[Backport release-1.4] Fix: gc failure cause workflow restart not working properly (#5241)

* Fix: gc failure cause workflow restart not working properly

Signed-off-by: Somefive <yd219913@alibaba-inc.com>

* Feat: switch ci machine

Signed-off-by: Somefive <yd219913@alibaba-inc.com>

* Fix: enhance test

Signed-off-by: Somefive <yd219913@alibaba-inc.com>

Signed-off-by: Somefive <yd219913@alibaba-inc.com>

.github/CODEOWNERS

@@ -1,7 +1,7 @@
 # This file is a github code protect rule follow the codeowners https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners#example-of-a-codeowners-file
 
-*                                  @hongchaodeng @wonderflow @leejanee
-design/                            @hongchaodeng @resouer @wonderflow
+*                                  @barnettZQG @wonderflow @leejanee
+design/                            @barnettZQG @leejanee @wonderflow
 
 # Owner of CUE
 pkg/cue                            @leejanee @FogDong

.github/PULL_REQUEST_TEMPLATE.md

@@ -13,8 +13,8 @@ Fixes #
 
 I have:
 
-- [ ] Read and followed KubeVela's [contribution process](https://github.com/oam-dev/kubevela/blob/master/contribute/create-pull-request.md).
-- [ ] [Related Docs](https://github.com/oam-dev/kubevela.io) updated properly. In a new feature or configuration option, an update to the documentation is necessary. 
+- [ ] Read and followed KubeVela's [contribution process](https://github.com/kubevela/kubevela/blob/master/contribute/create-pull-request.md).
+- [ ] [Related Docs](https://github.com/kubevela/kubevela.io) updated properly. In a new feature or configuration option, an update to the documentation is necessary. 
 - [ ] Run `make reviewable` to ensure this PR is ready for review.
 - [ ] Added `backport release-x.y` labels to auto-backport this PR if necessary.
 

.github/bot.md

@@ -1,9 +1,9 @@
 ### GitHub & kubevela automation
 
-The bot is configured via [issue-commands.json](https://github.com/oam-dev/kubevela/blob/master/.github/workflows/issue-commands.json) 
-and some other GitHub [workflows](https://github.com/oam-dev/kubevela/blob/master/.github/workflows).
+The bot is configured via [issue-commands.json](https://github.com/kubevela/kubevela/blob/master/.github/workflows/issue-commands.json) 
+and some other GitHub [workflows](https://github.com/kubevela/kubevela/blob/master/.github/workflows).
 By default, users with write access to the repo is allowed to use the comments, 
-the [userlist](https://github.com/oam-dev/kubevela/blob/master/.github/comment.userlist) 
+the [userlist](https://github.com/kubevela/kubevela/blob/master/.github/comment.userlist) 
 file is for adding additional members who do not have access and want to contribute to the issue triage.
 
 Comment commands:
@@ -14,7 +14,7 @@ Comment commands:
 * Write the word `/area/*` in a comment, and the bot will add the corresponding label `/area/*`.
 * Write the word `/priority/*` in a comment, and the bot will add the corresponding label `/priority/*`.
 
-The `*` mention above represent a specific word. Please read the details about label category in [ISSUE_TRIAGE.md](https://github.com/oam-dev/kubevela/blob/master/ISSUE_TRIAGE.md)  
+The `*` mention above represent a specific word. Please read the details about label category in [ISSUE_TRIAGE.md](https://github.com/kubevela/kubevela/blob/master/ISSUE_TRIAGE.md)  
 
 Label commands:
 

.github/workflows/apiserver-test.yaml

@@ -6,7 +6,9 @@ on:
       - master
       - release-*
       - apiserver
-  workflow_dispatch: {}
+    tags:
+      - v*
+  workflow_dispatch: { }
   pull_request:
     branches:
       - master
@@ -18,6 +20,8 @@ env:
   GO_VERSION: '1.17'
   GOLANGCI_VERSION: 'v1.38'
   KIND_VERSION: 'v0.7.0'
+  KIND_IMAGE_VERSION: '[\"v1.20.7\"]'
+  KIND_IMAGE_VERSIONS: '[\"v1.18.20\",\"v1.20.7\",\"v1.22.7\"]'
 
 jobs:
 
@@ -35,10 +39,28 @@ jobs:
           do_not_skip: '["workflow_dispatch", "schedule", "push"]'
           concurrent_skipping: false
 
+  set-k8s-matrix:
+    runs-on: ubuntu-20.04
+    outputs:
+      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
+    steps:
+      - id: set-k8s-matrix
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            echo "pushing tag: ${{ github.ref_name }}"
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSIONS }}"
+          else
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSION }}"
+          fi
+
+
   apiserver-unit-tests:
-    runs-on: aliyun
-    needs: detect-noop
+    runs-on: aliyun-legacy
+    needs: [ detect-noop,set-k8s-matrix ]
     if: needs.detect-noop.outputs.noop != 'true'
+    strategy:
+      matrix:
+        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}
 
     steps:
       - name: Set up Go
@@ -65,7 +87,7 @@ jobs:
       - name: Setup Kind Cluster (Worker)
         run: |
           kind delete cluster --name worker
-          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4 --name worker
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }} --name worker
           kubectl version
           kubectl cluster-info
           kind get kubeconfig --name worker --internal > /tmp/worker.kubeconfig
@@ -74,9 +96,12 @@ jobs:
       - name: Setup Kind Cluster (Hub)
         run: |
           kind delete cluster
-          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }}
           kubectl version
           kubectl cluster-info
+      
+      - name: Run api server unit test
+        run: make unit-test-apiserver
 
       - name: Load Image to kind cluster
         run: make kind-load
@@ -84,19 +109,15 @@ jobs:
       - name: Cleanup for e2e tests
         run: |
           make e2e-cleanup
-          make e2e-setup-core
-
           make vela-cli
+          make e2e-setup-core
           bin/vela addon enable fluxcd
           timeout 600s bash -c -- 'while true; do kubectl get ns flux-system; if [ $? -eq 0 ] ; then break; else sleep 5; fi;done'
           kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=vela-core,app.kubernetes.io/instance=kubevela -n vela-system --timeout=600s
           kubectl wait --for=condition=Ready pod -l app=source-controller -n flux-system --timeout=600s
           kubectl wait --for=condition=Ready pod -l app=helm-controller -n flux-system --timeout=600s
 
-      - name: Run apiserver unit test
-        run: make unit-test-apiserver
-
-      - name: Run apiserver e2e test
+      - name: Run api server e2e test
         run: |
           export ALIYUN_ACCESS_KEY_ID=${{ secrets.ALIYUN_ACCESS_KEY_ID }}
           export ALIYUN_ACCESS_KEY_SECRET=${{ secrets.ALIYUN_ACCESS_KEY_SECRET }}

.github/workflows/chart.yaml

@@ -0,0 +1,89 @@
+name: Publish Chart
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch: { }
+
+env:
+  BUCKET: ${{ secrets.OSS_BUCKET }}
+  ENDPOINT: ${{ secrets.OSS_ENDPOINT }}
+  ACCESS_KEY: ${{ secrets.OSS_ACCESS_KEY }}
+  ACCESS_KEY_SECRET: ${{ secrets.OSS_ACCESS_KEY_SECRET }}
+  ARTIFACT_HUB_REPOSITORY_ID: ${{ secrets.ARTIFACT_HUB_REPOSITORY_ID }}
+
+jobs:  
+  publish-charts:
+    env:
+      HELM_CHARTS_DIR: charts
+      HELM_CHART: charts/vela-core
+      MINIMAL_HELM_CHART: charts/vela-minimal
+      LEGACY_HELM_CHART: legacy/charts/vela-core-legacy
+      VELA_ROLLOUT_HELM_CHART: runtime/rollout/charts
+      LOCAL_OSS_DIRECTORY: .oss/
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@master
+      - name: Get git revision
+        id: vars
+        shell: bash
+        run: |
+          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.0
+      - name: Setup node
+        uses: actions/setup-node@v2
+        with:
+          node-version: '14'
+      - name: Generate helm doc
+        run: |
+          make helm-doc-gen
+      - name: Prepare legacy chart
+        run: |
+          rsync -r $LEGACY_HELM_CHART $HELM_CHARTS_DIR
+          rsync -r $HELM_CHART/* $LEGACY_HELM_CHART --exclude=Chart.yaml --exclude=crds
+      - name: Prepare vela chart
+        run: |
+          rsync -r $VELA_ROLLOUT_HELM_CHART $HELM_CHARTS_DIR
+      - name: Get the version
+        id: get_version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/}
+          echo ::set-output name=VERSION::${VERSION}
+      - name: Tag helm chart image
+        run: |
+          image_tag=${{ steps.get_version.outputs.VERSION }}
+          chart_version=${{ steps.get_version.outputs.VERSION }}
+          sed -i "s/latest/${image_tag}/g" $HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $MINIMAL_HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $LEGACY_HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $VELA_ROLLOUT_HELM_CHART/values.yaml
+          chart_smever=${chart_version#"v"}
+          sed -i "s/0.1.0/$chart_smever/g" $HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $MINIMAL_HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $LEGACY_HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $VELA_ROLLOUT_HELM_CHART/Chart.yaml
+      - name: Install ossutil
+        run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
+      - name: Configure Alibaba Cloud OSSUTIL
+        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT} -c .ossutilconfig
+      - name: sync cloud to local
+        run: ./ossutil --config-file .ossutilconfig sync oss://$BUCKET/core $LOCAL_OSS_DIRECTORY
+      - name: add artifacthub stuff to the repo
+        run: |
+          rsync $HELM_CHART/README.md $LEGACY_HELM_CHART/README.md
+          rsync $HELM_CHART/README.md $VELA_ROLLOUT_HELM_CHART/README.md
+          sed -i "s/ARTIFACT_HUB_REPOSITORY_ID/$ARTIFACT_HUB_REPOSITORY_ID/g" hack/artifacthub/artifacthub-repo.yml
+          rsync hack/artifacthub/artifacthub-repo.yml $LOCAL_OSS_DIRECTORY
+      - name: Package helm charts
+        run: |
+          helm package $HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $MINIMAL_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $LEGACY_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $VELA_ROLLOUT_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm repo index --url https://$BUCKET.$ENDPOINT/core $LOCAL_OSS_DIRECTORY
+      - name: sync local to cloud
+        run: ./ossutil --config-file .ossutilconfig sync $LOCAL_OSS_DIRECTORY oss://$BUCKET/core -f

.github/workflows/e2e-multicluster-test.yml

@@ -5,6 +5,8 @@ on:
     branches:
       - master
       - release-*
+    tags:
+      - v*
   workflow_dispatch: {}
   pull_request:
     branches:
@@ -16,6 +18,8 @@ env:
   GO_VERSION: '1.17'
   GOLANGCI_VERSION: 'v1.38'
   KIND_VERSION: 'v0.7.0'
+  KIND_IMAGE_VERSION: '[\"v1.20.7\"]'
+  KIND_IMAGE_VERSIONS: '[\"v1.18.20\",\"v1.20.7\",\"v1.22.7\"]'
 
 jobs:
 
@@ -33,10 +37,29 @@ jobs:
           do_not_skip: '["workflow_dispatch", "schedule", "push"]'
           concurrent_skipping: false
 
+  set-k8s-matrix:
+    runs-on: ubuntu-20.04
+    outputs:
+      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
+    steps:
+      - id: set-k8s-matrix
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            echo "pushing tag: ${{ github.ref_name }}"
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSIONS }}"
+          else
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSION }}"
+          fi
+
+
   e2e-multi-cluster-tests:
-    runs-on: aliyun
-    needs: detect-noop
+    runs-on: aliyun-legacy
+    needs: [ detect-noop,set-k8s-matrix ]
     if: needs.detect-noop.outputs.noop != 'true'
+    strategy:
+      matrix:
+        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}
+
 
     steps:
       - name: Check out code into the Go module directory
@@ -60,7 +83,7 @@ jobs:
       - name: Setup Kind Cluster (Worker)
         run: |
           kind delete cluster --name worker
-          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4 --name worker
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }} --name worker
           kubectl version
           kubectl cluster-info
           kind get kubeconfig --name worker --internal > /tmp/worker.kubeconfig
@@ -69,24 +92,22 @@ jobs:
       - name: Setup Kind Cluster (Hub)
         run: |
           kind delete cluster
-          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }}
           kubectl version
           kubectl cluster-info
 
       - name: Load Image to kind cluster (Hub)
-        run: make kind-load
-
-      - name: Load Image to kind cluster (Worker)
         run: |
+          make kind-load
           make kind-load-runtime-cluster
 
       - name: Cleanup for e2e tests
         run: |
           make e2e-cleanup
-          make e2e-setup-core
+          make vela-cli
+          make e2e-setup-core-auth
           make
           make setup-runtime-e2e-cluster
-          make vela-cli
 
       - name: Run e2e multicluster tests
         run: |
@@ -100,7 +121,7 @@ jobs:
         uses: codecov/codecov-action@v1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-          files: /tmp/e2e-profile.out
+          files: /tmp/e2e-profile.out,/tmp/e2e_multicluster_test.out
           flags: e2e-multicluster-test
           name: codecov-umbrella
 

.github/workflows/e2e-rollout-test.yml

@@ -5,6 +5,8 @@ on:
     branches:
       - master
       - release-*
+    tags:
+      - v*
   workflow_dispatch: {}
   pull_request:
     branches:
@@ -16,6 +18,8 @@ env:
   GO_VERSION: '1.17'
   GOLANGCI_VERSION: 'v1.38'
   KIND_VERSION: 'v0.7.0'
+  KIND_IMAGE_VERSION: '[\"v1.20.7\"]'
+  KIND_IMAGE_VERSIONS: '[\"v1.18.20\",\"v1.20.7\",\"v1.22.7\"]'
 
 jobs:
 
@@ -33,10 +37,27 @@ jobs:
           do_not_skip: '["workflow_dispatch", "schedule", "push"]'
           concurrent_skipping: false
 
+  set-k8s-matrix:
+    runs-on: ubuntu-20.04
+    outputs:
+      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
+    steps:
+      - id: set-k8s-matrix
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            echo "pushing tag: ${{ github.ref_name }}"
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSIONS }}"
+          else
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSION }}"
+          fi
+
   e2e-rollout-tests:
-    runs-on: aliyun
-    needs: detect-noop
+    runs-on: aliyun-legacy
+    needs: [ detect-noop,set-k8s-matrix ]
     if: needs.detect-noop.outputs.noop != 'true'
+    strategy:
+      matrix:
+        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}
 
     steps:
       - name: Check out code into the Go module directory
@@ -60,7 +81,7 @@ jobs:
       - name: Setup Kind Cluster
         run: |
           kind delete cluster
-          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }}
           kubectl version
           kubectl cluster-info
 

.github/workflows/e2e-test.yml

@@ -5,6 +5,8 @@ on:
     branches:
       - master
       - release-*
+    tags:
+      - v*
   workflow_dispatch: {}
   pull_request:
     branches:
@@ -16,6 +18,8 @@ env:
   GO_VERSION: '1.17'
   GOLANGCI_VERSION: 'v1.38'
   KIND_VERSION: 'v0.7.0'
+  KIND_IMAGE_VERSION: '[\"v1.20.7\"]'
+  KIND_IMAGE_VERSIONS: '[\"v1.18.20\",\"v1.20.7\",\"v1.22.7\"]'
 
 jobs:
 
@@ -33,10 +37,27 @@ jobs:
           do_not_skip: '["workflow_dispatch", "schedule", "push"]'
           concurrent_skipping: false
 
+  set-k8s-matrix:
+    runs-on: ubuntu-20.04
+    outputs:
+      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
+    steps:
+      - id: set-k8s-matrix
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            echo "pushing tag: ${{ github.ref_name }}"
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSIONS }}"
+          else
+            echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSION }}"
+          fi
+
   e2e-tests:
-    runs-on: aliyun
-    needs: detect-noop
+    runs-on: aliyun-legacy
+    needs: [ detect-noop,set-k8s-matrix ]
     if: needs.detect-noop.outputs.noop != 'true'
+    strategy:
+      matrix:
+        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}
 
     steps:
       - name: Check out code into the Go module directory
@@ -60,7 +81,7 @@ jobs:
       - name: Setup Kind Cluster
         run: |
           kind delete cluster
-          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
+          kind create cluster --image kindest/node:${{ matrix.k8s-version }}
           kubectl version
           kubectl cluster-info
 

.github/workflows/go.yml

@@ -57,7 +57,7 @@ jobs:
           restore-keys: ${{ runner.os }}-pkg-
 
       - name: Install StaticCheck
-        run: GO111MODULE=off go get honnef.co/go/tools/cmd/staticcheck
+        run: GO111MODULE=on go get honnef.co/go/tools/cmd/staticcheck@v0.3.0
 
       - name: Static Check
         run: staticcheck ./...
@@ -71,6 +71,11 @@ jobs:
     if: needs.detect-noop.outputs.noop != 'true'
 
     steps:
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
       - name: Checkout
         uses: actions/checkout@v2
         with:
@@ -88,12 +93,12 @@ jobs:
       # version, but we prefer this action because it leaves 'annotations' (i.e.
       # it comments on PRs to point out linter violations).
       - name: Lint
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v3
         with:
           version: ${{ env.GOLANGCI_VERSION }}
 
   check-diff:
-    runs-on: aliyun
+    runs-on: aliyun-legacy
     needs: detect-noop
     if: needs.detect-noop.outputs.noop != 'true'
 
@@ -108,6 +113,11 @@ jobs:
         with:
           go-version: ${{ env.GO_VERSION }}
 
+      - name: Setup node
+        uses: actions/setup-node@v2
+        with:
+          node-version: '14'
+
       - name: Cache Go Dependencies
         uses: actions/cache@v2
         with:

.github/workflows/issue-commands.yml

@@ -14,9 +14,9 @@ jobs:
         with:
           repository: "oam-dev/kubevela-github-actions"
           path: ./actions
-          ref: v0.4.1
+          ref: v0.4.2
       - name: Install Actions
-        run: npm install --production --prefix ./actions
+        run: npm ci --production --prefix ./actions
       - name: Run Commands
         uses: ./actions/commands
         with:
@@ -66,4 +66,4 @@ jobs:
         uses: zeebe-io/backport-action@v0.0.6
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          github_workspace: ${{ github.workspace }}
+          github_workspace: ${{ github.workspace }}

.github/workflows/registry.yml

@@ -8,14 +8,11 @@ on:
   workflow_dispatch: {}
 
 env:
-  BUCKET: ${{ secrets.OSS_BUCKET }}
-  ENDPOINT: ${{ secrets.OSS_ENDPOINT }}
   ACCESS_KEY: ${{ secrets.OSS_ACCESS_KEY }}
   ACCESS_KEY_SECRET: ${{ secrets.OSS_ACCESS_KEY_SECRET }}
-  ARTIFACT_HUB_REPOSITORY_ID: ${{ secrets.ARTIFACT_HUB_REPOSITORY_ID }}
 
 jobs:
-  publish-images:
+  publish-core-images:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
@@ -47,20 +44,16 @@ jobs:
       - name: Login Alibaba Cloud ACR
         uses: docker/login-action@v1
         with:
-          registry: kubevela-registry.cn-hangzhou.cr.aliyuncs.com
-          username: ${{ secrets.ACR_USERNAME }}@aliyun-inner.com
+          registry: ${{ secrets.ACR_DOMAIN }}
+          username: ${{ secrets.ACR_USERNAME }}
           password: ${{ secrets.ACR_PASSWORD }}
       - uses: docker/setup-qemu-action@v1
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: image=moby/buildkit:master
 
-      - name: Build & Pushing vela-core for ACR
-        run: |
-          docker build --build-arg GOPROXY=https://proxy.golang.org --build-arg VERSION=${{ steps.get_version.outputs.VERSION }} --build-arg GITVERSION=git-${{ steps.vars.outputs.git_revision }}  -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }} .
-          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
       - uses: docker/build-push-action@v2
-        name: Build & Pushing vela-core for Dockerhub and GHCR
+        name: Build & Pushing vela-core for Dockerhub, GHCR and ACR
         with:
           context: .
           file: Dockerfile
@@ -75,14 +68,70 @@ jobs:
             GOPROXY=https://proxy.golang.org
           tags: |-
             docker.io/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
-            ghcr.io/${{ github.repository }}/vela-core:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository_owner }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
+            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
 
-      - name: Build & Pushing vela-apiserver for ACR
-        run: |
-          docker build --build-arg GOPROXY=https://proxy.golang.org --build-arg VERSION=${{ steps.get_version.outputs.VERSION }} --build-arg GITVERSION=git-${{ steps.vars.outputs.git_revision }} -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }} -f Dockerfile.apiserver .
-          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
       - uses: docker/build-push-action@v2
-        name: Build & Pushing vela-apiserver for Dockerhub and GHCR
+        name: Build & Pushing CLI for Dockerhub, GHCR and ACR
+        with:
+          context: .
+          file: Dockerfile.cli
+          labels: |-
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          build-args: |
+            GITVERSION=git-${{ steps.vars.outputs.git_revision }}
+            VERSION=${{ steps.get_version.outputs.VERSION }}
+            GOPROXY=https://proxy.golang.org
+          tags: |-
+            docker.io/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
+            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
+
+  publish-addon-images:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Get the version
+        id: get_version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/}
+          if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then
+            VERSION=latest
+          fi
+          echo ::set-output name=VERSION::${VERSION}
+      - name: Get git revision
+        id: vars
+        shell: bash
+        run: |
+          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
+      - name: Login ghcr.io
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login docker.io
+        uses: docker/login-action@v1
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Login Alibaba Cloud ACR
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ secrets.ACR_DOMAIN }}
+          username: ${{ secrets.ACR_USERNAME }}
+          password: ${{ secrets.ACR_PASSWORD }}
+      - uses: docker/setup-qemu-action@v1
+      - uses: docker/setup-buildx-action@v1
+        with:
+          driver-opts: image=moby/buildkit:master
+
+      - uses: docker/build-push-action@v2
+        name: Build & Pushing vela-apiserver for Dockerhub, GHCR and ACR
         with:
           context: .
           file: Dockerfile.apiserver
@@ -97,14 +146,11 @@ jobs:
             GOPROXY=https://proxy.golang.org
           tags: |-
             docker.io/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
-            ghcr.io/${{ github.repository }}/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository_owner }}/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
+            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
 
-      - name: Build & Pushing vela runtime rollout for ACR
-        run: |
-          docker build --build-arg GOPROXY=https://proxy.golang.org --build-arg VERSION=${{ steps.get_version.outputs.VERSION }} --build-arg GITVERSION=git-${{ steps.vars.outputs.git_revision }}  -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }} .
-          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
       - uses: docker/build-push-action@v2
-        name: Build & Pushing runtime rollout for Dockerhub and GHCR
+        name: Build & Pushing runtime rollout Dockerhub, GHCR and ACR
         with:
           context: .
           file: runtime/rollout/Dockerfile
@@ -119,90 +165,8 @@ jobs:
             GOPROXY=https://proxy.golang.org
           tags: |-
             docker.io/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
-            ghcr.io/${{ github.repository }}/vela-rollout:${{ steps.get_version.outputs.VERSION }}
-
-  publish-charts:
-    env:
-      HELM_CHARTS_DIR: charts
-      HELM_CHART: charts/vela-core
-      MINIMAL_HELM_CHART: charts/vela-minimal
-      LEGACY_HELM_CHART: legacy/charts/vela-core-legacy
-      OAM_RUNTIME_HELM_CHART: charts/oam-runtime
-      VELA_ROLLOUT_HELM_CHART: runtime/rollout/charts
-      LOCAL_OSS_DIRECTORY: .oss/
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@master
-      - name: Get git revision
-        id: vars
-        shell: bash
-        run: |
-          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
-      - name: Install Helm
-        uses: azure/setup-helm@v1
-        with:
-          version: v3.4.0
-      - name: Prepare legacy chart
-        run: |
-          rsync -r $LEGACY_HELM_CHART $HELM_CHARTS_DIR
-          rsync -r $HELM_CHART/* $LEGACY_HELM_CHART --exclude=Chart.yaml --exclude=crds
-      - name: Prepare vela chart
-        run: |
-          rsync -r $VELA_ROLLOUT_HELM_CHART $HELM_CHARTS_DIR
-      - uses: oprypin/find-latest-tag@v1
-        with:
-          repository: oam-dev/kubevela
-          releases-only: true
-        id: latest_tag
-      - name: Tag helm chart image
-        run: |
-          latest_repo_tag=${{ steps.latest_tag.outputs.tag }}
-          sub="."
-          major="$(cut -d"$sub" -f1 <<<"$latest_repo_tag")"
-          minor="$(cut -d"$sub" -f2 <<<"$latest_repo_tag")"
-          patch="0"
-          current_repo_tag="$major.$minor.$patch"
-          image_tag=${GITHUB_REF#refs/tags/}
-          chart_version=$latest_repo_tag
-          if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then
-            image_tag=latest
-            chart_version=${current_repo_tag}-nightly-build
-          fi
-          sed -i "s/latest/${image_tag}/g" $HELM_CHART/values.yaml
-          sed -i "s/latest/${image_tag}/g" $MINIMAL_HELM_CHART/values.yaml
-          sed -i "s/latest/${image_tag}/g" $LEGACY_HELM_CHART/values.yaml
-          sed -i "s/latest/${image_tag}/g" $OAM_RUNTIME_HELM_CHART/values.yaml
-          sed -i "s/latest/${image_tag}/g" $VELA_ROLLOUT_HELM_CHART/values.yaml
-          chart_smever=${chart_version#"v"}
-          sed -i "s/0.1.0/$chart_smever/g" $HELM_CHART/Chart.yaml
-          sed -i "s/0.1.0/$chart_smever/g" $MINIMAL_HELM_CHART/Chart.yaml
-          sed -i "s/0.1.0/$chart_smever/g" $LEGACY_HELM_CHART/Chart.yaml
-          sed -i "s/0.1.0/$chart_smever/g" $OAM_RUNTIME_HELM_CHART/Chart.yaml
-          sed -i "s/0.1.0/$chart_smever/g" $VELA_ROLLOUT_HELM_CHART/Chart.yaml
-      - name: Install ossutil
-        run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
-      - name: Configure Alibaba Cloud OSSUTIL
-        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT} -c .ossutilconfig
-      - name: sync cloud to local
-        run: ./ossutil --config-file .ossutilconfig sync oss://$BUCKET/core $LOCAL_OSS_DIRECTORY
-      - name: add artifacthub stuff to the repo
-        run: |
-          rsync README.md $HELM_CHART/README.md
-          rsync README.md $LEGACY_HELM_CHART/README.md
-          rsync README.md $OAM_RUNTIME_HELM_CHART/README.md
-          rsync README.md $VELA_ROLLOUT_HELM_CHART/README.md
-          sed -i "s/ARTIFACT_HUB_REPOSITORY_ID/$ARTIFACT_HUB_REPOSITORY_ID/g" hack/artifacthub/artifacthub-repo.yml
-          rsync hack/artifacthub/artifacthub-repo.yml $LOCAL_OSS_DIRECTORY
-      - name: Package helm charts
-        run: |
-          helm package $HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm package $MINIMAL_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm package $LEGACY_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm package $OAM_RUNTIME_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm package $VELA_ROLLOUT_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm repo index --url https://$BUCKET.$ENDPOINT/core $LOCAL_OSS_DIRECTORY
-      - name: sync local to cloud
-        run: ./ossutil --config-file .ossutilconfig sync $LOCAL_OSS_DIRECTORY oss://$BUCKET/core -f
+            ghcr.io/${{ github.repository_owner }}/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
+            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
 
   publish-capabilities:
     env:

.github/workflows/release.yml

@@ -8,6 +8,10 @@ on:
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  BUCKET: ${{ secrets.CLI_OSS_BUCKET }}
+  ENDPOINT: ${{ secrets.CLI_OSS_ENDPOINT }}
+  ACCESS_KEY: ${{ secrets.CLI_OSS_ACCESS_KEY }}
+  ACCESS_KEY_SECRET: ${{ secrets.CLI_OSS_ACCESS_KEY_SECRET }}
 
 jobs:
   build:
@@ -104,6 +108,29 @@ jobs:
           name: sha256sums
           path: ./_bin/sha256-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.txt
           retention-days: 1
+      - name: clear the asset
+        run: |
+          rm -rf ./_bin/vela/${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}
+          mv ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz ./_bin/vela/vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
+          mv ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip ./_bin/vela/vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
+      - name: Install ossutil
+        run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
+      - name: Configure Alibaba Cloud OSSUTIL
+        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT} -c .ossutilconfig
+      - name: sync local to cloud
+        run: ./ossutil --config-file .ossutilconfig sync ./_bin/vela oss://$BUCKET/binary/vela/${{ env.VELA_VERSION }}
+      
+      - name: sync the latest version file
+        if: ${{ !contains(env.VELA_VERSION,'alpha') && !contains(env.VELA_VERSION,'beta') }}
+        run: |
+          LATEST_VERSION=$(curl -fsSl https://static.kubevela.net/binary/vela/latest_version)
+          verlte() {
+            [  "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ]
+          }
+          verlte ${{ env.VELA_VERSION }} $LATEST_VERSION && echo "${{ env.VELA_VERSION }} <= $LATEST_VERSION, skip update" && exit 0
+          echo ${{ env.VELA_VERSION }} > ./latest_version
+          ./ossutil --config-file .ossutilconfig cp -u ./latest_version oss://$BUCKET/binary/vela/latest_version
+
 
   upload-plugin-homebrew:
     needs: build

.github/workflows/timed-task.yml

@@ -4,7 +4,7 @@ on:
     - cron: '* * * * *'
 jobs:
   clean-image:
-    runs-on: aliyun
+    runs-on: aliyun-legacy
     steps:
       - name: Cleanup image
         run: docker image prune -f

.github/workflows/trivy-scan.yml

@@ -0,0 +1,30 @@
+name: "Trivy Scan"
+
+on:
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  images:
+    name: Image Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Build Vela Core image from Dockerfile
+        run: |
+          docker build --build-arg GOPROXY=https://proxy.golang.org -t docker.io/oamdev/vela-core:${{ github.sha }} .
+
+      - name: Run Trivy vulnerability scanner for vela core
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/oamdev/vela-core:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/unit-test.yml

@@ -58,7 +58,7 @@ jobs:
           restore-keys: ${{ runner.os }}-pkg-
 
       - name: Install ginkgo
-        run:  |
+        run: |
           sudo apt-get install -y golang-ginkgo-dev
 
       - name: Setup Kind Cluster
@@ -72,7 +72,7 @@ jobs:
           version: 3.1.0
           kubebuilderOnly: false
           kubernetesVersion: v1.21.2
-      
+
       - name: Run Make test
         run: make test
 

CHANGELOG/CHANGELOG-1.0.md

@@ -30,7 +30,7 @@ This is a minor fix for release-1.0, please refer to release-1.1.x for the lates
 **Please update Application CRD to upgrade from v1.0.3 to this release**
 
 ```
-kubectl apply -f https://raw.githubusercontent.com/oam-dev/kubevela/master/charts/vela-core/crds/core.oam.dev_applications.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubevela/kubevela/master/charts/vela-core/crds/core.oam.dev_applications.yaml
 ```
 
 **Check the upgrade docs to upgrade from other release: https://kubevela.io/docs/advanced-install#upgrade**

CHANGELOG/CHANGELOG-1.2.md

@@ -1,5 +1,205 @@
-# v1.2.0-alpha1
+# v1.2.2
 
-## What's changed
 
-1. Feature: support terraform/provider-azure addon #2402 by @zzxwill 
+## What's Changed
+* Feat: add JFrog webhook trigger by @chwetion in https://github.com/oam-dev/kubevela/pull/3104
+* Fix: trait/comp command output without a new line by @chivalryq in https://github.com/oam-dev/kubevela/pull/3112
+* Feat: support wild match for env patch by @Somefive in https://github.com/oam-dev/kubevela/pull/3111
+* Fix: fix revision will change when add new trait with skiprevisionaffect to application by @chwetion in https://github.com/oam-dev/kubevela/pull/3032
+* Fix: add app samples for Terraform definition by @zzxwill in https://github.com/oam-dev/kubevela/pull/3118
+* Feat: add port name in webservice by @FogDong in https://github.com/oam-dev/kubevela/pull/3110
+* Fix: add imagePullSecrets for helm templates  to support private docker registry by @StevenLeiZhang in https://github.com/oam-dev/kubevela/pull/3122
+* Fix: workflow skip executing all steps occasionally by @leejanee in https://github.com/oam-dev/kubevela/pull/3025
+* Fix: support generate Terraform ComponentDefinition from local HCL file by @zzxwill in https://github.com/oam-dev/kubevela/pull/3132
+* Fix: prioritize namespace flag for `vela up` by @devholic in https://github.com/oam-dev/kubevela/pull/3135
+* Fix: handle workflow cache reconcile by @FogDong in https://github.com/oam-dev/kubevela/pull/3128
+* Feat: extend gateway trait to set class in spec by @devholic in https://github.com/oam-dev/kubevela/pull/3138
+* Fix: add providerRef in generated ComponentDefinition by @zzxwill in https://github.com/oam-dev/kubevela/pull/3142
+* Fix: retrieve Terraform variables from variables.tf by @zzxwill in https://github.com/oam-dev/kubevela/pull/3149
+* Feat: addon parameter support ui-shcema by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/3154
+* Fix: vela addnon enable cannot support '=' by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/3156
+* Fix: add context parameters into the error message by @zeed-w-beez in https://github.com/oam-dev/kubevela/pull/3145
+* Feat: support vela show for workflow step definition by @FogDong in https://github.com/oam-dev/kubevela/pull/3140
+
+## New Contributors
+* @devholic made their first contribution in https://github.com/oam-dev/kubevela/pull/3135
+
+**Full Changelog**: https://github.com/oam-dev/kubevela/compare/v1.2.1...v1.2.2
+
+# v1.2.1
+
+## What's Changed
+
+* Fix: can't query data from the MongoDB by @barnettZQG in https://github.com/oam-dev/kubevela/pull/3095
+* Fix: use personel token of vela-bot instead of github token for homebrew update by @wonderflow in https://github.com/oam-dev/kubevela/pull/3096
+* Fix: acr image no version by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/3100
+* Fix: support generate cloud resource docs in Chinese by @zzxwill in https://github.com/oam-dev/kubevela/pull/3079
+* Fix: clear old data in mongodb unit test case by @barnettZQG in https://github.com/oam-dev/kubevela/pull/3103
+* Feat: support external revision in patch component by @Somefive in https://github.com/oam-dev/kubevela/pull/3106
+* Fix:  file under the path of github addon registry is not ignored by @StevenLeiZhang in https://github.com/oam-dev/kubevela/pull/3099
+* Fix: Vela is crashed, when disabling addon, which needs namespace vela-system by @StevenLeiZhang in https://github.com/oam-dev/kubevela/pull/3109
+* Fix: rollout workload namespace not aligned with rollout by @Somefive in https://github.com/oam-dev/kubevela/pull/3107
+
+## New Contributors
+* @StevenLeiZhang made their first contribution in https://github.com/oam-dev/kubevela/pull/3099
+
+**Full Changelog**: https://github.com/oam-dev/kubevela/compare/v1.2.0...v1.2.1
+
+
+# v1.2.0
+
+❤️  KubeVela v1.2.0 released ! ❤️
+
+Docs have been updated about the release at https://kubevela.io/docs/next/ .
+
+**Changelog Between v1.2.0-rc.2~v1.2.0**: https://github.com/oam-dev/kubevela/compare/v1.2.0-rc.2...v1.2.0
+
+## What's New
+
+### UI Console Supported
+
+Check how to use the GUI by this [how-to document](https://kubevela.io/docs/next/how-to/dashboard/application/create-application).
+
+**GUI frontend code repo is here: https://github.com/oam-dev/velaux**
+**API Server Code is here: https://github.com/oam-dev/kubevela/tree/master/pkg/apiserver**
+
+We also add a [VelaQL](https://kubevela.io/docs/next/platform-engineers/system-operation/velaql) feature that could allow apiserver to interact with K8s Object in an extended way.
+
+### Addon System
+
+We add a new addon system in v1.2, this helps KubeVela install it's extension including more than X-Definition files.
+
+The community has already supported some built-in addons here（https://github.com/oam-dev/catalog/tree/master/addons ）, there're also some experimental addons here （https://github.com/oam-dev/catalog/tree/master/experimental/addons）。
+
+You can learn how to use it [from docs](https://kubevela.io/docs/next/how-to/cli/addon/addon).
+
+You can [build and contribute](https://kubevela.io/docs/next/platform-engineers/addon/intro) your own addons.
+
+### CI/CD Integration
+
+You can use triggers to integrate with different CI and image registry systems on VelaUX.
+
+* Feat: add ACR webhook trigger for CI/CD (#3044)
+* Feat: add Harbor image registry webhook trigger for CI/CD (#3065)
+* Feat: add DockerHub webhook trigger for CI/CD (#3081)
+
+### Cloud Resources Enhancement
+
+* Feature: support terraform/provider-azure addon by @zzxwill in https://github.com/oam-dev/kubevela/pull/2402
+* Fix: aws/azure Terraform provider are broken by @zzxwill in https://github.com/oam-dev/kubevela/pull/2513 ,  https://github.com/oam-dev/kubevela/pull/2520 , https://github.com/oam-dev/kubevela/pull/2465
+* Feat: Add Terraform Azure Storage Account by @maciejgwizdala in https://github.com/oam-dev/kubevela/pull/2646
+* Docs: add vpc and vswitch cloud resource templates of alicloud by @lowkeyrd in https://github.com/oam-dev/kubevela/pull/2663
+* Fix: allow external cloud resources to be kept when Application is deleted by @zzxwill in https://github.com/oam-dev/kubevela/pull/2698
+* Feat: add alibaba cloud redis definition by @chivalryq in https://github.com/oam-dev/kubevela/pull/2507
+* Feat: envbinding support cloud resource deploy and share by @Somefive in https://github.com/oam-dev/kubevela/pull/2734
+* Fix: support naming a terraform provider by @zzxwill in https://github.com/oam-dev/kubevela/pull/2794
+
+
+### Multi-Cluster Enhancement
+
+* Feat: multicluster support ServiceAccountToken by @Somefive in https://github.com/oam-dev/kubevela/pull/2356
+* Feat: add secure tls for cluster-gateway by @Somefive in https://github.com/oam-dev/kubevela/pull/2426
+* Feat: add support for envbinding with namespace selector by @Somefive in https://github.com/oam-dev/kubevela/pull/2432
+* Feat: upgrade cluster gateway to support remote debug by @Somefive in https://github.com/oam-dev/kubevela/pull/2673
+* Feat: set multicluster enabled by default  by @Somefive in #2930
+
+### Workflow Enhancement
+
+* Feat: add apply raw built in workflow steps by @FogDong in https://github.com/oam-dev/kubevela/pull/2420
+* Feat: add read object step def by @FogDong in https://github.com/oam-dev/kubevela/pull/2480
+* Feat: add export config and secret def for workflow by @FogDong in https://github.com/oam-dev/kubevela/pull/2484
+* Feat: support secret in webhook notification by @FogDong in https://github.com/oam-dev/kubevela/pull/2509
+* Feat: Record workflow execution state by @leejanee in https://github.com/oam-dev/kubevela/pull/2479
+* Fix(cli): use flag instead of env in workflow cli by @FogDong in https://github.com/oam-dev/kubevela/pull/2512
+* Not update resource if render hash equal. by @leejanee in https://github.com/oam-dev/kubevela/pull/2522
+* Feat: add email support in webhook notification by @FogDong in https://github.com/oam-dev/kubevela/pull/2535
+* Feat: add render component and apply component remaining by @FogDong in https://github.com/oam-dev/kubevela/pull/2587
+* Feat: add list application records api by @FogDong in https://github.com/oam-dev/kubevela/pull/2757
+* Feat: component-pod-view support filter resource by cluster name and cluster namespace by @yangsoon in https://github.com/oam-dev/kubevela/pull/2754
+* Feat: workflow support update by @barnettZQG in https://github.com/oam-dev/kubevela/pull/2760
+* Feat: add workflow reconciling backoff time and failed limit times by @FogDong in #2881
+
+### Component/Trait Enhancement
+
+* Feat: add health check and custom status for helm type component  by @chivalryq in https://github.com/oam-dev/kubevela/pull/2499
+* Feat: add nocalhost dev config trait definition by @yuyicai in https://github.com/oam-dev/kubevela/pull/2545
+* Feat(rollout): fill rolloutBatches if empty when scale up/down by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/2569
+* Feat: allow import package in custom status cue template by @Chwetion in https://github.com/oam-dev/kubevela/pull/2585
+* Feat: add trait service-account by @yangsoon in https://github.com/oam-dev/kubevela/pull/2878
+* Fix: add ingress class as arguments by @Somefive in https://github.com/oam-dev/kubevela/pull/2445
+* Fix: add libgit2 support for gitops by @FogDong in https://github.com/oam-dev/kubevela/pull/2477
+* Fix: make nginx class to be default value and allow pvc trait to attach more than once by @wonderflow in https://github.com/oam-dev/kubevela/pull/2466
+* Feat: add imagePullPolicy/imagePullSecret to task def by @chivalryq in https://github.com/oam-dev/kubevela/pull/2503
+
+
+### Vela CLI Enhancement
+
+* Feat: add vela prob to test cluster by @wonderflow in https://github.com/oam-dev/kubevela/pull/2635
+* Feat: vela logs support multicluster by @chivalryq in https://github.com/oam-dev/kubevela/pull/2593
+* Feat: vela-cli support use ocm to join/list/detach cluster by @yangsoon in https://github.com/oam-dev/kubevela/pull/2599
+* Feat: add vela exec for multi cluster by @wonderflow in https://github.com/oam-dev/kubevela/pull/2299
+* Feat: multicluster vela status/exec/port-forward by @Somefive in https://github.com/oam-dev/kubevela/pull/2662
+* Fix: support `-n` flag for all commands to specify namespace by @chivalryq in https://github.com/oam-dev/kubevela/pull/2719
+* Feat: vela delete add wait and force options by @yangsoon in https://github.com/oam-dev/kubevela/pull/2747
+* Feat: add workflow rollback cli by @FogDong in https://github.com/oam-dev/kubevela/pull/2795
+* Refactor: refine cli commands && align kubectl-vela with vela && use getnamespaceAndEnv for all by @wonderflow in #3048
+
+
+### Overall Enhancements
+
+* Feat: ResourceTracker new architecture by @Somefive in https://github.com/oam-dev/kubevela/pull/2849
+* New Resource Management Model: Garbage Collection and Resource State Keeper [Desigin Doc](https://github.com/oam-dev/kubevela/blob/master/design/vela-core/resourcetracker_design.md)
+* Feat:  output log with structured tag & add step duration metrics by @leejanee in https://github.com/oam-dev/kubevela/pull/2683
+* Feat: support user defined image registry that allows private installation by @wonderflow in https://github.com/oam-dev/kubevela/pull/2623
+* Feat: add a built in garbage-collect policy to application by @yangsoon in https://github.com/oam-dev/kubevela/pull/2575
+* Feat: health scope controller support check trait-managing workload by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/2527
+* Chore:  add homebrew bump to support `brew install kubevela` by @basefas in https://github.com/oam-dev/kubevela/pull/2434
+* Chore: Update release action to support build binaries for more platform by @basefas in https://github.com/oam-dev/kubevela/pull/2537
+* Feat: add reconcile timeout configuration for vela-core by @Somefive in https://github.com/oam-dev/kubevela/pull/2630
+* Chore: push docker images to Alibaba Cloud ACR by @zzxwill in https://github.com/oam-dev/kubevela/pull/2601
+
+
+## What's Changed/Deprecated
+
+* Deprecated: containerized workload by @reetasingh in https://github.com/oam-dev/kubevela/pull/2330
+* Deprecated: initializer CRD controller by @chivalryq in https://github.com/oam-dev/kubevela/pull/2491
+* Deprecated: remove envbinding controller, use #ApplyComponent for EnvBinding by @Somefive in https://github.com/oam-dev/kubevela/pull/2556 , https://github.com/oam-dev/kubevela/pull/2382
+* Deprecated(cli): CLI vela config by @chivalryq in https://github.com/oam-dev/kubevela/pull/2037
+* Deprecated: remove addon with no definitions by @chivalryq in https://github.com/oam-dev/kubevela/pull/2574
+* Refactor: remove apiserver component from the chart, users should use velaux addon instead by @barnettZQG in https://github.com/oam-dev/kubevela/pull/2838
+* Refactor: all addons are migrated from initializer to application objects by @chivalryq in https://github.com/oam-dev/kubevela/pull/2444
+* Refactor: change rollout's json tag so the status of rollout will be optional by @GingoBang in https://github.com/oam-dev/kubevela/pull/2314
+* Deprecated: deprecate CRD discovery for CUE import in Definition to prevent memory leak and OOM crash (#2925)
+* Deprecated: delete approllout related code #3040
+* Deprecate: delete appDeployment related logic #3050
+
+## Bugfix
+
+* Feat: rework resource tracker to solve bugs by @Somefive in https://github.com/oam-dev/kubevela/pull/2797
+* Fix: change raw extension to pointer by @FogDong in https://github.com/oam-dev/kubevela/pull/2451
+* Fix: show reconcile error log by @wonderflow in https://github.com/oam-dev/kubevela/pull/2626
+* Fix: Closure Bug In newValue by @leejanee in https://github.com/oam-dev/kubevela/pull/2437
+* Fix: resourceTracker compatibility bug by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/2467
+* Fix(application): nil pointer for component properties by @kinsolee in https://github.com/oam-dev/kubevela/pull/2481
+* Fix: Commit step-generate data  without success by @leejanee in https://github.com/oam-dev/kubevela/pull/2539
+* Fix(cli): client-side throttling in vela CLI by @chivalryq in https://github.com/oam-dev/kubevela/pull/2581
+* Fix: fix delete a component from application not delete workload by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/2680
+* Fix: lookupByScript don't support `import` by @leejanee in https://github.com/oam-dev/kubevela/pull/2788
+* Fix: resourcetracker do not garbage collect legacyRTs correctly by @Somefive in https://github.com/oam-dev/kubevela/pull/2817
+* Fix: application conditions confusion. by @leejanee in https://github.com/oam-dev/kubevela/pull/2834
+
+## New Contributors
+* @GingoBang made their first contribution in https://github.com/oam-dev/kubevela/pull/2314
+* @basefas made their first contribution in https://github.com/oam-dev/kubevela/pull/2434
+* @yuyicai made their first contribution in https://github.com/oam-dev/kubevela/pull/2540
+* @maciejgwizdala made their first contribution in https://github.com/oam-dev/kubevela/pull/2646
+* @lowkeyrd made their first contribution in https://github.com/oam-dev/kubevela/pull/2663
+* @zxbyoyoyo made their first contribution in https://github.com/oam-dev/kubevela/pull/2703
+* @yue9944882 made their first contribution in https://github.com/oam-dev/kubevela/pull/2751
+* @snyk-bot made their first contribution in https://github.com/oam-dev/kubevela/pull/2857
+* @yunjianzhong made their first contribution in https://github.com/oam-dev/kubevela/pull/3005
+* @songminglong made their first contribution in https://github.com/oam-dev/kubevela/pull/3064
+* @basuotian made their first contribution in https://github.com/oam-dev/kubevela/pull/3059
+* @K1ngram4 made their first contribution in https://github.com/oam-dev/kubevela/pull/3065
+
+**Full Changelog**: https://github.com/oam-dev/kubevela/compare/v1.1.3...v1.2.0

CONTRIBUTING.md

@@ -1,66 +1,3 @@
 # CONTRIBUTING Guide
 
-## About KubeVela
-
-KubeVela project is initialized and maintained by the cloud native community since day 0 with [bootstrapping contributors from 8+ different organizations](https://github.com/oam-dev/kubevela/graphs/contributors).
-We intend for KubeVela to have an open governance since the very beginning and donate the project to neutral foundation as soon as it's released.
-To help us create a safe and positive community experience for all, we require all participants to adhere to the [Code of Conduct](./CODE_OF_CONDUCT.md).
-
-This document is a guide to help you through the process of contributing to KubeVela.
-
-## Become a contributor
-
-You can contribute to KubeVela in several ways. Here are some examples:
-
-* Contribute to the KubeVela codebase.
-* Contribute to the [KubeVela docs](https://github.com/oam-dev/kubevela.io).
-* Report and triage bugs.
-* Develop community CRD operators as workload or trait and contribute to [catalog](https://github.com/oam-dev/catalog).
-* Write technical documentation and blog posts, for users and contributors.
-* Organize meetups and user groups in your local area.
-* Help others by answering questions about KubeVela.
-
-For more ways to contribute, check out the [Open Source Guides](https://opensource.guide/how-to-contribute/).
-
-
-### Report bugs
-
-Before submitting a new issue, try to make sure someone hasn't already reported the problem.
-Look through the [existing issues](https://github.com/oam-dev/kubevela/issues) for similar issues.
-
-Report a bug by submitting a [bug report](https://github.com/oam-dev/kubevela/issues/new?assignees=&labels=kind%2Fbug&template=bug_report.md&title=).
-Make sure that you provide as much information as possible on how to reproduce the bug.
-
-Follow the issue template and add additional information that will help us replicate the problem.
-
-#### Security issues
-
-If you believe you've found a security vulnerability, please read our [security policy](https://github.com/oam-dev/kubevela/blob/master/SECURITY.md) for more details.
-
-### Suggest enhancements
-
-If you have an idea to improve KubeVela, submit an [feature request](https://github.com/oam-dev/kubevela/issues/new?assignees=&labels=kind%2Ffeature&template=feature_request.md&title=%5BFeature%5D).
-
-### Triage issues
-
-If you don't have the knowledge or time to code, consider helping with _issue triage_. The community will thank you for saving them time by spending some of yours.
-
-Read more about the ways you can [Triage issues](/contribute/triage-issues.md).
-
-### Answering questions
-
-If you have a question and you can't find the answer in the [documentation](https://kubevela.io/docs/),
-the next step is to ask it on the [github discussion](https://github.com/oam-dev/kubevela/discussions).
-
-It's important to us to help these users, and we'd love your help. You can help other KubeVela users by answering [their questions](https://github.com/oam-dev/kubevela/discussions).
-
-### Your first contribution
-
-Unsure where to begin contributing to KubeVela? Start by browsing issues labeled `good first issue` or `help wanted`.
-
-- [Good first issue](https://github.com/oam-dev/kubevela/labels/good%20first%20issue) issues are generally straightforward to complete.
-- [Help wanted](https://github.com/oam-dev/kubevela/labels/help%20wanted) issues are problems we would like the community to help us with regardless of complexity.
-
-If you're looking to make a code change, see how to set up your environment for [local development](contribute/developer-guide.md).
-
-When you're ready to contribute, it's time to [Create a pull request](/contribute/create-pull-request.md).
+Please refer to https://kubevela.io/docs/contributor/overview for details.

Dockerfile

@@ -21,6 +21,7 @@ COPY cmd/apiserver/main.go cmd/apiserver/main.go
 COPY apis/ apis/
 COPY pkg/ pkg/
 COPY version/ version/
+COPY references/ references/
 
 # Build
 ARG TARGETARCH
@@ -35,7 +36,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
 FROM ${BASE_IMAGE:-alpine:3.15}
-# This is required by daemon connnecting with cri
+# This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat
 
 WORKDIR /

Dockerfile.apiserver

@@ -17,6 +17,7 @@ COPY cmd/apiserver/main.go cmd/apiserver/main.go
 COPY apis/ apis/
 COPY pkg/ pkg/
 COPY version/ version/
+COPY references/ references/
 
 # Build
 ARG TARGETARCH
@@ -33,7 +34,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
 
 FROM ${BASE_IMAGE:-alpine:3.15}
-# This is required by daemon connnecting with cri
+# This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat
 
 WORKDIR /

Dockerfile.cli

@@ -0,0 +1,43 @@
+ARG BASE_IMAGE
+# Build the cli binary
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder
+ARG GOPROXY
+ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY apis/ apis/
+COPY pkg/ pkg/
+COPY version/ version/
+COPY references/ references/
+
+# Build
+ARG TARGETARCH
+ARG VERSION
+ARG GITVERSION
+
+RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH:-amd64} \
+    go build -a -ldflags "-s -w -X github.com/oam-dev/kubevela/version.VelaVersion=${VERSION:-undefined} -X github.com/oam-dev/kubevela/version.GitRevision=${GITVERSION:-undefined}" \
+    -o vela-${TARGETARCH} ./references/cmd/cli/main.go
+
+
+# Use alpine as base image due to the discussion in issue #1448
+# You can replace distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+# Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
+
+FROM ${BASE_IMAGE:-alpine:3.15}
+# This is required by daemon connecting with cri
+RUN apk add --no-cache ca-certificates bash expat
+
+WORKDIR /
+
+ARG TARGETARCH
+COPY --from=builder /workspace/vela-${TARGETARCH} /vela
+ENTRYPOINT ["/vela"]

Dockerfile.e2e

@@ -18,6 +18,7 @@ COPY cmd/ cmd/
 COPY apis/ apis/
 COPY pkg/ pkg/
 COPY version/ version/
+COPY references/ references/
 
 # Build
 ARG TARGETARCH
@@ -38,7 +39,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
 
 FROM ${BASE_IMAGE:-alpine:3.15}
-# This is required by daemon connnecting with cri
+# This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat
 
 WORKDIR /

GOVERNANCE.md

@@ -0,0 +1,16 @@
+# Governance
+
+[Project maintainers](https://github.com/kubevela/community/blob/main/OWNERS.md#maintainers) are responsible for activities around maintaining and updating KubeVela.
+Final decisions on the project reside with the project maintainers.
+
+Maintainers **MUST** remain active. If they are unresponsive for >6 months,
+they will be automatically removed unless a [super-majority](https://en.wikipedia.org/wiki/Supermajority#Two-thirds_vote) of the other project maintainers agrees to extend the period to be greater than 6 months.
+
+New maintainers can be added to the project by a [super-majority](https://en.wikipedia.org/wiki/Supermajority#Two-thirds_vote) vote of the existing maintainers.
+A potential maintainer may be nominated by an existing maintainer.
+A vote is conducted in private between the current maintainers over the course of a one week voting period.
+At the end of the week, votes are counted and a pull request is made on the repo adding the new maintainer to the [CODEOWNERS](https://github.com/kubevela/kubevela/blob/master/.github/CODEOWNERS) file.
+
+A maintainer may step down by submitting an [issue](https://github.com/kubevela/kubevela/issues/new/choose) stating their intent.
+
+Changes to this governance document require a pull request with approval from a [super-majority](https://en.wikipedia.org/wiki/Supermajority#Two-thirds_vote) of the current maintainers.

ISSUE_TRIAGE.md

@@ -71,7 +71,7 @@ To get started with issue triage and finding issues that haven't been triaged yo
 ### Browse unlabeled issues
 
 The easiest and straight forward way of getting started and finding issues that haven't been triaged is to browse
-[unlabeled issues](https://github.com/oam-dev/kubevela/issues?q=is%3Aopen+is%3Aissue+no%3Alabel) and starting from
+[unlabeled issues](https://github.com/kubevela/kubevela/issues?q=is%3Aopen+is%3Aissue+no%3Alabel) and starting from
 the bottom and working yourself to the top.
 
 ### Subscribe to all notifications
@@ -95,7 +95,7 @@ to guide contributors to provide standard information that must be included for
 
 ### Standard issue information that must be included
 
-Given a certain [issue template]([template](https://github.com/oam-dev/kubevela/issues/new/choose)) have been used
+Given a certain [issue template]([template](https://github.com/kubevela/kubevela/issues/new/choose)) have been used
 by the issue author or depending how the issue is perceived by the issue triage responsible, the following should
 help you understand what standard issue information that must be included.
 
@@ -219,7 +219,7 @@ There's a minor typo/error/lack of information that adds a lot of confusion for
 
 ### Support requests and questions
 
-1. Kindly and politely direct the issue author to the [github discussion](https://github.com/oam-dev/kubevela/discussions)
+1. Kindly and politely direct the issue author to the [github discussion](https://github.com/kubevela/kubevela/discussions)
    and explain that issue is mainly used for tracking bugs and feature requests.
    If possible, it's usually a good idea to add some pointers to the issue author's question.
 2. Close the issue and label it with `type/question`.

Makefile

@@ -16,10 +16,10 @@ test-cli-gen:
 	mkdir -p ./bin/doc
 	go run ./hack/docgen/gen.go ./bin/doc
 unit-test-core:
-	go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... ./apis/... | grep -v apiserver)
+	go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... ./apis/... | grep -v apiserver | grep -v applicationconfiguration)
 	go test $(shell go list ./references/... | grep -v apiserver)
 unit-test-apiserver:
-	go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/...  | grep -E 'apiserver|velaql')
+	go test -gcflags=all=-l -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/...  | grep -E 'apiserver|velaql')
 
 # Build vela cli binary
 build: fmt vet lint staticcheck vela-cli kubectl-vela
@@ -48,7 +48,7 @@ staticcheck: staticchecktool
 lint: golangci
 	$(GOLANGCILINT) run ./...
 
