fix(desktop): improve data refresh logic by socket after network reconnection

yt-dlp

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,23 +1,17 @@
-* **Please check if the PR fulfills these requirements**
-- [ ] The commit message follows our guidelines
-- [ ] Tests for the changes have been added (for bug fixes / features)
-- [ ] Docs have been added / updated (for bug fixes / features)
+Title: <subsystem>:  <what changed>
+<!-- If the changes affect two subsystems, use a comma (and a whitespace) to separate them like util/codec, util/types:. -->
 
+* **Background**
+<!-- Provide background information about the changes here -->
 
-* **What kind of change does this PR introduce?** (Bug fix, feature, docs update, ...)
+* **Target Version for Merge**
+<!-- Specify the version to which these changes need to be merged -->
 
+* ***Related Issues**
+<!-- Reference any related issues here, if applicable -->
 
-
-* **What is the current behavior?** (You can also link to an open issue here)
-
-
-
-* **What is the new behavior (if this is a feature change)?**
-
-
-
-* **Does this PR introduce a breaking change?** (What changes might users need to make in their application due to this PR?)
-
+* **PRs Involving Sub-Systems** 
+<!-- List any PRs involving sub-systems, if applicable -->
 
 
 * **Other information**:

.github/workflows/build-redis-231.yaml

@@ -0,0 +1,20 @@
+name: Build and Upload Redis
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push:
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash scripts/build-redis.sh linux/amd64 glibc-231

.github/workflows/build-redis.yaml

@@ -0,0 +1,43 @@
+name: Build and Upload Redis
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash scripts/build-redis.sh linux/amd64
+
+  push-arm64:
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: Clean
+        run: |
+          sudo rm -rf redis*
+          
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      - name: Install tools
+        run: |
+          sudo apt install -y make gcc
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          sudo -E sh -c "bash scripts/build-redis.sh linux/arm64 && rm -rf redis*"

.github/workflows/build-ubuntu2204.yaml

@@ -0,0 +1,20 @@
+name: Build and Upload WSL Ubuntu2204
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash scripts/build-ubuntu2204.sh

.github/workflows/check.yaml

@@ -13,13 +13,6 @@ jobs:
   lint-test:
     runs-on: ubuntu-latest
     steps:
-      - name: PR Conventional Commit Validation
-        uses:  ytanikin/PRConventionalCommits@1.1.0
-        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
-        with:
-          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
-          add_label: 'true'
-                
       - name: Checkout
         uses: actions/checkout@v3
         with:
@@ -64,8 +57,92 @@ jobs:
       #   if: steps.list-changed.outputs.changed == 'true'
       #   run: ct install --chart-dirs wizard/charts,wizard/config --target-branch ${{ github.event.repository.default_branch }}
 
+  push-image:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
+
+  push-image-arm64:
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: 'Checkout source code'
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+
+      - env: 
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: 'us-east-1'
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64
+
+
+  push-deps:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
+
+  push-deps-arm64:
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+      - name: Install coscmd
+        run: pip install coscmd        
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash scripts/deps-manifest.sh linux/arm64 && bash scripts/upload-deps.sh linux/arm64
+
+
+
   install-test:
-    needs: lint-test
+    needs: [lint-test, push-image, push-image-arm64, push-deps, push-deps-arm64]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -78,7 +155,7 @@ jobs:
       - name: 'Test tag version'
         id: vars
         run: |
-          v=1.8.0-$(echo $RANDOM)
+          v=1.11.0-$(echo $RANDOM)
           echo "tag_version=$v" >> $GITHUB_OUTPUT
 
       - name: Package installer
@@ -91,6 +168,8 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
+          md5sum install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz > install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt && \
+          aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt --acl=public-read && \
           aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz --acl=public-read
       
 

.github/workflows/push-deps-to-s3.yml

@@ -3,21 +3,67 @@ name: Push deps to S3
 on:
   workflow_dispatch:
 
-
 jobs:
   push:
     runs-on: ubuntu-latest
 
     steps:
-    - name: 'Checkout source code'
-      uses: actions/checkout@v3
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
 
-    # test
-    - env:
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_DEFAULT_REGION: 'us-east-1'
-      run: |
-        bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
+      - name: Install coscmd
+        run: pip install coscmd        
 
+      - name: Configure coscmd
+        env:
+          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
+          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
+          COS_BUCKET: ${{ secrets.COS_BUCKET }}
+          COS_REGION: ${{ secrets.COS_REGION }}
+          END_POINT: ${{ secrets.END_POINT }}
+        run: |
+          coscmd config -a $TENCENT_SECRET_ID \
+                        -s $TENCENT_SECRET_KEY \
+                        -b $COS_BUCKET \
+                        -r $COS_REGION 
 
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
+
+  push-arm64:
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      - name: Install coscmd
+        run: pip install coscmd        
+
+      - name: Configure coscmd
+        env:
+          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
+          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
+          COS_BUCKET: ${{ secrets.COS_BUCKET }}
+          COS_REGION: ${{ secrets.COS_REGION }}
+          END_POINT: ${{ secrets.END_POINT }}
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
+                        -s $TENCENT_SECRET_KEY \
+                        -b $COS_BUCKET \
+                        -r $COS_REGION 
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash scripts/deps-manifest.sh linux/arm64 && bash scripts/upload-deps.sh linux/arm64

.github/workflows/push-gpudeps-to-s3.yml

@@ -1,23 +0,0 @@
-name: Push gpu-deps to S3
-
-on:
-  workflow_dispatch:
-    inputs:
-      environment:
-        description: 'Set OS: ubuntu-20.04, ubuntu-22.04'
-        required: true
-
-
-jobs:
-  push:
-    runs-on: ${{ github.event.inputs.environment }}
-    steps:
-    - name: 'Checkout source code'
-      uses: actions/checkout@v3
-
-    - env:
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_DEFAULT_REGION: 'us-east-1'
-      run: |
-        bash scripts/upload-gpu-deps.sh

.github/workflows/push-to-s3.yaml

@@ -11,6 +11,22 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
+      - name: Install coscmd
+        run: pip install coscmd        
+
+      - name: Configure coscmd
+        env:
+          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
+          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
+          COS_BUCKET: ${{ secrets.COS_BUCKET }}
+          COS_REGION: ${{ secrets.COS_REGION }}
+          END_POINT: ${{ secrets.END_POINT }}
+        run: |
+          coscmd config -a $TENCENT_SECRET_ID \
+                        -s $TENCENT_SECRET_KEY \
+                        -b $COS_BUCKET \
+                        -r $COS_REGION 
+
       # test
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -20,15 +36,33 @@ jobs:
           bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
 
   push-arm64:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux, ARM64]
 
     steps:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
+      - name: Install coscmd
+        run: pip install coscmd        
+
+      - name: Configure coscmd
+        env:
+          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
+          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
+          COS_BUCKET: ${{ secrets.COS_BUCKET }}
+          COS_REGION: ${{ secrets.COS_REGION }}
+          END_POINT: ${{ secrets.END_POINT }}
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
+                        -s $TENCENT_SECRET_KEY \
+                        -b $COS_BUCKET \
+                        -r $COS_REGION 
+
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
         run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64

.github/workflows/release-daily.yaml

@@ -9,7 +9,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  push:
+  push-images:
     runs-on: ubuntu-latest
 
     steps:
@@ -23,8 +23,8 @@ jobs:
         run: |
           bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
 
-  push-arm64:
-    runs-on: self-hosted
+  push-images-arm64:
+    runs-on: [self-hosted, linux, ARM64]
 
     steps:
       - name: 'Checkout source code'
@@ -35,29 +35,51 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64
 
-  upload-full:
-    needs: [push, push-arm64]
+  push-deps:
     runs-on: ubuntu-latest
 
     steps:
-      # - name: Maximize build space
-      #   uses: easimon/maximize-build-space@master
-      #   with:
-      #     root-reserve-mb: 21200
-      #     swap-size-mb: 1024
-      #     remove-dotnet: 'true'
-      #     remove-android: 'true'
-      #     remove-haskell: 'true'
-      #     remove-codeql: 'true'
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
 
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
+
+  push-deps-arm64:
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash scripts/deps-manifest.sh linux/arm64 && bash scripts/upload-deps.sh linux/arm64
+
+
+  upload-package:
+    needs: [push-images, push-images-arm64, push-deps, push-deps-arm64]
+    runs-on: ubuntu-latest
+
+    steps:
       - name: 'Daily tag version'
         id: vars
         run: |
-          v=1.8.0-$(date +"%Y%m%d")
+          v=1.11.0-$(date +"%Y%m%d")
           echo "tag_version=$v" >> $GITHUB_OUTPUT
-          echo "latest_version=1.6.0-alpha" >> $GITHUB_OUTPUT
 
       - name: 'Checkout source code'
         uses: actions/checkout@v3
@@ -72,47 +94,13 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
+          md5sum install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz > install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt && \
+          aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt --acl=public-read && \
           aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz --acl=public-read
 
-  upload-full-arm64:
-    needs: [push, push-arm64]
-    runs-on: self-hosted
-
-    steps:
-      # - name: Maximize build space
-      #   uses: easimon/maximize-build-space@master
-      #   with:
-      #     root-reserve-mb: 21200
-      #     swap-size-mb: 1024
-      #     remove-dotnet: 'true'
-      #     remove-android: 'true'
-      #     remove-haskell: 'true'
-      #     remove-codeql: 'true'
-
-      - name: 'Daily tag version'
-        id: vars
-        run: |
-          v=1.8.0-$(date +"%Y%m%d")
-          echo "tag_version=$v" >> $GITHUB_OUTPUT
-          echo "latest_version=1.7.0-rc.0" >> $GITHUB_OUTPUT
-
-      - name: 'Checkout source code'
-        uses: actions/checkout@v3
-
-      - name: Package installer
-        run: |
-          bash scripts/build.sh ${{ steps.vars.outputs.tag_version }} linux/arm64
-
-      - name: Upload to S3
-        env: 
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: 'us-east-1'
-        run: |
-          aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}-arm64.tar.gz --acl=public-read
-
+          
   release:
-    needs: [upload-full, upload-full-arm64]
+    needs: [upload-package]
     runs-on: ubuntu-latest
 
     steps:
@@ -122,40 +110,26 @@ jobs:
       - name: 'Daily tag version'
         id: vars
         run: |
-          v=1.8.0-$(date +"%Y%m%d")
+          v=1.11.0-$(date +"%Y%m%d")
           echo "tag_version=$v" >> $GITHUB_OUTPUT
-          echo "latest_version=1.7.0-rc.0" >> $GITHUB_OUTPUT
-      
-      - name: Package installer
-        run: |
-          bash scripts/package.sh
+          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${v}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
 
-      - name: Update version
-        uses: eball/write-tag-to-version-file@latest
-        with:
-          filename: 'build/installer/wizard/config/settings/templates/terminus_cr.yaml'
-          placeholder: '#__VERSION__'
-          tag: ${{ steps.vars.outputs.tag_version }}
-
-      - name: Update release version
+      - name: Update checksum
         uses: eball/write-tag-to-version-file@latest
         with:
           filename: 'build/installer/install.sh'
-          placeholder: '#__VERSION__'
-          tag: ${{ steps.vars.outputs.tag_version }}
-
-      - name: Update latest installer
-        uses: eball/write-tag-to-version-file@latest
-        with:
-          filename: 'build/installer/publicInstaller.latest'
-          placeholder: '#{{LATEST_VERSION}}'
-          tag: ${{ steps.vars.outputs.latest_version }}
+          placeholder: '#__MD5SUM__'
+          tag: ${{ steps.vars.outputs.version_md5sum }}
+      
+      - name: Package installer
+        run: |
+          bash scripts/build.sh ${{ steps.vars.outputs.tag_version }}
 
       - name: 'Archives'
-        working-directory: ./build/installer
         run: |
-          mkdir -p /tmp/build
-          tar --exclude=wizard/tools --exclude=.git -zcvf /tmp/build/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz .
+          cp .dist/install-wizard/install.sh build/installer
+          cp build/installer/install.sh build/installer/publicInstaller.sh
+          cp .dist/install-wizard/install.ps1 build/installer
 
       - name: Release public files
         uses: softprops/action-gh-release@v1
@@ -163,11 +137,11 @@ jobs:
           name: v${{ steps.vars.outputs.tag_version }} Release
           tag_name: ${{ steps.vars.outputs.tag_version }}
           files: |
-            /tmp/build/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz
+            install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz
             build/installer/publicInstaller.sh
-            build/installer/publicInstaller.latest
-            build/installer/uninstall_cmd.sh
             build/installer/install.sh
+            build/installer/install.ps1
+            build/installer/joincluster.sh
             build/installer/publicAddnode.sh
             build/installer/version.hint
             build/installer/publicRestoreInstaller.sh

.github/workflows/release.yaml

@@ -26,7 +26,7 @@ jobs:
           bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
 
   push-arm64:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux, ARM64]
 
     steps:
       - name: 'Checkout source code'
@@ -39,23 +39,14 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64
 
-  upload-full:
+  upload-package:
     needs: [push, push-arm64]
     runs-on: ubuntu-latest
 
     steps:
-      # - name: Maximize build space
-      #   uses: easimon/maximize-build-space@master
-      #   with:
-      #     root-reserve-mb: 21200
-      #     swap-size-mb: 1024
-      #     remove-dotnet: 'true'
-      #     remove-android: 'true'
-      #     remove-haskell: 'true'
-      #     remove-codeql: 'true'
-
       - name: 'Checkout source code'
         uses: actions/checkout@v3
         with:
@@ -71,43 +62,13 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
+          md5sum install-wizard-v${{ github.event.inputs.tags }}.tar.gz > install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt && \
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt --acl=public-read && \
           aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
 
-  upload-full-arm64:
-    needs: [push, push-arm64]
-    runs-on: self-hosted
-
-    steps:
-      # - name: Maximize build space
-      #   uses: easimon/maximize-build-space@master
-      #   with:
-      #     root-reserve-mb: 21200
-      #     swap-size-mb: 1024
-      #     remove-dotnet: 'true'
-      #     remove-android: 'true'
-      #     remove-haskell: 'true'
-      #     remove-codeql: 'true'
-
-      - name: 'Checkout source code'
-        uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.inputs.tags }}
-
-      - name: Package installer
-        run: |
-          bash scripts/build.sh ${{ github.event.inputs.tags }} linux/arm64
-
-      - name: Upload to S3
-        env: 
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: 'us-east-1'
-        run: |
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-${{ github.event.inputs.tags }}-arm64.tar.gz --acl=public-read
-
   release:
     runs-on: ubuntu-latest
-    needs: [upload-full, upload-full-arm64]
+    needs: [upload-package]
 
     steps:
       - name: 'Checkout source code'
@@ -115,34 +76,34 @@ jobs:
         with:
           ref: ${{ github.event.inputs.tags }}
 
-      - name: Package installer
-        run: |
-          bash scripts/package.sh
-
-      - name: Update version
-        uses: eball/write-tag-to-version-file@latest
-        with:
-          filename: 'build/installer/wizard/config/settings/templates/terminus_cr.yaml'
-          placeholder: '#__VERSION__'
-          tag: ${{ github.event.inputs.tags }}
-      
       - name: Update env
         working-directory: ./build/installer
         run: |
           echo 'DEBUG_VERSION="false"' > .env
 
-      - name: Update latest installer
+      - name: Get checksum
+        id: vars
+        run: |
+          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
+
+      - name: Update checksum
         uses: eball/write-tag-to-version-file@latest
         with:
-          filename: 'build/installer/publicInstaller.latest'
-          placeholder: '#{{LATEST_VERSION}}'
-          tag: ${{ github.event.inputs.tags }}
+          filename: 'build/installer/install.sh'
+          placeholder: '#__MD5SUM__'
+          tag: ${{ steps.vars.outputs.version_md5sum }}
 
-      - name: 'Archives'
-        working-directory: ./build/installer
+      - name: Package installer
         run: |
-          mkdir -p /tmp/build
-          tar --exclude=wizard/tools --exclude=.git -zcvf /tmp/build/install-wizard-v${{ github.event.inputs.tags }}.tar.gz .
+          bash scripts/build.sh ${{ github.event.inputs.tags }}
+          
+      - name: 'Archives'
+        run: |
+          cp .dist/install-wizard/install.sh build/installer
+          cp build/installer/install.sh build/installer/publicInstaller.sh
+          cp build/installer/install.sh build/installer/publicInstaller.latest
+          cp .dist/install-wizard/install.ps1 build/installer
+          cp build/installer/install.ps1 build/installer/publicInstaller.latest.ps1
 
       - name: Release public files
         uses: softprops/action-gh-release@v1
@@ -150,13 +111,16 @@ jobs:
           name: v${{ github.event.inputs.tags }} Release
           tag_name: ${{ github.event.inputs.tags }}
           files: |
-            /tmp/build/install-wizard-v${{ github.event.inputs.tags }}.tar.gz
+            install-wizard-v${{ github.event.inputs.tags }}.tar.gz
             build/installer/publicInstaller.sh
             build/installer/publicInstaller.latest
-            build/installer/uninstall_cmd.sh
+            build/installer/install.sh
+            build/installer/publicInstaller.latest.ps1
+            build/installer/install.ps1
             build/installer/publicAddnode.sh
+            build/installer/joincluster.sh
             build/installer/version.hint
             build/installer/publicRestoreInstaller.sh
-          # prerelease: true
+          prerelease: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/upload-full.yaml

@@ -1,71 +0,0 @@
-
-
-name: Upload Full Package
-
-on:
-  workflow_dispatch:
-    inputs:
-      tags:
-        description: 'Release Tags'
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Maximize build space
-        uses: easimon/maximize-build-space@master
-        with:
-          root-reserve-mb: 21200
-          swap-size-mb: 1024
-          remove-dotnet: 'true'
-          remove-android: 'true'
-          remove-haskell: 'true'
-          remove-codeql: 'true'
-      - name: 'Checkout source code'
-        uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.inputs.tags }}
-
-      - name: Package installer
-        run: |
-          bash scripts/build-full.sh ${{ github.event.inputs.tags }}
-
-      - name: Upload to S3
-        env: 
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: 'us-east-1'
-        run: |
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
-  
-  release-arm64:
-    runs-on: self-hosted
-
-    steps:
-      # - name: Maximize build space
-      #   uses: easimon/maximize-build-space@master
-      #   with:
-      #     root-reserve-mb: 21200
-      #     swap-size-mb: 1024
-      #     remove-dotnet: 'true'
-      #     remove-android: 'true'
-      #     remove-haskell: 'true'
-      #     remove-codeql: 'true'
-      - name: 'Checkout source code'
-        uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.inputs.tags }}
-
-      - name: Package installer
-        run: |
-          bash scripts/build-full.sh ${{ github.event.inputs.tags }} linux/arm64
-
-      - name: Upload to S3
-        env: 
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: 'us-east-1'
-        run: |
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}-arm64.tar.gz --acl=public-read
-  

.gitignore

@@ -24,5 +24,6 @@ go.work
 .dist
 .manifest
 install-wizard-*.tar.gz
+olares-cli-*.tar.gz
 !ks-console-*.tgz
 .vscode

LICENSE.md

@@ -1,4 +1,4 @@
-# Terminus License 
+# Olares License 
 
 ## Acceptance
 

README.md

@@ -1,28 +1,37 @@
 <div align="center">
 
-# Terminus - Your Self-Hosted Home Cloud, Powered by Kubernetes <!-- omit in toc -->
+# Olares - Your Sovereign Cloud, an Open-Source Self-Hosted Alternative to Public Clouds <!-- omit in toc -->
 
-[![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br />
-[![Last Commit](https://img.shields.io/github/last-commit/beclab/terminus)](https://github.com/beclab/terminus/commits/main)
-![Build Status](https://github.com/beclab/terminus/actions/workflows/release-daily.yaml/badge.svg)
-[![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/terminus)](https://github.com/beclab/terminus/releases)
-[![GitHub Repo stars](https://img.shields.io/github/stars/beclab/terminus?style=social)](https://github.com/beclab/terminus/stargazers)
+[![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br/>
+[![Last Commit](https://img.shields.io/github/last-commit/beclab/olares)](https://github.com/beclab/olares/commits/main)
+![Build Status](https://github.com/beclab/olares/actions/workflows/release-daily.yaml/badge.svg)
+[![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/olares)](https://github.com/beclab/olares/releases)
+[![GitHub Repo stars](https://img.shields.io/github/stars/beclab/olares?style=social)](https://github.com/beclab/olares/stargazers)
 [![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.com/invite/BzfqrgQPDK)
-[![License](https://img.shields.io/badge/License-Terminus-darkblue)](https://github.com/beclab/terminus/blob/main/LICENSE.md)
+[![License](https://img.shields.io/badge/License-Olares-darkblue)](https://github.com/beclab/olares/blob/main/LICENSE.md)
+
+<p>
+  <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
+  <a href="./README_CN.md"><img alt="Readme in Chinese" src="https://img.shields.io/badge/简体中文-FFFFFF"></a>
+</p>
 
 </div>
 
-![cover](https://file.bttcdn.com/github/terminus/desktop-dark.jpeg)
+https://github.com/user-attachments/assets/5ea2fe30-7bd2-49ed-be26-e12f1d5d8cb1
+
+*Build your local AI assistants, sync data across places, self-host your workspace, stream your own media, and more—all in your sovereign cloud made possible by Olares.*
 
-*Build your local AI assistants, sync data across places, self-hosted your workspace, stream your own media, and more——all in a true home cloud made possible by Terminus.*
 <p align="center">
-  <a href="https://www.jointerminus.com">Website</a> ·
-  <a href="https://docs.jointerminus.com">Documentation</a> ·
-  <a href="https://docs.jointerminus.com/how-to/termipass/overview.html#download">Download TermiPass</a> ·
-  <a href="https://github.com/beclab/apps">Terminus Apps</a> ·
-  <a href="https://space.jointerminus.com">Terminus Space</a>
+  <a href="https://olares.xyz">Website</a> ·
+  <a href="https://docs.olares.xyz">Documentation</a> ·
+  <a href="https://olares.xyz/larepass">Download LarePass</a> ·
+  <a href="https://github.com/beclab/apps">Olares Apps</a> ·
+  <a href="https://space.olares.xyz">Olares Space</a>
 </p>
 
+> [!IMPORTANT]  
+> We just finished our rebranding from Terminus to Olares recently. For more information, refer to our [rebranding blog](https://olares.medium.com/terminus-is-now-olares-2c3bf782f9d1). 
+
 ## Table of Contents <!-- omit in toc -->
 - [Introduction](#introduction)
 - [Motivation and design](#motivation-and-design)
@@ -31,28 +40,28 @@
 - [Feature comparison](#feature-comparison)
 - [Getting started](#getting-started)
 - [Project navigation](#project-navigation)
-- [Contributing to Terminus](#contributing-to-terminus)
+- [Contributing to Olares](#contributing-to-olares)
 - [Community \& contact](#community--contact)
 - [Staying ahead](#staying-ahead)
 - [Special thanks](#special-thanks)
   
 ## Introduction
 
-Transform your edge device into a true home cloud with Terminus - a free, self-hosted operating system built on Kubernetes. Terminus brings cloud-level capabilities to your home, without compromising on privacy or ease of use. By securely storing your data and accessing your self-hosted services from anywhere via Terminus, you gain complete control over your digital life.
+Olares is the sovereign cloud that puts you in control. It's an open-source, self-hosted alternative to public clouds like AWS, built to reclaim your data ownership and privacy. By combining the power of Kubernetes with a streamlined interface, Olares enables you to take full control of your data and computing resources. Whether you're managing a homelab, hosting applications, or safeguarding your privacy, Olares delivers the flexibility and capabilities of public clouds, without compromising privacy or security.
 
-Typical use cases of Terminus include:
+Typical use cases of Olares include:
 
 🤖 **Local AI**: Host and run world-class open-source AI models locally, including large language models, image generation, and speech recognition. Create custom AI assistants that integrate seamlessly with your personal data and applications, all while ensuring enhanced privacy and control. <br>
 
 💻**Personal data repository**: Securely store, sync, and manage your photos, documents, and important files in a unified storage and access anywhere. <br>
 
-🛠️ **Self-hosted workspace**: Create a free, powerful workspace for your team or family with open source selfhosted alternatives. <br>
+🛠️ **Self-hosted workspace**: Create a free, powerful workspace for your team or family with open source self-hosted alternatives. <br>
 
 🎥 **Private media server**: Host your own streaming services with your personal media collections. <br>
 
 🏡 **Smart Home Hub**: Create a central control point for your IoT devices and home automation. <br>
 
-🤝 **User-owned decentralized social media**: Easily install decentralized social media apps such as Mastodon, Ghost, and WordPress on Terminus, allowing you to build a personal brand without the risk of being banned or paying platform commissions.<br>
+🤝 **User-owned decentralized social media**: Easily install decentralized social media apps such as Mastodon, Ghost, and WordPress on Olares, allowing you to build a personal brand without the risk of being banned or paying platform commissions.<br>
 
 📚 **Learning platform**: Explore self-hosting, container orchestration, and cloud technologies hands-on.
 
@@ -60,48 +69,34 @@ Typical use cases of Terminus include:
 
 We believe the current state of the internet, where user data is centralized and exploited by monopolistic corporations, is deeply flawed. Our goal is to empower individuals with true data ownership and control.
 
-Terminus provides a next-generation decentralized Internet framework consisting of the following three integral components:  
+Olares provides a next-generation decentralized Internet framework consisting of the following three integral components:  
 
 - **Snowinning Protocol**: A decentralized identity and reputation system that integrates decentralized identifiers (DIDs), verifiable credentials (VCs), and reputation data. 
-- **Terminus OS**: An one-stop self-hosted operating system running on edge devices, allowing users to host their own data and applications.  
-- **TermiPass**: A comprehensive client software that securely bridges users to their Terminus systems. It offers remote access, identity and device management, data storage, and productivity tools, providing a seamless interface for all Terminus interactions. Learn more in [documentation](https://docs.jointerminus.com/how-to/termipass/overview.html).
+- **Olares OS**: An one-stop self-hosted operating system running on edge devices, allowing users to host their own data and applications.  
+- **LarePass**: A comprehensive client software that securely bridges users to their Olares systems. It offers remote access, identity and device management, data storage, and productivity tools, providing a seamless interface for all Olares interactions.  
 
 ## Tech stacks
 
-  ![Tech Stacks](https://file.bttcdn.com/github/terminus/v2/tech-stack.jpeg)
+ Public clouds have IaaS, PaaS, and SaaS layers. Olares provides open-source alternatives to these layers.
+
+  ![Tech Stacks](https://file.bttcdn.com/github/terminus/v2/tech-stack-olares.jpeg)
 
 ## Features
 
-Terminus offers a wide array of features designed to enhance security, ease of use, and development flexibility:
+Olares offers a wide array of features designed to enhance security, ease of use, and development flexibility:
 
 - **Enterprise-grade security**: Simplified network configuration using Tailscale, Headscale, Cloudflare Tunnel, and FRP.
 - **Secure and permissionless application ecosystem**: Sandboxing ensures application isolation and security.
 - **Unified file system and database**: Automated scaling, backups, and high availability.
-- **Single sign-on**: Log in once to access all applications within Terminus with a shared authentication service.
+- **Single sign-on**: Log in once to access all applications within Olares with a shared authentication service.
 - **AI capabilities**: Comprehensive solution for GPU management, local AI model hosting, and private knowledge bases while maintaining data privacy.
 - **Built-in applications**: Includes file manager, sync drive, vault, reader, app market, settings, and dashboard.
 - **Seamless anywhere access**: Access your devices from anywhere using dedicated clients for mobile, desktop, and browsers.
 - **Development tools**: Comprehensive development tools for effortless application development and porting.
 
-Here are some screenshots from the UI for a sneak peek:
+## Feature comparison
 
-| Desktop–AI-Powered Personal Desktop     |  **Files**–A Secure Home to Your Data
-| :--------: | :-------: |
-| ![Desktop](https://file.bttcdn.com/github/terminus/v2/desktop.jpg) | ![Files](https://file.bttcdn.com/github/terminus/v2/files.jpg) |
-| **Vault–1Password alternative**|**Market–App ecosystem in your control** |
-| ![vault](https://file.bttcdn.com/github/terminus/v2/vault.jpg) | ![market](https://file.bttcdn.com/github/terminus/v2/market.jpg) |
-|**Wise–Your digital secret garden** | **Settings–Managing Terminus efficiently** |
-| ![settings](https://file.bttcdn.com/github/terminus/v2/wise.jpg) | ![](https://file.bttcdn.com/github/terminus/v2/settings.jpg) |
-|**Dashboard–constant Terminus monitoring**  | **Profile–Your homepage on decentralized network** |
-| ![dashboard](https://file.bttcdn.com/github/terminus/v2/dashboard.jpg) | ![profile](https://file.bttcdn.com/github/terminus/v2/profile.jpg) |
-| **Devbox–Developing, debugging, and deploying**|**Controlhub–Managing Kubernetes clusters easily**  |
-| ![Devbox](https://file.bttcdn.com/github/terminus/v2/devbox.jpg) | ![Controlhub](https://file.bttcdn.com/github/terminus/v2/controlhub.jpg)|
-
-</div>
-
-## Feature comparison 
-
-To help you understand how Terminus stands out in the landscape, we've created a comparison table that highlights its features alongside those of other leading solutions in the market.
+To help you understand how Olares stands out in the landscape, we've created a comparison table that highlights its features alongside those of other leading solutions in the market.
 
 **Legend:** 
 
@@ -110,84 +105,91 @@ To help you understand how Terminus stands out in the landscape, we've created a
 - 🛠️: **Manual Configuration**, indicates that even users with an engineering background need to refer to tutorials to complete the setup.
 - ❌:  **No**, indicates that the feature is not supported.
 
-|     | Terminus | Synology | TrueNAS | CasaOS | Proxmox | Unraid |
-| --- | --- | --- | --- | --- | --- | --- |
-| Source Code License | Terminus License | Closed | GPL 3.0 | Apache 2.0 | MIT | Closed |
-| Built On | Kubernetes | Linux | Kubernetes | Docker | LXC/VM | Docker |
-| Multi-Node | ✅   | ❌   | ✅   | ❌   | 🛠️ | ❌   | ❌   |
-| Build-in Apps | ✅ (Rich desktop apps) | ✅ (Rich desktop apps) | ❌ (CLI) | ✅ (Simple desktop apps) | ✅ (Dashboard)| ✅ (Dashboard) |
-| Free Domain Name | ✅   | ✅   | ❌   | ❌   | ❌   | ❌   |
-| Auto SSL Certificate | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Reverse Proxy | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| VPN Management | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Graded App Entrance | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Multi-User Management | ✅ User management <br>🚀 Resource isolation | ✅ User management<br>🛠️ Resource isolation | ✅ User management<br>🛠️ Resource isolation | ❌   | ✅ User management  <br>🛠️ Resource isolation | ✅ User management  <br>🛠️ Resource isolation |
-| Single Login for All Apps | 🚀  | ❌   | ❌   | ❌   | ❌   |  ❌   |
-| Cross-Node Storage | 🚀 (Juicefs+<br>MinIO) | ❌   | ❌   | ❌   | ❌   | ❌   |
-| Database Solution | 🚀 (Built-in cloud-native solution) | 🛠️ | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Disaster Recovery | 🚀 (MinIO's [**Erasure Coding**](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html)**)** | ✅ RAID | ✅ RAID | ✅ RAID | ❌   | ✅ Unraid Storage |
-| Backup | ✅ App Data  <br>✅ User Data | ✅ User Data | ✅ User Data | ✅ User Data | ✅ User Data | ✅ User Data |
-| App Sandboxing | ✅   | ❌   | ❌ (K8S's namespace) | ❌   | ❌  | ❌   |
-| App Ecosystem | ✅ (Official + third-party) | ✅ (Majorly official apps) | ✅ (Official + third-party submissions) | ✅ Majorly official apps | ❌  | ✅ (Community app market) |
-| Developer Friendly | ✅ IDE  <br>✅ CLI  <br>✅ SDK  <br>✅ Doc | ✅ CLI  <br>✅ SDK  <br>✅ Doc | ✅ CLI  <br>✅ Doc | ✅ CLI  <br>✅ Doc | ✅ SDK  <br>✅ Doc | ✅ Doc |
-| Local LLM Hosting | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Local LLM app development | 🚀 (Dify integrated) | 🛠️ | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Client Platforms | ✅ Android  <br>✅ iOS  <br>✅ Windows  <br>✅ Mac  <br>✅ Chrome Plugin | ✅ Android  <br>✅ iOS | ❌   | ❌   | ❌  | ❌   |
-| Client Functionality | ✅ (All-in-one client app) | ✅ (14 separate client apps) | ❌   | ❌   | ❌   |  ❌   |
+| | Olares | Synology | TrueNAS | CasaOS | Unraid |
+| --- | --- | --- | --- | --- | --- |
+| Source Code License | Olares License | Closed | GPL 3.0 | Apache 2.0 | Closed |
+| Built On | Kubernetes | Linux | Kubernetes | Docker | Docker |
+| Multi-Node | ✅   | ❌   | ✅   | ❌   | ❌   |
+| Build-in Apps | ✅ (Rich desktop apps) | ✅ (Rich desktop apps) | ❌ (CLI) | ✅ (Simple desktop apps) | ✅ (Dashboard) |
+| Free Domain Name | ✅   | ✅   | ❌   | ❌   | ❌   |
+| Auto SSL Certificate | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ |
+| Reverse Proxy | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ |
+| VPN Management | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
+| Graded App Entrance | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
+| Multi-User Management | ✅ User management <br>🚀 Resource isolation | ✅ User management<br>🛠️ Resource isolation | ✅ User management<br>🛠️ Resource isolation | ❌   | ✅ User management  <br>🛠️ Resource isolation |
+| Single Login for All Apps | 🚀  | ❌   | ❌   | ❌   |  ❌   |
+| Cross-Node Storage | 🚀 (Juicefs+<br>MinIO) | ❌   | ❌   | ❌   | ❌   |
+| Database Solution | 🚀 (Built-in cloud-native solution) | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
+| Disaster Recovery | 🚀 (MinIO's [**Erasure Coding**](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html)**)** | ✅ RAID | ✅ RAID | ✅ RAID | ✅ Unraid Storage |
+| Backup | ✅ App Data  <br>✅ User Data | ✅ User Data | ✅ User Data | ✅ User Data | ✅ User Data |
+| App Sandboxing | ✅   | ❌   | ❌ (K8S's namespace) | ❌   | ❌   |
+| App Ecosystem | ✅ (Official + third-party) | ✅ (Majorly official apps) | ✅ (Official + third-party submissions) | ✅ Majorly official apps | ✅ (Community app market) |
+| Developer Friendly | ✅ IDE  <br>✅ CLI  <br>✅ SDK  <br>✅ Doc | ✅ CLI  <br>✅ SDK  <br>✅ Doc | ✅ CLI  <br>✅ Doc | ✅ CLI  <br>✅ Doc | ✅ Doc |
+| Local LLM Hosting | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
+| Local LLM app development | 🚀 | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
+| Client Platforms | ✅ Android  <br>✅ iOS  <br>✅ Windows  <br>✅ Mac  <br>✅ Chrome Plugin | ✅ Android  <br>✅ iOS | ❌   | ❌   | ❌   |
+| Client Functionality | ✅ (All-in-one client app) | ✅ (14 separate client apps) | ❌   | ❌   |  ❌   |
 
 ## Getting started
 
-- [Getting Started on Linux](https://docs.jointerminus.com/overview/introduction/getting-started/linux.html)
-- [Getting Started on Raspberry Pi](https://docs.jointerminus.com/overview/introduction/getting-started/raspberry.html)
-- [Getting Started on macOS](https://docs.jointerminus.com/overview/introduction/getting-started/mac.html)
-- [Getting Started on Windows](https://docs.jointerminus.com/overview/introduction/getting-started/windows.html)
+### System compatibility
+Olares is available for Linux, Raspberry Pi, Mac, and Windows. It has been tested and verified on the following systems:
+
+| Platform            | Operating system                     | Notes                                                 |
+|---------------------|--------------------------------------|-------------------------------------------------------|
+| Linux               | Ubuntu 24.04 <br/> Debian 12.8       |                                                       |
+| Raspberry Pi        | RaspbianOS                           | Verified on Raspberry Pi 4 Model B and Raspberry Pi 5 |
+| Windows             | Windows 11 23H2 <br/>Windows 10 22H2 |                                                       |
+| Mac (Apple silicon) | macOS Ventura 13.3.1               |                                                       |
+| Proxmox VE (PVE)    | Proxmox Virtual Environment 8.0      |                                                       |
+
+> **Note**
+> 
+> If you successfully install Olares on an operating system that is not listed in the compatibility table, please let us know! You can [open an issue](https://github.com/beclab/Olares/issues/new) or submit a pull request on our GitHub repository.
+
+### Set up Olares
+To get started with Olares on your own device, follow the [Getting Started Guide](https://docs.olares.xyz/manual/get-started/) for step-by-step instructions.
 
 ## Project navigation
 
-Terminus consists of numerous code repositories publicly available on GitHub. The current repository is responsible for the final compilation, packaging, installation, and upgrade of the operating system, while specific changes mostly take place in their corresponding repositories.
+Olares consists of numerous code repositories publicly available on GitHub. The current repository is responsible for the final compilation, packaging, installation, and upgrade of the operating system, while specific changes mostly take place in their corresponding repositories.
 
