mirror of
https://github.com/kubevela/kubevela.git
synced 2026-02-23 14:23:54 +00:00
Compare commits
121 Commits
release-1.
...
v1.10.7
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
a2fe0b9fdc | ||
|
|
217a71e598 | ||
|
|
bbbdd0d299 | ||
|
|
f89622eec7 | ||
|
|
8401ff4d85 | ||
|
|
17b7edca9e | ||
|
|
773149aa53 | ||
|
|
a8b652e59d | ||
|
|
36f217e258 | ||
|
|
c298c0eb06 | ||
|
|
8aabc9f789 | ||
|
|
af1ce628d1 | ||
|
|
707ae396ce | ||
|
|
c0e906629e | ||
|
|
90e601a51e | ||
|
|
2139c813ad | ||
|
|
d6ad578070 | ||
|
|
2758afb1b2 | ||
|
|
70e6c9a49f | ||
|
|
2d46bb300f | ||
|
|
6fbeb6887f | ||
|
|
e533898192 | ||
|
|
72d5c2f0a5 | ||
|
|
e8428e704c | ||
|
|
56bc3b02e9 | ||
|
|
af1fb9a0fd | ||
|
|
8b7950cf61 | ||
|
|
a5de74ec1e | ||
|
|
3aa94842fb | ||
|
|
1a934e1618 | ||
|
|
721c75e44a | ||
|
|
d598d0a6fd | ||
|
|
4a9ecd9ce7 | ||
|
|
a27261bd14 | ||
|
|
0b6092cf2b | ||
|
|
aebccf90d0 | ||
|
|
3f5b5e6593 | ||
|
|
b5a9925042 | ||
|
|
c79f03fe92 | ||
|
|
fedcca1c7b | ||
|
|
b601d28afd | ||
|
|
7d72fa904c | ||
|
|
4d6fa58c0f | ||
|
|
26123cf671 | ||
|
|
ad9cda63c9 | ||
|
|
011e1f1445 | ||
|
|
974d3e88bf | ||
|
|
ef9b6f3cc1 | ||
|
|
144e96df31 | ||
|
|
5ee9c8b38c | ||
|
|
d3ce7ad118 | ||
|
|
a1145f21fe | ||
|
|
edf3be272e | ||
|
|
b4f9db4af8 | ||
|
|
78c0b2c04e | ||
|
|
5d42a3b507 | ||
|
|
1588736b4e | ||
|
|
27965fb8aa | ||
|
|
262daacb63 | ||
|
|
fb17af5e75 | ||
|
|
5122eb575b | ||
|
|
d93e292142 | ||
|
|
f9e15c55ad | ||
|
|
af7f623cba | ||
|
|
d487012468 | ||
|
|
fc8888cb4d | ||
|
|
9558cb8491 | ||
|
|
bde50df3e5 | ||
|
|
dba2676cd9 | ||
|
|
8ee02c6506 | ||
|
|
0751c15ee5 | ||
|
|
1a16e52e36 | ||
|
|
853a077107 | ||
|
|
c5d9f69c9c | ||
|
|
e0f162e47d | ||
|
|
d9fcebb9e8 | ||
|
|
c48ded1994 | ||
|
|
424e433963 | ||
|
|
b51957ef9f | ||
|
|
cd0b0988f9 | ||
|
|
ead624e553 | ||
|
|
f5aed7aefd | ||
|
|
30249d5297 | ||
|
|
472e1f1e59 | ||
|
|
33cd16d425 | ||
|
|
793ba55455 | ||
|
|
711c9f0053 | ||
|
|
bc15e5b359 | ||
|
|
d0d7beb700 | ||
|
|
e63d8c33ec | ||
|
|
3779f828ae | ||
|
|
4d744a35d4 | ||
|
|
9f09436359 | ||
|
|
c6765c6ff0 | ||
|
|
a5606b7808 | ||
|
|
a6bd2d5fc3 | ||
|
|
f7b1eee7f3 | ||
|
|
903f3dfe44 | ||
|
|
0f780dec75 | ||
|
|
b1d62aa6ca | ||
|
|
613174384a | ||
|
|
3f87c6f2e7 | ||
|
|
9370981639 | ||
|
|
0f978aed40 | ||
|
|
4f8bf44684 | ||
|
|
a565b48ae6 | ||
|
|
9993fba94d | ||
|
|
e3f0a6006d | ||
|
|
4aeeaa7294 | ||
|
|
5dbbbce4ea | ||
|
|
a0ae9c68ee | ||
|
|
eba6a7001b | ||
|
|
79bf139958 | ||
|
|
82dad1ebbb | ||
|
|
c085d83aa8 | ||
|
|
52873eb7da | ||
|
|
d5709623ae | ||
|
|
de4f89e914 | ||
|
|
fdcdf659d8 | ||
|
|
856718ef8e | ||
|
|
dbd230e7ff |
30
.github/CODEOWNERS
vendored
30
.github/CODEOWNERS
vendored
@@ -1,35 +1,35 @@
|
||||
# This file is a github code protect rule follow the codeowners https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners#example-of-a-codeowners-file
|
||||
|
||||
* @barnettZQG @wonderflow @leejanee @Somefive @jefree-cat @FogDong @wangyikewxgm @chivalryq
|
||||
design/ @barnettZQG @leejanee @wonderflow @Somefive @jefree-cat @FogDong
|
||||
* @barnettZQG @wonderflow @leejanee @Somefive @jefree-cat @FogDong @wangyikewxgm @chivalryq @anoop2811
|
||||
design/ @barnettZQG @leejanee @wonderflow @Somefive @jefree-cat @FogDong @anoop2811
|
||||
|
||||
# Owner of Core Controllers
|
||||
pkg/controller/core.oam.dev @Somefive @FogDong @barnettZQG @wonderflow @wangyikewxgm @chivalryq
|
||||
pkg/controller/core.oam.dev @Somefive @FogDong @barnettZQG @wonderflow @wangyikewxgm @chivalryq @anoop2811
|
||||
|
||||
# Owner of Standard Controllers
|
||||
pkg/controller/standard.oam.dev @wangyikewxgm @barnettZQG @wonderflow @Somefive
|
||||
pkg/controller/standard.oam.dev @wangyikewxgm @barnettZQG @wonderflow @Somefive @anoop2811 @FogDong
|
||||
|
||||
# Owner of CUE
|
||||
pkg/cue @leejanee @FogDong @Somefive
|
||||
pkg/stdlib @leejanee @FogDong @Somefive
|
||||
pkg/cue @leejanee @FogDong @Somefive @anoop2811
|
||||
pkg/stdlib @leejanee @FogDong @Somefive @anoop2811
|
||||
|
||||
# Owner of Workflow
|
||||
pkg/workflow @leejanee @FogDong @Somefive @wangyikewxgm @chivalryq
|
||||
pkg/workflow @leejanee @FogDong @Somefive @wangyikewxgm @chivalryq @anoop2811
|
||||
|
||||
# Owner of vela templates
|
||||
vela-templates/ @Somefive @barnettZQG @wonderflow @FogDong @wangyikewxgm @chivalryq
|
||||
vela-templates/ @Somefive @barnettZQG @wonderflow @FogDong @wangyikewxgm @chivalryq @anoop2811
|
||||
|
||||
# Owner of vela CLI
|
||||
references/cli/ @Somefive @zzxwill @StevenLeiZhang @charlie0129 @wangyikewxgm @chivalryq
|
||||
references/cli/ @Somefive @StevenLeiZhang @charlie0129 @wangyikewxgm @chivalryq @anoop2811 @FogDong
|
||||
|
||||
# Owner of vela addon framework
|
||||
pkg/addon/ @wangyikewxgm @wonderflow @charlie0129
|
||||
pkg/addon/ @wangyikewxgm @wonderflow @charlie0129 @anoop2811 @FogDong
|
||||
|
||||
# Owner of resource keeper and tracker
|
||||
pkg/resourcekeeper @Somefive @FogDong @chivalryq
|
||||
pkg/resourcetracker @Somefive @FogDong @chivalryq
|
||||
pkg/resourcekeeper @Somefive @FogDong @chivalryq @anoop2811
|
||||
pkg/resourcetracker @Somefive @FogDong @chivalryq @anoop2811
|
||||
|
||||
.github/ @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm
|
||||
makefiles @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm
|
||||
go.* @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm
|
||||
.github/ @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm @anoop2811
|
||||
makefiles @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm @anoop2811
|
||||
go.* @chivalryq @wonderflow @Somefive @FogDong @wangyikewxgm @anoop2811
|
||||
|
||||
|
||||
35
.github/actions/deploy-current-branch/README.md
vendored
Normal file
35
.github/actions/deploy-current-branch/README.md
vendored
Normal file
@@ -0,0 +1,35 @@
|
||||
# Deploy Current Branch Action
|
||||
|
||||
This GitHub composite action builds a Docker image from the current branch commit and deploys it to a KubeVela cluster for development testing.
|
||||
|
||||
## What it does
|
||||
|
||||
- Generates a unique image tag from the latest commit hash
|
||||
- Builds and loads the Docker image into a KinD cluster
|
||||
- Applies KubeVela CRDs for upgrade safety
|
||||
- Upgrades the KubeVela Helm release to use the local development image
|
||||
- Verifies deployment status and the running image version
|
||||
|
||||
## Usage
|
||||
|
||||
```yaml
|
||||
- name: Deploy Current Branch
|
||||
uses: ./path/to/this/action
|
||||
```
|
||||
|
||||
## Requirements
|
||||
|
||||
- Docker, Helm, kubectl, and KinD must be available in your runner environment
|
||||
- Kubernetes cluster access
|
||||
- `charts/vela-core/crds` directory with CRDs
|
||||
- Valid Helm chart at `charts/vela-core`
|
||||
|
||||
## Steps performed
|
||||
|
||||
1. **Generate commit hash for image tag**
|
||||
2. **Build & load Docker image into KinD**
|
||||
3. **Pre-apply chart CRDs**
|
||||
4. **Upgrade KubeVela using local image**
|
||||
5. **Verify deployment and image version**
|
||||
|
||||
---
|
||||
89
.github/actions/deploy-current-branch/action.yaml
vendored
Normal file
89
.github/actions/deploy-current-branch/action.yaml
vendored
Normal file
@@ -0,0 +1,89 @@
|
||||
name: 'Deploy Current Branch'
|
||||
description: 'Builds Docker image from current branch commit and deploys it to KubeVela cluster for development testing'
|
||||
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Git Commit Hash Generation
|
||||
# Generate unique image tag from current branch's latest commit
|
||||
# ========================================================================
|
||||
- name: Get commit hash
|
||||
id: commit_hash
|
||||
shell: bash
|
||||
run: |
|
||||
COMMIT_HASH="git-$(git rev-parse --short HEAD)"
|
||||
echo "Using commit hash: $COMMIT_HASH"
|
||||
echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV
|
||||
|
||||
# ========================================================================
|
||||
# Docker Image Build and Cluster Loading
|
||||
# Build development image from current code and load into KinD cluster
|
||||
# ========================================================================
|
||||
- name: Build and load Docker image
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Building development image: vela-core-test:${{ env.COMMIT_HASH }}"
|
||||
|
||||
mkdir -p $HOME/tmp/
|
||||
|
||||
docker build --no-cache \
|
||||
-t vela-core-test:${{ env.COMMIT_HASH }} \
|
||||
-f Dockerfile .
|
||||
|
||||
echo "Loading image into KinD cluster..."
|
||||
TMPDIR=$HOME/tmp/ kind load docker-image vela-core-test:${{ env.COMMIT_HASH }}
|
||||
|
||||
# ========================================================================
|
||||
# Custom Resource Definitions Application
|
||||
# Pre-apply CRDs to ensure upgrade compatibility and prevent conflicts
|
||||
# ========================================================================
|
||||
- name: Pre-apply CRDs from target chart (upgrade-safe)
|
||||
shell: bash
|
||||
run: |
|
||||
CRD_DIR="charts/vela-core/crds"
|
||||
|
||||
echo "Applying CRDs idempotently..."
|
||||
kubectl apply -f "${CRD_DIR}"
|
||||
|
||||
# ========================================================================
|
||||
# KubeVela Helm Chart Upgrade
|
||||
# Upgrade existing installation to use locally built development image
|
||||
# ========================================================================
|
||||
- name: Upgrade KubeVela to development image
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Upgrading KubeVela to development version..."
|
||||
helm upgrade kubevela ./charts/vela-core \
|
||||
--namespace vela-system \
|
||||
--set image.repository=vela-core-test \
|
||||
--set image.tag=${{ env.COMMIT_HASH }} \
|
||||
--set image.pullPolicy=IfNotPresent \
|
||||
--timeout 5m \
|
||||
--wait \
|
||||
--debug
|
||||
|
||||
# ========================================================================
|
||||
# Deployment Status Verification
|
||||
# Verify successful upgrade and confirm correct image deployment
|
||||
# ========================================================================
|
||||
- name: Verify deployment status
|
||||
shell: bash
|
||||
run: |
|
||||
echo "=== DEPLOYMENT VERIFICATION ==="
|
||||
echo "Verifying upgrade to local development image..."
|
||||
|
||||
echo "--- Pod Status ---"
|
||||
kubectl get pods -n vela-system
|
||||
|
||||
echo "--- Deployment Rollout ---"
|
||||
kubectl rollout status deployment/kubevela-vela-core \
|
||||
-n vela-system \
|
||||
--timeout=300s
|
||||
|
||||
echo "--- Deployed Image Version ---"
|
||||
kubectl get deployment kubevela-vela-core \
|
||||
-n vela-system \
|
||||
-o yaml | grep "image:" | head -1
|
||||
|
||||
echo "Deployment verification completed successfully!"
|
||||
32
.github/actions/deploy-latest-release/README.md
vendored
Normal file
32
.github/actions/deploy-latest-release/README.md
vendored
Normal file
@@ -0,0 +1,32 @@
|
||||
# Install Latest KubeVela Release Action
|
||||
|
||||
This GitHub composite action installs the latest stable KubeVela release from the official Helm repository and verifies its deployment status.
|
||||
|
||||
## What it does
|
||||
|
||||
- Discovers the latest stable KubeVela release tag from GitHub
|
||||
- Adds and updates the official KubeVela Helm chart repository
|
||||
- Installs KubeVela into the `vela-system` namespace (using Helm)
|
||||
- Verifies pod status and deployment rollout for successful installation
|
||||
|
||||
## Usage
|
||||
|
||||
```yaml
|
||||
- name: Install Latest KubeVela Release
|
||||
uses: ./path/to/this/action
|
||||
```
|
||||
|
||||
## Requirements
|
||||
|
||||
- Helm, kubectl, jq, and curl must be available in your runner environment
|
||||
- Kubernetes cluster access
|
||||
|
||||
## Steps performed
|
||||
|
||||
1. **Release Tag Discovery:** Fetches latest stable tag (without `v` prefix)
|
||||
2. **Helm Repo Setup:** Adds/updates KubeVela Helm chart repo
|
||||
3. **Install KubeVela:** Installs latest release in the `vela-system` namespace
|
||||
4. **Status Verification:** Checks pod status and rollout for readiness
|
||||
|
||||
---
|
||||
|
||||
68
.github/actions/deploy-latest-release/action.yaml
vendored
Normal file
68
.github/actions/deploy-latest-release/action.yaml
vendored
Normal file
@@ -0,0 +1,68 @@
|
||||
name: 'Install Latest KubeVela Release'
|
||||
description: 'Installs the latest stable KubeVela release from official Helm repository with status verification'
|
||||
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Latest Release Tag Discovery
|
||||
# Fetch current stable release version from GitHub API
|
||||
# ========================================================================
|
||||
- name: Get latest KubeVela release tag (no v prefix)
|
||||
id: get_latest_tag
|
||||
shell: bash
|
||||
run: |
|
||||
TAG=$(curl -s https://api.github.com/repos/kubevela/kubevela/releases/latest | \
|
||||
jq -r ".tag_name" | \
|
||||
awk '{sub(/^v/, ""); print}')
|
||||
echo "LATEST_TAG=$TAG" >> $GITHUB_ENV
|
||||
echo "Discovered latest release: $TAG"
|
||||
|
||||
# ========================================================================
|
||||
# Helm Repository Configuration
|
||||
# Add and update official KubeVela chart repository
|
||||
# ========================================================================
|
||||
- name: Add KubeVela Helm repo
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Adding KubeVela Helm repository..."
|
||||
helm repo add kubevela https://kubevela.github.io/charts
|
||||
helm repo update
|
||||
echo "Helm repository configuration completed"
|
||||
|
||||
# ========================================================================
|
||||
# KubeVela Stable Release Installation
|
||||
# Deploy latest stable version to vela-system namespace
|
||||
# ========================================================================
|
||||
- name: Install KubeVela ${{ env.LATEST_TAG }}
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Installing KubeVela version: ${{ env.LATEST_TAG }}"
|
||||
helm install \
|
||||
--create-namespace \
|
||||
-n vela-system \
|
||||
kubevela kubevela/vela-core \
|
||||
--version ${{ env.LATEST_TAG }} \
|
||||
--timeout 10m \
|
||||
--wait
|
||||
echo "KubeVela installation completed"
|
||||
|
||||
# ========================================================================
|
||||
# Installation Status Verification
|
||||
# Verify successful deployment and readiness of KubeVela components
|
||||
# ========================================================================
|
||||
- name: Post-install status
|
||||
shell: bash
|
||||
run: |
|
||||
echo "=== INSTALLATION VERIFICATION ==="
|
||||
echo "Verifying KubeVela deployment status..."
|
||||
|
||||
echo "--- Pod Status ---"
|
||||
kubectl get pods -n vela-system
|
||||
|
||||
echo "--- Deployment Rollout ---"
|
||||
kubectl rollout status deployment/kubevela-vela-core \
|
||||
-n vela-system \
|
||||
--timeout=300s
|
||||
|
||||
echo "KubeVela installation verification completed successfully!"
|
||||
51
.github/actions/e2e-test/README.md
vendored
Normal file
51
.github/actions/e2e-test/README.md
vendored
Normal file
@@ -0,0 +1,51 @@
|
||||
# Kubevela K8s Upgrade E2E Test Action
|
||||
|
||||
A comprehensive GitHub composite action for running KubeVela Kubernetes upgrade end-to-end (E2E) tests with complete environment setup, multiple test suites, and failure diagnostics.
|
||||
|
||||
|
||||
> **Note**: This action requires the `GO_VERSION` environment variable to be set in your workflow.
|
||||
|
||||
## Quick Start
|
||||
|
||||
### Basic Usage
|
||||
|
||||
```yaml
|
||||
name: E2E Tests
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
e2e-tests:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
GO_VERSION: '1.23.8'
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Run KubeVela E2E Tests
|
||||
uses: ./.github/actions/upgrade-e2e-test
|
||||
```
|
||||
|
||||
## Test Flow Diagram
|
||||
|
||||
```
|
||||
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
|
||||
│ Environment │ │ E2E Environment │ │ Test Execution │
|
||||
│ Setup │───▶│ Preparation │───▶│ (3 Suites) │
|
||||
│ │ │ │ │ │
|
||||
│ • Install tools │ │ • Cleanup │ │ • API tests │
|
||||
│ • Setup Go │ │ • Core setup │ │ • Addon tests │
|
||||
│ • Dependencies │ │ • Helm tests │ │ • General tests │
|
||||
│ • Build project │ │ │ │ │
|
||||
└─────────────────┘ └──────────────────┘ └─────────────────┘
|
||||
│
|
||||
▼
|
||||
┌─────────────────┐
|
||||
│ Diagnostics │
|
||||
│ (On Failure) │
|
||||
│ │
|
||||
│ • Cluster logs │
|
||||
│ • System events │
|
||||
│ • Test artifacts│
|
||||
└─────────────────┘
|
||||
```
|
||||
96
.github/actions/e2e-test/action.yaml
vendored
Normal file
96
.github/actions/e2e-test/action.yaml
vendored
Normal file
@@ -0,0 +1,96 @@
|
||||
name: 'Kubevela K8s Upgrade e2e Test'
|
||||
description: 'Runs Kubevela K8s upgrade e2e tests, uploads coverage, and collects diagnostics on failure.'
|
||||
|
||||
inputs:
|
||||
codecov-token:
|
||||
description: 'Codecov token for uploading coverage reports'
|
||||
required: false
|
||||
default: ''
|
||||
codecov-enable:
|
||||
description: 'Enable codecov coverage upload'
|
||||
required: false
|
||||
default: 'false'
|
||||
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Environment Setup
|
||||
# ========================================================================
|
||||
- name: Configure environment setup
|
||||
uses: ./.github/actions/env-setup
|
||||
|
||||
- name: Build project
|
||||
shell: bash
|
||||
run: make
|
||||
|
||||
# ========================================================================
|
||||
# E2E Test Environment Preparation
|
||||
# ========================================================================
|
||||
- name: Prepare e2e environment
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Preparing e2e test environment..."
|
||||
make e2e-cleanup
|
||||
make e2e-setup-core
|
||||
|
||||
echo "Running Helm tests..."
|
||||
helm test -n vela-system kubevela --timeout 5m
|
||||
|
||||
# ========================================================================
|
||||
# E2E Test Execution
|
||||
# ========================================================================
|
||||
- name: Run API e2e tests
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Running API e2e tests..."
|
||||
make e2e-api-test
|
||||
|
||||
- name: Run addon e2e tests
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Running addon e2e tests..."
|
||||
make e2e-addon-test
|
||||
|
||||
- name: Run general e2e tests
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Running general e2e tests..."
|
||||
make e2e-test
|
||||
|
||||
- name: Upload coverage report
|
||||
if: ${{ inputs.codecov-enable == 'true' }}
|
||||
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24
|
||||
with:
|
||||
token: ${{ inputs.codecov-token }}
|
||||
files: ./coverage.txt
|
||||
flags: core-unittests
|
||||
name: codecov-umbrella
|
||||
fail_ci_if_error: false
|
||||
|
||||
# ========================================================================
|
||||
# Failure Diagnostics
|
||||
# ========================================================================
|
||||
- name: Collect failure diagnostics
|
||||
if: failure()
|
||||
shell: bash
|
||||
run: |
|
||||
echo "=== FAILURE DIAGNOSTICS ==="
|
||||
echo "Collecting diagnostic information for debugging..."
|
||||
|
||||
echo "--- Cluster Status ---"
|
||||
kubectl get nodes -o wide || true
|
||||
kubectl get pods -A || true
|
||||
|
||||
echo "--- KubeVela System Logs ---"
|
||||
kubectl logs -n vela-system -l app.kubernetes.io/name=vela-core --tail=100 || true
|
||||
|
||||
echo "--- Recent Events ---"
|
||||
kubectl get events -A --sort-by='.lastTimestamp' --field-selector type!=Normal || true
|
||||
|
||||
echo "--- Helm Release Status ---"
|
||||
helm list -A || true
|
||||
helm status kubevela -n vela-system || true
|
||||
|
||||
echo "--- Test Artifacts ---"
|
||||
find . -name "*.log" -type f -exec echo "=== {} ===" \; -exec cat {} \; || true
|
||||
67
.github/actions/env-setup/README.md
vendored
Normal file
67
.github/actions/env-setup/README.md
vendored
Normal file
@@ -0,0 +1,67 @@
|
||||
# Kubevela Test Environment Setup Action
|
||||
|
||||
A GitHub Actions composite action that sets up a complete testing environment for Kubevela projects with Go, Kubernetes tools, and the Ginkgo testing framework.
|
||||
|
||||
## Features
|
||||
|
||||
- 🛠️ **System Dependencies**: Installs essential build tools (make, gcc, jq, curl, etc.)
|
||||
- ☸️ **Kubernetes Tools**: Sets up kubectl and Helm for cluster operations
|
||||
- 🐹 **Go Environment**: Configurable Go version with module caching
|
||||
- 📦 **Dependency Management**: Downloads and verifies Go module dependencies
|
||||
- 🧪 **Testing Framework**: Installs Ginkgo v2 for BDD-style testing
|
||||
|
||||
## Usage
|
||||
|
||||
```yaml
|
||||
- name: Setup Kubevela Test Environment
|
||||
uses: ./path/to/this/action
|
||||
with:
|
||||
go-version: '1.23.8' # Optional: Go version (default: 1.23.8)
|
||||
```
|
||||
|
||||
### Example Workflow
|
||||
|
||||
```yaml
|
||||
name: Kubevela Tests
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Test Environment
|
||||
uses: ./path/to/this/action
|
||||
with:
|
||||
go-version: '1.21'
|
||||
|
||||
- name: Run Tests
|
||||
run: |
|
||||
ginkgo -r ./tests/e2e/
|
||||
```
|
||||
|
||||
## Inputs
|
||||
|
||||
| Input | Description | Required | Default | Usage |
|
||||
|-------|-------------|----------|---------|-------|
|
||||
| `go-version` | Go version to install and use | No | `1.23.8` | Specify Go version for your project |
|
||||
|
||||
## What This Action Installs
|
||||
|
||||
### System Tools
|
||||
- **make**: Build automation tool
|
||||
- **gcc**: GNU Compiler Collection
|
||||
- **jq**: JSON processor for shell scripts
|
||||
- **ca-certificates**: SSL/TLS certificates
|
||||
- **curl**: HTTP client for downloads
|
||||
- **gnupg**: GNU Privacy Guard for security
|
||||
|
||||
### Kubernetes Ecosystem
|
||||
- **kubectl**: Kubernetes command-line tool (latest stable)
|
||||
- **helm**: Kubernetes package manager (latest stable)
|
||||
|
||||
### Go Development
|
||||
- **Go Runtime**: Specified version with module caching enabled
|
||||
- **Go Modules**: Downloaded and verified dependencies
|
||||
- **Ginkgo v2.14.0**: BDD testing framework for Go
|
||||
72
.github/actions/env-setup/action.yaml
vendored
Normal file
72
.github/actions/env-setup/action.yaml
vendored
Normal file
@@ -0,0 +1,72 @@
|
||||
name: 'Kubevela Test Environment Setup'
|
||||
description: 'Sets up complete testing environment for Kubevela with Go, Kubernetes tools, and Ginkgo framework for E2E testing.'
|
||||
|
||||
inputs:
|
||||
go-version:
|
||||
description: 'Go version to use for testing'
|
||||
required: false
|
||||
default: '1.23.8'
|
||||
|
||||
|
||||
runs:
|
||||
using: 'composite'
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Environment Setup
|
||||
# ========================================================================
|
||||
- name: Install system dependencies
|
||||
shell: bash
|
||||
run: |
|
||||
# Update package manager and install essential tools
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y \
|
||||
make \
|
||||
gcc \
|
||||
jq \
|
||||
ca-certificates \
|
||||
curl \
|
||||
gnupg
|
||||
|
||||
- name: Install kubectl and helm
|
||||
shell: bash
|
||||
run: |
|
||||
# Detect architecture
|
||||
ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
|
||||
|
||||
# Install kubectl
|
||||
echo "Installing kubectl for architecture: $ARCH"
|
||||
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${ARCH}/kubectl"
|
||||
chmod +x kubectl
|
||||
sudo mv kubectl /usr/local/bin/
|
||||
|
||||
# Install helm using the official script (more reliable)
|
||||
echo "Installing Helm using official script..."
|
||||
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
|
||||
chmod 700 get_helm.sh
|
||||
./get_helm.sh
|
||||
rm get_helm.sh
|
||||
|
||||
# Verify installations
|
||||
echo "Verifying installations..."
|
||||
kubectl version --client
|
||||
helm version
|
||||
|
||||
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
|
||||
with:
|
||||
go-version: ${{ inputs.go-version }}
|
||||
cache: true
|
||||
|
||||
- name: Download Go dependencies
|
||||
shell: bash
|
||||
run: |
|
||||
# Download and cache Go module dependencies
|
||||
go mod download
|
||||
go mod verify
|
||||
|
||||
- name: Install Ginkgo testing framework
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Installing Ginkgo testing framework..."
|
||||
go install github.com/onsi/ginkgo/v2/ginkgo@v2.14.0
|
||||
35
.github/actions/multicluster-test/README.md
vendored
Normal file
35
.github/actions/multicluster-test/README.md
vendored
Normal file
@@ -0,0 +1,35 @@
|
||||
# Kubevela K8s Upgrade Multicluster E2E Test Action
|
||||
|
||||
A comprehensive GitHub Actions composite action for running Kubevela Kubernetes upgrade multicluster end-to-end tests with automated coverage reporting and failure diagnostics.
|
||||
|
||||
## Usage
|
||||
|
||||
|
||||
```yaml
|
||||
name: Kubevela Multicluster E2E Tests
|
||||
on:
|
||||
push:
|
||||
branches: [main, develop]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
multicluster-e2e:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Run Multicluster E2E Tests
|
||||
uses: ./.github/actions/multicluster-test
|
||||
with:
|
||||
codecov-enable: 'true'
|
||||
codecov-token: ${{ secrets.CODECOV_TOKEN }}
|
||||
```
|
||||
|
||||
## Inputs
|
||||
|
||||
| Input | Description | Required | Default | Type |
|
||||
|-------|-------------|----------|---------|------|
|
||||
| `codecov-token` | Codecov token for uploading coverage reports | No | `''` | string |
|
||||
| `codecov-enable` | Enable codecov coverage upload | No | `'false'` | string |
|
||||
76
.github/actions/multicluster-test/action.yaml
vendored
Normal file
76
.github/actions/multicluster-test/action.yaml
vendored
Normal file
@@ -0,0 +1,76 @@
|
||||
name: 'Kubevela K8s Upgrade Multicluster E2E Test'
|
||||
description: 'Runs Kubevela Kubernetes upgrade multicluster end-to-end tests, uploads coverage, and collects diagnostics on failure.'
