{- toYaml . | nindent 6 }}
{{- end }}
selector:
app: ks-console
tier: frontend
type: {{ .Values.console.type }}

117
config/ks-core/templates/ks-controller-manager.yaml
View File

@@ -1,117 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ks-controller-manager
tier: backend
version: {{ .Chart.AppVersion }}
name: ks-controller-manager
spec:
strategy:
rollingUpdate:
maxSurge: 0
type: RollingUpdate
progressDeadlineSeconds: 600
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: 10
selector:
matchLabels:
app: ks-controller-manager
tier: backend
# version: {{ .Chart.AppVersion }}
template:
metadata:
labels:
app: ks-controller-manager
tier: backend
# version: {{ .Chart.AppVersion }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- command:
- controller-manager
- --logtostderr=true
- --leader-elect=true
image: {{ .Values.image.ks_controller_manager_repo }}:{{ .Values.image.ks_controller_manager_tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: ks-controller-manager
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8443
protocol: TCP
resources:
{{- toYaml .Values.controller.resources | nindent 12 }}
volumeMounts:
- mountPath: /etc/kubesphere/
name: kubesphere-config
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: webhook-secret
- mountPath: /etc/localtime
name: host-time
readOnly: true
{{- if .Values.controller.extraVolumeMounts }}
{{- toYaml .Values.controller.extraVolumeMounts | nindent 8 }}
{{- end }}
env:
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 8 }}
{{- end }}
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
terminationGracePeriodSeconds: 30
volumes:
- name: kubesphere-config
configMap:
name: kubesphere-config
defaultMode: 420
- name: webhook-secret
secret:
defaultMode: 420
secretName: ks-controller-manager-webhook-cert
- hostPath:
path: /etc/localtime
type: ""
name: host-time
{{- if .Values.controller.extraVolumes }}
{{ toYaml .Values.controller.extraVolumes | nindent 6 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ks-controller-manager
tier: backend
version: {{ .Chart.AppVersion }}
name: ks-controller-manager
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
app: ks-controller-manager
tier: backend
# version: {{ .Chart.AppVersion }}
sessionAffinity: None
type: ClusterIP

Some files were not shown because too many files have changed in this diff Show More