Compare commits
216 Commits
feat/setti
...
fix/update
| Author | SHA1 | Date | |
|---|---|---|---|
|
f6187633d7 | ||
|
|
d7d611b5cd | ||
|
|
5725361d9b | ||
|
|
8e69ab9b97 | ||
|
|
026764477e | ||
|
|
b9da9d71a1 | ||
|
|
8e16d61be4 | ||
|
|
191f23454c | ||
|
|
a907e5f80d | ||
|
|
65acff0bf2 | ||
|
|
e76d1b87e5 | ||
|
|
e170092749 | ||
|
|
c1e53945f3 | ||
|
|
851356a399 | ||
|
|
5ceeb34079 | ||
|
|
ff45612602 | ||
|
|
7e20377f6a | ||
|
|
d2acac93bc | ||
|
|
8aefb66c4b | ||
|
|
5274efdbfa | ||
|
|
3c240ce7c6 | ||
|
|
611b356716 | ||
|
|
59b32f33b4 | ||
|
|
971401af3a | ||
|
|
31627d4f72 | ||
|
|
535e19acd8 | ||
|
|
6d08f2f4d4 | ||
|
|
5b8072e1e5 | ||
|
|
083f0c3866 | ||
|
|
17a1c8128e | ||
|
|
ee1a003001 | ||
|
|
dd94eea2f9 | ||
|
|
a6f82bc273 | ||
|
|
d53b1b6ec2 | ||
|
|
ababd15c90 | ||
|
|
ffb04cbd4b | ||
|
|
1f552ac613 | ||
|
|
f3603b22ce | ||
|
|
1fd597ff79 | ||
|
|
54f0a1143d | ||
|
|
3fb85fc3e5 | ||
|
|
58c952839a | ||
|
|
02ee7ca4ff | ||
|
|
ef08696851 | ||
|
|
f234187088 | ||
|
|
de09433738 | ||
|
|
bfdd500db3 | ||
|
|
2313e48e30 | ||
|
|
5672ad5691 | ||
|
|
6030c723fb | ||
|
|
b6607251b0 | ||
|
|
5502fdffb9 | ||
|
|
5632fa37a4 | ||
|
|
fa740be863 | ||
|
|
4cab48c1ac | ||
|
|
607a8b7476 | ||
|
|
b2a24cb23b | ||
|
|
e6711b6dd5 | ||
|
|
0549f0a948 | ||
|
|
107865ff83 | ||
|
|
bf1f9c8167 | ||
|
|
7b4c60ce8d | ||
|
|
735d0d06be | ||
|
|
d0fb912c31 | ||
|
|
500f50ec7b | ||
|
|
c548d15c61 | ||
|
|
469b36b3eb | ||
|
|
a5bec0f8e9 | ||
|
|
f6bff09f16 | ||
|
|
fd0ab0c92c | ||
|
|
d8f7cb29cc | ||
|
|
73c5433137 | ||
|
|
93ee2b85d7 | ||
|
|
632974d920 | ||
|
|
23276658e1 | ||
|
|
49b9ff6f41 | ||
|
|
7a6f9d8908 | ||
|
|
05f07bd8d8 | ||
|
|
4c526227be | ||
|
|
31a9a05fff | ||
|
|
86aeba659b | ||
|
|
1a817b5701 | ||
|
|
b294ee45fb | ||
|
|
81cdd392dc | ||
|
|
cf4dad6f77 | ||
|
|
34ddf31751 | ||
|
|
68c99c1d06 | ||
|
|
fad640c221 | ||
|
|
989b48d46b | ||
|
|
9d8dce1b8a | ||
|
|
fa5b932581 | ||
|
|
f0cceb8342 | ||
|
|
c4b1ccdf6c | ||
|
|
7212e10734 | ||
|
|
c04e7905cb | ||
|
|
bcfcfe5315 | ||
|
|
fc279bf833 | ||
|
|
88d0ade5b4 | ||
|
|
fbb0563b4f | ||
|
|
49a8af7dd7 | ||
|
|
93875b2f99 | ||
|
|
3bbf13395d | ||
|
|
964cf3847d | ||
|
|
b3fe489a8a | ||
|
|
166bafcb53 | ||
|
|
e75781c6ea | ||
|
|
d1ef6f9f06 | ||
|
|
2b17175300 | ||
|
|
59c04b5347 | ||
|
|
7ebf444318 | ||
|
|
391cfff940 | ||
|
|
482b3c3f7e | ||
|
|
f420c8ac81 | ||
|
|
4aab6cc254 | ||
|
|
dbed28ca50 | ||
|
|
98f4ac5687 | ||
|
|
4f2104f426 | ||
|
|
8a76513ec3 | ||
|
|
f932474c8a | ||
|
|
c1c8e5d953 | ||
|
|
306e2485e9 | ||
|
|
73d87d258f | ||
|
|
3ab7b95b0d | ||
|
|
39749a513a | ||
|
|
a10172cce8 | ||
|
|
8dcec77529 | ||
|
|
b6e37e381d | ||
|
|
008cd0b58d | ||
|
|
6398c89f39 | ||
|
|
acc263904e | ||
|
|
392d9d8bfa | ||
|
|
d9be731b75 | ||
|
|
2a71889ddd | ||
|
|
8bd2dac207 | ||
|
|
7b67b78da2 | ||
|
|
a0a597cd33 | ||
|
|
c55a613b57 | ||
|
|
ec3643f62a | ||
|
|
bbea56a422 | ||
|
|
8dc0088d85 | ||
|
|
cb779b872d | ||
|
|
4aa3dde022 | ||
|
|
3975224f5f | ||
|
|
20089d7185 | ||
|
|
7e1f313fe5 | ||
|
|
aa8e54bfe3 | ||
|
|
dd07d9ed44 | ||
|
|
6a216932ce | ||
|
|
b4f635d843 | ||
|
|
3809aae4da | ||
|
|
9e07f517d5 | ||
|
|
3c1dc4244f | ||
|
|
ed59bda580 | ||
|
|
9e9996f805 | ||
|
|
2af0271789 | ||
|
|
628d66c145 | ||
|
|
e3bf5cee0c | ||
|
|
5dcef60509 | ||
|
|
0ee6147ca7 | ||
|
|
d2b5f8da30 | ||
|
|
2c20be181f | ||
|
|
1f9d515ddd | ||
|
|
39b6d21179 | ||
|
|
6c1c94a869 | ||
|
|
5b35eb2e1e | ||
|
|
33e45f803b | ||
|
|
c8e610c348 | ||
|
|
a5a7ce9bee | ||
|
|
9afb81a96f | ||
|
|
0084d28f2b | ||
|
|
3f32d94448 | ||
|
|
a10c276b6e | ||
|
|
b838c36c37 | ||
|
|
293238c8e0 | ||
|
|
fc26ac99f3 | ||
|
|
73a02b94a8 | ||
|
|
e435c257e9 | ||
|
|
7987fea7b8 | ||
|
|
765d742ea9 | ||
|
|
8612a81e07 | ||
|
|
7d5da36a9c | ||
|
|
5c9de1e158 | ||
|
|
1ed6fdb9ab | ||
|
|
e0462a6bec | ||
|
|
1959484a53 | ||
|
|
5a2c4d35eb | ||
|
|
632b3df2ad | ||
|
|
785259b7e3 | ||
|
|
1b6160ccea | ||
|
|
206e1d170c | ||
|
|
83d6268db7 | ||
|
|
2ba811371e | ||
|
|
c32af14696 | ||
|
|
513266a4dc | ||
|
|
dab8179459 | ||
|
|
c7b1c06aa6 | ||
|
|
ba1af4ab18 | ||
|
|
c880ae3c25 | ||
|
|
036b6e06d6 | ||
|
|
090bda22f2 | ||
|
|
90c24f00b5 | ||
|
|
36857650ca | ||
|
|
7604f472de | ||
|
|
a762e9a1ef | ||
|
|
2534f840a0 | ||
|
|
de6ff90ed5 | ||
|
|
0e41322f9b | ||
|
|
5e910671a3 | ||
|
|
43abac69b0 | ||
|
|
e0009f63ac | ||
|
|
c6196b6a87 | ||
|
|
a631f5f9e2 | ||
|
|
78947cce99 | ||
|
|
eb6dd3e9c1 | ||
|
|
ce66e30c45 | ||
|
|
180dcd2e7e |
2
.github/workflows/build-redis.yaml
vendored
2
.github/workflows/build-redis.yaml
vendored
@@ -20,7 +20,7 @@ jobs:
|
||||
bash scripts/build-redis.sh linux/amd64
|
||||
|
||||
push-arm64:
|
||||
runs-on: self-hosted
|
||||
runs-on: [self-hosted, linux, ARM64]
|
||||
|
||||
steps:
|
||||
- name: Clean
|
||||
|
||||
66
.github/workflows/check.yaml
vendored
66
.github/workflows/check.yaml
vendored
@@ -68,22 +68,6 @@ jobs:
|
||||
ref: ${{ github.event.pull_request.head.ref }}
|
||||
repository: ${{ github.event.pull_request.head.repo.full_name }}
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
coscmd config -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
# test
|
||||
- env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
@@ -93,7 +77,7 @@ jobs:
|
||||
bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
|
||||
|
||||
push-image-arm64:
|
||||
runs-on: self-hosted
|
||||
runs-on: [self-hosted, linux, ARM64]
|
||||
|
||||
steps:
|
||||
- name: 'Checkout source code'
|
||||
@@ -103,22 +87,6 @@ jobs:
|
||||
ref: ${{ github.event.pull_request.head.ref }}
|
||||
repository: ${{ github.event.pull_request.head.repo.full_name }}
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
|
||||
coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
- env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
@@ -140,22 +108,6 @@ jobs:
|
||||
ref: ${{ github.event.pull_request.head.ref }}
|
||||
repository: ${{ github.event.pull_request.head.repo.full_name }}
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
coscmd config -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
# test
|
||||
- env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
@@ -165,7 +117,7 @@ jobs:
|
||||
bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
|
||||
|
||||
push-deps-arm64:
|
||||
runs-on: self-hosted
|
||||
runs-on: [self-hosted, linux, ARM64]
|
||||
|
||||
steps:
|
||||
- name: "Checkout source code"
|
||||
@@ -178,20 +130,6 @@ jobs:
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
|
||||
coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
# test
|
||||
- env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
|
||||
2
.github/workflows/push-deps-to-s3.yml
vendored
2
.github/workflows/push-deps-to-s3.yml
vendored
@@ -36,7 +36,7 @@ jobs:
|
||||
bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
|
||||
|
||||
push-arm64:
|
||||
runs-on: self-hosted
|
||||
runs-on: [self-hosted, linux, ARM64]
|
||||
|
||||
steps:
|
||||
- name: "Checkout source code"
|
||||
|
||||
2
.github/workflows/push-to-s3.yaml
vendored
2
.github/workflows/push-to-s3.yaml
vendored
@@ -36,7 +36,7 @@ jobs:
|
||||
bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
|
||||
|
||||
push-arm64:
|
||||
runs-on: self-hosted
|
||||
runs-on: [self-hosted, linux, ARM64]
|
||||
|
||||
steps:
|
||||
- name: "Checkout source code"
|
||||
|
||||
94
.github/workflows/release-daily.yaml
vendored
94
.github/workflows/release-daily.yaml
vendored
@@ -16,22 +16,6 @@ jobs:
|
||||
- name: 'Checkout source code'
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
coscmd config -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
- env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
@@ -40,29 +24,12 @@ jobs:
|
||||
bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
|
||||
|
||||
push-images-arm64:
|
||||
runs-on: self-hosted
|
||||
runs-on: [self-hosted, linux, ARM64]
|
||||
|
||||
steps:
|
||||
- name: 'Checkout source code'
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
|
||||
coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
- env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
@@ -78,22 +45,6 @@ jobs:
|
||||
- name: "Checkout source code"
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
coscmd config -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
# test
|
||||
- env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
@@ -103,29 +54,12 @@ jobs:
|
||||
bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
|
||||
|
||||
push-deps-arm64:
|
||||
runs-on: self-hosted
|
||||
runs-on: [self-hosted, linux, ARM64]
|
||||
|
||||
steps:
|
||||
- name: "Checkout source code"
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
|
||||
coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
# test
|
||||
- env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
@@ -154,29 +88,6 @@ jobs:
|
||||
run: |
|
||||
bash scripts/build.sh ${{ steps.vars.outputs.tag_version }}
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
|
||||
coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
# - name: Upload to COS
|
||||
# run: |
|
||||
# md5sum install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz > install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt && \
|
||||
# coscmd upload ./install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt /install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt
|
||||
# coscmd upload ./install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz /install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz
|
||||
|
||||
- name: Upload to S3
|
||||
env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
@@ -230,6 +141,7 @@ jobs:
|
||||
build/installer/publicInstaller.sh
|
||||
build/installer/install.sh
|
||||
build/installer/install.ps1
|
||||
build/installer/joincluster.sh
|
||||
build/installer/publicAddnode.sh
|
||||
build/installer/version.hint
|
||||
build/installer/publicRestoreInstaller.sh
|
||||
|
||||
59
.github/workflows/release.yaml
vendored
59
.github/workflows/release.yaml
vendored
@@ -18,22 +18,6 @@ jobs:
|
||||
with:
|
||||
ref: ${{ github.event.inputs.tags }}
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
coscmd config -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
- env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
@@ -42,7 +26,7 @@ jobs:
|
||||
bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
|
||||
|
||||
push-arm64:
|
||||
runs-on: self-hosted
|
||||
runs-on: [self-hosted, linux, ARM64]
|
||||
|
||||
steps:
|
||||
- name: 'Checkout source code'
|
||||
@@ -50,23 +34,6 @@ jobs:
|
||||
with:
|
||||
ref: ${{ github.event.inputs.tags }}
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
|
||||
coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
- env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
@@ -89,29 +56,6 @@ jobs:
|
||||
run: |
|
||||
bash scripts/build.sh ${{ github.event.inputs.tags }}
|
||||
|
||||
- name: Install coscmd
|
||||
run: pip install coscmd
|
||||
|
||||
- name: Configure coscmd
|
||||
env:
|
||||
TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
|
||||
TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
|
||||
COS_BUCKET: ${{ secrets.COS_BUCKET }}
|
||||
COS_REGION: ${{ secrets.COS_REGION }}
|
||||
END_POINT: ${{ secrets.END_POINT }}
|
||||
run: |
|
||||
export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
|
||||
coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
|
||||
-s $TENCENT_SECRET_KEY \
|
||||
-b $COS_BUCKET \
|
||||
-r $COS_REGION
|
||||
|
||||
# - name: Upload to COS
|
||||
# run: |
|
||||
# md5sum install-wizard-v${{ github.event.inputs.tags }}.tar.gz > install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt && \
|
||||
# coscmd upload ./install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt /install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt
|
||||
# coscmd upload ./install-wizard-v${{ github.event.inputs.tags }}.tar.gz /install-wizard-v${{ github.event.inputs.tags }}.tar.gz
|
||||
|
||||
- name: Upload to S3
|
||||
env:
|
||||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
@@ -174,6 +118,7 @@ jobs:
|
||||
build/installer/publicInstaller.latest.ps1
|
||||
build/installer/install.ps1
|
||||
build/installer/publicAddnode.sh
|
||||
build/installer/joincluster.sh
|
||||
build/installer/version.hint
|
||||
build/installer/publicRestoreInstaller.sh
|
||||
prerelease: true
|
||||
|
||||
@@ -29,59 +29,6 @@ spec:
|
||||
app: recommend
|
||||
type: ClusterIP
|
||||
|
||||
---
|
||||
{{ if (eq .Values.debugVersion true) }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: recommend
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: recommend
|
||||
applications.app.bytetrade.io/author: bytetrade.io
|
||||
|
||||
applications.app.bytetrade.io/name: recommend
|
||||
applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
|
||||
annotations:
|
||||
applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/recommend/icon.png
|
||||
applications.app.bytetrade.io/title: recommend
|
||||
applications.app.bytetrade.io/version: '0.0.1'
|
||||
applications.app.bytetrade.io/entrances: '[{"name":"recommend", "host":"argoworkflows-ui", "port":80,"title":"recommend"}]'
|
||||
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: recommend
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: recommend
|
||||
io.bytetrade.app: "true"
|
||||
spec:
|
||||
containers:
|
||||
- name: recommend-proxy
|
||||
image: nginx:stable-alpine3.17-slim
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- name: proxy
|
||||
containerPort: 8080
|
||||
volumeMounts:
|
||||
- name: nginx-config
|
||||
readOnly: true
|
||||
mountPath: /etc/nginx/nginx.conf
|
||||
subPath: nginx.conf
|
||||
volumes:
|
||||
- name: nginx-config
|
||||
configMap:
|
||||
name: recommend-nginx-configs
|
||||
items:
|
||||
- key: nginx.conf
|
||||
path: nginx.conf
|
||||
{{ end }}
|
||||
|
||||
|
||||
|
||||
---
|
||||
|
||||
@@ -23,6 +23,7 @@ spec:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
priorityClassName: "system-cluster-critical"
|
||||
initContainers:
|
||||
- args:
|
||||
- -it
|
||||
@@ -65,7 +66,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: edge-desktop
|
||||
image: beclab/desktop:v0.2.45
|
||||
image: beclab/desktop:v0.2.57
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
@@ -77,7 +78,7 @@ spec:
|
||||
value: http://bfl.{{ .Release.Namespace }}:8080
|
||||
|
||||
- name: desktop-server
|
||||
image: beclab/desktop-server:v0.2.45
|
||||
image: beclab/desktop-server:v0.2.57
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -139,7 +140,7 @@ spec:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: terminus-ws-sidecar
|
||||
image: 'beclab/ws-gateway:v1.0.3'
|
||||
image: 'beclab/ws-gateway:v1.0.5'
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /ws-gateway
|
||||
@@ -516,9 +517,11 @@ data:
|
||||
|
||||
clusters:
|
||||
- name: original_dst
|
||||
connect_timeout: 5000s
|
||||
connect_timeout: 120s
|
||||
type: ORIGINAL_DST
|
||||
lb_policy: CLUSTER_PROVIDED
|
||||
common_http_protocol_options:
|
||||
idle_timeout: 10s
|
||||
- name: authelia
|
||||
connect_timeout: 2s
|
||||
type: LOGICAL_DNS
|
||||
@@ -691,6 +694,8 @@ data:
|
||||
connect_timeout: 5000s
|
||||
type: ORIGINAL_DST
|
||||
lb_policy: CLUSTER_PROVIDED
|
||||
common_http_protocol_options:
|
||||
idle_timeout: 10s
|
||||
- name: ws_original_dst
|
||||
connect_timeout: 5000s
|
||||
type: LOGICAL_DNS
|
||||
|
||||
@@ -146,7 +146,7 @@ spec:
|
||||
value: user_space_{{ .Values.bfl.username }}_knowledge
|
||||
containers:
|
||||
- name: aria2
|
||||
image: "beclab/aria2:v0.0.3"
|
||||
image: "beclab/aria2:v0.0.4"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
@@ -172,7 +172,7 @@ spec:
|
||||
cpu: "1"
|
||||
memory: 300Mi
|
||||
- name: yt-dlp
|
||||
image: "beclab/yt-dlp:v0.0.16"
|
||||
image: "beclab/yt-dlp:v0.0.21"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -220,7 +220,7 @@ spec:
|
||||
cpu: "1"
|
||||
memory: 300Mi
|
||||
- name: download-spider
|
||||
image: "beclab/download-spider:v0.0.15"
|
||||
image: "beclab/download-spider:v0.0.22"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -251,6 +251,8 @@ spec:
|
||||
value: {{ $nat_password | b64dec }}
|
||||
- name: NATS_SUBJECT
|
||||
value: "terminus.{{ .Release.Namespace }}.download_status"
|
||||
- name: SETTING_URL
|
||||
value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
|
||||
volumeMounts:
|
||||
- name: download-dir
|
||||
mountPath: /downloads
|
||||
|
||||
@@ -1,11 +1,15 @@
|
||||
|
||||
{{- $namespace := printf "%s" "os-system" -}}
|
||||
{{- $files_secret := (lookup "v1" "Secret" $namespace "files-secrets") -}}
|
||||
{{- $password := "" -}}
|
||||
|
||||
{{- $files_postgres_password := "" -}}
|
||||
{{ if $files_secret -}}
|
||||
{{ $password = (index $files_secret "data" "password") }}
|
||||
{{ $files_postgres_password = (index $files_secret "data" "files_postgres_password") }}
|
||||
{{- if not $files_postgres_password -}}
|
||||
{{ $files_postgres_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
{{ else -}}
|
||||
{{ $password = randAlphaNum 16 | b64enc }}
|
||||
{{ $files_postgres_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $files_redis_password := "" -}}
|
||||
@@ -15,6 +19,14 @@
|
||||
{{ $files_redis_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $files_nats_secret := (lookup "v1" "Secret" "os-system" "files-nats-secrets") -}}
|
||||
{{- $files_nats_password := "" -}}
|
||||
{{ if $files_nats_secret -}}
|
||||
{{ $files_nats_password = (index $files_nats_secret "data" "files_nats_password") }}
|
||||
{{ else -}}
|
||||
{{ $files_nats_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
@@ -37,9 +49,8 @@ spec:
|
||||
serviceAccount: os-internal
|
||||
serviceAccountName: os-internal
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
runAsUser: 0
|
||||
runAsNonRoot: false
|
||||
initContainers:
|
||||
- name: init-data
|
||||
image: busybox:1.28
|
||||
@@ -61,16 +72,16 @@ spec:
|
||||
chown -R 1000:1000 /appdata; chown -R 1000:1000 /appcache; chown -R 1000:1000 /data
|
||||
containers:
|
||||
- name: gateway
|
||||
image: beclab/appdata-gateway:0.1.15
|
||||
image: beclab/appdata-gateway:0.1.18
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
runAsUser: 1000
|
||||
runAsUser: 0
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
env:
|
||||
- name: FILES_SERVER_TAG
|
||||
value: 'beclab/files-server:v0.2.45'
|
||||
value: 'beclab/files-server:v0.2.68'
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
@@ -88,6 +99,10 @@ spec:
|
||||
value: seafile
|
||||
image: beclab/media-server:v0.1.10
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
ports:
|
||||
- containerPort: 9090
|
||||
