github/kubevela
1
0
Fork 0
mirror of https://github.com/kubevela/kubevela.git synced 2026-02-28 16:50:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:checkpoint/policy-dispatch-fix-stable
Branches Tags
github:master github:release-1.10 github:backport-7027-to-release-1.10 github:cubic-fix-design-vela-cli-kep-defkit-md-L1768-1765767707 github:release-1.9 github:backport-6998-to-release-1.10 github:backport-6998-to-release-1.9 github:dependabot/go_modules/golang.org/x/crypto-0.45.0 github:dependabot/go_modules/github.com/containerd/containerd-1.7.29 github:dependabot/go_modules/golang.org/x/crypto-0.43.0 github:backport-6963-to-release-1.10 github:dependabot/github_actions/anchore/sbom-action-0.20.9 github:dependabot/go_modules/helm.sh/helm/v3-3.19.0 github:dependabot/go_modules/helm.sh/helm/v3-3.18.5 github:dependabot/go_modules/github.com/getkin/kin-openapi-0.133.0 github:dependabot/github_actions/actions/checkout-5.0.0 github:dependabot/github_actions/imjasonh/setup-crane-0.4 github:dependabot/go_modules/github.com/containerd/containerd-1.7.24 github:feat/statefulset github:backport-6537-to-release-1.9 github:backport-6530-to-release-1.9 github:dependabot/github_actions/azure/setup-helm-4 github:dependabot/github_actions/dawidd6/action-homebrew-bump-formula-3.11.0 github:revert-6201-addbuiltin github:release-1.8 github:backport-5982-to-release-1.8 github:backport-5950-to-release-1.8 github:backport-5865-to-release-1.8 github:backport-5922-to-release-1.8 github:backport-5872-to-release-1.8 github:release-1.7 github:backport-5748-to-release-1.8 github:backport-5748-to-release-1.7 github:backport-5728-to-release-1.8 github:release-1.6 github:release-1.5 github:release-1.4 github:release-1.3 github:release-1.2 github:release-1.1 github:release-1.0 github:release-0.3
github:v1.10.7 github:checkpoint/policy-dispatch-fix-stable github:v1.10.6 github:v1.10.5 github:v1.10.4 github:v1.10.3 github:v1.10.2 github:v1.10.1 github:v1.10.0 github:v1.10.0-alpha.1 github:v1.9.13 github:v1.9.12 github:v1.9.11 github:v1.9.10 github:v1.9.9 github:v1.9.8 github:v1.9.7 github:v1.9.6 github:v1.9.5 github:v1.9.4 github:v1.9.3 github:v1.9.2 github:v1.9.1 github:v1.9.0 github:v1.9.0-beta.3 github:v1.9.0-beta.2 github:v1.9.0-beta.1.post1 github:v1.9.0-beta.1 github:v1.9.0-alpha.5 github:v1.9.0-alpha.4 github:v1.8.2 github:v1.9.0-alpha.3 github:v1.8.1 github:v1.9.0-alpha.2 github:v1.9.0-alpha.1 github:v1.8.0 github:v1.8.0-rc.1 github:v1.8.0-beta.3 github:v1.8.0-beta.2 github:v1.7.7 github:v1.8.0-beta.1 github:v1.7.6 github:v1.6.8 github:v1.8.0-alpha.3 github:v1.7.5 github:v1.8.0-alpha.2 github:v1.7.4 github:v1.7.3 github:v1.7.2 github:v1.7.1 github:v1.8.0-alpha.1 github:v1.5.11 github:v1.7.0 github:v1.7.0-beta.2 github:v1.6.7 github:v1.7.0-beta.1 github:v1.7.0-alpha.3 github:v1.5.10 github:v1.6.6 github:v1.4.14 github:v1.7.0-alpha.2 github:v1.7.0-alpha.1 github:v1.6.5 github:v1.6.4 github:v1.6.3 github:v1.6.2 github:v1.6.1 github:v1.5.9 github:v1.6.0 github:v1.6.0-beta.2 github:v1.6.0-beta.1 github:v1.5.8 github:v1.6.0-alpha.6 github:v1.6.0-alpha.5 github:v1.5.7 github:v1.4.13 github:v1.6.0-alpha.4 github:v1.5.6 github:v1.6.0-alpha.3 github:v1.5.5 github:v1.4.12 github:v1.5.4 github:v1.6.0-alpha.2 github:v1.4.11 github:v1.5.3 github:v1.5.2 github:v1.6.0-alpha.1 github:v1.4.10 github:v1.3.10 github:v1.5.0 github:v1.5.0-beta.7 github:v1.5.0-beta.6 github:v1.5.0-beta.5 github:v1.3.9 github:v1.4.9 github:v1.2.8 github:v1.5.0-beta.4 github:v1.5.0-beta.3 github:v1.5.0-beta.2 github:v1.5.0-beta.1 github:v1.4.8 github:v1.4.7 github:v1.4.7-patch github:v1.4.6 github:v1.5.0-alpha.3 github:v1.5.0-alpha.2 github:v1.4.5 github:v1.3.7 github:v1.2.7 github:v1.4.4 github:v1.5.0-alpha.1 github:v1.4.3 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.4.0-beta.2 github:v1.3.6 github:v1.4.0-beta.1 github:v1.3.5 github:v1.4.0-alpha.3 github:v1.3.4 github:v1.2.6 github:v1.3.3 github:v1.4.0-alpha.2 github:v1.3.2 github:v1.3.1 github:v1.4.0-alpha.1 github:v1.3.0 github:v1.3.0-beta.2 github:v1.3.0-beta.1 github:v1.3.0-alpha.1 github:v1.2.5 github:v1.2.4 github:v1.2.3 github:v1.2.2 github:v1.2.1 github:v1.2.0 github:v1.2.0-rc.2 github:v1.2.0-rc.1 github:v1.2.0-beta.3 github:v1.2.0-beta.2 github:v1.2.0-beta.1 github:v1.1.13 github:v1.1.11 github:v1.1.10 github:v1.1.9 github:v1.1.8 github:v1.1.7 github:v1.1.6 github:v1.1.5 github:v1.1.4 github:v1.1.3 github:v1.1.2 github:v1.1.1 github:v1.1.0 github:v1.1.0-rc.2 github:v1.1.0-rc.1 github:v1.1.0-beta.3 github:v1.1.0-beta.2 github:v1.1.0-beta.1 github:v1.1.0-alpha.5 github:v1.1.0-alpha.4 github:v1.0.7 github:v0.3.9 github:v1.1.0-alpha.3 github:v1.1.0-alpha.2 github:v1.0.6 github:v0.3.8 github:v0.3.7 github:v1.0.5 github:v1.1.0-alpha.1 github:v1.0.4 github:v1.0.3 github:v1.0.2 github:v1.0.1 github:v1.0.0 github:v1.0.0-rc2 github:v1.0.0-rc1 github:v0.3.6 github:v0.3.5 github:v0.3.4 github:v0.3.3 github:v0.3.2 github:v0.3.1 github:v0.3.0 github:v0.2.2 github:v0.2.1 github:v0.2.0 github:v0.1.2 github:v0.1.1 github:v0.1.0 github:v0.0.9 github:v0.0.8 github:v0.0.7 github:v0.0.6 github:v0.0.5 github:v0.0.4 github:v0.0.3 github:v0.0.2 github:v0.0.1.2 github:v0.0.1.1 github:v0.0.1 github:vela-v0.0.2-alpha github:v0.0.1-alpha
..
compare: github:release-1.9
Branches Tags
github:master github:release-1.10 github:backport-7027-to-release-1.10 github:cubic-fix-design-vela-cli-kep-defkit-md-L1768-1765767707 github:release-1.9 github:backport-6998-to-release-1.10 github:backport-6998-to-release-1.9 github:dependabot/go_modules/golang.org/x/crypto-0.45.0 github:dependabot/go_modules/github.com/containerd/containerd-1.7.29 github:dependabot/go_modules/golang.org/x/crypto-0.43.0 github:backport-6963-to-release-1.10 github:dependabot/github_actions/anchore/sbom-action-0.20.9 github:dependabot/go_modules/helm.sh/helm/v3-3.19.0 github:dependabot/go_modules/helm.sh/helm/v3-3.18.5 github:dependabot/go_modules/github.com/getkin/kin-openapi-0.133.0 github:dependabot/github_actions/actions/checkout-5.0.0 github:dependabot/github_actions/imjasonh/setup-crane-0.4 github:dependabot/go_modules/github.com/containerd/containerd-1.7.24 github:feat/statefulset github:backport-6537-to-release-1.9 github:backport-6530-to-release-1.9 github:dependabot/github_actions/azure/setup-helm-4 github:dependabot/github_actions/dawidd6/action-homebrew-bump-formula-3.11.0 github:revert-6201-addbuiltin github:release-1.8 github:backport-5982-to-release-1.8 github:backport-5950-to-release-1.8 github:backport-5865-to-release-1.8 github:backport-5922-to-release-1.8 github:backport-5872-to-release-1.8 github:release-1.7 github:backport-5748-to-release-1.8 github:backport-5748-to-release-1.7 github:backport-5728-to-release-1.8 github:release-1.6 github:release-1.5 github:release-1.4 github:release-1.3 github:release-1.2 github:release-1.1 github:release-1.0 github:release-0.3
github:v1.10.7 github:checkpoint/policy-dispatch-fix-stable github:v1.10.6 github:v1.10.5 github:v1.10.4 github:v1.10.3 github:v1.10.2 github:v1.10.1 github:v1.10.0 github:v1.10.0-alpha.1 github:v1.9.13 github:v1.9.12 github:v1.9.11 github:v1.9.10 github:v1.9.9 github:v1.9.8 github:v1.9.7 github:v1.9.6 github:v1.9.5 github:v1.9.4 github:v1.9.3 github:v1.9.2 github:v1.9.1 github:v1.9.0 github:v1.9.0-beta.3 github:v1.9.0-beta.2 github:v1.9.0-beta.1.post1 github:v1.9.0-beta.1 github:v1.9.0-alpha.5 github:v1.9.0-alpha.4 github:v1.8.2 github:v1.9.0-alpha.3 github:v1.8.1 github:v1.9.0-alpha.2 github:v1.9.0-alpha.1 github:v1.8.0 github:v1.8.0-rc.1 github:v1.8.0-beta.3 github:v1.8.0-beta.2 github:v1.7.7 github:v1.8.0-beta.1 github:v1.7.6 github:v1.6.8 github:v1.8.0-alpha.3 github:v1.7.5 github:v1.8.0-alpha.2 github:v1.7.4 github:v1.7.3 github:v1.7.2 github:v1.7.1 github:v1.8.0-alpha.1 github:v1.5.11 github:v1.7.0 github:v1.7.0-beta.2 github:v1.6.7 github:v1.7.0-beta.1 github:v1.7.0-alpha.3 github:v1.5.10 github:v1.6.6 github:v1.4.14 github:v1.7.0-alpha.2 github:v1.7.0-alpha.1 github:v1.6.5 github:v1.6.4 github:v1.6.3 github:v1.6.2 github:v1.6.1 github:v1.5.9 github:v1.6.0 github:v1.6.0-beta.2 github:v1.6.0-beta.1 github:v1.5.8 github:v1.6.0-alpha.6 github:v1.6.0-alpha.5 github:v1.5.7 github:v1.4.13 github:v1.6.0-alpha.4 github:v1.5.6 github:v1.6.0-alpha.3 github:v1.5.5 github:v1.4.12 github:v1.5.4 github:v1.6.0-alpha.2 github:v1.4.11 github:v1.5.3 github:v1.5.2 github:v1.6.0-alpha.1 github:v1.4.10 github:v1.3.10 github:v1.5.0 github:v1.5.0-beta.7 github:v1.5.0-beta.6 github:v1.5.0-beta.5 github:v1.3.9 github:v1.4.9 github:v1.2.8 github:v1.5.0-beta.4 github:v1.5.0-beta.3 github:v1.5.0-beta.2 github:v1.5.0-beta.1 github:v1.4.8 github:v1.4.7 github:v1.4.7-patch github:v1.4.6 github:v1.5.0-alpha.3 github:v1.5.0-alpha.2 github:v1.4.5 github:v1.3.7 github:v1.2.7 github:v1.4.4 github:v1.5.0-alpha.1 github:v1.4.3 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.4.0-beta.2 github:v1.3.6 github:v1.4.0-beta.1 github:v1.3.5 github:v1.4.0-alpha.3 github:v1.3.4 github:v1.2.6 github:v1.3.3 github:v1.4.0-alpha.2 github:v1.3.2 github:v1.3.1 github:v1.4.0-alpha.1 github:v1.3.0 github:v1.3.0-beta.2 github:v1.3.0-beta.1 github:v1.3.0-alpha.1 github:v1.2.5 github:v1.2.4 github:v1.2.3 github:v1.2.2 github:v1.2.1 github:v1.2.0 github:v1.2.0-rc.2 github:v1.2.0-rc.1 github:v1.2.0-beta.3 github:v1.2.0-beta.2 github:v1.2.0-beta.1 github:v1.1.13 github:v1.1.11 github:v1.1.10 github:v1.1.9 github:v1.1.8 github:v1.1.7 github:v1.1.6 github:v1.1.5 github:v1.1.4 github:v1.1.3 github:v1.1.2 github:v1.1.1 github:v1.1.0 github:v1.1.0-rc.2 github:v1.1.0-rc.1 github:v1.1.0-beta.3 github:v1.1.0-beta.2 github:v1.1.0-beta.1 github:v1.1.0-alpha.5 github:v1.1.0-alpha.4 github:v1.0.7 github:v0.3.9 github:v1.1.0-alpha.3 github:v1.1.0-alpha.2 github:v1.0.6 github:v0.3.8 github:v0.3.7 github:v1.0.5 github:v1.1.0-alpha.1 github:v1.0.4 github:v1.0.3 github:v1.0.2 github:v1.0.1 github:v1.0.0 github:v1.0.0-rc2 github:v1.0.0-rc1 github:v0.3.6 github:v0.3.5 github:v0.3.4 github:v0.3.3 github:v0.3.2 github:v0.3.1 github:v0.3.0 github:v0.2.2 github:v0.2.1 github:v0.2.0 github:v0.1.2 github:v0.1.1 github:v0.1.0 github:v0.0.9 github:v0.0.8 github:v0.0.7 github:v0.0.6 github:v0.0.5 github:v0.0.4 github:v0.0.3 github:v0.0.2 github:v0.0.1.2 github:v0.0.1.1 github:v0.0.1 github:vela-v0.0.2-alpha github:v0.0.1-alpha

4 Commits
checkpoint ... release-1.

Author SHA1 Message Date
github-actions[bot]
02e13f9dc3 Fix: Enhance shared resource handling to avoid last-applied-configuration pollution (#6998) (#7000) 
(cherry picked from commit 552764d48f)

Signed-off-by: Brian Kane <briankane1@gmail.com>
Co-authored-by: Ayush Kumar <65535504+roguepikachu@users.noreply.github.com>
 2025-11-26 08:06:12 -08:00
Tianxin Dong
d56da069eb Fix: upgrade workflow to fix suspend (#6623) 
* fix: upgrade workflow to fix suspend

Signed-off-by: FogDong <fog@bentoml.com>

* fix: fix gomega version

Signed-off-by: FogDong <fog@bentoml.com>

* Fix: Update docker image and workflow go version to 1.22

Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>

* Fix: do dependency fix check

Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>

* Fix: build failure

Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>

* Fix: build failure

Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>

---------

Signed-off-by: FogDong <fog@bentoml.com>
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
Co-authored-by: Anoop Gopalakrishnan <anoop2811@aol.in>
 2024-09-29 01:57:45 +05:30
github-actions[bot]
89c1d07a8f Fix(CUE): fix volumns variable err bug in vela-cli (#6619) 
Signed-off-by: yukunjie <yukunjie007@163.com>
Co-authored-by: yukunjie <yukunjie007@163.com>
(cherry picked from commit b605e0857c)

Co-authored-by: yukunjie <yukunjie007@163.com>
 2024-09-19 09:53:07 +08:00
github-actions[bot]
fa8350bc50 fix: disable auto maxprocs logging (#6618) 
Signed-off-by: FogDong <fog@bentoml.com>
(cherry picked from commit d025a6d5af)

Co-authored-by: FogDong <fog@bentoml.com>
 2024-09-19 09:51:43 +08:00
798 changed files with 15320 additions and 101123 deletions
Expand all files Collapse all files

30
.github/CODEOWNERS vendored
View File

@@ -1,35 +1,35 @@
# This file is a github code protect rule follow the codeowners https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners#example-of-a-codeowners-file
* @barnettZQG @wonderflow @leejanee @Somefive @jefree-cat @FogDong @wangyikewxgm @chivalryq @anoop2811 @briankane @jguionnet
design/ @barnettZQG @leejanee @wonderflow @Somefive @jefree-cat @FogDong @anoop2811 @briankane @jguionnet
* @barnettZQG @wonderflow @leejanee @Somefive @jefree-cat @FogDong @wangyikewxgm @chivalryq
design/ @barnettZQG @leejanee @wonderflow @Somefive @jefree-cat @FogDong
# Owner of Core Controllers
pkg/controller/core.oam.dev @Somefive @FogDong @barnettZQG @wonderflow @wangyikewxgm @chivalryq @anoop2811 @briankane @jguionnet
pkg/controller/core.oam.dev @Somefive @FogDong @barnettZQG @wonderflow @wangyikewxgm @chivalryq
# Owner of Standard Controllers
pkg/controller/standard.oam.dev @wangyikewxgm @barnettZQG @wonderflow @Somefive @anoop2811 @FogDong @briankane @jguionnet
pkg/controller/standard.oam.dev @wangyikewxgm @barnettZQG @wonderflow @Somefive
# Owner of CUE
pkg/cue @leejanee @FogDong @Somefive @anoop2811 @briankane @jguionnet
pkg/stdlib @leejanee @FogDong @Somefive @anoop2811 @briankane @jguionnet
pkg/cue @leejanee @FogDong @Somefive
pkg/stdlib @leejanee @FogDong @Somefive
# Owner of Workflow
pkg/workflow @leejanee @FogDong @Somefive @wangyikewxgm @chivalryq @anoop2811 @briankane @jguionnet
pkg/workflow @leejanee @FogDong @Somefive @wangyikewxgm @chivalryq
# Owner of vela templates
vela-templates/ @Somefive @barnettZQG @wonderflow @FogDong @wangyikewxgm @chivalryq @anoop2811 @briankane @jguionnet
vela-templates/ @Somefive @barnettZQG @wonderflow @FogDong @wangyikewxgm @chivalryq
# Owner of vela CLI
references/cli/ @Somefive @StevenLeiZhang @charlie0129 @wangyikewxgm @chivalryq @anoop2811 @FogDong @briankane @jguionnet
references/cli/ @Somefive @zzxwill @StevenLeiZhang @charlie0129 @wangyikewxgm @chivalryq
# Owner of vela addon framework
pkg/addon/ @wangyikewxgm @wonderflow @charlie0129 @anoop2811 @FogDong @briankane @jguionnet
pkg/addon/ @wangyikewxgm @wonderflow @charlie0129
# Owner of resource keeper and tracker
pkg/resourcekeeper @Somefive @FogDong @chivalryq @anoop2811 @briankane @jguionnet
pkg/resourcetracker @Somefive @FogDong @chivalryq @anoop2811 @briankane @jguionnet
pkg/resourcekeeper @Somefive @FogDong @chivalryq
pkg/resourcetracker @Somefive @FogDong @chivalryq
.github/ @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm @anoop2811 @briankane @jguionnet
makefiles @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm @anoop2811 @briankane @jguionnet
go.* @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm @anoop2811 @briankane @jguionnet
.github/ @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm
makefiles @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm
go.* @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm

35
.github/actions/deploy-current-branch/README.md vendored
View File

@@ -1,35 +0,0 @@
# Deploy Current Branch Action
This GitHub composite action builds a Docker image from the current branch commit and deploys it to a KubeVela cluster for development testing.
## What it does
- Generates a unique image tag from the latest commit hash
- Builds and loads the Docker image into a KinD cluster
- Applies KubeVela CRDs for upgrade safety
- Upgrades the KubeVela Helm release to use the local development image
- Verifies deployment status and the running image version
## Usage
```yaml
- name: Deploy Current Branch
uses: ./path/to/this/action
```
## Requirements
- Docker, Helm, kubectl, and KinD must be available in your runner environment
- Kubernetes cluster access
- `charts/vela-core/crds` directory with CRDs
- Valid Helm chart at `charts/vela-core`
## Steps performed
1. **Generate commit hash for image tag**
2. **Build & load Docker image into KinD**
3. **Pre-apply chart CRDs**
4. **Upgrade KubeVela using local image**
5. **Verify deployment and image version**
---

89
.github/actions/deploy-current-branch/action.yaml vendored
View File

@@ -1,89 +0,0 @@
name: 'Deploy Current Branch'
description: 'Builds Docker image from current branch commit and deploys it to KubeVela cluster for development testing'
runs:
using: "composite"
steps:
# ========================================================================
# Git Commit Hash Generation
# Generate unique image tag from current branch's latest commit
# ========================================================================
- name: Get commit hash
id: commit_hash
shell: bash
run: |
COMMIT_HASH="git-$(git rev-parse --short HEAD)"
echo "Using commit hash: $COMMIT_HASH"
echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV
# ========================================================================
# Docker Image Build and Cluster Loading
# Build development image from current code and load into KinD cluster
# ========================================================================
- name: Build and load Docker image
shell: bash
run: |
echo "Building development image: vela-core-test:${{ env.COMMIT_HASH }}"
mkdir -p $HOME/tmp/
docker build --no-cache \
-t vela-core-test:${{ env.COMMIT_HASH }} \
-f Dockerfile .
echo "Loading image into KinD cluster..."
TMPDIR=$HOME/tmp/ kind load docker-image vela-core-test:${{ env.COMMIT_HASH }}
# ========================================================================
# Custom Resource Definitions Application
# Pre-apply CRDs to ensure upgrade compatibility and prevent conflicts
# ========================================================================
- name: Pre-apply CRDs from target chart (upgrade-safe)
shell: bash
run: |
CRD_DIR="charts/vela-core/crds"
echo "Applying CRDs idempotently..."
kubectl apply -f "${CRD_DIR}"
# ========================================================================
# KubeVela Helm Chart Upgrade
# Upgrade existing installation to use locally built development image
# ========================================================================
- name: Upgrade KubeVela to development image
shell: bash
run: |
echo "Upgrading KubeVela to development version..."
helm upgrade kubevela ./charts/vela-core \
--namespace vela-system \
--set image.repository=vela-core-test \
--set image.tag=${{ env.COMMIT_HASH }} \
--set image.pullPolicy=IfNotPresent \
--timeout 5m \
--wait \
--debug
# ========================================================================
# Deployment Status Verification
# Verify successful upgrade and confirm correct image deployment
# ========================================================================
- name: Verify deployment status
shell: bash
run: |
echo "=== DEPLOYMENT VERIFICATION ==="
echo "Verifying upgrade to local development image..."
echo "--- Pod Status ---"
kubectl get pods -n vela-system
echo "--- Deployment Rollout ---"
kubectl rollout status deployment/kubevela-vela-core \
-n vela-system \
--timeout=300s
echo "--- Deployed Image Version ---"
kubectl get deployment kubevela-vela-core \
-n vela-system \
-o yaml | grep "image:" | head -1
echo "Deployment verification completed successfully!"

32
.github/actions/deploy-latest-release/README.md vendored
View File

@@ -1,32 +0,0 @@
# Install Latest KubeVela Release Action
This GitHub composite action installs the latest stable KubeVela release from the official Helm repository and verifies its deployment status.
## What it does
- Discovers the latest stable KubeVela release tag from GitHub
- Adds and updates the official KubeVela Helm chart repository
- Installs KubeVela into the `vela-system` namespace (using Helm)
- Verifies pod status and deployment rollout for successful installation
## Usage
```yaml
- name: Install Latest KubeVela Release
uses: ./path/to/this/action
```
## Requirements
- Helm, kubectl, jq, and curl must be available in your runner environment
- Kubernetes cluster access
## Steps performed
1. **Release Tag Discovery:** Fetches latest stable tag (without `v` prefix)
2. **Helm Repo Setup:** Adds/updates KubeVela Helm chart repo
3. **Install KubeVela:** Installs latest release in the `vela-system` namespace
4. **Status Verification:** Checks pod status and rollout for readiness
---

68
.github/actions/deploy-latest-release/action.yaml vendored
View File

@@ -1,68 +0,0 @@
name: 'Install Latest KubeVela Release'
description: 'Installs the latest stable KubeVela release from official Helm repository with status verification'
runs:
using: "composite"
steps:
# ========================================================================
# Latest Release Tag Discovery
# Fetch current stable release version from GitHub API
# ========================================================================
- name: Get latest KubeVela release tag (no v prefix)
id: get_latest_tag
shell: bash
run: |
TAG=$(curl -s https://api.github.com/repos/kubevela/kubevela/releases/latest | \
jq -r ".tag_name" | \
awk '{sub(/^v/, ""); print}')
echo "LATEST_TAG=$TAG" >> $GITHUB_ENV
echo "Discovered latest release: $TAG"
# ========================================================================
# Helm Repository Configuration
# Add and update official KubeVela chart repository
# ========================================================================
- name: Add KubeVela Helm repo
shell: bash
run: |
echo "Adding KubeVela Helm repository..."
helm repo add kubevela https://kubevela.github.io/charts
helm repo update
echo "Helm repository configuration completed"
# ========================================================================
# KubeVela Stable Release Installation
# Deploy latest stable version to vela-system namespace
# ========================================================================
- name: Install KubeVela ${{ env.LATEST_TAG }}
shell: bash
run: |
echo "Installing KubeVela version: ${{ env.LATEST_TAG }}"
helm install \
--create-namespace \
-n vela-system \
kubevela kubevela/vela-core \
--version ${{ env.LATEST_TAG }} \
--timeout 10m \
--wait
echo "KubeVela installation completed"
# ========================================================================
# Installation Status Verification
# Verify successful deployment and readiness of KubeVela components
# ========================================================================
- name: Post-install status
shell: bash
run: |
echo "=== INSTALLATION VERIFICATION ==="
echo "Verifying KubeVela deployment status..."
echo "--- Pod Status ---"
kubectl get pods -n vela-system
echo "--- Deployment Rollout ---"
kubectl rollout status deployment/kubevela-vela-core \
-n vela-system \
--timeout=300s
echo "KubeVela installation verification completed successfully!"