|
||||
author: 'viskumar_gwre'
|
||||
|
||||
inputs:
|
||||
codecov-token:
|
||||
description: 'Codecov token for uploading coverage reports'
|
||||
required: false
|
||||
default: ''
|
||||
codecov-enable:
|
||||
description: 'Enable codecov coverage upload'
|
||||
required: false
|
||||
default: 'false'
|
||||
|
||||
runs:
|
||||
using: 'composite'
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Environment Setup
|
||||
# ========================================================================
|
||||
- name: Configure environment setup
|
||||
uses: ./.github/actions/env-setup
|
||||
|
||||
# ========================================================================
|
||||
# E2E Test Execution
|
||||
# ========================================================================
|
||||
- name: Prepare e2e test environment
|
||||
shell: bash
|
||||
run: |
|
||||
# Build CLI tools and prepare test environment
|
||||
echo "Building KubeVela CLI..."
|
||||
make vela-cli
|
||||
|
||||
echo "Cleaning up previous test artifacts..."
|
||||
make e2e-cleanup
|
||||
|
||||
echo "Setting up core authentication for e2e tests..."
|
||||
make e2e-setup-core-auth
|
||||
|
||||
- name: Execute multicluster upgrade e2e tests
|
||||
shell: bash
|
||||
run: |
|
||||
# Add built CLI to PATH and run multicluster tests
|
||||
export PATH=$(pwd)/bin:$PATH
|
||||
|
||||
echo "Running e2e multicluster upgrade tests..."
|
||||
make e2e-multicluster-test
|
||||
|
||||
- name: Upload coverage report
|
||||
if: ${{ inputs.codecov-enable == 'true' }}
|
||||
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24
|
||||
with:
|
||||
token: ${{ inputs.codecov-token }}
|
||||
files: /tmp/e2e-profile.out,/tmp/e2e_multicluster_test.out
|
||||
flags: e2e-multicluster-test
|
||||
name: codecov-umbrella
|
||||
|
||||
# ========================================================================
|
||||
# Failure Diagnostics
|
||||
# ========================================================================
|
||||
- name: Collect failure diagnostics
|
||||
if: failure()
|
||||
shell: bash
|
||||
run: |
|
||||
echo "=== FAILURE DIAGNOSTICS ==="
|
||||
echo "Collecting diagnostic information for debugging..."
|
||||
|
||||
echo "--- Cluster Status ---"
|
||||
kubectl get nodes -o wide || true
|
||||
kubectl get pods -A || true
|
||||
|
||||
echo "--- KubeVela System Logs ---"
|
||||
kubectl logs -n vela-system -l app.kubernetes.io/name=vela-core --tail=100 || true
|
||||
|
||||
echo "--- Recent Events ---"
|
||||
kubectl get events -A --sort-by='.lastTimestamp' --field-selector type!=Normal || true
|
||||
78
.github/actions/setup-kind-cluster/README.md
vendored
Normal file
78
.github/actions/setup-kind-cluster/README.md
vendored
Normal file
@@ -0,0 +1,78 @@
|
||||
# Setup Kind Cluster Action
|
||||
|
||||
A GitHub Action that sets up a Kubernetes testing environment using Kind (Kubernetes in Docker) for E2E testing.
|
||||
|
||||
## Inputs
|
||||
|
||||
| Input | Description | Required | Default |
|
||||
|-------|-------------|----------|---------|
|
||||
| `k8s-version` | Kubernetes version for the kind cluster | No | `v1.31.9` |
|
||||
|
||||
## Quick Start
|
||||
|
||||
```yaml
|
||||
name: E2E Tests
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: '1.21'
|
||||
|
||||
- name: Setup Kind Cluster
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
with:
|
||||
k8s-version: 'v1.31.9'
|
||||
|
||||
- name: Run tests
|
||||
run: |
|
||||
kubectl cluster-info
|
||||
make test-e2e
|
||||
```
|
||||
|
||||
## What it does
|
||||
|
||||
1. **Installs Kind CLI** - Downloads Kind v0.29.0 using Go
|
||||
2. **Cleans up** - Removes any existing Kind clusters
|
||||
3. **Creates cluster** - Spins up Kubernetes v1.31.9 cluster
|
||||
4. **Sets up environment** - Configures KUBECONFIG for kubectl access
|
||||
5. **Loads images** - Builds and loads Docker images using `make image-load`
|
||||
|
||||
## File Structure
|
||||
|
||||
Save as `.github/actions/setup-kind-cluster/action.yaml`:
|
||||
|
||||
```yaml
|
||||
name: 'SetUp kind cluster'
|
||||
description: 'Sets up complete testing environment for Kubevela with Go, Kubernetes tools, and Ginkgo framework for E2E testing.'
|
||||
|
||||
inputs:
|
||||
k8s-version:
|
||||
description: 'Kubernetes version for the kind cluster'
|
||||
required: false
|
||||
default: 'v1.31.9'
|
||||
|
||||
runs:
|
||||
using: 'composite'
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Kind cluster Setup
|
||||
# ========================================================================
|
||||
- name: Setup KinD
|
||||
run: |
|
||||
go install sigs.k8s.io/kind@v0.29.0
|
||||
kind delete cluster || true
|
||||
kind create cluster --image=kindest/node:${{ inputs.k8s-version }}
|
||||
shell: bash
|
||||
|
||||
- name: Load image
|
||||
run: |
|
||||
mkdir -p $HOME/tmp/
|
||||
TMPDIR=$HOME/tmp/ make image-load
|
||||
shell: bash
|
||||
```
|
||||
36
.github/actions/setup-kind-cluster/action.yaml
vendored
Normal file
36
.github/actions/setup-kind-cluster/action.yaml
vendored
Normal file
@@ -0,0 +1,36 @@
|
||||
name: 'SetUp kind cluster'
|
||||
description: 'Sets up a KinD (Kubernetes in Docker) cluster with configurable Kubernetes version and optional cluster naming for testing and development workflows.'
|
||||
inputs:
|
||||
k8s-version:
|
||||
description: 'Kubernetes version for the kind cluster'
|
||||
required: false
|
||||
default: 'v1.31.9'
|
||||
name:
|
||||
description: 'Name of the kind cluster'
|
||||
required: false
|
||||
runs:
|
||||
using: 'composite'
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Kind cluster Setup
|
||||
# ========================================================================
|
||||
- name: Setup KinD
|
||||
run: |
|
||||
go install sigs.k8s.io/kind@v0.29.0
|
||||
if [ -n "${{ inputs.name }}" ]; then
|
||||
kind delete cluster --name="${{ inputs.name }}" || true
|
||||
kind create cluster --name="${{ inputs.name }}" --image=kindest/node:${{ inputs.k8s-version }}
|
||||
kind export kubeconfig --internal --name="${{ inputs.name }}" --kubeconfig /tmp/${{ inputs.name }}.kubeconfig
|
||||
else
|
||||
kind delete cluster || true
|
||||
kind create cluster --image=kindest/node:${{ inputs.k8s-version }}
|
||||
fi
|
||||
shell: bash
|
||||
|
||||
- name: Load image
|
||||
run: |
|
||||
if [ -z "${{ inputs.name }}" ]; then
|
||||
mkdir -p $HOME/tmp/
|
||||
TMPDIR=$HOME/tmp/ make image-load
|
||||
fi
|
||||
shell: bash
|
||||
34
.github/actions/unit-test/README.md
vendored
Normal file
34
.github/actions/unit-test/README.md
vendored
Normal file
@@ -0,0 +1,34 @@
|
||||
# Kubevela K8s Upgrade Unit Test Action
|
||||
|
||||
A comprehensive GitHub composite action for running KubeVela Kubernetes upgrade unit tests with coverage reporting and failure diagnostics.
|
||||
|
||||
## Inputs
|
||||
|
||||
| Input | Description | Required | Default |
|
||||
|-------|-------------|----------|---------|
|
||||
| `codecov-token` | Codecov token for uploading coverage reports | ❌ | `''` |
|
||||
| `codecov-enable` | Enable Codecov coverage upload (`'true'` or `'false'`) | ❌ | `'false'` |
|
||||
| `go-version` | Go version to use for testing | ❌ | `'1.23.8'` |
|
||||
|
||||
## Quick Start
|
||||
|
||||
### Basic Usage
|
||||
|
||||
```yaml
|
||||
name: Unit Tests with Coverage
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Run KubeVela Unit Tests
|
||||
uses: viskumar_gwre/kubevela-k8s-upgrade-unit-test-action@v1
|
||||
with:
|
||||
codecov-enable: 'true'
|
||||
codecov-token: ${{ secrets.CODECOV_TOKEN }}
|
||||
go-version: '1.23.8'
|
||||
```
|
||||
67
.github/actions/unit-test/action.yaml
vendored
Normal file
67
.github/actions/unit-test/action.yaml
vendored
Normal file
@@ -0,0 +1,67 @@
|
||||
name: 'Kubevela K8s Upgrade Unit Test'
|
||||
description: 'Runs Kubevela K8s upgrade unit tests, uploads coverage, and collects diagnostics on failure.'
|
||||
|
||||
inputs:
|
||||
codecov-token:
|
||||
description: 'Codecov token for uploading coverage reports'
|
||||
required: false
|
||||
default: ''
|
||||
codecov-enable:
|
||||
description: 'Enable codecov coverage upload'
|
||||
required: false
|
||||
default: 'false'
|
||||
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Environment Setup
|
||||
# ========================================================================
|
||||
- name: Configure environment setup
|
||||
uses: ./.github/actions/env-setup
|
||||
|
||||
# ========================================================================
|
||||
# Unit Test Execution
|
||||
# ========================================================================
|
||||
- name: Run unit tests
|
||||
shell: bash
|
||||
run: |
|
||||
echo "Running unit tests..."
|
||||
make test
|
||||
|
||||
- name: Upload coverage report
|
||||
if: ${{ inputs.codecov-enable == 'true' }}
|
||||
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24
|
||||
with:
|
||||
token: ${{ inputs.codecov-token }}
|
||||
files: ./coverage.txt
|
||||
flags: core-unittests
|
||||
name: codecov-umbrella
|
||||
fail_ci_if_error: false
|
||||
|
||||
# ========================================================================
|
||||
# Failure Diagnostics
|
||||
# ========================================================================
|
||||
- name: Collect failure diagnostics
|
||||
if: failure()
|
||||
shell: bash
|
||||
run: |
|
||||
echo "=== FAILURE DIAGNOSTICS ==="
|
||||
echo "Collecting diagnostic information for debugging..."
|
||||
|
||||
echo "--- Go Environment ---"
|
||||
go version || true
|
||||
go env || true
|
||||
|
||||
echo "--- Cluster Status ---"
|
||||
kubectl get nodes -o wide || true
|
||||
kubectl get pods -A || true
|
||||
|
||||
echo "--- KubeVela System Logs ---"
|
||||
kubectl logs -n vela-system -l app.kubernetes.io/name=vela-core --tail=100 || true
|
||||
|
||||
echo "--- Recent Events ---"
|
||||
kubectl get events -A --sort-by='.lastTimestamp' --field-selector type!=Normal || true
|
||||
|
||||
echo "--- Test Artifacts ---"
|
||||
find . -name "*.log" -o -name "*test*.xml" -o -name "coverage.*" | head -20 || true
|
||||
4
.github/workflows/back-port.yml
vendored
4
.github/workflows/back-port.yml
vendored
@@ -17,12 +17,12 @@ jobs:
|
||||
pull-requests: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Open Backport PR
|
||||
uses: zeebe-io/backport-action@08bafb375e6e9a9a2b53a744b987e5d81a133191
|
||||
uses: zeebe-io/backport-action@0193454f0c5947491d348f33a275c119f30eb736
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
github_workspace: ${{ github.workspace }}
|
||||
|
||||
6
.github/workflows/chart.yml
vendored
6
.github/workflows/chart.yml
vendored
@@ -17,7 +17,7 @@ jobs:
|
||||
HELM_CHART_NAME: vela-core
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
- name: Get git revision
|
||||
id: vars
|
||||
shell: bash
|
||||
@@ -28,7 +28,7 @@ jobs:
|
||||
with:
|
||||
version: v3.4.0
|
||||
- name: Setup node
|
||||
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
|
||||
with:
|
||||
node-version: '14'
|
||||
- name: Generate helm doc
|
||||
@@ -47,7 +47,7 @@ jobs:
|
||||
chart_smever=${chart_version#"v"}
|
||||
sed -i "s/0.1.0/$chart_smever/g" $HELM_CHART/Chart.yaml
|
||||
|
||||
- uses: jnwng/github-app-installation-token-action@v2
|
||||
- uses: jnwng/github-app-installation-token-action@c54add4c02866dc41e106745ac6dcf5cdd6339e5 # v2
|
||||
id: get_app_token
|
||||
with:
|
||||
appId: 340472
|
||||
|
||||
6
.github/workflows/codeql-analysis.yml
vendored
6
.github/workflows/codeql-analysis.yml
vendored
@@ -26,12 +26,12 @@ jobs:
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
|
||||
uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
|
||||
uses: github/codeql-action/autobuild@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
|
||||
uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
|
||||
|
||||
2
.github/workflows/commit-lint.yml
vendored
2
.github/workflows/commit-lint.yml
vendored
@@ -15,7 +15,7 @@ jobs:
|
||||
check:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- uses: thehanimo/pr-title-checker@v1.4.1
|
||||
- uses: thehanimo/pr-title-checker@5652588c80c479af803eabfbdb5a3895a77c1388 # v1.4.1
|
||||
with:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
pass_on_octokit_error: true
|
||||
|
||||
6
.github/workflows/core-api-test.yml
vendored
6
.github/workflows/core-api-test.yml
vendored
@@ -16,10 +16,10 @@ jobs:
|
||||
core-api-test:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Set up Go 1.19
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
- name: Set up Go 1.23.8
|
||||
uses: actions/setup-go@v5
|
||||
env:
|
||||
GO_VERSION: '1.19'
|
||||
GO_VERSION: '1.23.8'
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
id: go
|
||||
|
||||
12
.github/workflows/definition-lint.yml
vendored
12
.github/workflows/definition-lint.yml
vendored
@@ -16,26 +16,26 @@ permissions:
|
||||
|
||||
env:
|
||||
# Common versions
|
||||
GO_VERSION: '1.19'
|
||||
GO_VERSION: '1.23.8'
|
||||
|
||||
jobs:
|
||||
definition-doc:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
with:
|
||||
submodules: true
|
||||
|
||||
- name: Setup KinD
|
||||
run: |
|
||||
go install sigs.k8s.io/kind@v0.19.0
|
||||
kind create cluster
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
with:
|
||||
name: linter
|
||||
|
||||
- name: Definition Doc generate check
|
||||
run: |
|
||||
|
||||
78
.github/workflows/e2e-multicluster-test.yml
vendored
78
.github/workflows/e2e-multicluster-test.yml
vendored
@@ -18,7 +18,7 @@ permissions:
|
||||
|
||||
env:
|
||||
# Common versions
|
||||
GO_VERSION: '1.19'
|
||||
GO_VERSION: '1.23.8'
|
||||
|
||||
jobs:
|
||||
|
||||
@@ -39,75 +39,45 @@ jobs:
|
||||
continue-on-error: true
|
||||
|
||||
e2e-multi-cluster-tests:
|
||||
runs-on: self-hosted
|
||||
runs-on: ubuntu-22.04
|
||||
needs: [ detect-noop ]
|
||||
if: needs.detect-noop.outputs.noop != 'true'
|
||||
strategy:
|
||||
matrix:
|
||||
k8s-version: ["v1.26"]
|
||||
k8s-version: ["v1.31.9"]
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
|
||||
cancel-in-progress: true
|
||||
|
||||
steps:
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
|
||||
- name: Install tools
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get install make gcc jq ca-certificates curl gnupg -y
|
||||
sudo snap install kubectl --classic
|
||||
sudo snap install helm --classic
|
||||
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
- name: Setup worker cluster kinD
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
name: worker
|
||||
k8s-version: ${{ matrix.k8s-version }}
|
||||
|
||||
- name: Get dependencies
|
||||
run: |
|
||||
go get -v -t -d ./...
|
||||
|
||||
- name: Setup KinD
|
||||
run: |
|
||||
go install sigs.k8s.io/kind@v0.19.0
|
||||
kind delete cluster --name worker || true
|
||||
kind create cluster --name worker --image=kindest/node:v1.26.4
|
||||
kind export kubeconfig --internal --name worker --kubeconfig /tmp/worker.kubeconfig
|
||||
kind delete cluster || true
|
||||
kind create cluster --image=kindest/node:v1.26.4
|
||||
|
||||
- name: Load image
|
||||
run: |
|
||||
mkdir -p $HOME/tmp/
|
||||
TMPDIR=$HOME/tmp/ make image-load
|
||||
|
||||
- name: Cleanup for e2e tests
|
||||
run: |
|
||||
make vela-cli
|
||||
make e2e-cleanup
|
||||
make e2e-setup-core-auth
|
||||
|
||||
- name: Run e2e multicluster tests
|
||||
run: |
|
||||
export PATH=$(pwd)/bin:$PATH
|
||||
make e2e-multicluster-test
|
||||
|
||||
- name: Stop kubevela, get profile
|
||||
run: |
|
||||
make end-e2e-core-shards
|
||||
|
||||
- name: Upload coverage report
|
||||
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
|
||||
- name: Setup master cluster kinD
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
with:
|
||||
token: ${{ secrets.CODECOV_TOKEN }}
|
||||
files: /tmp/e2e-profile.out,/tmp/e2e_multicluster_test.out
|
||||
flags: e2e-multicluster-test
|
||||
name: codecov-umbrella
|
||||
k8s-version: ${{ matrix.k8s-version }}
|
||||
|
||||
- name: Run upgrade multicluster tests
|
||||
uses: ./.github/actions/multicluster-test
|
||||
with:
|
||||
codecov-enable: true
|
||||
codecov-token: ${{ secrets.CODECOV_TOKEN }}
|
||||
|
||||
- name: Clean e2e profile
|
||||
run: rm /tmp/e2e-profile.out
|
||||
run: |
|
||||
if [ -f /tmp/e2e-profile.out ]; then
|
||||
rm /tmp/e2e-profile.out
|
||||
echo "E2E profile cleaned"
|
||||
else
|
||||
echo "E2E profile not found, skipping cleanup"
|
||||
fi
|
||||
|
||||
- name: Cleanup image
|
||||
if: ${{ always() }}
|
||||
|
||||
82
.github/workflows/e2e-test.yml
vendored
82
.github/workflows/e2e-test.yml
vendored
@@ -18,7 +18,7 @@ permissions:
|
||||
|
||||
env:
|
||||
# Common versions
|
||||
GO_VERSION: '1.22'
|
||||
GO_VERSION: '1.23.8'
|
||||
|
||||
jobs:
|
||||
|
||||
@@ -39,84 +39,40 @@ jobs:
|
||||
continue-on-error: true
|
||||
|
||||
e2e-tests:
|
||||
runs-on: self-hosted
|
||||
runs-on: ubuntu-22.04
|
||||
needs: [ detect-noop ]
|
||||
if: needs.detect-noop.outputs.noop != 'true'
|
||||
strategy:
|
||||
matrix:
|
||||
k8s-version: ["v1.26"]
|
||||
k8s-version: ["v1.31"]
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
|
||||
cancel-in-progress: true
|
||||
|
||||
steps:
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
|
||||
- name: Install tools
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get install make gcc jq ca-certificates curl gnupg -y
|
||||
sudo snap install kubectl --classic
|
||||
sudo snap install helm --classic
|
||||
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Get dependencies
|
||||
run: |
|
||||
go get -v -t -d ./...
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
|
||||
- name: Setup KinD
|
||||
run: |
|
||||
go install sigs.k8s.io/kind@v0.19.0
|
||||
kind delete cluster || true
|
||||
kind create cluster
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
|
||||
- name: Get Ginkgo
|
||||
run: |
|
||||
go install github.com/onsi/ginkgo/v2/ginkgo@v2.10.0
|
||||
go get github.com/onsi/gomega@v1.34.2
|
||||
go mod tidy
|
||||
|
||||
- name: Load image
|
||||
run: |
|
||||
mkdir -p $HOME/tmp/
|
||||
TMPDIR=$HOME/tmp/ make image-load
|
||||
|
||||
- name: Run Make
|
||||
run: make
|
||||
|
||||
- name: Prepare for e2e tests
|
||||
run: |
|
||||
make e2e-cleanup
|
||||
make e2e-setup-core
|
||||
helm test -n vela-system kubevela --timeout 5m
|
||||
|
||||
- name: Run api e2e tests
|
||||
run: make e2e-api-test
|
||||
|
||||
- name: Run addons e2e tests
|
||||
run: make e2e-addon-test
|
||||
|
||||
- name: Run e2e tests
|
||||
run: make e2e-test
|
||||
|
||||
- name: Stop kubevela, get profile
|
||||
run: make end-e2e
|
||||
|
||||
- name: Upload coverage report
|
||||
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
|
||||
# ========================================================================
|
||||
# E2E Test Execution
|
||||
# ========================================================================
|
||||
- name: Run upgrade e2e tests
|
||||
uses: ./.github/actions/e2e-test
|
||||
with:
|
||||
token: ${{ secrets.CODECOV_TOKEN }}
|
||||
files: /tmp/e2e-profile.out
|
||||
flags: e2etests
|
||||
name: codecov-umbrella
|
||||
codecov-enable: true
|
||||
codecov-token: ${{ secrets.CODECOV_TOKEN }}
|
||||
|
||||
- name: Clean e2e profile
|
||||
run: rm /tmp/e2e-profile.out
|
||||
run: |
|
||||
if [ -f /tmp/e2e-profile.out ]; then
|
||||
rm /tmp/e2e-profile.out
|
||||
echo "E2E profile cleaned"
|
||||
else
|
||||
echo "E2E profile not found, skipping cleanup"
|
||||
fi
|
||||
|
||||
- name: Cleanup image
|
||||
if: ${{ always() }}
|
||||
|
||||
77
.github/workflows/go.yml
vendored
77
.github/workflows/go.yml
vendored
@@ -11,16 +11,15 @@ on:
|
||||
- master
|
||||
- release-*
|
||||
|
||||
permissions: # added using https://github.com/step-security/secure-workflows
|
||||
permissions: # added using https://github.com/step-security/secure-workflows
|
||||
contents: read
|
||||
|
||||
env:
|
||||
# Common versions
|
||||
GO_VERSION: '1.19'
|
||||
GOLANGCI_VERSION: 'v1.49'
|
||||
GO_VERSION: "1.23.8"
|
||||
GOLANGCI_VERSION: "v1.60.1"
|
||||
|
||||
jobs:
|
||||
|
||||
detect-noop:
|
||||
runs-on: ubuntu-22.04
|
||||
outputs:
|
||||
@@ -44,12 +43,12 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
with:
|
||||
submodules: true
|
||||
|
||||
@@ -64,17 +63,17 @@ jobs:
|
||||
needs: detect-noop
|
||||
if: needs.detect-noop.outputs.noop != 'true'
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
|
||||
contents: read # for actions/checkout to fetch code
|
||||
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
|
||||
|
||||
steps:
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
with:
|
||||
submodules: true
|
||||
|
||||
@@ -83,7 +82,7 @@ jobs:
|
||||
# version, but we prefer this action because it leaves 'annotations' (i.e.
|
||||
# it comments on PRs to point out linter violations).
|
||||
- name: Lint
|
||||
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
|
||||
uses: golangci/golangci-lint-action@v6
|
||||
with:
|
||||
version: ${{ env.GOLANGCI_VERSION }}
|
||||
|
||||
@@ -94,32 +93,20 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
with:
|
||||
submodules: true
|
||||
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Setup Env
|
||||
uses: ./.github/actions/env-setup
|
||||
|
||||
- name: Setup node
|
||||
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65
|
||||
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
|
||||
with:
|
||||
node-version: '14'
|
||||
node-version: "14"
|
||||
|
||||
- name: Cache Go Dependencies
|
||||
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84
|
||||
with:
|
||||
path: .work/pkg
|
||||
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
|
||||
restore-keys: ${{ runner.os }}-pkg-
|
||||
|
||||
- name: Setup KinD
|
||||
run: |
|
||||
go install sigs.k8s.io/kind@v0.19.0
|
||||
kind delete cluster --name kind || true
|
||||
kind create cluster --name kind --image=kindest/node:v1.26.4 --kubeconfig ~/.kube/config
|
||||
- name: Setup kinD
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
|
||||
- name: Run cross-build
|
||||
run: make cross-build
|
||||
@@ -128,7 +115,7 @@ jobs:
|
||||
run: |
|
||||
export PATH=$(pwd)/bin/:$PATH
|
||||
make check-diff
|
||||
|
||||
|
||||
- name: Cleanup binary
|
||||
run: make build-cleanup
|
||||
|
||||
@@ -139,17 +126,17 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
with:
|
||||
submodules: true
|
||||
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Cache Go Dependencies
|
||||
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: .work/pkg
|
||||
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
|
||||
@@ -170,15 +157,15 @@ jobs:
|
||||
if: needs.detect-noop.outputs.noop != 'true'
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
with:
|
||||
submodules: true
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
|
||||
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
|
||||
- name: Build Test for vela core
|
||||
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
|
||||
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
|
||||
with:
|
||||
context: .
|
||||
file: Dockerfile
|
||||
@@ -190,15 +177,15 @@ jobs:
|
||||
if: needs.detect-noop.outputs.noop != 'true'
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
with:
|
||||
submodules: true
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
|
||||
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
- name: Build Test for CLI
|
||||
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
|
||||
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
|
||||
- name: Build Test for CLI
|
||||
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
|
||||
with:
|
||||
context: .
|
||||
file: Dockerfile.cli
|
||||
file: Dockerfile.cli
|
||||
16
.github/workflows/issue-commands.yml
vendored
16
.github/workflows/issue-commands.yml
vendored
@@ -23,17 +23,17 @@ jobs:
|
||||
path: ./actions
|
||||
ref: v0.4.2
|
||||
- name: Setup Node.js
|
||||
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65
|
||||
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
|
||||
with:
|
||||
node-version: '14'
|
||||
cache: 'npm'
|
||||
node-version: "14"
|
||||
cache: "npm"
|
||||
cache-dependency-path: ./actions/package-lock.json
|
||||
- name: Install Dependencies
|
||||
run: npm ci --production --prefix ./actions
|
||||
- name: Run Commands
|
||||
uses: ./actions/commands
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
token: ${{ secrets.GH_KUBEVELA_COMMAND_WORKFLOW }}
|
||||
configPath: issue-commands
|
||||
|
||||
backport:
|
||||
@@ -48,14 +48,14 @@ jobs:
|
||||
id: command
|
||||
uses: xt0rted/slash-command-action@bf51f8f5f4ea3d58abc7eca58f77104182b23e88
|
||||
with:
|
||||
repo-token: ${{ secrets.VELA_BOT_TOKEN }}
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
command: backport
|
||||
reaction: "true"
|
||||
reaction-type: "eyes"
|
||||
allow-edits: "false"
|
||||
permission-level: read
|
||||
- name: Handle Command
|
||||
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
|
||||
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
|
||||
env:
|
||||
VERSION: ${{ steps.command.outputs.command-arguments }}
|
||||
with:
|
||||
@@ -80,7 +80,7 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Open Backport PR
|
||||
uses: zeebe-io/backport-action@08bafb375e6e9a9a2b53a744b987e5d81a133191
|
||||
uses: zeebe-io/backport-action@0193454f0c5947491d348f33a275c119f30eb736
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
github_workspace: ${{ github.workspace }}
|
||||
@@ -94,7 +94,7 @@ jobs:
|
||||
issues: write
|
||||
steps:
|
||||
- name: Retest the current pull request
|
||||
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
|
||||
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
|
||||
env:
|
||||
PULL_REQUEST_ID: ${{ github.event.issue.number }}
|
||||
COMMENT_ID: ${{ github.event.comment.id }}
|
||||
|
||||
2
.github/workflows/license.yml
vendored
2
.github/workflows/license.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
- name: Set up Ruby
|
||||
uses: ruby/setup-ruby@v1
|
||||
uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
|
||||
with:
|
||||
ruby-version: 2.6
|
||||
- name: Install dependencies
|
||||
|
||||
198
.github/workflows/registry.yml
vendored
198
.github/workflows/registry.yml
vendored
@@ -1,23 +1,45 @@
|
||||
name: Registry
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
tags:
|
||||
- "v*"
|
||||
- 'v*'
|
||||
workflow_dispatch: {}
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
publish-core-images:
|
||||
publish-vela-images:
|
||||
name: Build and Push Vela Images
|
||||
permissions:
|
||||
packages: write
|
||||
id-token: write
|
||||
attestations: write
|
||||
contents: write
|
||||
runs-on: ubuntu-22.04
|
||||
outputs:
|
||||
vela_core_image: ${{ steps.meta-vela-core.outputs.image }}
|
||||
vela_core_digest: ${{ steps.meta-vela-core.outputs.digest }}
|
||||
vela_core_dockerhub_image: ${{ steps.meta-vela-core.outputs.dockerhub_image }}
|
||||
vela_cli_image: ${{ steps.meta-vela-cli.outputs.image }}
|
||||
vela_cli_digest: ${{ steps.meta-vela-cli.outputs.digest }}
|
||||
vela_cli_dockerhub_image: ${{ steps.meta-vela-cli.outputs.dockerhub_image }}
|
||||
steps:
|
||||
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
- name: Get the version
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.1
|
||||
|
||||
- name: Install Crane
|
||||
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # v0.1
|
||||
|
||||
- name: Install Cosign
|
||||
uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # main
|
||||
with:
|
||||
cosign-release: 'v2.5.0'
|
||||
|
||||
- name: Get the image version
|
||||
id: get_version
|
||||
run: |
|
||||
VERSION=${GITHUB_REF#refs/tags/}
|
||||
@@ -25,34 +47,41 @@ jobs:
|
||||
VERSION=latest
|
||||
fi
|
||||
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Get git revision
|
||||
id: vars
|
||||
shell: bash
|
||||
run: |
|
||||
echo "git_revision=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
||||
- name: Login ghcr.io
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
|
||||
- name: Login to GHCR
|
||||
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Login docker.io
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
|
||||
with:
|
||||
registry: docker.io
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
|
||||
- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
|
||||
- name: Setup QEMU
|
||||
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
|
||||
|
||||
- name: Setup Docker Buildx
|
||||
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
|
||||
with:
|
||||
driver-opts: image=moby/buildkit:master
|
||||
|
||||
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
|
||||
name: Build & Pushing vela-core for Dockerhub, GHCR
|
||||
- name: Build & Push Vela Core for Dockerhub, GHCR
|
||||
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
|
||||
with:
|
||||
context: .