volumeMounts:
|
||||
@@ -98,14 +113,15 @@ spec:
|
||||
{{ if .Values.sharedlib }}
|
||||
- name: shared-lib
|
||||
mountPath: /data/External
|
||||
mountPropagation: Bidirectional
|
||||
{{ end }}
|
||||
|
||||
- name: files
|
||||
image: beclab/files-server:v0.2.45
|
||||
image: beclab/files-server:v0.2.68
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
runAsUser: 1000
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: fb-data
|
||||
@@ -157,7 +173,7 @@ spec:
|
||||
# - name: ZINC_USER
|
||||
# value: zincuser-files-os-system
|
||||
# - name: ZINC_PASSWORD
|
||||
# value: {{ $password | b64dec }}
|
||||
# value: {{ $files_postgres_password | b64dec }}
|
||||
# - name: ZINC_HOST
|
||||
# value: zinc-server-svc.os-system
|
||||
# - name: ZINC_PORT
|
||||
@@ -191,6 +207,32 @@ spec:
|
||||
# use redis db 0 for redis cache
|
||||
- name: REDIS_DB
|
||||
value: '0'
|
||||
- name: NATS_HOST
|
||||
value: nats
|
||||
- name: NATS_PORT
|
||||
value: '4222'
|
||||
- name: NATS_USERNAME
|
||||
value: os-system-files-server
|
||||
- name: NATS_PASSWORD
|
||||
value: {{ $files_nats_password | b64dec }}
|
||||
- name: NATS_SUBJECT
|
||||
value: terminus.os-system.files-notify
|
||||
- name: RESERVED_SPACE
|
||||
value: '1000'
|
||||
- name: OLARES_VERSION
|
||||
value: '1.11'
|
||||
- name: FILE_CACHE_DIR
|
||||
value: '/data/file_cache'
|
||||
- name: PGHOST
|
||||
value: citus-headless.os-system
|
||||
- name: PGPORT
|
||||
value: '5432'
|
||||
- name: PGUSER
|
||||
value: files_os_system
|
||||
- name: PGPASSWORD
|
||||
value: {{ $files_postgres_password | b64dec }}
|
||||
- name: PGDB1
|
||||
value: os_system_files
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
@@ -207,12 +249,14 @@ spec:
|
||||
- /filebrowser
|
||||
- --noauth
|
||||
- name: uploader
|
||||
image: beclab/upload:v1.0.7
|
||||
image: beclab/upload:v1.0.14
|
||||
env:
|
||||
- name: UPLOAD_FILE_TYPE
|
||||
value: '*'
|
||||
- name: UPLOAD_LIMITED_SIZE
|
||||
value: '21474836481'
|
||||
value: '118111600640'
|
||||
- name: RESERVED_SPACE
|
||||
value: '1000'
|
||||
volumeMounts:
|
||||
- name: fb-data
|
||||
mountPath: /appdata
|
||||
@@ -223,13 +267,18 @@ spec:
|
||||
{{ if .Values.sharedlib }}
|
||||
- name: shared-lib
|
||||
mountPath: /data/External
|
||||
mountPropagation: Bidirectional
|
||||
{{ end }}
|
||||
resources: { }
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
- name: nginx
|
||||
image: 'beclab/nginx-lua:n0.0.4'
|
||||
image: 'nginx:stable-alpine3.17-slim'
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
@@ -237,6 +286,10 @@ spec:
|
||||
- containerPort: 80
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: files-nginx-config
|
||||
readOnly: true
|
||||
mountPath: /etc/nginx/nginx.conf
|
||||
subPath: nginx.conf
|
||||
- name: files-nginx-config
|
||||
mountPath: /etc/nginx/conf.d/default.conf
|
||||
subPath: default.conf
|
||||
@@ -261,6 +314,8 @@ spec:
|
||||
configMap:
|
||||
name: files-nginx-config
|
||||
items:
|
||||
- key: nginx.conf
|
||||
path: nginx.conf
|
||||
- key: default.conf
|
||||
path: default.conf
|
||||
defaultMode: 420
|
||||
@@ -345,14 +400,21 @@ spec:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
chown -R 1000:1000 /appdata
|
||||
chown -R 1000:1000 /appdata
|
||||
- args:
|
||||
- -it
|
||||
- nats.os-system:4222
|
||||
image: owncloudci/wait-for:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: check-nats
|
||||
containers:
|
||||
- name: files
|
||||
image: beclab/files-server:v0.2.45
|
||||
image: beclab/files-server:v0.2.68
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
runAsUser: 1000
|
||||
allowPrivilegeEscalation: true
|
||||
runAsUser: 0
|
||||
runAsNonRoot: false
|
||||
volumeMounts:
|
||||
- name: fb-data
|
||||
mountPath: /appdata
|
||||
@@ -361,12 +423,16 @@ spec:
|
||||
ports:
|
||||
- containerPort: 8110
|
||||
env:
|
||||
- name: FB_DATABASE
|
||||
value: /appdata/database/filebrowser.db
|
||||
- name: FB_CONFIG
|
||||
value: /appdata/config/settings.json
|
||||
- name: FB_ROOT
|
||||
- name: ROOT_PREFIX
|
||||
value: /data
|
||||
# - name: FB_DATABASE
|
||||
# value: /appdata/database/filebrowser.db
|
||||
# - name: FB_CONFIG
|
||||
# value: /appdata/config/settings.json
|
||||
# - name: FB_ROOT
|
||||
# value: /data
|
||||
- name: OLARES_VERSION
|
||||
value: '1.11'
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
@@ -409,9 +475,39 @@ metadata:
|
||||
namespace: os-system
|
||||
type: Opaque
|
||||
data:
|
||||
password: {{ $password }}
|
||||
files_postgres_password: {{ $files_postgres_password }}
|
||||
files_redis_password: {{ $files_redis_password }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: files-nats-secrets
|
||||
namespace: os-system
|
||||
data:
|
||||
files_nats_password: {{ $files_nats_password }}
|
||||
type: Opaque
|
||||
|
||||
---
|
||||
apiVersion: apr.bytetrade.io/v1alpha1
|
||||
kind: MiddlewareRequest
|
||||
metadata:
|
||||
name: files-pg
|
||||
namespace: os-system
|
||||
spec:
|
||||
app: files
|
||||
appNamespace: os-system
|
||||
middleware: postgres
|
||||
postgreSQL:
|
||||
user: files_os_system
|
||||
password:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: files_postgres_password
|
||||
name: files-secrets
|
||||
databases:
|
||||
- name: files
|
||||
|
||||
---
|
||||
apiVersion: apr.bytetrade.io/v1alpha1
|
||||
kind: MiddlewareRequest
|
||||
@@ -430,6 +526,37 @@ spec:
|
||||
name: files-secrets
|
||||
namespace: files-redis
|
||||
|
||||
---
|
||||
apiVersion: apr.bytetrade.io/v1alpha1
|
||||
kind: MiddlewareRequest
|
||||
metadata:
|
||||
name: files-server-nat
|
||||
namespace: os-system
|
||||
spec:
|
||||
app: files-server
|
||||
appNamespace: os-system
|
||||
middleware: nats
|
||||
nats:
|
||||
password:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: files_nats_password
|
||||
name: files-nats-secrets
|
||||
refs: []
|
||||
subjects:
|
||||
- export:
|
||||
- appName: files-frontend
|
||||
pub: allow
|
||||
sub: allow
|
||||
- appName: vault
|
||||
pub: allow
|
||||
sub: allow
|
||||
name: files-notify
|
||||
permission:
|
||||
pub: allow
|
||||
sub: allow
|
||||
user: os-system-files-server
|
||||
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
@@ -439,6 +566,37 @@ metadata:
|
||||
annotations:
|
||||
kubesphere.io/creator: bytetrade.io
|
||||
data:
|
||||
nginx.conf: |-
|
||||
user nginx;
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 2700;
|
||||
|
||||
#gzip on;
|
||||
client_max_body_size 4000M;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
default.conf: |-
|
||||
server {
|
||||
listen 80 default_server;
|
||||
@@ -488,12 +646,12 @@ data:
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
client_body_timeout 60s;
|
||||
client_body_timeout 600s;
|
||||
client_max_body_size 2000M;
|
||||
proxy_request_buffering off;
|
||||
keepalive_timeout 75s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
keepalive_timeout 750s;
|
||||
proxy_read_timeout 600s;
|
||||
proxy_send_timeout 600s;
|
||||
}
|
||||
|
||||
location /api/raw/AppData {
|
||||
@@ -505,12 +663,77 @@ data:
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
client_body_timeout 60s;
|
||||
client_max_body_size 2000M;
|
||||
client_body_timeout 1800s;
|
||||
client_max_body_size 4000M;
|
||||
proxy_request_buffering off;
|
||||
keepalive_timeout 75s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
keepalive_timeout 2700s;
|
||||
proxy_read_timeout 1800s;
|
||||
proxy_send_timeout 1800s;
|
||||
}
|
||||
|
||||
location /api/raw {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
# rewrite ^/server(.*)$ $1 break;
|
||||
|
||||
# Add original-request-related headers
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
client_body_timeout 1800s;
|
||||
client_max_body_size 4000M;
|
||||
proxy_request_buffering off;
|
||||
keepalive_timeout 2700s;
|
||||
proxy_read_timeout 1800s;
|
||||
proxy_send_timeout 1800s;
|
||||
}
|
||||
|
||||
location /api/md5 {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
# rewrite ^/server(.*)$ $1 break;
|
||||
# Add original-request-related headers
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
add_header Accept-Ranges bytes;
|
||||
client_body_timeout 1800s;
|
||||
client_max_body_size 4000M;
|
||||
proxy_request_buffering off;
|
||||
keepalive_timeout 2700s;
|
||||
proxy_read_timeout 1800s;
|
||||
proxy_send_timeout 1800s;
|
||||
}
|
||||
|
||||
location /api/paste {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
# rewrite ^/server(.*)$ $1 break;
|
||||
# Add original-request-related headers
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
add_header Accept-Ranges bytes;
|
||||
client_body_timeout 1800s;
|
||||
client_max_body_size 4000M;
|
||||
proxy_request_buffering off;
|
||||
keepalive_timeout 2700s;
|
||||
proxy_read_timeout 1800s;
|
||||
proxy_send_timeout 1800s;
|
||||
}
|
||||
|
||||
location /api/cache {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
# rewrite ^/server(.*)$ $1 break;
|
||||
# Add original-request-related headers
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
add_header Accept-Ranges bytes;
|
||||
client_body_timeout 1800s;
|
||||
client_max_body_size 4000M;
|
||||
proxy_request_buffering off;
|
||||
keepalive_timeout 2700s;
|
||||
proxy_read_timeout 1800s;
|
||||
proxy_send_timeout 1800s;
|
||||
}
|
||||
|
||||
location /provider {
|
||||
@@ -562,7 +785,7 @@ data:
|
||||
|
||||
client_body_timeout 600s;
|
||||
client_max_body_size 4000M;
|
||||
proxy_request_buffering off;
|
||||
proxy_request_buffering on;
|
||||
keepalive_timeout 750s;
|
||||
proxy_read_timeout 600s;
|
||||
proxy_send_timeout 600s;
|
||||
@@ -598,12 +821,12 @@ data:
|
||||
|
||||
add_header Accept-Ranges bytes;
|
||||
|
||||
client_body_timeout 60s;
|
||||
client_body_timeout 600s;
|
||||
client_max_body_size 2000M;
|
||||
proxy_request_buffering off;
|
||||
keepalive_timeout 75s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
keepalive_timeout 750s;
|
||||
proxy_read_timeout 600s;
|
||||
proxy_send_timeout 600s;
|
||||
}
|
||||
|
||||
location /seafhttp/ {
|
||||
@@ -617,12 +840,12 @@ data:
|
||||
|
||||
add_header Accept-Ranges bytes;
|
||||
|
||||
client_body_timeout 60s;
|
||||
client_body_timeout 600s;
|
||||
client_max_body_size 2000M;
|
||||
proxy_request_buffering off;
|
||||
keepalive_timeout 75s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
keepalive_timeout 750s;
|
||||
proxy_read_timeout 600s;
|
||||
proxy_send_timeout 600s;
|
||||
}
|
||||
# files
|
||||
# for all routes matching a dot, check for files and return 404 if not found
|
||||
|
||||
@@ -27,6 +27,14 @@
|
||||
{{ $pg_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $files_frontend_nats_secret := (lookup "v1" "Secret" $namespace "files-frontend-nats-secrets") -}}
|
||||
{{- $files_frontend_nats_password := "" -}}
|
||||
{{ if $files_frontend_nats_secret -}}
|
||||
{{ $files_frontend_nats_password = (index $files_frontend_nats_secret "data" "files_frontend_nats_password") }}
|
||||
{{ else -}}
|
||||
{{ $files_frontend_nats_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
@@ -134,6 +142,12 @@ spec:
|
||||
image: owncloudci/wait-for:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: check-auth
|
||||
- args:
|
||||
- -it
|
||||
- nats.user-system-{{ .Values.bfl.username }}:4222
|
||||
image: owncloudci/wait-for:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: check-nats
|
||||
- name: terminus-sidecar-init
|
||||
image: openservicemesh/init:v1.2.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
@@ -283,18 +297,29 @@ spec:
|
||||
# - /filebrowser
|
||||
# - --noauth
|
||||
- name: files-frontend
|
||||
image: beclab/files-frontend:v1.2.69
|
||||
image: beclab/files-frontend-1.11:v1.3.53
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
ports:
|
||||
- containerPort: 80
|
||||
env:
|
||||
- name: NATS_HOST
|
||||
value: nats.user-system-{{ .Values.bfl.username }}
|
||||
- name: NATS_PORT
|
||||
value: '4222'
|
||||
- name: NATS_USERNAME
|
||||
value: user-system-{{ .Values.bfl.username }}-files-frontend
|
||||
- name: NATS_PASSWORD
|
||||
value: {{ $files_frontend_nats_password | b64dec }}
|
||||
- name: NATS_SUBJECT
|
||||
value: terminus.os-system.files-notify
|
||||
volumeMounts:
|
||||
- name: userspace-dir
|
||||
mountPath: /data
|
||||
- name: drive-server
|
||||
image: beclab/drive:v0.0.29
|
||||
image: beclab/drive:v0.0.72
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: OS_SYSTEM_SERVER
|
||||
@@ -308,6 +333,8 @@ spec:
|
||||
ports:
|
||||
- containerPort: 8181
|
||||
volumeMounts:
|
||||
- name: data-dir
|
||||
mountPath: /data
|
||||
- name: upload-data
|
||||
mountPath: /data/Home
|
||||
- name: upload-appdata
|
||||
@@ -315,7 +342,7 @@ spec:
|
||||
- name: userspace-app-dir
|
||||
mountPath: /data/Application
|
||||
- name: task-executor
|
||||
image: beclab/driveexecutor:v0.0.29
|
||||
image: beclab/driveexecutor:v0.0.72
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: OS_SYSTEM_SERVER
|
||||
@@ -329,6 +356,8 @@ spec:
|
||||
ports:
|
||||
- containerPort: 8181
|
||||
volumeMounts:
|
||||
- name: data-dir
|
||||
mountPath: /data
|
||||
- name: upload-data
|
||||
mountPath: /data/Home
|
||||
- name: upload-appdata
|
||||
@@ -397,6 +426,10 @@ spec:
|
||||
fieldPath: status.podIP
|
||||
|
||||
volumes:
|
||||
- name: data-dir
|
||||
hostPath:
|
||||
path: {{ .Values.rootPath }}/rootfs/userspace
|
||||
type: Directory
|
||||
- name: watch-dir
|
||||
hostPath:
|
||||
type: Directory
|
||||
@@ -606,6 +639,16 @@ data:
|
||||
redis_password: {{ $redis_password }}
|
||||
pg_password: {{ $pg_password }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: files-frontend-nats-secrets
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
data:
|
||||
files_frontend_nats_password: {{ $files_frontend_nats_password }}
|
||||
type: Opaque
|
||||
|
||||
#---
|
||||
#apiVersion: apr.bytetrade.io/v1alpha1
|
||||
#kind: MiddlewareRequest
|
||||
@@ -646,6 +689,31 @@ spec:
|
||||
name: zinc-files-secrets
|
||||
namespace: zinc-files
|
||||
|
||||
---
|
||||
apiVersion: apr.bytetrade.io/v1alpha1
|
||||
kind: MiddlewareRequest
|
||||
metadata:
|
||||
name: files-frontend-nat
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
spec:
|
||||
app: files-frontend
|
||||
appNamespace: user-space-{{ .Values.bfl.username }}
|
||||
middleware: nats
|
||||
nats:
|
||||
password:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: files_frontend_nats_password
|
||||
name: files-frontend-nats-secrets
|
||||
refs:
|
||||
- appName: files-server
|
||||
appNamespace: os-system
|
||||
subjects:
|
||||
- name: files-notify
|
||||
perm:
|
||||
- pub
|
||||
- sub
|
||||
user: user-system-{{ .Values.bfl.username }}-files-frontend
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
@@ -690,11 +758,14 @@ data:
|
||||
prefix: "/upload"
|
||||
route:
|
||||
cluster: upload_original_dst
|
||||
timeout: 1800s
|
||||
idle_timeout: 1800s
|
||||
- match:
|
||||
prefix: "/"
|
||||
route:
|
||||
cluster: original_dst
|
||||
timeout: 600s
|
||||
timeout: 1800s
|
||||
idle_timeout: 1800s
|
||||
http_protocol_options:
|
||||
accept_http_10: true
|
||||
http_filters:
|
||||
@@ -781,9 +852,11 @@ data:
|
||||
|
||||
clusters:
|
||||
- name: original_dst
|
||||
connect_timeout: 5000s
|
||||
connect_timeout: 120s
|
||||
type: ORIGINAL_DST
|
||||
lb_policy: CLUSTER_PROVIDED
|
||||
common_http_protocol_options:
|
||||
idle_timeout: 10s
|
||||
- name: upload_original_dst
|
||||
connect_timeout: 5000s
|
||||
type: LOGICAL_DNS
|
||||
|
||||
@@ -168,7 +168,7 @@ spec:
|
||||
value: user_space_{{ .Values.bfl.username }}_knowledge
|
||||
containers:
|
||||
- name: knowledge
|
||||
image: "beclab/knowledge-base-api:v0.1.56"
|
||||
image: "beclab/knowledge-base-api:v0.1.70"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -183,6 +183,8 @@ spec:
|
||||
value: 'http://rss-server.os-system:1200'
|
||||
- name: SEARCH_URL
|
||||
value: 'http://search3.os-system:80'
|
||||
- name: UPLOAD_SAVE_PATH
|
||||
value: '/data/Home/Documents/'
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
@@ -236,7 +238,7 @@ spec:
|
||||
memory: 1Gi
|
||||
|
||||
- name: backend-server
|
||||
image: "beclab/recommend-backend:v0.0.24"
|
||||
image: "beclab/recommend-backend:v0.0.31"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -296,7 +298,7 @@ spec:
|
||||
- name: YT_DLP_API_URL
|
||||
value: http://download-svc.user-space-{{ .Values.bfl.username }}:3082/api/v1/get_metadata
|
||||
- name: DOWNLOAD_API_URL
|
||||
value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080/api/termius/download
|
||||
value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080/api
|
||||
- name: SETTING_API_URL
|
||||
value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
|
||||
volumeMounts:
|
||||
@@ -367,7 +369,7 @@ spec:
|
||||
memory: 800Mi
|
||||
|
||||
- name: terminus-ws-sidecar
|
||||
image: 'beclab/ws-gateway:v1.0.3'
|
||||
image: 'beclab/ws-gateway:v1.0.4'
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /ws-gateway
|
||||
@@ -421,6 +423,10 @@ spec:
|
||||
protocol: TCP
|
||||
port: 3010
|
||||
targetPort: 3010
|
||||
- name: "knowledge-websocket"
|
||||
protocol: TCP
|
||||
port: 40010
|
||||
targetPort: 40010
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
|
||||
{{- $market_secret := (lookup "v1" "Secret" $namespace "market-secrets") -}}
|
||||
{{- $market_secret := (lookup "v1" "Secret" .Release.Namespace "market-secrets") -}}
|
||||
|
||||
{{- $redis_password := "" -}}
|
||||
{{ if $market_secret -}}
|
||||
{{ $redis_password = (index $market_secret "data" "redis_password") }}
|
||||
{{ $redis_password = (index $market_secret "data" "redis-passwords") }}
|
||||
{{ else -}}
|
||||
{{ $redis_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
@@ -44,6 +43,7 @@ spec:
|
||||
app: appstore
|
||||
io.bytetrade.app: "true"
|
||||
spec:
|
||||
priorityClassName: "system-cluster-critical"
|
||||
initContainers:
|
||||
- args:
|
||||
- -it
|
||||
@@ -85,12 +85,12 @@ spec:
|
||||
fieldPath: status.podIP
|
||||
containers:
|
||||
- name: appstore
|
||||
image: beclab/market-frontend:v0.2.30
|
||||
image: beclab/market-frontend:v0.3.10
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
- name: appstore-backend
|
||||
image: beclab/market-backend:v0.2.30
|
||||
image: beclab/market-backend:v0.3.10
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 81
|
||||
@@ -170,7 +170,7 @@ spec:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: terminus-ws-sidecar
|
||||
image: 'beclab/ws-gateway:v1.0.3'
|
||||
image: 'beclab/ws-gateway:v1.0.5'
|
||||
command:
|
||||
- /ws-gateway
|
||||
env:
|
||||
|
||||
@@ -38,173 +38,6 @@ spec:
|
||||
