Merge pull request #1 from kubesphere/master

2020.11.06

sig-devops/README.md

@@ -6,6 +6,8 @@ The DevOps SIG is to design and implement the DevOps functionalities including p
 
 - Jeff Zhang ([@zryfish](https://github.com/zryfish)), Lead
 - Shaowen Chen ([@shaowenchen](https://github.com/shaowenchen)), Member
+- Rick ([@linuxsuren](https://github.com/linuxSuRen/)), Member
+- Harrison Liu ([@harrisonliu5](https://github.com/harrisonliu5)), Member
 
 ## Documents
 

sig-docs/localization/ZH-CN Localization Task.md

@@ -1,4 +1,4 @@
-# Simplified Chinese Localization Task List of KubeSphere Documentation 3.0 
+# Simplified Chinese Localization Task List of KubeSphere Documentation 3.0
 
 The tables below contain all the guides in KubeSphere documentation that need to be translated into Simplified Chinese. Not all guides in the documentation are in it since some guides are not ready for translation yet. These tables will be updated regularly.
 
@@ -23,7 +23,7 @@ Please read the following rules before you claim a task:
 
 | Installing on Linux                                          | Translator                  | PR Link |
 | ------------------------------------------------------------ | --------------------------- | ------- |
-| [Index Page](https://kubesphere.io/docs/installing-on-linux/) | https://github.com/hantmac  |         |
+| [Index Page](https://kubesphere.io/docs/installing-on-linux/) | https://github.com/hantmac  |  https://github.com/kubesphere/website/pull/434   |
 | [Overview](https://kubesphere.io/docs/installing-on-linux/introduction/intro/) |                             |         |
 | [Multi-node Installation](https://kubesphere.io/docs/installing-on-linux/introduction/multioverview/) |                             |         |
 | [Air-gapped Installation](https://kubesphere.io/docs/installing-on-linux/introduction/air-gapped-installation/) |                             |         |
@@ -77,30 +77,38 @@ Please read the following rules before you claim a task:
 
 | Cluster Administration                                       | Translator | PR Link |
 | ------------------------------------------------------------ | ---------- | ------- |
-| [Cluster Status Monitoring](https://kubesphere.io/docs/cluster-administration/cluster-status-monitoring/) |            |         |
+| [Cluster Status Monitoring](https://kubesphere.io/docs/cluster-administration/cluster-status-monitoring/) | [Kai Zhang](https://github.com/mvpzhangkai)         |         |
 | [Application Resources Monitoring](https://kubesphere.io/docs/cluster-administration/application-resources-monitoring/) |            |         |
-| [Mail Server](https://kubesphere.io/docs/cluster-administration/cluster-settings/mail-server/) | https://github.com/shenhonglei |         |
+| [Mail Server](https://kubesphere.io/docs/cluster-administration/cluster-settings/mail-server/) | https://github.com/shenhonglei | [458](https://github.com/kubesphere/website/pull/458) |
 | [Node Management](https://kubesphere.io/docs/cluster-administration/nodes/) |  | |
 | [Cluster Shutdown and Restart](https://kubesphere.io/docs/cluster-administration/shuting-down-and-restart-cluster-cracefully/) |  | |
 | [Alerting Policy (Node Level)](https://kubesphere.io/docs/cluster-administration/cluster-wide-alerting-and-notification/alerting-policy/) |  | |
 | [Alerting Message (Node Level)](https://kubesphere.io/docs/cluster-administration/cluster-wide-alerting-and-notification/alerting-message/) |  | |
 | [Index Page](https://kubesphere.io/docs/cluster-administration/) |  | |
 
