diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 000000000..36def7cca --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,27 @@ +## Contributing to Dubbo +Dubbo is released under the non-restrictive Apache 2.0 licenses and follows a very standard Github development process, using Github tracker for issues and merging pull requests into master. Contributions of all form to this repository is acceptable, as long as it follows the prescribed community guidelines enumerated below. + +### Sign the Contributor License Agreement +Before we accept a non-trivial patch or pull request (PRs), we will need you to sign the Contributor License Agreement. Signing the contributors' agreement does not grant anyone commits rights to the main repository, but it does mean that we can accept your contributions, and you will get an author credit if we do. Active contributors may get invited to join the core team that will grant them privileges to merge existing PRs. + +### Contact + +#### Mailing list + +The mailing list is the recommended way of pursuing a discussion on almost anything related to Dubbo. Please refer to this [guide](https://github.com/apache/dubbo/wiki/Mailing-list-subscription-guide) for detailed documentation on how to subscribe. + +- [dev@dubbo.apache.org](mailto:dev-subscribe@dubbo.apache.org): the developer mailing list where you can ask questions about an issue you may have encountered while working with Dubbo. +- [commits@dubbo.apache.org](mailto:commits-subscribe@dubbo.apache.org): the commit updates will get broadcasted on this mailing list. You can subscribe to it, should you be interested in following Dubbo's development. +- [notifications@dubbo.apache.org](mailto:notifications-subscribe@dubbo.apache.org): all the Github [issue](https://github.com/apache/dubbo/issues) updates and [pull request](https://github.com/apache/dubbo/pulls) updates will be sent to this mailing list. + +### Reporting issue + +Please crete an issue here https://github.com/apache/dubbo-kubernetes + + +### Contribution flow + +A rough outline of an ideal contributors' workflow is as follows: + + +Thanks for contributing! \ No newline at end of file diff --git a/DEVELOPER.md b/DEVELOPER.md new file mode 100644 index 000000000..1af28cf5b --- /dev/null +++ b/DEVELOPER.md @@ -0,0 +1,5 @@ +# Developer documentation + +The source code guidance of this project. + +With this documentation, developers can learn which part of the project they need to change in order to fix a bug or introduce a new feature. How can they verify their codes work as expected before submit a pull request, by running the project locally or running the test suite. \ No newline at end of file diff --git a/README.md b/README.md index 986b011c0..1bf13bd33 100644 --- a/README.md +++ b/README.md @@ -10,76 +10,124 @@ The Dubbo Kubernetes Integration [![codecov](https://codecov.io/gh/apache/dubbo-kubernetes/branch/master/graph/badge.svg)](https://codecov.io/gh/apache/dubbo-kubernetes) ![license](https://img.shields.io/badge/license-Apache--2.0-green.svg) -This repository contains libraries and tools for creating and deploying Dubbo applications in any Kubernetes environment, i.e. on Kubernetes, Aliyun ACK, etc. - -## Prerequisites: -* Ensure you have Go installed, version 1.20 or higher. -* Make sure you install kubectl. -* Ensure you have Dubboctl installed. - -## Quick Start -### Create a Dubbo application -Use `dubboctl create` to create a project template. - -```shell -dubboctl create -l java -``` - -This should generate a simple project with a demo service properly configured and is ready to run. - -> For java developers, it's recommended to use [start.dubbo.apache.org]() or [IntelliJ IDEA plugin]() to generate more complicated templates. - -### Deploy application to Kubernetes -Before deploying the application, let's install Nacos, Zookeeper, Prometheus and other components necessary for running a Dubbo application or microservice cluster. - -```shell -dubboctl install --profile=demo # This will install Nacos, Prometheus, Grafana, Admin, etc. -``` - -Next, build your application as docker image and deploy it into kubernetes cluster with `dubboctl deploy`, it will do the following two steps: - -1. Build your application from source code into docker image and push the image to remote repository. -2. Generate all the kubernetes configurations (e.g., deployments, services, load balancers) needed to run your application on vanilla Kubernetes. - -```shell -dubboctl deploy --out=deployment.yml -``` - -Finally, apply manifests into kubernetes cluster. - -```shell -kubectl apply -f deployment.yml -``` - -### Monitor and manage your application -We already have the application up and running, now it's time to continuously monitor the status or manage the traffics of our applications. - -#### Admin -Run the following command and open `http://localhost:38080/admin/` with your favourite browser. - -```shell -dubboctl dashboard admin -``` - -![Admin Console]() - - -![Admin Grafana]() - -#### Tracing -```shell -dubboctl dashboard zipkin -``` - -#### Traffic Management -Please refer to our official website to learn the traffic policies in Dubbo with some well-designed tasks. -* Timeout -* Accesslog -* Region-aware traffic split -* Weight-based traffic split -* Circuit breaking -* Canary release - - - - +**The universal Control Plane and Console for managing microservices on any environment - VM and Kubernetes.** + +![architecture](./docs/images/homepage/arch1.png) + +## Quick Start (under development) +> NOTICE: As the project has not been officially released yet, the following commands may not run properly. The best way for now is to refer to the [Developer's Guide](./DEVELOPER.md) to learn how to download the source code and build it locally! + + +1. Download `dubbo-control-plane` binary package. + ```shell + curl -L https://raw.githubusercontent.com/apache/dubbo-kubernetes/master/release/downloadDubbo.sh | sh - + + cd dubbo-$version + export PATH=$PWD/bin:$PATH + ``` + +2. Install `control-plane` on Kubernetes + ```shell + dubboctl install --profile=demo + ``` + +3. Check installation + ```shell + kubectl get services -n dubbo-system + ``` + +4. Next, deploy Dubbo applications to Kubernetes as shown below: + + ```yaml + apiVersion: v1 + kind: Service + metadata: + name: demo-service + namespace: dubbo-demo + spec: + selector: + app: dubbo-demo + type: ClusterIP + ports: + - name: port1 + protocol: http + port: 80 + targetPort: 8080 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: example-app + namespace: dubbo-demo + spec: + ... + template: + metadata: + ... + labels: + app: dubbo-demo + dubbo.apache.org/service: dubbo-demo + spec: + containers: + ... + ``` + + > If you want to create your own Dubbo application from scratch and deploy it, please use [dubboctl]() we provided below. + + +5. Open the following page to check deployment status on control plane UI: + ```shell + kubectl port-forward svc/dubbo-control-plane \ + -n dubbo-system 5681:5681 + ``` + + visit, 127.0.0.1:5681/admin + + ![ui-demo](./docs/images/homepage/ui-demo.png) + +## Architecture + +![architecture](./docs/images/homepage/arch2.png) + +The microservcice architecture built with Dubbo Control Plane consists of two main components: + +- The **`Dubbo Control Plane`** configures the data plane - applications developed with Dubbo SDK, for handling service traffic. Users create [policies]() that the dubbo control plane processes to generate configurations for the data plane. +- The data plane - the **`Dubbo SDK`**, connets directly to control plane and receives configurations that can work as the sources for service discovery, traffic routing, load balancing, etc. + +Dubbo Control Plane supports two deployment modes: **`kubernetes`** and **`universal`**. + +- **`kubernetes`** mode is like the classic Service Mesh architecture, with all microservices concepts bonded to kubernetes resources. Unlike classic service mesh solutions like istio, Dubbo favors a proxyless data plane deployment - with no envoy sidecar. +- **`universal`** is the traditional microservice architecture that all Dubbo users are already familiar with. Unlike the kubernetes mode, it usually needs a dedicated registry like Nacos or Zookeeper for service discovery, etc. + +### Kubernetes +In kubernetes mode, the control plane will interact directly with the Kubernetes API-SERVER, watching the kubernetes resources and transform them as xDS resources for service discovery and traffic management configurations. + +![kubernetes-mode](./docs/images/homepage/kubernetes-mode.png) + +We all know the `service` definitions of Kubernetes and Dubo are different, `Kubernetes Service` is more like an application concept run on a selected group of pods while `Dubbo Service` can mean a specific RPC service inside the application process. So how does dubbo control plane manages to bridge the `interface-application` gap, check [here]() for more details. + +### Universal +In Universal mode, Dubbo still uses Nacos or Zookeeper as registries for service discovery, control plane then interact with registry directly to work as the console UI, as the entry point for viewing and managing the cluster. + +![universal-mode](./docs/images/homepage/universal-mode.png) + +### Multiple clusters +Dubbo Control Plane supports running your services in multiple zones. It is even possible to run with a mix of Kubernetes and Universal zones. Your microservice environment can include multiple isolated services, and workloads running in different regions, on different clouds, or in different datacenters. A zone can be a Kubernetes cluster, a VPC, or any other deployment you need to include in the same distributed microservice environment. The only condition is that all the data planes running within the zone must be able to connect to the other data planes in this same zone. + +Dubbo Control Plane supports a **`global`** deployment mode that can connect different **`zone`** region clusters. The picture below shows how it works. + +![multiple-cluster](./docs/images/homepage/multiple-cluster.png) + +## Roadmap + +- Security +- Metrics +- Cross-cluster communication +- Console + +## Refereces + +- Dubboctl +- Console UI Design +- Dubbo java xDS implementation +- Dubbo go xDS implementation diff --git a/deploy/charts/admin/Chart.yaml b/deploy/charts/admin/Chart.yaml index fa374298b..4898fb9c4 100644 --- a/deploy/charts/admin/Chart.yaml +++ b/deploy/charts/admin/Chart.yaml @@ -13,15 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. +annotations: + licenses: Apache-2.0 +name: admin +home: https://github.com/apache/dubbo-kubernetes +description: Admin is an application within the service governance control plane + responsible for functions such as service governance and visual representation of microservice clusters. apiVersion: v2 -name: Admin-Stack -description: "" -home: https://cn.dubbo.apache.org -kubeVersion: '>=1.28.0-0' +appVersion: 0.0.1 maintainers: -- name: dubbo +- name: Dubbo email: dev@dubbo.apache.org +kubeVersion: '>=1.28.0-0' sources: - https://github.com/apache/dubbo-kubernetes -type: application -version: 0.1.0 \ No newline at end of file +- https://dubbo.apache.org +version: 3.2.9 diff --git a/deploy/charts/admin/README.md b/deploy/charts/admin/README.md index c7b59c985..bc12fb748 100644 --- a/deploy/charts/admin/README.md +++ b/deploy/charts/admin/README.md @@ -2,257 +2,326 @@ ![license](https://img.shields.io/badge/license-Apache--2.0-green.svg) -The Helm control chart for Admin. - ## Values ### Admin -| Key | Description | Default | -|--------------------------------------------------|----------------------------------------------------------------------------------|--------------------------------| -| `deployType` | | `Deployment` | -| `nameOverride` | Name Override for Admin. | `{}` | -| `namespaceOverride` | NameSpace Override for Admin. | `{}` | -| `labels` | Labels for Admin. | `{}` | -| `annotations` | Annotations for Admin. | `{}` | -| `nodeSelector` | Node Scheduling for Admin. | `{}` | -| `imagePullSecrets` | Image Pull Credentials for Admin. | `[]` | -| `clusterDomain` | Cluster Domain Suffix for Admin. | `cluster.local` | -| `replicas` | Replica Deployment Count for Admin. | `1` | -| `image.registry` | Image Name for Admin. | `docker.io/apache/dubbo-admin` | -| `image.tag` | Version Tag for Admin. | `latest` | -| `image.pullPolicy` | Pull Policy for Admin. | `IfNotPresent` | -| `rbac.enabled` | Role-Based Access Control Status for Admin. | `true` | -| `rbac.labels` | Role-Based Access Control Labels Definition for Admin. | `{}` | -| `rbac.annotations` | Role-Based Access Control Annotations Definition for Admin. | `{}` | -| `serviceAccount.enabled` | Service Accounts Status for Admin. | `true` | -| `serviceAccount.labels` | Service Accounts Labels Definition for Admin. | `{}` | -| `serviceAccount.annotations` | Service Accounts Annotations Definition for Admin. | `{}` | -| `volumeMounts` | Internal Mount Directory for Admin. | `[]` | -| `volumes` | External Mount Directory for Admin. | `[]` | -| `configMap` | ConfigMap Mount Configuration for Admin. | `{}` | -| `secret` | Secret Mount Configuration for Admin. | `{}` | -| `strategy.type` | Policy Type for Admin. | `RollingUpdate` | -| `strategy.rollingUpdate.maxSurge` | Admin Update Strategy Expected Replicas. | `25%` | -| `strategy.rollingUpdate.maxUnavailable` | Admin Update Strategy Maximum Unavailable Replicas. | `1` | -| `updateStrategy.type` | Update Policy Type for Admin. | `RollingUpdate` | -| `updateStrategy.rollingUpdate` | Rolling Update Strategy for Admin. | `{}` | -| `minReadySeconds` | Seconds to Wait Before Admin Readiness. | `0` | -| `revisionHistoryLimit` | Number of Revision Versions Saved in History for Admin. | `10` | -| `terminationGracePeriodSeconds` | Graceful Termination Seconds for Admin Hooks. | `30` | -| `startupProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Admin Container Starts. | `60` | -| `startupProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Admin Container Starts. | `30` | -| `startupProbe.periodSeconds` | The Admin container periodically checks availability. | `10` | -| `startupProbe.successThreshold` | The success threshold for the Admin container. | `1` | -| `startupProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/` | -| `startupProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8080` | -| `readinessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Admin Container Starts. | `60` | -| `readinessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Admin Container Starts. | `30` | -| `readinessProbe.periodSeconds` | The Admin container periodically checks availability. | `10` | -| `readinessProbe.successThreshold` | The success threshold for the Admin container. | `1` | -| `readinessProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/` | -| `readinessProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8080` | -| `livenessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Admin Container Starts. | `60` | -| `livenessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Admin Container Starts. | `30` | -| `livenessProbe.periodSeconds` | The Admin container periodically checks availability. | `10` | -| `livenessProbe.successThreshold` | The success threshold for the Admin container. | `1` | -| `livenessProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/` | -| `livenessProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8080` | -| `lifecycleHooks` | Graceful hooks for the Admin. | `[]` | -| `service.enabled` | Service Status for Admin. | `true` | -| `service.labels` | Service Label Definition for Admin. | `{}` | -| `service.annotations` | Service Annotations Definition for Admin. | `{}` | -| `service.type` | Define the service type for the Admin. | `ClusterIP` | -| `service.clusterIP` | Define the service cluster IP for the Admin. | `~` | -| `service.externalIPs` | Define the service external IP for the Admin. | `~` | -| `service.loadBalancerIP` | Define the service loadBalancer IP for the Admin. | `~` | -| `service.loadBalancerSourceRanges` | Define the service loadBalancer Source Ranges for the Admin. | `~` | -| `service.loadBalancerClass` | Define the service loadBalancer Class for the Admin. | `~` | -| `service.sessionAffinity` | Define the session affinity strategy for the Admin service. | `None` | -| `service.publishNotReadyAddresses` | Define the publication of not-ready