Compare commits
22 Commits
feat/files
...
feat/updat
| Author | SHA1 | Date | |
|---|---|---|---|
|
89e4916037 | ||
|
|
f9072c9312 | ||
|
|
fb78685c1e | ||
|
|
bb7eba1f92 | ||
|
|
3f778d63c1 | ||
|
|
161f84bc59 | ||
|
|
9168e3d358 | ||
|
|
085da97ca5 | ||
|
|
eed5632794 | ||
|
|
d7cd77f941 | ||
|
|
bb8fbb239d | ||
|
|
b09ef303d1 | ||
|
|
e532682558 | ||
|
|
1b3deedc47 | ||
|
|
8c68fcf89c | ||
|
|
3f8e046855 | ||
|
|
4de8756cac | ||
|
|
1e729ec2ee | ||
|
|
cffa3bb1cc | ||
|
|
4781090e29 | ||
|
|
e0cbc9d874 | ||
|
|
e0ba27f7d0 |
2
.github/workflows/release-daemon.yaml
vendored
2
.github/workflows/release-daemon.yaml
vendored
@@ -31,7 +31,7 @@ jobs:
|
||||
|
||||
- name: install udev-devel
|
||||
run: |
|
||||
sudo apt install -y libudev-dev
|
||||
sudo apt update && sudo apt install -y libudev-dev
|
||||
|
||||
- name: Install x86_64 cross-compiler
|
||||
run: sudo apt-get update && sudo apt-get install -y build-essential
|
||||
|
||||
1
.github/workflows/release-daily.yaml
vendored
1
.github/workflows/release-daily.yaml
vendored
@@ -150,6 +150,7 @@ jobs:
|
||||
cp .dist/install-wizard/install.sh build/base-package
|
||||
cp build/base-package/install.sh build/base-package/publicInstaller.sh
|
||||
cp .dist/install-wizard/install.ps1 build/base-package
|
||||
cp .dist/install-wizard/joincluster.sh build/base-package
|
||||
|
||||
- name: Release public files
|
||||
uses: softprops/action-gh-release@v1
|
||||
|
||||
1
.github/workflows/release.yaml
vendored
1
.github/workflows/release.yaml
vendored
@@ -121,6 +121,7 @@ jobs:
|
||||
cp build/base-package/install.sh build/base-package/publicInstaller.latest
|
||||
cp .dist/install-wizard/install.ps1 build/insbase-packagetaller
|
||||
cp build/base-package/install.ps1 build/base-package/publicInstaller.latest.ps1
|
||||
cp .dist/install-wizard/joincluster.sh build/base-package
|
||||
|
||||
- name: Release public files
|
||||
uses: softprops/action-gh-release@v1
|
||||
|
||||
@@ -271,7 +271,7 @@ spec:
|
||||
dataType: app
|
||||
deployment: market
|
||||
description: app store provider
|
||||
endpoint: appstore-service.{{ .Release.Namespace }}
|
||||
endpoint: appstore-service.{{ .Release.Namespace }}:81
|
||||
group: service.appstore
|
||||
kind: provider
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -140,12 +140,6 @@ spec:
|
||||
items:
|
||||
- key: san.cnf
|
||||
path: san.cnf
|
||||
- name: sidecar-configs-studio
|
||||
configMap:
|
||||
name: sidecar-configs-studio
|
||||
items:
|
||||
- key: envoy.yaml
|
||||
path: envoy.yaml
|
||||
- name: certs
|
||||
emptyDir: {}
|
||||
initContainers:
|
||||
@@ -169,61 +163,6 @@ spec:
|
||||
mountPath: /charts
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: terminus-sidecar-init
|
||||
image: aboveos/openservicemesh-init:v1.2.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
iptables-restore --noflush <<EOF
|
||||
# sidecar interception rules
|
||||
*nat
|
||||
:PROXY_IN_REDIRECT - [0:0]
|
||||
:PROXY_INBOUND - [0:0]
|
||||
:PROXY_OUTBOUND - [0:0]
|
||||
:PROXY_OUT_REDIRECT - [0:0]
|
||||
|
||||
-A PREROUTING -p tcp -j PROXY_INBOUND
|
||||
-A OUTPUT -p tcp -j PROXY_OUTBOUND
|
||||
-A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
|
||||
-A PROXY_INBOUND -p tcp --dport 8083 -j RETURN
|
||||
-A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
|
||||
-A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
|
||||
|
||||
|
||||
-A PROXY_OUTBOUND -p tcp --dport 5432 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 6379 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 27017 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 443 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 8080 -j RETURN
|
||||
|
||||
-A PROXY_OUTBOUND -d ${POD_IP}/32 -j RETURN
|
||||
|
||||
-A PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1555 -j PROXY_IN_REDIRECT
|
||||
-A PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1555 -j RETURN
|
||||
-A PROXY_OUTBOUND -m owner --uid-owner 1555 -j RETURN
|
||||
-A PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
|
||||
|
||||
-A PROXY_OUTBOUND -j PROXY_OUT_REDIRECT
|
||||
-A PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
|
||||
|
||||
COMMIT
|
||||
EOF
|
||||
env:
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
|
||||
- name: generate-certs
|
||||
image: beclab/openssl:v3
|
||||
imagePullPolicy: IfNotPresent
|
||||
@@ -303,58 +242,6 @@ spec:
|
||||
limits:
|
||||
cpu: "0.5"
|
||||
memory: 1000Mi
|
||||
- name: terminus-envoy-sidecar
|
||||
image: bytetrade/envoy:v1.25.11.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
runAsUser: 1555
|
||||
ports:
|
||||
- name: proxy-admin
|
||||
containerPort: 15000
|
||||
- name: proxy-inbound
|
||||
containerPort: 15003
|
||||
- name: proxy-outbound
|
||||
containerPort: 15001
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: "0.5"
|
||||
memory: 200Mi
|
||||
volumeMounts:
|
||||
- name: sidecar-configs-studio
|
||||
readOnly: true
|
||||
mountPath: /etc/envoy/envoy.yaml
|
||||
subPath: envoy.yaml
|
||||
command:
|
||||
- /usr/local/bin/envoy
|
||||
- --log-level
|
||||
- debug
|
||||
- -c
|
||||
- /etc/envoy/envoy.yaml
|
||||
env:
|
||||
- name: POD_UID
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.uid
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: APP_KEY
|
||||
value: {{ .Values.os.studio.appKey }}
|
||||
- name: APP_SECRET
|
||||
value: {{ .Values.os.studio.appSecret }}
|
||||
- name: chartmuseum
|
||||
image: aboveos/helm-chartmuseum:v0.15.0
|
||||
args:
|
||||
@@ -404,146 +291,4 @@ spec:
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
envoy.yaml: |
|
||||
admin:
|
||||
access_log_path: "/dev/stdout"
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15000
|
||||
static_resources:
|
||||
listeners:
|
||||
- name: listener_0
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15003
|
||||
listener_filters:
|
||||
- name: envoy.filters.listener.original_dst
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
|
||||
filter_chains:
|
||||
- filters:
|
||||
- name: envoy.filters.network.http_connection_manager
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
||||
stat_prefix: desktop_http
|
||||
upgrade_configs:
|
||||
- upgrade_type: websocket
|
||||
- upgrade_type: tailscale-control-protocol
|
||||
skip_xff_append: false
|
||||
codec_type: AUTO
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
- name: service
|
||||
domains: ["*"]
|
||||
routes:
|
||||
- match:
|
||||
prefix: "/"
|
||||
route:
|
||||
cluster: original_dst
|
||||
timeout: 1800s
|
||||
http_protocol_options:
|
||||
accept_http_10: true
|
||||
http_filters:
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
- name: listener_1
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15001
|
||||
listener_filters:
|
||||
- name: envoy.filters.listener.original_dst
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
|
||||
filter_chains:
|
||||
- filters:
|
||||
- name: envoy.filters.network.http_connection_manager
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
||||
stat_prefix: studio_out_http
|
||||
skip_xff_append: false
|
||||
codec_type: AUTO
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
- name: service
|
||||
domains: ["*"]
|
||||
routes:
|
||||
- match:
|
||||
prefix: "/server/intent/send"
|
||||
request_headers_to_add:
|
||||
- header:
|
||||
key: X-App-Key
|
||||
value: {{ .Values.os.studio.appKey }}
|
||||
route:
|
||||
cluster: system-server
|
||||
prefix_rewrite: /system-server/v2/legacy_api/api.intent/v2/server/intent/send
|
||||
- match:
|
||||
prefix: "/"
|
||||
route:
|
||||
cluster: original_dst
|
||||
timeout: 1800s
|
||||
typed_per_filter_config:
|
||||
envoy.filters.http.lua:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
|
||||
disabled: true
|
||||
|
||||
http_protocol_options:
|
||||
accept_http_10: true
|
||||
http_filters:
|
||||
- name: envoy.filters.http.lua
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
|
||||
inline_code:
|
||||
local sha = require("lib.sha2")
|
||||
function envoy_on_request(request_handle)
|
||||
local app_key = os.getenv("APP_KEY")
|
||||
local app_secret = os.getenv("APP_SECRET")
|
||||
local current_time = os.time()
|
||||
local minute_level_time = current_time - (current_time % 60)
|
||||
local time_string = tostring(minute_level_time)
|
||||
local s = app_key .. app_secret .. time_string
|
||||
request_handle:logInfo("originstring:" .. s)
|
||||
local hash = sha.sha256(s)
|
||||
request_handle:logInfo("Hello World.")
