From e31aaf40cec3cf4df2b4f73a16d0255d824cd08f Mon Sep 17 00:00:00 2001
From: yy <lingdie.yy@outlook.com>
Date: Thu, 27 Feb 2025 06:56:19 +0000
Subject: [PATCH 1/2] feat: sealos cloud deploy add a config in sealos-system

---
 deploy/cloud/scripts/init.sh | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/deploy/cloud/scripts/init.sh b/deploy/cloud/scripts/init.sh
index 37248ec705c..be2983940a9 100644
--- a/deploy/cloud/scripts/init.sh
+++ b/deploy/cloud/scripts/init.sh
@@ -11,6 +11,19 @@ localRegionUID=""
 
 tlsCrtPlaceholder="<tls-crt-placeholder>"
 acmednsSecretPlaceholder="<acmedns-secret-placeholder>"
+cloudDomainPlaceholder="<cloud-domain-placeholder>"
+cloudPortPlaceholder="<cloud-port-placeholder>"
+certSecretNamePlaceholder="<cert-secret-placeholder>"
+regionUIDPlaceholder="<region-uid-placeholder>"
+databaseMongodbURIPlaceholder="<mongodb-uri-placeholder>"
+databaseLocalCockroachdbURIPlaceholder="<local-cockroachdb-uri-placeholder>"
+databaseGlobalCockroachdbURIPlaceholder="<global-cockroachdb-uri-placeholder>"
+passwordEnabledPlaceholder="<password-enabled-placeholder>"
+passwordSaltPlaceholder="<password-salt-placeholder>"
+jwtInternalPlaceholder="<jwt-internal-placeholder>"
+jwtRegionalPlaceholder="<jwt-regional-placeholder>"
+jwtGlobalPlaceholder="<jwt-global-placeholder>"
+
 
 saltKey=""
 jwtInternal=""
@@ -43,6 +56,9 @@ function prepare {
 
   # create tls secret
   create_tls_secret
+
+  # update sealos-config configmap
+  update_sealos_config
 }
 
 # Function to retry `kubectl apply -f` command until it succeeds or reaches a maximum number of attempts
@@ -193,6 +209,24 @@ function create_tls_secret {
   fi
 }
 
+function update_sealos_config {
+  # use generated values to update sealos-config configmap
+  sed -i "s/$cloudDomainPlaceholder/$cloudDomain/g" manifests/sealos-config.yaml
+  sed -i "s/$cloudPortPlaceholder/$cloudPort/g" manifests/sealos-config.yaml
+  sed -i "s/$certSecretNamePlaceholder/$certSecretName/g" manifests/sealos-config.yaml
+  sed -i "s/$regionUIDPlaceholder/$localRegionUID/g" manifests/sealos-config.yaml
+  sed -i "s/$databaseMongodbURIPlaceholder/$mongodbUri/g" manifests/sealos-config.yaml
+  sed -i "s/$databaseLocalCockroachdbURIPlaceholder/$cockroachdbLocalUri/g" manifests/sealos-config.yaml
+  sed -i "s/$databaseGlobalCockroachdbURIPlaceholder/$cockroachdbGlobalUri/g" manifests/sealos-config.yaml
+  sed -i "s/$passwordEnabledPlaceholder/$passwordEnabled/g" manifests/sealos-config.yaml
+  sed -i "s/$passwordSaltPlaceholder/$saltKey/g" manifests/sealos-config.yaml
+  sed -i "s/$jwtInternalPlaceholder/$jwtInternal/g" manifests/sealos-config.yaml
+  sed -i "s/$jwtRegionalPlaceholder/$jwtRegional/g" manifests/sealos-config.yaml
+  sed -i "s/$jwtGlobalPlaceholder/$jwtGlobal/g" manifests/sealos-config.yaml
+  kubectl apply -f manifests/sealos-config.yaml
+}
+
+
 function sealos_run_desktop {
     echo "run desktop frontend"
     sealos run tars/frontend-desktop.tar \

From 69ae3a70e783ed0b2de2bd7214ba9098937809c8 Mon Sep 17 00:00:00 2001
From: yy <lingdie.yy@outlook.com>
Date: Thu, 27 Feb 2025 06:56:56 +0000
Subject: [PATCH 2/2] feat: sealos cloud deploy add a config in sealos-system

---
 deploy/admin/Kubefile                     |  8 ++++++
 deploy/admin/init.sh                      | 29 +++++++++++++++++++
 deploy/admin/scripts/init.sh              | 34 +++++++++++++++++++++++
 deploy/cloud/manifests/sealos-config.yaml | 18 ++++++++++++
 4 files changed, 89 insertions(+)
 create mode 100644 deploy/admin/Kubefile
 create mode 100644 deploy/admin/init.sh
 create mode 100644 deploy/admin/scripts/init.sh
 create mode 100644 deploy/cloud/manifests/sealos-config.yaml

