diff --git a/charts/cluster-component/Chart.yaml b/charts/cluster-component/Chart.yaml index cd1ed50..3dd4240 100644 --- a/charts/cluster-component/Chart.yaml +++ b/charts/cluster-component/Chart.yaml @@ -15,15 +15,17 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.0" +appVersion: "0.2.0" dependencies: +- name: kubebb-core + version: 0.1.20 - name: cert-manager version: 0.1.0 condition: cert-manager.enabled @@ -32,7 +34,6 @@ dependencies: condition: metallb.enabled - name: ingress-nginx version: 4.2.5 - # pre560 will use customized ingress-nginx, for v560, will use OSS one directly condition: ingress-nginx.enabled - name: openebs version: 3.3.1 diff --git a/charts/cluster-component/charts/kubebb-core/Chart.yaml b/charts/cluster-component/charts/kubebb-core/Chart.yaml new file mode 100644 index 0000000..fc296b7 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: kubebb-core +annotations: + core.kubebb.k8s.com.cn/displayname: "内核" + core.kubebb.k8s.com.cn/restrict-tenants: "system-tenant" + core.kubebb.k8s.com.cn/restricted-namespaces: "kubebb-system" +description: Kubebb Core provides core implementations on Component Lifecycle Management.Our design and development follows operator pattern which extends kubernetes APIs. +type: application +version: 0.1.20 +appVersion: v0.1.5 +icon: https://avatars.githubusercontent.com/u/85277200 +keywords: + - repository + - helm + - lifecycle-management +sources: + - https://github.com/kubebb/core +maintainers: + - name: bjwswang + url: https://github.com/bjwswang + - name: Abirdcfly + url: https://github.com/Abirdcfly + - name: 0xff-dev + url: https://github.com/0xff-dev diff --git a/charts/cluster-component/charts/kubebb-core/README.md b/charts/cluster-component/charts/kubebb-core/README.md new file mode 100644 index 0000000..2cee70b --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/README.md @@ -0,0 +1,19 @@ +# Kubebb Core Helm Chart + +This chart bootstraps a Kubebb Core deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Usage + +```shell + helm repo add kubebb https://kubebb.github.io/components + kubectl create ns kubebb-system + helm install -nkubebb-system kubebb-core kubebb/kubebb-core +``` + +## Configuration + +| Parameter | Description | Default | +|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| +| `deployment.image` | Image for kubebb core controller | `kubebb/core:v0.1.1` | +| `deployment.imagePullPolcy` | Image pull policy for kubebb core controller | `IfNotPresent` | +| `deployment.resources` | Resouce request and limits for kubebb core controller | see the values.yaml | diff --git a/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_componentplans.yaml b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_componentplans.yaml new file mode 100644 index 0000000..d5816be --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_componentplans.yaml @@ -0,0 +1,369 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: componentplans.core.kubebb.k8s.com.cn +spec: + group: core.kubebb.k8s.com.cn + names: + kind: ComponentPlan + listKind: ComponentPlanList + plural: componentplans + shortNames: + - cpl + - cpls + singular: componentplan + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ComponentPlan is the Schema for the componentplans API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ComponentPlanSpec defines the desired state of ComponentPlan + properties: + approved: + description: Approved indicates whether the ComponentPlan has been + approved + type: boolean + atomic: + description: Atomic is pass to helm install/upgrade --atomic if set, + the installation process deletes the installation on failure. The + --wait flag will be set automatically if --atomic is used + type: boolean + cleanupOnFail: + description: CleanupOnFail is pass to helm upgrade/rollback --cleanup-on-fail + allow deletion of new resources created in this upgrade when upgrade + fails + type: boolean + component: + description: ComponentRef is a reference to the Component + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + creator: + description: creator is the name of crd creator, filled by webhook + type: string + dependencyUpdate: + description: DependencyUpdate is pass to helm install/upgrade --dependency-update + update dependencies if they are missing before installing the chart + type: boolean + description: + description: Description is pass to helm install/upgrade --description + add a custom description + type: string + disableHooks: + description: DisableHooks is pass to helm install/upgrade/rollback + --no-hooks if set, prevent hooks from running during install and + disable pre/post upgrade hooks + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation is pass to helm install/upgrade + --disable-openapi-validation if set, the installation process will + not validate rendered templates against the Kubernetes OpenAPI Schema + type: boolean + enableDNS: + description: EnableDNS is pass to helm install/upgrade --enable-dns + enable DNS lookups when rendering templates + type: boolean + force: + description: Force is passed to helm upgrade/rollback --force in upgrade, + force resource updates through a replacement strategy in rollback, + force resource update through delete/recreate if needed + type: boolean + historyMax: + description: MaxHistory is pass to helm upgrade --history-max limit + the maximum number of revisions saved per release. Use 0 for no + limit + type: integer + keepHistory: + description: KeepHistory is paas to helm uninstall/rollback --keep-history + remove all associated resources and mark the release as deleted, + but retain the release history. + type: boolean + maxRetry: + description: MaxRetry + type: integer + name: + description: Name is pass to helm install , name arg + type: string + override: + description: Override defines the override settings for the component + properties: + images: + description: Images for replace old image see https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/images + items: + description: Image contains an image name, a new name, a new + tag or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original + image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original + name. + type: string + newTag: + description: NewTag is the value used to replace the original + tag. + type: string + type: object + type: array + set: + description: 'Set is passed to helm install --set can specify + multiple or separate values with commas: key1=val1,key2=val2 + Helm also provides other set options, such as --set-json or + --set-literal, which can be replaced by values or valuesFrom + fields.' + items: + type: string + type: array + set-string: + description: 'SetString