Admin service addresses to other components. | `true` | -| `service.protocol` | Service Protocol Definition for Admin. | `TCP` | -| `resources.limits.cpu` | Maximum Limit on CPU Resources for Admin. | `128` | -| `resources.limits.memory` | Maximum Limit on Memory Resources for Admin. | `128` | -| `resources.requests.cpu` | Maximum Request on CPU Resources for Admin. | `128` | -| `resources.requests.memory` | Maximum Request on Memory Resources for Admin. | `128` | -| `tolerations` | toleration's Definition for Admin. | `[]` | -| `persistence.enabled` | Persistence Status for Admin. | `false` | -| `persistence.labels` | Persistence Labels Definition for Admin. | `{}` | -| `persistence.annotations` | Persistence Annotations Definition for Admin. | `{}` | -| `persistence.claimName` | Persistence claim name Definition for Admin. | `""` | -| `persistence.storageclass` | Persistence storage class Definition for Admin. | `""` | -| `persistence.size` | Persistence size Definition for Admin. | `1Gi` | -| `persistence.accessModes` | Persistence accessModes Definition for Admin. | `ReadWriteOnce` | -| `securityContext.runAsNonRoot` | Whether the security context for Admin runs as a non-privileged user. | `false` | -| `securityContext.runAsUser` | Non-privileged user identifier for Admin security context. | `1000` | -| `securityContext.runAsGroup` | Non-privileged group identity identifier for Admin security context. | `1000` | -| `securityContext.readOnlyRootFilesystem` | Whether the root file system is read-only in the Admin security context. | `true` | -| `securityContext.allowPrivilegeEscalation` | Whether the Admin security context allows privilege escalation. | `false` | -| `podDisruptionBudget.enabled` | PodDisruptionBudget Status for Admin. | `false` | -| `podDisruptionBudget.labels` | podDisruptionBudget Labels Definition for Admin. | `{}` | -| `podDisruptionBudget.annotations` | podDisruptionBudget Annotations Definition for Admin. | `{}` | -| `podDisruptionBudget.minAvailable` | podDisruptionBudget min Available Definition for Admin. | `1` | -| `podDisruptionBudget.maxUnavailable` | podDisruptionBudget max Unavailable Definition for Admin. | `1` | -| `podDisruptionBudget.unhealthyPodEvictionPolicy` | podDisruptionBudget Unhealthy Pod Eviction Policy Definition for Admin. | `IfHealthyBudget` | -| `podSecurityPolicy.enabled` | Pod Security Policy Status for Admin. | `false` | -| `podSecurityPolicy.labels` | Pod Security Policy Labels Definition for Admin. | `{}` | -| `podSecurityPolicy.annotations` | Pod Security Policy Annotations Definition for Admin. | `{}` | -| `networkPolicy.enabled` | NetworkPolicy Status for Admin. | `false` | -| `networkPolicy.labels` | Network Policy Labels Definition for Admin. | `{}` | -| `networkPolicy.annotations` | Network Policy Annotations Definition for Admin. | `{}` | -| `networkPolicy.podSelector` | Network Policy Pod Selector Definition for Admin. | `{}` | -| `networkPolicy.ingress` | Network Policy Ingress Definition for Admin. | `[]` | -| `networkPolicy.egress` | Network Policy Egress Definition for Admin. | `[]` | +| Key | Description | Default | +|--------------------------------------------------|--------------------------------------------------------------------------------------------|-------------------------------------------| +| `deployType` | Define the deployment mode for Admin. | `Deployment` | +| `namespaceOverride` | NameSpace Override for Admin. | `~` | +| `labels` | Labels for Admin. | `~` | +| `annotations` | Annotations for Admin. | `~` | +| `nodeSelector` | Node Scheduling for Admin. | `~` | +| `imagePullSecrets` | Image Pull Credentials for Admin. | `~` | +| `clusterDomain` | Cluster Domain Suffix for Admin. | `cluster.local` | +| `replicas` | Replica Deployment Count for Admin. | `1` | +| `image.registry` | Image Name for Admin. | `docker.io/apache/dubbo-admin` | +| `image.tag` | Version Tag for Admin. | `latest` | +| `image.pullPolicy` | Pull Policy for Admin. | `IfNotPresent` | +| `rbac.enabled` | Role-Based Access Control Status for Admin. | `true` | +| `rbac.labels` | Role-Based Access Control Labels Definition for Admin. | `~` | +| `rbac.annotations` | Role-Based Access Control Annotations Definition for Admin. | `~` | +| `serviceAccount.enabled` | Service Accounts Status for Admin. | `true` | +| `serviceAccount.labels` | Service Accounts Labels Definition for Admin. | `~` | +| `serviceAccount.annotations` | Service Accounts Annotations Definition for Admin. | `~` | +| `volumeMounts` | Internal Mount Directory for Admin. | `~` | +| `volumes` | External Mount Directory for Admin. | `~` | +| `configMap` | ConfigMap Mount Configuration for Admin. | `~` | +| `secret` | Secret Mount Configuration for Admin. | `~` | +| `strategy.type` | Policy Type for Admin. | `RollingUpdate` | +| `strategy.rollingUpdate.maxSurge` | Admin Update Strategy Expected Replicas. | `%` | +| `strategy.rollingUpdate.maxUnavailable` | Admin Update Strategy Maximum Unavailable Replicas. | `1` | +| `updateStrategy.type` | Update Policy Type for Admin. | `RollingUpdate` | +| `updateStrategy.rollingUpdate` | Rolling Update Strategy for Admin. | `~` | +| `minReadySeconds` | Seconds to Wait Before Admin Readiness. | `0` | +| `revisionHistoryLimit` | Number of Revision Versions Saved in History for Admin. | `10` | +| `terminationGracePeriodSeconds` | Graceful Termination Seconds for Admin Hooks. | `30` | +| `startupProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Admin Container Starts. | `60` | +| `startupProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Admin Container Starts. | `30` | +| `startupProbe.periodSeconds` | The Admin container periodically checks availability. | `10` | +| `startupProbe.successThreshold` | The success threshold for the Admin container. | `1` | +| `startupProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/` | +| `startupProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8080` | +| `readinessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Admin Container Starts. | `60` | +| `readinessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Admin Container Starts. | `30` | +| `readinessProbe.periodSeconds` | The Admin container periodically checks availability. | `10` | +| `readinessProbe.successThreshold` | The success threshold for the Admin container. | `1` | +| `readinessProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/` | +| `readinessProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8080` | +| `livenessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Admin Container Starts. | `60` | +| `livenessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Admin Container Starts. | `30` | +| `livenessProbe.periodSeconds` | The Admin container periodically checks availability. | `10` | +| `livenessProbe.successThreshold` | The success threshold for the Admin container. | `1` | +| `livenessProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/` | +| `livenessProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8080` | +| `lifecycleHooks` | Graceful hooks for the Admin. | `~` | +| `service.enabled` | Service Status for Admin. | `true` | +| `service.labels` | Service Label Definition for Admin. | `~` | +| `service.annotations` | Service Annotations Definition for Admin. | `~` | +| `service.type` | Define the service type for the Admin. | `ClusterIP` | +| `service.clusterIP` | Define the service cluster IP for the Admin. | `~` | +| `service.externalIPs` | Define the service external IP for the Admin. | `~` | +| `service.loadBalancerIP` | Define the service loadBalancer IP for the Admin. | `~` | +| `service.loadBalancerSourceRanges` | Define the service loadBalancer Source Ranges for the Admin. | `~` | +| `service.loadBalancerClass` | Define the service loadBalancer Class for the Admin. | `~` | +| `service.sessionAffinity` | Define the session affinity strategy for the Admin service. | `None` | +| `service.publishNotReadyAddresses` | Define the publication of not-ready Admin service addresses to other components. | `true` | +| `service.protocol` | Service Protocol Definition for Admin. | `TCP` | +| `resources.limits.cpu` | Maximum Limit on CPU Resources for Admin. | `128` | +| `resources.limits.memory` | Maximum Limit on Memory Resources for Admin. | `128` | +| `resources.requests.cpu` | Maximum Request on CPU Resources for Admin. | `128` | +| `resources.requests.memory` | Maximum Request on Memory Resources for Admin. | `128` | +| `tolerations` | toleration's Definition for Admin. | `~` | +| `persistence.enabled` | Persistence Status for Admin. | `false` | +| `persistence.labels` | Persistence Labels Definition for Admin. | `~` | +| `persistence.annotations` | Persistence Annotations Definition for Admin. | `~` | +| `persistence.claimName` | Persistence claim name Definition for Admin. | `""` | +| `persistence.storageclass` | Persistence storage class Definition for Admin. | `""` | +| `persistence.size` | Persistence size Definition for Admin. | `1Gi` | +| `persistence.accessModes` | Persistence accessModes Definition for Admin. | `ReadWriteOnce` | +| `securityContext.runAsNonRoot` | Whether the security context for Admin runs as a non-privileged user. | `false` | +| `securityContext.runAsUser` | Non-privileged user identifier for Admin security context. | `1000` | +| `securityContext.runAsGroup` | Non-privileged group identity identifier for Admin security context. | `1000` | +| `securityContext.readOnlyRootFilesystem` | Whether the root file system is read-only in the Admin security context. | `true` | +| `securityContext.allowPrivilegeEscalation` | Whether the Admin security context allows privilege escalation. | `false` | +| `podDisruptionBudget.enabled` | PodDisruptionBudget Status for Admin. | `false` | +| `podDisruptionBudget.labels` | podDisruptionBudget Labels Definition for Admin. | `~` | +| `podDisruptionBudget.annotations` | podDisruptionBudget Annotations Definition for Admin. | `~` | +| `podDisruptionBudget.minAvailable` | podDisruptionBudget min Available Definition for Admin. | `1` | +| `podDisruptionBudget.maxUnavailable` | podDisruptionBudget max Unavailable Definition for Admin. | `1` | +| `podDisruptionBudget.unhealthyPodEvictionPolicy` | podDisruptionBudget Unhealthy Pod Eviction Policy Definition for Admin. | `IfHealthyBudget` | +| `podSecurityPolicy.enabled` | Pod Security Policy Status for Admin. | `false` | +| `podSecurityPolicy.labels` | Pod Security Policy Labels Definition for Admin. | `~` | +| `podSecurityPolicy.annotations` | Pod Security Policy Annotations Definition for Admin. | `~` | +| `networkPolicy.enabled` | NetworkPolicy Status for Admin. | `false` | +| `networkPolicy.labels` | Network Policy Labels Definition for Admin. | `~` | +| `networkPolicy.annotations` | Network Policy Annotations Definition for Admin. | `~` | +| `networkPolicy.podSelector` | Network Policy Pod Selector Definition for Admin. | `~` | +| `networkPolicy.ingress` | Network Policy Ingress Definition for Admin. | `~` | +| `networkPolicy.egress` | Network Policy Egress Definition for Admin. | `~` | +| `auth.enabled` | Auth Status for Admin Control Plane. | `true` | +| `auth.authorization.action` | Define the Authorization Action for Admin Control Plane. | `DENY` | +| `auth.authorization.matchType` | Define the Authorization MatchType for Admin Control Plane. | `anyMatch` | +| `auth.authorization.samples` | Define the rule sampling rate for Authorization the Admin Control Plane. | `0` | +| `auth.authentication.action` | Define the Authentication Action for Admin Control Plane. | `STRICT` | +| `auth.authentication.port` | Define the port number for applying the Authentication Policy for the Admin Control Plane. | `8080` | +| `traffic.enabled` | Traffic Status for Admin Control Plane. | `true` | +| `traffic.conditionRoute.scope` | Supports service and application scope rules. | `service` | +| `traffic.conditionRoute.enabled` | Whether enable this rule or not, set enabled:false to disable this rule | `true` | +| `traffic.conditionRoute.force` | The behaviour when the instance subset is empty after routing. | `true` | +| `traffic.conditionRoute.runtime` | Whether run routing rule for every rpc invocation or use routing cache if available. | `true` | +| `traffic.conditionRoute.priority` | Specify the specific priority for traffic. | `100` | +| `traffic.conditionRoute.configVersion` | The version of the condition rule definition, currently available version is v3.0. | `v3.0` | +| `traffic.conditionRoute.key` | The identifier of the target service or application that this rule is about to apply to. | `org.apache.dubbo.samples.CommentService` | +| `traffic.conditionRoute.conditions` | The condition routing rule definition of this configuration. Check Condition for details. | `method=getComment => region=Hangzhou` | +| `traffic.dynamicConfig.scope` | Supports service and application scope rules. | `service` | +| `traffic.dynamicConfig.configVersion` | The version of the tag rule definition, currently available version is v3.0. | `v3.0` | +| `traffic.dynamicConfig.key` | The identifier of the target service or application that this rule is about to apply to. | `org.apache.dubbo.samples.UserService` | +| `traffic.dynamicConfig.side` | Especially useful when scope:service is set. | `consumer` | +| `traffic.dynamicConfig.exact` | The application matching condition for this config rule to take effect. | `shop-frontend` | +| `traffic.tagRoute.name` | The name of the tag used to match the dubbo tag value in the request context. | `gray` | +| `traffic.tagRoute.enabled` | Whether enable this rule or not, set enabled:false to disable this rule. | `false` | +| `traffic.tagRoute.force` | The behaviour when the instance subset is empty after routing. | `true` | +| `traffic.tagRoute.configVersion` | The version of the tag rule definition, currently available version is v3.0. | `v3.0` | +| `traffic.tagRoute.priority` | Specify the specific priority for traffic. | `99` | +| `traffic.tagRoute.key` | The identifier of the target application that this rule is about to control. | `details` | -## ZooKeeper +### ZooKeeper -| Key | Description | Default | -|---------------------------------------------------------------|--------------------------------------------------------------------------------------|-------------------------------| -| `zookeeper.enabled` | ZooKeeper Status for Admin. | `true` | -| `zookeeper.nameOverride` | Name Override for ZooKeeper. | `{}` | -| `zookeeper.namespaceOverride` | NameSpace Override for ZooKeeper. | `{}` | -| `zookeeper.labels` | Labels for ZooKeeper. | `{}` | -| `zookeeper.annotations` | Annotations for ZooKeeper. | `{}` | -| `zookeeper.clusterDomain` | Cluster Domain Suffix for ZooKeeper. | `cluster.local` | -| `zookeeper.replicas` | Replica Deployment Count for ZooKeeper. | `1` | -| `zookeeper.image.registry` | Image Name for ZooKeeper. | `docker.io/bitnami/zookeeper` | -| `zookeeper.image.tag` | Version Tag for ZooKeeper. | `3.8.1-debian-11-r18` | -| `zookeeper.image.pullPolicy` | Pull Policy for ZooKeeper. | `IfNotPresent` | -| `zookeeper.securityContext.enabled` | security context Status for ZooKeeper. | `true` | -| `zookeeper.securityContext.fsGroup` | Non-privileged group identity identifier for Zookeeper security context. | `1001` | -| `zookeeper.containerSecurityContext.enabled` | container security context Status for ZooKeeper. | `true` | -| `zookeeper.containerSecurityContext.runAsUser` | Non-privileged user identifier for ZooKeeper container security context. | `1001` | -| `zookeeper.containerSecurityContext.runAsNonRoot` | Whether the container security context for ZooKeeper runs as a non-privileged user. | `true` | -| `zookeeper.containerSecurityContext.allowPrivilegeEscalation` | The state of privilege escalation in the Zookeeper container security context. | `false` | -| `zookeeper.service.type` | Define the service type for the ZooKeeper. | `ClusterIP` | -| `zookeeper.service.clusterIP` | Define the service cluster IP for the ZooKeeper. | `~` | -| `zookeeper.service.externalIPs` | Define the service external IP for the ZooKeeper. | `~` | -| `zookeeper.service.loadBalancerIP` | Define the service loadBalancer IP for the ZooKeeper. | `~` | -| `zookeeper.service.loadBalancerSourceRanges` | Define the service loadBalancer Source Ranges for the ZooKeeper. | `~` | -| `zookeeper.service.loadBalancerClass` | Define the service loadBalancer Class for the