-The following table lists the project directories under Terminus and their corresponding repositories. Find the one that interests you:
+The following table lists the project directories under Olares and their corresponding repositories. Find the one that interests you:
 
 <details>
 <summary><b>Framework components</b></summary>
-
+  
 | Directory | Repository | Description |
 | --- | --- | --- |
-| [frameworks/app-service](https://github.com/beclab/terminus/tree/main/frameworks/app-service) | <https://github.com/beclab/app-service> | A system framework component that provides lifecycle management and various security controls for all apps in the system. |
-| [frameworks/backup-server](https://github.com/beclab/terminus/tree/main/frameworks/backup-server) | <https://github.com/beclab/backup-server> | A system framework component that provides scheduled full or incremental cluster backup services. |
-| [frameworks/bfl](https://github.com/beclab/terminus/tree/main/frameworks/bfl) | <https://github.com/beclab/bfl> | Backend For Launcher (BFL), a system framework component serving as the user access point and aggregating and proxying interfaces of various backend services. |
-| [frameworks/GPU](https://github.com/beclab/terminus/tree/main/frameworks/GPU) | <https://github.com/grgalex/nvshare> | GPU sharing mechanism that allows multiple processes (or containers running on Kubernetes) to securely run on the same physical GPU concurrently, each having the whole GPU memory available. |
-| [frameworks/l4-bfl-proxy](https://github.com/beclab/terminus/tree/main/frameworks/l4-bfl-proxy) | <https://github.com/beclab/l4-bfl-proxy> | Layer 4 network proxy for BFL. By prereading SNI, it provides a dynamic route to pass through into the user's Ingress. |
-| [frameworks/osnode-init](https://github.com/beclab/terminus/tree/main/frameworks/osnode-init) | <https://github.com/beclab/osnode-init> | A system framework component that initializes node data when a new node joins the cluster. |
-| [frameworks/system-server](https://github.com/beclab/terminus/tree/main/frameworks/system-server) | <https://github.com/beclab/system-server> | As a part of system runtime frameworks, it provides a mechanism for security calls between apps. |
-| [frameworks/tapr](https://github.com/beclab/terminus/tree/main/frameworks/tapr) | <https://github.com/beclab/tapr> | Terminus Application Runtime components. |
-
-<b>System-Level Applications and Services</b>
-
+| [frameworks/app-service](https://github.com/beclab/olares/tree/main/frameworks/app-service) | <https://github.com/beclab/app-service> | A system framework component that provides lifecycle management and various security controls for all apps in the system. |
+| [frameworks/backup-server](https://github.com/beclab/olares/tree/main/frameworks/backup-server) | <https://github.com/beclab/backup-server> | A system framework component that provides scheduled full or incremental cluster backup services. |
+| [frameworks/bfl](https://github.com/beclab/olares/tree/main/frameworks/bfl) | <https://github.com/beclab/bfl> | Backend For Launcher (BFL), a system framework component serving as the user access point and aggregating and proxying interfaces of various backend services. |
+| [frameworks/GPU](https://github.com/beclab/olares/tree/main/frameworks/GPU) | <https://github.com/grgalex/nvshare> | GPU sharing mechanism that allows multiple processes (or containers running on Kubernetes) to securely run on the same physical GPU concurrently, each having the whole GPU memory available. |
+| [frameworks/l4-bfl-proxy](https://github.com/beclab/olares/tree/main/frameworks/l4-bfl-proxy) | <https://github.com/beclab/l4-bfl-proxy> | Layer 4 network proxy for BFL. By prereading SNI, it provides a dynamic route to pass through into the user's Ingress. |
+| [frameworks/osnode-init](https://github.com/beclab/olares/tree/main/frameworks/osnode-init) | <https://github.com/beclab/osnode-init> | A system framework component that initializes node data when a new node joins the cluster. |
+| [frameworks/system-server](https://github.com/beclab/olares/tree/main/frameworks/system-server) | <https://github.com/beclab/system-server> | As a part of system runtime frameworks, it provides a mechanism for security calls between apps. |
+| [frameworks/tapr](https://github.com/beclab/olares/tree/main/frameworks/tapr) | <https://github.com/beclab/tapr> | Olares Application Runtime components. |
 </details>
 
 <details>
 <summary><b>System-Level Applications and Services</b></summary>
-
+  
 | Directory | Repository | Description |
 | --- | --- | --- |
-| [apps/agent](https://github.com/beclab/terminus/tree/main/apps/agent) | <https://github.com/beclab/dify> | The LLM app development platform ported from [Dify.ai](https://github.com/langgenius/dify), with integrations of Terminus Accounts, local knowledge base, and local models. |
-| [apps/analytic](https://github.com/beclab/terminus/tree/main/apps/analytic) | <https://github.com/beclab/analytic> | Developed based on [Umami](https://github.com/umami-software/umami), Analytic is a simple, fast, privacy-focused alternative to Google Analytics. |
-| [apps/market](https://github.com/beclab/terminus/tree/main/apps/market) | <https://github.com/beclab/market> | This repository deploys the front-end part of the application market in Terminus. |
-| [apps/market-server](https://github.com/beclab/terminus/tree/main/apps/market-server) | <https://github.com/beclab/market> | This repository deploys the back-end part of the application market in Terminus. |
-| [apps/argo](https://github.com/beclab/terminus/tree/main/apps/argo) | <https://github.com/argoproj/argo-workflows> | A workflow engine for orchestrating container execution of local recommendation algorithms. |
-| [apps/desktop](https://github.com/beclab/terminus/tree/main/apps/desktop) | <https://github.com/beclab/desktop> | The built-in desktop application of the system. |
-| [apps/devbox](https://github.com/beclab/terminus/tree/main/apps/devbox) | <https://github.com/beclab/devbox> | An IDE for developers to port and develop Terminus applications. |
-| [apps/TermiPass](https://github.com/beclab/terminus/tree/main/apps/TermiPass) | <https://github.com/beclab/TermiPass> | A free alternative to 1Password and Bitwarden for teams and enterprises of any size Developed based on [Padloc](https://github.com/padloc/padloc). It serves as the client that helps you manage DID, Terminus Name, and Terminus devices. |
-| [apps/files](https://github.com/beclab/terminus/tree/main/apps/files) | <https://github.com/beclab/files> | A built-in file manager modified from [Filebrowser](https://github.com/filebrowser/filebrowser), providing management of files on Drive, Sync, and various Terminus physical nodes. |
-| [apps/mynitro](https://github.com/beclab/terminus/tree/main/apps/mynitro) | <https://github.com/beclab/mynitro> | A wrapper of the official [Nitro](https://github.com/janhq/nitro) project that hosts LLMs locally, specifically, provides services to Dify's agents on Terminus. |
-| [apps/notifications](https://github.com/beclab/terminus/tree/main/apps/notifications) | <https://github.com/beclab/notifications> | The notifications system of Terminus |
-| [apps/profile](https://github.com/beclab/terminus/tree/main/apps/profile) | <https://github.com/beclab/profile> | Linktree alternative in Terminus|
-| [apps/rsshub](https://github.com/beclab/terminus/tree/main/apps/rsshub) | <https://github.com/beclab/rsshub> | A RSS subscription manager based on [RssHub](https://github.com/DIYgod/RSSHub). |
-| [apps/dify-gateway](https://github.com/beclab/terminus/tree/main/apps/dify-gateway) | <https://github.com/beclab/dify-gateway> | A gateway service that establishes the connection between Dify and other services such as Files and Agent. |
-| [apps/settings](https://github.com/beclab/terminus/tree/main/apps/settings) | <https://github.com/beclab/settings> | Built-in system settings. |
-| [apps/system-apps](https://github.com/beclab/terminus/tree/main/apps/system-apps) | <https://github.com/beclab/system-apps> | Built based on the _kubesphere/console_ project, system-service provides a self-hosted cloud platform that helps users understand and control the system's runtime status and resource usage through a visual Dashboard and feature-rich ControlHub. |
-| [apps/wizard](https://github.com/beclab/terminus/tree/main/apps/wizard) | <https://github.com/beclab/wizard> | A wizard application to walk users through the system activation process. |
+| [apps/analytic](https://github.com/beclab/olares/tree/main/apps/analytic) | <https://github.com/beclab/analytic> | Developed based on [Umami](https://github.com/umami-software/umami), Analytic is a simple, fast, privacy-focused alternative to Google Analytics. |
+| [apps/market](https://github.com/beclab/olares/tree/main/apps/market) | <https://github.com/beclab/market> | This repository deploys the front-end part of the application market in Olares. |
+| [apps/market-server](https://github.com/beclab/olares/tree/main/apps/market-server) | <https://github.com/beclab/market> | This repository deploys the back-end part of the application market in Olares. |
+| [apps/argo](https://github.com/beclab/olares/tree/main/apps/argo) | <https://github.com/argoproj/argo-workflows> | A workflow engine for orchestrating container execution of local recommendation algorithms. |
+| [apps/desktop](https://github.com/beclab/olares/tree/main/apps/desktop) | <https://github.com/beclab/desktop> | The built-in desktop application of the system. |
+| [apps/devbox](https://github.com/beclab/olares/tree/main/apps/devbox) | <https://github.com/beclab/devbox> | An IDE for developers to port and develop Olares applications. |
+| [apps/vault](https://github.com/beclab/olares/tree/main/apps/vault) | <https://github.com/beclab/termipass> | A free alternative to 1Password and Bitwarden for teams and enterprises of any size Developed based on [Padloc](https://github.com/padloc/padloc). It serves as the client that helps you manage DID, Olares ID, and Olares devices. |
+| [apps/files](https://github.com/beclab/olares/tree/main/apps/files) | <https://github.com/beclab/files> | A built-in file manager modified from [Filebrowser](https://github.com/filebrowser/filebrowser), providing management of files on Drive, Sync, and various Olares physical nodes. |
+| [apps/notifications](https://github.com/beclab/olares/tree/main/apps/notifications) | <https://github.com/beclab/notifications> | The notifications system of Olares |
+| [apps/profile](https://github.com/beclab/olares/tree/main/apps/profile) | <https://github.com/beclab/profile> | Linktree alternative in Olares|
+| [apps/rsshub](https://github.com/beclab/olares/tree/main/apps/rsshub) | <https://github.com/beclab/rsshub> | A RSS subscription manager based on [RssHub](https://github.com/DIYgod/RSSHub). |
+| [apps/settings](https://github.com/beclab/olares/tree/main/apps/settings) | <https://github.com/beclab/settings> | Built-in system settings. |
+| [apps/system-apps](https://github.com/beclab/olares/tree/main/apps/system-apps) | <https://github.com/beclab/system-apps> | Built based on the _kubesphere/console_ project, system-service provides a self-hosted cloud platform that helps users understand and control the system's runtime status and resource usage through a visual Dashboard and feature-rich ControlHub. |
+| [apps/wizard](https://github.com/beclab/olares/tree/main/apps/wizard) | <https://github.com/beclab/wizard> | A wizard application to walk users through the system activation process. |
 </details>
 
 <details>
@@ -195,19 +197,19 @@ The following table lists the project directories under Terminus and their corre
 
 | Directory | Repository | Description |
 | --- | --- | --- |
-| [third-party/authelia](https://github.com/beclab/terminus/tree/main/third-party/authelia) | <https://github.com/beclab/authelia> | An open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. |
-| [third-party/headscale](https://github.com/beclab/terminus/tree/main/third-party/headscale) | <https://github.com/beclab/headscale> | An open source, self-hosted implementation of the Tailscale control server in Terminus to manage Tailscale in TermiPass across different devices. |
-| [third-party/infisical](https://github.com/beclab/terminus/tree/main/third-party/infisical) | <https://github.com/beclab/infisical> | An open-source secret management platform that syncs secrets across your teams/infrastructure and prevents secret leaks. |
-| [third-party/juicefs](https://github.com/beclab/terminus/tree/main/third-party/juicefs) | <https://github.com/beclab/juicefs-ext> | A distributed POSIX file system built on top of Redis and S3, allowing apps on different nodes to access the same data via POSIX interface. |
-| [third-party/ks-console](https://github.com/beclab/terminus/tree/main/third-party/ks-console) | <https://github.com/kubesphere/console> | Kubesphere console that allows for cluster management via a Web GUI. |
-| [third-party/ks-installer](https://github.com/beclab/terminus/tree/main/third-party/ks-installer) | <https://github.com/beclab/ks-installer-ext> | Kubesphere installer component that automatically creates Kubesphere clusters based on cluster resource definitions. |
-| [third-party/kube-state-metrics](https://github.com/beclab/terminus/tree/main/third-party/kube-state-metrics) | <https://github.com/beclab/kube-state-metrics> | kube-state-metrics (KSM) is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. |
-| [third-party/notification-mananger](https://github.com/beclab/terminus/tree/main/third-party/notification-manager) | <https://github.com/beclab/notification-manager-ext> | Kubesphere's notification management component for unified management of multiple notification channels and custom aggregation of notification content. |
-| [third-party/predixy](https://github.com/beclab/terminus/tree/main/third-party/predixy) | <https://github.com/beclab/predixy> | Redis cluster proxy service that automatically identifies available nodes and adds namespace isolation. |
-| [third-party/redis-cluster-operator](https://github.com/beclab/terminus/tree/main/third-party/redis-cluster-operator) | <https://github.com/beclab/redis-cluster-operator> | A cloud-native tool for creating and managing Redis clusters based on Kubernetes. |
-| [third-party/seafile-server](https://github.com/beclab/terminus/tree/main/third-party/seafile-server) | <https://github.com/beclab/seafile-server> | The backend service of Seafile (Sync Drive) for handling data storage. |
-| [third-party/seahub](https://github.com/beclab/terminus/tree/main/third-party/seahub) | <https://github.com/beclab/seahub> | The front-end and middleware service of Seafile (Sync Drive) for handling file sharing, data synchronization, etc. |
-| [third-party/tailscale](https://github.com/beclab/terminus/tree/main/third-party/tailscale) | <https://github.com/tailscale/tailscale> | Tailscale has been integrated in TermiPass of all platforms. |
+| [third-party/authelia](https://github.com/beclab/olares/tree/main/third-party/authelia) | <https://github.com/beclab/authelia> | An open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. |
+| [third-party/headscale](https://github.com/beclab/olares/tree/main/third-party/headscale) | <https://github.com/beclab/headscale> | An open source, self-hosted implementation of the Tailscale control server in Olares to manage Tailscale in LarePass across different devices. |
+| [third-party/infisical](https://github.com/beclab/olares/tree/main/third-party/infisical) | <https://github.com/beclab/infisical> | An open-source secret management platform that syncs secrets across your teams/infrastructure and prevents secret leaks. |
+| [third-party/juicefs](https://github.com/beclab/olares/tree/main/third-party/juicefs) | <https://github.com/beclab/juicefs-ext> | A distributed POSIX file system built on top of Redis and S3, allowing apps on different nodes to access the same data via POSIX interface. |
+| [third-party/ks-console](https://github.com/beclab/olares/tree/main/third-party/ks-console) | <https://github.com/kubesphere/console> | Kubesphere console that allows for cluster management via a Web GUI. |
+| [third-party/ks-installer](https://github.com/beclab/olares/tree/main/third-party/ks-installer) | <https://github.com/beclab/ks-installer-ext> | Kubesphere installer component that automatically creates Kubesphere clusters based on cluster resource definitions. |
+| [third-party/kube-state-metrics](https://github.com/beclab/olares/tree/main/third-party/kube-state-metrics) | <https://github.com/beclab/kube-state-metrics> | kube-state-metrics (KSM) is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. |
+| [third-party/notification-manager](https://github.com/beclab/olares/tree/main/third-party/notification-manager) | <https://github.com/beclab/notification-manager-ext> | Kubesphere's notification management component for unified management of multiple notification channels and custom aggregation of notification content. |
+| [third-party/predixy](https://github.com/beclab/olares/tree/main/third-party/predixy) | <https://github.com/beclab/predixy> | Redis cluster proxy service that automatically identifies available nodes and adds namespace isolation. |
+| [third-party/redis-cluster-operator](https://github.com/beclab/olares/tree/main/third-party/redis-cluster-operator) | <https://github.com/beclab/redis-cluster-operator> | A cloud-native tool for creating and managing Redis clusters based on Kubernetes. |
+| [third-party/seafile-server](https://github.com/beclab/olares/tree/main/third-party/seafile-server) | <https://github.com/beclab/seafile-server> | The backend service of Seafile (Sync Drive) for handling data storage. |
+| [third-party/seahub](https://github.com/beclab/olares/tree/main/third-party/seahub) | <https://github.com/beclab/seahub> | The front-end and middleware service of Seafile (Sync Drive) for handling file sharing, data synchronization, etc. |
+| [third-party/tailscale](https://github.com/beclab/olares/tree/main/third-party/tailscale) | <https://github.com/tailscale/tailscale> | Tailscale has been integrated in LarePass of all platforms. |
 </details>
 
 <details>
@@ -215,37 +217,37 @@ The following table lists the project directories under Terminus and their corre
 
 | Directory | Repository | Description |
 | --- | --- | --- |
-| [build/installer](https://github.com/beclab/terminus/tree/main/build/installer) |     | The template for generating the installer build. |
-| [build/manifest](https://github.com/beclab/terminus/tree/main/build/manifest) |     | Installation build image list template. |
-| [libs/fs-lib](https://github.com/beclab/terminus/tree/main/libs) | <https://github.com/beclab/fs-lib> | The SDK library for the iNotify-compatible interface implemented based on JuiceFS. |
-| [scripts](https://github.com/beclab/terminus/tree/main/scripts) |     | Assisting scripts for generating the installer build. |
+| [build/installer](https://github.com/beclab/olares/tree/main/build/installer) |     | The template for generating the installer build. |
+| [build/manifest](https://github.com/beclab/olares/tree/main/build/manifest) |     | Installation build image list template. |
+| [libs/fs-lib](https://github.com/beclab/olares/tree/main/libs) | <https://github.com/beclab/fs-lib> | The SDK library for the iNotify-compatible interface implemented based on JuiceFS. |
+| [scripts](https://github.com/beclab/olares/tree/main/scripts) |     | Assisting scripts for generating the installer build. |
 </details>
 
-## Contributing to Terminus
+## Contributing to Olares
 
 We are welcoming contributions in any form:
 
-- If you want to develop your own applications on Terminus, refer to:<br>
-https://docs.jointerminus.com/developer/develop/
+- If you want to develop your own applications on Olares, refer to:<br>
+https://docs.olares.xyz/developer/develop/
 
 
-- If you want to help improve Terminus, refer to:<br>
-https://docs.jointerminus.com/developer/contribute/terminus-os.html
+- If you want to help improve Olares, refer to:<br>
+https://docs.olares.xyz/developer/contribute/olares.html
 
 ## Community & contact
 
-* [**Github Discussion**](https://github.com/beclab/terminus/discussions). Best for sharing feedback and asking questions.
-* [**GitHub Issues**](https://github.com/beclab/terminus/issues). Best for filing bugs you encounter using Terminus and submitting feature proposals. 
-* [**Discord**](https://discord.gg/ShjkCBs2). Best for sharing anything Terminus.
+* [**GitHub Discussion**](https://github.com/beclab/olares/discussions). Best for sharing feedback and asking questions.
+* [**GitHub Issues**](https://github.com/beclab/olares/issues). Best for filing bugs you encounter using Olares and submitting feature proposals. 
+* [**Discord**](https://discord.com/invite/BzfqrgQPDK). Best for sharing anything Olares.
 
-## Staying ahead  
+## Staying ahead
 
-Star the Terminus project to receive instant notifications about new releases and updates.
+Star the Olares project to receive instant notifications about new releases and updates.
 
  
 ![star us](https://file.bttcdn.com/github/terminus/terminus.git.v2.gif)
  
 
-## Special thanks 
+## Special thanks
 
-The Terminus project has incorporated numerous third-party open source projects, including: [Kubernetes](https://kubernetes.io/), [Kubesphere](https://github.com/kubesphere/kubesphere), [Padloc](https://padloc.app/), [K3S](https://k3s.io/), [JuiceFS](https://github.com/juicedata/juicefs), [MinIO](https://github.com/minio/minio), [Envoy](https://github.com/envoyproxy/envoy), [Authelia](https://github.com/authelia/authelia), [Infisical](https://github.com/Infisical/infisical), [Dify](https://github.com/langgenius/dify), [Seafile](https://github.com/haiwen/seafile),[HeadScale](https://headscale.net/), [tailscale](https://tailscale.com/), [Redis Operator](https://github.com/spotahome/redis-operator), [Nitro](https://nitro.jan.ai/), [RssHub](http://rsshub.app/), [predixy](https://github.com/joyieldInc/predixy), [nvshare](https://github.com/grgalex/nvshare), [LangChain](https://www.langchain.com/), [Quasar](https://quasar.dev/), [TrustWallet](https://trustwallet.com/), [Restic](https://restic.net/), [ZincSearch](https://zincsearch-docs.zinc.dev/), [filebrowser](https://filebrowser.org/), [lego](https://go-acme.github.io/lego/), [Velero](https://velero.io/), [s3rver](https://github.com/jamhall/s3rver), [Citusdata](https://www.citusdata.com/).
+The Olares project has incorporated numerous third-party open source projects, including: [Kubernetes](https://kubernetes.io/), [Kubesphere](https://github.com/kubesphere/kubesphere), [Padloc](https://padloc.app/), [K3S](https://k3s.io/), [JuiceFS](https://github.com/juicedata/juicefs), [MinIO](https://github.com/minio/minio), [Envoy](https://github.com/envoyproxy/envoy), [Authelia](https://github.com/authelia/authelia), [Infisical](https://github.com/Infisical/infisical), [Dify](https://github.com/langgenius/dify), [Seafile](https://github.com/haiwen/seafile),[HeadScale](https://headscale.net/), [tailscale](https://tailscale.com/), [Redis Operator](https://github.com/spotahome/redis-operator), [Nitro](https://nitro.jan.ai/), [RssHub](http://rsshub.app/), [predixy](https://github.com/joyieldInc/predixy), [nvshare](https://github.com/grgalex/nvshare), [LangChain](https://www.langchain.com/), [Quasar](https://quasar.dev/), [TrustWallet](https://trustwallet.com/), [Restic](https://restic.net/), [ZincSearch](https://zincsearch-docs.zinc.dev/), [filebrowser](https://filebrowser.org/), [lego](https://go-acme.github.io/lego/), [Velero](https://velero.io/), [s3rver](https://github.com/jamhall/s3rver), [Citusdata](https://www.citusdata.com/).

README_CN.md

@@ -0,0 +1,255 @@
+<div align="center">
+
+# Olares - 您的主权云，一个开源自托管的公有云替代方案<!-- omit in toc -->
+
+[![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br/>
+[![Last Commit](https://img.shields.io/github/last-commit/beclab/terminus)](https://github.com/beclab/olares/commits/main)
+![Build Status](https://github.com/beclab/olares/actions/workflows/release-daily.yaml/badge.svg)
+[![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/terminus)](https://github.com/beclab/olares/releases)
+[![GitHub Repo stars](https://img.shields.io/github/stars/beclab/terminus?style=social)](https://github.com/beclab/olares/stargazers)
+[![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.com/invite/BzfqrgQPDK)
+[![License](https://img.shields.io/badge/License-Olares-darkblue)](https://github.com/beclab/olares/blob/main/LICENSE.md)
+
+<p>
+  <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
+  <a href="./README_CN.md"><img alt="Readme in Chinese" src="https://img.shields.io/badge/简体中文-FFFFFF"></a>
+</p>
+
+</div>
+
+
+[![cover](https://file.bttcdn.com/github/terminus/desktop-dark.jpeg)](https://github.com/user-attachments/assets/5ea2fe30-7bd2-49ed-be26-e12f1d5d8cb1)
+
+*Olares 让你体验更多可能：构建个人 AI 助理、随时随地同步数据、自托管团队协作空间、打造私人影视厅——无缝整合你的数字生活。*
+
+<p align="center">
+  <a href="https://olares.xyz">网站</a> ·
+  <a href="https://docs.olares.xyz">文档</a> ·
+  <a href="https://docs.olares.xyz/larepass">下载 LarePass</a> ·
+  <a href="https://github.com/beclab/apps">Olares 应用</a> ·
+  <a href="https://space.olares.xyz">Olares Space</a>
+</p>
+
+## 目录 <!-- omit in toc -->
+
+- [介绍](#介绍)
+- [动机与设计](#动机与设计)
+- [技术栈](#技术栈)
+- [功能](#功能)
+- [功能对比](#功能对比)
+- [快速开始](#快速开始)
+- [项目目录](#项目目录)
+- [社区贡献](#社区贡献)
+- [社区支持](#社区支持)
+- [持续关注](#持续关注)
+- [特别感谢](#特别感谢)
+  
+## 介绍
+
+Olares 是一个让您完全掌控的主权云平台。它是一个开源的、自托管的公有云替代方案，旨在帮助您重获数据所有权和隐私控制权。通过将Kubernetes的强大功能与简化的用户界面相结合，Olares使您能够完全掌控自己的数据和计算资源。无论您是在管理家庭实验环境、部署应用程序，还是保护个人隐私，Olares都能提供与公有云同等的灵活性和功能，同时确保您的隐私和安全不受损害。
+
+Olares 支持以下应用场景：
+
+🤖**本地 AI 助手**：在本地部署运行顶级开源 AI 模型，涵盖语言处理、图像生成和语音识别等领域。根据个人需求定制 AI 助手，确保数据隐私和控制权均处于自己手中。<br>
+
+💻**个人数据仓库**：所有个人文件，包括照片、文档和重要资料，都可以在这个安全的统一平台上存储和同步，随时随地都能方便地访问。<br>
+
+🛠️**自托管工作空间**：利用开源解决方案，无需成本即可为家庭或工作团队搭建一个功能强大的工作空间。<br>
+
+🎥**私人媒体服务器**：用自己的视频和音乐库搭建一个私人流媒体服务，随时享受个性化的娱乐体验。<br>
+
+🏡**智能家居中心**：将所有智能设备和自动化系统集中在一个易于管理的控制中心，实现家庭智能化的简便操作。<br>
+
+🤝**独立的社交媒体平台**：在 Olares 上部署去中心化社交媒体应用，如 Mastodon、Ghost 和 WordPress，自由建立和扩展个人品牌，无需担忧封号或支付额外费用。<br>
+
+📚**学习探索**：深入学习自托管服务、容器技术和云计算，并上手实践。<br>
+
+## 动机与设计
+
+我们深知当前互联网的局限性——用户的数据被主流互联网或云服务公司掌控，并用于其商业利益。我们致力于改变这一现状，希望通过 Olares 赋予用户真正的数据所有权和控制权。
+
+Olares 为此提供了一套全新的去中心化互联网框架，主要包括以下三个部分：
+
+- **Snowinning Protocol**：一个去中心化的身份和声誉系统，融合了去中心化标识符（DIDs）、可验证凭证（VCs）以及声誉数据，帮助用户在网络世界中安全地管理自己的身份。
+- **Olares**：一个专为边缘设备设计的自托管操作系统，用户可以在此系统上自主托管自己的数据和应用，确保数据的私密性和安全性。
+- **LarePass**：一款功能全面的客户端软件，通过安全的方式将用户与其 Olares 系统连接起来。它不仅支持远程访问、身份和设备管理，还提供数据存储和各种办公工具，让用户高效管理其日常工作和个人数据。
+
+## 技术栈
+公有云具有基础设施即服务（IaaS）、平台即服务（PaaS）和软件即服务（SaaS）等层级。Olares 为这些层级提供了开源替代方案。
+
+  ![技术栈](https://file.bttcdn.com/github/terminus/v2/tech-stack-olares.jpeg)
+
+## 功能
+
+Olares 提供了一系列功能，旨在提升安全性、使用便捷性以及开发的灵活性：
+
+- **企业级安全**：使用 Tailscale、Headscale、Cloudflare Tunnel 和 FRP 简化网络配置，确保安全连接。
+- **安全且无需许可的应用生态系统**：应用通过沙箱化技术实现隔离，保障应用运行的安全性。
+- **统一文件系统和数据库**：提供自动扩展、数据备份和高可用性功能，确保数据的持久安全。
+- **单点登录**：用户仅需一次登录，即可访问 Olares 中所有应用的共享认证服务。
+- **AI 功能**：包括全面的 GPU 管理、本地 AI 模型托管及私有知识库，同时严格保护数据隐私。
+- **内置应用程序**：涵盖文件管理器、同步驱动器、密钥管理器、阅读器、应用市场、设置和面板等，提供全面的应用支持。
+- **无缝访问**：通过移动端、桌面端和网页浏览器客户端，从全球任何地方访问设备。
+- **开发工具**：提供全面的工具支持，便于开发和移植应用，加速开发进程。
+
+## 功能对比
+
+为了帮您快速了解 Olares 在市场中的独特优势，我们制作了一张功能比较表，详细展示了 Olares 的功能以及与市场上其他主流解决方案的对比。
+
+**图例：** 
+
+- 🚀: **自动** - 表示系统自动完成任务。
+- ✅: **支持** - 表示无开发背景的用户可以通过产品的 UI 提示完成设置。
+- 🛠️: **手动配置** - 表示即使是有工程背景的用户也需要参考教程来完成设置。
+- ❌: **不支持** - 表示不支持该功能。
+
+| | Olares | 群晖 | TrueNAS | CasaOS | Unraid |
+| --- | --- | --- | --- | --- | --- |
+| 源代码许可证 | Olares 许可证 | 闭源 | GPL 3.0 | Apache 2.0 | 闭源 |
+| 开发 | Kubernetes | Linux | Kubernetes | Docker | Docker |
+| 多节点支持 | ✅   | ❌   | ✅   | ❌   | ❌   |
+| 内置应用 | ✅（桌面应用丰富）| ✅（桌面应用丰富） | ❌ (CLI) | ✅ （桌面应用较少） | ✅（面板） |
+| 免费域名 | ✅   | ✅   | ❌   | ❌   | ❌   |
+| 自动 SSL 证书 | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ |
+| 反向代理 | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ |
+| VPN 管理 | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
+| 分级应用入口 | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
+| 多用户管理 | ✅ 用户管理 <br>🚀 资源隔离 | ✅ 用户管理 <br>🛠️ 资源隔离 | ✅ 用户管理<br>🛠️ 资源隔离 | ❌   | ✅ 用户管理  <br>🛠️ 资源隔离 |
+| 单一登录 | 🚀  | ❌   | ❌   | ❌   |  ❌   |
+| 跨节点存储 | 🚀 (Juicefs+<br>MinIO) | ❌   | ❌   | ❌   | ❌   |
+| 数据库解决方案 | 🚀 (内置云原生解决方案) | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
+| 灾难恢复 | 🚀 (MinIO的[**纠错码**](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html)**)** | ✅ RAID | ✅ RAID | ✅ RAID | ✅ Unraid Storage |
+| 备份 | ✅ 应用数据  <br>✅ 用户数据 | ✅ 用户数据 | ✅ 用户数据 | ✅ 用户数据 | ✅ 用户数据 |
+| 应用沙盒 | ✅   | ❌   | ❌ （K8S的命名空间） | ❌   | ❌   |
+| 应用生态系统 | ✅ （官方 + 第三方应用） | ✅ （官方应用为主） | ✅ （官方应用 + 第三方提交）| ✅ （官方应用为主） | ✅ （社区应用市场） |
+| 开发者友好 | ✅ IDE  <br>✅ CLI  <br>✅ SDK  <br>✅ 文档| ✅ CLI  <br>✅ SDK  <br>✅ 文档 | ✅ CLI  <br>✅ 文档 | ✅ CLI  <br>✅ 文档 | ✅ 文档 |
+| 本地 LLM 部署 | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
+| 本地 LLM 应用开发 | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
+| 客户端 | ✅ Android  <br>✅ iOS  <br>✅ Windows  <br>✅ Mac  <br>✅ Chrome 插件 | ✅ Android  <br>✅ iOS | ❌   | ❌   | ❌   |
+| 客户端功能 | ✅ （一体化客户端应用） | ✅ （14个分散的客户端应用）| ❌   | ❌   |  ❌   |
+
+## 快速开始
+
+### 系统兼容性
+你可以在 Linux、Raspberry Pi、Mac 和 Windows 上安装 Olares。目前已验证支持的系统环境如下：
+
+| 平台            | 操作系统                     | 备注                                                 |
+|---------------------|--------------------------------------|-------------------------------------------------------|
+| Linux               | Ubuntu 24.04 <br/> Debian 12.8       |                                                       |
+| Raspberry Pi        | RaspbianOS                           | 已在 Raspberry Pi 4 Model B 和 Raspberry Pi 5 上验证|
+| Windows             | Windows 11 23H2 <br/>Windows 10 22H2 |                                                       |
+| Mac (Apple Silicon) | macOS Ventura 13.3.1               |                                                       |
+| Proxmox VE (PVE)    | Proxmox Virtual Environment 8.0      |                                                       |
+
+> **注意**
+> 
+> 如果你在未列出的系统版本上成功安装了 Olares，请告诉我们！你可以在 GitHub 仓库中[提交 Issue](https://github.com/beclab/Olares/issues/new) 或发起 Pull Request。
+
+### 安装 Olares
+
+> 当前文档仅有英文版本。
+ 
+参考[快速上手指南](https://docs.olares.xyz/manual/get-started/)安装并激活 Olares。
+
+## 项目目录
+
+Olares 包含多个在 GitHub 上公开可用的代码仓库。当前仓库负责操作系统的最终编译、打包、安装和升级，而特定的更改主要在各自对应的仓库中进行。
+
+以下表格列出了 Olares 下的项目目录及其对应的仓库。
+
+<details>
+<summary><b>框架组件</b></summary>
+
+| 路径 | 仓库 | 说明 |
+| --- | --- | --- |
+| [frameworks/app-service](https://github.com/beclab/olares/tree/main/frameworks/app-service) | <https://github.com/beclab/app-service> | 系统框架组件，负责提供全系统应用的生命周期管理及多种安全控制。 |
+| [frameworks/backup-server](https://github.com/beclab/olares/tree/main/frameworks/backup-server) | <https://github.com/beclab/backup-server> | 系统框架组件，提供定时的全量或增量集群备份服务。 |
+| [frameworks/bfl](https://github.com/beclab/olares/tree/main/frameworks/bfl) | <https://github.com/beclab/bfl> | 启动器后端（Backend For Launcher, BFL），作为用户访问点的系统框架组件，整合并代理各种后端服务的接口。 |
+| [frameworks/GPU](https://github.com/beclab/olares/tree/main/frameworks/GPU) | <https://github.com/grgalex/nvshare> | GPU共享机制，允许多个进程（或运行在 Kubernetes 上的容器）安全地同时在同一物理 GPU 上运行，每个进程都可访问全部 GPU 内存。 |
+| [frameworks/l4-bfl-proxy](https://github.com/beclab/olares/tree/main/frameworks/l4-bfl-proxy) | <https://github.com/beclab/l4-bfl-proxy> | 针对 BFL 的第4层网络代理。通过预读服务器名称指示（SNI），提供一条动态路由至用户的 Ingress。 |
+| [frameworks/osnode-init](https://github.com/beclab/olares/tree/main/frameworks/osnode-init) | <https://github.com/beclab/osnode-init> | 系统框架组件，用于初始化新节点加入集群时的节点数据。 |
+| [frameworks/system-server](https://github.com/beclab/olares/tree/main/frameworks/system-server) | <https://github.com/beclab/system-server> | 作为系统运行时框架的一部分，提供应用间安全通信的机制。 |
+| [frameworks/tapr](https://github.com/beclab/olares/tree/main/frameworks/tapr) | <https://github.com/beclab/tapr> | Olares 应用运行时组件。 |
+
+</details>
+
+<details>
+<summary><b>系统级应用程序和服务</b></summary>
+
+| 路径 | 仓库 | 说明 |
+| --- | --- | --- |
+| [apps/analytic](https://github.com/beclab/olares/tree/main/apps/analytic) | <https://github.com/beclab/analytic> | 基于 [Umami](https://github.com/umami-software/umami) 开发的 Analytic，是一个简单、快速、注重隐私的 Google Analytics 替代品。 |
+| [apps/market](https://github.com/beclab/olares/tree/main/apps/market) | <https://github.com/beclab/market> | 此代码库部署了 Olares 应用市场的前端部分。 |
+| [apps/market-server](https://github.com/beclab/olares/tree/main/apps/market-server) | <https://github.com/beclab/market> | 此代码库部署了 Olares 应用市场的后端部分。 |
+| [apps/argo](https://github.com/beclab/olares/tree/main/apps/argo) | <https://github.com/argoproj/argo-workflows> | 用于协调本地推荐算法容器执行的工作流引擎。 |
+| [apps/desktop](https://github.com/beclab/olares/tree/main/apps/desktop) | <https://github.com/beclab/desktop> | 系统内置的桌面应用程序。 |
+| [apps/devbox](https://github.com/beclab/olares/tree/main/apps/devbox) | <https://github.com/beclab/devbox> | 为开发者提供的 IDE，用于移植和开发 Olares 应用。 |
+| [apps/vault](https://github.com/beclab/olares/tree/main/apps/vault) | <https://github.com/beclab/termipass> | 基于 [Padloc](https://github.com/padloc/padloc) 开发的团队和企业的免费 1Password 和 Bitwarden 替代品，作为客户端帮助您管理 DID、Olares ID和 Olares 设备。 |
+| [apps/files](https://github.com/beclab/olares/tree/main/apps/files) | <https://github.com/beclab/files> | 基于 [Filebrowser](https://github.com/filebrowser/filebrowser) 修改的内置文件管理器，管理 Drive、Sync 和各种 Olares 物理节点上的文件。|
+| [apps/notifications](https://github.com/beclab/olares/tree/main/apps/notifications) | <https://github.com/beclab/notifications> | Olares 的通知系统。 |
+| [apps/profile](https://github.com/beclab/olares/tree/main/apps/profile) | <https://github.com/beclab/profile> | Olares 中的 Linktree 替代品。|
+| [apps/rsshub](https://github.com/beclab/olares/tree/main/apps/rsshub) | <https://github.com/beclab/rsshub> | 基于 [RssHub](https://github.com/DIYgod/RSSHub) 的 RSS 订阅管理器。 |
+| [apps/settings](https://github.com/beclab/olares/tree/main/apps/settings) | <https://github.com/beclab/settings> | 内置系统设置。 |
+| [apps/system-apps](https://github.com/beclab/olares/tree/main/apps/system-apps) | <https://github.com/beclab/system-apps> | 基于 *kubesphere/console* 项目构建的 system-service 提供一个自托管的云平台，通过视觉仪表板和功能丰富的 ControlHub 帮助用户了解和控制系统的运行状态和资源使用。 |
+| [apps/wizard](https://github.com/beclab/olares/tree/main/apps/wizard) | <https://github.com/beclab/wizard> | 向用户介绍系统激活过程的向导应用程序。 |
+</details>
+
+<details>
+<summary><b>第三方组件和服务</b></summary>
+
+| 路径 | 仓库 | 说明 |
+| --- | --- | --- |
+| [third-party/authelia](https://github.com/beclab/olares/tree/main/third-party/authelia) | <https://github.com/beclab/authelia> | 一个开源的认证和授权服务器，通过网络门户为应用程序提供双因素认证和单点登录（SSO）。 |
+| [third-party/headscale](https://github.com/beclab/olares/tree/main/third-party/headscale) | <https://github.com/beclab/headscale> | 在 Olares 中的 Tailscale 控制服务器的开源自托管实现，用于管理 LarePass 中不同设备上的 Tailscale。|
+| [third-party/infisical](https://github.com/beclab/olares/tree/main/third-party/infisical) | <https://github.com/beclab/infisical> | 一个开源的密钥管理平台，可以在团队/基础设施之间同步密钥并防止泄露。 |
+| [third-party/juicefs](https://github.com/beclab/olares/tree/main/third-party/juicefs) | <https://github.com/beclab/juicefs-ext> | 基于 Redis 和 S3 之上构建的分布式 POSIX 文件系统，允许不同节点上的应用通过 POSIX 接口访问同一数据。 |
+| [third-party/ks-console](https://github.com/beclab/olares/tree/main/third-party/ks-console) | <https://github.com/kubesphere/console> | Kubesphere 控制台，允许通过 Web GUI 进行集群管理。 |
+| [third-party/ks-installer](https://github.com/beclab/olares/tree/main/third-party/ks-installer) | <https://github.com/beclab/ks-installer-ext> | Kubesphere 安装组件，根据集群资源定义自动创建 Kubesphere 集群。 |
+| [third-party/kube-state-metrics](https://github.com/beclab/olares/tree/main/third-party/kube-state-metrics) | <https://github.com/beclab/kube-state-metrics> | kube-state-metrics（KSM）是一个简单的服务，监听 Kubernetes API 服务器并生成关于对象状态的指标。 |
+| [third-party/notification-manager](https://github.com/beclab/olares/tree/main/third-party/notification-manager) | <https://github.com/beclab/notification-manager-ext> | Kubesphere 的通知管理组件，用于统一管理多个通知渠道和自定义聚合通知内容。 |
+| [third-party/predixy](https://github.com/beclab/olares/tree/main/third-party/predixy) | <https://github.com/beclab/predixy> | Redis 集群代理服务，自动识别可用节点并添加命名空间隔离。 |
+| [third-party/redis-cluster-operator](https://github.com/beclab/olares/tree/main/third-party/redis-cluster-operator) | <https://github.com/beclab/redis-cluster-operator> | 一个基于 Kubernetes 的云原生工具，用于创建和管理 Redis 集群。 |
+| [third-party/seafile-server](https://github.com/beclab/olares/tree/main/third-party/seafile-server) | <https://github.com/beclab/seafile-server> | Seafile（同步驱动器）的后端服务，用于处理数据存储。 |
+| [third-party/seahub](https://github.com/beclab/olares/tree/main/third-party/seahub) | <https://github.com/beclab/seahub> | Seafile（同步驱动器）的前端和中间件服务，用于处理文件共享、数据同步等。 |
+| [third-party/tailscale](https://github.com/beclab/olares/tree/main/third-party/tailscale) | <https://github.com/tailscale/tailscale> | Tailscale 已在所有平台的 LarePass 中集成。 |
+</details>
+
+<details>
+<summary><b>其他库和组件</b></summary>
+
+| 路径 | 仓库 | 说明 |
+| --- | --- | --- |
+| [build/installer](https://github.com/beclab/olares/tree/main/build/installer) |     | 用于生成安装程序构建的模板。 |
+| [build/manifest](https://github.com/beclab/olares/tree/main/build/manifest) |     | 安装构建镜像列表模板。 |
+| [libs/fs-lib](https://github.com/beclab/olares/tree/main/libs) | <https://github.com/beclab/fs-lib> | 基于 JuiceFS 实现的 iNotify 兼容接口的SDK库。 |
+| [scripts](https://github.com/beclab/olares/tree/main/scripts) |     | 生成安装程序构建的辅助脚本。 |
+</details>
+
+## 社区贡献
+
+我们欢迎任何形式的贡献！
+
+- 如果您想在 Olares 上开发自己的应用，请参考：<br>
+https://docs.olares.xyz/developer/develop/
+
+
+- 如果您想帮助改进 Olares，请参考：<br>
+https://docs.olares.xyz/developer/contribute/olares.html
+
+## 社区支持
+
+* [**GitHub Discussion**](https://github.com/beclab/olares/discussions) - 讨论 Olares 使用过程中的疑问。
+* [**GitHub Issues**](https://github.com/beclab/olares/issues) - 报告 Olares 的遇到的问题或提出功能改进建议。
+* [**Discord**](https://discord.com/invite/BzfqrgQPDK) - 日常交流，分享经验，或讨论与 Olares 相关的任何主题。
+ 
+## 持续关注
+
+关注 Olares 项目，及时获取新版本和更新的通知。
+
+ 
+![点亮星标](https://file.bttcdn.com/github/terminus/terminus.git.v2.gif)
+ 
+
+## 特别感谢
+
+Olares 项目整合了许多第三方开源项目，包括：[Kubernetes](https://kubernetes.io/)、[Kubesphere](https://github.com/kubesphere/kubesphere)、[Padloc](https://padloc.app/)、[K3S](https://k3s.io/)、[JuiceFS](https://github.com/juicedata/juicefs)、[MinIO](https://github.com/minio/minio)、[Envoy](https://github.com/envoyproxy/envoy)、[Authelia](https://github.com/authelia/authelia)、[Infisical](https://github.com/Infisical/infisical)、[Dify](https://github.com/langgenius/dify)、[Seafile](https://github.com/haiwen/seafile)、[HeadScale](https://headscale.net/)、 [tailscale](https://tailscale.com/)、[Redis Operator](https://github.com/spotahome/redis-operator)、[Nitro](https://nitro.jan.ai/)、[RssHub](http://rsshub.app/)、[predixy](https://github.com/joyieldInc/predixy)、[nvshare](https://github.com/grgalex/nvshare)、[LangChain](https://www.langchain.com/)、[Quasar](https://quasar.dev/)、[TrustWallet](https://trustwallet.com/)、[Restic](https://restic.net/)、[ZincSearch](https://zincsearch-docs.zinc.dev/)、[filebrowser](https://filebrowser.org/)、[lego](https://go-acme.github.io/lego/)、[Velero](https://velero.io/)、[s3rver](https://github.com/jamhall/s3rver)、[Citusdata](https://www.citusdata.com/)。

apps/analytic/config/cluster/deploy/analytic_deploy.yaml

@@ -1,7 +1,7 @@
 
 
 
