feat: refactor disk utility functions to improve disk size retrieval and add comprehensive device handling

feat: ensure authUrl has worked

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,23 +1,17 @@
-* **Please check if the PR fulfills these requirements**
-- [ ] The commit message follows our guidelines
-- [ ] Tests for the changes have been added (for bug fixes / features)
-- [ ] Docs have been added / updated (for bug fixes / features)
+Title: <subsystem>:  <what changed>
+<!-- If the changes affect two subsystems, use a comma (and a whitespace) to separate them like util/codec, util/types:. -->
 
+* **Background**
+<!-- Provide background information about the changes here -->
 
-* **What kind of change does this PR introduce?** (Bug fix, feature, docs update, ...)
+* **Target Version for Merge**
+<!-- Specify the version to which these changes need to be merged -->
 
+* **Related Issues**
+<!-- Reference any related issues here, if applicable -->
 
-
-* **What is the current behavior?** (You can also link to an open issue here)
-
-
-
-* **What is the new behavior (if this is a feature change)?**
-
-
-
-* **Does this PR introduce a breaking change?** (What changes might users need to make in their application due to this PR?)
-
+* **PRs Involving Sub-Systems** 
+<!-- List any PRs involving sub-systems, if applicable -->
 
 
 * **Other information**:

.github/workflows/build-redis-231.yaml

@@ -0,0 +1,20 @@
+name: Build and Upload Redis
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push:
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash build/build-redis.sh linux/amd64 glibc-231

.github/workflows/build-redis.yaml

@@ -0,0 +1,43 @@
+name: Build and Upload Redis
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash build/build-redis.sh linux/amd64
+
+  push-arm64:
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: Clean
+        run: |
+          sudo rm -rf redis*
+          
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      - name: Install tools
+        run: |
+          sudo apt install -y make gcc
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          sudo -E sh -c "bash build/build-redis.sh linux/arm64 && rm -rf redis*"

.github/workflows/build-ubuntu2204.yaml

@@ -0,0 +1,20 @@
+name: Build and Upload WSL Ubuntu2204
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash build/build-ubuntu2204.sh

.github/workflows/build-wsl2326.yaml

@@ -0,0 +1,20 @@
+name: Build and Upload WSL MSI
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash build/build-wsl-install-msi.sh

.github/workflows/check.yaml

@@ -3,8 +3,12 @@ name: Lint and Test Charts
 on:
   push:
     branches: [ "main", "release-*" ]
+    paths-ignore:
+      - 'docs/**'    
   pull_request_target:
     branches: [ "main", "release-*" ]
+    paths-ignore:
+      - 'docs/**'    
 
   workflow_dispatch:
 
@@ -13,13 +17,6 @@ jobs:
   lint-test:
     runs-on: ubuntu-latest
     steps:
-      - name: PR Conventional Commit Validation
-        uses:  ytanikin/PRConventionalCommits@1.1.0
-        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
-        with:
-          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
-          add_label: 'true'
-                
       - name: Checkout
         uses: actions/checkout@v3
         with:
@@ -42,19 +39,10 @@ jobs:
       
       - name: Pre package
         run: |
-          bash scripts/package.sh
-
-      - name: Run chart-testing (list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed --chart-dirs build/installer/wizard/config --target-branch ${{ github.event.repository.default_branch }})
-          if [[ -n "$changed" ]]; then
-            echo "changed=true" >> "$GITHUB_OUTPUT"
-          fi
+          bash build/package.sh
 
       - name: Run chart-testing (lint)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --chart-dirs build/installer/wizard/config --check-version-increment=false --target-branch ${{ github.event.repository.default_branch }}
+        run: ct lint --chart-dirs .dist/wizard/config,.dist/wizard/config/apps,.dist/wizard/config/gpu --check-version-increment=false --all
 
       # - name: Create kind cluster
       #   if: steps.list-changed.outputs.changed == 'true'
@@ -64,46 +52,169 @@ jobs:
       #   if: steps.list-changed.outputs.changed == 'true'
       #   run: ct install --chart-dirs wizard/charts,wizard/config --target-branch ${{ github.event.repository.default_branch }}
 
-  install-test:
-    needs: lint-test
+  test-version:
     runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.generate.outputs.version }}
     steps:
-      - name: Checkout
+      - id: generate
+        run: |
+          v=1.12.2-$(echo $RANDOM$RANDOM)
+          echo "version=$v" >> "$GITHUB_OUTPUT"
+
+  upload-cli:
+    needs: test-version
+    uses: ./.github/workflows/release-cli.yaml
+    secrets: inherit
+    with:
+      version: ${{ needs.test-version.outputs.version }}
+      ref: ${{ github.event.pull_request.head.ref }}
+      repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+  upload-daemon:
+    needs: test-version
+    uses: ./.github/workflows/release-daemon.yaml
+    secrets: inherit
+    with:
+      version: ${{ needs.test-version.outputs.version }}
+      ref: ${{ github.event.pull_request.head.ref }}
+      repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+  push-image:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
 
-      - name: 'Test tag version'
-        id: vars
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
         run: |
-          v=1.8.0-$(echo $RANDOM)
-          echo "tag_version=$v" >> $GITHUB_OUTPUT
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf
 
-      - name: Package installer
+  push-image-arm64:
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: Install skopeo (Ubuntu)
         run: |
-          bash scripts/build.sh ${{ steps.vars.outputs.tag_version }}
+          sudo apt-get update
+          sudo apt-get install -y skopeo
+          
 
-      - name: Upload package
-        env: 
+      - name: 'Checkout source code'
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+
+      - env: 
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
-          aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz --acl=public-read
-      
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64
 
+
+  push-deps:
+    needs: [test-version, upload-daemon]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.test-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
+        run: |
+          bash build/deps-manifest.sh && bash build/upload-deps.sh
+
+  push-deps-arm64:
+    needs: [test-version, upload-daemon]
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+      - name: Install coscmd
+        run: pip install coscmd        
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.test-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64
+
+
+  upload-package:
+    needs: [lint-test, test-version, push-image, push-image-arm64, push-deps, push-deps-arm64]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.ref }}
+        repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+    - name: Package installer
+      run: |
+        bash build/build.sh ${{ needs.test-version.outputs.version }}
+
+    - name: Upload package
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        AWS_DEFAULT_REGION: 'us-east-1'
+      run: |
+        md5sum install-wizard-v${{ needs.test-version.outputs.version }}.tar.gz > install-wizard-v${{ needs.test-version.outputs.version }}.md5sum.txt && \
+        aws s3 cp install-wizard-v${{ needs.test-version.outputs.version }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ needs.test-version.outputs.version }}.md5sum.txt --acl=public-read && \
+        aws s3 cp install-wizard-v${{ needs.test-version.outputs.version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ needs.test-version.outputs.version }}.tar.gz --acl=public-read
+
+
+  install-test:
+    needs: [test-version, upload-cli, upload-package]
+    runs-on: ubuntu-latest
+    steps:
       - name: Deploy Request
         uses: fjogeleit/http-request-action@v1
         with:
           url: 'https://cloud-dev-api.bttcdn.com/v1/resource/installTest'
           method: 'POST'
           customHeaders: '{"Authorization": "${{ secrets.INSTALL_SECRET }}"}'
-          data: 'versions=${{ steps.vars.outputs.tag_version }}&downloadUrl=https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz'      
+          data: 'versions=${{ needs.test-version.outputs.version }}&downloadUrl=https://cdn.olares.com/install-wizard-v${{ needs.test-version.outputs.version }}.tar.gz'
           contentType: "application/x-www-form-urlencoded"
 
-      - name: Check Reault
+      - name: Check Result
         uses: eball/poll-check-endpoint@v0.1.0
         with:
           url: https://cloud-dev-api.bttcdn.com/v1/resource/installResult
@@ -114,4 +225,4 @@ jobs:
           timeout: 1800000
           interval: 30000
           customHeaders: '{"Authorization": "${{ secrets.INSTALL_SECRET }}", "Content-Type": "application/x-www-form-urlencoded"}'
-          data: 'versions=${{ steps.vars.outputs.tag_version }}'
+          data: 'versions=${{ needs.test-version.outputs.version }}'

.github/workflows/daily-lint-check.yaml

@@ -0,0 +1,37 @@
+name: Lint Check Charts
+
+on:
+  schedule:
+    # This is a UTC time
+    - cron: "30 1 * * *"
+  workflow_dispatch:
+
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+          
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.12.1
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.6.0
+      
+      - name: Pre package
+        run: |
+          bash build/package.sh
+
+      - name: Run chart-testing (lint)
+        run: |
+          ct lint --chart-dirs .dist/wizard/config,.dist/wizard/config/apps,.dist/wizard/config/gpu --check-version-increment=false --all
+

.github/workflows/push-deps-to-s3.yml

@@ -3,21 +3,37 @@ name: Push deps to S3
 on:
   workflow_dispatch:
 
-
 jobs:
   push:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     steps:
-    - name: 'Checkout source code'
-      uses: actions/checkout@v3
-
-    # test
-    - env:
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_DEFAULT_REGION: 'us-east-1'
-      run: |
-        bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
 
 
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
+        run: |
+          bash build/deps-manifest.sh && bash build/upload-deps.sh
+
+  push-arm64:
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64

.github/workflows/push-gpudeps-to-s3.yml

@@ -1,23 +0,0 @@
-name: Push gpu-deps to S3
-
-on:
-  workflow_dispatch:
-    inputs:
-      environment:
-        description: 'Set OS: ubuntu-20.04, ubuntu-22.04'
-        required: true
-
-
-jobs:
-  push:
-    runs-on: ${{ github.event.inputs.environment }}
-    steps:
-    - name: 'Checkout source code'
-      uses: actions/checkout@v3
-
-    - env:
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_DEFAULT_REGION: 'us-east-1'
-      run: |
-        bash scripts/upload-gpu-deps.sh

.github/workflows/push-to-s3.yaml

@@ -5,7 +5,7 @@ on:
 
 jobs:
   push:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     steps:
       - name: "Checkout source code"
@@ -17,10 +17,10 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
         run: |
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf
 
   push-arm64:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux, ARM64]
 
     steps:
       - name: "Checkout source code"
@@ -31,4 +31,5 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
         run: |
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64

.github/workflows/release-cli.yaml

@@ -0,0 +1,71 @@
+name: Release CLI
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
+      release-id:
+        type: string
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
+      release-id:
+        type: string
+jobs:
+  goreleaser:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repository }}
+
+      - name: Add Local Git Tag For GoReleaser
+        run: git tag ${{ inputs.version }}
+        continue-on-error: true
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.24.3
+          
+      - name: Install x86_64 cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y build-essential
+
+      - name: Install ARM cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3.1.0
+        with:
+          distribution: goreleaser
+          workdir: './cli'
+          version: v1.18.2
+          args: release --clean
+        env:
+          OLARES_RELEASE_ID: ${{ inputs.release-id }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload to S3
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          cd cli/output && for file in $(ls *.tar.gz | grep -v no-release-id); do
+            aws s3 cp "$file" s3://terminus-os-install${{ secrets.REPO_PATH }}${file} --acl=public-read
+          done

.github/workflows/release-daemon.yaml

@@ -0,0 +1,75 @@
+name: Release Daemon
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
+      release-id:
+        type: string
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
+      release-id:
+        type: string
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repository }}
+
+      - name: Add Local Git Tag For GoReleaser
+        run: git tag ${{ inputs.version }}
+        continue-on-error: true
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.22.1
+
+      - name: install udev-devel
+        run: |
+          sudo apt update && sudo apt install -y libudev-dev
+
+      - name: Install x86_64 cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y build-essential
+
+      - name: Install ARM cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y gcc-aarch64-linux-gnu
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3.1.0
+        env:
+          OLARES_RELEASE_ID: ${{ inputs.release-id }}
+        with:
+          distribution: goreleaser
+          workdir: './daemon'
+          version: v1.18.2
+          args: release --clean
+
+      - name: Upload to CDN
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: 'us-east-1'
+        run: |
+          cd daemon/output && for file in $(ls *.tar.gz | grep -v no-release-id); do
+            aws s3 cp "$file" s3://terminus-os-install${{ secrets.REPO_PATH }}${file} --acl=public-read
+          done

.github/workflows/release-daily.yaml

@@ -9,8 +9,47 @@ on:
   workflow_dispatch:
 
 jobs:
-  push:
+
+  daily-version:
     runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.generate.outputs.version }}
+    steps:
+      - id: generate
+        run: |
+          v=1.12.2-$(date +"%Y%m%d")
+          echo "version=$v" >> "$GITHUB_OUTPUT"
+
+  release-id:
+    runs-on: ubuntu-latest
+    outputs:
+      id: ${{ steps.generate.outputs.id }}
+    steps:
+      - name: 'Checkout source code'
+        uses: actions/checkout@v3
+      - id: generate
+        run: |
+          hash=$(git rev-parse --short=7 HEAD)
+          echo "id=$hash" >> "$GITHUB_OUTPUT"
+
+  release-cli:
+    needs: [daily-version, release-id]
+    uses: ./.github/workflows/release-cli.yaml
+    secrets: inherit
+    with:
+      version: ${{ needs.daily-version.outputs.version }}
+      release-id: ${{ needs.release-id.outputs.id }}
+
+  release-daemon:
+    needs: [daily-version, release-id]
+    uses: ./.github/workflows/release-daemon.yaml
+    secrets: inherit
+    with:
+      version: ${{ needs.daily-version.outputs.version }}
+      release-id: ${{ needs.release-id.outputs.id }}
+
+  push-images:
+    runs-on: ubuntu-22.04
 
     steps:
       - name: 'Checkout source code'
@@ -21,10 +60,10 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf
 
-  push-arm64:
-    runs-on: self-hosted
+  push-images-arm64:
+    runs-on: [self-hosted, linux, ARM64]
 
     steps:
       - name: 'Checkout source code'
@@ -35,142 +74,109 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64
 
-  upload-full:
-    needs: [push, push-arm64]
+  push-deps:
+    needs: [daily-version, release-id, release-daemon]
     runs-on: ubuntu-latest
 
     steps:
-      # - name: Maximize build space
-      #   uses: easimon/maximize-build-space@master
-      #   with:
-      #     root-reserve-mb: 21200
-      #     swap-size-mb: 1024
-      #     remove-dotnet: 'true'
-      #     remove-android: 'true'
-      #     remove-haskell: 'true'
-      #     remove-codeql: 'true'
-
-      - name: 'Daily tag version'
-        id: vars
-        run: |
-          v=1.8.0-$(date +"%Y%m%d")
-          echo "tag_version=$v" >> $GITHUB_OUTPUT
-          echo "latest_version=1.6.0-alpha" >> $GITHUB_OUTPUT
-
-      - name: 'Checkout source code'
+      - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Package installer
-        run: |
-          bash scripts/build.sh ${{ steps.vars.outputs.tag_version }}
-
-      - name: Upload to S3
-        env: 
+      # test
+      - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: 'us-east-1'
+          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.daily-version.outputs.version }}
+          RELEASE_ID: ${{ needs.release-id.outputs.id }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
-          aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz --acl=public-read
+          bash build/deps-manifest.sh && bash build/upload-deps.sh
 
-  upload-full-arm64:
-    needs: [push, push-arm64]
-    runs-on: self-hosted
+  push-deps-arm64:
+    needs: [daily-version, release-id, release-daemon]
+    runs-on: [self-hosted, linux, ARM64]
 
     steps:
-      # - name: Maximize build space
-      #   uses: easimon/maximize-build-space@master
-      #   with:
-      #     root-reserve-mb: 21200
-      #     swap-size-mb: 1024
-      #     remove-dotnet: 'true'
-      #     remove-android: 'true'
-      #     remove-haskell: 'true'
-      #     remove-codeql: 'true'
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
 
-      - name: 'Daily tag version'
-        id: vars
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.daily-version.outputs.version }}
+          RELEASE_ID: ${{ needs.release-id.outputs.id }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
-          v=1.8.0-$(date +"%Y%m%d")
-          echo "tag_version=$v" >> $GITHUB_OUTPUT
-          echo "latest_version=1.7.0-rc.0" >> $GITHUB_OUTPUT
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64
 
+
+  upload-package:
+    needs: [daily-version, release-id, push-images, push-images-arm64, push-deps, push-deps-arm64]
+    runs-on: ubuntu-latest
+
+    steps:
       - name: 'Checkout source code'
         uses: actions/checkout@v3
 
       - name: Package installer
         run: |
-          bash scripts/build.sh ${{ steps.vars.outputs.tag_version }} linux/arm64
+          bash build/build.sh ${{ needs.daily-version.outputs.version }} ${{ needs.release-id.outputs.id }}
 
       - name: Upload to S3
+        id: upload
         env: 
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
-          aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}-arm64.tar.gz --acl=public-read
+          md5sum install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz > install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz --acl=public-read && \
+
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.${{ needs.release-id.outputs.id }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.${{ needs.release-id.outputs.id }}.tar.gz --acl=public-read
+
 
   release:
-    needs: [upload-full, upload-full-arm64]
+    needs: [daily-version, upload-package, release-cli, release-id]
     runs-on: ubuntu-latest
 
     steps:
       - name: 'Checkout source code'
         uses: actions/checkout@v3
 
-      - name: 'Daily tag version'
-        id: vars
-        run: |
-          v=1.8.0-$(date +"%Y%m%d")
-          echo "tag_version=$v" >> $GITHUB_OUTPUT
-          echo "latest_version=1.7.0-rc.0" >> $GITHUB_OUTPUT
-      
       - name: Package installer
         run: |
-          bash scripts/package.sh
-
-      - name: Update version
-        uses: eball/write-tag-to-version-file@latest
-        with:
-          filename: 'build/installer/wizard/config/settings/templates/terminus_cr.yaml'
-          placeholder: '#__VERSION__'
-          tag: ${{ steps.vars.outputs.tag_version }}
-
-      - name: Update release version
-        uses: eball/write-tag-to-version-file@latest
-        with:
-          filename: 'build/installer/install.sh'
-          placeholder: '#__VERSION__'
-          tag: ${{ steps.vars.outputs.tag_version }}
-
-      - name: Update latest installer
-        uses: eball/write-tag-to-version-file@latest
-        with:
-          filename: 'build/installer/publicInstaller.latest'
-          placeholder: '#{{LATEST_VERSION}}'
-          tag: ${{ steps.vars.outputs.latest_version }}
+          bash build/build.sh ${{ needs.daily-version.outputs.version }} ${{ needs.release-id.outputs.id }}
 
       - name: 'Archives'
-        working-directory: ./build/installer
         run: |
-          mkdir -p /tmp/build
-          tar --exclude=wizard/tools --exclude=.git -zcvf /tmp/build/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz .
+          cp .dist/install-wizard/install.sh build/base-package
+          cp build/base-package/install.sh build/base-package/publicInstaller.sh
+          cp .dist/install-wizard/install.ps1 build/base-package
+          cp .dist/install-wizard/joincluster.sh build/base-package
 
       - name: Release public files
         uses: softprops/action-gh-release@v1
         with:
-          name: v${{ steps.vars.outputs.tag_version }} Release
-          tag_name: ${{ steps.vars.outputs.tag_version }}
+          name: v${{ needs.daily-version.outputs.version }} Release
+          tag_name: ${{ needs.daily-version.outputs.version }}
           files: |
-            /tmp/build/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz
-            build/installer/publicInstaller.sh
-            build/installer/publicInstaller.latest
-            build/installer/uninstall_cmd.sh
-            build/installer/install.sh
-            build/installer/publicAddnode.sh
-            build/installer/version.hint
-            build/installer/publicRestoreInstaller.sh
+            install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz
+            build/base-package/publicInstaller.sh
+            build/base-package/install.sh
+            build/base-package/install.ps1
+            build/base-package/joincluster.sh
+            build/base-package/publicAddnode.sh
+            build/base-package/version.hint
+            build/base-package/publicRestoreInstaller.sh
           prerelease: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release-mdns-agent.yaml

@@ -0,0 +1,71 @@
+name: Publish mdns-agent to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          context: ./daemon
+          tags: beclab/olaresd:${{ inputs.version }}
+          file: ./daemon/docker/Dockerfile.agent
+          platforms: linux/amd64,linux/arm64
+
+  upload_release_package:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+      - name: Add Local Git Tag For GoReleaser
+        run: git tag ${{ inputs.version }}
+        continue-on-error: true
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.22.1
+
+      - name: Install x86_64 cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y build-essential
+
+      - name: Install ARM cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y gcc-aarch64-linux-gnu
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3.1.0
+        with:
+          distribution: goreleaser
+          version: v1.18.2
+          args: release --clean --skip-validate -f .goreleaser.agent.yml
+          workdir: './daemon'
+
+      - name: Upload to CDN
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: 'us-east-1'
+        run: |
+          cd daemon/output && for file in *.tar.gz; do
+            aws s3 cp "$file" s3://terminus-os-install/$file --acl=public-read
+          done

.github/workflows/release.yaml

@@ -9,8 +9,41 @@ on:
         description: 'Release Tags'
 
 jobs:
-  push:
+
+  release-id:
     runs-on: ubuntu-latest
+    outputs:
+      id: ${{ steps.generate.outputs.id }}
+    steps:
+      - name: 'Checkout source code'
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.tags }}
+      - id: generate
+        run: |
+          hash=$(git rev-parse --short=7 HEAD)
+          echo "id=$hash" >> "$GITHUB_OUTPUT"
+
+  release-cli:
+    needs: [release-id]
+    uses: ./.github/workflows/release-cli.yaml
+    secrets: inherit
+    with:
+      version: ${{ github.event.inputs.tags }}
+      release-id: ${{ needs.release-id.outputs.id }}
+      ref: ${{ github.event.inputs.tags }}
+
+  release-daemon:
+    needs: [release-id]
+    uses: ./.github/workflows/release-daemon.yaml
+    secrets: inherit
+    with:
+      version: ${{ github.event.inputs.tags }}
+      release-id: ${{ needs.release-id.outputs.id }}
+      ref: ${{ github.event.inputs.tags }}
+
+  push:
+    runs-on: ubuntu-22.04
 
     steps:
       - name: 'Checkout source code'
@@ -22,11 +55,12 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
+          VERSION: ${{ github.event.inputs.tags }}
         run: |
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf
 
   push-arm64:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux, ARM64]
 
     steps:
       - name: 'Checkout source code'
@@ -38,56 +72,56 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
+          VERSION: ${{ github.event.inputs.tags }}
         run: |
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64
 
-  upload-full:
-    needs: [push, push-arm64]
+  push-deps:
+    needs: [release-daemon, release-id]
     runs-on: ubuntu-latest
 
     steps:
-      # - name: Maximize build space
-      #   uses: easimon/maximize-build-space@master
-      #   with:
-      #     root-reserve-mb: 21200
-      #     swap-size-mb: 1024
-      #     remove-dotnet: 'true'
-      #     remove-android: 'true'
-      #     remove-haskell: 'true'
-      #     remove-codeql: 'true'
-
-      - name: 'Checkout source code'
+      - name: "Checkout source code"
         uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.inputs.tags }}
 
-      - name: Package installer
-        run: |
-          bash scripts/build.sh ${{ github.event.inputs.tags }}
-
-      - name: Upload to S3
-        env: 
+      # test
+      - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: 'us-east-1'
+          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ github.event.inputs.tags }}
+          RELEASE_ID: ${{ needs.release-id.outputs.id }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
+          bash build/deps-manifest.sh && bash build/upload-deps.sh
 
-  upload-full-arm64:
-    needs: [push, push-arm64]
-    runs-on: self-hosted
+  push-deps-arm64:
+    needs: [release-daemon, release-id]
+    runs-on: [self-hosted, linux, ARM64]
 
     steps:
-      # - name: Maximize build space
-      #   uses: easimon/maximize-build-space@master
-      #   with:
-      #     root-reserve-mb: 21200
-      #     swap-size-mb: 1024
-      #     remove-dotnet: 'true'
-      #     remove-android: 'true'
-      #     remove-haskell: 'true'
-      #     remove-codeql: 'true'
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
 
