fix several issues (#3729 ) (#3735 )

Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com>
Fix: change systemInfo some fields (cp #3715 ) (#3723 )
2026-02-23 22:33:58 +00:00 · 2022-04-22 17:29:01 +08:00 · 2022-04-22 16:42:54 +08:00 · 2022-04-22 16:34:28 +08:00 · 2022-04-22 14:26:37 +08:00 · 2022-04-21 14:32:30 +08:00
1437 changed files with 48121 additions and 100908 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,37 +1,36 @@
 # This file is a github code protect rule follow the codeowners https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners#example-of-a-codeowners-file

-*                                  @barnettZQG @wonderflow @leejanee @Somefive @jefree-cat
-design/                            @barnettZQG @leejanee @wonderflow @Somefive @jefree-cat
-
-# Owner of Core Controllers
-pkg/controller/core.oam.dev       @Somefive @FogDong @barnettZQG @wonderflow
-
-# Owner of Standard Controllers
-pkg/controller/standard.oam.dev   @wangyikewxgm @barnettZQG @wonderflow
+*                                  @barnettZQG @wonderflow @leejanee
+design/                            @barnettZQG @leejanee @wonderflow

 # Owner of CUE
-pkg/cue                            @leejanee @FogDong @Somefive
-pkg/stdlib                         @leejanee @FogDong @Somefive
+pkg/cue                            @leejanee @FogDong
+pkg/stdlib                         @leejanee @FogDong

 # Owner of Workflow
-pkg/workflow                       @leejanee @FogDong @Somefive
+pkg/workflow                       @leejanee @FogDong

 # Owner of rollout
-pkg/controller/common/rollout/     @wangyikewxgm @wonderflow
-runtime/rollout                    @wangyikewxgm @wonderflow
+pkg/controller/common/rollout/                              @wangyikewxgm @wonderflow
+pkg/controller/core.oam.dev/v1alpha2/applicationrollout     @wangyikewxgm @wonderflow
+pkg/controller/standard.oam.dev/v1alpha1/rollout            @wangyikewxgm @wonderflow
+runtime/rollout                                             @wangyikewxgm @wonderflow
+
+# Owner of definition controller
+pkg/controller/core.oam.dev/v1alpha2/core/workflow/workflowstepdefinition  @yangsoon @Somefive
+pkg/controller/core.oam.dev/v1alpha2/core/policies/policydefinition        @yangsoon @Somefive
+pkg/controller/core.oam.dev/v1alpha2/core/components/componentdefinition   @yangsoon @zzxwill
+pkg/controller/core.oam.dev/v1alpha2/core/traits/traitdefinition           @yangsoon @zzxwill
+
+# Owner of health scope controller
+pkg/controller/core.oam.dev/v1alpha2/core/scopes/healthscope     @captainroy-hy @zzxwill

 # Owner of vela templates
 vela-templates/                     @Somefive @barnettZQG @wonderflow

 # Owner of vela CLI
-references/cli/                     @Somefive @zzxwill @StevenLeiZhang @charlie0129 @chivalryq
+references/cli/                     @Somefive @zzxwill 

 # Owner of vela APIServer
-pkg/apiserver/                     @barnettZQG @yangsoon @FogDong
+pkg/apiserver/                     @barnettZQG @yangsoon

-# Owner of vela addon framework
-pkg/addon/                         @wangyikewxgm @wonderflow @charlie0129
-
-# Owner of resource keeper and tracker
-pkg/resourcekeeper                 @Somefive @FogDong
-pkg/resourcetracker                @Somefive @FogDong
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -13,8 +13,8 @@ Fixes #

 I have:

- [ ] Read and followed KubeVela's [contribution process](https://github.com/kubevela/kubevela/blob/master/contribute/create-pull-request.md).
- [ ] [Related Docs](https://github.com/kubevela/kubevela.io) updated properly. In a new feature or configuration option, an update to the documentation is necessary. 
+- [ ] Read and followed KubeVela's [contribution process](https://github.com/oam-dev/kubevela/blob/master/contribute/create-pull-request.md).
+- [ ] [Related Docs](https://github.com/oam-dev/kubevela.io) updated properly. In a new feature or configuration option, an update to the documentation is necessary. 
 - [ ] Run `make reviewable` to ensure this PR is ready for review.
 - [ ] Added `backport release-x.y` labels to auto-backport this PR if necessary.

--- a/.github/bot.md
+++ b/.github/bot.md
@@ -1,9 +1,9 @@
 ### GitHub & kubevela automation

-The bot is configured via [issue-commands.json](https://github.com/kubevela/kubevela/blob/master/.github/workflows/issue-commands.json) 
-and some other GitHub [workflows](https://github.com/kubevela/kubevela/blob/master/.github/workflows).
+The bot is configured via [issue-commands.json](https://github.com/oam-dev/kubevela/blob/master/.github/workflows/issue-commands.json) 
+and some other GitHub [workflows](https://github.com/oam-dev/kubevela/blob/master/.github/workflows).
 By default, users with write access to the repo is allowed to use the comments, 
-the [userlist](https://github.com/kubevela/kubevela/blob/master/.github/comment.userlist) 
+the [userlist](https://github.com/oam-dev/kubevela/blob/master/.github/comment.userlist) 
 file is for adding additional members who do not have access and want to contribute to the issue triage.

 Comment commands:
@@ -14,7 +14,7 @@ Comment commands:
 * Write the word `/area/*` in a comment, and the bot will add the corresponding label `/area/*`.
 * Write the word `/priority/*` in a comment, and the bot will add the corresponding label `/priority/*`.

-The `*` mention above represent a specific word. Please read the details about label category in [ISSUE_TRIAGE.md](https://github.com/kubevela/kubevela/blob/master/ISSUE_TRIAGE.md)  
+The `*` mention above represent a specific word. Please read the details about label category in [ISSUE_TRIAGE.md](https://github.com/oam-dev/kubevela/blob/master/ISSUE_TRIAGE.md)  

 Label commands:

--- a/.github/workflows/apiserver-test.yaml
+++ b/.github/workflows/apiserver-test.yaml
@@ -1,4 +1,4 @@
-name: VelaUX APIServer Test
+name: APIServer Unit Test & E2E Test

 on:
  push:
@@ -6,9 +6,7 @@ on:
      - master
      - release-*
      - apiserver
-    tags:
-      - v*
-  workflow_dispatch: { }
+  workflow_dispatch: {}
  pull_request:
    branches:
      - master
@@ -17,10 +15,9 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
-  K3D_IMAGE_VERSION: '[\"v1.20\",\"v1.24\"]'
-  K3D_IMAGE_VERSIONS: '[\"v1.20\",\"v1.24\"]'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'

 jobs:

@@ -31,89 +28,18 @@ jobs:
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@v4.0.0
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
          concurrent_skipping: false

-  set-k8s-matrix:
-    runs-on: ubuntu-20.04
-    outputs:
-      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
-    steps:
-      - id: set-k8s-matrix
-        run: |
-          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
-            echo "pushing tag: ${{ github.ref_name }}"
-            echo "::set-output name=matrix::${{ env.K3D_IMAGE_VERSIONS }}"
-          else
-            echo "::set-output name=matrix::${{ env.K3D_IMAGE_VERSION }}"
-          fi
-
  apiserver-unit-tests:
-    runs-on: ubuntu-20.04
+    runs-on: aliyun
    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'

-    steps:
-      - name: Set up Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: ${{ env.GO_VERSION }}
-        id: go
-
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-        with:
-          submodules: true
-
-      - name: Cache Go Dependencies
-        uses: actions/cache@v2
-        with:
-          path: .work/pkg
-          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-
-
-      - name: Install ginkgo
-        run: |
-          sudo apt-get install -y golang-ginkgo-dev
-
-      - name: Start MongoDB
-        uses: supercharge/mongodb-github-action@1.7.0
-        with:
-          mongodb-version: '5.0'
-
-      - name: install Kubebuilder
-        uses: RyanSiu1995/kubebuilder-action@v1.2
-        with:
-          version: 3.1.0
-          kubebuilderOnly: false
-          kubernetesVersion: v1.21.2
-
-      - name: Run api server unit test
-        run: make unit-test-apiserver
-
-      - name: Upload coverage report
-        uses: codecov/codecov-action@v1
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          file: ./coverage.txt
-          flags: apiserver-unittests
-          name: codecov-umbrella
-
-  apiserver-e2e-tests:
-    runs-on: aliyun
-    needs: [ detect-noop,set-k8s-matrix ]
-    if: needs.detect-noop.outputs.noop != 'true'
-    strategy:
-      matrix:
-        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
-      cancel-in-progress: true
-
    steps:
      - name: Set up Go
        uses: actions/setup-go@v1
@@ -130,58 +56,44 @@ jobs:
        run: |
          go get -v -t -d ./...

-      - name: Tear down K3d if exist
-        run: |
-          k3d cluster delete || true
-          k3d cluster delete worker || true
-
-      - name: Calculate K3d args
-        run: |
-          EGRESS_ARG=""
-          if [[ "${{ matrix.k8s-version }}" == v1.24 ]]; then
-            EGRESS_ARG="--k3s-arg --egress-selector-mode=disabled@server:0"
-          fi
-          echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
-
-      - name: Setup K3d (Hub)
-        uses: nolar/setup-k3d-k3s@v1.0.8
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-args: ${{ env.EGRESS_ARG }}
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true

-
-      - name: Setup K3d (Worker)
-        uses: nolar/setup-k3d-k3s@v1.0.8
-        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-name: worker
-          k3d-args: --kubeconfig-update-default=false --network=k3d-k3s-default ${{ env.EGRESS_ARG }}
-
-
-      - name: Kind Cluster (Worker)
+      - name: Setup Kind Cluster (Worker)
        run: |
-          internal_ip=$(docker network inspect k3d-k3s-default|jq ".[0].Containers"| jq -r '.[]| select(.Name=="k3d-worker-server-0")|.IPv4Address' | cut -d/ -f1)
-          k3d kubeconfig get worker > /tmp/worker.client.kubeconfig
-          cp /tmp/worker.client.kubeconfig /tmp/worker.kubeconfig
-          sed -i "s/0.0.0.0:[0-9]\+/$internal_ip:6443/"  /tmp/worker.kubeconfig
+          kind delete cluster --name worker
+          kind create cluster --image kindest/node:v1.20.7@sha256:688fba5ce6b825be62a7c7fe1415b35da2bdfbb5a69227c499ea4cc0008661ca --name worker
+          kubectl version
+          kubectl cluster-info
+          kind get kubeconfig --name worker --internal > /tmp/worker.kubeconfig
+          kind get kubeconfig --name worker > /tmp/worker.client.kubeconfig

-      - name: Load image to k3d cluster
-        run: make image-load
+      - name: Setup Kind Cluster (Hub)
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:v1.20.7@sha256:688fba5ce6b825be62a7c7fe1415b35da2bdfbb5a69227c499ea4cc0008661ca
+          kubectl version
+          kubectl cluster-info
+
+      - name: Load Image to kind cluster
+        run: make kind-load

      - name: Cleanup for e2e tests
        run: |
-          make vela-cli
          make e2e-cleanup
+          make vela-cli
          make e2e-setup-core
          bin/vela addon enable fluxcd
-          bin/vela addon enable vela-workflow
          timeout 600s bash -c -- 'while true; do kubectl get ns flux-system; if [ $? -eq 0 ] ; then break; else sleep 5; fi;done'
          kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=vela-core,app.kubernetes.io/instance=kubevela -n vela-system --timeout=600s
          kubectl wait --for=condition=Ready pod -l app=source-controller -n flux-system --timeout=600s
          kubectl wait --for=condition=Ready pod -l app=helm-controller -n flux-system --timeout=600s
-          kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=vela-workflow -n vela-system --timeout=600s
+
+      - name: Run api server unit test
+        run: make unit-test-apiserver

      - name: Run api server e2e test
        run: |
@@ -197,8 +109,8 @@ jobs:
        uses: codecov/codecov-action@v1
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
-          files: /tmp/e2e_apiserver_test.out
-          flags: apiserver-e2etests
+          files: ./coverage.txt,/tmp/e2e_apiserver_test.out
+          flags: apiserver-unittests
          name: codecov-umbrella

      - name: Clean e2e profile
--- a/.github/workflows/chart.yaml
+++ b/.github/workflows/chart.yaml
@@ -1,100 +0,0 @@
-name: Publish Chart
-
-on:
-  push:
-    tags:
-      - "v*"
-  workflow_dispatch: { }
-
-env:
-  BUCKET: ${{ secrets.OSS_BUCKET }}
-  ENDPOINT: ${{ secrets.OSS_ENDPOINT }}
-  ACCESS_KEY: ${{ secrets.OSS_ACCESS_KEY }}
-  ACCESS_KEY_SECRET: ${{ secrets.OSS_ACCESS_KEY_SECRET }}
-  ARTIFACT_HUB_REPOSITORY_ID: ${{ secrets.ARTIFACT_HUB_REPOSITORY_ID }}
-
-jobs:  
-  publish-charts:
-    env:
-      HELM_CHARTS_DIR: charts
-      HELM_CHART: charts/vela-core
-      MINIMAL_HELM_CHART: charts/vela-minimal
-      LEGACY_HELM_CHART: legacy/charts/vela-core-legacy
-      VELA_ROLLOUT_HELM_CHART: runtime/rollout/charts
-      LOCAL_OSS_DIRECTORY: .oss
-      HELM_CHART_NAME: vela-core
-      MINIMAL_HELM_CHART_NAME: vela-minimal
-      LEGACY_HELM_CHART_NAME: vela-core-legacy
-      VELA_ROLLOUT_HELM_CHART_NAME: vela-rollout
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@master
-      - name: Get git revision
-        id: vars
-        shell: bash
-        run: |
-          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
-      - name: Install Helm
-        uses: azure/setup-helm@v1
-        with:
-          version: v3.4.0
-      - name: Setup node
-        uses: actions/setup-node@v2
-        with:
-          node-version: '14'
-      - name: Generate helm doc
-        run: |
-          make helm-doc-gen
-      - name: Prepare legacy chart
-        run: |
-          rsync -r $LEGACY_HELM_CHART $HELM_CHARTS_DIR
-          rsync -r $HELM_CHART/* $LEGACY_HELM_CHART --exclude=Chart.yaml --exclude=crds
-      - name: Prepare vela chart
-        run: |
-          rsync -r $VELA_ROLLOUT_HELM_CHART $HELM_CHARTS_DIR
-      - name: Get the version
-        id: get_version
-        run: |
-          VERSION=${GITHUB_REF#refs/tags/}
-          echo ::set-output name=VERSION::${VERSION}
-      - name: Tag helm chart image
-        run: |
-          image_tag=${{ steps.get_version.outputs.VERSION }}
-          chart_version=${{ steps.get_version.outputs.VERSION }}
-          sed -i "s/latest/${image_tag}/g" $HELM_CHART/values.yaml
-          sed -i "s/latest/${image_tag}/g" $MINIMAL_HELM_CHART/values.yaml
-          sed -i "s/latest/${image_tag}/g" $LEGACY_HELM_CHART/values.yaml
-          sed -i "s/latest/${image_tag}/g" $VELA_ROLLOUT_HELM_CHART/values.yaml
-          chart_smever=${chart_version#"v"}
-          sed -i "s/0.1.0/$chart_smever/g" $HELM_CHART/Chart.yaml
-          sed -i "s/0.1.0/$chart_smever/g" $MINIMAL_HELM_CHART/Chart.yaml
-          sed -i "s/0.1.0/$chart_smever/g" $LEGACY_HELM_CHART/Chart.yaml
-          sed -i "s/0.1.0/$chart_smever/g" $VELA_ROLLOUT_HELM_CHART/Chart.yaml
-      - name: Install ossutil
-        run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
-      - name: Configure Alibaba Cloud OSSUTIL
-        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT} -c .ossutilconfig
-      - name: sync cloud to local
-        run: ./ossutil --config-file .ossutilconfig sync oss://$BUCKET/core $LOCAL_OSS_DIRECTORY
-      - name: add artifacthub stuff to the repo
-        run: |
-          rsync $HELM_CHART/README.md $LEGACY_HELM_CHART/README.md
-          rsync $HELM_CHART/README.md $VELA_ROLLOUT_HELM_CHART/README.md
-          sed -i "s/ARTIFACT_HUB_REPOSITORY_ID/$ARTIFACT_HUB_REPOSITORY_ID/g" hack/artifacthub/artifacthub-repo.yml
-          rsync hack/artifacthub/artifacthub-repo.yml $LOCAL_OSS_DIRECTORY
-      - name: Package helm charts
-        run: |
-          helm package $HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm package $MINIMAL_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm package $LEGACY_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm package $VELA_ROLLOUT_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
-          helm repo index --url https://$BUCKET.$ENDPOINT/core $LOCAL_OSS_DIRECTORY
-      - name: sync local to cloud
-        run: |
-          image_tag=${{ steps.get_version.outputs.VERSION }}
-          chart_semver=${image_tag#"v"}
-          ./ossutil --config-file .ossutilconfig cp -f $LOCAL_OSS_DIRECTORY/index.yaml oss://$BUCKET/core/index.yaml
-          ./ossutil --config-file .ossutilconfig cp -f $LOCAL_OSS_DIRECTORY/$HELM_CHART_NAME-${chart_semver}.tgz oss://$BUCKET/core/$HELM_CHART_NAME-${chart_semver}.tgz 
-          ./ossutil --config-file .ossutilconfig cp -f $LOCAL_OSS_DIRECTORY/$MINIMAL_HELM_CHART_NAME-${chart_semver}.tgz oss://$BUCKET/core/$MINIMAL_HELM_CHART_NAME-${chart_semver}.tgz
-          ./ossutil --config-file .ossutilconfig cp -f $LOCAL_OSS_DIRECTORY/$LEGACY_HELM_CHART_NAME-${chart_semver}.tgz oss://$BUCKET/core/$LEGACY_HELM_CHART_NAME-${chart_semver}.tgz
-          ./ossutil --config-file .ossutilconfig cp -f $LOCAL_OSS_DIRECTORY/$VELA_ROLLOUT_HELM_CHART_NAME-${chart_semver}.tgz oss://$BUCKET/core/$VELA_ROLLOUT_HELM_CHART_NAME-${chart_semver}.tgz
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -5,6 +5,30 @@ on:
    branches: [ master, release-* ]

 jobs:
+  images:
+    name: Image Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Build Vela Core image from Dockerfile
+        run: |
+          docker build --build-arg GOPROXY=https://proxy.golang.org -t docker.io/oamdev/vela-core:${{ github.sha }} .
+
+      - name: Run Trivy vulnerability scanner for vela core
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/oamdev/vela-core:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
--- a/.github/workflows/e2e-multicluster-test.yml
+++ b/.github/workflows/e2e-multicluster-test.yml
@@ -5,8 +5,6 @@ on:
    branches:
      - master
      - release-*
-    tags:
-      - v*
  workflow_dispatch: {}
  pull_request:
    branches:
@@ -15,10 +13,9 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
-  K3D_IMAGE_VERSION: '[\"v1.20\",\"v1.24\"]'
-  K3D_IMAGE_VERSIONS: '[\"v1.20\",\"v1.24\"]'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'

 jobs:

@@ -29,39 +26,17 @@ jobs:
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@v4.0.0
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
          concurrent_skipping: false

-  set-k8s-matrix:
-    runs-on: ubuntu-20.04
-    outputs:
-      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
-    steps:
-      - id: set-k8s-matrix
-        run: |
-          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
-            echo "pushing tag: ${{ github.ref_name }}"
-            echo "::set-output name=matrix::${{ env.K3D_IMAGE_VERSIONS }}"
-          else
-            echo "::set-output name=matrix::${{ env.K3D_IMAGE_VERSION }}"
-          fi
-
-
  e2e-multi-cluster-tests:
    runs-on: aliyun
-    needs: [ detect-noop,set-k8s-matrix ]
+    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'
-    strategy:
-      matrix:
-        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
-      cancel-in-progress: true
-

    steps:
      - name: Check out code into the Go module directory
@@ -76,49 +51,37 @@ jobs:
        run: |
          go get -v -t -d ./...

-      - name: Tear down K3d if exist
-        run: |
-          k3d cluster delete || true
-          k3d cluster delete worker || true
-
-      - name: Calculate K3d args
-        run: |
-          EGRESS_ARG=""
-          if [[ "${{ matrix.k8s-version }}" == v1.24 ]]; then
-            EGRESS_ARG="--k3s-arg --egress-selector-mode=disabled@server:0"
-          fi
-          echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
-
-      - name: Setup K3d (Hub)
-        uses: nolar/setup-k3d-k3s@v1.0.8
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-args: ${{ env.EGRESS_ARG }}
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true

-      - name: Setup K3d (Worker)
-        uses: nolar/setup-k3d-k3s@v1.0.8
-        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-name: worker
-          k3d-args: --kubeconfig-update-default=false --network=k3d-k3s-default ${{ env.EGRESS_ARG }}
-
-      - name: Generating internal worker kubeconfig
+      - name: Setup Kind Cluster (Worker)
        run: |
-          internal_ip=$(docker network inspect k3d-k3s-default|jq ".[0].Containers"| jq -r '.[]| select(.Name=="k3d-worker-server-0")|.IPv4Address' | cut -d/ -f1)
-          k3d kubeconfig get worker > /tmp/worker.client.kubeconfig
-          cp /tmp/worker.client.kubeconfig /tmp/worker.kubeconfig
-          sed -i "s/0.0.0.0:[0-9]\+/$internal_ip:6443/"  /tmp/worker.kubeconfig
+          kind delete cluster --name worker
+          kind create cluster --image kindest/node:v1.20.7@sha256:688fba5ce6b825be62a7c7fe1415b35da2bdfbb5a69227c499ea4cc0008661ca --name worker
+          kubectl version
+          kubectl cluster-info
+          kind get kubeconfig --name worker --internal > /tmp/worker.kubeconfig
+          kind get kubeconfig --name worker > /tmp/worker.client.kubeconfig

-      - name: Load image to k3d cluster (hub and worker)
-        run: make image-load image-load-runtime-cluster
+      - name: Setup Kind Cluster (Hub)
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:v1.20.7@sha256:688fba5ce6b825be62a7c7fe1415b35da2bdfbb5a69227c499ea4cc0008661ca
+          kubectl version
+          kubectl cluster-info
+
+      - name: Load Image to kind cluster (Hub)
+        run: make kind-load

      - name: Cleanup for e2e tests
        run: |
-          make vela-cli
          make e2e-cleanup
-          make e2e-setup-core-auth
+          make vela-cli
+          make e2e-setup-core
+          make
          make setup-runtime-e2e-cluster

      - name: Run e2e multicluster tests
--- a/.github/workflows/e2e-rollout-test.yml
+++ b/.github/workflows/e2e-rollout-test.yml
@@ -5,8 +5,6 @@ on:
    branches:
      - master
      - release-*
-    tags:
-      - v*
  workflow_dispatch: {}
  pull_request:
    branches:
@@ -15,10 +13,9 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
-  K3D_IMAGE_VERSION: '[\"v1.20\",\"v1.24\"]'
-  K3D_IMAGE_VERSIONS: '[\"v1.20\",\"v1.24\"]'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'

 jobs:

@@ -29,38 +26,17 @@ jobs:
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@v4.0.0
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
          concurrent_skipping: false

-  set-k8s-matrix:
-    runs-on: ubuntu-20.04
-    outputs:
-      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
-    steps:
-      - id: set-k8s-matrix
-        run: |
-          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
-            echo "pushing tag: ${{ github.ref_name }}"
-            echo "::set-output name=matrix::${{ env.K3D_IMAGE_VERSIONS }}"
-          else
-            echo "::set-output name=matrix::${{ env.K3D_IMAGE_VERSION }}"
-          fi
-
  e2e-rollout-tests:
    runs-on: aliyun
-    needs: [ detect-noop,set-k8s-matrix ]
+    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'
-    strategy:
-      matrix:
-        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
-      cancel-in-progress: true
-

    steps:
      - name: Check out code into the Go module directory
@@ -75,35 +51,33 @@ jobs:
        run: |
          go get -v -t -d ./...

-      - name: Tear down K3d if exist
-        run: |
-          k3d cluster delete || true
-          k3d cluster delete worker || true
-
-      - name: Calculate K3d args
-        run: |
-          EGRESS_ARG=""
-          if [[ "${{ matrix.k8s-version }}" == v1.24 ]]; then
-            EGRESS_ARG="--k3s-arg --egress-selector-mode=disabled@server:0"
-          fi
-          echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
-
-      - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@v1.0.8
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-args: ${{ env.EGRESS_ARG }}
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true

-      - name: Load image to k3d cluster
-        run: make image-load image-load-runtime-cluster
+      - name: Setup Kind Cluster
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:v1.20.7@sha256:688fba5ce6b825be62a7c7fe1415b35da2bdfbb5a69227c499ea4cc0008661ca
+          kubectl version
+          kubectl cluster-info
+
+      - name: Load Image to kind cluster
+        run: make kind-load
+
+      - name: Run Make
+        run: make
+
+      - name: Run Make Manager
+        run: make manager

      - name: Prepare for e2e tests
        run: |
-          make vela-cli
          make e2e-cleanup
-          make e2e-setup-core
-          make setup-runtime-e2e-cluster
+          make e2e-setup
+          helm lint ./charts/vela-core
          helm test -n vela-system kubevela --timeout 5m

      - name: Run e2e tests
--- a/.github/workflows/e2e-test.yml
+++ b/.github/workflows/e2e-test.yml
@@ -5,8 +5,6 @@ on:
    branches:
      - master
      - release-*
-    tags:
-      - v*
  workflow_dispatch: {}
  pull_request:
    branches:
@@ -15,10 +13,9 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
-  K3D_IMAGE_VERSION: '[\"v1.20\",\"v1.24\"]'
-  K3D_IMAGE_VERSIONS: '[\"v1.20\",\"v1.24\"]'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'

 jobs:

@@ -29,38 +26,17 @@ jobs:
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@v4.0.0
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
          concurrent_skipping: false

-  set-k8s-matrix:
-    runs-on: ubuntu-20.04
-    outputs:
-      matrix: ${{ steps.set-k8s-matrix.outputs.matrix }}
-    steps:
-      - id: set-k8s-matrix
-        run: |
-          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
-            echo "pushing tag: ${{ github.ref_name }}"
-            echo "::set-output name=matrix::${{ env.K3D_IMAGE_VERSIONS }}"
-          else
-            echo "::set-output name=matrix::${{ env.K3D_IMAGE_VERSION }}"
-          fi
-
  e2e-tests:
    runs-on: aliyun
-    needs: [ detect-noop,set-k8s-matrix ]
+    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'
-    strategy:
-      matrix:
-        k8s-version: ${{ fromJson(needs.set-k8s-matrix.outputs.matrix) }}
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.k8s-version }}
-      cancel-in-progress: true
-

    steps:
      - name: Check out code into the Go module directory
@@ -75,36 +51,33 @@ jobs:
        run: |
          go get -v -t -d ./...

-      - name: Tear down K3d if exist
-        run: |
-          k3d cluster delete || true
-          k3d cluster delete worker || true
-
-      - name: Calculate K3d args
-        run: |
-          EGRESS_ARG=""
-          if [[ "${{ matrix.k8s-version }}" == v1.24 ]]; then
-            EGRESS_ARG="--k3s-arg --egress-selector-mode=disabled@server:0"
-          fi
-          echo "EGRESS_ARG=${EGRESS_ARG}" >> $GITHUB_ENV 
-
-      - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@v1.0.8
+      - name: Setup Kind
+        uses: engineerd/setup-kind@v0.5.0
        with:
-          version: ${{ matrix.k8s-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          k3d-args: ${{ env.EGRESS_ARG }}
+          version: ${{ env.KIND_VERSION }}
+          skipClusterCreation: true

-      - name: Load image to k3d cluster
-        run: make image-load
+      - name: Setup Kind Cluster
+        run: |
+          kind delete cluster
+          kind create cluster --image kindest/node:v1.20.7@sha256:688fba5ce6b825be62a7c7fe1415b35da2bdfbb5a69227c499ea4cc0008661ca
+          kubectl version
+          kubectl cluster-info
+
+      - name: Load Image to kind cluster
+        run: make kind-load

      - name: Run Make
        run: make

+      - name: Run Make Manager
+        run: make manager
+
      - name: Prepare for e2e tests
        run: |
          make e2e-cleanup
-          make e2e-setup-core
+          make e2e-setup
+          helm lint ./charts/vela-core
          helm test -n vela-system kubevela --timeout 5m

      - name: Run api e2e tests
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -13,8 +13,9 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'

 jobs:

@@ -25,7 +26,7 @@ jobs:
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@v4.0.0
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
@@ -56,7 +57,7 @@ jobs:
          restore-keys: ${{ runner.os }}-pkg-

      - name: Install StaticCheck
-        run: go install honnef.co/go/tools/cmd/staticcheck@2022.1
+        run: GO111MODULE=on go get honnef.co/go/tools/cmd/staticcheck@v0.3.0

      - name: Static Check
        run: staticcheck ./...
@@ -117,9 +118,6 @@ jobs:
        with:
          node-version: '14'

-      - name: Install StaticCheck
-        run: go install honnef.co/go/tools/cmd/staticcheck@2022.1
-
      - name: Cache Go Dependencies
        uses: actions/cache@v2
        with:
@@ -134,42 +132,7 @@ jobs:
        run: make cross-build

      - name: Check Diff
-        run: |
-          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.49.0
-          export PATH=$(pwd)/bin/:$PATH
-          make check-diff
+        run: make check-diff
              
      - name: Cleanup binary
        run: make build-cleanup
-
-  check-windows:
-    runs-on: windows-latest
-    needs: detect-noop
-    if: needs.detect-noop.outputs.noop != 'true'
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          submodules: true
-
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Cache Go Dependencies
-        uses: actions/cache@v2
-        with:
-          path: .work/pkg
-          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-
-
-      - name: Run Build CLI
-        run: make vela-cli
-
-      - name: Run CLI for version
-        shell: cmd
-        run: |
-          move .\bin\vela .\bin\vela.exe
-          .\bin\vela.exe version
--- a/.github/workflows/issue-commands.yml
+++ b/.github/workflows/issue-commands.yml
@@ -7,7 +7,7 @@ on:

 jobs:
  bot:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    steps:
      - name: Checkout Actions
        uses: actions/checkout@v2
@@ -15,13 +15,7 @@ jobs:
          repository: "oam-dev/kubevela-github-actions"
          path: ./actions
          ref: v0.4.2
-      - name: Setup Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: '14'
-          cache: 'npm'
-          cache-dependency-path: ./actions/package-lock.json
-      - name: Install Dependencies
+      - name: Install Actions
        run: npm ci --production --prefix ./actions
      - name: Run Commands
        uses: ./actions/commands
@@ -30,7 +24,7 @@ jobs:
          configPath: issue-commands

  backport:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-18.04
    if: github.event.issue.pull_request && contains(github.event.comment.body, '/backport')
    steps:
      - name: Extract Command
@@ -65,11 +59,11 @@ jobs:
            })
            console.log("Added '" + label + "' label.")
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Open Backport PR
-        uses: zeebe-io/backport-action@v0.0.8
+        uses: zeebe-io/backport-action@v0.0.6
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          github_workspace: ${{ github.workspace }}
--- a/.github/workflows/registry.yml
+++ b/.github/workflows/registry.yml
@@ -8,11 +8,14 @@ on:
  workflow_dispatch: {}

 env:
+  BUCKET: ${{ secrets.OSS_BUCKET }}
+  ENDPOINT: ${{ secrets.OSS_ENDPOINT }}
  ACCESS_KEY: ${{ secrets.OSS_ACCESS_KEY }}
  ACCESS_KEY_SECRET: ${{ secrets.OSS_ACCESS_KEY_SECRET }}
+  ARTIFACT_HUB_REPOSITORY_ID: ${{ secrets.ARTIFACT_HUB_REPOSITORY_ID }}

 jobs:
-  publish-core-images:
+  publish-images:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
@@ -44,16 +47,20 @@ jobs:
      - name: Login Alibaba Cloud ACR
        uses: docker/login-action@v1
        with:
-          registry: ${{ secrets.ACR_DOMAIN }}
-          username: ${{ secrets.ACR_USERNAME }}
+          registry: kubevela-registry.cn-hangzhou.cr.aliyuncs.com
+          username: ${{ secrets.ACR_USERNAME }}@aliyun-inner.com
          password: ${{ secrets.ACR_PASSWORD }}
      - uses: docker/setup-qemu-action@v1
      - uses: docker/setup-buildx-action@v1
        with:
          driver-opts: image=moby/buildkit:master

+      - name: Build & Pushing vela-core for ACR
+        run: |
+          docker build --build-arg GOPROXY=https://proxy.golang.org --build-arg VERSION=${{ steps.get_version.outputs.VERSION }} --build-arg GITVERSION=git-${{ steps.vars.outputs.git_revision }}  -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }} .
+          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
      - uses: docker/build-push-action@v2
-        name: Build & Pushing vela-core for Dockerhub, GHCR and ACR
+        name: Build & Pushing vela-core for Dockerhub and GHCR
        with:
          context: .
          file: Dockerfile
@@ -68,70 +75,14 @@ jobs:
            GOPROXY=https://proxy.golang.org
          tags: |-
            docker.io/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
-            ghcr.io/${{ github.repository_owner }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
-            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-core:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository }}/vela-core:${{ steps.get_version.outputs.VERSION }}

-      - uses: docker/build-push-action@v2
-        name: Build & Pushing CLI for Dockerhub, GHCR and ACR
-        with:
-          context: .
-          file: Dockerfile.cli
-          labels: |-
-            org.opencontainers.image.source=https://github.com/${{ github.repository }}
-            org.opencontainers.image.revision=${{ github.sha }}
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          build-args: |
-            GITVERSION=git-${{ steps.vars.outputs.git_revision }}
-            VERSION=${{ steps.get_version.outputs.VERSION }}
-            GOPROXY=https://proxy.golang.org
-          tags: |-
-            docker.io/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
-            ghcr.io/${{ github.repository_owner }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
-            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-cli:${{ steps.get_version.outputs.VERSION }}
-
-  publish-addon-images:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@master
-      - name: Get the version
-        id: get_version
+      - name: Build & Pushing vela-apiserver for ACR
        run: |
-          VERSION=${GITHUB_REF#refs/tags/}
-          if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then
-            VERSION=latest
-          fi
-          echo ::set-output name=VERSION::${VERSION}
-      - name: Get git revision
-        id: vars
-        shell: bash
-        run: |
-          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
-      - name: Login ghcr.io
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Login docker.io
-        uses: docker/login-action@v1
-        with:
-          registry: docker.io
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: Login Alibaba Cloud ACR
-        uses: docker/login-action@v1
-        with:
-          registry: ${{ secrets.ACR_DOMAIN }}
-          username: ${{ secrets.ACR_USERNAME }}
-          password: ${{ secrets.ACR_PASSWORD }}
-      - uses: docker/setup-qemu-action@v1
-      - uses: docker/setup-buildx-action@v1
-        with:
-          driver-opts: image=moby/buildkit:master
-
+          docker build --build-arg GOPROXY=https://proxy.golang.org --build-arg VERSION=${{ steps.get_version.outputs.VERSION }} --build-arg GITVERSION=git-${{ steps.vars.outputs.git_revision }} -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }} -f Dockerfile.apiserver .
+          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
      - uses: docker/build-push-action@v2
-        name: Build & Pushing vela-apiserver for Dockerhub, GHCR and ACR
+        name: Build & Pushing vela-apiserver for Dockerhub and GHCR
        with:
          context: .
          file: Dockerfile.apiserver
@@ -146,11 +97,14 @@ jobs:
            GOPROXY=https://proxy.golang.org
          tags: |-
            docker.io/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
-            ghcr.io/${{ github.repository_owner }}/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
-            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-apiserver:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository }}/vela-apiserver:${{ steps.get_version.outputs.VERSION }}