-{{ $anayltic2_rootpath := "/terminus/rootfs/anayltic2" }}
+{{ $anayltic2_rootpath := printf "%s%s" .Values.rootPath "/rootfs/anayltic2" }}
 {{- $namespace := printf "%s" "os-system" -}}
 {{- $anayltic2_secret := (lookup "v1" "Secret" $namespace "anayltic2-secrets") -}}
 {{- $pg_password := "" -}}
@@ -83,11 +83,13 @@ spec:
             value: os_system_anayltic2
       containers:
       - name: anayltic2-server
-        image: beclab/analytic-api:v0.0.3
+        image: beclab/analytic-api:v0.0.4
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010
         env:
+        - name: PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING
+          value: '1'
         - name: PL_DATA_BACKEND
           value: postgres
         - name: PL_DATA_POSTGRES_HOST

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-deployment.yaml

@@ -105,34 +105,7 @@ spec:
           volumeMounts:
             - name: tmp
               mountPath: /tmp
-        - name: addflowtask
-          image: "beclab/recommend-argotask:v0.0.5"
-          env:
-          - name: NAME_SPACE
-            value: {{ .Release.Namespace }}
-          - name: APPLICATION_DATA_PATH
-            valueFrom:
-              configMapKeyRef:
-                name: rss-userspace-data
-                key: appData
-          - name: APP_DATA_PATH
-            valueFrom:
-              configMapKeyRef:
-                name: rss-userspace-data
-                key: appCache
-          - name: ALGORITHM_VERSION
-            value: v0.0.6
-          - name: TERMIUS_USER_NAME
-            valueFrom:
-              configMapKeyRef:
-                name: rss-userspace-data
-                key: username
-          
-          - name: KNOWLEDGE_BASE_API_PORT
-            value: "3010"
-         
-          
-
+        
       volumes:
         - name: tmp
           emptyDir: {}

apps/argo/config/user/helm-charts/recommend/templates/argo_fe_deploy.yaml

@@ -29,58 +29,6 @@ spec:
     app: recommend
   type: ClusterIP
 
----
-{{ if (eq .Values.debugVersion true) }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: recommend
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: recommend
-    applications.app.bytetrade.io/author: bytetrade.io
-
-    applications.app.bytetrade.io/name: recommend
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/recommend/icon.png
-    applications.app.bytetrade.io/title: recommend
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"recommend", "host":"argoworkflows-ui", "port":80,"title":"recommend"}]'
-
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: recommend
-  template:
-    metadata:
-      labels:
-        app: recommend
-    spec:
-      containers:
-        - name: recommend-proxy
-          image: nginx:stable-alpine3.17-slim
-          imagePullPolicy: IfNotPresent
-          ports:
-            - name: proxy
-              containerPort: 8080
-          volumeMounts:
-            - name: nginx-config
-              readOnly: true
-              mountPath: /etc/nginx/nginx.conf
-              subPath: nginx.conf
-      volumes:
-        - name: nginx-config
-          configMap:
-            name: recommend-nginx-configs
-            items:
-              - key: nginx.conf
-                path: nginx.conf
-{{ end }}
-
 
 
 ---

apps/desktop/config/user/helm-charts/desktop/templates/desktop_deploy.yaml

@@ -23,10 +23,11 @@ spec:
         runAsUser: 1000
         runAsGroup: 1000
         fsGroup: 1000
+      priorityClassName: "system-cluster-critical"
       initContainers:
       - args:
         - -it
-        - authelia-backend.os-system:9091
+        - authelia-backend.os-system:9091,system-server.user-system-{{ .Values.bfl.username }}:80
         image: owncloudci/wait-for:latest
         imagePullPolicy: IfNotPresent
         name: check-auth
@@ -65,7 +66,7 @@ spec:
 
       containers:
       - name: edge-desktop
-        image: beclab/desktop:v0.2.32
+        image: beclab/desktop:v0.2.59
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: false
@@ -77,7 +78,7 @@ spec:
             value: http://bfl.{{ .Release.Namespace }}:8080
 
       - name: desktop-server
-        image: beclab/desktop-server:v0.2.32
+        image: beclab/desktop-server:v0.2.59
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -139,7 +140,7 @@ spec:
             fieldRef:
               fieldPath: status.podIP
       - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.3'
+        image: 'beclab/ws-gateway:v1.0.5'
         imagePullPolicy: IfNotPresent
         command:
           - /ws-gateway
@@ -213,6 +214,11 @@ spec:
       - app-installation-event
     op: Create
     uri: /server/app_installation_event
+  - filters:
+      type:
+        - entrance-state-event
+    op: Create
+    uri: /server/entrance_state_event
   - filters:
       type:
       - settings-event
@@ -410,6 +416,7 @@ data:
                   - upgrade_type: websocket      
                   - upgrade_type: tailscale-control-protocol            
                   skip_xff_append: false
+                  max_request_headers_kb: 500
                   codec_type: AUTO
                   route_config:
                     name: local_route
@@ -484,6 +491,8 @@ data:
                 typed_config:
                   "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                   stat_prefix: tapr_http
+                  http_protocol_options:
+                    accept_http_10: true
                   upgrade_configs:
                   - upgrade_type: websocket                  
                   skip_xff_append: false
@@ -508,9 +517,11 @@ data:
         
       clusters:
       - name: original_dst
-        connect_timeout: 5000s
+        connect_timeout: 120s
         type: ORIGINAL_DST
         lb_policy: CLUSTER_PROVIDED
+        common_http_protocol_options:
+          idle_timeout: 10s
       - name: authelia
         connect_timeout: 2s
         type: LOGICAL_DNS
@@ -577,6 +588,7 @@ data:
                   - upgrade_type: websocket      
                   - upgrade_type: tailscale-control-protocol            
                   skip_xff_append: false
+                  max_request_headers_kb: 500
                   codec_type: AUTO
                   route_config:
                     name: local_route
@@ -655,6 +667,8 @@ data:
                 typed_config:
                   "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                   stat_prefix: tapr_http
+                  http_protocol_options:
+                    accept_http_10: true
                   upgrade_configs:
                   - upgrade_type: websocket                  
                   skip_xff_append: false
@@ -680,6 +694,8 @@ data:
         connect_timeout: 5000s
         type: ORIGINAL_DST
         lb_policy: CLUSTER_PROVIDED
+        common_http_protocol_options:
+          idle_timeout: 10s
       - name: ws_original_dst
         connect_timeout: 5000s
         type: LOGICAL_DNS

apps/download/config/user/helm-charts/download/templates/download_deploy.yaml

@@ -8,6 +8,21 @@
 {{ $pg_password = randAlphaNum 16 | b64enc }}
 {{- end -}}
 
+{{- $redis_password := "" -}}
+{{ if $download_secret -}}
+{{ $redis_password = (index $download_secret "data" "redis_password") }}
+{{ else -}}
+{{ $redis_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+{{- $download_nats_secret := (lookup "v1" "Secret" $namespace "download-secrets") -}}
+{{- $nat_password := "" -}}
+{{ if $download_nats_secret -}}
+{{ $nat_password = (index $download_nats_secret "data" "nat_password") }}
+{{ else -}}
+{{ $nat_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
 ---
 apiVersion: v1
 kind: Secret
@@ -17,6 +32,8 @@ metadata:
 type: Opaque
 data:
   pg_password: {{ $pg_password }}
+  redis_password: {{ $redis_password }}
+  nat_password: {{ $nat_password }}
 ---
 apiVersion: apr.bytetrade.io/v1alpha1
 kind: MiddlewareRequest
@@ -36,8 +53,33 @@ spec:
           name: download-secrets
     databases:
     - name: knowledge
-
-
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: download-nat
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: download
+  appNamespace: {{ .Release.Namespace }}
+  middleware: nats
+  nats:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: nat_password
+          name: download-secrets
+    refs: []
+    subjects:
+    - name: download_status
+      permission:
+        pub: allow
+        sub: allow
+      export:
+      - appName: knowledge
+        sub: allow
+        pub: allow
+    user: user-system-{{ .Values.bfl.username }}-download
 ---
 
 
@@ -104,7 +146,7 @@ spec:
             value: user_space_{{ .Values.bfl.username }}_knowledge
       containers:
       - name: aria2
-        image: "cesign/aria2-pro"
+        image: "beclab/aria2:v0.0.4"
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: false
@@ -120,8 +162,6 @@ spec:
         - name: PGID
           value: "1000"
         volumeMounts:
-        - name: config-dir
-          mountPath: /config
         - name: download-dir
           mountPath: /downloads
         resources:
@@ -132,7 +172,7 @@ spec:
             cpu: "1"
             memory: 300Mi
       - name: yt-dlp
-        image: "beclab/yt-dlp:v0.0.5"
+        image: "beclab/yt-dlp:v0.0.22"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -151,6 +191,22 @@ spec:
           value: "5432"
         - name: PG_DATABASE
           value: user_space_{{ .Values.bfl.username }}_knowledge
+        - name: SETTING_URL
+          value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
+        - name: REDIS_HOST
+          value: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
+        - name: REDIS_PASSWORD
+          value: {{ $redis_password | b64dec }}
+        - name: NATS_HOST
+          value: nats.user-system-{{ .Values.bfl.username }}
+        - name: NATS_PORT
+          value: "4222"
+        - name: NATS_USERNAME
+          value: user-system-{{ .Values.bfl.username }}-download
+        - name: NATS_PASSWORD
+          value: {{ $nat_password | b64dec }}
+        - name: NATS_SUBJECT
+          value: "terminus.{{ .Release.Namespace }}.download_status"
         volumeMounts:
         - name: config-dir
           mountPath: /app/config
@@ -163,9 +219,8 @@ spec:
           limits:
             cpu: "1"
             memory: 300Mi
-
       - name: download-spider
-        image: "beclab/download-spider:v0.0.5"
+        image: "beclab/download-spider:v0.0.22"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -182,6 +237,25 @@ spec:
           value: "5432"
         - name: PG_DATABASE
           value: user_space_{{ .Values.bfl.username }}_knowledge
+        - name: REDIS_HOST
+          value: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
+        - name: REDIS_PASSWORD
+          value: {{ $redis_password | b64dec }}
+        - name: NATS_HOST
+          value: nats.user-system-{{ .Values.bfl.username }}
+        - name: NATS_PORT
+          value: "4222"
+        - name: NATS_USERNAME
+          value: user-system-{{ .Values.bfl.username }}-download
+        - name: NATS_PASSWORD
+          value: {{ $nat_password | b64dec }}
+        - name: NATS_SUBJECT
+          value: "terminus.{{ .Release.Namespace }}.download_status"
+        - name: SETTING_URL
+          value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
+        volumeMounts:
+        - name: download-dir
+          mountPath: /downloads
         
         ports:
         - containerPort: 3080
@@ -201,7 +275,7 @@ spec:
       - name: download-dir
         hostPath:
           type: DirectoryOrCreate
-          path: {{ .Values.userspace.userData }}/Downloads
+          path: {{ .Values.userspace.userData }}
 
 
 ---

apps/files/config/cluster/deploy/files_deploy.yaml

@@ -1,11 +1,15 @@
 
 {{- $namespace := printf "%s" "os-system" -}}
 {{- $files_secret := (lookup "v1" "Secret" $namespace "files-secrets") -}}
-{{- $password := "" -}}
+
+{{- $files_postgres_password := "" -}}
 {{ if $files_secret -}}
-{{ $password = (index $files_secret "data" "password") }}
+{{ $files_postgres_password = (index $files_secret "data" "files_postgres_password") }}
+{{- if not $files_postgres_password -}}
+{{ $files_postgres_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
 {{ else -}}
-{{ $password = randAlphaNum 16 | b64enc }}
+{{ $files_postgres_password = randAlphaNum 16 | b64enc }}
 {{- end -}}
 
 {{- $files_redis_password := "" -}}
@@ -15,6 +19,14 @@
 {{ $files_redis_password = randAlphaNum 16 | b64enc }}
 {{- end -}}
 
+{{- $files_nats_secret := (lookup "v1" "Secret" "os-system" "files-nats-secrets") -}}
+{{- $files_nats_password := "" -}}
+{{ if $files_nats_secret -}}
+{{ $files_nats_password = (index $files_nats_secret "data" "files_nats_password") }}
+{{ else -}}
+{{ $files_nats_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -37,9 +49,8 @@ spec:
       serviceAccount: os-internal
       serviceAccountName: os-internal
       securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
+        runAsUser: 0
+        runAsNonRoot: false
       initContainers:
         - name: init-data
           image: busybox:1.28
@@ -48,25 +59,51 @@ spec:
             runAsNonRoot: false
             runAsUser: 0
           volumeMounts:
-          - name: fb-data
-            mountPath: /appdata
+            - name: userspace-dir
+              mountPath: /data
+            - name: fb-data
+              mountPath: /appdata
+            - name: upload-appdata
+              mountPath: /appcache
           command:
           - sh
           - -c
           - |
-            chown -R 1000:1000 /appdata 
+            chown -R 1000:1000 /appdata; chown -R 1000:1000 /appcache; chown -R 1000:1000 /data
+        - name: init-container
+          image: 'postgres:16.0-alpine3.18'
+          command:
+            - sh
+            - '-c'
+            - >-
+              echo -e "Checking for the availability of PostgreSQL Server
+              deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB1
+              -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >>
+              PostgreSQL DB Server has started";
+          env:
+            - name: PGHOST
+              value: citus-headless.os-system
+            - name: PGPORT
+              value: '5432'
+            - name: PGUSER
+              value: files_os_system
+            - name: PGPASSWORD
+              value: {{ $files_postgres_password | b64dec }}
+            - name: PGDB1
+              value: os_system_files
+
       containers:
         - name: gateway
-          image: beclab/appdata-gateway:0.1.15
+          image: beclab/appdata-gateway:0.1.18
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: false
-            runAsUser: 1000
+            runAsUser: 0
           ports:
             - containerPort: 8080
           env:
             - name: FILES_SERVER_TAG
-              value: 'beclab/files-server:v0.2.30'
+              value: 'beclab/files-server:v0.2.69'
             - name: NAMESPACE
               valueFrom:
                 fieldRef:
@@ -82,8 +119,12 @@ spec:
             value: /appdata
           - name: SEAFILE_SERVICE
             value: seafile
-          image: beclab/media-server:v0.1.7
+          image: beclab/media-server:v0.1.10
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: true
+            runAsUser: 0
+            privileged: true
           ports:
           - containerPort: 9090
           volumeMounts:
@@ -91,13 +132,19 @@ spec:
             mountPath: /data
           - name: user-appdata-dir
             mountPath: /appdata
+{{ if .Values.sharedlib }}
+          - name: shared-lib
+            mountPath: /data/External
+            mountPropagation: Bidirectional
+{{ end }}
 
         - name: files
-          image: beclab/files-server:v0.2.30
+          image: beclab/files-server:v0.2.69
           imagePullPolicy: IfNotPresent
           securityContext:
-            allowPrivilegeEscalation: false
-            runAsUser: 1000
+            allowPrivilegeEscalation: true
+            runAsUser: 0
+            privileged: true
           volumeMounts:
             - name: fb-data
               mountPath: /appdata
@@ -110,15 +157,33 @@ spec:
 #              mountPath: /data/Home/Documents
             - name: upload-appdata
               mountPath: /appcache/
+            
+{{ if .Values.sharedlib }}        
+            - name: shared-lib
+              mountPath: /data/External
+              mountPropagation: Bidirectional
+{{ end }}
           ports:
             - containerPort: 8110
           env:
+{{ if .Values.sharedlib }}        
+            - name: NODE_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: TERMINUSD_HOST
+              value: $(NODE_IP):18088  
+{{ end }}
+            - name: EXTERNAL_PREFIX
+              value: '/External/'
             - name: ES_ENABLED
               value: 'False'
             - name: WATCHER_ENABLED
               value: 'True'
             - name: KNOWLEDGE_BASE_ENABLED
               value: 'False'
+            - name: PHOTOS_ENABLED
+              value: 'True'
 #            - name: BFL_NAME
 #              value: 'os-system'
             - name: FB_DATABASE
@@ -130,7 +195,7 @@ spec:
 #            - name: ZINC_USER
 #              value: zincuser-files-os-system
 #            - name: ZINC_PASSWORD
-#              value: {{ $password | b64dec }}
+#              value: {{ $files_postgres_password | b64dec }}
 #            - name: ZINC_HOST
 #              value: zinc-server-svc.os-system
 #            - name: ZINC_PORT
@@ -138,13 +203,19 @@ spec:
 #            - name: ZINC_INDEX
 #              value: os-system_zinc-files
             - name: WATCH_DIR
-              value: /Home/Documents
+              value: '/Home'
             - name: FS_TYPE
               value: {{ .Values.fs_type }}
             - name: PATH_PREFIX
               value: ''
             - name: ROOT_PREFIX
               value: /data
+            - name: CACHE_ROOT_PATH
+              value: ''
+            - name: CONTENT_PATH
+              value: /Home/Documents
+            - name: PHOTOS_PATH
+              value: /Home/Pictures
             - name: REDIS_HOST
               value: redis-cluster-proxy.os-system
             - name: REDIS_PORT
@@ -158,6 +229,32 @@ spec:
               # use redis db 0 for redis cache
             - name: REDIS_DB
               value: '0'
+            - name: NATS_HOST
+              value: nats
+            - name: NATS_PORT
+              value: '4222'
+            - name: NATS_USERNAME
+              value: os-system-files-server
+            - name: NATS_PASSWORD
+              value: {{ $files_nats_password | b64dec }}
+            - name: NATS_SUBJECT
+              value: terminus.os-system.files-notify
+            - name: RESERVED_SPACE
+              value: '1000'
+            - name: OLARES_VERSION
+              value: '1.11'
+            - name: FILE_CACHE_DIR
+              value: '/data/file_cache'
+            - name: PGHOST
+              value: citus-headless.os-system
+            - name: PGPORT
+              value: '5432'
+            - name: PGUSER
+              value: files_os_system
+            - name: PGPASSWORD
+              value: {{ $files_postgres_password | b64dec }}
+            - name: PGDB1
+              value: os_system_files
             - name: POD_NAME
               valueFrom:
                 fieldRef:
@@ -174,12 +271,14 @@ spec:
             - /filebrowser
             - --noauth
         - name: uploader
-          image: beclab/upload:v1.0.5
+          image: beclab/upload:v1.0.14
           env:
             - name: UPLOAD_FILE_TYPE
               value: '*'
             - name: UPLOAD_LIMITED_SIZE
-              value: '21474836481'
+              value: '118111600640'
+            - name: RESERVED_SPACE
+              value: '1000'
           volumeMounts:
             - name: fb-data
               mountPath: /appdata
@@ -187,12 +286,21 @@ spec:
               mountPath: /data
             - name: upload-appdata
               mountPath: /appcache/
+{{ if .Values.sharedlib }}
+            - name: shared-lib
+              mountPath: /data/External
+              mountPropagation: Bidirectional
+{{ end }}
           resources: { }
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
           imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: true
+            runAsUser: 0
+            privileged: true
         - name: nginx
-          image: 'beclab/nginx-lua:n0.0.4'
+          image: 'nginx:stable-alpine3.17-slim'
           securityContext:
             runAsNonRoot: false
             runAsUser: 0
@@ -200,6 +308,10 @@ spec:
             - containerPort: 80
               protocol: TCP
           volumeMounts:
+            - name: files-nginx-config
+              readOnly: true
+              mountPath: /etc/nginx/nginx.conf
+              subPath: nginx.conf
             - name: files-nginx-config
               mountPath: /etc/nginx/conf.d/default.conf
               subPath: default.conf
@@ -211,26 +323,35 @@ spec:
         - name: userspace-dir
           hostPath:
             type: Directory
-            path: /terminus/rootfs/userspace
+            path: {{ .Values.rootPath }}/rootfs/userspace
         - name: fb-data
           hostPath:
             type: DirectoryOrCreate
-            path: /terminus/userdata/Cache/files
+            path: {{ .Values.rootPath }}/userdata/Cache/files
         - name: upload-appdata
           hostPath:
-            path: /terminus/userdata/Cache
+            path: {{ .Values.rootPath }}/userdata/Cache
             type: DirectoryOrCreate
         - name: files-nginx-config
           configMap:
             name: files-nginx-config
             items:
+              - key: nginx.conf
+                path: nginx.conf
               - key: default.conf
                 path: default.conf
             defaultMode: 420
         - name: user-appdata-dir
           hostPath:
-            path: /terminus/userdata/Cache
+            path: {{ .Values.rootPath }}/userdata/Cache
             type: Directory
+        
+{{ if .Values.sharedlib }}        
+        - name: shared-lib
+          hostPath:
+            path: {{ .Values.sharedlib }}
+            type: Directory
+{{ end }}            
 
 ---
 apiVersion: v1
@@ -301,14 +422,21 @@ spec:
           - sh
           - -c
           - |
-            chown -R 1000:1000 /appdata 
+            chown -R 1000:1000 /appdata
+        - args:
+          - -it
+          - nats.os-system:4222
+          image: owncloudci/wait-for:latest
+          imagePullPolicy: IfNotPresent
+          name: check-nats
       containers:
         - name: files
-          image: beclab/files-server:v0.2.30
+          image: beclab/files-server:v0.2.69
           imagePullPolicy: IfNotPresent
           securityContext:
-            allowPrivilegeEscalation: false
-            runAsUser: 1000
+            allowPrivilegeEscalation: true
+            runAsUser: 0
+            runAsNonRoot: false
           volumeMounts:
             - name: fb-data
               mountPath: /appdata
@@ -317,12 +445,16 @@ spec:
           ports:
             - containerPort: 8110
           env:
-            - name: FB_DATABASE
-              value: /appdata/database/filebrowser.db
-            - name: FB_CONFIG
-              value: /appdata/config/settings.json
-            - name: FB_ROOT
+            - name: ROOT_PREFIX
               value: /data
+#            - name: FB_DATABASE
+#              value: /appdata/database/filebrowser.db
+#            - name: FB_CONFIG
+#              value: /appdata/config/settings.json
+#            - name: FB_ROOT
+#              value: /data
+            - name: OLARES_VERSION
+              value: '1.11'
             - name: NODE_NAME
               valueFrom:
                 fieldRef:
@@ -334,11 +466,11 @@ spec:
         - name: user-appdata-dir
           hostPath:
             type: Directory
-            path: /terminus/userdata/Cache
+            path: {{ .Values.rootPath }}/userdata/Cache
         - name: fb-data
           hostPath:
             type: DirectoryOrCreate
-            path: /terminus/userdata/Cache/files-appdata
+            path: {{ .Values.rootPath }}/userdata/Cache/files-appdata
 
 ---
 apiVersion: v1
@@ -365,9 +497,39 @@ metadata:
   namespace: os-system
 type: Opaque
 data:
-  password: {{ $password }}
+  files_postgres_password: {{ $files_postgres_password }}
   files_redis_password: {{ $files_redis_password }}
 
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: files-nats-secrets
+  namespace: os-system
+data:
+  files_nats_password: {{ $files_nats_password }}
+type: Opaque
+
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: files-pg
+  namespace: os-system
+spec:
+  app: files
+  appNamespace: os-system
+  middleware: postgres
+  postgreSQL:
+    user: files_os_system
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: files_postgres_password
+          name: files-secrets
+    databases:
+      - name: files
+
 ---
 apiVersion: apr.bytetrade.io/v1alpha1
 kind: MiddlewareRequest
@@ -386,6 +548,37 @@ spec:
           name: files-secrets
     namespace: files-redis
 
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: files-server-nat
+  namespace: os-system
+spec:
+  app: files-server
+  appNamespace: os-system
+  middleware: nats
+  nats:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: files_nats_password
+          name: files-nats-secrets
+    refs: []
+    subjects:
+      - export:
+          - appName: files-frontend
+            pub: allow
+            sub: allow
+          - appName: vault
+            pub: allow
+            sub: allow
+        name: files-notify
+        permission:
+          pub: allow
+          sub: allow
+    user: os-system-files-server
+
 ---
 kind: ConfigMap
 apiVersion: v1
@@ -395,6 +588,37 @@ metadata:
   annotations:
     kubesphere.io/creator: bytetrade.io
 data:
+  nginx.conf: |-
+    user  nginx;
+    worker_processes  auto;
+
+    error_log  /var/log/nginx/error.log notice;
+    pid        /var/run/nginx.pid;
+
+    events {
+        worker_connections  1024;
+    }
+
+    http {
+        include       /etc/nginx/mime.types;
+        default_type  application/octet-stream;
+
+        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for"';
+
+        access_log  /var/log/nginx/access.log  main;
+
+        sendfile        on;
+        #tcp_nopush     on;
+
+        keepalive_timeout  2700;
+
+        #gzip  on;
+        client_max_body_size 4000M;
+
+        include /etc/nginx/conf.d/*.conf;
+    }
   default.conf: |-
     server {
     	listen 80 default_server;
@@ -444,12 +668,12 @@ data:
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Host $host;
 
-            client_body_timeout 60s;
+            client_body_timeout 600s;
             client_max_body_size 2000M;
             proxy_request_buffering off;
-            keepalive_timeout 75s;
-            proxy_read_timeout 60s;
-            proxy_send_timeout 60s;
+            keepalive_timeout 750s;
+            proxy_read_timeout 600s;
+            proxy_send_timeout 600s;
         }
 
         location /api/raw/AppData {
@@ -461,12 +685,77 @@ data:
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Host $host;
 
-            client_body_timeout 60s;
-            client_max_body_size 2000M;
+            client_body_timeout 1800s;
+            client_max_body_size 4000M;
             proxy_request_buffering off;
-            keepalive_timeout 75s;
-            proxy_read_timeout 60s;
-            proxy_send_timeout 60s;
+            keepalive_timeout 2700s;
+            proxy_read_timeout 1800s;
+            proxy_send_timeout 1800s;
+        }
+
+        location /api/raw {
+            proxy_pass http://127.0.0.1:8080;
+            # rewrite ^/server(.*)$ $1 break;
+
+            # Add original-request-related headers
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Host $host;
+
+            client_body_timeout 1800s;
+            client_max_body_size 4000M;
+            proxy_request_buffering off;
+            keepalive_timeout 2700s;
+            proxy_read_timeout 1800s;
+            proxy_send_timeout 1800s;
+        }
+
+        location /api/md5 {
+            proxy_pass http://127.0.0.1:8080;
+            # rewrite ^/server(.*)$ $1 break;
+            # Add original-request-related headers
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Host $host;
+            add_header Accept-Ranges bytes;
+            client_body_timeout 1800s;
+            client_max_body_size 4000M;
+            proxy_request_buffering off;
+            keepalive_timeout 2700s;
+            proxy_read_timeout 1800s;
+            proxy_send_timeout 1800s;
+        }
+
+        location /api/paste {
+            proxy_pass http://127.0.0.1:8080;
+            # rewrite ^/server(.*)$ $1 break;
+            # Add original-request-related headers
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Host $host;
+            add_header Accept-Ranges bytes;
+            client_body_timeout 1800s;
+            client_max_body_size 4000M;
+            proxy_request_buffering off;
+            keepalive_timeout 2700s;
+            proxy_read_timeout 1800s;
+            proxy_send_timeout 1800s;
+        }
+
+        location /api/cache {
+            proxy_pass http://127.0.0.1:8080;
+            # rewrite ^/server(.*)$ $1 break;
+            # Add original-request-related headers
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Host $host;
+            add_header Accept-Ranges bytes;
+            client_body_timeout 1800s;
+            client_max_body_size 4000M;
+            proxy_request_buffering off;
+            keepalive_timeout 2700s;
+            proxy_read_timeout 1800s;
+            proxy_send_timeout 1800s;
         }
 
         location /provider {
@@ -518,7 +807,7 @@ data:
 
             client_body_timeout 600s;
             client_max_body_size 4000M;
-            proxy_request_buffering off;
+            proxy_request_buffering on;
             keepalive_timeout 750s;
             proxy_read_timeout 600s;
             proxy_send_timeout 600s;
@@ -554,12 +843,12 @@ data:
 
             add_header Accept-Ranges bytes;
 
-            client_body_timeout 60s;
+            client_body_timeout 600s;
             client_max_body_size 2000M;
             proxy_request_buffering off;
-            keepalive_timeout 75s;
-            proxy_read_timeout 60s;
-            proxy_send_timeout 60s;
+            keepalive_timeout 750s;
+            proxy_read_timeout 600s;
+            proxy_send_timeout 600s;
         }
 
         location /seafhttp/ {
@@ -573,12 +862,12 @@ data:
 
             add_header Accept-Ranges bytes;
 
-            client_body_timeout 60s;
+            client_body_timeout 600s;
             client_max_body_size 2000M;
             proxy_request_buffering off;
-            keepalive_timeout 75s;
-            proxy_read_timeout 60s;
-            proxy_send_timeout 60s;
+            keepalive_timeout 750s;
+            proxy_read_timeout 600s;
+            proxy_send_timeout 600s;
         }
     	# files
     	# for all routes matching a dot, check for files and return 404 if not found

apps/files/config/user/helm-charts/files/templates/files_fe_deploy.yaml

@@ -2,6 +2,7 @@
 
 {{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
 {{- $zinc_files_secret := (lookup "v1" "Secret" $namespace "zinc-files-secrets") -}}
+
 {{- $password := "" -}}
 {{ if $zinc_files_secret -}}
 {{ $password = (index $zinc_files_secret "data" "password") }}
@@ -16,6 +17,75 @@
 {{ $redis_password = randAlphaNum 16 | b64enc }}
 {{- end -}}
 
+{{- $redis_password_data := "" -}}
+{{ $redis_password_data = $redis_password | b64dec }}
+
+{{- $pg_password := "" -}}
+{{ if $zinc_files_secret -}}
+{{ $pg_password = (index $zinc_files_secret "data" "pg_password") }}
+{{ else -}}
+{{ $pg_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+{{- $files_frontend_nats_secret := (lookup "v1" "Secret" $namespace "files-frontend-nats-secrets") -}}
+{{- $files_frontend_nats_password := "" -}}
+{{ if $files_frontend_nats_secret -}}
+{{ $files_frontend_nats_password = (index $files_frontend_nats_secret "data" "files_frontend_nats_password") }}
+{{ else -}}
+{{ $files_frontend_nats_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloud-drive-integration-secrets
+  namespace: user-system-{{ .Values.bfl.username }}
+type: Opaque
+data:
+  pg_password: {{ $pg_password }}
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: cloud-drive-integration-pg
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: cloud-drive-integration
+  appNamespace: {{ .Release.Namespace }}
+  middleware: postgres
+  postgreSQL:
+    user: cloud_drive_integration_{{ .Values.bfl.username }}
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: pg_password
+          name: cloud-drive-integration-secrets
+    databases:
+    - name: cloud-drive-integration
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cloud-drive-integration-secrets-auth
+  namespace: {{ .Release.Namespace }}
+data:
+  redis_password: {{ $redis_password_data }}
+  redis_addr: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379
+  redis_host: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
+  redis_port: '6379'
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cloud-drive-integration-userspace-data
+  namespace: {{ .Release.Namespace }}
+data:
+  appData: "{{ .Values.userspace.appData }}"
+  appCache: "{{ .Values.userspace.appCache }}"
+  username: "{{ .Values.bfl.username }}"
+
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -31,7 +101,7 @@ metadata:
     applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/files/icon.png
     applications.app.bytetrade.io/title: Files
     applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"files", "host":"files-service", "port":80,"title":"Files"}]'
+    applications.app.bytetrade.io/entrances: '[{"name":"files", "host":"files-service", "port":80,"title":"Files","windowPushState":true}]'
 spec:
   replicas: 1
   selector:
@@ -41,6 +111,7 @@ spec:
     metadata:
       labels:
         app: files
+        io.bytetrade.app: "true"
     spec:
       serviceAccountName: bytetrade-controller
       securityContext:
@@ -71,6 +142,12 @@ spec:
         image: owncloudci/wait-for:latest
         imagePullPolicy: IfNotPresent
         name: check-auth
+      - args:
+        - -it
+        - nats.user-system-{{ .Values.bfl.username }}:4222
+        image: owncloudci/wait-for:latest
+        imagePullPolicy: IfNotPresent
+        name: check-nats
       - name: terminus-sidecar-init
         image: openservicemesh/init:v1.2.3
         imagePullPolicy: IfNotPresent
@@ -104,6 +181,24 @@ spec:
               apiVersion: v1
               fieldPath: status.podIP
 
+      - name: init-container
+        image: 'postgres:16.0-alpine3.18'
+        command:
+          - sh
+          - '-c'
+          - >-
+            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
+        env:
+          - name: PGHOST
+            value: citus-master-svc.user-system-{{ .Values.bfl.username }}
+          - name: PGPORT
+            value: "5432"
+          - name: PGUSER
+            value: cloud_drive_integration_{{ .Values.bfl.username }}
+          - name: PGPASSWORD
+            value: "{{ $pg_password | b64dec }}"
+          - name: PGDB
+            value: user_space_{{ .Values.bfl.username }}_cloud_drive_integration
       containers:
 #      - name: gateway
 #        image: beclab/appdata-gateway:0.1.12
@@ -141,7 +236,7 @@ spec:
 #          value: 'True'
 #        - name: WATCHER_ENABLED
 #          value: 'True'
-#        - name: KNOWLEDGE_BASE_ENABLED
+#        - name: cloud-drive-integration_BASE_ENABLED
 #          value: 'True'
 #        - name: BFL_NAME
 #          value: '{{ .Values.bfl.username }}'
@@ -184,6 +279,8 @@ spec:
 #          # use redis db 0 for redis cache
 #        - name: REDIS_DB
 #          value: '0'
+#        - name: REDIS_URL
+#          value: 'redis://:{{ $redis_password | b64dec }}@redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379/0'
 #        - name: POD_NAME
 #          valueFrom:
 #            fieldRef:
@@ -200,24 +297,73 @@ spec:
 #        - /filebrowser
 #        - --noauth
       - name: files-frontend
-        image: beclab/files-frontend:v1.2.22
+        image: beclab/files-frontend-1.11:v1.3.55
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: false
           runAsUser: 0
         ports:
         - containerPort: 80
+        env:
+          - name: NATS_HOST
+            value: nats.user-system-{{ .Values.bfl.username }}
+          - name: NATS_PORT
+            value: '4222'
+          - name: NATS_USERNAME
+            value: user-system-{{ .Values.bfl.username }}-files-frontend
+          - name: NATS_PASSWORD
+            value: {{ $files_frontend_nats_password | b64dec }}
+          - name: NATS_SUBJECT
+            value: terminus.os-system.files-notify
         volumeMounts:
         - name: userspace-dir
           mountPath: /data
       - name: drive-server
-        image: beclab/drive:v0.0.3
+        image: beclab/drive:v0.0.72
         imagePullPolicy: IfNotPresent
         env:
         - name: OS_SYSTEM_SERVER
           value: system-server.user-system-{{ .Values.bfl.username }}
-        ports:
+        - name: DATABASE_URL
+          value: postgres://cloud_drive_integration_{{ .Values.bfl.username }}:{{ $pg_password | b64dec }}@citus-master-svc.user-system-{{ .Values.bfl.username }}:5432/user_space_{{ .Values.bfl.username }}_cloud_drive_integration
+        - name: REDIS_URL
+          value: redis://:{{ $redis_password | b64dec }}@redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379/0
+        - name: TASK_EXECUTOR_MAX_THREADS
+          value: '6'
+        ports: 
         - containerPort: 8181
+        volumeMounts:
+        - name: data-dir
+          mountPath: /data
+        - name: upload-data
+          mountPath: /data/Home
+        - name: upload-appdata
+          mountPath: /appdata/
+        - name: userspace-app-dir
+          mountPath: /data/Application
+      - name: task-executor
+        image: beclab/driveexecutor:v0.0.72
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: OS_SYSTEM_SERVER
+          value: system-server.user-system-{{ .Values.bfl.username }}
+        - name: DATABASE_URL
+          value: postgres://cloud_drive_integration_{{ .Values.bfl.username }}:{{ $pg_password | b64dec }}@citus-master-svc.user-system-{{ .Values.bfl.username }}:5432/user_space_{{ .Values.bfl.username }}_cloud_drive_integration
+        - name: REDIS_URL
+          value: redis://:{{ $redis_password | b64dec }}@redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379/0
+        - name: TASK_EXECUTOR_MAX_THREADS
+          value: '6'
+        ports: 
+        - containerPort: 8181
+        volumeMounts:
+        - name: data-dir
+          mountPath: /data
+        - name: upload-data
+          mountPath: /data/Home
+        - name: upload-appdata
+          mountPath: /appdata/
+        - name: userspace-app-dir
+          mountPath: /data/Application
 #      - name: terminus-upload-sidecar
 #        image: beclab/upload:v1.0.3
 #        env:
@@ -280,6 +426,10 @@ spec:
               fieldPath: status.podIP
 
       volumes:
+      - name: data-dir
+        hostPath:
+          path: {{ .Values.rootPath }}/rootfs/userspace
+          type: Directory
       - name: watch-dir
         hostPath:
           type: Directory
@@ -487,6 +637,17 @@ type: Opaque
 data:
   password: {{ $password }}
   redis_password: {{ $redis_password }}
+  pg_password: {{ $pg_password }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: files-frontend-nats-secrets
+  namespace: user-system-{{ .Values.bfl.username }}
+data:
+  files_frontend_nats_password: {{ $files_frontend_nats_password }}
+type: Opaque
 
 #---
 #apiVersion: apr.bytetrade.io/v1alpha1
@@ -528,6 +689,31 @@ spec:
           name: zinc-files-secrets
     namespace: zinc-files
 
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: files-frontend-nat
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: files-frontend
+  appNamespace: user-space-{{ .Values.bfl.username }}
+  middleware: nats
+  nats:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: files_frontend_nats_password
+          name: files-frontend-nats-secrets
+    refs:
+      - appName: files-server
+        appNamespace: os-system
+        subjects:
+          - name: files-notify
+            perm:
+              - pub
+              - sub
+    user: user-system-{{ .Values.bfl.username }}-files-frontend
 
