github/kubevela
1
0
Fork 0
mirror of https://github.com/kubevela/kubevela.git synced 2026-02-14 18:10:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feat: support config management (#3430)

Browse Source 
* Feat: componentDefinitions for Config management

Added ComponentDefinitions for config management
- helm chart repository
- image registry
- Dex connector
- Terraform provider

Co-authored-by: Tianxin Dong <wuwuglu19@gmail.com>
Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com>

* Update vela-templates/definitions/internal/component/config-image-registry.cue

Co-authored-by: Jianbo Sun <wonderflow@icloud.com>

* address comments again

Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com>

Co-authored-by: Tianxin Dong <wuwuglu19@gmail.com>
Co-authored-by: Jianbo Sun <wonderflow@icloud.com>
This commit is contained in:
Zheng Xi Zhou
2022-03-29 10:28:07 +08:00
committed by GitHub
parent d3fbd5fd45
commit 6d63014c6f
13 changed files with 593 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
charts/vela-core/templates/defwithtemplate/config-dex-connector.yaml Normal file
View File

@@ -0,0 +1,70 @@
# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
# Definition source cue file: vela-templates/definitions/internal/config-dex-connector.cue
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
annotations:
custom.definition.oam.dev/alias.config.oam.dev: Dex Connector
definition.oam.dev/description: Config information to authenticate Dex connectors
labels:
custom.definition.oam.dev/catalog.config.oam.dev: velacore-config
custom.definition.oam.dev/multi-cluster.config.oam.dev: "false"
custom.definition.oam.dev/type.config.oam.dev: dex-connector
name: config-dex-connector
namespace: {{ include "systemDefinitionNamespace" . }}
spec:
schematic:
cue:
template: |
output: {
apiVersion: "v1"
kind: "Secret"
metadata: {
name: parameter.name
namespace: context.namespace
labels: {
"config.oam.dev/catalog": "velacore-config"
"config.oam.dev/type": "dex-connector"
"config.oam.dev/multi-cluster": "false"
"config.oam.dev/identifier": parameter.name
"config.oam.dev/sub-type": parameter.type
}
}
type: "Opaque"
if parameter.type == "github" {
stringData: parameter.github
}
if parameter.type == "ldap" {
stringData: parameter.ldap
}
}
parameter: {
// +usage=Config type
type: "github" | "ldap"
github?: {
// +usage=GitHub client ID
clientID: string
// +usage=GitHub client secret
clientSecret: string
// +usage=GitHub call back URL
callbackURL: string
}
ldap?: {
host: string
insecureNoSSL: *true | bool
insecureSkipVerify: bool
startTLS: bool
usernamePrompt: string
userSearch: {
baseDN: string
username: string
idAttr: string
emailAttr: string
nameAttr: string
}
}
}
workload:
type: autodetects.core.oam.dev

69
charts/vela-core/templates/defwithtemplate/config-image-registry.yaml Normal file
View File

@@ -0,0 +1,69 @@
# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
# Definition source cue file: vela-templates/definitions/internal/config-image-registry.cue
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
annotations:
custom.definition.oam.dev/alias.config.oam.dev: Image Registry
definition.oam.dev/description: Config information to authenticate image registry
labels:
custom.definition.oam.dev/catalog.config.oam.dev: velacore-config
custom.definition.oam.dev/multi-cluster.config.oam.dev: "true"
custom.definition.oam.dev/type.config.oam.dev: image-registry
name: config-image-registry
namespace: {{ include "systemDefinitionNamespace" . }}
spec:
schematic:
cue:
template: |
import (
"encoding/base64"
"encoding/json"
)
output: {
apiVersion: "v1"
kind: "Secret"
metadata: {
name: context.name
namespace: context.namespace
labels: {
"config.oam.dev/catalog": "velacore-config"
"config.oam.dev/type": "image-registry"
"config.oam.dev/multi-cluster": "true"
"config.oam.dev/identifier": parameter.registry
"config.oam.dev/sub-type": "auth"
}
}
type: "kubernetes.io/dockerconfigjson"
stringData: {
if parameter.auth != _|_ {
".dockerconfigjson": json.Marshal({
auths: "\(parameter.registry)": {
username: parameter.auth.username
password: parameter.auth.password
if parameter.auth.email != _|_ {
email: parameter.auth.email
}
auth: base64.Encode(null, (parameter.auth.username + ":" + parameter.auth.password))
}
})
}
}
}
parameter: {
// +usage=Image registry FQDN
registry: string
// +usage=Authenticate the image registry
auth?: {
// +usage=Private Image registry username
username: string
// +usage=Private Image registry password
password: string
// +usage=Private Image registry email
email?: string
}
}
workload:
type: autodetects.core.oam.dev