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ github.event.inputs.tags }}
+          RELEASE_ID: ${{ needs.release-id.outputs.id }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64
+
+
+  upload-package:
+    needs: [push, push-arm64, push-deps, push-deps-arm64, release-daemon, release-id]
+    runs-on: ubuntu-latest
+
+    steps:
       - name: 'Checkout source code'
         uses: actions/checkout@v3
         with:
@@ -95,7 +129,7 @@ jobs:
 
       - name: Package installer
         run: |
-          bash scripts/build.sh ${{ github.event.inputs.tags }} linux/arm64
+          bash build/build.sh ${{ github.event.inputs.tags }} ${{ needs.release-id.outputs.id }}
 
       - name: Upload to S3
         env: 
@@ -103,11 +137,16 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-${{ github.event.inputs.tags }}-arm64.tar.gz --acl=public-read
+          md5sum install-wizard-v${{ github.event.inputs.tags }}.tar.gz > install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt && \
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
+
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.${{ needs.release-id.outputs.id }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.${{ needs.release-id.outputs.id }}.tar.gz --acl=public-read
 
   release:
     runs-on: ubuntu-latest
-    needs: [upload-full, upload-full-arm64]
+    needs: [upload-package, release-cli, release-id]
 
     steps:
       - name: 'Checkout source code'
@@ -115,34 +154,35 @@ jobs:
         with:
           ref: ${{ github.event.inputs.tags }}
 
-      - name: Package installer
-        run: |
-          bash scripts/package.sh
-
-      - name: Update version
-        uses: eball/write-tag-to-version-file@latest
-        with:
-          filename: 'build/installer/wizard/config/settings/templates/terminus_cr.yaml'
-          placeholder: '#__VERSION__'
-          tag: ${{ github.event.inputs.tags }}
-      
       - name: Update env
-        working-directory: ./build/installer
+        working-directory: ./build/base-package
         run: |
           echo 'DEBUG_VERSION="false"' > .env
 
-      - name: Update latest installer
+      - name: Get checksum
+        id: vars
+        run: |
+          echo "version_md5sum=$(curl -sSfL https://cdn.olares.com${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.${{ needs.release-id.outputs.id }}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
+
+      - name: Update checksum
         uses: eball/write-tag-to-version-file@latest
         with:
-          filename: 'build/installer/publicInstaller.latest'
-          placeholder: '#{{LATEST_VERSION}}'
-          tag: ${{ github.event.inputs.tags }}
+          filename: 'build/base-package/install.sh'
+          placeholder: '#__MD5SUM__'
+          tag: ${{ steps.vars.outputs.version_md5sum }}
 
-      - name: 'Archives'
-        working-directory: ./build/installer
+      - name: Package installer
         run: |
-          mkdir -p /tmp/build
-          tar --exclude=wizard/tools --exclude=.git -zcvf /tmp/build/install-wizard-v${{ github.event.inputs.tags }}.tar.gz .
+          bash build/build.sh ${{ github.event.inputs.tags }} ${{ needs.release-id.outputs.id }}
+          
+      - name: 'Archives'
+        run: |
+          cp .dist/install-wizard/install.sh build/base-package
+          cp build/base-package/install.sh build/base-package/publicInstaller.sh
+          cp build/base-package/install.sh build/base-package/publicInstaller.latest
+          cp .dist/install-wizard/install.ps1 build/base-package
+          cp build/base-package/install.ps1 build/base-package/publicInstaller.latest.ps1
+          cp .dist/install-wizard/joincluster.sh build/base-package
 
       - name: Release public files
         uses: softprops/action-gh-release@v1
@@ -150,13 +190,16 @@ jobs:
           name: v${{ github.event.inputs.tags }} Release
           tag_name: ${{ github.event.inputs.tags }}
           files: |
-            /tmp/build/install-wizard-v${{ github.event.inputs.tags }}.tar.gz
-            build/installer/publicInstaller.sh
-            build/installer/publicInstaller.latest
-            build/installer/uninstall_cmd.sh
-            build/installer/publicAddnode.sh
-            build/installer/version.hint
-            build/installer/publicRestoreInstaller.sh
-          # prerelease: true
+            install-wizard-v${{ github.event.inputs.tags }}.tar.gz
+            build/base-package/publicInstaller.sh
+            build/base-package/publicInstaller.latest
+            build/base-package/install.sh
+            build/base-package/publicInstaller.latest.ps1
+            build/base-package/install.ps1
+            build/base-package/publicAddnode.sh
+            build/base-package/joincluster.sh
+            build/base-package/version.hint
+            build/base-package/publicRestoreInstaller.sh
+          prerelease: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/upload-full.yaml

@@ -1,71 +0,0 @@
-
-
-name: Upload Full Package
-
-on:
-  workflow_dispatch:
-    inputs:
-      tags:
-        description: 'Release Tags'
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Maximize build space
-        uses: easimon/maximize-build-space@master
-        with:
-          root-reserve-mb: 21200
-          swap-size-mb: 1024
-          remove-dotnet: 'true'
-          remove-android: 'true'
-          remove-haskell: 'true'
-          remove-codeql: 'true'
-      - name: 'Checkout source code'
-        uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.inputs.tags }}
-
-      - name: Package installer
-        run: |
-          bash scripts/build-full.sh ${{ github.event.inputs.tags }}
-
-      - name: Upload to S3
-        env: 
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: 'us-east-1'
-        run: |
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
-  
-  release-arm64:
-    runs-on: self-hosted
-
-    steps:
-      # - name: Maximize build space
-      #   uses: easimon/maximize-build-space@master
-      #   with:
-      #     root-reserve-mb: 21200
-      #     swap-size-mb: 1024
-      #     remove-dotnet: 'true'
-      #     remove-android: 'true'
-      #     remove-haskell: 'true'
-      #     remove-codeql: 'true'
-      - name: 'Checkout source code'
-        uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.inputs.tags }}
-
-      - name: Package installer
-        run: |
-          bash scripts/build-full.sh ${{ github.event.inputs.tags }} linux/arm64
-
-      - name: Upload to S3
-        env: 
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: 'us-east-1'
-        run: |
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}-arm64.tar.gz --acl=public-read
-  

.gitignore

@@ -23,6 +23,18 @@ go.work
 
 .dist
 .manifest
+.dependencies
 install-wizard-*.tar.gz
+olares-cli-*.tar.gz
 !ks-console-*.tgz
 .vscode
+.DS_Store
+cli/output
+daemon/output
+daemon/bin
+
+docs/.vitepress/dist/
+docs/.vitepress/cache/
+node_modules
+.idea/
+cli/olares-cli*

LICENSE

@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

LICENSE.md

@@ -1,4 +1,4 @@
-# Terminus License 
+# Olares License 
 
 ## Acceptance
 

README.md

@@ -1,83 +1,62 @@
 <div align="center">
 
-# Terminus - Your Self-Hosted Home Cloud, Powered by Kubernetes <!-- omit in toc -->
+# Olares: An Open-Source Personal Cloud to </br>Reclaim Your Data<!-- omit in toc -->
 
-[![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br />
-[![Last Commit](https://img.shields.io/github/last-commit/beclab/terminus)](https://github.com/beclab/terminus/commits/main)
-![Build Status](https://github.com/beclab/terminus/actions/workflows/release-daily.yaml/badge.svg)
-[![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/terminus)](https://github.com/beclab/terminus/releases)
-[![GitHub Repo stars](https://img.shields.io/github/stars/beclab/terminus?style=social)](https://github.com/beclab/terminus/stargazers)
-[![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.com/invite/BzfqrgQPDK)
-[![License](https://img.shields.io/badge/License-Terminus-darkblue)](https://github.com/beclab/terminus/blob/main/LICENSE.md)
+[![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br/>
+[![Last Commit](https://img.shields.io/github/last-commit/beclab/olares)](https://github.com/beclab/olares/commits/main)
+![Build Status](https://github.com/beclab/olares/actions/workflows/release-daily.yaml/badge.svg)
+[![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/olares)](https://github.com/beclab/olares/releases)
+[![GitHub Repo stars](https://img.shields.io/github/stars/beclab/olares?style=social)](https://github.com/beclab/olares/stargazers)
+[![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.gg/olares)
+[![License](https://img.shields.io/badge/License-AGPL--3.0-blue)](https://github.com/beclab/olares/blob/main/LICENSE)
+
+<p>
+  <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
+  <a href="./README_CN.md"><img alt="Readme in Chinese" src="https://img.shields.io/badge/简体中文-FFFFFF"></a>
+  <a href="./README_JP.md"><img alt="Readme in Japanese" src="https://img.shields.io/badge/日本語-FFFFFF"></a>
+</p>
 
 </div>
 
-![cover](https://file.bttcdn.com/github/terminus/desktop-dark.jpeg)
-
-*Build your local AI assistants, sync data across places, self-hosted your workspace, stream your own media, and more——all in a true home cloud made possible by Terminus.*
 <p align="center">
-  <a href="https://www.jointerminus.com">Website</a> ·
-  <a href="https://docs.jointerminus.com">Documentation</a> ·
-  <a href="https://docs.jointerminus.com/how-to/termipass/overview.html#download">Download TermiPass</a> ·
-  <a href="https://github.com/beclab/apps">Terminus Apps</a> ·
-  <a href="https://space.jointerminus.com">Terminus Space</a>
+  <a href="https://olares.com">Website</a> ·
+  <a href="https://docs.olares.com">Documentation</a> ·
+  <a href="https://larepass.olares.com">Download LarePass</a> ·
+  <a href="https://github.com/beclab/apps">Olares Apps</a> ·
+  <a href="https://space.olares.com">Olares Space</a>
 </p>
 
-## Table of Contents <!-- omit in toc -->
-- [Introduction](#introduction)
-- [Motivation and design](#motivation-and-design)
-- [Tech stacks](#tech-stacks)
-- [Features](#features)
-- [Feature comparison](#feature-comparison)
-- [Getting started](#getting-started)
-- [Project navigation](#project-navigation)
-- [Contributing to Terminus](#contributing-to-terminus)
-- [Community \& contact](#community--contact)
-- [Staying ahead](#staying-ahead)
-- [Special thanks](#special-thanks)
-  
-## Introduction
+>*The modern internet built on public clouds is increasingly threatening your personal data privacy. As reliance on services like ChatGPT, Midjourney, and Facebook grows, so does the risk to your digital autonomy. Your data lives on their servers, subject to their terms, tracking, and potential censorship.*
+>
+>*It's time for a change.* 
 
-Transform your edge device into a true home cloud with Terminus - a free, self-hosted operating system built on Kubernetes. Terminus brings cloud-level capabilities to your home, without compromising on privacy or ease of use. By securely storing your data and accessing your self-hosted services from anywhere via Terminus, you gain complete control over your digital life.
+![Personal Cloud](https://app.cdn.olares.com/github/olares/public-cloud-to-personal-cloud.jpg)
+We believe you have a fundamental right to control your digital life. The most effective way to uphold this right is by hosting your data locally, on your own hardware.
 
-Typical use cases of Terminus include:
+Olares is an **open-source personal cloud operating system** designed to empower you to own and manage your digital assets locally. Instead of relying on public cloud services, you can deploy powerful open-source alternatives locally on Olares, such as Ollama for hosting LLMs, SD WebUI for image generation, and Mastodon for building censor free social space. Imagine the power of the cloud, but with you in complete command.
 
-🤖 **Local AI**: Host and run world-class open-source AI models locally, including large language models, image generation, and speech recognition. Create custom AI assistants that integrate seamlessly with your personal data and applications, all while ensuring enhanced privacy and control. <br>
+> 🌟 *Star us to receive instant notifications about new releases and updates.* 
 
-💻**Personal data repository**: Securely store, sync, and manage your photos, documents, and important files in a unified storage and access anywhere. <br>
+## Architecture 
 
-🛠️ **Self-hosted workspace**: Create a free, powerful workspace for your team or family with open source selfhosted alternatives. <br>
+Just as Public clouds offer IaaS, PaaS, and SaaS layers, Olares provides open-source alternatives to each of these layers.
 
-🎥 **Private media server**: Host your own streaming services with your personal media collections. <br>
+  ![Tech Stacks](https://app.cdn.olares.com/github/olares/olares-architecture.jpg)
 
-🏡 **Smart Home Hub**: Create a central control point for your IoT devices and home automation. <br>
+ For detailed description of each component, refer to [Olares architecture](https://docs.olares.com/manual/concepts/system-architecture.html).
 
-🤝 **User-owned decentralized social media**: Easily install decentralized social media apps such as Mastodon, Ghost, and WordPress on Terminus, allowing you to build a personal brand without the risk of being banned or paying platform commissions.<br>
-
-📚 **Learning platform**: Explore self-hosting, container orchestration, and cloud technologies hands-on.
-
-## Motivation and design
-
-We believe the current state of the internet, where user data is centralized and exploited by monopolistic corporations, is deeply flawed. Our goal is to empower individuals with true data ownership and control.
-
-Terminus provides a next-generation decentralized Internet framework consisting of the following three integral components:  
-
-- **Snowinning Protocol**: A decentralized identity and reputation system that integrates decentralized identifiers (DIDs), verifiable credentials (VCs), and reputation data. 
-- **Terminus OS**: An one-stop self-hosted operating system running on edge devices, allowing users to host their own data and applications.  
-- **TermiPass**: A comprehensive client software that securely bridges users to their Terminus systems. It offers remote access, identity and device management, data storage, and productivity tools, providing a seamless interface for all Terminus interactions. Learn more in [documentation](https://docs.jointerminus.com/how-to/termipass/overview.html).
-
-## Tech stacks
-
-  ![Tech Stacks](https://file.bttcdn.com/github/terminus/v2/tech-stack.jpeg)
+> 🔍 **How is Olares different from traditional NAS?**
+>
+> Olares focuses on building an all-in-one self-hosted personal cloud experience. Its core features and target users differ significantly from traditional Network Attached Storage (NAS) systems, which primarily focus on network storage. For more details, see [Compare Olares and NAS](https://docs.olares.com/manual/olares-vs-nas.html).
 
 ## Features
 
-Terminus offers a wide array of features designed to enhance security, ease of use, and development flexibility:
+Olares offers a wide array of features designed to enhance security, ease of use, and development flexibility:
 
 - **Enterprise-grade security**: Simplified network configuration using Tailscale, Headscale, Cloudflare Tunnel, and FRP.
 - **Secure and permissionless application ecosystem**: Sandboxing ensures application isolation and security.
 - **Unified file system and database**: Automated scaling, backups, and high availability.
-- **Single sign-on**: Log in once to access all applications within Terminus with a shared authentication service.
+- **Single sign-on**: Log in once to access all applications within Olares with a shared authentication service.
 - **AI capabilities**: Comprehensive solution for GPU management, local AI model hosting, and private knowledge bases while maintaining data privacy.
 - **Built-in applications**: Includes file manager, sync drive, vault, reader, app market, settings, and dashboard.
 - **Seamless anywhere access**: Access your devices from anywhere using dedicated clients for mobile, desktop, and browsers.
@@ -85,167 +64,78 @@ Terminus offers a wide array of features designed to enhance security, ease of u
 
 Here are some screenshots from the UI for a sneak peek:
 
-| Desktop–AI-Powered Personal Desktop     |  **Files**–A Secure Home to Your Data
+| **Desktop–Streamlined and familiar portal**     |  **Files–A secure home to your data**
 | :--------: | :-------: |
-| ![Desktop](https://file.bttcdn.com/github/terminus/v2/desktop.jpg) | ![Files](https://file.bttcdn.com/github/terminus/v2/files.jpg) |
+| ![Desktop](https://app.cdn.olares.com/github/terminus/v2/desktop.jpg) | ![Files](https://app.cdn.olares.com/github/terminus/v2/files.jpg) |
 | **Vault–1Password alternative**|**Market–App ecosystem in your control** |
-| ![vault](https://file.bttcdn.com/github/terminus/v2/vault.jpg) | ![market](https://file.bttcdn.com/github/terminus/v2/market.jpg) |
-|**Wise–Your digital secret garden** | **Settings–Managing Terminus efficiently** |
-| ![settings](https://file.bttcdn.com/github/terminus/v2/wise.jpg) | ![](https://file.bttcdn.com/github/terminus/v2/settings.jpg) |
-|**Dashboard–constant Terminus monitoring**  | **Profile–Your homepage on decentralized network** |
-| ![dashboard](https://file.bttcdn.com/github/terminus/v2/dashboard.jpg) | ![profile](https://file.bttcdn.com/github/terminus/v2/profile.jpg) |
-| **Devbox–Developing, debugging, and deploying**|**Controlhub–Managing Kubernetes clusters easily**  |
-| ![Devbox](https://file.bttcdn.com/github/terminus/v2/devbox.jpg) | ![Controlhub](https://file.bttcdn.com/github/terminus/v2/controlhub.jpg)|
+| ![vault](https://app.cdn.olares.com/github/terminus/v2/vault.jpg) | ![market](https://app.cdn.olares.com/github/terminus/v2/market.jpg) |
+|**Wise–Your digital secret garden** | **Settings–Manage Olares efficiently** |
+| ![settings](https://app.cdn.olares.com/github/terminus/v2/wise.jpg) | ![](https://app.cdn.olares.com/github/terminus/v2/settings.jpg) |
+|**Dashboard–Constant system monitoring**  | **Profile–Your unique homepage** |
+| ![dashboard](https://app.cdn.olares.com/github/terminus/v2/dashboard.jpg) | ![profile](https://app.cdn.olares.com/github/terminus/v2/profile.jpg) |
+| **Studio–Develop, debug, and deploy**|**Control Hub–Manage Kubernetes clusters easily**  |
+| ![Studio](https://app.cdn.olares.com/github/terminus/v2/devbox.jpg) | ![Controlhub](https://app.cdn.olares.com/github/terminus/v2/controlhub.jpg)|
 
-</div>
 
-## Feature comparison 
+## Key use cases
 
-To help you understand how Terminus stands out in the landscape, we've created a comparison table that highlights its features alongside those of other leading solutions in the market.
+Here is why and where you can count on Olares for private, powerful, and secure sovereign cloud experience:
 
-**Legend:** 
+🤖 **Edge AI**: Run cutting-edge open AI models locally, including large language models, computer vision, and speech recognition. Create private AI services tailored to your data for enhanced functionality and privacy. <br>
 
-- 🚀: **Auto**, indicates that the system completes the task automatically.
-- ✅: **Yes**, indicates that users without a developer background can complete the setup through the product's UI prompts.
-- 🛠️: **Manual Configuration**, indicates that even users with an engineering background need to refer to tutorials to complete the setup.
-- ❌:  **No**, indicates that the feature is not supported.
+📊 **Personal data repository**: Securely store, sync, and manage your important files, photos, and documents across devices and locations.<br>
 
-|     | Terminus | Synology | TrueNAS | CasaOS | Proxmox | Unraid |
-| --- | --- | --- | --- | --- | --- | --- |
-| Source Code License | Terminus License | Closed | GPL 3.0 | Apache 2.0 | MIT | Closed |
-| Built On | Kubernetes | Linux | Kubernetes | Docker | LXC/VM | Docker |
-| Multi-Node | ✅   | ❌   | ✅   | ❌   | 🛠️ | ❌   | ❌   |
-| Build-in Apps | ✅ (Rich desktop apps) | ✅ (Rich desktop apps) | ❌ (CLI) | ✅ (Simple desktop apps) | ✅ (Dashboard)| ✅ (Dashboard) |
-| Free Domain Name | ✅   | ✅   | ❌   | ❌   | ❌   | ❌   |
-| Auto SSL Certificate | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Reverse Proxy | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| VPN Management | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Graded App Entrance | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Multi-User Management | ✅ User management <br>🚀 Resource isolation | ✅ User management<br>🛠️ Resource isolation | ✅ User management<br>🛠️ Resource isolation | ❌   | ✅ User management  <br>🛠️ Resource isolation | ✅ User management  <br>🛠️ Resource isolation |
-| Single Login for All Apps | 🚀  | ❌   | ❌   | ❌   | ❌   |  ❌   |
-| Cross-Node Storage | 🚀 (Juicefs+<br>MinIO) | ❌   | ❌   | ❌   | ❌   | ❌   |
-| Database Solution | 🚀 (Built-in cloud-native solution) | 🛠️ | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Disaster Recovery | 🚀 (MinIO's [**Erasure Coding**](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html)**)** | ✅ RAID | ✅ RAID | ✅ RAID | ❌   | ✅ Unraid Storage |
-| Backup | ✅ App Data  <br>✅ User Data | ✅ User Data | ✅ User Data | ✅ User Data | ✅ User Data | ✅ User Data |
-| App Sandboxing | ✅   | ❌   | ❌ (K8S's namespace) | ❌   | ❌  | ❌   |
-| App Ecosystem | ✅ (Official + third-party) | ✅ (Majorly official apps) | ✅ (Official + third-party submissions) | ✅ Majorly official apps | ❌  | ✅ (Community app market) |
-| Developer Friendly | ✅ IDE  <br>✅ CLI  <br>✅ SDK  <br>✅ Doc | ✅ CLI  <br>✅ SDK  <br>✅ Doc | ✅ CLI  <br>✅ Doc | ✅ CLI  <br>✅ Doc | ✅ SDK  <br>✅ Doc | ✅ Doc |
-| Local LLM Hosting | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Local LLM app development | 🚀 (Dify integrated) | 🛠️ | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Client Platforms | ✅ Android  <br>✅ iOS  <br>✅ Windows  <br>✅ Mac  <br>✅ Chrome Plugin | ✅ Android  <br>✅ iOS | ❌   | ❌   | ❌  | ❌   |
-| Client Functionality | ✅ (All-in-one client app) | ✅ (14 separate client apps) | ❌   | ❌   | ❌   |  ❌   |
+🚀 **Self-hosted workspace**: Build a free collaborative workspace for your team using secure, open-source SaaS alternatives.<br>
+
+🎥 **Private media server**: Host your own streaming services with your personal media collections. <br>
+
+🏡 **Smart Home Hub**: Create a central control point for your IoT devices and home automation. <br>
+
+🤝 **User-owned decentralized social media**: Easily install decentralized social media apps such as Mastodon, Ghost, and WordPress on Olares, allowing you to build a personal brand without the risk of being banned or paying platform commissions.<br>
+
+📚 **Learning platform**: Explore self-hosting, container orchestration, and cloud technologies hands-on.
 
 ## Getting started
 
-- [Getting Started on Linux](https://docs.jointerminus.com/overview/introduction/getting-started/linux.html)
-- [Getting Started on Raspberry Pi](https://docs.jointerminus.com/overview/introduction/getting-started/raspberry.html)
-- [Getting Started on macOS](https://docs.jointerminus.com/overview/introduction/getting-started/mac.html)
-- [Getting Started on Windows](https://docs.jointerminus.com/overview/introduction/getting-started/windows.html)
+### System compatibility
+
+Olares has been tested and verified on the following Linux platforms:
+
+- Ubuntu 24.04 LTS or later
+- Debian 11 or later
+
+### Set up Olares
+To get started with Olares on your own device, follow the [Getting Started Guide](https://docs.olares.com/manual/get-started/) for step-by-step instructions.
 
 ## Project navigation
+This section lists the main directories in the Olares repository:
 
-Terminus consists of numerous code repositories publicly available on GitHub. The current repository is responsible for the final compilation, packaging, installation, and upgrade of the operating system, while specific changes mostly take place in their corresponding repositories.
+* **[`apps`](./apps)**: Contains the code for system applications, primarily for `larepass`.
+* **[`cli`](./cli)**: Contains the code for `olares-cli`, the command-line interface tool for Olares.
+* **[`daemon`](./daemon)**: Contains the code for `olaresd`, the system daemon process.
+* **[`docs`](./docs)**: Contains documentation for the project.
+* **[`framework`](./framework)**: Contains the Olares system services.
+* **[`infrastructure`](./infrastructure)**: Contains code related to infrastructure components such as computing, storage, networking, and GPUs.
+* **[`platform`](./platform)**: Contains code for cloud-native components like databases and message queues.
+* **`vendor`**: Contains code from third-party hardware vendors.
 