 ---
 apiVersion: v1
@@ -560,6 +746,7 @@ data:
                       - upgrade_type: websocket
                       - upgrade_type: tailscale-control-protocol
                     skip_xff_append: false
+                    max_request_headers_kb: 500
                     codec_type: AUTO
                     route_config:
                       name: local_route
@@ -571,11 +758,14 @@ data:
                                 prefix: "/upload"
                               route:
                                 cluster: upload_original_dst
+                                timeout: 1800s
+                                idle_timeout: 1800s
                             - match:
                                 prefix: "/"
                               route:
                                 cluster: original_dst
-                                timeout: 600s
+                                timeout: 1800s
+                                idle_timeout: 1800s
                     http_protocol_options:
                       accept_http_10: true
                     http_filters:
@@ -638,6 +828,8 @@ data:
                   typed_config:
                     "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                     stat_prefix: tapr_http
+                    http_protocol_options:
+                      accept_http_10: true
                     upgrade_configs:
                       - upgrade_type: websocket
                     skip_xff_append: false
@@ -660,9 +852,11 @@ data:
 
       clusters:
         - name: original_dst
-          connect_timeout: 5000s
+          connect_timeout: 120s
           type: ORIGINAL_DST
           lb_policy: CLUSTER_PROVIDED
+          common_http_protocol_options:
+            idle_timeout: 10s
         - name: upload_original_dst
           connect_timeout: 5000s
           type: LOGICAL_DNS

apps/knowledge/config/user/helm-charts/knowledge/templates/knowledge_deployment.yaml

@@ -19,6 +19,13 @@
 {{ $pg_password = randAlphaNum 16 | b64enc }}
 {{- end -}}
 
+{{- $knowledge_nats_secret := (lookup "v1" "Secret" $namespace "knowledge-secrets") -}}
+{{- $nat_password := "" -}}
+{{ if $knowledge_nats_secret -}}
+{{ $nat_password = (index $knowledge_nats_secret "data" "nat_password") }}
+{{ else -}}
+{{ $nat_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
 ---
 apiVersion: v1
 kind: Secret
@@ -28,6 +35,7 @@ metadata:
 type: Opaque
 data:
   pg_password: {{ $pg_password }}
+  nat_password: {{ $nat_password }}
 ---
 apiVersion: apr.bytetrade.io/v1alpha1
 kind: MiddlewareRequest
@@ -51,6 +59,31 @@ spec:
       - pg_trgm
       - btree_gin
 ---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: knowledge-nat
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: knowledge
+  appNamespace: {{ .Release.Namespace }}
+  middleware: nats
+  nats:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: nat_password
+          name: knowledge-secrets
+    refs:
+    - appName: download
+      appNamespace: {{ .Release.Namespace }}
+      subjects:
+      - name: download_status
+        perm:
+        - pub
+        - sub
+    user: user-system-{{ .Values.bfl.username }}-knowledge
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -101,6 +134,20 @@ spec:
         fsGroup: 1000
 
       initContainers:
+      - name: init-data
+        image: busybox:1.28
+        securityContext:
+          privileged: true
+          runAsNonRoot: false
+          runAsUser: 0
+        volumeMounts:
+        - name: juicefs
+          mountPath: /juicefs
+        command:
+        - sh
+        - -c
+        - |
+          chown -R 1000:1000 /juicefs
       - name: init-container
         image: 'postgres:16.0-alpine3.18'
         command:
@@ -121,7 +168,7 @@ spec:
             value: user_space_{{ .Values.bfl.username }}_knowledge
       containers:
       - name: knowledge
-        image: "beclab/knowledge-base-api:v0.1.42"
+        image: "beclab/knowledge-base-api:v0.1.72"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -132,10 +179,12 @@ spec:
         env:
         - name: BACKEND_URL
           value: http://127.0.0.1:8080
-        - name: RSSSERVER_URL
-          value: 'http://rss-server.os-system:3010/rss'
+        - name: RSSHUB_URL
+          value: 'http://rss-server.os-system:1200'
         - name: SEARCH_URL
           value: 'http://search3.os-system:80'
+        - name: UPLOAD_SAVE_PATH
+          value: '/data/Home/Documents/'
         - name: REDIS_PASSWORD
           valueFrom:
             configMapKeyRef:
@@ -162,6 +211,20 @@ spec:
           value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080
         - name: BFL_USER_NAME
           value: "{{ .Values.bfl.username }}"
+        - name: SETTING_URL
+          value: http://system-server.user-system-{{ .Values.bfl.username }}
+        - name: NATS_HOST
+          value: nats.user-system-{{ .Values.bfl.username }}
+        - name: NATS_PORT
+          value: "4222"
+        - name: NATS_USERNAME
+          value: user-system-{{ .Values.bfl.username }}-knowledge
+        - name: NATS_PASSWORD
+          value: {{ $nat_password | b64dec }}
+        - name: NATS_SUBJECT
+          value: "terminus.{{ .Release.Namespace }}.download_status"
+        - name: SOCKET_URL
+          value: 'http://localhost:40010'
         volumeMounts:
         - name: watch-dir
           mountPath: /data/Home/Documents
@@ -175,7 +238,7 @@ spec:
             memory: 1Gi
 
       - name: backend-server
-        image: "beclab/recommend-backend:v0.0.9"
+        image: "beclab/recommend-backend:v0.0.31"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -184,6 +247,16 @@ spec:
         env:
         - name: LISTEN_ADDR
           value: 127.0.0.1:8080
+        - name: REDIS_PASSWORD
+          valueFrom:
+            configMapKeyRef:
+              name: knowledge-secrets-auth
+              key: redis_password
+        - name: REDIS_ADDR
+          valueFrom:
+            configMapKeyRef:
+              name: knowledge-secrets-auth
+              key: redis_addr
         - name: OS_SYSTEM_SERVER
           value: system-server.user-system-{{ .Values.bfl.username }}
         - name: OS_APP_SECRET
@@ -191,7 +264,7 @@ spec:
         - name: OS_APP_KEY
           value: {{ .Values.os.wise.appKey }}
         - name: RSS_HUB_URL
-          value: 'http://rss-server.os-system:3010/rss'
+          value: 'http://rss-server.os-system:1200/'
         - name: WE_CHAT_REFRESH_FEED_URL
           value: https://recommend-wechat-prd.bttcdn.com/api/wechat/entries
         - name: WECHAT_ENTRY_CONTENT_GET_API_URL
@@ -206,11 +279,31 @@ spec:
           value: "5432"
         - name: PG_DATABASE
           value: user_space_{{ .Values.bfl.username }}_knowledge
+        - name: WATCH_DIR
+          value: /data/Home/Downloads
+        - name: NOTIFY_SERVER
+          value: fsnotify-svc.user-system-{{ .Values.bfl.username }}:5079
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: CONTAINER_NAME
+          value: backend-server
         - name: YT_DLP_API_URL
           value: http://download-svc.user-space-{{ .Values.bfl.username }}:3082/api/v1/get_metadata
         - name: DOWNLOAD_API_URL
-          value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080/api/termius/download
-
+          value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080/api
+        - name: SETTING_API_URL
+          value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
+        volumeMounts:
+          - name: watch-dir
+            mountPath: /data/Home/Downloads
         ports:
         - containerPort: 8080
         resources:
@@ -221,12 +314,91 @@ spec:
             cpu: "800m"
             memory: 400Mi
 
+      - name: sync
+        image: "beclab/recommend-sync:v0.0.15"
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsUser: 1000
+        env:
+        - name: TERMIUS_USER_NAME
+          value: "{{ .Values.bfl.username }}"
+        - name: JUICEFS_ROOT_DIRECTORY
+          value: /juicefs
+        - name: KNOWLEDGE_BASE_API_URL
+          value: http://127.0.0.1:3010
+        - name: PG_HOST
+          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
+        - name: PG_USERNAME
+          value: knowledge_{{ .Values.bfl.username }}
+        - name: PG_PASSWORD
+          value: {{ $pg_password | b64dec }}
+        - name: PG_DATABASE
+          value: user_space_{{ .Values.bfl.username }}_knowledge
+        - name: PG_PORT
+          value: "5432"
+        - name: TERMINUS_RECOMMEND_REDIS_ADDR
+          valueFrom:
+            configMapKeyRef:
+              name: knowledge-secrets-auth
+              key: redis_addr
+        - name: TERMINUS_RECOMMEND_REDIS_PASSOWRD
+          valueFrom:
+            configMapKeyRef:
+              name: knowledge-secrets-auth
+              key: redis_password
+        volumeMounts:
+        - name: juicefs
+          mountPath: /juicefs
+       
+      - name: crawler
+        image: "beclab/recommend-crawler:v0.0.14"
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsUser: 1000
+        env:
+        - name: TERMIUS_USER_NAME
+          value: "{{ .Values.bfl.username }}"
+        - name: KNOWLEDGE_BASE_API_URL
+          value: http://127.0.0.1:3010
+        resources:
+          requests:
+            cpu: 20m
+            memory: 50Mi
+          limits:
+            cpu: "800m"
+            memory: 800Mi
+
+      - name: terminus-ws-sidecar
+        image: 'beclab/ws-gateway:v1.0.4'
+        imagePullPolicy: IfNotPresent
+        command:
+          - /ws-gateway
+        env:
+          - name: WS_PORT
+            value: '3010'
+          - name: WS_URL
+            value: /knowledge/websocket/message
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+
       volumes:
       - name: watch-dir
         hostPath:
           type: Directory
-          path: {{ .Values.userspace.userData }}/Documents
-
+          path: {{ .Values.userspace.userData }}
+      - name: juicefs
+        hostPath:
+          type: DirectoryOrCreate
+          path: {{ .Values.userspace.appData }}/rss/data
+          
+      - name: terminus-sidecar-config
+        configMap:
+          name: sidecar-ws-configs
+          items:
+          - key: envoy.yaml
+            path: envoy.yaml
+      
 
 ---
 apiVersion: v1
@@ -251,6 +423,10 @@ spec:
       protocol: TCP
       port: 3010
       targetPort: 3010
+    - name: "knowledge-websocket"
+      protocol: TCP
+      port: 40010
+      targetPort: 40010
 
 ---
 apiVersion: v1

apps/market/config/user/helm-charts/market/templates/market_deploy.yaml

@@ -1,3 +1,20 @@
+{{- $market_secret := (lookup "v1" "Secret" .Release.Namespace "market-secrets") -}}
+
+{{- $redis_password := "" -}}
+{{ if $market_secret -}}
+{{ $redis_password = (index $market_secret "data" "redis-passwords") }}
+{{ else -}}
+{{ $redis_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: market-secrets
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  redis-passwords: {{ $redis_password }}
 
 ---
 apiVersion: apps/v1
@@ -14,7 +31,7 @@ metadata:
     applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/appstore/icon.png
     applications.app.bytetrade.io/title: Market
     applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"appstore-service", "host":"appstore-service", "port":80,"title":"Market"}]'
+    applications.app.bytetrade.io/entrances: '[{"name":"appstore-service", "host":"appstore-service", "port":80,"title":"Market","windowPushState":true}]'
 spec:
   replicas: 1
   selector:
@@ -24,7 +41,9 @@ spec:
     metadata:
       labels:
         app: appstore
+        io.bytetrade.app: "true"
     spec:
+      priorityClassName: "system-cluster-critical"
       initContainers:
         - args:
           - -it
@@ -66,12 +85,12 @@ spec:
                 fieldPath: status.podIP
       containers:
       - name: appstore
-        image: beclab/market-frontend:v0.2.12
+        image: beclab/market-frontend:v0.3.11
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
       - name: appstore-backend
-        image: beclab/market-backend:v0.2.12
+        image: beclab/market-backend:v0.3.11
         imagePullPolicy: IfNotPresent
         ports:
           - containerPort: 81
@@ -84,6 +103,8 @@ spec:
             value: {{ .Values.os.appstore.appKey }}
           - name: APP_SOTRE_SERVICE_SERVICE_HOST
             value: appstore-server-prod.bttcdn.com
+          - name: MARKET_PROVIDER
+            value: '{{ .Values.os.appstore.marketProvider }}'
           - name: APP_SOTRE_SERVICE_SERVICE_PORT
             value: '443'
           - name: APP_SERVICE_SERVICE_HOST
@@ -92,6 +113,15 @@ spec:
             value: '6755'
           - name: REPO_URL_PORT
             value: "82"
+          - name: REDIS_ADDRESS
+            value: 'redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379'
+          - name: REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: market-secrets
+                key: redis-passwords
+          - name: REDIS_DB_NUMBER
+            value: '0'
           - name: REPO_URL_HOST
             valueFrom:
               fieldRef:
@@ -140,7 +170,7 @@ spec:
             fieldRef:
               fieldPath: status.podIP
       - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.3'
+        image: 'beclab/ws-gateway:v1.0.5'
         command:
           - /ws-gateway
         env:
@@ -201,6 +231,11 @@ spec:
     ops:
       - Create
     version: v1
+  - dataType: app
+    group: service.bfl
+    ops:
+      - UserApps
+    version: v1
 status:
   state: active
 
@@ -225,4 +260,21 @@ spec:
       uri: /app-store/v1/applications/provider/uninstalldev
   version: v1
 status:
-  state: active
+  state: active
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: market-redis
+  namespace: {{ .Release.Namespace }}
+spec:
+  app: market
+  appNamespace: {{ .Release.Namespace }}
+  middleware: redis
+  redis:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: redis-passwords
+          name: market-secrets
+    namespace: market

apps/market/config/user/helm-charts/market/values.yaml

@@ -39,5 +39,7 @@ os:
   search2:
     appKey: '${ks[0]}'
     appSecret: test
+  appstore:
+    marketProvider: ''
 kubesphere:
   redis_password: ""

apps/nitro/README.md

@@ -1,3 +0,0 @@
-# nitro
-
-https://github.com/beclab/mynitro

apps/nitro/config/cluster/deploy/nitro_deploy.yaml

@@ -1,263 +0,0 @@
-
-{{ $nitro_appcache_rootpath := "/terminus/userdata/Cache/nitro" }}
-
-{{ $client_id := randAlphaNum 8 }}
-
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: nitro-nginx-config
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    kubesphere.io/creator: bytetrade.io
-data:
-  default.conf: |-
-    server {
-      listen 80;
-      server_name _;
-
-      location /nitro/model_server/ {
-          # proxy_pass http://127.0.0.1:3928/;
-          proxy_pass http://nitro:3928/;
-          include proxy.conf;
-      }
-
-      location /wasm/model_server/ {
-          proxy_pass http://nitro:8081/;
-          include proxy.conf;
-      }
-
-      location /nitro/ {
-        proxy_pass http://127.0.0.1:3900/;
-        include proxy.conf;
-      }
-
-      location / {
-        proxy_pass http://127.0.0.1:3900;
-        include proxy.conf;
-      }
-    }
-  nginx.conf: |-
-    user  nginx;
-    worker_processes  auto;
-
-    error_log  /var/log/nginx/error.log notice;
-    pid        /var/run/nginx.pid;
-
-
-    events {
-        worker_connections  1024;
-    }
-
-
-    http {
-        include       /etc/nginx/mime.types;
-        default_type  application/octet-stream;
-
-        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                          '$status $body_bytes_sent "$http_referer" '
-                          '"$http_user_agent" "$http_x_forwarded_for"';
-
-        access_log  /var/log/nginx/access.log  main;
-
-        sendfile        on;
-        #tcp_nopush     on;
-
-        keepalive_timeout  65;
-
-        #gzip  on;
-        client_max_body_size 15M;
-
-        include /etc/nginx/conf.d/*.conf;
-    }
-  proxy.conf: |-
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    # proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_http_version 1.1;
-    proxy_set_header Connection "";
-    proxy_buffering off;
-    proxy_read_timeout 3600s;
-    proxy_send_timeout 3600s;
-
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: nitro
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  ports:
-  - name: nginx-port
-    protocol: TCP
-    port: 80
-    targetPort: 80
-  - name: ui-port
-    protocol: TCP
-    port: 3900
-    targetPort: 3900
-  - name: nitro-port
-    protocol: TCP
-    port: 3928
-    targetPort: 3928
-  selector:
-    app: nitro
-
----
-# create statefulset
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nitro
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: nitro
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: nitro
-      name: nitro
-  template:
-    metadata:
-      labels:
-        app: nitro
-        name: nitro
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-
-      {{- if and .Values.gpu (not (eq .Values.gpu "none" )) }}
-      initContainers:
-        - name: init-data
-          image: busybox:1.28
-          securityContext:
-            privileged: true
-            runAsNonRoot: false
-            runAsUser: 0
-          volumeMounts:
-            - name: model-vol
-              mountPath: /model
-            - name: custom-model-config-vol
-              mountPath: /custom_model_config
-            - name: model-parent
-              mountPath: /model_parent
-          command:
-          - sh
-          - -c
-          - |
-            chown -R 1000:1000 /model_parent 
-      {{- end }}
-
-      containers:
-      - name: nginx
-        image: 'beclab/nginx-lua:n0.0.4'
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-        ports:
-          - containerPort: 80
-            name: nginx-port
-            protocol: TCP
-        volumeMounts:
-          - name: nitro-nginx-config
-            mountPath: /etc/nginx/nginx.conf
-            subPath: nginx.conf
-          - name: nitro-nginx-config
-            mountPath: /etc/nginx/proxy.conf
-            subPath: proxy.conf
-          - name: nitro-nginx-config
-            mountPath: /etc/nginx/conf.d/default.conf
-            subPath: default.conf
-      {{- if and .Values.gpu (not (eq .Values.gpu "none" )) }}
-      - name: nitro
-        image: 'beclab/nitro:v0.0.10'
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        ports:
-          - name: nitro-port
-            containerPort: 3928
-            protocol: TCP
-          - name: ui-port
-            containerPort: 3900
-            protocol: TCP
-        env:
-          - name: DIFY_HOST
-            value: 'http://difyfusion'
-          - name: LLM_HOST
-            value: 'http://nitro'
-          - name: LOG_SIZE
-            value: '15M'
-          - name: LLM_UTIL
-            value: 'NITRO'
-          - name: PREFIX
-            value: '/nitro'
-          - name: NGL_VALUE
-            value: '33'
-          - name: C_VALUE
-            value: '1024'
-          - name: OTHER_VALUES
-          - name: PGID
-            value: '1000'
-          - name: PUID
-            value: '1000'
-          - name: TZ
-            value: Etc/UTC
-          {{- if (eq .Values.gpu "virtaitech" ) }}
-          - name: ORION_VGPU
-            value: "1"
-          - name: ORION_CLIENT_ID
-            value: {{ .Release.Namespace }}-{{ $client_id }}
-          - name: ORION_TASK_NAME
-            value: {{ .Release.Namespace }}-{{ $client_id }}-nitro
-          - name: ORION_GMEM
-            value: "8000"
-          - name: ORION_RESERVED
-            value: "0"
-          {{- end }}
-        resources:
-          limits:
-            {{ .Values.gpu }}.com/gpu: '1'
-        volumeMounts:
-          - name: model-vol
-            mountPath: /model
-          - name: custom-model-config-vol
-            mountPath: /custom_model_config
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        imagePullPolicy: IfNotPresent
-      {{- end }}
-
-      volumes:
-      - name: custom-model-config-vol
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ $nitro_appcache_rootpath }}/volumes/app/custom_model_config
-      - name: model-vol
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ $nitro_appcache_rootpath }}/volumes/app/model
-      - name: model-parent
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ $nitro_appcache_rootpath }}/volumes
-      - name: nitro-nginx-config
-        configMap:
-          name: nitro-nginx-config
-          items:
-            - key: nginx.conf
-              path: nginx.conf
-            - key: proxy.conf
-              path: proxy.conf
-            - key: default.conf
-              path: default.conf
-          defaultMode: 420

apps/notifications/config/user/helm-charts/notification/templates/notification_deploy.yaml

@@ -38,172 +38,6 @@ spec:
     databases:
     - name: notifications   
 
-{{ if (eq .Values.debugVersion true) }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: notifications-deployment
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: notifications
-    applications.app.bytetrade.io/author: bytetrade.io
-
-    applications.app.bytetrade.io/name: notifications
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/notifications/icon.png
-    applications.app.bytetrade.io/title: Notifications
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"notifications", "host":"notifications-service", "port":80,"title":"Notifications"}]'
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: notifications
-  template:
-    metadata:
-      labels:
-        app: notifications
-    spec:
-      initContainers:
-      - args:
-        - -it
-        - authelia-backend.os-system:9091
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      - name: terminus-sidecar-init
-        image: openservicemesh/init:v1.2.3
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-          capabilities: 
-            add:
-            - NET_ADMIN
-          runAsNonRoot: false
-          runAsUser: 0
-        command:
-        - /bin/sh
-        - -c
-        - |
-          iptables-restore --noflush <<EOF
-          # sidecar interception rules
-          *nat
-          :PROXY_IN_REDIRECT - [0:0]
-          :PROXY_INBOUND - [0:0]
-          -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-          -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-          -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-          -A PREROUTING -p tcp -j PROXY_INBOUND
-          COMMIT
-          EOF
-        
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-      containers:
-      - name: notifications-frontend
-        image: beclab/notifications-frontend:v0.1.22
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 80
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-      volumes:
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-        # - name: REDIS_HOST
-        #   value: localhost
-        # - name: REDIS_PORT
-        #   value: "6379"
-      # - name: notifications-worker
-      #   image: aboveos/notifications-worker:v0.1.2
-      #   imagePullPolicy: IfNotPresent
-      #   env:
-      #   - name: MONGO_URL
-      #     value: mongodb://admin:123456@localhost:27017
-      #   - name: REDIS_HOST
-      #     value: localhost
-      #   - name: REDIS_CACHE_SERVICE_HOST
-      #     value: localhost
-      #   - name: REDIS_PORT
-      #     value: "6379"
-      # - name: mongodb
-      #   image: mongo:4.4.5
-      #   env:
-      #   - name: MONGO_INITDB_ROOT_USERNAME
-      #     value: admin
-      #   - name: MONGO_INITDB_ROOT_PASSWORD
-      #     value: '123456'
-      #   imagePullPolicy: IfNotPresent
-      #   ports:
-      #   - containerPort: 27017
-      #   volumeMounts:
-      #   - name: mongo-data
-      #     mountPath: /data/db
-      # - name: redis
-      #   image: redis:7.0.5-alpine3.16
-      #   imagePullPolicy: IfNotPresent
-      #   volumeMounts:
-      #   - name: redis-data
-      #     mountPath: /data
-      # volumes:
-      # - name: mongo-data
-      #   hostPath:
-      #     type: DirectoryOrCreate
-      #     path: {{ .Values.userspace.appCache}}/notification/db
-      # - name: redis-data
-      #   hostPath:
-      #     type: DirectoryOrCreate
-      #     path: {{ .Values.userspace.appCache}}/notification/redisdata
-{{ end }}
 
 ---
 apiVersion: apps/v1
@@ -248,7 +82,7 @@ spec:
             value: user_space_{{ .Values.bfl.username }}_notifications
       containers:
       - name: notifications-api
-        image: beclab/notifications-api:v0.1.22
+        image: beclab/notifications-api:v0.1.25
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010
@@ -262,8 +96,25 @@ spec:
           value: {{ .Values.os.notification.appKey }}
         - name: DATABASE_PASSWORD
           value: {{ $password | b64dec }}
+        - name: PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING
+          value: '1'
         - name: DATABASE_URL
           value: postgres://notifications_{{ .Values.bfl.username }}:$(DATABASE_PASSWORD)@citus-master-svc.user-system-{{ .Values.bfl.username }}/user_space_{{ .Values.bfl.username }}_notifications?sslmode=disable
+        livenessProbe:
+          tcpSocket:
+            port: 3010
+          initialDelaySeconds: 25
+          timeoutSeconds: 15
+          periodSeconds: 10
+          successThreshold: 1
+          failureThreshold: 8
+        readinessProbe:
+          tcpSocket:
+            port: 3010
+          initialDelaySeconds: 25
+          periodSeconds: 10
+
+
 
 ---
 apiVersion: v1
@@ -271,17 +122,6 @@ kind: Service
 metadata:
   name: notifications-service
   namespace: {{ .Release.Namespace }}
-{{ if (eq .Values.debugVersion true) }}
-spec:
-  type: ClusterIP
-  selector:
-    app: notifications
-  ports:
-  - name: "notifications-frontend"
-    protocol: TCP
-    port: 80
-    targetPort: 80
-{{ else }}    
 spec:
   type: ClusterIP
   selector:
@@ -291,7 +131,6 @@ spec:
     protocol: TCP
     port: 80
     targetPort: 3010
-{{ end }}
 
 ---
 apiVersion: v1

apps/profile/README.md

@@ -1,3 +0,0 @@
-# profile
-
-https://github.com/beclab/profile

apps/profile/config/user/helm-charts/profile/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "profile.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "profile.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "profile.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "profile.labels" -}}
-helm.sh/chart: {{ include "profile.chart" . }}
-{{ include "profile.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "profile.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "profile.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "profile.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "profile.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

apps/profile/config/user/helm-charts/profile/templates/profile_deployment.yaml

@@ -1,235 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: profile-deployment
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: profile
-    applications.app.bytetrade.io/name: profile
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-    applications.app.bytetrade.io/author: bytetrade.io
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/profile/icon.png
-    applications.app.bytetrade.io/title: Profile
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile"}]'
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: profile
-  template:
-    metadata:
-      labels:
-        app: profile
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-
-      initContainers:
-      - name: init-data
-        image: busybox:1.28
-        securityContext:
-          privileged: true
-          runAsNonRoot: false
-          runAsUser: 0
-        volumeMounts:
-        - name: data
-          mountPath: /data
-        command:
-        - sh
-        - -c
-        - |
-          chown -R 1000:1000 /data
-
-      - args:
-        - -it
-        - authelia-backend.os-system:9091
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      - name: terminus-sidecar-init
-        image: openservicemesh/init:v1.2.3
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-          capabilities: 
-            add:
-            - NET_ADMIN
-          runAsNonRoot: false
-          runAsUser: 0
-        command:
-        - /bin/sh
-        - -c
-        - |
-          iptables-restore --noflush <<EOF
-          # sidecar interception rules
-          *nat
-          :PROXY_IN_REDIRECT - [0:0]
-          :PROXY_INBOUND - [0:0]
-          -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-          -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-          -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-          -A PREROUTING -p tcp -j PROXY_INBOUND
-          COMMIT
-          EOF
-        
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-
-      containers:
-      - name: profile-editor
-        image: beclab/profile-editor:v0.3.23
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-        ports:
-        - containerPort: 80
-      
-      - name: profile-preview
-        image: beclab/profile-preview:v0.3.23
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-        ports:
-        - containerPort: 8090
-
-      - name: profile-services
-        image: beclab/profile-services:v0.3.23
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        ports:
-        - containerPort: 3020       
-        volumeMounts:
-          - name: data
-            mountPath: /data
-        env:
-        - name: OS_SYSTEM_SERVER
-          value: system-server.user-system-{{ .Values.bfl.username }}
-        - name: OS_APP_SECRET
-          value: '{{ .Values.os.profile.appSecret }}'
-        - name: OS_APP_KEY
-          value: {{ .Values.os.profile.appKey }}
-        - name: APP_SERVICE_SERVICE_HOST
-          value: app-service.os-system
-        - name: APP_SERVICE_SERVICE_PORT
-          value: '6755'
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        - name: tapr
-          containerPort: 15080
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-
-      volumes:
-      - name: data
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.appCache }}/profile
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: profile-service
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: profile
-  ports:
-    - name: "profile-editor"
-      protocol: TCP
-      port: 80
-      targetPort: 80
-    - name: "profile-preview"
-      protocol: TCP
-      port: 3000
-      targetPort: 8090
-    # - name: "profile-services"
-    #   protocol: TCP
-    #   port: 3020
-    #   targetPort: 3020  
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ApplicationPermission
-metadata:
-  name: profile
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: profile
-  appid: profile
-  key: {{ .Values.os.profile.appKey }}
-  secret: {{ .Values.os.profile.appSecret }}
-  permissions:
-  - dataType: datastore
-    group: service.bfl
-    ops:
-    - GetKey
-    - GetKeyPrefix
-    - SetKey
-    - DeleteKey
-    version: v1
-  - dataType: nft
-    group: service.settings
-    ops:
-    - getNFTAddress
-    version: v1
-status:
-  state: active

apps/profile/config/user/helm-charts/profile/values.yaml

@@ -1,43 +0,0 @@
-
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  rss:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""

apps/rss/config/cluster/deploy/rss_deploy.yaml

@@ -24,10 +24,10 @@ spec:
     spec:
       containers:
         - name: rss-server
-          image: beclab/rsshub:v0.0.3
+          image: beclab/rsshub-server:v0.0.5
           imagePullPolicy: IfNotPresent
           ports:
-          - containerPort: 3010
+          - containerPort: 1200
 
 ---
 apiVersion: v1
@@ -42,6 +42,6 @@ spec:
   ports:
     - name: server
       protocol: TCP
-      port: 3010
-      targetPort: 3010
+      port: 1200
+      targetPort: 1200
  

apps/search3/config/cluster/deploy/search3_server_deploy.yaml

@@ -44,7 +44,119 @@ spec:
         scripts:
         - begin;
         - CREATE TEXT SEARCH CONFIGURATION chinese (PARSER = zhparser);
-        - ALTER TEXT SEARCH CONFIGURATION chinese ADD MAPPING FOR n,v,a,i,e,l WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION chinese ADD MAPPING FOR a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u, v, w, x, y, z WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION arabic DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION arabic DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION arabic ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION arabic ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION armenian DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION armenian DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION armenian ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION armenian ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION basque DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION basque DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION basque ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION basque ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION catalan DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION catalan DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION catalan ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION catalan ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION danish DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION danish DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION danish ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION danish ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION dutch DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION dutch DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION dutch ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION dutch ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION english DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION english DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION english ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION english ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION finnish DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION finnish DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION finnish ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION finnish ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION french DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION french DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION french ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION french ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION german DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION german DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION german ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION german ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION greek DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION greek DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION greek ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION greek ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION hindi DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION hindi DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION hindi ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION hindi ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION hungarian DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION hungarian DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION hungarian ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION hungarian ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION indonesian DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION indonesian DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION indonesian ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION indonesian ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION irish DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION irish DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION irish ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION irish ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION italian DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION italian DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION italian ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION italian ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION lithuanian DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION lithuanian DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION lithuanian ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION lithuanian ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION nepali DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION nepali DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION nepali ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION nepali ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION norwegian DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION norwegian DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION norwegian ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION norwegian ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION portuguese DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION portuguese DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION portuguese ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION portuguese ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION romanian DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION romanian DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION romanian ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION romanian ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION russian DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION russian DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION russian ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION russian ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION serbian DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION serbian DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION serbian ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION serbian ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION spanish DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION spanish DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION spanish ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION spanish ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION swedish DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION swedish DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION swedish ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION swedish ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION tamil DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION tamil DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION tamil ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION tamil ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION turkish DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION turkish DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION turkish ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION turkish ADD MAPPING FOR asciiword WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION yiddish DROP MAPPING FOR word;
+        - ALTER TEXT SEARCH CONFIGURATION yiddish DROP MAPPING FOR asciiword;
+        - ALTER TEXT SEARCH CONFIGURATION yiddish ADD MAPPING FOR word WITH simple;
+        - ALTER TEXT SEARCH CONFIGURATION yiddish ADD MAPPING FOR asciiword WITH simple;
         - commit;
 ---
 apiVersion: apps/v1
@@ -87,7 +199,7 @@ spec:
             value: os_system_search3
       containers:
       - name: search3
-        image: beclab/search3:v0.0.9
+        image: beclab/search3:v0.0.30
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 8080

apps/settings/README.md

@@ -1,3 +0,0 @@
-# settings
-
-https://github.com/beclab/settings

apps/settings/config/user/helm-charts/settings/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

apps/settings/config/user/helm-charts/settings/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: settings
-description: A Helm chart for Kubernetes
-maintainers:
-- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

apps/settings/config/user/helm-charts/settings/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "settings.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "settings.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "settings.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "settings.labels" -}}
-helm.sh/chart: {{ include "settings.chart" . }}
-{{ include "settings.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "settings.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "settings.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "settings.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "settings.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

apps/settings/config/user/helm-charts/settings/templates/settings_deploy.yaml

@@ -1,364 +0,0 @@
-
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: settings-deployment
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: settings
-    applications.app.bytetrade.io/name: settings
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-    applications.app.bytetrade.io/author: bytetrade.io
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/settings/icon.png
-    applications.app.bytetrade.io/title: Settings
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}]'
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: settings
-  template:
-    metadata:
-      labels:
-        app: settings
-    spec:
-      initContainers:
-      - args:
-        - -it
-        - authelia-backend.os-system:9091,infisical-service:80
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      - name: terminus-sidecar-init
-        image: openservicemesh/init:v1.2.3
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-          capabilities: 
-            add:
-            - NET_ADMIN
-          runAsNonRoot: false
-          runAsUser: 0
-        command:
-        - /bin/sh
-        - -c
-        - |
-          iptables-restore --noflush <<EOF
-          # sidecar interception rules
-          *nat
-          :PROXY_IN_REDIRECT - [0:0]
-          :PROXY_INBOUND - [0:0]
-          -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-          -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-          -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-          -A PREROUTING -p tcp -j PROXY_INBOUND
-          COMMIT
-          EOF
-        
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-      containers:
-      - name: settings
-        image: beclab/settings:v0.1.74
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 80
-
-      - name: settings-server
-        image: beclab/settings-server:v0.1.74
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 3000
-        env:
-        - name: OS_SYSTEM_SERVER
-          value: system-server.user-system-{{ .Values.bfl.username }}
-        - name: OS_APP_SECRET
-          value: '{{ .Values.os.settings.appSecret }}'
-        - name: OS_APP_KEY
-          value: {{ .Values.os.settings.appKey }}
-        - name: APP_SERVICE_SERVICE_HOST
-          value: app-service.os-system
-        - name: APP_SERVICE_SERVICE_PORT
-          value: '6755'
-        - name: APP_SERVICE_CHAIN_ID
-          value: '10'
-        - name: APP_SERVICE_VERIFYING_CONTRACT
-          value: '0xe2eaba0979277a90511f8873ae1e8ca26b54e740'
-        - name: APP_SERVICE_CLOUD_URL
-          value: 'https://cloud-api.bttcdn.com'
-        # value: none / nvidia / nvshare / virtaitech
-        - name: GPU
-          value: {{ .Values.gpu }}
-
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-      volumes:
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-       
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: settings-service
-  namespace: {{ .Release.Namespace }}
-spec:
-  selector:
-    app: settings
-  type: ClusterIP
-  ports:
-    - protocol: TCP
-      name: settings
-      port: 80
-      targetPort: 80
-      
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ApplicationPermission
-metadata:
-  name: settings
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: settings
-  appid: settings
-  key: {{ .Values.os.settings.appKey }}
-  secret: {{ .Values.os.settings.appSecret }}
-  permissions:
-  - dataType: config
-    group: service.desktop
-    ops:
-    - Update
-    version: v1
-  - dataType: secret
-    group: secret.infisical
-    ops:
-    - RetrieveSecret?workspace=settings
-    - CreateSecret?workspace=settings
-    - DeleteSecret?workspace=settings
-    - UpdateSecret?workspace=settings
-    - ListSecret?workspace=settings
-    version: v1
-  - dataType: headscale
-    group: service.headscale
-    ops:
-    - GetMachine
-    - RenameMachine
-    - DeleteMachine
-    - GetRoute
-    - EnableRoute
-    - DisableRoute
-    - SetTags
-    version: v1
-  - dataType: files
-    group: service.files
-    ops:
-    - Query
-    - GetSearchFolderStatus
-    - UpdateSearchFolderPaths
-    - GetDatasetFolderStatus
-    - UpdateDatasetFolderPaths
-    version: v1
-  - dataType: datastore
-    group: service.bfl
-    ops:
-    - GetKey
-    - GetKeyPrefix
-    - SetKey
-    - DeleteKey
-    version: v1
-  - dataType: app
-    group: service.bfl
-    ops:
-    - UserApps
-    version: v1
-  - dataType: config
-    group: service.desktop
-    ops:
-    - Update
-    version: v1
-status:
-  state: active
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: vault-admin-server
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ExternalName
-  externalName: vault-server.os-system.svc.cluster.local
-  ports:
-    - protocol: TCP
-      port: 3010
-      targetPort: 3010
-
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: settings-nft
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: nft
-  deployment: settings
-  description: Get Cloud Bind NFT List
-  endpoint: settings-service.{{ .Release.Namespace }}
-  group: service.settings
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: getNFTAddress
-    uri: /api/cloud/getNFTAddress
-  version: v1
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: settings-account
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: account
-  deployment: settings
-  description: Get Acccount saved in Settings
-  endpoint: settings-service.{{ .Release.Namespace }}
-  group: service.settings
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: getAccount
-    uri: /api/account
-  version: v1
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: settings-backup-password
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: backupPassword
-  deployment: settings
-  description: Get Backup Plan's Password
-  endpoint: settings-service.{{ .Release.Namespace }}
-  group: service.settings
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: getAccount
-    uri: /api/backup/password
-  version: v1
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: settings-event-watcher
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  callbacks:
-  - filters:
-      type:
-      - app-installation-event
-    op: Create
-    uri: /api/event/app_installation_event
-  - filters:
-      type:
-      - settings-event
-    op: Create
-    uri: /api/event/app_installation_event
-  - filters:
-      type:
-      - system-upgrade-event
-    op: Create
-    uri: /api/event/system_upgrade_event
-  dataType: event
-  deployment: settings
-  description: desktop event watcher
-  endpoint: settings-service.{{ .Release.Namespace }}
-  group: message-disptahcer.system-server
-  kind: watcher
-  namespace: {{ .Release.Namespace }}
-  version: v1
-status:
-  state: active
-
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: settings-account-retrieve
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: legacy_api
-  deployment: settings
-  description: settings account retrieve legacy api
-  endpoint: settings-service.{{ .Release.Namespace }}
-  group: service.settings
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  version: v1
-  opApis:
-  - name: POST
-    uri: /api/account/retrieve
-  - name: GET
-    uri: /api/account/all
-status:
-  state: active

apps/studio/README.md

@@ -0,0 +1,4 @@
+# devbox
+Terminus App development management tools
+
+https://github.com/beclab/devbox

apps/studio/config/user/helm-charts/studio/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-name: profile
-description: A Helm chart for Kubernetes
+name: studio
+description: A Terminus app development tool
 maintainers:
 - name: bytetrade
 
