diff --git a/deploy/cloud/etc/sealos/desktop-config.yaml b/deploy/cloud/etc/sealos/desktop-config.yaml index 2bf7c5d3629..150063b13e5 100644 --- a/deploy/cloud/etc/sealos/desktop-config.yaml +++ b/deploy/cloud/etc/sealos/desktop-config.yaml @@ -12,3 +12,6 @@ spec: mongodb_uri: jwt_secret: password_salt: + jwt_secret_region: + region_database_url: + global_database_url: diff --git a/deploy/cloud/manifests/cockroachdb.yaml b/deploy/cloud/manifests/cockroachdb.yaml new file mode 100644 index 00000000000..7719529ce6c --- /dev/null +++ b/deploy/cloud/manifests/cockroachdb.yaml @@ -0,0 +1,26 @@ +apiVersion: crdb.cockroachlabs.com/v1alpha1 +kind: CrdbCluster +metadata: + name: sealos-cockroachdb + namespace: sealos +spec: + dataStore: + pvc: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "3Gi" + volumeMode: Filesystem + resources: + requests: + cpu: 100m + memory: 0.5Gi + limits: + cpu: 1000m + memory: 2Gi + tlsEnabled: true + image: + name: docker.io/cockroachdb/cockroach:v23.1.11 + nodes: 3 \ No newline at end of file diff --git a/deploy/cloud/manifests/mongodb.yaml.tmpl b/deploy/cloud/manifests/mongodb.yaml.tmpl index 5d2a308622c..1273835ed50 100644 --- a/deploy/cloud/manifests/mongodb.yaml.tmpl +++ b/deploy/cloud/manifests/mongodb.yaml.tmpl @@ -1,40 +1,3 @@ -apiVersion: apps.kubeblocks.io/v1alpha1 -kind: Cluster -metadata: - finalizers: - - cluster.kubeblocks.io/finalizer - generation: 1 - labels: - clusterdefinition.kubeblocks.io/name: mongodb - clusterversion.kubeblocks.io/name: {{ .mongodbVersion }} - name: sealos-mongodb - namespace: sealos -spec: - clusterDefinitionRef: mongodb - clusterVersionRef: {{ .mongodbVersion }} - componentSpecs: - - componentDefRef: mongodb - monitor: true - name: mongodb - replicas: 1 - resources: - limits: - cpu: "1" - memory: 2Gi - requests: - cpu: "0.5" - memory: 1Gi - serviceAccountName: sealos-mongodb-sa - volumeClaimTemplates: - - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - terminationPolicy: Delete ---- apiVersion: v1 kind: ServiceAccount metadata: @@ -74,4 +37,41 @@ roleRef: name: sealos-mongodb-role subjects: - kind: ServiceAccount - name: sealos-mongodb-sa \ No newline at end of file + name: sealos-mongodb-sa +--- +apiVersion: apps.kubeblocks.io/v1alpha1 +kind: Cluster +metadata: + finalizers: + - cluster.kubeblocks.io/finalizer + generation: 1 + labels: + clusterdefinition.kubeblocks.io/name: mongodb + clusterversion.kubeblocks.io/name: {{ .mongodbVersion }} + name: sealos-mongodb + namespace: sealos +spec: + clusterDefinitionRef: mongodb + clusterVersionRef: {{ .mongodbVersion }} + componentSpecs: + - componentDefRef: mongodb + monitor: true + name: mongodb + replicas: 1 + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "0.5" + memory: 1Gi + serviceAccountName: sealos-mongodb-sa + volumeClaimTemplates: + - name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + terminationPolicy: Delete diff --git a/deploy/cloud/scripts/gen-cockroachdb-uri.sh b/deploy/cloud/scripts/gen-cockroachdb-uri.sh new file mode 100644 index 00000000000..cd3d97d1d14 --- /dev/null +++ b/deploy/cloud/scripts/gen-cockroachdb-uri.sh @@ -0,0 +1,10 @@ +#!/bin/bash +namespace="sealos" +user="sealos" +svc="sealos-cockroachdb-public" +password=$(tr -cd 'a-z0-9' > /dev/null + +cockroachdb_uri="postgresql://$user:$password@$svc.