feat. change desktop to use config file.

deploy/cloud/etc/sealos/desktop-config.yaml

@@ -3,16 +3,54 @@ kind: Config
 metadata:
   name: secret
 spec:
-  path: manifests/secret.yaml
-  # do not modify this image, it's used by ci.
-  match: ghcr.io/labring/sealos-cloud-desktop-frontend:latest
-  strategy: merge
+  path: manifests/configmap.yaml
+  strategy: override
   data: |
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: desktop-frontend-config
+      namespace: sealos
     data:
-      mongodb_uri: <your-mongodb-uri-base64>
-      jwt_secret: <your-jwt-secret-base64>
-      password_salt: <your-password-salt-base64>
-      jwt_secret_region: <your-jwt-secret-region-base64>
-      region_database_url: <your-region-database-url-base64>
-      global_database_url: <your-global-database-url-base64>
-      region_uid: <your-local-region-uid-base64>
+      config.yaml : |
+        cloud:
+          domain: "{{ .cloudDomain }}"
+          port: "{{ .cloudPort }}"
+          regionUID: "<your-local-region-uid>"
+          certSecretName: "{{ .certSecretName }}"
+        common:
+          guideEnabled: "false"
+          apiEnabled: "false"
+          rechargeEnabled: "false"
+          cfSiteKey: ""
+        database:
+          mongodbURI: "<your-mongodb-uri>"
+          globalCockroachdbURI: "<your-global-database-url>"
+          regionalCockroachdbURI: "<your-regional-database-url>"
+        desktop:
+          layout:
+            title: "Sealos Cloud"
+            logo: "/logo.png"
+            backgroundImage: "/images/bg-blue.svg"
+            meta:
+              title: "Sealos Cloud"
+              description: "Sealos Cloud"
+              keywords: "Sealos Cloud"
+              scripts: []
+            common:
+              githubStarEnabled: "true"
+          auth:
+            proxyAddress: ""
+            callbackURL: "https://{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}/callback"
+            signUpEnabled: "true"
+            baiduToken: ""
+            invite:
+              enabled: "false"
+            jwt:
+              internal: "<your-internal-jwt-secret>"
+              regional: "<your-regional-jwt-secret>"
+              global: "<your-global-jwt-secret>"
+            idp:
+              password:
+                enabled: "true"
+                salt: "<your-password-salt>"

deploy/cloud/scripts/init.sh

@@ -135,32 +135,33 @@ function gen_cockroachdbUri() {
 }
 
 function gen_saltKey() {
-    password_salt=$(kubectl get secret desktop-frontend-secret -n sealos -o jsonpath="{.data.password_salt}" 2>/dev/null || true)
+    password_salt=$(kubectl get configmap desktop-frontend-config -n sealos -o jsonpath='{.data.config\.yaml}' | grep "salt:" | awk '{print $2}' 2>/dev/null || true)
     if [[ -z "$password_salt" ]]; then
-        saltKey=$(tr -dc 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0)
+        saltKey=$(tr -dc 'a-z0-9' </dev/urandom | head -c64)
     else
         saltKey=$password_salt
     fi
 }
 
 function gen_regionUID(){
-    uid=$(kubectl get secret desktop-frontend-secret -n sealos -o jsonpath="{.data.region_uid}" 2>/dev/null || true)
+    uid=$(kubectl get configmap desktop-frontend-config -n sealos -o jsonpath='{.data.config\.yaml}' | grep "regionUID:" | awk '{print $2}' 2>/dev/null || true)
     if [[ -z "$uid" ]]; then
         localRegionUID=$(uuidgen)
     else
-        localRegionUID=$(echo -n "$uid" | base64 -d)
+        localRegionUID=$(echo -n "$uid")``
     fi
 }
 
 function mutate_desktop_config() {
-    # mutate etc/sealos/desktop-config.yaml by using mongodb uri and two random base64 string
-    sed -i -e "s;<your-mongodb-uri-base64>;$(echo -n "${mongodbUri}/sealos-auth?authSource=admin" | base64 -w 0);" etc/sealos/desktop-config.yaml
-    sed -i -e "s;<your-jwt-secret-base64>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0);" etc/sealos/desktop-config.yaml
-    sed -i -e "s;<your-jwt-secret-region-base64>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0);" etc/sealos/desktop-config.yaml
-    sed -i -e "s;<your-password-salt-base64>;$saltKey;" etc/sealos/desktop-config.yaml
-    sed -i -e "s;<your-region-database-url-base64>;$(echo -n "${cockroachdbLocalUri}" | base64 -w 0);" etc/sealos/desktop-config.yaml
-    sed -i -e "s;<your-global-database-url-base64>;$(echo -n "${cockroachdbGlobalUri}" | base64 -w 0);" etc/sealos/desktop-config.yaml
-    sed -i -e "s;<your-local-region-uid-base64>;$(echo -n "${localRegionUID}" | base64 -w 0);" etc/sealos/desktop-config.yaml
+    # mutate etc/sealos/desktop-config.yaml by using mongodb uri and two random string
+    sed -i -e "s;<your-mongodb-uri>;$(echo -n "${mongodbUri}/sealos-auth?authSource=admin");" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-internal-jwt-secret>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64);" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-regional-jwt-secret>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64);" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-global-jwt-secret>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64);" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-password-salt>;$saltKey;" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-regional-database-url>;$(echo -n "${cockroachdbLocalUri}");" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-global-database-url>;$(echo -n "${cockroachdbGlobalUri}");" etc/sealos/desktop-config.yaml
+    sed -i -e "s;<your-local-region-uid>;$(echo -n "${localRegionUID}");" etc/sealos/desktop-config.yaml
 }
 