databases:
|
||||
- name: notifications
|
||||
|
||||
{{ if (eq .Values.debugVersion true) }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: notifications-deployment
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: notifications
|
||||
applications.app.bytetrade.io/author: bytetrade.io
|
||||
|
||||
applications.app.bytetrade.io/name: notifications
|
||||
applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
|
||||
annotations:
|
||||
applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/notifications/icon.png
|
||||
applications.app.bytetrade.io/title: Notifications
|
||||
applications.app.bytetrade.io/version: '0.0.1'
|
||||
applications.app.bytetrade.io/entrances: '[{"name":"notifications", "host":"notifications-service", "port":80,"title":"Notifications"}]'
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: notifications
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: notifications
|
||||
io.bytetrade.app: "true"
|
||||
spec:
|
||||
initContainers:
|
||||
- args:
|
||||
- -it
|
||||
- authelia-backend.os-system:9091
|
||||
image: owncloudci/wait-for:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: check-auth
|
||||
- name: terminus-sidecar-init
|
||||
image: openservicemesh/init:v1.2.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
iptables-restore --noflush <<EOF
|
||||
# sidecar interception rules
|
||||
*nat
|
||||
:PROXY_IN_REDIRECT - [0:0]
|
||||
:PROXY_INBOUND - [0:0]
|
||||
-A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
|
||||
-A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
|
||||
-A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
|
||||
-A PREROUTING -p tcp -j PROXY_INBOUND
|
||||
COMMIT
|
||||
EOF
|
||||
|
||||
env:
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
containers:
|
||||
- name: notifications-frontend
|
||||
image: beclab/notifications-frontend:v0.1.22
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
- name: terminus-envoy-sidecar
|
||||
image: bytetrade/envoy:v1.25.11
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
runAsUser: 1000
|
||||
ports:
|
||||
- name: proxy-admin
|
||||
containerPort: 15000
|
||||
- name: proxy-inbound
|
||||
containerPort: 15003
|
||||
volumeMounts:
|
||||
- name: terminus-sidecar-config
|
||||
readOnly: true
|
||||
mountPath: /etc/envoy/envoy.yaml
|
||||
subPath: envoy.yaml
|
||||
command:
|
||||
- /usr/local/bin/envoy
|
||||
- --log-level
|
||||
- debug
|
||||
- -c
|
||||
- /etc/envoy/envoy.yaml
|
||||
env:
|
||||
- name: POD_UID
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.uid
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
volumes:
|
||||
- name: terminus-sidecar-config
|
||||
configMap:
|
||||
name: sidecar-configs
|
||||
items:
|
||||
- key: envoy.yaml
|
||||
path: envoy.yaml
|
||||
# - name: REDIS_HOST
|
||||
# value: localhost
|
||||
# - name: REDIS_PORT
|
||||
# value: "6379"
|
||||
# - name: notifications-worker
|
||||
# image: aboveos/notifications-worker:v0.1.2
|
||||
# imagePullPolicy: IfNotPresent
|
||||
# env:
|
||||
# - name: MONGO_URL
|
||||
# value: mongodb://admin:123456@localhost:27017
|
||||
# - name: REDIS_HOST
|
||||
# value: localhost
|
||||
# - name: REDIS_CACHE_SERVICE_HOST
|
||||
# value: localhost
|
||||
# - name: REDIS_PORT
|
||||
# value: "6379"
|
||||
# - name: mongodb
|
||||
# image: mongo:4.4.5
|
||||
# env:
|
||||
# - name: MONGO_INITDB_ROOT_USERNAME
|
||||
# value: admin
|
||||
# - name: MONGO_INITDB_ROOT_PASSWORD
|
||||
# value: '123456'
|
||||
# imagePullPolicy: IfNotPresent
|
||||
# ports:
|
||||
# - containerPort: 27017
|
||||
# volumeMounts:
|
||||
# - name: mongo-data
|
||||
# mountPath: /data/db
|
||||
# - name: redis
|
||||
# image: redis:7.0.5-alpine3.16
|
||||
# imagePullPolicy: IfNotPresent
|
||||
# volumeMounts:
|
||||
# - name: redis-data
|
||||
# mountPath: /data
|
||||
# volumes:
|
||||
# - name: mongo-data
|
||||
# hostPath:
|
||||
# type: DirectoryOrCreate
|
||||
# path: {{ .Values.userspace.appCache}}/notification/db
|
||||
# - name: redis-data
|
||||
# hostPath:
|
||||
# type: DirectoryOrCreate
|
||||
# path: {{ .Values.userspace.appCache}}/notification/redisdata
|
||||
{{ end }}
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
@@ -289,17 +122,6 @@ kind: Service
|
||||
metadata:
|
||||
name: notifications-service
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{ if (eq .Values.debugVersion true) }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: notifications
|
||||
ports:
|
||||
- name: "notifications-frontend"
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
{{ else }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
@@ -309,7 +131,6 @@ spec:
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: 3010
|
||||
{{ end }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: rss-server
|
||||
image: beclab/rsshub-server:v0.0.2
|
||||
image: beclab/rsshub-server:v0.0.5
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 1200
|
||||
|
||||
@@ -199,7 +199,7 @@ spec:
|
||||
value: os_system_search3
|
||||
containers:
|
||||
- name: search3
|
||||
image: beclab/search3:v0.0.24
|
||||
image: beclab/search3:v0.0.30
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
|
||||
4
apps/studio/README.md
Normal file
4
apps/studio/README.md
Normal file
@@ -0,0 +1,4 @@
|
||||
# devbox
|
||||
Terminus App development management tools
|
||||
|
||||
https://github.com/beclab/devbox
|
||||
23
apps/studio/config/user/helm-charts/studio/.helmignore
Normal file
23
apps/studio/config/user/helm-charts/studio/.helmignore
Normal file
@@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
26
apps/studio/config/user/helm-charts/studio/Chart.yaml
Normal file
26
apps/studio/config/user/helm-charts/studio/Chart.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
apiVersion: v2
|
||||
name: studio
|
||||
description: A Terminus app development tool
|
||||
maintainers:
|
||||
- name: bytetrade
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||
# to be deployed.
|
||||
#
|
||||
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||
type: application
|
||||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.1.3
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "4.9.1"
|
||||
BIN
apps/studio/config/user/helm-charts/studio/devbox.png
Normal file
BIN
apps/studio/config/user/helm-charts/studio/devbox.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 749 KiB |
@@ -0,0 +1,549 @@
|
||||
{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
|
||||
{{- $studio_secret := (lookup "v1" "Secret" $namespace "studio-secrets") -}}
|
||||
|
||||
{{- $pg_password := "" -}}
|
||||
{{ if $studio_secret -}}
|
||||
{{ $pg_password = (index $studio_secret "data" "pg_password") }}
|
||||
{{ else -}}
|
||||
{{ $pg_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: studio-secrets
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
type: Opaque
|
||||
data:
|
||||
pg_password: {{ $pg_password }}
|
||||
|
||||
---
|
||||
apiVersion: apr.bytetrade.io/v1alpha1
|
||||
kind: MiddlewareRequest
|
||||
metadata:
|
||||
name: studio-pg
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
spec:
|
||||
app: studio
|
||||
appNamespace: {{ .Release.Namespace }}
|
||||
middleware: postgres
|
||||
postgreSQL:
|
||||
user: studio_{{ .Values.bfl.username }}
|
||||
password:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: pg_password
|
||||
name: studio-secrets
|
||||
databases:
|
||||
- name: studio
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: studio-server
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
selector:
|
||||
app: studio-server
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 8080
|
||||
targetPort: 8088
|
||||
name: http
|
||||
- protocol: TCP
|
||||
port: 8083
|
||||
targetPort: 8083
|
||||
name: https
|
||||
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: chartmuseum-studio
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 8080
|
||||
targetPort: 8888
|
||||
selector:
|
||||
app: studio-server
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: studio-san-cnf
|
||||
namespace: {{ .Release.Namespace }}
|
||||
data:
|
||||
san.cnf: |
|
||||
[req]
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
prompt = no
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = CN
|
||||
stateOrProvinceName = Beijing
|
||||
localityName = Beijing
|
||||
0.organizationName = bytetrade
|
||||
commonName = studio-server.{{ .Release.Namespace }}.svc
|
||||
|
||||
[v3_req]
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
subjectAltName = @bytetrade
|
||||
|
||||
[bytetrade]
|
||||
DNS.1 = studio-server.{{ .Release.Namespace }}.svc
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: studio-server
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: studio-server
|
||||
applications.app.bytetrade.io/author: bytetrade.io
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: studio-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: studio-server
|
||||
spec:
|
||||
serviceAccountName: bytetrade-controller
|
||||
volumes:
|
||||
- name: chart
|
||||
hostPath:
|
||||
type: DirectoryOrCreate
|
||||
path: {{ .Values.userspace.appData}}/studio/Chart
|
||||
- name: data
|
||||
hostPath:
|
||||
type: DirectoryOrCreate
|
||||
path: {{ .Values.userspace.appData }}/studio/Data
|
||||
- name: storage-volume
|
||||
hostPath:
|
||||
path: {{ .Values.userspace.appData }}/studio/helm-repo-dev
|
||||
type: DirectoryOrCreate
|
||||
- name: config-san
|
||||
configMap:
|
||||
name: studio-san-cnf
|
||||
items:
|
||||
- key: san.cnf
|
||||
path: san.cnf
|
||||
- name: sidecar-configs-studio
|
||||
configMap:
|
||||
name: sidecar-configs-studio
|
||||
items:
|
||||
- key: envoy.yaml
|
||||
path: envoy.yaml
|
||||
- name: certs
|
||||
emptyDir: {}
|
||||
initContainers:
|
||||
- name: init-chmod-data
|
||||
image: busybox:1.28
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- sh
|
||||
- '-c'
|
||||
- |
|
||||
chown -R 1000:1000 /home/coder
|
||||
chown -R 65532:65532 /charts
|
||||
chown -R 65532:65532 /data
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
resources: { }
|
||||
volumeMounts:
|
||||
- name: storage-volume
|
||||
mountPath: /home/coder
|
||||
- name: chart
|
||||
mountPath: /charts
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: terminus-sidecar-init
|
||||
image: aboveos/openservicemesh-init:v1.2.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
iptables-restore --noflush <<EOF
|
||||
# sidecar interception rules
|
||||
*nat
|
||||
:PROXY_IN_REDIRECT - [0:0]
|
||||
:PROXY_INBOUND - [0:0]
|
||||
:PROXY_OUTBOUND - [0:0]
|
||||
:PROXY_OUT_REDIRECT - [0:0]
|
||||
|
||||
-A PREROUTING -p tcp -j PROXY_INBOUND
|
||||
-A OUTPUT -p tcp -j PROXY_OUTBOUND
|
||||
-A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
|
||||
-A PROXY_INBOUND -p tcp --dport 8083 -j RETURN
|
||||
-A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
|
||||
-A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
|
||||
|
||||
|
||||
-A PROXY_OUTBOUND -p tcp --dport 5432 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 6379 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 27017 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 443 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 8080 -j RETURN
|
||||
|
||||
-A PROXY_OUTBOUND -d ${POD_IP}/32 -j RETURN
|
||||
|
||||
-A PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1555 -j PROXY_IN_REDIRECT
|
||||
-A PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1555 -j RETURN
|
||||
-A PROXY_OUTBOUND -m owner --uid-owner 1555 -j RETURN
|
||||
-A PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
|
||||
|
||||
-A PROXY_OUTBOUND -j PROXY_OUT_REDIRECT
|
||||
-A PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
|
||||
|
||||
COMMIT
|
||||
EOF
|
||||
env:
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
|
||||
- name: generate-certs
|
||||
image: beclab/openssl:v3
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: [ "/bin/sh", "-c" ]
|
||||
args:
|
||||
- |
|
||||
openssl genrsa -out /etc/certs/ca.key 2048
|
||||
openssl req -new -x509 -days 3650 -key /etc/certs/ca.key -out /etc/certs/ca.crt \
|
||||
-subj "/CN=bytetrade CA/O=bytetrade/C=CN"
|
||||
openssl req -new -newkey rsa:2048 -nodes \
|
||||
-keyout /etc/certs/server.key -out /etc/certs/server.csr \
|
||||
-config /etc/san/san.cnf
|
||||
openssl x509 -req -days 3650 -in /etc/certs/server.csr \
|
||||
-CA /etc/certs/ca.crt -CAkey /etc/certs/ca.key \
|
||||
-CAcreateserial -out /etc/certs/server.crt \
|
||||
-extensions v3_req -extfile /etc/san/san.cnf
|
||||
chown -R 65532 /etc/certs/*
|
||||
volumeMounts:
|
||||
- name: config-san
|
||||
mountPath: /etc/san
|
||||
- name: certs
|
||||
mountPath: /etc/certs
|
||||
|
||||
containers:
|
||||
- name: studio
|
||||
image: beclab/studio-server:v0.1.49
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- server
|
||||
ports:
|
||||
- name: port
|
||||
containerPort: 8088
|
||||
protocol: TCP
|
||||
- name: ssl-port
|
||||
containerPort: 8083
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: chart
|
||||
mountPath: /charts
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- mountPath: /etc/certs
|
||||
name: certs
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- "/studio"
|
||||
- "clean"
|
||||
env:
|
||||
- name: BASE_DIR
|
||||
value: /charts
|
||||
- name: OS_API_KEY
|
||||
value: {{ .Values.os.studio.appKey }}
|
||||
- name: OS_API_SECRET
|
||||
value: {{ .Values.os.studio.appSecret }}
|
||||
- name: OS_SYSTEM_SERVER
|
||||
value: system-server.user-system-{{ .Values.bfl.username }}
|
||||
- name: NAME_SPACE
|
||||
value: {{ .Release.Namespace }}
|
||||
- name: OWNER
|
||||
value: '{{ .Values.bfl.username }}'
|
||||
- name: DB_HOST
|
||||
value: citus-master-svc.user-system-{{ .Values.bfl.username }}
|
||||
- name: DB_USERNAME
|
||||
value: studio_{{ .Values.bfl.username }}
|
||||
- name: DB_PASSWORD
|
||||
value: "{{ $pg_password | b64dec }}"
|
||||
- name: DB_NAME
|
||||
value: user_space_{{ .Values.bfl.username }}_studio
|
||||
- name: DB_PORT
|
||||
value: "5432"
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: "0.5"
|
||||
memory: 1000Mi
|
||||
- name: terminus-envoy-sidecar
|
||||
image: bytetrade/envoy:v1.25.11.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
runAsUser: 1555
|
||||
ports:
|
||||
- name: proxy-admin
|
||||
containerPort: 15000
|
||||
- name: proxy-inbound
|
||||
containerPort: 15003
|
||||
- name: proxy-outbound
|
||||
containerPort: 15001
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: "0.5"
|
||||
memory: 200Mi
|
||||
volumeMounts:
|
||||
- name: sidecar-configs-studio
|
||||
readOnly: true
|
||||
mountPath: /etc/envoy/envoy.yaml
|
||||
subPath: envoy.yaml
|
||||
command:
|
||||
- /usr/local/bin/envoy
|
||||
- --log-level
|
||||
- debug
|
||||
- -c
|
||||
- /etc/envoy/envoy.yaml
|
||||
env:
|
||||
- name: POD_UID
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.uid
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: APP_KEY
|
||||
value: {{ .Values.os.studio.appKey }}
|
||||
- name: APP_SECRET
|
||||
value: {{ .Values.os.studio.appSecret }}
|
||||
- name: chartmuseum
|
||||
image: aboveos/helm-chartmuseum:v0.15.0
|
||||
args:
|
||||
- '--port=8888'
|
||||
- '--storage-local-rootdir=/storage'
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8888
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: CHART_POST_FORM_FIELD_NAME
|
||||
value: chart
|
||||
- name: DISABLE_API
|
||||
value: 'false'
|
||||
- name: LOG_JSON
|
||||
value: 'true'
|
||||
- name: PROV_POST_FORM_FIELD_NAME
|
||||
value: prov
|
||||
- name: STORAGE
|
||||
value: local
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- name: storage-volume
|
||||
mountPath: /storage
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
envoy.yaml: |
|
||||
admin:
|
||||
access_log_path: "/dev/stdout"
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15000
|
||||
static_resources:
|
||||
listeners:
|
||||
- name: listener_0
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15003
|
||||
listener_filters:
|
||||
- name: envoy.filters.listener.original_dst
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
|
||||
filter_chains:
|
||||
- filters:
|
||||
- name: envoy.filters.network.http_connection_manager
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
||||
stat_prefix: desktop_http
|
||||
upgrade_configs:
|
||||
- upgrade_type: websocket
|
||||
- upgrade_type: tailscale-control-protocol
|
||||
skip_xff_append: false
|
||||
codec_type: AUTO
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
- name: service
|
||||
domains: ["*"]
|
||||
routes:
|
||||
- match:
|
||||
prefix: "/"
|
||||
route:
|
||||
cluster: original_dst
|
||||
timeout: 1800s
|
||||
http_protocol_options:
|
||||
accept_http_10: true
|
||||
http_filters:
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
- name: listener_1
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15001
|
||||
listener_filters:
|
||||
- name: envoy.filters.listener.original_dst
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
|
||||
filter_chains:
|
||||
- filters:
|
||||
- name: envoy.filters.network.http_connection_manager
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
||||
stat_prefix: studio_out_http
|
||||
skip_xff_append: false
|
||||
codec_type: AUTO
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
- name: service
|
||||
domains: ["*"]
|
||||
routes:
|
||||
- match:
|
||||
prefix: "/server/intent/send"
|
||||
request_headers_to_add:
|
||||
- header:
|
||||
key: X-App-Key
|
||||
value: {{ .Values.os.studio.appKey }}
|
||||
route:
|
||||
cluster: system-server
|
||||
prefix_rewrite: /system-server/v2/legacy_api/api.intent/v2/server/intent/send
|
||||
- match:
|
||||
prefix: "/"
|
||||
route:
|
||||
cluster: original_dst
|
||||
timeout: 1800s
|
||||
typed_per_filter_config:
|
||||
envoy.filters.http.lua:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
|
||||
disabled: true
|
||||
|
||||
http_protocol_options:
|
||||
accept_http_10: true
|
||||
http_filters:
|
||||
- name: envoy.filters.http.lua
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
|
||||
inline_code:
|
||||
local sha = require("lib.sha2")
|
||||
function envoy_on_request(request_handle)
|
||||
local app_key = os.getenv("APP_KEY")
|
||||
local app_secret = os.getenv("APP_SECRET")
|
||||
local current_time = os.time()
|
||||
local minute_level_time = current_time - (current_time % 60)
|
||||
local time_string = tostring(minute_level_time)
|
||||
local s = app_key .. app_secret .. time_string
|
||||
request_handle:logInfo("originstring:" .. s)
|
||||
local hash = sha.sha256(s)
|
||||
request_handle:logInfo("Hello World.")
