Chore: refactor addon enable with package (#4468)

Signed-off-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com>
(cherry picked from commit 702fa36621)

Co-authored-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com>

.github/CODEOWNERS

@@ -1,14 +1,14 @@
 # This file is a github code protect rule follow the codeowners https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners#example-of-a-codeowners-file
 
-*                                  @barnettZQG @wonderflow @leejanee
-design/                            @barnettZQG @leejanee @wonderflow
+*                                  @barnettZQG @wonderflow @leejanee @Somefive
+design/                            @barnettZQG @leejanee @wonderflow @Somefive
 
 # Owner of CUE
-pkg/cue                            @leejanee @FogDong
-pkg/stdlib                         @leejanee @FogDong
+pkg/cue                            @leejanee @FogDong @Somefive
+pkg/stdlib                         @leejanee @FogDong @Somefive
 
 # Owner of Workflow
-pkg/workflow                       @leejanee @FogDong
+pkg/workflow                       @leejanee @FogDong @Somefive
 
 # Owner of rollout
 pkg/controller/common/rollout/                              @wangyikewxgm @wonderflow
@@ -17,20 +17,20 @@ pkg/controller/standard.oam.dev/v1alpha1/rollout            @wangyikewxgm @wonde
 runtime/rollout                                             @wangyikewxgm @wonderflow
 
 # Owner of definition controller
-pkg/controller/core.oam.dev/v1alpha2/core/workflow/workflowstepdefinition  @yangsoon @Somefive
-pkg/controller/core.oam.dev/v1alpha2/core/policies/policydefinition        @yangsoon @Somefive
-pkg/controller/core.oam.dev/v1alpha2/core/components/componentdefinition   @yangsoon @zzxwill
-pkg/controller/core.oam.dev/v1alpha2/core/traits/traitdefinition           @yangsoon @zzxwill
+pkg/controller/core.oam.dev/v1alpha2/core/workflow/workflowstepdefinition  @yangsoon @Somefive @FogDong
+pkg/controller/core.oam.dev/v1alpha2/core/policies/policydefinition        @yangsoon @Somefive @FogDong
+pkg/controller/core.oam.dev/v1alpha2/core/components/componentdefinition   @yangsoon @zzxwill @Somefive
+pkg/controller/core.oam.dev/v1alpha2/core/traits/traitdefinition           @yangsoon @zzxwill @Somefive
 
 # Owner of health scope controller
-pkg/controller/core.oam.dev/v1alpha2/core/scopes/healthscope     @captainroy-hy @zzxwill
+pkg/controller/core.oam.dev/v1alpha2/core/scopes/healthscope     @captainroy-hy @zzxwill @yangsoon
 
 # Owner of vela templates
 vela-templates/                     @Somefive @barnettZQG @wonderflow
 
 # Owner of vela CLI
-references/cli/                     @Somefive @zzxwill 
+references/cli/                     @Somefive @zzxwill @StevenLeiZhang
 
 # Owner of vela APIServer
-pkg/apiserver/                     @barnettZQG @yangsoon
+pkg/apiserver/                     @barnettZQG @yangsoon @FogDong
 

.github/workflows/apiserver-test.yaml

@@ -1,4 +1,4 @@
-name: APIServer Unit Test & E2E Test
+name: VelaUX APIServer Test
 
 on:
   push:
@@ -32,7 +32,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v3.3.0
+        uses: fkirc/skip-duplicate-actions@v4.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
@@ -53,8 +53,58 @@ jobs:
             echo "::set-output name=matrix::${{ env.KIND_IMAGE_VERSION }}"
           fi
 
-
   apiserver-unit-tests:
+    runs-on: ubuntu-20.04
+    needs: detect-noop
+    if: needs.detect-noop.outputs.noop != 'true'
+
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{ env.GO_VERSION }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Cache Go Dependencies
+        uses: actions/cache@v2
+        with:
+          path: .work/pkg
+          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
+          restore-keys: ${{ runner.os }}-pkg-
+
+      - name: Install ginkgo
+        run: |
+          sudo apt-get install -y golang-ginkgo-dev
+
+      - name: Start MongoDB
+        uses: supercharge/mongodb-github-action@1.7.0
+        with:
+          mongodb-version: '5.0'
+
+      - name: install Kubebuilder
+        uses: RyanSiu1995/kubebuilder-action@v1.2
+        with:
+          version: 3.1.0
+          kubebuilderOnly: false
+          kubernetesVersion: v1.21.2
+
+      - name: Run api server unit test
+        run: make unit-test-apiserver
+
+      - name: Upload coverage report
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          file: ./coverage.txt
+          flags: apiserver-unittests
+          name: codecov-umbrella
+
+  apiserver-e2e-tests:
     runs-on: aliyun
     needs: [ detect-noop,set-k8s-matrix ]
     if: needs.detect-noop.outputs.noop != 'true'
@@ -99,9 +149,6 @@ jobs:
           kind create cluster --image kindest/node:${{ matrix.k8s-version }}
           kubectl version
           kubectl cluster-info
-      
-      - name: Run api server unit test
-        run: make unit-test-apiserver
 
       - name: Load Image to kind cluster
         run: make kind-load
@@ -131,8 +178,8 @@ jobs:
         uses: codecov/codecov-action@v1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-          files: ./coverage.txt,/tmp/e2e_apiserver_test.out
-          flags: apiserver-unittests
+          files: /tmp/e2e_apiserver_test.out
+          flags: apiserver-e2etests
           name: codecov-umbrella
 
       - name: Clean e2e profile

.github/workflows/chart.yaml

@@ -0,0 +1,89 @@
+name: Publish Chart
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch: { }
+
+env:
+  BUCKET: ${{ secrets.OSS_BUCKET }}
+  ENDPOINT: ${{ secrets.OSS_ENDPOINT }}
+  ACCESS_KEY: ${{ secrets.OSS_ACCESS_KEY }}
+  ACCESS_KEY_SECRET: ${{ secrets.OSS_ACCESS_KEY_SECRET }}
+  ARTIFACT_HUB_REPOSITORY_ID: ${{ secrets.ARTIFACT_HUB_REPOSITORY_ID }}
+
+jobs:  
+  publish-charts:
+    env:
+      HELM_CHARTS_DIR: charts
+      HELM_CHART: charts/vela-core
+      MINIMAL_HELM_CHART: charts/vela-minimal
+      LEGACY_HELM_CHART: legacy/charts/vela-core-legacy
+      VELA_ROLLOUT_HELM_CHART: runtime/rollout/charts
+      LOCAL_OSS_DIRECTORY: .oss/
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@master
+      - name: Get git revision
+        id: vars
+        shell: bash
+        run: |
+          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.0
+      - name: Setup node
+        uses: actions/setup-node@v2
+        with:
+          node-version: '14'
+      - name: Generate helm doc
+        run: |
+          make helm-doc-gen
+      - name: Prepare legacy chart
+        run: |
+          rsync -r $LEGACY_HELM_CHART $HELM_CHARTS_DIR
+          rsync -r $HELM_CHART/* $LEGACY_HELM_CHART --exclude=Chart.yaml --exclude=crds
+      - name: Prepare vela chart
+        run: |
+          rsync -r $VELA_ROLLOUT_HELM_CHART $HELM_CHARTS_DIR
+      - name: Get the version
+        id: get_version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/}
+          echo ::set-output name=VERSION::${VERSION}
+      - name: Tag helm chart image
+        run: |
+          image_tag=${{ steps.get_version.outputs.VERSION }}
+          chart_version=${{ steps.get_version.outputs.VERSION }}
+          sed -i "s/latest/${image_tag}/g" $HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $MINIMAL_HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $LEGACY_HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $VELA_ROLLOUT_HELM_CHART/values.yaml
+          chart_smever=${chart_version#"v"}
+          sed -i "s/0.1.0/$chart_smever/g" $HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $MINIMAL_HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $LEGACY_HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $VELA_ROLLOUT_HELM_CHART/Chart.yaml
+      - name: Install ossutil
+        run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
+      - name: Configure Alibaba Cloud OSSUTIL
+        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT} -c .ossutilconfig
+      - name: sync cloud to local
+        run: ./ossutil --config-file .ossutilconfig sync oss://$BUCKET/core $LOCAL_OSS_DIRECTORY
+      - name: add artifacthub stuff to the repo
+        run: |
+          rsync $HELM_CHART/README.md $LEGACY_HELM_CHART/README.md
+          rsync $HELM_CHART/README.md $VELA_ROLLOUT_HELM_CHART/README.md
+          sed -i "s/ARTIFACT_HUB_REPOSITORY_ID/$ARTIFACT_HUB_REPOSITORY_ID/g" hack/artifacthub/artifacthub-repo.yml
+          rsync hack/artifacthub/artifacthub-repo.yml $LOCAL_OSS_DIRECTORY
+      - name: Package helm charts
+        run: |
+          helm package $HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $MINIMAL_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $LEGACY_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $VELA_ROLLOUT_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm repo index --url https://$BUCKET.$ENDPOINT/core $LOCAL_OSS_DIRECTORY
+      - name: sync local to cloud
+        run: ./ossutil --config-file .ossutilconfig sync $LOCAL_OSS_DIRECTORY oss://$BUCKET/core -f

.github/workflows/e2e-multicluster-test.yml

@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v3.3.0
+        uses: fkirc/skip-duplicate-actions@v4.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
@@ -103,7 +103,7 @@ jobs:
         run: |
           make e2e-cleanup
           make vela-cli
-          make e2e-setup-core
+          make e2e-setup-core-auth
           make
           make setup-runtime-e2e-cluster
 

.github/workflows/e2e-rollout-test.yml

@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v3.3.0
+        uses: fkirc/skip-duplicate-actions@v4.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'

.github/workflows/e2e-test.yml

@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v3.3.0
+        uses: fkirc/skip-duplicate-actions@v4.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'

.github/workflows/go.yml

@@ -26,7 +26,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v3.3.0
+        uses: fkirc/skip-duplicate-actions@v4.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'

.github/workflows/issue-commands.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   bot:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Checkout Actions
         uses: actions/checkout@v2
@@ -15,7 +15,13 @@ jobs:
           repository: "oam-dev/kubevela-github-actions"
           path: ./actions
           ref: v0.4.2
-      - name: Install Actions
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '14'
+          cache: 'npm'
+          cache-dependency-path: ./actions/package-lock.json
+      - name: Install Dependencies
         run: npm ci --production --prefix ./actions
       - name: Run Commands
         uses: ./actions/commands

.github/workflows/registry.yml

@@ -8,14 +8,11 @@ on:
   workflow_dispatch: {}
 
 env:
-  BUCKET: ${{ secrets.OSS_BUCKET }}
-  ENDPOINT: ${{ secrets.OSS_ENDPOINT }}
   ACCESS_KEY: ${{ secrets.OSS_ACCESS_KEY }}
   ACCESS_KEY_SECRET: ${{ secrets.OSS_ACCESS_KEY_SECRET }}
-  ARTIFACT_HUB_REPOSITORY_ID: ${{ secrets.ARTIFACT_HUB_REPOSITORY_ID }}
 
 jobs:
-  publish-images:
+  publish-core-images:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
@@ -47,20 +44,16 @@ jobs:
       - name: Login Alibaba Cloud ACR
         uses: docker/login-action@v1
         with:
-          registry: kubevela-registry.cn-hangzhou.cr.aliyuncs.com
-          username: ${{ secrets.ACR_USERNAME }}@aliyun-inner.com
+          registry: ${{ secrets.ACR_DOMAIN }}
+          username: ${{ secrets.ACR_USERNAME }}
           password: ${{ secrets.ACR_PASSWORD }}
       - uses: docker/setup-qemu-action@v1
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: image=moby/buildkit:master
 
-      - name: Build & Pushing vela-core for ACR
-        run: |
-          docker build --build-arg GOPROXY=https://proxy.golang.org --build-arg VERSION=${{ steps.get_version.outputs.VERSION }} --build-arg GITVERSION=git-${{ steps.vars.outputs.git_revision }}  -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }} .
-          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
       - uses: docker/build-push-action@v2
-        name: Build & Pushing vela-core for Dockerhub and GHCR
+        name: Build & Pushing vela-core for Dockerhub, GHCR and ACR
         with:
           context: .
           file: Dockerfile
@@ -75,14 +68,70 @@ jobs:
             GOPROXY=https://proxy.golang.org
           tags: |-
             docker.io/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
-            ghcr.io/${{ github.repository }}/vela-core:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository_owner }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
+            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
 
-      - name: Build & Pushing vela-apiserver for ACR
-        run: |
-          docker build --build-arg GOPROXY=https://proxy.golang.org --build-arg VERSION=${{ steps.get_version.outputs.VERSION }} --build-arg GITVERSION=git-${{ steps.vars.outputs.git_revision }} -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }} -f Dockerfile.apiserver .
-          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
       - uses: docker/build-push-action@v2
-        name: Build & Pushing vela-apiserver for Dockerhub and GHCR
+        name: Build & Pushing CLI for Dockerhub, GHCR and ACR
+        with:
+          context: .
+          file: Dockerfile.cli
+          labels: |-
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          build-args: |
+            GITVERSION=git-${{ steps.vars.outputs.git_revision }}
+            VERSION=${{ steps.get_version.outputs.VERSION }}
+            GOPROXY=https://proxy.golang.org
+          tags: |-
+            docker.io/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
+            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
+
+  publish-addon-images:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Get the version
+        id: get_version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/}
+          if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then
+            VERSION=latest
+          fi
+          echo ::set-output name=VERSION::${VERSION}
+      - name: Get git revision
+        id: vars
+        shell: bash
+        run: |
+          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
+      - name: Login ghcr.io
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login docker.io
+        uses: docker/login-action@v1
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Login Alibaba Cloud ACR
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ secrets.ACR_DOMAIN }}
+          username: ${{ secrets.ACR_USERNAME }}
+          password: ${{ secrets.ACR_PASSWORD }}
+      - uses: docker/setup-qemu-action@v1
+      - uses: docker/setup-buildx-action@v1
+        with:
+          driver-opts: image=moby/buildkit:master
+
+      - uses: docker/build-push-action@v2
+        name: Build & Pushing vela-apiserver for Dockerhub, GHCR and ACR
         with:
           context: .
           file: Dockerfile.apiserver
@@ -97,14 +146,11 @@ jobs:
             GOPROXY=https://proxy.golang.org
           tags: |-
             docker.io/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
-            ghcr.io/${{ github.repository }}/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository_owner }}/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
+            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
 
-      - name: Build & Pushing vela runtime rollout for ACR
-        run: |
-          docker build --build-arg GOPROXY=https://proxy.golang.org --build-arg VERSION=${{ steps.get_version.outputs.VERSION }} --build-arg GITVERSION=git-${{ steps.vars.outputs.git_revision }}  -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }} .
-          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
       - uses: docker/build-push-action@v2
-        name: Build & Pushing runtime rollout for Dockerhub and GHCR
+        name: Build & Pushing runtime rollout Dockerhub, GHCR and ACR
         with:
           context: .
           file: runtime/rollout/Dockerfile
@@ -119,91 +165,27 @@ jobs:
             GOPROXY=https://proxy.golang.org
           tags: |-
             docker.io/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
-            ghcr.io/${{ github.repository }}/vela-rollout:${{ steps.get_version.outputs.VERSION }}
-
-  publish-charts:
-    env:
-      HELM_CHARTS_DIR: charts
-      HELM_CHART: charts/vela-core
-      MINIMAL_HELM_CHART: charts/vela-minimal
-      LEGACY_HELM_CHART: legacy/charts/vela-core-legacy
-      VELA_ROLLOUT_HELM_CHART: runtime/rollout/charts
-      LOCAL_OSS_DIRECTORY: .oss/
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@master
-      - name: Get git revision
-        id: vars
-        shell: bash
-        run: |
-          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
-      - name: Install Helm
-        uses: azure/setup-helm@v1
+            ghcr.io/${{ github.repository_owner }}/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
+            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
+      
+      - uses: docker/build-push-action@v2
+        name: Build & Pushing CloudShell for Dockerhub, GHCR and ACR
         with:
-          version: v3.4.0
-      - name: Setup node
-        uses: actions/setup-node@v2
-        with:
-          node-version: '14'
-      - name: Generate helm doc
-        run: |
-          make helm-doc-gen
-      - name: Prepare legacy chart
-        run: |
-          rsync -r $LEGACY_HELM_CHART $HELM_CHARTS_DIR
-          rsync -r $HELM_CHART/* $LEGACY_HELM_CHART --exclude=Chart.yaml --exclude=crds
-      - name: Prepare vela chart
-        run: |
-          rsync -r $VELA_ROLLOUT_HELM_CHART $HELM_CHARTS_DIR
-      - uses: oprypin/find-latest-tag@v1
-        with:
-          repository: oam-dev/kubevela
-          releases-only: true
-        id: latest_tag
-      - name: Tag helm chart image
-        run: |
-          latest_repo_tag=${{ steps.latest_tag.outputs.tag }}
-          sub="."
-          major="$(cut -d"$sub" -f1 <<<"$latest_repo_tag")"
-          minor="$(cut -d"$sub" -f2 <<<"$latest_repo_tag")"
-          patch="0"
-          current_repo_tag="$major.$minor.$patch"
-          image_tag=${GITHUB_REF#refs/tags/}
-          chart_version=$latest_repo_tag
-          if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then
-            image_tag=latest
-            chart_version=${current_repo_tag}-nightly-build
-          fi
-          sed -i "s/latest/${image_tag}/g" $HELM_CHART/values.yaml
-          sed -i "s/latest/${image_tag}/g" $MINIMAL_HELM_CHART/values.yaml
-          sed -i "s/latest/${image_tag}/g" $LEGACY_HELM_CHART/values.yaml
-          sed -i "s/latest/${image_tag}/g" $VELA_ROLLOUT_HELM_CHART/values.yaml
-          chart_smever=${chart_version#"v"}
-          sed -i "s/0.1.0/$chart_smever/g" $HELM_CHART/Chart.yaml
-          sed -i "s/0.1.0/$chart_smever/g" $MINIMAL_HELM_CHART/Chart.yaml
-          sed -i "s/0.1.0/$chart_smever/g" $LEGACY_HELM_CHART/Chart.yaml
-          sed -i "s/0.1.0/$chart_smever/g" $VELA_ROLLOUT_HELM_CHART/Chart.yaml
-      - name: Install ossutil
-        run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
-      - name: Configure Alibaba Cloud OSSUTIL
-        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT} -c .ossutilconfig
-      - name: sync cloud to local
-        run: ./ossutil --config-file .ossutilconfig sync oss://$BUCKET/core $LOCAL_OSS_DIRECTORY
-      - name: add artifacthub stuff to the repo
-        run: |
-          rsync $HELM_CHART/README.md $LEGACY_HELM_CHART/README.md
-          rsync $HELM_CHART/README.md $VELA_ROLLOUT_HELM_CHART/README.md
-          sed -i "s/ARTIFACT_HUB_REPOSITORY_ID/$ARTIFACT_HUB_REPOSITORY_ID/g" hack/artifacthub/artifacthub-repo.yml
-          rsync hack/artifacthub/artifacthub-repo.yml $LOCAL_OSS_DIRECTORY
-      - name: Package helm charts
-        run: |
-          helm package $HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm package $MINIMAL_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm package $LEGACY_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm package $VELA_ROLLOUT_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm repo index --url https://$BUCKET.$ENDPOINT/core $LOCAL_OSS_DIRECTORY
-      - name: sync local to cloud
-        run: ./ossutil --config-file .ossutilconfig sync $LOCAL_OSS_DIRECTORY oss://$BUCKET/core -f
+          context: .
+          file: Dockerfile.cloudshell
+          labels: |-
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          build-args: |
+            GITVERSION=git-${{ steps.vars.outputs.git_revision }}
+            VERSION=${{ steps.get_version.outputs.VERSION }}
+            GOPROXY=https://proxy.golang.org
+          tags: |-
+            docker.io/oamdev/cloudshell:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository_owner }}/oamdev/cloudshell:${{ steps.get_version.outputs.VERSION }}
+            ${{ secrets.ACR_DOMAIN }}/oamdev/cloudshell:${{ steps.get_version.outputs.VERSION }}
 
   publish-capabilities:
     env:

.github/workflows/release.yml

@@ -121,7 +121,13 @@ jobs:
         run: ./ossutil --config-file .ossutilconfig sync ./_bin/vela oss://$BUCKET/binary/vela/${{ env.VELA_VERSION }}
       
       - name: sync the latest version file
+        if: ${{ !contains(env.VELA_VERSION,'alpha') && !contains(env.VELA_VERSION,'beta') }}
         run: |
+          LATEST_VERSION=$(curl -fsSl https://static.kubevela.net/binary/vela/latest_version)
+          verlte() {
+            [  "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ]
+          }
+          verlte ${{ env.VELA_VERSION }} $LATEST_VERSION && echo "${{ env.VELA_VERSION }} <= $LATEST_VERSION, skip update" && exit 0
           echo ${{ env.VELA_VERSION }} > ./latest_version
           ./ossutil --config-file .ossutilconfig cp -u ./latest_version oss://$BUCKET/binary/vela/latest_version
 

.github/workflows/unit-test.yml

@@ -26,7 +26,7 @@ jobs:
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v3.3.0
+        uses: fkirc/skip-duplicate-actions@v4.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'

.gitignore

@@ -1,4 +1,4 @@
-# Binaries for programs and plugins
+# Binaries for programs and docgen
 *.exe
 *.exe~
 *.dll
@@ -7,6 +7,7 @@
 bin
 _bin
 e2e/vela
+vela
 