$namespace.svc.cluster.local:26257" +echo "$cockroachdb_uri" \ No newline at end of file diff --git a/deploy/cloud/scripts/init.sh b/deploy/cloud/scripts/init.sh index dfc56f94fb7..bf4b04ab4f2 100644 --- a/deploy/cloud/scripts/init.sh +++ b/deploy/cloud/scripts/init.sh @@ -4,6 +4,9 @@ set -e cloudDomain="127.0.0.1.nip.io" cloudPort="" mongodbUri="" +cockroachdbUri="" +cockroachdbLocalUri="" +cockroachdbGlobalUri="" tlsCrtPlaceholder="" tlsKeyPlaceholder="" @@ -22,6 +25,9 @@ function prepare { # gen mongodb uri gen_mongodbUri + # gen cockroachdb uri + gen_cockroachdbUri + # gen saltKey if not set or not found in secret gen_saltKey @@ -32,13 +38,37 @@ function prepare { create_tls_secret } +# Function to retry `kubectl apply -f` command until it succeeds or reaches a maximum number of attempts +retry_kubectl_apply() { + local file_path=$1 # The path to the Kubernetes manifest file + local max_attempts=6 # Maximum number of attempts + local attempt=0 # Current attempt counter + local wait_seconds=10 # Seconds to wait before retrying + + while [ $attempt -lt $max_attempts ]; do + # Attempt to execute the kubectl command + kubectl apply -f "$file_path" >> /dev/null && { + return 0 # Exit the function successfully + } + # If the command did not execute successfully, increase the attempt counter and report failure + attempt=$((attempt + 1)) + # If the maximum number of attempts has been reached, stop retrying + if [ $attempt -eq $max_attempts ]; then + return 1 # Exit the function with failure + fi + # Wait for a specified time before retrying + sleep $wait_seconds + done +} + + function gen_mongodbUri() { # if mongodbUri is empty then create mongodb and gen mongodb uri if [ -z "$mongodbUri" ]; then echo "no mongodb uri found, create mongodb and gen mongodb uri" - kubectl apply -f manifests/mongodb.yaml + retry_kubectl_apply "manifests/mongodb.yaml" echo "waiting for mongodb secret generated" - message="Waiting for MongoDB ready" + message="waiting for mongodb ready" # if there is no sealos-mongodb-conn-credential secret then wait for mongodb ready while [ -z "$(kubectl get secret -n sealos sealos-mongodb-conn-credential 2>/dev/null)" ]; do echo -ne "\r$message \e[K" @@ -56,6 +86,45 @@ function gen_mongodbUri() { fi } +function gen_cockroachdbUri() { + if [ -z "$cockroachdbUri" ]; then + echo "no cockroachdb uri found, create cockroachdb and gen cockroachdb uri" + retry_kubectl_apply "manifests/cockroachdb.yaml" + message="waiting for cockroachdb ready" + + NAMESPACE="sealos" + STATEFULSET_NAME="sealos-cockroachdb" + + while : ; do + kubectl get statefulset $STATEFULSET_NAME -n $NAMESPACE >/dev/null 2>&1 && break + done + + while : ; do + REPLICAS=$(kubectl get statefulset $STATEFULSET_NAME -n $NAMESPACE -o jsonpath='{.spec.replicas}') + READY_REPLICAS=$(kubectl get statefulset $STATEFULSET_NAME -n $NAMESPACE -o jsonpath='{.status.readyReplicas}') + if [ "$READY_REPLICAS" == "$REPLICAS" ]; then + echo -e "\rcockroachdb is ready." + break + else + echo -ne "\r$message \e[K" + sleep 0.5 + echo -ne "\r$message . \e[K" + sleep 0.5 + echo -ne "\r$message .. \e[K" + sleep 0.5 + echo -ne "\r$message ...