|
||||
file: Dockerfile
|
||||
labels: |-
|
||||
labels: |
|
||||
org.opencontainers.image.source=https://github.com/${{ github.repository }}
|
||||
org.opencontainers.image.revision=${{ github.sha }}
|
||||
platforms: linux/amd64,linux/arm64
|
||||
@@ -61,16 +90,55 @@ jobs:
|
||||
GITVERSION=git-${{ steps.vars.outputs.git_revision }}
|
||||
VERSION=${{ steps.get_version.outputs.VERSION }}
|
||||
GOPROXY=https://proxy.golang.org
|
||||
tags: |-
|
||||
tags: |
|
||||
docker.io/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
|
||||
ghcr.io/${{ github.repository_owner }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
|
||||
|
||||
- uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
|
||||
name: Build & Pushing CLI for Dockerhub, GHCR
|
||||
- name: Get Vela Core Image Digest
|
||||
id: meta-vela-core
|
||||
run: |
|
||||
GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/oamdev/vela-core
|
||||
DOCKER_IMAGE=docker.io/oamdev/vela-core
|
||||
TAG=${{ steps.get_version.outputs.VERSION }}
|
||||
|
||||
DIGEST=$(crane digest $GHCR_IMAGE:$TAG)
|
||||
|
||||
echo "image=$GHCR_IMAGE" >> $GITHUB_OUTPUT
|
||||
echo "dockerhub_image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
|
||||
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Generate SBOM for Vela Core Image
|
||||
id: generate_vela_core_sbom
|
||||
uses: anchore/sbom-action@v0.17.0
|
||||
with:
|
||||
image: ghcr.io/${{ github.repository_owner }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
|
||||
registry-username: ${{ github.actor }}
|
||||
registry-password: ${{ secrets.GITHUB_TOKEN }}
|
||||
format: spdx-json
|
||||
artifact-name: sbom-vela-core.spdx.json
|
||||
output-file: ${{ github.workspace }}/sbom-vela-core.spdx.json
|
||||
|
||||
- name: Sign Vela Core Image and Attest SBOM
|
||||
env:
|
||||
COSIGN_EXPERIMENTAL: 'true'
|
||||
run: |
|
||||
echo "signing vela core images..."
|
||||
cosign sign --yes ghcr.io/${{ github.repository_owner }}/oamdev/vela-core@${{ steps.meta-vela-core.outputs.digest }}
|
||||
cosign sign --yes docker.io/oamdev/vela-core@${{ steps.meta-vela-core.outputs.digest }}
|
||||
|
||||
echo "attesting SBOM against the vela core image..."
|
||||
cosign attest --yes --predicate ${{ github.workspace }}/sbom-vela-core.spdx.json --type spdx \
|
||||
ghcr.io/${{ github.repository_owner }}/oamdev/vela-core@${{ steps.meta-vela-core.outputs.digest }}
|
||||
|
||||
cosign attest --yes --predicate ${{ github.workspace }}/sbom-vela-core.spdx.json --type spdx \
|
||||
docker.io/oamdev/vela-core@${{ steps.meta-vela-core.outputs.digest }}
|
||||
|
||||
- name: Build & Push Vela CLI for Dockerhub, GHCR
|
||||
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
|
||||
with:
|
||||
context: .
|
||||
file: Dockerfile.cli
|
||||
labels: |-
|
||||
labels: |
|
||||
org.opencontainers.image.source=https://github.com/${{ github.repository }}
|
||||
org.opencontainers.image.revision=${{ github.sha }}
|
||||
platforms: linux/amd64,linux/arm64
|
||||
@@ -79,6 +147,100 @@ jobs:
|
||||
GITVERSION=git-${{ steps.vars.outputs.git_revision }}
|
||||
VERSION=${{ steps.get_version.outputs.VERSION }}
|
||||
GOPROXY=https://proxy.golang.org
|
||||
tags: |-
|
||||
tags: |
|
||||
docker.io/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
|
||||
ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
|
||||
|
||||
- name: Get Vela CLI Image Digest
|
||||
id: meta-vela-cli
|
||||
run: |
|
||||
GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli
|
||||
DOCKER_IMAGE=docker.io/oamdev/vela-cli
|
||||
TAG=${{ steps.get_version.outputs.VERSION }}
|
||||
|
||||
DIGEST=$(crane digest $GHCR_IMAGE:$TAG)
|
||||
|
||||
echo "image=$GHCR_IMAGE" >> $GITHUB_OUTPUT
|
||||
echo "dockerhub_image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
|
||||
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Generate SBOM for Vela CLI Image
|
||||
id: generate_sbom
|
||||
uses: anchore/sbom-action@v0.17.0
|
||||
with:
|
||||
image: ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
|
||||
registry-username: ${{ github.actor }}
|
||||
registry-password: ${{ secrets.GITHUB_TOKEN }}
|
||||
format: spdx-json
|
||||
artifact-name: sbom-vela-cli.spdx.json
|
||||
output-file: ${{ github.workspace }}/sbom-vela-cli.spdx.json
|
||||
|
||||
- name: Sign Vela CLI Image and Attest SBOM
|
||||
env:
|
||||
COSIGN_EXPERIMENTAL: 'true'
|
||||
run: |
|
||||
echo "signing vela CLI images..."
|
||||
cosign sign --yes ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli@${{ steps.meta-vela-cli.outputs.digest }}
|
||||
cosign sign --yes docker.io/oamdev/vela-cli@${{ steps.meta-vela-cli.outputs.digest }}
|
||||
|
||||
echo "attesting SBOM against the vela cli image..."
|
||||
cosign attest --yes --predicate ${{ github.workspace }}/sbom-vela-cli.spdx.json --type spdx \
|
||||
ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli@${{ steps.meta-vela-cli.outputs.digest }}
|
||||
|
||||
cosign attest --yes --predicate ${{ github.workspace }}/sbom-vela-cli.spdx.json --type spdx \
|
||||
docker.io/oamdev/vela-cli@${{ steps.meta-vela-cli.outputs.digest }}
|
||||
|
||||
- name: Publish SBOMs as release artifacts
|
||||
uses: anchore/sbom-action/publish-sbom@v0.17.0
|
||||
|
||||
provenance-ghcr:
|
||||
name: Generate and Push Provenance to GCHR
|
||||
needs: publish-vela-images
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- name: 'Vela Core Image'
|
||||
image: ${{ needs.publish-vela-images.outputs.vela_core_image }}
|
||||
digest: ${{ needs.publish-vela-images.outputs.vela_core_digest }}
|
||||
- name: 'Vela CLI Image'
|
||||
image: ${{ needs.publish-vela-images.outputs.vela_cli_image }}
|
||||
digest: ${{ needs.publish-vela-images.outputs.vela_cli_digest }}
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: write
|
||||
actions: read
|
||||
packages: write
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0 # has to be sem var
|
||||
with:
|
||||
image: ${{ matrix.image }}
|
||||
digest: ${{ matrix.digest }}
|
||||
registry-username: ${{ github.actor }}
|
||||
secrets:
|
||||
registry-password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
provenance-dockerhub:
|
||||
name: Generate and Push Provenance to DockerHub
|
||||
needs: publish-vela-images
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- name: 'Vela Core Image'
|
||||
image: ${{ needs.publish-vela-images.outputs.vela_core_dockerhub_image }}
|
||||
digest: ${{ needs.publish-vela-images.outputs.vela_core_digest }}
|
||||
- name: 'Vela CLI Image'
|
||||
image: ${{ needs.publish-vela-images.outputs.vela_cli_dockerhub_image }}
|
||||
digest: ${{ needs.publish-vela-images.outputs.vela_cli_digest }}
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: write
|
||||
packages: write
|
||||
actions: read
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
|
||||
with:
|
||||
image: ${{ matrix.image }}
|
||||
digest: ${{ matrix.digest }}
|
||||
secrets:
|
||||
registry-username: ${{ secrets.DOCKER_USERNAME }}
|
||||
registry-password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
89
.github/workflows/release.yml
vendored
89
.github/workflows/release.yml
vendored
@@ -4,13 +4,15 @@ on:
|
||||
push:
|
||||
tags:
|
||||
- "v*"
|
||||
workflow_dispatch: { }
|
||||
workflow_dispatch: {}
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
goreleaser:
|
||||
name: goreleaser
|
||||
runs-on: ubuntu-22.04
|
||||
permissions:
|
||||
contents: write
|
||||
actions: read
|
||||
@@ -20,27 +22,83 @@ jobs:
|
||||
pull-requests: read
|
||||
repository-projects: read
|
||||
statuses: read
|
||||
runs-on: ubuntu-22.04
|
||||
name: goreleaser
|
||||
id-token: write
|
||||
outputs:
|
||||
hashes: ${{ steps.hash.outputs.hashes }}
|
||||
steps:
|
||||
- name: Check disk (before)
|
||||
run: |
|
||||
df -h
|
||||
sudo du -sh /usr/local/lib/android /usr/share/dotnet /opt/ghc || true
|
||||
|
||||
- name: Free Disk Space (Ubuntu)
|
||||
uses: insightsengineering/disk-space-reclaimer@v1
|
||||
with:
|
||||
# this might remove tools that are actually needed,
|
||||
# if set to "true" but frees about 6 GB
|
||||
tools-cache: false
|
||||
# all of these default to true, but feel free to set to
|
||||
# "false" if necessary for your workflow
|
||||
android: true
|
||||
dotnet: true
|
||||
haskell: true
|
||||
large-packages: true
|
||||
swap-storage: true
|
||||
docker-images: true
|
||||
|
||||
# Extra prune in case your job builds/pulls images
|
||||
- name: Deep Docker prune
|
||||
run: |
|
||||
docker system prune -af || true
|
||||
docker builder prune -af || true
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- run: git fetch --force --tags
|
||||
|
||||
- name: Get Git tags
|
||||
run: git fetch --force --tags
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
with:
|
||||
go-version: 1.19
|
||||
go-version: 1.23.8
|
||||
cache: true
|
||||
- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
|
||||
|
||||
- name: Install Cosign
|
||||
uses: sigstore/cosign-installer@main
|
||||
with:
|
||||
cosign-release: "v2.5.0"
|
||||
|
||||
- name: Install syft
|
||||
uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
|
||||
|
||||
- name: Run GoReleaser
|
||||
uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
|
||||
with:
|
||||
distribution: goreleaser
|
||||
version: 1.14.1
|
||||
args: release --rm-dist --timeout 60m
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Generate hashes
|
||||
id: hash
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
run: |
|
||||
set -euo pipefail
|
||||
HASHES=$(find dist -type f -exec sha256sum {} \; | base64 -w0)
|
||||
echo "hashes=$HASHES" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Check disk (after)
|
||||
run: df -h
|
||||
|
||||
upload-plugin-homebrew:
|
||||
name: upload-sha256sums
|
||||
needs: goreleaser
|
||||
runs-on: ubuntu-22.04
|
||||
if: ${{ !contains(github.ref, 'alpha') && !contains(github.ref, 'beta') && !contains(github.ref, 'rc') }}
|
||||
permissions:
|
||||
contents: write
|
||||
actions: read
|
||||
@@ -50,10 +108,6 @@ jobs:
|
||||
pull-requests: read
|
||||
repository-projects: read
|
||||
statuses: read
|
||||
needs: build
|
||||
runs-on: ubuntu-22.04
|
||||
if: ${{ !contains(github.ref, 'alpha') && !contains(github.ref, 'beta') && !contains(github.ref, 'rc') }}
|
||||
name: upload-sha256sums
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
@@ -67,3 +121,16 @@ jobs:
|
||||
tag: ${{ github.ref }}
|
||||
revision: ${{ github.sha }}
|
||||
force: false
|
||||
|
||||
provenance-vela-bins:
|
||||
name: generate provenance for binaries
|
||||
needs: [goreleaser]
|
||||
if: startsWith(github.ref, 'refs/tags/')
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: write
|
||||
actions: read
|
||||
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0 # has to be sem var
|
||||
with:
|
||||
base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
|
||||
upload-assets: true
|
||||
|
||||
6
.github/workflows/scorecards.yml
vendored
6
.github/workflows/scorecards.yml
vendored
@@ -28,7 +28,7 @@ jobs:
|
||||
persist-credentials: false
|
||||
|
||||
- name: "Run analysis"
|
||||
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # tag=v2.3.1
|
||||
uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # tag=v2.4.1
|
||||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
@@ -47,7 +47,7 @@ jobs:
|
||||
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
|
||||
# format to the repository Actions tab.
|
||||
- name: "Upload artifact"
|
||||
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
|
||||
uses: actions/upload-artifact@134dcf33c0b9454c4b17a936843d7e21dccdc335 # v4.3.6
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
@@ -55,6 +55,6 @@ jobs:
|
||||
|
||||
# Upload the results to GitHub's code scanning dashboard.
|
||||
- name: "Upload to code-scanning"
|
||||
uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
|
||||
uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
||||
18
.github/workflows/sdk-test.yml
vendored
18
.github/workflows/sdk-test.yml
vendored
@@ -16,28 +16,26 @@ on:
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
# Common versions
|
||||
GO_VERSION: '1.19'
|
||||
GOLANGCI_VERSION: 'v1.49'
|
||||
|
||||
jobs:
|
||||
sdk-tests:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
- name: Setup Env
|
||||
uses: ./.github/actions/env-setup
|
||||
|
||||
- name: Install Go tools
|
||||
run: |
|
||||
make goimports
|
||||
make golangci
|
||||
|
||||
- name: Setup KinD
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
with:
|
||||
name: sdk-test
|
||||
|
||||
- name: Build CLI
|
||||
run: make vela-cli
|
||||
|
||||
|
||||
11
.github/workflows/sync-api.yml
vendored
11
.github/workflows/sync-api.yml
vendored
@@ -10,21 +10,16 @@ on:
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
GO_VERSION: '1.19'
|
||||
|
||||
jobs:
|
||||
sync-core-api:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
|
||||
- name: Setup Env
|
||||
uses: ./.github/actions/env-setup
|
||||
|
||||
- name: Get the version
|
||||
id: get_version
|
||||
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
|
||||
|
||||
20
.github/workflows/sync-sdk.yaml
vendored
20
.github/workflows/sync-sdk.yaml
vendored
@@ -14,28 +14,16 @@ on:
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
GO_VERSION: '1.19'
|
||||
|
||||
jobs:
|
||||
sync_sdk:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
|
||||
- name: Get the version
|
||||
id: get_version
|
||||
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Get dependencies
|
||||
run: |
|
||||
go get -v -t -d ./...
|
||||
- name: Env setup
|
||||
uses: ./.github/actions/env-setup
|
||||
|
||||
- name: Install Go tools
|
||||
run: |
|
||||
@@ -44,6 +32,10 @@ jobs:
|
||||
- name: Build CLI
|
||||
run: make vela-cli
|
||||
|
||||
- name: Get the version
|
||||
id: get_version
|
||||
run: echo "VERSION=${GITHUB_REF}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Sync SDK to kubevela/kubevela-go-sdk
|
||||
run: bash ./hack/sdk/sync.sh
|
||||
env:
|
||||
|
||||
4
.github/workflows/trivy-scan.yml
vendored
4
.github/workflows/trivy-scan.yml
vendored
@@ -20,14 +20,14 @@ jobs:
|
||||
docker build --build-arg GOPROXY=https://proxy.golang.org -t docker.io/oamdev/vela-core:${{ github.sha }} .
|
||||
|
||||
- name: Run Trivy vulnerability scanner for vela core
|
||||
uses: aquasecurity/trivy-action@master
|
||||
uses: aquasecurity/trivy-action@d9cd5b1c23aaf8cb31bb09141028215828364bbb # master
|
||||
with:
|
||||
image-ref: 'docker.io/oamdev/vela-core:${{ github.sha }}'
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
|
||||
if: always()
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
60
.github/workflows/unit-test.yml
vendored
60
.github/workflows/unit-test.yml
vendored
@@ -5,7 +5,7 @@ on:
|
||||
branches:
|
||||
- master
|
||||
- release-*
|
||||
workflow_dispatch: { }
|
||||
workflow_dispatch: {}
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
@@ -14,15 +14,10 @@ on:
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
# Common versions
|
||||
GO_VERSION: '1.19'
|
||||
|
||||
jobs:
|
||||
|
||||
detect-noop:
|
||||
permissions:
|
||||
actions: write # for fkirc/skip-duplicate-actions to skip or stop workflow runs
|
||||
actions: write # for fkirc/skip-duplicate-actions to skip or stop workflow runs
|
||||
runs-on: ubuntu-22.04
|
||||
outputs:
|
||||
noop: ${{ steps.noop.outputs.should_skip }}
|
||||
@@ -42,48 +37,19 @@ jobs:
|
||||
if: needs.detect-noop.outputs.noop != 'true'
|
||||
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
with:
|
||||
submodules: true
|
||||
|
||||
- name: Cache Go Dependencies
|
||||
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84
|
||||
- name: Setup Env
|
||||
uses: ./.github/actions/env-setup
|
||||
|
||||
- name: Setup KinD with Kubernetes
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
|
||||
- name: Run unit tests
|
||||
uses: ./.github/actions/unit-test
|
||||
with:
|
||||
path: .work/pkg
|
||||
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
|
||||
restore-keys: ${{ runner.os }}-pkg-
|
||||
|
||||
- name: Install ginkgo
|
||||
run: |
|
||||
sudo sed -i 's/azure\.//' /etc/apt/sources.list
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y golang-ginkgo-dev
|
||||
|
||||
- name: Setup KinD
|
||||
run: |
|
||||
go install sigs.k8s.io/kind@v0.19.0
|
||||
kind create cluster
|
||||
|
||||
- name: install Kubebuilder
|
||||
uses: RyanSiu1995/kubebuilder-action@7170cb0476187070ae04cbb6cee305e809de2693
|
||||
with:
|
||||
version: 3.9.1
|
||||
kubebuilderOnly: false
|
||||
kubernetesVersion: v1.26.2
|
||||
|
||||
- name: Run Make test
|
||||
run: make test
|
||||
|
||||
- name: Upload coverage report
|
||||
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
|
||||
with:
|
||||
token: ${{ secrets.CODECOV_TOKEN }}
|
||||
file: ./coverage.txt
|
||||
flags: core-unittests
|
||||
name: codecov-umbrella
|
||||
codecov-enable: true
|
||||
codecov-token: ${{ secrets.CODECOV_TOKEN }}
|
||||
|
||||
98
.github/workflows/upgrade-e2e-multicluster-test.yml
vendored
Normal file
98
.github/workflows/upgrade-e2e-multicluster-test.yml
vendored
Normal file
@@ -0,0 +1,98 @@
|
||||
# =============================================================================
|
||||
# E2E Upgrade Multicluster Test Workflow
|
||||
# =============================================================================
|
||||
# This workflow performs end-to-end testing for KubeVela multicluster upgrades.
|
||||
# It tests the upgrade path from the latest released version to the current
|
||||
# development branch across multiple Kubernetes versions.
|
||||
#
|
||||
# Test Flow:
|
||||
# 1. Install latest KubeVela release
|
||||
# 2. Build and upgrade to current development version
|
||||
# 3. Run multicluster e2e tests to verify functionality
|
||||
# =============================================================================
|
||||
|
||||
name: E2E Upgrade Multicluster Test
|
||||
|
||||
# =============================================================================
|
||||
# Trigger Configuration
|
||||
# =============================================================================
|
||||
on:
|
||||
# Trigger on pull requests targeting main branches
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
- release-*
|
||||
|
||||
# Allow manual workflow execution
|
||||
workflow_dispatch: {}
|
||||
|
||||
# =============================================================================
|
||||
# Security Configuration
|
||||
# =============================================================================
|
||||
permissions:
|
||||
contents: read # Read-only access to repository contents
|
||||
|
||||
# =============================================================================
|
||||
# Global Environment Variables
|
||||
# =============================================================================
|
||||
env:
|
||||
GO_VERSION: '1.23.8' # Go version for building and testing
|
||||
|
||||
# =============================================================================
|
||||
# Job Definitions
|
||||
# =============================================================================
|
||||
jobs:
|
||||
upgrade-multicluster-tests:
|
||||
name: Upgrade Multicluster Tests
|
||||
runs-on: ubuntu-22.04
|
||||
if: startsWith(github.head_ref, 'chore/upgrade-k8s-')
|
||||
timeout-minutes: 60 # Prevent hanging jobs
|
||||
|
||||
# ==========================================================================
|
||||
# Matrix Strategy - Test against multiple Kubernetes versions
|
||||
# ==========================================================================
|
||||
strategy:
|
||||
fail-fast: false # Continue testing other versions if one fails
|
||||
matrix:
|
||||
k8s-version: ['v1.31.9']
|
||||
|
||||
# ==========================================================================
|
||||
# Concurrency Control - Prevent overlapping runs
|
||||
# ==========================================================================
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
|
||||
cancel-in-progress: true
|
||||
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Environment Setup
|
||||
# ========================================================================
|
||||
|
||||
- name: Check out repository
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
|
||||
# ========================================================================
|
||||
# Kubernetes Cluster Setup
|
||||
# ========================================================================
|
||||
|
||||
- name: Setup worker cluster kinD
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
with:
|
||||
name: worker
|
||||
|
||||
- name: Setup KinD master clusters for multicluster testing
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
with:
|
||||
k8s-version: ${{ matrix.k8s-version }}
|
||||
|
||||
- name: Deploy latest release
|
||||
uses: ./.github/actions/deploy-latest-release
|
||||
|
||||
- name: Upgrade from current branch
|
||||
uses: ./.github/actions/deploy-current-branch
|
||||
|
||||
- name: Run upgarde multicluster tests
|
||||
uses: ./.github/actions/multicluster-test
|
||||
with:
|
||||
codecov-enable: false
|
||||
codecov-token: ''
|
||||
102
.github/workflows/upgrade-e2e-test.yml
vendored
Normal file
102
.github/workflows/upgrade-e2e-test.yml
vendored
Normal file
@@ -0,0 +1,102 @@
|
||||
# =============================================================================
|
||||
# Upgrade E2E Test Workflow
|
||||
# =============================================================================
|
||||
# This workflow performs comprehensive end-to-end testing for KubeVela upgrades.
|
||||
# It validates the upgrade path from the latest stable release to the current
|
||||
# development version by running multiple test suites including API, addon,
|
||||
# and general e2e tests.
|
||||
#
|
||||
# Test Flow:
|
||||
# 1. Install latest KubeVela release
|
||||
# 2. Build and upgrade to current development version
|
||||
# 3. Run comprehensive e2e test suites (API, addon, general)
|
||||
# 4. Validate upgrade functionality and compatibility
|
||||
# =============================================================================
|
||||
|
||||
name: Upgrade E2E Test
|
||||
|
||||
# =============================================================================
|
||||
# Trigger Configuration
|
||||
# =============================================================================
|
||||
on:
|
||||
# Trigger on pull requests targeting main branches
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
- release-*
|
||||
|
||||
# Allow manual workflow execution
|
||||
workflow_dispatch: {}
|
||||
|
||||
# =============================================================================
|
||||
# Environment Variables
|
||||
# =============================================================================
|
||||
env:
|
||||
GO_VERSION: '1.23.8'
|
||||
|
||||
# =============================================================================
|
||||
# Security Configuration
|
||||
# =============================================================================
|
||||
permissions:
|
||||
contents: read # Read-only access to repository contents
|
||||
|
||||
# =============================================================================
|
||||
# Job Definitions
|
||||
# =============================================================================
|
||||
jobs:
|
||||
upgrade-tests:
|
||||
name: Upgrade E2E Tests
|
||||
runs-on: ubuntu-22.04
|
||||
if: startsWith(github.head_ref, 'chore/upgrade-k8s-')
|
||||
timeout-minutes: 90 # Extended timeout for comprehensive e2e testing
|
||||
|
||||
# ==========================================================================
|
||||
# Matrix Strategy - Test against multiple Kubernetes versions
|
||||
# ==========================================================================
|
||||
strategy:
|
||||
fail-fast: false # Continue testing other versions if one fails
|
||||
matrix:
|
||||
k8s-version: ['v1.31.9']
|
||||
|
||||
# ==========================================================================
|
||||
# Concurrency Control - Prevent overlapping runs
|
||||
# ==========================================================================
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
|
||||
cancel-in-progress: true
|
||||
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Repository Setup
|
||||
# ========================================================================
|
||||
- name: Check out code
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
|
||||
# ========================================================================
|
||||
# Kubernetes Cluster Setup
|
||||
# ========================================================================
|
||||
- name: Setup KinD with Kubernetes ${{ matrix.k8s-version }}
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
with:
|
||||
k8s-version: ${{ matrix.k8s-version }}
|
||||
|
||||
- name: Build vela CLI
|
||||
run: make vela-cli
|
||||
|
||||
- name: Build kubectl-vela plugin
|
||||
run: make kubectl-vela
|
||||
|
||||
- name: Install kustomize
|
||||
run: make kustomize
|
||||
|
||||
- name: Deploy latest release
|
||||
uses: ./.github/actions/deploy-latest-release
|
||||
|
||||
- name: Upgrade from current branch
|
||||
uses: ./.github/actions/deploy-current-branch
|
||||
|
||||
# ========================================================================
|
||||
# E2E Test Execution
|
||||
# ========================================================================
|
||||
- name: Run upgrade e2e tests
|
||||
uses: ./.github/actions/e2e-test
|
||||
83
.github/workflows/upgrade-unit-test.yml
vendored
Normal file
83
.github/workflows/upgrade-unit-test.yml
vendored
Normal file
@@ -0,0 +1,83 @@
|
||||
# =============================================================================
|
||||
# Upgrade Unit Test Workflow
|
||||
# =============================================================================
|
||||
# This workflow performs unit testing for KubeVela upgrades by:
|
||||
# 1. Installing the latest stable KubeVela release
|
||||
# 2. Building and upgrading to the current development version
|
||||
# 3. Running unit tests to validate the upgrade functionality
|
||||
# =============================================================================
|
||||
|
||||
name: Upgrade Unit Test
|
||||
|
||||
# =============================================================================
|
||||
# Trigger Configuration
|
||||
# =============================================================================
|
||||
on:
|
||||
# Trigger on pull requests targeting main and release branches
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
- release-*
|
||||
|
||||
# Allow manual workflow execution
|
||||
workflow_dispatch: {}
|
||||
|
||||
# =============================================================================
|
||||
# Security Configuration
|
||||
# =============================================================================
|
||||
permissions:
|
||||
contents: read # Read-only access to repository contents
|
||||
|
||||
# =============================================================================
|
||||
# Job Definitions
|
||||
# =============================================================================
|
||||
jobs:
|
||||
upgrade-tests:
|
||||
name: Upgrade Unit Tests
|
||||
runs-on: ubuntu-22.04
|
||||
if: startsWith(github.head_ref, 'chore/upgrade-k8s-')
|
||||
timeout-minutes: 45 # Prevent hanging jobs
|
||||
|
||||
# ==========================================================================
|
||||
# Matrix Strategy - Test against multiple Kubernetes versions
|
||||
# ==========================================================================
|
||||
strategy:
|
||||
fail-fast: false # Continue testing other versions if one fails
|
||||
matrix:
|
||||
k8s-version: ['v1.31.9']
|
||||
|
||||
# ==========================================================================
|
||||
# Concurrency Control - Prevent overlapping runs
|
||||
# ==========================================================================
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
|
||||
cancel-in-progress: true
|
||||
|
||||
steps:
|
||||
# ========================================================================
|
||||
# Environment Setup
|
||||
# ========================================================================
|
||||
|
||||
- name: Check out code
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
|
||||
# ========================================================================
|
||||
# Kubernetes Cluster Setup
|
||||
# ========================================================================
|
||||
|
||||
- name: Setup KinD with Kubernetes ${{ matrix.k8s-version }}
|
||||
uses: ./.github/actions/setup-kind-cluster
|
||||
with:
|
||||
k8s-version: ${{ matrix.k8s-version }}
|
||||
|
||||
- name: Deploy latest release
|
||||
uses: ./.github/actions/deploy-latest-release
|
||||
|
||||
- name: Upgrade from current branch
|
||||
uses: ./.github/actions/deploy-current-branch
|
||||
|
||||
- name: Run unit tests
|
||||
uses: ./.github/actions/unit-test
|
||||
with:
|
||||
codecov-enable: false
|
||||
codecov-token: ''
|
||||
165
.github/workflows/webhook-upgrade-validation.yml
vendored
Normal file
165
.github/workflows/webhook-upgrade-validation.yml
vendored
Normal file
@@ -0,0 +1,165 @@
|
||||
name: Webhook Upgrade Validation
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- release-*
|
||||
tags:
|
||||
- v*
|
||||
workflow_dispatch: {}
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
- release-*
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
GO_VERSION: '1.23.8'
|
||||
|
||||
jobs:
|
||||
webhook-upgrade-check:
|
||||
runs-on: ubuntu-22.04
|
||||
timeout-minutes: 30
|
||||
steps:
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
|
||||
|
||||
- name: Setup Env
|
||||
uses: ./.github/actions/env-setup
|
||||
|
||||
- name: Setup KinD
|
||||
run: |
|
||||
go install sigs.k8s.io/kind@v0.29.0
|
||||
kind delete cluster || true
|
||||
kind create cluster --image=kindest/node:v1.31.9
|
||||
|
||||
- name: Install KubeVela CLI
|
||||
run: curl -fsSL https://kubevela.io/script/install.sh | bash
|
||||
|
||||
- name: Install KubeVela baseline
|
||||
run: |
|
||||
vela install --set featureGates.enableCueValidation=true
|
||||
kubectl wait --namespace vela-system --for=condition=Available deployment/kubevela-vela-core --timeout=300s
|
||||
|
||||
- name: Prepare failing chart changes
|
||||
run: |
|
||||
cat <<'CHART' > charts/vela-core/templates/defwithtemplate/resource.yaml
|
||||
# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
|
||||
# Definition source cue file: vela-templates/definitions/internal/resource.cue
|
||||
apiVersion: core.oam.dev/v1beta1
|
||||
kind: TraitDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
definition.oam.dev/description: Add resource requests and limits on K8s pod for your workload which follows the pod spec in path 'spec.template.'
