feat(settings-server): upgrade docker node version to 24.0.2 & upgrade nestjs version to 11.1.1

otel: change the go auto-instrumentation image version

apps/argo/config/cluster/deploy/workflow-controller-config-map.yaml

@@ -16,7 +16,7 @@ data:
           key: AWS_SECRET_ACCESS_KEY
           name: argo-workflow-log-fakes3
         bucket: mongo-backup
-        endpoint: workflow-archivelog-s3.user-system-mmchong2021:4568
+        endpoint: tapr-s3-svc:4568
         insecure: true
     persistence:
       connectionPool:

apps/desktop/config/user/helm-charts/desktop/templates/desktop_deploy.yaml

@@ -66,7 +66,7 @@ spec:
 
       containers:
       - name: edge-desktop
-        image: beclab/desktop:v0.2.57
+        image: beclab/desktop:v0.2.59
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: false
@@ -78,7 +78,7 @@ spec:
             value: http://bfl.{{ .Release.Namespace }}:8080
 
       - name: desktop-server
-        image: beclab/desktop-server:v0.2.57
+        image: beclab/desktop-server:v0.2.59
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false

apps/files/config/cluster/deploy/files_deploy.yaml

@@ -43,8 +43,8 @@ spec:
       labels:
         app: files
       annotations:
-        # instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
-        # instrumentation.opentelemetry.io/inject-nginx-container-names: "nginx"    
+        instrumentation.opentelemetry.io/inject-nginx-container-names: "nginx"    
         instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
         instrumentation.opentelemetry.io/go-container-names: "gateway,files,uploader"    
         instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/filebrowser"
@@ -73,6 +73,28 @@ spec:
           - -c
           - |
             chown -R 1000:1000 /appdata; chown -R 1000:1000 /appcache; chown -R 1000:1000 /data
+        - name: init-container
+          image: 'postgres:16.0-alpine3.18'
+          command:
+            - sh
+            - '-c'
+            - >-
+              echo -e "Checking for the availability of PostgreSQL Server
+              deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB1
+              -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >>
+              PostgreSQL DB Server has started";
+          env:
+            - name: PGHOST
+              value: citus-headless.os-system
+            - name: PGPORT
+              value: '5432'
+            - name: PGUSER
+              value: files_os_system
+            - name: PGPASSWORD
+              value: {{ $files_postgres_password | b64dec }}
+            - name: PGDB1
+              value: os_system_files
+
       containers:
         - name: gateway
           image: beclab/appdata-gateway:0.1.18
@@ -281,7 +303,7 @@ spec:
             runAsUser: 0
             privileged: true
         - name: nginx
-          image: 'nginx:stable-alpine3.17-slim'
+          image: 'beclab/docker-nginx-headers-more:ubuntu-v0.1.0'
           securityContext:
             runAsNonRoot: false
             runAsUser: 0

apps/files/config/user/helm-charts/files/templates/files_fe_deploy.yaml

@@ -114,9 +114,11 @@ spec:
         io.bytetrade.app: "true"
       annotations:
         # support nginx 1.24.3 1.25.3
-        # instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
-        # instrumentation.opentelemetry.io/inject-nginx-container-names: "files-frontend"    
+        instrumentation.opentelemetry.io/inject-nginx-container-names: "files-frontend"    
-        # instrumentation.opentelemetry.io/otel-go-auto-target-exe: "drive"
+        instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
+        instrumentation.opentelemetry.io/go-container-names: "driver-server"    
+        instrumentation.opentelemetry.io/otel-go-auto-target-exe: "drive"
     spec:
       serviceAccountName: bytetrade-controller
       securityContext:
@@ -204,6 +206,20 @@ spec:
             value: "{{ $pg_password | b64dec }}"
           - name: PGDB
             value: user_space_{{ .Values.bfl.username }}_cloud_drive_integration
+      - name: files-frontend-init
+        image: beclab/files-frontend:v1.3.61
+        imagePullPolicy: IfNotPresent
+        volumeMounts:
+          - name: app
+            mountPath: /cp_app
+          - name: nginx-confd
+            mountPath: /confd
+        command:
+        - sh
+        - -c
+        - |
+          cp -rf /app/* /cp_app/. && cp -rf /etc/nginx/conf.d/* /confd/.
+
       containers:
 #      - name: gateway
 #        image: beclab/appdata-gateway:0.1.12
@@ -302,7 +318,7 @@ spec:
 #        - /filebrowser
 #        - --noauth
       - name: files-frontend
-        image: beclab/files-frontend:v1.3.53
+        image: beclab/docker-nginx-headers-more:ubuntu-v0.1.0
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: false
@@ -323,6 +339,10 @@ spec:
         volumeMounts:
         - name: userspace-dir
           mountPath: /data
+        - name: app
+          mountPath: /app
+        - name: nginx-confd
+          mountPath: /etc/nginx/conf.d
       - name: drive-server
         image: beclab/drive:v0.0.72
         imagePullPolicy: IfNotPresent
@@ -469,6 +489,10 @@ spec:
           items:
           - key: envoy.yaml
             path: envoy.yaml
+      - name: app
+        emptyDir: {}
+      - name: nginx-confd
+        emptyDir: {}
 
