Update ks-core helm chart

src/test/ks-core/Chart.yaml

@@ -7,7 +7,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.6.6
+version: 0.6.7
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

src/test/ks-core/crds/application.kubesphere.io_applications.yaml

@@ -63,6 +63,19 @@ spec:
                 type: array
               icon:
                 type: string
+              resources:
+                items:
+                  properties:
+                    Group:
+                      type: string
+                    Kind:
+                      type: string
+                    Resource:
+                      type: string
+                    Version:
+                      type: string
+                  type: object
+                type: array
             type: object
           status:
             description: ApplicationStatus defines the observed state of Application

src/test/ks-core/crds/application.kubesphere.io_repos.yaml

@@ -55,7 +55,6 @@ spec:
             description: RepoSpec defines the desired state of Repo
             properties:
               credential:
-                description: ' repo credential'
                 properties:
                   caFile:
                     description: verify certificates of HTTPS-enabled servers using
@@ -80,14 +79,12 @@ spec:
                     type: string
                 type: object
               description:
-                description: chart repo description from frontend
                 type: string
+              global:
+                type: boolean
               syncPeriod:
-                description: sync period in seconds, no sync when SyncPeriod=0, the
-                  minimum SyncPeriod is 180s
                 type: integer
               url:
-                description: ' repo url'
                 type: string
             required:
             - url

src/test/ks-core/crds/cluster.kubesphere.io_clusters.yaml

@@ -45,6 +45,11 @@ spec:
             type: object
           spec:
             properties:
+              config:
+                description: Config represents the custom helm chart values used when
+                  installing the cluster
+                format: byte
+                type: string
               connection:
                 description: Connection holds info to connect to the member cluster
                 properties:

src/test/ks-core/templates/customresourcefilters.yaml

@@ -0,0 +1,45 @@
+apiVersion: v1
+stringData:
+  configuration.yaml: |
+    resource:
+      group: "kubesphere.io"
+      version: "v1alpha1"
+      kind: "Extension"
+    regoPolicy: |
+      package filter
+
+      import rego.v1
+
+      default match := false
+
+      match if {
+        not listAvailableExtension
+      }
+
+      match if {
+        listAvailableExtension
+        isSubscribed
+      }
+
+      match if {
+        listAvailableExtension
+        isInstalled
+      }
+
+      match if {
+        listAvailableExtension
+        not hasExtensionID
+      }
+
+      listAvailableExtension if ["available"][_] == input.filter.field
+
+      isSubscribed if input.object.metadata.labels["marketplace.kubesphere.io/subscribed"] == "true"
+
+      isInstalled if input.object.status.state != ""
+
+      hasExtensionID if input.object.metadata.labels["marketplace.kubesphere.io/extension-id"] != ""
+kind: Secret
+metadata:
+  name: extensions.customresourcefilters.kubesphere
+  namespace: kubesphere-system
+type: config.kubesphere.io/custom-resource-filter

src/test/ks-core/templates/globalroles.yaml

@@ -155,6 +155,19 @@ metadata:
   annotations:
     kubesphere.io/creator: admin
     kubesphere.io/description: '{"zh": "管理 KubeSphere 平台上的所有资源。", "en": "Manage all resources on the KubeSphere platform."}'
+    iam.kubesphere.io/rego-override: >-
+      package authz
+      default allow = false
+      allow = true {
+        allowedScopes := ["Workspace","Namespace","Cluster"]
+        allowedScopes[_] == input.ResourceScope
+        allowedVerbs := ["get","list","watch"]
+        allowedVerbs[_] == input.Verb
+      }
+      allow = true {
+        allowedScopes := ["Workspace","Namespace","Cluster"]
+        allowedScopes[_] == input.ResourceScope
+      }
   labels:
     iam.kubesphere.io/auto-aggregate: "true"
   name: platform-admin