is passed to helm install --set-string + set STRING values on the command line (can specify multiple + or separate values with commas: key1=val1,key2=val2) https://github.com/helm/helm/pull/3599 + Helm also provides other set options, such as --set-json or + --set-literal, which can be replaced by values or valuesFrom + fields.' + items: + type: string + type: array + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: Values is passed to helm install --values or -f specify + values in a YAML file or a URL (can specify multiple) ValuesFrom + holds references to resources containing Helm values for this + HelmRelease, and information about how they should be merged. + items: + description: ValuesReference contains a reference to a resource + containing Helm values, and optionally the key they can be + found at. + properties: + kind: + description: Kind of the values referent, valid values are + ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values' referent. Should reside + in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + targetPath: + description: TargetPath is the YAML dot notation path the + value should be merged at. When set, the ValuesKey is + expected to be a single flat value. Defaults to 'None', + which results in the values getting merged at the root. + maxLength: 250 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ + type: string + valuesKey: + description: ValuesKey is the data key where the values.yaml + or a specific value can be found at. Defaults to 'values.yaml'. + When set, must be a valid Data Key, consisting of alphanumeric + characters, '-', '_' or '.'. + maxLength: 253 + pattern: ^[\-._a-zA-Z0-9]+$ + type: string + required: + - kind + - name + type: object + type: array + type: object + recreatePods: + description: RecreatePods is pass to helm rollback --recreate-pods + performs pods restart for the resource if applicable. default is + false + type: boolean + skipCRDs: + description: SkipCRDs is pass to helm install/upgrade --skip-crds + if set, no CRDs will be installed. By default, CRDs are installed + if not already present + type: boolean + timeoutSeconds: + description: TimeoutSeconds is pass to helm install/upgrade/rollback + --timeout, default is 300s time to wait for any individual Kubernetes + operation (like Jobs for hooks) + type: integer + version: + description: InstallVersion represents the version that is to be installed + by this ComponentPlan + type: string + wait: + description: Wait is pass to helm install/upgrade/rollback --wait + if set, will wait until all Pods, PVCs, Services, and minimum number + of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready + state before marking the release as successful. It will wait for + as long as --timeout + type: boolean + waitForJobs: + description: WaitForJobs is pass to helm install/upgrade/rollback + --wait-for-jobs if set and --wait enabled, will wait until all Jobs + have been completed before marking the release as successful. It + will wait for as long as --timeout + type: boolean + required: + - approved + - component + - name + - version + type: object + status: + description: ComponentPlanStatus defines the observed state of ComponentPlan + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastSuccessfulTime: + description: LastSuccessfulTime is repository Last Successful + Update Time + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + images: + items: + type: string + type: array + installedRevision: + description: InstalledRevision represents the helm release Revision + that is installed by this ComponentPlan + type: integer + latest: + description: Latest indicates whether the ComponentPlan corresponds + to the latest helm release Revision FIXME rethink this field + type: boolean + observedGeneration: + description: observedGeneration is the most recent metadata.generation + when this ComponentPlan installed successfully or failed and reached + the max retry times. When the ComponentPlan is Done (Succeeded or + Failed), update spec will change metadata.generation We can compare + metadata.generation and status.observedgeneration to determine whether + to Reconcile again. + format: int64 + type: integer + portal: + description: 'Portal only use for kubebb, FIXME: parse it' + properties: + entry: + description: the path of the static file + type: string + path: + description: the path for request acccessing + type: string + type: object + resources: + items: + description: Resource represents one single resource in the ComponentPlan + because the resource, if namespaced, is the same namepsace as + the ComponentPlan, it is either a cluster and does not have namespace, + so the namespace field is not needed. + properties: + NewCreated: + type: boolean + apiVersion: + type: string + kind: + type: string + name: + type: string + specDiffwithExist: + type: string + required: + - apiVersion + - kind + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_components.yaml b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_components.yaml new file mode 100644 index 0000000..e615de8 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_components.yaml @@ -0,0 +1,185 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: components.core.kubebb.k8s.com.cn +spec: + group: core.kubebb.k8s.com.cn + names: + kind: Component + listKind: ComponentList + plural: components + shortNames: + - cp + - cps + singular: component + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'Component is the Schema for the components API In general, Component + will be automatically generated by the controller without user creation + to display the content of the component in the Repository, Spec should add + the necessary configuration if possible (currently left blank), and Status + should display as much information about this component as possible. Displaying + information in Status ensures that it cannot be unintentionally modified + by users. Used to management components - kubebb-system: public - user-namespace: + private' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ComponentSpec defines the desired state of Component + properties: + creator: + type: string + type: object + status: + description: ComponentStatus defines the observed state of Component + properties: + deprecated: + description: The current component is not in the return list of URLs + and will not be deleted but marked as deprecated by this field. + type: boolean + description: + description: 'FIXME: some fields(like description) may change when + version update, how to deal with it? A one-sentence description + of the chart' + type: string + displayName: + description: DisplayName of the component that comes from