Feat: add the project api (#2899)

* Feat: add the project api

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

* Fix: fix e2e test bug

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,36 +1,37 @@
-<!--
 
-Thank you for sending a pull request! Here are some tips:
-
-1. If this is your first time, please read our contribution guide at https://github.com/oam-dev/kubevela/blob/master/CONTRIBUTING.md
-
-2. Ensure you include and run the appropriate tests as part of your Pull Request.
-
-3. In a new feature or configuration option, an update to the documentation is necessary. Everything related to the documentation is under the docs folder in the root of the repository.
-
-4. If the Pull Request is a work in progress, make use of GitHub's "Draft PR" feature and mark it as such.
-
-5. If you can not merge your Pull Request due to a merge conflict, Rebase it. This gets it in sync with the master branch.
-
-6. Name your PR as "<FeatureArea>: Describe your change", e.g. Application: Add health check for application.
-   If it's a fix or feature relevant for the changelog describe the user impact in the title.
-   The PR title is used to auto-generate the changelog for issues marked with the "add to changelog" label.
-
--->
-
-**What this PR does / why we need it**:
-
-**Which issue(s) this PR fixes**:
+### Description of your changes
 
 <!--
 
-- Automatically closes linked issue when the Pull Request is merged.
-
-Usage: "Fixes #<issue number>", or "Fixes (paste link of issue)"
+Briefly describe what this pull request does. We love pull requests that resolve an open KubeVela issue. If yours does, you
+can uncomment the below line to indicate which issue your PR fixes, for example
+"Fixes #500":
 
 -->
 
 Fixes #
 
-**Special notes for your reviewer**:
+I have:
 
+- [ ] Read and followed KubeVela's [contribution process](https://github.com/oam-dev/kubevela/blob/master/contribute/create-pull-request.md).
+- [ ] [Related Docs](https://github.com/oam-dev/kubevela.io) updated properly. In a new feature or configuration option, an update to the documentation is necessary. 
+- [ ] Run `make reviewable` to ensure this PR is ready for review.
+- [ ] Added `backport release-x.y` labels to auto-backport this PR if necessary.
+
+### How has this code been tested
+
+<!--
+Before reviewers can be confident in the correctness of this pull request, it
+needs to tested and shown to be correct. Briefly describe the testing that has
+already been done or which is planned for this change.
+-->
+
+
+### Special notes for your reviewer
+
+<!--
+
+Be sure to direct your reviewers'
+attention to anything that needs special consideration.
+
+-->

.github/comment.userlist

@@ -11,3 +11,4 @@ wangyuan249
 chivalryq
 FogDong
 leejanee
+barnettZQG

.github/pr-title-checker-config.json

@@ -0,0 +1,10 @@
+{
+  "LABEL": {
+    "name": "title-needs-formatting",
+    "color": "EEEEEE"
+  },
+  "CHECKS": {
+    "prefixes": ["Fix: ", "Feat: ", "Docs: ", "Test: ", "Chore: ", "CI: ", "Perf: ", "Refactor: ", "Revert: ", "Style: ", "Test: ",
+      "Fix(", "Feat(", "Docs(", "Test(", "Chore(", "CI(", "Perf(", "Refactor(", "Revert(", "Style(", "Test(", "[Backport"]
+  }
+}

.github/workflows/apiserver-test.yaml

@@ -0,0 +1,122 @@
+name: APIServer Unit Test & E2E Test
+
+on:
+  push:
+    branches:
+      - master
+      - release-*
+      - apiserver
+  workflow_dispatch: {}
+  pull_request:
+    branches:
+      - master
+      - release-*
+      - apiserver
+
+env:
+  # Common versions
+  GO_VERSION: '1.16'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'
+
+jobs:
+
+  detect-noop:
+    runs-on: ubuntu-20.04
+    outputs:
+      noop: ${{ steps.noop.outputs.should_skip }}
+    steps:
+      - name: Detect No-op Changes
+        id: noop
+        uses: fkirc/skip-duplicate-actions@v3.3.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
+          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
+          concurrent_skipping: false
+
+  apiserver-unit-tests:
+    runs-on: aliyun
+    needs: detect-noop
+    if: needs.detect-noop.outputs.noop != 'true'
+
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{ env.GO_VERSION }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Get dependencies
+        run: |
+          go get -v -t -d ./...
+
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
+        with:
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true
+
+      - name: Setup Kind Cluster (Worker)
+        run: |
+          kind delete cluster --name worker
+          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4 --name worker
+          kubectl version
+          kubectl cluster-info
+          kind get kubeconfig --name worker --internal > /tmp/worker.kubeconfig
+          kind get kubeconfig --name worker > /tmp/worker.client.kubeconfig
+
+      - name: Setup Kind Cluster (Hub)
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
+          kubectl version
+          kubectl cluster-info
+
+      - name: Load Image to kind cluster
+        run: make kind-load
+
+      - name: Cleanup for e2e tests
+        run: |
+          make e2e-cleanup
+          make e2e-setup-core
+
+          make vela-cli
+          bin/vela addon enable fluxcd
+          timeout 600s bash -c -- 'while true; do kubectl get ns flux-system; if [ $? -eq 0 ] ; then break; else sleep 5; fi;done'
+          kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=vela-core,app.kubernetes.io/instance=kubevela -n vela-system --timeout=600s
+          kubectl wait --for=condition=Ready pod -l app=source-controller -n flux-system --timeout=600s
+          kubectl wait --for=condition=Ready pod -l app=helm-controller -n flux-system --timeout=600s
+
+      - name: Run apiserver unit test
+        run: make unit-test-apiserver
+
+      - name: Run apiserver e2e test
+        run: |
+          export ALIYUN_ACCESS_KEY_ID=${{ secrets.ALIYUN_ACCESS_KEY_ID }}
+          export ALIYUN_ACCESS_KEY_SECRET=${{ secrets.ALIYUN_ACCESS_KEY_SECRET }}
+          export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
+          make e2e-apiserver-test
+
+      - name: Stop kubevela, get profile
+        run: make end-e2e-core
+
+      - name: Upload coverage report
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./coverage.txt,/tmp/e2e_apiserver_test.out
+          flags: apiserver-unittests
+          name: codecov-umbrella
+
+      - name: Clean e2e profile
+        run: rm /tmp/e2e-profile.out
+
+      - name: Cleanup image
+        if: ${{ always() }}
+        run: make image-cleanup

.github/workflows/back-port.yaml

@@ -0,0 +1,22 @@
+name: Backport
+on:
+  pull_request_target:
+    types:
+      - closed
+
+jobs:
+  # align with crossplane's choice https://github.com/crossplane/crossplane/blob/master/.github/workflows/backport.yml
+  open-pr:
+    runs-on: ubuntu-20.04
+    if: github.event.pull_request.merged
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Open Backport PR
+        uses: zeebe-io/backport-action@v0.0.6
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_workspace: ${{ github.workspace }}

.github/workflows/commit-lint.yml

@@ -1,13 +1,19 @@
-name: Lint Commit Messages
-on: [push, pull_request]
+name: PR Title Checker
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - labeled
+      - unlabeled
 
 jobs:
-  commitlint:
+  check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: thehanimo/pr-title-checker@v1.3.1
         with:
-          fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@v4
-        with:
-          helpURL: https://github.com/oam-dev/kubevela/blob/master/contribute/create-pull-request.md#commit-message-format
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          pass_on_octokit_error: true
+          configuration_path: ".github/pr-title-checker-config.json"

.github/workflows/e2e-multicluster-test.yml

@@ -0,0 +1,112 @@
+name: E2E MultiCluster Test
+
+on:
+  push:
+    branches:
+      - master
+      - release-*
+  workflow_dispatch: {}
+  pull_request:
+    branches:
+      - master
+      - release-*
+
+env:
+  # Common versions
+  GO_VERSION: '1.16'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'
+
+jobs:
+
+  detect-noop:
+    runs-on: ubuntu-20.04
+    outputs:
+      noop: ${{ steps.noop.outputs.should_skip }}
+    steps:
+      - name: Detect No-op Changes
+        id: noop
+        uses: fkirc/skip-duplicate-actions@v3.3.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
+          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
+          concurrent_skipping: false
+
+  e2e-multi-cluster-tests:
+    runs-on: aliyun
+    needs: detect-noop
+    if: needs.detect-noop.outputs.noop != 'true'
+
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Get dependencies
+        run: |
+          go get -v -t -d ./...
+
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
+        with:
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true
+
+      - name: Setup Kind Cluster (Worker)
+        run: |
+          kind delete cluster --name worker
+          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4 --name worker
+          kubectl version
+          kubectl cluster-info
+          kind get kubeconfig --name worker --internal > /tmp/worker.kubeconfig
+          kind get kubeconfig --name worker > /tmp/worker.client.kubeconfig
+
+      - name: Setup Kind Cluster (Hub)
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
+          kubectl version
+          kubectl cluster-info
+
+      - name: Load Image to kind cluster (Hub)
+        run: make kind-load
+
+      - name: Load Image to kind cluster (Worker)
+        run: |
+          make kind-load-runtime-cluster
+
+      - name: Cleanup for e2e tests
+        run: |
+          make e2e-cleanup
+          make e2e-setup-core
+          make
+          make setup-runtime-e2e-cluster
+          make vela-cli
+
+      - name: Run e2e multicluster tests
+        run: |
+          export PATH=$(pwd)/bin:$PATH
+          make e2e-multicluster-test
+
+      - name: Stop kubevela, get profile
+        run: make end-e2e-core
+
+      - name: Upload coverage report
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: /tmp/e2e-profile.out
+          flags: e2e-multicluster-test
+          name: codecov-umbrella
+
+      - name: Clean e2e profile
+        run: rm /tmp/e2e-profile.out
+
+      - name: Cleanup image
+        if: ${{ always() }}
+        run: make image-cleanup

.github/workflows/e2e-rollout-test.yml

@@ -80,13 +80,6 @@ jobs:
           helm lint ./charts/vela-core
           helm test -n vela-system kubevela --timeout 5m
 
-      - name: Wait for e2e preparation ready
-        run: |
-          timeout 60 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:37081/api/components)" != "200" ]]; do sleep 5; done' || false
-
-      - name: Run api e2e tests
-        run: make e2e-api-test
-
       - name: Run e2e tests
         run: make e2e-rollout-test
 

.github/workflows/e2e-test.yml

@@ -80,13 +80,12 @@ jobs:
           helm lint ./charts/vela-core
           helm test -n vela-system kubevela --timeout 5m
 
-      - name: Wait for e2e preparation ready
-        run: |
-          timeout 60 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:37081/api/components)" != "200" ]]; do sleep 5; done' || false
-
       - name: Run api e2e tests
         run: make e2e-api-test
 
+      - name: Run addons e2e tests
+        run: make e2e-addon-test
+
       - name: Run e2e tests
         run: make e2e-test
 

.github/workflows/issue-commands.yml

@@ -6,7 +6,7 @@ on:
     types: [created]
 
 jobs:
-  main:
+  bot:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Actions
@@ -22,3 +22,48 @@ jobs:
         with:
           token: ${{secrets.VELA_BOT_TOKEN}}
           configPath: issue-commands
+
+  backport:
+    runs-on: ubuntu-18.04
+    if: github.event.issue.pull_request && contains(github.event.comment.body, '/backport')
+    steps:
+      - name: Extract Command
+        id: command
+        uses: xt0rted/slash-command-action@v1
+        with:
+          repo-token: ${{ secrets.VELA_BOT_TOKEN }}
+          command: backport
+          reaction: "true"
+          reaction-type: "eyes"
+          allow-edits: "false"
+          permission-level: read
+      - name: Handle Command
+        uses: actions/github-script@v4
+        env:
+          VERSION: ${{ steps.command.outputs.command-arguments }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const version = process.env.VERSION
+            let label = "backport release-" + version
+            if (version.includes("release")) {
+              label = "backport " + version
+            }
+            // Add our backport label.
+            github.issues.addLabels({
+              // Every pull request is an issue, but not every issue is a pull request.
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: [label]
+            })
+            console.log("Added '" + label + "' label.")
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Open Backport PR
+        uses: zeebe-io/backport-action@v0.0.6
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_workspace: ${{ github.workspace }}

.github/workflows/registry.yml

@@ -44,12 +44,23 @@ jobs:
           registry: docker.io
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Login Alibaba Cloud ACR
+        uses: docker/login-action@v1
+        with:
+          registry: kubevela-registry.cn-hangzhou.cr.aliyuncs.com
+          username: ${{ secrets.ACR_USERNAME }}@aliyun-inner.com
+          password: ${{ secrets.ACR_PASSWORD }}
       - uses: docker/setup-qemu-action@v1
       - uses: docker/setup-buildx-action@v1
         with:
           driver-opts: image=moby/buildkit:master
+
+      - name: Build & Pushing vela-core for ACR
+        run: |
+          docker build -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }} .
+          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
       - uses: docker/build-push-action@v2
-        name: Build & Pushing
+        name: Build & Pushing vela-core for Dockerhub and GHCR
         with:
           context: .
           file: Dockerfile
@@ -62,10 +73,36 @@ jobs:
             GITVERSION=git-${{ steps.vars.outputs.git_revision }}
             VERSION=${{ steps.get_version.outputs.VERSION }}
           tags: |-
-            ghcr.io/${{ github.repository }}/vela-core:${{ steps.get_version.outputs.VERSION }}
             docker.io/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository }}/vela-core:${{ steps.get_version.outputs.VERSION }}
+
+      - name: Build & Pushing vela-apiserver for ACR
+        run: |
+          docker build -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }} -f Dockerfile.apiserver .
+          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
       - uses: docker/build-push-action@v2
-        name: Build & Pushing runtime rollout
+        name: Build & Pushing vela-apiserver for Dockerhub and GHCR
+        with:
+          context: .
+          file: Dockerfile.apiserver
+          labels: |-
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          build-args: |
+            GITVERSION=git-${{ steps.vars.outputs.git_revision }}
+            VERSION=${{ steps.get_version.outputs.VERSION }}
+          tags: |-
+            docker.io/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository }}/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
+
+      - name: Build & Pushing vela runtime rollout for ACR
+        run: |
+          docker build -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }} .
+          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
+      - uses: docker/build-push-action@v2
+        name: Build & Pushing runtime rollout for Dockerhub and GHCR
         with:
           context: .
           file: runtime/rollout/Dockerfile
@@ -78,13 +115,14 @@ jobs:
             GITVERSION=git-${{ steps.vars.outputs.git_revision }}
             VERSION=${{ steps.get_version.outputs.VERSION }}
           tags: |-
-            ghcr.io/${{ github.repository }}/vela-rollout:${{ steps.get_version.outputs.VERSION }}
             docker.io/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository }}/vela-rollout:${{ steps.get_version.outputs.VERSION }}
 
   publish-charts:
     env:
       HELM_CHARTS_DIR: charts
       HELM_CHART: charts/vela-core
+      MINIMAL_HELM_CHART: charts/vela-minimal
       LEGACY_HELM_CHART: legacy/charts/vela-core-legacy
       OAM_RUNTIME_HELM_CHART: charts/oam-runtime
       VELA_ROLLOUT_HELM_CHART: runtime/rollout/charts
@@ -114,7 +152,7 @@ jobs:
           releases-only: true
         id: latest_tag
       - name: Tag helm chart image
-        run:  |
+        run: |
           latest_repo_tag=${{ steps.latest_tag.outputs.tag }}
           sub="."
           major="$(cut -d"$sub" -f1 <<<"$latest_repo_tag")"
@@ -128,11 +166,13 @@ jobs:
             chart_version=${current_repo_tag}-nightly-build
           fi
           sed -i "s/latest/${image_tag}/g" $HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $MINIMAL_HELM_CHART/values.yaml
           sed -i "s/latest/${image_tag}/g" $LEGACY_HELM_CHART/values.yaml
           sed -i "s/latest/${image_tag}/g" $OAM_RUNTIME_HELM_CHART/values.yaml
           sed -i "s/latest/${image_tag}/g" $VELA_ROLLOUT_HELM_CHART/values.yaml
           chart_smever=${chart_version#"v"}
           sed -i "s/0.1.0/$chart_smever/g" $HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $MINIMAL_HELM_CHART/Chart.yaml
           sed -i "s/0.1.0/$chart_smever/g" $LEGACY_HELM_CHART/Chart.yaml
           sed -i "s/0.1.0/$chart_smever/g" $OAM_RUNTIME_HELM_CHART/Chart.yaml
           sed -i "s/0.1.0/$chart_smever/g" $VELA_ROLLOUT_HELM_CHART/Chart.yaml
@@ -153,6 +193,7 @@ jobs:
       - name: Package helm charts
         run: |
           helm package $HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $MINIMAL_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
           helm package $LEGACY_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
           helm package $OAM_RUNTIME_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
           helm package $VELA_ROLLOUT_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
@@ -175,6 +216,6 @@ jobs:
       - name: sync capabilities bucket to local
         run: ./ossutil --config-file .ossutilconfig sync oss://$CAPABILITY_BUCKET $CAPABILITY_DIR
       - name: rsync all capabilites
-        run:  rsync vela-templates/registry/auto-gen/* $CAPABILITY_DIR
+        run: rsync vela-templates/registry/auto-gen/* $CAPABILITY_DIR
       - name: sync local to cloud
         run: ./ossutil --config-file .ossutilconfig sync $CAPABILITY_DIR oss://$CAPABILITY_BUCKET -f

.github/workflows/release.yml

@@ -4,126 +4,146 @@ on:
   push:
     tags:
       - "v*"
-  workflow_dispatch: {}
+  workflow_dispatch: { }
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
 jobs:
-  publish-cli:
+  build:
     runs-on: ubuntu-latest
+    name: build
+    strategy:
+      matrix:
+        TARGETS: [ linux/amd64, darwin/amd64, windows/amd64, linux/arm64, darwin/arm64 ]
     env:
-      VELA_VERSION: ${{ github.ref }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      VELA_VERSION_KEY: github.com/oam-dev/kubevela/version.VelaVersion
+      VELA_GITVERSION_KEY: github.com/oam-dev/kubevela/version.GitRevision
+      GO_BUILD_ENV: GO111MODULE=on CGO_ENABLED=0
+      DIST_DIRS: find * -type d -exec
     steps:
+      - name: Checkout
+        uses: actions/checkout@v2
       - name: Set up Go
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v2
         with:
           go-version: 1.16
-        id: go
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-      - name: Get the version
-        id: get_version
-        run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}
-      - name: Tag helm chart image
-        run:  |
-          sed -i 's/latest/${{ steps.get_version.outputs.VERSION }}/g' charts/vela-core/values.yaml
-          sed -i 's/0.1.0/${{ steps.get_version.outputs.VERSION }}/g' charts/vela-core/Chart.yaml
-      - name: Run cross-build
-        run: make cross-build
-      - name: Run compress binary
-        run: make compress
       - name: Get release
         id: get_release
         uses: bruceadams/get-release@v1.2.2
-      - name: Upload Vela Linux amd64 tar.gz
+      - name: Get version
+        run: echo "VELA_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+      - name: Get matrix
+        id: get_matrix
+        run: |
+          TARGETS=${{matrix.TARGETS}}
+          echo ::set-output name=OS::${TARGETS%/*}
+          echo ::set-output name=ARCH::${TARGETS#*/}
+      - name: Get ldflags
+        id: get_ldflags
+        run: |
+          LDFLAGS="-s -w -X ${{ env.VELA_VERSION_KEY }}=${{ env.VELA_VERSION }} -X ${{ env.VELA_GITVERSION_KEY }}=git-$(git rev-parse --short HEAD)"
+          echo "LDFLAGS=${LDFLAGS}" >> $GITHUB_ENV
+      - name: Build
+        run: |
+          ${{ env.GO_BUILD_ENV }} GOOS=${{ steps.get_matrix.outputs.OS }} GOARCH=${{ steps.get_matrix.outputs.ARCH }} \
+            go build -ldflags "${{ env.LDFLAGS }}" \
+            -o _bin/vela/${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}/vela -v \
+            ./references/cmd/cli/main.go
+          ${{ env.GO_BUILD_ENV }} GOOS=${{ steps.get_matrix.outputs.OS }} GOARCH=${{ steps.get_matrix.outputs.ARCH }} \
+            go build -ldflags "${{ env.LDFLAGS }}" \
+            -o _bin/kubectl-vela/${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}/kubectl-vela -v \
+            ./cmd/plugin/main.go
+      - name: Compress
+        run: |
+          echo "\n## Release Info\nVERSION: ${{ env.VELA_VERSION }}" >> README.md && \
+          echo "GIT_COMMIT: ${GITHUB_SHA}\n" >> README.md && \
+          cd _bin/vela && \
+          ${{ env.DIST_DIRS }} cp ../../LICENSE {} \; && \
+          ${{ env.DIST_DIRS }} cp ../../README.md {} \; && \
+          ${{ env.DIST_DIRS }} tar -zcf vela-{}.tar.gz {} \; && \
+          ${{ env.DIST_DIRS }} zip -r vela-{}.zip {} \; && \
+          cd ../kubectl-vela && \
+          ${{ env.DIST_DIRS }} cp ../../LICENSE {} \; && \
+          ${{ env.DIST_DIRS }} cp ../../README.md {} \; && \
+          ${{ env.DIST_DIRS }} tar -zcf kubectl-vela-{}.tar.gz {} \; && \
+          ${{ env.DIST_DIRS }} zip -r kubectl-vela-{}.zip {} \; && \
+          cd .. && \
+          sha256sum vela/vela-* kubectl-vela/kubectl-vela-* >> sha256-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.txt \
+      - name: Upload Vela tar.gz
         uses: actions/upload-release-asset@v1.0.2
         with:
           upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/vela/vela-linux-amd64.tar.gz
-          asset_name: vela-${{ steps.get_version.outputs.VERSION }}-linux-amd64.tar.gz
+          asset_path: ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
+          asset_name: vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
           asset_content_type: binary/octet-stream
-      - name: Upload Vela Linux amd64 zip
+      - name: Upload Vela zip
         uses: actions/upload-release-asset@v1.0.2
         with:
           upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/vela/vela-linux-amd64.zip
-          asset_name: vela-${{ steps.get_version.outputs.VERSION }}-linux-amd64.zip
+          asset_path: ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
+          asset_name: vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
           asset_content_type: binary/octet-stream
-      - name: Upload Vela MacOS tar.gz
+      - name: Upload Kubectl-Vela tar.gz
         uses: actions/upload-release-asset@v1.0.2
         with:
           upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/vela/vela-darwin-amd64.tar.gz
-          asset_name: vela-${{ steps.get_version.outputs.VERSION }}-darwin-amd64.tar.gz
+          asset_path: ./_bin/kubectl-vela/kubectl-vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
+          asset_name: kubectl-vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
           asset_content_type: binary/octet-stream
-      - name: Upload Vela MacOS zip
+      - name: Upload Kubectl-Vela zip
         uses: actions/upload-release-asset@v1.0.2
         with:
           upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/vela/vela-darwin-amd64.zip
-          asset_name: vela-${{ steps.get_version.outputs.VERSION }}-darwin-amd64.zip
+          asset_path: ./_bin/kubectl-vela/kubectl-vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
+          asset_name: kubectl-vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
           asset_content_type: binary/octet-stream
-      - name: Upload Vela Windows tar.gz
-        uses: actions/upload-release-asset@v1.0.2
+      - name: Post sha256
+        uses: actions/upload-artifact@v2
         with:
-          upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/vela/vela-windows-amd64.tar.gz
-          asset_name: vela-${{ steps.get_version.outputs.VERSION }}-windows-amd64.tar.gz
-          asset_content_type: binary/octet-stream
-      - name: Upload Vela Windows zip
-        uses: actions/upload-release-asset@v1.0.2
+          name: sha256sums
+          path: ./_bin/sha256-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.txt
+          retention-days: 1
+
+  upload-plugin-homebrew:
+    needs: build
+    runs-on: ubuntu-latest
+    name: upload-sha256sums
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Get release
+        id: get_release
+        uses: bruceadams/get-release@v1.2.2
+      - name: Download sha256sums
+        uses: actions/download-artifact@v2
         with:
-          upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/vela/vela-windows-amd64.zip
-          asset_name: vela-${{ steps.get_version.outputs.VERSION }}-windows-amd64.zip
-          asset_content_type: binary/octet-stream
-      - name: Upload Kubectl-Vela Linux amd64 tar.gz
-        uses: actions/upload-release-asset@v1.0.2
-        with:
-          upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/kubectl-vela/kubectl-vela-linux-amd64.tar.gz
-          asset_name: kubectl-vela-${{ steps.get_version.outputs.VERSION }}-linux-amd64.tar.gz
-          asset_content_type: binary/octet-stream
-      - name: Upload Kubectl-Vela Linux amd64 zip
-        uses: actions/upload-release-asset@v1.0.2
-        with:
-          upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/kubectl-vela/kubectl-vela-linux-amd64.zip
-          asset_name: kubectl-vela-${{ steps.get_version.outputs.VERSION }}-linux-amd64.zip
-          asset_content_type: binary/octet-stream
-      - name: Upload Kubectl-Vela MacOS tar.gz
-        uses: actions/upload-release-asset@v1.0.2
-        with:
-          upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/kubectl-vela/kubectl-vela-darwin-amd64.tar.gz
-          asset_name: kubectl-vela-${{ steps.get_version.outputs.VERSION }}-darwin-amd64.tar.gz
-          asset_content_type: binary/octet-stream
-      - name: Upload Kubectl-Vela MacOS zip
-        uses: actions/upload-release-asset@v1.0.2
-        with:
-          upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/kubectl-vela/kubectl-vela-darwin-amd64.zip
-          asset_name: kubectl-vela-${{ steps.get_version.outputs.VERSION }}-darwin-amd64.zip
-          asset_content_type: binary/octet-stream
-      - name: Upload Kubectl-Vela Windows tar.gz
-        uses: actions/upload-release-asset@v1.0.2
-        with:
-          upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/kubectl-vela/kubectl-vela-windows-amd64.tar.gz
-          asset_name: kubectl-vela-${{ steps.get_version.outputs.VERSION }}-windows-amd64.tar.gz
-          asset_content_type: binary/octet-stream
-      - name: Upload Kubectl-Vela Windows zip
-        uses: actions/upload-release-asset@v1.0.2
-        with:
-          upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/kubectl-vela/kubectl-vela-windows-amd64.zip
-          asset_name: kubectl-vela-${{ steps.get_version.outputs.VERSION }}-windows-amd64.zip
-          asset_content_type: binary/octet-stream
+          name: sha256sums
+          path: cli-artifacts
+      - name: Display structure of downloaded files
+        run: ls -R
+        working-directory: cli-artifacts
+      - shell: bash
+        working-directory: cli-artifacts
+        run: |
+          for file in *
+          do
+            cat ${file} >> sha256sums.txt
+          done
       - name: Upload Checksums
         uses: actions/upload-release-asset@v1.0.2
         with:
           upload_url: ${{ steps.get_release.outputs.upload_url }}
-          asset_path: ./_bin/sha256sums.txt
+          asset_path: cli-artifacts/sha256sums.txt
           asset_name: sha256sums.txt
           asset_content_type: text/plain
       - name: Update kubectl plugin version in krew-index
         uses: rajatjindal/krew-release-bot@v0.0.38
+      - name: Update Homebrew formula
+        uses: dawidd6/action-homebrew-bump-formula@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          formula: kubevela
+          tag: ${{ github.ref }}
+          revision: ${{ github.sha }}
+          force: false

.github/workflows/timed-task.yml

@@ -1,7 +1,7 @@
 name: Timed Task
 on:
   schedule:
-    - cron: '0 * * * *'
+    - cron: '* * * * *'
 jobs:
   clean-image:
     runs-on: aliyun

.github/workflows/unit-test.yml

@@ -72,7 +72,7 @@ jobs:
           version: 3.1.0
           kubebuilderOnly: false
           kubernetesVersion: v1.21.2
-
+      
       - name: Run Make test
         run: make test
 
@@ -81,5 +81,5 @@ jobs:
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           file: ./coverage.txt
-          flags: unittests
+          flags: core-unittests
           name: codecov-umbrella

.gitignore

@@ -44,17 +44,8 @@ charts/vela-core/crds/_.yaml
 
 .vela/
 
-# Dashboard
-node_modules/
-.eslintcache
-references/dashboard/dist/
-references/dashboard/package-lock.json
-references/dashboard/src/.umi/
-package-lock.json
-references/dashboard/src/.umi-production/
-
-# Swagger: generate Restful API
-references/apiserver/docs/index.html
-
 # check docs
-git-page/
+git-page/
+
+# e2e rollout runtime image build
+runtime/rollout/e2e/tmp

CHANGELOG/CHANGELOG-1.0.md

@@ -0,0 +1,260 @@
+# v1.0.7
+
+This is a minor fix for release-1.0, please refer to release-1.1.x for the latest feature.
+
+1. Fix podDisruptive field for inner traits #1844
+
+
+# v1.0.6
+
+1. fix bug: When the Component contains multiple traits of the same type, the status of the trait in the Application is reported incorrectly (#1731) (#1743)
+2. Fix terraform component can't work normally, generate OpenAPI JSON schema for Terraform Component (#1738) (#1753)
+3. Improve the logging system #1735 #1758
+4. add ConcurrentReconciles for setting the concurrent reconcile number of the controller  #1775 
+
+# v1.0.5
+
+1. Fix Terraform application status issue (#1611)
+2. applicaiton supports specifying different versions of Definition (#1597)
+3. Enable Dynamic Admission Control for Application (#1619)
+4. Update inner samples for "vela show xxx --web" (#1616)
+5. fix empty rolloutBatch will panic whole controller bug (#1646)
+6. Use stricter syntax check for CUE (#1643)
+7. make ResourceTracker to own cluster-scope resource (#1634)
+8. update docs
+
+# v1.0.4
+
+## Upgrade to this release
+
+**Please update Application CRD to upgrade from v1.0.3 to this release**
+
+```
+kubectl apply -f https://raw.githubusercontent.com/oam-dev/kubevela/master/charts/vela-core/crds/core.oam.dev_applications.yaml
+```
+
+**Check the upgrade docs to upgrade from other release: https://kubevela.io/docs/advanced-install#upgrade**
+
+
+## Changelog
+
+1. add more PVC volume traits and docs (#1524)
+2. automatically sync vela api code to the repo([kubevela-core-api](https://github.com/oam-dev/kubevela-core-api)) on release, you can use this repo as import package for kubevela integration (#1523)
+3. fix cue template of worker and ingress with more accurate error info (#1532)
+4. add critical path k8s event for Application (#1463)
+5. support K8s Deployment for AppRollout #1539 #1557
+6. vela cli: enable "vela show" to support namespaced capability (#1521)
+7. Add scpoe reference in Application object `status.Service` (#1540)
+8. vela cli: `vela show` support list the parameter of ComponentDefinition created by helm charts (#1543)
+9. Add revision mechanism for Component/Trait Definition and default revision histroy will keep 20 revisions #1531
+10. fix CRD for legacy K8s cluser(<=1.14) (#1531)
+11. fix duplate key in kubevela chart webhook yaml (#1571)
+12. Check whether parameter.cmd is nill for `sidecar` trait (#1575)
+13. add e2e-test into test coverage report (#1553)
+14. support krew install for kubectl vela plugin #1582
+15. fix controller cannot start due to the format error of the third-party CRD (#1584)
+16. use accelerate domain for helm chart repo to speed up for global users (#1585)
+17.  embed rollout in an application, now you can use rolloutPlan in Application (#1568)
+18. Support server-side Terraform as cloud resource provider #1519
+
+# v1.0.3
+
+More end user guide was added in `Application Deployment` section.
+
+1. add helm test to verify the chart of KubeVela have been installed successfully  (#1415)
+2. fix bug which Component/TraitDefinition won't work when contains “`_|_`” in value (#1450)
+3. add volumes definition in worker/webservice (#1459)
+4. Remove local kind binary dependency #1458
+5. ignore error not found when deleting resourceTracker (#1462)
+6. add context.appRevisionNum as runtime context (#1466)
+7. implement cli `vela system live-diff` to check diff before upgrade (#1419)
+8. add webhook validation on CUE template outputs name (#1460)
+9. Fix helm chart about wrong webhook policy (#1483)
+10. Remove trait-injector from controller options (#1490)
+12. add app name as label for AppRevision (#1488)
+13. Introduce vela as a kubectl plugin (#1485)
+14. update status of appContext by patch to avoid resourceVersion conflict error (#1500)
+15. add workloadDefinitionRef to application status.services (#1471)
+16. Add garbage collection mechanism for AppRevision, it will only keep 10 revisions by default (#1501)
+17. Remove AGE in definition crd print columns (#1509)
+
+
+# v1.0.2
+
+1. remove no used ingress notes in KubeVela charts (#1405)
+2. fix import inner package in the format of third party package path and add docs (#1412  #1417)
+3. vela cli support use "vela system cue-packages" to list cue-package (#1417)
+4. Fix bug that the registered k8s built-in gvk does not exist in third party package path (#1414)
+5. Fix bug that patchKey not work when strategyUnify function not work with close call (#1430)
+6. add podDisruptive to traitdefinition to notify wether a trait update will cause restart of pod or not (#1192)
+7. Add a new cloneset scale controller (#1301)
+8. Support garbage collection for across-namespace workloads and traits  (#1421)
+9. Add short name for crds && Remove redundant and ambiguous short names #1434
+10. Refresh built-in packages when component/trait definition are registered (#1402)
+
+
+**You should upgrade following CRDs to upgrade from v1.0.1, all CRDs changes are backward compatible**:
+
+```
+kubectl apply -f https://raw.githubusercontent.com/oam-dev/kubevela/master/charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml
+kubectl apply -f https://raw.githubusercontent.com/oam-dev/kubevela/master/charts/vela-core/crds/standard.oam.dev_rollouttraits.yaml
+kubectl apply -f https://raw.githubusercontent.com/oam-dev/kubevela/master/charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml
+kubectl apply -f https://raw.githubusercontent.com/oam-dev/kubevela/master/charts/vela-core/crds/core.oam.dev_applications.yaml
+kubectl apply -f https://raw.githubusercontent.com/oam-dev/kubevela/master/charts/vela-core/crds/core.oam.dev_approllouts.yaml
+kubectl apply -f https://raw.githubusercontent.com/oam-dev/kubevela/master/charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml
+```
+
+
+# v1.0.1
+
+There are some fixes contained for release v1.0.0:
+
+1. add initial finalizer and abandon support for app rollout, you can revert quickly now(#1362)
+2. fix vela show fail to get component definition (#1366)
+3. fix application context controller should not own application object (#1370)
+4. fix: "system-definition-namespace" chart args not work in vela chart (#1371)
+5. fix resources created in different namespace can not be updated (#1374)
+6. fix automatically generate schema for helm values fail in array list value (#1375)
+7. upgrade API version of mutate/validate webhook to v1 (#1383)
+8. fix webhook not work by helm install kubevela without cert-manager #1267
+7. remove create cert-manager issuer in vela CLI env command (#1267)
+8. refine CRD print results: add additional print column and short Name for CRD (#1377)
+
+Many other docs improvements.
+
+Thanks for all the contributors!
+
+# v1.0.0
+
+We're excited to announce the release of KubeVela 1.0.0! 🎉🎉🎉🎉
+
+Thanks to all the new and existing contributors who helped make this release happen!
+
+You may already noticed the awesome community has shipped a brand new KubeVela website https://kubevela.io ! 🎉🎉
+
+If you're new to KubeVela, feel free to start with its [getting started page](https://kubevela.io/docs/quick-start) and learning about [its core concepts](https://kubevela.io/docs/concepts). The full feature of vela is explained in [platform builder guide](https://kubevela.io/docs/platform-engineers/overview).
+
+For existing adopters, please follow the [installing](https://kubevela.io/docs/install) or [upgrading](https://kubevela.io/docs/install#upgrade) KubeVela to version 1.0.0.
+
+## Acknowledgements ❤️
+
+Thanks to everyone who made this release possible!
+
+@captainroy-hy @sunny0826 @leejanee  @yangsoon @wangyikewxgm @hongchaodeng @zzxwill @ryanzhang-oss @resouer @wonderflow  @hprotzek @vnzongzna  @majian159 @Cweiping @mengjiao-liu @kushthedude @unknwon @Ghostbaby @mosesyou @dylandee @wangkai1994 @LeoLiuYan @just-do1 @hoopoe61 @Incubator4th @TomorJM @hahchenchen @zeed-w-beez @allenhaozi @mason1kwok @kinsolee @shikanon @96RadhikaJadhav
+
+# What's New
+
+## API version upgraded to `v1beta1`
+
+All user facing APIs have been upgraded to `v1beta1`, you could learn more details in the [API Changes](#API-Changes) section below.
+
+## `ComponentDefinition`
+
+The [`ComponentDefinition`](https://kubevela.io/docs/platform-engineers/definition-and-templates) now takes the responsibility of defining encapsulation and abstraction for your app components. And you are free to choose to use Helm chart or CUE to define them. This leaves `WorkloadDefinition` focusing on declaring workload characteristic such as `replicable`, `childResource`  etc, so the `spec.schematic` field in `WorkloadDefinition` could be deprecated in next few releases.
+
+## Application Versioning and Progressive Rollout
+
+* A rolling style upgrade was supported by the object called [`AppRollout`](https://kubevela.io/docs/rollout/rollout/). It can help you to upgrade an Application from source revision to the target and support Blue/Green, Canary and A/B testing rollout strategy.
+* Multi-Version, Multi-Cluster Application Deployment was supported by the object called [`AppDeployment`](https://kubevela.io/docs/rollout/appdeploy). It can help you to deploy multiple revision apps to multiple clusters with leverage of Service Mesh.
+
+## Visualization Enhancement
+
+KubeVela now automatically generates Open-API-v3 Schema for all the definition abstractions including CUE, Helm and raw Kubernetes resource templates. You can integrate KubeVela with your own dashboard and [generate forms from definitions](https://kubevela.io/docs/platform-engineers/openapi-v3-json-schema) at ease!
+
+## Application Abstraction
+
+There're several major updates on the `Application` abstraction itself:
+* [Helm based abstraction](https://kubevela.io/docs/helm/component) was supported with few [limitations](https://kubevela.io/docs/helm/known-issues). In other words, you can now declare any existing Helm chart as an app component in KubeVela. The most exciting part is the trait system of KubeVela works seamlessly with the Helm based components, yes, just [attach trait](https://kubevela.io/docs/helm/trait) to it!
+* [Raw Kubernetes resource templates](https://kubevela.io/docs/kube/component) was still supported, that's simpler but less powerful comparing to [the CUE way](https://kubevela.io/docs/cue/component). Of course, the trait system also [works seamless](https://kubevela.io/docs/kube/trait) with it.
+
+
+## CUE Template Enhancement
+
+* [Runtime information context](https://kubevela.io/docs/cue/component#full-available-information-in-cue-context) was supported, you could use this information to render the resources in CUE template.
+* [Data passing](https://kubevela.io/docs/cue/advanced#data-passing) was supported during CUE rendering. Specifically, the `context.output` contains the rendered workload API resource and the `context.outputs.<xx>` contains all the other rendered API resources.
+* [K8s API resources are now built-in packages](https://kubevela.io/docs/cue/basic#import-kube-package): the K8s built-in API including CRD will be discovered by KubeVela and automatically built as CUE packages, you can use it in your CUE template. This is very helpful in validation especially on writing new CUE templates.
+* [Dry-run Application](https://kubevela.io/docs/platform-engineers/debug-test-cue) was supported along with a debug and test guide for building CUE template. You can create CUE based definitions with confidence now!
+* [Deploy resources in different namespaces](https://kubevela.io/docs/cue/cross-namespace-resource/) was supported now, you can specify namespace in your CUE template.
+
+## Declare and Consume Cloud Resources
+
+* [Declare and consume cloud resources](https://kubevela.io/docs/platform-engineers/cloud-services/) were supported now in KubeVela, you can easily register cloud resources by `ComponentDefinition` and bind the service into the applications.
+
+## A brand new website
+
+We have upgraded our website [kubevela.io](https://github.com/oam-dev/kubevela.io) based on "Docusaurus". All docs is automatically generated from [KubeVela](https://github.com/oam-dev/kubevela/tree/master/docs) while the blogs are on [kubevela.io/blogs](https://github.com/oam-dev/kubevela.io/tree/main/blog).
+
+
+# Changes
+
+## API Changes
+
+1. Change definition from cluster scope to namespace scope #1085 the cluster scope CRD was still compatible.
+2. Application Spec changes.
+    - `spec.components[x].settings` in v1alpha2 was changed to `spec.components[x].properties` in v1beta1
+    - `spec.components[x].traits[x].name` in v1alpha2 was changed to `spec.components[x].traits[x].type` in v1beta1
+
+Example of the v1alpha2 Spec:
+
+```
+apiVersion: core.oam.dev/v1alpha2
+kind: Application
+metadata:
+  name: first-vela-app
+spec:
+  components:
+    - name: express-server
+      type: webservice
+      settings:
+        ...
+      traits:
+        - name: ingress
+          properties:
+            ...
+```
+
+Example of the v1beta1 Spec:
+
+```
+apiVersion: core.oam.dev/v1beta1
+kind: Application
+metadata:
+  name: first-vela-app
+spec:
+  components:
+    - name: express-server
+      type: webservice
+      properties:
+        ...
+      traits:
+        - type: ingress
+          properties:
+            ...
+```
+
+
+## Deprecation
+
+1. route/autoscaler/metrics these three traits and their controllers were moved out from the vela core.  #1172 You could still find and use them from https://github.com/oam-dev/catalog.
+2. the dashboard was deprecated in KubeVela and we will merge these features and create a new in [velacp](https://github.com/oam-dev/velacp) soon.
+3. vela CLI will only support run/modify an app from appfile by using `vela up`, so some other commands related were deprecated, such as `vela svc deploy`, `vela <trait> ...`
+
+
+## Other Notable changes
+
+1. `prometheus` and `certmanager` CRD are not required in installation #1005
+2. Parent overrides child when annotation/labels conflicts && one revision will apply once only in force mode && AC.status CRD updated #1109
+3. `ApplicationRevision` CRD Object was introduced as revision of Application #1214
+4. KubeVela chart image pull policy was changed to `Always` from `IfNotPresent` #1228
+   5.` Application` Controller will use `AppContext` to manage the resources generation #1245, in other word, you can run KubeVela `Application Controller` without any `v1apha2 Object`.
+6. The regular time for all events automatically sync changed from 5min to 1 hour   #1285
+7. `vela system dry-run` will print raw K8s resources in a better format  #1246
+
+
+# Known Issues
+
+1. Built-in CUE package was not supported now for K8s Cluster v1.20, we will support in the next release. #1313
+2. Resources created in different namespace from application will only be garbage collected (GC) when the application deleted, an update will not trigger GC for now, we will fix it in the next release. #1339
+
+
+Thanks again to all the contributors!