@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
+version: 0.1.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "4.9.1"

apps/studio/config/user/helm-charts/studio/templates/deployment.yaml

@@ -0,0 +1,549 @@
+{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
+{{- $studio_secret := (lookup "v1" "Secret" $namespace "studio-secrets") -}}
+
+{{- $pg_password := "" -}}
+{{ if $studio_secret -}}
+{{ $pg_password = (index $studio_secret "data" "pg_password") }}
+{{ else -}}
+{{ $pg_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: studio-secrets
+  namespace: user-system-{{ .Values.bfl.username }}
+type: Opaque
+data:
+  pg_password: {{ $pg_password }}
+
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: studio-pg
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: studio
+  appNamespace: {{ .Release.Namespace }}
+  middleware: postgres
+  postgreSQL:
+    user: studio_{{ .Values.bfl.username }}
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: pg_password
+          name: studio-secrets
+    databases:
+      - name: studio
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: studio-server
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: studio-server
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8088
+      name: http
+    - protocol: TCP
+      port: 8083
+      targetPort: 8083
+      name: https
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: chartmuseum-studio
+  namespace: {{ .Release.Namespace }}
+spec:
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8080
+      targetPort: 8888
+  selector:
+    app: studio-server
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: studio-san-cnf
+  namespace: {{ .Release.Namespace }}
+data:
+  san.cnf: |
+    [req]
+    distinguished_name = req_distinguished_name
+    req_extensions = v3_req
+    prompt = no
+
+    [req_distinguished_name]
+    countryName = CN
+    stateOrProvinceName = Beijing
+    localityName = Beijing
+    0.organizationName = bytetrade
+    commonName = studio-server.{{ .Release.Namespace }}.svc
+
+    [v3_req]
+    basicConstraints = CA:FALSE
+    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+    subjectAltName = @bytetrade
+
+    [bytetrade]
+    DNS.1 = studio-server.{{ .Release.Namespace }}.svc
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: studio-server
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: studio-server
+    applications.app.bytetrade.io/author: bytetrade.io
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: studio-server
+  template:
+    metadata:
+      labels:
+        app: studio-server
+    spec:
+      serviceAccountName: bytetrade-controller
+      volumes:
+        - name: chart
+          hostPath:
+            type: DirectoryOrCreate
+            path: {{ .Values.userspace.appData}}/studio/Chart
+        - name: data
+          hostPath:
+            type: DirectoryOrCreate
+            path: {{ .Values.userspace.appData }}/studio/Data
+        - name: storage-volume
+          hostPath:
+            path: {{ .Values.userspace.appData }}/studio/helm-repo-dev
+            type: DirectoryOrCreate
+        - name: config-san
+          configMap:
+            name: studio-san-cnf
+            items:
+              - key: san.cnf
+                path: san.cnf
+        - name: sidecar-configs-studio
+          configMap:
+            name: sidecar-configs-studio
+            items:
+              - key: envoy.yaml
+                path: envoy.yaml
+        - name: certs
+          emptyDir: {}
+      initContainers:
+        - name: init-chmod-data
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          command:
+            - sh
+            - '-c'
+            - |
+              chown -R 1000:1000 /home/coder
+              chown -R 65532:65532 /charts
+              chown -R 65532:65532 /data
+          securityContext:
+            runAsUser: 0
+          resources: { }
+          volumeMounts:
+            - name: storage-volume
+              mountPath: /home/coder
+            - name: chart
+              mountPath: /charts
+            - name: data
+              mountPath: /data
+        - name: terminus-sidecar-init
+          image: aboveos/openservicemesh-init:v1.2.3
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - -c
+            - |
+              iptables-restore --noflush <<EOF
+              # sidecar interception rules
+              *nat
+              :PROXY_IN_REDIRECT - [0:0]
+              :PROXY_INBOUND - [0:0]
+              :PROXY_OUTBOUND - [0:0]
+              :PROXY_OUT_REDIRECT - [0:0]
+
+              -A PREROUTING -p tcp -j PROXY_INBOUND
+              -A OUTPUT -p tcp -j PROXY_OUTBOUND
+              -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
+              -A PROXY_INBOUND -p tcp --dport 8083 -j RETURN
+              -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
+              -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
+
+
+              -A PROXY_OUTBOUND -p tcp --dport 5432 -j RETURN
+              -A PROXY_OUTBOUND -p tcp --dport 6379 -j RETURN
+              -A PROXY_OUTBOUND -p tcp --dport 27017 -j RETURN
+              -A PROXY_OUTBOUND -p tcp --dport 443 -j RETURN
+              -A PROXY_OUTBOUND -p tcp --dport 8080 -j RETURN
+
+              -A PROXY_OUTBOUND -d ${POD_IP}/32 -j RETURN
+
+              -A PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1555 -j PROXY_IN_REDIRECT
+              -A PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1555 -j RETURN
+              -A PROXY_OUTBOUND -m owner --uid-owner 1555 -j RETURN
+              -A PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
+
+              -A PROXY_OUTBOUND -j PROXY_OUT_REDIRECT
+              -A PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
+
+              COMMIT
+              EOF
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: status.podIP
+          securityContext:
+            privileged: true
+            capabilities:
+              add:
+                - NET_ADMIN
+            runAsNonRoot: false
+            runAsUser: 0
+
+        - name: generate-certs
+          image: beclab/openssl:v3
+          imagePullPolicy: IfNotPresent
+          command: [ "/bin/sh", "-c" ]
+          args:
+            - |
+              openssl genrsa -out /etc/certs/ca.key 2048
+              openssl req -new -x509 -days 3650 -key /etc/certs/ca.key -out /etc/certs/ca.crt \
+                -subj "/CN=bytetrade CA/O=bytetrade/C=CN"
+              openssl req -new -newkey rsa:2048 -nodes \
+                -keyout /etc/certs/server.key -out /etc/certs/server.csr \
+                -config /etc/san/san.cnf
+              openssl x509 -req -days 3650 -in /etc/certs/server.csr \
+                -CA /etc/certs/ca.crt -CAkey /etc/certs/ca.key \
+                -CAcreateserial -out /etc/certs/server.crt \
+                -extensions v3_req -extfile /etc/san/san.cnf
+              chown -R 65532 /etc/certs/*
+          volumeMounts:
+            - name: config-san
+              mountPath: /etc/san
+            - name: certs
+              mountPath: /etc/certs
+
+      containers:
+        - name: studio
+          image: beclab/studio-server:v0.1.50
+          imagePullPolicy: IfNotPresent
+          args:
+            - server
+          ports:
+            - name: port
+              containerPort: 8088
+              protocol: TCP
+            - name: ssl-port
+              containerPort: 8083
+              protocol: TCP
+          volumeMounts:
+            - name: chart
+              mountPath: /charts
+            - name: data
+              mountPath: /data
+            - mountPath: /etc/certs
+              name: certs
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - "/studio"
+                  - "clean"
+          env:
+            - name: BASE_DIR
+              value: /charts
+            - name: OS_API_KEY
+              value: {{ .Values.os.studio.appKey }}
+            - name: OS_API_SECRET
+              value: {{ .Values.os.studio.appSecret }}
+            - name: OS_SYSTEM_SERVER
+              value: system-server.user-system-{{ .Values.bfl.username }}
+            - name: NAME_SPACE
+              value: {{ .Release.Namespace }}
+            - name: OWNER
+              value: '{{ .Values.bfl.username }}'
+            - name: DB_HOST
+              value: citus-master-svc.user-system-{{ .Values.bfl.username }}
+            - name: DB_USERNAME
+              value: studio_{{ .Values.bfl.username }}
+            - name: DB_PASSWORD
+              value: "{{ $pg_password | b64dec }}"
+            - name: DB_NAME
+              value: user_space_{{ .Values.bfl.username }}_studio
+            - name: DB_PORT
+              value: "5432"
+          resources:
+            requests:
+              cpu: "50m"
+              memory: 100Mi
+            limits:
+              cpu: "0.5"
+              memory: 1000Mi
+        - name: terminus-envoy-sidecar
+          image: bytetrade/envoy:v1.25.11.1
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsUser: 1555
+          ports:
+            - name: proxy-admin
+              containerPort: 15000
+            - name: proxy-inbound
+              containerPort: 15003
+            - name: proxy-outbound
+              containerPort: 15001
+          resources:
+            requests:
+              cpu: "50m"
+              memory: 100Mi
+            limits:
+              cpu: "0.5"
+              memory: 200Mi
+          volumeMounts:
+            - name: sidecar-configs-studio
+              readOnly: true
+              mountPath: /etc/envoy/envoy.yaml
+              subPath: envoy.yaml
+          command:
+            - /usr/local/bin/envoy
+            - --log-level
+            - debug
+            - -c
+            - /etc/envoy/envoy.yaml
+          env:
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: APP_KEY
+              value: {{ .Values.os.studio.appKey }}
+            - name: APP_SECRET
+              value: {{ .Values.os.studio.appSecret }}
+        - name: chartmuseum
+          image: aboveos/helm-chartmuseum:v0.15.0
+          args:
+            - '--port=8888'
+            - '--storage-local-rootdir=/storage'
+          ports:
+            - name: http
+              containerPort: 8888
+              protocol: TCP
+          env:
+            - name: CHART_POST_FORM_FIELD_NAME
+              value: chart
+            - name: DISABLE_API
+              value: 'false'
+            - name: LOG_JSON
+              value: 'true'
+            - name: PROV_POST_FORM_FIELD_NAME
+              value: prov
+            - name: STORAGE
+              value: local
+          resources:
+            requests:
+              cpu: "50m"
+              memory: 100Mi
+            limits:
+              cpu: 1000m
+              memory: 512Mi
+          volumeMounts:
+            - name: storage-volume
+              mountPath: /storage
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: 5
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: 5
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+
+---
+apiVersion: v1
+data:
+  envoy.yaml: |
+    admin:
+      access_log_path: "/dev/stdout"
+      address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 15000
+    static_resources:
+      listeners:
+        - name: listener_0
+          address:
+            socket_address:
+              address: 0.0.0.0
+              port_value: 15003
+          listener_filters:
+            - name: envoy.filters.listener.original_dst
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
+          filter_chains:
+            - filters:
+                - name: envoy.filters.network.http_connection_manager
+                  typed_config:
+                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                    stat_prefix: desktop_http
+                    upgrade_configs:
+                      - upgrade_type: websocket
+                      - upgrade_type: tailscale-control-protocol
+                    skip_xff_append: false
+                    codec_type: AUTO
+                    route_config:
+                      name: local_route
+                      virtual_hosts:
+                        - name: service
+                          domains: ["*"]
+                          routes:
+                            - match:
+                                prefix: "/"
+                              route:
+                                cluster: original_dst
+                                timeout: 1800s
+                    http_protocol_options:
+                      accept_http_10: true
+                    http_filters:
+                      - name: envoy.filters.http.router
+                        typed_config:
+                          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        - name: listener_1
+          address:
+            socket_address:
+              address: 0.0.0.0
+              port_value: 15001
+          listener_filters:
+            - name: envoy.filters.listener.original_dst
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
+          filter_chains:
+            - filters:
+                - name: envoy.filters.network.http_connection_manager
+                  typed_config:
+                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                    stat_prefix: studio_out_http
+                    skip_xff_append: false
+                    codec_type: AUTO
+                    route_config:
+                      name: local_route
+                      virtual_hosts:
+                        - name: service
+                          domains: ["*"]
+                          routes:
+                            - match:
+                                prefix: "/server/intent/send"
+                              request_headers_to_add:
+                                - header:
+                                    key: X-App-Key
+                                    value: {{ .Values.os.studio.appKey }}
+                              route:
+                                cluster: system-server
+                                prefix_rewrite: /system-server/v2/legacy_api/api.intent/v2/server/intent/send
+                            - match:
+                                prefix: "/"
+                              route:
+                                cluster: original_dst
+                                timeout: 1800s
+                              typed_per_filter_config:
+                                envoy.filters.http.lua:
+                                  "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
+                                  disabled: true
+
+                    http_protocol_options:
+                      accept_http_10: true
+                    http_filters:
+                      - name: envoy.filters.http.lua
+                        typed_config:
+                          "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
+                          inline_code:
+                            local sha = require("lib.sha2")
+                            function envoy_on_request(request_handle)
+                            local app_key = os.getenv("APP_KEY")
+                            local app_secret = os.getenv("APP_SECRET")
+                            local current_time = os.time()
+                            local minute_level_time = current_time - (current_time % 60)
+                            local time_string = tostring(minute_level_time)
+                            local s = app_key .. app_secret .. time_string
+                            request_handle:logInfo("originstring:" .. s)
+                            local hash = sha.sha256(s)
+                            request_handle:logInfo("Hello World.")
+                            request_handle:logInfo(hash)
+                            request_handle:headers():add("X-Auth-Signature",hash)
+                            end
+                      - name: envoy.filters.http.router
+                        typed_config:
+                          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+
+
+      clusters:
+        - name: original_dst
+          connect_timeout: 5000s
+          type: ORIGINAL_DST
+          lb_policy: CLUSTER_PROVIDED
+        - name: system-server
+          connect_timeout: 2s
+          type: LOGICAL_DNS
+          dns_lookup_family: V4_ONLY
+          dns_refresh_rate: 600s
+          lb_policy: ROUND_ROBIN
+          load_assignment:
+            cluster_name: system-server
+            endpoints:
+              - lb_endpoints:
+                  - endpoint:
+                      address:
+                        socket_address:
+                          address: system-server.user-system-{{ .Values.bfl.username }}
+                          port_value: 80
+kind: ConfigMap
+metadata:
+  name: sidecar-configs-studio
+  namespace: {{ .Release.Namespace }}

apps/studio/config/user/helm-charts/studio/values.yaml

@@ -40,4 +40,5 @@ os:
     appKey: '${ks[0]}'
     appSecret: test
 kubesphere:
-  redis_password: ""
+  redis_password: ""
+

apps/system-apps/config/cluster/deploy/ks_server_deploy.yaml

@@ -22,7 +22,7 @@ spec:
     spec:
       containers:
       - name: monitoring-server
-        image: beclab/monitoring-server-v1:v0.2.3
+        image: beclab/monitoring-server-v1:v0.2.5
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 8000

apps/vault/config/cluster/deploy/vault_server_deploy.yaml

@@ -1,7 +1,7 @@
 
 
 
-{{ $vault_rootpath := "/terminus/rootfs/vault" }}
+{{ $vault_rootpath := printf "%s%s" .Values.rootPath "/rootfs/vault" }}
 {{- $namespace := printf "%s" "os-system" -}}
 {{- $vault_secret := (lookup "v1" "Secret" $namespace "vault-secrets") -}}
 {{- $pg_password := "" -}}
@@ -83,11 +83,15 @@ spec:
             value: os_system_vault
       containers:
       - name: vault-server
-        image: beclab/vault-server:v1.2.22
+        image: beclab/vault-server:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3000
         env:
+        {{- range $key, $val := .Values.terminusGlobalEnvs }}
+        - name: {{ $key }}
+          value: {{ $val | quote }}
+        {{- end }}
         - name: AUTH_URL
           value: http://authelia-backend:9091
         - name: PL_DATA_BACKEND
@@ -110,7 +114,7 @@ spec:
         - name: vault-attach
           mountPath: /padloc/packages/server/attachments
       - name: vault-admin
-        image: beclab/vault-admin:v1.2.22
+        image: beclab/vault-admin:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010

apps/vault/config/user/helm-charts/vault/templates/vault_deploy.yaml

@@ -1,3 +1,13 @@
+{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
+
+{{- $vault_nats_secret := (lookup "v1" "Secret" $namespace "vault-nats-secrets") -}}
+{{- $vault_nats_password := "" -}}
+{{ if $vault_nats_secret -}}
+{{ $vault_nats_password = (index $vault_nats_secret "data" "vault_nats_password") }}
+{{ else -}}
+{{ $vault_nats_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
 
 
 ---
@@ -15,7 +25,7 @@ metadata:
     applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/vault/icon.png
     applications.app.bytetrade.io/title: Vault
     applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"vault", "host":"vault-service", "port":80,"title":"Vault"}]'
+    applications.app.bytetrade.io/entrances: '[{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true}]'
 spec:
   replicas: 1
   strategy:
@@ -27,6 +37,7 @@ spec:
     metadata:
       labels:
         app: vault
+        io.bytetrade.app: "true"
     spec:
       initContainers:
       - args:
@@ -35,6 +46,12 @@ spec:
         image: owncloudci/wait-for:latest
         imagePullPolicy: IfNotPresent
         name: check-auth
+      - args:
+        - -it
+        - nats.user-system-{{ .Values.bfl.username }}:4222
+        image: owncloudci/wait-for:latest
+        imagePullPolicy: IfNotPresent
+        name: check-nats
       - name: terminus-sidecar-init
         image: openservicemesh/init:v1.2.3
         imagePullPolicy: IfNotPresent
@@ -71,23 +88,38 @@ spec:
 
       containers:
       - name: vault-frontend
-        image: beclab/vault-frontend:v1.2.22
+        image: beclab/vault-frontend:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
       
       - name: notification-server
-        image: beclab/vault-notification:v1.2.22
+        image: beclab/vault-notification:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010
         env:
+        {{- range $key, $val := .Values.terminusGlobalEnvs }}
+          - name: {{ $key }}
+            value: {{ $val | quote }}
+        {{- end }}
           - name: OS_SYSTEM_SERVER
             value: system-server.user-system-{{ .Values.bfl.username }}
           - name: OS_APP_SECRET
             value: '{{ .Values.os.vault.appSecret }}'
           - name: OS_APP_KEY
             value: {{ .Values.os.vault.appKey }}
+          - name: NATS_HOST
+            value: nats.user-system-{{ .Values.bfl.username }}
+          - name: NATS_PORT
+            value: '4222'
+          - name: NATS_USERNAME
+            value: user-system-{{ .Values.bfl.username }}-vault
+          - name: NATS_PASSWORD
+            value: {{ $vault_nats_password | b64dec }}
+          - name: NATS_SUBJECT
+            value: terminus.os-system.files-notify
+          
 
       - name: terminus-envoy-sidecar
         image: bytetrade/envoy:v1.25.11
@@ -233,3 +265,38 @@ spec:
     version: v1
 status:
   state: active
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-nats-secrets
+  namespace: user-system-{{ .Values.bfl.username }}
+data:
+  vault_nats_password: {{ $vault_nats_password }}
+type: Opaque
+
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: vault-nat
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: vault
+  appNamespace: user-space-{{ .Values.bfl.username }}
+  middleware: nats
+  nats:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: vault_nats_password
+          name: vault-nats-secrets
+    refs:
+      - appName: files-server
+        appNamespace: os-system
+        subjects:
+          - name: files-notify
+            perm:
+              - pub
+              - sub
+    user: user-system-{{ .Values.bfl.username }}-vault

apps/wise/README.md

@@ -1,3 +0,0 @@
-# wise
-
-https://github.com/beclab/wise

apps/wise/config/user/helm-charts/wise/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

apps/wise/config/user/helm-charts/wise/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: wise
-description: A Helm chart for Kubernetes
-maintainers:
-- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

apps/wise/config/user/helm-charts/wise/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "rss.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "rss.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "rss.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "rss.labels" -}}
-helm.sh/chart: {{ include "rss.chart" . }}
-{{ include "rss.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "rss.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "rss.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "rss.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "rss.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

apps/wise/config/user/helm-charts/wise/templates/wise_deployment.yaml

@@ -1,145 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: wise
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: wise
-    applications.app.bytetrade.io/name: wise
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-    applications.app.bytetrade.io/author: bytetrade.io
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/rss/icon.png
-    applications.app.bytetrade.io/title: Wise
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"wise", "host":"wise-svc", "port":80,"title":"Wise"}]'
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: wise
-  template:
-    metadata:
-      labels:
-        app: wise
-    spec:
-      initContainers:
-      - args:
-        - -it
-        - authelia-backend.os-system:9091
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      - name: terminus-sidecar-init
-        image: openservicemesh/init:v1.2.3
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-          capabilities: 
-            add:
-            - NET_ADMIN
-          runAsNonRoot: false
-          runAsUser: 0
-        command:
-        - /bin/sh
-        - -c
-        - |
-          iptables-restore --noflush <<EOF
-          # sidecar interception rules
-          *nat
-          :PROXY_IN_REDIRECT - [0:0]
-          :PROXY_INBOUND - [0:0]
-          -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-          -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-          -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-          -A PREROUTING -p tcp -j PROXY_INBOUND
-          COMMIT
-          EOF
-        
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-
-      containers:
-      - name: frontend
-        image: beclab/wise:v0.1.42
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 80
-        volumeMounts:
-        - name: download-dir
-          mountPath: /data/Home/Downloads
-
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-
-      volumes:
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-      - name: download-dir
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.userData }}/Downloads
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: wise-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: wise
-  ports:
-    - name: "frontend"
-      protocol: TCP
-      port: 80
-      targetPort: 80

apps/wise/config/user/helm-charts/wise/values.yaml

@@ -1,43 +0,0 @@
-
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  wise:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""

apps/wizard/config/user/helm-charts/wizard/templates/wizard_deploy.yaml

@@ -61,7 +61,7 @@ spec:
 
       containers:
       - name: wizard
-        image: beclab/wizard:v0.5.5
+        image: beclab/wizard:v0.5.12
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80

build/installer/Makefile

@@ -17,9 +17,9 @@ Usage:
 
   help             Display this help.
 
-  install          Run install terminus os.
+  install          Run install olares os.
 
-  uninstall        Run uninstall the terminus os.
+  uninstall        Run uninstall the olares os.
 
 endef
 
@@ -39,7 +39,7 @@ help:
 .PHONY: install
 
 install:
-	$(info +++++ Installing terminus os ...)
+	$(info +++++ Installing olares os ...)
 
 ifeq ($(VERSION),"")
 	$(info $(INSTALL_HELP))
@@ -52,7 +52,6 @@ endif
 	$(info BACKUP_KEY_PREFIX: $(BACKUP_KEY_PREFIX))
 
 	@sed -i "s@#__VERSION__@$(VERSION)@" wizard/config/settings/templates/terminus_cr.yaml
-	@sed -i "s@#{{LATEST_VERSION}}@$(VERSION)@" publicInstaller.latest
 
 	@if [ x"$(PROXY)" != x"" ]; then \
 		export VERSION=$(VERSION); \
@@ -71,5 +70,5 @@ endif
 .PHONY: uninstall
 
 uninstall:
-	$(info +++++ Uninstall terminus ...)
+	$(info +++++ Uninstall olares ...)
 	@bash uninstall_cmd.sh

build/installer/change_ip.sh

@@ -1,509 +0,0 @@
-#!/usr/bin/env bash
-ERR_EXIT=-1
-
-old_ip=$1
-
-log_info() {
-    local msg now
-
-    msg="$*"
-    now=$(date +'%Y-%m-%d %H:%M:%S.%N %z')
-    echo -e "\n\033[38;1m${now} [INFO] ${msg} \033[0m" 
-}
-
-log_fatal() {
-    local msg now
-
-    msg="$*"
-    now=$(date +'%Y-%m-%d %H:%M:%S.%N %z')
-    echo -e "\n\033[31;1m${now} [FATAL] ${msg} \033[0m" 
-    exit $ERR_EXIT
-}
-
-command_exists() {
-	command -v "$@" > /dev/null 2>&1
-}
-
-get_shell_exec(){
-    user="$(id -un 2>/dev/null || true)"
-
-    sh_c='sh -c'
-	if [ "$user" != 'root' ]; then
-		if command_exists sudo && command_exists su; then
-			sh_c='sudo su -c'
-		else
-			cat >&2 <<-'EOF'
-			Error: this installer needs the ability to run commands as root.
-			We are unable to find either "sudo" or "su" available to make this happen.
-			EOF
-			exit $ERR_EXIT
-		fi
-	fi
-
-	KUBECTL=$(command -v kubectl)
-}
-
-ensure_success() {
-    "$@"
-    local ret=$?
-
-    if [ $ret -ne 0 ]; then
-        echo "Fatal error, command: '$*'"
-        exit $ret
-    fi
-
-    return $ret
-}
-
-system_service_active() {
-    if [[ $# -ne 1 || x"$1" == x"" ]]; then
-        return 1
-    fi
-
-    local ret
-    ret=$($sh_c "systemctl is-active $1")
-    if [[ "$ret" == "active" || "$ret" == "activating" ]]; then
-        return 0
-    fi
-    return 1
-}
-
-is_k3s(){
-	if [ -f /etc/systemd/system/k3s.service ]; then
-		return 0
-	fi
-
-	return 1
-}
-
-precheck_os() {
-	# check os type and arch and os vesion
-	os_type=$(uname -s)
-	os_arch=$(uname -m)
-	os_verion=$(lsb_release -d 2>&1 | awk -F'\t' '{print $2}')
-
-	case "$os_arch" in 
-	    arm64) ARCH=arm64; ;; 
-		x86_64) ARCH=amd64; ;; 
-		armv7l) ARCH=arm; ;; 
-		aarch64) ARCH=arm64; ;; 
-		ppc64le) ARCH=ppc64le; ;; 
-		s390x) ARCH=s390x; ;; 
-		*) echo "unsupported arch, exit ..."; 
-		exit -1; ;; 
-	esac 
-
-    # try to resolv hostname
-    ensure_success $sh_c "hostname -i >/dev/null"
-
-    local ip=$(ping -c 1 "$HOSTNAME" |awk -F '[()]' '/icmp_seq/{print $2}')
-    printf "%s\t%s\n\n" "$ip" "$HOSTNAME"
-
-    if [[ x"$ip" == x"" || "$ip" == @("172.17.0.1"|"127.0.0.1"|"127.0.1.1") || ! "$ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-        log_fatal "incorrect ip for hostname '$HOSTNAME', please check"
-    fi
-
-	read -r -p "Are you sure changing this node ip to ${ip}? [yes/no]: " ans </dev/tty
-
-    if [ x"$ans" != x"yes" ]; then
-		echo "Please edit /etc/hosts to add the correct node IP"
-        echo "exiting..."
-        exit
-    fi
-
-    local_ip="$ip"
-}
-
-is_wsl(){
-    wsl=$(uname -a 2>&1)
-    if [[ ${wsl} == *WSL* ]]; then
-        echo 1
-        return
-    fi
-
-    echo 0
-}
-
-is_macos(){
-	if [[ "$os_type" == "Darwin" ]]; then
-		echo 1
-		return
-	fi
-
-	echo 0
-}
-
-
-regen_cert_conf(){
-	old_IFS=$IFS
-	for pem in $1 ; do
-		echo -e "[ req ]\ndefault_bits\t= 4096\ndistinguished_name\t= req_distinguished_name\nreq_extensions\t= v3_ext\nprompt\t= no\n[ req_distinguished_name ]" ; 
-		IFS="," 
-
-		for att in `openssl x509 -in $pem -text -noout | grep Subject: | cut -d: -f2 ` ;  
-
-			do VALUE=`echo $att | cut -d= -f2-9 `; 
-				case $att in 
-				\ C\ =*) echo "countryName_default = $VALUE" ;; 
-				\ ST\ =*) echo "StateOrProvinceName_default = $VALUE" ;; 
-				\ L\ =*) echo "localityName_default = $VALUE";; 
-				\ O\ =*) echo "organizationName_default = $VALUE" ;; 
-				\ OU\ =*)  echo "organizationUnitName_default = $VALUE" ;; 
-				\ CN\ =*)  echo "commonName = $VALUE" ;; 
-			esac 
-		done
-
-		openssl x509 -in $pem -text | grep -A1 Subject\ Alternative\ Name | tail -1 | xargs echo -e "[ v3_ext ]\nsubjectAltName = "|sed -e 's/IP Address/IP/g'|sed -e "s/$old_ip/$local_ip/g"
-	done
-	IFS=$old_IFS
-}
-
-
-
-
-update_juicefs() {
-	$sh_c "systemctl stop juicefs minio minio-operator redis-server"
-
-	local TERMINUS_ROOT="/terminus"
-    local fsname="rootfs"
-
-	# update redis
-	local redis_root="${TERMINUS_ROOT}/data/redis"
-    local redis_conf="${redis_root}/etc/redis.conf"
-
-	# get old ip
-	if [ -z "$old_ip" ]; then
-		old_ip=$($sh_c "awk '/bind/{print \$NF}' $redis_conf")
-	fi
-
-	while [ -z "$old_ip" ]; do
-		read -r -p "Cannot find the previous IP, please input: " old_ip </dev/tty
-	done
-
-	echo "the previous IP is $old_ip"
-
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/hosts"
-
-	ensure_success $sh_c "sed -i 's/bind [0-9.]*/bind $local_ip/g' $redis_conf"
-	
-	ensure_success $sh_c "systemctl start redis-server"
-
-    # eusure redis is started
-    ensure_success $sh_c "( sleep 10 && systemctl --no-pager status redis-server ) || \
-    ( systemctl restart redis-server && sleep 3 && systemctl --no-pager status redis-server ) || \
-    ( systemctl restart redis-server && sleep 3 && systemctl --no-pager status redis-server )"
-
-    local REDIS_PASSWORD=$($sh_c "awk '/requirepass/{print \$NF}' $redis_conf")
-    if [ x"$REDIS_PASSWORD" == x"" ]; then
-        echo "no redis password found in $redis_conf"
-        exit $ERR_EXIT
-    fi
-
-    log_info 'try to connect redis'
-
-    local pong=$(/usr/bin/redis-cli -h "$local_ip" -a "$REDIS_PASSWORD" ping 2>/dev/null)
-    if [ x"$pong" != x"PONG" ]; then
-        echo "failed to connect redis server: ${local_ip}:6379"
-        exit $ERR_EXIT
-    fi
-
-	log_info 'update redis IP success'
-
-	# update minio and minio-operator
-	local MINIO_ROOT_USER=""
-	local MINIO_ROOT_PASSWORD=""
-	if [ -f /etc/default/minio ]; then
-		log_info 'updating minio'
-
-		ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/default/minio"
-
-		ensure_success $sh_c "systemctl start minio"
-		# postpone restart minio-operator, until etcd restarted
-
-	    # ensure minio is ready
-		local max_retry=60
-		local ok="n"
-		while [ $max_retry -ge 0 ]; do
-			if $sh_c 'systemctl --no-pager status minio >/dev/null'; then
-				ok=y
-				break
-			fi
-			sleep 5
-			((max_retry--))
-		done
-
-		if [ x"$ok" != x"y" ]; then
-			echo "minio is not ready yet, please check it"
-			exit $ERR_EXIT
-		fi
-
-		log_info 'update minio IP success'
-
-		storage_type="minio"
-		MINIO_ROOT_USER="minioadmin"
-		MINIO_ROOT_PASSWORD=$(awk -F '=' '/^MINIO_ROOT_PASSWORD/{print $2}' /etc/default/minio)
-	fi
-
-
-	# update juicefs
-	local jfs_mountpoint="${TERMINUS_ROOT}/${fsname}"
-
-	log_info 'updating juicefs'
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/systemd/system/juicefs.service"
-
-	ensure_success $sh_c "systemctl daemon-reload"
-	ensure_success $sh_c "systemctl start juicefs"
-
-	if [ "$storage_type" == "minio" ]; then
-	    local juicefs_bin="/usr/local/bin/juicefs"
-		local bucket="terminus"
-		local metadb="redis://:${REDIS_PASSWORD}@${local_ip}:6379/1"
-
-        ensure_success $sh_c "$juicefs_bin config $metadb --bucket http://${local_ip}:9000/${bucket} --access-key $MINIO_ROOT_USER --secret-key $MINIO_ROOT_PASSWORD"
-	fi
-
-	ensure_success $sh_c "systemctl --no-pager status juicefs"
-    ensure_success $sh_c "sleep 3 && test -d $jfs_mountpoint/.trash"
-
-	log_info 'update juicefs IP success'
-}
-
-update_minio_operator(){
-	local MINIO_ROOT_PASSWORD=$(awk -F '=' '/^MINIO_ROOT_PASSWORD/{print $2}' /etc/default/minio)
-	local MINIO_VOLUMES=$(awk -F '=' '/^MINIO_VOLUMES/{print $2}' /etc/default/minio)
-
-	# re-init minio-operator, only used for uninitialized master node machine
-	local ETCDCTL=$(command -v etcdctl)
-	local minio_operator_bin="/usr/local/bin/minio-operator"
-
-	# clear minio-operator service
-	ensure_success $sh_c "rm -f /etc/default/minio-operator /etc/systemd/system/minio-operator.service"
-	ensure_success $sh_c "$ETCDCTL --cacert /etc/ssl/etcd/ssl/ca.pem --cert /etc/ssl/etcd/ssl/node-$HOSTNAME.pem --key /etc/ssl/etcd/ssl/node-$HOSTNAME-key.pem del terminus/minio --prefix"
-
-    ensure_success $sh_c "$minio_operator_bin init --address $local_ip --cafile /etc/ssl/etcd/ssl/ca.pem --certfile /etc/ssl/etcd/ssl/node-$HOSTNAME.pem --keyfile /etc/ssl/etcd/ssl/node-$HOSTNAME-key.pem --volume $MINIO_VOLUMES --password $MINIO_ROOT_PASSWORD"
-
-	log_info "update minio-operator success"
-}
-
-update_k3s_master() {
-#	ensure_success $sh_c "$KUBECTL delete node $HOSTNAME"
-
-	ensure_success $sh_c "systemctl stop k3s etcd backup-etcd"
-}
-
-update_etcd(){
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/etcd.env"
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /usr/local/bin/kube-scripts/etcd-backup.sh"
-
-	# renew etcd cert
-	local tmpdir=$(mktemp -d)
-	ensure_success $sh_c "mv /etc/ssl/etcd/ssl/* $tmpdir/."
-	ensure_success $sh_c "cp $tmpdir/{ca.pem,ca-key.pem} /etc/ssl/etcd/ssl/."
-	local confile="$tmpdir/cert.conf"
-	ensure_success regen_cert_conf $tmpdir/admin-$HOSTNAME.pem > $confile
-
-	for instance in admin-$HOSTNAME member-$HOSTNAME node-$HOSTNAME; do
-		ensure_success $sh_c "openssl req -newkey rsa:2048 -nodes \
-             -keyout /etc/ssl/etcd/ssl/${instance}-key.pem \
-             -config ${confile} \
-             -out /etc/ssl/etcd/ssl/${instance}-cert.csr"
-
-		ensure_success $sh_c "openssl x509 -req \
-             -extfile ${confile} \
-             -extensions v3_ext \
-             -in /etc/ssl/etcd/ssl/${instance}-cert.csr \
-             -CA /etc/ssl/etcd/ssl/ca.pem \
-             -CAkey /etc/ssl/etcd/ssl/ca-key.pem \
-             -CAcreateserial \
-             -out /etc/ssl/etcd/ssl/${instance}.pem \
-             -days 3650 -sha256"
-	done
-
-    ensure_success $sh_c "systemctl daemon-reload"
-	ensure_success $sh_c "systemctl start etcd backup-etcd"
-}
-
-post_update_k3s_master(){
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/systemd/system/k3s.service"
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/systemd/system/k3s.service.env"
-
-    ensure_success $sh_c "systemctl daemon-reload"
-	ensure_success $sh_c "systemctl start k3s"
-	ensure_success $sh_c "systemctl --no-pager status k3s"
-
-	log_info 'IP changed, the OS will be reloaded in 2 minutes...'
-	sleep 120
-	# check running pods
-	ensure_success $sh_c "$KUBECTL get pods --all-namespaces"
-
-}
-
-update_k8s_master() {
-    local KUBEADM=$(command -v kubeadm)
-
-	ensure_success $sh_c "systemctl stop kubelet containerd"
-
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/kubernetes/*.yaml"
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/kubernetes/*.conf"
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/kubernetes/manifests/*.yaml"
-	ensure_success $sh_c "sed -i 's/$old_ip/$local_ip/g' /etc/kubernetes/addons/*.yaml"
-
-	ensure_success $sh_c "rm -f /etc/kubernetes/pki/{apiserver*,front-proxy-client*}"
-	ensure_success $sh_c "$KUBEADM init phase certs apiserver --config=/etc/kubernetes/kubeadm-config.yaml"
-	ensure_success $sh_c "$KUBEADM init phase certs apiserver-kubelet-client --config=/etc/kubernetes/kubeadm-config.yaml"
-	ensure_success $sh_c "$KUBEADM init phase certs front-proxy-client --config=/etc/kubernetes/kubeadm-config.yaml"
-
-	ensure_success $sh_c "kubeadm init phase kubeconfig admin --config=/etc/kubernetes/kubeadm-config.yaml"
-	ensure_success $sh_c "cp -f /etc/kubernetes/admin.conf /root/.kube/config"
-
-    ensure_success $sh_c "systemctl daemon-reload"
-	ensure_success $sh_c "systemctl start kubelet containerd"
-
-	# restart k8s processes
-	$sh_c "killall kube-apiserver" 
-	$sh_c "killall kube-scheduler" 
-	$sh_c "killall kube-controller-manager" 
-
-	# wait for some time and delete old node
-	log_info 'IP changed, the OS will be reloaded in 2 minutes...'
-	sleep 120
-	ensure_success $sh_c "$KUBECTL get nodes --sort-by=.metadata.creationTimestamp"
-
-	# check running pods
-	ensure_success $sh_c "$KUBECTL get pods --all-namespaces"
-}
-
-get_auth_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=authelia' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_profile_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=profile' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_desktop_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=edge-desktop' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_vault_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=vault' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_appservice_status(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_bfl_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_settings_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=settings' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_all_user(){
-    $sh_c "${KUBECTL} get user -o jsonpath='{.items[*].metadata.name}'"
-}
-
-check_together(){
-    local all=$@
-    
-    local s=""
-    for f in "${all[@]}"; do 
-        s=$($f)
-        if [ "x${s}" != "xRunning" ]; then
-            break
-        fi
-    done
-
-    echo "${s}"
-}
-
-check_desktop(){
-    status=$(check_together get_appservice_status get_bfl_status get_vault_status get_profile_status get_auth_status get_desktop_status get_settings_status)
-    n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        dotn=$(($n % 10))
-        dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(check_together get_appservice_status get_bfl_status get_vault_status  get_profile_status get_auth_status get_desktop_status get_settings_status)
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-
-main() {
-	get_shell_exec
-
-    if [[ $(is_wsl) -eq 1 || $(is_macos) -eq 1 ]]; then
-		ip=$1
-		if [[ $(is_macos) -eq 1 ]]; then
-			ip=$(ping -c 1 "$(hostname)" |awk -F '[()]' '/PING/{print $2}')
-		fi
-
-		ip=$(echo "$ip" | grep -E "[0-9]+(\.[0-9]+){3}" | grep -v "127.0.0.1")
-
-		if [[ x"$ip" == x"" ]]; then
-			echo "Please provide a valid new ip"
-			exit -1
-		fi
-
-		user=$($sh_c "${KUBECTL} get user -o jsonpath='{.items[0].metadata.name}'")
-		$sh_c "${KUBECTL} patch user ${user} -p '{\"metadata\":{\"annotations\":{\"bytetrade.io/nat-gateway-ip\":\"${ip}\"}}}' --type='merge'"
-
-		echo "Please waiting for ip changing ..."
-		sleep 30
-		exit 0
-	fi
-
-	precheck_os
-
-	local storage_type="s3"
-	if is_k3s; then
-		if system_service_active "k3s" ; then
-			update_k3s_master
-		fi 
-	fi
-
-	update_juicefs
-	
-	update_etcd
-
-	if is_k3s ; then
-		log_info "updating k3s"
-
-		post_update_k3s_master
-	else
-		log_info "updating k8s"
-
-	    update_k8s_master
-	fi 
-
-	if [ "$storage_type" == "minio" ]; then 
-		update_minio_operator
-	fi
-
-	# check os auto-reloading
-    log_info 'Waiting for Terminus reloading ...'
-    check_desktop
-
-	for u in $(get_all_user) ; do
-		$sh_c "${KUBECTL} rollout restart deploy -n user-space-$u edge-desktop"
-		$sh_c "${KUBECTL} rollout restart deploy -n user-space-$u headscale-server"
-	done
-
-	$sh_c "killall envoy" 
-
-    check_desktop
-
-	log_info 'Success to change the Terminus IP address!'
-}
-
-main $1

build/installer/check_image_size.sh

@@ -1,47 +0,0 @@
-#!/bin/bash
-
-convert_to_memory_unit() {
-    local num=$1
-    local unit="B"
-    if [[ $num -ge 1073741824 ]]; then
-        num=`echo $num | awk '{ printf("%.2lf",$1/1073741824) }'`
-        unit="GB"
-    elif [[ $num -ge 1048576 ]]; then
-        num=`echo $num | awk '{ printf("%.2lf",$1/1048576) }'`
-        unit="MB"
-    elif [[ $num -ge 1024 ]]; then
-	num=`echo $num | awk '{ printf("%.2lf",$1/1024) }'`
-        unit="KB"
-    fi
-    echo "$num$unit"
-}
-
-
->image.size.tmp.txt
->image.size.raw.txt
->image.size.txt
-
-for path in `ls images/*.tar.gz`
-do
-        image=`basename $path`
-        rm -rf tmp
-        mkdir tmp
-        cp  images/$image tmp/$image
-
-        cd tmp
-        size=`ls -l | awk '{ print $5 }' | tail --line 1`
-        echo $image
-        tar -xzf $image
-        name=`cat manifest.json  | awk -F"RepoTags" '{ print $2 }' | awk -F"\"" '{ print $3 }'`
-        cd ..
-
-        echo -e $size"\t"$name >> image.size.tmp.txt
-done
-
-sort -k1 -nr image.size.tmp.txt > image.size.raw.txt
-rm image.size.tmp.txt
-
-while read size image
-do
-	echo -e $(convert_to_memory_unit $size)"\t"$image >> image.size.txt
-done < image.size.raw.txt