|
||||
request_handle:logInfo(hash)
|
||||
request_handle:headers():add("X-Auth-Signature",hash)
|
||||
end
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
|
||||
|
||||
clusters:
|
||||
- name: original_dst
|
||||
connect_timeout: 5000s
|
||||
type: ORIGINAL_DST
|
||||
lb_policy: CLUSTER_PROVIDED
|
||||
- name: system-server
|
||||
connect_timeout: 2s
|
||||
type: LOGICAL_DNS
|
||||
dns_lookup_family: V4_ONLY
|
||||
dns_refresh_rate: 600s
|
||||
lb_policy: ROUND_ROBIN
|
||||
load_assignment:
|
||||
cluster_name: system-server
|
||||
endpoints:
|
||||
- lb_endpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
socket_address:
|
||||
address: system-server.user-system-{{ .Values.bfl.username }}
|
||||
port_value: 80
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: sidecar-configs-studio
|
||||
namespace: {{ .Release.Namespace }}
|
||||
44
apps/studio/config/user/helm-charts/studio/values.yaml
Normal file
44
apps/studio/config/user/helm-charts/studio/values.yaml
Normal file
@@ -0,0 +1,44 @@
|
||||
|
||||
bfl:
|
||||
nodeport: 30883
|
||||
nodeport_ingress_http: 30083
|
||||
nodeport_ingress_https: 30082
|
||||
username: 'test'
|
||||
url: 'test'
|
||||
nodeName: test
|
||||
pvc:
|
||||
userspace: test
|
||||
userspace:
|
||||
userData: test/Home
|
||||
appData: test/Data
|
||||
appCache: test
|
||||
dbdata: test
|
||||
docs:
|
||||
nodeport: 30881
|
||||
desktop:
|
||||
nodeport: 30180
|
||||
os:
|
||||
portfolio:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
vault:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
desktop:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
message:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
rss:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
search:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
search2:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
kubesphere:
|
||||
redis_password: ""
|
||||
|
||||
@@ -22,7 +22,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: monitoring-server
|
||||
image: beclab/monitoring-server-v1:v0.2.3
|
||||
image: beclab/monitoring-server-v1:v0.2.5
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
|
||||
@@ -109,6 +109,19 @@ spec:
|
||||
port: 3010
|
||||
targetPort: 3010
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: studio-svc
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
selector:
|
||||
app: system-frontend
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 8080
|
||||
targetPort: 87
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@@ -121,11 +134,11 @@ metadata:
|
||||
applications.app.bytetrade.io/group: 'true'
|
||||
applications.app.bytetrade.io/author: bytetrade.io
|
||||
annotations:
|
||||
applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","wise":"https://file.bttcdn.com/appstore/rss/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png"}'
|
||||
applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","wise":"Wise","headscale":"Headscale","settings":"Settings"}'
|
||||
applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","wise":"0.0.1","headscale":"0.0.1","settings":"0.0.1"}'
|
||||
applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","wise":"https://file.bttcdn.com/appstore/rss/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png","studio":"https://file.bttcdn.com/appstore/devbox/icon.png"}'
|
||||
applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","wise":"Wise","headscale":"Headscale","settings":"Settings","studio":"Studio"}'
|
||||
applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","wise":"0.0.1","headscale":"0.0.1","settings":"0.0.1","studio":"0.0.1"}'
|
||||
applications.app.bytetrade.io/policies: '{"dashboard":{"policies":[{"entranceName":"dashboard","uriRegex":"/js/script.js", "level":"public"},{"entranceName":"dashboard","uriRegex":"/js/api/send", "level":"public"}]}}'
|
||||
applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"wise":[{"name":"wise", "host":"wise-svc", "port":80,"title":"Wise","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}]}'
|
||||
applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"wise":[{"name":"wise", "host":"wise-svc", "port":80,"title":"Wise","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}],"studio":[{"name":"studio","host":"studio-svc","port":8080,"title":"Studio","openMethod":"window"}]}'
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
@@ -137,6 +150,7 @@ spec:
|
||||
app: system-frontend
|
||||
io.bytetrade.app: "true"
|
||||
spec:
|
||||
priorityClassName: "system-cluster-critical"
|
||||
initContainers:
|
||||
- args:
|
||||
- -it
|
||||
@@ -177,7 +191,7 @@ spec:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
- name: dashboard-init
|
||||
image: beclab/dashboard-frontend-v1:v0.4.4
|
||||
image: beclab/dashboard-frontend-v1:v0.4.9
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -189,7 +203,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: control-hub-init
|
||||
image: beclab/admin-console-frontend-v1:v0.4.8
|
||||
image: beclab/admin-console-frontend-v1:v0.5.8
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -201,7 +215,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: profile-editor-init
|
||||
image: beclab/profile-editor:v0.2.0
|
||||
image: beclab/profile-editor:v0.2.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -213,7 +227,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: profile-preview-init
|
||||
image: beclab/profile-preview:v0.2.0
|
||||
image: beclab/profile-preview:v0.2.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -225,7 +239,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: wise-init
|
||||
image: beclab/wise:v1.2.69
|
||||
image: beclab/wise:v1.3.53
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -237,7 +251,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: settings-init
|
||||
image: beclab/settings:v0.2.0
|
||||
image: beclab/settings:v0.2.19
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -248,6 +262,18 @@ spec:
|
||||
volumeMounts:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: studio-init
|
||||
image: beclab/studio:v0.2.10
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
mkdir -p /www/studio
|
||||
cp -r /app/* /www/studio
|
||||
volumeMounts:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
containers:
|
||||
- name: terminus-envoy-sidecar
|
||||
image: bytetrade/envoy:v1.25.11
|
||||
@@ -283,6 +309,7 @@ spec:
|
||||
- containerPort: 84
|
||||
- containerPort: 85
|
||||
- containerPort: 86
|
||||
- containerPort: 87
|
||||
- containerPort: 8090
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -298,7 +325,7 @@ spec:
|
||||
- name: www-dir
|
||||
mountPath: /www
|
||||
- name: wise-download-dir
|
||||
mountPath: /data/Home/Downloads
|
||||
mountPath: /data/Home
|
||||
- name: system-frontend-nginx-config
|
||||
mountPath: /etc/nginx/nginx.conf
|
||||
subPath: nginx.conf
|
||||
@@ -320,6 +347,9 @@ spec:
|
||||
- name: system-frontend-nginx-config
|
||||
mountPath: /etc/nginx/conf.d/settings.conf
|
||||
subPath: settings.conf
|
||||
- name: system-frontend-nginx-config
|
||||
mountPath: /etc/nginx/conf.d/studio.conf
|
||||
subPath: studio.conf
|
||||
env:
|
||||
- name: POD_UID
|
||||
valueFrom:
|
||||
@@ -338,7 +368,7 @@ spec:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: terminus-ws-sidecar
|
||||
image: 'beclab/ws-gateway:v1.0.3'
|
||||
image: 'beclab/ws-gateway:v1.0.5'
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /ws-gateway
|
||||
@@ -351,7 +381,7 @@ spec:
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
- name: settings-server
|
||||
image: beclab/settings-server:v0.2.0
|
||||
image: beclab/settings-server:v0.2.19
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
@@ -394,7 +424,7 @@ spec:
|
||||
path: {{ .Values.userspace.userData }}
|
||||
- name: terminus-sidecar-config
|
||||
configMap:
|
||||
name: sidecar-ws-configs
|
||||
name: sidecar-configs
|
||||
items:
|
||||
- key: envoy.yaml
|
||||
path: envoy.yaml
|
||||
@@ -403,7 +433,7 @@ spec:
|
||||
- name: wise-download-dir
|
||||
hostPath:
|
||||
type: Directory
|
||||
path: {{ .Values.userspace.userData }}/Downloads
|
||||
path: {{ .Values.userspace.userData }}
|
||||
- name: system-frontend-nginx-config
|
||||
configMap:
|
||||
name: system-frontend-nginx-config
|
||||
@@ -422,6 +452,8 @@ spec:
|
||||
path: headscale.conf
|
||||
- key: settings.conf
|
||||
path: settings.conf
|
||||
- key: studio.conf
|
||||
path: studio.conf
|
||||
|
||||
|
||||
---
|
||||
@@ -477,6 +509,31 @@ status:
|
||||
---
|
||||
apiVersion: sys.bytetrade.io/v1alpha1
|
||||
kind: ApplicationPermission
|
||||
metadata:
|
||||
name: studio
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
spec:
|
||||
app: studio
|
||||
appid: studio
|
||||
key: {{ .Values.os.studio.appKey }}
|
||||
secret: {{ .Values.os.studio.appSecret }}
|
||||
permissions:
|
||||
- dataType: app
|
||||
group: service.appstore
|
||||
ops:
|
||||
- InstallDevApp
|
||||
- UninstallDevApp
|
||||
version: v1
|
||||
- dataType: legacy_api
|
||||
group: api.intent
|
||||
ops:
|
||||
- POST
|
||||
version: v2
|
||||
status:
|
||||
state: active
|
||||
---
|
||||
apiVersion: sys.bytetrade.io/v1alpha1
|
||||
kind: ApplicationPermission
|
||||
metadata:
|
||||
name: settings
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
@@ -622,6 +679,11 @@ spec:
|
||||
- settings-event
|
||||
op: Create
|
||||
uri: /api/event/app_installation_event
|
||||
- filters:
|
||||
type:
|
||||
- entrance-state-event
|
||||
op: Create
|
||||
uri: /api/event/entrance_state_event
|
||||
- filters:
|
||||
type:
|
||||
- system-upgrade-event
|
||||
@@ -766,6 +828,14 @@ data:
|
||||
expires 0;
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
location /bfl {
|
||||
add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
|
||||
proxy_pass http://bfl;
|
||||
@@ -779,6 +849,13 @@ data:
|
||||
location /kapis {
|
||||
proxy_pass http://SettingsServer;
|
||||
}
|
||||
|
||||
location /api/profile/init {
|
||||
proxy_pass http://127.0.0.1:3010;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /api {
|
||||
proxy_pass http://SettingsServer;
|
||||
@@ -1048,6 +1125,15 @@ data:
|
||||
expires 0;
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://rss-svc:40010;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
|
||||
location /knowledge {
|
||||
proxy_pass http://KnowledgeServer;
|
||||
|
||||
@@ -1079,9 +1165,9 @@ data:
|
||||
proxy_pass http://ArgoworkflowsSever;
|
||||
}
|
||||
|
||||
location ~ ^/download/preview/Downloads/(.*)$
|
||||
location ~ ^/download/preview/(.*)$
|
||||
{
|
||||
alias /data/Home/Downloads/$1;
|
||||
alias /data/Home/$1;
|
||||
}
|
||||
|
||||
location /videos/ {
|
||||
@@ -1102,6 +1188,44 @@ data:
|
||||
proxy_pass http://media-server-service.os-system:9090;
|
||||
}
|
||||
|
||||
location /api {
|
||||
proxy_pass http://files-service.os-system:80;
|
||||
# rewrite ^/server(.*)$ $1 break;
|
||||
|
||||
# Add original-request-related headers
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
add_header Accept-Ranges bytes;
|
||||
|
||||
client_body_timeout 600s;
|
||||
client_max_body_size 4000M;
|
||||
proxy_request_buffering off;
|
||||
keepalive_timeout 750s;
|
||||
proxy_read_timeout 600s;
|
||||
proxy_send_timeout 600s;
|
||||
}
|
||||
|
||||
location /upload {
|
||||
proxy_pass http://files-service.os-system:80;
|
||||
# rewrite ^/server(.*)$ $1 break;
|
||||
|
||||
# Add original-request-related headers
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
add_header Accept-Ranges bytes;
|
||||
|
||||
client_body_timeout 600s;
|
||||
client_max_body_size 4000M;
|
||||
proxy_request_buffering off;
|
||||
keepalive_timeout 750s;
|
||||
proxy_read_timeout 600s;
|
||||
proxy_send_timeout 600s;
|
||||
}
|
||||
|
||||
# # files
|
||||
# # for all routes matching a dot, check for files and return 404 if not found
|
||||
# # e.g. /file.js returns a 404 if not found
|
||||
@@ -1173,6 +1297,15 @@ data:
|
||||
expires 0;
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
|
||||
location /kapis {
|
||||
proxy_pass http://SettingsServer_Monitoring;
|
||||
# rewrite ^/server(.*)$ $1 break;
|
||||
@@ -1244,3 +1377,189 @@ data:
|
||||
add_header Cache-Control "public, max-age=2678400";
|
||||
}
|
||||
}
|
||||
studio.conf: |-
|
||||
upstream SettingsServerStudio {
|
||||
server monitoring-server.os-system;
|
||||
}
|
||||
|
||||
upstream MiddlewareStudio {
|
||||
server middleware-service.os-system;
|
||||
}
|
||||
|
||||
upstream AnalyticsStudio {
|
||||
server anayltic2-server.os-system:3010;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 87;
|
||||
# Gzip Settings
|
||||
gzip off;
|
||||
gzip_disable "msie6";
|
||||
gzip_min_length 1k;
|
||||
gzip_buffers 16 64k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_comp_level 6;
|
||||
gzip_types *;
|
||||
root /www/studio;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/index.html /index.html;
|
||||
add_header Cache-Control "private,no-cache";
|
||||
add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
|
||||
expires 0;
|
||||
}
|
||||
|
||||
location /api/command {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/apps {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/app-cfg {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/app-state {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/app-status {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/list-my-containers {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/files {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
location /bfl {
|
||||
add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
|
||||
proxy_pass http://bfl;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
}
|
||||
|
||||
location /kapis {
|
||||
proxy_pass http://SettingsServerStudio;
|
||||
}
|
||||
|
||||
location /api/profile/init {
|
||||
proxy_pass http://127.0.0.1:3010;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /api {
|
||||
proxy_pass http://SettingsServerStudio;
|
||||
}
|
||||
|
||||
location /capi {
|
||||
proxy_pass http://SettingsServerStudio;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location = /js/api/send {