-| Project User Guide                                           | Translator | PR Link |
+| Project User Guide                                           | Translator                                    | PR Link |
+| ------------------------------------------------------------ | --------------------------------------------- | ------- |
+| [Index Page](https://kubesphere.io/docs/project-user-guide/) | [shenhonglei](https://github.com/shenhonglei) | [464](https://github.com/kubesphere/website/pull/464)        |
+| [Deployments](https://kubesphere.io/docs/project-user-guide/application-workloads/deployments/) |                                               |         |
+| [StatefulSets](https://kubesphere.io/docs/project-user-guide/application-workloads/statefulsets/) |                                               |         |
+| [DaemonSets](https://kubesphere.io/docs/project-user-guide/application-workloads/daemonsets/) |                                               |         |
+| [Jobs](https://kubesphere.io/docs/project-user-guide/application-workloads/jobs/) |                                               |         |
+| [CronJobs](https://kubesphere.io/docs/project-user-guide/application-workloads/cronjob/) |                                               |         |
+| [Services](https://kubesphere.io/docs/project-user-guide/application-workloads/services/) |                                               |         |
+| [Container Image Settings](https://kubesphere.io/docs/project-user-guide/application-workloads/container-image-settings/) |                                               |         |
+| [Introduction](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/introduction/) |                                               |         |
+| [Monitor MySQL](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/get-started/monitor-mysql/) |                                               |         |
+| [Monitor Sample Web](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/get-started/monitor-sample-web/) |                                               |         |
+| [Overview](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/visualization/overview/) |                                               |         |
+| [Panels](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/visualization/panel/) |                                               |         |
+| [Querying](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/visualization/querying/) |                                               |         |
+| [Alerting Policy (Workload Level)](https://kubesphere.io/docs/project-user-guide/alerting/alerting-policy/) |                                               |         |
+| [Alerting Message (Workload Level)](https://kubesphere.io/docs/project-user-guide/alerting/alerting-message/) |                                               |         |
+
+| DevOps User Guide                                            | Translator | PR Link |
 | ------------------------------------------------------------ | ---------- | ------- |
-| [Index Page](https://kubesphere.io/docs/project-user-guide/) |            |         |
-| [Deployments](https://kubesphere.io/docs/project-user-guide/application-workloads/deployments/) |            |         |
-| [StatefulSets](https://kubesphere.io/docs/project-user-guide/application-workloads/statefulsets/) |            |         |
-| [DaemonSets](https://kubesphere.io/docs/project-user-guide/application-workloads/daemonsets/) |            |         |
-| [Jobs](https://kubesphere.io/docs/project-user-guide/application-workloads/jobs/) |            |         |
-| [CronJobs](https://kubesphere.io/docs/project-user-guide/application-workloads/cronjob/) |            |         |
-| [Services](https://kubesphere.io/docs/project-user-guide/application-workloads/services/) |            |         |
-| [Container Image Settings](https://kubesphere.io/docs/project-user-guide/application-workloads/container-image-settings/) |            |         |
-| [Introduction](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/introduction/) |            |         |
-| [Monitor MySQL](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/get-started/monitor-mysql/) |            |         |
-| [Monitor Sample Web](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/get-started/monitor-sample-web/) |            |         |
-| [Overview](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/visualization/overview/) |            |         |
-| [Panels](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/visualization/panel/) |            |         |
-| [Querying](https://kubesphere.io/docs/project-user-guide/custom-application-monitoring/visualization/querying/) |            |         |
-| [Alerting Policy (Workload Level)](https://kubesphere.io/docs/project-user-guide/alerting/alerting-policy/) |            |         |
-| [Alerting Message (Workload Level)](https://kubesphere.io/docs/project-user-guide/alerting/alerting-message/) |            |         |
+| [Index Page](https://kubesphere.io/docs/devops-user-guide/)  |            |         |
+| [Credential Management](https://kubesphere.io/docs/devops-user-guide/how-to-use/credential-management/) |            |         |
+| [Set CI Node for Dependency Cache](https://kubesphere.io/docs/devops-user-guide/how-to-use/set-ci-node/) |            |         |
+| [Set Email Server for KubeSphere Pipelines](https://kubesphere.io/docs/devops-user-guide/how-to-use/jenkins-email/) |            |         |
+| [Integrate SonarQube into Pipeline](https://kubesphere.io/docs/devops-user-guide/how-to-integrate/sonarqube/) |            |         |

sig-edge/README.md

@@ -10,7 +10,7 @@ The mission of Edge Computing SIG is to enable edge computing with modern contai
 
 ## Meetings
 
-[Meeting notes](https://docs.google.com/document/d/1JHL5rlNRJE9FieiTrE6n_PXyLAQ4b-BnAmi-MtOT3Xc)
+[Meeting notes](https://docs.google.com/document/d/1VF4G7Gsi0PFplDYkX0rRsMeXpkf9WGPumQi3BkaNRXk)
 