|
||||
request_handle:logInfo(hash)
|
||||
request_handle:headers():add("X-Auth-Signature",hash)
|
||||
end
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
|
||||
|
||||
clusters:
|
||||
- name: original_dst
|
||||
connect_timeout: 5000s
|
||||
type: ORIGINAL_DST
|
||||
lb_policy: CLUSTER_PROVIDED
|
||||
- name: system-server
|
||||
connect_timeout: 2s
|
||||
type: LOGICAL_DNS
|
||||
dns_lookup_family: V4_ONLY
|
||||
dns_refresh_rate: 600s
|
||||
lb_policy: ROUND_ROBIN
|
||||
load_assignment:
|
||||
cluster_name: system-server
|
||||
endpoints:
|
||||
- lb_endpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
socket_address:
|
||||
address: system-server.user-system-{{ .Values.bfl.username }}
|
||||
port_value: 80
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: sidecar-configs-studio
|
||||
namespace: {{ .Release.Namespace }}
|
||||
failureThreshold: 3
|
||||
@@ -316,7 +316,7 @@ spec:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
- name: dashboard-init
|
||||
image: beclab/dashboard-frontend-v1:v0.4.9
|
||||
image: beclab/dashboard:v1.3.75
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -328,7 +328,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: control-hub-init
|
||||
image: beclab/admin-console-frontend-v1:v0.5.8
|
||||
image: beclab/control-hub:v1.3.73
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -376,7 +376,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: settings-init
|
||||
image: beclab/settings:v1.3.71
|
||||
image: beclab/settings:v1.3.75
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -388,7 +388,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: studio-init
|
||||
image: beclab/studio:v0.2.16
|
||||
image: beclab/studio:v1.3.73
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -471,7 +471,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: edge-desktop-init
|
||||
image: beclab/desktop:v1.3.70
|
||||
image: beclab/desktop:v1.3.74
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -611,22 +611,9 @@ spec:
|
||||
key: nats_password
|
||||
name: user-service-nats-secret
|
||||
- name: NATS_SUBJECT_USER_APPS
|
||||
value: terminus.user.*.{{ .Values.bfl.username}}
|
||||
- name: terminus-ws-sidecar
|
||||
image: 'beclab/ws-gateway:v1.0.5'
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /ws-gateway
|
||||
env:
|
||||
- name: WS_PORT
|
||||
value: '3010'
|
||||
- name: WS_URL
|
||||
value: /websocket/message
|
||||
resources: {}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
value: terminus.user.vault.{{ .Values.bfl.username}}
|
||||
- name: user-service
|
||||
image: beclab/user-service:v0.0.10
|
||||
image: beclab/user-service:v0.0.16
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
@@ -682,6 +669,21 @@ spec:
|
||||
name: user-service-nats-secret
|
||||
- name: NATS_SUBJECT_USER_APPS
|
||||
value: terminus.user.*.{{ .Values.bfl.username}}
|
||||
- name: NATS_SUBJECT_USER_VAULT
|
||||
value: terminus.user.vault.{{ .Values.bfl.username}}
|
||||
- name: NATS_SUBJECT_USER_KNOWLEDGE
|
||||
value: terminus.user.knowledge.{{ .Values.bfl.username}}
|
||||
- name: NATS_SUBJECT_USER_MARKET
|
||||
value: terminus.user.market.{{.Values.bfl.username}}
|
||||
- name: NATS_SUBJECT_USER_NOTIFICATION
|
||||
value: terminus.user.notification.{{.Values.bfl.username}}
|
||||
- name: NATS_SUBJECT_USER_SEARCH
|
||||
value: terminus.user.search.{{.Values.bfl.username}}
|
||||
- name: NATS_SUBJECT_USER_SEAHUB
|
||||
value: terminus.user.seahub.{{.Values.bfl.username}}
|
||||
- name: NATS_SUBJECT_USER_APPLICATION
|
||||
value: terminus.user.application.{{.Values.bfl.username}}
|
||||
|
||||
- name: drive-server
|
||||
image: beclab/drive:v0.0.72
|
||||
imagePullPolicy: IfNotPresent
|
||||
@@ -736,7 +738,7 @@ spec:
|
||||
path: '{{ .Values.userspace.userData }}'
|
||||
- name: terminus-sidecar-config
|
||||
configMap:
|
||||
name: sidecar-ws-configs
|
||||
name: user-service-sidecar-ws-configs
|
||||
items:
|
||||
- key: envoy.yaml
|
||||
path: envoy.yaml
|
||||
@@ -939,10 +941,10 @@ spec:
|
||||
perm:
|
||||
- pub
|
||||
- sub
|
||||
- appName: user-files
|
||||
appNamespace: "user.{{ .Values.bfl.username }}"
|
||||
- appName: user-service
|
||||
appNamespace: user
|
||||
subjects:
|
||||
- name: files
|
||||
- name: "files.*"
|
||||
perm:
|
||||
- pub
|
||||
- sub
|
||||
@@ -1986,6 +1988,195 @@ metadata:
|
||||
name: sidecar-ws-configs
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
envoy.yaml: |
|
||||
admin:
|
||||
access_log_path: "/dev/stdout"
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15000
|
||||
static_resources:
|
||||
listeners:
|
||||
- name: listener_0
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15003
|
||||
listener_filters:
|
||||
- name: envoy.filters.listener.original_dst
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
|
||||
filter_chains:
|
||||
- filters:
|
||||
- name: envoy.filters.network.http_connection_manager
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
||||
stat_prefix: desktop_http
|
||||
upgrade_configs:
|
||||
- upgrade_type: websocket
|
||||
- upgrade_type: tailscale-control-protocol
|
||||
skip_xff_append: false
|
||||
max_request_headers_kb: 500
|
||||
codec_type: AUTO
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
- name: service
|
||||
domains: ["*"]
|
||||
routes:
|
||||
- match:
|
||||
prefix: "/ws"
|
||||
route:
|
||||
cluster: ws_original_dst
|
||||
- match:
|
||||
prefix: "/"
|
||||
route:
|
||||
cluster: original_dst
|
||||
timeout: 180s
|
||||
http_protocol_options:
|
||||
accept_http_10: true
|
||||
http_filters:
|
||||
- name: envoy.filters.http.ext_authz
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
|