ZooKeeper. | `~` | -| `zookeeper.service.sessionAffinity` | Define the session affinity strategy for the ZooKeeper service. | `None` | -| `zookeeper.service.publishNotReadyAddresses` | Define the publication of not-ready ZooKeeper service addresses to other components. | `true` | -| `zookeeper.resources.limits.cpu` | Maximum Limit on CPU Resources for ZooKeeper. | `128` | -| `zookeeper.resources.limits.memory` | Maximum Limit on Memory Resources for ZooKeeper. | `128` | -| `zookeeper.resources.requests.cpu` | Maximum Request on CPU Resources for ZooKeeper. | `128` | -| `zookeeper.resources.requests.memory` | Maximum Request on Memory Resources for ZooKeeper. | `128` | -| `zookeeper.startupProbe.failureThreshold` | The allowed number of failures for the ZooKeeper container. | `6` | -| `zookeeper.startupProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After ZooKeeper Container Starts. | `30` | -| `zookeeper.startupProbe.periodSeconds` | The ZooKeeper container periodically checks availability. | `10` | -| `zookeeper.startupProbe.successThreshold` | The success threshold for the ZooKeeper container. | `1` | -| `zookeeper.startupProbe.timeoutSeconds` | Response Timeout Duration in Seconds After ZooKeeper Container Starts. | `5` | -| `zookeeper.startupProbe.exec.command` | Define the health check command for the ZooKeeper container. | `[]` | -| `zookeeper.readinessProbe.failureThreshold` | The allowed number of failures for the ZooKeeper container. | `6` | -| `zookeeper.readinessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After ZooKeeper Container Starts. | `30` | -| `zookeeper.readinessProbe.periodSeconds` | The ZooKeeper container periodically checks availability. | `10` | -| `zookeeper.readinessProbe.successThreshold` | The success threshold for the ZooKeeper container. | `1` | -| `zookeeper.readinessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After ZooKeeper Container Starts. | `5` | -| `zookeeper.readinessProbe.exec.command` | Define the health check command for the ZooKeeper container. | `[]` | -| `zookeeper.livenessProbe.failureThreshold` | The allowed number of failures for the ZooKeeper container. | `6` | -| `zookeeper.livenessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After ZooKeeper Container Starts. | `30` | -| `zookeeper.livenessProbe.periodSeconds` | The ZooKeeper container periodically checks availability. | `10` | -| `zookeeper.livenessProbe.successThreshold` | The success threshold for the ZooKeeper container. | `1` | -| `zookeeper.livenessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After ZooKeeper Container Starts. | `5` | -| `zookeeper.livenessProbe.exec.command` | Define the health check command for the ZooKeeper container. | `[]` | +| Key | Description | Default | +|---------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|-------------------------------| +| `zookeeper.enabled` | ZooKeeper Status for Admin. | `true` | +| `zookeeper.namespaceOverride` | NameSpace Override for ZooKeeper. | `~` | +| `zookeeper.labels` | Labels for ZooKeeper. | `~` | +| `zookeeper.annotations` | Annotations for ZooKeeper. | `~` | +| `zookeeper.clusterDomain` | Cluster Domain Suffix for ZooKeeper. | `cluster.local` | +| `zookeeper.replicas` | Replica Deployment Count for ZooKeeper. | `1` | +| `zookeeper.image.registry` | Image Name for ZooKeeper. | `docker.io/bitnami/zookeeper` | +| `zookeeper.image.tag` | Version Tag for ZooKeeper. | `latest` | +| `zookeeper.image.pullPolicy` | Pull Policy for ZooKeeper. | `IfNotPresent` | +| `zookeeper.securityContext.enabled` | security context Status for ZooKeeper. | `true` | +| `zookeeper.securityContext.fsGroup` | Non-privileged group identity identifier for Zookeeper security context. | `1001` | +| `zookeeper.containerSecurityContext.enabled` | container security context Status for ZooKeeper. | `true` | +| `zookeeper.containerSecurityContext.runAsUser` | Non-privileged user identifier for ZooKeeper container security context. | `1001` | +| `zookeeper.containerSecurityContext.runAsNonRoot` | Whether the container security context for ZooKeeper runs as a non-privileged user. | `true` | +| `zookeeper.containerSecurityContext.allowPrivilegeEscalation` | The state of privilege escalation in the Zookeeper container security context. | `false` | +| `zookeeper.service.type` | Define the service type for the ZooKeeper. | `ClusterIP` | +| `zookeeper.service.clusterIP` | Define the service cluster IP for the ZooKeeper. | `~` | +| `zookeeper.service.externalIPs` | Define the service external IP for the ZooKeeper. | `~` | +| `zookeeper.service.loadBalancerIP` | Define the service loadBalancer IP for the ZooKeeper. | `~` | +| `zookeeper.service.loadBalancerSourceRanges` | Define the service loadBalancer Source Ranges for the ZooKeeper. | `~` | +| `zookeeper.service.loadBalancerClass` | Define the service loadBalancer Class for the ZooKeeper. | `~` | +| `zookeeper.service.sessionAffinity` | Define the session affinity strategy for the ZooKeeper service. | `None` | +| `zookeeper.service.publishNotReadyAddresses` | Define the publication of not-ready ZooKeeper service addresses to other components. | `true` | +| `zookeeper.resources.limits.cpu` | Maximum Limit on CPU Resources for ZooKeeper. | `128` | +| `zookeeper.resources.limits.memory` | Maximum Limit on Memory Resources for ZooKeeper. | `128` | +| `zookeeper.resources.requests.cpu` | Maximum Request on CPU Resources for ZooKeeper. | `128` | +| `zookeeper.resources.requests.memory` | Maximum Request on Memory Resources for ZooKeeper. | `128` | +| `zookeeper.startupProbe.failureThreshold` | The allowed number of failures for the ZooKeeper container. | `6` | +| `zookeeper.startupProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After ZooKeeper Container Starts. | `30` | +| `zookeeper.startupProbe.periodSeconds` | The ZooKeeper container periodically checks availability. | `10` | +| `zookeeper.startupProbe.successThreshold` | The success threshold for the ZooKeeper container. | `1` | +| `zookeeper.startupProbe.timeoutSeconds` | Response Timeout Duration in Seconds After ZooKeeper Container Starts. | `5` | +| `zookeeper.startupProbe.exec.command` | Define the health check command for the ZooKeeper container. | `~` | +| `zookeeper.readinessProbe.failureThreshold` | The allowed number of failures for the ZooKeeper container. | `6` | +| `zookeeper.readinessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After ZooKeeper Container Starts. | `30` | +| `zookeeper.readinessProbe.periodSeconds` | The ZooKeeper container periodically checks availability. | `10` | +| `zookeeper.readinessProbe.successThreshold` | The success threshold for the ZooKeeper container. | `1` | +| `zookeeper.readinessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After ZooKeeper Container Starts. | `5` | +| `zookeeper.readinessProbe.exec.command` | Define the health check command for the ZooKeeper container. | `~` | +| `zookeeper.livenessProbe.failureThreshold` | The allowed number of failures for the ZooKeeper container. | `6` | +| `zookeeper.livenessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After ZooKeeper Container Starts. | `30` | +| `zookeeper.livenessProbe.periodSeconds` | The ZooKeeper container periodically checks availability. | `10` | +| `zookeeper.livenessProbe.successThreshold` | The success threshold for the ZooKeeper container. | `1` | +| `zookeeper.livenessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After ZooKeeper Container Starts. | `5` | +| `zookeeper.livenessProbe.exec.command` | Define the health check command for the ZooKeeper container. | `~` | +| `zookeeper.dataLogDir` | Dedicated data log directory. | `""` | +| `zookeeper.tickTime` | Basic time unit (in milliseconds) used by ZooKeeper for heartbeats. | `2000` | +| `zookeeper.initLimit` | ZooKeeper uses to limit the length of time the ZooKeeper servers in quorum have to connect to a leader. | `10` | +| `zookeeper.syncLimit` | How far out of date a server can be from a leader. | `5` | +| `zookeeper.preAllocSize` | Block size for transaction log file. | `65536` | +| `zookeeper.snapCount` | The number of transactions recorded in the transaction log before a snapshot can be taken (and the transaction log rolled). | `100000` | +| `zookeeper.fourlwCommandsWhitelist` | A list of comma separated Four Letter Words commands that can be executed. | `srvr, mntr, ruok` | +| `zookeeper.listenOnAllIPs` | Allow ZooKeeper to listen for connections from its peers on all available IP addresses. | `false` | +| `zookeeper.autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain. | `3` | +| `zookeeper.autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered. | `0` | +| `zookeeper.maxClientCnxns` | Limits the number of concurrent connections that a single client may make to a single member of the ZooKeeper ensemble. | `60` | +| `zookeeper.maxSessionTimeout` | Maximum session timeout (in milliseconds) that the server will allow the client to negotiate. | `40000` | +| `zookeeper.heapSize` | Size (in MB) for the Java Heap options (Xmx and Xms). | `1024` | +| `zookeeper.logLevel` | Log level for the ZooKeeper server. ERROR by default. | `ERROR` | +| `zookeeper.auth.client.enabled` | Enable ZooKeeper client-server authentication. It uses SASL/Digest-MD5. | `false` | +| `zookeeper.auth.client.clientUser` | User that will use ZooKeeper clients to auth. | `""` | +| `zookeeper.auth.client.clientPassword` | Password that will use ZooKeeper clients to auth. | `""` | +| `zookeeper.auth.client.serverUsers` | Comma, semicolon or whitespace separated list of user to be created. | `""` | +| `zookeeper.auth.client.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created. | `""` | +| `zookeeper.auth.client.existingSecret` | Use existing secret (ignores previous passwords). | `""` | +| `zookeeper.auth.quorum.enabled` | Enable ZooKeeper server-server authentication. It uses SASL/Digest-MD5. | `false` | +| `zookeeper.auth.quorum.learnerUser` | User that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` | +| `zookeeper.auth.quorum.learnerPassword` | Password that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` | +| `zookeeper.auth.quorum.serverUsers` | Comma, semicolon or whitespace separated list of users for the quorumServers. | `""` | +| `zookeeper.auth.quorum.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created. | `""` | +| `zookeeper.auth.quorum.existingSecret` | Use existing secret (ignores previous passwords). | `""` | ### Nacos -| Key | Description | Default | -|-----------------------------------------------------------|---------------------------------------------------------------------------------------------|--------------------------------------| -| `nacos.enabled` | Nacos Status for Admin. | `false` | -| `nacos.mode` | Run Mode standalone or cluster. | `standalone` | -| `nacos.nameOverride` | Name Override for Nacos. | `{}` | -| `nacos.namespaceOverride` | NameSpace Override for Nacos. | `{}` | -| `nacos.labels` | Labels for Nacos. | `{}` | -| `nacos.annotations` | Annotations for Nacos. | `{}` | -| `nacos.clusterDomain` | Cluster Domain Suffix for Nacos. | `cluster.local` | -| `nacos.replicas` | Replica Deployment Count for Nacos. | `1` | -| `nacos.plugin.enabled` | Plugin Status for Nacos. | `true` | -| `nacos.plugin.image.registry` | Plugin Image Name for Nacos. | `nacos/nacos-peer-finder-plugin` | -| `nacos.plugin.image.tag` | Plugin Version Tag for Nacos. | `1.1` | -| `nacos.plugin.image.pullPolicy` | Plugin Pull Policy for Nacos. | `IfNotPresent` | -| `nacos.image.registry` | Image Name for Nacos. | `docker.io/nacos/nacos-server` | -| `nacos.image.tag` | Version Tag for Nacos. | `latest` | -| `nacos.image.pullPolicy` | Pull Policy for Nacos. | `IfNotPresent` | -| `nacos.securityContext.enabled` | security context Status for Nacos. | `true` | -| `nacos.securityContext.fsGroup` | Non-privileged group identity identifier for Nacos security context. | `1001` | -| `nacos.containerSecurityContext.enabled` | container security context Status for Nacos. | `true` | -| `nacos.containerSecurityContext.runAsUser` | Non-privileged user identifier for Nacos container security context. | `1001` | -| `nacos.containerSecurityContext.runAsNonRoot` | Whether the container security context for Nacos runs as a non-privileged user. | `true` | -| `nacos.containerSecurityContext.allowPrivilegeEscalation` | The state of privilege escalation in the Nacos container security context. | `false` | -| `nacos.service.type` | Define the service type for the Nacos. | `NodePort` | -| `nacos.service.clusterIP` | Define the service cluster IP for the Nacos. | `~` | -| `nacos.service.externalIPs` | Define the service external IP for the Nacos. | `~` | -| `nacos.service.loadBalancerIP` | Define the service loadBalancer IP for the Nacos. | `~` | -| `nacos.service.loadBalancerSourceRanges` | Define the service loadBalancer Source Ranges for the Nacos. | `~` | -| `nacos.service.loadBalancerClass` | Define the service loadBalancer Class for the Nacos. | `~` | -| `nacos.service.sessionAffinity` | Define the session affinity strategy for the Nacos service. | `None` | -| `nacos.service.publishNotReadyAddresses` | Define the publication of not-ready Nacos service addresses to other components. | `true` | -| `nacos.startupProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Nacos Container Starts. | `180` | -| `nacos.startupProbe.periodSeconds` | The Nacos container periodically checks availability. | `5` | -| `nacos.startupProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Nacos Container Starts. | `10` | -| `nacos.startupProbe.httpGet.scheme` | Define the network protocol used for health check probe requests when the container starts. | `HTTP` | -| `nacos.startupProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8848` | -| `nacos.startupProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/nacos/v1/console/health/readiness` | -| `nacos.readinessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Nacos Container Starts. | `180` | -| `nacos.readinessProbe.periodSeconds` | The Nacos container periodically checks availability. | `5` | -| `nacos.readinessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Nacos Container Starts. | `10` | -| `nacos.readinessProbe.httpGet.scheme` | Define the network protocol used for health check probe requests when the container starts. | `HTTP` | -| `nacos.readinessProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8848` | -| `nacos.readinessProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/nacos/v1/console/health/readiness` | -| `nacos.livenessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Nacos Container Starts. | `180` | -| `nacos.livenessProbe.periodSeconds` | The Nacos container periodically checks availability. | `5` | -| `nacos.livenessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Nacos Container Starts. | `10` | -| `nacos.livenessProbe.httpGet.scheme` | Define the network protocol used for health check probe requests when the container starts. | `HTTP` | -| `nacos.livenessProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8848` | -| `nacos.livenessProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/nacos/v1/console/health/readiness` | -| `nacos.resources.limits.cpu` | Maximum Limit on CPU Resources for Nacos. | `128` | -| `nacos.resources.limits.memory` | Maximum Limit on Memory Resources for Nacos. | `128` | -| `nacos.resources.requests.cpu` | Maximum Request on CPU Resources for Nacos. | `128` | -| `nacos.resources.requests.memory` | Maximum Request on Memory Resources for Nacos. | `128` | +| Key | Description | Default | +|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------| +| `nacos.enabled` | Nacos Status for Admin. | `false` | +| `nacos.mode` | Run Mode standalone or cluster. | `standalone` | +| `nacos.namespaceOverride` | NameSpace Override for Nacos. | `~` | +| `nacos.labels` | Labels for Nacos. | `~` | +| `nacos.annotations` | Annotations for Nacos. | `~` | +| `nacos.clusterDomain` | Cluster Domain Suffix for Nacos. | `cluster.local` | +| `nacos.replicas` | Replica Deployment Count for Nacos. | `1` | +| `nacos.plugin.enabled` | Plugin Status for Nacos. | `true` | +| `nacos.plugin.image.registry` | Plugin Image Name for Nacos. | `nacos/nacos-peer-finder-plugin` | +| `nacos.plugin.image.tag` | Plugin Version Tag for Nacos. | `1.1` | +| `nacos.plugin.image.pullPolicy` | Plugin Pull Policy for Nacos. | `IfNotPresent` | +| `nacos.image.registry` | Image