51
.github/actions/e2e-test/README.md vendored
View File

@@ -1,51 +0,0 @@
# Kubevela K8s Upgrade E2E Test Action
A comprehensive GitHub composite action for running KubeVela Kubernetes upgrade end-to-end (E2E) tests with complete environment setup, multiple test suites, and failure diagnostics.
> **Note**: This action requires the `GO_VERSION` environment variable to be set in your workflow.
## Quick Start
### Basic Usage
```yaml
name: E2E Tests
on: [push, pull_request]
jobs:
e2e-tests:
runs-on: ubuntu-latest
env:
GO_VERSION: '1.23.8'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run KubeVela E2E Tests
uses: ./.github/actions/upgrade-e2e-test
```
## Test Flow Diagram
```
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Environment │ │ E2E Environment │ │ Test Execution │
│ Setup │───▶│ Preparation │───▶│ (3 Suites) │
│ │ │ │ │ │
│ • Install tools │ │ • Cleanup │ │ • API tests │
│ • Setup Go │ │ • Core setup │ │ • Addon tests │
│ • Dependencies │ │ • Helm tests │ │ • General tests │
│ • Build project │ │ │ │ │
└─────────────────┘ └──────────────────┘ └─────────────────┘
┌─────────────────┐
│ Diagnostics │
│ (On Failure) │
│ │
│ • Cluster logs │
│ • System events │
│ • Test artifacts│
└─────────────────┘
```

100
.github/actions/e2e-test/action.yaml vendored
View File

@@ -1,100 +0,0 @@
name: 'Kubevela K8s Upgrade e2e Test'
description: 'Runs Kubevela K8s upgrade e2e tests, uploads coverage, and collects diagnostics on failure.'
inputs:
codecov-token:
description: 'Codecov token for uploading coverage reports'
required: false
default: ''
codecov-enable:
description: 'Enable codecov coverage upload'
required: false
default: 'false'
runs:
using: "composite"
steps:
# ========================================================================
# Environment Setup
# ========================================================================
- name: Configure environment setup
uses: ./.github/actions/env-setup
with:
install-ginkgo: 'true'
install-setup-envtest: 'false'
install-kustomize: 'false'
- name: Build project
shell: bash
run: make
# ========================================================================
# E2E Test Environment Preparation
# ========================================================================
- name: Prepare e2e environment
shell: bash
run: |
echo "Preparing e2e test environment..."
make e2e-cleanup
make e2e-setup-core
echo "Running Helm tests..."
helm test -n vela-system kubevela --timeout 5m
# ========================================================================
# E2E Test Execution
# ========================================================================
- name: Run API e2e tests
shell: bash
run: |
echo "Running API e2e tests..."
make e2e-api-test
- name: Run addon e2e tests
shell: bash
run: |
echo "Running addon e2e tests..."
make e2e-addon-test
- name: Run general e2e tests
shell: bash
run: |
echo "Running general e2e tests..."
make e2e-test
- name: Upload coverage report
if: ${{ inputs.codecov-enable == 'true' }}
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24
with:
token: ${{ inputs.codecov-token }}
files: ./coverage.txt
flags: core-unittests
name: codecov-umbrella
fail_ci_if_error: false
# ========================================================================
# Failure Diagnostics
# ========================================================================
- name: Collect failure diagnostics
if: failure()
shell: bash
run: |
echo "=== FAILURE DIAGNOSTICS ==="
echo "Collecting diagnostic information for debugging..."
echo "--- Cluster Status ---"
kubectl get nodes -o wide || true
kubectl get pods -A || true
echo "--- KubeVela System Logs ---"
kubectl logs -n vela-system -l app.kubernetes.io/name=vela-core --tail=100 || true
echo "--- Recent Events ---"
kubectl get events -A --sort-by='.lastTimestamp' --field-selector type!=Normal || true
echo "--- Helm Release Status ---"
helm list -A || true
helm status kubevela -n vela-system || true
echo "--- Test Artifacts ---"
find . -name "*.log" -type f -exec echo "=== {} ===" \; -exec cat {} \; || true

67
.github/actions/env-setup/README.md vendored
View File

@@ -1,67 +0,0 @@
# Kubevela Test Environment Setup Action
A GitHub Actions composite action that sets up a complete testing environment for Kubevela projects with Go, Kubernetes tools, and the Ginkgo testing framework.
## Features
- 🛠️ **System Dependencies**: Installs essential build tools (make, gcc, jq, curl, etc.)
- ☸️ **Kubernetes Tools**: Sets up kubectl and Helm for cluster operations
- 🐹 **Go Environment**: Configurable Go version with module caching
- 📦 **Dependency Management**: Downloads and verifies Go module dependencies
- 🧪 **Testing Framework**: Installs Ginkgo v2 for BDD-style testing
## Usage
```yaml
- name: Setup Kubevela Test Environment
uses: ./path/to/this/action
with:
go-version: '1.23.8' # Optional: Go version (default: 1.23.8)
```
### Example Workflow
```yaml
name: Kubevela Tests
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Test Environment
uses: ./path/to/this/action
with:
go-version: '1.21'
- name: Run Tests
run: |
ginkgo -r ./tests/e2e/
```
## Inputs
| Input | Description | Required | Default | Usage |
|-------|-------------|----------|---------|-------|
| `go-version` | Go version to install and use | No | `1.23.8` | Specify Go version for your project |
## What This Action Installs
### System Tools
- **make**: Build automation tool
- **gcc**: GNU Compiler Collection
- **jq**: JSON processor for shell scripts
- **ca-certificates**: SSL/TLS certificates
- **curl**: HTTP client for downloads
- **gnupg**: GNU Privacy Guard for security
### Kubernetes Ecosystem
- **kubectl**: Kubernetes command-line tool (latest stable)
- **helm**: Kubernetes package manager (latest stable)
### Go Development
- **Go Runtime**: Specified version with module caching enabled
- **Go Modules**: Downloaded and verified dependencies
- **Ginkgo v2.14.0**: BDD testing framework for Go

118
.github/actions/env-setup/action.yaml vendored
View File

@@ -1,118 +0,0 @@
name: 'Kubevela Test Environment Setup'
description: 'Sets up complete testing environment for Kubevela with Go, Kubernetes tools, and testing frameworks.'
inputs:
go-version:
description: 'Go version to use for testing'
required: false
default: '1.23.8'
install-ginkgo:
description: 'Install Ginkgo testing framework'
required: false
default: 'true'
install-setup-envtest:
description: 'Install setup-envtest for integration testing'
required: false
default: 'false'
install-kustomize:
description: 'Install kustomize for manifest management'
required: false
default: 'false'
kustomize-version:
description: 'Kustomize version to install'
required: false
default: '4.5.4'
runs:
using: 'composite'
steps:
# ========================================================================
# Environment Setup
# ========================================================================
- name: Install system dependencies
shell: bash
run: |
# Update package manager and install essential tools
sudo apt-get update
sudo apt-get install -y \
make \
gcc \
jq \
ca-certificates \
curl \
gnupg
- name: Install kubectl and helm
shell: bash
run: |
# Detect architecture
ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
# Install kubectl
echo "Installing kubectl for architecture: $ARCH"
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${ARCH}/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/bin/
# Install helm using the official script (more reliable)
echo "Installing Helm using official script..."
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
rm get_helm.sh
# Verify installations
echo "Verifying installations..."
kubectl version --client
helm version
- name: Setup Go environment
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
with:
go-version: ${{ inputs.go-version }}
cache: true
- name: Download Go dependencies
shell: bash
run: |
# Download and cache Go module dependencies
go mod download
go mod verify
- name: Install Ginkgo testing framework
if: ${{ inputs.install-ginkgo == 'true' }}
shell: bash
run: |
echo "Installing Ginkgo testing framework..."
go install github.com/onsi/ginkgo/v2/ginkgo@v2.14.0
echo "Ginkgo installed successfully"
- name: Install setup-envtest
if: ${{ inputs.install-setup-envtest == 'true' }}
shell: bash
run: |
echo "Installing setup-envtest for integration testing..."
mkdir -p ./bin
GOBIN=$(pwd)/bin go install sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.0.0-20240522175850-2e9781e9fc60
echo "setup-envtest installed successfully at ./bin/setup-envtest"
ls -la ./bin/setup-envtest
# Download and cache the Kubernetes binaries for envtest
echo "Downloading Kubernetes binaries for envtest..."
KUBEBUILDER_ASSETS=$(./bin/setup-envtest use 1.31.0 --bin-dir ./bin -p path)
echo "Kubernetes binaries downloaded successfully"
echo "KUBEBUILDER_ASSETS=${KUBEBUILDER_ASSETS}"
# Export for subsequent steps
echo "KUBEBUILDER_ASSETS=${KUBEBUILDER_ASSETS}" >> $GITHUB_ENV
- name: Install kustomize
if: ${{ inputs.install-kustomize == 'true' }}
shell: bash
run: |
echo "Installing kustomize version ${{ inputs.kustomize-version }}..."
mkdir -p ./bin
curl -sS https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh | bash -s ${{ inputs.kustomize-version }} $(pwd)/bin
echo "kustomize installed successfully at ./bin/kustomize"
./bin/kustomize version

35
.github/actions/multicluster-test/README.md vendored
View File

@@ -1,35 +0,0 @@
# Kubevela K8s Upgrade Multicluster E2E Test Action
A comprehensive GitHub Actions composite action for running Kubevela Kubernetes upgrade multicluster end-to-end tests with automated coverage reporting and failure diagnostics.
## Usage
```yaml
name: Kubevela Multicluster E2E Tests
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
multicluster-e2e:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Multicluster E2E Tests
uses: ./.github/actions/multicluster-test
with:
codecov-enable: 'true'
codecov-token: ${{ secrets.CODECOV_TOKEN }}
```
## Inputs
| Input | Description | Required | Default | Type |
|-------|-------------|----------|---------|------|
| `codecov-token` | Codecov token for uploading coverage reports | No | `''` | string |
| `codecov-enable` | Enable codecov coverage upload | No | `'false'` | string |

80
.github/actions/multicluster-test/action.yaml vendored
View File

@@ -1,80 +0,0 @@
name: 'Kubevela K8s Upgrade Multicluster E2E Test'
description: 'Runs Kubevela Kubernetes upgrade multicluster end-to-end tests, uploads coverage, and collects diagnostics on failure.'
author: 'viskumar_gwre'
inputs:
codecov-token:
description: 'Codecov token for uploading coverage reports'
required: false
default: ''
codecov-enable:
description: 'Enable codecov coverage upload'
required: false
default: 'false'
runs:
using: 'composite'
steps:
# ========================================================================
# Environment Setup
# ========================================================================
- name: Configure environment setup
uses: ./.github/actions/env-setup
with:
install-ginkgo: 'true'
install-setup-envtest: 'false'
install-kustomize: 'false'
# ========================================================================
# E2E Test Execution
# ========================================================================
- name: Prepare e2e test environment
shell: bash
run: |
# Build CLI tools and prepare test environment
echo "Building KubeVela CLI..."
make vela-cli
echo "Cleaning up previous test artifacts..."
make e2e-cleanup
echo "Setting up core authentication for e2e tests..."
make e2e-setup-core-auth
- name: Execute multicluster upgrade e2e tests
shell: bash
run: |
# Add built CLI to PATH and run multicluster tests
export PATH=$(pwd)/bin:$PATH
echo "Running e2e multicluster upgrade tests..."
make e2e-multicluster-test
- name: Upload coverage report
if: ${{ inputs.codecov-enable == 'true' }}
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24
with:
token: ${{ inputs.codecov-token }}
files: /tmp/e2e-profile.out,/tmp/e2e_multicluster_test.out
flags: e2e-multicluster-test
name: codecov-umbrella
# ========================================================================
# Failure Diagnostics
# ========================================================================
- name: Collect failure diagnostics
if: failure()
shell: bash
run: |
echo "=== FAILURE DIAGNOSTICS ==="
echo "Collecting diagnostic information for debugging..."
echo "--- Cluster Status ---"
kubectl get nodes -o wide || true
kubectl get pods -A || true
echo "--- KubeVela System Logs ---"
kubectl logs -n vela-system -l app.kubernetes.io/name=vela-core --tail=100 || true
echo "--- Recent Events ---"
kubectl get events -A --sort-by='.lastTimestamp' --field-selector type!=Normal || true

78
.github/actions/setup-kind-cluster/README.md vendored
View File

@@ -1,78 +0,0 @@
# Setup Kind Cluster Action
A GitHub Action that sets up a Kubernetes testing environment using Kind (Kubernetes in Docker) for E2E testing.
## Inputs
| Input | Description | Required | Default |
|-------|-------------|----------|---------|
| `k8s-version` | Kubernetes version for the kind cluster | No | `v1.31.9` |
## Quick Start
```yaml
name: E2E Tests
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Setup Kind Cluster
uses: ./.github/actions/setup-kind-cluster
with:
k8s-version: 'v1.31.9'
- name: Run tests
run: |
kubectl cluster-info
make test-e2e
```
## What it does
1. **Installs Kind CLI** - Downloads Kind v0.29.0 using Go
2. **Cleans up** - Removes any existing Kind clusters
3. **Creates cluster** - Spins up Kubernetes v1.31.9 cluster
4. **Sets up environment** - Configures KUBECONFIG for kubectl access
5. **Loads images** - Builds and loads Docker images using `make image-load`
## File Structure
Save as `.github/actions/setup-kind-cluster/action.yaml`:
```yaml
name: 'SetUp kind cluster'
description: 'Sets up complete testing environment for Kubevela with Go, Kubernetes tools, and Ginkgo framework for E2E testing.'
inputs:
k8s-version:
description: 'Kubernetes version for the kind cluster'
required: false
default: 'v1.31.9'
runs:
using: 'composite'
steps:
# ========================================================================
# Kind cluster Setup
# ========================================================================
- name: Setup KinD
run: |
go install sigs.k8s.io/kind@v0.29.0
kind delete cluster || true
kind create cluster --image=kindest/node:${{ inputs.k8s-version }}
shell: bash
- name: Load image
run: |
mkdir -p $HOME/tmp/
TMPDIR=$HOME/tmp/ make image-load
shell: bash
```

36
.github/actions/setup-kind-cluster/action.yaml vendored
View File

@@ -1,36 +0,0 @@
name: 'SetUp kind cluster'
description: 'Sets up a KinD (Kubernetes in Docker) cluster with configurable Kubernetes version and optional cluster naming for testing and development workflows.'
inputs:
k8s-version:
description: 'Kubernetes version for the kind cluster'
required: false
default: 'v1.31.9'
name:
description: 'Name of the kind cluster'
required: false
runs:
using: 'composite'
steps:
# ========================================================================
# Kind cluster Setup
# ========================================================================
- name: Setup KinD
run: |
go install sigs.k8s.io/kind@v0.29.0
if [ -n "${{ inputs.name }}" ]; then
kind delete cluster --name="${{ inputs.name }}" || true
kind create cluster --name="${{ inputs.name }}" --image=kindest/node:${{ inputs.k8s-version }}
kind export kubeconfig --internal --name="${{ inputs.name }}" --kubeconfig /tmp/${{ inputs.name }}.kubeconfig
else
kind delete cluster || true
kind create cluster --image=kindest/node:${{ inputs.k8s-version }}
fi
shell: bash
- name: Load image
run: |
if [ -z "${{ inputs.name }}" ]; then
mkdir -p $HOME/tmp/
TMPDIR=$HOME/tmp/ make image-load
fi
shell: bash

34
.github/actions/unit-test/README.md vendored
View File

@@ -1,34 +0,0 @@
# Kubevela K8s Upgrade Unit Test Action
A comprehensive GitHub composite action for running KubeVela Kubernetes upgrade unit tests with coverage reporting and failure diagnostics.
## Inputs
| Input | Description | Required | Default |
|-------|-------------|----------|---------|
| `codecov-token` | Codecov token for uploading coverage reports | ❌ | `''` |
| `codecov-enable` | Enable Codecov coverage upload (`'true'` or `'false'`) | ❌ | `'false'` |
| `go-version` | Go version to use for testing | ❌ | `'1.23.8'` |
## Quick Start
### Basic Usage
```yaml
name: Unit Tests with Coverage
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run KubeVela Unit Tests
uses: viskumar_gwre/kubevela-k8s-upgrade-unit-test-action@v1
with:
codecov-enable: 'true'
codecov-token: ${{ secrets.CODECOV_TOKEN }}
go-version: '1.23.8'
```

71
.github/actions/unit-test/action.yaml vendored
View File

@@ -1,71 +0,0 @@
name: 'Kubevela K8s Upgrade Unit Test'
description: 'Runs Kubevela K8s upgrade unit tests, uploads coverage, and collects diagnostics on failure.'
inputs:
codecov-token:
description: 'Codecov token for uploading coverage reports'
required: false
default: ''
codecov-enable:
description: 'Enable codecov coverage upload'
required: false
default: 'false'
runs:
using: "composite"
steps:
# ========================================================================
# Environment Setup
# ========================================================================
- name: Configure environment setup
uses: ./.github/actions/env-setup
with:
install-ginkgo: 'true'
install-setup-envtest: 'true'
install-kustomize: 'true'
# ========================================================================
# Unit Test Execution
# ========================================================================
- name: Run unit tests
shell: bash
run: |
echo "Running unit tests..."
make test
- name: Upload coverage report
if: ${{ inputs.codecov-enable == 'true' }}
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24
with:
token: ${{ inputs.codecov-token }}
files: ./coverage.txt
flags: core-unittests
name: codecov-umbrella
fail_ci_if_error: false
# ========================================================================
# Failure Diagnostics
# ========================================================================
- name: Collect failure diagnostics
if: failure()
shell: bash
run: |
echo "=== FAILURE DIAGNOSTICS ==="
echo "Collecting diagnostic information for debugging..."
echo "--- Go Environment ---"
go version || true
go env || true
echo "--- Cluster Status ---"
kubectl get nodes -o wide || true
kubectl get pods -A || true
echo "--- KubeVela System Logs ---"
kubectl logs -n vela-system -l app.kubernetes.io/name=vela-core --tail=100 || true
echo "--- Recent Events ---"
kubectl get events -A --sort-by='.lastTimestamp' --field-selector type!=Normal || true
echo "--- Test Artifacts ---"
find . -name "*.log" -o -name "*test*.xml" -o -name "coverage.*" | head -20 || true

5
.github/comment.userlist vendored
View File

@@ -11,7 +11,4 @@ wangyuan249
chivalryq
FogDong
leejanee
barnettZQG
anoop2811
briankane
jguionnet
barnettZQG

4
.github/workflows/back-port.yml vendored
View File

@@ -17,12 +17,12 @@ jobs:
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
fetch-depth: 0
- name: Open Backport PR
uses: zeebe-io/backport-action@0193454f0c5947491d348f33a275c119f30eb736
uses: zeebe-io/backport-action@08bafb375e6e9a9a2b53a744b987e5d81a133191
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
github_workspace: ${{ github.workspace }}

6
.github/workflows/chart.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
HELM_CHART_NAME: vela-core
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Get git revision
id: vars
shell: bash
@@ -28,7 +28,7 @@ jobs:
with:
version: v3.4.0
- name: Setup node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65
with:
node-version: '14'
- name: Generate helm doc
@@ -47,7 +47,7 @@ jobs:
chart_smever=${chart_version#"v"}
sed -i "s/0.1.0/$chart_smever/g" $HELM_CHART/Chart.yaml
- uses: jnwng/github-app-installation-token-action@c54add4c02866dc41e106745ac6dcf5cdd6339e5 # v2
- uses: jnwng/github-app-installation-token-action@v2
id: get_app_token
with:
appId: 340472

6
.github/workflows/codeql-analysis.yml vendored
View File

@@ -26,12 +26,12 @@ jobs:
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Initialize CodeQL
uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37

2
.github/workflows/commit-lint.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
check:
runs-on: ubuntu-22.04
steps:
- uses: thehanimo/pr-title-checker@5652588c80c479af803eabfbdb5a3895a77c1388 # v1.4.1
- uses: thehanimo/pr-title-checker@v1.4.1
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
pass_on_octokit_error: true

6
.github/workflows/core-api-test.yml vendored
View File

@@ -16,10 +16,10 @@ jobs:
core-api-test:
runs-on: ubuntu-22.04
steps:
- name: Set up Go 1.23.8
uses: actions/setup-go@v5
- name: Set up Go 1.19
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
env:
GO_VERSION: '1.23.8'
GO_VERSION: '1.19'
with:
go-version: ${{ env.GO_VERSION }}
id: go

12
.github/workflows/definition-lint.yml vendored
View File

@@ -16,26 +16,26 @@ permissions:
env:
# Common versions
GO_VERSION: '1.23.8'
GO_VERSION: '1.19'
jobs:
definition-doc:
runs-on: ubuntu-22.04
steps:
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
submodules: true
- name: Setup KinD
uses: ./.github/actions/setup-kind-cluster
with:
name: linter
run: |
go install sigs.k8s.io/kind@v0.19.0
kind create cluster
- name: Definition Doc generate check
run: |

76
.github/workflows/e2e-multicluster-test.yml vendored
View File

@@ -18,7 +18,7 @@ permissions:
env:
# Common versions
GO_VERSION: '1.23.8'
GO_VERSION: '1.19'
jobs:
@@ -39,45 +39,75 @@ jobs:
continue-on-error: true
e2e-multi-cluster-tests:
runs-on: ubuntu-22.04
runs-on: self-hosted
needs: [ detect-noop ]
if: needs.detect-noop.outputs.noop != 'true'
strategy:
matrix:
k8s-version: ["v1.31.9"]
k8s-version: ["v1.26"]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
cancel-in-progress: true
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Setup worker cluster kinD
uses: ./.github/actions/setup-kind-cluster
with:
name: worker
k8s-version: ${{ matrix.k8s-version }}
- name: Install tools
run: |
sudo apt-get update
sudo apt-get install make gcc jq ca-certificates curl gnupg -y
sudo snap install kubectl --classic
sudo snap install helm --classic
- name: Setup master cluster kinD
uses: ./.github/actions/setup-kind-cluster
- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
k8s-version: ${{ matrix.k8s-version }}
go-version: ${{ env.GO_VERSION }}
- name: Run upgrade multicluster tests
uses: ./.github/actions/multicluster-test
- name: Get dependencies
run: |
go get -v -t -d ./...
- name: Setup KinD
run: |
go install sigs.k8s.io/kind@v0.19.0
kind delete cluster --name worker || true
kind create cluster --name worker --image=kindest/node:v1.26.4
kind export kubeconfig --internal --name worker --kubeconfig /tmp/worker.kubeconfig
kind delete cluster || true
kind create cluster --image=kindest/node:v1.26.4
- name: Load image
run: |
mkdir -p $HOME/tmp/
TMPDIR=$HOME/tmp/ make image-load
- name: Cleanup for e2e tests
run: |
make vela-cli
make e2e-cleanup
make e2e-setup-core-auth
- name: Run e2e multicluster tests
run: |
export PATH=$(pwd)/bin:$PATH
make e2e-multicluster-test
- name: Stop kubevela, get profile
run: |
make end-e2e-core-shards
- name: Upload coverage report
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
with:
codecov-enable: true
codecov-token: ${{ secrets.CODECOV_TOKEN }}
token: ${{ secrets.CODECOV_TOKEN }}
files: /tmp/e2e-profile.out,/tmp/e2e_multicluster_test.out
flags: e2e-multicluster-test
name: codecov-umbrella
- name: Clean e2e profile
run: |
if [ -f /tmp/e2e-profile.out ]; then
rm /tmp/e2e-profile.out
echo "E2E profile cleaned"
else
echo "E2E profile not found, skipping cleanup"
fi
run: rm /tmp/e2e-profile.out
- name: Cleanup image
if: ${{ always() }}