|
||||
proxy_pass http://AnalyticsStudio;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
rewrite ^/js(.*)$ $1 break;
|
||||
}
|
||||
|
||||
location /analytics_service {
|
||||
proxy_pass http://AnalyticsStudio;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
rewrite ^/analytics_service(.*)$ $1 break;
|
||||
}
|
||||
|
||||
location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
|
||||
proxy_pass http://SettingsServerStudio;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
|
||||
location = /js/script.js {
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
}
|
||||
|
||||
location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
|
||||
add_header Cache-Control "public, max-age=2678400";
|
||||
}
|
||||
}
|
||||
@@ -83,7 +83,7 @@ spec:
|
||||
value: os_system_vault
|
||||
containers:
|
||||
- name: vault-server
|
||||
image: beclab/vault-server:v1.2.69
|
||||
image: beclab/vault-server:v1.3.53
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
@@ -114,7 +114,7 @@ spec:
|
||||
- name: vault-attach
|
||||
mountPath: /padloc/packages/server/attachments
|
||||
- name: vault-admin
|
||||
image: beclab/vault-admin:v1.2.69
|
||||
image: beclab/vault-admin:v1.3.53
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3010
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
|
||||
|
||||
{{- $vault_nats_secret := (lookup "v1" "Secret" $namespace "vault-nats-secrets") -}}
|
||||
{{- $vault_nats_password := "" -}}
|
||||
{{ if $vault_nats_secret -}}
|
||||
{{ $vault_nats_password = (index $vault_nats_secret "data" "vault_nats_password") }}
|
||||
{{ else -}}
|
||||
{{ $vault_nats_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
|
||||
---
|
||||
@@ -36,6 +46,12 @@ spec:
|
||||
image: owncloudci/wait-for:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: check-auth
|
||||
- args:
|
||||
- -it
|
||||
- nats.user-system-{{ .Values.bfl.username }}:4222
|
||||
image: owncloudci/wait-for:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: check-nats
|
||||
- name: terminus-sidecar-init
|
||||
image: openservicemesh/init:v1.2.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
@@ -72,13 +88,13 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: vault-frontend
|
||||
image: beclab/vault-frontend:v1.2.69
|
||||
image: beclab/vault-frontend:v1.3.53
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
- name: notification-server
|
||||
image: beclab/vault-notification:v1.2.69
|
||||
image: beclab/vault-notification:v1.3.53
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3010
|
||||
@@ -93,6 +109,17 @@ spec:
|
||||
value: '{{ .Values.os.vault.appSecret }}'
|
||||
- name: OS_APP_KEY
|
||||
value: {{ .Values.os.vault.appKey }}
|
||||
- name: NATS_HOST
|
||||
value: nats.user-system-{{ .Values.bfl.username }}
|
||||
- name: NATS_PORT
|
||||
value: '4222'
|
||||
- name: NATS_USERNAME
|
||||
value: user-system-{{ .Values.bfl.username }}-vault
|
||||
- name: NATS_PASSWORD
|
||||
value: {{ $vault_nats_password | b64dec }}
|
||||
- name: NATS_SUBJECT
|
||||
value: terminus.os-system.files-notify
|
||||
|
||||
|
||||
- name: terminus-envoy-sidecar
|
||||
image: bytetrade/envoy:v1.25.11
|
||||
@@ -238,3 +265,38 @@ spec:
|
||||
version: v1
|
||||
status:
|
||||
state: active
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: vault-nats-secrets
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
data:
|
||||
vault_nats_password: {{ $vault_nats_password }}
|
||||
type: Opaque
|
||||
|
||||
---
|
||||
apiVersion: apr.bytetrade.io/v1alpha1
|
||||
kind: MiddlewareRequest
|
||||
metadata:
|
||||
name: vault-nat
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
spec:
|
||||
app: vault
|
||||
appNamespace: user-space-{{ .Values.bfl.username }}
|
||||
middleware: nats
|
||||
nats:
|
||||
password:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: vault_nats_password
|
||||
name: vault-nats-secrets
|
||||
refs:
|
||||
- appName: files-server
|
||||
appNamespace: os-system
|
||||
subjects:
|
||||
- name: files-notify
|
||||
perm:
|
||||
- pub
|
||||
- sub
|
||||
user: user-system-{{ .Values.bfl.username }}-vault
|
||||
|
||||
@@ -61,7 +61,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: wizard
|
||||
image: beclab/wizard:v0.5.11
|
||||
image: beclab/wizard:v0.5.12
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
@@ -28,6 +28,8 @@ spec:
|
||||
spec:
|
||||
runtimeClassName: nvidia # Explicitly request the runtime
|
||||
priorityClassName: system-node-critical
|
||||
nodeSelector:
|
||||
gpu.bytetrade.io/cuda-supported: 'true'
|
||||
initContainers:
|
||||
- name: init-dir
|
||||
image: busybox:1.28
|
||||
@@ -40,7 +42,7 @@ spec:
|
||||
- "[ -d /var/run/nvshare/libnvshare.so ] && rm -rf /var/run/nvshare/libnvshare.so || true"
|
||||
containers:
|
||||
- name: nvshare-lib
|
||||
image: beclab/nvshare:libnvshare-v0.0.2
|
||||
image: beclab/nvshare:libnvshare-v0.0.1
|
||||
command:
|
||||
- sleep
|
||||
- infinity
|
||||
@@ -50,7 +52,7 @@ spec:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- "test -f /host-var-run-nvshare/libnvshare.so || touch /host-var-run-nvshare/libnvshare.so && mount -v --bind /libnvshare.so /host-var-run-nvshare/libnvshare.so"
|
||||
- "test -f /host-var-run-nvshare/libnvshare.so || ( test -d /host-var-run-nvshare/libnvshare.so && rm -rf /host-var-run-nvshare/libnvshare.so && false ) || touch /host-var-run-nvshare/libnvshare.so && mount -v --bind /libnvshare.so /host-var-run-nvshare/libnvshare.so"
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
|
||||
@@ -44,6 +44,8 @@ spec:
|
||||
# be rescheduled after a failure.
|
||||
# See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
|
||||
priorityClassName: "system-node-critical"
|
||||
nodeSelector:
|
||||
gpu.bytetrade.io/cuda-supported: 'true'
|
||||
containers:
|
||||
- image: nvcr.io/nvidia/k8s-device-plugin:v0.16.1
|
||||
name: nvidia-device-plugin-ctr
|
||||
|
||||
@@ -28,6 +28,8 @@ spec:
|
||||
spec:
|
||||
runtimeClassName: nvidia # Explicitly request the runtime
|
||||
priorityClassName: system-node-critical
|
||||
nodeSelector:
|
||||
gpu.bytetrade.io/cuda-supported: 'true'
|
||||
initContainers:
|
||||
- name: init-dir
|
||||
image: busybox:1.28
|
||||
@@ -46,6 +48,10 @@ spec:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- "test -f /var/run/nvshare/scheduler.sock && rm -rf /var/run/nvshare/scheduler.sock; pid1 nvshare-scheduler"
|
||||
volumeMounts:
|
||||
- name: nvshare-socket-directory
|
||||
mountPath: /var/run/nvshare
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
$currentPath = Get-Location
|
||||
$architecture = $env:PROCESSOR_ARCHITECTURE
|
||||
$downloadCdnUrlFromEnv = $env:DOWNLOAD_CDN_URL
|
||||
$version = "#__VERSION__"
|
||||
$downloadUrl = "https://dc3p1870nn3cj.cloudfront.net"
|
||||
|
||||
function Test-Wait {
|
||||
while ($true) {
|
||||
@@ -8,42 +10,78 @@ function Test-Wait {
|
||||
}
|
||||
}
|
||||
|
||||
$runAsAdmin = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
|
||||
if (-not $runAsAdmin.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
|
||||
Write-Host "`n`nThe installation script needs to be run as an administrator.`n"
|
||||
Write-Host "Please try the following methods:`n"
|
||||
Write-Host "1. Search for 'PowerShell' in the Start menu, right-click it, and select 'Run as administrator'. "
|
||||
Write-Host " Navigate to the directory where the installation script is located and run the installation script.`n"
|
||||
Write-Host "2. Press Win + R, type 'powershell', and then press Ctrl + Shift + Enter. "
|
||||
Write-Host " Navigate to the directory where the installation script is located and run the installation script.`n"
|
||||
Write-Host "`nPress Ctrl+C to exit.`n"
|
||||
Test-Wait
|
||||
}
|
||||
|
||||
$process = Get-Process -Name olares-cli -ErrorAction SilentlyContinue
|
||||
if ($process) {
|
||||
Write-Host "olares-cli.exe is running, Press Ctrl+C to exit."
|
||||
Test-Wait
|
||||
}
|
||||
|
||||
$distro = wsl --list | Select-String -Pattern "^Ubuntu$"
|
||||
if (-not $distro -eq "") {
|
||||
Write-Host "Distro Olares exists, please unregister it first."
|
||||
exit 1
|
||||
}
|
||||
|
||||
$arch = "amd64"
|
||||
if ($architecture -like "ARM") {
|
||||
$arch = "arm64"
|
||||
}
|
||||
|
||||
$CLI_VERSION = "0.1.75"
|
||||
if (-Not $downloadCdnUrlFromEnv -eq "") {
|
||||
$downloadUrl = $downloadCdnUrlFromEnv
|
||||
}
|
||||
|
||||
$CLI_PROGRAM_PATH = "{0}\" -f $currentPath
|
||||
if (-Not (Test-Path $CLI_PROGRAM_PATH)) {
|
||||
New-Item -Path $CLI_PROGRAM_PATH -ItemType Directory
|
||||
}
|
||||
|
||||
$CLI_VERSION = "0.1.126"
|
||||
$CLI_FILE = "olares-cli-v{0}_windows_{1}.tar.gz" -f $CLI_VERSION, $arch
|
||||
$CLI_URL = "https://dc3p1870nn3cj.cloudfront.net/{0}" -f $CLI_FILE
|
||||
$CLI_PATH = "{0}\{1}" -f $currentPath, $CLI_FILE
|
||||
if (-Not (Test-Path $CLI_FILE)) {
|
||||
$CLI_URL = "{0}/{1}" -f $downloadUrl, $CLI_FILE
|
||||
$CLI_PATH = "{0}{1}" -f $CLI_PROGRAM_PATH, $CLI_FILE
|
||||
|
||||
$download = 0
|
||||
if (Test-Path $CLI_PATH) {
|
||||
tar -xzf $CLI_PATH -C $CLI_PROGRAM_PATH *> $null
|
||||
if (-Not ($LASTEXITCODE -eq 0)) {
|
||||
Remove-Item -Path $CLI_PATH
|
||||
$download = 1
|
||||
}
|
||||
} else {
|
||||
$download = 1
|
||||
}
|
||||
|
||||
if ($download -eq 1) {
|
||||
curl -Uri $CLI_URL -OutFile $CLI_PATH
|
||||
Write-Host "Downloading olares-cli.exe..."
|
||||
if (-Not (Test-Path $CLI_PATH)) {
|
||||
Write-Host "Download olares-cli.exe failed."
|
||||
exit 1
|
||||
}
|
||||
tar -xzf $CLI_PATH -C $CLI_PROGRAM_PATH *> $null
|
||||
$cliPath = "{0}\olares-cli.exe" -f $CLI_PROGRAM_PATH
|
||||
if ( -Not (Test-Path $cliPath)) {
|
||||
Write-Host "olares-cli.exe not found."
|
||||
exit 1
|
||||
}
|
||||
}
|
||||
|
||||
if (-Not (Test-Path $CLI_PATH)) {
|
||||
Write-Host "Download olares-cli.exe failed."
|
||||
exit 1
|
||||
}
|
||||
|
||||
tar -xf $CLI_PATH
|
||||
$cliPath = "{0}\olares-cli.exe" -f $currentPath
|
||||
if ( -Not (Test-Path $cliPath)) {
|
||||
Write-Host "olares-cli.exe not found."
|
||||
exit 1
|
||||
}
|
||||
|
||||
wsl --unregister Ubuntu *> $null
|
||||
|
||||
Start-Sleep -Seconds 3
|
||||
Write-Host ("Preparing to start the installation of Olares {0}. Depending on your network conditions, this process may take several minutes." -f $version)
|
||||
|
||||
$command = "{0} olares install --version {1}" -f $cliPath, $version
|
||||
$command = "{0}\olares-cli.exe olares install --version {1}" -f $CLI_PROGRAM_PATH, $version
|
||||
Start-Process cmd -ArgumentList '/k',$command -Wait -Verb RunAs
|
||||
|
||||
|
||||
@@ -28,16 +28,16 @@ fi
|
||||
os_type=$(uname -s)
|
||||
os_arch=$(uname -m)
|
||||
|
||||
case "$os_arch" in
|
||||
arm64) ARCH=arm64; ;;
|
||||
x86_64) ARCH=amd64; ;;
|
||||
armv7l) ARCH=arm; ;;
|
||||
aarch64) ARCH=arm64; ;;
|
||||
ppc64le) ARCH=ppc64le; ;;
|
||||
s390x) ARCH=s390x; ;;
|
||||
case "$os_arch" in
|
||||
arm64) ARCH=arm64; ;;
|
||||
x86_64) ARCH=amd64; ;;
|
||||
armv7l) ARCH=arm; ;;
|
||||
aarch64) ARCH=arm64; ;;
|
||||
ppc64le) ARCH=ppc64le; ;;
|
||||
s390x) ARCH=s390x; ;;
|
||||
*) echo "error: unsupported arch \"$os_arch\"";
|
||||
exit 1; ;;
|
||||
esac
|
||||
esac
|
||||
|
||||
# set shell execute command
|
||||
user="$(id -un 2>/dev/null || true)"
|
||||
@@ -74,13 +74,14 @@ if [ -z ${cdn_url} ]; then
|
||||
cdn_url="https://dc3p1870nn3cj.cloudfront.net"
|
||||
fi
|
||||
|
||||
CLI_VERSION="0.1.75"
|
||||
CLI_VERSION="0.1.126"
|
||||
CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
|
||||
if [[ x"$os_type" == x"Darwin" ]]; then
|
||||
CLI_FILE="olares-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
|
||||
fi
|
||||
|
||||
if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$CLI_VERSION" ]]; then
|
||||
INSTALL_OLARES_CLI=$(which olares-cli)
|
||||
echo "olares-cli already installed and is the expected version"
|
||||
echo ""
|
||||
else
|
||||
@@ -136,16 +137,22 @@ else
|
||||
echo ""
|
||||
else
|
||||
echo "building local release ..."
|
||||
$sh_c "olares-cli olares release $PARAMS $CDN"
|
||||
$sh_c "$INSTALL_OLARES_CLI olares release $PARAMS $CDN"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to build local release"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "running system prechecks ..."
|
||||
echo ""
|
||||
$sh_c "$INSTALL_OLARES_CLI olares precheck $PARAMS"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
exit 1
|
||||
fi
|
||||
echo "downloading installation wizard..."
|
||||
echo ""
|
||||
$sh_c "olares-cli olares download wizard $PARAMS $KUBE_PARAM $CDN"
|
||||
$sh_c "$INSTALL_OLARES_CLI olares download wizard $PARAMS $KUBE_PARAM $CDN"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to download installation wizard"
|
||||
exit 1
|
||||
@@ -154,7 +161,7 @@ else
|
||||
|
||||
echo "downloading installation packages..."
|
||||
echo ""
|
||||
$sh_c "olares-cli olares download component $PARAMS $KUBE_PARAM $CDN"
|
||||
$sh_c "$INSTALL_OLARES_CLI olares download component $PARAMS $KUBE_PARAM $CDN"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to download installation packages"
|
||||
exit 1
|
||||
@@ -166,10 +173,7 @@ else
|
||||
if [ x"$REGISTRY_MIRRORS" != x"" ]; then
|
||||
extra="--registry-mirrors $REGISTRY_MIRRORS"
|
||||
fi
|
||||
if [[ "$JUICEFS" == "1" ]]; then
|
||||
extra="$extra --with-juicefs=true"
|
||||
fi
|
||||
$sh_c "olares-cli olares prepare $PARAMS $KUBE_PARAM $extra"
|
||||
$sh_c "$INSTALL_OLARES_CLI olares prepare $PARAMS $KUBE_PARAM $extra"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to prepare installation environment"
|
||||
exit 1
|
||||
@@ -185,9 +189,24 @@ if [ "$PREINSTALL" == "1" ]; then
|
||||
echo "Pre Install mode is specified by the \"PREINSTALL\" env var, skip installing"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [[ "$JUICEFS" == "1" ]]; then
|
||||
echo "JuiceFS is enabled"
|
||||
fsflag="--with-juicefs=true"
|
||||
if [[ "$STORAGE" == "" ]]; then
|
||||
echo "installing MinIO ..."
|
||||
else
|
||||
echo "checking storage config ..."
|
||||
fi
|
||||
$sh_c "$INSTALL_OLARES_CLI olares install storage $PARAMS"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "installing Olares..."