70
charts/vela-minimal/templates/defwithtemplate/config-dex-connector.yaml Normal file
View File

@@ -0,0 +1,70 @@
# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
# Definition source cue file: vela-templates/definitions/internal/config-dex-connector.cue
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
annotations:
custom.definition.oam.dev/alias.config.oam.dev: Dex Connector
definition.oam.dev/description: Config information to authenticate Dex connectors
labels:
custom.definition.oam.dev/catalog.config.oam.dev: velacore-config
custom.definition.oam.dev/multi-cluster.config.oam.dev: "false"
custom.definition.oam.dev/type.config.oam.dev: dex-connector
name: config-dex-connector
namespace: {{ include "systemDefinitionNamespace" . }}
spec:
schematic:
cue:
template: |
output: {
apiVersion: "v1"
kind: "Secret"
metadata: {
name: parameter.name
namespace: context.namespace
labels: {
"config.oam.dev/catalog": "velacore-config"
"config.oam.dev/type": "dex-connector"
"config.oam.dev/multi-cluster": "false"
"config.oam.dev/identifier": parameter.name
"config.oam.dev/sub-type": parameter.type
}
}
type: "Opaque"
if parameter.type == "github" {
stringData: parameter.github
}
if parameter.type == "ldap" {
stringData: parameter.ldap
}
}
parameter: {
// +usage=Config type
type: "github" | "ldap"
github?: {
// +usage=GitHub client ID
clientID: string
// +usage=GitHub client secret
clientSecret: string
// +usage=GitHub call back URL
callbackURL: string
}
ldap?: {
host: string
insecureNoSSL: *true | bool
insecureSkipVerify: bool
startTLS: bool
usernamePrompt: string
userSearch: {
baseDN: string
username: string
idAttr: string
emailAttr: string
nameAttr: string
}
}
}
workload:
type: autodetects.core.oam.dev

69
charts/vela-minimal/templates/defwithtemplate/config-image-registry.yaml Normal file
View File

@@ -0,0 +1,69 @@
# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
# Definition source cue file: vela-templates/definitions/internal/config-image-registry.cue
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
annotations:
custom.definition.oam.dev/alias.config.oam.dev: Image Registry
definition.oam.dev/description: Config information to authenticate image registry
labels:
custom.definition.oam.dev/catalog.config.oam.dev: velacore-config
custom.definition.oam.dev/multi-cluster.config.oam.dev: "true"
custom.definition.oam.dev/type.config.oam.dev: image-registry
name: config-image-registry
namespace: {{ include "systemDefinitionNamespace" . }}
spec:
schematic:
cue:
template: |
import (
"encoding/base64"
"encoding/json"
)
output: {
apiVersion: "v1"
kind: "Secret"
metadata: {
name: context.name
namespace: context.namespace
labels: {
"config.oam.dev/catalog": "velacore-config"
"config.oam.dev/type": "image-registry"
"config.oam.dev/multi-cluster": "true"
"config.oam.dev/identifier": parameter.registry
"config.oam.dev/sub-type": "auth"
}
}
type: "kubernetes.io/dockerconfigjson"
stringData: {
if parameter.auth != _|_ {
".dockerconfigjson": json.Marshal({
auths: "\(parameter.registry)": {
username: parameter.auth.username
password: parameter.auth.password
if parameter.auth.email != _|_ {
email: parameter.auth.email
}
auth: base64.Encode(null, (parameter.auth.username + ":" + parameter.auth.password))
}
})
}
}
}
parameter: {
// +usage=Image registry FQDN
registry: string
// +usage=Authenticate the image registry
auth?: {
// +usage=Private Image registry username
username: string
// +usage=Private Image registry password
password: string
// +usage=Private Image registry email
email?: string
}
}
workload:
type: autodetects.core.oam.dev