82
.github/workflows/e2e-test.yml vendored
View File

@@ -18,7 +18,7 @@ permissions:
env:
# Common versions
GO_VERSION: '1.23.8'
GO_VERSION: '1.22'
jobs:
@@ -39,40 +39,84 @@ jobs:
continue-on-error: true
e2e-tests:
runs-on: ubuntu-22.04
runs-on: self-hosted
needs: [ detect-noop ]
if: needs.detect-noop.outputs.noop != 'true'
strategy:
matrix:
k8s-version: ["v1.31"]
k8s-version: ["v1.26"]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
cancel-in-progress: true
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Install tools
run: |
sudo apt-get update
sudo apt-get install make gcc jq ca-certificates curl gnupg -y
sudo snap install kubectl --classic
sudo snap install helm --classic
- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{ env.GO_VERSION }}
- name: Get dependencies
run: |
go get -v -t -d ./...
- name: Setup KinD
uses: ./.github/actions/setup-kind-cluster
run: |
go install sigs.k8s.io/kind@v0.19.0
kind delete cluster || true
kind create cluster
# ========================================================================
# E2E Test Execution
# ========================================================================
- name: Run upgrade e2e tests
uses: ./.github/actions/e2e-test
- name: Get Ginkgo
run: |
go install github.com/onsi/ginkgo/v2/ginkgo@v2.10.0
go get github.com/onsi/gomega@v1.34.2
go mod tidy
- name: Load image
run: |
mkdir -p $HOME/tmp/
TMPDIR=$HOME/tmp/ make image-load
- name: Run Make
run: make
- name: Prepare for e2e tests
run: |
make e2e-cleanup
make e2e-setup-core
helm test -n vela-system kubevela --timeout 5m
- name: Run api e2e tests
run: make e2e-api-test
- name: Run addons e2e tests
run: make e2e-addon-test
- name: Run e2e tests
run: make e2e-test
- name: Stop kubevela, get profile
run: make end-e2e
- name: Upload coverage report
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
with:
codecov-enable: true
codecov-token: ${{ secrets.CODECOV_TOKEN }}
token: ${{ secrets.CODECOV_TOKEN }}
files: /tmp/e2e-profile.out
flags: e2etests
name: codecov-umbrella
- name: Clean e2e profile
run: |
if [ -f /tmp/e2e-profile.out ]; then
rm /tmp/e2e-profile.out
echo "E2E profile cleaned"
else
echo "E2E profile not found, skipping cleanup"
fi
run: rm /tmp/e2e-profile.out
- name: Cleanup image
if: ${{ always() }}

112
.github/workflows/go.yml vendored
View File

@@ -11,15 +11,16 @@ on:
- master
- release-*
permissions: # added using https://github.com/step-security/secure-workflows
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
env:
# Common versions
GO_VERSION: "1.23.8"
GOLANGCI_VERSION: "v1.60.1"
GO_VERSION: '1.19'
GOLANGCI_VERSION: 'v1.49'
jobs:
detect-noop:
runs-on: ubuntu-22.04
outputs:
@@ -43,12 +44,12 @@ jobs:
steps:
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
submodules: true
@@ -63,17 +64,17 @@ jobs:
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
steps:
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
submodules: true
@@ -82,7 +83,7 @@ jobs:
# version, but we prefer this action because it leaves 'annotations' (i.e.
# it comments on PRs to point out linter violations).
- name: Lint
uses: golangci/golangci-lint-action@v6
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
with:
version: ${{ env.GOLANGCI_VERSION }}
@@ -93,62 +94,41 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
submodules: true
- name: Free Disk Space
run: |
echo "Disk space before cleanup:"
df -h
# Remove unnecessary software to free up disk space
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /opt/ghc
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo docker image prune --all --force
echo "Disk space after cleanup:"
df -h
- name: Setup Env
uses: ./.github/actions/env-setup
- name: Setup node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
node-version: "14"
go-version: ${{ env.GO_VERSION }}
- name: Setup kinD
uses: ./.github/actions/setup-kind-cluster
- name: Setup node
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65
with:
node-version: '14'
- name: Cache Go Dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-pkg-
- name: Setup KinD
run: |
go install sigs.k8s.io/kind@v0.19.0
kind delete cluster --name kind || true
kind create cluster --name kind --image=kindest/node:v1.26.4 --kubeconfig ~/.kube/config
- name: Run cross-build
run: make cross-build
- name: Free Disk Space After Cross-Build
run: |
echo "Disk space before cleanup:"
df -h
# Remove cross-build artifacts to free up space
# (make build will rebuild binaries for current platform)
rm -rf _bin
# Clean Go build cache and test cache
go clean -cache -testcache
# Remove Docker build cache
sudo docker builder prune --all --force || true
echo "Disk space after cleanup:"
df -h
- name: Check Diff
run: |
export PATH=$(pwd)/bin/:$PATH
make check-diff
- name: Cleanup binary
run: make build-cleanup
@@ -159,17 +139,17 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
submodules: true
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go Dependencies
uses: actions/cache@v4
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84
with:
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
@@ -190,15 +170,15 @@ jobs:
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
submodules: true
- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Build Test for vela core
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
context: .
file: Dockerfile
@@ -210,15 +190,15 @@ jobs:
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
submodules: true
- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
- name: Build Test for CLI
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Build Test for CLI
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
context: .
file: Dockerfile.cli
file: Dockerfile.cli

16
.github/workflows/issue-commands.yml vendored
View File

@@ -23,17 +23,17 @@ jobs:
path: ./actions
ref: v0.4.2
- name: Setup Node.js
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65
with:
node-version: "14"
cache: "npm"
node-version: '14'
cache: 'npm'
cache-dependency-path: ./actions/package-lock.json
- name: Install Dependencies
run: npm ci --production --prefix ./actions
- name: Run Commands
uses: ./actions/commands
with:
token: ${{ secrets.GH_KUBEVELA_COMMAND_WORKFLOW }}
token: ${{ secrets.GITHUB_TOKEN }}
configPath: issue-commands
backport:
@@ -48,14 +48,14 @@ jobs:
id: command
uses: xt0rted/slash-command-action@bf51f8f5f4ea3d58abc7eca58f77104182b23e88
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token: ${{ secrets.VELA_BOT_TOKEN }}
command: backport
reaction: "true"
reaction-type: "eyes"
allow-edits: "false"
permission-level: read
- name: Handle Command
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
env:
VERSION: ${{ steps.command.outputs.command-arguments }}
with:
@@ -80,7 +80,7 @@ jobs:
with:
fetch-depth: 0
- name: Open Backport PR
uses: zeebe-io/backport-action@0193454f0c5947491d348f33a275c119f30eb736
uses: zeebe-io/backport-action@08bafb375e6e9a9a2b53a744b987e5d81a133191
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
github_workspace: ${{ github.workspace }}
@@ -94,7 +94,7 @@ jobs:
issues: write
steps:
- name: Retest the current pull request
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
env:
PULL_REQUEST_ID: ${{ github.event.issue.number }}
COMMENT_ID: ${{ github.event.comment.id }}

2
.github/workflows/license.yml vendored
View File

@@ -19,7 +19,7 @@ jobs:
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Set up Ruby
uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
uses: ruby/setup-ruby@v1
with:
ruby-version: 2.6
- name: Install dependencies

198
.github/workflows/registry.yml vendored
View File

@@ -1,45 +1,23 @@
name: Registry
on:
push:
branches:
- master
tags:
- 'v*'
- "v*"
workflow_dispatch: {}
permissions:
contents: read
jobs:
publish-vela-images:
name: Build and Push Vela Images
publish-core-images:
permissions:
packages: write
id-token: write
attestations: write
contents: write
runs-on: ubuntu-22.04
outputs:
vela_core_image: ${{ steps.meta-vela-core.outputs.image }}
vela_core_digest: ${{ steps.meta-vela-core.outputs.digest }}
vela_core_dockerhub_image: ${{ steps.meta-vela-core.outputs.dockerhub_image }}
vela_cli_image: ${{ steps.meta-vela-cli.outputs.image }}
vela_cli_digest: ${{ steps.meta-vela-cli.outputs.digest }}
vela_cli_dockerhub_image: ${{ steps.meta-vela-cli.outputs.dockerhub_image }}
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.1
- name: Install Crane
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # v0.1
- name: Install Cosign
uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # main
with:
cosign-release: 'v2.5.0'
- name: Get the image version
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Get the version
id: get_version
run: |
VERSION=${GITHUB_REF#refs/tags/}
@@ -47,41 +25,34 @@ jobs:
VERSION=latest
fi
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
- name: Get git revision
id: vars
shell: bash
run: |
echo "git_revision=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Login to GHCR
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
- name: Login ghcr.io
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to DockerHub
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
- name: Login docker.io
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: docker.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Setup QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with:
driver-opts: image=moby/buildkit:master
- name: Build & Push Vela Core for Dockerhub, GHCR
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
name: Build & Pushing vela-core for Dockerhub, GHCR
with:
context: .
file: Dockerfile
labels: |
labels: |-
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
platforms: linux/amd64,linux/arm64
@@ -90,55 +61,16 @@ jobs:
GITVERSION=git-${{ steps.vars.outputs.git_revision }}
VERSION=${{ steps.get_version.outputs.VERSION }}
GOPROXY=https://proxy.golang.org
tags: |
tags: |-
docker.io/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
ghcr.io/${{ github.repository_owner }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
- name: Get Vela Core Image Digest
id: meta-vela-core
run: |
GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/oamdev/vela-core
DOCKER_IMAGE=docker.io/oamdev/vela-core
TAG=${{ steps.get_version.outputs.VERSION }}
DIGEST=$(crane digest $GHCR_IMAGE:$TAG)
echo "image=$GHCR_IMAGE" >> $GITHUB_OUTPUT
echo "dockerhub_image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Generate SBOM for Vela Core Image
id: generate_vela_core_sbom
uses: anchore/sbom-action@v0.17.0
with:
image: ghcr.io/${{ github.repository_owner }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
registry-username: ${{ github.actor }}
registry-password: ${{ secrets.GITHUB_TOKEN }}
format: spdx-json
artifact-name: sbom-vela-core.spdx.json
output-file: ${{ github.workspace }}/sbom-vela-core.spdx.json
- name: Sign Vela Core Image and Attest SBOM
env:
COSIGN_EXPERIMENTAL: 'true'
run: |
echo "signing vela core images..."
cosign sign --yes ghcr.io/${{ github.repository_owner }}/oamdev/vela-core@${{ steps.meta-vela-core.outputs.digest }}
cosign sign --yes docker.io/oamdev/vela-core@${{ steps.meta-vela-core.outputs.digest }}
echo "attesting SBOM against the vela core image..."
cosign attest --yes --predicate ${{ github.workspace }}/sbom-vela-core.spdx.json --type spdx \
ghcr.io/${{ github.repository_owner }}/oamdev/vela-core@${{ steps.meta-vela-core.outputs.digest }}
cosign attest --yes --predicate ${{ github.workspace }}/sbom-vela-core.spdx.json --type spdx \
docker.io/oamdev/vela-core@${{ steps.meta-vela-core.outputs.digest }}
- name: Build & Push Vela CLI for Dockerhub, GHCR
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
name: Build & Pushing CLI for Dockerhub, GHCR
with:
context: .
file: Dockerfile.cli
labels: |
labels: |-
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
platforms: linux/amd64,linux/arm64
@@ -147,100 +79,6 @@ jobs:
GITVERSION=git-${{ steps.vars.outputs.git_revision }}
VERSION=${{ steps.get_version.outputs.VERSION }}
GOPROXY=https://proxy.golang.org
tags: |
tags: |-
docker.io/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
- name: Get Vela CLI Image Digest
id: meta-vela-cli
run: |
GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli
DOCKER_IMAGE=docker.io/oamdev/vela-cli
TAG=${{ steps.get_version.outputs.VERSION }}
DIGEST=$(crane digest $GHCR_IMAGE:$TAG)
echo "image=$GHCR_IMAGE" >> $GITHUB_OUTPUT
echo "dockerhub_image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Generate SBOM for Vela CLI Image
id: generate_sbom
uses: anchore/sbom-action@v0.17.0
with:
image: ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
registry-username: ${{ github.actor }}
registry-password: ${{ secrets.GITHUB_TOKEN }}
format: spdx-json
artifact-name: sbom-vela-cli.spdx.json
output-file: ${{ github.workspace }}/sbom-vela-cli.spdx.json
- name: Sign Vela CLI Image and Attest SBOM
env:
COSIGN_EXPERIMENTAL: 'true'
run: |
echo "signing vela CLI images..."
cosign sign --yes ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli@${{ steps.meta-vela-cli.outputs.digest }}
cosign sign --yes docker.io/oamdev/vela-cli@${{ steps.meta-vela-cli.outputs.digest }}
echo "attesting SBOM against the vela cli image..."
cosign attest --yes --predicate ${{ github.workspace }}/sbom-vela-cli.spdx.json --type spdx \
ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli@${{ steps.meta-vela-cli.outputs.digest }}
cosign attest --yes --predicate ${{ github.workspace }}/sbom-vela-cli.spdx.json --type spdx \
docker.io/oamdev/vela-cli@${{ steps.meta-vela-cli.outputs.digest }}
- name: Publish SBOMs as release artifacts
uses: anchore/sbom-action/publish-sbom@v0.17.0
provenance-ghcr:
name: Generate and Push Provenance to GCHR
needs: publish-vela-images
if: startsWith(github.ref, 'refs/tags/')
strategy:
matrix:
include:
- name: 'Vela Core Image'
image: ${{ needs.publish-vela-images.outputs.vela_core_image }}
digest: ${{ needs.publish-vela-images.outputs.vela_core_digest }}
- name: 'Vela CLI Image'
image: ${{ needs.publish-vela-images.outputs.vela_cli_image }}
digest: ${{ needs.publish-vela-images.outputs.vela_cli_digest }}
permissions:
id-token: write
contents: write
actions: read
packages: write
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0 # has to be sem var
with:
image: ${{ matrix.image }}
digest: ${{ matrix.digest }}
registry-username: ${{ github.actor }}
secrets:
registry-password: ${{ secrets.GITHUB_TOKEN }}
provenance-dockerhub:
name: Generate and Push Provenance to DockerHub
needs: publish-vela-images
if: startsWith(github.ref, 'refs/tags/')
strategy:
matrix:
include:
- name: 'Vela Core Image'
image: ${{ needs.publish-vela-images.outputs.vela_core_dockerhub_image }}
digest: ${{ needs.publish-vela-images.outputs.vela_core_digest }}
- name: 'Vela CLI Image'
image: ${{ needs.publish-vela-images.outputs.vela_cli_dockerhub_image }}
digest: ${{ needs.publish-vela-images.outputs.vela_cli_digest }}
permissions:
id-token: write
contents: write
packages: write
actions: read
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
with:
image: ${{ matrix.image }}
digest: ${{ matrix.digest }}
secrets:
registry-username: ${{ secrets.DOCKER_USERNAME }}
registry-password: ${{ secrets.DOCKER_PASSWORD }}

98
.github/workflows/release.yml vendored
View File

@@ -4,15 +4,13 @@ on:
push:
tags:
- "v*"
workflow_dispatch: {}
workflow_dispatch: { }
permissions:
contents: read
jobs:
goreleaser:
name: goreleaser
runs-on: ubuntu-22.04
build:
permissions:
contents: write
actions: read
@@ -22,83 +20,27 @@ jobs:
pull-requests: read
repository-projects: read
statuses: read
id-token: write
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
runs-on: ubuntu-22.04
name: goreleaser
steps:
- name: Check disk (before)
run: |
df -h
sudo du -sh /usr/local/lib/android /usr/share/dotnet /opt/ghc || true
- name: Free Disk Space (Ubuntu)
uses: insightsengineering/disk-space-reclaimer@v1
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tools-cache: false
# all of these default to true, but feel free to set to
# "false" if necessary for your workflow
android: true
dotnet: true
haskell: true
large-packages: true
swap-storage: true
docker-images: true
# Extra prune in case your job builds/pulls images
- name: Deep Docker prune
run: |
docker system prune -af || true
docker builder prune -af || true
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
fetch-depth: 0
- name: Get Git tags
run: git fetch --force --tags
- run: git fetch --force --tags
- name: Set up Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: 1.23.8
go-version: 1.19
cache: true
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: "v2.5.0"
- name: Install syft
uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
distribution: goreleaser
version: 1.14.1
args: release --rm-dist --timeout 60m
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Generate hashes
id: hash
if: startsWith(github.ref, 'refs/tags/')
run: |
set -euo pipefail
HASHES=$(find dist -type f -exec sha256sum {} \; | base64 -w0)
echo "hashes=$HASHES" >> "$GITHUB_OUTPUT"
- name: Check disk (after)
run: df -h
upload-plugin-homebrew:
name: upload-sha256sums
needs: goreleaser
runs-on: ubuntu-22.04
if: ${{ !contains(github.ref, 'alpha') && !contains(github.ref, 'beta') && !contains(github.ref, 'rc') }}
permissions:
contents: write
actions: read
@@ -108,22 +50,20 @@ jobs:
pull-requests: read
repository-projects: read
statuses: read
needs: build
runs-on: ubuntu-22.04
if: ${{ !contains(github.ref, 'alpha') && !contains(github.ref, 'beta') && !contains(github.ref, 'rc') }}
name: upload-sha256sums
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Update kubectl plugin version in krew-index
uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46
provenance-vela-bins:
name: generate provenance for binaries
needs: [goreleaser]
if: startsWith(github.ref, 'refs/tags/')
permissions:
id-token: write
contents: write
actions: read
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0 # has to be sem var
with:
base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
upload-assets: true
- name: Update Homebrew formula
uses: dawidd6/action-homebrew-bump-formula@d3667e5ae14df19579e4414897498e3e88f2f458 # v3.10.0
with:
token: ${{ secrets.HOMEBREW_TOKEN }}
formula: kubevela
tag: ${{ github.ref }}
revision: ${{ github.sha }}
force: false

6
.github/workflows/scorecards.yml vendored
View File

@@ -28,7 +28,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # tag=v2.4.1
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # tag=v2.3.1
with:
results_file: results.sarif
results_format: sarif
@@ -47,7 +47,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@134dcf33c0b9454c4b17a936843d7e21dccdc335 # v4.3.6
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: SARIF file
path: results.sarif
@@ -55,6 +55,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
with:
sarif_file: results.sarif

18
.github/workflows/sdk-test.yml vendored
View File

@@ -16,26 +16,28 @@ on:
permissions:
contents: read
env:
# Common versions
GO_VERSION: '1.19'
GOLANGCI_VERSION: 'v1.49'
jobs:
sdk-tests:
runs-on: ubuntu-22.04
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Setup Env
uses: ./.github/actions/env-setup
- name: Setup Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{ env.GO_VERSION }}
- name: Install Go tools
run: |
make goimports
make golangci
- name: Setup KinD
uses: ./.github/actions/setup-kind-cluster
with:
name: sdk-test
- name: Build CLI
run: make vela-cli

11
.github/workflows/sync-api.yml vendored
View File

@@ -10,16 +10,21 @@ on:
permissions:
contents: read
env:
GO_VERSION: '1.19'
jobs:
sync-core-api:
runs-on: ubuntu-22.04
steps:
- name: Set up Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code into the Go module directory
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Setup Env
uses: ./.github/actions/env-setup
- name: Get the version
id: get_version
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT

27
.github/workflows/sync-sdk.yaml vendored
View File

@@ -14,33 +14,36 @@ on:
permissions:
contents: read
env:
GO_VERSION: '1.19'
jobs:
sync_sdk:
runs-on: ubuntu-22.04
steps:
- name: Set up Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code into the Go module directory
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
- name: Env setup
uses: ./.github/actions/env-setup
- name: Get the version
id: get_version
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
- name: Get dependencies
run: |
go get -v -t -d ./...
- name: Install Go tools
run: |
make goimports
- name: Build CLI
run: make vela-cli
- name: Setup KinD
uses: ./.github/actions/setup-kind-cluster
with:
name: sync-sdk
- name: Get the version
id: get_version
run: echo "VERSION=${GITHUB_REF}" >> $GITHUB_OUTPUT
- name: Sync SDK to kubevela/kubevela-go-sdk
run: bash ./hack/sdk/sync.sh
env:

4
.github/workflows/trivy-scan.yml vendored
View File

@@ -20,14 +20,14 @@ jobs:
docker build --build-arg GOPROXY=https://proxy.golang.org -t docker.io/oamdev/vela-core:${{ github.sha }} .
- name: Run Trivy vulnerability scanner for vela core
uses: aquasecurity/trivy-action@d9cd5b1c23aaf8cb31bb09141028215828364bbb # master
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/oamdev/vela-core:${{ github.sha }}'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: 'trivy-results.sarif'

60
.github/workflows/unit-test.yml vendored
View File

@@ -5,7 +5,7 @@ on:
branches:
- master
- release-*
workflow_dispatch: {}
workflow_dispatch: { }
pull_request:
branches:
- master
@@ -14,10 +14,15 @@ on:
permissions:
contents: read
env:
# Common versions
GO_VERSION: '1.19'
jobs:
detect-noop:
permissions:
actions: write # for fkirc/skip-duplicate-actions to skip or stop workflow runs
actions: write # for fkirc/skip-duplicate-actions to skip or stop workflow runs
runs-on: ubuntu-22.04
outputs:
noop: ${{ steps.noop.outputs.should_skip }}
@@ -37,19 +42,48 @@ jobs:
if: needs.detect-noop.outputs.noop != 'true'
steps:
- name: Set up Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code into the Go module directory
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
with:
submodules: true
- name: Setup Env
uses: ./.github/actions/env-setup
- name: Setup KinD with Kubernetes
uses: ./.github/actions/setup-kind-cluster
- name: Run unit tests
uses: ./.github/actions/unit-test
- name: Cache Go Dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84
with:
codecov-enable: true
codecov-token: ${{ secrets.CODECOV_TOKEN }}
path: .work/pkg
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-pkg-
- name: Install ginkgo
run: |
sudo sed -i 's/azure\.//' /etc/apt/sources.list
sudo apt-get update
sudo apt-get install -y golang-ginkgo-dev
- name: Setup KinD
run: |
go install sigs.k8s.io/kind@v0.19.0
kind create cluster
- name: install Kubebuilder
uses: RyanSiu1995/kubebuilder-action@7170cb0476187070ae04cbb6cee305e809de2693
with:
version: 3.9.1
kubebuilderOnly: false
kubernetesVersion: v1.26.2
- name: Run Make test
run: make test
- name: Upload coverage report
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./coverage.txt
flags: core-unittests
name: codecov-umbrella

98
.github/workflows/upgrade-e2e-multicluster-test.yml vendored
View File

@@ -1,98 +0,0 @@
# =============================================================================
# E2E Upgrade Multicluster Test Workflow
# =============================================================================
# This workflow performs end-to-end testing for KubeVela multicluster upgrades.
# It tests the upgrade path from the latest released version to the current
# development branch across multiple Kubernetes versions.
#
# Test Flow:
# 1. Install latest KubeVela release
# 2. Build and upgrade to current development version
# 3. Run multicluster e2e tests to verify functionality
# =============================================================================
name: E2E Upgrade Multicluster Test
# =============================================================================
# Trigger Configuration
# =============================================================================
on:
# Trigger on pull requests targeting main branches
pull_request:
branches:
- master
- release-*
# Allow manual workflow execution
workflow_dispatch: {}
# =============================================================================
# Security Configuration
# =============================================================================
permissions:
contents: read # Read-only access to repository contents
# =============================================================================
# Global Environment Variables
# =============================================================================
env:
GO_VERSION: '1.23.8' # Go version for building and testing
# =============================================================================
# Job Definitions
# =============================================================================
jobs:
upgrade-multicluster-tests:
name: Upgrade Multicluster Tests
runs-on: ubuntu-22.04
if: startsWith(github.head_ref, 'chore/upgrade-k8s-')
timeout-minutes: 60 # Prevent hanging jobs
# ==========================================================================
# Matrix Strategy - Test against multiple Kubernetes versions
# ==========================================================================
strategy:
fail-fast: false # Continue testing other versions if one fails
matrix:
k8s-version: ['v1.31.9']
# ==========================================================================
# Concurrency Control - Prevent overlapping runs
# ==========================================================================
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
cancel-in-progress: true
steps:
# ========================================================================
# Environment Setup
# ========================================================================
- name: Check out repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
# ========================================================================
# Kubernetes Cluster Setup
# ========================================================================
- name: Setup worker cluster kinD
uses: ./.github/actions/setup-kind-cluster
with:
name: worker
- name: Setup KinD master clusters for multicluster testing
uses: ./.github/actions/setup-kind-cluster
with:
k8s-version: ${{ matrix.k8s-version }}
- name: Deploy latest release
uses: ./.github/actions/deploy-latest-release
- name: Upgrade from current branch
uses: ./.github/actions/deploy-current-branch
- name: Run upgarde multicluster tests
uses: ./.github/actions/multicluster-test
with:
codecov-enable: false
codecov-token: ''

