update ks-core helm chart

kubesphere · Jan 31, 2024 · d8ff723 · d8ff723
1 parent f9d79e5
commit d8ff723
Show file tree

Hide file tree

Showing 11 changed files with 110 additions and 115 deletions.
diff --git a/src/test/ks-core/Chart.yaml b/src/test/ks-core/Chart.yaml
@@ -7,7 +7,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.5
+version: 0.5.7
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/src/test/ks-core/crds/tenant.kubesphere.io_workspacetemplates.yaml b/src/test/ks-core/crds/tenant.kubesphere.io_workspacetemplates.yaml
@@ -217,6 +217,9 @@ spec:
                       - name
                       type: object
                     type: array
+                    x-kubernetes-list-map-keys:
+                    - name
+                    x-kubernetes-list-type: map
                 type: object
               template:
                 properties:

diff --git a/src/test/ks-core/templates/_helpers.tpl b/src/test/ks-core/templates/_helpers.tpl
@@ -55,11 +55,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 Create the name of the service account to use
 */}}
 {{- define "ks-core.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-    {{- default (include "ks-core.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-    {{- default "default" .Values.serviceAccount.name }}
-{{- end }}
+{{- default "kubesphere" .Values.serviceAccount.name }}
 {{- end }}
 
 {{/*

diff --git a/src/test/ks-core/templates/globalroles.yaml b/src/test/ks-core/templates/globalroles.yaml
@@ -4,11 +4,7 @@ metadata:
   name: anonymous
 rules:
   - nonResourceURLs:
-      - /dist/*
-    verbs:
-      - GET
-  - nonResourceURLs:
-      - /static/images/*
+      - '/static/images/*'
     verbs:
       - GET
 
@@ -127,7 +123,7 @@ rules:
       - get
       - list
   - nonResourceURLs:
-      - /static/images/*
+      - '/static/images/*'
     verbs:
       - GET
 

diff --git a/src/test/ks-core/templates/ingress.yaml b/src/test/ks-core/templates/ingress.yaml
@@ -2,7 +2,7 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ template "ks-core.fullname" . }}
+  name: ks-console
   namespace: {{ .Release.Namespace }}
   annotations:
     {{- if .Values.internalTLS }}
@@ -34,7 +34,7 @@ spec:
   ingressClassName: {{ .Values.ingress.ingressClassName }}
   {{- end }}
   rules:
-    - host: {{ .Values.hostname }}
+    - host: {{ .Values.portal.hostname }}
       http:
         paths:
           - backend:
@@ -61,7 +61,7 @@ spec:
 {{- if .Values.ingress.tls.enabled }}
   tls:
     - hosts:
-        - {{ .Values.hostname }}
+        - {{ .Values.portal.hostname }}
       secretName: {{ .Values.ingress.tls.secretName }}
 {{- end }}
 {{- end }}
diff --git a/src/test/ks-core/templates/ks-console-config.yml b/src/test/ks-core/templates/ks-console-config.yml
@@ -26,9 +26,8 @@ data:
     client:
       version:
         kubesphere: {{ .Chart.AppVersion }}
-        kubernetes: {{ .Values.kubeVersion }}
+        kubernetes: {{ .Capabilities.KubeVersion.Version }}
       enableKubeConfig: true
-    defaultClusterName: {{ .Values.console.defaultClusterName }}
 kind: ConfigMap
 metadata:
   name: ks-console-config