CHANGELOG/CHANGELOG-1.1.md

@@ -0,0 +1,243 @@
+# v1.1.3
+
+## What's Changed
+* Fix: remove ocm addon enable in Makefile by @Somefive in https://github.com/oam-dev/kubevela/pull/2327
+* Chore(cli): remove useless deploy.yaml by @chivalryq in https://github.com/oam-dev/kubevela/pull/2335
+* Fix: do not override the workload name if its specified by @FogDong in https://github.com/oam-dev/kubevela/pull/2336
+* Fix: remove appcontext CRD and controller by @wonderflow in https://github.com/oam-dev/kubevela/pull/2270
+* Feat: add revisionHistoryLimit to helm chart by @haugom in https://github.com/oam-dev/kubevela/pull/2343
+* Chore: deprecate 'vela dashboard' apiserver by @chivalryq in https://github.com/oam-dev/kubevela/pull/2341
+* Chore: remove e2e-api-test in rollout test to speed up by @chivalryq in https://github.com/oam-dev/kubevela/pull/2345
+* Docs: rollout demo by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/2348
+* Feat: add vela minimal chart by @FogDong in https://github.com/oam-dev/kubevela/pull/2340
+* Fix: runc security issue by @Somefive in https://github.com/oam-dev/kubevela/pull/2350
+* Docs: add a WeChat QR code by @barnettZQG in https://github.com/oam-dev/kubevela/pull/2351
+* Feat: Initialize api for vela dashboard and CLI by @barnettZQG in https://github.com/oam-dev/kubevela/pull/2339
+* Fix(helm chart): fix startup args for apiserver by @yangsoon in https://github.com/oam-dev/kubevela/pull/2362
+* Fix: dockerfile e2e test command lack environment configuration by @Somefive in https://github.com/oam-dev/kubevela/pull/2231
+* Feat: inputs support setting value in array by @leejanee in https://github.com/oam-dev/kubevela/pull/2358
+* Feat: support rollout controller for StatefulSet by @whichxjy in https://github.com/oam-dev/kubevela/pull/1969
+* Fix: delete deprecated vela dashboard in e2e setup by @FogDong in https://github.com/oam-dev/kubevela/pull/2379
+* Fix: try fix CI unit test by @wonderflow in https://github.com/oam-dev/kubevela/pull/2376
+* Feat: Addon REST API by @hongchaodeng in https://github.com/oam-dev/kubevela/pull/2369
+* Fix: fix built in workflow steps by @FogDong in https://github.com/oam-dev/kubevela/pull/2378
+* Feat: add vela minimal in make manifests by @FogDong in https://github.com/oam-dev/kubevela/pull/2389
+* Chore(deps): bump go.mongodb.org/mongo-driver from 1.3.2 to 1.5.1 by @wonderflow in https://github.com/oam-dev/kubevela/pull/2391
+* Fix: use aliyun oss istio chart by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/2392
+* Support remote git repo for Terraform configuration by @zzxwill in https://github.com/oam-dev/kubevela/pull/2337
+* Feat: add inputs test cases and optimize code by @leejanee in https://github.com/oam-dev/kubevela/pull/2388
+* Fix: pass owner to workload if rollout failed by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/2397
+* Feat: bootstrap multicluster testing by @Somefive in https://github.com/oam-dev/kubevela/pull/2368
+* Feat(workflow): add depends on in workflow by @FogDong in https://github.com/oam-dev/kubevela/pull/2387
+* Fix: make the name of Terraform credential secret same to component name by @zzxwill in https://github.com/oam-dev/kubevela/pull/2399
+* Fix: revision GC in workflow mode by @FogDong in https://github.com/oam-dev/kubevela/pull/2355
+* Fix: Applied Resources Statistics  Error by @leejanee in https://github.com/oam-dev/kubevela/pull/2398
+
+
+# v1.1.2
+
+This is a bug fix release.
+Since the big v1.1.1 release, many users had given it try for our new features. We sincerely appreciate your enthusiasm and amazing feedback.
+
+There are some small issues found by our users and we have fixed them. Most notably:
+
+- The Charts of addons (prometheus, etc.) are moved to OSS to provide better accessibility and network speed.
+- The FluxCD and Terraform addons are not enabled by default. Users can install them via `vela addon enable ...`.
+
+We have located more small issues around templates as well and fixed them, and decided a bug fix release ASAP.
+
+Users are highly recommended to use the v1.1.2 release instead. We want to thank all of our users sincerely! ❤️ ❤️ ❤️
+
+## What's Changed
+* Fix(rollout): improve rollback experience by @hongchaodeng in https://github.com/oam-dev/kubevela/pull/2294
+* Fix: fix typo by @hughxia in https://github.com/oam-dev/kubevela/pull/2317
+* Fix: fix cluster-gateway image tag in chart by @Somefive in https://github.com/oam-dev/kubevela/pull/2318
+* Fix: workflow example by @leejanee in https://github.com/oam-dev/kubevela/pull/2323
+* Fix: fix multicluster values bug by @Somefive in https://github.com/oam-dev/kubevela/pull/2326
+* Fix(helm): Do not install fluxcd and terraform by default by @yangsoon in https://github.com/oam-dev/kubevela/pull/2328
+* Fix: move charts from github repo to Alibaba Cloud OSS repo by @zzxwill in https://github.com/oam-dev/kubevela/pull/2324
+* Fix: add comments and adjust helm typed component's spec by @zzxwill in https://github.com/oam-dev/kubevela/pull/2332
+* Fix: fix multicluster template bug by @Somefive in https://github.com/oam-dev/kubevela/pull/2333
+* Feat: add args for init-contianer and sidecar by @Gallardot in https://github.com/oam-dev/kubevela/pull/2331
+
+# v1.1.1
+
+Users are highly recommended to use the v1.1.2 release instead.
+
+# Changes since v1.1.0
+
+1. rollout trait change IncreaseFirst to DecreaseFirst (#2142)
+2. Feat(definition): add built-in dingtalk workflow step definition (#2152)
+3. Fix(dryrun): add default name and namespace in dry run (#2150)
+4. Docs: fix typo about workflow rollout (#2163)
+5. Fix: traitdefinition controller reconcile in a infinite loop (#2157)
+6. Refactor: change the ownerReference of configMap which store the parameter for each revision to definitionRevision (#2164)
+7. Fix: add fluxcd dashbaords (#2130)
+8. Feat: modify apply component cue action to support skipWorkload trait (#2167)
+9.  Trait: Add TraitDefinition for PVC (#2158)
+10. initilize KubeVela codeowner file (#2178)
+11. Feat(cue): support access components artifacts in cue template context (#2161)
+12. Feat(addon): add default enable addon (#2172)
+13. Feat(envbinding): add resourceTracker for envBinding (#2179)
+14. Fix: align all CUE template keyword to use parameter (#2181)
+15. Feat: add vela live-diff , dry-run, cue-packages into vela commands (#2182)
+16. Fix: move Terraform defintions charts/vela-core/templates/definitions (#2176)
+17. Fix: add patchkey to volumes (#2191)
+18. Feat(workflow): add depends-on workflow step definition (#2190)
+19. Feat: add pprof (#2192)
+20. Feat: add more registry traits as internal ones (#2184)
+21. Fix: support more Terraform variable types (#2194)
+22. Fix: update help message of ingress trait (#2198)
+23. Refactor(#2185): remove unused config options in Makefile (#2200)
+24. Docs: update environment design (#2199)
+25. Fix: modify service-binding with more accurate type (#2209)
+26. Feat(healthscope): add health-scope-binding policy and e2e test for health scope (#2205)
+27. Feat(workflow): support dingding and slack in webhook notification (#2213)
+28. Feat(workflow): add apply application workflow step definition (#2186)
+29. Feat(workflow): input.ParameterKey described like paths notation (#2214)
+30. Fix(upgrade): upgrade controller-tools from 0.2 to 0.6.2 (#2215)
+31. Fix(app): When only the policy is specified, the resources in the app need to be rendered and created (#2197)
+32. Feat(workflow): outputs support script notation (#2218)
+33. Fix(addon): rename clonset-service to clonse (#2219)
+34. Feat(workflow): Add op.#Task action (#2220)
+35. Fix(webhook): only check the uniqueness of component names under the same namespace (#2222)
+36. Feat(apiserver): add apiserver service to helm chart (#2225)
+37. Fix: add flag --label to filer components and traits (#2217)
+38. Fix(addons): remove kruise addon (#2226)
+39. Feat: add pressure-test parameter optimize (#2230)
+40. Fix: align the envbind-app name with the original application name (#2232)
+41. Feat(workflow): add status check for workflow mutil-env deploy (#2229)
+42. Refactor: move from io/ioutil to io and os package (#2234)
+43. Feat(trait): annotation and labels trait should also affect the workload object along with pod (#2237)
+44. Feat(app): show health status from HealthScope in application (#2228)
+45. Fix: kustomize json patch trait definition (#2239)
+46. Docs: canary rollout demo (rollout part only) (#2177)
+47. Feat: vela show annotations display undefined should be refined (#2244)
+48. Feat: support code-generator and sync to kubevela-core-api (#2174)
+49. Feat: add image auto update for gitops (#2251)
+50. Fix: fix the output DB_PASSWORD for rds definition (#2267)
+51. Fix: add alibaba eip cloud resource (#2268)
+52. Refactor application code to make it run as Dag workflow (#2236)
+53. Fix: remove podspecworkload controller and CRD (#2269)
+54. Feat: add more options for leader election configuration to avoid pressure on apiserver
+55. Feat: istio addon and use case demo (#2276)
+56. Fix: patch any key using retainKeys strategy (#2280)
+57. Fix: add exponential backoff wait time for workflow reconciling (#2279)
+58. Refactor: change field exportKey to valueFrom (#2284)
+59. Fix(helm): enable apiserver by default (#2249)
+60. Feat: alibaba provider addon (#2243)
+61. Support MultiCluster EnvBinding with cluster-gateway (#2247)
+62. Fix: fix apply application workflow step (#2288)
+63. Fix: fix alibaba cloud rds module (#2293)
+64. Feat: add commit msg in kustomize (#2296)
+65. Feat: allow user specify alibaba provider addon's region (#2297)
+66. Fix: generate service in canary-traffic trait (#2300)
+67. Fix: imagePullSecrets error from cloneset (#2305)
+68. Fix: add application logging dashboard (#2301)
+69. Feat: Make applicationComponent can be modified in step (#2304)
+70. Fix: generate service in canary-traffic trait (#2307)
+
+
+# v1.1.0
+
+Note: the documents (https://kubevela.io/)  for v1.1.0 is still WIP, so we mark it as pre-release. The ETA for documents is next 2 weeks.
+
+We would like to extend our thanks to all [the new and existing contributors](https://github.com/oam-dev/kubevela/graphs/contributors) who helped make this release happen.
+
+Please follow the guide to [install](https://kubevela.io/docs/next/getting-started/quick-install) or [upgrade](https://kubevela.io/docs/next/platform-engineers/advanced-install/) KubeVela to version v1.1.0.
+
+## What's New
+
+- **Hybrid Environment App Delivery Control plane**
+    - In the new release, we have fully upgraded KubeVela to a multi-cluster/hybrid-cloud/multi-cloud app delivery control plane with leverage of OAM as the consistent app delivery model across clouds and infrastructures.
+- **Workflow**
+    - KubeVela has added a Workflow mechanism that empowers users to glue any operational tasks to customize the control logic to build more complex operations. Workflow is modular by design and each module is mainly composed in CUE -- so you can define complex operations in a declarative, data-driven manner.
+- **Environment**
+    - KubeVela added an Initializer which allow users to define what constructs the environment. The environment Initialized by the Initilizer could contain different kinds of resources include K8s cluster, system components, policies and almost everything. Of course, you can destry an environment very easily with the help of Initializer.
+- **Out of Box Addons**
+    - With the help of Initilizer, KubeVela has support lots of out of box addons. You can list/enable/disable them by `vela addon` command. Each addon is an Initializer that deloy the CRD Controllers and other resources related.
+- **Cloud Resources Support**
+    - We also support terraform to provision almost every cloud resources and pass through to other components defined in KubeVela application.
+- **Tools to edit and manage X-Definition**
+    - We also provide the `vela def` tool sets to provide unified CUE based capability to manage X-Definition.
+- **Others**
+    - Allow specify name for component revision auto-generated by Application. Allow specify name for auto generated Definition revision.
+    - Controller runtime dependency upgrade that can compatible with Kubernetes v1.21 . KubeVela support Kubernetes v1.18~v1.21.
+    - Other details you could read changelog in the release history.
+    
+## Change log since v1.1-rc2
+
+1. fix configmap patchkey bug (#2080)
+2. Merge velacp to apiserver branch in oam repo (#2039) (#2127)  (#2087)
+3. support rollout controller seprated and install as helm chart in runtime cluster  (#2075)
+4. fix bug that KubeVela can not be installed in specified namespace (#2083)
+5. enable vela def to use import decl (#2084)
+6. enhance envbinding: support apply resources to cluster (#2093)
+7. Add obsevability addon (#2091)
+8. Feat(vela): add vela workflow suspend command (#2108)
+9. feat(def): add built-in workflow definitions (#2094)
+10. Feat(vela): add vela workflow resume command (#2114)
+11. upgrade openkruise version to v0.9.0 (#2076)
+12. Fix(workflow): set workload name in configmap if the name is not specified (#2119)
+13. helm component support OSS bucket (#2104)
+14. add rollout demo with Workflow (#2121)
+15. Support script as parameter and make the WorkflowStepDefinition more universal  (#2124)
+16. fix(cli) fix bug when vela show componetdefinition's workload type is AutoDetectWorkloadDefinition (#2125)
+17. Fix(workflow): set the namespace to app's ns if it's not specified (#2133)
+18. fix specify external revision bug (#2126)
+19. add CUE-based health check in HealthScope controller (#1956)
+20. Feat(addon): Add source and patch to kustomize definition (#2138)
+21. Feat(vela): add vela workflow terminate and restart command (#2131)
+
+
+# v1.1.0-rc.2
+
+1. Allow users to specify component revision name in Application (#1929) the new field `externalRevision` can specify the revision name.
+
+```
+kind: Application
+spec:
+  components:
+  - name: mycomp
+    type: webservice
+    externalRevision: my-revision-v1
+    properties:
+      ...
+```
+
+2. Add more workflow demo and fix some demos #2042  #2059 #2060 #2064
+3. Add cloneset ComponentDefinition into kruise addon (#2050)
+4. definitions support specify the revision name (#2044), you can specify the name by adding an annotation `definitionrevision.oam.dev/name`
+
+```
+apiVersion: core.oam.dev/v1beta1
+kind: ComponentDefinition
+metadata:
+  name: worker
+  annotations:
+    # you can specify the revision name in annotations
+    definitionrevision.oam.dev/name: "1.1.3"
+spec:
+  ...
+```
+
+5. fix definition controller log error cause by openapi schema generation error (#2063)
+6. Add add-on input go-template implementation (#2049)
+
+# v1.1.0-rc.1
+
+
+1. Workflow support specify Order Steps by Field Tag (#2022)
+2. support application policy (#2011)
+3. add OCM multi cluster demo (#1992)
+4. Fix(volume): seperate volume to trait (#2027)
+5. allow application skip gc resource and leave workload ownerReference controlled by rollout(#2024)
+6. Store component parameters in context (#2030)
+7. Allow specify chart values for helm trait(#2033)
+8. workflow support http provider (#2029)
+9.  Use vela def commands to replace mergedef.sh for internal definition generation (#2031)
+
+
+# Other release histories
+
+Refer to https://github.com/oam-dev/kubevela/releases

CHANGELOG/CHANGELOG-1.2.md

@@ -0,0 +1,5 @@
+# v1.2.0-alpha1
+
+## What's changed
+
+1. Feature: support terraform/provider-azure addon #2402 by @zzxwill 

CHANGELOG/README.md

@@ -0,0 +1,13 @@
+# CHANGELOGs
+
+## Development release
+
+- [CHANGELOG-1.2.md](./CHANGELOG-1.2.md)
+
+## Current release
+
+- [CHANGELOG-1.1.md](./CHANGELOG-1.1.md)
+
+## Older releases
+
+- [CHANGELOG-1.0.md](./CHANGELOG-1.0.md)

Dockerfile

@@ -1,3 +1,4 @@
+ARG BASE_IMAGE="alpine:latest"
 # Build the manager binary
 FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.16-alpine as builder
 
@@ -5,6 +6,10 @@ WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
+
+# It's a proxy for CN developer, please unblock it if you have network issue
+# RUN go env -w GOPROXY=https://goproxy.cn,direct
+
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download
@@ -24,15 +29,10 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
     go build -a -ldflags "-s -w -X github.com/oam-dev/kubevela/version.VelaVersion=${VERSION:-undefined} -X github.com/oam-dev/kubevela/version.GitRevision=${GITVERSION:-undefined}" \
     -o manager-${TARGETARCH} main.go
 
-RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
-    go build -a -ldflags "-s -w -X github.com/oam-dev/kubevela/version.VelaVersion=${VERSION:-undefined} -X github.com/oam-dev/kubevela/version.GitRevision=${GITVERSION:-undefined}" \
-    -o apiserver-${TARGETARCH} cmd/apiserver/main.go
-
 # Use alpine as base image due to the discussion in issue #1448
 # You can replace distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
-ARG BASE_IMAGE
 FROM ${BASE_IMAGE:-alpine:latest}
 # This is required by daemon connnecting with cri
 RUN apk add --no-cache ca-certificates bash
@@ -41,7 +41,6 @@ WORKDIR /
 
 ARG TARGETARCH
 COPY --from=builder /workspace/manager-${TARGETARCH} /usr/local/bin/manager
-COPY --from=builder /workspace/apiserver-${TARGETARCH} /usr/local/bin/apiserver
 
 COPY entrypoint.sh /usr/local/bin/
 

Dockerfile.apiserver

@@ -0,0 +1,48 @@
+ARG BASE_IMAGE="alpine:latest"
+# Build the manager binary
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.16-alpine as builder
+ARG GOPROXY
+ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY cmd/core/main.go main.go
+COPY cmd/apiserver/main.go cmd/apiserver/main.go
+COPY apis/ apis/
+COPY pkg/ pkg/
+COPY version/ version/
+
+# Build
+ARG TARGETARCH
+ARG VERSION
+ARG GITVERSION
+
+RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
+    go build -a -ldflags "-s -w -X github.com/oam-dev/kubevela/version.VelaVersion=${VERSION:-undefined} -X github.com/oam-dev/kubevela/version.GitRevision=${GITVERSION:-undefined}" \
+    -o apiserver-${TARGETARCH} cmd/apiserver/main.go
+
+# Use alpine as base image due to the discussion in issue #1448
+# You can replace distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+# Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
+
+FROM ${BASE_IMAGE:-alpine:latest}
+# This is required by daemon connnecting with cri
+RUN apk add --no-cache ca-certificates bash
+
+WORKDIR /
+
+ARG TARGETARCH
+COPY --from=builder /workspace/apiserver-${TARGETARCH} /usr/local/bin/apiserver
+
+COPY entrypoint.sh /usr/local/bin/
+
+ENTRYPOINT ["entrypoint.sh"]
+
+CMD ["apiserver"]

Dockerfile.e2e

@@ -24,6 +24,7 @@ ARG VERSION
 ARG GITVERSION
 
 RUN  apk add gcc musl-dev libc-dev ;\
+     GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
      go test -c -o manager-${TARGETARCH}  -cover -covermode=atomic -coverpkg ./... .
 
 RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \

Makefile

@@ -1,3 +1,5 @@
+SHELL := /bin/bash
+
 # Vela version
 VELA_VERSION ?= master
 # Repo info
@@ -38,16 +40,24 @@ endif
 # Image URL to use all building/pushing image targets
 VELA_CORE_IMAGE      ?= vela-core:latest
 VELA_CORE_TEST_IMAGE ?= vela-core-test:$(GIT_COMMIT)
+VELA_APISERVER_IMAGE      ?= apiserver:latest
 VELA_RUNTIME_ROLLOUT_IMAGE       ?= vela-runtime-rollout:latest
+VELA_RUNTIME_ROLLOUT_TEST_IMAGE  ?= vela-runtime-rollout-test:$(GIT_COMMIT)
+RUNTIME_CLUSTER_CONFIG ?= /tmp/worker.kubeconfig
+RUNTIME_CLUSTER_NAME ?= worker
 
 all: build
 
 # Run tests
-test: vet lint staticcheck
-	go test -coverprofile=coverage.txt ./pkg/... ./cmd/...
-	go test ./references/appfile/... ./references/cli/... ./references/common/... ./references/plugins/...
+test: vet lint staticcheck unit-test-core
 	@$(OK) unit-tests pass
 
+unit-test-core:
+	go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... | grep -v apiserver)
+	go test $(shell go list ./references/... | grep -v apiserver)
+unit-test-apiserver:
+	go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/...  | grep -E 'apiserver|velaql')
+
 # Build vela cli binary
 build: fmt vet lint staticcheck vela-cli kubectl-vela
 	@$(OK) build succeed
@@ -58,14 +68,10 @@ vela-cli:
 kubectl-vela:
 	$(GOBUILD_ENV) go build -o bin/kubectl-vela -a -ldflags $(LDFLAGS) ./cmd/plugin/main.go
 
-dashboard-build:
-	cd references/dashboard && npm install && cd ..
-
 doc-gen:
 	rm -r docs/en/cli/*
 	go run hack/docgen/gen.go
 
-PWD := $(shell pwd)	
 cross-build:
 	rm -rf _bin
 	go get github.com/mitchellh/gox@v0.4.0
@@ -98,11 +104,15 @@ compress:
 run:
 	go run ./cmd/core/main.go --application-revision-limit 5
 
+run-apiserver:
+	go run ./cmd/apiserver/main.go
+
 # Run go fmt against code
 fmt: goimports installcue
 	go fmt ./...
 	$(GOIMPORTS) -local github.com/oam-dev/kubevela -w $$(go list -f {{.Dir}} ./...)
 	$(CUE) fmt ./vela-templates/definitions/internal/*
+	$(CUE) fmt ./vela-templates/definitions/deprecated/*
 	$(CUE) fmt ./vela-templates/definitions/registry/*
 	$(CUE) fmt ./pkg/stdlib/pkgs/*
 	$(CUE) fmt ./pkg/stdlib/op.cue
@@ -127,8 +137,12 @@ check-diff: reviewable
 	@$(OK) branch is clean
 
 # Build the docker image
-docker-build:
+docker-build: docker-build-core docker-build-apiserver
+	@$(OK)
+docker-build-core:
 	docker build --build-arg=VERSION=$(VELA_VERSION) --build-arg=GITVERSION=$(GIT_COMMIT) -t $(VELA_CORE_IMAGE) .
+docker-build-apiserver:
+	docker build --build-arg=VERSION=$(VELA_VERSION) --build-arg=GITVERSION=$(GIT_COMMIT) -t $(VELA_APISERVER_IMAGE) -f Dockerfile.apiserver .
 
 # Build the runtime docker image
 docker-build-runtime-rollout:
@@ -138,14 +152,21 @@ docker-build-runtime-rollout:
 docker-push:
 	docker push $(VELA_CORE_IMAGE)
 
+e2e-setup-core:
+	sh ./hack/e2e/modify_charts.sh
+	helm upgrade --install --create-namespace --namespace vela-system --set image.pullPolicy=IfNotPresent --set image.repository=vela-core-test --set applicationRevisionLimit=5 --set dependCheckWait=10s --set image.tag=$(GIT_COMMIT) --set multicluster.enabled=true --wait kubevela ./charts/vela-core
+	kubectl wait --for=condition=Available deployment/kubevela-vela-core -n vela-system --timeout=180s
+
+setup-runtime-e2e-cluster:
+	helm upgrade --install --create-namespace --namespace vela-system --kubeconfig=$(RUNTIME_CLUSTER_CONFIG) --set image.pullPolicy=IfNotPresent --set image.repository=vela-runtime-rollout-test --set image.tag=$(GIT_COMMIT) --wait vela-rollout ./runtime/rollout/charts
+
 e2e-setup:
 	helm install kruise https://github.com/openkruise/kruise/releases/download/v0.9.0/kruise-chart.tgz --set featureGates="PreDownloadImageForInPlaceUpdate=true"
 	sh ./hack/e2e/modify_charts.sh
 	helm upgrade --install --create-namespace --namespace vela-system --set image.pullPolicy=IfNotPresent --set image.repository=vela-core-test --set applicationRevisionLimit=5 --set dependCheckWait=10s --set image.tag=$(GIT_COMMIT) --wait kubevela ./charts/vela-core
 	helm upgrade --install --create-namespace --namespace oam-runtime-system --set image.pullPolicy=IfNotPresent --set image.repository=vela-core-test --set dependCheckWait=10s --set image.tag=$(GIT_COMMIT) --wait oam-runtime ./charts/oam-runtime
 	bin/vela addon enable fluxcd
-	bin/vela addon enable terraform
-	bin/vela addon enable ocm-cluster-manager
+	bin/vela addon enable terraform-alibaba ALICLOUD_ACCESS_KEY=xxx ALICLOUD_SECRET_KEY=yyy ALICLOUD_REGION=cn-beijing
 	ginkgo version
 	ginkgo -v -r e2e/setup
 
@@ -153,27 +174,39 @@ e2e-setup:
 	kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=vela-core,app.kubernetes.io/instance=kubevela -n vela-system --timeout=600s
 	kubectl wait --for=condition=Ready pod -l app=source-controller -n flux-system --timeout=600s
 	kubectl wait --for=condition=Ready pod -l app=helm-controller -n flux-system --timeout=600s
-	kubectl wait --for=condition=Ready pod -l app=cluster-manager -n open-cluster-management --timeout=600s
-	bin/vela dashboard &
 
+build-swagger:
+	go run ./cmd/apiserver/main.go build-swagger ./docs/apidoc/swagger.json
 e2e-api-test:
 	# Run e2e test
-	ginkgo -v -skipPackage capability,setup,apiserver,application -r e2e
-	ginkgo -v -r e2e/apiserver
+	ginkgo -v -skipPackage capability,setup,application -r e2e
 	ginkgo -v -r e2e/application
 
+e2e-apiserver-test: build-swagger
+	go test -v -coverpkg=./... -coverprofile=/tmp/e2e_apiserver_test.out ./test/e2e-apiserver-test
+	@$(OK) tests pass
+
 e2e-test:
 	# Run e2e test
 	ginkgo -v  --skip="rollout related e2e-test." ./test/e2e-test
 	@$(OK) tests pass
 
+e2e-addon-test:
+	cp bin/vela /tmp/
+	ginkgo -v ./test/e2e-addon-test
+	@$(OK) tests pass
+
 e2e-rollout-test:
 	ginkgo -v  --focus="rollout related e2e-test." ./test/e2e-test
 	@$(OK) tests pass
 
+e2e-multicluster-test:
+	go test -v -coverpkg=./... -coverprofile=/tmp/e2e_multicluster_test.out ./test/e2e-multicluster-test
+	@$(OK) tests pass
+
 compatibility-test: vet lint staticcheck generate-compatibility-testdata
 	# Run compatibility test with old crd
-	COMPATIBILITY_TEST=TRUE go test -race ./pkg/...
+	COMPATIBILITY_TEST=TRUE go test -race $(shell go list ./pkg/...  | grep -v apiserver)
 	@$(OK) compatibility-test pass
 
 generate-compatibility-testdata:
@@ -188,11 +221,22 @@ e2e-cleanup:
 	rm -rf ~/.vela
 
 image-cleanup:
-# Delete Docker image
+ifneq (, $(shell which docker))
+# Delete Docker images
+
 ifneq ($(shell docker images -q $(VELA_CORE_TEST_IMAGE)),)
 	docker rmi -f $(VELA_CORE_TEST_IMAGE)
 endif
 
+ifneq ($(shell docker images -q $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)),)
+	docker rmi -f $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)
+endif
+
+endif
+
+end-e2e-core:
+	sh ./hack/e2e/end_e2e_core.sh
+
 end-e2e:
 	sh ./hack/e2e/end_e2e.sh
 
@@ -201,6 +245,12 @@ kind-load:
 	docker build -t $(VELA_CORE_TEST_IMAGE) -f Dockerfile.e2e .
 	kind load docker-image $(VELA_CORE_TEST_IMAGE) || { echo >&2 "kind not installed or error loading image: $(VELA_CORE_TEST_IMAGE)"; exit 1; }
 
+kind-load-runtime-cluster:
+	/bin/sh hack/e2e/build_runtime_rollout.sh
+	docker build -t $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) -f runtime/rollout/e2e/Dockerfile.e2e runtime/rollout/e2e/
+	rm -rf runtime/rollout/e2e/tmp
+	kind load docker-image $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) --name=$(RUNTIME_CLUSTER_NAME)  || { echo >&2 "kind not installed or error loading image: $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)"; exit 1; }
+
 # Run tests
 core-test: fmt vet manifests
 	go test ./pkg/... -coverprofile cover.out
@@ -232,17 +282,16 @@ core-uninstall: manifests
 	kubectl delete -f charts/vela-core/crds/
 
 # Generate manifests e.g. CRD, RBAC etc.
-manifests: installcue kustomize
+manifests: installcue kustomize addon
 	go generate $(foreach t,pkg apis,./$(t)/...)
 	# TODO(yangsoon): kustomize will merge all CRD into a whole file, it may not work if we want patch more than one CRD in this way
 	$(KUSTOMIZE) build config/crd -o config/crd/base/core.oam.dev_applications.yaml
 	./hack/crd/cleanup.sh
-	go run ./hack/crd/dispatch/dispatch.go config/crd/base charts/vela-core/crds charts/oam-runtime/crds runtime/
+	go run ./hack/crd/dispatch/dispatch.go config/crd/base charts/vela-core/crds charts/oam-runtime/crds runtime/ charts/vela-minimal/crds
 	rm -f config/crd/base/*
 	./vela-templates/gen_definitions.sh
-	go run ./vela-templates/gen_addons.go
 
-GOLANGCILINT_VERSION ?= v1.31.0
+GOLANGCILINT_VERSION ?= v1.38.0
 HOSTOS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
 HOSTARCH := $(shell uname -m)
 ifeq ($(HOSTARCH),x86_64)
@@ -250,16 +299,20 @@ HOSTARCH := amd64
 endif
 
 golangci:
-ifeq (, $(shell which golangci-lint))
+ifneq ($(shell which golangci-lint),)
+	@$(OK) golangci-lint is already installed
+GOLANGCILINT=$(shell which golangci-lint)
+else ifeq (, $(shell which $(GOBIN)/golangci-lint))
 	@{ \
 	set -e ;\
 	echo 'installing golangci-lint-$(GOLANGCILINT_VERSION)' ;\
 	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) $(GOLANGCILINT_VERSION) ;\
-	echo 'Install succeed' ;\
+	echo 'Successfully installed' ;\
 	}
 GOLANGCILINT=$(GOBIN)/golangci-lint
 else
-GOLANGCILINT=$(shell which golangci-lint)
+	@$(OK) golangci-lint is already installed
+GOLANGCILINT=$(GOBIN)/golangci-lint
 endif
 
 .PHONY: staticchecktool
@@ -305,9 +358,9 @@ KUSTOMIZE_VERSION ?= 3.8.2
 kustomize:
 ifeq (, $(shell kustomize version | grep $(KUSTOMIZE_VERSION)))
 	@{ \
-	set -e ;\
+	set -eo pipefail ;\
 	echo 'installing kustomize-v$(KUSTOMIZE_VERSION) into $(GOBIN)' ;\
-	curl -s https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh | bash -s $(KUSTOMIZE_VERSION) $(GOBIN);\
+	curl -sS https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh | bash -s $(KUSTOMIZE_VERSION) $(GOBIN);\
 	echo 'Install succeed' ;\
 	}
 KUSTOMIZE=$(GOBIN)/kustomize
@@ -320,3 +373,7 @@ check-license-header:
 
 def-install:
 	./hack/utils/installdefinition.sh
+
+# generate addons to auto-gen and charts
+addon:
+	go run ./vela-templates/gen_addons.go

README.md

@@ -1,3 +1,11 @@
+<div style="text-align: center">
+  <p align="center">
+    <img src="https://raw.githubusercontent.com/oam-dev/kubevela.io/main/docs/resources/KubeVela-03.png">
+    <br><br>
+    <i>Make shipping applications more enjoyable.</i>
+  </p>
+</div>
+
 ![Build status](https://github.com/oam-dev/kubevela/workflows/E2E/badge.svg)
 [![Go Report Card](https://goreportcard.com/badge/github.com/oam-dev/kubevela)](https://goreportcard.com/report/github.com/oam-dev/kubevela)
 ![Docker Pulls](https://img.shields.io/docker/pulls/oamdev/vela-core)
@@ -7,22 +15,23 @@
 [![TODOs](https://img.shields.io/endpoint?url=https://api.tickgit.com/badge?repo=github.com/oam-dev/kubevela)](https://www.tickgit.com/browse?repo=github.com/oam-dev/kubevela)
 [![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Ftwitter.com%2Foam_dev)](https://twitter.com/oam_dev)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubevela)](https://artifacthub.io/packages/search?repo=kubevela)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4602/badge)](https://bestpractices.coreinfrastructure.org/projects/4602)
 
-![logo](https://raw.githubusercontent.com/oam-dev/kubevela.io/main/docs/resources/KubeVela-03.png)
+## Introduction
 
-*Make shipping applications more enjoyable.*
+KubeVela is a modern application delivery platform that makes deploying and operating applications across today's hybrid, multi-cloud environments easier, faster and more reliable.
 
-# KubeVela
+![](docs/resources/what-is-kubevela.png)
 
-KubeVela is a modern application platform that makes deploying and managing applications across today's hybrid, multi-cloud environments easier and faster.
+## Highlights
 
-## Features
+KubeVela practices the "render, orchestrate, deploy" workflow with below highlighted values added to existing ecosystem:
 
-**Application Centric** - KubeVela introduces [Open Application Model (OAM)](https://oam.dev/) as the consistent yet higher level API to capture a full deployment of microservices on top of hybrid environments. Placement strategy, traffic shifting and rolling update are declared at application level. No infrastructure level concern, simply deploy.
+- *Application Centric* - KubeVela introduces [Open Application Model (OAM)](https://oam.dev/) as the consistent yet higher level API to capture and render a full deployment of microservices on top of hybrid environments. Placement strategy, traffic shifting and rolling update are declared at application level. No infrastructure level concern, simply deploy.
 
-**Programmable Workflow** - KubeVela leverages [CUE](https://cuelang.org/) to implement its model layer. This allows you to declare application deployment workflow as a DAG, with all steps and application's needs glued together in programmable approach. No restrictions, natively extensible.
+- *Programmable Workflow* - KubeVela models application delivery as DAG (Directed Acyclic Graph) and expresses it with [CUE](https://cuelang.org/) - a modern data configuration language. This allows you to design application deployment steps per needs and orchestrate them in programmable approach. No restrictions, natively extensible.
 