 ## Contact
 

sig-edge/concepts-and-designs/kubesphere-kubeedge-integration.md

@@ -19,13 +19,26 @@ Users can toggle enable/disable and modify parameters of KubeEdge CloudClore on
 | CloudCore Service Type | Service expose method | String | NodePort (NodePort/LoadBalancer) |
 | CloudHub advertiseAddress | Exposed IP address for EdgeCore to connect | String | Public IP address of KS cluster in NodePort mode / Service attached LB IP |
 | CloudHub nodeLimit | node limit for edge nodes | Int | 100 |
-| CloudHub port | Port number of CloudHub service | Int | 31000(NodePort) / 10000(LB) |
-| CloudHub https port | Port number of CloudHub https service | Int | 31002(NodePort) / 10002(LB) |
+| Enable CloudHub websocket | Enable CloudHub websocket, basic service | Bool | True |
+| Enable CloudHub https | Enable CloudHub https, basic service | Bool | True |
+| Enable CloudHub Quic | Enable CloudHub Quic | Bool | False |
 | Enable CloudStream | Enable CloudStream component, required by logs and metrics | Bool | True |
+| CloudHub websocket port | Port number of CloudHub websocket service | Int | 31000(NodePort) / 10000(LB) |
+| CloudHub Quic port | Port number of CloudHub Quic service | Int | 31001(NodePort) / 10001(LB) |
+| CloudHub https port | Port number of CloudHub https service | Int | 31002(NodePort) / 10002(LB) |
 | CloudStream port  | Port number of CloudStream service | Int | 31003(NodePort) / 10003(LB) |
 | CloudTunnel port  | Port number of CloudTunnel service | Int | 31004(NodePort) / 10004(LB) |
 
-- KubeEdge component can be installed by one helm chart.
+## Edge-Watcher config
+
+| Parameter | Description | Type | Default |
+| --------- | ----------- | ---- | ------- |
+| Destination node address | Destination address of log/metrics request | String | Master/Worker node address of cluster |
+| Destination node port | Destination port of log/metrics request | String | 31003 |
+| Log port | Port of log request | String | 10350 |
+| Metrics port | Port of metrics request | String | 10250 |
+
+- KubeEdge and edge-watcher are installed by one helm chart.
 - After KubeEdge enabled, UI should prompt users to enable firewall and port mapping for KubeEdge service ports.
 
 # E2. Edge nodes logging and metrics
@@ -40,9 +53,9 @@ Each edge node required 2 iptables entries to enable logging and metrics fetchin
 TCP 192.168.100.1:10250 -> cloudcore-ip:10003(Can be 192.168.1.10:31003 in NodePort mode)
 TCP 192.168.100.1:10350 -> cloudcore-ip:10003(Can be 192.168.1.10:31003 in NodePort mode)
 
-Edge-router controller component is developed to maintain iptables entries according to edge nodes status, and installs together with kubeedge when enables it.
+Edge-watcher and iptables-operator components are developed to maintain iptables entries according to edge nodes status, and installs together with kubeedge when enables it.
 
-![Edge-router](../images/edge-router.png)
+![Edge-watcher](../images/edge-watcher.png)
 
 ## Edge node logging
 
@@ -150,10 +163,12 @@ Pod level metrics (real-time data)
 
 # E3. Convenient edge node joining and exiting
 
-Edge nodes needs CloudHub IP address and token to join in cluster. This token is fetch using following commands.
+![edge_join_1](../images/edge_join_1.png)
+
+Set edge node parameter on UI.
+
+![edge_join_2](../images/edge_join_2.png)
+
+Download installer and config file, copy to edge node and join.
 
-```Shell
-kubectl get secret tokensecret -n kubeedge -ojson | jq -r ".data.tokendata" | base64 -d
-```
 
-KubeEdge compoments should display token on UI or generate a config file, then use keadmin or customized installer with config file to join cluster.

