Merge remote-tracking branch 'upstream/master' into updateFlux

kubevela · Jun 11, 2024 · 5a66d19 · 5a66d19
2 parents c9b40e7 + 9976a15
commit 5a66d19
Show file tree

Hide file tree

Showing 35 changed files with 1,193 additions and 119 deletions.
diff --git a/addons/chartmuseum/metadata.yaml b/addons/chartmuseum/metadata.yaml
@@ -1,5 +1,5 @@
 name: chartmuseum
-version: 4.1.0
+version: 4.2.1
 description: ChartMuseum is an open-source and easy to deploy Helm Chart Repository server.
 icon: https://raw.githubusercontent.com/helm/chartmuseum/main/logo2.png
 url: https://chartmuseum.com

diff --git a/addons/chartmuseum/readme.md b/addons/chartmuseum/readme.md
@@ -162,4 +162,13 @@ amazon: {
 	// +usage=AWS access key secret
 	accessKeySecret: "secret"
 }
+```
+
+#### Caching
+
+Override the default for updating the cache index-cache.yaml
+
+```yaml
+// +usage=Override the default for updating the cache index-cache.yaml e.g. 5m, 1s
+cacheRefresh: string
 ```
diff --git a/addons/chartmuseum/resources/chartmuseum.cue b/addons/chartmuseum/resources/chartmuseum.cue
@@ -36,6 +36,7 @@ import (
 	}
 	DEBUG:              strconv.FormatBool(parameter.debug)
 	DISABLE_API:        strconv.FormatBool(parameter.disableAPI)
+	CACHE_INTERVAL:     parameter.cacheRefresh
 	ALLOW_OVERWRITE:    strconv.FormatBool(parameter.allowOverwrite)
 	AUTH_ANONYMOUS_GET: strconv.FormatBool(parameter.authAnonymousGet)
 	if parameter.basicAuth != _|_ {
@@ -92,6 +93,9 @@ import (
 		type:    "gateway"
 		properties: {
 			domain: parameter.ingressHost.name
+			if parameter.ingressHost.class != _|_ {
+				class: parameter.ingressHost.class
+			}
 			http: {
 				"\(parameter.ingressHost.path)": parameter.externalPort
 			}

diff --git a/addons/chartmuseum/resources/parameter.cue b/addons/chartmuseum/resources/parameter.cue
@@ -31,9 +31,9 @@ parameter: {
 		// +usage=Server side encryption algorithm
 		sse?: string
 		// +usage=AWS access key id
-		accessKeyID: string
+		accessKeyID?: string
 		// +usage=AWS access key secret
-		accessKeySecret: string
+		accessKeySecret?: string
 	}
 	// +usage=GCP storage backend settings
 	google?: {
@@ -59,6 +59,8 @@ parameter: {
 	debug: *false | bool
 	// +usage=Disable all routes prefixed with /api
 	disableAPI: *false | bool
+	// +usage=Override the default for updating the cache index-cache.yaml e.g. 5m, 1s
+	cacheRefresh: *"5m" | string
 	// +usage=Allow chart versions to be re-uploaded
 	allowOverwrite: *true | bool
 	// +usage=Allow anonymous GET operations when auth is used
@@ -95,5 +97,7 @@ parameter: {
 		tls: *false | bool
 		// +usage=If TLS is set to true, you must declare what secret will store the key/certificate for TLS. Secrets must be added manually to the vela-system.
 		tlsSecret?: string
+		// +usage=Specify the ingress class name to use
+		class?: string
 	}
 }
diff --git a/addons/dex/config-templates/dex-connector.cue b/addons/dex/config-templates/dex-connector.cue
@@ -41,10 +41,13 @@ template: {
 		if parameter.type == "google" && parameter.google != _|_ {
 			stringData: google: json.Marshal(parameter.google)
 		}
+		if parameter.type == "oauth" && parameter.oauth != _|_ {
+			stringData: oauth: json.Marshal(parameter.oauth)
+		}
 	}
 	parameter: {
 		// +usage=Connetor type
-		type: *"github" | "ldap" | "gitlab" | "oidc" | "saml" | "google"
+		type: *"github" | "ldap" | "gitlab" | "oidc" | "saml" | "google" | "oauth"
 		// +usage=GitHub connector
 		github?: {
 			// +usage=GitHub client ID
@@ -132,5 +135,42 @@ template: {
 			// +usage=Email of attributes in the returned assertions to map to ID token claims.