the helm + chart's latest annotation + type: string + home: + description: The URL to a relevant project page, git repo, or contact + person + type: string + icon: + description: The URL to an icon file. + type: string + keywords: + description: A list of string keywords + items: + type: string + type: array + maintainers: + description: Maintainers is a list of maintainers + items: + description: Maintainer describes a Chart maintainer. inspire by + https://github.com/helm/helm/blob/2398830f183b6d569224ae693ae9215fed5d1372/pkg/chart/metadata.go#L26 + properties: + email: + description: Email is an optional email address to contact the + named maintainer + type: string + name: + description: Name is a user name or organization name + type: string + url: + description: URL is an optional URL to an address for the named + maintainer + type: string + type: object + type: array + name: + description: The name of the component may come from helm chart name + type: string + repository: + description: RepositoryRef is a reference to the Repository + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + sources: + description: Source is the URL to the source code of this Component + items: + type: string + type: array + versions: + description: versions contains all version of one component. + items: + description: ComponentVersion Indicates the fields required for + a specific version of Component. + properties: + annotations: + additionalProperties: + type: string + type: object + appVersion: + type: string + createdAt: + format: date-time + type: string + deprecated: + type: boolean + digest: + type: string + updatedAt: + format: date-time + type: string + version: + type: string + required: + - appVersion + - createdAt + - deprecated + - digest + - updatedAt + - version + type: object + type: array + required: + - name + - repository + - versions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_menus.yaml b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_menus.yaml new file mode 100644 index 0000000..cc4c9c3 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_menus.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: menus.core.kubebb.k8s.com.cn +spec: + group: core.kubebb.k8s.com.cn + names: + kind: Menu + listKind: MenuList + plural: menus + singular: menu + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Menu is the Schema for the menus API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MenuSpec defines the desired state of Menu + properties: + cluster: + description: 菜单对应路由是否可以切换集群 + type: boolean + column: + description: '* 菜单组所在列序号' + format: int32 + type: integer + disabled: + description: menu 显示控制 + type: boolean + getTitleForReplaceSider: + description: 获取 title 的函数 + properties: + method: + description: 方法 + type: string + params: + description: 参数 + type: string + responseDataPath: + description: 获取数据的路径 + items: + type: string + type: array + type: object + icon: + description: 菜单图标 + type: string + id: + description: 菜单组中文名称 + type: string + isRenderSelectCurrent: + description: 是否渲染选择项目、集群 + type: boolean + parent: + description: 父菜单 ID + type: string + parentOwnerReferences: + description: 'FIXME: deprecate this when `AutoMenus` supported' + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and + enforces the foreground deletion. Defaults to false. To set + this field, a user needs "delete" permission of the owner, otherwise + 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + pathname: + description: 菜单路由 + type: string + project: + description: 菜单对应路由是否可以切换项目 + type: boolean + rankingInColumn: + description: 菜单在当前组中的排序,数字越小越靠前 + format: int32 + type: integer + redirect: + description: 跳转菜单路由,优先级高于 pathname,指定后点击菜单会跳转到 redirect 相应路由 + type: string + replaceSiderBackNextPathnamePattern: + description: 给替换菜单的返回按钮使用,当新的 pathname 是替换菜单,且替换菜单的返回按钮需要返回到当前 pathname + 时,配置此属性; 其值得为新的 pathname,同时需要注意⚠️,如果新的地址有多个,则应该取多个地址的公共部分,例如,/oidc/management/projects/:id/role + 和 /oidc/management/projects/:id/member 都需要支持,则应配置为/oidc/management/projects/:id + type: string + requiredModuleBits: + description: 菜单可对应的 module 二进制位 (有一个满足即可见) + items: + format: int32 + type: integer + type: array + requiredRoles: + description: 菜单可见需要的角色 + items: + type: string + type: array + target: + description: 同 a 标签的 target 属性 + type: string + tenant: + description: 菜单对应路由是否可以切换租户 + type: boolean + text: + description: 菜单中文名称 + maxLength: 64 + type: string + textEn: + description: 菜单英文名称 + maxLength: 64 + type: string + useChildrenReplaceSider: + description: 是否在进入子页面后将 sider 替换 + type: boolean + required: + - textEn + type: object + status: + description: MenuStatus defines the observed state of Menu + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_portals.yaml b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_portals.yaml new file mode 100644 index 0000000..e34d5f1 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_portals.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: portals.core.kubebb.k8s.com.cn +spec: + group: core.kubebb.k8s.com.cn + names: + kind: Portal + listKind: PortalList + plural: portals + singular: portal + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Portal is the Schema for the portals API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PortalSpec defines the desired state of Portal + properties: + entry: + description: the path of the static file + type: string + path: + description: the path for request acccessing + type: string + required: + - entry + - path + type: object + status: + description: PortalStatus defines the observed state of Portal + properties: + conflictsInEntry: + description: conflicted portals with same Entry + items: + type: string + type: array + conflictsInPath: + description: conflicted portals with same Path + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_ratings.yaml b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_ratings.yaml new file mode 100644 index 0000000..c401840 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_ratings.yaml @@ -0,0 +1,281 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: ratings.core.kubebb.k8s.com.cn +spec: + group: core.kubebb.k8s.com.cn + names: + kind: Rating + listKind: RatingList + plural: ratings + singular: rating + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + componentName: + description: ComponentName Each Rating corresponds to a component + type: string + evaluator: + description: Evaluator defines the configuration when evaluating the + component + properties: + llm: + description: LLM defines the LLM to be used when evaluating the + component + type: string + type: object + pipelineParams: + description: PipelineParams List of parameters