-**Runtime Agnostic** - KubeVela works as an application delivery control plane that is fully runtime agnostic. It can deploy and manage any application components including containers, cloud functions, databases, or even EC2 instances across hybrid environments, following the workflow you defined.
+- *Infrastructure Agnostic* - KubeVela works as an application delivery control plane that is fully decoupled from runtime infrastructure. It can deploy any workload types including containers, cloud services, databases, or even VM instances to any cloud or Kubernetes cluster, following the workflow designed by you.
 
 ## Getting Started
 
@@ -39,6 +48,9 @@ Full documentation is available on the [KubeVela website](https://kubevela.io/).
 - Slack:  [CNCF Slack](https://slack.cncf.io/) #kubevela channel (*English*)
 - Gitter: [oam-dev](https://gitter.im/oam-dev/community) (*English*)
 - [DingTalk Group](https://page.dingtalk.com/wow/dingtalk/act/en-home): `23310022` (*Chinese*)
+- Wechat Group (*Chinese*): Broker wechat to add you into the user group.
+ 
+  <img src="https://static.kubevela.net/images/barnett-wechat.jpg" width="200" />
 - Bi-weekly Community Call: [Meeting Notes](https://docs.google.com/document/d/1nqdFEyULekyksFHtFvgvFAYE-0AMHKoS3RMnaKsarjs)
 
 ## Talks and Conferences

apis/core.oam.dev/common/types.go

@@ -17,11 +17,16 @@ limitations under the License.
 package common
 
 import (
+	"encoding/json"
+	"errors"
+
+	"github.com/oam-dev/terraform-controller/api/v1beta1"
+
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
-
 	"github.com/oam-dev/kubevela/apis/standard.oam.dev/v1alpha1"
 )
 
@@ -107,8 +112,13 @@ type Terraform struct {
 
 	// Type specifies which Terraform configuration it is, HCL or JSON syntax
 	// +kubebuilder:default:=hcl
-	// +kubebuilder:validation:Enum:=hcl;json
+	// +kubebuilder:validation:Enum:=hcl;json;remote
 	Type string `json:"type,omitempty"`
+
+	// Path is the sub-directory of remote git repository. It's valid when remote is set
+	Path string `json:"path,omitempty"`
+
+	v1beta1.BaseConfigurationSpec `json:",inline"`
 }
 
 // A WorkloadTypeDescriptor refer to a Workload Type
@@ -157,7 +167,7 @@ type Status struct {
 	HealthPolicy string `json:"healthPolicy,omitempty"`
 }
 
-// ApplicationPhase is a label for the condition of a application at the current time
+// ApplicationPhase is a label for the condition of an application at the current time
 type ApplicationPhase string
 
 const (
@@ -191,7 +201,9 @@ const (
 	WorkflowStateTerminated WorkflowState = "terminated"
 	// WorkflowStateSuspended means workflow is suspended manually, and it can be resumed.
 	WorkflowStateSuspended WorkflowState = "suspended"
-	// WorkflowStateFinished means workflow is running successfully, all steps finished.
+	// WorkflowStateSucceeded means workflow is running successfully, all steps finished.
+	WorkflowStateSucceeded WorkflowState = "Succeeded"
+	// WorkflowStateFinished means workflow is end.
 	WorkflowStateFinished WorkflowState = "finished"
 	// WorkflowStateExecuting means workflow is still running or waiting some steps.
 	WorkflowStateExecuting WorkflowState = "executing"
@@ -243,6 +255,10 @@ type WorkflowStepStatus struct {
 	// A brief CamelCase message indicating details about why the workflowStep is in this state.
 	Reason   string          `json:"reason,omitempty"`
 	SubSteps *SubStepsStatus `json:"subSteps,omitempty"`
+	// FirstExecuteTime is the first time this step execution.
+	FirstExecuteTime metav1.Time `json:"firstExecuteTime,omitempty"`
+	// LastExecuteTime is the last time this step execution.
+	LastExecuteTime metav1.Time `json:"lastExecuteTime,omitempty"`
 }
 
 // WorkflowSubStepStatus record the status of a workflow step
@@ -267,7 +283,7 @@ type AppStatus struct {
 	// +optional
 	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
 
-	Rollout AppRolloutStatus `json:"rollout,omitempty"`
+	Rollout *AppRolloutStatus `json:"rollout,omitempty"`
 
 	Phase ApplicationPhase `json:"status,omitempty"`
 
@@ -289,6 +305,17 @@ type AppStatus struct {
 
 	// AppliedResources record the resources that the  workflow step apply.
 	AppliedResources []ClusterObjectReference `json:"appliedResources,omitempty"`
+
+	// PolicyStatus records the status of policy
+	PolicyStatus []PolicyStatus `json:"policy,omitempty"`
+}
+
+// PolicyStatus records the status of policy
+type PolicyStatus struct {
+	Name string `json:"name"`
+	Type string `json:"type"`
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Status *runtime.RawExtension `json:"status,omitempty"`
 }
 
 // WorkflowStatus record the status of workflow
@@ -298,9 +325,12 @@ type WorkflowStatus struct {
 
 	Suspend    bool `json:"suspend"`
 	Terminated bool `json:"terminated"`
+	Finished   bool `json:"finished"`
 
 	ContextBackend *corev1.ObjectReference `json:"contextBackend,omitempty"`
 	Steps          []WorkflowStepStatus    `json:"steps,omitempty"`
+
+	StartTime metav1.Time `json:"startTime,omitempty"`
 }
 
 // SubStepsStatus record the status of workflow steps.
@@ -369,7 +399,7 @@ type AppRolloutStatus struct {
 type ApplicationTrait struct {
 	Type string `json:"type"`
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
 }
 
 // ApplicationComponent describe the component of application
@@ -379,10 +409,11 @@ type ApplicationComponent struct {
 	// ExternalRevision specified the component revisionName
 	ExternalRevision string `json:"externalRevision,omitempty"`
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
 
-	Inputs  StepInputs  `json:"inputs,omitempty"`
-	Outputs StepOutputs `json:"outputs,omitempty"`
+	DependsOn []string    `json:"dependsOn,omitempty"`
+	Inputs    StepInputs  `json:"inputs,omitempty"`
+	Outputs   StepOutputs `json:"outputs,omitempty"`
 
 	// Traits define the trait of one component, the type must be array to keep the order.
 	Traits []ApplicationTrait `json:"traits,omitempty"`
@@ -451,3 +482,79 @@ type ClusterObjectReference struct {
 	Creator                ResourceCreatorRole `json:"creator,omitempty"`
 	corev1.ObjectReference `json:",inline"`
 }
+
+// Equal check if two references are equal
+func (in ClusterObjectReference) Equal(r ClusterObjectReference) bool {
+	return in.APIVersion == r.APIVersion && in.Kind == r.Kind && in.Name == r.Name && in.Namespace == r.Namespace && in.UID == r.UID && in.Creator == r.Creator && in.Cluster == r.Cluster
+}
+
+// RawExtensionPointer is the pointer of raw extension
+type RawExtensionPointer struct {
+	RawExtension *runtime.RawExtension
+}
+
+// MarshalJSON may get called on pointers or values, so implement MarshalJSON on value.
+// http://stackoverflow.com/questions/21390979/custom-marshaljson-never-gets-called-in-go
+func (re RawExtensionPointer) MarshalJSON() ([]byte, error) {
+	if re.RawExtension == nil {
+		return nil, nil
+	}
+	if re.RawExtension.Raw == nil {
+		// TODO: this is to support legacy behavior of JSONPrinter and YAMLPrinter, which
+		// expect to call json.Marshal on arbitrary versioned objects (even those not in
+		// the scheme). pkg/kubectl/resource#AsVersionedObjects and its interaction with
+		// kubectl get on objects not in the scheme needs to be updated to ensure that the
+		// objects that are not part of the scheme are correctly put into the right form.
+		if re.RawExtension.Object != nil {
+			return json.Marshal(re.RawExtension.Object)
+		}
+		return []byte("null"), nil
+	}
+	// TODO: Check whether ContentType is actually JSON before returning it.
+	return re.RawExtension.Raw, nil
+}
+
+// ApplicationConditionType is a valid value for ApplicationCondition.Type
+type ApplicationConditionType int
+
+const (
+	// ParsedCondition indicates whether the parsing  is successful.
+	ParsedCondition ApplicationConditionType = iota
+	// RevisionCondition indicates whether the generated revision is successful.
+	RevisionCondition
+	// PolicyCondition indicates whether policy processing is successful.
+	PolicyCondition
+	// RenderCondition indicates whether render processing is successful.
+	RenderCondition
+	// WorkflowCondition indicates whether workflow processing is successful.
+	WorkflowCondition
+	// RolloutCondition indicates whether rollout processing is successful.
+	RolloutCondition
+	// ReadyCondition indicates whether whole application processing is successful.
+	ReadyCondition
+)
+
+var conditions = map[ApplicationConditionType]string{
+	ParsedCondition:   "Parsed",
+	RevisionCondition: "Revision",
+	PolicyCondition:   "Policy",
+	RenderCondition:   "Render",
+	WorkflowCondition: "Workflow",
+	RolloutCondition:  "Rollout",
+	ReadyCondition:    "Ready",
+}
+
+// String returns the string corresponding to the condition type.
+func (ct ApplicationConditionType) String() string {
+	return conditions[ct]
+}
+
+// ParseApplicationConditionType parse ApplicationCondition Type.
+func ParseApplicationConditionType(s string) (ApplicationConditionType, error) {
+	for k, v := range conditions {
+		if v == s {
+			return k, nil
+		}
+	}
+	return -1, errors.New("unknown condition type")
+}

apis/core.oam.dev/common/zz_generated.deepcopy.go

@@ -22,6 +22,7 @@ package common
 
 import (
 	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -44,7 +45,11 @@ func (in *AppRolloutStatus) DeepCopy() *AppRolloutStatus {
 func (in *AppStatus) DeepCopyInto(out *AppStatus) {
 	*out = *in
 	in.ConditionedStatus.DeepCopyInto(&out.ConditionedStatus)
-	in.Rollout.DeepCopyInto(&out.Rollout)
+	if in.Rollout != nil {
+		in, out := &in.Rollout, &out.Rollout
+		*out = new(AppRolloutStatus)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Components != nil {
 		in, out := &in.Components, &out.Components
 		*out = make([]v1.ObjectReference, len(*in))
@@ -77,6 +82,13 @@ func (in *AppStatus) DeepCopyInto(out *AppStatus) {
 		*out = make([]ClusterObjectReference, len(*in))
 		copy(*out, *in)
 	}
+	if in.PolicyStatus != nil {
+		in, out := &in.PolicyStatus, &out.PolicyStatus
+		*out = make([]PolicyStatus, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppStatus.
@@ -92,7 +104,16 @@ func (in *AppStatus) DeepCopy() *AppStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplicationComponent) DeepCopyInto(out *ApplicationComponent) {
 	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	if in.Inputs != nil {
 		in, out := &in.Inputs, &out.Inputs
 		*out = make(StepInputs, len(*in))
@@ -158,7 +179,11 @@ func (in *ApplicationComponentStatus) DeepCopy() *ApplicationComponentStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplicationTrait) DeepCopyInto(out *ApplicationTrait) {
 	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationTrait.
@@ -382,6 +407,26 @@ func (in *KubeParameter) DeepCopy() *KubeParameter {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus) {
+	*out = *in
+	if in.Status != nil {
+		in, out := &in.Status, &out.Status
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.
+func (in *PolicyStatus) DeepCopy() *PolicyStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RawComponent) DeepCopyInto(out *RawComponent) {
 	*out = *in
@@ -398,6 +443,26 @@ func (in *RawComponent) DeepCopy() *RawComponent {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RawExtensionPointer) DeepCopyInto(out *RawExtensionPointer) {
+	*out = *in
+	if in.RawExtension != nil {
+		in, out := &in.RawExtension, &out.RawExtension
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RawExtensionPointer.
+func (in *RawExtensionPointer) DeepCopy() *RawExtensionPointer {
+	if in == nil {
+		return nil
+	}
+	out := new(RawExtensionPointer)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Revision) DeepCopyInto(out *Revision) {
 	*out = *in
@@ -434,7 +499,7 @@ func (in *Schematic) DeepCopyInto(out *Schematic) {
 	if in.Terraform != nil {
 		in, out := &in.Terraform, &out.Terraform
 		*out = new(Terraform)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 }
 
@@ -524,6 +589,7 @@ func (in *SubStepsStatus) DeepCopy() *SubStepsStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Terraform) DeepCopyInto(out *Terraform) {
 	*out = *in
+	in.BaseConfigurationSpec.DeepCopyInto(&out.BaseConfigurationSpec)
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Terraform.
@@ -551,6 +617,7 @@ func (in *WorkflowStatus) DeepCopyInto(out *WorkflowStatus) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	in.StartTime.DeepCopyInto(&out.StartTime)
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStatus.
@@ -571,6 +638,8 @@ func (in *WorkflowStepStatus) DeepCopyInto(out *WorkflowStepStatus) {
 		*out = new(SubStepsStatus)
 		(*in).DeepCopyInto(*out)
 	}
+	in.FirstExecuteTime.DeepCopyInto(&out.FirstExecuteTime)
+	in.LastExecuteTime.DeepCopyInto(&out.LastExecuteTime)
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStepStatus.

apis/core.oam.dev/v1alpha1/envbinding_types.go

@@ -17,48 +17,65 @@
 package v1alpha1
 
 import (
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
 )
 
-// ClusterManagementEngine represents a multi-cluster management solution
-type ClusterManagementEngine string
-
 const (
-	// OCMEngine represents Open-Cluster-Management multi-cluster management solution
-	OCMEngine ClusterManagementEngine = "ocm"
+	// EnvBindingPolicyType refers to the type of EnvBinding
+	EnvBindingPolicyType = "env-binding"
 
-	// SingleClusterEngine represents single cluster ClusterManagerEngine
-	SingleClusterEngine ClusterManagementEngine = "single-cluster"
-
-	// ClusterGatewayEngine represents multi-cluster management solution with cluster-gateway
-	ClusterGatewayEngine ClusterManagementEngine = "cluster-gateway"
+	// GarbageCollectPolicyType refers to the type of garbage-collect
+	GarbageCollectPolicyType = "garbage-collect"
 )
 
-// EnvBindingPhase is a label for the condition of a EnvBinding at the current time
-type EnvBindingPhase string
+// EnvTraitPatch is the patch to trait
+type EnvTraitPatch struct {
+	Type       string                `json:"type"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
+	Disable    bool                  `json:"disable,omitempty"`
+}
 
-const (
-	// EnvBindingPrepare means EnvBinding is preparing the pre-work for cluster scheduling
-	EnvBindingPrepare EnvBindingPhase = "preparing"
+// ToApplicationTrait convert EnvTraitPatch into ApplicationTrait
+func (in *EnvTraitPatch) ToApplicationTrait() *common.ApplicationTrait {
+	out := &common.ApplicationTrait{Type: in.Type}
+	if in.Properties != nil {
+		out.Properties = in.Properties.DeepCopy()
+	}
+	return out
+}
 
-	// EnvBindingRendering means EnvBinding is rendering the apps in different envs
-	EnvBindingRendering EnvBindingPhase = "rendering"
+// EnvComponentPatch is the patch to component
+type EnvComponentPatch struct {
+	Name       string                `json:"name"`
+	Type       string                `json:"type"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
+	Traits     []EnvTraitPatch       `json:"traits,omitempty"`
+}
 
-	// EnvBindingScheduling means EnvBinding is deciding which cluster the apps is scheduled to.
-	EnvBindingScheduling EnvBindingPhase = "scheduling"
-
-	// EnvBindingFinished means EnvBinding finished env binding
-	EnvBindingFinished EnvBindingPhase = "finished"
-)
+// ToApplicationComponent convert EnvComponentPatch into ApplicationComponent
+func (in *EnvComponentPatch) ToApplicationComponent() *common.ApplicationComponent {
+	out := &common.ApplicationComponent{
+		Name: in.Name,
+		Type: in.Type,
+	}
+	if in.Properties != nil {
+		out.Properties = in.Properties.DeepCopy()
+	}
+	if in.Traits != nil {
+		for _, trait := range in.Traits {
+			if !trait.Disable {
+				out.Traits = append(out.Traits, *trait.ToApplicationTrait())
+			}
+		}
+	}
+	return out
+}
 
 // EnvPatch specify the parameter configuration for different environments
 type EnvPatch struct {
-	Components []common.ApplicationComponent `json:"components"`
+	Components []EnvComponentPatch `json:"components,omitempty"`
 }
 
 // NamespaceSelector defines the rules to select a Namespace resource.
@@ -86,90 +103,34 @@ type EnvConfig struct {
 	Name      string       `json:"name"`
 	Placement EnvPlacement `json:"placement,omitempty"`
 	Selector  *EnvSelector `json:"selector,omitempty"`
-	Patch     EnvPatch     `json:"patch"`
+	Patch     EnvPatch     `json:"patch,omitempty"`
 }
 
-// AppTemplate represents a application to be configured.
-type AppTemplate struct {
-	// +kubebuilder:validation:EmbeddedResource
-	// +kubebuilder:pruning:PreserveUnknownFields
-	runtime.RawExtension `json:",inline"`
-}
-
-// ClusterDecision recorded the mapping of environment and cluster
-type ClusterDecision struct {
-	Env       string `json:"env"`
-	Cluster   string `json:"cluster,omitempty"`
-	Namespace string `json:"namespace,omitempty"`
-}
-
-// A ConfigMapReference is a reference to a configMap in an arbitrary namespace.
-type ConfigMapReference struct {
-	// Name of the secret.
-	Name string `json:"name"`
-
-	// Namespace of the secret.
-	Namespace string `json:"namespace,omitempty"`
-}
-
-// A EnvBindingSpec defines the desired state of a EnvBinding.
+// EnvBindingSpec defines a list of envs
 type EnvBindingSpec struct {
-	Engine ClusterManagementEngine `json:"engine,omitempty"`
-
-	// AppTemplate indicates the application template.
-	AppTemplate AppTemplate `json:"appTemplate"`
-
 	Envs []EnvConfig `json:"envs"`
-
-	// OutputResourcesTo specifies the namespace and name of a ConfigMap
-	// which store the resources rendered after differentiated configuration
-	// +optional
-	OutputResourcesTo *ConfigMapReference `json:"outputResourcesTo,omitempty"`
 }
 
-// A EnvBindingStatus is the status of EnvBinding
+// PlacementDecision describes the placement of one application instance
+type PlacementDecision struct {
+	Cluster   string `json:"cluster"`
+	Namespace string `json:"namespace"`
+}
+
+// EnvStatus records the status of one env
+type EnvStatus struct {
+	Env        string              `json:"env"`
+	Placements []PlacementDecision `json:"placements"`
+}
+
+// ClusterConnection records the connection with clusters and the last active app revision when they are active (still be used)
+type ClusterConnection struct {
+	ClusterName        string `json:"clusterName"`
+	LastActiveRevision string `json:"lastActiveRevision"`
+}
+
+// EnvBindingStatus records the status of all env
 type EnvBindingStatus struct {
-	// ConditionedStatus reflects the observed status of a resource
-	condition.ConditionedStatus `json:",inline"`
-
-	Phase EnvBindingPhase `json:"phase,omitempty"`
-
-	ClusterDecisions []ClusterDecision `json:"clusterDecisions,omitempty"`
-
-	// ResourceTracker record the status of the ResourceTracker
-	ResourceTracker *corev1.ObjectReference `json:"resourceTracker,omitempty"`
-}
-
-// EnvBinding is the Schema for the EnvBinding API
-// +kubebuilder:object:root=true
-// +kubebuilder:subresource:status
-// +kubebuilder:resource:scope=Namespaced,categories={oam},shortName=envbind
-// +kubebuilder:printcolumn:name="ENGINE",type=string,JSONPath=`.spec.engine`
-// +kubebuilder:printcolumn:name="PHASE",type=string,JSONPath=`.status.phase`
-// +kubebuilder:printcolumn:name="AGE",type=date,JSONPath=".metadata.creationTimestamp"
-type EnvBinding struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   EnvBindingSpec   `json:"spec,omitempty"`
-	Status EnvBindingStatus `json:"status,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-
-// EnvBindingList contains a list of EnvBinding.
-type EnvBindingList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []EnvBinding `json:"items"`
-}
-
-// SetConditions set condition for EnvBinding
-func (e *EnvBinding) SetConditions(c ...condition.Condition) {
-	e.Status.SetConditions(c...)
-}
-
-// GetCondition gets condition from EnvBinding
-func (e *EnvBinding) GetCondition(conditionType condition.ConditionType) condition.Condition {
-	return e.Status.GetCondition(conditionType)
+	Envs               []EnvStatus         `json:"envs"`
+	ClusterConnections []ClusterConnection `json:"clusterConnections"`
 }

apis/core.oam.dev/v1alpha1/register.go

@@ -17,8 +17,6 @@
 package v1alpha1
 
 import (
-	"reflect"
-
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
 )
@@ -37,14 +35,5 @@ var (
 	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
 )
 
-// EnvBinding type metadata.
-var (
-	EnvBindingKind            = reflect.TypeOf(EnvBinding{}).Name()
-	EnvBindingGroupKind       = schema.GroupKind{Group: Group, Kind: EnvBindingKind}.String()
-	EnvBindingKindAPIVersion  = EnvBindingKind + "." + SchemeGroupVersion.String()
-	EnvBindingKindVersionKind = SchemeGroupVersion.WithKind(EnvBindingKind)
-)
-
 func init() {
-	SchemeBuilder.Register(&EnvBinding{}, &EnvBindingList{})
 }

apis/core.oam.dev/v1alpha1/workflow_types.go

@@ -1,116 +0,0 @@
-/*
- Copyright 2021. The KubeVela Authors.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package v1alpha1
-
-import (
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
-)
-
-// WorkflowStepPhase describes the phase of a workflow step.
-type WorkflowStepPhase string
-
-const (
-	// WorkflowStepPhaseSucceeded will make the controller run the next step.
-	WorkflowStepPhaseSucceeded WorkflowStepPhase = "succeeded"
-	// WorkflowStepPhaseFailed will make the controller stop the workflow and report error in `message`.
-	WorkflowStepPhaseFailed WorkflowStepPhase = "failed"
-	// WorkflowStepPhaseTerminated will make the controller terminate the workflow.
-	WorkflowStepPhaseTerminated WorkflowStepPhase = "terminated"
-	// WorkflowStepPhaseSuspending will make the controller suspend the workflow.
-	WorkflowStepPhaseSuspending WorkflowStepPhase = "suspending"
-	// WorkflowStepPhaseRunning will make the controller continue the workflow.
-	WorkflowStepPhaseRunning WorkflowStepPhase = "running"
-)
-
-// WorkflowStep defines how to execute a workflow step.
-type WorkflowStep struct {
-	// Name is the unique name of the workflow step.
-	Name string `json:"name"`
-	Type string `json:"type"`
-	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
-	Inputs     common.StepInputs    `json:"inputs,omitempty"`
-	Outputs    common.StepOutputs   `json:"outputs,omitempty"`
-}
-
-// A WorkflowSpec defines the desired state of a Workflow.
-type WorkflowSpec struct {
-	Steps []WorkflowStep `json:"steps,omitempty"`
-}
-
-// A WorkflowStatus is the status of Workflow
-type WorkflowStatus struct {
-	// ConditionedStatus reflects the observed status of a resource
-	condition.ConditionedStatus `json:",inline"`
-	ObservedGeneration          int64                   `json:"observedGeneration,omitempty"`
-	StepIndex                   int                     `json:"stepIndex,omitempty"`
-	Suspend                     bool                    `json:"suspend"`
-	Terminated                  bool                    `json:"terminated"`
-	ContextBackend              *corev1.ObjectReference `json:"contextBackend"`
-	Steps                       []WorkflowStepStatus    `json:"steps,omitempty"`
-}
-
-// WorkflowStepStatus record the status of a workflow step
-type WorkflowStepStatus struct {
-	Name  string            `json:"name,omitempty"`
-	Type  string            `json:"type,omitempty"`
-	Phase WorkflowStepPhase `json:"phase,omitempty"`
-	// A human readable message indicating details about why the workflowStep is in this state.
-	Message string `json:"message,omitempty"`
-	// A brief CamelCase message indicating details about why the workflowStep is in this state.
-	Reason      string                 `json:"reason,omitempty"`
-	ResourceRef corev1.ObjectReference `json:"resourceRef,omitempty"`
-}
-
-// Workflow is the Schema for the Workflow API
-// +kubebuilder:object:root=true
-// +kubebuilder:storageversion
-// +kubebuilder:subresource:status
-// +kubebuilder:resource:scope=Namespaced,categories={oam},shortName=workflow
-// +kubebuilder:printcolumn:name="PHASE",type=string,JSONPath=`.status.phase`
-// +kubebuilder:printcolumn:name="AGE",type=date,JSONPath=".metadata.creationTimestamp"
-type Workflow struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   WorkflowSpec   `json:"spec,omitempty"`
-	Status WorkflowStatus `json:"status,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-
-// WorkflowList contains a list of Workflow.
-type WorkflowList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []Workflow `json:"items"`
-}
-
-// SetConditions set condition for Workflow
-func (w *Workflow) SetConditions(c ...condition.Condition) {
-	w.Status.SetConditions(c...)
-}
-
-// GetCondition gets condition from Workflow
-func (w *Workflow) GetCondition(conditionType condition.ConditionType) condition.Condition {
-	return w.Status.GetCondition(conditionType)
-}

apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go

@@ -21,121 +21,29 @@ limitations under the License.
 package v1alpha1
 
 import (
-	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *AppTemplate) DeepCopyInto(out *AppTemplate) {
-	*out = *in
-	in.RawExtension.DeepCopyInto(&out.RawExtension)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppTemplate.
-func (in *AppTemplate) DeepCopy() *AppTemplate {
-	if in == nil {
-		return nil
-	}
-	out := new(AppTemplate)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ClusterDecision) DeepCopyInto(out *ClusterDecision) {
+func (in *ClusterConnection) DeepCopyInto(out *ClusterConnection) {
 	*out = *in
 }
 
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterDecision.
-func (in *ClusterDecision) DeepCopy() *ClusterDecision {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterConnection.
+func (in *ClusterConnection) DeepCopy() *ClusterConnection {
 	if in == nil {
 		return nil
 	}
-	out := new(ClusterDecision)
+	out := new(ClusterConnection)
 	in.DeepCopyInto(out)
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ConfigMapReference) DeepCopyInto(out *ConfigMapReference) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapReference.
-func (in *ConfigMapReference) DeepCopy() *ConfigMapReference {
-	if in == nil {
-		return nil
-	}
-	out := new(ConfigMapReference)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *EnvBinding) DeepCopyInto(out *EnvBinding) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvBinding.
-func (in *EnvBinding) DeepCopy() *EnvBinding {
-	if in == nil {
-		return nil
-	}
-	out := new(EnvBinding)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *EnvBinding) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *EnvBindingList) DeepCopyInto(out *EnvBindingList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]EnvBinding, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvBindingList.
-func (in *EnvBindingList) DeepCopy() *EnvBindingList {
-	if in == nil {
-		return nil
-	}
-	out := new(EnvBindingList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *EnvBindingList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *EnvBindingSpec) DeepCopyInto(out *EnvBindingSpec) {
 	*out = *in
-	in.AppTemplate.DeepCopyInto(&out.AppTemplate)
 	if in.Envs != nil {
 		in, out := &in.Envs, &out.Envs
 		*out = make([]EnvConfig, len(*in))
@@ -143,11 +51,6 @@ func (in *EnvBindingSpec) DeepCopyInto(out *EnvBindingSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	if in.OutputResourcesTo != nil {
-		in, out := &in.OutputResourcesTo, &out.OutputResourcesTo
-		*out = new(ConfigMapReference)
-		**out = **in
-	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvBindingSpec.
@@ -163,16 +66,17 @@ func (in *EnvBindingSpec) DeepCopy() *EnvBindingSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *EnvBindingStatus) DeepCopyInto(out *EnvBindingStatus) {
 	*out = *in
-	in.ConditionedStatus.DeepCopyInto(&out.ConditionedStatus)
-	if in.ClusterDecisions != nil {
-		in, out := &in.ClusterDecisions, &out.ClusterDecisions
-		*out = make([]ClusterDecision, len(*in))
-		copy(*out, *in)
+	if in.Envs != nil {
+		in, out := &in.Envs, &out.Envs
+		*out = make([]EnvStatus, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
 	}
-	if in.ResourceTracker != nil {
-		in, out := &in.ResourceTracker, &out.ResourceTracker
-		*out = new(v1.ObjectReference)
-		**out = **in
+	if in.ClusterConnections != nil {
+		in, out := &in.ClusterConnections, &out.ClusterConnections
+		*out = make([]ClusterConnection, len(*in))
+		copy(*out, *in)
 	}
 }
 
@@ -186,6 +90,33 @@ func (in *EnvBindingStatus) DeepCopy() *EnvBindingStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *EnvComponentPatch) DeepCopyInto(out *EnvComponentPatch) {
+	*out = *in
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Traits != nil {
+		in, out := &in.Traits, &out.Traits
+		*out = make([]EnvTraitPatch, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvComponentPatch.
+func (in *EnvComponentPatch) DeepCopy() *EnvComponentPatch {
+	if in == nil {
+		return nil
+	}
+	out := new(EnvComponentPatch)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *EnvConfig) DeepCopyInto(out *EnvConfig) {
 	*out = *in
@@ -213,7 +144,7 @@ func (in *EnvPatch) DeepCopyInto(out *EnvPatch) {
 	*out = *in
 	if in.Components != nil {
 		in, out := &in.Components, &out.Components
-		*out = make([]common.ApplicationComponent, len(*in))
+		*out = make([]EnvComponentPatch, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@@ -275,6 +206,46 @@ func (in *EnvSelector) DeepCopy() *EnvSelector {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *EnvStatus) DeepCopyInto(out *EnvStatus) {
+	*out = *in
+	if in.Placements != nil {
+		in, out := &in.Placements, &out.Placements
+		*out = make([]PlacementDecision, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvStatus.
+func (in *EnvStatus) DeepCopy() *EnvStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(EnvStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *EnvTraitPatch) DeepCopyInto(out *EnvTraitPatch) {
+	*out = *in
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvTraitPatch.
+func (in *EnvTraitPatch) DeepCopy() *EnvTraitPatch {
+	if in == nil {
+		return nil
+	}
+	out := new(EnvTraitPatch)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *NamespaceSelector) DeepCopyInto(out *NamespaceSelector) {
 	*out = *in
@@ -298,150 +269,16 @@ func (in *NamespaceSelector) DeepCopy() *NamespaceSelector {
 }
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Workflow) DeepCopyInto(out *Workflow) {
+func (in *PlacementDecision) DeepCopyInto(out *PlacementDecision) {
 	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
 }
 
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workflow.
-func (in *Workflow) DeepCopy() *Workflow {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlacementDecision.
+func (in *PlacementDecision) DeepCopy() *PlacementDecision {
 	if in == nil {
 		return nil
 	}
-	out := new(Workflow)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *Workflow) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowList) DeepCopyInto(out *WorkflowList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]Workflow, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowList.
-func (in *WorkflowList) DeepCopy() *WorkflowList {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkflowList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *WorkflowList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowSpec) DeepCopyInto(out *WorkflowSpec) {
-	*out = *in
-	if in.Steps != nil {
-		in, out := &in.Steps, &out.Steps
-		*out = make([]WorkflowStep, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowSpec.
-func (in *WorkflowSpec) DeepCopy() *WorkflowSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkflowSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowStatus) DeepCopyInto(out *WorkflowStatus) {
-	*out = *in
-	in.ConditionedStatus.DeepCopyInto(&out.ConditionedStatus)
-	if in.ContextBackend != nil {
-		in, out := &in.ContextBackend, &out.ContextBackend
-		*out = new(v1.ObjectReference)
-		**out = **in
-	}
-	if in.Steps != nil {
-		in, out := &in.Steps, &out.Steps
-		*out = make([]WorkflowStepStatus, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStatus.
-func (in *WorkflowStatus) DeepCopy() *WorkflowStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkflowStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
-	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
-	if in.Inputs != nil {
-		in, out := &in.Inputs, &out.Inputs
-		*out = make(common.StepInputs, len(*in))
-		copy(*out, *in)
-	}
-	if in.Outputs != nil {
-		in, out := &in.Outputs, &out.Outputs
-		*out = make(common.StepOutputs, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStep.
-func (in *WorkflowStep) DeepCopy() *WorkflowStep {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkflowStep)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkflowStepStatus) DeepCopyInto(out *WorkflowStepStatus) {
-	*out = *in
-	out.ResourceRef = in.ResourceRef
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStepStatus.
-func (in *WorkflowStepStatus) DeepCopy() *WorkflowStepStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkflowStepStatus)
+	out := new(PlacementDecision)
 	in.DeepCopyInto(out)
 	return out
 }

apis/core.oam.dev/v1alpha2/application_types.go

@@ -54,7 +54,7 @@ type AppStatus struct {
 type ApplicationTrait struct {
 	Name string `json:"name"`
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
 }
 
 // ApplicationComponent describe the component of application

apis/core.oam.dev/v1alpha2/applicationcontext_types.go

@@ -1,48 +0,0 @@
-/*
-Copyright 2021 The KubeVela Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha2
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// ApplicationContextSpec is the spec of ApplicationContext
-type ApplicationContextSpec struct {
-	// ApplicationRevisionName points to the snapshot of an Application with all its closure
-	ApplicationRevisionName string `json:"applicationRevisionName"`
-}
-
-// ApplicationContext is the Schema for the ApplicationContext API
-// +kubebuilder:object:root=true
-// +kubebuilder:resource:shortName=appcontext,categories={oam}
-// +kubebuilder:subresource:status
-type ApplicationContext struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec ApplicationContextSpec `json:"spec,omitempty"`
-	// we need to reuse the AC status
-	Status ApplicationConfigurationStatus `json:"status,omitempty"`
-}
-
-// ApplicationContextList contains a list of ApplicationContext
-// +kubebuilder:object:root=true
-type ApplicationContextList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []ApplicationContext `json:"items"`
-}

apis/core.oam.dev/v1alpha2/conversion.go

@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"reflect"
 
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
 
@@ -44,7 +45,7 @@ func ApplicationV1alpha2ToV1beta1(v1a2 *Application, v1b1 *v1beta1.Application)
 		for j, trait := range comp.Traits {
 			traits[j] = common.ApplicationTrait{
 				Type:       trait.Name,
-				Properties: *trait.Properties.DeepCopy(),
+				Properties: trait.Properties.DeepCopy(),
 			}
 		}
 
@@ -58,7 +59,7 @@ func ApplicationV1alpha2ToV1beta1(v1a2 *Application, v1b1 *v1beta1.Application)
 		v1b1.Spec.Components = append(v1b1.Spec.Components, common.ApplicationComponent{
 			Name:       comp.Name,
 			Type:       comp.WorkloadType,
-			Properties: *comp.Settings.DeepCopy(),
+			Properties: comp.Settings.DeepCopy(),
 			Traits:     traits,
 			Scopes:     scopes,
 		})
@@ -104,7 +105,7 @@ func (app *Application) ConvertFrom(src conversion.Hub) error {
 			for j, trait := range comp.Traits {
 				traits[j] = ApplicationTrait{
 					Name:       trait.Type,
-					Properties: *trait.Properties.DeepCopy(),
+					Properties: trait.Properties.DeepCopy(),
 				}
 			}
 
@@ -115,10 +116,17 @@ func (app *Application) ConvertFrom(src conversion.Hub) error {
 			}
 			// convert component
 			//  `.properties` -> `.settings`
+
+			var compProperties runtime.RawExtension
+
+			if comp.Properties != nil {
+				compProperties = *comp.Properties.DeepCopy()
+			}
+
 			app.Spec.Components = append(app.Spec.Components, ApplicationComponent{
 				Name:         comp.Name,
 				WorkloadType: comp.Type,
-				Settings:     *comp.Properties.DeepCopy(),
+				Settings:     compProperties,
 				Traits:       traits,
 				Scopes:       scopes,
 			})

apis/core.oam.dev/v1alpha2/conversion_test.go

@@ -0,0 +1,117 @@
+/*
+ Copyright 2021 The KubeVela Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	"fmt"
+	"testing"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/v1beta1"
+)
+
+var app = Application{
+	Spec: ApplicationSpec{
+		Components: []ApplicationComponent{{
+			Name:         "test-component",
+			WorkloadType: "worker",
+			Traits:       []ApplicationTrait{},
+			Scopes:       map[string]string{},
+		}},
+	},
+}
+
+type errType struct {
+}
+
+func (*errType) Hub() {}
+
+func (*errType) DeepCopyObject() runtime.Object {
+	return nil
+}
+
+func (*errType) GetObjectKind() schema.ObjectKind {
+	return nil
+}
+
+func TestApplicationV1alpha2ToV1beta1(t *testing.T) {
+	r := require.New(t)
+	expected := &v1beta1.Application{}
+	ApplicationV1alpha2ToV1beta1(&app, expected)
+
+	r.Equal(expected, &v1beta1.Application{
+		Spec: v1beta1.ApplicationSpec{
+			Components: []common.ApplicationComponent{{
+				Name:       "test-component",
+				Type:       "worker",
+				Properties: &runtime.RawExtension{},
+				Traits:     []common.ApplicationTrait{},
+				Scopes:     map[string]string{},
+			}},
+		},
+	})
+}
+
+func TestConvertTo(t *testing.T) {
+	r := require.New(t)
+	expected := &v1beta1.Application{}
+	err := app.ConvertTo(expected)
+	r.NoError(err)
+	r.Equal(expected, &v1beta1.Application{
+		Spec: v1beta1.ApplicationSpec{
+			Components: []common.ApplicationComponent{{
+				Name:       "test-component",
+				Type:       "worker",
+				Properties: &runtime.RawExtension{},
+				Traits:     []common.ApplicationTrait{},
+				Scopes:     map[string]string{},
+			}},
+		},
+	})
+
+	errCase := &errType{}
+	err = app.ConvertTo(errCase)
+	r.Equal(err, fmt.Errorf("unsupported convertTo object *v1alpha2.errType"))
+}
+
+func TestConvertFrom(t *testing.T) {
+	r := require.New(t)
+	to := &Application{}
+	from := &v1beta1.Application{
+		Spec: v1beta1.ApplicationSpec{
+			Components: []common.ApplicationComponent{{
+				Name:       "test-component",
+				Type:       "worker",
+				Properties: &runtime.RawExtension{},
+				Traits:     []common.ApplicationTrait{},
+				Scopes:     map[string]string{},
+			}},
+		},
+	}
+	err := to.ConvertFrom(from)
+	r.NoError(err)
+	r.Equal(to.Spec, app.Spec)
+
+	errCase := &errType{}
+	err = app.ConvertFrom(errCase)
+	r.Equal(err, fmt.Errorf("unsupported ConvertFrom object *v1alpha2.errType"))
+}

apis/core.oam.dev/v1alpha2/core_workload_types.go

@@ -19,14 +19,8 @@ limitations under the License.
 package v1alpha2
 
 import (
-	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
-
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
-
-	"github.com/oam-dev/kubevela/pkg/oam"
 )
 