+      - name: Build & Pushing vela runtime rollout for ACR
+        run: |
+          docker build --build-arg GOPROXY=https://proxy.golang.org --build-arg VERSION=${{ steps.get_version.outputs.VERSION }} --build-arg GITVERSION=git-${{ steps.vars.outputs.git_revision }}  -t kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }} .
+          docker push kubevela-registry.cn-hangzhou.cr.aliyuncs.com/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
      - uses: docker/build-push-action@v2
-        name: Build & Pushing runtime rollout Dockerhub, GHCR and ACR
+        name: Build & Pushing runtime rollout for Dockerhub and GHCR
        with:
          context: .
          file: runtime/rollout/Dockerfile
@@ -165,8 +119,96 @@ jobs:
            GOPROXY=https://proxy.golang.org
          tags: |-
            docker.io/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
-            ghcr.io/${{ github.repository_owner }}/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
-            ${{ secrets.ACR_DOMAIN }}/oamdev/vela-rollout:${{ steps.get_version.outputs.VERSION }}
+            ghcr.io/${{ github.repository }}/vela-rollout:${{ steps.get_version.outputs.VERSION }}
+
+  publish-charts:
+    env:
+      HELM_CHARTS_DIR: charts
+      HELM_CHART: charts/vela-core
+      MINIMAL_HELM_CHART: charts/vela-minimal
+      LEGACY_HELM_CHART: legacy/charts/vela-core-legacy
+      OAM_RUNTIME_HELM_CHART: charts/oam-runtime
+      VELA_ROLLOUT_HELM_CHART: runtime/rollout/charts
+      LOCAL_OSS_DIRECTORY: .oss/
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@master
+      - name: Get git revision
+        id: vars
+        shell: bash
+        run: |
+          echo "::set-output name=git_revision::$(git rev-parse --short HEAD)"
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.0
+      - name: Setup node
+        uses: actions/setup-node@v2
+        with:
+          node-version: '14'
+      - name: Generate helm doc
+        run: |
+          make helm-doc-gen
+      - name: Prepare legacy chart
+        run: |
+          rsync -r $LEGACY_HELM_CHART $HELM_CHARTS_DIR
+          rsync -r $HELM_CHART/* $LEGACY_HELM_CHART --exclude=Chart.yaml --exclude=crds
+      - name: Prepare vela chart
+        run: |
+          rsync -r $VELA_ROLLOUT_HELM_CHART $HELM_CHARTS_DIR
+      - uses: oprypin/find-latest-tag@v1
+        with:
+          repository: oam-dev/kubevela
+          releases-only: true
+        id: latest_tag
+      - name: Tag helm chart image
+        run: |
+          latest_repo_tag=${{ steps.latest_tag.outputs.tag }}
+          sub="."
+          major="$(cut -d"$sub" -f1 <<<"$latest_repo_tag")"
+          minor="$(cut -d"$sub" -f2 <<<"$latest_repo_tag")"
+          patch="0"
+          current_repo_tag="$major.$minor.$patch"
+          image_tag=${GITHUB_REF#refs/tags/}
+          chart_version=$latest_repo_tag
+          if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then
+            image_tag=latest
+            chart_version=${current_repo_tag}-nightly-build
+          fi
+          sed -i "s/latest/${image_tag}/g" $HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $MINIMAL_HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $LEGACY_HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $OAM_RUNTIME_HELM_CHART/values.yaml
+          sed -i "s/latest/${image_tag}/g" $VELA_ROLLOUT_HELM_CHART/values.yaml
+          chart_smever=${chart_version#"v"}
+          sed -i "s/0.1.0/$chart_smever/g" $HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $MINIMAL_HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $LEGACY_HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $OAM_RUNTIME_HELM_CHART/Chart.yaml
+          sed -i "s/0.1.0/$chart_smever/g" $VELA_ROLLOUT_HELM_CHART/Chart.yaml
+      - name: Install ossutil
+        run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
+      - name: Configure Alibaba Cloud OSSUTIL
+        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT} -c .ossutilconfig
+      - name: sync cloud to local
+        run: ./ossutil --config-file .ossutilconfig sync oss://$BUCKET/core $LOCAL_OSS_DIRECTORY
+      - name: add artifacthub stuff to the repo
+        run: |
+          rsync $HELM_CHART/README.md $LEGACY_HELM_CHART/README.md
+          rsync $HELM_CHART/README.md $OAM_RUNTIME_HELM_CHART/README.md
+          rsync $HELM_CHART/README.md $VELA_ROLLOUT_HELM_CHART/README.md
+          sed -i "s/ARTIFACT_HUB_REPOSITORY_ID/$ARTIFACT_HUB_REPOSITORY_ID/g" hack/artifacthub/artifacthub-repo.yml
+          rsync hack/artifacthub/artifacthub-repo.yml $LOCAL_OSS_DIRECTORY
+      - name: Package helm charts
+        run: |
+          helm package $HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $MINIMAL_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $LEGACY_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $OAM_RUNTIME_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm package $VELA_ROLLOUT_HELM_CHART --destination $LOCAL_OSS_DIRECTORY
+          helm repo index --url https://$BUCKET.$ENDPOINT/core $LOCAL_OSS_DIRECTORY
+      - name: sync local to cloud
+        run: ./ossutil --config-file .ossutilconfig sync $LOCAL_OSS_DIRECTORY oss://$BUCKET/core -f

  publish-capabilities:
    env:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,10 +8,6 @@ on:

 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  BUCKET: ${{ secrets.CLI_OSS_BUCKET }}
-  ENDPOINT: ${{ secrets.CLI_OSS_ENDPOINT }}
-  ACCESS_KEY: ${{ secrets.CLI_OSS_ACCESS_KEY }}
-  ACCESS_KEY_SECRET: ${{ secrets.CLI_OSS_ACCESS_KEY_SECRET }}

 jobs:
  build:
@@ -31,7 +27,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.19
+          go-version: 1.17
      - name: Get release
        id: get_release
        uses: bruceadams/get-release@v1.2.2
@@ -108,29 +104,6 @@ jobs:
          name: sha256sums
          path: ./_bin/sha256-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.txt
          retention-days: 1
-      - name: clear the asset
-        run: |
-          rm -rf ./_bin/vela/${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}
-          mv ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz ./_bin/vela/vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.tar.gz
-          mv ./_bin/vela/vela-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip ./_bin/vela/vela-${{ env.VELA_VERSION }}-${{ steps.get_matrix.outputs.OS }}-${{ steps.get_matrix.outputs.ARCH }}.zip
-      - name: Install ossutil
-        run: wget http://gosspublic.alicdn.com/ossutil/1.7.0/ossutil64 && chmod +x ossutil64 && mv ossutil64 ossutil
-      - name: Configure Alibaba Cloud OSSUTIL
-        run: ./ossutil --config-file .ossutilconfig config -i ${ACCESS_KEY} -k ${ACCESS_KEY_SECRET} -e ${ENDPOINT} -c .ossutilconfig
-      - name: sync local to cloud
-        run: ./ossutil --config-file .ossutilconfig sync ./_bin/vela oss://$BUCKET/binary/vela/${{ env.VELA_VERSION }}
-      
-      - name: sync the latest version file
-        if: ${{ !contains(env.VELA_VERSION,'alpha') && !contains(env.VELA_VERSION,'beta') }}
-        run: |
-          LATEST_VERSION=$(curl -fsSl https://static.kubevela.net/binary/vela/latest_version)
-          verlte() {
-            [  "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ]
-          }
-          verlte ${{ env.VELA_VERSION }} $LATEST_VERSION && echo "${{ env.VELA_VERSION }} <= $LATEST_VERSION, skip update" && exit 0
-          echo ${{ env.VELA_VERSION }} > ./latest_version
-          ./ossutil --config-file .ossutilconfig cp -u ./latest_version oss://$BUCKET/binary/vela/latest_version
-

  upload-plugin-homebrew:
    needs: build
@@ -150,15 +123,11 @@ jobs:
      - name: Display structure of downloaded files
        run: ls -R
        working-directory: cli-artifacts
-      - name: Get version
-        run: echo "VELA_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
      - shell: bash
        working-directory: cli-artifacts
        run: |
          for file in *
          do
-            sed -i "s/\/vela/-${{ env.VELA_VERSION }}/g" ${file}
-            sed -i "s/\/kubectl-vela/-${{ env.VELA_VERSION }}/g" ${file}
            cat ${file} >> sha256sums.txt
          done
      - name: Upload Checksums
--- a/.github/workflows/sync-api.yml
+++ b/.github/workflows/sync-api.yml
@@ -14,8 +14,8 @@ jobs:
      - name: Set up Go 1.17
        uses: actions/setup-go@v1
        env:
-          GO_VERSION: '1.19'
-          GOLANGCI_VERSION: 'v1.49'
+          GO_VERSION: '1.17'
+          GOLANGCI_VERSION: 'v1.38'
        with:
          go-version: ${{ env.GO_VERSION }}
        id: go
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -1,30 +0,0 @@
-name: "Trivy Scan"
-
-on:
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  images:
-    name: Image Scan
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Build Vela Core image from Dockerfile
-        run: |
-          docker build --build-arg GOPROXY=https://proxy.golang.org -t docker.io/oamdev/vela-core:${{ github.sha }} .
-
-      - name: Run Trivy vulnerability scanner for vela core
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: 'docker.io/oamdev/vela-core:${{ github.sha }}'
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
-        if: always()
-        with:
-          sarif_file: 'trivy-results.sarif'
--- a/.github/workflows/unit-test.yml
+++ b/.github/workflows/unit-test.yml
@@ -13,8 +13,9 @@ on:

 env:
  # Common versions
-  GO_VERSION: '1.19'
-  GOLANGCI_VERSION: 'v1.49'
+  GO_VERSION: '1.17'
+  GOLANGCI_VERSION: 'v1.38'
+  KIND_VERSION: 'v0.7.0'

 jobs:

@@ -25,7 +26,7 @@ jobs:
    steps:
      - name: Detect No-op Changes
        id: noop
-        uses: fkirc/skip-duplicate-actions@v4.0.0
+        uses: fkirc/skip-duplicate-actions@v3.3.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.mdx", "**.png", "**.jpg"]'
@@ -57,14 +58,13 @@ jobs:
          restore-keys: ${{ runner.os }}-pkg-

      - name: Install ginkgo
-        run: |
+        run:  |
          sudo apt-get install -y golang-ginkgo-dev

-      - name: Setup K3d
-        uses: nolar/setup-k3d-k3s@v1.0.8
+      - name: Setup Kind Cluster
+        uses: engineerd/setup-kind@v0.5.0
        with:
-          version: v1.20
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          version: ${{ env.KIND_VERSION }}

      - name: install Kubebuilder
        uses: RyanSiu1995/kubebuilder-action@v1.2
@@ -72,7 +72,7 @@ jobs:
          version: 3.1.0
          kubebuilderOnly: false
          kubernetesVersion: v1.21.2
-
+      
      - name: Run Make test
        run: make test

--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-# Binaries for programs and docgen
+# Binaries for programs and plugins
 *.exe
 *.exe~
 *.dll
@@ -7,7 +7,6 @@
 bin
 _bin
 e2e/vela
-vela

 # Test binary, build with `go test -c`
 *.test
@@ -33,7 +32,6 @@ vendor/

 # Vscode files
 .vscode
-.history

 pkg/test/vela
 config/crd/bases
@@ -51,5 +49,4 @@ tmp/
 git-page/

 # e2e rollout runtime image build
-runtime/rollout/e2e/tmp
-vela.json
+runtime/rollout/e2e/tmp
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -38,7 +38,7 @@ linters-settings:
    # report about shadowed variables
    check-shadowing: false

-  revive:
+  golint:
    # minimal confidence for issues, default is 0.8
    min-confidence: 0.8

@@ -116,20 +116,11 @@ linters:
    - goconst
    - goimports
    - gofmt  # We enable this as well as goimports for its simplify mode.
-    - revive
+    - golint
    - unconvert
    - misspell
    - nakedret
-    - exportloopref
-  disable:
-    - deadcode
-    - scopelint
-    - structcheck
-    - varcheck
-    - rowserrcheck
-    - sqlclosecheck
-    - errchkjson
-    - contextcheck
+
  presets:
    - bugs
    - unused
@@ -146,7 +137,7 @@ issues:
        - errcheck
        - dupl
        - gosec
-        - exportloopref
+        - scopelint
        - unparam

    # Ease some gocritic warnings on test files.
@@ -195,15 +186,7 @@ issues:

    - text: "don't use an underscore"
      linters:
-        - revive
-
-    - text: "package-comments: should have a package comment"
-      linters:
-        - revive
-
-    - text: "error-strings: error strings should not be capitalized or end with punctuation or a newline"
-      linters:
-        - revive
+        - golint

  # Independently from option `exclude` we use default exclude patterns,
  # it can be disabled by this option. To list all
--- a/CHANGELOG/CHANGELOG-1.0.md
+++ b/CHANGELOG/CHANGELOG-1.0.md
@@ -15,7 +15,7 @@ This is a minor fix for release-1.0, please refer to release-1.1.x for the lates
 # v1.0.5

 1. Fix Terraform application status issue (#1611)
-2. application supports specifying different versions of Definition (#1597)
+2. applicaiton supports specifying different versions of Definition (#1597)
 3. Enable Dynamic Admission Control for Application (#1619)
 4. Update inner samples for "vela show xxx --web" (#1616)
 5. fix empty rolloutBatch will panic whole controller bug (#1646)
@@ -30,7 +30,7 @@ This is a minor fix for release-1.0, please refer to release-1.1.x for the lates
 **Please update Application CRD to upgrade from v1.0.3 to this release**

 ```
-kubectl apply -f https://raw.githubusercontent.com/kubevela/kubevela/master/charts/vela-core/crds/core.oam.dev_applications.yaml
+kubectl apply -f https://raw.githubusercontent.com/oam-dev/kubevela/master/charts/vela-core/crds/core.oam.dev_applications.yaml
 ```

 **Check the upgrade docs to upgrade from other release: https://kubevela.io/docs/advanced-install#upgrade**
--- a/CHANGELOG/CHANGELOG-1.2.md
+++ b/CHANGELOG/CHANGELOG-1.2.md
@@ -31,7 +31,7 @@
 ## What's Changed

 * Fix: can't query data from the MongoDB by @barnettZQG in https://github.com/oam-dev/kubevela/pull/3095
-* Fix: use personal token of vela-bot instead of github token for homebrew update by @wonderflow in https://github.com/oam-dev/kubevela/pull/3096
+* Fix: use personel token of vela-bot instead of github token for homebrew update by @wonderflow in https://github.com/oam-dev/kubevela/pull/3096
 * Fix: acr image no version by @wangyikewxgm in https://github.com/oam-dev/kubevela/pull/3100
 * Fix: support generate cloud resource docs in Chinese by @zzxwill in https://github.com/oam-dev/kubevela/pull/3079
 * Fix: clear old data in mongodb unit test case by @barnettZQG in https://github.com/oam-dev/kubevela/pull/3103
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,3 +1,66 @@
 # CONTRIBUTING Guide

-Please refer to https://kubevela.io/docs/contributor/overview for details.
+## About KubeVela
+
+KubeVela project is initialized and maintained by the cloud native community since day 0 with [bootstrapping contributors from 8+ different organizations](https://github.com/oam-dev/kubevela/graphs/contributors).
+We intend for KubeVela to have an open governance since the very beginning and donate the project to neutral foundation as soon as it's released.
+To help us create a safe and positive community experience for all, we require all participants to adhere to the [Code of Conduct](./CODE_OF_CONDUCT.md).
+
+This document is a guide to help you through the process of contributing to KubeVela.
+
+## Become a contributor
+
+You can contribute to KubeVela in several ways. Here are some examples:
+
+* Contribute to the KubeVela codebase.
+* Contribute to the [KubeVela docs](https://github.com/oam-dev/kubevela.io).
+* Report and triage bugs.
+* Develop community CRD operators as workload or trait and contribute to [catalog](https://github.com/oam-dev/catalog).
+* Write technical documentation and blog posts, for users and contributors.
+* Organize meetups and user groups in your local area.
+* Help others by answering questions about KubeVela.
+
+For more ways to contribute, check out the [Open Source Guides](https://opensource.guide/how-to-contribute/).
+
+
+### Report bugs
+
+Before submitting a new issue, try to make sure someone hasn't already reported the problem.
+Look through the [existing issues](https://github.com/oam-dev/kubevela/issues) for similar issues.
+
+Report a bug by submitting a [bug report](https://github.com/oam-dev/kubevela/issues/new?assignees=&labels=kind%2Fbug&template=bug_report.md&title=).
+Make sure that you provide as much information as possible on how to reproduce the bug.
+
+Follow the issue template and add additional information that will help us replicate the problem.
+
+#### Security issues
+
+If you believe you've found a security vulnerability, please read our [security policy](https://github.com/oam-dev/kubevela/blob/master/SECURITY.md) for more details.
+
+### Suggest enhancements
+
+If you have an idea to improve KubeVela, submit an [feature request](https://github.com/oam-dev/kubevela/issues/new?assignees=&labels=kind%2Ffeature&template=feature_request.md&title=%5BFeature%5D).
+
+### Triage issues
+
+If you don't have the knowledge or time to code, consider helping with _issue triage_. The community will thank you for saving them time by spending some of yours.
+
+Read more about the ways you can [Triage issues](/contribute/triage-issues.md).
+
+### Answering questions
+
+If you have a question and you can't find the answer in the [documentation](https://kubevela.io/docs/),
+the next step is to ask it on the [github discussion](https://github.com/oam-dev/kubevela/discussions).
+
+It's important to us to help these users, and we'd love your help. You can help other KubeVela users by answering [their questions](https://github.com/oam-dev/kubevela/discussions).
+
+### Your first contribution
+
+Unsure where to begin contributing to KubeVela? Start by browsing issues labeled `good first issue` or `help wanted`.
+
+- [Good first issue](https://github.com/oam-dev/kubevela/labels/good%20first%20issue) issues are generally straightforward to complete.
+- [Help wanted](https://github.com/oam-dev/kubevela/labels/help%20wanted) issues are problems we would like the community to help us with regardless of complexity.
+
+If you're looking to make a code change, see how to set up your environment for [local development](contribute/developer-guide.md).
+
+When you're ready to contribute, it's time to [Create a pull request](/contribute/create-pull-request.md).
--- a/4
+++ b/4
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder

 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -36,7 +36,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
 FROM ${BASE_IMAGE:-alpine:3.15}
-# This is required by daemon connecting with cri
+# This is required by daemon connnecting with cri
 RUN apk add --no-cache ca-certificates bash expat

 WORKDIR /
--- a/Dockerfile.apiserver
+++ b/Dockerfile.apiserver
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
 WORKDIR /workspace
@@ -34,7 +34,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`

 FROM ${BASE_IMAGE:-alpine:3.15}
-# This is required by daemon connecting with cri
+# This is required by daemon connnecting with cri
 RUN apk add --no-cache ca-certificates bash expat

 WORKDIR /
--- a/Dockerfile.cli
+++ b/Dockerfile.cli
@@ -1,43 +0,0 @@
-ARG BASE_IMAGE
-# Build the cli binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine as builder
-ARG GOPROXY
-ENV GOPROXY=${GOPROXY:-https://goproxy.cn}
-WORKDIR /workspace
-# Copy the Go Modules manifests
-COPY go.mod go.mod
-COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
-
-# Copy the go source
-COPY apis/ apis/
-COPY pkg/ pkg/
-COPY version/ version/
-COPY references/ references/
-
-# Build
-ARG TARGETARCH
-ARG VERSION
-ARG GITVERSION
-
-RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH:-amd64} \
-    go build -a -ldflags "-s -w -X github.com/oam-dev/kubevela/version.VelaVersion=${VERSION:-undefined} -X github.com/oam-dev/kubevela/version.GitRevision=${GITVERSION:-undefined}" \
-    -o vela-${TARGETARCH} ./references/cmd/cli/main.go
-
-
-# Use alpine as base image due to the discussion in issue #1448
-# You can replace distroless as minimal base image to package the manager binary
-# Refer to https://github.com/GoogleContainerTools/distroless for more details
-# Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`
-
-FROM ${BASE_IMAGE:-alpine:3.15}
-# This is required by daemon connecting with cri
-RUN apk add --no-cache ca-certificates bash expat
-
-WORKDIR /
-
-ARG TARGETARCH
-COPY --from=builder /workspace/vela-${TARGETARCH} /bin/vela
-ENTRYPOINT ["/bin/vela"]
--- a/Dockerfile.e2e
+++ b/Dockerfile.e2e
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-alpine as builder
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.17-alpine as builder

 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -39,7 +39,7 @@ RUN GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
 # Overwrite `BASE_IMAGE` by passing `--build-arg=BASE_IMAGE=gcr.io/distroless/static:nonroot`

 FROM ${BASE_IMAGE:-alpine:3.15}
-# This is required by daemon connecting with cri
+# This is required by daemon connnecting with cri
 RUN apk add --no-cache ca-certificates bash expat

 WORKDIR /
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -1,16 +0,0 @@
-# Governance
-
-[Project maintainers](https://github.com/kubevela/community/blob/main/OWNERS.md#maintainers) are responsible for activities around maintaining and updating KubeVela.
-Final decisions on the project reside with the project maintainers.
-
-Maintainers **MUST** remain active. If they are unresponsive for >6 months,
-they will be automatically removed unless a [super-majority](https://en.wikipedia.org/wiki/Supermajority#Two-thirds_vote) of the other project maintainers agrees to extend the period to be greater than 6 months.
-
-New maintainers can be added to the project by a [super-majority](https://en.wikipedia.org/wiki/Supermajority#Two-thirds_vote) vote of the existing maintainers.
-A potential maintainer may be nominated by an existing maintainer.
-A vote is conducted in private between the current maintainers over the course of a one week voting period.
-At the end of the week, votes are counted and a pull request is made on the repo adding the new maintainer to the [CODEOWNERS](https://github.com/kubevela/kubevela/blob/master/.github/CODEOWNERS) file.
-
-A maintainer may step down by submitting an [issue](https://github.com/kubevela/kubevela/issues/new/choose) stating their intent.
-
-Changes to this governance document require a pull request with approval from a [super-majority](https://en.wikipedia.org/wiki/Supermajority#Two-thirds_vote) of the current maintainers.
--- a/ISSUE_TRIAGE.md
+++ b/ISSUE_TRIAGE.md
@@ -71,7 +71,7 @@ To get started with issue triage and finding issues that haven't been triaged yo
 ### Browse unlabeled issues

 The easiest and straight forward way of getting started and finding issues that haven't been triaged is to browse
-[unlabeled issues](https://github.com/kubevela/kubevela/issues?q=is%3Aopen+is%3Aissue+no%3Alabel) and starting from
+[unlabeled issues](https://github.com/oam-dev/kubevela/issues?q=is%3Aopen+is%3Aissue+no%3Alabel) and starting from
 the bottom and working yourself to the top.

 ### Subscribe to all notifications
@@ -95,7 +95,7 @@ to guide contributors to provide standard information that must be included for

 ### Standard issue information that must be included

-Given a certain [issue template]([template](https://github.com/kubevela/kubevela/issues/new/choose)) have been used
+Given a certain [issue template]([template](https://github.com/oam-dev/kubevela/issues/new/choose)) have been used
 by the issue author or depending how the issue is perceived by the issue triage responsible, the following should
 help you understand what standard issue information that must be included.

@@ -219,7 +219,7 @@ There's a minor typo/error/lack of information that adds a lot of confusion for

 ### Support requests and questions

-1. Kindly and politely direct the issue author to the [github discussion](https://github.com/kubevela/kubevela/discussions)
+1. Kindly and politely direct the issue author to the [github discussion](https://github.com/oam-dev/kubevela/discussions)
   and explain that issue is mainly used for tracking bugs and feature requests.
   If possible, it's usually a good idea to add some pointers to the issue author's question.
 2. Close the issue and label it with `type/question`.
--- a/28
+++ b/28
@@ -9,20 +9,20 @@ include makefiles/e2e.mk
 all: build

 # Run tests
-test: unit-test-core test-cli-gen
+test: vet lint staticcheck unit-test-core test-cli-gen
 	@$(OK) unit-tests pass

 test-cli-gen: 
 	mkdir -p ./bin/doc
-	go run ./hack/docgen/cli/gen.go ./bin/doc
+	go run ./hack/docgen/gen.go ./bin/doc
 unit-test-core:
-	go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... ./apis/... | grep -v apiserver | grep -v applicationconfiguration)
+	go test -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/... ./apis/... | grep -v apiserver)
 	go test $(shell go list ./references/... | grep -v apiserver)
 unit-test-apiserver:
 	go test -gcflags=all=-l -coverprofile=coverage.txt $(shell go list ./pkg/... ./cmd/...  | grep -E 'apiserver|velaql')

 # Build vela cli binary
-build: vela-cli kubectl-vela
+build: fmt vet lint staticcheck vela-cli kubectl-vela
 	@$(OK) build succeed

 build-cleanup:
@@ -82,28 +82,28 @@ endif



-# load docker image to the k3d cluster
-image-load:
+# load docker image to the kind cluster
+kind-load: kind-load-runtime-cluster
 	docker build -t $(VELA_CORE_TEST_IMAGE) -f Dockerfile.e2e .
-	k3d image import $(VELA_CORE_TEST_IMAGE) || { echo >&2 "kind not installed or error loading image: $(VELA_CORE_TEST_IMAGE)"; exit 1; }
+	kind load docker-image $(VELA_CORE_TEST_IMAGE) || { echo >&2 "kind not installed or error loading image: $(VELA_CORE_TEST_IMAGE)"; exit 1; }

-image-load-runtime-cluster:
+kind-load-runtime-cluster:
 	/bin/sh hack/e2e/build_runtime_rollout.sh
 	docker build -t $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) -f runtime/rollout/e2e/Dockerfile.e2e runtime/rollout/e2e/
 	rm -rf runtime/rollout/e2e/tmp
-	k3d image import $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)  || { echo >&2 "kind not installed or error loading image: $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)"; exit 1; }
-	k3d cluster get $(RUNTIME_CLUSTER_NAME) && k3d image import $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) --cluster=$(RUNTIME_CLUSTER_NAME) || echo "no worker cluster"
+	kind load docker-image $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)  || { echo >&2 "kind not installed or error loading image: $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)"; exit 1; }
+	kind load docker-image $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE) --name=$(RUNTIME_CLUSTER_NAME)  || { echo >&2 "kind not installed or error loading image: $(VELA_RUNTIME_ROLLOUT_TEST_IMAGE)"; exit 1; }

 # Run tests
-core-test:
+core-test: fmt vet manifests
 	go test ./pkg/... -coverprofile cover.out

 # Build vela core manager and apiserver binary
-manager:
+manager: fmt vet lint manifests
 	$(GOBUILD_ENV) go build -o bin/manager -a -ldflags $(LDFLAGS) ./cmd/core/main.go
 	$(GOBUILD_ENV) go build -o bin/apiserver -a -ldflags $(LDFLAGS) ./cmd/apiserver/main.go

-vela-runtime-rollout-manager:
+vela-runtime-rollout-manager: fmt vet lint manifests
 	$(GOBUILD_ENV) go build -o ./runtime/rollout/bin/manager -a -ldflags $(LDFLAGS) ./runtime/rollout/cmd/main.go

 # Generate manifests e.g. CRD, RBAC etc.
@@ -112,7 +112,7 @@ manifests: installcue kustomize
 	# TODO(yangsoon): kustomize will merge all CRD into a whole file, it may not work if we want patch more than one CRD in this way
 	$(KUSTOMIZE) build config/crd -o config/crd/base/core.oam.dev_applications.yaml
 	./hack/crd/cleanup.sh
-	go run ./hack/crd/dispatch/dispatch.go config/crd/base charts/vela-core/crds runtime/ charts/vela-minimal/crds
+	go run ./hack/crd/dispatch/dispatch.go config/crd/base charts/vela-core/crds charts/oam-runtime/crds runtime/ charts/vela-minimal/crds
 	rm -f config/crd/base/*
 	./vela-templates/gen_definitions.sh

--- a/12
+++ b/12
@@ -0,0 +1,12 @@
+approvers:
+- kubevela-controller
+- kubevela-devex
+- kubevela-dashboard-approver
+
+reviewers:
+- kubevela-controller
+- oam-spec
+- kubevela-dashboard-reviewer
+
+members:
+- community-collaborators
--- a/61
+++ b/61
@@ -1 +1,60 @@
-The owner file has been migrated to the community repo, please refer to https://github.com/kubevela/community/blob/main/OWNERS.md
+Reviewers:
+- Ghostbaby
+- StevenLeiZhang
+- chwetion
+- yue9944882
+- zxbyoyoyo
+- reetasingh
+- wangwang
+- evanli18
+- devholic
+- fourierr
+- JooKS-me
+
+Approvers:
+- Somefive (Multi-Cluster)
+- chivalryq (Vela CLI)
+- sunny0826 (kubevela.io)
+- hanxie-crypto (VelaUX)
+- FogDong (Workflow)
+- wangyikewxgm (Addon)
+- yangsoon (VelaQL）
+
+Maintainers:
+- wonderflow
+- hongchaodeng
+- captainroy-hy
+- resouer
+- barnettZQG
+- leejanee
+- zzxwill
+- BinaryHB0916
+- dhiguero
+
+Emeritus Members:
+- ryanzhang-oss
+- Fei-Guo
+- szihai
+- xiaoyuaiheshui
+- wenxinnnnn
+- silenceper
+- erdun
+- mosesyou
+- artursouza
+- woshilanren11
+
+bootstrap-contributors:     # thank you for bootstrapping KubeVela at the very early stage!
+- xiaoyuaiheshui
+- Ghostbaby
+- wenxinnnnn
+- silenceper
+- erdun
+- sunny0826
+- mosesyou
+- artursouza
+- wonderflow
+- hongchaodeng
+- ryanzhang-oss
+- woshilanren11
+- hanxie-crypto
+- zzxwill
--- a/README.md
+++ b/README.md
@@ -1,18 +1,18 @@
 <div style="text-align: center">
  <p align="center">
-    <img src="https://raw.githubusercontent.com/kubevela/kubevela.io/main/docs/resources/KubeVela-03.png">
+    <img src="https://raw.githubusercontent.com/oam-dev/kubevela.io/main/docs/resources/KubeVela-03.png">
    <br><br>
    <i>Make shipping applications more enjoyable.</i>
  </p>
 </div>

-![Build status](https://github.com/kubevela/kubevela/workflows/E2E/badge.svg)
-[![Go Report Card](https://goreportcard.com/badge/github.com/kubevela/kubevela)](https://goreportcard.com/report/github.com/kubevela/kubevela)
+![Build status](https://github.com/oam-dev/kubevela/workflows/E2E/badge.svg)
+[![Go Report Card](https://goreportcard.com/badge/github.com/oam-dev/kubevela)](https://goreportcard.com/report/github.com/oam-dev/kubevela)
 ![Docker Pulls](https://img.shields.io/docker/pulls/oamdev/vela-core)
-[![codecov](https://codecov.io/gh/kubevela/kubevela/branch/master/graph/badge.svg)](https://codecov.io/gh/kubevela/kubevela)
-[![LICENSE](https://img.shields.io/github/license/kubevela/kubevela.svg?style=flat-square)](/LICENSE)
-[![Releases](https://img.shields.io/github/release/kubevela/kubevela/all.svg?style=flat-square)](https://github.com/kubevela/kubevela/releases)
-[![TODOs](https://img.shields.io/endpoint?url=https://api.tickgit.com/badge?repo=github.com/kubevela/kubevela)](https://www.tickgit.com/browse?repo=github.com/kubevela/kubevela)
+[![codecov](https://codecov.io/gh/oam-dev/kubevela/branch/master/graph/badge.svg)](https://codecov.io/gh/oam-dev/kubevela)
+[![LICENSE](https://img.shields.io/github/license/oam-dev/kubevela.svg?style=flat-square)](/LICENSE)
+[![Releases](https://img.shields.io/github/release/oam-dev/kubevela/all.svg?style=flat-square)](https://github.com/oam-dev/kubevela/releases)
+[![TODOs](https://img.shields.io/endpoint?url=https://api.tickgit.com/badge?repo=github.com/oam-dev/kubevela)](https://www.tickgit.com/browse?repo=github.com/oam-dev/kubevela)
 [![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Ftwitter.com%2Foam_dev)](https://twitter.com/oam_dev)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubevela)](https://artifacthub.io/packages/search?repo=kubevela)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4602/badge)](https://bestpractices.coreinfrastructure.org/projects/4602)
@@ -21,76 +21,53 @@

 KubeVela is a modern application delivery platform that makes deploying and operating applications across today's hybrid, multi-cloud environments easier, faster and more reliable.

-![kubevela](docs/resources/what-is-kubevela.png)
+![](docs/resources/what-is-kubevela.png)

 ## Highlights

 KubeVela practices the "render, orchestrate, deploy" workflow with below highlighted values added to existing ecosystem:

-* Deployment as Code
+- *Application Centric* - KubeVela introduces [Open Application Model (OAM)](https://oam.dev/) as the consistent yet higher level API to capture and render a full deployment of microservices on top of hybrid environments. Placement strategy, traffic shifting and rolling update are declared at application level. No infrastructure level concern, simply deploy.

-Declare your deployment plan as workflow, run it automatically with any CI/CD or GitOps system, extend or re-program the workflow steps with CUE. No add-hoc scripts, no dirty glue code, just deploy. The deployment workflow in KubeVela is powered by [Open Application Model](https://oam.dev/).
+- *Programmable Workflow* - KubeVela models application delivery as DAG (Directed Acyclic Graph) and expresses it with [CUE](https://cuelang.org/) - a modern data configuration language. This allows you to design application deployment steps per needs and orchestrate them in programmable approach. No restrictions, natively extensible.

-* Built-in security and compliance building blocks
-
-Choose from the wide range of LDAP integrations we provided out-of-box, enjoy multi-cluster authorization that is fully automated, pick and apply fine-grained RBAC modules and customize them per your own supply chain requirements.
-
-* Multi-cloud/hybrid-environments app delivery as first-class citizen
-
-Progressive rollout across test/staging/production environments, automatic canary, blue-green and continuous verification, rich placement strategy across clusters and clouds, fully managed cloud environments provision.
+- *Infrastructure Agnostic* - KubeVela works as an application delivery control plane that is fully decoupled from runtime infrastructure. It can deploy any workload types including containers, cloud services, databases, or even VM instances to any cloud or Kubernetes cluster, following the workflow designed by you.

