Backport #2541 to release 1.1 (#2709)

When golangci-lint doesn't locate in $PATH, it will be installed in
$GOBIN every single time.

(cherry picked from commit bff846b7fe)

Co-authored-by: zzxwill <zzxwill@gmail.com>

.github/comment.userlist

@@ -11,3 +11,4 @@ wangyuan249
 chivalryq
 FogDong
 leejanee
+barnettZQG

.github/pr-title-checker-config.json

@@ -0,0 +1,10 @@
+{
+  "LABEL": {
+    "name": "title-needs-formatting",
+    "color": "EEEEEE"
+  },
+  "CHECKS": {
+    "prefixes": ["Fix: ", "Feat: ", "Docs: ", "Test: ", "Chore: ", "CI: ", "Perf: ", "Refactor: ", "Revert: ", "Style: ", "Test: ", "Backport: ", "Backport",
+      "Fix(", "Feat(", "Docs(", "Test(", "Chore(", "CI(", "Perf(", "Refactor(", "Revert(", "Style(", "Test(", "Backport("]
+  }
+} 

.github/workflows/commit-lint.yml

@@ -1,13 +1,19 @@
-name: Lint Commit Messages
-on: [push, pull_request]
+name: PR Title Checker
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - labeled
+      - unlabeled
 
 jobs:
-  commitlint:
+  check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: thehanimo/pr-title-checker@v1.3.1
         with:
-          fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@v4
-        with:
-          helpURL: https://github.com/oam-dev/kubevela/blob/master/contribute/create-pull-request.md#commit-message-format
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          pass_on_octokit_error: true
+          configuration_path: ".github/pr-title-checker-config.json"

.github/workflows/e2e-multicluster-test.yml

@@ -0,0 +1,109 @@
+name: E2E MultiCluster Test
+
+on:
+  push:
+    branches:
+      - master
+      - release-*
+  workflow_dispatch: {}
+  pull_request:
+    branches:
+      - master
+      - release-*
+
+env:
+  # Common versions
+  GO_VERSION: '1.16'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'
+
+jobs:
+
+  detect-noop:
+    runs-on: ubuntu-20.04
+    outputs:
+      noop: ${{ steps.noop.outputs.should_skip }}
+    steps:
+      - name: Detect No-op Changes
+        id: noop
+        uses: fkirc/skip-duplicate-actions@v3.3.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
+          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
+          concurrent_skipping: false
+
+  e2e-multi-cluster-tests:
+    runs-on: aliyun
+    needs: detect-noop
+    if: needs.detect-noop.outputs.noop != 'true'
+
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Get dependencies
+        run: |
+          go get -v -t -d ./...
+
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
+        with:
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true
+
+      - name: Setup Kind Cluster (Worker)
+        run: |
+          kind delete cluster --name worker
+          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4 --name worker
+          kubectl version
+          kubectl cluster-info
+          kind get kubeconfig --name worker --internal > /tmp/worker.kubeconfig
+          kind get kubeconfig --name worker > /tmp/worker.client.kubeconfig
+
+      - name: Setup Kind Cluster (Hub)
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
+          kubectl version
+          kubectl cluster-info
+
+      - name: Load Image to kind cluster (Hub)
+        run: make kind-load
+
+      - name: Load Image to kind cluster (Worker)
+        run: |
+          make kind-load-runtime-cluster
+
+      - name: Cleanup for e2e tests
+        run: |
+          make e2e-cleanup
+          make e2e-setup-core
+          make
+          make setup-runtime-e2e-cluster
+
+      - name: Run e2e multicluster tests
+        run: make e2e-multicluster-test
+
+      - name: Stop kubevela, get profile
+        run: make end-e2e-core
+
+      - name: Upload coverage report
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: /tmp/e2e-profile.out,/tmp/e2e_multicluster_test.out
+          flags: e2e-multicluster-test
+          name: codecov-umbrella
+
+      - name: Clean e2e profile
+        run: rm /tmp/e2e-profile.out
+
+      - name: Cleanup image
+        if: ${{ always() }}
+        run: make image-cleanup

.github/workflows/e2e-rollout-test.yml

@@ -80,13 +80,6 @@ jobs:
           helm lint ./charts/vela-core
           helm test -n vela-system kubevela --timeout 5m
 
-      - name: Wait for e2e preparation ready
-        run: |
-          timeout 60 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:37081/api/components)" != "200" ]]; do sleep 5; done' || false
-
-      - name: Run api e2e tests
-        run: make e2e-api-test
-
       - name: Run e2e tests
         run: make e2e-rollout-test
 

.github/workflows/e2e-test.yml

@@ -80,13 +80,12 @@ jobs:
           helm lint ./charts/vela-core
           helm test -n vela-system kubevela --timeout 5m
 
-      - name: Wait for e2e preparation ready
-        run: |
-          timeout 60 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:37081/api/components)" != "200" ]]; do sleep 5; done' || false
-
       - name: Run api e2e tests
         run: make e2e-api-test
 
+      - name: Run addons e2e tests
+        run: make e2e-addon-test
+
       - name: Run e2e tests
         run: make e2e-test
 

.github/workflows/registry.yml

@@ -85,6 +85,7 @@ jobs:
     env:
       HELM_CHARTS_DIR: charts
       HELM_CHART: charts/vela-core
+      MINIMAL_HELM_CHART: charts/vela-minimal
       LEGACY_HELM_CHART: legacy/charts/vela-core-legacy
       OAM_RUNTIME_HELM_CHART: charts/oam-runtime
       VELA_ROLLOUT_HELM_CHART: runtime/rollout/charts
@@ -128,11 +129,13 @@ jobs:
             chart_version=${current_repo_tag}-nightly-build
           fi
           sed -i "s/latest/${image_tag}/g" $HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $MINIMAL_HELM_CHART/values.yaml
           sed -i "s/latest/${image_tag}/g" $LEGACY_HELM_CHART/values.yaml
           sed -i "s/latest/${image_tag}/g" $OAM_RUNTIME_HELM_CHART/values.yaml
           sed -i "s/latest/${image_tag}/g" $VELA_ROLLOUT_HELM_CHART/values.yaml
           chart_smever=${chart_version#"v"}
           sed -i "s/0.1.0/$chart_smever/g" $HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $MINIMAL_HELM_CHART/Chart.yaml
           sed -i "s/0.1.0/$chart_smever/g" $LEGACY_HELM_CHART/Chart.yaml
           sed -i "s/0.1.0/$chart_smever/g" $OAM_RUNTIME_HELM_CHART/Chart.yaml
           sed -i "s/0.1.0/$chart_smever/g" $VELA_ROLLOUT_HELM_CHART/Chart.yaml
@@ -153,6 +156,7 @@ jobs:
       - name: Package helm charts
         run: |
           helm package $HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $MINIMAL_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
           helm package $LEGACY_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
           helm package $OAM_RUNTIME_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
           helm package $VELA_ROLLOUT_HELM_CHART --destination $LOCAL_OSS_DIRECTORY

.gitignore

@@ -44,17 +44,8 @@ charts/vela-core/crds/_.yaml
 
 .vela/
 
-# Dashboard
-node_modules/
-.eslintcache
-references/dashboard/dist/
-references/dashboard/package-lock.json
-references/dashboard/src/.umi/
-package-lock.json
-references/dashboard/src/.umi-production/
-
-# Swagger: generate Restful API
-references/apiserver/docs/index.html
-
 # check docs
-git-page/
+git-page/
+
+# e2e rollout runtime image build
+runtime/rollout/e2e/tmp

Dockerfile

@@ -5,6 +5,10 @@ WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
+
+# It's a proxy for CN developer, please unblock it if you have network issue
+# RUN go env -w GOPROXY=https://goproxy.cn,direct
+
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download

Dockerfile.e2e

@@ -24,6 +24,7 @@ ARG VERSION
 ARG GITVERSION
 
 RUN  apk add gcc musl-dev libc-dev ;\
+     GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
      go test -c -o manager-${TARGETARCH}  -cover -covermode=atomic -coverpkg ./... .
 
 RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \

Makefile

@@ -39,6 +39,9 @@ endif
 VELA_CORE_IMAGE      ?= vela-core:latest
 VELA_CORE_TEST_IMAGE ?= vela-core-test:$(GIT_COMMIT)
 VELA_RUNTIME_ROLLOUT_IMAGE       ?= vela-runtime-rollout:latest
+VELA_RUNTIME_ROLLOUT_TEST_IMAGE  ?= vela-runtime-rollout-test:$(GIT_COMMIT)
+RUNTIME_CLUSTER_CONFIG ?= /tmp/worker.kubeconfig
+RUNTIME_CLUSTER_NAME ?= worker
 
 all: build
 
@@ -58,9 +61,6 @@ vela-cli:
 kubectl-vela:
 	$(GOBUILD_ENV) go build -o bin/kubectl-vela -a -ldflags $(LDFLAGS) ./cmd/plugin/main.go
 
-dashboard-build:
-	cd references/dashboard && npm install && cd ..
-
 doc-gen:
 	rm -r docs/en/cli/*
 	go run hack/docgen/gen.go
@@ -98,6 +98,9 @@ compress:
 run:
 	go run ./cmd/core/main.go --application-revision-limit 5
 
+run-apiserver:
+	go run ./cmd/apiserver/main.go
+
 # Run go fmt against code
 fmt: goimports installcue
 	go fmt ./...
@@ -138,12 +141,21 @@ docker-build-runtime-rollout:
 docker-push:
 	docker push $(VELA_CORE_IMAGE)
 
+e2e-setup-core:
+	sh ./hack/e2e/modify_charts.sh
+	helm upgrade --install --create-namespace --namespace vela-system --set image.pullPolicy=IfNotPresent --set image.repository=vela-core-test --set applicationRevisionLimit=5 --set dependCheckWait=10s --set image.tag=$(GIT_COMMIT) --set multicluster.enabled=true --wait kubevela ./charts/vela-core
+	kubectl wait --for=condition=Available deployment/kubevela-vela-core -n vela-system --timeout=180s
+
+setup-runtime-e2e-cluster:
+	helm upgrade --install --create-namespace --namespace vela-system --kubeconfig=$(RUNTIME_CLUSTER_CONFIG) --set image.pullPolicy=IfNotPresent --set image.repository=vela-runtime-rollout-test --set image.tag=$(GIT_COMMIT) --wait vela-rollout ./runtime/rollout/charts
+
 e2e-setup:
 	helm install kruise https://github.com/openkruise/kruise/releases/download/v0.9.0/kruise-chart.tgz --set featureGates="PreDownloadImageForInPlaceUpdate=true"
 	sh ./hack/e2e/modify_charts.sh
 	helm upgrade --install --create-namespace --namespace vela-system --set image.pullPolicy=IfNotPresent --set image.repository=vela-core-test --set applicationRevisionLimit=5 --set dependCheckWait=10s --set image.tag=$(GIT_COMMIT) --wait kubevela ./charts/vela-core
 	helm upgrade --install --create-namespace --namespace oam-runtime-system --set image.pullPolicy=IfNotPresent --set image.repository=vela-core-test --set dependCheckWait=10s --set image.tag=$(GIT_COMMIT) --wait oam-runtime ./charts/oam-runtime
-	bin/vela addon enable ocm-cluster-manager
+	bin/vela addon enable fluxcd
+	bin/vela addon enable terraform
 	ginkgo version
 	ginkgo -v -r e2e/setup
 
@@ -151,13 +163,10 @@ e2e-setup:
 	kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=vela-core,app.kubernetes.io/instance=kubevela -n vela-system --timeout=600s
 	kubectl wait --for=condition=Ready pod -l app=source-controller -n flux-system --timeout=600s
 	kubectl wait --for=condition=Ready pod -l app=helm-controller -n flux-system --timeout=600s
-	kubectl wait --for=condition=Ready pod -l app=cluster-manager -n open-cluster-management --timeout=600s
-	bin/vela dashboard &
 
 e2e-api-test:
 	# Run e2e test
-	ginkgo -v -skipPackage capability,setup,apiserver,application -r e2e
-	ginkgo -v -r e2e/apiserver
+	ginkgo -v -skipPackage capability,setup,application -r e2e
 	ginkgo -v -r e2e/application
 
 e2e-test:
@@ -165,10 +174,19 @@ e2e-test:
 	ginkgo -v  --skip="rollout related e2e-test." ./test/e2e-test
 	@$(OK) tests pass
 
+e2e-addon-test:
+	cp bin/vela /tmp/
+	ginkgo -v ./test/e2e-addon-test
+	@$(OK) tests pass
+
 e2e-rollout-test:
 	ginkgo -v  --focus="rollout related e2e-test." ./test/e2e-test
 	@$(OK) tests pass
 
+e2e-multicluster-test:
+	go test -v -coverpkg=./... -coverprofile=/tmp/e2e_multicluster_test.out ./test/e2e-multicluster-test
+	@$(OK) tests pass
+
 compatibility-test: vet lint staticcheck generate-compatibility-testdata
 	# Run compatibility test with old crd
 	COMPATIBILITY_TEST=TRUE go test -race ./pkg/...
@@ -191,6 +209,9 @@ ifneq ($(shell docker images -q $(VELA_CORE_TEST_IMAGE)),)
 	docker rmi -f $(VELA_CORE_TEST_IMAGE)
 endif
 
+end-e2e-core:
+	sh ./hack/e2e/end_e2e_core.sh
+
 end-e2e:
 	sh ./hack/e2e/end_e2e.sh
 
@@ -199,6 +220,12 @@ kind-load:
 	docker build -t $(VELA_CORE_TEST_IMAGE) -f Dockerfile.e2e .
 	kind load docker-image $(VELA_CORE_TEST_IMAGE) || { echo >&2 "kind not installed or error loading image: $(VELA_CORE_TEST_IMAGE)"; exit 1; }
 
+kind-load-runtime-cluster:
+	/bin/sh hack/e2e/build_runtime_rollout.sh
+	docker build -t $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) -f runtime/rollout/e2e/Dockerfile.e2e runtime/rollout/e2e/
+	rm -rf runtime/rollout/e2e/tmp
+	kind load docker-image $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) --name=$(RUNTIME_CLUSTER_NAME)  || { echo >&2 "kind not installed or error loading image: $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)"; exit 1; }
+
 # Run tests
 core-test: fmt vet manifests
 	go test ./pkg/... -coverprofile cover.out
@@ -235,12 +262,12 @@ manifests: installcue kustomize
 	# TODO(yangsoon): kustomize will merge all CRD into a whole file, it may not work if we want patch more than one CRD in this way
 	$(KUSTOMIZE) build config/crd -o config/crd/base/core.oam.dev_applications.yaml
 	./hack/crd/cleanup.sh
-	go run ./hack/crd/dispatch/dispatch.go config/crd/base charts/vela-core/crds charts/oam-runtime/crds runtime/
+	go run ./hack/crd/dispatch/dispatch.go config/crd/base charts/vela-core/crds charts/oam-runtime/crds runtime/ charts/vela-minimal/crds
 	rm -f config/crd/base/*
 	./vela-templates/gen_definitions.sh
 	go run ./vela-templates/gen_addons.go
 
-GOLANGCILINT_VERSION ?= v1.31.0
+GOLANGCILINT_VERSION ?= v1.38.0
 HOSTOS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
 HOSTARCH := $(shell uname -m)
 ifeq ($(HOSTARCH),x86_64)
@@ -248,16 +275,20 @@ HOSTARCH := amd64
 endif
 
 golangci:
-ifeq (, $(shell which golangci-lint))
+ifneq ($(shell which golangci-lint),)
+	@$(OK) golangci-lint is already installed
+GOLANGCILINT=$(shell which golangci-lint)
+else ifeq (, $(shell which $(GOBIN)/golangci-lint))
 	@{ \
 	set -e ;\
 	echo 'installing golangci-lint-$(GOLANGCILINT_VERSION)' ;\
 	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) $(GOLANGCILINT_VERSION) ;\
-	echo 'Install succeed' ;\
+	echo 'Successfully installed' ;\
 	}
 GOLANGCILINT=$(GOBIN)/golangci-lint
 else
-GOLANGCILINT=$(shell which golangci-lint)
+	@$(OK) golangci-lint is already installed
+GOLANGCILINT=$(GOBIN)/golangci-lint
 endif
 
 .PHONY: staticchecktool

README.md

@@ -39,6 +39,9 @@ Full documentation is available on the [KubeVela website](https://kubevela.io/).
 - Slack:  [CNCF Slack](https://slack.cncf.io/) #kubevela channel (*English*)
 - Gitter: [oam-dev](https://gitter.im/oam-dev/community) (*English*)
 - [DingTalk Group](https://page.dingtalk.com/wow/dingtalk/act/en-home): `23310022` (*Chinese*)
+- Wechat Group (*Chinese*): Broker wechat to add you into the user group.
+ 
+  <img src="https://static.kubevela.net/images/barnett-wechat.jpg" width="200" />
 - Bi-weekly Community Call: [Meeting Notes](https://docs.google.com/document/d/1nqdFEyULekyksFHtFvgvFAYE-0AMHKoS3RMnaKsarjs)
 
 ## Talks and Conferences

apis/core.oam.dev/common/types.go

@@ -17,9 +17,13 @@ limitations under the License.
 package common
 
 import (
+	"encoding/json"
+
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 
+	types "github.com/oam-dev/terraform-controller/api/types/crossplane-runtime"
+
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
 
 	"github.com/oam-dev/kubevela/apis/standard.oam.dev/v1alpha1"
@@ -107,8 +111,14 @@ type Terraform struct {
 
 	// Type specifies which Terraform configuration it is, HCL or JSON syntax
 	// +kubebuilder:default:=hcl
-	// +kubebuilder:validation:Enum:=hcl;json
+	// +kubebuilder:validation:Enum:=hcl;json;remote
 	Type string `json:"type,omitempty"`
+
+	// Path is the sub-directory of remote git repository. It's valid when remote is set
+	Path string `json:"path,omitempty"`
+
+	// ProviderReference specifies the reference to Provider
+	ProviderReference *types.Reference `json:"providerRef,omitempty"`
 }
 
 // A WorkloadTypeDescriptor refer to a Workload Type
@@ -369,7 +379,7 @@ type AppRolloutStatus struct {
 type ApplicationTrait struct {
 	Type string `json:"type"`
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
 }
 
 // ApplicationComponent describe the component of application
@@ -379,10 +389,11 @@ type ApplicationComponent struct {
 	// ExternalRevision specified the component revisionName
 	ExternalRevision string `json:"externalRevision,omitempty"`
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
 
-	Inputs  StepInputs  `json:"inputs,omitempty"`
-	Outputs StepOutputs `json:"outputs,omitempty"`
+	DependsOn []string    `json:"dependsOn,omitempty"`
+	Inputs    StepInputs  `json:"inputs,omitempty"`
+	Outputs   StepOutputs `json:"outputs,omitempty"`
 
 	// Traits define the trait of one component, the type must be array to keep the order.
 	Traits []ApplicationTrait `json:"traits,omitempty"`
@@ -451,3 +462,29 @@ type ClusterObjectReference struct {
 	Creator                ResourceCreatorRole `json:"creator,omitempty"`
 	corev1.ObjectReference `json:",inline"`
 }
+
+// RawExtensionPointer is the pointer of raw extension
+type RawExtensionPointer struct {
+	RawExtension *runtime.RawExtension
+}
+
+// MarshalJSON may get called on pointers or values, so implement MarshalJSON on value.
+// http://stackoverflow.com/questions/21390979/custom-marshaljson-never-gets-called-in-go
+func (re RawExtensionPointer) MarshalJSON() ([]byte, error) {
+	if re.RawExtension == nil {
+		return nil, nil
+	}
+	if re.RawExtension.Raw == nil {
+		// TODO: this is to support legacy behavior of JSONPrinter and YAMLPrinter, which
+		// expect to call json.Marshal on arbitrary versioned objects (even those not in
+		// the scheme). pkg/kubectl/resource#AsVersionedObjects and its interaction with
+		// kubectl get on objects not in the scheme needs to be updated to ensure that the
+		// objects that are not part of the scheme are correctly put into the right form.
+		if re.RawExtension.Object != nil {
+			return json.Marshal(re.RawExtension.Object)
+		}
+		return []byte("null"), nil
+	}
+	// TODO: Check whether ContentType is actually JSON before returning it.
+	return re.RawExtension.Raw, nil
+}

apis/core.oam.dev/common/zz_generated.deepcopy.go

@@ -21,7 +21,9 @@ limitations under the License.
 package common
 
 import (
+	crossplane_runtime "github.com/oam-dev/terraform-controller/api/types/crossplane-runtime"
 	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -92,7 +94,16 @@ func (in *AppStatus) DeepCopy() *AppStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplicationComponent) DeepCopyInto(out *ApplicationComponent) {
 	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	if in.Inputs != nil {
 		in, out := &in.Inputs, &out.Inputs
 		*out = make(StepInputs, len(*in))
@@ -158,7 +169,11 @@ func (in *ApplicationComponentStatus) DeepCopy() *ApplicationComponentStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplicationTrait) DeepCopyInto(out *ApplicationTrait) {
 	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationTrait.
@@ -398,6 +413,26 @@ func (in *RawComponent) DeepCopy() *RawComponent {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RawExtensionPointer) DeepCopyInto(out *RawExtensionPointer) {
+	*out = *in
+	if in.RawExtension != nil {
+		in, out := &in.RawExtension, &out.RawExtension
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RawExtensionPointer.
+func (in *RawExtensionPointer) DeepCopy() *RawExtensionPointer {
+	if in == nil {
+		return nil
+	}
+	out := new(RawExtensionPointer)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Revision) DeepCopyInto(out *Revision) {
 	*out = *in
@@ -434,7 +469,7 @@ func (in *Schematic) DeepCopyInto(out *Schematic) {
 	if in.Terraform != nil {
 		in, out := &in.Terraform, &out.Terraform
 		*out = new(Terraform)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 }
 
@@ -524,6 +559,11 @@ func (in *SubStepsStatus) DeepCopy() *SubStepsStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Terraform) DeepCopyInto(out *Terraform) {
 	*out = *in
+	if in.ProviderReference != nil {
+		in, out := &in.ProviderReference, &out.ProviderReference
+		*out = new(crossplane_runtime.Reference)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Terraform.

apis/core.oam.dev/v1alpha1/workflow_types.go

@@ -1,116 +0,0 @@
-/*
- Copyright 2021. The KubeVela Authors.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package v1alpha1
-
-import (
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
-)
-
-// WorkflowStepPhase describes the phase of a workflow step.
-type WorkflowStepPhase string
-
-const (
-	// WorkflowStepPhaseSucceeded will make the controller run the next step.
-	WorkflowStepPhaseSucceeded WorkflowStepPhase = "succeeded"
-	// WorkflowStepPhaseFailed will make the controller stop the workflow and report error in `message`.
-	WorkflowStepPhaseFailed WorkflowStepPhase = "failed"
-	// WorkflowStepPhaseTerminated will make the controller terminate the workflow.
-	WorkflowStepPhaseTerminated WorkflowStepPhase = "terminated"
-	// WorkflowStepPhaseSuspending will make the controller suspend the workflow.
-	WorkflowStepPhaseSuspending WorkflowStepPhase = "suspending"
-	// WorkflowStepPhaseRunning will make the controller continue the workflow.
-	WorkflowStepPhaseRunning WorkflowStepPhase = "running"
-)
-
-// WorkflowStep defines how to execute a workflow step.
-type WorkflowStep struct {
-	// Name is the unique name of the workflow step.
-	Name string `json:"name"`
-	Type string `json:"type"`
-	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
-	Inputs     common.StepInputs    `json:"inputs,omitempty"`
-	Outputs    common.StepOutputs   `json:"outputs,omitempty"`
-}
-
-// A WorkflowSpec defines the desired state of a Workflow.
-type WorkflowSpec struct {
-	Steps []WorkflowStep `json:"steps,omitempty"`
-}
-
-// A WorkflowStatus is the status of Workflow
-type WorkflowStatus struct {
-	// ConditionedStatus reflects the observed status of a resource
-	condition.ConditionedStatus `json:",inline"`
-	ObservedGeneration          int64                   `json:"observedGeneration,omitempty"`
-	StepIndex                   int                     `json:"stepIndex,omitempty"`
-	Suspend                     bool                    `json:"suspend"`
-	Terminated                  bool                    `json:"terminated"`
-	ContextBackend              *corev1.ObjectReference `json:"contextBackend"`
-	Steps                       []WorkflowStepStatus    `json:"steps,omitempty"`
-}
-
-// WorkflowStepStatus record the status of a workflow step
-type WorkflowStepStatus struct {
-	Name  string            `json:"name,omitempty"`
-	Type  string            `json:"type,omitempty"`
-	Phase WorkflowStepPhase `json:"phase,omitempty"`
-	// A human readable message indicating details about why the workflowStep is in this state.
-	Message string `json:"message,omitempty"`
-	// A brief CamelCase message indicating details about why the workflowStep is in this state.
-	Reason      string                 `json:"reason,omitempty"`
-	ResourceRef corev1.ObjectReference `json:"resourceRef,omitempty"`
-}
-
-// Workflow is the Schema for the Workflow API
-// +kubebuilder:object:root=true
-// +kubebuilder:storageversion
-// +kubebuilder:subresource:status
-// +kubebuilder:resource:scope=Namespaced,categories={oam},shortName=workflow
-// +kubebuilder:printcolumn:name="PHASE",type=string,JSONPath=`.status.phase`
-// +kubebuilder:printcolumn:name="AGE",type=date,JSONPath=".metadata.creationTimestamp"
-type Workflow struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   WorkflowSpec   `json:"spec,omitempty"`
-	Status WorkflowStatus `json:"status,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-
-// WorkflowList contains a list of Workflow.
-type WorkflowList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []Workflow `json:"items"`
-}
-
-// SetConditions set condition for Workflow
-func (w *Workflow) SetConditions(c ...condition.Condition) {
-	w.Status.SetConditions(c...)
-}
-
-// GetCondition gets condition from Workflow
-func (w *Workflow) GetCondition(conditionType condition.ConditionType) condition.Condition {
-	return w.Status.GetCondition(conditionType)
-}

apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go

@@ -296,152 +296,3 @@ func (in *NamespaceSelector) DeepCopy() *NamespaceSelector {
 	in.DeepCopyInto(out)
 	return out
 }
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Workflow) DeepCopyInto(out *Workflow) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workflow.
-func (in *Workflow) DeepCopy() *Workflow {
-	if in == nil {
-		return nil
-	}
-	out := new(Workflow)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *Workflow) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowList) DeepCopyInto(out *WorkflowList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]Workflow, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowList.
-func (in *WorkflowList) DeepCopy() *WorkflowList {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkflowList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *WorkflowList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowSpec) DeepCopyInto(out *WorkflowSpec) {
-	*out = *in
-	if in.Steps != nil {
-		in, out := &in.Steps, &out.Steps
-		*out = make([]WorkflowStep, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowSpec.
-func (in *WorkflowSpec) DeepCopy() *WorkflowSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkflowSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowStatus) DeepCopyInto(out *WorkflowStatus) {
-	*out = *in
-	in.ConditionedStatus.DeepCopyInto(&out.ConditionedStatus)
-	if in.ContextBackend != nil {
-		in, out := &in.ContextBackend, &out.ContextBackend
-		*out = new(v1.ObjectReference)
-		**out = **in
-	}
-	if in.Steps != nil {
-		in, out := &in.Steps, &out.Steps
-		*out = make([]WorkflowStepStatus, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStatus.
-func (in *WorkflowStatus) DeepCopy() *WorkflowStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkflowStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
-	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
-	if in.Inputs != nil {
-		in, out := &in.Inputs, &out.Inputs
-		*out = make(common.StepInputs, len(*in))
-		copy(*out, *in)
-	}
-	if in.Outputs != nil {
-		in, out := &in.Outputs, &out.Outputs
-		*out = make(common.StepOutputs, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStep.
-func (in *WorkflowStep) DeepCopy() *WorkflowStep {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkflowStep)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowStepStatus) DeepCopyInto(out *WorkflowStepStatus) {
-	*out = *in
-	out.ResourceRef = in.ResourceRef
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStepStatus.
-func (in *WorkflowStepStatus) DeepCopy() *WorkflowStepStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkflowStepStatus)
-	in.DeepCopyInto(out)
-	return out
-}

apis/core.oam.dev/v1alpha2/application_types.go

@@ -54,7 +54,7 @@ type AppStatus struct {
 type ApplicationTrait struct {
 	Name string `json:"name"`
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
 }
 