Name for Nacos. | `docker.io/nacos/nacos-server` | +| `nacos.image.tag` | Version Tag for Nacos. | `latest` | +| `nacos.image.pullPolicy` | Pull Policy for Nacos. | `IfNotPresent` | +| `nacos.securityContext.enabled` | security context Status for Nacos. | `true` | +| `nacos.securityContext.fsGroup` | Non-privileged group identity identifier for Nacos security context. | `1001` | +| `nacos.containerSecurityContext.enabled` | container security context Status for Nacos. | `true` | +| `nacos.containerSecurityContext.runAsUser` | Non-privileged user identifier for Nacos container security context. | `1001` | +| `nacos.containerSecurityContext.runAsNonRoot` | Whether the container security context for Nacos runs as a non-privileged user. | `true` | +| `nacos.containerSecurityContext.allowPrivilegeEscalation` | The state of privilege escalation in the Nacos container security context. | `false` | +| `nacos.service.type` | Define the service type for the Nacos. | `NodePort` | +| `nacos.service.clusterIP` | Define the service cluster IP for the Nacos. | `~` | +| `nacos.service.externalIPs` | Define the service external IP for the Nacos. | `~` | +| `nacos.service.loadBalancerIP` | Define the service loadBalancer IP for the Nacos. | `~` | +| `nacos.service.loadBalancerSourceRanges` | Define the service loadBalancer Source Ranges for the Nacos. | `~` | +| `nacos.service.loadBalancerClass` | Define the service loadBalancer Class for the Nacos. | `~` | +| `nacos.service.sessionAffinity` | Define the session affinity strategy for the Nacos service. | `None` | +| `nacos.service.publishNotReadyAddresses` | Define the publication of not-ready Nacos service addresses to other components. | `true` | +| `nacos.startupProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Nacos Container Starts. | `180` | +| `nacos.startupProbe.periodSeconds` | The Nacos container periodically checks availability. | `5` | +| `nacos.startupProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Nacos Container Starts. | `10` | +| `nacos.startupProbe.httpGet.scheme` | Define the network protocol used for health check probe requests when the container starts. | `HTTP` | +| `nacos.startupProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8848` | +| `nacos.startupProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/nacos/v1/console/health/readiness` | +| `nacos.readinessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Nacos Container Starts. | `180` | +| `nacos.readinessProbe.periodSeconds` | The Nacos container periodically checks availability. | `5` | +| `nacos.readinessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Nacos Container Starts. | `10` | +| `nacos.readinessProbe.httpGet.scheme` | Define the network protocol used for health check probe requests when the container starts. | `HTTP` | +| `nacos.readinessProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8848` | +| `nacos.readinessProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/nacos/v1/console/health/readiness` | +| `nacos.livenessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Nacos Container Starts. | `180` | +| `nacos.livenessProbe.periodSeconds` | The Nacos container periodically checks availability. | `5` | +| `nacos.livenessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Nacos Container Starts. | `10` | +| `nacos.livenessProbe.httpGet.scheme` | Define the network protocol used for health check probe requests when the container starts. | `HTTP` | +| `nacos.livenessProbe.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `8848` | +| `nacos.livenessProbe.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/nacos/v1/console/health/readiness` | +| `nacos.resources.limits.cpu` | Maximum Limit on CPU Resources for Nacos. | `128` | +| `nacos.resources.limits.memory` | Maximum Limit on Memory Resources for Nacos. | `128` | +| `nacos.resources.requests.cpu` | Maximum Request on CPU Resources for Nacos. | `128` | +| `nacos.resources.requests.memory` | Maximum Request on Memory Resources for Nacos. | `128` | +| `nacos.serverPort` | Define the service port for the Nacos. | `8848` | +| `nacos.preferhostmode` | Enable Nacos cluster node domain name support | `~` | +| `nacos.storage.type` | Nacos data storage method `mysql` or `embedded`. The `embedded` supports either standalone or cluster mode. | `embedded` | +| `nacos.storage.db.host` | Specify the database host for Nacos storing configuration data. | `localhost` | +| `nacos.storage.db.name` | Specify the database name for Nacos storing configuration data. | `nacos` | +| `nacos.storage.db.port` | Specify the database port for Nacos storing configuration data. | `3306` | +| `nacos.storage.db.username` | Specify the database username for Nacos storing configuration data. | `mysql` | +| `nacos.storage.db.password` | Specify the database password for Nacos storing configuration data. | `passw0rd` | +| `nacos.storage.db.param` | Specify the database url parameter for Nacos storing configuration data. | `characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false` | ### Ingress -| Key | Description | Default | -|-------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|--------------------------------------| -| `ingress.enabled` | Enable Ingress Status. | `true` | -| `ingress.hosts.admin` | | `admin.dubbo.domain` | -| `ingress.hosts.prometheus` | | `prom.dubbo.domain` | -| `ingress.hosts.grafana` | | `grafana.dubbo.domain` | -| `ingress.nameOverride` | Name Override for Ingress. | `{}` | -| `ingress.namespaceOverride` | NameSpace Override Ingress. | `{}` | -| `ingress.labels` | Labels for Ingress. | `{}` | -| `ingress.annotations` | Annotations for Ingress. | `{}` | -| `ingress.nodeSelector` | Node Scheduling for Ingress. | `{}` | -| `ingress.replicas` | Replica Deployment Count for Ingress. | `1` | -| `ingress.image.registry` | Image Name for Ingress. | `docker.io/traefik` | -| `ingress.image.tag` | Version Tag for Ingress. | `v2.10.4` | -| `ingress.image.pullPolicy` | Pull Policy for Ingress. | `IfNotPresent` | -| `ingress.readinessProbe.failureThreshold` | The allowed number of failures for the Ingress container. | `1` | -| `ingress.readinessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Ingress Container Starts. | `2` | -| `ingress.readinessProbe.periodSeconds` | The Ingress container periodically checks availability. | `10` | -| `ingress.readinessProbe.successThreshold` | The success threshold for the Ingress container. | `1` | -| `ingress.readinessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Ingress Container Starts. | `2` | -| `ingress.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/ping` | -| `ingress.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `9000` | -| `ingress.httpGet.scheme` | Define the network protocol used for health check probe requests when the container starts. | `HTTP` | -| `ingress.livenessProbe.failureThreshold` | The allowed number of failures for the Ingress container. | `3` | -| `ingress.livenessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Ingress Container Starts. | `2` | -| `ingress.livenessProbe.periodSeconds` | The Ingress container periodically checks availability. | `10` | -| `ingress.livenessProbe.successThreshold` | The success threshold for the Ingress container. | `1` | -| `ingress.livenessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Ingress Container Starts. | `2` | -| `ingress.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/ping` | -| `ingress.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `9000` | -| `ingress.httpGet.scheme` | Define the network protocol used for health check probe requests when the container starts. | `HTTP` | -| `ingress.strategy.rollingUpdate.maxSurge` | Ingress Update Strategy Expected Replicas. | `1` | -| `ingress.strategy.rollingUpdate.maxUnavailable` | Ingress Update Strategy Maximum Unavailable Replicas. | `0` | -| `ingress.securityContext.runAsUser` | Non-privileged user identifier for Ingress security context. | `65532` | -| `ingress.securityContext.runAsGroup` | Non-privileged group identity identifier for Ingress security context. | `65532` | -| `ingress.securityContext.runAsNonRoot` | Whether the security context for Ingress runs as a non-privileged user. | `true` | -| `ingress.containersecurityContext.capabilities.drop` | Whether Linux kernel capabilities or permissions are enabled in the Ingress container security context. | `[ALL]` | -| `ingress.containersecurityContext.readOnlyRootFilesystem` | Whether the root file system is read-only in the Ingress container security context. | `true` | -| `ingress.containersecurityContext.allowPrivilegeEscalation` | Whether the Ingress container security context allows privilege escalation. | `false` | -| `ingress.resources.limits.cpu` | Maximum Limit on CPU Resources for Ingress. | `128` | -| `ingress.resources.limits.memory` | Maximum Limit on Memory Resources for Ingress. | `128` | -| `ingress.resources.requests.cpu` | Maximum Request on CPU Resources for Ingress. ` | `128` | -| `ingress.resources.requests.memory` | Maximum Request on Memory Resources for Ingress. | `128` | \ No newline at end of file +| Key | Description | Default | +|-------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|-----------------------| +| `ingress.enabled` | Enable Ingress Status. | `true` | +| `ingress.hosts.admin` | Define the domain name for the admin application host. | `admin.k8s.example` | +| `ingress.hosts.prometheus` | Define the domain name for the prometheus application host. | `prom.k8s.example` | +| `ingress.hosts.grafana` | Define the domain name for the grafana application host. | `grafana.k8s.example` | +| `ingress.nameOverride` | Name Override for Ingress. | `~` | +| `ingress.namespaceOverride` | NameSpace Override Ingress. | `~` | +| `ingress.labels` | Labels for Ingress. | `~` | +| `ingress.annotations` | Annotations for Ingress. | `~` | +| `ingress.nodeSelector` | Node Scheduling for Ingress. | `~` | +| `ingress.replicas` | Replica Deployment Count for Ingress. | `1` | +| `ingress.image.registry` | Image Name for Ingress. | `docker.io/traefik` | +| `ingress.image.tag` | Version Tag for Ingress. | `v2.10.4` | +| `ingress.image.pullPolicy` | Pull Policy for Ingress. | `IfNotPresent` | +| `ingress.readinessProbe.failureThreshold` | The allowed number of failures for the Ingress container. | `1` | +| `ingress.readinessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Ingress Container Starts. | `2` | +| `ingress.readinessProbe.periodSeconds` | The Ingress container periodically checks availability. | `10` | +| `ingress.readinessProbe.successThreshold` | The success threshold for the Ingress container. | `1` | +| `ingress.readinessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Ingress Container Starts. | `2` | +| `ingress.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/ping` | +| `ingress.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `9000` | +| `ingress.httpGet.scheme` | Define the network protocol used for health check probe requests when the container starts. | `HTTP` | +| `ingress.livenessProbe.failureThreshold` | The allowed number of failures for the Ingress container. | `3` | +| `ingress.livenessProbe.initialDelaySeconds` | Initialization Wait Time in Seconds After Ingress Container Starts. | `2` | +| `ingress.livenessProbe.periodSeconds` | The Ingress container periodically checks availability. | `10` | +| `ingress.livenessProbe.successThreshold` | The success threshold for the Ingress container. | `1` | +| `ingress.livenessProbe.timeoutSeconds` | Response Timeout Duration in Seconds After Ingress Container Starts. | `2` | +| `ingress.httpGet.path` | Checking the container with an HTTP GET request to a target path. | `/ping` | +| `ingress.httpGet.port` | Checking the container with an HTTP GET request to a target port. | `9000` | +| `ingress.httpGet.scheme` | Define the network protocol used for health check probe requests when the container starts. | `HTTP` | +| `ingress.strategy.rollingUpdate.maxSurge` | Ingress Update Strategy Expected Replicas. | `1` | +| `ingress.strategy.rollingUpdate.maxUnavailable` | Ingress Update Strategy Maximum Unavailable Replicas. | `0` | +| `ingress.securityContext.runAsUser` | Non-privileged user identifier for Ingress security context. | `65532` | +| `ingress.securityContext.runAsGroup` | Non-privileged group identity identifier for Ingress security context. | `65532` | +| `ingress.securityContext.runAsNonRoot` | Whether the security context for Ingress runs as a non-privileged user. | `true` | +| `ingress.containersecurityContext.capabilities.drop` | Whether Linux kernel capabilities or permissions are enabled in the Ingress container security context. | `[ALL]` | +| `ingress.containersecurityContext.readOnlyRootFilesystem` | Whether the root file system is read-only in the Ingress container security context. | `true` | +| `ingress.containersecurityContext.allowPrivilegeEscalation` | Whether the Ingress container security context allows privilege escalation. | `false` | +| `ingress.resources.limits.cpu` | Maximum Limit on CPU Resources for Ingress. | `128` | +| `ingress.resources.limits.memory` | Maximum Limit on Memory Resources for Ingress. | `128` | +| `ingress.resources.requests.cpu` | Maximum Request on CPU Resources for Ingress. | `128` | +| `ingress.resources.requests.memory` | Maximum Request on Memory Resources for Ingress. | `128` | + +### Jobs + +| Key | Description | Default | +|--------------------------|--------------------------|-----------------------------| +| `jobs.namespaceOverride` | NameSpace Override Jobs. | `~` | +| `jobs.labels` | Labels for Jobs. | `~` | +| `jobs.annotations` | Annotations for Jobs. | `~` | +| `jobs.image.registry` | Image Name for Jobs. | `docker.io/bitnami/kubectl` | +| `jobs.image.tag` | Version Tag for Jobs. | `1.28.4` | +| `jobs.image.pullPolicy` | Pull Policy for Jobs. | `IfNotPresent` | + + diff --git a/deploy/charts/admin/crds/dubbo.apache.org_authenticationpolicies.yaml b/deploy/charts/admin/crds/dubbo.apache.org_authenticationpolicies.yaml new file mode 100644 index 000000000..13c4a4f2c --- /dev/null +++ b/deploy/charts/admin/crds/dubbo.apache.org_authenticationpolicies.yaml @@ -0,0 +1,146 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: authenticationpolicies.dubbo.apache.org +spec: + group: dubbo.apache.org + names: + kind: AuthenticationPolicy + listKind: AuthenticationPolicyList + plural: authenticationpolicies + shortNames: + - anp + singular: authenticationpolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the clientgen + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + PortLevel: + items: + properties: + action: + enum: + - NONE + - DISABLED + - PERMISSIVE + - STRICT + type: string + port: + default: 0 + description: The key of the extended identity. + maximum: 65535 + minimum: 0 + type: number + type: object + type: array + action: + description: The action to take when a rule is matched. + enum: + - NONE + - DISABLED + - PERMISSIVE + - STRICT + type: string + selector: + items: + properties: + extends: + description: The extended identities(from Dubbo Auth) to match + of the source workload. + items: + properties: + key: + description: The key of the extended identity. + type: string + value: + description: The value of the extended identity. + type: string + type: object + type: array + ipBlocks: + description: The IP addresses to match of the source workload. + items: + type: string + type: array + namespaces: + description: The namespaces to match of the source workload. + items: + type: string + type: array + notExtends: + description: The extended identities(from Dubbo Auth) not to + match of the source workload. + items: + properties: + key: + description: The key of the extended identity. + type: string + value: + description: The value of the extended identity. + type: string + type: object + type: array + notIpBlocks: + description: The IP addresses not to match of the source workload. + items: + type: string + type: array + notNamespaces: + description: The namespaces not to match of the source workload. + items: + type: string + type: array + notPrincipals: + description: The identities(from spiffe) not to match of the + source workload. + items: + type: string + type: array + principals: + description: The identities(from spiffe) to match of the source + workload. + items: + type: string + type: array + type: object + type: array + required: + - action + type: object + type: object + served: true + storage: true diff --git a/deploy/charts/admin/crds/dubbo.apache.org_authorizationpolicies.yaml b/deploy/charts/admin/crds/dubbo.apache.org_authorizationpolicies.yaml new file mode 100644 index 000000000..8e4eb7bf8 --- /dev/null +++ b/deploy/charts/admin/crds/dubbo.apache.org_authorizationpolicies.yaml @@ -0,0 +1,233 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: authorizationpolicies.dubbo.apache.org +spec: + group: dubbo.apache.org + names: + kind: AuthorizationPolicy + listKind: AuthorizationPolicyList + plural: authorizationpolicies + shortNames: + - azp + singular: authorizationpolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the clientgen + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: The action to take when a rule is matched + enum: + - ALLOW + - DENY + - ADUIT + type: string + matchType: + default: anyMatch + description: The match type of the rules. + enum: + - anyMatch + - allMatch + type: string + rules: + items: + properties: + from: + description: The source of the traffic to be matched. + properties: + extends: + description: The extended identities(from Dubbo Auth) to + match of the source workload. + items: + properties: + key: + description: The key of the extended identity. + type: string + value: + description: The value of the extended identity + type: string + type: object + type: array + ipBlocks: + description: The IP addresses to match of the source workload. + items: + type: string + type: array + namespaces: + description: The namespaces to match of the source workload. + items: + type: string + type: array + notExtends: + description: The extended identities(from Dubbo Auth) not + to match of the source workload. + items: + properties: + key: + description: The key of the extended identity. + type: string + value: + description: The value of the extended identity + type: string + type: object + type: array + notIpBlocks: + description: The IP addresses not to match of the source + workload. + items: + type: string + type: array + notNamespaces: + description: The namespaces not to match of the source workload. + items: + type: string + type: array + notPrincipals: + description: The identities(from spiffe) not to match of + the source workload + items: + type: string + type: array + principals: + description: The identities(from spiffe) to match of the + source workload. + items: + type: string + type: array + type: object + to: + description: The destination of the traffic to be matched. + properties: + extends: + description: The extended identities(from Dubbo Auth) to + match of the destination workload. + items: + properties: + key: + description: The key of the extended identity. + type: string + value: + description: The value of the extended identity + type: string + type: object + type: array + ipBlocks: + description: The IP addresses to match of the destination + workload. + items: + type: string + type: array + notExtends: + description: The extended identities(from Dubbo Auth) not + to match of the destination workload. + items: + properties: + key: + description: The key of the extended identity. + type: string + value: + description: The value of the extended identity + type: string + type: object + type: array + notIpBlocks: + description: The IP addresses not to match of the destination + workload. + items: + type: string + type: array + notPrincipals: + description: The identities(from spiffe) not to match of + the destination workload. + items: + type: string + type: array + principals: + description: The identities(from spiffe) to match of the + destination workload. + items: + type: string + type: array + type: object + when: + properties: + key: + type: string + notValues: + items: + properties: + type: + default: equals + enum: + - equals + - regex + - ognl + type: string + value: + type: string + type: object + type: array + values: + items: + properties: + type: + default: equals + enum: + - equals + - regex + - ognl + type: string + value: + type: string + type: object + type: array + type: object + type: object + type: array + samples: + default: 100 + description: The sample rate of the rule. The value is between 0 and + 100. + maximum: 100 + minimum: 0 + type: number + required: + - action + type: object + type: object + served: true + storage: true \ No newline at end of file diff --git a/deploy/charts/admin/crds/dubbo.apache.org_conditionroutes.yaml b/deploy/charts/admin/crds/dubbo.apache.org_conditionroutes.yaml new file mode 100644 index 000000000..4b0fa4f62 --- /dev/null +++ b/deploy/charts/admin/crds/dubbo.apache.org_conditionroutes.yaml @@ -0,0 +1,105 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: conditionroutes.dubbo.apache.org +spec: + group: dubbo.apache.org + names: + kind: ConditionRoute + listKind: ConditionRouteList + plural: conditionroutes + shortNames: + - cr + singular: conditionroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ConditionRoute is the Schema for the conditionroutes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the clientgen + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConditionRouteSpec defines the desired state of ConditionRoute + properties: + conditions: + description: The condition routing rule definition of this configuration. + Check Condition for details + items: + type: string + type: array + configVersion: + description: The version of the condition rule definition, currently + available version is v3.0 + enum: + - v3.0 + type: string + enabled: + default: true + description: Whether enable this rule or not, set enabled:false to + disable this rule. + type: boolean + force: + description: The behaviour when the instance subset is empty after + after routing. true means return no provider exception while false + means ignore this rule. + type: boolean + key: + description: The identifier of the target service or application that + this rule is about to apply to. If scope:serviceis set, then keyshould + be specified as the Dubbo service key that this rule targets to + control. If scope:application is set, then keyshould be specified + as the name of the application that this rule targets to control, + application should always be a Dubbo Consumer. + type: string + priority: + type: integer + runtime: + description: Whether run routing rule for every rpc invocation or + use routing cache if available. + type: boolean + scope: + description: Supports service and application scope rules. + enum: + - service + - application + type: string + required: + - conditions + - configVersion + - enabled + - key + - scope + type: object + type: object + served: true + storage: true diff --git a/deploy/charts/admin/crds/dubbo.apache.org_dynamicconfigs.yaml b/deploy/charts/admin/crds/dubbo.apache.org_dynamicconfigs.yaml new file mode 100644 index 000000000..2501a7acd --- /dev/null +++ b/deploy/charts/admin/crds/dubbo.apache.org_dynamicconfigs.yaml @@ -0,0 +1,219 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: dynamicconfigs.dubbo.apache.org +spec: + group: dubbo.apache.org + names: + kind: DynamicConfig + listKind: DynamicConfigList + plural: dynamicconfigs + shortNames: + - dc + singular: dynamicconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DynamicConfig is the Schema for the dynamicconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the clientgen + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DynamicConfigSpec defines the desired state of DynamicConfig + properties: + configVersion: + description: The version of the tag rule definition, currently available + version is v3.0 + enum: + - v3.0 + type: string + configs: + description: The match condition and configuration of this rule. + items: + properties: + addresses: + description: replaced with address in MatchCondition + items: + type: string + type: array + applications: + description: replaced with application in MatchCondition + items: + type: string + type: array + enabled: + type: boolean + match: + description: A set of criterion to be met in order for the rule/config + to be applied to the Dubbo instance. + properties: + address: + description: 'The instance address matching condition for + this config rule to take effect. xact: “value” for exact + string match prefix: “value” for prefix-based match regex: + “value” for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)).' + properties: + cird: + type: string + exact: + type: string + wildcard: + type: string + type: object + application: + description: "The application matching condition for this + config rule to take effect. Effective when scope: service + is set. \n exact: “value” for exact string match prefix: + “value” for prefix-based match regex: “value” for RE2 + style regex-based match (https://github.com/google/re2/wiki/Syntax))." + properties: + oneof: + items: + properties: + empty: + type: string + exact: + type: string + noempty: + type: string + prefix: + type: string + regex: + type: string + wildcard: + type: string + type: object + type: array + type: object + param: + description: The Dubbo url keys and values matching condition + for this config rule to take effect. + items: + properties: + key: + description: The name of the key in the Dubbo url + address. + type: string + value: + description: The matching condition for the value + in the Dubbo url address. + properties: + empty: + type: string + exact: + type: string + noempty: + type: string + prefix: + type: string + regex: + type: string + wildcard: + type: string + type: object + type: object + type: array + service: + description: 'The service matching condition for this config + rule to take effect. Effective when scope: application + is set. exact: “value” for exact string match prefix: + “value” for prefix-based match regex: “value” for RE2 + style regex-based match (https://github.com/google/re2/wiki/Syntax)).' + properties: + oneof: + items: + properties: + empty: + type: string + exact: + type: string + noempty: + type: string + prefix: + type: string + regex: + type: string + wildcard: + type: string + type: object + type: array + type: object + type: object + parameters: + additionalProperties: + type: string + type: object + providerAddresses: + description: not supported anymore + items: + type: string + type: array + services: + description: replaced with service in MatchCondition + items: + type: string + type: array + side: + description: 'Especially useful when scope:service is set. side: + providermeans this Config will only take effect on the provider + instances of the service key. side: consumermeans this Config + will only take effect on the consumer instances of the service + key' + type: string + type: + type: string + type: object + type: array + enabled: + default: true + description: Whether enable this rule or not, set enabled:false to + disable this rule. + type: boolean + key: + description: The identifier of the target service or application that + this rule is about to apply to. If scope:serviceis set, then keyshould + be specified as the Dubbo service key that this rule targets to + control. If scope:application is set, then keyshould be specified + as the name of the application that this rule targets to control, + application should always be a Dubbo Consumer. + type: string + scope: + description: Supports service and application scope rules. + enum: + - service + - application + type: string + type: object + type: object + served: true + storage: true diff --git a/deploy/charts/admin/crds/dubbo.apache.org_tagroutes.yaml b/deploy/charts/admin/crds/dubbo.apache.org_tagroutes.yaml new file mode 100644 index 000000000..d77cb539c --- /dev/null +++ b/deploy/charts/admin/crds/dubbo.apache.org_tagroutes.yaml @@ -0,0 +1,128 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: tagroutes.dubbo.apache.org +spec: + group: dubbo.apache.org + names: + kind: TagRoute + listKind: TagRouteList + plural: tagroutes + shortNames: + - tr + singular: tagroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TagRoute is the Schema for the tagroutes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the clientgen + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TagRouteSpec defines the desired state of TagRoute + properties: + configVersion: + description: The version of the tag rule definition, currently available + version is v3.0 + enum: + - v3.0 + type: string + enabled: + default: true + description: Whether enable this rule or not, set enabled:false to + disable this rule. + type: boolean + force: + default: true + description: The behaviour when the instance subset is empty after + after routing. true means return no provider exception while false + means ignore this rule. + type: boolean + key: + description: The identifier of the target application that this rule + is about to control + type: string + priority: + maximum: 2147483647 + minimum: -2147483648 + type: integer + runtime: + default: true + description: Whether run routing rule for every rpc invocation or + use routing cache if available. + type: boolean + tags: + description: The tag definition of this rule. + items: + properties: + addresses: + items: + type: string + type: array + match: + description: A set of criterion to be met for instances to be + classified as member of this tag. + items: + properties: + key: + description: The name of the key in the Dubbo url address. + type: string + value: + description: The matching condition for the value in the + Dubbo url address. + properties: + empty: + type: string + exact: + type: string + noempty: + type: string + prefix: + type: string + regex: + type: string + wildcard: + type: string + type: object + type: object + type: array + name: + description: The name of the tag used to match the dubbo.tag + value in the request context. + type: string + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/deploy/charts/admin/templates/NOTES.txt b/deploy/charts/admin/templates/NOTES.txt index b57067911..02c5c9116 100644 --- a/deploy/charts/admin/templates/NOTES.txt +++ b/deploy/charts/admin/templates/NOTES.txt @@ -1,65 +1,63 @@ -⏳ Please wait for a few minutes until the deployment is completed. +⏳ Please wait for all the activated components to be deployed. -Application: Admin +Core: Admin Version: {{ .Values.image.tag }} -{{- if .Values.ingress.enabled }} - -Ingress Controller: ✅ - -You have enabled the internal entrance controller. -{{- else }} - -Ingress Controller: ❌ - -You have disabled the internal entrance controller. -{{- end }} +🔄 Please wait a few minutes for other dependent components to finish deploying. {{- if .Values.zookeeper.enabled }} -Register Center: ZooKeeper -Version: {{ .Values.zookeeper.image.tag }} -You have enabled the internal Register Center. +Dependency: ZooKeeper +Version: {{ .Values.zookeeper.image.tag }} -************************************************************************************ -* If you are using the Nacos registry, Please disable Zookeeper and enable Nacos. * -* Otherwise, Zookeeper is used by default. * -************************************************************************************ +🚨 If you are using the Nacos registry, Please disable Zookeeper and enable Nacos. + Otherwise, Zookeeper is used by default. +🎊 You have enabled the internal Register Center. {{- else if .Values.nacos.enabled }} -Registry Center: Nacos + +Dependency: Nacos Version: {{ .Values.nacos.image.tag }} -You have enabled the internal Register Center. +🎊 You have enabled the internal Register Center. {{- end }} {{- if and (eq .Values.zookeeper.enabled false) (eq .Values.nacos.enabled false) }} -Registry Center: ❌ +Dependency: ❎ -You have disabled the internal Register Center. +🚫 You have disabled the internal Register Center. -Please provide an external registry center to ensure proper service operation. +Please provide an external Register center to ensure proper service operation. {{- end }} {{- if .Values.ingress.enabled }} -You've enabled an internal Ingress controller, -so you should be able to access the website at the following URL: +Exposer: ✅️ + +So you should be able to access the website at the following URL: + +1. http://{{ .Values.ingress.hosts.admin }} +2. http://{{ .Values.ingress.hosts.prometheus }} +3. http://{{ .Values.ingress.hosts.grafana }} + +🎊 You have enabled the internal entrance controller. + +{{- else }} - Admin: {{ .Values.ingress.hosts.admin }} +Exposer: ❎ - kubectl get ingress -n {{ template "ingress.namespace" . }} +🚫 You have disabled the internal entrance controller. {{- end }} {{- if not .Values.persistence.enabled }} - ################################################# - # ⚠ Not enabled for persistent storage. # - # If you have important data, please enable it. # - ################################################# + ######################################################### + # ⚠ Not enabled for persistent storage. # + # If you have important data, please enable it. # + ######################################################### {{- end }} - 🌹 For more details, please visit https://dubbo.apache.org. +🌹 For more details, please visit https://dubbo.apache.org. diff --git a/deploy/charts/admin/templates/admin-dep.yaml b/deploy/charts/admin/templates/admin/admin-dep.yaml similarity index 88% rename from deploy/charts/admin/templates/admin-dep.yaml rename to deploy/charts/admin/templates/admin/admin-dep.yaml index 2b8a3e72e..7adb2c96a 100644 --- a/deploy/charts/admin/templates/admin-dep.yaml +++ b/deploy/charts/admin/templates/admin/admin-dep.yaml @@ -1,6 +1,7 @@ {{- $admin := .Values -}} {{- $zoo := .Values.zookeeper -}} {{- $nacos := .Values.nacos -}} +{{- $observable := $admin.observable -}} {{- if eq $admin.deployType "Deployment" }} apiVersion: {{ template "apiVersion" . }} kind: Deployment @@ -8,6 +9,7 @@ metadata: name: {{ template "admin.name" . }} namespace: {{ template "admin.