 # Test binary, build with `go test -c`
 *.test
@@ -49,4 +50,5 @@ tmp/
 git-page/
 
 # e2e rollout runtime image build
-runtime/rollout/e2e/tmp
+runtime/rollout/e2e/tmp
+vela.json

CHANGELOG/CHANGELOG-1.0.md

@@ -15,7 +15,7 @@ This is a minor fix for release-1.0, please refer to release-1.1.x for the lates
 # v1.0.5
 
 1. Fix Terraform application status issue (#1611)
-2. applicaiton supports specifying different versions of Definition (#1597)
+2. application supports specifying different versions of Definition (#1597)
 3. Enable Dynamic Admission Control for Application (#1619)
 4. Update inner samples for "vela show xxx --web" (#1616)
 5. fix empty rolloutBatch will panic whole controller bug (#1646)

CHANGELOG/CHANGELOG-1.2.md

@@ -31,7 +31,7 @@
 ## What's Changed
 
 * Fix: can't query data from the MongoDB by @barnettZQG in https://github.com/oam-dev/kubevela/pull/3095
-* Fix: use personel token of vela-bot instead of github token for homebrew update by @wonderflow in https://github.com/oam-dev/kubevela/pull/3096
+* Fix: use personal token of vela-bot instead of github token for homebrew update by @wonderflow in https://github.com/oam-dev/kubevela/pull/3096
 * Fix: acr image no version by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/3100
 * Fix: support generate cloud resource docs in Chinese by @zzxwill in https://github.com/oam-dev/kubevela/pull/3079
 * Fix: clear old data in mongodb unit test case by @barnettZQG in https://github.com/oam-dev/kubevela/pull/3103

Dockerfile

@@ -36,7 +36,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
 FROM ${BASE_IMAGE:-alpine:3.15}
-# This is required by daemon connnecting with cri
+# This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat
 
 WORKDIR /

Dockerfile.apiserver

@@ -34,7 +34,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
 
 FROM ${BASE_IMAGE:-alpine:3.15}
-# This is required by daemon connnecting with cri
+# This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat
 
 WORKDIR /

Dockerfile.cli

@@ -0,0 +1,43 @@
+ARG BASE_IMAGE
+# Build the cli binary
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder
+ARG GOPROXY
+ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY apis/ apis/
+COPY pkg/ pkg/
+COPY version/ version/
+COPY references/ references/
+
+# Build
+ARG TARGETARCH
+ARG VERSION
+ARG GITVERSION
+
+RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH:-amd64} \
+    go build -a -ldflags "-s -w -X github.com/oam-dev/kubevela/version.VelaVersion=${VERSION:-undefined} -X github.com/oam-dev/kubevela/version.GitRevision=${GITVERSION:-undefined}" \
+    -o vela-${TARGETARCH} ./references/cmd/cli/main.go
+
+
+# Use alpine as base image due to the discussion in issue #1448
+# You can replace distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+# Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
+
+FROM ${BASE_IMAGE:-alpine:3.15}
+# This is required by daemon connecting with cri
+RUN apk add --no-cache ca-certificates bash expat
+
+WORKDIR /
+
+ARG TARGETARCH
+COPY --from=builder /workspace/vela-${TARGETARCH} /bin/vela
+ENTRYPOINT ["/bin/vela"]

Dockerfile.cloudshell

@@ -0,0 +1,31 @@
+ARG BASE_IMAGE
+# Build the cli binary
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder
+ARG GOPROXY
+ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY apis/ apis/
+COPY pkg/ pkg/
+COPY version/ version/
+COPY references/ references/
+
+# Build
+ARG VERSION
+ARG GITVERSION
+
+RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
+    go build -a -ldflags "-s -w -X github.com/oam-dev/kubevela/version.VelaVersion=${VERSION:-undefined} -X github.com/oam-dev/kubevela/version.GitRevision=${GITVERSION:-undefined}" \
+    -o vela ./references/cmd/cli/main.go
+
+FROM ghcr.io/cloudtty/cloudshell:v0.2.0
+RUN apt-get install -y vim
+ENV API_TOKEN_PATH=/usr/local/kubeconfig/token
+COPY --from=builder /workspace/vela  /usr/local/bin/vela

Dockerfile.e2e

@@ -39,7 +39,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
 
 FROM ${BASE_IMAGE:-alpine:3.15}
-# This is required by daemon connnecting with cri
+# This is required by daemon connecting with cri
 RUN apk add --no-cache ca-certificates bash expat
 
 WORKDIR /

Makefile

@@ -14,7 +14,7 @@ test: vet lint staticcheck unit-test-core test-cli-gen
 
 test-cli-gen: 
 	mkdir -p ./bin/doc
-	go run ./hack/docgen/gen.go ./bin/doc
+	go run ./hack/docgen/cli/gen.go ./bin/doc
 unit-test-core:
 	go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... ./apis/... | grep -v apiserver | grep -v applicationconfiguration)
 	go test $(shell go list ./references/... | grep -v apiserver)

README.md

@@ -21,23 +21,29 @@
 
 KubeVela is a modern application delivery platform that makes deploying and operating applications across today's hybrid, multi-cloud environments easier, faster and more reliable.
 
-![](docs/resources/what-is-kubevela.png)
+![kubevela](docs/resources/what-is-kubevela.png)
 
 ## Highlights
 
 KubeVela practices the "render, orchestrate, deploy" workflow with below highlighted values added to existing ecosystem:
 
-- *Application Centric* - KubeVela introduces [Open Application Model (OAM)](https://oam.dev/) as the consistent yet higher level API to capture and render a full deployment of microservices on top of hybrid environments. Placement strategy, traffic shifting and rolling update are declared at application level. No infrastructure level concern, simply deploy.
+* Deployment as Code
 
-- *Programmable Workflow* - KubeVela models application delivery as DAG (Directed Acyclic Graph) and expresses it with [CUE](https://cuelang.org/) - a modern data configuration language. This allows you to design application deployment steps per needs and orchestrate them in programmable approach. No restrictions, natively extensible.
+Declare your deployment plan as workflow, run it automatically with any CI/CD or GitOps system, extend or re-program the workflow steps with CUE. No add-hoc scripts, no dirty glue code, just deploy. The deployment workflow in KubeVela is powered by [Open Application Model](https://oam.dev/).
 
-- *Infrastructure Agnostic* - KubeVela works as an application delivery control plane that is fully decoupled from runtime infrastructure. It can deploy any workload types including containers, cloud services, databases, or even VM instances to any cloud or Kubernetes cluster, following the workflow designed by you.
+* Built-in security and compliance building blocks
+
+Choose from the wide range of LDAP integrations we provided out-of-box, enjoy multi-cluster authorization that is fully automated, pick and apply fine-grained RBAC modules and customize them per your own supply chain requirements.
+
+* Multi-cloud/hybrid-environments app delivery as first-class citizen
+
+Progressive rollout across test/staging/production environments, automatic canary, blue-green and continuous verification, rich placement strategy across clusters and clouds, fully managed cloud environments provision.
 
 ## Getting Started
 
-- [Introduction](https://kubevela.io/docs)
-- [Installation](https://kubevela.io/docs/install)
-- [Design Your First Deployment Plan](https://kubevela.io/docs/quick-start)
+* [Introduction](https://kubevela.io/docs)
+* [Installation](https://kubevela.io/docs/install)
+* [Deploy Your Application](https://kubevela.io/docs/quick-start)
 
 ## Documentation
 
@@ -49,7 +55,7 @@ Official blog is available on [KubeVela blog](https://kubevela.io/blog).
 
 ## Community
 
-We want your contributions and suggestions! 
+We want your contributions and suggestions!
 One of the easiest ways to contribute is to participate in discussions on the Github Issues/Discussion, chat on IM or the bi-weekly community calls.
 For more information on the community engagement, developer and contributing guidelines and more, head over to the [KubeVela community repo](https://github.com/kubevela/community).
 
@@ -69,23 +75,17 @@ Every two weeks we host a community call to showcase new features, review upcomi
 
 - Bi-weekly Community Call:
   - [Meeting Notes](https://docs.google.com/document/d/1nqdFEyULekyksFHtFvgvFAYE-0AMHKoS3RMnaKsarjs).
-  - [Video Records](https://kubevela.io/videos/meetings/en/meetings).
+  - [Video Records](https://www.youtube.com/channel/UCSCTHhGI5XJ0SEhDHVakPAA/videos).
 - Bi-weekly Chinese Community Call:
-  - [Video Records](https://kubevela.io/videos/meetings/cn/v1.3).
+  - [Video Records](https://space.bilibili.com/180074935/channel/seriesdetail?sid=1842207).
 
 ## Talks and Conferences
 
-| Engagement | Link        |
-|:-----------|:------------|
-| 🎤  Talks | - [KubeVela - The Modern App Delivery System in Alibaba](https://docs.google.com/presentation/d/1CWCLcsKpDQB3bBDTfdv2BZ8ilGGJv2E8L-iOA5HMrV0/edit?usp=sharing) |
-| 🌎 KubeCon | - [ [NA 2020] Standardizing Cloud Native Application Delivery Across Different Clouds](https://www.youtube.com/watch?v=0yhVuBIbHcI) <br> - [ [EU 2021] Zero Pain Microservice Development and Deployment with Dapr and KubeVela](https://sched.co/iE4S) |
-| 📺 Conferences | - [Dapr, Rudr, OAM: Mark Russinovich presents next gen app development & deployment](https://www.youtube.com/watch?v=eJCu6a-x9uo) <br> - [Mark Russinovich presents "The Future of Cloud Native Applications with OAM and Dapr"](https://myignite.techcommunity.microsoft.com/sessions/82059)|
-
-For more talks, please checkout [KubeVela Talks](https://kubevela.io/videos/talks/en/standardizing-app).
+Check out [KubeVela videos](https://kubevela.io/videos/talks/en/oam-dapr) for these talks and conferences.
 
 ## Contributing
 
-Check out [CONTRIBUTING](./CONTRIBUTING.md) to see how to develop with KubeVela.
+Check out [CONTRIBUTING](https://kubevela.io/docs/contributor/overview) to see how to develop with KubeVela.
 
 ## Report Vulnerability
 

apis/core.oam.dev/common/types.go

@@ -216,19 +216,19 @@ type WorkflowState string
 
 const (
 	// WorkflowStateInitializing means the workflow is in initial state
-	WorkflowStateInitializing WorkflowState = "initializing"
+	WorkflowStateInitializing WorkflowState = "Initializing"
 	// WorkflowStateTerminated means workflow is terminated manually, and it won't be started unless the spec changed.
-	WorkflowStateTerminated WorkflowState = "terminated"
+	WorkflowStateTerminated WorkflowState = "Terminated"
 	// WorkflowStateSuspended means workflow is suspended manually, and it can be resumed.
-	WorkflowStateSuspended WorkflowState = "suspended"
+	WorkflowStateSuspended WorkflowState = "Suspended"
 	// WorkflowStateSucceeded means workflow is running successfully, all steps finished.
 	WorkflowStateSucceeded WorkflowState = "Succeeded"
 	// WorkflowStateFinished means workflow is end.
-	WorkflowStateFinished WorkflowState = "finished"
+	WorkflowStateFinished WorkflowState = "Finished"
 	// WorkflowStateExecuting means workflow is still running or waiting some steps.
-	WorkflowStateExecuting WorkflowState = "executing"
+	WorkflowStateExecuting WorkflowState = "Executing"
 	// WorkflowStateSkipping means it will skip this reconcile and let next reconcile to handle it.
-	WorkflowStateSkipping WorkflowState = "skipping"
+	WorkflowStateSkipping WorkflowState = "Skipping"
 )
 
 // ApplicationComponentStatus record the health status of App component
@@ -342,11 +342,17 @@ type WorkflowStep struct {
 
 	Type string `json:"type"`
 
+	Meta *WorkflowStepMeta `json:"meta,omitempty"`
+
 	// +kubebuilder:pruning:PreserveUnknownFields
 	Properties *runtime.RawExtension `json:"properties,omitempty"`
 
 	SubSteps []WorkflowSubStep `json:"subSteps,omitempty"`
 
+	If string `json:"if,omitempty"`
+
+	Timeout string `json:"timeout,omitempty"`
+
 	DependsOn []string `json:"dependsOn,omitempty"`
 
 	Inputs StepInputs `json:"inputs,omitempty"`
@@ -354,6 +360,11 @@ type WorkflowStep struct {
 	Outputs StepOutputs `json:"outputs,omitempty"`
 }
 
+// WorkflowStepMeta contains the meta data of a workflow step
+type WorkflowStepMeta struct {
+	Alias string `json:"alias,omitempty"`
+}
+
 // WorkflowSubStep defines how to execute a workflow subStep.
 type WorkflowSubStep struct {
 	// Name is the unique name of the workflow step.
@@ -361,9 +372,15 @@ type WorkflowSubStep struct {
 
 	Type string `json:"type"`
 
+	Meta *WorkflowStepMeta `json:"meta,omitempty"`
+
 	// +kubebuilder:pruning:PreserveUnknownFields
 	Properties *runtime.RawExtension `json:"properties,omitempty"`
 
+	If string `json:"if,omitempty"`
+
+	Timeout string `json:"timeout,omitempty"`
+
 	DependsOn []string `json:"dependsOn,omitempty"`
 
 	Inputs StepInputs `json:"inputs,omitempty"`
@@ -397,10 +414,14 @@ const (
 	WorkflowStepPhaseSucceeded WorkflowStepPhase = "succeeded"
 	// WorkflowStepPhaseFailed will report error in `message`.
 	WorkflowStepPhaseFailed WorkflowStepPhase = "failed"
+	// WorkflowStepPhaseSkipped will make the controller skip the step.
+	WorkflowStepPhaseSkipped WorkflowStepPhase = "skipped"
 	// WorkflowStepPhaseStopped will make the controller stop the workflow.
 	WorkflowStepPhaseStopped WorkflowStepPhase = "stopped"
 	// WorkflowStepPhaseRunning will make the controller continue the workflow.
 	WorkflowStepPhaseRunning WorkflowStepPhase = "running"
+	// WorkflowStepPhasePending will make the controller wait for the step to run.
+	WorkflowStepPhasePending WorkflowStepPhase = "pending"
 )
 
 // DefinitionType describes the type of DefinitionRevision.

apis/core.oam.dev/common/zz_generated.deepcopy.go

@@ -684,6 +684,11 @@ func (in *WorkflowStatus) DeepCopy() *WorkflowStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
 	*out = *in
+	if in.Meta != nil {
+		in, out := &in.Meta, &out.Meta
+		*out = new(WorkflowStepMeta)
+		**out = **in
+	}
 	if in.Properties != nil {
 		in, out := &in.Properties, &out.Properties
 		*out = new(runtime.RawExtension)
@@ -723,6 +728,21 @@ func (in *WorkflowStep) DeepCopy() *WorkflowStep {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowStepMeta) DeepCopyInto(out *WorkflowStepMeta) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStepMeta.
+func (in *WorkflowStepMeta) DeepCopy() *WorkflowStepMeta {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowStepMeta)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkflowStepStatus) DeepCopyInto(out *WorkflowStepStatus) {
 	*out = *in
@@ -749,6 +769,11 @@ func (in *WorkflowStepStatus) DeepCopy() *WorkflowStepStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkflowSubStep) DeepCopyInto(out *WorkflowSubStep) {
 	*out = *in
+	if in.Meta != nil {
+		in, out := &in.Meta, &out.Meta
+		*out = new(WorkflowStepMeta)
+		**out = **in
+	}
 	if in.Properties != nil {
 		in, out := &in.Properties, &out.Properties
 		*out = new(runtime.RawExtension)

apis/core.oam.dev/v1alpha1/component_types.go

@@ -25,6 +25,8 @@ const (
 type RefObjectsComponentSpec struct {
 	// Objects the referrers to the Kubernetes objects
 	Objects []ObjectReferrer `json:"objects,omitempty"`
+	// URLs are the links that stores the referred objects
+	URLs []string `json:"urls,omitempty"`
 }
 
 // ObjectReferrer selects Kubernetes objects

apis/core.oam.dev/v1alpha1/envbinding_types.go

@@ -117,6 +117,9 @@ type PlacementDecision struct {
 
 // String encode placement decision
 func (in PlacementDecision) String() string {
+	if in.Namespace == "" {
+		return in.Cluster
+	}
 	return in.Cluster + "/" + in.Namespace
 }
 

apis/core.oam.dev/v1alpha1/garbagecollect_types.go

@@ -18,6 +18,7 @@ package v1alpha1
 
 import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/utils/strings/slices"
 
 	"github.com/oam-dev/kubevela/pkg/oam"
 )
@@ -66,6 +67,29 @@ type ResourcePolicyRuleSelector struct {
 	OAMResourceTypes []string `json:"oamTypes"`
 	TraitTypes       []string `json:"traitTypes"`
 	ResourceTypes    []string `json:"resourceTypes"`
+	ResourceNames    []string `json:"resourceNames"`
+}
+
+// Match check if current rule selector match the target resource
+func (in *ResourcePolicyRuleSelector) Match(manifest *unstructured.Unstructured) bool {
+	var compName, compType, oamType, traitType, resourceType, resourceName string
+	if labels := manifest.GetLabels(); labels != nil {
+		compName = labels[oam.LabelAppComponent]
+		compType = labels[oam.WorkloadTypeLabel]
+		oamType = labels[oam.LabelOAMResourceType]
+		traitType = labels[oam.TraitTypeLabel]
+	}
+	resourceType = manifest.GetKind()
+	resourceName = manifest.GetName()
+	match := func(src []string, val string) (found bool) {
+		return val != "" && slices.Contains(src, val)
+	}
+	return match(in.CompNames, compName) ||
+		match(in.CompTypes, compType) ||
+		match(in.OAMResourceTypes, oamType) ||
+		match(in.TraitTypes, traitType) ||
+		match(in.ResourceTypes, resourceType) ||
+		match(in.ResourceNames, resourceName)
 }
 
 // GarbageCollectStrategy the strategy for target resource to recycle
@@ -84,23 +108,7 @@ const (
 // FindStrategy find gc strategy for target resource
 func (in GarbageCollectPolicySpec) FindStrategy(manifest *unstructured.Unstructured) *GarbageCollectStrategy {
 	for _, rule := range in.Rules {
-		var compName, compType, oamType, traitType string
-		if labels := manifest.GetLabels(); labels != nil {
-			compName = labels[oam.LabelAppComponent]
-			compType = labels[oam.WorkloadTypeLabel]
-			oamType = labels[oam.LabelOAMResourceType]
-			traitType = labels[oam.TraitTypeLabel]
-		}
-		match := func(src []string, val string) (found bool) {
-			for _, _val := range src {
-				found = found || _val == val
-			}
-			return val != "" && found
-		}
-		if match(rule.Selector.CompNames, compName) ||
-			match(rule.Selector.CompTypes, compType) ||
-			match(rule.Selector.OAMResourceTypes, oamType) ||
-			match(rule.Selector.TraitTypes, traitType) {
+		if rule.Selector.Match(manifest) {
 			return &rule.Strategy
 		}
 	}

apis/core.oam.dev/v1alpha1/policy_types.go

@@ -16,6 +16,8 @@ limitations under the License.
 
 package v1alpha1
 
+import "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+
 const (
 	// TopologyPolicyType refers to the type of topology policy
 	TopologyPolicyType = "topology"
@@ -23,6 +25,8 @@ const (
 	OverridePolicyType = "override"
 	// DebugPolicyType refers to the type of debug policy
 	DebugPolicyType = "debug"
+	// SharedResourcePolicyType refers to the type of shared resource policy
+	SharedResourcePolicyType = "shared-resource"
 )
 