 			emailAttr: string
 		}
+		// +usage=OAuth connector
+		oauth?: {
+			// +usage=OAuth client ID
+			clientID: string
+			// +usage=OAuth client secret
+			clientSecret: string
+			// +usage=OAuth redirect URI - for instance [VelaUX address:port]/dex/callback
+			redirectURI: string
+			// +usage=OAuth token URL
+			tokenURL: string
+			// +usage=OAuth authorization URL
+			authorizationURL: string
+			// +usage=OAuth user info URL
+			userInfoURL: string
+			// +usage=Optional: Specify whether to communicate to Auth provider without validating SSL certificates
+			insecureSkipVerify?: bool | *false
+			// +usage=Optional: The location of file containing SSL certificates to communicate to Auth provider
+			rootCAs?: string
+			// +usage=Optional: Configurable keys for user ID look up
+			userIDKey?: string | *"username"
+			// +usage=Optional: List of scopes to request Auth provider for access user account
+			scopes?: [...string]
+			// +usage=Auth providers return non-standard user identity profile. Use claimMapping to map those user informations to standard claims:
+			claimMapping: {
+				// +usage=Optional: Configurable keys for user name look up
+				userNameKey?: string | *"name"
+				// +usage=Optional: Configurable keys for preferred username look up
+				preferredUsernameKey? : string | *"username"
+				// +usage=Optional: Configurable keys for user groups look up
+				groupsKey?: string
+				// +usage=Optional: Configurable keys for email look up
+				emailKey?: string
+				// +usage=Configurable keys for email verified look up
+				emailVerifiedKey?: string
+			}
+
+		}
 	}
 }
diff --git a/addons/dex/metadata.yaml b/addons/dex/metadata.yaml
@@ -1,5 +1,5 @@
 name: dex
-version: 0.6.6
+version: 0.7.0
 description: Enable dex for login
 icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/dex/horizontal/color/dex-horizontal-color.png
 
@@ -12,4 +12,4 @@ dependencies:
   - name: fluxcd
 
 system:
-  vela: ">=v1.6.0-alpha.6"
+  vela: ">=v1.6.0-alpha.6"
diff --git a/addons/dex/readme.md b/addons/dex/readme.md
@@ -9,6 +9,10 @@ Please refer to [Dex's Website](https://dexidp.io/docs/) for more details.
 
 ## Versions
 
+* 0.7.0
+    * upgrade the dex chart to [v 0.15.3](https://artifacthub.io/packages/helm/dex/dex/0.15.3) that deploys dex `2.37.0`
+    * add support of [Dex OAuth connector](https://dexidp.io/docs/connectors/oauth/
+
 * 0.6.6
+    * Change the dex-connector component definition to the config template.
 
-Change the dex-connector component definition to the config template.