 function create_tls_secret {
@@ -223,7 +224,7 @@ function sealos_run_controller {
 
 
 function sealos_authorize {
-  sealos run tars/job-init.tar --env PASSWORD_SALT="$(echo -n "$saltKey" | base64 -d)"
+  sealos run tars/job-init.tar --env PASSWORD_SALT="$(echo -n "$saltKey")"
   sealos run tars/job-heartbeat.tar
 
   # wait for admin user create

frontend/desktop/.gitignore

@@ -27,7 +27,7 @@ yarn-error.log*
 
 # local env files
 .env*.local
-data/config.local.json
+data/*.local
 # vercel
 .vercel
 

frontend/desktop/data/config.yaml

@@ -0,0 +1,64 @@
+cloud:
+  domain: "127.0.0.1.nip.io"
+  port: ""
+  regionUID: "thisiaregionuid"
+  certSecretName: "wildcard-cert"
+common:
+  guideEnabled: "false"
+  apiEnabled: "false"
+  rechargeEnabled: "false"
+  cfSiteKey: ""
+database:
+  mongodbURI: "thisismongodburi"
+  globalCockroachdbURI: "thisisglobalcockroachdburi"
+  regionalCockroachdbURI: "thisisregionalcockroachdburi"
+desktop:
+  layout:
+    title: "Sealos Cloud"
+    logo: "/logo.png"
+    backgroundImage: "/images/bg-blue.svg"
+    meta:
+      title: "Sealos Cloud"
+      description: "Sealos Cloud"
+      keywords: "Sealos Cloud"
+      scripts: []
+    common:
+      githubStarEnabled: "false"
+  auth:
+    proxyAddress: ""
+    callbackURL: "https://127.0.0.1.nip.io/callback"
+    signUpEnabled: "true"
+    baiduToken: ""
+    invite:
+      enabled: "false"
+    jwt:
+      internal: "thisisinternaljwt"
+      regional: "thisisregionaljwt"
+      global: "thisisglobaljwt"
+    idp:
+      password:
+        enabled: "true"
+        salt: "thisispasswordsalt"
+#        github:
+#          enabled: "{{ .githubEnabled }}"
+#          clientId: "{{ .githubClientID }}"
+#          clientSecret: "{{ .githubClientSecret }}"
+#        wechat:
+#          enabled: "{{ .wechatEnabled }}"
+#          clientId: "{{ .wechatClientID }}"
+#          clientSecret: "{{ .wechatClientSecret }}"
+#        sms:
+#          ali:
+#            enabled: "{{ .smsEnabled }}"
+#            endpoint: "{{ .aliSmsEndpoint }}"
+#            signName: "{{ .aliSmsSignName }}"
+#            accessKeyId: "{{ .aliAccessKeyID }}"
+#            accessKeySecret: "{{ .aliAccessKeySecret }}"
+#        oauth2:
+#          enabled: "{{ .oauth2Enabled }}"
+#          callbackURL: "https://{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}/callback"
+#          clientId: "{{ .oauth2ClientId }}"
+#          clientSecret: "{{ .oauth2ClientSecret }}"
+#          authURL: "{{ .oauth2AuthURL }}"
+#          tokenURL: "{{ .oauth2TokenURL }}"
+#          userInfoURL: "{{ .oauth2UserInfoURL }}"

frontend/desktop/deploy/Kubefile

@@ -8,11 +8,5 @@ COPY scripts scripts
 ENV cloudDomain="127.0.0.1.nip.io"
 ENV cloudPort=""
 ENV certSecretName="wildcard-cert"
-ENV passWordEnabled="false"
-ENV githubEnabled="false"
-ENV wechatEnabled="false"
-ENV smsEnabled="false"
-ENV signUpEnabled="true"
-ENV apiEnabled="false"
 
 CMD ["bash scripts/init.sh"]

frontend/desktop/deploy/README.md

@@ -6,48 +6,81 @@ sealos build -t docker.io/labring/sealos-cloud-desktop:latest -f Kubefile .
 