||||
http_service:
|
||||
path_prefix: '/api/verify/'
|
||||
server_uri:
|
||||
uri: authelia-backend.os-system:9091
|
||||
cluster: authelia
|
||||
timeout: 2s
|
||||
authorization_request:
|
||||
allowed_headers:
|
||||
patterns:
|
||||
- exact: accept
|
||||
- exact: cookie
|
||||
- exact: proxy-authorization
|
||||
- prefix: x-unauth-
|
||||
- exact: x-authorization
|
||||
- exact: x-bfl-user
|
||||
- exact: x-real-ip
|
||||
- exact: terminus-nonce
|
||||
headers_to_add:
|
||||
- key: X-Forwarded-Method
|
||||
value: '%REQ(:METHOD)%'
|
||||
- key: X-Forwarded-Proto
|
||||
value: '%REQ(:SCHEME)%'
|
||||
- key: X-Forwarded-Host
|
||||
value: '%REQ(:AUTHORITY)%'
|
||||
- key: X-Forwarded-Uri
|
||||
value: '%REQ(:PATH)%'
|
||||
- key: X-Forwarded-For
|
||||
value: '%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%'
|
||||
authorization_response:
|
||||
allowed_upstream_headers:
|
||||
patterns:
|
||||
- exact: authorization
|
||||
- exact: proxy-authorization
|
||||
- prefix: remote-
|
||||
- prefix: authelia-
|
||||
allowed_client_headers:
|
||||
patterns:
|
||||
- exact: set-cookie
|
||||
allowed_client_headers_on_success:
|
||||
patterns:
|
||||
- exact: set-cookie
|
||||
failure_mode_allow: false
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
|
||||
- name: listener_image
|
||||
address:
|
||||
socket_address:
|
||||
address: 127.0.0.1
|
||||
port_value: 15080
|
||||
filter_chains:
|
||||
- filters:
|
||||
- name: envoy.filters.network.http_connection_manager
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
||||
stat_prefix: tapr_http
|
||||
http_protocol_options:
|
||||
accept_http_10: true
|
||||
upgrade_configs:
|
||||
- upgrade_type: websocket
|
||||
skip_xff_append: false
|
||||
codec_type: AUTO
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
- name: service
|
||||
domains: ["*"]
|
||||
routes:
|
||||
- match:
|
||||
prefix: "/images/upload"
|
||||
route:
|
||||
cluster: images
|
||||
http_filters:
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
|
||||
|
||||
clusters:
|
||||
- name: original_dst
|
||||
connect_timeout: 5000s
|
||||
type: ORIGINAL_DST
|
||||
lb_policy: CLUSTER_PROVIDED
|
||||
common_http_protocol_options:
|
||||
idle_timeout: 10s
|
||||
- name: ws_original_dst
|
||||
connect_timeout: 5000s
|
||||
type: LOGICAL_DNS
|
||||
dns_lookup_family: V4_ONLY
|
||||
dns_refresh_rate: 600s
|
||||
lb_policy: ROUND_ROBIN
|
||||
load_assignment:
|
||||
cluster_name: ws_original_dst
|
||||
endpoints:
|
||||
- lb_endpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
socket_address:
|
||||
address: localhost
|
||||
port_value: 3100
|
||||
- name: authelia
|
||||
connect_timeout: 2s
|
||||
type: LOGICAL_DNS
|
||||
dns_lookup_family: V4_ONLY
|
||||
dns_refresh_rate: 600s
|
||||
lb_policy: ROUND_ROBIN
|
||||
load_assignment:
|
||||
cluster_name: authelia
|
||||
endpoints:
|
||||
- lb_endpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
socket_address:
|
||||
address: authelia-backend.os-system
|
||||
port_value: 9091
|
||||
- name: images
|
||||
connect_timeout: 5s
|
||||
type: LOGICAL_DNS
|
||||
dns_lookup_family: V4_ONLY
|
||||
dns_refresh_rate: 600s
|
||||
lb_policy: ROUND_ROBIN
|
||||
load_assignment:
|
||||
cluster_name: images
|
||||
endpoints:
|
||||
- lb_endpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
socket_address:
|
||||
address: tapr-images-svc.user-system-{{ .Values.bfl.username }}
|
||||
port_value: 8080
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: user-service-sidecar-ws-configs
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
@@ -2094,7 +2285,7 @@ data:
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
proxy_pass http://127.0.0.1:3100;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
@@ -2397,7 +2588,7 @@ data:
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://rss-svc.os-system:40010;
|
||||
proxy_pass http://127.0.0.1:3100;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
@@ -2569,7 +2760,7 @@ data:
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
proxy_pass http://127.0.0.1:3100;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
@@ -2780,7 +2971,7 @@ data:
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
proxy_pass http://127.0.0.1:3100;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
@@ -3212,7 +3403,7 @@ data:
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
}
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
proxy_pass http://127.0.0.1:3100;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
@@ -3227,9 +3418,6 @@ data:
|
||||
upstream AppstoreBackendServer {
|
||||
server appstore-svc:81;
|
||||
}
|
||||
upstream AppstoreBackendWebScoket {
|
||||
server appstore-svc:40010;
|
||||
}
|
||||
server {
|
||||
listen 90;
|
||||
gzip off;
|
||||
@@ -3247,7 +3435,7 @@ data:
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://AppstoreBackendWebScoket;
|
||||
proxy_pass http://127.0.0.1:3100;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
@@ -3381,7 +3569,7 @@ data:
|
||||
proxy_send_timeout 60s;
|
||||
}
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
proxy_pass http://127.0.0.1:3100;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
@@ -3414,7 +3602,10 @@ spec:
|
||||
- appName: files-server
|
||||
sub: allow
|
||||
pub: allow
|
||||
name: "*."
|
||||
- appName: files-frontend
|
||||
sub: allow
|
||||
pub: allow
|
||||
name: "files.*"
|
||||
permission:
|
||||
pub: allow
|
||||
sub: allow
|
||||
|
||||
@@ -648,7 +648,7 @@ func (t *PrintPluginsStatus) Execute(runtime connector.Runtime) error {
|
||||
}
|
||||
}
|
||||
|
||||
gpuScheduler, err := client.Kubernetes().CoreV1().Pods("kube-system").List(context.Background(), metav1.ListOptions{LabelSelector: "name=gpu-scheduler"})