    
 

apps/knowledge/config/cluster/deploy/knowledge_deployment.yaml

@@ -177,7 +177,7 @@ spec:
             value: os_system_knowledge
       containers:
       - name: knowledge
-        image: "beclab/knowledge-base-api:v0.12.2"
+        image: "beclab/knowledge-base-api:v0.12.5"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -209,6 +209,8 @@ spec:
           value: os_system_knowledge
         - name: DOWNLOAD_URL
           value: http://download-svc.os-system:3080
+        - name: YTDLP_DOWNLOAD_URL
+          value: http://download-svc.os-system:3082
         - name: NATS_HOST
           value: nats
         - name: NATS_PORT
@@ -283,8 +285,8 @@ spec:
       - name: sync
         image: "beclab/recommend-sync:v0.12.0"
         securityContext:
-          allowPrivilegeEscalation: false
+          runAsUser: 0
-          runAsUser: 1000
+          runAsNonRoot: false
         env:
         - name: USERSPACE_DIRECTORY
           value: /data
@@ -309,7 +311,7 @@ spec:
             mountPath: /data
        
       - name: crawler
-        image: "beclab/recommend-crawler:v0.12.0"
+        image: "beclab/recommend-crawler:v0.12.1"
         securityContext:
           allowPrivilegeEscalation: false
           runAsUser: 1000
@@ -518,7 +520,7 @@ spec:
             cpu: "1"
             memory: 300Mi
       - name: yt-dlp
-        image: "beclab/yt-dlp:v0.12.0"
+        image: "beclab/yt-dlp:v0.12.2"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -564,7 +566,7 @@ spec:
             cpu: "1"
             memory: 300Mi
       - name: download-spider
-        image: "beclab/download-spider:v0.12.1"
+        image: "beclab/download-spider:v0.12.2"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false

apps/market/config/user/helm-charts/market/templates/market_deploy.yaml

@@ -43,6 +43,12 @@ spec:
       labels:
         app: appstore
         io.bytetrade.app: "true"
+      annotations:
+        instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
+        instrumentation.opentelemetry.io/go-container-names: "appstore-backend"    
+        instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/opt/app/market"
+        instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-nginx-container-names: "appstore"    
     spec:
       priorityClassName: "system-cluster-critical"
       initContainers:
@@ -84,14 +90,33 @@ spec:
               fieldRef:
                 apiVersion: v1
                 fieldPath: status.podIP
+        - name: nginx-init
+          image: beclab/market-frontend:v0.3.11
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: app
+              mountPath: /cp_app
+            - name: nginx-confd
+              mountPath: /confd
+          command:
+          - sh
+          - -c
+          - |
+            cp -rf /app/* /cp_app/. && cp -rf /etc/nginx/conf.d/* /confd/.            
       containers:
       - name: appstore
-        image: beclab/market-frontend:v0.3.10
+        image: beclab/docker-nginx-headers-more:ubuntu-v0.1.0
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
+        volumeMounts:
+        - name: app
+          mountPath: /app
+        - name: nginx-confd
+          mountPath: /etc/nginx/conf.d
+        
       - name: appstore-backend
-        image: beclab/market-backend:v0.3.10
+        image: beclab/market-backend:v0.3.11
         imagePullPolicy: IfNotPresent
         ports:
           - containerPort: 81
@@ -194,6 +219,10 @@ spec:
         hostPath:
           path: '{{ .Values.userspace.appData}}/appstore/data'
           type: DirectoryOrCreate
+      - name: app
+        emptyDir: {}
+      - name: nginx-confd
+        emptyDir: {}
 