defined in the pipeline + If mulitple PipelineParams contains same dimension,only the 1st + one shall be used + items: + properties: + dimension: + description: Dimension of this pipelinerun + pattern: ^[A-Za-z]+$ + type: string + params: + description: Params List of parameters defined in the pipeline + items: + properties: + name: + type: string + value: + description: ParamValue is a type that can hold a single + string or string array. Used in JSON unmarshalling so + that a single JSON field can accept either an individual + string or an array of strings. + properties: + arrayVal: + items: + type: string + type: array + x-kubernetes-list-type: atomic + objectVal: + additionalProperties: + type: string + type: object + stringVal: + type: string + type: + description: ParamType indicates the type of an input + parameter; Used to distinguish between a single + string and an array of strings. + enum: + - string + - array + - object + type: string + required: + - type + type: object + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + pipelineName: + description: PipelineName the name of pipeline + type: string + required: + - dimension + - pipelineName + type: object + type: array + required: + - componentName + - evaluator + - pipelineParams + type: object + status: + properties: + evaluations: + additionalProperties: + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastSuccessfulTime: + description: LastSuccessfulTime is repository Last Successful + Update Time + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time this + condition transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition + from one status to another. + type: string + status: + description: Status of this condition; is it currently + True, False, or Unknown + type: string + type: + description: Type of this condition. At most one of each + condition type may apply to a resource at any point + in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + finalRating: + description: 'FinalRating from this evaluation TODO: add the + final rating' + type: string + prompt: + type: string + type: object + description: Evaluations contains the evaluator status with the `Dimension` + as the key + type: object + pipelineRuns: + additionalProperties: + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastSuccessfulTime: + description: LastSuccessfulTime is repository Last Successful + Update Time + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time this + condition transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition + from one status to another. + type: string + status: + description: Status of this condition; is it currently + True, False, or Unknown + type: string + type: + description: Type of this condition. At most one of each + condition type may apply to a resource at any point + in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + pipelineName: + type: string + pipelinerunName: + type: string + tasks: + items: + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastSuccessfulTime: + description: LastSuccessfulTime is repository Last + Successful Update Time + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time + this condition transitioned from one status to + another. + format: date-time + type: string + message: + description: A Message containing details about + this condition's last transition from one status + to another, if any. + type: string + reason: + description: A Reason for this condition's last + transition from one status to another. + type: string + status: + description: Status of this condition; is it currently + True, False, or Unknown + type: string + type: + description: Type of this condition. At most one + of each condition type may apply to a resource + at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + description: + type: string + name: + type: string + taskRunName: + type: string + type: + type: string + required: + - description + - name + type: object + type: array + required: + - pipelineName + - pipelinerunName + type: object + description: PipelineRuns contains the pipelinerun status with the + `Dimension` as the key + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_repositories.yaml b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_repositories.yaml new file mode 100644 index 0000000..e163da8 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_repositories.yaml @@ -0,0 +1,198 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: repositories.core.kubebb.k8s.com.cn +spec: + group: core.kubebb.k8s.com.cn + names: + kind: Repository + listKind: RepositoryList + plural: repositories + shortNames: + - repo + - repos + singular: repository + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Repository is the Schema for the repositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RepositorySpec defines the desired state of Repository + properties: + authSecret: + description: AuthSecret if the chart repository requires auth authentication, + set the username and password to secret, with the fields user and + password respectively. + type: string + enableRating: + description: EnableRating enable component rating + type: boolean + filter: + items: + properties: + keepDeprecated: + description: If True, the current version will be retained even + if it is deprecated. + type: boolean + name: + description: Name of the component + type: string + operation: + default: keep + description: default is keep + enum: + - keep + - ignore + type: string + versionedFilterCond: + description: VersionedFilterCond filters which version in component + are pulled/ignored from the repository + properties: + regexp: + description: Filter version by regexp + type: string + versionConstraint: + description: VersionConstraint Support for user-defined + version ranges, etc. Refer to the documentation for more + details https://github.com/Masterminds/semver#semver + type: string + versions: + description: Accurately match each item in the versions + items: + type: string + type: array + type: object + type: object + type: array + imageOverride: + description: ImageOverride means replaced images rules for this repository + items: + properties: + newRegistry: + description: NewRegistry means replaced one + type: string + pathOverride: + description: PathOverride means replaced path + properties: + newPath: + type: string + path: + description: 'The path consists of slash-separated components. + Each component may contain lowercase letters, digits and + separators. A separator is defined as a period, one or + two underscores, or one or more hyphens. A component may + not start or end with a separator. While the OCI Distribution + Specification supports more