Aio

controllers/account/deploy/Kubefile

@@ -7,7 +7,7 @@ COPY manifests manifests
 
 ENV DEFAULT_NAMESPACE account-system
 ENV cloudDomain="cloud.sealos.io"
-ENV port=""
+ENV cloudPort=""
 ENV MONGO_URI "mongodb://mongo:27017/resources"
 
 CMD ["( kubectl create ns $DEFAULT_NAMESPACE || true ) && ( kubectl create -f manifests/mongo-secret.yaml -n $DEFAULT_NAMESPACE || true ) && kubectl apply -f manifests/deploy.yaml -n $DEFAULT_NAMESPACE"]

controllers/account/deploy/manifests/deploy.yaml.tmpl

@@ -1154,7 +1154,7 @@ spec:
         - name: DOMAIN
           value: {{ .cloudDomain }}
         - name: PORT
-          value: {{ .port }}
+          value: {{ .cloudPort }}
         - name: ACCOUNT_NAMESPACE
           value: sealos-system
         - name: NAMESPACE_NAME

controllers/user/config/default/manager_auth_proxy_patch.yaml

@@ -47,5 +47,5 @@ spec:
                 fieldPath: metadata.namespace
           - name: SEALOS_CLOUD_HOST
             value: "cloud.sealos.io"
-          - name: SEALOS_CLOUD_PORT
-            value: "443"
+          - name: APISERVER_PORT
+            value: "6443"

controllers/user/controllers/helper/kubeconfig/interface.go

@@ -67,7 +67,7 @@ type WebhookConfig struct {
 }
 
 func GetKubernetesHost(config *rest.Config) string {
-	host, port := os.Getenv("SEALOS_CLOUD_HOST"), os.Getenv("SEALOS_CLOUD_PORT")
+	host, port := os.Getenv("SEALOS_CLOUD_HOST"), os.Getenv("APISERVER_PORT")
 	if len(host) != 0 && len(port) != 0 {
 		return "https://" + net.JoinHostPort(host, port)
 	}

controllers/user/deploy/Kubefile

@@ -6,6 +6,6 @@ COPY registry registry
 COPY manifests manifests
 
 ENV cloudDomain="127.0.0.1.nip.io"
-ENV cloudPort="6443"
+ENV apiserverPort="6443"
 
 CMD ["kubectl apply -f manifests/deploy.yaml","kubectl delete -f manifests/rbac.yaml --ignore-not-found=true","kubectl delete crd usergroups.user.sealos.io --ignore-not-found=true","kubectl delete crd usergroupbindings.user.sealos.io --ignore-not-found=true"]

controllers/user/deploy/manifests/deploy.yaml.tmpl

@@ -339,8 +339,8 @@ spec:
               fieldPath: metadata.namespace
         - name: SEALOS_CLOUD_HOST
           value: {{ .cloudDomain }}
-        - name: SEALOS_CLOUD_PORT
-          value: "{{ .cloudPort }}"
+        - name: APISERVER_PORT
+          value: "{{ .apiserverPort }}"
         image: ghcr.io/labring/sealos-user-controller:latest
         imagePullPolicy: Always
         livenessProbe:

deploy/cloud/Kubefile

@@ -5,6 +5,7 @@ COPY scripts scripts
 COPY manifests manifests
 
 ENV cloudDomain="127.0.0.1.nip.io"
+ENV cloudPort=""
 ENV mongodbUri=""
 
-CMD ["mongodbUri=$(mongodbUri) bash scripts/init.sh"]
+CMD ["bash scripts/init.sh"]

deploy/cloud/etc/sealos/.env.tmpl

@@ -0,0 +1,3 @@
+cloudDomain={{ .cloudDomain }}
+cloudPort={{ .cloudPort }}
+mongodbUri={{ .mongodbUri }}