 ---
 apiVersion: v1

apps/notifications/config/cluster/deploy/notification_deploy.yaml

@@ -1,6 +1,6 @@
 
 
-{{- $namespace := printf "%s%s" "os-system" -}}
+{{- $namespace := printf "%s" "os-system" -}}
 {{- $notifications_secret := (lookup "v1" "Secret" $namespace "notifications-secrets") -}}
 
 {{- $pg_password := "" -}}
@@ -83,6 +83,23 @@ spec:
         permission:
           pub: allow
           sub: allow
+      - export:
+          - appName: lldap
+            pub: allow
+            sub: allow
+          - appName: vault-server
+            pub: deny
+            sub: allow
+          - appName: seahub
+            pub: deny
+            sub: allow
+          - appName: knowledge
+            pub: deny
+            sub: allow
+        name: system.users
+        permission:
+          pub: allow
+          sub: allow
     user: os-system-notifications
 
 ---
@@ -131,7 +148,7 @@ spec:
             value: os_system_notifications
       containers:
       - name: notifications-api
-        image: beclab/notifications-api:v1.12.2
+        image: beclab/notifications-api:v1.12.3
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010
@@ -160,6 +177,8 @@ spec:
               name: notifications-secrets
         - name: NATS_SUBJECT
           value: "terminus.{{ .Release.Namespace }}.system.notification"
+        - name: NATS_SUBJECT_SYSTEM_USERS
+          value: "terminus.{{ .Release.Namespace }}.system.users"
 
         livenessProbe:
           tcpSocket:

apps/studio/config/user/helm-charts/studio/templates/deployment.yaml

@@ -249,7 +249,7 @@ spec:
 
       containers:
         - name: studio
-          image: beclab/studio-server:v0.1.49
+          image: beclab/studio-server:v0.1.50
           imagePullPolicy: IfNotPresent
           args:
             - server

apps/system-apps/config/user/helm-charts/monitoring/templates/system-frontend.yaml

@@ -149,11 +149,11 @@ spec:
       labels:
         app: system-frontend
         io.bytetrade.app: "true"
-      # annotations:
+      annotations:
-        # instrumentation.opentelemetry.io/inject-nodejs: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-nodejs: "olares-instrumentation"
-        # instrumentation.opentelemetry.io/nodejs-container-names: "settings-server"    
+        instrumentation.opentelemetry.io/nodejs-container-names: "settings-server"    
-        # instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
-        # instrumentation.opentelemetry.io/inject-nginx-container-names: "system-frontend"    
+        instrumentation.opentelemetry.io/inject-nginx-container-names: "system-frontend"    
     spec:
       priorityClassName: "system-cluster-critical"
       initContainers:
@@ -220,7 +220,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: profile-editor-init
-          image: beclab/profile-editor:v0.2.1
+          image: beclab/profile-editor:v0.2.21
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -232,7 +232,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: profile-preview-init
-          image: beclab/profile-preview:v0.2.1
+          image: beclab/profile-preview:v0.2.21
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -244,7 +244,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: wise-init
-          image: beclab/wise:v1.3.53
+          image: beclab/wise:v1.3.55
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -256,7 +256,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: settings-init
-          image: beclab/settings:v1.3.53
+          image: beclab/settings:v1.3.62
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -268,7 +268,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: studio-init
-          image: beclab/studio:v0.2.11
+          image: beclab/studio:v0.2.16
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -305,7 +305,7 @@ spec:
             - -c
             - /etc/envoy/envoy.yaml
         - name: system-frontend
-          image: beclab/docker-nginx-headers-more:v0.1.0
+          image: beclab/docker-nginx-headers-more:ubuntu-v0.1.0
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 81
@@ -385,7 +385,7 @@ spec:
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
         - name: settings-server
-          image: beclab/settings-server:v0.2.20
+          image: beclab/settings-server:v0.2.23
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000

apps/vault/config/cluster/deploy/vault_server_deploy.yaml

@@ -83,7 +83,7 @@ spec:
             value: os_system_vault
       containers:
       - name: vault-server
-        image: beclab/vault-server:v1.3.53
+        image: beclab/vault-server:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3000
@@ -114,7 +114,7 @@ spec:
         - name: vault-attach
           mountPath: /padloc/packages/server/attachments
       - name: vault-admin
-        image: beclab/vault-admin:v1.3.53
+        image: beclab/vault-admin:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010

apps/vault/config/user/helm-charts/vault/templates/vault_deploy.yaml

@@ -88,13 +88,13 @@ spec:
 
       containers:
       - name: vault-frontend
-        image: beclab/vault-frontend:v1.3.53
+        image: beclab/vault-frontend:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
       
