feat(core): standardized sealos cloud core component deployment

[bxy4543]

Helm Chart Deployment Structure Standardization & Values Splitting Proposal

1. Standardized Directory Structure

deploy/
├── charts/
│   └── {service-name}/
│       ├── Chart.yaml
│       ├── values.yaml                        # Default / base values (should NOT be modified)
│       │                                        # Contains infra defaults + reference values for auto-injected fields
│       ├── {service-name}-values.yaml         # User customization template
│       └── templates/
│           ├── deployment.yaml
│           ├── service.yaml
│           └── ...
├── Kubefile
├── {service}-entrypoint.sh
└── README.md

2. Helm Values Splitting Rules

2.1 Splitting Principles

values.yaml (Default / Protected Values – should not be edited by users)

Contains fields that are:

• Image related: image, imagePullPolicy
• Core overrides: imagePullSecrets, nameOverride, fullnameOverride
• ServiceAccount: create, automountServiceAccountToken, annotations, name
• Pod metadata & security: podAnnotations, podLabels, podSecurityContext, securityContext
• Service & ingress base config
• Probes: livenessProbe, readinessProbe
• Scheduling: nodeSelector, tolerations, affinity
• Storage: volumes, volumeMounts
• Infra toggles: metrics.enabled (default: false)
• Auto-injected reference values (for documentation only):
  • Fields that will be overridden by entrypoint.sh (e.g. domain, secrets, JWT, etc.)
  • Must be clearly commented as “auto-configured / will be overridden”

{service-name}-values.yaml (User Customization Template)

Contains fields users most commonly want to customize:

• Replica count: replicaCount
• Resource requests & limits: resources
• Environment variables:
  • env
  • *Env blocks (e.g. accountEnv, desktopConfig, appConfig, etc.)
• Business / application configuration:
  • Feature flags
  • URLs / endpoints
  • Authentication settings
  • Database / Redis / MQ connection strings
  • Other service-specific parameters

Important Rules:

• Add clear comment block at the top explaining which fields are auto-injected and will be overridden
• Remove all auto-configured fields from this file to prevent confusion / conflicts
• Auto-configured values are injected via --set / --set-string in entrypoint.sh
• Prefer --set-string for string values
• This file is used as a template → copied to /root/.sealos/cloud/values/core/{service-name}-values.yaml on first deployment

2.2 Value Loading Priority (lowest → highest)

1. values.yaml
   → Base defaults + documentation of auto-injected values

2. /root/.sealos/cloud/values/core/{service-name}-values.yaml
   → User-provided customizations

3. HELM_OPTIONS / command-line --set flags
   → Highest priority (overrides everything above)

3. Deployment Script (*-entrypoint.sh) Changes

3.1 User Values File Preparation (new logic)

SERVICE_NAME="{service-name}"
USER_VALUES_PATH="/root/.sealos/cloud/values/core/${SERVICE_NAME}-values.yaml"

# Copy template to user location if it doesn't exist yet
if [ ! -f "${USER_VALUES_PATH}" ]; then
  mkdir -p "$(dirname "${USER_VALUES_PATH}")"
  cp "./charts/${SERVICE_NAME}/${SERVICE_NAME}-values.yaml" "${USER_VALUES_PATH}"
fi

3.2 Auto-configuration Logic (add when needed)

AUTO_CONFIG_HELM_OPTS=""

# Example: fetch values from sealos-system ConfigMap
CLOUD_DOMAIN=$(get_cm_value sealos-system sealos-config cloudDomain)
[ -n "$CLOUD_DOMAIN" ] && AUTO_CONFIG_HELM_OPTS="$AUTO_CONFIG_HELM_OPTS --set-string desktopConfig.cloudDomain=$CLOUD_DOMAIN"

JWT_INTERNAL=$(get_cm_value sealos-system sealos-config jwtInternal)
[ -n "$JWT_INTERNAL" ] && AUTO_CONFIG_HELM_OPTS="$AUTO_CONFIG_HELM_OPTS --set-string desktopConfig.jwtInternal=$JWT_INTERNAL"

# ... add more auto-config items as needed ...

Auto-config Best Practices:

• Always prefer --set-string for string values
• Add null/empty checks to avoid injecting empty values
• Clearly document (in values.yaml and README) which fields are auto-injected
• Auto-config values override same keys in user values file

3.3 Updated helm upgrade Command

helm upgrade -i "{RELEASE_NAME}" \
  -n "{RELEASE_NAMESPACE}" \
  --create-namespace \
  "{CHART_PATH}" \
  -f "./charts/${SERVICE_NAME}/values.yaml" \
  -f "${USER_VALUES_PATH}" \
  ${AUTO_CONFIG_HELM_OPTS} \
  ${HELM_ARGS}

4. Summary – Core Components Optimized by This PR

This PR standardizes the Helm chart structure, values splitting strategy, auto-configuration injection, and deployment script behavior across multiple core Sealos components.
Affected core components:

core/
├── frontend/
│   ├── desktop-frontend
│   ├── costcenter-frontend
│   └── license-frontend
├── controller/
│   ├── user-controller
│   ├── account-controller
│   ├── license-controller
│   └── resources-controller
├── service/
│   └── account-service
└── job / misc
    ├── init-job
    └── init-heartbeat

[pull-request-size]

Whoa! Easy there, Partner!

This PR is too big. Please break it up into smaller PRs.

[github-actions]

🤖 says: cherry pick action finished successfully 🎉!
See: https://github.com/labring/sealos/actions/runs/23882644586