diff --git a/addons/dex/schemas/config-uischema-dex-connector.yaml b/addons/dex/schemas/config-uischema-dex-connector.yaml
@@ -172,3 +172,78 @@
         colSpan: 12
     - jsonKey: startTLS
       sort: 103
+
+- jsonKey: oauth
+  sort: 15
+  uiType: Ignore
+  validate:
+    required: true
+  conditions:
+    - jsonKey: type
+      op: "=="
+      value: "oauth"
+  subParameters:
+    - jsonKey: clientID
+      uiType: Password
+      sort: 3
+      style:
+        colSpan: 12
+    - jsonKey: clientSecret
+      uiType: Password
+      sort: 5
+      style:
+        colSpan: 12
+    - jsonKey: redirectURI
+      sort: 7
+      style:
+        colSpan: 12
+    - jsonKey: tokenURL
+      sort: 9
+      style:
+        colSpan: 12
+    - jsonKey: authorizationURL
+      sort: 11
+      style:
+        colSpan: 12
+    - jsonKey: userInfoURL
+      sort: 13
+      style:
+        colSpan: 12
+
+    - jsonKey: claimMapping
+      sort: 15
+      style:
+        colSpan: 24
+      subParameters:
+      - jsonKey: userNameKey
+        style:
+          colSpan: 12
+      - jsonKey: preferredUsernameKey
+        style:
+          colSpan: 12
+      - jsonKey: groupsKey
+        style:
+          colSpan: 12
+      - jsonKey: emailKey
+        style:
+          colSpan: 12
+      - jsonKey: emailVerifiedKey
+        style:
+          colSpan: 12
+
+    - jsonKey: insecureSkipVerify
+      sort: 19
+      style:
+        colSpan: 24
+    - jsonKey: userIDKey
+      sort: 21
+      style:
+        colSpan: 12
+    - jsonKey: scopes
+      sort: 23
+      style:
+        colSpan: 24
+    - jsonKey: rootCAs
+      sort: 25
+      style:
+        colSpan: 24
diff --git a/addons/dex/template.yaml b/addons/dex/template.yaml
@@ -9,7 +9,7 @@ spec:
       type: helm
       properties:
         chart: dex
-        version: "0.6.5"
+        version: "0.15.3"
         url: "https://charts.dexidp.io"
         repoType: helm
         values:
@@ -56,4 +56,4 @@ spec:
               secretName: kubevela-logo
               items:
               - key: favicon-dark
-                path: favicon.png
+                path: favicon.png
diff --git a/addons/fluxcd/config-templates/helm-repository.cue b/addons/fluxcd/config-templates/helm-repository.cue
@@ -33,9 +33,6 @@ template: {
 			if parameter.password != _|_ {
 				password: parameter.password
 			}
-
-		}
-		data: {
 			if parameter.caFile != _|_ {
 				caFile: parameter.caFile
 			}
@@ -53,7 +50,7 @@ template: {
 		username?: string
 		// +usage=The password of basic auth repo.
 		password?: string
-		// +usage=The ca certificate of helm repository. Please encode this data with base64.
+		// +usage=The ca certificate of helm repository. don't need base64 encode.
 		caFile?: string
 	}
 }
diff --git a/addons/fluxcd/definitions/helm-release-def.cue b/addons/fluxcd/definitions/helm-release-def.cue
@@ -49,7 +49,12 @@ helm: {
 								}
 							}
 					}
-					message: repoMessage + ", " + releaseMessage
+					if repoMessage == "" {
+					    message: releaseMessage
+					}
+					if repoMessage != "" {
+					    message: repoMessage + ", " + releaseMessage
+					}
 				"""#
 		}
 	}

diff --git a/addons/fluxcd/definitions/kustomize.cue b/addons/fluxcd/definitions/kustomize.cue
@@ -35,6 +35,14 @@ template: {
 				}
 				namespace: context.namespace
 			}
+			if parameter.decryption != _|_ {
+				decryption: {
+					provider: parameter.decryption.provider
+					secretRef: {
+						name: parameter.decryption.secretRef.name
+					}
+				}
+			}
 			path:    parameter.path
 			suspend: parameter.suspend
 			prune:   parameter.prune
@@ -255,6 +263,14 @@ template: {
 		// +usage=The name of the source already existed
 		sourceName?: string
 
+		decryption?: {
+			// +usage=Determines which decrypt method to use. Defaults to sops
+			provider: string
+			secretRef: {
+				// +usage=Decrypt secretRef to use
+				name: string
+			}
+		}
 		git?: {
 			// +usage=The Git branch to checkout and monitor for changes, defaults to main branch
 			branch?: *"main" | string

diff --git a/addons/fluxcd/schemas/config-uischema-helm-repository.yaml b/addons/fluxcd/schemas/config-uischema-helm-repository.yaml
@@ -1,7 +1,7 @@
 - jsonKey: caFile
   sort: 11
   uiType: CertBase64
-  description: The ca certificate of helm repository. Please encode this data with base64.
+  description: The ca certificate of helm repository. don't need base64 encode.