       - name: notification-server
-        image: beclab/vault-notification:v1.3.53
+        image: beclab/vault-notification:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010

apps/wizard/config/user/helm-charts/wizard/templates/wizard_deploy.yaml

@@ -61,7 +61,7 @@ spec:
 
       containers:
       - name: wizard
-        image: beclab/wizard:v0.5.12
+        image: beclab/wizard:v1.3.57
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80

build/installer/install.ps1

@@ -48,7 +48,7 @@ if (-Not (Test-Path $CLI_PROGRAM_PATH)) {
   New-Item -Path $CLI_PROGRAM_PATH -ItemType Directory
 }
 
-$CLI_VERSION = "0.2.30"
+$CLI_VERSION = "0.2.35"
 $CLI_FILE = "olares-cli-v{0}_windows_{1}.tar.gz" -f $CLI_VERSION, $arch
 $CLI_URL = "{0}/{1}" -f $downloadUrl, $CLI_FILE
 $CLI_PATH = "{0}{1}" -f $CLI_PROGRAM_PATH, $CLI_FILE
@@ -82,6 +82,6 @@ if ($download -eq 1) {
 Start-Sleep -Seconds 3
 Write-Host ("Preparing to start the installation of Olares {0}. Depending on your network conditions, this process may take several minutes." -f $version)
 
-$command = "{0}\olares-cli.exe olares install --version {1}" -f $CLI_PROGRAM_PATH, $version
+$command = "{0}\olares-cli.exe install --version {1}" -f $CLI_PROGRAM_PATH, $version
 Start-Process cmd -ArgumentList '/k',$command -Wait -Verb RunAs
 

build/installer/install.sh

@@ -74,7 +74,7 @@ if [ -z ${cdn_url} ]; then
     cdn_url="https://dc3p1870nn3cj.cloudfront.net"
 fi
 
-CLI_VERSION="0.2.30"
+CLI_VERSION="0.2.35"
 CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
 if [[ x"$os_type" == x"Darwin" ]]; then
     CLI_FILE="olares-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
@@ -137,7 +137,7 @@ else
             echo ""
         else
             echo "building local release ..."
-            $sh_c "$INSTALL_OLARES_CLI olares release $PARAMS $CDN"
+            $sh_c "$INSTALL_OLARES_CLI release $PARAMS $CDN"
             if [[ $? -ne 0 ]]; then
                 echo "error: failed to build local release"
                 exit 1
@@ -146,13 +146,13 @@ else
     else
         echo "running system prechecks ..."
         echo ""
-        $sh_c "$INSTALL_OLARES_CLI olares precheck $PARAMS"
+        $sh_c "$INSTALL_OLARES_CLI precheck $PARAMS"
         if [[ $? -ne 0 ]]; then
             exit 1
         fi
         echo "downloading installation wizard..."
         echo ""
-        $sh_c "$INSTALL_OLARES_CLI olares download wizard $PARAMS $KUBE_PARAM $CDN"
+        $sh_c "$INSTALL_OLARES_CLI download wizard $PARAMS $KUBE_PARAM $CDN"
         if [[ $? -ne 0 ]]; then
             echo "error: failed to download installation wizard"
             exit 1
@@ -161,7 +161,7 @@ else
 
     echo "downloading installation packages..."
     echo ""
-    $sh_c "$INSTALL_OLARES_CLI olares download component $PARAMS $KUBE_PARAM $CDN"
+    $sh_c "$INSTALL_OLARES_CLI download component $PARAMS $KUBE_PARAM $CDN"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to download installation packages"
         exit 1
@@ -173,7 +173,7 @@ else
     if [ x"$REGISTRY_MIRRORS" != x"" ]; then
         extra="--registry-mirrors $REGISTRY_MIRRORS"
     fi
-    $sh_c "$INSTALL_OLARES_CLI olares prepare $PARAMS $KUBE_PARAM $extra"
+    $sh_c "$INSTALL_OLARES_CLI prepare $PARAMS $KUBE_PARAM $extra"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to prepare installation environment"
         exit 1
@@ -198,7 +198,7 @@ if [[ "$JUICEFS" == "1" ]]; then
     else
         echo "checking storage config ..."
     fi
-    $sh_c "$INSTALL_OLARES_CLI olares install storage $PARAMS"
+    $sh_c "$INSTALL_OLARES_CLI install storage $PARAMS"
     if [[ $? -ne 0 ]]; then
       exit 1
     fi
@@ -221,7 +221,7 @@ if [[ -n "$ZRAM_SWAP_PRIORITY" ]]; then
 fi
 echo "installing Olares..."
 echo ""
-$sh_c "$INSTALL_OLARES_CLI olares install $PARAMS $KUBE_PARAM $fsflag $swapflag"
+$sh_c "$INSTALL_OLARES_CLI install $PARAMS $KUBE_PARAM $fsflag $swapflag"
 