diff --git a/src/test/ks-core/templates/kubesphere-config.yaml b/src/test/ks-core/templates/kubesphere-config.yaml
@@ -1,30 +1,48 @@
-{{- if .Values.config.create -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: kubesphere-config
-  namespace: kubesphere-system
 data:
   kubesphere.yaml: |
     authentication:
-      authenticateRateLimiterMaxTries: {{ .Values.config.authentication.authenticateRateLimiterMaxTries | default 10 }}
-      authenticateRateLimiterDuration: {{ .Values.config.authentication.authenticationRateLimiterDuration | default "10m0s" }}
-      loginHistoryRetentionPeriod: {{ .Values.config.authentication.loginHistoryRetentionPeriod | default "168h"  }}
-      maximumClockSkew: {{ .Values.config.authentication.maximumClockSkew | default "10s" }}
-      multipleLogin: {{ .Values.config.authentication.enableMultiLogin | default true }}
-{{- if eq .Values.role "host" }}
-      {{- with lookup "v1" "ConfigMap" (printf "%s" .Release.Namespace) "kubesphere-config" }}
-      jwtSecret: "{{ (fromYaml (index .data "kubesphere.yaml")).authentication.jwtSecret }}"
-      {{- else }}
-      jwtSecret: "{{ .Values.config.jwtSecret | default (randAlphaNum 32 ) }}"
-      {{- end }}
-{{- else }}
-      jwtSecret: "{{ .Values.config.jwtSecret }}"
-{{- end }}
-{{- if eq .Values.role "member" }}
-      oauthOptions:
+      authenticateRateLimiterMaxTries: {{ .Values.authentication.authenticateRateLimiterMaxTries | default 10 }}
+      authenticateRateLimiterDuration: {{ .Values.authentication.authenticationRateLimiterDuration | default "10m0s" }}
+      loginHistoryRetentionPeriod: {{ .Values.authentication.loginHistoryRetentionPeriod | default "168h"  }}
+      multipleLogin: {{ .Values.authentication.enableMultiLogin | default true }}
+      issuer:
+        {{- if and .Values.portal.https .Values.portal.https.port }}
+        {{- if eq (int .Values.portal.https.port) 443 }}
+        host: {{ printf "https://%s" .Values.portal.hostname }}
+        {{- else }}
+        host: {{ printf "https://%s:%d" .Values.portal.hostname (int .Values.portal.https.port) }}
+        {{- end }}
+        {{- else }}
+        {{- if eq (int .Values.portal.http.port) 80 }}
+        host: {{ printf "http://%s" .Values.portal.hostname }}
+        {{- else }}
+        host: {{ printf "http://%s:%d" .Values.portal.hostname (int .Values.portal.http.port) }}
+        {{- end }}
+        {{- end }}
+        maximumClockSkew: {{ .Values.authentication.issuer.maximumClockSkew | default "10s" }}
+        {{- if eq .Values.role "host" }}
+        {{- with (fromYaml (index (lookup "v1" "ConfigMap" (printf "%s" .Release.Namespace) "kubesphere-config").data "kubesphere.yaml")) }}
+        {{- if and .authentication .authentication.issuer .authentication.issuer.jwtSecret }}
+        jwtSecret: {{ .authentication.issuer.jwtSecret }}
+        {{- else }}
+        jwtSecret: "{{ $.Values.authentication.issuer.jwtSecret | default (randAlphaNum 32 ) }}"
+        {{- end }}
+        {{- else }}
+        jwtSecret: "{{ .Values.authentication.issuer.jwtSecret | default (randAlphaNum 32 ) }}"
+        {{- end }}
+        {{- else }}
+        jwtSecret: "{{ .Values.authentication.issuer.jwtSecret }}"
+        {{- end }}
+        {{- if eq .Values.role "member" }}
         accessTokenMaxAge: 0
-{{- end }}
+        {{- else }}
+        accessTokenMaxAge:  {{ .Values.authentication.issuer.accessTokenMaxAge }}
+        {{- end }}
+        accessTokenInactivityTimeout:  {{ .Values.authentication.issuer.accessTokenInactivityTimeout }}
     multicluster:
       clusterRole: {{ .Values.role }}
     terminal:
@@ -35,11 +53,11 @@ data:
     helmExecutor:
       image: {{ template "helm.image" . }}
     extension:
-      imageRegistry: {{- .Values.extension.imageRegistry  }}
+      imageRegistry: {{ default .Values.extension.imageRegistry "" | quote }}
+      {{- if .Values.extension.nodeSelector }}
       nodeSelector: {{- toYaml .Values.extension.nodeSelector | nindent 8 }}
-
-{{- if .Values.devMode }}
+      {{- end }}
+    {{- if .Values.devMode }}
     telemetry:
       ksCloudURL: "https://clouddev.kubesphere.io"
-{{- end }}
-{{- end }}
+    {{- end }}
diff --git a/src/test/ks-core/templates/serviceaccount.yaml b/src/test/ks-core/templates/serviceaccount.yaml
@@ -10,7 +10,6 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-{{- end }}
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -25,3 +24,4 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "ks-core.serviceAccountName" . }}
     namespace: kubesphere-system
+{{- end }}
diff --git a/src/test/ks-core/templates/tls-secrets.yaml b/src/test/ks-core/templates/tls-secrets.yaml
@@ -1,6 +1,6 @@
 {{- if ne .Values.ingress.tls.source "letsEncrypt" -}}
 {{- if and (not (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1")) (not (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2")) (not (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1")) (not (.Capabilities.APIVersions.Has "cert-manager.io/v1")) }}
-{{- $ca := genCA .Values.hostname 3650 -}}
+{{- $ca := genCA "self-signed-ca" 3650 -}}
 {{- $cert := genSignedCert "ks-apiserver" nil (list "ks-apiserver" (printf "%s.%s" "ks-apiserver" .Release.Namespace) (printf "%s.%s.%s" "ks-apiserver" .Release.Namespace "svc")) 3650 $ca -}}
 {{- if .Values.internalTLS }}
 apiVersion: v1
@@ -16,7 +16,7 @@ data:
 {{- end }}
 