|
||||
gpuScheduler, err := client.Kubernetes().CoreV1().Pods("gpu-system").List(context.Background(), metav1.ListOptions{LabelSelector: "name=gpu-scheduler"})
|
||||
if err != nil {
|
||||
logger.Error("get gpu-scheduler status error, ", err)
|
||||
}
|
||||
@@ -657,7 +657,7 @@ func (t *PrintPluginsStatus) Execute(runtime connector.Runtime) error {
|
||||
logger.Info("gpu-scheduler not exists")
|
||||
} else {
|
||||
for _, scheduler := range gpuScheduler.Items {
|
||||
logger.Infof("gpu-scheduler status: %s", scheduler.Status.Phase)
|
||||
logger.Infof("node: %s gpu-scheduler status: %s", scheduler.Spec.NodeName, scheduler.Status.Phase)
|
||||
break
|
||||
}
|
||||
}
|
||||
@@ -675,7 +675,7 @@ func (t *RestartPlugin) Execute(runtime connector.Runtime) error {
|
||||
return fmt.Errorf("kubectl not found")
|
||||
}
|
||||
|
||||
if _, err := runtime.GetRunner().SudoCmd(fmt.Sprintf("%s rollout restart ds gpu-scheduler -n kube-system", kubectlpath), false, true); err != nil {
|
||||
if _, err := runtime.GetRunner().SudoCmd(fmt.Sprintf("%s rollout restart ds gpu-scheduler -n gpu-system", kubectlpath), false, true); err != nil {
|
||||
return errors.Wrap(errors.WithStack(err), "Failed to restart gpu-scheduler")
|
||||
}
|
||||
|
||||
|
||||
@@ -78,7 +78,7 @@ var assets = func() http.FileSystem {
|
||||
},
|
||||
"/build/ks-core/templates": &vfsgen۰DirInfo{
|
||||
name: "templates",
|
||||
modTime: time.Date(2025, 6, 3, 14, 20, 14, 650435355, time.UTC),
|
||||
modTime: time.Date(2025, 6, 10, 8, 44, 51, 369010652, time.UTC),
|
||||
},
|
||||
"/build/ks-core/templates/NOTES.txt": &vfsgen۰FileInfo{
|
||||
name: "NOTES.txt",
|
||||
@@ -94,17 +94,17 @@ var assets = func() http.FileSystem {
|
||||
},
|
||||
"/build/ks-core/templates/ks-apiserver.yml": &vfsgen۰CompressedFileInfo{
|
||||
name: "ks-apiserver.yml",
|
||||
modTime: time.Date(2025, 6, 3, 14, 20, 14, 643590200, time.UTC),
|
||||
modTime: time.Date(2025, 6, 10, 8, 44, 51, 367086958, time.UTC),
|
||||
uncompressedSize: 3168,
|
||||
|
||||
compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xbc\x56\x51\x6f\xe3\x36\x0c\x7e\xf7\xaf\x20\xba\x67\x3b\xb9\xc3\x36\xf4\x04\xec\xa1\x68\x0f\x5b\xb1\x75\x0b\x9a\xae\xc0\x1e\x15\x89\xb1\x85\xc8\x92\x26\xd1\x59\x8d\xec\xfe\xfb\xa0\x38\x71\xe4\xd8\xe9\x32\x1c\x30\x3f\x19\xa4\x28\x7e\xfc\x44\x7d\x22\x77\xea\x15\x7d\x50\xd6\x30\xe0\xce\x85\xd9\xf6\x43\xb6\x51\x46\x32\x78\x40\xa7\x6d\x5b\xa3\xa1\xac\x46\xe2\x92\x13\x67\x19\x80\xe6\x2b\xd4\x21\xfe\x41\x0c\x60\xb0\x09\x39\x77\x2a\xa0\xdf\xa2\xdf\x5b\x49\xa1\x67\xb0\xe2\x62\x83\x46\xee\x2d\xdb\x63\x86\xdd\x0e\x8a\xfb\x8a\x7b\x2a\xee\x9c\x3b\xe4\x85\x2f\x5f\x32\x00\xc3\x6b\x3c\xdb\x2b\x38\x14\x31\x4f\x20\xcf\x09\xcb\xb6\xcb\xe9\xad\xd6\xca\x94\xbf\x3b\xc9\x09\x3b\x13\x40\xcd\xdf\x96\x8d\x2f\x91\xc1\xbc\x83\xd0\x3a\x64\xf0\x9c\x2e\xcd\x00\x3c\x3a\xad\x04\x0f\x1d\x8e\x67\xd4\xc8\x03\x16\xcf\x9d\xf5\xde\x36\x86\x3a\x2c\x01\x35\x0a\xb2\xbe\xdb\xbd\xe6\x24\xaa\x5f\x92\xaa\x2f\xd5\x3d\x55\x39\xc0\x37\xd7\x54\x4f\x58\x3b\xdd\xd7\x93\xd2\x1d\x3f\x3d\x48\x7e\x39\xfd\x34\x80\x2b\x21\x00\x1c\xf9\x8e\xdf\x6e\x97\xc3\x5f\x8a\x2a\x28\x5e\xb9\x6e\x30\x14\xaa\xe6\x25\x2e\x1a\xad\x97\x28\x3c\x52\x38\x06\x01\x9c\x7b\x4e\x38\xe3\x26\x64\xff\xe0\xb5\x86\x02\xfe\x06\xa3\x8c\x44\x43\x70\x7b\x8a\x8d\x2b\xd0\xc8\x93\x41\x58\x43\x5c\x19\xf4\xfd\x36\x39\x08\x5b\xd7\xdc\xc8\xd3\xbe\xf9\x74\xf1\x39\xe4\xb9\xb6\x25\xd9\x40\x12\xbd\xff\x81\x7c\x83\xbd\x73\x8f\x92\xc1\x0a\x85\xe6\xab\x59\x1a\xcf\xe6\xc5\xbc\xf8\xf0\xdd\x70\x65\xac\x67\x61\xb5\x12\x6d\xc7\x59\xca\x42\xe1\x7a\xe7\x09\xf8\x64\x07\x1f\x5d\xce\xfa\x94\x97\xfc\x54\xe6\xc2\x7a\x62\xf0\x69\xfe\x69\xde\x7b\x01\x9c\xb7\x64\x85\xd5\x0c\x5e\xee\x17\xbd\xdd\x63\xb0\x8d\x17\x98\x6c\x34\xa4\xf8\x80\xb1\x4f\x5f\xf4\x11\x09\xf9\x1f\x3e\xa6\x98\xb7\x56\x37\x35\x3e\xc5\xd6\x1f\xe0\xab\xa3\x65\xc1\xa9\x62\x30\x43\x12\xb3\x4d\xb3\xc2\xe0\x2a\xf4\x38\x4b\x92\x1f\x2a\xee\x7d\xb9\xb0\x66\xad\xca\x77\xf6\xd1\x56\x70\x4d\xaa\xc6\xd1\x2e\x95\x0d\x94\x9f\x79\x3c\x72\xf9\x9b\xd1\x2d\x83\xc1\x51\xc6\x9a\xd5\x7a\xa2\x5e\x7c\x23\xcf\x5f\x93\x92\xd2\x52\xff\x85\xab\x71\xec\x64\xc3\x4e\xb4\x2c\x00\x9a\x2d\xbb\x84\x0e\xcd\xf6\x3c\xfa\x0c\x43\x5c\x71\x7d\x2e\xad\xb6\x68\x30\x84\x85\xb7\x2b\x4c\x3b\x61\xcd\x95\x6e\x3c\xbe\x54\x1e\x43\x65\xb5\x64\x70\x9b\x78\x2b\x22\xf7\x23\x52\x1a\x00\xe0\xba\x83\xd9\x44\x16\x66\x07\x89\x18\x2e\x98\xea\x4e\x80\x20\x2a\x8c\x67\xf6\xd3\xcb\xcb\x22\x71\x28\xa3\x48\x71\xfd\x80\x9a\xb7\x4b\x14\xd6\xc8\xc0\x20\xb9\x58\x51\x9e\x6a\xb4\x0d\x8d\x9d\xf1\x10\x94\xc0\x3b\x21\x22\xf7\xbf\xee\x3b\x62\xb7\x03\x65\x84\x6e\x24\xc2\xcd\x26\xe4\xc2\x7a\x2c\xc6\xeb\x6e\xa0\x18\xca\xc9\x40\xb5\xc8\x6a\xf4\x9c\x94\x35\x49\x2f\x24\xc6\xaf\xd2\xaa\x51\x36\x63\x25\x2e\x0f\x6f\xc7\x69\x59\x6a\xfd\xaa\x7c\x7c\xbd\x8e\x14\xb7\x2c\xd1\x15\x79\x67\x48\xdd\x8d\x1c\xf1\xee\xfc\xd9\x28\x8f\xf2\xa1\xf1\xca\x94\x4b\x51\xa1\x6c\xe2\x63\xf8\x58\x1a\xdb\x9b\x3f\xbf\xa1\x68\x22\x11\x69\x64\xc4\xe5\xac\xb6\x65\xfb\x33\xb6\xdd\xf5\xf6\x06\x29\xaa\x9f\x9d\xc5\x6b\x1a\x2f\xec\xa0\x1f\xf6\xef\xd3\xb8\xc4\xe3\xd3\x4c\xa2\xfa\xfc\xe6\x3c\x86\x30\xa4\xbc\x17\xf3\x98\x86\x3b\x77\xe6\x00\xb0\x2e\x9e\x93\xf5\x0c\x1e\xcd\xc8\xb9\xdd\x73\xce\x46\xf6\x0b\x8f\xc3\x51\x69\x82\xe3\xe2\x3c\x2c\x4f\x35\x2c\xb4\x81\xb0\xce\x26\x0f\xf7\x48\xf4\x40\xf6\x13\x3b\xcb\x76\xbb\xf4\x54\x8f\x9a\x3b\x8f\x01\xa3\xf3\xec\xc4\x77\xf0\xd0\x45\xf9\x7c\xe2\x2e\x85\x27\x71\xcd\x1b\x4d\x4f\x56\x22\x83\x6f\x3f\xce\xff\x83\xfe\xbe\xef\xcf\xf7\x9a\xbb\x17\xe7\x6c\xa4\x09\x97\xc4\xba\x1b\xac\x6e\x6e\xb2\xf7\xd5\xfb\x1a\x89\x0e\x43\xa5\xbb\x4a\x9a\x53\x55\xfe\x7e\xf2\xaa\xe4\x79\x9e\x65\xe9\x50\xdb\xcf\xb3\xcb\x4e\x3b\x06\xc3\x2c\x37\xc6\x52\x2a\x05\xc3\x6e\x17\x1e\x39\xa1\xcc\x57\x6d\x4a\x63\xf4\x9c\xf5\xd8\xff\x3f\x14\xf7\x23\x45\x7e\x50\xe9\xdb\xae\x33\xc6\xb3\x03\x71\x5f\x22\x0d\x06\x8d\xe1\x80\x7b\x2d\xe0\xeb\x26\xd9\x7d\x83\xdc\xeb\x26\x10\xfa\xc7\x45\xf6\x4f\x00\x00\x00\xff\xff\x23\x74\x55\xf4\x60\x0c\x00\x00"),