-The following table lists the project directories under Terminus and their corresponding repositories. Find the one that interests you:
-
-<details>
-<summary><b>Framework components</b></summary>
-
-| Directory | Repository | Description |
-| --- | --- | --- |
-| [frameworks/app-service](https://github.com/beclab/terminus/tree/main/frameworks/app-service) | <https://github.com/beclab/app-service> | A system framework component that provides lifecycle management and various security controls for all apps in the system. |
-| [frameworks/backup-server](https://github.com/beclab/terminus/tree/main/frameworks/backup-server) | <https://github.com/beclab/backup-server> | A system framework component that provides scheduled full or incremental cluster backup services. |
-| [frameworks/bfl](https://github.com/beclab/terminus/tree/main/frameworks/bfl) | <https://github.com/beclab/bfl> | Backend For Launcher (BFL), a system framework component serving as the user access point and aggregating and proxying interfaces of various backend services. |
-| [frameworks/GPU](https://github.com/beclab/terminus/tree/main/frameworks/GPU) | <https://github.com/grgalex/nvshare> | GPU sharing mechanism that allows multiple processes (or containers running on Kubernetes) to securely run on the same physical GPU concurrently, each having the whole GPU memory available. |
-| [frameworks/l4-bfl-proxy](https://github.com/beclab/terminus/tree/main/frameworks/l4-bfl-proxy) | <https://github.com/beclab/l4-bfl-proxy> | Layer 4 network proxy for BFL. By prereading SNI, it provides a dynamic route to pass through into the user's Ingress. |
-| [frameworks/osnode-init](https://github.com/beclab/terminus/tree/main/frameworks/osnode-init) | <https://github.com/beclab/osnode-init> | A system framework component that initializes node data when a new node joins the cluster. |
-| [frameworks/system-server](https://github.com/beclab/terminus/tree/main/frameworks/system-server) | <https://github.com/beclab/system-server> | As a part of system runtime frameworks, it provides a mechanism for security calls between apps. |
-| [frameworks/tapr](https://github.com/beclab/terminus/tree/main/frameworks/tapr) | <https://github.com/beclab/tapr> | Terminus Application Runtime components. |
-
-<b>System-Level Applications and Services</b>
-
-</details>
-
-<details>
-<summary><b>System-Level Applications and Services</b></summary>
-
-| Directory | Repository | Description |
-| --- | --- | --- |
-| [apps/agent](https://github.com/beclab/terminus/tree/main/apps/agent) | <https://github.com/beclab/dify> | The LLM app development platform ported from [Dify.ai](https://github.com/langgenius/dify), with integrations of Terminus Accounts, local knowledge base, and local models. |
-| [apps/analytic](https://github.com/beclab/terminus/tree/main/apps/analytic) | <https://github.com/beclab/analytic> | Developed based on [Umami](https://github.com/umami-software/umami), Analytic is a simple, fast, privacy-focused alternative to Google Analytics. |
-| [apps/market](https://github.com/beclab/terminus/tree/main/apps/market) | <https://github.com/beclab/market> | This repository deploys the front-end part of the application market in Terminus. |
-| [apps/market-server](https://github.com/beclab/terminus/tree/main/apps/market-server) | <https://github.com/beclab/market> | This repository deploys the back-end part of the application market in Terminus. |
-| [apps/argo](https://github.com/beclab/terminus/tree/main/apps/argo) | <https://github.com/argoproj/argo-workflows> | A workflow engine for orchestrating container execution of local recommendation algorithms. |
-| [apps/desktop](https://github.com/beclab/terminus/tree/main/apps/desktop) | <https://github.com/beclab/desktop> | The built-in desktop application of the system. |
-| [apps/devbox](https://github.com/beclab/terminus/tree/main/apps/devbox) | <https://github.com/beclab/devbox> | An IDE for developers to port and develop Terminus applications. |
-| [apps/TermiPass](https://github.com/beclab/terminus/tree/main/apps/TermiPass) | <https://github.com/beclab/TermiPass> | A free alternative to 1Password and Bitwarden for teams and enterprises of any size Developed based on [Padloc](https://github.com/padloc/padloc). It serves as the client that helps you manage DID, Terminus Name, and Terminus devices. |
-| [apps/files](https://github.com/beclab/terminus/tree/main/apps/files) | <https://github.com/beclab/files> | A built-in file manager modified from [Filebrowser](https://github.com/filebrowser/filebrowser), providing management of files on Drive, Sync, and various Terminus physical nodes. |
-| [apps/mynitro](https://github.com/beclab/terminus/tree/main/apps/mynitro) | <https://github.com/beclab/mynitro> | A wrapper of the official [Nitro](https://github.com/janhq/nitro) project that hosts LLMs locally, specifically, provides services to Dify's agents on Terminus. |
-| [apps/notifications](https://github.com/beclab/terminus/tree/main/apps/notifications) | <https://github.com/beclab/notifications> | The notifications system of Terminus |
-| [apps/profile](https://github.com/beclab/terminus/tree/main/apps/profile) | <https://github.com/beclab/profile> | Linktree alternative in Terminus|
-| [apps/rsshub](https://github.com/beclab/terminus/tree/main/apps/rsshub) | <https://github.com/beclab/rsshub> | A RSS subscription manager based on [RssHub](https://github.com/DIYgod/RSSHub). |
-| [apps/dify-gateway](https://github.com/beclab/terminus/tree/main/apps/dify-gateway) | <https://github.com/beclab/dify-gateway> | A gateway service that establishes the connection between Dify and other services such as Files and Agent. |
-| [apps/settings](https://github.com/beclab/terminus/tree/main/apps/settings) | <https://github.com/beclab/settings> | Built-in system settings. |
-| [apps/system-apps](https://github.com/beclab/terminus/tree/main/apps/system-apps) | <https://github.com/beclab/system-apps> | Built based on the _kubesphere/console_ project, system-service provides a self-hosted cloud platform that helps users understand and control the system's runtime status and resource usage through a visual Dashboard and feature-rich ControlHub. |
-| [apps/wizard](https://github.com/beclab/terminus/tree/main/apps/wizard) | <https://github.com/beclab/wizard> | A wizard application to walk users through the system activation process. |
-</details>
-
-<details>
-<summary><b>Third-party Components and Services</b></summary>
-
-| Directory | Repository | Description |
-| --- | --- | --- |
-| [third-party/authelia](https://github.com/beclab/terminus/tree/main/third-party/authelia) | <https://github.com/beclab/authelia> | An open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. |
-| [third-party/headscale](https://github.com/beclab/terminus/tree/main/third-party/headscale) | <https://github.com/beclab/headscale> | An open source, self-hosted implementation of the Tailscale control server in Terminus to manage Tailscale in TermiPass across different devices. |
-| [third-party/infisical](https://github.com/beclab/terminus/tree/main/third-party/infisical) | <https://github.com/beclab/infisical> | An open-source secret management platform that syncs secrets across your teams/infrastructure and prevents secret leaks. |
-| [third-party/juicefs](https://github.com/beclab/terminus/tree/main/third-party/juicefs) | <https://github.com/beclab/juicefs-ext> | A distributed POSIX file system built on top of Redis and S3, allowing apps on different nodes to access the same data via POSIX interface. |
-| [third-party/ks-console](https://github.com/beclab/terminus/tree/main/third-party/ks-console) | <https://github.com/kubesphere/console> | Kubesphere console that allows for cluster management via a Web GUI. |
-| [third-party/ks-installer](https://github.com/beclab/terminus/tree/main/third-party/ks-installer) | <https://github.com/beclab/ks-installer-ext> | Kubesphere installer component that automatically creates Kubesphere clusters based on cluster resource definitions. |
-| [third-party/kube-state-metrics](https://github.com/beclab/terminus/tree/main/third-party/kube-state-metrics) | <https://github.com/beclab/kube-state-metrics> | kube-state-metrics (KSM) is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. |
-| [third-party/notification-mananger](https://github.com/beclab/terminus/tree/main/third-party/notification-manager) | <https://github.com/beclab/notification-manager-ext> | Kubesphere's notification management component for unified management of multiple notification channels and custom aggregation of notification content. |
-| [third-party/predixy](https://github.com/beclab/terminus/tree/main/third-party/predixy) | <https://github.com/beclab/predixy> | Redis cluster proxy service that automatically identifies available nodes and adds namespace isolation. |
-| [third-party/redis-cluster-operator](https://github.com/beclab/terminus/tree/main/third-party/redis-cluster-operator) | <https://github.com/beclab/redis-cluster-operator> | A cloud-native tool for creating and managing Redis clusters based on Kubernetes. |
-| [third-party/seafile-server](https://github.com/beclab/terminus/tree/main/third-party/seafile-server) | <https://github.com/beclab/seafile-server> | The backend service of Seafile (Sync Drive) for handling data storage. |
-| [third-party/seahub](https://github.com/beclab/terminus/tree/main/third-party/seahub) | <https://github.com/beclab/seahub> | The front-end and middleware service of Seafile (Sync Drive) for handling file sharing, data synchronization, etc. |
-| [third-party/tailscale](https://github.com/beclab/terminus/tree/main/third-party/tailscale) | <https://github.com/tailscale/tailscale> | Tailscale has been integrated in TermiPass of all platforms. |
-</details>
-
-<details>
-<summary><b>Additional libraries and components</b></summary>
-
-| Directory | Repository | Description |
-| --- | --- | --- |
-| [build/installer](https://github.com/beclab/terminus/tree/main/build/installer) |     | The template for generating the installer build. |
-| [build/manifest](https://github.com/beclab/terminus/tree/main/build/manifest) |     | Installation build image list template. |
-| [libs/fs-lib](https://github.com/beclab/terminus/tree/main/libs) | <https://github.com/beclab/fs-lib> | The SDK library for the iNotify-compatible interface implemented based on JuiceFS. |
-| [scripts](https://github.com/beclab/terminus/tree/main/scripts) |     | Assisting scripts for generating the installer build. |
-</details>
-
-## Contributing to Terminus
+## Contributing to Olares
 
 We are welcoming contributions in any form:
 
-- If you want to develop your own applications on Terminus, refer to:<br>
-https://docs.jointerminus.com/developer/develop/
+- If you want to develop your own applications on Olares, refer to:<br>
+https://docs.olares.com/developer/develop/
 
 
-- If you want to help improve Terminus, refer to:<br>
-https://docs.jointerminus.com/developer/contribute/terminus-os.html
+- If you want to help improve Olares, refer to:<br>
+https://docs.olares.com/developer/contribute/olares.html
 
 ## Community & contact
 
-* [**Github Discussion**](https://github.com/beclab/terminus/discussions). Best for sharing feedback and asking questions.
-* [**GitHub Issues**](https://github.com/beclab/terminus/issues). Best for filing bugs you encounter using Terminus and submitting feature proposals. 
-* [**Discord**](https://discord.gg/ShjkCBs2). Best for sharing anything Terminus.
+* [**GitHub Discussion**](https://github.com/beclab/olares/discussions). Best for sharing feedback and asking questions.
+* [**GitHub Issues**](https://github.com/beclab/olares/issues). Best for filing bugs you encounter using Olares and submitting feature proposals. 
+* [**Discord**](https://discord.gg/olares). Best for sharing anything Olares.
 
-## Staying ahead  
+## Special thanks
 
-Star the Terminus project to receive instant notifications about new releases and updates.
-
- 
-![star us](https://file.bttcdn.com/github/terminus/terminus.git.v2.gif)
- 
-
-## Special thanks 
-
-The Terminus project has incorporated numerous third-party open source projects, including: [Kubernetes](https://kubernetes.io/), [Kubesphere](https://github.com/kubesphere/kubesphere), [Padloc](https://padloc.app/), [K3S](https://k3s.io/), [JuiceFS](https://github.com/juicedata/juicefs), [MinIO](https://github.com/minio/minio), [Envoy](https://github.com/envoyproxy/envoy), [Authelia](https://github.com/authelia/authelia), [Infisical](https://github.com/Infisical/infisical), [Dify](https://github.com/langgenius/dify), [Seafile](https://github.com/haiwen/seafile),[HeadScale](https://headscale.net/), [tailscale](https://tailscale.com/), [Redis Operator](https://github.com/spotahome/redis-operator), [Nitro](https://nitro.jan.ai/), [RssHub](http://rsshub.app/), [predixy](https://github.com/joyieldInc/predixy), [nvshare](https://github.com/grgalex/nvshare), [LangChain](https://www.langchain.com/), [Quasar](https://quasar.dev/), [TrustWallet](https://trustwallet.com/), [Restic](https://restic.net/), [ZincSearch](https://zincsearch-docs.zinc.dev/), [filebrowser](https://filebrowser.org/), [lego](https://go-acme.github.io/lego/), [Velero](https://velero.io/), [s3rver](https://github.com/jamhall/s3rver), [Citusdata](https://www.citusdata.com/).
+The Olares project has incorporated numerous third-party open source projects, including: [Kubernetes](https://kubernetes.io/), [Kubesphere](https://github.com/kubesphere/kubesphere), [Padloc](https://padloc.app/), [K3S](https://k3s.io/), [JuiceFS](https://github.com/juicedata/juicefs), [MinIO](https://github.com/minio/minio), [Envoy](https://github.com/envoyproxy/envoy), [Authelia](https://github.com/authelia/authelia), [Infisical](https://github.com/Infisical/infisical), [Dify](https://github.com/langgenius/dify), [Seafile](https://github.com/haiwen/seafile),[HeadScale](https://headscale.net/), [tailscale](https://tailscale.com/), [Redis Operator](https://github.com/spotahome/redis-operator), [Nitro](https://nitro.jan.ai/), [RssHub](http://rsshub.app/), [predixy](https://github.com/joyieldInc/predixy), [nvshare](https://github.com/grgalex/nvshare), [LangChain](https://www.langchain.com/), [Quasar](https://quasar.dev/), [TrustWallet](https://trustwallet.com/), [Restic](https://restic.net/), [ZincSearch](https://zincsearch-docs.zinc.dev/), [filebrowser](https://filebrowser.org/), [lego](https://go-acme.github.io/lego/), [Velero](https://velero.io/), [s3rver](https://github.com/jamhall/s3rver), [Citusdata](https://www.citusdata.com/).

README_CN.md

@@ -0,0 +1,143 @@
+<div align="center">
+
+# Olares：助您重获数据主权的开源个人云
+
+[![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br/>
+[![Last Commit](https://img.shields.io/github/last-commit/beclab/terminus)](https://github.com/beclab/olares/commits/main)
+![Build Status](https://github.com/beclab/olares/actions/workflows/release-daily.yaml/badge.svg)
+[![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/terminus)](https://github.com/beclab/olares/releases)
+[![GitHub Repo stars](https://img.shields.io/github/stars/beclab/terminus?style=social)](https://github.com/beclab/olares/stargazers)
+[![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.gg/olares)
+[![License](https://img.shields.io/badge/License-AGPL--3.0-blue)](https://github.com/beclab/olares/blob/main/LICENSE)
+
+<p>
+  <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
+  <a href="./README_CN.md"><img alt="Readme in Chinese" src="https://img.shields.io/badge/简体中文-FFFFFF"></a>
+  <a href="./README_JP.md"><img alt="Readme in Japanese" src="https://img.shields.io/badge/日本語-FFFFFF"></a>
+</p>
+
+</div>
+
+<p align="center">
+  <a href="https://olares.com">网站</a> ·
+  <a href="https://docs.olares.com">文档</a> ·
+  <a href="https://larepass.olares.com">下载 LarePass</a> ·
+  <a href="https://github.com/beclab/apps">Olares 应用</a> ·
+  <a href="https://space.olares.com">Olares Space</a>
+</p>
+
+> *基于公有云构建的现代互联网日益威胁着您的个人数据隐私。随着您对 ChatGPT、Midjourney 和脸书等服务的依赖加深，您对数字自主权的掌控也在减弱。您的数据存储在他人服务器上，受其条款约束，被追踪并审查。*
+>
+> *是时候做出改变了。*
+
+![个人云](https://app.cdn.olares.com/github/olares/public-cloud-to-personal-cloud.jpg)
+
+我们坚信，**您拥有掌控自己数字生活的基本权利**。维护这一权利最有效的方式，就是将您的数据托管在本地，在您自己的硬件上。
+
+Olares 是一款开源个人云操作系统，旨在让您能够轻松在本地拥有并管理自己的数字资产。您无需再依赖公有云服务，而可以在 Olares 上本地部署强大的开源平替服务或应用，例如可以使用 Ollama 托管大语言模型，使用 SD WebUI 用于图像生成，以及使用 Mastodon 构建不受审查的社交空间。Olares 让你坐拥云计算的强大威力，又能完全将其置于自己掌控之下。
+
+> 为 Olares 点亮 🌟 以及时获取新版本和更新的通知。
+
+## 系统架构
+
+公有云具有基础设施即服务（IaaS）、平台即服务（PaaS）和软件即服务（SaaS）等层级。Olares 为这些层级提供了开源替代方案。
+
+  ![技术栈](https://app.cdn.olares.com/github/olares/olares-architecture.jpg)
+
+详细描述请参考 [Olares 架构](https://docs.olares.cn/zh/manual/concepts/system-architecture.html)文档。
+
+>🔍**Olares 和 NAS 有什么不同？**
+>
+> Olares 致力于打造一站式的自托管个人云体验。其核心功能与用户定位，均与专注于网络存储的传统 NAS 有着显著的不同，详情请参考 [Olares 与 NAS 对比](https://docs.olares.com/zh/manual/olares-vs-nas.html)。
+
+
+## 功能特性
+
+Olares 提供了一系列功能，旨在提升安全性、使用便捷性以及开发的灵活性：
+
+- **企业级安全**：使用 Tailscale、Headscale、Cloudflare Tunnel 和 FRP 简化网络配置，确保安全连接。
+- **安全且无需许可的应用生态系统**：应用通过沙箱化技术实现隔离，保障应用运行的安全性。
+- **统一文件系统和数据库**：提供自动扩展、数据备份和高可用性功能，确保数据的持久安全。
+- **单点登录**：用户仅需一次登录，即可访问 Olares 中所有应用的共享认证服务。
+- **AI 功能**：包括全面的 GPU 管理、本地 AI 模型托管及私有知识库，同时严格保护数据隐私。
+- **内置应用程序**：涵盖文件管理器、同步驱动器、密钥管理器、阅读器、应用市场、设置和面板等，提供全面的应用支持。
+- **无缝访问**：通过移动端、桌面端和网页浏览器客户端，从全球任何地方访问设备。
+- **开发工具**：提供全面的工具支持，便于开发和移植应用，加速开发进程。
+
+以下是用户界面的一些截图预览：
+
+| **桌面：熟悉高效的访问入口**     |  **文件管理器：安全存储数据**
+| :--------: | :-------: |
+| ![桌面](https://app.cdn.olares.com/github/terminus/v2/desktop.jpg) | ![文件](https://app.cdn.olares.com/github/terminus/v2/files.jpg) |
+| **Vault：密码无忧管理**|**市场：可控的应用生态系统** |
+| ![vault](https://app.cdn.olares.com/github/terminus/v2/vault.jpg) | ![市场](https://app.cdn.olares.com/github/terminus/v2/market.jpg) |
+|**Wise：数字后花园** | **设置：高效管理 Olares** |
+| ![设置](https://app.cdn.olares.com/github/terminus/v2/wise.jpg) | ![](https://app.cdn.olares.com/github/terminus/v2/settings.jpg) |
+|**仪表盘：持续监控 Olares**  | **Profile：独特的个人主页** |
+| ![面板](https://app.cdn.olares.com/github/terminus/v2/dashboard.jpg) | ![profile](https://app.cdn.olares.com/github/terminus/v2/profile.jpg) |
+| **Studio：一站式开发、调试和部署**|**控制面板：轻松管理 Kubernetes 集群**  |
+| ![Devbox](https://app.cdn.olares.com/github/terminus/v2/devbox.jpg) | ![控制中心](https://app.cdn.olares.com/github/terminus/v2/controlhub.jpg)|
+
+## 使用场景
+
+在以下场景中，Olares 为您带来私密、强大且安全的私有云体验：
+
+🤖**本地 AI 助手**：在本地部署运行顶级开源 AI 模型，涵盖语言处理、图像生成和语音识别等领域。根据个人需求定制 AI 助手，确保数据隐私和控制权均处于自己手中。<br>
+
+💻**个人数据仓库**：所有个人文件，包括照片、文档和重要资料，都可以在这个安全的统一平台上存储和同步，随时随地都能方便地访问。<br>
+
+🛠️**自托管工作空间**：利用开源 SaaS 平替方案，无需成本即可为家庭或工作团队搭建一个功能强大的工作空间。<br>
+
+🎥**私人媒体服务器**：用自己的视频和音乐库搭建一个私人流媒体服务，随时享受个性化的娱乐体验。<br>
+
+🏡**智能家居中心**：将所有智能设备和自动化系统集中在一个易于管理的控制中心，实现家庭智能化的简便操作。<br>
+
+🤝**独立的社交媒体平台**：在 Olares 上部署去中心化社交媒体应用，如 Mastodon、Ghost 和 WordPress，自由建立和扩展个人品牌，无需担忧封号或支付额外费用。<br>
+
+📚**学习探索**：深入学习自托管服务、容器技术和云计算，并上手实践。<br>
+
+## 快速开始
+
+### 系统兼容性
+
+Olares 已在以下 Linux 平台完成测试与验证：
+
+- Ubuntu 24.04 LTS 及以上版本
+- Debian 11 及以上版本
+
+### 安装 Olares
+ 
+参考[快速上手指南](https://docs.olares.cn/zh/manual/get-started/)安装并激活 Olares。
+
+## 项目目录
+Olares 代码库中的主要目录如下：
+
+* **[`apps`](./apps)**: 用于存放系统应用，主要是 `larepass` 的代码。
+* **[`cli`](./cli)**: 用于存放 `olares-cli`（Olares 的命令行界面工具）的代码。
+* **[`daemon`](./daemon)**: 用于存放 `olaresd`（系统守护进程）的代码。
+* **[`docs`**](./docs)**: 用于存放 Olares 项目的文档。
+* **[`framework`](./framework)**: 用来存放 Olares 系统服务代码。
+* **[`infrastructure`](./infrastructure)**: 用于存放计算，存储，网络，GPU 等基础设施的代码。
+* **[`platform`](./platform)**: 用于存放数据库、消息队列等云原生组件的代码。
+* **`vendor`**: 用于存放来自第三方硬件供应商的代码。
+
+## 社区贡献
+
+我们欢迎任何形式的贡献！
+
+- 如果您想在 Olares 上开发自己的应用，请参考：<br>
+https://docs.olares.com/developer/develop/
+
+
+- 如果您想帮助改进 Olares，请参考：<br>
+https://docs.olares.com/developer/contribute/olares.html
+
+## 社区支持
+
+* [**GitHub Discussion**](https://github.com/beclab/olares/discussions) - 讨论 Olares 使用过程中的疑问。
+* [**GitHub Issues**](https://github.com/beclab/olares/issues) - 报告 Olares 的遇到的问题或提出功能改进建议。
+* [**Discord**](https://discord.gg/olares) - 日常交流，分享经验，或讨论与 Olares 相关的任何主题。
+
+## 特别感谢
+
+Olares 项目整合了许多第三方开源项目，包括：[Kubernetes](https://kubernetes.io/)、[Kubesphere](https://github.com/kubesphere/kubesphere)、[Padloc](https://padloc.app/)、[K3S](https://k3s.io/)、[JuiceFS](https://github.com/juicedata/juicefs)、[MinIO](https://github.com/minio/minio)、[Envoy](https://github.com/envoyproxy/envoy)、[Authelia](https://github.com/authelia/authelia)、[Infisical](https://github.com/Infisical/infisical)、[Dify](https://github.com/langgenius/dify)、[Seafile](https://github.com/haiwen/seafile)、[HeadScale](https://headscale.net/)、 [tailscale](https://tailscale.com/)、[Redis Operator](https://github.com/spotahome/redis-operator)、[Nitro](https://nitro.jan.ai/)、[RssHub](http://rsshub.app/)、[predixy](https://github.com/joyieldInc/predixy)、[nvshare](https://github.com/grgalex/nvshare)、[LangChain](https://www.langchain.com/)、[Quasar](https://quasar.dev/)、[TrustWallet](https://trustwallet.com/)、[Restic](https://restic.net/)、[ZincSearch](https://zincsearch-docs.zinc.dev/)、[filebrowser](https://filebrowser.org/)、[lego](https://go-acme.github.io/lego/)、[Velero](https://velero.io/)、[s3rver](https://github.com/jamhall/s3rver)、[Citusdata](https://www.citusdata.com/)。