src/test/ks-core/templates/marketplace-config.yaml

@@ -1,8 +1,9 @@
-{{ if eq .Values.role "host" }}
+{{- if eq .Values.role "host" }}
+{{- if .Values.cloud.enabled }}
 apiVersion: v1
 stringData:
   configuration.yaml: |
-{{- if .Values.devMode }}
+{{- if eq .Values.cloud.env "clouddev.kubesphere.io" }}
     url: https://clouddev.kubesphere.io
     oauth:
       clientID: "client-a5cdf64c-7f84-415e-a6b1-8dfbfad493c3"
@@ -13,7 +14,7 @@ stringData:
       url: https://app.clouddev.kubesphere.io
       repoName: marketplace
       syncPeriod: 60m
-{{- else }}
+{{- else if eq .Values.cloud.env "kubesphere.cloud" }}
     url: https://kubesphere.cloud
     oauth:
       clientID: "client-a5cdf64c-7f84-415e-a6b1-8dfbfad493c3"
@@ -24,6 +25,8 @@ stringData:
       url: https://app.kubesphere.cloud
       repoName: marketplace
       syncPeriod: 60m
+{{- else if .Values.cloud.customEnv }}
+    {{- toYaml .Values.cloud.customEnv | nindent 4 }}
 {{- end }}
 kind: Secret
 metadata:
@@ -32,4 +35,5 @@ metadata:
   labels:
     config.kubesphere.io/type: marketplace
 type: config.kubesphere.io/marketplace
-{{ end }}
+{{- end }}
+{{- end }}

src/test/ks-core/templates/roletemplates.yaml

@@ -195,6 +195,15 @@ kind: RoleTemplate
 metadata:
   annotations:
     iam.kubesphere.io/role-template-rules: '{"clusters": "view"}'
+    iam.kubesphere.io/rego-override: |-
+      package authz
+      default allow = false
+      allow = true {
+        allowedScopes := ["Workspace","Namespace","Cluster"]
+        allowedScopes[_] == input.ResourceScope
+        allowedVerbs := ["get","list","watch"]
+        allowedVerbs[_] == input.Verb
+      }
   labels:
     iam.kubesphere.io/category: global-cluster-management
     iam.kubesphere.io/scope: "global"
@@ -266,6 +275,13 @@ metadata:
     iam.kubesphere.io/dependencies: '["global-view-clusters"]'
     iam.kubesphere.io/role-template-rules: '{"clusters": "manage"}'
     kubesphere.io/description: '{"zh":"创建集群、删除集群和管理集群中的所有资源。"}'
+    iam.kubesphere.io/rego-override: |-
+      package authz
+      default allow = false
+      allow = true {
+        allowedScopes := ["Workspace","Namespace","Cluster"]
+        allowedScopes[_] == input.ResourceScope
+      }
   labels:
     iam.kubesphere.io/category: global-cluster-management
     iam.kubesphere.io/scope: "global"

src/test/ks-core/templates/user.yaml

@@ -5,6 +5,7 @@ metadata:
   annotations:
     iam.kubesphere.io/uninitialized: "true"
     iam.kubesphere.io/globalrole: "platform-admin"
+    kubesphere.io/creator: "system"
 spec:
   email: [email protected]
   password: {{ include "getOrDefaultPass" . | quote }}

src/test/ks-core/values.yaml

@@ -287,6 +287,18 @@ nodeShell:
     tag: "3.18.4"
     pullPolicy: IfNotPresent
 
+cloud:
+  enabled: true
+  ## kubesphere.cloud or clouddev.kubesphere.io
+  env: "kubesphere.cloud"
+  customEnv:
+#    url: https://kubesphere.cloud
+#    subscription:
+#      syncPeriod: 60m
+#    repository:
+#      url: https://app.kubesphere.cloud
+#      repoName: marketplace
+#      syncPeriod: 60m
 
 extension:
   imageRegistry: ""
@@ -363,7 +375,7 @@ upgrade:
                   - amd64
         overrides:
           k: v
-    dynamicOptions: { }
+    dynamicOptions: {}
   devops:
     disabled: false
     priority: 100