frontend/desktop/deploy/HELM_VALUES_GUIDE_CN.md
本文档介绍如何通过 HELM_OPTIONS 环境变量传递 Helm --set 参数来自定义 Desktop Frontend 的所有配置项。
HELM_OPTIONS 使用 --set 参数sealos run desktop-frontend:latest \
-e HELM_OPTIONS="--set desktopConfig.cloudDomain=cloud.example.com --set desktopConfig.layoutTitle=\"我的云平台\""
--set-string 参数(用于确保值被当作字符串处理)sealos run desktop-frontend:latest \
-e HELM_OPTIONS="--set-string desktopConfig.realNameReward=0"
环境变量优先级高于 HELM_OPTIONS 中的 --set 参数:
# 环境变量会覆盖 HELM_OPTIONS 中的值
sealos run desktop-frontend:latest \
-e HELM_OPTIONS="--set desktopConfig.cloudDomain=from-helm.com" \
-e CLOUD_DOMAIN=from-env.com # 这个值会生效
desktopConfig:
cloudDomain: "cloud.example.com" # 云域名
cloudPort: "" # 云端口(默认 443)
regionUID: "region-123" # 区域 UID
certSecretName: "wildcard-cert" # TLS 证书 Secret 名称
desktopConfig:
databaseMongodbURI: "mongodb://user:pass@mongodb:27017"
databaseGlobalCockroachdbURI: "postgres://user:pass@cockroachdb:26257"
databaseLocalCockroachdbURI: "postgres://user:pass@cockroachdb-local:26257"
desktopConfig:
passwordSalt: "your-random-salt" # 密码哈希盐
jwtInternal: "your-jwt-internal-key" # 内部 JWT 密钥
jwtRegional: "your-jwt-regional-key" # 区域 JWT 密钥
jwtGlobal: "your-jwt-global-key" # 全局 JWT 密钥
desktopConfig:
billingUrl: "http://account-service.account-system.svc:2333"
billingToken: "your-billing-token"
desktopConfig:
version: "en" # UI 版本: "cn" 或 "en"
# forcedLanguage 和 currencySymbol 会根据 version 自动配置:
# - version: "cn" → forcedLanguage: "zh", currencySymbol: "shellCoin"
# - version: "en" → forcedLanguage: "en", currencySymbol: "usd"
desktopConfig:
gtmId: "GTM-XXXXXXXX" # GTM ID
desktopConfig:
discordInviteLink: "https://discord.gg/sealos"
desktopConfig:
guideEnabled: false # 启用用户引导
apiEnabled: false # 启用 API 访问
rechargeEnabled: false # 启用充值功能
enterpriseRealNameAuthEnabled: false # 启用企业实名认证
trackingEnabled: false # 启用追踪/统计
realNameAuthEnabled: false # 启用实名认证
licenseCheckEnabled: false # 启用 License 检查
desktopConfig:
realNameReward: 0
realNameCallbackUrl: "https://cloud.example.org/api/account/callback"
templateUrl: "https://template.example.org"
applaunchpadUrl: "https://applaunchpad.example.org"
dbproviderUrl: "https://dbprovider.example.org"
objectstorageUrl: "https://objectstorage.example.org"
cfSiteKey: ""
desktopConfig:
layoutTitle: "Sealos Cloud" # 平台标题
layoutLogo: "/logo.svg" # Logo 路径
layoutBackgroundImage: "/images/bg-light.svg" # 背景图片
customerServiceURL: "" # 客服 URL
layoutDocsUrl: "https://sealos.run/docs/Intro/" # 文档 URL
desktopConfig:
metaTitle: "Sealos Cloud"
metaDescription: "Sealos Cloud"
metaKeywords: "Sealos Cloud"
desktopConfig:
githubEnabled: true
githubClientId: "your-github-client-id"
githubClientSecret: "your-github-client-secret"
githubProxyAddress: "" # 代理地址(可选)
desktopConfig:
wechatEnabled: true
wechatClientId: "your-wechat-app-id"
wechatClientSecret: "your-wechat-app-secret"
wechatProxyAddress: "" # 代理地址(可选)
desktopConfig:
googleEnabled: true
googleClientId: "your-google-client-id.apps.googleusercontent.com"
googleClientSecret: "your-google-client-secret"
googleProxyAddress: "" # 代理地址(可选)
desktopConfig:
oauth2Enabled: true
oauth2CallbackUrl: "https://cloud.example.com/callback"
oauth2ClientId: "your-oauth2-client-id"
oauth2ClientSecret: "your-oauth2-client-secret"
oauth2AuthUrl: "https://oauth2.example.com/oauth2/auth"
oauth2TokenUrl: "https://oauth2.example.com/oauth2/token"
oauth2UserInfoUrl: "https://oauth2.example.com/oauth2/userinfo"
oauth2ProxyAddress: "" # 代理地址(可选)
desktopConfig:
turnstileEnabled: true
turnstileSiteKey: "your-turnstile-site-key"
turnstileSecretKey: "your-turnstile-secret-key"
desktopConfig:
aliCaptchaEnabled: true