README_JP.md

@@ -0,0 +1,142 @@
+<div align="center">
+
+# Olares: ローカルAIのためのオープンソース主権クラウドOS<!-- omit in toc -->
+
+[![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br/>
+[![Last Commit](https://img.shields.io/github/last-commit/beclab/olares)](https://github.com/beclab/olares/commits/main)
+![Build Status](https://github.com/beclab/olares/actions/workflows/release-daily.yaml/badge.svg)
+[![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/olares)](https://github.com/beclab/olares/releases)
+[![GitHub Repo stars](https://img.shields.io/github/stars/beclab/olares?style=social)](https://github.com/beclab/olares/stargazers)
+[![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.gg/olares)
+[![License](https://img.shields.io/badge/License-AGPL--3.0-blue)](https://github.com/beclab/olares/blob/main/LICENSE)
+
+<p>
+  <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
+  <a href="./README_CN.md"><img alt="Readme in Chinese" src="https://img.shields.io/badge/简体中文-FFFFFF"></a>
+  <a href="./README_JP.md"><img alt="Readme in Japanese" src="https://img.shields.io/badge/日本語-FFFFFF"></a>
+</p>
+
+</div>
+
+<p align="center">
+  <a href="https://olares.com">ウェブサイト</a> ·
+  <a href="https://docs.olares.com">ドキュメント</a> ·
+  <a href="https://larepass.olares.com">LarePassをダウンロード</a> ·
+  <a href="https://github.com/beclab/apps">Olaresアプリ</a> ·
+  <a href="https://space.olares.com">Olares Space</a>
+</p>
+
+> *パブリッククラウドを基盤とする現代のインターネットは、あなたの個人データのプライバシーをますます脅かしています。ChatGPT、Midjourney、Facebookといったサービスへの依存が深まるにつれ、デジタル主権に対するあなたのコントロールも弱まっています。あなたのデータは他者のサーバーに保存され、その利用規約に縛られ、追跡され、検閲されているのです。*
+>
+>*今こそ、変革の時です。*
+
+![自身のデジタル](https://app.cdn.olares.com/github/olares/public-cloud-to-personal-cloud.jpg)
+
+私たちは、あなたが自身のデジタルライフをコントロールする基本的な権利を有すると確信しています。この権利を守る最も効果的な方法は、あなたのデータをローカルの、あなた自身のハードウェア上でホストすることです。
+
+Olaresは、あなたが自身のデジタル資産をローカルで容易に所有し管理できるよう設計された、オープンソースのパーソナルクラウドOSです。もはやパブリッククラウドサービスに依存する必要はありません。Olares上で、例えばOllamaを利用した大規模言語モデルのホスティング、SD WebUIによる画像生成、Mastodonを用いた検閲のないソーシャルスペースの構築など、強力なオープンソースの代替サービスやアプリケーションをローカルにデプロイできます。Olaresは、クラウドコンピューティングの絶大な力を活用しつつ、それを完全に自身のコントロール下に置くことを可能にします。
+
+> 🌟 *新しいリリースや更新についての通知を受け取るために、スターを付けてください。*
+
+## アーキテクチャ
+
+パブリッククラウドは、IaaS (Infrastructure as a Service)、PaaS (Platform as a Service)、SaaS (Software as a Service) といったサービスレイヤーで構成されています。Olaresは、これら各レイヤーに対するオープンソースの代替ソリューションを提供しています。
+
+  ![Olaresのアーキテクチ](https://app.cdn.olares.com/github/olares/olares-architecture.jpg)
+
+各コンポーネントの詳細については、[Olares アーキテクチャ](https://docs.olares.com/manual/concepts/system-architecture.html)（英語版）をご参照ください。
+
+> 🔍**OlaresとNASの違いは何ですか？**
+>
+> Olaresは、ワンストップのセルフホスティング・パーソナルクラウド体験の実現を目指しています。そのコア機能とユーザーの位置付けは、ネットワークストレージに特化した従来のNASとは大きく異なります。詳細は、[OlaresとNASの比較](https://docs.olares.com/manual/olares-vs-nas.html)（英語版）をご参照ください。
+
+## 機能
+
+Olaresは、セキュリティ、使いやすさ、開発の柔軟性を向上させるための幅広い機能を提供します：
+
+- **エンタープライズグレードのセキュリティ**: Tailscale、Headscale、Cloudflare Tunnel、FRPを使用してネットワーク構成を簡素化します。
+- **安全で許可のないアプリケーションエコシステム**: サンドボックス化によりアプリケーションの分離とセキュリティを確保します。
+- **統一ファイルシステムとデータベース**: 自動スケーリング、バックアップ、高可用性を提供します。
+- **シングルサインオン**: 一度ログインするだけで、Olares内のすべてのアプリケーションに共有認証サービスを使用してアクセスできます。
+- **AI機能**: GPU管理、ローカルAIモデルホスティング、プライベートナレッジベースの包括的なソリューションを提供し、データプライバシーを維持します。
+- **内蔵アプリケーション**: ファイルマネージャー、同期ドライブ、ボールト、リーダー、アプリマーケット、設定、ダッシュボードを含みます。
+- **どこからでもシームレスにアクセス**: モバイル、デスクトップ、ブラウザ用の専用クライアントを使用して、どこからでもデバイスにアクセスできます。
+- **開発ツール**: アプリケーションの開発と移植を容易にする包括的な開発ツールを提供します。
+
+以下はUIのスクリーンショットプレビューです。
+
+| **デスクトップ：馴染みやすく効率的なアクセスポイント** |  **ファイルマネージャー：データを安全に保管** |
+| :--------: | :-------: |
+| ![桌面](https://app.cdn.olares.com/github/terminus/v2/desktop.jpg) | ![文件](https://app.cdn.olares.com/github/terminus/v2/files.jpg) |
+| **Vault：安心のパスワード管理**|**マーケット：コントロール可能なアプリエコシステム** |
+| ![vault](https://app.cdn.olares.com/github/terminus/v2/vault.jpg) | ![市场](https://app.cdn.olares.com/github/terminus/v2/market.jpg) |
+| **Wise：あなただけのデジタルガーデン** | **設定：Olaresを効率的に管理** |
+| ![设置](https://app.cdn.olares.com/github/terminus/v2/wise.jpg) | ![](https://app.cdn.olares.com/github/terminus/v2/settings.jpg) |
+| **ダッシュボード：Olaresを継続的に監視** | **プロフィール：ユニークなパーソナルページ** |
+| ![面板](https://app.cdn.olares.com/github/terminus/v2/dashboard.jpg) | ![profile](https://app.cdn.olares.com/github/terminus/v2/profile.jpg) |
+| **Studio：開発、デバッグ、デプロイをワンストップで**|**コントロールパネル：Kubernetesクラスターを簡単に管理** |
+| ![Devbox](https://app.cdn.olares.com/github/terminus/v2/devbox.jpg) | ![控制中心](https://app.cdn.olares.com/github/terminus/v2/controlhub.jpg)|
+
+## なぜOlaresなのか？
+
+以下の理由とシナリオで、Olaresはプライベートで強力かつ安全な主権クラウド体験を提供します：
+
+🤖 **エッジAI**: 最先端のオープンAIモデルをローカルで実行し、大規模言語モデル、コンピュータビジョン、音声認識などを含みます。データに合わせてプライベートAIサービスを作成し、機能性とプライバシーを向上させます。<br>
+
+📊 **個人データリポジトリ**: 重要なファイル、写真、ドキュメントを安全に保存し、デバイスや場所を問わず同期および管理します。<br>
+
+🚀 **セルフホストワークスペース**: 安全なオープンソースSaaS代替品を使用して、チームのための無料のコラボレーションワークスペースを構築します。<br>
+
+🎥 **プライベートメディアサーバー**: 個人のメディアコレクションをホストし、独自のストリーミングサービスを提供します。<br>
+
+🏡 **スマートホームハブ**: IoTデバイスやホームオートメーションの中央制御ポイントを作成します。<br>
+
+🤝 **ユーザー所有の分散型ソーシャルメディア**: Mastodon、Ghost、WordPressなどの分散型ソーシャルメディアアプリをOlaresに簡単にインストールし、プラットフォームの手数料やアカウント停止のリスクなしに個人ブランドを構築します。<br>
+
+📚 **学習プラットフォーム**: セルフホスティング、コンテナオーケストレーション、クラウド技術を実践的に学びます。
+
+## はじめに
+
+### システム互換性
+
+Olaresは以下のLinuxプラットフォームで動作検証を完了しています：
+
+- Ubuntu 24.04 LTS 以降
+- Debian 11 以降
+
+### Olaresのセットアップ
+自分のデバイスでOlaresを始めるには、[はじめにガイド](https://docs.olares.com/manual/get-started/)に従ってステップバイステップの手順を確認してください。
+
+
+## プロジェクトナビゲーションx
+このセクションでは、Olares リポジトリ内の主要なディレクトリをリストアップしています：
+
+* **[`apps`](./apps)**: システムアプリケーションのコードが含まれており、主に `larepass` 用です。
+* **[`cli`](./cli)**: Olares のコマンドラインインターフェースツールである `olares-cli` のコードが含まれています。
+* **[`daemon`](./daemon)**: システムデーモンプロセスである `olaresd` のコードが含まれています。
+* **[`docs`](./docs)**: プロジェクトのドキュメントが含まれています。
+* **[`framework`](./framework)**: Olares システムサービスが含まれています。
+* **[`infrastructure`](./infrastructure)**: コンピューティング、ストレージ、ネットワーキング、GPU などのインフラストラクチャコンポーネントに関連するコードが含まれています。
+* **[`platform`](./platform)**: データベースやメッセージキューなどのクラウドネイティブコンポーネントのコードが含まれています。
+* **`vendor`**: サードパーティのハードウェアベンダーからのコードが含まれています。
+
+## Olaresへの貢献
+
+あらゆる形での貢献を歓迎します：
+
+- Olaresで独自のアプリケーションを開発したい場合は、以下を参照してください：<br>
+https://docs.olares.com/developer/develop/
+
+
+- Olaresの改善に協力したい場合は、以下を参照してください：<br>
+https://docs.olares.com/developer/contribute/olares.html
+
+## コミュニティと連絡先
+
+* [**GitHub Discussion**](https://github.com/beclab/olares/discussions). フィードバックの共有や質問に最適です。
+* [**GitHub Issues**](https://github.com/beclab/olares/issues). Olaresの使用中に遭遇したバグの報告や機能提案の提出に最適です。 
+* [**Discord**](https://discord.gg/olares). Olaresに関するあらゆることを共有するのに最適です。
+
+## 特別な感謝
+
+Olaresプロジェクトは、次のような多数のサードパーティオープンソースプロジェクトを統合しています：[Kubernetes](https://kubernetes.io/)、[Kubesphere](https://github.com/kubesphere/kubesphere)、[Padloc](https://padloc.app/)、[K3S](https://k3s.io/)、[JuiceFS](https://github.com/juicedata/juicefs)、[MinIO](https://github.com/minio/minio)、[Envoy](https://github.com/envoyproxy/envoy)、[Authelia](https://github.com/authelia/authelia)、[Infisical](https://github.com/Infisical/infisical)、[Dify](https://github.com/langgenius/dify)、[Seafile](https://github.com/haiwen/seafile)、[HeadScale](https://headscale.net/)、 [tailscale](https://tailscale.com/)、[Redis Operator](https://github.com/spotahome/redis-operator)、[Nitro](https://nitro.jan.ai/)、[RssHub](http://rsshub.app/)、[predixy](https://github.com/joyieldInc/predixy)、[nvshare](https://github.com/grgalex/nvshare)、[LangChain](https://www.langchain.com/)、[Quasar](https://quasar.dev/)、[TrustWallet](https://trustwallet.com/)、[Restic](https://restic.net/)、[ZincSearch](https://zincsearch-docs.zinc.dev/)、[filebrowser](https://filebrowser.org/)、[lego](https://go-acme.github.io/lego/)、[Velero](https://velero.io/)、[s3rver](https://github.com/jamhall/s3rver)、[Citusdata](https://www.citusdata.com/)。

apps/.olares/config/user/helm-charts/system-apps/templates/app-service-provider.yaml

@@ -0,0 +1,39 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:app-service-frontend-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/app-service
+    provider-service-ref: app-service.os-framework:6755
+rules:
+- nonResourceURLs: ["*"]
+  verbs: ["*"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:app-service-provider-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/app-service
+    provider-service-ref: app-service.os-framework:6755
+rules:
+- nonResourceURLs: 
+  - "/app-service/*"
+  verbs: ["*"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:app-service-frontend-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:app-service-frontend-svc
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+

apps/.olares/config/user/helm-charts/system-apps/templates/backup-provider.yaml

@@ -0,0 +1,64 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:backup-frontend-svc
+  annotations:
+    provider-registry-ref: user-space-{{ .Values.bfl.username }}/backup
+    provider-service-ref: backup-server.os-framework:8082
+rules:
+- nonResourceURLs: ["/apis/backup*"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:backup-frontend-domain
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/settings
+    provider-service-ref: backup-server.os-framework:8082
+rules:
+- nonResourceURLs: ["/apis/backup*"]
+  verbs: ["*"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:backup-frontend-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:backup-frontend-svc
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:backup-frontend-domain
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:backup-frontend-domain
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backup
+  namespace: user-space-{{ .Values.bfl.username }}
+spec:
+  type: ExternalName
+  externalName: system-server.user-system-{{ .Values.bfl.username }}.svc.cluster.local
+  ports:
+    - protocol: TCP
+      port: 28080
+      targetPort: 28080

apps/.olares/config/user/helm-charts/system-apps/templates/bfl-permission.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:system-frontend:bfl-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:bfl-svc
+subjects:
+- kind: ServiceAccount
+  name: system-frontend
+  namespace: {{ .Release.Namespace }}
+

apps/.olares/config/user/helm-charts/system-apps/templates/files-permission.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:system-frontend:files-provider-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:files-provider-svc
+subjects:
+- kind: ServiceAccount
+  name: system-frontend
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:system-frontend:media-server-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:media-server-svc
+subjects:
+- kind: ServiceAccount
+  name: system-frontend
+  namespace: {{ .Release.Namespace }}

apps/.olares/config/user/helm-charts/system-apps/templates/files-provider.yaml

@@ -0,0 +1,121 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:files-frontend-svc
+  annotations:
+    provider-registry-ref: user-space-{{ .Values.bfl.username }}/files
+    provider-service-ref: files-service.os-framework:80
+rules:
+- nonResourceURLs: ["*"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:files-frontend-domain
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/files
+    provider-service-ref: files-service.os-framework:80
+rules:
+- nonResourceURLs: ["*"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:files-frontend-domain-settings
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/settings
+    provider-service-ref: files-service.os-framework:80
+rules:
+- nonResourceURLs: 
+  - "/api/resources/*"
+  - "/api/nodes/*"
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:files-provider-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/files
+    provider-service-ref: files-service.os-framework:80
+rules:
+- nonResourceURLs: 
+  - "/provider/query_file"
+  - "/provider/get_search_folder_status"
+  - "/provider/update_search_folder_paths"
+  - "/provider/get_dataset_folder_status"
+  - "/provider/update_dataset_folder_paths"
+  - "/seahub/api/*"
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:media-server-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/media-server-service
+    provider-service-ref: media-server-service.os-framework:9090
+rules:
+- nonResourceURLs: 
+  - "/System/Configuration/encoding"
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:files-frontend-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:files-frontend-svc
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:files-frontend-domain
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:files-frontend-domain
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:files-frontend-domain-settings
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:files-frontend-domain-settings
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: files
+  namespace: user-space-{{ .Values.bfl.username }}
+spec:
+  type: ExternalName
+  externalName: system-server.user-system-{{ .Values.bfl.username }}.svc.cluster.local
+  ports:
+    - protocol: TCP
+      port: 28080
+      targetPort: 28080

apps/.olares/config/user/helm-charts/system-apps/templates/hami-permission.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:system-frontend:hami-scheduler-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:hami-scheduler-svc
+subjects:
+- kind: ServiceAccount
+  name: system-frontend
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:system-frontend:hami-webui-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:hami-webui-svc
+subjects:
+- kind: ServiceAccount
+  name: system-frontend
+  namespace: {{ .Release.Namespace }}

apps/.olares/config/user/helm-charts/system-apps/templates/hami-provider.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:hami-scheduler-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/hami-scheduler
+    provider-service-ref: https://hami-scheduler.kube-system
+rules:
+- nonResourceURLs: 
+  - "/gpus*"
+  verbs: ["*"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:hami-webui-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/hami-webui
+    provider-service-ref: hami-webui.kube-system:3000
+rules:
+- nonResourceURLs: 
+  - "/api/vgpu/v1/*"
+  verbs: ["*"]  

apps/.olares/config/user/helm-charts/system-apps/templates/headscale-permission.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:system-frontend:headscale-provider-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:headscale-svc
+subjects:
+- kind: ServiceAccount
+  name: system-frontend
+  namespace: {{ .Release.Namespace }}

apps/.olares/config/user/helm-charts/system-apps/templates/infisical-provider.yaml

@@ -0,0 +1,64 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:infisical-frontend-svc
+  annotations:
+    provider-registry-ref: user-space-{{ .Values.bfl.username }}/infisical
+    provider-service-ref: infisical-service.os-protected:8080
+rules:
+- nonResourceURLs: ["/admin/*"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:infisical-frontend-domain
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/settings
+    provider-service-ref: infisical-service.os-protected:8080
+rules:
+- nonResourceURLs: ["/admin/*"]
+  verbs: ["*"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:infisical-frontend-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:infisical-frontend-svc
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:infisical-frontend-domain
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:infisical-frontend-domain
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: infisical
+  namespace: user-space-{{ .Values.bfl.username }}
+spec:
+  type: ExternalName
+  externalName: system-server.user-system-{{ .Values.bfl.username }}.svc.cluster.local
+  ports:
+    - protocol: TCP
+      port: 28080
+      targetPort: 28080

apps/.olares/config/user/helm-charts/system-apps/templates/market-provider.yaml

@@ -0,0 +1,76 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:market-frontend-svc
+  annotations:
+    provider-registry-ref: user-space-{{ .Values.bfl.username }}/market
+    provider-service-ref: appstore-svc.os-framework:81
+rules:
+- nonResourceURLs: ["*"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:market-frontend-domain
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/market
+    provider-service-ref: appstore-svc.os-framework:81
+rules:
+- nonResourceURLs: ["*"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:market-provider-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/market
+    provider-service-ref: appstore-svc.os-framework:81
+rules:
+- nonResourceURLs: ["/app-store/*"]
+  verbs: ["*"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:market-frontend-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:market-frontend-svc
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:market-frontend-domain
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:market-frontend-domain
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: market
+  namespace: user-space-{{ .Values.bfl.username }}
+spec:
+  type: ExternalName
+  externalName: system-server.user-system-{{ .Values.bfl.username }}.svc.cluster.local
+  ports:
+    - protocol: TCP
+      port: 28080
+      targetPort: 28080

apps/.olares/config/user/helm-charts/system-apps/templates/middleware-provider.yaml

@@ -0,0 +1,64 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:middleware-frontend-svc
+  annotations:
+    provider-registry-ref: user-space-{{ .Values.bfl.username }}/middleware
+    provider-service-ref: middleware-service.os-platform:80
+rules:
+- nonResourceURLs: ["*"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:middleware-frontend-domain-controlhub
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/control-hub
+    provider-service-ref: middleware-service.os-platform:80
+rules:
+- nonResourceURLs: ["/middleware/*"]
+  verbs: ["*"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:middleware-frontend-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:middleware-frontend-svc
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:middleware-frontend-domain-controlhub
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:middleware-frontend-domain-controlhub
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: middleware
+  namespace: user-space-{{ .Values.bfl.username }}
+spec:
+  type: ExternalName
+  externalName: system-server.user-system-{{ .Values.bfl.username }}.svc.cluster.local
+  ports:
+    - protocol: TCP
+      port: 28080
+      targetPort: 28080

apps/.olares/config/user/helm-charts/system-apps/templates/monitoring-provider.yaml

@@ -0,0 +1,145 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:monitoring-frontend-svc
+  annotations:
+    provider-registry-ref: user-space-{{ .Values.bfl.username }}/monitoring
+    provider-service-ref: monitoring-server.os-framework:80
+rules:
+- nonResourceURLs: ["*"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:monitoring-frontend-domain-controlhub
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/control-hub
+    provider-service-ref: monitoring-server.os-framework:80
+rules:
+- nonResourceURLs: 
+  - "/kapis/*"
+  - "/api*"
+  - "/capi/*"
+  - "/apis/apps/*"
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:monitoring-frontend-domain-dashboard
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/dashboard
+    provider-service-ref: monitoring-server.os-framework:80
+rules:
+- nonResourceURLs: ["*"]
+  verbs: ["*"]  
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:monitoring-frontend-domain-settings
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/settings
+    provider-service-ref: monitoring-server.os-framework:80
+rules:
+- nonResourceURLs: 
+  - "/kapis/*"
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:monitoring-frontend-domain-desktop
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/desktop
+    provider-service-ref: monitoring-server.os-framework:80
+rules:
+- nonResourceURLs: 
+  - "/kapis/*"
+  verbs: ["*"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:monitoring-frontend-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:monitoring-frontend-svc
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:monitoring-frontend-domain-controlhub
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:monitoring-frontend-domain-controlhub
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:monitoring-frontend-domain-dashboard
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:monitoring-frontend-domain-dashboard
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:monitoring-frontend-domain-settings
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:monitoring-frontend-domain-settings
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:monitoring-frontend-domain-desktop
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:monitoring-frontend-domain-desktop
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: monitoring
+  namespace: user-space-{{ .Values.bfl.username }}
+spec:
+  type: ExternalName
+  externalName: system-server.user-system-{{ .Values.bfl.username }}.svc.cluster.local
+  ports:
+    - protocol: TCP
+      port: 28080
+      targetPort: 28080

apps/.olares/config/user/helm-charts/system-apps/templates/notification-permission.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:notification-provider-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:notification-provider-svc
+subjects:
+- kind: ServiceAccount
+  name: system-frontend
+  namespace: {{ .Release.Namespace }}

apps/.olares/config/user/helm-charts/system-apps/templates/notification-provider.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:notification-provider-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/notifications-server
+    provider-service-ref: notifications-server.os-framework:80
+rules:
+- nonResourceURLs: 
+  - "/notification/*"
+  verbs: ["*"]

apps/.olares/config/user/helm-charts/system-apps/templates/seafile-provider.yaml

@@ -0,0 +1,40 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:seafile-frontend-domain-desktop
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/desktop
+    provider-service-ref: seafile.os-framework.os-framework:80
+rules:
+- nonResourceURLs: 
+  - "/seahub/*"
+  - "/seafhttp/*"
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:seafile-frontend-domain-desktop
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:seafile-frontend-domain-desktop
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: seafile
+  namespace: user-space-{{ .Values.bfl.username }}
+spec:
+  type: ExternalName
+  externalName: system-server.user-system-{{ .Values.bfl.username }}.svc.cluster.local
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 28080

apps/.olares/config/user/helm-charts/system-apps/templates/search-permission.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:search-provider-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:search-provider-svc
+subjects:
+- kind: ServiceAccount
+  name: system-frontend
+  namespace: {{ .Release.Namespace }}

apps/.olares/config/user/helm-charts/system-apps/templates/search-provider.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:search-provider-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/search3
+    provider-service-ref: search3.os-framework:80
+rules:
+- nonResourceURLs: 
+  - "/document/search*"
+  verbs: ["*"]

apps/.olares/config/user/helm-charts/system-apps/templates/secret-permission.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:secret-settings-provider-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:secret-settings-provider-svc
+subjects:
+- kind: ServiceAccount
+  name: system-frontend
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:system-frontend:secret-dashboard-provider-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:secret-dashboard-provider-svc
+subjects:
+- kind: ServiceAccount
+  name: system-frontend
+  namespace: {{ .Release.Namespace }}
+

apps/.olares/config/user/helm-charts/system-apps/templates/user-service-provider.yaml