 ## Getting Started

-* [Introduction](https://kubevela.io/docs)
-* [Installation](https://kubevela.io/docs/install)
-* [Deploy Your Application](https://kubevela.io/docs/quick-start)
+- [Introduction](https://kubevela.io/docs)
+- [Installation](https://kubevela.io/docs/install)
+- [Design Your First Deployment Plan](https://kubevela.io/docs/quick-start)

 ## Documentation

 Full documentation is available on the [KubeVela website](https://kubevela.io/).

-## Blog
-
-Official blog is available on [KubeVela blog](https://kubevela.io/blog).
-
 ## Community

-We want your contributions and suggestions!
-One of the easiest ways to contribute is to participate in discussions on the Github Issues/Discussion, chat on IM or the bi-weekly community calls.
-For more information on the community engagement, developer and contributing guidelines and more, head over to the [KubeVela community repo](https://github.com/kubevela/community).
-
-### Contact Us
-
-Reach out with any questions you may have and we'll make sure to answer them as soon as possible!
-
- Slack:  [CNCF Slack kubevela channel](https://cloud-native.slack.com/archives/C01BLQ3HTJA) (*English*)
+- Slack:  [CNCF Slack](https://slack.cncf.io/) #kubevela channel (*English*)
+- Gitter: [oam-dev](https://gitter.im/oam-dev/community) (*English*)
 - [DingTalk Group](https://page.dingtalk.com/wow/dingtalk/act/en-home): `23310022` (*Chinese*)
 - Wechat Group (*Chinese*): Broker wechat to add you into the user group.
 
  <img src="https://static.kubevela.net/images/barnett-wechat.jpg" width="200" />
-
-### Community Call
-
-Every two weeks we host a community call to showcase new features, review upcoming milestones, and engage in a Q&A. All are welcome!
-
- Bi-weekly Community Call:
-  - [Meeting Notes](https://docs.google.com/document/d/1nqdFEyULekyksFHtFvgvFAYE-0AMHKoS3RMnaKsarjs).
-  - [Video Records](https://www.youtube.com/channel/UCSCTHhGI5XJ0SEhDHVakPAA/videos).
- Bi-weekly Chinese Community Call:
-  - [Video Records](https://space.bilibili.com/180074935/channel/seriesdetail?sid=1842207).
+- Bi-weekly Community Call: [Meeting Notes](https://docs.google.com/document/d/1nqdFEyULekyksFHtFvgvFAYE-0AMHKoS3RMnaKsarjs).
+- Bi-weekly Chinese Community Call: [Video Records](https://space.bilibili.com/180074935/channel/seriesdetail?sid=1842207).

 ## Talks and Conferences

-Check out [KubeVela videos](https://kubevela.io/videos/talks/en/oam-dapr) for these talks and conferences.
+| Engagement | Link        |
+|:-----------|:------------|
+| 🎤  Talks | - [KubeVela - The Modern App Delivery System in Alibaba](https://docs.google.com/presentation/d/1CWCLcsKpDQB3bBDTfdv2BZ8ilGGJv2E8L-iOA5HMrV0/edit?usp=sharing) |
+| 🌎 KubeCon | - [ [NA 2020] Standardizing Cloud Native Application Delivery Across Different Clouds](https://www.youtube.com/watch?v=0yhVuBIbHcI) <br> - [ [EU 2021] Zero Pain Microservice Development and Deployment with Dapr and KubeVela](https://sched.co/iE4S) |
+| 📺 Conferences | - [Dapr, Rudr, OAM: Mark Russinovich presents next gen app development & deployment](https://www.youtube.com/watch?v=eJCu6a-x9uo) <br> - [Mark Russinovich presents "The Future of Cloud Native Applications with OAM and Dapr"](https://myignite.techcommunity.microsoft.com/sessions/82059)|

 ## Contributing
-
-Check out [CONTRIBUTING](https://kubevela.io/docs/contributor/overview) to see how to develop with KubeVela.
+Check out [CONTRIBUTING](./CONTRIBUTING.md) to see how to develop with KubeVela.

 ## Report Vulnerability

 Security is a first priority thing for us at KubeVela. If you come across a related issue, please send email to security@mail.kubevela.io .

 ## Code of Conduct
-
 KubeVela adopts [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
--- a/apis/core.oam.dev/common/types.go
+++ b/apis/core.oam.dev/common/types.go
@@ -20,14 +20,12 @@ import (
 	"encoding/json"
 	"errors"

-	types "github.com/oam-dev/terraform-controller/api/types/crossplane-runtime"
+	"github.com/oam-dev/terraform-controller/api/v1beta2"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
-
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
 	"github.com/oam-dev/kubevela/apis/standard.oam.dev/v1alpha1"
 	"github.com/oam-dev/kubevela/pkg/oam"
@@ -121,22 +119,7 @@ type Terraform struct {
 	// Path is the sub-directory of remote git repository. It's valid when remote is set
 	Path string `json:"path,omitempty"`

-	// WriteConnectionSecretToReference specifies the namespace and name of a
-	// Secret to which any connection details for this managed resource should
-	// be written. Connection details frequently include the endpoint, username,
-	// and password required to connect to the managed resource.
-	// +optional
-	WriteConnectionSecretToReference *types.SecretReference `json:"writeConnectionSecretToRef,omitempty"`
-
-	// ProviderReference specifies the reference to Provider
-	ProviderReference *types.Reference `json:"providerRef,omitempty"`
-
-	// DeleteResource will determine whether provisioned cloud resources will be deleted when CR is deleted
-	// +kubebuilder:default:=true
-	DeleteResource bool `json:"deleteResource,omitempty"`
-
-	// Region is cloud provider's region. It will override the region in the region field of ProviderReference
-	Region string `json:"customRegion,omitempty"`
+	v1beta2.BaseConfigurationSpec `json:",inline"`
 }

 // A WorkloadTypeDescriptor refer to a Workload Type
@@ -189,6 +172,8 @@ type Status struct {
 type ApplicationPhase string

 const (
+	// ApplicationRollingOut means the app is in the middle of rolling out
+	ApplicationRollingOut ApplicationPhase = "rollingOut"
 	// ApplicationStarting means the app is preparing for reconcile
 	ApplicationStarting ApplicationPhase = "starting"
 	// ApplicationRendering means the app is rendering
@@ -201,8 +186,8 @@ const (
 	ApplicationWorkflowSuspending ApplicationPhase = "workflowSuspending"
 	// ApplicationWorkflowTerminated means the app's workflow is terminated
 	ApplicationWorkflowTerminated ApplicationPhase = "workflowTerminated"
-	// ApplicationWorkflowFailed means the app's workflow is failed
-	ApplicationWorkflowFailed ApplicationPhase = "workflowFailed"
+	// ApplicationWorkflowFinished means the app's workflow is finished
+	ApplicationWorkflowFinished ApplicationPhase = "workflowFinished"
 	// ApplicationRunning means the app finished rendering and applied result to the cluster
 	ApplicationRunning ApplicationPhase = "running"
 	// ApplicationUnhealthy means the app finished rendering and applied result to the cluster, but still unhealthy
@@ -216,19 +201,19 @@ type WorkflowState string

 const (
 	// WorkflowStateInitializing means the workflow is in initial state
-	WorkflowStateInitializing WorkflowState = "Initializing"
+	WorkflowStateInitializing WorkflowState = "initializing"
 	// WorkflowStateTerminated means workflow is terminated manually, and it won't be started unless the spec changed.
-	WorkflowStateTerminated WorkflowState = "Terminated"
+	WorkflowStateTerminated WorkflowState = "terminated"
 	// WorkflowStateSuspended means workflow is suspended manually, and it can be resumed.
-	WorkflowStateSuspended WorkflowState = "Suspended"
+	WorkflowStateSuspended WorkflowState = "suspended"
 	// WorkflowStateSucceeded means workflow is running successfully, all steps finished.
 	WorkflowStateSucceeded WorkflowState = "Succeeded"
 	// WorkflowStateFinished means workflow is end.
-	WorkflowStateFinished WorkflowState = "Finished"
+	WorkflowStateFinished WorkflowState = "finished"
 	// WorkflowStateExecuting means workflow is still running or waiting some steps.
-	WorkflowStateExecuting WorkflowState = "Executing"
+	WorkflowStateExecuting WorkflowState = "executing"
 	// WorkflowStateSkipping means it will skip this reconcile and let next reconcile to handle it.
-	WorkflowStateSkipping WorkflowState = "Skipping"
+	WorkflowStateSkipping WorkflowState = "skipping"
 )

 // ApplicationComponentStatus record the health status of App component
@@ -245,12 +230,6 @@ type ApplicationComponentStatus struct {
 	Scopes             []corev1.ObjectReference `json:"scopes,omitempty"`
 }

-// Equal check if two ApplicationComponentStatus are equal
-func (in ApplicationComponentStatus) Equal(r ApplicationComponentStatus) bool {
-	return in.Name == r.Name && in.Namespace == r.Namespace &&
-		in.Cluster == r.Cluster && in.Env == r.Env
-}
-
 // ApplicationTraitStatus records the trait health status
 type ApplicationTraitStatus struct {
 	Type    string `json:"type"`
@@ -274,6 +253,35 @@ type RawComponent struct {
 	Raw runtime.RawExtension `json:"raw"`
 }

+// WorkflowStepStatus record the status of a workflow step
+type WorkflowStepStatus struct {
+	ID    string            `json:"id"`
+	Name  string            `json:"name,omitempty"`
+	Type  string            `json:"type,omitempty"`
+	Phase WorkflowStepPhase `json:"phase,omitempty"`
+	// A human readable message indicating details about why the workflowStep is in this state.
+	Message string `json:"message,omitempty"`
+	// A brief CamelCase message indicating details about why the workflowStep is in this state.
+	Reason   string          `json:"reason,omitempty"`
+	SubSteps *SubStepsStatus `json:"subSteps,omitempty"`
+	// FirstExecuteTime is the first time this step execution.
+	FirstExecuteTime metav1.Time `json:"firstExecuteTime,omitempty"`
+	// LastExecuteTime is the last time this step execution.
+	LastExecuteTime metav1.Time `json:"lastExecuteTime,omitempty"`
+}
+
+// WorkflowSubStepStatus record the status of a workflow step
+type WorkflowSubStepStatus struct {
+	ID    string            `json:"id"`
+	Name  string            `json:"name,omitempty"`
+	Type  string            `json:"type,omitempty"`
+	Phase WorkflowStepPhase `json:"phase,omitempty"`
+	// A human readable message indicating details about why the workflowStep is in this state.
+	Message string `json:"message,omitempty"`
+	// A brief CamelCase message indicating details about why the workflowStep is in this state.
+	Reason string `json:"reason,omitempty"`
+}
+
 // AppStatus defines the observed state of Application
 type AppStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
@@ -303,12 +311,10 @@ type AppStatus struct {
 	AppliedResources []ClusterObjectReference `json:"appliedResources,omitempty"`

 	// PolicyStatus records the status of policy
-	// Deprecated This field is only used by EnvBinding Policy which is deprecated.
 	PolicyStatus []PolicyStatus `json:"policy,omitempty"`
 }

 // PolicyStatus records the status of policy
-// Deprecated
 type PolicyStatus struct {
 	Name string `json:"name"`
 	Type string `json:"type"`
@@ -316,26 +322,60 @@ type PolicyStatus struct {
 	Status *runtime.RawExtension `json:"status,omitempty"`
 }

+// WorkflowStep defines how to execute a workflow step.
+type WorkflowStep struct {
+	// Name is the unique name of the workflow step.
+	Name string `json:"name"`
+
+	Type string `json:"type"`
+
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Properties *runtime.RawExtension `json:"properties,omitempty"`
+
+	DependsOn []string `json:"dependsOn,omitempty"`
+
+	Inputs StepInputs `json:"inputs,omitempty"`
+
+	Outputs StepOutputs `json:"outputs,omitempty"`
+}
+
 // WorkflowStatus record the status of workflow
 type WorkflowStatus struct {
-	AppRevision string                            `json:"appRevision,omitempty"`
-	Mode        string                            `json:"mode"`
-	Phase       workflowv1alpha1.WorkflowRunPhase `json:"status,omitempty"`
-	Message     string                            `json:"message,omitempty"`
-
-	Suspend      bool   `json:"suspend"`
-	SuspendState string `json:"suspendState,omitempty"`
+	AppRevision string       `json:"appRevision,omitempty"`
+	Mode        WorkflowMode `json:"mode"`
+	Message     string       `json:"message,omitempty"`

+	Suspend    bool `json:"suspend"`
 	Terminated bool `json:"terminated"`
 	Finished   bool `json:"finished"`

-	ContextBackend *corev1.ObjectReference               `json:"contextBackend,omitempty"`
-	Steps          []workflowv1alpha1.WorkflowStepStatus `json:"steps,omitempty"`
+	ContextBackend *corev1.ObjectReference `json:"contextBackend,omitempty"`
+	Steps          []WorkflowStepStatus    `json:"steps,omitempty"`

 	StartTime metav1.Time `json:"startTime,omitempty"`
-	EndTime   metav1.Time `json:"endTime,omitempty"`
 }

+// SubStepsStatus record the status of workflow steps.
+type SubStepsStatus struct {
+	StepIndex int                     `json:"stepIndex,omitempty"`
+	Mode      WorkflowMode            `json:"mode,omitempty"`
+	Steps     []WorkflowSubStepStatus `json:"steps,omitempty"`
+}
+
+// WorkflowStepPhase describes the phase of a workflow step.
+type WorkflowStepPhase string
+
+const (
+	// WorkflowStepPhaseSucceeded will make the controller run the next step.
+	WorkflowStepPhaseSucceeded WorkflowStepPhase = "succeeded"
+	// WorkflowStepPhaseFailed will report error in `message`.
+	WorkflowStepPhaseFailed WorkflowStepPhase = "failed"
+	// WorkflowStepPhaseStopped will make the controller stop the workflow.
+	WorkflowStepPhaseStopped WorkflowStepPhase = "stopped"
+	// WorkflowStepPhaseRunning will make the controller continue the workflow.
+	WorkflowStepPhaseRunning WorkflowStepPhase = "running"
+)
+
 // DefinitionType describes the type of DefinitionRevision.
 // +kubebuilder:validation:Enum=Component;Trait;Policy;WorkflowStep
 type DefinitionType string
@@ -354,6 +394,16 @@ const (
 	WorkflowStepType DefinitionType = "WorkflowStep"
 )

+// WorkflowMode describes the mode of workflow
+type WorkflowMode string
+
+const (
+	// WorkflowModeDAG describes the DAG mode of workflow
+	WorkflowModeDAG WorkflowMode = "DAG"
+	// WorkflowModeStep describes the step by step mode of workflow
+	WorkflowModeStep WorkflowMode = "StepByStep"
+)
+
 // AppRolloutStatus defines the observed state of AppRollout
 type AppRolloutStatus struct {
 	v1alpha1.RolloutStatus `json:",inline"`
@@ -383,9 +433,9 @@ type ApplicationComponent struct {
 	// +kubebuilder:pruning:PreserveUnknownFields
 	Properties *runtime.RawExtension `json:"properties,omitempty"`

-	DependsOn []string                     `json:"dependsOn,omitempty"`
-	Inputs    workflowv1alpha1.StepInputs  `json:"inputs,omitempty"`
-	Outputs   workflowv1alpha1.StepOutputs `json:"outputs,omitempty"`
+	DependsOn []string    `json:"dependsOn,omitempty"`
+	Inputs    StepInputs  `json:"inputs,omitempty"`
+	Outputs   StepOutputs `json:"outputs,omitempty"`

 	// Traits define the trait of one component, the type must be array to keep the order.
 	Traits []ApplicationTrait `json:"traits,omitempty"`
@@ -394,10 +444,22 @@ type ApplicationComponent struct {
 	// scopes in ApplicationComponent defines the component-level scopes
 	// the format is <scope-type:scope-instance-name> pairs, the key represents type of `ScopeDefinition` while the value represent the name of scope instance.
 	Scopes map[string]string `json:"scopes,omitempty"`
+}

-	// ReplicaKey is not empty means the component is replicated. This field is designed so that it can't be specified in application directly.
-	// So we set the json tag as "-". Instead, this will be filled when using replication policy.
-	ReplicaKey string `json:"-"`
+// StepOutputs defines output variable of WorkflowStep
+type StepOutputs []outputItem
+
+// StepInputs defines variable input of WorkflowStep
+type StepInputs []inputItem
+
+type inputItem struct {
+	ParameterKey string `json:"parameterKey"`
+	From         string `json:"from"`
+}
+
+type outputItem struct {
+	ValueFrom string `json:"valueFrom"`
+	Name      string `json:"name"`
 }

 // ClusterSelector defines the rules to select a Cluster resource.
@@ -426,13 +488,14 @@ type ClusterPlacement struct {
 	Distribution Distribution `json:"distribution,omitempty"`
 }

+// ResourceCreatorRole defines the resource creator.
+type ResourceCreatorRole string
+
 const (
 	// PolicyResourceCreator create the policy resource.
-	PolicyResourceCreator string = "policy"
+	PolicyResourceCreator ResourceCreatorRole = "policy"
 	// WorkflowResourceCreator create the resource in workflow.
-	WorkflowResourceCreator string = "workflow"
-	// DebugResourceCreator create the debug resource.
-	DebugResourceCreator string = "debug"
+	WorkflowResourceCreator ResourceCreatorRole = "workflow"
 )

 // OAMObjectReference defines the object reference for an oam resource
@@ -479,8 +542,8 @@ func NewOAMObjectReferenceFromObject(obj client.Object) OAMObjectReference {

 // ClusterObjectReference defines the object reference with cluster.
 type ClusterObjectReference struct {
-	Cluster                string `json:"cluster,omitempty"`
-	Creator                string `json:"creator,omitempty"`
+	Cluster                string              `json:"cluster,omitempty"`
+	Creator                ResourceCreatorRole `json:"creator,omitempty"`
 	corev1.ObjectReference `json:",inline"`
 }

--- a/apis/core.oam.dev/common/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/common/zz_generated.deepcopy.go
@@ -22,8 +22,6 @@ limitations under the License.
 package common

 import (
-	"github.com/kubevela/workflow/api/v1alpha1"
-	crossplane_runtime "github.com/oam-dev/terraform-controller/api/types/crossplane-runtime"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 )
@@ -109,12 +107,12 @@ func (in *ApplicationComponent) DeepCopyInto(out *ApplicationComponent) {
 	}
 	if in.Inputs != nil {
 		in, out := &in.Inputs, &out.Inputs
-		*out = make(v1alpha1.StepInputs, len(*in))
+		*out = make(StepInputs, len(*in))
 		copy(*out, *in)
 	}
 	if in.Outputs != nil {
 		in, out := &in.Outputs, &out.Outputs
-		*out = make(v1alpha1.StepOutputs, len(*in))
+		*out = make(StepOutputs, len(*in))
 		copy(*out, *in)
 	}
 	if in.Traits != nil {
@@ -574,19 +572,68 @@ func (in *Status) DeepCopy() *Status {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in StepInputs) DeepCopyInto(out *StepInputs) {
+	{
+		in := &in
+		*out = make(StepInputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepInputs.
+func (in StepInputs) DeepCopy() StepInputs {
+	if in == nil {
+		return nil
+	}
+	out := new(StepInputs)
+	in.DeepCopyInto(out)
+	return *out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in StepOutputs) DeepCopyInto(out *StepOutputs) {
+	{
+		in := &in
+		*out = make(StepOutputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepOutputs.
+func (in StepOutputs) DeepCopy() StepOutputs {
+	if in == nil {
+		return nil
+	}
+	out := new(StepOutputs)
+	in.DeepCopyInto(out)
+	return *out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SubStepsStatus) DeepCopyInto(out *SubStepsStatus) {
+	*out = *in
+	if in.Steps != nil {
+		in, out := &in.Steps, &out.Steps
+		*out = make([]WorkflowSubStepStatus, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubStepsStatus.
+func (in *SubStepsStatus) DeepCopy() *SubStepsStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(SubStepsStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Terraform) DeepCopyInto(out *Terraform) {
 	*out = *in
-	if in.WriteConnectionSecretToReference != nil {
-		in, out := &in.WriteConnectionSecretToReference, &out.WriteConnectionSecretToReference
-		*out = new(crossplane_runtime.SecretReference)
-		**out = **in
-	}
-	if in.ProviderReference != nil {
-		in, out := &in.ProviderReference, &out.ProviderReference
-		*out = new(crossplane_runtime.Reference)
-		**out = **in
-	}
+	in.BaseConfigurationSpec.DeepCopyInto(&out.BaseConfigurationSpec)
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Terraform.
@@ -609,13 +656,12 @@ func (in *WorkflowStatus) DeepCopyInto(out *WorkflowStatus) {
 	}
 	if in.Steps != nil {
 		in, out := &in.Steps, &out.Steps
-		*out = make([]v1alpha1.WorkflowStepStatus, len(*in))
+		*out = make([]WorkflowStepStatus, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	in.StartTime.DeepCopyInto(&out.StartTime)
-	in.EndTime.DeepCopyInto(&out.EndTime)
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStatus.
@@ -628,6 +674,78 @@ func (in *WorkflowStatus) DeepCopy() *WorkflowStatus {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
+	*out = *in
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Inputs != nil {
+		in, out := &in.Inputs, &out.Inputs
+		*out = make(StepInputs, len(*in))
+		copy(*out, *in)
+	}
+	if in.Outputs != nil {
+		in, out := &in.Outputs, &out.Outputs
+		*out = make(StepOutputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStep.
+func (in *WorkflowStep) DeepCopy() *WorkflowStep {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowStep)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowStepStatus) DeepCopyInto(out *WorkflowStepStatus) {
+	*out = *in
+	if in.SubSteps != nil {
+		in, out := &in.SubSteps, &out.SubSteps
+		*out = new(SubStepsStatus)
+		(*in).DeepCopyInto(*out)
+	}
+	in.FirstExecuteTime.DeepCopyInto(&out.FirstExecuteTime)
+	in.LastExecuteTime.DeepCopyInto(&out.LastExecuteTime)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStepStatus.
+func (in *WorkflowStepStatus) DeepCopy() *WorkflowStepStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowStepStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowSubStepStatus) DeepCopyInto(out *WorkflowSubStepStatus) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowSubStepStatus.
+func (in *WorkflowSubStepStatus) DeepCopy() *WorkflowSubStepStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowSubStepStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkloadGVK) DeepCopyInto(out *WorkloadGVK) {
 	*out = *in
--- a/apis/core.oam.dev/condition/condition.go
+++ b/apis/core.oam.dev/condition/condition.go
@@ -31,7 +31,7 @@ import (
 )

 // A ConditionType represents a condition a resource could be in.
-// nolint
+// nolint:golint
 type ConditionType string

 // Condition types.
@@ -45,7 +45,7 @@ const (
 )

 // A ConditionReason represents the reason a resource is in a condition.
-// nolint
+// nolint:golint
 type ConditionReason string

 // Reasons a resource is or is not ready.
--- a/apis/core.oam.dev/v1alpha1/applyonce_types.go
+++ b/apis/core.oam.dev/v1alpha1/applyonce_types.go
@@ -16,58 +16,12 @@ limitations under the License.

 package v1alpha1

-import (
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-)
-
 const (
 	// ApplyOncePolicyType refers to the type of configuration drift policy
 	ApplyOncePolicyType = "apply-once"
-	// ApplyOnceStrategyOnAppUpdate policy takes effect on application updating
-	ApplyOnceStrategyOnAppUpdate ApplyOnceAffectStrategy = "onUpdate"
-	// ApplyOnceStrategyOnAppStateKeep policy takes effect on application state keep
-	ApplyOnceStrategyOnAppStateKeep ApplyOnceAffectStrategy = "onStateKeep"
-	// ApplyOnceStrategyAlways policy takes effect always
-	ApplyOnceStrategyAlways ApplyOnceAffectStrategy = "always"
 )

-// ApplyOnceAffectStrategy is a string that mark the policy effective stage
-type ApplyOnceAffectStrategy string
-
 // ApplyOncePolicySpec defines the spec of preventing configuration drift
 type ApplyOncePolicySpec struct {
 	Enable bool `json:"enable"`
-	// +optional
-	Rules []ApplyOncePolicyRule `json:"rules,omitempty"`
-}
-
-// ApplyOncePolicyRule defines a single apply-once policy rule
-type ApplyOncePolicyRule struct {
-	// +optional
-	Selector ResourcePolicyRuleSelector `json:"selector,omitempty"`
-	// +optional
-	Strategy *ApplyOnceStrategy `json:"strategy,omitempty"`
-}
-
-// ApplyOnceStrategy the strategy for resource path to allow configuration drift
-type ApplyOnceStrategy struct {
-	// Path the specified path that allow configuration drift
-	// like 'spec.template.spec.containers[0].resources' and '*' means the whole target allow configuration drift
-	Path []string `json:"path"`
-	// ApplyOnceAffectStrategy Decide when the strategy will take effect
-	// like affect:onUpdate/onStateKeep/always
-	ApplyOnceAffectStrategy ApplyOnceAffectStrategy `json:"affect"`
-}
-
-// FindStrategy find apply-once strategy for target resource
-func (in ApplyOncePolicySpec) FindStrategy(manifest *unstructured.Unstructured) *ApplyOnceStrategy {
-	if !in.Enable {
-		return nil
-	}
-	for _, rule := range in.Rules {
-		if rule.Selector.Match(manifest) {
-			return rule.Strategy
-		}
-	}
-	return nil
 }
--- a/apis/core.oam.dev/v1alpha1/component_types.go
+++ b/apis/core.oam.dev/v1alpha1/component_types.go
@@ -25,8 +25,6 @@ const (
 type RefObjectsComponentSpec struct {
 	// Objects the referrers to the Kubernetes objects
 	Objects []ObjectReferrer `json:"objects,omitempty"`
-	// URLs are the links that stores the referred objects
-	URLs []string `json:"urls,omitempty"`
 }

 // ObjectReferrer selects Kubernetes objects
--- a/apis/core.oam.dev/v1alpha1/envbinding_types.go
+++ b/apis/core.oam.dev/v1alpha1/envbinding_types.go
@@ -97,7 +97,6 @@ type EnvSelector struct {
 }

 // EnvConfig is the configuration for different environments.
-// Deprecated
 type EnvConfig struct {
 	Name      string       `json:"name"`
 	Placement EnvPlacement `json:"placement,omitempty"`
@@ -106,7 +105,6 @@ type EnvConfig struct {
 }

 // EnvBindingSpec defines a list of envs
-// Deprecated This spec is deprecated and replaced by Topology/Override Policy
 type EnvBindingSpec struct {
 	Envs []EnvConfig `json:"envs"`
 }
@@ -119,28 +117,22 @@ type PlacementDecision struct {

 // String encode placement decision
 func (in PlacementDecision) String() string {
-	if in.Namespace == "" {
-		return in.Cluster
-	}
 	return in.Cluster + "/" + in.Namespace
 }

 // EnvStatus records the status of one env
-// Deprecated
 type EnvStatus struct {
 	Env        string              `json:"env"`
 	Placements []PlacementDecision `json:"placements"`
 }

 // ClusterConnection records the connection with clusters and the last active app revision when they are active (still be used)
-// Deprecated
 type ClusterConnection struct {
 	ClusterName        string `json:"clusterName"`
 	LastActiveRevision string `json:"lastActiveRevision"`
 }

 // EnvBindingStatus records the status of all env
-// Deprecated
 type EnvBindingStatus struct {
 	Envs               []EnvStatus         `json:"envs"`
 	ClusterConnections []ClusterConnection `json:"clusterConnections"`
--- a/apis/core.oam.dev/v1alpha1/external_types.go
+++ b/apis/core.oam.dev/v1alpha1/external_types.go
@@ -19,6 +19,8 @@ package v1alpha1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )

 // +kubebuilder:object:root=true
@@ -47,3 +49,27 @@ type PolicyList struct {
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []Policy `json:"items"`
 }
+
+// +kubebuilder:object:root=true
+
+// Workflow is the Schema for the policy API
+// +kubebuilder:storageversion
+// +kubebuilder:resource:categories={oam}
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type Workflow struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Steps []common.WorkflowStep `json:"steps,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// WorkflowList contains a list of Workflow
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type WorkflowList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Workflow `json:"items"`
+}
--- a/apis/core.oam.dev/v1alpha1/garbagecollect_types.go
+++ b/apis/core.oam.dev/v1alpha1/garbagecollect_types.go
@@ -18,8 +18,6 @@ package v1alpha1

 import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/utils/pointer"
-	"k8s.io/utils/strings/slices"

 	"github.com/oam-dev/kubevela/pkg/oam"
 )
@@ -35,79 +33,24 @@ type GarbageCollectPolicySpec struct {
 	// outdated resources will be kept until resourcetracker be deleted manually
 	KeepLegacyResource bool `json:"keepLegacyResource,omitempty"`

-	// Order defines the order of garbage collect
-	Order GarbageCollectOrder `json:"order,omitempty"`
-
 	// Rules defines list of rules to control gc strategy at resource level
 	// if one resource is controlled by multiple rules, first rule will be used
 	Rules []GarbageCollectPolicyRule `json:"rules,omitempty"`
 }

-// GarbageCollectOrder is the order of garbage collect
-type GarbageCollectOrder string
-
-const (
-	// OrderDependency is the order of dependency
-	OrderDependency GarbageCollectOrder = "dependency"
-)
-
 // GarbageCollectPolicyRule defines a single garbage-collect policy rule
 type GarbageCollectPolicyRule struct {
-	Selector ResourcePolicyRuleSelector `json:"selector"`
-	Strategy GarbageCollectStrategy     `json:"strategy"`
+	Selector GarbageCollectPolicyRuleSelector `json:"selector"`
+	Strategy GarbageCollectStrategy           `json:"strategy"`
 }

-// ResourcePolicyRuleSelector select the targets of the rule
-// if multiple conditions are specified, combination logic is AND
-type ResourcePolicyRuleSelector struct {
-	CompNames        []string `json:"componentNames,omitempty"`
-	CompTypes        []string `json:"componentTypes,omitempty"`
-	OAMResourceTypes []string `json:"oamTypes,omitempty"`
-	TraitTypes       []string `json:"traitTypes,omitempty"`
-	ResourceTypes    []string `json:"resourceTypes,omitempty"`
-	ResourceNames    []string `json:"resourceNames,omitempty"`
-}
-
-// Match check if current rule selector match the target resource
-// If at least one condition is matched and no other condition failed (could be empty), return true
-// Otherwise, return false
-func (in *ResourcePolicyRuleSelector) Match(manifest *unstructured.Unstructured) bool {
-	var compName, compType, oamType, traitType, resourceType, resourceName string
-	if labels := manifest.GetLabels(); labels != nil {
-		compName = labels[oam.LabelAppComponent]
-		compType = labels[oam.WorkloadTypeLabel]
-		oamType = labels[oam.LabelOAMResourceType]
-		traitType = labels[oam.TraitTypeLabel]
-	}
-	resourceType = manifest.GetKind()
-	resourceName = manifest.GetName()
-	match := func(src []string, val string) (found *bool) {
-		if len(src) == 0 {
-			return nil
-		}
-		return pointer.Bool(val != "" && slices.Contains(src, val))
-	}
-	conditions := []*bool{
-		match(in.CompNames, compName),
-		match(in.CompTypes, compType),
-		match(in.OAMResourceTypes, oamType),
-		match(in.TraitTypes, traitType),
-		match(in.ResourceTypes, resourceType),
-		match(in.ResourceNames, resourceName),
-	}
-	hasMatched := false
-	for _, cond := range conditions {
-		// if any non-empty condition failed, return false
-		if cond != nil && !*cond {
-			return false
-		}
-		// if condition succeed, record it
-		if cond != nil && *cond {
-			hasMatched = true
-		}
-	}
-	// if at least one condition is met, return true
-	return hasMatched
+// GarbageCollectPolicyRuleSelector select the targets of the rule
+// if both traitTypes and componentTypes are specified, combination logic is OR
+// if one resource is specified with conflict strategies, strategy as component go first.
+type GarbageCollectPolicyRuleSelector struct {
+	CompNames  []string `json:"componentNames"`
+	CompTypes  []string `json:"componentTypes"`
+	TraitTypes []string `json:"traitTypes"`
 }

 // GarbageCollectStrategy the strategy for target resource to recycle
@@ -126,7 +69,21 @@ const (
 // FindStrategy find gc strategy for target resource
 func (in GarbageCollectPolicySpec) FindStrategy(manifest *unstructured.Unstructured) *GarbageCollectStrategy {
 	for _, rule := range in.Rules {
-		if rule.Selector.Match(manifest) {
+		var compName, compType, traitType string
+		if labels := manifest.GetLabels(); labels != nil {
+			compName = labels[oam.LabelAppComponent]
+			compType = labels[oam.WorkloadTypeLabel]
+			traitType = labels[oam.TraitTypeLabel]
+		}
+		match := func(src []string, val string) (found bool) {
+			for _, _val := range src {
+				found = found || _val == val
+			}
+			return val != "" && found
+		}
+		if match(rule.Selector.CompNames, compName) ||
+			match(rule.Selector.CompTypes, compType) ||
+			match(rule.Selector.TraitTypes, traitType) {
 			return &rule.Strategy
 		}
 	}
--- a/apis/core.oam.dev/v1alpha1/garbagecollect_types_test.go
+++ b/apis/core.oam.dev/v1alpha1/garbagecollect_types_test.go
@@ -34,7 +34,7 @@ func TestGarbageCollectPolicySpec_FindStrategy(t *testing.T) {
 	}{
 		"trait type rule match": {
 			rules: []GarbageCollectPolicyRule{{
-				Selector: ResourcePolicyRuleSelector{TraitTypes: []string{"a"}},
+				Selector: GarbageCollectPolicyRuleSelector{TraitTypes: []string{"a"}},
 				Strategy: GarbageCollectStrategyNever,
 			}},
 			input: &unstructured.Unstructured{Object: map[string]interface{}{
@@ -46,7 +46,7 @@ func TestGarbageCollectPolicySpec_FindStrategy(t *testing.T) {
 		},
 		"trait type rule mismatch": {
 			rules: []GarbageCollectPolicyRule{{
-				Selector: ResourcePolicyRuleSelector{TraitTypes: []string{"a"}},
+				Selector: GarbageCollectPolicyRuleSelector{TraitTypes: []string{"a"}},
 				Strategy: GarbageCollectStrategyNever,
 			}},
 			input:    &unstructured.Unstructured{Object: map[string]interface{}{}},
@@ -54,10 +54,10 @@ func TestGarbageCollectPolicySpec_FindStrategy(t *testing.T) {
 		},
 		"trait type rule multiple match": {
 			rules: []GarbageCollectPolicyRule{{
-				Selector: ResourcePolicyRuleSelector{TraitTypes: []string{"a"}},
+				Selector: GarbageCollectPolicyRuleSelector{TraitTypes: []string{"a"}},
 				Strategy: GarbageCollectStrategyOnAppDelete,
 			}, {
-				Selector: ResourcePolicyRuleSelector{TraitTypes: []string{"a"}},
+				Selector: GarbageCollectPolicyRuleSelector{TraitTypes: []string{"a"}},
 				Strategy: GarbageCollectStrategyNever,
 			}},
 			input: &unstructured.Unstructured{Object: map[string]interface{}{
@@ -69,7 +69,7 @@ func TestGarbageCollectPolicySpec_FindStrategy(t *testing.T) {
 		},
 		"component type rule match": {
 			rules: []GarbageCollectPolicyRule{{
-				Selector: ResourcePolicyRuleSelector{CompTypes: []string{"comp"}},
+				Selector: GarbageCollectPolicyRuleSelector{CompTypes: []string{"comp"}},
 				Strategy: GarbageCollectStrategyNever,
 			}},
 			input: &unstructured.Unstructured{Object: map[string]interface{}{
@@ -82,11 +82,11 @@ func TestGarbageCollectPolicySpec_FindStrategy(t *testing.T) {
 		"rule match both component type and trait type, component type first": {
 			rules: []GarbageCollectPolicyRule{
 				{
-					Selector: ResourcePolicyRuleSelector{CompTypes: []string{"comp"}},
+					Selector: GarbageCollectPolicyRuleSelector{CompTypes: []string{"comp"}},
 					Strategy: GarbageCollectStrategyNever,
 				},
 				{
-					Selector: ResourcePolicyRuleSelector{TraitTypes: []string{"trait"}},
+					Selector: GarbageCollectPolicyRuleSelector{TraitTypes: []string{"trait"}},
 					Strategy: GarbageCollectStrategyOnAppDelete,
 				},
 			},
@@ -99,7 +99,7 @@ func TestGarbageCollectPolicySpec_FindStrategy(t *testing.T) {
 		},
 		"component name rule match": {
 			rules: []GarbageCollectPolicyRule{{
-				Selector: ResourcePolicyRuleSelector{CompNames: []string{"comp-name"}},
+				Selector: GarbageCollectPolicyRuleSelector{CompNames: []string{"comp-name"}},
 				Strategy: GarbageCollectStrategyNever,
 			}},
 			input: &unstructured.Unstructured{Object: map[string]interface{}{
@@ -109,18 +109,6 @@ func TestGarbageCollectPolicySpec_FindStrategy(t *testing.T) {
 			}},
 			expectStrategy: GarbageCollectStrategyNever,
 		},
-		"resource type rule match": {
-			rules: []GarbageCollectPolicyRule{{
-				Selector: ResourcePolicyRuleSelector{OAMResourceTypes: []string{"TRAIT"}},
-				Strategy: GarbageCollectStrategyNever,
-			}},
-			input: &unstructured.Unstructured{Object: map[string]interface{}{
-				"metadata": map[string]interface{}{
-					"labels": map[string]interface{}{oam.LabelOAMResourceType: "TRAIT"},
-				},
-			}},
-			expectStrategy: GarbageCollectStrategyNever,
-		},
 	}
 	for name, tc := range testCases {
 		t.Run(name, func(t *testing.T) {
--- a/apis/core.oam.dev/v1alpha1/policy_types.go
+++ b/apis/core.oam.dev/v1alpha1/policy_types.go
@@ -16,19 +16,11 @@ limitations under the License.

