fix: add init container for files-server

fix: change argo and sync run user (#1287 )
permission
2025-04-29 21:15:19 +08:00 · 2025-04-29 20:01:08 +08:00 · 2025-04-29 00:23:49 +08:00 · 2025-04-28 18:17:20 +08:00 · 2025-04-26 00:33:19 +08:00 · 2025-04-26 00:09:10 +08:00
18 changed files with 78 additions and 26 deletions
--- a/apps/argo/config/cluster/deploy/workflow-controller-config-map.yaml
+++ b/apps/argo/config/cluster/deploy/workflow-controller-config-map.yaml
@@ -16,7 +16,7 @@ data:
          key: AWS_SECRET_ACCESS_KEY
          name: argo-workflow-log-fakes3
        bucket: mongo-backup
-        endpoint: workflow-archivelog-s3.user-system-mmchong2021:4568
+        endpoint: tapr-s3-svc:4568
        insecure: true
    persistence:
      connectionPool:
--- a/apps/desktop/config/user/helm-charts/desktop/templates/desktop_deploy.yaml
+++ b/apps/desktop/config/user/helm-charts/desktop/templates/desktop_deploy.yaml
@@ -66,7 +66,7 @@ spec:
      containers:
      - name: edge-desktop
-        image: beclab/desktop:v0.2.57
+        image: beclab/desktop:v0.2.58
        imagePullPolicy: IfNotPresent
        securityContext:
          runAsNonRoot: false
@@ -78,7 +78,7 @@ spec:
            value: http://bfl.{{ .Release.Namespace }}:8080
      - name: desktop-server
-        image: beclab/desktop-server:v0.2.57
+        image: beclab/desktop-server:v0.2.58
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: false
--- a/apps/files/config/cluster/deploy/files_deploy.yaml
+++ b/apps/files/config/cluster/deploy/files_deploy.yaml
@@ -73,6 +73,28 @@ spec:
          - -c
          - |
            chown -R 1000:1000 /appdata; chown -R 1000:1000 /appcache; chown -R 1000:1000 /data
        - name: init-container
          image: 'postgres:16.0-alpine3.18'
          command:
            - sh
            - '-c'
            - >-
              echo -e "Checking for the availability of PostgreSQL Server
              deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB1
              -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >>
              PostgreSQL DB Server has started";
          env:
            - name: PGHOST
              value: citus-headless.os-system
            - name: PGPORT
              value: '5432'
            - name: PGUSER
              value: files_os_system
            - name: PGPASSWORD
              value: {{ $files_postgres_password | b64dec }}
            - name: PGDB1
              value: os_system_files
      containers:
        - name: gateway
          image: beclab/appdata-gateway:0.1.18
--- a/apps/files/config/user/helm-charts/files/templates/files_fe_deploy.yaml
+++ b/apps/files/config/user/helm-charts/files/templates/files_fe_deploy.yaml
@@ -302,7 +302,7 @@ spec:
 #        - /filebrowser
 #        - --noauth
      - name: files-frontend
-        image: beclab/files-frontend:v1.3.53
+        image: beclab/files-frontend:v1.3.55
        imagePullPolicy: IfNotPresent
        securityContext:
          runAsNonRoot: false
--- a/apps/knowledge/config/cluster/deploy/knowledge_deployment.yaml
+++ b/apps/knowledge/config/cluster/deploy/knowledge_deployment.yaml
@@ -177,7 +177,7 @@ spec:
            value: os_system_knowledge
      containers:
      - name: knowledge
-        image: "beclab/knowledge-base-api:v0.12.2"
+        image: "beclab/knowledge-base-api:v0.12.4"
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: false
@@ -283,8 +283,8 @@ spec:
      - name: sync
        image: "beclab/recommend-sync:v0.12.0"
        securityContext:
-          allowPrivilegeEscalation: false
+          runAsUser: 0
-          runAsUser: 1000
+          runAsNonRoot: false
        env:
        - name: USERSPACE_DIRECTORY
          value: /data
--- a/apps/market/config/user/helm-charts/market/templates/market_deploy.yaml
+++ b/apps/market/config/user/helm-charts/market/templates/market_deploy.yaml
@@ -86,12 +86,12 @@ spec:
                fieldPath: status.podIP
      containers:
      - name: appstore
-        image: beclab/market-frontend:v0.3.10
+        image: beclab/market-frontend:v0.3.11
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
      - name: appstore-backend
-        image: beclab/market-backend:v0.3.10