@@ -0,0 +1,60 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:settings-provider-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/settings
+    provider-service-ref: settings-service.{{ .Release.Namespace }}
+rules:
+- nonResourceURLs: 
+  - "/api/cloud/getNFTAddress"
+  - "/api/account/"
+  - "/api/backup/password"
+  - "/api/account/retrieve"
+  - "/api/account/all"
+  - "/api/cookie/retrieve"
+  - "/api/cookie"
+  - "/api/abilities"
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:edge-desktop-provider-svc
+  annotations:
+    provider-registry-ref: user-system-{{ .Values.bfl.username }}/edge-desktop
+    provider-service-ref: edge-desktop.{{ .Release.Namespace }}
+rules:
+- nonResourceURLs: 
+  - "/server/intent/send"
+  - "/server/ai_message"
+  verbs: ["*"]  
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:desktop
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/desktop
+    provider-service-ref: edge-desktop.{{ .Release.Namespace }}
+rules:
+- nonResourceURLs: 
+  - "/server/intent/send"
+  verbs: ["*"]  
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Release.Namespace }}:desktop
+  annotations:
+    provider-registry-ref: {{ .Release.Namespace }}/desktop
+    provider-service-ref: edge-desktop.{{ .Release.Namespace }}
+rules:
+- nonResourceURLs: 
+  - "/server/intent/send"
+  verbs: ["*"]  

apps/.olares/config/user/helm-charts/system-apps/templates/vault-provider.yaml

@@ -0,0 +1,88 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:vault-frontend-svc
+  annotations:
+    provider-registry-ref: user-space-{{ .Values.bfl.username }}/vault
+    provider-service-ref: vault-server.os-framework:3010
+rules:
+- nonResourceURLs: ["/vault*"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:vault-frontend-domain-settings
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/settings
+    provider-service-ref: vault-server.os-framework:3010
+rules:
+- nonResourceURLs: ["/vault*"]
+  verbs: ["*"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:vault-frontend-domain
+  annotations:
+    provider-registry-ref: {{ .Values.bfl.username }}/vault
+    provider-service-ref: vault-server.os-framework:3000
+rules:
+- nonResourceURLs: ["/server*"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:vault-frontend-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:vault-frontend-svc
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:vault-frontend-domain-settings
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:vault-frontend-domain-settings
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:vault-frontend-domain
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:vault-frontend-domain
+subjects:
+- kind: User
+  name: '{{ .Values.bfl.username }}'
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: vault
+  namespace: user-space-{{ .Values.bfl.username }}
+spec:
+  type: ExternalName
+  externalName: system-server.user-system-{{ .Values.bfl.username }}.svc.cluster.local
+  ports:
+    - protocol: TCP
+      port: 28080
+      targetPort: 28080

apps/.olares/config/user/helm-charts/system-apps/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   nodeport: 30883
   nodeport_ingress_http: 30083
@@ -18,10 +17,10 @@ docs:
 desktop:
   nodeport: 30180
 os:
-  portfolio:
+  profile:
     appKey: '${ks[0]}'
     appSecret: test
-  vault:
+  studio:
     appKey: '${ks[0]}'
     appSecret: test
   desktop:
@@ -39,11 +38,9 @@ os:
   search2:
     appKey: '${ks[0]}'
     appSecret: test
-  agent:
+  settings:
     appKey: '${ks[0]}'
     appSecret: test
-  files:
+  dashboard:
     appKey: '${ks[0]}'
     appSecret: test
-kubesphere:
-  redis_password: ""

apps/.olares/config/user/helm-charts/wizard/templates/wizard_deploy.yaml

@@ -0,0 +1,62 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wizard
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: wizard
+    applications.app.bytetrade.io/author: bytetrade.io
+  annotations:
+    applications.app.bytetrade.io/version: '0.0.1'
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wizard
+  template:
+    metadata:
+      labels:
+        app: wizard
+    spec:
+      initContainers:
+      - args:
+        - -it
+        - authelia-backend.user-system-{{ .Values.bfl.username }}:9091
+        image: owncloudci/wait-for:latest
+        imagePullPolicy: IfNotPresent
+        name: check-auth
+
+      containers:
+      - name: wizard
+        image: beclab/wizard:v1.5.11
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 80
+        env:
+          - name: apiServerURL
+            value: http://bfl.{{ .Release.Namespace }}:8080
+      volumes:
+      - name: userspace-dir
+        hostPath:
+          type: Directory
+          path: "{{ .Values.userspace.userData }}"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wizard
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: NodePort
+  selector:
+    app: wizard
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+      {{ if and .Values.desktop .Values.desktop.nodeport }}
+      nodePort: {{ .Values.desktop.nodeport }}
+      {{ end }}
+

apps/.olares/config/user/helm-charts/wizard/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   username: 'test'
   url: 'test'
@@ -35,5 +34,3 @@ os:
   appstore:
     appKey: '${ks[0]}'
     appSecret: test
-kubesphere:
-  redis_password: ""

apps/README.md

@@ -0,0 +1,20 @@
+# Olares Apps
+
+## Overview
+
+This directory contains the code for system applications, primarily for LarePass. The following are the pre-installed system applications that offer tools for managing files, knowledge, passwords, and the system itself.
+
+## System Applications Overview
+
+| Application | Description |
+| --- | --- |
+| Files | A file management app that manages and synchronizes files across devices and sources, enabling seamless sharing and access. |
+| Wise | A local-first and AI-native modern reader that helps to collect, read, and manage information from various platforms. Users can run self-hosted recommendation algorithms to filter and sort online content. |
+| Vault | A secure password manager for storing and managing sensitive information across devices. |
+| Market | A decentralized and permissionless app store for installing, uninstalling, and updating applications and recommendation algorithms. |
+| Desktop | A hub for managing and interacting with installed applications. File and application searching are also supported. |
+| Profile | An app to customize the user's profile page. |
+| Settings | A system configuration application. |
+| Dashboard | An app for monitoring system resource usage. |
+| Control Hub | The console for Olares, providing precise and autonomous control over the system and its environment. |
+| DevBox | A development tool for building and deploying Olares applications. |

apps/analytic/README.md

@@ -1,3 +0,0 @@
-# analytics
-
-https://github.com/beclab/analytic

apps/analytic/config/cluster/deploy/analytic_deploy.yaml

@@ -1,145 +0,0 @@
-
-
-
-{{ $anayltic2_rootpath := "/terminus/rootfs/anayltic2" }}
-{{- $namespace := printf "%s" "os-system" -}}
-{{- $anayltic2_secret := (lookup "v1" "Secret" $namespace "anayltic2-secrets") -}}
-{{- $pg_password := "" -}}
-{{ if $anayltic2_secret -}}
-{{ $pg_password = (index $anayltic2_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: anayltic2-secrets
-  namespace: os-system
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: anayltic2-pg
-  namespace: os-system
-spec:
-  app: anayltic2
-  appNamespace: os-system
-  middleware: postgres
-  postgreSQL:
-    user: anayltic2_os_system
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: anayltic2-secrets
-    databases:
-      - name: anayltic2
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: anayltic2-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: anayltic2-server
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: anayltic2-server
-  template:
-    metadata:
-      labels:
-        app: anayltic2-server
-    spec:
-      initContainers:
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-0.citus-headless.os-system
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: anayltic2_os_system
-          - name: PGPASSWORD
-            value: {{ $pg_password | b64dec }}
-          - name: PGDB
-            value: os_system_anayltic2
-      containers:
-      - name: anayltic2-server
-        image: beclab/analytic-api:v0.0.3
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 3010
-        env:
-        - name: PL_DATA_BACKEND
-          value: postgres
-        - name: PL_DATA_POSTGRES_HOST
-          value: citus-0.citus-headless.os-system
-        - name: PL_DATA_POSTGRES_PORT
-          value: "5432"
-        - name: PL_DATA_POSTGRES_DATABASE
-          value: os_system_anayltic2
-        - name: PL_DATA_POSTGRES_USER
-          value: anayltic2_os_system
-        - name: PL_DATA_POSTGRES_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: DATABASE_URL
-          value: postgres://$(PL_DATA_POSTGRES_USER):$(PL_DATA_POSTGRES_PASSWORD)@$(PL_DATA_POSTGRES_HOST)/$(PL_DATA_POSTGRES_DATABASE)?sslmode=disable
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: anayltic2-server
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: anayltic2-server
-  ports:
-    - name: server
-      protocol: TCP
-      port: 3010
-      targetPort: 3010
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: SysEventRegistry
-metadata:
-  name: anayltic2-user-create-cb
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: subscriber
-  event: user.create
-  callback: http://anayltic2-server.{{ .Release.Namespace }}:3010/callback/create
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: SysEventRegistry
-metadata:
-  name: anayltic2-user-delete-cb
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: subscriber
-  event: user.delete
-  callback: http://anayltic2-server.{{ .Release.Namespace }}:3010/callback/delete
-
-
-

apps/argo/README.md

@@ -1,2 +0,0 @@
-# RSS Recommend
-

apps/argo/config/cluster/crds/argoproj.io_clusterworkflowtemplates.yaml

@@ -1,38 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterworkflowtemplates.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: ClusterWorkflowTemplate
-    listKind: ClusterWorkflowTemplateList
-    plural: clusterworkflowtemplates
-    shortNames:
-    - clusterwftmpl
-    - cwft
-    singular: clusterworkflowtemplate
-  scope: Cluster
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

apps/argo/config/cluster/crds/argoproj.io_cronworkflows.yaml

@@ -1,42 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: cronworkflows.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: CronWorkflow
-    listKind: CronWorkflowList
-    plural: cronworkflows
-    shortNames:
-    - cwf
-    - cronwf
-    singular: cronworkflow
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

apps/argo/config/cluster/crds/argoproj.io_workflowartifactgctasks.yaml

@@ -1,43 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowartifactgctasks.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowArtifactGCTask
-    listKind: WorkflowArtifactGCTaskList
-    plural: workflowartifactgctasks
-    shortNames:
-      - wfat
-    singular: workflowartifactgctask
-  scope: Namespaced
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          properties:
-            apiVersion:
-              type: string
-            kind:
-              type: string
-            metadata:
-              type: object
-            spec:
-              type: object
-              x-kubernetes-map-type: atomic
-              x-kubernetes-preserve-unknown-fields: true
-            status:
-              type: object
-              x-kubernetes-map-type: atomic
-              x-kubernetes-preserve-unknown-fields: true
-          required:
-            - metadata
-            - spec
-          type: object
-      served: true
-      storage: true
-      subresources:
-        status: {}

apps/argo/config/cluster/crds/argoproj.io_workfloweventbindings.yaml

@@ -1,37 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workfloweventbindings.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowEventBinding
-    listKind: WorkflowEventBindingList
-    plural: workfloweventbindings
-    shortNames:
-    - wfeb
-    singular: workfloweventbinding
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

apps/argo/config/cluster/crds/argoproj.io_workflows.yaml

@@ -1,57 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflows.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: Workflow
-    listKind: WorkflowList
-    plural: workflows
-    shortNames:
-    - wf
-    singular: workflow
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Status of the workflow
-      jsonPath: .status.phase
-      name: Status
-      type: string
-    - description: When the workflow was started
-      format: date-time
-      jsonPath: .status.startedAt
-      name: Age
-      type: date
-    - description: Human readable message indicating details about why the workflow
-        is in this condition.
-      jsonPath: .status.message
-      name: Message
-      type: string
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources: {}

apps/argo/config/cluster/crds/argoproj.io_workflowtaskresults.yaml

@@ -1,599 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtaskresults.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowTaskResult
-    listKind: WorkflowTaskResultList
-    plural: workflowtaskresults
-    singular: workflowtaskresult
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          message:
-            type: string
-          metadata:
-            type: object
-          outputs:
-            properties:
-              artifacts:
-                items:
-                  properties:
-                    archive:
-                      properties:
-                        none:
-                          type: object
-                        tar:
-                          properties:
-                            compressionLevel:
-                              format: int32
-                              type: integer
-                          type: object
-                        zip:
-                          type: object
-                      type: object
-                    archiveLogs:
-                      type: boolean
-                    artifactGC:
-                      properties:
-                        podMetadata:
-                          properties:
-                            annotations:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            labels:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        serviceAccountName:
-                          type: string
-                        strategy:
-                          enum:
-                          - ""
-                          - OnWorkflowCompletion
-                          - OnWorkflowDeletion
-                          - Never
-                          type: string
-                      type: object
-                    artifactory:
-                      properties:
-                        passwordSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        url:
-                          type: string
-                        usernameSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                      required:
-                      - url
-                      type: object
-                    azure:
-                      properties:
-                        accountKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        blob:
-                          type: string
-                        container:
-                          type: string
-                        endpoint:
-                          type: string
-                        useSDKCreds:
-                          type: boolean
-                      required:
-                      - blob
-                      - container
-                      - endpoint
-                      type: object
-                    deleted:
-                      type: boolean
-                    from:
-                      type: string
-                    fromExpression:
-                      type: string
-                    gcs:
-                      properties:
-                        bucket:
-                          type: string
-                        key:
-                          type: string
-                        serviceAccountKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                      required:
-                      - key
-                      type: object
-                    git:
-                      properties:
-                        branch:
-                          type: string
-                        depth:
-                          format: int64
-                          type: integer
-                        disableSubmodules:
-                          type: boolean
-                        fetch:
-                          items:
-                            type: string
-                          type: array
-                        insecureIgnoreHostKey:
-                          type: boolean
-                        passwordSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        repo:
-                          type: string
-                        revision:
-                          type: string
-                        singleBranch:
-                          type: boolean
-                        sshPrivateKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        usernameSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                      required:
-                      - repo
-                      type: object
-                    globalName:
-                      type: string
-                    hdfs:
-                      properties:
-                        addresses:
-                          items:
-                            type: string
-                          type: array
-                        force:
-                          type: boolean
-                        hdfsUser:
-                          type: string
-                        krbCCacheSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        krbConfigConfigMap:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        krbKeytabSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        krbRealm:
-                          type: string
-                        krbServicePrincipalName:
-                          type: string
-                        krbUsername:
-                          type: string
-                        path:
-                          type: string
-                      required:
-                      - path
-                      type: object
-                    http:
-                      properties:
-                        auth:
-                          properties:
-                            basicAuth:
-                              properties:
-                                passwordSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                usernameSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                              type: object
-                            clientCert:
-                              properties:
-                                clientCertSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                clientKeySecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                              type: object
-                            oauth2:
-                              properties:
-                                clientIDSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                clientSecretSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                endpointParams:
-                                  items:
-                                    properties:
-                                      key:
-                                        type: string
-                                      value:
-                                        type: string
-                                    required:
-                                    - key
-                                    type: object
-                                  type: array
-                                scopes:
-                                  items:
-                                    type: string
-                                  type: array
-                                tokenURLSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                              type: object
-                          type: object
-                        headers:
-                          items:
-                            properties:
-                              name:
-                                type: string
-                              value:
-                                type: string
-                            required:
-                            - name
-                            - value
-                            type: object
-                          type: array
-                        url:
-                          type: string
-                      required:
-                      - url
-                      type: object
-                    mode:
-                      format: int32
-                      type: integer
-                    name:
-                      type: string
-                    optional:
-                      type: boolean
-                    oss:
-                      properties:
-                        accessKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        bucket:
-                          type: string
-                        createBucketIfNotPresent:
-                          type: boolean
-                        endpoint:
-                          type: string
-                        key:
-                          type: string
-                        lifecycleRule:
-                          properties:
-                            markDeletionAfterDays:
-                              format: int32
-                              type: integer
-                            markInfrequentAccessAfterDays:
-                              format: int32
-                              type: integer
-                          type: object
-                        secretKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        securityToken:
-                          type: string
-                        useSDKCreds:
-                          type: boolean
-                      required:
-                      - key
-                      type: object
-                    path:
-                      type: string
-                    raw:
-                      properties:
-                        data:
-                          type: string
-                      required:
-                      - data
-                      type: object
-                    recurseMode:
-                      type: boolean
-                    s3:
-                      properties:
-                        accessKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        bucket:
-                          type: string
-                        caSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        createBucketIfNotPresent:
-                          properties:
-                            objectLocking:
-                              type: boolean
-                          type: object
-                        encryptionOptions:
-                          properties:
-                            enableEncryption:
-                              type: boolean
-                            kmsEncryptionContext:
-                              type: string
-                            kmsKeyId:
-                              type: string
-                            serverSideCustomerKeySecret:
-                              properties:
-                                key:
-                                  type: string
-                                name:
-                                  type: string
-                                optional:
-                                  type: boolean
-                              required:
-                              - key
-                              type: object
-                          type: object
-                        endpoint:
-                          type: string
-                        insecure:
-                          type: boolean
-                        key:
-                          type: string
-                        region:
-                          type: string
-                        roleARN:
-                          type: string
-                        secretKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        useSDKCreds:
-                          type: boolean
-                      type: object
-                    subPath:
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
-              exitCode:
-                type: string
-              parameters:
-                items:
-                  properties:
-                    default:
-                      type: string
-                    description:
-                      type: string
-                    enum:
-                      items:
-                        type: string
-                      type: array
-                    globalName:
-                      type: string
-                    name:
-                      type: string
-                    value:
-                      type: string
-                    valueFrom:
-                      properties:
-                        configMapKeyRef:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        default:
-                          type: string
-                        event:
-                          type: string
-                        expression:
-                          type: string
-                        jqFilter:
-                          type: string
-                        jsonPath:
-                          type: string
-                        parameter:
-                          type: string
-                        path:
-                          type: string
-                        supplied:
-                          type: object
-                      type: object
-                  required:
-                  - name
-                  type: object
-                type: array
-              result:
-                type: string
-            type: object
-          phase:
-            type: string
-          progress:
-            type: string
-        required:
-        - metadata
-        type: object
-    served: true
-    storage: true

apps/argo/config/cluster/crds/argoproj.io_workflowtasksets.yaml

@@ -1,43 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtasksets.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowTaskSet
-    listKind: WorkflowTaskSetList
-    plural: workflowtasksets
-    shortNames:
-    - wfts
-    singular: workflowtaskset
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}

apps/argo/config/cluster/crds/argoproj.io_workflowtemplates.yaml

@@ -1,37 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtemplates.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowTemplate
-    listKind: WorkflowTemplateList
-    plural: workflowtemplates
-    shortNames:
-    - wftmpl
-    singular: workflowtemplate
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

apps/argo/config/cluster/deploy/server-cluster-roles.yaml

@@ -1,94 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflows
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - events
-  verbs:
-  - get
-  - watch
-  - list
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
-  - list
-  - watch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - pods/log
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - watch
-  - create
-  - patch
-- apiGroups:
-    - argoproj.io
-  resources:
-    - eventsources
-    - sensors
-    - workflows
-    - workfloweventbindings
-    - workflowtemplates
-    - cronworkflows
-  verbs:
-    - create
-    - get
-    - list
-    - watch
-    - update
-    - patch
-    - delete
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflows-cluster-template
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - clusterworkflowtemplates
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete

apps/argo/config/cluster/deploy/workflow-aggregate-roles.yaml

@@ -1,105 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-view
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: workflow-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workfloweventbindings
-  - workfloweventbindings/finalizers
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  - cronworkflows
-  - cronworkflows/finalizers
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-edit
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workfloweventbindings
-  - workfloweventbindings/finalizers
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  - cronworkflows
-  - cronworkflows/finalizers
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - create
-  - delete
-  - deletecollection
-  - get
-  - list
-  - patch
-  - update
-  - watch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-admin
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workfloweventbindings
-  - workfloweventbindings/finalizers
-  - workflowtasksets
-  - workflowtasksets/finalizers
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  - cronworkflows
-  - cronworkflows/finalizers
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - create
-  - delete
-  - deletecollection
-  - get
-  - list
-  - patch
-  - update
-  - watch

apps/argo/config/cluster/deploy/workflow-controller-cluster-roles.yaml

@@ -1,178 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-workflow-controller
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: workflow-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - pods/exec
-  verbs:
-  - create
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - persistentvolumeclaims
-  - persistentvolumeclaims/finalizers
-  verbs:
-  - create
-  - update
-  - delete
-  - get
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workflowtasksets
-  - workflowtasksets/finalizers
-  - workflowartifactgctasks
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-  - create
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflowtaskresults
-  - workflowtaskresults/finalizers
-  verbs:
-  - list
-  - watch
-  - deletecollection
-- apiGroups:
-  - argoproj.io
-  resources:
-  - cronworkflows
-  - cronworkflows/finalizers
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - "policy"
-  resources:
-  - poddisruptionbudgets
-  verbs:
-  - create
-  - get
-  - delete
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  resourceNames:
-  - workflow-controller
-  - workflow-controller-lease
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  resourceNames:
-  - rss-secrets
-  - argo-workflows-agent-ca-certificates
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-workflow-controller-cluster-template
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: workflow-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - get
-  - list
-  - watch

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/Chart.yaml

@@ -1,39 +0,0 @@
-apiVersion: v2
-name: argoworkflows
-description: A Helm chart for Argo Workflows
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.35.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "v3.5.0"
-
-icon: https://argoproj.github.io/argo-workflows/assets/logo.png
-home: https://github.com/argoproj/argo-helm
-sources:
-  - https://github.com/argoproj/argo-workflows
-maintainers:
-  - name: argoproj
-    url: https://argoproj.github.io/
-annotations:
-  artifacthub.io/signKey: |
-    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
-    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
-  artifacthub.io/changes: |
-    - kind: changed
-      description: Upgrade to Argo Workflows v3.4.10

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/NOTES.txt

@@ -1,7 +0,0 @@
-1. Get Argo Server external IP/domain by running:
-
-kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }}
-
-2. Submit the hello-world workflow by running:
-
-argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/_helpers.tpl