 if [[ $? -ne 0 ]]; then
     echo "error: failed to install Olares"

build/installer/joincluster.sh

@@ -157,7 +157,7 @@ fi
 
 set_master_host_ssh_options
 
-CLI_VERSION="0.2.30"
+CLI_VERSION="0.2.35"
 CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
 
 if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$CLI_VERSION" ]]; then
@@ -211,14 +211,14 @@ if [[ -f $BASE_DIR/.prepared ]]; then
 else
     echo "running system prechecks ..."
     echo ""
-    $sh_c "$INSTALL_OLARES_CLI olares precheck $PARAMS"
+    $sh_c "$INSTALL_OLARES_CLI precheck $PARAMS"
     if [[ $? -ne 0 ]]; then
         exit 1
     fi
 
     echo "downloading installation wizard..."
     echo ""
-    $sh_c "$INSTALL_OLARES_CLI olares download wizard $PARAMS $CDN"
+    $sh_c "$INSTALL_OLARES_CLI download wizard $PARAMS $CDN"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to download installation wizard"
         exit 1
@@ -226,7 +226,7 @@ else
 
     echo "downloading installation packages..."
     echo ""
-    $sh_c "$INSTALL_OLARES_CLI olares download component $PARAMS $CDN"
+    $sh_c "$INSTALL_OLARES_CLI download component $PARAMS $CDN"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to download installation packages"
         exit 1
@@ -238,7 +238,7 @@ else
     if [ x"$REGISTRY_MIRRORS" != x"" ]; then
         extra="--registry-mirrors $REGISTRY_MIRRORS"
     fi
-    $sh_c "$INSTALL_OLARES_CLI olares prepare $PARAMS $extra"
+    $sh_c "$INSTALL_OLARES_CLI prepare $PARAMS $extra"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to prepare installation environment"
         exit 1

build/installer/version.hint

@@ -1,2 +1,2 @@
 upgrade:
-  minVersion: 1.12.0-0000000
+  minVersion: 1.12.0-1

build/installer/wizard/config/account/templates/account.yaml

@@ -20,5 +20,7 @@ metadata:
 spec:
   email: "{{.Values.user.email}}"
   initialPassword: "{{ .Values.user.password }}"
+  groups:
+  - lldap_admin
 status:
   state: Active

build/manifest/components

@@ -1,4 +1,4 @@
-olaresd-v1.12.0-rc.6.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.12.0-rc.6-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.12.0-rc.6-linux-arm64.tar.gz,olaresd
+olaresd-v1.12.0-rc.10.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.12.0-rc.10-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.12.0-rc.10-linux-arm64.tar.gz,olaresd
 socat-1.7.3.2.tar.gz,pkg/components,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,socat
 conntrack-tools-1.4.1.tar.gz,pkg/components,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,conntrack-tools
 minio.RELEASE.2023-05-04T21-44-30Z,pkg/components,https://dl.min.io/server/minio/release/linux-amd64/archive/minio.RELEASE.2023-05-04T21-44-30Z,https://dl.min.io/server/minio/release/linux-arm64/archive/minio.RELEASE.2023-05-04T21-44-30Z,minio