deploy/cloud/init.sh

@@ -16,12 +16,13 @@ sealos pull --policy=always ghcr.io/labring/sealos-cloud-licenseissuer-controlle
 sealos save -o tars/user.tar ghcr.io/labring/sealos-cloud-user-controller:latest
 sealos save -o tars/terminal.tar ghcr.io/labring/sealos-cloud-terminal-controller:latest
 sealos save -o tars/app.tar ghcr.io/labring/sealos-cloud-app-controller:latest
-sealos save -o tars/frontend-desktop.tar  ghcr.io/labring/sealos-cloud-desktop-frontend:latest
-sealos save -o tars/frontend-terminal.tar  ghcr.io/labring/sealos-cloud-terminal-frontend:latest
-sealos save -o tars/frontend-applaunchpad.tar ghcr.io/labring/sealos-cloud-applaunchpad-frontend:latest
-sealos save -o tars/frontend-dbprovider.tar ghcr.io/labring/sealos-cloud-dbprovider-frontend:latest
 sealos save -o tars/metering.tar ghcr.io/labring/sealos-cloud-resources-metering-controller:latest
 sealos save -o tars/monitoring.tar ghcr.io/labring/sealos-cloud-resources-controller:latest
 sealos save -o tars/account.tar ghcr.io/labring/sealos-cloud-account-controller:latest
-sealos save -o tars/cost-center.tar ghcr.io/labring/sealos-cloud-costcenter-frontend:latest
 sealos save -o tars/licenseissuer.tar ghcr.io/labring/sealos-cloud-licenseissuer-controller:latest
+
+sealos save -o tars/frontend-desktop.tar  ghcr.io/labring/sealos-cloud-desktop-frontend:latest
+sealos save -o tars/frontend-terminal.tar  ghcr.io/labring/sealos-cloud-terminal-frontend:latest
+sealos save -o tars/frontend-dbprovider.tar ghcr.io/labring/sealos-cloud-dbprovider-frontend:latest
+sealos save -o tars/frontend-costcenter.tar ghcr.io/labring/sealos-cloud-costcenter-frontend:latest
+sealos save -o tars/frontend-applaunchpad.tar ghcr.io/labring/sealos-cloud-applaunchpad-frontend:latest

deploy/cloud/scripts/init.sh

@@ -2,13 +2,69 @@
 set -ex
 
 cloudDomain="127.0.0.1.nip.io"
+cloudPort=""
+mongodbUri=""
+
 tlsCrtPlaceholder="<tls-crt-placeholder>"
 tlsKeyPlaceholder="<tls-key-placeholder>"
-mongodbUri=""
 saltKey=""
 
-function read_env {
-  source $1
+function prepare {
+  # source .env
+  source etc/sealos/.env
+
+  # kubectl apply namespace, secret and mongodb
+  kubectl apply -f manifests/namespace.yaml
+
+  # apply notifications crd
+  kubectl apply -f manifests/notifications_crd.yaml
+
+  # gen mongodb uri
+  gen_mongodbUri
+
+  # gen saltKey if not set or not found in secret
+  gen_saltKey
+
+  # mutate desktop config
+  mutate_desktop_config
+
+  # create tls secret
+  create_tls_secret
+}
+
+function gen_mongodbUri() {
+  # if mongodbUri is empty then create mongodb and gen mongodb uri
+  if [ -z "$mongodbUri" ]; then
+    echo "no mongodb uri found, create mongodb and gen mongodb uri"
+    kubectl apply -f manifests/mongodb.yaml
+    # if there is no sealos-mongodb-conn-credential secret then wait for mongodb ready
+    while [ -z "$(kubectl get secret -n sealos sealos-mongodb-conn-credential)" ]; do
+      echo "waiting for mongodb secret generated"
+      sleep 5
+    done
+    chmod +x scripts/gen-mongodb-uri.sh
+    mongodbUri=$(scripts/gen-mongodb-uri.sh)
+  fi
+}
+
+function gen_saltKey() {
+    password_salt=$(kubectl get secret desktop-frontend-secret -n sealos -o jsonpath="{.data.password_salt}" 2>/dev/null || true)
+    if [[ -z "$password_salt" ]]; then
+        saltKey=$(tr -dc 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0)
+    else
+        saltKey=$password_salt
+    fi
+}
+
+function mutate_desktop_config() {
+  if kubectl get secret desktop-frontend-secret -n sealos --ignore-not-found > /dev/null 2>&1; then
+    echo "desktop-frontend-secret already exists, skip mutate desktop secret"
+  else
+    # mutate etc/sealos/desktop-config.yaml by using mongodb uri and two random base64 string
+    sed -i -e "s;<your-mongodb-uri-base64>;$(echo -n "$mongodbUri" | base64 -w 0);" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-jwt-secret-base64>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0);" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-password-salt-base64>;$saltKey;" etc/sealos/desktop-config.yaml
+  fi
 }
 
 function create_tls_secret {
@@ -25,12 +81,13 @@ function create_tls_secret {
 function sealos_run_controller {
   # run user controller
   sealos run tars/user.tar \
-  --env cloudDomain=$cloudDomain \
-  --env cloudPort="6443"
+  --env cloudDomain="$cloudDomain" \
+  --env apiserverPort="6443"
 
