sealos cloud cluster image

.github/workflows/cloud.yml

@@ -90,7 +90,9 @@ jobs:
       - name: Build sealos cloud cluster image
         working-directory: deploy/cloud
         run: |
-          sed -i "s#nightly#${{ inputs.build_from }}#g" init.sh
+          [ -z "${{ inputs.build_from }}" ] && BuildFromTag="nightly" || BuildFromTag="${{ inputs.build_from }}"; echo "BuildFromTag=${BuildFromTag}" 
+          sed -i "s#nightly#${BuildFromTag}#g" init.sh
+          sed -i "s#nightly#${BuildFromTag}#g" etc/sealos/desktop-config.yaml
           sudo bash init.sh
           sudo sealos build  -t ${{ steps.prepare.outputs.repo }}:${{ steps.prepare.outputs.tag_name }} -f Kubefile
           sudo sealos push ${{ steps.prepare.outputs.repo }}:${{ steps.prepare.outputs.tag_name }}

deploy/cloud/etc/sealos/desktop-config.yaml

@@ -0,0 +1,14 @@
+apiVersion: apps.sealos.io/v1beta1
+kind: Config
+metadata:
+  name: secret
+spec:
+  path: manifests/secret.yaml
+  # do not modify this image, it's used by ci.
+  match: docker.io/labring/sealos-cloud-desktop:nightly
+  strategy: merge
+  data: |
+    data:
+      mongodb_uri: <your-mongodb-uri-base64>
+      jwt_secret: <your-jwt-secret-base64>
+      password_salt: <your-password-salt-base64>

deploy/cloud/init.sh

@@ -6,6 +6,7 @@ sealos pull ghcr.io/labring/sealos-cloud-app-controller:nightly
 sealos pull ghcr.io/labring/sealos-cloud-desktop-frontend:nightly
 sealos pull ghcr.io/labring/sealos-cloud-terminal-frontend:nightly
 sealos pull ghcr.io/labring/sealos-cloud-applaunchpad-frontend:nightly
+sealos pull ghcr.io/labring/sealos-cloud-dbprovider-frontend:nightly
 
 
 
@@ -15,4 +16,4 @@ sealos save -o tars/app.tar ghcr.io/labring/sealos-cloud-app-controller:nightly
 sealos save -o tars/frontend-desktop.tar  ghcr.io/labring/sealos-cloud-desktop-frontend:nightly
 sealos save -o tars/frontend-terminal.tar  ghcr.io/labring/sealos-cloud-terminal-frontend:nightly
 sealos save -o tars/frontend-applaunchpad.tar ghcr.io/labring/sealos-cloud-applaunchpad-frontend:nightly
-
+sealos save -o tars/frontend-dbprovider.tar ghcr.io/labring/sealos-cloud-dbprovider-frontend:nightly

deploy/cloud/manifests/mongodb.yaml

@@ -0,0 +1,77 @@
+apiVersion: apps.kubeblocks.io/v1alpha1
+kind: Cluster
+metadata:
+  finalizers:
+    - cluster.kubeblocks.io/finalizer
+  generation: 1
+  labels:
+    clusterdefinition.kubeblocks.io/name: mongodb
+    clusterversion.kubeblocks.io/name: mongodb-5.0.14
+  name: sealos-mongodb
+  namespace: sealos
+spec:
+  clusterDefinitionRef: mongodb
+  clusterVersionRef: mongodb-5.0.14
+  componentSpecs:
+    - componentDefRef: mongodb
+      monitor: true
+      name: mongodb
+      replicas: 1
+      resources:
+        limits:
+          cpu: "2"
+          memory: 4Gi
+        requests:
+          cpu: "1"
+          memory: 2Gi
+      serviceAccountName: sealos-mongodb-sa
+      volumeClaimTemplates:
+        - name: data
+          spec:
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: 30Gi
+  terminationPolicy: Delete
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: mongo-name
+    app.kubernetes.io/managed-by: kbcli
+  name: sealos-mongodb-sa
+  namespace: sealos
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: mongo-name
+    app.kubernetes.io/managed-by: kbcli
+  name: sealos-mongodb-role
+  namespace: sealos
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: mongo-name
+    app.kubernetes.io/managed-by: kbcli
+  name: sealos-mongodb-rolebinding
+  namespace: sealos
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: sealos-mongodb-role
+subjects:
+  - kind: ServiceAccount
+    name: sealos-mongodb-sa

deploy/cloud/scripts/gen-mongodb-uri.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+namespace="sealos"
+secret_name="sealos-mongodb-conn-credential"
+
+secret_data=$(kubectl get secret -n $namespace $secret_name -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}')
+
+endpoint=$(echo "$secret_data" | awk -F': ' '/endpoint/ {print $2}')
+headlessEndpoint=$(echo "$secret_data" | awk -F': ' '/headlessEndpoint/ {print $2}')
+headlessHost=$(echo "$secret_data" | awk -F': ' '/headlessHost/ {print $2}')
+headlessPort=$(echo "$secret_data" | awk -F': ' '/headlessPort/ {print $2}')
+host=$(echo "$secret_data" | awk -F': ' '/host/ {print $2}')
+password=$(echo "$secret_data" | awk -F': ' '/password/ {print $2}')
+port=$(echo "$secret_data" | awk -F': ' '/port/ {print $2}')
+username=$(echo "$secret_data" | awk -F': ' '/username/ {print $2}')
+
+mongodb_uri="mongodb://$username:$password@$headlessEndpoint"
+
+echo "$mongodb_uri"

deploy/cloud/scripts/init.sh

@@ -4,6 +4,7 @@ set -e
 cloudDomain="cloud.io"
 tlsCrtPlaceholder="<tls-crt-placeholder>"
 tlsKeyPlaceholder="<tls-key-placeholder>"
+mongodb_uri=""
 
 function read_env {
   source $1
@@ -27,33 +28,79 @@ function sealos_run_controller {
   sealos run tars/user.tar
 
   # run terminal controller
-  sealos run tars/terminal.tar --env cloudDomain=$cloudDomain --env userNamespace="user-system" --env wildcardCertSecretName="wildcard-cert" --env wildcardCertSecretNamespace="sealos-system"
+  sealos run tars/terminal.tar \
+  --env cloudDomain=$cloudDomain \
+  --env userNamespace="user-system" \
+  --env wildcardCertSecretName="wildcard-cert" \
+  --env wildcardCertSecretNamespace="sealos-system"
 
   # run app controller
   sealos run tars/app.tar
 }
 
+function gen_mongodb_uri() {
+  # if mongodb_uri is empty then apply kubeblocks mongodb cr and gen mongodb uri
+  if [ -z "$mongodb_uri" ]; then
+    kubectl apply -f manifests/mongodb.yaml
+    # if there is no sealos-mongodb-conn-credential secret then wait for mongodb ready
+    while [ -z "$(kubectl get secret -n sealos sealos-mongodb-conn-credential)" ]; do
+      echo "waiting for mongodb secret generated"
+      sleep 5
+    done
+    mongodb_uri=$(scripts/gen-mongodb-uri.sh)
+  fi
+}
 
 function sealos_run_frontend {
-  sealos run tars/frontend-desktop.tar --env cloudDomain=$cloudDomain --env certSecretName="wildcard-cert"
+  # mutate desktop config before running desktop
+  mutate_desktop_config
+
+  sealos run tars/frontend-desktop.tar \
+    --env cloudDomain=$cloudDomain \
+    --env certSecretName="wildcard-cert" \
+    --env passwordEnabled="true" \
+    --config-file etc/sealos/desktop-config.yaml
 
-  sealos run tars/frontend-applaunchpad.tar --env cloudDomain=$cloudDomain --env certSecretName="wildcard-cert"
+  sealos run tars/frontend-applaunchpad.tar \
+  --env cloudDomain=$cloudDomain \
+  --env certSecretName="wildcard-cert"
 
-  sealos run tars/frontend-terminal.tar --env cloudDomain=$cloudDomain --env certSecretName="wildcard-cert"
+  sealos run tars/frontend-terminal.tar \
+  --env cloudDomain=$cloudDomain \
+  --env certSecretName="wildcard-cert"
+
+  sealos run tars/frontend-dbprovider.tar \
+  --env cloudDomain=$cloudDomain \
+  --env certSecretName="wildcard-cert"
 }
 
 
+function mutate_desktop_config() {
+  # mutate etc/sealos/desktop-config.yaml by using mongodb uri and two random base64 string
+  sed -i -e "s;<your-mongodb-uri-base64>;$(echo -n "$mongodb_uri" | base64);" etc/sealos/desktop-config.yaml
+  sed -i -e "s;<your-jwt-secret-base64>;$(cat /dev/urandom | tr -dc 'a-z' | fold -w 64 | head -n 1 | base64);" etc/sealos/desktop-config.yaml
+  sed -i -e "s;<your-password-salt-base64>;$(cat /dev/urandom | tr -dc 'a-z' | fold -w 64 | head -n 1 | base64);" etc/sealos/desktop-config.yaml
+}
+
 function install {
   # read env
   read_env etc/sealos/cloud.env
+
   # mock tls
   mock_tls $cloudDomain
+
   # add cert for cloud domain
   sealos cert --alt-name="$cloudDomain"
-  # kubectl apply namespace and secret
-  kubectl apply -f manifests
+
+  # kubectl apply namespace, secret and mongodb
+  kubectl apply -f manifests/namespaces.yaml -f manifests/tls-secret.yaml
+
+  # gen mongodb uri
+  gen_mongodb_uri
+
   # sealos run controllers
   sealos_run_controller
+
   # sealos run frontends
   sealos_run_frontend
 }

frontend/desktop/deploy/Kubefile

@@ -6,5 +6,9 @@ COPY manifests manifests
 
 ENV cloudDomain="cloud.example.com"
 ENV certSecretName="wildcard-cert"
+ENV passWordEnabled="false"
+ENV githubEnabled="false"
+ENV wechatEnabled="false"
+ENV smsEnabled="false"
 
 CMD ["kubectl apply -f manifests"]

frontend/desktop/deploy/README.md

@@ -47,6 +47,7 @@ spec:
 sealos run \
     --env cloudDomain="cloud.sealos.io" \
     --env wildcardCertSecretName="wildcard-cert" \
+    --env passwordEnabled="true" \
     docker.io/labring/sealos-cloud-desktop:dev \
     --config-file desktop-config.yaml 
 ```

frontend/desktop/deploy/manifests/deploy.yaml.tmpl

@@ -79,16 +79,16 @@ spec:
 
             # set to true to enable password login, modify the PASSWORD_SALT env to change the salt
             - name: PASSWORD_ENABLED
-              value: "true"
+              value: {{ .passwordEnabled }}
             # set to true to enable github login
             - name: GITHUB_ENABLED
-              value: "false"
+              value: {{ .githubEnabled }}
             # set to true to enable wechat login
             - name: WECHAT_ENABLED
-              value: "false"
+              value: {{ .wechatEnabled }}
             # set to true to enable sms login
             - name: SMS_ENABLED
-              value: "false"
+              value: {{ .smsEnabled }}
 
             # github login env
             - name: GITHUB_CLIENT_ID

frontend/desktop/deploy/manifests/secret.yaml

@@ -11,7 +11,7 @@ data:
   # base64 encoded jwt secret, required
   jwt_secret:
 
-  # base64 encoded password salt, required
+  # base64 encoded password salt, required if env PASSWORD_ENABLED is true
   # please use a random string and do not change it after deployment
   password_salt:
 

frontend/providers/terminal/deploy/Kubefile

@@ -7,5 +7,7 @@ COPY manifests manifests
 
 ENV certSecretName="wildcard-cert"
 ENV cloudDomain="cloud.example.com"
+ENV ttydImage="docker.io/labring/docker-terminal:1.20.4-3"
+
 
 CMD ["kubectl apply -f manifests"]

frontend/providers/terminal/deploy/manifests/deploy.yaml → frontend/providers/terminal/deploy/manifests/deploy.yaml.tmpl

@@ -49,6 +49,11 @@ spec:
             capabilities:
               drop:
                 - "ALL"
+          env:
+            - name: TTYD_IMAGE
+              value: {{ .ttydImage }}
+            - name: SITE
+              value: {{ .cloudDomain }}
           # do not modify this image, it is used for CI/CD
           image: ghcr.io/labring/sealos-terminal-frontend:dev
           imagePullPolicy: Always