than two slash-separated components, + most registries only support two slash-separated components. + For Docker’s public registry, the path format is as follows: + [NAMESPACE/]REPOSITORY: The first, optional component + is typically a user’s or an organization’s namespace. + The second, mandatory component is the repository name. + When the namespace is not present, Docker uses library + as the default namespace.' + type: string + type: object + registry: + description: Registry include host and port number, like `registry-1.docker.io` + or `registry-1.docker.io:5000` + type: string + type: object + type: array + insecure: + type: boolean + keywordLenLimit: + description: KeywordLenLimit the keyword array length limit + type: integer + pullStategy: + description: PullStategy for this repository + properties: + intervalSeconds: + description: Interval for pulling + type: integer + retry: + description: Retry upon timeout + type: integer + timeoutSeconds: + description: Timeout for pulling + type: integer + type: object + repositoryType: + default: unknown + type: string + url: + description: URL chart repository address + type: string + required: + - url + type: object + status: + description: RepositoryStatus defines the observed state of Repository + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastSuccessfulTime: + description: LastSuccessfulTime is repository Last Successful + Update Time + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + urlHistory: + description: URLHistory URL change history + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_subscriptions.yaml b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_subscriptions.yaml new file mode 100644 index 0000000..b9cbf28 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/crds/core.kubebb.k8s.com.cn_subscriptions.yaml @@ -0,0 +1,486 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: subscriptions.core.kubebb.k8s.com.cn +spec: + group: core.kubebb.k8s.com.cn + names: + kind: Subscription + listKind: SubscriptionList + plural: subscriptions + shortNames: + - sub + - subs + singular: subscription + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Subscription is the Schema for the subscriptions API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SubscriptionSpec defines the desired state of Subscription + properties: + atomic: + description: Atomic is pass to helm install/upgrade --atomic if set, + the installation process deletes the installation on failure. The + --wait flag will be set automatically if --atomic is used + type: boolean + cleanupOnFail: + description: CleanupOnFail is pass to helm upgrade/rollback --cleanup-on-fail + allow deletion of new resources created in this upgrade when upgrade + fails + type: boolean + component: + description: ComponentRef is a reference to the Component + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + componentPlanInstallMethod: + description: ComponentPlanInstallMethod is the method used to install + the component + type: string + creator: + description: creator is the name of crd creator, filled by webhook + type: string + dependencyUpdate: + description: DependencyUpdate is pass to helm install/upgrade --dependency-update + update dependencies if they are missing before installing the chart + type: boolean + description: + description: Description is pass to helm install/upgrade --description + add a custom description + type: string + disableHooks: + description: DisableHooks is pass to helm install/upgrade/rollback + --no-hooks if set, prevent hooks from running during install and + disable pre/post upgrade hooks + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation is pass to helm install/upgrade + --disable-openapi-validation if set, the installation process will + not validate rendered templates against the Kubernetes OpenAPI Schema + type: boolean + enableDNS: + description: EnableDNS is pass to helm install/upgrade --enable-dns + enable DNS lookups when rendering templates + type: boolean + force: + description: Force is passed to helm upgrade/rollback --force in upgrade, + force resource updates through a replacement strategy in rollback, + force resource update through delete/recreate if needed + type: boolean + historyMax: + description: MaxHistory is pass to helm upgrade --history-max limit + the maximum number of revisions saved per release. Use 0 for no + limit + type: integer + keepHistory: + description: KeepHistory is paas to helm uninstall/rollback --keep-history + remove all associated resources and mark the release as deleted, + but retain the release history. + type: boolean + maxRetry: + description: MaxRetry + type: integer + name: + description: Name is pass to helm install , name arg + type: string + override: + description: Override defines the override settings for the component + properties: + images: + description: Images for replace old image see https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/images + items: + description: Image contains an image name, a new name, a new + tag or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original + image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original + name. + type: string + newTag: + description: NewTag is the value used to replace the original + tag. + type: string + type: object + type: array + set: + description: 'Set is passed to helm install --set can specify + multiple or separate values with commas: key1=val1,key2=val2 + Helm also provides other set options, such as --set-json or + --set-literal, which can be replaced by values or valuesFrom + fields.' + items: + type: string + type: array + set-string: + description: 'SetString is passed to helm install --set-string + set STRING values on the command line (can specify multiple + or separate values with commas: key1=val1,key2=val2) https://github.com/helm/helm/pull/3599 + Helm also provides other set options, such as --set-json or + --set-literal, which can be replaced by values or valuesFrom + fields.' + items: + type: string + type: array + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: Values is passed to helm install --values or -f specify + values in a YAML file or a URL (can specify multiple) ValuesFrom + holds references to resources containing Helm values for this + HelmRelease, and information about how they should be merged. + items: + description: ValuesReference contains a reference to a resource + containing Helm values, and optionally the key they can be + found at. + properties: + kind: + description: Kind of the values referent, valid values are + ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values' referent. Should reside + in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + targetPath: + description: TargetPath is the YAML dot notation path the + value should be merged at. When set, the ValuesKey is + expected to be a single flat value. Defaults to 'None', + which results in the values getting merged at the root. + maxLength: 250 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ + type: string + valuesKey: + description: ValuesKey is the data key where the values.yaml + or a specific value can be found at. Defaults to 'values.yaml'. + When set, must be a valid Data Key, consisting of alphanumeric + characters, '-', '_' or '.'