build/installer/deploy/device-plugin.yaml

@@ -28,6 +28,8 @@ spec:
     spec:
       runtimeClassName: nvidia # Explicitly request the runtime
       priorityClassName: system-node-critical
+      nodeSelector:
+        gpu.bytetrade.io/cuda-supported: 'true'
       initContainers:
       - name: init-dir
         image: busybox:1.28
@@ -40,7 +42,7 @@ spec:
         - "[ -d /var/run/nvshare/libnvshare.so ] && rm -rf /var/run/nvshare/libnvshare.so || true"
       containers:
       - name: nvshare-lib
-        image: bytetrade/nvshare:libnvshare
+        image: beclab/nvshare:libnvshare-v0.0.1
         command:
         - sleep
         - infinity
@@ -50,7 +52,7 @@ spec:
               command:
               - "/bin/sh"
               - "-c"
-              - "test -f /host-var-run-nvshare/libnvshare.so || touch /host-var-run-nvshare/libnvshare.so && mount -v --bind /libnvshare.so /host-var-run-nvshare/libnvshare.so"
+              - "test -f /host-var-run-nvshare/libnvshare.so || ( test -d /host-var-run-nvshare/libnvshare.so && rm -rf /host-var-run-nvshare/libnvshare.so && false ) || touch /host-var-run-nvshare/libnvshare.so && mount -v --bind /libnvshare.so /host-var-run-nvshare/libnvshare.so"
           preStop:
             exec:
               command:

build/installer/deploy/nvidia-device-plugin.yml

@@ -44,6 +44,8 @@ spec:
       # be rescheduled after a failure.
       # See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
       priorityClassName: "system-node-critical"
+      nodeSelector:
+        gpu.bytetrade.io/cuda-supported: 'true'
       containers:
       - image: nvcr.io/nvidia/k8s-device-plugin:v0.16.1
         name: nvidia-device-plugin-ctr

build/installer/deploy/scheduler.yaml

@@ -28,6 +28,8 @@ spec:
     spec:
       runtimeClassName: nvidia # Explicitly request the runtime
       priorityClassName: system-node-critical
+      nodeSelector:
+        gpu.bytetrade.io/cuda-supported: 'true'
       initContainers:
       - name: init-dir
         image: busybox:1.28
@@ -46,6 +48,10 @@ spec:
           allowPrivilegeEscalation: false
           capabilities:
             drop: ["ALL"]
+        command:
+        - sh
+        - -c
+        - "test -f /var/run/nvshare/scheduler.sock && rm -rf /var/run/nvshare/scheduler.sock; pid1 nvshare-scheduler"
         volumeMounts:
           - name: nvshare-socket-directory
             mountPath: /var/run/nvshare

build/installer/downloadInstaller.sh

@@ -1,67 +0,0 @@
-#!/usr/bin/env bash
-
-
-
-set -o pipefail
-
-if [ "x${VERSION}" = "x" ]; then
-  echo "Unable to get latest Install-Wizard version. Set VERSION env var and re-run. For example: export VERSION=1.0.0"
-  echo ""
-  exit
-fi
-
-if [ "x${TOKEN}" = "x" ]; then
-  echo "Unable to get your github token. Set TOKEN env var and re-run. ( In dev version, repo is private)"
-  echo ""
-  exit
-fi
-
-gh_curl(){
-    curl -H "Authorization: Bearer $TOKEN" $@
-}
-
-
-TAG_URL="https://api.github.com/repos/beclab/terminus/releases/tags/${VERSION}"
-ASSET_URL=$(gh_curl -fsS ${TAG_URL}  | grep '"url"'| grep assets | awk -F':|,' '{print $3}'| tr '"' ' ')
-
-if [ "x${ASSET_URL}" = "x" ]; then
-    echo ""
-    echo "Fail to get Install-Wizard release asset!"
-    echo ""
-fi
-
-DOWNLOAD_URL="https:${ASSET_URL}"
-
-echo ""
-echo "Downloading Install-Wizard ${VERSION} from ${DOWNLOAD_URL} ..."
-echo ""
-
-filename="install-wizard-v${VERSION}.tar.gz"
-curl -H "Authorization: Bearer ${TOKEN}" -H "Accept: application/octet-stream" -Lo ${filename} ${DOWNLOAD_URL}
-if [ $? -ne 0 ] || [ ! -f ${filename} ]; then
-  echo ""
-  echo "Failed to download Install-Wizard ${VERSION} !"
-  echo ""
-  echo "Please verify the version you are trying to download."
-  echo ""
-  exit
-fi
-
-ret='0'
-command -v tar >/dev/null 2>&1 || { ret='1'; }
-if [ "$ret" -eq 0 ]; then
-    mkdir -p install-wizard && cd install-wizard && tar -xzf "../${filename}"
-else
-    echo "Install-Wizard ${VERSION} Download Complete!"
-    echo ""
-    echo "Try to unpack the ${filename} failed."
-    echo "tar: command not found, please unpack the ${filename} manually."
-    exit
-fi
-
-echo ""
-echo "Install-Wizard ${VERSION} Download Complete!"
-echo ""
-
-
-bash ./install_cmd.sh

build/installer/install.ps1

@@ -0,0 +1,87 @@
+$currentPath = Get-Location
+$architecture = $env:PROCESSOR_ARCHITECTURE
+$downloadCdnUrlFromEnv = $env:DOWNLOAD_CDN_URL
+$version = "#__VERSION__"
+$downloadUrl = "https://dc3p1870nn3cj.cloudfront.net"
+
+function Test-Wait {
+  while ($true) {
+    Start-Sleep -Seconds 1
+  }
+}
+
+$runAsAdmin = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
+if (-not $runAsAdmin.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
+    Write-Host "`n`nThe installation script needs to be run as an administrator.`n"
+    Write-Host "Please try the following methods:`n"
+    Write-Host "1. Search for 'PowerShell' in the Start menu, right-click it, and select 'Run as administrator'. "
+    Write-Host "   Navigate to the directory where the installation script is located and run the installation script.`n"
+    Write-Host "2. Press Win + R, type 'powershell', and then press Ctrl + Shift + Enter. "
+    Write-Host "   Navigate to the directory where the installation script is located and run the installation script.`n"
+    Write-Host "`nPress Ctrl+C to exit.`n"
+    Test-Wait
+}
+
+$process = Get-Process -Name olares-cli -ErrorAction SilentlyContinue
+if ($process) {
+  Write-Host "olares-cli.exe is running, Press Ctrl+C to exit."
+  Test-Wait
+}
+
+$distro = wsl --list | Select-String -Pattern "^Ubuntu$"
+if (-not $distro -eq "") {
+  Write-Host "Distro Olares exists, please unregister it first."
+  exit 1
+}
+
+$arch = "amd64"
+if ($architecture -like "ARM") {
+  $arch = "arm64"
+}
+
+if (-Not $downloadCdnUrlFromEnv -eq "") {
+  $downloadUrl = $downloadCdnUrlFromEnv
+}
+
+$CLI_PROGRAM_PATH = "{0}\" -f $currentPath
+if (-Not (Test-Path $CLI_PROGRAM_PATH)) {
+  New-Item -Path $CLI_PROGRAM_PATH -ItemType Directory
+}
+
+$CLI_VERSION = "0.1.127"
+$CLI_FILE = "olares-cli-v{0}_windows_{1}.tar.gz" -f $CLI_VERSION, $arch
+$CLI_URL = "{0}/{1}" -f $downloadUrl, $CLI_FILE
+$CLI_PATH = "{0}{1}" -f $CLI_PROGRAM_PATH, $CLI_FILE
+
+$download = 0
+if (Test-Path $CLI_PATH) {
+  tar -xzf $CLI_PATH -C $CLI_PROGRAM_PATH *> $null
+  if (-Not ($LASTEXITCODE -eq 0)) {
+    Remove-Item -Path $CLI_PATH
+    $download = 1
+  }
+} else {
+  $download = 1
+}
+
+if ($download -eq 1) {
+  curl -Uri $CLI_URL -OutFile $CLI_PATH
+  Write-Host "Downloading olares-cli.exe..."
+  if (-Not (Test-Path $CLI_PATH)) {
+    Write-Host "Download olares-cli.exe failed."
+    exit 1
+  }
+  tar -xzf $CLI_PATH -C $CLI_PROGRAM_PATH *> $null
+  $cliPath = "{0}\olares-cli.exe" -f $CLI_PROGRAM_PATH
+  if ( -Not (Test-Path $cliPath)) {
+    Write-Host "olares-cli.exe not found."
+    exit 1
+  }
+}
+
+Start-Sleep -Seconds 3
+Write-Host ("Preparing to start the installation of Olares {0}. Depending on your network conditions, this process may take several minutes." -f $version)
+
+$command = "{0}\olares-cli.exe olares install --version {1}" -f $CLI_PROGRAM_PATH, $version
+Start-Process cmd -ArgumentList '/k',$command -Wait -Verb RunAs
+

build/installer/install.sh

@@ -1,94 +1,214 @@
 #!/usr/bin/env bash
 
-
-
 set -o pipefail
+set -e
 
-export VERSION="#__VERSION__"
-if [ "x${VERSION}" = "x" ]; then
-  echo "Unable to get latest Install-Wizard version. Set VERSION env var and re-run. For example: export VERSION=1.0.0"
-  echo ""
-  exit
+function command_exists() {
+	  command -v "$@" > /dev/null 2>&1
+}
+
+if [[ x"$VERSION" == x"" ]]; then
+    if [[ "$LOCAL_RELEASE" == "1" ]]; then
+        ts=$(date +%Y%m%d%H%M%S)
+        export VERSION="0.0.0-local-dev-$ts"
+        echo "will build and use a local release of Olares with version: $VERSION"
+        echo ""
+    else
+        export VERSION="#__VERSION__"
+    fi
 fi
 
-# check os type and arch and os vesion
-os_type=$(uname -s)
-os_arch=$(uname -m)
-os_verion=$(lsb_release -d 2>&1 | awk -F'\t' '{print $2}')
-
-case "$os_arch" in 
-    arm64) ARCH=arm64; ;; 
-    x86_64) ARCH=amd64; ;; 
-    armv7l) ARCH=arm; ;; 
-    aarch64) ARCH=arm64; ;; 
-    ppc64le) ARCH=ppc64le; ;; 
-    s390x) ARCH=s390x; ;; 
-    *) echo "unsupported arch, exit ..."; 
-    exit -1; ;; 
-esac 
-
-
-DOWNLOAD_URL="https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${VERSION}.tar.gz"
-
-if [ x"${ARCH}" == x"arm64" ]; then
-  DOWNLOAD_URL="https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${VERSION}-arm64.tar.gz"
-fi
-
-echo ""
-echo " Downloading Install-Wizard ${VERSION} from ${DOWNLOAD_URL} ... " 
-echo ""
-
-foldername="install-wizard-v${VERSION}"
-filename="install-wizard-v${VERSION}.tar.gz"
-
-if [ ! -f ${filename} ]; then
-  tmpname="install-wizard-v${VERSION}.bak.tar.gz"
-  curl -Lo ${tmpname} ${DOWNLOAD_URL}
-
-  if [ $? -ne 0 ] || [ ! -f ${tmpname} ]; then
-    echo ""
-    echo "Failed to download Install-Wizard ${VERSION} !"
-    echo ""
-    echo "Please verify the version you are trying to download."
-    echo ""
-    exit
-  fi
-  mv ${tmpname} ${filename}
-fi
-
-echo ""
-echo "Install-Wizard ${VERSION} Download Complete!"
-echo ""
-
-if command -v tar &>/dev/null; then
-    sudo rm -rf ${foldername} && mkdir -p ${foldername} && cd ${foldername} && tar -xzf "../${filename}"
-
-    CLI_VERSION="0.1.12"
-    CLI_FILE="terminus-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
-    if [ x"${os_type}" == x"Darwin" ]; then
-        CLI_FILE="terminus-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
-    fi
-    CLI_URL="https://github.com/beclab/Installer/releases/download/${CLI_VERSION}/${CLI_FILE}"
-
-    if [ ! -f ${CLI_FILE} ]; then
-        curl -Lo ${CLI_FILE} ${CLI_URL}
-    fi
-
-    if [ $? -eq 0 ]; then
-        if [[ x"$os_type" == x"Darwin" ]]; then
-          bash  ./uninstall_macos.sh
-          touch /usr/local/var/run/.installed
-          bash  ./install_macos.sh
-        else
-          bash  ./uninstall_cmd.sh
-          touch /var/run/lock/.installed
-          bash  ./install_cmd.sh
-        fi
-
-        exit 0
-    fi
-else
-    echo "Try to unpack the ${filename} failed."
-    echo "tar: command not found, please unpack the ${filename} manually."
+if [[ "x${VERSION}" == "x" || "x${VERSION:3}" == "xVERSION__" ]]; then
+    echo "error: Olares version is unspecified, please set the VERSION env var and rerun this script."
+    echo "for example: VERSION=1.11.0-20241124 bash $0"
+    exit 1
+fi
+
+# check os type and arch
+os_type=$(uname -s)
+os_arch=$(uname -m)
+
+case "$os_arch" in
+    arm64) ARCH=arm64; ;;
+    x86_64) ARCH=amd64; ;;
+    armv7l) ARCH=arm; ;;
+    aarch64) ARCH=arm64; ;;
+    ppc64le) ARCH=ppc64le; ;;
+    s390x) ARCH=s390x; ;;
+    *) echo "error: unsupported arch \"$os_arch\"";
+    exit 1; ;;
+esac
+
+# set shell execute command
+user="$(id -un 2>/dev/null || true)"
+sh_c='sh -c'
+if [ "$user" != 'root' ]; then
+    if command_exists sudo && command_exists su; then
+        if [[ "$os_type" != "Darwin" ]]; then
+            sh_c='sudo -E sh -c'
+        fi
+    else
+        echo "error: this installer needs the ability to run as root, but the command \"sudo\" and  \"su\" can not be found"
+        exit 1
+    fi
+fi
+
+if ! command_exists tar; then
+    echo "error: the \"tar\" command is needed by installer to unpack installation files, but can not be found"
+    exit 1
+fi
+
+if [[ x"$KUBE_TYPE" == x"" ]]; then
+    echo "the KUBE_TYPE env var is not set, defaulting to \"k3s\""
+    echo ""
+    export KUBE_TYPE="k3s"
+fi
+
+BASE_DIR="$HOME/.olares"
+if [ ! -d $BASE_DIR ]; then
+    mkdir -p $BASE_DIR
+fi
+
+cdn_url=${DOWNLOAD_CDN_URL}
+if [ -z ${cdn_url} ]; then
+    cdn_url="https://dc3p1870nn3cj.cloudfront.net"
+fi
+
+CLI_VERSION="0.1.127"
+CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
+if [[ x"$os_type" == x"Darwin" ]]; then
+    CLI_FILE="olares-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
+fi
+
+if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$CLI_VERSION" ]]; then
+    INSTALL_OLARES_CLI=$(which olares-cli)
+    echo "olares-cli already installed and is the expected version"
+    echo ""
+else
+    if [[ ! -f ${CLI_FILE} ]]; then
+        CLI_URL="${cdn_url}/${CLI_FILE}"
+
+        echo "downloading Olares installer from ${CLI_URL} ..."
+        echo ""
+
+        curl -Lo ${CLI_FILE} ${CLI_URL}
+
+        if [[ $? -ne 0 ]]; then
+            echo "error: failed to download Olares installer"
+            exit 1
+        else
+            echo "Olares installer ${CLI_VERSION} download complete!"
+            echo ""
+        fi
+    fi
+    INSTALL_OLARES_CLI="/usr/local/bin/olares-cli"
+    echo "unpacking Olares installer to $INSTALL_OLARES_CLI..."
+    echo ""
+    tar -zxf ${CLI_FILE} olares-cli && chmod +x olares-cli
+    if [[ x"$os_type" == x"Darwin" ]]; then
+        if [ ! -f "/usr/local/Cellar/olares" ]; then
+            current_user=$(whoami)
+            $sh_c "sudo mkdir -p /usr/local/Cellar/olares && sudo chown ${current_user}:staff /usr/local/Cellar/olares"
+        fi
+        $sh_c "mv olares-cli /usr/local/Cellar/olares/olares-cli && \
+               sudo rm -rf /usr/local/bin/olares-cli && \
+               sudo ln -s /usr/local/Cellar/olares/olares-cli $INSTALL_OLARES_CLI"
+    else
+        $sh_c "mv olares-cli $INSTALL_OLARES_CLI"
+    fi
+
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to unpack Olares installer"
+        exit 1
+    fi
+fi
+
+PARAMS="--version $VERSION --base-dir $BASE_DIR"
+KUBE_PARAM="--kube $KUBE_TYPE"
+CDN="--download-cdn-url ${cdn_url}"
+
+if [[ -f $BASE_DIR/.prepared ]]; then
+    echo "file $BASE_DIR/.prepared detected, skip preparing phase"
+    echo ""
+else
+    if [[ "$LOCAL_RELEASE" == "1" ]]; then
+        if [[ -d $BASE_DIR/versions/v$VERSION  ]]; then
+            echo "local release already exists, skip building"
+            echo ""
+        else
+            echo "building local release ..."
+            $sh_c "$INSTALL_OLARES_CLI olares release $PARAMS $CDN"
+            if [[ $? -ne 0 ]]; then
+                echo "error: failed to build local release"
+                exit 1
+            fi
+        fi
+    else
+        echo "running system prechecks ..."
+        echo ""
+        $sh_c "$INSTALL_OLARES_CLI olares precheck $PARAMS"
+        if [[ $? -ne 0 ]]; then
+            exit 1
+        fi
+        echo "downloading installation wizard..."
+        echo ""
+        $sh_c "$INSTALL_OLARES_CLI olares download wizard $PARAMS $KUBE_PARAM $CDN"
+        if [[ $? -ne 0 ]]; then
+            echo "error: failed to download installation wizard"
+            exit 1
+        fi
+    fi
+
+    echo "downloading installation packages..."
+    echo ""
+    $sh_c "$INSTALL_OLARES_CLI olares download component $PARAMS $KUBE_PARAM $CDN"
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to download installation packages"
+        exit 1
+    fi
+
+    echo "preparing installation environment..."
+    echo ""
+    # env 'REGISTRY_MIRRORS' is a docker image cache mirrors, separated by commas
+    if [ x"$REGISTRY_MIRRORS" != x"" ]; then
+        extra="--registry-mirrors $REGISTRY_MIRRORS"
+    fi
+    $sh_c "$INSTALL_OLARES_CLI olares prepare $PARAMS $KUBE_PARAM $extra"
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to prepare installation environment"
+        exit 1
+    fi
+fi
+
+if [ -f $BASE_DIR/.installed ]; then
+    echo "file $BASE_DIR/.installed detected, skip installing"
+    echo "if it is left by an unclean uninstallation, please manually remove it and invoke the installer again"
+    exit 0
+fi
+if [ "$PREINSTALL" == "1" ]; then
+    echo "Pre Install mode is specified by the \"PREINSTALL\" env var, skip installing"
+    exit 0
+fi
+
+if [[ "$JUICEFS" == "1" ]]; then
+    echo "JuiceFS is enabled"
+    fsflag="--with-juicefs=true"
+    if [[ "$STORAGE" == "" ]]; then
+        echo "installing MinIO ..."
+    else
+        echo "checking storage config ..."
+    fi
+    $sh_c "$INSTALL_OLARES_CLI olares install storage $PARAMS"
+    if [[ $? -ne 0 ]]; then
+      exit 1
+    fi
+fi
+
+echo "installing Olares..."
+echo ""
+$sh_c "$INSTALL_OLARES_CLI olares install $PARAMS $KUBE_PARAM $fsflag"
+
+if [[ $? -ne 0 ]]; then
+    echo "error: failed to install Olares"
     exit 1
 fi

build/installer/install_macos.sh

@@ -1,805 +0,0 @@
-#!/binbash
-
-ERR_EXIT=1
-
-CURL_TRY="--connect-timeout 30 --retry 5 --retry-delay 1 --retry-max-time 10 "
-
-BASE_DIR=$(dirname $(realpath -s $0))
-BASE_DIR=${BASE_DIR:-.}
-CLUSTER_NAME=$1
-PROFILE_NAME="terminus-${CLUSTER_NAME:-0}"
-
-[[ -f "${BASE_DIR}/.env" && -z "$DEBUG_VERSION" ]] && . "${BASE_DIR}/.env"
-
-random_string() {
-    local length=12
-    local alphanumeric="abc2def3gh4jk5mn6pqr7st8uvw9xyz"
-
-    if [[ -n "$1" && $1 -gt 0 ]]; then
-        length=$1
-    fi
-
-    local text n
-    for ((i=0,l=${#alphanumeric}; i<$length; i++)); do
-        n=$[RANDOM%l]
-        text+="${alphanumeric:n:1}"
-    done
-    echo -n "$text"
-}
-
-command_exists() {
-	command -v "$@" > /dev/null 2>&1
-}
-
-read_tty(){
-    echo -n $1
-    read $2 < /dev/tty
-}
-
-
-function ensure_success() {
-    "$@"
-    local ret=$?
-
-    if [ $ret -ne 0 ]; then
-        echo "Fatal error, command: '$*'"
-        exit $ret
-    fi
-
-    return $ret
-}
-
-function retry_cmd(){
-    "$@"
-    local ret=$?
-    if [ $ret -ne 0 ];then
-        local max_retries=50
-        local delay=3
-        while [ $max_retries -gt 0 ]; do
-            printf "retry to execute command '%s', after %d seconds\n" "$*" $delay
-            ((delay+=2))
-            sleep $delay
-
-            "$@"
-            ret=$?
-            
-            if [ $ret -eq 0 ]; then
-                break
-            fi
-            
-            ((max_retries--))
-
-        done
-
-        if [ $ret -ne 0 ]; then
-            log_fatal "command: '$*'"
-        fi
-    fi
-
-    return $ret
-}
-
-precheck_os() {
-    os_type=$(uname -s)
-    case "$os_type" in
-        Darwin) OSTYPE=darwin; ;;
-        *) OSTYPE="${os_type}"
-    esac
-
-    os_arch=$(uname -m)
-    case "$os_arch" in 
-        arm64) ARCH=arm64; ;; 
-        x86_64) ARCH=amd64; ;; 
-        armv7l) ARCH=arm; ;; 
-        aarch64) ARCH=arm64; ;; 
-        *) echo "unsupported arch, exit ..."; 
-        exit -1; ;; 
-    esac 
-}
-
-install_helm() {
-    if ! command_exists helm; then
-        echo "Installing helm ..."
-        curl -sSfL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
-    fi
-    if ! command_exists helm; then
-        echo "Helm installation failed, please manually download and install the corresponding version of Helm."
-        echo ""
-        echo ""
-        exit -1
-    fi
-}
-
-log_info() {
-    local msg now
-
-    msg="$*"
-    now=$(date +'%Y-%m-%d %H:%M:%S.%N %z')
-    echo -e "\n\033[38;1m${now} [INFO] ${msg} \033[0m" 
-}
-
-log_fatal() {
-    local msg now
-
-    msg="$*"
-    now=$(date +'%Y-%m-%d %H:%M:%S.%N %z')
-    echo -e "\n\033[31;1m${now} [FATAL] ${msg} \033[0m" 
-    exit $ERR_EXIT
-}
-
-install_cli(){
-    KUBE_TYPE=${KUBE_TYPE}
-    CLI_VERSION="0.1.12"
-    if [ -z $KUBE_TYPE ]; then
-        KUBE_TYPE="k3s"
-    fi
-    
-    local cli_name="terminus-cli-v${CLI_VERSION}_${OSTYPE}_${ARCH}.tar.gz"
-    local cli_tar="${BASE_DIR}/${cli_name}"
-    if [ ! -f "$cli_tar" ]; then
-        echo "Installing terminus-cli ..."
-        ensure_success $sh_c "curl ${CURL_TRY} -k -sfL -o ${BASE_DIR}/${cli_name} https://github.com/beclab/Installer/releases/download/${CLI_VERSION}/${cli_name}"
-    fi
-    ensure_success $sh_c "tar xf ${BASE_DIR}/${cli_name} -C ${BASE_DIR}/"
-}
-
-install_ks(){
-    cmd="${BASE_DIR}/terminus-cli terminus init --kube ${KUBE_TYPE} --minikube --profile ${PROFILE_NAME}"
-    ensure_success $sh_c "${cmd}"
-}
-
-get_auth_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=authelia' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_profile_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=profile' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_desktop_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=edge-desktop' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_kscm_status(){
-    $sh_c "${KUBECTL} get pod  -n kubesphere-system -l 'app=ks-controller-manager' -o jsonpath='{.items[*].status.phase}' 2>/dev/null"
-}
-
-get_vault_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=vault' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_appservice_status(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_bfl_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_bfl_node(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].spec.nodeName}'"
-}
-
-get_appservice_pod(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].metadata.name}'"
-}
-
-get_ksapi_status(){
-    $sh_c "${KUBECTL} get pod  -n kubesphere-system -l 'app=ks-apiserver' -o jsonpath='{.items[*].status.phase}' 2>/dev/null"
-}
-
-get_settings_status(){
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=settings' -o jsonpath='{.items[*].status.phase}'"
-}
-
-get_app_key_secret(){
-    app=$1
-    key="bytetrade_${app}_${RANDOM}"
-    secret=$(random_string 16)
-
-    echo "${key} ${secret}"
-}
-
-get_app_settings(){
-    apps=("portfolio" "vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "devbox" "profile" "agent" "files")
-    for a in "${apps[@]}";do
-        ks=($(get_app_key_secret $a))
-        echo '
-  '${a}':
-    appKey: '${ks[0]}'    
-    appSecret: "'${ks[1]}'"    
-        '
-    done
-}
-
-get_k8s_annotation() {
-    if [ $# -ne 4 ]; then
-        echo "get annotation, invalid parameters"
-        exit $ERR_EXIT
-    fi
-
-    local ns resource_type resource_name key
-    ns="$1"
-    resource_type="$2"
-    resource_name="$3"
-    key="$4"
-
-    local res
-
-    res=$($sh_c "${KUBECTL} -n $ns get $resource_type $resource_name -o jsonpath='{.metadata.annotations.$key}'")
-    if [[ $? -eq 0 && x"$res" != x"" ]]; then
-        echo "$res"
-        return
-    fi
-    echo "can not to get $ns ${resource_type}/${resource_name} annotation '$key', got value '$res'"
-    exit $ERR_EXIT
-}
-
-repeat(){
-    for _ in $(seq 1 "$1"); do
-        echo -n "$2"
-    done
-}
-
-check_together(){
-    local all=$@
-    
-    local s=""
-    for f in "${all[@]}"; do 
-        s=$($f)
-        if [ "x${s}" != "xRunning" ]; then
-            break
-        fi
-    done
-
-    echo "${s}"
-}
-
-check_desktop(){
-    status=$(check_together get_profile_status get_auth_status get_desktop_status)
-    n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        dotn=$(($n % 10))
-        dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(check_together get_profile_status get_auth_status get_desktop_status)
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-check_vault(){
-    status=$(get_vault_status)
-    n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        dotn=$(($n % 10))
-        dot=$(repeat $dotn '>')
-
-        echo -ne "\rPlease waiting ${dot}"
-        sleep 0.5
-
-        status=$(get_vault_status)
-        echo -ne "\rPlease waiting          "
-
-    done
-    echo
-}
-
-check_appservice(){
-    status=$(get_appservice_status)
-    n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        dotn=$(($n % 10))
-        dot=$(repeat $dotn '>')
-
-        echo -ne "\rWaiting for app-service starting ${dot}"
-        sleep 0.5
-
-        status=$(get_appservice_status)
-        echo -ne "\rWaiting for app-service starting          "
-
-    done
-    echo
-}
-
-check_bfl(){
-    status=$(get_bfl_status)
-    n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        dotn=$(($n % 10))
-        dot=$(repeat $dotn '>')
-
-        echo -ne "\rWaiting for bfl starting ${dot}"
-        sleep 0.5
-
-        status=$(get_bfl_status)
-        echo -ne "\rWaiting for bfl starting          "
-
-    done
-    echo
-}
-
-check_kscm(){
-    status=$(get_kscm_status)
-    n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        dotn=$(($n % 10))
-        dot=$(repeat $dotn '>')
-
-        echo -ne "\rWaiting for ks-controller-manager starting ${dot}"
-        sleep 0.5
-
-        status=$(get_kscm_status)
-        echo -ne "\rWaiting for ks-controller-manager starting          "
-
-    done
-    echo
-}
-
-check_settings(){
-    status=$(get_settings_status)
-    n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        dotn=$(($n % 10))
-        dot=$(repeat $dotn '>')
-
-        echo -ne "\rWaiting for settings starting ${dot}"
-        sleep 0.5
-
-        status=$(get_settings_status)
-        echo -ne "\rWaiting for settings starting          "
-
-    done
-    echo
-}
-
-check_ksapi(){
-    status=$(get_ksapi_status)
-    n=0
-    while [ "x${status}" != "xRunning" ]; do
-        n=$(expr $n + 1)
-        dotn=$(($n % 10))
-        dot=$(repeat $dotn '>')
-
-        echo -ne "\rWaiting for ks-apiserver starting ${dot}"
-        sleep 0.5
-
-        status=$(get_ksapi_status)
-        echo -ne "\rWaiting for ks-apiserver starting          "
-
-    done
-    echo
-}
-
-validate_domainname() {
-    local match
-    match=$(echo $domainname |egrep -o '^([a-z0-9])(([a-z0-9-]{1,61})?[a-z0-9]{1})?(\.[a-z0-9](([a-z0-9-]{1,61})?[a-z0-9]{1})?)?(\.[a-zA-Z]{2,10})+$')
-
-    if [ x"$match" != x"$domainname" ]; then
-        printf "illegal domain name '$domainname', try again\n\n"
-        return 1
-    fi
-    return 0
-}
-
-validate_username() {
-    local min=2
-    local max=250
-    local usermatch
-    local keywords=(user system space default os kubesphere kube kubekey kubernetes gpu tapr bfl bytetrade project pod)
-
-    shopt -s nocasematch
-    for k in "${keywords[@]}"; do
-        if [[ "$username" == "$k" ]]; then
-            printf "'$username' is a system reserved keyword and cannot be set as a username.\n\n"
-            return 1
-        fi
-    done
-    shopt -u nocasematch
-
-    usermatch=$(echo $username |egrep -o '^[a-z0-9]([a-z0-9]*[a-z0-9])?([a-z0-9]([a-z0-9]*[a-z0-9])?)*')
-
-    if [ x"$usermatch" != x"$username" ]; then
-        printf "illegal username '$username', try again\n\n"
-        return 1
-    fi
-
-    if [[ ${#username} -lt $min || ${#username} -gt $max ]]; then
-        printf "illegal username '$username', cannot be less than $min and cannot exceed $max characters. try again\n\n"
-        return 1
-    fi
-
-    return 0
-}
-
-validate_useremail() {
-    local match
-    match=$(echo $useremail |egrep -o '^(([A-Za-z0-9]+((\.|\-|\_|\+)?[A-Za-z0-9]?)*[A-Za-z0-9]+)|[A-Za-z0-9]+)@(([A-Za-z0-9]+)+((\.|\-|\_)?([A-Za-z0-9]+)+)*)+\.([A-Za-z]{2,})+$')
-
-    if [ x"$match" != x"$useremail" ]; then
-        printf "illegal email '$useremail', try again\n\n"
-        return 1
-    fi
-    return 0
-}
-
-validate_userpwd() {
-    local min=6
-    local max=32
-
-    if [[ ${#userpwd} -lt $min || ${#userpwd} -gt $max ]]; then
-        printf "illegal password '$userpwd', cannot be less than $min and cannot exceed $max characters. try again\n\n"
-        return 1
-    fi
-    return 0
-}
-
-preload_images(){
-    if [ -d $BASE_DIR/images ]; then
-        echo "preload images to local ... "
-        # res=$(minikube -p "${PROFILE_NAME}" docker-env)
-        # ensure_success $sh_c "eval ${res}"
-        
-        local tar_count=$(find $BASE_DIR/images -type f -name '*.tar.gz'|wc -l)
-        if [ $tar_count -eq 0 ]; then
-            if [ -f $BASE_DIR/images/images.mf ]; then
-                echo "downloading images from terminus cloud ..."
-                while read img; do
-                    local filename=$(echo -n "$img"|md5sum|awk '{print $1}')
-                    filename="$filename.tar.gz"
-                    echo "downloading ${filename} ..."
-                    curl -fsSL https://dc3p1870nn3cj.cloudfront.net/${filename} -o $BASE_DIR/images/$filename
-                done < $BASE_DIR/images/images.mf
-            fi
-        fi
-
-        find $BASE_DIR/images -type f -name '*.tar.gz' | while read filename; do
-            # $sh_c "gunzip -c ${filename} | docker load"
-            $sh_c "minikube image load ${filename} -p ${PROFILE_NAME}"
-            echo "Loaded image: ${filename}"
-        done
-    fi
-}
-
-setup_ws() {
-
-    if ! command_exists htpasswd; then
-        log_fatal "Please install htpasswd"
-    fi
-
-    # username, email, password from env
-    username="$TERMINUS_OS_USERNAME"
-    userpwd="$TERMINUS_OS_PASSWORD"
-    useremail="$TERMINUS_OS_EMAIL"
-    domainname="$TERMINUS_OS_DOMAINNAME"
-
-    log_info 'parse user info from env or stdin\n'
-    if [ -z "$domainname" ]; then
-        while :; do
-            read_tty "Enter the domain name ( default myterminus.com ): " domainname
-            [[ -z "$domainname" ]] && domainname="myterminus.com"
-
-            if ! validate_domainname; then
-                continue
-            fi
-            break
-        done
-    fi
-
-    if ! validate_domainname; then
-        log_fatal "illegal domain name '$domainname'"
-    fi
-
-    if [ -z "$username" ]; then
-        while :; do
-            read_tty "Enter the terminus name: " username
-            local domain=$(echo "$username"|awk -F'@' '{print $2}')
-            if [[ ! -z "${domain}" && x"${domain}" != x"${domainname}" ]]; then
-                printf "illegal domain name '$domain', try again\n\n"
-                continue
-            fi
-
-            username=$(echo "$username"|awk -F'@' '{print $1}')
-
-            if ! validate_username; then
-                continue
-            fi
-            break
-        done
-    fi
-
-    if ! validate_username; then
-        log_fatal "illegal username '$username'"
-    fi
-
-    if [ -z "$useremail" ]; then
-        useremail="${username}@${domainname}"
-    fi
-
-    if ! validate_useremail; then
-        log_fatal "illegal user email '$useremail'"
-    fi
-
-    if [ -z "$userpwd" ]; then
-        userpwd=$(random_string 8)
-    fi
-
-    if ! validate_userpwd; then
-        log_fatal "illegal user password '$userpwd'"
-    fi
-
-    encryptpwd=$(htpasswd -nbBC 10 USER "${userpwd}"|awk -F":" '{print $2}')
-
-    log_info 'generate app values'
-
-    # generate values
-    local s3_sts="none"
-    local s3_ak="none"
-    local s3_sk="none"
-
-    cat > ${BASE_DIR}/wizard/config/account/values.yaml <<_EOF
-user:
-  name: '${username}'
-  password: '${encryptpwd}'
-  email: '${useremail}'
-  terminus_name: '${username}@${domainname}'
-_EOF
-
-    cat > ${BASE_DIR}/wizard/config/settings/values.yaml <<_EOF
-namespace:
-  name: 'user-space-${username}'
-  role: admin
-
-cluster_id: ${CLUSTER_ID}
-s3_sts: ${s3_sts}
-s3_ak: ${s3_ak}
-s3_sk: ${s3_sk}
-
-user:
-  name: '${username}'
-_EOF
-
-  cat > ${BASE_DIR}/wizard/config/launcher/values.yaml <<_EOF
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: '${username}'
-  admin_user: true
-_EOF
-
-  ensure_success $sh_c "$SED 's/#__DOMAIN_NAME__/${domainname}/' ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml"
-
-  publicIp=$(curl --connect-timeout 5 -sL http://169.254.169.254/latest/meta-data/public-ipv4 2>&1)
-  publicHostname=$(curl --connect-timeout 5 -sL http://169.254.169.254/latest/meta-data/public-hostname 2>&1)
-
-  local selfhosted="true"
-  if [[ ! -z "${TERMINUS_IS_CLOUD_VERSION}" && x"${TERMINUS_IS_CLOUD_VERSION}" == x"true" ]]; then
-    selfhosted="false"
-  fi
-  if [[ x"$publicHostname" =~ "amazonaws" && -n "$publicIp" && ! x"$publicIp" =~ "Not Found" ]]; then
-    selfhosted="false"
-  fi
-  ensure_success $sh_c "$SED 's/#__SELFHOSTED__/${selfhosted}/' ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml"
-}
-
-run_install(){
-    GPU_TYPE="none"
-    HELM=$(command -v helm)
-    KUBECTL=$(command -v kubectl)
-
-    install_ks
-
-    check_kscm # wait for ks launch
-    check_ksapi
-
-    retry_cmd $sh_c "$KUBECTL apply -f ${BASE_DIR}/deploy/patch-k3s.yaml"
-
-    log_info 'Installing account ...'
-    # add the first account
-    local xargs=""
-    if [[ x"$natgateway" != x"" ]]; then
-        echo "annotate bfl with nat gateway ip"
-        xargs="--set nat_gateway_ip=${natgateway}"
-    fi
-    retry_cmd $sh_c "${HELM} upgrade -i account ${BASE_DIR}/wizard/config/account --force ${xargs}"
-
-    log_info 'Installing settings ...'
-    ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings --force"
-
-    # add ownerReferences of user
-    log_info 'Installing appservice ...'
-    local ks_redis_pwd=$($sh_c "${KUBECTL} get secret -n kubesphere-system redis-secret -o jsonpath='{.data.auth}' |base64 -d")
-    retry_cmd $sh_c "${HELM} upgrade -i system ${BASE_DIR}/wizard/config/system -n os-system --force \
-        --set kubesphere.redis_password=${ks_redis_pwd} --set backup.bucket=\"${BACKUP_CLUSTER_BUCKET}\" \
-        --set backup.key_prefix=\"${BACKUP_KEY_PREFIX}\" --set backup.is_cloud_version=\"${TERMINUS_IS_CLOUD_VERSION}\" \
-        --set backup.sync_secret=\"${BACKUP_SECRET}\" --set gpu=\"${GPU_TYPE}\" --set s3_bucket=\"${S3_BUCKET}\""
-
-    # save backup env to configmap
-    cat > cm-backup-config.yaml << _END
-apiVersion: v1
-data:
-  terminus.cloudVersion: "${TERMINUS_IS_CLOUD_VERSION}"
-  backup.clusterBucket: "${BACKUP_CLUSTER_BUCKET}"
-  backup.keyPrefix: "${BACKUP_KEY_PREFIX}"
-  backup.secret: "${BACKUP_SECRET}"
-kind: ConfigMap
-metadata:
-  name: backup-config
-  namespace: os-system
-_END
-    ensure_success $sh_c "$KUBECTL apply -f cm-backup-config.yaml"
-
-    # patch
-    retry_cmd $sh_c "$KUBECTL apply -f ${BASE_DIR}/deploy/patch-globalrole-workspace-manager.yaml"
-    retry_cmd $sh_c "$KUBECTL apply -f ${BASE_DIR}/deploy/patch-notification-manager.yaml"
-
-    # install app-store charts repo to app sevice
-    log_info 'waiting for appservice'
-    check_appservice
-     appservice_pod=$(get_appservice_pod)
-
-    # gen bfl app key and secret
-    bfl_ks=($(get_app_key_secret "bfl"))
-
-    log_info 'Installing launcher ...'
-    # install launcher , and init pv
-    ensure_success $sh_c "${HELM} upgrade -i launcher-${username} ${BASE_DIR}/wizard/config/launcher -n user-space-${username} --force --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]}"
-
-    log_info 'waiting for bfl'
-    check_bfl
-    bfl_node=$(get_bfl_node)
-
-    ns="user-space-${username}"
-
-    log_info 'Try to find pv ...'
-    userspace_pvc=$(get_k8s_annotation "$ns" sts bfl userspace_pvc)
-    userspace_hostpath=$(get_k8s_annotation "$ns" sts bfl userspace_hostpath)
-    appcache_hostpath=$(get_k8s_annotation "$ns" sts bfl appcache_hostpath)
-    dbdata_hostpath=$(get_k8s_annotation "$ns" sts bfl dbdata_hostpath)
-
-    # generate apps charts values.yaml
-    # TODO: infisical password
-    app_perm_settings=$(get_app_settings)
-    cat ${BASE_DIR}/wizard/config/launcher/values.yaml > ${BASE_DIR}/wizard/config/apps/values.yaml
-    cat << EOF >> ${BASE_DIR}/wizard/config/apps/values.yaml
-  url: ''
-  nodeName: ${bfl_node}
-pvc:
-  userspace: ${userspace_pvc}
-userspace:
-  userData: ${userspace_hostpath}/Home
-  appData: ${userspace_hostpath}/Data
-  appCache: ${appcache_hostpath}
-  dbdata: ${dbdata_hostpath}
-desktop:
-  nodeport: 30180
-global:
-  bfl:
-    username: '${username}'
-
-
-debugVersion: ${DEBUG_VERSION}
-gpu: ${GPU_TYPE}
-fs_type: fs
-
-os:
-  ${app_perm_settings}
-EOF
-
-
-    log_info 'Installing built-in apps ...'
-
-    for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
-      if [ -d "$appdir" ]; then
-        releasename=$(basename "$appdir")
-        ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${username} --force --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
-      fi
-    done
-
-
-    # clear apps values.yaml
-    cat /dev/null > ${BASE_DIR}/wizard/config/apps/values.yaml
-    cat /dev/null > ${BASE_DIR}/wizard/config/launcher/values.yaml
-    copy_charts=("launcher" "apps")
-    for cc in "${copy_charts[@]}"; do
-        ensure_success $sh_c "${KUBECTL} cp ${BASE_DIR}/wizard/config/${cc} os-system/${appservice_pod}:/userapps"
-    done
-
-    log_info 'Performing the final configuration ...'
-    # delete admin user after kubesphere installed,
-    # admin user creating in the ks-install image should be modified.
-    ensure_success $sh_c "${KUBECTL} patch user admin -p '{\"metadata\":{\"finalizers\":[\"finalizers.kubesphere.io/users\"]}}' --type='merge'"
-    ensure_success $sh_c "${KUBECTL} delete user admin"
-    ensure_success $sh_c "${KUBECTL} delete deployment kubectl-admin -n kubesphere-controls-system"
-    # ensure_success $sh_c "${KUBECTL} scale deployment/ks-installer --replicas=0 -n kubesphere-system"
-    ensure_success $sh_c "${KUBECTL} delete deployment -n kubesphere-controls-system default-http-backend"
-
-
-    # delete storageclass accessor webhook
-    # ensure_success $sh_c "${KUBECTL} delete validatingwebhookconfigurations storageclass-accessor.storage.kubesphere.io"
-
-    # calico config for tailscale
-    ensure_success $sh_c "${KUBECTL} patch felixconfiguration default -p '{\"spec\":{\"featureDetectOverride\": \"SNATFullyRandom=false,MASQFullyRandom=false\"}}' --type='merge'"
-}
-
-
-main(){
-    HOSTNAME=$(hostname)
-    natgateway=$(ping -c 1 "$HOSTNAME" |awk -F '[()]' '/PING/{print $2}')
-
-    precheck_os
-
-    if [ x"$natgateway" == x"" ]; then
-        while :; do
-            read_tty "Enter the host IP: " natgateway
-            natgateway=$(echo "$natgateway" | grep -E "[0-9]+(\.[0-9]+){3}" | grep -v "127.0.0.1")
-            if [ x"$natgateway" == x"" ]; then
-                continue
-            fi
-            break
-        done
-    fi
-
-    sh_c="sh -c"
-    if [[ "$OSTYPE" == "darwin"* ]]; then
-        TAR=gtar
-        SED="sed -i '' -e"
-    else
-        TAR=tar
-        SED="sed -i"
-    fi
-
-    install_helm
-
-    install_cli
-
-    if command_exists minikube ; then
-        running=$(minikube profile list|grep "${PROFILE_NAME}"|grep Running)
-        if [ x"$running" == x"" ]; then
-            ensure_success minikube start -p "${PROFILE_NAME}" --kubernetes-version=v1.22.10 --network-plugin=cni --cni=calico --cpus='4' --memory='8g' --ports=30180:30180,443:443,80:80
-        fi
-    else
-        log_fatal "Please install minikube on your machine"
-    fi
-
-    setup_ws
-
-    run_install
-
-    log_info 'Waiting for Vault ...'
-    check_vault
-
-    log_info 'Starting Terminus ...'
-    ensure_success $sh_c "${KUBECTL} rollout restart sts bfl -n user-space-${username}"
-    check_desktop
-
-    check_settings
-
-    log_info 'Installation wizard is complete\n'
-
-
-    # install complete
-    echo -e " Terminus is running"
-    echo -e " Open your browser and visit."
-    echo -e "${GREEN_LINE}"
-    echo -e " http://${natgateway}:30180/"
-    echo -e "${GREEN_LINE}"
-    echo -e " "
-    echo -e " User: ${username} "
-    echo -e " Password: ${userpwd} "
-    echo -e " "
-    echo -e " Please change the default password after login."
-}
-
-main | tee macos_install.log