 // TopologyPolicySpec defines the spec of topology policy
@@ -53,3 +57,23 @@ type OverridePolicySpec struct {
 	Components []EnvComponentPatch `json:"components,omitempty"`
 	Selector   []string            `json:"selector,omitempty"`
 }
+
+// SharedResourcePolicySpec defines the spec of shared-resource policy
+type SharedResourcePolicySpec struct {
+	Rules []SharedResourcePolicyRule `json:"rules"`
+}
+
+// SharedResourcePolicyRule defines the rule for sharing resources
+type SharedResourcePolicyRule struct {
+	Selector ResourcePolicyRuleSelector `json:"selector"`
+}
+
+// FindStrategy return if the target resource should be shared
+func (in SharedResourcePolicySpec) FindStrategy(manifest *unstructured.Unstructured) bool {
+	for _, rule := range in.Rules {
+		if rule.Selector.Match(manifest) {
+			return true
+		}
+	}
+	return false
+}

apis/core.oam.dev/v1alpha1/policy_types_test.go

@@ -0,0 +1,69 @@
+/*
+Copyright 2022 The KubeVela Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+func TestSharedResourcePolicySpec_FindStrategy(t *testing.T) {
+	testCases := map[string]struct {
+		rules   []SharedResourcePolicyRule
+		input   *unstructured.Unstructured
+		matched bool
+	}{
+		"shared resource rule resourceName match": {
+			rules: []SharedResourcePolicyRule{{
+				Selector: ResourcePolicyRuleSelector{ResourceNames: []string{"example"}},
+			}},
+			input: &unstructured.Unstructured{Object: map[string]interface{}{
+				"metadata": map[string]interface{}{
+					"name": "example",
+				},
+			}},
+			matched: true,
+		},
+		"shared resource rule resourceType match": {
+			rules: []SharedResourcePolicyRule{{
+				Selector: ResourcePolicyRuleSelector{ResourceTypes: []string{"ConfigMap", "Namespace"}},
+			}},
+			input: &unstructured.Unstructured{Object: map[string]interface{}{
+				"kind": "Namespace",
+			}},
+			matched: true,
+		},
+		"shared resource rule mismatch": {
+			rules: []SharedResourcePolicyRule{{
+				Selector: ResourcePolicyRuleSelector{ResourceNames: []string{"mismatch"}},
+			}},
+			input: &unstructured.Unstructured{Object: map[string]interface{}{
+				"kind": "Namespace",
+			}},
+			matched: false,
+		},
+	}
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			r := require.New(t)
+			spec := SharedResourcePolicySpec{Rules: tc.rules}
+			r.Equal(tc.matched, spec.FindStrategy(tc.input))
+		})
+	}
+}

apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go

@@ -595,6 +595,11 @@ func (in *RefObjectsComponentSpec) DeepCopyInto(out *RefObjectsComponentSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.URLs != nil {
+		in, out := &in.URLs, &out.URLs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RefObjectsComponentSpec.
@@ -635,6 +640,11 @@ func (in *ResourcePolicyRuleSelector) DeepCopyInto(out *ResourcePolicyRuleSelect
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.ResourceNames != nil {
+		in, out := &in.ResourceNames, &out.ResourceNames
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicyRuleSelector.
@@ -647,6 +657,44 @@ func (in *ResourcePolicyRuleSelector) DeepCopy() *ResourcePolicyRuleSelector {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SharedResourcePolicyRule) DeepCopyInto(out *SharedResourcePolicyRule) {
+	*out = *in
+	in.Selector.DeepCopyInto(&out.Selector)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedResourcePolicyRule.
+func (in *SharedResourcePolicyRule) DeepCopy() *SharedResourcePolicyRule {
+	if in == nil {
+		return nil
+	}
+	out := new(SharedResourcePolicyRule)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SharedResourcePolicySpec) DeepCopyInto(out *SharedResourcePolicySpec) {
+	*out = *in
+	if in.Rules != nil {
+		in, out := &in.Rules, &out.Rules
+		*out = make([]SharedResourcePolicyRule, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedResourcePolicySpec.
+func (in *SharedResourcePolicySpec) DeepCopy() *SharedResourcePolicySpec {
+	if in == nil {
+		return nil
+	}
+	out := new(SharedResourcePolicySpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TopologyPolicySpec) DeepCopyInto(out *TopologyPolicySpec) {
 	*out = *in

apis/core.oam.dev/v1beta1/application_types.go

@@ -54,8 +54,15 @@ type WorkflowStep common.WorkflowStep
 
 // Workflow defines workflow steps and other attributes
 type Workflow struct {
-	Ref   string         `json:"ref,omitempty"`
-	Steps []WorkflowStep `json:"steps,omitempty"`
+	Ref   string               `json:"ref,omitempty"`
+	Mode  *WorkflowExecuteMode `json:"mode,omitempty"`
+	Steps []WorkflowStep       `json:"steps,omitempty"`
+}
+
+// WorkflowExecuteMode defines the mode of workflow execution
+type WorkflowExecuteMode struct {
+	Steps    common.WorkflowMode `json:"steps,omitempty"`
+	SubSteps common.WorkflowMode `json:"subSteps,omitempty"`
 }
 
 // ApplicationSpec is the spec of Application

apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go

@@ -927,6 +927,11 @@ func (in *TraitDefinitionStatus) DeepCopy() *TraitDefinitionStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Workflow) DeepCopyInto(out *Workflow) {
 	*out = *in
+	if in.Mode != nil {
+		in, out := &in.Mode, &out.Mode
+		*out = new(WorkflowExecuteMode)
+		**out = **in
+	}
 	if in.Steps != nil {
 		in, out := &in.Steps, &out.Steps
 		*out = make([]WorkflowStep, len(*in))
@@ -946,9 +951,29 @@ func (in *Workflow) DeepCopy() *Workflow {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowExecuteMode) DeepCopyInto(out *WorkflowExecuteMode) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowExecuteMode.
+func (in *WorkflowExecuteMode) DeepCopy() *WorkflowExecuteMode {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowExecuteMode)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
 	*out = *in
+	if in.Meta != nil {
+		in, out := &in.Meta, &out.Meta
+		*out = new(common.WorkflowStepMeta)
+		**out = **in
+	}
 	if in.Properties != nil {
 		in, out := &in.Properties, &out.Properties
 		*out = new(runtime.RawExtension)

apis/types/capability.go

@@ -80,6 +80,8 @@ const (
 	OpenapiV3JSONSchema string = "openapi-v3-json-schema"
 	// UISchema is the key to store ui custom schema
 	UISchema string = "ui-schema"
+	// VelaQLConfigmapKey is the key to store velaql view
+	VelaQLConfigmapKey string = "template"
 )
 
 // CapabilityCategory defines the category of a capability
@@ -163,6 +165,7 @@ type Capability struct {
 	Center         string             `json:"center,omitempty"`
 	Status         string             `json:"status,omitempty"`
 	Description    string             `json:"description,omitempty"`
+	Example        string             `json:"example,omitempty"`
 	Labels         map[string]string  `json:"labels,omitempty"`
 	Category       CapabilityCategory `json:"category,omitempty"`
 

apis/types/types.go

@@ -48,6 +48,8 @@ var DefaultKubeVelaNS = "vela-system"
 const (
 	// AnnoDefinitionDescription is the annotation which describe what is the capability used for in a WorkloadDefinition/TraitDefinition Object
 	AnnoDefinitionDescription = "definition.oam.dev/description"
+	// AnnoDefinitionExampleURL is the annotation which describe url of usage examples of the capability, it will be loaded in documentation generate.
+	AnnoDefinitionExampleURL = "definition.oam.dev/example-url"
 	// AnnoDefinitionAlias is the annotation for definition alias
 	AnnoDefinitionAlias = "definition.oam.dev/alias"
 	// AnnoDefinitionIcon is the annotation which describe the icon url
@@ -70,6 +72,8 @@ const (
 	AnnoIngressControllerHTTPSPort = "ingress.controller/https-port"
 	// AnnoIngressControllerHTTPPort define ingress controller listen port for http
 	AnnoIngressControllerHTTPPort = "ingress.controller/http-port"
+	// AnnoIngressControllerHost define ingress controller externally host
+	AnnoIngressControllerHost = "ingress.controller/host"
 	// LabelConfigType is the label for config type
 	LabelConfigType = "config.oam.dev/type"
 	// LabelConfigCatalog is the label for config catalog
@@ -169,8 +173,3 @@ const (
 	// VelaCoreConfig is to mark application, config and its secret or Terraform provider lelong to a KubeVela config
 	VelaCoreConfig = "velacore-config"
 )
-
-const (
-	// ClusterGatewayAccessorGroup the group to impersonate which allows the access to the cluster-gateway
-	ClusterGatewayAccessorGroup = "cluster-gateway-accessor"
-)

charts/vela-core/README.md

@@ -53,11 +53,12 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
 
 ### KubeVela workflow parameters
 
-| Name                                   | Description                                            | Value |
-| -------------------------------------- | ------------------------------------------------------ | ----- |
-| `workflow.backoff.maxTime.waitState`   | The max backoff time of workflow in a wait condition   | `60`  |
-| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300` |
-| `workflow.step.errorRetryTimes`        | The max retry times of a failed workflow step          | `10`  |
+| Name                                   | Description                                            | Value   |
+| -------------------------------------- | ------------------------------------------------------ | ------- |
+| `workflow.enableSuspendOnFailure`      | Enable suspend on workflow failure                     | `false` |
+| `workflow.backoff.maxTime.waitState`   | The max backoff time of workflow in a wait condition   | `60`    |
+| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300`   |
+| `workflow.step.errorRetryTimes`        | The max retry times of a failed workflow step          | `10`    |
 
 
 ### KubeVela controller parameters
@@ -92,6 +93,7 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
 | `optimize.enableInMemoryWorkflowContext`          | Optimize workflow by use in-memory context.                                                                                                       | `false` |
 | `optimize.disableResourceApplyDoubleCheck`        | Optimize workflow by ignoring resource double check after apply.                                                                                  | `false` |
 | `optimize.enableResourceTrackerDeleteOnlyTrigger` | Optimize resourcetracker by only trigger reconcile when resourcetracker is deleted.                                                               | `true`  |
+| `featureGates.enableLegacyComponentRevision`      | if disabled, only component with rollout trait will create component revisions                                                                    | `false` |
 
 
 ### MultiCluster parameters
@@ -103,7 +105,7 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
 | `multicluster.clusterGateway.replicaCount`                  | ClusterGateway replica count                    | `1`                              |
 | `multicluster.clusterGateway.port`                          | ClusterGateway port                             | `9443`                           |
 | `multicluster.clusterGateway.image.repository`              | ClusterGateway image repository                 | `oamdev/cluster-gateway`         |
-| `multicluster.clusterGateway.image.tag`                     | ClusterGateway image tag                        | `v1.3.2`                         |
+| `multicluster.clusterGateway.image.tag`                     | ClusterGateway image tag                        | `v1.4.0`                         |
 | `multicluster.clusterGateway.image.pullPolicy`              | ClusterGateway image pull policy                | `IfNotPresent`                   |
 | `multicluster.clusterGateway.resources.limits.cpu`          | ClusterGateway cpu limit                        | `100m`                           |
 | `multicluster.clusterGateway.resources.limits.memory`       | ClusterGateway memory limit                     | `200Mi`                          |

charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml

@@ -2198,6 +2198,17 @@ spec:
                           a context in annotation. - should mark "finish" phase in
                           status.conditions.'
                         properties:
+                          mode:
+                            description: WorkflowExecuteMode defines the mode of workflow
+                              execution
+                            properties:
+                              steps:
+                                description: WorkflowMode describes the mode of workflow
+                                type: string
+                              subSteps:
+                                description: WorkflowMode describes the mode of workflow
+                                type: string
+                            type: object
                           ref:
                             type: string
                           steps:
@@ -2209,6 +2220,8 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                if:
+                                  type: string
                                 inputs:
                                   description: StepInputs defines variable input of
                                     WorkflowStep
@@ -2223,6 +2236,13 @@ spec:
                                     - parameterKey
                                     type: object
                                   type: array
+                                meta:
+                                  description: WorkflowStepMeta contains the meta
+                                    data of a workflow step
+                                  properties:
+                                    alias:
+                                      type: string
+                                  type: object
                                 name:
                                   description: Name is the unique name of the workflow
                                     step.
@@ -2253,6 +2273,8 @@ spec:
                                         items:
                                           type: string
                                         type: array
+                                      if:
+                                        type: string
                                       inputs:
                                         description: StepInputs defines variable input
                                           of WorkflowStep
@@ -2267,6 +2289,13 @@ spec:
                                           - parameterKey
                                           type: object
                                         type: array
+                                      meta:
+                                        description: WorkflowStepMeta contains the
+                                          meta data of a workflow step
+                                        properties:
+                                          alias:
+                                            type: string
+                                        type: object
                                       name:
                                         description: Name is the unique name of the
                                           workflow step.
@@ -2288,6 +2317,8 @@ spec:
                                       properties:
                                         type: object
                                         x-kubernetes-preserve-unknown-fields: true
+                                      timeout:
+                                        type: string
                                       type:
                                         type: string
                                     required:
@@ -2295,6 +2326,8 @@ spec:
                                     - type
                                     type: object
                                   type: array
+                                timeout:
+                                  type: string
                                 type:
                                   type: string
                               required:
@@ -3954,6 +3987,8 @@ spec:
                           items:
                             type: string
                           type: array
+                        if:
+                          type: string
                         inputs:
                           description: StepInputs defines variable input of WorkflowStep
                           items:
@@ -3967,6 +4002,13 @@ spec:
                             - parameterKey
                             type: object
                           type: array
+                        meta:
+                          description: WorkflowStepMeta contains the meta data of
+                            a workflow step
+                          properties:
+                            alias:
+                              type: string
+                          type: object
                         name:
                           description: Name is the unique name of the workflow step.
                           type: string
@@ -3995,6 +4037,8 @@ spec:
                                 items:
                                   type: string
                                 type: array
+                              if:
+                                type: string
                               inputs:
                                 description: StepInputs defines variable input of
                                   WorkflowStep
@@ -4009,6 +4053,13 @@ spec:
                                   - parameterKey
                                   type: object
                                 type: array
+                              meta:
+                                description: WorkflowStepMeta contains the meta data
+                                  of a workflow step
+                                properties:
+                                  alias:
+                                    type: string
+                                type: object
                               name:
                                 description: Name is the unique name of the workflow
                                   step.
@@ -4030,6 +4081,8 @@ spec:
                               properties:
                                 type: object
                                 x-kubernetes-preserve-unknown-fields: true
+                              timeout:
+                                type: string
                               type:
                                 type: string
                             required:
@@ -4037,6 +4090,8 @@ spec:
                             - type
                             type: object
                           type: array
+                        timeout:
+                          type: string
                         type:
                           type: string
                       required:

charts/vela-core/crds/core.oam.dev_applications.yaml

@@ -1009,6 +1009,17 @@ spec:
                   order, and each step: - will have a context in annotation. - should
                   mark "finish" phase in status.conditions.'
                 properties:
+                  mode:
+                    description: WorkflowExecuteMode defines the mode of workflow
+                      execution
+                    properties:
+                      steps:
+                        description: WorkflowMode describes the mode of workflow
+                        type: string
+                      subSteps:
+                        description: WorkflowMode describes the mode of workflow
+                        type: string
+                    type: object
                   ref:
                     type: string
                   steps:
@@ -1020,6 +1031,8 @@ spec:
                           items:
                             type: string
                           type: array
+                        if:
+                          type: string
                         inputs:
                           description: StepInputs defines variable input of WorkflowStep
                           items:
@@ -1033,6 +1046,13 @@ spec:
                             - parameterKey
                             type: object
                           type: array
+                        meta:
+                          description: WorkflowStepMeta contains the meta data of
+                            a workflow step
+                          properties:
+                            alias:
+                              type: string
+                          type: object
                         name:
                           description: Name is the unique name of the workflow step.
                           type: string
@@ -1061,6 +1081,8 @@ spec:
                                 items:
                                   type: string
                                 type: array
+                              if:
+                                type: string
                               inputs:
                                 description: StepInputs defines variable input of
                                   WorkflowStep
@@ -1075,6 +1097,13 @@ spec:
                                   - parameterKey
                                   type: object
                                 type: array
+                              meta:
+                                description: WorkflowStepMeta contains the meta data
+                                  of a workflow step
+                                properties:
+                                  alias:
+                                    type: string
+                                type: object
                               name:
                                 description: Name is the unique name of the workflow
                                   step.
@@ -1096,6 +1125,8 @@ spec:
                               properties:
                                 type: object
                                 x-kubernetes-preserve-unknown-fields: true
+                              timeout:
+                                type: string
                               type:
                                 type: string
                             required:
@@ -1103,6 +1134,8 @@ spec:
                             - type
                             type: object
                           type: array
+                        timeout:
+                          type: string
                         type:
                           type: string
                       required:

charts/vela-core/crds/core.oam.dev_workflows.yaml

@@ -42,6 +42,8 @@ spec:
                   items:
                     type: string
                   type: array
+                if:
+                  type: string
                 inputs:
                   description: StepInputs defines variable input of WorkflowStep
                   items:
@@ -55,6 +57,13 @@ spec:
                     - parameterKey
                     type: object
                   type: array
+                meta:
+                  description: WorkflowStepMeta contains the meta data of a workflow
+                    step
+                  properties:
+                    alias:
+                      type: string
+                  type: object
                 name:
                   description: Name is the unique name of the workflow step.
                   type: string
@@ -83,6 +92,8 @@ spec:
                         items:
                           type: string
                         type: array
+                      if:
+                        type: string
                       inputs:
                         description: StepInputs defines variable input of WorkflowStep
                         items:
@@ -96,6 +107,13 @@ spec:
                           - parameterKey
                           type: object
                         type: array
+                      meta:
+                        description: WorkflowStepMeta contains the meta data of a
+                          workflow step
+                        properties:
+                          alias:
+                            type: string
+                        type: object
                       name:
                         description: Name is the unique name of the workflow step.
                         type: string
@@ -115,6 +133,8 @@ spec:
                       properties:
                         type: object
                         x-kubernetes-preserve-unknown-fields: true
+                      timeout:
+                        type: string
                       type:
                         type: string
                     required:
@@ -122,6 +142,8 @@ spec:
                     - type
                     type: object
                   type: array
+                timeout:
+                  type: string
                 type:
                   type: string
               required:
@@ -137,6 +159,16 @@ spec:
       openAPIV3Schema:
         description: Workflow defines workflow steps and other attributes
         properties:
+          mode:
+            description: WorkflowExecuteMode defines the mode of workflow execution
+            properties:
+              steps:
+                description: WorkflowMode describes the mode of workflow
+                type: string
+              subSteps:
+                description: WorkflowMode describes the mode of workflow
+                type: string
+            type: object
           ref:
             type: string
           steps:
@@ -147,6 +179,8 @@ spec:
                   items:
                     type: string
                   type: array
+                if:
+                  type: string
                 inputs:
                   description: StepInputs defines variable input of WorkflowStep
                   items:
@@ -160,6 +194,13 @@ spec:
                     - parameterKey
                     type: object
                   type: array
+                meta:
+                  description: WorkflowStepMeta contains the meta data of a workflow
+                    step
+                  properties:
+                    alias:
+                      type: string
+                  type: object
                 name:
                   description: Name is the unique name of the workflow step.
                   type: string
@@ -188,6 +229,8 @@ spec:
                         items:
                           type: string
                         type: array
+                      if:
+                        type: string
                       inputs:
                         description: StepInputs defines variable input of WorkflowStep
                         items:
@@ -201,6 +244,13 @@ spec:
                           - parameterKey
                           type: object
                         type: array
+                      meta:
+                        description: WorkflowStepMeta contains the meta data of a
+                          workflow step
+                        properties:
+                          alias:
+                            type: string
+                        type: object
                       name:
                         description: Name is the unique name of the workflow step.
                         type: string
@@ -220,6 +270,8 @@ spec:
                       properties:
                         type: object
                         x-kubernetes-preserve-unknown-fields: true
+                      timeout:
+                        type: string
                       type:
                         type: string
                     required:
@@ -227,6 +279,8 @@ spec:
                     - type
                     type: object
                   type: array
+                timeout:
+                  type: string
                 type:
                   type: string
               required:

charts/vela-core/templates/cluster-gateway/certmanager.yaml

@@ -13,7 +13,7 @@ metadata:
   name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls
   namespace: {{ .Release.Namespace }}
 spec:
-  secretName: {{ template "kubevela.fullname" . }}-cluster-gateway-tls
+  secretName: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2
   duration: 8760h # 1y
   issuerRef:
     name: {{ template "kubevela.fullname" . }}-cluster-gateway-issuer

charts/vela-core/templates/cluster-gateway/cluster-gateway.yaml

@@ -31,7 +31,7 @@ spec:
             - "apiserver"
             - "--secure-port={{ .Values.multicluster.clusterGateway.port }}"
             - "--secret-namespace={{ .Release.Namespace }}"
-            - "--feature-gates=APIPriorityAndFairness=false"
+            - "--feature-gates=APIPriorityAndFairness=false,ClientIdentityPenetration={{ .Values.authentication.enabled }}"
             {{- if .Values.multicluster.clusterGateway.secureTLS.enabled }}
             - "--tls-cert-file={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}/tls.crt"
             - "--tls-private-key-file={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}/tls.key"
@@ -53,7 +53,7 @@ spec:
         - name: tls-cert-vol
           secret:
             defaultMode: 420
-            secretName: {{ template "kubevela.fullname" . }}-cluster-gateway-tls
+            secretName: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2
       {{ end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
@@ -106,7 +106,7 @@ metadata:
   name: v1alpha1.cluster.core.oam.dev
   annotations:
     {{- if and .Values.multicluster.clusterGateway.secureTLS.enabled .Values.multicluster.clusterGateway.secureTLS.certManager.enabled }}
-    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ template "kubevela.fullname" . }}-cluster-gateway-tls"
+    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2"
     {{- end }}
   labels:
     api: cluster-extension-apiserver
@@ -129,7 +129,7 @@ spec:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "kubevela.fullname" . }}:cluster-gateway-access-role
+  name: {{ include "kubevela.fullname" . }}:cluster-gateway:proxy
 rules:
   - apiGroups: [ "cluster.core.oam.dev" ]
     resources: [ "clustergateways/proxy" ]
@@ -138,16 +138,16 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "kubevela.fullname" . }}:cluster-gateway-access-rolebinding
+  name: {{ include "kubevela.fullname" . }}:cluster-gateway:proxy
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "kubevela.fullname" . }}:cluster-gateway-access-role
+  name: {{ include "kubevela.fullname" . }}:cluster-gateway:proxy
 subjects:
-  - kind: Group
-    name: cluster-gateway-accessor
-    apiGroup: rbac.authorization.k8s.io
   - kind: Group
     name: kubevela:client
     apiGroup: rbac.authorization.k8s.io
+  - kind: ServiceAccount
+    name: {{ include "kubevela.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
 {{ end }}