. + maxLength: 253 + pattern: ^[\-._a-zA-Z0-9]+$ + type: string + required: + - kind + - name + type: object + type: array + type: object + recreatePods: + description: RecreatePods is pass to helm rollback --recreate-pods + performs pods restart for the resource if applicable. default is + false + type: boolean + repository: + description: RepositoryRef is a reference to the Repository + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + schedule: + description: The installation schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. + ComponentPlanInstallMethod must be auto. + type: string + skipCRDs: + description: SkipCRDs is pass to helm install/upgrade --skip-crds + if set, no CRDs will be installed. By default, CRDs are installed + if not already present + type: boolean + timeoutSeconds: + description: TimeoutSeconds is pass to helm install/upgrade/rollback + --timeout, default is 300s time to wait for any individual Kubernetes + operation (like Jobs for hooks) + type: integer + wait: + description: Wait is pass to helm install/upgrade/rollback --wait + if set, will wait until all Pods, PVCs, Services, and minimum number + of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready + state before marking the release as successful. It will wait for + as long as --timeout + type: boolean + waitForJobs: + description: WaitForJobs is pass to helm install/upgrade/rollback + --wait-for-jobs if set and --wait enabled, will wait until all Jobs + have been completed before marking the release as successful. It + will wait for as long as --timeout + type: boolean + required: + - component + - name + type: object + status: + description: SubscriptionStatus defines the state of Subscription + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastSuccessfulTime: + description: LastSuccessfulTime is repository Last Successful + Update Time + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + installed: + description: Installed records all componentplans installed, ordered + by installation time. + items: + properties: + componentPlan: + description: ComponentPlanRef is a reference to the latest ComponentPlan + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + installedTime: + description: InstalledTime is the time that the version was + installed in cluster + format: date-time + type: string + installedVersion: + description: InstalledVersion is the version currently installed + in cluster + properties: + annotations: + additionalProperties: + type: string + type: object + appVersion: + type: string + createdAt: + format: date-time + type: string + deprecated: + type: boolean + digest: + type: string + updatedAt: + format: date-time + type: string + version: + type: string + required: + - appVersion + - createdAt + - deprecated + - digest + - updatedAt + - version + type: object + type: object + type: array + repositoryHealth: + description: RepositoryHealth contains the Subscription's view of + its relevant Repository' status. It is used to determine SubscriptionStatusConditions + related to Repository + properties: + healthy: + description: Healthy is true if the Repository is healthy; false + otherwise. + type: boolean + lastUpdated: + description: LastUpdated represents the last time that the RepositoryHealth + changed + format: date-time + type: string + repository: + description: RepositoryRef is a reference to a Repository. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - healthy + - lastUpdated + - repository + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/cluster-component/charts/kubebb-core/templates/_help.tpl b/charts/cluster-component/charts/kubebb-core/templates/_help.tpl new file mode 100644 index 0000000..aef3630 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/_help.tpl @@ -0,0 +1,3 @@ +{{- define "rating-name" -}} +{{- printf "%s.%s-rating" .Release.Namespace .Release.Name -}} +{{- end -}} diff --git a/charts/cluster-component/charts/kubebb-core/templates/cert-manager-ca-issuer.yaml b/charts/cluster-component/charts/kubebb-core/templates/cert-manager-ca-issuer.yaml new file mode 100644 index 0000000..a75772d --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/cert-manager-ca-issuer.yaml @@ -0,0 +1,9 @@ +{{- if .Values.webhook.enable }} +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/cert-manager-ca.yaml b/charts/cluster-component/charts/kubebb-core/templates/cert-manager-ca.yaml new file mode 100644 index 0000000..f28f064 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/cert-manager-ca.yaml @@ -0,0 +1,15 @@ +{{- if .Values.webhook.enable }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - {{ .Release.Name }}-webhook-svc.{{ .Release.Namespace }}.svc + - {{ .Release.Name }}-webhook-svc.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: {{ .Release.Name }} + secretName: {{ .Release.Name }}-cert +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/deployment.yaml b/charts/cluster-component/charts/kubebb-core/templates/deployment.yaml new file mode 100644 index 0000000..94261fe --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/deployment.yaml @@ -0,0 +1,113 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kubebb-core + namespace: {{ .Release.Namespace }} + labels: + control-plane: {{ .Release.Name }}-kubebb-core +spec: + selector: + matchLabels: + control-plane: {{ .Release.Name }}-kubebb-core + replicas: 1 + template: + metadata: + labels: + control-plane: {{ .Release.Name }}-kubebb-core + spec: + securityContext: + runAsNonRoot: true + # TODO(user): For common cases that do not require escalating privileges + # it is recommended to ensure that all your Pods/Containers are restrictive. + # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + # Please uncomment the following code if your project does NOT have to work on old Kubernetes + # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). + # seccompProfile: + # type: RuntimeDefault + volumes: + - name: host-time + hostPath: + path: /etc/localtime +{{- if .Values.storage.enable }} + - name: helm + persistentVolumeClaim: + claimName: {{ .Release.Name }} +{{- end }} +{{- if .Values.webhook.enable }} + - name: cert + secret: + defaultMode: 420 + secretName: {{ .Release.Name }}-cert +{{- end }} + containers: + - command: + - /manager + image: {{ .Values.deployment.image }} + imagePullPolicy: {{ .Values.deployment.imagePullPolicy }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- if .Values.storage.enable }} + - name: HELM_CACHE_HOME + value: /opt/helm/cache/helm + - name: HELM_CONFIG_HOME + value: /opt/helm/config/helm + - name: HELM_DATA_HOME + value: /opt/helm/data/helm +{{- end }} +{{- if .Values.webhook.enable }} + - name: ENABLE_WEBHOOKS + value: "true" +{{- end }} +{{- if .Values.deployment.rating_enable }} + - name: RATING_ENABLE + value: "{{ .Values.deployment.rating_enable }}" + - name: RATING_SERVICEACCOUNT + value: {{ template "rating-name" . }} + - name: RATING_CLUSTERROLE + value: {{ template "rating-name" . }} + - name: RATING_CLUSTERROLEBINDING + value: {{ template "rating-name" . }} +{{- end }} + name: manager + volumeMounts: + - name: host-time + mountPath: /etc/localtime + readOnly: true +{{- if .Values.storage.enable }} + - mountPath: /opt/helm + name: helm +{{- end }} +{{- if .Values.webhook.enable }} + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true +{{- end }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {{ toYaml .Values.deployment.resources | nindent 10 }} + serviceAccountName: {{ .Release.Name }} + terminationGracePeriodSeconds: 10 diff --git a/charts/cluster-component/charts/kubebb-core/templates/pipeline-reliability.yaml b/charts/cluster-component/charts/kubebb-core/templates/pipeline-reliability.yaml new file mode 100644 index 0000000..8f3677b --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/pipeline-reliability.yaml @@ -0,0 +1,74 @@ +{{- if and (.Values.deployment.rating_enable) (.Capabilities.APIVersions.Has "tekton.dev/v1beta1" ) }} +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: {{ .Release.Name }}-reliability-helm-lint + namespace: {{ .Release.Namespace }} +spec: + params: + - name: url + type: string + - name: component + type: string + - name: version + type: string + results: + - name: LINT + type: string + steps: + - name: helm-lint + image: alpine/k8s:1.27.4 + script: | + #!/usr/bin/env sh + # Download and untar chart package + helm pull --untar $(params.url) + + helm lint ./$(params.component) + echo $? | tee $(results.LINT.path) +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: {{ .Release.Name }}-reliability + annotations: + tekton.dev/tags: {{ .Release.Name }}-reliability + tekton.dev/displayName: "{{ .Release.Name }}" + tekton.dev/platforms: "linux/amd64" + namespace: {{ .Release.Namespace }} +spec: + description: >- + kubebb-core default pipeline + params: + - name: COMPONENT_NAME + description: >- + component name + - name: REPOSITORY_NAME + description: repository name + default: "kubebb" + - name: VERSION + description: component version + - name: URL + description: the full URL of the component tgz file. + results: + - name: HELM_LINT + value: $(tasks.{{ .Release.Name }}-helm-lint.results.LINT) + tasks: + - name: {{ .Release.Name }}-helm-lint + retries: 2 + taskRef: + resolver: cluster + params: + - name: kind + value: task + - name: name + value: {{ .Release.Name }}-reliability-helm-lint + - name: namespace + value: {{ .Release.Namespace }} + params: + - name: url + value: $(params.URL) + - name: component + value: $(params.COMPONENT_NAME) + - name: version + value: $(params.VERSION) +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/pipeline-security.yaml b/charts/cluster-component/charts/kubebb-core/templates/pipeline-security.yaml new file mode 100644 index 0000000..f739706 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/pipeline-security.yaml @@ -0,0 +1,93 @@ +{{- if and (.Values.deployment.rating_enable) (.Capabilities.APIVersions.Has "tekton.dev/v1beta1" ) }} +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: {{ .Release.Name }}-security-rback + namespace: {{ .Release.Namespace }} +spec: + params: + - name: url + type: string + - name: component + type: string + - name: version + type: string + - name: repository + results: + - name: RBACCM + type: string + steps: + - name: rback + image: alpine/k8s:1.27.4 + script: | + #!/usr/bin/env sh + # Download and untar chart package + helm pull --untar $(params.url) + + cat < r.dot + {"kind": "List","apiVersion": "v1","metadata": {},"items": []} + EOF + + # Path to ServiceAccount token + SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount + # Read this Pod's namespace + NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace) + NAME=$(params.repository)"."$(params.component)"."$(params.version) + helm template $(params.component) |yq 'select(.kind=="ServiceAccount" or .kind=="ClusterRoleBinding" or .kind=="ClusterRole" or .kind=="Role" or .kind=="RoleBinding")' > rbac.yaml + cat <- + kubebb-core default pipeline + params: + - name: COMPONENT_NAME + description: >- + component name + - name: REPOSITORY_NAME + description: repository name + default: "kubebb" + - name: VERSION + description: component version + - name: URL + description: the full URL of the component tgz file. + results: + - name: RBACCM + value: $(tasks.{{ .Release.Name }}-rback.results.RBACCM) + tasks: + - name: {{ .Release.Name }}-rback + retries: 2 + taskRef: + resolver: cluster + params: + - name: kind + value: task + - name: name + value: {{ .Release.Name }}-security-rback + - name: namespace + value: {{ .Release.Namespace }} + params: + - name: url + value: $(params.URL) + - name: component + value: $(params.COMPONENT_NAME) + - name: version + value: $(params.VERSION) + - name: repository + value: $(params.REPOSITORY_NAME) +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/post-repo-kubebb.yaml b/charts/cluster-component/charts/kubebb-core/templates/post-repo-kubebb.yaml new file mode 100644 index 0000000..3522c17 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/post-repo-kubebb.yaml @@ -0,0 +1,15 @@ +{{- if .Values.defaultRepository.enable }} +apiVersion: core.kubebb.k8s.com.cn/v1alpha1 +kind: Repository +metadata: + name: kubebb + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "6" +spec: + url: https://kubebb.github.io/components + pullStategy: + intervalSeconds: 120 + retry: 5 +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/pvc.yaml b/charts/cluster-component/charts/kubebb-core/templates/pvc.yaml new file mode 100644 index 0000000..4ad3a40 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/pvc.yaml @@ -0,0 +1,13 @@ +{{- if .Values.storage.enable }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + storageClassName: {{ .Values.storage.storageClassName }} + accessModes: {{ toYaml .Values.storage.accessModes | nindent 4 }} + resources: + requests: + storage: {{ .Values.storage.storageSize }} +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/rating_clusterrole.yaml b/charts/cluster-component/charts/kubebb-core/templates/rating_clusterrole.yaml new file mode 100644 index 0000000..8766d38 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/rating_clusterrole.yaml @@ -0,0 +1,10 @@ +{{- if and (.Values.deployment.rating_enable) (.Capabilities.APIVersions.Has "tekton.dev/v1beta1" ) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "rating-name" . }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["*"] +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/rating_clusterrolebinding.yaml b/charts/cluster-component/charts/kubebb-core/templates/rating_clusterrolebinding.yaml new file mode 100644 index 0000000..c586eed --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/rating_clusterrolebinding.yaml @@ -0,0 +1,14 @@ +{{- if and (.Values.deployment.rating_enable) (.Capabilities.APIVersions.Has "tekton.dev/v1beta1" ) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "rating-name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "rating-name" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "rating-name" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/rating_serviceaccount.yaml b/charts/cluster-component/charts/kubebb-core/templates/rating_serviceaccount.yaml new file mode 100644 index 0000000..437e1b3 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/rating_serviceaccount.yaml @@ -0,0 +1,7 @@ +{{- if and (.Values.deployment.rating_enable) (.Capabilities.APIVersions.Has "tekton.dev/v1beta1" ) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "rating-name" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/rbac.yaml b/charts/cluster-component/charts/kubebb-core/templates/rbac.yaml new file mode 100644 index 0000000..4192735 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/rbac.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/webhook_manifests.yaml b/charts/cluster-component/charts/kubebb-core/templates/webhook_manifests.yaml new file mode 100644 index 0000000..a6381f2 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/webhook_manifests.yaml @@ -0,0 +1,183 @@ +{{- if .Values.webhook.enable }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + name: {{ .Release.Name }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Release.Name }}-webhook-svc + namespace: {{ .Release.Namespace }} + path: /mutate-core-kubebb-k8s-com-cn-v1alpha1-component + failurePolicy: Fail + name: component.kb.io + rules: + - apiGroups: + - core.kubebb.k8s.com.cn + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - components + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Release.Name }}-webhook-svc + namespace: {{ .Release.Namespace }} + path: /mutate-core-kubebb-k8s-com-cn-v1alpha1-componentplan + failurePolicy: Fail + name: mcomponentplan.kb.io + rules: + - apiGroups: + - core.kubebb.k8s.com.cn + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - componentplans + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Release.Name }}-webhook-svc + namespace: {{ .Release.Namespace }} + path: /mutate-core-kubebb-k8s-com-cn-v1alpha1-portal + failurePolicy: Fail + name: mportal.kb.io + rules: + - apiGroups: + - core.kubebb.k8s.com.cn + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - portals + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Release.Name }}-webhook-svc + namespace: {{ .Release.Namespace }} + path: /mutate-core-kubebb-k8s-com-cn-v1alpha1-subscription + failurePolicy: Fail + name: msubscription.kb.io + rules: + - apiGroups: + - core.kubebb.k8s.com.cn + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - subscriptions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Release.Name }}-webhook-svc + namespace: {{ .Release.Namespace }} + path: /mutate-core-kubebb-k8s-com-cn-v1alpha1-repository + failurePolicy: Fail + name: mrepository.kb.io + rules: + - apiGroups: + - core.kubebb.k8s.com.cn + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - repositories + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: {{ .Release.Name }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Release.Name }}-webhook-svc + namespace: {{ .Release.Namespace }} + path: /validate-core-kubebb-k8s-com-cn-v1alpha1-componentplan + failurePolicy: Fail + name: vcomponentplan.kb.io + rules: + - apiGroups: + - core.kubebb.k8s.com.cn + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - componentplans + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Release.Name }}-webhook-svc + namespace: {{ .Release.Namespace }} + path: /validate-core-kubebb-k8s-com-cn-v1alpha1-portal + failurePolicy: Fail + name: vportal.kb.io + rules: + - apiGroups: + - core.kubebb.k8s.com.cn + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - portals + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Release.Name }}-webhook-svc + namespace: {{ .Release.Namespace }} + path: /validate-core-kubebb-k8s-com-cn-v1alpha1-subscription + failurePolicy: Fail + name: vsubscription.kb.io + rules: + - apiGroups: + - core.kubebb.k8s.com.cn + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - subscriptions + sideEffects: None +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/templates/webhook_service.yaml b/charts/cluster-component/charts/kubebb-core/templates/webhook_service.yaml new file mode 100644 index 0000000..1043f1e --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/templates/webhook_service.yaml @@ -0,0 +1,14 @@ +{{- if .Values.webhook.enable }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-webhook-svc + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: {{ .Release.Name }}-kubebb-core +{{- end }} diff --git a/charts/cluster-component/charts/kubebb-core/values.yaml b/charts/cluster-component/charts/kubebb-core/values.yaml new file mode 100644 index 0000000..0deeda4 --- /dev/null +++ b/charts/cluster-component/charts/kubebb-core/values.yaml @@ -0,0 +1,23 @@ +deployment: + rating_enable: false + image: kubebb/core:v0.1.5 + imagePullPolcy: IfNotPresent + resources: + limits: + cpu: "1" + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +webhook: + enable: false + +storage: + enable: false + storageClassName: "" + accessModes: + - ReadWriteOnce + storageSize: 5Gi + +defaultRepository: + enable: false diff --git a/charts/cluster-component/values.yaml b/charts/cluster-component/values.yaml index 167c77e..6a6d2e4 100644 --- a/charts/cluster-component/values.yaml +++ b/charts/cluster-component/values.yaml @@ -97,3 +97,9 @@ metallb: image: repository: hub.tenxcloud.com/u4a-component/frr tag: v8.3.0 + +kubebb-core: + deployment: + image: kubebb/core:v0.1.6 + defaultRepository: + enable: false