|
||||
compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xbc\x56\x51\x6f\xe3\x36\x0c\x7e\xf7\xaf\x20\xba\x67\x3b\xe9\x61\x1b\x7a\x02\xf6\x50\xf4\x0e\x5b\xb1\x75\x0b\x9a\xae\xc0\x1e\x15\x89\xb1\x85\xc8\x92\x26\xd1\x59\x8d\xec\xfe\xfb\xa0\x38\x71\xe4\xd8\xe9\x32\x1c\xb0\x3c\x05\xa4\x28\x7e\xfc\x48\x7f\x22\x77\xea\x15\x7d\x50\xd6\x30\xe0\xce\x85\xd9\xf6\x36\xdb\x28\x23\x19\x7c\x42\xa7\x6d\x5b\xa3\xa1\xac\x46\xe2\x92\x13\x67\x19\x80\xe6\x2b\xd4\x21\xfe\x83\x18\xc0\x60\x13\x72\xee\x54\x40\xbf\x45\xbf\xb7\x92\x42\xcf\x60\xc5\xc5\x06\x8d\xdc\x5b\xb6\xc7\x0c\xbb\x1d\x14\x0f\x15\xf7\x54\xdc\x3b\x77\xc8\x0b\x5f\xbe\x64\x00\x86\xd7\x78\x76\x57\x70\x28\x62\x9e\x40\x9e\x13\x96\x6d\x97\xd3\x5b\xad\x95\x29\x7f\x77\x92\x13\x76\x26\x80\x9a\xbf\x2d\x1b\x5f\x22\x83\x79\x07\xa1\x75\xc8\xe0\x39\x3d\x9a\x01\x78\x74\x5a\x09\x1e\x3a\x1c\xcf\xa8\x91\x07\x2c\x9e\x3b\xeb\x83\x6d\x0c\x75\x58\x02\x6a\x14\x64\x7d\x77\x7b\xcd\x49\x54\xbf\x24\x55\x5f\xaa\x7b\xaa\x72\x80\x6f\xae\xa9\x9e\xb0\x76\xba\xaf\x27\xa5\x3b\xfe\xf4\x20\xf9\xe5\xf4\xd3\x00\xae\x84\x00\x70\xe4\x3b\xfe\x76\xbb\x1c\xfe\x52\x54\x41\xf1\xca\x75\x83\xa1\x50\x35\x2f\x71\xd1\x68\xbd\x44\xe1\x91\xc2\x31\x08\xe0\xdc\x73\xc2\x19\x2f\x21\xfb\x07\xaf\x35\x14\xf0\x37\x18\x65\x24\x1a\x82\xbb\x53\x6c\x3c\x81\x46\x9e\x0c\xc2\x1a\xe2\xca\xa0\xef\xaf\xc9\x41\xd8\xba\xe6\x46\x9e\xee\xcd\xa7\x8b\xcf\x21\xcf\xb5\x2d\xc9\x06\x92\xe8\xfd\x0f\xe4\x1b\xec\x9d\x7b\x94\x0c\x56\x28\x34\x5f\xcd\xd2\x78\x36\x2f\xe6\xc5\xed\xdd\xf0\x64\xac\x67\x61\xb5\x12\x6d\xc7\x59\xca\x42\xe1\x7a\xe7\x09\xf8\xe4\x04\x1f\x5d\xce\xfa\x94\x97\xfc\x54\xe6\xc2\x7a\x62\xf0\x71\xfe\x71\xde\x7b\x01\x9c\xb7\x64\x85\xd5\x0c\x5e\x1e\x16\xbd\xdd\x63\xb0\x8d\x17\x98\x5c\x34\xa4\xf8\x80\xb1\x4f\x5f\xf4\x11\x09\xf9\xb7\x1f\x52\xcc\x5b\xab\x9b\x1a\x9f\xe2\xe8\x0f\xf0\xd5\xd1\xb2\xe0\x54\x31\x98\x21\x89\xd9\xa6\x59\x61\x70\x15\x7a\x9c\x25\xc9\x0f\x15\xf7\xbe\x5c\x58\xb3\x56\xe5\x3b\xf7\x68\x2b\xb8\x26\x55\xe3\xe8\x96\xca\x06\xca\xcf\x3c\x1e\xb9\xfc\xcd\xe8\x96\xc1\xa0\x95\xb1\x66\xb5\x9e\xa8\x17\xdf\xc8\xf3\xd7\xa4\xa4\xb4\xd4\x7f\xe1\x6a\x1c\x3b\x39\xb0\x13\x23\x0b\x80\x66\xcb\x2e\xa1\x43\xb3\x3d\x8f\x3e\xc3\x10\x4f\x5c\x9f\x4b\xab\x2d\x1a\x0c\x61\xe1\xed\x0a\xd3\x49\x58\x73\xa5\x1b\x8f\x2f\x95\xc7\x50\x59\x2d\x19\xdc\x25\xde\x8a\xc8\xfd\x88\x94\x06\x00\xb8\xae\x31\x9b\xc8\xc2\xec\x20\x11\xc3\x03\x53\xd3\x09\x10\x44\x85\xb1\x67\x3f\xbd\xbc\x2c\x12\x87\x32\x8a\x14\xd7\x9f\x50\xf3\x76\x89\xc2\x1a\x19\x18\xdc\x7e\x97\x9c\x88\xfd\xb5\x0d\x8d\x9d\xb1\x09\x4a\xe0\xbd\x10\x91\xfb\x5f\xf7\x13\xb1\xdb\x81\x32\x42\x37\x12\xe1\x66\x13\x72\x61\x3d\x16\xe3\x73\x37\x50\x0c\xe5\x64\xa0\x5a\x64\x35\x7a\x4e\xca\x9a\x64\x16\x12\xe3\x57\x69\xd5\x28\x9b\xb1\x12\x97\x87\xb7\xe3\x74\x2c\xb5\x7e\x55\x3e\xbe\x5e\x47\x8a\x5b\x96\xe8\x8a\xbc\x37\xa4\xee\x47\x8e\xf8\xed\xfc\xd9\x28\x8f\xf2\x53\xe3\x95\x29\x97\xa2\x42\xd9\xc4\xc7\xf0\xb1\x34\xb6\x37\x7f\x7e\x43\xd1\x44\x22\xd2\xc8\x88\xcb\x59\x6d\xcb\xf6\x67\x6c\xbb\xcf\xdb\x1b\xa4\xa8\x7e\x76\x16\x3f\xd3\xf8\xc1\x0e\xe6\x61\xff\x3e\x8d\x4b\x3c\x3e\xcd\x24\xaa\xcf\x6f\xce\x63\x08\x43\xca\x7b\x31\x8f\x69\xb8\x73\x67\x0e\x00\xeb\x62\x9f\xac\x67\xf0\x68\x46\xce\xed\x9e\x73\x36\xb2\x5f\x78\x1c\x8e\x4a\x13\x1c\x17\xe7\x61\x79\xaa\x61\xa1\x0d\x84\x75\x36\xd9\xdc\x23\xd1\x03\xd9\x4f\xec\x2c\xdb\xed\xd2\xae\x1e\x35\x77\x1e\x03\x46\xfd\xec\xc4\x77\xf0\xd0\x45\xf9\x7c\xe2\x2e\x85\x27\x71\xcd\x1b\x4d\x4f\x56\x22\x83\x6f\x3f\xcc\xff\x83\xfe\xbe\xef\xcf\xf7\x9a\xbb\x17\xe7\x6c\xa4\x09\x97\xc4\xba\x5b\xac\x6e\x6e\xb2\xf7\xd5\xfb\x1a\x89\x0e\x43\xa5\xbb\x4a\x9a\x53\x55\xfe\x7e\xf2\x53\xc9\xf3\x3c\xcb\xd2\xa5\xb6\xdf\x67\x97\x9d\x76\x0c\x96\x59\x6e\x8c\xa5\x54\x0a\x86\xd3\x2e\x3c\x72\x42\x99\xaf\xda\x94\xc6\xe8\x39\x9b\xb1\xff\x7f\x29\xee\x57\x8a\xfc\xa0\xd2\x77\xdd\x64\x8c\x77\x07\xe2\xbe\x44\x1a\x2c\x1a\xc3\x05\xf7\x5a\xc0\xd7\x6d\xb2\xfb\x01\x79\xd0\x4d\x20\xf4\x8f\x8b\xec\x9f\x00\x00\x00\xff\xff\xdb\xfd\x9e\x13\x60\x0c\x00\x00"),
|
||||
},
|
||||
"/build/ks-core/templates/ks-controller-manager.yaml": &vfsgen۰CompressedFileInfo{
|
||||
name: "ks-controller-manager.yaml",
|
||||
modTime: time.Date(2025, 6, 3, 14, 20, 14, 650388271, time.UTC),
|
||||
modTime: time.Date(2025, 6, 10, 8, 44, 51, 368977902, time.UTC),
|
||||
uncompressedSize: 3207,
|
||||
|
||||
compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xcc\x56\x5f\x6f\xdb\x36\x10\x7f\xd7\xa7\x38\x64\xcf\x92\x9d\x36\x2b\x02\x02\x7d\x08\x92\x6e\x0b\xd6\x74\xc6\xbc\x05\xd8\x23\x43\x9d\x65\x22\x14\xc9\x1d\x4f\x6e\x04\xb7\xdf\x7d\xa0\x64\xc9\xf4\x9f\x3a\x2e\xfa\x32\x3f\x59\xf7\x87\x77\xf7\xbb\x1f\xef\x28\xbd\x7e\x44\x0a\xda\x59\x01\xd2\xfb\x30\x59\x5d\x66\xcf\xda\x96\x02\xee\xd0\x1b\xd7\xd6\x68\x39\xab\x91\x65\x29\x59\x8a\x0c\xc0\xc8\x27\x34\x21\xfe\x83\xe8\x20\xe0\x39\xe4\xca\x59\x26\x67\x0c\x52\x5e\x4b\x2b\x2b\xa4\x4e\xcd\x1a\x49\xc0\x93\x54\xcf\x68\xcb\x4e\xb2\x1a\x42\xad\xd7\x50\xdc\x2e\x25\x71\x71\xe3\xfd\x26\x01\xf8\xfa\x35\x03\xb0\xb2\xc6\x6f\x1d\x1a\x3c\xaa\x18\x39\x30\x49\xc6\xaa\xed\xb3\x88\x46\xda\x56\x7f\xfb\x52\x32\xf6\x22\x80\x5a\xbe\xcc\x1b\xaa\x50\xc0\xb4\xcf\xa5\xf5\x28\xe0\xcf\xd4\x34\x03\xf0\xe4\x2a\xc2\x10\xee\x50\x96\x46\x5b\x9c\xa3\x72\xb6\x0c\x02\xde\x4d\xa3\x1b\xa1\x37\x5a\xc9\x20\xe0\xb2\xfb\x5a\xe9\x98\xe7\x6f\x3a\xb0\xa3\xf6\xa3\xae\x35\x0b\xb8\x8c\x86\x01\x0d\x2a\x76\xd4\x47\xaf\x25\xab\xe5\xc7\x04\xa7\x57\x91\x3a\x86\x15\xc0\x4f\xe7\xe0\xc5\x58\x7b\x33\x16\x9e\x76\x2a\xfe\xcc\x4e\x16\x67\xe