15
docs/examples/config/app-config-dex-connector-github.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: config-dex-connector-dev
namespace: vela-system
spec:
components:
- name: dev
type: config-dex-connector
properties:
type: github
github:
clientID: "aa"
clientSecret: "bb"
callbackURL: "http://localhost:8080/callback"

102
docs/examples/config/image-registry/README.md Normal file
View File

@@ -0,0 +1,102 @@
# How to store and use configurations
## General
- list all configuration types
```shell
$ vela components --label custom.definition.oam.dev/catalog.config.oam.dev=velacore-config
NAME DEFINITION
config-dex-connector autodetects.core.oam.dev
config-helm-repository autodetects.core.oam.dev
config-image-registry autodetects.core.oam.dev
terraform-azure autodetects.core.oam.dev
terraform-baidu autodetects.core.oam.dev
```
```json
# Get http://127.0.0.1:8000/api/v1/configs
[
{
"definitions": [
"config-dex-connector"
],
"name": "Dex Connectors",
"type": "dex-connector"
},
{
"definitions": [
"config-helm-repository"
],
"name": "Helm Repository",
"type": "helm-repository"
},
{
"definitions": [
"config-image-registry"
],
"name": "Image Registry",
"type": "image-registry"
},
null,
{
"definitions": [
"terraform-baidu"
],
"name": "Terraform Cloud Provider",
"type": "terraform-provider"
}
]
```
- list all configurations
```shell
$ kubectl get secret -n vela-system -l=config.oam.dev/catalog=velacore-config
NAME TYPE DATA AGE
image-registry-dev kubernetes.io/dockerconfigjson 1 3h51m
```
## Image registry
- Create a config for an image registry
```shell
$ vela up -f app-config-image-registry-account-auth.yaml
Applying an application in vela K8s object format...
I0323 10:45:25.347102 85930 apply.go:107] "creating object" name="config-image-registry-account-auth-dev" resource="core.oam.dev/v1beta1, Kind=Application"
✅ App has been deployed 🚀🚀🚀
Port forward: vela port-forward config-image-registry-account-auth-dev
SSH: vela exec config-image-registry-account-auth-dev
Logging: vela logs config-image-registry-account-auth-dev
App status: vela status config-image-registry-account-auth-dev
Endpoint: vela status config-image-registry-account-auth-dev
--endpoint%
$ kubectl get secret -n vela-system -l=config.oam.dev/catalog=velacore-config
NAME TYPE DATA AGE
image-registry-dev kubernetes.io/dockerconfigjson 1 77s
```
- Deliver the config secret to working cluster
```shell
$ vela cluster list
CLUSTER TYPE ENDPOINT ACCEPTED LABELS
local Internal - true
bj X509Certificate https://123.57.73.107:6443 true
$ vela up -f app-deliever-secret.yaml
```
- Deploy an application who needs to pull images from the private image registry
```shell
$ export KUBECONFIG=~/.kube/config-bj
$ kubectl get secret -n vela-system -l=config.oam.dev/catalog=velacore-config
NAME TYPE DATA AGE
image-registry-dev kubernetes.io/dockerconfigjson 1 120s
$ vela up -f app-validate-imagePullSecret.yaml
```

15
docs/examples/config/image-registry/app-config-image-registry-account-auth.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: config-image-registry-account-auth-dev
namespace: vela-system
spec:
components:
- name: account-auth
type: config-image-registry
properties:
registry: "registry.cn-beijing.aliyuncs.com"
auth:
username: "xxx"
password: "PfwrjwifjFaked"
email: "a@gmail.com"

23
docs/examples/config/image-registry/app-deliever-secret.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: config-project1
namespace: vela-system
labels:
config.oam.dev/catalog: "velacore-config"
config.oam.dev/type: "helm-repository"
spec:
components:
- name: deliver-secret
type: ref-objects
properties:
objects:
- apiVersion: v1
kind: Secret
name: image-registry-dev
policies:
- type: topology
name: dev
properties:
clusters: ["bj"]
# namespaces: ["ns1"]

14
docs/examples/config/image-registry/app-sample.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: app-sample
namespace: ns1
spec:
components:
- name: sample
type: webservice
properties:
image: registry.cn-beijing.aliyuncs.com/vela/nginx:latest
imagePullPolicy: Always
imagePullSecrets:
- image-registry-dev