102
.github/workflows/upgrade-e2e-test.yml vendored
View File

@@ -1,102 +0,0 @@
# =============================================================================
# Upgrade E2E Test Workflow
# =============================================================================
# This workflow performs comprehensive end-to-end testing for KubeVela upgrades.
# It validates the upgrade path from the latest stable release to the current
# development version by running multiple test suites including API, addon,
# and general e2e tests.
#
# Test Flow:
# 1. Install latest KubeVela release
# 2. Build and upgrade to current development version
# 3. Run comprehensive e2e test suites (API, addon, general)
# 4. Validate upgrade functionality and compatibility
# =============================================================================
name: Upgrade E2E Test
# =============================================================================
# Trigger Configuration
# =============================================================================
on:
# Trigger on pull requests targeting main branches
pull_request:
branches:
- master
- release-*
# Allow manual workflow execution
workflow_dispatch: {}
# =============================================================================
# Environment Variables
# =============================================================================
env:
GO_VERSION: '1.23.8'
# =============================================================================
# Security Configuration
# =============================================================================
permissions:
contents: read # Read-only access to repository contents
# =============================================================================
# Job Definitions
# =============================================================================
jobs:
upgrade-tests:
name: Upgrade E2E Tests
runs-on: ubuntu-22.04
if: startsWith(github.head_ref, 'chore/upgrade-k8s-')
timeout-minutes: 90 # Extended timeout for comprehensive e2e testing
# ==========================================================================
# Matrix Strategy - Test against multiple Kubernetes versions
# ==========================================================================
strategy:
fail-fast: false # Continue testing other versions if one fails
matrix:
k8s-version: ['v1.31.9']
# ==========================================================================
# Concurrency Control - Prevent overlapping runs
# ==========================================================================
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
cancel-in-progress: true
steps:
# ========================================================================
# Repository Setup
# ========================================================================
- name: Check out code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
# ========================================================================
# Kubernetes Cluster Setup
# ========================================================================
- name: Setup KinD with Kubernetes ${{ matrix.k8s-version }}
uses: ./.github/actions/setup-kind-cluster
with:
k8s-version: ${{ matrix.k8s-version }}
- name: Build vela CLI
run: make vela-cli
- name: Build kubectl-vela plugin
run: make kubectl-vela
- name: Install kustomize
run: make kustomize
- name: Deploy latest release
uses: ./.github/actions/deploy-latest-release
- name: Upgrade from current branch
uses: ./.github/actions/deploy-current-branch
# ========================================================================
# E2E Test Execution
# ========================================================================
- name: Run upgrade e2e tests
uses: ./.github/actions/e2e-test

83
.github/workflows/upgrade-unit-test.yml vendored
View File

@@ -1,83 +0,0 @@
# =============================================================================
# Upgrade Unit Test Workflow
# =============================================================================
# This workflow performs unit testing for KubeVela upgrades by:
# 1. Installing the latest stable KubeVela release
# 2. Building and upgrading to the current development version
# 3. Running unit tests to validate the upgrade functionality
# =============================================================================
name: Upgrade Unit Test
# =============================================================================
# Trigger Configuration
# =============================================================================
on:
# Trigger on pull requests targeting main and release branches
pull_request:
branches:
- master
- release-*
# Allow manual workflow execution
workflow_dispatch: {}
# =============================================================================
# Security Configuration
# =============================================================================
permissions:
contents: read # Read-only access to repository contents
# =============================================================================
# Job Definitions
# =============================================================================
jobs:
upgrade-tests:
name: Upgrade Unit Tests
runs-on: ubuntu-22.04
if: startsWith(github.head_ref, 'chore/upgrade-k8s-')
timeout-minutes: 45 # Prevent hanging jobs
# ==========================================================================
# Matrix Strategy - Test against multiple Kubernetes versions
# ==========================================================================
strategy:
fail-fast: false # Continue testing other versions if one fails
matrix:
k8s-version: ['v1.31.9']
# ==========================================================================
# Concurrency Control - Prevent overlapping runs
# ==========================================================================
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
cancel-in-progress: true
steps:
# ========================================================================
# Environment Setup
# ========================================================================
- name: Check out code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
# ========================================================================
# Kubernetes Cluster Setup
# ========================================================================
- name: Setup KinD with Kubernetes ${{ matrix.k8s-version }}
uses: ./.github/actions/setup-kind-cluster
with:
k8s-version: ${{ matrix.k8s-version }}
- name: Deploy latest release
uses: ./.github/actions/deploy-latest-release
- name: Upgrade from current branch
uses: ./.github/actions/deploy-current-branch
- name: Run unit tests
uses: ./.github/actions/unit-test
with:
codecov-enable: false
codecov-token: ''

165
.github/workflows/webhook-upgrade-validation.yml vendored
View File

@@ -1,165 +0,0 @@
name: Webhook Upgrade Validation
on:
push:
branches:
- master
- release-*
tags:
- v*
workflow_dispatch: {}
pull_request:
branches:
- master
- release-*
permissions:
contents: read
env:
GO_VERSION: '1.23.8'
jobs:
webhook-upgrade-check:
runs-on: ubuntu-22.04
timeout-minutes: 30
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
- name: Setup Env
uses: ./.github/actions/env-setup
- name: Setup KinD
run: |
go install sigs.k8s.io/kind@v0.29.0
kind delete cluster || true
kind create cluster --image=kindest/node:v1.31.9
- name: Install KubeVela CLI
run: curl -fsSL https://kubevela.io/script/install.sh | bash
- name: Install KubeVela baseline
run: |
vela install --set featureGates.enableCueValidation=true
kubectl wait --namespace vela-system --for=condition=Available deployment/kubevela-vela-core --timeout=300s
- name: Prepare failing chart changes
run: |
cat <<'CHART' > charts/vela-core/templates/defwithtemplate/resource.yaml
# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
# Definition source cue file: vela-templates/definitions/internal/resource.cue
apiVersion: core.oam.dev/v1beta1
kind: TraitDefinition
metadata:
annotations:
definition.oam.dev/description: Add resource requests and limits on K8s pod for your workload which follows the pod spec in path 'spec.template.'
name: resource
namespace: {{ include "systemDefinitionNamespace" . }}
spec:
appliesToWorkloads:
- deployments.apps
- statefulsets.apps
- daemonsets.apps
- jobs.batch
- cronjobs.batch
podDisruptive: true
schematic:
cue:
template: |2
let resourceContent = {
resources: {
if parameter.cpu != _|_ if parameter.memory != _|_ if parameter.requests == _|_ if parameter.limits == _|_ {
// +patchStrategy=retainKeys
requests: {
cpu: parameter.cpu
memory: parameter.memory
}
// +patchStrategy=retainKeys
limits: {
cpu: parameter.cpu
memory: parameter.memory
}
}
if parameter.requests != _|_ {
// +patchStrategy=retainKeys
requests: {
cpu: parameter.requests.cpu
memory: parameter.requests.memory
}
}
if parameter.limits != _|_ {
// +patchStrategy=retainKeys
limits: {
cpu: parameter.limits.cpu
memory: parameter.limits.memory
}
}
}
}
if context.output.spec != _|_ if context.output.spec.template != _|_ {
patch: spec: template: spec: {
// +patchKey=name
containers: [resourceContent]
}
}
if context.output.spec != _|_ if context.output.spec.jobTemplate != _|_ {
patch: spec: jobTemplate: spec: template: spec: {
// +patchKey=name
containers: [resourceContent]
}
}
parameter: {
// +usage=Specify the amount of cpu for requests and limits
cpu?: *1 | number | string
// +usage=Specify the amount of memory for requests and limits
memory?: *"2048Mi" | =~"^([1-9][0-9]{0,63})(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)$"
// +usage=Specify the resources in requests
requests?: {
// +usage=Specify the amount of cpu for requests
cpu: *1 | number | string
// +usage=Specify the amount of memory for requests
memory: *"2048Mi" | =~"^([1-9][0-9]{0,63})(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)$"
}
// +usage=Specify the resources in limits
limits?: {
// +usage=Specify the amount of cpu for limits
cpu: *1 | number | string
// +usage=Specify the amount of memory for limits
memory: *"2048Mi" | =~"^([1-9][0-9]{0,63})(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)$"
}
}
- name: Load image
run: |
mkdir -p $HOME/tmp/
TMPDIR=$HOME/tmp/ make image-load
- name: Run Helm upgrade (expected to fail)
run: |
set +e
helm upgrade \
--set image.repository=vela-core-test \
--set image.tag=$(git rev-parse --short HEAD) \
--set featureGates.enableCueValidation=true \
--wait kubevela ./charts/vela-core --debug -n vela-system
status=$?
echo "Helm upgrade exit code: ${status}"
if [ $status -eq 0 ]; then
echo "Expected helm upgrade to fail" >&2
exit 1
fi
echo "Helm upgrade failed as expected"
- name: Dump webhook configurations
if: ${{ always() }}
run: |
kubectl get mutatingwebhookconfiguration kubevela-vela-core-admission -o yaml
kubectl get validatingwebhookconfiguration kubevela-vela-core-admission -o yaml
- name: Verify webhook validation remains active
run: ginkgo -v --focus-file requiredparam_validation_test.go ./test/e2e-test
- name: Cleanup kind cluster
if: ${{ always() }}
run: kind delete cluster --name kind

9
.gitignore vendored
View File

@@ -35,21 +35,12 @@ vendor/
.vscode
.history
# Debug binaries generated by VS Code/Delve
__debug_bin*
*/__debug_bin*
# Webhook certificates generated at runtime
k8s-webhook-server/
options.go.bak
pkg/test/vela
config/crd/bases
_tmp/
references/cmd/cli/fake/source.go
references/cmd/cli/fake/chart_source.go
references/vela-sdk-gen/*
charts/vela-core/crds/_.yaml
.test_vela
tmp/

71
.golangci.yml
View File

@@ -1,6 +1,18 @@
run:
timeout: 10m
skip-files:
- "zz_generated\\..+\\.go$"
- ".*_test.go$"
skip-dirs:
- "hack"
- "e2e"
output:
# colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
format: colored-line-number
linters-settings:
errcheck:
# report about not checking of errors in type assetions: `a := b.(MyStruct)`;
@@ -11,12 +23,24 @@ linters-settings:
# default is false: such cases aren't reported by default.
check-blank: false
# [deprecated] comma-separated list of pairs of the form pkg:regex
# the regex is used to ignore names within pkg. (default "fmt:.*").
# see https://github.com/kisielk/errcheck#the-deprecated-method for details
ignore: fmt:.*,io/ioutil:^Read.*
exhaustive:
# indicates that switch statements are to be considered exhaustive if a
# 'default' case is present, even if all enum members aren't listed in the
# switch
default-signifies-exhaustive: true
govet:
# report about shadowed variables
check-shadowing: false
revive:
# minimal confidence for issues, default is 0.8
min-confidence: 0.8
gofmt:
# simplify code: gofmt with `-s` option, true by default
@@ -31,6 +55,9 @@ linters-settings:
# minimal code complexity to report, 30 by default (but we recommend 10-20)
min-complexity: 30
maligned:
# print struct with more effective memory layout or not, false by default
suggest-new: true
dupl:
# tokens count to trigger issue, 150 by default
@@ -46,6 +73,13 @@ linters-settings:
# tab width in spaces. Default to 1.
tab-width: 1
unused:
# treat code as a program (not a library) and report unused exported identifiers; default is false.
# XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
# if it's called for subdir of a project it can't find funcs usages. All text editor integrations
# with golangci-lint call it on a directory with the changed file.
check-exported: false
unparam:
# Inspect exported functions, default is false. Set to true if no external program/library imports your code.
# XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
@@ -73,13 +107,9 @@ linters-settings:
# Allow only slices initialized with a length of zero. Default is false.
always: false
revive:
rules:
- name: unused-parameter
disabled: true
linters:
enable:
- megacheck
- govet
- gocyclo
- gocritic
@@ -91,10 +121,11 @@ linters:
- misspell
- nakedret
- exportloopref
- unused
- gosimple
- staticcheck
disable:
- deadcode
- scopelint
- structcheck
- varcheck
- rowserrcheck
- sqlclosecheck
- errchkjson
@@ -106,28 +137,8 @@ linters:
issues:
exclude-files:
- "zz_generated\\..+\\.go$"
- ".*_test.go$"
exclude-dirs:
- "hack"
- "e2e"
# Excluding configuration per-path and per-linter
exclude-rules:
- path: .*\.go
linters:
- errcheck
text: "fmt\\."
# Ignore unchecked errors from io/ioutil functions starting with Read
- path: .*\.go
linters:
- errcheck
text: "io/ioutil.*Read"
# Exclude some linters from running on tests files.
- path: _test(ing)?\.go
linters:
@@ -216,7 +227,7 @@ issues:
new: false
# Maximum issues count per one linter. Set to 0 to disable. Default is 50.
max-issues-per-linter: 0
max-per-linter: 0
# Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
max-same-issues: 0
max-same-issues: 0

22
.goreleaser.yaml
View File

@@ -31,28 +31,6 @@ builds:
ldflags:
- -s -w -X github.com/oam-dev/kubevela/version.VelaVersion={{ .Version }} -X github.com/oam-dev/kubevela/version.GitRevision=git-{{.ShortCommit}}
sboms:
- id: kubevela-binaries-sboms
artifacts: binary
documents:
- "${artifact}-{{ .Version }}-{{ .Os }}-{{ .Arch }}.spdx.sbom.json"
signs:
- id: kubevela-cosign-keyless
artifacts: checksum # sign the checksum file over individual artifacts
signature: "${artifact}-keyless.sig"
certificate: "${artifact}-keyless.pem"
cmd: cosign
args:
- "sign-blob"
- "--yes"
- "--output-signature"
- "${artifact}-keyless.sig"
- "--output-certificate"
- "${artifact}-keyless.pem"
- "${artifact}"
output: true
archives:
- format: tar.gz
id: vela-cli-tgz

2
CHANGELOG/CHANGELOG-1.1.md
View File

@@ -230,7 +230,7 @@ spec:
1. Workflow support specify Order Steps by Field Tag (#2022)
2. support application policy (#2011)
3. add OCM multi cluster demo (#1992)
4. Fix(volume): separate volume to trait (#2027)
4. Fix(volume): seperate volume to trait (#2027)
5. allow application skip gc resource and leave workload ownerReference controlled by rollout(#2024)
6. Store component parameters in context (#2030)
7. Allow specify chart values for helm trait(#2033)

2
CONTRIBUTING.md
View File

@@ -1,3 +1,3 @@
# CONTRIBUTING Guide
Please refer to https://kubevela.io/docs/contributor/overview for details.
Please refer to https://kubevela.io/docs/contributor/overview for details.

2
Dockerfile
View File

@@ -1,6 +1,6 @@
ARG BASE_IMAGE
# Build the manager binary
FROM golang:1.23.8-alpine@sha256:b7486658b87d34ecf95125e5b97e8dfe86c21f712aa36fc0c702e5dc41dc63e1 AS builder
FROM golang:1.19-alpine3.18 as builder
WORKDIR /workspace
# Copy the Go Modules manifests

2
Dockerfile.cli
View File

@@ -1,6 +1,6 @@
ARG BASE_IMAGE
# Build the cli binary
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.23.8-alpine@sha256:b7486658b87d34ecf95125e5b97e8dfe86c21f712aa36fc0c702e5dc41dc63e1 AS builder
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine@sha256:2381c1e5f8350a901597d633b2e517775eeac7a6682be39225a93b22cfd0f8bb as builder
ARG GOPROXY
ENV GOPROXY=${GOPROXY:-https://proxy.golang.org}
WORKDIR /workspace

2
Dockerfile.e2e
View File

@@ -1,6 +1,6 @@
ARG BASE_IMAGE
# Build the manager binary
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.23.8-alpine@sha256:b7486658b87d34ecf95125e5b97e8dfe86c21f712aa36fc0c702e5dc41dc63e1 AS builder
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.22.7-alpine@sha256:48eab5e3505d8c8b42a06fe5f1cf4c346c167cc6a89e772f31cb9e5c301dcf60 as builder
WORKDIR /workspace
# Copy the Go Modules manifests

20
Makefile
View File

@@ -12,7 +12,7 @@ all: build
# Targets
## test: Run tests
test: envtest unit-test-core test-cli-gen
test: unit-test-core test-cli-gen
@$(OK) unit-tests pass
## test-cli-gen: Run the unit tests for cli gen
@@ -22,8 +22,8 @@ test-cli-gen:
## unit-test-core: Run the unit tests for core
unit-test-core:
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... ./apis/... | grep -v apiserver | grep -v applicationconfiguration)
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test $(shell go list ./references/... | grep -v apiserver)
go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... ./apis/... | grep -v apiserver | grep -v applicationconfiguration)
go test $(shell go list ./references/... | grep -v apiserver)
## build: Build vela cli binary
build: vela-cli kubectl-vela
@@ -41,8 +41,9 @@ fmt: goimports installcue
$(CUE) fmt ./vela-templates/definitions/internal/*
$(CUE) fmt ./vela-templates/definitions/deprecated/*
$(CUE) fmt ./vela-templates/definitions/registry/*
$(CUE) fmt ./pkg/workflow/template/static/*
$(CUE) fmt ./pkg/workflow/providers/...
$(CUE) fmt ./pkg/stdlib/pkgs/*
$(CUE) fmt ./pkg/stdlib/op.cue
$(CUE) fmt ./pkg/workflow/tasks/template/static/*
## sdk_fmt: Run go fmt against code
sdk_fmt:
@@ -61,11 +62,11 @@ staticcheck: staticchecktool
## lint: Run the golangci-lint
lint: golangci
@$(INFO) lint
@GOLANGCILINT=$(GOLANGCILINT) ./hack/utils/golangci-lint-wrapper.sh
@$(GOLANGCILINT) run --fix --verbose --skip-dirs 'scaffold'
## reviewable: Run the reviewable
## Run make build to compile vela binary before running this target to ensure all generated definitions are up to date.
reviewable: build manifests fmt vet lint staticcheck helm-doc-gen sdk_fmt
reviewable: manifests fmt vet lint staticcheck helm-doc-gen sdk_fmt
go mod tidy
# check-diff: Execute auto-gen code commands and ensure branch is clean.
check-diff: reviewable
@@ -103,10 +104,11 @@ manager:
$(GOBUILD_ENV) go build -o bin/manager -a -ldflags $(LDFLAGS) ./cmd/core/main.go
## manifests: Generate manifests e.g. CRD, RBAC etc.
manifests: tidy installcue kustomize sync-crds
manifests: installcue kustomize
go generate $(foreach t,pkg apis,./$(t)/...)
# TODO(yangsoon): kustomize will merge all CRD into a whole file, it may not work if we want patch more than one CRD in this way
$(KUSTOMIZE) build config/crd -o config/crd/base/core.oam.dev_applications.yaml
./hack/crd/cleanup.sh
go run ./hack/crd/dispatch/dispatch.go config/crd/base charts/vela-core/crds
rm -f config/crd/base/*
./vela-templates/gen_definitions.sh

14
README.md
View File

@@ -17,7 +17,7 @@
[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubevela)](https://artifacthub.io/packages/search?repo=kubevela)
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4602/badge)](https://bestpractices.coreinfrastructure.org/projects/4602)
![E2E status](https://github.com/kubevela/kubevela/workflows/E2E%20Test/badge.svg)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/kubevela/kubevela/badge)](https://scorecard.dev/viewer/?uri=github.com/kubevela/kubevela)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/kubevela/kubevela/badge)](https://api.securityscorecards.dev/projects/github.com/kubevela/kubevela)
[![](https://img.shields.io/badge/KubeVela-Check%20Your%20Contribution-orange)](https://opensource.alibaba.com/contribution_leaderboard/details?projectValue=kubevela)
## Introduction
@@ -59,14 +59,6 @@ and share the large growing community [addons](https://kubevela.net/docs/referen
* [Installation](https://kubevela.io/docs/install)
* [Deploy Your Application](https://kubevela.io/docs/quick-start)
### Get Your Own Demo with Alibaba Cloud
- install KubeVela on a Serverless K8S cluster in 3 minutes, try:
<a href="https://acs.console.aliyun.com/quick-deploy?repo=kubevela/kubevela&branch=master" target="_blank">
<img src="https://img.alicdn.com/imgextra/i1/O1CN01aiPSuA1Wiz7wkgF5u_!!6000000002823-55-tps-399-70.svg" width="200" alt="Deploy on Alibaba Cloud">
</a>
## Documentation
Full documentation is available on the [KubeVela website](https://kubevela.io/).
@@ -107,7 +99,7 @@ Check out [KubeVela videos](https://kubevela.io/videos/talks/en/oam-dapr) for th
## Contributing
Check out [CONTRIBUTING](https://kubevela.io/docs/contributor/overview) to see how to develop with KubeVela
Check out [CONTRIBUTING](https://kubevela.io/docs/contributor/overview) to see how to develop with KubeVela.
## Report Vulnerability
@@ -115,4 +107,4 @@ Security is a first priority thing for us at KubeVela. If you come across a rela
## Code of Conduct
KubeVela adopts [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
KubeVela adopts [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).