sig-multitenancy/concepts-and-designs/user-group-designs.md

@@ -0,0 +1,120 @@
+# User Group Design
+
+## Objective
+
+Kubesphere uses RBAC authorization to drive authorization decisions. But roles only can be assigned to individual users currently, which is inconvenient in some scenarios. For example, one team may need to manage multiple projects in a workspace, but we can only grant all projects permission with the role of workspace level, or we have to invite users to those projects one by one and grant with a role of project level.
+
+By binding the project role to a Group, we can grant multiple projects' permission to the group then all the users in the group have access to those projects.
+
+### User group management of platform level
+
+At the platform level, the user group will be shown as a hierarchical structure of workspace and groups of the workspace. Admins will be able to assign users to a group.
+
+> Note: Grant permission of the platform level won't be supported, since those permissions are privileged.
+
+### User group management of workspace level 
+
+At the workspace level, admins can grant permission to a group by binding roles to the group. Groups are isolated between workspaces since groups are the subresources of the workspace.
+
+## Outline
+
+1. Create groups in Workspace
+2. Bind group with Project Role
+3. Bind group with DevOps Project Role
+4. Bind group with Workspace Role
+5. Add members to the group in Workspace and Platform, grant permissions to a group in Workspace
+6. Create hierarchical groups
+
+![Group Design](user-group-designs.png "Group Design")
+
+## Authorization process
+
+The Authorization process is shown below.
+
+![Group authorization](user-group-authorization.png "Group authorization")
+
+## Scenario
+
+- case 1: Grant `user2`, `user3`, `user4` with `demo-project`, `demo4-project` Admin permisison
+- case 2: Grant `user1`, `user2` with `demo-project\viewer`, `demo2-project\admin` permission
+
+As scenarios described above, we can create the following User, Group, and Group-Role Bindings.
+
+> Lines with Strike show the capability of the Group, which doesn't use in the case.
+
+1. Groups
+ - Group1
+   - ~~Group Sub1~~
+   - ~~Group Sub2~~
+ - Group2
+   - ~~Group Sub3~~
+   - ~~Group Sub4~~
+
+2. Group-Role Bindings
+ - Group1 
+   - demo-project\viewer
+   - demo2-project\admin
+ - Group2
+   - demo-project\admin
+   - demo4-project\admin
+3. Group-User Bindings
+ - Group1
+   - user1
+   - user2
+ - Group2
+   - user2
+   - user3
+   - user4
+
+
+### Optional feature
+
+we can support one the the following feature.
+
+1. Inherit Permission: User in the subgroup will inherit all the permissions of the parent permission.
+2. Limit Permission: Subgroup can be only granted with the permission of the parent. 
+
+## Data Structure
+
+The following CRDs will be created or used in the Group.
+
+### Group
+
+The Group defines the groups created by the user. And present the relations between groups.
+
+```yaml
+apiVersion: iam.kubesphere.io/v1alpha1
+kind: Group
+metadata:
+  labels:
+    iam.kubesphere.io/group-parent: group1
+  name: group2
+```
+
+### GroupBinding
+
+GroupBinding is used to present relations between Group and User.
+
+```yaml
+apiVersion: iam.kubesphere.io/v1alpha1
+kind: GroupBinding
+metadata:
+  labels:
+    iam.kubesphere.io/group-ref: group1
+    iam.kubesphere.io/user-ref: user2
+  name: groupbinding-sample1
+subjectRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: user2
+groupRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: group1
+```
+
+### RoleBinding
+
+RoleBinding is Kubernetes's internal Kind. Which is used to bind Role and Group.
+
+

sig-observability/README.md

@@ -20,8 +20,8 @@ The Observability SIG is to design and implement the observability features for
 
 - [Concept of KubeSphere Logging](concepts-and-designs/kubesphere-logging-v3.0.0.md)
 - [Concept of KubeSphere Monitoring](./concepts-and-designs/kubesphere-monitoring-v3.0.0.md)
-- [Development Guide of KubeSphere Logging](./development/kubesphere-logging-development-guide.md)
-- [Development Guide of KubeSphere Monitoring](./development/kubesphere-monitoring-development-guide.md)
+- [Development Guide of KubeSphere Logging](./development/kubesphere-logging-development-guide-v3.0.0.md)
+- [Development Guide of KubeSphere Monitoring](./development/kubesphere-monitoring-development-guide-v3.0.0.md)
 
 ## Members
 

sig-observability/concepts-and-designs/202009_custom-monitoring-enhancement.md

@@ -208,8 +208,8 @@ For users familiar with Grafana, query variable is a helpful feature when it com
 
 |Function|Description|
 |---|---|
-|label_values(<label>)|List all label values from every metric|
-|label_value(<metric>, <label>)|List all label values from the specific metic|
+|label_values(\<label\>)|List all label values from every metric|
+|label_value(\<metric\>, \<label\>)|List all label values from the specific metic|
 
 To use variables in dashboards, you put `$<variable_name>` in place in your PromQL expressions.
 

sig-observability/concepts-and-designs/multi-tenant notification.md

@@ -62,16 +62,16 @@
 
 ## Requirements ##
 
-- User can define the channels for receiving notifications, including email, wechat, slack, webhook and dingtalk, by creating the corresponding receiver and config.
-- A user only has one receiver or config in the same type.
-- A user can update, delete, get the receiver, and config created by oneself.
-- A user can get the default config.
-- The receiver created by the user can use the config create by the user and the default config.
+- Every user can customize the channels for receiving notifications, including email, wechat, slack, webhook and dingtalk, by customizing his own receiver and config. A user can only have one receiver or config of the same type.
+
+![](../images/tenant-receiver-config.png)
+
+- The platform administrator can customize the global channel for receiving all notifications by customizing the global receivers and the default configs. Only one global receiver or default config is allowed for each type.
+
+![](../images/global-receiver-config.png)
+
+- The receiver of user will use the default config if his own config is not set.
 - All receivers and configs are in the namespace `kubesphere-monitoring-system`.
-- The platform administrator can create a global channel for receiving all notifications by creating global receivers.
-- The platform administrator can create a global default configuration by creating a default config.
-- Each type of global receiver and default config can be only one. 
-- The global receiver can only use the default config.
 - Before deleting the user, it should get all the receivers and configs of the user, and delete them.
 
 ## Parameters