+        image: beclab/market-backend:v0.3.11
        imagePullPolicy: IfNotPresent
        ports:
          - containerPort: 81
--- a/apps/notifications/config/cluster/deploy/notification_deploy.yaml
+++ b/apps/notifications/config/cluster/deploy/notification_deploy.yaml
@@ -83,6 +83,23 @@ spec:
        permission:
          pub: allow
          sub: allow
      - export:
          - appName: lldap
            pub: allow
            sub: allow
          - appName: vault-server
            pub: deny
            sub: allow
          - appName: seahub
            pub: deny
            sub: allow
          - appName: knowledge
            pub: deny
            sub: allow
        name: system.users
        permission:
          pub: allow
          sub: allow
    user: os-system-notifications
 ---
@@ -160,6 +177,8 @@ spec:
              name: notifications-secrets
        - name: NATS_SUBJECT
          value: "terminus.{{ .Release.Namespace }}.system.notification"
        - name: NATS_SUBJECT_SYSTEM_USERS
          value: "terminus.{{ .Release.Namespace }}.system.users"
        livenessProbe:
          tcpSocket:
--- a/apps/studio/config/user/helm-charts/studio/templates/deployment.yaml
+++ b/apps/studio/config/user/helm-charts/studio/templates/deployment.yaml
@@ -249,7 +249,7 @@ spec:
      containers:
        - name: studio
-          image: beclab/studio-server:v0.1.49
+          image: beclab/studio-server:v0.1.50
          imagePullPolicy: IfNotPresent
          args:
            - server
--- a/apps/system-apps/config/user/helm-charts/monitoring/templates/system-frontend.yaml
+++ b/apps/system-apps/config/user/helm-charts/monitoring/templates/system-frontend.yaml
@@ -220,7 +220,7 @@ spec:
            - mountPath: /www
              name: www-dir
        - name: profile-editor-init
-          image: beclab/profile-editor:v0.2.1
+          image: beclab/profile-editor:v0.2.21
          imagePullPolicy: IfNotPresent
          command:
            - /bin/sh
@@ -232,7 +232,7 @@ spec:
            - mountPath: /www
              name: www-dir
        - name: profile-preview-init
-          image: beclab/profile-preview:v0.2.1
+          image: beclab/profile-preview:v0.2.21
          imagePullPolicy: IfNotPresent
          command:
            - /bin/sh
@@ -244,7 +244,7 @@ spec:
            - mountPath: /www
              name: www-dir
        - name: wise-init
-          image: beclab/wise:v1.3.53
+          image: beclab/wise:v1.3.55
          imagePullPolicy: IfNotPresent
          command:
            - /bin/sh
@@ -256,7 +256,7 @@ spec:
            - mountPath: /www
              name: www-dir
        - name: settings-init
-          image: beclab/settings:v1.3.53
+          image: beclab/settings:v1.3.55
          imagePullPolicy: IfNotPresent
          command:
            - /bin/sh
--- a/apps/vault/config/cluster/deploy/vault_server_deploy.yaml
+++ b/apps/vault/config/cluster/deploy/vault_server_deploy.yaml
@@ -83,7 +83,7 @@ spec:
            value: os_system_vault
      containers:
      - name: vault-server
-        image: beclab/vault-server:v1.3.53
+        image: beclab/vault-server:v1.3.55
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 3000
@@ -114,7 +114,7 @@ spec:
        - name: vault-attach
          mountPath: /padloc/packages/server/attachments
      - name: vault-admin
-        image: beclab/vault-admin:v1.3.53
+        image: beclab/vault-admin:v1.3.55
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 3010
--- a/apps/vault/config/user/helm-charts/vault/templates/vault_deploy.yaml
+++ b/apps/vault/config/user/helm-charts/vault/templates/vault_deploy.yaml
@@ -88,13 +88,13 @@ spec:
      containers:
      - name: vault-frontend
-        image: beclab/vault-frontend:v1.3.53
+        image: beclab/vault-frontend:v1.3.55
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
      - name: notification-server
-        image: beclab/vault-notification:v1.3.53
+        image: beclab/vault-notification:v1.3.55
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 3010
--- a/build/installer/version.hint
+++ b/build/installer/version.hint
@@ -1,2 +1,2 @@
 upgrade:
-  minVersion: 1.12.0-0000000
