From 917143bc96f0c4d79f50138100fc8d4f48ce7996 Mon Sep 17 00:00:00 2001 From: mistadave Date: Tue, 16 Aug 2022 15:02:21 +0200 Subject: [PATCH 1/5] update Chart and app version --- src/main/ks-installer/Chart.yaml | 4 ++-- src/main/ks-installer/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/ks-installer/Chart.yaml b/src/main/ks-installer/Chart.yaml index d50e766e..9351d72d 100644 --- a/src/main/ks-installer/Chart.yaml +++ b/src/main/ks-installer/Chart.yaml @@ -18,9 +18,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.1 +version: 0.3.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 3.2.1 +appVersion: 3.3.0 diff --git a/src/main/ks-installer/values.yaml b/src/main/ks-installer/values.yaml index 31817c72..438ea8cc 100644 --- a/src/main/ks-installer/values.yaml +++ b/src/main/ks-installer/values.yaml @@ -9,7 +9,7 @@ image: repository: kubesphere/ks-installer pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: v3.2.1 + tag: v3.3.0 serviceAccount: # Specifies whether a service account should be created From aa3377b63114ee915eb0aa00d7e8aec4b78fa5dd Mon Sep 17 00:00:00 2001 From: mistadave Date: Tue, 16 Aug 2022 15:02:37 +0200 Subject: [PATCH 2/5] add new rules --- .../ks-installer/templates/clusterrole.yaml | 396 +++++++++--------- 1 file changed, 204 insertions(+), 192 deletions(-) diff --git a/src/main/ks-installer/templates/clusterrole.yaml b/src/main/ks-installer/templates/clusterrole.yaml index bde94b34..c7eb0723 100644 --- a/src/main/ks-installer/templates/clusterrole.yaml +++ b/src/main/ks-installer/templates/clusterrole.yaml @@ -3,195 +3,207 @@ kind: ClusterRole metadata: name: ks-installer rules: - - apiGroups: - - "" - resources: - - '*' - verbs: - - '*' - - apiGroups: - - apps - resources: - - '*' - verbs: - - '*' - - apiGroups: - - extensions - resources: - - '*' - verbs: - - '*' - - apiGroups: - - batch - resources: - - '*' - verbs: - - '*' - - apiGroups: - - rbac.authorization.k8s.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - apiregistration.k8s.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - apiextensions.k8s.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - tenant.kubesphere.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - certificates.k8s.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - devops.kubesphere.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - '*' - verbs: - - '*' - - apiGroups: - - logging.kubesphere.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - jaegertracing.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - storage.k8s.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - admissionregistration.k8s.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - policy - resources: - - '*' - verbs: - - '*' - - apiGroups: - - autoscaling - resources: - - '*' - verbs: - - '*' - - apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - config.istio.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - iam.kubesphere.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - notification.kubesphere.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - auditing.kubesphere.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - events.kubesphere.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - core.kubefed.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - installer.kubesphere.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - storage.kubesphere.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - security.istio.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - monitoring.kiali.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - kiali.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - networking.k8s.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - kubeedge.kubesphere.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - types.kubefed.io - resources: - - '*' - verbs: - - '*' \ No newline at end of file +- apiGroups: + - "" + resources: + - '*' + verbs: + - '*' +- apiGroups: + - apps + resources: + - '*' + verbs: + - '*' +- apiGroups: + - extensions + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - apiregistration.k8s.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - tenant.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - certificates.k8s.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - devops.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - '*' + verbs: + - '*' +- apiGroups: + - logging.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - jaegertracing.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - storage.k8s.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - '*' + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - iam.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - notification.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - auditing.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - events.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - core.kubefed.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - installer.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - storage.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - monitoring.kiali.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - kiali.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - edgeruntime.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - types.kubefed.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - monitoring.kubesphere.