54
apis/core.oam.dev/common/types.go
View File

@@ -26,7 +26,6 @@ import (
"k8s.io/apimachinery/pkg/runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
wfTypesv1alpha1 "github.com/kubevela/pkg/apis/oam/v1alpha1"
workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
@@ -136,9 +135,6 @@ type Status struct {
// HealthPolicy defines the health check policy for the abstraction
// +optional
HealthPolicy string `json:"healthPolicy,omitempty"`
// Details stores a string representation of a CUE status map to be evaluated at runtime for display
// +optional
Details string `json:"details,omitempty"`
}
// ApplicationPhase is a label for the condition of an application at the current time
@@ -176,7 +172,6 @@ type ApplicationComponentStatus struct {
// WorkloadDefinition is the definition of a WorkloadDefinition, such as deployments/apps.v1
WorkloadDefinition WorkloadGVK `json:"workloadDefinition,omitempty"`
Healthy bool `json:"healthy"`
Details map[string]string `json:"details,omitempty"`
Message string `json:"message,omitempty"`
Traits []ApplicationTraitStatus `json:"traits,omitempty"`
Scopes []corev1.ObjectReference `json:"scopes,omitempty"`
@@ -190,10 +185,9 @@ func (in ApplicationComponentStatus) Equal(r ApplicationComponentStatus) bool {
// ApplicationTraitStatus records the trait health status
type ApplicationTraitStatus struct {
Type string `json:"type"`
Healthy bool `json:"healthy"`
Details map[string]string `json:"details,omitempty"`
Message string `json:"message,omitempty"`
Type string `json:"type"`
Healthy bool `json:"healthy"`
Message string `json:"message,omitempty"`
}
// Revision has name and revision number
@@ -205,24 +199,6 @@ type Revision struct {
RevisionHash string `json:"revisionHash,omitempty"`
}
// AppliedApplicationPolicy records minimal status information about an Application-scoped policy.
// This covers both global (auto-discovered) and explicit (spec-referenced) policies.
// Full details (transforms, labels, annotations, etc.) are stored in the ConfigMap referenced
// by ApplicationPoliciesConfigMap for persistent storage and observability.
type AppliedApplicationPolicy struct {
Name string `json:"name"`
Namespace string `json:"namespace"`
Applied bool `json:"applied"`
Reason string `json:"reason,omitempty"` // e.g., "enabled=false: namespace mismatch"
Source string `json:"source,omitempty"` // "global" or "explicit" - how the policy was applied
// Summary of changes (counts only - full details in ConfigMap)
SpecModified bool `json:"specModified,omitempty"`
LabelsCount int `json:"labelsCount,omitempty"` // Number of labels added
AnnotationsCount int `json:"annotationsCount,omitempty"` // Number of annotations added
HasContext bool `json:"hasContext,omitempty"` // Has additionalContext data
}
// AppStatus defines the observed state of Application
type AppStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
@@ -244,12 +220,6 @@ type AppStatus struct {
// Workflow record the status of workflow
Workflow *WorkflowStatus `json:"workflow,omitempty"`
// WorkflowRestartScheduledAt schedules a workflow restart at the specified time.
// This field is automatically set when the app.oam.dev/restart-workflow annotation is present,
// and is cleared after the restart is triggered. Use RFC3339 format or set to current time for immediate restart.
// +optional
WorkflowRestartScheduledAt *metav1.Time `json:"workflowRestartScheduledAt,omitempty"`
// LatestRevision of the application configuration it generates
// +optional
LatestRevision *Revision `json:"latestRevision,omitempty"`
@@ -257,18 +227,6 @@ type AppStatus struct {
// AppliedResources record the resources that the workflow step apply.
AppliedResources []ClusterObjectReference `json:"appliedResources,omitempty"`
// AppliedApplicationPolicies lists Application-scoped policies (both global and explicit)
// that were discovered and applied (or skipped) during reconciliation.
// This provides transparency for debugging policy effects on the Application spec.
// +optional
AppliedApplicationPolicies []AppliedApplicationPolicy `json:"appliedApplicationPolicies,omitempty"`
// ApplicationPoliciesConfigMap references the ConfigMap containing rendered policy outputs
// (transforms, additionalContext, etc.) for Application-scoped policies.
// Format: "application-policies-{namespace}-{name}"
// +optional
ApplicationPoliciesConfigMap string `json:"applicationPoliciesConfigMap,omitempty"`
// PolicyStatus records the status of policy
// Deprecated This field is only used by EnvBinding Policy which is deprecated.
PolicyStatus []PolicyStatus `json:"policy,omitempty"`
@@ -338,9 +296,9 @@ type ApplicationComponent struct {
// +kubebuilder:pruning:PreserveUnknownFields
Properties *runtime.RawExtension `json:"properties,omitempty"`
DependsOn []string `json:"dependsOn,omitempty"`
Inputs wfTypesv1alpha1.StepInputs `json:"inputs,omitempty"`
Outputs wfTypesv1alpha1.StepOutputs `json:"outputs,omitempty"`
DependsOn []string `json:"dependsOn,omitempty"`
Inputs workflowv1alpha1.StepInputs `json:"inputs,omitempty"`
Outputs workflowv1alpha1.StepOutputs `json:"outputs,omitempty"`
// Traits define the trait of one component, the type must be array to keep the order.
Traits []ApplicationTrait `json:"traits,omitempty"`

48
apis/core.oam.dev/common/zz_generated.deepcopy.go
View File

@@ -1,4 +1,5 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
Copyright 2023 The KubeVela Authors.
@@ -21,7 +22,6 @@ limitations under the License.
package common
import (
oamv1alpha1 "github.com/kubevela/pkg/apis/oam/v1alpha1"
"github.com/kubevela/workflow/api/v1alpha1"
crossplane_runtime "github.com/oam-dev/terraform-controller/api/types/crossplane-runtime"
v1 "k8s.io/api/core/v1"
@@ -49,10 +49,6 @@ func (in *AppStatus) DeepCopyInto(out *AppStatus) {
*out = new(WorkflowStatus)
(*in).DeepCopyInto(*out)
}
if in.WorkflowRestartScheduledAt != nil {
in, out := &in.WorkflowRestartScheduledAt, &out.WorkflowRestartScheduledAt
*out = (*in).DeepCopy()
}
if in.LatestRevision != nil {
in, out := &in.LatestRevision, &out.LatestRevision
*out = new(Revision)
@@ -63,11 +59,6 @@ func (in *AppStatus) DeepCopyInto(out *AppStatus) {
*out = make([]ClusterObjectReference, len(*in))
copy(*out, *in)
}
if in.AppliedApplicationPolicies != nil {
in, out := &in.AppliedApplicationPolicies, &out.AppliedApplicationPolicies
*out = make([]AppliedApplicationPolicy, len(*in))
copy(*out, *in)
}
if in.PolicyStatus != nil {
in, out := &in.PolicyStatus, &out.PolicyStatus
*out = make([]PolicyStatus, len(*in))
@@ -102,12 +93,12 @@ func (in *ApplicationComponent) DeepCopyInto(out *ApplicationComponent) {
}
if in.Inputs != nil {
in, out := &in.Inputs, &out.Inputs
*out = make(oamv1alpha1.StepInputs, len(*in))
*out = make(v1alpha1.StepInputs, len(*in))
copy(*out, *in)
}
if in.Outputs != nil {
in, out := &in.Outputs, &out.Outputs
*out = make(oamv1alpha1.StepOutputs, len(*in))
*out = make(v1alpha1.StepOutputs, len(*in))
copy(*out, *in)
}
if in.Traits != nil {
@@ -140,19 +131,10 @@ func (in *ApplicationComponent) DeepCopy() *ApplicationComponent {
func (in *ApplicationComponentStatus) DeepCopyInto(out *ApplicationComponentStatus) {
*out = *in
out.WorkloadDefinition = in.WorkloadDefinition
if in.Details != nil {
in, out := &in.Details, &out.Details
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Traits != nil {
in, out := &in.Traits, &out.Traits
*out = make([]ApplicationTraitStatus, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
copy(*out, *in)
}
if in.Scopes != nil {
in, out := &in.Scopes, &out.Scopes
@@ -194,13 +176,6 @@ func (in *ApplicationTrait) DeepCopy() *ApplicationTrait {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ApplicationTraitStatus) DeepCopyInto(out *ApplicationTraitStatus) {
*out = *in
if in.Details != nil {
in, out := &in.Details, &out.Details
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationTraitStatus.
@@ -213,21 +188,6 @@ func (in *ApplicationTraitStatus) DeepCopy() *ApplicationTraitStatus {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AppliedApplicationPolicy) DeepCopyInto(out *AppliedApplicationPolicy) {
*out = *in
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppliedApplicationPolicy.
func (in *AppliedApplicationPolicy) DeepCopy() *AppliedApplicationPolicy {
if in == nil {
return nil
}
out := new(AppliedApplicationPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CUE) DeepCopyInto(out *CUE) {
*out = *in

1
apis/core.oam.dev/condition/zz_generated.deepcopy.go
View File

@@ -1,4 +1,5 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
Copyright 2023 The KubeVela Authors.

8
apis/core.oam.dev/v1alpha1/garbagecollect_policy_types.go
View File

@@ -102,16 +102,16 @@ func (in *GarbageCollectPolicySpec) FindStrategy(manifest *unstructured.Unstruct
}
// FindDeleteOption find delete option for target resource
func (in *GarbageCollectPolicySpec) FindDeleteOption(manifest *unstructured.Unstructured) (bool, []client.DeleteOption) {
func (in *GarbageCollectPolicySpec) FindDeleteOption(manifest *unstructured.Unstructured) []client.DeleteOption {
for _, rule := range in.Rules {
if rule.Selector.Match(manifest) && rule.Propagation != nil {
switch *rule.Propagation {
case GarbageCollectPropagationOrphan:
return true, []client.DeleteOption{client.PropagationPolicy(metav1.DeletePropagationOrphan)}
return []client.DeleteOption{client.PropagationPolicy(metav1.DeletePropagationOrphan)}
case GarbageCollectPropagationCascading:
return false, []client.DeleteOption{client.PropagationPolicy(metav1.DeletePropagationBackground)}
return []client.DeleteOption{client.PropagationPolicy(metav1.DeletePropagationBackground)}
}
}
}
return false, nil
return nil
}

9
apis/core.oam.dev/v1alpha1/register.go
View File

@@ -21,7 +21,7 @@ import (
k8sscheme "k8s.io/client-go/kubernetes/scheme"
"sigs.k8s.io/controller-runtime/pkg/scheme"
wfTypesv1alpha1 "github.com/kubevela/pkg/apis/oam/v1alpha1"
workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
)
@@ -57,11 +57,6 @@ var (
func init() {
SchemeBuilder.Register(&Policy{}, &PolicyList{})
SchemeBuilder.Register(&wfTypesv1alpha1.Workflow{}, &wfTypesv1alpha1.WorkflowList{})
SchemeBuilder.Register(&workflowv1alpha1.Workflow{}, &workflowv1alpha1.WorkflowList{})
_ = SchemeBuilder.AddToScheme(k8sscheme.Scheme)
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}

4
apis/core.oam.dev/v1alpha1/resource_policy_types.go
View File

@@ -18,7 +18,7 @@ package v1alpha1
import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/utils/ptr"
"k8s.io/utils/pointer"
stringslices "k8s.io/utils/strings/slices"
"github.com/oam-dev/kubevela/pkg/oam"
@@ -52,7 +52,7 @@ func (in *ResourcePolicyRuleSelector) Match(manifest *unstructured.Unstructured)
if len(src) == 0 {
return nil
}
return ptr.To(val != "" && stringslices.Contains(src, val))
return pointer.Bool(val != "" && stringslices.Contains(src, val))
}
conditions := []*bool{
match(in.CompNames, compName),

1
apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go
View File

@@ -1,4 +1,5 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
Copyright 2023 The KubeVela Authors.

8
apis/core.oam.dev/v1beta1/application_types.go
View File

@@ -23,7 +23,7 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
wfTypesv1alpha1 "github.com/kubevela/pkg/apis/oam/v1alpha1"
workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
@@ -42,9 +42,9 @@ type AppPolicy struct {
// Workflow defines workflow steps and other attributes
type Workflow struct {
Ref string `json:"ref,omitempty"`
Mode *wfTypesv1alpha1.WorkflowExecuteMode `json:"mode,omitempty"`
Steps []wfTypesv1alpha1.WorkflowStep `json:"steps,omitempty"`
Ref string `json:"ref,omitempty"`
Mode *workflowv1alpha1.WorkflowExecuteMode `json:"mode,omitempty"`
Steps []workflowv1alpha1.WorkflowStep `json:"steps,omitempty"`
}
// ApplicationSpec is the spec of Application

4
apis/core.oam.dev/v1beta1/applicationrevision_types.go
View File

@@ -19,8 +19,8 @@ package v1beta1
import (
"encoding/json"
wfTypesv1alpha1 "github.com/kubevela/pkg/apis/oam/v1alpha1"
"github.com/kubevela/pkg/util/compression"
workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
@@ -63,7 +63,7 @@ type ApplicationRevisionCompressibleFields struct {
Policies map[string]v1alpha1.Policy `json:"policies,omitempty"`
// Workflow records the external workflow
Workflow *wfTypesv1alpha1.Workflow `json:"workflow,omitempty"`
Workflow *workflowv1alpha1.Workflow `json:"workflow,omitempty"`
// ReferredObjects records the referred objects used in the ref-object typed components
// +kubebuilder:pruning:PreserveUnknownFields

3
apis/core.oam.dev/v1beta1/componentdefinition_types.go
View File

@@ -27,9 +27,6 @@ import (
// ComponentDefinitionSpec defines the desired state of ComponentDefinition
type ComponentDefinitionSpec struct {
// +optional
Version string `json:"version,omitempty"`
// Workload is a workload type descriptor
Workload common.WorkloadTypeDescriptor `json:"workload"`

3
apis/core.oam.dev/v1beta1/core_types.go
View File

@@ -164,9 +164,6 @@ type TraitDefinitionSpec struct {
// pre-process and post-process respectively.
// +optional
Stage StageType `json:"stage,omitempty"`
// +optional
Version string `json:"version,omitempty"`
}
// StageType describes how the manifests should be dispatched.

40
apis/core.oam.dev/v1beta1/policy_definition.go
View File

@@ -24,19 +24,6 @@ import (
"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
)
// PolicyScope defines the scope at which a policy operates
type PolicyScope string
const (
// DefaultScope (empty string) means standard output-based policy (topology, override, etc.)
// These policies generate Kubernetes resources from their CUE templates
DefaultScope PolicyScope = ""
// ApplicationScope means the policy transforms the Application CR before parsing
// These policies use the transforms pattern and don't generate resources
ApplicationScope PolicyScope = "Application"
)
// PolicyDefinitionSpec defines the desired state of PolicyDefinition
type PolicyDefinitionSpec struct {
// Reference to the CustomResourceDefinition that defines this trait kind.
@@ -50,33 +37,6 @@ type PolicyDefinitionSpec struct {
// ManageHealthCheck means the policy will handle health checking and skip application controller
// built-in health checking.
ManageHealthCheck bool `json:"manageHealthCheck,omitempty"`
//+optional
Version string `json:"version,omitempty"`
// Scope defines the scope at which this policy operates.
// - DefaultScope (empty/omitted): Standard output-based policies (topology, override, etc.)
// These generate Kubernetes resources from CUE templates with an 'output' field.
// - ApplicationScope: Transform-based policies that modify the Application CR before parsing.
// These use 'transforms' instead of 'output' and don't generate resources.
// Requires EnableApplicationScopedPolicies feature gate.
// +optional
Scope PolicyScope `json:"scope,omitempty"`
// Global indicates this policy should automatically apply to all Applications
// in this namespace (or all namespaces if in vela-system).
// Global policies cannot be explicitly referenced in Application specs.
// Requires EnableGlobalPolicies feature gate for discovery and
// EnableApplicationScopedPolicies feature gate for execution.
// +optional
Global bool `json:"global,omitempty"`
// Priority defines the order in which global policies are applied.
// Higher priority policies run first. Policies with the same priority
// are applied in alphabetical order by name.
// If not specified, defaults to 0.
// +optional
Priority int32 `json:"priority,omitempty"`
}
// PolicyDefinitionStatus is the status of PolicyDefinition

18
apis/core.oam.dev/v1beta1/register.go
View File

@@ -49,7 +49,6 @@ var (
ComponentDefinitionGroupKind = schema.GroupKind{Group: Group, Kind: ComponentDefinitionKind}.String()
ComponentDefinitionKindAPIVersion = ComponentDefinitionKind + "." + SchemeGroupVersion.String()
ComponentDefinitionGroupVersionKind = SchemeGroupVersion.WithKind(ComponentDefinitionKind)
ComponentDefinitionGVR = SchemeGroupVersion.WithResource("componentdefinitions")
)
// WorkloadDefinition type metadata.
@@ -66,7 +65,6 @@ var (
TraitDefinitionGroupKind = schema.GroupKind{Group: Group, Kind: TraitDefinitionKind}.String()
TraitDefinitionKindAPIVersion = TraitDefinitionKind + "." + SchemeGroupVersion.String()
TraitDefinitionGroupVersionKind = SchemeGroupVersion.WithKind(TraitDefinitionKind)
TraitDefinitionGVR = SchemeGroupVersion.WithResource("traitdefinitions")
)
// PolicyDefinition type metadata.
@@ -75,7 +73,6 @@ var (
PolicyDefinitionGroupKind = schema.GroupKind{Group: Group, Kind: PolicyDefinitionKind}.String()
PolicyDefinitionKindAPIVersion = PolicyDefinitionKind + "." + SchemeGroupVersion.String()
PolicyDefinitionGroupVersionKind = SchemeGroupVersion.WithKind(PolicyDefinitionKind)
PolicyDefinitionGVR = SchemeGroupVersion.WithResource("policydefinitions")
)
// WorkflowStepDefinition type metadata.
@@ -84,7 +81,6 @@ var (
WorkflowStepDefinitionGroupKind = schema.GroupKind{Group: Group, Kind: WorkflowStepDefinitionKind}.String()
WorkflowStepDefinitionKindAPIVersion = WorkflowStepDefinitionKind + "." + SchemeGroupVersion.String()
WorkflowStepDefinitionGroupVersionKind = SchemeGroupVersion.WithKind(WorkflowStepDefinitionKind)
WorkflowStepDefinitionGVR = SchemeGroupVersion.WithResource("workflowstepdefinitions")
)
// DefinitionRevision type metadata.
@@ -119,20 +115,6 @@ var (
ResourceTrackerKindVersionKind = SchemeGroupVersion.WithKind(ResourceTrackerKind)
)
// DefinitionTypeInfo contains the mapping information for a definition type
type DefinitionTypeInfo struct {
GVR schema.GroupVersionResource
Kind string
}
// DefinitionTypeMap maps definition types to their corresponding GVR and Kind
var DefinitionTypeMap = map[reflect.Type]DefinitionTypeInfo{
reflect.TypeOf(ComponentDefinition{}): {GVR: ComponentDefinitionGVR, Kind: ComponentDefinitionKind},
reflect.TypeOf(TraitDefinition{}): {GVR: TraitDefinitionGVR, Kind: TraitDefinitionKind},
reflect.TypeOf(PolicyDefinition{}): {GVR: PolicyDefinitionGVR, Kind: PolicyDefinitionKind},
reflect.TypeOf(WorkflowStepDefinition{}): {GVR: WorkflowStepDefinitionGVR, Kind: WorkflowStepDefinitionKind},
}
func init() {
SchemeBuilder.Register(&ComponentDefinition{}, &ComponentDefinitionList{})
SchemeBuilder.Register(&WorkloadDefinition{}, &WorkloadDefinitionList{})

117
apis/core.oam.dev/v1beta1/register_test.go
View File

@@ -1,117 +0,0 @@
/*
Copyright 2025 The KubeVela Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
"reflect"
"strings"
"testing"
"github.com/stretchr/testify/assert"
"k8s.io/apimachinery/pkg/runtime/schema"
)
func TestDefinitionTypeMap(t *testing.T) {
tests := []struct {
name string
defType reflect.Type
expectedGVR schema.GroupVersionResource
expectedKind string
}{
{
name: "ComponentDefinition",
defType: reflect.TypeOf(ComponentDefinition{}),
expectedGVR: ComponentDefinitionGVR,
expectedKind: ComponentDefinitionKind,
},
{
name: "TraitDefinition",
defType: reflect.TypeOf(TraitDefinition{}),
expectedGVR: TraitDefinitionGVR,
expectedKind: TraitDefinitionKind,
},
{
name: "PolicyDefinition",
defType: reflect.TypeOf(PolicyDefinition{}),
expectedGVR: PolicyDefinitionGVR,
expectedKind: PolicyDefinitionKind,
},
{
name: "WorkflowStepDefinition",
defType: reflect.TypeOf(WorkflowStepDefinition{}),
expectedGVR: WorkflowStepDefinitionGVR,
expectedKind: WorkflowStepDefinitionKind,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
info, ok := DefinitionTypeMap[tt.defType]
assert.Truef(t, ok, "Type %v should exist in DefinitionTypeMap", tt.defType)
assert.Equal(t, tt.expectedGVR, info.GVR)
assert.Equal(t, tt.expectedKind, info.Kind)
// Verify GVR follows Kubernetes conventions
assert.Equal(t, Group, info.GVR.Group)
assert.Equal(t, Version, info.GVR.Version)
// Resource should be lowercase plural of Kind
assert.Equal(t, strings.ToLower(info.Kind)+"s", info.GVR.Resource)
})
}
}
func TestDefinitionTypeMapCompleteness(t *testing.T) {
// Ensure all expected definition types are in the map
expectedTypes := []reflect.Type{
reflect.TypeOf(ComponentDefinition{}),
reflect.TypeOf(TraitDefinition{}),
reflect.TypeOf(PolicyDefinition{}),
reflect.TypeOf(WorkflowStepDefinition{}),
}
assert.Equal(t, len(expectedTypes), len(DefinitionTypeMap), "DefinitionTypeMap should contain exactly %d entries", len(expectedTypes))
for _, expectedType := range expectedTypes {
_, ok := DefinitionTypeMap[expectedType]
assert.Truef(t, ok, "DefinitionTypeMap should contain %v", expectedType)
}
}
func TestDefinitionKindValues(t *testing.T) {
// Verify that the Kind values match the actual type names
tests := []struct {
defType interface{}
expectedKind string
}{
{ComponentDefinition{}, "ComponentDefinition"},
{TraitDefinition{}, "TraitDefinition"},
{PolicyDefinition{}, "PolicyDefinition"},
{WorkflowStepDefinition{}, "WorkflowStepDefinition"},
}
for _, tt := range tests {
t.Run(tt.expectedKind, func(t *testing.T) {
actualKind := reflect.TypeOf(tt.defType).Name()
assert.Equal(t, tt.expectedKind, actualKind)
// Also verify it matches what's in the map
info, ok := DefinitionTypeMap[reflect.TypeOf(tt.defType)]
assert.True(t, ok)
assert.Equal(t, tt.expectedKind, info.Kind)
})
}
}

8
apis/core.oam.dev/v1beta1/resourcetracker_types_test.go
View File

@@ -31,7 +31,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/utils/ptr"
"k8s.io/utils/pointer"
"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
"github.com/oam-dev/kubevela/pkg/oam"
@@ -133,7 +133,7 @@ func TestManagedResourceKeys(t *testing.T) {
r.Equal("cluster/component", input.ComponentKey())
r.Equal("Deployment name (Cluster: cluster, Namespace: namespace)", input.DisplayName())
var deploy1, deploy2 appsv1.Deployment
deploy1.Spec.Replicas = ptr.To(int32(5))
deploy1.Spec.Replicas = pointer.Int32(5)
bs, err := json.Marshal(deploy1)
r.NoError(err)
r.ErrorIs(input.UnmarshalTo(&deploy2), errors.ManagedResourceHasNoDataError{})
@@ -168,7 +168,7 @@ func TestResourceTracker_ManagedResource(t *testing.T) {
pod3 := corev1.Pod{ObjectMeta: metav1.ObjectMeta{Name: "pod3"}}
input.AddManagedResource(&pod3, false, false, "")
r.Equal(3, len(input.Spec.ManagedResources))
deploy1.Spec.Replicas = ptr.To(int32(5))
deploy1.Spec.Replicas = pointer.Int32(5)
input.AddManagedResource(&deploy1, false, false, "")
r.Equal(3, len(input.Spec.ManagedResources))
input.DeleteManagedResource(&cm2, false)
@@ -203,7 +203,7 @@ func TestResourceTrackerCompression(t *testing.T) {
"../../../charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml",
"../../../charts/vela-core/templates/kubevela-controller.yaml",
"../../../charts/vela-core/README.md",
"../../../pkg/workflow/providers/legacy/query/testdata/machinelearning.seldon.io_seldondeployments.yaml",
"../../../pkg/velaql/providers/query/testdata/machinelearning.seldon.io_seldondeployments.yaml",
}
for _, p := range paths {
b, err := os.ReadFile(p)

3
apis/core.oam.dev/v1beta1/workflow_step_definition.go
View File

@@ -33,9 +33,6 @@ type WorkflowStepDefinitionSpec struct {
// Only CUE schematic is supported for now.
// +optional
Schematic *common.Schematic `json:"schematic,omitempty"`
// +optional
Version string `json:"version,omitempty"`
}
// WorkflowStepDefinitionStatus is the status of WorkflowStepDefinition

28
apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go
View File

@@ -1,4 +1,5 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
Copyright 2023 The KubeVela Authors.
@@ -21,7 +22,7 @@ limitations under the License.
package v1beta1
import (
"github.com/kubevela/pkg/apis/oam/v1alpha1"
"github.com/kubevela/workflow/api/v1alpha1"
"k8s.io/apimachinery/pkg/runtime"
"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
@@ -146,8 +147,7 @@ func (in *ApplicationRevisionCompressibleFields) DeepCopyInto(out *ApplicationRe
if val == nil {
(*out)[key] = nil
} else {
inVal := (*in)[key]
in, out := &inVal, &outVal
in, out := &val, &outVal
*out = new(ComponentDefinition)
(*in).DeepCopyInto(*out)
}
@@ -169,8 +169,7 @@ func (in *ApplicationRevisionCompressibleFields) DeepCopyInto(out *ApplicationRe
if val == nil {
(*out)[key] = nil
} else {
inVal := (*in)[key]
in, out := &inVal, &outVal
in, out := &val, &outVal
*out = new(TraitDefinition)
(*in).DeepCopyInto(*out)
}
@@ -192,8 +191,7 @@ func (in *ApplicationRevisionCompressibleFields) DeepCopyInto(out *ApplicationRe
if val == nil {
(*out)[key] = nil
} else {
inVal := (*in)[key]
in, out := &inVal, &outVal
in, out := &val, &outVal
*out = new(WorkflowStepDefinition)
(*in).DeepCopyInto(*out)
}
@@ -552,22 +550,6 @@ func (in *DefinitionRevisionSpec) DeepCopy() *DefinitionRevisionSpec {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DefinitionTypeInfo) DeepCopyInto(out *DefinitionTypeInfo) {
*out = *in
out.GVR = in.GVR
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefinitionTypeInfo.
func (in *DefinitionTypeInfo) DeepCopy() *DefinitionTypeInfo {
if in == nil {
return nil
}
out := new(DefinitionTypeInfo)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ManagedResource) DeepCopyInto(out *ManagedResource) {
*out = *in