 // ApplicationComponent describe the component of application

apis/core.oam.dev/v1alpha2/applicationcontext_types.go

@@ -1,48 +0,0 @@
-/*
-Copyright 2021 The KubeVela Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha2
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// ApplicationContextSpec is the spec of ApplicationContext
-type ApplicationContextSpec struct {
-	// ApplicationRevisionName points to the snapshot of an Application with all its closure
-	ApplicationRevisionName string `json:"applicationRevisionName"`
-}
-
-// ApplicationContext is the Schema for the ApplicationContext API
-// +kubebuilder:object:root=true
-// +kubebuilder:resource:shortName=appcontext,categories={oam}
-// +kubebuilder:subresource:status
-type ApplicationContext struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec ApplicationContextSpec `json:"spec,omitempty"`
-	// we need to reuse the AC status
-	Status ApplicationConfigurationStatus `json:"status,omitempty"`
-}
-
-// ApplicationContextList contains a list of ApplicationContext
-// +kubebuilder:object:root=true
-type ApplicationContextList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []ApplicationContext `json:"items"`
-}

apis/core.oam.dev/v1alpha2/conversion.go

@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"reflect"
 
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
 
@@ -44,7 +45,7 @@ func ApplicationV1alpha2ToV1beta1(v1a2 *Application, v1b1 *v1beta1.Application)
 		for j, trait := range comp.Traits {
 			traits[j] = common.ApplicationTrait{
 				Type:       trait.Name,
-				Properties: *trait.Properties.DeepCopy(),
+				Properties: trait.Properties.DeepCopy(),
 			}
 		}
 
@@ -58,7 +59,7 @@ func ApplicationV1alpha2ToV1beta1(v1a2 *Application, v1b1 *v1beta1.Application)
 		v1b1.Spec.Components = append(v1b1.Spec.Components, common.ApplicationComponent{
 			Name:       comp.Name,
 			Type:       comp.WorkloadType,
-			Properties: *comp.Settings.DeepCopy(),
+			Properties: comp.Settings.DeepCopy(),
 			Traits:     traits,
 			Scopes:     scopes,
 		})
@@ -104,7 +105,7 @@ func (app *Application) ConvertFrom(src conversion.Hub) error {
 			for j, trait := range comp.Traits {
 				traits[j] = ApplicationTrait{
 					Name:       trait.Type,
-					Properties: *trait.Properties.DeepCopy(),
+					Properties: trait.Properties.DeepCopy(),
 				}
 			}
 
@@ -115,10 +116,17 @@ func (app *Application) ConvertFrom(src conversion.Hub) error {
 			}
 			// convert component
 			//  `.properties` -> `.settings`
+
+			var compProperties runtime.RawExtension
+
+			if comp.Properties != nil {
+				compProperties = *comp.Properties.DeepCopy()
+			}
+
 			app.Spec.Components = append(app.Spec.Components, ApplicationComponent{
 				Name:         comp.Name,
 				WorkloadType: comp.Type,
-				Settings:     *comp.Properties.DeepCopy(),
+				Settings:     compProperties,
 				Traits:       traits,
 				Scopes:       scopes,
 			})

apis/core.oam.dev/v1alpha2/register.go

@@ -85,14 +85,6 @@ var (
 	ApplicationConfigurationGroupVersionKind = SchemeGroupVersion.WithKind(ApplicationConfigurationKind)
 )
 
-// ApplicationContext type metadata.
-var (
-	ApplicationContextKind             = reflect.TypeOf(ApplicationContext{}).Name()
-	ApplicationContextGroupKind        = schema.GroupKind{Group: Group, Kind: ApplicationContextKind}.String()
-	ApplicationContextKindAPIVersion   = ApplicationContextKind + "." + SchemeGroupVersion.String()
-	ApplicationContextGroupVersionKind = SchemeGroupVersion.WithKind(ApplicationContextKind)
-)
-
 // ContainerizedWorkload type metadata.
 var (
 	ContainerizedWorkloadKind             = reflect.TypeOf(ContainerizedWorkload{}).Name()
@@ -154,5 +146,4 @@ func init() {
 	SchemeBuilder.Register(&Application{}, &ApplicationList{})
 	SchemeBuilder.Register(&AppRollout{}, &AppRolloutList{})
 	SchemeBuilder.Register(&ApplicationRevision{}, &ApplicationRevisionList{})
-	SchemeBuilder.Register(&ApplicationContext{}, &ApplicationContextList{})
 }

apis/core.oam.dev/v1alpha2/zz_generated.deepcopy.go

@@ -428,80 +428,6 @@ func (in *ApplicationConfigurationStatus) DeepCopy() *ApplicationConfigurationSt
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplicationContext) DeepCopyInto(out *ApplicationContext) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	out.Spec = in.Spec
-	in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationContext.
-func (in *ApplicationContext) DeepCopy() *ApplicationContext {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplicationContext)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ApplicationContext) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplicationContextList) DeepCopyInto(out *ApplicationContextList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]ApplicationContext, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationContextList.
-func (in *ApplicationContextList) DeepCopy() *ApplicationContextList {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplicationContextList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ApplicationContextList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplicationContextSpec) DeepCopyInto(out *ApplicationContextSpec) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationContextSpec.
-func (in *ApplicationContextSpec) DeepCopy() *ApplicationContextSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplicationContextSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplicationList) DeepCopyInto(out *ApplicationList) {
 	*out = *in
@@ -674,7 +600,11 @@ func (in *ApplicationSpec) DeepCopy() *ApplicationSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplicationTrait) DeepCopyInto(out *ApplicationTrait) {
 	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationTrait.

apis/core.oam.dev/v1beta1/application_types.go

@@ -44,7 +44,7 @@ type AppPolicy struct {
 
 	Type string `json:"type"`
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
 }
 
 // WorkflowStep defines how to execute a workflow step.
@@ -55,7 +55,9 @@ type WorkflowStep struct {
 	Type string `json:"type"`
 
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
+
+	DependsOn []string `json:"dependsOn,omitempty"`
 
 	Inputs common.StepInputs `json:"inputs,omitempty"`
 

apis/core.oam.dev/v1beta1/workflow_step_definition.go

@@ -38,7 +38,8 @@ type WorkflowStepDefinitionSpec struct {
 type WorkflowStepDefinitionStatus struct {
 	// ConditionedStatus reflects the observed status of a resource
 	condition.ConditionedStatus `json:",inline"`
-
+	// ConfigMapRef refer to a ConfigMap which contains OpenAPI V3 JSON schema of Component parameters.
+	ConfigMapRef string `json:"configMapRef,omitempty"`
 	// LatestRevision of the component definition
 	// +optional
 	LatestRevision *common.Revision `json:"latestRevision,omitempty"`

apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go

@@ -141,7 +141,11 @@ func (in *AppDeploymentStatus) DeepCopy() *AppDeploymentStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *AppPolicy) DeepCopyInto(out *AppPolicy) {
 	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppPolicy.
@@ -1450,7 +1454,16 @@ func (in *Workflow) DeepCopy() *Workflow {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
 	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	if in.Inputs != nil {
 		in, out := &in.Inputs, &out.Inputs
 		*out = make(common.StepInputs, len(*in))

apis/types/types.go

@@ -47,12 +47,13 @@ const (
 	StatusStaging = "Staging"
 )
 
-// EnvMeta stores the info for app environment
+// Config contains key/value pairs
+type Config map[string]string
+
+// EnvMeta stores the namespace for app environment
 type EnvMeta struct {
 	Name      string `json:"name"`
 	Namespace string `json:"namespace"`
-	Email     string `json:"email,omitempty"`
-	Domain    string `json:"domain,omitempty"`
 
 	Current string `json:"current,omitempty"`
 }
@@ -84,4 +85,5 @@ var DefaultFilterAnnots = []string{
 	oam.AnnotationInplaceUpgrade,
 	oam.AnnotationFilterLabelKeys,
 	oam.AnnotationFilterAnnotationKeys,
+	oam.AnnotationLastAppliedConfiguration,
 }

charts/oam-runtime/crds/core.oam.dev_traitdefinitions.yaml

@@ -188,6 +188,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -195,6 +213,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration
@@ -453,6 +472,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -460,6 +497,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration

charts/oam-runtime/crds/core.oam.dev_workloaddefinitions.yaml

@@ -193,6 +193,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -200,6 +218,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration
@@ -439,6 +458,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -446,6 +483,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration

charts/oam-runtime/templates/certmanager.yaml

@@ -18,6 +18,7 @@ metadata:
 spec:
   secretName: {{ template "oam-runtime.fullname" . }}-root-cert
   duration: 43800h # 5y
+  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
   issuerRef:
     name: {{ template "oam-runtime.fullname" . }}-self-signed-issuer
   commonName: "ca.webhook.oam-runtime"
@@ -44,6 +45,7 @@ metadata:
 spec:
   secretName: {{ template "oam-runtime.fullname" . }}-admission
   duration: 8760h # 1y
+  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
   issuerRef:
     name: {{ template "oam-runtime.fullname" . }}-root-issuer
   dnsNames:

charts/oam-runtime/values.yaml

@@ -68,13 +68,14 @@ admissionWebhooks:
   patch:
     enabled: true
     image:
-      repository: wonderflow/kube-webhook-certgen
-      tag: v2.1
+      repository: oamdev/kube-webhook-certgen
+      tag: v2.3
       pullPolicy: IfNotPresent
     affinity: {}
     tolerations: []
   certManager:
     enabled: false
+    revisionHistoryLimit: 3
   # If autoGenWorkloadDefinition is true, webhook will auto generated workloadDefinition which componentDefinition refers to
   autoGenWorkloadDefinition: true
 

charts/vela-core/Chart.yaml

@@ -19,3 +19,6 @@ version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 appVersion: 0.1.0
+
+home: https://kubevela.io
+icon: https://kubevela.io/img/logo.jpg

charts/vela-core/crds/core.oam.dev_applicationcontexts.yaml

@@ -1,446 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: applicationcontexts.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: ApplicationContext
-    listKind: ApplicationContextList
-    plural: applicationcontexts
-    shortNames:
-    - appcontext
-    singular: applicationcontext
-  scope: Namespaced
-  versions:
-  - name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: ApplicationContext is the Schema for the ApplicationContext API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ApplicationContextSpec is the spec of ApplicationContext
-            properties:
-              applicationRevisionName:
-                description: ApplicationRevisionName points to the snapshot of an
-                  Application with all its closure
-                type: string
-            required:
-            - applicationRevisionName
-            type: object
-          status:
-            description: we need to reuse the AC status
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              dependency:
-                description: DependencyStatus represents the observed state of the
-                  dependency of an ApplicationConfiguration.
-                properties:
-                  unsatisfied:
-                    items:
-                      description: UnstaifiedDependency describes unsatisfied dependency
-                        flow between one pair of objects.
-                      properties:
-                        from:
-                          description: DependencyFromObject represents the object
-                            that dependency data comes from.
-                          properties:
-                            apiVersion:
-                              description: API version of the referent.
-                              type: string
-                            fieldPath:
-                              description: 'If referring to a piece of an object instead
-                                of an entire object, this string should contain a
-                                valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                For example, if the object reference is to a container
-                                within a pod, this would take on a value like: "spec.containers{name}"
-                                (where "name" refers to the name of the container
-                                that triggered the event) or if no container name
-                                is specified "spec.containers[2]" (container with
-                                index 2 in this pod). This syntax is chosen only to
-                                have some well-defined way of referencing a part of
-                                an object. TODO: this design is not final and this
-                                field is subject to change in the future.'
-                              type: string
-                            kind:
-                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                              type: string
-                            name:
-                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                              type: string
-                            namespace:
-                              description: 'Namespace of the referent. More info:
-                                https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                              type: string
-                            resourceVersion:
-                              description: 'Specific resourceVersion to which this
-                                reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                              type: string
-                            uid:
-                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                              type: string
-                          type: object
-                        reason:
-                          type: string
-                        to:
-                          description: DependencyToObject represents the object that
-                            dependency data goes to.
-                          properties:
-                            apiVersion:
-                              description: API version of the referent.
-                              type: string
-                            fieldPath:
-                              description: 'If referring to a piece of an object instead
-                                of an entire object, this string should contain a
-                                valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                For example, if the object reference is to a container
-                                within a pod, this would take on a value like: "spec.containers{name}"
-                                (where "name" refers to the name of the container
-                                that triggered the event) or if no container name
-                                is specified "spec.containers[2]" (container with
-                                index 2 in this pod). This syntax is chosen only to
-                                have some well-defined way of referencing a part of
-                                an object. TODO: this design is not final and this
-                                field is subject to change in the future.'
-                              type: string
-                            fieldPaths:
-                              items:
-                                type: string
-                              type: array
-                            kind:
-                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                              type: string
-                            name:
-                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                              type: string
-                            namespace:
-                              description: 'Namespace of the referent. More info:
-                                https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                              type: string
-                            resourceVersion:
-                              description: 'Specific resourceVersion to which this
-                                reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                              type: string
-                            uid:
-                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                              type: string
-                          type: object
-                      required:
-                      - from
-                      - reason
-                      - to
-                      type: object
-                    type: array
-                type: object
-              historyWorkloads:
-                description: HistoryWorkloads will record history but still working
-                  revision workloads.
-                items:
-                  description: HistoryWorkload contain the old component revision
-                    that are still running
-                  properties:
-                    revision:
-                      description: Revision of this workload
-                      type: string
-                    workloadRef:
-                      description: Reference to running workload.
-                      properties:
-                        apiVersion:
-                          description: API version of the referent.
-                          type: string
-                        fieldPath:
-                          description: 'If referring to a piece of an object instead
-                            of an entire object, this string should contain a valid
-                            JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                            For example, if the object reference is to a container
-                            within a pod, this would take on a value like: "spec.containers{name}"
-                            (where "name" refers to the name of the container that
-                            triggered the event) or if no container name is specified
-                            "spec.containers[2]" (container with index 2 in this pod).
-                            This syntax is chosen only to have some well-defined way
-                            of referencing a part of an object. TODO: this design
-                            is not final and this field is subject to change in the
-                            future.'
-                          type: string
-                        kind:
-                          description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                          type: string
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                          type: string
-                        namespace:
-                          description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                          type: string
-                        resourceVersion:
-                          description: 'Specific resourceVersion to which this reference
-                            is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                          type: string
-                        uid:
-                          description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                          type: string
-                      type: object
-                  type: object
-                type: array
-              observedGeneration:
-                description: The generation observed by the appConfig controller.
-                format: int64
-                type: integer
-              rollingStatus:
-                description: RollingStatus indicates what phase are we in the rollout
-                  phase
-                type: string
-              status:
-                description: Status is a place holder for a customized controller
-                  to fill if it needs a single place to summarize the status of the
-                  entire application
-                type: string
-              workloads:
-                description: Workloads created by this ApplicationConfiguration.
-                items:
-                  description: A WorkloadStatus represents the status of a workload.
-                  properties:
-                    appliedComponentRevision:
-                      description: AppliedComponentRevision indicates the applied
-                        component revision name of this workload
-                      type: string
-                    componentName:
-                      description: ComponentName that produced this workload.
-                      type: string
-                    componentRevisionName:
-                      description: ComponentRevisionName of current component
-                      type: string
-                    dependencyUnsatisfied:
-                      description: DependencyUnsatisfied notify does the workload
-                        has dependency unsatisfied
-                      type: boolean
-                    scopes:
-                      description: Scopes associated with this workload.
-                      items:
-                        description: A WorkloadScope represents a scope associated
-                          with a workload and its status
-                        properties:
-                          scopeRef:
-                            description: Reference to a scope created by an ApplicationConfiguration.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: 'If referring to a piece of an object
-                                  instead of an entire object, this string should
-                                  contain a valid JSON/Go field access statement,
-                                  such as desiredState.manifest.containers[2]. For
-                                  example, if the object reference is to a container
-                                  within a pod, this would take on a value like: "spec.containers{name}"
-                                  (where "name" refers to the name of the container
-                                  that triggered the event) or if no container name
-                                  is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only
-                                  to have some well-defined way of referencing a part
-                                  of an object. TODO: this design is not final and
-                                  this field is subject to change in the future.'
-                                type: string
-                              kind:
-                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                                type: string
-                              name:
-                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                                type: string
-                              namespace:
-                                description: 'Namespace of the referent. More info:
-                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                                type: string
-                              resourceVersion:
-                                description: 'Specific resourceVersion to which this
-                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                                type: string
-                              uid:
-                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                                type: string
-                            type: object
-                          status:
-                            description: Status is a place holder for a customized
-                              controller to fill if it needs a single place to summarize
-                              the status of the scope
-                            type: string
-                        required:
-                        - scopeRef
-                        type: object
-                      type: array
-                    status:
-                      description: Status is a place holder for a customized controller
-                        to fill if it needs a single place to summarize the entire
-                        status of the workload
-                      type: string
-                    traits:
-                      description: Traits associated with this workload.
-                      items:
-                        description: A WorkloadTrait represents a trait associated
-                          with a workload and its status
-                        properties:
-                          appliedGeneration:
-                            description: AppliedGeneration indicates the generation
-                              observed by the appConfig controller. The same field
-                              is also recorded in the annotations of traits. A trait
-                              is possible to be deleted from cluster after created.
-                              This field is useful to track the observed generation
-                              of traits after they are deleted.
-                            format: int64
-                            type: integer
-                          dependencyUnsatisfied:
-                            description: DependencyUnsatisfied notify does the trait
-                              has dependency unsatisfied
-                            type: boolean
-                          message:
-                            description: Message will allow controller to leave some
-                              additional information for this trait
-                            type: string
-                          status:
-                            description: Status is a place holder for a customized
-                              controller to fill if it needs a single place to summarize
-                              the status of the trait
-                            type: string
-                          traitRef:
-                            description: Reference to a trait created by an ApplicationConfiguration.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: 'If referring to a piece of an object
-                                  instead of an entire object, this string should
-                                  contain a valid JSON/Go field access statement,
-                                  such as desiredState.manifest.containers[2]. For
-                                  example, if the object reference is to a container
-                                  within a pod, this would take on a value like: "spec.containers{name}"
-                                  (where "name" refers to the name of the container
-                                  that triggered the event) or if no container name
-                                  is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only
-                                  to have some well-defined way of referencing a part
-                                  of an object. TODO: this design is not final and
-                                  this field is subject to change in the future.'
-                                type: string
-                              kind:
-                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                                type: string
-                              name:
-                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                                type: string
-                              namespace:
-                                description: 'Namespace of the referent. More info:
-                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                                type: string
-                              resourceVersion:
-                                description: 'Specific resourceVersion to which this
-                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                                type: string
-                              uid:
-                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                                type: string
-                            type: object
-                        required:
-                        - traitRef
-                        type: object
-                      type: array
-                    workloadRef:
-                      description: Reference to a workload created by an ApplicationConfiguration.
-                      properties:
-                        apiVersion:
-                          description: API version of the referent.
-                          type: string
-                        fieldPath:
-                          description: 'If referring to a piece of an object instead
-                            of an entire object, this string should contain a valid
-                            JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                            For example, if the object reference is to a container
-                            within a pod, this would take on a value like: "spec.containers{name}"
-                            (where "name" refers to the name of the container that
-                            triggered the event) or if no container name is specified
-                            "spec.containers[2]" (container with index 2 in this pod).
-                            This syntax is chosen only to have some well-defined way
-                            of referencing a part of an object. TODO: this design
-                            is not final and this field is subject to change in the
-                            future.'
-                          type: string
-                        kind:
-                          description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                          type: string
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                          type: string
-                        namespace:
-                          description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                          type: string
-                        resourceVersion:
-                          description: 'Specific resourceVersion to which this reference
-                            is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                          type: string
-                        uid:
-                          description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                          type: string
-                      type: object
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml

@@ -1232,6 +1232,24 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -1239,6 +1257,7 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
                               required:
                               - configuration
@@ -1620,6 +1639,24 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -1627,6 +1664,7 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
                               required:
                               - configuration
@@ -1906,6 +1944,24 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -1913,6 +1969,7 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
                               required:
                               - configuration
@@ -2053,6 +2110,10 @@ spec:
                           description: ApplicationComponent describe the component
                             of application
                           properties:
+                            dependsOn:
+                              items:
+                                type: string
+                              type: array
                             externalRevision:
                               description: ExternalRevision specified the component
                                 revisionName
@@ -2474,6 +2535,10 @@ spec:
                               description: WorkflowStep defines how to execute a workflow
                                 step.
                               properties:
+                                dependsOn:
+                                  items:
+                                    type: string
+                                  type: array
                                 inputs:
                                   description: StepInputs defines variable input of
                                     WorkflowStep
@@ -3307,6 +3372,24 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -3314,6 +3397,7 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
                               required:
                               - configuration
@@ -3588,6 +3672,24 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -3595,6 +3697,7 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
                               required:
                               - configuration
@@ -3958,6 +4061,24 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -3965,6 +4086,7 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
                               required:
                               - configuration
@@ -4207,6 +4329,24 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -4214,6 +4354,7 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
                               required:
                               - configuration
@@ -4258,6 +4399,10 @@ spec:
                             - type
                             type: object
                           type: array
+                        configMapRef:
+                          description: ConfigMapRef refer to a ConfigMap which contains
+                            OpenAPI V3 JSON schema of Component parameters.
+                          type: string
                         latestRevision:
                           description: LatestRevision of the component definition
                           properties:
@@ -4472,6 +4617,24 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -4479,6 +4642,7 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
                               required:
                               - configuration

charts/vela-core/crds/core.oam.dev_applications.yaml

@@ -760,6 +760,10 @@ spec:
                 items:
                   description: ApplicationComponent describe the component of application
                   properties:
+                    dependsOn:
+                      items:
+                        type: string
+                      type: array
                     externalRevision:
                       description: ExternalRevision specified the component revisionName
                       type: string
@@ -1074,6 +1078,10 @@ spec:
                     items:
                       description: WorkflowStep defines how to execute a workflow step.
                       properties:
+                        dependsOn:
+                          items:
+                            type: string
+                          type: array
                         inputs:
                           description: StepInputs defines variable input of WorkflowStep
                           items:

charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml

@@ -179,6 +179,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -186,6 +204,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration
@@ -448,6 +467,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -455,6 +492,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration

charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml

@@ -222,6 +222,24 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              path:
+                                description: Path is the sub-directory of remote git
+                                  repository. It's valid when remote is set
+                                type: string
+                              providerRef:
+                                description: ProviderReference specifies the reference
+                                  to Provider
+                                properties:
+                                  name:
+                                    description: Name of the referenced object.
+                                    type: string
+                                  namespace:
+                                    default: default
+                                    description: Namespace of the secret.
+                                    type: string
+                                required:
+                                - name
+                                type: object
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -229,6 +247,7 @@ spec:
                                 enum:
                                 - hcl
                                 - json
+                                - remote
                                 type: string
                             required:
                             - configuration
@@ -491,6 +510,24 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              path:
+                                description: Path is the sub-directory of remote git
+                                  repository. It's valid when remote is set
+                                type: string
+                              providerRef:
+                                description: ProviderReference specifies the reference
+                                  to Provider
+                                properties:
+                                  name:
+                                    description: Name of the referenced object.
+                                    type: string
+                                  namespace:
+                                    default: default
+                                    description: Namespace of the secret.
+                                    type: string
+                                required:
+                                - name
+                                type: object
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -498,6 +535,7 @@ spec:
                                 enum:
                                 - hcl
                                 - json
+                                - remote
                                 type: string
                             required:
                             - configuration
@@ -753,6 +791,24 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              path:
+                                description: Path is the sub-directory of remote git
+                                  repository. It's valid when remote is set
+                                type: string
+                              providerRef:
+                                description: ProviderReference specifies the reference
+                                  to Provider
+                                properties:
+                                  name:
+                                    description: Name of the referenced object.
+                                    type: string
+                                  namespace:
+                                    default: default
+                                    description: Namespace of the secret.
+                                    type: string
+                                required:
+                                - name
+                                type: object
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -760,6 +816,7 @@ spec:
                                 enum:
                                 - hcl
                                 - json
+                                - remote
                                 type: string
                             required:
                             - configuration
@@ -996,6 +1053,24 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              path:
+                                description: Path is the sub-directory of remote git
+                                  repository. It's valid when remote is set
+                                type: string
+                              providerRef:
+                                description: ProviderReference specifies the reference
+                                  to Provider
+                                properties:
+                                  name:
+                                    description: Name of the referenced object.
+                                    type: string
+                                  namespace:
+                                    default: default
+                                    description: Namespace of the secret.
+                                    type: string
+                                required:
+                                - name
+                                type: object
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -1003,6 +1078,7 @@ spec:
                                 enum:
                                 - hcl
                                 - json
+                                - remote
                                 type: string
                             required:
                             - configuration
@@ -1047,6 +1123,10 @@ spec:
                           - type
                           type: object
                         type: array
+                      configMapRef:
+                        description: ConfigMapRef refer to a ConfigMap which contains
+                          OpenAPI V3 JSON schema of Component parameters.
+                        type: string
                       latestRevision:
                         description: LatestRevision of the component definition
                         properties:

charts/vela-core/crds/core.oam.dev_envbindings.yaml

@@ -73,6 +73,10 @@ spec:
                             description: ApplicationComponent describe the component
                               of application
                             properties:
+                              dependsOn:
+                                items:
+                                  type: string
+                                type: array
                               externalRevision:
                                 description: ExternalRevision specified the component
                                   revisionName

charts/vela-core/crds/core.oam.dev_initializers.yaml

@@ -89,6 +89,10 @@ spec:
                           description: ApplicationComponent describe the component
                             of application
                           properties:
+                            dependsOn:
+                              items:
+                                type: string
+                              type: array
                             externalRevision:
                               description: ExternalRevision specified the component
                                 revisionName
@@ -510,6 +514,10 @@ spec:
                               description: WorkflowStep defines how to execute a workflow
                                 step.
                               properties:
+                                dependsOn:
+                                  items:
+                                    type: string
+                                  type: array
                                 inputs:
                                   description: StepInputs defines variable input of
                                     WorkflowStep

charts/vela-core/crds/core.oam.dev_policydefinitions.yaml

@@ -151,6 +151,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -158,6 +176,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration

charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml

@@ -188,6 +188,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -195,6 +213,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration
@@ -453,6 +472,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -460,6 +497,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration

charts/vela-core/crds/core.oam.dev_workflows.yaml

@@ -1,348 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: workflows.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: Workflow
-    listKind: WorkflowList
-    plural: workflows
-    shortNames:
-    - workflow
-    singular: workflow
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .status.phase
-      name: PHASE
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: AGE
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: Workflow is the Schema for the Workflow API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A WorkflowSpec defines the desired state of a Workflow.
-            properties:
-              steps:
-                items:
-                  description: WorkflowStep defines how to execute a workflow step.
-                  properties:
-                    inputs:
-                      description: StepInputs defines variable input of WorkflowStep
-                      items:
-                        properties:
-                          from:
-                            type: string
-                          parameterKey:
-                            type: string
-                        required:
-                        - from
-                        - parameterKey
-                        type: object
-                      type: array
-                    name:
-                      description: Name is the unique name of the workflow step.
-                      type: string
-                    outputs:
-                      description: StepOutputs defines output variable of WorkflowStep
-                      items:
-                        properties:
-                          name:
-                            type: string
-                          valueFrom:
-                            type: string
-                        required:
-                        - name
-                        - valueFrom
-                        type: object
-                      type: array
-                    properties:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    type:
-                      type: string
-                  required:
-                  - name
-                  - type
-                  type: object
-                type: array
-            type: object
-          status:
-            description: A WorkflowStatus is the status of Workflow
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              contextBackend:
-                description: 'ObjectReference contains enough information to let you
-                  inspect or modify the referred object. --- New uses of this type
-                  are discouraged because of difficulty describing its usage when
-                  embedded in APIs.  1. Ignored fields.  It includes many fields which
-                  are not generally honored.  For instance, ResourceVersion and FieldPath
-                  are both very rarely valid in actual usage.  2. Invalid usage help.  It
-                  is impossible to add specific help for individual usage.  In most
-                  embedded usages, there are particular     restrictions like, "must
-                  refer only to types A and B" or "UID not honored" or "name must
-                  be restricted".     Those cannot be well described when embedded.  3.
-                  Inconsistent validation.  Because the usages are different, the
-                  validation rules are different by usage, which makes it hard for
-                  users to predict what will happen.  4. The fields are both imprecise
-                  and overly precise.  Kind is not a precise mapping to a URL. This
-                  can produce ambiguity     during interpretation and require a REST
-                  mapping.  In most cases, the dependency is on the group,resource
-                  tuple     and the version of the actual struct is irrelevant.  5.
-                  We cannot easily change it.  Because this type is embedded in many
-                  locations, updates to this type     will affect numerous schemas.  Don''t
-                  make new APIs embed an underspecified API type they do not control.
-                  Instead of using this type, create a locally provided and used type
-                  that is well-focused on your reference. For example, ServiceReferences
-                  for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                  .'
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: 'If referring to a piece of an object instead of
-                      an entire object, this string should contain a valid JSON/Go
-                      field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within
-                      a pod, this would take on a value like: "spec.containers{name}"
-                      (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]"
-                      (container with index 2 in this pod). This syntax is chosen
-                      only to have some well-defined way of referencing a part of
-                      an object. TODO: this design is not final and this field is
-                      subject to change in the future.'
-                    type: string
-                  kind:
-                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                    type: string
-                  name:
-                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                    type: string
-                  namespace:
-                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                    type: string
-                  resourceVersion:
-                    description: 'Specific resourceVersion to which this reference
-                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                    type: string
-                  uid:
-                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                    type: string
-                type: object
-              observedGeneration:
-                format: int64
-                type: integer
-              stepIndex:
-                type: integer
-              steps:
-                items:
-                  description: WorkflowStepStatus record the status of a workflow
-                    step
-                  properties:
-                    message:
-                      description: A human readable message indicating details about
-                        why the workflowStep is in this state.
-                      type: string
-                    name:
-                      type: string
-                    phase:
-                      description: WorkflowStepPhase describes the phase of a workflow
-                        step.
-                      type: string
-                    reason:
-                      description: A brief CamelCase message indicating details about
-                        why the workflowStep is in this state.
-                      type: string
-                    resourceRef:
-                      description: 'ObjectReference contains enough information to
-                        let you inspect or modify the referred object. --- New uses
-                        of this type are discouraged because of difficulty describing
-                        its usage when embedded in APIs.  1. Ignored fields.  It includes
-                        many fields which are not generally honored.  For instance,
-                        ResourceVersion and FieldPath are both very rarely valid in
-                        actual usage.  2. Invalid usage help.  It is impossible to
-                        add specific help for individual usage.  In most embedded
-                        usages, there are particular     restrictions like, "must
-                        refer only to types A and B" or "UID not honored" or "name
-                        must be restricted".     Those cannot be well described when
-                        embedded.  3. Inconsistent validation.  Because the usages
-                        are different, the validation rules are different by usage,
-                        which makes it hard for users to predict what will happen.  4.
-                        The fields are both imprecise and overly precise.  Kind is
-                        not a precise mapping to a URL. This can produce ambiguity     during
-                        interpretation and require a REST mapping.  In most cases,
-                        the dependency is on the group,resource tuple     and the
-                        version of the actual struct is irrelevant.  5. We cannot
-                        easily change it.  Because this type is embedded in many locations,
-                        updates to this type     will affect numerous schemas.  Don''t
-                        make new APIs embed an underspecified API type they do not
-                        control. Instead of using this type, create a locally provided
-                        and used type that is well-focused on your reference. For
-                        example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                        .'
-                      properties:
-                        apiVersion:
-                          description: API version of the referent.
-                          type: string
-                        fieldPath:
-                          description: 'If referring to a piece of an object instead
-                            of an entire object, this string should contain a valid
-                            JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                            For example, if the object reference is to a container
-                            within a pod, this would take on a value like: "spec.containers{name}"
-                            (where "name" refers to the name of the container that
-                            triggered the event) or if no container name is specified
-                            "spec.containers[2]" (container with index 2 in this pod).
-                            This syntax is chosen only to have some well-defined way
-                            of referencing a part of an object. TODO: this design
-                            is not final and this field is subject to change in the
-                            future.'
-                          type: string
-                        kind:
-                          description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                          type: string
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                          type: string
-                        namespace:
-                          description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                          type: string
-                        resourceVersion:
-                          description: 'Specific resourceVersion to which this reference
-                            is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                          type: string
-                        uid:
-                          description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                          type: string
-                      type: object
-                    type:
-                      type: string
-                  type: object
-                type: array
-              suspend:
-                type: boolean
-              terminated:
-                type: boolean
-            required:
-            - contextBackend
-            - suspend
-            - terminated
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: Workflow defines workflow steps and other attributes
-        properties:
-          steps:
-            items:
-              description: WorkflowStep defines how to execute a workflow step.
-              properties:
-                inputs:
-                  description: StepInputs defines variable input of WorkflowStep
-                  items:
-                    properties:
-                      from:
-                        type: string
-                      parameterKey:
-                        type: string
-                    required:
-                    - from
-                    - parameterKey
-                    type: object
-                  type: array
-                name:
-                  description: Name is the unique name of the workflow step.
-                  type: string
-                outputs:
-                  description: StepOutputs defines output variable of WorkflowStep
-                  items:
-                    properties:
-                      name:
-                        type: string
-                      valueFrom:
-                        type: string
-                    required:
-                    - name
-                    - valueFrom
-                    type: object
-                  type: array
-                properties:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                type:
-                  type: string
-              required:
-              - name
-              - type
-              type: object
-            type: array
-        type: object
-    served: true
-    storage: false
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_workflowstepdefinitions.yaml

@@ -148,6 +148,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -155,6 +173,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration
@@ -197,6 +216,10 @@ spec:
                   - type
                   type: object
                 type: array
+              configMapRef:
+                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
+                  V3 JSON schema of Component parameters.
+                type: string
               latestRevision:
                 description: LatestRevision of the component definition
                 properties:

charts/vela-core/crds/core.oam.dev_workloaddefinitions.yaml

@@ -193,6 +193,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -200,6 +218,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration
@@ -439,6 +458,24 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -446,6 +483,7 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
                     required:
                     - configuration

charts/vela-core/templates/addons-default/terraform.yaml

@@ -1,43 +0,0 @@
-apiVersion: core.oam.dev/v1beta1
-kind: Initializer
-metadata:
-  annotations:
-    addons.oam.dev/description: Terraform Controller is a Kubernetes Controller for
-      Terraform.
-    helm.sh/hook: post-install, post-upgrade, pre-delete
-  name: terraform
-  namespace: {{.Values.systemDefinitionNamespace}}
-spec:
-  appTemplate:
-    spec:
-      components:
-      - name: terraform-controller
-        properties:
-          chart: terraform-controller
-          repoType: helm
-          url: https://charts.kubevela.net/addons
-          version: 0.1.19
-        type: helm
-      - name: terraform-system
-        properties:
-          apiVersion: v1
-          kind: Namespace
-          metadata:
-            name: terraform-system
-        type: raw
-    status:
-      rollout:
-        batchRollingState: ""
-        currentBatch: 0
-        lastTargetAppRevision: ""
-        rollingState: ""
-        upgradedReadyReplicas: 0
-        upgradedReplicas: 0
-  dependsOn:
-  - ref:
-      apiVersion: core.oam.dev/v1beta1
-      kind: Initializer
-      name: fluxcd
-      namespace: vela-system
-status:
-  observedGeneration: 0

charts/vela-core/templates/addons/istio.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
         addons.oam.dev/description: istio Controller is a Kubernetes Controller for manage
@@ -10,170 +10,248 @@ data:
       name: istio
       namespace: istio-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: istio
-            properties:
-              chart: istio
-              repoType: helm
-              url: https://getindata.github.io/helm-charts/
-              version: 1.11.1
-            type: helm
-          - name: canary-rollout
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: WorkflowStepDefinition
-              metadata:
-                name: canary-rollout
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: |-
-                      import ("vela/op")
+      components:
+      - name: ns-istio-system
+        properties:
+          apiVersion: v1
+          kind: Namespace
+          metadata:
+            name: istio-system
+        type: raw
+      - name: istio
+        properties:
+          chart: istio
+          repoType: helm
+          url: https://charts.kubevela.net/addons
+          version: 1.11.1
+        type: helm
+      - name: canary-rollout
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: WorkflowStepDefinition
+          metadata:
+            name: canary-rollout
+            namespace: vela-system
+          spec:
+            schematic:
+              cue:
+                template: |-
+                  import ("vela/op")
 
-                      parameter: {
-                              batchPartition: int
-                              traffic: weightedTargets: [...{
-                                      revision: string
-                                      weight:   int
+                  parameter: {
+                          batchPartition: int
+                          traffic: weightedTargets: [...{
+                                  revision: string
+                                  weight:   int
+                          }]
+                  }
+
+                  comps__: op.#Load
+                  compNames__: [ for name, c in comps__.value {name}]
+                  comp__: compNames__[0]
+
+                  apply: op.#ApplyComponent & {
+                          value: comps__.value[comp__]
+                          patch: {
+                                  traits: "rollout": {
+                                         spec: rolloutPlan: batchPartition: parameter.batchPartition
+                                  }
+
+                                  traits: "virtualService": {
+                                          spec:
+                                             // +patchStrategy=retainKeys
+                                             http: [
+                                                  {
+                                                          route: [
+                                                                  for i, t in parameter.traffic.weightedTargets {
+                                                                          destination: {
+                                                                                  host:   comp__
+                                                                                  subset: t.revision
+                                                                          }
+                                                                          weight: t.weight
+                                                                  }]
+                                                  },
+                                          ]
+                                  }
+
+                                  traits: "destinationRule": {
+                                           // +patchStrategy=retainKeys
+                                           spec: {
+                                             host: comp__
+                                             subsets: [
+                                                  for i, t in parameter.traffic.weightedTargets {
+                                                          name: t.revision
+                                                          labels: {"app.oam.dev/revision": t.revision}
+                                                  },
+                                          ]}
+                                  }
+                          }
+                  }
+
+                  applyRemaining: op.#ApplyRemaining & {
+                      exceptions: [comp__]
+                  }
+        type: raw
+      - name: istio-gateway
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: TraitDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: use istio to manage in-cluster traffic
+            name: istio-gateway
+            namespace: vela-system
+          spec:
+            appliesToWorkloads:
+            - deployments.apps
+            podDisruptive: true
+            schematic:
+              cue:
+                template: "\noutputs: gateway: {\n    apiVersion: \"networking.istio.io/v1alpha3\"\n
+                  \   kind: \"Gateway\"\n    metadata: {\n        name:      context.name\n
+                  \       namespace: context.namespace\n    }\n    spec: {\n      selector:
+                  {\n        istio: parameter.gateway\n      }\n      servers: [{\n         hosts:
+                  parameter.hosts\n         port: {\n              name: \"http\"\n              number:
+                  80\n              protocol: \"HTTP\"\n         }\n      }]\n    }\n}\n\noutputs:
+                  virtualService: {\n    apiVersion: \"networking.istio.io/v1alpha3\"\n
+                  \   kind: \"VirtualService\"\n    metadata: {\n         name:      context.name\n
+                  \        namespace: context.namespace\n    }\n    spec: {\n       gateways:
+                  [context.name]\n       hosts: parameter.hosts\n       http:[{\n       match:
+                  [ for i, u in parameter.match { uri: u} ]\n       route: [{destination:
+                  {\n           host: context.name\n           port: number: parameter.port\n
+                  \      }}]\n       }]\n    }\n}\n\nparameter: {\n    hosts: [string]\n
+                  \   gateway: *\"ingressgateway\"|string\n    match: [...#uri]\n    port:
+                  int\n}\n\n#uri: {\n   exact?: string\n   prefix?: string\n} \n"
+        type: raw
+      - name: canary-rollback
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: WorkflowStepDefinition
+          metadata:
+            name: canary-rollback
+            namespace: vela-system
+          spec:
+            schematic:
+              cue:
+                template: |-
+                  import ("vela/op")
+
+                  parameter: {...}
+
+                  comps: op.#Load
+                  compNames: [ for name, c in comps.value {name}]
+                  firstcomp: compNames[0]
+
+                  rolloutObj: op.#Read & {
+                    value: {
+                      apiVersion: "standard.oam.dev/v1alpha1"
+                      kind:       "Rollout"
+                      metadata: {
+                        name:      firstcomp
+                        namespace: context.namespace
+                      }
+                    }
+                  }
+
+                  _sourceRevision: rolloutObj.value.status.LastSourceRevision
+
+                  apply: op.#ApplyComponent & {
+                    value: comps.value[firstcomp]
+                    patch: {
+                      traits: "rollout": {
+                        spec: {
+                          targetRevisionName: _sourceRevision
+                        }
+                      }
+
+                      traits: "virtualService": {
+                        spec:
+                          // +patchStrategy=retainKeys
+                          http: [
+                            {
+                              route: [{
+                                destination: {
+                                  host:   firstcomp
+                                  subset: _sourceRevision
+                                }
+                                weight: 100
                               }]
+                            },
+                          ]
                       }
 
-                      comps__: op.#Load
-                      compNames__: [ for name, c in comps__.value {name}]
-                      comp__: compNames__[0]
-
-                      apply: op.#ApplyComponent & {
-                              value: comps__.value[comp__]
-                              patch: {
-                                      traits: "rollout": {
-                                             spec: rolloutPlan: batchPartition: parameter.batchPartition
-                                      }
-
-                                      traits: "virtualService": {
-                                              spec:
-                                                 // +patchStrategy=retainKeys
-                                                 http: [
-                                                      {
-                                                              route: [
-                                                                      for i, t in parameter.traffic.weightedTargets {
-                                                                              destination: {
-                                                                                      host:   comp__
-                                                                                      subset: t.revision
-                                                                              }
-                                                                              weight: t.weight
-                                                                      }]
-                                                      },
-                                              ]
-                                      }
-
-                                      traits: "destinationRule": {
-                                               // +patchStrategy=retainKeys
-                                               spec: {
-                                                 host: comp__
-                                                 subsets: [
-                                                      for i, t in parameter.traffic.weightedTargets {
-                                                              name: t.revision
-                                                              labels: {"app.oam.dev/revision": t.revision}
-                                                      },
-                                              ]}
-                                      }
-                              }
+                      traits: "destinationRule": {
+                        // +patchStrategy=retainKeys
+                        spec: {
+                          host: firstcomp
+                          subsets: [
+                            {
+                              name: _sourceRevision
+                              labels: {"app.oam.dev/revision": _sourceRevision}
+                            },
+                          ]
+                        }
                       }
+                    }
+                  }
 
-                      applyRemaining: op.#ApplyRemaining & {
-                          exceptions: [comp__]
-                      }
-            type: raw
-          - name: istio-gateway
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: TraitDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: use istio to manage in-cluster traffic
-                name: istio-gateway
-                namespace: vela-system
-              spec:
-                appliesToWorkloads:
-                - deployments.apps
-                podDisruptive: true
-                schematic:
-                  cue:
-                    template: "\noutputs: gateway: {\n    apiVersion: \"networking.istio.io/v1alpha3\"\n
-                      \   kind: \"Gateway\"\n    metadata: {\n        name:      context.name\n
-                      \       namespace: context.namespace\n    }\n    spec: {\n      selector:
-                      {\n        istio: parameter.gateway\n      }\n      servers: [{\n
-                      \        hosts: parameter.hosts\n         port: {\n              name:
-                      \"http\"\n              number: 80\n              protocol: \"HTTP\"\n
-                      \        }\n      }]\n    }\n}\n\noutputs: virtualService: {\n    apiVersion:
-                      \"networking.istio.io/v1alpha3\"\n    kind: \"VirtualService\"\n
-                      \   metadata: {\n         name:      context.name\n         namespace:
-                      context.namespace\n    }\n    spec: {\n       gateways: [context.name]\n
-                      \      hosts: parameter.hosts\n       http:[{\n       match: [ for
-                      i, u in parameter.match { uri: u} ]\n       route: [{destination:
-                      {\n           host: context.name\n           port: number: parameter.port\n
-                      \      }}]\n       }]\n    }\n}\n\nparameter: {\n    hosts: [string]\n
-                      \   gateway: *\"ingressgateway\"|string\n    match: [...#uri]\n
-                      \   port: int\n}\n\n#uri: {\n   exact?: string\n   prefix?: string\n}
-                      \n"
-            type: raw
-          - name: canary-traffic
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: TraitDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: use istio to manage traffic
-                name: canary-traffic
-                namespace: vela-system
-              spec:
-                appliesToWorkloads:
-                - deployments.apps
-                podDisruptive: true
-                schematic:
-                  cue:
-                    template: "outputs: service: {\n\t\tapiVersion: \"v1\"\n\t\tkind:
-                      \      \"Service\"\n\t\tmetadata: name: context.name\n\t\tspec:
-                      {\n\t\t\tselector: \"app.oam.dev/component\": context.name\n\t\t\tports:
-                      [\n\t\t\t\tfor p in parameter.port {\n\t\t\t\t\tport:       p\n\t\t\t\t\ttargetPort:
-                      p\n\t\t\t\t},\n\t\t\t]\n\t\t\ttype: \"ClusterIP\"\n\t\t}\n}\n\noutputs:
-                      virtualService: {\n    apiVersion: \"networking.istio.io/v1alpha3\"\n
-                      \   kind: \"VirtualService\"\n    metadata: {\n        name:      context.name\n
-                      \       namespace: context.namespace\n    }\n    spec: {\n       hosts:
-                      [context.name]\n       http: [{route: [\n       {destination: {\n
-                      \         host: context.name\n          port: {number: parameter.port[0]}\n
-                      \      }}]}]\n    }\n}\n\noutputs: destinationRule: {\n       apiVersion:
-                      \"networking.istio.io/v1alpha3\"\n       kind: \"DestinationRule\"\n
-                      \      metadata: {\n           name:      context.name\n           namespace:
-                      context.namespace\n       }\n       spec: {\n          host: context.name\n
-                      \         subsets: [{\n             name: context.revision\n             labels:
-                      {\"app.oam.dev/revision\": context.revision}\n          }]\n       }\n}\n\nparameter:
-                      {\n   port: [int]\n} \n"
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
+                  applyRemaining: op.#ApplyRemaining & {
+                      exceptions: [firstcomp]
+                  }
+        type: raw
+      - name: canary-traffic
+        properties:
           apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
-      - ref:
-          apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: ns-istio-system
-          namespace: vela-system
+          kind: TraitDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: use istio to manage traffic
+            name: canary-traffic
+            namespace: vela-system
+          spec:
+            appliesToWorkloads:
+            - deployments.apps
+            podDisruptive: true
+            schematic:
+              cue:
+                template: "outputs: service: {\n\t\tapiVersion: \"v1\"\n\t\tkind:       \"Service\"\n\t\tmetadata:
+                  name: context.name\n\t\tspec: {\n\t\t\tselector: \"app.oam.dev/component\":
+                  context.name\n\t\t\tports: [\n\t\t\t\tfor p in parameter.port {\n\t\t\t\t\tport:
+                  \      p\n\t\t\t\t\ttargetPort: p\n\t\t\t\t},\n\t\t\t]\n\t\t\ttype:
+                  \"ClusterIP\"\n\t\t}\n}\n\noutputs: virtualService: {\n    apiVersion:
+                  \"networking.istio.io/v1alpha3\"\n    kind: \"VirtualService\"\n    metadata:
+                  {\n        name:      context.name\n        namespace: context.namespace\n
+                  \   }\n    spec: {\n       hosts: [context.name]\n       http: [{route:
+                  [\n       {destination: {\n          host: context.name\n          port:
+                  {number: parameter.port[0]}\n       }}]}]\n    }\n}\n\noutputs: destinationRule:
+                  {\n       apiVersion: \"networking.istio.io/v1alpha3\"\n       kind:
+                  \"DestinationRule\"\n       metadata: {\n           name:      context.name\n
+                  \          namespace: context.namespace\n       }\n       spec: {\n
+                  \         host: context.name\n          subsets: [{\n             name:
+                  context.revision\n             labels: {\"app.oam.dev/revision\": context.revision}\n
+                  \         }]\n       }\n}\n\nparameter: {\n   port: [int]\n} \n"
+        type: raw
+      workflow:
+        steps:
+        - name: checking-depends-on
+          properties:
+            name: fluxcd
+            namespace: vela-system
+          type: depends-on-app
+        - name: apply-ns
+          properties:
+            component: ns-istio-system
+          type: apply-component
+        - name: apply-resources
+          type: apply-remaining
     status:
-      observedGeneration: 0
+      rollout:
+        batchRollingState: ""
+        currentBatch: 0
+        lastTargetAppRevision: ""
+        rollingState: ""
+        upgradedReadyReplicas: 0
+        upgradedReplicas: 0
 kind: ConfigMap
 metadata:
   annotations:

charts/vela-core/templates/addons/keda.yaml

@@ -1,39 +1,38 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
         addons.oam.dev/description: KEDA is a Kubernetes-based Event Driven Autoscaler.
       name: keda
       namespace: vela-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: keda
-            properties:
-              chart: keda
-              repoType: helm
-              url: https://kedacore.github.io/charts
-            type: helm
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
-          apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
+      components:
+      - name: keda
+        properties:
+          chart: keda
+          repoType: helm
+          url: https://kedacore.github.io/charts
+        type: helm
+      workflow:
+        steps:
+        - name: checking-depends-on
+          properties:
+            name: fluxcd
+            namespace: vela-system
+          type: depends-on-app
+        - name: apply-resources
+          type: apply-application
     status:
-      observedGeneration: 0
+      rollout:
+        batchRollingState: ""
+        currentBatch: 0
+        lastTargetAppRevision: ""
+        rollingState: ""
+        upgradedReadyReplicas: 0
+        upgradedReplicas: 0
 kind: ConfigMap
 metadata:
   annotations:

charts/vela-core/templates/addons/kruise.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
         addons.oam.dev/description: Kruise is a Kubernetes extended suite for application
@@ -10,182 +10,173 @@ data:
       name: kruise
       namespace: vela-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: kruise
-            properties:
-              chart: ./charts/kruise/v0.9.0
-              git:
-                branch: master
-              repoType: git
-              url: https://github.com/openkruise/kruise
-              values:
-                featureGates: PreDownloadImageForInPlaceUpdate=true
-            type: helm
-          - name: cloneset
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: ComponentDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Describes long-running, scalable, containerized
-                    services that have a stable network endpoint to receive external network
-                    traffic from customers. If workload type is skipped for any service
-                    defined in Appfile, it will be defaulted to `webservice` type.
-                name: cloneset
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: "output: {\n\tapiVersion: \"apps.kruise.io/v1alpha1\"\n\tkind:
-                      \      \"CloneSet\"\n\tmetadata: labels: {\n\t\t\"app.oam.dev/component\":
-                      context.name\n\t}\n\tspec: {\n\t\tselector: matchLabels: {\n\t\t\t\"app.oam.dev/component\":
-                      context.name\n\t\t}\n\n\t\ttemplate: {\n\t\t\tmetadata: labels:
-                      {\n\t\t\t\t\"app.oam.dev/component\": context.name\n\t\t\t}\n\n\t\t\tspec:
-                      {\n\t\t\t\tcontainers: [{\n\t\t\t\t\tname:  context.name\n\t\t\t\t\timage:
-                      parameter.image\n\n\t\t\t\t\tif parameter.cmd != _|_ {\n\t\t\t\t\t\tcommand:
-                      parameter.cmd\n\t\t\t\t\t}\n\t\t\t\t\tif parameter.args != _|_ {\n\t\t\t\t\t\targs:
-                      parameter.args\n\t\t\t\t\t}\n\t\t\t\t\tif parameter.env != _|_ {\n\t\t\t\t\t\tenv:
-                      parameter.env\n\t\t\t\t\t}\n\n\t\t\t\t\tif context.config != _|_
-                      {\n\t\t\t\t\t\tenv: context.config\n\t\t\t\t\t}\n\n\t\t\t\t\tif
-                      parameter[\"imagePullPolicy\"] != _|_ {\n\t\t\t\t\t\timagePullPolicy:
-                      parameter.imagePullPolicy\n\t\t\t\t\t}\n\n\t\t\t\t\tports: [{\n\t\t\t\t\t\tcontainerPort:
-                      parameter.port\n\t\t\t\t\t}]\n\n\t\t\t\t\tif parameter[\"cpu\"]
-                      != _|_ {\n\t\t\t\t\t\tresources: {\n\t\t\t\t\t\t\tlimits: cpu:   parameter.cpu\n\t\t\t\t\t\t\trequests:
-                      cpu: parameter.cpu\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif parameter[\"memory\"]
-                      != _|_ {\n\t\t\t\t\t\tresources: {\n\t\t\t\t\t\t\tlimits: memory:
-                      \  parameter.memory\n\t\t\t\t\t\t\trequests: memory: parameter.memory\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tif
-                      parameter[\"livenessProbe\"] != _|_ {\n\t\t\t\t\t\tlivenessProbe:
-                      parameter.livenessProbe\n\t\t\t\t\t}\n\n\t\t\t\t\tif parameter[\"readinessProbe\"]
-                      != _|_ {\n\t\t\t\t\t\treadinessProbe: parameter.readinessProbe\n\t\t\t\t\t}\n\n\t\t\t\t\tlifecycle:
-                      {\n\t\t\t\t\t\tif parameter.postStart != _|_ {\n\t\t\t\t\t\t\tpostStart:
-                      exec: command: parameter.postStart\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif
-                      parameter.preStop != _|_ {\n\t\t\t\t\t\t\tpreStop: exec: command:
-                      parameter.preStop\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}]\n\t\t\t\tif
-                      parameter.hostAliases != _|_ {\n\t\t\t\t\thostAliases: parameter.hostAliases\n\t\t\t\t}\n\t\t\t\tif
-                      parameter[\"imagePullSecrets\"] != _|_ {\n\t\t\t\t\timagePullSecrets:
-                      [ for v in parameter.imagePullSecrets {name: v}]\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tif
-                      parameter.updateStrategyType != _|_ {\n\t\t\tupdateStrategy: {\n\t\t\t\ttype:
-                      parameter.updateStrategyType\n\t\t\t}\n\t\t}\n\t}\n}\nparameter:
-                      {\n\t// +usage=Which image would you like to use for your service\n\t//
-                      +short=i\n\timage: string\n\n\t// +usage=Specify image pull policy
-                      for your service\n\timagePullPolicy?: string\n\n\t// +usage=Specify
-                      image pull secrets for your service\n\timagePullSecrets?: [...string]\n\n\t//
-                      +usage=Number of CPU units for the service, like `0.5` (0.5 CPU
-                      core), `1` (1 CPU core)\n\tcpu?: string\n\n\t// +usage=Specify the
-                      amount of memory to limit\n\tmemory?: *\"2048Mi\" | =~\"^([1-9][0-9]{0,63})(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)$\"\n\n\t//
-                      +usage=Commands to run in the container\n\tcmd?: [...string]\n\n\t//
-                      +usage=Arguments to the command.\n\targs?: [...string]\n\n\t// +usage=postStart
-                      commands will be called immediately after a container is created.\n\tpostStart?:
-                      [...string]\n\n\t// +usage=PreStop is called immediately before
-                      a container is terminated due to an API request or management event
-                      such as liveness/startup probe failure, preemption, resource contention,
-                      etc. The handler is not called if the container crashes or exits.
-                      The reason for termination is passed to the handler. The Pod's termination
-                      grace period countdown begins before the PreStop hooked is executed.
-                      Regardless of the outcome of the handler, the container will eventually
-                      terminate within the Pod's termination grace period. Other management
-                      of the container blocks until the hook completes or until the termination
-                      grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks\n\tpreStop?:
-                      [...string]\n\n\t// +usage=Which port do you want customer traffic
-                      sent to\n\t// +short=p\n\tport: *80 | int\n\n\t// +usage=Define
-                      arguments by using environment variables\n\tenv?: [...#ENV]\n\n\t//
-                      +usage=Cloneset updateStrategy, candidates are `ReCreate`/`InPlaceIfPossible`/`InPlaceOnly`\n\tupdateStrategyType?:
-                      string\n\n\t// +usage=HostAliases is a list of hosts and IPs that
-                      will be write into the pod's hosts file\n\thostAliases?: [...{\n\t\thostnames:
-                      [...string]\n\t\tip: string\n\t}]\n\n\t// +usage=Instructions for
-                      assessing whether the container is alive.\n\tlivenessProbe?: #HealthProbe\n\n\t//
-                      +usage=Instructions for assessing whether the container is in a
-                      suitable state to serve traffic.\n\treadinessProbe?: #HealthProbe\n}\n\n#ENV:
-                      {\n\t// +usage=Environment variable name\n\tname: string\n\t// +usage=The
-                      value of the environment variable\n\tvalue?: string\n\t// +usage=Specifies
-                      a source the value of this var should come from\n\tvalueFrom?: {\n\t\t//
-                      +usage=Selects a key of a secret in the pod's namespace\n\t\tsecretKeyRef:
-                      {\n\t\t\t// +usage=The name of the secret in the pod's namespace
-                      to select from\n\t\t\tname: string\n\t\t\t// +usage=The key of the
-                      secret to select from. Must be a valid secret key\n\t\t\tkey: string\n\t\t}\n\t}\n}\n\n#HealthProbe:
-                      {\n\n\t// +usage=Instructions for assessing container health by
-                      executing a command. Either this attribute or the httpGet attribute
-                      or the tcpSocket attribute MUST be specified. This attribute is
-                      mutually exclusive with both the httpGet attribute and the tcpSocket
-                      attribute.\n\texec?: {\n\t\t// +usage=A command to be executed inside
-                      the container to assess its health. Each space delimited token of
-                      the command is a separate array element. Commands exiting 0 are
-                      considered to be successful probes, whilst all other exit codes
-                      are considered failures.\n\t\tcommand: [...string]\n\t}\n\n\t//
-                      +usage=Instructions for assessing container health by executing
-                      an HTTP GET request. Either this attribute or the exec attribute
-                      or the tcpSocket attribute MUST be specified. This attribute is
-                      mutually exclusive with both the exec attribute and the tcpSocket
-                      attribute.\n\thttpGet?: {\n\t\t// +usage=The endpoint, relative
-                      to the port, to which the HTTP GET request should be directed.\n\t\tpath:
-                      string\n\t\t// +usage=The TCP socket within the container to which
-                      the HTTP GET request should be directed.\n\t\tport: int\n\t\thttpHeaders?:
-                      [...{\n\t\t\tname:  string\n\t\t\tvalue: string\n\t\t}]\n\t}\n\n\t//
-                      +usage=Instructions for assessing container health by probing a
-                      TCP socket. Either this attribute or the exec attribute or the httpGet
-                      attribute MUST be specified. This attribute is mutually exclusive
-                      with both the exec attribute and the httpGet attribute.\n\ttcpSocket?:
-                      {\n\t\t// +usage=The TCP socket within the container that should
-                      be probed to assess container health.\n\t\tport: int\n\t}\n\n\t//
-                      +usage=Number of seconds after the container is started before the
-                      first probe is initiated.\n\tinitialDelaySeconds: *0 | int\n\n\t//
-                      +usage=How often, in seconds, to execute the probe.\n\tperiodSeconds:
-                      *10 | int\n\n\t// +usage=Number of seconds after which the probe
-                      times out.\n\ttimeoutSeconds: *1 | int\n\n\t// +usage=Minimum consecutive
-                      successes for the probe to be considered successful after having
-                      failed.\n\tsuccessThreshold: *1 | int\n\n\t// +usage=Number of consecutive
-                      failures required to determine the container is not alive (liveness
-                      probe) or not ready (readiness probe).\n\tfailureThreshold: *3 |
-                      int\n} \n"
-                workload:
-                  definition:
-                    apiVersion: apps.kruise.io/v1alpha1
-                    kind: CloneSet
-            type: raw
-          - name: predownloadimage
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: WorkflowStepDefinition
-              metadata:
-                name: predownloadimage
-              spec:
-                schematic:
-                  cue:
-                    template: "import (\"vela/op\")\nparameter: {\n  image: string\n  parallel:
-                      int\n  kvs: [string]: string\n  type: *\"Always\" | string\n  activeDeadlineSeconds:
-                      *1200 | int\n  ttlSecondsAfterFinished: *300 | int\n  backoffLimit?:
-                      int\n  timeoutSeconds?: int\n  arr: [...string]\n}\n\npullImageJob:
-                      op.#Apply & {\n  value:{\n    apiVersion: \"apps.kruise.io/v1alpha1\"\n
-                      \   kind:       \"ImagePullJob\"\n    metadata: {\n      name: \"pull-image-job\"\n
-                      \   }\n    spec: {\n      image: parameter.image\n      parallelism:
-                      parameter.parallel\n      selector: matchLabels: parameter.kvs\n
-                      \     completionPolicy: {\n        type: parameter.type\n        activeDeadlineSeconds:
-                      parameter.activeDeadlineSeconds\n        ttlSecondsAfterFinished:
-                      parameter.ttlSecondsAfterFinished\n      }\n      pullPolicy: {\n
-                      \       if parameter.backoffLimit != _|_ {\n          backoffLimit:
-                      parameter.backoffLimit\n        }\n        if parameter.timeoutSeconds
-                      != _|_ {\n          timeoutSeconds: parameter.timeoutSeconds\n        }\n
-                      \     }\n      pullSecrets: parameter.arr\n    }            \n  }
-                      \         \n} \n"
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
+      components:
+      - name: kruise
+        properties:
+          chart: ./charts/kruise/v0.9.0
+          git:
+            branch: master
+          repoType: git
+          url: https://github.com/openkruise/kruise
+          values:
+            featureGates: PreDownloadImageForInPlaceUpdate=true
+        type: helm
+      - name: cloneset
+        properties:
           apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Describes long-running, scalable, containerized
+                services that have a stable network endpoint to receive external network
+                traffic from customers. If workload type is skipped for any service defined
+                in Appfile, it will be defaulted to `webservice` type.
+            name: cloneset
+            namespace: vela-system
+          spec:
+            schematic:
+              cue:
+                template: "output: {\n\tapiVersion: \"apps.kruise.io/v1alpha1\"\n\tkind:
+                  \      \"CloneSet\"\n\tmetadata: labels: {\n\t\t\"app.oam.dev/component\":
+                  context.name\n\t}\n\tspec: {\n\t\tselector: matchLabels: {\n\t\t\t\"app.oam.dev/component\":
+                  context.name\n\t\t}\n\n\t\ttemplate: {\n\t\t\tmetadata: labels: {\n\t\t\t\t\"app.oam.dev/component\":
+                  context.name\n\t\t\t}\n\n\t\t\tspec: {\n\t\t\t\tcontainers: [{\n\t\t\t\t\tname:
+                  \ context.name\n\t\t\t\t\timage: parameter.image\n\n\t\t\t\t\tif parameter.cmd
+                  != _|_ {\n\t\t\t\t\t\tcommand: parameter.cmd\n\t\t\t\t\t}\n\t\t\t\t\tif
+                  parameter.args != _|_ {\n\t\t\t\t\t\targs: parameter.args\n\t\t\t\t\t}\n\t\t\t\t\tif
+                  parameter.env != _|_ {\n\t\t\t\t\t\tenv: parameter.env\n\t\t\t\t\t}\n\n\t\t\t\t\tif
+                  context.config != _|_ {\n\t\t\t\t\t\tenv: context.config\n\t\t\t\t\t}\n\n\t\t\t\t\tif
+                  parameter[\"imagePullPolicy\"] != _|_ {\n\t\t\t\t\t\timagePullPolicy:
+                  parameter.imagePullPolicy\n\t\t\t\t\t}\n\n\t\t\t\t\tports: [{\n\t\t\t\t\t\tcontainerPort:
+                  parameter.port\n\t\t\t\t\t}]\n\n\t\t\t\t\tif parameter[\"cpu\"] != _|_
+                  {\n\t\t\t\t\t\tresources: {\n\t\t\t\t\t\t\tlimits: cpu:   parameter.cpu\n\t\t\t\t\t\t\trequests:
+                  cpu: parameter.cpu\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif parameter[\"memory\"]
+                  != _|_ {\n\t\t\t\t\t\tresources: {\n\t\t\t\t\t\t\tlimits: memory:   parameter.memory\n\t\t\t\t\t\t\trequests:
+                  memory: parameter.memory\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tif
+                  parameter[\"livenessProbe\"] != _|_ {\n\t\t\t\t\t\tlivenessProbe: parameter.livenessProbe\n\t\t\t\t\t}\n\n\t\t\t\t\tif
+                  parameter[\"readinessProbe\"] != _|_ {\n\t\t\t\t\t\treadinessProbe:
+                  parameter.readinessProbe\n\t\t\t\t\t}\n\n\t\t\t\t\tlifecycle: {\n\t\t\t\t\t\tif
+                  parameter.postStart != _|_ {\n\t\t\t\t\t\t\tpostStart: exec: command:
+                  parameter.postStart\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif parameter.preStop
+                  != _|_ {\n\t\t\t\t\t\t\tpreStop: exec: command: parameter.preStop\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}]\n\t\t\t\tif
+                  parameter.hostAliases != _|_ {\n\t\t\t\t\thostAliases: parameter.hostAliases\n\t\t\t\t}\n\t\t\t\tif
+                  parameter[\"imagePullSecrets\"] != _|_ {\n\t\t\t\t\timagePullSecrets:
+                  [ for v in parameter.imagePullSecrets {name: v}]\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tif
+                  parameter.updateStrategyType != _|_ {\n\t\t\tupdateStrategy: {\n\t\t\t\ttype:
+                  parameter.updateStrategyType\n\t\t\t}\n\t\t}\n\t}\n}\nparameter: {\n\t//
+                  +usage=Which image would you like to use for your service\n\t// +short=i\n\timage:
+                  string\n\n\t// +usage=Specify image pull policy for your service\n\timagePullPolicy?:
+                  string\n\n\t// +usage=Specify image pull secrets for your service\n\timagePullSecrets?:
+                  [...string]\n\n\t// +usage=Number of CPU units for the service, like
+                  `0.5` (0.5 CPU core), `1` (1 CPU core)\n\tcpu?: string\n\n\t// +usage=Specify
+                  the amount of memory to limit\n\tmemory?: *\"2048Mi\" | =~\"^([1-9][0-9]{0,63})(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)$\"\n\n\t//
+                  +usage=Commands to run in the container\n\tcmd?: [...string]\n\n\t//
+                  +usage=Arguments to the command.\n\targs?: [...string]\n\n\t// +usage=postStart
+                  commands will be called immediately after a container is created.\n\tpostStart?:
+                  [...string]\n\n\t// +usage=PreStop is called immediately before a container
+                  is terminated due to an API request or management event such as liveness/startup
+                  probe failure, preemption, resource contention, etc. The handler is
+                  not called if the container crashes or exits. The reason for termination
+                  is passed to the handler. The Pod's termination grace period countdown
+                  begins before the PreStop hooked is executed. Regardless of the outcome
+                  of the handler, the container will eventually terminate within the Pod's
+                  termination grace period. Other management of the container blocks until
+                  the hook completes or until the termination grace period is reached.
+                  More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks\n\tpreStop?:
+                  [...string]\n\n\t// +usage=Which port do you want customer traffic sent
+                  to\n\t// +short=p\n\tport: *80 | int\n\n\t// +usage=Define arguments
+                  by using environment variables\n\tenv?: [...#ENV]\n\n\t// +usage=Cloneset
+                  updateStrategy, candidates are `ReCreate`/`InPlaceIfPossible`/`InPlaceOnly`\n\tupdateStrategyType?:
+                  string\n\n\t// +usage=HostAliases is a list of hosts and IPs that will
+                  be write into the pod's hosts file\n\thostAliases?: [...{\n\t\thostnames:
+                  [...string]\n\t\tip: string\n\t}]\n\n\t// +usage=Instructions for assessing
+                  whether the container is alive.\n\tlivenessProbe?: #HealthProbe\n\n\t//
+                  +usage=Instructions for assessing whether the container is in a suitable
+                  state to serve traffic.\n\treadinessProbe?: #HealthProbe\n}\n\n#ENV:
+                  {\n\t// +usage=Environment variable name\n\tname: string\n\t// +usage=The
+                  value of the environment variable\n\tvalue?: string\n\t// +usage=Specifies
+                  a source the value of this var should come from\n\tvalueFrom?: {\n\t\t//
+                  +usage=Selects a key of a secret in the pod's namespace\n\t\tsecretKeyRef:
+                  {\n\t\t\t// +usage=The name of the secret in the pod's namespace to
+                  select from\n\t\t\tname: string\n\t\t\t// +usage=The key of the secret
+                  to select from. Must be a valid secret key\n\t\t\tkey: string\n\t\t}\n\t}\n}\n\n#HealthProbe:
+                  {\n\n\t// +usage=Instructions for assessing container health by executing
+                  a command. Either this attribute or the httpGet attribute or the tcpSocket
+                  attribute MUST be specified. This attribute is mutually exclusive with
+                  both the httpGet attribute and the tcpSocket attribute.\n\texec?: {\n\t\t//
+                  +usage=A command to be executed inside the container to assess its health.
+                  Each space delimited token of the command is a separate array element.
+                  Commands exiting 0 are considered to be successful probes, whilst all
+                  other exit codes are considered failures.\n\t\tcommand: [...string]\n\t}\n\n\t//
+                  +usage=Instructions for assessing container health by executing an HTTP
+                  GET request. Either this attribute or the exec attribute or the tcpSocket
+                  attribute MUST be specified. This attribute is mutually exclusive with
+                  both the exec attribute and the tcpSocket attribute.\n\thttpGet?: {\n\t\t//
+                  +usage=The endpoint, relative to the port, to which the HTTP GET request
+                  should be directed.\n\t\tpath: string\n\t\t// +usage=The TCP socket
+                  within the container to which the HTTP GET request should be directed.\n\t\tport:
+                  int\n\t\thttpHeaders?: [...{\n\t\t\tname:  string\n\t\t\tvalue: string\n\t\t}]\n\t}\n\n\t//
+                  +usage=Instructions for assessing container health by probing a TCP
+                  socket. Either this attribute or the exec attribute or the httpGet attribute
+                  MUST be specified. This attribute is mutually exclusive with both the
+                  exec attribute and the httpGet attribute.\n\ttcpSocket?: {\n\t\t// +usage=The
+                  TCP socket within the container that should be probed to assess container
+                  health.\n\t\tport: int\n\t}\n\n\t// +usage=Number of seconds after the
+                  container is started before the first probe is initiated.\n\tinitialDelaySeconds:
+                  *0 | int\n\n\t// +usage=How often, in seconds, to execute the probe.\n\tperiodSeconds:
+                  *10 | int\n\n\t// +usage=Number of seconds after which the probe times
+                  out.\n\ttimeoutSeconds: *1 | int\n\n\t// +usage=Minimum consecutive
+                  successes for the probe to be considered successful after having failed.\n\tsuccessThreshold:
+                  *1 | int\n\n\t// +usage=Number of consecutive failures required to determine
+                  the container is not alive (liveness probe) or not ready (readiness
+                  probe).\n\tfailureThreshold: *3 | int\n} \n"
+            workload:
+              definition:
+                apiVersion: apps.kruise.io/v1alpha1
+                kind: CloneSet
+        type: raw
+      - name: predownloadimage
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: WorkflowStepDefinition
+          metadata:
+            name: predownloadimage
+          spec:
+            schematic:
+              cue:
+                template: "import (\"vela/op\")\nparameter: {\n  image: string\n  parallel:
+                  int\n  kvs: [string]: string\n  type: *\"Always\" | string\n  activeDeadlineSeconds:
+                  *1200 | int\n  ttlSecondsAfterFinished: *300 | int\n  backoffLimit?:
+                  int\n  timeoutSeconds?: int\n  arr: [...string]\n}\n\npullImageJob:
+                  op.#Apply & {\n  value:{\n    apiVersion: \"apps.kruise.io/v1alpha1\"\n
+                  \   kind:       \"ImagePullJob\"\n    metadata: {\n      name: \"pull-image-job\"\n
+                  \   }\n    spec: {\n      image: parameter.image\n      parallelism:
+                  parameter.parallel\n      selector: matchLabels: parameter.kvs\n      completionPolicy:
+                  {\n        type: parameter.type\n        activeDeadlineSeconds: parameter.activeDeadlineSeconds\n
+                  \       ttlSecondsAfterFinished: parameter.ttlSecondsAfterFinished\n
+                  \     }\n      pullPolicy: {\n        if parameter.backoffLimit != _|_
+                  {\n          backoffLimit: parameter.backoffLimit\n        }\n        if
+                  parameter.timeoutSeconds != _|_ {\n          timeoutSeconds: parameter.timeoutSeconds\n
+                  \       }\n      }\n      pullSecrets: parameter.arr\n    }            \n
+                  \ }          \n} \n"
+        type: raw
+      workflow:
+        steps:
+        - name: checking-depends-on
+          properties:
+            name: fluxcd
+            namespace: vela-system
+          type: depends-on-app
+        - name: apply-resources
+          type: apply-application
     status:
-      observedGeneration: 0
+      rollout:
+        batchRollingState: ""
+        currentBatch: 0
+        lastTargetAppRevision: ""
+        rollingState: ""
+        upgradedReadyReplicas: 0
+        upgradedReplicas: 0
 kind: ConfigMap
 metadata:
   annotations:

charts/vela-core/templates/addons/ns-flux-system.yaml

@@ -1,40 +0,0 @@
-apiVersion: v1
-data:
-  initializer: |
-    apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
-    metadata:
-      annotations:
-        addons.oam.dev/description: Create namespace for flux-system
-      name: ns-flux-system
-      namespace: vela-system
-    spec:
-      appTemplate:
-        spec:
-          components:
-          - name: flux-system
-            properties:
-              apiVersion: v1
-              kind: Namespace
-              metadata:
-                name: flux-system
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-    status:
-      observedGeneration: 0
-kind: ConfigMap
-metadata:
-  annotations:
-    addons.oam.dev/description: Create namespace for flux-system
-    addons.oam.dev/name: ns-flux-system
-  labels:
-    addons.oam.dev/type: ns-flux-system
-  name: ns-flux-system
-  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/ns-istio-system.yaml

@@ -1,40 +0,0 @@
-apiVersion: v1
-data:
-  initializer: |
-    apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
-    metadata:
-      annotations:
-        addons.oam.dev/description: Create namespace for istio-system
-      name: ns-istio-system
-      namespace: vela-system
-    spec:
-      appTemplate:
-        spec:
-          components:
-          - name: istio-system
-            properties:
-              apiVersion: v1
-              kind: Namespace
-              metadata:
-                name: istio-system
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-    status:
-      observedGeneration: 0
-kind: ConfigMap
-metadata:
-  annotations:
-    addons.oam.dev/description: Create namespace for istio-system
-    addons.oam.dev/name: ns-istio-system
-  labels:
-    addons.oam.dev/type: ns-istio-system
-  name: ns-istio-system
-  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/observability-asset.yaml

@@ -1,128 +0,0 @@
-apiVersion: v1
-data:
-  initializer: |
-    apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
-    metadata:
-      annotations:
-        addons.oam.dev/description: Preparations that observability need
-      name: observability-asset
-      namespace: vela-system
-    spec:
-      appTemplate:
-        spec:
-          components:
-          - name: observability
-            properties:
-              apiVersion: v1
-              kind: Namespace
-              metadata:
-                name: observability
-            type: raw
-          - name: import-grafana-dashboard
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: TraitDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Add a datasource to Grafana
-                name: import-grafana-dashboard
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: "outputs: registerdatasource: {\n\tapiVersion: \"grafana.extension.oam.dev/v1alpha1\"\n\tkind:
-                      \      \"ImportDashboard\"\n\tspec: {\n\t\tgrafana: {\n\t\t\tservice:
-                      \                  parameter.grafanaServiceName\n\t\t\tnamespace:
-                      \                parameter.grafanaServiceNamespace\n\t\t\tcredentialSecret:
-                      \         parameter.credentialSecret\n\t\t\tcredentialSecretNamespace:
-                      parameter.credentialSecretNamespace\n\t\t}\n\t\turls: parameter.urls\n\t}\n}\nparameter:
-                      {\n\tgrafanaServiceName:        string\n\tgrafanaServiceNamespace:
-                      \  *\"default\" | string\n\tcredentialSecret:          string\n\tcredentialSecretNamespace:
-                      *\"default\" | string\n\turls: [...string]\n} \n"
-            type: raw
-          - name: pure-ingress
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: TraitDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Enable public web traffic for the component
-                    without creating a Service.
-                name: pure-ingress
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: "\noutputs: ingress: {\n\tapiVersion: \"networking.k8s.io/v1beta1\"\n\tkind:
-                      \      \"Ingress\"\n\tmetadata:\n\t\tname: context.name\n\tspec:
-                      {\n\t\trules: [{\n\t\t\thost: parameter.domain\n\t\t\thttp: {\n\t\t\t\tpaths:
-                      [\n\t\t\t\t\tfor k, v in parameter.http {\n\t\t\t\t\t\tpath: k\n\t\t\t\t\t\tbackend:
-                      {\n\t\t\t\t\t\t\tserviceName: context.name\n\t\t\t\t\t\t\tservicePort:
-                      v\n\t\t\t\t\t\t}\n\t\t\t\t\t},\n\t\t\t\t]\n\t\t\t}\n\t\t}]\n\t}\n}\n\nparameter:
-                      {\n\t// +usage=Specify the domain you want to expose\n\tdomain:
-                      string\n\n\t// +usage=Specify the mapping relationship between the
-                      http path and the workload port\n\thttp: [string]: int\n}\n"
-                status:
-                  customStatus: |-
-                    let igs = context.outputs.ingress.status.loadBalancer.ingress
-                    if igs == _|_ {
-                      message: "No loadBalancer found, visiting by using 'vela port-forward " + context.appName + " --route'\n"
-                    }
-                    if len(igs) > 0 {
-                      if igs[0].ip != _|_ {
-                        message: "Visiting URL: " + context.outputs.ingress.spec.rules[0].host + ", IP: " + igs[0].ip
-                      }
-                      if igs[0].ip == _|_ {
-                        message: "Visiting URL: " + context.outputs.ingress.spec.rules[0].host
-                      }
-                    }
-                  healthPolicy: |
-                    isHealth: len(context.outputs.ingress.status.loadBalancer.ingress) > 0
-            type: raw
-          - name: register-grafana-datasource
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: TraitDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Add a datasource to Grafana
-                name: register-grafana-datasource
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: "outputs: registerdatasource: {\n\tapiVersion: \"grafana.extension.oam.dev/v1alpha1\"\n\tkind:
-                      \      \"DatasourceRegistration\"\n\tspec: {\n\t\tgrafana: {\n\t\t\tservice:
-                      \                  parameter.grafanaServiceName\n\t\t\tnamespace:
-                      \                parameter.grafanaServiceNamespace\n\t\t\tcredentialSecret:
-                      \         parameter.credentialSecret\n\t\t\tcredentialSecretNamespace:
-                      parameter.credentialSecretNamespace\n\t\t}\n\t\tdatasource: {\n\t\t\tname:
-                      \     parameter.name\n\t\t\ttype:      parameter.type\n\t\t\taccess:
-                      \   parameter.access\n\t\t\tservice:   parameter.service\n\t\t\tnamespace:
-                      parameter.namespace\n\t\t}\n\t}\n}\n\nparameter: {\n\tgrafanaServiceName:
-                      \       string\n\tgrafanaServiceNamespace:   *\"default\" | string\n\tcredentialSecret:
-                      \         string\n\tcredentialSecretNamespace: string\n\tname:                      string\n\ttype:
-                      \                     string\n\taccess:                    *\"proxy\"
-                      | string\n\tservice:                   string\n\tnamespace:                 *\"default\"
-                      | string\n}\n"
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-    status:
-      observedGeneration: 0
-kind: ConfigMap
-metadata:
-  annotations:
-    addons.oam.dev/description: Preparations that observability need
-    addons.oam.dev/name: observability-asset
-  labels:
-    addons.oam.dev/type: observability-asset
-  name: observability-asset
-  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/observability.yaml