aliCaptchaEndpoint: "https://captcha.aliyuncs.com"
aliCaptchaSceneId: "your-scene-id"
aliCaptchaPrefix: "your-prefix"
aliCaptchaAccessKeyID: "your-access-key-id"
aliCaptchaAccessKeySecret: "your-access-key-secret"
desktopConfig:
smsEnabled: true
smsAliEnabled: true
smsAliEndpoint: "https://dysmsapi.aliyuncs.com"
smsAliTemplateCode: "SMS_123456789"
smsAliSignName: "YourSignName"
smsAliAccessKeyID: "your-access-key-id"
smsAliAccessKeySecret: "your-access-key-secret"
desktopConfig:
emailEnabled: true
emailHost: "smtp.example.com"
emailPort: 587
emailUser: "[email protected]"
emailPassword: "your-email-password"
emailLanguage: "zh"
desktopConfig:
trackingWebsiteId: "your-website-id"
trackingHostUrl: "https://umami.example.com"
trackingScriptUrl: "https://umami.example.com/script.js"
desktopConfig:
realNameOSSAccessKey: "your-oss-access-key"
realNameOSSAccessKeySecret: "your-oss-secret-key"
realNameOSSEndpoint: "oss-cn-hangzhou.aliyuncs.com"
realNameOSSSSL: true
realNameOSSPort: 443
realNameOSSRealNameBucket: "realname-bucket"
realNameOSSEnterpriseRealNameBucket: "enterprise-realname-bucket"
desktopConfig:
workorderUrl: "https://workorder.example.com"
cloudVirtualMachineUrl: "https://cloudvirtualmachine.example.com"
desktopConfig:
maxTeamCount: 10 # 最大团队数
maxTeamMemberCount: 100 # 每个团队最大成员数
sealos run desktop-frontend:latest \
-e HELM_OPTIONS="--set desktopConfig.cloudDomain=mycloud.com --set desktopConfig.layoutTitle=\"我的云平台\" --set desktopConfig.metaTitle=\"我的云平台\" --set desktopConfig.metaDescription=\"欢迎使用我的云平台\""
sealos run desktop-frontend:latest \
-e HELM_OPTIONS="--set desktopConfig.githubEnabled=true --set desktopConfig.githubClientId=your-github-id --set desktopConfig.githubClientSecret=your-github-secret --set desktopConfig.googleEnabled=true --set desktopConfig.googleClientId=your-google-id --set desktopConfig.googleClientSecret=your-google-secret"
sealos run desktop-frontend:latest \
-e HELM_OPTIONS="--set desktopConfig.smsEnabled=true --set desktopConfig.smsAliEnabled=true --set desktopConfig.smsAliEndpoint=https://dysmsapi.aliyuncs.com --set desktopConfig.smsAliAccessKeyID=your-key-id --set desktopConfig.smsAliAccessKeySecret=your-key-secret --set desktopConfig.emailEnabled=true --set desktopConfig.emailHost=smtp.example.com --set desktopConfig.emailPort=587 --set [email protected] --set desktopConfig.emailPassword=your-password"
对于生产环境的多个配置,直接通过 HELM_OPTIONS 传递所有 Helm values:
sealos run desktop-frontend:latest \
-e HELM_OPTIONS="
--set desktopConfig.cloudDomain=production.example.com
--set desktopConfig.regionUID=prod-region-001
--set desktopConfig.version=cn
--set desktopConfig.githubEnabled=true
--set desktopConfig.githubClientId=prod-github-id
--set desktopConfig.githubClientSecret=prod-github-secret
--set desktopConfig.smsEnabled=true
--set desktopConfig.smsAliEnabled=true
--set desktopConfig.smsAliAccessKeyID=prod-sms-key-id
--set desktopConfig.smsAliAccessKeySecret=prod-sms-key-secret
--set desktopConfig.emailEnabled=true
--set desktopConfig.emailHost=smtp.production.example.com
--set desktopConfig.emailPort=587
--set [email protected]
--set desktopConfig.emailPassword=prod-email-password
--set desktopConfig.trackingEnabled=true
--set desktopConfig.trackingWebsiteId=prod-website-id
"
提示:
HELM_OPTIONS 传递true/false,数字不需要引号,字符串建议使用引号. 分隔嵌套层级,如 desktopConfig.githubClientId[] 索引,如 ingress.hosts[0].host--set-string 或反斜杠转义引号(如 \")HELM_OPTIONS 中,字符串包含引号时需要转义(如 --set desktopConfig.layoutTitle=\"我的云平台\")部署后可以查看生成的 ConfigMap 验证配置:
kubectl get configmap sealos-desktop-config -n sealos -o yaml
或在 Pod 中查看实际配置:
kubectl exec -n sealos deployment/sealos-desktop -- cat /app/data/config.yaml