build/manifest/images

@@ -1,5 +1,5 @@
-beclab/ks-apiserver:0.0.9
+beclab/ks-apiserver:0.0.11
-beclab/ks-controller-manager:0.0.9
+beclab/ks-controller-manager:0.0.11
 beclab/kube-state-metrics:v2.3.0-ext.1
 calico/cni:v3.29.2
 calico/kube-controllers:v3.29.2
@@ -18,7 +18,7 @@ kubesphere/prometheus-operator:v0.55.1
 openebs/linux-utils:3.3.0
 openebs/provisioner-localpv:3.3.0
 beclab/percona-server-mongodb-operator:1.15.2
-prom/node-exporter:v1.3.1
+beclab/node-exporter:0.0.1
 prom/prometheus:v2.34.0
 quay.io/argoproj/argocli:v3.5.0
 quay.io/argoproj/argoexec:v3.5.0
@@ -36,9 +36,12 @@ beclab/reverse-proxy:v0.1.8
 beclab/upgrade-job:0.1.7
 bytetrade/envoy:v1.25.11.1
 liangjw/kube-webhook-certgen:v1.1.1
-beclab/hami:v2.5.1
+beclab/hami:v2.5.2
 alpine:3.14
 mirrorgooglecontainers/defaultbackend-amd64:1.4
 projecthami/hami-webui-fe-oss:v1.0.5
 projecthami/hami-webui-be-oss:v1.0.5
 nvidia/dcgm-exporter:4.1.1-4.0.4-ubuntu22.04
+ghcr.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.20.0
+bytetrade/autoinstrumentation-apache-httpd:1.0.4-fix1
+ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.40.0

build/manifest/pkgs

@@ -1,5 +1,5 @@
 cni-plugins-v1.6.2.tgz,pkg/cni/v1.6.2,https://github.com/containernetworking/plugins/releases/download/v1.6.2/cni-plugins-linux-amd64-v1.6.2.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.2/cni-plugins-linux-arm-v1.6.2.tgz,cni-plugins
-containerd-1.6.4.tar.gz,pkg/containerd/1.6.4,https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz,https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz,containerd
+containerd-1.6.36.tar.gz,pkg/containerd/1.6.36,https://github.com/containerd/containerd/releases/download/v1.6.36/containerd-1.6.36-linux-amd64.tar.gz,https://github.com/containerd/containerd/releases/download/v1.6.36/containerd-1.6.36-linux-arm64.tar.gz,containerd
 crictl-v1.32.0.tar.gz,pkg/crictl/v1.32.0,https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.32.0/crictl-v1.32.0-linux-amd64.tar.gz,https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.32.0/crictl-v1.32.0-linux-arm64.tar.gz,crictl
 etcd-v3.5.18.tar.gz,pkg/etcd/v3.5.18,https://github.com/coreos/etcd/releases/download/v3.5.18/etcd-v3.5.18-linux-amd64.tar.gz,https://github.com/coreos/etcd/releases/download/v3.5.18/etcd-v3.5.18-linux-arm64.tar.gz,etcd
 helm-v3.9.0.tar.gz,pkg/helm/v3.9.0,https://get.helm.sh/helm-v3.17.1-linux-amd64.tar.gz,https://get.helm.sh/helm-v3.17.1-linux-arm.tar.gz,helm

frameworks/GPU/config/gpu/hami/values.yaml

@@ -3,7 +3,7 @@
 nameOverride: ""
 fullnameOverride: ""
 imagePullSecrets: []
-version: "v2.5.1"
+version: "v2.5.2"
 
 # Nvidia GPU Parameters
 resourceName: "nvidia.com/gpu"

frameworks/app-service/config/cluster/deploy/appservice_deploy.yaml

@@ -143,7 +143,7 @@ spec:
       priorityClassName: "system-cluster-critical"
       containers:
       - name: app-service
-        image: beclab/app-service:0.3.26
+        image: beclab/app-service:0.3.29
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 0
@@ -361,7 +361,7 @@ spec:
       hostNetwork: true
       containers:
         - name: image-service
-          image: beclab/image-service:0.3.21
+          image: beclab/image-service:0.3.28
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsUser: 0

frameworks/backup-server/config/cluster/deploy/backup_server.yaml

@@ -1,6 +1,6 @@
 
 
-{{ $backupVersion := "0.3.21" }}
+{{ $backupVersion := "0.3.29" }}
 {{ $backup_server_rootpath := printf "%s%s" .Values.rootPath "/rootfs/backup-server" }}
 