-reviewable: manifests fmt vet lint staticcheck
+reviewable: manifests fmt vet lint staticcheck helm-doc-gen
 	go mod tidy
 
 # Execute auto-gen code commands and ensure branch is clean.
@@ -83,14 +83,17 @@ endif
 
 
 # load docker image to the kind cluster
-kind-load:
+kind-load: kind-load-rollout
 	docker build -t $(VELA_CORE_TEST_IMAGE) -f Dockerfile.e2e .
 	kind load docker-image $(VELA_CORE_TEST_IMAGE) || { echo >&2 "kind not installed or error loading image: $(VELA_CORE_TEST_IMAGE)"; exit 1; }
 
-kind-load-runtime-cluster:
+kind-load-rollout:
 	/bin/sh hack/e2e/build_runtime_rollout.sh
 	docker build -t $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) -f runtime/rollout/e2e/Dockerfile.e2e runtime/rollout/e2e/
 	rm -rf runtime/rollout/e2e/tmp
+	kind load docker-image $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)  || { echo >&2 "kind not installed or error loading image: $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)"; exit 1; }
+
+kind-load-runtime-cluster:
 	kind load docker-image $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) --name=$(RUNTIME_CLUSTER_NAME)  || { echo >&2 "kind not installed or error loading image: $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)"; exit 1; }
 
 # Run tests
@@ -111,7 +114,7 @@ manifests: installcue kustomize
 	# TODO(yangsoon): kustomize will merge all CRD into a whole file, it may not work if we want patch more than one CRD in this way
 	$(KUSTOMIZE) build config/crd -o config/crd/base/core.oam.dev_applications.yaml
 	./hack/crd/cleanup.sh
-	go run ./hack/crd/dispatch/dispatch.go config/crd/base charts/vela-core/crds charts/oam-runtime/crds runtime/ charts/vela-minimal/crds
+	go run ./hack/crd/dispatch/dispatch.go config/crd/base charts/vela-core/crds runtime/ charts/vela-minimal/crds
 	rm -f config/crd/base/*
 	./vela-templates/gen_definitions.sh
 
@@ -129,3 +132,6 @@ check-license-header:
 def-install:
 	./hack/utils/installdefinition.sh
 
+helm-doc-gen: helmdoc
+	readme-generator -v charts/vela-core/values.yaml -r charts/vela-core/README.md
+	readme-generator -v charts/vela-minimal/values.yaml -r charts/vela-minimal/README.md

OWNERS

@@ -1,12 +0,0 @@
-approvers:
-- kubevela-controller
-- kubevela-devex
-- kubevela-dashboard-approver
-
-reviewers:
-- kubevela-controller
-- oam-spec
-- kubevela-dashboard-reviewer
-
-members:
-- community-collaborators

OWNERS_ALIASES

@@ -1,44 +1 @@
-aliases:
-  kubevela-devex:
-  - hongchaodeng
-  - wonderflow
-
-  kubevela-dashboard-approver:
-  - zzxwill
-  - hongchaodeng
-
-  kubevela-dashboard-reviewer:
-  - sunny0826 
-  - hanxie-crypto
-
-  kubevela-controller:
-  - resouer
-  - wonderflow
-  - hongchaodeng
-  - zzxwill
-  - ryanzhang-oss
-  - captainroy-hy
-
-  oam-spec:                   # inherit from https://github.com/oam-dev/spec/blob/master/OWNERS.md
-  - hongchaodeng
-  - resouer
-
-  community-collaborators:
-  - Fei-Guo
-  - szihai
-
-  bootstrap-contributors:     # thank you for bootstrapping KubeVela at the very early stage!
-  - xiaoyuaiheshui
-  - Ghostbaby
-  - wenxinnnnn
-  - silenceper
-  - erdun
-  - sunny0826
-  - mosesyou
-  - artursouza
-  - wonderflow
-  - hongchaodeng
-  - ryanzhang-oss
-  - woshilanren11
-  - hanxie-crypto
-  - zzxwill
+The owner file has been migrated to the community repo, please refer to https://github.com/kubevela/community/blob/main/OWNERS.md

README.md

@@ -1,18 +1,18 @@
 <div style="text-align: center">
   <p align="center">
-    <img src="https://raw.githubusercontent.com/oam-dev/kubevela.io/main/docs/resources/KubeVela-03.png">
+    <img src="https://raw.githubusercontent.com/kubevela/kubevela.io/main/docs/resources/KubeVela-03.png">
     <br><br>
     <i>Make shipping applications more enjoyable.</i>
   </p>
 </div>
 
-![Build status](https://github.com/oam-dev/kubevela/workflows/E2E/badge.svg)
-[![Go Report Card](https://goreportcard.com/badge/github.com/oam-dev/kubevela)](https://goreportcard.com/report/github.com/oam-dev/kubevela)
+![Build status](https://github.com/kubevela/kubevela/workflows/E2E/badge.svg)
+[![Go Report Card](https://goreportcard.com/badge/github.com/kubevela/kubevela)](https://goreportcard.com/report/github.com/kubevela/kubevela)
 ![Docker Pulls](https://img.shields.io/docker/pulls/oamdev/vela-core)
-[![codecov](https://codecov.io/gh/oam-dev/kubevela/branch/master/graph/badge.svg)](https://codecov.io/gh/oam-dev/kubevela)
-[![LICENSE](https://img.shields.io/github/license/oam-dev/kubevela.svg?style=flat-square)](/LICENSE)
-[![Releases](https://img.shields.io/github/release/oam-dev/kubevela/all.svg?style=flat-square)](https://github.com/oam-dev/kubevela/releases)
-[![TODOs](https://img.shields.io/endpoint?url=https://api.tickgit.com/badge?repo=github.com/oam-dev/kubevela)](https://www.tickgit.com/browse?repo=github.com/oam-dev/kubevela)
+[![codecov](https://codecov.io/gh/kubevela/kubevela/branch/master/graph/badge.svg)](https://codecov.io/gh/kubevela/kubevela)
+[![LICENSE](https://img.shields.io/github/license/kubevela/kubevela.svg?style=flat-square)](/LICENSE)
+[![Releases](https://img.shields.io/github/release/kubevela/kubevela/all.svg?style=flat-square)](https://github.com/kubevela/kubevela/releases)
+[![TODOs](https://img.shields.io/endpoint?url=https://api.tickgit.com/badge?repo=github.com/kubevela/kubevela)](https://www.tickgit.com/browse?repo=github.com/kubevela/kubevela)
 [![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Ftwitter.com%2Foam_dev)](https://twitter.com/oam_dev)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubevela)](https://artifacthub.io/packages/search?repo=kubevela)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4602/badge)](https://bestpractices.coreinfrastructure.org/projects/4602)
@@ -43,15 +43,35 @@ KubeVela practices the "render, orchestrate, deploy" workflow with below highlig
 
 Full documentation is available on the [KubeVela website](https://kubevela.io/).
 
+## Blog
+
+Official blog is available on [KubeVela blog](https://kubevela.io/blog).
+
 ## Community
 
-- Slack:  [CNCF Slack](https://slack.cncf.io/) #kubevela channel (*English*)
-- Gitter: [oam-dev](https://gitter.im/oam-dev/community) (*English*)
+We want your contributions and suggestions! 
+One of the easiest ways to contribute is to participate in discussions on the Github Issues/Discussion, chat on IM or the bi-weekly community calls.
+For more information on the community engagement, developer and contributing guidelines and more, head over to the [KubeVela community repo](https://github.com/kubevela/community).
+
+### Contact Us
+
+Reach out with any questions you may have and we'll make sure to answer them as soon as possible!
+
+- Slack:  [CNCF Slack kubevela channel](https://cloud-native.slack.com/archives/C01BLQ3HTJA) (*English*)
 - [DingTalk Group](https://page.dingtalk.com/wow/dingtalk/act/en-home): `23310022` (*Chinese*)
 - Wechat Group (*Chinese*): Broker wechat to add you into the user group.
  
   <img src="https://static.kubevela.net/images/barnett-wechat.jpg" width="200" />
-- Bi-weekly Community Call: [Meeting Notes](https://docs.google.com/document/d/1nqdFEyULekyksFHtFvgvFAYE-0AMHKoS3RMnaKsarjs)
+
+### Community Call
+
+Every two weeks we host a community call to showcase new features, review upcoming milestones, and engage in a Q&A. All are welcome!
+
+- Bi-weekly Community Call:
+  - [Meeting Notes](https://docs.google.com/document/d/1nqdFEyULekyksFHtFvgvFAYE-0AMHKoS3RMnaKsarjs).
+  - [Video Records](https://kubevela.io/videos/meetings/en/meetings).
+- Bi-weekly Chinese Community Call:
+  - [Video Records](https://kubevela.io/videos/meetings/cn/v1.3).
 
 ## Talks and Conferences
 
@@ -61,7 +81,10 @@ Full documentation is available on the [KubeVela website](https://kubevela.io/).
 | 🌎 KubeCon | - [ [NA 2020] Standardizing Cloud Native Application Delivery Across Different Clouds](https://www.youtube.com/watch?v=0yhVuBIbHcI) <br> - [ [EU 2021] Zero Pain Microservice Development and Deployment with Dapr and KubeVela](https://sched.co/iE4S) |
 | 📺 Conferences | - [Dapr, Rudr, OAM: Mark Russinovich presents next gen app development & deployment](https://www.youtube.com/watch?v=eJCu6a-x9uo) <br> - [Mark Russinovich presents "The Future of Cloud Native Applications with OAM and Dapr"](https://myignite.techcommunity.microsoft.com/sessions/82059)|
 
+For more talks, please checkout [KubeVela Talks](https://kubevela.io/videos/talks/en/standardizing-app).
+
 ## Contributing
+
 Check out [CONTRIBUTING](./CONTRIBUTING.md) to see how to develop with KubeVela.
 
 ## Report Vulnerability
@@ -69,4 +92,5 @@ Check out [CONTRIBUTING](./CONTRIBUTING.md) to see how to develop with KubeVela.
 Security is a first priority thing for us at KubeVela. If you come across a related issue, please send email to security@mail.kubevela.io .
 
 ## Code of Conduct
+
 KubeVela adopts [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).

apis/core.oam.dev/common/register.go

@@ -0,0 +1,22 @@
+/*
+Copyright 2022 The KubeVela Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package common
+
+const (
+	// Group api group name
+	Group = "core.oam.dev"
+)

apis/core.oam.dev/common/types.go

@@ -20,12 +20,11 @@ import (
 	"encoding/json"
 	"errors"
 
-	"github.com/oam-dev/terraform-controller/api/v1beta1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
+	types "github.com/oam-dev/terraform-controller/api/types/crossplane-runtime"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
 	"github.com/oam-dev/kubevela/apis/standard.oam.dev/v1alpha1"
@@ -120,7 +119,22 @@ type Terraform struct {
 	// Path is the sub-directory of remote git repository. It's valid when remote is set
 	Path string `json:"path,omitempty"`
 
-	v1beta1.BaseConfigurationSpec `json:",inline"`
+	// WriteConnectionSecretToReference specifies the namespace and name of a
+	// Secret to which any connection details for this managed resource should
+	// be written. Connection details frequently include the endpoint, username,
+	// and password required to connect to the managed resource.
+	// +optional
+	WriteConnectionSecretToReference *types.SecretReference `json:"writeConnectionSecretToRef,omitempty"`
+
+	// ProviderReference specifies the reference to Provider
+	ProviderReference *types.Reference `json:"providerRef,omitempty"`
+
+	// DeleteResource will determine whether provisioned cloud resources will be deleted when CR is deleted
+	// +kubebuilder:default:=true
+	DeleteResource bool `json:"deleteResource,omitempty"`
+
+	// Region is cloud provider's region. It will override the region in the region field of ProviderReference
+	Region string `json:"customRegion,omitempty"`
 }
 
 // A WorkloadTypeDescriptor refer to a Workload Type
@@ -219,8 +233,10 @@ const (
 
 // ApplicationComponentStatus record the health status of App component
 type ApplicationComponentStatus struct {
-	Name string `json:"name"`
-	Env  string `json:"env,omitempty"`
+	Name      string `json:"name"`
+	Namespace string `json:"namespace,omitempty"`
+	Cluster   string `json:"cluster,omitempty"`
+	Env       string `json:"env,omitempty"`
 	// WorkloadDefinition is the definition of a WorkloadDefinition, such as deployments/apps.v1
 	WorkloadDefinition WorkloadGVK              `json:"workloadDefinition,omitempty"`
 	Healthy            bool                     `json:"healthy"`
@@ -252,25 +268,8 @@ type RawComponent struct {
 	Raw runtime.RawExtension `json:"raw"`
 }
 
-// WorkflowStepStatus record the status of a workflow step
-type WorkflowStepStatus struct {
-	ID    string            `json:"id"`
-	Name  string            `json:"name,omitempty"`
-	Type  string            `json:"type,omitempty"`
-	Phase WorkflowStepPhase `json:"phase,omitempty"`
-	// A human readable message indicating details about why the workflowStep is in this state.
-	Message string `json:"message,omitempty"`
-	// A brief CamelCase message indicating details about why the workflowStep is in this state.
-	Reason   string          `json:"reason,omitempty"`
-	SubSteps *SubStepsStatus `json:"subSteps,omitempty"`
-	// FirstExecuteTime is the first time this step execution.
-	FirstExecuteTime metav1.Time `json:"firstExecuteTime,omitempty"`
-	// LastExecuteTime is the last time this step execution.
-	LastExecuteTime metav1.Time `json:"lastExecuteTime,omitempty"`
-}
-
-// WorkflowSubStepStatus record the status of a workflow step
-type WorkflowSubStepStatus struct {
+// StepStatus record the base status of workflow step, which could be workflow step or subStep
+type StepStatus struct {
 	ID    string            `json:"id"`
 	Name  string            `json:"name,omitempty"`
 	Type  string            `json:"type,omitempty"`
@@ -279,6 +278,21 @@ type WorkflowSubStepStatus struct {
 	Message string `json:"message,omitempty"`
 	// A brief CamelCase message indicating details about why the workflowStep is in this state.
 	Reason string `json:"reason,omitempty"`
+	// FirstExecuteTime is the first time this step execution.
+	FirstExecuteTime metav1.Time `json:"firstExecuteTime,omitempty"`
+	// LastExecuteTime is the last time this step execution.
+	LastExecuteTime metav1.Time `json:"lastExecuteTime,omitempty"`
+}
+
+// WorkflowStepStatus record the status of a workflow step, include step status and subStep status
+type WorkflowStepStatus struct {
+	StepStatus     `json:",inline"`
+	SubStepsStatus []WorkflowSubStepStatus `json:"subSteps,omitempty"`
+}
+
+// WorkflowSubStepStatus record the status of a workflow subStep
+type WorkflowSubStepStatus struct {
+	StepStatus `json:",inline"`
 }
 
 // AppStatus defines the observed state of Application
@@ -299,10 +313,6 @@ type AppStatus struct {
 	// Services record the status of the application services
 	Services []ApplicationComponentStatus `json:"services,omitempty"`
 
-	// Deprecated
-	// ResourceTracker record the status of the ResourceTracker
-	ResourceTracker *corev1.ObjectReference `json:"resourceTracker,omitempty"`
-
 	// Workflow record the status of workflow
 	Workflow *WorkflowStatus `json:"workflow,omitempty"`
 
@@ -325,12 +335,54 @@ type PolicyStatus struct {
 	Status *runtime.RawExtension `json:"status,omitempty"`
 }
 
+// WorkflowStep defines how to execute a workflow step.
+type WorkflowStep struct {
+	// Name is the unique name of the workflow step.
+	Name string `json:"name"`
+
+	Type string `json:"type"`
+
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
+
+	SubSteps []WorkflowSubStep `json:"subSteps,omitempty"`
+
+	If string `json:"if,omitempty"`
+
+	DependsOn []string `json:"dependsOn,omitempty"`
+
+	Inputs StepInputs `json:"inputs,omitempty"`
+
+	Outputs StepOutputs `json:"outputs,omitempty"`
+}
+
+// WorkflowSubStep defines how to execute a workflow subStep.
+type WorkflowSubStep struct {
+	// Name is the unique name of the workflow step.
+	Name string `json:"name"`
+
+	Type string `json:"type"`
+
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
+
+	If string `json:"if,omitempty"`
+
+	DependsOn []string `json:"dependsOn,omitempty"`
+
+	Inputs StepInputs `json:"inputs,omitempty"`
+
+	Outputs StepOutputs `json:"outputs,omitempty"`
+}
+
 // WorkflowStatus record the status of workflow
 type WorkflowStatus struct {
 	AppRevision string       `json:"appRevision,omitempty"`
 	Mode        WorkflowMode `json:"mode"`
 	Message     string       `json:"message,omitempty"`
 
+	SuspendState string `json:"suspendState,omitempty"`
+
 	Suspend    bool `json:"suspend"`
 	Terminated bool `json:"terminated"`
 	Finished   bool `json:"finished"`
@@ -341,13 +393,6 @@ type WorkflowStatus struct {
 	StartTime metav1.Time `json:"startTime,omitempty"`
 }
 
-// SubStepsStatus record the status of workflow steps.
-type SubStepsStatus struct {
-	StepIndex int                     `json:"stepIndex,omitempty"`
-	Mode      WorkflowMode            `json:"mode,omitempty"`
-	Steps     []WorkflowSubStepStatus `json:"steps,omitempty"`
-}
-
 // WorkflowStepPhase describes the phase of a workflow step.
 type WorkflowStepPhase string
 
@@ -356,6 +401,8 @@ const (
 	WorkflowStepPhaseSucceeded WorkflowStepPhase = "succeeded"
 	// WorkflowStepPhaseFailed will report error in `message`.
 	WorkflowStepPhaseFailed WorkflowStepPhase = "failed"
+	// WorkflowStepPhaseSkipped will make the controller skip the step.
+	WorkflowStepPhaseSkipped WorkflowStepPhase = "skipped"
 	// WorkflowStepPhaseStopped will make the controller stop the workflow.
 	WorkflowStepPhaseStopped WorkflowStepPhase = "stopped"
 	// WorkflowStepPhaseRunning will make the controller continue the workflow.
@@ -482,6 +529,8 @@ const (
 	PolicyResourceCreator ResourceCreatorRole = "policy"
 	// WorkflowResourceCreator create the resource in workflow.
 	WorkflowResourceCreator ResourceCreatorRole = "workflow"
+	// DebugResourceCreator create the debug resource.
+	DebugResourceCreator ResourceCreatorRole = "debug"
 )
 
 // OAMObjectReference defines the object reference for an oam resource
@@ -608,3 +657,17 @@ func ParseApplicationConditionType(s string) (ApplicationConditionType, error) {
 	}
 	return -1, errors.New("unknown condition type")
 }
+
+// ReferredObject the referred Kubernetes object
+type ReferredObject struct {
+	// +kubebuilder:validation:EmbeddedResource
+	// +kubebuilder:pruning:PreserveUnknownFields
+	runtime.RawExtension `json:",inline"`
+}
+
+// ReferredObjectList a list of referred Kubernetes objects
+type ReferredObjectList struct {
+	// Objects a list of Kubernetes objects.
+	// +optional
+	Objects []ReferredObject `json:"objects,omitempty"`
+}

apis/core.oam.dev/common/zz_generated.deepcopy.go

@@ -22,6 +22,7 @@ limitations under the License.
 package common
 
 import (
+	crossplane_runtime "github.com/oam-dev/terraform-controller/api/types/crossplane-runtime"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 )
@@ -58,11 +59,6 @@ func (in *AppStatus) DeepCopyInto(out *AppStatus) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	if in.ResourceTracker != nil {
-		in, out := &in.ResourceTracker, &out.ResourceTracker
-		*out = new(v1.ObjectReference)
-		**out = **in
-	}
 	if in.Workflow != nil {
 		in, out := &in.Workflow, &out.Workflow
 		*out = new(WorkflowStatus)
@@ -474,6 +470,44 @@ func (in *RawExtensionPointer) DeepCopy() *RawExtensionPointer {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ReferredObject) DeepCopyInto(out *ReferredObject) {
+	*out = *in
+	in.RawExtension.DeepCopyInto(&out.RawExtension)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferredObject.
+func (in *ReferredObject) DeepCopy() *ReferredObject {
+	if in == nil {
+		return nil
+	}
+	out := new(ReferredObject)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ReferredObjectList) DeepCopyInto(out *ReferredObjectList) {
+	*out = *in
+	if in.Objects != nil {
+		in, out := &in.Objects, &out.Objects
+		*out = make([]ReferredObject, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferredObjectList.
+func (in *ReferredObjectList) DeepCopy() *ReferredObjectList {
+	if in == nil {
+		return nil
+	}
+	out := new(ReferredObjectList)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Revision) DeepCopyInto(out *Revision) {
 	*out = *in
@@ -578,21 +612,18 @@ func (in StepOutputs) DeepCopy() StepOutputs {
 }
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SubStepsStatus) DeepCopyInto(out *SubStepsStatus) {
+func (in *StepStatus) DeepCopyInto(out *StepStatus) {
 	*out = *in
-	if in.Steps != nil {
-		in, out := &in.Steps, &out.Steps
-		*out = make([]WorkflowSubStepStatus, len(*in))
-		copy(*out, *in)
-	}
+	in.FirstExecuteTime.DeepCopyInto(&out.FirstExecuteTime)
+	in.LastExecuteTime.DeepCopyInto(&out.LastExecuteTime)
 }
 
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubStepsStatus.
-func (in *SubStepsStatus) DeepCopy() *SubStepsStatus {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepStatus.
+func (in *StepStatus) DeepCopy() *StepStatus {
 	if in == nil {
 		return nil
 	}
-	out := new(SubStepsStatus)
+	out := new(StepStatus)
 	in.DeepCopyInto(out)
 	return out
 }
@@ -600,7 +631,16 @@ func (in *SubStepsStatus) DeepCopy() *SubStepsStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Terraform) DeepCopyInto(out *Terraform) {
 	*out = *in
-	in.BaseConfigurationSpec.DeepCopyInto(&out.BaseConfigurationSpec)
+	if in.WriteConnectionSecretToReference != nil {
+		in, out := &in.WriteConnectionSecretToReference, &out.WriteConnectionSecretToReference
+		*out = new(crossplane_runtime.SecretReference)
+		**out = **in
+	}
+	if in.ProviderReference != nil {
+		in, out := &in.ProviderReference, &out.ProviderReference
+		*out = new(crossplane_runtime.Reference)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Terraform.
@@ -642,15 +682,58 @@ func (in *WorkflowStatus) DeepCopy() *WorkflowStatus {
 }
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowStepStatus) DeepCopyInto(out *WorkflowStepStatus) {
+func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
 	*out = *in
-	if in.SubSteps != nil {
-		in, out := &in.SubSteps, &out.SubSteps
-		*out = new(SubStepsStatus)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
 		(*in).DeepCopyInto(*out)
 	}
-	in.FirstExecuteTime.DeepCopyInto(&out.FirstExecuteTime)
-	in.LastExecuteTime.DeepCopyInto(&out.LastExecuteTime)
+	if in.SubSteps != nil {
+		in, out := &in.SubSteps, &out.SubSteps
+		*out = make([]WorkflowSubStep, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Inputs != nil {
+		in, out := &in.Inputs, &out.Inputs
+		*out = make(StepInputs, len(*in))
+		copy(*out, *in)
+	}
+	if in.Outputs != nil {
+		in, out := &in.Outputs, &out.Outputs
+		*out = make(StepOutputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStep.
+func (in *WorkflowStep) DeepCopy() *WorkflowStep {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowStep)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowStepStatus) DeepCopyInto(out *WorkflowStepStatus) {
+	*out = *in
+	in.StepStatus.DeepCopyInto(&out.StepStatus)
+	if in.SubStepsStatus != nil {
+		in, out := &in.SubStepsStatus, &out.SubStepsStatus
+		*out = make([]WorkflowSubStepStatus, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStepStatus.
@@ -663,9 +746,45 @@ func (in *WorkflowStepStatus) DeepCopy() *WorkflowStepStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowSubStep) DeepCopyInto(out *WorkflowSubStep) {
+	*out = *in
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Inputs != nil {
+		in, out := &in.Inputs, &out.Inputs
+		*out = make(StepInputs, len(*in))
+		copy(*out, *in)
+	}
+	if in.Outputs != nil {
+		in, out := &in.Outputs, &out.Outputs
+		*out = make(StepOutputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowSubStep.
+func (in *WorkflowSubStep) DeepCopy() *WorkflowSubStep {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowSubStep)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkflowSubStepStatus) DeepCopyInto(out *WorkflowSubStepStatus) {
 	*out = *in
+	in.StepStatus.DeepCopyInto(&out.StepStatus)
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowSubStepStatus.

apis/core.oam.dev/v1alpha1/applyonce_types.go

@@ -16,6 +16,10 @@ limitations under the License.
 
 package v1alpha1
 
+import (
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
 const (
 	// ApplyOncePolicyType refers to the type of configuration drift policy
 	ApplyOncePolicyType = "apply-once"
@@ -24,4 +28,42 @@ const (
 // ApplyOncePolicySpec defines the spec of preventing configuration drift
 type ApplyOncePolicySpec struct {
 	Enable bool `json:"enable"`
+	// +optional
+	Rules []ApplyOncePolicyRule `json:"rules,omitempty"`
+}
+
+// ApplyOncePolicyRule defines a single apply-once policy rule
+type ApplyOncePolicyRule struct {
+	// +optional
+	Selector ResourcePolicyRuleSelector `json:"selector,omitempty"`
+	// +optional
+	Strategy *ApplyOnceStrategy `json:"strategy,omitempty"`
+}
+
+// ApplyOnceStrategy the strategy for resource path to allow configuration drift
+type ApplyOnceStrategy struct {
+	// Path the specified path that allow configuration drift
+	// like 'spec.template.spec.containers[0].resources' and '*' means the whole target allow configuration drift
+	Path []string `json:"path"`
+}
+
+// FindStrategy find apply-once strategy for target resource
+func (in ApplyOncePolicySpec) FindStrategy(manifest *unstructured.Unstructured) *ApplyOnceStrategy {
+	if !in.Enable {
+		return nil
+	}
+	for _, rule := range in.Rules {
+		match := func(src []string, val string) (found bool) {
+			for _, _val := range src {
+				found = found || _val == val
+			}
+			return val != "" && found
+		}
+		if (match(rule.Selector.CompNames, manifest.GetName()) && match(rule.Selector.ResourceTypes, manifest.GetKind())) ||
+			(rule.Selector.CompNames == nil && match(rule.Selector.ResourceTypes, manifest.GetKind()) ||
+				(rule.Selector.ResourceTypes == nil && match(rule.Selector.CompNames, manifest.GetName()))) {
+			return rule.Strategy
+		}
+	}
+	return nil
 }

apis/core.oam.dev/v1alpha1/component_types.go

@@ -0,0 +1,74 @@
+/*
+Copyright 2021 The KubeVela Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+const (
+	// RefObjectsComponentType refers to the type of ref-objects
+	RefObjectsComponentType = "ref-objects"
+)
+
+// RefObjectsComponentSpec defines the spec of ref-objects component
+type RefObjectsComponentSpec struct {
+	// Objects the referrers to the Kubernetes objects
+	Objects []ObjectReferrer `json:"objects,omitempty"`
+}
+
+// ObjectReferrer selects Kubernetes objects
+type ObjectReferrer struct {
+	// ObjectTypeIdentifier identifies the type of referred objects
+	ObjectTypeIdentifier `json:",inline"`
+	// ObjectSelector select object by name or labelSelector
+	ObjectSelector `json:",inline"`
+}
+
+// ObjectTypeIdentifier identifies the scheme of Kubernetes object
+type ObjectTypeIdentifier struct {
+	// Resource is the resource name of the Kubernetes object.
+	Resource string `json:"resource"`
+	// Group is the API Group of the Kubernetes object.
+	Group string `json:"group"`
+	// LegacyObjectTypeIdentifier is the legacy identifier
+	// Deprecated: use resource/group instead
+	LegacyObjectTypeIdentifier `json:",inline"`
+}
+
+// LegacyObjectTypeIdentifier legacy object type identifier
+type LegacyObjectTypeIdentifier struct {
+	// APIVersion is the APIVersion of the Kubernetes object.
+	APIVersion string `json:"apiVersion"`
+	// APIVersion is the Kind of the Kubernetes object.
+	Kind string `json:"kind"`
+}
+
+// ObjectSelector selector for Kubernetes object
+type ObjectSelector struct {
+	// Name is the name of the Kubernetes object.
+	// If empty, it will inherit the application component's name.
+	Name string `json:"name,omitempty"`
+	// Namespace is the namespace for selecting Kubernetes objects.
+	// If empty, it will inherit the application's namespace.
+	Namespace string `json:"namespace,omitempty"`
+	// Cluster is the cluster for selecting Kubernetes objects.
+	// If empty, it will use the local cluster
+	Cluster string `json:"cluster,omitempty"`
+	// LabelSelector selects Kubernetes objects by labels
+	// Exclusive to "name"
+	LabelSelector map[string]string `json:"labelSelector,omitempty"`
+	// DeprecatedLabelSelector a deprecated alias to LabelSelector
+	// Deprecated: use labelSelector instead.
+	DeprecatedLabelSelector map[string]string `json:"selector,omitempty"`
+}

apis/core.oam.dev/v1alpha1/envbinding_types.go

@@ -115,6 +115,14 @@ type PlacementDecision struct {
 	Namespace string `json:"namespace"`
 }
 
