fix(tke-installer): fix wrong chart yaml files (#1778)

tkestack · Feb 28, 2022 · 1cdf116 · 1cdf116
1 parent 7dbb653
commit 1cdf116
Show file tree

Hide file tree

Showing 10 changed files with 166 additions and 73 deletions.
diff --git a/charts/values/customConfig.yaml → charts/bin/customConfig.yaml b/charts/values/customConfig.yaml → charts/bin/customConfig.yaml
@@ -1,24 +1,27 @@
 # 必填，etcd访问地址，形式如https://172.19.0.2:2379
 etcd:
-  host: 
+  host: https://172.18.0.2:2379 
 # 必填，服务器ip，数组形式
 serverIPs:
+  - 172.18.0.2
 # 访问的域名，数组形式
 dnsNames:
+  - tke.gateway
 # 必填，集群front-proxy-ca.crt文件地址，默认位置为/etc/kubernetes/pki/front-proxy-ca.crt
-frontProxyCaCrtAbsPath: 
+frontProxyCaCrtAbsPath: /etc/kubernetes/pki/front-proxy-ca.crt
 # 必填，集群etcd的ca.crt文件地址，默认位置为/etc/kubernetes/pki/etcd/ca.crt
-etcdCrtAbsPath: 
+etcdCrtAbsPath: /etc/kubernetes/pki/etcd/ca.crt
 # 必填，集群etcd的ca.key文件地址，默认位置为/etc/kubernetes/pki/etcd/ca.key
-etcdKeyAbsPath:
+etcdKeyAbsPath: /etc/kubernetes/pki/etcd/ca.key
 tke-auth:
   api:
     # 必填
-    replicas: 
+    replicas: 1
     # 必填
-    image:
+    image: tkestack/tke-auth-api-amd64:74592a3bceb5bebca602bea21aaebf78007a3bb2
     # 必填，数组形式，auth的重定向访问地址，包括集群服务器ip地址（必填）、tke-gateway的域名（可选）、集群高可用的VIP地址（可选）和集群的公共可访问域名（可选）
-    redirectHosts:
+    redirectHosts: 
+      - 172.18.0.2
     enableAudit: 
     # tke-auth-api组件在node上的对外暴露端口，默认31138
     nodePort: 
@@ -30,19 +33,23 @@ tke-auth:
     adminUsername: 
   controller:
     # 必填
-    replicas: 
+    replicas: 1
     # 必填
-    image: 
+    image: tkestack/tke-auth-controller-amd64:74592a3bceb5bebca602bea21aaebf78007a3bb2
     # tke集群的用户名，默认为admin
     adminUsername: 
     # tke集群的密码，默认自动生成
     adminPassword: 
-tke-gateway:
+tke-platform:
+  # 必填 VIP，或者公网可访问的集群IP
+  publicIP:
+  metricsServerImage: tkestack/metrics-server:v0.3.6
+  addonResizerImage: tkestack/addon-resizer:1.8.11
   api:
     # 必填
-    replicas: 
+    replicas: 1
     # 必填
-    image: 
+    image: tkestack/tke-platform-api-amd64:bc48bed59bff2022d87db5e1484481715357ee7c
     enableAuth: true
     enableAudit: 
     # OIDC认证方式客户端id，默认为default
@@ -53,23 +60,23 @@ tke-gateway:
     useOIDCCA:
   controller:
     # 必填
-    replicas: 
+    replicas: 1
     # 必填
-    providerResImage:
+    providerResImage: tkestack/provider-res-amd64:v1.21.4-1
     # 必填
-    image:
-    # 默认为registry.tke.com
+    image: tkestack/tke-platform-controller-amd64:bc48bed59bff2022d87db5e1484481715357ee7c
+    # 默认为docker.io
     registryDomain:
-    # 默认为library
+    # 默认为tkestack
     registryNamespace:
     # 监控存储类型，默认为influxdb
     monitorStorageType: 
     # 监控存储地址，为tke集群master ip地址加8086端口
     monitorStorageAddresses:
 tke-gateway:
   # 必填
-  image: 
-  # 默认为registry.tke.com
+  image: tkestack/tke-gateway-amd64:bc48bed59bff2022d87db5e1484481715357ee7c
+  # 默认为docker.io
   registryDomainSuffix:
   # tke集群的租户id，默认default
   tenantID:
@@ -81,7 +88,6 @@ tke-gateway:
   serverCrt:
   # 第三方certKey，在selfSigned为false时需要填值
   serverKey:
-  enableRegistry:
   enableAuth: true
   enableBusiness:
   enableMonitor:

diff --git a/charts/bin/gen b/charts/bin/gen
diff --git a/charts/bin/kindConfig.yaml b/charts/bin/kindConfig.yaml
@@ -0,0 +1,30 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  # port forward 80 on the host to 80 on this node
+  extraPortMappings:
+  - containerPort: 80
+    hostPort: 80
+    # optional: set the bind address on the host
+    # 0.0.0.0 is the current default
+    listenAddress: "0.0.0.0"
+    # optional: set the protocol to one of TCP, UDP, SCTP.
+    # TCP is the default
+    protocol: TCP
+  - containerPort: 31138
+    hostPort: 31138
+    # optional: set the bind address on the host
+    # 0.0.0.0 is the current default
+    listenAddress: "0.0.0.0"
+    # optional: set the protocol to one of TCP, UDP, SCTP.
+    # TCP is the default
+    protocol: TCP
+  - containerPort: 443
+    hostPort: 443
+    # optional: set the bind address on the host
+    # 0.0.0.0 is the current default
+    listenAddress: "0.0.0.0"
+    # optional: set the protocol to one of TCP, UDP, SCTP.
+    # TCP is the default
+    protocol: TCP
diff --git a/charts/tke-auth/templates/tke-auth-api.yaml b/charts/tke-auth/templates/tke-auth-api.yaml
@@ -149,7 +149,7 @@ data:
     init_client_id = "{{ .Values.api.tenantID }}"
     init_client_secret = "{{ .Values.api.oIDCClientSecret }}"
     init_client_redirect_uris = [
-{{- range $element := .Values.api.RedirectHosts}}
+{{- range $element := .Values.api.redirectHosts}}
   {{ printf `      "http://%s/callback",` $element}}
   {{ printf `      "https://%s/callback",` $element}}
 {{- end}}

diff --git a/charts/tke-gateway/values.yaml b/charts/tke-gateway/values.yaml
@@ -1,7 +1,7 @@
 etcd:
   host: https://172.19.0.2:2379
 image: tkestack/tke-gateway-amd64:bc48bed59bff2022d87db5e1484481715357ee7c
-registryDomainSuffix: registry.tke.com
+registryDomainSuffix: docker.io
 # tke集群的租户id，默认default
 tenantID: default
 # OIDC认证方式的secret，默认自动生成

diff --git a/charts/tke-platform/templates/metrics-server-manifests-configMap.yaml b/charts/tke-platform/templates/metrics-server-manifests-configMap.yaml
@@ -171,7 +171,7 @@ data:
           serviceAccountName: metrics-server
           containers:
           - name: metrics-server
-            image: {{ .MetricsServerImage }}
+            image: {{ .Values.metricsServerImage }}
             command:
             - /metrics-server
             - --metric-resolution=30s
@@ -191,7 +191,7 @@ data:
               mountPath: /etc/kubernetes/pki/
               readOnly: true
           - name: metrics-server-nanny
-            image: {{ .AddonResizerImage }}
+            image: {{ .Values.addonResizerImage }}
             resources:
               limits:
                 cpu: 100m

diff --git a/charts/tke-platform/templates/provider-config-configMap.yaml b/charts/tke-platform/templates/provider-config-configMap.yaml
@@ -115,8 +115,8 @@ data:
     platformAPIClientConfig: conf/tke-platform-config.yaml
     applicationAPIClientConfig: conf/tke-application-config.yaml
     registry:
-      prefix: registry.tke.com/library
-      ip: 175.27.192.172
+      prefix: {{ .Values.controller.registryDomain }}/{{ .Values.controller.registryNamespace }}
+      ip: {{ .Values.publicIP }}
     audit:
       address: ""
     feature:
@@ -132,7 +132,7 @@ data:
     scheduler:
       extraArgs: {}
     authzWebhook:
-      endpoint: https://175.27.192.172:31138/auth/authz
+      endpoint: https://{{ .Values.publicIP }}:31138/auth/authz
     business:
       enabled: true
   sysctl.conf: |-

diff --git a/charts/tke-platform/values.yaml b/charts/tke-platform/values.yaml
@@ -20,6 +20,10 @@ caCrt: |
   eZ/xXk09Jv0wxUL5CEO2+Dka3B3IHHaUQiArMqNBqxEqVwTh573XDKRsqf/6Rs9T
   tSxiymcibA7vb0m2uDSt5kk=
   -----END CERTIFICATE-----
+# 必填 公网可访问的集群IP
+publicIP: 43.156.24.48
+metricsServerImage: tkestack/metrics-server:v0.3.6
+addonResizerImage: tkestack/addon-resizer:1.8.11
 api:
   replicas: 1
   image: "tkestack/tke-platform-api-amd64:9345fd17ebc963a7c71af962a5427bde7b2dc6c3"
@@ -35,8 +39,8 @@ controller:
   replicas: 1
   providerResImage: "tkestack/provider-res-amd64:v1.21.4-1"
   image: "tkestack/tke-platform-controller-amd64:9345fd17ebc963a7c71af962a5427bde7b2dc6c3"
-  registryDomain: registry.tke.com
-  registryNamespace: library
+  registryDomain: docker.io
+  registryNamespace: tkestack
   # 监控存储类型
   monitorStorageType: influxdb
   # 监控存储地址，为tke集群master ip地址加8086端口

diff --git a/charts/values/generateChartValues.go b/charts/values/generateChartValues.go
@@ -1,20 +1,20 @@
 package main
 
 import (
+	"encoding/base64"
+	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/segmentio/ksuid"
+	"gopkg.in/yaml.v2"
 	"io/ioutil"
 	"net"
 	"os"
-
-	"github.com/segmentio/ksuid"
-	"gopkg.in/yaml.v2"
-
-	// platformv1 "tkestack.io/tke/api/platform/v1"
+	"os/exec"
 	"tkestack.io/tke/cmd/tke-installer/app/installer/certs"
 	"tkestack.io/tke/cmd/tke-installer/app/installer/constants"
-
-	// v1 "tkestack.io/tke/pkg/platform/types/v1"
+	images "tkestack.io/tke/pkg/platform/provider/baremetal/images"
+	"tkestack.io/tke/pkg/spec"
 	"tkestack.io/tke/pkg/util/pkiutil"
 )
 
@@ -40,6 +40,10 @@ func GenerateValueChart() error {
 		os.Mkdir(DataDir, 0777)
 	}
 
+	if err := PatchPlatformVersion(); err != nil {
+		return err
+	}
+
 	if err := customConfig.GenerateCertificates(); err != nil {
 		return err
 	}
@@ -56,6 +60,35 @@ func GenerateValueChart() error {
 	return nil
 }
 
+func PatchPlatformVersion() error {
+	versionsByte, err := json.Marshal(spec.K8sVersions)
+	if err != nil {
+		return err
+	}
+	patchData := ClusterInfoPatch{}
+	patchData.Data.TkeVersion = "466b0576c4b2b04979dfce9f3ac10177a8afbfc5"
+	// get出来的值格式不对
+	// patchData.Data.TkeVersion = version.Get().GitVersion
+	patchData.Data.K8sValidVersions = string(versionsByte)
+
+	bytes, err := yaml.Marshal(patchData)
+	if err != nil {
+		return err
+	}
+	patchFile := "patch.yaml"
+	if err := ioutil.WriteFile(patchFile, bytes, 0644); err != nil {
+		return err
+	}
+
+	commandStr := fmt.Sprintf("kubectl patch configmap cluster-info -n kube-public --patch \"$(cat %s)\"", patchFile)
+	cmd := exec.Command("/bin/bash", "-c", commandStr)
+	if err := cmd.Run(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func PathExists(path string) (bool, error) {
 	_, err := os.Stat(path)
 	if err == nil {
@@ -232,8 +265,8 @@ func (customConfig *CustomConfig) GenerateAuthChartValuesYaml(oIDCClientSecret s
 	if len(originAuthCustomConfig.Controller.AdminUsername) == 0 {
 		originAuthCustomConfig.Controller.AdminUsername = "admin"
 	}
-	originAuthCustomConfig.Controller.AdminPassword = []byte(originAuthCustomConfig.Controller.AdminUsername)
-	obj.TkeAuth = originAuthCustomConfig
+	originAuthCustomConfig.Controller.AdminPassword = base64.StdEncoding.EncodeToString([]byte(originAuthCustomConfig.Controller.AdminUsername))
+	obj.TKEAuth = *originAuthCustomConfig
 
 	bytes, errMarshal := yaml.Marshal(obj)
 	if errMarshal != nil {
@@ -261,6 +294,16 @@ func (customConfig *CustomConfig) GeneratePlatformChartValuesYaml() error {
 		return errors.New("platform custom config content error")
 	}
 
+	if len(customConfig.TkePlatform.PublicIP) <= 0 {
+		return errors.New("platform custom config publicIP nil")
+	}
+	if len(originPlatformCustomConfig.MetricsServerImage) <= 0 {
+		originPlatformCustomConfig.MetricsServerImage = images.Get().MetricsServer.BaseName()
+	}
+	if len(originPlatformCustomConfig.AddonResizerImage) <= 0 {
+		originPlatformCustomConfig.AddonResizerImage = images.Get().AddonResizer.BaseName()
+	}
+
 	if originPlatformCustomConfig.API.Replicas <= 0 {
 		return errors.New("platform custom config api replicas le 0")
 	}
@@ -280,7 +323,7 @@ func (customConfig *CustomConfig) GeneratePlatformChartValuesYaml() error {
 	if len(originPlatformCustomConfig.Controller.MonitorStorageAddresses) == 0 {
 		originPlatformCustomConfig.Controller.MonitorStorageAddresses = fmt.Sprintf("http://%s:8086", customConfig.ServerIPs[0])
 	}
-	obj.TKEPlatform = originPlatformCustomConfig
+	obj.TKEPlatform = *originPlatformCustomConfig
 
 	bytes, errMarshal := yaml.Marshal(obj)
 	if errMarshal != nil {
@@ -308,7 +351,7 @@ func (customConfig *CustomConfig) GenerateGatewayChartValuesYaml(oIDCClientSecre
 	if len(originGatewayCustomConfig.OIDCClientSecret) == 0 {
 		originGatewayCustomConfig.OIDCClientSecret = oIDCClientSecret
 	}
-	obj.TKEGateway = originGatewayCustomConfig
+	obj.TKEGateway = *originGatewayCustomConfig
 
 	bytes, errMarshal := yaml.Marshal(obj)
 	if errMarshal != nil {