 ### Env
 
-| Name                       | Description                 | Default                                |
-|----------------------------|-----------------------------|----------------------------------------|
-| `cloudDomain`              | sealos cloud domain         | `cloud.example.com`                    |
-| `wildcardCertSecretName`   | wildcard cert secret name   | `wildcard-cert`                        |
+| Name                       | Description                 | Default            |
+|----------------------------|-----------------------------|--------------------|
+| `cloudDomain`              | sealos cloud domain         | `127.0.0.1.nip.io` |
+| `wildcardCertSecretName`   | wildcard cert secret name   | `wildcard-cert`    |
 
 ### Config
 
-If you enable password login (which is enabled by default), you need to set the password salt by using a config file.
-
-And this is a command to generate a password salt:
-```shell
-echo -n "your-password-salt" | base64
-```
-
-
 Here is a config file example:
 ```yaml
 # desktop-config.yaml
 apiVersion: apps.sealos.io/v1beta1
 kind: Config
 metadata:
-  name: secret
+  name: configMap
 spec:
-  path: manifests/secret.yaml
-  match: docker.io/labring/sealos-cloud-desktop:latest
-  strategy: merge
+  path: manifests/configmap.yaml
+  strategy: override
   data: |
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: desktop-frontend-config
+      namespace: sealos
     data:
-      mongodb_uri: <your-mongodb-uri-base64>
-      jwt_secret: <your-jwt-secret-base64>
-      password_salt: <your-password-salt-base64>
+      config.yaml : |
+        cloud:
+          domain: "127.0.0.1.nip.io"
+          port: ""
+          regionUID: "thisiaregionuid"
+          certSecretName: "wildcard-cert"
+        common:
+          guideEnabled: "false"
+          apiEnabled: "false"
+          rechargeEnabled: "false"
+          cfSiteKey: ""
+        database:
+          mongodbUri: "thisismongodburi"
+          globalCockroachdbURI: "thisisglobalcockroachdburi"
+          regionalCockroachdbURI: "thisisregionalcockroachdburi"
+        desktop:
+          layout:
+            title: "Sealos Cloud"
+            logo: "/logo.png"
+            backgroundImage: "/images/bg-blue.svg"
+            meta:
+              title: "Sealos Cloud"
+              description: "Sealos Cloud"
+              keywords: "Sealos Cloud"
+              scripts: []
+            common:
+              githubStarEnabled: "false"
+          auth:
+            proxyAddress: ""
+            callbackURL: "https://127.0.0.1.nip.io/callback"
+            signUpEnabled: "true"
+            baiduToken: ""
+            invite:
+              enabled: "false"
+            jwt:
+              internal: "thisisinternaljwt"
+              regional: "thisisregionaljwt"
+              global: "thisisglobaljwt"
+            idp:
+              password:
+                enabled: "true"
+                salt: "thisispasswordsalt"
+
 ```
 
-*Please make sure `spec.match` is the same as the image you want to run*
-
 ### How to run
 
 ```shell
 sealos run \
     --env cloudDomain="127.0.0.1.nip.io" \
     --env wildcardCertSecretName="wildcard-cert" \
-    --env passwordEnabled="true" \
     docker.io/labring/sealos-cloud-desktop:latest \
     --config-file desktop-config.yaml 
 ```

frontend/desktop/deploy/manifests/configmap.yaml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: desktop-frontend-config
+  namespace: sealos
+data:
+  config.yaml : |
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: desktop-frontend-config
+      namespace: sealos
+    data:
+      config.yaml : |
+        cloud:
+          domain: "{{ .cloudDomain }}"
+          port: "{{ .cloudPort }}"
+          regionUID: "<your-local-region-uid-base64>"
+          certSecretName: "{{ .certSecretName }}"
+        common:
+          guideEnabled: "false"
+          apiEnabled: "false"
+          rechargeEnabled: "false"
+          cfSiteKey: ""
+        database:
+          mongodbURI: "<your-mongodb-uri-base64>"
+          globalCockroachdbURI: "<your-global-database-url-base64>"
+          regionalCockroachdbURI: "<your-region-database-url-base64>"
+        desktop:
+          layout:
+            title: "Sealos Cloud"
+            logo: "/logo.png"
+            backgroundImage: "/images/bg-blue.svg"
+            meta:
+              title: "Sealos Cloud"
+              description: "Sealos Cloud"
+              keywords: "Sealos Cloud"
+              scripts: []
+            common:
+              githubStarEnabled: "true"
+          auth:
+            proxyAddress: ""
+            callbackURL: "https://{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}/callback"
+            signUpEnabled: "true"
+            baiduToken: ""
+            invite:
+              enabled: "false"
+            jwt:
+              internal: "<your-jwt-secret-base64>"
+              regional: "<your-jwt-secret-base64>"
+              global: "<your-jwt-secret-base64>"
+            idp:
+              password:
+                enabled: "true"
+                salt: "<your-password-salt-base64>"