|
||||
echo ""
|
||||
$sh_c "olares-cli olares install $PARAMS $KUBE_PARAM"
|
||||
$sh_c "$INSTALL_OLARES_CLI olares install $PARAMS $KUBE_PARAM $fsflag"
|
||||
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to install Olares"
|
||||
|
||||
261
build/installer/joincluster.sh
Executable file
261
build/installer/joincluster.sh
Executable file
@@ -0,0 +1,261 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -o pipefail
|
||||
set -e
|
||||
|
||||
function command_exists() {
|
||||
command -v "$@" > /dev/null 2>&1
|
||||
}
|
||||
|
||||
function read_tty() {
|
||||
echo -n $1
|
||||
read $2 < /dev/tty
|
||||
}
|
||||
|
||||
function confirm() {
|
||||
if [[ "$QUIET" == "1" ]]; then
|
||||
return 0
|
||||
fi
|
||||
answer=""
|
||||
while :; do
|
||||
read_tty "Do you confirm to continue? (y/n): " answer
|
||||
if [[ "$answer" != "y" && "$answer" != "n" ]]; then
|
||||
echo "Please input the letter y or n"
|
||||
continue
|
||||
fi
|
||||
if [[ "$answer" == "y" ]]; then
|
||||
return 0
|
||||
fi
|
||||
if [[ "$answer" == "n" ]]; then
|
||||
exit 0
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
function validate_ip() {
|
||||
if [[ ! "$1" ]]; then
|
||||
echo "invalid IP: empty address"
|
||||
return 1
|
||||
elif [[ ! $1 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo "invalid IP: illegal format"
|
||||
return 1
|
||||
elif [[ $1 =~ ^127 ]]; then
|
||||
echo "invalid IP: loopback address"
|
||||
return 1
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
||||
MASTER_SSH_OPTIONS=""
|
||||
|
||||
function add_master_host_ssh_options() {
|
||||
MASTER_SSH_OPTIONS="$MASTER_SSH_OPTIONS --$1 $2"
|
||||
}
|
||||
|
||||
function set_master_host_ssh_options() {
|
||||
master_host="$MASTER_HOST"
|
||||
if [[ ! "$master_host" ]]; then
|
||||
read_tty "Enter the master node's IP: " master_host
|
||||
fi
|
||||
|
||||
while :; do
|
||||
if ! validate_ip "$master_host"; then
|
||||
read_tty "Enter the master node's IP: " master_host
|
||||
else
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
add_master_host_ssh_options master-host "$master_host"
|
||||
|
||||
if [[ "$MASTER_NODE_NAME" ]]; then
|
||||
add_master_host_ssh_options master-node-name "$MASTER_NODE_NAME"
|
||||
fi
|
||||
|
||||
if [[ "$MASTER_SSH_USER" ]]; then
|
||||
add_master_host_ssh_options master-ssh-user "$MASTER_SSH_USER"
|
||||
else
|
||||
echo "the environment variable \$MASTER_SSH_USER is not set"
|
||||
echo "the default remote user \"root\" on the master node will be used to authenticate"
|
||||
echo "if this is unexpected, please set it explicitly"
|
||||
confirm
|
||||
fi
|
||||
|
||||
if [[ "$MASTER_SSH_PASSWORD" ]]; then
|
||||
add_master_host_ssh_options master-ssh-password "$MASTER_SSH_PASSWORD"
|
||||
fi
|
||||
|
||||
if [[ "$MASTER_SSH_PRIVATE_KEY_PATH" ]]; then
|
||||
add_master_host_ssh_options master-ssh-private-key-path "$MASTER_SSH_PRIVATE_KEY_PATH"
|
||||
elif [[ ! "$MASTER_SSH_PASSWORD" ]]; then
|
||||
echo "the environment variable \$MASTER_SSH_PRIVATE_KEY_PATH is not set"
|
||||
echo "the default key in the local path /root/.ssh/id_rsa will be used to authenticate to the master"
|
||||
echo "please make sure the key exists and the public key has already been added to the master node"
|
||||
echo "if this is unexpected, please set it explicitly"
|
||||
confirm
|
||||
fi
|
||||
|
||||
if [[ "$MASTER_SSH_PORT" ]]; then
|
||||
add_master_host_ssh_options master-ssh-port "$MASTER_SSH_PORT"
|
||||
fi
|
||||
}
|
||||
|
||||
function getmasterinfo() {
|
||||
$sh_c "$INSTALL_OLARES_CLI node masterinfo $MASTER_SSH_OPTIONS" | tee /proc/$$/fd/1
|
||||
if [[ $? -ne 0 ]]; then
|
||||
exit 1
|
||||
fi
|
||||
echo "" > /proc/$$/fd/1
|
||||
}
|
||||
|
||||
# check os type and arch
|
||||
os_type=$(uname -s)
|
||||
os_arch=$(uname -m)
|
||||
|
||||
case "$os_arch" in
|
||||
arm64) ARCH=arm64; ;;
|
||||
x86_64) ARCH=amd64; ;;
|
||||
armv7l) ARCH=arm; ;;
|
||||
aarch64) ARCH=arm64; ;;
|
||||
ppc64le) ARCH=ppc64le; ;;
|
||||
s390x) ARCH=s390x; ;;
|
||||
*) echo "error: unsupported arch \"$os_arch\"";
|
||||
exit 1; ;;
|
||||
esac
|
||||
|
||||
if [[ "$os_type" != "Linux" ]]; then
|
||||
echo "error: only Linux machine can be added to the cluster"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# set shell execute command
|
||||
user="$(id -un 2>/dev/null || true)"
|
||||
sh_c='sh -c'
|
||||
if [ "$user" != 'root' ]; then
|
||||
if ! command_exists sudo; then
|
||||
echo "error: the ability to run as root is needed, but the command \"sudo\" can not be found"
|
||||
exit 1
|
||||
fi
|
||||
sh_c='sudo -E sh -c'
|
||||
fi
|
||||
|
||||
if ! command_exists tar; then
|
||||
echo "error: the \"tar\" command is needed to unpack installation files, but can not be found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
BASE_DIR="$HOME/.olares"
|
||||
if [ ! -d $BASE_DIR ]; then
|
||||
mkdir -p $BASE_DIR
|
||||
fi
|
||||
|
||||
cdn_url=${DOWNLOAD_CDN_URL}
|
||||
if [[ -z "${cdn_url}" ]]; then
|
||||
cdn_url="https://dc3p1870nn3cj.cloudfront.net"
|
||||
fi
|
||||
|
||||
set_master_host_ssh_options
|
||||
|
||||
CLI_VERSION="0.1.126"
|
||||
CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
|
||||
|
||||
if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$CLI_VERSION" ]]; then
|
||||
INSTALL_OLARES_CLI=$(which olares-cli)
|
||||
echo "olares-cli already installed and is the expected version"
|
||||
echo ""
|
||||
else
|
||||
if [[ ! -f ${CLI_FILE} ]]; then
|
||||
CLI_URL="${cdn_url}/${CLI_FILE}"
|
||||
|
||||
echo "downloading Olares installer from ${CLI_URL} ..."
|
||||
echo ""
|
||||
|
||||
curl -Lo ${CLI_FILE} ${CLI_URL}
|
||||
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to download Olares installer"
|
||||
exit 1
|
||||
else
|
||||
echo "Olares installer ${CLI_VERSION} download complete!"
|
||||
echo ""
|
||||
fi
|
||||
fi
|
||||
INSTALL_OLARES_CLI="/usr/local/bin/olares-cli"
|
||||
echo "unpacking Olares installer to $INSTALL_OLARES_CLI..."
|
||||
echo ""
|
||||
tar -zxf ${CLI_FILE} olares-cli && chmod +x olares-cli
|
||||
$sh_c "mv olares-cli $INSTALL_OLARES_CLI"
|
||||
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to unpack Olares installer"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "getting master info and checking current machine's eligibility to join the cluster"
|
||||
echo ""
|
||||
master_olares_version="$( getmasterinfo | grep OlaresVersion | awk '{print $2}' )"
|
||||
if [[ ! "$master_olares_version" ]]; then
|
||||
echo "failed to fetch the version of Olares installed on master node"
|
||||
exit 1
|
||||
fi
|
||||
PARAMS="--version $master_olares_version --base-dir $BASE_DIR"
|
||||
CDN="--download-cdn-url ${cdn_url}"
|
||||
|
||||
if [[ -f $BASE_DIR/.prepared ]]; then
|
||||
echo "file $BASE_DIR/.prepared detected, skip preparing phase"
|
||||
echo ""
|
||||
echo "please make sure the prepared Olares version is the same as the master, or there might be compatibility issues"
|
||||
echo ""
|
||||
else
|
||||
echo "running system prechecks ..."
|
||||
echo ""
|
||||
$sh_c "$INSTALL_OLARES_CLI olares precheck $PARAMS"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "downloading installation wizard..."
|
||||
echo ""
|
||||
$sh_c "$INSTALL_OLARES_CLI olares download wizard $PARAMS $CDN"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to download installation wizard"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "downloading installation packages..."
|
||||
echo ""
|
||||
$sh_c "$INSTALL_OLARES_CLI olares download component $PARAMS $CDN"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to download installation packages"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "preparing installation environment..."
|
||||
echo ""
|
||||
# env 'REGISTRY_MIRRORS' is a docker image cache mirrors, separated by commas
|
||||
if [ x"$REGISTRY_MIRRORS" != x"" ]; then
|
||||
extra="--registry-mirrors $REGISTRY_MIRRORS"
|
||||
fi
|
||||
$sh_c "$INSTALL_OLARES_CLI olares prepare $PARAMS $extra"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to prepare installation environment"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f $BASE_DIR/.installed ]; then
|
||||
echo "file $BASE_DIR/.installed detected, skip installing"
|
||||
echo "if it is left by an unclean uninstallation, please manually remove it and invoke the installer again"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "installing Kubernetes and joining Olares cluster..."
|
||||
echo ""
|
||||
$sh_c "$INSTALL_OLARES_CLI node add $PARAMS $MASTER_SSH_OPTIONS"
|
||||
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "error: failed to install Olares"
|
||||
exit 1
|
||||
fi
|
||||
@@ -146,7 +146,7 @@ function get_app_key_secret(){
|
||||
|
||||
function get_app_settings(){
|
||||
local username=$1
|
||||
local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "devbox" "profile" "agent" "files")
|
||||
local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "studio" "profile" "agent" "files")
|
||||
for a in ${apps[@]};do
|
||||
ks=($(get_app_key_secret "$username" "$a"))
|
||||
echo '
|
||||
@@ -175,7 +175,7 @@ function gen_bfl_values(){
|
||||
echo '
|
||||
bfl:
|
||||
nodeport: '${user_bfl_port}'
|
||||
username: '${username}'
|
||||
username: "'${username}'"
|
||||
|
||||
userspace_rand16: '${userspace_rand16}'
|
||||
userspace_pv: '${pvc_path[2]}'
|
||||
@@ -263,7 +263,16 @@ function get_appservice_pod(){
|
||||
}
|
||||
|
||||
function get_appservice_status(){
|
||||
$sh_c "${KUBECTL} get pod -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].status.phase}'"
|
||||
local s=$($sh_c "${KUBECTL} get pods app-service-0 -n os-system --no-headers|awk '{print \$3}'")
|
||||
if [[ $s == "Running" ]]; then
|
||||
local ip=$($sh_c "${KUBECTL} get svc -n os-system app-service --no-headers|awk '{print \$3}'")
|
||||
curl -SsIk https://${ip}:8433 > /dev/null
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "initializing"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "$s"
|
||||
}
|
||||
|
||||
function get_desktop_status(){
|
||||
@@ -279,7 +288,34 @@ function get_vault_status(){
|
||||
|
||||
function get_bfl_status(){
|
||||
local username=$1
|
||||
$sh_c "${KUBECTL} get pod -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].status.phase}'"
|
||||
$sh_c "${KUBECTL} get pods bfl-0 -n user-space-${username} --no-headers|awk '{print \$3}'"
|
||||
}
|
||||
|
||||
function get_fileserver_status(){
|
||||
$sh_c "${KUBECTL} get pod -n os-system -l 'app=files' -o jsonpath='{.items[*].status.phase}'"
|
||||
}
|
||||
|
||||
function get_filefe_status(){
|
||||
local username=$1
|
||||
$sh_c "${KUBECTL} get pod -n user-space-${username} -l 'app=files' -o jsonpath='{.items[*].status.phase}'"
|
||||
}
|
||||
|
||||
function check_fileserver(){
|
||||
local status=$(get_fileserver_status)
|
||||
local n=0
|
||||
while [ "x${status}" != "xRunning" ]; do
|
||||
n=$(expr $n + 1)
|
||||
local dotn=$(($n % 10))
|
||||
local dot=$(repeat $dotn '>')
|
||||
|
||||
echo -ne "\rWaiting for file-server starting ${dot}"
|
||||
sleep 0.5
|
||||
|
||||
status=$(get_fileserver_status)
|
||||
echo -ne "\rWaiting for file-server starting "
|
||||
|
||||
done
|
||||
echo
|
||||
}
|
||||
|
||||
function check_appservice(){
|
||||
@@ -300,6 +336,25 @@ function check_appservice(){
|
||||
echo
|
||||
}
|
||||
|
||||
function check_filesfe(){
|
||||
local username=$1
|
||||
local status=$(get_filefe_status ${username})
|
||||
local n=0
|
||||
while [ "x${status}" != "xRunning" ]; do
|
||||
n=$(expr $n + 1)
|
||||
local dotn=$(($n % 10))
|
||||
local dot=$(repeat $dotn '>')
|
||||
|
||||
echo -ne "\rPlease waiting ${dot}"
|
||||
sleep 0.5
|
||||
|
||||
status=$(get_filefe_status ${username})
|
||||
echo -ne "\rPlease waiting "
|
||||
|
||||
done
|
||||
echo
|
||||
}
|
||||
|
||||
function check_bfl(){
|
||||
local username=$1
|
||||
local status=$(get_bfl_status ${username})
|
||||
@@ -473,17 +528,40 @@ function upgrade_terminus(){
|
||||
# upgrade_jfs ${users[@]}
|
||||
local selfhosted=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.selfhosted}'")
|
||||
local domainname=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.domainName}'")
|
||||
local current_version=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.version}'")
|
||||
sed -i "s/#__DOMAIN_NAME__/${domainname}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
|
||||
sed -i "s/#__SELFHOSTED__/${selfhosted}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
|
||||
|
||||
echo "Upgrading olares system components ... "
|
||||
gen_settings_values ${admin_user}
|
||||
ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings -n default --reuse-values"
|
||||
ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings -n default --reuse-values --atomic"
|
||||
|
||||
local new_version=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.version}'")
|
||||
if [ "$new_version" == "$current_version" ]; then
|
||||
echo "get new version error, try to get from file"
|
||||
new_version=$(grep version ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml|awk '{print $2}')
|
||||
echo "find new version from file: ${new_version}"
|
||||
fi
|
||||
$sh_c "${KUBECTL} patch terminus terminus --type=merge --patch='{\"spec\": {\"version\":\"${current_version}\"}}'"
|
||||
|
||||
# patch
|
||||
ensure_success $sh_c "${KUBECTL} apply -f ${BASE_DIR}/deploy/patch-globalrole-workspace-manager.yaml"
|
||||
ensure_success $sh_c "$KUBECTL apply -f ${BASE_DIR}/deploy/patch-notification-manager.yaml"
|
||||
|
||||
echo "Upgrading admin ${admin_user}'s launcher ... "
|
||||
gen_bfl_values ${admin_user}
|
||||
|
||||
# gen bfl app key and secret
|
||||
bfl_ks=($(get_app_key_secret ${admin_user} "bfl"))
|
||||
|
||||
# install launcher , and init pv
|
||||
ensure_success $sh_c "${HELM} upgrade -i launcher-${admin_user} ${BASE_DIR}/wizard/config/launcher -n user-space-${admin_user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
|
||||
|
||||
echo 'Starting BFL ...'
|
||||
check_bfl ${admin_user}
|
||||
echo
|
||||
|
||||
|
||||
# clear apps values.yaml
|
||||
cat /dev/null > ${BASE_DIR}/wizard/config/apps/values.yaml
|
||||
cat /dev/null > ${BASE_DIR}/wizard/config/launcher/values.yaml
|
||||
@@ -494,44 +572,8 @@ function upgrade_terminus(){
|
||||
done
|
||||
|
||||
local ks_redis_pwd=$($sh_c "${KUBECTL} get secret -n kubesphere-system redis-secret -o jsonpath='{.data.auth}' |base64 -d")
|
||||
for user in ${users[@]}; do
|
||||
echo "Upgrading user ${user} ... "
|
||||
gen_bfl_values ${user}
|
||||
|
||||
# gen bfl app key and secret
|
||||
bfl_ks=($(get_app_key_secret ${user} "bfl"))
|
||||
|
||||
# install launcher , and init pv
|
||||
ensure_success $sh_c "${HELM} upgrade -i launcher-${user} ${BASE_DIR}/wizard/config/launcher -n user-space-${user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
|
||||
|
||||
gen_app_values ${user}
|
||||
close_apps ${user}
|
||||
|
||||
for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
|
||||
if [ -d "$appdir" ]; then
|
||||
releasename=$(basename "$appdir")
|
||||
if [ "$user" != "$admin_user" ];then
|
||||
releasename=${releasename}-${user}
|
||||
fi
|
||||
ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${user} --reuse-values --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
|
||||
fi
|
||||
done
|
||||
|
||||
done
|
||||
|
||||
echo 'Waiting for Vault ...'
|
||||
check_vault ${admin_user}
|
||||
echo
|
||||
|
||||
echo 'Starting BFL ...'
|
||||
check_bfl ${admin_user}
|
||||
echo
|
||||
|
||||
echo 'Starting Desktop ...'
|
||||
check_desktop ${admin_user}
|
||||
echo
|
||||
|
||||
# upgrade app service in the last. keep app service online longer
|
||||
# upgrade app service
|
||||
local terminus_is_cloud_version=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.terminus-is-cloud-version}'")
|
||||
local backup_cluster_bucket=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-cluster-bucket}'")
|
||||
local backup_key_prefix=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-key-prefix}'")
|
||||
@@ -543,19 +585,72 @@ function upgrade_terminus(){
|
||||
--set backup.key_prefix=\"${backup_key_prefix}\" --set backup.is_cloud_version=\"${terminus_is_cloud_version}\" \
|
||||
--set backup.sync_secret=\"${backup_secret}\""
|
||||
|
||||
local market_provider=$($sh_c "${KUBECTL} get deploy -n user-space-${admin_user} market-deployment -o jsonpath='{.spec.template.spec.containers[1].env[?(@.name==\"MARKET_PROVIDER\")].value }'")
|
||||
if [ "$market_provider" != "" ]; then
|
||||
$sh_c "${KUBECTL} set env sts/app-service -n os-system MARKET_PROVIDER=${market_provider}"
|
||||
fi
|
||||
|
||||
echo 'Waiting for App-Service ...'
|
||||
check_appservice
|
||||
sleep 2 # wait for controller reconiling
|
||||
echo
|
||||
|
||||
# upgrade_ksapi ${users[@]}
|
||||
# echo
|
||||
# update kvrocks namespace
|
||||
$sh_c "${KUBECTL} rollout restart deployment tapr-middleware -n os-system"
|
||||
|
||||
local gpu=$($sh_c "${KUBECTL} get ds -n gpu-system orionx-server -o jsonpath='{.meta.name}'")
|
||||
if [ "x$gpu" != "x" ]; then
|
||||
echo "upgrade"
|
||||
local GPU_DOMAIN=$($sh_c "${KUBECTL} get ds -n gpu-system orionx-server -o jsonpath='{.meta.annotations.gpu-server}'")
|
||||
ensure_success $sh_c "${HELM} upgrade -i gpu ${BASE_DIR}/wizard/config/gpu -n gpu-system --set gpu.server=${GPU_DOMAIN} --reuse-values"
|
||||
fi
|
||||
for user in ${users[@]}; do
|
||||
check_appservice
|
||||
echo "Upgrading user ${user} ... "
|
||||
gen_bfl_values ${user}
|
||||
|
||||
if [ "$user" != "$admin_user" ];then
|
||||
# gen bfl app key and secret
|
||||
bfl_ks=($(get_app_key_secret ${user} "bfl"))
|
||||
|
||||
# install launcher , and init pv
|
||||
ensure_success $sh_c "${HELM} upgrade -i launcher-${user} ${BASE_DIR}/wizard/config/launcher -n user-space-${user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
|
||||
fi
|
||||
|
||||
gen_app_values ${user}
|
||||
close_apps ${user}
|
||||
|
||||
for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
|
||||
if [ -d "$appdir" ]; then
|
||||
releasename=$(basename "$appdir")
|
||||
|
||||
# ignore wizard
|
||||
# FIXME: unintitialized user's wizard should be upgrade
|
||||
if [ x"${releasename}" == x"wizard" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
if [ "$user" != "$admin_user" ];then
|
||||
releasename=${releasename}-${user}
|
||||
fi
|
||||
ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${user} --reuse-values --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
|
||||
fi
|
||||
done
|
||||
|
||||
# update user market env
|
||||
if [[ "$user" != "$admin_user" && "$market_provider" != "" ]];then
|
||||
$sh_c "${KUBECTL} set env deployment/market-deployment -n user-space-${user} MARKET_PROVIDER=${market_provider}"
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
echo 'Waiting for Vault ...'