 package v1alpha1

-import "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
 const (
 	// TopologyPolicyType refers to the type of topology policy
 	TopologyPolicyType = "topology"
 	// OverridePolicyType refers to the type of override policy
 	OverridePolicyType = "override"
-	// DebugPolicyType refers to the type of debug policy
-	DebugPolicyType = "debug"
-	// SharedResourcePolicyType refers to the type of shared resource policy
-	SharedResourcePolicyType = "shared-resource"
-	// ReplicationPolicyType refers to the type of replication policy
-	ReplicationPolicyType = "replication"
 )

 // TopologyPolicySpec defines the spec of topology policy
@@ -49,10 +41,6 @@ type Placement struct {
 	// Exclusive to "clusters"
 	ClusterLabelSelector map[string]string `json:"clusterLabelSelector,omitempty"`

-	// AllowEmpty ignore empty cluster error when no cluster returned for label
-	// selector
-	AllowEmpty bool `json:"allowEmpty,omitempty"`
-
 	// DeprecatedClusterSelector is a depreciated alias for ClusterLabelSelector.
 	// Deprecated: Use clusterLabelSelector instead.
 	DeprecatedClusterSelector map[string]string `json:"clusterSelector,omitempty"`
@@ -63,31 +51,3 @@ type OverridePolicySpec struct {
 	Components []EnvComponentPatch `json:"components,omitempty"`
 	Selector   []string            `json:"selector,omitempty"`
 }
-
-// SharedResourcePolicySpec defines the spec of shared-resource policy
-type SharedResourcePolicySpec struct {
-	Rules []SharedResourcePolicyRule `json:"rules"`
-}
-
-// SharedResourcePolicyRule defines the rule for sharing resources
-type SharedResourcePolicyRule struct {
-	Selector ResourcePolicyRuleSelector `json:"selector"`
-}
-
-// FindStrategy return if the target resource should be shared
-func (in SharedResourcePolicySpec) FindStrategy(manifest *unstructured.Unstructured) bool {
-	for _, rule := range in.Rules {
-		if rule.Selector.Match(manifest) {
-			return true
-		}
-	}
-	return false
-}
-
-// ReplicationPolicySpec defines the spec of replication policy
-// Override policy should be used together with replication policy to select the deployment target components
-type ReplicationPolicySpec struct {
-	Keys []string `json:"keys,omitempty"`
-	// Selector is the subset of selected components which will be replicated.
-	Selector []string `json:"selector,omitempty"`
-}
--- a/apis/core.oam.dev/v1alpha1/policy_types_test.go
+++ b/apis/core.oam.dev/v1alpha1/policy_types_test.go
@@ -1,69 +0,0 @@
-/*
-Copyright 2022 The KubeVela Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-)
-
-func TestSharedResourcePolicySpec_FindStrategy(t *testing.T) {
-	testCases := map[string]struct {
-		rules   []SharedResourcePolicyRule
-		input   *unstructured.Unstructured
-		matched bool
-	}{
-		"shared resource rule resourceName match": {
-			rules: []SharedResourcePolicyRule{{
-				Selector: ResourcePolicyRuleSelector{ResourceNames: []string{"example"}},
-			}},
-			input: &unstructured.Unstructured{Object: map[string]interface{}{
-				"metadata": map[string]interface{}{
-					"name": "example",
-				},
-			}},
-			matched: true,
-		},
-		"shared resource rule resourceType match": {
-			rules: []SharedResourcePolicyRule{{
-				Selector: ResourcePolicyRuleSelector{ResourceTypes: []string{"ConfigMap", "Namespace"}},
-			}},
-			input: &unstructured.Unstructured{Object: map[string]interface{}{
-				"kind": "Namespace",
-			}},
-			matched: true,
-		},
-		"shared resource rule mismatch": {
-			rules: []SharedResourcePolicyRule{{
-				Selector: ResourcePolicyRuleSelector{ResourceNames: []string{"mismatch"}},
-			}},
-			input: &unstructured.Unstructured{Object: map[string]interface{}{
-				"kind": "Namespace",
-			}},
-			matched: false,
-		},
-	}
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			r := require.New(t)
-			spec := SharedResourcePolicySpec{Rules: tc.rules}
-			r.Equal(tc.matched, spec.FindStrategy(tc.input))
-		})
-	}
-}
--- a/apis/core.oam.dev/v1alpha1/register.go
+++ b/apis/core.oam.dev/v1alpha1/register.go
@@ -19,15 +19,11 @@ package v1alpha1
 import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
-
-	workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
-
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )

 // Package type metadata.
 const (
-	Group   = common.Group
+	Group   = "core.oam.dev"
 	Version = "v1alpha1"
 )

@@ -56,5 +52,5 @@ var (

 func init() {
 	SchemeBuilder.Register(&Policy{}, &PolicyList{})
-	SchemeBuilder.Register(&workflowv1alpha1.Workflow{}, &workflowv1alpha1.WorkflowList{})
+	SchemeBuilder.Register(&Workflow{}, &WorkflowList{})
 }
--- a/apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/v1alpha1/zz_generated.deepcopy.go
@@ -27,37 +27,9 @@ import (
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplyOncePolicyRule) DeepCopyInto(out *ApplyOncePolicyRule) {
-	*out = *in
-	in.Selector.DeepCopyInto(&out.Selector)
-	if in.Strategy != nil {
-		in, out := &in.Strategy, &out.Strategy
-		*out = new(ApplyOnceStrategy)
-		(*in).DeepCopyInto(*out)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplyOncePolicyRule.
-func (in *ApplyOncePolicyRule) DeepCopy() *ApplyOncePolicyRule {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplyOncePolicyRule)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ApplyOncePolicySpec) DeepCopyInto(out *ApplyOncePolicySpec) {
 	*out = *in
-	if in.Rules != nil {
-		in, out := &in.Rules, &out.Rules
-		*out = make([]ApplyOncePolicyRule, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplyOncePolicySpec.
@@ -70,26 +42,6 @@ func (in *ApplyOncePolicySpec) DeepCopy() *ApplyOncePolicySpec {
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ApplyOnceStrategy) DeepCopyInto(out *ApplyOnceStrategy) {
-	*out = *in
-	if in.Path != nil {
-		in, out := &in.Path, &out.Path
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplyOnceStrategy.
-func (in *ApplyOnceStrategy) DeepCopy() *ApplyOnceStrategy {
-	if in == nil {
-		return nil
-	}
-	out := new(ApplyOnceStrategy)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ClusterConnection) DeepCopyInto(out *ClusterConnection) {
 	*out = *in
@@ -326,6 +278,36 @@ func (in *GarbageCollectPolicyRule) DeepCopy() *GarbageCollectPolicyRule {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GarbageCollectPolicyRuleSelector) DeepCopyInto(out *GarbageCollectPolicyRuleSelector) {
+	*out = *in
+	if in.CompNames != nil {
+		in, out := &in.CompNames, &out.CompNames
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.CompTypes != nil {
+		in, out := &in.CompTypes, &out.CompTypes
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.TraitTypes != nil {
+		in, out := &in.TraitTypes, &out.TraitTypes
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GarbageCollectPolicyRuleSelector.
+func (in *GarbageCollectPolicyRuleSelector) DeepCopy() *GarbageCollectPolicyRuleSelector {
+	if in == nil {
+		return nil
+	}
+	out := new(GarbageCollectPolicyRuleSelector)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *GarbageCollectPolicySpec) DeepCopyInto(out *GarbageCollectPolicySpec) {
 	*out = *in
@@ -595,11 +577,6 @@ func (in *RefObjectsComponentSpec) DeepCopyInto(out *RefObjectsComponentSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	if in.URLs != nil {
-		in, out := &in.URLs, &out.URLs
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RefObjectsComponentSpec.
@@ -612,114 +589,6 @@ func (in *RefObjectsComponentSpec) DeepCopy() *RefObjectsComponentSpec {
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ReplicationPolicySpec) DeepCopyInto(out *ReplicationPolicySpec) {
-	*out = *in
-	if in.Keys != nil {
-		in, out := &in.Keys, &out.Keys
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.Selector != nil {
-		in, out := &in.Selector, &out.Selector
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicationPolicySpec.
-func (in *ReplicationPolicySpec) DeepCopy() *ReplicationPolicySpec {
-	if in == nil {
-		return nil
-	}
-	out := new(ReplicationPolicySpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ResourcePolicyRuleSelector) DeepCopyInto(out *ResourcePolicyRuleSelector) {
-	*out = *in
-	if in.CompNames != nil {
-		in, out := &in.CompNames, &out.CompNames
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.CompTypes != nil {
-		in, out := &in.CompTypes, &out.CompTypes
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.OAMResourceTypes != nil {
-		in, out := &in.OAMResourceTypes, &out.OAMResourceTypes
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.TraitTypes != nil {
-		in, out := &in.TraitTypes, &out.TraitTypes
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.ResourceTypes != nil {
-		in, out := &in.ResourceTypes, &out.ResourceTypes
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.ResourceNames != nil {
-		in, out := &in.ResourceNames, &out.ResourceNames
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicyRuleSelector.
-func (in *ResourcePolicyRuleSelector) DeepCopy() *ResourcePolicyRuleSelector {
-	if in == nil {
-		return nil
-	}
-	out := new(ResourcePolicyRuleSelector)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SharedResourcePolicyRule) DeepCopyInto(out *SharedResourcePolicyRule) {
-	*out = *in
-	in.Selector.DeepCopyInto(&out.Selector)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedResourcePolicyRule.
-func (in *SharedResourcePolicyRule) DeepCopy() *SharedResourcePolicyRule {
-	if in == nil {
-		return nil
-	}
-	out := new(SharedResourcePolicyRule)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SharedResourcePolicySpec) DeepCopyInto(out *SharedResourcePolicySpec) {
-	*out = *in
-	if in.Rules != nil {
-		in, out := &in.Rules, &out.Rules
-		*out = make([]SharedResourcePolicyRule, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharedResourcePolicySpec.
-func (in *SharedResourcePolicySpec) DeepCopy() *SharedResourcePolicySpec {
-	if in == nil {
-		return nil
-	}
-	out := new(SharedResourcePolicySpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TopologyPolicySpec) DeepCopyInto(out *TopologyPolicySpec) {
 	*out = *in
@@ -735,3 +604,67 @@ func (in *TopologyPolicySpec) DeepCopy() *TopologyPolicySpec {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Workflow) DeepCopyInto(out *Workflow) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Steps != nil {
+		in, out := &in.Steps, &out.Steps
+		*out = make([]common.WorkflowStep, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workflow.
+func (in *Workflow) DeepCopy() *Workflow {
+	if in == nil {
+		return nil
+	}
+	out := new(Workflow)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Workflow) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowList) DeepCopyInto(out *WorkflowList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]Workflow, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowList.
+func (in *WorkflowList) DeepCopy() *WorkflowList {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *WorkflowList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
--- a/apis/core.oam.dev/v1alpha2/application_types.go
+++ b/apis/core.oam.dev/v1alpha2/application_types.go
@@ -87,7 +87,7 @@ type ApplicationSpec struct {

 // Application is the Schema for the applications API
 // +kubebuilder:object:root=true
-// +kubebuilder:resource:categories={oam},shortName={app,velaapp}
+// +kubebuilder:resource:categories={oam},shortName=app
 // +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:name="COMPONENT",type=string,JSONPath=`.spec.components[*].name`
 // +kubebuilder:printcolumn:name="TYPE",type=string,JSONPath=`.spec.components[*].type`
--- a/apis/core.oam.dev/v1alpha2/core_trait_types.go
+++ b/apis/core.oam.dev/v1alpha2/core_trait_types.go
@@ -0,0 +1,65 @@
+/*
+Copyright 2021 The KubeVela Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
+
+	"github.com/oam-dev/kubevela/pkg/oam"
+)
+
+var _ oam.Trait = &ManualScalerTrait{}
+
+// A ManualScalerTraitSpec defines the desired state of a ManualScalerTrait.
+type ManualScalerTraitSpec struct {
+	// ReplicaCount of the workload this trait applies to.
+	ReplicaCount int32 `json:"replicaCount"`
+
+	// WorkloadReference to the workload this trait applies to.
+	WorkloadReference corev1.ObjectReference `json:"workloadRef"`
+}
+
+// A ManualScalerTraitStatus represents the observed state of a
+// ManualScalerTrait.
+type ManualScalerTraitStatus struct {
+	condition.ConditionedStatus `json:",inline"`
+}
+
+// +kubebuilder:object:root=true
+
+// A ManualScalerTrait determines how many replicas a workload should have.
+// +kubebuilder:resource:categories={oam}
+// +kubebuilder:subresource:status
+type ManualScalerTrait struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   ManualScalerTraitSpec   `json:"spec,omitempty"`
+	Status ManualScalerTraitStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// ManualScalerTraitList contains a list of ManualScalerTrait.
+type ManualScalerTraitList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ManualScalerTrait `json:"items"`
+}
--- a/apis/core.oam.dev/v1alpha2/methods.go
+++ b/apis/core.oam.dev/v1alpha2/methods.go
@@ -24,6 +24,26 @@ import (
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
 )

+// GetCondition of this ManualScalerTrait.
+func (tr *ManualScalerTrait) GetCondition(ct condition.ConditionType) condition.Condition {
+	return tr.Status.GetCondition(ct)
+}
+
+// SetConditions of this ManualScalerTrait.
+func (tr *ManualScalerTrait) SetConditions(c ...condition.Condition) {
+	tr.Status.SetConditions(c...)
+}
+
+// GetWorkloadReference of this ManualScalerTrait.
+func (tr *ManualScalerTrait) GetWorkloadReference() corev1.ObjectReference {
+	return tr.Spec.WorkloadReference
+}
+
+// SetWorkloadReference of this ManualScalerTrait.
+func (tr *ManualScalerTrait) SetWorkloadReference(r corev1.ObjectReference) {
+	tr.Spec.WorkloadReference = r
+}
+
 // GetCondition of this ApplicationConfiguration.
 func (ac *ApplicationConfiguration) GetCondition(ct condition.ConditionType) condition.Condition {
 	return ac.Status.GetCondition(ct)
--- a/apis/core.oam.dev/v1alpha2/register.go
+++ b/apis/core.oam.dev/v1alpha2/register.go
@@ -21,13 +21,11 @@ import (

 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
-
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )

 // Package type metadata.
 const (
-	Group   = common.Group
+	Group   = "core.oam.dev"
 	Version = "v1alpha2"
 )

@@ -87,6 +85,14 @@ var (
 	ApplicationConfigurationGroupVersionKind = SchemeGroupVersion.WithKind(ApplicationConfigurationKind)
 )

+// ManualScalerTrait type metadata.
+var (
+	ManualScalerTraitKind             = reflect.TypeOf(ManualScalerTrait{}).Name()
+	ManualScalerTraitGroupKind        = schema.GroupKind{Group: Group, Kind: ManualScalerTraitKind}.String()
+	ManualScalerTraitKindAPIVersion   = ManualScalerTraitKind + "." + SchemeGroupVersion.String()
+	ManualScalerTraitGroupVersionKind = SchemeGroupVersion.WithKind(ManualScalerTraitKind)
+)
+
 // HealthScope type metadata.
 var (
 	HealthScopeKind             = reflect.TypeOf(HealthScope{}).Name()
@@ -118,6 +124,7 @@ func init() {
 	SchemeBuilder.Register(&ScopeDefinition{}, &ScopeDefinitionList{})
 	SchemeBuilder.Register(&Component{}, &ComponentList{})
 	SchemeBuilder.Register(&ApplicationConfiguration{}, &ApplicationConfigurationList{})
+	SchemeBuilder.Register(&ManualScalerTrait{}, &ManualScalerTraitList{})
 	SchemeBuilder.Register(&HealthScope{}, &HealthScopeList{})
 	SchemeBuilder.Register(&Application{}, &ApplicationList{})
 	SchemeBuilder.Register(&ApplicationRevision{}, &ApplicationRevisionList{})
--- a/apis/core.oam.dev/v1alpha2/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/v1alpha2/zz_generated.deepcopy.go
@@ -1520,6 +1520,97 @@ func (in *HistoryWorkload) DeepCopy() *HistoryWorkload {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManualScalerTrait) DeepCopyInto(out *ManualScalerTrait) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualScalerTrait.
+func (in *ManualScalerTrait) DeepCopy() *ManualScalerTrait {
+	if in == nil {
+		return nil
+	}
+	out := new(ManualScalerTrait)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ManualScalerTrait) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManualScalerTraitList) DeepCopyInto(out *ManualScalerTraitList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ManualScalerTrait, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualScalerTraitList.
+func (in *ManualScalerTraitList) DeepCopy() *ManualScalerTraitList {
+	if in == nil {
+		return nil
+	}
+	out := new(ManualScalerTraitList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ManualScalerTraitList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManualScalerTraitSpec) DeepCopyInto(out *ManualScalerTraitSpec) {
+	*out = *in
+	out.WorkloadReference = in.WorkloadReference
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualScalerTraitSpec.
+func (in *ManualScalerTraitSpec) DeepCopy() *ManualScalerTraitSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ManualScalerTraitSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManualScalerTraitStatus) DeepCopyInto(out *ManualScalerTraitStatus) {
+	*out = *in
+	in.ConditionedStatus.DeepCopyInto(&out.ConditionedStatus)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualScalerTraitStatus.
+func (in *ManualScalerTraitStatus) DeepCopy() *ManualScalerTraitStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(ManualScalerTraitStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *MemoryResources) DeepCopyInto(out *MemoryResources) {
 	*out = *in
--- a/apis/core.oam.dev/v1beta1/application_types.go
+++ b/apis/core.oam.dev/v1beta1/application_types.go
@@ -23,8 +23,6 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"

-	workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
-
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/condition"
 )
@@ -51,11 +49,13 @@ type AppPolicy struct {
 	Properties *runtime.RawExtension `json:"properties,omitempty"`
 }

+// WorkflowStep defines how to execute a workflow step.
+type WorkflowStep common.WorkflowStep
+
 // Workflow defines workflow steps and other attributes
 type Workflow struct {
-	Ref   string                                `json:"ref,omitempty"`
-	Mode  *workflowv1alpha1.WorkflowExecuteMode `json:"mode,omitempty"`
-	Steps []workflowv1alpha1.WorkflowStep       `json:"steps,omitempty"`
+	Ref   string         `json:"ref,omitempty"`
+	Steps []WorkflowStep `json:"steps,omitempty"`
 }

 // ApplicationSpec is the spec of Application
@@ -82,7 +82,7 @@ type ApplicationSpec struct {
 // Application is the Schema for the applications API
 // +kubebuilder:storageversion
 // +kubebuilder:subresource:status
-// +kubebuilder:resource:categories={oam},shortName={app,velaapp}
+// +kubebuilder:resource:categories={oam},shortName=app
 // +kubebuilder:printcolumn:name="COMPONENT",type=string,JSONPath=`.spec.components[*].name`
 // +kubebuilder:printcolumn:name="TYPE",type=string,JSONPath=`.spec.components[*].type`
 // +kubebuilder:printcolumn:name="PHASE",type=string,JSONPath=`.status.status`
--- a/apis/core.oam.dev/v1beta1/applicationrevision_types.go
+++ b/apis/core.oam.dev/v1beta1/applicationrevision_types.go
@@ -19,8 +19,6 @@ package v1beta1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

-	workflowv1alpha1 "github.com/kubevela/workflow/api/v1alpha1"
-
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 	"github.com/oam-dev/kubevela/apis/core.oam.dev/v1alpha1"
 )
@@ -57,7 +55,7 @@ type ApplicationRevisionSpec struct {
 	Policies map[string]v1alpha1.Policy `json:"policies,omitempty"`

 	// Workflow records the external workflow
-	Workflow *workflowv1alpha1.Workflow `json:"workflow,omitempty"`
+	Workflow *v1alpha1.Workflow `json:"workflow,omitempty"`

 	// ReferredObjects records the referred objects used in the ref-object typed components
 	// +kubebuilder:pruning:PreserveUnknownFields
--- a/apis/core.oam.dev/v1beta1/core_types.go
+++ b/apis/core.oam.dev/v1beta1/core_types.go
@@ -120,7 +120,7 @@ type TraitDefinitionSpec struct {
 	PodDisruptive bool `json:"podDisruptive,omitempty"`

 	// AppliesToWorkloads specifies the list of workload kinds this trait
-	// applies to. Workload kinds are specified in resource.group/version format,
+	// applies to. Workload kinds are specified in kind.group/version format,
 	// e.g. server.core.oam.dev/v1alpha2. Traits that omit this field apply to
 	// all workload kinds.
 	// +optional
@@ -138,8 +138,7 @@ type TraitDefinitionSpec struct {
 	// +optional
 	ConflictsWith []string `json:"conflictsWith,omitempty"`

-	// Schematic defines the data format and template of the encapsulation of the trait.
-	// Only CUE and Kube schematic are supported for now.
+	// Schematic defines the data format and template of the encapsulation of the trait
 	// +optional
 	Schematic *common.Schematic `json:"schematic,omitempty"`

@@ -155,32 +154,11 @@ type TraitDefinitionSpec struct {
 	// ManageWorkload defines the trait would be responsible for creating the workload
 	// +optional
 	ManageWorkload bool `json:"manageWorkload,omitempty"`
-	// ControlPlaneOnly defines which cluster is dispatched to
+	// SkipRevisionAffect defines the update this trait will not generate a new application Revision
 	// +optional
-	ControlPlaneOnly bool `json:"controlPlaneOnly,omitempty"`
-
-	// Stage defines the stage information to which this trait resource processing belongs.
-	// Currently, PreDispatch and PostDispatch are provided, which are used to control resource
-	// pre-process and post-process respectively.
-	// +optional
-	Stage StageType `json:"stage,omitempty"`
+	SkipRevisionAffect bool `json:"skipRevisionAffect,omitempty"`
 }

-// StageType describes how the manifests should be dispatched.
-// Only one of the following stage types may be specified.
-// If none of the following types is specified, the default one
-// is DefaultDispatch.
-type StageType string
-
-const (
-	// PreDispatch means that pre dispatch for manifests
-	PreDispatch StageType = "PreDispatch"
-	// DefaultDispatch means that default dispatch for manifests
-	DefaultDispatch StageType = "DefaultDispatch"
-	// PostDispatch means that post dispatch for manifests
-	PostDispatch StageType = "PostDispatch"
-)
-
 // TraitDefinitionStatus is the status of TraitDefinition
 type TraitDefinitionStatus struct {
 	// ConditionedStatus reflects the observed status of a resource
--- a/apis/core.oam.dev/v1beta1/policy_definition.go
+++ b/apis/core.oam.dev/v1beta1/policy_definition.go
@@ -29,8 +29,7 @@ type PolicyDefinitionSpec struct {
 	// Reference to the CustomResourceDefinition that defines this trait kind.
 	Reference common.DefinitionReference `json:"definitionRef,omitempty"`

-	// Schematic defines the data format and template of the encapsulation of the policy definition.
-	// Only CUE schematic is supported for now.
+	// Schematic defines the data format and template of the encapsulation of the policy definition
 	// +optional
 	Schematic *common.Schematic `json:"schematic,omitempty"`

@@ -44,9 +43,6 @@ type PolicyDefinitionStatus struct {
 	// ConditionedStatus reflects the observed status of a resource
 	condition.ConditionedStatus `json:",inline"`

-	// ConfigMapRef refer to a ConfigMap which contains OpenAPI V3 JSON schema of Component parameters.
-	ConfigMapRef string `json:"configMapRef,omitempty"`
-
 	// LatestRevision of the component definition
 	// +optional
 	LatestRevision *common.Revision `json:"latestRevision,omitempty"`
--- a/apis/core.oam.dev/v1beta1/register.go
+++ b/apis/core.oam.dev/v1beta1/register.go
@@ -21,13 +21,11 @@ import (

 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
-
-	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 )

 // Package type metadata.
 const (
-	Group   = common.Group
+	Group   = "core.oam.dev"
 	Version = "v1beta1"
 )

--- a/apis/core.oam.dev/v1beta1/resourcetracker_types.go
+++ b/apis/core.oam.dev/v1beta1/resourcetracker_types.go
@@ -21,8 +21,8 @@ import (
 	"reflect"
 	"strings"

-	"github.com/pkg/errors"
-	corev1 "k8s.io/api/core/v1"
+	errors2 "github.com/pkg/errors"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -33,8 +33,7 @@ import (
 	"github.com/oam-dev/kubevela/apis/interfaces"
 	velatypes "github.com/oam-dev/kubevela/apis/types"
 	"github.com/oam-dev/kubevela/pkg/oam"
-	"github.com/oam-dev/kubevela/pkg/utils/compression"
-	velaerr "github.com/oam-dev/kubevela/pkg/utils/errors"
+	"github.com/oam-dev/kubevela/pkg/utils/errors"
 )

 // +kubebuilder:object:root=true
@@ -70,80 +69,9 @@ const (

 // ResourceTrackerSpec define the spec of resourceTracker
 type ResourceTrackerSpec struct {
-	Type                  ResourceTrackerType        `json:"type,omitempty"`
-	ApplicationGeneration int64                      `json:"applicationGeneration"`
-	ManagedResources      []ManagedResource          `json:"managedResources,omitempty"`
-	Compression           ResourceTrackerCompression `json:"compression,omitempty"`
-}
-
-// ResourceTrackerCompression the compression for ResourceTracker ManagedResources
-type ResourceTrackerCompression struct {
-	Type compression.Type `json:"type,omitempty"`
-	Data string           `json:"data,omitempty"`
-}
-
-// MarshalJSON will encode ResourceTrackerSpec according to the compression type. If type specified,
-// it will encode data to compression data.
-// Note: this is not the standard json Marshal process but re-use the framework function.
-func (in *ResourceTrackerSpec) MarshalJSON() ([]byte, error) {
-	type Alias ResourceTrackerSpec
-	tmp := &struct{ *Alias }{}
-	switch in.Compression.Type {
-	case compression.Uncompressed:
-		tmp.Alias = (*Alias)(in)
-	case compression.Gzip:
-		cpy := in.DeepCopy()
-		data, err := compression.GzipObjectToString(in.ManagedResources)
-		if err != nil {
-			return nil, err
-		}
-		cpy.ManagedResources = nil
-		cpy.Compression.Data = data
-		tmp.Alias = (*Alias)(cpy)
-	case compression.Zstd:
-		cpy := in.DeepCopy()
-		data, err := compression.ZstdObjectToString(in.ManagedResources)
-		if err != nil {
-			return nil, err
-		}
-		cpy.ManagedResources = nil
-		cpy.Compression.Data = data
-		tmp.Alias = (*Alias)(cpy)
-	default:
-		return nil, compression.NewUnsupportedCompressionTypeError(string(in.Compression.Type))
-	}
-	return json.Marshal(tmp.Alias)
-}
-
-// UnmarshalJSON will decode ResourceTrackerSpec according to the compression type. If type specified,
-// it will decode data from compression data.
-// Note: this is not the standard json Unmarshal process but re-use the framework function.
-func (in *ResourceTrackerSpec) UnmarshalJSON(src []byte) error {
-	type Alias ResourceTrackerSpec
-	tmp := &struct{ *Alias }{}
-	if err := json.Unmarshal(src, tmp); err != nil {
-		return err
-	}
-	switch tmp.Compression.Type {
-	case compression.Uncompressed:
-		break
-	case compression.Gzip:
-		tmp.ManagedResources = []ManagedResource{}
-		if err := compression.GunzipStringToObject(tmp.Compression.Data, &tmp.ManagedResources); err != nil {
-			return err
-		}
-		tmp.Compression.Data = ""
-	case compression.Zstd:
-		tmp.ManagedResources = []ManagedResource{}
-		if err := compression.UnZstdStringToObject(tmp.Compression.Data, &tmp.ManagedResources); err != nil {
-			return err
-		}
-		tmp.Compression.Data = ""
-	default:
-		return compression.NewUnsupportedCompressionTypeError(string(in.Compression.Type))
-	}
-	(*ResourceTrackerSpec)(tmp.Alias).DeepCopyInto(in)
-	return nil
+	Type                  ResourceTrackerType `json:"type,omitempty"`
+	ApplicationGeneration int64               `json:"applicationGeneration"`
+	ManagedResources      []ManagedResource   `json:"managedResources,omitempty"`
 }

 // ManagedResource define the resource to be managed by ResourceTracker
@@ -154,8 +82,6 @@ type ManagedResource struct {
 	Data *runtime.RawExtension `json:"raw,omitempty"`
 	// Deleted marks the resource to be deleted
 	Deleted bool `json:"deleted,omitempty"`
-	// SkipGC marks the resource to skip gc
-	SkipGC bool `json:"skipGC,omitempty"`
 }

 // Equal check if two managed resource equals
@@ -195,13 +121,12 @@ func (in ManagedResource) NamespacedName() types.NamespacedName {

 // ResourceKey computes the key for managed resource, resources with the same key points to the same resource
 func (in ManagedResource) ResourceKey() string {
-	group := in.GroupVersionKind().Group
-	kind := in.GroupVersionKind().Kind
+	gv, kind := in.GroupVersionKind().ToAPIVersionAndKind()
 	cluster := in.Cluster
 	if cluster == "" {
 		cluster = velatypes.ClusterLocalName
 	}
-	return strings.Join([]string{group, kind, cluster, in.Namespace, in.Name}, "/")
+	return strings.Join([]string{gv, kind, cluster, in.Namespace, in.Name}, "/")
 }

 // ComponentKey computes the key for the component which managed resource belongs to
@@ -212,7 +137,7 @@ func (in ManagedResource) ComponentKey() string {
 // UnmarshalTo unmarshal ManagedResource into target object
 func (in ManagedResource) UnmarshalTo(obj interface{}) error {
 	if in.Data == nil || in.Data.Raw == nil {
-		return velaerr.ManagedResourceHasNoDataError{}
+		return errors.ManagedResourceHasNoDataError{}
 	}
 	return json.Unmarshal(in.Data.Raw, obj)
 }
@@ -233,7 +158,7 @@ func (in ManagedResource) ToUnstructured() *unstructured.Unstructured {
 func (in ManagedResource) ToUnstructuredWithData() (*unstructured.Unstructured, error) {
 	obj := in.ToUnstructured()
 	if err := in.UnmarshalTo(obj); err != nil {
-		if errors.Is(err, velaerr.ManagedResourceHasNoDataError{}) {
+		if errors2.Is(err, errors.ManagedResourceHasNoDataError{}) {
 			return nil, err
 		}
 	}
@@ -266,11 +191,12 @@ func (in *ResourceTracker) findMangedResourceIndex(mr ManagedResource) int {
 	return -1
 }

-func newManagedResourceFromResource(rsc client.Object) ManagedResource {
+// AddManagedResource add object to managed resources, if exists, update
+func (in *ResourceTracker) AddManagedResource(rsc client.Object, metaOnly bool) (updated bool) {
 	gvk := rsc.GetObjectKind().GroupVersionKind()
-	return ManagedResource{
+	mr := ManagedResource{
 		ClusterObjectReference: common.ClusterObjectReference{
-			ObjectReference: corev1.ObjectReference{
+			ObjectReference: v1.ObjectReference{
 				APIVersion: gvk.GroupVersion().String(),
 				Kind:       gvk.Kind,
 				Name:       rsc.GetName(),
@@ -281,24 +207,9 @@ func newManagedResourceFromResource(rsc client.Object) ManagedResource {
 		OAMObjectReference: common.NewOAMObjectReferenceFromObject(rsc),
 		Deleted:            false,
 	}
-}
-
-// ContainsManagedResource check if resource exists in ResourceTracker
-func (in *ResourceTracker) ContainsManagedResource(rsc client.Object) bool {
-	mr := newManagedResourceFromResource(rsc)
-	return in.findMangedResourceIndex(mr) >= 0
-}
-
-// AddManagedResource add object to managed resources, if exists, update
-func (in *ResourceTracker) AddManagedResource(rsc client.Object, metaOnly bool, skipGC bool, creator string) (updated bool) {
-	mr := newManagedResourceFromResource(rsc)
-	mr.SkipGC = skipGC
 	if !metaOnly {
 		mr.Data = &runtime.RawExtension{Object: rsc}
 	}
-	if creator != "" {
-		mr.ClusterObjectReference.Creator = creator
-	}
 	if idx := in.findMangedResourceIndex(mr); idx >= 0 {
 		if reflect.DeepEqual(in.Spec.ManagedResources[idx], mr) {
 			return false
@@ -318,7 +229,7 @@ func (in *ResourceTracker) DeleteManagedResource(rsc client.Object, remove bool)
 	gvk := rsc.GetObjectKind().GroupVersionKind()
 	mr := ManagedResource{
 		ClusterObjectReference: common.ClusterObjectReference{
-			ObjectReference: corev1.ObjectReference{
+			ObjectReference: v1.ObjectReference{
 				APIVersion: gvk.GroupVersion().String(),
 				Kind:       gvk.Kind,
 				Name:       rsc.GetName(),
@@ -361,7 +272,7 @@ func (in *ResourceTracker) addClusterObjectReference(ref common.ClusterObjectRef
 // Deprecated
 func (in *ResourceTracker) AddTrackedResource(rsc interfaces.TrackableResource) bool {
 	return in.addClusterObjectReference(common.ClusterObjectReference{
-		ObjectReference: corev1.ObjectReference{
+		ObjectReference: v1.ObjectReference{
 			APIVersion: rsc.GetAPIVersion(),
 			Kind:       rsc.GetKind(),
 			Name:       rsc.GetName(),
--- a/apis/core.oam.dev/v1beta1/resourcetracker_types_test.go
+++ b/apis/core.oam.dev/v1beta1/resourcetracker_types_test.go
@@ -18,23 +18,18 @@ package v1beta1

 import (
 	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"strings"
 	"testing"
-	"time"