 // An OperatingSystem required by a containerised workload.
@@ -359,53 +353,3 @@ type Container struct {
 	// +optional
 	ImagePullSecret *string `json:"imagePullSecret,omitempty"`
 }
-
-// A ContainerizedWorkloadSpec defines the desired state of a
-// ContainerizedWorkload.
-type ContainerizedWorkloadSpec struct {
-	// OperatingSystem required by this workload.
-	// +kubebuilder:validation:Enum=linux;windows
-	// +optional
-	OperatingSystem *OperatingSystem `json:"osType,omitempty"`
-
-	// CPUArchitecture required by this workload.
-	// +kubebuilder:validation:Enum=i386;amd64;arm;arm64
-	// +optional
-	CPUArchitecture *CPUArchitecture `json:"arch,omitempty"`
-
-	// Containers of which this workload consists.
-	Containers []Container `json:"containers"`
-}
-
-// A ContainerizedWorkloadStatus represents the observed state of a
-// ContainerizedWorkload.
-type ContainerizedWorkloadStatus struct {
-	condition.ConditionedStatus `json:",inline"`
-
-	// Resources managed by this containerised workload.
-	Resources []corev1.ObjectReference `json:"resources,omitempty"`
-}
-
-var _ oam.Workload = &ContainerizedWorkload{}
-
-// +kubebuilder:object:root=true
-
-// A ContainerizedWorkload is a workload that runs OCI containers.
-// +kubebuilder:resource:categories={oam}
-// +kubebuilder:subresource:status
-type ContainerizedWorkload struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   ContainerizedWorkloadSpec   `json:"spec,omitempty"`
-	Status ContainerizedWorkloadStatus `json:"status,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-
-// ContainerizedWorkloadList contains a list of ContainerizedWorkload.
-type ContainerizedWorkloadList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []ContainerizedWorkload `json:"items"`
-}

apis/core.oam.dev/v1alpha2/methods.go

@@ -64,16 +64,6 @@ func (cm *Component) SetConditions(c ...condition.Condition) {
 	cm.Status.SetConditions(c...)
 }
 
-// GetCondition of this ContainerizedWorkload.
-func (wl *ContainerizedWorkload) GetCondition(ct condition.ConditionType) condition.Condition {
-	return wl.Status.GetCondition(ct)
-}
-
-// SetConditions of this ContainerizedWorkload.
-func (wl *ContainerizedWorkload) SetConditions(c ...condition.Condition) {
-	wl.Status.SetConditions(c...)
-}
-
 // GetCondition of this HealthScope.
 func (hs *HealthScope) GetCondition(ct condition.ConditionType) condition.Condition {
 	return hs.Status.GetCondition(ct)

apis/core.oam.dev/v1alpha2/register.go

@@ -85,22 +85,6 @@ var (
 	ApplicationConfigurationGroupVersionKind = SchemeGroupVersion.WithKind(ApplicationConfigurationKind)
 )
 
-// ApplicationContext type metadata.
-var (
-	ApplicationContextKind             = reflect.TypeOf(ApplicationContext{}).Name()
-	ApplicationContextGroupKind        = schema.GroupKind{Group: Group, Kind: ApplicationContextKind}.String()
-	ApplicationContextKindAPIVersion   = ApplicationContextKind + "." + SchemeGroupVersion.String()
-	ApplicationContextGroupVersionKind = SchemeGroupVersion.WithKind(ApplicationContextKind)
-)
-
-// ContainerizedWorkload type metadata.
-var (
-	ContainerizedWorkloadKind             = reflect.TypeOf(ContainerizedWorkload{}).Name()
-	ContainerizedWorkloadGroupKind        = schema.GroupKind{Group: Group, Kind: ContainerizedWorkloadKind}.String()
-	ContainerizedWorkloadKindAPIVersion   = ContainerizedWorkloadKind + "." + SchemeGroupVersion.String()
-	ContainerizedWorkloadGroupVersionKind = SchemeGroupVersion.WithKind(ContainerizedWorkloadKind)
-)
-
 // ManualScalerTrait type metadata.
 var (
 	ManualScalerTraitKind             = reflect.TypeOf(ManualScalerTrait{}).Name()
@@ -148,11 +132,9 @@ func init() {
 	SchemeBuilder.Register(&ScopeDefinition{}, &ScopeDefinitionList{})
 	SchemeBuilder.Register(&Component{}, &ComponentList{})
 	SchemeBuilder.Register(&ApplicationConfiguration{}, &ApplicationConfigurationList{})
-	SchemeBuilder.Register(&ContainerizedWorkload{}, &ContainerizedWorkloadList{})
 	SchemeBuilder.Register(&ManualScalerTrait{}, &ManualScalerTraitList{})
 	SchemeBuilder.Register(&HealthScope{}, &HealthScopeList{})
 	SchemeBuilder.Register(&Application{}, &ApplicationList{})
 	SchemeBuilder.Register(&AppRollout{}, &AppRolloutList{})
 	SchemeBuilder.Register(&ApplicationRevision{}, &ApplicationRevisionList{})
-	SchemeBuilder.Register(&ApplicationContext{}, &ApplicationContextList{})
 }

apis/core.oam.dev/v1alpha2/zz_generated.deepcopy.go

@@ -428,80 +428,6 @@ func (in *ApplicationConfigurationStatus) DeepCopy() *ApplicationConfigurationSt
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplicationContext) DeepCopyInto(out *ApplicationContext) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	out.Spec = in.Spec
-	in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationContext.
-func (in *ApplicationContext) DeepCopy() *ApplicationContext {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplicationContext)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ApplicationContext) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplicationContextList) DeepCopyInto(out *ApplicationContextList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]ApplicationContext, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationContextList.
-func (in *ApplicationContextList) DeepCopy() *ApplicationContextList {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplicationContextList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ApplicationContextList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplicationContextSpec) DeepCopyInto(out *ApplicationContextSpec) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationContextSpec.
-func (in *ApplicationContextSpec) DeepCopy() *ApplicationContextSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplicationContextSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplicationList) DeepCopyInto(out *ApplicationList) {
 	*out = *in
@@ -674,7 +600,11 @@ func (in *ApplicationSpec) DeepCopy() *ApplicationSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplicationTrait) DeepCopyInto(out *ApplicationTrait) {
 	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationTrait.
@@ -1283,118 +1213,6 @@ func (in *ContainerResources) DeepCopy() *ContainerResources {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ContainerizedWorkload) DeepCopyInto(out *ContainerizedWorkload) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerizedWorkload.
-func (in *ContainerizedWorkload) DeepCopy() *ContainerizedWorkload {
-	if in == nil {
-		return nil
-	}
-	out := new(ContainerizedWorkload)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ContainerizedWorkload) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ContainerizedWorkloadList) DeepCopyInto(out *ContainerizedWorkloadList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]ContainerizedWorkload, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerizedWorkloadList.
-func (in *ContainerizedWorkloadList) DeepCopy() *ContainerizedWorkloadList {
-	if in == nil {
-		return nil
-	}
-	out := new(ContainerizedWorkloadList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ContainerizedWorkloadList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ContainerizedWorkloadSpec) DeepCopyInto(out *ContainerizedWorkloadSpec) {
-	*out = *in
-	if in.OperatingSystem != nil {
-		in, out := &in.OperatingSystem, &out.OperatingSystem
-		*out = new(OperatingSystem)
-		**out = **in
-	}
-	if in.CPUArchitecture != nil {
-		in, out := &in.CPUArchitecture, &out.CPUArchitecture
-		*out = new(CPUArchitecture)
-		**out = **in
-	}
-	if in.Containers != nil {
-		in, out := &in.Containers, &out.Containers
-		*out = make([]Container, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerizedWorkloadSpec.
-func (in *ContainerizedWorkloadSpec) DeepCopy() *ContainerizedWorkloadSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(ContainerizedWorkloadSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ContainerizedWorkloadStatus) DeepCopyInto(out *ContainerizedWorkloadStatus) {
-	*out = *in
-	in.ConditionedStatus.DeepCopyInto(&out.ConditionedStatus)
-	if in.Resources != nil {
-		in, out := &in.Resources, &out.Resources
-		*out = make([]v1.ObjectReference, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerizedWorkloadStatus.
-func (in *ContainerizedWorkloadStatus) DeepCopy() *ContainerizedWorkloadStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(ContainerizedWorkloadStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DataInput) DeepCopyInto(out *DataInput) {
 	*out = *in

apis/core.oam.dev/v1beta1/application_types.go

@@ -44,7 +44,7 @@ type AppPolicy struct {
 
 	Type string `json:"type"`
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
 }
 
 // WorkflowStep defines how to execute a workflow step.
@@ -55,7 +55,9 @@ type WorkflowStep struct {
 	Type string `json:"type"`
 
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Properties runtime.RawExtension `json:"properties,omitempty"`
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
+
+	DependsOn []string `json:"dependsOn,omitempty"`
 
 	Inputs common.StepInputs `json:"inputs,omitempty"`
 

apis/core.oam.dev/v1beta1/core_types.go

@@ -17,7 +17,6 @@
 package v1beta1
 
 import (
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 
@@ -257,32 +256,3 @@ type ScopeDefinitionList struct {
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []ScopeDefinition `json:"items"`
 }
-
-// +kubebuilder:object:root=true
-// +kubebuilder:subresource:status
-// +genclient
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// An ResourceTracker represents a tracker for track cross namespace resources
-// +kubebuilder:resource:scope=Cluster,categories={oam},shortName=tracker
-type ResourceTracker struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Status ResourceTrackerStatus `json:"status,omitempty"`
-}
-
-// ResourceTrackerStatus define the status of resourceTracker
-type ResourceTrackerStatus struct {
-	TrackedResources []corev1.ObjectReference `json:"trackedResources,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// ResourceTrackerList contains a list of ResourceTracker
-type ResourceTrackerList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []ResourceTracker `json:"items"`
-}

apis/core.oam.dev/v1beta1/initializer_type.go

@@ -1,100 +0,0 @@
-/*
- Copyright 2021. The KubeVela Authors.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package v1beta1
-
-import (
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
-)
-
-// InitializerPhase is a label for the condition of a initializer at the current time
-type InitializerPhase string
-
-const (
-	// InitializerCheckingDependsOn means the initializer is checking the status of dependent Initializer
-	InitializerCheckingDependsOn InitializerPhase = "checkingDependsOn"
-	// InitializerInitializing means the initializer is initializing
-	InitializerInitializing InitializerPhase = "initializing"
-	// InitializerSuccess means the initializer successfully initialized the environment
-	InitializerSuccess InitializerPhase = "success"
-)
-
-// DependsOn refer to an object which Initializer depends on
-type DependsOn struct {
-	Ref corev1.ObjectReference `json:"ref"`
-}
-
-// A InitializerSpec defines the desired state of a Initializer.
-type InitializerSpec struct {
-	// AppTemplate indicates the application template to render and deploy an system application.
-	AppTemplate Application `json:"appTemplate"`
-
-	// DependsOn indicates the other initializers that this depends on.
-	// It will not apply its components until all dependencies exist.
-	DependsOn []DependsOn `json:"dependsOn,omitempty"`
-}
-
-// InitializerStatus is the status of Initializer
-type InitializerStatus struct {
-	// ConditionedStatus reflects the observed status of a resource
-	condition.ConditionedStatus `json:",inline"`
-
-	Phase InitializerPhase `json:"status,omitempty"`
-
-	// The generation observed by the Initializer controller.
-	// +optional
-	ObservedGeneration int64 `json:"observedGeneration"`
-}
-
-// +kubebuilder:object:root=true
-
-// Initializer is the Schema for the Initializer API
-// +kubebuilder:subresource:status
-// +kubebuilder:resource:scope=Namespaced,categories={oam},shortName=init
-// +kubebuilder:printcolumn:name="PHASE",type=string,JSONPath=`.status.status`
-// +kubebuilder:printcolumn:name="AGE",type=date,JSONPath=".metadata.creationTimestamp"
-// +genclient
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type Initializer struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   InitializerSpec   `json:"spec,omitempty"`
-	Status InitializerStatus `json:"status,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// InitializerList contains a list of Initializer.
-type InitializerList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []Initializer `json:"items"`
-}
-
-// SetConditions set condition for Initializer
-func (i *Initializer) SetConditions(c ...condition.Condition) {
-	i.Status.SetConditions(c...)
-}
-
-// GetCondition gets condition from Initializer
-func (i *Initializer) GetCondition(conditionType condition.ConditionType) condition.Condition {
-	return i.Status.GetCondition(conditionType)
-}

apis/core.oam.dev/v1beta1/register.go

@@ -144,14 +144,6 @@ var (
 	ClusterKindVersionKind = SchemeGroupVersion.WithKind(ClusterKind)
 )
 
-// Initializer type metadata.
-var (
-	InitializerKind            = reflect.TypeOf(Initializer{}).Name()
-	InitializerGroupKind       = schema.GroupKind{Group: Group, Kind: InitializerKind}.String()
-	InitializerKindAPIVersion  = InitializerKind + "." + SchemeGroupVersion.String()
-	InitializerKindVersionKind = SchemeGroupVersion.WithKind(InitializerKind)
-)
-
 func init() {
 	SchemeBuilder.Register(&ComponentDefinition{}, &ComponentDefinitionList{})
 	SchemeBuilder.Register(&WorkloadDefinition{}, &WorkloadDefinitionList{})
@@ -166,7 +158,6 @@ func init() {
 	SchemeBuilder.Register(&AppDeployment{}, &AppDeploymentList{})
 	SchemeBuilder.Register(&Cluster{}, &ClusterList{})
 	SchemeBuilder.Register(&ResourceTracker{}, &ResourceTrackerList{})
-	SchemeBuilder.Register(&Initializer{}, &InitializerList{})
 }
 
 // Resource takes an unqualified resource and returns a Group qualified GroupResource

apis/core.oam.dev/v1beta1/resourcetracker.go

@@ -0,0 +1,146 @@
+/*
+Copyright 2021 The KubeVela Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/pointer"
+
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
+	"github.com/oam-dev/kubevela/apis/interfaces"
+	"github.com/oam-dev/kubevela/pkg/oam"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// An ResourceTracker represents a tracker for track cross namespace resources
+// +kubebuilder:resource:scope=Cluster,categories={oam},shortName=tracker
+type ResourceTracker struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Status ResourceTrackerStatus `json:"status,omitempty"`
+}
+
+// ResourceTrackerStatus define the status of resourceTracker
+type ResourceTrackerStatus struct {
+	TrackedResources []common.ClusterObjectReference `json:"trackedResources,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ResourceTrackerList contains a list of ResourceTracker
+type ResourceTrackerList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ResourceTracker `json:"items"`
+}
+
+// ToOwnerReference convert ResourceTracker into owner reference for other resource to refer
+func (in *ResourceTracker) ToOwnerReference() *metav1.OwnerReference {
+	return &metav1.OwnerReference{
+		APIVersion:         SchemeGroupVersion.String(),
+		Kind:               ResourceTrackerKind,
+		Name:               in.Name,
+		UID:                in.UID,
+		Controller:         pointer.BoolPtr(true),
+		BlockOwnerDeletion: pointer.BoolPtr(true),
+	}
+}
+
+// AddOwnerReferenceToTrackerResource add resourcetracker as owner reference to target object, return true if already exists (outdated)
+func (in *ResourceTracker) AddOwnerReferenceToTrackerResource(rsc interfaces.ObjectOwner) bool {
+	ownerRefs := []metav1.OwnerReference{*in.ToOwnerReference()}
+	exists := false
+	for _, owner := range rsc.GetOwnerReferences() {
+		// delete the old resourceTracker owner
+		if owner.Kind == ResourceTrackerKind && owner.APIVersion == SchemeGroupVersion.String() {
+			exists = true
+			continue
+		}
+		if owner.Controller != nil && *owner.Controller && owner.UID != in.UID {
+			owner.Controller = pointer.BoolPtr(false)
+		}
+		ownerRefs = append(ownerRefs, owner)
+	}
+	rsc.SetOwnerReferences(ownerRefs)
+	return exists
+}
+
+func (in *ResourceTracker) addClusterObjectReference(ref common.ClusterObjectReference) bool {
+	for _, _rsc := range in.Status.TrackedResources {
+		if _rsc.Equal(ref) {
+			return true
+		}
+	}
+	in.Status.TrackedResources = append(in.Status.TrackedResources, ref)
+	return false
+}
+
+// AddTrackedResource add new object reference into tracked resources, return if already exists
+func (in *ResourceTracker) AddTrackedResource(rsc interfaces.TrackableResource) bool {
+	return in.addClusterObjectReference(common.ClusterObjectReference{
+		ObjectReference: v1.ObjectReference{
+			APIVersion: rsc.GetAPIVersion(),
+			Kind:       rsc.GetKind(),
+			Name:       rsc.GetName(),
+			Namespace:  rsc.GetNamespace(),
+			UID:        rsc.GetUID(),
+		},
+	})
+}
+
+// AddTrackedCluster add resourcetracker in remote cluster into tracked resources, return if already exists
+func (in *ResourceTracker) AddTrackedCluster(clusterName string) bool {
+	if clusterName == "" {
+		return true
+	}
+	return in.addClusterObjectReference(common.ClusterObjectReference{
+		Cluster: clusterName,
+		ObjectReference: v1.ObjectReference{
+			APIVersion: SchemeGroupVersion.String(),
+			Kind:       ResourceTrackerKind,
+			Name:       in.GetName(),
+		},
+	})
+}
+
+// GetTrackedClusters return remote clusters recorded in the resource tracker
+func (in *ResourceTracker) GetTrackedClusters() (clusters []string) {
+	for _, ref := range in.Status.TrackedResources {
+		if ref.APIVersion == SchemeGroupVersion.String() && ref.Kind == ResourceTrackerKind && ref.Name == in.Name && ref.Cluster != "" {
+			clusters = append(clusters, ref.Cluster)
+		}
+	}
+	return
+}
+
+// IsLifeLong check if resourcetracker shares the same whole life with the entire application
+func (in *ResourceTracker) IsLifeLong() bool {
+	_, ok := in.GetAnnotations()[oam.AnnotationResourceTrackerLifeLong]
+	return ok
+}
+
+// SetLifeLong set life long to resource tracker
+func (in *ResourceTracker) SetLifeLong() {
+	in.SetAnnotations(map[string]string{oam.AnnotationResourceTrackerLifeLong: "true"})
+}

apis/core.oam.dev/v1beta1/workflow_step_definition.go

@@ -38,7 +38,8 @@ type WorkflowStepDefinitionSpec struct {
 type WorkflowStepDefinitionStatus struct {
 	// ConditionedStatus reflects the observed status of a resource
 	condition.ConditionedStatus `json:",inline"`
-
+	// ConfigMapRef refer to a ConfigMap which contains OpenAPI V3 JSON schema of Component parameters.
+	ConfigMapRef string `json:"configMapRef,omitempty"`
 	// LatestRevision of the component definition
 	// +optional
 	LatestRevision *common.Revision `json:"latestRevision,omitempty"`

apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go

@@ -21,7 +21,6 @@ limitations under the License.
 package v1beta1
 
 import (
-	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 
@@ -141,7 +140,11 @@ func (in *AppDeploymentStatus) DeepCopy() *AppDeploymentStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *AppPolicy) DeepCopyInto(out *AppPolicy) {
 	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppPolicy.
@@ -786,22 +789,6 @@ func (in *DefinitionRevisionSpec) DeepCopy() *DefinitionRevisionSpec {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *DependsOn) DeepCopyInto(out *DependsOn) {
-	*out = *in
-	out.Ref = in.Ref
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DependsOn.
-func (in *DependsOn) DeepCopy() *DependsOn {
-	if in == nil {
-		return nil
-	}
-	out := new(DependsOn)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HTTPMatchRequest) DeepCopyInto(out *HTTPMatchRequest) {
 	*out = *in
@@ -853,102 +840,6 @@ func (in *HTTPRule) DeepCopy() *HTTPRule {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Initializer) DeepCopyInto(out *Initializer) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Initializer.
-func (in *Initializer) DeepCopy() *Initializer {
-	if in == nil {
-		return nil
-	}
-	out := new(Initializer)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *Initializer) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *InitializerList) DeepCopyInto(out *InitializerList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]Initializer, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitializerList.
-func (in *InitializerList) DeepCopy() *InitializerList {
-	if in == nil {
-		return nil
-	}
-	out := new(InitializerList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *InitializerList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *InitializerSpec) DeepCopyInto(out *InitializerSpec) {
-	*out = *in
-	in.AppTemplate.DeepCopyInto(&out.AppTemplate)
-	if in.DependsOn != nil {
-		in, out := &in.DependsOn, &out.DependsOn
-		*out = make([]DependsOn, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitializerSpec.
-func (in *InitializerSpec) DeepCopy() *InitializerSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(InitializerSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *InitializerStatus) DeepCopyInto(out *InitializerStatus) {
-	*out = *in
-	in.ConditionedStatus.DeepCopyInto(&out.ConditionedStatus)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitializerStatus.
-func (in *InitializerStatus) DeepCopy() *InitializerStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(InitializerStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *LocalSecretReference) DeepCopyInto(out *LocalSecretReference) {
 	*out = *in
@@ -1148,7 +1039,7 @@ func (in *ResourceTrackerStatus) DeepCopyInto(out *ResourceTrackerStatus) {
 	*out = *in
 	if in.TrackedResources != nil {
 		in, out := &in.TrackedResources, &out.TrackedResources
-		*out = make([]corev1.ObjectReference, len(*in))
+		*out = make([]common.ClusterObjectReference, len(*in))
 		copy(*out, *in)
 	}
 }
@@ -1450,7 +1341,16 @@ func (in *Workflow) DeepCopy() *Workflow {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
 	*out = *in
-	in.Properties.DeepCopyInto(&out.Properties)
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	if in.Inputs != nil {
 		in, out := &in.Inputs, &out.Inputs
 		*out = make(common.StepInputs, len(*in))

apis/generate.go

@@ -1,3 +1,4 @@
+//go:build generate
 // +build generate
 
 /*

apis/interfaces/resourcetracker.go

@@ -0,0 +1,35 @@
+/*
+Copyright 2021 The KubeVela Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package interfaces
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// ObjectOwner is the interface for get and set ownerReference
+type ObjectOwner interface {
+	GetOwnerReferences() []metav1.OwnerReference
+	SetOwnerReferences([]metav1.OwnerReference)
+}
+
+// TrackableResource is the interface for resources to be tracked by resourcetracker
+type TrackableResource interface {
+	client.Object
+	metav1.Type
+	ObjectOwner
+}

apis/types/capability.go

@@ -19,12 +19,14 @@ package types
 import (
 	"encoding/json"
 
+	"cuelang.org/go/cue"
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/spf13/pflag"
 	"k8s.io/apimachinery/pkg/runtime"
 
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
-
-	"cuelang.org/go/cue"
-	"github.com/spf13/pflag"
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/v1beta1"
+	"github.com/oam-dev/kubevela/pkg/apiserver/rest/utils"
 )
 
 // Source record the source of Capability
@@ -79,6 +81,8 @@ const CapabilityConfigMapNamePrefix = "schema-"
 const (
 	// OpenapiV3JSONSchema is the key to store OpenAPI v3 JSON schema in ConfigMap
 	OpenapiV3JSONSchema string = "openapi-v3-json-schema"
+	// UISchema is the key to store ui custom schema
+	UISchema string = "ui-schema"
 )
 
 // CapabilityCategory defines the category of a capability
@@ -183,3 +187,51 @@ type Capability struct {
 	KubeTemplate  runtime.RawExtension   `json:"kubetemplate,omitempty"`
 	KubeParameter []common.KubeParameter `json:"kubeparameter,omitempty"`
 }
+
+// Addon contains all information represent an addon
+type Addon struct {
+	AddonMeta
+
+	APISchema *openapi3.Schema     `json:"schema"`
+	UISchema  []*utils.UIParameter `json:"uiSchema"`
+
+	// More details about the addon, e.g. README
+	Detail        string               `json:"detail,omitempty"`
+	Definitions   []AddonElementFile   `json:"definitions"`
+	Parameters    string               `json:"parameters"`
+	CUETemplates  []AddonElementFile   `json:"cue_templates"`
+	YAMLTemplates []AddonElementFile   `json:"yaml_templates,omitempty"`
+	DefSchemas    []AddonElementFile   `json:"def_schemas,omitempty"`
+	AppTemplate   *v1beta1.Application `json:"app_template"`
+}
+
+// AddonMeta defines the format for a single addon
+type AddonMeta struct {
+	Name          string             `json:"name" validate:"required"`
+	Version       string             `json:"version"`
+	Description   string             `json:"description"`
+	Icon          string             `json:"icon"`
+	URL           string             `json:"url,omitempty"`
+	Tags          []string           `json:"tags,omitempty"`
+	DeployTo      *AddonDeployTo     `json:"deployTo,omitempty"`
+	Dependencies  []*AddonDependency `json:"dependencies,omitempty"`
+	NeedNamespace []string           `json:"needNamespace,omitempty"`
+	Invisible     bool               `json:"invisible"`
+}
+
+// AddonDeployTo defines where the addon to deploy to
+type AddonDeployTo struct {
+	ControlPlane   bool `json:"control_plane"`
+	RuntimeCluster bool `json:"runtime_cluster"`
+}
+
+// AddonDependency defines the other addons it depends on
+type AddonDependency struct {
+	Name string `json:"name,omitempty"`
+}
+
+// AddonElementFile can be addon's definition or addon's component
+type AddonElementFile struct {
+	Data string
+	Name string
+}

apis/types/types.go

@@ -36,8 +36,18 @@ const (
 )
 
 const (
-	// AnnDescription is the annotation which describe what is the capability used for in a WorkloadDefinition/TraitDefinition Object
-	AnnDescription = "definition.oam.dev/description"
+	// AnnoDefinitionDescription is the annotation which describe what is the capability used for in a WorkloadDefinition/TraitDefinition Object
+	AnnoDefinitionDescription = "definition.oam.dev/description"
+	// AnnoDefinitionAppliedWorkloads is the annotation which describe what is the workloads used for in a TraitDefinition Object
+	AnnoDefinitionAppliedWorkloads = "definition.oam.dev/appliedWorkloads"
+	// LabelDefinition is the label for definition
+	LabelDefinition = "definition.oam.dev"
+	// LabelDefinitionName is the label for definition name
+	LabelDefinitionName = "definition.oam.dev/name"
+	// LabelDefinitionDeprecated is the label which describe whether the capability is deprecated
+	LabelDefinitionDeprecated = "custom.definition.oam.dev/deprecated"
+	// LabelDefinitionHidden is the label which describe whether the capability is hidden by UI
+	LabelDefinitionHidden = "custom.definition.oam.dev/ui-hidden"
 )
 
 const (
@@ -47,12 +57,13 @@ const (
 	StatusStaging = "Staging"
 )
 
-// EnvMeta stores the info for app environment
+// Config contains key/value pairs
+type Config map[string]string
+
+// EnvMeta stores the namespace for app environment
 type EnvMeta struct {
 	Name      string `json:"name"`
 	Namespace string `json:"namespace"`
-	Email     string `json:"email,omitempty"`
-	Domain    string `json:"domain,omitempty"`
 
 	Current string `json:"current,omitempty"`
 }
@@ -84,4 +95,13 @@ var DefaultFilterAnnots = []string{
 	oam.AnnotationInplaceUpgrade,
 	oam.AnnotationFilterLabelKeys,
 	oam.AnnotationFilterAnnotationKeys,
+	oam.AnnotationLastAppliedConfiguration,
+}
+
+// Cluster contains base info of cluster
+type Cluster struct {
+	Name     string
+	Type     string
+	EndPoint string
+	Accepted bool
 }

charts/oam-runtime/crds/core.oam.dev_containerizedworkloads.yaml

@@ -1,593 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: containerizedworkloads.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: ContainerizedWorkload
-    listKind: ContainerizedWorkloadList
-    plural: containerizedworkloads
-    singular: containerizedworkload
-  scope: Namespaced
-  versions:
-  - name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: A ContainerizedWorkload is a workload that runs OCI containers.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A ContainerizedWorkloadSpec defines the desired state of
-              a ContainerizedWorkload.
-            properties:
-              arch:
-                description: CPUArchitecture required by this workload.
-                enum:
-                - i386
-                - amd64
-                - arm
-                - arm64
-                type: string
-              containers:
-                description: Containers of which this workload consists.
-                items:
-                  description: A Container represents an Open Containers Initiative
-                    (OCI) container.
-                  properties:
-                    args:
-                      description: Arguments to be passed to the command run by this
-                        container.
-                      items:
-                        type: string
-                      type: array
-                    command:
-                      description: Command to be run by this container.
-                      items:
-                        type: string
-                      type: array
-                    config:
-                      description: ConfigFiles that should be written within this
-                        container.
-                      items:
-                        description: A ContainerConfigFile specifies a configuration
-                          file that should be written within a container.
-                        properties:
-                          fromSecret:
-                            description: FromSecret is a secret key reference which
-                              can be used to assign a value to be written to the configuration
-                              file at the given path in the container.
-                            properties:
-                              key:
-                                description: The key to select.
-                                type: string
-                              name:
-                                description: The name of the secret.
-                                type: string
-                            required:
-                            - key
-                            - name
-                            type: object
-                          path:
-                            description: Path within the container at which the configuration
-                              file should be written.
-                            type: string
-                          value:
-                            description: Value that should be written to the configuration
-                              file.
-                            type: string
-                        required:
-                        - path
-                        type: object
-                      type: array
-                    env:
-                      description: Environment variables that should be set within
-                        this container.
-                      items:
-                        description: A ContainerEnvVar specifies an environment variable
-                          that should be set within a container.
-                        properties:
-                          fromSecret:
-                            description: FromSecret is a secret key reference which
-                              can be used to assign a value to the environment variable.
-                            properties:
-                              key:
-                                description: The key to select.
-                                type: string
-                              name:
-                                description: The name of the secret.
-                                type: string
-                            required:
-                            - key
-                            - name
-                            type: object
-                          name:
-                            description: Name of the environment variable. Must be
-                              composed of valid Unicode letter and number characters,
-                              as well as _ and -.
-                            pattern: ^[-_a-zA-Z0-9]+$
-                            type: string
-                          value:
-                            description: Value of the environment variable.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                      type: array
-                    image:
-                      description: Image this container should run. Must be a path-like
-                        or URI-like representation of an OCI image. May be prefixed
-                        with a registry address and should be suffixed with a tag.
-                      type: string
-                    imagePullSecret:
-                      description: ImagePullSecret specifies the name of a Secret
-                        from which the credentials required to pull this container's
-                        image can be loaded.
-                      type: string
-                    livenessProbe:
-                      description: A LivenessProbe assesses whether this container
-                        is alive. Containers that fail liveness probes will be restarted.
-                      properties:
-                        exec:
-                          description: Exec probes a container's health by executing
-                            a command.
-                          properties:
-                            command:
-                              description: Command to be run by this probe.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - command
-                          type: object
-                        failureThreshold:
-                          description: FailureThreshold specifies how many consecutive
-                            probes must fail in order for the container to be considered
-                            healthy.
-                          format: int32
-                          type: integer
-                        httpGet:
-                          description: HTTPGet probes a container's health by sending
-                            an HTTP GET request.
-                          properties:
-                            httpHeaders:
-                              description: HTTPHeaders to send with the GET request.
-                              items:
-                                description: A HTTPHeader to be passed when probing
-                                  a container.
-                                properties:
-                                  name:
-                                    description: Name of this HTTP header. Must be
-                                      unique per probe.
-                                    type: string
-                                  value:
-                                    description: Value of this HTTP header.
-                                    type: string
-                                required:
-                                - name
-                                - value
-                                type: object
-                              type: array
-                            path:
-                              description: Path to probe, e.g. '/healthz'.
-                              type: string
-                            port:
-                              description: Port to probe.
-                              format: int32
-                              type: integer
-                          required:
-                          - path
-                          - port
-                          type: object
-                        initialDelaySeconds:
-                          description: InitialDelaySeconds after a container starts
-                            before the first probe.
-                          format: int32
-                          type: integer
-                        periodSeconds:
-                          description: PeriodSeconds between probes.
-                          format: int32
-                          type: integer
-                        successThreshold:
-                          description: SuccessThreshold specifies how many consecutive
-                            probes must success in order for the container to be considered
-                            healthy.
-                          format: int32
-                          type: integer
-                        tcpSocket:
-                          description: TCPSocketProbe probes a container's health
-                            by connecting to a TCP socket.
-                          properties:
-                            port:
-                              description: Port this probe should connect to.
-                              format: int32
-                              type: integer
-                          required:
-                          - port
-                          type: object
-                        timeoutSeconds:
-                          description: TimeoutSeconds after which the probe times
-                            out.
-                          format: int32
-                          type: integer
-                      type: object
-                    name:
-                      description: Name of this container. Must be unique within its
-                        workload.
-                      type: string
-                    ports:
-                      description: Ports exposed by this container.
-                      items:
-                        description: A ContainerPort specifies a port that is exposed
-                          by a container.
-                        properties:
-                          containerPort:
-                            description: Port number. Must be unique within its container.
-                            format: int32
-                            type: integer
-                          name:
-                            description: Name of this port. Must be unique within
-                              its container. Must be lowercase alphabetical characters.
-                            pattern: ^[a-z]+$
-                            type: string
-                          protocol:
-                            description: Protocol used by the server listening on
-                              this port.
-                            enum:
-                            - TCP
-                            - UDP
-                            type: string
-                        required:
-                        - containerPort
-                        - name
-                        type: object
-                      type: array
-                    readinessProbe:
-                      description: A ReadinessProbe assesses whether this container
-                        is ready to serve requests. Containers that fail readiness
-                        probes will be withdrawn from service.
-                      properties:
-                        exec:
-                          description: Exec probes a container's health by executing
-                            a command.
-                          properties:
-                            command:
-                              description: Command to be run by this probe.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - command
-                          type: object
-                        failureThreshold:
-                          description: FailureThreshold specifies how many consecutive
-                            probes must fail in order for the container to be considered
-                            healthy.
-                          format: int32
-                          type: integer
-                        httpGet:
-                          description: HTTPGet probes a container's health by sending
-                            an HTTP GET request.
-                          properties:
-                            httpHeaders:
-                              description: HTTPHeaders to send with the GET request.
-                              items:
-                                description: A HTTPHeader to be passed when probing
-                                  a container.
-                                properties:
-                                  name:
-                                    description: Name of this HTTP header. Must be
-                                      unique per probe.
-                                    type: string
-                                  value:
-                                    description: Value of this HTTP header.
-                                    type: string
-                                required:
-                                - name
-                                - value
-                                type: object
-                              type: array
-                            path:
-                              description: Path to probe, e.g. '/healthz'.
-                              type: string
-                            port:
-                              description: Port to probe.
-                              format: int32
-                              type: integer
-                          required:
-                          - path
-                          - port
-                          type: object
-                        initialDelaySeconds:
-                          description: InitialDelaySeconds after a container starts
-                            before the first probe.
-                          format: int32
-                          type: integer
-                        periodSeconds:
-                          description: PeriodSeconds between probes.
-                          format: int32
-                          type: integer
-                        successThreshold:
-                          description: SuccessThreshold specifies how many consecutive
-                            probes must success in order for the container to be considered
-                            healthy.
-                          format: int32
-                          type: integer
-                        tcpSocket:
-                          description: TCPSocketProbe probes a container's health
-                            by connecting to a TCP socket.
-                          properties:
-                            port:
-                              description: Port this probe should connect to.
-                              format: int32
-                              type: integer
-                          required:
-                          - port
-                          type: object
-                        timeoutSeconds:
-                          description: TimeoutSeconds after which the probe times
-                            out.
-                          format: int32
-                          type: integer
-                      type: object
-                    resources:
-                      description: Resources required by this container
-                      properties:
-                        cpu:
-                          description: CPU required by this container.
-                          properties:
-                            required:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              description: Required CPU count. 1.0 represents one
-                                CPU core.
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                          required:
-                          - required
-                          type: object
-                        extended:
-                          description: Extended resources required by this container.
-                          items:
-                            description: ExtendedResource required by a container.
-                            properties:
-                              name:
-                                description: Name of the external resource. Resource
-                                  names are specified in kind.group/version format,
-                                  e.g. motionsensor.ext.example.com/v1.
-                                type: string
-                              required:
-                                anyOf:
-                                - type: integer
-                                - type: string
-                                description: Required extended resource(s), e.g. 8
-                                  or "very-cool-widget"
-                                x-kubernetes-int-or-string: true
-                            required:
-                            - name
-                            - required
-                            type: object
-                          type: array
-                        gpu:
-                          description: GPU required by this container.
-                          properties:
-                            required:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              description: Required GPU count.
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                          required:
-                          - required
-                          type: object
-                        memory:
-                          description: Memory required by this container.
-                          properties:
-                            required:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              description: Required memory.
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                          required:
-                          - required
-                          type: object
-                        volumes:
-                          description: Volumes required by this container.
-                          items:
-                            description: VolumeResource required by a container.
-                            properties:
-                              accessMode:
-                                description: AccessMode of this volume; RO (read only)
-                                  or RW (read and write).
-                                enum:
-                                - RO
-                                - RW
-                                type: string
-                              disk:
-                                description: Disk requirements of this volume.
-                                properties:
-                                  ephemeral:
-                                    description: Ephemeral specifies whether an external
-                                      disk needs to be mounted.
-                                    type: boolean
-                                  required:
-                                    anyOf:
-                                    - type: integer
-                                    - type: string
-                                    description: Required disk space.
-                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                    x-kubernetes-int-or-string: true
-                                required:
-                                - required
-                                type: object
-                              mountPath:
-                                description: MountPath at which this volume will be
-                                  mounted within its container.
-                                type: string
-                              name:
-                                description: Name of this volume. Must be unique within
-                                  its container.
-                                type: string
-                              sharingPolicy:
-                                description: SharingPolicy of this volume; Exclusive
-                                  or Shared.
-                                enum:
-                                - Exclusive
-                                - Shared
-                                type: string
-                            required:
-                            - mountPath
-                            - name
-                            type: object
-                          type: array
-                      required:
-                      - cpu
-                      - memory
-                      type: object
-                  required:
-                  - image
-                  - name
-                  type: object
-                type: array
-              osType:
-                description: OperatingSystem required by this workload.
-                enum:
-                - linux
-                - windows
-                type: string
-            required:
-            - containers
-            type: object
-          status:
-            description: A ContainerizedWorkloadStatus represents the observed state
-              of a ContainerizedWorkload.
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              resources:
-                description: Resources managed by this containerised workload.
-                items:
-                  description: 'ObjectReference contains enough information to let
-                    you inspect or modify the referred object. --- New uses of this
-                    type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
-                    which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
-                    are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
-                    are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
-                    and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
-                    a locally provided and used type that is well-focused on your
-                    reference. For example, ServiceReferences for admission registration:
-                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
-                  properties:
-                    apiVersion:
-                      description: API version of the referent.
-                      type: string
-                    fieldPath:
-                      description: 'If referring to a piece of an object instead of
-                        an entire object, this string should contain a valid JSON/Go
-                        field access statement, such as desiredState.manifest.containers[2].
-                        For example, if the object reference is to a container within
-                        a pod, this would take on a value like: "spec.containers{name}"
-                        (where "name" refers to the name of the container that triggered
-                        the event) or if no container name is specified "spec.containers[2]"
-                        (container with index 2 in this pod). This syntax is chosen
-                        only to have some well-defined way of referencing a part of
-                        an object. TODO: this design is not final and this field is
-                        subject to change in the future.'
-                      type: string
-                    kind:
-                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                      type: string
-                    name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                      type: string
-                    namespace:
-                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                      type: string
-                    resourceVersion:
-                      description: 'Specific resourceVersion to which this reference
-                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                      type: string
-                    uid:
-                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                      type: string
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/oam-runtime/crds/core.oam.dev_traitdefinitions.yaml