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $admin.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -47,7 +49,7 @@ spec: {{- if $admin.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ $admin.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "admin.name" . }} + serviceAccountName: {{ template "admin.name" . }} containers: - name: admin image: {{ $admin.image.registry }}:{{ $admin.image.tag }} @@ -84,6 +86,18 @@ spec: - name: ADMIN_REGISTRY_ADDRESS value: zookeeper://{{ range $k, $v := until $zooReplicas }}{{ $zooName }}-{{ $v }}.{{ $zooName }}.{{ $zooNamespace }}.svc.{{ $clusterDomain }}:{{ $zooPort }} {{ end }} {{- end }} + {{- $promName := include "prom.name" . -}} + {{- $promPort := include "prom.port" . -}} + {{- if $observable.enabled }} + - name: ADMIN_PROMETHEUS_ADDRESS + value: {{ $promName }}:{{ $promPort }} + {{- end }} + {{- $grafanaName := include "grafana.name" . -}} + {{- $grafanaPort := include "grafana.port" . -}} + {{- if $observable.enabled }} + - name: ADMIN_GRAFANA_ADDRESS + value: {{ $grafanaName }}:{{ $grafanaPort }} + {{- end }} volumeMounts: {{- if $admin.volumeMounts }} {{- toYaml $admin.volumeMounts | nindent 8 }} diff --git a/deploy/charts/admin/templates/admin-np.yaml b/deploy/charts/admin/templates/admin/admin-np.yaml similarity index 93% rename from deploy/charts/admin/templates/admin-np.yaml rename to deploy/charts/admin/templates/admin/admin-np.yaml index 050c65e8c..43b64b52a 100644 --- a/deploy/charts/admin/templates/admin-np.yaml +++ b/deploy/charts/admin/templates/admin/admin-np.yaml @@ -6,6 +6,7 @@ metadata: name: {{ template "admin.name" . }} namespace: {{ template "admin.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $np.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/deploy/charts/admin/templates/admin-pdb.yaml b/deploy/charts/admin/templates/admin/admin-pdb.yaml similarity index 94% rename from deploy/charts/admin/templates/admin-pdb.yaml rename to deploy/charts/admin/templates/admin/admin-pdb.yaml index bd820181a..267e0cc8b 100644 --- a/deploy/charts/admin/templates/admin-pdb.yaml +++ b/deploy/charts/admin/templates/admin/admin-pdb.yaml @@ -6,6 +6,7 @@ metadata: name: {{ template "admin.name" . }} namespace: {{ template "admin.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $pdb.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/deploy/charts/admin/templates/admin-psp.yaml b/deploy/charts/admin/templates/admin/admin-psp.yaml similarity index 95% rename from deploy/charts/admin/templates/admin-psp.yaml rename to deploy/charts/admin/templates/admin/admin-psp.yaml index 6b626e2e2..de4c57cbb 100644 --- a/deploy/charts/admin/templates/admin-psp.yaml +++ b/deploy/charts/admin/templates/admin/admin-psp.yaml @@ -7,6 +7,7 @@ metadata: name: {{ template "admin.name" . }} namespace: {{ template "admin.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $psp.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/deploy/charts/admin/templates/admin-pvc.yaml b/deploy/charts/admin/templates/admin/admin-pvc.yaml similarity index 93% rename from deploy/charts/admin/templates/admin-pvc.yaml rename to deploy/charts/admin/templates/admin/admin-pvc.yaml index 64bef4b8f..83f86a849 100644 --- a/deploy/charts/admin/templates/admin-pvc.yaml +++ b/deploy/charts/admin/templates/admin/admin-pvc.yaml @@ -6,6 +6,7 @@ metadata: name: {{ template "admin.name" . }} namespace: {{ template "admin.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $pvc.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/deploy/charts/admin/templates/admin-rbac.yaml b/deploy/charts/admin/templates/admin/admin-rbac.yaml similarity index 91% rename from deploy/charts/admin/templates/admin-rbac.yaml rename to deploy/charts/admin/templates/admin/admin-rbac.yaml index 5d5d0d47f..fb5f4edc2 100644 --- a/deploy/charts/admin/templates/admin-rbac.yaml +++ b/deploy/charts/admin/templates/admin/admin-rbac.yaml @@ -8,6 +8,9 @@ metadata: name: {{ template "admin.name" . }} namespace: {{ template "admin.namespace" . }} labels: + {{- if $sa.labels }} + {{- include "admin.labels" . | nindent 4 }} + {{- end }} {{- with $sa.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -24,6 +27,7 @@ metadata: name: {{ include "admin.name" . }} namespace: {{ include "admin.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $rbac.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -57,6 +61,7 @@ metadata: name: {{ include "admin.name" . }} namespace: {{ include "admin.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $rbac.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -68,7 +73,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ include "admin.name" . }} - subjects: - kind: ServiceAccount name: {{ include "admin.name" . }} @@ -79,6 +83,7 @@ kind: ClusterRole metadata: name: {{ include "admin.name" . }}-clusterrole labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $rbac.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -126,6 +131,7 @@ kind: ClusterRoleBinding metadata: name: {{ include "admin.name" . }}-clusterrolebinding labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $rbac.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/deploy/charts/admin/templates/admin-sts.yaml b/deploy/charts/admin/templates/admin/admin-sts.yaml similarity index 88% rename from deploy/charts/admin/templates/admin-sts.yaml rename to deploy/charts/admin/templates/admin/admin-sts.yaml index dabcb256b..af11641ae 100644 --- a/deploy/charts/admin/templates/admin-sts.yaml +++ b/deploy/charts/admin/templates/admin/admin-sts.yaml @@ -1,6 +1,7 @@ {{- $admin := .Values -}} {{- $zoo := .Values.zookeeper -}} {{- $nacos := .Values.nacos -}} +{{- $observable := $admin.observable -}} {{- if eq $admin.deployType "StatefulSet" }} apiVersion: {{ template "apiVersion" . }} kind: StatefulSet @@ -8,6 +9,7 @@ metadata: name: {{ template "admin.name" . }} namespace: {{ template "admin.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $admin.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -48,7 +50,7 @@ spec: {{- if $admin.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ $admin.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "admin.name" . }} + serviceAccountName: {{ template "admin.name" . }} containers: - name: admin image: {{ $admin.image.registry }}:{{ $admin.image.tag }} @@ -85,6 +87,18 @@ spec: - name: ADMIN_REGISTRY_ADDRESS value: zookeeper://{{ range $k, $v := until $zooReplicas }}{{ $zooName }}-{{ $v }}.{{ $zooName }}.{{ $zooNamespace }}.svc.{{ $clusterDomain }}:{{ $zooPort }} {{ end }} {{- end }} + {{- $promName := include "prom.name" . -}} + {{- $promPort := include "prom.port" . -}} + {{- if $observable.enabled }} + - name: ADMIN_PROMETHEUS_ADDRESS + value: {{ $promName }}:{{ $promPort }} + {{- end }} + {{- $grafanaName := include "grafana.name" . -}} + {{- $grafanaPort := include "grafana.port" . -}} + {{- if $observable.enabled }} + - name: ADMIN_GRAFANA_ADDRESS + value: {{ $grafanaName }}:{{ $grafanaPort }} + {{- end }} volumeMounts: {{- if $admin.volumeMounts }} {{- toYaml $admin.volumeMounts | nindent 8 }} diff --git a/deploy/charts/admin/templates/admin-svc.yaml b/deploy/charts/admin/templates/admin/admin-svc.yaml similarity index 96% rename from deploy/charts/admin/templates/admin-svc.yaml rename to deploy/charts/admin/templates/admin/admin-svc.yaml index 66dde0f8b..555059619 100644 --- a/deploy/charts/admin/templates/admin-svc.yaml +++ b/deploy/charts/admin/templates/admin/admin-svc.yaml @@ -6,6 +6,7 @@ metadata: name: {{ template "admin.name" . }} namespace: {{ template "admin.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $svc.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -49,6 +50,7 @@ metadata: name: {{ include "admin.name" . }}-headless namespace: {{ include "admin.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $svc.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/deploy/charts/admin/templates/custom/_extras.tpl b/deploy/charts/admin/templates/custom/_extras.tpl index 32a5c6052..a857e79cb 100644 --- a/deploy/charts/admin/templates/custom/_extras.tpl +++ b/deploy/charts/admin/templates/custom/_extras.tpl @@ -20,4 +20,11 @@ Return the ZooKeeper server-server authentication credentials secret. {{- else -}} {{- printf "%s-quorum-auth" (include "zoo.name" .) -}} {{- end -}} +{{- end -}} + +{{/* +Return the Dubbo system namespace to use. +*/}} +{{- define "system.namespaces" -}} +{{- printf "dubbo-system" -}} {{- end -}} \ No newline at end of file diff --git a/deploy/charts/admin/templates/custom/_ingresses.tpl b/deploy/charts/admin/templates/custom/_ingresses.tpl index 321caf938..a38d560d1 100644 --- a/deploy/charts/admin/templates/custom/_ingresses.tpl +++ b/deploy/charts/admin/templates/custom/_ingresses.tpl @@ -9,8 +9,4 @@ ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" -{{- end -}} - -{{- define "traefik.ingressclass.annotations" -}} -ingressclass.kubernetes.io/is-default-class: "false" -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/deploy/charts/admin/templates/custom/_labels.tpl b/deploy/charts/admin/templates/custom/_labels.tpl index f8fc639ba..3d7041e23 100644 --- a/deploy/charts/admin/templates/custom/_labels.tpl +++ b/deploy/charts/admin/templates/custom/_labels.tpl @@ -2,10 +2,10 @@ Return Admin Labels to use. */}} {{- define "admin.labels" -}} -helm.sh/chart: {{ .Chart.Version }} app.kubernetes.io/name: {{ template "admin.name" . }} +helm.sh/chart: {{ include "admin.name" . }}-{{ .Values.image.tag }} app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{/* @@ -13,8 +13,10 @@ Return ZooKeeper Labels to use. */}} {{- define "zoo.labels" -}} app.kubernetes.io/name: {{ template "zoo.name" . }} +helm.sh/chart: {{ include "zoo.name" . }}-{{ .Values.zookeeper.image.tag }} app.kubernetes.io/instance: {{ template "zoo.name" . }} app.kubernetes.io/component: {{ template "zoo.name" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{/* @@ -22,6 +24,19 @@ Return Nacos Labels to use. */}} {{- define "nacos.labels" -}} app.kubernetes.io/name: {{ template "nacos.name" . }} +helm.sh/chart: {{ include "nacos.name" . }}-{{ .Values.nacos.image.tag }} +app.kubernetes.io/instance: {{ template "nacos.name" . }} +app.kubernetes.io/component: {{ template "nacos.name" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Return Job Labels to use. +*/}} +{{- define "job.labels" -}} +app.kubernetes.io/name: {{ template "job.name" . }} +helm.sh/chart: {{ include "job.name" . }}-{{ .Values.jobs.image.tag }} +app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{/* diff --git a/deploy/charts/admin/templates/custom/_matches.tpl b/deploy/charts/admin/templates/custom/_matches.tpl index 27c2f5e80..b8d4252ab 100644 --- a/deploy/charts/admin/templates/custom/_matches.tpl +++ b/deploy/charts/admin/templates/custom/_matches.tpl @@ -3,8 +3,9 @@ Return Admin matchLabels to use. */}} {{- define "admin.matchLabels" -}} app.kubernetes.io/name: {{ template "admin.name" . }} +helm.sh/chart: {{ include "admin.name" . }}-{{ .Values.image.tag }} app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{/* @@ -12,8 +13,10 @@ Return ZooKeeper matchLabels to use. */}} {{- define "zoo.matchLabels" -}} app.kubernetes.io/name: {{ template "zoo.name" . }} +helm.sh/chart: {{ include "zoo.name" . }}-{{ .Values.zookeeper.image.tag }} app.kubernetes.io/instance: {{ template "zoo.name" . }} app.kubernetes.io/component: {{ template "zoo.name" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{/* @@ -21,13 +24,15 @@ Return Nacos matchLabels to use. */}} {{- define "nacos.matchLabels" -}} app.kubernetes.io/name: {{ template "nacos.name" . }} +helm.sh/chart: {{ include "nacos.name" . }}-{{ .Values.nacos.image.tag }} +app.kubernetes.io/instance: {{ template "nacos.name" . }} +app.kubernetes.io/component: {{ template "nacos.name" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{/* Return Traefik matchLabels to use. */}} {{- define "traefik.matchLabels" -}} -prometheus.io/scrape: "true" -prometheus.io/path: "/metrics" -prometheus.io/port: "9100" +app.kubernetes.io/name: {{ template "traefik.name" . }} {{- end -}} diff --git a/deploy/charts/admin/templates/custom/_names.tpl b/deploy/charts/admin/templates/custom/_names.tpl index 877dfdf1f..eb8d7651c 100644 --- a/deploy/charts/admin/templates/custom/_names.tpl +++ b/deploy/charts/admin/templates/custom/_names.tpl @@ -1,8 +1,15 @@ {{/* -Return Dubbo Name to use. +Return Job Name to use. */}} -{{- define "dubbo.name" -}} -{{- printf "dubbo" -}} +{{- define "job.name" -}} +{{- printf "jobs" -}} +{{- end -}} + +{{/* +Return Admin Control Plane Name to use. +*/}} +{{- define "cp.name" -}} +{{- printf "admin-cp" -}} {{- end -}} {{/* @@ -37,7 +44,7 @@ Return Traefik Name to use. Return Prometheus Name to use. */}} {{- define "prom.name" -}} -{{- printf "prometheus" -}} +{{- printf "prometheus-cp-server" -}} {{- end -}} {{/* diff --git a/deploy/charts/admin/templates/custom/_namespaces.tpl b/deploy/charts/admin/templates/custom/_namespaces.tpl index 937d61204..66c1dea5b 100644 --- a/deploy/charts/admin/templates/custom/_namespaces.tpl +++ b/deploy/charts/admin/templates/custom/_namespaces.tpl @@ -32,7 +32,18 @@ Return Nacos Namespace to use. {{- end -}} {{/* -Return Nacos Namespace to use. +Return Jobs Namespace to use. +*/}} +{{- define "job.namespace" -}} +{{- if .Values.jobs.namespaceOverride -}} +{{- .Values.jobs.namespaceOverride }} +{{- else -}} +{{- .Release.Namespace }} +{{- end -}} +{{- end -}} + +{{/* +Return ingress Namespace to use. */}} {{- define "ingress.namespace" -}} {{- if .Values.ingress.namespaceOverride -}} @@ -40,4 +51,5 @@ Return Nacos Namespace to use. {{- else -}} {{- .Release.Namespace }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} + diff --git a/deploy/charts/admin/templates/custom/jobs/jobs-crds-scripts.yaml b/deploy/charts/admin/templates/custom/jobs/jobs-crds-scripts.yaml new file mode 100644 index 000000000..6e824f36c --- /dev/null +++ b/deploy/charts/admin/templates/custom/jobs/jobs-crds-scripts.yaml @@ -0,0 +1,29 @@ +{{- $jobs := .Values.jobs }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "job.name" . }}-crds-scripts + namespace: {{ template "job.namespace" . }} + labels: + {{- include "job.labels" . | nindent 4 }} + {{- with $jobs.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": "pre-upgrade,pre-install" + "helm.sh/hook-weight": "-1" + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" + {{- with $jobs.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +data: + install_crds.sh: |- + #!/usr/bin/bash + # Control plane custom resource definition creation. + $CRDS_FILE="/admin/crds" + if [ -s $CRDS_FILE ]; then + echo "$CRDS_FILE Detected this file, currently adding CRDs..." + kubectl apply -f $CRDS_FILE + else + echo "$CRDS_FILE The file was not found. Please check the directory path or other possible reasons." + fi \ No newline at end of file diff --git a/deploy/charts/admin/templates/custom/jobs/jobs-crds.yaml b/deploy/charts/admin/templates/custom/jobs/jobs-crds.yaml new file mode 100644 index 000000000..b330dd782 --- /dev/null +++ b/deploy/charts/admin/templates/custom/jobs/jobs-crds.yaml @@ -0,0 +1,37 @@ +{{- $jobs := .Values.jobs }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "job.name" . }}-crds + namespace: {{ template "job.namespace" . }} + labels: + {{- include "job.labels" . | nindent 4 }} + {{- with $jobs.