|
||||
check_vault ${admin_user}
|
||||
echo
|
||||
|
||||
echo 'Starting files ...'
|
||||
check_fileserver
|
||||
check_filesfe ${admin_user}
|
||||
echo
|
||||
|
||||
echo 'Starting Desktop ...'
|
||||
check_desktop ${admin_user}
|
||||
echo
|
||||
|
||||
$sh_c "${KUBECTL} patch terminus terminus --type=merge --patch='{\"spec\": {\"version\":\"${new_version}\"}}'"
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -7,14 +7,14 @@ metadata:
|
||||
iam.kubesphere.io/uninitialized: "true"
|
||||
helm.sh/resource-policy: keep
|
||||
bytetrade.io/owner-role: platform-admin
|
||||
bytetrade.io/terminus-name: {{.Values.user.terminus_name}}
|
||||
bytetrade.io/terminus-name: "{{.Values.user.terminus_name}}"
|
||||
bytetrade.io/launcher-auth-policy: two_factor
|
||||
bytetrade.io/launcher-access-level: "1"
|
||||
{{ if .Values.nat_gateway_ip }}
|
||||
bytetrade.io/nat-gateway-ip: {{ .Values.nat_gateway_ip }}
|
||||
{{ end }}
|
||||
spec:
|
||||
email: {{.Values.user.email}}
|
||||
password: {{.Values.user.password}}
|
||||
email: "{{.Values.user.email}}"
|
||||
password: "{{.Values.user.password}}"
|
||||
status:
|
||||
state: Active
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
olaresd-v0.0.50.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v0.0.50-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v0.0.50-linux-arm64.tar.gz,olaresd
|
||||
olaresd-v1.11.7-rc.6.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.11.7-rc.6-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.11.7-rc.6-linux-arm64.tar.gz,olaresd
|
||||
socat-1.7.3.2.tar.gz,pkg/components,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,socat
|
||||
conntrack-tools-1.4.1.tar.gz,pkg/components,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,conntrack-tools
|
||||
minio.RELEASE.2023-05-04T21-44-30Z,pkg/components,https://dl.min.io/server/minio/release/linux-amd64/archive/minio.RELEASE.2023-05-04T21-44-30Z,https://dl.min.io/server/minio/release/linux-arm64/archive/minio.RELEASE.2023-05-04T21-44-30Z,minio
|
||||
@@ -14,8 +14,11 @@ ubuntu2204_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.
|
||||
ubuntu2204_cuda-keyring_1.0-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.0-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/arm64/cuda-keyring_1.0-1_all.deb,ubuntu-22.04_cuda-keyring_1.0-1
|
||||
ubuntu2004_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.1-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/arm64/cuda-keyring_1.1-1_all.deb,ubuntu-20.04_cuda-keyring_1.1-1
|
||||
ubuntu2004_cuda-keyring_1.0-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.0-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/arm64/cuda-keyring_1.0-1_all.deb,ubuntu-20.04_cuda-keyring_1.0-1
|
||||
debian12_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64/cuda-keyring_1.1-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/arm64/cuda-keyring_1.1-1_all.deb,debian-12_cuda-keyring_1.1-1
|
||||
debian11_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.nvidia.com/compute/cuda/repos/debian11/x86_64/cuda-keyring_1.1-1_all.deb,https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/arm64/cuda-keyring_1.1-1_all.deb,debian-11_cuda-keyring_1.1-1
|
||||
|
||||
gpgkey,pkg/components,https://nvidia.github.io/libnvidia-container/gpgkey,https://nvidia.github.io/libnvidia-container/gpgkey,gpgkey
|
||||
ubuntu_22.04_libnvidia-container.list,pkg/components,https://nvidia.github.io/libnvidia-container/ubuntu22.04/libnvidia-container.list,https://nvidia.github.io/libnvidia-container/ubuntu22.04/libnvidia-container.list,ubuntu_22.04_libnvidia-container.list
|
||||
ubuntu_20.04_libnvidia-container.list,pkg/components,https://nvidia.github.io/libnvidia-container/ubuntu20.04/libnvidia-container.list,https://nvidia.github.io/libnvidia-container/ubuntu20.04/libnvidia-container.list,ubuntu_20.04_libnvidia-container.list
|
||||
libnvidia-gpgkey,pkg/components,https://nvidia.github.io/libnvidia-container/gpgkey,https://nvidia.github.io/libnvidia-container/gpgkey,libnvidia-gpgkey
|
||||
libnvidia-container.list,pkg/components,https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list,https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list,libnvidia-container.list
|
||||
|
||||
restic-linux-0.17.3,pkg/components,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_linux_amd64.bz2,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_linux_arm64.bz2,restic
|
||||
restic-darwin-0.17.3,pkg/components,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_darwin_amd64.bz2,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_darwin_arm64.bz2,restic
|
||||
|
||||
@@ -1,53 +0,0 @@
|
||||
[components] format: url,filename
|
||||
https://github.com/beclab/Installer/releases/download/0.1.13/terminus-cli-v0.1.13_linux_amd64.tar.gz,terminus-cli-v0.1.13_linux_amd64.tar.gz
|
||||
https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,socat-1.7.3.2.tar.gz
|
||||
|
||||
https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,conntrack-tools-1.4.1.tar.gz
|
||||
|
||||
https://dl.min.io/server/minio/release/linux-amd64/archive/minio.RELEASE.2023-05-04T21-44-30Z,minio.RELEASE.2023-05-04T21-44-30Z
|
||||
https://github.com/beclab/minio-operator/releases/download/v0.0.1/minio-operator-v0.0.1-linux-amd64.tar.gz,minio-operator-v0.0.1-linux-amd64.tar.gz
|
||||
|
||||
https://download.redis.io/releases/redis-5.0.14.tar.gz,redis-5.0.14.tar.gz
|
||||
|
||||
https://github.com/beclab/juicefs-ext/releases/download/v11.1.1/juicefs-v11.1.1-linux-amd64.tar.gz,juicefs-v11.1.1-linux-amd64.tar.gz
|
||||
|
||||
https://github.com/beclab/velero/releases/download/v1.11.3/velero-v1.11.3-linux-amd64.tar.gz,velero-v1.11.3-linux-amd64.tar.gz
|
||||
|
||||
https://launchpad.net/ubuntu/+source/apparmor/4.0.1-0ubuntu1/+build/28428840/+files/apparmor_4.0.1-0ubuntu1_amd64.deb,apparmor_4.0.1-0ubuntu1_amd64.deb
|
||||
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64/cuda-keyring_1.1-1_all.deb,ubuntu_24.04_cuda-keyring_1.1-1_all.deb
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64/cuda-keyring_1.1-1_all.deb,ubuntu2404_cuda-keyring_1.1-1_all.deb
|
||||
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.1-1_all.deb,ubuntu_22.04_cuda-keyring_1.1-1_all.deb
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.0-1_all.deb,ubuntu_22.04_cuda-keyring_1.0-1_all.deb
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.0-1_all.deb,ubuntu2204_cuda-keyring_1.0-1_all.deb
|
||||
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.1-1_all.deb,ubuntu_20.04_cuda-keyring_1.1-1_all.deb
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.0-1_all.deb,ubuntu_20.04_cuda-keyring_1.0-1_all.deb
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/cuda-keyring_1.0-1_all.deb,ubuntu2004_cuda-keyring_1.0-1_all.deb
|
||||
https://nvidia.github.io/libnvidia-container/gpgkey,gpgkey
|
||||
https://nvidia.github.io/libnvidia-container/ubuntu22.04/libnvidia-container.list,ubuntu_22.04_libnvidia-container.list
|
||||
https://nvidia.github.io/libnvidia-container/ubuntu20.04/libnvidia-container.list,ubuntu_20.04_libnvidia-container.list
|
||||
|
||||
|
||||
[pkg] format: url,path,filename,special,cpname
|
||||
https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,cni/v0.9.1,,,
|
||||
|
||||
https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz,cni/v1.1.1,,,
|
||||
|
||||
https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz,containerd/1.6.4,,,
|
||||
|
||||
https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.0/crictl-v1.24.0-linux-amd64.tar.gz,crictl/v1.24.0,,,
|
||||
|
||||
https://github.com/coreos/etcd/releases/download/v3.4.13/etcd-v3.4.13-linux-amd64.tar.gz,etcd/v3.4.13,,,
|
||||
|
||||
https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz,helm/v3.9.0,,helm,helm-v3.9.0
|
||||
|
||||
https://github.com/k3s-io/k3s/releases/download/v1.21.5+k3s1/k3s,kube/v1.21.5,,,k3s-v1.21.5
|
||||
|
||||
https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubeadm,kube/v1.22.10,,kubeadm,kubeadm-v1.22.10
|
||||
https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubelet,kube/v1.22.10,,kubelet,kubelet-v1.22.10
|
||||
https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubectl,kube/v1.22.10,,kubectl,kubectl-v1.22.10
|
||||
|
||||
https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64,runc/v1.1.1,,,runc-v1.1.1
|
||||
https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64,runc/v1.1.4,,,runc-v1.1.4
|
||||
@@ -1,53 +0,0 @@
|
||||
[components] format: url,filename
|
||||
https://github.com/beclab/Installer/releases/download/0.1.13/terminus-cli-v0.1.13_linux_amd64.tar.gz,terminus-cli-v0.1.13_linux_amd64.tar.gz
|
||||
https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,socat-1.7.3.2.tar.gz
|
||||
|
||||
https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,conntrack-tools-1.4.1.tar.gz
|
||||
|
||||
https://dl.min.io/server/minio/release/linux-arm64/archive/minio.RELEASE.2023-05-04T21-44-30Z,
|
||||
https://github.com/beclab/minio-operator/releases/download/v0.0.1/minio-operator-v0.0.1-linux-arm64.tar.gz,minio-operator-v0.0.1-linux-arm64.tar.gz
|
||||
|
||||
https://download.redis.io/releases/redis-5.0.14.tar.gz,redis-5.0.14.tar.gz
|
||||
|
||||
https://github.com/beclab/juicefs-ext/releases/download/v11.1.1/juicefs-v11.1.1-linux-arm64.tar.gz,juicefs-v11.1.1-linux-arm64.tar.gz
|
||||
|
||||
https://github.com/beclab/velero/releases/download/v1.11.3/velero-v1.11.3-linux-arm64.tar.gz,velero-v1.11.3-linux-arm64.tar.gz
|
||||
|
||||
https://launchpad.net/ubuntu/+source/apparmor/4.0.1-0ubuntu1/+build/28428841/+files/apparmor_4.0.1-0ubuntu1_arm64.deb,apparmor_4.0.1-0ubuntu1_arm64.deb
|
||||
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/arm64/cuda-keyring_1.1-1_all.deb,ubuntu_24.04_cuda-keyring_1.1-1_all.deb
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/arm64/cuda-keyring_1.1-1_all.deb,ubuntu2404_cuda-keyring_1.1-1_all.deb
|
||||
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/arm64/cuda-keyring_1.1-1_all.deb,ubuntu_22.04_cuda-keyring_1.1-1_all.deb
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/arm64/cuda-keyring_1.0-1_all.deb,ubuntu_22.04_cuda-keyring_1.0-1_all.deb
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/arm64/cuda-keyring_1.0-1_all.deb,ubuntu2204_cuda-keyring_1.0-1_all.deb
|
||||
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/arm64/cuda-keyring_1.1-1_all.deb,ubuntu_20.04_cuda-keyring_1.1-1_all.deb
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/arm64/cuda-keyring_1.0-1_all.deb,ubuntu_20.04_cuda-keyring_1.0-1_all.deb
|
||||
https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/arm64/cuda-keyring_1.0-1_all.deb,ubuntu2004_cuda-keyring_1.0-1_all.deb
|
||||
|
||||
https://nvidia.github.io/libnvidia-container/gpgkey,gpgkey
|
||||
https://nvidia.github.io/libnvidia-container/ubuntu22.04/libnvidia-container.list,ubuntu_22.04_libnvidia-container.list
|
||||
https://nvidia.github.io/libnvidia-container/ubuntu20.04/libnvidia-container.list,ubuntu_20.04_libnvidia-container.list
|
||||
|
||||
|
||||
[pkg] format: url,path,filename,special,cpname
|
||||
https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,cni/v0.9.1,,
|
||||
https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-arm64-v1.1.1.tgz,cni/v1.1.1,,
|
||||
|
||||
https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz,containerd/1.6.4,,
|
||||
|
||||
https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.0/crictl-v1.24.0-linux-arm64.tar.gz,crictl/v1.24.0,,
|
||||
|
||||
https://github.com/coreos/etcd/releases/download/v3.4.13/etcd-v3.4.13-linux-arm64.tar.gz,etcd/v3.4.13,,
|
||||
|
||||
https://get.helm.sh/helm-v3.9.0-linux-arm64.tar.gz,helm/v3.9.0,,helm,helm-v3.9.0
|
||||
|
||||
https://github.com/k3s-io/k3s/releases/download/v1.21.5+k3s1/k3s-arm64,kube/v1.21.5,,,k3s-v1.21.5
|
||||
|
||||
https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/arm64/kubeadm,kube/v1.22.10,,kubeadm,kubeadm-v1.22.10
|
||||
https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/arm64/kubelet,kube/v1.22.10,,kubelet,kubelet-v1.22.10
|
||||
https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/arm64/kubectl,kube/v1.22.10,,kubectl,kubectl-v1.22.10
|
||||
|
||||
https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.arm64,runc/v1.1.1,,,runc-v1.1.1
|
||||
https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.arm64,runc/v1.1.4,,,runc-v1.1.4
|
||||
@@ -1,4 +1,4 @@
|
||||
beclab/ks-apiserver:v3.3.0-ext-3
|
||||
beclab/ks-apiserver:v3.3.0-ext-5
|
||||
beclab/kube-state-metrics:v2.3.0-ext
|
||||
beclab/notification-manager-ext:v0.1.1-ext
|
||||
beclab/notification-manager-operator-ext:v0.1.0-ext
|
||||
@@ -53,12 +53,12 @@ quay.io/argoproj/workflow-controller:v3.5.0
|
||||
redis:5.0.14-alpine
|
||||
beclab/velero:v1.11.3
|
||||
beclab/velero-plugin-for-terminus:v1.0.2
|
||||
beclab/l4-bfl-proxy:v0.2.7
|
||||
beclab/l4-bfl-proxy:v0.2.8
|
||||
gcr.io/k8s-minikube/storage-provisioner:v5
|
||||
owncloudci/wait-for:latest
|
||||
beclab/recommend-argotask:v0.0.12
|
||||
nvcr.io/nvidia/k8s-device-plugin:v0.16.1
|
||||
beclab/nvshare:libnvshare-v0.0.2
|
||||
beclab/nvshare:libnvshare-v0.0.1
|
||||
bytetrade/nvshare:nvshare-device-plugin
|
||||
bytetrade/nvshare:nvshare-scheduler
|
||||
beclab/nats-server-config-reloader:v1
|
||||
@@ -67,5 +67,7 @@ rancher/mirrored-library-busybox:1.34.1
|
||||
rancher/mirrored-library-traefik:2.6.2
|
||||
rancher/mirrored-metrics-server:v0.5.2
|
||||
rancher/mirrored-pause:3.6
|
||||
beclab/reverse-proxy:v0.1.4
|
||||
beclab/upgrade-job:0.1.5
|
||||
beclab/reverse-proxy:v0.1.9
|
||||
beclab/upgrade-job:0.1.7
|
||||
bytetrade/envoy:v1.25.11.1
|
||||
alpine:3.14
|
||||
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
properties:
|
||||
appid:
|
||||
description: the unique id of the application for sys application
|
||||
appid equal name otherwise appid equal md5(name)[:8]
|
||||
appid equal name otherwise appid equal md5(name)[:8]
|
||||
type: string
|
||||
deployment:
|
||||
description: the deployment of the application
|
||||
@@ -116,6 +116,8 @@ spec:
|
||||
ports:
|
||||
items:
|
||||
properties:
|
||||
addToTailscaleAcl:
|
||||
type: boolean
|
||||
exposePort:
|
||||
format: int32
|
||||
type: integer
|
||||
@@ -128,7 +130,7 @@ spec:
|
||||
type: integer
|
||||
protocol:
|
||||
description: The protocol for this entrance. Supports "tcp"
|
||||
and "udp". Default is tcp.
|
||||
and "udp","". Default is tcp/udp, "" mean tcp and udp.