@@ -188,6 +188,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -195,7 +222,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object
@@ -453,6 +497,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -460,7 +531,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object

charts/oam-runtime/crds/core.oam.dev_workloaddefinitions.yaml

@@ -193,6 +193,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -200,7 +227,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object
@@ -439,6 +483,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -446,7 +517,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object

charts/oam-runtime/templates/admission-webhooks/job-patch/job-createSecret.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       containers:
         - name: create
-          image: {{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+          image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
           imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
           args:
             - create

charts/oam-runtime/templates/admission-webhooks/job-patch/job-patchWebhook.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       containers:
         - name: patch
-          image: {{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+          image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
           imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
           args:
             - patch

charts/oam-runtime/templates/certmanager.yaml

@@ -18,6 +18,7 @@ metadata:
 spec:
   secretName: {{ template "oam-runtime.fullname" . }}-root-cert
   duration: 43800h # 5y
+  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
   issuerRef:
     name: {{ template "oam-runtime.fullname" . }}-self-signed-issuer
   commonName: "ca.webhook.oam-runtime"
@@ -44,6 +45,7 @@ metadata:
 spec:
   secretName: {{ template "oam-runtime.fullname" . }}-admission
   duration: 8760h # 1y
+  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
   issuerRef:
     name: {{ template "oam-runtime.fullname" . }}-root-issuer
   dnsNames:

charts/oam-runtime/templates/definitions/containerizedworkloads.yaml

@@ -1,13 +0,0 @@
-apiVersion: core.oam.dev/v1beta1
-kind: WorkloadDefinition
-metadata:
-  name: containerizedworkloads.core.oam.dev
-  namespace: {{.Values.systemDefinitionNamespace}}
-spec:
-  definitionRef:
-    name: containerizedworkloads.core.oam.dev
-  childResourceKinds:
-    - apiVersion: apps/v1
-      kind: Deployment
-    - apiVersion: v1
-      kind: Service

charts/oam-runtime/templates/oam-runtime-controller.yaml

@@ -126,7 +126,7 @@ spec:
             {{ end }}
             - "--system-definition-namespace={{ .Values.systemDefinitionNamespace }}"
             - "--oam-spec-ver={{ .Values.OAMSpecVer }}"
-          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+          image: {{ .Values.imageRegistry }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
           imagePullPolicy: {{ quote .Values.image.pullPolicy }}
           resources:
           {{- toYaml .Values.resources | nindent 12 }}

charts/oam-runtime/templates/test/test-application.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: "{{ include "oam-runtime.fullname" . }}-test-connection"
+  name: {{ include "oam-runtime.fullname" . }}-test-connection
   labels:
   {{- include "oam-runtime.labels" . | nindent 4 }}
   annotations:
@@ -9,7 +9,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.imageRegistry }}{{ .Values.test.app.repository }}:{{ .Values.test.app.tag }}
       command: ['wget']
       args: ['{{ include "oam-runtime.fullname" . }}:{{ .Values.healthCheck.port }}']
   restartPolicy: Never

charts/oam-runtime/values.yaml

@@ -7,6 +7,8 @@ replicaCount: 1
 applyOnceOnly: "off"
 
 disableCaps: "all"
+
+imageRegistry: ""
 image:
   repository: oamdev/vela-core
   tag: latest
@@ -68,13 +70,14 @@ admissionWebhooks:
   patch:
     enabled: true
     image:
-      repository: wonderflow/kube-webhook-certgen
-      tag: v2.1
+      repository: oamdev/kube-webhook-certgen
+      tag: v2.3
       pullPolicy: IfNotPresent
     affinity: {}
     tolerations: []
   certManager:
     enabled: false
+    revisionHistoryLimit: 3
   # If autoGenWorkloadDefinition is true, webhook will auto generated workloadDefinition which componentDefinition refers to
   autoGenWorkloadDefinition: true
 
@@ -97,4 +100,9 @@ concurrentReconciles: 4
 dependCheckWait: 30s
 
 # OAMSpecVer is the oam spec version controller want to setup
-OAMSpecVer: "v0.2"
+OAMSpecVer: "v0.2"
+
+test:
+  app:
+    repository: oamdev/busybox
+    tag: v1

charts/vela-core/Chart.yaml

@@ -19,3 +19,6 @@ version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 appVersion: 0.1.0
+
+home: https://kubevela.io
+icon: https://kubevela.io/img/logo.jpg

charts/vela-core/crds/core.oam.dev_applicationcontexts.yaml

@@ -1,446 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: applicationcontexts.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: ApplicationContext
-    listKind: ApplicationContextList
-    plural: applicationcontexts
-    shortNames:
-    - appcontext
-    singular: applicationcontext
-  scope: Namespaced
-  versions:
-  - name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: ApplicationContext is the Schema for the ApplicationContext API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ApplicationContextSpec is the spec of ApplicationContext
-            properties:
-              applicationRevisionName:
-                description: ApplicationRevisionName points to the snapshot of an
-                  Application with all its closure
-                type: string
-            required:
-            - applicationRevisionName
-            type: object
-          status:
-            description: we need to reuse the AC status
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              dependency:
-                description: DependencyStatus represents the observed state of the
-                  dependency of an ApplicationConfiguration.
-                properties:
-                  unsatisfied:
-                    items:
-                      description: UnstaifiedDependency describes unsatisfied dependency
-                        flow between one pair of objects.
-                      properties:
-                        from:
-                          description: DependencyFromObject represents the object
-                            that dependency data comes from.
-                          properties:
-                            apiVersion:
-                              description: API version of the referent.
-                              type: string
-                            fieldPath:
-                              description: 'If referring to a piece of an object instead
-                                of an entire object, this string should contain a
-                                valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                For example, if the object reference is to a container
-                                within a pod, this would take on a value like: "spec.containers{name}"
-                                (where "name" refers to the name of the container
-                                that triggered the event) or if no container name
-                                is specified "spec.containers[2]" (container with
-                                index 2 in this pod). This syntax is chosen only to
-                                have some well-defined way of referencing a part of
-                                an object. TODO: this design is not final and this
-                                field is subject to change in the future.'
-                              type: string
-                            kind:
-                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                              type: string
-                            name:
-                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                              type: string
-                            namespace:
-                              description: 'Namespace of the referent. More info:
-                                https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                              type: string
-                            resourceVersion:
-                              description: 'Specific resourceVersion to which this
-                                reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                              type: string
-                            uid:
-                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                              type: string
-                          type: object
-                        reason:
-                          type: string
-                        to:
-                          description: DependencyToObject represents the object that
-                            dependency data goes to.
-                          properties:
-                            apiVersion:
-                              description: API version of the referent.
-                              type: string
-                            fieldPath:
-                              description: 'If referring to a piece of an object instead
-                                of an entire object, this string should contain a
-                                valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                                For example, if the object reference is to a container
-                                within a pod, this would take on a value like: "spec.containers{name}"
-                                (where "name" refers to the name of the container
-                                that triggered the event) or if no container name
-                                is specified "spec.containers[2]" (container with
-                                index 2 in this pod). This syntax is chosen only to
-                                have some well-defined way of referencing a part of
-                                an object. TODO: this design is not final and this
-                                field is subject to change in the future.'
-                              type: string
-                            fieldPaths:
-                              items:
-                                type: string
-                              type: array
-                            kind:
-                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                              type: string
-                            name:
-                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                              type: string
-                            namespace:
-                              description: 'Namespace of the referent. More info:
-                                https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                              type: string
-                            resourceVersion:
-                              description: 'Specific resourceVersion to which this
-                                reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                              type: string
-                            uid:
-                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                              type: string
-                          type: object
-                      required:
-                      - from
-                      - reason
-                      - to
-                      type: object
-                    type: array
-                type: object
-              historyWorkloads:
-                description: HistoryWorkloads will record history but still working
-                  revision workloads.
-                items:
-                  description: HistoryWorkload contain the old component revision
-                    that are still running
-                  properties:
-                    revision:
-                      description: Revision of this workload
-                      type: string
-                    workloadRef:
-                      description: Reference to running workload.
-                      properties:
-                        apiVersion:
-                          description: API version of the referent.
-                          type: string
-                        fieldPath:
-                          description: 'If referring to a piece of an object instead
-                            of an entire object, this string should contain a valid
-                            JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                            For example, if the object reference is to a container
-                            within a pod, this would take on a value like: "spec.containers{name}"
-                            (where "name" refers to the name of the container that
-                            triggered the event) or if no container name is specified
-                            "spec.containers[2]" (container with index 2 in this pod).
-                            This syntax is chosen only to have some well-defined way
-                            of referencing a part of an object. TODO: this design
-                            is not final and this field is subject to change in the
-                            future.'
-                          type: string
-                        kind:
-                          description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                          type: string
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                          type: string
-                        namespace:
-                          description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                          type: string
-                        resourceVersion:
-                          description: 'Specific resourceVersion to which this reference
-                            is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                          type: string
-                        uid:
-                          description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                          type: string
-                      type: object
-                  type: object
-                type: array
-              observedGeneration:
-                description: The generation observed by the appConfig controller.
-                format: int64
-                type: integer
-              rollingStatus:
-                description: RollingStatus indicates what phase are we in the rollout
-                  phase
-                type: string
-              status:
-                description: Status is a place holder for a customized controller
-                  to fill if it needs a single place to summarize the status of the
-                  entire application
-                type: string
-              workloads:
-                description: Workloads created by this ApplicationConfiguration.
-                items:
-                  description: A WorkloadStatus represents the status of a workload.
-                  properties:
-                    appliedComponentRevision:
-                      description: AppliedComponentRevision indicates the applied
-                        component revision name of this workload
-                      type: string
-                    componentName:
-                      description: ComponentName that produced this workload.
-                      type: string
-                    componentRevisionName:
-                      description: ComponentRevisionName of current component
-                      type: string
-                    dependencyUnsatisfied:
-                      description: DependencyUnsatisfied notify does the workload
-                        has dependency unsatisfied
-                      type: boolean
-                    scopes:
-                      description: Scopes associated with this workload.
-                      items:
-                        description: A WorkloadScope represents a scope associated
-                          with a workload and its status
-                        properties:
-                          scopeRef:
-                            description: Reference to a scope created by an ApplicationConfiguration.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: 'If referring to a piece of an object
-                                  instead of an entire object, this string should
-                                  contain a valid JSON/Go field access statement,
-                                  such as desiredState.manifest.containers[2]. For
-                                  example, if the object reference is to a container
-                                  within a pod, this would take on a value like: "spec.containers{name}"
-                                  (where "name" refers to the name of the container
-                                  that triggered the event) or if no container name
-                                  is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only
-                                  to have some well-defined way of referencing a part
-                                  of an object. TODO: this design is not final and
-                                  this field is subject to change in the future.'
-                                type: string
-                              kind:
-                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                                type: string
-                              name:
-                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                                type: string
-                              namespace:
-                                description: 'Namespace of the referent. More info:
-                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                                type: string
-                              resourceVersion:
-                                description: 'Specific resourceVersion to which this
-                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                                type: string
-                              uid:
-                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                                type: string
-                            type: object
-                          status:
-                            description: Status is a place holder for a customized
-                              controller to fill if it needs a single place to summarize
-                              the status of the scope
-                            type: string
-                        required:
-                        - scopeRef
-                        type: object
-                      type: array
-                    status:
-                      description: Status is a place holder for a customized controller
-                        to fill if it needs a single place to summarize the entire
-                        status of the workload
-                      type: string
-                    traits:
-                      description: Traits associated with this workload.
-                      items:
-                        description: A WorkloadTrait represents a trait associated
-                          with a workload and its status
-                        properties:
-                          appliedGeneration:
-                            description: AppliedGeneration indicates the generation
-                              observed by the appConfig controller. The same field
-                              is also recorded in the annotations of traits. A trait
-                              is possible to be deleted from cluster after created.
-                              This field is useful to track the observed generation
-                              of traits after they are deleted.
-                            format: int64
-                            type: integer
-                          dependencyUnsatisfied:
-                            description: DependencyUnsatisfied notify does the trait
-                              has dependency unsatisfied
-                            type: boolean
-                          message:
-                            description: Message will allow controller to leave some
-                              additional information for this trait
-                            type: string
-                          status:
-                            description: Status is a place holder for a customized
-                              controller to fill if it needs a single place to summarize
-                              the status of the trait
-                            type: string
-                          traitRef:
-                            description: Reference to a trait created by an ApplicationConfiguration.
-                            properties:
-                              apiVersion:
-                                description: API version of the referent.
-                                type: string
-                              fieldPath:
-                                description: 'If referring to a piece of an object
-                                  instead of an entire object, this string should
-                                  contain a valid JSON/Go field access statement,
-                                  such as desiredState.manifest.containers[2]. For
-                                  example, if the object reference is to a container
-                                  within a pod, this would take on a value like: "spec.containers{name}"
-                                  (where "name" refers to the name of the container
-                                  that triggered the event) or if no container name
-                                  is specified "spec.containers[2]" (container with
-                                  index 2 in this pod). This syntax is chosen only
-                                  to have some well-defined way of referencing a part
-                                  of an object. TODO: this design is not final and
-                                  this field is subject to change in the future.'
-                                type: string
-                              kind:
-                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                                type: string
-                              name:
-                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                                type: string
-                              namespace:
-                                description: 'Namespace of the referent. More info:
-                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                                type: string
-                              resourceVersion:
-                                description: 'Specific resourceVersion to which this
-                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                                type: string
-                              uid:
-                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                                type: string
-                            type: object
-                        required:
-                        - traitRef
-                        type: object
-                      type: array
-                    workloadRef:
-                      description: Reference to a workload created by an ApplicationConfiguration.
-                      properties:
-                        apiVersion:
-                          description: API version of the referent.
-                          type: string
-                        fieldPath:
-                          description: 'If referring to a piece of an object instead
-                            of an entire object, this string should contain a valid
-                            JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                            For example, if the object reference is to a container
-                            within a pod, this would take on a value like: "spec.containers{name}"
-                            (where "name" refers to the name of the container that
-                            triggered the event) or if no container name is specified
-                            "spec.containers[2]" (container with index 2 in this pod).
-                            This syntax is chosen only to have some well-defined way
-                            of referencing a part of an object. TODO: this design
-                            is not final and this field is subject to change in the
-                            future.'
-                          type: string
-                        kind:
-                          description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                          type: string
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                          type: string
-                        namespace:
-                          description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                          type: string
-                        resourceVersion:
-                          description: 'Specific resourceVersion to which this reference
-                            is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                          type: string
-                        uid:
-                          description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                          type: string
-                      type: object
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml

@@ -622,6 +622,23 @@ spec:
                         description: The generation observed by the application controller.
                         format: int64
                         type: integer
+                      policy:
+                        description: PolicyStatus records the status of policy
+                        items:
+                          description: PolicyStatus records the status of policy
+                          properties:
+                            name:
+                              type: string
+                            status:
+                              type: object
+                              x-kubernetes-preserve-unknown-fields: true
+                            type:
+                              type: string
+                          required:
+                          - name
+                          - type
+                          type: object
+                        type: array
                       resourceTracker:
                         description: ResourceTracker record the status of the ResourceTracker
                         properties:
@@ -892,7 +909,7 @@ spec:
                         type: array
                       status:
                         description: ApplicationPhase is a label for the condition
-                          of a application at the current time
+                          of an application at the current time
                         type: string
                       workflow:
                         description: Workflow record the status of workflow
@@ -966,16 +983,31 @@ spec:
                                 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                 type: string
                             type: object
+                          finished:
+                            type: boolean
                           mode:
                             description: WorkflowMode describes the mode of workflow
                             type: string
+                          startTime:
+                            format: date-time
+                            type: string
                           steps:
                             items:
                               description: WorkflowStepStatus record the status of
                                 a workflow step
                               properties:
+                                firstExecuteTime:
+                                  description: FirstExecuteTime is the first time
+                                    this step execution.
+                                  format: date-time
+                                  type: string
                                 id:
                                   type: string
+                                lastExecuteTime:
+                                  description: LastExecuteTime is the last time this
+                                    step execution.
+                                  format: date-time
+                                  type: string
                                 message:
                                   description: A human readable message indicating
                                     details about why the workflowStep is in this
@@ -1043,6 +1075,7 @@ spec:
                           terminated:
                             type: boolean
                         required:
+                        - finished
                         - mode
                         - suspend
                         - terminated
@@ -1232,6 +1265,35 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                deleteResource:
+                                  default: true
+                                  description: DeleteResource will determine whether
+                                    provisioned cloud resources will be deleted when
+                                    CR is deleted
+                                  type: boolean
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the referenced object.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                region:
+                                  description: Region is cloud provider's region.
+                                    It will override the region in the region field
+                                    of ProviderReference
+                                  type: string
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -1239,7 +1301,25 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
+                                writeConnectionSecretToRef:
+                                  description: WriteConnectionSecretToReference specifies
+                                    the namespace and name of a Secret to which any
+                                    connection details for this managed resource should
+                                    be written. Connection details frequently include
+                                    the endpoint, username, and password required
+                                    to connect to the managed resource.
+                                  properties:
+                                    name:
+                                      description: Name of the secret.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                               required:
                               - configuration
                               type: object
@@ -1620,6 +1700,35 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                deleteResource:
+                                  default: true
+                                  description: DeleteResource will determine whether
+                                    provisioned cloud resources will be deleted when
+                                    CR is deleted
+                                  type: boolean
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the referenced object.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                region:
+                                  description: Region is cloud provider's region.
+                                    It will override the region in the region field
+                                    of ProviderReference
+                                  type: string
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -1627,7 +1736,25 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
+                                writeConnectionSecretToRef:
+                                  description: WriteConnectionSecretToReference specifies
+                                    the namespace and name of a Secret to which any
+                                    connection details for this managed resource should
+                                    be written. Connection details frequently include
+                                    the endpoint, username, and password required
+                                    to connect to the managed resource.
+                                  properties:
+                                    name:
+                                      description: Name of the secret.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                               required:
                               - configuration
                               type: object
@@ -1906,6 +2033,35 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                deleteResource:
+                                  default: true
+                                  description: DeleteResource will determine whether
+                                    provisioned cloud resources will be deleted when
+                                    CR is deleted
+                                  type: boolean
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the referenced object.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                region:
+                                  description: Region is cloud provider's region.
+                                    It will override the region in the region field
+                                    of ProviderReference
+                                  type: string
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -1913,7 +2069,25 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
+                                writeConnectionSecretToRef:
+                                  description: WriteConnectionSecretToReference specifies
+                                    the namespace and name of a Secret to which any
+                                    connection details for this managed resource should
+                                    be written. Connection details frequently include
+                                    the endpoint, username, and password required
+                                    to connect to the managed resource.
+                                  properties:
+                                    name:
+                                      description: Name of the secret.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                               required:
                               - configuration
                               type: object
@@ -2053,6 +2227,10 @@ spec:
                           description: ApplicationComponent describe the component
                             of application
                           properties:
+                            dependsOn:
+                              items:
+                                type: string
+                              type: array
                             externalRevision:
                               description: ExternalRevision specified the component
                                 revisionName
@@ -2474,6 +2652,10 @@ spec:
                               description: WorkflowStep defines how to execute a workflow
                                 step.
                               properties:
+                                dependsOn:
+                                  items:
+                                    type: string
+                                  type: array
                                 inputs:
                                   description: StepInputs defines variable input of
                                     WorkflowStep
@@ -2697,6 +2879,23 @@ spec:
                         description: The generation observed by the application controller.
                         format: int64
                         type: integer
+                      policy:
+                        description: PolicyStatus records the status of policy
+                        items:
+                          description: PolicyStatus records the status of policy
+                          properties:
+                            name:
+                              type: string
+                            status:
+                              type: object
+                              x-kubernetes-preserve-unknown-fields: true
+                            type:
+                              type: string
+                          required:
+                          - name
+                          - type
+                          type: object
+                        type: array
                       resourceTracker:
                         description: ResourceTracker record the status of the ResourceTracker
                         properties:
@@ -2967,7 +3166,7 @@ spec:
                         type: array
                       status:
                         description: ApplicationPhase is a label for the condition
-                          of a application at the current time
+                          of an application at the current time
                         type: string
                       workflow:
                         description: Workflow record the status of workflow
@@ -3041,16 +3240,31 @@ spec:
                                 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                 type: string
                             type: object
+                          finished:
+                            type: boolean
                           mode:
                             description: WorkflowMode describes the mode of workflow
                             type: string
+                          startTime:
+                            format: date-time
+                            type: string
                           steps:
                             items:
                               description: WorkflowStepStatus record the status of
                                 a workflow step
                               properties:
+                                firstExecuteTime:
+                                  description: FirstExecuteTime is the first time
+                                    this step execution.
+                                  format: date-time
+                                  type: string
                                 id:
                                   type: string
+                                lastExecuteTime:
+                                  description: LastExecuteTime is the last time this
+                                    step execution.
+                                  format: date-time
+                                  type: string
                                 message:
                                   description: A human readable message indicating
                                     details about why the workflowStep is in this
@@ -3118,6 +3332,7 @@ spec:
                           terminated:
                             type: boolean
                         required:
+                        - finished
                         - mode
                         - suspend
                         - terminated
@@ -3307,6 +3522,35 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                deleteResource:
+                                  default: true
+                                  description: DeleteResource will determine whether
+                                    provisioned cloud resources will be deleted when
+                                    CR is deleted
+                                  type: boolean
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the referenced object.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                region:
+                                  description: Region is cloud provider's region.
+                                    It will override the region in the region field
+                                    of ProviderReference
+                                  type: string
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -3314,7 +3558,25 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
+                                writeConnectionSecretToRef:
+                                  description: WriteConnectionSecretToReference specifies
+                                    the namespace and name of a Secret to which any
+                                    connection details for this managed resource should
+                                    be written. Connection details frequently include
+                                    the endpoint, username, and password required
+                                    to connect to the managed resource.
+                                  properties:
+                                    name:
+                                      description: Name of the secret.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                               required:
                               - configuration
                               type: object
@@ -3588,6 +3850,35 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                deleteResource:
+                                  default: true
+                                  description: DeleteResource will determine whether
+                                    provisioned cloud resources will be deleted when
+                                    CR is deleted
+                                  type: boolean
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the referenced object.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                region:
+                                  description: Region is cloud provider's region.
+                                    It will override the region in the region field
+                                    of ProviderReference
+                                  type: string
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -3595,7 +3886,25 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
+                                writeConnectionSecretToRef:
+                                  description: WriteConnectionSecretToReference specifies
+                                    the namespace and name of a Secret to which any
+                                    connection details for this managed resource should
+                                    be written. Connection details frequently include
+                                    the endpoint, username, and password required
+                                    to connect to the managed resource.
+                                  properties:
+                                    name:
+                                      description: Name of the secret.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                               required:
                               - configuration
                               type: object
@@ -3958,6 +4267,35 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                deleteResource:
+                                  default: true
+                                  description: DeleteResource will determine whether
+                                    provisioned cloud resources will be deleted when
+                                    CR is deleted
+                                  type: boolean
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the referenced object.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                region:
+                                  description: Region is cloud provider's region.
+                                    It will override the region in the region field
+                                    of ProviderReference
+                                  type: string
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -3965,7 +4303,25 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
+                                writeConnectionSecretToRef:
+                                  description: WriteConnectionSecretToReference specifies
+                                    the namespace and name of a Secret to which any
+                                    connection details for this managed resource should
+                                    be written. Connection details frequently include
+                                    the endpoint, username, and password required
+                                    to connect to the managed resource.
+                                  properties:
+                                    name:
+                                      description: Name of the secret.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                               required:
                               - configuration
                               type: object
@@ -4207,6 +4563,35 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                deleteResource:
+                                  default: true
+                                  description: DeleteResource will determine whether
+                                    provisioned cloud resources will be deleted when
+                                    CR is deleted
+                                  type: boolean
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the referenced object.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                region:
+                                  description: Region is cloud provider's region.
+                                    It will override the region in the region field
+                                    of ProviderReference
+                                  type: string
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -4214,7 +4599,25 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
+                                writeConnectionSecretToRef:
+                                  description: WriteConnectionSecretToReference specifies
+                                    the namespace and name of a Secret to which any
+                                    connection details for this managed resource should
+                                    be written. Connection details frequently include
+                                    the endpoint, username, and password required
+                                    to connect to the managed resource.
+                                  properties:
+                                    name:
+                                      description: Name of the secret.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                               required:
                               - configuration
                               type: object
@@ -4258,6 +4661,10 @@ spec:
                             - type
                             type: object
                           type: array
+                        configMapRef:
+                          description: ConfigMapRef refer to a ConfigMap which contains
+                            OpenAPI V3 JSON schema of Component parameters.
+                          type: string
                         latestRevision:
                           description: LatestRevision of the component definition
                           properties:
@@ -4472,6 +4879,35 @@ spec:
                                 configuration:
                                   description: Configuration is Terraform Configuration
                                   type: string
+                                deleteResource:
+                                  default: true
+                                  description: DeleteResource will determine whether
+                                    provisioned cloud resources will be deleted when
+                                    CR is deleted
+                                  type: boolean
+                                path:
+                                  description: Path is the sub-directory of remote
+                                    git repository. It's valid when remote is set
+                                  type: string
+                                providerRef:
+                                  description: ProviderReference specifies the reference
+                                    to Provider
+                                  properties:
+                                    name:
+                                      description: Name of the referenced object.
+                                      type: string
+                                    namespace:
+                                      default: default
+                                      description: Namespace of the referenced object.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                region:
+                                  description: Region is cloud provider's region.
+                                    It will override the region in the region field
+                                    of ProviderReference
+                                  type: string
                                 type:
                                   default: hcl
                                   description: Type specifies which Terraform configuration
@@ -4479,7 +4915,25 @@ spec:
                                   enum:
                                   - hcl
                                   - json
+                                  - remote
                                   type: string
+                                writeConnectionSecretToRef:
+                                  description: WriteConnectionSecretToReference specifies
+                                    the namespace and name of a Secret to which any
+                                    connection details for this managed resource should
+                                    be written. Connection details frequently include
+                                    the endpoint, username, and password required
+                                    to connect to the managed resource.
+                                  properties:
+                                    name:
+                                      description: Name of the secret.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the secret.
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
                               required:
                               - configuration
                               type: object

charts/vela-core/crds/core.oam.dev_applications.yaml

@@ -443,6 +443,23 @@ spec:
                 description: The generation observed by the application controller.
                 format: int64
                 type: integer
+              policy:
+                description: PolicyStatus records the status of policy
+                items:
+                  description: PolicyStatus records the status of policy
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                    type:
+                      type: string
+                  required:
+                  - name
+                  - type
+                  type: object
+                type: array
               resourceTracker:
                 description: ResourceTracker record the status of the ResourceTracker
                 properties:
@@ -616,7 +633,7 @@ spec:
                   type: object
                 type: array
               status:
-                description: ApplicationPhase is a label for the condition of a application at the current time
+                description: ApplicationPhase is a label for the condition of an application at the current time
                 type: string
               workflow:
                 description: Workflow record the status of workflow
@@ -648,15 +665,28 @@ spec:
                         description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                         type: string
                     type: object
+                  finished:
+                    type: boolean
                   mode:
                     description: WorkflowMode describes the mode of workflow
                     type: string
+                  startTime:
+                    format: date-time
+                    type: string
                   steps:
                     items:
                       description: WorkflowStepStatus record the status of a workflow step
                       properties:
+                        firstExecuteTime:
+                          description: FirstExecuteTime is the first time this step execution.
+                          format: date-time
+                          type: string
                         id:
                           type: string
+                        lastExecuteTime:
+                          description: LastExecuteTime is the last time this step execution.
+                          format: date-time
+                          type: string
                         message:
                           description: A human readable message indicating details about why the workflowStep is in this state.
                           type: string
@@ -711,6 +741,7 @@ spec:
                   terminated:
                     type: boolean
                 required:
+                - finished
                 - mode
                 - suspend
                 - terminated
@@ -760,6 +791,10 @@ spec:
                 items:
                   description: ApplicationComponent describe the component of application
                   properties:
+                    dependsOn:
+                      items:
+                        type: string
+                      type: array
                     externalRevision:
                       description: ExternalRevision specified the component revisionName
                       type: string
@@ -1074,6 +1109,10 @@ spec:
                     items:
                       description: WorkflowStep defines how to execute a workflow step.
                       properties:
+                        dependsOn:
+                          items:
+                            type: string
+                          type: array
                         inputs:
                           description: StepInputs defines variable input of WorkflowStep
                           items:
@@ -1228,6 +1267,23 @@ spec:
                 description: The generation observed by the application controller.
                 format: int64
                 type: integer
+              policy:
+                description: PolicyStatus records the status of policy
+                items:
+                  description: PolicyStatus records the status of policy
+                  properties:
+                    name:
+                      type: string
+                    status:
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                    type:
+                      type: string
+                  required:
+                  - name
+                  - type
+                  type: object
+                type: array
               resourceTracker:
                 description: ResourceTracker record the status of the ResourceTracker
                 properties:
@@ -1401,7 +1457,7 @@ spec:
                   type: object
                 type: array
               status:
-                description: ApplicationPhase is a label for the condition of a application at the current time
+                description: ApplicationPhase is a label for the condition of an application at the current time
                 type: string
               workflow:
                 description: Workflow record the status of workflow
@@ -1433,15 +1489,28 @@ spec:
                         description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                         type: string
                     type: object
+                  finished:
+                    type: boolean
                   mode:
                     description: WorkflowMode describes the mode of workflow
                     type: string
+                  startTime:
+                    format: date-time
+                    type: string
                   steps:
                     items:
                       description: WorkflowStepStatus record the status of a workflow step
                       properties:
+                        firstExecuteTime:
+                          description: FirstExecuteTime is the first time this step execution.
+                          format: date-time
+                          type: string
                         id:
                           type: string
+                        lastExecuteTime:
+                          description: LastExecuteTime is the last time this step execution.
+                          format: date-time
+                          type: string
                         message:
                           description: A human readable message indicating details about why the workflowStep is in this state.
                           type: string
@@ -1496,6 +1565,7 @@ spec:
                   terminated:
                     type: boolean
                 required:
+                - finished
                 - mode
                 - suspend
                 - terminated

charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml

@@ -179,6 +179,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -186,7 +213,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object
@@ -448,6 +492,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -455,7 +526,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object

charts/vela-core/crds/core.oam.dev_containerizedworkloads.yaml

@@ -1,593 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: containerizedworkloads.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: ContainerizedWorkload
-    listKind: ContainerizedWorkloadList
-    plural: containerizedworkloads
-    singular: containerizedworkload
-  scope: Namespaced
-  versions:
-  - name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: A ContainerizedWorkload is a workload that runs OCI containers.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A ContainerizedWorkloadSpec defines the desired state of
-              a ContainerizedWorkload.
-            properties:
-              arch:
-                description: CPUArchitecture required by this workload.
-                enum:
-                - i386
-                - amd64
-                - arm
-                - arm64
-                type: string
-              containers:
-                description: Containers of which this workload consists.
-                items:
-                  description: A Container represents an Open Containers Initiative
-                    (OCI) container.
-                  properties:
-                    args:
-                      description: Arguments to be passed to the command run by this
-                        container.
-                      items:
-                        type: string
-                      type: array
-                    command:
-                      description: Command to be run by this container.
-                      items:
-                        type: string
-                      type: array
-                    config:
-                      description: ConfigFiles that should be written within this
-                        container.
-                      items:
-                        description: A ContainerConfigFile specifies a configuration
-                          file that should be written within a container.
-                        properties:
-                          fromSecret:
-                            description: FromSecret is a secret key reference which
-                              can be used to assign a value to be written to the configuration
-                              file at the given path in the container.
-                            properties:
-                              key:
-                                description: The key to select.
-                                type: string
-                              name:
-                                description: The name of the secret.
-                                type: string
-                            required:
-                            - key
-                            - name
-                            type: object
-                          path:
-                            description: Path within the container at which the configuration
-                              file should be written.
-                            type: string
-                          value:
-                            description: Value that should be written to the configuration
-                              file.
-                            type: string
-                        required:
-                        - path
-                        type: object
-                      type: array
-                    env:
-                      description: Environment variables that should be set within
-                        this container.
-                      items:
-                        description: A ContainerEnvVar specifies an environment variable
-                          that should be set within a container.
-                        properties:
-                          fromSecret:
-                            description: FromSecret is a secret key reference which
-                              can be used to assign a value to the environment variable.
-                            properties:
-                              key:
-                                description: The key to select.
-                                type: string
-                              name:
-                                description: The name of the secret.
-                                type: string
-                            required:
-                            - key
-                            - name
-                            type: object
-                          name:
-                            description: Name of the environment variable. Must be
-                              composed of valid Unicode letter and number characters,
-                              as well as _ and -.
-                            pattern: ^[-_a-zA-Z0-9]+$
-                            type: string
-                          value:
-                            description: Value of the environment variable.
-                            type: string
-                        required:
-                        - name
-                        type: object
-                      type: array
-                    image:
-                      description: Image this container should run. Must be a path-like
-                        or URI-like representation of an OCI image. May be prefixed
-                        with a registry address and should be suffixed with a tag.
-                      type: string
-                    imagePullSecret:
-                      description: ImagePullSecret specifies the name of a Secret
-                        from which the credentials required to pull this container's
-                        image can be loaded.
-                      type: string
-                    livenessProbe:
-                      description: A LivenessProbe assesses whether this container
-                        is alive. Containers that fail liveness probes will be restarted.
-                      properties:
-                        exec:
-                          description: Exec probes a container's health by executing
-                            a command.
-                          properties:
-                            command:
-                              description: Command to be run by this probe.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - command
-                          type: object
-                        failureThreshold:
-                          description: FailureThreshold specifies how many consecutive
-                            probes must fail in order for the container to be considered
-                            healthy.
-                          format: int32
-                          type: integer
-                        httpGet:
-                          description: HTTPGet probes a container's health by sending
-                            an HTTP GET request.
-                          properties:
-                            httpHeaders:
-                              description: HTTPHeaders to send with the GET request.
-                              items:
-                                description: A HTTPHeader to be passed when probing
-                                  a container.
-                                properties:
-                                  name:
-                                    description: Name of this HTTP header. Must be
-                                      unique per probe.
-                                    type: string
-                                  value:
-                                    description: Value of this HTTP header.
-                                    type: string
-                                required:
-                                - name
-                                - value
-                                type: object
-                              type: array
-                            path:
-                              description: Path to probe, e.g. '/healthz'.
-                              type: string
-                            port:
-                              description: Port to probe.
-                              format: int32
-                              type: integer
-                          required:
-                          - path
-                          - port
-                          type: object
-                        initialDelaySeconds:
-                          description: InitialDelaySeconds after a container starts
-                            before the first probe.
-                          format: int32
-                          type: integer
-                        periodSeconds:
-                          description: PeriodSeconds between probes.
-                          format: int32
-                          type: integer
-                        successThreshold:
-                          description: SuccessThreshold specifies how many consecutive
-                            probes must success in order for the container to be considered
-                            healthy.
-                          format: int32
-                          type: integer
-                        tcpSocket:
-                          description: TCPSocketProbe probes a container's health
-                            by connecting to a TCP socket.
-                          properties:
-                            port:
-                              description: Port this probe should connect to.
-                              format: int32
-                              type: integer
-                          required:
-                          - port
-                          type: object
-                        timeoutSeconds:
-                          description: TimeoutSeconds after which the probe times
-                            out.
-                          format: int32
-                          type: integer
-                      type: object
-                    name:
-                      description: Name of this container. Must be unique within its
-                        workload.
-                      type: string
-                    ports:
-                      description: Ports exposed by this container.
-                      items:
-                        description: A ContainerPort specifies a port that is exposed
-                          by a container.
-                        properties:
-                          containerPort:
-                            description: Port number. Must be unique within its container.
-                            format: int32
-                            type: integer
-                          name:
-                            description: Name of this port. Must be unique within
-                              its container. Must be lowercase alphabetical characters.
-                            pattern: ^[a-z]+$
-                            type: string
-                          protocol:
-                            description: Protocol used by the server listening on
-                              this port.
-                            enum:
-                            - TCP
-                            - UDP
-                            type: string
-                        required:
-                        - containerPort
-                        - name
-                        type: object
-                      type: array
-                    readinessProbe:
-                      description: A ReadinessProbe assesses whether this container
-                        is ready to serve requests. Containers that fail readiness
-                        probes will be withdrawn from service.
-                      properties:
-                        exec:
-                          description: Exec probes a container's health by executing
-                            a command.
-                          properties:
-                            command:
-                              description: Command to be run by this probe.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - command
-                          type: object
-                        failureThreshold:
-                          description: FailureThreshold specifies how many consecutive
-                            probes must fail in order for the container to be considered
-                            healthy.
-                          format: int32
-                          type: integer
-                        httpGet:
-                          description: HTTPGet probes a container's health by sending
-                            an HTTP GET request.
-                          properties:
-                            httpHeaders:
-                              description: HTTPHeaders to send with the GET request.
-                              items:
-                                description: A HTTPHeader to be passed when probing
-                                  a container.
-                                properties:
-                                  name:
-                                    description: Name of this HTTP header. Must be
-                                      unique per probe.
-                                    type: string
-                                  value:
-                                    description: Value of this HTTP header.
-                                    type: string
-                                required:
-                                - name
-                                - value
-                                type: object
-                              type: array
-                            path:
-                              description: Path to probe, e.g. '/healthz'.
-                              type: string
-                            port:
-                              description: Port to probe.
-                              format: int32
-                              type: integer
-                          required:
-                          - path
-                          - port
-                          type: object
-                        initialDelaySeconds:
-                          description: InitialDelaySeconds after a container starts
-                            before the first probe.
-                          format: int32
-                          type: integer
-                        periodSeconds:
-                          description: PeriodSeconds between probes.
-                          format: int32
-                          type: integer
-                        successThreshold:
-                          description: SuccessThreshold specifies how many consecutive
-                            probes must success in order for the container to be considered
-                            healthy.
-                          format: int32
-                          type: integer
-                        tcpSocket:
-                          description: TCPSocketProbe probes a container's health
-                            by connecting to a TCP socket.
-                          properties:
-                            port:
-                              description: Port this probe should connect to.
-                              format: int32
-                              type: integer
-                          required:
-                          - port
-                          type: object
-                        timeoutSeconds:
-                          description: TimeoutSeconds after which the probe times
-                            out.
-                          format: int32
-                          type: integer
-                      type: object
-                    resources:
-                      description: Resources required by this container
-                      properties:
-                        cpu:
-                          description: CPU required by this container.
-                          properties:
-                            required:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              description: Required CPU count. 1.0 represents one
-                                CPU core.
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                          required:
-                          - required
-                          type: object
-                        extended:
-                          description: Extended resources required by this container.
-                          items:
-                            description: ExtendedResource required by a container.
-                            properties:
-                              name:
-                                description: Name of the external resource. Resource
-                                  names are specified in kind.group/version format,
-                                  e.g. motionsensor.ext.example.com/v1.
-                                type: string
-                              required:
-                                anyOf:
-                                - type: integer
-                                - type: string
-                                description: Required extended resource(s), e.g. 8
-                                  or "very-cool-widget"
-                                x-kubernetes-int-or-string: true
-                            required:
-                            - name
-                            - required
-                            type: object
-                          type: array
-                        gpu:
-                          description: GPU required by this container.
-                          properties:
-                            required:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              description: Required GPU count.
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                          required:
-                          - required
-                          type: object
-                        memory:
-                          description: Memory required by this container.
-                          properties:
-                            required:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              description: Required memory.
-                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                              x-kubernetes-int-or-string: true
-                          required:
-                          - required
-                          type: object
-                        volumes:
-                          description: Volumes required by this container.
-                          items:
-                            description: VolumeResource required by a container.
-                            properties:
-                              accessMode:
-                                description: AccessMode of this volume; RO (read only)
-                                  or RW (read and write).
-                                enum:
-                                - RO
-                                - RW
-                                type: string
-                              disk:
-                                description: Disk requirements of this volume.
-                                properties:
-                                  ephemeral:
-                                    description: Ephemeral specifies whether an external
-                                      disk needs to be mounted.
-                                    type: boolean
-                                  required:
-                                    anyOf:
-                                    - type: integer
-                                    - type: string
-                                    description: Required disk space.
-                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                                    x-kubernetes-int-or-string: true
-                                required:
-                                - required
-                                type: object
-                              mountPath:
-                                description: MountPath at which this volume will be
-                                  mounted within its container.
-                                type: string
-                              name:
-                                description: Name of this volume. Must be unique within
-                                  its container.
-                                type: string
-                              sharingPolicy:
-                                description: SharingPolicy of this volume; Exclusive
-                                  or Shared.
-                                enum:
-                                - Exclusive
-                                - Shared
-                                type: string
-                            required:
-                            - mountPath
-                            - name
-                            type: object
-                          type: array
-                      required:
-                      - cpu
-                      - memory
-                      type: object
-                  required:
-                  - image
-                  - name
-                  type: object
-                type: array
-              osType:
-                description: OperatingSystem required by this workload.
-                enum:
-                - linux
-                - windows
-                type: string
-            required:
-            - containers
-            type: object
-          status:
-            description: A ContainerizedWorkloadStatus represents the observed state
-              of a ContainerizedWorkload.
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              resources:
-                description: Resources managed by this containerised workload.
-                items:
-                  description: 'ObjectReference contains enough information to let
-                    you inspect or modify the referred object. --- New uses of this
-                    type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
-                    which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
-                    are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
-                    are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
-                    and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
-                    a locally provided and used type that is well-focused on your
-                    reference. For example, ServiceReferences for admission registration:
-                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
-                  properties:
-                    apiVersion:
-                      description: API version of the referent.
-                      type: string
-                    fieldPath:
-                      description: 'If referring to a piece of an object instead of
-                        an entire object, this string should contain a valid JSON/Go
-                        field access statement, such as desiredState.manifest.containers[2].
-                        For example, if the object reference is to a container within
-                        a pod, this would take on a value like: "spec.containers{name}"
-                        (where "name" refers to the name of the container that triggered
-                        the event) or if no container name is specified "spec.containers[2]"
-                        (container with index 2 in this pod). This syntax is chosen
-                        only to have some well-defined way of referencing a part of
-                        an object. TODO: this design is not final and this field is
-                        subject to change in the future.'
-                      type: string
-                    kind:
-                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                      type: string
-                    name:
-                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                      type: string
-                    namespace:
-                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                      type: string
-                    resourceVersion:
-                      description: 'Specific resourceVersion to which this reference
-                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                      type: string
-                    uid:
-                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                      type: string
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml

@@ -222,6 +222,35 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              deleteResource:
+                                default: true
+                                description: DeleteResource will determine whether
+                                  provisioned cloud resources will be deleted when
+                                  CR is deleted
+                                type: boolean
+                              path:
+                                description: Path is the sub-directory of remote git
+                                  repository. It's valid when remote is set
+                                type: string
+                              providerRef:
+                                description: ProviderReference specifies the reference
+                                  to Provider
+                                properties:
+                                  name:
+                                    description: Name of the referenced object.
+                                    type: string
+                                  namespace:
+                                    default: default
+                                    description: Namespace of the referenced object.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              region:
+                                description: Region is cloud provider's region. It
+                                  will override the region in the region field of
+                                  ProviderReference
+                                type: string
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -229,7 +258,25 @@ spec:
                                 enum:
                                 - hcl
                                 - json
+                                - remote
                                 type: string
+                              writeConnectionSecretToRef:
+                                description: WriteConnectionSecretToReference specifies
+                                  the namespace and name of a Secret to which any
+                                  connection details for this managed resource should
+                                  be written. Connection details frequently include
+                                  the endpoint, username, and password required to
+                                  connect to the managed resource.
+                                properties:
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: Namespace of the secret.
+                                    type: string
+                                required:
+                                - name
+                                type: object
                             required:
                             - configuration
                             type: object
@@ -491,6 +538,35 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              deleteResource:
+                                default: true
+                                description: DeleteResource will determine whether
+                                  provisioned cloud resources will be deleted when
+                                  CR is deleted
+                                type: boolean
+                              path:
+                                description: Path is the sub-directory of remote git
+                                  repository. It's valid when remote is set
+                                type: string
+                              providerRef:
+                                description: ProviderReference specifies the reference
+                                  to Provider
+                                properties:
+                                  name:
+                                    description: Name of the referenced object.
+                                    type: string
+                                  namespace:
+                                    default: default
+                                    description: Namespace of the referenced object.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              region:
+                                description: Region is cloud provider's region. It
+                                  will override the region in the region field of
+                                  ProviderReference
+                                type: string
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -498,7 +574,25 @@ spec:
                                 enum:
                                 - hcl
                                 - json
+                                - remote
                                 type: string
+                              writeConnectionSecretToRef:
+                                description: WriteConnectionSecretToReference specifies
+                                  the namespace and name of a Secret to which any
+                                  connection details for this managed resource should
+                                  be written. Connection details frequently include
+                                  the endpoint, username, and password required to
+                                  connect to the managed resource.
+                                properties:
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: Namespace of the secret.
+                                    type: string
+                                required:
+                                - name
+                                type: object
                             required:
                             - configuration
                             type: object
@@ -753,6 +847,35 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              deleteResource:
+                                default: true
+                                description: DeleteResource will determine whether
+                                  provisioned cloud resources will be deleted when
+                                  CR is deleted
+                                type: boolean
+                              path:
+                                description: Path is the sub-directory of remote git
+                                  repository. It's valid when remote is set
+                                type: string
+                              providerRef:
+                                description: ProviderReference specifies the reference
+                                  to Provider
+                                properties:
+                                  name:
+                                    description: Name of the referenced object.
+                                    type: string
+                                  namespace:
+                                    default: default
+                                    description: Namespace of the referenced object.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              region:
+                                description: Region is cloud provider's region. It
+                                  will override the region in the region field of
+                                  ProviderReference
+                                type: string
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -760,7 +883,25 @@ spec:
                                 enum:
                                 - hcl
                                 - json
+                                - remote
                                 type: string
+                              writeConnectionSecretToRef:
+                                description: WriteConnectionSecretToReference specifies
+                                  the namespace and name of a Secret to which any
+                                  connection details for this managed resource should
+                                  be written. Connection details frequently include
+                                  the endpoint, username, and password required to
+                                  connect to the managed resource.
+                                properties:
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: Namespace of the secret.
+                                    type: string
+                                required:
+                                - name
+                                type: object
                             required:
                             - configuration
                             type: object
@@ -996,6 +1137,35 @@ spec:
                               configuration:
                                 description: Configuration is Terraform Configuration
                                 type: string
+                              deleteResource:
+                                default: true
+                                description: DeleteResource will determine whether
+                                  provisioned cloud resources will be deleted when
+                                  CR is deleted
+                                type: boolean
+                              path:
+                                description: Path is the sub-directory of remote git
+                                  repository. It's valid when remote is set
+                                type: string
+                              providerRef:
+                                description: ProviderReference specifies the reference
+                                  to Provider
+                                properties:
+                                  name:
+                                    description: Name of the referenced object.
+                                    type: string
+                                  namespace:
+                                    default: default
+                                    description: Namespace of the referenced object.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              region:
+                                description: Region is cloud provider's region. It
+                                  will override the region in the region field of
+                                  ProviderReference
+                                type: string
                               type:
                                 default: hcl
                                 description: Type specifies which Terraform configuration
@@ -1003,7 +1173,25 @@ spec:
                                 enum:
                                 - hcl
                                 - json
+                                - remote
                                 type: string
+                              writeConnectionSecretToRef:
+                                description: WriteConnectionSecretToReference specifies
+                                  the namespace and name of a Secret to which any
+                                  connection details for this managed resource should
+                                  be written. Connection details frequently include
+                                  the endpoint, username, and password required to
+                                  connect to the managed resource.
+                                properties:
+                                  name:
+                                    description: Name of the secret.
+                                    type: string
+                                  namespace:
+                                    description: Namespace of the secret.
+                                    type: string
+                                required:
+                                - name
+                                type: object
                             required:
                             - configuration
                             type: object
@@ -1047,6 +1235,10 @@ spec:
                           - type
                           type: object
                         type: array
+                      configMapRef:
+                        description: ConfigMapRef refer to a ConfigMap which contains
+                          OpenAPI V3 JSON schema of Component parameters.
+                        type: string
                       latestRevision:
                         description: LatestRevision of the component definition
                         properties:

charts/vela-core/crds/core.oam.dev_envbindings.yaml

@@ -73,6 +73,10 @@ spec:
                             description: ApplicationComponent describe the component
                               of application
                             properties:
+                              dependsOn:
+                                items:
+                                  type: string
+                                type: array
                               externalRevision:
                                 description: ExternalRevision specified the component
                                   revisionName

charts/vela-core/crds/core.oam.dev_policydefinitions.yaml

@@ -151,6 +151,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -158,7 +185,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object

charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml

@@ -42,35 +42,17 @@ spec:
             properties:
               trackedResources:
                 items:
-                  description: 'ObjectReference contains enough information to let
-                    you inspect or modify the referred object. --- New uses of this
-                    type are discouraged because of difficulty describing its usage
-                    when embedded in APIs.  1. Ignored fields.  It includes many fields
-                    which are not generally honored.  For instance, ResourceVersion
-                    and FieldPath are both very rarely valid in actual usage.  2.
-                    Invalid usage help.  It is impossible to add specific help for
-                    individual usage.  In most embedded usages, there are particular     restrictions
-                    like, "must refer only to types A and B" or "UID not honored"
-                    or "name must be restricted".     Those cannot be well described
-                    when embedded.  3. Inconsistent validation.  Because the usages
-                    are different, the validation rules are different by usage, which
-                    makes it hard for users to predict what will happen.  4. The fields
-                    are both imprecise and overly precise.  Kind is not a precise
-                    mapping to a URL. This can produce ambiguity     during interpretation
-                    and require a REST mapping.  In most cases, the dependency is
-                    on the group,resource tuple     and the version of the actual
-                    struct is irrelevant.  5. We cannot easily change it.  Because
-                    this type is embedded in many locations, updates to this type     will
-                    affect numerous schemas.  Don''t make new APIs embed an underspecified
-                    API type they do not control. Instead of using this type, create
-                    a locally provided and used type that is well-focused on your
-                    reference. For example, ServiceReferences for admission registration:
-                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                    .'
+                  description: ClusterObjectReference defines the object reference
+                    with cluster.
                   properties:
                     apiVersion:
                       description: API version of the referent.
                       type: string
+                    cluster:
+                      type: string
+                    creator:
+                      description: ResourceCreatorRole defines the resource creator.
+                      type: string
                     fieldPath:
                       description: 'If referring to a piece of an object instead of
                         an entire object, this string should contain a valid JSON/Go

charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml

@@ -188,6 +188,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -195,7 +222,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object
@@ -453,6 +497,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -460,7 +531,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object

charts/vela-core/crds/core.oam.dev_workflows.yaml

@@ -1,348 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  name: workflows.core.oam.dev
-spec:
-  group: core.oam.dev
-  names:
-    categories:
-    - oam
-    kind: Workflow
-    listKind: WorkflowList
-    plural: workflows
-    shortNames:
-    - workflow
-    singular: workflow
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .status.phase
-      name: PHASE
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: AGE
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: Workflow is the Schema for the Workflow API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: A WorkflowSpec defines the desired state of a Workflow.
-            properties:
-              steps:
-                items:
-                  description: WorkflowStep defines how to execute a workflow step.
-                  properties:
-                    inputs:
-                      description: StepInputs defines variable input of WorkflowStep
-                      items:
-                        properties:
-                          from:
-                            type: string
-                          parameterKey:
-                            type: string
-                        required:
-                        - from
-                        - parameterKey
-                        type: object
-                      type: array
-                    name:
-                      description: Name is the unique name of the workflow step.
-                      type: string
-                    outputs:
-                      description: StepOutputs defines output variable of WorkflowStep
-                      items:
-                        properties:
-                          name:
-                            type: string
-                          valueFrom:
-                            type: string
-                        required:
-                        - name
-                        - valueFrom
-                        type: object
-                      type: array
-                    properties:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    type:
-                      type: string
-                  required:
-                  - name
-                  - type
-                  type: object
-                type: array
-            type: object
-          status:
-            description: A WorkflowStatus is the status of Workflow
-            properties:
-              conditions:
-                description: Conditions of the resource.
-                items:
-                  description: A Condition that may apply to a resource.
-                  properties:
-                    lastTransitionTime:
-                      description: LastTransitionTime is the last time this condition
-                        transitioned from one status to another.
-                      format: date-time
-                      type: string
-                    message:
-                      description: A Message containing details about this condition's
-                        last transition from one status to another, if any.
-                      type: string
-                    reason:
-                      description: A Reason for this condition's last transition from
-                        one status to another.
-                      type: string
-                    status:
-                      description: Status of this condition; is it currently True,
-                        False, or Unknown?
-                      type: string
-                    type:
-                      description: Type of this condition. At most one of each condition
-                        type may apply to a resource at any point in time.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              contextBackend:
-                description: 'ObjectReference contains enough information to let you
-                  inspect or modify the referred object. --- New uses of this type
-                  are discouraged because of difficulty describing its usage when
-                  embedded in APIs.  1. Ignored fields.  It includes many fields which
-                  are not generally honored.  For instance, ResourceVersion and FieldPath
-                  are both very rarely valid in actual usage.  2. Invalid usage help.  It
-                  is impossible to add specific help for individual usage.  In most
-                  embedded usages, there are particular     restrictions like, "must
-                  refer only to types A and B" or "UID not honored" or "name must
-                  be restricted".     Those cannot be well described when embedded.  3.
-                  Inconsistent validation.  Because the usages are different, the
-                  validation rules are different by usage, which makes it hard for
-                  users to predict what will happen.  4. The fields are both imprecise
-                  and overly precise.  Kind is not a precise mapping to a URL. This
-                  can produce ambiguity     during interpretation and require a REST
-                  mapping.  In most cases, the dependency is on the group,resource
-                  tuple     and the version of the actual struct is irrelevant.  5.
-                  We cannot easily change it.  Because this type is embedded in many
-                  locations, updates to this type     will affect numerous schemas.  Don''t
-                  make new APIs embed an underspecified API type they do not control.
-                  Instead of using this type, create a locally provided and used type
-                  that is well-focused on your reference. For example, ServiceReferences
-                  for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                  .'
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: 'If referring to a piece of an object instead of
-                      an entire object, this string should contain a valid JSON/Go
-                      field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within
-                      a pod, this would take on a value like: "spec.containers{name}"
-                      (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]"
-                      (container with index 2 in this pod). This syntax is chosen
-                      only to have some well-defined way of referencing a part of
-                      an object. TODO: this design is not final and this field is
-                      subject to change in the future.'
-                    type: string
-                  kind:
-                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                    type: string
-                  name:
-                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                    type: string
-                  namespace:
-                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                    type: string
-                  resourceVersion:
-                    description: 'Specific resourceVersion to which this reference
-                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                    type: string
-                  uid:
-                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                    type: string
-                type: object
-              observedGeneration:
-                format: int64
-                type: integer
-              stepIndex:
-                type: integer
-              steps:
-                items:
-                  description: WorkflowStepStatus record the status of a workflow
-                    step
-                  properties:
-                    message:
-                      description: A human readable message indicating details about
-                        why the workflowStep is in this state.
-                      type: string
-                    name:
-                      type: string
-                    phase:
-                      description: WorkflowStepPhase describes the phase of a workflow
-                        step.
-                      type: string
-                    reason:
-                      description: A brief CamelCase message indicating details about
-                        why the workflowStep is in this state.
-                      type: string
-                    resourceRef:
-                      description: 'ObjectReference contains enough information to
-                        let you inspect or modify the referred object. --- New uses
-                        of this type are discouraged because of difficulty describing
-                        its usage when embedded in APIs.  1. Ignored fields.  It includes
-                        many fields which are not generally honored.  For instance,
-                        ResourceVersion and FieldPath are both very rarely valid in
-                        actual usage.  2. Invalid usage help.  It is impossible to
-                        add specific help for individual usage.  In most embedded
-                        usages, there are particular     restrictions like, "must
-                        refer only to types A and B" or "UID not honored" or "name
-                        must be restricted".     Those cannot be well described when
-                        embedded.  3. Inconsistent validation.  Because the usages
-                        are different, the validation rules are different by usage,
-                        which makes it hard for users to predict what will happen.  4.
-                        The fields are both imprecise and overly precise.  Kind is
-                        not a precise mapping to a URL. This can produce ambiguity     during
-                        interpretation and require a REST mapping.  In most cases,
-                        the dependency is on the group,resource tuple     and the
-                        version of the actual struct is irrelevant.  5. We cannot
-                        easily change it.  Because this type is embedded in many locations,
-                        updates to this type     will affect numerous schemas.  Don''t
-                        make new APIs embed an underspecified API type they do not
-                        control. Instead of using this type, create a locally provided
-                        and used type that is well-focused on your reference. For
-                        example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                        .'
-                      properties:
-                        apiVersion:
-                          description: API version of the referent.
-                          type: string
-                        fieldPath:
-                          description: 'If referring to a piece of an object instead
-                            of an entire object, this string should contain a valid
-                            JSON/Go field access statement, such as desiredState.manifest.containers[2].
-                            For example, if the object reference is to a container
-                            within a pod, this would take on a value like: "spec.containers{name}"
-                            (where "name" refers to the name of the container that
-                            triggered the event) or if no container name is specified
-                            "spec.containers[2]" (container with index 2 in this pod).
-                            This syntax is chosen only to have some well-defined way
-                            of referencing a part of an object. TODO: this design
-                            is not final and this field is subject to change in the
-                            future.'
-                          type: string
-                        kind:
-                          description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                          type: string
-                        name:
-                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                          type: string
-                        namespace:
-                          description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                          type: string
-                        resourceVersion:
-                          description: 'Specific resourceVersion to which this reference
-                            is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                          type: string
-                        uid:
-                          description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                          type: string
-                      type: object
-                    type:
-                      type: string
-                  type: object
-                type: array
-              suspend:
-                type: boolean
-              terminated:
-                type: boolean
-            required:
-            - contextBackend
-            - suspend
-            - terminated
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: Workflow defines workflow steps and other attributes
-        properties:
-          steps:
-            items:
-              description: WorkflowStep defines how to execute a workflow step.
-              properties:
-                inputs:
-                  description: StepInputs defines variable input of WorkflowStep
-                  items:
-                    properties:
-                      from:
-                        type: string
-                      parameterKey:
-                        type: string
-                    required:
-                    - from
-                    - parameterKey
-                    type: object
-                  type: array
-                name:
-                  description: Name is the unique name of the workflow step.
-                  type: string
-                outputs:
-                  description: StepOutputs defines output variable of WorkflowStep
-                  items:
-                    properties:
-                      name:
-                        type: string
-                      valueFrom:
-                        type: string
-                    required:
-                    - name
-                    - valueFrom
-                    type: object
-                  type: array
-                properties:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                type:
-                  type: string
-              required:
-              - name
-              - type
-              type: object
-            type: array
-        type: object
-    served: true
-    storage: false
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/vela-core/crds/core.oam.dev_workflowstepdefinitions.yaml

@@ -148,6 +148,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -155,7 +182,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object
@@ -197,6 +241,10 @@ spec:
                   - type
                   type: object
                 type: array
+              configMapRef:
+                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
+                  V3 JSON schema of Component parameters.
+                type: string
               latestRevision:
                 description: LatestRevision of the component definition
                 properties:

charts/vela-core/crds/core.oam.dev_workloaddefinitions.yaml

@@ -193,6 +193,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -200,7 +227,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object
@@ -439,6 +483,33 @@ spec:
                       configuration:
                         description: Configuration is Terraform Configuration
                         type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      region:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
                       type:
                         default: hcl
                         description: Type specifies which Terraform configuration
@@ -446,7 +517,24 @@ spec:
                         enum:
                         - hcl
                         - json
+                        - remote
                         type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     required:
                     - configuration
                     type: object

charts/vela-core/templates/_helpers.tpl

@@ -51,11 +51,6 @@ app.kubernetes.io/name: {{ include "kubevela.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 
-{{- define "kubevela-apiserver.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "kubevela.name" . }}-apiserver
-app.kubernetes.io/instance: {{ .Release.Name }}-apiserver
-{{- end -}}
-
 {{- define "kubevela-cluster-gateway.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "kubevela.name" . }}-cluster-gateway
 app.kubernetes.io/instance: {{ .Release.Name }}-cluster-gateway

charts/vela-core/templates/addon_registry.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vela-addon-registry
+  namespace: vela-system
+data:
+  registries: '{
+  "KubeVela":{
+    "name": "KubeVela",
+    "oss": {
+      "end_point": "https://addons.kubevela.net",
+      "bucket": ""
+    }
+  }
+}'

charts/vela-core/templates/addons/istio.yaml

@@ -1,255 +1,254 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
         addons.oam.dev/description: istio Controller is a Kubernetes Controller for manage
           traffic.
       name: istio
-      namespace: istio-system
+      namespace: vela-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: istio
-            properties:
-              chart: istio
-              repoType: helm
-              url: https://getindata.github.io/helm-charts/
-              version: 1.11.1
-            type: helm
-          - name: canary-rollout
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: WorkflowStepDefinition
-              metadata:
-                name: canary-rollout
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: |-
-                      import ("vela/op")
+      components:
+      - name: ns-istio-system
+        properties:
+          apiVersion: v1
+          kind: Namespace
+          metadata:
+            name: istio-system
+        type: raw
+      - name: istio
+        properties:
+          chart: istio
+          repoType: helm
+          url: https://charts.kubevela.net/addons
+          version: 1.11.1
+        type: helm
+      - name: canary-rollout
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: WorkflowStepDefinition
+          metadata:
+            name: canary-rollout
+            namespace: vela-system
+          spec:
+            schematic:
+              cue:
+                template: |-
+                  import ("vela/op")
 
-                      parameter: {
-                              batchPartition: int
-                              traffic: weightedTargets: [...{
-                                      revision: string
-                                      weight:   int
+                  parameter: {
+                          batchPartition: int
+                          traffic: weightedTargets: [...{
+                                  revision: string
+                                  weight:   int
+                          }]
+                  }
+
+                  comps__: op.#Load
+                  compNames__: [ for name, c in comps__.value {name}]
+                  comp__: compNames__[0]
+
+                  apply: op.#ApplyComponent & {
+                          value: comps__.value[comp__]
+                          patch: {
+                                  traits: "rollout": {
+                                         spec: rolloutPlan: batchPartition: parameter.batchPartition
+                                  }
+
+                                  traits: "virtualService": {
+                                          spec:
+                                             // +patchStrategy=retainKeys
+                                             http: [
+                                                  {
+                                                          route: [
+                                                                  for i, t in parameter.traffic.weightedTargets {
+                                                                          destination: {
+                                                                                  host:   comp__
+                                                                                  subset: t.revision
+                                                                          }
+                                                                          weight: t.weight
+                                                                  }]
+                                                  },
+                                          ]
+                                  }
+
+                                  traits: "destinationRule": {
+                                           // +patchStrategy=retainKeys
+                                           spec: {
+                                             host: comp__
+                                             subsets: [
+                                                  for i, t in parameter.traffic.weightedTargets {
+                                                          name: t.revision
+                                                          labels: {"app.oam.dev/revision": t.revision}
+                                                  },
+                                          ]}
+                                  }
+                          }
+                  }
+
+                  applyRemaining: op.#ApplyRemaining & {
+                      exceptions: [comp__]
+                  }
+        type: raw
+      - name: istio-gateway
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: TraitDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: use istio to manage in-cluster traffic
+            name: istio-gateway
+            namespace: vela-system
+          spec:
+            appliesToWorkloads:
+            - deployments.apps
+            podDisruptive: true
+            schematic:
+              cue:
+                template: "\noutputs: gateway: {\n    apiVersion: \"networking.istio.io/v1alpha3\"\n
+                  \   kind: \"Gateway\"\n    metadata: {\n        name:      context.name\n
+                  \       namespace: context.namespace\n    }\n    spec: {\n      selector:
+                  {\n        istio: parameter.gateway\n      }\n      servers: [{\n         hosts:
+                  parameter.hosts\n         port: {\n              name: \"http\"\n              number:
+                  80\n              protocol: \"HTTP\"\n         }\n      }]\n    }\n}\n\noutputs:
+                  virtualService: {\n    apiVersion: \"networking.istio.io/v1alpha3\"\n
+                  \   kind: \"VirtualService\"\n    metadata: {\n         name:      context.name\n
+                  \        namespace: context.namespace\n    }\n    spec: {\n       gateways:
+                  [context.name]\n       hosts: parameter.hosts\n       http:[{\n       match:
+                  [ for i, u in parameter.match { uri: u} ]\n       route: [{destination:
+                  {\n           host: context.name\n           port: number: parameter.port\n
+                  \      }}]\n       }]\n    }\n}\n\nparameter: {\n    hosts: [string]\n
+                  \   gateway: *\"ingressgateway\"|string\n    match: [...#uri]\n    port:
+                  int\n}\n\n#uri: {\n   exact?: string\n   prefix?: string\n} \n"
+        type: raw
+      - name: canary-rollback
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: WorkflowStepDefinition
+          metadata:
+            name: canary-rollback
+            namespace: vela-system
+          spec:
+            schematic:
+              cue:
+                template: |-
+                  import ("vela/op")
+
+                  parameter: {...}
+
+                  comps: op.#Load
+                  compNames: [ for name, c in comps.value {name}]
+                  firstcomp: compNames[0]
+
+                  rolloutObj: op.#Read & {
+                    value: {
+                      apiVersion: "standard.oam.dev/v1alpha1"
+                      kind:       "Rollout"
+                      metadata: {
+                        name:      firstcomp
+                        namespace: context.namespace
+                      }
+                    }
+                  }
+
+                  _sourceRevision: rolloutObj.value.status.LastSourceRevision
+
+                  apply: op.#ApplyComponent & {
+                    value: comps.value[firstcomp]
+                    patch: {
+                      traits: "rollout": {
+                        spec: {
+                          targetRevisionName: _sourceRevision
+                        }
+                      }
+
+                      traits: "virtualService": {
+                        spec:
+                          // +patchStrategy=retainKeys
+                          http: [
+                            {
+                              route: [{
+                                destination: {
+                                  host:   firstcomp
+                                  subset: _sourceRevision
+                                }
+                                weight: 100
                               }]
+                            },
+                          ]
                       }
 
-                      comps__: op.#Load
-                      compNames__: [ for name, c in comps__.value {name}]
-                      comp__: compNames__[0]
-
-                      apply: op.#ApplyComponent & {
-                              value: comps__.value[comp__]
-                              patch: {
-                                      traits: "rollout": {
-                                             spec: rolloutPlan: batchPartition: parameter.batchPartition
-                                      }
-
-                                      traits: "virtualService": {
-                                              spec:
-                                                 // +patchStrategy=retainKeys
-                                                 http: [
-                                                      {
-                                                              route: [
-                                                                      for i, t in parameter.traffic.weightedTargets {
-                                                                              destination: {
-                                                                                      host:   comp__
-                                                                                      subset: t.revision
-                                                                              }
-                                                                              weight: t.weight
-                                                                      }]
-                                                      },
-                                              ]
-                                      }
-
-                                      traits: "destinationRule": {
-                                               // +patchStrategy=retainKeys
-                                               spec: {
-                                                 host: comp__
-                                                 subsets: [
-                                                      for i, t in parameter.traffic.weightedTargets {
-                                                              name: t.revision
-                                                              labels: {"app.oam.dev/revision": t.revision}
-                                                      },
-                                              ]}
-                                      }
-                              }
-                      }
-
-                      applyRemaining: op.#ApplyRemaining & {
-                          exceptions: [comp__]
-                      }
-            type: raw
-          - name: istio-gateway
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: TraitDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: use istio to manage in-cluster traffic
-                name: istio-gateway
-                namespace: vela-system
-              spec:
-                appliesToWorkloads:
-                - deployments.apps
-                podDisruptive: true
-                schematic:
-                  cue:
-                    template: "\noutputs: gateway: {\n    apiVersion: \"networking.istio.io/v1alpha3\"\n
-                      \   kind: \"Gateway\"\n    metadata: {\n        name:      context.name\n
-                      \       namespace: context.namespace\n    }\n    spec: {\n      selector:
-                      {\n        istio: parameter.gateway\n      }\n      servers: [{\n
-                      \        hosts: parameter.hosts\n         port: {\n              name:
-                      \"http\"\n              number: 80\n              protocol: \"HTTP\"\n
-                      \        }\n      }]\n    }\n}\n\noutputs: virtualService: {\n    apiVersion:
-                      \"networking.istio.io/v1alpha3\"\n    kind: \"VirtualService\"\n
-                      \   metadata: {\n         name:      context.name\n         namespace:
-                      context.namespace\n    }\n    spec: {\n       gateways: [context.name]\n
-                      \      hosts: parameter.hosts\n       http:[{\n       match: [ for
-                      i, u in parameter.match { uri: u} ]\n       route: [{destination:
-                      {\n           host: context.name\n           port: number: parameter.port\n
-                      \      }}]\n       }]\n    }\n}\n\nparameter: {\n    hosts: [string]\n
-                      \   gateway: *\"ingressgateway\"|string\n    match: [...#uri]\n
-                      \   port: int\n}\n\n#uri: {\n   exact?: string\n   prefix?: string\n}
-                      \n"
-            type: raw
-          - name: canary-rollback
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: WorkflowStepDefinition
-              metadata:
-                name: canary-rollback
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: |-
-                      import ("vela/op")
-
-                      parameter: {...}
-
-                      comps: op.#Load
-                      compNames: [ for name, c in comps.value {name}]
-                      firstcomp: compNames[0]
-
-                      rolloutObj: op.#Read & {
-                        value: {
-                          apiVersion: "standard.oam.dev/v1alpha1"
-                          kind:       "Rollout"
-                          metadata: {
-                            name:      firstcomp
-                            namespace: context.namespace
-                          }
+                      traits: "destinationRule": {
+                        // +patchStrategy=retainKeys
+                        spec: {
+                          host: firstcomp
+                          subsets: [
+                            {
+                              name: _sourceRevision
+                              labels: {"app.oam.dev/revision": _sourceRevision}
+                            },
+                          ]
                         }
                       }
+                    }
+                  }
 
-                      _sourceRevision: rolloutObj.value.status.LastSourceRevision
-
-                      apply: op.#ApplyComponent & {
-                        value: comps.value[firstcomp]
-                        patch: {
-                          traits: "rollout": {
-                            spec: {
-                              targetRevisionName: _sourceRevision
-                            }
-                          }
-
-                          traits: "virtualService": {
-                            spec:
-                              // +patchStrategy=retainKeys
-                              http: [
-                                {
-                                  route: [{
-                                    destination: {
-                                      host:   firstcomp
-                                      subset: _sourceRevision
-                                    }
-                                    weight: 100
-                                  }]
-                                },
-                              ]
-                          }
-
-                          traits: "destinationRule": {
-                            // +patchStrategy=retainKeys
-                            spec: {
-                              host: firstcomp
-                              subsets: [
-                                {
-                                  name: _sourceRevision
-                                  labels: {"app.oam.dev/revision": _sourceRevision}
-                                },
-                              ]
-                            }
-                          }
-                        }
-                      }
-
-                      applyRemaining: op.#ApplyRemaining & {
-                          exceptions: [firstcomp]
-                      }
-            type: raw
-          - name: canary-traffic
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: TraitDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: use istio to manage traffic
-                name: canary-traffic
-                namespace: vela-system
-              spec:
-                appliesToWorkloads:
-                - deployments.apps
-                podDisruptive: true
-                schematic:
-                  cue:
-                    template: "outputs: service: {\n\t\tapiVersion: \"v1\"\n\t\tkind:
-                      \      \"Service\"\n\t\tmetadata: name: context.name\n\t\tspec:
-                      {\n\t\t\tselector: \"app.oam.dev/component\": context.name\n\t\t\tports:
-                      [\n\t\t\t\tfor p in parameter.port {\n\t\t\t\t\tport:       p\n\t\t\t\t\ttargetPort:
-                      p\n\t\t\t\t},\n\t\t\t]\n\t\t\ttype: \"ClusterIP\"\n\t\t}\n}\n\noutputs:
-                      virtualService: {\n    apiVersion: \"networking.istio.io/v1alpha3\"\n
-                      \   kind: \"VirtualService\"\n    metadata: {\n        name:      context.name\n
-                      \       namespace: context.namespace\n    }\n    spec: {\n       hosts:
-                      [context.name]\n       http: [{route: [\n       {destination: {\n
-                      \         host: context.name\n          port: {number: parameter.port[0]}\n
-                      \      }}]}]\n    }\n}\n\noutputs: destinationRule: {\n       apiVersion:
-                      \"networking.istio.io/v1alpha3\"\n       kind: \"DestinationRule\"\n
-                      \      metadata: {\n           name:      context.name\n           namespace:
-                      context.namespace\n       }\n       spec: {\n          host: context.name\n
-                      \         subsets: [{\n             name: context.revision\n             labels:
-                      {\"app.oam.dev/revision\": context.revision}\n          }]\n       }\n}\n\nparameter:
-                      {\n   port: [int]\n} \n"
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
+                  applyRemaining: op.#ApplyRemaining & {
+                      exceptions: [firstcomp]
+                  }
+        type: raw
+      - name: canary-traffic
+        properties:
           apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
-      - ref:
-          apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: ns-istio-system
-          namespace: vela-system
-    status:
-      observedGeneration: 0
+          kind: TraitDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: use istio to manage traffic
+            name: canary-traffic
+            namespace: vela-system
+          spec:
+            appliesToWorkloads:
+            - deployments.apps
+            podDisruptive: true
+            schematic:
+              cue:
+                template: "outputs: service: {\n\t\tapiVersion: \"v1\"\n\t\tkind:       \"Service\"\n\t\tmetadata:
+                  name: context.name\n\t\tspec: {\n\t\t\tselector: \"app.oam.dev/component\":
+                  context.name\n\t\t\tports: [\n\t\t\t\tfor p in parameter.port {\n\t\t\t\t\tport:
+                  \      p\n\t\t\t\t\ttargetPort: p\n\t\t\t\t},\n\t\t\t]\n\t\t\ttype:
+                  \"ClusterIP\"\n\t\t}\n}\n\noutputs: virtualService: {\n    apiVersion:
+                  \"networking.istio.io/v1alpha3\"\n    kind: \"VirtualService\"\n    metadata:
+                  {\n        name:      context.name\n        namespace: context.namespace\n
+                  \   }\n    spec: {\n       hosts: [context.name]\n       http: [{route:
+                  [\n       {destination: {\n          host: context.name\n          port:
+                  {number: parameter.port[0]}\n       }}]}]\n    }\n}\n\noutputs: destinationRule:
+                  {\n       apiVersion: \"networking.istio.io/v1alpha3\"\n       kind:
+                  \"DestinationRule\"\n       metadata: {\n           name:      context.name\n
+                  \          namespace: context.namespace\n       }\n       spec: {\n
+                  \         host: context.name\n          subsets: [{\n             name:
+                  context.revision\n             labels: {\"app.oam.dev/revision\": context.revision}\n
+                  \         }]\n       }\n}\n\nparameter: {\n   port: [int]\n} \n"
+        type: raw
+      workflow:
+        steps:
+        - name: checking-depends-on
+          properties:
+            name: fluxcd
+            namespace: vela-system
+          type: depends-on-app
+        - name: apply-ns
+          properties:
+            component: ns-istio-system
+          type: apply-component
+        - name: apply-resources
+          type: apply-remaining
+    status: {}
+  detail: |-
+    # istio
+
+    This addon provides istio support for vela rollout.
 kind: ConfigMap
 metadata:
   annotations:

charts/vela-core/templates/addons/keda.yaml

@@ -1,45 +0,0 @@
-apiVersion: v1
-data:
-  initializer: |
-    apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
-    metadata:
-      annotations:
-        addons.oam.dev/description: KEDA is a Kubernetes-based Event Driven Autoscaler.
-      name: keda
-      namespace: vela-system
-    spec:
-      appTemplate:
-        spec:
-          components:
-          - name: keda
-            properties:
-              chart: keda
-              repoType: helm
-              url: https://kedacore.github.io/charts
-            type: helm
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
-          apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
-    status:
-      observedGeneration: 0
-kind: ConfigMap
-metadata:
-  annotations:
-    addons.oam.dev/description: KEDA is a Kubernetes-based Event Driven Autoscaler.
-    addons.oam.dev/name: keda
-  labels:
-    addons.oam.dev/type: keda
-  name: keda
-  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/kruise.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
         addons.oam.dev/description: Kruise is a Kubernetes extended suite for application
@@ -10,182 +10,170 @@ data:
       name: kruise
       namespace: vela-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: kruise
-            properties:
-              chart: ./charts/kruise/v0.9.0
-              git:
-                branch: master
-              repoType: git
-              url: https://github.com/openkruise/kruise
-              values:
-                featureGates: PreDownloadImageForInPlaceUpdate=true
-            type: helm
-          - name: cloneset
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: ComponentDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Describes long-running, scalable, containerized
-                    services that have a stable network endpoint to receive external network
-                    traffic from customers. If workload type is skipped for any service
-                    defined in Appfile, it will be defaulted to `webservice` type.
-                name: cloneset
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: "output: {\n\tapiVersion: \"apps.kruise.io/v1alpha1\"\n\tkind:
-                      \      \"CloneSet\"\n\tmetadata: labels: {\n\t\t\"app.oam.dev/component\":
-                      context.name\n\t}\n\tspec: {\n\t\tselector: matchLabels: {\n\t\t\t\"app.oam.dev/component\":
-                      context.name\n\t\t}\n\n\t\ttemplate: {\n\t\t\tmetadata: labels:
-                      {\n\t\t\t\t\"app.oam.dev/component\": context.name\n\t\t\t}\n\n\t\t\tspec:
-                      {\n\t\t\t\tcontainers: [{\n\t\t\t\t\tname:  context.name\n\t\t\t\t\timage:
-                      parameter.image\n\n\t\t\t\t\tif parameter.cmd != _|_ {\n\t\t\t\t\t\tcommand:
-                      parameter.cmd\n\t\t\t\t\t}\n\t\t\t\t\tif parameter.args != _|_ {\n\t\t\t\t\t\targs:
-                      parameter.args\n\t\t\t\t\t}\n\t\t\t\t\tif parameter.env != _|_ {\n\t\t\t\t\t\tenv:
-                      parameter.env\n\t\t\t\t\t}\n\n\t\t\t\t\tif context.config != _|_
-                      {\n\t\t\t\t\t\tenv: context.config\n\t\t\t\t\t}\n\n\t\t\t\t\tif
-                      parameter[\"imagePullPolicy\"] != _|_ {\n\t\t\t\t\t\timagePullPolicy:
-                      parameter.imagePullPolicy\n\t\t\t\t\t}\n\n\t\t\t\t\tports: [{\n\t\t\t\t\t\tcontainerPort:
-                      parameter.port\n\t\t\t\t\t}]\n\n\t\t\t\t\tif parameter[\"cpu\"]
-                      != _|_ {\n\t\t\t\t\t\tresources: {\n\t\t\t\t\t\t\tlimits: cpu:   parameter.cpu\n\t\t\t\t\t\t\trequests:
-                      cpu: parameter.cpu\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif parameter[\"memory\"]
-                      != _|_ {\n\t\t\t\t\t\tresources: {\n\t\t\t\t\t\t\tlimits: memory:
-                      \  parameter.memory\n\t\t\t\t\t\t\trequests: memory: parameter.memory\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tif
-                      parameter[\"livenessProbe\"] != _|_ {\n\t\t\t\t\t\tlivenessProbe:
-                      parameter.livenessProbe\n\t\t\t\t\t}\n\n\t\t\t\t\tif parameter[\"readinessProbe\"]
-                      != _|_ {\n\t\t\t\t\t\treadinessProbe: parameter.readinessProbe\n\t\t\t\t\t}\n\n\t\t\t\t\tlifecycle:
-                      {\n\t\t\t\t\t\tif parameter.postStart != _|_ {\n\t\t\t\t\t\t\tpostStart:
-                      exec: command: parameter.postStart\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif
-                      parameter.preStop != _|_ {\n\t\t\t\t\t\t\tpreStop: exec: command:
-                      parameter.preStop\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}]\n\t\t\t\tif
-                      parameter.hostAliases != _|_ {\n\t\t\t\t\thostAliases: parameter.hostAliases\n\t\t\t\t}\n\t\t\t\tif
-                      parameter[\"imagePullSecrets\"] != _|_ {\n\t\t\t\t\timagePullSecrets:
-                      [ for v in parameter.imagePullSecrets {name: v}]\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tif
-                      parameter.updateStrategyType != _|_ {\n\t\t\tupdateStrategy: {\n\t\t\t\ttype:
-                      parameter.updateStrategyType\n\t\t\t}\n\t\t}\n\t}\n}\nparameter:
-                      {\n\t// +usage=Which image would you like to use for your service\n\t//
-                      +short=i\n\timage: string\n\n\t// +usage=Specify image pull policy
-                      for your service\n\timagePullPolicy?: string\n\n\t// +usage=Specify
-                      image pull secrets for your service\n\timagePullSecrets?: [...string]\n\n\t//
-                      +usage=Number of CPU units for the service, like `0.5` (0.5 CPU
-                      core), `1` (1 CPU core)\n\tcpu?: string\n\n\t// +usage=Specify the
-                      amount of memory to limit\n\tmemory?: *\"2048Mi\" | =~\"^([1-9][0-9]{0,63})(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)$\"\n\n\t//
-                      +usage=Commands to run in the container\n\tcmd?: [...string]\n\n\t//
-                      +usage=Arguments to the command.\n\targs?: [...string]\n\n\t// +usage=postStart
-                      commands will be called immediately after a container is created.\n\tpostStart?:
-                      [...string]\n\n\t// +usage=PreStop is called immediately before
-                      a container is terminated due to an API request or management event
-                      such as liveness/startup probe failure, preemption, resource contention,
-                      etc. The handler is not called if the container crashes or exits.
-                      The reason for termination is passed to the handler. The Pod's termination
-                      grace period countdown begins before the PreStop hooked is executed.
-                      Regardless of the outcome of the handler, the container will eventually
-                      terminate within the Pod's termination grace period. Other management
-                      of the container blocks until the hook completes or until the termination
-                      grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks\n\tpreStop?:
-                      [...string]\n\n\t// +usage=Which port do you want customer traffic
-                      sent to\n\t// +short=p\n\tport: *80 | int\n\n\t// +usage=Define
-                      arguments by using environment variables\n\tenv?: [...#ENV]\n\n\t//
-                      +usage=Cloneset updateStrategy, candidates are `ReCreate`/`InPlaceIfPossible`/`InPlaceOnly`\n\tupdateStrategyType?:
-                      string\n\n\t// +usage=HostAliases is a list of hosts and IPs that
-                      will be write into the pod's hosts file\n\thostAliases?: [...{\n\t\thostnames:
-                      [...string]\n\t\tip: string\n\t}]\n\n\t// +usage=Instructions for
-                      assessing whether the container is alive.\n\tlivenessProbe?: #HealthProbe\n\n\t//
-                      +usage=Instructions for assessing whether the container is in a
-                      suitable state to serve traffic.\n\treadinessProbe?: #HealthProbe\n}\n\n#ENV:
-                      {\n\t// +usage=Environment variable name\n\tname: string\n\t// +usage=The
-                      value of the environment variable\n\tvalue?: string\n\t// +usage=Specifies
-                      a source the value of this var should come from\n\tvalueFrom?: {\n\t\t//
-                      +usage=Selects a key of a secret in the pod's namespace\n\t\tsecretKeyRef:
-                      {\n\t\t\t// +usage=The name of the secret in the pod's namespace
-                      to select from\n\t\t\tname: string\n\t\t\t// +usage=The key of the
-                      secret to select from. Must be a valid secret key\n\t\t\tkey: string\n\t\t}\n\t}\n}\n\n#HealthProbe:
-                      {\n\n\t// +usage=Instructions for assessing container health by
-                      executing a command. Either this attribute or the httpGet attribute
-                      or the tcpSocket attribute MUST be specified. This attribute is
-                      mutually exclusive with both the httpGet attribute and the tcpSocket
-                      attribute.\n\texec?: {\n\t\t// +usage=A command to be executed inside
-                      the container to assess its health. Each space delimited token of
-                      the command is a separate array element. Commands exiting 0 are
-                      considered to be successful probes, whilst all other exit codes
-                      are considered failures.\n\t\tcommand: [...string]\n\t}\n\n\t//
-                      +usage=Instructions for assessing container health by executing
-                      an HTTP GET request. Either this attribute or the exec attribute
-                      or the tcpSocket attribute MUST be specified. This attribute is
-                      mutually exclusive with both the exec attribute and the tcpSocket
-                      attribute.\n\thttpGet?: {\n\t\t// +usage=The endpoint, relative
-                      to the port, to which the HTTP GET request should be directed.\n\t\tpath:
-                      string\n\t\t// +usage=The TCP socket within the container to which
-                      the HTTP GET request should be directed.\n\t\tport: int\n\t\thttpHeaders?:
-                      [...{\n\t\t\tname:  string\n\t\t\tvalue: string\n\t\t}]\n\t}\n\n\t//
-                      +usage=Instructions for assessing container health by probing a
-                      TCP socket. Either this attribute or the exec attribute or the httpGet
-                      attribute MUST be specified. This attribute is mutually exclusive
-                      with both the exec attribute and the httpGet attribute.\n\ttcpSocket?:
-                      {\n\t\t// +usage=The TCP socket within the container that should
-                      be probed to assess container health.\n\t\tport: int\n\t}\n\n\t//
-                      +usage=Number of seconds after the container is started before the
-                      first probe is initiated.\n\tinitialDelaySeconds: *0 | int\n\n\t//
-                      +usage=How often, in seconds, to execute the probe.\n\tperiodSeconds:
-                      *10 | int\n\n\t// +usage=Number of seconds after which the probe
-                      times out.\n\ttimeoutSeconds: *1 | int\n\n\t// +usage=Minimum consecutive
-                      successes for the probe to be considered successful after having
-                      failed.\n\tsuccessThreshold: *1 | int\n\n\t// +usage=Number of consecutive
-                      failures required to determine the container is not alive (liveness
-                      probe) or not ready (readiness probe).\n\tfailureThreshold: *3 |
-                      int\n} \n"
-                workload:
-                  definition:
-                    apiVersion: apps.kruise.io/v1alpha1
-                    kind: CloneSet
-            type: raw
-          - name: predownloadimage
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: WorkflowStepDefinition
-              metadata:
-                name: predownloadimage
-              spec:
-                schematic:
-                  cue:
-                    template: "import (\"vela/op\")\nparameter: {\n  image: string\n  parallel:
-                      int\n  kvs: [string]: string\n  type: *\"Always\" | string\n  activeDeadlineSeconds:
-                      *1200 | int\n  ttlSecondsAfterFinished: *300 | int\n  backoffLimit?:
-                      int\n  timeoutSeconds?: int\n  arr: [...string]\n}\n\npullImageJob:
-                      op.#Apply & {\n  value:{\n    apiVersion: \"apps.kruise.io/v1alpha1\"\n
-                      \   kind:       \"ImagePullJob\"\n    metadata: {\n      name: \"pull-image-job\"\n
-                      \   }\n    spec: {\n      image: parameter.image\n      parallelism:
-                      parameter.parallel\n      selector: matchLabels: parameter.kvs\n
-                      \     completionPolicy: {\n        type: parameter.type\n        activeDeadlineSeconds:
-                      parameter.activeDeadlineSeconds\n        ttlSecondsAfterFinished:
-                      parameter.ttlSecondsAfterFinished\n      }\n      pullPolicy: {\n
-                      \       if parameter.backoffLimit != _|_ {\n          backoffLimit:
-                      parameter.backoffLimit\n        }\n        if parameter.timeoutSeconds
-                      != _|_ {\n          timeoutSeconds: parameter.timeoutSeconds\n        }\n
-                      \     }\n      pullSecrets: parameter.arr\n    }            \n  }
-                      \         \n} \n"
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
+      components:
+      - name: kruise
+        properties:
+          chart: ./charts/kruise/v0.9.0
+          git:
+            branch: master
+          repoType: git
+          url: https://github.com/openkruise/kruise
+          values:
+            featureGates: PreDownloadImageForInPlaceUpdate=true
+        type: helm
+      - name: cloneset
+        properties:
           apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
-    status:
-      observedGeneration: 0
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Describes long-running, scalable, containerized
+                services that have a stable network endpoint to receive external network
+                traffic from customers. If workload type is skipped for any service defined
+                in Appfile, it will be defaulted to `webservice` type.
+            name: cloneset
+            namespace: vela-system
+          spec:
+            schematic:
+              cue:
+                template: "output: {\n\tapiVersion: \"apps.kruise.io/v1alpha1\"\n\tkind:
+                  \      \"CloneSet\"\n\tmetadata: labels: {\n\t\t\"app.oam.dev/component\":
+                  context.name\n\t}\n\tspec: {\n\t\tselector: matchLabels: {\n\t\t\t\"app.oam.dev/component\":
+                  context.name\n\t\t}\n\n\t\ttemplate: {\n\t\t\tmetadata: labels: {\n\t\t\t\t\"app.oam.dev/component\":
+                  context.name\n\t\t\t}\n\n\t\t\tspec: {\n\t\t\t\tcontainers: [{\n\t\t\t\t\tname:
+                  \ context.name\n\t\t\t\t\timage: parameter.image\n\n\t\t\t\t\tif parameter.cmd
+                  != _|_ {\n\t\t\t\t\t\tcommand: parameter.cmd\n\t\t\t\t\t}\n\t\t\t\t\tif
+                  parameter.args != _|_ {\n\t\t\t\t\t\targs: parameter.args\n\t\t\t\t\t}\n\t\t\t\t\tif
+                  parameter.env != _|_ {\n\t\t\t\t\t\tenv: parameter.env\n\t\t\t\t\t}\n\n\t\t\t\t\tif
+                  context.config != _|_ {\n\t\t\t\t\t\tenv: context.config\n\t\t\t\t\t}\n\n\t\t\t\t\tif
+                  parameter[\"imagePullPolicy\"] != _|_ {\n\t\t\t\t\t\timagePullPolicy:
+                  parameter.imagePullPolicy\n\t\t\t\t\t}\n\n\t\t\t\t\tports: [{\n\t\t\t\t\t\tcontainerPort:
+                  parameter.port\n\t\t\t\t\t}]\n\n\t\t\t\t\tif parameter[\"cpu\"] != _|_
+                  {\n\t\t\t\t\t\tresources: {\n\t\t\t\t\t\t\tlimits: cpu:   parameter.cpu\n\t\t\t\t\t\t\trequests:
+                  cpu: parameter.cpu\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif parameter[\"memory\"]
+                  != _|_ {\n\t\t\t\t\t\tresources: {\n\t\t\t\t\t\t\tlimits: memory:   parameter.memory\n\t\t\t\t\t\t\trequests:
+                  memory: parameter.memory\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tif
+                  parameter[\"livenessProbe\"] != _|_ {\n\t\t\t\t\t\tlivenessProbe: parameter.livenessProbe\n\t\t\t\t\t}\n\n\t\t\t\t\tif
+                  parameter[\"readinessProbe\"] != _|_ {\n\t\t\t\t\t\treadinessProbe:
+                  parameter.readinessProbe\n\t\t\t\t\t}\n\n\t\t\t\t\tlifecycle: {\n\t\t\t\t\t\tif
+                  parameter.postStart != _|_ {\n\t\t\t\t\t\t\tpostStart: exec: command:
+                  parameter.postStart\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif parameter.preStop
+                  != _|_ {\n\t\t\t\t\t\t\tpreStop: exec: command: parameter.preStop\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}]\n\t\t\t\tif
+                  parameter.hostAliases != _|_ {\n\t\t\t\t\thostAliases: parameter.hostAliases\n\t\t\t\t}\n\t\t\t\tif
+                  parameter[\"imagePullSecrets\"] != _|_ {\n\t\t\t\t\timagePullSecrets:
+                  [ for v in parameter.imagePullSecrets {name: v}]\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tif
+                  parameter.updateStrategyType != _|_ {\n\t\t\tupdateStrategy: {\n\t\t\t\ttype:
+                  parameter.updateStrategyType\n\t\t\t}\n\t\t}\n\t}\n}\nparameter: {\n\t//
+                  +usage=Which image would you like to use for your service\n\t// +short=i\n\timage:
+                  string\n\n\t// +usage=Specify image pull policy for your service\n\timagePullPolicy?:
+                  string\n\n\t// +usage=Specify image pull secrets for your service\n\timagePullSecrets?:
+                  [...string]\n\n\t// +usage=Number of CPU units for the service, like
+                  `0.5` (0.5 CPU core), `1` (1 CPU core)\n\tcpu?: string\n\n\t// +usage=Specify
+                  the amount of memory to limit\n\tmemory?: *\"2048Mi\" | =~\"^([1-9][0-9]{0,63})(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)$\"\n\n\t//
+                  +usage=Commands to run in the container\n\tcmd?: [...string]\n\n\t//
+                  +usage=Arguments to the command.\n\targs?: [...string]\n\n\t// +usage=postStart
+                  commands will be called immediately after a container is created.\n\tpostStart?:
+                  [...string]\n\n\t// +usage=PreStop is called immediately before a container
+                  is terminated due to an API request or management event such as liveness/startup
+                  probe failure, preemption, resource contention, etc. The handler is
+                  not called if the container crashes or exits. The reason for termination
+                  is passed to the handler. The Pod's termination grace period countdown
+                  begins before the PreStop hooked is executed. Regardless of the outcome
+                  of the handler, the container will eventually terminate within the Pod's
+                  termination grace period. Other management of the container blocks until
+                  the hook completes or until the termination grace period is reached.
+                  More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks\n\tpreStop?:
+                  [...string]\n\n\t// +usage=Which port do you want customer traffic sent
+                  to\n\t// +short=p\n\tport: *80 | int\n\n\t// +usage=Define arguments
+                  by using environment variables\n\tenv?: [...#ENV]\n\n\t// +usage=Cloneset
+                  updateStrategy, candidates are `ReCreate`/`InPlaceIfPossible`/`InPlaceOnly`\n\tupdateStrategyType?:
+                  string\n\n\t// +usage=HostAliases is a list of hosts and IPs that will
+                  be write into the pod's hosts file\n\thostAliases?: [...{\n\t\thostnames:
+                  [...string]\n\t\tip: string\n\t}]\n\n\t// +usage=Instructions for assessing
+                  whether the container is alive.\n\tlivenessProbe?: #HealthProbe\n\n\t//
+                  +usage=Instructions for assessing whether the container is in a suitable
+                  state to serve traffic.\n\treadinessProbe?: #HealthProbe\n}\n\n#ENV:
+                  {\n\t// +usage=Environment variable name\n\tname: string\n\t// +usage=The
+                  value of the environment variable\n\tvalue?: string\n\t// +usage=Specifies
+                  a source the value of this var should come from\n\tvalueFrom?: {\n\t\t//
+                  +usage=Selects a key of a secret in the pod's namespace\n\t\tsecretKeyRef:
+                  {\n\t\t\t// +usage=The name of the secret in the pod's namespace to
+                  select from\n\t\t\tname: string\n\t\t\t// +usage=The key of the secret
+                  to select from. Must be a valid secret key\n\t\t\tkey: string\n\t\t}\n\t}\n}\n\n#HealthProbe:
+                  {\n\n\t// +usage=Instructions for assessing container health by executing
+                  a command. Either this attribute or the httpGet attribute or the tcpSocket
+                  attribute MUST be specified. This attribute is mutually exclusive with
+                  both the httpGet attribute and the tcpSocket attribute.\n\texec?: {\n\t\t//
+                  +usage=A command to be executed inside the container to assess its health.
+                  Each space delimited token of the command is a separate array element.
+                  Commands exiting 0 are considered to be successful probes, whilst all
+                  other exit codes are considered failures.\n\t\tcommand: [...string]\n\t}\n\n\t//
+                  +usage=Instructions for assessing container health by executing an HTTP
+                  GET request. Either this attribute or the exec attribute or the tcpSocket
+                  attribute MUST be specified. This attribute is mutually exclusive with
+                  both the exec attribute and the tcpSocket attribute.\n\thttpGet?: {\n\t\t//
+                  +usage=The endpoint, relative to the port, to which the HTTP GET request
+                  should be directed.\n\t\tpath: string\n\t\t// +usage=The TCP socket
+                  within the container to which the HTTP GET request should be directed.\n\t\tport:
+                  int\n\t\thttpHeaders?: [...{\n\t\t\tname:  string\n\t\t\tvalue: string\n\t\t}]\n\t}\n\n\t//
+                  +usage=Instructions for assessing container health by probing a TCP
+                  socket. Either this attribute or the exec attribute or the httpGet attribute
+                  MUST be specified. This attribute is mutually exclusive with both the
+                  exec attribute and the httpGet attribute.\n\ttcpSocket?: {\n\t\t// +usage=The
+                  TCP socket within the container that should be probed to assess container
+                  health.\n\t\tport: int\n\t}\n\n\t// +usage=Number of seconds after the
+                  container is started before the first probe is initiated.\n\tinitialDelaySeconds:
+                  *0 | int\n\n\t// +usage=How often, in seconds, to execute the probe.\n\tperiodSeconds:
+                  *10 | int\n\n\t// +usage=Number of seconds after which the probe times
+                  out.\n\ttimeoutSeconds: *1 | int\n\n\t// +usage=Minimum consecutive
+                  successes for the probe to be considered successful after having failed.\n\tsuccessThreshold:
+                  *1 | int\n\n\t// +usage=Number of consecutive failures required to determine
+                  the container is not alive (liveness probe) or not ready (readiness
+                  probe).\n\tfailureThreshold: *3 | int\n} \n"
+            workload:
+              definition:
+                apiVersion: apps.kruise.io/v1alpha1
+                kind: CloneSet
+        type: raw
+      - name: predownloadimage
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: WorkflowStepDefinition
+          metadata:
+            name: predownloadimage
+          spec:
+            schematic:
+              cue:
+                template: "import (\"vela/op\")\nparameter: {\n  image: string\n  parallel:
+                  int\n  kvs: [string]: string\n  type: *\"Always\" | string\n  activeDeadlineSeconds:
+                  *1200 | int\n  ttlSecondsAfterFinished: *300 | int\n  backoffLimit?:
+                  int\n  timeoutSeconds?: int\n  arr: [...string]\n}\n\npullImageJob:
+                  op.#Apply & {\n  value:{\n    apiVersion: \"apps.kruise.io/v1alpha1\"\n
+                  \   kind:       \"ImagePullJob\"\n    metadata: {\n      name: \"pull-image-job\"\n
+                  \   }\n    spec: {\n      image: parameter.image\n      parallelism:
+                  parameter.parallel\n      selector: matchLabels: parameter.kvs\n      completionPolicy:
+                  {\n        type: parameter.type\n        activeDeadlineSeconds: parameter.activeDeadlineSeconds\n
+                  \       ttlSecondsAfterFinished: parameter.ttlSecondsAfterFinished\n
+                  \     }\n      pullPolicy: {\n        if parameter.backoffLimit != _|_
+                  {\n          backoffLimit: parameter.backoffLimit\n        }\n        if
+                  parameter.timeoutSeconds != _|_ {\n          timeoutSeconds: parameter.timeoutSeconds\n
+                  \       }\n      }\n      pullSecrets: parameter.arr\n    }            \n
+                  \ }          \n} \n"
+        type: raw
+      workflow:
+        steps:
+        - name: checking-depends-on
+          properties:
+            name: fluxcd
+            namespace: vela-system
+          type: depends-on-app
+        - name: apply-resources
+          type: apply-application
+    status: {}
+  detail: |-
+    # kruise
+
+    This addon provides [open-kruise](https://github.com/openkruise/kruise) workload.
 kind: ConfigMap
 metadata:
   annotations:

charts/vela-core/templates/addons/ns-flux-system.yaml

@@ -1,40 +0,0 @@
-apiVersion: v1
-data:
-  initializer: |
-    apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
-    metadata:
-      annotations:
-        addons.oam.dev/description: Create namespace for flux-system
-      name: ns-flux-system
-      namespace: vela-system
-    spec:
-      appTemplate:
-        spec:
-          components:
-          - name: flux-system
-            properties:
-              apiVersion: v1
-              kind: Namespace
-              metadata:
-                name: flux-system
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-    status:
-      observedGeneration: 0
-kind: ConfigMap
-metadata:
-  annotations:
-    addons.oam.dev/description: Create namespace for flux-system
-    addons.oam.dev/name: ns-flux-system
-  labels:
-    addons.oam.dev/type: ns-flux-system
-  name: ns-flux-system
-  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/ns-istio-system.yaml

@@ -1,40 +0,0 @@
-apiVersion: v1
-data:
-  initializer: |
-    apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
-    metadata:
-      annotations:
-        addons.oam.dev/description: Create namespace for istio-system
-      name: ns-istio-system
-      namespace: vela-system
-    spec:
-      appTemplate:
-        spec:
-          components:
-          - name: istio-system
-            properties:
-              apiVersion: v1
-              kind: Namespace
-              metadata:
-                name: istio-system
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-    status:
-      observedGeneration: 0
-kind: ConfigMap
-metadata:
-  annotations:
-    addons.oam.dev/description: Create namespace for istio-system
-    addons.oam.dev/name: ns-istio-system
-  labels:
-    addons.oam.dev/type: ns-istio-system
-  name: ns-istio-system
-  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/observability-asset.yaml

@@ -1,128 +0,0 @@
-apiVersion: v1
-data:
-  initializer: |
-    apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
-    metadata:
-      annotations:
-        addons.oam.dev/description: Preparations that observability need
-      name: observability-asset
-      namespace: vela-system
-    spec:
-      appTemplate:
-        spec:
-          components:
-          - name: observability
-            properties:
-              apiVersion: v1
-              kind: Namespace
-              metadata:
-                name: observability
-            type: raw
-          - name: import-grafana-dashboard
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: TraitDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Import dashboards to Grafana
-                name: import-grafana-dashboard
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: "outputs: registerdatasource: {\n\tapiVersion: \"grafana.extension.oam.dev/v1alpha1\"\n\tkind:
-                      \      \"ImportDashboard\"\n\tspec: {\n\t\tgrafana: {\n\t\t\tservice:
-                      \                  parameter.grafanaServiceName\n\t\t\tnamespace:
-                      \                parameter.grafanaServiceNamespace\n\t\t\tcredentialSecret:
-                      \         parameter.credentialSecret\n\t\t\tcredentialSecretNamespace:
-                      parameter.credentialSecretNamespace\n\t\t}\n\t\turls: parameter.urls\n\t}\n}\nparameter:
-                      {\n\tgrafanaServiceName:        string\n\tgrafanaServiceNamespace:
-                      \  *\"default\" | string\n\tcredentialSecret:          string\n\tcredentialSecretNamespace:
-                      *\"default\" | string\n\turls: [...string]\n} \n"
-            type: raw
-          - name: pure-ingress
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: TraitDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Enable public web traffic for the component
-                    without creating a Service.
-                name: pure-ingress
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: "\noutputs: ingress: {\n\tapiVersion: \"networking.k8s.io/v1beta1\"\n\tkind:
-                      \      \"Ingress\"\n\tmetadata:\n\t\tname: context.name\n\tspec:
-                      {\n\t\trules: [{\n\t\t\thost: parameter.domain\n\t\t\thttp: {\n\t\t\t\tpaths:
-                      [\n\t\t\t\t\tfor k, v in parameter.http {\n\t\t\t\t\t\tpath: k\n\t\t\t\t\t\tbackend:
-                      {\n\t\t\t\t\t\t\tserviceName: context.name\n\t\t\t\t\t\t\tservicePort:
-                      v\n\t\t\t\t\t\t}\n\t\t\t\t\t},\n\t\t\t\t]\n\t\t\t}\n\t\t}]\n\t}\n}\n\nparameter:
-                      {\n\t// +usage=Specify the domain you want to expose\n\tdomain:
-                      string\n\n\t// +usage=Specify the mapping relationship between the
-                      http path and the workload port\n\thttp: [string]: int\n}\n"
-                status:
-                  customStatus: |-
-                    let igs = context.outputs.ingress.status.loadBalancer.ingress
-                    if igs == _|_ {
-                      message: "No loadBalancer found, visiting by using 'vela port-forward " + context.appName + " --route'\n"
-                    }
-                    if len(igs) > 0 {
-                      if igs[0].ip != _|_ {
-                        message: "Visiting URL: " + context.outputs.ingress.spec.rules[0].host + ", IP: " + igs[0].ip
-                      }
-                      if igs[0].ip == _|_ {
-                        message: "Visiting URL: " + context.outputs.ingress.spec.rules[0].host
-                      }
-                    }
-                  healthPolicy: |
-                    isHealth: len(context.outputs.ingress.status.loadBalancer.ingress) > 0
-            type: raw
-          - name: register-grafana-datasource
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: TraitDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Add a datasource to Grafana
-                name: register-grafana-datasource
-                namespace: vela-system
-              spec:
-                schematic:
-                  cue:
-                    template: "outputs: registerdatasource: {\n\tapiVersion: \"grafana.extension.oam.dev/v1alpha1\"\n\tkind:
-                      \      \"DatasourceRegistration\"\n\tspec: {\n\t\tgrafana: {\n\t\t\tservice:
-                      \                  parameter.grafanaServiceName\n\t\t\tnamespace:
-                      \                parameter.grafanaServiceNamespace\n\t\t\tcredentialSecret:
-                      \         parameter.credentialSecret\n\t\t\tcredentialSecretNamespace:
-                      parameter.credentialSecretNamespace\n\t\t}\n\t\tdatasource: {\n\t\t\tname:
-                      \     parameter.name\n\t\t\ttype:      parameter.type\n\t\t\taccess:
-                      \   parameter.access\n\t\t\tservice:   parameter.service\n\t\t\tnamespace:
-                      parameter.namespace\n\t\t}\n\t}\n}\n\nparameter: {\n\tgrafanaServiceName:
-                      \       string\n\tgrafanaServiceNamespace:   *\"default\" | string\n\tcredentialSecret:
-                      \         string\n\tcredentialSecretNamespace: string\n\tname:                      string\n\ttype:
-                      \                     string\n\taccess:                    *\"proxy\"
-                      | string\n\tservice:                   string\n\tnamespace:                 *\"default\"
-                      | string\n}\n"
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-    status:
-      observedGeneration: 0
-kind: ConfigMap
-metadata:
-  annotations:
-    addons.oam.dev/description: Preparations that observability need
-    addons.oam.dev/name: observability-asset
-  labels:
-    addons.oam.dev/type: observability-asset
-  name: observability-asset
-  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/observability.yaml

@@ -1,141 +1,131 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
         addons.oam.dev/description: An out of the box solution for KubeVela observability
       name: observability
-      namespace: observability
+      namespace: vela-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: grafana-registration
-            properties:
-              chart: ./chart
-              git:
-                branch: master
-              repoType: git
-              targetNamespace: observability
-              url: https://github.com/oam-dev/grafana-registration
-              values:
-                replicaCount: 1
-            type: helm
-          - name: grafana
-            properties:
-              chart: grafana
-              releaseName: grafana
-              repoType: helm
-              targetNamespace: observability
-              url: https://charts.kubevela.net/addons
-              version: 6.14.1
-            traits:
-            - properties:
-                domain: '[[ index .Args "grafana-domain" ]]'
-                http:
-                  /: 80
-              type: pure-ingress
-            - properties:
-                credentialSecret: grafana
-                credentialSecretNamespace: observability
-                grafanaServiceName: grafana
-                grafanaServiceNamespace: observability
-                urls:
-                - https://charts.kubevela.net/addons/dashboards/kubevela_core_logging.json
-                - https://charts.kubevela.net/addons/dashboards/kubevela_core_monitoring.json
-                - https://charts.kubevela.net/addons/dashboards/kubevela_application_logging.json
-                - https://charts.kubevela.net/addons/dashboards/flux2/cluster.json
-              type: import-grafana-dashboard
-            type: helm
-          - name: loki
-            properties:
-              chart: loki-stack
-              releaseName: loki
-              repoType: helm
-              targetNamespace: observability
-              url: https://charts.kubevela.net/addons
-              version: 2.4.1
-            traits:
-            - properties:
-                access: proxy
-                credentialSecret: grafana
-                credentialSecretNamespace: observability
-                grafanaServiceName: grafana
-                grafanaServiceNamespace: observability
-                name: loki
-                namespace: observability
-                service: loki
-                type: loki
-              type: register-grafana-datasource
-            type: helm
-          - name: prometheus-server
-            properties:
-              chart: prometheus
-              releaseName: prometheus
-              repoType: helm
-              targetNamespace: observability
-              url: https://charts.kubevela.net/addons
-              values:
-                alertmanager:
-                  persistentVolume:
-                    enabled: '[[ index .Args "alertmanager-pvc-enabled" | default "true"
-                      ]]'
-                    size: '[[ index .Args "alertmanager-pvc-size" | default "20Gi" ]]'
-                    storageClass: '[[ index .Args "alertmanager-pvc-class" ]]'
-                server:
-                  persistentVolume:
-                    enabled: '[[ index .Args "server-pvc-enabled" | default "true" ]]'
-                    size: '[[ index .Args "server-pvc-size" | default "20Gi" ]]'
-                    storageClass: '[[ index .Args "server-pvc-class" ]]'
-              version: 14.4.1
-            traits:
-            - properties:
-                access: proxy
-                credentialSecret: grafana
-                credentialSecretNamespace: observability
-                grafanaServiceName: grafana
-                grafanaServiceNamespace: observability
-                name: prometheus
-                namespace: observability
-                service: prometheus-server
-                type: prometheus
-              type: register-grafana-datasource
-            type: helm
-          - name: kube-state-metrics
-            properties:
-              chart: kube-state-metrics
-              repoType: helm
-              targetNamespace: observability
-              url: https://charts.kubevela.net/addons
-              values:
-                image:
-                  repository: oamdev/kube-state-metrics
-                  tag: v2.1.0
-              version: 3.4.1
-            type: helm
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
-          apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
-      - ref:
-          apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: observability-asset
-          namespace: vela-system
-    status:
-      observedGeneration: 0
+      components:
+      - name: grafana-registration
+        properties:
+          chart: ./chart
+          git:
+            branch: master
+          repoType: git
+          targetNamespace: vela-system
+          url: https://github.com/oam-dev/grafana-registration
+          values:
+            replicaCount: 1
+        type: helm
+      - name: grafana
+        properties:
+          chart: grafana
+          releaseName: grafana
+          repoType: helm
+          targetNamespace: vela-system
+          url: https://charts.kubevela.net/addons
+          version: 6.14.1
+        traits:
+        - properties:
+            domain: '[[ index .Args "grafana-domain" ]]'
+            http:
+              /: 80
+          type: pure-ingress
+        - properties:
+            credentialSecret: grafana
+            credentialSecretNamespace: vela-system
+            grafanaServiceName: grafana
+            grafanaServiceNamespace: vela-system
+            urls:
+            - https://charts.kubevela.net/addons/dashboards/kubevela_core_logging.json
+            - https://charts.kubevela.net/addons/dashboards/kubevela_core_monitoring.json
+            - https://charts.kubevela.net/addons/dashboards/kubevela_application_logging.json
+            - https://charts.kubevela.net/addons/dashboards/flux2/cluster.json
+          type: import-grafana-dashboard
+        type: helm
+      - name: loki
+        properties:
+          chart: loki-stack
+          releaseName: loki
+          repoType: helm
+          targetNamespace: vela-system
+          url: https://charts.kubevela.net/addons
+          version: 2.4.1
+        traits:
+        - properties:
+            access: proxy
+            credentialSecret: grafana
+            credentialSecretNamespace: vela-system
+            grafanaServiceName: grafana
+            grafanaServiceNamespace: vela-system
+            name: loki
+            namespace: vela-system
+            service: loki
+            type: loki
+          type: register-grafana-datasource
+        type: helm
+      - name: prometheus-server
+        properties:
+          chart: prometheus
+          releaseName: prometheus
+          repoType: helm
+          targetNamespace: vela-system
+          url: https://charts.kubevela.net/addons
+          values:
+            alertmanager:
+              persistentVolume:
+                enabled: '[[ index .Args "alertmanager-pvc-enabled" | default "true" ]]'
+                size: '[[ index .Args "alertmanager-pvc-size" | default "20Gi" ]]'
+                storageClass: '[[ index .Args "alertmanager-pvc-class" ]]'
+            server:
+              persistentVolume:
+                enabled: '[[ index .Args "server-pvc-enabled" | default "true" ]]'
+                size: '[[ index .Args "server-pvc-size" | default "20Gi" ]]'
+                storageClass: '[[ index .Args "server-pvc-class" ]]'
+          version: 14.4.1
+        traits:
+        - properties:
+            access: proxy
+            credentialSecret: grafana
+            credentialSecretNamespace: vela-system
+            grafanaServiceName: grafana
+            grafanaServiceNamespace: vela-system
+            name: prometheus
+            namespace: vela-system
+            service: prometheus-server
+            type: prometheus
+          type: register-grafana-datasource
+        type: helm
+      - name: kube-state-metrics
+        properties:
+          chart: kube-state-metrics
+          repoType: helm
+          targetNamespace: vela-system
+          url: https://charts.kubevela.net/addons
+          values:
+            image:
+              repository: oamdev/kube-state-metrics
+              tag: v2.1.0
+          version: 3.4.1
+        type: helm
+      workflow:
+        steps:
+        - name: checking-depends-on
+          properties:
+            name: fluxcd
+            namespace: vela-system
+          type: depends-on-app
+        - name: apply-resources
+          type: apply-remaining
+    status: {}
+  detail: |-
+    # observability
+
+    This addon expose system and application level metrics for KubeVela.
 kind: ConfigMap
 metadata:
   annotations:

charts/vela-core/templates/addons/prometheus.yaml

@@ -1,47 +0,0 @@
-apiVersion: v1
-data:
-  initializer: |
-    apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
-    metadata:
-      annotations:
-        addons.oam.dev/description: Prometheus is an open-source systems monitoring and
-          alerting toolkit
-      name: prometheus
-      namespace: vela-system
-    spec:
-      appTemplate:
-        spec:
-          components:
-          - name: prometheus
-            properties:
-              chart: premetheus
-              repoType: helm
-              url: https://prometheus-community.github.io/helm-charts
-            type: helm
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
-          apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
-    status:
-      observedGeneration: 0
-kind: ConfigMap
-metadata:
-  annotations:
-    addons.oam.dev/description: Prometheus is an open-source systems monitoring and
-      alerting toolkit
-    addons.oam.dev/name: prometheus
-  labels:
-    addons.oam.dev/type: prometheus
-  name: prometheus
-  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/terraform-alibaba.yaml