build/installer/joincluster.sh

@@ -0,0 +1,261 @@
+#!/usr/bin/env bash
+
+set -o pipefail
+set -e
+
+function command_exists() {
+	  command -v "$@" > /dev/null 2>&1
+}
+
+function read_tty() {
+    echo -n $1
+    read $2 < /dev/tty
+}
+
+function confirm() {
+    if [[ "$QUIET" == "1" ]]; then
+        return 0
+    fi
+    answer=""
+    while :; do
+        read_tty "Do you confirm to continue? (y/n): " answer
+        if [[ "$answer" != "y" && "$answer" != "n" ]]; then
+            echo "Please input the letter y or n"
+            continue
+        fi
+        if [[ "$answer" == "y" ]]; then
+            return 0
+        fi
+        if [[ "$answer" == "n" ]]; then
+            exit 0
+        fi
+    done
+}
+
+function validate_ip() {
+    if [[ ! "$1" ]]; then
+        echo "invalid IP: empty address"
+        return 1
+    elif [[ ! $1 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+        echo "invalid IP: illegal format"
+        return 1
+    elif [[ $1 =~ ^127 ]]; then
+        echo "invalid IP: loopback address"
+        return 1
+    else
+        return 0
+    fi
+}
+
+MASTER_SSH_OPTIONS=""
+
+function add_master_host_ssh_options() {
+    MASTER_SSH_OPTIONS="$MASTER_SSH_OPTIONS --$1 $2"
+}
+
+function set_master_host_ssh_options() {
+    master_host="$MASTER_HOST"
+    if [[ ! "$master_host" ]]; then
+        read_tty "Enter the master node's IP: " master_host
+    fi
+
+    while :; do
+        if ! validate_ip "$master_host"; then
+            read_tty "Enter the master node's IP: " master_host
+        else
+            break
+        fi
+    done
+
+    add_master_host_ssh_options master-host "$master_host"
+
+    if [[ "$MASTER_NODE_NAME" ]]; then
+        add_master_host_ssh_options master-node-name "$MASTER_NODE_NAME"
+    fi
+
+    if [[ "$MASTER_SSH_USER" ]]; then
+        add_master_host_ssh_options master-ssh-user "$MASTER_SSH_USER"
+    else
+        echo "the environment variable \$MASTER_SSH_USER is not set"
+        echo "the default remote user \"root\" on the master node will be used to authenticate"
+        echo "if this is unexpected, please set it explicitly"
+        confirm
+    fi
+
+    if [[ "$MASTER_SSH_PASSWORD" ]]; then
+        add_master_host_ssh_options master-ssh-password "$MASTER_SSH_PASSWORD"
+    fi
+
+    if [[ "$MASTER_SSH_PRIVATE_KEY_PATH" ]]; then
+        add_master_host_ssh_options master-ssh-private-key-path "$MASTER_SSH_PRIVATE_KEY_PATH"
+    elif [[ ! "$MASTER_SSH_PASSWORD" ]]; then
+        echo "the environment variable \$MASTER_SSH_PRIVATE_KEY_PATH is not set"
+        echo "the default key in the local path /root/.ssh/id_rsa will be used to authenticate to the master"
+        echo "please make sure the key exists and the public key has already been added to the master node"
+        echo "if this is unexpected, please set it explicitly"
+        confirm
+    fi
+
+    if [[ "$MASTER_SSH_PORT" ]]; then
+        add_master_host_ssh_options master-ssh-port "$MASTER_SSH_PORT"
+    fi
+}
+
+function getmasterinfo() {
+    $sh_c "$INSTALL_OLARES_CLI node masterinfo $MASTER_SSH_OPTIONS" | tee /proc/$$/fd/1
+    if [[ $? -ne 0 ]]; then
+        exit 1
+    fi
+    echo "" > /proc/$$/fd/1
+}
+
+# check os type and arch
+os_type=$(uname -s)
+os_arch=$(uname -m)
+
+case "$os_arch" in
+    arm64) ARCH=arm64; ;;
+    x86_64) ARCH=amd64; ;;
+    armv7l) ARCH=arm; ;;
+    aarch64) ARCH=arm64; ;;
+    ppc64le) ARCH=ppc64le; ;;
+    s390x) ARCH=s390x; ;;
+    *) echo "error: unsupported arch \"$os_arch\"";
+    exit 1; ;;
+esac
+
+if [[ "$os_type" != "Linux" ]]; then
+    echo "error: only Linux machine can be added to the cluster"
+    exit 1
+fi
+
+# set shell execute command
+user="$(id -un 2>/dev/null || true)"
+sh_c='sh -c'
+if [ "$user" != 'root' ]; then
+    if ! command_exists sudo; then
+        echo "error: the ability to run as root is needed, but the command \"sudo\" can not be found"
+        exit 1
+    fi
+    sh_c='sudo -E sh -c'
+fi
+
+if ! command_exists tar; then
+    echo "error: the \"tar\" command is needed to unpack installation files, but can not be found"
+    exit 1
+fi
+
+BASE_DIR="$HOME/.olares"
+if [ ! -d $BASE_DIR ]; then
+    mkdir -p $BASE_DIR
+fi
+
+cdn_url=${DOWNLOAD_CDN_URL}
+if [[ -z "${cdn_url}" ]]; then
+    cdn_url="https://dc3p1870nn3cj.cloudfront.net"
+fi
+
+set_master_host_ssh_options
+
+CLI_VERSION="0.1.127"
+CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
+
+if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$CLI_VERSION" ]]; then
+    INSTALL_OLARES_CLI=$(which olares-cli)
+    echo "olares-cli already installed and is the expected version"
+    echo ""
+else
+    if [[ ! -f ${CLI_FILE} ]]; then
+        CLI_URL="${cdn_url}/${CLI_FILE}"
+
+        echo "downloading Olares installer from ${CLI_URL} ..."
+        echo ""
+
+        curl -Lo ${CLI_FILE} ${CLI_URL}
+
+        if [[ $? -ne 0 ]]; then
+            echo "error: failed to download Olares installer"
+            exit 1
+        else
+            echo "Olares installer ${CLI_VERSION} download complete!"
+            echo ""
+        fi
+    fi
+    INSTALL_OLARES_CLI="/usr/local/bin/olares-cli"
+    echo "unpacking Olares installer to $INSTALL_OLARES_CLI..."
+    echo ""
+    tar -zxf ${CLI_FILE} olares-cli && chmod +x olares-cli
+    $sh_c "mv olares-cli $INSTALL_OLARES_CLI"
+
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to unpack Olares installer"
+        exit 1
+    fi
+fi
+
+echo "getting master info and checking current machine's eligibility to join the cluster"
+echo ""
+master_olares_version="$( getmasterinfo | grep OlaresVersion | awk '{print $2}' )"
+if [[ ! "$master_olares_version" ]]; then
+    echo "failed to fetch the version of Olares installed on master node"
+    exit 1
+fi
+PARAMS="--version $master_olares_version --base-dir $BASE_DIR"
+CDN="--download-cdn-url ${cdn_url}"
+
+if [[ -f $BASE_DIR/.prepared ]]; then
+    echo "file $BASE_DIR/.prepared detected, skip preparing phase"
+    echo ""
+    echo "please make sure the prepared Olares version is the same as the master, or there might be compatibility issues"
+    echo ""
+else
+    echo "running system prechecks ..."
+    echo ""
+    $sh_c "$INSTALL_OLARES_CLI olares precheck $PARAMS"
+    if [[ $? -ne 0 ]]; then
+        exit 1
+    fi
+
+    echo "downloading installation wizard..."
+    echo ""
+    $sh_c "$INSTALL_OLARES_CLI olares download wizard $PARAMS $CDN"
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to download installation wizard"
+        exit 1
+    fi
+
+    echo "downloading installation packages..."
+    echo ""
+    $sh_c "$INSTALL_OLARES_CLI olares download component $PARAMS $CDN"
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to download installation packages"
+        exit 1
+    fi
+
+    echo "preparing installation environment..."
+    echo ""
+    # env 'REGISTRY_MIRRORS' is a docker image cache mirrors, separated by commas
+    if [ x"$REGISTRY_MIRRORS" != x"" ]; then
+        extra="--registry-mirrors $REGISTRY_MIRRORS"
+    fi
+    $sh_c "$INSTALL_OLARES_CLI olares prepare $PARAMS $extra"
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to prepare installation environment"
+        exit 1
+    fi
+fi
+
+if [ -f $BASE_DIR/.installed ]; then
+    echo "file $BASE_DIR/.installed detected, skip installing"
+    echo "if it is left by an unclean uninstallation, please manually remove it and invoke the installer again"
+    exit 0
+fi
+
+echo "installing Kubernetes and joining Olares cluster..."
+echo ""
+$sh_c "$INSTALL_OLARES_CLI node add $PARAMS $MASTER_SSH_OPTIONS"
+
+if [[ $? -ne 0 ]]; then
+    echo "error: failed to install Olares"
+    exit 1
+fi

build/installer/publicAddnode.sh

@@ -7,6 +7,7 @@ ERR_VALIDATION=2
 
 CURL_TRY="--retry 5 --retry-delay 1 --retry-max-time 10 "
 BASE_DIR=$(dirname $(realpath -s $0))
+INSTALL_LOG="$BASE_DIR/logs"
 
 get_distribution() {
 	lsb_dist=""
@@ -162,7 +163,7 @@ get_master_info() {
 
     ssh_client="ssh -o StrictHostKeyChecking=no -i $ssh_private_keyfile ${master_ssh_username}@${master_ssh_private_ip}"
 
-    REDIS_PASSWORD=$($ssh_client "sudo su -c 'grep ^requirepass /terminus/data/redis/etc/redis.conf'"|awk '{print $NF}')
+    REDIS_PASSWORD=$($ssh_client "sudo su -c 'grep ^requirepass /olares/data/redis/etc/redis.conf'"|awk '{print $NF}')
     if [[ $? -ne 0 || x"$REDIS_PASSWORD" == x"" ]]; then
         echo "no master redis password"
         exit $ERR_EXIT
@@ -512,7 +513,7 @@ prepare_storage() {
     parse_get_master_info
 
     # storage
-    TERMINUS_ROOT="/terminus"
+    TERMINUS_ROOT="/olares"
 
     if [ x"$PROXY" != x"" ]; then
 	    ensure_success $sh_c "echo 'nameserver $PROXY' > /etc/resolv.conf"
@@ -546,7 +547,7 @@ prepare_storage() {
 }
 
 install_juicefs() {
-    JFS_VERSION="v11.1.0"
+    JFS_VERSION="v11.1.1"
 
     log_info 'start to install juicefs'
     local juicefs_data="${TERMINUS_ROOT}/data/juicefs"
@@ -710,7 +711,7 @@ EOF
         local tar_count=$(find $BASE_DIR/images -type f -name '*.tar.gz'|wc -l)
         if [ $tar_count -eq 0 ]; then
             if [ -f $BASE_DIR/images/images.node.mf ]; then
-                echo "downloading images from terminus cloud ..."
+                echo "downloading images from olares cloud ..."
                 while read img; do
                     local filename=$(echo -n "$img"|md5sum|awk '{print $1}')
                     filename="$filename.tar.gz"
@@ -784,12 +785,12 @@ add_worker_node() {
     log_info 'finished add worker node'
 }
 
-if [ -d /tmp/install_log ]; then
-    $sh_c "rm -rf /tmp/install_log"
+if [ -d $INSTALL_LOG ]; then
+    $sh_c "rm -rf $INSTALL_LOG"
 fi
 
-mkdir -p /tmp/install_log && cd /tmp/install_log || exit
-fd_errlog=/tmp/install_log/errlog_fd_13
+mkdir -p $INSTALL_LOG && cd $INSTALL_LOG || exit
+fd_errlog=$INSTALL_LOG/errlog_fd_13
 
 Main() {
     log_info 'Add worker node for Terminus ...\n'

build/installer/publicInstaller.latest

@@ -1,97 +0,0 @@
-#!/usr/bin/env bash
-
-
-
-set -o pipefail
-
-VERSION="#{{LATEST_VERSION}}"
-REGISTRY_MIRRORS=http://52.74.206.138:5000
-
-export VERSION REGISTRY_MIRRORS
-
-if [ "x${VERSION}" = "x" ]; then
-  echo "Unable to get latest Install-Wizard version. Set VERSION env var and re-run. For example: export VERSION=1.0.0"
-  echo ""
-  exit 1
-fi
-
-# check os type and arch and os vesion
-os_type=$(uname -s)
-os_arch=$(uname -m)
-os_verion=$(lsb_release -d 2>&1 | awk -F'\t' '{print $2}')
-
-case "$os_arch" in 
-    arm64) ARCH=arm64; ;; 
-    x86_64) ARCH=amd64; ;; 
-    armv7l) ARCH=arm; ;; 
-    aarch64) ARCH=arm64; ;; 
-    ppc64le) ARCH=ppc64le; ;; 
-    s390x) ARCH=s390x; ;; 
-    *) echo "unsupported arch, exit ..."; 
-    exit -1; ;; 
-esac 
-
-DOWNLOAD_URL="https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${VERSION}.tar.gz"
-
-if [ x"${ARCH}" == x"arm64" ]; then
-  DOWNLOAD_URL="https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${VERSION}-arm64.tar.gz"
-fi
-
-echo ""
-echo " Downloading Install-Wizard ${VERSION} from ${DOWNLOAD_URL} ... " 
-echo ""
-
-foldername="install-wizard-v${VERSION}"
-filename="install-wizard-v${VERSION}.tar.gz"
-
-if [ ! -f ${filename} ]; then
-  tmpname="install-wizard-v${VERSION}.bak.tar.gz"
-  curl -Lo ${tmpname} ${DOWNLOAD_URL}
-
-  if [ $? -ne 0 ] || [ ! -f ${tmpname} ]; then
-    echo ""
-    echo "Failed to download Install-Wizard ${VERSION} !"
-    echo ""
-    echo "Please verify the version you are trying to download."
-    echo ""
-    exit
-  fi
-  mv ${tmpname} ${filename}
-fi
-
-echo ""
-echo "Install-Wizard ${VERSION} Download Complete!"
-echo ""
-
-if command -v tar &>/dev/null; then
-    sudo rm -rf ${foldername} && mkdir -p ${foldername} && cd ${foldername} && tar -xzf "../${filename}"
-
-    CLI_VERSION="0.1.12"
-    CLI_FILE="terminus-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
-    if [ x"${os_type}" == x"Darwin" ]; then
-        CLI_FILE="terminus-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
-    fi
-    CLI_URL="https://github.com/beclab/Installer/releases/download/${CLI_VERSION}/${CLI_FILE}"
-
-    if [ ! -f ${CLI_FILE} ]; then
-        curl -Lo ${CLI_FILE} ${CLI_URL}
-    fi
-
-    if [ $? -eq 0 ]; then
-        if [[ x"$os_type" == x"Darwin" ]]; then
-          bash  ./uninstall_macos.sh
-          touch /usr/local/var/run/.installed
-          bash ./install_macos.sh
-        else
-          bash  ./uninstall_cmd.sh
-          touch /var/run/lock/.installed
-          bash ./install_cmd.sh
-        fi
-
-        exit 0
-    fi
-else
-    echo "Try to unpack the ${filename} failed."
-    echo "tar: command not found, please unpack the ${filename} manually."
-    exit 1
-fi

build/installer/publicInstaller.sh

@@ -1,47 +0,0 @@
-#!/usr/bin/env bash
-
-
-
-set -o pipefail
-
-if [ "x${VERSION}" = "x" ]; then
-  echo "Unable to get latest Install-Wizard version. Set VERSION env var and re-run. For example: export VERSION=1.0.0"
-  echo ""
-  exit
-fi
-
-DOWNLOAD_URL="https://github.com/beclab/terminus/releases/download/${VERSION}/install-wizard-v${VERSION}.tar.gz"
-
-echo ""
-echo " Downloading Install-Wizard ${VERSION} from ${DOWNLOAD_URL} ... " 
-echo ""
-
-filename="install-wizard-v${VERSION}.tar.gz"
-curl -Lo ${filename} ${DOWNLOAD_URL}
-if [ $? -ne 0 ] || [ ! -f ${filename} ]; then
-  echo ""
-  echo "Failed to download Install-Wizard ${VERSION} !"
-  echo ""
-  echo "Please verify the version you are trying to download."
-  echo ""
-  exit
-fi
-
-ret='0'
-command -v tar >/dev/null 2>&1 || { ret='1'; }
-if [ "$ret" -eq 0 ]; then
-    sudo rm -rf install-wizard && mkdir -p install-wizard && cd install-wizard && tar -xzf "../${filename}"
-else
-    echo "Install-Wizard ${VERSION} Download Complete!"
-    echo ""
-    echo "Try to unpack the ${filename} failed."
-    echo "tar: command not found, please unpack the ${filename} manually."
-    exit
-fi
-
-echo ""
-echo "Install-Wizard ${VERSION} Download Complete!"
-echo ""
-
-
-bash ./install_cmd.sh

build/installer/publicRestoreInstaller.sh

@@ -333,7 +333,7 @@ restore_resolv_conf() {
 }
 
 install_storage() {
-    TERMINUS_ROOT="/terminus"
+    TERMINUS_ROOT="/olares"
 
     if [ x"$PROXY" != x"" ]; then
 	    ensure_success $sh_c "echo nameserver $PROXY > /etc/resolv.conf"
@@ -631,7 +631,7 @@ install_juicefs() {
 
     local format_cmd
     local fsname="rootfs"
-    local bucket="terminus"
+    local bucket="olares"
     local metadb="redis://:${REDIS_PASSWORD}@${local_ip}:6379/1"
 
     local juicefs_bin="/usr/local/bin/juicefs"
@@ -872,7 +872,7 @@ run_install() {
     # env 'KUBE_TYPE' is specific the special kubernetes (k8s or k3s), default k3s
     [[ -z $KUBE_TYPE ]] && KUBE_TYPE="k3s"
     if [ x"$KUBE_TYPE" == x"k3s" ]; then
-        k8s_version=v1.21.4-k3s
+        k8s_version=v1.21.5-k3s
     fi
     create_cmd="./kk create cluster --with-kubernetes $k8s_version --container-manager containerd"  # --with-addon ${ADDON_CONFIG_FILE}
 
@@ -1703,14 +1703,15 @@ restore_terminus() {
     restore_mongo
 }
 
-INSTALL_DIR=/tmp/install_log
+INSTALL_DIR=$HOME/.terminus
+INSTALL_LOG=$INSTALL_DIR/logs
 
-if [ -d "$INSTALL_DIR" ]; then
-    $sh_c "rm -rf $INSTALL_DIR"
+if [ -d "$INSTALL_LOG" ]; then
+    $sh_c "rm -rf $INSTALL_LOG"
 fi
 
-mkdir -p $INSTALL_DIR && cd $INSTALL_DIR || exit
-fd_errlog=/tmp/install_log/errlog_fd_13
+mkdir -p $INSTALL_LOG && cd $INSTALL_LOG || exit
+fd_errlog=$INSTALL_LOG/errlog_fd_13
 
 Main() {
     log_info 'Restoring Terminus ...\n'

build/installer/refresh_sts.sh

@@ -39,7 +39,7 @@ get_shell_exec
 
 juicefs_bin="/usr/local/bin/juicefs"
 ip=$(ping -c 1 "$HOSTNAME" |awk -F '[()]' '/icmp_seq/{print $2}')
-pwd=$($sh_c "awk '/requirepass/{print \$NF}' /terminus/data/redis/etc/redis.conf")
+pwd=$($sh_c "awk '/requirepass/{print \$NF}' /olares/data/redis/etc/redis.conf")
 
 
 $sh_c "${juicefs_bin} config redis://:${pwd}@${ip}:6379/1 --access-key ${AWS_ACCESS_KEY_ID_SETUP} --secret-key ${AWS_SECRET_ACCESS_KEY_SETUP} --session-token ${AWS_SESSION_TOKEN_SETUP}"

build/installer/scale_minio.sh

@@ -1,155 +0,0 @@
-#!/usr/bin/env bash
-
-
-CURL_TRY="--connect-timeout 30 --retry 5 --retry-delay 1 --retry-max-time 10 "
-
-usage() { echo "Usage: $0 [-u <master node ssh user>] [-a <driver|node>] [-s <master node ip>] [-n <node ip>] [-v <volumes>]" 1>&2; exit 1; }
-
-command_exists() {
-	command -v "$@" > /dev/null 2>&1
-}
-
-get_shell_exec(){
-    user="$(id -un 2>/dev/null || true)"
-
-    sh_c='sh -c'
-	if [ "$user" != 'root' ]; then
-		if command_exists sudo && command_exists su; then
-			sh_c='sudo su -c'
-		else
-			cat >&2 <<-'EOF'
-			Error: this installer needs the ability to run commands as root.
-			We are unable to find either "sudo" or "su" available to make this happen.
-			EOF
-			exit $ERR_EXIT
-		fi
-	fi
-}
-
-function ensure_success() {
-    "$@"
-    local ret=$?
-
-    if [ $ret -ne 0 ]; then
-        echo "Fatal error, command: '$*'"
-        exit $ret
-    fi
-
-    return $ret
-}
-
-
-copy_keyfiles(){
-    local master=$1
-    if [ -z "$master" ]; then
-        echo "master node is not provided" > 2
-        exit -1
-    fi
-
-    local user=""
-    if [ ! -z "$MASTER_USER" ]; then
-        user="${MASTER_USER}@"
-    fi
-
-    ensure_success rm -rf /tmp/keyfiles && mkdir /tmp/keyfiles
-    ensure_success scp $user$master:/etc/ssl/etcd/ssl/ca.pem /tmp/keyfiles/.
-    ensure_success scp $user$master:/etc/ssl/etcd/ssl/node-*.pem /tmp/keyfiles/.
-    ensure_success $sh_c "mkdir -p /etc/ssl/etcd/ssl"
-    ensure_success $sh_c "cp /tmp/keyfiles/* /etc/ssl/etcd/ssl/."
-}
-
-install_minio() {
-    MINIO_VERSION="RELEASE.2023-05-04T21-44-30Z"
-    log_info 'start to install minio'
-
-    local minio_bin="/usr/local/bin/minio"
-
-    if [ ! -f "$minio_bin" ]; then
-        ensure_success $sh_c "curl ${CURL_TRY} -kLo minio https://dl.min.io/server/minio/release/linux-amd64/archive/minio.${MINIO_VERSION}"
-        ensure_success $sh_c "chmod +x minio"
-        ensure_success $sh_c "install minio /usr/local/bin"
-    fi
-
-    $sh_c "groupadd -r minio >/dev/null; true"
-    $sh_c "useradd -M -r -g minio minio >/dev/null; true"
-}
-
-install_minio_operator(){
-    MINIO_OPERATOR_VERSION="v0.0.1"
-    MINIO_OPERATOR="/usr/local/bin/minio-operator"
-
-    if [ ! -f "$MINIO_OPERATOR" ]; then
-        ensure_success $sh_c "curl ${CURL_TRY} -k -sfLO https://github.com/beclab/minio-operator/releases/download/${MINIO_OPERATOR_VERSION}/minio-operator-${MINIO_OPERATOR_VERSION}-linux-amd64.tar.gz"
-	    ensure_success $sh_c "tar zxf minio-operator-${MINIO_OPERATOR_VERSION}-linux-amd64.tar.gz"
-        ensure_success $sh_c "install -m 755 minio-operator $MINIO_OPERATOR"
-    fi
-}
-
-while getopts ":a:s:n:v:" o; do
-    case "${o}" in
-        u)
-            u=${OPTARG}
-            ;;
-        a)
-            a=${OPTARG}
-            ;;
-        s)
-            s=${OPTARG}
-            ;;
-        n)
-            n=${OPTARG}
-            ;;
-        v)
-            v=${OPTARG}
-            ;;
-        *)
-            usage
-            ;;
-    esac
-done
-shift $((OPTIND-1))
-
-if [ -z "${a}" ]  || [ -z "${v}" ]; then
-    usage
-fi
-
-if ["x$a" != "xnode" ] || ["x$a" != "xdriver" ]; then
-    usage
-fi    
-
-if [[ "x$a" == "xnode"  && ( -z "$n"  ||  -z "${s}" ) ]] ; then
-    echo "master ip or node ip is not provided"
-    usage
-fi
-
-set -eo pipefail
-
-ACTION="$a"
-MASTER_NODE="$s"
-NODE="$n"
-VOLUMES="$v"
-
-if [ ! -z "${u}" ]; then
-    MASTER_USER="${u}"
-fi
-
-get_shell_exec
-
-copy_keyfiles "${MASTER_NODE}"
-
-install_minio
-
-install_minio_operator
-
-ETCD_CAFILE="/etc/ssl/etcd/ssl/ca.pem"
-ETCD_CERTFILE=$(find /etc/ssl/etcd/ssl/ -type f -name node-*.pem|grep -v key)
-ETCD_KEYFILE=$(find /etc/ssl/etcd/ssl/ -type f -name node-*.pem|grep key)
-ETCD_SERVER="${MASTER_NODE}:2379"
-
-args="--cafile ${ETCD_CAFILE} --certfile ${ETCD_CERTFILE} --keyfile ${ETCD_KEYFILE} --volume ${VOLUMES}"
-
-if [ "x$ACTION" == "xnode" ]; then
-    args+=" --server ${ETCD_SERVER} --address ${NODE}"
-fi
-
-ensure_success $sh_c "$MINIO_OPERATOR add $ACTION $args"

build/installer/uninstall_cmd.sh

@@ -1,136 +0,0 @@
-#!/usr/bin/env bash
-
-ERR_EXIT=1
-RM=$(command -v rm)
-BASE_DIR=$(dirname $(realpath -s $0))
-CURL_TRY="--connect-timeout 30 --retry 5 --retry-delay 1 --retry-max-time 10 "
-KKE_FILE="/etc/kke/version"
-
-command_exists() {
-	command -v "$@" > /dev/null 2>&1
-}
-
-precheck_os() {
-    local ip os_type os_arch
-
-    # check os type and arch and os vesion
-    os_type=$(uname -s)
-    os_arch=$(uname -m)
-    os_verion=$(lsb_release -d 2>&1 | awk -F'\t' '{print $2}')
-
-    case "$os_arch" in 
-        arm64) ARCH=arm64; ;; 
-        x86_64) ARCH=amd64; ;; 
-        armv7l) ARCH=arm; ;; 
-        aarch64) ARCH=arm64; ;; 
-        ppc64le) ARCH=ppc64le; ;; 
-        s390x) ARCH=s390x; ;; 
-        *) echo "unsupported arch, exit ..."; 
-        exit -1; ;; 
-    esac 
-
-     OS_ARCH="$os_arch"
-}
-
-
-get_shell_exec(){
-    user="$(id -un 2>/dev/null || true)"
-
-	sh_c='sh -c'
-	if [ "$user" != 'root' ]; then
-		if command_exists sudo && command_exists su; then
-			sh_c='sudo su -c'
-		else
-			cat >&2 <<-'EOF'
-			Error: this installer needs the ability to run commands as root.
-			We are unable to find either "sudo" or "su" available to make this happen.
-			EOF
-			exit $ERR_EXIT
-		fi
-	fi
-}
-
-ensure_success() {
-    "$@"
-    local ret=$?
-
-    if [ $ret -ne 0 ]; then
-        echo "Fatal error, command: '$*'"
-        exit $ret
-    fi
-
-    return $ret
-}
-
-log_info() {
-    local msg now
-
-    msg="$*"
-    now=$(date +'%Y-%m-%d %H:%M:%S.%N %z')
-    echo -e "\n\033[38;1m${now} [INFO] ${msg} \033[0m" 
-}
-
-remove_cluster(){
-    CLI_VERSION="0.1.12"
-    forceUninstall="${FORCE_UNINSTALL_CLUSTER}"
-    forceDeleteCache="false"
-
-    version="${TERMINUS_IS_CLOUD_VERSION}"
-    storage="${STORAGE}"
-    s3_bucket="${S3_BUCKET}"
-
-    log_info 'remove kubernetes cluster'
-
-    local cli_tar="${BASE_DIR}/terminus-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
-    if [ ! -f "${cli_tar}" ]; then
-        ensure_success $sh_c "curl ${CURL_TRY} -kL -o ${BASE_DIR}/terminus-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz https://github.com/beclab/Installer/releases/download/${CLI_VERSION}/terminus-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
-    fi
-    ensure_success $sh_c "tar xvf ${BASE_DIR}/terminus-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz -C ${BASE_DIR}"
-    ensure_success $sh_c "chmod +x ${BASE_DIR}/terminus-cli"
-
-    if [ -z "$forceUninstall" ]; then
-        echo
-        read -r -p "Are you sure to delete this cluster? [yes/no]: " ans </dev/tty
-
-        if [ x"$ans" != x"yes" ]; then
-            echo "exiting..."
-            exit
-        fi
-    fi
-
-    if [ ! -z "$forceUninstall" ]; then
-      forceDeleteCache="true"
-    fi
-
-
-    $sh_c "export DELETE_CACHE=${forceDeleteCache} && export TERMINUS_IS_CLOUD_VERSION=${version} && ${BASE_DIR}/terminus-cli terminus uninstall --delete-cri --storage-type=${storage} --storage-bucket=${s3_bucket}"
-
-    [ -f $KKE_FILE ] && $sh_c "${RM} -f $KKE_FILE"
-}
-
-set -o pipefail
-set -e
-
-if [ ! -f '/var/run/lock/.installed' ]; then
-    exit 0
-fi
-
-get_shell_exec
-precheck_os
-
-INSTALL_DIR=/tmp/install_log
-
-[[ -d ${INSTALL_DIR} ]] && $sh_c "${RM} -rf ${INSTALL_DIR}" 
-mkdir -p ${INSTALL_DIR} && cd ${INSTALL_DIR}
-
-log_info 'Uninstalling OS ...'
-remove_cluster
-
-cd -
-$sh_c "${RM} -rf /tmp/install_log"
-[[ -d install-wizard ]] && ${RM} -rf install-wizard
-set +o pipefail
-ls |grep install-wizard*.tar.gz | while read ar; do  ${RM} -f ${ar}; done
-
-${RM} -rf /var/run/lock/.installed
-log_info 'Uninstall OS success! '

build/installer/uninstall_macos.sh

@@ -1,82 +0,0 @@
-#!/bin/bash
-
-command_exists() {
-	command -v "$@" > /dev/null 2>&1
-}
-
-precheck_os() {
-    local ip os_type os_arch
-
-    # check os type and arch and os vesion
-    os_type=$(uname -s)
-    os_arch=$(uname -m)
-    os_verion=$(lsb_release -d 2>&1 | awk -F'\t' '{print $2}')
-
-    case "$os_arch" in 
-        arm64) ARCH=arm64; ;; 
-        x86_64) ARCH=amd64; ;; 
-        armv7l) ARCH=arm; ;; 
-        aarch64) ARCH=arm64; ;; 
-        ppc64le) ARCH=ppc64le; ;; 
-        s390x) ARCH=s390x; ;; 
-        *) echo "unsupported arch, exit ..."; 
-        exit -1; ;; 
-    esac 
-
-     OS_ARCH="$os_arch"
-}
-
-
-get_shell_exec(){
-    user="$(id -un 2>/dev/null || true)"
-
-	sh_c='sh -c'
-	if [ "$user" != 'root' ]; then
-		if command_exists sudo && command_exists su; then
-			sh_c='sudo su -c'
-		else
-			cat >&2 <<-'EOF'
-			Error: this installer needs the ability to run commands as root.
-			We are unable to find either "sudo" or "su" available to make this happen.
-			EOF
-			exit $ERR_EXIT
-		fi
-	fi
-}
-
-
-ensure_success() {
-    "$@"
-    local ret=$?
-
-    if [ $ret -ne 0 ]; then
-        echo "Fatal error, command: '$*'"
-        exit $ret
-    fi
-
-    return $ret
-}
-
-log_info() {
-    local msg now
-
-    msg="$*"
-    now=$(date +'%Y-%m-%d %H:%M:%S.%N %z')
-    echo -e "\n\033[38;1m${now} [INFO] ${msg} \033[0m" 
-}
-
-get_shell_exec
-precheck_os
-
-CLI_VERSION="0.1.12"
-CLI_FILENAME="terminus-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
-CLI_URL="https://github.com/beclab/Installer/releases/download/${CLI_VERSION}/terminus-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
-
-
-cli_tar="terminus-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
-if [ ! -f "${CLI_FILENAME}" ]; then
-    curl -Lo ${CLI_FILENAME} ${CLI_URL}
-fi
-tar xvf terminus-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz; chmod +x terminus-cli
-
-./terminus-cli terminus uninstall --minikube

build/installer/upgrade_cmd.sh

@@ -146,7 +146,7 @@ function get_app_key_secret(){
 
 function get_app_settings(){
     local username=$1
-    local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "devbox" "profile" "agent" "files")
+    local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "studio" "profile" "agent" "files")
     for a in ${apps[@]};do
         ks=($(get_app_key_secret "$username" "$a"))
         echo '
@@ -175,7 +175,7 @@ function gen_bfl_values(){
     echo '
 bfl:
   nodeport: '${user_bfl_port}'
-  username: '${username}'
+  username: "'${username}'"
 
   userspace_rand16: '${userspace_rand16}'
   userspace_pv: '${pvc_path[2]}'
@@ -263,7 +263,16 @@ function get_appservice_pod(){
 }
 
 function get_appservice_status(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].status.phase}'"
+    local s=$($sh_c "${KUBECTL} get pods app-service-0 -n os-system --no-headers|awk '{print \$3}'")
+    if [[ $s == "Running" ]]; then
+        local ip=$($sh_c "${KUBECTL} get svc -n os-system app-service --no-headers|awk '{print \$3}'")
+        curl -SsIk https://${ip}:8433 > /dev/null
+        if [[ $? -ne 0 ]]; then
+            echo "initializing"
+        fi
+    fi
+
+    echo "$s"
 }
 
 function get_desktop_status(){
@@ -279,7 +288,34 @@ function get_vault_status(){
 
 function get_bfl_status(){
     local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].status.phase}'"
+    $sh_c "${KUBECTL} get pods bfl-0 -n user-space-${username} --no-headers|awk '{print \$3}'"
+}
+
+function get_fileserver_status(){
+    $sh_c "${KUBECTL} get pod  -n os-system -l 'app=files' -o jsonpath='{.items[*].status.phase}'"
+}
+
+function get_filefe_status(){
+    local username=$1
+    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=files' -o jsonpath='{.items[*].status.phase}'"
+}
+
+function check_fileserver(){
+    local status=$(get_fileserver_status)
+    local n=0
+    while [ "x${status}" != "xRunning" ]; do
+        n=$(expr $n + 1)
+        local dotn=$(($n % 10))
+        local dot=$(repeat $dotn '>')
+
+        echo -ne "\rWaiting for file-server starting ${dot}"
+        sleep 0.5
+
+        status=$(get_fileserver_status)
+        echo -ne "\rWaiting for file-server starting          "
+
+    done
+    echo
 }
 
 function check_appservice(){
@@ -300,6 +336,25 @@ function check_appservice(){
     echo
 }
 