105
charts/vela-core/README.md
View File

@@ -48,14 +48,12 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
### KubeVela workflow parameters
| Name | Description | Value |
| ------------------------------------------------------- | ------------------------------------------------------- | ------- |
| `workflow.enableSuspendOnFailure` | Enable suspend on workflow failure | `false` |
| `workflow.enableExternalPackageForDefaultCompiler` | Enable external package for default cuex compiler | `true` |
| `workflow.enableExternalPackageWatchForDefaultCompiler` | Enable external package watch for default cuex compiler | `false` |
| `workflow.backoff.maxTime.waitState` | The max backoff time of workflow in a wait condition | `60` |
| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300` |
| `workflow.step.errorRetryTimes` | The max retry times of a failed workflow step | `10` |
| Name | Description | Value |
| -------------------------------------- | ------------------------------------------------------ | ------- |
| `workflow.enableSuspendOnFailure` | Enable suspend on workflow failure | `false` |
| `workflow.backoff.maxTime.waitState` | The max backoff time of workflow in a wait condition | `60` |
| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300` |
| `workflow.step.errorRetryTimes` | The max retry times of a failed workflow step | `10` |
### KubeVela controller parameters
@@ -98,31 +96,26 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
| `featureGates.informerCacheFilterUnnecessaryFields` | filter unnecessary fields for informer cache | `true` |
| `featureGates.sharedDefinitionStorageForApplicationRevision` | use definition cache to reduce duplicated definition storage for application revision, must be used with InformerCacheFilterUnnecessaryFields | `true` |
| `featureGates.disableWorkflowContextConfigMapCache` | disable the workflow context's configmap informer cache | `true` |
| `featureGates.enableCueValidation` | enable the strict cue validation for cue required parameter fields | `false` |
| `featureGates.enableApplicationStatusMetrics` | enable application status metrics and structured logging | `false` |
| `featureGates.validateResourcesExist` | enable webhook validation to check if resource types referenced in definition templates exist in the cluster | `false` |
### MultiCluster parameters
| Name | Description | Value |
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | -------------------------------- |
| `multicluster.enabled` | Whether to enable multi-cluster | `true` |
| `multicluster.metrics.enabled` | Whether to enable multi-cluster metrics collect | `false` |
| `multicluster.clusterGateway.direct` | controller will connect to ClusterGateway directly instead of going to Kubernetes APIServer | `true` |
| `multicluster.clusterGateway.replicaCount` | ClusterGateway replica count | `1` |
| `multicluster.clusterGateway.port` | ClusterGateway port | `9443` |
| `multicluster.clusterGateway.image.repository` | ClusterGateway image repository | `oamdev/cluster-gateway` |
| `multicluster.clusterGateway.image.tag` | ClusterGateway image tag | `v1.9.0-alpha.2` |
| `multicluster.clusterGateway.image.pullPolicy` | ClusterGateway image pull policy | `IfNotPresent` |
| `multicluster.clusterGateway.resources.requests.cpu` | ClusterGateway cpu request | `50m` |
| `multicluster.clusterGateway.resources.requests.memory` | ClusterGateway memory request | `20Mi` |
| `multicluster.clusterGateway.resources.limits.cpu` | ClusterGateway cpu limit | `500m` |
| `multicluster.clusterGateway.resources.limits.memory` | ClusterGateway memory limit | `200Mi` |
| `multicluster.clusterGateway.secureTLS.enabled` | Whether to enable secure TLS | `true` |
| `multicluster.clusterGateway.secureTLS.certPath` | Path to the certificate file | `/etc/k8s-cluster-gateway-certs` |
| `multicluster.clusterGateway.secureTLS.certManager.enabled` | Whether to enable cert-manager | `false` |
| `multicluster.clusterGateway.serviceMonitor.enabled` | Whether to enable service monitor | `false` |
| `multicluster.clusterGateway.serviceMonitor.additionalLabels` | Additional labels for service monitor | `{}` |
| Name | Description | Value |
| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------- | -------------------------------- |
| `multicluster.enabled` | Whether to enable multi-cluster | `true` |
| `multicluster.metrics.enabled` | Whether to enable multi-cluster metrics collect | `false` |
| `multicluster.clusterGateway.direct` | controller will connect to ClusterGateway directly instead of going to Kubernetes APIServer | `true` |
| `multicluster.clusterGateway.replicaCount` | ClusterGateway replica count | `1` |
| `multicluster.clusterGateway.port` | ClusterGateway port | `9443` |
| `multicluster.clusterGateway.image.repository` | ClusterGateway image repository | `oamdev/cluster-gateway` |
| `multicluster.clusterGateway.image.tag` | ClusterGateway image tag | `v1.9.0-alpha.2` |
| `multicluster.clusterGateway.image.pullPolicy` | ClusterGateway image pull policy | `IfNotPresent` |
| `multicluster.clusterGateway.resources.requests.cpu` | ClusterGateway cpu request | `50m` |
| `multicluster.clusterGateway.resources.requests.memory` | ClusterGateway memory request | `20Mi` |
| `multicluster.clusterGateway.resources.limits.cpu` | ClusterGateway cpu limit | `500m` |
| `multicluster.clusterGateway.resources.limits.memory` | ClusterGateway memory limit | `200Mi` |
| `multicluster.clusterGateway.secureTLS.enabled` | Whether to enable secure TLS | `true` |
| `multicluster.clusterGateway.secureTLS.certPath` | Path to the certificate file | `/etc/k8s-cluster-gateway-certs` |
| `multicluster.clusterGateway.secureTLS.certManager.enabled` | Whether to enable cert-manager | `false` |
### Test parameters
@@ -135,35 +128,29 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
### Common parameters
| Name | Description | Value |
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------- |
| `imagePullSecrets` | Image pull secrets | `[]` |
| `nameOverride` | Override name | `""` |
| `fullnameOverride` | Fullname override | `""` |
| `serviceAccount.create` | Specifies whether a service account should be created | `true` |
| `serviceAccount.annotations` | Annotations to add to the service account | `{}` |
| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `nil` |
| `nodeSelector` | Node selector | `{}` |
| `tolerations` | Tolerations | `[]` |
| `affinity` | Affinity | `{}` |
| `rbac.create` | Specifies whether a RBAC role should be created | `true` |
| `logDebug` | Enable debug logs for development purpose | `false` |
| `devLogs` | Enable formatted logging support for development purpose | `false` |
| `logFilePath` | If non-empty, write log files in this path | `""` |
| `logFileMaxSize` | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | `1024` |
| `admissionWebhookTimeout` | Timeout seconds for admission webhooks | `10` |
| `kubeClient.qps` | The qps for reconcile clients | `400` |
| `kubeClient.burst` | The burst for reconcile clients | `600` |
| `authentication.enabled` | Enable authentication framework for applications | `false` |
| `authentication.withUser` | Application authentication will impersonate as the request User (must be true for security) | `true` |
| `authentication.defaultUser` | Application authentication will impersonate as the User if no user provided or withUser is false | `kubevela:vela-core` |
| `authentication.groupPattern` | Application authentication will impersonate as the request Group that matches the pattern | `kubevela:*` |
| `authorization.definitionValidationEnabled` | Enable definition permission validation for RBAC checks on definitions | `false` |
| `sharding.enabled` | When sharding enabled, the controller will run as master mode. Refer to https://github.com/kubevela/kubevela/blob/master/design/vela-core/sharding.md for details. | `false` |
| `sharding.schedulableShards` | The shards available for scheduling. If empty, dynamic discovery will be used. | `""` |
| `core.metrics.enabled` | Enable metrics for vela-core | `false` |
| `core.metrics.serviceMonitor.enabled` | Enable service monitor for metrics | `false` |
| `core.metrics.serviceMonitor.additionalLabels` | Additional labels for service monitor | `{}` |
| Name | Description | Value |
| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------- |
| `imagePullSecrets` | Image pull secrets | `[]` |
| `nameOverride` | Override name | `""` |
| `fullnameOverride` | Fullname override | `""` |
| `serviceAccount.create` | Specifies whether a service account should be created | `true` |
| `serviceAccount.annotations` | Annotations to add to the service account | `{}` |
| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `nil` |
| `nodeSelector` | Node selector | `{}` |
| `tolerations` | Tolerations | `[]` |
| `affinity` | Affinity | `{}` |
| `rbac.create` | Specifies whether a RBAC role should be created | `true` |
| `logDebug` | Enable debug logs for development purpose | `false` |
| `logFilePath` | If non-empty, write log files in this path | `""` |
| `logFileMaxSize` | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | `1024` |
| `kubeClient.qps` | The qps for reconcile clients | `400` |
| `kubeClient.burst` | The burst for reconcile clients | `600` |
| `authentication.enabled` | Enable authentication for application | `false` |
| `authentication.withUser` | Application authentication will impersonate as the request User | `true` |
| `authentication.defaultUser` | Application authentication will impersonate as the User if no user provided in Application | `kubevela:vela-core` |
| `authentication.groupPattern` | Application authentication will impersonate as the request Group that matches the pattern | `kubevela:*` |
| `sharding.enabled` | When sharding enabled, the controller will run as master mode. Refer to https://github.com/kubevela/kubevela/blob/master/design/vela-core/sharding.md for details. | `false` |
| `sharding.schedulableShards` | The shards available for scheduling. If empty, dynamic discovery will be used. | `""` |
## Uninstallation

978
charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml
View File

File diff suppressed because it is too large Load Diff

372
charts/vela-core/crds/core.oam.dev_applications.yaml
View File

@@ -3,7 +3,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: vela-system/kubevela-vela-core-root-cert
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.11.4
name: applications.core.oam.dev
spec:
group: core.oam.dev
@@ -44,19 +44,14 @@ spec:
description: Application is the Schema for the applications API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -109,9 +104,10 @@ spec:
scopes:
additionalProperties:
type: string
description: |-
scopes in ApplicationComponent defines the component-level scopes
the format is <scope-type:scope-instance-name> pairs, the key represents type of `ScopeDefinition` while the value represent the name of scope instance.
description: scopes in ApplicationComponent defines the component-level
scopes the format is <scope-type:scope-instance-name> pairs,
the key represents type of `ScopeDefinition` while the value
represent the name of scope instance.
type: object
x-kubernetes-preserve-unknown-fields: true
traits:
@@ -137,10 +133,10 @@ spec:
type: object
type: array
policies:
description: |-
Policies defines the global policies for all components in the app, e.g. security, metrics, gitops,
multi-cluster placement rules, etc.
Policies are applied after components are rendered and before workflow steps are executed.
description: Policies defines the global policies for all components
in the app, e.g. security, metrics, gitops, multi-cluster placement
rules, etc. Policies are applied after components are rendered and
before workflow steps are executed.
items:
description: AppPolicy defines a global policy for all components
in the app.
@@ -159,12 +155,11 @@ spec:
type: object
type: array
workflow:
description: |-
Workflow defines how to customize the control logic.
If workflow is specified, Vela won't apply any resource, but provide rendered output in AppRevision.
Workflow steps are executed in array order, and each step:
- will have a context in annotation.
- should mark "finish" phase in status.conditions.
description: 'Workflow defines how to customize the control logic.
If workflow is specified, Vela won''t apply any resource, but provide
rendered output in AppRevision. Workflow steps are executed in array
order, and each step: - will have a context in annotation. - should
mark "finish" phase in status.conditions.'
properties:
mode:
description: WorkflowExecuteMode defines the mode of workflow
@@ -322,50 +317,6 @@ spec:
status:
description: AppStatus defines the observed state of Application
properties:
applicationPoliciesConfigMap:
description: |-
ApplicationPoliciesConfigMap references the ConfigMap containing rendered policy outputs
(transforms, additionalContext, etc.) for Application-scoped policies.
Format: "application-policies-{namespace}-{name}"
type: string
appliedApplicationPolicies:
description: |-
AppliedApplicationPolicies lists Application-scoped policies (both global and explicit)
that were discovered and applied (or skipped) during reconciliation.
This provides transparency for debugging policy effects on the Application spec.
items:
description: |-
AppliedApplicationPolicy records minimal status information about an Application-scoped policy.
This covers both global (auto-discovered) and explicit (spec-referenced) policies.
Full details (transforms, labels, annotations, etc.) are stored in the ConfigMap referenced
by ApplicationPoliciesConfigMap for persistent storage and observability.
properties:
annotationsCount:
type: integer
applied:
type: boolean
hasContext:
type: boolean
labelsCount:
type: integer
name:
type: string
namespace:
type: string
reason:
type: string
source:
type: string
specModified:
description: Summary of changes (counts only - full details
in ConfigMap)
type: boolean
required:
- applied
- name
- namespace
type: object
type: array
appliedResources:
description: AppliedResources record the resources that the workflow
step apply.
@@ -381,39 +332,33 @@ spec:
creator:
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
x-kubernetes-map-type: atomic
@@ -422,46 +367,63 @@ spec:
description: Components record the related Components created by Application
Controller
items:
description: ObjectReference contains enough information to let
you inspect or modify the referred object.
description: "ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
type are discouraged because of difficulty describing its usage
when embedded in APIs. 1. Ignored fields. It includes many fields
which are not generally honored. For instance, ResourceVersion
and FieldPath are both very rarely valid in actual usage. 2. Invalid
usage help. It is impossible to add specific help for individual
usage. In most embedded usages, there are particular restrictions
like, \"must refer only to types A and B\" or \"UID not honored\"
or \"name must be restricted\". Those cannot be well described
when embedded. 3. Inconsistent validation. Because the usages
are different, the validation rules are different by usage, which
makes it hard for users to predict what will happen. 4. The fields
are both imprecise and overly precise. Kind is not a precise
mapping to a URL. This can produce ambiguity during interpretation
and require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual struct
is irrelevant. 5. We cannot easily change it. Because this type
is embedded in many locations, updates to this type will affect
numerous schemas. Don't make new APIs embed an underspecified
API type they do not control. \n Instead of using this type, create
a locally provided and used type that is well-focused on your
reference. For example, ServiceReferences for admission registration:
https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
x-kubernetes-map-type: atomic
@@ -472,15 +434,13 @@ spec:
description: A Condition that may apply to a resource.
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time this condition transitioned from one
status to another.
description: LastTransitionTime is the last time this condition
transitioned from one status to another.
format: date-time
type: string
message:
description: |-
A Message containing details about this condition's last transition from
one status to another, if any.
description: A Message containing details about this condition's
last transition from one status to another, if any.
type: string
reason:
description: A Reason for this condition's last transition from
@@ -491,9 +451,8 @@ spec:
False, or Unknown?
type: string
type:
description: |-
Type of this condition. At most one of each condition type may apply to
a resource at any point in time.
description: Type of this condition. At most one of each condition
type may apply to a resource at any point in time.
type: string
required:
- lastTransitionTime
@@ -523,13 +482,10 @@ spec:
format: int64
type: integer
policy:
description: |-
PolicyStatus records the status of policy
Deprecated This field is only used by EnvBinding Policy which is deprecated.
description: PolicyStatus records the status of policy Deprecated
This field is only used by EnvBinding Policy which is deprecated.
items:
description: |-
PolicyStatus records the status of policy
Deprecated
description: PolicyStatus records the status of policy Deprecated
properties:
name:
type: string
@@ -551,10 +507,6 @@ spec:
properties:
cluster:
type: string
details:
additionalProperties:
type: string
type: object
env:
type: string
healthy:
@@ -567,46 +519,66 @@ spec:
type: string
scopes:
items:
description: ObjectReference contains enough information to
let you inspect or modify the referred object.
description: "ObjectReference contains enough information
to let you inspect or modify the referred object. --- New
uses of this type are discouraged because of difficulty
describing its usage when embedded in APIs. 1. Ignored fields.
\ It includes many fields which are not generally honored.
\ For instance, ResourceVersion and FieldPath are both very
rarely valid in actual usage. 2. Invalid usage help. It
is impossible to add specific help for individual usage.
\ In most embedded usages, there are particular restrictions
like, \"must refer only to types A and B\" or \"UID not
honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation.
\ Because the usages are different, the validation rules
are different by usage, which makes it hard for users to
predict what will happen. 4. The fields are both imprecise
and overly precise. Kind is not a precise mapping to a
URL. This can produce ambiguity during interpretation and
require a REST mapping. In most cases, the dependency is
on the group,resource tuple and the version of the actual
struct is irrelevant. 5. We cannot easily change it. Because
this type is embedded in many locations, updates to this
type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n
Instead of using this type, create a locally provided and
used type that is well-focused on your reference. For example,
ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a valid
JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that
triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this
pod). This syntax is chosen only to have some well-defined
way of referencing a part of an object. TODO: this design
is not final and this field is subject to change in
the future.'
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
x-kubernetes-map-type: atomic
@@ -616,10 +588,6 @@ spec:
description: ApplicationTraitStatus records the trait health
status
properties:
details:
additionalProperties:
type: string
type: object
healthy:
type: boolean
message:
@@ -658,46 +626,63 @@ spec:
appRevision:
type: string
contextBackend:
description: ObjectReference contains enough information to let
you inspect or modify the referred object.
description: "ObjectReference contains enough information to let
you inspect or modify the referred object. --- New uses of this
type are discouraged because of difficulty describing its usage
when embedded in APIs. 1. Ignored fields. It includes many
fields which are not generally honored. For instance, ResourceVersion
and FieldPath are both very rarely valid in actual usage. 2.
Invalid usage help. It is impossible to add specific help for
individual usage. In most embedded usages, there are particular
restrictions like, \"must refer only to types A and B\" or \"UID
not honored\" or \"name must be restricted\". Those cannot be
well described when embedded. 3. Inconsistent validation. Because
the usages are different, the validation rules are different
by usage, which makes it hard for users to predict what will
happen. 4. The fields are both imprecise and overly precise.
\ Kind is not a precise mapping to a URL. This can produce ambiguity
during interpretation and require a REST mapping. In most cases,
the dependency is on the group,resource tuple and the version
of the actual struct is irrelevant. 5. We cannot easily change
it. Because this type is embedded in many locations, updates
to this type will affect numerous schemas. Don't make new APIs
embed an underspecified API type they do not control. \n Instead
of using this type, create a locally provided and used type
that is well-focused on your reference. For example, ServiceReferences
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
."
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a valid
JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part
of an object. TODO: this design is not final and this field
is subject to change in the future.'
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
x-kubernetes-map-type: atomic
@@ -804,13 +789,6 @@ spec:
- suspend
- terminated
type: object
workflowRestartScheduledAt:
description: |-
WorkflowRestartScheduledAt schedules a workflow restart at the specified time.
This field is automatically set when the app.oam.dev/restart-workflow annotation is present,
and is cleared after the restart is triggered. Use RFC3339 format or set to current time for immediate restart.
format: date-time
type: string
type: object
type: object
served: true

69
charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.11.4
name: componentdefinitions.core.oam.dev
spec:
group: core.oam.dev
@@ -32,19 +32,14 @@ spec:
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -81,14 +76,14 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
podSpecPath:
description: |-
PodSpecPath indicates where/if this workload has K8s podSpec field
if one workload has podSpec, trait can do lot's of assumption such as port, env, volume fields.
description: PodSpecPath indicates where/if this workload has K8s
podSpec field if one workload has podSpec, trait can do lot's of
assumption such as port, env, volume fields.
type: string
revisionLabel:
description: |-
RevisionLabel indicates which label for underlying resources(e.g. pods) of this workload
can be used by trait to create resource selectors(e.g. label selector for pods).
description: RevisionLabel indicates which label for underlying resources(e.g.
pods) of this workload can be used by trait to create resource selectors(e.g.
label selector for pods).
type: string
schematic:
description: Schematic defines the data format and template of the
@@ -98,9 +93,10 @@ spec:
description: CUE defines the encapsulation in CUE format
properties:
template:
description: |-
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
Template is a required field if CUE is defined in Capability Definition.
description: Template defines the abstraction template data
of the capability, it will replace the old CUE template
in extension field. Template is a required field if CUE
is defined in Capability Definition.
type: string
required:
- template
@@ -163,11 +159,11 @@ spec:
- remote
type: string
writeConnectionSecretToRef:
description: |-
WriteConnectionSecretToReference specifies the namespace and name of a
Secret to which any connection details for this managed resource should
be written. Connection details frequently include the endpoint, username,
and password required to connect to the managed resource.
description: WriteConnectionSecretToReference specifies the
namespace and name of a Secret to which any connection details
for this managed resource should be written. Connection
details frequently include the endpoint, username, and password
required to connect to the managed resource.
properties:
name:
description: Name of the secret.
@@ -190,17 +186,11 @@ spec:
description: CustomStatus defines the custom status message that
could display to user
type: string
details:
description: Details stores a string representation of a CUE status
map to be evaluated at runtime for display
type: string
healthPolicy:
description: HealthPolicy defines the health check policy for
the abstraction
type: string
type: object
version:
type: string
workload:
description: Workload is a workload type descriptor
properties:
@@ -232,15 +222,13 @@ spec:
description: A Condition that may apply to a resource.
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time this condition transitioned from one
status to another.
description: LastTransitionTime is the last time this condition
transitioned from one status to another.
format: date-time
type: string
message:
description: |-
A Message containing details about this condition's last transition from
one status to another, if any.
description: A Message containing details about this condition's
last transition from one status to another, if any.
type: string
reason:
description: A Reason for this condition's last transition from
@@ -251,9 +239,8 @@ spec:
False, or Unknown?
type: string
type:
description: |-
Type of this condition. At most one of each condition type may apply to
a resource at any point in time.
description: Type of this condition. At most one of each condition
type may apply to a resource at any point in time.
type: string
required:
- lastTransitionTime