charts/vela-core/templates/cluster-gateway/job-patch.yaml

@@ -86,7 +86,7 @@ spec:
           - create
           - --host={{ .Release.Name }}-cluster-gateway-service,{{ .Release.Name }}-cluster-gateway-service.{{ .Release.Namespace }}.svc
           - --namespace={{ .Release.Namespace }}
-          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls
+          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2
           - --cert-name=tls.crt
           - --key-name=tls.key
       restartPolicy: OnFailure
@@ -131,7 +131,7 @@ spec:
           - /patch
         args:
           - --secret-namespace={{ .Release.Namespace }}
-          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls
+          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2
       restartPolicy: OnFailure
       serviceAccountName: {{ include "kubevela.serviceAccountName" . }}
       securityContext:

charts/vela-core/templates/defwithtemplate/affinity.yaml

@@ -0,0 +1,186 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/affinity.cue
+apiVersion: core.oam.dev/v1beta1
+kind: TraitDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Affinity specifies affinity and toleration K8s pod for your workload which follows the pod spec in path 'spec.template'.
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
+  name: affinity
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  appliesToWorkloads:
+    - '*'
+  podDisruptive: true
+  schematic:
+    cue:
+      template: |
+        patch: spec: template: spec: {
+        	if parameter.podAffinity != _|_ {
+        		affinity: podAffinity: {
+        			if parameter.podAffinity.required != _|_ {
+        				requiredDuringSchedulingIgnoredDuringExecution: [
+        					for k in parameter.podAffinity.required {
+        						if k.labelSelector != _|_ {
+        							labelSelector: k.labelSelector
+        						}
+        						if k.namespace != _|_ {
+        							namespace: k.namespace
+        						}
+        						topologyKey: k.topologyKey
+        						if k.namespaceSelector != _|_ {
+        							namespaceSelector: k.namespaceSelector
+        						}
+        					}]
+        			}
+        			if parameter.podAffinity.preferred != _|_ {
+        				preferredDuringSchedulingIgnoredDuringExecution: [
+        					for k in parameter.podAffinity.preferred {
+        						weight:          k.weight
+        						podAffinityTerm: k.podAffinityTerm
+        					}]
+        			}
+        		}
+        	}
+        	if parameter.podAntiAffinity != _|_ {
+        		affinity: podAntiAffinity: {
+        			if parameter.podAntiAffinity.required != _|_ {
+        				requiredDuringSchedulingIgnoredDuringExecution: [
+        					for k in parameter.podAntiAffinity.required {
+        						if k.labelSelector != _|_ {
+        							labelSelector: k.labelSelector
+        						}
+        						if k.namespace != _|_ {
+        							namespace: k.namespace
+        						}
+        						topologyKey: k.topologyKey
+        						if k.namespaceSelector != _|_ {
+        							namespaceSelector: k.namespaceSelector
+        						}
+        					}]
+        			}
+        			if parameter.podAntiAffinity.preferred != _|_ {
+        				preferredDuringSchedulingIgnoredDuringExecution: [
+        					for k in parameter.podAntiAffinity.preferred {
+        						weight:          k.weight
+        						podAffinityTerm: k.podAffinityTerm
+        					}]
+        			}
+        		}
+        	}
+        	if parameter.nodeAffinity != _|_ {
+        		affinity: nodeAffinity: {
+        			if parameter.nodeAffinity.required != _|_ {
+        				requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: [
+        					for k in parameter.nodeAffinity.required.nodeSelectorTerms {
+        						if k.matchExpressions != _|_ {
+        							matchExpressions: k.matchExpressions
+        						}
+        						if k.matchFields != _|_ {
+        							matchFields: k.matchFields
+        						}
+        					}]
+        			}
+        			if parameter.nodeAffinity.preferred != _|_ {
+        				preferredDuringSchedulingIgnoredDuringExecution: [
+        					for k in parameter.nodeAffinity.preferred {
+        						weight:     k.weight
+        						preference: k.preference
+        					}]
+        			}
+        		}
+        	}
+        	if parameter.tolerations != _|_ {
+        		tolerations: [
+        			for k in parameter.tolerations {
+        				if k.key != _|_ {
+        					key: k.key
+        				}
+        				if k.effect != _|_ {
+        					effect: k.effect
+        				}
+        				if k.value != _|_ {
+        					value: k.value
+        				}
+        				operator: k.operator
+        				if k.tolerationSeconds != _|_ {
+        					tolerationSeconds: k.tolerationSeconds
+        				}
+        			}]
+        	}
+        }
+        #labelSelector: {
+        	matchLabels?: [string]: string
+        	matchExpressions?: [...{
+        		key:      string
+        		operator: *"In" | "NotIn" | "Exists" | "DoesNotExist"
+        		values?: [...string]
+        	}]
+        }
+        #podAffinityTerm: {
+        	labelSelector?: #labelSelector
+        	namespaces?: [...string]
+        	topologyKey:        string
+        	namespaceSelector?: #labelSelector
+        }
+        #nodeSelecor: {
+        	key:      string
+        	operator: *"In" | "NotIn" | "Exists" | "DoesNotExist" | "Gt" | "Lt"
+        	values?: [...string]
+        }
+        #nodeSelectorTerm: {
+        	matchExpressions?: [...#nodeSelecor]
+        	matchFields?: [...#nodeSelecor]
+        }
+        parameter: {
+        	// +usage=Specify the pod affinity scheduling rules
+        	podAffinity?: {
+        		// +usage=Specify the required during scheduling ignored during execution
+        		required?: [...#podAffinityTerm]
+        		// +usage=Specify the preferred during scheduling ignored during execution
+        		preferred?: [...{
+        			// +usage=Specify weight associated with matching the corresponding podAffinityTerm
+        			weight: int & >=1 & <=100
+        			// +usage=Specify a set of pods
+        			podAffinityTerm: #podAffinityTerm
+        		}]
+        	}
+        	// +usage=Specify the pod anti-affinity scheduling rules
+        	podAntiAffinity?: {
+        		// +usage=Specify the required during scheduling ignored during execution
+        		required?: [...#podAffinityTerm]
+        		// +usage=Specify the preferred during scheduling ignored during execution
+        		preferred?: [...{
+        			// +usage=Specify weight associated with matching the corresponding podAffinityTerm
+        			weight: int & >=1 & <=100
+        			// +usage=Specify a set of pods
+        			podAffinityTerm: #podAffinityTerm
+        		}]
+        	}
+        	// +usage=Specify the node affinity scheduling rules for the pod
+        	nodeAffinity?: {
+        		// +usage=Specify the required during scheduling ignored during execution
+        		required?: {
+        			// +usage=Specify a list of node selector
+        			nodeSelectorTerms: [...#nodeSelectorTerm]
+        		}
+        		// +usage=Specify the preferred during scheduling ignored during execution
+        		preferred?: [...{
+        			// +usage=Specify weight associated with matching the corresponding nodeSelector
+        			weight: int & >=1 & <=100
+        			// +usage=Specify a node selector
+        			preference: #nodeSelectorTerm
+        		}]
+        	}
+        	// +usage=Specify tolerant taint
+        	tolerations?: [...{
+        		key?:     string
+        		operator: *"Equal" | "Exists"
+        		value?:   string
+        		effect?:  "NoSchedule" | "PreferNoSchedule" | "NoExecute"
+        		// +usage=Specify the period of time the toleration
+        		tolerationSeconds?: int
+        	}]
+        }
+

charts/vela-core/templates/defwithtemplate/apply-application-in-parallel.yaml

@@ -6,6 +6,7 @@ metadata:
   annotations:
     definition.oam.dev/description: Apply components of an application in parallel for your workflow steps
   labels:
+    custom.definition.oam.dev/deprecated: "true"
     custom.definition.oam.dev/ui-hidden: "true"
   name: apply-application-in-parallel
   namespace: {{ include "systemDefinitionNamespace" . }}

charts/vela-core/templates/defwithtemplate/apply-application.yaml

@@ -4,8 +4,9 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Apply application for your workflow steps
+    definition.oam.dev/description: Apply application for your workflow steps, it has no arguments, should be used for custom steps before or after application applied.
   labels:
+    custom.definition.oam.dev/deprecated: "true"
     custom.definition.oam.dev/ui-hidden: "true"
   name: apply-application
   namespace: {{ include "systemDefinitionNamespace" . }}

charts/vela-core/templates/defwithtemplate/apply-object.yaml

@@ -22,9 +22,9 @@ spec:
         	cluster: parameter.cluster
         }
         parameter: {
-        	// +usage=Specify the value of the object
+        	// +usage=Specify Kubernetes native resource object to be applied
         	value: {...}
-        	// +usage=Specify the cluster of the object
+        	// +usage=The cluster you want to apply the resource to, default is the current control plane cluster
         	cluster: *"" | string
         }
 

charts/vela-core/templates/defwithtemplate/apply-once.yaml

@@ -0,0 +1,44 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/apply-once.cue
+apiVersion: core.oam.dev/v1beta1
+kind: PolicyDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Allow configuration drift for applied resources, delivery the resource without continuously reconciliation.
+  name: apply-once
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  schematic:
+    cue:
+      template: |
+        #ApplyOnceStrategy: {
+        	// +usage=Specify the path of the resource that allow configuration drift
+        	path: [...string]
+        }
+        #ApplyOncePolicyRule: {
+        	// +usage=Specify how to select the targets of the rule
+        	selector?: #ResourcePolicyRuleSelector
+        	// +usage=Specify the strategy for configuring the resource level configuration drift behaviour
+        	strategy: #ApplyOnceStrategy
+        }
+        #ResourcePolicyRuleSelector: {
+        	// +usage=Select resources by component names
+        	componentNames?: [...string]
+        	// +usage=Select resources by component types
+        	componentTypes?: [...string]
+        	// +usage=Select resources by oamTypes (COMPONENT or TRAIT)
+        	oamTypes?: [...string]
+        	// +usage=Select resources by trait types
+        	traitTypes?: [...string]
+        	// +usage=Select resources by resource types (like Deployment)
+        	resourceTypes?: [...string]
+        	// +usage=Select resources by their names
+        	resourceNames?: [...string]
+        }
+        parameter: {
+        	// +usage=Whether to enable apply-once for the whole application
+        	enable: *false | bool
+        	// +usage=Specify the rules for configuring apply-once policy in resource level
+        	rules?: [...#ApplyOncePolicyRule]
+        }
+

charts/vela-core/templates/defwithtemplate/apply-remaining.yaml

@@ -6,6 +6,7 @@ metadata:
   annotations:
     definition.oam.dev/description: Apply remaining components and traits
   labels:
+    custom.definition.oam.dev/deprecated: "true"
     custom.definition.oam.dev/ui-hidden: "true"
   name: apply-remaining
   namespace: {{ include "systemDefinitionNamespace" . }}

charts/vela-core/templates/defwithtemplate/config-image-registry.yaml

@@ -4,13 +4,13 @@ apiVersion: core.oam.dev/v1beta1
 kind: ComponentDefinition
 metadata:
   annotations:
-    custom.definition.oam.dev/alias.config.oam.dev: Image Registry
+    alias.config.oam.dev: Image Registry
     definition.oam.dev/description: Config information to authenticate image registry
   labels:
-    custom.definition.oam.dev/catalog.config.oam.dev: velacore-config
-    custom.definition.oam.dev/multi-cluster.config.oam.dev: "true"
-    custom.definition.oam.dev/type.config.oam.dev: image-registry
+    catalog.config.oam.dev: velacore-config
     custom.definition.oam.dev/ui-hidden: "true"
+    multi-cluster.config.oam.dev: "true"
+    type.config.oam.dev: image-registry
   name: config-image-registry
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:
@@ -20,6 +20,7 @@ spec:
         import (
         	"encoding/base64"
         	"encoding/json"
+        	"strconv"
         )
 
         output: {
@@ -42,21 +43,29 @@ spec:
         	if parameter.auth == _|_ {
         		type: "Opaque"
         	}
-        	if parameter.auth != _|_ {
-        		stringData: ".dockerconfigjson": json.Marshal({
-        			auths: "\(parameter.registry)": {
-        				username: parameter.auth.username
-        				password: parameter.auth.password
-        				if parameter.auth.email != _|_ {
-        					email: parameter.auth.email
+        	stringData: {
+        		if parameter.auth != _|_ && parameter.auth.username != _|_ {
+        			".dockerconfigjson": json.Marshal({
+        				auths: "\(parameter.registry)": {
+        					username: parameter.auth.username
+        					password: parameter.auth.password
+        					if parameter.auth.email != _|_ {
+        						email: parameter.auth.email
+        					}
+        					auth: base64.Encode(null, (parameter.auth.username + ":" + parameter.auth.password))
         				}
-        				auth: base64.Encode(null, (parameter.auth.username + ":" + parameter.auth.password))
-        			}
-        		})
+        			})
+        		}
+        		if parameter.insecure != _|_ {
+        			"insecure-skip-verify": strconv.FormatBool(parameter.insecure)
+        		}
+        		if parameter.useHTTP != _|_ {
+        			"protocol-use-http": strconv.FormatBool(parameter.useHTTP)
+        		}
         	}
         }
         parameter: {
-        	// +usage=Image registry FQDN
+        	// +usage=Image registry FQDN, such as: index.docker.io
         	registry: string
         	// +usage=Authenticate the image registry
         	auth?: {
@@ -67,6 +76,10 @@ spec:
         		// +usage=Private Image registry email
         		email?: string
         	}
+        	// +usage=For the registry server that uses the self-signed certificate
+        	insecure?: bool
+        	// +usage=For the registry server that uses the HTTP protocol
+        	useHTTP?: bool
         }
   workload:
     type: autodetects.core.oam.dev

charts/vela-core/templates/defwithtemplate/container-image.yaml

@@ -5,6 +5,8 @@ kind: TraitDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Set the image of the container.
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
   name: container-image
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/cron-task.yaml

@@ -196,14 +196,14 @@ spec:
         		// +usage=Specifies a source the value of this var should come from
         		valueFrom?: {
         			// +usage=Selects a key of a secret in the pod's namespace
-        			secretKeyRef: {
+        			secretKeyRef?: {
         				// +usage=The name of the secret in the pod's namespace to select from
         				name: string
         				// +usage=The key of the secret to select from. Must be a valid secret key
         				key: string
         			}
         			// +usage=Selects a key of a config map in the pod's namespace
-        			configMapKeyRef: {
+        			configMapKeyRef?: {
         				// +usage=The name of the config map in the pod's namespace to select from
         				name: string
         				// +usage=The key of the config map to select from. Must be a valid secret key