 ---
-{{- $consolecert := genSignedCert "ks-console" nil (list "ks-console" (printf "%s.%s" "ks-console" .Release.Namespace) (printf "%s.%s.%s" "ks-console" .Release.Namespace "svc")) 3650 $ca -}}
+{{- $consolecert := genSignedCert "ks-console" nil (list "ks-console" (printf "%s.%s" "ks-console" .Release.Namespace) (printf "%s.%s.%s" "ks-console" .Release.Namespace "svc") .Values.portal.hostname) 3650 $ca -}}
 {{- if .Values.internalTLS }}
 apiVersion: v1
 kind: Secret
@@ -31,7 +31,7 @@ data:
 {{- end }}
 
 ---
-{{- $ingresscert := genSignedCert .Values.hostname nil (list .Values.hostname) 3650 $ca -}}
+{{- $ingresscert := genSignedCert .Values.portal.hostname nil (list .Values.portal.hostname) 3650 $ca -}}
 {{- if and ( .Values.ingress.enabled ) ( .Values.ingress.tls.enabled ) (eq .Values.ingress.tls.source "generation") }}
 apiVersion: v1
 kind: Secret

diff --git a/src/test/ks-core/templates/webhook.yaml b/src/test/ks-core/templates/webhook.yaml
@@ -1,4 +1,4 @@
-{{- $ca := genCA "ks-controller-manager-ca" 3650 }}
+{{- $ca := genCA "self-signed-ca" 3650 }}
 {{- $cn := printf "%s-admission-webhook" .Release.Name }}
 {{- $altName1 := printf "ks-controller-manager.%s" .Release.Namespace }}
 {{- $altName2 := printf "ks-controller-manager.%s.svc" .Release.Namespace }}
@@ -30,7 +30,7 @@ webhooks:
         namespace: kubesphere-system
         path: /validate-iam-kubesphere-io-v1beta1-user
         port: 443
-    failurePolicy: Fail
+    failurePolicy: Ignore
     matchPolicy: Exact
     name: users.iam.kubesphere.io
     namespaceSelector: {}
@@ -192,7 +192,7 @@ webhooks:
         namespace: kubesphere-system
         path: /validate--v1-secret
         port: 443
-    failurePolicy: Fail
+    failurePolicy: Ignore
     matchPolicy: Exact
     name: validator.config.kubesphere.io
     namespaceSelector: {}
@@ -330,7 +330,7 @@ webhooks:
         namespace: kubesphere-system
         path: /mutate--v1-secret
         port: 443
-    failurePolicy: Fail
+    failurePolicy: Ignore
     matchPolicy: Exact
     name: defaulter.config.kubesphere.io
     namespaceSelector: {}