+  minVersion: 1.12.0-1
--- a/build/installer/wizard/config/account/templates/account.yaml
+++ b/build/installer/wizard/config/account/templates/account.yaml
@@ -20,5 +20,7 @@ metadata:
 spec:
  email: "{{.Values.user.email}}"
  initialPassword: "{{ .Values.user.password }}"
  groups:
  - lldap_admin
 status:
  state: Active
--- a/build/manifest/images
+++ b/build/manifest/images
@@ -1,5 +1,5 @@
-beclab/ks-apiserver:0.0.9
+beclab/ks-apiserver:0.0.10
-beclab/ks-controller-manager:0.0.9
+beclab/ks-controller-manager:0.0.10
 beclab/kube-state-metrics:v2.3.0-ext.1
 calico/cni:v3.29.2
 calico/kube-controllers:v3.29.2
--- a/frameworks/app-service/config/cluster/deploy/appservice_deploy.yaml
+++ b/frameworks/app-service/config/cluster/deploy/appservice_deploy.yaml
@@ -143,7 +143,7 @@ spec:
      priorityClassName: "system-cluster-critical"
      containers:
      - name: app-service
-        image: beclab/app-service:0.3.26
+        image: beclab/app-service:0.3.27
        imagePullPolicy: IfNotPresent
        securityContext:
          runAsUser: 0
@@ -361,7 +361,7 @@ spec:
      hostNetwork: true
      containers:
        - name: image-service
-          image: beclab/image-service:0.3.21
+          image: beclab/image-service:0.3.27
          imagePullPolicy: IfNotPresent
          securityContext:
            runAsUser: 0
--- a/frameworks/backup-server/config/cluster/deploy/backup_server.yaml
+++ b/frameworks/backup-server/config/cluster/deploy/backup_server.yaml
@@ -1,6 +1,6 @@
-{{ $backupVersion := "0.3.21" }}
+{{ $backupVersion := "0.3.22" }}
 {{ $backup_server_rootpath := printf "%s%s" .Values.rootPath "/rootfs/backup-server" }}
 ---
--- a/frameworks/bfl/config/launcher/templates/bfl_deploy.yaml
+++ b/frameworks/bfl/config/launcher/templates/bfl_deploy.yaml
@@ -249,7 +249,7 @@ spec:
      containers:
      - name: api
-        image: beclab/bfl:v0.4.3
+        image: beclab/bfl:v0.4.4
        imagePullPolicy: IfNotPresent
        securityContext:
          runAsUser: 1000
--- a/frameworks/tapr/config/cluster/deploy/lldap-deployment.yaml
+++ b/frameworks/tapr/config/cluster/deploy/lldap-deployment.yaml
@@ -83,6 +83,13 @@ spec:
        perm:
        - pub
        - sub
    - appName: notifications
      appNamespace: {{ .Release.Namespace }}
      subjects:
      - name: system.users
        perm:
        - pub
        - sub
    user: os-system-lldap
 ---
@@ -164,8 +171,10 @@ spec:
                  name: lldap-pg-secrets
            - name: NATS_SUBJECT
              value: "terminus.{{ .Release.Namespace }}.system.notification"
            - name: NATS_SUBJECT_SYSTEM_USERS
              value: "terminus.{{ .Release.Namespace }}.system.users"
-          image: beclab/lldap:0.0.1
+          image: beclab/lldap:0.0.2
          imagePullPolicy: IfNotPresent
          name: lldap
          ports:
Author	SHA1	Message	Date
lovehunter9	0f54a90212	fix: add init container for files-server	2025-04-29 21:15:19 +08:00
simon	93d1237a43	fix: change argo and sync run user (#1287 ) permission	2025-04-29 20:01:08 +08:00
hysyeah	42ff86e0af	studio-server: change cm push url (#1284 )	2025-04-29 00:23:49 +08:00
simon	814dce3dec	fix: argo archivelog and knowledge feed save bug (#1283 ) knowledge v0.12.4	2025-04-28 18:17:20 +08:00
aby913	bfa43257ff	backup-server: abnormal restoration state, get space cos stats failed (#1268 )	2025-04-26 00:33:19 +08:00
berg	e1c9e9ad20	fix(vault&wise): some known issues (#1281 ) * feat: update wise & vault & files new version to v1.3.54 * feat: update 1.3.55 --------- Co-authored-by: qq815776412 <815776412@qq.com>	2025-04-26 00:09:10 +08:00
hysyeah	1b62d2ae31	lldap,bfl,app-service: user event publish;subnet mask minus 1 (#1277 )	2025-04-26 00:07:35 +08:00
berg	51f32c993f	profile, market: modify default theme configuration (#1276 ) fix: modify default theme configuration	2025-04-26 00:07:05 +08:00
huaiyuan	59749c8b7f	desktop: fix iframe hide when zooming the window (#1270 )	2025-04-26 00:06:10 +08:00
dkeven	23816103c9	fix: correct minVersion in version.hint to follow semver spec (#1269 )	2025-04-26 00:05:44 +08:00
`@@ -1,2 +1,2 @@`
	`upgrade:`	`upgrade:`
	`minVersion: 1.12.0-0000000`	`minVersion: 1.12.0-1`