adapt install script for cockroachdb.

deploy/cloud/etc/sealos/desktop-config.yaml

@@ -12,3 +12,6 @@ spec:
       mongodb_uri: <your-mongodb-uri-base64>
       jwt_secret: <your-jwt-secret-base64>
       password_salt: <your-password-salt-base64>
+      jwt_secret_region: <your-jwt-secret-region-base64>
+      region_database_url: <your-region-database-url-base64>
+      global_database_url: <your-global-database-url-base64>

deploy/cloud/manifests/cockroachdb.yaml

@@ -0,0 +1,26 @@
+apiVersion: crdb.cockroachlabs.com/v1alpha1
+kind: CrdbCluster
+metadata:
+  name: sealos-cockroachdb
+  namespace: sealos
+spec:
+  dataStore:
+    pvc:
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: "3Gi"
+        volumeMode: Filesystem
+  resources:
+    requests:
+      cpu: 100m
+      memory: 0.5Gi
+    limits:
+      cpu: 1000m
+      memory: 2Gi
+  tlsEnabled: true
+  image:
+    name: docker.io/cockroachdb/cockroach:v23.1.11
+  nodes: 3

deploy/cloud/manifests/mongodb.yaml.tmpl

@@ -1,40 +1,3 @@
-apiVersion: apps.kubeblocks.io/v1alpha1
-kind: Cluster
-metadata:
-  finalizers:
-    - cluster.kubeblocks.io/finalizer
-  generation: 1
-  labels:
-    clusterdefinition.kubeblocks.io/name: mongodb
-    clusterversion.kubeblocks.io/name: {{ .mongodbVersion }}
-  name: sealos-mongodb
-  namespace: sealos
-spec:
-  clusterDefinitionRef: mongodb
-  clusterVersionRef: {{ .mongodbVersion }}
-  componentSpecs:
-    - componentDefRef: mongodb
-      monitor: true
-      name: mongodb
-      replicas: 1
-      resources:
-        limits:
-          cpu: "1"
-          memory: 2Gi
-        requests:
-          cpu: "0.5"
-          memory: 1Gi
-      serviceAccountName: sealos-mongodb-sa
-      volumeClaimTemplates:
-        - name: data
-          spec:
-            accessModes:
-              - ReadWriteOnce
-            resources:
-              requests:
-                storage: 10Gi
-  terminationPolicy: Delete
----
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -74,4 +37,41 @@ roleRef:
   name: sealos-mongodb-role
 subjects:
   - kind: ServiceAccount
-    name: sealos-mongodb-sa
+    name: sealos-mongodb-sa
+---
+apiVersion: apps.kubeblocks.io/v1alpha1
+kind: Cluster
+metadata:
+  finalizers:
+    - cluster.kubeblocks.io/finalizer
+  generation: 1
+  labels:
+    clusterdefinition.kubeblocks.io/name: mongodb
+    clusterversion.kubeblocks.io/name: {{ .mongodbVersion }}
+  name: sealos-mongodb
+  namespace: sealos
+spec:
+  clusterDefinitionRef: mongodb
+  clusterVersionRef: {{ .mongodbVersion }}
+  componentSpecs:
+    - componentDefRef: mongodb
+      monitor: true
+      name: mongodb
+      replicas: 1
+      resources:
+        limits:
+          cpu: "1"
+          memory: 2Gi
+        requests:
+          cpu: "0.5"
+          memory: 1Gi
+      serviceAccountName: sealos-mongodb-sa
+      volumeClaimTemplates:
+        - name: data
+          spec:
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: 5Gi
+  terminationPolicy: Delete

deploy/cloud/scripts/gen-cockroachdb-uri.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+namespace="sealos"
+user="sealos"
+svc="sealos-cockroachdb-public"
+password=$(tr -cd 'a-z0-9' </dev/urandom | head -c64 )
+
+kubectl exec -q -n sealos sealos-cockroachdb-0 -- cockroach sql --certs-dir=/cockroach/cockroach-certs -e "CREATE USER IF NOT EXISTS $user WITH PASSWORD '$password'; GRANT admin TO $user; CREATE DATABASE IF NOT EXISTS local; CREATE DATABASE IF NOT EXISTS global;" >> /dev/null
+
+cockroachdb_uri="postgresql://$user:$password@$svc.$namespace.svc.cluster.local:26257"
+echo "$cockroachdb_uri"

deploy/cloud/scripts/init.sh

@@ -4,6 +4,9 @@ set -e
 cloudDomain="127.0.0.1.nip.io"
 cloudPort=""
 mongodbUri=""
+cockroachdbUri=""
+cockroachdbLocalUri=""
+cockroachdbGlobalUri=""
 
 tlsCrtPlaceholder="<tls-crt-placeholder>"
 tlsKeyPlaceholder="<tls-key-placeholder>"
@@ -22,6 +25,9 @@ function prepare {
   # gen mongodb uri
   gen_mongodbUri
 
+  # gen cockroachdb uri
+  gen_cockroachdbUri
+
   # gen saltKey if not set or not found in secret
   gen_saltKey
 
@@ -32,13 +38,37 @@ function prepare {
   create_tls_secret
 }
 
+# Function to retry `kubectl apply -f` command until it succeeds or reaches a maximum number of attempts
+retry_kubectl_apply() {
+    local file_path=$1  # The path to the Kubernetes manifest file
+    local max_attempts=6  # Maximum number of attempts
+    local attempt=0  # Current attempt counter
+    local wait_seconds=10  # Seconds to wait before retrying
+
+    while [ $attempt -lt $max_attempts ]; do
+        # Attempt to execute the kubectl command
+        kubectl apply -f "$file_path" >> /dev/null && {
+            return 0  # Exit the function successfully
+        }
+        # If the command did not execute successfully, increase the attempt counter and report failure
+        attempt=$((attempt + 1))
+        # If the maximum number of attempts has been reached, stop retrying
+        if [ $attempt -eq $max_attempts ]; then
+            return 1  # Exit the function with failure
+        fi
+        # Wait for a specified time before retrying
+        sleep $wait_seconds
+    done
+}
+
+
 function gen_mongodbUri() {
   # if mongodbUri is empty then create mongodb and gen mongodb uri
   if [ -z "$mongodbUri" ]; then
     echo "no mongodb uri found, create mongodb and gen mongodb uri"
-    kubectl apply -f manifests/mongodb.yaml
+    retry_kubectl_apply "manifests/mongodb.yaml"
     echo "waiting for mongodb secret generated"
-    message="Waiting for MongoDB ready"
+    message="waiting for mongodb ready"
     # if there is no sealos-mongodb-conn-credential secret then wait for mongodb ready
     while [ -z "$(kubectl get secret -n sealos sealos-mongodb-conn-credential 2>/dev/null)" ]; do
       echo -ne "\r$message   \e[K"
@@ -56,6 +86,45 @@ function gen_mongodbUri() {
   fi
 }
 
+function gen_cockroachdbUri() {
+  if [ -z "$cockroachdbUri" ]; then
+    echo "no cockroachdb uri found, create cockroachdb and gen cockroachdb uri"
+    retry_kubectl_apply "manifests/cockroachdb.yaml"
+    message="waiting for cockroachdb ready"
+
+    NAMESPACE="sealos"
+    STATEFULSET_NAME="sealos-cockroachdb"
+
+    while : ; do
+        kubectl get statefulset $STATEFULSET_NAME -n $NAMESPACE >/dev/null 2>&1 && break
+    done
+
+    while : ; do
+      REPLICAS=$(kubectl get statefulset $STATEFULSET_NAME -n $NAMESPACE -o jsonpath='{.spec.replicas}')
+      READY_REPLICAS=$(kubectl get statefulset $STATEFULSET_NAME -n $NAMESPACE -o jsonpath='{.status.readyReplicas}')
+      if [ "$READY_REPLICAS" == "$REPLICAS" ]; then
+        echo -e "\rcockroachdb is ready."
+        break
+      else
+        echo -ne "\r$message    \e[K"
+        sleep 0.5
+        echo -ne "\r$message .  \e[K"
+        sleep 0.5
+        echo -ne "\r$message .. \e[K"
+        sleep 0.5
+        echo -ne "\r$message ...\e[K"
+        sleep 0.5
+      fi
+    done
+
+    echo "cockroachdb secret has been generated successfully."
+    chmod +x scripts/gen-cockroachdb-uri.sh
+    cockroachdbUri=$(scripts/gen-cockroachdb-uri.sh)
+  fi
+  cockroachdbLocalUri="$cockroachdbUri/local"
+  cockroachdbGlobalUri="$cockroachdbUri/global"
+}
+
 function gen_saltKey() {
     password_salt=$(kubectl get secret desktop-frontend-secret -n sealos -o jsonpath="{.data.password_salt}" 2>/dev/null || true)
     if [[ -z "$password_salt" ]]; then
@@ -69,7 +138,10 @@ function mutate_desktop_config() {
     # mutate etc/sealos/desktop-config.yaml by using mongodb uri and two random base64 string
     sed -i -e "s;<your-mongodb-uri-base64>;$(echo -n "${mongodbUri}/sealos-auth?authSource=admin" | base64 -w 0);" etc/sealos/desktop-config.yaml
     sed -i -e "s;<your-jwt-secret-base64>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0);" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-jwt-secret-region-base64>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0);" etc/sealos/desktop-config.yaml
     sed -i -e "s;<your-password-salt-base64>;$saltKey;" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-region-database-url-base64>;$(echo -n "${cockroachdbLocalUri}" | base64 -w 0);" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-global-database-url-base64>;$(echo -n "${cockroachdbGlobalUri}" | base64 -w 0);" etc/sealos/desktop-config.yaml
 }
 
 function create_tls_secret {
@@ -112,8 +184,8 @@ function sealos_run_controller {
   --env DEFAULT_NAMESPACE="account-system"
 
   # run license controller
-  sealos run tars/license.tar \
-  --env MONGO_URI="$mongodbUri"
+#  sealos run tars/license.tar \
+#  --env MONGO_URI="$mongodbUri"
 }
 
 
@@ -139,7 +211,8 @@ function sealos_run_frontend {
     --config-file etc/sealos/desktop-config.yaml
 
   # sealos authorize !!must run after sealos_run_controller frontend-desktop.tar and before sealos_run_frontend
-  sealos_authorize
+  # TODO fix sealos_authorize in controller/job/init
+  # sealos_authorize
 
   echo "run applaunchpad frontend"
   sealos run tars/frontend-applaunchpad.tar \
@@ -173,13 +246,13 @@ function sealos_run_frontend {
   --env cloudPort="$cloudPort" \
   --env certSecretName="wildcard-cert"
 
-  echo "run license frontend"
-  sealos run tars/frontend-license.tar \
-  --env cloudDomain=$cloudDomain \
-  --env cloudPort="$cloudPort" \
-  --env certSecretName="wildcard-cert" \
-  --env MONGODB_URI="${mongodbUri}/sealos-license?authSource=admin" \
-  --env licensePurchaseDomain="license.sealos.io"
+#  echo "run license frontend"
+#  sealos run tars/frontend-license.tar \
+#  --env cloudDomain=$cloudDomain \
+#  --env cloudPort="$cloudPort" \
+#  --env certSecretName="wildcard-cert" \
+#  --env MONGODB_URI="${mongodbUri}/sealos-license?authSource=admin" \
+#  --env licensePurchaseDomain="license.sealos.io"
 
   echo "run cronjob frontend"
   sealos run tars/frontend-cronjob.tar \

frontend/desktop/deploy/manifests/deploy.yaml.tmpl

@@ -69,6 +69,25 @@ spec:
         app: desktop-frontend
     spec:
       serviceAccountName: desktop-frontend
+      initContainers:
+        - name: init-database
+          image: ghcr.io/labring/sealos-desktop-frontend:latest
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              prisma migrate deploy --schema /app/desktop/prisma/global/schema.prisma
+              prisma migrate deploy --schema /app/desktop/prisma/region/schema.prisma
+          env:
+            - name: GLOBAL_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  key: global_database_url
+                  name: desktop-frontend-secret
+            - name: REGION_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  key: region_database_url
+                  name: desktop-frontend-secret
       containers:
         - name: desktop-frontend
           env:

frontend/desktop/deploy/manifests/secret.yaml

@@ -6,6 +6,7 @@ metadata:
 type: Opaque
 data:
   # base64 encode account service url, required
+  # default value is "http://account-service.account-system.svc:2333"
   billing_uri: "aHR0cDovL2FjY291bnQtc2VydmljZS5hY2NvdW50LXN5c3RlbS5zdmM6MjMzMw=="
 
 
@@ -23,6 +24,7 @@ data:
   jwt_secret_app: ""
 
   # base64 encoded current region , required
+  # default value is "ed257b4d-6832-437a-9e06-d683e7edb320"
   region_uid: "ZWQyNTdiNGQtNjgzMi00MzdhLTllMDYtZDY4M2U3ZWRiMzIw"
   # base64 encoded password salt, required if env PASSWORD_ENABLED is true
   # please use a random string and do not change it after deployment

scripts/cloud/build-offline-tar.sh

@@ -9,14 +9,15 @@ mkdir -p output/tars
 
 images=(
   docker.io/labring/sealos-cloud:$CLOUD_VERSION
-  docker.io/labring/kubernetes:v1.25.6
+  docker.io/labring/kubernetes:v1.27.11
   docker.io/labring/helm:v3.12.0
   docker.io/labring/cilium:v1.12.14
   docker.io/labring/cert-manager:v1.8.0
   docker.io/labring/openebs:v3.4.0
   docker.io/labring/kube-prometheus-stack:v0.63.0
   docker.io/labring/ingress-nginx:v1.5.1
-  docker.io/labring/kubeblocks:v0.6.4
+  docker.io/labring/kubeblocks:v0.7.2
+  docker.io/labring/cockroach-operator:v2.13.0
   docker.io/labring/metrics-server:v0.6.4
 )
 
@@ -32,7 +33,7 @@ done
 # get and save cli
 mkdir -p output/cli
 
-VERSION="v4.3.7"
+VERSION="v5.0.0-beta5"
 
 wget https://github.com/labring/sealos/releases/download/${VERSION}/sealos_${VERSION#v}_linux_${ARCH}.tar.gz \
    && tar zxvf sealos_${VERSION#v}_linux_${ARCH}.tar.gz sealos && chmod +x sealos && mv sealos output/cli