+// String encode placement decision
+func (in PlacementDecision) String() string {
+	if in.Namespace == "" {
+		return in.Cluster
+	}
+	return in.Cluster + "/" + in.Namespace
+}
+
 // EnvStatus records the status of one env
 type EnvStatus struct {
 	Env        string              `json:"env"`

apis/core.oam.dev/v1alpha1/external_types.go

@@ -0,0 +1,75 @@
+/*
+Copyright 2021 The KubeVela Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
+)
+
+// +kubebuilder:object:root=true
+
+// Policy is the Schema for the policy API
+// +kubebuilder:storageversion
+// +kubebuilder:resource:categories={oam}
+// +kubebuilder:printcolumn:name="TYPE",type=string,JSONPath=`.type`
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type Policy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Type string `json:"type"`
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// PolicyList contains a list of Policy
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type PolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Policy `json:"items"`
+}
+
+// +kubebuilder:object:root=true
+
+// Workflow is the Schema for the policy API
+// +kubebuilder:storageversion
+// +kubebuilder:resource:categories={oam}
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type Workflow struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Steps []common.WorkflowStep `json:"steps,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// WorkflowList contains a list of Workflow
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type WorkflowList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Workflow `json:"items"`
+}

apis/core.oam.dev/v1alpha1/garbagecollect_types.go

@@ -33,20 +33,39 @@ type GarbageCollectPolicySpec struct {
 	// outdated resources will be kept until resourcetracker be deleted manually
 	KeepLegacyResource bool `json:"keepLegacyResource,omitempty"`
 
+	// Order defines the order of garbage collect
+	Order GarbageCollectOrder `json:"order,omitempty"`
+
 	// Rules defines list of rules to control gc strategy at resource level
 	// if one resource is controlled by multiple rules, first rule will be used
 	Rules []GarbageCollectPolicyRule `json:"rules,omitempty"`
 }
 
+// GarbageCollectOrder is the order of garbage collect
+type GarbageCollectOrder string
+
+const (
+	// OrderDependency is the order of dependency
+	OrderDependency GarbageCollectOrder = "dependency"
+)
+
 // GarbageCollectPolicyRule defines a single garbage-collect policy rule
 type GarbageCollectPolicyRule struct {
-	Selector GarbageCollectPolicyRuleSelector `json:"selector"`
-	Strategy GarbageCollectStrategy           `json:"strategy"`
+	Selector ResourcePolicyRuleSelector `json:"selector"`
+	Strategy GarbageCollectStrategy     `json:"strategy"`
 }
 
-// GarbageCollectPolicyRuleSelector select the targets of the rule
-type GarbageCollectPolicyRuleSelector struct {
-	TraitTypes []string `json:"traitTypes"`
+// ResourcePolicyRuleSelector select the targets of the rule
+// 1) for GarbageCollectPolicyRule
+// if both traitTypes, oamTypes and componentTypes are specified, combination logic is OR
+// if one resource is specified with conflict strategies, strategy as component go first.
+// 2) for ApplyOncePolicyRule only CompNames and ResourceTypes are used
+type ResourcePolicyRuleSelector struct {
+	CompNames        []string `json:"componentNames"`
+	CompTypes        []string `json:"componentTypes"`
+	OAMResourceTypes []string `json:"oamTypes"`
+	TraitTypes       []string `json:"traitTypes"`
+	ResourceTypes    []string `json:"resourceTypes"`
 }
 
 // GarbageCollectStrategy the strategy for target resource to recycle
@@ -65,16 +84,24 @@ const (
 // FindStrategy find gc strategy for target resource
 func (in GarbageCollectPolicySpec) FindStrategy(manifest *unstructured.Unstructured) *GarbageCollectStrategy {
 	for _, rule := range in.Rules {
-		var traitType string
-		if manifest.GetLabels() != nil {
-			traitType = manifest.GetLabels()[oam.TraitTypeLabel]
+		var compName, compType, oamType, traitType string
+		if labels := manifest.GetLabels(); labels != nil {
+			compName = labels[oam.LabelAppComponent]
+			compType = labels[oam.WorkloadTypeLabel]
+			oamType = labels[oam.LabelOAMResourceType]
+			traitType = labels[oam.TraitTypeLabel]
 		}
-		if traitType != "" {
-			for _, _traitType := range rule.Selector.TraitTypes {
-				if _traitType == traitType {
-					return &rule.Strategy
-				}
+		match := func(src []string, val string) (found bool) {
+			for _, _val := range src {
+				found = found || _val == val
 			}
+			return val != "" && found
+		}
+		if match(rule.Selector.CompNames, compName) ||
+			match(rule.Selector.CompTypes, compType) ||
+			match(rule.Selector.OAMResourceTypes, oamType) ||
+			match(rule.Selector.TraitTypes, traitType) {
+			return &rule.Strategy
 		}
 	}
 	return nil

apis/core.oam.dev/v1alpha1/garbagecollect_types_test.go

@@ -32,9 +32,9 @@ func TestGarbageCollectPolicySpec_FindStrategy(t *testing.T) {
 		notFound       bool
 		expectStrategy GarbageCollectStrategy
 	}{
-		"trait rule match": {
+		"trait type rule match": {
 			rules: []GarbageCollectPolicyRule{{
-				Selector: GarbageCollectPolicyRuleSelector{TraitTypes: []string{"a"}},
+				Selector: ResourcePolicyRuleSelector{TraitTypes: []string{"a"}},
 				Strategy: GarbageCollectStrategyNever,
 			}},
 			input: &unstructured.Unstructured{Object: map[string]interface{}{
@@ -44,20 +44,20 @@ func TestGarbageCollectPolicySpec_FindStrategy(t *testing.T) {
 			}},
 			expectStrategy: GarbageCollectStrategyNever,
 		},
-		"trait rule mismatch": {
+		"trait type rule mismatch": {
 			rules: []GarbageCollectPolicyRule{{
-				Selector: GarbageCollectPolicyRuleSelector{TraitTypes: []string{"a"}},
+				Selector: ResourcePolicyRuleSelector{TraitTypes: []string{"a"}},
 				Strategy: GarbageCollectStrategyNever,
 			}},
 			input:    &unstructured.Unstructured{Object: map[string]interface{}{}},
 			notFound: true,
 		},
-		"trait rule multiple match": {
+		"trait type rule multiple match": {
 			rules: []GarbageCollectPolicyRule{{
-				Selector: GarbageCollectPolicyRuleSelector{TraitTypes: []string{"a"}},
+				Selector: ResourcePolicyRuleSelector{TraitTypes: []string{"a"}},
 				Strategy: GarbageCollectStrategyOnAppDelete,
 			}, {
-				Selector: GarbageCollectPolicyRuleSelector{TraitTypes: []string{"a"}},
+				Selector: ResourcePolicyRuleSelector{TraitTypes: []string{"a"}},
 				Strategy: GarbageCollectStrategyNever,
 			}},
 			input: &unstructured.Unstructured{Object: map[string]interface{}{
@@ -67,6 +67,60 @@ func TestGarbageCollectPolicySpec_FindStrategy(t *testing.T) {
 			}},
 			expectStrategy: GarbageCollectStrategyOnAppDelete,
 		},
+		"component type rule match": {
+			rules: []GarbageCollectPolicyRule{{
+				Selector: ResourcePolicyRuleSelector{CompTypes: []string{"comp"}},
+				Strategy: GarbageCollectStrategyNever,
+			}},
+			input: &unstructured.Unstructured{Object: map[string]interface{}{
+				"metadata": map[string]interface{}{
+					"labels": map[string]interface{}{oam.WorkloadTypeLabel: "comp"},
+				},
+			}},
+			expectStrategy: GarbageCollectStrategyNever,
+		},
+		"rule match both component type and trait type, component type first": {
+			rules: []GarbageCollectPolicyRule{
+				{
+					Selector: ResourcePolicyRuleSelector{CompTypes: []string{"comp"}},
+					Strategy: GarbageCollectStrategyNever,
+				},
+				{
+					Selector: ResourcePolicyRuleSelector{TraitTypes: []string{"trait"}},
+					Strategy: GarbageCollectStrategyOnAppDelete,
+				},
+			},
+			input: &unstructured.Unstructured{Object: map[string]interface{}{
+				"metadata": map[string]interface{}{
+					"labels": map[string]interface{}{oam.WorkloadTypeLabel: "comp", oam.TraitTypeLabel: "trait"},
+				},
+			}},
+			expectStrategy: GarbageCollectStrategyNever,
+		},
+		"component name rule match": {
+			rules: []GarbageCollectPolicyRule{{
+				Selector: ResourcePolicyRuleSelector{CompNames: []string{"comp-name"}},
+				Strategy: GarbageCollectStrategyNever,
+			}},
+			input: &unstructured.Unstructured{Object: map[string]interface{}{
+				"metadata": map[string]interface{}{
+					"labels": map[string]interface{}{oam.LabelAppComponent: "comp-name"},
+				},
+			}},
+			expectStrategy: GarbageCollectStrategyNever,
+		},
+		"resource type rule match": {
+			rules: []GarbageCollectPolicyRule{{
+				Selector: ResourcePolicyRuleSelector{OAMResourceTypes: []string{"TRAIT"}},
+				Strategy: GarbageCollectStrategyNever,
+			}},
+			input: &unstructured.Unstructured{Object: map[string]interface{}{
+				"metadata": map[string]interface{}{
+					"labels": map[string]interface{}{oam.LabelOAMResourceType: "TRAIT"},
+				},
+			}},
+			expectStrategy: GarbageCollectStrategyNever,
+		},
 	}
 	for name, tc := range testCases {
 		t.Run(name, func(t *testing.T) {

apis/core.oam.dev/v1alpha1/policy_types.go

@@ -0,0 +1,55 @@
+/*
+Copyright 2021 The KubeVela Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+const (
+	// TopologyPolicyType refers to the type of topology policy
+	TopologyPolicyType = "topology"
+	// OverridePolicyType refers to the type of override policy
+	OverridePolicyType = "override"
+	// DebugPolicyType refers to the type of debug policy
+	DebugPolicyType = "debug"
+)
+
+// TopologyPolicySpec defines the spec of topology policy
+type TopologyPolicySpec struct {
+	// Placement embeds the selectors for choosing cluster
+	Placement `json:",inline"`
+	// Namespace is the target namespace to deploy in the selected clusters.
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
+}
+
+// Placement describes which clusters to be selected in this topology
+type Placement struct {
+	// Clusters is the names of the clusters to select.
+	Clusters []string `json:"clusters,omitempty"`
+
+	// ClusterLabelSelector is the label selector for clusters.
+	// Exclusive to "clusters"
+	ClusterLabelSelector map[string]string `json:"clusterLabelSelector,omitempty"`
+
+	// DeprecatedClusterSelector is a depreciated alias for ClusterLabelSelector.
+	// Deprecated: Use clusterLabelSelector instead.
+	DeprecatedClusterSelector map[string]string `json:"clusterSelector,omitempty"`
+}
+
+// OverridePolicySpec defines the spec of override policy
+type OverridePolicySpec struct {
+	Components []EnvComponentPatch `json:"components,omitempty"`
+	Selector   []string            `json:"selector,omitempty"`
+}

apis/core.oam.dev/v1alpha1/register.go

@@ -19,11 +19,13 @@ package v1alpha1
 import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
+
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )
 
 // Package type metadata.
 const (
-	Group   = "core.oam.dev"
+	Group   = common.Group
 	Version = "v1alpha1"
 )
 
@@ -33,7 +35,24 @@ var (
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
+
+	// AddToScheme is a global function that registers this API group & version to a scheme
+	AddToScheme = SchemeBuilder.AddToScheme
+)
+
+// Policy meta
+var (
+	PolicyKind             = "Policy"
+	PolicyGroupVersionKind = SchemeGroupVersion.WithKind(PolicyKind)
+)
+
+// Workflow meta
+var (
+	WorkflowKind             = "Workflow"
+	WorkflowGroupVersionKind = SchemeGroupVersion.WithKind(WorkflowKind)
 )
 
 func init() {
+	SchemeBuilder.Register(&Policy{}, &PolicyList{})
+	SchemeBuilder.Register(&Workflow{}, &WorkflowList{})
 }

apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go

@@ -27,9 +27,37 @@ import (
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ApplyOncePolicyRule) DeepCopyInto(out *ApplyOncePolicyRule) {
+	*out = *in
+	in.Selector.DeepCopyInto(&out.Selector)
+	if in.Strategy != nil {
+		in, out := &in.Strategy, &out.Strategy
+		*out = new(ApplyOnceStrategy)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplyOncePolicyRule.
+func (in *ApplyOncePolicyRule) DeepCopy() *ApplyOncePolicyRule {
+	if in == nil {
+		return nil
+	}
+	out := new(ApplyOncePolicyRule)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplyOncePolicySpec) DeepCopyInto(out *ApplyOncePolicySpec) {
 	*out = *in
+	if in.Rules != nil {
+		in, out := &in.Rules, &out.Rules
+		*out = make([]ApplyOncePolicyRule, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplyOncePolicySpec.
@@ -42,6 +70,26 @@ func (in *ApplyOncePolicySpec) DeepCopy() *ApplyOncePolicySpec {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ApplyOnceStrategy) DeepCopyInto(out *ApplyOnceStrategy) {
+	*out = *in
+	if in.Path != nil {
+		in, out := &in.Path, &out.Path
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplyOnceStrategy.
+func (in *ApplyOnceStrategy) DeepCopy() *ApplyOnceStrategy {
+	if in == nil {
+		return nil
+	}
+	out := new(ApplyOnceStrategy)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ClusterConnection) DeepCopyInto(out *ClusterConnection) {
 	*out = *in
@@ -278,26 +326,6 @@ func (in *GarbageCollectPolicyRule) DeepCopy() *GarbageCollectPolicyRule {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GarbageCollectPolicyRuleSelector) DeepCopyInto(out *GarbageCollectPolicyRuleSelector) {
-	*out = *in
-	if in.TraitTypes != nil {
-		in, out := &in.TraitTypes, &out.TraitTypes
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GarbageCollectPolicyRuleSelector.
-func (in *GarbageCollectPolicyRuleSelector) DeepCopy() *GarbageCollectPolicyRuleSelector {
-	if in == nil {
-		return nil
-	}
-	out := new(GarbageCollectPolicyRuleSelector)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *GarbageCollectPolicySpec) DeepCopyInto(out *GarbageCollectPolicySpec) {
 	*out = *in
@@ -320,6 +348,21 @@ func (in *GarbageCollectPolicySpec) DeepCopy() *GarbageCollectPolicySpec {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LegacyObjectTypeIdentifier) DeepCopyInto(out *LegacyObjectTypeIdentifier) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LegacyObjectTypeIdentifier.
+func (in *LegacyObjectTypeIdentifier) DeepCopy() *LegacyObjectTypeIdentifier {
+	if in == nil {
+		return nil
+	}
+	out := new(LegacyObjectTypeIdentifier)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *NamespaceSelector) DeepCopyInto(out *NamespaceSelector) {
 	*out = *in
@@ -342,6 +385,129 @@ func (in *NamespaceSelector) DeepCopy() *NamespaceSelector {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ObjectReferrer) DeepCopyInto(out *ObjectReferrer) {
+	*out = *in
+	out.ObjectTypeIdentifier = in.ObjectTypeIdentifier
+	in.ObjectSelector.DeepCopyInto(&out.ObjectSelector)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReferrer.
+func (in *ObjectReferrer) DeepCopy() *ObjectReferrer {
+	if in == nil {
+		return nil
+	}
+	out := new(ObjectReferrer)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ObjectSelector) DeepCopyInto(out *ObjectSelector) {
+	*out = *in
+	if in.LabelSelector != nil {
+		in, out := &in.LabelSelector, &out.LabelSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.DeprecatedLabelSelector != nil {
+		in, out := &in.DeprecatedLabelSelector, &out.DeprecatedLabelSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectSelector.
+func (in *ObjectSelector) DeepCopy() *ObjectSelector {
+	if in == nil {
+		return nil
+	}
+	out := new(ObjectSelector)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ObjectTypeIdentifier) DeepCopyInto(out *ObjectTypeIdentifier) {
+	*out = *in
+	out.LegacyObjectTypeIdentifier = in.LegacyObjectTypeIdentifier
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectTypeIdentifier.
+func (in *ObjectTypeIdentifier) DeepCopy() *ObjectTypeIdentifier {
+	if in == nil {
+		return nil
+	}
+	out := new(ObjectTypeIdentifier)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OverridePolicySpec) DeepCopyInto(out *OverridePolicySpec) {
+	*out = *in
+	if in.Components != nil {
+		in, out := &in.Components, &out.Components
+		*out = make([]EnvComponentPatch, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.Selector != nil {
+		in, out := &in.Selector, &out.Selector
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OverridePolicySpec.
+func (in *OverridePolicySpec) DeepCopy() *OverridePolicySpec {
+	if in == nil {
+		return nil
+	}
+	out := new(OverridePolicySpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Placement) DeepCopyInto(out *Placement) {
+	*out = *in
+	if in.Clusters != nil {
+		in, out := &in.Clusters, &out.Clusters
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.ClusterLabelSelector != nil {
+		in, out := &in.ClusterLabelSelector, &out.ClusterLabelSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.DeprecatedClusterSelector != nil {
+		in, out := &in.DeprecatedClusterSelector, &out.DeprecatedClusterSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Placement.
+func (in *Placement) DeepCopy() *Placement {
+	if in == nil {
+		return nil
+	}
+	out := new(Placement)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PlacementDecision) DeepCopyInto(out *PlacementDecision) {
 	*out = *in
@@ -356,3 +522,207 @@ func (in *PlacementDecision) DeepCopy() *PlacementDecision {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Policy) DeepCopyInto(out *Policy) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
+func (in *Policy) DeepCopy() *Policy {
+	if in == nil {
+		return nil
+	}
+	out := new(Policy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Policy) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyList) DeepCopyInto(out *PolicyList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]Policy, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.
+func (in *PolicyList) DeepCopy() *PolicyList {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RefObjectsComponentSpec) DeepCopyInto(out *RefObjectsComponentSpec) {
+	*out = *in
+	if in.Objects != nil {
+		in, out := &in.Objects, &out.Objects
+		*out = make([]ObjectReferrer, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RefObjectsComponentSpec.
+func (in *RefObjectsComponentSpec) DeepCopy() *RefObjectsComponentSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(RefObjectsComponentSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ResourcePolicyRuleSelector) DeepCopyInto(out *ResourcePolicyRuleSelector) {
+	*out = *in
+	if in.CompNames != nil {
+		in, out := &in.CompNames, &out.CompNames
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.CompTypes != nil {
+		in, out := &in.CompTypes, &out.CompTypes
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.OAMResourceTypes != nil {
+		in, out := &in.OAMResourceTypes, &out.OAMResourceTypes
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.TraitTypes != nil {
+		in, out := &in.TraitTypes, &out.TraitTypes
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.ResourceTypes != nil {
+		in, out := &in.ResourceTypes, &out.ResourceTypes
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicyRuleSelector.
+func (in *ResourcePolicyRuleSelector) DeepCopy() *ResourcePolicyRuleSelector {
+	if in == nil {
+		return nil
+	}
+	out := new(ResourcePolicyRuleSelector)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TopologyPolicySpec) DeepCopyInto(out *TopologyPolicySpec) {
+	*out = *in
+	in.Placement.DeepCopyInto(&out.Placement)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TopologyPolicySpec.
+func (in *TopologyPolicySpec) DeepCopy() *TopologyPolicySpec {
+	if in == nil {
+		return nil
+	}
+	out := new(TopologyPolicySpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Workflow) DeepCopyInto(out *Workflow) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Steps != nil {
+		in, out := &in.Steps, &out.Steps
+		*out = make([]common.WorkflowStep, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workflow.
+func (in *Workflow) DeepCopy() *Workflow {
+	if in == nil {
+		return nil
+	}
+	out := new(Workflow)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Workflow) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowList) DeepCopyInto(out *WorkflowList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]Workflow, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowList.
+func (in *WorkflowList) DeepCopy() *WorkflowList {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *WorkflowList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}

apis/core.oam.dev/v1alpha2/application_types.go

@@ -87,7 +87,7 @@ type ApplicationSpec struct {
 
 // Application is the Schema for the applications API
 // +kubebuilder:object:root=true
-// +kubebuilder:resource:categories={oam},shortName=app
+// +kubebuilder:resource:categories={oam},shortName={app,velaapp}
 // +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:name="COMPONENT",type=string,JSONPath=`.spec.components[*].name`
 // +kubebuilder:printcolumn:name="TYPE",type=string,JSONPath=`.spec.components[*].type`

apis/core.oam.dev/v1alpha2/register.go

@@ -21,11 +21,13 @@ import (
 
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
+
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )
 
 // Package type metadata.
 const (
-	Group   = "core.oam.dev"
+	Group   = common.Group
 	Version = "v1alpha2"
 )
 

apis/core.oam.dev/v1beta1/application_types.go

@@ -50,24 +50,11 @@ type AppPolicy struct {
 }
 
 // WorkflowStep defines how to execute a workflow step.
-type WorkflowStep struct {
-	// Name is the unique name of the workflow step.
-	Name string `json:"name"`
-
-	Type string `json:"type"`
-
-	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties *runtime.RawExtension `json:"properties,omitempty"`
-
-	DependsOn []string `json:"dependsOn,omitempty"`
-
-	Inputs common.StepInputs `json:"inputs,omitempty"`
-
-	Outputs common.StepOutputs `json:"outputs,omitempty"`
-}
+type WorkflowStep common.WorkflowStep
 
 // Workflow defines workflow steps and other attributes
 type Workflow struct {
+	Ref   string         `json:"ref,omitempty"`
 	Steps []WorkflowStep `json:"steps,omitempty"`
 }
 
@@ -95,7 +82,7 @@ type ApplicationSpec struct {
 // Application is the Schema for the applications API
 // +kubebuilder:storageversion
 // +kubebuilder:subresource:status
-// +kubebuilder:resource:categories={oam},shortName=app
+// +kubebuilder:resource:categories={oam},shortName={app,velaapp}
 // +kubebuilder:printcolumn:name="COMPONENT",type=string,JSONPath=`.spec.components[*].name`
 // +kubebuilder:printcolumn:name="TYPE",type=string,JSONPath=`.spec.components[*].type`
 // +kubebuilder:printcolumn:name="PHASE",type=string,JSONPath=`.status.status`

apis/core.oam.dev/v1beta1/applicationrevision_types.go

@@ -17,11 +17,10 @@
 package v1beta1
 
 import (
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
 
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/v1alpha1"
 )
 
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
@@ -52,19 +51,23 @@ type ApplicationRevisionSpec struct {
 	// ScopeGVK records the apiVersion to GVK mapping
 	ScopeGVK map[string]metav1.GroupVersionKind `json:"scopeGVK,omitempty"`
 
-	// Components records the rendered components from Application, it will contains the whole K8s CR of workload in it.
-	// +deprecated
-	Components []common.RawComponent `json:"components,omitempty"`
+	// Policies records the external policies
+	Policies map[string]v1alpha1.Policy `json:"policies,omitempty"`
 
-	// ApplicationConfiguration records the rendered applicationConfiguration from Application,
-	// it will contains the whole K8s CR of trait and the reference component in it.
-	// +kubebuilder:validation:EmbeddedResource
+	// Workflow records the external workflow
+	Workflow *v1alpha1.Workflow `json:"workflow,omitempty"`
+
+	// ReferredObjects records the referred objects used in the ref-object typed components
 	// +kubebuilder:pruning:PreserveUnknownFields
-	// +deprecated
-	ApplicationConfiguration runtime.RawExtension `json:"applicationConfiguration,omitempty"`
+	ReferredObjects []common.ReferredObject `json:"referredObjects,omitempty"`
+}
 
-	// ResourcesConfigMap references the ConfigMap that's generated to contain all final rendered resources.
-	ResourcesConfigMap corev1.LocalObjectReference `json:"resourcesConfigMap,omitempty"`
+// ApplicationRevisionStatus is the status of ApplicationRevision
+type ApplicationRevisionStatus struct {
+	// Succeeded records if the workflow finished running with success
+	Succeeded bool `json:"succeeded"`
+	// Workflow the running status of the workflow
+	Workflow *common.WorkflowStatus `json:"workflow,omitempty"`
 }
 
 // +kubebuilder:object:root=true
@@ -72,14 +75,18 @@ type ApplicationRevisionSpec struct {
 // ApplicationRevision is the Schema for the ApplicationRevision API
 // +kubebuilder:storageversion
 // +kubebuilder:resource:categories={oam},shortName=apprev
+// +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:name="AGE",type=date,JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="PUBLISH_VERSION",type=string,JSONPath=`.metadata.annotations['app\.oam\.dev\/publishVersion']`
+// +kubebuilder:printcolumn:name="SUCCEEDED",type=string,JSONPath=`.status.succeeded`
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type ApplicationRevision struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec ApplicationRevisionSpec `json:"spec,omitempty"`
+	Spec   ApplicationRevisionSpec   `json:"spec,omitempty"`
+	Status ApplicationRevisionStatus `json:"status,omitempty"`
 }
 
 // +kubebuilder:object:root=true

apis/core.oam.dev/v1beta1/core_types.go

@@ -157,6 +157,9 @@ type TraitDefinitionSpec struct {
 	// SkipRevisionAffect defines the update this trait will not generate a new application Revision
 	// +optional
 	SkipRevisionAffect bool `json:"skipRevisionAffect,omitempty"`
+	// ControlPlaneOnly defines which cluster is dispatched to
+	// +optional
+	ControlPlaneOnly bool `json:"controlPlaneOnly,omitempty"`
 }
 
 // TraitDefinitionStatus is the status of TraitDefinition

apis/core.oam.dev/v1beta1/policy_definition.go

@@ -43,6 +43,9 @@ type PolicyDefinitionStatus struct {
 	// ConditionedStatus reflects the observed status of a resource
 	condition.ConditionedStatus `json:",inline"`
 
+	// ConfigMapRef refer to a ConfigMap which contains OpenAPI V3 JSON schema of Component parameters.
+	ConfigMapRef string `json:"configMapRef,omitempty"`
+
 	// LatestRevision of the component definition
 	// +optional
 	LatestRevision *common.Revision `json:"latestRevision,omitempty"`
@@ -61,7 +64,7 @@ func (d *PolicyDefinition) GetCondition(conditionType condition.ConditionType) c
 // +kubebuilder:object:root=true
 
 // PolicyDefinition is the Schema for the policydefinitions API
-// +kubebuilder:resource:scope=Namespaced,categories={oam},shortName=policy
+// +kubebuilder:resource:scope=Namespaced,categories={oam},shortName=def-policy
 // +kubebuilder:storageversion
 // +kubebuilder:subresource:status
 // +genclient

apis/core.oam.dev/v1beta1/register.go

@@ -21,11 +21,13 @@ import (
 
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
+
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )
 