 	"github.com/stretchr/testify/require"
-	appsv1 "k8s.io/api/apps/v1"
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v12 "k8s.io/api/apps/v1"
+	v1 "k8s.io/api/core/v1"
+	v13 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/utils/pointer"

 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 	"github.com/oam-dev/kubevela/pkg/oam"
-	"github.com/oam-dev/kubevela/pkg/utils/compression"
 	"github.com/oam-dev/kubevela/pkg/utils/errors"
 )

@@ -116,10 +111,10 @@ func TestManagedResourceKeys(t *testing.T) {
 	input := ManagedResource{
 		ClusterObjectReference: common.ClusterObjectReference{
 			Cluster: "cluster",
-			ObjectReference: corev1.ObjectReference{
+			ObjectReference: v1.ObjectReference{
 				Namespace:  "namespace",
 				Name:       "name",
-				APIVersion: appsv1.SchemeGroupVersion.String(),
+				APIVersion: v12.SchemeGroupVersion.String(),
 				Kind:       "Deployment",
 			},
 		},
@@ -130,10 +125,10 @@ func TestManagedResourceKeys(t *testing.T) {
 		},
 	}
 	r.Equal("namespace/name", input.NamespacedName().String())
-	r.Equal("apps/Deployment/cluster/namespace/name", input.ResourceKey())
+	r.Equal("apps/v1/Deployment/cluster/namespace/name", input.ResourceKey())
 	r.Equal("env/component", input.ComponentKey())
 	r.Equal("Deployment name (Cluster: cluster, Namespace: namespace)", input.DisplayName())
-	var deploy1, deploy2 appsv1.Deployment
+	var deploy1, deploy2 v12.Deployment
 	deploy1.Spec.Replicas = pointer.Int32(5)
 	bs, err := json.Marshal(deploy1)
 	r.NoError(err)
@@ -160,17 +155,17 @@ func TestManagedResourceKeys(t *testing.T) {
 func TestResourceTracker_ManagedResource(t *testing.T) {
 	r := require.New(t)
 	input := &ResourceTracker{}
-	deploy1 := appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "deploy1"}}
-	input.AddManagedResource(&deploy1, true, false, "")
+	deploy1 := v12.Deployment{ObjectMeta: v13.ObjectMeta{Name: "deploy1"}}
+	input.AddManagedResource(&deploy1, true)
 	r.Equal(1, len(input.Spec.ManagedResources))
-	cm2 := corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "cm2"}}
-	input.AddManagedResource(&cm2, false, false, "")
+	cm2 := v1.ConfigMap{ObjectMeta: v13.ObjectMeta{Name: "cm2"}}
+	input.AddManagedResource(&cm2, false)
 	r.Equal(2, len(input.Spec.ManagedResources))
-	pod3 := corev1.Pod{ObjectMeta: metav1.ObjectMeta{Name: "pod3"}}
-	input.AddManagedResource(&pod3, false, false, "")
+	pod3 := v1.Pod{ObjectMeta: v13.ObjectMeta{Name: "pod3"}}
+	input.AddManagedResource(&pod3, false)
 	r.Equal(3, len(input.Spec.ManagedResources))
 	deploy1.Spec.Replicas = pointer.Int32(5)
-	input.AddManagedResource(&deploy1, false, false, "")
+	input.AddManagedResource(&deploy1, false)
 	r.Equal(3, len(input.Spec.ManagedResources))
 	input.DeleteManagedResource(&cm2, false)
 	r.Equal(3, len(input.Spec.ManagedResources))
@@ -181,171 +176,9 @@ func TestResourceTracker_ManagedResource(t *testing.T) {
 	r.Equal(1, len(input.Spec.ManagedResources))
 	input.DeleteManagedResource(&pod3, true)
 	r.Equal(0, len(input.Spec.ManagedResources))
-	secret4 := corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "secret4"}}
+	secret4 := v1.Secret{ObjectMeta: v13.ObjectMeta{Name: "secret4"}}
 	input.DeleteManagedResource(&secret4, true)
 	r.Equal(0, len(input.Spec.ManagedResources))
 	input.DeleteManagedResource(&secret4, false)
 	r.Equal(1, len(input.Spec.ManagedResources))
 }
-
-func TestResourceTrackerCompression(t *testing.T) {
-	count := 20
-	r := require.New(t)
-
-	// Load some real CRDs, and other test data to simulate real use-cases.
-	// The user must have some large resourcetrackers if they use compression,
-	// so we load some large CRDs.
-	var data []string
-	paths := []string{
-		"../../../charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_applications.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_healthscopes.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_componentdefinitions.yaml",
-		"../../../charts/vela-core/crds/core.oam.dev_workloaddefinitions.yaml",
-		"../../../charts/vela-core/crds/standard.oam.dev_rollouts.yaml",
-		"../../../charts/vela-core/templates/addon/fluxcd.yaml",
-		"../../../charts/vela-core/templates/kubevela-controller.yaml",
-		"../../../charts/vela-core/README.md",
-		"../../../pkg/velaql/providers/query/testdata/machinelearning.seldon.io_seldondeployments.yaml",
-		"../../../legacy/charts/vela-core-legacy/crds/standard.oam.dev_podspecworkloads.yaml",
-	}
-	for _, p := range paths {
-		b, err := ioutil.ReadFile(p)
-		r.NoError(err)
-		data = append(data, string(b))
-	}
-	size := len(data)
-
-	// Gzip
-	var (
-		gzipCompressTime int64
-		gzipSize         int
-		gzipBs           []byte
-	)
-	for c := 0; c < count; c++ {
-		var err error
-		rtGzip := &ResourceTracker{}
-		for i := 0; i < size; i++ {
-			rtGzip.AddManagedResource(&corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("cm%d", i)}, Data: map[string]string{"1": data[i]}}, false, false, "")
-			rtGzip.AddManagedResource(&corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("secret%d", i)}}, true, false, "")
-		}
-		rtGzip.Spec.Compression.Type = compression.Gzip
-		// Compress
-		t0 := time.Now()
-		gzipBs, err = json.Marshal(rtGzip)
-		elapsed := time.Since(t0).Nanoseconds()
-		if gzipCompressTime == 0 {
-			gzipCompressTime = elapsed
-		} else {
-			gzipCompressTime = (elapsed + gzipCompressTime) / 2
-		}
-		if gzipSize == 0 {
-			gzipSize = len(gzipBs)
-		} else {
-			gzipSize = (len(gzipBs) + gzipSize) / 2
-		}
-		r.NoError(err)
-		r.Contains(string(gzipBs), `"type":"gzip","data":`)
-	}
-
-	// Zstd
-	var (
-		zstdCompressTime int64
-		zstdSize         int
-		zstdBs           []byte
-	)
-	for c := 0; c < count; c++ {
-		var err error
-		rtZstd := &ResourceTracker{}
-		for i := 0; i < size; i++ {
-			rtZstd.AddManagedResource(&corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("cm%d", i)}, Data: map[string]string{"1": data[i]}}, false, false, "")
-			rtZstd.AddManagedResource(&corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("secret%d", i)}}, true, false, "")
-		}
-		rtZstd.Spec.Compression.Type = compression.Zstd
-		t0 := time.Now()
-		zstdBs, err = json.Marshal(rtZstd)
-		elapsed := time.Since(t0).Nanoseconds()
-		if zstdCompressTime == 0 {
-			zstdCompressTime = elapsed
-		} else {
-			zstdCompressTime = (elapsed + zstdCompressTime) / 2
-		}
-		if zstdSize == 0 {
-			zstdSize = len(zstdBs)
-		} else {
-			zstdSize = (len(zstdBs) + zstdSize) / 2
-		}
-		r.NoError(err)
-		r.Contains(string(zstdBs), `"type":"zstd","data":`)
-	}
-
-	rtUncmp := &ResourceTracker{}
-	r.NoError(json.Unmarshal(gzipBs, rtUncmp))
-	r.Equal(size*2, len(rtUncmp.Spec.ManagedResources))
-	for i, rsc := range rtUncmp.Spec.ManagedResources {
-		r.Equal(i%2 == 1, rsc.Data == nil)
-	}
-	r.NoError(json.Unmarshal(zstdBs, rtUncmp))
-	r.Equal(size*2, len(rtUncmp.Spec.ManagedResources))
-	for i, rsc := range rtUncmp.Spec.ManagedResources {
-		r.Equal(i%2 == 1, rsc.Data == nil)
-	}
-	// No compression
-	var (
-		uncmpTime int64
-		uncmpSize int
-	)
-	rtUncmp.Spec.Compression.Type = compression.Uncompressed
-	for c := 0; c < count; c++ {
-		t0 := time.Now()
-		_bs, err := json.Marshal(rtUncmp)
-		if uncmpTime == 0 {
-			uncmpTime = time.Since(t0).Nanoseconds()
-		} else {
-			uncmpTime = (time.Since(t0).Nanoseconds() + uncmpTime) / 2
-		}
-		if uncmpSize == 0 {
-			uncmpSize = len(_bs)
-		} else {
-			uncmpSize = (len(_bs) + uncmpSize) / 2
-		}
-		r.NoError(err)
-		before, after := len(_bs), len(zstdBs)
-		r.Less(after, before)
-		before, after = len(_bs), len(gzipBs)
-		r.Less(after, before)
-	}
-
-	fmt.Printf(`Compressed Size:
-  uncompressed: %d bytes	100.00%%
-  gzip:         %d bytes	%.2f%%
-  zstd:         %d bytes	%.2f%%
-`,
-		uncmpSize,
-		gzipSize, float64(gzipSize)*100.0/float64(uncmpSize),
-		zstdSize, float64(zstdSize)*100.0/float64(uncmpSize))
-
-	fmt.Printf(`Marshal Time:
-  no compression: %d ns	1.00x
-  gzip:           %d ns	%.2fx
-  zstd:           %d ns	%.2fx
-`,
-		uncmpTime,
-		gzipCompressTime, float64(gzipCompressTime)/float64(uncmpTime),
-		zstdCompressTime, float64(zstdCompressTime)/float64(uncmpTime),
-	)
-}
-
-func TestResourceTrackerInvalidMarshal(t *testing.T) {
-	r := require.New(t)
-	rt := &ResourceTracker{}
-	rt.Spec.Compression.Type = "invalid"
-	_, err := json.Marshal(rt)
-	r.ErrorIs(err, compression.NewUnsupportedCompressionTypeError("invalid"))
-	r.True(strings.Contains(err.Error(), "invalid"))
-	r.ErrorIs(json.Unmarshal([]byte(`{"spec":{"compression":{"type":"invalid"}}}`), rt), compression.NewUnsupportedCompressionTypeError("invalid"))
-	r.NotNil(json.Unmarshal([]byte(`{"spec":{"compression":{"type":"gzip","data":"xxx"}}}`), rt))
-	r.NotNil(json.Unmarshal([]byte(`{"spec":["invalid"]}`), rt))
-}
--- a/apis/core.oam.dev/v1beta1/workflow_step_definition.go
+++ b/apis/core.oam.dev/v1beta1/workflow_step_definition.go
@@ -29,8 +29,7 @@ type WorkflowStepDefinitionSpec struct {
 	// Reference to the CustomResourceDefinition that defines this trait kind.
 	Reference common.DefinitionReference `json:"definitionRef,omitempty"`

-	// Schematic defines the data format and template of the encapsulation of the workflow step definition.
-	// Only CUE schematic is supported for now.
+	// Schematic defines the data format and template of the encapsulation of the workflow step definition
 	// +optional
 	Schematic *common.Schematic `json:"schematic,omitempty"`
 }
--- a/apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go
+++ b/apis/core.oam.dev/v1beta1/zz_generated.deepcopy.go
@@ -22,12 +22,11 @@ limitations under the License.
 package v1beta1

 import (
-	"github.com/kubevela/workflow/api/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"

 	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
-	core_oam_devv1alpha1 "github.com/oam-dev/kubevela/apis/core.oam.dev/v1alpha1"
+	"github.com/oam-dev/kubevela/apis/core.oam.dev/v1alpha1"
 )

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -223,7 +222,7 @@ func (in *ApplicationRevisionSpec) DeepCopyInto(out *ApplicationRevisionSpec) {
 	}
 	if in.Policies != nil {
 		in, out := &in.Policies, &out.Policies
-		*out = make(map[string]core_oam_devv1alpha1.Policy, len(*in))
+		*out = make(map[string]v1alpha1.Policy, len(*in))
 		for key, val := range *in {
 			(*out)[key] = *val.DeepCopy()
 		}
@@ -651,21 +650,6 @@ func (in *ResourceTracker) DeepCopyObject() runtime.Object {
 	return nil
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ResourceTrackerCompression) DeepCopyInto(out *ResourceTrackerCompression) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceTrackerCompression.
-func (in *ResourceTrackerCompression) DeepCopy() *ResourceTrackerCompression {
-	if in == nil {
-		return nil
-	}
-	out := new(ResourceTrackerCompression)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ResourceTrackerList) DeepCopyInto(out *ResourceTrackerList) {
 	*out = *in
@@ -708,7 +692,6 @@ func (in *ResourceTrackerSpec) DeepCopyInto(out *ResourceTrackerSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	out.Compression = in.Compression
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceTrackerSpec.
@@ -944,14 +927,9 @@ func (in *TraitDefinitionStatus) DeepCopy() *TraitDefinitionStatus {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Workflow) DeepCopyInto(out *Workflow) {
 	*out = *in
-	if in.Mode != nil {
-		in, out := &in.Mode, &out.Mode
-		*out = new(v1alpha1.WorkflowExecuteMode)
-		**out = **in
-	}
 	if in.Steps != nil {
 		in, out := &in.Steps, &out.Steps
-		*out = make([]v1alpha1.WorkflowStep, len(*in))
+		*out = make([]WorkflowStep, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@@ -968,6 +946,41 @@ func (in *Workflow) DeepCopy() *Workflow {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkflowStep) DeepCopyInto(out *WorkflowStep) {
+	*out = *in
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.DependsOn != nil {
+		in, out := &in.DependsOn, &out.DependsOn
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Inputs != nil {
+		in, out := &in.Inputs, &out.Inputs
+		*out = make(common.StepInputs, len(*in))
+		copy(*out, *in)
+	}
+	if in.Outputs != nil {
+		in, out := &in.Outputs, &out.Outputs
+		*out = make(common.StepOutputs, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowStep.
+func (in *WorkflowStep) DeepCopy() *WorkflowStep {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkflowStep)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkflowStepDefinition) DeepCopyInto(out *WorkflowStepDefinition) {
 	*out = *in
--- a/apis/types/capability.go
+++ b/apis/types/capability.go
@@ -80,8 +80,6 @@ const (
 	OpenapiV3JSONSchema string = "openapi-v3-json-schema"
 	// UISchema is the key to store ui custom schema
 	UISchema string = "ui-schema"
-	// VelaQLConfigmapKey is the key to store velaql view
-	VelaQLConfigmapKey string = "template"
 )

 // CapabilityCategory defines the category of a capability
@@ -165,7 +163,6 @@ type Capability struct {
 	Center         string             `json:"center,omitempty"`
 	Status         string             `json:"status,omitempty"`
 	Description    string             `json:"description,omitempty"`
-	Example        string             `json:"example,omitempty"`
 	Labels         map[string]string  `json:"labels,omitempty"`
 	Category       CapabilityCategory `json:"category,omitempty"`

--- a/apis/types/multicluster.go
+++ b/apis/types/multicluster.go
@@ -39,18 +39,4 @@ const (
 var (
 	// AnnotationClusterAlias the annotation key for cluster alias
 	AnnotationClusterAlias = config.MetaApiGroupName + "/cluster-alias"
-
-	// AnnotationClusterVersion the annotation key for cluster version
-	AnnotationClusterVersion = config.MetaApiGroupName + "/cluster-version"
 )
-
-// ClusterVersion defines the Version info of managed clusters.
-type ClusterVersion struct {
-	Major      string `json:"major"`
-	Minor      string `json:"minor"`
-	GitVersion string `json:"gitVersion,omitempty"`
-	Platform   string `json:"platform,omitempty"`
-}
-
-// ControlPlaneClusterVersion will be the default value of cluster info if managed cluster version get error, it will have value when vela-core started.
-var ControlPlaneClusterVersion ClusterVersion
--- a/apis/types/types.go
+++ b/apis/types/types.go
@@ -18,13 +18,6 @@ package types

 import "github.com/oam-dev/kubevela/pkg/oam"

-const (
-	// KubeVelaName name of kubevela
-	KubeVelaName = "kubevela"
-	// VelaCoreName name of vela-core
-	VelaCoreName = "vela-core"
-)
-
 const (
 	// DefaultKubeVelaReleaseName defines the default name of KubeVela Release
 	DefaultKubeVelaReleaseName = "kubevela"
@@ -48,10 +41,6 @@ var DefaultKubeVelaNS = "vela-system"
 const (
 	// AnnoDefinitionDescription is the annotation which describe what is the capability used for in a WorkloadDefinition/TraitDefinition Object
 	AnnoDefinitionDescription = "definition.oam.dev/description"
-	// AnnoDefinitionExampleURL is the annotation which describe url of usage examples of the capability, it will be loaded in documentation generate.
-	AnnoDefinitionExampleURL = "definition.oam.dev/example-url"
-	// AnnoDefinitionAlias is the annotation for definition alias
-	AnnoDefinitionAlias = "definition.oam.dev/alias"
 	// AnnoDefinitionIcon is the annotation which describe the icon url
 	AnnoDefinitionIcon = "definition.oam.dev/icon"
 	// AnnoDefinitionAppliedWorkloads is the annotation which describe what is the workloads used for in a TraitDefinition Object
@@ -64,8 +53,6 @@ const (
 	LabelDefinitionDeprecated = "custom.definition.oam.dev/deprecated"
 	// LabelDefinitionHidden is the label which describe whether the capability is hidden by UI
 	LabelDefinitionHidden = "custom.definition.oam.dev/ui-hidden"
-	// LabelDefinitionScope is the label which describe whether the capability's scope
-	LabelDefinitionScope = "custom.definition.oam.dev/scope"
 	// LabelNodeRoleGateway gateway role of node
 	LabelNodeRoleGateway = "node-role.kubernetes.io/gateway"
 	// LabelNodeRoleWorker worker role of node
@@ -74,11 +61,9 @@ const (
 	AnnoIngressControllerHTTPSPort = "ingress.controller/https-port"
 	// AnnoIngressControllerHTTPPort define ingress controller listen port for http
 	AnnoIngressControllerHTTPPort = "ingress.controller/http-port"
-	// AnnoIngressControllerHost define ingress controller externally host
-	AnnoIngressControllerHost = "ingress.controller/host"
-	// LabelConfigType is the label marked as the template that generated the config.
+	// LabelConfigType is the label for config type
 	LabelConfigType = "config.oam.dev/type"
-	// LabelConfigCatalog is the label marked as the secret generated from the config.
+	// LabelConfigCatalog is the label for config catalog
 	LabelConfigCatalog = "config.oam.dev/catalog"
 	// LabelConfigSubType is the sub-type for a config type
 	LabelConfigSubType = "config.oam.dev/sub-type"
@@ -88,18 +73,10 @@ const (
 	LabelConfigSyncToMultiCluster = "config.oam.dev/multi-cluster"
 	// LabelConfigIdentifier is the label for config identifier
 	LabelConfigIdentifier = "config.oam.dev/identifier"
-	// LabelConfigScope is the label for config scope
-	LabelConfigScope = "config.oam.dev/scope"
-	// AnnotationConfigSensitive is the annotation for the sensitization
-	AnnotationConfigSensitive = "config.oam.dev/sensitive"
-	// AnnotationConfigTemplateNamespace is the annotation for the template namespace
-	AnnotationConfigTemplateNamespace = "config.oam.dev/template-namespace"
 	// AnnotationConfigDescription is the annotation for config description
 	AnnotationConfigDescription = "config.oam.dev/description"
 	// AnnotationConfigAlias is the annotation for config alias
 	AnnotationConfigAlias = "config.oam.dev/alias"
-	// AnnotationConfigDistributionSpec is the annotation key of the application that distributes the configs
-	AnnotationConfigDistributionSpec = "config.oam.dev/distribution-spec"
 )

 const (
@@ -116,7 +93,6 @@ type Config map[string]string
 type EnvMeta struct {
 	Name      string `json:"name"`
 	Namespace string `json:"namespace"`
-	Labels    string `json:"labels"`
 	Current   string `json:"current"`
 }

@@ -166,23 +142,14 @@ const (
 	// TerraformProvider is the config type for terraform provider
 	TerraformProvider = "terraform-provider"
 	// DexConnector is the config type for dex connector
-	DexConnector = "dex-connector"
+	DexConnector = "config-dex-connector"
 	// ImageRegistry is the config type for image registry
-	ImageRegistry = "image-registry"
+	ImageRegistry = "config-image-registry"
 	// HelmRepository is the config type for Helm chart repository
-	HelmRepository = "helm-repository"
-	// CatalogConfigDistribution is the catalog type
-	CatalogConfigDistribution = "config-distribution"
+	HelmRepository = "config-helm-repository"
 )