@@ -0,0 +1,67 @@
+apiVersion: v1
+data:
+  application: |
+    apiVersion: core.oam.dev/v1beta1
+    kind: Application
+    metadata:
+      annotations:
+        addons.oam.dev/description: Kubernetes Terraform Controller for Alibaba Cloud
+        addons.oam.dev/name: terraform-alibaba
+      name: terraform-alibaba
+      namespace: vela-system
+    spec:
+      components:
+      - name: alibaba-account-creds-[[ index .Args "providerName" ]]
+        properties:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: alibaba-account-creds-[[ index .Args "providerName" ]]
+            namespace: vela-system
+          stringData:
+            credentials: |
+              accessKeyID: [[ index .Args "ALICLOUD_ACCESS_KEY" ]]
+              accessKeySecret: [[ index .Args "ALICLOUD_SECRET_KEY" ]]
+              securityToken: [[ index .Args "ALICLOUD_SECURITY_TOKEN" ]]
+          type: Opaque
+        type: raw
+      - name: alibaba-[[ index .Args "providerName" ]]
+        properties:
+          apiVersion: terraform.core.oam.dev/v1beta1
+          kind: Provider
+          metadata:
+            name: '[[ index .Args "providerName" ]]'
+            namespace: default
+          spec:
+            credentials:
+              secretRef:
+                key: credentials
+                name: alibaba-account-creds-[[ index .Args "providerName" ]]
+                namespace: vela-system
+              source: Secret
+            provider: alibaba
+            region: '[[ index .Args "ALICLOUD_REGION" ]]'
+        type: raw
+      workflow:
+        steps:
+        - name: ""
+          properties:
+            name: terraform
+            namespace: vela-system
+          type: depends-on-app
+        - name: ""
+          type: apply-application
+    status: {}
+  detail: |
+    # terraform-alibaba
+
+    This addon contains terraform provider for Alibaba Cloud.
+kind: ConfigMap
+metadata:
+  annotations:
+    addons.oam.dev/description: Kubernetes Terraform Controller for Alibaba Cloud
+    addons.oam.dev/name: terraform-alibaba
+  labels:
+    addons.oam.dev/type: terraform-alibaba
+  name: terraform-alibaba
+  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/terraform-aws.yaml

@@ -0,0 +1,67 @@
+apiVersion: v1
+data:
+  application: |
+    apiVersion: core.oam.dev/v1beta1
+    kind: Application
+    metadata:
+      annotations:
+        addons.oam.dev/description: Kubernetes Terraform Controller for AWS
+        addons.oam.dev/name: terraform-aws
+      name: terraform-aws
+      namespace: vela-system
+    spec:
+      components:
+      - name: aws-account-creds
+        properties:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: aws-account-creds
+            namespace: vela-system
+          stringData:
+            credentials: |
+              awsAccessKeyID: [[ index .Args "AWS_ACCESS_KEY_ID" ]]
+              awsSecretAccessKey: [[ index .Args "AWS_SECRET_ACCESS_KEY" ]]
+              awsSessionToken: [[ index .Args "AWS_SESSION_TOKEN" ]]
+          type: Opaque
+        type: raw
+      - name: aws
+        properties:
+          apiVersion: terraform.core.oam.dev/v1beta1
+          kind: Provider
+          metadata:
+            name: aws
+            namespace: default
+          spec:
+            credentials:
+              secretRef:
+                key: credentials
+                name: aws-account-creds
+                namespace: vela-system
+              source: Secret
+            provider: aws
+            region: '[[ index .Args "AWS_DEFAULT_REGION" ]]'
+        type: raw
+      workflow:
+        steps:
+        - name: ""
+          properties:
+            name: terraform
+            namespace: vela-system
+          type: depends-on-app
+        - name: ""
+          type: apply-application
+    status: {}
+  detail: |
+    # terraform-aws
+
+    This addon contains terraform provider for AWS.
+kind: ConfigMap
+metadata:
+  annotations:
+    addons.oam.dev/description: Kubernetes Terraform Controller for AWS
+    addons.oam.dev/name: terraform-aws
+  labels:
+    addons.oam.dev/type: terraform-aws
+  name: terraform-aws
+  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/terraform-azure.yaml

@@ -0,0 +1,67 @@
+apiVersion: v1
+data:
+  application: |
+    apiVersion: core.oam.dev/v1beta1
+    kind: Application
+    metadata:
+      annotations:
+        addons.oam.dev/description: Kubernetes Terraform Controller for Azure
+        addons.oam.dev/name: terraform-azure
+      name: terraform-azure
+      namespace: vela-system
+    spec:
+      components:
+      - name: azure-account-creds
+        properties:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: azure-account-creds
+            namespace: vela-system
+          stringData:
+            credentials: |
+              armClientID: [[ index .Args "ARM_CLIENT_ID" ]]
+              armClientSecret: [[ index .Args "ARM_CLIENT_SECRET" ]]
+              armSubscriptionID: [[ index .Args "ARM_SUBSCRIPTION_ID" ]]
+              armTenantID: [[ index .Args "ARM_TENANT_ID" ]]
+          type: Opaque
+        type: raw
+      - name: azure
+        properties:
+          apiVersion: terraform.core.oam.dev/v1beta1
+          kind: Provider
+          metadata:
+            name: azure
+            namespace: default
+          spec:
+            credentials:
+              secretRef:
+                key: credentials
+                name: azure-account-creds
+                namespace: vela-system
+              source: Secret
+            provider: azure
+        type: raw
+      workflow:
+        steps:
+        - name: ""
+          properties:
+            name: terraform
+            namespace: vela-system
+          type: depends-on-app
+        - name: ""
+          type: apply-application
+    status: {}
+  detail: |
+    # terraform-azure
+
+    This addon contains terraform provider for Azure.
+kind: ConfigMap
+metadata:
+  annotations:
+    addons.oam.dev/description: Kubernetes Terraform Controller for Azure
+    addons.oam.dev/name: terraform-azure
+  labels:
+    addons.oam.dev/type: terraform-azure
+  name: terraform-azure
+  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/terraform-provider-alibaba.yaml

@@ -1,65 +0,0 @@
-apiVersion: v1
-data:
-  initializer: |
-    apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
-    metadata:
-      annotations:
-        addons.oam.dev/description: terraform provider (alibaba)
-        addons.oam.dev/name: terraform/provider-alibaba
-      name: terraform-provider-alibaba
-      namespace: default
-    spec:
-      appTemplate:
-        spec:
-          components:
-          - name: alibaba-account-creds
-            properties:
-              apiVersion: v1
-              kind: Secret
-              metadata:
-                name: alibaba-provider-secret
-                namespace: vela-system
-              stringData:
-                credentials: |
-                  accessKeyID: [[ index .Args "ALICLOUD_ACCESS_KEY" ]]
-                  accessKeySecret: [[ index .Args "ALICLOUD_SECRET_KEY" ]]
-                  securityToken: [[ index .Args "ALICLOUD_SECURITY_TOKEN" ]]
-              type: Opaque
-            type: raw
-          - name: default
-            properties:
-              apiVersion: terraform.core.oam.dev/v1beta1
-              kind: Provider
-              metadata:
-                name: default
-                namespace: default
-              spec:
-                credentials:
-                  secretRef:
-                    key: credentials
-                    name: alibaba-account-creds
-                    namespace: vela-system
-                  source: Secret
-                provider: alibaba
-                region: '[[ index .Args "ALICLOUD_REGION" ]]'
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-    status:
-      observedGeneration: 0
-kind: ConfigMap
-metadata:
-  annotations:
-    addons.oam.dev/description: terraform provider (alibaba)
-    addons.oam.dev/name: terraform/provider-alibaba
-  labels:
-    addons.oam.dev/type: terraform-provider-alibaba
-  name: terraform-provider-alibaba
-  namespace: {{.Values.systemDefinitionNamespace}}

charts/vela-core/templates/addons/terraform.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 data:
-  initializer: |
+  application: |
     apiVersion: core.oam.dev/v1beta1
-    kind: Initializer
+    kind: Application
     metadata:
       annotations:
         addons.oam.dev/description: Terraform Controller is a Kubernetes Controller for
@@ -10,387 +10,579 @@ data:
       name: terraform
       namespace: vela-system
     spec:
-      appTemplate:
-        spec:
-          components:
-          - name: terraform-controller
-            properties:
-              chart: terraform-controller
-              repoType: helm
-              url: https://charts.kubevela.net/addons
-              version: 0.1.19
-            type: helm
-          - name: terraform-system
-            properties:
-              apiVersion: v1
-              kind: Namespace
-              metadata:
-                name: terraform-system
-            type: raw
-          - name: alibaba-ack
-            properties:
-              apiVersion: core.oam.dev/v1beta1
-              kind: ComponentDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Terraform configuration for Alibaba
-                    Cloud ACK cluster
-                labels:
-                  type: terraform
-                name: alibaba-ack
-                namespace: vela-system
-              spec:
-                schematic:
-                  terraform:
-                    configuration: |
-                      module "kubernetes" {
-                        source = "github.com/zzxwill/terraform-alicloud-kubernetes"
-                        new_nat_gateway = true
-                        vpc_name = var.vpc_name
-                        vpc_cidr = var.vpc_cidr
-                        vswitch_name_prefix = var.vswitch_name_prefix
-                        vswitch_cidrs = var.vswitch_cidrs
-                        master_instance_types = var.master_instance_types
-                        worker_instance_types = var.worker_instance_types
-                        k8s_pod_cidr = var.k8s_pod_cidr
-                        k8s_service_cidr = var.k8s_service_cidr
-                        k8s_worker_number = var.k8s_worker_number
-                        cpu_core_count = var.cpu_core_count
-                        memory_size = var.memory_size
-                        zone_id = var.zone_id
-                        k8s_version = var.k8s_version
-                        k8s_name_prefix = var.k8s_name_prefix
-                      }
-                      ######################
-                      # Instance types variables
-                      ######################
-                      variable "cpu_core_count" {
-                        description = "CPU core count is used to fetch instance types."
-                        type = number
-                        default = 4
-                      }
-                      variable "memory_size" {
-                        description = "Memory size used to fetch instance types."
-                        type = number
-                        default = 8
-                      }
-                      ######################
-                      # VPC variables
-                      ######################
-                      variable "vpc_name" {
-                        description = "The vpc name used to create a new vpc when 'vpc_id' is not specified. Default to variable `example_name`"
-                        type = string
-                        default = "tf-k8s-vpc"
-                      }
-                      variable "vpc_cidr" {
-                        description = "The cidr block used to launch a new vpc when 'vpc_id' is not specified."
-                        type = string
-                        default = "10.0.0.0/8"
-                      }
-                      ######################
-                      # VSwitch variables
-                      ######################
-                      variable "vswitch_name_prefix" {
-                        type = string
-                        description = "The vswitch name prefix used to create several new vswitches. Default to variable 'example_name'."
-                        default = "tf-k8s-vsw"
-                      }
-                      variable "number_format" {
-                        description = "The number format used to output."
-                        type = string
-                        default = "%02d"
-                      }
-                      variable "vswitch_ids" {
-                        description = "List of existing vswitch id."
-                        type = list
-                        default = []
-                      }
-                      variable "vswitch_cidrs" {
-                        description = "List of cidr blocks used to create several new vswitches when 'vswitch_ids' is not specified."
-                        type = list
-                        default = [
-                          "10.1.0.0/16",
-                          "10.2.0.0/16",
-                          "10.3.0.0/16"]
-                      }
-                      variable "k8s_name_prefix" {
-                        description = "The name prefix used to create several kubernetes clusters. Default to variable `example_name`"
-                        type = string
-                        default = "poc"
-                      }
-                      variable "new_nat_gateway" {
-                        type = bool
-                        description = "Whether to create a new nat gateway. In this template, a new nat gateway will create a nat gateway, eip and server snat entries."
-                        default = true
-                      }
-                      variable "master_instance_types" {
-                        description = "The ecs instance types used to launch master nodes."
-                        type = list
-                        default = [
-                          # hongkong
-                          "ecs.sn1ne.xlarge",
-                          # hongkong
-                          "ecs.c6.xlarge",
-                          # hongkong
-                          "ecs.c4.xlarge",
-                          # hongkong
-                          "ecs.c5.xlarge",
-                          "ecs.n4.xlarge",
-                          # "ecs.n1.large",
-                          # "ecs.sn1.large",
-                          # "ecs.s6-c1m2.xlarge",
-                          # "ecs.c6e.xlarge"
-                        ]
-                      }
-                      variable "worker_instance_types" {
-                        description = "The ecs instance types used to launch worker nodes."
-                        type = list
-                        default = [
-                          # hongkong
-                          "ecs.sn1ne.xlarge",
-                          # hongkong
-                          "ecs.c6.xlarge",
-                          # hongkong
-                          "ecs.c4.xlarge",
-                          # hongkong
-                          "ecs.c6e.xlarge",
-                          "ecs.n4.xlarge",
-                          //    "ecs.n1.large",
-                          //    "ecs.sn1.large",
-                          //    "ecs.s6-c1m2.xlarge"
-                        ]
-                      }
-                      variable "node_cidr_mask" {
-                        type = number
-                        description = "The node cidr block to specific how many pods can run on single node. Valid values: [24-28]."
-                        default = 24
-                      }
-                      variable "enable_ssh" {
-                        description = "Enable login to the node through SSH."
-                        type = bool
-                        default = true
-                      }
-                      variable "install_cloud_monitor" {
-                        description = "Install cloud monitor agent on ECS."
-                        type = bool
-                        default = true
-                      }
-                      variable "cpu_policy" {
-                        type = string
-                        description = "kubelet cpu policy. Valid values: 'none','static'. Default to 'none'."
-                        default = "none"
-                      }
-                      variable "proxy_mode" {
-                        description = "Proxy mode is option of kube-proxy. Valid values: 'ipvs','iptables'. Default to 'iptables'."
-                        type = string
-                        default = "iptables"
-                      }
-                      variable "password" {
-                        description = "The password of ECS instance."
-                        type = string
-                        default = "Just4Test"
-                      }
-                      variable "k8s_worker_number" {
-                        description = "The number of worker nodes in kubernetes cluster."
-                        type = number
-                        default = 2
-                      }
-                      # k8s_pod_cidr is only for flannel network
-                      variable "k8s_pod_cidr" {
-                        description = "The kubernetes pod cidr block. It cannot be equals to vpc's or vswitch's and cannot be in them."
-                        type = string
-                        default = "172.20.0.0/16"
-                      }
-                      variable "k8s_service_cidr" {
-                        description = "The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or pod's and cannot be in them."
-                        type = string
-                        default = "192.168.0.0/16"
-                      }
-                      variable "k8s_version" {
-                        description = "The version of the kubernetes version.  Valid values: '1.16.6-aliyun.1','1.14.8-aliyun.1'. Default to '1.16.6-aliyun.1'."
-                        type = string
-                        default = "1.20.4-aliyun.1"
-                      }
-                      variable "zone_id" {
-                        description = "Availability Zone ID"
-                        type = string
-                        default = "cn-hongkong-b"
-                        # "cn-beijing-a"
-                      }
-                      output "name" {
-                        value = module.kubernetes.name
-                      }
-                      output "kubeconfig" {
-                        value = module.kubernetes.kubeconfig
-                      }
-                      output "cluster_ca_cert" {
-                        value = module.kubernetes.cluster_ca_cert
-                      }
-                      output "client_cert" {
-                        value = module.kubernetes.client_cert
-                      }
-                      output "client_key" {
-                        value = module.kubernetes.client_key
-                      }
-                      output "api_server_internet" {
-                        value = module.kubernetes.api_server_internet
-                      }
-                workload:
-                  definition:
-                    apiVersion: terraform.core.oam.dev/v1beta1
-                    kind: Configuration
-            type: raw
-          - name: alibaba-eip
-            properties:
-              apiVersion: core.oam.dev/v1alpha2
-              kind: ComponentDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Terraform configuration for Alibaba
-                    Cloud Elastic IP
-                labels:
-                  type: terraform
-                name: alibaba-eip
-                namespace: vela-system
-              spec:
-                schematic:
-                  terraform:
-                    configuration: |
-                      module "eip" {
-                        source = "github.com/zzxwill/terraform-alicloud-eip"
-                        name = var.name
-                        bandwidth = var.bandwidth
-                      }
-
-                      variable "name" {
-                        description = "Name to be used on all resources as prefix. Default to 'TF-Module-EIP'."
-                        default = "TF-Module-EIP"
-                        type = string
-                      }
-
-                      variable "bandwidth" {
-                        description = "Maximum bandwidth to the elastic public network, measured in Mbps (Mega bit per second)."
-                        type = number
-                        default = 5
-                      }
-
-                      output "EIP_ADDRESS" {
-                        description = "The elastic ip address."
-                        value       = module.eip.this_eip_address.0
-                      }
-                workload:
-                  definition:
-                    apiVersion: terraform.core.oam.dev/v1beta1
-                    kind: Configuration
-            type: raw
-          - name: alibaba-oss
-            properties:
-              apiVersion: core.oam.dev/v1alpha2
-              kind: ComponentDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Terraform configuration for Alibaba
-                    Cloud OSS object
-                labels:
-                  type: terraform
-                name: alibaba-oss
-                namespace: vela-system
-              spec:
-                schematic:
-                  terraform:
-                    configuration: "resource \"alicloud_oss_bucket\" \"bucket-acl\" {\n
-                      \ bucket = var.bucket\n  acl = var.acl\n}\noutput \"BUCKET_NAME\"
-                      {\n  value = \"${alicloud_oss_bucket.bucket-acl.bucket}.${alicloud_oss_bucket.bucket-acl.extranet_endpoint}\"\n}\nvariable
-                      \"bucket\" {\n  description = \"OSS bucket name\"\n  default = \"vela-website\"\n
-                      \ type = string\n}\nvariable \"acl\" {\n  description = \"OSS bucket
-                      ACL, supported 'private', 'public-read', 'public-read-write'\"\n
-                      \ default = \"private\"\n  type = string\n} \n"
-                workload:
-                  definition:
-                    apiVersion: terraform.core.oam.dev/v1beta1
-                    kind: Configuration
-            type: raw
-          - name: alibaba-rds
-            properties:
-              apiVersion: core.oam.dev/v1alpha2
-              kind: ComponentDefinition
-              metadata:
-                annotations:
-                  definition.oam.dev/description: Terraform configuration for Alibaba
-                    Cloud RDS object
-                labels:
-                  type: terraform
-                name: alibaba-rds
-                namespace: vela-system
-              spec:
-                schematic:
-                  terraform:
-                    configuration: |
-                      module "rds" {
-                        source = "terraform-alicloud-modules/rds/alicloud"
-                        engine = "MySQL"
-                        engine_version = "8.0"
-                        instance_type = "rds.mysql.c1.large"
-                        instance_storage = "20"
-                        instance_name = var.instance_name
-                        account_name = var.account_name
-                        password = var.password
-                      }
-
-                      output "DB_NAME" {
-                        value = module.rds.this_db_instance_name
-                      }
-                      output "DB_USER" {
-                        value = module.rds.this_db_database_account
-                      }
-                      output "DB_PORT" {
-                        value = module.rds.this_db_instance_port
-                      }
-                      output "DB_HOST" {
-                        value = module.rds.this_db_instance_connection_string
-                      }
-                      output "DB_PASSWORD" {
-                        value = var.password
-                      }
-
-                      variable "instance_name" {
-                        description = "RDS instance name"
-                        type = string
-                        default = "poc"
-                      }
-
-                      variable "account_name" {
-                        description = "RDS instance user account name"
-                        type = string
-                        default = "oam"
-                      }
-
-                      variable "password" {
-                        description = "RDS instance account password"
-                        type = string
-                        default = "Xyfff83jfewGGfaked"
-                      }
-                workload:
-                  definition:
-                    apiVersion: terraform.core.oam.dev/v1beta1
-                    kind: Configuration
-            type: raw
-        status:
-          rollout:
-            batchRollingState: ""
-            currentBatch: 0
-            lastTargetAppRevision: ""
-            rollingState: ""
-            upgradedReadyReplicas: 0
-            upgradedReplicas: 0
-      dependsOn:
-      - ref:
+      components:
+      - name: terraform-controller
+        properties:
+          chart: terraform-controller
+          repoType: helm
+          url: https://charts.kubevela.net/addons
+          version: 0.2.10
+        type: helm
+      - name: alibaba-ack
+        properties:
           apiVersion: core.oam.dev/v1beta1
-          kind: Initializer
-          name: fluxcd
-          namespace: vela-system
-    status:
-      observedGeneration: 0
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                ACK cluster
+            labels:
+              type: terraform
+            name: alibaba-ack
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: https://github.com/kubevela-contrib/terraform-modules.git
+                path: alibaba/cs/dedicated-kubernetes
+                type: remote
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-ask
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                Serverless Kubernetes (ASK)
+            labels:
+              type: terraform
+            name: alibaba-ask
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: https://github.com/kubevela-contrib/terraform-modules.git
+                path: alibaba/cs/serverless-kubernetes
+                type: remote
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-eip
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                Elastic IP
+            labels:
+              type: terraform
+            name: alibaba-eip
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: https://github.com/oam-dev/terraform-alibaba-eip.git
+                type: remote
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-oss
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              cloud-resource/console-url: https://oss.console.aliyun.com/bucket/oss-{ALICLOUD_REGION}/{BUCKET_NAME}/overview
+              cloud-resource/identifier: BUCKET_NAME
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                OSS object
+            labels:
+              type: terraform
+            name: alibaba-oss
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: "resource \"alicloud_oss_bucket\" \"bucket-acl\" {\n  bucket
+                  = var.bucket\n  acl = var.acl\n}\noutput \"BUCKET_NAME\" {\n  value
+                  = \"${alicloud_oss_bucket.bucket-acl.bucket}.${alicloud_oss_bucket.bucket-acl.extranet_endpoint}\"\n}\nvariable
+                  \"bucket\" {\n  description = \"OSS bucket name\"\n  default = \"vela-website\"\n
+                  \ type = string\n}\nvariable \"acl\" {\n  description = \"OSS bucket
+                  ACL, supported 'private', 'public-read', 'public-read-write'\"\n  default
+                  = \"private\"\n  type = string\n} \n"
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-rds
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              cloud-resource/console-url: https://rdsnext.console.aliyun.com/detail/{DB_ID}/basicInfo?&region={ALICLOUD_REGION}
+              cloud-resource/identifier: DB_ID
+              cloud-resource/sensitive-outputs: DB_PASSWORD
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                RDS object
+            labels:
+              type: terraform
+            name: alibaba-rds
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: |
+                  module "rds" {
+                    source = "github.com/kubevela-contrib/terraform-alicloud-rds"
+                    engine = "MySQL"
+                    engine_version = "8.0"
+                    instance_type = "rds.mysql.c1.large"
+                    instance_storage = "20"
+                    instance_name = var.instance_name
+                    account_name = var.account_name
+                    password = var.password
+                    allocate_public_connection = var.allocate_public_connection
+                    security_ips = ["0.0.0.0/0",]
+                  }
+
+                  output "DB_ID" {
+                    value = module.rds.db_instance_id
+                  }
+
+                  output "DB_NAME" {
+                    value = module.rds.this_db_instance_name
+                  }
+                  output "DB_USER" {
+                    value = module.rds.this_db_database_account
+                  }
+                  output "DB_PORT" {
+                    value = module.rds.this_db_instance_port
+                  }
+                  output "DB_HOST" {
+                    value = module.rds.this_db_instance_connection_string
+                  }
+                  output "DB_PASSWORD" {
+                    value = var.password
+                  }
+                  output "DB_PUBLIC_HOST" {
+                    value = module.rds.db_public_connection_string
+                  }
+
+                  variable "instance_name" {
+                    description = "RDS instance name"
+                    type = string
+                    default = "poc"
+                  }
+
+                  variable "account_name" {
+                    description = "RDS instance user account name"
+                    type = string
+                    default = "oam"
+                  }
+
+                  variable "password" {
+                    description = "RDS instance account password"
+                    type = string
+                    default = "Xyfff83jfewGGfaked"
+                  }
+
+                  variable "allocate_public_connection" {
+                    description = "Whether to allocate public connection for a RDS instance."
+                    type        = bool
+                    default     = true
+                  }
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-redis
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                Redis
+            labels:
+              type: terraform
+            name: alibaba-redis
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: https://github.com/kubevela-contrib/terraform-modules/alibaba/redis
+                type: remote
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-sls-project
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                SLS Project
+            labels:
+              type: terraform
+            name: alibaba-sls-project
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: https://github.com/kubevela-contrib/terraform-modules.git
+                path: alibaba/sls/project
+                type: remote
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-sls-store
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                SLS Store
+            labels:
+              type: terraform
+            name: alibaba-sls-store
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: https://github.com/kubevela-contrib/terraform-modules.git
+                path: alibaba/sls/store
+                type: remote
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-vpc
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                VPC
+            labels:
+              type: terraform
+            name: alibaba-vpc
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: https://github.com/kubevela-contrib/terraform-modules.git
+                path: alibaba/vpc
+                type: remote
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: alibaba-vswitch
+        properties:
+          apiVersion: core.oam.dev/v1beta1
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Alibaba Cloud
+                VSwitch
+            labels:
+              type: terraform
+            name: alibaba-vswitch
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: https://github.com/kubevela-contrib/terraform-modules.git
+                path: alibaba/vswitch
+                type: remote
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: aws-s3
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for AWS S3
+            labels:
+              type: terraform
+            name: aws-s3
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: |
+                  resource "aws_s3_bucket" "bucket-acl" {
+                    bucket = var.bucket
+                    acl    = var.acl
+                  }
+
+                  output "BUCKET_NAME" {
+                    value = aws_s3_bucket.bucket-acl.bucket_domain_name
+                  }
+
+                  variable "bucket" {
+                    description = "S3 bucket name"
+                    default = "vela-website"
+                    type = string
+                  }
+
+                  variable "acl" {
+                    description = "S3 bucket ACL"
+                    default = "private"
+                    type = string
+                  }
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: azure-database-mariadb
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Azure Database
+                Mariadb
+              provider: azure
+            labels:
+              type: terraform
+            name: azure-database-mariadb
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: |
+                  # Configure the Microsoft Azure Provider
+                  provider "azurerm" {
+                    features {}
+                  }
+
+                  resource "azurerm_resource_group" "example" {
+                    name = var.resource_group
+                    location = var.location
+                  }
+
+                  resource "azurerm_mariadb_server" "example" {
+                    name = var.server_name
+                    location = var.location
+                    resource_group_name = azurerm_resource_group.example.name
+
+                    sku_name = "B_Gen5_2"
+
+                    storage_mb = 51200
+                    backup_retention_days = 7
+                    geo_redundant_backup_enabled = false
+
+                    administrator_login = var.username
+                    administrator_login_password = var.password
+                    version = "10.2"
+                    ssl_enforcement_enabled = true
+                  }
+
+                  resource "azurerm_mariadb_database" "example" {
+                    name = var.db_name
+                    resource_group_name = azurerm_resource_group.example.name
+                    server_name = azurerm_mariadb_server.example.name
+                    charset = "utf8"
+                    collation = "utf8_general_ci"
+                  }
+
+                  variable "server_name" {
+                    type = string
+                    description = "mariadb server name"
+                    default = "mariadb-svr-sample"
+                  }
+
+                  variable "db_name" {
+                    default = "backend"
+                    type = string
+                    description = "Database instance name"
+                  }
+
+                  variable "username" {
+                    default = "acctestun"
+                    type = string
+                    description = "Database instance username"
+                  }
+
+                  variable "password" {
+                    default = "H@Sh1CoR3!faked"
+                    type = string
+                    description = "Database instance password"
+                  }
+
+                  variable "location" {
+                    description = "Azure location"
+                    type = string
+                    default = "West Europe"
+                  }
+
+                  variable "resource_group" {
+                    description = "Resource group"
+                    type = string
+                    default = "kubevela-group"
+                  }
+
+                  output "SERVER_NAME" {
+                    value = var.server_name
+                  }
+
+                  output "DB_NAME" {
+                    value = var.db_name
+                  }
+                  output "DB_USER" {
+                    value = var.username
+                  }
+                  output "DB_PASSWORD" {
+                    sensitive = true
+                    value = var.password
+                  }
+                  output "DB_PORT" {
+                    value = "3306"
+                  }
+                  output "DB_HOST" {
+                    value = azurerm_mariadb_server.example.fqdn
+                  }
+                providerRef:
+                  name: azure
+                  namespace: default
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      - name: azure-storage-account
+        properties:
+          apiVersion: core.oam.dev/v1alpha2
+          kind: ComponentDefinition
+          metadata:
+            annotations:
+              definition.oam.dev/description: Terraform configuration for Azure Blob Storage
+                Account
+              provider: azure
+            labels:
+              type: terraform
+            name: azure-storage-account
+            namespace: vela-system
+          spec:
+            schematic:
+              terraform:
+                configuration: |
+                  # Configure the Microsoft Azure Provider
+                  provider "azurerm" {
+                    features {}
+                  }
+
+                  resource "azurerm_resource_group" "rsg" {
+                    count    = var.create_rsg ? 1 : 0
+                    name     = var.resource_group_name
+                    location = var.location
+                  }
+
+                  resource "azurerm_storage_account" "sa" {
+                    name                      = var.name
+                    resource_group_name       = var.create_rsg ? azurerm_resource_group.rsg[0].name : var.resource_group_name
+                    location                  = var.location
+                    account_tier              = "Standard"
+                    account_replication_type  = "GRS"
+                    enable_https_traffic_only = true
+
+                    dynamic "static_website" {
+                      for_each = var.static_website
+                      content {
+                        index_document     = static_website.value["index_document"]
+                        error_404_document = static_website.value["error_404_document"]
+                      }
+                    }
+
+                    tags = var.tags
+                  }
+
+                  variable "create_rsg" {
+                    description = "Conditional if resource group should be created. Defaults to 'true'."
+                    type        = bool
+                    default     = true
+                  }
+
+                  variable "resource_group_name" {
+                    description = "Name of resource group. Defaults to 'rsg'."
+                    type        = string
+                    default     = "rsg"
+                  }
+
+                  variable "name" {
+                    description = "Name of storage account. Defaults to 'storageaccount'."
+                    type        = string
+                    default     = "storageaccount"
+                  }
+
+                  variable "location" {
+                    description = "Location of storage account. Defaults to 'West Europe'."
+                    type        = string
+                    default     = "West Europe"
+                  }
+
+                  variable "tags" {
+                    description = "Tags for storage account. Defaults to '{}'."
+                    type        = map(string)
+                    default     = {}
+                  }
+
+                  variable "static_website" {
+                    description = "Static website configuration. Defaults to disabled."
+                    type        = list(map(string))
+                    default     = [{
+                      index_document = null
+                      error_404_document = null
+                    }]
+                  }
+
+                  output "BLOB_CONNECTION_STRING" {
+                    description = "Blob storage connection string"
+                    sensitive   = true
+                    value       = azurerm_storage_account.sa.primary_connection_string
+                  }
+
+                  output "BLOB_WEB_ENDPOINT" {
+                    description = "Blob storage static web endpoint"
+                    value       = azurerm_storage_account.sa.primary_web_endpoint
+                  }
+                providerRef:
+                  name: azure
+                  namespace: default
+            workload:
+              definition:
+                apiVersion: terraform.core.oam.dev/v1beta1
+                kind: Configuration
+        type: raw
+      workflow:
+        steps:
+        - name: ""
+          properties:
+            name: fluxcd
+            namespace: vela-system
+          type: depends-on-app
+        - name: ""
+          type: apply-application
+    status: {}
+  detail: ""
 kind: ConfigMap
 metadata:
   annotations:

charts/vela-core/templates/admission-webhooks/job-patch/job-createSecret.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       containers:
         - name: create
-          image: {{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+          image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
           imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
           args:
             - create

charts/vela-core/templates/admission-webhooks/job-patch/job-patchWebhook.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       containers:
         - name: patch
-          image: {{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+          image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
           imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
           args:
             - patch

charts/vela-core/templates/certmanager.yaml

@@ -18,6 +18,7 @@ metadata:
 spec:
   secretName: {{ template "kubevela.fullname" . }}-root-cert
   duration: 43800h # 5y
+  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
   issuerRef:
     name: {{ template "kubevela.fullname" . }}-self-signed-issuer
   commonName: "ca.webhook.kubevela"
@@ -44,6 +45,7 @@ metadata:
 spec:
   secretName: {{ template "kubevela.fullname" . }}-admission
   duration: 8760h # 1y
+  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
   issuerRef:
     name: {{ template "kubevela.fullname" . }}-root-issuer
   dnsNames:

charts/vela-core/templates/cluster-gateway.yaml

@@ -32,12 +32,28 @@ spec:
             - "--secure-port={{ .Values.multicluster.clusterGateway.port }}"
             - "--secret-namespace={{ .Release.Namespace }}"
             - "--feature-gates=APIPriorityAndFairness=false"
-          image: {{ .Values.multicluster.clusterGateway.image.repository }}:{{ .Values.multicluster.clusterGateway.image.tag }}
+            {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+            - "--cert-dir={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}"
+            {{ end }}
+          image: {{ .Values.imageRegistry }}{{ .Values.multicluster.clusterGateway.image.repository }}:{{ .Values.multicluster.clusterGateway.image.tag }}
           imagePullPolicy: {{ .Values.multicluster.clusterGateway.image.pullPolicy }}
           resources:
           {{- toYaml .Values.multicluster.clusterGateway.resources | nindent 12 }}
           ports:
             - containerPort: {{ .Values.multicluster.clusterGateway.port }}
+          {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+          volumeMounts:
+            - mountPath: {{ .Values.multicluster.clusterGateway.secureTLS.certPath }}
+              name: tls-cert-vol
+              readOnly: true
+          {{- end }}
+      {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+      volumes:
+        - name: tls-cert-vol
+          secret:
+            defaultMode: 420
+            secretName: {{ template "kubevela.fullname" . }}-cluster-gateway-tls
+      {{ end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
       {{- toYaml . | nindent 8 }}
@@ -84,5 +100,150 @@ spec:
     namespace: {{ .Release.Namespace }}
     port: {{ .Values.multicluster.clusterGateway.port }}
   versionPriority: 10
-  insecureSkipTLSVerify: true
+  insecureSkipTLSVerify: {{ not .Values.multicluster.clusterGateway.secureTLS.enabled }}
+  {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+  caBundle: Cg==
+  {{ end }}
 {{ end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.name" . }}-cluster-gateway-admission
+    {{- include "kubevela.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - create
+{{- end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.name" . }}-cluster-gateway-admission
+    {{- include "kubevela.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.name" . }}-cluster-gateway-admission
+    {{- include "kubevela.labels" . | nindent 4 }}
+{{- end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+    {{- include "kubevela.labels" . | nindent 4 }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+      labels:
+        app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+        {{- include "kubevela.labels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: create
+        image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+        imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
+        args:
+          - create
+          - --host={{ .Release.Name }}-cluster-gateway-service,{{ .Release.Name }}-cluster-gateway-service.{{ .Release.Namespace }}.svc
+          - --namespace={{ .Release.Namespace }}
+          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls
+          - --key-name=apiserver.key
+          - --cert-name=apiserver.crt
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+      securityContext:
+        runAsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+{{ end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+    {{- include "kubevela.labels" . | nindent 4 }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+      labels:
+        app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+        {{- include "kubevela.labels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: patch
+        image: {{ .Values.imageRegistry }}{{ .Values.multicluster.clusterGateway.image.repository }}:{{ .Values.multicluster.clusterGateway.image.tag }}
+        imagePullPolicy: {{ .Values.multicluster.clusterGateway.image.pullPolicy }}
+        command:
+          - /patch
+        args:
+          - --secret-namespace={{ .Release.Namespace }}
+          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls
+      restartPolicy: OnFailure
+      serviceAccountName: {{ include "kubevela.serviceAccountName" . }}
+      securityContext:
+        runAsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+{{ end }}

charts/vela-core/templates/definitions/containerizedworkloads.yaml

@@ -1,13 +0,0 @@
-apiVersion: core.oam.dev/v1beta1
-kind: WorkloadDefinition
-metadata:
-  name: containerizedworkloads.core.oam.dev
-  namespace: {{.Values.systemDefinitionNamespace}}
-spec:
-  definitionRef:
-    name: containerizedworkloads.core.oam.dev
-  childResourceKinds:
-    - apiVersion: apps/v1
-      kind: Deployment
-    - apiVersion: v1
-      kind: Service

charts/vela-core/templates/defwithtemplate/annotations.yaml

@@ -5,6 +5,8 @@ kind: TraitDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Add annotations on K8s pod for your workload which follows the pod spec in path 'spec.template'.
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
   name: annotations
   namespace: {{.Values.systemDefinitionNamespace}}
 spec:

charts/vela-core/templates/defwithtemplate/apply-application.yaml

@@ -5,6 +5,8 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Apply application for your workflow steps
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
   name: apply-application
   namespace: {{.Values.systemDefinitionNamespace}}
 spec:

charts/vela-core/templates/defwithtemplate/apply-object.yaml

@@ -0,0 +1,30 @@
+# Code generated by KubeVela templates. DO NOT EDIT. Please edit the original cue file.
+# Definition source cue file: vela-templates/definitions/internal/apply-object.cue
+apiVersion: core.oam.dev/v1beta1
+kind: WorkflowStepDefinition
+metadata:
+  annotations:
+    definition.oam.dev/description: Apply raw kubernetes objects for your workflow steps
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
+  name: apply-object
+  namespace: {{.Values.systemDefinitionNamespace}}
+spec:
+  schematic:
+    cue:
+      template: |
+        import (
+        	"vela/op"
+        )
+
+        apply: op.#Apply & {
+        	value:   parameter.value
+        	cluster: parameter.cluster
+        }
+        parameter: {
+        	// +usage=Specify the value of the object
+        	value: {...}
+        	// +usage=Specify the cluster of the object
+        	cluster: *"" | string
+        }
+

charts/vela-core/templates/defwithtemplate/apply-remaining.yaml

@@ -5,6 +5,8 @@ kind: WorkflowStepDefinition
 metadata:
   annotations:
     definition.oam.dev/description: Apply remaining components and traits
+  labels:
+    custom.definition.oam.dev/ui-hidden: "true"
   name: apply-remaining
   namespace: {{.Values.systemDefinitionNamespace}}
 spec:
@@ -21,16 +23,6 @@ spec:
         }
         parameter: {
         	// +usage=Declare the name of the component
-        	exceptions?: [componentName=string]: {
-        		// +usage=skipApplyWorkload indicates whether to skip apply the workload resource
-        		skipApplyWorkload: *true | bool
-
-        		// +usage=skipAllTraits indicates to skip apply all resources of the traits.
-        		// +usage=If this is true, skipApplyTraits will be ignored
-        		skipAllTraits: *true | bool
-
-        		// +usage=skipApplyTraits specifies the names of the traits to skip apply
-        		skipApplyTraits: [...string]
-        	}
+        	exceptions?: [...string]
         }