4\x71\x3c\x93\x33\x73\x01\x18\x3a\x14\x7f\xeb\x75\x0e\x9f\x35\x2f\xa1\x78\x94\xa6\xc1\x50\xe8\x5a\x56\x38\x6b\x8c\x99\xa3\x22\xe4\x30\x38\x01\xec\x6b\xb6\x09\xc7\x43\xd8\xfd\x23\x6b\x03\x05\x7c\x01\xab\x6d\x89\x96\xe1\x7a\xeb\x1b\x2d\xd0\x96\x5b\x41\xac\x4d\x6a\x8b\x34\x1e\x93\x83\x72\x75\x2d\x6d\xb9\x3d\x37\x87\x13\x10\xe4\x90\xe7\xc6\x55\xec\x02\x97\x48\xf4\x9e\xa9\xc1\x5d\x25\xca\x12\x29\xef\xba\xfe\x7e\x21\x4d\xd8\xaa\xbb\x52\x04\x3c\xa1\x32\xf2\x69\x72\x14\x6a\x31\x2d\xa6\xc5\xe5\xcf\xbb\x2e\xb1\xfa\x99\x33\x5a\xb5\x3d\xc2\x29\x66\x85\x1f\x95\xdb\x32\x4f\x5f\x95\xc1\xc6\x3b\x4a\xe1\xcc\xb7\xe8\xcc\x1c\xb1\x80\xeb\xe9\xf5\x74\xd4\x76\x17\x82\x9d\x72\x46\xc0\x5f\xb7\xb3\x51\x4e\x18\x5c\x43\x0a\x93\x83\x76\x3b\xb3\x49\x76\x9b\x47\x31\xba\x24\x4d\xbb\x7c\x93\x66\xbf\x72\xa6\xa9\xf1\xc1\x35\x76\x37\xc1\x3a\x4a\x66\x92\x97\x02\x26\xc8\x6a\xf2\xdc\x3c\x61\xf0\x4b\x24\x9c\x24\xd1\x37\xb5\x8f\xba\x88\xc1\x42\x57\x27\xce\x31\x4e\x49\xc3\xba\xc6\x83\x53\x96\x2e\x70\xbe\xa7\x21\x94\xe5\x1f\xd6\xb4\x02\x76\x9a\x1f\x8b\xd6\x8b\x63\x05\xe3\x0b\x93\x7c\x4c\x6a\x4a\x6b\x7d\x0d\xad\x43\xe7\xa3\x54\x3f\x42\x76\x00\xb4\x2b\xf1\xad\xfc\xd0\xae\xf6\xbd\xf7\x92\x88\x16\xe7\xc6\x2a\x6d\x18\x18\x7a\x6b\x9a\xc0\x48\xbf\x68\x0a\x9c\x8d\x24\x61\x49\x3c\x58\xdc\x98\xcf\xb2\x0d\x1b\x5d\x50\x4b\x2c\x1b\x83\xf4\xa9\x03\xbc\xc4\x85\x6c\x0c\xe7\xa3\x78\x30\x43\x5a\x69\x85\x37\x4a\x45\x10\x7a\xdb\xf5\x1a\xb4\x55\xa6\x29\x11\x2e\x3a\xaa\x13\x16\x87\x76\x17\x50\x6c\xf3\x64\xa4\x5a\x5b\xc9\xda\xd9\x5f\x49\x2a\x9c\x21\x69\x57\x8e\xb3\xfd\xed\x40\xf8\x9e\x81\xc9\x94\x78\x8d\x54\xfd\xe7\x83\xf4\xe2\x3b\x98\x08\x43\xb9\x0f\xae\x44\x01\x57\x6f\xa6\x63\xbc\x48\xbc\x8e\xa1\xe9\x0d\x3c\xcd\xd8\x7e\x8f\x5d\x5c\x64\xa7\x29\x7c\x16\x4f\xc3\x6e\xb7\xcf\xe3\x67\x4a\xcd\x77\x27\xa6\xf0\xc1\xf4\x67\x67\x90\xba\xa6\x24\x71\x13\xe1\x0f\xcd\xfc\x83\x68\xd6\x95\x38\xdf\x6c\xe5\xad\x59\x2a\xfd\xa1\x78\x72\xb1\xd0\x56\x73\x2b\x92\x41\x5b\xde\x58\xd6\x37\x07\x8a\x78\x33\xfe\x6d\x34\x61\x79\xd7\x90\xb6\xd5\xbc\x27\xbd\xb6\xd5\x7d\x65\xdd\x28\xfe\xf0\x82\xaa\x89\x40\xa4\x9e\x31\x2f\xef\x8c\xab\xda\xdf\xb1\xed\x49\x46\x16\x39\xee\x05\x37\x89\x3d\x8f\xdd\x4f\xec\x37\x0b\xff\xb0\xc4\xe1\x51\xc4\x6a\xf9\xe1\xc5\xc7\x27\xcf\x2e\xe4\x43\xb8\xe7\x18\x46\x7a\xbf\xa7\x00\x70\x3e\xf6\xc9\x91\x80\x7b\x7b\xa0\x5c\x75\x98\x8b\x03\x79\xfe\xca\x72\x1a\xf8\x1b\xbc\x54\xfb\xfe\x79\x7a\xa5\x42\x1b\x18\xeb\xec\x68\x97\x07\xc4\x77\x36\x63\x22\x17\x59\x42\x6d\xf8\x02\xc3\x32\x9a\x46\x87\xa4\xb1\x59\x9e\xe7\x59\x96\xbe\x87\xc7\xa7\xf0\xbc\x9f\x37\xff\xbb\x77\xf0\xb8\xdc\xf3\xee\xaf\x80\xab\xab\xb7\xd9\xf1\x35\xce\x92\x2a\xe4\xcd\xce\xef\xcd\x76\x1f\xad\xdf\x5d\xc3\x59\x2f\xc2\xd0\x33\x6d\xec\x05\x7c\x72\x36\x12\xb6\x1f\x63\x9b\x2d\x72\x3f\xcb\xfe\x0b\x00\x00\xff\xff\x55\xf8\xc5\x95\x87\x0c\x00\x00"),
|
||||
compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\xcc\x56\x5f\x6f\xdb\x36\x10\x7f\xd7\xa7\x38\x64\xcf\x92\x9d\x36\x28\x02\x02\x7d\x08\x92\x6e\x0b\xd6\x74\xc6\xbc\x05\xd8\x23\x43\x9d\x65\x22\x14\xc9\x1d\x4f\x6e\x04\xb7\xdf\x7d\xa0\x64\xc9\xf4\x9f\x3a\x2e\xfa\x52\x3f\x59\xf7\x87\x77\xf7\xbb\x1f\xef\x28\xbd\x7e\x44\x0a\xda\x59\x01\xd2\xfb\x30\x59\x5d\x66\xcf\xda\x96\x02\xee\xd0\x1b\xd7\xd6\x68\x39\xab\x91\x65\x29\x59\x8a\x0c\xc0\xc8\x27\x34\x21\xfe\x83\xe8\x20\xe0\x39\xe4\xca\x59\x26\x67\x0c\x52\x5e\x4b\x2b\x2b\xa4\x4e\xcd\x1a\x49\xc0\x93\x54\xcf\x68\xcb\x4e\xb2\x1a\x42\xad\xd7\x50\xdc\x2e\x25\x71\x71\xe3\xfd\x26\x01\xf8\xfa\x35\x03\xb0\xb2\xc6\x6f\x1d\x1a\x3c\xaa\x18\x39\x30\x49\xc6\xaa\xed\xb3\x88\x46\xda\x56\xff\xf8\x52\x32\xf6\x22\x80\x5a\xbe\xcc\x1b\xaa\x50\xc0\xb4\xcf\xa5\xf5\x28\xe0\xaf\xd4\x34\x03\xf0\xe4\x2a\xc2\x10\xee\x50\x96\x46\x5b\x9c\xa3\x72\xb6\x0c\x02\xde\x4d\xa3\x1b\xa1\x37\x5a\xc9\x20\xe0\xb2\xfb\x5a\xe9\x98\xe7\xef\x3a\xb0\xa3\xf6\xa3\xae\x35\x0b\xb8\x8c\x86\x01\x0d\x2a\x76\xd4\x47\xaf\x25\xab\xe5\xc7\x04\xa7\x57\x91\x3a\x86\x15\xc0\x2f\xe7\xe0\xc5\x58\x7b\x33\x16\x9e\x76\x2a\xfe\xcc\x4e\x16\x67\xe4\x71\x3c\x93\x33\x73\x01\x18\x3a\x14\x7f\xeb\x75\x0e\x9f\x35\x2f\xa1\x78\x94\xa6\xc1\x50\xe8\x5a\x56\x38\x6b\x8c\x99\xa3\x22\xe4\x30\x38\x01\xec\x6b\xb6\x09\xc7\x43\xd8\xfd\x2b\x6b\x03\x05\x7c\x01\xab\x6d\x89\x96\xe1\x7a\xeb\x1b\x2d\xd0\x96\x5b\x41\xac\x4d\x6a\x8b\x34\x1e\x93\x83\x72\x75\x2d\x6d\xb9\x3d\x37\x87\x13\x10\xe4\x90\xe7\xc6\x55\xec\x02\x97\x48\xf4\x9e\xa9\xc1\x5d\x25\xca\x12\x29\xef\xba\xfe\x7e\x21\x4d\xd8\xaa\xbb\x52\x04\x3c\xa1\x32\xf2\x69\x72\x14\x6a\x31\x2d\xa6\xc5\xe5\xf5\xae\x4b\xac\x7e\xe6\x8c\x56\x6d\x8f\x70\x8a\x59\xe1\x47\xe5\xb6\xcc\xd3\x57\x65\xb0\xf1\x8e\x52\x38\xf3\x2d\x3a\x33\x47\x2c\xe0\x7a\x7a\x3d\x1d\xb5\xdd\x85\x60\xa7\x9c\x11\xf0\xf7\xed\x6c\x94\x13\x06\xd7\x90\xc2\xe4\xa0\xdd\xce\x6c\x92\xdd\xe6\x51\x8c\x2e\x49\xd3\x2e\xdf\xa4\xd9\xaf\x9c\x69\x6a\x7c\x70\x8d\xdd\x4d\xb0\x8e\x92\x99\xe4\xa5\x80\x09\xb2\x9a\x3c\x37\x4f\x18\xfc\x12\x09\x27\x49\xf4\x4d\xed\xa3\x2e\x62\xb0\xd0\xd5\x89\x73\x8c\x53\xd2\xb0\xae\xf1\xe0\x94\xa5\x0b\x9c\xef\x69\x08\x65\xf9\xa7\x35\xad\x80\x9d\xe6\xc7\xa2\xf5\xe2\x58\xc1\xf8\xc2\x24\x1f\x93\x9a\xd2\x5a\x5f\x43\xeb\xd0\xf9\x28\xd5\x8f\x90\x1d\x00\xed\x4a\x7c\x2b\x3f\xb4\xab\x7d\xef\xbd\x24\xa2\xc5\xb9\xb1\x4a\x1b\x06\x86\xde\x9a\x26\x30\xd2\xaf\x9a\x02\x67\x23\x49\x58\x12\x0f\x16\x37\xe6\xb3\x6c\xc3\x46\x17\xd4\x12\xcb\xc6\x20\x7d\xea\x00\x2f\x71\x21\x1b\xc3\xf9\x28\x1e\xcc\x90\x56\x5a\xe1\x8d\x52\x11\x84\xde\x76\xbd\x06\x6d\x95\x69\x4a\x84\x8b\x8e\xea\x84\xc5\xa1\xdd\x05\x14\xdb\x3c\x19\xa9\xd6\x56\xb2\x76\xf6\x37\x92\x0a\x67\x48\xda\x95\xe3\x6c\x7f\x3b\x10\xbe\x67\x60\x32\x25\x5e\x23\x55\xff\xf9\x20\xbd\xf8\x0e\x26\xc2\x50\xee\x83\x2b\x51\xc0\xd5\x9b\xe9\x18\x2f\x12\xaf\x63\x68\x7a\x03\x4f\x33\xb6\xdf\x63\x17\x17\xd9\x69\x0a\x9f\xc5\xd3\xb0\xdb\xed\xf3\xf8\x99\x52