 ---
@@ -35,11 +35,18 @@ spec:
       - name: rootfs
         hostPath:
           path: '{{ .Values.rootPath }}/rootfs'
+      - name: shares
+        hostPath:
+          path: '{{ .Values.rootPath }}/share'
       serviceAccountName: os-internal
       containers:
       - name: api
         image: beclab/backup-server:v{{ $backupVersion }}
         imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: true
+          privileged: true
+          runAsUser: 0
         command:
         - /backup-server
         - apiserver
@@ -65,10 +72,15 @@ spec:
         volumeMounts:
         - mountPath: /rootfs
           name: rootfs
+        - mountPath: /shares
+          mountPropagation: Bidirectional
+          name: shares
       - name: controller
         image: beclab/backup-server:v{{ $backupVersion }}
         imagePullPolicy: IfNotPresent
         securityContext:
+          allowPrivilegeEscalation: true
+          privileged: true
           runAsUser: 0
         command:
         - /backup-server
@@ -94,6 +106,9 @@ spec:
         volumeMounts:
         - mountPath: /rootfs
           name: rootfs
+        - mountPath: /shares
+          mountPropagation: Bidirectional
+          name: shares
 
 ---
 apiVersion: v1

frameworks/bfl/config/launcher/templates/bfl_deploy.yaml

@@ -200,11 +200,11 @@ spec:
       labels:
         tier: bfl
       annotations:
-        # instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
-        # instrumentation.opentelemetry.io/go-container-names: "api"    
+        instrumentation.opentelemetry.io/go-container-names: "api"    
-        # instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/bfl-api"
+        instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/bfl-api"
-        # instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
-        # instrumentation.opentelemetry.io/inject-nginx-container-names: "ingress"    
+        instrumentation.opentelemetry.io/inject-nginx-container-names: "ingress"    
     spec:
 {{ if .Values.bfl.admin_user }}
       affinity:
@@ -249,7 +249,7 @@ spec:
 
       containers:
       - name: api
-        image: beclab/bfl:v0.4.3
+        image: beclab/bfl:v0.4.5
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 1000
@@ -306,7 +306,7 @@ spec:
               apiVersion: v1
               fieldPath: spec.nodeName
       - name: ingress
-        image: beclab/bfl-ingress:v0.3.2
+        image: beclab/bfl-ingress:v0.3.5
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: ngxlog

frameworks/bfl/config/launcher/templates/otel_define.yaml

@@ -5,6 +5,10 @@ kind: Instrumentation
 metadata:
   name: olares-instrumentation
   namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": "pre-install,pre-upgrade"
+    "helm.sh/hook-weight": "-10"
+    "helm.sh/hook-delete-policy": "before-hook-creation"
 spec:
   exporter:
     endpoint: https://jaeger-storage-instance-collector.os-system:4317
@@ -20,30 +24,46 @@ spec:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
-        value: http/protobuf
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   dotnet:
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
-        value: http/protobuf
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   nodejs:
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
-        value: http/protobuf
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   nginx:
+    image: bytetrade/autoinstrumentation-apache-httpd:1.0.4-fix1
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
-        value: https://jaeger-storage-instance-collector.os-system:4317
+        value: http://jaeger-storage-instance-collector.os-system:4318
+      - name: OTEL_EXPORTER_OTLP_PROTOCOL
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   go:
+    image: ghcr.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.20.0
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
         value: http/protobuf
-
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
+    resourceRequirements:
+      limits:
+        memory: 256Mi
 
 ---
 apiVersion: opentelemetry.io/v1alpha1
@@ -51,6 +71,11 @@ kind: Instrumentation
 metadata:
   name: olares-instrumentation
   namespace: user-system-{{ .Values.bfl.username }}
+  annotations:
+    "helm.sh/hook": "pre-install,pre-upgrade"
+    "helm.sh/hook-weight": "-10"
+    "helm.sh/hook-delete-policy": "before-hook-creation"
+
 spec:
   exporter:
     endpoint: https://jaeger-storage-instance-collector.os-system:4317
@@ -66,27 +91,44 @@ spec:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
-        value: http/protobuf
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   dotnet:
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
-        value: http/protobuf
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   nodejs:
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
-        value: http/protobuf
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   nginx:
+    image: bytetrade/autoinstrumentation-apache-httpd:1.0.4-fix1
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
-        value: https://jaeger-storage-instance-collector.os-system:4317
+        value: http://jaeger-storage-instance-collector.os-system:4318
+      - name: OTEL_EXPORTER_OTLP_PROTOCOL
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   go:
+    image: ghcr.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.20.0
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
         value: http/protobuf
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
+    resourceRequirements:
+      limits:
+        memory: 256Mi
 

frameworks/system-server/config/user/helm-charts/systemserver/templates/systemserver_deploy.yaml