@@ -1,189 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{/*
-Create argo workflows server name and version as used by the chart label.
-*/}}
-{{- define "argo-workflows.server.fullname-bak" -}}
-{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "argo-workflows.server.fullname" -}}
-argoworkflows
-{{- end -}}
-
-{{/*
-Create controller name and version as used by the chart label.
-*/}}
-{{- define "argo-workflows.controller.fullname" -}}
-{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "argo-workflows.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-*/}}
-{{/*{{- define "argo-workflows.fullname" -}}*/}}
-{{/*{{- if .Values.fullnameOverride -}}*/}}
-{{/*{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}*/}}
-{{/*{{- else -}}*/}}
-{{/*{{- $name := default .Chart.Name .Values.nameOverride -}}*/}}
-{{/*{{- if contains $name .Release.Name -}}*/}}
-{{/*{{- .Release.Name | trunc 63 | trimSuffix "-" -}}*/}}
-{{/*{{- else -}}*/}}
-{{/*{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}*/}}
-{{/*{{- end -}}*/}}
-{{/*{{- end -}}*/}}
-{{/*{{- end -}}*/}}
-
-{{- define "argo-workflows.fullname" -}}
-argoworkflow
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "argo-workflows.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create kubernetes friendly chart version label for the controller.
-Examples:
-image.tag = v3.4.4
-output    = v3.4.4
-
-image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696
-output    = v3.4.4
-*/}}
-{{- define "argo-workflows.controller_chart_version_label" -}}
-{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag) "") "" | trunc 63 | quote -}}
-{{- end -}}
-
-{{/*
-Create kubernetes friendly chart version label for the server.
-Examples:
-image.tag = v3.4.4
-output    = v3.4.4
-
-image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696
-output    = v3.4.4
-*/}}
-{{- define "argo-workflows.server_chart_version_label" -}}
-{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.server.image.tag) "") "" | trunc 63 | quote -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "argo-workflows.labels" -}}
-helm.sh/chart: {{ include "argo-workflows.chart" .context }}
-{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
-app.kubernetes.io/managed-by: {{ .context.Release.Service }}
-app.kubernetes.io/part-of: argo-workflows
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "argo-workflows.selectorLabels" -}}
-{{- if .name -}}
-app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }}
-{{ end -}}
-app.kubernetes.io/instance: {{ .context.Release.Name }}
-{{- if .component }}
-app.kubernetes.io/component: {{ .component }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create the name of the server service account to use
-*/}}
-{{- define "argo-workflows.serverServiceAccountName" -}}
-{{- if .Values.server.serviceAccount.create -}}
-    {{ default (include "argo-workflows.server.fullname" .) .Values.server.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.server.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the controller service account to use
-*/}}
-{{- define "argo-workflows.controllerServiceAccountName" -}}
-{{- if .Values.controller.serviceAccount.create -}}
-    {{ default (include "argo-workflows.controller.fullname" .) .Values.controller.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.controller.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for ingress
-*/}}
-{{- define "argo-workflows.ingress.apiVersion" -}}
-{{- if semverCompare "<1.14-0" (include "argo-workflows.kubeVersion" $) -}}
-{{- print "extensions/v1beta1" -}}
-{{- else if semverCompare "<1.19-0" (include "argo-workflows.kubeVersion" $) -}}
-{{- print "networking.k8s.io/v1beta1" -}}
-{{- else -}}
-{{- print "networking.k8s.io/v1" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the target Kubernetes version
-*/}}
-{{- define "argo-workflows.kubeVersion" -}}
-  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
-{{- end -}}
-
-{{/*
-Return the default Argo Workflows app version
-*/}}
-{{- define "argo-workflows.defaultTag" -}}
-  {{- default .Chart.AppVersion .Values.images.tag }}
-{{- end -}}
-
-{{/*
-Return full image name including or excluding registry based on existence
-*/}}
-{{- define "argo-workflows.image" -}}
-{{- if and .image.registry .image.repository -}}
-  {{ .image.registry }}/{{ .image.repository }}
-{{- else -}}
-  {{ .image.repository }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for autoscaling
-*/}}
-{{- define "argo-workflows.apiVersion.autoscaling" -}}
-{{- if .Values.apiVersionOverrides.autoscaling -}}
-{{- print .Values.apiVersionOverrides.autoscaling -}}
-{{- else if semverCompare "<1.23-0" (include "argo-workflows.kubeVersion" .) -}}
-{{- print "autoscaling/v2beta1" -}}
-{{- else -}}
-{{- print "autoscaling/v2" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for GKE resources
-*/}}
-{{- define "argo-workflows.apiVersions.cloudgoogle" -}}
-{{- if .Values.apiVersionOverrides.cloudgoogle -}}
-{{- print .Values.apiVersionOverrides.cloudgoogle -}}
-{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
-{{- print "cloud.google.com/v1" -}}
-{{- else -}}
-{{- print "cloud.google.com/v1beta1" -}}
-{{- end -}}
-{{- end -}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-config-map.yaml

@@ -1,208 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}-configmap
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
-data:
-  config: |
-    {{- if .Values.controller.instanceID.enabled }}
-      {{- if .Values.controller.instanceID.useReleaseName }}
-    instanceID: {{ .Release.Namespace }}
-      {{- else }}
-    instanceID: {{ .Values.controller.instanceID.explicitID }}
-      {{- end }}
-    {{- end }}
-    {{- if .Values.controller.parallelism }}
-    parallelism: {{ .Values.controller.parallelism }}
-    {{- end }}
-    {{- if .Values.controller.resourceRateLimit }}
-    resourceRateLimit: {{ toYaml .Values.controller.resourceRateLimit | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.namespaceParallelism }}
-    namespaceParallelism: {{ . }}
-    {{- end }}
-    {{- with .Values.controller.initialDelay }}
-    initialDelay: {{ . }}
-    {{- end }}
-    {{- if or .Values.mainContainer.resources .Values.mainContainer.env .Values.mainContainer.envFrom .Values.mainContainer.securityContext}}
-    mainContainer:
-      imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.mainContainer.imagePullPolicy }}
-      {{- with .Values.mainContainer.resources }}
-      resources: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.mainContainer.env }}
-      env: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.mainContainer.envFrom }}
-      envFrom: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.mainContainer.securityContext }}
-      securityContext: {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- end }}
-    {{- if or .Values.executor.resources .Values.executor.env .Values.executor.args .Values.executor.securityContext}}
-    executor:
-      imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.executor.image.pullPolicy }}
-      {{- with .Values.executor.resources }}
-      resources: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.executor.args }}
-      args: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.executor.env }}
-      env: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.executor.securityContext }}
-      securityContext: {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- end }}
-    {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }}
-    artifactRepository:
-      {{- if .Values.artifactRepository.archiveLogs }}
-      archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
-      {{- end }}
-      {{- with .Values.artifactRepository.gcs }}
-      gcs: {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      {{- with .Values.artifactRepository.azure }}
-      azure: {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      {{- if .Values.artifactRepository.s3 }}
-      s3:
-        {{- if .Values.useStaticCredentials }}
-        accessKeySecret:
-          key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }}
-          name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }}
-        secretKeySecret:
-          key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }}
-          name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }}
-        {{- end }}
-        bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
-        endpoint: workflow-archivelog-s3.user-system-{{ .Values.global.bfl.username }}:4568
-        insecure: {{ .Values.artifactRepository.s3.insecure }}
-        {{- if .Values.artifactRepository.s3.keyFormat }}
-        keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}
-        {{- end }}
-        {{- if .Values.artifactRepository.s3.region }}
-        region: {{ tpl .Values.artifactRepository.s3.region $ }}
-        {{- end }}
-        {{- if .Values.artifactRepository.s3.roleARN }}
-        roleARN: {{ .Values.artifactRepository.s3.roleARN }}
-        {{- end }}
-        {{- if .Values.artifactRepository.s3.useSDKCreds }}
-        useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }}
-        {{- end }}
-        {{- with .Values.artifactRepository.s3.encryptionOptions }}
-        encryptionOptions:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-      {{- end }}
-      {{- if .Values.customArtifactRepository }}
-      {{- toYaml .Values.customArtifactRepository | nindent 6 }}
-      {{- end }}
-    {{- end }}
-    {{- if .Values.controller.metricsConfig.enabled }}
-    metricsConfig:
-      enabled: {{ .Values.controller.metricsConfig.enabled }}
-      path: {{ .Values.controller.metricsConfig.path }}
-      port: {{ .Values.controller.metricsConfig.port }}
-      {{- if .Values.controller.metricsConfig.metricsTTL }}
-      metricsTTL: {{ .Values.controller.metricsConfig.metricsTTL }}
-      {{- end }}
-      ignoreErrors: {{ .Values.controller.metricsConfig.ignoreErrors }}
-      secure: {{ .Values.controller.metricsConfig.secure }}
-    {{- end }}
-    {{- if .Values.controller.telemetryConfig.enabled }}
-    telemetryConfig:
-      enabled: {{ .Values.controller.telemetryConfig.enabled }}
-      path: {{ .Values.controller.telemetryConfig.path }}
-      port: {{ .Values.controller.telemetryConfig.port }}
-      {{- if .Values.controller.telemetryConfig.metricsTTL }}
-      metricsTTL: {{ .Values.controller.telemetryConfig.metricsTTL }}
-      {{- end }}
-      ignoreErrors: {{ .Values.controller.telemetryConfig.ignoreErrors }}
-      secure: {{ .Values.controller.telemetryConfig.secure }}
-    {{- end }}
-    persistence:
-      connectionPool:
-        maxIdleConns: 5
-        maxOpenConns: 0
-      archive: true
-      archiveTTL: 5d
-      postgresql:
-        host: citus-master-svc.user-system-{{ .Values.global.bfl.username }}
-        port: 5432
-        database: user_space_{{ .Values.global.bfl.username }}_argo
-        tableName: argo_workflows
-        userNameSecret:
-          name: rss-secrets
-          key: pg_user
-        passwordSecret:
-          name: rss-secrets
-          key: pg_password
-
-    {{- if .Values.controller.workflowDefaults }}
-    workflowDefaults:
-{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }}
-    {{- if .Values.server.sso.enabled }}
-    sso:
-      issuer: {{ .Values.server.sso.issuer }}
-      clientId:
-        name: {{ .Values.server.sso.clientId.name }}
-        key: {{ .Values.server.sso.clientId.key }}
-      clientSecret:
-        name: {{ .Values.server.sso.clientSecret.name }}
-        key: {{ .Values.server.sso.clientSecret.key }}
-      redirectUrl: {{ .Values.server.sso.redirectUrl }}
-      rbac:
-        enabled: {{ .Values.server.sso.rbac.enabled }}
-      {{- with .Values.server.sso.scopes }}
-      scopes: {{ toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.sso.issuerAlias }}
-      issuerAlias: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.sessionExpiry }}
-      sessionExpiry: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.customGroupClaimName }}
-      customGroupClaimName: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.userInfoPath }}
-      userInfoPath: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.insecureSkipVerify }}
-      insecureSkipVerify: {{ toYaml . }}
-      {{- end }}
-    {{- end }}
-    {{- with .Values.controller.workflowRestrictions }}
-    workflowRestrictions: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.links }}
-    links: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.columns }}
-    columns: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.navColor }}
-    navColor: {{ . }}
-    {{- end }}
-    {{- with .Values.controller.retentionPolicy }}
-    retentionPolicy: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.emissary.images }}
-    images: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    nodeEvents:
-      enabled: {{ .Values.controller.nodeEvents.enabled }}
-    {{- with .Values.controller.kubeConfig }}
-    kubeConfig: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.podGCGracePeriodSeconds }}
-    podGCGracePeriodSeconds: {{ . }}
-    {{- end }}
-    {{- with .Values.controller.podGCDeleteDelayDuration }}
-    podGCDeleteDelayDuration: {{ . }}
-    {{- end }}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-crb.yaml

@@ -1,45 +0,0 @@
-{{- if .Values.controller.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if .Values.singleNamespace }}
-kind: RoleBinding
-{{ else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.controller.fullname" . }}
-  {{- if .Values.singleNamespace }}
-  namespace: {{ .Release.Namespace | quote }}
-  {{- end }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if .Values.singleNamespace }}
-  kind: Role
-  {{ else }}
-  kind: ClusterRole
-  {{- end }}
-  name: {{ template "argo-workflows.controller.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
-
-{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.controller.fullname" . }}-cluster-template
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
-{{- end }}
-{{- end }}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-deployment.yaml

@@ -1,129 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
-  {{- with .Values.controller.deploymentAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  replicas: {{ .Values.controller.replicas }}
-  selector:
-    matchLabels:
-      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
-        {{- with.Values.controller.podLabels }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.controller.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    spec:
-      serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }}
-      {{- with .Values.controller.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.extraInitContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: controller
-          image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}"
-          imagePullPolicy: {{ .Values.images.pullPolicy }}
-          command: [ "workflow-controller" ]
-          args:
-          - "--configmap"
-          - "{{ template "argo-workflows.controller.fullname" . }}-configmap"
-          - "--executor-image"
-          - "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}"
-          - "--loglevel"
-          - "{{ .Values.controller.logging.level }}"
-          - "--gloglevel"
-          - "{{ .Values.controller.logging.globallevel }}"
-          - "--log-format"
-          - "{{ .Values.controller.logging.format }}"
-          {{- if .Values.singleNamespace }}
-          - "--namespaced"
-          {{- end }}
-          {{- with .Values.controller.workflowWorkers }}
-          - "--workflow-workers"
-          - {{ . | quote }}
-          {{- end }}
-          {{- with .Values.controller.extraArgs }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          securityContext:
-            {{- toYaml .Values.controller.securityContext | nindent 12 }}
-          env:
-            - name: ARGO_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: LEADER_ELECTION_IDENTITY
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.name
-          {{- with .Values.controller.extraEnv }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.controller.resources | nindent 12 }}
-          {{- with .Values.controller.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          ports:
-            - name: {{ .Values.controller.metricsConfig.portName }}
-              containerPort: {{ .Values.controller.metricsConfig.port }}
-            - containerPort: 6060
-          livenessProbe: {{ .Values.controller.livenessProbe | toYaml | nindent 12 }}
-        {{- with .Values.controller.extraContainers }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.images.pullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.volumes }}
-      volumes:
-        {{- toYaml . | nindent 6 }}
-      {{- end }}
-      {{- with .Values.controller.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-      - {{ toYaml $constraint | nindent 8 | trim }}
-        {{- if not $constraint.labelSelector }}
-        labelSelector:
-          matchLabels:
-            {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
-        {{- end }}
-        {{- end }}
-      {{- end }}
-      {{- with .Values.controller.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-sa.yaml

@@ -1,16 +0,0 @@
-{{- if .Values.controller.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-  {{- with .Values.controller.serviceAccount.labels  }}
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{ with .Values.controller.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml .| nindent 4 }}
-  {{- end }}
-{{- end }}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-secrets.yaml

@@ -1,41 +0,0 @@
-
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: argo-workflow-log-fakes3
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-stringData:
-  AWS_ACCESS_KEY_ID: S3RVER
-  AWS_SECRET_ACCESS_KEY: S3RVER
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: workflow-role
-  namespace: {{ .Release.Namespace }}
-rules:
-- apiGroups:
-  - "*"
-  resources:
-  - pods
-  verbs:
-  - patch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: workflow-rolebinding
-  namespace: {{ .Release.Namespace }}
-subjects:
-  - kind: ServiceAccount
-    namespace: {{ .Release.Namespace }}
-    name: default
-roleRef:
-  kind: Role
-  name: workflow-role
-  apiGroup: rbac.authorization.k8s.io

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-rb.yaml

@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "argo-workflows.fullname" $ }}-workflow
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
-  namespace: {{ $.Release.Namespace}}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "argo-workflows.fullname" $ }}-workflow
-subjects:
-  - kind: ServiceAccount
-    name: {{ $.Values.workflow.serviceAccount.name }}
-    namespace: {{ $.Release.Namespace}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-role.yaml

@@ -1,51 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "argo-workflows.fullname" $ }}-workflow
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
-  namespace: {{ $.Release.Namespace}}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-    verbs:
-      - get
-      - watch
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/log
-    verbs:
-      - get
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/exec
-    verbs:
-      - create
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - workflowtaskresults
-    verbs:
-      - create
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - workflowtasksets
-      - workflowartifactgctasks
-    verbs:
-      - list
-      - watch
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - workflowtasksets/status
-      - workflowartifactgctasks/status
-    verbs:
-      - patch
-

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/extra-manifests.yaml

@@ -1,8 +0,0 @@
-{{ range .Values.extraObjects }}
----
-{{- if typeIs "string" . }}
-    {{- tpl . $ }}
-{{- else }}
-    {{- tpl (toYaml .) $ }}
-{{- end }}
-{{ end }}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-crb.yaml

@@ -1,45 +0,0 @@
-{{- if and .Values.server.enabled .Values.server.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if .Values.singleNamespace }}
-kind: RoleBinding
-{{ else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.server.fullname" . }}
-  {{- if .Values.singleNamespace }}
-  namespace: {{ .Release.Namespace | quote }}
-  {{- end }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if .Values.singleNamespace }}
-  kind: Role
-  {{ else }}
-  kind: ClusterRole
-  {{- end }}
-  name: {{ template "argo-workflows.server.fullname" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-
-{{- if .Values.server.clusterWorkflowTemplates.enabled }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.server.fullname" . }}-cluster-template
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
-subjects:
-- kind: ServiceAccount
-  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-{{- end -}}
-{{- end -}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-deployment.yaml

@@ -1,169 +0,0 @@
-{{- if .Values.server.enabled -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app: argoworkflows
-    app.kubernetes.io/managed-by: Helm
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
-  {{- with .Values.server.deploymentAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-    applications.app.bytetrade.io/icon: https://argoproj.github.io/argo-workflows/assets/logo.png
-    applications.app.bytetrade.io/title: argoworkflows
-    applications.app.bytetrade.io/version: '0.35.0'
-  {{- end }}
-spec:
-  {{- if not .Values.server.autoscaling.enabled }}
-  replicas: {{ .Values.server.replicas }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
-      app: argoworkflows
-  template:
-    metadata:
-      labels:
-        app: argoworkflows
-        {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
-        {{- with .Values.server.podLabels }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.server.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    spec:
-      serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }}
-      {{- with .Values.server.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.extraInitContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: argo-server
-          image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.server.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}"
-          imagePullPolicy: {{ .Values.images.pullPolicy }}
-          securityContext:
-            {{- toYaml .Values.server.securityContext | nindent 12 }}
-          args:
-            - server
-            - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap
-          {{- with .Values.server.extraArgs }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- if .Values.server.authMode }}
-            - "--auth-mode={{ .Values.server.authMode }}"
-          {{- end }}
-            - "--secure={{ .Values.server.secure }}"
-            - "--x-frame-options="
-          {{- if .Values.singleNamespace }}
-            - "--namespaced"
-          {{- end }}
-            - "--loglevel"
-            - "{{ .Values.server.logging.level }}"
-            - "--gloglevel"
-            - "{{ .Values.server.logging.globallevel }}"
-            - "--log-format"
-            - "{{ .Values.server.logging.format }}"
-          ports:
-            - name: web
-              containerPort: 2746
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 2746
-              {{- if .Values.server.secure }}
-              scheme: HTTPS
-              {{- else }}
-              scheme: HTTP
-              {{- end }}
-            initialDelaySeconds: 10
-            periodSeconds: 20
-          env:
-            - name: IN_CLUSTER
-              value: "true"
-            - name: ARGO_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: BASE_HREF
-              value: {{ .Values.server.baseHref | quote }}
-          {{- with .Values.server.extraEnv }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.server.resources | nindent 12 }}
-          volumeMounts:
-            - name: tmp
-              mountPath: /tmp
-        - name: addflowtask
-          image: "beclab/recommend-argotask:v0.0.5"
-          env:
-          - name: NAME_SPACE
-            value: {{ .Release.Namespace }}
-          - name: APPLICATION_DATA_PATH
-            valueFrom:
-              configMapKeyRef:
-                name: rss-userspace-data
-                key: appData
-          - name: APP_DATA_PATH
-            valueFrom:
-              configMapKeyRef:
-                name: rss-userspace-data
-                key: appCache
-          - name: ALGORITHM_VERSION
-            value: v0.0.6
-          - name: TERMIUS_USER_NAME
-            valueFrom:
-              configMapKeyRef:
-                name: rss-userspace-data
-                key: username
-          
-          - name: KNOWLEDGE_BASE_API_PORT
-            value: "3010"
-         
-          
-
-      volumes:
-        - name: tmp
-          emptyDir: {}
-      {{- with .Values.server.volumes }}
-        {{- toYaml . | nindent 6}}
-      {{- end }}
-      {{- with .Values.server.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-        - {{ toYaml $constraint | nindent 8 | trim }}
-        {{- if not $constraint.labelSelector }}
-          labelSelector:
-            matchLabels:
-            {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }}
-        {{- end }}
-        {{- end }}
-      {{- end }}
-      {{- with .Values.server.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}
-
-{{- end -}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-sa.yaml

@@ -1,16 +0,0 @@
-{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-  {{- with .Values.server.serviceAccount.labels  }}
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{- with .Values.server.serviceAccount.annotations  }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end -}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-service.yaml

@@ -1,36 +0,0 @@
-{{- if .Values.server.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "argo-workflows.server.fullname" . }}-svc
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
-  {{- with .Values.server.serviceAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  ports:
-  - port: {{ .Values.server.servicePort }}
-    {{- with .Values.server.servicePortName }}
-    name: {{ . }}
-    {{- end }}
-    targetPort: 2746
-    {{- if and (eq .Values.server.serviceType "NodePort") .Values.server.serviceNodePort }}
-    nodePort: {{ .Values.server.serviceNodePort }}
-    {{- end }}
-  selector:
-    app: {{ template "argo-workflows.server.fullname" . }}
-    {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
-  sessionAffinity: None
-  type: {{ .Values.server.serviceType }}
-  {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }}
-  {{- end }}
-  {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-    {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }}
-  {{- end }}
-{{- end -}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/values.yaml