charts/vela-core/templates/defwithtemplate/daemon.yaml

@@ -0,0 +1,574 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/daemon.cue
+apiVersion: core.oam.dev/v1beta1
+kind: ComponentDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Describes daemonset services in Kubernetes.
+  name: daemon
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  schematic:
+    cue:
+      template: |
+        import (
+        	"strconv"
+        )
+
+        mountsArray: {
+        	pvc: *[
+        		for v in parameter.volumeMounts.pvc {
+        			{
+        				mountPath: v.mountPath
+        				name:      v.name
+        			}
+        		},
+        	] | []
+
+        	configMap: *[
+        			for v in parameter.volumeMounts.configMap {
+        			{
+        				mountPath: v.mountPath
+        				name:      v.name
+        			}
+        		},
+        	] | []
+
+        	secret: *[
+        		for v in parameter.volumeMounts.secret {
+        			{
+        				mountPath: v.mountPath
+        				name:      v.name
+        			}
+        		},
+        	] | []
+
+        	emptyDir: *[
+        			for v in parameter.volumeMounts.emptyDir {
+        			{
+        				mountPath: v.mountPath
+        				name:      v.name
+        			}
+        		},
+        	] | []
+
+        	hostPath: *[
+        			for v in parameter.volumeMounts.hostPath {
+        			{
+        				mountPath: v.mountPath
+        				if v.mountPropagation != _|_ {
+        					mountPropagation: v.mountPropagation
+        				}
+        				name: v.name
+        				if v.readOnly != _|_ {
+        					readOnly: v.readOnly
+        				}
+        			}
+        		},
+        	] | []
+        }
+        volumesArray: {
+        	pvc: *[
+        		for v in parameter.volumeMounts.pvc {
+        			{
+        				name: v.name
+        				persistentVolumeClaim: claimName: v.claimName
+        			}
+        		},
+        	] | []
+
+        	configMap: *[
+        			for v in parameter.volumeMounts.configMap {
+        			{
+        				name: v.name
+        				configMap: {
+        					defaultMode: v.defaultMode
+        					name:        v.cmName
+        					if v.items != _|_ {
+        						items: v.items
+        					}
+        				}
+        			}
+        		},
+        	] | []
+
+        	secret: *[
+        		for v in parameter.volumeMounts.secret {
+        			{
+        				name: v.name
+        				secret: {
+        					defaultMode: v.defaultMode
+        					secretName:  v.secretName
+        					if v.items != _|_ {
+        						items: v.items
+        					}
+        				}
+        			}
+        		},
+        	] | []
+
+        	emptyDir: *[
+        			for v in parameter.volumeMounts.emptyDir {
+        			{
+        				name: v.name
+        				emptyDir: medium: v.medium
+        			}
+        		},
+        	] | []
+
+        	hostPath: *[
+        			for v in parameter.volumeMounts.hostPath {
+        			{
+        				name: v.name
+        				hostPath: path: v.path
+        			}
+        		},
+        	] | []
+        }
+        output: {
+        	apiVersion: "apps/v1"
+        	kind:       "DaemonSet"
+        	spec: {
+        		selector: matchLabels: "app.oam.dev/component": context.name
+
+        		template: {
+        			metadata: {
+        				labels: {
+        					if parameter.labels != _|_ {
+        						parameter.labels
+        					}
+        					if parameter.addRevisionLabel {
+        						"app.oam.dev/revision": context.revision
+        					}
+        					"app.oam.dev/name":      context.appName
+        					"app.oam.dev/component": context.name
+        				}
+        				if parameter.annotations != _|_ {
+        					annotations: parameter.annotations
+        				}
+        			}
+
+        			spec: {
+        				containers: [{
+        					name:  context.name
+        					image: parameter.image
+        					if parameter["port"] != _|_ && parameter["ports"] == _|_ {
+        						ports: [{
+        							containerPort: parameter.port
+        						}]
+        					}
+        					if parameter["ports"] != _|_ {
+        						ports: [ for v in parameter.ports {
+        							{
+        								containerPort: v.port
+        								protocol:      v.protocol
+        								if v.name != _|_ {
+        									name: v.name
+        								}
+        								if v.name == _|_ {
+        									name: "port-" + strconv.FormatInt(v.port, 10)
+        								}
+        							}}]
+        					}
+
+        					if parameter["imagePullPolicy"] != _|_ {
+        						imagePullPolicy: parameter.imagePullPolicy
+        					}
+
+        					if parameter["cmd"] != _|_ {
+        						command: parameter.cmd
+        					}
+
+        					if parameter["env"] != _|_ {
+        						env: parameter.env
+        					}
+
+        					if context["config"] != _|_ {
+        						env: context.config
+        					}
+
+        					if parameter["cpu"] != _|_ {
+        						resources: {
+        							limits: cpu:   parameter.cpu
+        							requests: cpu: parameter.cpu
+        						}
+        					}
+
+        					if parameter["memory"] != _|_ {
+        						resources: {
+        							limits: memory:   parameter.memory
+        							requests: memory: parameter.memory
+        						}
+        					}
+
+        					if parameter["volumes"] != _|_ && parameter["volumeMounts"] == _|_ {
+        						volumeMounts: [ for v in parameter.volumes {
+        							{
+        								mountPath: v.mountPath
+        								name:      v.name
+        							}}]
+        					}
+
+        					if parameter["volumeMounts"] != _|_ {
+        						volumeMounts: mountsArray.pvc + mountsArray.configMap + mountsArray.secret + mountsArray.emptyDir + mountsArray.hostPath
+        					}
+
+        					if parameter["livenessProbe"] != _|_ {
+        						livenessProbe: parameter.livenessProbe
+        					}
+
+        					if parameter["readinessProbe"] != _|_ {
+        						readinessProbe: parameter.readinessProbe
+        					}
+
+        				}]
+
+        				if parameter["hostAliases"] != _|_ {
+        					// +patchKey=ip
+        					hostAliases: parameter.hostAliases
+        				}
+
+        				if parameter["imagePullSecrets"] != _|_ {
+        					imagePullSecrets: [ for v in parameter.imagePullSecrets {
+        						name: v
+        					},
+        					]
+        				}
+
+        				if parameter["volumes"] != _|_ && parameter["volumeMounts"] == _|_ {
+        					volumes: [ for v in parameter.volumes {
+        						{
+        							name: v.name
+        							if v.type == "pvc" {
+        								persistentVolumeClaim: claimName: v.claimName
+        							}
+        							if v.type == "configMap" {
+        								configMap: {
+        									defaultMode: v.defaultMode
+        									name:        v.cmName
+        									if v.items != _|_ {
+        										items: v.items
+        									}
+        								}
+        							}
+        							if v.type == "secret" {
+        								secret: {
+        									defaultMode: v.defaultMode
+        									secretName:  v.secretName
+        									if v.items != _|_ {
+        										items: v.items
+        									}
+        								}
+        							}
+        							if v.type == "emptyDir" {
+        								emptyDir: medium: v.medium
+        							}
+        						}
+        					}]
+        				}
+
+        				if parameter["volumeMounts"] != _|_ {
+        					volumes: volumesArray.pvc + volumesArray.configMap + volumesArray.secret + volumesArray.emptyDir + volumesArray.hostPath
+        				}
+        			}
+        		}
+        	}
+        }
+        exposePorts: [
+        	for v in parameter.ports if v.expose == true {
+        		port:       v.port
+        		targetPort: v.port
+        		if v.name != _|_ {
+        			name: v.name
+        		}
+        		if v.name == _|_ {
+        			name: "port-" + strconv.FormatInt(v.port, 10)
+        		}
+        	},
+        ]
+        outputs: {
+        	if len(exposePorts) != 0 {
+        		webserviceExpose: {
+        			apiVersion: "v1"
+        			kind:       "Service"
+        			metadata: name: context.name
+        			spec: {
+        				selector: "app.oam.dev/component": context.name
+        				ports: exposePorts
+        				type:  parameter.exposeType
+        			}
+        		}
+        	}
+        }
+        parameter: {
+        	// +usage=Specify the labels in the workload
+        	labels?: [string]: string
+
+        	// +usage=Specify the annotations in the workload
+        	annotations?: [string]: string
+
+        	// +usage=Which image would you like to use for your service
+        	// +short=i
+        	image: string
+
+        	// +usage=Specify image pull policy for your service
+        	imagePullPolicy?: "Always" | "Never" | "IfNotPresent"
+
+        	// +usage=Specify image pull secrets for your service
+        	imagePullSecrets?: [...string]
+
+        	// +ignore
+        	// +usage=Deprecated field, please use ports instead
+        	// +short=p
+        	port?: int
+
+        	// +usage=Which ports do you want customer traffic sent to, defaults to 80
+        	ports?: [...{
+        		// +usage=Number of port to expose on the pod's IP address
+        		port: int
+        		// +usage=Name of the port
+        		name?: string
+        		// +usage=Protocol for port. Must be UDP, TCP, or SCTP
+        		protocol: *"TCP" | "UDP" | "SCTP"
+        		// +usage=Specify if the port should be exposed
+        		expose: *false | bool
+        	}]
+
+        	// +ignore
+        	// +usage=Specify what kind of Service you want. options: "ClusterIP", "NodePort", "LoadBalancer", "ExternalName"
+        	exposeType: *"ClusterIP" | "NodePort" | "LoadBalancer" | "ExternalName"
+
+        	// +ignore
+        	// +usage=If addRevisionLabel is true, the revision label will be added to the underlying pods
+        	addRevisionLabel: *false | bool
+
+        	// +usage=Commands to run in the container
+        	cmd?: [...string]
+
+        	// +usage=Define arguments by using environment variables
+        	env?: [...{
+        		// +usage=Environment variable name
+        		name: string
+        		// +usage=The value of the environment variable
+        		value?: string
+        		// +usage=Specifies a source the value of this var should come from
+        		valueFrom?: {
+        			// +usage=Selects a key of a secret in the pod's namespace
+        			secretKeyRef?: {
+        				// +usage=The name of the secret in the pod's namespace to select from
+        				name: string
+        				// +usage=The key of the secret to select from. Must be a valid secret key
+        				key: string
+        			}
+        			// +usage=Selects a key of a config map in the pod's namespace
+        			configMapKeyRef?: {
+        				// +usage=The name of the config map in the pod's namespace to select from
+        				name: string
+        				// +usage=The key of the config map to select from. Must be a valid secret key
+        				key: string
+        			}
+        		}
+        	}]
+
+        	// +usage=Number of CPU units for the service, like `0.5` (0.5 CPU core), `1` (1 CPU core)
+        	cpu?: string
+
+        	// +usage=Specifies the attributes of the memory resource required for the container.
+        	memory?: string
+
+        	volumeMounts?: {
+        		// +usage=Mount PVC type volume
+        		pvc?: [...{
+        			name:      string
+        			mountPath: string
+        			// +usage=The name of the PVC
+        			claimName: string
+        		}]
+        		// +usage=Mount ConfigMap type volume
+        		configMap?: [...{
+        			name:        string
+        			mountPath:   string
+        			defaultMode: *420 | int
+        			cmName:      string
+        			items?: [...{
+        				key:  string
+        				path: string
+        				mode: *511 | int
+        			}]
+        		}]
+        		// +usage=Mount Secret type volume
+        		secret?: [...{
+        			name:        string
+        			mountPath:   string
+        			defaultMode: *420 | int
+        			secretName:  string
+        			items?: [...{
+        				key:  string
+        				path: string
+        				mode: *511 | int
+        			}]
+        		}]
+        		// +usage=Mount EmptyDir type volume
+        		emptyDir?: [...{
+        			name:      string
+        			mountPath: string
+        			medium:    *"" | "Memory"
+        		}]
+        		// +usage=Mount HostPath type volume
+        		hostPath?: [...{
+        			name:              string
+        			mountPath:         string
+        			mountPropagation?: "None" | "HostToContainer" | "Bidirectional"
+        			path:              string
+        			readOnly?:         bool
+        		}]
+        	}
+
+        	// +usage=Deprecated field, use volumeMounts instead.
+        	volumes?: [...{
+        		name:      string
+        		mountPath: string
+        		// +usage=Specify volume type, options: "pvc","configMap","secret","emptyDir"
+        		type: "pvc" | "configMap" | "secret" | "emptyDir"
+        		if type == "pvc" {
+        			claimName: string
+        		}
+        		if type == "configMap" {
+        			defaultMode: *420 | int
+        			cmName:      string
+        			items?: [...{
+        				key:  string
+        				path: string
+        				mode: *511 | int
+        			}]
+        		}
+        		if type == "secret" {
+        			defaultMode: *420 | int
+        			secretName:  string
+        			items?: [...{
+        				key:  string
+        				path: string
+        				mode: *511 | int
+        			}]
+        		}
+        		if type == "emptyDir" {
+        			medium: *"" | "Memory"
+        		}
+        	}]
+
+        	// +usage=Instructions for assessing whether the container is alive.
+        	livenessProbe?: #HealthProbe
+
+        	// +usage=Instructions for assessing whether the container is in a suitable state to serve traffic.
+        	readinessProbe?: #HealthProbe
+
+        	// +usage=Specify the hostAliases to add
+        	hostAliases?: [...{
+        		ip: string
+        		hostnames: [...string]
+        	}]
+        }
+        #HealthProbe: {
+
+        	// +usage=Instructions for assessing container health by executing a command. Either this attribute or the httpGet attribute or the tcpSocket attribute MUST be specified. This attribute is mutually exclusive with both the httpGet attribute and the tcpSocket attribute.
+        	exec?: {
+        		// +usage=A command to be executed inside the container to assess its health. Each space delimited token of the command is a separate array element. Commands exiting 0 are considered to be successful probes, whilst all other exit codes are considered failures.
+        		command: [...string]
+        	}
+
+        	// +usage=Instructions for assessing container health by executing an HTTP GET request. Either this attribute or the exec attribute or the tcpSocket attribute MUST be specified. This attribute is mutually exclusive with both the exec attribute and the tcpSocket attribute.
+        	httpGet?: {
+        		// +usage=The endpoint, relative to the port, to which the HTTP GET request should be directed.
+        		path: string
+        		// +usage=The TCP socket within the container to which the HTTP GET request should be directed.
+        		port:    int
+        		host?:   string
+        		scheme?: *"HTTP" | string
+        		httpHeaders?: [...{
+        			name:  string
+        			value: string
+        		}]
+        	}
+
+        	// +usage=Instructions for assessing container health by probing a TCP socket. Either this attribute or the exec attribute or the httpGet attribute MUST be specified. This attribute is mutually exclusive with both the exec attribute and the httpGet attribute.
+        	tcpSocket?: {
+        		// +usage=The TCP socket within the container that should be probed to assess container health.
+        		port: int
+        	}
+
+        	// +usage=Number of seconds after the container is started before the first probe is initiated.
+        	initialDelaySeconds: *0 | int
+
+        	// +usage=How often, in seconds, to execute the probe.
+        	periodSeconds: *10 | int
+
+        	// +usage=Number of seconds after which the probe times out.
+        	timeoutSeconds: *1 | int
+
+        	// +usage=Minimum consecutive successes for the probe to be considered successful after having failed.
+        	successThreshold: *1 | int
+
+        	// +usage=Number of consecutive failures required to determine the container is not alive (liveness probe) or not ready (readiness probe).
+        	failureThreshold: *3 | int
+        }
+  status:
+    customStatus: |-
+      ready: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.numberReady != _|_ {
+      		replicas: context.output.status.numberReady
+      	}
+      }
+      desired: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.desiredNumberScheduled != _|_ {
+      		replicas: context.output.status.desiredNumberScheduled
+      	}
+      }
+      message: "Ready:\(ready.replicas)/\(desired.replicas)"
+    healthPolicy: |-
+      ready: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.numberReady != _|_ {
+      		replicas: context.output.status.numberReady
+      	}
+      }
+      desired: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.desiredNumberScheduled != _|_ {
+      		replicas: context.output.status.desiredNumberScheduled
+      	}
+      }
+      current: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.currentNumberScheduled != _|_ {
+      		replicas: context.output.status.currentNumberScheduled
+      	}
+      }
+      updated: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.updatedNumberScheduled != _|_ {
+      		replicas: context.output.status.updatedNumberScheduled
+      	}
+      }
+      generation: {
+      	metadata: context.output.metadata.generation
+      	observed: *0 | int
+      } & {
+      	if context.output.status.observedGeneration != _|_ {
+      		observed: context.output.status.observedGeneration
+      	}
+      }
+      isHealth: (desired.replicas == ready.replicas) && (desired.replicas == updated.replicas) && (desired.replicas == current.replicas) && (generation.observed == generation.metadata || generation.observed > generation.metadata)
+  workload:
+    definition:
+      apiVersion: apps/v1
+      kind: DaemonSet
+    type: daemonsets.apps
+

charts/vela-core/templates/defwithtemplate/depends-on-app.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: check or install depends-on Application
+    definition.oam.dev/description: Wait for the specified Application to complete.
   labels:
     custom.definition.oam.dev/ui-hidden: "true"
   name: depends-on-app

charts/vela-core/templates/defwithtemplate/deploy-cloud-resource.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Deploy cloud resource and bind secret to clusters
+    definition.oam.dev/description: Deploy cloud resource and deliver secret to multi clusters.
   name: deploy-cloud-resource
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/deploy.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Deploy components with policies.
+    definition.oam.dev/description: A powerful and unified deploy step for components multi-cluster delivery with policies.
   name: deploy
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:
@@ -21,9 +21,9 @@ spec:
         	ignoreTerraformComponent: parameter.ignoreTerraformComponent
         }
         parameter: {
-        	//+usage=If set false, the workflow will be suspend before this step.
+        	//+usage=If set to false, the workflow will suspend automatically before this step, default to be true.
         	auto: *true | bool
-        	//+usage=Declare the policies used for this step.
+        	//+usage=Declare the policies that used for this deployment. If not specified, the components will be deployed to the hub cluster.
         	policies?: [...string]
         	//+usage=Maximum number of concurrent delivered components.
         	parallelism: *5 | int

charts/vela-core/templates/defwithtemplate/deploy2env.yaml

@@ -5,6 +5,9 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Deploy env binding component to target env
+  labels:
+    custom.definition.oam.dev/deprecated: "true"
+    custom.definition.oam.dev/ui-hidden: "true"
   name: deploy2env
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/deploy2runtime.yaml

@@ -6,6 +6,7 @@ metadata:
   annotations:
     definition.oam.dev/description: Deploy application to runtime clusters
   labels:
+    custom.definition.oam.dev/deprecated: "true"
     custom.definition.oam.dev/ui-hidden: "true"
   name: deploy2runtime
   namespace: {{ include "systemDefinitionNamespace" . }}

charts/vela-core/templates/defwithtemplate/env.yaml

@@ -62,7 +62,8 @@ spec:
         					}
         				}
         			}] + [ for k, v in _params.env if _delKeys[k] == _|_ && (_params.replace || _baseEnvMap[k] == _|_) {
-        				v
+        				name:  k
+        				value: v
         			}]
         		}
         	}

charts/vela-core/templates/defwithtemplate/envbinding.yaml

@@ -22,7 +22,7 @@ spec:
         	traits?: [...{
         		type: string
         		properties?: {...}
-        		// +usage=Specify if the trait shoued be remove, default false
+        		// +usage=Specify if the trait should be remove, default false
         		disable: *false | bool
         	}]
         }

charts/vela-core/templates/defwithtemplate/export2config.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Export data to config map for your workflow steps
+    definition.oam.dev/description: Export data to specified Kubernetes ConfigMap in your workflow.
   labels:
     custom.definition.oam.dev/ui-hidden: "true"
   name: export2config

charts/vela-core/templates/defwithtemplate/export2secret.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Export data to secret for your workflow steps
+    definition.oam.dev/description: Export data to Kubernetes Secret in your workflow.
   labels:
     custom.definition.oam.dev/ui-hidden: "true"
   name: export2secret
@@ -46,7 +46,7 @@ spec:
         	type?: string
         	// +usage=Specify the data of secret
         	data: {}
-        	// +usage=Specify the cluster of the config map
+        	// +usage=Specify the cluster of the secret
         	cluster: *"" | string
         }
 

charts/vela-core/templates/defwithtemplate/expose.yaml

@@ -14,14 +14,20 @@ spec:
   schematic:
     cue:
       template: |
+        import (
+        	"strconv"
+        )
+
         outputs: service: {
         	apiVersion: "v1"
         	kind:       "Service"
-        	metadata: name: context.name
+        	metadata: name:        context.name
+        	metadata: annotations: parameter.annotations
         	spec: {
         		selector: "app.oam.dev/component": context.name
         		ports: [
         			for p in parameter.port {
+        				name:       "port-" + strconv.FormatInt(p, 10)
         				port:       p
         				targetPort: p
         			},
@@ -32,7 +38,33 @@ spec:
         parameter: {
         	// +usage=Specify the exposion ports
         	port: [...int]
+        	// +usage=Specify the annotaions of the exposed service
+        	annotations: [string]: string
         	// +usage=Specify what kind of Service you want. options: "ClusterIP","NodePort","LoadBalancer","ExternalName"
         	type: *"ClusterIP" | "NodePort" | "LoadBalancer" | "ExternalName"
         }
+  status:
+    customStatus: |-
+      message: *"" | string
+      service: context.outputs.service
+      if service.spec.type == "ClusterIP" {
+      	message: "ClusterIP: \(service.spec.clusterIP)"
+      }
+      if service.spec.type == "LoadBalancer" {
+      	status: service.status
+      	isHealth: status != _|_ && status.loadBalancer != _|_ && status.loadBalancer.ingress != _|_ && len(status.loadBalancer.ingress) > 0
+      	if !isHealth {
+      		message: "ExternalIP: Pending"
+      	}
+      	if isHealth {
+      		message: "ExternalIP: \(status.loadBalancer.ingress[0].ip)"
+      	}
+      }
+    healthPolicy: |-
+      isHealth: *true | bool
+      service: context.outputs.service
+      if service.spec.type == "LoadBalancer" {
+      	status: service.status
+      	isHealth: status != _|_ && status.loadBalancer != _|_ && status.loadBalancer.ingress != _|_ && len(status.loadBalancer.ingress) > 0
+      }
 

charts/vela-core/templates/defwithtemplate/garbage-collect.yaml

@@ -0,0 +1,40 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/garbage-collect.cue
+apiVersion: core.oam.dev/v1beta1
+kind: PolicyDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Configure the garbage collect behaviour for the application.
+  name: garbage-collect
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  schematic:
+    cue:
+      template: |
+        #GarbageCollectPolicyRule: {
+        	// +usage=Specify how to select the targets of the rule
+        	selector: [...#ResourcePolicyRuleSelector]
+        	// +usage=Specify the strategy for target resource to recycle
+        	strategy: *"onAppUpdate" | "onAppDelete" | "never"
+        }
+        #ResourcePolicyRuleSelector: {
+        	// +usage=Select resources by component names
+        	componentNames?: [...string]
+        	// +usage=Select resources by component types
+        	componentTypes?: [...string]
+        	// +usage=Select resources by oamTypes (COMPONENT or TRAIT)
+        	oamTypes?: [...string]
+        	// +usage=Select resources by trait types
+        	traitTypes?: [...string]
+        	// +usage=Select resources by resource types (like Deployment)
+        	resourceTypes?: [...string]
+        	// +usage=Select resources by their names
+        	resourceNames?: [...string]
+        }
+        parameter: {
+        	// +usage=If is set, outdated versioned resourcetracker will not be recycled automatically, outdated resources will be kept until resourcetracker be deleted manually
+        	keepLegacyResource: *false | bool
+        	// +usage=Specify the list of rules to control gc strategy at resource level, if one resource is controlled by multiple rules, first rule will be used
+        	rules?: [...#GarbageCollectPolicyRule]
+        }
+

charts/vela-core/templates/defwithtemplate/gateway.yaml

@@ -38,6 +38,9 @@ spec:
         			if !parameter.classInSpec {
         				"kubernetes.io/ingress.class": parameter.class
         			}
+        			if parameter.gatewayHost != _|_ {
+        				"ingress.controller/host": parameter.gatewayHost
+        			}
         		}
         	}
         	spec: {
@@ -84,6 +87,9 @@ spec:
 
         	// +usage=Specify the secret name you want to quote.
         	secretName?: string
+
+        	// +usage=Specify the host of the ingress gateway, which is used to generate the endpoints when the host is empty.
+        	gatewayHost?: string
         }
   status:
     customStatus: |-

charts/vela-core/templates/defwithtemplate/init-container.yaml

@@ -43,7 +43,7 @@ spec:
         		volumeMounts: [{
         			name:      parameter.mountName
         			mountPath: parameter.initMountPath
-        		}]
+        		}] + parameter.extraVolumeMounts
         	}]
         	// +patchKey=name
         	volumes: [{
@@ -97,5 +97,13 @@ spec:
 
         	// +usage=Specify the mount path of init container
         	initMountPath: string
+
+        	// +usage=Specify the extra volume mounts for the init container
+        	extraVolumeMounts: [...{
+        		// +usage=The name of the volume to be mounted
+        		name: string
+        		// +usage=The mountPath for mount in the init container
+        		mountPath: string
+        	}]
         }
 

charts/vela-core/templates/defwithtemplate/json-merge-patch.yaml

@@ -5,6 +5,8 @@ kind: TraitDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Patch the output following Json Merge Patch strategy, following RFC 7396.
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
   name: json-merge-patch
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/json-patch.yaml

@@ -5,6 +5,8 @@ kind: TraitDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Patch the output following Json Patch strategy, following RFC 6902.
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
   name: json-patch
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/node-affinity.yaml