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": "pre-upgrade,pre-install" + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" + {{- with $jobs.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + template: + metadata: + name: {{ template "job.name" . }}-crds + namespace: {{ template "job.namespace" . }} + spec: + restartPolicy: {{ $jobs.restartPolicy }} + containers: + - name: kubectl + image: {{ $jobs.image.registry }}:{{ $jobs.image.tag }} + imagePullPolicy: {{ $jobs.image.pullPolicy }} + volumeMounts: + - name: scripts + mountPath: /scripts/install_crds.sh + subPath: install_crds.sh + volumes: + - name: scripts + configMap: + name: {{ template "job.name" . }}-crds-scripts + defaultMode: 0755 \ No newline at end of file diff --git a/deploy/charts/admin/templates/exposer/ingress/ingress-class.yaml b/deploy/charts/admin/templates/exposer/ingress/ingress-class.yaml new file mode 100644 index 000000000..e43d86677 --- /dev/null +++ b/deploy/charts/admin/templates/exposer/ingress/ingress-class.yaml @@ -0,0 +1,11 @@ +{{- $ingress := .Values.ingress -}} +{{- if $ingress.enabled }} +apiVersion: {{ template "network.apiVersion" . }} +kind: IngressClass +metadata: + name: {{ template "traefik.name" . }} + annotations: + ingressclass.kubernetes.io/is-default-class: "false" +spec: + controller: traefik.io/ingress-controller +{{- end -}} diff --git a/deploy/charts/admin/templates/ingress/ingress-dep.yaml b/deploy/charts/admin/templates/exposer/ingress/ingress-dep.yaml similarity index 75% rename from deploy/charts/admin/templates/ingress/ingress-dep.yaml rename to deploy/charts/admin/templates/exposer/ingress/ingress-dep.yaml index dcf8b87c6..9c679a7cb 100644 --- a/deploy/charts/admin/templates/ingress/ingress-dep.yaml +++ b/deploy/charts/admin/templates/exposer/ingress/ingress-dep.yaml @@ -1,4 +1,5 @@ -{{- if .Values.ingress.enabled }} +{{- $ingress := .Values.ingress -}} +{{- if $ingress.enabled }} apiVersion: {{ template "apiVersion" . }} kind: Deployment metadata: @@ -8,27 +9,27 @@ spec: replicas: {{ .Values.ingress.replicas }} selector: matchLabels: - {{- include "traefik.labels" . | nindent 6 }} + {{- include "traefik.labels" . | nindent 6 }} strategy: - {{- toYaml .Values.ingress.strategy | nindent 4 }} + {{- toYaml $ingress.strategy | nindent 4 }} template: metadata: - annotations: - {{- include "traefik.annotations" . | nindent 8 }} labels: - {{- include "traefik.labels" . | nindent 8 }} + {{- include "traefik.labels" . | nindent 8 }} + annotations: + {{- include "traefik.annotations" . | nindent 8 }} spec: serviceAccountName: {{ template "traefik.name" }} containers: - name: traefik - image: {{ .Values.ingress.image.registry }}:{{ .Values.ingress.image.tag }} - imagePullPolicy: {{ .Values.ingress.image.pullPolicy }} + image: {{ $ingress.image.registry }}:{{ $ingress.image.tag }} + imagePullPolicy: {{ $ingress.image.pullPolicy }} resources: - {{- toYaml .Values.ingress.resources | nindent 10 }} + {{- toYaml $ingress.resources | nindent 10 }} readinessProbe: - {{- toYaml .Values.ingress.readinessProbe | nindent 10 }} + {{- toYaml $ingress.readinessProbe | nindent 10 }} livenessProbe: - {{- toYaml .Values.ingress.livenessProbe | nindent 10 }} + {{- toYaml $ingress.livenessProbe | nindent 10 }} ports: - name: metrics containerPort: {{ template "traefik.metrics.containerPort" . }} @@ -46,7 +47,7 @@ spec: hostPort: {{ template "traefik.websecure.hostPort" . }} protocol: TCP securityContext: - {{- toYaml .Values.ingress.containersecurityContext | nindent 10 }} + {{- toYaml $ingress.containersecurityContext | nindent 10 }} volumeMounts: - name: data mountPath: /data @@ -79,7 +80,7 @@ spec: - name: tmp emptyDir: {} nodeSelector: - {{- toYaml .Values.ingress.nodeSelector | nindent 8 }} + {{- toYaml $ingress.nodeSelector | nindent 8 }} securityContext: - {{- toYaml .Values.ingress.securityContext | nindent 8 }} + {{- toYaml $ingress.securityContext | nindent 8 }} {{- end -}} \ No newline at end of file diff --git a/deploy/charts/admin/templates/ingress/ingress-rbac.yaml b/deploy/charts/admin/templates/exposer/ingress/ingress-rbac.yaml similarity index 86% rename from deploy/charts/admin/templates/ingress/ingress-rbac.yaml rename to deploy/charts/admin/templates/exposer/ingress/ingress-rbac.yaml index 9fb774da3..9d2a0db35 100644 --- a/deploy/charts/admin/templates/ingress/ingress-rbac.yaml +++ b/deploy/charts/admin/templates/exposer/ingress/ingress-rbac.yaml @@ -1,11 +1,13 @@ -{{- if .Values.ingress.enabled }} +{{- $ingress := .Values.ingress -}} +{{- $rbac := .Values.rbac -}} +{{- if $ingress.enabled }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "traefik.name" . }} namespace: {{ template "ingress.namespace" . }} --- -apiVersion: rbac.authorization.k8s.io/v1 +apiVersion: {{ include "rbac.apiVersion" . }} kind: ClusterRole metadata: name: {{ include "traefik.name" . }}-clusterrole @@ -55,7 +57,7 @@ rules: - list - watch --- -apiVersion: rbac.authorization.k8s.io/v1 +apiVersion: {{ include "rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: name: {{ include "traefik.name" . }}-clusterrolebinding diff --git a/deploy/charts/admin/templates/ingress/ingress.yaml b/deploy/charts/admin/templates/exposer/ingress/ingress.yaml similarity index 78% rename from deploy/charts/admin/templates/ingress/ingress.yaml rename to deploy/charts/admin/templates/exposer/ingress/ingress.yaml index ad7cbb040..0738c5609 100644 --- a/deploy/charts/admin/templates/ingress/ingress.yaml +++ b/deploy/charts/admin/templates/exposer/ingress/ingress.yaml @@ -1,12 +1,12 @@ -{{- if .Values.ingress.enabled }} {{- $ingress := .Values.ingress -}} +{{- if $ingress.enabled }} apiVersion: {{ template "network.apiVersion" . }} kind: Ingress metadata: name: {{ template "admin.name" . }}-ingress - namespace: {{ template "ingress.namespace" . }} + namespace: {{ template "system.namespaces" . }} spec: - ingressClassName: {{ template "dubbo.name" . }} + ingressClassName: {{ template "traefik.name" . }} rules: - host: {{ $ingress.hosts.admin }} http: @@ -23,9 +23,9 @@ apiVersion: {{ template "network.apiVersion" . }} kind: Ingress metadata: name: {{ template "prom.name" . }}-ingress - namespace: {{ template "ingress.namespace" . }} + namespace: {{ template "system.namespaces" . }} spec: - ingressClassName: {{ template "dubbo.name" . }} + ingressClassName: {{ template "traefik.name" . }} rules: - host: {{ $ingress.hosts.prometheus }} http: @@ -42,9 +42,9 @@ apiVersion: {{ template "network.apiVersion" . }} kind: Ingress metadata: name: {{ template "grafana.name" . }}-ingress - namespace: {{ template "ingress.namespace" . }} + namespace: {{ template "system.namespaces" . }} spec: - ingressClassName: {{ template "dubbo.name" . }} + ingressClassName: {{ template "traefik.name" . }} rules: - host: {{ $ingress.hosts.grafana }} http: diff --git a/deploy/charts/admin/templates/ingress/ingressclass.yaml b/deploy/charts/admin/templates/ingress/ingressclass.yaml deleted file mode 100644 index a2c4cf620..000000000 --- a/deploy/charts/admin/templates/ingress/ingressclass.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ template "network.apiVersion" . }} -kind: IngressClass -metadata: - name: {{ template "dubbo.name" . }} - annotations: - {{ template "traefik.ingressclass.annotations" . }} -spec: - controller: dubbo.io/ingress-controller -{{- end -}} diff --git a/deploy/charts/admin/templates/nacos/nacos-cm.yaml b/deploy/charts/admin/templates/register/nacos/nacos-cm.yaml similarity index 94% rename from deploy/charts/admin/templates/nacos/nacos-cm.yaml rename to deploy/charts/admin/templates/register/nacos/nacos-cm.yaml index 523b4efac..d6a2b5160 100644 --- a/deploy/charts/admin/templates/nacos/nacos-cm.yaml +++ b/deploy/charts/admin/templates/register/nacos/nacos-cm.yaml @@ -6,6 +6,7 @@ metadata: name: {{ template "nacos.name" . }}-db-config namespace: {{ template "nacos.namespace" . }} labels: + {{- include "nacos.labels" . | nindent 4 }} {{- with $nacos.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/deploy/charts/admin/templates/nacos/nacos-sts.yaml b/deploy/charts/admin/templates/register/nacos/nacos-sts.yaml similarity index 99% rename from deploy/charts/admin/templates/nacos/nacos-sts.yaml rename to deploy/charts/admin/templates/register/nacos/nacos-sts.yaml index ffccbb579..b2930d079 100644 --- a/deploy/charts/admin/templates/nacos/nacos-sts.yaml +++ b/deploy/charts/admin/templates/register/nacos/nacos-sts.yaml @@ -6,6 +6,7 @@ metadata: name: {{ template "nacos.name" . }} namespace: {{ template "nacos.namespace" . }} labels: + {{- include "nacos.labels" . | nindent 4 }} {{- with $nacos.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/deploy/charts/admin/templates/nacos/nacos-svc.yaml b/deploy/charts/admin/templates/register/nacos/nacos-svc.yaml similarity index 95% rename from deploy/charts/admin/templates/nacos/nacos-svc.yaml rename to deploy/charts/admin/templates/register/nacos/nacos-svc.yaml index 34cff5d96..ee5ae1d71 100644 --- a/deploy/charts/admin/templates/nacos/nacos-svc.yaml +++ b/deploy/charts/admin/templates/register/nacos/nacos-svc.yaml @@ -7,6 +7,7 @@ metadata: name: {{ template "nacos.name" . }} namespace: {{ template "nacos.namespace" . }} labels: + {{- include "nacos.labels" . | nindent 4 }} {{- with $nacos.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -56,11 +57,12 @@ metadata: name: {{ template "nacos.name" . }}-headless namespace: {{ template "nacos.namespace" . }} labels: + {{- include "nacos.labels" . | nindent 4 }} {{- with .Values.labels }} {{- toYaml . | nindent 4 }} {{- end }} annotations: - {{- with .Values.annotations }} + {{- with $nacos.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: diff --git a/deploy/charts/admin/templates/zookeeper/zookeeper-cm.yaml b/deploy/charts/admin/templates/register/zk/zk-cm.yaml similarity index 95% rename from deploy/charts/admin/templates/zookeeper/zookeeper-cm.yaml rename to deploy/charts/admin/templates/register/zk/zk-cm.yaml index 27d4bd1ef..26ef95e73 100644 --- a/deploy/charts/admin/templates/zookeeper/zookeeper-cm.yaml +++ b/deploy/charts/admin/templates/register/zk/zk-cm.yaml @@ -6,6 +6,7 @@ metadata: name: {{ template "zoo.name" . }}-scripts namespace: {{ template "zoo.namespace" . }} labels: + {{- include "zoo.labels" . | nindent 4 }} {{- with $zoo.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/deploy/charts/admin/templates/zookeeper/zookeeper-sts.yaml b/deploy/charts/admin/templates/register/zk/zk-sts.yaml similarity index 99% rename from deploy/charts/admin/templates/zookeeper/zookeeper-sts.yaml rename to deploy/charts/admin/templates/register/zk/zk-sts.yaml index 1a9fa6c69..37b10d31c 100644 --- a/deploy/charts/admin/templates/zookeeper/zookeeper-sts.yaml +++ b/deploy/charts/admin/templates/register/zk/zk-sts.yaml @@ -6,6 +6,7 @@ metadata: name: {{ template "zoo.name" . }} namespace: {{ template "zoo.namespace" . }} labels: + {{- include "admin.labels" . | nindent 4 }} {{- with $zoo.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/deploy/charts/admin/templates/zookeeper/zookeeper-svc.yaml b/deploy/charts/admin/templates/register/zk/zk-svc.yaml similarity index 95% rename from deploy/charts/admin/templates/zookeeper/zookeeper-svc.yaml rename to deploy/charts/admin/templates/register/zk/zk-svc.yaml index 038c62ef9..52fa7bdc0 100644 --- a/deploy/charts/admin/templates/zookeeper/zookeeper-svc.yaml +++ b/deploy/charts/admin/templates/register/zk/zk-svc.yaml @@ -7,6 +7,7 @@ metadata: name: {{ template "zoo.name" . }} namespace: {{ template "zoo.namespace" . }} labels: + {{- include "zoo.labels" . | nindent 4 }} {{- with $zoo.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -52,11 +53,12 @@ metadata: name: {{ template "zoo.name" . }}-headless namespace: {{ template "zoo.namespace" . }} labels: + {{- include "zoo.labels" . | nindent 4 }} {{- with .Values.labels }} {{- toYaml . | nindent 4 }} {{- end }} annotations: - {{- with .Values.annotations }} + {{- with $zoo.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: diff --git a/deploy/charts/admin/templates/traffic/traffic-authority.yaml b/deploy/charts/admin/templates/traffic/traffic-authority.yaml new file mode 100644 index 000000000..2e5fcd419 --- /dev/null +++ b/deploy/charts/admin/templates/traffic/traffic-authority.yaml @@ -0,0 +1,61 @@ +{{- $auth := .Values.auth -}} +{{- $authz := .Values.auth.authorization -}} +{{- $authc := .Values.auth.authentication -}} +{{- if $auth.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "cp.name" . }}-sa + namespace: {{ template "system.namespaces" . }} +--- +apiVersion: {{ include "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ include "cp.name" . }}-clusterrole +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +--- +apiVersion: {{ include "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: {{ include "cp.name" . }}-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "cp.name" . }}-clusterrole +subjects: + - kind: ServiceAccount + name: {{ template "cp.name" . }}-sa + namespace: {{ template "system.namespaces" . }} +--- +apiVersion: dubbo.apache.org/v1alpha1 +kind: AuthenticationPolicy +metadata: + name: {{ template "cp.name" . }}-authentication + namespace: {{ template "system.namespaces" . }} +spec: + action: {{ $authc.action }} + PortLevel: + - port: {{ $authc.port }} + selector: + - namespaces: ["dubbo-system"] +--- +apiVersion: dubbo.apache.org/v1alpha1 +kind: AuthorizationPolicy +metadata: + name: {{ template "cp.name" . }}-authorization + namespace: {{ template "system.namespaces" . }} +spec: + action: {{ $authz.action }} + matchType: {{ $authz.matchType }} + rules: + - from: + namespaces: ["dubbo-system"] + samples: {{ $authz.samples }} +{{- end }} + diff --git a/deploy/charts/admin/templates/traffic/traffic-rules.yaml b/deploy/charts/admin/templates/traffic/traffic-rules.yaml new file mode 100644 index 000000000..9243da8eb --- /dev/null +++ b/deploy/charts/admin/templates/traffic/traffic-rules.yaml @@ -0,0 +1,48 @@ +{{- $tr := .Values.traffic.tagRoute -}} +{{- $dc := .Values.traffic.dynamicConfig -}} +{{- $cr := .Values.traffic.conditionRoute -}} +apiVersion: dubbo.apache.org/v1alpha1 +kind: ConditionRoute +metadata: + name: {{ template "cp.name" . }}-conditionroute + namespace: {{ template "system.namespaces" . }} +spec: + enabled: {{ $cr.enabled }} + force: {{ $cr.force }} + scope: {{ $cr.scope }} + runtime: {{ $cr.runtime }} + priority: {{ $cr.priority }} + key: {{ $cr.key }} + configVersion: {{ $cr.configVersion }} + conditions: + - {{ $cr.conditions }} +--- +apiVersion: dubbo.apache.org/v1alpha1 +kind: DynamicConfig +metadata: + name: {{ template "cp.name" . }}-dynamicconfig + namespace: {{ template "system.namespaces" . }} +spec: + configVersion: {{ $dc.configVersion }} + scope: {{ $dc.scope }} + key: {{ $dc.key }} + configs: + - side: {{ $dc.side }} + match: + application: + oneof: + - exact: {{ $dc.exact }} +--- +apiVersion: dubbo.apache.org/v1alpha1 +kind: TagRoute +metadata: + name: {{ template "cp.name" . }}-tagroute + namespace: {{ template "system.namespaces" . }} +spec: + configVersion: {{ $tr.configVersion }} + force: {{ $tr.force }} + enabled: {{ $tr.enabled }} + priority: {{ $tr.priority }} + key: {{ $tr.key }} + tags: + - name: {{ $tr.name }} diff --git a/deploy/charts/admin/values.yaml b/deploy/charts/admin/values.yaml index f18e714d4..bc1447324 100644 --- a/deploy/charts/admin/values.yaml +++ b/deploy/charts/admin/values.yaml @@ -16,23 +16,20 @@ ## Specifies the type of Kubernetes resource, such as "Deployment" or "StatefulSet." deployType: Deployment -## Override the name of the resource. -nameOverride: {} - ## Override the namespace where the resource is deployed. -namespaceOverride: {} +namespaceOverride: ~ ## Labels to attach to the resource. -labels: {} +labels: ~ ## Annotations to attach to the resource. -annotations: {} +annotations: ~ ## Node selector to constrain where the pods can be scheduled. -nodeSelector: {} +nodeSelector: ~ ## List of image pull secrets for pulling private container images. -imagePullSecrets: [] +imagePullSecrets: ~ ## Specifies the cluster's domain name for DNS resolution. clusterDomain: cluster.local @@ -52,33 +49,33 @@ rbac: # Whether to enable the RBAC. enabled: true # Labels