   # run terminal controller
   sealos run tars/terminal.tar \
-  --env cloudDomain=$cloudDomain \
+  --env cloudDomain="$cloudDomain" \
+  --env cloudPort="$cloudPort" \
   --env userNamespace="user-system" \
   --env wildcardCertSecretName="wildcard-cert" \
   --env wildcardCertSecretNamespace="sealos-system"
@@ -49,119 +106,81 @@ function sealos_run_controller {
   # run account controller
   sealos run tars/account.tar \
   --env MONGO_URI="$mongodbUri" \
+  --env cloudDomain="$cloudDomain" \
+  --env cloudPort="$cloudPort" \
   --env DEFAULT_NAMESPACE="account-system"
 
   # run licenseissuer controller
   sealos run tars/licenseissuer.tar \
   --env canConnectToExternalNetwork="true" \
-  --env enableMonitor="true" 
-}
-
-function sealos_authorize {
-    echo "start to authorize sealos"
-    echo "create admin-user"
-    # create admin-user
-    kubectl apply -f manifests/admin-user.yaml
-    # wait for admin-user ready
-    echo "waiting for admin-user generated"
-    while true; do
-        if kubectl get namespace ns-admin >/dev/null 2>&1 && kubectl get accounts.account.sealos.io admin -n sealos-system >/dev/null 2>&1; then
-            break
-        else
-            echo "waiting for preset admin-user to be created..."
-            sleep 3
-        fi
-    done
-    # issue license for admin-user
-    echo "license issue for admin-user"
-
-    # issue license for admin-user
-    echo "license issue for admin-user"
-    kubectl apply -f manifests/free-license.yaml
-}
-
-function gen_saltKey() {
-    saltKey=$(tr -dc 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0)
-}
-
-function gen_mongodbUri() {
-  # if mongodbUri is empty then create mongodb and gen mongodb uri
-  if [ -z "$mongodbUri" ]; then
-    echo "no mongodb uri found, create mongodb and gen mongodb uri"
-    kubectl apply -f manifests/mongodb.yaml
-    # if there is no sealos-mongodb-conn-credential secret then wait for mongodb ready
-    while [ -z "$(kubectl get secret -n sealos sealos-mongodb-conn-credential)" ]; do
-      echo "waiting for mongodb secret generated"
-      sleep 5
-    done
-    chmod +x scripts/gen-mongodb-uri.sh
-    mongodbUri=$(scripts/gen-mongodb-uri.sh)
-  fi
+  --env enableMonitor="true"
 }
 
 function sealos_run_frontend {
-  # mutate desktop config before running desktop
-  echo "mutate desktop config"
-  mutate_desktop_config
-
   echo "run desktop frontend"
+  configFileFlag=""
+  if kubectl get secret desktop-frontend-secret -n sealos --ignore-not-found > /dev/null 2>&1; then
+    configFileFlag=""
+  else
+    configFileFlag="--config-file etc/sealos/desktop-config.yaml"
+  fi
   sealos run tars/frontend-desktop.tar \
     --env cloudDomain=$cloudDomain \
+    --env cloudPort=$cloudPort \
     --env certSecretName="wildcard-cert" \
-    --env passwordEnabled="true" \
-    --config-file etc/sealos/desktop-config.yaml
+    --env passwordEnabled="true" $configFileFlag
 
   echo "run applaunchpad frontend"
   sealos run tars/frontend-applaunchpad.tar \
   --env cloudDomain=$cloudDomain \
+  --env cloudPort=$cloudPort \
   --env certSecretName="wildcard-cert"
 
   echo "run terminal frontend"
   sealos run tars/frontend-terminal.tar \
   --env cloudDomain=$cloudDomain \
+  --env cloudPort=$cloudPort \
   --env certSecretName="wildcard-cert"
 
   echo "run dbprovider frontend"
   sealos run tars/frontend-dbprovider.tar \
   --env cloudDomain=$cloudDomain \
+  --env cloudPort=$cloudPort \
   --env certSecretName="wildcard-cert"
 