@@ -1,149 +1,243 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
         addons.oam.dev/description: An out of the box solution for KubeVela observability
       name: observability
-      namespace: observability
+      namespace: vela-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: grafana-registration
-            properties:
-              chart: ./chart
-              git:
-                branch: master
-              repoType: git
-              targetNamespace: observability
-              url: https://github.com/oam-dev/grafana-registration
-              values:
-                replicaCount: 1
-            type: helm
-          - name: grafana
-            properties:
-              chart: grafana
-              releaseName: grafana
-              repoType: helm
-              targetNamespace: observability
-              url: https://grafana.github.io/helm-charts
-              version: 6.14.1
-            traits:
-            - properties:
-                domain: '[[ index .Args "grafana-domain" ]]'
-                http:
-                  /: 80
-              type: pure-ingress
-            - properties:
-                credentialSecret: grafana
-                credentialSecretNamespace: observability
-                grafanaServiceName: grafana
-                grafanaServiceNamespace: observability
-                urls:
-                - https://raw.githubusercontent.com/oam-dev/grafana-registration/master/dashboards/kubevela_core_logging.json
-                - https://raw.githubusercontent.com/oam-dev/grafana-registration/master/dashboards/kubevela_core_monitoring.json
-                - https://raw.githubusercontent.com/oam-dev/grafana-registration/master/dashboards/flux2/cluster.json
-                - https://raw.githubusercontent.com/oam-dev/grafana-registration/master/dashboards/kubevela_application_logging.json
-              type: import-grafana-dashboard
-            type: helm
-          - name: loki
-            properties:
-              chart: loki-stack
-              releaseName: loki
-              repoType: helm
-              targetNamespace: observability
-              url: https://grafana.github.io/helm-charts
-              version: 2.4.1
-            traits:
-            - properties:
-                access: proxy
-                credentialSecret: grafana
-                credentialSecretNamespace: observability
-                grafanaServiceName: grafana
-                grafanaServiceNamespace: observability
-                name: loki
-                namespace: observability
-                service: loki
-                type: loki
-              type: register-grafana-datasource
-            type: helm
-          - name: prometheus-server
-            properties:
-              chart: prometheus
-              releaseName: prometheus
-              repoType: helm
-              targetNamespace: observability
-              url: https://prometheus-community.github.io/helm-charts
-              values:
-                alertmanager:
-                  persistentVolume:
-                    enabled: '[[ index .Args "alertmanager-pvc-enabled" | default "true"
-                      ]]'
-                    size: '[[ index .Args "alertmanager-pvc-size" | default "20Gi" ]]'
-                    storageClass: '[[ index .Args "alertmanager-pvc-class" ]]'
-                server:
-                  persistentVolume:
-                    enabled: '[[ index .Args "server-pvc-enabled" | default "true" ]]'
-                    size: '[[ index .Args "server-pvc-size" | default "20Gi" ]]'
-                    storageClass: '[[ index .Args "server-pvc-class" ]]'
-              version: 14.4.1
-            traits:
-            - properties:
-                access: proxy
-                credentialSecret: grafana
-                credentialSecretNamespace: observability
-                grafanaServiceName: grafana
-                grafanaServiceNamespace: observability
-                name: prometheus
-                namespace: observability
-                service: prometheus-server
-                type: prometheus
-              type: register-grafana-datasource
-            type: helm
-          - name: kube-state-metrics
-            properties:
-              chart: kube-state-metrics
-              repoType: helm
-              targetNamespace: observability
-              url: https://prometheus-community.github.io/helm-charts
-              values:
-                image:
-                  repository: oamdev/kube-state-metrics
-                  tag: v2.1.0
-              version: 3.4.1
-            type: helm
-          - name: kube-prometheus-stack
-            properties:
-              chart: kube-prometheus-stack
-              repoType: helm
-              targetNamespace: observability
-              url: https://prometheus-community.github.io/helm-charts
-              version: 18.0.0
-            type: helm
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
+      components:
+      - name: ns-observability
+        properties:
+          apiVersion: v1
+          kind: Namespace
+          metadata:
+            name: observability
+        type: raw
+      - name: import-grafana-dashboard-traitdef
+        properties:
           apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
-      - ref:
+          kind: TraitDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Import dashboards to Grafana
+            name: import-grafana-dashboard
+            namespace: vela-system
+          spec:
+            schematic:
+              cue:
+                template: "outputs: registerdatasource: {\n\tapiVersion: \"grafana.extension.oam.dev/v1alpha1\"\n\tkind:
+                  \      \"ImportDashboard\"\n\tspec: {\n\t\tgrafana: {\n\t\t\tservice:
+                  \                  parameter.grafanaServiceName\n\t\t\tnamespace:                 parameter.grafanaServiceNamespace\n\t\t\tcredentialSecret:
+                  \         parameter.credentialSecret\n\t\t\tcredentialSecretNamespace:
+                  parameter.credentialSecretNamespace\n\t\t}\n\t\turls: parameter.urls\n\t}\n}\nparameter:
+                  {\n\tgrafanaServiceName:        string\n\tgrafanaServiceNamespace:   *\"default\"
+                  | string\n\tcredentialSecret:          string\n\tcredentialSecretNamespace:
+                  *\"default\" | string\n\turls: [...string]\n}\n"
+        type: raw
+      - name: pure-ingress-traitdef
+        properties:
           apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: observability-asset
-          namespace: vela-system
+          kind: TraitDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Enable public web traffic for the component
+                without creating a Service.
+            name: pure-ingress
+            namespace: vela-system
+          spec:
+            schematic:
+              cue:
+                template: "\noutputs: ingress: {\n\tapiVersion: \"networking.k8s.io/v1beta1\"\n\tkind:
+                  \      \"Ingress\"\n\tmetadata:\n\t\tname: context.name\n\tspec: {\n\t\trules:
+                  [{\n\t\t\thost: parameter.domain\n\t\t\thttp: {\n\t\t\t\tpaths: [\n\t\t\t\t\tfor
+                  k, v in parameter.http {\n\t\t\t\t\t\tpath: k\n\t\t\t\t\t\tbackend:
+                  {\n\t\t\t\t\t\t\tserviceName: context.name\n\t\t\t\t\t\t\tservicePort:
+                  v\n\t\t\t\t\t\t}\n\t\t\t\t\t},\n\t\t\t\t]\n\t\t\t}\n\t\t}]\n\t}\n}\n\nparameter:
+                  {\n\t// +usage=Specify the domain you want to expose\n\tdomain: string\n\n\t//
+                  +usage=Specify the mapping relationship between the http path and the
+                  workload port\n\thttp: [string]: int\n}\n"
+            status:
+              customStatus: |-
+                let igs = context.outputs.ingress.status.loadBalancer.ingress
+                if igs == _|_ {
+                  message: "No loadBalancer found, visiting by using 'vela port-forward " + context.appName + " --route'\n"
+                }
+                if len(igs) > 0 {
+                  if igs[0].ip != _|_ {
+                    message: "Visiting URL: " + context.outputs.ingress.spec.rules[0].host + ", IP: " + igs[0].ip
+                  }
+                  if igs[0].ip == _|_ {
+                    message: "Visiting URL: " + context.outputs.ingress.spec.rules[0].host
+                  }
+                }
+              healthPolicy: |
+                isHealth: len(context.outputs.ingress.status.loadBalancer.ingress) > 0
+        type: raw
+      - name: register-grafana-datasource-traitdef
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: TraitDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Add a datasource to Grafana
+            name: register-grafana-datasource
+            namespace: vela-system
+          spec:
+            schematic:
+              cue:
+                template: "outputs: registerdatasource: {\n\tapiVersion: \"grafana.extension.oam.dev/v1alpha1\"\n\tkind:
+                  \      \"DatasourceRegistration\"\n\tspec: {\n\t\tgrafana: {\n\t\t\tservice:
+                  \                  parameter.grafanaServiceName\n\t\t\tnamespace:                 parameter.grafanaServiceNamespace\n\t\t\tcredentialSecret:
+                  \         parameter.credentialSecret\n\t\t\tcredentialSecretNamespace:
+                  parameter.credentialSecretNamespace\n\t\t}\n\t\tdatasource: {\n\t\t\tname:
+                  \     parameter.name\n\t\t\ttype:      parameter.type\n\t\t\taccess:
+                  \   parameter.access\n\t\t\tservice:   parameter.service\n\t\t\tnamespace:
+                  parameter.namespace\n\t\t}\n\t}\n}\n\nparameter: {\n\tgrafanaServiceName:
+                  \       string\n\tgrafanaServiceNamespace:   *\"default\" | string\n\tcredentialSecret:
+                  \         string\n\tcredentialSecretNamespace: string\n\tname:                      string\n\ttype:
+                  \                     string\n\taccess:                    *\"proxy\"
+                  | string\n\tservice:                   string\n\tnamespace:                 *\"default\"
+                  | string\n}\n"
+        type: raw
+      - name: grafana-registration
+        properties:
+          chart: ./chart
+          git:
+            branch: master
+          repoType: git
+          targetNamespace: observability
+          url: https://github.com/oam-dev/grafana-registration
+          values:
+            replicaCount: 1
+        type: helm
+      - name: grafana
+        properties:
+          chart: grafana
+          releaseName: grafana
+          repoType: helm
+          targetNamespace: observability
+          url: https://charts.kubevela.net/addons
+          version: 6.14.1
+        traits:
+        - properties:
+            domain: '[[ index .Args "grafana-domain" ]]'
+            http:
+              /: 80
+          type: pure-ingress
+        - properties:
+            credentialSecret: grafana
+            credentialSecretNamespace: observability
+            grafanaServiceName: grafana
+            grafanaServiceNamespace: observability
+            urls:
+            - https://charts.kubevela.net/addons/dashboards/kubevela_core_logging.json
+            - https://charts.kubevela.net/addons/dashboards/kubevela_core_monitoring.json
+            - https://charts.kubevela.net/addons/dashboards/kubevela_application_logging.json
+            - https://charts.kubevela.net/addons/dashboards/flux2/cluster.json
+          type: import-grafana-dashboard
+        type: helm
+      - name: loki
+        properties:
+          chart: loki-stack
+          releaseName: loki
+          repoType: helm
+          targetNamespace: observability
+          url: https://charts.kubevela.net/addons
+          version: 2.4.1
+        traits:
+        - properties:
+            access: proxy
+            credentialSecret: grafana
+            credentialSecretNamespace: observability
+            grafanaServiceName: grafana
+            grafanaServiceNamespace: observability
+            name: loki
+            namespace: observability
+            service: loki
+            type: loki
+          type: register-grafana-datasource
+        type: helm
+      - name: prometheus-server
+        properties:
+          chart: prometheus
+          releaseName: prometheus
+          repoType: helm
+          targetNamespace: observability
+          url: https://charts.kubevela.net/addons
+          values:
+            alertmanager:
+              persistentVolume:
+                enabled: '[[ index .Args "alertmanager-pvc-enabled" | default "true" ]]'
+                size: '[[ index .Args "alertmanager-pvc-size" | default "20Gi" ]]'
+                storageClass: '[[ index .Args "alertmanager-pvc-class" ]]'
+            server:
+              persistentVolume:
+                enabled: '[[ index .Args "server-pvc-enabled" | default "true" ]]'
+                size: '[[ index .Args "server-pvc-size" | default "20Gi" ]]'
+                storageClass: '[[ index .Args "server-pvc-class" ]]'
+          version: 14.4.1
+        traits:
+        - properties:
+            access: proxy
+            credentialSecret: grafana
+            credentialSecretNamespace: observability
+            grafanaServiceName: grafana
+            grafanaServiceNamespace: observability
+            name: prometheus
+            namespace: observability
+            service: prometheus-server
+            type: prometheus
+          type: register-grafana-datasource
+        type: helm
+      - name: kube-state-metrics
+        properties:
+          chart: kube-state-metrics
+          repoType: helm
+          targetNamespace: observability
+          url: https://charts.kubevela.net/addons
+          values:
+            image:
+              repository: oamdev/kube-state-metrics
+              tag: v2.1.0
+          version: 3.4.1
+        type: helm
+      workflow:
+        steps:
+        - name: checking-depends-on
+          properties:
+            name: fluxcd
+            namespace: vela-system
+          type: depends-on-app
+        - name: apply-ns
+          properties:
+            component: ns-observability
+          type: apply-component
+        - name: apply-trait-1
+          properties:
+            component: import-grafana-dashboard-traitdef
+          type: apply-component
+        - name: apply-trait-2
+          properties:
+            component: pure-ingress-traitdef
+          type: apply-component
+        - name: apply-trait-3
+          properties:
+            component: register-grafana-datasource-traitdef
+          type: apply-component
+        - name: apply-resources
+          type: apply-remaining
     status:
-      observedGeneration: 0
+      rollout:
+        batchRollingState: ""
+        currentBatch: 0
+        lastTargetAppRevision: ""
+        rollingState: ""
+        upgradedReadyReplicas: 0
+        upgradedReplicas: 0
 kind: ConfigMap
 metadata:
   annotations:

charts/vela-core/templates/addons/prometheus.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
         addons.oam.dev/description: Prometheus is an open-source systems monitoring and
@@ -10,31 +10,30 @@ data:
       name: prometheus
       namespace: vela-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: prometheus
-            properties:
-              chart: premetheus
-              repoType: helm
-              url: https://prometheus-community.github.io/helm-charts
-            type: helm
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
-          apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
+      components:
+      - name: prometheus
+        properties:
+          chart: premetheus
+          repoType: helm
+          url: https://prometheus-community.github.io/helm-charts
+        type: helm
+      workflow:
+        steps:
+        - name: checking-depends-on
+          properties:
+            name: fluxcd
+            namespace: vela-system
+          type: depends-on-app
+        - name: apply-resources
+          type: apply-application
     status:
-      observedGeneration: 0
+      rollout:
+        batchRollingState: ""
+        currentBatch: 0
+        lastTargetAppRevision: ""
+        rollingState: ""
+        upgradedReadyReplicas: 0
+        upgradedReplicas: 0
 kind: ConfigMap
 metadata:
   annotations:

charts/vela-core/templates/addons/terraform-provider-alibaba.yaml

@@ -1,63 +1,59 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
-        addons.oam.dev/description: terraform provider (alibaba)
+        addons.oam.dev/description: Kubernetes Terraform Controller for Alibaba Cloud
         addons.oam.dev/name: terraform/provider-alibaba
       name: terraform-provider-alibaba
-      namespace: default
+      namespace: vela-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: alibaba-account-creds
-            properties:
-              apiVersion: v1
-              kind: Secret
-              metadata:
-                name: alibaba-provider-secret
+      components:
+      - name: alibaba-account-creds
+        properties:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: alibaba-account-creds
+            namespace: vela-system
+          stringData:
+            credentials: |
+              accessKeyID: [[ index .Args "ALICLOUD_ACCESS_KEY" ]]
+              accessKeySecret: [[ index .Args "ALICLOUD_SECRET_KEY" ]]
+              securityToken: [[ index .Args "ALICLOUD_SECURITY_TOKEN" ]]
+          type: Opaque
+        type: raw
+      - name: default
+        properties:
+          apiVersion: terraform.core.oam.dev/v1beta1
+          kind: Provider
+          metadata:
+            name: default
+            namespace: default
+          spec:
+            credentials:
+              secretRef:
+                key: credentials
+                name: alibaba-account-creds
                 namespace: vela-system
-              stringData:
-                credentials: |
-                  accessKeyID: [[ index .Args "ALICLOUD_ACCESS_KEY" ]]
-                  accessKeySecret: [[ index .Args "ALICLOUD_SECRET_KEY" ]]
-                  securityToken: [[ index .Args "ALICLOUD_SECURITY_TOKEN" ]]
-              type: Opaque
-            type: raw
-          - name: default
-            properties:
-              apiVersion: terraform.core.oam.dev/v1beta1
-              kind: Provider
-              metadata:
-                name: default
-                namespace: default
-              spec:
-                credentials:
-                  secretRef:
-                    key: credentials
-                    name: alibaba-account-creds
-                    namespace: vela-system
-                  source: Secret
-                provider: alibaba
-                region: '[[ index .Args "ALICLOUD_REGION" ]]'
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
+              source: Secret
+            provider: alibaba
+            region: '[[ index .Args "ALICLOUD_REGION" ]]'
+        type: raw
     status:
-      observedGeneration: 0
+      rollout:
+        batchRollingState: ""
+        currentBatch: 0
+        lastTargetAppRevision: ""
+        rollingState: ""
+        upgradedReadyReplicas: 0
+        upgradedReplicas: 0
 kind: ConfigMap
 metadata:
   annotations:
-    addons.oam.dev/description: terraform provider (alibaba)
+    addons.oam.dev/description: Kubernetes Terraform Controller for Alibaba Cloud
     addons.oam.dev/name: terraform/provider-alibaba
   labels:
     addons.oam.dev/type: terraform-provider-alibaba

charts/vela-core/templates/addons/terraform-provider-aws.yaml

@@ -0,0 +1,61 @@
+apiVersion: v1
+data:
+  application: |
+    apiVersion: core.oam.dev/v1beta1
+    kind: Application
+    metadata:
+      annotations:
+        addons.oam.dev/description: Kubernetes Terraform Controller for AWS
+        addons.oam.dev/name: terraform/provider-aws
+      name: terraform-provider-aws
+      namespace: vela-system
+    spec:
+      components:
+      - name: aws-account-creds
+        properties:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: aws-account-creds
+            namespace: vela-system
+          stringData:
+            credentials: |
+              awsAccessKeyID: [[ index .Args "AWS_ACCESS_KEY_ID" ]]
+              awsSecretAccessKey: [[ index .Args "AWS_SECRET_ACCESS_KEY" ]]
+              awsSessionToken: [[ index .Args "AWS_SESSION_TOKEN" ]]
+          type: Opaque
+        type: raw
+      - name: aws
+        properties:
+          apiVersion: terraform.core.oam.dev/v1beta1
+          kind: Provider
+          metadata:
+            name: aws
+            namespace: default
+          spec:
+            credentials:
+              secretRef:
+                key: credentials
+                name: aws-account-creds
+                namespace: vela-system
+              source: Secret
+            provider: aws
+            region: '[[ index .Args "AWS_DEFAULT_REGION" ]]'
+        type: raw
+    status:
+      rollout:
+        batchRollingState: ""
+        currentBatch: 0
+        lastTargetAppRevision: ""
+        rollingState: ""
+        upgradedReadyReplicas: 0
+        upgradedReplicas: 0
+kind: ConfigMap
+metadata:
+  annotations:
+    addons.oam.dev/description: Kubernetes Terraform Controller for AWS
+    addons.oam.dev/name: terraform/provider-aws
+  labels:
+    addons.oam.dev/type: terraform-provider-aws
+  name: terraform-provider-aws
+  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/terraform-provider-azure.yaml

@@ -0,0 +1,61 @@
+apiVersion: v1
+data:
+  application: |
+    apiVersion: core.oam.dev/v1beta1
+    kind: Application
+    metadata:
+      annotations:
+        addons.oam.dev/description: Kubernetes Terraform Controller for Azure
+        addons.oam.dev/name: terraform/provider-azure
+      name: terraform-provider-azure
+      namespace: vela-system
+    spec:
+      components:
+      - name: azure-account-creds
+        properties:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: azure-account-creds
+            namespace: vela-system
+          stringData:
+            credentials: |
+              armClientID: [[ index .Args "ARM_CLIENT_ID" ]]
+              armClientSecret: [[ index .Args "ARM_CLIENT_SECRET" ]]
+              armSubscriptionID: [[ index .Args "ARM_SUBSCRIPTION_ID" ]]
+              armTenantID: [[ index .Args "ARM_TENANT_ID" ]]
+          type: Opaque
+        type: raw
+      - name: azure
+        properties:
+          apiVersion: terraform.core.oam.dev/v1beta1
+          kind: Provider
+          metadata:
+            name: azure
+            namespace: default
+          spec:
+            credentials:
+              secretRef:
+                key: credentials
+                name: azure-account-creds
+                namespace: vela-system
+              source: Secret
+            provider: azure
+        type: raw
+    status:
+      rollout:
+        batchRollingState: ""
+        currentBatch: 0
+        lastTargetAppRevision: ""
+        rollingState: ""
+        upgradedReadyReplicas: 0
+        upgradedReplicas: 0
+kind: ConfigMap
+metadata:
+  annotations:
+    addons.oam.dev/description: Kubernetes Terraform Controller for Azure
+    addons.oam.dev/name: terraform/provider-azure
+  labels:
+    addons.oam.dev/type: terraform-provider-azure
+  name: terraform-provider-azure
+  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/terraform.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
         addons.oam.dev/description: Terraform Controller is a Kubernetes Controller for
@@ -10,39 +10,346 @@ data:
       name: terraform
       namespace: vela-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: terraform-controller
-            properties:
-              chart: terraform-controller
-              repoType: helm
-              url: https://charts.kubevela.net/addons
-              version: 0.1.19
-            type: helm
-          - name: terraform-system
-            properties:
-              apiVersion: v1
-              kind: Namespace
-              metadata:
-                name: terraform-system
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
+      components:
+      - name: ns-terraform-system
+        properties:
+          apiVersion: v1
+          kind: Namespace
+          metadata:
+            name: terraform-system
+        type: raw
+      - name: terraform-controller
+        properties:
+          chart: terraform-controller
+          repoType: helm
+          url: https://charts.kubevela.net/addons
+          version: 0.2.6
+        type: helm
+      - name: alibaba-ack
+        properties:
           apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                ACK cluster
+            labels:
+              type: terraform
+            name: alibaba-ack
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: https://github.com/kubevela-contrib/terraform-modules.git
+                path: alibaba/cs/dedicated-kubernetes
+                type: remote
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-eip
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                Elastic IP
+            labels:
+              type: terraform
+            name: alibaba-eip
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: https://github.com/oam-dev/terraform-alibaba-eip.git
+                type: remote
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-oss
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                OSS object
+            labels:
+              type: terraform
+            name: alibaba-oss
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: "resource \"alicloud_oss_bucket\" \"bucket-acl\" {\n  bucket
+                  = var.bucket\n  acl = var.acl\n}\noutput \"BUCKET_NAME\" {\n  value
+                  = \"${alicloud_oss_bucket.bucket-acl.bucket}.${alicloud_oss_bucket.bucket-acl.extranet_endpoint}\"\n}\nvariable
+                  \"bucket\" {\n  description = \"OSS bucket name\"\n  default = \"vela-website\"\n
+                  \ type = string\n}\nvariable \"acl\" {\n  description = \"OSS bucket
+                  ACL, supported 'private', 'public-read', 'public-read-write'\"\n  default
+                  = \"private\"\n  type = string\n} \n"
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-rds
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                RDS object
+            labels:
+              type: terraform
+            name: alibaba-rds
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: |
+                  module "rds" {
+                    source = "github.com/kubevela-contrib/terraform-alicloud-rds"
+                    engine = "MySQL"
+                    engine_version = "8.0"
+                    instance_type = "rds.mysql.c1.large"
+                    instance_storage = "20"
+                    instance_name = var.instance_name
+                    account_name = var.account_name
+                    password = var.password
+                    allocate_public_connection = var.allocate_public_connection
+                    security_ips = ["0.0.0.0/0",]
+                  }
+
+                  output "DB_NAME" {
+                    value = module.rds.this_db_instance_name
+                  }
+                  output "DB_USER" {
+                    value = module.rds.this_db_database_account
+                  }
+                  output "DB_PORT" {
+                    value = module.rds.this_db_instance_port
+                  }
+                  output "DB_HOST" {
+                    value = module.rds.this_db_instance_connection_string
+                  }
+                  output "DB_PASSWORD" {
+                    value = var.password
+                  }
+                  output "DB_PUBLIC_HOST" {
+                    value = module.rds.db_public_connection_string
+                  }
+
+                  variable "instance_name" {
+                    description = "RDS instance name"
+                    type = string
+                    default = "poc"
+                  }
+
+                  variable "account_name" {
+                    description = "RDS instance user account name"
+                    type = string
+                    default = "oam"
+                  }
+
+                  variable "password" {
+                    description = "RDS instance account password"
+                    type = string
+                    default = "Xyfff83jfewGGfaked"
+                  }
+
+                  variable "allocate_public_connection" {
+                    description = "Whether to allocate public connection for a RDS instance."
+                    type        = bool
+                    default     = true
+                  }
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: aws-s3
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for AWS S3
+            labels:
+              type: terraform
+            name: aws-s3
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: |
+                  resource "aws_s3_bucket" "bucket-acl" {
+                    bucket = var.bucket
+                    acl    = var.acl
+                  }
+
+                  output "BUCKET_NAME" {
+                    value = aws_s3_bucket.bucket-acl.bucket_domain_name
+                  }
+
+                  variable "bucket" {
+                    description = "S3 bucket name"
+                    default = "vela-website"
+                    type = string
+                  }
+
+                  variable "acl" {
+                    description = "S3 bucket ACL"
+                    default = "private"
+                    type = string
+                  }
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: azure-database-mariadb
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Azure Database
+                Mariadb
+              provider: azure
+            labels:
+              type: terraform
+            name: azure-database-mariadb
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: |
+                  # Configure the Microsoft Azure Provider
+                  provider "azurerm" {
+                    features {}
+                  }
+
+                  resource "azurerm_resource_group" "example" {
+                    name = var.resource_group
+                    location = var.location
+                  }
+
+                  resource "azurerm_mariadb_server" "example" {
+                    name = var.server_name
+                    location = var.location
+                    resource_group_name = azurerm_resource_group.example.name
+
+                    sku_name = "B_Gen5_2"
+
+                    storage_mb = 51200
+                    backup_retention_days = 7
+                    geo_redundant_backup_enabled = false
+
+                    administrator_login = var.username
+                    administrator_login_password = var.password
+                    version = "10.2"
+                    ssl_enforcement_enabled = true
+                  }
+
+                  resource "azurerm_mariadb_database" "example" {
+                    name = var.db_name
+                    resource_group_name = azurerm_resource_group.example.name
+                    server_name = azurerm_mariadb_server.example.name
+                    charset = "utf8"
+                    collation = "utf8_general_ci"
+                  }
+
+                  variable "server_name" {
+                    type = string
+                    description = "mariadb server name"
+                    default = "mariadb-svr-sample"
+                  }
+
+                  variable "db_name" {
+                    default = "backend"
+                    type = string
+                    description = "Database instance name"
+                  }
+
+                  variable "username" {
+                    default = "acctestun"
+                    type = string
+                    description = "Database instance username"
+                  }
+
+                  variable "password" {
+                    default = "H@Sh1CoR3!faked"
+                    type = string
+                    description = "Database instance password"
+                  }
+
+                  variable "location" {
+                    description = "Azure location"
+                    type = string
+                    default = "West Europe"
+                  }
+
+                  variable "resource_group" {
+                    description = "Resource group"
+                    type = string
+                    default = "kubevela-group"
+                  }
+
+                  output "SERVER_NAME" {
+                    value = var.server_name
+                  }
+
+                  output "DB_NAME" {
+                    value = var.db_name
+                  }
+                  output "DB_USER" {
+                    value = var.username
+                  }
+                  output "DB_PASSWORD" {
+                    sensitive = true
+                    value = var.password
+                  }
+                  output "DB_PORT" {
+                    value = "3306"
+                  }
+                  output "DB_HOST" {
+                    value = azurerm_mariadb_server.example.fqdn
+                  }
+                providerRef:
+                  name: azure
+                  namespace: default
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      workflow:
+        steps:
+        - name: checking-depends-on
+          properties:
+            name: fluxcd
+            namespace: vela-system
+          type: depends-on-app
+        - name: apply-ns
+          properties:
+            component: ns-terraform-system
+          type: apply-component
+        - name: apply-resources
+          type: apply-remaining
     status:
-      observedGeneration: 0
+      rollout:
+        batchRollingState: ""
+        currentBatch: 0
+        lastTargetAppRevision: ""
+        rollingState: ""
+        upgradedReadyReplicas: 0
+        upgradedReplicas: 0
 kind: ConfigMap
 metadata:
   annotations:

charts/vela-core/templates/certmanager.yaml

@@ -18,6 +18,7 @@ metadata:
 spec:
   secretName: {{ template "kubevela.fullname" . }}-root-cert
   duration: 43800h # 5y
+  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
   issuerRef:
     name: {{ template "kubevela.fullname" . }}-self-signed-issuer
   commonName: "ca.webhook.kubevela"
@@ -44,6 +45,7 @@ metadata:
 spec:
   secretName: {{ template "kubevela.fullname" . }}-admission
   duration: 8760h # 1y
+  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
   issuerRef:
     name: {{ template "kubevela.fullname" . }}-root-issuer
   dnsNames:

charts/vela-core/templates/cluster-gateway.yaml

@@ -32,12 +32,28 @@ spec:
             - "--secure-port={{ .Values.multicluster.clusterGateway.port }}"
             - "--secret-namespace={{ .Release.Namespace }}"
             - "--feature-gates=APIPriorityAndFairness=false"
+            {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+            - "--cert-dir={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}"
+            {{ end }}
           image: {{ .Values.multicluster.clusterGateway.image.repository }}:{{ .Values.multicluster.clusterGateway.image.tag }}
           imagePullPolicy: {{ .Values.multicluster.clusterGateway.image.pullPolicy }}
           resources:
           {{- toYaml .Values.multicluster.clusterGateway.resources | nindent 12 }}
           ports:
             - containerPort: {{ .Values.multicluster.clusterGateway.port }}
+          {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+          volumeMounts:
+            - mountPath: {{ .Values.multicluster.clusterGateway.secureTLS.certPath }}
+              name: tls-cert-vol
+              readOnly: true
+          {{- end }}
+      {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+      volumes:
+        - name: tls-cert-vol
+          secret:
+            defaultMode: 420
+            secretName: {{ template "kubevela.fullname" . }}-cluster-gateway-tls
+      {{ end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
       {{- toYaml . | nindent 8 }}
@@ -52,6 +68,7 @@ spec:
       {{- end }}
 {{ end }}
 ---
+{{ if .Values.multicluster.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -64,7 +81,9 @@ spec:
     - protocol: TCP
       port: {{ .Values.multicluster.clusterGateway.port }}
       targetPort: {{ .Values.multicluster.clusterGateway.port }}
+{{ end }}
 ---
+{{ if .Values.multicluster.enabled }}
 apiVersion: apiregistration.k8s.io/v1
 kind: APIService
 metadata:
@@ -81,4 +100,92 @@ spec:
     namespace: {{ .Release.Namespace }}
     port: {{ .Values.multicluster.clusterGateway.port }}
   versionPriority: 10
-  insecureSkipTLSVerify: true
+  insecureSkipTLSVerify: {{ not .Values.multicluster.clusterGateway.secureTLS.enabled }}
+  {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+  caBundle: Cg==
+  {{ end }}
+{{ end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+    {{- include "kubevela.labels" . | nindent 4 }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+      labels:
+        app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+        {{- include "kubevela.labels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: create
+        image: {{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+        imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
+        args:
+          - create
+          - --host={{ .Release.Name }}-cluster-gateway-service,{{ .Release.Name }}-cluster-gateway-service.{{ .Release.Namespace }}.svc
+          - --namespace={{ .Release.Namespace }}
+          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls
+          - --key-name=apiserver.key
+          - --cert-name=apiserver.crt
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "kubevela.fullname" . }}-admission
+      securityContext:
+        runAsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+{{ end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+    {{- include "kubevela.labels" . | nindent 4 }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+      labels:
+        app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+        {{- include "kubevela.labels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: patch
+        image: {{ .Values.multicluster.clusterGateway.image.repository }}:{{ .Values.multicluster.clusterGateway.image.tag }}
+        imagePullPolicy: {{ .Values.multicluster.clusterGateway.image.pullPolicy }}
+        command:
+          - /patch
+        args:
+          - --secret-namespace={{ .Release.Namespace }}
+          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls
+      restartPolicy: OnFailure
+      serviceAccountName: {{ include "kubevela.serviceAccountName" . }}
+      securityContext:
+        runAsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+{{ end }}

charts/vela-core/templates/definitions/terraform-alibaba-ack.yaml

@@ -1,209 +0,0 @@
-apiVersion: core.oam.dev/v1beta1
-kind: ComponentDefinition
-metadata:
-  name: alibaba-ack
-  namespace: {{.Values.systemDefinitionNamespace}}
-  annotations:
-    definition.oam.dev/description: Terraform configuration for Alibaba Cloud ACK cluster
-  labels:
-    type: terraform
-spec:
-  workload:
-    definition:
-      apiVersion: terraform.core.oam.dev/v1beta1
-      kind: Configuration
-  schematic:
-    terraform:
-      configuration: |
-        module "kubernetes" {
-          source = "github.com/zzxwill/terraform-alicloud-kubernetes"
-          new_nat_gateway = true
-          vpc_name = var.vpc_name
-          vpc_cidr = var.vpc_cidr
-          vswitch_name_prefix = var.vswitch_name_prefix
-          vswitch_cidrs = var.vswitch_cidrs
-          master_instance_types = var.master_instance_types
-          worker_instance_types = var.worker_instance_types
-          k8s_pod_cidr = var.k8s_pod_cidr
-          k8s_service_cidr = var.k8s_service_cidr
-          k8s_worker_number = var.k8s_worker_number
-          cpu_core_count = var.cpu_core_count
-          memory_size = var.memory_size
-          zone_id = var.zone_id
-          k8s_version = var.k8s_version
-          k8s_name_prefix = var.k8s_name_prefix
-        }
-        ######################
-        # Instance types variables
-        ######################
-        variable "cpu_core_count" {
-          description = "CPU core count is used to fetch instance types."
-          type = number
-          default = 4
-        }
-        variable "memory_size" {
-          description = "Memory size used to fetch instance types."
-          type = number
-          default = 8
-        }
-        ######################
-        # VPC variables
-        ######################
-        variable "vpc_name" {
-          description = "The vpc name used to create a new vpc when 'vpc_id' is not specified. Default to variable `example_name`"
-          type = string
-          default = "tf-k8s-vpc"
-        }
-        variable "vpc_cidr" {
-          description = "The cidr block used to launch a new vpc when 'vpc_id' is not specified."
-          type = string
-          default = "10.0.0.0/8"
-        }
-        ######################
-        # VSwitch variables
-        ######################
-        variable "vswitch_name_prefix" {
-          type = string
-          description = "The vswitch name prefix used to create several new vswitches. Default to variable 'example_name'."
-          default = "tf-k8s-vsw"
-        }
-        variable "number_format" {
-          description = "The number format used to output."
-          type = string
-          default = "%02d"
-        }
-        variable "vswitch_ids" {
-          description = "List of existing vswitch id."
-          type = list
-          default = []
-        }
-        variable "vswitch_cidrs" {
-          description = "List of cidr blocks used to create several new vswitches when 'vswitch_ids' is not specified."
-          type = list
-          default = [
-            "10.1.0.0/16",
-            "10.2.0.0/16",
-            "10.3.0.0/16"]
-        }
-        variable "k8s_name_prefix" {
-          description = "The name prefix used to create several kubernetes clusters. Default to variable `example_name`"
-          type = string
-          default = "poc"
-        }
-        variable "new_nat_gateway" {
-          type = bool
-          description = "Whether to create a new nat gateway. In this template, a new nat gateway will create a nat gateway, eip and server snat entries."
-          default = true
-        }
-        variable "master_instance_types" {
-          description = "The ecs instance types used to launch master nodes."
-          type = list
-          default = [
-            # hongkong
-            "ecs.sn1ne.xlarge",
-            # hongkong
-            "ecs.c6.xlarge",
-            # hongkong
-            "ecs.c4.xlarge",
-            # hongkong
-            "ecs.c5.xlarge",
-            "ecs.n4.xlarge",
-            # "ecs.n1.large",
-            # "ecs.sn1.large",
-            # "ecs.s6-c1m2.xlarge",
-            # "ecs.c6e.xlarge"
-          ]
-        }
-        variable "worker_instance_types" {
-          description = "The ecs instance types used to launch worker nodes."
-          type = list
-          default = [
-            # hongkong
-            "ecs.sn1ne.xlarge",
-            # hongkong
-            "ecs.c6.xlarge",
-            # hongkong
-            "ecs.c4.xlarge",
-            # hongkong
-            "ecs.c6e.xlarge",
-            "ecs.n4.xlarge",
-            //    "ecs.n1.large",
-            //    "ecs.sn1.large",
-            //    "ecs.s6-c1m2.xlarge"
-          ]
-        }
-        variable "node_cidr_mask" {
-          type = number
-          description = "The node cidr block to specific how many pods can run on single node. Valid values: [24-28]."
-          default = 24
-        }
-        variable "enable_ssh" {
-          description = "Enable login to the node through SSH."
-          type = bool
-          default = true
-        }
-        variable "install_cloud_monitor" {
-          description = "Install cloud monitor agent on ECS."
-          type = bool
-          default = true
-        }
-        variable "cpu_policy" {
-          type = string
-          description = "kubelet cpu policy. Valid values: 'none','static'. Default to 'none'."
-          default = "none"
-        }
-        variable "proxy_mode" {
-          description = "Proxy mode is option of kube-proxy. Valid values: 'ipvs','iptables'. Default to 'iptables'."
-          type = string
-          default = "iptables"
-        }
-        variable "password" {
-          description = "The password of ECS instance."
-          type = string
-          default = "Just4Test"
-        }
-        variable "k8s_worker_number" {
-          description = "The number of worker nodes in kubernetes cluster."
-          type = number
-          default = 2
-        }
-        # k8s_pod_cidr is only for flannel network
-        variable "k8s_pod_cidr" {
-          description = "The kubernetes pod cidr block. It cannot be equals to vpc's or vswitch's and cannot be in them."
-          type = string
-          default = "172.20.0.0/16"
-        }
-        variable "k8s_service_cidr" {
-          description = "The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or pod's and cannot be in them."
-          type = string
-          default = "192.168.0.0/16"
-        }
-        variable "k8s_version" {
-          description = "The version of the kubernetes version.  Valid values: '1.16.6-aliyun.1','1.14.8-aliyun.1'. Default to '1.16.6-aliyun.1'."
-          type = string
-          default = "1.20.4-aliyun.1"
-        }
-        variable "zone_id" {
-          description = "Availability Zone ID"
-          type = string
-          default = "cn-hongkong-b"
-          # "cn-beijing-a"
-        }
-        output "name" {
-          value = module.kubernetes.name
-        }
-        output "kubeconfig" {
-          value = module.kubernetes.kubeconfig
-        }
-        output "cluster_ca_cert" {
-          value = module.kubernetes.cluster_ca_cert
-        }
-        output "client_cert" {
-          value = module.kubernetes.client_cert
-        }
-        output "client_key" {
-          value = module.kubernetes.client_key
-        }
-        output "api_server_internet" {
-          value = module.kubernetes.api_server_internet
-        }

charts/vela-core/templates/definitions/terraform-alibaba-eip.yaml

@@ -1,39 +0,0 @@
-apiVersion: core.oam.dev/v1alpha2
-kind: ComponentDefinition
-metadata:
-  name: alibaba-eip
-  namespace: {{.Values.systemDefinitionNamespace}}
-  annotations:
-    definition.oam.dev/description: Terraform configuration for Alibaba Cloud Elastic IP
-  labels:
-    type: terraform
-spec:
-  workload:
-    definition:
-      apiVersion: terraform.core.oam.dev/v1beta1
-      kind: Configuration
-  schematic:
-    terraform:
-      configuration: |
-        module "eip" {
-          source = "github.com/zzxwill/terraform-alicloud-eip"
-          name = var.name
-          bandwidth = var.bandwidth
-        }
-
-        variable "name" {
-          description = "Name to be used on all resources as prefix. Default to 'TF-Module-EIP'."
-          default = "TF-Module-EIP"
-          type = string
-        }
-
-        variable "bandwidth" {
-          description = "Maximum bandwidth to the elastic public network, measured in Mbps (Mega bit per second)."
-          type = number
-          default = 5
-        }
-
-        output "EIP_ADDRESS" {
-          description = "The elastic ip address."
-          value       = module.eip.this_eip_address.0
-        }

charts/vela-core/templates/defwithtemplate/apply-object.yaml

@@ -0,0 +1,28 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/apply-object.cue
+apiVersion: core.oam.dev/v1beta1
+kind: WorkflowStepDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Apply raw kubernetes objects for your workflow steps
+  name: apply-object
+  namespace: {{.Values.systemDefinitionNamespace}}
+spec:
+  schematic:
+    cue:
+      template: |
+        import (
+        	"vela/op"
+        )
+
+        apply: op.#Apply & {
+        	value:   parameter.value
+        	cluster: parameter.cluster
+        }
+        parameter: {
+        	// +usage=Specify the value of the object
+        	value: {...}
+        	// +usage=Specify the cluster of the object
+        	cluster: *"" | string
+        }
+

charts/vela-core/templates/defwithtemplate/apply-remaining.yaml

@@ -21,16 +21,6 @@ spec:
         }
         parameter: {
         	// +usage=Declare the name of the component
-        	exceptions?: [componentName=string]: {
-        		// +usage=skipApplyWorkload indicates whether to skip apply the workload resource
-        		skipApplyWorkload: *true | bool
-
-        		// +usage=skipAllTraits indicates to skip apply all resources of the traits.
-        		// +usage=If this is true, skipApplyTraits will be ignored
-        		skipAllTraits: *true | bool
-
-        		// +usage=skipApplyTraits specifies the names of the traits to skip apply
-        		skipApplyTraits: [...string]
-        	}
+        	exceptions?: [...string]
         }
 

charts/vela-core/templates/defwithtemplate/depends-on-app.yaml

@@ -27,7 +27,7 @@ spec:
         	}
         }
         load: op.#Steps & {
-        	if dependsOn.err != _|_ {
+        	if dependsOn.err != _|_ && dependsOn.value == _|_ {
         		configMap: op.#Read & {
         			value: {
         				apiVersion: "v1"
@@ -43,18 +43,16 @@ spec:
         				yaml.Unmarshal(configMap.value.data[parameter.name])
         			}
         		}
-        	}
-        	if dependsOn.err == _|_ {
-        		apply: op.#Apply & {
-        			value: {
-        				dependsOn.value
-        			}
+        		wait: op.#ConditionalWait & {
+        			continue: load.apply.value.status.status == "running"
+        		}
+        	}
+
+        	if dependsOn.value != _|_ {
+        		wait: op.#ConditionalWait & {
+        			continue: dependsOn.value.status.status == "running"
         		}
         	}
-        }
-        phase: load.apply.value.status.status
-        wait:  op.#ConditionalWait & {
-        	continue: phase == "running"
         }
         parameter: {
         	// +usage=Specify the name of the dependent Application

charts/vela-core/templates/defwithtemplate/env.yaml

@@ -17,7 +17,7 @@ spec:
         	// +patchKey=name
         	containers: [{
         		name: context.name
-        		// +patchKey=name
+        		// +patchStrategy=retainKeys
         		env: [
         			for k, v in parameter.env {
         				name:  k

charts/vela-core/templates/defwithtemplate/export2config.yaml

@@ -0,0 +1,42 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/export2config.cue
+apiVersion: core.oam.dev/v1beta1
+kind: WorkflowStepDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Export data to config map for your workflow steps
+  name: export2config
+  namespace: {{.Values.systemDefinitionNamespace}}
+spec:
+  schematic:
+    cue:
+      template: |
+        import (
+        	"vela/op"
+        )
+
+        apply: op.#Apply & {
+        	value: {
+        		apiVersion: "v1"
+        		kind:       "ConfigMap"
+        		metadata: {
+        			name: parameter.configName
+        			if parameter.namespace != _|_ {
+        				namespace: parameter.namespace
+        			}
+        			if parameter.namespace == _|_ {
+        				namespace: context.namespace
+        			}
+        		}
+        		data: parameter.data
+        	}
+        }
+        parameter: {
+        	// +usage=Specify the name of the config map
+        	configName: string
+        	// +usage=Specify the namespace of the config map
+        	namespace?: string
+        	// +usage=Specify the data of config map
+        	data: {}
+        }
+

charts/vela-core/templates/defwithtemplate/export2secret.yaml

@@ -0,0 +1,47 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/export2secret.cue
+apiVersion: core.oam.dev/v1beta1
+kind: WorkflowStepDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Export data to secret for your workflow steps
+  name: export2secret
+  namespace: {{.Values.systemDefinitionNamespace}}
+spec:
+  schematic:
+    cue:
+      template: |
+        import (
+        	"vela/op"
+        )
+
+        apply: op.#Apply & {
+        	value: {
+        		apiVersion: "v1"
+        		kind:       "Secret"
+        		if parameter.type != _|_ {
+        			type: parameter.type
+        		}
+        		metadata: {
+        			name: parameter.secretName
+        			if parameter.namespace != _|_ {
+        				namespace: parameter.namespace
+        			}
+        			if parameter.namespace == _|_ {
+        				namespace: context.namespace
+        			}
+        		}
+        		stringData: parameter.data
+        	}
+        }
+        parameter: {
+        	// +usage=Specify the name of the secret
+        	secretName: string
+        	// +usage=Specify the namespace of the secret
+        	namespace?: string
+        	// +usage=Specify the type of the secret
+        	type?: string
+        	// +usage=Specify the data of secret
+        	data: {}
+        }
+

charts/vela-core/templates/defwithtemplate/ingress-1-20.yaml

@@ -30,7 +30,10 @@ spec:
         outputs: ingress: {
         	apiVersion: "networking.k8s.io/v1"
         	kind:       "Ingress"
-        	metadata: name: context.name
+        	metadata: {
+        		name: context.name
+        		annotations: "kubernetes.io/ingress.class": parameter.class
+        	}
         	spec: rules: [{
         		host: parameter.domain
         		http: paths: [
@@ -51,6 +54,9 @@ spec:
 
         	// +usage=Specify the mapping relationship between the http path and the workload port
         	http: [string]: int
+
+        	// +usage=Specify the class of ingress to use
+        	class: *"nginx" | string
         }
   status:
     customStatus: |-

charts/vela-core/templates/defwithtemplate/init-container.yaml

@@ -25,9 +25,15 @@ spec:
         		}]
         	}]
         	initContainers: [{
-        		name:    parameter.name
-        		image:   parameter.image
-        		command: parameter.command
+        		name:  parameter.name
+        		image: parameter.image
+        		if parameter.cmd != _|_ {
+        			command: parameter.cmd
+        		}
+        		if parameter.args != _|_ {
+        			args: parameter.args
+        		}
+
         		// +patchKey=name
         		volumeMounts: [{
         			name:      parameter.mountName
@@ -41,11 +47,25 @@ spec:
         	}]
         }
         parameter: {
-        	name:  string
+        	// +usage=Specify the name of init container
+        	name: string
+
+        	// +usage=Specify the image of init container
         	image: string
-        	command?: [...string]
-        	mountName:     *"workdir" | string
-        	appMountPath:  string
+
+        	// +usage=Specify the commands run in the init container
+        	cmd?: [...string]
+
+        	// +usage=Specify the args run in the init container
+        	args?: [...string]
+
+        	// +usage=Specify the mount name of shared volume
+        	mountName: *"workdir" | string
+
+        	// +usage=Specify the mount path of app container
+        	appMountPath: string
+
+        	// +usage=Specify the mount path of init container
         	initMountPath: string
         }
 

charts/vela-core/templates/defwithtemplate/nocalhost.yaml

@@ -0,0 +1,113 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/nocalhost.cue
+apiVersion: core.oam.dev/v1beta1
+kind: TraitDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: nocalhost develop configuration.
+  name: nocalhost
+  namespace: {{.Values.systemDefinitionNamespace}}
+spec:
+  appliesToWorkloads:
+    - '*'
+  podDisruptive: true
+  schematic:
+    cue:
+      template: |
+        import (
+        	"encoding/json"
+        )
+
+        patch: metadata: annotations: {
+        	"dev.nocalhost/application-name":      context.appName
+        	"dev.nocalhost/application-namespace": context.namespace
+        	"dev.nocalhost":                       json.Marshal({
+        		containers: [
+        			{
+        				name: context.name
+        				dev: {
+        					if parameter.gitUrl != _|_ {
+        						gitUrl: parameter.gitUrl
+        					}
+        					image:   parameter.image
+        					shell:   parameter.shell
+        					workDir: parameter.workDir
+        					if parameter.storageClass != _|_ {
+        						storageClass: parameter.storageClass
+        					}
+        					resources: {
+        						limits:   parameter.resources.limits
+        						requests: parameter.resources.requests
+        					}
+        					if parameter.persistentVolumeDirs != _|_ {
+        						persistentVolumeDirs: [
+        							for v in parameter.persistentVolumeDirs {
+        								path:     v.path
+        								capacity: v.capacity
+        							},
+        						]
+        					}
+        					if parameter.command != _|_ {
+        						command: parameter.command
+        					}
+        					if parameter.debug != _|_ {
+        						debug: parameter.debug
+        					}
+        					hotReload: parameter.hotReload
+        					if parameter.sync != _|_ {
+        						sync: parameter.sync
+        					}
+        					if parameter.env != _|_ {
+        						env: [
+        							for v in parameter.env {
+        								name:  v.name
+        								value: v.value
+        							},
+        						]
+        					}
+        					if parameter.portForward != _|_ {
+        						portForward: parameter.portForward
+        					}
+        				}
+        			},
+        		]
+        	})
+        }
+        parameter: {
+        	gitUrl?:       string
+        	image:         string
+        	shell:         *"bash" | string
+        	workDir:       *"/home/nocalhost-dev" | string
+        	storageClass?: string
+        	command?: {
+        		run?: [...string]
+        		debug?: [...string]
+        	}
+        	debug?: remoteDebugPort?: int
+        	hotReload: *true | bool
+        	sync: {
+        		type: *"send" | string
+        		filePattern?: [...string]
+        		ignoreFilePattern?: [...string]
+        	}
+        	env?: [...{
+        		name:  string
+        		value: string
+        	}]
+        	portForward?: [...string]
+        	persistentVolumeDirs?: [...{
+        		path:     string
+        		capacity: string
+        	}]
+        	resources: {
+        		limits: {
+        			memory: *"2Gi" | string
+        			cpu:    *"2" | string
+        		}
+        		requests: {
+        			memory: *"512Mi" | string
+        			cpu:    *"0.5" | string
+        		}
+        	}
+        }
+

charts/vela-core/templates/defwithtemplate/pvc.yaml

@@ -50,7 +50,7 @@ spec:
         		},
         	]
         }
-        outputs: pvc: {
+        outputs: "\(parameter.claimName)": {
         	apiVersion: "v1"
         	kind:       "PersistentVolumeClaim"
         	metadata: name: parameter.claimName

charts/vela-core/templates/defwithtemplate/read-object.yaml

@@ -0,0 +1,62 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/read-object.cue
+apiVersion: core.oam.dev/v1beta1
+kind: WorkflowStepDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Read objects for your workflow steps
+  name: read-object
+  namespace: {{.Values.systemDefinitionNamespace}}
+spec:
+  schematic:
+    cue:
+      template: |
+        import (
+        	"vela/op"
+        )
+
+        output: {
+        	if parameter.apiVersion == _|_ && parameter.kind == _|_ {
+        		op.#Read & {
+        			value: {
+        				apiVersion: "core.oam.dev/v1beta1"
+        				kind:       "Application"
+        				metadata: {
+        					name: parameter.name
+        					if parameter.namespace != _|_ {
+        						namespace: parameter.namespace
+        					}
+        				}
+        			}
+        			cluster: parameter.cluster
+        		}
+        	}
+        	if parameter.apiVersion != _|_ || parameter.kind != _|_ {
+        		op.#Read & {
+        			value: {
+        				apiVersion: parameter.apiVersion
+        				kind:       parameter.kind
+        				metadata: {
+        					name: parameter.name
+        					if parameter.namespace != _|_ {
+        						namespace: parameter.namespace
+        					}
+        				}
+        			}
+        			cluster: parameter.cluster
+        		}
+        	}
+        }
+        parameter: {
+        	// +usage=Specify the apiVersion of the object, defaults to core.oam.dev/v1beta1
+        	apiVersion?: string
+        	// +usage=Specify the kind of the object, defaults to Application
+        	kind?: string
+        	// +usage=Specify the name of the object
+        	name: string
+        	// +usage=Specify the namespace of the object
+        	namespace?: string
+        	// +usage=Specify the cluster of the object
+        	cluster: *"" | string
+        }
+

charts/vela-core/templates/defwithtemplate/rollout.yaml

@@ -24,8 +24,10 @@ spec:
         		componentName:      context.name
         		rolloutPlan: {
         			rolloutStrategy: "IncreaseFirst"
-        			rolloutBatches:  parameter.rolloutBatches
-        			targetSize:      parameter.targetSize
+        			if parameter.rolloutBatches != _|_ {
+        				rolloutBatches: parameter.rolloutBatches
+        			}
+        			targetSize: parameter.targetSize
         			if parameter["batchPartition"] != _|_ {
         				batchPartition: parameter.batchPartition
         			}
@@ -35,7 +37,7 @@ spec:
         parameter: {
         	targetRevision: *context.revision | string
         	targetSize:     int
-        	rolloutBatches: [...rolloutBatch]
+        	rolloutBatches?: [...rolloutBatch]
         	batchPartition?: int
         }
         rolloutBatch: replicas: int

charts/vela-core/templates/defwithtemplate/sidecar.yaml

@@ -22,6 +22,9 @@ spec:
         		if parameter.cmd != _|_ {
         			command: parameter.cmd
         		}
+        		if parameter.args != _|_ {
+        			args: parameter.args
+        		}
         		if parameter["volumes"] != _|_ {
         			volumeMounts: [ for v in parameter.volumes {
         				{
@@ -42,6 +45,9 @@ spec:
         	// +usage=Specify the commands run in the sidecar
         	cmd?: [...string]
 
+        	// +usage=Specify the args in the sidecar
+        	args?: [...string]
+
         	// +usage=Specify the shared volume path
         	volumes?: [...{
         		name: string

charts/vela-core/templates/defwithtemplate/task.yaml

@@ -23,6 +23,10 @@ spec:
         				name:  context.name
         				image: parameter.image
 
+        				if parameter["imagePullPolicy"] != _|_ {
+        					imagePullPolicy: parameter.imagePullPolicy
+        				}
+
         				if parameter["cmd"] != _|_ {
         					command: parameter.cmd
         				}
@@ -85,6 +89,13 @@ spec:
         					}}]
         			}
 
+        			if parameter["imagePullSecrets"] != _|_ {
+        				imagePullSecrets: [ for v in parameter.imagePullSecrets {
+        					name: v
+        				},
+        				]
+        			}
+
         		}
         	}
         }
@@ -97,6 +108,12 @@ spec:
         	// +short=i
         	image: string
 