@@ -1,11 +1,12 @@
 # Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
-# Definition source cue file: vela-templates/definitions/internal/node-affinity.cue
+# Definition source cue file: vela-templates/definitions/deprecated/node-affinity.cue
 apiVersion: core.oam.dev/v1beta1
 kind: TraitDefinition
 metadata:
   annotations:
     definition.oam.dev/description: affinity specify node affinity and toleration on K8s pod for your workload which follows the pod spec in path 'spec.template'.
   labels:
+    custom.definition.oam.dev/deprecated: "true"
     custom.definition.oam.dev/ui-hidden: "true"
   name: node-affinity
   namespace: {{ include "systemDefinitionNamespace" . }}

charts/vela-core/templates/defwithtemplate/notification.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Send message to webhook
+    definition.oam.dev/description: Send notifications to Email, DingTalk, Slack, Lark or webhook in your workflow.
   name: notification
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:
@@ -17,9 +17,11 @@ spec:
         )
 
         parameter: {
+        	// +usage=Please fulfill its url and message if you want to send Lark messages
         	lark?: {
         		// +usage=Specify the the lark url, you can either sepcify it in value or use secretRef
         		url: {
+        			// +usage=the url address content in string
         			value: string
         		} | {
         			secretRef: {
@@ -29,7 +31,7 @@ spec:
         				key: string
         			}
         		}
-        		// +useage=Specify the message that you want to sent
+        		// +usage=Specify the message that you want to sent, refer to [Lark messaging](https://open.feishu.cn/document/ukTMukTMukTM/ucTM5YjL3ETO24yNxkjN#8b0f2a1b).
         		message: {
         			// +usage=msg_type can be text, post, image, interactive, share_chat, share_user, audio, media, file, sticker
         			msg_type: string
@@ -37,10 +39,11 @@ spec:
         			content: string
         		}
         	}
-
+        	// +usage=Please fulfill its url and message if you want to send DingTalk messages
         	dingding?: {
         		// +usage=Specify the the dingding url, you can either sepcify it in value or use secretRef
         		url: {
+        			// +usage=the url address content in string
         			value: string
         		} | {
         			secretRef: {
@@ -50,8 +53,9 @@ spec:
         				key: string
         			}
         		}
-        		// +useage=Specify the message that you want to sent
+        		// +usage=Specify the message that you want to sent, refer to [dingtalk messaging](https://developers.dingtalk.com/document/robots/custom-robot-access/title-72m-8ag-pqw)
         		message: {
+        			// +usage=Specify the message content of dingtalk notification
         			text?: *null | {
         				content: string
         			}
@@ -93,10 +97,11 @@ spec:
         			}
         		}
         	}
-
+        	// +usage=Please fulfill its url and message if you want to send Slack messages
         	slack?: {
         		// +usage=Specify the the slack url, you can either sepcify it in value or use secretRef
         		url: {
+        			// +usage=the url address content in string
         			value: string
         		} | {
         			secretRef: {
@@ -106,8 +111,9 @@ spec:
         				key: string
         			}
         		}
-        		// +useage=Specify the message that you want to sent
+        		// +usage=Specify the message that you want to sent, refer to [slack messaging](https://api.slack.com/reference/messaging/payload)
         		message: {
+        			// +usage=Specify the message text for slack notification
         			text:         string
         			blocks?:      *null | [...block]
         			attachments?: *null | {
@@ -115,10 +121,11 @@ spec:
         				color?:  string
         			}
         			thread_ts?: string
-        			mrkdwn?:    *true | bool
+        			// +usage=Specify the message text format in markdown for slack notification
+        			mrkdwn?: *true | bool
         		}
         	}
-
+        	// +usage=Please fulfill its from, to and content if you want to send email
         	email?: {
         		// +usage=Specify the email info that you want to send from
         		from: {
@@ -128,6 +135,7 @@ spec:
         			alias?: string
         			// +usage=Specify the password of the email, you can either sepcify it in value or use secretRef
         			password: {
+        				// +usage=the password content in string
         				value: string
         			} | {
         				secretRef: {

charts/vela-core/templates/defwithtemplate/override.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: PolicyDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Override configuration when deploying resources
+    definition.oam.dev/description: Describe the configuration to override when deploying resources, it only works with specified `deploy` step in workflow.
   name: override
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:
@@ -16,11 +16,15 @@ spec:
         	name?: string
         	// +usage=Specify the type of the patch component.
         	type?: string
+        	// +usage=Specify the properties to override.
         	properties?: {...}
+        	// +usage=Specify the traits to override.
         	traits?: [...{
+        		// +usage=Specify the type of the trait to be patched.
         		type: string
+        		// +usage=Specify the properties to override.
         		properties?: {...}
-        		// +usage=Specify if the trait shoued be remove, default false
+        		// +usage=Specify if the trait should be remove, default false
         		disable: *false | bool
         	}]
         }

charts/vela-core/templates/defwithtemplate/read-object.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Read objects for your workflow steps
+    definition.oam.dev/description: Read Kubernetes objects from cluster for your workflow steps
   labels:
     custom.definition.oam.dev/ui-hidden: "true"
   name: read-object
@@ -50,15 +50,15 @@ spec:
         	}
         }
         parameter: {
-        	// +usage=Specify the apiVersion of the object, defaults to core.oam.dev/v1beta1
+        	// +usage=Specify the apiVersion of the object, defaults to 'core.oam.dev/v1beta1'
         	apiVersion?: string
         	// +usage=Specify the kind of the object, defaults to Application
         	kind?: string
         	// +usage=Specify the name of the object
         	name: string
-        	// +usage=Specify the namespace of the object
-        	namespace?: string
-        	// +usage=Specify the cluster of the object
+        	// +usage=The namespace of the resource you want to read
+        	namespace?: *"default" | string
+        	// +usage=The cluster you want to apply the resource to, default is the current control plane cluster
         	cluster: *"" | string
         }
 

charts/vela-core/templates/defwithtemplate/ref-objects.yaml

@@ -5,6 +5,8 @@ kind: ComponentDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Ref-objects allow users to specify ref objects to use. Notice that this component type have special handle logic.
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
   name: ref-objects
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:
@@ -12,15 +14,26 @@ spec:
     cue:
       template: |
         #K8sObject: {
-        	apiVersion: string
-        	kind:       string
-        	metadata: {
-        		name: string
-        		...
+        	// +usage=The resource type for the Kubernetes objects
+        	resource?: string
+        	// +usage=The group name for the Kubernetes objects
+        	group?: string
+        	// +usage=If specified, fetch the Kubernetes objects with the name, exclusive to labelSelector
+        	name?: string
+        	// +usage=If specified, fetch the Kubernetes objects from the namespace. Otherwise, fetch from the application's namespace.
+        	namespace?: string
+        	// +usage=If specified, fetch the Kubernetes objects from the cluster. Otherwise, fetch from the local cluster.
+        	cluster?: string
+        	// +usage=If specified, fetch the Kubernetes objects according to the label selector, exclusive to name
+        	labelSelector?: [string]: string
+        	...
+        }
+        output: {
+        	if len(parameter.objects) > 0 {
+        		parameter.objects[0]
         	}
         	...
         }
-        output: parameter.objects[0]
         outputs: {
         	for i, v in parameter.objects {
         		if i > 0 {
@@ -28,7 +41,12 @@ spec:
         		}
         	}
         }
-        parameter: objects: [...#K8sObject]
+        parameter: {
+        	// +usage=If specified, application will fetch native Kubernetes objects according to the object description
+        	objects?: [...#K8sObject]
+        	// +usage=If specified, the objects in the urls will be loaded.
+        	urls?: [...string]
+        }
   status:
     customStatus: |-
       if context.output.apiVersion == "apps/v1" && context.output.kind == "Deployment" {

charts/vela-core/templates/defwithtemplate/service-account.yaml

@@ -14,10 +14,114 @@ spec:
   schematic:
     cue:
       template: |
+        #Privileges: {
+        	// +usage=Specify the verbs to be allowed for the resource
+        	verbs: [...string]
+        	// +usage=Specify the apiGroups of the resource
+        	apiGroups?: [...string]
+        	// +usage=Specify the resources to be allowed
+        	resources?: [...string]
+        	// +usage=Specify the resourceNames to be allowed
+        	resourceNames?: [...string]
+        	// +usage=Specify the resource url to be allowed
+        	nonResourceURLs?: [...string]
+        	// +usage=Specify the scope of the privileges, default to be namespace scope
+        	scope: *"namespace" | "cluster"
+        }
         parameter: {
         	// +usage=Specify the name of ServiceAccount
         	name: string
+        	// +usage=Specify whether to create new ServiceAccount or not
+        	create: *false | bool
+        	// +usage=Specify the privileges of the ServiceAccount, if not empty, RoleBindings(ClusterRoleBindings) will be created
+        	privileges?: [...#Privileges]
         }
         // +patchStrategy=retainKeys
         patch: spec: template: spec: serviceAccountName: parameter.name
+        _clusterPrivileges: [ for p in parameter.privileges if p.scope == "cluster" {p}]
+        _namespacePrivileges: [ for p in parameter.privileges if p.scope == "namespace" {p}]
+        outputs: {
+        	if parameter.create {
+        		"service-account": {
+        			apiVersion: "v1"
+        			kind:       "ServiceAccount"
+        			metadata: name: parameter.name
+        		}
+        	}
+        	if parameter.privileges != _|_ {
+        		if len(_clusterPrivileges) > 0 {
+        			"cluster-role": {
+        				apiVersion: "rbac.authorization.k8s.io/v1"
+        				kind:       "ClusterRole"
+        				metadata: name: "\(context.namespace):\(parameter.name)"
+        				rules: [ for p in _clusterPrivileges {
+        					verbs: p.verbs
+        					if p.apiGroups != _|_ {
+        						apiGroups: p.apiGroups
+        					}
+        					if p.resources != _|_ {
+        						resources: p.resources
+        					}
+        					if p.resourceNames != _|_ {
+        						resourceNames: p.resourceNames
+        					}
+        					if p.nonResourceURLs != _|_ {
+        						nonResourceURLs: p.nonResourceURLs
+        					}
+        				}]
+        			}
+        			"cluster-role-binding": {
+        				apiVersion: "rbac.authorization.k8s.io/v1"
+        				kind:       "ClusterRoleBinding"
+        				metadata: name: "\(context.namespace):\(parameter.name)"
+        				roleRef: {
+        					apiGroup: "rbac.authorization.k8s.io"
+        					kind:     "ClusterRole"
+        					name:     "\(context.namespace):\(parameter.name)"
+        				}
+        				subjects: [{
+        					kind:      "ServiceAccount"
+        					name:      parameter.name
+        					namespace: "\(context.namespace)"
+        				}]
+        			}
+        		}
+        		if len(_namespacePrivileges) > 0 {
+        			role: {
+        				apiVersion: "rbac.authorization.k8s.io/v1"
+        				kind:       "Role"
+        				metadata: name: parameter.name
+        				rules: [ for p in _namespacePrivileges {
+        					verbs: p.verbs
+        					if p.apiGroups != _|_ {
+        						apiGroups: p.apiGroups
+        					}
+        					if p.resources != _|_ {
+        						resources: p.resources
+        					}
+        					if p.resourceNames != _|_ {
+        						resourceNames: p.resourceNames
+        					}
+        					if p.nonResourceURLs != _|_ {
+        						nonResourceURLs: p.nonResourceURLs
+        					}
+        				}]
+        			}
+        			"role-binding": {
+        				apiVersion: "rbac.authorization.k8s.io/v1"
+        				kind:       "RoleBinding"
+        				metadata: name: parameter.name
+        				roleRef: {
+        					apiGroup: "rbac.authorization.k8s.io"
+        					kind:     "Role"
+        					name:     parameter.name
+        				}
+        				subjects: [{
+        					kind: "ServiceAccount"
+        					name: parameter.name
+        				}]
+        			}
+        		}
+        	}
+        }
 

charts/vela-core/templates/defwithtemplate/sidecar.yaml

@@ -82,6 +82,11 @@ spec:
         				// +usage=The key of the config map to select from. Must be a valid secret key
         				key: string
         			}
+        			// +usage=Specify the field reference for env
+        			fieldRef?: {
+        				// +usage=Specify the field path for env
+        				fieldPath: string
+        			}
         		}
         	}]
 

charts/vela-core/templates/defwithtemplate/step-group.yaml

@@ -4,13 +4,15 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: step group
+    definition.oam.dev/description: A special step that you can declare 'subSteps' in it, 'subSteps' is an array containing any step type whose valid parameters do not include the `step-group` step type itself. The sub steps were executed in parallel.
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
   name: step-group
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:
   schematic:
     cue:
       template: |
-        // no parameters
-        parameter: {}
+        // no parameters, the nop only to make the template not empty or it's invalid
+        nop: {}
 

charts/vela-core/templates/defwithtemplate/storage.yaml

@@ -64,6 +64,9 @@ spec:
         			{
         				name:      "pvc-" + v.name
         				mountPath: v.mountPath
+        				if v.subPath != _|_ {
+        					subPath: v.subPath
+        				}
         			}
         		}
         	},
@@ -73,6 +76,9 @@ spec:
         		{
         			name:      "configmap-" + v.name
         			mountPath: v.mountPath
+        			if v.subPath != _|_ {
+        				subPath: v.subPath
+        			}
         		}
         	},
         ] | []
@@ -103,6 +109,9 @@ spec:
         		{
         			name:      "secret-" + v.name
         			mountPath: v.mountPath
+        			if v.subPath != _|_ {
+        				subPath: v.subPath
+        			}
         		}
         	},
         ] | []
@@ -133,6 +142,9 @@ spec:
         		{
         			name:      "emptydir-" + v.name
         			mountPath: v.mountPath
+        			if v.subPath != _|_ {
+        				subPath: v.subPath
+        			}
         		}
         	},
         ] | []
@@ -141,12 +153,28 @@ spec:
         		{
         			name:       "pvc-" + v.name
         			devicePath: v.mountPath
+        			if v.subPath != _|_ {
+        				subPath: v.subPath
+        			}
         		}
         	},
         ] | []
+        volumesList: pvcVolumesList + configMapVolumesList + secretVolumesList + emptyDirVolumesList
+        deDupVolumesArray: [
+        	for val in [
+        		for i, vi in volumesList {
+        			for j, vj in volumesList if j < i && vi.name == vj.name {
+        				_ignore: true
+        			}
+        			vi
+        		},
+        	] if val._ignore == _|_ {
+        		val
+        	},
+        ]
         patch: spec: template: spec: {
         	// +patchKey=name
-        	volumes: pvcVolumesList + configMapVolumesList + secretVolumesList + emptyDirVolumesList
+        	volumes: deDupVolumesArray
 
         	containers: [{
         		// +patchKey=name
@@ -234,6 +262,7 @@ spec:
         		name:              string
         		mountOnly:         *false | bool
         		mountPath:         string
+        		subPath?:          string
         		volumeMode:        *"Filesystem" | string
         		volumeName?:       string
         		accessModes:       *["ReadWriteOnce"] | [...string]
@@ -275,6 +304,7 @@ spec:
         			configMapKey: string
         		}]
         		mountPath?:  string
+        		subPath?:    string
         		defaultMode: *420 | int
         		readOnly:    *false | bool
         		data?: {...}
@@ -298,6 +328,7 @@ spec:
         			secretKey: string
         		}]
         		mountPath?:  string
+        		subPath?:    string
         		defaultMode: *420 | int
         		readOnly:    *false | bool
         		stringData?: {...}
@@ -313,6 +344,7 @@ spec:
         	emptyDir?: [...{
         		name:      string
         		mountPath: string
+        		subPath?:  string
         		medium:    *"" | "Memory"
         	}]
         }

charts/vela-core/templates/defwithtemplate/suspend.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Suspend your workflow
+    definition.oam.dev/description: Suspend the current workflow, it can be resumed by 'vela workflow resume' command.
   name: suspend
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/task.yaml

@@ -149,14 +149,14 @@ spec:
         		// +usage=Specifies a source the value of this var should come from
         		valueFrom?: {
         			// +usage=Selects a key of a secret in the pod's namespace
-        			secretKeyRef: {
+        			secretKeyRef?: {
         				// +usage=The name of the secret in the pod's namespace to select from
         				name: string
         				// +usage=The key of the secret to select from. Must be a valid secret key
         				key: string
         			}
         			// +usage=Selects a key of a config map in the pod's namespace
-        			configMapKeyRef: {
+        			configMapKeyRef?: {
         				// +usage=The name of the config map in the pod's namespace to select from
         				name: string
         				// +usage=The key of the config map to select from. Must be a valid secret key

charts/vela-core/templates/defwithtemplate/topology.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: PolicyDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Determining the destination where components should be deployed to.
+    definition.oam.dev/description: Describe the destination where components should be deployed to.
   name: topology
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/webhook.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Send webhook request to the url
+    definition.oam.dev/description: Send a request to the specified Webhook URL. If no request body is specified, the current Application body will be sent by default.
   name: webhook
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-core/templates/defwithtemplate/webservice.yaml

@@ -20,7 +20,10 @@ spec:
         		for v in parameter.volumeMounts.pvc {
         			{
         				mountPath: v.mountPath
-        				name:      v.name
+        				if v.subPath != _|_ {
+        					subPath: v.subPath
+        				}
+        				name: v.name
         			}
         		},
         	] | []
@@ -29,7 +32,10 @@ spec:
         			for v in parameter.volumeMounts.configMap {
         			{
         				mountPath: v.mountPath
-        				name:      v.name
+        				if v.subPath != _|_ {
+        					subPath: v.subPath
+        				}
+        				name: v.name
         			}
         		},
         	] | []
@@ -38,7 +44,10 @@ spec:
         		for v in parameter.volumeMounts.secret {
         			{
         				mountPath: v.mountPath
-        				name:      v.name
+        				if v.subPath != _|_ {
+        					subPath: v.subPath
+        				}
+        				name: v.name
         			}
         		},
         	] | []
@@ -47,7 +56,10 @@ spec:
         			for v in parameter.volumeMounts.emptyDir {
         			{
         				mountPath: v.mountPath
-        				name:      v.name
+        				if v.subPath != _|_ {
+        					subPath: v.subPath
+        				}
+        				name: v.name
         			}
         		},
         	] | []
@@ -56,7 +68,10 @@ spec:
         			for v in parameter.volumeMounts.hostPath {
         			{
         				mountPath: v.mountPath
-        				name:      v.name
+        				if v.subPath != _|_ {
+        					subPath: v.subPath
+        				}
+        				name: v.name
         			}
         		},
         	] | []
@@ -119,6 +134,19 @@ spec:
         		},
         	] | []
         }
+        volumesList: volumesArray.pvc + volumesArray.configMap + volumesArray.secret + volumesArray.emptyDir + volumesArray.hostPath
+        deDupVolumesArray: [
+        	for val in [
+        		for i, vi in volumesList {
+        			for j, vj in volumesList if j < i && vi.name == vj.name {
+        				_ignore: true
+        			}
+        			vi
+        		},
+        	] if val._ignore == _|_ {
+        		val
+        	},
+        ]
         output: {
         	apiVersion: "apps/v1"
         	kind:       "Deployment"
@@ -262,7 +290,7 @@ spec:
         				}
 
         				if parameter["volumeMounts"] != _|_ {
-        					volumes: volumesArray.pvc + volumesArray.configMap + volumesArray.secret + volumesArray.emptyDir + volumesArray.hostPath
+        					volumes: deDupVolumesArray
         				}
         			}
         		}
@@ -329,8 +357,8 @@ spec:
         	}]
 
         	// +ignore
-        	// +usage=Specify what kind of Service you want. options: "ClusterIP", "NodePort", "LoadBalancer", "ExternalName"
-        	exposeType: *"ClusterIP" | "NodePort" | "LoadBalancer" | "ExternalName"
+        	// +usage=Specify what kind of Service you want. options: "ClusterIP", "NodePort", "LoadBalancer"
+        	exposeType: *"ClusterIP" | "NodePort" | "LoadBalancer"
 
         	// +ignore
         	// +usage=If addRevisionLabel is true, the revision label will be added to the underlying pods
@@ -375,6 +403,7 @@ spec:
         		pvc?: [...{
         			name:      string
         			mountPath: string
+        			subPath?:  string
         			// +usage=The name of the PVC
         			claimName: string
         		}]
@@ -382,6 +411,7 @@ spec:
         		configMap?: [...{
         			name:        string
         			mountPath:   string
+        			subPath?:    string
         			defaultMode: *420 | int
         			cmName:      string
         			items?: [...{
@@ -394,6 +424,7 @@ spec:
         		secret?: [...{
         			name:        string
         			mountPath:   string
+        			subPath?:    string
         			defaultMode: *420 | int
         			secretName:  string
         			items?: [...{
@@ -406,12 +437,14 @@ spec:
         		emptyDir?: [...{
         			name:      string
         			mountPath: string
+        			subPath?:  string
         			medium:    *"" | "Memory"
         		}]
         		// +usage=Mount HostPath type volume
         		hostPath?: [...{
         			name:      string
         			mountPath: string
+        			subPath?:  string
         			path:      string
         		}]
         	}

charts/vela-core/templates/kubevela-controller.yaml

@@ -20,14 +20,53 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: "cluster-admin"
+  name: {{ if .Values.authentication.enabled }} {{ include "kubevela.fullname" . }}:manager {{ else }} "cluster-admin" {{ end }}
 subjects:
   - kind: ServiceAccount
     name: {{ include "kubevela.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
-  - kind: Group
-    name: core.oam.dev
-    apiGroup: rbac.authorization.k8s.io
+
+{{ if .Values.authentication.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "kubevela.fullname" . }}:manager
+rules:
+  - apiGroups: ["core.oam.dev", "terraform.core.oam.dev", "prism.oam.dev"]
+    resources: ["*"]
+    verbs: ["*"]
+  - apiGroups: ["cluster.open-cluster-management.io"]
+    resources: ["managedclusters"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["users", "groups", "serviceaccounts"]
+    verbs: ["impersonate"]
+  - apiGroups: [""]
+    resources: ["namespaces", "secrets", "services"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: [""]
+    resources: ["configmaps", "events"]
+    verbs: ["*"]
+  - apiGroups: ["apps"]
+    resources: ["controllerrevisions"]
+    verbs: ["*"]
+  - apiGroups: ["apiregistration.k8s.io"]
+    resources: ["apiservices"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["*"]
+  - apiGroups: ["admissionregistration.k8s.io"]
+    resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["flowcontrol.apiserver.k8s.io"]
+    resources: ["prioritylevelconfigurations", "flowschemas"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["authorization.k8s.io"]
+    resources: ["subjectaccessreviews"]
+    verbs: ["*"]
+{{ end }}
 
 ---
 # permissions to do leader election.
@@ -83,6 +122,7 @@ metadata:
   name: {{ include "kubevela.fullname" . }}
   namespace: {{ .Release.Namespace }}
   labels:
+    controller.oam.dev/name: vela-core
   {{- include "kubevela.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.replicaCount }}
@@ -175,7 +215,9 @@ spec:
             - "--max-workflow-wait-backoff-time={{ .Values.workflow.backoff.maxTime.waitState }}"
             - "--max-workflow-failed-backoff-time={{ .Values.workflow.backoff.maxTime.failedState }}"
             - "--max-workflow-step-error-retry-times={{ .Values.workflow.step.errorRetryTimes }}"
+            - "--feature-gates=EnableSuspendOnFailure={{- .Values.workflow.enableSuspendOnFailure | toString -}}"
             - "--feature-gates=AuthenticateApplication={{- .Values.authentication.enabled | toString -}}"
+            - "--feature-gates=LegacyComponentRevision={{- .Values.featureGates.enableLegacyComponentRevision | toString -}}"
             {{ if .Values.authentication.enabled }}
             {{ if .Values.authentication.withUser }}
             - "--authentication-with-user"

charts/vela-core/values.yaml

@@ -35,10 +35,12 @@ dependCheckWait: 30s
 
 ## @section KubeVela workflow parameters
 
+## @param workflow.enableSuspendOnFailure Enable suspend on workflow failure
 ## @param workflow.backoff.maxTime.waitState The max backoff time of workflow in a wait condition
 ## @param workflow.backoff.maxTime.failedState The max backoff time of workflow in a failed condition
 ## @param workflow.step.errorRetryTimes The max retry times of a failed workflow step
 workflow:
+  enableSuspendOnFailure: false
   backoff:
     maxTime:
       waitState: 60
@@ -107,6 +109,10 @@ optimize:
   disableResourceApplyDoubleCheck: false
   enableResourceTrackerDeleteOnlyTrigger: true
 
