diff --git a/.github/workflows/cloud.yml b/.github/workflows/cloud.yml index e04caec2cb6..6472056707a 100644 --- a/.github/workflows/cloud.yml +++ b/.github/workflows/cloud.yml @@ -90,7 +90,9 @@ jobs: - name: Build sealos cloud cluster image working-directory: deploy/cloud run: | - sed -i "s#nightly#${{ inputs.build_from }}#g" init.sh + [ -z "${{ inputs.build_from }}" ] && BuildFromTag="nightly" || BuildFromTag="${{ inputs.build_from }}"; echo "BuildFromTag=${BuildFromTag}" + sed -i "s#nightly#${BuildFromTag}#g" init.sh + sed -i "s#nightly#${BuildFromTag}#g" etc/sealos/desktop-config.yaml sudo bash init.sh sudo sealos build -t ${{ steps.prepare.outputs.repo }}:${{ steps.prepare.outputs.tag_name }} -f Kubefile sudo sealos push ${{ steps.prepare.outputs.repo }}:${{ steps.prepare.outputs.tag_name }} diff --git a/deploy/cloud/etc/sealos/desktop-config.yaml b/deploy/cloud/etc/sealos/desktop-config.yaml new file mode 100644 index 00000000000..0dee06f27b1 --- /dev/null +++ b/deploy/cloud/etc/sealos/desktop-config.yaml @@ -0,0 +1,14 @@ +apiVersion: apps.sealos.io/v1beta1 +kind: Config +metadata: + name: secret +spec: + path: manifests/secret.yaml + # do not modify this image, it's used by ci. + match: docker.io/labring/sealos-cloud-desktop:nightly + strategy: merge + data: | + data: + mongodb_uri: + jwt_secret: + password_salt: \ No newline at end of file diff --git a/deploy/cloud/init.sh b/deploy/cloud/init.sh index 6d628ee41fa..07562c6efea 100644 --- a/deploy/cloud/init.sh +++ b/deploy/cloud/init.sh @@ -6,6 +6,7 @@ sealos pull ghcr.io/labring/sealos-cloud-app-controller:nightly sealos pull ghcr.io/labring/sealos-cloud-desktop-frontend:nightly sealos pull ghcr.io/labring/sealos-cloud-terminal-frontend:nightly sealos pull ghcr.io/labring/sealos-cloud-applaunchpad-frontend:nightly +sealos pull ghcr.io/labring/sealos-cloud-dbprovider-frontend:nightly @@ -15,4 +16,4 @@ sealos save -o tars/app.tar ghcr.io/labring/sealos-cloud-app-controller:nightly sealos save -o tars/frontend-desktop.tar ghcr.io/labring/sealos-cloud-desktop-frontend:nightly sealos save -o tars/frontend-terminal.tar ghcr.io/labring/sealos-cloud-terminal-frontend:nightly sealos save -o tars/frontend-applaunchpad.tar ghcr.io/labring/sealos-cloud-applaunchpad-frontend:nightly - +sealos save -o tars/frontend-dbprovider.tar ghcr.io/labring/sealos-cloud-dbprovider-frontend:nightly diff --git a/deploy/cloud/manifests/mongodb.yaml b/deploy/cloud/manifests/mongodb.yaml new file mode 100644 index 00000000000..0c08e130519 --- /dev/null +++ b/deploy/cloud/manifests/mongodb.yaml @@ -0,0 +1,77 @@ +apiVersion: apps.kubeblocks.io/v1alpha1 +kind: Cluster +metadata: + finalizers: + - cluster.kubeblocks.io/finalizer + generation: 1 + labels: + clusterdefinition.kubeblocks.io/name: mongodb + clusterversion.kubeblocks.io/name: mongodb-5.0.14 + name: sealos-mongodb + namespace: sealos +spec: + clusterDefinitionRef: mongodb + clusterVersionRef: mongodb-5.0.14 + componentSpecs: + - componentDefRef: mongodb + monitor: true + name: mongodb + replicas: 1 + resources: + limits: + cpu: "2" + memory: 4Gi + requests: + cpu: "1" + memory: 2Gi + serviceAccountName: sealos-mongodb-sa + volumeClaimTemplates: + - name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30Gi + terminationPolicy: Delete +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: mongo-name + app.kubernetes.io/managed-by: kbcli + name: sealos-mongodb-sa + namespace: sealos +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: mongo-name + app.kubernetes.io/managed-by: kbcli + name: sealos-mongodb-role + namespace: sealos +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: mongo-name + app.kubernetes.io/managed-by: kbcli + name: sealos-mongodb-rolebinding + namespace: sealos +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: sealos-mongodb-role +subjects: + - kind: ServiceAccount + name: sealos-mongodb-sa \ No newline at end of file diff --git a/deploy/cloud/scripts/gen-mongodb-uri.sh b/deploy/cloud/scripts/gen-mongodb-uri.sh new file mode 100644 index 00000000000..0f757917cc2 --- /dev/null +++ b/deploy/cloud/scripts/gen-mongodb-uri.sh @@ -0,0 +1,18 @@ +#!