|
||||
type: string
|
||||
required:
|
||||
- host
|
||||
@@ -141,6 +143,53 @@ spec:
|
||||
type: string
|
||||
description: the extend settings of the application
|
||||
type: object
|
||||
tailscale:
|
||||
properties:
|
||||
acls:
|
||||
items:
|
||||
properties:
|
||||
action:
|
||||
type: string
|
||||
dst:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
proto:
|
||||
type: string
|
||||
src:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- dst
|
||||
- proto
|
||||
type: object
|
||||
type: array
|
||||
subRoutes:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
tailscaleAcls:
|
||||
items:
|
||||
properties:
|
||||
action:
|
||||
type: string
|
||||
dst:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
proto:
|
||||
type: string
|
||||
src:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- dst
|
||||
- proto
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- appid
|
||||
- isSysApp
|
||||
|
||||
@@ -146,9 +146,10 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: os-internal
|
||||
serviceAccount: os-internal
|
||||
priorityClassName: "system-cluster-critical"
|
||||
containers:
|
||||
- name: app-service
|
||||
image: beclab/app-service:0.2.58
|
||||
image: beclab/app-service:0.2.97
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
@@ -162,9 +163,9 @@ spec:
|
||||
- name: KS_APISERVER_SERVICE_PORT
|
||||
value: '80'
|
||||
- name: REQUIRE_PERMISSION_APPS
|
||||
value: "vault,desktop,message,wise,search,appstore,notification,dashboard,settings,devbox,profile"
|
||||
value: "vault,desktop,message,wise,search,appstore,notification,dashboard,settings,studio,profile"
|
||||
- name: SYS_APPS
|
||||
value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard,nitro,system-frontend"
|
||||
value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard,nitro,system-frontend,studio"
|
||||
- name: GENERATED_APPS
|
||||
value: "citus,mongo-cluster-cfg,mongo-cluster-mongos,mongo-cluster-rs0,frp-agent,l4-bfl-proxy,drc-redis-cluster,appdata-backend,argoworkflows,argoworkflow-workflow-controller,velero,kvrocks"
|
||||
- name: WS_CONTAINER_IMAGE
|
||||
@@ -172,7 +173,7 @@ spec:
|
||||
- name: UPLOAD_CONTAINER_IMAGE
|
||||
value: "beclab/upload:v1.0.3"
|
||||
- name: JOB_IMAGE
|
||||
value: "beclab/upgrade-job:0.1.5"
|
||||
value: "beclab/upgrade-job:0.1.7"
|
||||
- name: SHARED_LIB_PATH
|
||||
value: {{ .Values.sharedlib }}
|
||||
- name: CLUSTER_CPU_THRESHOLD
|
||||
@@ -201,6 +202,8 @@ spec:
|
||||
name: certs
|
||||
- mountPath: /etc/containerd/config.toml
|
||||
name: configtoml
|
||||
- mountPath: /Cache
|
||||
name: app-cache
|
||||
initContainers:
|
||||
- name: generate-certs
|
||||
image: beclab/openssl:v3
|
||||
@@ -224,6 +227,10 @@ spec:
|
||||
- name: certs
|
||||
mountPath: /etc/certs
|
||||
volumes:
|
||||
- name: app-cache
|
||||
hostPath:
|
||||
path: {{ .Values.rootPath }}/userdata/Cache
|
||||
type: DirectoryOrCreate
|
||||
- name: configtoml
|
||||
hostPath:
|
||||
path: /etc/containerd/config.toml
|
||||
@@ -360,7 +367,7 @@ spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: image-service
|
||||
image: beclab/image-service:0.2.51
|
||||
image: beclab/image-service:0.2.95
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
|
||||
@@ -215,6 +215,7 @@ spec:
|
||||
weight: 10
|
||||
{{ end }}
|
||||
serviceAccountName: bytetrade-controller
|
||||
priorityClassName: "system-cluster-critical"
|
||||
initContainers:
|
||||
- name: init-userspace
|
||||
image: busybox:1.28
|
||||
@@ -242,7 +243,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: api
|
||||
image: beclab/bfl:v0.3.59
|
||||
image: beclab/bfl:v0.3.74
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
@@ -286,16 +287,20 @@ spec:
|
||||
- name: BACKUP_SERVER
|
||||
value: backup-server.os-system:8082
|
||||
- name: L4_PROXY_IMAGE_VERSION
|
||||
value: v0.2.7
|
||||
value: v0.2.8
|
||||
- name: REVERSE_PROXY_AGENT_IMAGE_VERSION
|
||||
value: v0.1.4
|
||||
value: v0.1.9
|
||||
- name: TERMINUS_CERT_SERVICE_API
|
||||
value: {{ .Values.bfl.terminus_cert_service_api }}
|
||||
- name: TERMINUS_DNS_SERVICE_API
|
||||
value: {{ .Values.bfl.terminus_dns_service_api }}
|
||||
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: spec.nodeName
|
||||
- name: ingress
|
||||
image: beclab/bfl-ingress:v0.2.18
|
||||
image: beclab/bfl-ingress:v0.2.23
|
||||
imagePullPolicy: IfNotPresent
|
||||
volumeMounts:
|
||||
- name: ngxlog
|
||||
|
||||
@@ -44,6 +44,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: bytetrade-sys-ops
|
||||
serviceAccount: bytetrade-sys-ops
|
||||
priorityClassName: "system-cluster-critical"
|
||||
containers:
|
||||
- name: system-server
|
||||
image: beclab/system-server:0.1.19
|
||||
|
||||
@@ -99,7 +99,7 @@ spec:
|
||||
- name: DISABLE_TELEMETRY
|
||||
value: "false"
|
||||
- name: operator-api
|
||||
image: beclab/middleware-operator:0.1.37
|
||||
image: beclab/middleware-operator:0.1.42
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9080
|
||||
|
||||
@@ -247,6 +247,24 @@ spec:
|
||||
app.kubernetes.io/name: nats
|
||||
app.kubernetes.io/instance: nats
|
||||
spec:
|
||||
initContainers:
|
||||
- name: generate-config
|
||||
image: busybox:1.28
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
if [ ! -f /data/config/nats.conf ]; then
|
||||
cat /etc/nats-config/nats.conf > /data/config/nats.conf
|
||||
else
|
||||
echo "nats config file already exists"
|
||||
fi
|
||||
volumeMounts:
|
||||
- mountPath: /etc/nats-config
|
||||
name: config
|
||||
readOnly: false
|
||||
- mountPath: /data
|
||||
name: nats-data
|
||||
containers:
|
||||
- args:
|
||||
- --config
|
||||
|
||||
@@ -77,7 +77,7 @@ spec:
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 20m
|
||||
memory: 100Mi
|
||||
memory: 60Mi
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -34,14 +34,28 @@ for deps in "components" "pkgs"; do
|
||||
name=$(echo -n "$filename"|md5sum|awk '{print $1}')
|
||||
checksum="$name.checksum.txt"
|
||||
md5sum $name > $checksum
|
||||
backup_file=$(awk '{print $1}' $checksum)
|
||||
if [ x"$backup_file" == x"" ]; then
|
||||
echo "invalid checksum"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$name > /dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
set -ex
|
||||
aws s3 cp $name s3://terminus-os-install/$path$name --acl=public-read
|
||||
aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
|
||||
echo "upload $name to s3 completed"
|
||||
set +ex
|
||||
code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz)
|
||||
if [ $code -eq 403 ]; then
|
||||
set -ex
|
||||
aws s3 cp $name s3://terminus-os-install/$path$name --acl=public-read
|
||||
aws s3 cp $name s3://terminus-os-install/backup/$path$backup_file --acl=public-read
|
||||
aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
|
||||
echo "upload $name to s3 completed"
|
||||
set +ex
|
||||
else
|
||||
if [ $code -ne 200 ]; then
|
||||
echo "failed to check image"
|
||||
exit -1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# upload to tencent cloud cos
|
||||
|
||||
@@ -13,18 +13,33 @@ cat $1|while read image; do
|
||||
|
||||
curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz > /dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
set -e
|
||||
docker pull $image
|
||||
docker save $image -o $name.tar
|
||||
gzip $name.tar
|
||||
code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz)
|
||||
if [ $code -eq 403 ]; then
|
||||
set -ex
|
||||
docker pull $image
|
||||
docker save $image -o $name.tar
|
||||
gzip $name.tar
|
||||
|
||||
md5sum $name.tar.gz > $checksum
|
||||
md5sum $name.tar.gz > $checksum
|
||||
backup_file=$(awk '{print $1}' $checksum)
|
||||
if [ x"$backup_file" == x"" ]; then
|
||||
echo "invalid checksum"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
aws s3 cp $name.tar.gz s3://terminus-os-install/$path$name.tar.gz --acl=public-read
|
||||
aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
|
||||
echo "upload $name completed"
|
||||
|
||||
set +e
|
||||
echo "start to upload [$name.tar.gz]"
|
||||
aws s3 cp $name.tar.gz s3://terminus-os-install/$path$name.tar.gz --acl=public-read
|
||||
aws s3 cp $name.tar.gz s3://terminus-os-install/backup/$path$backup_file --acl=public-read
|
||||
aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
|
||||
echo "upload $name completed"
|
||||
|
||||
set +ex
|
||||
else
|
||||
if [ $code -ne 200 ]; then
|
||||
echo "failed to check image"
|
||||
exit -1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@@ -32,17 +47,31 @@ cat $1|while read image; do
|
||||
# re-upload checksum.txt
|
||||
curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$checksum > /dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
set -e
|
||||
docker pull $image
|
||||
docker save $image -o $name.tar
|
||||
gzip $name.tar
|
||||
code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$checksum)
|
||||
if [ $code -eq 403 ]; then
|
||||
set -ex
|
||||
docker pull $image
|
||||
docker save $image -o $name.tar
|
||||
gzip $name.tar
|
||||
|
||||
md5sum $name.tar.gz > $checksum
|
||||
md5sum $name.tar.gz > $checksum
|
||||
backup_file=$(awk '{print $1}' $checksum)
|
||||
if [ x"$backup_file" == x"" ]; then
|
||||
echo "invalid checksum"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
aws s3 cp $name.tar.gz s3://terminus-os-install/$path$name.tar.gz --acl=public-read
|
||||
aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
|
||||
echo "upload $name completed"
|
||||
set +e
|
||||
aws s3 cp $name.tar.gz s3://terminus-os-install/$path$name.tar.gz --acl=public-read
|
||||
aws s3 cp $name.tar.gz s3://terminus-os-install/backup/$path$backup_file --acl=public-read
|
||||
aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
|
||||
echo "upload $name completed"
|
||||
set +ex
|
||||
else
|
||||
if [ $code -ne 200 ]; then
|
||||
echo "failed to check image"
|
||||
exit -1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# upload to tencent cloud cos
|
||||
|
||||
@@ -306,6 +306,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: os-internal
|
||||
serviceAccount: os-internal
|
||||
priorityClassName: "system-cluster-critical"
|
||||
initContainers:
|
||||
- name: init-container
|
||||
image: 'postgres:16.0-alpine3.18'
|
||||
@@ -337,7 +338,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: authelia
|
||||
image: beclab/auth:0.1.41
|
||||
image: beclab/auth:0.1.44
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9091
|
||||
@@ -423,6 +424,7 @@ spec:
|
||||
labels:
|
||||
app: redis
|
||||
spec:
|
||||
priorityClassName: "system-cluster-critical"
|
||||
containers:
|
||||
- name: redis
|
||||
image: redis:6.2.13-alpine3.18
|
||||
|
||||
@@ -28,7 +28,7 @@ spec:
|
||||
name: check-auth
|
||||
containers:
|
||||
- name: auth-front
|
||||
image: beclab/login:v0.1.33
|
||||
image: beclab/login:v0.1.40
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
@@ -1,4 +1,42 @@
|
||||
{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
|
||||
{{- $headscale_secret := (lookup "v1" "Secret" $namespace "headscale-secrets") -}}
|
||||
|
||||
{{- $pg_password := "" -}}
|
||||
{{ if $headscale_secret -}}
|
||||
{{ $pg_password = (index $headscale_secret "data" "pg_password") }}
|
||||
{{ else -}}
|
||||
{{ $pg_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: headscale-secrets
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
type: Opaque
|
||||
data:
|
||||
pg_password: {{ $pg_password }}
|
||||
|
||||
---
|
||||
apiVersion: apr.bytetrade.io/v1alpha1
|
||||
kind: MiddlewareRequest
|
||||
metadata:
|
||||
name: headscale-pg
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
spec:
|
||||
app: headscale
|
||||
appNamespace: {{ .Release.Namespace }}
|
||||
middleware: postgres
|
||||
postgreSQL:
|
||||
user: headscale_{{ .Values.bfl.username }}
|
||||
password:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: pg_password
|
||||
name: headscale-secrets
|
||||
databases:
|
||||
- name: headscale
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
@@ -36,8 +74,6 @@ spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: headscale
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
@@ -68,7 +104,7 @@ spec:
|
||||
- |
|
||||
chown -R 1000:1000 /headscale
|
||||
- name: init
|
||||
image: beclab/headscale-init:v0.1.7
|
||||
image: beclab/headscale-init:v0.1.9
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
privileged: true
|
||||
@@ -79,9 +115,39 @@ spec:
|
||||
{{- end }}
|
||||
- name: NAMESPACE
|
||||
value: bfl.user-space-{{ .Values.bfl.username }}
|
||||
- name: PG_HOST
|
||||
value: citus-master-svc.user-system-{{ .Values.bfl.username }}
|
||||
- name: PG_PORT
|
||||
value: "5432"
|
||||
- name: PG_USER
|
||||
value: headscale_{{ .Values.bfl.username }}
|
||||
- name: PG_PASS
|
||||
value: "{{ $pg_password | b64dec }}"
|
||||
- name: PG_DB
|
||||
value: user_space_{{ .Values.bfl.username }}_headscale
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /etc/headscale
|
||||
- name: wait-for-postgres
|
||||
image: postgres:16.0-alpine3.18
|
||||
command:
|
||||
- sh
|
||||
- '-c'
|
||||
- >-
|
||||
echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB
|
||||
-c "SELECT 1"; do sleep 1; printf "-"; done; echo -e " >> PostgreSQL DB Server has started";
|
||||
env:
|
||||
- name: PGHOST
|
||||
value: citus-master-svc.user-system-{{ .Values.bfl.username }}
|
||||
- name: PGPORT
|
||||
value: "5432"
|
||||
- name: PGUSER
|
||||
value: headscale_{{ .Values.bfl.username }}
|
||||
- name: PGPASSWORD
|
||||
value: "{{ $pg_password | b64dec }}"
|
||||
- name: PGDB
|
||||
value: user_space_{{ .Values.bfl.username }}_headscale
|
||||
imagePullPolicy: IfNotPresent
|
||||
containers:
|
||||
- name: headscale
|
||||
image: headscale/headscale:0.22.3
|
||||
@@ -109,6 +175,9 @@ spec:
|
||||
mountPath: /etc/headscale
|
||||
- name: headscale-data
|
||||
mountPath: /var/lib/headscale
|
||||
- name: acl-config
|
||||
mountPath: /etc/headscale/acl
|
||||
readOnly: true
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
- args:
|
||||
@@ -141,6 +210,13 @@ spec:
|
||||
hostPath:
|
||||
type: DirectoryOrCreate
|
||||
path: {{ .Values.userspace.appCache }}/headscale
|
||||
- name: acl-config
|
||||
configMap:
|
||||
defaultMode: 420
|
||||
items:
|
||||
- key: acl.json
|
||||
path: acl.json
|
||||
name: tailscale-acl
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
@@ -198,7 +274,7 @@ spec:
|
||||
- name: TS_STATE_DIR
|
||||
value: "/var/lib/tailscale/"
|
||||
- name: TS_TAILSCALED_EXTRA_ARGS
|
||||
value: "--no-logs-no-support --verbose=1"
|
||||
value: "--no-logs-no-support --verbose=1"
|
||||
- name: TS_ROUTES
|
||||
value: $(NODE_IP)/32
|
||||
- name: TS_EXTRA_ARGS
|
||||
@@ -283,3 +359,26 @@ spec:
|
||||
version: v1
|
||||
status:
|
||||
state: active
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
data:
|
||||
acl.json: |
|
||||
{
|
||||
"acls":[
|
||||
{ "action": "accept", "src": ["*"], "proto": "tcp", "dst": ["*:443"] }
|
||||
],
|
||||
"autoApprovers": {
|
||||
"routes": {
|
||||
"10.0.0.0/8": ["default"],
|
||||
"172.16.0.0/12": ["default"],
|
||||
"192.168.0.0/16": ["default"]
|
||||
},
|
||||
"exitNode": []
|
||||
}
|
||||
}
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: tailscale-acl
|
||||
namespace: user-space-{{ .Values.bfl.username }}
|
||||
|
||||
@@ -168,16 +168,6 @@ metadata:
|
||||
app: infisical
|
||||
applications.app.bytetrade.io/author: bytetrade.io
|
||||
|
||||
{{ if (eq .Values.debugVersion true) }}
|
||||
applications.app.bytetrade.io/name: infisical
|
||||
applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
|
||||
annotations:
|
||||
applications.app.bytetrade.io/icon: https://bookface-images.s3.amazonaws.com/small_logos/621cb43ec50d1aae545391abcc114014c84d295f.png
|
||||
applications.app.bytetrade.io/title: Infisical
|
||||
applications.app.bytetrade.io/version: '0.0.1'
|
||||
applications.app.bytetrade.io/entrances: '[{"name":"infisical", "host":"infisical-service", "port":80,"title":"Infisical"}]'
|
||||
{{ end }}
|
||||
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
@@ -192,6 +182,7 @@ spec:
|
||||
io.bytetrade.app: "true"
|
||||
spec:
|
||||
serviceAccountName: infisical-sa
|
||||
priorityClassName: "system-cluster-critical"
|
||||
initContainers:
|
||||
- name: init-container
|
||||
image: 'postgres:16.0-alpine3.18'
|
||||
@@ -276,23 +267,6 @@ spec:
|
||||
- name: REDIS_URL
|
||||
value: "redis://:$(REDIS_PASSWORD)@redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379/0"
|
||||
|
||||
{{ if (eq .Values.debugVersion true) }}
|
||||
- name: infisical-frontend
|
||||
image: beclab/infisical-frontend:0.1.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 3000
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: infisical-frontend
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
{{ end }}
|
||||
|
||||
- name: infisical-proxy
|
||||
image: nginx:stable-alpine3.17-slim
|
||||
imagePullPolicy: IfNotPresent
|
||||
@@ -312,6 +286,8 @@ spec:
|
||||
- name: proxy
|
||||
containerPort: 8080
|
||||
env:
|
||||
- name: INFISICAL_URL
|
||||
value: http://localhost:4000
|
||||
- name: OWNER
|
||||
value: '{{ .Values.bfl.username }}'
|
||||
- name: PG_USER
|
||||
@@ -458,20 +434,6 @@ data:
|
||||
|
||||
location / {
|
||||
include /etc/nginx/mime.types;
|
||||
|
||||
{{ if (eq .Values.debugVersion true) }}
|
||||
proxy_set_header X-Real-RIP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_pass http://localhost:3000; # for frontend
|
||||
proxy_redirect off;
|
||||
{{ end }}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -165,7 +165,7 @@ data:
|
||||
# end
|
||||
nginx.conf: |-
|
||||
user nginx;
|
||||
worker_processes auto;
|
||||
worker_processes 4;
|
||||
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
pid /var/run/nginx.pid;
|
||||
@@ -189,11 +189,11 @@ data:
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 75s;
|
||||
keepalive_timeout 750s;
|
||||
|
||||
#gzip on;
|
||||
client_max_body_size 50M;
|
||||
client_body_buffer_size 50M;
|
||||
client_max_body_size 2000M;
|
||||
client_body_buffer_size 2000M;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
@@ -417,7 +417,7 @@ spec:
|
||||
# protocol: TCP
|
||||
|
||||
- name: sync-backend
|
||||
image: beclab/seahub_pgserver:v0.0.11
|
||||
image: beclab/seahub_pgserver:v0.0.12
|
||||
imagePullPolicy: IfNotPresent
|
||||
volumeMounts:
|
||||
- name: sync-data
|
||||
|
||||
@@ -54,11 +54,7 @@ spec:
|
||||
# applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/seafiles/icon.png
|
||||
# applications.app.bytetrade.io/title: Seafile
|
||||
# applications.app.bytetrade.io/version: '0.0.1'
|
||||
#{{ if (eq .Values.debugVersion true) }}
|
||||
# applications.app.bytetrade.io/entrances: '[{"name":"seafile-ui", "host":"seafile-ui", "port":80,"title":"Seafile"}]'
|
||||
#{{ else }}
|
||||
# applications.app.bytetrade.io/entrances: '[{"name":"seafile-ui", "host":"seafile-ui", "port":80,"title":"Seafile","invisible": true}]'
|
||||
#{{ end }}
|
||||
#
|
||||
#spec:
|
||||
# replicas: 1
|
||||
|
||||
Reference in New Issue
Block a user