+##@param featureGates.enableLegacyComponentRevision if disabled, only component with rollout trait will create component revisions
+featureGates:
+  enableLegacyComponentRevision: false
+
 ## @section MultiCluster parameters
 
 ## @param multicluster.enabled Whether to enable multi-cluster
@@ -130,7 +136,7 @@ multicluster:
     port: 9443
     image:
       repository: oamdev/cluster-gateway
-      tag: v1.3.2
+      tag: v1.4.0
       pullPolicy: IfNotPresent
     resources:
       limits:
@@ -224,7 +230,7 @@ admissionWebhooks:
     enabled: true
     image:
       repository: oamdev/kube-webhook-certgen
-      tag: v2.4.0
+      tag: v2.4.1
       pullPolicy: IfNotPresent
     nodeSelector: {}
     affinity: {}

charts/vela-minimal/README.md

@@ -72,11 +72,12 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-minimal --
 
 ### KubeVela workflow parameters
 
-| Name                                   | Description                                            | Value |
-| -------------------------------------- | ------------------------------------------------------ | ----- |
-| `workflow.backoff.maxTime.waitState`   | The max backoff time of workflow in a wait condition   | `60`  |
-| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300` |
-| `workflow.step.errorRetryTimes`        | The max retry times of a failed workflow step          | `10`  |
+| Name                                   | Description                                            | Value   |
+| -------------------------------------- | ------------------------------------------------------ | ------- |
+| `workflow.enableSuspendOnFailure`      | Enable suspend on workflow failure                     | `false` |
+| `workflow.backoff.maxTime.waitState`   | The max backoff time of workflow in a wait condition   | `60`    |
+| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300`   |
+| `workflow.step.errorRetryTimes`        | The max retry times of a failed workflow step          | `10`    |
 
 
 ### KubeVela controller parameters
@@ -105,7 +106,7 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-minimal --
 | `multicluster.clusterGateway.replicaCount`            | ClusterGateway replica count     | `1`                              |
 | `multicluster.clusterGateway.port`                    | ClusterGateway port              | `9443`                           |
 | `multicluster.clusterGateway.image.repository`        | ClusterGateway image repository  | `oamdev/cluster-gateway`         |
-| `multicluster.clusterGateway.image.tag`               | ClusterGateway image tag         | `v1.3.2`                         |
+| `multicluster.clusterGateway.image.tag`               | ClusterGateway image tag         | `v1.4.0`                         |
 | `multicluster.clusterGateway.image.pullPolicy`        | ClusterGateway image pull policy | `IfNotPresent`                   |
 | `multicluster.clusterGateway.resources.limits.cpu`    | ClusterGateway cpu limit         | `100m`                           |
 | `multicluster.clusterGateway.resources.limits.memory` | ClusterGateway memory limit      | `200Mi`                          |

charts/vela-minimal/crds/core.oam.dev_applicationrevisions.yaml

@@ -2198,6 +2198,17 @@ spec:
                           a context in annotation. - should mark "finish" phase in
                           status.conditions.'
                         properties:
+                          mode:
+                            description: WorkflowExecuteMode defines the mode of workflow
+                              execution
+                            properties:
+                              steps:
+                                description: WorkflowMode describes the mode of workflow
+                                type: string
+                              subSteps:
+                                description: WorkflowMode describes the mode of workflow
+                                type: string
+                            type: object
                           ref:
                             type: string
                           steps:
@@ -2209,6 +2220,8 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                if:
+                                  type: string
                                 inputs:
                                   description: StepInputs defines variable input of
                                     WorkflowStep
@@ -2223,6 +2236,13 @@ spec:
                                     - parameterKey
                                     type: object
                                   type: array
+                                meta:
+                                  description: WorkflowStepMeta contains the meta
+                                    data of a workflow step
+                                  properties:
+                                    alias:
+                                      type: string
+                                  type: object
                                 name:
                                   description: Name is the unique name of the workflow
                                     step.
@@ -2253,6 +2273,8 @@ spec:
                                         items:
                                           type: string
                                         type: array
+                                      if:
+                                        type: string
                                       inputs:
                                         description: StepInputs defines variable input
                                           of WorkflowStep
@@ -2267,6 +2289,13 @@ spec:
                                           - parameterKey
                                           type: object
                                         type: array
+                                      meta:
+                                        description: WorkflowStepMeta contains the
+                                          meta data of a workflow step
+                                        properties:
+                                          alias:
+                                            type: string
+                                        type: object
                                       name:
                                         description: Name is the unique name of the
                                           workflow step.
@@ -2288,6 +2317,8 @@ spec:
                                       properties:
                                         type: object
                                         x-kubernetes-preserve-unknown-fields: true
+                                      timeout:
+                                        type: string
                                       type:
                                         type: string
                                     required:
@@ -2295,6 +2326,8 @@ spec:
                                     - type
                                     type: object
                                   type: array
+                                timeout:
+                                  type: string
                                 type:
                                   type: string
                               required:
@@ -3954,6 +3987,8 @@ spec:
                           items:
                             type: string
                           type: array
+                        if:
+                          type: string
                         inputs:
                           description: StepInputs defines variable input of WorkflowStep
                           items:
@@ -3967,6 +4002,13 @@ spec:
                             - parameterKey
                             type: object
                           type: array
+                        meta:
+                          description: WorkflowStepMeta contains the meta data of
+                            a workflow step
+                          properties:
+                            alias:
+                              type: string
+                          type: object
                         name:
                           description: Name is the unique name of the workflow step.
                           type: string
@@ -3995,6 +4037,8 @@ spec:
                                 items:
                                   type: string
                                 type: array
+                              if:
+                                type: string
                               inputs:
                                 description: StepInputs defines variable input of
                                   WorkflowStep
@@ -4009,6 +4053,13 @@ spec:
                                   - parameterKey
                                   type: object
                                 type: array
+                              meta:
+                                description: WorkflowStepMeta contains the meta data
+                                  of a workflow step
+                                properties:
+                                  alias:
+                                    type: string
+                                type: object
                               name:
                                 description: Name is the unique name of the workflow
                                   step.
@@ -4030,6 +4081,8 @@ spec:
                               properties:
                                 type: object
                                 x-kubernetes-preserve-unknown-fields: true
+                              timeout:
+                                type: string
                               type:
                                 type: string
                             required:
@@ -4037,6 +4090,8 @@ spec:
                             - type
                             type: object
                           type: array
+                        timeout:
+                          type: string
                         type:
                           type: string
                       required:

charts/vela-minimal/crds/core.oam.dev_applications.yaml

@@ -1009,6 +1009,17 @@ spec:
                   order, and each step: - will have a context in annotation. - should
                   mark "finish" phase in status.conditions.'
                 properties:
+                  mode:
+                    description: WorkflowExecuteMode defines the mode of workflow
+                      execution
+                    properties:
+                      steps:
+                        description: WorkflowMode describes the mode of workflow
+                        type: string
+                      subSteps:
+                        description: WorkflowMode describes the mode of workflow
+                        type: string
+                    type: object
                   ref:
                     type: string
                   steps:
@@ -1020,6 +1031,8 @@ spec:
                           items:
                             type: string
                           type: array
+                        if:
+                          type: string
                         inputs:
                           description: StepInputs defines variable input of WorkflowStep
                           items:
@@ -1033,6 +1046,13 @@ spec:
                             - parameterKey
                             type: object
                           type: array
+                        meta:
+                          description: WorkflowStepMeta contains the meta data of
+                            a workflow step
+                          properties:
+                            alias:
+                              type: string
+                          type: object
                         name:
                           description: Name is the unique name of the workflow step.
                           type: string
@@ -1061,6 +1081,8 @@ spec:
                                 items:
                                   type: string
                                 type: array
+                              if:
+                                type: string
                               inputs:
                                 description: StepInputs defines variable input of
                                   WorkflowStep
@@ -1075,6 +1097,13 @@ spec:
                                   - parameterKey
                                   type: object
                                 type: array
+                              meta:
+                                description: WorkflowStepMeta contains the meta data
+                                  of a workflow step
+                                properties:
+                                  alias:
+                                    type: string
+                                type: object
                               name:
                                 description: Name is the unique name of the workflow
                                   step.
@@ -1096,6 +1125,8 @@ spec:
                               properties:
                                 type: object
                                 x-kubernetes-preserve-unknown-fields: true
+                              timeout:
+                                type: string
                               type:
                                 type: string
                             required:
@@ -1103,6 +1134,8 @@ spec:
                             - type
                             type: object
                           type: array
+                        timeout:
+                          type: string
                         type:
                           type: string
                       required:

charts/vela-minimal/templates/cluster-gateway.yaml

@@ -31,7 +31,7 @@ spec:
             - "apiserver"
             - "--secure-port={{ .Values.multicluster.clusterGateway.port }}"
             - "--secret-namespace={{ .Release.Namespace }}"
-            - "--feature-gates=APIPriorityAndFairness=false"
+            - "--feature-gates=APIPriorityAndFairness=false,ClientIdentityPenetration={{ .Values.authentication.enabled }}"
             {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
             - "--cert-dir={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}"
             {{ end }}
@@ -194,24 +194,25 @@ spec:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "kubevela.fullname" . }}:cluster-gateway-access-role
+  name: {{ include "kubevela.fullname" . }}:cluster-gateway:proxy
 rules:
   - apiGroups: [ "cluster.core.oam.dev" ]
     resources: [ "clustergateways/proxy" ]
     verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
-{{ end }}
 ---
-{{ if and .Values.multicluster.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "kubevela.fullname" . }}:cluster-gateway-access-rolebinding
+  name: {{ include "kubevela.fullname" . }}:cluster-gateway:proxy
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "kubevela.fullname" . }}:cluster-gateway-access-role
+  name: {{ include "kubevela.fullname" . }}:cluster-gateway:proxy
 subjects:
   - kind: Group
-    name: cluster-gateway-accessor
+    name: kubevela:client
     apiGroup: rbac.authorization.k8s.io
+  - kind: ServiceAccount
+    name: {{ include "kubevela.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
 {{ end }}

charts/vela-minimal/templates/defwithtemplate/affinity.yaml

@@ -0,0 +1,186 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/affinity.cue
+apiVersion: core.oam.dev/v1beta1
+kind: TraitDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Affinity specifies affinity and toleration K8s pod for your workload which follows the pod spec in path 'spec.template'.
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
+  name: affinity
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  appliesToWorkloads:
+    - '*'
+  podDisruptive: true
+  schematic:
+    cue:
+      template: |
+        patch: spec: template: spec: {
+        	if parameter.podAffinity != _|_ {
+        		affinity: podAffinity: {
+        			if parameter.podAffinity.required != _|_ {
+        				requiredDuringSchedulingIgnoredDuringExecution: [
+        					for k in parameter.podAffinity.required {
+        						if k.labelSelector != _|_ {
+        							labelSelector: k.labelSelector
+        						}
+        						if k.namespace != _|_ {
+        							namespace: k.namespace
+        						}
+        						topologyKey: k.topologyKey
+        						if k.namespaceSelector != _|_ {
+        							namespaceSelector: k.namespaceSelector
+        						}
+        					}]
+        			}
+        			if parameter.podAffinity.preferred != _|_ {
+        				preferredDuringSchedulingIgnoredDuringExecution: [
+        					for k in parameter.podAffinity.preferred {
+        						weight:          k.weight
+        						podAffinityTerm: k.podAffinityTerm
+        					}]
+        			}
+        		}
+        	}
+        	if parameter.podAntiAffinity != _|_ {
+        		affinity: podAntiAffinity: {
+        			if parameter.podAntiAffinity.required != _|_ {
+        				requiredDuringSchedulingIgnoredDuringExecution: [
+        					for k in parameter.podAntiAffinity.required {
+        						if k.labelSelector != _|_ {
+        							labelSelector: k.labelSelector
+        						}
+        						if k.namespace != _|_ {
+        							namespace: k.namespace
+        						}
+        						topologyKey: k.topologyKey
+        						if k.namespaceSelector != _|_ {
+        							namespaceSelector: k.namespaceSelector
+        						}
+        					}]
+        			}
+        			if parameter.podAntiAffinity.preferred != _|_ {
+        				preferredDuringSchedulingIgnoredDuringExecution: [
+        					for k in parameter.podAntiAffinity.preferred {
+        						weight:          k.weight
+        						podAffinityTerm: k.podAffinityTerm
+        					}]
+        			}
+        		}
+        	}
+        	if parameter.nodeAffinity != _|_ {
+        		affinity: nodeAffinity: {
+        			if parameter.nodeAffinity.required != _|_ {
+        				requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: [
+        					for k in parameter.nodeAffinity.required.nodeSelectorTerms {
+        						if k.matchExpressions != _|_ {
+        							matchExpressions: k.matchExpressions
+        						}
+        						if k.matchFields != _|_ {
+        							matchFields: k.matchFields
+        						}
+        					}]
+        			}
+        			if parameter.nodeAffinity.preferred != _|_ {
+        				preferredDuringSchedulingIgnoredDuringExecution: [
+        					for k in parameter.nodeAffinity.preferred {
+        						weight:     k.weight
+        						preference: k.preference
+        					}]
+        			}
+        		}
+        	}
+        	if parameter.tolerations != _|_ {
+        		tolerations: [
+        			for k in parameter.tolerations {
+        				if k.key != _|_ {
+        					key: k.key
+        				}
+        				if k.effect != _|_ {
+        					effect: k.effect
+        				}
+        				if k.value != _|_ {
+        					value: k.value
+        				}
+        				operator: k.operator
+        				if k.tolerationSeconds != _|_ {
+        					tolerationSeconds: k.tolerationSeconds
+        				}
+        			}]
+        	}
+        }
+        #labelSelector: {
+        	matchLabels?: [string]: string
+        	matchExpressions?: [...{
+        		key:      string
+        		operator: *"In" | "NotIn" | "Exists" | "DoesNotExist"
+        		values?: [...string]
+        	}]
+        }
+        #podAffinityTerm: {
+        	labelSelector?: #labelSelector
+        	namespaces?: [...string]
+        	topologyKey:        string
+        	namespaceSelector?: #labelSelector
+        }
+        #nodeSelecor: {
+        	key:      string
+        	operator: *"In" | "NotIn" | "Exists" | "DoesNotExist" | "Gt" | "Lt"
+        	values?: [...string]
+        }
+        #nodeSelectorTerm: {
+        	matchExpressions?: [...#nodeSelecor]
+        	matchFields?: [...#nodeSelecor]
+        }
+        parameter: {
+        	// +usage=Specify the pod affinity scheduling rules
+        	podAffinity?: {
+        		// +usage=Specify the required during scheduling ignored during execution
+        		required?: [...#podAffinityTerm]
+        		// +usage=Specify the preferred during scheduling ignored during execution
+        		preferred?: [...{
+        			// +usage=Specify weight associated with matching the corresponding podAffinityTerm
+        			weight: int & >=1 & <=100
+        			// +usage=Specify a set of pods
+        			podAffinityTerm: #podAffinityTerm
+        		}]
+        	}
+        	// +usage=Specify the pod anti-affinity scheduling rules
+        	podAntiAffinity?: {
+        		// +usage=Specify the required during scheduling ignored during execution
+        		required?: [...#podAffinityTerm]
+        		// +usage=Specify the preferred during scheduling ignored during execution
+        		preferred?: [...{
+        			// +usage=Specify weight associated with matching the corresponding podAffinityTerm
+        			weight: int & >=1 & <=100
+        			// +usage=Specify a set of pods
+        			podAffinityTerm: #podAffinityTerm
+        		}]
+        	}
+        	// +usage=Specify the node affinity scheduling rules for the pod
+        	nodeAffinity?: {
+        		// +usage=Specify the required during scheduling ignored during execution
+        		required?: {
+        			// +usage=Specify a list of node selector
+        			nodeSelectorTerms: [...#nodeSelectorTerm]
+        		}
+        		// +usage=Specify the preferred during scheduling ignored during execution
+        		preferred?: [...{
+        			// +usage=Specify weight associated with matching the corresponding nodeSelector
+        			weight: int & >=1 & <=100
+        			// +usage=Specify a node selector
+        			preference: #nodeSelectorTerm
+        		}]
+        	}
+        	// +usage=Specify tolerant taint
+        	tolerations?: [...{
+        		key?:     string
+        		operator: *"Equal" | "Exists"
+        		value?:   string
+        		effect?:  "NoSchedule" | "PreferNoSchedule" | "NoExecute"
+        		// +usage=Specify the period of time the toleration
+        		tolerationSeconds?: int
+        	}]
+        }
+

charts/vela-minimal/templates/defwithtemplate/apply-application-in-parallel.yaml

@@ -6,6 +6,7 @@ metadata:
   annotations:
     definition.oam.dev/description: Apply components of an application in parallel for your workflow steps
   labels:
+    custom.definition.oam.dev/deprecated: "true"
     custom.definition.oam.dev/ui-hidden: "true"
   name: apply-application-in-parallel
   namespace: {{ include "systemDefinitionNamespace" . }}

charts/vela-minimal/templates/defwithtemplate/apply-application.yaml

@@ -4,8 +4,9 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Apply application for your workflow steps
+    definition.oam.dev/description: Apply application for your workflow steps, it has no arguments, should be used for custom steps before or after application applied.
   labels:
+    custom.definition.oam.dev/deprecated: "true"
     custom.definition.oam.dev/ui-hidden: "true"
   name: apply-application
   namespace: {{ include "systemDefinitionNamespace" . }}

charts/vela-minimal/templates/defwithtemplate/apply-object.yaml

@@ -22,9 +22,9 @@ spec:
         	cluster: parameter.cluster
         }
         parameter: {
-        	// +usage=Specify the value of the object
+        	// +usage=Specify Kubernetes native resource object to be applied
         	value: {...}
-        	// +usage=Specify the cluster of the object
+        	// +usage=The cluster you want to apply the resource to, default is the current control plane cluster
         	cluster: *"" | string
         }
 

charts/vela-minimal/templates/defwithtemplate/apply-once.yaml

@@ -0,0 +1,44 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/apply-once.cue
+apiVersion: core.oam.dev/v1beta1
+kind: PolicyDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Allow configuration drift for applied resources, delivery the resource without continuously reconciliation.
+  name: apply-once
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  schematic:
+    cue:
+      template: |
+        #ApplyOnceStrategy: {
+        	// +usage=Specify the path of the resource that allow configuration drift
+        	path: [...string]
+        }
+        #ApplyOncePolicyRule: {
+        	// +usage=Specify how to select the targets of the rule
+        	selector?: #ResourcePolicyRuleSelector
+        	// +usage=Specify the strategy for configuring the resource level configuration drift behaviour
+        	strategy: #ApplyOnceStrategy
+        }
+        #ResourcePolicyRuleSelector: {
+        	// +usage=Select resources by component names
+        	componentNames?: [...string]
+        	// +usage=Select resources by component types
+        	componentTypes?: [...string]
+        	// +usage=Select resources by oamTypes (COMPONENT or TRAIT)
+        	oamTypes?: [...string]
+        	// +usage=Select resources by trait types
+        	traitTypes?: [...string]
+        	// +usage=Select resources by resource types (like Deployment)
+        	resourceTypes?: [...string]
+        	// +usage=Select resources by their names
+        	resourceNames?: [...string]
+        }
+        parameter: {
+        	// +usage=Whether to enable apply-once for the whole application
+        	enable: *false | bool
+        	// +usage=Specify the rules for configuring apply-once policy in resource level
+        	rules?: [...#ApplyOncePolicyRule]
+        }
+

charts/vela-minimal/templates/defwithtemplate/apply-remaining.yaml

@@ -6,6 +6,7 @@ metadata:
   annotations:
     definition.oam.dev/description: Apply remaining components and traits
   labels:
+    custom.definition.oam.dev/deprecated: "true"
     custom.definition.oam.dev/ui-hidden: "true"
   name: apply-remaining
   namespace: {{ include "systemDefinitionNamespace" . }}

charts/vela-minimal/templates/defwithtemplate/config-image-registry.yaml

@@ -4,13 +4,13 @@ apiVersion: core.oam.dev/v1beta1
 kind: ComponentDefinition
 metadata:
   annotations:
-    custom.definition.oam.dev/alias.config.oam.dev: Image Registry
+    alias.config.oam.dev: Image Registry
     definition.oam.dev/description: Config information to authenticate image registry
   labels:
-    custom.definition.oam.dev/catalog.config.oam.dev: velacore-config
-    custom.definition.oam.dev/multi-cluster.config.oam.dev: "true"
-    custom.definition.oam.dev/type.config.oam.dev: image-registry
+    catalog.config.oam.dev: velacore-config
     custom.definition.oam.dev/ui-hidden: "true"
+    multi-cluster.config.oam.dev: "true"
+    type.config.oam.dev: image-registry
   name: config-image-registry
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:
@@ -20,6 +20,7 @@ spec:
         import (
         	"encoding/base64"
         	"encoding/json"
+        	"strconv"
         )
 
         output: {
@@ -42,21 +43,29 @@ spec:
         	if parameter.auth == _|_ {
         		type: "Opaque"
         	}
-        	if parameter.auth != _|_ {
-        		stringData: ".dockerconfigjson": json.Marshal({
-        			auths: "\(parameter.registry)": {
-        				username: parameter.auth.username
-        				password: parameter.auth.password
-        				if parameter.auth.email != _|_ {
-        					email: parameter.auth.email
+        	stringData: {
+        		if parameter.auth != _|_ && parameter.auth.username != _|_ {
+        			".dockerconfigjson": json.Marshal({
+        				auths: "\(parameter.registry)": {
+        					username: parameter.auth.username
+        					password: parameter.auth.password
+        					if parameter.auth.email != _|_ {
+        						email: parameter.auth.email
+        					}
+        					auth: base64.Encode(null, (parameter.auth.username + ":" + parameter.auth.password))
         				}
-        				auth: base64.Encode(null, (parameter.auth.username + ":" + parameter.auth.password))
-        			}
-        		})
+        			})
+        		}
+        		if parameter.insecure != _|_ {
+        			"insecure-skip-verify": strconv.FormatBool(parameter.insecure)
+        		}
+        		if parameter.useHTTP != _|_ {
+        			"protocol-use-http": strconv.FormatBool(parameter.useHTTP)
+        		}
         	}
         }
         parameter: {
-        	// +usage=Image registry FQDN
+        	// +usage=Image registry FQDN, such as: index.docker.io
         	registry: string
         	// +usage=Authenticate the image registry
         	auth?: {
@@ -67,6 +76,10 @@ spec:
         		// +usage=Private Image registry email
         		email?: string
         	}
+        	// +usage=For the registry server that uses the self-signed certificate
+        	insecure?: bool
+        	// +usage=For the registry server that uses the HTTP protocol
+        	useHTTP?: bool
         }
   workload:
     type: autodetects.core.oam.dev

charts/vela-minimal/templates/defwithtemplate/container-image.yaml

@@ -5,6 +5,8 @@ kind: TraitDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Set the image of the container.
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
   name: container-image
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-minimal/templates/defwithtemplate/cron-task.yaml