|
||||
name: resource
|
||||
namespace: {{ include "systemDefinitionNamespace" . }}
|
||||
spec:
|
||||
appliesToWorkloads:
|
||||
- deployments.apps
|
||||
- statefulsets.apps
|
||||
- daemonsets.apps
|
||||
- jobs.batch
|
||||
- cronjobs.batch
|
||||
podDisruptive: true
|
||||
schematic:
|
||||
cue:
|
||||
template: |2
|
||||
let resourceContent = {
|
||||
resources: {
|
||||
if parameter.cpu != _|_ if parameter.memory != _|_ if parameter.requests == _|_ if parameter.limits == _|_ {
|
||||
// +patchStrategy=retainKeys
|
||||
requests: {
|
||||
cpu: parameter.cpu
|
||||
memory: parameter.memory
|
||||
}
|
||||
// +patchStrategy=retainKeys
|
||||
limits: {
|
||||
cpu: parameter.cpu
|
||||
memory: parameter.memory
|
||||
}
|
||||
}
|
||||
if parameter.requests != _|_ {
|
||||
// +patchStrategy=retainKeys
|
||||
requests: {
|
||||
cpu: parameter.requests.cpu
|
||||
memory: parameter.requests.memory
|
||||
}
|
||||
}
|
||||
if parameter.limits != _|_ {
|
||||
// +patchStrategy=retainKeys
|
||||
limits: {
|
||||
cpu: parameter.limits.cpu
|
||||
memory: parameter.limits.memory
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if context.output.spec != _|_ if context.output.spec.template != _|_ {
|
||||
patch: spec: template: spec: {
|
||||
// +patchKey=name
|
||||
containers: [resourceContent]
|
||||
}
|
||||
}
|
||||
if context.output.spec != _|_ if context.output.spec.jobTemplate != _|_ {
|
||||
patch: spec: jobTemplate: spec: template: spec: {
|
||||
// +patchKey=name
|
||||
containers: [resourceContent]
|
||||
}
|
||||
}
|
||||
parameter: {
|
||||
// +usage=Specify the amount of cpu for requests and limits
|
||||
cpu?: *1 | number | string
|
||||
// +usage=Specify the amount of memory for requests and limits
|
||||
memory?: *"2048Mi" | =~"^([1-9][0-9]{0,63})(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)$"
|
||||
// +usage=Specify the resources in requests
|
||||
requests?: {
|
||||
// +usage=Specify the amount of cpu for requests
|
||||
cpu: *1 | number | string
|
||||
// +usage=Specify the amount of memory for requests
|
||||
memory: *"2048Mi" | =~"^([1-9][0-9]{0,63})(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)$"
|
||||
}
|
||||
// +usage=Specify the resources in limits
|
||||
limits?: {
|
||||
// +usage=Specify the amount of cpu for limits
|
||||
cpu: *1 | number | string
|
||||
// +usage=Specify the amount of memory for limits
|
||||
memory: *"2048Mi" | =~"^([1-9][0-9]{0,63})(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)$"
|
||||
}
|
||||
}
|
||||
|
||||
- name: Load image
|
||||
run: |
|
||||
mkdir -p $HOME/tmp/
|
||||
TMPDIR=$HOME/tmp/ make image-load
|
||||
|
||||
- name: Run Helm upgrade (expected to fail)
|
||||
run: |
|
||||
set +e
|
||||
helm upgrade \
|
||||
--set image.repository=vela-core-test \
|
||||
--set image.tag=$(git rev-parse --short HEAD) \
|
||||
--set featureGates.enableCueValidation=true \
|
||||
--wait kubevela ./charts/vela-core --debug -n vela-system
|
||||
status=$?
|
||||
echo "Helm upgrade exit code: ${status}"
|
||||
if [ $status -eq 0 ]; then
|
||||
echo "Expected helm upgrade to fail" >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "Helm upgrade failed as expected"
|
||||
|
||||
- name: Dump webhook configurations
|
||||
if: ${{ always() }}
|
||||
run: |
|
||||
kubectl get mutatingwebhookconfiguration kubevela-vela-core-admission -o yaml
|
||||
kubectl get validatingwebhookconfiguration kubevela-vela-core-admission -o yaml
|
||||
|
||||
- name: Verify webhook validation remains active
|
||||
run: ginkgo -v --focus-file requiredparam_validation_test.go ./test/e2e-test
|
||||
|
||||
- name: Cleanup kind cluster
|
||||
if: ${{ always() }}
|
||||
run: kind delete cluster --name kind
|
||||
9
.gitignore
vendored
9
.gitignore
vendored
@@ -35,12 +35,21 @@ vendor/
|
||||
.vscode
|
||||
.history
|
||||
|
||||
# Debug binaries generated by VS Code/Delve
|
||||
__debug_bin*
|
||||
*/__debug_bin*
|
||||
|
||||
# Webhook certificates generated at runtime
|
||||
k8s-webhook-server/
|
||||
options.go.bak
|
||||
|
||||
pkg/test/vela
|
||||
config/crd/bases
|
||||
_tmp/
|
||||
|
||||
references/cmd/cli/fake/source.go
|
||||
references/cmd/cli/fake/chart_source.go
|
||||
references/vela-sdk-gen/*
|
||||
charts/vela-core/crds/_.yaml
|
||||
.test_vela
|
||||
tmp/
|
||||
|
||||
@@ -1,18 +1,6 @@
|
||||
run:
|
||||
timeout: 10m
|
||||
|
||||
skip-files:
|
||||
- "zz_generated\\..+\\.go$"
|
||||
- ".*_test.go$"
|
||||
|
||||
skip-dirs:
|
||||
- "hack"
|
||||
- "e2e"
|
||||
|
||||
output:
|
||||
# colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
|
||||
format: colored-line-number
|
||||
|
||||
linters-settings:
|
||||
errcheck:
|
||||
# report about not checking of errors in type assetions: `a := b.(MyStruct)`;
|
||||
@@ -23,24 +11,12 @@ linters-settings:
|
||||
# default is false: such cases aren't reported by default.
|
||||
check-blank: false
|
||||
|
||||
# [deprecated] comma-separated list of pairs of the form pkg:regex
|
||||
# the regex is used to ignore names within pkg. (default "fmt:.*").
|
||||
# see https://github.com/kisielk/errcheck#the-deprecated-method for details
|
||||
ignore: fmt:.*,io/ioutil:^Read.*
|
||||
|
||||
exhaustive:
|
||||
# indicates that switch statements are to be considered exhaustive if a
|
||||
# 'default' case is present, even if all enum members aren't listed in the
|
||||
# switch
|
||||
default-signifies-exhaustive: true
|
||||
|
||||
govet:
|
||||
# report about shadowed variables
|
||||
check-shadowing: false
|
||||
|
||||
revive:
|
||||
# minimal confidence for issues, default is 0.8
|
||||
min-confidence: 0.8
|
||||
|
||||
gofmt:
|
||||
# simplify code: gofmt with `-s` option, true by default
|
||||
@@ -55,9 +31,6 @@ linters-settings:
|
||||
# minimal code complexity to report, 30 by default (but we recommend 10-20)
|
||||
min-complexity: 30
|
||||
|
||||
maligned:
|
||||
# print struct with more effective memory layout or not, false by default
|
||||
suggest-new: true
|
||||
|
||||
dupl:
|
||||
# tokens count to trigger issue, 150 by default
|
||||
@@ -73,13 +46,6 @@ linters-settings:
|
||||
# tab width in spaces. Default to 1.
|
||||
tab-width: 1
|
||||
|
||||
unused:
|
||||
# treat code as a program (not a library) and report unused exported identifiers; default is false.
|
||||
# XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
|
||||
# if it's called for subdir of a project it can't find funcs usages. All text editor integrations
|
||||
# with golangci-lint call it on a directory with the changed file.
|
||||
check-exported: false
|
||||
|
||||
unparam:
|
||||
# Inspect exported functions, default is false. Set to true if no external program/library imports your code.
|
||||
# XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
|
||||
@@ -107,9 +73,13 @@ linters-settings:
|
||||
# Allow only slices initialized with a length of zero. Default is false.
|
||||
always: false
|
||||
|
||||
revive:
|
||||
rules:
|
||||
- name: unused-parameter
|
||||
disabled: true
|
||||
|
||||
linters:
|
||||
enable:
|
||||
- megacheck
|
||||
- govet
|
||||
- gocyclo
|
||||
- gocritic
|
||||
@@ -121,11 +91,10 @@ linters:
|
||||
- misspell
|
||||
- nakedret
|
||||
- exportloopref
|
||||
- unused
|
||||
- gosimple
|
||||
- staticcheck
|
||||
disable:
|
||||
- deadcode
|
||||
- scopelint
|
||||
- structcheck
|
||||
- varcheck
|
||||
- rowserrcheck
|
||||
- sqlclosecheck
|
||||
- errchkjson
|
||||
@@ -137,8 +106,28 @@ linters:
|
||||
|
||||
|
||||
issues:
|
||||
|
||||
exclude-files:
|
||||
- "zz_generated\\..+\\.go$"
|
||||
- ".*_test.go$"
|
||||
|
||||
exclude-dirs:
|
||||
- "hack"
|
||||
- "e2e"
|
||||
|
||||
# Excluding configuration per-path and per-linter
|
||||
exclude-rules:
|
||||
- path: .*\.go
|
||||
linters:
|
||||
- errcheck
|
||||
text: "fmt\\."
|
||||
|
||||
# Ignore unchecked errors from io/ioutil functions starting with Read
|
||||
- path: .*\.go
|
||||
linters:
|
||||
- errcheck
|
||||
text: "io/ioutil.*Read"
|
||||
|
||||
# Exclude some linters from running on tests files.
|
||||
- path: _test(ing)?\.go
|
||||
linters:
|
||||
@@ -227,7 +216,7 @@ issues:
|
||||
new: false
|
||||
|
||||
# Maximum issues count per one linter. Set to 0 to disable. Default is 50.
|
||||
max-per-linter: 0
|
||||
max-issues-per-linter: 0
|
||||
|
||||
# Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
|
||||
max-same-issues: 0
|
||||
max-same-issues: 0
|
||||
@@ -31,6 +31,28 @@ builds:
|
||||
ldflags:
|
||||
- -s -w -X github.com/oam-dev/kubevela/version.VelaVersion={{ .Version }} -X github.com/oam-dev/kubevela/version.GitRevision=git-{{.ShortCommit}}
|
||||
|
||||
sboms:
|
||||
- id: kubevela-binaries-sboms
|
||||
artifacts: binary
|
||||
documents:
|
||||
- "${artifact}-{{ .Version }}-{{ .Os }}-{{ .Arch }}.spdx.sbom.json"
|
||||
|
||||
signs:
|
||||
- id: kubevela-cosign-keyless
|
||||
artifacts: checksum # sign the checksum file over individual artifacts
|
||||
signature: "${artifact}-keyless.sig"
|
||||
certificate: "${artifact}-keyless.pem"
|
||||
cmd: cosign
|
||||
args:
|
||||
- "sign-blob"
|
||||
- "--yes"
|
||||
- "--output-signature"
|
||||
- "${artifact}-keyless.sig"
|
||||
- "--output-certificate"
|
||||
- "${artifact}-keyless.pem"
|
||||
- "${artifact}"
|
||||
output: true
|
||||
|
||||
archives:
|
||||
- format: tar.gz
|
||||
id: vela-cli-tgz
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
# CONTRIBUTING Guide
|
||||
|
||||
Please refer to https://kubevela.io/docs/contributor/overview for details.
|
||||
Please refer to https://kubevela.io/docs/contributor/overview for details.
|
||||
@@ -1,6 +1,6 @@
|
||||
ARG BASE_IMAGE
|
||||
# Build the manager binary
|
||||
FROM golang:1.19-alpine3.18 as builder
|
||||
FROM golang:1.23.8-alpine@sha256:b7486658b87d34ecf95125e5b97e8dfe86c21f712aa36fc0c702e5dc41dc63e1 AS builder
|
||||
|
||||
WORKDIR /workspace
|
||||
# Copy the Go Modules manifests
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
ARG BASE_IMAGE
|
||||
# Build the cli binary
|
||||
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine@sha256:2381c1e5f8350a901597d633b2e517775eeac7a6682be39225a93b22cfd0f8bb as builder
|
||||
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.23.8-alpine@sha256:b7486658b87d34ecf95125e5b97e8dfe86c21f712aa36fc0c702e5dc41dc63e1 AS builder
|
||||
ARG GOPROXY
|
||||
ENV GOPROXY=${GOPROXY:-https://proxy.golang.org}
|
||||
WORKDIR /workspace
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
ARG BASE_IMAGE
|
||||
# Build the manager binary
|
||||
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.22.7-alpine@sha256:48eab5e3505d8c8b42a06fe5f1cf4c346c167cc6a89e772f31cb9e5c301dcf60 as builder
|
||||
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.23.8-alpine@sha256:b7486658b87d34ecf95125e5b97e8dfe86c21f712aa36fc0c702e5dc41dc63e1 AS builder
|
||||
|
||||
WORKDIR /workspace
|
||||
# Copy the Go Modules manifests
|
||||
|
||||
14
Makefile
14
Makefile
@@ -12,7 +12,7 @@ all: build
|
||||
# Targets
|
||||
|
||||
## test: Run tests
|
||||
test: unit-test-core test-cli-gen
|
||||
test: envtest unit-test-core test-cli-gen
|
||||
@$(OK) unit-tests pass
|
||||
|
||||
## test-cli-gen: Run the unit tests for cli gen
|
||||
@@ -22,8 +22,8 @@ test-cli-gen:
|
||||
|
||||
## unit-test-core: Run the unit tests for core
|
||||
unit-test-core:
|
||||
go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... ./apis/... | grep -v apiserver | grep -v applicationconfiguration)
|
||||
go test $(shell go list ./references/... | grep -v apiserver)
|
||||
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... ./apis/... | grep -v apiserver | grep -v applicationconfiguration)
|
||||
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test $(shell go list ./references/... | grep -v apiserver)
|
||||
|
||||
## build: Build vela cli binary
|
||||
build: vela-cli kubectl-vela
|
||||
@@ -41,9 +41,8 @@ fmt: goimports installcue
|
||||
$(CUE) fmt ./vela-templates/definitions/internal/*
|
||||
$(CUE) fmt ./vela-templates/definitions/deprecated/*
|
||||
$(CUE) fmt ./vela-templates/definitions/registry/*
|
||||
$(CUE) fmt ./pkg/stdlib/pkgs/*
|
||||
$(CUE) fmt ./pkg/stdlib/op.cue
|
||||
$(CUE) fmt ./pkg/workflow/tasks/template/static/*
|
||||
$(CUE) fmt ./pkg/workflow/template/static/*
|
||||
$(CUE) fmt ./pkg/workflow/providers/...
|
||||
|
||||
## sdk_fmt: Run go fmt against code
|
||||
sdk_fmt:
|
||||
@@ -62,7 +61,7 @@ staticcheck: staticchecktool
|
||||
## lint: Run the golangci-lint
|
||||
lint: golangci
|
||||
@$(INFO) lint
|
||||
@$(GOLANGCILINT) run --fix --verbose --skip-dirs 'scaffold'
|
||||
@GOLANGCILINT=$(GOLANGCILINT) ./hack/utils/golangci-lint-wrapper.sh
|
||||
|
||||
## reviewable: Run the reviewable
|
||||
reviewable: manifests fmt vet lint staticcheck helm-doc-gen sdk_fmt
|
||||
@@ -108,7 +107,6 @@ manifests: installcue kustomize
|
||||
go generate $(foreach t,pkg apis,./$(t)/...)
|
||||
# TODO(yangsoon): kustomize will merge all CRD into a whole file, it may not work if we want patch more than one CRD in this way
|
||||
$(KUSTOMIZE) build config/crd -o config/crd/base/core.oam.dev_applications.yaml
|
||||
./hack/crd/cleanup.sh
|
||||
go run ./hack/crd/dispatch/dispatch.go config/crd/base charts/vela-core/crds
|
||||
rm -f config/crd/base/*
|
||||
./vela-templates/gen_definitions.sh
|
||||
|
||||
12
README.md
12
README.md
@@ -17,7 +17,7 @@
|
||||
[](https://artifacthub.io/packages/search?repo=kubevela)
|
||||
[](https://bestpractices.coreinfrastructure.org/projects/4602)
|
||||

|
||||
[](https://api.securityscorecards.dev/projects/github.com/kubevela/kubevela)
|
||||
[](https://scorecard.dev/viewer/?uri=github.com/kubevela/kubevela)
|
||||
[](https://opensource.alibaba.com/contribution_leaderboard/details?projectValue=kubevela)
|
||||
|
||||
## Introduction
|
||||
@@ -59,6 +59,14 @@ and share the large growing community [addons](https://kubevela.net/docs/referen
|
||||
* [Installation](https://kubevela.io/docs/install)
|
||||
* [Deploy Your Application](https://kubevela.io/docs/quick-start)
|
||||
|
||||
### Get Your Own Demo with Alibaba Cloud
|
||||
|
||||
- install KubeVela on a Serverless K8S cluster in 3 minutes, try:
|
||||
|
||||
<a href="https://acs.console.aliyun.com/quick-deploy?repo=kubevela/kubevela&branch=master" target="_blank">
|
||||
<img src="https://img.alicdn.com/imgextra/i1/O1CN01aiPSuA1Wiz7wkgF5u_!!6000000002823-55-tps-399-70.svg" width="200" alt="Deploy on Alibaba Cloud">
|
||||
</a>
|
||||
|
||||
## Documentation
|
||||
|
||||
Full documentation is available on the [KubeVela website](https://kubevela.io/).
|
||||
@@ -107,4 +115,4 @@ Security is a first priority thing for us at KubeVela. If you come across a rela
|
||||
|
||||
## Code of Conduct
|
||||
|
||||
KubeVela adopts [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
|
||||
KubeVela adopts [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
|
||||
@@ -135,6 +135,9 @@ type Status struct {
|
||||
// HealthPolicy defines the health check policy for the abstraction
|
||||
// +optional
|
||||
HealthPolicy string `json:"healthPolicy,omitempty"`
|
||||
// Details stores a string representation of a CUE status map to be evaluated at runtime for display
|
||||
// +optional
|
||||
Details string `json:"details,omitempty"`
|
||||
}
|
||||
|
||||
// ApplicationPhase is a label for the condition of an application at the current time
|
||||
@@ -172,6 +175,7 @@ type ApplicationComponentStatus struct {
|
||||
// WorkloadDefinition is the definition of a WorkloadDefinition, such as deployments/apps.v1
|
||||
WorkloadDefinition WorkloadGVK `json:"workloadDefinition,omitempty"`
|
||||
Healthy bool `json:"healthy"`
|
||||
Details map[string]string `json:"details,omitempty"`
|
||||
Message string `json:"message,omitempty"`
|
||||
Traits []ApplicationTraitStatus `json:"traits,omitempty"`
|
||||
Scopes []corev1.ObjectReference `json:"scopes,omitempty"`
|
||||
@@ -185,9 +189,10 @@ func (in ApplicationComponentStatus) Equal(r ApplicationComponentStatus) bool {
|
||||
|
||||
// ApplicationTraitStatus records the trait health status
|
||||
type ApplicationTraitStatus struct {
|
||||
Type string `json:"type"`
|
||||
Healthy bool `json:"healthy"`
|
||||
Message string `json:"message,omitempty"`
|
||||
Type string `json:"type"`
|
||||
Healthy bool `json:"healthy"`
|
||||
Details map[string]string `json:"details,omitempty"`
|
||||
Message string `json:"message,omitempty"`
|
||||
}
|
||||
|
||||
// Revision has name and revision number
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright 2023 The KubeVela Authors.
|
||||
@@ -131,10 +130,19 @@ func (in *ApplicationComponent) DeepCopy() *ApplicationComponent {
|
||||
func (in *ApplicationComponentStatus) DeepCopyInto(out *ApplicationComponentStatus) {
|
||||
*out = *in
|
||||
out.WorkloadDefinition = in.WorkloadDefinition
|
||||
if in.Details != nil {
|
||||
in, out := &in.Details, &out.Details
|
||||
*out = make(map[string]string, len(*in))
|
||||
for key, val := range *in {
|
||||
(*out)[key] = val
|
||||
}
|
||||
}
|
||||
if in.Traits != nil {
|
||||
in, out := &in.Traits, &out.Traits
|
||||
*out = make([]ApplicationTraitStatus, len(*in))
|
||||
copy(*out, *in)
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
if in.Scopes != nil {
|
||||
in, out := &in.Scopes, &out.Scopes
|
||||
@@ -176,6 +184,13 @@ func (in *ApplicationTrait) DeepCopy() *ApplicationTrait {
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ApplicationTraitStatus) DeepCopyInto(out *ApplicationTraitStatus) {
|
||||
*out = *in
|
||||
if in.Details != nil {
|
||||
in, out := &in.Details, &out.Details
|
||||
*out = make(map[string]string, len(*in))
|
||||
for key, val := range *in {
|
||||
(*out)[key] = val
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationTraitStatus.
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright 2023 The KubeVela Authors.
|
||||
|
||||
@@ -102,16 +102,16 @@ func (in *GarbageCollectPolicySpec) FindStrategy(manifest *unstructured.Unstruct
|
||||
}
|
||||
|
||||
// FindDeleteOption find delete option for target resource
|
||||
func (in *GarbageCollectPolicySpec) FindDeleteOption(manifest *unstructured.Unstructured) []client.DeleteOption {
|
||||
func (in *GarbageCollectPolicySpec) FindDeleteOption(manifest *unstructured.Unstructured) (bool, []client.DeleteOption) {
|
||||
for _, rule := range in.Rules {
|
||||
if rule.Selector.Match(manifest) && rule.Propagation != nil {
|
||||
switch *rule.Propagation {
|
||||
case GarbageCollectPropagationOrphan:
|
||||
return []client.DeleteOption{client.PropagationPolicy(metav1.DeletePropagationOrphan)}
|
||||
return true, []client.DeleteOption{client.PropagationPolicy(metav1.DeletePropagationOrphan)}
|
||||
case GarbageCollectPropagationCascading:
|
||||
return []client.DeleteOption{client.PropagationPolicy(metav1.DeletePropagationBackground)}
|
||||
return false, []client.DeleteOption{client.PropagationPolicy(metav1.DeletePropagationBackground)}
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
return false, nil
|
||||
}
|
||||
|
||||
@@ -60,3 +60,8 @@ func init() {
|
||||
SchemeBuilder.Register(&workflowv1alpha1.Workflow{}, &workflowv1alpha1.WorkflowList{})
|
||||
_ = SchemeBuilder.AddToScheme(k8sscheme.Scheme)
|
||||
}
|
||||
|
||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource
|
||||
func Resource(resource string) schema.GroupResource {
|
||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
||||
}
|
||||
|
||||
@@ -18,7 +18,7 @@ package v1alpha1
|
||||
|
||||
import (
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
stringslices "k8s.io/utils/strings/slices"
|
||||
|
||||
"github.com/oam-dev/kubevela/pkg/oam"
|
||||
@@ -52,7 +52,7 @@ func (in *ResourcePolicyRuleSelector) Match(manifest *unstructured.Unstructured)
|
||||
if len(src) == 0 {
|
||||
return nil
|
||||
}
|
||||
return pointer.Bool(val != "" && stringslices.Contains(src, val))
|
||||
return ptr.To(val != "" && stringslices.Contains(src, val))
|
||||
}
|
||||
conditions := []*bool{
|
||||
match(in.CompNames, compName),
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright 2023 The KubeVela Authors.
|
||||
|
||||
@@ -27,6 +27,9 @@ import (
|
||||
|
||||
// ComponentDefinitionSpec defines the desired state of ComponentDefinition
|
||||
type ComponentDefinitionSpec struct {
|
||||
// +optional
|
||||
Version string `json:"version,omitempty"`
|
||||
|
||||
// Workload is a workload type descriptor
|
||||
Workload common.WorkloadTypeDescriptor `json:"workload"`
|
||||
|
||||
|
||||
@@ -164,6 +164,9 @@ type TraitDefinitionSpec struct {
|
||||
// pre-process and post-process respectively.
|
||||
// +optional
|
||||
Stage StageType `json:"stage,omitempty"`
|
||||
|
||||
// +optional
|
||||
Version string `json:"version,omitempty"`
|
||||
}
|
||||
|
||||
// StageType describes how the manifests should be dispatched.
|
||||
|
||||
@@ -37,6 +37,9 @@ type PolicyDefinitionSpec struct {
|
||||
// ManageHealthCheck means the policy will handle health checking and skip application controller
|
||||
// built-in health checking.
|
||||
ManageHealthCheck bool `json:"manageHealthCheck,omitempty"`
|
||||
|
||||
//+optional
|
||||
Version string `json:"version,omitempty"`
|
||||
}
|
||||
|
||||
// PolicyDefinitionStatus is the status of PolicyDefinition
|
||||
|
||||
@@ -49,6 +49,7 @@ var (
|
||||
ComponentDefinitionGroupKind = schema.GroupKind{Group: Group, Kind: ComponentDefinitionKind}.String()
|
||||
ComponentDefinitionKindAPIVersion = ComponentDefinitionKind + "." + SchemeGroupVersion.String()
|
||||
ComponentDefinitionGroupVersionKind = SchemeGroupVersion.WithKind(ComponentDefinitionKind)
|
||||
ComponentDefinitionGVR = SchemeGroupVersion.WithResource("componentdefinitions")
|
||||
)
|
||||
|
||||
// WorkloadDefinition type metadata.
|
||||
@@ -65,6 +66,7 @@ var (
|
||||
TraitDefinitionGroupKind = schema.GroupKind{Group: Group, Kind: TraitDefinitionKind}.String()
|
||||
TraitDefinitionKindAPIVersion = TraitDefinitionKind + "." + SchemeGroupVersion.String()
|
||||
TraitDefinitionGroupVersionKind = SchemeGroupVersion.WithKind(TraitDefinitionKind)
|
||||
TraitDefinitionGVR = SchemeGroupVersion.WithResource("traitdefinitions")
|
||||
)
|
||||
|
||||
// PolicyDefinition type metadata.
|
||||
@@ -73,6 +75,7 @@ var (
|
||||
PolicyDefinitionGroupKind = schema.GroupKind{Group: Group, Kind: PolicyDefinitionKind}.String()
|
||||
PolicyDefinitionKindAPIVersion = PolicyDefinitionKind + "." + SchemeGroupVersion.String()
|
||||
PolicyDefinitionGroupVersionKind = SchemeGroupVersion.WithKind(PolicyDefinitionKind)
|
||||
PolicyDefinitionGVR = SchemeGroupVersion.WithResource("policydefinitions")
|
||||
)
|
||||
|
||||
// WorkflowStepDefinition type metadata.
|
||||
@@ -81,6 +84,7 @@ var (
|
||||
WorkflowStepDefinitionGroupKind = schema.GroupKind{Group: Group, Kind: WorkflowStepDefinitionKind}.String()
|
||||
WorkflowStepDefinitionKindAPIVersion = WorkflowStepDefinitionKind + "." + SchemeGroupVersion.String()
|
||||
WorkflowStepDefinitionGroupVersionKind = SchemeGroupVersion.WithKind(WorkflowStepDefinitionKind)
|
||||
WorkflowStepDefinitionGVR = SchemeGroupVersion.WithResource("workflowstepdefinitions")
|
||||
)
|
||||
|
||||
// DefinitionRevision type metadata.