@@ -1,840 +0,0 @@
-images:
-  # -- Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`.
-  tag: ""
-  # -- imagePullPolicy to apply to all containers
-  pullPolicy: IfNotPresent
-  # -- Secrets with credentials to pull images from a private registry
-  pullSecrets: []
-  # - name: argo-pull-secret
-
-## Custom resource configuration
-crds:
-  # -- Install and upgrade CRDs
-  install: true
-  # -- Keep CRDs on chart uninstall
-  keep: true
-  # -- Annotations to be added to all CRDs
-  annotations: {}
-
-# -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds
-## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-createAggregateRoles: true
-
-# -- String to partially override "argo-workflows.fullname" template
-nameOverride:
-
-# -- String to fully override "argo-workflows.fullname" template
-fullnameOverride:
-
-# -- Override the Kubernetes version, which is used to evaluate certain manifests
-kubeVersionOverride: ""
-
-# Override APIVersions
-apiVersionOverrides:
-  # -- String to override apiVersion of autoscaling rendered by this helm chart
-  autoscaling: "" # autoscaling/v2
-  # -- String to override apiVersion of GKE resources rendered by this helm chart
-  cloudgoogle: "" # cloud.google.com/v1
-
-# -- Restrict Argo to operate only in a single namespace (the namespace of the
-# Helm release) by apply Roles and RoleBindings instead of the Cluster
-# equivalents, and start workflow-controller with the --namespaced flag. Use it
-# in clusters with strict access policy.
-singleNamespace: false
-
-workflow:
-  # -- Deprecated; use controller.workflowNamespaces instead.
-  namespace:
-  serviceAccount:
-    # -- Specifies whether a service account should be created
-    create: false
-    # -- Labels applied to created service account
-    labels: {}
-    # -- Annotations applied to created service account
-    annotations: {}
-    # -- Service account which is used to run workflows
-    name: "argo-workflow"
-    # -- Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets`
-    pullSecrets: []
-  rbac:
-    # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows.
-    # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below)
-    create: true
-
-controller:
-  image:
-    # -- Registry to use for the controller
-    registry: quay.io
-    # -- Registry to use for the controller
-    repository: argoproj/workflow-controller
-    # -- Image tag for the workflow controller. Defaults to `.Values.images.tag`.
-    tag: ""
-  # -- parallelism dictates how many workflows can be running at the same time
-  parallelism:
-  # -- Globally limits the rate at which pods are created.
-  # This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of
-  # parallel nodes.
-  resourceRateLimit: {}
-    # limit: 10
-  # burst: 1
-
-  rbac:
-    # -- Adds Role and RoleBinding for the controller.
-    create: true
-    # -- Allows controller to get, list, and watch certain k8s secrets
-    secretWhitelist: []
-    # -- Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty.
-    accessAllSecrets: false
-    # -- Allows controller to create and update ConfigMaps. Enables memoization feature
-    writeConfigMaps: false
-
-  # -- Limits the maximum number of incomplete workflows in a namespace
-  namespaceParallelism:
-  # -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224
-  initialDelay:
-  # -- deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment
-  deploymentAnnotations: {}
-  # -- podAnnotations is an optional map of annotations to be applied to the controller Pods
-  podAnnotations: {}
-  # -- Optional labels to add to the controller pods
-  podLabels: {}
-  # -- SecurityContext to set on the controller pods
-  podSecurityContext: {}
-  # podPortName: http
-  metricsConfig:
-    # -- Enables prometheus metrics server
-    enabled: false
-    # -- Path is the path where metrics are emitted. Must start with a "/".
-    path: /metrics
-    # -- Port is the port where metrics are emitted
-    port: 9090
-    # -- How often custom metrics are cleared from memory
-    metricsTTL: ""
-    # -- Flag that instructs prometheus to ignore metric emission errors.
-    ignoreErrors: false
-    # --  Flag that use a self-signed cert for TLS
-    secure: false
-    # -- Container metrics port name
-    portName: metrics
-    # -- Service metrics port
-    servicePort: 8090
-    # -- Service metrics port name
-    servicePortName: metrics
-    # -- ServiceMonitor relabel configs to apply to samples before scraping
-    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
-    relabelings: []
-    # -- ServiceMonitor metric relabel configs to apply to samples before ingestion
-    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
-    metricRelabelings: []
-    # -- ServiceMonitor will add labels from the service to the Prometheus metric
-    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec
-    targetLabels: []
-  # -- the controller container's securityContext
-  securityContext:
-    readOnlyRootFilesystem: true
-    runAsNonRoot: true
-    allowPrivilegeEscalation: false
-    capabilities:
-      drop:
-        - ALL
-  # -- enable persistence using postgres
-  persistence: {}
-  # connectionPool:
-  #   maxIdleConns: 100
-  #   maxOpenConns: 0
-  # # save the entire workflow into etcd and DB
-  # nodeStatusOffLoad: false
-  # # enable archiving of old workflows
-  # archive: false
-  # postgresql:
-  #   host: localhost
-  #   port: 5432
-  #   database: postgres
-  #   tableName: argo_workflows
-  #   # the database secrets must be in the same namespace of the controller
-  #   userNameSecret:
-  #     name: argo-postgres-config
-  #     key: username
-  #   passwordSecret:
-  #     name: argo-postgres-config
-  #     key: password
-
-  # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level.
-  # Only valid for 2.7+
-  ## See more: https://argoproj.github.io/argo-workflows/default-workflow-specs/
-  workflowDefaults: {}
-  #   spec:
-  #     ttlStrategy:
-  #       secondsAfterCompletion: 84600
-  #     # Ref: https://argoproj.github.io/argo-workflows/artifact-repository-ref/
-  #     artifactRepositoryRef:
-  #       configMap: my-artifact-repository # default is "artifact-repositories"
-  #       key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map.
-
-  # -- Number of workflow workers
-  workflowWorkers: # 32
-  # -- Restricts the Workflows that the controller will process.
-  # Only valid for 2.9+
-  workflowRestrictions: {}
-  # templateReferencing: Strict|Secure
-
-  # telemetryConfig controls the path and port for prometheus telemetry. Telemetry is enabled and emitted in the same endpoint
-  # as metrics by default, but can be overridden using this config.
-  telemetryConfig:
-    # -- Enables prometheus telemetry server
-    enabled: false
-    # -- telemetry path
-    path: /telemetry
-    # -- telemetry container port
-    port: 8081
-    # -- How often custom metrics are cleared from memory
-    metricsTTL: ""
-    # -- Flag that instructs prometheus to ignore metric emission errors.
-    ignoreErrors: false
-    # --  Flag that use a self-signed cert for TLS
-    secure: false
-    # -- telemetry service port
-    servicePort: 8081
-    # -- telemetry service port name
-    servicePortName: telemetry
-  serviceMonitor:
-    # -- Enable a prometheus ServiceMonitor
-    enabled: false
-    # -- Prometheus ServiceMonitor labels
-    additionalLabels: {}
-    # -- Prometheus ServiceMonitor namespace
-    namespace: "" # "monitoring"
-  serviceAccount:
-    # -- Create a service account for the controller
-    create: true
-    # -- Service account name
-    name: ""
-    # -- Labels applied to created service account
-    labels: {}
-    # -- Annotations applied to created service account
-    annotations: {}
-
-  # -- Workflow controller name string
-  name: workflow-controller
-
-  # -- Specify all namespaces where this workflow controller instance will manage
-  # workflows. This controls where the service account and RBAC resources will
-  # be created. Only valid when singleNamespace is false.
-  workflowNamespaces:
-    - default
-
-  instanceID:
-    # -- Configures the controller to filter workflow submissions
-    # to only those which have a matching instanceID attribute.
-    ## NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName`
-    ## or `instanceID.explicitID` must be defined.
-    enabled: true
-    # -- Use ReleaseName as instanceID
-    useReleaseName: true
-    # useReleaseName: true
-
-    # -- Use a custom instanceID
-    explicitID: ""
-    # explicitID: unique-argo-controller-identifier
-
-  logging:
-    # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
-    level: info
-    # -- Set the glog logging level
-    globallevel: "0"
-    # -- Set the logging format (one of: `text`, `json`)
-    format: "text"
-
-  # -- Service type of the controller Service
-  serviceType: ClusterIP
-  # -- Annotations to be applied to the controller Service
-  serviceAnnotations: {}
-  # -- Optional labels to add to the controller Service
-  serviceLabels: {}
-  # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
-  loadBalancerSourceRanges: []
-
-  # -- Resource limits and requests for the controller
-  resources: {}
-
-  # -- Configure liveness [probe] for the controller
-  # @default -- See [values.yaml]
-  livenessProbe:
-    httpGet:
-      port: 6060
-      path: /healthz
-    failureThreshold: 3
-    initialDelaySeconds: 90
-    periodSeconds: 60
-    timeoutSeconds: 30
-
-  # -- Extra environment variables to provide to the controller container
-  extraEnv: []
-    # - name: FOO
-  #   value: "bar"
-
-  # -- Extra arguments to be added to the controller
-  extraArgs: []
-  # -- Additional volume mounts to the controller main container
-  volumeMounts: []
-  # -- Additional volumes to the controller pod
-  volumes: []
-  # -- The number of controller pods to run
-  replicas: 1
-
-  pdb:
-    # -- Configure [Pod Disruption Budget] for the controller pods
-    enabled: false
-    # minAvailable: 1
-    # maxUnavailable: 1
-
-  # -- [Node selector]
-  nodeSelector:
-    kubernetes.io/os: linux
-  # -- [Tolerations] for use with node taints
-  tolerations: []
-  # -- Assign custom [affinity] rules
-  affinity: {}
-
-  # -- Assign custom [TopologySpreadConstraints] rules to the workflow controller
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
-  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
-  topologySpreadConstraints: []
-  # - maxSkew: 1
-  #   topologyKey: topology.kubernetes.io/zone
-  #   whenUnsatisfiable: DoNotSchedule
-
-  # -- Leverage a PriorityClass to ensure your pods survive resource shortages.
-  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
-  priorityClassName: ""
-
-  # -- Configure Argo Server to show custom [links]
-  ## Ref: https://argoproj.github.io/argo-workflows/links/
-  links: []
-  # -- Configure Argo Server to show custom [columns]
-  ## Ref: https://github.com/argoproj/argo-workflows/pull/10693
-  columns: []
-  # -- Set ui navigation bar background color
-  navColor: ""
-  clusterWorkflowTemplates:
-    # -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates.
-    enabled: true
-  # -- Extra containers to be added to the controller deployment
-  extraContainers: []
-
-  # -- Enables init containers to be added to the controller deployment
-  extraInitContainers: []
-
-  # -- Workflow retention by number of workflows
-  retentionPolicy: {}
-  #  completed: 10
-  #  failed: 3
-  #  errored: 3
-
-  nodeEvents:
-    # -- Enable to emit events on node completion.
-    ## This can take up a lot of space in k8s (typically etcd) resulting in errors when trying to create new events:
-    ## "Unable to create audit event: etcdserver: mvcc: database space exceeded"
-    enabled: true
-
-  # -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads,
-  # or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret.
-  # @default -- `{}` (See [values.yaml])
-  kubeConfig: {}
-    # # name of the kubeconfig secret, may not be empty when kubeConfig specified
-    # secretName: kubeconfig-secret
-    # # key of the kubeconfig secret, may not be empty when kubeConfig specified
-    # secretKey: kubeconfig
-    # # mounting path of the kubeconfig secret, default to /kube/config
-    # mountPath: /kubeconfig/mount/path
-    # # volume name when mounting the secret, default to kubeconfig
-  # volumeName: kube-config-volume
-
-  # -- Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately.
-  # @default -- `30` seconds (Kubernetes default)
-  podGCGracePeriodSeconds:
-
-  # -- The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately.
-  # @default -- `5s` (Argo Workflows default)
-  podGCDeleteDelayDuration: ""
-
-# mainContainer adds default config for main container that could be overriden in workflows template
-mainContainer:
-  # -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`.
-  imagePullPolicy: ""
-  # -- Resource limits and requests for the Workflow main container
-  resources: {}
-  # -- Adds environment variables for the Workflow main container
-  env: []
-  # -- Adds reference environment variables for the Workflow main container
-  envFrom: []
-  # -- sets security context for the Workflow main container
-  securityContext: {}
-
-# executor controls how the init and wait container should be customized
-executor:
-  image:
-    # -- Registry to use for the Workflow Executors
-    registry: quay.io
-    # -- Repository to use for the Workflow Executors
-    repository: argoproj/argoexec
-    # -- Image tag for the workflow executor. Defaults to `.Values.images.tag`.
-    tag: ""
-    # -- Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`.
-    pullPolicy: ""
-  # -- Resource limits and requests for the Workflow Executors
-  resources: {}
-  # -- Passes arguments to the executor processes
-  args: []
-  # -- Adds environment variables for the executor.
-  env: []
-  # -- sets security context for the executor container
-  securityContext: {}
-
-server:
-  # -- Deploy the Argo Server
-  enabled: true
-  # -- Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /.
-  ## only updates base url of resources on client side,
-  ## it's expected that a proxy server rewrites the request URL and gets rid of this prefix
-  ## https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190
-  baseHref: /
-  image:
-    # -- Registry to use for the server
-    registry: quay.io
-    # -- Repository to use for the server
-    repository: argoproj/argocli
-    # -- Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`.
-    tag: ""
-  # -- optional map of annotations to be applied to the ui Deployment
-  deploymentAnnotations: {}
-  # -- optional map of annotations to be applied to the ui Pods
-  podAnnotations: {}
-  # -- Optional labels to add to the UI pods
-  podLabels: {}
-  # -- SecurityContext to set on the server pods
-  podSecurityContext: {}
-  rbac:
-    # -- Adds Role and RoleBinding for the server.
-    create: true
-  # -- Servers container-level security context
-  securityContext:
-    readOnlyRootFilesystem: false
-    runAsNonRoot: true
-    allowPrivilegeEscalation: false
-    capabilities:
-      drop:
-        - ALL
-  # -- Server name string
-  name: server
-  # -- Service type for server pods
-  serviceType: ClusterIP
-  # -- Service port for server
-  servicePort: 2746
-  # -- Service node port
-  serviceNodePort: # 32746
-  # -- Service port name
-  servicePortName: "http" # http
-
-  serviceAccount:
-    # -- Create a service account for the server
-    create: true
-    # -- Service account name
-    name: ""
-    # -- Labels applied to created service account
-    labels: {}
-    # -- Annotations applied to created service account
-    annotations: {}
-
-  # -- Annotations to be applied to the UI Service
-  serviceAnnotations: {}
-  # -- Optional labels to add to the UI Service
-  serviceLabels: {}
-  # -- Static IP address to assign to loadBalancer service type `LoadBalancer`
-  loadBalancerIP: ""
-  # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
-  loadBalancerSourceRanges: []
-  # -- Resource limits and requests for the server
-  resources: {}
-  # -- The number of server pods to run
-  replicas: 1
-  ## Argo Server Horizontal Pod Autoscaler
-  autoscaling:
-    # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server
-    enabled: false
-    # -- Minimum number of replicas for the Argo Server [HPA]
-    minReplicas: 1
-    # -- Maximum number of replicas for the Argo Server [HPA]
-    maxReplicas: 5
-    # -- Average CPU utilization percentage for the Argo Server [HPA]
-    targetCPUUtilizationPercentage: 50
-    # -- Average memory utilization percentage for the Argo Server [HPA]
-    targetMemoryUtilizationPercentage: 50
-    # -- Configures the scaling behavior of the target in both Up and Down directions.
-    # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer
-    behavior: {}
-      # scaleDown:
-      #  stabilizationWindowSeconds: 300
-      #  policies:
-      #   - type: Pods
-      #     value: 1
-      #     periodSeconds: 180
-      # scaleUp:
-      #   stabilizationWindowSeconds: 300
-      #   policies:
-      #   - type: Pods
-    #     value: 2
-  pdb:
-    # -- Configure [Pod Disruption Budget] for the server pods
-    enabled: false
-    # minAvailable: 1
-    # maxUnavailable: 1
-
-  # -- [Node selector]
-  nodeSelector:
-    kubernetes.io/os: linux
-
-  # -- [Tolerations] for use with node taints
-  tolerations: []
-
-  # -- Assign custom [affinity] rules
-  affinity: {}
-
-  # -- Assign custom [TopologySpreadConstraints] rules to the argo server
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
-  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
-  topologySpreadConstraints: []
-  # - maxSkew: 1
-  #   topologyKey: topology.kubernetes.io/zone
-  #   whenUnsatisfiable: DoNotSchedule
-
-  # -- Leverage a PriorityClass to ensure your pods survive resource shortages
-  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
-  priorityClassName: ""
-
-  # -- Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs.
-  ## See the following documentation for more details on secure mode:
-  ## https://argoproj.github.io/argo-workflows/tls/
-  secure: false
-
-  # -- Extra environment variables to provide to the argo-server container
-  extraEnv: []
-    # - name: FOO
-  #   value: "bar"
-
-  # -- Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well.
-  ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/
-  authMode: "server"
-
-  # -- Extra arguments to provide to the Argo server binary.
-  ## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options
-  extraArgs: []
-
-  logging:
-    # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
-    level: info
-    # -- Set the glog logging level
-    globallevel: "0"
-    # -- Set the logging format (one of: `text`, `json`)
-    format: "text"
-
-  # -- Additional volume mounts to the server main container.
-  volumeMounts: []
-  # -- Additional volumes to the server pod.
-  volumes: []
-
-  ## Ingress configuration.
-  # ref: https://kubernetes.io/docs/user-guide/ingress/
-  ingress:
-    # -- Enable an ingress resource
-    enabled: false
-    # -- Additional ingress annotations
-    annotations: {}
-    # -- Additional ingress labels
-    labels: {}
-    # -- Defines which ingress controller will implement the resource
-    ingressClassName: ""
-
-    # -- List of ingress hosts
-    ## Hostnames must be provided if Ingress is enabled.
-    ## Secrets must be manually created in the namespace
-    hosts: []
-    # - argoworkflows.example.com
-
-    # -- List of ingress paths
-    paths:
-      - /
-
-    # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
-    pathType: Prefix
-    # -- Additional ingress paths
-    extraPaths: []
-      # - path: /*
-      #   backend:
-      #     serviceName: ssl-redirect
-      #     servicePort: use-annotation
-      ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used)
-      # - path: /*
-      #   pathType: Prefix
-      #   backend:
-      #     service
-      #       name: ssl-redirect
-      #       port:
-    #         name: use-annotation
-
-    # -- Ingress TLS configuration
-    tls: []
-      # - secretName: argoworkflows-example-tls
-      #   hosts:
-    #     - argoworkflows.example.com
-
-  ## Create a Google Backendconfig  for use with the GKE Ingress Controller
-  ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
-  GKEbackendConfig:
-    # -- Enable BackendConfig custom resource for Google Kubernetes Engine
-    enabled: false
-    # -- [BackendConfigSpec]
-    spec: {}
-  #  spec:
-  #    iap:
-  #      enabled: true
-  #      oauthclientCredentials:
-  #        secretName: argoworkflows-secret
-
-  ## Create a Google Managed Certificate for use with the GKE Ingress Controller
-  ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
-  GKEmanagedCertificate:
-    # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine.
-    enabled: false
-    # -- Domains for the Google Managed Certificate
-    domains:
-      - argoworkflows.example.com
-
-  ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller
-  ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
-  GKEfrontendConfig:
-    # -- Enable FrontConfig custom resource for Google Kubernetes Engine
-    enabled: false
-    # -- [FrontendConfigSpec]
-    spec: {}
-  # spec:
-  #   redirectToHttps:
-  #     enabled: true
-  #     responseCodeName: RESPONSE_CODE
-
-  clusterWorkflowTemplates:
-    # -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates.
-    enabled: true
-    # -- Give the server permissions to edit ClusterWorkflowTemplates.
-    enableEditing: true
-
-  # SSO configuration when SSO is specified as a server auth mode.
-  sso:
-    # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`.
-    enabled: false
-    # -- The root URL of the OIDC identity provider
-    issuer: https://accounts.google.com
-    clientId:
-      # -- Name of secret to retrieve the app OIDC client ID
-      name: argo-server-sso
-      # -- Key of secret to retrieve the app OIDC client ID
-      key: client-id
-    clientSecret:
-      # -- Name of a secret to retrieve the app OIDC client secret
-      name: argo-server-sso
-      # -- Key of a secret to retrieve the app OIDC client secret
-      key: client-secret
-    # - The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
-    redirectUrl: https://argo/oauth2/callback
-    rbac:
-      # -- Adds ServiceAccount Policy to server (Cluster)Role.
-      enabled: true
-      # -- Whitelist to allow server to fetch Secrets
-      ## When present, restricts secrets the server can read to a given list.
-      ## You can use it to restrict the server to only be able to access the
-      ## service account token secrets that are associated with service accounts
-      ## used for authorization.
-      secretWhitelist: []
-    # -- Scopes requested from the SSO ID provider
-    ## The 'groups' scope requests group membership information, which is usually used for authorization decisions.
-    scopes: []
-    # - groups
-    # -- Define how long your login is valid for (in hours)
-    ## If omitted, defaults to 10h.
-    sessionExpiry: ""
-    # -- Alternate root URLs that can be included for some OIDC providers
-    issuerAlias: ""
-    # -- Override claim name for OIDC groups
-    customGroupClaimName: ""
-    # -- Specify the user info endpoint that contains the groups claim
-    ## Configure this if your OIDC provider provides groups information only using the user-info endpoint (e.g. Okta)
-    userInfoPath: ""
-    # -- Skip TLS verification for the HTTP client
-    insecureSkipVerify: false
-
-  # -- Extra containers to be added to the server deployment
-  extraContainers: []
-
-  # -- Enables init containers to be added to the server deployment
-  extraInitContainers: []
-
-# -- Array of extra K8s manifests to deploy
-extraObjects: []
-  # - apiVersion: secrets-store.csi.x-k8s.io/v1
-  #   kind: SecretProviderClass
-  #   metadata:
-  #     name: argo-server-sso
-  #   spec:
-  #     provider: aws
-  #     parameters:
-  #       objects: |
-  #         - objectName: "argo/server/sso"
-  #           objectType: "secretsmanager"
-  #           jmesPath:
-  #               - path: "client_id"
-  #                 objectAlias: "client_id"
-  #               - path: "client_secret"
-  #                 objectAlias: "client_secret"
-  #     secretObjects:
-  #     - data:
-  #       - key: client_id
-  #         objectName: client_id
-  #       - key: client_secret
-  #         objectName: client_secret
-  #       secretName: argo-server-sso-secrets-store
-#       type: Opaque
-
-# -- Use static credentials for S3 (eg. when not using AWS IRSA)
-useStaticCredentials: true
-artifactRepository:
-  # -- Archive the main container logs as an artifact
-  archiveLogs: true
-  # -- Store artifact in a S3-compliant object store
-  # @default -- See [values.yaml]
-  s3: 
-    # # Note the `key` attribute is not the actual secret, it's the PATH to
-    # # the contents in the associated secret, as defined by the `name` attribute.
-    accessKeySecret:
-      name: argo-workflow-log-fakes3
-      key: AWS_ACCESS_KEY_ID
-    secretKeySecret:
-      name: argo-workflow-log-fakes3
-      key: AWS_SECRET_ACCESS_KEY
-    # # insecure will disable TLS. Primarily used for minio installs not configured with TLS
-    insecure: true
-    keyFormat: "{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}"
-    bucket: mongo-backup
-    # endpoint: workflow-archivelog-s3:4568
-    # region:
-    # roleARN:
-    # useSDKCreds: true
-    # encryptionOptions:
-  #    enableEncryption: true
-  # -- Store artifact in a GCS object store
-  # @default -- `{}` (See [values.yaml])
-  gcs: {}
-  # bucket: <project>-argo
-  # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}"
-  # serviceAccountKeySecret is a secret selector.
-  # It references the k8s secret named 'my-gcs-credentials'.
-  # This secret is expected to have have the key 'serviceAccountKey',
-  # containing the base64 encoded credentials
-  # to the bucket.
-  #
-  # If it's running on GKE and Workload Identity is used,
-  # serviceAccountKeySecret is not needed.
-  # serviceAccountKeySecret:
-  # name: my-gcs-credentials
-  # key: serviceAccountKey
-  # -- Store artifact in Azure Blob Storage
-  # @default -- `{}` (See [values.yaml])
-  azure: {}
-  # endpoint: https://mystorageaccountname.blob.core.windows.net
-  # container: my-container-name
-  # blobNameFormat: path/in/container
-  ## accountKeySecret is a secret selector.
-  ## It references the k8s secret named 'my-azure-storage-credentials'.
-  ## This secret is expected to have have the key 'account-access-key',
-  ## containing the base64 encoded credentials to the storage account.
-  ## If a managed identity has been assigned to the machines running the
-  ## workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity)
-  ## then accountKeySecret is not needed, and useSDKCreds should be
-  ## set to true instead:
-  # useSDKCreds: true
-  # accountKeySecret:
-  #  name: my-azure-storage-credentials
-  #  key: account-access-key
-
-# -- The section of custom artifact repository.
-# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure)
-customArtifactRepository: {}
-# artifactory:
-#   repoUrl: https://artifactory.example.com/raw
-#   usernameSecret:
-#     name: artifactory-creds
-#     key: username
-#   passwordSecret:
-#     name: artifactory-creds
-#     key: password
-
-# -- The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/).
-# Each map key is the name of configmap
-# @default -- `{}` (See [values.yaml])
-artifactRepositoryRef: {}
-  # # -- 1st ConfigMap
-  # # If you want to use this config map by default, name it "artifact-repositories".
-  # # Otherwise, you can provide a reference to a
-  # # different config map in `artifactRepositoryRef.configMap`.
-  # artifact-repositories:
-  #   # -- v3.0 and after - if you want to use a specific key, put that key into this annotation.
-  #   annotations:
-  #     workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository
-  #   # 1st data of configmap. See above artifactRepository or customArtifactRepository.
-  #   default-v1-s3-artifact-repository:
-  #     archiveLogs: false
-  #     s3:
-  #       bucket: my-bucket
-  #       endpoint: minio:9000
-  #       insecure: true
-  #       accessKeySecret:
-  #         name: my-minio-cred
-  #         key: accesskey
-  #       secretKeySecret:
-  #         name: my-minio-cred
-  #         key: secretkey
-  #    # 2nd data
-  #    oss-artifact-repository:
-  #      archiveLogs: false
-  #      oss:
-  #        endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com
-  #        bucket: $mybucket
-  #        # accessKeySecret and secretKeySecret are secret selectors.
-  #        # It references the k8s secret named 'bucket-workflow-artifect-credentials'.
-  #        # This secret is expected to have have the keys 'accessKey'
-  #        # and 'secretKey', containing the base64 encoded credentials
-  #        # to the bucket.
-  #        accessKeySecret:
-  #          name: $mybucket-credentials
-  #          key: accessKey
-  #        secretKeySecret:
-  #          name: $mybucket-credentials
-  #          key: secretKey
-  # # 2nd ConfigMap
-  # another-artifact-repositories:
-  #   annotations:
-  #     workflows.argoproj.io/default-artifact-repository: gcs
-  #   gcs:
-  #     bucket: my-bucket
-  #     keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}}
-  #     serviceAccountKeySecret:
-  #       name: my-gcs-credentials
-#       key: serviceAccountKey
-
-emissary:
-  # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used.
-  ## See more: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary
-  images: []
-  #  argoproj/argosay:v2:
-  #    cmd: [/argosay]
-  #  docker/whalesay:latest:
-  #    cmd: [/bin/bash]

apps/argo/config/user/helm-charts/argo/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "rss.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "rss.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "rss.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "rss.labels" -}}
-helm.sh/chart: {{ include "rss.chart" . }}
-{{ include "rss.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "rss.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "rss.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "rss.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "rss.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