\e[K" + sleep 0.5 + fi + done + + echo "cockroachdb secret has been generated successfully." + chmod +x scripts/gen-cockroachdb-uri.sh + cockroachdbUri=$(scripts/gen-cockroachdb-uri.sh) + fi + cockroachdbLocalUri="$cockroachdbUri/local" + cockroachdbGlobalUri="$cockroachdbUri/global" +} + function gen_saltKey() { password_salt=$(kubectl get secret desktop-frontend-secret -n sealos -o jsonpath="{.data.password_salt}" 2>/dev/null || true) if [[ -z "$password_salt" ]]; then @@ -69,7 +138,10 @@ function mutate_desktop_config() { # mutate etc/sealos/desktop-config.yaml by using mongodb uri and two random base64 string sed -i -e "s;;$(echo -n "${mongodbUri}/sealos-auth?authSource=admin" | base64 -w 0);" etc/sealos/desktop-config.yaml sed -i -e "s;;$(tr -cd 'a-z0-9' ;$(tr -cd 'a-z0-9' ;$saltKey;" etc/sealos/desktop-config.yaml + sed -i -e "s;;$(echo -n "${cockroachdbLocalUri}" | base64 -w 0);" etc/sealos/desktop-config.yaml + sed -i -e "s;;$(echo -n "${cockroachdbGlobalUri}" | base64 -w 0);" etc/sealos/desktop-config.yaml } function create_tls_secret { @@ -112,8 +184,8 @@ function sealos_run_controller { --env DEFAULT_NAMESPACE="account-system" # run license controller - sealos run tars/license.tar \ - --env MONGO_URI="$mongodbUri" +# sealos run tars/license.tar \ +# --env MONGO_URI="$mongodbUri" } @@ -139,7 +211,8 @@ function sealos_run_frontend { --config-file etc/sealos/desktop-config.yaml # sealos authorize !!must run after sealos_run_controller frontend-desktop.tar and before sealos_run_frontend - sealos_authorize + # TODO fix sealos_authorize in controller/job/init + # sealos_authorize echo "run applaunchpad frontend" sealos run tars/frontend-applaunchpad.tar \ @@ -173,13 +246,13 @@ function sealos_run_frontend { --env cloudPort="$cloudPort" \ --env certSecretName="wildcard-cert" - echo "run license frontend" - sealos run tars/frontend-license.tar \ - --env cloudDomain=$cloudDomain \ - --env cloudPort="$cloudPort" \ - --env certSecretName="wildcard-cert" \ - --env MONGODB_URI="${mongodbUri}/sealos-license?authSource=admin" \ - --env licensePurchaseDomain="license.sealos.io" +# echo "run license frontend" +# sealos run tars/frontend-license.tar \ +# --env cloudDomain=$cloudDomain \ +# --env cloudPort="$cloudPort" \ +# --env certSecretName="wildcard-cert" \ +# --env MONGODB_URI="${mongodbUri}/sealos-license?authSource=admin" \ +# --env licensePurchaseDomain="license.sealos.io" echo "run cronjob frontend" sealos run tars/frontend-cronjob.tar \ diff --git a/frontend/desktop/deploy/manifests/deploy.yaml.tmpl b/frontend/desktop/deploy/manifests/deploy.yaml.tmpl index d55626589a3..ad85149732b 100644 --- a/frontend/desktop/deploy/manifests/deploy.yaml.tmpl +++ b/frontend/desktop/deploy/manifests/deploy.yaml.tmpl @@ -69,6 +69,25 @@ spec: app: desktop-frontend spec: serviceAccountName: desktop-frontend + initContainers: + - name: init-database + image: ghcr.io/labring/sealos-desktop-frontend:latest + command: ["/bin/sh", "-c"] + args: + - | + prisma migrate deploy --schema /app/desktop/prisma/global/schema.prisma + prisma migrate deploy --schema /app/desktop/prisma/region/schema.prisma + env: + - name: GLOBAL_DATABASE_URL + valueFrom: + secretKeyRef: + key: global_database_url + name: desktop-frontend-secret + - name: REGION_DATABASE_URL + valueFrom: + secretKeyRef: + key: region_database_url + name: desktop-frontend-secret containers: - name: desktop-frontend env: diff --git a/frontend/desktop/deploy/manifests/secret.yaml b/frontend/desktop/deploy/manifests/secret.yaml index 25b559e4463..3cdc06cbccd 100644 --- a/frontend/desktop/deploy/manifests/secret.yaml +++ b/frontend/desktop/deploy/manifests/secret.yaml @@ -6,6 +6,7 @@ metadata: type: Opaque data: # base64 encode account service url, required + # default value is "http://account-service.account-system.svc:2333" billing_uri: "aHR0cDovL2FjY291bnQtc2VydmljZS5hY2NvdW50LXN5c3RlbS5zdmM6MjMzMw==" @@ -23,6 +24,7 @@ data: jwt_secret_app: "" # base64 encoded current region , required + # default value is "ed257b4d-6832-437a-9e06-d683e7edb320" region_uid: "ZWQyNTdiNGQtNjgzMi00MzdhLTllMDYtZDY4M2U3ZWRiMzIw" # base64 encoded password salt, required if env PASSWORD_ENABLED is true # please use a random string and do not change it after deployment diff --git a/scripts/cloud/build-offline-tar.sh b/scripts/cloud/build-offline-tar.sh index 93f3bd7c274..bad12ef045b 100644 --- a/scripts/cloud/build-offline-tar.sh +++ b/scripts/cloud/build-offline-tar.sh @@ -9,7 +9,7 @@ mkdir -p output/tars images=( docker.io/labring/sealos-cloud:$CLOUD_VERSION - docker.io/labring/kubernetes:v1.25.6 + docker.io/labring/kubernetes:v1.27.11 docker.io/labring/helm:v3.12.0 docker.io/labring/cilium:v1.12.14 docker.io/labring/cert-manager:v1.8.0 @@ -17,6 +17,7 @@ images=( docker.io/labring/kube-prometheus-stack:v0.63.0 docker.io/labring/ingress-nginx:v1.5.1 docker.io/labring/kubeblocks:v0.6.4 + docker.io/labring/cockroach-operator:v2.13.0 docker.io/labring/metrics-server:v0.6.4 ) @@ -32,7 +33,7 @@ done # get and save cli mkdir -p output/cli -VERSION="v4.3.7" +VERSION="v5.0.0-beta5" wget https://github.com/labring/sealos/releases/download/${VERSION}/sealos_${VERSION#v}_linux_${ARCH}.tar.gz \ && tar zxvf sealos_${VERSION#v}_linux_${ARCH}.tar.gz sealos && chmod +x sealos && mv sealos output/cli diff --git a/scripts/cloud/install.sh b/scripts/cloud/install.sh index 77326ee3f1d..e3e31b7ee70 100644 --- a/scripts/cloud/install.sh +++ b/scripts/cloud/install.sh @@ -4,7 +4,7 @@ set -e # Configurations CLOUD_DIR="/root/.sealos/cloud" -SEALOS_VERSION="v4.3.7" +SEALOS_VERSION="v5.0.0-bate4" cloud_version="latest" #mongodb_version="mongodb-5.0" #master_ips= @@ -21,7 +21,7 @@ cloud_version="latest" #single=y/n image_registry=${image_registry:-"docker.io"} image_repository=${image_repository:-"labring"} -kubernetes_version=${kubernetes_version:-"1.25.6"} +kubernetes_version=${kubernetes_version:-"1.27.11"} cilium_version=${cilium_version:-"1.12.14"} cert_manager_version=${cert_manager_version:-"1.13.3"} helm_version=${helm_version:-"3.12.0"} @@ -70,12 +70,11 @@ PROMPTS_EN=( Options: --image-registry # Image repository address (default: docker.io) --image-repository # Image repository name (default: labring) - --kubernetes-version # Kubernetes version (default: 1.25.6) + --kubernetes-version # Kubernetes version (default: 1.27.11) --cilium-version # Cilium version (default: 1.12.14) --cert-manager-version # Cert Manager version (default: 1.13.3) --helm-version # Helm version (default: 3.12.0) --openebs-version # OpenEBS version (default: 3.4.0) - --reflector-version # Reflector version (default: 7.0.151) --ingress-nginx-version # Ingress Nginx version (default: 1.5.1) --kubeblocks-version # Kubeblocks version (default: 0.6.4) --metrics-server-version # Metrics Server version (default: 0.6.4) @@ -132,12 +131,11 @@ PROMPTS_CN=( Options: --image-registry # 镜像仓库地址 (默认: docker.io) --image-repository # 镜像仓库名称 (默认: labring) - --kubernetes-version # Kubernetes版本 (默认: 1.25.6) + --kubernetes-version # Kubernetes版本 (默认: 1.27.11) --cilium-version # Cilium版本 (默认: 1.12.14) --cert-manager-version # Cert Manager版本 (默认: 1.13.3) --helm-version # Helm版本 (默认: 3.12.0) --openebs-version # OpenEBS版本 (默认: 3.4.0) - --reflector-version # Reflector版本 (默认: 7.0.151) --ingress-nginx-version # Ingress Nginx版本 (默认: 1.5.1) --kubeblocks-version # Kubeblocks版本 (默认: 0.6.4) --metrics-server-version # Metrics Server版本 (默认: 0.6.4) @@ -246,13 +244,13 @@ init() { get_prompt "pre_prompt" echo "" - [[ $k8s_installed == "y" ]] || pull_image "kubernetes" "v${kubernetes_version#v:-1.25.6}" + [[ $k8s_installed == "y" ]] || pull_image "kubernetes" "v${kubernetes_version#v:-1.27.11}" [[ $k8s_ready == "y" ]] || pull_image "cilium" "v${cilium_version#v:-1.12.14}" pull_image "cert-manager" "v${cert_manager_version#v:-1.8.0}" pull_image "helm" "v${helm_version#v:-3.12.0}" pull_image "openebs" "v${openebs_version#v:-3.4.0}" pull_image "ingress-nginx" "v${ingress_nginx_version#v:-1.5.1}" - pull_image "kubeblocks" "v${kubeblocks_version#v:-0.6.2}" + pull_image "kubeblocks" "v${kubeblocks_version#v:-0.6.4}" pull_image "metrics-server" "v${metrics_server_version#v:-0.6.4}" pull_image "kube-prometheus-stack" "v${kube_prometheus_stack_version#v:-0.63.0}" pull_image "sealos-cloud" "${cloud_version}" @@ -570,7 +568,7 @@ data: echo "$kb_addon_prometheus_server_patch" > $CLOUD_DIR/kb-addon-prometheus-server-patch.yaml - sealos_gen_cmd="sealos gen ${image_registry}/${image_repository}/kubernetes:v${kubernetes_version#v:-1.25.6}\ + sealos_gen_cmd="sealos gen ${image_registry}/${image_repository}/kubernetes:v${kubernetes_version#v:-1.27.11}\ ${master_ips:+--masters $master_ips}\ ${node_ips:+--nodes $node_ips}\ --pk=${ssh_private_key:-$HOME/.ssh/id_rsa}\ @@ -633,7 +631,7 @@ EOF get_prompt "ingress_installation" sealos run ${image_registry}/${image_repository}/ingress-nginx:v${ingress_nginx_version#v:-1.5.1}\ - ${image_registry}/${image_repository}/kubeblocks:v${kubeblocks_version#v:-0.6.2}\ + ${image_registry}/${image_repository}/kubeblocks:v${kubeblocks_version#v:-0.6.4}\ --config-file $CLOUD_DIR/ingress-nginx-config.yaml kbcli addon enable prometheus @@ -641,6 +639,10 @@ EOF get_prompt "installing_monitoring" sealos run "${image_registry}/${image_repository}/kube-prometheus-stack:v${kube_prometheus_stack_version#v:-0.63.0}" + # TODO use sealos run to install cockroachdb-operator + kubectl apply -f https://raw.githubusercontent.com/cockroachdb/cockroach-operator/v2.12.0/install/crds.yaml + kubectl apply -f https://raw.githubusercontent.com/cockroachdb/cockroach-operator/v2.12.0/install/operator.yaml + kubectl patch cm kb-addon-prometheus-server -n kb-system --patch-file $CLOUD_DIR/kb-addon-prometheus-server-patch.yaml get_prompt "patching_ingress" @@ -675,7 +677,6 @@ for i in "$@"; do --cert-manager-version=*) cert_manager_version="${i#*=}"; shift ;; --helm-version=*) helm_version="${i#*=}"; shift ;; --openebs-version=*) openebs_version="${i#*=}"; shift ;; - --reflector-version=*) reflector_version="${i#*=}"; shift ;; --ingress-nginx-version=*) ingress_nginx_version="${i#*=}"; shift ;; --kubeblocks-version=*) kubeblocks_version="${i#*=}"; shift ;; --metrics-server-version=*) metrics_server_version="${i#*=}"; shift ;; @@ -705,7 +706,6 @@ for i in "$@"; do --cert-manager-version | cert-manager-version | \ --helm-version | helm-version | \ --openebs-version | openebs-version | \ - --reflector-version | reflector-version | \ --ingress-nginx-version | ingress-nginx-version | \ --kubeblocks-version | kubeblocks-version | \ --metrics-server-version | metrics-server-version | \