 // Package type metadata.
 const (
-	Group   = "core.oam.dev"
+	Group   = common.Group
 	Version = "v1beta1"
 )
 

apis/core.oam.dev/v1beta1/resourcetracker_types.go

@@ -31,6 +31,7 @@ import (
 
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 	"github.com/oam-dev/kubevela/apis/interfaces"
+	velatypes "github.com/oam-dev/kubevela/apis/types"
 	"github.com/oam-dev/kubevela/pkg/oam"
 	"github.com/oam-dev/kubevela/pkg/utils/errors"
 )
@@ -121,7 +122,11 @@ func (in ManagedResource) NamespacedName() types.NamespacedName {
 // ResourceKey computes the key for managed resource, resources with the same key points to the same resource
 func (in ManagedResource) ResourceKey() string {
 	gv, kind := in.GroupVersionKind().ToAPIVersionAndKind()
-	return strings.Join([]string{gv, kind, in.Cluster, in.Namespace, in.Name}, "/")
+	cluster := in.Cluster
+	if cluster == "" {
+		cluster = velatypes.ClusterLocalName
+	}
+	return strings.Join([]string{gv, kind, cluster, in.Namespace, in.Name}, "/")
 }
 
 // ComponentKey computes the key for the component which managed resource belongs to
@@ -186,10 +191,9 @@ func (in *ResourceTracker) findMangedResourceIndex(mr ManagedResource) int {
 	return -1
 }
 
-// AddManagedResource add object to managed resources, if exists, update
-func (in *ResourceTracker) AddManagedResource(rsc client.Object, metaOnly bool) (updated bool) {
+func newManagedResourceFromResource(rsc client.Object) ManagedResource {
 	gvk := rsc.GetObjectKind().GroupVersionKind()
-	mr := ManagedResource{
+	return ManagedResource{
 		ClusterObjectReference: common.ClusterObjectReference{
 			ObjectReference: v1.ObjectReference{
 				APIVersion: gvk.GroupVersion().String(),
@@ -202,9 +206,23 @@ func (in *ResourceTracker) AddManagedResource(rsc client.Object, metaOnly bool)
 		OAMObjectReference: common.NewOAMObjectReferenceFromObject(rsc),
 		Deleted:            false,
 	}
+}
+
+// ContainsManagedResource check if resource exists in ResourceTracker
+func (in *ResourceTracker) ContainsManagedResource(rsc client.Object) bool {
+	mr := newManagedResourceFromResource(rsc)
+	return in.findMangedResourceIndex(mr) >= 0
+}
+
+// AddManagedResource add object to managed resources, if exists, update
+func (in *ResourceTracker) AddManagedResource(rsc client.Object, metaOnly bool, creator common.ResourceCreatorRole) (updated bool) {
+	mr := newManagedResourceFromResource(rsc)
 	if !metaOnly {
 		mr.Data = &runtime.RawExtension{Object: rsc}
 	}
+	if creator != "" {
+		mr.ClusterObjectReference.Creator = creator
+	}
 	if idx := in.findMangedResourceIndex(mr); idx >= 0 {
 		if reflect.DeepEqual(in.Spec.ManagedResources[idx], mr) {
 			return false

apis/core.oam.dev/v1beta1/resourcetracker_types_test.go

@@ -156,16 +156,16 @@ func TestResourceTracker_ManagedResource(t *testing.T) {
 	r := require.New(t)
 	input := &ResourceTracker{}
 	deploy1 := v12.Deployment{ObjectMeta: v13.ObjectMeta{Name: "deploy1"}}
-	input.AddManagedResource(&deploy1, true)
+	input.AddManagedResource(&deploy1, true, "")
 	r.Equal(1, len(input.Spec.ManagedResources))
 	cm2 := v1.ConfigMap{ObjectMeta: v13.ObjectMeta{Name: "cm2"}}
-	input.AddManagedResource(&cm2, false)
+	input.AddManagedResource(&cm2, false, "")
 	r.Equal(2, len(input.Spec.ManagedResources))
 	pod3 := v1.Pod{ObjectMeta: v13.ObjectMeta{Name: "pod3"}}
-	input.AddManagedResource(&pod3, false)
+	input.AddManagedResource(&pod3, false, "")
 	r.Equal(3, len(input.Spec.ManagedResources))
 	deploy1.Spec.Replicas = pointer.Int32(5)
-	input.AddManagedResource(&deploy1, false)
+	input.AddManagedResource(&deploy1, false, "")
 	r.Equal(3, len(input.Spec.ManagedResources))
 	input.DeleteManagedResource(&cm2, false)
 	r.Equal(3, len(input.Spec.ManagedResources))

apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go

@@ -26,6 +26,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/v1alpha1"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -113,6 +114,7 @@ func (in *ApplicationRevision) DeepCopyInto(out *ApplicationRevision) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRevision.
@@ -218,15 +220,25 @@ func (in *ApplicationRevisionSpec) DeepCopyInto(out *ApplicationRevisionSpec) {
 			(*out)[key] = val
 		}
 	}
-	if in.Components != nil {
-		in, out := &in.Components, &out.Components
-		*out = make([]common.RawComponent, len(*in))
+	if in.Policies != nil {
+		in, out := &in.Policies, &out.Policies
+		*out = make(map[string]v1alpha1.Policy, len(*in))
+		for key, val := range *in {
+			(*out)[key] = *val.DeepCopy()
+		}
+	}
+	if in.Workflow != nil {
+		in, out := &in.Workflow, &out.Workflow
+		*out = new(v1alpha1.Workflow)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ReferredObjects != nil {
+		in, out := &in.ReferredObjects, &out.ReferredObjects
+		*out = make([]common.ReferredObject, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	in.ApplicationConfiguration.DeepCopyInto(&out.ApplicationConfiguration)
-	out.ResourcesConfigMap = in.ResourcesConfigMap
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRevisionSpec.
@@ -239,6 +251,26 @@ func (in *ApplicationRevisionSpec) DeepCopy() *ApplicationRevisionSpec {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ApplicationRevisionStatus) DeepCopyInto(out *ApplicationRevisionStatus) {
+	*out = *in
+	if in.Workflow != nil {
+		in, out := &in.Workflow, &out.Workflow
+		*out = new(common.WorkflowStatus)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationRevisionStatus.
+func (in *ApplicationRevisionStatus) DeepCopy() *ApplicationRevisionStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(ApplicationRevisionStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplicationSpec) DeepCopyInto(out *ApplicationSpec) {
 	*out = *in
@@ -922,6 +954,13 @@ func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
 		*out = new(runtime.RawExtension)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.SubSteps != nil {
+		in, out := &in.SubSteps, &out.SubSteps
+		*out = make([]common.WorkflowSubStep, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 	if in.DependsOn != nil {
 		in, out := &in.DependsOn, &out.DependsOn
 		*out = make([]string, len(*in))

apis/types/multicluster.go

@@ -0,0 +1,42 @@
+/*
+Copyright 2021 The KubeVela Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package types
+
+import (
+	"github.com/oam-dev/cluster-gateway/pkg/apis/cluster/v1alpha1"
+	"github.com/oam-dev/cluster-gateway/pkg/config"
+)
+
+const (
+	// ClusterLocalName the name for the hub cluster
+	ClusterLocalName = "local"
+
+	// CredentialTypeInternal identifies the virtual cluster from internal kubevela system
+	CredentialTypeInternal v1alpha1.CredentialType = "Internal"
+	// CredentialTypeOCMManagedCluster identifies the virtual cluster from ocm
+	CredentialTypeOCMManagedCluster v1alpha1.CredentialType = "ManagedCluster"
+	// ClusterBlankEndpoint identifies the endpoint of a cluster as blank (not available)
+	ClusterBlankEndpoint = "-"
+
+	// ClustersArg indicates the argument for specific clusters to install addon
+	ClustersArg = "clusters"
+)
+
+var (
+	// AnnotationClusterAlias the annotation key for cluster alias
+	AnnotationClusterAlias = config.MetaApiGroupName + "/cluster-alias"
+)

apis/types/types.go

@@ -18,6 +18,13 @@ package types
 
 import "github.com/oam-dev/kubevela/pkg/oam"
 
+const (
+	// KubeVelaName name of kubevela
+	KubeVelaName = "kubevela"
+	// VelaCoreName name of vela-core
+	VelaCoreName = "vela-core"
+)
+
 const (
 	// DefaultKubeVelaReleaseName defines the default name of KubeVela Release
 	DefaultKubeVelaReleaseName = "kubevela"
@@ -41,6 +48,10 @@ var DefaultKubeVelaNS = "vela-system"
 const (
 	// AnnoDefinitionDescription is the annotation which describe what is the capability used for in a WorkloadDefinition/TraitDefinition Object
 	AnnoDefinitionDescription = "definition.oam.dev/description"
+	// AnnoDefinitionAlias is the annotation for definition alias
+	AnnoDefinitionAlias = "definition.oam.dev/alias"
+	// AnnoDefinitionIcon is the annotation which describe the icon url
+	AnnoDefinitionIcon = "definition.oam.dev/icon"
 	// AnnoDefinitionAppliedWorkloads is the annotation which describe what is the workloads used for in a TraitDefinition Object
 	AnnoDefinitionAppliedWorkloads = "definition.oam.dev/appliedWorkloads"
 	// LabelDefinition is the label for definition
@@ -59,6 +70,22 @@ const (
 	AnnoIngressControllerHTTPSPort = "ingress.controller/https-port"
 	// AnnoIngressControllerHTTPPort define ingress controller listen port for http
 	AnnoIngressControllerHTTPPort = "ingress.controller/http-port"
+	// LabelConfigType is the label for config type
+	LabelConfigType = "config.oam.dev/type"
+	// LabelConfigCatalog is the label for config catalog
+	LabelConfigCatalog = "config.oam.dev/catalog"
+	// LabelConfigSubType is the sub-type for a config type
+	LabelConfigSubType = "config.oam.dev/sub-type"
+	// LabelConfigProject is the label for config project
+	LabelConfigProject = "config.oam.dev/project"
+	// LabelConfigSyncToMultiCluster is the label to decide whether a config will be synchronized to multi-cluster
+	LabelConfigSyncToMultiCluster = "config.oam.dev/multi-cluster"
+	// LabelConfigIdentifier is the label for config identifier
+	LabelConfigIdentifier = "config.oam.dev/identifier"
+	// AnnotationConfigDescription is the annotation for config description
+	AnnotationConfigDescription = "config.oam.dev/description"
+	// AnnotationConfigAlias is the annotation for config alias
+	AnnotationConfigAlias = "config.oam.dev/alias"
 )
 
 const (
@@ -116,3 +143,29 @@ var DefaultFilterAnnots = []string{
 	oam.AnnotationFilterAnnotationKeys,
 	oam.AnnotationLastAppliedConfiguration,
 }
+
+// ConfigType is the type of config
+type ConfigType string
+
+const (
+	// TerraformProvider is the config type for terraform provider
+	TerraformProvider = "terraform-provider"
+	// DexConnector is the config type for dex connector
+	DexConnector = "config-dex-connector"
+	// ImageRegistry is the config type for image registry
+	ImageRegistry = "config-image-registry"
+	// HelmRepository is the config type for Helm chart repository
+	HelmRepository = "config-helm-repository"
+)
+
+const (
+	// TerraformComponentPrefix is the prefix of component type of terraform-xxx
+	TerraformComponentPrefix = "terraform-"
+
+	// ProviderAppPrefix is the prefix of the application to create a Terraform Provider
+	ProviderAppPrefix = "config-terraform-provider"
+	// ProviderNamespace is the namespace of Terraform Cloud Provider
+	ProviderNamespace = "default"
+	// VelaCoreConfig is to mark application, config and its secret or Terraform provider lelong to a KubeVela config
+	VelaCoreConfig = "velacore-config"
+)

charts/oam-runtime/Chart.yaml

@@ -1,21 +0,0 @@
-apiVersion: v2
-name: oam-runtime
-description: A Helm chart for oam-runtime aligns with OAM spec v0.2
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application.
-appVersion: 0.1.0

charts/oam-runtime/crds/core.oam.dev_components.yaml

@@ -1,178 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: components.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: Component
-    listKind: ComponentList
-    plural: components
-    singular: component
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.workload.kind
-      name: WORKLOAD-KIND
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: age
-      type: date
-    name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: A Component describes how an OAM workload kind may be instantiated.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A ComponentSpec defines the desired state of a Component.
-            properties:
-              helm:
-                description: HelmRelease records a Helm release used by a Helm module
-                  workload.
-                properties:
-                  release:
-                    description: Release records a Helm release used by a Helm module
-                      workload.
-                    type: object
-                    x-kubernetes-preserve-unknown-fields: true
-                  repository:
-                    description: HelmRelease records a Helm repository used by a Helm
-                      module workload.
-                    type: object
-                    x-kubernetes-preserve-unknown-fields: true
-                required:
-                - release
-                - repository
-                type: object
-              parameters:
-                description: Parameters exposed by this component. ApplicationConfigurations
-                  that reference this component may specify values for these parameters,
-                  which will in turn be injected into the embedded workload.
-                items:
-                  description: A ComponentParameter defines a configurable parameter
-                    of a component.
-                  properties:
-                    description:
-                      description: Description of this parameter.
-                      type: string
-                    fieldPaths:
-                      description: FieldPaths specifies an array of fields within
-                        this Component's workload that will be overwritten by the
-                        value of this parameter. The type of the parameter (e.g. int,
-                        string) is inferred from the type of these fields; All fields
-                        must be of the same type. Fields are specified as JSON field
-                        paths without a leading dot, for example 'spec.replicas'.
-                      items:
-                        type: string
-                      type: array
-                    name:
-                      description: Name of this parameter. OAM ApplicationConfigurations
-                        will specify parameter values using this name.
-                      type: string
-                    required:
-                      default: false
-                      description: Required specifies whether or not a value for this
-                        parameter must be supplied when authoring an ApplicationConfiguration.
-                      type: boolean
-                  required:
-                  - fieldPaths
-                  - name
-                  type: object
-                type: array
-              workload:
-                description: A Workload that will be created for each ApplicationConfiguration
-                  that includes this Component. Workload is an instance of a workloadDefinition.
-                  We either use the GVK info or a special "type" field in the workload
-                  to associate the content of the workload with its workloadDefinition
-                type: object
-                x-kubernetes-embedded-resource: true
-                x-kubernetes-preserve-unknown-fields: true
-            required:
-            - workload
-            type: object
-          status:
-            description: A ComponentStatus represents the observed state of a Component.
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              latestRevision:
-                description: LatestRevision of component
-                properties:
-                  name:
-                    type: string
-                  revision:
-                    format: int64
-                    type: integer
-                  revisionHash:
-                    description: RevisionHash record the hash value of the spec of
-                      ApplicationRevision object.
-                    type: string
-                required:
-                - name
-                - revision
-                type: object
-              observedGeneration:
-                description: The generation observed by the component controller.
-                format: int64
-                type: integer
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/oam-runtime/crds/core.oam.dev_healthscopes.yaml

@@ -1,590 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: healthscopes.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: HealthScope
-    listKind: HealthScopeList
-    plural: healthscopes
-    singular: healthscope
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .status.health
-      name: HEALTH
-      type: string
-    name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: A HealthScope determines an aggregate health status based of
-          the health of components.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A HealthScopeSpec defines the desired state of a HealthScope.
-            properties:
-              appReferences:
-                description: AppRefs records references of applications' components
-                items:
-                  description: AppReference records references of an application's
-                    components
-                  properties:
-                    appName:
-                      type: string
-                    compReferences:
-                      items:
-                        description: CompReference records references of a component's
-                          resources
-                        properties:
-                          compName:
-                            type: string
-                          traits:
-                            items:
-                              description: 'ObjectReference contains enough information
-                                to let you inspect or modify the referred object.
-                                --- New uses of this type are discouraged because
-                                of difficulty describing its usage when embedded in
-                                APIs.  1. Ignored fields.  It includes many fields
-                                which are not generally honored.  For instance, ResourceVersion
-                                and FieldPath are both very rarely valid in actual
-                                usage.  2. Invalid usage help.  It is impossible to
-                                add specific help for individual usage.  In most embedded
-                                usages, there are particular     restrictions like,
-                                "must refer only to types A and B" or "UID not honored"
-                                or "name must be restricted".     Those cannot be
-                                well described when embedded.  3. Inconsistent validation.  Because
-                                the usages are different, the validation rules are
-                                different by usage, which makes it hard for users
-                                to predict what will happen.  4. The fields are both
-                                imprecise and overly precise.  Kind is not a precise
-                                mapping to a URL. This can produce ambiguity     during
-                                interpretation and require a REST mapping.  In most
-                                cases, the dependency is on the group,resource tuple     and
-                                the version of the actual struct is irrelevant.  5.
-                                We cannot easily change it.  Because this type is
-                                embedded in many locations, updates to this type     will
-                                affect numerous schemas.  Don''t make new APIs embed
-                                an underspecified API type they do not control. Instead
-                                of using this type, create a locally provided and
-                                used type that is well-focused on your reference.
-                                For example, ServiceReferences for admission registration:
-                                https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                                .'
-                              properties:
-                                apiVersion:
-                                  description: API version of the referent.
-                                  type: string
-                                fieldPath:
-                                  description: 'If referring to a piece of an object
-                                    instead of an entire object, this string should
-                                    contain a valid JSON/Go field access statement,
-                                    such as desiredState.manifest.containers[2]. For
-                                    example, if the object reference is to a container
-                                    within a pod, this would take on a value like:
-                                    "spec.containers{name}" (where "name" refers to
-                                    the name of the container that triggered the event)
-                                    or if no container name is specified "spec.containers[2]"
-                                    (container with index 2 in this pod). This syntax
-                                    is chosen only to have some well-defined way of
-                                    referencing a part of an object. TODO: this design
-                                    is not final and this field is subject to change
-                                    in the future.'
-                                  type: string
-                                kind:
-                                  description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                                  type: string
-                                name:
-                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                                  type: string
-                                namespace:
-                                  description: 'Namespace of the referent. More info:
-                                    https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                                  type: string
-                                resourceVersion:
-                                  description: 'Specific resourceVersion to which
-                                    this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                                  type: string
-                                uid:
-                                  description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                                  type: string
-                              type: object
-                            type: array
-                          workload:
-                            description: 'ObjectReference contains enough information
-                              to let you inspect or modify the referred object. ---
-                              New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs.  1. Ignored
-                              fields.  It includes many fields which are not generally
-                              honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage.  2. Invalid
-                              usage help.  It is impossible to add specific help for
-                              individual usage.  In most embedded usages, there are
-                              particular     restrictions like, "must refer only to
-                              types A and B" or "UID not honored" or "name must be
-                              restricted".     Those cannot be well described when
-                              embedded.  3. Inconsistent validation.  Because the
-                              usages are different, the validation rules are different
-                              by usage, which makes it hard for users to predict what
-                              will happen.  4. The fields are both imprecise and overly
-                              precise.  Kind is not a precise mapping to a URL. This
-                              can produce ambiguity     during interpretation and
-                              require a REST mapping.  In most cases, the dependency
-                              is on the group,resource tuple     and the version of
-                              the actual struct is irrelevant.  5. We cannot easily
-                              change it.  Because this type is embedded in many locations,
-                              updates to this type     will affect numerous schemas.  Don''t
-                              make new APIs embed an underspecified API type they
-                              do not control. Instead of using this type, create a
-                              locally provided and used type that is well-focused
-                              on your reference. For example, ServiceReferences for
-                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              .'
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: 'If referring to a piece of an object
-                                  instead of an entire object, this string should
-                                  contain a valid JSON/Go field access statement,
-                                  such as desiredState.manifest.containers[2]. For
-                                  example, if the object reference is to a container
-                                  within a pod, this would take on a value like: "spec.containers{name}"
-                                  (where "name" refers to the name of the container
-                                  that triggered the event) or if no container name
-                                  is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only
-                                  to have some well-defined way of referencing a part
-                                  of an object. TODO: this design is not final and
-                                  this field is subject to change in the future.'
-                                type: string
-                              kind:
-                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                                type: string
-                              name:
-                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                                type: string
-                              namespace:
-                                description: 'Namespace of the referent. More info:
-                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                                type: string
-                              resourceVersion:
-                                description: 'Specific resourceVersion to which this
-                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                                type: string
-                              uid:
-                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                                type: string
-                            type: object
-                        type: object
-                      type: array
-                  type: object
-                type: array
-              probe-interval:
-                description: ProbeInterval is the amount of time in seconds between
-                  probing tries.
-                format: int32
-                type: integer
-              probe-timeout:
-                description: ProbeTimeout is the amount of time in seconds to wait
-                  when receiving a response before marked failure.
-                format: int32
-                type: integer
-              workloadRefs:
-                description: WorkloadReferences to the workloads that are in this
-                  scope.
-                items:
-                  description: 'ObjectReference contains enough information to let
-                    you inspect or modify the referred object. --- New uses of this
-                    type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
-                    which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
-                    are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
-                    are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
-                    and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
-                    a locally provided and used type that is well-focused on your
-                    reference. For example, ServiceReferences for admission registration:
-                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
-                  properties:
-                    apiVersion:
-                      description: API version of the referent.
-                      type: string
-                    fieldPath:
-                      description: 'If referring to a piece of an object instead of
-                        an entire object, this string should contain a valid JSON/Go
-                        field access statement, such as desiredState.manifest.containers[2].
-                        For example, if the object reference is to a container within
-                        a pod, this would take on a value like: "spec.containers{name}"
-                        (where "name" refers to the name of the container that triggered
-                        the event) or if no container name is specified "spec.containers[2]"
-                        (container with index 2 in this pod). This syntax is chosen
-                        only to have some well-defined way of referencing a part of
-                        an object. TODO: this design is not final and this field is
-                        subject to change in the future.'
-                      type: string
-                    kind:
-                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                      type: string
-                    name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                      type: string
-                    namespace:
-                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                      type: string
-                    resourceVersion:
-                      description: 'Specific resourceVersion to which this reference
-                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                      type: string
-                    uid:
-                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                      type: string
-                  type: object
-                type: array
-            required:
-            - workloadRefs
-            type: object
-          status:
-            description: A HealthScopeStatus represents the observed state of a HealthScope.
-            properties:
-              appHealthConditions:
-                description: AppHealthConditions represents health condition of applications
-                  in the scope
-                items:
-                  description: AppHealthCondition represents health condition of an
-                    application
-                  properties:
-                    appName:
-                      type: string
-                    components:
-                      items:
-                        description: WorkloadHealthCondition represents informative
-                          health condition of a workload.
-                        properties:
-                          componentName:
-                            description: ComponentName represents the component name
-                              if target is a workload
-                            type: string
-                          customStatusMsg:
-                            type: string
-                          diagnosis:
-                            type: string
-                          healthStatus:
-                            description: HealthStatus represents health status strings.
-                            type: string
-                          targetWorkload:
-                            description: 'ObjectReference contains enough information
-                              to let you inspect or modify the referred object. ---
-                              New uses of this type are discouraged because of difficulty
-                              describing its usage when embedded in APIs.  1. Ignored
-                              fields.  It includes many fields which are not generally
-                              honored.  For instance, ResourceVersion and FieldPath
-                              are both very rarely valid in actual usage.  2. Invalid
-                              usage help.  It is impossible to add specific help for
-                              individual usage.  In most embedded usages, there are
-                              particular     restrictions like, "must refer only to
-                              types A and B" or "UID not honored" or "name must be
-                              restricted".     Those cannot be well described when
-                              embedded.  3. Inconsistent validation.  Because the
-                              usages are different, the validation rules are different
-                              by usage, which makes it hard for users to predict what
-                              will happen.  4. The fields are both imprecise and overly
-                              precise.  Kind is not a precise mapping to a URL. This
-                              can produce ambiguity     during interpretation and
-                              require a REST mapping.  In most cases, the dependency
-                              is on the group,resource tuple     and the version of
-                              the actual struct is irrelevant.  5. We cannot easily
-                              change it.  Because this type is embedded in many locations,
-                              updates to this type     will affect numerous schemas.  Don''t
-                              make new APIs embed an underspecified API type they
-                              do not control. Instead of using this type, create a
-                              locally provided and used type that is well-focused
-                              on your reference. For example, ServiceReferences for
-                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                              .'
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: 'If referring to a piece of an object
-                                  instead of an entire object, this string should
-                                  contain a valid JSON/Go field access statement,
-                                  such as desiredState.manifest.containers[2]. For
-                                  example, if the object reference is to a container
-                                  within a pod, this would take on a value like: "spec.containers{name}"
-                                  (where "name" refers to the name of the container
-                                  that triggered the event) or if no container name
-                                  is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only
-                                  to have some well-defined way of referencing a part
-                                  of an object. TODO: this design is not final and
-                                  this field is subject to change in the future.'
-                                type: string
-                              kind:
-                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                                type: string
-                              name:
-                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                                type: string
-                              namespace:
-                                description: 'Namespace of the referent. More info:
-                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                                type: string
-                              resourceVersion:
-                                description: 'Specific resourceVersion to which this
-                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                                type: string
-                              uid:
-                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                                type: string
-                            type: object
-                          traits:
-                            items:
-                              description: TraitHealthCondition represents informative
-                                health condition of a trait.
-                              properties:
-                                customStatusMsg:
-                                  type: string
-                                diagnosis:
-                                  type: string
-                                healthStatus:
-                                  description: HealthStatus represents health status
-                                    strings.
-                                  type: string
-                                resource:
-                                  type: string
-                                type:
-                                  type: string
-                              required:
-                              - healthStatus
-                              - resource
-                              - type
-                              type: object
-                            type: array
-                          workloadStatus:
-                            description: WorkloadStatus represents status of workloads
-                              whose HealthStatus is UNKNOWN.
-                            type: string
-                        required:
-                        - healthStatus
-                        type: object
-                      type: array
-                    envName:
-                      type: string
-                  required:
-                  - appName
-                  type: object
-                type: array
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              healthConditions:
-                description: WorkloadHealthConditions represents health condition
-                  of workloads in the scope Use AppHealthConditions to provide app
-                  level status
-                items:
-                  description: WorkloadHealthCondition represents informative health
-                    condition of a workload.
-                  properties:
-                    componentName:
-                      description: ComponentName represents the component name if
-                        target is a workload
-                      type: string
-                    customStatusMsg:
-                      type: string
-                    diagnosis:
-                      type: string
-                    healthStatus:
-                      description: HealthStatus represents health status strings.
-                      type: string
-                    targetWorkload:
-                      description: 'ObjectReference contains enough information to
-                        let you inspect or modify the referred object. --- New uses
-                        of this type are discouraged because of difficulty describing
-                        its usage when embedded in APIs.  1. Ignored fields.  It includes
-                        many fields which are not generally honored.  For instance,
-                        ResourceVersion and FieldPath are both very rarely valid in
-                        actual usage.  2. Invalid usage help.  It is impossible to
-                        add specific help for individual usage.  In most embedded
-                        usages, there are particular     restrictions like, "must
-                        refer only to types A and B" or "UID not honored" or "name
-                        must be restricted".     Those cannot be well described when
-                        embedded.  3. Inconsistent validation.  Because the usages
-                        are different, the validation rules are different by usage,
-                        which makes it hard for users to predict what will happen.  4.
-                        The fields are both imprecise and overly precise.  Kind is
-                        not a precise mapping to a URL. This can produce ambiguity     during
-                        interpretation and require a REST mapping.  In most cases,
-                        the dependency is on the group,resource tuple     and the
-                        version of the actual struct is irrelevant.  5. We cannot
-                        easily change it.  Because this type is embedded in many locations,
-                        updates to this type     will affect numerous schemas.  Don''t
-                        make new APIs embed an underspecified API type they do not
-                        control. Instead of using this type, create a locally provided
-                        and used type that is well-focused on your reference. For
-                        example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                        .'
-                      properties:
-                        apiVersion:
-                          description: API version of the referent.
-                          type: string
-                        fieldPath:
-                          description: 'If referring to a piece of an object instead
-                            of an entire object, this string should contain a valid
-                            JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                            For example, if the object reference is to a container
-                            within a pod, this would take on a value like: "spec.containers{name}"
-                            (where "name" refers to the name of the container that
-                            triggered the event) or if no container name is specified
-                            "spec.containers[2]" (container with index 2 in this pod).
-                            This syntax is chosen only to have some well-defined way
-                            of referencing a part of an object. TODO: this design
-                            is not final and this field is subject to change in the
-                            future.'
-                          type: string
-                        kind:
-                          description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                          type: string
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                          type: string
-                        namespace:
-                          description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                          type: string
-                        resourceVersion:
-                          description: 'Specific resourceVersion to which this reference
-                            is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                          type: string
-                        uid:
-                          description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                          type: string
-                      type: object
-                    traits:
-                      items:
-                        description: TraitHealthCondition represents informative health
-                          condition of a trait.
-                        properties:
-                          customStatusMsg:
-                            type: string
-                          diagnosis:
-                            type: string
-                          healthStatus:
-                            description: HealthStatus represents health status strings.
-                            type: string
-                          resource:
-                            type: string
-                          type:
-                            type: string
-                        required:
-                        - healthStatus
-                        - resource
-                        - type
-                        type: object
-                      type: array
-                    workloadStatus:
-                      description: WorkloadStatus represents status of workloads whose
-                        HealthStatus is UNKNOWN.
-                      type: string
-                  required:
-                  - healthStatus
-                  type: object
-                type: array
-              scopeHealthCondition:
-                description: ScopeHealthCondition represents health condition summary
-                  of the scope
-                properties:
-                  healthStatus:
-                    description: HealthStatus represents health status strings.
-                    type: string
-                  healthyWorkloads:
-                    format: int64
-                    type: integer
-                  total:
-                    format: int64
-                    type: integer
-                  unhealthyWorkloads:
-                    format: int64
-                    type: integer
-                  unknownWorkloads:
-                    format: int64
-                    type: integer
-                required:
-                - healthStatus
-                type: object
-            required:
-            - scopeHealthCondition
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/oam-runtime/crds/core.oam.dev_manualscalertraits.yaml