@@ -41,13 +41,17 @@ spec:
     metadata:
       labels:
         app: systemserver
+      annotations:
+        instrumentation.opentelemetry.io/go-container-names: system-server
+        instrumentation.opentelemetry.io/inject-go: olares-instrumentation
+        instrumentation.opentelemetry.io/otel-go-auto-target-exe: /system-server
     spec:
       serviceAccountName: bytetrade-sys-ops
       serviceAccount: bytetrade-sys-ops
       priorityClassName: "system-cluster-critical"
       containers:
       - name: system-server
-        image: beclab/system-server:0.1.21
+        image: beclab/system-server:0.1.22
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80

frameworks/tapr/config/cluster/deploy/lldap-deployment.yaml

@@ -83,6 +83,13 @@ spec:
         perm:
         - pub
         - sub
+    - appName: notifications
+      appNamespace: {{ .Release.Namespace }}
+      subjects:
+      - name: system.users
+        perm:
+        - pub
+        - sub
     user: os-system-lldap
 
 ---
@@ -164,8 +171,10 @@ spec:
                   name: lldap-pg-secrets
             - name: NATS_SUBJECT
               value: "terminus.{{ .Release.Namespace }}.system.notification"
+            - name: NATS_SUBJECT_SYSTEM_USERS
+              value: "terminus.{{ .Release.Namespace }}.system.users"
 
-          image: beclab/lldap:0.0.1
+          image: beclab/lldap:0.0.2
           imagePullPolicy: IfNotPresent
           name: lldap
           ports:

third-party/authelia/config/cluster/deploy/auth_backend_deploy.yaml

@@ -389,10 +389,21 @@ spec:
         image: owncloudci/wait-for:latest
         imagePullPolicy: IfNotPresent
         name: check-redis
-
+      - name: setsysctl
+        image: 'busybox:1.28'
+        command:
+          - sh
+          - '-c'
+          - |
+            sysctl -w net.core.somaxconn=65535
+            sysctl -w net.ipv4.ip_local_port_range="1024 65535"
+            sysctl -w net.ipv4.tcp_tw_reuse=1
+            sysctl -w fs.file-max=1048576
+        securityContext:
+          privileged: true
       containers:      
       - name: authelia
-        image: beclab/auth:0.2.4
+        image: beclab/auth:0.2.6
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9091

third-party/authelia/config/user/helm-charts/auth/templates/auth_deploy.yaml

@@ -28,7 +28,7 @@ spec:
         name: check-auth
       containers:
       - name: auth-front
-        image: beclab/login:v0.1.40
+        image: beclab/login:v1.3.57
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80

third-party/opentelemetry/config/cluster/deploy/opentelemetry_operator.yaml

@@ -957,27 +957,44 @@ spec:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
-        value: http/protobuf
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   dotnet:
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
-        value: http/protobuf
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   nodejs:
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
-        value: http/protobuf
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   nginx:
+    image: bytetrade/autoinstrumentation-apache-httpd:1.0.4-fix1
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
-        value: https://jaeger-storage-instance-collector.os-system:4317
+        value: http://jaeger-storage-instance-collector.os-system:4318
+      - name: OTEL_EXPORTER_OTLP_PROTOCOL
+        value: http/json
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
   go:
+    image: ghcr.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.20.0
     env:
       - name: OTEL_EXPORTER_OTLP_ENDPOINT
         value: http://jaeger-storage-instance-collector.os-system:4318
       - name: OTEL_EXPORTER_OTLP_PROTOCOL
         value: http/protobuf
+      - name: OTEL_TRACES_SAMPLER_ARG
+        value: "1.0"
+    resourceRequirements:
+      limits:
+        memory: 256Mi
 

third-party/opentelemetry/config/user/helm-charts/opentelmetry/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

third-party/opentelemetry/config/user/helm-charts/opentelmetry/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: opentelemetry
-description: A Helm chart for Kubernetes
-maintainers:
-- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "0.118.0"

third-party/opentelemetry/config/user/helm-charts/opentelmetry/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "seafile.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "seafile.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "seafile.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "seafile.labels" -}}
-helm.sh/chart: {{ include "seafile.chart" . }}
-{{ include "seafile.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "seafile.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "seafile.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "seafile.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "seafile.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

third-party/opentelemetry/config/user/helm-charts/opentelmetry/values.yaml

@@ -1,7 +0,0 @@
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test