+        	// +usage=Specify image pull policy for your service
+        	imagePullPolicy?: string
+
+        	// +usage=Specify image pull secrets for your service
+        	imagePullSecrets?: [...string]
+
         	// +usage=Define the job restart policy, the value can only be Never or OnFailure. By default, it's Never.
         	restart: *"Never" | string
 

charts/vela-core/templates/defwithtemplate/webhook-notification.yaml

@@ -13,11 +13,18 @@ spec:
       template: |
         import (
         	"vela/op"
+        	"encoding/base64"
         )
 
         parameter: {
         	dingding?: {
-        		url: string
+        		url: {
+        			address?: string
+        			fromSecret?: {
+        				name: string
+        				key:  string
+        			}
+        		}
         		message: {
         			text?: *null | {
         				content: string
@@ -62,7 +69,13 @@ spec:
         	}
 
         	slack?: {
-        		url: string
+        		url: {
+        			address?: string
+        			fromSecret?: {
+        				name: string
+        				key:  string
+        			}
+        		}
         		message: {
         			text:         string
         			blocks?:      *null | [...block]
@@ -84,17 +97,17 @@ spec:
         		url?:       string
         		value?:     string
         		style?:     string
-        		text?:      text
+        		text?:      textType
         		confirm?: {
-        			title:   text
-        			text:    text
-        			confirm: text
-        			deny:    text
+        			title:   textType
+        			text:    textType
+        			confirm: textType
+        			deny:    textType
         			style?:  string
         		}
         		options?: [...option]
         		initial_options?: [...option]
-        		placeholder?:  text
+        		placeholder?:  textType
         		initial_date?: string
         		image_url?:    string
         		alt_text?:     string
@@ -108,32 +121,74 @@ spec:
         		initial_time?: string
         	}]
         }
-        text: {
+        textType: {
         	type:      string
         	text:      string
         	emoji?:    bool
         	verbatim?: bool
         }
         option: {
-        	text:         text
+        	text:         textType
         	value:        string
-        	description?: text
+        	description?: textType
         	url?:         string
         }
         // send webhook notification
-        ding: {
+        ding: op.#Steps & {
         	if parameter.dingding != _|_ {
-        		op.#DingTalk & {
-        			message: parameter.dingding.message
-        			dingUrl: parameter.dingding.url
+        		if parameter.dingding.url.address != _|_ {
+        			ding1: op.#DingTalk & {
+        				message: parameter.dingding.message
+        				dingUrl: parameter.dingding.url.address
+        			}
+        		}
+        		if parameter.dingding.url.fromSecret != _|_ && parameter.dingding.url.address == _|_ {
+        			read: op.#Read & {
+        				value: {
+        					apiVersion: "v1"
+        					kind:       "Secret"
+        					metadata: {
+        						name:      parameter.dingding.url.fromSecret.name
+        						namespace: context.namespace
+        					}
+        				}
+        			}
+
+        			decoded:     base64.Decode(null, read.value.data[parameter.dingding.url.fromSecret.key])
+        			stringValue: op.#ConvertString & {bt: decoded}
+        			ding2:       op.#DingTalk & {
+        				message: parameter.dingding.message
+        				dingUrl: stringValue.str
+        			}
         		}
         	}
         }
-        slack: {
+        slack: op.#Steps & {
         	if parameter.slack != _|_ {
-        		op.#Slack & {
-        			message:  parameter.slack.message
-        			slackUrl: parameter.slack.url
+        		if parameter.slack.url.address != _|_ {
+        			slack1: op.#Slack & {
+        				message:  parameter.slack.message
+        				slackUrl: parameter.slack.url.address
+        			}
+        		}
+        		if parameter.slack.url.fromSecret != _|_ && parameter.slack.url.address == _|_ {
+        			read: op.#Read & {
+        				value: {
+        					kind:       "Secret"
+        					apiVersion: "v1"
+        					metadata: {
+        						name:      parameter.slack.url.fromSecret.name
+        						namespace: context.namespace
+        					}
+        				}
+        			}
+
+        			decoded:     base64.Decode(null, read.value.data[parameter.slack.url.fromSecret.key])
+        			stringValue: op.#ConvertString & {bt: decoded}
+        			slack2:      op.#Slack & {
+        				message:  parameter.slack.message
+        				slackUrl: stringValue.str
+        			}
         		}
         	}
         }

charts/vela-core/templates/kubevela-apiserver.yaml

@@ -30,8 +30,8 @@ spec:
           args:
             - "apiserver"
             - "--port={{ .Values.apiServer.port }}"
-          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-          imagePullPolicy: {{ quote .Values.image.pullPolicy }}
+          image: {{ .Values.apiserverImage.repository }}:{{ .Values.apiserverImage.tag }}
+          imagePullPolicy: {{ quote .Values.apiserverImage.pullPolicy }}
           resources:
           {{- toYaml .Values.resources | nindent 12 }}
           ports:

charts/vela-core/templates/kubevela-controller.yaml

@@ -1,5 +1,3 @@
----
-
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount

charts/vela-core/values.yaml

@@ -11,6 +11,10 @@ image:
   repository: oamdev/vela-core
   tag: latest
   pullPolicy: Always
+apiserverImage:
+  repository: oamdev/vela-apiserver
+  tag: v1.1.2
+  pullPolicy: Always
 
 imagePullSecrets: []
 nameOverride: ""
@@ -69,12 +73,13 @@ admissionWebhooks:
     enabled: true
     image:
       repository: oamdev/kube-webhook-certgen
-      tag: v2.2
+      tag: v2.3
       pullPolicy: IfNotPresent
     affinity: {}
     tolerations: []
   certManager:
     enabled: false
+    revisionHistoryLimit: 3
   # If autoGenWorkloadDefinition is true, webhook will auto generated workloadDefinition which componentDefinition refers to
   autoGenWorkloadDefinition: true
 
@@ -117,9 +122,12 @@ multicluster:
     port: 9443
     image:
       repository: oamdev/cluster-gateway
-      tag: latest
+      tag: v1.1.3
       pullPolicy: Always
-    resource:
+    resources:
       limits:
         cpu: 100m
-        memory: 10Mi
+        memory: 200Mi
+    secureTLS:
+      enabled: true
+      certPath: /etc/k8s-cluster-gateway-certs

charts/vela-minimal/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/vela-minimal/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+name: vela-minimal
+description: A Helm chart for KubeVela minimal
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 0.1.0
+
+home: https://kubevela.io
+icon: https://kubevela.io/img/logo.jpg

charts/vela-minimal/README.md

@@ -0,0 +1,79 @@
+![Build status](https://github.com/oam-dev/kubevela/workflows/E2E/badge.svg)
+[![Go Report Card](https://goreportcard.com/badge/github.com/oam-dev/kubevela)](https://goreportcard.com/report/github.com/oam-dev/kubevela)
+![Docker Pulls](https://img.shields.io/docker/pulls/oamdev/vela-core)
+[![codecov](https://codecov.io/gh/oam-dev/kubevela/branch/master/graph/badge.svg)](https://codecov.io/gh/oam-dev/kubevela)
+[![LICENSE](https://img.shields.io/github/license/oam-dev/kubevela.svg?style=flat-square)](/LICENSE)
+[![Releases](https://img.shields.io/github/release/oam-dev/kubevela/all.svg?style=flat-square)](https://github.com/oam-dev/kubevela/releases)
+[![TODOs](https://img.shields.io/endpoint?url=https://api.tickgit.com/badge?repo=github.com/oam-dev/kubevela)](https://www.tickgit.com/browse?repo=github.com/oam-dev/kubevela)
+[![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Ftwitter.com%2Foam_dev)](https://twitter.com/oam_dev)
+[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubevela)](https://artifacthub.io/packages/search?repo=kubevela)
+
+![logo](https://raw.githubusercontent.com/oam-dev/kubevela.io/main/docs/resources/KubeVela-03.png)
+
+*Make shipping applications more enjoyable.*
+
+# KubeVela Minimal
+
+KubeVela is a modern application platform that makes deploying and managing applications across today's hybrid, multi-cloud environments easier and faster.
+
+KubeVela Minimal is the minimal version of KubeVela, it only contains the minimal components to run KubeVela and do not support features like multi clusters and env binding. For more complete experience, please install the [full version of KubeVela]((https://kubevela.io/docs/install)).
+
+KubeVela Minimal contains the following CRDs:
+
+CRD Name | Usage
+------------ | -------------
+applications.core.oam.dev  | KubeVela Core Application Object
+applicationrevisions.core.oam.dev | The revision CRD of Application
+componentdefinitions.core.oam.dev | ComponentDefinition Object
+traitdefinitions.core.oam.dev  | TraitDefinition Object
+workflowstepdefinitions.core.oam.dev | Workflowstep Object
+scopedefinitions.core.oam.dev | ScopeDefinition Object
+policydefinitions.core.oam.dev | PolicyDefinition Object
+ workloaddefinitions.core.oam.dev  | WorkloadDefinition Object
+definitionrevisions.core.oam.dev | The revision CRD for all definition objects
+rollouts.standard.oam.dev | Rollout feature trait
+resourcetrackers.core.oam.dev | Garbage Collection feature
+healthscopes.core.oam.dev | Health Check feature
+
+## Features
+
+**Application Centric** - KubeVela introduces [Open Application Model (OAM)](https://oam.dev/) as the consistent yet higher level API to capture a full deployment of microservices on top of hybrid environments. Placement strategy, traffic shifting and rolling update are declared at application level. No infrastructure level concern, simply deploy.
+
+**Programmable Workflow** - KubeVela leverages [CUE](https://cuelang.org/) to implement its model layer. This allows you to declare application deployment workflow as a DAG, with all steps and application's needs glued together in programmable approach. No restrictions, natively extensible.
+
+**Runtime Agnostic** - KubeVela works as an application delivery control plane that is fully runtime agnostic. It can deploy and manage any application components including containers, cloud functions, databases, or even EC2 instances across hybrid environments, following the workflow you defined.
+
+## Getting Started
+
+- [Introduction](https://kubevela.io/docs)
+- [Installation](https://kubevela.io/docs/install)
+- [Design Your First Deployment Plan](https://kubevela.io/docs/quick-start)
+
+## Documentation
+
+Full documentation is available on the [KubeVela website](https://kubevela.io/).
+
+## Community
+
+- Slack:  [CNCF Slack](https://slack.cncf.io/) #kubevela channel (*English*)
+- Gitter: [oam-dev](https://gitter.im/oam-dev/community) (*English*)
+- [DingTalk Group](https://page.dingtalk.com/wow/dingtalk/act/en-home): `23310022` (*Chinese*)
+- Bi-weekly Community Call: [Meeting Notes](https://docs.google.com/document/d/1nqdFEyULekyksFHtFvgvFAYE-0AMHKoS3RMnaKsarjs)
+
+## Talks and Conferences
+
+| Engagement | Link        |
+|:-----------|:------------|
+| 🎤  Talks | - [KubeVela - The Modern App Delivery System in Alibaba](https://docs.google.com/presentation/d/1CWCLcsKpDQB3bBDTfdv2BZ8ilGGJv2E8L-iOA5HMrV0/edit?usp=sharing) |
+| 🌎 KubeCon | - [ [NA 2020] Standardizing Cloud Native Application Delivery Across Different Clouds](https://www.youtube.com/watch?v=0yhVuBIbHcI) <br> - [ [EU 2021] Zero Pain Microservice Development and Deployment with Dapr and KubeVela](https://sched.co/iE4S) |
+| 📺 Conferences | - [Dapr, Rudr, OAM: Mark Russinovich presents next gen app development & deployment](https://www.youtube.com/watch?v=eJCu6a-x9uo) <br> - [Mark Russinovich presents "The Future of Cloud Native Applications with OAM and Dapr"](https://myignite.techcommunity.microsoft.com/sessions/82059)|
+
+## Contributing
+Check out [CONTRIBUTING](./CONTRIBUTING.md) to see how to develop with KubeVela.
+
+## Report Vulnerability
+
+Security is a first priority thing for us at KubeVela. If you come across a related issue, please send email to security@mail.kubevela.io .
+
+## Code of Conduct
+KubeVela adopts [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).

charts/vela-minimal/crds/core.oam.dev_componentdefinitions.yaml

@@ -0,0 +1,565 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: componentdefinitions.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: ComponentDefinition
+    listKind: ComponentDefinitionList
+    plural: componentdefinitions
+    shortNames:
+    - comp
+    singular: componentdefinition
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.workload.definition.kind
+      name: WORKLOAD-KIND
+      type: string
+    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
+      name: DESCRIPTION
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: ComponentDefinition is the Schema for the componentdefinitions
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ComponentDefinitionSpec defines the desired state of ComponentDefinition
+            properties:
+              childResourceKinds:
+                description: ChildResourceKinds are the list of GVK of the child resources
+                  this workload generates
+                items:
+                  description: A ChildResourceKind defines a child Kubernetes resource
+                    kind with a selector
+                  properties:
+                    apiVersion:
+                      description: APIVersion of the child resource
+                      type: string
+                    kind:
+                      description: Kind of the child resource
+                      type: string
+                    selector:
+                      additionalProperties:
+                        type: string
+                      description: Selector to select the child resources that the
+                        workload wants to expose to traits
+                      type: object
+                  required:
+                  - apiVersion
+                  - kind
+                  type: object
+                type: array
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              podSpecPath:
+                description: PodSpecPath indicates where/if this workload has K8s
+                  podSpec field if one workload has podSpec, trait can do lot's of
+                  assumption such as port, env, volume fields.
+                type: string
+              revisionLabel:
+                description: RevisionLabel indicates which label for underlying resources(e.g.
+                  pods) of this workload can be used by trait to create resource selectors(e.g.
+                  label selector for pods).
+                type: string
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the workload
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        type: string
+                    required:
+                    - configuration
+                    type: object
+                type: object
+              status:
+                description: Status defines the custom health policy and status message
+                  for workload
+                properties:
+                  customStatus:
+                    description: CustomStatus defines the custom status message that
+                      could display to user
+                    type: string
+                  healthPolicy:
+                    description: HealthPolicy defines the health check policy for
+                      the abstraction
+                    type: string
+                type: object
+              workload:
+                description: Workload is a workload type descriptor
+                properties:
+                  definition:
+                    description: Definition mutually exclusive to workload.type, a
+                      embedded WorkloadDefinition
+                    properties:
+                      apiVersion:
+                        type: string
+                      kind:
+                        type: string
+                    required:
+                    - apiVersion
+                    - kind
+                    type: object
+                  type:
+                    description: Type ref to a WorkloadDefinition via name
+                    type: string
+                type: object
+            required:
+            - workload
+            type: object
+          status:
+            description: ComponentDefinitionStatus is the status of ComponentDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              configMapRef:
+                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
+                  V3 JSON schema of Component parameters.
+                type: string
+              latestRevision:
+                description: LatestRevision of the component definition
+                properties:
+                  name:
+                    type: string
+                  revision:
+                    format: int64
+                    type: integer
+                  revisionHash:
+                    description: RevisionHash record the hash value of the spec of
+                      ApplicationRevision object.
+                    type: string
+                required:
+                - name
+                - revision
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.workload.definition.kind
+      name: WORKLOAD-KIND
+      type: string
+    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
+      name: DESCRIPTION
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ComponentDefinition is the Schema for the componentdefinitions
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ComponentDefinitionSpec defines the desired state of ComponentDefinition
+            properties:
+              childResourceKinds:
+                description: ChildResourceKinds are the list of GVK of the child resources
+                  this workload generates
+                items:
+                  description: A ChildResourceKind defines a child Kubernetes resource
+                    kind with a selector
+                  properties:
+                    apiVersion:
+                      description: APIVersion of the child resource
+                      type: string
+                    kind:
+                      description: Kind of the child resource
+                      type: string
+                    selector:
+                      additionalProperties:
+                        type: string
+                      description: Selector to select the child resources that the
+                        workload wants to expose to traits
+                      type: object
+                  required:
+                  - apiVersion
+                  - kind
+                  type: object
+                type: array
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              podSpecPath:
+                description: PodSpecPath indicates where/if this workload has K8s
+                  podSpec field if one workload has podSpec, trait can do lot's of
+                  assumption such as port, env, volume fields.
+                type: string
+              revisionLabel:
+                description: RevisionLabel indicates which label for underlying resources(e.g.
+                  pods) of this workload can be used by trait to create resource selectors(e.g.
+                  label selector for pods).
+                type: string
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the workload
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        type: string
+                    required:
+                    - configuration
+                    type: object
+                type: object
+              status:
+                description: Status defines the custom health policy and status message
+                  for workload
+                properties:
+                  customStatus:
+                    description: CustomStatus defines the custom status message that
+                      could display to user
+                    type: string
+                  healthPolicy:
+                    description: HealthPolicy defines the health check policy for
+                      the abstraction
+                    type: string
+                type: object
+              workload:
+                description: Workload is a workload type descriptor
+                properties:
+                  definition:
+                    description: Definition mutually exclusive to workload.type, a
+                      embedded WorkloadDefinition
+                    properties:
+                      apiVersion:
+                        type: string
+                      kind:
+                        type: string
+                    required:
+                    - apiVersion
+                    - kind
+                    type: object
+                  type:
+                    description: Type ref to a WorkloadDefinition via name
+                    type: string
+                type: object
+            required:
+            - workload
+            type: object
+          status:
+            description: ComponentDefinitionStatus is the status of ComponentDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              configMapRef:
+                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
+                  V3 JSON schema of Component parameters.
+                type: string
+              latestRevision:
+                description: LatestRevision of the component definition
+                properties:
+                  name:
+                    type: string
+                  revision:
+                    format: int64
+                    type: integer
+                  revisionHash:
+                    description: RevisionHash record the hash value of the spec of
+                      ApplicationRevision object.
+                    type: string
+                required:
+                - name
+                - revision
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_healthscopes.yaml

@@ -0,0 +1,590 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: healthscopes.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: HealthScope
+    listKind: HealthScopeList
+    plural: healthscopes
+    singular: healthscope
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.health
+      name: HEALTH
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A HealthScope determines an aggregate health status based of
+          the health of components.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A HealthScopeSpec defines the desired state of a HealthScope.
+            properties:
+              appReferences:
+                description: AppRefs records references of applications' components
+                items:
+                  description: AppReference records references of an application's
+                    components
+                  properties:
+                    appName:
+                      type: string
+                    compReferences:
+                      items:
+                        description: CompReference records references of a component's
+                          resources
+                        properties:
+                          compName:
+                            type: string
+                          traits:
+                            items:
+                              description: 'ObjectReference contains enough information
+                                to let you inspect or modify the referred object.
+                                --- New uses of this type are discouraged because
+                                of difficulty describing its usage when embedded in
+                                APIs.  1. Ignored fields.  It includes many fields
+                                which are not generally honored.  For instance, ResourceVersion
+                                and FieldPath are both very rarely valid in actual
+                                usage.  2. Invalid usage help.  It is impossible to
+                                add specific help for individual usage.  In most embedded
+                                usages, there are particular     restrictions like,
+                                "must refer only to types A and B" or "UID not honored"
+                                or "name must be restricted".     Those cannot be
+                                well described when embedded.  3. Inconsistent validation.  Because
+                                the usages are different, the validation rules are
+                                different by usage, which makes it hard for users
+                                to predict what will happen.  4. The fields are both
+                                imprecise and overly precise.  Kind is not a precise
+                                mapping to a URL. This can produce ambiguity     during
+                                interpretation and require a REST mapping.  In most
+                                cases, the dependency is on the group,resource tuple     and
+                                the version of the actual struct is irrelevant.  5.
+                                We cannot easily change it.  Because this type is
+                                embedded in many locations, updates to this type     will
+                                affect numerous schemas.  Don''t make new APIs embed
+                                an underspecified API type they do not control. Instead
+                                of using this type, create a locally provided and
+                                used type that is well-focused on your reference.
+                                For example, ServiceReferences for admission registration:
+                                https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                                .'
+                              properties:
+                                apiVersion:
+                                  description: API version of the referent.
+                                  type: string
+                                fieldPath:
+                                  description: 'If referring to a piece of an object
+                                    instead of an entire object, this string should
+                                    contain a valid JSON/Go field access statement,
+                                    such as desiredState.manifest.containers[2]. For
+                                    example, if the object reference is to a container
+                                    within a pod, this would take on a value like:
+                                    "spec.containers{name}" (where "name" refers to
+                                    the name of the container that triggered the event)
+                                    or if no container name is specified "spec.containers[2]"
+                                    (container with index 2 in this pod). This syntax
+                                    is chosen only to have some well-defined way of
+                                    referencing a part of an object. TODO: this design
+                                    is not final and this field is subject to change
+                                    in the future.'
+                                  type: string
+                                kind:
+                                  description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                  type: string
+                                namespace:
+                                  description: 'Namespace of the referent. More info:
+                                    https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                  type: string
+                                resourceVersion:
+                                  description: 'Specific resourceVersion to which
+                                    this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                  type: string
+                                uid:
+                                  description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                  type: string
+                              type: object
+                            type: array
+                          workload:
+                            description: 'ObjectReference contains enough information
+                              to let you inspect or modify the referred object. ---
+                              New uses of this type are discouraged because of difficulty
+                              describing its usage when embedded in APIs.  1. Ignored
+                              fields.  It includes many fields which are not generally
+                              honored.  For instance, ResourceVersion and FieldPath
+                              are both very rarely valid in actual usage.  2. Invalid
+                              usage help.  It is impossible to add specific help for
+                              individual usage.  In most embedded usages, there are
+                              particular     restrictions like, "must refer only to
+                              types A and B" or "UID not honored" or "name must be
+                              restricted".     Those cannot be well described when
+                              embedded.  3. Inconsistent validation.  Because the
+                              usages are different, the validation rules are different
+                              by usage, which makes it hard for users to predict what
+                              will happen.  4. The fields are both imprecise and overly
+                              precise.  Kind is not a precise mapping to a URL. This
+                              can produce ambiguity     during interpretation and
+                              require a REST mapping.  In most cases, the dependency
+                              is on the group,resource tuple     and the version of
+                              the actual struct is irrelevant.  5. We cannot easily
+                              change it.  Because this type is embedded in many locations,
+                              updates to this type     will affect numerous schemas.  Don''t
+                              make new APIs embed an underspecified API type they
+                              do not control. Instead of using this type, create a
+                              locally provided and used type that is well-focused
+                              on your reference. For example, ServiceReferences for
+                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              .'
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                        type: object
+                      type: array
+                  type: object
+                type: array
+              probe-interval:
+                description: ProbeInterval is the amount of time in seconds between
+                  probing tries.
+                format: int32
+                type: integer
+              probe-timeout:
+                description: ProbeTimeout is the amount of time in seconds to wait
+                  when receiving a response before marked failure.
+                format: int32
+                type: integer
+              workloadRefs:
+                description: WorkloadReferences to the workloads that are in this
+                  scope.
+                items:
+                  description: 'ObjectReference contains enough information to let
+                    you inspect or modify the referred object. --- New uses of this
+                    type are discouraged because of difficulty describing its usage
+                    when embedded in APIs.  1. Ignored fields.  It includes many fields
+                    which are not generally honored.  For instance, ResourceVersion
+                    and FieldPath are both very rarely valid in actual usage.  2.
+                    Invalid usage help.  It is impossible to add specific help for
+                    individual usage.  In most embedded usages, there are particular     restrictions
+                    like, "must refer only to types A and B" or "UID not honored"
+                    or "name must be restricted".     Those cannot be well described
+                    when embedded.  3. Inconsistent validation.  Because the usages
+                    are different, the validation rules are different by usage, which
+                    makes it hard for users to predict what will happen.  4. The fields
+                    are both imprecise and overly precise.  Kind is not a precise
+                    mapping to a URL. This can produce ambiguity     during interpretation
+                    and require a REST mapping.  In most cases, the dependency is
+                    on the group,resource tuple     and the version of the actual
+                    struct is irrelevant.  5. We cannot easily change it.  Because
+                    this type is embedded in many locations, updates to this type     will
+                    affect numerous schemas.  Don''t make new APIs embed an underspecified
+                    API type they do not control. Instead of using this type, create
+                    a locally provided and used type that is well-focused on your
+                    reference. For example, ServiceReferences for admission registration:
+                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                    .'
+                  properties:
+                    apiVersion:
+                      description: API version of the referent.
+                      type: string
+                    fieldPath:
+                      description: 'If referring to a piece of an object instead of
+                        an entire object, this string should contain a valid JSON/Go
+                        field access statement, such as desiredState.manifest.containers[2].
+                        For example, if the object reference is to a container within
+                        a pod, this would take on a value like: "spec.containers{name}"
+                        (where "name" refers to the name of the container that triggered
+                        the event) or if no container name is specified "spec.containers[2]"
+                        (container with index 2 in this pod). This syntax is chosen
+                        only to have some well-defined way of referencing a part of
+                        an object. TODO: this design is not final and this field is
+                        subject to change in the future.'
+                      type: string
+                    kind:
+                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                      type: string
+                    name:
+                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                      type: string
+                    namespace:
+                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                      type: string
+                    resourceVersion:
+                      description: 'Specific resourceVersion to which this reference
+                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                      type: string
+                    uid:
+                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                      type: string
+                  type: object
+                type: array
+            required:
+            - workloadRefs
+            type: object
+          status:
+            description: A HealthScopeStatus represents the observed state of a HealthScope.
+            properties:
+              appHealthConditions:
+                description: AppHealthConditions represents health condition of applications
+                  in the scope
+                items:
+                  description: AppHealthCondition represents health condition of an
+                    application
+                  properties:
+                    appName:
+                      type: string
+                    components:
+                      items:
+                        description: WorkloadHealthCondition represents informative
+                          health condition of a workload.
+                        properties:
+                          componentName:
+                            description: ComponentName represents the component name
+                              if target is a workload
+                            type: string
+                          customStatusMsg:
+                            type: string
+                          diagnosis:
+                            type: string
+                          healthStatus:
+                            description: HealthStatus represents health status strings.
+                            type: string
+                          targetWorkload:
+                            description: 'ObjectReference contains enough information
+                              to let you inspect or modify the referred object. ---
+                              New uses of this type are discouraged because of difficulty
+                              describing its usage when embedded in APIs.  1. Ignored
+                              fields.  It includes many fields which are not generally
+                              honored.  For instance, ResourceVersion and FieldPath
+                              are both very rarely valid in actual usage.  2. Invalid
+                              usage help.  It is impossible to add specific help for
+                              individual usage.  In most embedded usages, there are
+                              particular     restrictions like, "must refer only to
+                              types A and B" or "UID not honored" or "name must be
+                              restricted".     Those cannot be well described when
+                              embedded.  3. Inconsistent validation.  Because the
+                              usages are different, the validation rules are different
+                              by usage, which makes it hard for users to predict what
+                              will happen.  4. The fields are both imprecise and overly
+                              precise.  Kind is not a precise mapping to a URL. This
+                              can produce ambiguity     during interpretation and
+                              require a REST mapping.  In most cases, the dependency
+                              is on the group,resource tuple     and the version of
+                              the actual struct is irrelevant.  5. We cannot easily
+                              change it.  Because this type is embedded in many locations,
+                              updates to this type     will affect numerous schemas.  Don''t
+                              make new APIs embed an underspecified API type they
+                              do not control. Instead of using this type, create a
+                              locally provided and used type that is well-focused
+                              on your reference. For example, ServiceReferences for
+                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              .'
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                          traits:
+                            items:
+                              description: TraitHealthCondition represents informative
+                                health condition of a trait.
+                              properties:
+                                customStatusMsg:
+                                  type: string
+                                diagnosis:
+                                  type: string
+                                healthStatus:
+                                  description: HealthStatus represents health status
+                                    strings.
+                                  type: string
+                                resource:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                              - healthStatus
+                              - resource
+                              - type
+                              type: object
+                            type: array
+                          workloadStatus:
+                            description: WorkloadStatus represents status of workloads
+                              whose HealthStatus is UNKNOWN.
+                            type: string
+                        required:
+                        - healthStatus
+                        type: object
+                      type: array
+                    envName:
+                      type: string
+                  required:
+                  - appName
+                  type: object
+                type: array
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              healthConditions:
+                description: WorkloadHealthConditions represents health condition
+                  of workloads in the scope Use AppHealthConditions to provide app
+                  level status
+                items:
+                  description: WorkloadHealthCondition represents informative health
+                    condition of a workload.
+                  properties:
+                    componentName:
+                      description: ComponentName represents the component name if
+                        target is a workload
+                      type: string
+                    customStatusMsg:
+                      type: string
+                    diagnosis:
+                      type: string
+                    healthStatus:
+                      description: HealthStatus represents health status strings.
+                      type: string
+                    targetWorkload:
+                      description: 'ObjectReference contains enough information to
+                        let you inspect or modify the referred object. --- New uses
+                        of this type are discouraged because of difficulty describing
+                        its usage when embedded in APIs.  1. Ignored fields.  It includes
+                        many fields which are not generally honored.  For instance,
+                        ResourceVersion and FieldPath are both very rarely valid in
+                        actual usage.  2. Invalid usage help.  It is impossible to
+                        add specific help for individual usage.  In most embedded
+                        usages, there are particular     restrictions like, "must
+                        refer only to types A and B" or "UID not honored" or "name
+                        must be restricted".     Those cannot be well described when
+                        embedded.  3. Inconsistent validation.  Because the usages
+                        are different, the validation rules are different by usage,
+                        which makes it hard for users to predict what will happen.  4.
+                        The fields are both imprecise and overly precise.  Kind is
+                        not a precise mapping to a URL. This can produce ambiguity     during
+                        interpretation and require a REST mapping.  In most cases,
+                        the dependency is on the group,resource tuple     and the
+                        version of the actual struct is irrelevant.  5. We cannot
+                        easily change it.  Because this type is embedded in many locations,
+                        updates to this type     will affect numerous schemas.  Don''t
+                        make new APIs embed an underspecified API type they do not
+                        control. Instead of using this type, create a locally provided
+                        and used type that is well-focused on your reference. For
+                        example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                        .'
+                      properties:
+                        apiVersion:
+                          description: API version of the referent.
+                          type: string
+                        fieldPath:
+                          description: 'If referring to a piece of an object instead
+                            of an entire object, this string should contain a valid
+                            JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                            For example, if the object reference is to a container
+                            within a pod, this would take on a value like: "spec.containers{name}"
+                            (where "name" refers to the name of the container that
+                            triggered the event) or if no container name is specified
+                            "spec.containers[2]" (container with index 2 in this pod).
+                            This syntax is chosen only to have some well-defined way
+                            of referencing a part of an object. TODO: this design
+                            is not final and this field is subject to change in the
+                            future.'
+                          type: string
+                        kind:
+                          description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                          type: string
+                        name:
+                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                          type: string
+                        namespace:
+                          description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                          type: string
+                        resourceVersion:
+                          description: 'Specific resourceVersion to which this reference
+                            is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                          type: string
+                        uid:
+                          description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                          type: string
+                      type: object
+                    traits:
+                      items:
+                        description: TraitHealthCondition represents informative health
+                          condition of a trait.
+                        properties:
+                          customStatusMsg:
+                            type: string
+                          diagnosis:
+                            type: string
+                          healthStatus:
+                            description: HealthStatus represents health status strings.
+                            type: string
+                          resource:
+                            type: string
+                          type:
+                            type: string
+                        required:
+                        - healthStatus
+                        - resource
+                        - type
+                        type: object
+                      type: array
+                    workloadStatus:
+                      description: WorkloadStatus represents status of workloads whose
+                        HealthStatus is UNKNOWN.
+                      type: string
+                  required:
+                  - healthStatus
+                  type: object
+                type: array
+              scopeHealthCondition:
+                description: ScopeHealthCondition represents health condition summary
+                  of the scope
+                properties:
+                  healthStatus:
+                    description: HealthStatus represents health status strings.
+                    type: string
+                  healthyWorkloads:
+                    format: int64
+                    type: integer
+                  total:
+                    format: int64
+                    type: integer
+                  unhealthyWorkloads:
+                    format: int64
+                    type: integer
+                  unknownWorkloads:
+                    format: int64
+                    type: integer
+                required:
+                - healthStatus
+                type: object
+            required:
+            - scopeHealthCondition
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_policydefinitions.yaml