\xf3\xdd\x89\x29\x7c\x30\xfd\xd9\x19\xa4\xae\x29\x49\xdc\x44\xf8\x43\x33\xff\x20\x9a\x75\x25\xce\x37\x5b\x79\x6b\x96\x4a\x7f\x28\x9e\x5c\x2c\xb4\xd5\xdc\x8a\x64\xd0\x96\x37\x96\xf5\xcd\x81\x22\xde\x8c\xff\x1a\x4d\x58\xde\x35\xa4\x6d\x35\xef\x49\xaf\x6d\x75\x5f\x59\x37\x8a\x3f\xbc\xa0\x6a\x22\x10\xa9\x67\xcc\xcb\x3b\xe3\xaa\xf6\x0f\x6c\x7b\x92\x91\x45\x8e\x7b\xc1\x4d\x62\xcf\x63\xf7\x13\xfb\xcd\xc2\x3f\x2c\x71\x78\x14\xb1\x5a\x7e\x78\xf1\xf1\xc9\xb3\x0b\xf9\x10\xee\x39\x86\x91\xde\xef\x29\x00\x9c\x8f\x7d\x72\x24\xe0\xde\x1e\x28\x57\x1d\xe6\xe2\x40\x9e\xbf\xb2\x9c\x06\xfe\x06\x2f\xd5\xbe\x7f\x9e\x5e\xa9\xd0\x06\xc6\x3a\x3b\xda\xe5\x01\xf1\x9d\xcd\x98\xc8\x45\x96\x50\x1b\xbe\xc0\xb0\x8c\xa6\xd1\x21\x69\x6c\x96\xe7\x79\x96\xa5\xef\xe1\xf1\x29\x3c\xef\xe7\xcd\x4f\xf7\x0e\x1e\x97\x7b\xde\xfd\x15\x70\x75\xf5\x36\x3b\xbe\xc6\x59\x52\x85\xbc\xd9\xf9\xbd\xd9\xee\xa3\xf5\xbb\x6b\x38\xeb\x45\x18\x7a\xa6\x8d\xbd\x80\x4f\xce\x46\xc2\xf6\x63\x6c\xb3\x45\xee\x67\xd9\xff\x01\x00\x00\xff\xff\xfe\xc5\x76\xab\x87\x0c\x00\x00"),
|
||||
},
|
||||
"/build/ks-core/values.yaml": &vfsgen۰CompressedFileInfo{
|
||||
name: "values.yaml",
|
||||
|
||||
@@ -32,7 +32,7 @@ spec:
|
||||
- command:
|
||||
- ks-apiserver
|
||||
- --logtostderr=true
|
||||
image: beclab/ks-apiserver:0.0.15
|
||||
image: beclab/ks-apiserver:0.0.18
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
name: ks-apiserver
|
||||
ports:
|
||||
|
||||
@@ -35,7 +35,7 @@ spec:
|
||||
- controller-manager
|
||||
- --logtostderr=true
|
||||
- --leader-elect=false
|
||||
image: beclab/ks-controller-manager:0.0.15
|
||||
image: beclab/ks-controller-manager:0.0.18
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
name: ks-controller-manager
|
||||
ports:
|
||||
|
||||
@@ -162,7 +162,7 @@ spec:
|
||||
priorityClassName: "system-cluster-critical"
|
||||
containers:
|
||||
- name: app-service
|
||||
image: beclab/app-service:0.3.38
|
||||
image: beclab/app-service:0.3.42
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
|
||||
@@ -28,7 +28,7 @@ spec:
|
||||
name: check-auth
|
||||
containers:
|
||||
- name: auth-front
|
||||
image: beclab/login:v1.3.64
|
||||
image: beclab/login:v1.3.73
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
@@ -223,6 +223,12 @@ spec:
|
||||
serviceAccountName: bytetrade-controller
|
||||
priorityClassName: "system-cluster-critical"
|
||||
initContainers:
|
||||
- args:
|
||||
- -it
|
||||
- authelia-backend.os-system:9091
|
||||
image: owncloudci/wait-for:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: check-auth
|
||||
- name: init-userspace
|
||||
image: busybox:1.28
|
||||
volumeMounts:
|
||||
@@ -261,7 +267,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: api
|
||||
image: beclab/bfl:v0.4.9
|
||||
image: beclab/bfl:v0.4.10
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
|
||||
@@ -97,7 +97,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: gateway
|
||||
image: beclab/appdata-gateway:0.1.20
|
||||
image: beclab/appdata-gateway:0.1.21
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -106,7 +106,7 @@ spec:
|
||||
- containerPort: 8080
|
||||
env:
|
||||
- name: FILES_SERVER_TAG
|
||||
value: 'beclab/files-server:v0.2.72'
|
||||
value: 'beclab/files-server:v0.2.75'
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
@@ -142,7 +142,7 @@ spec:
|
||||
{{ end }}
|
||||
|
||||
- name: files
|
||||
image: beclab/files-server:v0.2.72
|
||||
image: beclab/files-server:v0.2.75
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
@@ -443,7 +443,7 @@ spec:
|
||||
name: check-nats
|
||||
containers:
|
||||
- name: files
|
||||
image: beclab/files-server:v0.2.72
|
||||
image: beclab/files-server:v0.2.75
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
|
||||
@@ -162,3 +162,10 @@ spec:
|
||||
{{- if .Values.scheduler.nodeName }}
|
||||
nodeName: {{ .Values.scheduler.nodeName }}
|
||||
{{- end }}
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
|
||||
@@ -4,7 +4,7 @@ nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
namespaceOverride: ""
|
||||
imagePullSecrets: []
|
||||
version: "v2.5.2-share-06"
|
||||
version: "v2.5.2-share-10"
|
||||
|
||||
# Nvidia GPU Parameters
|
||||
resourceName: "nvidia.com/gpu"
|
||||
|
||||
@@ -110,7 +110,7 @@ spec:
|
||||
- |
|
||||
chown -R 1000:1000 /headscale
|
||||
- name: init
|
||||
image: beclab/headscale-init:v0.1.10
|
||||
image: beclab/headscale-init:v0.1.11
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
privileged: true
|
||||
@@ -131,6 +131,8 @@ spec:
|
||||
value: "{{ $pg_password | b64dec }}"
|
||||
- name: PG_DB
|
||||
value: user_space_{{ .Values.bfl.username }}_headscale
|
||||
- name: USER_SUBNET
|
||||
value: {{ .Values.tailscaleUserSubnet | default "100.64.0.0/20" }}
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /etc/headscale
|
||||
@@ -175,7 +177,7 @@ spec:
|
||||
command:
|
||||
- "sh"
|
||||
- "-xc"
|
||||
- "(date; for i in `seq 1 600`; do if ! test -S /var/run/headscale.sock; then echo wait-headscale.sock-1s; sleep 1; else break; fi; done; headscale apikeys create -e 3650d > /etc/headscale/apikey; headscale users create default; headscale preauthkeys create -e 3650d -u default > /etc/headscale/preauthkey; if ! test -s /etc/headscale/apikey; then echo apikey-empty; exit 1; fi; if ! test -s /etc/headscale/preauthkey; then echo preauthkey-empty; exit 1; fi) >> /tmp/headscale.log 2>&1"
|
||||
- "(date; for i in `seq 1 600`; do if ! test -S /var/run/headscale.sock; then echo wait-headscale.sock-1s; sleep 1; else break; fi; done; headscale apikeys create -e 3650d > /etc/headscale/apikey; headscale users create default; headscale preauthkeys create -e 3650d --reusable -u default > /etc/headscale/preauthkey; if ! test -s /etc/headscale/apikey; then echo apikey-empty; exit 1; fi; if ! test -s /etc/headscale/preauthkey; then echo preauthkey-empty; exit 1; fi) >> /tmp/headscale.log 2>&1"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /etc/headscale