@@ -196,14 +196,14 @@ spec:
         		// +usage=Specifies a source the value of this var should come from
         		valueFrom?: {
         			// +usage=Selects a key of a secret in the pod's namespace
-        			secretKeyRef: {
+        			secretKeyRef?: {
         				// +usage=The name of the secret in the pod's namespace to select from
         				name: string
         				// +usage=The key of the secret to select from. Must be a valid secret key
         				key: string
         			}
         			// +usage=Selects a key of a config map in the pod's namespace
-        			configMapKeyRef: {
+        			configMapKeyRef?: {
         				// +usage=The name of the config map in the pod's namespace to select from
         				name: string
         				// +usage=The key of the config map to select from. Must be a valid secret key

charts/vela-minimal/templates/defwithtemplate/daemon.yaml

@@ -0,0 +1,574 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/daemon.cue
+apiVersion: core.oam.dev/v1beta1
+kind: ComponentDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Describes daemonset services in Kubernetes.
+  name: daemon
+  namespace: {{ include "systemDefinitionNamespace" . }}
+spec:
+  schematic:
+    cue:
+      template: |
+        import (
+        	"strconv"
+        )
+
+        mountsArray: {
+        	pvc: *[
+        		for v in parameter.volumeMounts.pvc {
+        			{
+        				mountPath: v.mountPath
+        				name:      v.name
+        			}
+        		},
+        	] | []
+
+        	configMap: *[
+        			for v in parameter.volumeMounts.configMap {
+        			{
+        				mountPath: v.mountPath
+        				name:      v.name
+        			}
+        		},
+        	] | []
+
+        	secret: *[
+        		for v in parameter.volumeMounts.secret {
+        			{
+        				mountPath: v.mountPath
+        				name:      v.name
+        			}
+        		},
+        	] | []
+
+        	emptyDir: *[
+        			for v in parameter.volumeMounts.emptyDir {
+        			{
+        				mountPath: v.mountPath
+        				name:      v.name
+        			}
+        		},
+        	] | []
+
+        	hostPath: *[
+        			for v in parameter.volumeMounts.hostPath {
+        			{
+        				mountPath: v.mountPath
+        				if v.mountPropagation != _|_ {
+        					mountPropagation: v.mountPropagation
+        				}
+        				name: v.name
+        				if v.readOnly != _|_ {
+        					readOnly: v.readOnly
+        				}
+        			}
+        		},
+        	] | []
+        }
+        volumesArray: {
+        	pvc: *[
+        		for v in parameter.volumeMounts.pvc {
+        			{
+        				name: v.name
+        				persistentVolumeClaim: claimName: v.claimName
+        			}
+        		},
+        	] | []
+
+        	configMap: *[
+        			for v in parameter.volumeMounts.configMap {
+        			{
+        				name: v.name
+        				configMap: {
+        					defaultMode: v.defaultMode
+        					name:        v.cmName
+        					if v.items != _|_ {
+        						items: v.items
+        					}
+        				}
+        			}
+        		},
+        	] | []
+
+        	secret: *[
+        		for v in parameter.volumeMounts.secret {
+        			{
+        				name: v.name
+        				secret: {
+        					defaultMode: v.defaultMode
+        					secretName:  v.secretName
+        					if v.items != _|_ {
+        						items: v.items
+        					}
+        				}
+        			}
+        		},
+        	] | []
+
+        	emptyDir: *[
+        			for v in parameter.volumeMounts.emptyDir {
+        			{
+        				name: v.name
+        				emptyDir: medium: v.medium
+        			}
+        		},
+        	] | []
+
+        	hostPath: *[
+        			for v in parameter.volumeMounts.hostPath {
+        			{
+        				name: v.name
+        				hostPath: path: v.path
+        			}
+        		},
+        	] | []
+        }
+        output: {
+        	apiVersion: "apps/v1"
+        	kind:       "DaemonSet"
+        	spec: {
+        		selector: matchLabels: "app.oam.dev/component": context.name
+
+        		template: {
+        			metadata: {
+        				labels: {
+        					if parameter.labels != _|_ {
+        						parameter.labels
+        					}
+        					if parameter.addRevisionLabel {
+        						"app.oam.dev/revision": context.revision
+        					}
+        					"app.oam.dev/name":      context.appName
+        					"app.oam.dev/component": context.name
+        				}
+        				if parameter.annotations != _|_ {
+        					annotations: parameter.annotations
+        				}
+        			}
+
+        			spec: {
+        				containers: [{
+        					name:  context.name
+        					image: parameter.image
+        					if parameter["port"] != _|_ && parameter["ports"] == _|_ {
+        						ports: [{
+        							containerPort: parameter.port
+        						}]
+        					}
+        					if parameter["ports"] != _|_ {
+        						ports: [ for v in parameter.ports {
+        							{
+        								containerPort: v.port
+        								protocol:      v.protocol
+        								if v.name != _|_ {
+        									name: v.name
+        								}
+        								if v.name == _|_ {
+        									name: "port-" + strconv.FormatInt(v.port, 10)
+        								}
+        							}}]
+        					}
+
+        					if parameter["imagePullPolicy"] != _|_ {
+        						imagePullPolicy: parameter.imagePullPolicy
+        					}
+
+        					if parameter["cmd"] != _|_ {
+        						command: parameter.cmd
+        					}
+
+        					if parameter["env"] != _|_ {
+        						env: parameter.env
+        					}
+
+        					if context["config"] != _|_ {
+        						env: context.config
+        					}
+
+        					if parameter["cpu"] != _|_ {
+        						resources: {
+        							limits: cpu:   parameter.cpu
+        							requests: cpu: parameter.cpu
+        						}
+        					}
+
+        					if parameter["memory"] != _|_ {
+        						resources: {
+        							limits: memory:   parameter.memory
+        							requests: memory: parameter.memory
+        						}
+        					}
+
+        					if parameter["volumes"] != _|_ && parameter["volumeMounts"] == _|_ {
+        						volumeMounts: [ for v in parameter.volumes {
+        							{
+        								mountPath: v.mountPath
+        								name:      v.name
+        							}}]
+        					}
+
+        					if parameter["volumeMounts"] != _|_ {
+        						volumeMounts: mountsArray.pvc + mountsArray.configMap + mountsArray.secret + mountsArray.emptyDir + mountsArray.hostPath
+        					}
+
+        					if parameter["livenessProbe"] != _|_ {
+        						livenessProbe: parameter.livenessProbe
+        					}
+
+        					if parameter["readinessProbe"] != _|_ {
+        						readinessProbe: parameter.readinessProbe
+        					}
+
+        				}]
+
+        				if parameter["hostAliases"] != _|_ {
+        					// +patchKey=ip
+        					hostAliases: parameter.hostAliases
+        				}
+
+        				if parameter["imagePullSecrets"] != _|_ {
+        					imagePullSecrets: [ for v in parameter.imagePullSecrets {
+        						name: v
+        					},
+        					]
+        				}
+
+        				if parameter["volumes"] != _|_ && parameter["volumeMounts"] == _|_ {
+        					volumes: [ for v in parameter.volumes {
+        						{
+        							name: v.name
+        							if v.type == "pvc" {
+        								persistentVolumeClaim: claimName: v.claimName
+        							}
+        							if v.type == "configMap" {
+        								configMap: {
+        									defaultMode: v.defaultMode
+        									name:        v.cmName
+        									if v.items != _|_ {
+        										items: v.items
+        									}
+        								}
+        							}
+        							if v.type == "secret" {
+        								secret: {
+        									defaultMode: v.defaultMode
+        									secretName:  v.secretName
+        									if v.items != _|_ {
+        										items: v.items
+        									}
+        								}
+        							}
+        							if v.type == "emptyDir" {
+        								emptyDir: medium: v.medium
+        							}
+        						}
+        					}]
+        				}
+
+        				if parameter["volumeMounts"] != _|_ {
+        					volumes: volumesArray.pvc + volumesArray.configMap + volumesArray.secret + volumesArray.emptyDir + volumesArray.hostPath
+        				}
+        			}
+        		}
+        	}
+        }
+        exposePorts: [
+        	for v in parameter.ports if v.expose == true {
+        		port:       v.port
+        		targetPort: v.port
+        		if v.name != _|_ {
+        			name: v.name
+        		}
+        		if v.name == _|_ {
+        			name: "port-" + strconv.FormatInt(v.port, 10)
+        		}
+        	},
+        ]
+        outputs: {
+        	if len(exposePorts) != 0 {
+        		webserviceExpose: {
+        			apiVersion: "v1"
+        			kind:       "Service"
+        			metadata: name: context.name
+        			spec: {
+        				selector: "app.oam.dev/component": context.name
+        				ports: exposePorts
+        				type:  parameter.exposeType
+        			}
+        		}
+        	}
+        }
+        parameter: {
+        	// +usage=Specify the labels in the workload
+        	labels?: [string]: string
+
+        	// +usage=Specify the annotations in the workload
+        	annotations?: [string]: string
+
+        	// +usage=Which image would you like to use for your service
+        	// +short=i
+        	image: string
+
+        	// +usage=Specify image pull policy for your service
+        	imagePullPolicy?: "Always" | "Never" | "IfNotPresent"
+
+        	// +usage=Specify image pull secrets for your service
+        	imagePullSecrets?: [...string]
+
+        	// +ignore
+        	// +usage=Deprecated field, please use ports instead
+        	// +short=p
+        	port?: int
+
+        	// +usage=Which ports do you want customer traffic sent to, defaults to 80
+        	ports?: [...{
+        		// +usage=Number of port to expose on the pod's IP address
+        		port: int
+        		// +usage=Name of the port
+        		name?: string
+        		// +usage=Protocol for port. Must be UDP, TCP, or SCTP
+        		protocol: *"TCP" | "UDP" | "SCTP"
+        		// +usage=Specify if the port should be exposed
+        		expose: *false | bool
+        	}]
+
+        	// +ignore
+        	// +usage=Specify what kind of Service you want. options: "ClusterIP", "NodePort", "LoadBalancer", "ExternalName"
+        	exposeType: *"ClusterIP" | "NodePort" | "LoadBalancer" | "ExternalName"
+
+        	// +ignore
+        	// +usage=If addRevisionLabel is true, the revision label will be added to the underlying pods
+        	addRevisionLabel: *false | bool
+
+        	// +usage=Commands to run in the container
+        	cmd?: [...string]
+
+        	// +usage=Define arguments by using environment variables
+        	env?: [...{
+        		// +usage=Environment variable name
+        		name: string
+        		// +usage=The value of the environment variable
+        		value?: string
+        		// +usage=Specifies a source the value of this var should come from
+        		valueFrom?: {
+        			// +usage=Selects a key of a secret in the pod's namespace
+        			secretKeyRef?: {
+        				// +usage=The name of the secret in the pod's namespace to select from
+        				name: string
+        				// +usage=The key of the secret to select from. Must be a valid secret key
+        				key: string
+        			}
+        			// +usage=Selects a key of a config map in the pod's namespace
+        			configMapKeyRef?: {
+        				// +usage=The name of the config map in the pod's namespace to select from
+        				name: string
+        				// +usage=The key of the config map to select from. Must be a valid secret key
+        				key: string
+        			}
+        		}
+        	}]
+
+        	// +usage=Number of CPU units for the service, like `0.5` (0.5 CPU core), `1` (1 CPU core)
+        	cpu?: string
+
+        	// +usage=Specifies the attributes of the memory resource required for the container.
+        	memory?: string
+
+        	volumeMounts?: {
+        		// +usage=Mount PVC type volume
+        		pvc?: [...{
+        			name:      string
+        			mountPath: string
+        			// +usage=The name of the PVC
+        			claimName: string
+        		}]
+        		// +usage=Mount ConfigMap type volume
+        		configMap?: [...{
+        			name:        string
+        			mountPath:   string
+        			defaultMode: *420 | int
+        			cmName:      string
+        			items?: [...{
+        				key:  string
+        				path: string
+        				mode: *511 | int
+        			}]
+        		}]
+        		// +usage=Mount Secret type volume
+        		secret?: [...{
+        			name:        string
+        			mountPath:   string
+        			defaultMode: *420 | int
+        			secretName:  string
+        			items?: [...{
+        				key:  string
+        				path: string
+        				mode: *511 | int
+        			}]
+        		}]
+        		// +usage=Mount EmptyDir type volume
+        		emptyDir?: [...{
+        			name:      string
+        			mountPath: string
+        			medium:    *"" | "Memory"
+        		}]
+        		// +usage=Mount HostPath type volume
+        		hostPath?: [...{
+        			name:              string
+        			mountPath:         string
+        			mountPropagation?: "None" | "HostToContainer" | "Bidirectional"
+        			path:              string
+        			readOnly?:         bool
+        		}]
+        	}
+
+        	// +usage=Deprecated field, use volumeMounts instead.
+        	volumes?: [...{
+        		name:      string
+        		mountPath: string
+        		// +usage=Specify volume type, options: "pvc","configMap","secret","emptyDir"
+        		type: "pvc" | "configMap" | "secret" | "emptyDir"
+        		if type == "pvc" {
+        			claimName: string
+        		}
+        		if type == "configMap" {
+        			defaultMode: *420 | int
+        			cmName:      string
+        			items?: [...{
+        				key:  string
+        				path: string
+        				mode: *511 | int
+        			}]
+        		}
+        		if type == "secret" {
+        			defaultMode: *420 | int
+        			secretName:  string
+        			items?: [...{
+        				key:  string
+        				path: string
+        				mode: *511 | int
+        			}]
+        		}
+        		if type == "emptyDir" {
+        			medium: *"" | "Memory"
+        		}
+        	}]
+
+        	// +usage=Instructions for assessing whether the container is alive.
+        	livenessProbe?: #HealthProbe
+
+        	// +usage=Instructions for assessing whether the container is in a suitable state to serve traffic.
+        	readinessProbe?: #HealthProbe
+
+        	// +usage=Specify the hostAliases to add
+        	hostAliases?: [...{
+        		ip: string
+        		hostnames: [...string]
+        	}]
+        }
+        #HealthProbe: {
+
+        	// +usage=Instructions for assessing container health by executing a command. Either this attribute or the httpGet attribute or the tcpSocket attribute MUST be specified. This attribute is mutually exclusive with both the httpGet attribute and the tcpSocket attribute.
+        	exec?: {
+        		// +usage=A command to be executed inside the container to assess its health. Each space delimited token of the command is a separate array element. Commands exiting 0 are considered to be successful probes, whilst all other exit codes are considered failures.
+        		command: [...string]
+        	}
+
+        	// +usage=Instructions for assessing container health by executing an HTTP GET request. Either this attribute or the exec attribute or the tcpSocket attribute MUST be specified. This attribute is mutually exclusive with both the exec attribute and the tcpSocket attribute.
+        	httpGet?: {
+        		// +usage=The endpoint, relative to the port, to which the HTTP GET request should be directed.
+        		path: string
+        		// +usage=The TCP socket within the container to which the HTTP GET request should be directed.
+        		port:    int
+        		host?:   string
+        		scheme?: *"HTTP" | string
+        		httpHeaders?: [...{
+        			name:  string
+        			value: string
+        		}]
+        	}
+
+        	// +usage=Instructions for assessing container health by probing a TCP socket. Either this attribute or the exec attribute or the httpGet attribute MUST be specified. This attribute is mutually exclusive with both the exec attribute and the httpGet attribute.
+        	tcpSocket?: {
+        		// +usage=The TCP socket within the container that should be probed to assess container health.
+        		port: int
+        	}
+
+        	// +usage=Number of seconds after the container is started before the first probe is initiated.
+        	initialDelaySeconds: *0 | int
+
+        	// +usage=How often, in seconds, to execute the probe.
+        	periodSeconds: *10 | int
+
+        	// +usage=Number of seconds after which the probe times out.
+        	timeoutSeconds: *1 | int
+
+        	// +usage=Minimum consecutive successes for the probe to be considered successful after having failed.
+        	successThreshold: *1 | int
+
+        	// +usage=Number of consecutive failures required to determine the container is not alive (liveness probe) or not ready (readiness probe).
+        	failureThreshold: *3 | int
+        }
+  status:
+    customStatus: |-
+      ready: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.numberReady != _|_ {
+      		replicas: context.output.status.numberReady
+      	}
+      }
+      desired: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.desiredNumberScheduled != _|_ {
+      		replicas: context.output.status.desiredNumberScheduled
+      	}
+      }
+      message: "Ready:\(ready.replicas)/\(desired.replicas)"
+    healthPolicy: |-
+      ready: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.numberReady != _|_ {
+      		replicas: context.output.status.numberReady
+      	}
+      }
+      desired: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.desiredNumberScheduled != _|_ {
+      		replicas: context.output.status.desiredNumberScheduled
+      	}
+      }
+      current: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.currentNumberScheduled != _|_ {
+      		replicas: context.output.status.currentNumberScheduled
+      	}
+      }
+      updated: {
+      	replicas: *0 | int
+      } & {
+      	if context.output.status.updatedNumberScheduled != _|_ {
+      		replicas: context.output.status.updatedNumberScheduled
+      	}
+      }
+      generation: {
+      	metadata: context.output.metadata.generation
+      	observed: *0 | int
+      } & {
+      	if context.output.status.observedGeneration != _|_ {
+      		observed: context.output.status.observedGeneration
+      	}
+      }
+      isHealth: (desired.replicas == ready.replicas) && (desired.replicas == updated.replicas) && (desired.replicas == current.replicas) && (generation.observed == generation.metadata || generation.observed > generation.metadata)
+  workload:
+    definition:
+      apiVersion: apps/v1
+      kind: DaemonSet
+    type: daemonsets.apps
+

charts/vela-minimal/templates/defwithtemplate/depends-on-app.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: check or install depends-on Application
+    definition.oam.dev/description: Wait for the specified Application to complete.
   labels:
     custom.definition.oam.dev/ui-hidden: "true"
   name: depends-on-app

charts/vela-minimal/templates/defwithtemplate/deploy-cloud-resource.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Deploy cloud resource and bind secret to clusters
+    definition.oam.dev/description: Deploy cloud resource and deliver secret to multi clusters.
   name: deploy-cloud-resource
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:

charts/vela-minimal/templates/defwithtemplate/deploy.yaml

@@ -4,7 +4,7 @@ apiVersion: core.oam.dev/v1beta1
 kind: WorkflowStepDefinition
 metadata:
   annotations:
-    definition.oam.dev/description: Deploy components with policies.
+    definition.oam.dev/description: A powerful and unified deploy step for components multi-cluster delivery with policies.
   name: deploy
   namespace: {{ include "systemDefinitionNamespace" . }}
 spec:
@@ -21,9 +21,9 @@ spec:
         	ignoreTerraformComponent: parameter.ignoreTerraformComponent
         }
         parameter: {
-        	//+usage=If set false, the workflow will be suspend before this step.
+        	//+usage=If set to false, the workflow will suspend automatically before this step, default to be true.
         	auto: *true | bool
-        	//+usage=Declare the policies used for this step.
+        	//+usage=Declare the policies that used for this deployment. If not specified, the components will be deployed to the hub cluster.
         	policies?: [...string]
         	//+usage=Maximum number of concurrent delivered components.
         	parallelism: *5 | int

charts/vela-minimal/templates/defwithtemplate/deploy2runtime.yaml

@@ -6,6 +6,7 @@ metadata:
   annotations:
     definition.oam.dev/description: Deploy application to runtime clusters
   labels:
+    custom.definition.oam.dev/deprecated: "true"
     custom.definition.oam.dev/ui-hidden: "true"
   name: deploy2runtime
   namespace: {{ include "systemDefinitionNamespace" . }}

charts/vela-minimal/templates/defwithtemplate/env.yaml

@@ -62,7 +62,8 @@ spec:
         					}
         				}
         			}] + [ for k, v in _params.env if _delKeys[k] == _|_ && (_params.replace || _baseEnvMap[k] == _|_) {
-        				v
+        				name:  k
+        				value: v
         			}]
         		}
         	}