@@ -1,134 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: manualscalertraits.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: ManualScalerTrait
-    listKind: ManualScalerTraitList
-    plural: manualscalertraits
-    singular: manualscalertrait
-  scope: Namespaced
-  versions:
-  - name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: A ManualScalerTrait determines how many replicas a workload should
-          have.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A ManualScalerTraitSpec defines the desired state of a ManualScalerTrait.
-            properties:
-              replicaCount:
-                description: ReplicaCount of the workload this trait applies to.
-                format: int32
-                type: integer
-              workloadRef:
-                description: WorkloadReference to the workload this trait applies
-                  to.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: 'If referring to a piece of an object instead of
-                      an entire object, this string should contain a valid JSON/Go
-                      field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within
-                      a pod, this would take on a value like: "spec.containers{name}"
-                      (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]"
-                      (container with index 2 in this pod). This syntax is chosen
-                      only to have some well-defined way of referencing a part of
-                      an object. TODO: this design is not final and this field is
-                      subject to change in the future.'
-                    type: string
-                  kind:
-                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                    type: string
-                  name:
-                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                    type: string
-                  namespace:
-                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                    type: string
-                  resourceVersion:
-                    description: 'Specific resourceVersion to which this reference
-                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                    type: string
-                  uid:
-                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                    type: string
-                type: object
-            required:
-            - replicaCount
-            - workloadRef
-            type: object
-          status:
-            description: A ManualScalerTraitStatus represents the observed state of
-              a ManualScalerTrait.
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/oam-runtime/crds/core.oam.dev_scopedefinitions.yaml

@@ -1,153 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: scopedefinitions.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: ScopeDefinition
-    listKind: ScopeDefinitionList
-    plural: scopedefinitions
-    shortNames:
-    - scope
-    singular: scopedefinition
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.definitionRef.name
-      name: DEFINITION-NAME
-      type: string
-    name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: A ScopeDefinition registers a kind of Kubernetes custom resource
-          as a valid OAM scope kind by referencing its CustomResourceDefinition. The
-          CRD is used to validate the schema of the scope when it is embedded in an
-          OAM ApplicationConfiguration.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A ScopeDefinitionSpec defines the desired state of a ScopeDefinition.
-            properties:
-              allowComponentOverlap:
-                description: AllowComponentOverlap specifies whether an OAM component
-                  may exist in multiple instances of this kind of scope.
-                type: boolean
-              definitionRef:
-                description: Reference to the CustomResourceDefinition that defines
-                  this scope kind.
-                properties:
-                  name:
-                    description: Name of the referenced CustomResourceDefinition.
-                    type: string
-                  version:
-                    description: Version indicate which version should be used if
-                      CRD has multiple versions by default it will use the first one
-                      if not specified
-                    type: string
-                required:
-                - name
-                type: object
-              extension:
-                description: Extension is used for extension needs by OAM platform
-                  builders
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              workloadRefsPath:
-                description: WorkloadRefsPath indicates if/where a scope accepts workloadRef
-                  objects
-                type: string
-            required:
-            - allowComponentOverlap
-            - definitionRef
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources: {}
-  - additionalPrinterColumns:
-    - jsonPath: .spec.definitionRef.name
-      name: DEFINITION-NAME
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: A ScopeDefinition registers a kind of Kubernetes custom resource
-          as a valid OAM scope kind by referencing its CustomResourceDefinition. The
-          CRD is used to validate the schema of the scope when it is embedded in an
-          OAM ApplicationConfiguration.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A ScopeDefinitionSpec defines the desired state of a ScopeDefinition.
-            properties:
-              allowComponentOverlap:
-                description: AllowComponentOverlap specifies whether an OAM component
-                  may exist in multiple instances of this kind of scope.
-                type: boolean
-              definitionRef:
-                description: Reference to the CustomResourceDefinition that defines
-                  this scope kind.
-                properties:
-                  name:
-                    description: Name of the referenced CustomResourceDefinition.
-                    type: string
-                  version:
-                    description: Version indicate which version should be used if
-                      CRD has multiple versions by default it will use the first one
-                      if not specified
-                    type: string
-                required:
-                - name
-                type: object
-              extension:
-                description: Extension is used for extension needs by OAM platform
-                  builders
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              workloadRefsPath:
-                description: WorkloadRefsPath indicates if/where a scope accepts workloadRef
-                  objects
-                type: string
-            required:
-            - allowComponentOverlap
-            - definitionRef
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/oam-runtime/crds/core.oam.dev_traitdefinitions.yaml

@@ -1,645 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: traitdefinitions.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: TraitDefinition
-    listKind: TraitDefinitionList
-    plural: traitdefinitions
-    shortNames:
-    - trait
-    singular: traitdefinition
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.appliesToWorkloads
-      name: APPLIES-TO
-      type: string
-    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
-      name: DESCRIPTION
-      type: string
-    name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: A TraitDefinition registers a kind of Kubernetes custom resource
-          as a valid OAM trait kind by referencing its CustomResourceDefinition. The
-          CRD is used to validate the schema of the trait when it is embedded in an
-          OAM ApplicationConfiguration.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A TraitDefinitionSpec defines the desired state of a TraitDefinition.
-            properties:
-              appliesToWorkloads:
-                description: AppliesToWorkloads specifies the list of workload kinds
-                  this trait applies to. Workload kinds are specified in kind.group/version
-                  format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this
-                  field apply to all workload kinds.
-                items:
-                  type: string
-                type: array
-              conflictsWith:
-                description: 'ConflictsWith specifies the list of traits(CRD name,
-                  Definition name, CRD group) which could not apply to the same workloads
-                  with this trait. Traits that omit this field can work with any other
-                  traits. Example rules: "service" # Trait definition name "services.k8s.io"
-                  # API resource/crd name "*.networking.k8s.io" # API group "labelSelector:foo=bar"
-                  # label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse'
-                items:
-                  type: string
-                type: array
-              definitionRef:
-                description: Reference to the CustomResourceDefinition that defines
-                  this trait kind.
-                properties:
-                  name:
-                    description: Name of the referenced CustomResourceDefinition.
-                    type: string
-                  version:
-                    description: Version indicate which version should be used if
-                      CRD has multiple versions by default it will use the first one
-                      if not specified
-                    type: string
-                required:
-                - name
-                type: object
-              extension:
-                description: Extension is used for extension needs by OAM platform
-                  builders
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              podDisruptive:
-                description: PodDisruptive specifies whether using the trait will
-                  cause the pod to restart or not.
-                type: boolean
-              revisionEnabled:
-                description: Revision indicates whether a trait is aware of component
-                  revision
-                type: boolean
-              schematic:
-                description: Schematic defines the data format and template of the
-                  encapsulation of the trait
-                properties:
-                  cue:
-                    description: CUE defines the encapsulation in CUE format
-                    properties:
-                      template:
-                        description: Template defines the abstraction template data
-                          of the capability, it will replace the old CUE template
-                          in extension field. Template is a required field if CUE
-                          is defined in Capability Definition.
-                        type: string
-                    required:
-                    - template
-                    type: object
-                  helm:
-                    description: A Helm represents resources used by a Helm module
-                    properties:
-                      release:
-                        description: Release records a Helm release used by a Helm
-                          module workload.
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      repository:
-                        description: HelmRelease records a Helm repository used by
-                          a Helm module workload.
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                    required:
-                    - release
-                    - repository
-                    type: object
-                  kube:
-                    description: Kube defines the encapsulation in raw Kubernetes
-                      resource format
-                    properties:
-                      parameters:
-                        description: Parameters defines configurable parameters
-                        items:
-                          description: A KubeParameter defines a configurable parameter
-                            of a component.
-                          properties:
-                            description:
-                              description: Description of this parameter.
-                              type: string
-                            fieldPaths:
-                              description: "FieldPaths specifies an array of fields
-                                within this workload that will be overwritten by the
-                                value of this parameter. \tAll fields must be of the
-                                same type. Fields are specified as JSON field paths
-                                without a leading dot, for example 'spec.replicas'."
-                              items:
-                                type: string
-                              type: array
-                            name:
-                              description: Name of this parameter
-                              type: string
-                            required:
-                              default: false
-                              description: Required specifies whether or not a value
-                                for this parameter must be supplied when authoring
-                                an Application.
-                              type: boolean
-                            type:
-                              description: 'ValueType indicates the type of the parameter
-                                value, and only supports basic data types: string,
-                                number, boolean.'
-                              enum:
-                              - string
-                              - number
-                              - boolean
-                              type: string
-                          required:
-                          - fieldPaths
-                          - name
-                          - type
-                          type: object
-                        type: array
-                      template:
-                        description: Template defines the raw Kubernetes resource
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                    required:
-                    - template
-                    type: object
-                  terraform:
-                    description: Terraform is the struct to describe cloud resources
-                      managed by Hashicorp Terraform
-                    properties:
-                      configuration:
-                        description: Configuration is Terraform Configuration
-                        type: string
-                      deleteResource:
-                        default: true
-                        description: DeleteResource will determine whether provisioned
-                          cloud resources will be deleted when CR is deleted
-                        type: boolean
-                      path:
-                        description: Path is the sub-directory of remote git repository.
-                          It's valid when remote is set
-                        type: string
-                      providerRef:
-                        description: ProviderReference specifies the reference to
-                          Provider
-                        properties:
-                          name:
-                            description: Name of the referenced object.
-                            type: string
-                          namespace:
-                            default: default
-                            description: Namespace of the referenced object.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
-                      type:
-                        default: hcl
-                        description: Type specifies which Terraform configuration
-                          it is, HCL or JSON syntax
-                        enum:
-                        - hcl
-                        - json
-                        - remote
-                        type: string
-                      writeConnectionSecretToRef:
-                        description: WriteConnectionSecretToReference specifies the
-                          namespace and name of a Secret to which any connection details
-                          for this managed resource should be written. Connection
-                          details frequently include the endpoint, username, and password
-                          required to connect to the managed resource.
-                        properties:
-                          name:
-                            description: Name of the secret.
-                            type: string
-                          namespace:
-                            description: Namespace of the secret.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                    required:
-                    - configuration
-                    type: object
-                type: object
-              status:
-                description: Status defines the custom health policy and status message
-                  for trait
-                properties:
-                  customStatus:
-                    description: CustomStatus defines the custom status message that
-                      could display to user
-                    type: string
-                  healthPolicy:
-                    description: HealthPolicy defines the health check policy for
-                      the abstraction
-                    type: string
-                type: object
-              workloadRefPath:
-                description: WorkloadRefPath indicates where/if a trait accepts a
-                  workloadRef object
-                type: string
-            type: object
-          status:
-            description: TraitDefinitionStatus is the status of TraitDefinition
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              configMapRef:
-                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
-                  V3 JSON schema of Component parameters.
-                type: string
-              latestRevision:
-                description: LatestRevision of the trait definition
-                properties:
-                  name:
-                    type: string
-                  revision:
-                    format: int64
-                    type: integer
-                  revisionHash:
-                    description: RevisionHash record the hash value of the spec of
-                      ApplicationRevision object.
-                    type: string
-                required:
-                - name
-                - revision
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - jsonPath: .spec.appliesToWorkloads
-      name: APPLIES-TO
-      type: string
-    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
-      name: DESCRIPTION
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: A TraitDefinition registers a kind of Kubernetes custom resource
-          as a valid OAM trait kind by referencing its CustomResourceDefinition. The
-          CRD is used to validate the schema of the trait when it is embedded in an
-          OAM ApplicationConfiguration.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A TraitDefinitionSpec defines the desired state of a TraitDefinition.
-            properties:
-              appliesToWorkloads:
-                description: AppliesToWorkloads specifies the list of workload kinds
-                  this trait applies to. Workload kinds are specified in kind.group/version
-                  format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this
-                  field apply to all workload kinds.
-                items:
-                  type: string
-                type: array
-              conflictsWith:
-                description: 'ConflictsWith specifies the list of traits(CRD name,
-                  Definition name, CRD group) which could not apply to the same workloads
-                  with this trait. Traits that omit this field can work with any other
-                  traits. Example rules: "service" # Trait definition name "services.k8s.io"
-                  # API resource/crd name "*.networking.k8s.io" # API group "labelSelector:foo=bar"
-                  # label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse'
-                items:
-                  type: string
-                type: array
-              definitionRef:
-                description: Reference to the CustomResourceDefinition that defines
-                  this trait kind.
-                properties:
-                  name:
-                    description: Name of the referenced CustomResourceDefinition.
-                    type: string
-                  version:
-                    description: Version indicate which version should be used if
-                      CRD has multiple versions by default it will use the first one
-                      if not specified
-                    type: string
-                required:
-                - name
-                type: object
-              extension:
-                description: Extension is used for extension needs by OAM platform
-                  builders
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              manageWorkload:
-                description: ManageWorkload defines the trait would be responsible
-                  for creating the workload
-                type: boolean
-              podDisruptive:
-                description: PodDisruptive specifies whether using the trait will
-                  cause the pod to restart or not.
-                type: boolean
-              revisionEnabled:
-                description: Revision indicates whether a trait is aware of component
-                  revision
-                type: boolean
-              schematic:
-                description: Schematic defines the data format and template of the
-                  encapsulation of the trait
-                properties:
-                  cue:
-                    description: CUE defines the encapsulation in CUE format
-                    properties:
-                      template:
-                        description: Template defines the abstraction template data
-                          of the capability, it will replace the old CUE template
-                          in extension field. Template is a required field if CUE
-                          is defined in Capability Definition.
-                        type: string
-                    required:
-                    - template
-                    type: object
-                  helm:
-                    description: A Helm represents resources used by a Helm module
-                    properties:
-                      release:
-                        description: Release records a Helm release used by a Helm
-                          module workload.
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      repository:
-                        description: HelmRelease records a Helm repository used by
-                          a Helm module workload.
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                    required:
-                    - release
-                    - repository
-                    type: object
-                  kube:
-                    description: Kube defines the encapsulation in raw Kubernetes
-                      resource format
-                    properties:
-                      parameters:
-                        description: Parameters defines configurable parameters
-                        items:
-                          description: A KubeParameter defines a configurable parameter
-                            of a component.
-                          properties:
-                            description:
-                              description: Description of this parameter.
-                              type: string
-                            fieldPaths:
-                              description: "FieldPaths specifies an array of fields
-                                within this workload that will be overwritten by the
-                                value of this parameter. \tAll fields must be of the
-                                same type. Fields are specified as JSON field paths
-                                without a leading dot, for example 'spec.replicas'."
-                              items:
-                                type: string
-                              type: array
-                            name:
-                              description: Name of this parameter
-                              type: string
-                            required:
-                              default: false
-                              description: Required specifies whether or not a value
-                                for this parameter must be supplied when authoring
-                                an Application.
-                              type: boolean
-                            type:
-                              description: 'ValueType indicates the type of the parameter
-                                value, and only supports basic data types: string,
-                                number, boolean.'
-                              enum:
-                              - string
-                              - number
-                              - boolean
-                              type: string
-                          required:
-                          - fieldPaths
-                          - name
-                          - type
-                          type: object
-                        type: array
-                      template:
-                        description: Template defines the raw Kubernetes resource
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                    required:
-                    - template
-                    type: object
-                  terraform:
-                    description: Terraform is the struct to describe cloud resources
-                      managed by Hashicorp Terraform
-                    properties:
-                      configuration:
-                        description: Configuration is Terraform Configuration
-                        type: string
-                      deleteResource:
-                        default: true
-                        description: DeleteResource will determine whether provisioned
-                          cloud resources will be deleted when CR is deleted
-                        type: boolean
-                      path:
-                        description: Path is the sub-directory of remote git repository.
-                          It's valid when remote is set
-                        type: string
-                      providerRef:
-                        description: ProviderReference specifies the reference to
-                          Provider
-                        properties:
-                          name:
-                            description: Name of the referenced object.
-                            type: string
-                          namespace:
-                            default: default
-                            description: Namespace of the referenced object.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
-                      type:
-                        default: hcl
-                        description: Type specifies which Terraform configuration
-                          it is, HCL or JSON syntax
-                        enum:
-                        - hcl
-                        - json
-                        - remote
-                        type: string
-                      writeConnectionSecretToRef:
-                        description: WriteConnectionSecretToReference specifies the
-                          namespace and name of a Secret to which any connection details
-                          for this managed resource should be written. Connection
-                          details frequently include the endpoint, username, and password
-                          required to connect to the managed resource.
-                        properties:
-                          name:
-                            description: Name of the secret.
-                            type: string
-                          namespace:
-                            description: Namespace of the secret.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                    required:
-                    - configuration
-                    type: object
-                type: object
-              skipRevisionAffect:
-                description: SkipRevisionAffect defines the update this trait will
-                  not generate a new application Revision
-                type: boolean
-              status:
-                description: Status defines the custom health policy and status message
-                  for trait
-                properties:
-                  customStatus:
-                    description: CustomStatus defines the custom status message that
-                      could display to user
-                    type: string
-                  healthPolicy:
-                    description: HealthPolicy defines the health check policy for
-                      the abstraction
-                    type: string
-                type: object
-              workloadRefPath:
-                description: WorkloadRefPath indicates where/if a trait accepts a
-                  workloadRef object
-                type: string
-            type: object
-          status:
-            description: TraitDefinitionStatus is the status of TraitDefinition
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              configMapRef:
-                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
-                  V3 JSON schema of Component parameters.
-                type: string
-              latestRevision:
-                description: LatestRevision of the component definition
-                properties:
-                  name:
-                    type: string
-                  revision:
-                    format: int64
-                    type: integer
-                  revisionHash:
-                    description: RevisionHash record the hash value of the spec of
-                      ApplicationRevision object.
-                    type: string
-                required:
-                - name
-                - revision
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/oam-runtime/crds/core.oam.dev_workloaddefinitions.yaml

@@ -1,604 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: workloaddefinitions.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: WorkloadDefinition
-    listKind: WorkloadDefinitionList
-    plural: workloaddefinitions
-    shortNames:
-    - workload
-    singular: workloaddefinition
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.definitionRef.name
-      name: DEFINITION-NAME
-      type: string
-    name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: A WorkloadDefinition registers a kind of Kubernetes custom resource
-          as a valid OAM workload kind by referencing its CustomResourceDefinition.
-          The CRD is used to validate the schema of the workload when it is embedded
-          in an OAM Component.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A WorkloadDefinitionSpec defines the desired state of a WorkloadDefinition.
-            properties:
-              childResourceKinds:
-                description: ChildResourceKinds are the list of GVK of the child resources
-                  this workload generates
-                items:
-                  description: A ChildResourceKind defines a child Kubernetes resource
-                    kind with a selector
-                  properties:
-                    apiVersion:
-                      description: APIVersion of the child resource
-                      type: string
-                    kind:
-                      description: Kind of the child resource
-                      type: string
-                    selector:
-                      additionalProperties:
-                        type: string
-                      description: Selector to select the child resources that the
-                        workload wants to expose to traits
-                      type: object
-                  required:
-                  - apiVersion
-                  - kind
-                  type: object
-                type: array
-              definitionRef:
-                description: Reference to the CustomResourceDefinition that defines
-                  this workload kind.
-                properties:
-                  name:
-                    description: Name of the referenced CustomResourceDefinition.
-                    type: string
-                  version:
-                    description: Version indicate which version should be used if
-                      CRD has multiple versions by default it will use the first one
-                      if not specified
-                    type: string
-                required:
-                - name
-                type: object
-              extension:
-                description: Extension is used for extension needs by OAM platform
-                  builders
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              podSpecPath:
-                description: PodSpecPath indicates where/if this workload has K8s
-                  podSpec field if one workload has podSpec, trait can do lot's of
-                  assumption such as port, env, volume fields.
-                type: string
-              revisionLabel:
-                description: RevisionLabel indicates which label for underlying resources(e.g.
-                  pods) of this workload can be used by trait to create resource selectors(e.g.
-                  label selector for pods).
-                type: string
-              schematic:
-                description: Schematic defines the data format and template of the
-                  encapsulation of the workload
-                properties:
-                  cue:
-                    description: CUE defines the encapsulation in CUE format
-                    properties:
-                      template:
-                        description: Template defines the abstraction template data
-                          of the capability, it will replace the old CUE template
-                          in extension field. Template is a required field if CUE
-                          is defined in Capability Definition.
-                        type: string
-                    required:
-                    - template
-                    type: object
-                  helm:
-                    description: A Helm represents resources used by a Helm module
-                    properties:
-                      release:
-                        description: Release records a Helm release used by a Helm
-                          module workload.
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      repository:
-                        description: HelmRelease records a Helm repository used by
-                          a Helm module workload.
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                    required:
-                    - release
-                    - repository
-                    type: object
-                  kube:
-                    description: Kube defines the encapsulation in raw Kubernetes
-                      resource format
-                    properties:
-                      parameters:
-                        description: Parameters defines configurable parameters
-                        items:
-                          description: A KubeParameter defines a configurable parameter
-                            of a component.
-                          properties:
-                            description:
-                              description: Description of this parameter.
-                              type: string
-                            fieldPaths:
-                              description: "FieldPaths specifies an array of fields
-                                within this workload that will be overwritten by the
-                                value of this parameter. \tAll fields must be of the
-                                same type. Fields are specified as JSON field paths
-                                without a leading dot, for example 'spec.replicas'."
-                              items:
-                                type: string
-                              type: array
-                            name:
-                              description: Name of this parameter
-                              type: string
-                            required:
-                              default: false
-                              description: Required specifies whether or not a value
-                                for this parameter must be supplied when authoring
-                                an Application.
-                              type: boolean
-                            type:
-                              description: 'ValueType indicates the type of the parameter
-                                value, and only supports basic data types: string,
-                                number, boolean.'
-                              enum:
-                              - string
-                              - number
-                              - boolean
-                              type: string
-                          required:
-                          - fieldPaths
-                          - name
-                          - type
-                          type: object
-                        type: array
-                      template:
-                        description: Template defines the raw Kubernetes resource
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                    required:
-                    - template
-                    type: object
-                  terraform:
-                    description: Terraform is the struct to describe cloud resources
-                      managed by Hashicorp Terraform
-                    properties:
-                      configuration:
-                        description: Configuration is Terraform Configuration
-                        type: string
-                      deleteResource:
-                        default: true
-                        description: DeleteResource will determine whether provisioned
-                          cloud resources will be deleted when CR is deleted
-                        type: boolean
-                      path:
-                        description: Path is the sub-directory of remote git repository.
-                          It's valid when remote is set
-                        type: string
-                      providerRef:
-                        description: ProviderReference specifies the reference to
-                          Provider
-                        properties:
-                          name:
-                            description: Name of the referenced object.
-                            type: string
-                          namespace:
-                            default: default
-                            description: Namespace of the referenced object.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
-                      type:
-                        default: hcl
-                        description: Type specifies which Terraform configuration
-                          it is, HCL or JSON syntax
-                        enum:
-                        - hcl
-                        - json
-                        - remote
-                        type: string
-                      writeConnectionSecretToRef:
-                        description: WriteConnectionSecretToReference specifies the
-                          namespace and name of a Secret to which any connection details
-                          for this managed resource should be written. Connection
-                          details frequently include the endpoint, username, and password
-                          required to connect to the managed resource.
-                        properties:
-                          name:
-                            description: Name of the secret.
-                            type: string
-                          namespace:
-                            description: Namespace of the secret.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                    required:
-                    - configuration
-                    type: object
-                type: object
-              status:
-                description: Status defines the custom health policy and status message
-                  for workload
-                properties:
-                  customStatus:
-                    description: CustomStatus defines the custom status message that
-                      could display to user
-                    type: string
-                  healthPolicy:
-                    description: HealthPolicy defines the health check policy for
-                      the abstraction
-                    type: string
-                type: object
-            required:
-            - definitionRef
-            type: object
-          status:
-            description: WorkloadDefinitionStatus is the status of WorkloadDefinition
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources: {}
-  - additionalPrinterColumns:
-    - jsonPath: .spec.definitionRef.name
-      name: DEFINITION-NAME
-      type: string
-    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
-      name: DESCRIPTION
-      type: string
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: A WorkloadDefinition registers a kind of Kubernetes custom resource
-          as a valid OAM workload kind by referencing its CustomResourceDefinition.
-          The CRD is used to validate the schema of the workload when it is embedded
-          in an OAM Component.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A WorkloadDefinitionSpec defines the desired state of a WorkloadDefinition.
-            properties:
-              childResourceKinds:
-                description: ChildResourceKinds are the list of GVK of the child resources
-                  this workload generates
-                items:
-                  description: A ChildResourceKind defines a child Kubernetes resource
-                    kind with a selector
-                  properties:
-                    apiVersion:
-                      description: APIVersion of the child resource
-                      type: string
-                    kind:
-                      description: Kind of the child resource
-                      type: string
-                    selector:
-                      additionalProperties:
-                        type: string
-                      description: Selector to select the child resources that the
-                        workload wants to expose to traits
-                      type: object
-                  required:
-                  - apiVersion
-                  - kind
-                  type: object
-                type: array
-              definitionRef:
-                description: Reference to the CustomResourceDefinition that defines
-                  this workload kind.
-                properties:
-                  name:
-                    description: Name of the referenced CustomResourceDefinition.
-                    type: string
-                  version:
-                    description: Version indicate which version should be used if
-                      CRD has multiple versions by default it will use the first one
-                      if not specified
-                    type: string
-                required:
-                - name
-                type: object
-              extension:
-                description: Extension is used for extension needs by OAM platform
-                  builders
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              podSpecPath:
-                description: PodSpecPath indicates where/if this workload has K8s
-                  podSpec field if one workload has podSpec, trait can do lot's of
-                  assumption such as port, env, volume fields.
-                type: string
-              revisionLabel:
-                description: RevisionLabel indicates which label for underlying resources(e.g.
-                  pods) of this workload can be used by trait to create resource selectors(e.g.
-                  label selector for pods).
-                type: string
-              schematic:
-                description: Schematic defines the data format and template of the
-                  encapsulation of the workload
-                properties:
-                  cue:
-                    description: CUE defines the encapsulation in CUE format
-                    properties:
-                      template:
-                        description: Template defines the abstraction template data
-                          of the capability, it will replace the old CUE template
-                          in extension field. Template is a required field if CUE
-                          is defined in Capability Definition.
-                        type: string
-                    required:
-                    - template
-                    type: object
-                  helm:
-                    description: A Helm represents resources used by a Helm module
-                    properties:
-                      release:
-                        description: Release records a Helm release used by a Helm
-                          module workload.
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      repository:
-                        description: HelmRelease records a Helm repository used by
-                          a Helm module workload.
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                    required:
-                    - release
-                    - repository
-                    type: object
-                  kube:
-                    description: Kube defines the encapsulation in raw Kubernetes
-                      resource format
-                    properties:
-                      parameters:
-                        description: Parameters defines configurable parameters
-                        items:
-                          description: A KubeParameter defines a configurable parameter
-                            of a component.
-                          properties:
-                            description:
-                              description: Description of this parameter.
-                              type: string
-                            fieldPaths:
-                              description: "FieldPaths specifies an array of fields
-                                within this workload that will be overwritten by the
-                                value of this parameter. \tAll fields must be of the
-                                same type. Fields are specified as JSON field paths
-                                without a leading dot, for example 'spec.replicas'."
-                              items:
-                                type: string
-                              type: array
-                            name:
-                              description: Name of this parameter
-                              type: string
-                            required:
-                              default: false
-                              description: Required specifies whether or not a value
-                                for this parameter must be supplied when authoring
-                                an Application.
-                              type: boolean
-                            type:
-                              description: 'ValueType indicates the type of the parameter
-                                value, and only supports basic data types: string,
-                                number, boolean.'
-                              enum:
-                              - string
-                              - number
-                              - boolean
-                              type: string
-                          required:
-                          - fieldPaths
-                          - name
-                          - type
-                          type: object
-                        type: array
-                      template:
-                        description: Template defines the raw Kubernetes resource
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                    required:
-                    - template
-                    type: object
-                  terraform:
-                    description: Terraform is the struct to describe cloud resources
-                      managed by Hashicorp Terraform
-                    properties:
-                      configuration:
-                        description: Configuration is Terraform Configuration
-                        type: string
-                      deleteResource:
-                        default: true
-                        description: DeleteResource will determine whether provisioned
-                          cloud resources will be deleted when CR is deleted
-                        type: boolean
-                      path:
-                        description: Path is the sub-directory of remote git repository.
-                          It's valid when remote is set
-                        type: string
-                      providerRef:
-                        description: ProviderReference specifies the reference to
-                          Provider
-                        properties:
-                          name:
-                            description: Name of the referenced object.
-                            type: string
-                          namespace:
-                            default: default
-                            description: Namespace of the referenced object.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
-                      type:
-                        default: hcl
-                        description: Type specifies which Terraform configuration
-                          it is, HCL or JSON syntax
-                        enum:
-                        - hcl
-                        - json
-                        - remote
-                        type: string
-                      writeConnectionSecretToRef:
-                        description: WriteConnectionSecretToReference specifies the
-                          namespace and name of a Secret to which any connection details
-                          for this managed resource should be written. Connection
-                          details frequently include the endpoint, username, and password
-                          required to connect to the managed resource.
-                        properties:
-                          name:
-                            description: Name of the secret.
-                            type: string
-                          namespace:
-                            description: Namespace of the secret.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                    required:
-                    - configuration
-                    type: object
-                type: object
-              status:
-                description: Status defines the custom health policy and status message
-                  for workload
-                properties:
-                  customStatus:
-                    description: CustomStatus defines the custom status message that
-                      could display to user
-                    type: string
-                  healthPolicy:
-                    description: HealthPolicy defines the health check policy for
-                      the abstraction
-                    type: string
-                type: object
-            required:
-            - definitionRef
-            type: object
-          status:
-            description: WorkloadDefinitionStatus is the status of WorkloadDefinition
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/oam-runtime/templates/NOTES.txt