@@ -0,0 +1,249 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: policydefinitions.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: PolicyDefinition
+    listKind: PolicyDefinitionList
+    plural: policydefinitions
+    shortNames:
+    - policy
+    singular: policydefinition
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: PolicyDefinition is the Schema for the policydefinitions API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: PolicyDefinitionSpec defines the desired state of PolicyDefinition
+            properties:
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this trait kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              manageHealthCheck:
+                description: ManageHealthCheck means the policy will handle health
+                  checking and skip application controller built-in health checking.
+                type: boolean
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the policy definition
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        - remote
+                        type: string
+                    required:
+                    - configuration
+                    type: object
+                type: object
+            type: object
+          status:
+            description: PolicyDefinitionStatus is the status of PolicyDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              latestRevision:
+                description: LatestRevision of the component definition
+                properties:
+                  name:
+                    type: string
+                  revision:
+                    format: int64
+                    type: integer
+                  revisionHash:
+                    description: RevisionHash record the hash value of the spec of
+                      ApplicationRevision object.
+                    type: string
+                required:
+                - name
+                - revision
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_resourcetrackers.yaml

@@ -0,0 +1,116 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: resourcetrackers.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: ResourceTracker
+    listKind: ResourceTrackerList
+    plural: resourcetrackers
+    shortNames:
+    - tracker
+    singular: resourcetracker
+  scope: Cluster
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: An ResourceTracker represents a tracker for track cross namespace
+          resources
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          status:
+            description: ResourceTrackerStatus define the status of resourceTracker
+            properties:
+              trackedResources:
+                items:
+                  description: 'ObjectReference contains enough information to let
+                    you inspect or modify the referred object. --- New uses of this
+                    type are discouraged because of difficulty describing its usage
+                    when embedded in APIs.  1. Ignored fields.  It includes many fields
+                    which are not generally honored.  For instance, ResourceVersion
+                    and FieldPath are both very rarely valid in actual usage.  2.
+                    Invalid usage help.  It is impossible to add specific help for
+                    individual usage.  In most embedded usages, there are particular     restrictions
+                    like, "must refer only to types A and B" or "UID not honored"
+                    or "name must be restricted".     Those cannot be well described
+                    when embedded.  3. Inconsistent validation.  Because the usages
+                    are different, the validation rules are different by usage, which
+                    makes it hard for users to predict what will happen.  4. The fields
+                    are both imprecise and overly precise.  Kind is not a precise
+                    mapping to a URL. This can produce ambiguity     during interpretation
+                    and require a REST mapping.  In most cases, the dependency is
+                    on the group,resource tuple     and the version of the actual
+                    struct is irrelevant.  5. We cannot easily change it.  Because
+                    this type is embedded in many locations, updates to this type     will
+                    affect numerous schemas.  Don''t make new APIs embed an underspecified
+                    API type they do not control. Instead of using this type, create
+                    a locally provided and used type that is well-focused on your
+                    reference. For example, ServiceReferences for admission registration:
+                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                    .'
+                  properties:
+                    apiVersion:
+                      description: API version of the referent.
+                      type: string
+                    fieldPath:
+                      description: 'If referring to a piece of an object instead of
+                        an entire object, this string should contain a valid JSON/Go
+                        field access statement, such as desiredState.manifest.containers[2].
+                        For example, if the object reference is to a container within
+                        a pod, this would take on a value like: "spec.containers{name}"
+                        (where "name" refers to the name of the container that triggered
+                        the event) or if no container name is specified "spec.containers[2]"
+                        (container with index 2 in this pod). This syntax is chosen
+                        only to have some well-defined way of referencing a part of
+                        an object. TODO: this design is not final and this field is
+                        subject to change in the future.'
+                      type: string
+                    kind:
+                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                      type: string
+                    name:
+                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                      type: string
+                    namespace:
+                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                      type: string
+                    resourceVersion:
+                      description: 'Specific resourceVersion to which this reference
+                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                      type: string
+                    uid:
+                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                      type: string
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_scopedefinitions.yaml

@@ -0,0 +1,153 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: scopedefinitions.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: ScopeDefinition
+    listKind: ScopeDefinitionList
+    plural: scopedefinitions
+    shortNames:
+    - scope
+    singular: scopedefinition
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.definitionRef.name
+      name: DEFINITION-NAME
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A ScopeDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM scope kind by referencing its CustomResourceDefinition. The
+          CRD is used to validate the schema of the scope when it is embedded in an
+          OAM ApplicationConfiguration.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A ScopeDefinitionSpec defines the desired state of a ScopeDefinition.
+            properties:
+              allowComponentOverlap:
+                description: AllowComponentOverlap specifies whether an OAM component
+                  may exist in multiple instances of this kind of scope.
+                type: boolean
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this scope kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              workloadRefsPath:
+                description: WorkloadRefsPath indicates if/where a scope accepts workloadRef
+                  objects
+                type: string
+            required:
+            - allowComponentOverlap
+            - definitionRef
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.definitionRef.name
+      name: DEFINITION-NAME
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: A ScopeDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM scope kind by referencing its CustomResourceDefinition. The
+          CRD is used to validate the schema of the scope when it is embedded in an
+          OAM ApplicationConfiguration.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A ScopeDefinitionSpec defines the desired state of a ScopeDefinition.
+            properties:
+              allowComponentOverlap:
+                description: AllowComponentOverlap specifies whether an OAM component
+                  may exist in multiple instances of this kind of scope.
+                type: boolean
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this scope kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              workloadRefsPath:
+                description: WorkloadRefsPath indicates if/where a scope accepts workloadRef
+                  objects
+                type: string
+            required:
+            - allowComponentOverlap
+            - definitionRef
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_traitdefinitions.yaml

@@ -0,0 +1,595 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: traitdefinitions.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: TraitDefinition
+    listKind: TraitDefinitionList
+    plural: traitdefinitions
+    shortNames:
+    - trait
+    singular: traitdefinition
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.appliesToWorkloads
+      name: APPLIES-TO
+      type: string
+    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
+      name: DESCRIPTION
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A TraitDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM trait kind by referencing its CustomResourceDefinition. The
+          CRD is used to validate the schema of the trait when it is embedded in an
+          OAM ApplicationConfiguration.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A TraitDefinitionSpec defines the desired state of a TraitDefinition.
+            properties:
+              appliesToWorkloads:
+                description: AppliesToWorkloads specifies the list of workload kinds
+                  this trait applies to. Workload kinds are specified in kind.group/version
+                  format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this
+                  field apply to all workload kinds.
+                items:
+                  type: string
+                type: array
+              conflictsWith:
+                description: 'ConflictsWith specifies the list of traits(CRD name,
+                  Definition name, CRD group) which could not apply to the same workloads
+                  with this trait. Traits that omit this field can work with any other
+                  traits. Example rules: "service" # Trait definition name "services.k8s.io"
+                  # API resource/crd name "*.networking.k8s.io" # API group "labelSelector:foo=bar"
+                  # label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse'
+                items:
+                  type: string
+                type: array
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this trait kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              podDisruptive:
+                description: PodDisruptive specifies whether using the trait will
+                  cause the pod to restart or not.
+                type: boolean
+              revisionEnabled:
+                description: Revision indicates whether a trait is aware of component
+                  revision
+                type: boolean
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the trait
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        - remote
+                        type: string
+                    required:
+                    - configuration
+                    type: object
+                type: object
+              status:
+                description: Status defines the custom health policy and status message
+                  for trait
+                properties:
+                  customStatus:
+                    description: CustomStatus defines the custom status message that
+                      could display to user
+                    type: string
+                  healthPolicy:
+                    description: HealthPolicy defines the health check policy for
+                      the abstraction
+                    type: string
+                type: object
+              workloadRefPath:
+                description: WorkloadRefPath indicates where/if a trait accepts a
+                  workloadRef object
+                type: string
+            type: object
+          status:
+            description: TraitDefinitionStatus is the status of TraitDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              configMapRef:
+                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
+                  V3 JSON schema of Component parameters.
+                type: string
+              latestRevision:
+                description: LatestRevision of the trait definition
+                properties:
+                  name:
+                    type: string
+                  revision:
+                    format: int64
+                    type: integer
+                  revisionHash:
+                    description: RevisionHash record the hash value of the spec of
+                      ApplicationRevision object.
+                    type: string
+                required:
+                - name
+                - revision
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.appliesToWorkloads
+      name: APPLIES-TO
+      type: string
+    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
+      name: DESCRIPTION
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: A TraitDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM trait kind by referencing its CustomResourceDefinition. The
+          CRD is used to validate the schema of the trait when it is embedded in an
+          OAM ApplicationConfiguration.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A TraitDefinitionSpec defines the desired state of a TraitDefinition.
+            properties:
+              appliesToWorkloads:
+                description: AppliesToWorkloads specifies the list of workload kinds
+                  this trait applies to. Workload kinds are specified in kind.group/version
+                  format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this
+                  field apply to all workload kinds.
+                items:
+                  type: string
+                type: array
+              conflictsWith:
+                description: 'ConflictsWith specifies the list of traits(CRD name,
+                  Definition name, CRD group) which could not apply to the same workloads
+                  with this trait. Traits that omit this field can work with any other
+                  traits. Example rules: "service" # Trait definition name "services.k8s.io"
+                  # API resource/crd name "*.networking.k8s.io" # API group "labelSelector:foo=bar"
+                  # label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse'
+                items:
+                  type: string
+                type: array
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this trait kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              manageWorkload:
+                description: ManageWorkload defines the trait would be responsible
+                  for creating the workload
+                type: boolean
+              podDisruptive:
+                description: PodDisruptive specifies whether using the trait will
+                  cause the pod to restart or not.
+                type: boolean
+              revisionEnabled:
+                description: Revision indicates whether a trait is aware of component
+                  revision
+                type: boolean
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the trait
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        - remote
+                        type: string
+                    required:
+                    - configuration
+                    type: object
+                type: object
+              skipRevisionAffect:
+                description: SkipRevisionAffect defines the update this trait will
+                  not generate a new application Revision
+                type: boolean
+              status:
+                description: Status defines the custom health policy and status message
+                  for trait
+                properties:
+                  customStatus:
+                    description: CustomStatus defines the custom status message that
+                      could display to user
+                    type: string
+                  healthPolicy:
+                    description: HealthPolicy defines the health check policy for
+                      the abstraction
+                    type: string
+                type: object
+              workloadRefPath:
+                description: WorkloadRefPath indicates where/if a trait accepts a
+                  workloadRef object
+                type: string
+            type: object
+          status:
+            description: TraitDefinitionStatus is the status of TraitDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              configMapRef:
+                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
+                  V3 JSON schema of Component parameters.
+                type: string
+              latestRevision:
+                description: LatestRevision of the component definition
+                properties:
+                  name:
+                    type: string
+                  revision:
+                    format: int64
+                    type: integer
+                  revisionHash:
+                    description: RevisionHash record the hash value of the spec of
+                      ApplicationRevision object.
+                    type: string
+                required:
+                - name
+                - revision
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_workflowstepdefinitions.yaml

@@ -0,0 +1,250 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: workflowstepdefinitions.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: WorkflowStepDefinition
+    listKind: WorkflowStepDefinitionList
+    plural: workflowstepdefinitions
+    shortNames:
+    - workflowstep
+    singular: workflowstepdefinition
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: WorkflowStepDefinition is the Schema for the workflowstepdefinitions
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: WorkflowStepDefinitionSpec defines the desired state of WorkflowStepDefinition
+            properties:
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this trait kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the workflow step definition
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        - remote
+                        type: string
+                    required:
+                    - configuration
+                    type: object
+                type: object
+            type: object
+          status:
+            description: WorkflowStepDefinitionStatus is the status of WorkflowStepDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              configMapRef:
+                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
+                  V3 JSON schema of Component parameters.
+                type: string
+              latestRevision:
+                description: LatestRevision of the component definition
+                properties:
+                  name:
+                    type: string
+                  revision:
+                    format: int64
+                    type: integer
+                  revisionHash:
+                    description: RevisionHash record the hash value of the spec of
+                      ApplicationRevision object.
+                    type: string
+                required:
+                - name
+                - revision
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/vela-minimal/crds/core.oam.dev_workloaddefinitions.yaml

@@ -0,0 +1,554 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: workloaddefinitions.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: WorkloadDefinition
+    listKind: WorkloadDefinitionList
+    plural: workloaddefinitions
+    shortNames:
+    - workload
+    singular: workloaddefinition
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.definitionRef.name
+      name: DEFINITION-NAME
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A WorkloadDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM workload kind by referencing its CustomResourceDefinition.
+          The CRD is used to validate the schema of the workload when it is embedded
+          in an OAM Component.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A WorkloadDefinitionSpec defines the desired state of a WorkloadDefinition.
+            properties:
+              childResourceKinds:
+                description: ChildResourceKinds are the list of GVK of the child resources
+                  this workload generates
+                items:
+                  description: A ChildResourceKind defines a child Kubernetes resource
+                    kind with a selector
+                  properties:
+                    apiVersion:
+                      description: APIVersion of the child resource
+                      type: string
+                    kind:
+                      description: Kind of the child resource
+                      type: string
+                    selector:
+                      additionalProperties:
+                        type: string
+                      description: Selector to select the child resources that the
+                        workload wants to expose to traits
+                      type: object
+                  required:
+                  - apiVersion
+                  - kind
+                  type: object
+                type: array
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this workload kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              podSpecPath:
+                description: PodSpecPath indicates where/if this workload has K8s
+                  podSpec field if one workload has podSpec, trait can do lot's of
+                  assumption such as port, env, volume fields.
+                type: string
+              revisionLabel:
+                description: RevisionLabel indicates which label for underlying resources(e.g.
+                  pods) of this workload can be used by trait to create resource selectors(e.g.
+                  label selector for pods).
+                type: string
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the workload
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        - remote
+                        type: string
+                    required:
+                    - configuration
+                    type: object
+                type: object
+              status:
+                description: Status defines the custom health policy and status message
+                  for workload
+                properties:
+                  customStatus:
+                    description: CustomStatus defines the custom status message that
+                      could display to user
+                    type: string
+                  healthPolicy:
+                    description: HealthPolicy defines the health check policy for
+                      the abstraction
+                    type: string
+                type: object
+            required:
+            - definitionRef
+            type: object
+          status:
+            description: WorkloadDefinitionStatus is the status of WorkloadDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.definitionRef.name
+      name: DEFINITION-NAME
+      type: string
+    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
+      name: DESCRIPTION
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: A WorkloadDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM workload kind by referencing its CustomResourceDefinition.
+          The CRD is used to validate the schema of the workload when it is embedded
+          in an OAM Component.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A WorkloadDefinitionSpec defines the desired state of a WorkloadDefinition.
+            properties:
+              childResourceKinds:
+                description: ChildResourceKinds are the list of GVK of the child resources
+                  this workload generates
+                items:
+                  description: A ChildResourceKind defines a child Kubernetes resource
+                    kind with a selector
+                  properties:
+                    apiVersion:
+                      description: APIVersion of the child resource
+                      type: string
+                    kind:
+                      description: Kind of the child resource
+                      type: string
+                    selector:
+                      additionalProperties:
+                        type: string
+                      description: Selector to select the child resources that the
+                        workload wants to expose to traits
+                      type: object
+                  required:
+                  - apiVersion
+                  - kind
+                  type: object
+                type: array
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this workload kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              podSpecPath:
+                description: PodSpecPath indicates where/if this workload has K8s
+                  podSpec field if one workload has podSpec, trait can do lot's of
+                  assumption such as port, env, volume fields.
+                type: string
+              revisionLabel:
+                description: RevisionLabel indicates which label for underlying resources(e.g.
+                  pods) of this workload can be used by trait to create resource selectors(e.g.
+                  label selector for pods).
+                type: string
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the workload
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        - remote
+                        type: string
+                    required:
+                    - configuration
+                    type: object
+                type: object
+              status:
+                description: Status defines the custom health policy and status message
+                  for workload
+                properties:
+                  customStatus:
+                    description: CustomStatus defines the custom status message that
+                      could display to user
+                    type: string
+                  healthPolicy:
+                    description: HealthPolicy defines the health check policy for
+                      the abstraction
+                    type: string
+                type: object
+            required:
+            - definitionRef
+            type: object
+          status:
+            description: WorkloadDefinitionStatus is the status of WorkloadDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/vela-minimal/crds/standard.oam.dev_rollouts.yaml

@@ -5,22 +5,43 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.6.2
-  name: rollouttraits.standard.oam.dev
+  name: rollouts.standard.oam.dev
 spec:
   group: standard.oam.dev
   names:
     categories:
     - oam
-    kind: RolloutTrait
-    listKind: RolloutTraitList
-    plural: rollouttraits
-    singular: rollouttrait
+    kind: Rollout
+    listKind: RolloutList
+    plural: rollouts
+    shortNames:
+    - rollout
+    singular: rollout
   scope: Namespaced
   versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .status.rolloutTargetSize
+      name: TARGET
+      type: string
+    - jsonPath: .status.upgradedReplicas
+      name: UPGRADED
+      type: string
+    - jsonPath: .status.upgradedReadyReplicas
+      name: READY
+      type: string
+    - jsonPath: .status.batchRollingState
+      name: BATCH-STATE
+      type: string
+    - jsonPath: .status.rollingState
+      name: ROLLING-STATE
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: RolloutTrait is the Schema for the RolloutTrait API
+        description: Rollout is the Schema for the Rollout API
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -35,8 +56,12 @@ spec:
           metadata:
             type: object
           spec:
-            description: RolloutTraitSpec defines the desired state of RolloutTrait
+            description: RolloutSpec defines how to describe an update between different
+              compRevision
             properties:
+              componentName:
+                description: ComponentName specify the component name
+                type: string
               rolloutPlan:
                 description: RolloutPlan is the details on how to rollout the resources
                 properties:
@@ -332,117 +357,28 @@ spec:
                     format: int32
                     type: integer
                 type: object
-              sourceRef:
-                description: SourceRef references the list of resources that contains
-                  the older version of the software. We assume that it's the first
-                  time to deploy when we cannot find any source.
-                items:
-                  description: 'ObjectReference contains enough information to let
-                    you inspect or modify the referred object. --- New uses of this
-                    type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
-                    which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
-                    are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
-                    are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
-                    and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
-                    a locally provided and used type that is well-focused on your
-                    reference. For example, ServiceReferences for admission registration:
-                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
-                  properties:
-                    apiVersion:
-                      description: API version of the referent.
-                      type: string
-                    fieldPath:
-                      description: 'If referring to a piece of an object instead of
-                        an entire object, this string should contain a valid JSON/Go
-                        field access statement, such as desiredState.manifest.containers[2].
-                        For example, if the object reference is to a container within
-                        a pod, this would take on a value like: "spec.containers{name}"
-                        (where "name" refers to the name of the container that triggered
-                        the event) or if no container name is specified "spec.containers[2]"
-                        (container with index 2 in this pod). This syntax is chosen
-                        only to have some well-defined way of referencing a part of
-                        an object. TODO: this design is not final and this field is
-                        subject to change in the future.'
-                      type: string
-                    kind:
-                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                      type: string
-                    name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                      type: string
-                    namespace:
-                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                      type: string
-                    resourceVersion:
-                      description: 'Specific resourceVersion to which this reference
-                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                      type: string
-                    uid:
-                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                      type: string
-                  type: object
-                type: array
-              targetRef:
-                description: TargetRef references a target resource that contains
-                  the newer version of the software. We assumed that new resource
-                  already exists. This is the only resource we work on if the resource
-                  is a stateful resource (cloneset/statefulset)
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: 'If referring to a piece of an object instead of
-                      an entire object, this string should contain a valid JSON/Go
-                      field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within
-                      a pod, this would take on a value like: "spec.containers{name}"
-                      (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]"
-                      (container with index 2 in this pod). This syntax is chosen
-                      only to have some well-defined way of referencing a part of
-                      an object. TODO: this design is not final and this field is
-                      subject to change in the future.'
-                    type: string
-                  kind:
-                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                    type: string
-                  name:
-                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                    type: string
-                  namespace:
-                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                    type: string
-                  resourceVersion:
-                    description: 'Specific resourceVersion to which this reference
-                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                    type: string
-                  uid:
-                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                    type: string
-                type: object
+              sourceRevisionName:
+                description: SourceRevisionName contains the name of the componentRevisionName  that
+                  we need to upgrade from. it can be empty only when it's the first
+                  time to deploy the application
+                type: string
+              targetRevisionName:
+                description: TargetRevisionName contains the name of the componentRevisionName
+                  that we need to upgrade to.
+                type: string
             required:
+            - componentName
             - rolloutPlan
-            - targetRef
+            - targetRevisionName
             type: object
           status:
-            description: RolloutStatus defines the observed state of a rollout plan
+            description: CompRolloutStatus defines the observed state of rollout
             properties:
+              LastSourceRevision:
+                description: LastSourceRevision contains the name of the componentRevisionName
+                  that we need to upgrade from. We will restart the rollout if this
+                  is not the same as the spec
+                type: string
               batchRollingState:
                 description: BatchRollingState only meaningful when the Status is
                   rolling
@@ -491,6 +427,11 @@ spec:
                   ways to identify that so we cannot compare between resources We
                   update this field only after a successful rollout
                 type: string
+              lastTargetRevision:
+                description: LastUpgradedTargetRevision contains the name of the componentRevisionName
+                  that we upgraded to We will restart the rollout if this is not the
+                  same as the spec
+                type: string
               rollingState:
                 description: RollingState is the Rollout State
                 type: string
@@ -523,6 +464,7 @@ spec:
                 type: integer
             required:
             - currentBatch
+            - lastTargetRevision
             - rollingState
             - upgradedReadyReplicas
             - upgradedReplicas

charts/vela-minimal/templates/NOTES.txt

@@ -0,0 +1 @@
+Welcome to use the KubeVela! Enjoy your shipping application journey!

charts/vela-minimal/templates/_helpers.tpl

@@ -0,0 +1,73 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubevela.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubevela.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubevela.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubevela.labels" -}}
+helm.sh/chart: {{ include "kubevela.chart" . }}
+{{ include "kubevela.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kubevela.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubevela.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{- define "kubevela-apiserver.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubevela.name" . }}-apiserver
+app.kubernetes.io/instance: {{ .Release.Name }}-apiserver
+{{- end -}}
+
+{{- define "kubevela-cluster-gateway.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubevela.name" . }}-cluster-gateway
+app.kubernetes.io/instance: {{ .Release.Name }}-cluster-gateway
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kubevela.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "kubevela.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/vela-minimal/templates/admission-webhooks/job-patch/clusterrole.yaml

@@ -0,0 +1,28 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name:  {{ template "kubevela.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.name" . }}-admission
+    {{- include "kubevela.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - validatingwebhookconfigurations
+      - mutatingwebhookconfigurations
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - update
+{{- end }}

charts/vela-minimal/templates/admission-webhooks/job-patch/clusterrolebinding.yaml

@@ -0,0 +1,20 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  {{ template "kubevela.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.name" . }}-admission
+    {{- include "kubevela.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "kubevela.fullname" . }}-admission
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "kubevela.fullname" . }}-admission
+    namespace: {{ .Release.Namespace }}
+{{- end }}

charts/vela-minimal/templates/admission-webhooks/job-patch/job-createSecret.yaml

@@ -0,0 +1,50 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name:  {{ template "kubevela.fullname" . }}-admission-create
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.name" . }}-admission-create
+    {{- include "kubevela.labels" . | nindent 4 }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name:  {{ template "kubevela.fullname" . }}-admission-create
+      labels:
+        app: {{ template "kubevela.name" . }}-admission-create
+        {{- include "kubevela.labels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: create
+          image: {{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+          imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
+          args:
+            - create
+            - --host={{ template "kubevela.name" . }}-webhook,{{ template "kubevela.name" . }}-webhook.{{ .Release.Namespace }}.svc
+            - --namespace={{ .Release.Namespace }}
+            - --secret-name={{ template "kubevela.fullname" . }}-admission
+            - --key-name=tls.key
+            - --cert-name=tls.crt
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "kubevela.fullname" . }}-admission
+      {{- with .Values.admissionWebhooks.patch.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.admissionWebhooks.patch.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      securityContext:
+        runAsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+{{- end }}

charts/vela-minimal/templates/admission-webhooks/job-patch/job-patchWebhook.yaml

@@ -0,0 +1,50 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name:  {{ template "kubevela.fullname" . }}-admission-patch
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.name" . }}-admission-patch
+    {{- include "kubevela.labels" . | nindent 4 }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name:  {{ template "kubevela.fullname" . }}-admission-patch
+      labels:
+        app: {{ template "kubevela.name" . }}-admission-patch
+        {{- include "kubevela.labels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: patch
+          image: {{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+          imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
+          args:
+            - patch
+            - --webhook-name={{ template "kubevela.fullname" . }}-admission
+            - --namespace={{ .Release.Namespace }}
+            - --secret-name={{ template "kubevela.fullname" . }}-admission
+            - --patch-failure-policy={{ .Values.admissionWebhooks.failurePolicy }}
+            - --crds=applications.core.oam.dev
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "kubevela.fullname" . }}-admission
+      {{- with .Values.admissionWebhooks.patch.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.admissionWebhooks.patch.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      securityContext:
+        runAsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+{{- end }}