|
||||
@@ -115,6 +119,20 @@ var (
|
||||
ResourceTrackerKindVersionKind = SchemeGroupVersion.WithKind(ResourceTrackerKind)
|
||||
)
|
||||
|
||||
// DefinitionTypeInfo contains the mapping information for a definition type
|
||||
type DefinitionTypeInfo struct {
|
||||
GVR schema.GroupVersionResource
|
||||
Kind string
|
||||
}
|
||||
|
||||
// DefinitionTypeMap maps definition types to their corresponding GVR and Kind
|
||||
var DefinitionTypeMap = map[reflect.Type]DefinitionTypeInfo{
|
||||
reflect.TypeOf(ComponentDefinition{}): {GVR: ComponentDefinitionGVR, Kind: ComponentDefinitionKind},
|
||||
reflect.TypeOf(TraitDefinition{}): {GVR: TraitDefinitionGVR, Kind: TraitDefinitionKind},
|
||||
reflect.TypeOf(PolicyDefinition{}): {GVR: PolicyDefinitionGVR, Kind: PolicyDefinitionKind},
|
||||
reflect.TypeOf(WorkflowStepDefinition{}): {GVR: WorkflowStepDefinitionGVR, Kind: WorkflowStepDefinitionKind},
|
||||
}
|
||||
|
||||
func init() {
|
||||
SchemeBuilder.Register(&ComponentDefinition{}, &ComponentDefinitionList{})
|
||||
SchemeBuilder.Register(&WorkloadDefinition{}, &WorkloadDefinitionList{})
|
||||
|
||||
117
apis/core.oam.dev/v1beta1/register_test.go
Normal file
117
apis/core.oam.dev/v1beta1/register_test.go
Normal file
@@ -0,0 +1,117 @@
|
||||
/*
|
||||
Copyright 2025 The KubeVela Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1beta1
|
||||
|
||||
import (
|
||||
"reflect"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
)
|
||||
|
||||
func TestDefinitionTypeMap(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
defType reflect.Type
|
||||
expectedGVR schema.GroupVersionResource
|
||||
expectedKind string
|
||||
}{
|
||||
{
|
||||
name: "ComponentDefinition",
|
||||
defType: reflect.TypeOf(ComponentDefinition{}),
|
||||
expectedGVR: ComponentDefinitionGVR,
|
||||
expectedKind: ComponentDefinitionKind,
|
||||
},
|
||||
{
|
||||
name: "TraitDefinition",
|
||||
defType: reflect.TypeOf(TraitDefinition{}),
|
||||
expectedGVR: TraitDefinitionGVR,
|
||||
expectedKind: TraitDefinitionKind,
|
||||
},
|
||||
{
|
||||
name: "PolicyDefinition",
|
||||
defType: reflect.TypeOf(PolicyDefinition{}),
|
||||
expectedGVR: PolicyDefinitionGVR,
|
||||
expectedKind: PolicyDefinitionKind,
|
||||
},
|
||||
{
|
||||
name: "WorkflowStepDefinition",
|
||||
defType: reflect.TypeOf(WorkflowStepDefinition{}),
|
||||
expectedGVR: WorkflowStepDefinitionGVR,
|
||||
expectedKind: WorkflowStepDefinitionKind,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
info, ok := DefinitionTypeMap[tt.defType]
|
||||
assert.Truef(t, ok, "Type %v should exist in DefinitionTypeMap", tt.defType)
|
||||
assert.Equal(t, tt.expectedGVR, info.GVR)
|
||||
assert.Equal(t, tt.expectedKind, info.Kind)
|
||||
|
||||
// Verify GVR follows Kubernetes conventions
|
||||
assert.Equal(t, Group, info.GVR.Group)
|
||||
assert.Equal(t, Version, info.GVR.Version)
|
||||
// Resource should be lowercase plural of Kind
|
||||
assert.Equal(t, strings.ToLower(info.Kind)+"s", info.GVR.Resource)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestDefinitionTypeMapCompleteness(t *testing.T) {
|
||||
// Ensure all expected definition types are in the map
|
||||
expectedTypes := []reflect.Type{
|
||||
reflect.TypeOf(ComponentDefinition{}),
|
||||
reflect.TypeOf(TraitDefinition{}),
|
||||
reflect.TypeOf(PolicyDefinition{}),
|
||||
reflect.TypeOf(WorkflowStepDefinition{}),
|
||||
}
|
||||
|
||||
assert.Equal(t, len(expectedTypes), len(DefinitionTypeMap), "DefinitionTypeMap should contain exactly %d entries", len(expectedTypes))
|
||||
|
||||
for _, expectedType := range expectedTypes {
|
||||
_, ok := DefinitionTypeMap[expectedType]
|
||||
assert.Truef(t, ok, "DefinitionTypeMap should contain %v", expectedType)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDefinitionKindValues(t *testing.T) {
|
||||
// Verify that the Kind values match the actual type names
|
||||
tests := []struct {
|
||||
defType interface{}
|
||||
expectedKind string
|
||||
}{
|
||||
{ComponentDefinition{}, "ComponentDefinition"},
|
||||
{TraitDefinition{}, "TraitDefinition"},
|
||||
{PolicyDefinition{}, "PolicyDefinition"},
|
||||
{WorkflowStepDefinition{}, "WorkflowStepDefinition"},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.expectedKind, func(t *testing.T) {
|
||||
actualKind := reflect.TypeOf(tt.defType).Name()
|
||||
assert.Equal(t, tt.expectedKind, actualKind)
|
||||
|
||||
// Also verify it matches what's in the map
|
||||
info, ok := DefinitionTypeMap[reflect.TypeOf(tt.defType)]
|
||||
assert.True(t, ok)
|
||||
assert.Equal(t, tt.expectedKind, info.Kind)
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -31,7 +31,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/utils/ptr"
|
||||
|
||||
"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
|
||||
"github.com/oam-dev/kubevela/pkg/oam"
|
||||
@@ -133,7 +133,7 @@ func TestManagedResourceKeys(t *testing.T) {
|
||||
r.Equal("cluster/component", input.ComponentKey())
|
||||
r.Equal("Deployment name (Cluster: cluster, Namespace: namespace)", input.DisplayName())
|
||||
var deploy1, deploy2 appsv1.Deployment
|
||||
deploy1.Spec.Replicas = pointer.Int32(5)
|
||||
deploy1.Spec.Replicas = ptr.To(int32(5))
|
||||
bs, err := json.Marshal(deploy1)
|
||||
r.NoError(err)
|
||||
r.ErrorIs(input.UnmarshalTo(&deploy2), errors.ManagedResourceHasNoDataError{})
|
||||
@@ -168,7 +168,7 @@ func TestResourceTracker_ManagedResource(t *testing.T) {
|
||||
pod3 := corev1.Pod{ObjectMeta: metav1.ObjectMeta{Name: "pod3"}}
|
||||
input.AddManagedResource(&pod3, false, false, "")
|
||||
r.Equal(3, len(input.Spec.ManagedResources))
|
||||
deploy1.Spec.Replicas = pointer.Int32(5)
|
||||
deploy1.Spec.Replicas = ptr.To(int32(5))
|
||||
input.AddManagedResource(&deploy1, false, false, "")
|
||||
r.Equal(3, len(input.Spec.ManagedResources))
|
||||
input.DeleteManagedResource(&cm2, false)
|
||||
@@ -203,7 +203,7 @@ func TestResourceTrackerCompression(t *testing.T) {
|
||||
"../../../charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml",
|
||||
"../../../charts/vela-core/templates/kubevela-controller.yaml",
|
||||
"../../../charts/vela-core/README.md",
|
||||
"../../../pkg/velaql/providers/query/testdata/machinelearning.seldon.io_seldondeployments.yaml",
|
||||
"../../../pkg/workflow/providers/legacy/query/testdata/machinelearning.seldon.io_seldondeployments.yaml",
|
||||
}
|
||||
for _, p := range paths {
|
||||
b, err := os.ReadFile(p)
|
||||
|
||||
@@ -33,6 +33,9 @@ type WorkflowStepDefinitionSpec struct {
|
||||
// Only CUE schematic is supported for now.
|
||||
// +optional
|
||||
Schematic *common.Schematic `json:"schematic,omitempty"`
|
||||
|
||||
// +optional
|
||||
Version string `json:"version,omitempty"`
|
||||
}
|
||||
|
||||
// WorkflowStepDefinitionStatus is the status of WorkflowStepDefinition
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright 2023 The KubeVela Authors.
|
||||
@@ -147,7 +146,8 @@ func (in *ApplicationRevisionCompressibleFields) DeepCopyInto(out *ApplicationRe
|
||||
if val == nil {
|
||||
(*out)[key] = nil
|
||||
} else {
|
||||
in, out := &val, &outVal
|
||||
inVal := (*in)[key]
|
||||
in, out := &inVal, &outVal
|
||||
*out = new(ComponentDefinition)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
@@ -169,7 +169,8 @@ func (in *ApplicationRevisionCompressibleFields) DeepCopyInto(out *ApplicationRe
|
||||
if val == nil {
|
||||
(*out)[key] = nil
|
||||
} else {
|
||||
in, out := &val, &outVal
|
||||
inVal := (*in)[key]
|
||||
in, out := &inVal, &outVal
|
||||
*out = new(TraitDefinition)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
@@ -191,7 +192,8 @@ func (in *ApplicationRevisionCompressibleFields) DeepCopyInto(out *ApplicationRe
|
||||
if val == nil {
|
||||
(*out)[key] = nil
|
||||
} else {
|
||||
in, out := &val, &outVal
|
||||
inVal := (*in)[key]
|
||||
in, out := &inVal, &outVal
|
||||
*out = new(WorkflowStepDefinition)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
@@ -550,6 +552,22 @@ func (in *DefinitionRevisionSpec) DeepCopy() *DefinitionRevisionSpec {
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *DefinitionTypeInfo) DeepCopyInto(out *DefinitionTypeInfo) {
|
||||
*out = *in
|
||||
out.GVR = in.GVR
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefinitionTypeInfo.
|
||||
func (in *DefinitionTypeInfo) DeepCopy() *DefinitionTypeInfo {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(DefinitionTypeInfo)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ManagedResource) DeepCopyInto(out *ManagedResource) {
|
||||
*out = *in
|
||||
|
||||
@@ -48,12 +48,14 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
|
||||
|
||||
### KubeVela workflow parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------- | ------------------------------------------------------ | ------- |
|
||||
| `workflow.enableSuspendOnFailure` | Enable suspend on workflow failure | `false` |
|
||||
| `workflow.backoff.maxTime.waitState` | The max backoff time of workflow in a wait condition | `60` |
|
||||
| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300` |
|
||||
| `workflow.step.errorRetryTimes` | The max retry times of a failed workflow step | `10` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------- | ------------------------------------------------------- | ------- |
|
||||
| `workflow.enableSuspendOnFailure` | Enable suspend on workflow failure | `false` |
|
||||
| `workflow.enableExternalPackageForDefaultCompiler` | Enable external package for default cuex compiler | `true` |
|
||||
| `workflow.enableExternalPackageWatchForDefaultCompiler` | Enable external package watch for default cuex compiler | `false` |
|
||||
| `workflow.backoff.maxTime.waitState` | The max backoff time of workflow in a wait condition | `60` |
|
||||
| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300` |
|
||||
| `workflow.step.errorRetryTimes` | The max retry times of a failed workflow step | `10` |
|
||||
|
||||
### KubeVela controller parameters
|
||||
|
||||
@@ -96,26 +98,31 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
|
||||
| `featureGates.informerCacheFilterUnnecessaryFields` | filter unnecessary fields for informer cache | `true` |
|
||||
| `featureGates.sharedDefinitionStorageForApplicationRevision` | use definition cache to reduce duplicated definition storage for application revision, must be used with InformerCacheFilterUnnecessaryFields | `true` |
|
||||
| `featureGates.disableWorkflowContextConfigMapCache` | disable the workflow context's configmap informer cache | `true` |
|
||||
| `featureGates.enableCueValidation` | enable the strict cue validation for cue required parameter fields | `false` |
|
||||
| `featureGates.enableApplicationStatusMetrics` | enable application status metrics and structured logging | `false` |
|
||||
| `featureGates.validateResourcesExist` | enable webhook validation to check if resource types referenced in definition templates exist in the cluster | `false` |
|
||||
|
||||
### MultiCluster parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------- | -------------------------------- |
|
||||
| `multicluster.enabled` | Whether to enable multi-cluster | `true` |
|
||||
| `multicluster.metrics.enabled` | Whether to enable multi-cluster metrics collect | `false` |
|
||||
| `multicluster.clusterGateway.direct` | controller will connect to ClusterGateway directly instead of going to Kubernetes APIServer | `true` |
|
||||
| `multicluster.clusterGateway.replicaCount` | ClusterGateway replica count | `1` |
|
||||
| `multicluster.clusterGateway.port` | ClusterGateway port | `9443` |
|
||||
| `multicluster.clusterGateway.image.repository` | ClusterGateway image repository | `oamdev/cluster-gateway` |
|
||||
| `multicluster.clusterGateway.image.tag` | ClusterGateway image tag | `v1.9.0-alpha.2` |
|
||||
| `multicluster.clusterGateway.image.pullPolicy` | ClusterGateway image pull policy | `IfNotPresent` |
|
||||
| `multicluster.clusterGateway.resources.requests.cpu` | ClusterGateway cpu request | `50m` |
|
||||
| `multicluster.clusterGateway.resources.requests.memory` | ClusterGateway memory request | `20Mi` |
|
||||
| `multicluster.clusterGateway.resources.limits.cpu` | ClusterGateway cpu limit | `500m` |
|
||||
| `multicluster.clusterGateway.resources.limits.memory` | ClusterGateway memory limit | `200Mi` |
|
||||
| `multicluster.clusterGateway.secureTLS.enabled` | Whether to enable secure TLS | `true` |
|
||||
| `multicluster.clusterGateway.secureTLS.certPath` | Path to the certificate file | `/etc/k8s-cluster-gateway-certs` |
|
||||
| `multicluster.clusterGateway.secureTLS.certManager.enabled` | Whether to enable cert-manager | `false` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | -------------------------------- |
|
||||
| `multicluster.enabled` | Whether to enable multi-cluster | `true` |
|
||||
| `multicluster.metrics.enabled` | Whether to enable multi-cluster metrics collect | `false` |
|
||||
| `multicluster.clusterGateway.direct` | controller will connect to ClusterGateway directly instead of going to Kubernetes APIServer | `true` |
|
||||
| `multicluster.clusterGateway.replicaCount` | ClusterGateway replica count | `1` |
|
||||
| `multicluster.clusterGateway.port` | ClusterGateway port | `9443` |
|
||||
| `multicluster.clusterGateway.image.repository` | ClusterGateway image repository | `oamdev/cluster-gateway` |
|
||||
| `multicluster.clusterGateway.image.tag` | ClusterGateway image tag | `v1.9.0-alpha.2` |
|
||||
| `multicluster.clusterGateway.image.pullPolicy` | ClusterGateway image pull policy | `IfNotPresent` |
|
||||
| `multicluster.clusterGateway.resources.requests.cpu` | ClusterGateway cpu request | `50m` |
|
||||
| `multicluster.clusterGateway.resources.requests.memory` | ClusterGateway memory request | `20Mi` |
|
||||
| `multicluster.clusterGateway.resources.limits.cpu` | ClusterGateway cpu limit | `500m` |
|
||||
| `multicluster.clusterGateway.resources.limits.memory` | ClusterGateway memory limit | `200Mi` |
|
||||
| `multicluster.clusterGateway.secureTLS.enabled` | Whether to enable secure TLS | `true` |
|
||||
| `multicluster.clusterGateway.secureTLS.certPath` | Path to the certificate file | `/etc/k8s-cluster-gateway-certs` |
|
||||
| `multicluster.clusterGateway.secureTLS.certManager.enabled` | Whether to enable cert-manager | `false` |
|
||||
| `multicluster.clusterGateway.serviceMonitor.enabled` | Whether to enable service monitor | `false` |
|
||||
| `multicluster.clusterGateway.serviceMonitor.additionalLabels` | Additional labels for service monitor | `{}` |
|
||||
|
||||
### Test parameters
|
||||
|
||||
@@ -128,29 +135,34 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
|
||||
|
||||
### Common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------- |
|
||||
| `imagePullSecrets` | Image pull secrets | `[]` |
|
||||
| `nameOverride` | Override name | `""` |
|
||||
| `fullnameOverride` | Fullname override | `""` |
|
||||
| `serviceAccount.create` | Specifies whether a service account should be created | `true` |
|
||||
| `serviceAccount.annotations` | Annotations to add to the service account | `{}` |
|
||||
| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `nil` |
|
||||
| `nodeSelector` | Node selector | `{}` |
|
||||
| `tolerations` | Tolerations | `[]` |
|
||||
| `affinity` | Affinity | `{}` |
|
||||
| `rbac.create` | Specifies whether a RBAC role should be created | `true` |
|
||||
| `logDebug` | Enable debug logs for development purpose | `false` |
|
||||
| `logFilePath` | If non-empty, write log files in this path | `""` |
|
||||
| `logFileMaxSize` | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | `1024` |
|
||||
| `kubeClient.qps` | The qps for reconcile clients | `400` |
|
||||
| `kubeClient.burst` | The burst for reconcile clients | `600` |
|
||||
| `authentication.enabled` | Enable authentication for application | `false` |
|
||||
| `authentication.withUser` | Application authentication will impersonate as the request User | `true` |
|
||||
| `authentication.defaultUser` | Application authentication will impersonate as the User if no user provided in Application | `kubevela:vela-core` |
|
||||
| `authentication.groupPattern` | Application authentication will impersonate as the request Group that matches the pattern | `kubevela:*` |
|
||||
| `sharding.enabled` | When sharding enabled, the controller will run as master mode. Refer to https://github.com/kubevela/kubevela/blob/master/design/vela-core/sharding.md for details. | `false` |
|
||||
| `sharding.schedulableShards` | The shards available for scheduling. If empty, dynamic discovery will be used. | `""` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------- |
|
||||
| `imagePullSecrets` | Image pull secrets | `[]` |
|
||||
| `nameOverride` | Override name | `""` |
|
||||
| `fullnameOverride` | Fullname override | `""` |
|
||||
| `serviceAccount.create` | Specifies whether a service account should be created | `true` |
|
||||
| `serviceAccount.annotations` | Annotations to add to the service account | `{}` |
|
||||
| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `nil` |
|
||||
| `nodeSelector` | Node selector | `{}` |
|
||||
| `tolerations` | Tolerations | `[]` |
|
||||
| `affinity` | Affinity | `{}` |
|
||||
| `rbac.create` | Specifies whether a RBAC role should be created | `true` |
|
||||
| `logDebug` | Enable debug logs for development purpose | `false` |
|
||||
| `devLogs` | Enable formatted logging support for development purpose | `false` |
|
||||
| `logFilePath` | If non-empty, write log files in this path | `""` |
|
||||
| `logFileMaxSize` | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | `1024` |
|
||||
| `kubeClient.qps` | The qps for reconcile clients | `400` |
|
||||
| `kubeClient.burst` | The burst for reconcile clients | `600` |
|
||||
| `authentication.enabled` | Enable authentication framework for applications | `false` |
|
||||
| `authentication.withUser` | Application authentication will impersonate as the request User (must be true for security) | `true` |
|
||||
| `authentication.defaultUser` | Application authentication will impersonate as the User if no user provided or withUser is false | `kubevela:vela-core` |
|
||||
| `authentication.groupPattern` | Application authentication will impersonate as the request Group that matches the pattern | `kubevela:*` |
|
||||
| `authorization.definitionValidationEnabled` | Enable definition permission validation for RBAC checks on definitions | `false` |
|
||||
| `sharding.enabled` | When sharding enabled, the controller will run as master mode. Refer to https://github.com/kubevela/kubevela/blob/master/design/vela-core/sharding.md for details. | `false` |
|
||||
| `sharding.schedulableShards` | The shards available for scheduling. If empty, dynamic discovery will be used. | `""` |
|
||||
| `core.metrics.enabled` | Enable metrics for vela-core | `false` |
|
||||
| `core.metrics.serviceMonitor.enabled` | Enable service monitor for metrics | `false` |
|
||||
| `core.metrics.serviceMonitor.additionalLabels` | Additional labels for service monitor | `{}` |
|
||||
|
||||
|
||||
## Uninstallation
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -3,7 +3,7 @@ kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/inject-ca-from: vela-system/kubevela-vela-core-root-cert
|
||||
controller-gen.kubebuilder.io/version: v0.11.4
|
||||
controller-gen.kubebuilder.io/version: v0.16.5
|
||||
name: applications.core.oam.dev
|
||||
spec:
|
||||
group: core.oam.dev
|
||||
@@ -44,14 +44,19 @@ spec:
|
||||
description: Application is the Schema for the applications API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -104,10 +109,9 @@ spec:
|
||||
scopes:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: scopes in ApplicationComponent defines the component-level
|
||||
scopes the format is <scope-type:scope-instance-name> pairs,
|
||||
the key represents type of `ScopeDefinition` while the value
|
||||
represent the name of scope instance.
|
||||
description: |-
|
||||
scopes in ApplicationComponent defines the component-level scopes
|
||||
the format is <scope-type:scope-instance-name> pairs, the key represents type of `ScopeDefinition` while the value represent the name of scope instance.
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
traits:
|
||||
@@ -133,10 +137,10 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
policies:
|
||||
description: Policies defines the global policies for all components
|
||||
in the app, e.g. security, metrics, gitops, multi-cluster placement
|
||||
rules, etc. Policies are applied after components are rendered and
|
||||
before workflow steps are executed.
|
||||
description: |-
|
||||
Policies defines the global policies for all components in the app, e.g. security, metrics, gitops,
|
||||
multi-cluster placement rules, etc.
|
||||
Policies are applied after components are rendered and before workflow steps are executed.
|
||||
items:
|
||||
description: AppPolicy defines a global policy for all components
|
||||
in the app.
|
||||
@@ -155,11 +159,12 @@ spec:
|
||||
type: object
|
||||
type: array
|
||||
workflow:
|
||||
description: 'Workflow defines how to customize the control logic.
|
||||
If workflow is specified, Vela won''t apply any resource, but provide
|
||||
rendered output in AppRevision. Workflow steps are executed in array
|
||||
order, and each step: - will have a context in annotation. - should
|
||||
mark "finish" phase in status.conditions.'
|
||||
description: |-
|
||||
Workflow defines how to customize the control logic.
|
||||
If workflow is specified, Vela won't apply any resource, but provide rendered output in AppRevision.
|
||||
Workflow steps are executed in array order, and each step:
|
||||
- will have a context in annotation.
|
||||
- should mark "finish" phase in status.conditions.
|
||||
properties:
|
||||
mode:
|
||||
description: WorkflowExecuteMode defines the mode of workflow
|
||||
@@ -332,33 +337,39 @@ spec:
|
||||
creator:
|
||||
type: string
|
||||
fieldPath:
|
||||
description: 'If referring to a piece of an object instead of
|
||||
an entire object, this string should contain a valid JSON/Go
|
||||
field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within
|
||||
a pod, this would take on a value like: "spec.containers{name}"
|
||||
(where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]"
|
||||
(container with index 2 in this pod). This syntax is chosen
|
||||
only to have some well-defined way of referencing a part of
|
||||
an object. TODO: this design is not final and this field is
|
||||
subject to change in the future.'
|
||||
description: |-
|
||||
If referring to a piece of an object instead of an entire object, this string
|
||||
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within a pod, this would take on a value like:
|
||||
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]" (container with
|
||||
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
||||
referencing a part of an object.
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind of the referent.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
||||
description: |-
|
||||
Namespace of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
||||
type: string
|
||||
resourceVersion:
|
||||
description: 'Specific resourceVersion to which this reference
|
||||
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
||||
description: |-
|
||||
Specific resourceVersion to which this reference is made, if any.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
type: string
|
||||
uid:
|
||||
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
||||
description: |-
|
||||
UID of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
@@ -367,63 +378,46 @@ spec:
|
||||
description: Components record the related Components created by Application
|
||||
Controller
|
||||
items:
|
||||
description: "ObjectReference contains enough information to let
|
||||
you inspect or modify the referred object. --- New uses of this
|
||||
type are discouraged because of difficulty describing its usage
|
||||
when embedded in APIs. 1. Ignored fields. It includes many fields
|
||||
which are not generally honored. For instance, ResourceVersion
|
||||
and FieldPath are both very rarely valid in actual usage. 2. Invalid
|
||||
usage help. It is impossible to add specific help for individual
|
||||
usage. In most embedded usages, there are particular restrictions
|
||||
like, \"must refer only to types A and B\" or \"UID not honored\"
|
||||
or \"name must be restricted\". Those cannot be well described
|
||||
when embedded. 3. Inconsistent validation. Because the usages
|
||||
are different, the validation rules are different by usage, which
|
||||
makes it hard for users to predict what will happen. 4. The fields
|
||||
are both imprecise and overly precise. Kind is not a precise
|
||||
mapping to a URL. This can produce ambiguity during interpretation
|
||||
and require a REST mapping. In most cases, the dependency is
|
||||
on the group,resource tuple and the version of the actual struct
|
||||
is irrelevant. 5. We cannot easily change it. Because this type
|
||||
is embedded in many locations, updates to this type will affect
|
||||
numerous schemas. Don't make new APIs embed an underspecified
|
||||
API type they do not control. \n Instead of using this type, create
|
||||
a locally provided and used type that is well-focused on your
|
||||
reference. For example, ServiceReferences for admission registration:
|
||||
https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
|
||||
."
|
||||
description: ObjectReference contains enough information to let
|
||||
you inspect or modify the referred object.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: API version of the referent.
|
||||
type: string
|
||||
fieldPath:
|
||||
description: 'If referring to a piece of an object instead of
|
||||
an entire object, this string should contain a valid JSON/Go
|
||||
field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within
|
||||
a pod, this would take on a value like: "spec.containers{name}"
|
||||
(where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]"
|
||||
(container with index 2 in this pod). This syntax is chosen
|
||||
only to have some well-defined way of referencing a part of
|
||||
an object. TODO: this design is not final and this field is
|
||||
subject to change in the future.'
|
||||
description: |-
|
||||
If referring to a piece of an object instead of an entire object, this string
|
||||
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within a pod, this would take on a value like:
|
||||
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]" (container with
|
||||
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
||||
referencing a part of an object.
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind of the referent.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
||||
description: |-
|
||||
Namespace of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
||||
type: string
|
||||
resourceVersion:
|
||||
description: 'Specific resourceVersion to which this reference
|
||||
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
||||
description: |-
|
||||
Specific resourceVersion to which this reference is made, if any.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
type: string
|
||||
uid:
|
||||
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
||||
description: |-
|
||||
UID of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
@@ -434,13 +428,15 @@ spec:
|
||||
description: A Condition that may apply to a resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the last time this condition
|
||||
transitioned from one status to another.
|
||||
description: |-
|
||||
LastTransitionTime is the last time this condition transitioned from one
|
||||
status to another.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A Message containing details about this condition's
|
||||
last transition from one status to another, if any.
|
||||
description: |-
|
||||
A Message containing details about this condition's last transition from
|
||||
one status to another, if any.
|
||||
type: string
|
||||
reason:
|
||||
description: A Reason for this condition's last transition from
|
||||
@@ -451,8 +447,9 @@ spec:
|
||||
False, or Unknown?
|
||||
type: string
|
||||
type:
|
||||
description: Type of this condition. At most one of each condition
|
||||
type may apply to a resource at any point in time.
|
||||
description: |-
|
||||
Type of this condition. At most one of each condition type may apply to
|
||||
a resource at any point in time.
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
@@ -482,10 +479,13 @@ spec:
|
||||
format: int64
|
||||
type: integer
|
||||
policy:
|
||||
description: PolicyStatus records the status of policy Deprecated
|
||||
This field is only used by EnvBinding Policy which is deprecated.
|
||||
description: |-
|
||||
PolicyStatus records the status of policy
|
||||
Deprecated This field is only used by EnvBinding Policy which is deprecated.
|
||||
items:
|
||||
description: PolicyStatus records the status of policy Deprecated
|
||||
description: |-
|
||||
PolicyStatus records the status of policy
|
||||
Deprecated
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
@@ -507,6 +507,10 @@ spec:
|
||||
properties:
|
||||
cluster:
|
||||
type: string
|
||||
details:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
env:
|
||||
type: string
|
||||
healthy:
|
||||
@@ -519,66 +523,46 @@ spec:
|
||||
type: string
|
||||
scopes:
|
||||
items:
|
||||
description: "ObjectReference contains enough information
|
||||
to let you inspect or modify the referred object. --- New
|
||||
uses of this type are discouraged because of difficulty
|
||||
describing its usage when embedded in APIs. 1. Ignored fields.
|
||||
\ It includes many fields which are not generally honored.
|
||||
\ For instance, ResourceVersion and FieldPath are both very
|
||||
rarely valid in actual usage. 2. Invalid usage help. It
|
||||
is impossible to add specific help for individual usage.
|
||||
\ In most embedded usages, there are particular restrictions
|
||||
like, \"must refer only to types A and B\" or \"UID not
|
||||
honored\" or \"name must be restricted\". Those cannot be
|
||||
well described when embedded. 3. Inconsistent validation.
|
||||
\ Because the usages are different, the validation rules
|
||||
are different by usage, which makes it hard for users to
|
||||
predict what will happen. 4. The fields are both imprecise
|
||||
and overly precise. Kind is not a precise mapping to a
|
||||
URL. This can produce ambiguity during interpretation and
|
||||
require a REST mapping. In most cases, the dependency is
|
||||
on the group,resource tuple and the version of the actual
|
||||
struct is irrelevant. 5. We cannot easily change it. Because
|
||||
this type is embedded in many locations, updates to this
|
||||
type will affect numerous schemas. Don't make new APIs
|
||||
embed an underspecified API type they do not control. \n
|
||||
Instead of using this type, create a locally provided and
|
||||
used type that is well-focused on your reference. For example,
|
||||
ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
|
||||
."
|
||||
description: ObjectReference contains enough information to
|
||||
let you inspect or modify the referred object.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: API version of the referent.
|
||||
type: string
|
||||
fieldPath:
|
||||
description: 'If referring to a piece of an object instead
|
||||
of an entire object, this string should contain a valid
|
||||
JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container
|
||||
within a pod, this would take on a value like: "spec.containers{name}"
|
||||
(where "name" refers to the name of the container that
|
||||
triggered the event) or if no container name is specified
|
||||
"spec.containers[2]" (container with index 2 in this
|
||||
pod). This syntax is chosen only to have some well-defined
|
||||
way of referencing a part of an object. TODO: this design
|
||||
is not final and this field is subject to change in
|
||||
the future.'
|
||||
description: |-
|
||||
If referring to a piece of an object instead of an entire object, this string
|
||||
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within a pod, this would take on a value like:
|
||||
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]" (container with
|
||||
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
||||
referencing a part of an object.