 const (
-	// TerraformComponentPrefix is the prefix of component type of terraform-xxx
-	TerraformComponentPrefix = "terraform-"
-
-	// ProviderAppPrefix is the prefix of the application to create a Terraform Provider
-	ProviderAppPrefix = "config-terraform-provider"
-	// ProviderNamespace is the namespace of Terraform Cloud Provider
-	ProviderNamespace = "default"
-	// VelaCoreConfig is to mark application, config and its secret or Terraform provider lelong to a KubeVela config
-	VelaCoreConfig = "velacore-config"
+	// TerrfaormComponentPrefix is the prefix of component type of terraform-xxx
+	TerrfaormComponentPrefix = "terraform-"
 )
--- a/charts/oam-runtime/Chart.yaml
+++ b/charts/oam-runtime/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+name: oam-runtime
+description: A Helm chart for oam-runtime aligns with OAM spec v0.2
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 0.1.0
--- a/charts/oam-runtime/crds/core.oam.dev_applicationconfigurations.yaml
+++ b/charts/oam-runtime/crds/core.oam.dev_applicationconfigurations.yaml
--- a/charts/oam-runtime/crds/core.oam.dev_components.yaml
+++ b/charts/oam-runtime/crds/core.oam.dev_components.yaml
@@ -0,0 +1,178 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: components.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: Component
+    listKind: ComponentList
+    plural: components
+    singular: component
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.workload.kind
+      name: WORKLOAD-KIND
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: age
+      type: date
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A Component describes how an OAM workload kind may be instantiated.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A ComponentSpec defines the desired state of a Component.
+            properties:
+              helm:
+                description: HelmRelease records a Helm release used by a Helm module
+                  workload.
+                properties:
+                  release:
+                    description: Release records a Helm release used by a Helm module
+                      workload.
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                  repository:
+                    description: HelmRelease records a Helm repository used by a Helm
+                      module workload.
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                required:
+                - release
+                - repository
+                type: object
+              parameters:
+                description: Parameters exposed by this component. ApplicationConfigurations
+                  that reference this component may specify values for these parameters,
+                  which will in turn be injected into the embedded workload.
+                items:
+                  description: A ComponentParameter defines a configurable parameter
+                    of a component.
+                  properties:
+                    description:
+                      description: Description of this parameter.
+                      type: string
+                    fieldPaths:
+                      description: FieldPaths specifies an array of fields within
+                        this Component's workload that will be overwritten by the
+                        value of this parameter. The type of the parameter (e.g. int,
+                        string) is inferred from the type of these fields; All fields
+                        must be of the same type. Fields are specified as JSON field
+                        paths without a leading dot, for example 'spec.replicas'.
+                      items:
+                        type: string
+                      type: array
+                    name:
+                      description: Name of this parameter. OAM ApplicationConfigurations
+                        will specify parameter values using this name.
+                      type: string
+                    required:
+                      default: false
+                      description: Required specifies whether or not a value for this
+                        parameter must be supplied when authoring an ApplicationConfiguration.
+                      type: boolean
+                  required:
+                  - fieldPaths
+                  - name
+                  type: object
+                type: array
+              workload:
+                description: A Workload that will be created for each ApplicationConfiguration
+                  that includes this Component. Workload is an instance of a workloadDefinition.
+                  We either use the GVK info or a special "type" field in the workload
+                  to associate the content of the workload with its workloadDefinition
+                type: object
+                x-kubernetes-embedded-resource: true
+                x-kubernetes-preserve-unknown-fields: true
+            required:
+            - workload
+            type: object
+          status:
+            description: A ComponentStatus represents the observed state of a Component.
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              latestRevision:
+                description: LatestRevision of component
+                properties:
+                  name:
+                    type: string
+                  revision:
+                    format: int64
+                    type: integer
+                  revisionHash:
+                    description: RevisionHash record the hash value of the spec of
+                      ApplicationRevision object.
+                    type: string
+                required:
+                - name
+                - revision
+                type: object
+              observedGeneration:
+                description: The generation observed by the component controller.
+                format: int64
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/oam-runtime/crds/core.oam.dev_healthscopes.yaml
+++ b/charts/oam-runtime/crds/core.oam.dev_healthscopes.yaml
@@ -0,0 +1,590 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: healthscopes.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: HealthScope
+    listKind: HealthScopeList
+    plural: healthscopes
+    singular: healthscope
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.health
+      name: HEALTH
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A HealthScope determines an aggregate health status based of
+          the health of components.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A HealthScopeSpec defines the desired state of a HealthScope.
+            properties:
+              appReferences:
+                description: AppRefs records references of applications' components
+                items:
+                  description: AppReference records references of an application's
+                    components
+                  properties:
+                    appName:
+                      type: string
+                    compReferences:
+                      items:
+                        description: CompReference records references of a component's
+                          resources
+                        properties:
+                          compName:
+                            type: string
+                          traits:
+                            items:
+                              description: 'ObjectReference contains enough information
+                                to let you inspect or modify the referred object.
+                                --- New uses of this type are discouraged because
+                                of difficulty describing its usage when embedded in
+                                APIs.  1. Ignored fields.  It includes many fields
+                                which are not generally honored.  For instance, ResourceVersion
+                                and FieldPath are both very rarely valid in actual
+                                usage.  2. Invalid usage help.  It is impossible to
+                                add specific help for individual usage.  In most embedded
+                                usages, there are particular     restrictions like,
+                                "must refer only to types A and B" or "UID not honored"
+                                or "name must be restricted".     Those cannot be
+                                well described when embedded.  3. Inconsistent validation.  Because
+                                the usages are different, the validation rules are
+                                different by usage, which makes it hard for users
+                                to predict what will happen.  4. The fields are both
+                                imprecise and overly precise.  Kind is not a precise
+                                mapping to a URL. This can produce ambiguity     during
+                                interpretation and require a REST mapping.  In most
+                                cases, the dependency is on the group,resource tuple     and
+                                the version of the actual struct is irrelevant.  5.
+                                We cannot easily change it.  Because this type is
+                                embedded in many locations, updates to this type     will
+                                affect numerous schemas.  Don''t make new APIs embed
+                                an underspecified API type they do not control. Instead
+                                of using this type, create a locally provided and
+                                used type that is well-focused on your reference.
+                                For example, ServiceReferences for admission registration:
+                                https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                                .'
+                              properties:
+                                apiVersion:
+                                  description: API version of the referent.
+                                  type: string
+                                fieldPath:
+                                  description: 'If referring to a piece of an object
+                                    instead of an entire object, this string should
+                                    contain a valid JSON/Go field access statement,
+                                    such as desiredState.manifest.containers[2]. For
+                                    example, if the object reference is to a container
+                                    within a pod, this would take on a value like:
+                                    "spec.containers{name}" (where "name" refers to
+                                    the name of the container that triggered the event)
+                                    or if no container name is specified "spec.containers[2]"
+                                    (container with index 2 in this pod). This syntax
+                                    is chosen only to have some well-defined way of
+                                    referencing a part of an object. TODO: this design
+                                    is not final and this field is subject to change
+                                    in the future.'
+                                  type: string
+                                kind:
+                                  description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                  type: string
+                                namespace:
+                                  description: 'Namespace of the referent. More info:
+                                    https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                  type: string
+                                resourceVersion:
+                                  description: 'Specific resourceVersion to which
+                                    this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                  type: string
+                                uid:
+                                  description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                  type: string
+                              type: object
+                            type: array
+                          workload:
+                            description: 'ObjectReference contains enough information
+                              to let you inspect or modify the referred object. ---
+                              New uses of this type are discouraged because of difficulty
+                              describing its usage when embedded in APIs.  1. Ignored
+                              fields.  It includes many fields which are not generally
+                              honored.  For instance, ResourceVersion and FieldPath
+                              are both very rarely valid in actual usage.  2. Invalid
+                              usage help.  It is impossible to add specific help for
+                              individual usage.  In most embedded usages, there are
+                              particular     restrictions like, "must refer only to
+                              types A and B" or "UID not honored" or "name must be
+                              restricted".     Those cannot be well described when
+                              embedded.  3. Inconsistent validation.  Because the
+                              usages are different, the validation rules are different
+                              by usage, which makes it hard for users to predict what
+                              will happen.  4. The fields are both imprecise and overly
+                              precise.  Kind is not a precise mapping to a URL. This
+                              can produce ambiguity     during interpretation and
+                              require a REST mapping.  In most cases, the dependency
+                              is on the group,resource tuple     and the version of
+                              the actual struct is irrelevant.  5. We cannot easily
+                              change it.  Because this type is embedded in many locations,
+                              updates to this type     will affect numerous schemas.  Don''t
+                              make new APIs embed an underspecified API type they
+                              do not control. Instead of using this type, create a
+                              locally provided and used type that is well-focused
+                              on your reference. For example, ServiceReferences for
+                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              .'
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                        type: object
+                      type: array
+                  type: object
+                type: array
+              probe-interval:
+                description: ProbeInterval is the amount of time in seconds between
+                  probing tries.
+                format: int32
+                type: integer
+              probe-timeout:
+                description: ProbeTimeout is the amount of time in seconds to wait
+                  when receiving a response before marked failure.
+                format: int32
+                type: integer
+              workloadRefs:
+                description: WorkloadReferences to the workloads that are in this
+                  scope.
+                items:
+                  description: 'ObjectReference contains enough information to let
+                    you inspect or modify the referred object. --- New uses of this
+                    type are discouraged because of difficulty describing its usage
+                    when embedded in APIs.  1. Ignored fields.  It includes many fields
+                    which are not generally honored.  For instance, ResourceVersion
+                    and FieldPath are both very rarely valid in actual usage.  2.
+                    Invalid usage help.  It is impossible to add specific help for
+                    individual usage.  In most embedded usages, there are particular     restrictions
+                    like, "must refer only to types A and B" or "UID not honored"
+                    or "name must be restricted".     Those cannot be well described
+                    when embedded.  3. Inconsistent validation.  Because the usages
+                    are different, the validation rules are different by usage, which
+                    makes it hard for users to predict what will happen.  4. The fields
+                    are both imprecise and overly precise.  Kind is not a precise
+                    mapping to a URL. This can produce ambiguity     during interpretation
+                    and require a REST mapping.  In most cases, the dependency is
+                    on the group,resource tuple     and the version of the actual
+                    struct is irrelevant.  5. We cannot easily change it.  Because
+                    this type is embedded in many locations, updates to this type     will
+                    affect numerous schemas.  Don''t make new APIs embed an underspecified
+                    API type they do not control. Instead of using this type, create
+                    a locally provided and used type that is well-focused on your
+                    reference. For example, ServiceReferences for admission registration:
+                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                    .'
+                  properties:
+                    apiVersion:
+                      description: API version of the referent.
+                      type: string
+                    fieldPath:
+                      description: 'If referring to a piece of an object instead of
+                        an entire object, this string should contain a valid JSON/Go
+                        field access statement, such as desiredState.manifest.containers[2].
+                        For example, if the object reference is to a container within
+                        a pod, this would take on a value like: "spec.containers{name}"
+                        (where "name" refers to the name of the container that triggered
+                        the event) or if no container name is specified "spec.containers[2]"
+                        (container with index 2 in this pod). This syntax is chosen
+                        only to have some well-defined way of referencing a part of
+                        an object. TODO: this design is not final and this field is
+                        subject to change in the future.'
+                      type: string
+                    kind:
+                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                      type: string
+                    name:
+                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                      type: string
+                    namespace:
+                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                      type: string
+                    resourceVersion:
+                      description: 'Specific resourceVersion to which this reference
+                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                      type: string
+                    uid:
+                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                      type: string
+                  type: object
+                type: array
+            required:
+            - workloadRefs
+            type: object
+          status:
+            description: A HealthScopeStatus represents the observed state of a HealthScope.
+            properties:
+              appHealthConditions:
+                description: AppHealthConditions represents health condition of applications
+                  in the scope
+                items:
+                  description: AppHealthCondition represents health condition of an
+                    application
+                  properties:
+                    appName:
+                      type: string
+                    components:
+                      items:
+                        description: WorkloadHealthCondition represents informative
+                          health condition of a workload.
+                        properties:
+                          componentName:
+                            description: ComponentName represents the component name
+                              if target is a workload
+                            type: string
+                          customStatusMsg:
+                            type: string
+                          diagnosis:
+                            type: string
+                          healthStatus:
+                            description: HealthStatus represents health status strings.
+                            type: string
+                          targetWorkload:
+                            description: 'ObjectReference contains enough information
+                              to let you inspect or modify the referred object. ---
+                              New uses of this type are discouraged because of difficulty
+                              describing its usage when embedded in APIs.  1. Ignored
+                              fields.  It includes many fields which are not generally
+                              honored.  For instance, ResourceVersion and FieldPath
+                              are both very rarely valid in actual usage.  2. Invalid
+                              usage help.  It is impossible to add specific help for
+                              individual usage.  In most embedded usages, there are
+                              particular     restrictions like, "must refer only to
+                              types A and B" or "UID not honored" or "name must be
+                              restricted".     Those cannot be well described when
+                              embedded.  3. Inconsistent validation.  Because the
+                              usages are different, the validation rules are different
+                              by usage, which makes it hard for users to predict what
+                              will happen.  4. The fields are both imprecise and overly
+                              precise.  Kind is not a precise mapping to a URL. This
+                              can produce ambiguity     during interpretation and
+                              require a REST mapping.  In most cases, the dependency
+                              is on the group,resource tuple     and the version of
+                              the actual struct is irrelevant.  5. We cannot easily
+                              change it.  Because this type is embedded in many locations,
+                              updates to this type     will affect numerous schemas.  Don''t
+                              make new APIs embed an underspecified API type they
+                              do not control. Instead of using this type, create a
+                              locally provided and used type that is well-focused
+                              on your reference. For example, ServiceReferences for
+                              admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                              .'
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                          traits:
+                            items:
+                              description: TraitHealthCondition represents informative
+                                health condition of a trait.
+                              properties:
+                                customStatusMsg:
+                                  type: string
+                                diagnosis:
+                                  type: string
+                                healthStatus:
+                                  description: HealthStatus represents health status
+                                    strings.
+                                  type: string
+                                resource:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                              - healthStatus
+                              - resource
+                              - type
+                              type: object
+                            type: array
+                          workloadStatus:
+                            description: WorkloadStatus represents status of workloads
+                              whose HealthStatus is UNKNOWN.
+                            type: string
+                        required:
+                        - healthStatus
+                        type: object
+                      type: array
+                    envName:
+                      type: string
+                  required:
+                  - appName
+                  type: object
+                type: array
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              healthConditions:
+                description: WorkloadHealthConditions represents health condition
+                  of workloads in the scope Use AppHealthConditions to provide app
+                  level status
+                items:
+                  description: WorkloadHealthCondition represents informative health
+                    condition of a workload.
+                  properties:
+                    componentName:
+                      description: ComponentName represents the component name if
+                        target is a workload
+                      type: string
+                    customStatusMsg:
+                      type: string
+                    diagnosis:
+                      type: string
+                    healthStatus:
+                      description: HealthStatus represents health status strings.
+                      type: string
+                    targetWorkload:
+                      description: 'ObjectReference contains enough information to
+                        let you inspect or modify the referred object. --- New uses
+                        of this type are discouraged because of difficulty describing
+                        its usage when embedded in APIs.  1. Ignored fields.  It includes
+                        many fields which are not generally honored.  For instance,
+                        ResourceVersion and FieldPath are both very rarely valid in
+                        actual usage.  2. Invalid usage help.  It is impossible to
+                        add specific help for individual usage.  In most embedded
+                        usages, there are particular     restrictions like, "must
+                        refer only to types A and B" or "UID not honored" or "name
+                        must be restricted".     Those cannot be well described when
+                        embedded.  3. Inconsistent validation.  Because the usages
+                        are different, the validation rules are different by usage,
+                        which makes it hard for users to predict what will happen.  4.
+                        The fields are both imprecise and overly precise.  Kind is
+                        not a precise mapping to a URL. This can produce ambiguity     during
+                        interpretation and require a REST mapping.  In most cases,
+                        the dependency is on the group,resource tuple     and the
+                        version of the actual struct is irrelevant.  5. We cannot
+                        easily change it.  Because this type is embedded in many locations,
+                        updates to this type     will affect numerous schemas.  Don''t
+                        make new APIs embed an underspecified API type they do not
+                        control. Instead of using this type, create a locally provided
+                        and used type that is well-focused on your reference. For
+                        example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                        .'
+                      properties:
+                        apiVersion:
+                          description: API version of the referent.
+                          type: string
+                        fieldPath:
+                          description: 'If referring to a piece of an object instead
+                            of an entire object, this string should contain a valid
+                            JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                            For example, if the object reference is to a container
+                            within a pod, this would take on a value like: "spec.containers{name}"
+                            (where "name" refers to the name of the container that
+                            triggered the event) or if no container name is specified
+                            "spec.containers[2]" (container with index 2 in this pod).
+                            This syntax is chosen only to have some well-defined way
+                            of referencing a part of an object. TODO: this design
+                            is not final and this field is subject to change in the
+                            future.'
+                          type: string
+                        kind:
+                          description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                          type: string
+                        name:
+                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                          type: string
+                        namespace:
+                          description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                          type: string
+                        resourceVersion:
+                          description: 'Specific resourceVersion to which this reference
+                            is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                          type: string
+                        uid:
+                          description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                          type: string
+                      type: object
+                    traits:
+                      items:
+                        description: TraitHealthCondition represents informative health
+                          condition of a trait.
+                        properties:
+                          customStatusMsg:
+                            type: string
+                          diagnosis:
+                            type: string
+                          healthStatus:
+                            description: HealthStatus represents health status strings.
+                            type: string
+                          resource:
+                            type: string
+                          type:
+                            type: string
+                        required:
+                        - healthStatus
+                        - resource
+                        - type
+                        type: object
+                      type: array
+                    workloadStatus:
+                      description: WorkloadStatus represents status of workloads whose
+                        HealthStatus is UNKNOWN.
+                      type: string
+                  required:
+                  - healthStatus
+                  type: object
+                type: array
+              scopeHealthCondition:
+                description: ScopeHealthCondition represents health condition summary
+                  of the scope
+                properties:
+                  healthStatus:
+                    description: HealthStatus represents health status strings.
+                    type: string
+                  healthyWorkloads:
+                    format: int64
+                    type: integer
+                  total:
+                    format: int64
+                    type: integer
+                  unhealthyWorkloads:
+                    format: int64
+                    type: integer
+                  unknownWorkloads:
+                    format: int64
+                    type: integer
+                required:
+                - healthStatus
+                type: object
+            required:
+            - scopeHealthCondition
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/oam-runtime/crds/core.oam.dev_manualscalertraits.yaml
+++ b/charts/oam-runtime/crds/core.oam.dev_manualscalertraits.yaml
@@ -0,0 +1,134 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: manualscalertraits.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: ManualScalerTrait
+    listKind: ManualScalerTraitList
+    plural: manualscalertraits
+    singular: manualscalertrait
+  scope: Namespaced
+  versions:
+  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A ManualScalerTrait determines how many replicas a workload should
+          have.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A ManualScalerTraitSpec defines the desired state of a ManualScalerTrait.
+            properties:
+              replicaCount:
+                description: ReplicaCount of the workload this trait applies to.
+                format: int32
+                type: integer
+              workloadRef:
+                description: WorkloadReference to the workload this trait applies
+                  to.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+            required:
+            - replicaCount
+            - workloadRef
+            type: object
+          status:
+            description: A ManualScalerTraitStatus represents the observed state of
+              a ManualScalerTrait.
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/oam-runtime/crds/core.oam.dev_scopedefinitions.yaml
+++ b/charts/oam-runtime/crds/core.oam.dev_scopedefinitions.yaml
@@ -0,0 +1,153 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: scopedefinitions.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: ScopeDefinition
+    listKind: ScopeDefinitionList
+    plural: scopedefinitions
+    shortNames:
+    - scope
+    singular: scopedefinition
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.definitionRef.name
+      name: DEFINITION-NAME
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A ScopeDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM scope kind by referencing its CustomResourceDefinition. The
+          CRD is used to validate the schema of the scope when it is embedded in an
+          OAM ApplicationConfiguration.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A ScopeDefinitionSpec defines the desired state of a ScopeDefinition.
+            properties:
+              allowComponentOverlap:
+                description: AllowComponentOverlap specifies whether an OAM component
+                  may exist in multiple instances of this kind of scope.
+                type: boolean
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this scope kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              workloadRefsPath:
+                description: WorkloadRefsPath indicates if/where a scope accepts workloadRef
+                  objects
+                type: string
+            required:
+            - allowComponentOverlap
+            - definitionRef
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.definitionRef.name
+      name: DEFINITION-NAME
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: A ScopeDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM scope kind by referencing its CustomResourceDefinition. The
+          CRD is used to validate the schema of the scope when it is embedded in an
+          OAM ApplicationConfiguration.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A ScopeDefinitionSpec defines the desired state of a ScopeDefinition.
+            properties:
+              allowComponentOverlap:
+                description: AllowComponentOverlap specifies whether an OAM component
+                  may exist in multiple instances of this kind of scope.
+                type: boolean
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this scope kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              workloadRefsPath:
+                description: WorkloadRefsPath indicates if/where a scope accepts workloadRef
+                  objects
+                type: string
+            required:
+            - allowComponentOverlap
+            - definitionRef
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/oam-runtime/crds/core.oam.dev_traitdefinitions.yaml
+++ b/charts/oam-runtime/crds/core.oam.dev_traitdefinitions.yaml
@@ -0,0 +1,645 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: traitdefinitions.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: TraitDefinition
+    listKind: TraitDefinitionList
+    plural: traitdefinitions
+    shortNames:
+    - trait
+    singular: traitdefinition
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.appliesToWorkloads
+      name: APPLIES-TO
+      type: string
+    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
+      name: DESCRIPTION
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A TraitDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM trait kind by referencing its CustomResourceDefinition. The
+          CRD is used to validate the schema of the trait when it is embedded in an
+          OAM ApplicationConfiguration.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A TraitDefinitionSpec defines the desired state of a TraitDefinition.
+            properties:
+              appliesToWorkloads:
+                description: AppliesToWorkloads specifies the list of workload kinds
+                  this trait applies to. Workload kinds are specified in kind.group/version
+                  format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this
+                  field apply to all workload kinds.
+                items:
+                  type: string
+                type: array
+              conflictsWith:
+                description: 'ConflictsWith specifies the list of traits(CRD name,
+                  Definition name, CRD group) which could not apply to the same workloads
+                  with this trait. Traits that omit this field can work with any other
+                  traits. Example rules: "service" # Trait definition name "services.k8s.io"
+                  # API resource/crd name "*.networking.k8s.io" # API group "labelSelector:foo=bar"
+                  # label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse'
+                items:
+                  type: string
+                type: array
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this trait kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              podDisruptive:
+                description: PodDisruptive specifies whether using the trait will
+                  cause the pod to restart or not.
+                type: boolean
+              revisionEnabled:
+                description: Revision indicates whether a trait is aware of component
+                  revision
+                type: boolean
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the trait
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        - remote
+                        type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                    required:
+                    - configuration
+                    type: object
+                type: object
+              status:
+                description: Status defines the custom health policy and status message
+                  for trait
+                properties:
+                  customStatus:
+                    description: CustomStatus defines the custom status message that
+                      could display to user
+                    type: string
+                  healthPolicy:
+                    description: HealthPolicy defines the health check policy for
+                      the abstraction
+                    type: string
+                type: object
+              workloadRefPath:
+                description: WorkloadRefPath indicates where/if a trait accepts a
+                  workloadRef object
+                type: string
+            type: object
+          status:
+            description: TraitDefinitionStatus is the status of TraitDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              configMapRef:
+                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
+                  V3 JSON schema of Component parameters.
+                type: string
+              latestRevision:
+                description: LatestRevision of the trait definition
+                properties:
+                  name:
+                    type: string
+                  revision:
+                    format: int64
+                    type: integer
+                  revisionHash:
+                    description: RevisionHash record the hash value of the spec of
+                      ApplicationRevision object.
+                    type: string
+                required:
+                - name
+                - revision
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.appliesToWorkloads
+      name: APPLIES-TO
+      type: string
+    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
+      name: DESCRIPTION
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: A TraitDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM trait kind by referencing its CustomResourceDefinition. The
+          CRD is used to validate the schema of the trait when it is embedded in an
+          OAM ApplicationConfiguration.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A TraitDefinitionSpec defines the desired state of a TraitDefinition.
+            properties:
+              appliesToWorkloads:
+                description: AppliesToWorkloads specifies the list of workload kinds
+                  this trait applies to. Workload kinds are specified in kind.group/version
+                  format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this
+                  field apply to all workload kinds.
+                items:
+                  type: string
+                type: array
+              conflictsWith:
+                description: 'ConflictsWith specifies the list of traits(CRD name,
+                  Definition name, CRD group) which could not apply to the same workloads
+                  with this trait. Traits that omit this field can work with any other
+                  traits. Example rules: "service" # Trait definition name "services.k8s.io"
+                  # API resource/crd name "*.networking.k8s.io" # API group "labelSelector:foo=bar"
+                  # label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse'
+                items:
+                  type: string
+                type: array
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this trait kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              manageWorkload:
+                description: ManageWorkload defines the trait would be responsible
+                  for creating the workload
+                type: boolean
+              podDisruptive:
+                description: PodDisruptive specifies whether using the trait will
+                  cause the pod to restart or not.
+                type: boolean
+              revisionEnabled:
+                description: Revision indicates whether a trait is aware of component
+                  revision
+                type: boolean
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the trait
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        - remote
+                        type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                    required:
+                    - configuration
+                    type: object
+                type: object
+              skipRevisionAffect:
+                description: SkipRevisionAffect defines the update this trait will
+                  not generate a new application Revision
+                type: boolean
+              status:
+                description: Status defines the custom health policy and status message
+                  for trait
+                properties:
+                  customStatus:
+                    description: CustomStatus defines the custom status message that
+                      could display to user
+                    type: string
+                  healthPolicy:
+                    description: HealthPolicy defines the health check policy for
+                      the abstraction
+                    type: string
+                type: object
+              workloadRefPath:
+                description: WorkloadRefPath indicates where/if a trait accepts a
+                  workloadRef object
+                type: string
+            type: object
+          status:
+            description: TraitDefinitionStatus is the status of TraitDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              configMapRef:
+                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
+                  V3 JSON schema of Component parameters.
+                type: string
+              latestRevision:
+                description: LatestRevision of the component definition
+                properties:
+                  name:
+                    type: string
+                  revision:
+                    format: int64
+                    type: integer
+                  revisionHash:
+                    description: RevisionHash record the hash value of the spec of
+                      ApplicationRevision object.
+                    type: string
+                required:
+                - name
+                - revision
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/oam-runtime/crds/core.oam.dev_workloaddefinitions.yaml
+++ b/charts/oam-runtime/crds/core.oam.dev_workloaddefinitions.yaml
@@ -0,0 +1,604 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: workloaddefinitions.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: WorkloadDefinition
+    listKind: WorkloadDefinitionList
+    plural: workloaddefinitions
+    shortNames:
+    - workload
+    singular: workloaddefinition
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.definitionRef.name
+      name: DEFINITION-NAME
+      type: string
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A WorkloadDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM workload kind by referencing its CustomResourceDefinition.
+          The CRD is used to validate the schema of the workload when it is embedded
+          in an OAM Component.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A WorkloadDefinitionSpec defines the desired state of a WorkloadDefinition.
+            properties:
+              childResourceKinds:
+                description: ChildResourceKinds are the list of GVK of the child resources
+                  this workload generates
+                items:
+                  description: A ChildResourceKind defines a child Kubernetes resource
+                    kind with a selector
+                  properties:
+                    apiVersion:
+                      description: APIVersion of the child resource
+                      type: string
+                    kind:
+                      description: Kind of the child resource
+                      type: string
+                    selector:
+                      additionalProperties:
+                        type: string
+                      description: Selector to select the child resources that the
+                        workload wants to expose to traits
+                      type: object
+                  required:
+                  - apiVersion
+                  - kind
+                  type: object
+                type: array
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this workload kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              podSpecPath:
+                description: PodSpecPath indicates where/if this workload has K8s
+                  podSpec field if one workload has podSpec, trait can do lot's of
+                  assumption such as port, env, volume fields.
+                type: string
+              revisionLabel:
+                description: RevisionLabel indicates which label for underlying resources(e.g.
+                  pods) of this workload can be used by trait to create resource selectors(e.g.
+                  label selector for pods).
+                type: string
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the workload
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        - remote
+                        type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                    required:
+                    - configuration
+                    type: object
+                type: object
+              status:
+                description: Status defines the custom health policy and status message
+                  for workload
+                properties:
+                  customStatus:
+                    description: CustomStatus defines the custom status message that
+                      could display to user
+                    type: string
+                  healthPolicy:
+                    description: HealthPolicy defines the health check policy for
+                      the abstraction
+                    type: string
+                type: object
+            required:
+            - definitionRef
+            type: object
+          status:
+            description: WorkloadDefinitionStatus is the status of WorkloadDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.definitionRef.name
+      name: DEFINITION-NAME
+      type: string
+    - jsonPath: .metadata.annotations.definition\.oam\.dev/description
+      name: DESCRIPTION
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: A WorkloadDefinition registers a kind of Kubernetes custom resource
+          as a valid OAM workload kind by referencing its CustomResourceDefinition.
+          The CRD is used to validate the schema of the workload when it is embedded
+          in an OAM Component.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A WorkloadDefinitionSpec defines the desired state of a WorkloadDefinition.
+            properties:
+              childResourceKinds:
+                description: ChildResourceKinds are the list of GVK of the child resources
+                  this workload generates
+                items:
+                  description: A ChildResourceKind defines a child Kubernetes resource
+                    kind with a selector
+                  properties:
+                    apiVersion:
+                      description: APIVersion of the child resource
+                      type: string
+                    kind:
+                      description: Kind of the child resource
+                      type: string
+                    selector:
+                      additionalProperties:
+                        type: string
+                      description: Selector to select the child resources that the
+                        workload wants to expose to traits
+                      type: object
+                  required:
+                  - apiVersion
+                  - kind
+                  type: object
+                type: array
+              definitionRef:
+                description: Reference to the CustomResourceDefinition that defines
+                  this workload kind.
+                properties:
+                  name:
+                    description: Name of the referenced CustomResourceDefinition.
+                    type: string
+                  version:
+                    description: Version indicate which version should be used if
+                      CRD has multiple versions by default it will use the first one
+                      if not specified
+                    type: string
+                required:
+                - name
+                type: object
+              extension:
+                description: Extension is used for extension needs by OAM platform
+                  builders
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              podSpecPath:
+                description: PodSpecPath indicates where/if this workload has K8s
+                  podSpec field if one workload has podSpec, trait can do lot's of
+                  assumption such as port, env, volume fields.
+                type: string
+              revisionLabel:
+                description: RevisionLabel indicates which label for underlying resources(e.g.
+                  pods) of this workload can be used by trait to create resource selectors(e.g.
+                  label selector for pods).
+                type: string
+              schematic:
+                description: Schematic defines the data format and template of the
+                  encapsulation of the workload
+                properties:
+                  cue:
+                    description: CUE defines the encapsulation in CUE format
+                    properties:
+                      template:
+                        description: Template defines the abstraction template data
+                          of the capability, it will replace the old CUE template
+                          in extension field. Template is a required field if CUE
+                          is defined in Capability Definition.
+                        type: string
+                    required:
+                    - template
+                    type: object
+                  helm:
+                    description: A Helm represents resources used by a Helm module
+                    properties:
+                      release:
+                        description: Release records a Helm release used by a Helm
+                          module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      repository:
+                        description: HelmRelease records a Helm repository used by
+                          a Helm module workload.
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - release
+                    - repository
+                    type: object
+                  kube:
+                    description: Kube defines the encapsulation in raw Kubernetes
+                      resource format
+                    properties:
+                      parameters:
+                        description: Parameters defines configurable parameters
+                        items:
+                          description: A KubeParameter defines a configurable parameter
+                            of a component.
+                          properties:
+                            description:
+                              description: Description of this parameter.
+                              type: string
+                            fieldPaths:
+                              description: "FieldPaths specifies an array of fields
+                                within this workload that will be overwritten by the
+                                value of this parameter. \tAll fields must be of the
+                                same type. Fields are specified as JSON field paths
+                                without a leading dot, for example 'spec.replicas'."
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              description: Name of this parameter
+                              type: string
+                            required:
+                              default: false
+                              description: Required specifies whether or not a value
+                                for this parameter must be supplied when authoring
+                                an Application.
+                              type: boolean
+                            type:
+                              description: 'ValueType indicates the type of the parameter
+                                value, and only supports basic data types: string,
+                                number, boolean.'
+                              enum:
+                              - string
+                              - number
+                              - boolean
+                              type: string
+                          required:
+                          - fieldPaths
+                          - name
+                          - type
+                          type: object
+                        type: array
+                      template:
+                        description: Template defines the raw Kubernetes resource
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                    required:
+                    - template
+                    type: object
+                  terraform:
+                    description: Terraform is the struct to describe cloud resources
+                      managed by Hashicorp Terraform
+                    properties:
+                      configuration:
+                        description: Configuration is Terraform Configuration
+                        type: string
+                      customRegion:
+                        description: Region is cloud provider's region. It will override
+                          the region in the region field of ProviderReference
+                        type: string
+                      deleteResource:
+                        default: true
+                        description: DeleteResource will determine whether provisioned
+                          cloud resources will be deleted when CR is deleted
+                        type: boolean
+                      path:
+                        description: Path is the sub-directory of remote git repository.
+                          It's valid when remote is set
+                        type: string
+                      providerRef:
+                        description: ProviderReference specifies the reference to
+                          Provider
+                        properties:
+                          name:
+                            description: Name of the referenced object.
+                            type: string
+                          namespace:
+                            default: default
+                            description: Namespace of the referenced object.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type:
+                        default: hcl
+                        description: Type specifies which Terraform configuration
+                          it is, HCL or JSON syntax
+                        enum:
+                        - hcl
+                        - json
+                        - remote
+                        type: string
+                      writeConnectionSecretToRef:
+                        description: WriteConnectionSecretToReference specifies the
+                          namespace and name of a Secret to which any connection details
+                          for this managed resource should be written. Connection
+                          details frequently include the endpoint, username, and password
+                          required to connect to the managed resource.
+                        properties:
+                          name:
+                            description: Name of the secret.
+                            type: string
+                          namespace:
+                            description: Namespace of the secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                    required:
+                    - configuration
+                    type: object
+                type: object
+              status:
+                description: Status defines the custom health policy and status message
+                  for workload
+                properties:
+                  customStatus:
+                    description: CustomStatus defines the custom status message that
+                      could display to user
+                    type: string
+                  healthPolicy:
+                    description: HealthPolicy defines the health check policy for
+                      the abstraction
+                    type: string
+                type: object
+            required:
+            - definitionRef
+            type: object
+          status:
+            description: WorkloadDefinitionStatus is the status of WorkloadDefinition
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/oam-runtime/templates/NOTES.txt
+++ b/charts/oam-runtime/templates/NOTES.txt
@@ -0,0 +1 @@
+Welcome to use the oam-runtime follows OAM spec v0.2! Enjoy your shipping application journey!
--- a/charts/oam-runtime/templates/_helpers.tpl
+++ b/charts/oam-runtime/templates/_helpers.tpl
@@ -0,0 +1,63 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "oam-runtime.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "oam-runtime.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "oam-runtime.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "oam-runtime.labels" -}}
+helm.sh/chart: {{ include "oam-runtime.chart" . }}
+{{ include "oam-runtime.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "oam-runtime.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "oam-runtime.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "oam-runtime.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "oam-runtime.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
--- a/charts/oam-runtime/templates/admission-webhooks/job-patch/clusterrole.yaml
+++ b/charts/oam-runtime/templates/admission-webhooks/job-patch/clusterrole.yaml
@@ -0,0 +1,28 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name:  {{ template "oam-runtime.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "oam-runtime.name" . }}-admission
+    {{- include "oam-runtime.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - validatingwebhookconfigurations
+      - mutatingwebhookconfigurations
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - update
+{{- end }}
--- a/charts/oam-runtime/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
+++ b/charts/oam-runtime/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  {{ template "oam-runtime.fullname" . }}-admission
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "oam-runtime.name" . }}-admission
+    {{- include "oam-runtime.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "oam-runtime.fullname" . }}-admission
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "oam-runtime.fullname" . }}-admission
+    namespace: {{ .Release.Namespace }}
+{{- end }}
--- a/charts/oam-runtime/templates/admission-webhooks/job-patch/job-createSecret.yaml
+++ b/charts/oam-runtime/templates/admission-webhooks/job-patch/job-createSecret.yaml
@@ -0,0 +1,54 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name:  {{ template "oam-runtime.fullname" . }}-admission-create
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "oam-runtime.name" . }}-admission-create
+    {{- include "oam-runtime.labels" . | nindent 4 }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name:  {{ template "oam-runtime.fullname" . }}-admission-create
+      labels:
+        app: {{ template "oam-runtime.name" . }}-admission-create
+        {{- include "oam-runtime.labels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: create
+          image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+          imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
+          args:
+            - create
+            - --host={{ template "oam-runtime.name" . }}-webhook,{{ template "oam-runtime.name" . }}-webhook.{{ .Release.Namespace }}.svc
+            - --namespace={{ .Release.Namespace }}
+            - --secret-name={{ template "oam-runtime.fullname" . }}-admission
+            - --key-name=tls.key
+            - --cert-name=tls.crt
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "oam-runtime.fullname" . }}-admission
+      {{- with .Values.admissionWebhooks.patch.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.admissionWebhooks.patch.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.admissionWebhooks.patch.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      securityContext:
+        runAsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+{{- end }}
--- a/charts/oam-runtime/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+++ b/charts/oam-runtime/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -0,0 +1,53 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name:  {{ template "oam-runtime.fullname" . }}-admission-patch
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "oam-runtime.name" . }}-admission-patch
+    {{- include "oam-runtime.labels" . | nindent 4 }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name:  {{ template "oam-runtime.fullname" . }}-admission-patch
+      labels:
+        app: {{ template "oam-runtime.name" . }}-admission-patch
+        {{- include "oam-runtime.labels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: patch
+          image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+          imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
+          args:
+            - patch
+            - --webhook-name={{ template "oam-runtime.fullname" . }}-admission
+            - --namespace={{ .Release.Namespace }}
+            - --secret-name={{ template "oam-runtime.fullname" . }}-admission
+            - --patch-failure-policy={{ .Values.admissionWebhooks.failurePolicy }}
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "oam-runtime.fullname" . }}-admission
+      {{- with .Values.admissionWebhooks.patch.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.admissionWebhooks.patch.affinity }}
+      affinity:
+      {{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.admissionWebhooks.patch.tolerations }}
+      tolerations:
+      {{ toYaml . | indent 8 }}
+      {{- end }}
+      securityContext:
+        runAsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+{{- end }}
--- a/charts/oam-runtime/templates/admission-webhooks/job-patch/role.yaml
+++ b/charts/oam-runtime/templates/admission-webhooks/job-patch/role.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name:  {{ template "oam-runtime.fullname" . }}-admission
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "oam-runtime.name" . }}-admission
+    {{- include "oam-runtime.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - create
+{{- end }}
--- a/charts/oam-runtime/templates/admission-webhooks/job-patch/rolebinding.yaml
+++ b/charts/oam-runtime/templates/admission-webhooks/job-patch/rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name:  {{ template "oam-runtime.fullname" . }}-admission
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "oam-runtime.name" . }}-admission
+    {{- include "oam-runtime.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "oam-runtime.fullname" . }}-admission
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "oam-runtime.fullname" . }}-admission
+    namespace: {{ .Release.Namespace }}
+{{- end }}
--- a/charts/oam-runtime/templates/admission-webhooks/job-patch/serviceaccount.yaml
+++ b/charts/oam-runtime/templates/admission-webhooks/job-patch/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled .Values.rbac.create (not .Values.admissionWebhooks.certManager.enabled) }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name:  {{ template "oam-runtime.fullname" . }}-admission
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "oam-runtime.name" . }}-admission
+    {{- include "oam-runtime.labels" . | nindent 4 }}
+{{- end }}
--- a/charts/oam-runtime/templates/admission-webhooks/mutatingWebhookConfiguration.yaml
+++ b/charts/oam-runtime/templates/admission-webhooks/mutatingWebhookConfiguration.yaml
@@ -0,0 +1,69 @@
+{{- if .Values.admissionWebhooks.enabled -}}
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "oam-runtime.fullname" . }}-admission
+  namespace: {{ .Release.Namespace }}
+  {{- if .Values.admissionWebhooks.certManager.enabled }}
+  annotations:
+    cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "oam-runtime.fullname" .) | quote }}
+  {{- end }}
+webhooks:
+  - clientConfig:
+      caBundle: Cg==
+      service:
+        name: {{ template "oam-runtime.name" . }}-webhook
+        namespace: {{ .Release.Namespace }}
+        path: /mutating-core-oam-dev-v1alpha2-applicationconfigurations
+    {{- if .Values.admissionWebhooks.patch.enabled  }}
+    failurePolicy: Ignore
+    {{- else }}
+    failurePolicy: Fail
+    {{- end }}
+    name: mutating.core.oam.dev.v1alpha2.applicationconfigurations
+    sideEffects: None
+    rules:
+      - apiGroups:
+          - core.oam.dev
+        apiVersions:
+          - v1alpha2
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - applicationconfigurations
+        scope: Namespaced
+    admissionReviewVersions:
+      - v1beta1
+      - v1
+    timeoutSeconds: 5
+  - clientConfig:
+      caBundle: Cg==
+      service:
+        name: {{ template "oam-runtime.name" . }}-webhook
+        namespace: {{ .Release.Namespace }}
+        path: /mutating-core-oam-dev-v1alpha2-components
+    {{- if .Values.admissionWebhooks.patch.enabled  }}
+    failurePolicy: Ignore
+    {{- else }}
+    failurePolicy: Fail
+    {{- end }}
+    name: mutating.core.oam-dev.v1alpha2.components
+    sideEffects: None
+    rules:
+      - apiGroups:
+          - core.oam.dev
+        apiVersions:
+          - v1alpha2
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - components
+        scope: Namespaced
+    admissionReviewVersions:
+      - v1beta1
+      - v1
+    timeoutSeconds: 5
+
+{{- end -}}
--- a/charts/oam-runtime/templates/admission-webhooks/validatingWebhookConfiguration.yaml
+++ b/charts/oam-runtime/templates/admission-webhooks/validatingWebhookConfiguration.yaml
@@ -0,0 +1,69 @@
+{{- if .Values.admissionWebhooks.enabled -}}
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: {{ template "oam-runtime.fullname" . }}-admission
+  namespace: {{ .Release.Namespace }}
+  {{- if .Values.admissionWebhooks.certManager.enabled }}
+  annotations:
+    cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "oam-runtime.fullname" .) | quote }}
+  {{- end }}
+webhooks:
+  - clientConfig:
+      caBundle: Cg==
+      service:
+        name: {{ template "oam-runtime.name" . }}-webhook
+        namespace: {{ .Release.Namespace }}
+        path: /validating-core-oam-dev-v1alpha2-applicationconfigurations
+    {{- if .Values.admissionWebhooks.patch.enabled  }}
+    failurePolicy: Ignore
+    {{- else }}
+    failurePolicy: {{ .Values.admissionWebhooks.failurePolicy }}
+    {{- end }}
+    name: validating.core.oam.dev.v1alpha2.applicationconfigurations
+    sideEffects: None
+    rules:
+      - apiGroups:
+          - core.oam.dev
+        apiVersions:
+          - v1alpha2
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - applicationconfigurations
+        scope: Namespaced
+    admissionReviewVersions:
+      - v1beta1
+      - v1
+    timeoutSeconds: 5
+  - clientConfig:
+      caBundle: Cg==
+      service:
+        name: {{ template "oam-runtime.name" . }}-webhook
+        namespace: {{ .Release.Namespace }}
+        path: /validating-core-oam-dev-v1alpha2-components
+    {{- if .Values.admissionWebhooks.patch.enabled  }}
+    failurePolicy: Ignore
+    {{- else }}
+    failurePolicy: {{ .Values.admissionWebhooks.failurePolicy }}
+    {{- end }}
+    name: validating.core.oam.dev.v1alpha2.components
+    sideEffects: None
+    rules:
+      - apiGroups:
+          - core.oam.dev
+        apiVersions:
+          - v1alpha2
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - components
+        scope: Namespaced
+    admissionReviewVersions:
+      - v1beta1
+      - v1
+    timeoutSeconds: 5
+          
+{{- end -}}
--- a/charts/oam-runtime/templates/admission-webhooks/webhookService.yaml
+++ b/charts/oam-runtime/templates/admission-webhooks/webhookService.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.admissionWebhooks.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "oam-runtime.name" . }}-webhook
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "oam-runtime.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.webhookService.type }}
+  ports:
+    - port: 443
+      targetPort: {{ .Values.webhookService.port }}
+      protocol: TCP
+      name: https
+  selector:
+    {{ include "oam-runtime.selectorLabels" . | nindent 6 }}
+
+{{- end -}}
--- a/charts/oam-runtime/templates/certmanager.yaml
+++ b/charts/oam-runtime/templates/certmanager.yaml
@@ -0,0 +1,55 @@
+{{- if and .Values.admissionWebhooks.certManager.enabled -}}
+
+# The following manifests contain a self-signed issuer CR and a certificate CR.
+# More document can be found at https://docs.cert-manager.io
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ template "oam-runtime.fullname" . }}-self-signed-issuer
+spec:
+  selfSigned: {}
+
+---
+# Generate a CA Certificate used to sign certificates for the webhook
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ template "oam-runtime.fullname" . }}-root-cert
+spec:
+  secretName: {{ template "oam-runtime.fullname" . }}-root-cert
+  duration: 43800h # 5y
+  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
+  issuerRef:
+    name: {{ template "oam-runtime.fullname" . }}-self-signed-issuer
+  commonName: "ca.webhook.oam-runtime"
+  isCA: true
+  
+---
+# Create an Issuer that uses the above generated CA certificate to issue certs
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ template "oam-runtime.fullname" . }}-root-issuer
+  namespace: {{ .Release.Namespace }}
+spec:
+  ca:
+    secretName: {{ template "oam-runtime.fullname" . }}-root-cert
+
+---
+# generate a serving certificate for the apiservices to use
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ template "oam-runtime.fullname" . }}-admission
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretName: {{ template "oam-runtime.fullname" . }}-admission
+  duration: 8760h # 1y
+  revisionHistoryLimit: {{ .Values.admissionWebhooks.certManager.revisionHistoryLimit }}
+  issuerRef:
+    name: {{ template "oam-runtime.fullname" . }}-root-issuer
+  dnsNames:
+    - {{ template "oam-runtime.name" . }}-webhook.{{ .Release.Namespace }}.svc
+    - {{ template "oam-runtime.name" . }}-webhook.{{ .Release.Namespace }}.svc.cluster.local
+
+{{- end }}
--- a/charts/oam-runtime/templates/definitions/healthscopes.yaml
+++ b/charts/oam-runtime/templates/definitions/healthscopes.yaml
@@ -0,0 +1,10 @@
+apiVersion: core.oam.dev/v1beta1
+kind: ScopeDefinition
+metadata:
+  name: healthscopes.core.oam.dev
+  namespace: {{.Values.systemDefinitionNamespace}}
+spec:
+  workloadRefsPath: spec.workloadRefs
+  allowComponentOverlap: true
+  definitionRef:
+    name: healthscopes.core.oam.dev
--- a/charts/oam-runtime/templates/oam-runtime-controller.yaml
+++ b/charts/oam-runtime/templates/oam-runtime-controller.yaml
@@ -0,0 +1,177 @@
+---
+
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "oam-runtime.serviceAccountName" . }}
+  labels:
+    {{- include "oam-runtime.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "oam-runtime.fullname" . }}:manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: "cluster-admin"
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "oam-runtime.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+
+---
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "oam-runtime.fullname" . }}:leader-election-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps/status
+    verbs:
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "oam-runtime.fullname" . }}:leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "oam-runtime.fullname" . }}:leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "oam-runtime.serviceAccountName" . }}
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "oam-runtime.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "oam-runtime.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+  {{- include "oam-runtime.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+    {{- include "oam-runtime.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "oam-runtime.serviceAccountName" . }}
+      securityContext:
+      {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Release.Name }}
+          securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}
+          args:
+            - "--metrics-addr=:8080"
+            - "--enable-leader-election"
+            {{ if ne .Values.logFilePath "" }}
+            - "--log-file-path={{ .Values.logFilePath }}"
+            - "--log-file-max-size={{ .Values.logFileMaxSize }}"
+            {{ end }}
+            {{ if .Values.logDebug }}
+            - "--log-debug=true"
+            {{ end }}
+            {{ if .Values.admissionWebhooks.enabled }}
+            - "--use-webhook=true"
+            - "--webhook-port={{ .Values.webhookService.port }}"
+            - "--webhook-cert-dir={{ .Values.admissionWebhooks.certificate.mountPath }}"
+            {{ end }}
+            - "--health-addr=:{{ .Values.healthCheck.port }}"
+            - "--apply-once-only={{ .Values.applyOnceOnly }}"
+            {{ if ne .Values.disableCaps "" }}
+            - "--disable-caps={{ .Values.disableCaps }}"
+            {{ end }}
+            - "--system-definition-namespace={{ .Values.systemDefinitionNamespace }}"
+            - "--oam-spec-ver={{ .Values.OAMSpecVer }}"
+            - "--concurrent-reconciles={{ .Values.concurrentReconciles }}"
+          image: {{ .Values.imageRegistry }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ quote .Values.image.pullPolicy }}
+          resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+          {{ if .Values.admissionWebhooks.enabled }}
+          ports:
+            - containerPort: {{ .Values.webhookService.port }}
+              name: webhook-server
+              protocol: TCP
+            - containerPort: {{ .Values.healthCheck.port }}
+              name: healthz
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: healthz
+            initialDelaySeconds: 90
+            periodSeconds: 5
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 90
+            periodSeconds: 5
+          volumeMounts:
+            - mountPath: {{ .Values.admissionWebhooks.certificate.mountPath }}
+              name: tls-cert-vol
+              readOnly: true
+          {{ end }}
+      {{ if .Values.admissionWebhooks.enabled }}
+      volumes:
+        - name: tls-cert-vol
+          secret:
+            defaultMode: 420
+            secretName: {{ template "oam-runtime.fullname" . }}-admission
+      {{ end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+    {{- toYaml . | nindent 8 }}
+  {{- end }}
--- a/charts/oam-runtime/templates/test/test-application.yaml
+++ b/charts/oam-runtime/templates/test/test-application.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ include "oam-runtime.fullname" . }}-test-connection
+  labels:
+  {{- include "oam-runtime.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: {{ .Values.imageRegistry }}{{ .Values.test.app.repository }}:{{ .Values.test.app.tag }}
+      command: ['wget']
+      args: ['{{ include "oam-runtime.fullname" . }}:{{ .Values.healthCheck.port }}']
+  restartPolicy: Never
--- a/charts/oam-runtime/values.yaml
+++ b/charts/oam-runtime/values.yaml
@@ -0,0 +1,109 @@
+# Default values for kubevela.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+# Valid applyOnceOnly values: true/false/on/off/force
+applyOnceOnly: "off"
+
+disableCaps: "all"
+
+imageRegistry: ""
+image:
+  repository: oamdev/vela-core
+  tag: latest
+  pullPolicy: Always
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 1Gi
+  requests:
+    cpu: 50m
+    memory: 20Mi
+
+webhookService:
+  type: ClusterIP
+  port: 11443
+
+healthCheck:
+  port: 11440
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+rbac:
+  create: true
+
+admissionWebhooks:
+  enabled: true
+  failurePolicy: Fail
+  certificate:
+    mountPath: /etc/k8s-webhook-certs
+  patch:
+    enabled: true
+    image:
+      repository: oamdev/kube-webhook-certgen
+      tag: v2.3
+      pullPolicy: IfNotPresent
+    nodeSelector: {}
+    affinity: {}
+    tolerations: []
+  certManager:
+    enabled: false
+    revisionHistoryLimit: 3
+  # If autoGenWorkloadDefinition is true, webhook will auto generated workloadDefinition which componentDefinition refers to
+  autoGenWorkloadDefinition: true
+
+#Enable debug logs for development purpose
+logDebug: false
+
+#If non-empty, write log files in this path
+logFilePath: ""
+
+#Defines the maximum size a log file can grow to. Unit is megabytes.
+#If the value is 0, the maximum file size is unlimited.
+logFileMaxSize: 1024
+
+systemDefinitionNamespace: oam-runtime-system
+
+# concurrentReconciles is the concurrent reconcile number of the controller
+concurrentReconciles: 4
+
+# dependCheckWait is the time to wait for ApplicationConfiguration's dependent-resource ready
+dependCheckWait: 30s
+
+# OAMSpecVer is the oam spec version controller want to setup
+OAMSpecVer: "v0.2"
+
+test:
+  app:
+    repository: oamdev/busybox
+    tag: v1
--- a/charts/vela-core/README.md
+++ b/charts/vela-core/README.md
@@ -1,18 +1,18 @@
 <div style="text-align: center">
  <p align="center">
-    <img src="https://raw.githubusercontent.com/kubevela/kubevela.io/main/docs/resources/KubeVela-03.png">
+    <img src="https://raw.githubusercontent.com/oam-dev/kubevela.io/main/docs/resources/KubeVela-03.png">
    <br><br>
    <i>Make shipping applications more enjoyable.</i>
  </p>
 </div>