14
docs/examples/config/image-registry/app-validate-imagePullSecret.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: app-validate-image-pull-secret
namespace: vela-system
spec:
components:
- name: validate
type: webservice
properties:
image: registry.cn-beijing.aliyuncs.com/vela/nginx:latest
imagePullPolicy: Always
imagePullSecrets:
- image-registry-dev

2
pkg/apiserver/rest/webservice/webservice.go
View File

@@ -59,7 +59,7 @@ func returns500(b *restful.RouteBuilder) {
b.Returns(http.StatusInternalServerError, "Bummer, something went wrong", nil)
}
// Init init all webservice, pass in the required parameter object.
// Init inits all webservice, pass in the required parameter object.
// It can be implemented using the idea of dependency injection.
func Init(ctx context.Context, ds datastore.DataStore, addonCacheTime time.Duration, initDatabase bool) map[string]interface{} {
clusterUsecase := usecase.NewClusterUsecase(ds)

66
vela-templates/definitions/internal/component/config-dex-connector.cue Normal file
View File

@@ -0,0 +1,66 @@
"config-dex-connector": {
type: "component"
annotations: {
"alias.config.oam.dev": "Dex Connector"
}
labels: {
"catalog.config.oam.dev": "velacore-config"
"type.config.oam.dev": "dex-connector"
"multi-cluster.config.oam.dev": "false"
}
description: "Config information to authenticate Dex connectors"
attributes: workload: type: "autodetects.core.oam.dev"
}
template: {
output: {
apiVersion: "v1"
kind: "Secret"
metadata: {
name: parameter.name
namespace: context.namespace
labels: {
"config.oam.dev/catalog": "velacore-config"
"config.oam.dev/type": "dex-connector"
"config.oam.dev/multi-cluster": "false"
"config.oam.dev/identifier": parameter.name
"config.oam.dev/sub-type": parameter.type
}
}
type: "Opaque"
if parameter.type == "github" {
stringData: parameter.github
}
if parameter.type == "ldap" {
stringData: parameter.ldap
}
}
parameter: {
// +usage=Config type
type: "github" | "ldap"
github?: {
// +usage=GitHub client ID
clientID: string
// +usage=GitHub client secret
clientSecret: string
// +usage=GitHub call back URL
callbackURL: string
}
ldap?: {
host: string
insecureNoSSL: *true | bool
insecureSkipVerify: bool
startTLS: bool
usernamePrompt: string
userSearch: {
baseDN: string
username: string
idAttr: string
emailAttr: string
nameAttr: string
}
}
}
}

65
vela-templates/definitions/internal/component/config-image-registry.cue Normal file
View File

@@ -0,0 +1,65 @@
import (
"encoding/base64"
"encoding/json"
)
"config-image-registry": {
type: "component"
annotations: {
"alias.config.oam.dev": "Image Registry"
}
labels: {
"catalog.config.oam.dev": "velacore-config"
"type.config.oam.dev": "image-registry"
"multi-cluster.config.oam.dev": "true"
}
description: "Config information to authenticate image registry"
attributes: workload: type: "autodetects.core.oam.dev"
}
template: {
output: {
apiVersion: "v1"
kind: "Secret"
metadata: {
name: context.name
namespace: context.namespace
labels: {
"config.oam.dev/catalog": "velacore-config"
"config.oam.dev/type": "image-registry"
"config.oam.dev/multi-cluster": "true"
"config.oam.dev/identifier": parameter.registry
"config.oam.dev/sub-type": "auth"
}
}
type: "kubernetes.io/dockerconfigjson"
stringData: {
if parameter.auth != _|_ {
".dockerconfigjson": json.Marshal({
"auths": "\(parameter.registry)": {
"username": parameter.auth.username
"password": parameter.auth.password
if parameter.auth.email != _|_ {
"email": parameter.auth.email
}
"auth": base64.Encode(null, (parameter.auth.username + ":" + parameter.auth.password))
}
})
}
}
}
parameter: {
// +usage=Image registry FQDN
registry: string
// +usage=Authenticate the image registry
auth?: {
// +usage=Private Image registry username
username: string
// +usage=Private Image registry password
password: string
// +usage=Private Image registry email
email?: string
}
}
}