 - jsonKey: url
   sort: 5
   label: URL

diff --git a/addons/kube-state-metrics/metadata.yaml b/addons/kube-state-metrics/metadata.yaml
@@ -1,5 +1,5 @@
 name: kube-state-metrics
-version: v0.3.0
+version: v0.3.1
 description: A simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
 icon: https://artifacthub.io/image/81797fec-309d-4380-a527-68f1c9e1dcfb@1x
 url: https://github.com/kubernetes/kube-state-metrics

diff --git a/addons/kube-state-metrics/resources/kube-state-metrics.cue b/addons/kube-state-metrics/resources/kube-state-metrics.cue
@@ -7,6 +7,7 @@ kubeStateMetrics: {
 	properties: {
 		image:           parameter["image"]
 		imagePullPolicy: parameter["imagePullPolicy"]
+		ports: [{port: 8080}]
 		livenessProbe: {
 			httpGet: {
 				path: "/healthz"
@@ -47,6 +48,7 @@ kubeStateMetrics: {
 				"prometheus.io/port":   "8080"
 				"prometheus.io/scrape": "true"
 				"prometheus.io/path":   "/metrics"
+				"oam.dev/addon-name": "kube-state-metric"
 			}
 		}
 	}, {

diff --git a/addons/vela-workflow/definitions/addon-operation.cue b/addons/vela-workflow/definitions/addon-operation.cue
@@ -22,7 +22,9 @@ template: {
 				name:      context.name + "-" + context.stepSessionID
 				namespace: "vela-system"
 				labels: {
-					"enable-addon.oam.dev": context.name
+					"enable-addon.oam.dev":     context.name
+					"workflow.oam.dev/name":    context.name
+					"workflow.oam.dev/session": context.stepSessionID
 				}
 				annotations: {
 					"workflowrun.oam.dev/step": context.stepName

diff --git a/addons/vela-workflow/metadata.yaml b/addons/vela-workflow/metadata.yaml
@@ -1,5 +1,5 @@
 name: vela-workflow
-version: v0.6.1
+version: v0.6.2
 description: "vela-workflow provides the capability to run a standalone workflow"
 icon: "https://static.kubevela.net/images/logos/KubeVela%20-03.png"
 url: "https://github.com/kubevela/workflow"

diff --git a/addons/velaux/metadata.yaml b/addons/velaux/metadata.yaml
@@ -1,5 +1,5 @@
 name: velaux
-version: v1.9.2
+version: v1.9.3
 description: KubeVela User Experience (UX). An extensible, application-oriented delivery and management Platform.
 icon: https://static.kubevela.net/images/logos/KubeVela%20-03.png
 url: https://kubevela.io

diff --git a/addons/velaux/parameter.cue b/addons/velaux/parameter.cue
@@ -1,11 +1,11 @@
 parameter: {
-	// +usage=Specify the image hub of velaux, eg. "acr.kubevela.net"
+	// +usage=Specify the image hub of velaux
 	repo?: string
-	// +usage=Specify the database type, current support KubeAPI(default) and MongoDB.
-	dbType: *"kubeapi" | "mongodb"
+	// +usage=Specify the database type, current support KubeAPI(default), MongoDB, MySQL, Postgres.
+	dbType: *"kubeapi" | "mongodb" | "mysql" | "postgres"
 	// +usage=Specify the database name, for the kubeapi db type, it represents namespace.
 	database?: string
-	// +usage=Specify the MongoDB URL. it only enabled where DB type is MongoDB.
+	// +usage=Specify the Database connection URL. it is not used when dbType is "kubeapi", Format reference: https://kubevela.io/docs/reference/addons/velaux/
 	dbURL?: string
 	// +usage=Specify the domain, if set, ingress will be created if the gateway driver is nginx.
 	domain?: string

diff --git a/addons/victoria-metric/README.md b/addons/victoria-metric/README.md
@@ -0,0 +1,3 @@
+# victoria-metric
+
+This is an addon template. Check how to build your own addon: https://kubevela.net/docs/platform-engineers/addon/intro