for RBAC resources. - labels: {} + labels: ~ # Annotations for RBAC resources. - annotations: {} + annotations: ~ serviceAccount: # Whether to enable the ServiceAccount. enabled: true # Labels to be applied to the ServiceAccount. - labels: {} + labels: ~ # Annotations to be added to the ServiceAccount. - annotations: {} + annotations: ~ ## Define volume mounts for the application, Each item in the list represents a separate volume mount. -volumeMounts: {} +volumeMounts: ~ ## Example: # - name: vol # mountPath: /data # readOnly: true ## Define volumes for the application, Each item in the list represents a separate volume. -volumes: [] +volumes: ~ # - name: vol # hostPath: # path: /data ## Define a ConfigMap for the application, You can create a ConfigMap and specify its name, items, and defaultMode. -configMap: {} +configMap: ~ # name: config-file # items: # - key: file @@ -86,7 +83,7 @@ configMap: {} # defaultMode: 420 ## Define a Secret for the application, You can create a Secret and specify its name, items, and their corresponding keys and paths. -secret: {} +secret: ~ # secretName: secret-file # items: # - key: tls.crt @@ -108,7 +105,7 @@ updateStrategy: # Define the update strategy for the application's statefulSet. type: RollingUpdate # Additional configuration for the RollingUpdate update strategy can be specified here. - rollingUpdate: {} + rollingUpdate: ~ ## Minimum time a pod must be ready before being considered available. minReadySeconds: 0 @@ -168,7 +165,7 @@ livenessProbe: port: 8080 ## Define lifecycle hooks for the application container. -lifecycleHooks: {} +lifecycleHooks: ~ # postStart: # exec: # command: ["/bin/sh", "-c", "echo Discover Infinite Possibilities, Starting Now! >> /var/log/postStart.log"] @@ -180,9 +177,9 @@ service: # Whether to enable the service. enabled: true # Labels to be applied to the service. - labels: {} + labels: ~ # Annotations to be added to the service. - annotations: {} + annotations: ~ # Specifies the service type (ClusterIP, NodePort, LoadBalancer, etc.). type: ClusterIP # Specifies the ClusterIP for the service, or use "~" to auto-assign. @@ -217,7 +214,7 @@ resources: memory: 512Mi ## Define toleration's for the application pods. -tolerations: [] +tolerations: ~ # - key: CriticalAddonsOnly # operator: Exists # - effect: NoSchedule @@ -227,9 +224,9 @@ persistence: # Whether to enable the persistence volume. enabled: false # Labels to be applied to the persistence volume. - labels: {} + labels: ~ # Annotations to be added to the persistence volume. - annotations: {} + annotations: ~ # Name of the PersistentVolumeClaim. claimName: "" # Storage class for the PersistentVolumeClaim. @@ -255,9 +252,9 @@ podDisruptionBudget: # Whether to enable the PDB. enabled: false # Labels to be applied to the PDB. - labels: {} + labels: ~ # Annotations to be added to the PDB. - annotations: {} + annotations: ~ # Minimum number of pods that must be available during disruptions. minAvailable: 1 # Maximum number of pods that can be unavailable during disruptions. @@ -269,21 +266,21 @@ podSecurityPolicy: # Whether to enable the PSP. enabled: false # Labels to be applied to the PSP. - labels: {} + labels: ~ # Annotations to be added to the PSP. - annotations: {} + annotations: ~ networkPolicy: # Whether to enable the network policies. enabled: false # Labels to be applied to the network policy. - labels: {} + labels: ~ # Annotations to be added to the network policy - annotations: {} + annotations: ~ # Define the pod selector for network policy. - podSelector: {} + podSelector: ~ # Define ingress rules for network policy. - ingress: [] + ingress: ~ # - from: # - ipBlock: # cidr: 172.16.0.0/16 @@ -300,7 +297,7 @@ networkPolicy: # endPort: 10002 # protocol: TCP # Define egress rules for network policy. - egress: [] + egress: ~ # - ports: # - port: 10001 # endPort: 10002 @@ -319,21 +316,118 @@ networkPolicy: # - frontend # - backend -zookeeper: - ## Whether to enable the zookeeper. +jobs: + # Override the namespace where the resource is deployed. + namespaceOverride: ~ + # Labels to attach to the resource. + labels: ~ + # Annotations to attach to the resource. + annotations: ~ + # Specify the restart policy (OnFailure, Never, Always, etc.). + restartPolicy: OnFailure + + image: + # Source of the container image. + registry: docker.io/bitnami/kubectl + # Version tag of the container image. + tag: 1.28.4 + # Image pull policy, available options are: Always, IfNotPresent, Never. + pullPolicy: IfNotPresent + +auth: + ## Whether to enable the control-plane auth control. + enabled: false + + authorization: + # Specify the action for authorization (DENY, ALLOW, etc.) + action: DENY + + # Specify the match type for authorization (anyMatch, allMatch, etc.) + matchType: anyMatch + + # Specify the match type for authorization rule sampling rate has a range of 0 to 100. + samples: 0 + + authentication: + # Specify the action for authentication (STRICT, PERMISSIVE, etc.) + action: STRICT + + # Specify the action for authentication port number for applying the authentication policy + port: 38080 + +traffic: + ## Whether to enable the traffic. + enabled: false + + conditionRoute: + # Supports service and application scope rules. + scope: service + # Whether enable this rule or not, set enabled:false to disable this rule. + enabled: true + # The behaviour when the instance subset is empty after routing. + force: true + # Whether run routing rule for every rpc invocation or use routing cache if available. + runtime: true + # Specify the specific priority for traffic (adjust within the range 1 ~ 100). + priority: 100 + # The version of the condition rule definition, currently available version is v3.0. + configVersion: v3.0 + # The identifier of the target service or application that this rule is about to apply to. + # If scope:service is set, then keyshould be specified as the Dubbo service key that this rule targets to control. + # If scope:application is set, then keyshould be specified as the name of the application that this rule targets to control, application should always be a Dubbo Consumer. + key: org.apache.dubbo.samples.CommentService + # The condition routing rule definition of this configuration. Check Condition for details. + conditions: method=getComment => region=Hangzhou + + dynamicConfig: + # Supports service and application scope rules. + scope: service + # The version of the tag rule definition, currently available version is v3.0. + configVersion: v3.0 + # The identifier of the target service or application that this rule is about to apply to. + # If scope:service is set, then keyshould be specified as the Dubbo service key that this rule targets to control. + # If scope:application is set, then keyshould be specified as the name of the application that this rule targets to control, application should always be a Dubbo Consumer. + key: org.apache.dubbo.samples.UserService + # Especially useful when scope:service is set. + # side: providermeans this Config will only take effect on the provider instances of the service key. + # side: consumermeans this Config will only take effect on the consumer instances of the service key + side: consumer + # The application matching condition for this config rule to take effect. + # Effective when scope:service is set. + # https://github.com/google/re2/wiki/Syntax. + # exact: value for exact string + exact: shop-frontend + + tagRoute: + # The name of the tag used to match the dubbo tag value in the request context. + name: gray + # Whether enable this rule or not, set enabled:false to disable this rule. + enabled: false + # The behaviour when the instance subset is empty after routing. + force: true + # The version of the tag rule definition, currently available version is v3.0. + configVersion: v3.0 + # Specify the specific priority for traffic (adjust within the range 1 ~ 100). + priority: 99 + # The identifier of the target application that this rule is about to control. + key: details + +observable: + ## Whether to enable the observability. enabled: true - ## Override the name of the resource. - nameOverride: {} +zookeeper: + ## Whether to enable the zookeeper. + enabled: false ## Override the namespace where the resource is deployed. - namespaceOverride: {} + namespaceOverride: ~ ## Labels to attach to the resource. - labels: {} + labels: ~ ## Annotations to attach to the resource. - annotations: {} + annotations: ~ ## Specifies the cluster's domain name for DNS resolution. clusterDomain: cluster.local @@ -369,9 +463,9 @@ zookeeper: service: # Labels to be applied to the service. - labels: {} + labels: ~ # Annotations to be added to the service. - annotations: {} + annotations: ~ # Specifies the service type (ClusterIP, NodePort, LoadBalancer, etc.). type: ClusterIP # Specifies the ClusterIP for the service, or use "~" to auto-assign. @@ -511,22 +605,19 @@ zookeeper: nacos: ## Whether to enable the nacos. - enabled: false + enabled: true ## Specifies the mode in which nacos is running (standalone, cluster, etc.). mode: standalone - ## Override the name of the resource. - nameOverride: {} - ## Override the namespace where the resource is deployed. - namespaceOverride: {} + namespaceOverride: ~ ## Labels to attach to the resource. - labels: {} + labels: ~ ## Annotations to attach to the resource. - annotations: {} + annotations: ~ ## Specifies the cluster's domain name for DNS resolution. clusterDomain: cluster.local @@ -572,9 +663,9 @@ nacos: service: # Labels to be applied to the service. - labels: {} + labels: ~ # Annotations to be added to the service. - annotations: {} + annotations: ~ # Specifies the service type (ClusterIP, NodePort, LoadBalancer, etc.). type: NodePort # Specifies the ClusterIP for the service, or use "~" to auto-assign. @@ -683,26 +774,27 @@ ingress: enabled: false hosts: - admin: admin.dubbo.domain - - prometheus: prom.dubbo.domain - - grafana: grafana.dubbo.domain + # Specify the host for the admin Ingress + admin: admin.k8s.example + # Specify the host for the Prometheus Ingress + prometheus: prom.k8s.example + # Specify the host for the Grafana Ingress + grafana: grafana.k8s.example ## Override the name of the resource. - nameOverride: {} + nameOverride: ~ ## Override the namespace where the resource is deployed. - namespaceOverride: {} + namespaceOverride: ~ ## Labels to attach to the resource. - labels: {} + labels: ~ ## Annotations to attach to the resource. - annotations: {} + annotations: ~ ## Node selector to constrain where the pods can be scheduled. - nodeSelector: {} + nodeSelector: ~ ## Number of replicas for the Deployment. replicas: 1 @@ -794,24 +886,4 @@ ingress: # CPU usage request. cpu: 100m # Memory usage request. - memory: 100Mi - -observable: - skywalking: - enabled: false - - opentelemetry: - enabled: false - -trace: - zipkin: - enabled: false - -metrics: - enabled: false - - admin: - path: /metrics - port: 10000 - serviceMonitor: - enabled: false \ No newline at end of file + memory: 100Mi \ No newline at end of file diff --git a/docs/dubboctl.md b/docs/dubboctl.md new file mode 100644 index 000000000..67da43ec5 --- /dev/null +++ b/docs/dubboctl.md @@ -0,0 +1,41 @@ + +This repository contains libraries and tools for creating and deploying Dubbo applications in any Kubernetes environment, i.e. on Kubernetes, Aliyun ACK, etc. + +## Prerequisites: +* Ensure you have Go installed, version 1.20 or higher. +* Make sure you install kubectl. +* Ensure you have Dubboctl installed. + +## Quick Start +### Create a Dubbo application +Use `dubboctl create` to create a project template. + +```shell +dubboctl create -l java +``` + +This should generate a simple project with a demo service properly configured and is ready to run. + +> For java developers, it's recommended to use [start.dubbo.apache.org]() or [IntelliJ IDEA plugin]() to generate more complicated templates. + +### Deploy application to Kubernetes +Before deploying the application, let's install Nacos, Zookeeper, Prometheus and other components necessary for running a Dubbo application or microservice cluster. + +```shell +dubboctl install --profile=demo # This will install Nacos, Prometheus, Grafana, Admin, etc. +``` + +Next, build your application as docker image and deploy it into kubernetes cluster with `dubboctl deploy`, it will do the following two steps: + +1. Build your application from source code into docker image and push the image to remote repository. +2. Generate all the kubernetes configurations (e.g., deployments, services, load balancers) needed to run your application on vanilla Kubernetes. + +```shell +dubboctl deploy --out=deployment.yml +``` + +Finally, apply manifests into kubernetes cluster. + +```shell +kubectl apply -f deployment.yml +``` diff --git a/docs/images/homepage/arch1.png b/docs/images/homepage/arch1.png new file mode 100644 index 000000000..4839b73e4 Binary files /dev/null and b/docs/images/homepage/arch1.png differ diff --git a/docs/images/homepage/arch2.png b/docs/images/homepage/arch2.png new file mode 100644 index 000000000..965ae57e7 Binary files /dev/null and b/docs/images/homepage/arch2.png differ diff --git a/docs/images/homepage/kubernetes-mode.png b/docs/images/homepage/kubernetes-mode.png new file mode 100644 index 000000000..87cf28b51 Binary files /dev/null and b/docs/images/homepage/kubernetes-mode.png differ diff --git a/docs/images/homepage/multiple-cluster.png b/docs/images/homepage/multiple-cluster.png new file mode 100644 index 000000000..f92def9e7 Binary files /dev/null and b/docs/images/homepage/multiple-cluster.png differ diff --git a/docs/images/homepage/ui-demo.png b/docs/images/homepage/ui-demo.png new file mode 100644 index 000000000..0e6271636 Binary files /dev/null and b/docs/images/homepage/ui-demo.png differ diff --git a/docs/images/homepage/universal-mode.png b/docs/images/homepage/universal-mode.png new file mode 100644 index 000000000..63b13b0a3 Binary files /dev/null and b/docs/images/homepage/universal-mode.png differ diff --git a/ui-vue3/src/api/mock/mockGlobalSearch.ts b/ui-vue3/src/api/mock/mockGlobalSearch.ts new file mode 100644 index 000000000..bf729e296 --- /dev/null +++ b/ui-vue3/src/api/mock/mockGlobalSearch.ts @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import Mock from 'mockjs' + +Mock.mock(/\/search\?searchType=\w+&keywords=\w*/, 'get', { + code: 200, + message: '成功', + data: { + find: true, + candidates: ['test1', 'test2', 'tset3'] + } +}) diff --git a/ui-vue3/src/api/service/globalSearch.ts b/ui-vue3/src/api/service/globalSearch.ts new file mode 100644 index 000000000..dd2973f68 --- /dev/null +++ b/ui-vue3/src/api/service/globalSearch.ts @@ -0,0 +1,26 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import request from '@/base/http/request' + +export const globalSearch = (params: any): Promise => { + return request({ + url: '/search', + method: 'get', + params + }) +} diff --git a/ui-vue3/src/assets/dubbo.png b/ui-vue3/src/assets/dubbo.png new file mode 100644 index 000000000..c48044b15 Binary files /dev/null and b/ui-vue3/src/assets/dubbo.png differ diff --git a/ui-vue3/src/base/i18n/en.ts b/ui-vue3/src/base/i18n/en.ts index 516882b47..5cd220d50 100644 --- a/ui-vue3/src/base/i18n/en.ts +++ b/ui-vue3/src/base/i18n/en.ts @@ -44,6 +44,7 @@ const words: I18nType = { app: 'Application', services: 'Services', application: 'Application', + instance: 'Instance', all: 'All', ip: 'IP', qps: 'qps', @@ -270,7 +271,10 @@ const words: I18nType = { searchDomain: { total: 'Total', unit: 'items' - } + }, + backHome: 'Back Home', + noPageTip: 'Sorry, the page you visited does not exist.', + globalSearchTip: 'Search ip, application, instance, service' } export default words diff --git a/ui-vue3/src/base/i18n/zh.ts b/ui-vue3/src/base/i18n/zh.ts index 4883f4047..37ae274a5 100644 --- a/ui-vue3/src/base/i18n/zh.ts +++ b/ui-vue3/src/base/i18n/zh.ts @@ -37,6 +37,7 @@ const words: I18nType = { providers: '提供者', consumers: '消费者', application: '应用', + instance: '实例', all: '全部', common: '通用', @@ -268,7 +269,11 @@ const words: I18nType = { searchDomain: { total: '共计', unit: '条' - } + }, + backHome: '回到首页', + noPageTip: '抱歉,你访问的页面不存在', + + globalSearchTip: '搜索ip,应用,实例,服务' } export default words diff --git a/ui-vue3/src/layout/header/layout_header.vue b/ui-vue3/src/layout/header/layout_header.vue index 8d53f1d59..dc169e3b7 100644 --- a/ui-vue3/src/layout/header/layout_header.vue +++ b/ui-vue3/src/layout/header/layout_header.vue @@ -16,7 +16,7 @@ -->