+function check_filesfe(){
+    local username=$1
+    local status=$(get_filefe_status ${username})
+    local n=0
+    while [ "x${status}" != "xRunning" ]; do
+        n=$(expr $n + 1)
+        local dotn=$(($n % 10))
+        local dot=$(repeat $dotn '>')
+
+        echo -ne "\rPlease waiting ${dot}"
+        sleep 0.5
+
+        status=$(get_filefe_status ${username})
+        echo -ne "\rPlease waiting          "
+
+    done
+    echo
+}
+
 function check_bfl(){
     local username=$1
     local status=$(get_bfl_status ${username})
@@ -405,7 +460,7 @@ function upgrade_ksapi(){
 
 function upgrade_jfs(){
     local users=$@
-    local JFS_VERSION="11.1.0"
+    local JFS_VERSION="11.1.1"
     local current_jfs_version=$(/usr/local/bin/juicefs --version|awk '{print $3}'|awk -F'+' '{print $1}')
 
     if [ "x${JFS_VERSION}" != "x${current_jfs_version}" ]; then
@@ -425,7 +480,7 @@ function upgrade_jfs(){
         ensure_success $sh_c "${KUBECTL} rollout restart sts app-service -n os-system"
 
         local tf=$(mktemp)
-        ensure_success $sh_c "${KUBECTL} get deployment -A -o jsonpath='{range .items[*]}{.metadata.name} {.metadata.namespace} {.spec.template.spec.volumes}{\"\n\"}{end}' | grep '/terminus/rootfs'" > $tf
+        ensure_success $sh_c "${KUBECTL} get deployment -A -o jsonpath='{range .items[*]}{.metadata.name} {.metadata.namespace} {.spec.template.spec.volumes}{\"\n\"}{end}' | grep '/olares/rootfs'" > $tf
         while read dep; do
             local depinfo=($dep)
             ensure_success $sh_c "${KUBECTL} rollout restart deployment ${depinfo[0]} -n ${depinfo[1]}"
@@ -473,17 +528,40 @@ function upgrade_terminus(){
     # upgrade_jfs ${users[@]}
     local selfhosted=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.selfhosted}'")
     local domainname=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.domainName}'")
+    local current_version=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.version}'")
     sed -i "s/#__DOMAIN_NAME__/${domainname}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
     sed -i "s/#__SELFHOSTED__/${selfhosted}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
 
-    echo "Upgrading terminus system components ... "
+    echo "Upgrading olares system components ... "
     gen_settings_values ${admin_user}
-    ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings -n default --reuse-values"
+    ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings -n default --reuse-values --atomic"
+
+    local new_version=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.version}'")
+    if [ "$new_version" == "$current_version" ]; then
+        echo "get new version error, try to get from file"
+        new_version=$(grep version ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml|awk '{print $2}')
+        echo "find new version from file: ${new_version}"        
+    fi
+    $sh_c "${KUBECTL} patch terminus terminus --type=merge  --patch='{\"spec\": {\"version\":\"${current_version}\"}}'"
 
     # patch
     ensure_success $sh_c "${KUBECTL} apply -f ${BASE_DIR}/deploy/patch-globalrole-workspace-manager.yaml"
     ensure_success $sh_c "$KUBECTL apply -f ${BASE_DIR}/deploy/patch-notification-manager.yaml"
 
+    echo "Upgrading admin ${admin_user}'s launcher ... "
+    gen_bfl_values ${admin_user}
+
+    # gen bfl app key and secret
+    bfl_ks=($(get_app_key_secret ${admin_user} "bfl"))
+
+    # install launcher , and init pv
+    ensure_success $sh_c "${HELM} upgrade -i launcher-${admin_user} ${BASE_DIR}/wizard/config/launcher -n user-space-${admin_user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
+
+    echo 'Starting BFL ...'
+    check_bfl ${admin_user}
+    echo
+
+
     # clear apps values.yaml
     cat /dev/null > ${BASE_DIR}/wizard/config/apps/values.yaml
     cat /dev/null > ${BASE_DIR}/wizard/config/launcher/values.yaml
@@ -494,44 +572,8 @@ function upgrade_terminus(){
     done
 
     local ks_redis_pwd=$($sh_c "${KUBECTL} get secret -n kubesphere-system redis-secret -o jsonpath='{.data.auth}' |base64 -d")
-    for user in ${users[@]}; do
-        echo "Upgrading user ${user} ... "
-        gen_bfl_values ${user}
 
-        # gen bfl app key and secret
-        bfl_ks=($(get_app_key_secret ${user} "bfl"))
-
-        # install launcher , and init pv
-        ensure_success $sh_c "${HELM} upgrade -i launcher-${user} ${BASE_DIR}/wizard/config/launcher -n user-space-${user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
-
-        gen_app_values ${user}
-        close_apps ${user}
-
-        for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
-          if [ -d "$appdir" ]; then
-            releasename=$(basename "$appdir")
-            if [ "$user" != "$admin_user" ];then
-                releasename=${releasename}-${user}
-            fi
-            ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${user} --reuse-values --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
-          fi
-        done
-
-    done
-
-    echo 'Waiting for Vault ...'
-    check_vault ${admin_user}
-    echo
-
-    echo 'Starting BFL ...'
-    check_bfl ${admin_user}
-    echo
-
-    echo 'Starting Desktop ...'
-    check_desktop ${admin_user}
-    echo
-
-    # upgrade app service in the last. keep app service online longer
+    # upgrade app service 
     local terminus_is_cloud_version=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.terminus-is-cloud-version}'")
     local backup_cluster_bucket=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-cluster-bucket}'")
     local backup_key_prefix=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-key-prefix}'")
@@ -543,24 +585,77 @@ function upgrade_terminus(){
         --set backup.key_prefix=\"${backup_key_prefix}\" --set backup.is_cloud_version=\"${terminus_is_cloud_version}\" \
         --set backup.sync_secret=\"${backup_secret}\""
 
+    local market_provider=$($sh_c "${KUBECTL} get deploy -n user-space-${admin_user}  market-deployment -o jsonpath='{.spec.template.spec.containers[1].env[?(@.name==\"MARKET_PROVIDER\")].value }'")
+    if [ "$market_provider" != "" ]; then
+        $sh_c "${KUBECTL} set env sts/app-service -n os-system MARKET_PROVIDER=${market_provider}"
+    fi
+
     echo 'Waiting for App-Service ...'
-    check_appservice
+    sleep 2 # wait for controller reconiling
     echo
 
-    # upgrade_ksapi ${users[@]}
-    # echo
+    # update kvrocks namespace
+    $sh_c "${KUBECTL} rollout restart deployment tapr-middleware -n os-system"
 
-    local gpu=$($sh_c "${KUBECTL} get ds -n gpu-system orionx-server -o jsonpath='{.meta.name}'")
-    if [ "x$gpu" != "x" ]; then
-        echo "upgrade"
-        local GPU_DOMAIN=$($sh_c "${KUBECTL} get ds -n gpu-system orionx-server -o jsonpath='{.meta.annotations.gpu-server}'")
-        ensure_success $sh_c "${HELM} upgrade -i gpu ${BASE_DIR}/wizard/config/gpu -n gpu-system --set gpu.server=${GPU_DOMAIN} --reuse-values"
-    fi
+    for user in ${users[@]}; do
+        check_appservice
+        echo "Upgrading user ${user} ... "
+        gen_bfl_values ${user}
+
+        if [ "$user" != "$admin_user" ];then
+            # gen bfl app key and secret
+            bfl_ks=($(get_app_key_secret ${user} "bfl"))
+
+            # install launcher , and init pv
+            ensure_success $sh_c "${HELM} upgrade -i launcher-${user} ${BASE_DIR}/wizard/config/launcher -n user-space-${user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
+        fi
+
+        gen_app_values ${user}
+        close_apps ${user}
+
+        for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
+          if [ -d "$appdir" ]; then
+            releasename=$(basename "$appdir")
+
+            # ignore wizard
+            # FIXME: unintitialized user's wizard should be upgrade
+            if [ x"${releasename}" == x"wizard" ]; then 
+                continue
+            fi
+
+            if [ "$user" != "$admin_user" ];then
+                releasename=${releasename}-${user}
+            fi
+            ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${user} --reuse-values --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
+          fi
+        done
+
+        # update user market env
+        if [[ "$user" != "$admin_user" && "$market_provider" != "" ]];then
+            $sh_c "${KUBECTL} set env deployment/market-deployment -n user-space-${user} MARKET_PROVIDER=${market_provider}"
+        fi
+
+    done
+
+    echo 'Waiting for Vault ...'
+    check_vault ${admin_user}
+    echo
+
+    echo 'Starting files ...'
+    check_fileserver
+    check_filesfe ${admin_user}
+    echo
+
+    echo 'Starting Desktop ...'
+    check_desktop ${admin_user}
+    echo
+
+    $sh_c "${KUBECTL} patch terminus terminus --type=merge  --patch='{\"spec\": {\"version\":\"${new_version}\"}}'"
 }
 
 
-echo "Start to upgrade terminus ... "
+echo "Start to upgrade olares ... "
 
 upgrade_terminus
 
-echo -e "\e[91m Success to upgrade terminus.\e[0m Open your new desktop in the browser and have fun !"
+echo -e "\e[91m Success to upgrade olares.\e[0m Open your new desktop in the browser and have fun !"

build/installer/version.hint

@@ -1,2 +1,2 @@
 upgrade:
-  minVersion: 1.8.0-0000000
+  minVersion: 1.11.0-0000000

build/installer/wizard/config/account/templates/account.yaml

@@ -7,14 +7,14 @@ metadata:
     iam.kubesphere.io/uninitialized: "true"
     helm.sh/resource-policy: keep
     bytetrade.io/owner-role: platform-admin
-    bytetrade.io/terminus-name: {{.Values.user.terminus_name}}
+    bytetrade.io/terminus-name: "{{.Values.user.terminus_name}}"
     bytetrade.io/launcher-auth-policy: two_factor
     bytetrade.io/launcher-access-level: "1"
 {{ if .Values.nat_gateway_ip }}
     bytetrade.io/nat-gateway-ip: {{ .Values.nat_gateway_ip }}
 {{ end }}            
 spec:
-  email: {{.Values.user.email}}
-  password: {{.Values.user.password}}
+  email: "{{.Values.user.email}}"
+  password: "{{.Values.user.password}}"
 status:
   state: Active

build/installer/wizard/config/settings/templates/globalrole-binding.yaml

@@ -6,8 +6,8 @@ metadata:
   creationTimestamp: "2022-09-26T12:19:42Z"
   generation: 1
   labels:
-    iam.kubesphere.io/user-ref: {{ .Values.user.name }}
-  name: {{ .Values.user.name }}
+    iam.kubesphere.io/user-ref: '{{ .Values.user.name }}'
+  name: '{{ .Values.user.name }}'
 roleRef:
   apiGroup: iam.kubesphere.io
   kind: GlobalRole
@@ -15,4 +15,4 @@ roleRef:
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: User
-  name: {{ .Values.user.name }}
+  name: '{{ .Values.user.name }}'

build/installer/wizard/config/settings/templates/system_namespace.yaml

@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    kubesphere.io/creator: {{ .Values.user.name }}
+    kubesphere.io/creator: '{{ .Values.user.name }}'
   labels:
     kubesphere.io/workspace: system-workspace
   name: os-system

build/installer/wizard/config/settings/templates/terminus_cr.yaml

@@ -30,7 +30,8 @@ spec:
       owner: beclab
       repo: terminus
   settings: 
-    domainName: "#__DOMAIN_NAME__"
-    selfhosted: "#__SELFHOSTED__"
+    domainName: '{{ .Values.domainName }}'
+    selfhosted: '{{ .Values.selfHosted }}'
+    terminusd: '{{ .Values.terminusd }}'
 status:
   state: active

build/installer/wizard/config/settings/templates/user-namespace.yaml

@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    kubesphere.io/creator: {{ .Values.user.name }}
+    kubesphere.io/creator: '{{ .Values.user.name }}'
   finalizers:
   - finalizers.kubesphere.io/namespaces
   labels:

build/installer/wizard/config/settings/templates/user-namespacerole-binding.yaml

@@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    iam.kubesphere.io/user-ref: {{ .Values.user.name }}
+    iam.kubesphere.io/user-ref: '{{ .Values.user.name }}'
   name: {{ .Values.user.name }}-{{ .Values.namespace.role }}
   namespace: {{ .Values.namespace.name }}
 roleRef:
@@ -14,4 +14,4 @@ roleRef:
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: User
-  name: {{ .Values.user.name }}
+  name: '{{ .Values.user.name }}'

build/installer/wizard/config/settings/templates/user-system-ns.yaml

@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    kubesphere.io/creator: {{ .Values.user.name }}
+    kubesphere.io/creator: '{{ .Values.user.name }}'
   finalizers:
   - finalizers.kubesphere.io/namespaces
   labels:

build/installer/wizard/config/settings/templates/user-systemrole-binding.yaml

@@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    iam.kubesphere.io/user-ref: {{ .Values.user.name }}
+    iam.kubesphere.io/user-ref: '{{ .Values.user.name }}'
   name: {{ .Values.user.name }}-{{ .Values.namespace.role }}
   namespace: user-system-{{ .Values.user.name }}
 roleRef:
@@ -14,4 +14,4 @@ roleRef:
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: User
-  name: {{ .Values.user.name }}
+  name: '{{ .Values.user.name }}'

build/installer/wizard/config/settings/templates/workspacerole-binding.yaml

@@ -5,9 +5,9 @@ kind: WorkspaceRoleBinding
 metadata:
   generation: 1
   labels:
-    iam.kubesphere.io/user-ref: {{.Values.user.name}}
+    iam.kubesphere.io/user-ref: '{{.Values.user.name}}'
     kubesphere.io/workspace: system-workspace
-  name: {{.Values.user.name}}
+  name: '{{.Values.user.name}}'
 roleRef:
   apiGroup: iam.kubesphere.io
   kind: WorkspaceRole
@@ -15,4 +15,4 @@ roleRef:
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: User
-  name: {{.Values.user.name}}
+  name: '{{.Values.user.name}}'

build/manifest/components

@@ -0,0 +1,24 @@
+olaresd-v1.11.7.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.11.7-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.11.7-linux-arm64.tar.gz,olaresd
+socat-1.7.3.2.tar.gz,pkg/components,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,socat
+conntrack-tools-1.4.1.tar.gz,pkg/components,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,conntrack-tools
+minio.RELEASE.2023-05-04T21-44-30Z,pkg/components,https://dl.min.io/server/minio/release/linux-amd64/archive/minio.RELEASE.2023-05-04T21-44-30Z,https://dl.min.io/server/minio/release/linux-arm64/archive/minio.RELEASE.2023-05-04T21-44-30Z,minio
+minio-operator-v0.0.1.tar.gz,pkg/components,https://github.com/beclab/minio-operator/releases/download/v0.0.1/minio-operator-v0.0.1-linux-amd64.tar.gz,https://github.com/beclab/minio-operator/releases/download/v0.0.1/minio-operator-v0.0.1-linux-arm64.tar.gz,minio-operator
+redis-5.0.14.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/redis-5.0.14_linux_amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/redis-5.0.14_linux_arm64.tar.gz,redis
+redis-5.0.14-glibc-231.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/redis-5.0.14_linux_amd64-glibc-231.tar.gz,https://dc3p1870nn3cj.cloudfront.net/redis-5.0.14_linux_arm64.tar.gz,redis-231
+juicefs-v11.1.1.tar.gz,pkg/components,https://github.com/beclab/juicefs-ext/releases/download/v11.1.1/juicefs-v11.1.1-linux-amd64.tar.gz,https://github.com/beclab/juicefs-ext/releases/download/v11.1.1/juicefs-v11.1.1-linux-arm64.tar.gz,juicefs
+velero-v1.11.3.tar.gz,pkg/components,https://github.com/beclab/velero/releases/download/v1.11.3/velero-v1.11.3-linux-amd64.tar.gz,https://github.com/beclab/velero/releases/download/v1.11.3/velero-v1.11.3-linux-arm64.tar.gz,velero
+apparmor_4.0.1-0ubuntu1.deb,pkg/components,https://launchpad.net/ubuntu/+source/apparmor/4.0.1-0ubuntu1/+build/28428840/+files/apparmor_4.0.1-0ubuntu1_amd64.deb,https://launchpad.net/ubuntu/+source/apparmor/4.0.1-0ubuntu1/+build/28428841/+files/apparmor_4.0.1-0ubuntu1_arm64.deb,apparmor
+
+ubuntu2404_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64/cuda-keyring_1.1-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/arm64/cuda-keyring_1.1-1_all.deb,ubuntu-24.04_cuda-keyring_1.1-1
+ubuntu2204_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.1-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/arm64/cuda-keyring_1.1-1_all.deb,ubuntu-22.04_cuda-keyring_1.1-1
+ubuntu2204_cuda-keyring_1.0-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.0-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/arm64/cuda-keyring_1.0-1_all.deb,ubuntu-22.04_cuda-keyring_1.0-1
+ubuntu2004_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.1-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/arm64/cuda-keyring_1.1-1_all.deb,ubuntu-20.04_cuda-keyring_1.1-1
+ubuntu2004_cuda-keyring_1.0-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.0-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/arm64/cuda-keyring_1.0-1_all.deb,ubuntu-20.04_cuda-keyring_1.0-1
+debian12_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64/cuda-keyring_1.1-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/arm64/cuda-keyring_1.1-1_all.deb,debian-12_cuda-keyring_1.1-1
+debian11_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/debian11/x86_64/cuda-keyring_1.1-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/arm64/cuda-keyring_1.1-1_all.deb,debian-11_cuda-keyring_1.1-1
+
+libnvidia-gpgkey,pkg/components,https://nvidia.github.io/libnvidia-container/gpgkey,https://nvidia.github.io/libnvidia-container/gpgkey,libnvidia-gpgkey
+libnvidia-container.list,pkg/components,https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list,https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list,libnvidia-container.list
+
+restic-linux-0.17.3,pkg/components,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_linux_amd64.bz2,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_linux_arm64.bz2,restic
+restic-darwin-0.17.3,pkg/components,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_darwin_amd64.bz2,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_darwin_arm64.bz2,restic

build/manifest/dependencies.amd64

@@ -1,42 +0,0 @@
-[components] format: url,filename
-https://github.com/beclab/kubekey-ext/releases/download/0.1.23/kubekey-ext-v0.1.23-linux-amd64.tar.gz,
-https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,
-
-https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,
-
-https://dl.min.io/server/minio/release/linux-amd64/archive/minio.RELEASE.2023-05-04T21-44-30Z,
-https://github.com/beclab/minio-operator/releases/download/v0.0.1/minio-operator-v0.0.1-linux-amd64.tar.gz,
-
-https://download.redis.io/releases/redis-5.0.14.tar.gz,
-
-https://github.com/beclab/juicefs-ext/releases/download/v11.1.0/juicefs-v11.1.0-linux-amd64.tar.gz,
-
-https://github.com/beclab/velero/releases/download/v1.11.3/velero-v1.11.3-linux-amd64.tar.gz,
-
-https://launchpad.net/ubuntu/+source/apparmor/4.0.1-0ubuntu1/+build/28428840/+files/apparmor_4.0.1-0ubuntu1_amd64.deb,
-
-https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64/cuda-keyring_1.1-1_all.deb,ubuntu2404_cuda-keyring_1.1-1_all.deb
-https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.0-1_all.deb,ubuntu2204_cuda-keyring_1.0-1_all.deb
-https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.0-1_all.deb,ubuntu2004_cuda-keyring_1.0-1_all.deb
-https://nvidia.github.io/libnvidia-container/gpgkey,
-
-
-[pkg] format: url,path,filename,special
-https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,cni/v0.9.1,,
-https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz,cni/v1.1.1,,
-
-https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz,containerd/1.6.4,,
-
-https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.0/crictl-v1.24.0-linux-amd64.tar.gz,crictl/v1.24.0,,
-
-https://github.com/coreos/etcd/releases/download/v3.4.13/etcd-v3.4.13-linux-amd64.tar.gz,etcd/v3.4.13,,
-
-https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz,helm/v3.9.0,,helm
-
-https://github.com/k3s-io/k3s/releases/download/v1.21.4+k3s1/k3s,kube/v1.21.4,,
-https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubeadm,kube/v1.22.10,,
-https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubelet,kube/v1.22.10,,
-https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubectl,kube/v1.22.10,,
-
-https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64,runc/v1.1.1,,
-https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64,runc/v1.1.4,,

build/manifest/dependencies.arm64

@@ -1,42 +0,0 @@
-[components] format: url,filename
-https://github.com/beclab/kubekey-ext/releases/download/0.1.23/kubekey-ext-v0.1.23-linux-arm64.tar.gz,
-https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,
-
-https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,
-
-https://dl.min.io/server/minio/release/linux-arm64/archive/minio.RELEASE.2023-05-04T21-44-30Z,
-https://github.com/beclab/minio-operator/releases/download/v0.0.1/minio-operator-v0.0.1-linux-arm64.tar.gz,
-
-https://download.redis.io/releases/redis-5.0.14.tar.gz,
-
-https://github.com/beclab/juicefs-ext/releases/download/v11.1.0/juicefs-v11.1.0-linux-arm64.tar.gz,
-
-https://github.com/beclab/velero/releases/download/v1.11.3/velero-v1.11.3-linux-arm64.tar.gz,
-
-https://launchpad.net/ubuntu/+source/apparmor/4.0.1-0ubuntu1/+build/28428841/+files/apparmor_4.0.1-0ubuntu1_arm64.deb,
-
-https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64/cuda-keyring_1.1-1_all.deb,ubuntu2404_cuda-keyring_1.1-1_all.deb
-https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.0-1_all.deb,ubuntu2204_cuda-keyring_1.0-1_all.deb
-https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.0-1_all.deb,ubuntu2004_cuda-keyring_1.0-1_all.deb
-https://nvidia.github.io/libnvidia-container/gpgkey,
-
-
-[pkg] format: url,path,filename,special
-https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,cni/v0.9.1,,
-https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-arm64-v1.1.1.tgz,cni/v1.1.1,,
-
-https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz,containerd/1.6.4,,
-
-https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.0/crictl-v1.24.0-linux-arm64.tar.gz,crictl/v1.24.0,,
-
-https://github.com/coreos/etcd/releases/download/v3.4.13/etcd-v3.4.13-linux-arm64.tar.gz,etcd/v3.4.13,,
-
-https://get.helm.sh/helm-v3.9.0-linux-arm64.tar.gz,helm/v3.9.0,,helm
-
-https://github.com/k3s-io/k3s/releases/download/v1.21.4+k3s1/k3s,kube/v1.21.4,,
-https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/arm64/kubeadm,kube/v1.22.10,,
-https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/arm64/kubelet,kube/v1.22.10,,
-https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/arm64/kubectl,kube/v1.22.10,,
-
-https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.arm64,runc/v1.1.1,,
-https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.arm64,runc/v1.1.4,,

build/manifest/images

@@ -1,4 +1,4 @@
-beclab/ks-apiserver:v3.3.0-ext-3
+beclab/ks-apiserver:v3.3.0-ext-5
 beclab/kube-state-metrics:v2.3.0-ext
 beclab/notification-manager-ext:v0.1.1-ext
 beclab/notification-manager-operator-ext:v0.1.0-ext
@@ -11,7 +11,6 @@ calico/node:v3.23.2
 calico/node:v3.27.3
 calico/pod2daemon-flexvol:v3.23.2
 beclab/citus:12.2
-coredns/coredns:1.8.0
 csiplugin/snapshot-controller:v4.0.0
 beclab/ks-installer-ext:v0.1.9-ext
 kubesphere/k8s-dns-node-cache:1.15.12
@@ -54,14 +53,12 @@ quay.io/argoproj/workflow-controller:v3.5.0
 redis:5.0.14-alpine
 beclab/velero:v1.11.3
 beclab/velero-plugin-for-terminus:v1.0.2
-rancher/coredns-coredns:1.8.3
-rancher/mirrored-coredns-coredns:1.9.1
-beclab/l4-bfl-proxy:v0.2.6
+beclab/l4-bfl-proxy:v0.2.8
 gcr.io/k8s-minikube/storage-provisioner:v5
 owncloudci/wait-for:latest
-beclab/recommend-argotask:v0.0.5
+beclab/recommend-argotask:v0.0.12
 nvcr.io/nvidia/k8s-device-plugin:v0.16.1
-bytetrade/nvshare:libnvshare
+beclab/nvshare:libnvshare-v0.0.1
 bytetrade/nvshare:nvshare-device-plugin
 bytetrade/nvshare:nvshare-scheduler
 beclab/nats-server-config-reloader:v1
@@ -70,3 +67,7 @@ rancher/mirrored-library-busybox:1.34.1
 rancher/mirrored-library-traefik:2.6.2
 rancher/mirrored-metrics-server:v0.5.2
 rancher/mirrored-pause:3.6
+beclab/reverse-proxy:v0.1.9
+beclab/upgrade-job:0.1.7
+bytetrade/envoy:v1.25.11.1
+alpine:3.14

build/manifest/images.node.mf

@@ -4,6 +4,6 @@ calico/node:v3.23.2
 kubesphere/kube-rbac-proxy:v0.11.0
 prom/node-exporter:v1.3.1
 beclab/image-service:0.2.12
-beclab/osnode-init:v0.0.8
+beclab/osnode-init:v0.0.10
 beclab/files-server:v0.2.24
 beclab/fsnotify-daemon:0.1.1

build/manifest/pkgs

@@ -0,0 +1,12 @@
+cni-plugins-v0.9.1.tgz,pkg/cni/v0.9.1,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,cni-plugins-k3s
+cni-plugins-v1.1.1.tgz,pkg/cni/v1.1.1,https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-arm64-v1.1.1.tgz,cni-plugins-k8s
+containerd-1.6.4.tar.gz,pkg/containerd/1.6.4,https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz,https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz,containerd
+crictl-v1.24.0-linux-amd64.tar.gz,pkg/crictl/v1.24.0,https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.0/crictl-v1.24.0-linux-amd64.tar.gz,https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.0/crictl-v1.24.0-linux-arm64.tar.gz,crictl
+etcd-v3.4.13.tar.gz,pkg/etcd/v3.4.13,https://github.com/coreos/etcd/releases/download/v3.4.13/etcd-v3.4.13-linux-amd64.tar.gz,https://github.com/coreos/etcd/releases/download/v3.4.13/etcd-v3.4.13-linux-arm64.tar.gz,etcd
+helm-v3.9.0.tar.gz,pkg/helm/v3.9.0,https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz,https://get.helm.sh/helm-v3.9.0-linux-arm64.tar.gz,helm
+k3s,pkg/kube/v1.21.5,https://github.com/k3s-io/k3s/releases/download/v1.21.5+k3s1/k3s,https://github.com/k3s-io/k3s/releases/download/v1.21.5+k3s1/k3s-arm64,k3s
+kubeadm,pkg/kube/v1.22.10,https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubeadm,https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/arm64/kubeadm,kubeadm
+kubelet,pkg/kube/v1.22.10,https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubelet,https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/arm64/kubelet,kubelet
+kubectl,pkg/kube/v1.22.10,https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubectl,https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/arm64/kubectl,kubectl
+runc,pkg/runc/v1.1.1,https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64,https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.arm64,runc-k3s
+runc,pkg/runc/v1.1.4,https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64,https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.arm64,runc-k8s

frameworks/app-service/config/cluster/crds/app.bytetrade.io_applications.yaml

@@ -65,12 +65,14 @@ spec:
               entrances:
                 description: Entrances []Entrance `json:"entrances,omitempty"`
                 items:
+                  description: Entrance contains details for application entrance
                   properties:
                     authLevel:
                       type: string
                     host:
                       type: string
                     icon:
+                      description: Optional. if invisible=true.
                       type: string
                     invisible:
                       type: boolean
@@ -78,17 +80,20 @@ spec:
                       type: string
                     openMethod:
                       description: openMethod has three choices default, iframe, window
+                        Optional. if invisible=true.
                       type: string
                     port:
                       format: int32
                       type: integer
                     title:
+                      description: Optional. if invisible=true.
                       type: string
+                    windowPushState:
+                      type: boolean
                   required:
                   - host
                   - name
                   - port
-                  - title
                   type: object
                 type: array
               icon:
@@ -108,11 +113,83 @@ spec:
               owner:
                 description: the owner of the application
                 type: string
+              ports:
+                items:
+                  properties:
+                    addToTailscaleAcl:
+                      type: boolean
+                    exposePort:
+                      format: int32
+                      type: integer
+                    host:
+                      type: string
+                    name:
+                      type: string
+                    port:
+                      format: int32
+                      type: integer
+                    protocol:
+                      description: The protocol for this entrance. Supports "tcp"
+                        and "udp","". Default is tcp/udp, "" mean tcp and udp.
+                      type: string
+                  required:
+                  - host
+                  - name
+                  - port
+                  type: object
+                type: array
               settings:
                 additionalProperties:
                   type: string
                 description: the extend settings of the application
                 type: object
+              tailscale:
+                properties:
+                  acls:
+                    items:
+                      properties:
+                        action:
+                          type: string
+                        dst:
+                          items:
+                            type: string
+                          type: array
+                        proto:
+                          type: string
+                        src:
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - dst
+                      - proto
+                      type: object
+                    type: array
+                  subRoutes:
+                    items:
+                      type: string
+                    type: array
+                type: object
+              tailscaleAcls:
+                items:
+                  properties:
+                    action:
+                      type: string
+                    dst:
+                      items:
+                        type: string
+                      type: array
+                    proto:
+                      type: string
+                    src:
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - dst
+                  - proto
+                  type: object
+                type: array
             required:
             - appid
             - isSysApp
@@ -121,6 +198,31 @@ spec:
           status:
             description: ApplicationStatus defines the observed state of Application
             properties:
+              entranceStatuses:
+                items:
+                  properties:
+                    message:
+                      type: string
+                    name:
+                      type: string
+                    reason:
+                      type: string
+                    state:
+                      type: string
+                    statusTime:
+                      format: date-time
+                      type: string
+                  required:
+                  - name
+                  - reason
+                  - state
+                  - statusTime
+                  type: object
+                type: array
+              startedTime:
+                description: StartedTime is the time that app first to running state
+                format: date-time
+                type: string
               state:
                 description: 'the state of the application: draft, submitted, passed,
                   rejected, suspended, active'

frameworks/app-service/config/cluster/deploy/appservice_deploy.yaml

@@ -1,7 +1,7 @@
 
 
-{{ $charts_rootpath := "/terminus/rootfs/charts" }}
-{{ $usertmpl_rootpath := "/terminus/rootfs/usertemplate" }}
+{{ $charts_rootpath := printf "%s%s" .Values.rootPath "/rootfs/charts" }}
+{{ $usertmpl_rootpath := printf "%s%s" .Values.rootPath "/rootfs/usertemplate" }}
 
 # {{ $charts_rand16 := randAlphaNum 16 | lower }}
 {{ $charts_pv := "pv-charts" }}
@@ -15,11 +15,6 @@
 {{ $usertmpl_sc := "juicefs-localpath-usertmpl" }}
 {{ $usertmpl_storage := "100Mi" }}
 
-{{- $version := .Capabilities.KubeVersion.Version -}}
-{{- $path := "/var/run/containerd/containerd.sock" -}}
-{{ if contains "k3s" $version }}
-{{ $path = "/var/run/containerd/containerd.sock" }}
-{{ end }}
 
 ---
 apiVersion: v1
@@ -151,21 +146,26 @@ spec:
     spec:
       serviceAccountName: os-internal
       serviceAccount: os-internal
+      priorityClassName: "system-cluster-critical"
       containers:
       - name: app-service
-        image: beclab/app-service:0.2.28
+        image: beclab/app-service:0.2.99
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 0
         env:
+        {{- range $key, $val := .Values.terminusGlobalEnvs }}
+        - name: {{ $key }}
+          value: {{ $val | quote }}
+        {{- end }}
         - name: KS_APISERVER_SERVICE_HOST
           value: 'ks-apiserver.kubesphere-system'
         - name: KS_APISERVER_SERVICE_PORT
           value: '80'
         - name: REQUIRE_PERMISSION_APPS
-          value: "vault,desktop,message,wise,search,appstore,notification,dashboard,settings,devbox,profile"
+          value: "vault,desktop,message,wise,search,appstore,notification,dashboard,settings,studio,profile"
         - name: SYS_APPS
-          value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard,nitro"
+          value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard,nitro,system-frontend,studio"
         - name: GENERATED_APPS
           value: "citus,mongo-cluster-cfg,mongo-cluster-mongos,mongo-cluster-rs0,frp-agent,l4-bfl-proxy,drc-redis-cluster,appdata-backend,argoworkflows,argoworkflow-workflow-controller,velero,kvrocks"
         - name: WS_CONTAINER_IMAGE
@@ -173,12 +173,26 @@ spec:
         - name: UPLOAD_CONTAINER_IMAGE
           value: "beclab/upload:v1.0.3"
         - name: JOB_IMAGE
-          value: "beclab/upgrade-job:0.1.2"
+          value: "beclab/upgrade-job:0.1.7"
+        - name: SHARED_LIB_PATH
+          value: {{ .Values.sharedlib }}
+        - name: CLUSTER_CPU_THRESHOLD
+          value: "90"
+        - name: CLUSTER_MEMORY_THRESHOLD
+          value: "90"
+        - name: USER_CPU_THRESHOLD
+          value: "90"
+        - name: USER_MEMORY_THRESHOLD
+          value: "90"
         - name: APP_RANDOM_KEY
           valueFrom:
             secretKeyRef:
               name: app-key
               key: random-key
+        - name: HOSTIP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.hostIP
         volumeMounts:
         - mountPath: /charts
           name: charts-store
@@ -186,6 +200,10 @@ spec:
           name: user-apps-template
         - mountPath: /etc/certs
           name: certs
+        - mountPath: /etc/containerd/config.toml
+          name: configtoml
+        - mountPath: /Cache
+          name: app-cache
       initContainers:
       - name: generate-certs
         image: beclab/openssl:v3
@@ -209,6 +227,13 @@ spec:
           - name: certs
             mountPath: /etc/certs
       volumes:
+      - name: app-cache
+        hostPath:
+          path: {{ .Values.rootPath }}/userdata/Cache
+          type: DirectoryOrCreate
+      - name: configtoml
+        hostPath:
+          path: /etc/containerd/config.toml
       - name: charts-store
         persistentVolumeClaim:
           claimName: {{ default $charts_pvc .Values.charts_pvc }}
@@ -342,10 +367,11 @@ spec:
       hostNetwork: true
       containers:
         - name: image-service
-          image: beclab/image-service:0.2.27
+          image: beclab/image-service:0.2.99
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsUser: 0
+            privileged: true
           env:
             - name: NODE_NAME
               valueFrom:
@@ -354,9 +380,16 @@ spec:
             - name: SYS_APPS
               value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,nitro,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard"
           volumeMounts:
-            - mountPath: /var/run/containerd/containerd.sock
+            - mountPath: /var/run/containerd
+              mountPropagation: Bidirectional
               name: containerd-socket
+            - mountPath: /etc/containerd/config.toml
+              name: configtoml
       volumes:
+        - name: configtoml
+          hostPath:
+            path: /etc/containerd/config.toml
         - name: containerd-socket
           hostPath:
-            path: {{ $path }}
+            path: /var/run/containerd
+            type: Directory

frameworks/backup-server/config/cluster/deploy/backup_server.yaml

@@ -1,7 +1,7 @@
 
 
-{{ $backupVersion := "0.3.7" }}
-{{ $backup_server_rootpath := "/terminus/rootfs/backup-server" }}
+{{ $backupVersion := "0.3.8" }}
+{{ $backup_server_rootpath := printf "%s%s" .Values.rootPath "/rootfs/backup-server" }}
 
 ---
 apiVersion: apps/v1
@@ -34,7 +34,7 @@ spec:
           path: {{ $backup_server_rootpath }}/data
       - name: rootfs
         hostPath:
-          path: /terminus/rootfs
+          path: {{ .Values.rootPath }}/rootfs
       serviceAccountName: os-internal
       containers:
       - name: api
@@ -61,6 +61,10 @@ spec:
             cpu: 500m
             memory: 512Mi
         env:
+        {{- range $key, $val := .Values.terminusGlobalEnvs }}
+        - name: {{ $key }}
+          value: {{ $val | quote }}
+        {{- end }}
         - name: TERMINUS_IS_CLOUD_VERSION
           value: {{ default "false" .Values.backup.is_cloud_version | quote }}
         - name: ENABLE_MIDDLEWARE_BACKUP
@@ -117,6 +121,11 @@ spec:
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 0
+        env:
+        {{- range $key, $val := .Values.terminusGlobalEnvs }}
+        - name: {{ $key }}
+          value: {{ $val | quote }}
+        {{- end }}
         command:
         - /backup-server
         - vcontroller
@@ -135,7 +144,7 @@ spec:
         - mountPath: /rootfs
           name: rootfs
       - name: sidecar-backup-sync
-        image: beclab/sidecar-backup-sync:v0.0.11
+        image: beclab/sidecar-backup-sync:v0.0.12
         imagePullPolicy: IfNotPresent
         command:
         - /backup_sync
@@ -147,6 +156,10 @@ spec:
         - mountPath: /data
           name: dbdata
         env:
+        {{- range $key, $val := .Values.terminusGlobalEnvs }}
+        - name: {{ $key }}
+          value: {{ $val | quote }}
+        {{- end }}
         - name: BACKUP_SERVER
           value: http://127.0.0.1:8082
         - name: BACKUP_SECRET

frameworks/bfl/config/launcher/templates/bfl_deploy.yaml

@@ -1,8 +1,8 @@
 
 
-{{ $userspace_pv_rootpath := "/terminus/rootfs/userspace" }}
-{{ $appcache_pv_rootpath := "/terminus/userdata/Cache" }}
-{{ $dbdata_pv_rootpath := "/terminus/userdata/dbdata" }}
+{{ $userspace_pv_rootpath := printf "%s%s" .Values.rootPath "/rootfs/userspace" }}
+{{ $appcache_pv_rootpath := printf "%s%s" .Values.rootPath "/userdata/Cache" }}
+{{ $dbdata_pv_rootpath := printf "%s%s" .Values.rootPath "/userdata/dbdata" }}
 
 {{ $userspace_rand16 := randAlphaNum 16 | lower }}
 {{ if .Values.bfl.userspace_rand16 }}
@@ -215,6 +215,7 @@ spec:
             weight: 10
 {{ end }}            
       serviceAccountName: bytetrade-controller
+      priorityClassName: "system-cluster-critical"
       initContainers:
       - name: init-userspace
         image: busybox:1.28
@@ -242,8 +243,10 @@ spec:
 
       containers:
       - name: api
-        image: beclab/bfl:v0.3.36
+        image: beclab/bfl:v0.3.74
         imagePullPolicy: IfNotPresent
+        securityContext:
+          runAsUser: 1000
         volumeMounts:
         - name: userspace-dir
           mountPath: /userspace
@@ -284,16 +287,20 @@ spec:
         - name: BACKUP_SERVER
           value: backup-server.os-system:8082
         - name: L4_PROXY_IMAGE_VERSION
-          value: v0.2.6
-        - name: FRPC_IMAGE_VERSION
-          value: v1.0.2
-        - name: CLOUDFLARED_IMAGE_NAME
-          value: beclab/cloudflared
-        - name: CLOUDFLARED_IMAGE_VERSION
-          value: v0.1.0
-
+          value: v0.2.8
+        - name: REVERSE_PROXY_AGENT_IMAGE_VERSION
+          value: v0.1.9
+        - name: TERMINUS_CERT_SERVICE_API
+          value: {{ .Values.bfl.terminus_cert_service_api }}
+        - name: TERMINUS_DNS_SERVICE_API
+          value: {{ .Values.bfl.terminus_dns_service_api }}
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
       - name: ingress
-        image: beclab/bfl-ingress:v0.2.10
+        image: beclab/bfl-ingress:v0.2.23
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: ngxlog