-  echo "costcenter frontend"
-  sealos run tars/cost-center.tar \
+  echo "run cost center frontend"
+  sealos run tars/frontend-costcenter.tar \
   --env cloudDomain=$cloudDomain \
+  --env cloudPort=$cloudPort \
   --env certSecretName="wildcard-cert" \
   --env transferEnabled="true" \
   --env rechargeEnabled="false"
 }
 
-
-function mutate_desktop_config() {
-  # mutate etc/sealos/desktop-config.yaml by using mongodb uri and two random base64 string
-  sed -i -e "s;<your-mongodb-uri-base64>;$(echo -n "$mongodbUri" | base64 -w 0);" etc/sealos/desktop-config.yaml
-  sed -i -e "s;<your-jwt-secret-base64>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0);" etc/sealos/desktop-config.yaml
-  sed -i -e "s;<your-password-salt-base64>;$saltKey;" etc/sealos/desktop-config.yaml
+function sealos_authorize {
+    echo "start to authorize sealos"
+    echo "create admin-user"
+    # create admin-user
+    kubectl apply -f manifests/admin-user.yaml
+    # wait for admin-user ready
+    echo "waiting for admin-user generated"
+    while true; do
+        if kubectl get namespace ns-admin >/dev/null 2>&1 && kubectl get accounts.account.sealos.io admin -n sealos-system >/dev/null 2>&1; then
+            break
+        else
+            echo "waiting for preset admin-user to be created..."
+            sleep 3
+        fi
+    done
+    # issue license for admin-user
+    echo "license issue for admin-user"
+    kubectl apply -f manifests/free-license.yaml
 }
 
 
-
 function install {
-  # read env
-  read_env etc/sealos/cloud.env
-
-  # kubectl apply namespace, secret and mongodb
-  kubectl apply -f manifests/namespace.yaml
-
-  # apply notifications crd
-  kubectl apply -f manifests/notifications_crd.yaml
-
-  # create tls secret
-  create_tls_secret $cloudDomain
-
-  # gen mongodb uri
-  gen_mongodbUri
-
-  # gen saltKey
-  gen_saltKey
+  # gen mongodb uri and others
+  prepare
 
   # sealos run controllers
   sealos_run_controller

frontend/desktop/deploy/Kubefile

@@ -5,10 +5,11 @@ COPY registry registry
 COPY manifests manifests
 
 ENV cloudDomain="127.0.0.1.nip.io"
+ENV cloudPort=""
 ENV certSecretName="wildcard-cert"
 ENV passWordEnabled="false"
 ENV githubEnabled="false"
 ENV wechatEnabled="false"
 ENV smsEnabled="false"
 
-CMD ["kubectl apply -f manifests"]
+CMD ["bash scripts/init.sh"]

frontend/desktop/deploy/manifests/deploy.yaml.tmpl

@@ -63,7 +63,7 @@ spec:
           env:
             # callback url is used for oauth2 login, required
             - name: CALLBACK_URL
-              value: https://{{ .cloudDomain }}/callback
+              value: https://{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}/callback
             # mongodb uri, required
             - name: MONGODB_URI
               valueFrom:

frontend/desktop/deploy/scripts/init.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -ex
+
+kubectl apply -f manifests/deploy.yaml -f manifests/rbac.yaml -f manifests/ingress.yaml
+
+secret_exists=$(kubectl get secret desktop-frontend-secret -n sealos --ignore-not-found=true)
+if [[ -n "$secret_exists" ]]; then
+  echo "desktop-frontend-secret already exists, skip create desktop secret"
+else
+  echo "create desktop secret"
+  kubectl apply -f manifests/secret.yaml
+fi

frontend/providers/applaunchpad/deploy/Kubefile

@@ -6,6 +6,9 @@ COPY registry registry
 COPY manifests manifests
 
 ENV cloudDomain="127.0.0.1.nip.io"
+ENV cloudPort=""
+
+ENV certSecretName="wildcard-cert"
 ENV ingressSecret="wildcard-cert"
 
 CMD ["kubectl apply -f manifests"]