apps/argo/config/user/helm-charts/argo/templates/argo_deployment.yaml

@@ -1,185 +0,0 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $rss_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
-{{- $password := "" -}}
-{{ if $rss_secret -}}
-{{ $password = (index $rss_secret "data" "pg_password") }}
-{{ else -}}
-{{ $password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password := "" -}}
-{{ if $rss_secret -}}
-{{ $redis_password = (index $rss_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-
-{{- $redis_password_data := "" -}}
-{{ $redis_password_data = $redis_password | b64dec }}
-
-{{- $pg_password_data := "" -}}
-{{ $pg_password_data = $password | b64dec }}
-
-{{- $mongo_secret := (lookup "v1" "Secret" .Release.Namespace "knowledge-mongodb") -}}
-{{- $mongo_password := randAlphaNum 16 | b64enc -}}
-
-{{- $mongo_password_data := "" -}}
-{{ if $mongo_secret -}}
-  {{ $mongo_password_data = (index $mongo_secret "data" "mongodb-passwords" ) | b64dec }}
-{{ else -}}
-  {{ $mongo_password_data = $mongo_password | b64dec }}
-{{- end -}}
-
-{{- $pg_user :=  printf "%s%s" "rss_" .Values.bfl.username -}}
-{{- $pg_user = $pg_user | b64enc -}}
-
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rss-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $password }}
-  redis_password: {{ $redis_password }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rss-secrets
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  pg_user: {{ $pg_user }}
-  pg_password: {{ $password }}
-  redis_password: {{ $redis_password }}
-
-
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: knowledge-mongodb
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-
-{{ if $mongo_secret -}}
-data:
-  mongodb-passwords: {{ index $mongo_secret "data" "mongodb-passwords" }}
-{{ else -}}
-data:
-  mongodb-passwords: {{ $mongo_password }}
-{{ end }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: knowledge-mongodb
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-
-{{ if $mongo_secret -}}
-data:
-  mongodb-passwords: {{ index $mongo_secret "data" "mongodb-passwords" }}
-{{ else -}}
-data:
-  mongodb-passwords: {{ $mongo_password }}
-{{ end }}
-
----
-
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: rss-secrets-auth
-  namespace: {{ .Release.Namespace }}
-data:
-  redis_password: "{{ $redis_password_data }}"
-  redis_addr: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379
-  redis_host: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-  redis_port: '6379'
-  pg_url: postgres://rss_{{ .Values.bfl.username }}:{{ $pg_password_data }}@citus-master-svc.user-system-{{ .Values.bfl.username }}/user_space_{{ .Values.bfl.username }}_rss_v1?sslmode=disable
-  mongo_url: mongodb://knowledge-{{ .Values.bfl.username }}:{{ $mongo_password_data }}@mongo-cluster-mongos.user-system-{{ .Values.bfl.username }}:27017/{{ .Release.Namespace }}_knowledge
-  mongo_db: {{ .Release.Namespace }}_knowledge
-  postgres_host: citus-master-svc.user-system-{{ .Values.bfl.username }}
-  postgres_user: knowledge_{{ .Values.bfl.username }}
-  postgres_password: "{{ $pg_password_data }}"
-  postgres_db: user_space_{{ .Values.bfl.username }}_knowledge
-  postgres_port: '5432'
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: rss-userspace-data
-  namespace: {{ .Release.Namespace }}
-data:
-  appData: "{{ .Values.userspace.appData }}"
-  appCache: "{{ .Values.userspace.appCache }}"
-  username: "{{ .Values.bfl.username }}"
-
-
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: rss-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: rss
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: rss_{{ .Values.bfl.username }}
-    password: 
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: rss-secrets
-    databases:
-    - name: rss
-    - name: rss_v1
-    - name: argo
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: knowledge-redis
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: rss
-  appNamespace: {{ .Release.Namespace }}
-  middleware: redis
-  redis:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: redis_password
-          name: rss-secrets
-    namespace: knowledge
-
----
-    
-apiVersion: v1
-kind: Service
-metadata:
-  name: workflow-archivelog-s3
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  type: ClusterIP
-  selector:
-    app: systemserver
-  ports:
-    - protocol: TCP
-      name: fakes3
-      port: 4568
-      targetPort: 4568

apps/argo/config/user/helm-charts/argo/values.yaml

@@ -1,43 +0,0 @@
-
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  wise:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""

apps/argo/config/user/helm-charts/recommend/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: recommend
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

apps/argo/config/user/helm-charts/recommend/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "recommend.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "recommend.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "recommend.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "recommend.labels" -}}
-helm.sh/chart: {{ include "recommend.chart" . }}
-{{ include "recommend.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "recommend.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "recommend.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "recommend.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "recommend.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

apps/argo/config/user/helm-charts/recommend/templates/argo_fe_deploy.yaml

@@ -1,116 +0,0 @@
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: recommend
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ExternalName
-  externalName: argoworkflows-svc.{{ .Release.Namespace }}.svc.cluster.local
-  ports:
-    - name: http
-      port: 2746
-      protocol: TCP
-      targetPort: 2746
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: argoworkflows-ui
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-    - port: 80
-      protocol: TCP
-      targetPort: 8080
-  selector:
-    app: recommend
-  type: ClusterIP
-
----
-{{ if (eq .Values.debugVersion true) }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: recommend
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: recommend
-    applications.app.bytetrade.io/author: bytetrade.io
-
-    applications.app.bytetrade.io/name: recommend
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/recommend/icon.png
-    applications.app.bytetrade.io/title: recommend
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"recommend", "host":"argoworkflows-ui", "port":80,"title":"recommend"}]'
-
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: recommend
-  template:
-    metadata:
-      labels:
-        app: recommend
-    spec:
-      containers:
-        - name: recommend-proxy
-          image: nginx:stable-alpine3.17-slim
-          imagePullPolicy: IfNotPresent
-          ports:
-            - name: proxy
-              containerPort: 8080
-          volumeMounts:
-            - name: nginx-config
-              readOnly: true
-              mountPath: /etc/nginx/nginx.conf
-              subPath: nginx.conf
-      volumes:
-        - name: nginx-config
-          configMap:
-            name: recommend-nginx-configs
-            items:
-              - key: nginx.conf
-                path: nginx.conf
-{{ end }}
-
-
-
----
-apiVersion: v1
-data:
-  nginx.conf: |
-    # Configuration checksum:
-
-    pid /var/run/nginx.pid;
-
-    worker_processes auto;
-
-    events {
-      worker_connections 1024;
-    }
-
-    http {
-      server {
-        listen 8080;
-
-        location / {
-          proxy_pass http://recommend:2746;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-      }
-    }
-kind: ConfigMap
-metadata:
-  name: recommend-nginx-configs
-  namespace: {{ .Release.Namespace }}
-

apps/desktop/README.md

@@ -1,3 +0,0 @@
-# desktop
-
-https://github.com/beclab/desktop

apps/desktop/config/user/helm-charts/desktop/templates/desktop_deploy.yaml

@@ -1,731 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: edge-desktop
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: edge-desktop
-    applications.app.bytetrade.io/author: bytetrade.io
-  annotations:
-    applications.app.bytetrade.io/version: '0.0.1'
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: edge-desktop
-  template:
-    metadata:
-      labels:
-        app: edge-desktop
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-      initContainers:
-      - args:
-        - -it
-        - authelia-backend.os-system:9091
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      - name: terminus-sidecar-init
-        image: openservicemesh/init:v1.2.3
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-          capabilities: 
-            add:
-            - NET_ADMIN
-          runAsNonRoot: false
-          runAsUser: 0
-        command:
-        - /bin/sh
-        - -c
-        - |
-          iptables-restore --noflush <<EOF
-          # sidecar interception rules
-          *nat
-          :PROXY_IN_REDIRECT - [0:0]
-          :PROXY_INBOUND - [0:0]
-          -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-          -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-          -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-          -A PREROUTING -p tcp -j PROXY_INBOUND
-          COMMIT
-          EOF
-        
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-
-      containers:
-      - name: edge-desktop
-        image: beclab/desktop:v0.2.32
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-        ports:
-        - containerPort: 80
-        env:
-          - name: apiServerURL
-            value: http://bfl.{{ .Release.Namespace }}:8080
-
-      - name: desktop-server
-        image: beclab/desktop-server:v0.2.32
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        volumeMounts:
-        - name: userspace-dir
-          mountPath: /Home
-        ports:
-        - containerPort: 3000
-        env:
-        - name: OS_SYSTEM_SERVER
-          value: system-server.user-system-{{ .Values.bfl.username }}
-        - name: OS_APP_SECRET
-          value: '{{ .Values.os.desktop.appSecret }}'
-        - name: OS_APP_KEY
-          value: {{ .Values.os.desktop.appKey }}
-        - name: APP_SERVICE_SERVICE_HOST
-          value: app-service.os-system
-        - name: APP_SERVICE_SERVICE_PORT
-          value: '6755'
-
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-      - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.3'
-        imagePullPolicy: IfNotPresent
-        command:
-          - /ws-gateway
-        env:
-          - name: WS_PORT
-            value: '3010'
-          - name: WS_URL
-            value: /websocket/message
-        resources: {}
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-      volumes:
-      - name: userspace-dir
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.userData }}
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-ws-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: edge-desktop
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: edge-desktop
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 80
-      
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  namespace: {{ .Release.Namespace }}
-  name: internal-kubectl
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:edge-desktop-rb
-subjects:
-  - kind: ServiceAccount
-    namespace: {{ .Release.Namespace }}
-    name: internal-kubectl
-roleRef:
-  # kind: Role
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: app-event-watcher
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  callbacks:
-  - filters:
-      type:
-      - app-installation-event
-    op: Create
-    uri: /server/app_installation_event
-  - filters:
-      type:
-      - settings-event
-    op: Create
-    uri: /server/app_installation_event
-  - filters:
-      type:
-      - system-upgrade-event
-    op: Create
-    uri: /server/system_upgrade_event
-  dataType: event
-  deployment: edge-desktop
-  description: desktop event watcher
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: message-disptahcer.system-server
-  kind: watcher
-  namespace: {{ .Release.Namespace }}
-  version: v1
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: intent-api
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: legacy_api
-  deployment: edge-desktop
-  description: edge-desktop legacy api
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: api.intent
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  version: v1
-  opApis:
-  - name: POST
-    uri: /server/intent/send
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: intent-api-v2
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: legacy_api
-  deployment: edge-desktop
-  description: edge-desktop legacy api
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: api.intent
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  version: v2
-  opApis:
-    - name: POST
-      uri: /server/intent/send
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: destktop-ai-provider
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: ai_message
-  deployment: edge-desktop
-  description: search ai callback
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: service.desktop
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: AIMessage
-    uri: /server/ai_message
-  version: v1
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: desktop-notification
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: notification
-  deployment: edge-desktop
-  description: send notification to desktop client
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: service.desktop
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: Create
-    uri: /notification/create
-  - name: Query
-    uri: /notification/query
-  version: v1
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ApplicationPermission
-metadata:
-  name: desktop
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: desktop
-  appid: desktop
-  key: {{ .Values.os.desktop.appKey }}
-  secret: {{ .Values.os.desktop.appSecret }}
-  permissions:
-  - dataType: files
-    group: service.files
-    ops:
-    - Query
-    version: v1
-  - dataType: datastore
-    group: service.bfl
-    ops:
-    - GetKey
-    - GetKeyPrefix
-    - SetKey
-    - DeleteKey
-    version: v1
-  - dataType: app
-    group: service.bfl
-    ops:
-    - UserApps
-    version: v1
-  - dataType: app
-    group: service.appstore
-    ops:
-    - UninstallDevApp
-    version: v1
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: desktop-config
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: config
-  deployment: edge-desktop
-  description: Set Desktop Config
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: service.desktop
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: Update
-    uri: /server/updateDesktopConfig
-  version: v1
-status:
-  state: active
-
----
-apiVersion: v1
-data:
-  envoy.yaml: |
-    admin:
-      access_log_path: "/dev/stdout"
-      address:
-        socket_address:
-          address: 0.0.0.0
-          port_value: 15000
-    static_resources:
-      listeners:
-      - name: listener_0
-        address:
-          socket_address:
-            address: 0.0.0.0
-            port_value: 15003
-        listener_filters:
-          - name: envoy.filters.listener.original_dst
-            typed_config:
-              "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
-        filter_chains:
-          - filters:
-              - name: envoy.filters.network.http_connection_manager
-                typed_config:
-                  "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                  stat_prefix: desktop_http
-                  upgrade_configs:
-                  - upgrade_type: websocket      
-                  - upgrade_type: tailscale-control-protocol            
-                  skip_xff_append: false
-                  codec_type: AUTO
-                  route_config:
-                    name: local_route
-                    virtual_hosts:
-                      - name: service
-                        domains: ["*"]
-                        routes:
-                          - match:
-                              prefix: "/"
-                            route:
-                              cluster: original_dst
-                              timeout: 180s
-                  http_protocol_options:
-                    accept_http_10: true
-                  http_filters:
-                  - name: envoy.filters.http.ext_authz
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
-                      http_service:
-                        path_prefix: '/api/verify/'
-                        server_uri:
-                          uri: authelia-backend.os-system:9091
-                          cluster: authelia
-                          timeout: 2s
-                        authorization_request:
-                          allowed_headers:
-                            patterns:
-                              - exact: accept
-                              - exact: cookie
-                              - exact: proxy-authorization
-                              - prefix: x-unauth-
-                              - exact: x-authorization
-                              - exact: x-bfl-user
-                              - exact: terminus-nonce
-                          headers_to_add:
-                            - key: X-Forwarded-Method
-                              value: '%REQ(:METHOD)%'
-                            - key: X-Forwarded-Proto
-                              value: '%REQ(:SCHEME)%'
-                            - key: X-Forwarded-Host
-                              value: '%REQ(:AUTHORITY)%'
-                            - key: X-Forwarded-Uri
-                              value: '%REQ(:PATH)%'
-                            - key: X-Forwarded-For
-                              value: '%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%'
-                        authorization_response:
-                          allowed_upstream_headers:
-                            patterns:
-                              - exact: authorization
-                              - exact: proxy-authorization
-                              - prefix: remote-
-                              - prefix: authelia-
-                          allowed_client_headers:
-                            patterns:
-                              - exact: set-cookie
-                          allowed_client_headers_on_success:
-                            patterns:
-                              - exact: set-cookie
-                      failure_mode_allow: false                      
-                  - name: envoy.filters.http.router
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-
-      - name: listener_image
-        address:
-          socket_address:
-            address: 127.0.0.1
-            port_value: 15080
-        filter_chains:
-          - filters:
-              - name: envoy.filters.network.http_connection_manager
-                typed_config:
-                  "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                  stat_prefix: tapr_http
-                  upgrade_configs:
-                  - upgrade_type: websocket                  
-                  skip_xff_append: false
-                  codec_type: AUTO
-                  route_config:
-                    name: local_route
-                    virtual_hosts:
-                      - name: service
-                        domains: ["*"]
-                        routes:
-                          - match:
-                              prefix: "/images/upload"
-                            route:
-                              cluster: images
-                  http_protocol_options:
-                    accept_http_10: true
-                  http_filters:
-                  - name: envoy.filters.http.router
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-        
-        
-      clusters:
-      - name: original_dst
-        connect_timeout: 5000s
-        type: ORIGINAL_DST
-        lb_policy: CLUSTER_PROVIDED
-      - name: authelia
-        connect_timeout: 2s
-        type: LOGICAL_DNS
-        dns_lookup_family: V4_ONLY
-        dns_refresh_rate: 600s
-        lb_policy: ROUND_ROBIN
-        load_assignment:
-          cluster_name: authelia
-          endpoints:
-            - lb_endpoints:
-                - endpoint:
-                    address:
-                      socket_address:
-                        address: authelia-backend.os-system
-                        port_value: 9091
-      - name: images
-        connect_timeout: 5s
-        type: LOGICAL_DNS
-        dns_lookup_family: V4_ONLY
-        dns_refresh_rate: 600s
-        lb_policy: ROUND_ROBIN
-        load_assignment:
-          cluster_name: images
-          endpoints:
-            - lb_endpoints:
-                - endpoint:
-                    address:
-                      socket_address:
-                        address: tapr-images-svc.user-system-{{ .Values.bfl.username }}
-                        port_value: 8080
-kind: ConfigMap
-metadata:
-  name: sidecar-configs
-  namespace: {{ .Release.Namespace }}
-
----
-apiVersion: v1
-data:
-  envoy.yaml: |
-    admin:
-      access_log_path: "/dev/stdout"
-      address:
-        socket_address:
-          address: 0.0.0.0
-          port_value: 15000
-    static_resources:
-      listeners:
-      - name: listener_0
-        address:
-          socket_address:
-            address: 0.0.0.0
-            port_value: 15003
-        listener_filters:
-          - name: envoy.filters.listener.original_dst
-            typed_config:
-              "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
-        filter_chains:
-          - filters:
-              - name: envoy.filters.network.http_connection_manager
-                typed_config:
-                  "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                  stat_prefix: desktop_http
-                  upgrade_configs:
-                  - upgrade_type: websocket      
-                  - upgrade_type: tailscale-control-protocol            
-                  skip_xff_append: false
-                  codec_type: AUTO
-                  route_config:
-                    name: local_route
-                    virtual_hosts:
-                      - name: service
-                        domains: ["*"]
-                        routes:
-                          - match:
-                              prefix: "/ws"
-                            route:
-                              cluster: ws_original_dst
-                          - match:
-                              prefix: "/"
-                            route:
-                              cluster: original_dst
-                              timeout: 180s
-                  http_protocol_options:
-                    accept_http_10: true
-                  http_filters:
-                  - name: envoy.filters.http.ext_authz
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
-                      http_service:
-                        path_prefix: '/api/verify/'
-                        server_uri:
-                          uri: authelia-backend.os-system:9091
-                          cluster: authelia
-                          timeout: 2s
-                        authorization_request:
-                          allowed_headers:
-                            patterns:
-                              - exact: accept
-                              - exact: cookie
-                              - exact: proxy-authorization
-                              - prefix: x-unauth-
-                              - exact: x-authorization
-                              - exact: x-bfl-user
-                              - exact: terminus-nonce
-                          headers_to_add:
-                            - key: X-Forwarded-Method
-                              value: '%REQ(:METHOD)%'
-                            - key: X-Forwarded-Proto
-                              value: '%REQ(:SCHEME)%'
-                            - key: X-Forwarded-Host
-                              value: '%REQ(:AUTHORITY)%'
-                            - key: X-Forwarded-Uri
-                              value: '%REQ(:PATH)%'
-                            - key: X-Forwarded-For
-                              value: '%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%'
-                        authorization_response:
-                          allowed_upstream_headers:
-                            patterns:
-                              - exact: authorization
-                              - exact: proxy-authorization
-                              - prefix: remote-
-                              - prefix: authelia-
-                          allowed_client_headers:
-                            patterns:
-                              - exact: set-cookie
-                          allowed_client_headers_on_success:
-                            patterns:
-                              - exact: set-cookie
-                      failure_mode_allow: false                      
-                  - name: envoy.filters.http.router
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-
-      - name: listener_image
-        address:
-          socket_address:
-            address: 127.0.0.1
-            port_value: 15080
-        filter_chains:
-          - filters:
-              - name: envoy.filters.network.http_connection_manager
-                typed_config:
-                  "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                  stat_prefix: tapr_http
-                  upgrade_configs:
-                  - upgrade_type: websocket                  
-                  skip_xff_append: false
-                  codec_type: AUTO
-                  route_config:
-                    name: local_route
-                    virtual_hosts:
-                      - name: service
-                        domains: ["*"]
-                        routes:
-                          - match:
-                              prefix: "/images/upload"
-                            route:
-                              cluster: images
-                  http_filters:
-                  - name: envoy.filters.http.router
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-        
-        
-      clusters:
-      - name: original_dst
-        connect_timeout: 5000s
-        type: ORIGINAL_DST
-        lb_policy: CLUSTER_PROVIDED
-      - name: ws_original_dst
-        connect_timeout: 5000s
-        type: LOGICAL_DNS
-        dns_lookup_family: V4_ONLY
-        dns_refresh_rate: 600s
-        lb_policy: ROUND_ROBIN
-        load_assignment:
-          cluster_name: ws_original_dst
-          endpoints:
-            - lb_endpoints:
-                - endpoint:
-                    address:
-                      socket_address:
-                        address: localhost
-                        port_value: 40010
-      - name: authelia
-        connect_timeout: 2s
-        type: LOGICAL_DNS
-        dns_lookup_family: V4_ONLY
-        dns_refresh_rate: 600s
-        lb_policy: ROUND_ROBIN
-        load_assignment:
-          cluster_name: authelia
-          endpoints:
-            - lb_endpoints:
-                - endpoint:
-                    address:
-                      socket_address:
-                        address: authelia-backend.os-system
-                        port_value: 9091
-      - name: images
-        connect_timeout: 5s
-        type: LOGICAL_DNS
-        dns_lookup_family: V4_ONLY
-        dns_refresh_rate: 600s
-        lb_policy: ROUND_ROBIN
-        load_assignment:
-          cluster_name: images
-          endpoints:
-            - lb_endpoints:
-                - endpoint:
-                    address:
-                      socket_address:
-                        address: tapr-images-svc.user-system-{{ .Values.bfl.username }}
-                        port_value: 8080
-kind: ConfigMap
-metadata:
-  name: sidecar-ws-configs
-  namespace: {{ .Release.Namespace }}

apps/desktop/config/user/helm-charts/desktop/values.yaml

@@ -1,39 +0,0 @@
-
-bfl:
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  rss:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-  appstore:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""

apps/download/README.md

@@ -1,3 +0,0 @@
-# vault
-
-https://github.com/beclab/analytic

apps/download/config/user/helm-charts/download/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: download
-description: A Helm chart for Kubernetes
-maintainers:
-- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

apps/download/config/user/helm-charts/download/templates/download_deploy.yaml

@@ -1,247 +0,0 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $download_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
-
-{{- $pg_password := "" -}}
-{{ if $download_secret -}}
-{{ $pg_password = (index $download_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: download-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: download-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: download
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: knowledge_{{ .Values.bfl.username }}
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: download-secrets
-    databases:
-    - name: knowledge
-
-
----
-
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: download
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: download
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: download
-  template:
-    metadata:
-      labels:
-        app: download
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-
-      initContainers:
-      - name: init-data
-        image: busybox:1.28
-        securityContext:
-          privileged: true
-          runAsNonRoot: false
-          runAsUser: 0
-        volumeMounts:
-        - name: config-dir
-          mountPath: /config
-        - name: download-dir
-          mountPath: /downloads
-        command:
-        - sh
-        - -c
-        - |
-          chown -R 1000:1000 /config && \
-          chown -R 1000:1000 /downloads
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: knowledge_{{ .Values.bfl.username }}
-          - name: PGPASSWORD
-            value: {{ $pg_password | b64dec }}
-          - name: PGDB
-            value: user_space_{{ .Values.bfl.username }}_knowledge
-      containers:
-      - name: aria2
-        image: "cesign/aria2-pro"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-        ports:
-        - containerPort: 6800
-        - containerPort: 6888
-        env:
-        - name: RPC_SECRET
-          value: kubespider
-        - name: PUID
-          value: "1000"
-        - name: PGID
-          value: "1000"
-        volumeMounts:
-        - name: config-dir
-          mountPath: /config
-        - name: download-dir
-          mountPath: /downloads
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-      - name: yt-dlp
-        image: "beclab/yt-dlp:v0.0.5"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        ports:
-        - containerPort: 3082
-        env:
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        volumeMounts:
-        - name: config-dir
-          mountPath: /app/config
-        - name: download-dir
-          mountPath: /app/downloads
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-
-      - name: download-spider
-        image: "beclab/download-spider:v0.0.5"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        env:
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        
-        ports:
-        - containerPort: 3080
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-
-      volumes:
-      - name: config-dir
-        hostPath: 
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.appData}}/Downloads/config
-      - name: download-dir
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.userData }}/Downloads
-
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: download-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: download
-  ports:
-    - name: "download-spider"
-      protocol: TCP
-      port: 3080
-      targetPort: 3080
-    - name: "aria2-server"
-      protocol: TCP
-      port: 6800
-      targetPort: 6800
-    - name: ytdlp-server
-      protocol: TCP
-      port: 3082
-      targetPort: 3082
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: download-api
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  type: ClusterIP
-  selector:
-    app: systemserver
-  ports:
-    - protocol: TCP
-      name: download-api
-      port: 3080
-      targetPort: 3080  
-
-