-![Build status](https://github.com/kubevela/kubevela/workflows/E2E/badge.svg)
-[![Go Report Card](https://goreportcard.com/badge/github.com/kubevela/kubevela)](https://goreportcard.com/report/github.com/kubevela/kubevela)
+![Build status](https://github.com/oam-dev/kubevela/workflows/E2E/badge.svg)
+[![Go Report Card](https://goreportcard.com/badge/github.com/oam-dev/kubevela)](https://goreportcard.com/report/github.com/oam-dev/kubevela)
 ![Docker Pulls](https://img.shields.io/docker/pulls/oamdev/vela-core)
-[![codecov](https://codecov.io/gh/kubevela/kubevela/branch/master/graph/badge.svg)](https://codecov.io/gh/kubevela/kubevela)
-[![LICENSE](https://img.shields.io/github/license/kubevela/kubevela.svg?style=flat-square)](/LICENSE)
-[![Releases](https://img.shields.io/github/release/kubevela/kubevela/all.svg?style=flat-square)](https://github.com/kubevela/kubevela/releases)
-[![TODOs](https://img.shields.io/endpoint?url=https://api.tickgit.com/badge?repo=github.com/kubevela/kubevela)](https://www.tickgit.com/browse?repo=github.com/oam-dev/kubevela)
+[![codecov](https://codecov.io/gh/oam-dev/kubevela/branch/master/graph/badge.svg)](https://codecov.io/gh/oam-dev/kubevela)
+[![LICENSE](https://img.shields.io/github/license/oam-dev/kubevela.svg?style=flat-square)](/LICENSE)
+[![Releases](https://img.shields.io/github/release/oam-dev/kubevela/all.svg?style=flat-square)](https://github.com/oam-dev/kubevela/releases)
+[![TODOs](https://img.shields.io/endpoint?url=https://api.tickgit.com/badge?repo=github.com/oam-dev/kubevela)](https://www.tickgit.com/browse?repo=github.com/oam-dev/kubevela)
 [![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Ftwitter.com%2Foam_dev)](https://twitter.com/oam_dev)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubevela)](https://artifacthub.io/packages/search?repo=kubevela)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4602/badge)](https://bestpractices.coreinfrastructure.org/projects/4602)
@@ -53,12 +53,11 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai

 ### KubeVela workflow parameters

-| Name                                   | Description                                            | Value   |
-| -------------------------------------- | ------------------------------------------------------ | ------- |
-| `workflow.enableSuspendOnFailure`      | Enable suspend on workflow failure                     | `false` |
-| `workflow.backoff.maxTime.waitState`   | The max backoff time of workflow in a wait condition   | `60`    |
-| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300`   |
-| `workflow.step.errorRetryTimes`        | The max retry times of a failed workflow step          | `10`    |
+| Name                                   | Description                                            | Value |
+| -------------------------------------- | ------------------------------------------------------ | ----- |
+| `workflow.backoff.maxTime.waitState`   | The max backoff time of workflow in a wait condition   | `60`  |
+| `workflow.backoff.maxTime.failedState` | The max backoff time of workflow in a failed condition | `300` |
+| `workflow.step.errorRetryTimes`        | The max retry times of a failed workflow step          | `10`  |


 ### KubeVela controller parameters
@@ -79,43 +78,20 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai
 | `healthCheck.port`          | KubeVela health check port           | `9440`             |


-### KubeVela controller optimization parameters
-
-| Name                                              | Description                                                                                                                                                                          | Value   |
-| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
-| `optimize.cachedGvks`                             | Optimize types of resources to be cached.                                                                                                                                            | `""`    |
-| `optimize.resourceTrackerListOp`                  | Optimize ResourceTracker List Op by adding index.                                                                                                                                    | `true`  |
-| `optimize.controllerReconcileLoopReduction`       | Optimize ApplicationController reconcile by reducing the number of loops to reconcile application.                                                                                   | `false` |
-| `optimize.markWithProb`                           | Optimize ResourceTracker GC by only run mark with probability. Side effect: outdated ResourceTracker might not be able to be removed immediately.                                    | `0.1`   |
-| `optimize.disableComponentRevision`               | Optimize componentRevision by disabling the creation and gc                                                                                                                          | `false` |
-| `optimize.disableApplicationRevision`             | Optimize ApplicationRevision by disabling the creation and gc.                                                                                                                       | `false` |
-| `optimize.disableWorkflowRecorder`                | Optimize workflow recorder by disabling the creation and gc.                                                                                                                         | `false` |
-| `optimize.enableInMemoryWorkflowContext`          | Optimize workflow by use in-memory context.                                                                                                                                          | `false` |
-| `optimize.disableResourceApplyDoubleCheck`        | Optimize workflow by ignoring resource double check after apply.                                                                                                                     | `false` |
-| `optimize.enableResourceTrackerDeleteOnlyTrigger` | Optimize resourcetracker by only trigger reconcile when resourcetracker is deleted.                                                                                                  | `true`  |
-| `featureGates.enableLegacyComponentRevision`      | if disabled, only component with rollout trait will create component revisions                                                                                                       | `false` |
-| `featureGates.gzipResourceTracker`                | if enabled, resourceTracker will be compressed using gzip before being stored                                                                                                        | `false` |
-| `featureGates.zstdResourceTracker`                | if enabled, resourceTracker will be compressed using zstd before being stored. It is much faster and more efficient than gzip. If both gzip and zstd are enabled, zstd will be used. | `false` |
-| `featureGates.applyOnce`                          | if enabled, the apply-once feature will be applied to all applications, no state-keep and no resource data storage in ResourceTracker                                                | `false` |
-| `featureGates.multiStageComponentApply`           | if enabled, the multiStageComponentApply feature will be combined with the stage field in TraitDefinition to complete the multi-stage apply.                                         | `false` |
-
-
 ### MultiCluster parameters

-| Name                                                        | Description                                     | Value                            |
-| ----------------------------------------------------------- | ----------------------------------------------- | -------------------------------- |
-| `multicluster.enabled`                                      | Whether to enable multi-cluster                 | `true`                           |
-| `multicluster.metrics.enabled`                              | Whether to enable multi-cluster metrics collect | `false`                          |
-| `multicluster.clusterGateway.replicaCount`                  | ClusterGateway replica count                    | `1`                              |
-| `multicluster.clusterGateway.port`                          | ClusterGateway port                             | `9443`                           |
-| `multicluster.clusterGateway.image.repository`              | ClusterGateway image repository                 | `oamdev/cluster-gateway`         |
-| `multicluster.clusterGateway.image.tag`                     | ClusterGateway image tag                        | `v1.4.0`                         |
-| `multicluster.clusterGateway.image.pullPolicy`              | ClusterGateway image pull policy                | `IfNotPresent`                   |
-| `multicluster.clusterGateway.resources.limits.cpu`          | ClusterGateway cpu limit                        | `100m`                           |
-| `multicluster.clusterGateway.resources.limits.memory`       | ClusterGateway memory limit                     | `200Mi`                          |
-| `multicluster.clusterGateway.secureTLS.enabled`             | Whether to enable secure TLS                    | `true`                           |
-| `multicluster.clusterGateway.secureTLS.certPath`            | Path to the certificate file                    | `/etc/k8s-cluster-gateway-certs` |
-| `multicluster.clusterGateway.secureTLS.certManager.enabled` | Whether to enable cert-manager                  | `false`                          |
+| Name                                                  | Description                      | Value                            |
+| ----------------------------------------------------- | -------------------------------- | -------------------------------- |
+| `multicluster.enabled`                                | Whether to enable multi-cluster  | `true`                           |
+| `multicluster.clusterGateway.replicaCount`            | ClusterGateway replica count     | `1`                              |
+| `multicluster.clusterGateway.port`                    | ClusterGateway port              | `9443`                           |
+| `multicluster.clusterGateway.image.repository`        | ClusterGateway image repository  | `oamdev/cluster-gateway`         |
+| `multicluster.clusterGateway.image.tag`               | ClusterGateway image tag         | `v1.3.2`                         |
+| `multicluster.clusterGateway.image.pullPolicy`        | ClusterGateway image pull policy | `IfNotPresent`                   |
+| `multicluster.clusterGateway.resources.limits.cpu`    | ClusterGateway cpu limit         | `100m`                           |
+| `multicluster.clusterGateway.resources.limits.memory` | ClusterGateway memory limit      | `200Mi`                          |
+| `multicluster.clusterGateway.secureTLS.enabled`       | Whether to enable secure TLS     | `true`                           |
+| `multicluster.clusterGateway.secureTLS.certPath`      | Path to the certificate file     | `/etc/k8s-cluster-gateway-certs` |


 ### Test parameters
@@ -130,27 +106,23 @@ helm install --create-namespace -n vela-system kubevela kubevela/vela-core --wai

 ### Common parameters

-| Name                          | Description                                                                                                                | Value                |
-| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------- |
-| `imagePullSecrets`            | Image pull secrets                                                                                                         | `[]`                 |
-| `nameOverride`                | Override name                                                                                                              | `""`                 |
-| `fullnameOverride`            | Fullname override                                                                                                          | `""`                 |
-| `serviceAccount.create`       | Specifies whether a service account should be created                                                                      | `true`               |
-| `serviceAccount.annotations`  | Annotations to add to the service account                                                                                  | `{}`                 |
-| `serviceAccount.name`         | The name of the service account to use. If not set and create is true, a name is generated using the fullname template     | `nil`                |
-| `nodeSelector`                | Node selector                                                                                                              | `{}`                 |
-| `tolerations`                 | Tolerations                                                                                                                | `[]`                 |
-| `affinity`                    | Affinity                                                                                                                   | `{}`                 |
-| `rbac.create`                 | Specifies whether a RBAC role should be created                                                                            | `true`               |
-| `logDebug`                    | Enable debug logs for development purpose                                                                                  | `false`              |
-| `logFilePath`                 | If non-empty, write log files in this path                                                                                 | `""`                 |
-| `logFileMaxSize`              | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | `1024`               |
-| `kubeClient.qps`              | The qps for reconcile clients, default is 50                                                                               | `50`                 |
-| `kubeClient.burst`            | The burst for reconcile clients, default is 100                                                                            | `100`                |
-| `authentication.enabled`      | Enable authentication for application                                                                                      | `false`              |
-| `authentication.withUser`     | Application authentication will impersonate as the request User                                                            | `false`              |
-| `authentication.defaultUser`  | Application authentication will impersonate as the User if no user provided in Application                                 | `kubevela:vela-core` |
-| `authentication.groupPattern` | Application authentication will impersonate as the request Group that matches the pattern                                  | `kubevela:*`         |
+| Name                         | Description                                                                                                                | Value   |
+| ---------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `imagePullSecrets`           | Image pull secrets                                                                                                         | `[]`    |
+| `nameOverride`               | Override name                                                                                                              | `""`    |
+| `fullnameOverride`           | Fullname override                                                                                                          | `""`    |
+| `serviceAccount.create`      | Specifies whether a service account should be created                                                                      | `true`  |
+| `serviceAccount.annotations` | Annotations to add to the service account                                                                                  | `{}`    |
+| `serviceAccount.name`        | The name of the service account to use. If not set and create is true, a name is generated using the fullname template     | `nil`   |
+| `nodeSelector`               | Node selector                                                                                                              | `{}`    |
+| `tolerations`                | Tolerations                                                                                                                | `[]`    |
+| `affinity`                   | Affinity                                                                                                                   | `{}`    |
+| `rbac.create`                | Specifies whether a RBAC role should be created                                                                            | `true`  |
+| `logDebug`                   | Enable debug logs for development purpose                                                                                  | `false` |
+| `logFilePath`                | If non-empty, write log files in this path                                                                                 | `""`    |
+| `logFileMaxSize`             | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | `1024`  |
+| `kubeClient.qps`             | The qps for reconcile clients, default is 50                                                                               | `50`    |
+| `kubeClient.burst`           | The burst for reconcile clients, default is 100                                                                            | `100`   |