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - application.kubesphere.io + resources: + - '*' + verbs: + - '*' From 446788d22b4a00c6be71e9f62f5e543de1454eef Mon Sep 17 00:00:00 2001 From: mistadave Date: Tue, 16 Aug 2022 15:46:57 +0200 Subject: [PATCH 3/5] add readonly to host-time mount --- src/main/ks-installer/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/ks-installer/templates/deployment.yaml b/src/main/ks-installer/templates/deployment.yaml index eb09aeef..4dcc4beb 100644 --- a/src/main/ks-installer/templates/deployment.yaml +++ b/src/main/ks-installer/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: volumeMounts: - mountPath: /etc/localtime name: host-time + readOnly: true {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} From 5a74420928e365ea73653112e5f65398e6b85c54 Mon Sep 17 00:00:00 2001 From: mistadave Date: Tue, 16 Aug 2022 16:57:51 +0200 Subject: [PATCH 4/5] update chart version to ks-installer version --- src/main/ks-installer/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/ks-installer/Chart.yaml b/src/main/ks-installer/Chart.yaml index 9351d72d..d5db0c86 100644 --- a/src/main/ks-installer/Chart.yaml +++ b/src/main/ks-installer/Chart.yaml @@ -18,7 +18,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.2 +version: 3.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 539ab41025a5bebe27183761aee7c5d6e4571141 Mon Sep 17 00:00:00 2001 From: mistadave Date: Mon, 20 Mar 2023 09:18:31 +0100 Subject: [PATCH 5/5] linting, update chart version to 0.3.2 --- src/main/ks-installer/Chart.yaml | 2 +- .../ks-installer/templates/clusterrole.yaml | 408 +++++++++--------- 2 files changed, 205 insertions(+), 205 deletions(-) diff --git a/src/main/ks-installer/Chart.yaml b/src/main/ks-installer/Chart.yaml index d5db0c86..9351d72d 100644 --- a/src/main/ks-installer/Chart.yaml +++ b/src/main/ks-installer/Chart.yaml @@ -18,7 +18,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.0.0 +version: 0.3.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/src/main/ks-installer/templates/clusterrole.yaml b/src/main/ks-installer/templates/clusterrole.yaml index c7eb0723..69b41d4f 100644 --- a/src/main/ks-installer/templates/clusterrole.yaml +++ b/src/main/ks-installer/templates/clusterrole.yaml @@ -3,207 +3,207 @@ kind: ClusterRole metadata: name: ks-installer rules: -- apiGroups: - - "" - resources: - - '*' - verbs: - - '*' -- apiGroups: - - apps - resources: - - '*' - verbs: - - '*' -- apiGroups: - - extensions - resources: - - '*' - verbs: - - '*' -- apiGroups: - - batch - resources: - - '*' - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - apiregistration.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - tenant.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - certificates.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - devops.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - resources: - - '*' - verbs: - - '*' -- apiGroups: - - logging.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - jaegertracing.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - storage.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - admissionregistration.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - policy - resources: - - '*' - verbs: - - '*' -- apiGroups: - - autoscaling - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - config.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - iam.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - notification.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - auditing.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - events.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - core.kubefed.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - installer.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - storage.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - security.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - monitoring.kiali.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - kiali.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - edgeruntime.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - types.kubefed.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - monitoring.kubesphere.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - application.kubesphere.io - resources: - - '*' - verbs: - - '*' + - apiGroups: + - "" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - apps + resources: + - "*" + verbs: + - "*" + - apiGroups: + - extensions + resources: + - "*" + verbs: + - "*" + - apiGroups: + - batch + resources: + - "*" + verbs: + - "*" + - apiGroups: + - rbac.authorization.k8s.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - apiregistration.k8s.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - apiextensions.k8s.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - tenant.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - certificates.k8s.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - devops.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - monitoring.coreos.com + resources: + - "*" + verbs: + - "*" + - apiGroups: + - logging.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - jaegertracing.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - storage.k8s.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - admissionregistration.k8s.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - policy + resources: + - "*" + verbs: + - "*" + - apiGroups: + - autoscaling + resources: + - "*" + verbs: + - "*" + - apiGroups: + - networking.istio.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - config.istio.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - iam.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - notification.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - auditing.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - events.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - core.kubefed.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - installer.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - storage.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - security.istio.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - monitoring.kiali.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - kiali.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - networking.k8s.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - edgeruntime.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - types.kubefed.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - monitoring.kubesphere.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - application.kubesphere.io + resources: + - "*" + verbs: + - "*"