/bin/bash +namespace="sealos" +secret_name="sealos-mongodb-conn-credential" + +secret_data=$(kubectl get secret -n $namespace $secret_name -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}') + +endpoint=$(echo "$secret_data" | awk -F': ' '/endpoint/ {print $2}') +headlessEndpoint=$(echo "$secret_data" | awk -F': ' '/headlessEndpoint/ {print $2}') +headlessHost=$(echo "$secret_data" | awk -F': ' '/headlessHost/ {print $2}') +headlessPort=$(echo "$secret_data" | awk -F': ' '/headlessPort/ {print $2}') +host=$(echo "$secret_data" | awk -F': ' '/host/ {print $2}') +password=$(echo "$secret_data" | awk -F': ' '/password/ {print $2}') +port=$(echo "$secret_data" | awk -F': ' '/port/ {print $2}') +username=$(echo "$secret_data" | awk -F': ' '/username/ {print $2}') + +mongodb_uri="mongodb://$username:$password@$headlessEndpoint" + +echo "$mongodb_uri" \ No newline at end of file diff --git a/deploy/cloud/scripts/init.sh b/deploy/cloud/scripts/init.sh index 61c499f80f4..89e5f6c563a 100644 --- a/deploy/cloud/scripts/init.sh +++ b/deploy/cloud/scripts/init.sh @@ -4,6 +4,7 @@ set -e cloudDomain="cloud.io" tlsCrtPlaceholder="" tlsKeyPlaceholder="" +mongodb_uri="" function read_env { source $1 @@ -27,33 +28,79 @@ function sealos_run_controller { sealos run tars/user.tar # run terminal controller - sealos run tars/terminal.tar --env cloudDomain=$cloudDomain --env userNamespace="user-system" --env wildcardCertSecretName="wildcard-cert" --env wildcardCertSecretNamespace="sealos-system" + sealos run tars/terminal.tar \ + --env cloudDomain=$cloudDomain \ + --env userNamespace="user-system" \ + --env wildcardCertSecretName="wildcard-cert" \ + --env wildcardCertSecretNamespace="sealos-system" # run app controller sealos run tars/app.tar } +function gen_mongodb_uri() { + # if mongodb_uri is empty then apply kubeblocks mongodb cr and gen mongodb uri + if [ -z "$mongodb_uri" ]; then + kubectl apply -f manifests/mongodb.yaml + # if there is no sealos-mongodb-conn-credential secret then wait for mongodb ready + while [ -z "$(kubectl get secret -n sealos sealos-mongodb-conn-credential)" ]; do + echo "waiting for mongodb secret generated" + sleep 5 + done + mongodb_uri=$(scripts/gen-mongodb-uri.sh) + fi +} function sealos_run_frontend { - sealos run tars/frontend-desktop.tar --env cloudDomain=$cloudDomain --env certSecretName="wildcard-cert" + # mutate desktop config before running desktop + mutate_desktop_config + + sealos run tars/frontend-desktop.tar \ + --env cloudDomain=$cloudDomain \ + --env certSecretName="wildcard-cert" \ + --env passwordEnabled="true" \ + --config-file etc/sealos/desktop-config.yaml - sealos run tars/frontend-applaunchpad.tar --env cloudDomain=$cloudDomain --env certSecretName="wildcard-cert" + sealos run tars/frontend-applaunchpad.tar \ + --env cloudDomain=$cloudDomain \ + --env certSecretName="wildcard-cert" - sealos run tars/frontend-terminal.tar --env cloudDomain=$cloudDomain --env certSecretName="wildcard-cert" + sealos run tars/frontend-terminal.tar \ + --env cloudDomain=$cloudDomain \ + --env certSecretName="wildcard-cert" + + sealos run tars/frontend-dbprovider.tar \ + --env cloudDomain=$cloudDomain \ + --env certSecretName="wildcard-cert" } +function mutate_desktop_config() { + # mutate etc/sealos/desktop-config.yaml by using mongodb uri and two random base64 string + sed -i -e "s;;$(echo -n "$mongodb_uri" | base64);" etc/sealos/desktop-config.yaml + sed -i -e "s;;$(cat /dev/urandom | tr -dc 'a-z' | fold -w 64 | head -n 1 | base64);" etc/sealos/desktop-config.yaml + sed -i -e "s;;$(cat /dev/urandom | tr -dc 'a-z' | fold -w 64 | head -n 1 | base64);" etc/sealos/desktop-config.yaml +} + function install { # read env read_env etc/sealos/cloud.env + # mock tls mock_tls $cloudDomain + # add cert for cloud domain sealos cert --alt-name="$cloudDomain" - # kubectl apply namespace and secret - kubectl apply -f manifests + + # kubectl apply namespace, secret and mongodb + kubectl apply -f manifests/namespaces.yaml -f manifests/tls-secret.yaml + + # gen mongodb uri + gen_mongodb_uri + # sealos run controllers sealos_run_controller + # sealos run frontends sealos_run_frontend } diff --git a/frontend/desktop/deploy/Kubefile b/frontend/desktop/deploy/Kubefile index d4013861105..649079ffe1e 100644 --- a/frontend/desktop/deploy/Kubefile +++ b/frontend/desktop/deploy/Kubefile @@ -6,5 +6,9 @@ COPY manifests manifests ENV cloudDomain="cloud.example.com" ENV certSecretName="wildcard-cert" +ENV passWordEnabled="false" +ENV githubEnabled="false" +ENV wechatEnabled="false" +ENV smsEnabled="false" CMD ["kubectl apply -f manifests"] diff --git a/frontend/desktop/deploy/README.md b/frontend/desktop/deploy/README.md index 6dd1b4f2ea0..f714da6ab89 100644 --- a/frontend/desktop/deploy/README.md +++ b/frontend/desktop/deploy/README.md @@ -47,6 +47,7 @@ spec: sealos run \ --env cloudDomain="cloud.sealos.io" \ --env wildcardCertSecretName="wildcard-cert" \ + --env passwordEnabled="true" \ docker.io/labring/sealos-cloud-desktop:dev \ --config-file desktop-config.yaml ``` diff --git a/frontend/desktop/deploy/manifests/deploy.yaml.tmpl b/frontend/desktop/deploy/manifests/deploy.yaml.tmpl index 12e60c7b8dc..f66f7b4ae57 100644 --- a/frontend/desktop/deploy/manifests/deploy.yaml.tmpl +++ b/frontend/desktop/deploy/manifests/deploy.yaml.tmpl @@ -79,16 +79,16 @@ spec: # set to true to enable password login, modify the PASSWORD_SALT env to change the salt - name: PASSWORD_ENABLED - value: "true" + value: {{ .passwordEnabled }} # set to true to enable github login - name: GITHUB_ENABLED - value: "false" + value: {{ .githubEnabled }} # set to true to enable wechat login - name: WECHAT_ENABLED - value: "false" + value: {{ .wechatEnabled }} # set to true to enable sms login - name: SMS_ENABLED - value: "false" + value: {{ .smsEnabled }} # github login env - name: GITHUB_CLIENT_ID diff --git a/frontend/desktop/deploy/manifests/secret.yaml b/frontend/desktop/deploy/manifests/secret.yaml index 8cfa0417cd3..76bb66f2c65 100644 --- a/frontend/desktop/deploy/manifests/secret.yaml +++ b/frontend/desktop/deploy/manifests/secret.yaml @@ -11,7 +11,7 @@ data: # base64 encoded jwt secret, required jwt_secret: - # base64 encoded password salt, required + # base64 encoded password salt, required if env PASSWORD_ENABLED is true # please use a random string and do not change it after deployment password_salt: diff --git a/frontend/providers/terminal/deploy/Kubefile b/frontend/providers/terminal/deploy/Kubefile index ee56192975f..1797a076445 100644 --- a/frontend/providers/terminal/deploy/Kubefile +++ b/frontend/providers/terminal/deploy/Kubefile @@ -7,5 +7,7 @@ COPY manifests manifests ENV certSecretName="wildcard-cert" ENV cloudDomain="cloud.example.com" +ENV ttydImage="docker.io/labring/docker-terminal:1.20.4-3" + CMD ["kubectl apply -f manifests"] diff --git a/frontend/providers/terminal/deploy/manifests/deploy.yaml b/frontend/providers/terminal/deploy/manifests/deploy.yaml.tmpl similarity index 91% rename from frontend/providers/terminal/deploy/manifests/deploy.yaml rename to frontend/providers/terminal/deploy/manifests/deploy.yaml.tmpl index 8de53e7e731..e9014b77ac1 100644 --- a/frontend/providers/terminal/deploy/manifests/deploy.yaml +++ b/frontend/providers/terminal/deploy/manifests/deploy.yaml.tmpl @@ -49,6 +49,11 @@ spec: capabilities: drop: - "ALL" + env: + - name: TTYD_IMAGE + value: {{ .ttydImage }} + - name: SITE + value: {{ .cloudDomain }} # do not modify this image, it is used for CI/CD image: ghcr.io/labring/sealos-terminal-frontend:dev imagePullPolicy: Always