375
charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.11.4
name: definitionrevisions.core.oam.dev
spec:
group: core.oam.dev
@@ -34,19 +34,14 @@ spec:
description: DefinitionRevision is the Schema for the DefinitionRevision API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -58,19 +53,16 @@ spec:
ComponentDefinition
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
properties:
@@ -125,14 +117,14 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
podSpecPath:
description: |-
PodSpecPath indicates where/if this workload has K8s podSpec field
if one workload has podSpec, trait can do lot's of assumption such as port, env, volume fields.
description: PodSpecPath indicates where/if this workload
has K8s podSpec field if one workload has podSpec, trait
can do lot's of assumption such as port, env, volume fields.
type: string
revisionLabel:
description: |-
RevisionLabel indicates which label for underlying resources(e.g. pods) of this workload
can be used by trait to create resource selectors(e.g. label selector for pods).
description: RevisionLabel indicates which label for underlying
resources(e.g. pods) of this workload can be used by trait
to create resource selectors(e.g. label selector for pods).
type: string
schematic:
description: Schematic defines the data format and template
@@ -142,9 +134,10 @@ spec:
description: CUE defines the encapsulation in CUE format
properties:
template:
description: |-
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
Template is a required field if CUE is defined in Capability Definition.
description: Template defines the abstraction template
data of the capability, it will replace the old
CUE template in extension field. Template is a required
field if CUE is defined in Capability Definition.
type: string
required:
- template
@@ -209,11 +202,12 @@ spec:
- remote
type: string
writeConnectionSecretToRef:
description: |-
WriteConnectionSecretToReference specifies the namespace and name of a
Secret to which any connection details for this managed resource should
be written. Connection details frequently include the endpoint, username,
and password required to connect to the managed resource.
description: WriteConnectionSecretToReference specifies
the namespace and name of a Secret to which any
connection details for this managed resource should
be written. Connection details frequently include
the endpoint, username, and password required to
connect to the managed resource.
properties:
name:
description: Name of the secret.
@@ -236,17 +230,11 @@ spec:
description: CustomStatus defines the custom status message
that could display to user
type: string
details:
description: Details stores a string representation of
a CUE status map to be evaluated at runtime for display
type: string
healthPolicy:
description: HealthPolicy defines the health check policy
for the abstraction
type: string
type: object
version:
type: string
workload:
description: Workload is a workload type descriptor
properties:
@@ -278,15 +266,14 @@ spec:
description: A Condition that may apply to a resource.
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time this condition transitioned from one
status to another.
description: LastTransitionTime is the last time this
condition transitioned from one status to another.
format: date-time
type: string
message:
description: |-
A Message containing details about this condition's last transition from
one status to another, if any.
description: A Message containing details about this
condition's last transition from one status to another,
if any.
type: string
reason:
description: A Reason for this condition's last transition
@@ -297,9 +284,9 @@ spec:
True, False, or Unknown?
type: string
type:
description: |-
Type of this condition. At most one of each condition type may apply to
a resource at any point in time.
description: Type of this condition. At most one of
each condition type may apply to a resource at any
point in time.
type: string
required:
- lastTransitionTime
@@ -343,19 +330,16 @@ spec:
PolicyDefinition
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
properties:
@@ -380,17 +364,6 @@ spec:
description: PolicyDefinitionSpec defines the desired state of
PolicyDefinition
properties:
cacheTTLSeconds:
default: -1
description: |-
CacheTTLSeconds defines how long the rendered policy output should be cached
before re-rendering. This is stored per-policy in the ConfigMap.
- -1 (default): Never refresh, always reuse cached result (deterministic)
- 0: Never cache, always re-render (useful for policies with external dependencies)
- >0: Cache for this many seconds before re-rendering
The prior cached result is available to the policy template as context.prior
format: int32
type: integer
definitionRef:
description: Reference to the CustomResourceDefinition that
defines this trait kind.
@@ -399,46 +372,31 @@ spec:
description: Name of the referenced CustomResourceDefinition.
type: string
version:
description: |-
Version indicate which version should be used if CRD has multiple versions
by default it will use the first one if not specified
description: Version indicate which version should be
used if CRD has multiple versions by default it will
use the first one if not specified
type: string
required:
- name
type: object
global:
description: |-
Global indicates this policy should automatically apply to all Applications
in this namespace (or all namespaces if in vela-system).
Global policies cannot be explicitly referenced in Application specs.
Requires EnableGlobalPolicies feature gate for discovery and
EnableApplicationScopedPolicies feature gate for execution.
type: boolean
manageHealthCheck:
description: |-
ManageHealthCheck means the policy will handle health checking and skip application controller
built-in health checking.
description: ManageHealthCheck means the policy will handle
health checking and skip application controller built-in
health checking.
type: boolean
priority:
description: |-
Priority defines the order in which global policies are applied.
Higher priority policies run first. Policies with the same priority
are applied in alphabetical order by name.
If not specified, defaults to 0.
format: int32
type: integer
schematic:
description: |-
Schematic defines the data format and template of the encapsulation of the policy definition.
Only CUE schematic is supported for now.
description: Schematic defines the data format and template
of the encapsulation of the policy definition. Only CUE
schematic is supported for now.
properties:
cue:
description: CUE defines the encapsulation in CUE format
properties:
template:
description: |-
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
Template is a required field if CUE is defined in Capability Definition.
description: Template defines the abstraction template
data of the capability, it will replace the old
CUE template in extension field. Template is a required
field if CUE is defined in Capability Definition.
type: string
required:
- template
@@ -503,11 +461,12 @@ spec:
- remote
type: string
writeConnectionSecretToRef:
description: |-
WriteConnectionSecretToReference specifies the namespace and name of a
Secret to which any connection details for this managed resource should
be written. Connection details frequently include the endpoint, username,
and password required to connect to the managed resource.
description: WriteConnectionSecretToReference specifies
the namespace and name of a Secret to which any
connection details for this managed resource should
be written. Connection details frequently include
the endpoint, username, and password required to
connect to the managed resource.
properties:
name:
description: Name of the secret.
@@ -522,17 +481,6 @@ spec:
- configuration
type: object
type: object
scope:
description: |-
Scope defines the scope at which this policy operates.
- DefaultScope (empty/omitted): Standard output-based policies (topology, override, etc.)
These generate Kubernetes resources from CUE templates with an 'output' field.
- ApplicationScope: Transform-based policies that modify the Application CR before parsing.
These use 'transforms' instead of 'output' and don't generate resources.
Requires EnableApplicationScopedPolicies feature gate.
type: string
version:
type: string
type: object
status:
description: PolicyDefinitionStatus is the status of PolicyDefinition
@@ -543,15 +491,14 @@ spec:
description: A Condition that may apply to a resource.
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time this condition transitioned from one
status to another.
description: LastTransitionTime is the last time this
condition transitioned from one status to another.
format: date-time
type: string
message:
description: |-
A Message containing details about this condition's last transition from
one status to another, if any.
description: A Message containing details about this
condition's last transition from one status to another,
if any.
type: string
reason:
description: A Reason for this condition's last transition
@@ -562,9 +509,9 @@ spec:
True, False, or Unknown?
type: string
type:
description: |-
Type of this condition. At most one of each condition type may apply to
a resource at any point in time.
description: Type of this condition. At most one of
each condition type may apply to a resource at any
point in time.
type: string
required:
- lastTransitionTime
@@ -608,19 +555,16 @@ spec:
TraitDefinition
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
properties:
@@ -646,25 +590,21 @@ spec:
a TraitDefinition.
properties:
appliesToWorkloads:
description: |-
AppliesToWorkloads specifies the list of workload kinds this trait
applies to. Workload kinds are specified in resource.group/version format,
e.g. server.core.oam.dev/v1alpha2. Traits that omit this field apply to
all workload kinds.
description: AppliesToWorkloads specifies the list of workload
kinds this trait applies to. Workload kinds are specified
in resource.group/version format, e.g. server.core.oam.dev/v1alpha2.
Traits that omit this field apply to all workload kinds.
items:
type: string
type: array
conflictsWith:
description: |-
ConflictsWith specifies the list of traits(CRD name, Definition name, CRD group)
which could not apply to the same workloads with this trait.
Traits that omit this field can work with any other traits.
Example rules:
"service" # Trait definition name
"services.k8s.io" # API resource/crd name
"*.networking.k8s.io" # API group
"labelSelector:foo=bar" # label selector
labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse
description: 'ConflictsWith specifies the list of traits(CRD
name, Definition name, CRD group) which could not apply
to the same workloads with this trait. Traits that omit
this field can work with any other traits. Example rules:
"service" # Trait definition name "services.k8s.io" # API
resource/crd name "*.networking.k8s.io" # API group "labelSelector:foo=bar"
# label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse'
items:
type: string
type: array
@@ -680,9 +620,9 @@ spec:
description: Name of the referenced CustomResourceDefinition.
type: string
version:
description: |-
Version indicate which version should be used if CRD has multiple versions
by default it will use the first one if not specified
description: Version indicate which version should be
used if CRD has multiple versions by default it will
use the first one if not specified
type: string
required:
- name
@@ -705,17 +645,18 @@ spec:
component revision
type: boolean
schematic:
description: |-
Schematic defines the data format and template of the encapsulation of the trait.
Only CUE and Kube schematic are supported for now.
description: Schematic defines the data format and template
of the encapsulation of the trait. Only CUE and Kube schematic
are supported for now.
properties:
cue:
description: CUE defines the encapsulation in CUE format
properties:
template:
description: |-
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
Template is a required field if CUE is defined in Capability Definition.
description: Template defines the abstraction template
data of the capability, it will replace the old
CUE template in extension field. Template is a required
field if CUE is defined in Capability Definition.
type: string
required:
- template
@@ -780,11 +721,12 @@ spec:
- remote
type: string
writeConnectionSecretToRef:
description: |-
WriteConnectionSecretToReference specifies the namespace and name of a
Secret to which any connection details for this managed resource should
be written. Connection details frequently include the endpoint, username,
and password required to connect to the managed resource.
description: WriteConnectionSecretToReference specifies
the namespace and name of a Secret to which any
connection details for this managed resource should
be written. Connection details frequently include
the endpoint, username, and password required to
connect to the managed resource.
properties:
name:
description: Name of the secret.
@@ -800,10 +742,10 @@ spec:
type: object
type: object
stage:
description: |-
Stage defines the stage information to which this trait resource processing belongs.
Currently, PreDispatch and PostDispatch are provided, which are used to control resource
pre-process and post-process respectively.
description: Stage defines the stage information to which
this trait resource processing belongs. Currently, PreDispatch
and PostDispatch are provided, which are used to control
resource pre-process and post-process respectively.
type: string
status:
description: Status defines the custom health policy and status
@@ -813,17 +755,11 @@ spec:
description: CustomStatus defines the custom status message
that could display to user
type: string
details:
description: Details stores a string representation of
a CUE status map to be evaluated at runtime for display
type: string
healthPolicy:
description: HealthPolicy defines the health check policy
for the abstraction
type: string
type: object
version:
type: string
workloadRefPath:
description: WorkloadRefPath indicates where/if a trait accepts
a workloadRef object
@@ -838,15 +774,14 @@ spec:
description: A Condition that may apply to a resource.
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time this condition transitioned from one
status to another.
description: LastTransitionTime is the last time this
condition transitioned from one status to another.
format: date-time
type: string
message:
description: |-
A Message containing details about this condition's last transition from
one status to another, if any.
description: A Message containing details about this
condition's last transition from one status to another,
if any.
type: string
reason:
description: A Reason for this condition's last transition
@@ -857,9 +792,9 @@ spec:
True, False, or Unknown?
type: string
type:
description: |-
Type of this condition. At most one of each condition type may apply to
a resource at any point in time.
description: Type of this condition. At most one of
each condition type may apply to a resource at any
point in time.
type: string
required:
- lastTransitionTime
@@ -895,19 +830,16 @@ spec:
WorkflowStepDefinition
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
properties:
@@ -940,25 +872,26 @@ spec:
description: Name of the referenced CustomResourceDefinition.
type: string
version:
description: |-
Version indicate which version should be used if CRD has multiple versions
by default it will use the first one if not specified
description: Version indicate which version should be
used if CRD has multiple versions by default it will
use the first one if not specified
type: string
required:
- name
type: object
schematic:
description: |-
Schematic defines the data format and template of the encapsulation of the workflow step definition.
Only CUE schematic is supported for now.
description: Schematic defines the data format and template
of the encapsulation of the workflow step definition. Only
CUE schematic is supported for now.
properties:
cue:
description: CUE defines the encapsulation in CUE format
properties:
template:
description: |-
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
Template is a required field if CUE is defined in Capability Definition.
description: Template defines the abstraction template
data of the capability, it will replace the old
CUE template in extension field. Template is a required
field if CUE is defined in Capability Definition.
type: string
required:
- template
@@ -1023,11 +956,12 @@ spec:
- remote
type: string
writeConnectionSecretToRef:
description: |-
WriteConnectionSecretToReference specifies the namespace and name of a
Secret to which any connection details for this managed resource should
be written. Connection details frequently include the endpoint, username,
and password required to connect to the managed resource.
description: WriteConnectionSecretToReference specifies
the namespace and name of a Secret to which any
connection details for this managed resource should
be written. Connection details frequently include
the endpoint, username, and password required to
connect to the managed resource.
properties:
name:
description: Name of the secret.
@@ -1042,8 +976,6 @@ spec:
- configuration
type: object
type: object
version:
type: string
type: object
status:
description: WorkflowStepDefinitionStatus is the status of WorkflowStepDefinition
@@ -1054,15 +986,14 @@ spec:
description: A Condition that may apply to a resource.
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time this condition transitioned from one
status to another.
description: LastTransitionTime is the last time this
condition transitioned from one status to another.
format: date-time
type: string
message:
description: |-
A Message containing details about this condition's last transition from
one status to another, if any.
description: A Message containing details about this
condition's last transition from one status to another,
if any.
type: string
reason:
description: A Reason for this condition's last transition
@@ -1073,9 +1004,9 @@ spec:
True, False, or Unknown?
type: string
type:
description: |-
Type of this condition. At most one of each condition type may apply to
a resource at any point in time.
description: Type of this condition. At most one of
each condition type may apply to a resource at any
point in time.
type: string
required:
- lastTransitionTime

19
charts/vela-core/crds/core.oam.dev_policies.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.11.4
name: policies.core.oam.dev
spec:
group: core.oam.dev
@@ -26,19 +26,14 @@ spec:
description: Policy is the Schema for the policy API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object

106
charts/vela-core/crds/core.oam.dev_policydefinitions.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.11.4
name: policydefinitions.core.oam.dev
spec:
group: core.oam.dev
@@ -24,36 +24,20 @@ spec:
description: PolicyDefinition is the Schema for the policydefinitions API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PolicyDefinitionSpec defines the desired state of PolicyDefinition
properties:
cacheTTLSeconds:
default: -1
description: |-
CacheTTLSeconds defines how long the rendered policy output should be cached
before re-rendering. This is stored per-policy in the ConfigMap.
- -1 (default): Never refresh, always reuse cached result (deterministic)
- 0: Never cache, always re-render (useful for policies with external dependencies)
- >0: Cache for this many seconds before re-rendering
The prior cached result is available to the policy template as context.prior
format: int32
type: integer
definitionRef:
description: Reference to the CustomResourceDefinition that defines
this trait kind.
@@ -62,46 +46,30 @@ spec:
description: Name of the referenced CustomResourceDefinition.
type: string
version:
description: |-
Version indicate which version should be used if CRD has multiple versions
by default it will use the first one if not specified
description: Version indicate which version should be used if
CRD has multiple versions by default it will use the first one
if not specified
type: string
required:
- name
type: object
global:
description: |-
Global indicates this policy should automatically apply to all Applications
in this namespace (or all namespaces if in vela-system).
Global policies cannot be explicitly referenced in Application specs.
Requires EnableGlobalPolicies feature gate for discovery and
EnableApplicationScopedPolicies feature gate for execution.
type: boolean
manageHealthCheck:
description: |-
ManageHealthCheck means the policy will handle health checking and skip application controller
built-in health checking.
description: ManageHealthCheck means the policy will handle health
checking and skip application controller built-in health checking.
type: boolean
priority:
description: |-
Priority defines the order in which global policies are applied.
Higher priority policies run first. Policies with the same priority
are applied in alphabetical order by name.
If not specified, defaults to 0.
format: int32
type: integer
schematic:
description: |-
Schematic defines the data format and template of the encapsulation of the policy definition.
Only CUE schematic is supported for now.
description: Schematic defines the data format and template of the
encapsulation of the policy definition. Only CUE schematic is supported
for now.
properties:
cue:
description: CUE defines the encapsulation in CUE format
properties:
template:
description: |-
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
Template is a required field if CUE is defined in Capability Definition.
description: Template defines the abstraction template data
of the capability, it will replace the old CUE template
in extension field. Template is a required field if CUE
is defined in Capability Definition.
type: string
required:
- template
@@ -164,11 +132,11 @@ spec:
- remote
type: string
writeConnectionSecretToRef:
description: |-
WriteConnectionSecretToReference specifies the namespace and name of a
Secret to which any connection details for this managed resource should
be written. Connection details frequently include the endpoint, username,
and password required to connect to the managed resource.
description: WriteConnectionSecretToReference specifies the
namespace and name of a Secret to which any connection details
for this managed resource should be written. Connection
details frequently include the endpoint, username, and password
required to connect to the managed resource.
properties:
name:
description: Name of the secret.
@@ -183,17 +151,6 @@ spec:
- configuration
type: object
type: object
scope:
description: |-
Scope defines the scope at which this policy operates.
- DefaultScope (empty/omitted): Standard output-based policies (topology, override, etc.)
These generate Kubernetes resources from CUE templates with an 'output' field.
- ApplicationScope: Transform-based policies that modify the Application CR before parsing.
These use 'transforms' instead of 'output' and don't generate resources.
Requires EnableApplicationScopedPolicies feature gate.
type: string
version:
type: string
type: object
status:
description: PolicyDefinitionStatus is the status of PolicyDefinition
@@ -204,15 +161,13 @@ spec:
description: A Condition that may apply to a resource.
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time this condition transitioned from one
status to another.
description: LastTransitionTime is the last time this condition
transitioned from one status to another.
format: date-time
type: string
message:
description: |-
A Message containing details about this condition's last transition from
one status to another, if any.
description: A Message containing details about this condition's
last transition from one status to another, if any.
type: string
reason:
description: A Reason for this condition's last transition from
@@ -223,9 +178,8 @@ spec:
False, or Unknown?
type: string
type:
description: |-
Type of this condition. At most one of each condition type may apply to
a resource at any point in time.
description: Type of this condition. At most one of each condition
type may apply to a resource at any point in time.
type: string
required:
- lastTransitionTime

59
charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.11.4
name: resourcetrackers.core.oam.dev
spec:
group: core.oam.dev
@@ -38,19 +38,14 @@ spec:
resources
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -88,37 +83,33 @@ spec:
description: Deleted marks the resource to be deleted
type: boolean
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
description: 'If referring to a piece of an object instead of
an entire object, this string should contain a valid JSON/Go
field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen
only to have some well-defined way of referencing a part of
an object. TODO: this design is not final and this field is
subject to change in the future.'
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
raw:
type: object
x-kubernetes-preserve-unknown-fields: true
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
skipGC:
description: SkipGC marks the resource to skip gc
@@ -126,9 +117,7 @@ spec:
trait:
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
x-kubernetes-map-type: atomic

111
charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.11.4
name: traitdefinitions.core.oam.dev
spec:
group: core.oam.dev
@@ -28,26 +28,20 @@ spec:
name: v1beta1
schema:
openAPIV3Schema:
description: |-
A TraitDefinition registers a kind of Kubernetes custom resource as a valid
OAM trait kind by referencing its CustomResourceDefinition. The CRD is used
to validate the schema of the trait when it is embedded in an OAM
ApplicationConfiguration.
description: A TraitDefinition registers a kind of Kubernetes custom resource
as a valid OAM trait kind by referencing its CustomResourceDefinition. The
CRD is used to validate the schema of the trait when it is embedded in an
OAM ApplicationConfiguration.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -55,25 +49,20 @@ spec:
description: A TraitDefinitionSpec defines the desired state of a TraitDefinition.
properties:
appliesToWorkloads:
description: |-
AppliesToWorkloads specifies the list of workload kinds this trait
applies to. Workload kinds are specified in resource.group/version format,
e.g. server.core.oam.dev/v1alpha2. Traits that omit this field apply to
all workload kinds.
description: AppliesToWorkloads specifies the list of workload kinds
this trait applies to. Workload kinds are specified in resource.group/version
format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this
field apply to all workload kinds.
items:
type: string
type: array
conflictsWith:
description: |-
ConflictsWith specifies the list of traits(CRD name, Definition name, CRD group)
which could not apply to the same workloads with this trait.
Traits that omit this field can work with any other traits.
Example rules:
"service" # Trait definition name
"services.k8s.io" # API resource/crd name
"*.networking.k8s.io" # API group
"labelSelector:foo=bar" # label selector
labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse
description: 'ConflictsWith specifies the list of traits(CRD name,
Definition name, CRD group) which could not apply to the same workloads
with this trait. Traits that omit this field can work with any other
traits. Example rules: "service" # Trait definition name "services.k8s.io"
# API resource/crd name "*.networking.k8s.io" # API group "labelSelector:foo=bar"
# label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse'
items:
type: string
type: array
@@ -89,9 +78,9 @@ spec:
description: Name of the referenced CustomResourceDefinition.
type: string
version:
description: |-
Version indicate which version should be used if CRD has multiple versions
by default it will use the first one if not specified
description: Version indicate which version should be used if
CRD has multiple versions by default it will use the first one
if not specified
type: string
required:
- name
@@ -114,17 +103,18 @@ spec:
revision
type: boolean
schematic:
description: |-
Schematic defines the data format and template of the encapsulation of the trait.
Only CUE and Kube schematic are supported for now.
description: Schematic defines the data format and template of the
encapsulation of the trait. Only CUE and Kube schematic are supported
for now.
properties:
cue:
description: CUE defines the encapsulation in CUE format
properties:
template:
description: |-
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
Template is a required field if CUE is defined in Capability Definition.
description: Template defines the abstraction template data
of the capability, it will replace the old CUE template
in extension field. Template is a required field if CUE
is defined in Capability Definition.
type: string
required:
- template
@@ -187,11 +177,11 @@ spec:
- remote
type: string
writeConnectionSecretToRef:
description: |-
WriteConnectionSecretToReference specifies the namespace and name of a
Secret to which any connection details for this managed resource should
be written. Connection details frequently include the endpoint, username,
and password required to connect to the managed resource.
description: WriteConnectionSecretToReference specifies the
namespace and name of a Secret to which any connection details
for this managed resource should be written. Connection
details frequently include the endpoint, username, and password
required to connect to the managed resource.
properties:
name:
description: Name of the secret.
@@ -207,10 +197,10 @@ spec:
type: object
type: object
stage:
description: |-
Stage defines the stage information to which this trait resource processing belongs.
Currently, PreDispatch and PostDispatch are provided, which are used to control resource
pre-process and post-process respectively.
description: Stage defines the stage information to which this trait
resource processing belongs. Currently, PreDispatch and PostDispatch
are provided, which are used to control resource pre-process and
post-process respectively.
type: string
status:
description: Status defines the custom health policy and status message
@@ -220,17 +210,11 @@ spec:
description: CustomStatus defines the custom status message that
could display to user
type: string
details:
description: Details stores a string representation of a CUE status
map to be evaluated at runtime for display
type: string
healthPolicy:
description: HealthPolicy defines the health check policy for
the abstraction
type: string
type: object
version:
type: string
workloadRefPath:
description: WorkloadRefPath indicates where/if a trait accepts a
workloadRef object
@@ -245,15 +229,13 @@ spec:
description: A Condition that may apply to a resource.
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time this condition transitioned from one
status to another.
description: LastTransitionTime is the last time this condition
transitioned from one status to another.
format: date-time
type: string
message:
description: |-
A Message containing details about this condition's last transition from
one status to another, if any.
description: A Message containing details about this condition's
last transition from one status to another, if any.
type: string
reason:
description: A Reason for this condition's last transition from
@@ -264,9 +246,8 @@ spec:
False, or Unknown?
type: string
type:
description: |-
Type of this condition. At most one of each condition type may apply to
a resource at any point in time.
description: Type of this condition. At most one of each condition
type may apply to a resource at any point in time.
type: string
required:
- lastTransitionTime

33
charts/vela-core/crds/core.oam.dev_workflows.yaml
View File

@@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.9.0
creationTimestamp: null
name: workflows.core.oam.dev
spec:
group: core.oam.dev
@@ -22,19 +23,14 @@ spec:
description: Workflow is the Schema for the workflow API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -63,7 +59,6 @@ spec:
inputs:
description: Inputs is the inputs of the step
items:
description: InputItem defines an input variable of WorkflowStep
properties:
from:
type: string
@@ -71,6 +66,7 @@ spec:
type: string
required:
- from
- parameterKey
type: object
type: array
meta:
@@ -79,18 +75,12 @@ spec:
alias:
type: string
type: object
mode:
description: Mode is only valid for sub steps, it defines the mode
of the sub steps
nullable: true
type: string
name:
description: Name is the unique name of the workflow step.
type: string
outputs:
description: Outputs is the outputs of the step
items:
description: OutputItem defines an output variable of WorkflowStep
properties:
name:
type: string
@@ -120,7 +110,6 @@ spec:
inputs:
description: Inputs is the inputs of the step
items:
description: InputItem defines an input variable of WorkflowStep
properties:
from:
type: string
@@ -128,6 +117,7 @@ spec:
type: string
required:
- from
- parameterKey
type: object
type: array
meta:
@@ -142,7 +132,6 @@ spec:
outputs:
description: Outputs is the outputs of the step
items:
description: OutputItem defines an output variable of WorkflowStep
properties:
name:
type: string
@@ -164,6 +153,7 @@ spec:
description: Type is the type of the workflow step.
type: string
required:
- name
- type
type: object
type: array
@@ -174,6 +164,7 @@ spec:
description: Type is the type of the workflow step.
type: string
required:
- name
- type
type: object
type: array

65
charts/vela-core/crds/core.oam.dev_workflowstepdefinitions.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
controller-gen.kubebuilder.io/version: v0.11.4
name: workflowstepdefinitions.core.oam.dev
spec:
group: core.oam.dev
@@ -25,19 +25,14 @@ spec:
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -52,25 +47,26 @@ spec:
description: Name of the referenced CustomResourceDefinition.
type: string
version:
description: |-
Version indicate which version should be used if CRD has multiple versions
by default it will use the first one if not specified
description: Version indicate which version should be used if
CRD has multiple versions by default it will use the first one
if not specified
type: string
required:
- name
type: object
schematic:
description: |-
Schematic defines the data format and template of the encapsulation of the workflow step definition.
Only CUE schematic is supported for now.
description: Schematic defines the data format and template of the
encapsulation of the workflow step definition. Only CUE schematic
is supported for now.
properties:
cue:
description: CUE defines the encapsulation in CUE format
properties:
template:
description: |-
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
Template is a required field if CUE is defined in Capability Definition.
description: Template defines the abstraction template data
of the capability, it will replace the old CUE template
in extension field. Template is a required field if CUE
is defined in Capability Definition.
type: string
required:
- template
@@ -133,11 +129,11 @@ spec:
- remote
type: string
writeConnectionSecretToRef:
description: |-
WriteConnectionSecretToReference specifies the namespace and name of a
Secret to which any connection details for this managed resource should
be written. Connection details frequently include the endpoint, username,
and password required to connect to the managed resource.
description: WriteConnectionSecretToReference specifies the
namespace and name of a Secret to which any connection details
for this managed resource should be written. Connection
details frequently include the endpoint, username, and password
required to connect to the managed resource.
properties:
name:
description: Name of the secret.
@@ -152,8 +148,6 @@ spec:
- configuration
type: object
type: object
version:
type: string
type: object
status:
description: WorkflowStepDefinitionStatus is the status of WorkflowStepDefinition
@@ -164,15 +158,13 @@ spec:
description: A Condition that may apply to a resource.
properties:
lastTransitionTime:
description: |-
LastTransitionTime is the last time this condition transitioned from one
status to another.
description: LastTransitionTime is the last time this condition
transitioned from one status to another.
format: date-time
type: string
message:
description: |-
A Message containing details about this condition's last transition from
one status to another, if any.
description: A Message containing details about this condition's
last transition from one status to another, if any.
type: string
reason:
description: A Reason for this condition's last transition from
@@ -183,9 +175,8 @@ spec:
False, or Unknown?
type: string
type:
description: |-
Type of this condition. At most one of each condition type may apply to
a resource at any point in time.
description: Type of this condition. At most one of each condition
type may apply to a resource at any point in time.
type: string
required:
- lastTransitionTime

81
charts/vela-core/crds/cue.oam.dev_packages.yaml
View File

@@ -1,81 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: packages.cue.oam.dev
spec:
group: cue.oam.dev
names:
kind: Package
listKind: PackageList
plural: packages
shortNames:
- pkg
- cpkg
- cuepkg
- cuepackage
singular: package
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.path
name: PATH
type: string
- jsonPath: .spec.provider.protocol
name: PROTO
type: string
- jsonPath: .spec.provider.endpoint
name: ENDPOINT
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Package is an extension for cuex engine
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PackageSpec the spec for Package
properties:
path:
type: string
provider:
description: Provider the external Provider in Package for cuex to
run functions
properties:
endpoint:
type: string
protocol:
description: ProviderProtocol the protocol type for external Provider
type: string
required:
- endpoint
- protocol
type: object
templates:
additionalProperties:
type: string
type: object
required:
- path
- templates
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}