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind of the referent.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
||||
description: |-
|
||||
Namespace of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
||||
type: string
|
||||
resourceVersion:
|
||||
description: 'Specific resourceVersion to which this reference
|
||||
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
||||
description: |-
|
||||
Specific resourceVersion to which this reference is made, if any.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
type: string
|
||||
uid:
|
||||
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
||||
description: |-
|
||||
UID of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
@@ -588,6 +572,10 @@ spec:
|
||||
description: ApplicationTraitStatus records the trait health
|
||||
status
|
||||
properties:
|
||||
details:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
healthy:
|
||||
type: boolean
|
||||
message:
|
||||
@@ -626,63 +614,46 @@ spec:
|
||||
appRevision:
|
||||
type: string
|
||||
contextBackend:
|
||||
description: "ObjectReference contains enough information to let
|
||||
you inspect or modify the referred object. --- New uses of this
|
||||
type are discouraged because of difficulty describing its usage
|
||||
when embedded in APIs. 1. Ignored fields. It includes many
|
||||
fields which are not generally honored. For instance, ResourceVersion
|
||||
and FieldPath are both very rarely valid in actual usage. 2.
|
||||
Invalid usage help. It is impossible to add specific help for
|
||||
individual usage. In most embedded usages, there are particular
|
||||
restrictions like, \"must refer only to types A and B\" or \"UID
|
||||
not honored\" or \"name must be restricted\". Those cannot be
|
||||
well described when embedded. 3. Inconsistent validation. Because
|
||||
the usages are different, the validation rules are different
|
||||
by usage, which makes it hard for users to predict what will
|
||||
happen. 4. The fields are both imprecise and overly precise.
|
||||
\ Kind is not a precise mapping to a URL. This can produce ambiguity
|
||||
during interpretation and require a REST mapping. In most cases,
|
||||
the dependency is on the group,resource tuple and the version
|
||||
of the actual struct is irrelevant. 5. We cannot easily change
|
||||
it. Because this type is embedded in many locations, updates
|
||||
to this type will affect numerous schemas. Don't make new APIs
|
||||
embed an underspecified API type they do not control. \n Instead
|
||||
of using this type, create a locally provided and used type
|
||||
that is well-focused on your reference. For example, ServiceReferences
|
||||
for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
|
||||
."
|
||||
description: ObjectReference contains enough information to let
|
||||
you inspect or modify the referred object.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: API version of the referent.
|
||||
type: string
|
||||
fieldPath:
|
||||
description: 'If referring to a piece of an object instead
|
||||
of an entire object, this string should contain a valid
|
||||
JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within
|
||||
a pod, this would take on a value like: "spec.containers{name}"
|
||||
(where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]"
|
||||
(container with index 2 in this pod). This syntax is chosen
|
||||
only to have some well-defined way of referencing a part
|
||||
of an object. TODO: this design is not final and this field
|
||||
is subject to change in the future.'
|
||||
description: |-
|
||||
If referring to a piece of an object instead of an entire object, this string
|
||||
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within a pod, this would take on a value like:
|
||||
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]" (container with
|
||||
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
||||
referencing a part of an object.
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind of the referent.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
||||
description: |-
|
||||
Namespace of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
||||
type: string
|
||||
resourceVersion:
|
||||
description: 'Specific resourceVersion to which this reference
|
||||
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
||||
description: |-
|
||||
Specific resourceVersion to which this reference is made, if any.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
type: string
|
||||
uid:
|
||||
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
||||
description: |-
|
||||
UID of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
|
||||
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.4
|
||||
controller-gen.kubebuilder.io/version: v0.16.5
|
||||
name: componentdefinitions.core.oam.dev
|
||||
spec:
|
||||
group: core.oam.dev
|
||||
@@ -32,14 +32,19 @@ spec:
|
||||
API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -76,14 +81,14 @@ spec:
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
podSpecPath:
|
||||
description: PodSpecPath indicates where/if this workload has K8s
|
||||
podSpec field if one workload has podSpec, trait can do lot's of
|
||||
assumption such as port, env, volume fields.
|
||||
description: |-
|
||||
PodSpecPath indicates where/if this workload has K8s podSpec field
|
||||
if one workload has podSpec, trait can do lot's of assumption such as port, env, volume fields.
|
||||
type: string
|
||||
revisionLabel:
|
||||
description: RevisionLabel indicates which label for underlying resources(e.g.
|
||||
pods) of this workload can be used by trait to create resource selectors(e.g.
|
||||
label selector for pods).
|
||||
description: |-
|
||||
RevisionLabel indicates which label for underlying resources(e.g. pods) of this workload
|
||||
can be used by trait to create resource selectors(e.g. label selector for pods).
|
||||
type: string
|
||||
schematic:
|
||||
description: Schematic defines the data format and template of the
|
||||
@@ -93,10 +98,9 @@ spec:
|
||||
description: CUE defines the encapsulation in CUE format
|
||||
properties:
|
||||
template:
|
||||
description: Template defines the abstraction template data
|
||||
of the capability, it will replace the old CUE template
|
||||
in extension field. Template is a required field if CUE
|
||||
is defined in Capability Definition.
|
||||
description: |-
|
||||
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
|
||||
Template is a required field if CUE is defined in Capability Definition.
|
||||
type: string
|
||||
required:
|
||||
- template
|
||||
@@ -159,11 +163,11 @@ spec:
|
||||
- remote
|
||||
type: string
|
||||
writeConnectionSecretToRef:
|
||||
description: WriteConnectionSecretToReference specifies the
|
||||
namespace and name of a Secret to which any connection details
|
||||
for this managed resource should be written. Connection
|
||||
details frequently include the endpoint, username, and password
|
||||
required to connect to the managed resource.
|
||||
description: |-
|
||||
WriteConnectionSecretToReference specifies the namespace and name of a
|
||||
Secret to which any connection details for this managed resource should
|
||||
be written. Connection details frequently include the endpoint, username,
|
||||
and password required to connect to the managed resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the secret.
|
||||
@@ -186,11 +190,17 @@ spec:
|
||||
description: CustomStatus defines the custom status message that
|
||||
could display to user
|
||||
type: string
|
||||
details:
|
||||
description: Details stores a string representation of a CUE status
|
||||
map to be evaluated at runtime for display
|
||||
type: string
|
||||
healthPolicy:
|
||||
description: HealthPolicy defines the health check policy for
|
||||
the abstraction
|
||||
type: string
|
||||
type: object
|
||||
version:
|
||||
type: string
|
||||
workload:
|
||||
description: Workload is a workload type descriptor
|
||||
properties:
|
||||
@@ -222,13 +232,15 @@ spec:
|
||||
description: A Condition that may apply to a resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the last time this condition
|
||||
transitioned from one status to another.
|
||||
description: |-
|
||||
LastTransitionTime is the last time this condition transitioned from one
|
||||
status to another.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A Message containing details about this condition's
|
||||
last transition from one status to another, if any.
|
||||
description: |-
|
||||
A Message containing details about this condition's last transition from
|
||||
one status to another, if any.
|
||||
type: string
|
||||
reason:
|
||||
description: A Reason for this condition's last transition from
|
||||
@@ -239,8 +251,9 @@ spec:
|
||||
False, or Unknown?
|
||||
type: string
|
||||
type:
|
||||
description: Type of this condition. At most one of each condition
|
||||
type may apply to a resource at any point in time.
|
||||
description: |-
|
||||
Type of this condition. At most one of each condition type may apply to
|
||||
a resource at any point in time.
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
|
||||
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.4
|
||||
controller-gen.kubebuilder.io/version: v0.16.5
|
||||
name: definitionrevisions.core.oam.dev
|
||||
spec:
|
||||
group: core.oam.dev
|
||||
@@ -34,14 +34,19 @@ spec:
|
||||
description: DefinitionRevision is the Schema for the DefinitionRevision API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -53,16 +58,19 @@ spec:
|
||||
ComponentDefinition
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this
|
||||
representation of an object. Servers should convert recognized
|
||||
schemas to the latest internal value, and may reject unrecognized
|
||||
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource
|
||||
this object represents. Servers may infer this from the endpoint
|
||||
the client submits requests to. Cannot be updated. In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
properties:
|
||||
@@ -117,14 +125,14 @@ spec:
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
podSpecPath:
|
||||
description: PodSpecPath indicates where/if this workload
|
||||
has K8s podSpec field if one workload has podSpec, trait
|
||||
can do lot's of assumption such as port, env, volume fields.
|
||||
description: |-
|
||||
PodSpecPath indicates where/if this workload has K8s podSpec field
|
||||
if one workload has podSpec, trait can do lot's of assumption such as port, env, volume fields.
|
||||
type: string
|
||||
revisionLabel:
|
||||
description: RevisionLabel indicates which label for underlying
|
||||
resources(e.g. pods) of this workload can be used by trait
|
||||
to create resource selectors(e.g. label selector for pods).
|
||||
description: |-
|
||||
RevisionLabel indicates which label for underlying resources(e.g. pods) of this workload
|
||||
can be used by trait to create resource selectors(e.g. label selector for pods).
|
||||
type: string
|
||||
schematic:
|
||||
description: Schematic defines the data format and template
|
||||
@@ -134,10 +142,9 @@ spec:
|
||||
description: CUE defines the encapsulation in CUE format
|
||||
properties:
|
||||
template:
|
||||
description: Template defines the abstraction template
|
||||
data of the capability, it will replace the old
|
||||
CUE template in extension field. Template is a required
|
||||
field if CUE is defined in Capability Definition.
|
||||
description: |-
|
||||
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
|
||||
Template is a required field if CUE is defined in Capability Definition.
|
||||
type: string
|
||||
required:
|
||||
- template
|
||||
@@ -202,12 +209,11 @@ spec:
|
||||
- remote
|
||||
type: string
|
||||
writeConnectionSecretToRef:
|
||||
description: WriteConnectionSecretToReference specifies
|
||||
the namespace and name of a Secret to which any
|
||||
connection details for this managed resource should
|
||||
be written. Connection details frequently include
|
||||
the endpoint, username, and password required to
|
||||
connect to the managed resource.
|
||||
description: |-
|
||||
WriteConnectionSecretToReference specifies the namespace and name of a
|
||||
Secret to which any connection details for this managed resource should
|
||||
be written. Connection details frequently include the endpoint, username,
|
||||
and password required to connect to the managed resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the secret.
|
||||
@@ -230,11 +236,17 @@ spec:
|
||||
description: CustomStatus defines the custom status message
|
||||
that could display to user
|
||||
type: string
|
||||
details:
|
||||
description: Details stores a string representation of
|
||||
a CUE status map to be evaluated at runtime for display
|
||||
type: string
|
||||
healthPolicy:
|
||||
description: HealthPolicy defines the health check policy
|
||||
for the abstraction
|
||||
type: string
|
||||
type: object
|
||||
version:
|
||||
type: string
|
||||
workload:
|
||||
description: Workload is a workload type descriptor
|
||||
properties:
|
||||
@@ -266,14 +278,15 @@ spec:
|
||||
description: A Condition that may apply to a resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the last time this
|
||||
condition transitioned from one status to another.
|
||||
description: |-
|
||||
LastTransitionTime is the last time this condition transitioned from one
|
||||
status to another.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A Message containing details about this
|
||||
condition's last transition from one status to another,
|
||||
if any.
|
||||
description: |-
|
||||
A Message containing details about this condition's last transition from
|
||||
one status to another, if any.
|
||||
type: string
|
||||
reason:
|
||||
description: A Reason for this condition's last transition
|
||||
@@ -284,9 +297,9 @@ spec:
|
||||
True, False, or Unknown?
|
||||
type: string
|
||||
type:
|
||||
description: Type of this condition. At most one of
|
||||
each condition type may apply to a resource at any
|
||||
point in time.
|
||||
description: |-
|
||||
Type of this condition. At most one of each condition type may apply to
|
||||
a resource at any point in time.
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
@@ -330,16 +343,19 @@ spec:
|
||||
PolicyDefinition
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this
|
||||
representation of an object. Servers should convert recognized
|
||||
schemas to the latest internal value, and may reject unrecognized
|
||||
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource
|
||||
this object represents. Servers may infer this from the endpoint
|
||||
the client submits requests to. Cannot be updated. In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
properties:
|
||||
@@ -372,31 +388,30 @@ spec:
|
||||
description: Name of the referenced CustomResourceDefinition.
|
||||
type: string
|
||||
version:
|
||||
description: Version indicate which version should be
|
||||
used if CRD has multiple versions by default it will
|
||||
use the first one if not specified
|
||||
description: |-
|
||||
Version indicate which version should be used if CRD has multiple versions
|
||||
by default it will use the first one if not specified
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
manageHealthCheck:
|
||||
description: ManageHealthCheck means the policy will handle
|
||||
health checking and skip application controller built-in
|
||||
health checking.
|
||||
description: |-
|
||||
ManageHealthCheck means the policy will handle health checking and skip application controller
|
||||
built-in health checking.
|
||||
type: boolean
|
||||
schematic:
|
||||
description: Schematic defines the data format and template
|
||||
of the encapsulation of the policy definition. Only CUE
|
||||
schematic is supported for now.
|
||||
description: |-
|
||||
Schematic defines the data format and template of the encapsulation of the policy definition.
|
||||
Only CUE schematic is supported for now.
|
||||
properties:
|
||||
cue:
|
||||
description: CUE defines the encapsulation in CUE format
|
||||
properties:
|
||||
template:
|
||||
description: Template defines the abstraction template
|
||||
data of the capability, it will replace the old
|
||||
CUE template in extension field. Template is a required
|
||||
field if CUE is defined in Capability Definition.
|
||||
description: |-
|
||||
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
|
||||
Template is a required field if CUE is defined in Capability Definition.
|
||||
type: string
|
||||
required:
|
||||
- template
|
||||
@@ -461,12 +476,11 @@ spec:
|
||||
- remote
|
||||
type: string
|
||||
writeConnectionSecretToRef:
|
||||
description: WriteConnectionSecretToReference specifies
|
||||
the namespace and name of a Secret to which any
|
||||
connection details for this managed resource should
|
||||
be written. Connection details frequently include
|
||||
the endpoint, username, and password required to
|
||||
connect to the managed resource.
|
||||
description: |-
|
||||
WriteConnectionSecretToReference specifies the namespace and name of a
|
||||
Secret to which any connection details for this managed resource should
|
||||
be written. Connection details frequently include the endpoint, username,
|
||||
and password required to connect to the managed resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the secret.
|
||||
@@ -481,6 +495,8 @@ spec:
|
||||
- configuration
|
||||
type: object
|
||||
type: object
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
status:
|
||||
description: PolicyDefinitionStatus is the status of PolicyDefinition
|
||||
@@ -491,14 +507,15 @@ spec:
|
||||
description: A Condition that may apply to a resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the last time this
|
||||
condition transitioned from one status to another.
|
||||
description: |-
|
||||
LastTransitionTime is the last time this condition transitioned from one
|
||||
status to another.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A Message containing details about this
|
||||
condition's last transition from one status to another,
|
||||
if any.
|
||||
description: |-
|
||||
A Message containing details about this condition's last transition from
|
||||
one status to another, if any.
|
||||
type: string
|
||||
reason:
|
||||
description: A Reason for this condition's last transition
|
||||
@@ -509,9 +526,9 @@ spec:
|
||||
True, False, or Unknown?
|
||||
type: string
|
||||
type:
|
||||
description: Type of this condition. At most one of
|
||||
each condition type may apply to a resource at any
|
||||
point in time.
|
||||
description: |-
|
||||
Type of this condition. At most one of each condition type may apply to
|
||||
a resource at any point in time.
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
@@ -555,16 +572,19 @@ spec:
|
||||
TraitDefinition
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this
|
||||
representation of an object. Servers should convert recognized
|
||||
schemas to the latest internal value, and may reject unrecognized
|
||||
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource
|
||||
this object represents. Servers may infer this from the endpoint
|
||||
the client submits requests to. Cannot be updated. In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
properties:
|
||||
@@ -590,21 +610,25 @@ spec:
|
||||
a TraitDefinition.
|
||||
properties:
|
||||
appliesToWorkloads:
|
||||
description: AppliesToWorkloads specifies the list of workload
|
||||
kinds this trait applies to. Workload kinds are specified
|
||||
in resource.group/version format, e.g. server.core.oam.dev/v1alpha2.
|
||||
Traits that omit this field apply to all workload kinds.
|
||||
description: |-
|
||||
AppliesToWorkloads specifies the list of workload kinds this trait
|
||||
applies to. Workload kinds are specified in resource.group/version format,
|
||||
e.g. server.core.oam.dev/v1alpha2. Traits that omit this field apply to
|
||||
all workload kinds.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
conflictsWith:
|
||||
description: 'ConflictsWith specifies the list of traits(CRD
|
||||
name, Definition name, CRD group) which could not apply
|
||||
to the same workloads with this trait. Traits that omit
|
||||
this field can work with any other traits. Example rules:
|
||||
"service" # Trait definition name "services.k8s.io" # API
|
||||
resource/crd name "*.networking.k8s.io" # API group "labelSelector:foo=bar"
|
||||
# label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse'
|
||||
description: |-
|
||||
ConflictsWith specifies the list of traits(CRD name, Definition name, CRD group)
|
||||
which could not apply to the same workloads with this trait.
|
||||
Traits that omit this field can work with any other traits.
|
||||
Example rules:
|
||||
"service" # Trait definition name
|
||||
"services.k8s.io" # API resource/crd name
|
||||
"*.networking.k8s.io" # API group
|
||||
"labelSelector:foo=bar" # label selector
|
||||
labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -620,9 +644,9 @@ spec:
|
||||
description: Name of the referenced CustomResourceDefinition.
|
||||
type: string
|
||||
version:
|
||||
description: Version indicate which version should be
|
||||
used if CRD has multiple versions by default it will
|
||||
use the first one if not specified
|
||||
description: |-
|
||||
Version indicate which version should be used if CRD has multiple versions
|
||||
by default it will use the first one if not specified
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
@@ -645,18 +669,17 @@ spec:
|
||||
component revision
|
||||
type: boolean
|
||||
schematic:
|
||||
description: Schematic defines the data format and template
|
||||
of the encapsulation of the trait. Only CUE and Kube schematic
|
||||
are supported for now.
|
||||
description: |-
|
||||
Schematic defines the data format and template of the encapsulation of the trait.
|
||||
Only CUE and Kube schematic are supported for now.
|
||||
properties:
|
||||
cue:
|
||||
description: CUE defines the encapsulation in CUE format
|
||||
properties:
|
||||
template:
|
||||
description: Template defines the abstraction template
|
||||
data of the capability, it will replace the old
|
||||
CUE template in extension field. Template is a required
|
||||
field if CUE is defined in Capability Definition.
|
||||
description: |-
|
||||
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
|
||||
Template is a required field if CUE is defined in Capability Definition.
|
||||
type: string
|
||||
required:
|
||||
- template
|
||||
@@ -721,12 +744,11 @@ spec:
|
||||
- remote
|
||||
type: string
|
||||
writeConnectionSecretToRef:
|
||||
description: WriteConnectionSecretToReference specifies
|
||||
the namespace and name of a Secret to which any
|
||||
connection details for this managed resource should
|
||||
be written. Connection details frequently include
|
||||
the endpoint, username, and password required to
|
||||
connect to the managed resource.
|
||||
description: |-
|
||||
WriteConnectionSecretToReference specifies the namespace and name of a
|
||||
Secret to which any connection details for this managed resource should
|
||||
be written. Connection details frequently include the endpoint, username,
|
||||
and password required to connect to the managed resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the secret.
|
||||
@@ -742,10 +764,10 @@ spec:
|
||||
type: object
|
||||
type: object
|
||||
stage:
|
||||
description: Stage defines the stage information to which
|
||||
this trait resource processing belongs. Currently, PreDispatch
|
||||
and PostDispatch are provided, which are used to control
|
||||
resource pre-process and post-process respectively.
|
||||
description: |-
|
||||
Stage defines the stage information to which this trait resource processing belongs.
|
||||
Currently, PreDispatch and PostDispatch are provided, which are used to control resource
|
||||
pre-process and post-process respectively.
|
||||
type: string
|
||||
status:
|
||||
description: Status defines the custom health policy and status
|
||||
@@ -755,11 +777,17 @@ spec:
|
||||
description: CustomStatus defines the custom status message
|
||||
that could display to user
|
||||
type: string
|
||||
details:
|
||||
description: Details stores a string representation of
|
||||
a CUE status map to be evaluated at runtime for display
|
||||
type: string
|
||||
healthPolicy:
|
||||
description: HealthPolicy defines the health check policy
|
||||
for the abstraction
|
||||
type: string
|
||||
type: object
|
||||
version:
|
||||
type: string
|
||||
workloadRefPath:
|
||||
description: WorkloadRefPath indicates where/if a trait accepts
|
||||
a workloadRef object
|
||||
@@ -774,14 +802,15 @@ spec:
|
||||
description: A Condition that may apply to a resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the last time this
|
||||
condition transitioned from one status to another.
|
||||
description: |-
|
||||
LastTransitionTime is the last time this condition transitioned from one
|
||||
status to another.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A Message containing details about this
|
||||
condition's last transition from one status to another,
|
||||
if any.
|
||||
description: |-
|
||||
A Message containing details about this condition's last transition from
|
||||
one status to another, if any.
|
||||
type: string
|
||||
reason:
|
||||
description: A Reason for this condition's last transition
|
||||
@@ -792,9 +821,9 @@ spec:
|
||||
True, False, or Unknown?
|
||||
type: string
|
||||
type:
|
||||
description: Type of this condition. At most one of
|
||||
each condition type may apply to a resource at any
|
||||
point in time.
|
||||
description: |-
|
||||
Type of this condition. At most one of each condition type may apply to
|
||||
a resource at any point in time.
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
@@ -830,16 +859,19 @@ spec:
|
||||
WorkflowStepDefinition
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this
|
||||
representation of an object. Servers should convert recognized
|
||||
schemas to the latest internal value, and may reject unrecognized
|
||||
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource
|
||||
this object represents. Servers may infer this from the endpoint
|
||||
the client submits requests to. Cannot be updated. In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
properties:
|
||||
@@ -872,26 +904,25 @@ spec:
|
||||
description: Name of the referenced CustomResourceDefinition.
|
||||
type: string
|
||||
version:
|
||||
description: Version indicate which version should be
|
||||
used if CRD has multiple versions by default it will
|
||||
use the first one if not specified
|
||||
description: |-
|
||||
Version indicate which version should be used if CRD has multiple versions
|
||||
by default it will use the first one if not specified
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
schematic:
|
||||
description: Schematic defines the data format and template
|
||||
of the encapsulation of the workflow step definition. Only
|
||||
CUE schematic is supported for now.
|
||||
description: |-
|
||||
Schematic defines the data format and template of the encapsulation of the workflow step definition.
|
||||
Only CUE schematic is supported for now.
|
||||
properties:
|
||||
cue:
|
||||
description: CUE defines the encapsulation in CUE format
|
||||
properties:
|
||||
template:
|
||||
description: Template defines the abstraction template
|
||||
data of the capability, it will replace the old
|
||||
CUE template in extension field. Template is a required
|
||||
field if CUE is defined in Capability Definition.
|
||||
description: |-
|
||||
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
|
||||
Template is a required field if CUE is defined in Capability Definition.
|
||||
type: string
|
||||
required:
|
||||
- template
|
||||
@@ -956,12 +987,11 @@ spec:
|
||||
- remote
|
||||
type: string
|
||||
writeConnectionSecretToRef:
|
||||
description: WriteConnectionSecretToReference specifies
|
||||
the namespace and name of a Secret to which any
|
||||
connection details for this managed resource should
|
||||
be written. Connection details frequently include
|
||||
the endpoint, username, and password required to
|
||||
connect to the managed resource.
|
||||
description: |-
|
||||
WriteConnectionSecretToReference specifies the namespace and name of a
|
||||
Secret to which any connection details for this managed resource should
|
||||
be written. Connection details frequently include the endpoint, username,
|
||||
and password required to connect to the managed resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the secret.
|
||||
@@ -976,6 +1006,8 @@ spec:
|
||||
- configuration
|
||||
type: object
|
||||
type: object
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
status:
|
||||
description: WorkflowStepDefinitionStatus is the status of WorkflowStepDefinition
|
||||
@@ -986,14 +1018,15 @@ spec:
|
||||
description: A Condition that may apply to a resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the last time this
|
||||
condition transitioned from one status to another.
|
||||
description: |-
|
||||
LastTransitionTime is the last time this condition transitioned from one
|
||||
status to another.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A Message containing details about this
|
||||
condition's last transition from one status to another,
|
||||
if any.
|
||||
description: |-
|
||||
A Message containing details about this condition's last transition from
|
||||
one status to another, if any.
|
||||
type: string
|
||||
reason:
|
||||
description: A Reason for this condition's last transition
|
||||
@@ -1004,9 +1037,9 @@ spec:
|
||||
True, False, or Unknown?
|
||||
type: string
|
||||
type:
|
||||
description: Type of this condition. At most one of
|
||||
each condition type may apply to a resource at any
|
||||
point in time.
|
||||
description: |-
|
||||
Type of this condition. At most one of each condition type may apply to
|
||||
a resource at any point in time.
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
|
||||
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.4
|
||||
controller-gen.kubebuilder.io/version: v0.16.5
|
||||
name: policies.core.oam.dev
|
||||
spec:
|
||||
group: core.oam.dev
|
||||
@@ -26,14 +26,19 @@ spec:
|
||||
description: Policy is the Schema for the policy API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
||||
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.4
|
||||
controller-gen.kubebuilder.io/version: v0.16.5
|
||||
name: policydefinitions.core.oam.dev
|
||||
spec:
|
||||
group: core.oam.dev
|
||||
@@ -24,14 +24,19 @@ spec:
|
||||
description: PolicyDefinition is the Schema for the policydefinitions API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -46,30 +51,30 @@ spec:
|
||||
description: Name of the referenced CustomResourceDefinition.
|
||||
type: string
|
||||
version:
|
||||
description: Version indicate which version should be used if
|
||||
CRD has multiple versions by default it will use the first one
|
||||
if not specified
|
||||
description: |-
|
||||
Version indicate which version should be used if CRD has multiple versions
|
||||
by default it will use the first one if not specified
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
manageHealthCheck:
|
||||
description: ManageHealthCheck means the policy will handle health
|
||||
checking and skip application controller built-in health checking.
|
||||
description: |-
|
||||
ManageHealthCheck means the policy will handle health checking and skip application controller
|
||||
built-in health checking.
|
||||
type: boolean
|
||||
schematic:
|
||||
description: Schematic defines the data format and template of the
|
||||
encapsulation of the policy definition. Only CUE schematic is supported
|
||||
for now.
|
||||
description: |-
|
||||
Schematic defines the data format and template of the encapsulation of the policy definition.
|
||||
Only CUE schematic is supported for now.
|
||||
properties:
|
||||
cue:
|
||||
description: CUE defines the encapsulation in CUE format
|
||||
properties:
|
||||
template:
|
||||
description: Template defines the abstraction template data
|
||||
of the capability, it will replace the old CUE template
|
||||
in extension field. Template is a required field if CUE
|
||||
is defined in Capability Definition.
|
||||
description: |-
|
||||
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
|
||||
Template is a required field if CUE is defined in Capability Definition.
|
||||
type: string
|
||||
required:
|
||||
- template
|
||||
@@ -132,11 +137,11 @@ spec:
|
||||
- remote
|
||||
type: string
|
||||
writeConnectionSecretToRef:
|
||||
description: WriteConnectionSecretToReference specifies the
|
||||
namespace and name of a Secret to which any connection details
|
||||
for this managed resource should be written. Connection
|
||||
details frequently include the endpoint, username, and password
|
||||
required to connect to the managed resource.
|
||||
description: |-
|
||||
WriteConnectionSecretToReference specifies the namespace and name of a
|
||||
Secret to which any connection details for this managed resource should
|
||||
be written. Connection details frequently include the endpoint, username,
|
||||
and password required to connect to the managed resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the secret.
|
||||
@@ -151,6 +156,8 @@ spec:
|
||||
- configuration
|
||||
type: object
|
||||
type: object
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
status:
|
||||
description: PolicyDefinitionStatus is the status of PolicyDefinition
|
||||
@@ -161,13 +168,15 @@ spec:
|
||||
description: A Condition that may apply to a resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the last time this condition
|
||||
transitioned from one status to another.
|
||||
description: |-
|
||||
LastTransitionTime is the last time this condition transitioned from one
|
||||
status to another.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A Message containing details about this condition's
|
||||
last transition from one status to another, if any.
|
||||
description: |-
|
||||
A Message containing details about this condition's last transition from
|
||||
one status to another, if any.
|
||||
type: string
|
||||
reason:
|
||||
description: A Reason for this condition's last transition from
|
||||
@@ -178,8 +187,9 @@ spec:
|
||||
False, or Unknown?
|
||||
type: string
|
||||
type:
|
||||
description: Type of this condition. At most one of each condition
|
||||
type may apply to a resource at any point in time.
|
||||
description: |-
|
||||
Type of this condition. At most one of each condition type may apply to
|
||||
a resource at any point in time.