@@ -1 +0,0 @@
-Welcome to use the oam-runtime follows OAM spec v0.2! Enjoy your shipping application journey!

charts/oam-runtime/templates/_helpers.tpl

@@ -1,63 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "oam-runtime.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "oam-runtime.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "oam-runtime.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "oam-runtime.labels" -}}
-helm.sh/chart: {{ include "oam-runtime.chart" . }}
-{{ include "oam-runtime.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}
-
-{{/*
-Selector labels
-*/}}
-{{- define "oam-runtime.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "oam-runtime.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "oam-runtime.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "oam-runtime.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}

charts/oam-runtime/templates/admission-webhooks/job-patch/clusterrole.yaml

@@ -1,28 +0,0 @@
-{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name:  {{ template "oam-runtime.fullname" . }}-admission
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-  labels:
-    app: {{ template "oam-runtime.name" . }}-admission
-    {{- include "oam-runtime.labels" . | nindent 4 }}
-rules:
-  - apiGroups:
-      - admissionregistration.k8s.io
-    resources:
-      - validatingwebhookconfigurations
-      - mutatingwebhookconfigurations
-    verbs:
-      - get
-      - update
-  - apiGroups:
-      - apiextensions.k8s.io
-    resources:
-      - customresourcedefinitions
-    verbs:
-      - get
-      - update
-{{- end }}

charts/oam-runtime/templates/admission-webhooks/job-patch/clusterrolebinding.yaml

@@ -1,20 +0,0 @@
-{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name:  {{ template "oam-runtime.fullname" . }}-admission
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-  labels:
-    app: {{ template "oam-runtime.name" . }}-admission
-    {{- include "oam-runtime.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "oam-runtime.fullname" . }}-admission
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "oam-runtime.fullname" . }}-admission
-    namespace: {{ .Release.Namespace }}
-{{- end }}

charts/oam-runtime/templates/admission-webhooks/job-patch/job-createSecret.yaml

@@ -1,50 +0,0 @@
-{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled (not .Values.admissionWebhooks.certManager.enabled) }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name:  {{ template "oam-runtime.fullname" . }}-admission-create
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-  labels:
-    app: {{ template "oam-runtime.name" . }}-admission-create
-    {{- include "oam-runtime.labels" . | nindent 4 }}
-spec:
-  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
-  # Alpha feature since k8s 1.12
-  ttlSecondsAfterFinished: 0
-  {{- end }}
-  template:
-    metadata:
-      name:  {{ template "oam-runtime.fullname" . }}-admission-create
-      labels:
-        app: {{ template "oam-runtime.name" . }}-admission-create
-        {{- include "oam-runtime.labels" . | nindent 8 }}
-    spec:
-      containers:
-        - name: create
-          image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
-          imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
-          args:
-            - create
-            - --host={{ template "oam-runtime.name" . }}-webhook,{{ template "oam-runtime.name" . }}-webhook.{{ .Release.Namespace }}.svc
-            - --namespace={{ .Release.Namespace }}
-            - --secret-name={{ template "oam-runtime.fullname" . }}-admission
-            - --key-name=tls.key
-            - --cert-name=tls.crt
-      restartPolicy: OnFailure
-      serviceAccountName: {{ template "oam-runtime.fullname" . }}-admission
-      {{- with .Values.admissionWebhooks.patch.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-      {{- end }}
-      {{- with .Values.admissionWebhooks.patch.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-      {{- end }}
-      securityContext:
-        runAsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
-{{- end }}

charts/oam-runtime/templates/admission-webhooks/job-patch/job-patchWebhook.yaml

@@ -1,49 +0,0 @@
-{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled (not .Values.admissionWebhooks.certManager.enabled) }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name:  {{ template "oam-runtime.fullname" . }}-admission-patch
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "helm.sh/hook": post-install,post-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-  labels:
-    app: {{ template "oam-runtime.name" . }}-admission-patch
-    {{- include "oam-runtime.labels" . | nindent 4 }}
-spec:
-  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
-  # Alpha feature since k8s 1.12
-  ttlSecondsAfterFinished: 0
-  {{- end }}
-  template:
-    metadata:
-      name:  {{ template "oam-runtime.fullname" . }}-admission-patch
-      labels:
-        app: {{ template "oam-runtime.name" . }}-admission-patch
-        {{- include "oam-runtime.labels" . | nindent 8 }}
-    spec:
-      containers:
-        - name: patch
-          image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
-          imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
-          args:
-            - patch
-            - --webhook-name={{ template "oam-runtime.fullname" . }}-admission
-            - --namespace={{ .Release.Namespace }}
-            - --secret-name={{ template "oam-runtime.fullname" . }}-admission
-            - --patch-failure-policy={{ .Values.admissionWebhooks.failurePolicy }}
-      restartPolicy: OnFailure
-      serviceAccountName: {{ template "oam-runtime.fullname" . }}-admission
-      {{- with .Values.admissionWebhooks.patch.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-      {{- end }}
-      {{- with .Values.admissionWebhooks.patch.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-      {{- end }}
-      securityContext:
-        runAsGroup: 2000
-        runAsNonRoot: true
-        runAsUser: 2000
-{{- end }}

charts/oam-runtime/templates/admission-webhooks/job-patch/role.yaml

@@ -1,21 +0,0 @@
-{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name:  {{ template "oam-runtime.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-  labels:
-    app: {{ template "oam-runtime.name" . }}-admission
-    {{- include "oam-runtime.labels" . | nindent 4 }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - get
-      - create
-{{- end }}

charts/oam-runtime/templates/admission-webhooks/job-patch/rolebinding.yaml

@@ -1,21 +0,0 @@
-{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name:  {{ template "oam-runtime.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-  labels:
-    app: {{ template "oam-runtime.name" . }}-admission
-    {{- include "oam-runtime.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "oam-runtime.fullname" . }}-admission
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "oam-runtime.fullname" . }}-admission
-    namespace: {{ .Release.Namespace }}
-{{- end }}

charts/oam-runtime/templates/admission-webhooks/job-patch/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name:  {{ template "oam-runtime.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-  labels:
-    app: {{ template "oam-runtime.name" . }}-admission
-    {{- include "oam-runtime.labels" . | nindent 4 }}
-{{- end }}

charts/oam-runtime/templates/admission-webhooks/mutatingWebhookConfiguration.yaml

@@ -1,69 +0,0 @@
-{{- if .Values.admissionWebhooks.enabled -}}
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-  name: {{ template "oam-runtime.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
-  {{- if .Values.admissionWebhooks.certManager.enabled }}
-  annotations:
-    cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "oam-runtime.fullname" .) | quote }}
-  {{- end }}
-webhooks:
-  - clientConfig:
-      caBundle: Cg==
-      service:
-        name: {{ template "oam-runtime.name" . }}-webhook
-        namespace: {{ .Release.Namespace }}
-        path: /mutating-core-oam-dev-v1alpha2-applicationconfigurations
-    {{- if .Values.admissionWebhooks.patch.enabled  }}
-    failurePolicy: Ignore
-    {{- else }}
-    failurePolicy: Fail
-    {{- end }}
-    name: mutating.core.oam.dev.v1alpha2.applicationconfigurations
-    sideEffects: None
-    rules:
-      - apiGroups:
-          - core.oam.dev
-        apiVersions:
-          - v1alpha2
-        operations:
-          - CREATE
-          - UPDATE
-        resources:
-          - applicationconfigurations
-        scope: Namespaced
-    admissionReviewVersions:
-      - v1beta1
-      - v1
-    timeoutSeconds: 5
-  - clientConfig:
-      caBundle: Cg==
-      service:
-        name: {{ template "oam-runtime.name" . }}-webhook
-        namespace: {{ .Release.Namespace }}
-        path: /mutating-core-oam-dev-v1alpha2-components
-    {{- if .Values.admissionWebhooks.patch.enabled  }}
-    failurePolicy: Ignore
-    {{- else }}
-    failurePolicy: Fail
-    {{- end }}
-    name: mutating.core.oam-dev.v1alpha2.components
-    sideEffects: None
-    rules:
-      - apiGroups:
-          - core.oam.dev
-        apiVersions:
-          - v1alpha2
-        operations:
-          - CREATE
-          - UPDATE
-        resources:
-          - components
-        scope: Namespaced
-    admissionReviewVersions:
-      - v1beta1
-      - v1
-    timeoutSeconds: 5
-
-{{- end -}}

charts/oam-runtime/templates/admission-webhooks/validatingWebhookConfiguration.yaml

@@ -1,69 +0,0 @@
-{{- if .Values.admissionWebhooks.enabled -}}
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: {{ template "oam-runtime.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
-  {{- if .Values.admissionWebhooks.certManager.enabled }}
-  annotations:
-    cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "oam-runtime.fullname" .) | quote }}
-  {{- end }}
-webhooks:
-  - clientConfig:
-      caBundle: Cg==
-      service:
-        name: {{ template "oam-runtime.name" . }}-webhook
-        namespace: {{ .Release.Namespace }}
-        path: /validating-core-oam-dev-v1alpha2-applicationconfigurations
-    {{- if .Values.admissionWebhooks.patch.enabled  }}
-    failurePolicy: Ignore
-    {{- else }}
-    failurePolicy: {{ .Values.admissionWebhooks.failurePolicy }}
-    {{- end }}
-    name: validating.core.oam.dev.v1alpha2.applicationconfigurations
-    sideEffects: None
-    rules:
-      - apiGroups:
-          - core.oam.dev
-        apiVersions:
-          - v1alpha2
-        operations:
-          - CREATE
-          - UPDATE
-        resources:
-          - applicationconfigurations
-        scope: Namespaced
-    admissionReviewVersions:
-      - v1beta1
-      - v1
-    timeoutSeconds: 5
-  - clientConfig:
-      caBundle: Cg==
-      service:
-        name: {{ template "oam-runtime.name" . }}-webhook
-        namespace: {{ .Release.Namespace }}
-        path: /validating-core-oam-dev-v1alpha2-components
-    {{- if .Values.admissionWebhooks.patch.enabled  }}
-    failurePolicy: Ignore
-    {{- else }}
-    failurePolicy: {{ .Values.admissionWebhooks.failurePolicy }}
-    {{- end }}
-    name: validating.core.oam.dev.v1alpha2.components
-    sideEffects: None
-    rules:
-      - apiGroups:
-          - core.oam.dev
-        apiVersions:
-          - v1alpha2
-        operations:
-          - CREATE
-          - UPDATE
-        resources:
-          - components
-        scope: Namespaced
-    admissionReviewVersions:
-      - v1beta1
-      - v1
-    timeoutSeconds: 5
-          
-{{- end -}}

charts/oam-runtime/templates/admission-webhooks/webhookService.yaml

@@ -1,19 +0,0 @@
-{{- if .Values.admissionWebhooks.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "oam-runtime.name" . }}-webhook
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "oam-runtime.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.webhookService.type }}
-  ports:
-    - port: 443
-      targetPort: {{ .Values.webhookService.port }}
-      protocol: TCP
-      name: https
-  selector:
-    {{ include "oam-runtime.selectorLabels" . | nindent 6 }}
-
-{{- end -}}

charts/oam-runtime/templates/certmanager.yaml

@@ -1,55 +0,0 @@
-{{- if and .Values.admissionWebhooks.certManager.enabled -}}
-
-# The following manifests contain a self-signed issuer CR and a certificate CR.
-# More document can be found at https://docs.cert-manager.io
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: {{ template "oam-runtime.fullname" . }}-self-signed-issuer
-spec:
-  selfSigned: {}
-
----
-# Generate a CA Certificate used to sign certificates for the webhook
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: {{ template "oam-runtime.fullname" . }}-root-cert
-spec:
-  secretName: {{ template "oam-runtime.fullname" . }}-root-cert
-  duration: 43800h # 5y
-  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
-  issuerRef:
-    name: {{ template "oam-runtime.fullname" . }}-self-signed-issuer
-  commonName: "ca.webhook.oam-runtime"
-  isCA: true
-  
----
-# Create an Issuer that uses the above generated CA certificate to issue certs
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: {{ template "oam-runtime.fullname" . }}-root-issuer
-  namespace: {{ .Release.Namespace }}
-spec:
-  ca:
-    secretName: {{ template "oam-runtime.fullname" . }}-root-cert
-
----
-# generate a serving certificate for the apiservices to use
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: {{ template "oam-runtime.fullname" . }}-admission
-  namespace: {{ .Release.Namespace }}
-spec:
-  secretName: {{ template "oam-runtime.fullname" . }}-admission
-  duration: 8760h # 1y
-  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
-  issuerRef:
-    name: {{ template "oam-runtime.fullname" . }}-root-issuer
-  dnsNames:
-    - {{ template "oam-runtime.name" . }}-webhook.{{ .Release.Namespace }}.svc
-    - {{ template "oam-runtime.name" . }}-webhook.{{ .Release.Namespace }}.svc.cluster.local
-
-{{- end }}

charts/oam-runtime/templates/definitions/healthscopes.yaml

@@ -1,10 +0,0 @@
-apiVersion: core.oam.dev/v1beta1
-kind: ScopeDefinition
-metadata:
-  name: healthscopes.core.oam.dev
-  namespace: {{.Values.systemDefinitionNamespace}}
-spec:
-  workloadRefsPath: spec.workloadRefs
-  allowComponentOverlap: true
-  definitionRef:
-    name: healthscopes.core.oam.dev

charts/oam-runtime/templates/oam-runtime-controller.yaml

@@ -1,177 +0,0 @@
----
-
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "oam-runtime.serviceAccountName" . }}
-  labels:
-    {{- include "oam-runtime.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-  {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "oam-runtime.fullname" . }}:manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: "cluster-admin"
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "oam-runtime.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
-
----
-# permissions to do leader election.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "oam-runtime.fullname" . }}:leader-election-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-    verbs:
-      - get
-      - list
-      - watch
-      - create
-      - update
-      - patch
-      - delete
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps/status
-    verbs:
-      - get
-      - update
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "oam-runtime.fullname" . }}:leader-election-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ include "oam-runtime.fullname" . }}:leader-election-role
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "oam-runtime.serviceAccountName" . }}
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "oam-runtime.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-  {{- include "oam-runtime.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-  {{- include "oam-runtime.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-    {{- include "oam-runtime.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "oam-runtime.serviceAccountName" . }}
-      securityContext:
-      {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Release.Name }}
-          securityContext:
-          {{- toYaml .Values.securityContext | nindent 12 }}
-          args:
-            - "--metrics-addr=:8080"
-            - "--enable-leader-election"
-            {{ if ne .Values.logFilePath "" }}
-            - "--log-file-path={{ .Values.logFilePath }}"
-            - "--log-file-max-size={{ .Values.logFileMaxSize }}"
-            {{ end }}
-            {{ if .Values.logDebug }}
-            - "--log-debug=true"
-            {{ end }}
-            {{ if .Values.admissionWebhooks.enabled }}
-            - "--use-webhook=true"
-            - "--webhook-port={{ .Values.webhookService.port }}"
-            - "--webhook-cert-dir={{ .Values.admissionWebhooks.certificate.mountPath }}"
-            {{ end }}
-            - "--health-addr=:{{ .Values.healthCheck.port }}"
-            - "--apply-once-only={{ .Values.applyOnceOnly }}"
-            {{ if ne .Values.disableCaps "" }}
-            - "--disable-caps={{ .Values.disableCaps }}"
-            {{ end }}
-            - "--system-definition-namespace={{ .Values.systemDefinitionNamespace }}"
-            - "--oam-spec-ver={{ .Values.OAMSpecVer }}"
-            - "--concurrent-reconciles={{ .Values.concurrentReconciles }}"
-          image: {{ .Values.imageRegistry }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
-          imagePullPolicy: {{ quote .Values.image.pullPolicy }}
-          resources:
-          {{- toYaml .Values.resources | nindent 12 }}
-          {{ if .Values.admissionWebhooks.enabled }}
-          ports:
-            - containerPort: {{ .Values.webhookService.port }}
-              name: webhook-server
-              protocol: TCP
-            - containerPort: {{ .Values.healthCheck.port }}
-              name: healthz
-              protocol: TCP
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: healthz
-            initialDelaySeconds: 90
-            periodSeconds: 5
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: healthz
-            initialDelaySeconds: 90
-            periodSeconds: 5
-          volumeMounts:
-            - mountPath: {{ .Values.admissionWebhooks.certificate.mountPath }}
-              name: tls-cert-vol
-              readOnly: true
-          {{ end }}
-      {{ if .Values.admissionWebhooks.enabled }}
-      volumes:
-        - name: tls-cert-vol
-          secret:
-            defaultMode: 420
-            secretName: {{ template "oam-runtime.fullname" . }}-admission
-      {{ end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-    {{- toYaml . | nindent 8 }}
-  {{- end }}

charts/oam-runtime/templates/test/test-application.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: {{ include "oam-runtime.fullname" . }}-test-connection
-  labels:
-  {{- include "oam-runtime.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  containers:
-    - name: wget
-      image: {{ .Values.imageRegistry }}{{ .Values.test.app.repository }}:{{ .Values.test.app.tag }}
-      command: ['wget']
-      args: ['{{ include "oam-runtime.fullname" . }}:{{ .Values.healthCheck.port }}']
-  restartPolicy: Never

charts/oam-runtime/values.yaml

@@ -1,108 +0,0 @@
-# Default values for kubevela.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-# Valid applyOnceOnly values: true/false/on/off/force
-applyOnceOnly: "off"
-
-disableCaps: "all"
-
-imageRegistry: ""
-image:
-  repository: oamdev/vela-core
-  tag: latest
-  pullPolicy: Always
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name:
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-resources:
-  limits:
-    cpu: 500m
-    memory: 1Gi
-  requests:
-    cpu: 50m
-    memory: 20Mi
-
-webhookService:
-  type: ClusterIP
-  port: 11443
-
-healthCheck:
-  port: 11440
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-rbac:
-  create: true
-
-admissionWebhooks:
-  enabled: true
-  failurePolicy: Fail
-  certificate:
-    mountPath: /etc/k8s-webhook-certs
-  patch:
-    enabled: true
-    image:
-      repository: oamdev/kube-webhook-certgen
-      tag: v2.3
-      pullPolicy: IfNotPresent
-    affinity: {}
-    tolerations: []
-  certManager:
-    enabled: false
-    revisionHistoryLimit: 3
-  # If autoGenWorkloadDefinition is true, webhook will auto generated workloadDefinition which componentDefinition refers to
-  autoGenWorkloadDefinition: true
-
-#Enable debug logs for development purpose
-logDebug: false
-
-#If non-empty, write log files in this path
-logFilePath: ""
-
-#Defines the maximum size a log file can grow to. Unit is megabytes.
-#If the value is 0, the maximum file size is unlimited.
-logFileMaxSize: 1024
-
-systemDefinitionNamespace: oam-runtime-system
-
-# concurrentReconciles is the concurrent reconcile number of the controller
-concurrentReconciles: 4
-
-# dependCheckWait is the time to wait for ApplicationConfiguration's dependent-resource ready
-dependCheckWait: 30s
-
-# OAMSpecVer is the oam spec version controller want to setup
-OAMSpecVer: "v0.2"
-
-test:
-  app:
-    repository: oamdev/busybox
-    tag: v1

charts/vela-core/README.md

@@ -0,0 +1,190 @@
+<div style="text-align: center">
+  <p align="center">
+    <img src="https://raw.githubusercontent.com/kubevela/kubevela.io/main/docs/resources/KubeVela-03.png">
+    <br><br>
+    <i>Make shipping applications more enjoyable.</i>
+  </p>
+</div>
+
+![Build status](https://github.com/kubevela/kubevela/workflows/E2E/badge.svg)
+[![Go Report Card](https://goreportcard.com/badge/github.com/kubevela/kubevela)](https://goreportcard.com/report/github.com/kubevela/kubevela)
+![Docker Pulls](https://img.shields.io/docker/pulls/oamdev/vela-core)
+[![codecov](https://codecov.io/gh/kubevela/kubevela/branch/master/graph/badge.svg)](https://codecov.io/gh/kubevela/kubevela)
+[![LICENSE](https://img.shields.io/github/license/kubevela/kubevela.svg?style=flat-square)](/LICENSE)
+[![Releases](https://img.shields.io/github/release/kubevela/kubevela/all.svg?style=flat-square)](https://github.com/kubevela/kubevela/releases)
+[![TODOs](https://img.shields.io/endpoint?url=https://api.tickgit.com/badge?repo=github.com/kubevela/kubevela)](https://www.tickgit.com/browse?repo=github.com/oam-dev/kubevela)
+[![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Ftwitter.com%2Foam_dev)](https://twitter.com/oam_dev)
+[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubevela)](https://artifacthub.io/packages/search?repo=kubevela)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4602/badge)](https://bestpractices.coreinfrastructure.org/projects/4602)
+
+# KubeVela helm chart
+
+KubeVela is a modern application platform that makes it easier and faster to deliver and manage applications across hybrid,
+multi-cloud environments. At the mean time, it is highly extensible and programmable, which can adapt to your needs as they grow.
+
+## TL;DR
+
+```bash
+helm repo add kubevela https://charts.kubevela.net/core
+helm repo update
+helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wait
+```
+
+## Prerequisites
+
+- Kubernetes >= v1.19 && < v1.22
+  
+## Parameters
+
+### KubeVela core parameters
+
+| Name                          | Description                                                                                   | Value     |
+| ----------------------------- | --------------------------------------------------------------------------------------------- | --------- |
+| `systemDefinitionNamespace`   | System definition namespace, if unspecified, will use built-in variable `.Release.Namespace`. | `nil`     |
+| `applicationRevisionLimit`    | Application revision limit                                                                    | `10`      |
+| `definitionRevisionLimit`     | Definition revision limit                                                                     | `20`      |
+| `concurrentReconciles`        | concurrentReconciles is the concurrent reconcile number of the controller                     | `4`       |
+| `controllerArgs.reSyncPeriod` | The period for resync the applications                                                        | `5m`      |
+| `OAMSpecVer`                  | OAMSpecVer is the oam spec version controller want to setup                                   | `v0.3`    |
+| `disableCaps`                 | Disable capability                                                                            | `rollout` |
+| `enableFluxcdAddon`           | Whether to enable fluxcd addon                                                                | `false`   |
+| `dependCheckWait`             | dependCheckWait is the time to wait for ApplicationConfiguration's dependent-resource ready   | `30s`     |
+
+
+### KubeVela workflow parameters
+
+| Name                                   | Description                                            | Value   |
+| -------------------------------------- | ------------------------------------------------------ | ------- |
+| `workflow.enableSuspendOnFailure`      | Enable suspend on workflow failure                     | `false` |
+| `workflow.backoff.maxTime.waitState`   | The max backoff time of workflow in a wait condition   | `60`    |
+| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300`   |
+| `workflow.step.errorRetryTimes`        | The max retry times of a failed workflow step          | `10`    |
+
+
+### KubeVela controller parameters
+
+| Name                        | Description                          | Value              |
+| --------------------------- | ------------------------------------ | ------------------ |
+| `replicaCount`              | KubeVela controller replica count    | `1`                |
+| `imageRegistry`             | Image registry                       | `""`               |
+| `image.repository`          | Image repository                     | `oamdev/vela-core` |
+| `image.tag`                 | Image tag                            | `latest`           |
+| `image.pullPolicy`          | Image pull policy                    | `Always`           |
+| `resources.limits.cpu`      | KubeVela controller's cpu limit      | `500m`             |
+| `resources.limits.memory`   | KubeVela controller's memory limit   | `1Gi`              |
+| `resources.requests.cpu`    | KubeVela controller's cpu request    | `50m`              |
+| `resources.requests.memory` | KubeVela controller's memory request | `20Mi`             |
+| `webhookService.type`       | KubeVela webhook service type        | `ClusterIP`        |
+| `webhookService.port`       | KubeVela webhook service port        | `9443`             |
+| `healthCheck.port`          | KubeVela health check port           | `9440`             |
+
+
+### KubeVela controller optimization parameters
+
+| Name                                              | Description                                                                                                                                       | Value   |
+| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `optimize.cachedGvks`                             | Optimize types of resources to be cached.                                                                                                         | `""`    |
+| `optimize.resourceTrackerListOp`                  | Optimize ResourceTracker List Op by adding index.                                                                                                 | `true`  |
+| `optimize.controllerReconcileLoopReduction`       | Optimize ApplicationController reconcile by reducing the number of loops to reconcile application.                                                | `false` |
+| `optimize.markWithProb`                           | Optimize ResourceTracker GC by only run mark with probability. Side effect: outdated ResourceTracker might not be able to be removed immediately. | `0.1`   |
+| `optimize.disableComponentRevision`               | Optimize componentRevision by disabling the creation and gc                                                                                       | `false` |
+| `optimize.disableApplicationRevision`             | Optimize ApplicationRevision by disabling the creation and gc.                                                                                    | `false` |
+| `optimize.disableWorkflowRecorder`                | Optimize workflow recorder by disabling the creation and gc.                                                                                      | `false` |
+| `optimize.enableInMemoryWorkflowContext`          | Optimize workflow by use in-memory context.                                                                                                       | `false` |
+| `optimize.disableResourceApplyDoubleCheck`        | Optimize workflow by ignoring resource double check after apply.                                                                                  | `false` |
+| `optimize.enableResourceTrackerDeleteOnlyTrigger` | Optimize resourcetracker by only trigger reconcile when resourcetracker is deleted.                                                               | `true`  |
+
+
+### MultiCluster parameters
+
+| Name                                                        | Description                                     | Value                            |
+| ----------------------------------------------------------- | ----------------------------------------------- | -------------------------------- |
+| `multicluster.enabled`                                      | Whether to enable multi-cluster                 | `true`                           |
+| `multicluster.metrics.enabled`                              | Whether to enable multi-cluster metrics collect | `false`                          |
+| `multicluster.clusterGateway.replicaCount`                  | ClusterGateway replica count                    | `1`                              |
+| `multicluster.clusterGateway.port`                          | ClusterGateway port                             | `9443`                           |
+| `multicluster.clusterGateway.image.repository`              | ClusterGateway image repository                 | `oamdev/cluster-gateway`         |
+| `multicluster.clusterGateway.image.tag`                     | ClusterGateway image tag                        | `v1.4.0`                         |
+| `multicluster.clusterGateway.image.pullPolicy`              | ClusterGateway image pull policy                | `IfNotPresent`                   |
+| `multicluster.clusterGateway.resources.limits.cpu`          | ClusterGateway cpu limit                        | `100m`                           |
+| `multicluster.clusterGateway.resources.limits.memory`       | ClusterGateway memory limit                     | `200Mi`                          |
+| `multicluster.clusterGateway.secureTLS.enabled`             | Whether to enable secure TLS                    | `true`                           |
+| `multicluster.clusterGateway.secureTLS.certPath`            | Path to the certificate file                    | `/etc/k8s-cluster-gateway-certs` |
+| `multicluster.clusterGateway.secureTLS.certManager.enabled` | Whether to enable cert-manager                  | `false`                          |
+
+
+### Test parameters
+
+| Name                  | Description         | Value                |
+| --------------------- | ------------------- | -------------------- |
+| `test.app.repository` | Test app repository | `oamdev/hello-world` |
+| `test.app.tag`        | Test app tag        | `v1`                 |
+| `test.k8s.repository` | Test k8s repository | `oamdev/alpine-k8s`  |
+| `test.k8s.tag`        | Test k8s tag        | `1.18.2`             |
+
+
+### Common parameters
+
+| Name                          | Description                                                                                                                | Value                |
+| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------- |
+| `imagePullSecrets`            | Image pull secrets                                                                                                         | `[]`                 |
+| `nameOverride`                | Override name                                                                                                              | `""`                 |
+| `fullnameOverride`            | Fullname override                                                                                                          | `""`                 |
+| `serviceAccount.create`       | Specifies whether a service account should be created                                                                      | `true`               |
+| `serviceAccount.annotations`  | Annotations to add to the service account                                                                                  | `{}`                 |
+| `serviceAccount.name`         | The name of the service account to use. If not set and create is true, a name is generated using the fullname template     | `nil`                |
+| `nodeSelector`                | Node selector                                                                                                              | `{}`                 |
+| `tolerations`                 | Tolerations                                                                                                                | `[]`                 |
+| `affinity`                    | Affinity                                                                                                                   | `{}`                 |
+| `rbac.create`                 | Specifies whether a RBAC role should be created                                                                            | `true`               |
+| `logDebug`                    | Enable debug logs for development purpose                                                                                  | `false`              |
+| `logFilePath`                 | If non-empty, write log files in this path                                                                                 | `""`                 |
+| `logFileMaxSize`              | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | `1024`               |
+| `kubeClient.qps`              | The qps for reconcile clients, default is 50                                                                               | `50`                 |
+| `kubeClient.burst`            | The burst for reconcile clients, default is 100                                                                            | `100`                |
+| `authentication.enabled`      | Enable authentication for application                                                                                      | `false`              |
+| `authentication.withUser`     | Application authentication will impersonate as the request User                                                            | `false`              |
+| `authentication.defaultUser`  | Application authentication will impersonate as the User if no user provided in Application                                 | `kubevela:vela-core` |
+| `authentication.groupPattern` | Application authentication will impersonate as the request Group that matches the pattern                                  | `kubevela:*`         |
+
+
+## Uninstallation
+
+### Vela CLI 
+
+To uninstall KubeVela, you can just run the following command by vela CLI:
+
+```shell
+vela uninstall --force
+```
+
+### Helm CLI
+
+**Notice**: You must disable all the addons before uninstallation, this is a script for convenience. 
+
+```shell
+#! /bin/sh
+addon=$(vela addon list|grep enabled|awk {'print $1'})
+
+fluxcd=false
+for var in ${addon[*]}
+do
+  if [ $var == "fluxcd" ]; then
+      fluxcd=true
+      continue
+      else
+        vela addon disable $var
+  fi
+done
+if [ $fluxcd ]; then
+    vela addon disable fluxcd
+fi
+```
+
+To uninstall the KubeVela helm release:
+
+```shell
+$ helm uninstall -n vela-system kubevela
+```
+
+Finally, this command will remove all the Kubernetes resources associated with KubeVela and remove this chart release.

charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml

@@ -179,6 +179,10 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       deleteResource:
                         default: true
                         description: DeleteResource will determine whether provisioned
@@ -202,10 +206,6 @@ spec:
                         required:
                         - name
                         type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -492,6 +492,10 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       deleteResource:
                         default: true
                         description: DeleteResource will determine whether provisioned
@@ -515,10 +519,6 @@ spec:
                         required:
                         - name
                         type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration

charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml

@@ -222,6 +222,11 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              customRegion:
+                                description: Region is cloud provider's region. It
+                                  will override the region in the region field of
+                                  ProviderReference
+                                type: string
                               deleteResource:
                                 default: true
                                 description: DeleteResource will determine whether
@@ -246,11 +251,6 @@ spec:
                                 required:
                                 - name
                                 type: object
-                              region:
-                                description: Region is cloud provider's region. It
-                                  will override the region in the region field of
-                                  ProviderReference
-                                type: string
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -538,6 +538,11 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              customRegion:
+                                description: Region is cloud provider's region. It
+                                  will override the region in the region field of
+                                  ProviderReference
+                                type: string
                               deleteResource:
                                 default: true
                                 description: DeleteResource will determine whether
@@ -562,11 +567,6 @@ spec:
                                 required:
                                 - name
                                 type: object
-                              region:
-                                description: Region is cloud provider's region. It
-                                  will override the region in the region field of
-                                  ProviderReference
-                                type: string
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -636,6 +636,10 @@ spec:
                           - type
                           type: object
                         type: array
+                      configMapRef:
+                        description: ConfigMapRef refer to a ConfigMap which contains
+                          OpenAPI V3 JSON schema of Component parameters.
+                        type: string
                       latestRevision:
                         description: LatestRevision of the component definition
                         properties:
@@ -720,6 +724,10 @@ spec:
                         items:
                           type: string
                         type: array
+                      controlPlaneOnly:
+                        description: ControlPlaneOnly defines which cluster is dispatched
+                          to
+                        type: boolean
                       definitionRef:
                         description: Reference to the CustomResourceDefinition that
                           defines this trait kind.
@@ -847,6 +855,11 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              customRegion:
+                                description: Region is cloud provider's region. It
+                                  will override the region in the region field of
+                                  ProviderReference
+                                type: string
                               deleteResource:
                                 default: true
                                 description: DeleteResource will determine whether
@@ -871,11 +884,6 @@ spec:
                                 required:
                                 - name
                                 type: object
-                              region:
-                                description: Region is cloud provider's region. It
-                                  will override the region in the region field of
-                                  ProviderReference
-                                type: string
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -1137,6 +1145,11 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              customRegion:
+                                description: Region is cloud provider's region. It
+                                  will override the region in the region field of
+                                  ProviderReference
+                                type: string
                               deleteResource:
                                 default: true
                                 description: DeleteResource will determine whether
@@ -1161,11 +1174,6 @@ spec:
                                 required:
                                 - name
                                 type: object
-                              region:
-                                description: Region is cloud provider's region. It
-                                  will override the region in the region field of
-                                  ProviderReference
-                                type: string
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration

charts/vela-core/crds/core.oam.dev_policies.yaml

@@ -0,0 +1,57 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: policies.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: Policy
+    listKind: PolicyList
+    plural: policies
+    singular: policy
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .type
+      name: TYPE
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Policy is the Schema for the policy API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          properties:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+          type:
+            type: string
+        required:
+        - type
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/vela-core/crds/core.oam.dev_policydefinitions.yaml

@@ -15,7 +15,7 @@ spec:
     listKind: PolicyDefinitionList
     plural: policydefinitions
     shortNames:
-    - policy
+    - def-policy
     singular: policydefinition
   scope: Namespaced
   versions:
@@ -151,6 +151,10 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       deleteResource:
                         default: true
                         description: DeleteResource will determine whether provisioned
@@ -174,10 +178,6 @@ spec:
                         required:
                         - name
                         type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -244,6 +244,10 @@ spec:
                   - type
                   type: object
                 type: array
+              configMapRef:
+                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
+                  V3 JSON schema of Component parameters.
+                type: string
               latestRevision:
                 description: LatestRevision of the component definition
                 properties:

charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml

@@ -188,6 +188,10 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       deleteResource:
                         default: true
                         description: DeleteResource will determine whether provisioned
@@ -211,10 +215,6 @@ spec:
                         required:
                         - name
                         type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -372,6 +372,10 @@ spec:
                 items:
                   type: string
                 type: array
+              controlPlaneOnly:
+                description: ControlPlaneOnly defines which cluster is dispatched
+                  to
+                type: boolean
               definitionRef:
                 description: Reference to the CustomResourceDefinition that defines
                   this trait kind.
@@ -497,6 +501,10 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       deleteResource:
                         default: true
                         description: DeleteResource will determine whether provisioned
@@ -520,10 +528,6 @@ spec:
                         required:
                         - name
                         type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration

charts/vela-core/crds/core.oam.dev_workflows.yaml

@@ -0,0 +1,253 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: workflows.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: Workflow
+    listKind: WorkflowList
+    plural: workflows
+    singular: workflow
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Workflow is the Schema for the policy API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          steps:
+            items:
+              description: WorkflowStep defines how to execute a workflow step.
+              properties:
+                dependsOn:
+                  items:
+                    type: string
+                  type: array
+                if:
+                  type: string
+                inputs:
+                  description: StepInputs defines variable input of WorkflowStep
+                  items:
+                    properties:
+                      from:
+                        type: string
+                      parameterKey:
+                        type: string
+                    required:
+                    - from
+                    - parameterKey
+                    type: object
+                  type: array
+                name:
+                  description: Name is the unique name of the workflow step.
+                  type: string
+                outputs:
+                  description: StepOutputs defines output variable of WorkflowStep
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      valueFrom:
+                        type: string
+                    required:
+                    - name
+                    - valueFrom
+                    type: object
+                  type: array
+                properties:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                subSteps:
+                  items:
+                    description: WorkflowSubStep defines how to execute a workflow
+                      subStep.
+                    properties:
+                      dependsOn:
+                        items:
+                          type: string
+                        type: array
+                      if:
+                        type: string
+                      inputs:
+                        description: StepInputs defines variable input of WorkflowStep
+                        items:
+                          properties:
+                            from:
+                              type: string
+                            parameterKey:
+                              type: string
+                          required:
+                          - from
+                          - parameterKey
+                          type: object
+                        type: array
+                      name:
+                        description: Name is the unique name of the workflow step.
+                        type: string
+                      outputs:
+                        description: StepOutputs defines output variable of WorkflowStep
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            valueFrom:
+                              type: string
+                          required:
+                          - name
+                          - valueFrom
+                          type: object
+                        type: array
+                      properties:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      type:
+                        type: string
+                    required:
+                    - name
+                    - type
+                    type: object
+                  type: array
+                type:
+                  type: string
+              required:
+              - name
+              - type
+              type: object
+            type: array
+        type: object
+    served: true
+    storage: true
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Workflow defines workflow steps and other attributes
+        properties:
+          ref:
+            type: string
+          steps:
+            items:
+              description: WorkflowStep defines how to execute a workflow step.
+              properties:
+                dependsOn:
+                  items:
+                    type: string
+                  type: array
+                if:
+                  type: string
+                inputs:
+                  description: StepInputs defines variable input of WorkflowStep
+                  items:
+                    properties:
+                      from:
+                        type: string
+                      parameterKey:
+                        type: string
+                    required:
+                    - from
+                    - parameterKey
+                    type: object
+                  type: array
+                name:
+                  description: Name is the unique name of the workflow step.
+                  type: string
+                outputs:
+                  description: StepOutputs defines output variable of WorkflowStep
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      valueFrom:
+                        type: string
+                    required:
+                    - name
+                    - valueFrom
+                    type: object
+                  type: array
+                properties:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                subSteps:
+                  items:
+                    description: WorkflowSubStep defines how to execute a workflow
+                      subStep.
+                    properties:
+                      dependsOn:
+                        items:
+                          type: string
+                        type: array
+                      if:
+                        type: string
+                      inputs:
+                        description: StepInputs defines variable input of WorkflowStep
+                        items:
+                          properties:
+                            from:
+                              type: string
+                            parameterKey:
+                              type: string
+                          required:
+                          - from
+                          - parameterKey
+                          type: object
+                        type: array
+                      name:
+                        description: Name is the unique name of the workflow step.
+                        type: string
+                      outputs:
+                        description: StepOutputs defines output variable of WorkflowStep
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            valueFrom:
+                              type: string
+                          required:
+                          - name
+                          - valueFrom
+                          type: object
+                        type: array
+                      properties:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      type:
+                        type: string
+                    required:
+                    - name
+                    - type
+                    type: object
+                  type: array
+                type:
+                  type: string
+              required:
+              - name
+              - type
+              type: object
+            type: array
+        type: object
+    served: true
+    storage: false
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/vela-core/crds/core.oam.dev_workflowstepdefinitions.yaml

@@ -148,6 +148,10 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       deleteResource:
                         default: true
                         description: DeleteResource will determine whether provisioned
@@ -171,10 +175,6 @@ spec:
                         required:
                         - name
                         type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration

charts/vela-core/crds/core.oam.dev_workloaddefinitions.yaml

@@ -193,6 +193,10 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       deleteResource:
                         default: true
                         description: DeleteResource will determine whether provisioned
@@ -216,10 +220,6 @@ spec:
                         required:
                         - name
                         type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -483,6 +483,10 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       deleteResource:
                         default: true
                         description: DeleteResource will determine whether provisioned
@@ -506,10 +510,6 @@ spec:
                         required:
                         - name
                         type: object
-                      region:
-                        description: Region is cloud provider's region. It will override
-                          the region in the region field of ProviderReference
-                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration

charts/vela-core/templates/NOTES.txt

@@ -27,3 +27,5 @@ Welcome to use the KubeVela! Enjoy your shipping application journey!
       | . \| |_| || |_) ||  __/ \ V /|  __/| || (_| |
       |_|\_\\__,_||_.__/  \___|  \_/  \___||_| \__,_|
 
+
+You can refer to https://kubevela.io for more details.

charts/vela-core/templates/_helpers.tpl

@@ -66,3 +66,14 @@ Create the name of the service account to use
     {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
+
+{{/*
+systemDefinitionNamespace value defaulter
+*/}}
+{{- define "systemDefinitionNamespace" -}}
+{{- if .Values.systemDefinitionNamespace -}}
+    {{ .Values.systemDefinitionNamespace }}
+{{- else -}}
+    {{ .Release.Namespace }}
+{{- end -}}
+{{- end -}}

charts/vela-core/templates/addon/fluxcd-def.yaml

@@ -6,6 +6,8 @@ metadata:
     addons.oam.dev/name: fluxcd-def
   name: addon-fluxcd-def
   namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/resource-policy": keep
 spec:
   components:
     - name: fluxc-def-resources

charts/vela-core/templates/addon/fluxcd.yaml

@@ -7,6 +7,8 @@ metadata:
     addons.oam.dev/registry: KubeVela
   name: addon-fluxcd
   namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/resource-policy": keep
 spec:
   components:
     - name: flux-system-namespace

charts/vela-core/templates/addon_registry.yaml

@@ -7,10 +7,8 @@ data:
   registries: '{
   "KubeVela":{
     "name": "KubeVela",
-    "oss": {
-      "end_point": "https://addons.kubevela.net",
-      "bucket": "",
-      "path": ""
+    "helm": {
+      "url": "https://addons.kubevela.net"
     }
   }
 }'

charts/vela-core/templates/admission-webhooks/certmanager.yaml

@@ -23,7 +23,7 @@ spec:
     name: {{ template "kubevela.fullname" . }}-self-signed-issuer
   commonName: "ca.webhook.kubevela"
   isCA: true
-  
+
 ---
 # Create an Issuer that uses the above generated CA certificate to issue certs
 apiVersion: cert-manager.io/v1

charts/vela-core/templates/admission-webhooks/job-patch/job-createSecret.yaml

@@ -39,6 +39,10 @@ spec:
             - --cert-name=tls.crt
       restartPolicy: OnFailure
       serviceAccountName: {{ template "kubevela.fullname" . }}-admission
+      {{- with .Values.admissionWebhooks.patch.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.admissionWebhooks.patch.affinity }}
       affinity:
 {{ toYaml . | indent 8 }}

charts/vela-core/templates/admission-webhooks/job-patch/job-patchWebhook.yaml

@@ -36,7 +36,9 @@ spec:
             - --namespace={{ .Release.Namespace }}
             - --secret-name={{ template "kubevela.fullname" . }}-admission
             - --patch-failure-policy={{ .Values.admissionWebhooks.failurePolicy }}
-            - --crds=applications.core.oam.dev
+            {{- if .Values.admissionWebhooks.appConversion.enabled }}
+            - --crds={"name":"applications.core.oam.dev","conversion":{"strategy":"Webhook","webhook":{"clientConfig":{"service":{"name":"vela-core-webhook","namespace":"vela-system","path":"/convert","port":443}},"conversionReviewVersions":["v1beta1","v1alpha2"]}}}
+            {{- end }}
       restartPolicy: OnFailure
       serviceAccountName: {{ template "kubevela.fullname" . }}-admission
       {{- with .Values.admissionWebhooks.patch.affinity }}

charts/vela-core/templates/admission-webhooks/mutatingWebhookConfiguration.yaml

@@ -120,6 +120,32 @@ webhooks:
           - UPDATE
         resources:
           - podspecworkloads
+  - clientConfig:
+      caBundle: Cg==
+      service:
+        name: {{ template "kubevela.name" . }}-webhook
+        namespace: {{ .Release.Namespace }}
+        path: /mutating-core-oam-dev-v1beta1-applications
+    {{- if .Values.admissionWebhooks.patch.enabled }}
+    failurePolicy: Ignore
+    {{- else }}
+    failurePolicy: Fail
+    {{- end }}
+    name: mutating.core.oam.dev.v1beta1.applications
+    admissionReviewVersions:
+      - v1beta1
+      - v1
+    sideEffects: None
+    rules:
+      - apiGroups:
+          - core.oam.dev
+        apiVersions:
+          - v1beta1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - applications
   - clientConfig:
       caBundle: Cg==
       service:

charts/vela-core/templates/cluster-gateway/certmanager.yaml

@@ -0,0 +1,24 @@
+{{- if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled .Values.multicluster.clusterGateway.secureTLS.certManager.enabled }}
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-issuer
+  namespace: {{ .Release.Namespace }}
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretName: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2
+  duration: 8760h # 1y
+  issuerRef:
+    name: {{ template "kubevela.fullname" . }}-cluster-gateway-issuer
+  dnsNames:
+    - {{ .Release.Name }}-cluster-gateway-service
+    - {{ .Release.Name }}-cluster-gateway-service.{{ .Release.Namespace }}.svc
+    - {{ .Release.Name }}-cluster-gateway-service.{{ .Release.Namespace }}.svc.cluster.local
+{{- end }}

charts/vela-core/templates/cluster-gateway/cluster-gateway.yaml

@@ -0,0 +1,153 @@
+{{ if .Values.multicluster.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-cluster-gateway
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kubevela.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.multicluster.clusterGateway.replicaCount }}
+  selector:
+    matchLabels:
+    {{- include "kubevela-cluster-gateway.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+      {{- include "kubevela-cluster-gateway.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "kubevela.serviceAccountName" . }}
+      securityContext:
+      {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ include "kubevela.fullname" . }}-cluster-gateway
+          securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}
+          args:
+            - "apiserver"
+            - "--secure-port={{ .Values.multicluster.clusterGateway.port }}"
+            - "--secret-namespace={{ .Release.Namespace }}"
+            - "--feature-gates=APIPriorityAndFairness=false,ClientIdentityPenetration={{ .Values.authentication.enabled }}"
+            {{- if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+            - "--tls-cert-file={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}/tls.crt"
+            - "--tls-private-key-file={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}/tls.key"
+            {{- end }}
+          image: {{ .Values.imageRegistry }}{{ .Values.multicluster.clusterGateway.image.repository }}:{{ .Values.multicluster.clusterGateway.image.tag }}
+          imagePullPolicy: {{ .Values.multicluster.clusterGateway.image.pullPolicy }}
+          resources:
+          {{- toYaml .Values.multicluster.clusterGateway.resources | nindent 12 }}
+          ports:
+            - containerPort: {{ .Values.multicluster.clusterGateway.port }}
+          {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+          volumeMounts:
+            - mountPath: {{ .Values.multicluster.clusterGateway.secureTLS.certPath }}
+              name: tls-cert-vol
+              readOnly: true
+          {{- end }}
+      {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+      volumes:
+        - name: tls-cert-vol
+          secret:
+            defaultMode: 420
+            secretName: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2
+      {{ end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-cluster-gateway-service
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+  {{- include "kubevela-cluster-gateway.selectorLabels" . | nindent 4 }}
+  ports:
+    - protocol: TCP
+      port: {{ .Values.multicluster.clusterGateway.port }}
+      targetPort: {{ .Values.multicluster.clusterGateway.port }}
+---
+# 1.  Check whether APIService ""v1alpha1.cluster.core.oam.dev" is already present in the cluster
+# 2.a If the APIService doesn't exist, create it.
+# 2.b If the APIService exists without helm-chart related annotation, skip creating it to the
+#     cluster because the APIService can be managed by an external controller.
+# 2.c If the APIService exists with valid helm-chart annotations, which means that the APIService
+#     is previously managed by helm commands, hence update the APIService consistently.
+{{ $apiSvc := (lookup "apiregistration.k8s.io/v1" "APIService" "" "v1alpha1.cluster.core.oam.dev") }}
+{{ $shouldAdopt := (not $apiSvc) }}
+{{ if not $shouldAdopt }}
+  {{ if $apiSvc.metadata.annotations }}
+    {{ $shouldAdopt = (index ($apiSvc).metadata.annotations "meta.helm.sh/release-name") }}
+  {{ end }}
+{{ end }}
+{{ if $shouldAdopt }}
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1alpha1.cluster.core.oam.dev
+  annotations:
+    {{- if and .Values.multicluster.clusterGateway.secureTLS.enabled .Values.multicluster.clusterGateway.secureTLS.certManager.enabled }}
+    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2"
+    {{- end }}
+  labels:
+    api: cluster-extension-apiserver
+    apiserver: "true"
+spec:
+  version: v1alpha1
+  group: cluster.core.oam.dev
+  groupPriorityMinimum: 2000
+  service:
+    name: {{ .Release.Name }}-cluster-gateway-service
+    namespace: {{ .Release.Namespace }}
+    port: {{ .Values.multicluster.clusterGateway.port }}
+  versionPriority: 10
+  insecureSkipTLSVerify: {{ not .Values.multicluster.clusterGateway.secureTLS.enabled }}
+  {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+  caBundle: Cg==
+  {{ end }}
+{{ end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "kubevela.fullname" . }}:cluster-gateway:proxy
+rules:
+  - apiGroups: [ "cluster.core.oam.dev" ]
+    resources: [ "clustergateways/proxy" ]
+    verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kubevela.fullname" . }}:cluster-gateway:proxy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubevela.fullname" . }}:cluster-gateway:proxy
+subjects:
+  - kind: Group
+    name: kubevela:client
+    apiGroup: rbac.authorization.k8s.io
+  - kind: ServiceAccount
+    name: {{ include "kubevela.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{ end }}

charts/vela-core/templates/cluster-gateway/job-patch.yaml

@@ -1,122 +1,4 @@
-{{ if .Values.multicluster.enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}-cluster-gateway
-  namespace: {{ .Release.Namespace }}
-  labels:
-  {{- include "kubevela.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.multicluster.clusterGateway.replicaCount }}
-  selector:
-    matchLabels:
-    {{- include "kubevela-cluster-gateway.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-      {{- include "kubevela-cluster-gateway.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "kubevela.serviceAccountName" . }}
-      securityContext:
-      {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ include "kubevela.fullname" . }}-cluster-gateway
-          securityContext:
-          {{- toYaml .Values.securityContext | nindent 12 }}
-          args:
-            - "apiserver"
-            - "--secure-port={{ .Values.multicluster.clusterGateway.port }}"
-            - "--secret-namespace={{ .Release.Namespace }}"
-            - "--feature-gates=APIPriorityAndFairness=false"
-            {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
-            - "--cert-dir={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}"
-            {{ end }}
-          image: {{ .Values.imageRegistry }}{{ .Values.multicluster.clusterGateway.image.repository }}:{{ .Values.multicluster.clusterGateway.image.tag }}
-          imagePullPolicy: {{ .Values.multicluster.clusterGateway.image.pullPolicy }}
-          resources:
-          {{- toYaml .Values.multicluster.clusterGateway.resources | nindent 12 }}
-          ports:
-            - containerPort: {{ .Values.multicluster.clusterGateway.port }}
-          {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
-          volumeMounts:
-            - mountPath: {{ .Values.multicluster.clusterGateway.secureTLS.certPath }}
-              name: tls-cert-vol
-              readOnly: true
-          {{- end }}
-      {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
-      volumes:
-        - name: tls-cert-vol
-          secret:
-            defaultMode: 420
-            secretName: {{ template "kubevela.fullname" . }}-cluster-gateway-tls
-      {{ end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxSurge: 1
-      maxUnavailable: 1
-{{ end }}
----
-{{ if .Values.multicluster.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}-cluster-gateway-service
-  namespace: {{ .Release.Namespace }}
-spec:
-  selector:
-  {{- include "kubevela-cluster-gateway.selectorLabels" . | nindent 4 }}
-  ports:
-    - protocol: TCP
-      port: {{ .Values.multicluster.clusterGateway.port }}
-      targetPort: {{ .Values.multicluster.clusterGateway.port }}
-{{ end }}
----
-{{ if .Values.multicluster.enabled }}
-{{ $apiSvc := (lookup "apiregistration.k8s.io/v1" "APIService" "" "v1alpha1.cluster.core.oam.dev") }}
-{{ $shouldAdopt := (not $apiSvc) }}
-{{ if not $shouldAdopt }}{{ $shouldAdopt = (index ($apiSvc).metadata.annotations "meta.helm.sh/release-name") }}{{ end }}
-{{ if $shouldAdopt }}
-apiVersion: apiregistration.k8s.io/v1
-kind: APIService
-metadata:
-  name: v1alpha1.cluster.core.oam.dev
-  labels:
-    api: cluster-extension-apiserver
-    apiserver: "true"
-spec:
-  version: v1alpha1
-  group: cluster.core.oam.dev
-  groupPriorityMinimum: 2000
-  service:
-    name: {{ .Release.Name }}-cluster-gateway-service
-    namespace: {{ .Release.Namespace }}
-    port: {{ .Values.multicluster.clusterGateway.port }}
-  versionPriority: 10
-  insecureSkipTLSVerify: {{ not .Values.multicluster.clusterGateway.secureTLS.enabled }}
-  {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
-  caBundle: Cg==
-  {{ end }}
-{{ end }}
-{{ end }}
----
-{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+{{- if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled (not .Values.multicluster.clusterGateway.secureTLS.certManager.enabled) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -136,9 +18,7 @@ rules:
     verbs:
       - get
       - create
-{{- end }}
 ---
-{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@@ -158,9 +38,7 @@ subjects:
   - kind: ServiceAccount
     name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
     namespace: {{ .Release.Namespace }}
-{{- end }}
 ---
-{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -172,9 +50,7 @@ metadata:
   labels:
     app: {{ template "kubevela.name" . }}-cluster-gateway-admission
     {{- include "kubevela.labels" . | nindent 4 }}
-{{- end }}
 ---
-{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -210,18 +86,16 @@ spec:
           - create
           - --host={{ .Release.Name }}-cluster-gateway-service,{{ .Release.Name }}-cluster-gateway-service.{{ .Release.Namespace }}.svc
           - --namespace={{ .Release.Namespace }}
-          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls
-          - --key-name=apiserver.key
-          - --cert-name=apiserver.crt
+          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2
+          - --cert-name=tls.crt
+          - --key-name=tls.key
       restartPolicy: OnFailure
       serviceAccountName: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
       securityContext:
         runAsGroup: 2000
         runAsNonRoot: true
         runAsUser: 2000
-{{ end }}
 ---
-{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -257,7 +131,7 @@ spec:
           - /patch
         args:
           - --secret-namespace={{ .Release.Namespace }}
-          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls
+          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2
       restartPolicy: OnFailure
       serviceAccountName: {{ include "kubevela.serviceAccountName" . }}
       securityContext: