Merge branch 'labring:main' into feat/admin-monitor

.github/workflows/cloud-release.yml

@@ -68,6 +68,9 @@ jobs:
     needs:
       - release-cloud
     runs-on: self-hosted
+    env:
+      RELEASE_TAG: ${{ github.event.inputs.tag || github.event.release.tag_name }}
+      OSS_BUCKET: ${{ secrets.OSS_BUCKET }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -83,8 +86,8 @@ jobs:
           sudo sealos version
       - name: Build
         run: |
-          export CLOUD_VERSION=${{ github.event.inputs.tag || github.event.release.tag_name }}
-          export VERSION=${{ github.event.inputs.tag || github.event.release.tag_name }}
+          export CLOUD_VERSION="$RELEASE_TAG"
+          export VERSION="$RELEASE_TAG"
           export ARCH=amd64
           bash ./scripts/cloud/build-offline-tar.sh
       - name: Setup ossutil
@@ -97,13 +100,16 @@ jobs:
         run: cat ./sealos-cloud.tar.gz.md5
       - name: Upload
         run: |
-          ossutil cp ./sealos-cloud.tar.gz oss://${{ secrets.OSS_BUCKET }}/cloud/sealos-cloud-${{ github.event.inputs.tag || github.event.release.tag_name }}-amd64.tar.gz
-          ossutil cp ./sealos-cloud.tar.gz.md5 oss://${{ secrets.OSS_BUCKET }}/cloud/sealos-cloud-${{ github.event.inputs.tag || github.event.release.tag_name }}-amd64.tar.gz.md5
+          ossutil cp ./sealos-cloud.tar.gz "oss://$OSS_BUCKET/cloud/sealos-cloud-$RELEASE_TAG-amd64.tar.gz"
+          ossutil cp ./sealos-cloud.tar.gz.md5 "oss://$OSS_BUCKET/cloud/sealos-cloud-$RELEASE_TAG-amd64.tar.gz.md5"
 
   release-arm-offline-tar:
     needs:
       - release-cloud
     runs-on: self-hosted
+    env:
+      RELEASE_TAG: ${{ github.event.inputs.tag || github.event.release.tag_name }}
+      OSS_BUCKET: ${{ secrets.OSS_BUCKET }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -119,8 +125,8 @@ jobs:
           sudo sealos version
       - name: Build
         run: |
-          export CLOUD_VERSION=${{ github.event.inputs.tag || github.event.release.tag_name }}
-          export VERSION=${{ github.event.inputs.tag || github.event.release.tag_name }}
+          export CLOUD_VERSION="$RELEASE_TAG"
+          export VERSION="$RELEASE_TAG"
           export ARCH=arm64
           bash ./scripts/cloud/build-offline-tar.sh
       - name: Setup ossutil
@@ -133,5 +139,5 @@ jobs:
         run: cat ./sealos-cloud.tar.gz.md5
       - name: Upload
         run: |
-          ossutil cp ./sealos-cloud.tar.gz oss://${{ secrets.OSS_BUCKET }}/cloud/sealos-cloud-${{ github.event.inputs.tag || github.event.release.tag_name }}-arm64.tar.gz
-          ossutil cp ./sealos-cloud.tar.gz.md5 oss://${{ secrets.OSS_BUCKET }}/cloud/sealos-cloud-${{ github.event.inputs.tag || github.event.release.tag_name }}-arm64.tar.gz.md5
+          ossutil cp ./sealos-cloud.tar.gz "oss://$OSS_BUCKET/cloud/sealos-cloud-$RELEASE_TAG-arm64.tar.gz"
+          ossutil cp ./sealos-cloud.tar.gz.md5 "oss://$OSS_BUCKET/cloud/sealos-cloud-$RELEASE_TAG-arm64.tar.gz.md5"

cmd/sealos/cmd/reset.go

@@ -31,8 +31,8 @@ reset you current cluster:
 
 func newResetCmd() *cobra.Command {
 	resetArgs := &apply.ResetArgs{
-		Cluster: &apply.Cluster{},
-		SSH:     &apply.SSH{},
+		ClusterName: &apply.ClusterName{},
+		SSH:         &apply.SSH{},
 	}
 
 	var resetCmd = &cobra.Command{

controllers/account/config/rbac/role.yaml

@@ -337,6 +337,7 @@ rules:
   resources:
   - users
   verbs:
+  - create
   - get
   - list
   - watch

controllers/account/controllers/account_controller.go

@@ -86,7 +86,7 @@ type AccountReconciler struct {
 //+kubebuilder:rbac:groups=account.sealos.io,resources=accounts/finalizers,verbs=update
 //+kubebuilder:rbac:groups=core,resources=resourcequotas,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=core,resources=limitranges,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=user.sealos.io,resources=users,verbs=get;list;watch
+//+kubebuilder:rbac:groups=user.sealos.io,resources=users,verbs=create;get;list;watch
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete

controllers/account/deploy/manifests/deploy.yaml

@@ -550,6 +550,7 @@ rules:
   resources:
   - users
   verbs:
+  - create
   - get
   - list
   - watch

controllers/devbox/api/v1alpha1/runtime_types.go

@@ -72,12 +72,19 @@ type Component struct {
 	Version string `json:"version"`
 }
 
+type RuntimeState string
+
+const (
+	RuntimeStateActive     RuntimeState = "active"
+	RuntimeStateDeprecated RuntimeState = "deprecated"
+)
+
 // RuntimeSpec defines the desired state of Runtime
 type RuntimeSpec struct {
-	// +kubebuilder:validation:Required
-	Version string `json:"version"`
 	// +kubebuilder:validation:Required
 	ClassRef string `json:"classRef"`
+	// +kubebuilder:validation:Required
+	Version string `json:"version"`
 
 	// +kubebuilder:validation:Optional
 	Components []Component `json:"components,omitempty"`
@@ -88,6 +95,13 @@ type RuntimeSpec struct {
 
 	// +kubebuilder:validation:Required
 	Config Config `json:"config"`
+
+	// +kubebuilder:validation:Optional
+	RuntimeVersion string `json:"runtimeVersion,omitempty"`
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:Enum=active;deprecated
+	// +kubebuilder:default=active
+	State RuntimeState `json:"state,omitempty"`
 }
 
 // RuntimeStatus defines the observed state of Runtime
@@ -98,6 +112,10 @@ type RuntimeStatus struct {
 
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Class",type=string,JSONPath=`.spec.classRef`
+// +kubebuilder:printcolumn:name="Version",type=string,JSONPath=`.spec.version`
+// +kubebuilder:printcolumn:name="RuntimeVersion",type=string,JSONPath=`.spec.runtimeVersion`
+// +kubebuilder:printcolumn:name="State",type=string,JSONPath=`.spec.state`
 
 // Runtime is the Schema for the runtimes API
 type Runtime struct {

controllers/devbox/cmd/main.go

@@ -69,7 +69,8 @@ func main() {
 	var registryUser string
 	var registryPassword string
 	var authAddr string
-	var ephemeralStorage string
+	var requestEphemeralStorage string
+	var limitEphemeralStorage string
 	var debugMode bool
 	flag.StringVar(&registryAddr, "registry-addr", "sealos.hub:5000", "The address of the registry")
 	flag.StringVar(&registryUser, "registry-user", "admin", "The user of the registry")
@@ -86,7 +87,8 @@ func main() {
 	flag.BoolVar(&enableHTTP2, "enable-http2", false,
 		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
 	flag.BoolVar(&debugMode, "debug", false, "If set, debug mode will be enabled")
-	flag.StringVar(&ephemeralStorage, "ephemeral-storage", "2000Mi", "The maximum value of equatorial storage in devbox.")
+	flag.StringVar(&requestEphemeralStorage, "request-ephemeral-storage", "500Mi", "The request value of ephemeral storage in devbox.")
+	flag.StringVar(&limitEphemeralStorage, "limit-ephemeral-storage", "10Gi", "The limit value of ephemeral storage in devbox.")
 	opts := zap.Options{
 		Development: true,
 	}
@@ -177,12 +179,13 @@ func main() {
 	}
 
 	if err = (&controller.DevboxReconciler{
-		Client:              mgr.GetClient(),
-		Scheme:              mgr.GetScheme(),
-		CommitImageRegistry: registryAddr,
-		Recorder:            mgr.GetEventRecorderFor("devbox-controller"),
-		EquatorialStorage:   ephemeralStorage,
-		DebugMode:           debugMode,
+		Client:                  mgr.GetClient(),
+		Scheme:                  mgr.GetScheme(),
+		CommitImageRegistry:     registryAddr,
+		Recorder:                mgr.GetEventRecorderFor("devbox-controller"),
+		RequestEphemeralStorage: requestEphemeralStorage,
+		LimitEphemeralStorage:   limitEphemeralStorage,
+		DebugMode:               debugMode,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Devbox")
 		os.Exit(1)

controllers/devbox/config/crd/bases/devbox.sealos.io_runtimes.yaml

@@ -28,7 +28,20 @@ spec:
     singular: runtime
   scope: Namespaced
   versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .spec.classRef
+      name: Class
+      type: string
+    - jsonPath: .spec.version
+      name: Version
+      type: string
+    - jsonPath: .spec.runtimeVersion
+      name: RuntimeVersion
+      type: string
+    - jsonPath: .spec.state
+      name: State
+      type: string
+    name: v1alpha1
     schema:
       openAPIV3Schema:
         description: Runtime is the Schema for the runtimes API
@@ -2002,6 +2015,14 @@ spec:
                 type: object
               description:
                 type: string
+              runtimeVersion:
+                type: string
+              state:
+                default: active
+                enum:
+                - active
+                - deprecated
+                type: string
               version:
                 type: string
             required:

controllers/devbox/deploy/manifests/deploy.yaml.tmpl

@@ -3129,7 +3129,20 @@ spec:
     singular: runtime
   scope: Namespaced
   versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .spec.classRef
+      name: Class
+      type: string
+    - jsonPath: .spec.version
+      name: Version
+      type: string
+    - jsonPath: .spec.runtimeVersion
+      name: RuntimeVersion
+      type: string
+    - jsonPath: .spec.state
+      name: State
+      type: string
+    name: v1alpha1
     schema:
       openAPIV3Schema:
         description: Runtime is the Schema for the runtimes API
@@ -5103,6 +5116,14 @@ spec:
                 type: object
               description:
                 type: string
+              runtimeVersion:
+                type: string
+              state:
+                default: active
+                enum:
+                - active
+                - deprecated
+                type: string
               version:
                 type: string
             required:

controllers/devbox/internal/controller/devbox_controller.go

@@ -44,8 +44,9 @@ import (
 
 // DevboxReconciler reconciles a Devbox object
 type DevboxReconciler struct {
-	CommitImageRegistry string
-	EquatorialStorage   string
+	CommitImageRegistry     string
+	RequestEphemeralStorage string
+	LimitEphemeralStorage   string
 
 	DebugMode bool
 
@@ -169,6 +170,15 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha
 	err := r.Get(ctx, client.ObjectKey{Namespace: devbox.Namespace, Name: devbox.Name}, devboxSecret)
 	if err == nil {
 		// Secret already exists, no need to create
+
+		// TODO: delete this code after we have a way to sync secret to devbox
+		// check if SEALOS_DEVBOX_JWT_SECRET is exist, if not exist, create it
+		if _, ok := devboxSecret.Data["SEALOS_DEVBOX_JWT_SECRET"]; !ok {
+			devboxSecret.Data["SEALOS_DEVBOX_JWT_SECRET"] = []byte(rand.String(32))
+			if err := r.Update(ctx, devboxSecret); err != nil {
+				return fmt.Errorf("failed to update secret: %w", err)
+			}
+		}
 		return nil
 	}
 	if client.IgnoreNotFound(err) != nil {
@@ -185,6 +195,7 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha
 		ObjectMeta: objectMeta,
 		Data: map[string][]byte{
 			"SEALOS_DEVBOX_PASSWORD":    []byte(rand.String(12)),
+			"SEALOS_DEVBOX_JWT_SECRET":  []byte(rand.String(32)),
 			"SEALOS_DEVBOX_PUBLIC_KEY":  publicKey,
 			"SEALOS_DEVBOX_PRIVATE_KEY": privateKey,
 		},
@@ -526,7 +537,7 @@ func (r *DevboxReconciler) generateDevboxPod(devbox *devboxv1alpha1.Devbox, runt
 			WorkingDir: helper.GenerateWorkingDir(devbox, runtime),
 			Command:    helper.GenerateCommand(devbox, runtime),
 			Args:       helper.GenerateDevboxArgs(devbox, runtime),
-			Resources:  helper.GenerateResourceRequirements(devbox, r.EquatorialStorage),
+			Resources:  helper.GenerateResourceRequirements(devbox, r.RequestEphemeralStorage, r.LimitEphemeralStorage),
 		},
 	}
 

controllers/devbox/internal/controller/helper/devbox.go

@@ -218,6 +218,16 @@ func PodMatchExpectations(expectPod *corev1.Pod, pod *corev1.Pod) bool {
 		return false
 	}
 
+	// Check Ephemeral Storage changes
+	if container.Resources.Requests.StorageEphemeral().Cmp(*expectContainer.Resources.Requests.StorageEphemeral()) != 0 {
+		slog.Info("Ephemeral-Storage requests are not equal")
+		return false
+	}
+	if container.Resources.Limits.StorageEphemeral().Cmp(*expectContainer.Resources.Limits.StorageEphemeral()) != 0 {
+		slog.Info("Ephemeral-Storage limits are not equal")
+		return false
+	}
+
 	// Check environment variables
 	if len(container.Env) != len(expectContainer.Env) {
 		return false
@@ -370,18 +380,19 @@ func GenerateSSHVolume(devbox *devboxv1alpha1.Devbox) corev1.Volume {
 	}
 }
 
-func GenerateResourceRequirements(devbox *devboxv1alpha1.Devbox, equatorialStorage string) corev1.ResourceRequirements {
+func GenerateResourceRequirements(devbox *devboxv1alpha1.Devbox, requestEphemeralStorage, limitEphemeralStorage string) corev1.ResourceRequirements {
 	return corev1.ResourceRequirements{
 		Requests: calculateResourceRequest(
 			corev1.ResourceList{
-				corev1.ResourceCPU:    devbox.Spec.Resource["cpu"],
-				corev1.ResourceMemory: devbox.Spec.Resource["memory"],
+				corev1.ResourceCPU:              devbox.Spec.Resource["cpu"],
+				corev1.ResourceMemory:           devbox.Spec.Resource["memory"],
+				corev1.ResourceEphemeralStorage: resource.MustParse(requestEphemeralStorage),
 			},
 		),
 		Limits: corev1.ResourceList{
-			"cpu":               devbox.Spec.Resource["cpu"],
-			"memory":            devbox.Spec.Resource["memory"],
-			"ephemeral-storage": resource.MustParse(equatorialStorage),
+			corev1.ResourceCPU:              devbox.Spec.Resource["cpu"],
+			corev1.ResourceMemory:           devbox.Spec.Resource["memory"],
+			corev1.ResourceEphemeralStorage: resource.MustParse(limitEphemeralStorage),
 		},
 	}
 }
@@ -403,6 +414,11 @@ func calculateResourceRequest(limit corev1.ResourceList) corev1.ResourceList {
 		memoryRequest := memoryValue / rate
 		request[corev1.ResourceMemory] = *resource.NewQuantity(int64(memoryRequest), resource.BinarySI)
 	}
+
+	if ephemeralStorage, ok := limit[corev1.ResourceEphemeralStorage]; ok {
+		request[corev1.ResourceEphemeralStorage] = ephemeralStorage
+	}
+
 	return request
 }
 

controllers/objectstorage/api/v1/objectstorageuser_types.go

@@ -22,6 +22,8 @@ import (
 
 // ObjectStorageUserSpec defines the desired state of ObjectStorageUser
 type ObjectStorageUserSpec struct {
+	// +kubebuilder:default=0
+	SecretKeyVersion int64 `json:"secretKeyVersion,omitempty"`
 }
 
 // ObjectStorageUserStatus defines the observed state of ObjectStorageUser
@@ -34,6 +36,8 @@ type ObjectStorageUserStatus struct {
 	SecretKey    string `json:"secretKey,omitempty"`
 	Internal     string `json:"internal,omitempty"`
 	External     string `json:"external,omitempty"`
+	// +kubebuilder:default=0
+	SecretKeyVersion int64 `json:"secretKeyVersion,omitempty"`
 }
 
 //+kubebuilder:object:root=true

controllers/objectstorage/config/crd/bases/objectstorage.sealos.io_objectstorageusers.yaml

@@ -48,6 +48,11 @@ spec:
               type: object
             spec:
               description: ObjectStorageUserSpec defines the desired state of ObjectStorageUser
+              properties:
+                secretKeyVersion:
+                  default: 0
+                  format: int64
+                  type: integer
               type: object
             status:
               description: ObjectStorageUserStatus defines the observed state of ObjectStorageUser
@@ -66,6 +71,10 @@ spec:
                   type: integer
                 secretKey:
                   type: string
+                secretKeyVersion:
+                  default: 0
+                  format: int64
+                  type: integer
                 size:
                   description: unit is byte
                   format: int64