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
|
||||
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.4
|
||||
controller-gen.kubebuilder.io/version: v0.16.5
|
||||
name: resourcetrackers.core.oam.dev
|
||||
spec:
|
||||
group: core.oam.dev
|
||||
@@ -38,14 +38,19 @@ spec:
|
||||
resources
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -83,33 +88,37 @@ spec:
|
||||
description: Deleted marks the resource to be deleted
|
||||
type: boolean
|
||||
fieldPath:
|
||||
description: 'If referring to a piece of an object instead of
|
||||
an entire object, this string should contain a valid JSON/Go
|
||||
field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within
|
||||
a pod, this would take on a value like: "spec.containers{name}"
|
||||
(where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]"
|
||||
(container with index 2 in this pod). This syntax is chosen
|
||||
only to have some well-defined way of referencing a part of
|
||||
an object. TODO: this design is not final and this field is
|
||||
subject to change in the future.'
|
||||
description: |-
|
||||
If referring to a piece of an object instead of an entire object, this string
|
||||
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within a pod, this would take on a value like:
|
||||
"spec.containers{name}" (where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]" (container with
|
||||
index 2 in this pod). This syntax is chosen only to have some well-defined way of
|
||||
referencing a part of an object.
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind of the referent.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
||||
description: |-
|
||||
Namespace of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
||||
type: string
|
||||
raw:
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
resourceVersion:
|
||||
description: 'Specific resourceVersion to which this reference
|
||||
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
||||
description: |-
|
||||
Specific resourceVersion to which this reference is made, if any.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
type: string
|
||||
skipGC:
|
||||
description: SkipGC marks the resource to skip gc
|
||||
@@ -117,7 +126,9 @@ spec:
|
||||
trait:
|
||||
type: string
|
||||
uid:
|
||||
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
||||
description: |-
|
||||
UID of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
|
||||
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.4
|
||||
controller-gen.kubebuilder.io/version: v0.16.5
|
||||
name: traitdefinitions.core.oam.dev
|
||||
spec:
|
||||
group: core.oam.dev
|
||||
@@ -28,20 +28,26 @@ spec:
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: A TraitDefinition registers a kind of Kubernetes custom resource
|
||||
as a valid OAM trait kind by referencing its CustomResourceDefinition. The
|
||||
CRD is used to validate the schema of the trait when it is embedded in an
|
||||
OAM ApplicationConfiguration.
|
||||
description: |-
|
||||
A TraitDefinition registers a kind of Kubernetes custom resource as a valid
|
||||
OAM trait kind by referencing its CustomResourceDefinition. The CRD is used
|
||||
to validate the schema of the trait when it is embedded in an OAM
|
||||
ApplicationConfiguration.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -49,20 +55,25 @@ spec:
|
||||
description: A TraitDefinitionSpec defines the desired state of a TraitDefinition.
|
||||
properties:
|
||||
appliesToWorkloads:
|
||||
description: AppliesToWorkloads specifies the list of workload kinds
|
||||
this trait applies to. Workload kinds are specified in resource.group/version
|
||||
format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this
|
||||
field apply to all workload kinds.
|
||||
description: |-
|
||||
AppliesToWorkloads specifies the list of workload kinds this trait
|
||||
applies to. Workload kinds are specified in resource.group/version format,
|
||||
e.g. server.core.oam.dev/v1alpha2. Traits that omit this field apply to
|
||||
all workload kinds.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
conflictsWith:
|
||||
description: 'ConflictsWith specifies the list of traits(CRD name,
|
||||
Definition name, CRD group) which could not apply to the same workloads
|
||||
with this trait. Traits that omit this field can work with any other
|
||||
traits. Example rules: "service" # Trait definition name "services.k8s.io"
|
||||
# API resource/crd name "*.networking.k8s.io" # API group "labelSelector:foo=bar"
|
||||
# label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse'
|
||||
description: |-
|
||||
ConflictsWith specifies the list of traits(CRD name, Definition name, CRD group)
|
||||
which could not apply to the same workloads with this trait.
|
||||
Traits that omit this field can work with any other traits.
|
||||
Example rules:
|
||||
"service" # Trait definition name
|
||||
"services.k8s.io" # API resource/crd name
|
||||
"*.networking.k8s.io" # API group
|
||||
"labelSelector:foo=bar" # label selector
|
||||
labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
@@ -78,9 +89,9 @@ spec:
|
||||
description: Name of the referenced CustomResourceDefinition.
|
||||
type: string
|
||||
version:
|
||||
description: Version indicate which version should be used if
|
||||
CRD has multiple versions by default it will use the first one
|
||||
if not specified
|
||||
description: |-
|
||||
Version indicate which version should be used if CRD has multiple versions
|
||||
by default it will use the first one if not specified
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
@@ -103,18 +114,17 @@ spec:
|
||||
revision
|
||||
type: boolean
|
||||
schematic:
|
||||
description: Schematic defines the data format and template of the
|
||||
encapsulation of the trait. Only CUE and Kube schematic are supported
|
||||
for now.
|
||||
description: |-
|
||||
Schematic defines the data format and template of the encapsulation of the trait.
|
||||
Only CUE and Kube schematic are supported for now.
|
||||
properties:
|
||||
cue:
|
||||
description: CUE defines the encapsulation in CUE format
|
||||
properties:
|
||||
template:
|
||||
description: Template defines the abstraction template data
|
||||
of the capability, it will replace the old CUE template
|
||||
in extension field. Template is a required field if CUE
|
||||
is defined in Capability Definition.
|
||||
description: |-
|
||||
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
|
||||
Template is a required field if CUE is defined in Capability Definition.
|
||||
type: string
|
||||
required:
|
||||
- template
|
||||
@@ -177,11 +187,11 @@ spec:
|
||||
- remote
|
||||
type: string
|
||||
writeConnectionSecretToRef:
|
||||
description: WriteConnectionSecretToReference specifies the
|
||||
namespace and name of a Secret to which any connection details
|
||||
for this managed resource should be written. Connection
|
||||
details frequently include the endpoint, username, and password
|
||||
required to connect to the managed resource.
|
||||
description: |-
|
||||
WriteConnectionSecretToReference specifies the namespace and name of a
|
||||
Secret to which any connection details for this managed resource should
|
||||
be written. Connection details frequently include the endpoint, username,
|
||||
and password required to connect to the managed resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the secret.
|
||||
@@ -197,10 +207,10 @@ spec:
|
||||
type: object
|
||||
type: object
|
||||
stage:
|
||||
description: Stage defines the stage information to which this trait
|
||||
resource processing belongs. Currently, PreDispatch and PostDispatch
|
||||
are provided, which are used to control resource pre-process and
|
||||
post-process respectively.
|
||||
description: |-
|
||||
Stage defines the stage information to which this trait resource processing belongs.
|
||||
Currently, PreDispatch and PostDispatch are provided, which are used to control resource
|
||||
pre-process and post-process respectively.
|
||||
type: string
|
||||
status:
|
||||
description: Status defines the custom health policy and status message
|
||||
@@ -210,11 +220,17 @@ spec:
|
||||
description: CustomStatus defines the custom status message that
|
||||
could display to user
|
||||
type: string
|
||||
details:
|
||||
description: Details stores a string representation of a CUE status
|
||||
map to be evaluated at runtime for display
|
||||
type: string
|
||||
healthPolicy:
|
||||
description: HealthPolicy defines the health check policy for
|
||||
the abstraction
|
||||
type: string
|
||||
type: object
|
||||
version:
|
||||
type: string
|
||||
workloadRefPath:
|
||||
description: WorkloadRefPath indicates where/if a trait accepts a
|
||||
workloadRef object
|
||||
@@ -229,13 +245,15 @@ spec:
|
||||
description: A Condition that may apply to a resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the last time this condition
|
||||
transitioned from one status to another.
|
||||
description: |-
|
||||
LastTransitionTime is the last time this condition transitioned from one
|
||||
status to another.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A Message containing details about this condition's
|
||||
last transition from one status to another, if any.
|
||||
description: |-
|
||||
A Message containing details about this condition's last transition from
|
||||
one status to another, if any.
|
||||
type: string
|
||||
reason:
|
||||
description: A Reason for this condition's last transition from
|
||||
@@ -246,8 +264,9 @@ spec:
|
||||
False, or Unknown?
|
||||
type: string
|
||||
type:
|
||||
description: Type of this condition. At most one of each condition
|
||||
type may apply to a resource at any point in time.
|
||||
description: |-
|
||||
Type of this condition. At most one of each condition type may apply to
|
||||
a resource at any point in time.
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
|
||||
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.4
|
||||
controller-gen.kubebuilder.io/version: v0.16.5
|
||||
name: workflowstepdefinitions.core.oam.dev
|
||||
spec:
|
||||
group: core.oam.dev
|
||||
@@ -25,14 +25,19 @@ spec:
|
||||
API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
@@ -47,26 +52,25 @@ spec:
|
||||
description: Name of the referenced CustomResourceDefinition.
|
||||
type: string
|
||||
version:
|
||||
description: Version indicate which version should be used if
|
||||
CRD has multiple versions by default it will use the first one
|
||||
if not specified
|
||||
description: |-
|
||||
Version indicate which version should be used if CRD has multiple versions
|
||||
by default it will use the first one if not specified
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
schematic:
|
||||
description: Schematic defines the data format and template of the
|
||||
encapsulation of the workflow step definition. Only CUE schematic
|
||||
is supported for now.
|
||||
description: |-
|
||||
Schematic defines the data format and template of the encapsulation of the workflow step definition.
|
||||
Only CUE schematic is supported for now.
|
||||
properties:
|
||||
cue:
|
||||
description: CUE defines the encapsulation in CUE format
|
||||
properties:
|
||||
template:
|
||||
description: Template defines the abstraction template data
|
||||
of the capability, it will replace the old CUE template
|
||||
in extension field. Template is a required field if CUE
|
||||
is defined in Capability Definition.
|
||||
description: |-
|
||||
Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field.
|
||||
Template is a required field if CUE is defined in Capability Definition.
|
||||
type: string
|
||||
required:
|
||||
- template
|
||||
@@ -129,11 +133,11 @@ spec:
|
||||
- remote
|
||||
type: string
|
||||
writeConnectionSecretToRef:
|
||||
description: WriteConnectionSecretToReference specifies the
|
||||
namespace and name of a Secret to which any connection details
|
||||
for this managed resource should be written. Connection
|
||||
details frequently include the endpoint, username, and password
|
||||
required to connect to the managed resource.
|
||||
description: |-
|
||||
WriteConnectionSecretToReference specifies the namespace and name of a
|
||||
Secret to which any connection details for this managed resource should
|
||||
be written. Connection details frequently include the endpoint, username,
|
||||
and password required to connect to the managed resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the secret.
|
||||
@@ -148,6 +152,8 @@ spec:
|
||||
- configuration
|
||||
type: object
|
||||
type: object
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
status:
|
||||
description: WorkflowStepDefinitionStatus is the status of WorkflowStepDefinition
|
||||
@@ -158,13 +164,15 @@ spec:
|
||||
description: A Condition that may apply to a resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the last time this condition
|
||||
transitioned from one status to another.
|
||||
description: |-
|
||||
LastTransitionTime is the last time this condition transitioned from one
|
||||
status to another.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A Message containing details about this condition's
|
||||
last transition from one status to another, if any.
|
||||
description: |-
|
||||
A Message containing details about this condition's last transition from
|
||||
one status to another, if any.
|
||||
type: string
|
||||
reason:
|
||||
description: A Reason for this condition's last transition from
|
||||
@@ -175,8 +183,9 @@ spec:
|
||||
False, or Unknown?
|
||||
type: string
|
||||
type:
|
||||
description: Type of this condition. At most one of each condition
|
||||
type may apply to a resource at any point in time.
|
||||
description: |-
|
||||
Type of this condition. At most one of each condition type may apply to
|
||||
a resource at any point in time.
|
||||
type: string
|
||||
required:
|
||||
- lastTransitionTime
|
||||
|
||||
81
charts/vela-core/crds/cue.oam.dev_packages.yaml
Normal file
81
charts/vela-core/crds/cue.oam.dev_packages.yaml
Normal file
@@ -0,0 +1,81 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
creationTimestamp: null
|
||||
name: packages.cue.oam.dev
|
||||
spec:
|
||||
group: cue.oam.dev
|
||||
names:
|
||||
kind: Package
|
||||
listKind: PackageList
|
||||
plural: packages
|
||||
shortNames:
|
||||
- pkg
|
||||
- cpkg
|
||||
- cuepkg
|
||||
- cuepackage
|
||||
singular: package
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.path
|
||||
name: PATH
|
||||
type: string
|
||||
- jsonPath: .spec.provider.protocol
|
||||
name: PROTO
|
||||
type: string
|
||||
- jsonPath: .spec.provider.endpoint
|
||||
name: ENDPOINT
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Package is an extension for cuex engine
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: PackageSpec the spec for Package
|
||||
properties:
|
||||
path:
|
||||
type: string
|
||||
provider:
|
||||
description: Provider the external Provider in Package for cuex to
|
||||
run functions
|
||||
properties:
|
||||
endpoint:
|
||||
type: string
|
||||
protocol:
|
||||
description: ProviderProtocol the protocol type for external Provider
|
||||
type: string
|
||||
required:
|
||||
- endpoint
|
||||
- protocol
|
||||
type: object
|
||||
templates:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- path
|
||||
- templates
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
@@ -29,3 +29,36 @@ Welcome to use the KubeVela! Enjoy your shipping application journey!
|
||||
|
||||
|
||||
You can refer to https://kubevela.io for more details.
|
||||
|
||||
{{- if and .Values.authentication.enabled (not .Values.authentication.withUser) }}
|
||||
|
||||
WARNING: Authentication is enabled but withUser is disabled.
|
||||
This configuration provides NO security benefit:
|
||||
- All applications will run as '{{ .Values.authentication.defaultUser }}' regardless of who creates them
|
||||
- User groups matching '{{ .Values.authentication.groupPattern }}' are still collected but not used effectively
|
||||
- Service account annotations are blocked
|
||||
|
||||
To enable true user impersonation for security:
|
||||
--set authentication.withUser=true
|
||||
{{- end }}
|
||||
|
||||
{{- if and (not .Values.authorization.definitionValidationEnabled) (not .Values.authentication.enabled) }}
|
||||
|
||||
SECURITY RECOMMENDATION: Both authentication and definition validation are disabled.
|
||||
If KubeVela is running with cluster-admin or other high-level permissions,
|
||||
consider enabling one or both security features:
|
||||
|
||||
1. Authentication with impersonation (recommended for multi-tenant environments):
|
||||
--set authentication.enabled=true
|
||||
--set authentication.withUser=true
|
||||
This makes KubeVela impersonate the requesting user, applying their RBAC permissions.
|
||||
Note: Both flags must be enabled for user impersonation to work.
|
||||
|
||||
2. Definition permission validation (lightweight RBAC for definitions):
|
||||
--set authorization.definitionValidationEnabled=true
|
||||
This ensures users can only reference definitions they have access to.
|
||||
|
||||
Using both features together provides defense in depth.
|
||||
Without these protections, users can leverage KubeVela's permissions to deploy
|
||||
resources beyond their intended access level.
|
||||
{{- end }}
|
||||
|
||||
@@ -4,7 +4,7 @@ kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ template "kubevela.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade,post-rollback
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kubevela.name" . }}-admission
|
||||
|
||||
@@ -4,7 +4,7 @@ kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "kubevela.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade,post-rollback
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kubevela.name" . }}-admission
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ template "kubevela.fullname" . }}-admission-create
|
||||
name: {{ template "kubevela.fullname" . }}-admission-create
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
@@ -17,7 +17,7 @@ spec:
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ template "kubevela.fullname" . }}-admission-create
|
||||
name: {{ template "kubevela.fullname" . }}-admission-create
|
||||
labels:
|
||||
app: {{ template "kubevela.name" . }}-admission-create
|
||||
{{- include "kubevela.labels" . | nindent 8 }}
|
||||
@@ -39,17 +39,26 @@ spec:
|
||||
- --cert-name=tls.crt
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ template "kubevela.fullname" . }}-admission
|
||||
{{- with .Values.admissionWebhooks.patch.nodeSelector }}
|
||||
{{- if .Values.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- toYaml .Values.admissionWebhooks.patch.nodeSelector | nindent 8 }}
|
||||
{{- else if .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml .Values.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.admissionWebhooks.patch.affinity }}
|
||||
{{- if .Values.admissionWebhooks.patch.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- toYaml .Values.admissionWebhooks.patch.affinity | nindent 8 }}
|
||||
{{- else if .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml .Values.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.admissionWebhooks.patch.tolerations }}
|
||||
{{- if .Values.admissionWebhooks.patch.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- toYaml .Values.admissionWebhooks.patch.tolerations | nindent 8 }}
|
||||
{{- else if .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml .Values.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
runAsGroup: 2000
|
||||
|
||||
@@ -2,10 +2,10 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ template "kubevela.fullname" . }}-admission-patch
|
||||
name: {{ template "kubevela.fullname" . }}-admission-patch
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook": post-install,post-upgrade,post-rollback
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kubevela.name" . }}-admission-patch
|
||||
@@ -17,7 +17,7 @@ spec:
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ template "kubevela.fullname" . }}-admission-patch
|
||||
name: {{ template "kubevela.fullname" . }}-admission-patch
|
||||
labels:
|
||||
app: {{ template "kubevela.name" . }}-admission-patch
|
||||
{{- include "kubevela.labels" . | nindent 8 }}
|
||||
@@ -41,13 +41,26 @@ spec:
|
||||
{{- end }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ template "kubevela.fullname" . }}-admission
|
||||
{{- with .Values.admissionWebhooks.patch.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- if .Values.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml .Values.admissionWebhooks.patch.nodeSelector | nindent 8 }}
|
||||
{{- else if .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml .Values.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.admissionWebhooks.patch.tolerations }}
|
||||
{{- if .Values.admissionWebhooks.patch.affinity }}
|
||||
affinity:
|
||||
{{- toYaml .Values.admissionWebhooks.patch.affinity | nindent 8 }}
|
||||
{{- else if .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml .Values.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.admissionWebhooks.patch.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- toYaml .Values.admissionWebhooks.patch.tolerations | nindent 8 }}
|
||||
{{- else if .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml .Values.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
runAsGroup: 2000
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
name: {{ template "kubevela.fullname" . }}-admission
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade,post-rollback
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kubevela.name" . }}-admission
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
name: {{ template "kubevela.fullname" . }}-admission
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade,post-rollback
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kubevela.name" . }}-admission
|
||||
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
name: {{ template "kubevela.fullname" . }}-admission
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade,post-rollback
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kubevela.name" . }}-admission
|
||||
|
||||
@@ -1,4 +1,14 @@
|
||||
{{- if .Values.admissionWebhooks.enabled -}}
|
||||
{{- /* Preserve existing caBundle on upgrade to avoid breaking admission if hooks fail. */}}
|
||||
{{- $mName := printf "%s-admission" (include "kubevela.fullname" .) -}}
|
||||
{{- $existing := (lookup "admissionregistration.k8s.io/v1" "MutatingWebhookConfiguration" "" $mName) -}}
|
||||
{{- $vals := dict "apps" "" "comps" "" -}}
|
||||
{{- if $existing -}}
|
||||
{{- range $existing.webhooks -}}
|
||||
{{- if eq .name "mutating.core.oam.dev.v1beta1.applications" -}}{{- $_ := set $vals "apps" .clientConfig.caBundle -}}{{- end -}}
|
||||
{{- if eq .name "mutating.core.oam-dev.v1beta1.componentdefinitions" -}}{{- $_ := set $vals "comps" .clientConfig.caBundle -}}{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
@@ -10,7 +20,7 @@ metadata:
|
||||
{{- end }}
|
||||
webhooks:
|
||||
- clientConfig:
|
||||
caBundle: Cg==
|
||||
caBundle: {{ default "Cg==" (get $vals "apps") }}
|
||||
service:
|
||||
name: {{ template "kubevela.name" . }}-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -36,7 +46,7 @@ webhooks:
|
||||
resources:
|
||||
- applications
|
||||
- clientConfig:
|
||||
caBundle: Cg==
|
||||
caBundle: {{ default "Cg==" (get $vals "comps") }}
|
||||
service:
|
||||
name: {{ template "kubevela.name" . }}-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -1,4 +1,16 @@
|
||||
{{- if .Values.admissionWebhooks.enabled -}}
|
||||
{{- /* Preserve existing caBundle on upgrade to avoid breaking admission if hooks fail. */}}
|
||||
{{- $vName := printf "%s-admission" (include "kubevela.fullname" .) -}}
|
||||
{{- $existing := (lookup "admissionregistration.k8s.io/v1" "ValidatingWebhookConfiguration" "" $vName) -}}
|
||||
{{- $vals := dict "traits" "" "apps" "" "comps" "" "policies" "" -}}
|
||||
{{- if $existing -}}
|
||||
{{- range $existing.webhooks -}}
|
||||
{{- if eq .name "validating.core.oam.dev.v1beta1.traitdefinitions" -}}{{- $_ := set $vals "traits" .clientConfig.caBundle -}}{{- end -}}
|
||||
{{- if eq .name "validating.core.oam.dev.v1beta1.applications" -}}{{- $_ := set $vals "apps" .clientConfig.caBundle -}}{{- end -}}
|
||||
{{- if eq .name "validating.core.oam-dev.v1beta1.componentdefinitions" -}}{{- $_ := set $vals "comps" .clientConfig.caBundle -}}{{- end -}}
|
||||
{{- if eq .name "validating.core.oam-dev.v1beta1.policydefinitions" -}}{{- $_ := set $vals "policies" .clientConfig.caBundle -}}{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
@@ -10,17 +22,17 @@ metadata:
|
||||
{{- end }}
|
||||
webhooks:
|
||||
- clientConfig:
|
||||
caBundle: Cg==
|
||||
caBundle: {{ default "Cg==" (get $vals "traits") }}
|
||||
service:
|
||||
name: {{ template "kubevela.name" . }}-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validating-core-oam-dev-v1alpha2-traitdefinitions
|
||||
path: /validating-core-oam-dev-v1beta1-traitdefinitions
|
||||
{{- if .Values.admissionWebhooks.patch.enabled }}
|
||||
failurePolicy: Ignore
|
||||
{{- else }}
|
||||
failurePolicy: {{ .Values.admissionWebhooks.failurePolicy }}
|
||||
{{- end }}
|
||||
name: validating.core.oam.dev.v1alpha2.traitdefinitions
|
||||
name: validating.core.oam.dev.v1beta1.traitdefinitions
|
||||
sideEffects: None
|
||||
admissionReviewVersions:
|
||||
- v1beta1
|
||||
@@ -35,10 +47,9 @@ webhooks:
|
||||
- UPDATE
|
||||
resources:
|
||||
- traitdefinitions
|
||||
scope: Cluster
|
||||
timeoutSeconds: 5
|
||||
- clientConfig:
|
||||
caBundle: Cg==
|
||||
caBundle: {{ default "Cg==" (get $vals "apps") }}
|
||||
service:
|
||||
name: {{ template "kubevela.name" . }}-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -64,7 +75,7 @@ webhooks:
|
||||
resources:
|
||||
- applications
|
||||
- clientConfig:
|
||||
caBundle: Cg==
|
||||
caBundle: {{ default "Cg==" (get $vals "comps") }}
|
||||
service:
|
||||
name: {{ template "kubevela.name" . }}-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -90,7 +101,7 @@ webhooks:
|
||||
resources:
|
||||
- componentdefinitions
|
||||
- clientConfig:
|
||||
caBundle: Cg==
|
||||
caBundle: {{ default "Cg==" (get $vals "policies") }}
|
||||
service:
|
||||
name: {{ template "kubevela.name" . }}-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -115,4 +126,30 @@ webhooks:
|
||||
- UPDATE
|
||||
resources:
|
||||
- policydefinitions
|
||||
- clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: {{ template "kubevela.name" . }}-webhook
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validating-core-oam-dev-v1beta1-workflowstepdefinitions
|
||||
{{- if .Values.admissionWebhooks.patch.enabled }}
|
||||
failurePolicy: Ignore
|
||||
{{- else }}
|
||||
failurePolicy: Fail
|
||||
{{- end }}
|
||||
name: validating.core.oam-dev.v1beta1.workflowstepdefinitions
|
||||
sideEffects: None
|
||||
admissionReviewVersions:
|
||||
- v1beta1
|
||||
- v1
|
||||
rules:
|
||||
- apiGroups:
|
||||
- core.oam.dev
|
||||
apiVersions:
|
||||
- v1beta1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- workflowstepdefinitions
|
||||
{{- end -}}
|
||||
|
||||
@@ -124,6 +124,7 @@ spec:
|
||||
- protocol: TCP
|
||||
port: {{ .Values.multicluster.clusterGateway.port }}
|
||||
targetPort: {{ .Values.multicluster.clusterGateway.port }}
|
||||
name: default
|
||||
---
|
||||
# 1. Check whether APIService ""v1alpha1.cluster.core.oam.dev" is already present in the cluster
|
||||
# 2.a If the APIService doesn't exist, create it.
|
||||
@@ -189,4 +190,4 @@ subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "kubevela.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
@@ -95,6 +95,18 @@ spec:
|
||||
runAsGroup: 2000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 2000
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@@ -138,4 +150,16 @@ spec:
|
||||
runAsGroup: 2000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 2000
|
||||
{{ end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
|
||||
@@ -31,6 +31,9 @@ spec:
|
||||
if k.namespace != _|_ {
|
||||
namespace: k.namespace
|
||||
}
|
||||
if k.namespaces != _|_ {
|
||||
namespaces: k.namespaces
|
||||
}
|
||||
topologyKey: k.topologyKey
|
||||
if k.namespaceSelector != _|_ {
|
||||
namespaceSelector: k.namespaceSelector
|
||||
@@ -57,6 +60,9 @@ spec:
|
||||
if k.namespace != _|_ {
|
||||
namespace: k.namespace
|
||||
}
|
||||
if k.namespaces != _|_ {
|
||||
namespaces: k.namespaces
|
||||
}
|
||||
topologyKey: k.topologyKey
|
||||
if k.namespaceSelector != _|_ {
|
||||
namespaceSelector: k.namespaceSelector
|
||||
|
||||
@@ -16,36 +16,39 @@ spec:
|
||||
import (
|
||||
"strconv"
|
||||
"strings"
|
||||
"vela/op"
|
||||
"vela/kube"
|
||||
"vela/builtin"
|
||||
)
|
||||
|
||||
output: op.#Apply & {
|
||||
cluster: parameter.cluster
|
||||
value: {
|
||||
apiVersion: "apps/v1"
|
||||
kind: "Deployment"
|
||||
metadata: {
|
||||
name: context.stepName
|
||||
namespace: context.namespace
|
||||
}
|
||||
spec: {
|
||||
selector: matchLabels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
|
||||
replicas: parameter.replicas
|
||||
template: {
|
||||
metadata: labels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
|
||||
spec: containers: [{
|
||||
name: context.stepName
|
||||
image: parameter.image
|
||||
if parameter["cmd"] != _|_ {
|
||||
command: parameter.cmd
|
||||
}
|
||||
}]
|
||||
output: kube.#Apply & {
|
||||
$params: {
|
||||
cluster: parameter.cluster
|
||||
value: {
|
||||
apiVersion: "apps/v1"
|
||||
kind: "Deployment"
|
||||
metadata: {
|
||||
name: context.stepName
|
||||
namespace: context.namespace
|
||||
}
|
||||
spec: {
|
||||
selector: matchLabels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
|
||||
replicas: parameter.replicas
|
||||
template: {
|
||||
metadata: labels: "workflow.oam.dev/step-name": "\(context.name)-\(context.stepName)"
|
||||
spec: containers: [{
|
||||
name: context.stepName
|
||||
image: parameter.image
|
||||
if parameter["cmd"] != _|_ {
|
||||
command: parameter.cmd
|
||||
}
|
||||
}]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
wait: op.#ConditionalWait & {
|
||||
continue: output.value.status.readyReplicas == parameter.replicas
|
||||
wait: builtin.#ConditionalWait & {
|
||||
$params: continue: output.$returns.value.status.readyReplicas == parameter.replicas
|
||||
}
|
||||
parameter: {
|
||||
image: string
|
||||
|
||||
@@ -13,13 +13,13 @@ spec:
|
||||
cue:
|
||||
template: |
|
||||
import (
|
||||
"vela/op"
|
||||
"vela/kube"
|
||||
)
|
||||
|
||||
apply: op.#Apply & {
|
||||
value: parameter.value
|
||||
cluster: parameter.cluster
|
||||
apply: kube.#Apply & {
|
||||
$params: parameter
|
||||
}
|
||||
|
||||
parameter: {
|
||||
// +usage=Specify Kubernetes native resource object to be applied
|
||||
value: {...}
|
||||
|
||||
@@ -14,11 +14,12 @@ spec:
|
||||
cue:
|
||||
template: |
|
||||
import (
|
||||
"vela/op"
|
||||
"vela/kube"
|
||||
"vela/builtin"
|
||||
)
|
||||
|
||||
apply: op.#Apply & {
|
||||
value: {
|
||||
apply: kube.#Apply & {
|
||||
$params: value: {
|
||||
apiVersion: "terraform.core.oam.dev/v1beta2"
|
||||
kind: "Configuration"
|
||||
metadata: {
|
||||
@@ -53,8 +54,10 @@ spec:
|
||||
}
|
||||
}
|
||||
}
|
||||
check: op.#ConditionalWait & {
|
||||
continue: apply.value.status != _|_ && apply.value.status.apply != _|_ && apply.value.status.apply.state == "Available"
|
||||
check: builtin.#ConditionalWait & {
|
||||
if apply.$returns.value.status != _|_ if apply.$returns.value.status.apply != _|_ {
|
||||
$params: continue: apply.$returns.value.status.apply.state == "Available"
|
||||
}
|
||||
}
|
||||
parameter: {
|
||||
// +usage=specify the source of the terraform configuration
|
||||
|
||||
@@ -14,61 +14,65 @@ spec:
|
||||
cue:
|
||||
template: |
|
||||
import (
|
||||
"vela/op"
|
||||
"vela/config"
|
||||
"vela/kube"
|
||||
"vela/builtin"
|
||||
"strings"
|
||||
)
|
||||
|
||||
config: op.#CreateConfig & {
|
||||
name: "\(context.name)-\(context.stepName)"
|
||||
namespace: context.namespace
|
||||
template: "terraform-\(parameter.type)"
|
||||
config: {
|
||||
name: parameter.name
|
||||
if parameter.type == "alibaba" {
|
||||
ALICLOUD_ACCESS_KEY: parameter.accessKey
|
||||
ALICLOUD_SECRET_KEY: parameter.secretKey
|
||||
ALICLOUD_REGION: parameter.region
|
||||
}
|
||||
if parameter.type == "aws" {
|
||||
AWS_ACCESS_KEY_ID: parameter.accessKey
|
||||
AWS_SECRET_ACCESS_KEY: parameter.secretKey
|
||||
AWS_DEFAULT_REGION: parameter.region
|
||||
AWS_SESSION_TOKEN: parameter.token
|
||||
}
|
||||
if parameter.type == "azure" {
|
||||
ARM_CLIENT_ID: parameter.clientID
|
||||
ARM_CLIENT_SECRET: parameter.clientSecret
|
||||
ARM_SUBSCRIPTION_ID: parameter.subscriptionID
|
||||
ARM_TENANT_ID: parameter.tenantID
|
||||
}
|
||||
if parameter.type == "baidu" {
|
||||
BAIDUCLOUD_ACCESS_KEY: parameter.accessKey
|
||||
BAIDUCLOUD_SECRET_KEY: parameter.secretKey
|
||||
BAIDUCLOUD_REGION: parameter.region
|
||||
}
|
||||
if parameter.type == "ec" {
|
||||
EC_API_KEY: parameter.apiKey
|
||||
}
|
||||
if parameter.type == "gcp" {
|
||||
GOOGLE_CREDENTIALS: parameter.credentials
|
||||
GOOGLE_REGION: parameter.region
|
||||
GOOGLE_PROJECT: parameter.project
|
||||
}
|
||||
if parameter.type == "tencent" {
|
||||
TENCENTCLOUD_SECRET_ID: parameter.secretID
|
||||
TENCENTCLOUD_SECRET_KEY: parameter.secretKey
|
||||
TENCENTCLOUD_REGION: parameter.region
|
||||
}
|
||||
if parameter.type == "ucloud" {
|
||||
UCLOUD_PRIVATE_KEY: parameter.privateKey
|
||||
UCLOUD_PUBLIC_KEY: parameter.publicKey
|
||||
UCLOUD_PROJECT_ID: parameter.projectID
|
||||
UCLOUD_REGION: parameter.region
|
||||
cfg: config.#CreateConfig & {
|
||||
$params: {
|
||||
name: "\(context.name)-\(context.stepName)"
|
||||
namespace: context.namespace
|
||||
template: "terraform-\(parameter.type)"
|
||||
config: {
|
||||
name: parameter.name
|
||||
if parameter.type == "alibaba" {
|
||||
ALICLOUD_ACCESS_KEY: parameter.accessKey
|
||||
ALICLOUD_SECRET_KEY: parameter.secretKey
|
||||
ALICLOUD_REGION: parameter.region
|
||||
}
|
||||
if parameter.type == "aws" {
|
||||
AWS_ACCESS_KEY_ID: parameter.accessKey
|
||||
AWS_SECRET_ACCESS_KEY: parameter.secretKey
|
||||
AWS_DEFAULT_REGION: parameter.region
|
||||
AWS_SESSION_TOKEN: parameter.token
|
||||
}
|
||||
if parameter.type == "azure" {
|
||||
ARM_CLIENT_ID: parameter.clientID
|
||||
ARM_CLIENT_SECRET: parameter.clientSecret
|
||||
ARM_SUBSCRIPTION_ID: parameter.subscriptionID
|
||||
ARM_TENANT_ID: parameter.tenantID
|
||||
}
|
||||
if parameter.type == "baidu" {
|
||||
BAIDUCLOUD_ACCESS_KEY: parameter.accessKey
|
||||
BAIDUCLOUD_SECRET_KEY: parameter.secretKey
|
||||
BAIDUCLOUD_REGION: parameter.region
|
||||
}
|
||||
if parameter.type == "ec" {
|
||||
EC_API_KEY: parameter.apiKey
|
||||
}
|
||||
if parameter.type == "gcp" {
|
||||
GOOGLE_CREDENTIALS: parameter.credentials
|
||||
GOOGLE_REGION: parameter.region
|
||||
GOOGLE_PROJECT: parameter.project
|
||||
}
|
||||
if parameter.type == "tencent" {
|
||||
TENCENTCLOUD_SECRET_ID: parameter.secretID
|
||||
TENCENTCLOUD_SECRET_KEY: parameter.secretKey
|
||||
TENCENTCLOUD_REGION: parameter.region
|
||||
}
|
||||
if parameter.type == "ucloud" {
|
||||
UCLOUD_PRIVATE_KEY: parameter.privateKey
|
||||
UCLOUD_PUBLIC_KEY: parameter.publicKey
|
||||
UCLOUD_PROJECT_ID: parameter.projectID
|
||||
UCLOUD_REGION: parameter.region
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
read: op.#Read & {
|
||||
value: {
|
||||
read: kube.#Read & {
|
||||
$params: value: {
|
||||
apiVersion: "terraform.core.oam.dev/v1beta1"
|
||||
kind: "Provider"
|
||||
metadata: {
|
||||
@@ -77,12 +81,9 @@ spec:
|
||||
}
|
||||
}
|
||||
}
|
||||
check: op.#ConditionalWait & {
|
||||
if read.value.status != _|_ {
|
||||
continue: read.value.status.state == "ready"
|
||||
}
|
||||
if read.value.status == _|_ {
|
||||
continue: false
|
||||
check: builtin.#ConditionalWait & {
|
||||
if read.$returns.value.status != _|_ {
|
||||
$params: continue: read.$returns.value.status.state == "ready"
|
||||
}
|
||||
}
|
||||
providerBasic: {
|
||||
|
||||
@@ -14,7 +14,9 @@ spec:
|
||||
cue:
|
||||
template: |
|
||||
import (
|
||||
"vela/op"
|
||||
"vela/builtin"
|
||||
"vela/kube"
|
||||
"vela/util"
|
||||
"encoding/json"
|
||||
"strings"
|
||||
)
|
||||
@@ -28,8 +30,8 @@ spec:
|
||||
value: parameter.context
|
||||
}
|
||||
}
|
||||
kaniko: op.#Apply & {
|
||||
value: {
|
||||
kaniko: kube.#Apply & {
|
||||
$params: value: {
|
||||
apiVersion: "v1"
|
||||
kind: "Pod"
|
||||
metadata: {
|
||||
@@ -95,14 +97,14 @@ spec:
|
||||
}
|
||||
}
|
||||
}
|
||||
log: op.#Log & {
|
||||
source: resources: [{
|
||||
log: util.#Log & {
|
||||
$params: source: resources: [{
|
||||
name: "\(context.name)-\(context.stepSessionID)-kaniko"
|
||||
namespace: context.namespace
|
||||
}]
|
||||
}
|
||||
read: op.#Read & {
|
||||
value: {
|
||||
read: kube.#Read & {
|
||||
$params: value: {
|
||||
apiVersion: "v1"
|
||||
kind: "Pod"
|
||||
metadata: {
|
||||
@@ -111,8 +113,10 @@ spec:
|
||||
}
|
||||
}
|
||||
}
|
||||
wait: op.#ConditionalWait & {
|
||||
continue: read.value.status != _|_ && read.value.status.phase == "Succeeded"
|
||||
wait: builtin.#ConditionalWait & {
|
||||
if read.$returns.value.status != _|_ {
|
||||
$params: continue: read.$returns.value.status.phase == "Succeeded"
|
||||
}
|
||||
}
|
||||
#secret: {
|
||||
name: string
|
||||
|
||||
@@ -15,32 +15,35 @@ spec:
|
||||
cue:
|
||||
template: |
|
||||
import (
|
||||
"vela/op"
|
||||
"vela/metrics"
|
||||
"vela/builtin"
|
||||
)
|
||||
|
||||
check: op.#PromCheck & {
|
||||
query: parameter.query
|
||||
metricEndpoint: parameter.metricEndpoint
|
||||
condition: parameter.condition
|
||||
stepID: context.stepSessionID
|
||||
duration: parameter.duration
|
||||
failDuration: parameter.failDuration
|
||||
check: metrics.#PromCheck & {
|
||||
$params: {
|
||||
query: parameter.query
|
||||
metricEndpoint: parameter.metricEndpoint
|
||||
condition: parameter.condition
|
||||
stepID: context.stepSessionID
|
||||
duration: parameter.duration
|
||||
failDuration: parameter.failDuration
|
||||
}
|
||||
}
|
||||
|
||||
fail: op.#Steps & {
|
||||
if check.failed != _|_ {
|
||||
if check.failed == true {
|
||||
breakWorkflow: op.#Fail & {
|
||||
message: check.message
|
||||
fail: {
|
||||
if check.$returns.failed != _|_ {
|
||||
if check.$returns.failed == true {
|
||||
breakWorkflow: builtin.#Fail & {
|
||||
$params: message: check.$returns.message
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
wait: op.#ConditionalWait & {
|
||||
continue: check.result
|
||||
if check.message != _|_ {
|
||||
message: check.message
|
||||
wait: builtin.#ConditionalWait & {
|
||||
$params: continue: check.$returns.result
|
||||
if check.$returns.message != _|_ {
|
||||
$params: message: check.$returns.message
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ spec:
|
||||
cue:
|
||||
template: |
|
||||
import (
|
||||
"vela/op"
|
||||
"vela/kube"
|
||||
)
|
||||
|
||||
parameter: {
|
||||
@@ -21,42 +21,46 @@ spec:
|
||||
namespace: *context.namespace | string
|
||||
}
|
||||
|
||||
cleanJobs: op.#Delete & {
|
||||
value: {
|
||||
apiVersion: "batch/v1"
|
||||
kind: "Job"
|
||||
metadata: {
|
||||
name: context.name
|
||||
cleanJobs: kube.#Delete & {
|
||||
$params: {
|
||||
value: {
|
||||
apiVersion: "batch/v1"
|
||||
kind: "Job"
|
||||
metadata: {
|
||||
name: context.name
|
||||
namespace: parameter.namespace
|
||||
}
|
||||
}
|
||||
filter: {
|
||||
namespace: parameter.namespace
|
||||
}
|
||||
}
|
||||
filter: {
|
||||
namespace: parameter.namespace
|
||||
if parameter.labelselector != _|_ {
|
||||
matchingLabels: parameter.labelselector
|
||||
}
|
||||
if parameter.labelselector == _|_ {
|
||||
matchingLabels: "workflow.oam.dev/name": context.name
|
||||
if parameter.labelselector != _|_ {
|
||||
matchingLabels: parameter.labelselector
|
||||
}
|
||||
if parameter.labelselector == _|_ {
|
||||
matchingLabels: "workflow.oam.dev/name": context.name
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
cleanPods: op.#Delete & {
|
||||
value: {
|
||||
apiVersion: "v1"
|
||||
kind: "pod"
|
||||
metadata: {
|
||||
name: context.name
|
||||
cleanPods: kube.#Delete & {
|
||||
$params: {
|
||||
value: {
|
||||
apiVersion: "v1"
|
||||
kind: "pod"
|
||||
metadata: {
|
||||
name: context.name
|
||||
namespace: parameter.namespace
|
||||
}
|
||||
}
|
||||
filter: {
|
||||
namespace: parameter.namespace
|
||||
}
|
||||
}
|
||||
filter: {
|
||||
namespace: parameter.namespace
|
||||
if parameter.labelselector != _|_ {
|
||||
matchingLabels: parameter.labelselector
|
||||
}
|
||||
if parameter.labelselector == _|_ {
|
||||
matchingLabels: "workflow.oam.dev/name": context.name
|
||||
if parameter.labelselector != _|_ {
|
||||
matchingLabels: parameter.labelselector
|
||||
}
|
||||
if parameter.labelselector == _|_ {
|
||||
matchingLabels: "workflow.oam.dev/name": context.name
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,36 +13,30 @@ spec:
|
||||
cue:
|
||||
template: |
|
||||
import (
|
||||
"vela/op"
|
||||
"vela/ql"
|
||||
"vela/builtin"
|
||||
"vela/query"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
collect: ql.#CollectServiceEndpoints & {
|
||||
app: {
|
||||
name: *context.name | string
|
||||
namespace: *context.namespace | string
|
||||
if parameter.name != _|_ {
|
||||
name: parameter.name
|
||||
}
|
||||
if parameter.namespace != _|_ {
|
||||
namespace: parameter.namespace
|
||||
}
|
||||
collect: query.#CollectServiceEndpoints & {
|
||||
$params: app: {
|
||||
name: parameter.name
|
||||
namespace: parameter.namespace
|
||||
filter: {
|
||||
if parameter.components != _|_ {
|
||||
components: parameter.components
|
||||
}
|
||||
}
|
||||
}
|
||||
} @step(1)
|
||||
}
|
||||
|
||||
outputs: {
|
||||
eps_port_name_filtered: *[] | [...]
|
||||
if parameter.portName == _|_ {
|
||||
eps_port_name_filtered: collect.list
|
||||
eps_port_name_filtered: collect.$returns.list
|
||||
}
|
||||
if parameter.portName != _|_ {
|
||||
eps_port_name_filtered: [ for ep in collect.list if parameter.portName == ep.endpoint.portName {ep}]
|
||||
eps_port_name_filtered: [for ep in collect.$returns.list if parameter.portName == ep.endpoint.portName {ep}]
|
||||
}
|
||||
|
||||
eps_port_filtered: *[] | [...]
|
||||
@@ -50,12 +44,12 @@ spec:
|
||||
eps_port_filtered: eps_port_name_filtered
|
||||
}
|
||||
if parameter.port != _|_ {
|
||||
eps_port_filtered: [ for ep in eps_port_name_filtered if parameter.port == ep.endpoint.port {ep}]
|
||||
eps_port_filtered: [for ep in eps_port_name_filtered if parameter.port == ep.endpoint.port {ep}]
|
||||
}
|
||||
eps: eps_port_filtered
|
||||
eps: eps_port_filtered
|
||||
endpoints: *[] | [...]
|
||||
if parameter.outer != _|_ {
|
||||
tmps: [ for ep in eps {
|
||||
tmps: [for ep in eps {
|
||||
ep
|
||||
if ep.endpoint.inner == _|_ {
|
||||
outer: true
|
||||
@@ -64,16 +58,16 @@ spec:
|
||||
outer: !ep.endpoint.inner
|
||||
}
|
||||
}]
|
||||
endpoints: [ for ep in tmps if (!parameter.outer || ep.outer) {ep}]
|
||||
endpoints: [for ep in tmps if (!parameter.outer || ep.outer) {ep}]
|
||||
}
|
||||
if parameter.outer == _|_ {
|
||||
endpoints: eps_port_filtered
|
||||
}
|
||||
}
|
||||
|
||||
wait: op.#ConditionalWait & {
|
||||
continue: len(outputs.endpoints) > 0
|
||||
} @step(2)
|
||||
wait: builtin.#ConditionalWait & {
|
||||
$params: continue: len(outputs.endpoints) > 0
|
||||
}
|
||||
|
||||
value: {
|
||||
if len(outputs.endpoints) > 0 {
|
||||
@@ -85,9 +79,9 @@ spec:
|
||||
|
||||
parameter: {
|
||||
// +usage=Specify the name of the application
|
||||
name?: string
|
||||
name: *context.name | string
|
||||
// +usage=Specify the namespace of the application
|
||||
namespace?: string
|
||||
namespace: *context.namespace | string
|
||||
// +usage=Filter the component of the endpoints
|
||||
components?: [...string]
|
||||
// +usage=Filter the port of the endpoints
|
||||
|
||||
@@ -32,7 +32,7 @@ spec:
|
||||
_params: #PatchParams
|
||||
name: _params.containerName
|
||||
_baseContainers: context.output.spec.template.spec.containers
|
||||
_matchContainers_: [ for _container_ in _baseContainers if _container_.name == name {_container_}]
|
||||
_matchContainers_: [for _container_ in _baseContainers if _container_.name == name {_container_}]
|
||||
_baseContainer: *_|_ | {...}
|
||||
if len(_matchContainers_) == 0 {
|
||||
err: "container \(name) not found"
|
||||
@@ -73,7 +73,7 @@ spec:
|
||||
}
|
||||
|
||||
// +patchStrategy=replace
|
||||
args: [ for a in _args if _delArgs[a] == _|_ {a}] + [ for a in _addArgs if _delArgs[a] == _|_ && _argsMap[a] == _|_ {a}]
|
||||
args: [for a in _args if _delArgs[a] == _|_ {a}] + [for a in _addArgs if _delArgs[a] == _|_ && _argsMap[a] == _|_ {a}]
|
||||
}
|
||||
}
|
||||
// +patchStrategy=open
|
||||
@@ -97,7 +97,7 @@ spec:
|
||||
}
|
||||
if parameter.containers != _|_ {
|
||||
// +patchKey=name
|
||||
containers: [ for c in parameter.containers {
|
||||
containers: [for c in parameter.containers {
|
||||
if c.containerName == "" {
|
||||
err: "container name must be set for containers"
|
||||
}
|
||||
@@ -113,5 +113,5 @@ spec:
|
||||
containers: [...#PatchParams]
|
||||
})
|
||||
|
||||
errs: [ for c in patch.spec.template.spec.containers if c.err != _|_ {c.err}]
|
||||
errs: [for c in patch.spec.template.spec.containers if c.err != _|_ {c.err}]
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ spec:
|
||||
_params: #PatchParams
|
||||
name: _params.containerName
|
||||
_baseContainers: context.output.spec.template.spec.containers
|
||||
_matchContainers_: [ for _container_ in _baseContainers if _container_.name == name {_container_}]
|
||||
_matchContainers_: [for _container_ in _baseContainers if _container_.name == name {_container_}]
|
||||
_baseContainer: *_|_ | {...}
|
||||
if len(_matchContainers_) == 0 {
|
||||
err: "container \(name) not found"
|
||||
@@ -62,7 +62,7 @@ spec:
|
||||
}
|
||||
if parameter.containers != _|_ {
|
||||
// +patchKey=name
|
||||
containers: [ for c in parameter.containers {
|
||||
containers: [for c in parameter.containers {
|
||||
if c.containerName == "" {
|
||||
err: "containerName must be set for containers"
|
||||
}
|
||||
@@ -78,5 +78,5 @@ spec:
|
||||
containers: [...#PatchParams]
|
||||
})
|
||||
|
||||
errs: [ for c in patch.spec.template.spec.containers if c.err != _|_ {c.err}]
|
||||
errs: [for c in patch.spec.template.spec.containers if c.err != _|_ {c.err}]
|
||||
|
||||
|
||||
@@ -42,7 +42,7 @@ spec:
|
||||
_params: #PatchParams
|
||||
name: _params.containerName
|
||||
_baseContainers: context.output.spec.template.spec.containers
|
||||
_matchContainers_: [ for _container_ in _baseContainers if _container_.name == name {_container_}]
|
||||
_matchContainers_: [for _container_ in _baseContainers if _container_.name == name {_container_}]
|
||||
_baseContainer: *_|_ | {...}
|
||||
if len(_matchContainers_) == 0 {
|
||||
err: "container \(name) not found"
|
||||
@@ -52,7 +52,7 @@ spec:
|
||||
_basePorts: _baseContainer.ports
|
||||
if _basePorts == _|_ {
|
||||
// +patchStrategy=replace
|
||||
ports: [ for port in _params.ports {
|
||||
ports: [for port in _params.ports {
|
||||
containerPort: port.containerPort
|
||||
protocol: port.protocol
|
||||
if port.hostPort != _|_ {
|
||||
@@ -67,7 +67,7 @@ spec:
|
||||
_basePortsMap: {for _basePort in _basePorts {(strings.ToLower(_basePort.protocol) + strconv.FormatInt(_basePort.containerPort, 10)): _basePort}}
|
||||
_portsMap: {for port in _params.ports {(strings.ToLower(port.protocol) + strconv.FormatInt(port.containerPort, 10)): port}}
|
||||
// +patchStrategy=replace
|
||||
ports: [ for portVar in _basePorts {
|
||||
ports: [for portVar in _basePorts {
|
||||
containerPort: portVar.containerPort
|
||||
protocol: portVar.protocol
|
||||
name: portVar.name
|
||||
@@ -80,7 +80,7 @@ spec:
|
||||
hostIP: _portsMap[_uniqueKey].hostIP
|
||||
}
|
||||
}
|
||||
}] + [ for port in _params.ports if _basePortsMap[strings.ToLower(port.protocol)+strconv.FormatInt(port.containerPort, 10)] == _|_ {
|
||||
}] + [for port in _params.ports if _basePortsMap[strings.ToLower(port.protocol)+strconv.FormatInt(port.containerPort, 10)] == _|_ {
|
||||
if port.containerPort != _|_ {
|
||||
containerPort: port.containerPort
|
||||
}
|
||||
@@ -115,7 +115,7 @@ spec:
|
||||
}
|
||||
if parameter.containers != _|_ {
|
||||
// +patchKey=name
|
||||
containers: [ for c in parameter.containers {
|
||||
containers: [for c in parameter.containers {
|
||||
if c.containerName == "" {
|
||||
err: "container name must be set for containers"
|
||||
}
|
||||
@@ -131,5 +131,5 @@ spec:
|
||||
containers: [...#PatchParams]
|
||||
})
|
||||
|
||||
errs: [ for c in patch.spec.template.spec.containers if c.err != _|_ {c.err}]
|
||||
errs: [for c in patch.spec.template.spec.containers if c.err != _|_ {c.err}]
|
||||
|
||||
|
||||
@@ -13,28 +13,18 @@ spec:
|
||||
cue:
|
||||
template: |
|
||||
import (
|
||||
"vela/op"
|
||||
"vela/config"
|
||||
)
|
||||
|
||||
deploy: op.#CreateConfig & {
|
||||
name: parameter.name
|
||||
if parameter.namespace != _|_ {
|
||||
namespace: parameter.namespace
|
||||
}
|
||||
if parameter.namespace == _|_ {
|
||||
namespace: context.namespace
|
||||
}
|
||||
if parameter.template != _|_ {
|
||||
template: parameter.template
|
||||
}
|
||||
config: parameter.config
|
||||
deploy: config.#CreateConfig & {
|
||||
$params: parameter
|
||||
}
|
||||
parameter: {
|
||||
//+usage=Specify the name of the config.
|
||||
name: string
|
||||
|
||||
//+usage=Specify the namespace of the config.
|
||||
namespace?: string
|
||||
namespace: *context.namespace | string
|
||||
|
||||
//+usage=Specify the template of the config.
|
||||
template?: string
|
||||
|
||||
@@ -25,7 +25,7 @@ spec:
|
||||
] | []
|
||||
|
||||
configMap: *[
|
||||
for v in parameter.volumeMounts.configMap {
|
||||
for v in parameter.volumeMounts.configMap {
|
||||
{
|
||||
mountPath: v.mountPath
|
||||
if v.subPath != _|_ {
|
||||
@@ -49,7 +49,7 @@ spec:
|
||||
] | []
|
||||
|
||||
emptyDir: *[
|
||||
for v in parameter.volumeMounts.emptyDir {
|
||||
for v in parameter.volumeMounts.emptyDir {
|
||||
{
|
||||
mountPath: v.mountPath
|
||||
if v.subPath != _|_ {
|
||||
@@ -61,7 +61,7 @@ spec:
|
||||
] | []
|
||||
|
||||
hostPath: *[
|
||||
for v in parameter.volumeMounts.hostPath {
|
||||
for v in parameter.volumeMounts.hostPath {
|
||||
{
|
||||
mountPath: v.mountPath
|
||||
if v.subPath != _|_ {
|
||||
@@ -83,7 +83,7 @@ spec:
|
||||
] | []
|
||||
|
||||
configMap: *[
|
||||
for v in parameter.volumeMounts.configMap {
|
||||
for v in parameter.volumeMounts.configMap {
|
||||
{
|
||||
name: v.name
|
||||
configMap: {
|
||||
@@ -113,7 +113,7 @@ spec:
|
||||
] | []
|
||||
|
||||
emptyDir: *[
|
||||
for v in parameter.volumeMounts.emptyDir {
|
||||
for v in parameter.volumeMounts.emptyDir {
|
||||
{
|
||||
name: v.name
|
||||
emptyDir: medium: v.medium
|
||||
@@ -122,7 +122,7 @@ spec:
|
||||
] | []
|
||||
|
||||
hostPath: *[
|
||||
for v in parameter.volumeMounts.hostPath {
|
||||
for v in parameter.volumeMounts.hostPath {
|
||||
{
|
||||
name: v.name
|
||||
hostPath: path: v.path
|
||||
@@ -223,7 +223,7 @@ spec:
|
||||
}
|
||||
}
|
||||
if parameter["volumes"] != _|_ if parameter["volumeMounts"] == _|_ {
|
||||
volumeMounts: [ for v in parameter.volumes {
|
||||
volumeMounts: [for v in parameter.volumes {
|
||||
{
|
||||
mountPath: v.mountPath
|
||||
name: v.name
|
||||
@@ -234,7 +234,7 @@ spec:
|
||||
}
|
||||
}]
|
||||
if parameter["volumes"] != _|_ if parameter["volumeMounts"] == _|_ {
|
||||
volumes: [ for v in parameter.volumes {
|
||||
volumes: [for v in parameter.volumes {
|
||||
{
|
||||
name: v.name
|
||||
if v.type == "pvc" {
|
||||
@@ -267,13 +267,13 @@ spec:
|
||||
volumes: deDupVolumesArray
|
||||
}
|
||||
if parameter["imagePullSecrets"] != _|_ {
|
||||
imagePullSecrets: [ for v in parameter.imagePullSecrets {
|
||||
imagePullSecrets: [for v in parameter.imagePullSecrets {
|
||||
name: v
|
||||
},
|
||||
]
|
||||
}
|
||||
if parameter.hostAliases != _|_ {
|
||||
hostAliases: [ for v in parameter.hostAliases {
|
||||
hostAliases: [for v in parameter.hostAliases {
|
||||
ip: v.ip
|
||||
hostnames: v.hostnames
|
||||
},
|
||||
|
||||
@@ -162,7 +162,7 @@ spec:
|
||||
}]
|
||||
}
|
||||
if parameter["ports"] != _|_ {
|
||||
ports: [ for v in parameter.ports {
|
||||
ports: [for v in parameter.ports {
|
||||
{
|
||||
containerPort: v.port
|
||||
protocol: v.protocol
|
||||
@@ -206,7 +206,7 @@ spec:
|
||||
}
|
||||
|
||||
if parameter["volumes"] != _|_ && parameter["volumeMounts"] == _|_ {
|
||||
volumeMounts: [ for v in parameter.volumes {
|
||||
volumeMounts: [for v in parameter.volumes {
|
||||
{
|
||||
mountPath: v.mountPath
|
||||
name: v.name
|
||||
@@ -233,14 +233,14 @@ spec:
|
||||
}
|
||||
|
||||
if parameter["imagePullSecrets"] != _|_ {
|
||||
imagePullSecrets: [ for v in parameter.imagePullSecrets {
|
||||
imagePullSecrets: [for v in parameter.imagePullSecrets {
|
||||
name: v
|
||||
},
|
||||
]
|
||||
}
|
||||
|
||||
if parameter["volumes"] != _|_ && parameter["volumeMounts"] == _|_ {
|
||||
volumes: [ for v in parameter.volumes {
|
||||
volumes: [for v in parameter.volumes {
|
||||
{
|
||||
name: v.name
|
||||
if v.type == "pvc" {
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user