33
charts/vela-core/templates/NOTES.txt
View File

@@ -29,36 +29,3 @@ Welcome to use the KubeVela! Enjoy your shipping application journey!
You can refer to https://kubevela.io for more details.
{{- if and .Values.authentication.enabled (not .Values.authentication.withUser) }}
WARNING: Authentication is enabled but withUser is disabled.
This configuration provides NO security benefit:
- All applications will run as '{{ .Values.authentication.defaultUser }}' regardless of who creates them
- User groups matching '{{ .Values.authentication.groupPattern }}' are still collected but not used effectively
- Service account annotations are blocked
To enable true user impersonation for security:
--set authentication.withUser=true
{{- end }}
{{- if and (not .Values.authorization.definitionValidationEnabled) (not .Values.authentication.enabled) }}
SECURITY RECOMMENDATION: Both authentication and definition validation are disabled.
If KubeVela is running with cluster-admin or other high-level permissions,
consider enabling one or both security features:
1. Authentication with impersonation (recommended for multi-tenant environments):
--set authentication.enabled=true
--set authentication.withUser=true
This makes KubeVela impersonate the requesting user, applying their RBAC permissions.
Note: Both flags must be enabled for user impersonation to work.
2. Definition permission validation (lightweight RBAC for definitions):
--set authorization.definitionValidationEnabled=true
This ensures users can only reference definitions they have access to.
Using both features together provides defense in depth.
Without these protections, users can leverage KubeVela's permissions to deploy
resources beyond their intended access level.
{{- end }}

2
charts/vela-core/templates/admission-webhooks/job-patch/clusterrole.yaml
View File

@@ -4,7 +4,7 @@ kind: ClusterRole
metadata:
name: {{ template "kubevela.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade,post-rollback
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kubevela.name" . }}-admission

2
charts/vela-core/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
View File

@@ -4,7 +4,7 @@ kind: ClusterRoleBinding
metadata:
name: {{ template "kubevela.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade,post-rollback
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kubevela.name" . }}-admission

25
charts/vela-core/templates/admission-webhooks/job-patch/job-createSecret.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "kubevela.fullname" . }}-admission-create
name: {{ template "kubevela.fullname" . }}-admission-create
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
@@ -17,7 +17,7 @@ spec:
{{- end }}
template:
metadata:
name: {{ template "kubevela.fullname" . }}-admission-create
name: {{ template "kubevela.fullname" . }}-admission-create
labels:
app: {{ template "kubevela.name" . }}-admission-create
{{- include "kubevela.labels" . | nindent 8 }}
@@ -39,26 +39,17 @@ spec:
- --cert-name=tls.crt
restartPolicy: OnFailure
serviceAccountName: {{ template "kubevela.fullname" . }}-admission
{{- if .Values.admissionWebhooks.patch.nodeSelector }}
{{- with .Values.admissionWebhooks.patch.nodeSelector }}
nodeSelector:
{{- toYaml .Values.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- else if .Values.nodeSelector }}
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.admissionWebhooks.patch.affinity }}
{{- with .Values.admissionWebhooks.patch.affinity }}
affinity:
{{- toYaml .Values.admissionWebhooks.patch.affinity | nindent 8 }}
{{- else if .Values.affinity }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.admissionWebhooks.patch.tolerations }}
{{- with .Values.admissionWebhooks.patch.tolerations }}
tolerations:
{{- toYaml .Values.admissionWebhooks.patch.tolerations | nindent 8 }}
{{- else if .Values.tolerations }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
{{ toYaml . | indent 8 }}
{{- end }}
securityContext:
runAsGroup: 2000

27
charts/vela-core/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
View File

@@ -2,10 +2,10 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "kubevela.fullname" . }}-admission-patch
name: {{ template "kubevela.fullname" . }}-admission-patch
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-install,post-upgrade,post-rollback
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kubevela.name" . }}-admission-patch
@@ -17,7 +17,7 @@ spec:
{{- end }}
template:
metadata:
name: {{ template "kubevela.fullname" . }}-admission-patch
name: {{ template "kubevela.fullname" . }}-admission-patch
labels:
app: {{ template "kubevela.name" . }}-admission-patch
{{- include "kubevela.labels" . | nindent 8 }}
@@ -41,26 +41,13 @@ spec:
{{- end }}
restartPolicy: OnFailure
serviceAccountName: {{ template "kubevela.fullname" . }}-admission
{{- if .Values.admissionWebhooks.patch.nodeSelector }}
nodeSelector:
{{- toYaml .Values.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- else if .Values.nodeSelector }}
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.admissionWebhooks.patch.affinity }}
{{- with .Values.admissionWebhooks.patch.affinity }}
affinity:
{{- toYaml .Values.admissionWebhooks.patch.affinity | nindent 8 }}
{{- else if .Values.affinity }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.admissionWebhooks.patch.tolerations }}
{{- with .Values.admissionWebhooks.patch.tolerations }}
tolerations:
{{- toYaml .Values.admissionWebhooks.patch.tolerations | nindent 8 }}
{{- else if .Values.tolerations }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
{{ toYaml . | indent 8 }}
{{- end }}
securityContext:
runAsGroup: 2000

2
charts/vela-core/templates/admission-webhooks/job-patch/role.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: {{ template "kubevela.fullname" . }}-admission
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade,post-rollback
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kubevela.name" . }}-admission

2
charts/vela-core/templates/admission-webhooks/job-patch/rolebinding.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: {{ template "kubevela.fullname" . }}-admission
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade,post-rollback
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kubevela.name" . }}-admission

2
charts/vela-core/templates/admission-webhooks/job-patch/serviceaccount.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: {{ template "kubevela.fullname" . }}-admission
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade,post-rollback
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kubevela.name" . }}-admission

16
charts/vela-core/templates/admission-webhooks/mutatingWebhookConfiguration.yaml
View File

@@ -1,14 +1,4 @@
{{- if .Values.admissionWebhooks.enabled -}}
{{- /* Preserve existing caBundle on upgrade to avoid breaking admission if hooks fail. */}}
{{- $mName := printf "%s-admission" (include "kubevela.fullname" .) -}}
{{- $existing := (lookup "admissionregistration.k8s.io/v1" "MutatingWebhookConfiguration" "" $mName) -}}
{{- $vals := dict "apps" "" "comps" "" -}}
{{- if $existing -}}
{{- range $existing.webhooks -}}
{{- if eq .name "mutating.core.oam.dev.v1beta1.applications" -}}{{- $_ := set $vals "apps" .clientConfig.caBundle -}}{{- end -}}
{{- if eq .name "mutating.core.oam-dev.v1beta1.componentdefinitions" -}}{{- $_ := set $vals "comps" .clientConfig.caBundle -}}{{- end -}}
{{- end -}}
{{- end -}}
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
@@ -20,7 +10,7 @@ metadata:
{{- end }}
webhooks:
- clientConfig:
caBundle: {{ default "Cg==" (get $vals "apps") }}
caBundle: Cg==
service:
name: {{ template "kubevela.name" . }}-webhook
namespace: {{ .Release.Namespace }}
@@ -45,9 +35,8 @@ webhooks:
- UPDATE
resources:
- applications
timeoutSeconds: {{ .Values.admissionWebhookTimeout }}
- clientConfig:
caBundle: {{ default "Cg==" (get $vals "comps") }}
caBundle: Cg==
service:
name: {{ template "kubevela.name" . }}-webhook
namespace: {{ .Release.Namespace }}
@@ -72,6 +61,5 @@ webhooks:
- UPDATE
resources:
- componentdefinitions
timeoutSeconds: {{ .Values.admissionWebhookTimeout }}
{{- end -}}

57
charts/vela-core/templates/admission-webhooks/validatingWebhookConfiguration.yaml
View File

@@ -1,16 +1,4 @@
{{- if .Values.admissionWebhooks.enabled -}}
{{- /* Preserve existing caBundle on upgrade to avoid breaking admission if hooks fail. */}}
{{- $vName := printf "%s-admission" (include "kubevela.fullname" .) -}}
{{- $existing := (lookup "admissionregistration.k8s.io/v1" "ValidatingWebhookConfiguration" "" $vName) -}}
{{- $vals := dict "traits" "" "apps" "" "comps" "" "policies" "" -}}
{{- if $existing -}}
{{- range $existing.webhooks -}}
{{- if eq .name "validating.core.oam.dev.v1beta1.traitdefinitions" -}}{{- $_ := set $vals "traits" .clientConfig.caBundle -}}{{- end -}}
{{- if eq .name "validating.core.oam.dev.v1beta1.applications" -}}{{- $_ := set $vals "apps" .clientConfig.caBundle -}}{{- end -}}
{{- if eq .name "validating.core.oam-dev.v1beta1.componentdefinitions" -}}{{- $_ := set $vals "comps" .clientConfig.caBundle -}}{{- end -}}
{{- if eq .name "validating.core.oam-dev.v1beta1.policydefinitions" -}}{{- $_ := set $vals "policies" .clientConfig.caBundle -}}{{- end -}}
{{- end -}}
{{- end -}}
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
@@ -22,17 +10,17 @@ metadata:
{{- end }}
webhooks:
- clientConfig:
caBundle: {{ default "Cg==" (get $vals "traits") }}
caBundle: Cg==
service:
name: {{ template "kubevela.name" . }}-webhook
namespace: {{ .Release.Namespace }}
path: /validating-core-oam-dev-v1beta1-traitdefinitions
path: /validating-core-oam-dev-v1alpha2-traitdefinitions
{{- if .Values.admissionWebhooks.patch.enabled }}
failurePolicy: Ignore
{{- else }}
failurePolicy: {{ .Values.admissionWebhooks.failurePolicy }}
{{- end }}
name: validating.core.oam.dev.v1beta1.traitdefinitions
name: validating.core.oam.dev.v1alpha2.traitdefinitions
sideEffects: None
admissionReviewVersions:
- v1beta1
@@ -47,9 +35,10 @@ webhooks:
- UPDATE
resources:
- traitdefinitions
timeoutSeconds: {{ .Values.admissionWebhookTimeout }}
scope: Cluster
timeoutSeconds: 5
- clientConfig:
caBundle: {{ default "Cg==" (get $vals "apps") }}
caBundle: Cg==
service:
name: {{ template "kubevela.name" . }}-webhook
namespace: {{ .Release.Namespace }}
@@ -74,9 +63,8 @@ webhooks:
- UPDATE
resources:
- applications
timeoutSeconds: {{ .Values.admissionWebhookTimeout }}
- clientConfig:
caBundle: {{ default "Cg==" (get $vals "comps") }}
caBundle: Cg==
service:
name: {{ template "kubevela.name" . }}-webhook
namespace: {{ .Release.Namespace }}
@@ -101,9 +89,8 @@ webhooks:
- UPDATE
resources:
- componentdefinitions
timeoutSeconds: {{ .Values.admissionWebhookTimeout }}
- clientConfig:
caBundle: {{ default "Cg==" (get $vals "policies") }}
caBundle: Cg==
service:
name: {{ template "kubevela.name" . }}-webhook
namespace: {{ .Release.Namespace }}
@@ -128,32 +115,4 @@ webhooks:
- UPDATE
resources:
- policydefinitions
timeoutSeconds: {{ .Values.admissionWebhookTimeout }}
- clientConfig:
caBundle: Cg==
service:
name: {{ template "kubevela.name" . }}-webhook
namespace: {{ .Release.Namespace }}
path: /validating-core-oam-dev-v1beta1-workflowstepdefinitions
{{- if .Values.admissionWebhooks.patch.enabled }}
failurePolicy: Ignore
{{- else }}
failurePolicy: Fail
{{- end }}
name: validating.core.oam-dev.v1beta1.workflowstepdefinitions
sideEffects: None
admissionReviewVersions:
- v1beta1
- v1
rules:
- apiGroups:
- core.oam.dev
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- workflowstepdefinitions
timeoutSeconds: {{ .Values.admissionWebhookTimeout }}
{{- end -}}

3
charts/vela-core/templates/cluster-gateway/cluster-gateway.yaml
View File

@@ -124,7 +124,6 @@ spec:
- protocol: TCP
port: {{ .Values.multicluster.clusterGateway.port }}
targetPort: {{ .Values.multicluster.clusterGateway.port }}
name: default
---
# 1. Check whether APIService ""v1alpha1.cluster.core.oam.dev" is already present in the cluster
# 2.a If the APIService doesn't exist, create it.
@@ -190,4 +189,4 @@ subjects:
- kind: ServiceAccount
name: {{ include "kubevela.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{ end }}
{{ end }}

26
charts/vela-core/templates/cluster-gateway/job-patch.yaml
View File

@@ -95,18 +95,6 @@ spec:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
---
apiVersion: batch/v1
kind: Job
@@ -150,16 +138,4 @@ spec:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{ end }}
{{ end }}

6
charts/vela-core/templates/defwithtemplate/affinity.yaml
View File

@@ -31,9 +31,6 @@ spec:
if k.namespace != _|_ {
namespace: k.namespace
}
if k.namespaces != _|_ {
namespaces: k.namespaces
}
topologyKey: k.topologyKey
if k.namespaceSelector != _|_ {
namespaceSelector: k.namespaceSelector
@@ -60,9 +57,6 @@ spec:
if k.namespace != _|_ {
namespace: k.namespace
}
if k.namespaces != _|_ {
namespaces: k.namespaces
}
topologyKey: k.topologyKey
if k.namespaceSelector != _|_ {
namespaceSelector: k.namespaceSelector

4
charts/vela-core/templates/defwithtemplate/apply-application-in-parallel.yaml
View File

@@ -15,7 +15,9 @@ spec:
schematic:
cue:
template: |
import "vela/op"
import (
"vela/op"
)
output: op.#ApplyApplicationInParallel & {}

4
charts/vela-core/templates/defwithtemplate/apply-application.yaml
View File

@@ -16,7 +16,9 @@ spec:
schematic:
cue:
template: |
import "vela/op"
import (
"vela/op"
)
// apply application
output: op.#ApplyApplication & {}

55
charts/vela-core/templates/defwithtemplate/apply-deployment.yaml
View File

@@ -13,38 +13,39 @@ spec:
schematic:
cue:
template: |
import "vela/kube"
import "vela/builtin"
import (
"strconv"
"strings"
"vela/op"
)
output: kube.#Apply & {
$params: {
cluster: parameter.cluster
value: {
apiVersion: "apps/v1"
kind: "Deployment"
metadata: {
name: context.stepName
namespace: context.namespace
}
spec: {
selector: matchLabels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
replicas: parameter.replicas
template: {
metadata: labels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
spec: containers: [{
name: context.stepName
image: parameter.image
if parameter["cmd"] != _|_ {
command: parameter.cmd
}
}]
}
output: op.#Apply & {
cluster: parameter.cluster
value: {
apiVersion: "apps/v1"
kind: "Deployment"
metadata: {
name: context.stepName
namespace: context.namespace
}
spec: {
selector: matchLabels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
replicas: parameter.replicas
template: {
metadata: labels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
spec: containers: [{
name: context.stepName
image: parameter.image
if parameter["cmd"] != _|_ {
command: parameter.cmd
}
}]
}
}
}
}
wait: builtin.#ConditionalWait & {
$params: continue: output.$returns.value.status.readyReplicas == parameter.replicas
wait: op.#ConditionalWait & {
continue: output.value.status.readyReplicas == parameter.replicas
}
parameter: {
image: string

10
charts/vela-core/templates/defwithtemplate/apply-object.yaml
View File

@@ -12,12 +12,14 @@ spec:
schematic:
cue:
template: |
import "vela/kube"
import (
"vela/op"
)
apply: kube.#Apply & {
$params: parameter
apply: op.#Apply & {
value: parameter.value
cluster: parameter.cluster
}
parameter: {
// +usage=Specify Kubernetes native resource object to be applied
value: {...}

4
charts/vela-core/templates/defwithtemplate/apply-remaining.yaml
View File

@@ -16,7 +16,9 @@ spec:
schematic:
cue:
template: |
import "vela/op"
import (
"vela/op"
)
// apply remaining components and traits
apply: op.#ApplyRemaining & {

15
charts/vela-core/templates/defwithtemplate/apply-terraform-config.yaml
View File

@@ -13,11 +13,12 @@ spec:
schematic:
cue:
template: |
import "vela/kube"
import "vela/builtin"
import (
"vela/op"
)
apply: kube.#Apply & {
$params: value: {
apply: op.#Apply & {
value: {
apiVersion: "terraform.core.oam.dev/v1beta2"
kind: "Configuration"
metadata: {
@@ -52,10 +53,8 @@ spec:
}
}
}
check: builtin.#ConditionalWait & {
if apply.$returns.value.status != _|_ if apply.$returns.value.status.apply != _|_ {
$params: continue: apply.$returns.value.status.apply.state == "Available"
}
check: op.#ConditionalWait & {
continue: apply.value.status != _|_ && apply.value.status.apply != _|_ && apply.value.status.apply.state == "Available"
}
parameter: {
// +usage=specify the source of the terraform configuration

122
charts/vela-core/templates/defwithtemplate/apply-terraform-provider.yaml
View File

@@ -13,63 +13,62 @@ spec:
schematic:
cue:
template: |
import "vela/config"
import "vela/kube"
import "vela/builtin"
import (
"vela/op"
"strings"
)
cfg: config.#CreateConfig & {
$params: {
name: "\(context.name)-\(context.stepName)"
namespace: context.namespace
template: "terraform-\(parameter.type)"
config: {
name: parameter.name
if parameter.type == "alibaba" {
ALICLOUD_ACCESS_KEY: parameter.accessKey
ALICLOUD_SECRET_KEY: parameter.secretKey
ALICLOUD_REGION: parameter.region
}
if parameter.type == "aws" {
AWS_ACCESS_KEY_ID: parameter.accessKey
AWS_SECRET_ACCESS_KEY: parameter.secretKey
AWS_DEFAULT_REGION: parameter.region
AWS_SESSION_TOKEN: parameter.token
}
if parameter.type == "azure" {
ARM_CLIENT_ID: parameter.clientID
ARM_CLIENT_SECRET: parameter.clientSecret
ARM_SUBSCRIPTION_ID: parameter.subscriptionID
ARM_TENANT_ID: parameter.tenantID
}
if parameter.type == "baidu" {
BAIDUCLOUD_ACCESS_KEY: parameter.accessKey
BAIDUCLOUD_SECRET_KEY: parameter.secretKey
BAIDUCLOUD_REGION: parameter.region
}
if parameter.type == "ec" {
EC_API_KEY: parameter.apiKey
}
if parameter.type == "gcp" {
GOOGLE_CREDENTIALS: parameter.credentials
GOOGLE_REGION: parameter.region
GOOGLE_PROJECT: parameter.project
}
if parameter.type == "tencent" {
TENCENTCLOUD_SECRET_ID: parameter.secretID
TENCENTCLOUD_SECRET_KEY: parameter.secretKey
TENCENTCLOUD_REGION: parameter.region
}
if parameter.type == "ucloud" {
UCLOUD_PRIVATE_KEY: parameter.privateKey
UCLOUD_PUBLIC_KEY: parameter.publicKey
UCLOUD_PROJECT_ID: parameter.projectID
UCLOUD_REGION: parameter.region
}
config: op.#CreateConfig & {
name: "\(context.name)-\(context.stepName)"
namespace: context.namespace
template: "terraform-\(parameter.type)"
config: {
name: parameter.name
if parameter.type == "alibaba" {
ALICLOUD_ACCESS_KEY: parameter.accessKey
ALICLOUD_SECRET_KEY: parameter.secretKey
ALICLOUD_REGION: parameter.region
}
if parameter.type == "aws" {
AWS_ACCESS_KEY_ID: parameter.accessKey
AWS_SECRET_ACCESS_KEY: parameter.secretKey
AWS_DEFAULT_REGION: parameter.region
AWS_SESSION_TOKEN: parameter.token
}
if parameter.type == "azure" {
ARM_CLIENT_ID: parameter.clientID
ARM_CLIENT_SECRET: parameter.clientSecret
ARM_SUBSCRIPTION_ID: parameter.subscriptionID
ARM_TENANT_ID: parameter.tenantID
}
if parameter.type == "baidu" {
BAIDUCLOUD_ACCESS_KEY: parameter.accessKey
BAIDUCLOUD_SECRET_KEY: parameter.secretKey
BAIDUCLOUD_REGION: parameter.region
}
if parameter.type == "ec" {
EC_API_KEY: parameter.apiKey
}
if parameter.type == "gcp" {
GOOGLE_CREDENTIALS: parameter.credentials
GOOGLE_REGION: parameter.region
GOOGLE_PROJECT: parameter.project
}
if parameter.type == "tencent" {
TENCENTCLOUD_SECRET_ID: parameter.secretID
TENCENTCLOUD_SECRET_KEY: parameter.secretKey
TENCENTCLOUD_REGION: parameter.region
}
if parameter.type == "ucloud" {
UCLOUD_PRIVATE_KEY: parameter.privateKey
UCLOUD_PUBLIC_KEY: parameter.publicKey
UCLOUD_PROJECT_ID: parameter.projectID
UCLOUD_REGION: parameter.region
}
}
}
read: kube.#Read & {
$params: value: {
read: op.#Read & {
value: {
apiVersion: "terraform.core.oam.dev/v1beta1"
kind: "Provider"
metadata: {
@@ -78,15 +77,18 @@ spec:
}
}
}
check: builtin.#ConditionalWait & {
if read.$returns.value.status != _|_ {
$params: continue: read.$returns.value.status.state == "ready"
check: op.#ConditionalWait & {
if read.value.status != _|_ {
continue: read.value.status.state == "ready"
}
if read.value.status == _|_ {
continue: false
}
}
providerBasic: {
accessKey!: string
secretKey!: string
region!: string
accessKey: string
secretKey: string
region: string
}
#AlibabaProvider: {
providerBasic
@@ -138,5 +140,5 @@ spec:
type: "ucloud"
name: *"ucloud-provider" | string
}
parameter: #AlibabaProvider | #AWSProvider | #AzureProvider | #BaiduProvider | #ECProvider | #GCPProvider | #TencentProvider | #UCloudProvider
parameter: *#AlibabaProvider | #AWSProvider | #AzureProvider | #BaiduProvider | #ECProvider | #GCPProvider | #TencentProvider | #UCloudProvider

27
charts/vela-core/templates/defwithtemplate/build-push-image.yaml
View File

@@ -13,10 +13,11 @@ spec:
schematic:
cue:
template: |
import "vela/builtin"
import "vela/kube"
import "vela/util"
import "strings"
import (
"vela/op"
"encoding/json"
"strings"
)
url: {
if parameter.context.git != _|_ {
@@ -27,8 +28,8 @@ spec:
value: parameter.context
}
}
kaniko: kube.#Apply & {
$params: value: {
kaniko: op.#Apply & {
value: {
apiVersion: "v1"
kind: "Pod"
metadata: {
@@ -94,14 +95,14 @@ spec:
}
}
}
log: util.#Log & {
$params: source: resources: [{
log: op.#Log & {
source: resources: [{
name: "\(context.name)-\(context.stepSessionID)-kaniko"
namespace: context.namespace
}]
}
read: kube.#Read & {
$params: value: {
read: op.#Read & {
value: {
apiVersion: "v1"
kind: "Pod"
metadata: {
@@ -110,10 +111,8 @@ spec:
}
}
}
wait: builtin.#ConditionalWait & {
if read.$returns.value.status != _|_ {
$params: continue: read.$returns.value.status.phase == "Succeeded"
}
wait: op.#ConditionalWait & {
continue: read.value.status != _|_ && read.value.status.phase == "Succeeded"
}
#secret: {
name: string

39
charts/vela-core/templates/defwithtemplate/check-metrics.yaml
View File

@@ -14,34 +14,33 @@ spec:
schematic:
cue:
template: |
import "vela/metrics"
import "vela/builtin"
import (
"vela/op"
)
check: metrics.#PromCheck & {
$params: {
query: parameter.query
metricEndpoint: parameter.metricEndpoint
condition: parameter.condition
stepID: context.stepSessionID
duration: parameter.duration
failDuration: parameter.failDuration
}
check: op.#PromCheck & {
query: parameter.query
metricEndpoint: parameter.metricEndpoint
condition: parameter.condition
stepID: context.stepSessionID
duration: parameter.duration
failDuration: parameter.failDuration
}
fail: {
if check.$returns.failed != _|_ {
if check.$returns.failed == true {
breakWorkflow: builtin.#Fail & {
$params: message: check.$returns.message
fail: op.#Steps & {
if check.failed != _|_ {
if check.failed == true {
breakWorkflow: op.#Fail & {
message: check.message
}
}
}
}
wait: builtin.#ConditionalWait & {
$params: continue: check.$returns.result
if check.$returns.message != _|_ {
$params: message: check.$returns.message
wait: op.#ConditionalWait & {
continue: check.result
if check.message != _|_ {
message: check.message
}
}

Some files were not shown because too many files have changed in this diff Show More