|
||||
@@ -279,22 +281,30 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
{{- if eq $role "platform-admin" }}
|
||||
- name: TS_DEBUG_FIREWALL_MODE
|
||||
value: nftables
|
||||
{{- end }}
|
||||
- name: TS_SOCKET
|
||||
value: "/var/run/tailscale/tailscaled.sock"
|
||||
- name: TS_STATE_DIR
|
||||
value: "/var/lib/tailscale/"
|
||||
- name: USER_INDEX
|
||||
value: {{ .Values.tailscaleUserIndex | default "0" | quote }}
|
||||
- name: TS_TAILSCALED_EXTRA_ARGS
|
||||
value: "--no-logs-no-support --verbose=1"
|
||||
value: >-
|
||||
--no-logs-no-support
|
||||
--verbose=1
|
||||
--tun=tailscale0{{ if ne $role "platform-admin" }}$(USER_INDEX){{ end }}
|
||||
- name: TS_ROUTES
|
||||
value: $(NODE_IP)/32
|
||||
value: $(COREDNS_SVC)/32
|
||||
- name: TS_EXTRA_ARGS
|
||||
value: "--login-server http://headscale-server-svc:8080"
|
||||
{{- if eq $role "platform-admin" }}
|
||||
value: >-
|
||||
--login-server http://headscale-server-svc:8080
|
||||
--netfilter-mode {{ if eq $role "platform-admin" }}on{{ else }}off{{ end }}
|
||||
- name: TS_USERSPACE
|
||||
value: "false"
|
||||
- name: TS_DEBUG_FIREWALL_MODE
|
||||
value: nftables
|
||||
{{- end }}
|
||||
|
||||
- name: TS_KUBE_SECRET
|
||||
volumes:
|
||||
- name: config
|
||||
@@ -383,7 +393,9 @@ data:
|
||||
acl.json: |
|
||||
{
|
||||
"acls":[
|
||||
{ "action": "accept", "src": ["*"], "proto": "tcp", "dst": ["*:80"] },
|
||||
{ "action": "accept", "src": ["*"], "proto": "tcp", "dst": ["*:443"] },
|
||||
{ "action": "accept", "src": ["*"], "proto": "tcp", "dst": ["*:18088"] },
|
||||
{ "action": "accept", "src": ["*"], "proto": "udp", "dst": ["*:53"] }
|
||||
],
|
||||
"autoApprovers": {
|
||||
|
||||
@@ -385,10 +385,6 @@ spec:
|
||||
protocol: TCP
|
||||
port: 3010
|
||||
targetPort: 3010
|
||||
- name: "knowledge-websocket"
|
||||
protocol: TCP
|
||||
port: 40010
|
||||
targetPort: 40010
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
|
||||
@@ -156,7 +156,7 @@ spec:
|
||||
value: os_system_notifications
|
||||
containers:
|
||||
- name: notifications-api
|
||||
image: beclab/notifications-api:v1.12.5
|
||||
image: beclab/notifications-api:v1.12.6
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3010
|
||||
|
||||
@@ -238,7 +238,7 @@ spec:
|
||||
value: os_system_search3
|
||||
containers:
|
||||
- name: search3
|
||||
image: beclab/search3:v0.0.34
|
||||
image: beclab/search3:v0.0.36
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
@@ -263,7 +263,7 @@ spec:
|
||||
- name: NATS_SUBJECT_SYSTEM_GROUPS
|
||||
value: terminus.os-system.system.groups
|
||||
- name: search3monitor
|
||||
image: beclab/search3monitor:v0.0.34
|
||||
image: beclab/search3monitor:v0.0.36
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: DATABASE_URL
|
||||
|
||||
@@ -46,4 +46,4 @@ spec:
|
||||
replicas: 1
|
||||
owner: system
|
||||
backupStorage: '{{ $citus_backuppath }}/pg_backup'
|
||||
citusImage: beclab/citus:12.2
|
||||
citusImage: beclab/citus:13.0.3
|
||||
@@ -117,6 +117,28 @@ spec:
|
||||
labels:
|
||||
app: lldap
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-container-check-citus
|
||||
image: 'postgres:16.0-alpine3.18'
|
||||
command:
|
||||
- sh
|
||||
- '-c'
|
||||
- >-
|
||||
echo -e "Checking for the availability of PostgreSQL Server
|
||||
deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB1
|
||||
-c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >>
|
||||
PostgreSQL DB Server has started";
|
||||
env:
|
||||
- name: PGHOST
|
||||
value: citus-headless.os-system
|
||||
- name: PGPORT
|
||||
value: '5432'
|
||||
- name: PGUSER
|
||||
value: lldap_os_system
|
||||
- name: PGPASSWORD
|
||||
value: {{ $pg_password | b64dec }}
|
||||
- name: PGDB1
|
||||
value: os_system_lldap
|
||||
containers:
|
||||
- env:
|
||||
- name: GID
|
||||
@@ -174,7 +196,7 @@ spec:
|
||||
- name: NATS_SUBJECT_SYSTEM_GROUPS
|
||||
value: "terminus.{{ .Release.Namespace }}.system.groups"
|
||||
|
||||
image: beclab/lldap:0.0.2
|
||||
image: beclab/lldap:0.0.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: lldap
|
||||
ports:
|
||||
|
||||
@@ -99,7 +99,7 @@ spec:
|
||||
- name: DISABLE_TELEMETRY
|
||||
value: "false"
|
||||
- name: operator-api
|
||||
image: beclab/middleware-operator:0.2.6
|
||||
image: beclab/middleware-operator:0.2.8
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9080
|
||||
|
||||
@@ -76,7 +76,7 @@ spec:
|
||||
runAsUser: 0
|
||||
containers:
|
||||
- name: tapr-sysevent
|
||||
image: beclab/sys-event:0.2.5
|
||||
image: beclab/sys-event:0.2.6
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: APP_RANDOM_KEY
|
||||
|
||||
@@ -3,9 +3,9 @@ target: prebuilt
|
||||
output:
|
||||
containers:
|
||||
-
|
||||
name: beclab/ks-apiserver:0.0.15
|
||||
name: beclab/ks-apiserver:0.0.18
|
||||
-
|
||||
name: beclab/ks-controller-manager:0.0.15
|
||||
name: beclab/ks-controller-manager:0.0.18
|
||||
-
|
||||
name: kubesphere/kubectl:v1.22.0
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@ target: prebuilt
|
||||
output:
|
||||
containers:
|
||||
-
|
||||
name: beclab/hami:v2.5.2-share-06
|
||||
name: beclab/hami:v2.5.2-share-10
|
||||
-
|
||||
name: projecthami/hami-webui-fe-oss:v1.0.5
|
||||
-
|
||||
|
||||
@@ -3,6 +3,6 @@ target: prebuilt
|
||||
output:
|
||||
containers:
|
||||
-
|
||||
name: beclab/citus:12.2
|
||||
name: beclab/citus:13.0.3
|
||||
|
||||
# must have blank new line
|
||||
Reference in New Issue
Block a user