diff --git a/deploy/admin/Kubefile b/deploy/admin/Kubefile
new file mode 100644
index 00000000000..13ffca5b68d
--- /dev/null
+++ b/deploy/admin/Kubefile
@@ -0,0 +1,8 @@
+FROM scratch
+
+USER 65532:65532
+
+COPY tars tars
+COPY scripts scripts
+
+CMD ["bash scripts/init.sh"]
diff --git a/deploy/admin/init.sh b/deploy/admin/init.sh
new file mode 100644
index 00000000000..a7628c737ab
--- /dev/null
+++ b/deploy/admin/init.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+export readonly ARCH=${1:-amd64}
+mkdir -p tars
+
+RetryPullImageInterval=3
+RetrySleepSeconds=3
+
+retryPullImage() {
+    local image=$1
+    local retry=0
+    local retryMax=3
+    set +e
+    while [ $retry -lt $RetryPullImageInterval ]; do
+        sealos pull --policy=always --platform=linux/"${ARCH}" $image >/dev/null && break
+        retry=$(($retry + 1))
+        echo "retry pull image $image, retry times: $retry"
+        sleep $RetrySleepSeconds
+    done
+    set -e
+    if [ $retry -eq $retryMax ]; then
+        echo "pull image $image failed"
+        exit 1
+    fi
+}
+
+retryPullImage ghcr.io/labring/sealos-cloud-admin:latest
+
+sealos save -o tars/frontend-admin.tar ghcr.io/labring/sealos-cloud-admin:latest
diff --git a/deploy/admin/scripts/init.sh b/deploy/admin/scripts/init.sh
new file mode 100644
index 00000000000..8521e5d08c6
--- /dev/null
+++ b/deploy/admin/scripts/init.sh
@@ -0,0 +1,34 @@
+# get sealos config
+function get_sealos_config {
+  # get cloudDomain from sealos-config configmap
+  cloudDomain=$(kubectl get configmap sealos-config -o jsonpath='{.data.cloudDomain}')
+  cloudPort=$(kubectl get configmap sealos-config -o jsonpath='{.data.cloudPort}')
+  certSecretName=$(kubectl get configmap sealos-config -o jsonpath='{.data.certSecretName}')
+  regionUID=$(kubectl get configmap sealos-config -o jsonpath='{.data.regionUID}')
+  databaseMongodbURI=$(kubectl get configmap sealos-config -o jsonpath='{.data.databaseMongodbURI}')
+  databaseGlobalCockroachdbURI=$(kubectl get configmap sealos-config -o jsonpath='{.data.databaseGlobalCockroachdbURI}')
+  databaseRegionalCockroachdbURI=$(kubectl get configmap sealos-config -o jsonpath='{.data.databaseRegionalCockroachdbURI}')
+  passwordEnabled=$(kubectl get configmap sealos-config -o jsonpath='{.data.passwordEnabled}')
+  passwordSalt=$(kubectl get configmap sealos-config -o jsonpath='{.data.passwordSalt}')
+  jwtInternal=$(kubectl get configmap sealos-config -o jsonpath='{.data.jwtInternal}')
+  jwtGlobal=$(kubectl get configmap sealos-config -o jsonpath='{.data.jwtGlobal}')
+  jwtRegional=$(kubectl get configmap sealos-config -o jsonpath='{.data.jwtRegional}')
+}
+
+function install_admin {
+  # get sealos config
+  get_sealos_config
+
+  # install admin
+  echo "run sealos admin frontend"
+  sealos run tars/frontend-admin.tar \
+  --env cloudDomain=$cloudDomain \
+  --env cloudPort=$cloudPort \
+  --env certSecretName=$certSecretName \
+  --env regionUid=$regionUID \
+  --env databaseMongodbURI="${databaseMongodbURI}/sealos-auth?authSource=admin" \
+  --env databaseGlobalCockroachdbURI=$databaseGlobalCockroachdbURI \
+  --env databaseRegionalCockroachdbURI=$databaseRegionalCockroachdbURI \
+  --env jwtInternal=$jwtInternal \
+  --env jwtGlobal=$jwtGlobal
+}
diff --git a/deploy/cloud/manifests/sealos-config.yaml b/deploy/cloud/manifests/sealos-config.yaml
new file mode 100644
index 00000000000..e4fd6ff6f72
--- /dev/null
+++ b/deploy/cloud/manifests/sealos-config.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sealos-config
+  namespace: sealos-system
+data:
+  cloudDomain: "<cloud-domain-placeholder>"
+  cloudPort: "<cloud-port-placeholder>"
+  certSecretName: "<cert-secret-placeholder>"
+  regionUID: "<region-uid-placeholder>"
+  databaseMongodbURI: "<mongodb-uri-placeholder>"
+  databaseLocalCockroachdbURI: "<local-cockroachdb-uri-placeholder>"
+  databaseGlobalCockroachdbURI: "<global-cockroachdb-uri-placeholder>"
+  passwordEnabled: "<password-enabled-placeholder>"
+  passwordSalt: "<password-salt-placeholder>"
+  jwtInternal: "<jwt-internal-placeholder>"
+  jwtRegional: "<jwt-regional-placeholder>"
+  jwtGlobal: "<jwt-global-placeholder>"