 ## Uninstallation
@@ -192,4 +164,10 @@ To uninstall the KubeVela helm release:
 $ helm uninstall -n vela-system kubevela
 ```

-Finally, this command will remove all the Kubernetes resources associated with KubeVela and remove this chart release.
+Finally, this command will remove all the Kubernetes resources associated with KubeVela and remove this chart release.
+
+
+
+
+
+
--- a/charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_applicationrevisions.yaml
@@ -461,6 +461,8 @@ spec:
                            cluster:
                              type: string
                            creator:
+                              description: ResourceCreatorRole defines the resource
+                                creator.
                              type: string
                            fieldPath:
                              description: 'If referring to a piece of an object instead
@@ -621,10 +623,9 @@ spec:
                        format: int64
                        type: integer
                      policy:
-                        description: PolicyStatus records the status of policy Deprecated
-                          This field is only used by EnvBinding Policy which is deprecated.
+                        description: PolicyStatus records the status of policy
                        items:
-                          description: PolicyStatus records the status of policy Deprecated
+                          description: PolicyStatus records the status of policy
                          properties:
                            name:
                              type: string
@@ -842,26 +843,20 @@ spec:
                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                type: string
                            type: object
-                          endTime:
-                            format: date-time
-                            type: string
                          finished:
                            type: boolean
                          message:
                            type: string
                          mode:
+                            description: WorkflowMode describes the mode of workflow
                            type: string
                          startTime:
                            format: date-time
                            type: string
-                          status:
-                            description: WorkflowRunPhase is a label for the condition
-                              of a WorkflowRun at the current time
-                            type: string
                          steps:
                            items:
                              description: WorkflowStepStatus record the status of
-                                a workflow step, include step status and subStep status
+                                a workflow step
                              properties:
                                firstExecuteTime:
                                  description: FirstExecuteTime is the first time
@@ -892,45 +887,45 @@ spec:
                                    state.
                                  type: string
                                subSteps:
-                                  items:
-                                    description: StepStatus record the base status
-                                      of workflow step, which could be workflow step
-                                      or subStep
-                                    properties:
-                                      firstExecuteTime:
-                                        description: FirstExecuteTime is the first
-                                          time this step execution.
-                                        format: date-time
-                                        type: string
-                                      id:
-                                        type: string
-                                      lastExecuteTime:
-                                        description: LastExecuteTime is the last time
-                                          this step execution.
-                                        format: date-time
-                                        type: string
-                                      message:
-                                        description: A human readable message indicating
-                                          details about why the workflowStep is in
-                                          this state.
-                                        type: string
-                                      name:
-                                        type: string
-                                      phase:
-                                        description: WorkflowStepPhase describes the
-                                          phase of a workflow step.
-                                        type: string
-                                      reason:
-                                        description: A brief CamelCase message indicating
-                                          details about why the workflowStep is in
-                                          this state.
-                                        type: string
-                                      type:
-                                        type: string
-                                    required:
-                                    - id
-                                    type: object
-                                  type: array
+                                  description: SubStepsStatus record the status of
+                                    workflow steps.
+                                  properties:
+                                    mode:
+                                      description: WorkflowMode describes the mode
+                                        of workflow
+                                      type: string
+                                    stepIndex:
+                                      type: integer
+                                    steps:
+                                      items:
+                                        description: WorkflowSubStepStatus record
+                                          the status of a workflow step
+                                        properties:
+                                          id:
+                                            type: string
+                                          message:
+                                            description: A human readable message
+                                              indicating details about why the workflowStep
+                                              is in this state.
+                                            type: string
+                                          name:
+                                            type: string
+                                          phase:
+                                            description: WorkflowStepPhase describes
+                                              the phase of a workflow step.
+                                            type: string
+                                          reason:
+                                            description: A brief CamelCase message
+                                              indicating details about why the workflowStep
+                                              is in this state.
+                                            type: string
+                                          type:
+                                            type: string
+                                        required:
+                                        - id
+                                        type: object
+                                      type: array
+                                  type: object
                                type:
                                  type: string
                              required:
@@ -939,8 +934,6 @@ spec:
                            type: array
                          suspend:
                            type: boolean
-                          suspendState:
-                            type: string
                          terminated:
                            type: boolean
                        required:
@@ -2204,18 +2197,6 @@ spec:
                          a context in annotation. - should mark "finish" phase in
                          status.conditions.'
                        properties:
-                          mode:
-                            description: WorkflowExecuteMode defines the mode of workflow
-                              execution
-                            properties:
-                              steps:
-                                description: Steps is the mode of workflow steps execution
-                                type: string
-                              subSteps:
-                                description: SubSteps is the mode of workflow sub
-                                  steps execution
-                                type: string
-                            type: object
                          ref:
                            type: string
                          steps:
@@ -2224,16 +2205,12 @@ spec:
                                step.
                              properties:
                                dependsOn:
-                                  description: DependsOn is the dependency of the
-                                    step
                                  items:
                                    type: string
                                  type: array
-                                if:
-                                  description: If is the if condition of the step
-                                  type: string
                                inputs:
-                                  description: Inputs is the inputs of the step
+                                  description: StepInputs defines variable input of
+                                    WorkflowStep
                                  items:
                                    properties:
                                      from:
@@ -2245,19 +2222,13 @@ spec:
                                    - parameterKey
                                    type: object
                                  type: array
-                                meta:
-                                  description: Meta is the meta data of the workflow
-                                    step.
-                                  properties:
-                                    alias:
-                                      type: string
-                                  type: object
                                name:
                                  description: Name is the unique name of the workflow
                                    step.
                                  type: string
                                outputs:
-                                  description: Outputs is the outputs of the step
+                                  description: StepOutputs defines output variable
+                                    of WorkflowStep
                                  items:
                                    properties:
                                      name:
@@ -2270,86 +2241,9 @@ spec:
                                    type: object
                                  type: array
                                properties:
-                                  description: Properties is the properties of the
-                                    step
                                  type: object
                                  x-kubernetes-preserve-unknown-fields: true
-                                subSteps:
-                                  items:
-                                    description: WorkflowStepBase defines the workflow
-                                      step base
-                                    properties:
-                                      dependsOn:
-                                        description: DependsOn is the dependency of
-                                          the step
-                                        items:
-                                          type: string
-                                        type: array
-                                      if:
-                                        description: If is the if condition of the
-                                          step
-                                        type: string
-                                      inputs:
-                                        description: Inputs is the inputs of the step
-                                        items:
-                                          properties:
-                                            from:
-                                              type: string
-                                            parameterKey:
-                                              type: string
-                                          required:
-                                          - from
-                                          - parameterKey
-                                          type: object
-                                        type: array
-                                      meta:
-                                        description: Meta is the meta data of the
-                                          workflow step.
-                                        properties:
-                                          alias:
-                                            type: string
-                                        type: object
-                                      name:
-                                        description: Name is the unique name of the
-                                          workflow step.
-                                        type: string
-                                      outputs:
-                                        description: Outputs is the outputs of the
-                                          step
-                                        items:
-                                          properties:
-                                            name:
-                                              type: string
-                                            valueFrom:
-                                              type: string
-                                          required:
-                                          - name
-                                          - valueFrom
-                                          type: object
-                                        type: array
-                                      properties:
-                                        description: Properties is the properties
-                                          of the step
-                                        type: object
-                                        x-kubernetes-preserve-unknown-fields: true
-                                      timeout:
-                                        description: Timeout is the timeout of the
-                                          step
-                                        type: string
-                                      type:
-                                        description: Type is the type of the workflow
-                                          step.
-                                        type: string
-                                    required:
-                                    - name
-                                    - type
-                                    type: object
-                                  type: array
-                                timeout:
-                                  description: Timeout is the timeout of the step
-                                  type: string
                                type:
-                                  description: Type is the type of the workflow step.
                                  type: string
                              required:
                              - name
@@ -2376,6 +2270,8 @@ spec:
                            cluster:
                              type: string
                            creator:
+                              description: ResourceCreatorRole defines the resource
+                                creator.
                              type: string
                            fieldPath:
                              description: 'If referring to a piece of an object instead
@@ -2536,10 +2432,9 @@ spec:
                        format: int64
                        type: integer
                      policy:
-                        description: PolicyStatus records the status of policy Deprecated
-                          This field is only used by EnvBinding Policy which is deprecated.
+                        description: PolicyStatus records the status of policy
                        items:
-                          description: PolicyStatus records the status of policy Deprecated
+                          description: PolicyStatus records the status of policy
                          properties:
                            name:
                              type: string
@@ -2757,26 +2652,20 @@ spec:
                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                type: string
                            type: object
-                          endTime:
-                            format: date-time
-                            type: string
                          finished:
                            type: boolean
                          message:
                            type: string
                          mode:
+                            description: WorkflowMode describes the mode of workflow
                            type: string
                          startTime:
                            format: date-time
                            type: string
-                          status:
-                            description: WorkflowRunPhase is a label for the condition
-                              of a WorkflowRun at the current time
-                            type: string
                          steps:
                            items:
                              description: WorkflowStepStatus record the status of
-                                a workflow step, include step status and subStep status
+                                a workflow step
                              properties:
                                firstExecuteTime:
                                  description: FirstExecuteTime is the first time
@@ -2807,45 +2696,45 @@ spec:
                                    state.
                                  type: string
                                subSteps:
-                                  items:
-                                    description: StepStatus record the base status
-                                      of workflow step, which could be workflow step
-                                      or subStep
-                                    properties:
-                                      firstExecuteTime:
-                                        description: FirstExecuteTime is the first
-                                          time this step execution.
-                                        format: date-time
-                                        type: string
-                                      id:
-                                        type: string
-                                      lastExecuteTime:
-                                        description: LastExecuteTime is the last time
-                                          this step execution.
-                                        format: date-time
-                                        type: string
-                                      message:
-                                        description: A human readable message indicating
-                                          details about why the workflowStep is in
-                                          this state.
-                                        type: string
-                                      name:
-                                        type: string
-                                      phase:
-                                        description: WorkflowStepPhase describes the
-                                          phase of a workflow step.
-                                        type: string
-                                      reason:
-                                        description: A brief CamelCase message indicating
-                                          details about why the workflowStep is in
-                                          this state.
-                                        type: string
-                                      type:
-                                        type: string
-                                    required:
-                                    - id
-                                    type: object
-                                  type: array
+                                  description: SubStepsStatus record the status of
+                                    workflow steps.
+                                  properties:
+                                    mode:
+                                      description: WorkflowMode describes the mode
+                                        of workflow
+                                      type: string
+                                    stepIndex:
+                                      type: integer
+                                    steps:
+                                      items:
+                                        description: WorkflowSubStepStatus record
+                                          the status of a workflow step
+                                        properties:
+                                          id:
+                                            type: string
+                                          message:
+                                            description: A human readable message
+                                              indicating details about why the workflowStep
+                                              is in this state.
+                                            type: string
+                                          name:
+                                            type: string
+                                          phase:
+                                            description: WorkflowStepPhase describes
+                                              the phase of a workflow step.
+                                            type: string
+                                          reason:
+                                            description: A brief CamelCase message
+                                              indicating details about why the workflowStep
+                                              is in this state.
+                                            type: string
+                                          type:
+                                            type: string
+                                        required:
+                                        - id
+                                        type: object
+                                      type: array
+                                  type: object
                                type:
                                  type: string
                              required:
@@ -2854,8 +2743,6 @@ spec:
                            type: array
                          suspend:
                            type: boolean
-                          suspendState:
-                            type: string
                          terminated:
                            type: boolean
                        required:
@@ -3306,8 +3193,7 @@ spec:
                          type: boolean
                        schematic:
                          description: Schematic defines the data format and template
-                            of the encapsulation of the policy definition. Only CUE
-                            schematic is supported for now.
+                            of the encapsulation of the policy definition
                          properties:
                            cue:
                              description: CUE defines the encapsulation in CUE format
@@ -3500,10 +3386,6 @@ spec:
                            - type
                            type: object
                          type: array
-                        configMapRef:
-                          description: ConfigMapRef refer to a ConfigMap which contains
-                            OpenAPI V3 JSON schema of Component parameters.
-                          type: string
                        latestRevision:
                          description: LatestRevision of the component definition
                          properties:
@@ -3617,7 +3499,7 @@ spec:
              scopeGVK:
                additionalProperties:
                  description: GroupVersionKind unambiguously identifies a kind.  It
-                    doesn't anonymously include GroupVersion to avoid automatic coercion.  It
+                    doesn't anonymously include GroupVersion to avoid automatic coersion.  It
                    doesn't use a GroupVersion to avoid custom marshalling
                  properties:
                    group:
@@ -3678,7 +3560,7 @@ spec:
                        appliesToWorkloads:
                          description: AppliesToWorkloads specifies the list of workload
                            kinds this trait applies to. Workload kinds are specified
-                            in resource.group/version format, e.g. server.core.oam.dev/v1alpha2.
+                            in kind.group/version format, e.g. server.core.oam.dev/v1alpha2.
                            Traits that omit this field apply to all workload kinds.
                          items:
                            type: string
@@ -3695,10 +3577,6 @@ spec:
                          items:
                            type: string
                          type: array
-                        controlPlaneOnly:
-                          description: ControlPlaneOnly defines which cluster is dispatched
-                            to
-                          type: boolean
                        definitionRef:
                          description: Reference to the CustomResourceDefinition that
                            defines this trait kind.
@@ -3733,8 +3611,7 @@ spec:
                          type: boolean
                        schematic:
                          description: Schematic defines the data format and template
-                            of the encapsulation of the trait. Only CUE and Kube schematic
-                            are supported for now.
+                            of the encapsulation of the trait
                          properties:
                            cue:
                              description: CUE defines the encapsulation in CUE format
@@ -3888,12 +3765,10 @@ spec:
                              - configuration
                              type: object
                          type: object
-                        stage:
-                          description: Stage defines the stage information to which
-                            this trait resource processing belongs. Currently, PreDispatch
-                            and PostDispatch are provided, which are used to control
-                            resource pre-process and post-process respectively.
-                          type: string
+                        skipRevisionAffect:
+                          description: SkipRevisionAffect defines the update this
+                            trait will not generate a new application Revision
+                          type: boolean
                        status:
                          description: Status defines the custom health policy and
                            status message for trait
@@ -4009,32 +3884,17 @@ spec:
                      namespace:
                        type: string
                    type: object
-                  mode:
-                    description: WorkflowExecuteMode defines the mode of workflow
-                      execution
-                    properties:
-                      steps:
-                        description: Steps is the mode of workflow steps execution
-                        type: string
-                      subSteps:
-                        description: SubSteps is the mode of workflow sub steps execution
-                        type: string
-                    type: object
                  steps:
                    items:
                      description: WorkflowStep defines how to execute a workflow
                        step.
                      properties:
                        dependsOn:
-                          description: DependsOn is the dependency of the step
                          items:
                            type: string
                          type: array
-                        if:
-                          description: If is the if condition of the step
-                          type: string
                        inputs:
-                          description: Inputs is the inputs of the step
+                          description: StepInputs defines variable input of WorkflowStep
                          items:
                            properties:
                              from:
@@ -4046,17 +3906,11 @@ spec:
                            - parameterKey
                            type: object
                          type: array
-                        meta:
-                          description: Meta is the meta data of the workflow step.
-                          properties:
-                            alias:
-                              type: string
-                          type: object
                        name:
                          description: Name is the unique name of the workflow step.
                          type: string
                        outputs:
-                          description: Outputs is the outputs of the step
+                          description: StepOutputs defines output variable of WorkflowStep
                          items:
                            properties:
                              name:
@@ -4069,79 +3923,9 @@ spec:
                            type: object
                          type: array
                        properties:
-                          description: Properties is the properties of the step
                          type: object
                          x-kubernetes-preserve-unknown-fields: true
-                        subSteps:
-                          items:
-                            description: WorkflowStepBase defines the workflow step
-                              base
-                            properties:
-                              dependsOn:
-                                description: DependsOn is the dependency of the step
-                                items:
-                                  type: string
-                                type: array
-                              if:
-                                description: If is the if condition of the step
-                                type: string
-                              inputs:
-                                description: Inputs is the inputs of the step
-                                items:
-                                  properties:
-                                    from:
-                                      type: string
-                                    parameterKey:
-                                      type: string
-                                  required:
-                                  - from
-                                  - parameterKey
-                                  type: object
-                                type: array
-                              meta:
-                                description: Meta is the meta data of the workflow
-                                  step.
-                                properties:
-                                  alias:
-                                    type: string
-                                type: object
-                              name:
-                                description: Name is the unique name of the workflow
-                                  step.
-                                type: string
-                              outputs:
-                                description: Outputs is the outputs of the step
-                                items:
-                                  properties:
-                                    name:
-                                      type: string
-                                    valueFrom:
-                                      type: string
-                                  required:
-                                  - name
-                                  - valueFrom
-                                  type: object
-                                type: array
-                              properties:
-                                description: Properties is the properties of the step
-                                type: object
-                                x-kubernetes-preserve-unknown-fields: true
-                              timeout:
-                                description: Timeout is the timeout of the step
-                                type: string
-                              type:
-                                description: Type is the type of the workflow step.
-                                type: string
-                            required:
-                            - name
-                            - type
-                            type: object
-                          type: array
-                        timeout:
-                          description: Timeout is the timeout of the step
-                          type: string
                        type:
-                          description: Type is the type of the workflow step.
                          type: string
                      required:
                      - name
@@ -4206,8 +3990,7 @@ spec:
                          type: object
                        schematic:
                          description: Schematic defines the data format and template
-                            of the encapsulation of the workflow step definition.
-                            Only CUE schematic is supported for now.
+                            of the encapsulation of the workflow step definition
                          properties:
                            cue:
                              description: CUE defines the encapsulation in CUE format
@@ -4811,26 +4594,20 @@ spec:
                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                        type: string
                    type: object
-                  endTime:
-                    format: date-time
-                    type: string
                  finished:
                    type: boolean
                  message:
                    type: string
                  mode:
+                    description: WorkflowMode describes the mode of workflow
                    type: string
                  startTime:
                    format: date-time
                    type: string
-                  status:
-                    description: WorkflowRunPhase is a label for the condition of
-                      a WorkflowRun at the current time
-                    type: string
                  steps:
                    items:
                      description: WorkflowStepStatus record the status of a workflow
-                        step, include step status and subStep status
+                        step
                      properties:
                        firstExecuteTime:
                          description: FirstExecuteTime is the first time this step
@@ -4859,42 +4636,44 @@ spec:
                            about why the workflowStep is in this state.
                          type: string
                        subSteps:
-                          items:
-                            description: StepStatus record the base status of workflow
-                              step, which could be workflow step or subStep
-                            properties:
-                              firstExecuteTime:
-                                description: FirstExecuteTime is the first time this
-                                  step execution.
-                                format: date-time
-                                type: string
-                              id:
-                                type: string
-                              lastExecuteTime:
-                                description: LastExecuteTime is the last time this
-                                  step execution.
-                                format: date-time
-                                type: string
-                              message:
-                                description: A human readable message indicating details
-                                  about why the workflowStep is in this state.
-                                type: string
-                              name:
-                                type: string
-                              phase:
-                                description: WorkflowStepPhase describes the phase
-                                  of a workflow step.
-                                type: string
-                              reason:
-                                description: A brief CamelCase message indicating
-                                  details about why the workflowStep is in this state.
-                                type: string
-                              type:
-                                type: string
-                            required:
-                            - id
-                            type: object
-                          type: array
+                          description: SubStepsStatus record the status of workflow
+                            steps.
+                          properties:
+                            mode:
+                              description: WorkflowMode describes the mode of workflow
+                              type: string
+                            stepIndex:
+                              type: integer
+                            steps:
+                              items:
+                                description: WorkflowSubStepStatus record the status
+                                  of a workflow step
+                                properties:
+                                  id:
+                                    type: string
+                                  message:
+                                    description: A human readable message indicating
+                                      details about why the workflowStep is in this
+                                      state.
+                                    type: string
+                                  name:
+                                    type: string
+                                  phase:
+                                    description: WorkflowStepPhase describes the phase
+                                      of a workflow step.
+                                    type: string
+                                  reason:
+                                    description: A brief CamelCase message indicating
+                                      details about why the workflowStep is in this
+                                      state.
+                                    type: string
+                                  type:
+                                    type: string
+                                required:
+                                - id
+                                type: object
+                              type: array
+                          type: object
                        type:
                          type: string
                      required:
@@ -4903,8 +4682,6 @@ spec:
                    type: array
                  suspend:
                    type: boolean
-                  suspendState:
-                    type: string
                  terminated:
                    type: boolean
                required:
--- a/charts/vela-core/crds/core.oam.dev_applications.yaml
+++ b/charts/vela-core/crds/core.oam.dev_applications.yaml
--- a/charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_definitionrevisions.yaml
@@ -445,8 +445,7 @@ spec:
                        type: boolean
                      schematic:
                        description: Schematic defines the data format and template
-                          of the encapsulation of the policy definition. Only CUE
-                          schematic is supported for now.
+                          of the encapsulation of the policy definition
                        properties:
                          cue:
                            description: CUE defines the encapsulation in CUE format
@@ -637,10 +636,6 @@ spec:
                          - type
                          type: object
                        type: array
-                      configMapRef:
-                        description: ConfigMapRef refer to a ConfigMap which contains
-                          OpenAPI V3 JSON schema of Component parameters.
-                        type: string
                      latestRevision:
                        description: LatestRevision of the component definition
                        properties:
@@ -709,7 +704,7 @@ spec:
                      appliesToWorkloads:
                        description: AppliesToWorkloads specifies the list of workload
                          kinds this trait applies to. Workload kinds are specified
-                          in resource.group/version format, e.g. server.core.oam.dev/v1alpha2.
+                          in kind.group/version format, e.g. server.core.oam.dev/v1alpha2.
                          Traits that omit this field apply to all workload kinds.
                        items:
                          type: string
@@ -725,10 +720,6 @@ spec:
                        items:
                          type: string
                        type: array
-                      controlPlaneOnly:
-                        description: ControlPlaneOnly defines which cluster is dispatched
-                          to
-                        type: boolean
                      definitionRef:
                        description: Reference to the CustomResourceDefinition that
                          defines this trait kind.
@@ -763,8 +754,7 @@ spec:
                        type: boolean
                      schematic:
                        description: Schematic defines the data format and template
-                          of the encapsulation of the trait. Only CUE and Kube schematic
-                          are supported for now.
+                          of the encapsulation of the trait
                        properties:
                          cue:
                            description: CUE defines the encapsulation in CUE format
@@ -916,12 +906,10 @@ spec:
                            - configuration
                            type: object
                        type: object
-                      stage:
-                        description: Stage defines the stage information to which
-                          this trait resource processing belongs. Currently, PreDispatch
-                          and PostDispatch are provided, which are used to control
-                          resource pre-process and post-process respectively.
-                        type: string
+                      skipRevisionAffect:
+                        description: SkipRevisionAffect defines the update this trait
+                          will not generate a new application Revision
+                        type: boolean
                      status:
                        description: Status defines the custom health policy and status
                          message for trait
@@ -1056,8 +1044,7 @@ spec:
                        type: object
                      schematic:
                        description: Schematic defines the data format and template
-                          of the encapsulation of the workflow step definition. Only
-                          CUE schematic is supported for now.
+                          of the encapsulation of the workflow step definition
                        properties:
                          cue:
                            description: CUE defines the encapsulation in CUE format
--- a/charts/vela-core/crds/core.oam.dev_manualscalertraits.yaml
+++ b/charts/vela-core/crds/core.oam.dev_manualscalertraits.yaml
@@ -0,0 +1,134 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  name: manualscalertraits.core.oam.dev
+spec:
+  group: core.oam.dev
+  names:
+    categories:
+    - oam
+    kind: ManualScalerTrait
+    listKind: ManualScalerTraitList
+    plural: manualscalertraits
+    singular: manualscalertrait
+  scope: Namespaced
+  versions:
+  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: A ManualScalerTrait determines how many replicas a workload should
+          have.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: A ManualScalerTraitSpec defines the desired state of a ManualScalerTrait.
+            properties:
+              replicaCount:
+                description: ReplicaCount of the workload this trait applies to.
+                format: int32
+                type: integer
+              workloadRef:
+                description: WorkloadReference to the workload this trait applies
+                  to.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+            required:
+            - replicaCount
+            - workloadRef
+            type: object
+          status:
+            description: A ManualScalerTraitStatus represents the observed state of
+              a ManualScalerTrait.
+            properties:
+              conditions:
+                description: Conditions of the resource.
+                items:
+                  description: A Condition that may apply to a resource.
+                  properties:
+                    lastTransitionTime:
+                      description: LastTransitionTime is the last time this condition
+                        transitioned from one status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A Message containing details about this condition's
+                        last transition from one status to another, if any.
+                      type: string
+                    reason:
+                      description: A Reason for this condition's last transition from
+                        one status to another.
+                      type: string
+                    status:
+                      description: Status of this condition; is it currently True,
+                        False, or Unknown?
+                      type: string
+                    type:
+                      description: Type of this condition. At most one of each condition
+                        type may apply to a resource at any point in time.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_policydefinitions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_policydefinitions.yaml
@@ -60,8 +60,7 @@ spec:
                type: boolean
              schematic:
                description: Schematic defines the data format and template of the
-                  encapsulation of the policy definition. Only CUE schematic is supported
-                  for now.
+                  encapsulation of the policy definition
                properties:
                  cue:
                    description: CUE defines the encapsulation in CUE format
@@ -245,10 +244,6 @@ spec:
                  - type
                  type: object
                type: array
-              configMapRef:
-                description: ConfigMapRef refer to a ConfigMap which contains OpenAPI
-                  V3 JSON schema of Component parameters.
-                type: string
              latestRevision:
                description: LatestRevision of the component definition
                properties:
--- a/charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml
+++ b/charts/vela-core/crds/core.oam.dev_resourcetrackers.yaml
@@ -56,16 +56,6 @@ spec:
              applicationGeneration:
                format: int64
                type: integer
-              compression:
-                description: ResourceTrackerCompression the compression for ResourceTracker
-                  ManagedResources
-                properties:
-                  data:
-                    type: string
-                  type:
-                    description: Type the compression type
-                    type: string
-                type: object
              managedResources:
                items:
                  description: ManagedResource define the resource to be managed by
@@ -79,6 +69,7 @@ spec:
                    component:
                      type: string
                    creator:
+                      description: ResourceCreatorRole defines the resource creator.
                      type: string
                    deleted:
                      description: Deleted marks the resource to be deleted
@@ -114,9 +105,6 @@ spec:
                      description: 'Specific resourceVersion to which this reference
                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
                      type: string
-                    skipGC:
-                      description: SkipGC marks the resource to skip gc
-                      type: boolean
                    trait:
                      type: string
                    uid:
@@ -146,6 +134,7 @@ spec:
                    cluster:
                      type: string
                    creator:
+                      description: ResourceCreatorRole defines the resource creator.
                      type: string
                    fieldPath:
                      description: 'If referring to a piece of an object instead of
--- a/charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_traitdefinitions.yaml
@@ -356,7 +356,7 @@ spec:
            properties:
              appliesToWorkloads:
                description: AppliesToWorkloads specifies the list of workload kinds
-                  this trait applies to. Workload kinds are specified in resource.group/version
+                  this trait applies to. Workload kinds are specified in kind.group/version
                  format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this
                  field apply to all workload kinds.
                items:
@@ -372,10 +372,6 @@ spec:
                items:
                  type: string
                type: array
-              controlPlaneOnly:
-                description: ControlPlaneOnly defines which cluster is dispatched
-                  to
-                type: boolean
              definitionRef:
                description: Reference to the CustomResourceDefinition that defines
                  this trait kind.
@@ -410,8 +406,7 @@ spec:
                type: boolean
              schematic:
                description: Schematic defines the data format and template of the
-                  encapsulation of the trait. Only CUE and Kube schematic are supported
-                  for now.
+                  encapsulation of the trait
                properties:
                  cue:
                    description: CUE defines the encapsulation in CUE format
@@ -558,12 +553,10 @@ spec:
                    - configuration
                    type: object
                type: object
-              stage:
-                description: Stage defines the stage information to which this trait
-                  resource processing belongs. Currently, PreDispatch and PostDispatch
-                  are provided, which are used to control resource pre-process and
-                  post-process respectively.
-                type: string
+              skipRevisionAffect:
+                description: SkipRevisionAffect defines the update this trait will
+                  not generate a new application Revision
+                type: boolean
              status:
                description: Status defines the custom health policy and status message
                  for trait
--- a/charts/vela-core/crds/core.oam.dev_workflows.yaml
+++ b/charts/vela-core/crds/core.oam.dev_workflows.yaml
@@ -1,10 +1,10 @@
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.9.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.6.2
  name: workflows.core.oam.dev
 spec:
  group: core.oam.dev
@@ -20,7 +20,7 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: Workflow is the Schema for the workflow API
+        description: Workflow is the Schema for the policy API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
@@ -34,30 +34,16 @@ spec:
            type: string
          metadata:
            type: object
-          mode:
-            description: WorkflowExecuteMode defines the mode of workflow execution
-            properties:
-              steps:
-                description: Steps is the mode of workflow steps execution
-                type: string
-              subSteps:
-                description: SubSteps is the mode of workflow sub steps execution
-                type: string
-            type: object
          steps:
            items:
              description: WorkflowStep defines how to execute a workflow step.
              properties:
                dependsOn:
-                  description: DependsOn is the dependency of the step
                  items:
                    type: string
                  type: array
-                if:
-                  description: If is the if condition of the step
-                  type: string
                inputs:
-                  description: Inputs is the inputs of the step
+                  description: StepInputs defines variable input of WorkflowStep
                  items:
                    properties:
                      from:
@@ -69,17 +55,11 @@ spec:
                    - parameterKey
                    type: object
                  type: array
-                meta:
-                  description: Meta is the meta data of the workflow step.
-                  properties:
-                    alias:
-                      type: string
-                  type: object
                name:
                  description: Name is the unique name of the workflow step.
                  type: string
                outputs:
-                  description: Outputs is the outputs of the step
+                  description: StepOutputs defines output variable of WorkflowStep
                  items:
                    properties:
                      name:
@@ -92,76 +72,9 @@ spec:
                    type: object
                  type: array
                properties:
-                  description: Properties is the properties of the step
                  type: object
                  x-kubernetes-preserve-unknown-fields: true
-                subSteps:
-                  items:
-                    description: WorkflowStepBase defines the workflow step base
-                    properties:
-                      dependsOn:
-                        description: DependsOn is the dependency of the step
-                        items:
-                          type: string
-                        type: array
-                      if:
-                        description: If is the if condition of the step
-                        type: string
-                      inputs:
-                        description: Inputs is the inputs of the step
-                        items:
-                          properties:
-                            from:
-                              type: string
-                            parameterKey:
-                              type: string
-                          required:
-                          - from
-                          - parameterKey
-                          type: object
-                        type: array
-                      meta:
-                        description: Meta is the meta data of the workflow step.
-                        properties:
-                          alias:
-                            type: string
-                        type: object
-                      name:
-                        description: Name is the unique name of the workflow step.
-                        type: string
-                      outputs:
-                        description: Outputs is the outputs of the step
-                        items:
-                          properties:
-                            name:
-                              type: string
-                            valueFrom:
-                              type: string
-                          required:
-                          - name
-                          - valueFrom
-                          type: object
-                        type: array
-                      properties:
-                        description: Properties is the properties of the step
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      timeout:
-                        description: Timeout is the timeout of the step
-                        type: string
-                      type:
-                        description: Type is the type of the workflow step.
-                        type: string
-                    required:
-                    - name
-                    - type
-                    type: object
-                  type: array
-                timeout:
-                  description: Timeout is the timeout of the step
-                  type: string
                type:
-                  description: Type is the type of the workflow step.
                  type: string
              required:
              - name
@@ -171,3 +84,66 @@ spec:
        type: object
    served: true
    storage: true
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Workflow defines workflow steps and other attributes
+        properties:
+          ref:
+            type: string
+          steps:
+            items:
+              description: WorkflowStep defines how to execute a workflow step.
+              properties:
+                dependsOn:
+                  items:
+                    type: string
+                  type: array
+                inputs:
+                  description: StepInputs defines variable input of WorkflowStep
+                  items:
+                    properties:
+                      from:
+                        type: string
+                      parameterKey:
+                        type: string
+                    required:
+                    - from
+                    - parameterKey
+                    type: object
+                  type: array
+                name:
+                  description: Name is the unique name of the workflow step.
+                  type: string
+                outputs:
+                  description: StepOutputs defines output variable of WorkflowStep
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      valueFrom:
+                        type: string
+                    required:
+                    - name
+                    - valueFrom
+                    type: object
+                  type: array
+                properties:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                type:
+                  type: string
+              required:
+              - name
+              - type
+              type: object
+            type: array
+        type: object
+    served: true
+    storage: false
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/vela-core/crds/core.oam.dev_workflowstepdefinitions.yaml
+++ b/charts/vela-core/crds/core.oam.dev_workflowstepdefinitions.yaml
@@ -57,8 +57,7 @@ spec:
                type: object
              schematic:
                description: Schematic defines the data format and template of the
-                  encapsulation of the workflow step definition. Only CUE schematic
-                  is supported for now.
+                  encapsulation of the workflow step definition
                properties:
                  cue:
                    description: CUE defines the encapsulation in CUE format
--- a/charts/vela-core/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+++ b/charts/vela-core/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -36,9 +36,7 @@ spec:
            - --namespace={{ .Release.Namespace }}
            - --secret-name={{ template "kubevela.fullname" . }}-admission
            - --patch-failure-policy={{ .Values.admissionWebhooks.failurePolicy }}
-            {{- if .Values.admissionWebhooks.appConversion.enabled }}
-            - --crds={"name":"applications.core.oam.dev","conversion":{"strategy":"Webhook","webhook":{"clientConfig":{"service":{"name":"vela-core-webhook","namespace":"vela-system","path":"/convert","port":443}},"conversionReviewVersions":["v1beta1","v1alpha2"]}}}
-            {{- end }}
+            - --crds=applications.core.oam.dev
      restartPolicy: OnFailure
      serviceAccountName: {{ template "kubevela.fullname" . }}-admission
      {{- with .Values.admissionWebhooks.patch.affinity }}
--- a/charts/vela-core/templates/admission-webhooks/mutatingWebhookConfiguration.yaml
+++ b/charts/vela-core/templates/admission-webhooks/mutatingWebhookConfiguration.yaml
@@ -120,32 +120,6 @@ webhooks:
          - UPDATE
        resources:
          - podspecworkloads
-  - clientConfig:
-      caBundle: Cg==
-      service:
-        name: {{ template "kubevela.name" . }}-webhook
-        namespace: {{ .Release.Namespace }}
-        path: /mutating-core-oam-dev-v1beta1-applications
-    {{- if .Values.admissionWebhooks.patch.enabled }}
-    failurePolicy: Ignore
-    {{- else }}
-    failurePolicy: Fail
-    {{- end }}
-    name: mutating.core.oam.dev.v1beta1.applications
-    admissionReviewVersions:
-      - v1beta1
-      - v1
-    sideEffects: None
-    rules:
-      - apiGroups:
-          - core.oam.dev
-        apiVersions:
-          - v1beta1
-        operations:
-          - CREATE
-          - UPDATE
-        resources:
-          - applications
  - clientConfig:
      caBundle: Cg==
      service:
--- a/charts/vela-core/templates/admission-webhooks/certmanager.yaml
+++ b/charts/vela-core/templates/admission-webhooks/certmanager.yaml
@@ -23,7 +23,7 @@ spec:
    name: {{ template "kubevela.fullname" . }}-self-signed-issuer
  commonName: "ca.webhook.kubevela"
  isCA: true
-
+  
 ---
 # Create an Issuer that uses the above generated CA certificate to issue certs
 apiVersion: cert-manager.io/v1
--- a/charts/vela-core/templates/cluster-gateway.yaml
+++ b/charts/vela-core/templates/cluster-gateway.yaml
@@ -0,0 +1,277 @@
+{{ if .Values.multicluster.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-cluster-gateway
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kubevela.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.multicluster.clusterGateway.replicaCount }}
+  selector:
+    matchLabels:
+    {{- include "kubevela-cluster-gateway.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+      {{- include "kubevela-cluster-gateway.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "kubevela.serviceAccountName" . }}
+      securityContext:
+      {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ include "kubevela.fullname" . }}-cluster-gateway
+          securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}
+          args:
+            - "apiserver"
+            - "--secure-port={{ .Values.multicluster.clusterGateway.port }}"
+            - "--secret-namespace={{ .Release.Namespace }}"
+            - "--feature-gates=APIPriorityAndFairness=false"
+            {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+            - "--cert-dir={{ .Values.multicluster.clusterGateway.secureTLS.certPath }}"
+            {{ end }}
+          image: {{ .Values.imageRegistry }}{{ .Values.multicluster.clusterGateway.image.repository }}:{{ .Values.multicluster.clusterGateway.image.tag }}
+          imagePullPolicy: {{ .Values.multicluster.clusterGateway.image.pullPolicy }}
+          resources:
+          {{- toYaml .Values.multicluster.clusterGateway.resources | nindent 12 }}
+          ports:
+            - containerPort: {{ .Values.multicluster.clusterGateway.port }}
+          {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+          volumeMounts:
+            - mountPath: {{ .Values.multicluster.clusterGateway.secureTLS.certPath }}
+              name: tls-cert-vol
+              readOnly: true
+          {{- end }}
+      {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+      volumes:
+        - name: tls-cert-vol
+          secret:
+            defaultMode: 420
+            secretName: {{ template "kubevela.fullname" . }}-cluster-gateway-tls
+      {{ end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+{{ end }}
+---
+{{ if .Values.multicluster.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-cluster-gateway-service
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+  {{- include "kubevela-cluster-gateway.selectorLabels" . | nindent 4 }}
+  ports:
+    - protocol: TCP
+      port: {{ .Values.multicluster.clusterGateway.port }}
+      targetPort: {{ .Values.multicluster.clusterGateway.port }}
+{{ end }}
+---
+{{ if .Values.multicluster.enabled }}
+# 1.  Check whether APIService ""v1alpha1.cluster.core.oam.dev" is already present in the cluster
+# 2.a If the APIService doesn't exist, create it.
+# 2.b If the APIService exists without helm-chart related annotation, skip creating it to the
+#     cluster because the APIService can be managed by an external controller.
+# 2.c If the APIService exists with valid helm-chart annotations, which means that the APIService
+#     is previously managed by helm commands, hence update the APIService consistently.
+{{ $apiSvc := (lookup "apiregistration.k8s.io/v1" "APIService" "" "v1alpha1.cluster.core.oam.dev") }}
+{{ $shouldAdopt := (not $apiSvc) }}
+{{ if not $shouldAdopt }}
+  {{ if $apiSvc.metadata.annotations }}
+    {{ $shouldAdopt = (index ($apiSvc).metadata.annotations "meta.helm.sh/release-name") }}
+  {{ end }}
+{{ end }}
+{{ if $shouldAdopt }}
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1alpha1.cluster.core.oam.dev
+  labels:
+    api: cluster-extension-apiserver
+    apiserver: "true"
+spec:
+  version: v1alpha1
+  group: cluster.core.oam.dev
+  groupPriorityMinimum: 2000
+  service:
+    name: {{ .Release.Name }}-cluster-gateway-service
+    namespace: {{ .Release.Namespace }}
+    port: {{ .Values.multicluster.clusterGateway.port }}
+  versionPriority: 10
+  insecureSkipTLSVerify: {{ not .Values.multicluster.clusterGateway.secureTLS.enabled }}
+  {{ if .Values.multicluster.clusterGateway.secureTLS.enabled }}
+  caBundle: Cg==
+  {{ end }}
+{{ end }}
+{{ end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.name" . }}-cluster-gateway-admission
+    {{- include "kubevela.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - create
+{{- end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.name" . }}-cluster-gateway-admission
+    {{- include "kubevela.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.name" . }}-cluster-gateway-admission
+    {{- include "kubevela.labels" . | nindent 4 }}
+{{- end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+    {{- include "kubevela.labels" . | nindent 4 }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+      labels:
+        app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create
+        {{- include "kubevela.labels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: create
+        image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
+        imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
+        args:
+          - create
+          - --host={{ .Release.Name }}-cluster-gateway-service,{{ .Release.Name }}-cluster-gateway-service.{{ .Release.Namespace }}.svc
+          - --namespace={{ .Release.Namespace }}
+          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls
+          - --key-name=apiserver.key
+          - --cert-name=apiserver.crt
+      restartPolicy: OnFailure
+      serviceAccountName: {{ template "kubevela.fullname" . }}-cluster-gateway-admission
+      securityContext:
+        runAsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+{{ end }}
+---
+{{ if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+  labels:
+    app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+    {{- include "kubevela.labels" . | nindent 4 }}
+spec:
+  {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+  # Alpha feature since k8s 1.12
+  ttlSecondsAfterFinished: 0
+  {{- end }}
+  template:
+    metadata:
+      name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+      labels:
+        app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch
+        {{- include "kubevela.labels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: patch
+        image: {{ .Values.imageRegistry }}{{ .Values.multicluster.clusterGateway.image.repository }}:{{ .Values.multicluster.clusterGateway.image.tag }}
+        imagePullPolicy: {{ .Values.multicluster.clusterGateway.image.pullPolicy }}
+        command:
+          - /patch
+        args:
+          - --secret-namespace={{ .Release.Namespace }}
+          - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls
+      restartPolicy: OnFailure
+      serviceAccountName: {{ include "kubevela.serviceAccountName" . }}
+      securityContext:
+        runAsGroup: 2000
+        runAsNonRoot: true
+        runAsUser: 2000
+{{ end }}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
wyike	d08aa7d12c	fix several issues (#3729 ) (#3735 ) Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com>	2022-04-22 17:29:01 +08:00
wyike	f9755a405f	Fix: change systemInfo some fields (cp #3715 ) (#3723 ) * Fix: change systemInfo some fields (#3715) * add some field an calculate workflow step Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * fix the calculate job cannot start issue Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * fix comments Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix test Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * add suit test framework Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * modify the go mod file Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix worry file name Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com>	2022-04-22 16:42:54 +08:00
github-actions[bot]	d751d95bac	Feat: change the webservice and config-image-registry definitions (#3733 ) Signed-off-by: barnettZQG <barnett.zqg@gmail.com> (cherry picked from commit `300f0c5ace`) Co-authored-by: barnettZQG <barnett.zqg@gmail.com>	2022-04-22 16:34:28 +08:00
github-actions[bot]	e86eec07e0	specify staticcheck version (#3728 ) Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix the workflow Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix try to fix Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix make file Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix makefile Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> (cherry picked from commit `7b62664332`) Co-authored-by: 楚岳 <wangyike.wyk@alibaba-inc.com>	2022-04-22 14:26:37 +08:00
github-actions[bot]	4abb5c6ced	[Backport release-1.3] Fix: embed.FS filepath that follow the unix style file path when running on windows (#3720 ) * fix: "builtin-apply-component.cue: file does not exist" Signed-off-by: lei.chu <1062186165@qq.com> (cherry picked from commit `fba60a1af1`) * fix: "builtin-apply-component.cue: file does not exist" Signed-off-by: lei.chu <1062186165@qq.com> (cherry picked from commit `9e74023951`) Co-authored-by: lei.chu <1062186165@qq.com>	2022-04-21 14:32:30 +08:00
github-actions[bot]	32d9a9ec94	Fix: vela-core does not report error, when component depends on invalid component (#3712 ) Signed-off-by: StevenLeiZhang <zhangleiic@163.com> (cherry picked from commit `01781bdc02`) Co-authored-by: StevenLeiZhang <zhangleiic@163.com>	2022-04-20 13:39:53 +08:00
github-actions[bot]	f6f9ef4ded	Feat: support disable legacy gc upgrade operation (#3697 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `31ab3d859c`) Co-authored-by: Somefive <yd219913@alibaba-inc.com>	2022-04-19 09:53:10 +08:00
github-actions[bot]	166c93d548	Fix: set provider name as the config name (#3695 ) - For VelaUX, hidden a provider name (users don't need to manual set it). Used the application/component name (config name) to be the provider name. - Store description of a config to the annotation of the config application Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com> (cherry picked from commit `e3feeeec24`) Co-authored-by: Zheng Xi Zhou <zzxwill@gmail.com>	2022-04-18 16:48:37 +08:00
github-actions[bot]	8f767068bf	Fix: rt resource key compare mismatch local cluster (#3685 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `fa12bc1950`) Co-authored-by: Somefive <yd219913@alibaba-inc.com>	2022-04-15 16:37:00 +08:00
github-actions[bot]	8d9e2a71e7	[Backport release-1.3] Fix: can not query the instance list for the app with apply once policy (#3684 ) * Fix: can not query the instance list for the app with apply once policy Signed-off-by: barnettZQG <barnett.zqg@gmail.com> (cherry picked from commit `fbcba8da98`) * Fix: change the test case about ListResourcesInApp Signed-off-by: barnettZQG <barnett.zqg@gmail.com> (cherry picked from commit `91c45132b0`) Co-authored-by: barnettZQG <barnett.zqg@gmail.com>	2022-04-15 15:04:04 +08:00
wyike	58b3bca537	cherrypick 3665 and 3605 to release 1.3 (#3668 ) Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com>	2022-04-15 12:11:05 +08:00
github-actions[bot]	825f1aaa22	[Backport release-1.3] Fix: fix token invalid after the server restarted (#3662 ) * Fix: fix token invalid after the server restarted Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com> (cherry picked from commit `13c6f0c5a3`) * fix lint Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com> (cherry picked from commit `96896d4956`) * Pending test temporary Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com> (cherry picked from commit `33160fd199`) * Pending test temporary Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com> (cherry picked from commit `c858b81d86`) Co-authored-by: FogDong <dongtianxin.tx@alibaba-inc.com>	2022-04-14 22:26:57 +08:00
github-actions[bot]	82075427e6	Fix: vela status tree show cluster alias & raw format (#3661 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `4ff0f53c04`) Co-authored-by: Somefive <yd219913@alibaba-inc.com>	2022-04-14 19:40:14 +08:00
github-actions[bot]	f89cf673c0	Fix: add label from inner system in CR can prevent sync (#3660 ) Signed-off-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com> (cherry picked from commit `dceb642ad6`) Co-authored-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com>	2022-04-14 19:33:35 +08:00
github-actions[bot]	ce53f6922f	[Backport release-1.3] Fix: duplicately list pods in velaQL (#3656 ) * Fix: duplicately list pods in velaQL Signed-off-by: barnettZQG <barnett.zqg@gmail.com> (cherry picked from commit `5917141b12`) * Fix: the create time of synced app is empty Signed-off-by: barnettZQG <barnett.zqg@gmail.com> (cherry picked from commit `d404c4b507`) Co-authored-by: barnettZQG <barnett.zqg@gmail.com>	2022-04-14 17:46:08 +08:00
github-actions[bot]	b6f70d9a3c	Fix: failed to deploy application when no there is no avaiable (#3654 ) When there are configs, but not in the project where the appliation is about to deploy, the sync application will hit an issue. It will lead to block the deploy of an application. Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com> (cherry picked from commit `6cac625d53`) Co-authored-by: Zheng Xi Zhou <zzxwill@gmail.com>	2022-04-14 17:26:31 +08:00
Somefive	64d063ccfe	[Backport release-1.3] vela status tree & controller flags fix (#3649 ) * Feat: vela status --tree (#3609) * Feat: vela status --tree Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Feat: support show not-deployed clusters Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Fix: add tests Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Fix: add multicluster e2e coverage Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Chore: minor fix Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Fix: cli default switch on feature flags (#3625) Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Feat: support alias in cluster (#3630) * Feat: support alias in cluster Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Fix: add test for cluster alias Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Feat: rework vela up to support specified revision (#3634) * Feat: rework vela up to support specified revision Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Fix: add legacy compatibility Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Feat: fix test Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Fix: enhance vela status tree print (#3639) Signed-off-by: Somefive <yd219913@alibaba-inc.com>	2022-04-14 16:36:35 +08:00
github-actions[bot]	a98278fb7a	[Backport release-1.3] Fix: refine the config sync logic (#3647 ) * Fix: refine config management - Refine the config sync logics Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com> (cherry picked from commit `97cc021d7a`) * address comments Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com> (cherry picked from commit `3e0f9c07a8`) Co-authored-by: Zheng Xi Zhou <zzxwill@gmail.com>	2022-04-14 13:05:01 +08:00
wyike	0553d603e6	Chore: cherry-pick 3641 to release 1.3 (#3646 ) * Fix: try to fix CVE (#3641) * use santize Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com>	2022-04-14 11:25:02 +08:00
github-actions[bot]	a36e99308f	[Backport release-1.3] Fix: clear info when addon version cannot meet require (#3645 ) * first Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> version miss match erro for addon Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> add log (cherry picked from commit `14fda35867`) * add test for this Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> small fix (cherry picked from commit `1e218b5732`) Co-authored-by: 楚岳 <wangyike.wyk@alibaba-inc.com>	2022-04-14 10:03:42 +08:00
github-actions[bot]	947bac2d35	Fix: verify password valid (#3643 ) Signed-off-by: Zhiyu Wang <zhiyuwang.newbis@gmail.com> (cherry picked from commit `b623976f1e`) Co-authored-by: Zhiyu Wang <zhiyuwang.newbis@gmail.com>	2022-04-13 19:40:05 +08:00
github-actions[bot]	7644cc59cb	Feat: refine config creation and provide config list (#3640 ) - Make the api of creation a config to be async - In listing config page, show the status of a config Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com> (cherry picked from commit `5314e5bf9e`) Co-authored-by: Zheng Xi Zhou <zzxwill@gmail.com>	2022-04-13 13:48:20 +08:00
github-actions[bot]	89a441b8ce	[Backport release-1.3] Fix: fix dex login with existed email (#3633 ) * Fix: fix dex login with existed email Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com> (cherry picked from commit `15400df15e`) * add dex connector check Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com> (cherry picked from commit `a7062e08e1`) * unset users' alias Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com> (cherry picked from commit `1a818f4b8b`) * fix ut Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com> (cherry picked from commit `1b3768ca73`) * fix ut Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com> (cherry picked from commit `e54fc776b0`) Co-authored-by: FogDong <dongtianxin.tx@alibaba-inc.com>	2022-04-12 16:30:10 +08:00
github-actions[bot]	780572c68f	Fix: flags for controller (#3632 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `e5a5916973`) Co-authored-by: Somefive <yd219913@alibaba-inc.com>	2022-04-12 16:13:50 +08:00
github-actions[bot]	a13cab65b2	[Backport release-1.3] Feat: support basic auth private helm repo (#3631 ) * support auth Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> (cherry picked from commit `54c05afb1a`) * add test Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix check diff Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix test fix add comments fix test (cherry picked from commit `a8961ec8cc`) * add tests Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix add more test Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> (cherry picked from commit `4f45a6af8e`) * add more test Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> (cherry picked from commit `dee791aa51`) * extract set auth info as a global func Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> (cherry picked from commit `f8fb0137e3`) * return bcode Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> (cherry picked from commit `057a67d8b9`) Co-authored-by: 楚岳 <wangyike.wyk@alibaba-inc.com>	2022-04-12 16:10:48 +08:00
Min Kim	e26104adcc	bump cluster-gateway to 1.3.2 (#3620 ) Signed-off-by: yue9944882 <291271447@qq.com>	2022-04-11 19:49:20 +08:00
github-actions[bot]	26ac584655	[Backport release-1.3] Feat: add api of listing configs for project when creating a target (#3626 ) * Feat: add api of listing configs for project In a project, list configs by its type Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com> (cherry picked from commit `87aae26f3f`) * address comments Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com> (cherry picked from commit `830cc79dcf`) * fix ci Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com> (cherry picked from commit `bf10455f6b`) * add query parameter definition Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com> (cherry picked from commit `73ff31382b`) * Update pkg/apiserver/rest/webservice/project.go Co-authored-by: barnettZQG <barnett.zqg@gmail.com> (cherry picked from commit `f0b346a1cb`) Co-authored-by: Zheng Xi Zhou <zzxwill@gmail.com>	2022-04-11 19:06:31 +08:00
github-actions[bot]	482976990d	Fix: reuse chart values in vela install (#3617 ) Signed-off-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com> (cherry picked from commit `5bf0dd045f`) Co-authored-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com>	2022-04-11 09:52:03 +08:00
github-actions[bot]	bc4812a12e	[Backport release-1.3] Fix: vela logs without specified resource name (#3608 ) * Fix: vela logs without specified resource name Signed-off-by: qiaozp <chivalry.pp@gmail.com> (cherry picked from commit `43df60cb87`) * add unittest Signed-off-by: qiaozp <chivalry.pp@gmail.com> (cherry picked from commit `daacb88601`) * reviewable Signed-off-by: qiaozp <chivalry.pp@gmail.com> (cherry picked from commit `195585b69f`) Co-authored-by: qiaozp <chivalry.pp@gmail.com>	2022-04-08 17:57:15 +08:00
github-actions[bot]	58c2208e2a	add sorting for properties, outputs, writeSecretRefParameters in vela def doc-gen (#3604 ) Signed-off-by: Nicola115 <2225992901@qq.com> (cherry picked from commit `f1f5fa563d`) Co-authored-by: Nicola115 <2225992901@qq.com>	2022-04-08 15:32:09 +08:00
github-actions[bot]	f83d88cfb0	[Backport release-1.3] Fix: add terraform aws provider without AWS_SESSION_TOKEN (#3594 ) * Fix: add terraform aws provider without AWS_SESSION_TOKEN Fix #3589 and refine prompts for cli Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com> (cherry picked from commit `904a72857b`)	2022-04-07 17:03:35 +08:00
				`@@ -0,0 +1 @@`
				`Welcome to use the oam-runtime follows OAM spec v0.2! Enjoy your shipping application journey!`