authelia: add user list api

fix(manifest): update the missed reverse proxy image version (#1488 )
feat(system-frontend): update system-frontend new version to v1.3.86 (#1487 )
2025-06-27 21:28:12 +08:00 · 2025-06-27 11:27:07 +08:00 · 2025-06-27 11:24:02 +08:00 · 2025-06-27 11:23:29 +08:00 · 2025-06-27 11:23:07 +08:00 · 2025-06-26 15:53:40 +08:00
1160 changed files with 138125 additions and 11539 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -7,7 +7,7 @@ Title: <subsystem>:  <what changed>
 * **Target Version for Merge**
 <!-- Specify the version to which these changes need to be merged -->

-* ***Related Issues**
+* **Related Issues**
 <!-- Reference any related issues here, if applicable -->

 * **PRs Involving Sub-Systems** 
--- a/.github/workflows/build-redis-231.yaml
+++ b/.github/workflows/build-redis-231.yaml
@@ -17,4 +17,4 @@ jobs:
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
        run: |
-          bash scripts/build-redis.sh linux/amd64 glibc-231
+          bash build/build-redis.sh linux/amd64 glibc-231
--- a/.github/workflows/build-redis.yaml
+++ b/.github/workflows/build-redis.yaml
@@ -17,10 +17,10 @@ jobs:
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
        run: |
-          bash scripts/build-redis.sh linux/amd64
+          bash build/build-redis.sh linux/amd64

  push-arm64:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux, ARM64]

    steps:
      - name: Clean
@@ -40,4 +40,4 @@ jobs:
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
        run: |
-          sudo -E sh -c "bash scripts/build-redis.sh linux/arm64 && rm -rf redis*"
+          sudo -E sh -c "bash build/build-redis.sh linux/arm64 && rm -rf redis*"
--- a/.github/workflows/build-ubuntu2204.yaml
+++ b/.github/workflows/build-ubuntu2204.yaml
@@ -17,4 +17,4 @@ jobs:
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
        run: |
-          bash scripts/build-ubuntu2204.sh
+          bash build/build-ubuntu2204.sh
--- a/.github/workflows/build-wsl2326.yaml
+++ b/.github/workflows/build-wsl2326.yaml
@@ -0,0 +1,20 @@
+name: Build and Upload WSL MSI
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          bash build/build-wsl-install-msi.sh
--- a/.github/workflows/check.yaml
+++ b/.github/workflows/check.yaml
@@ -35,19 +35,10 @@ jobs:
      
      - name: Pre package
        run: |
-          bash scripts/package.sh
-
-      - name: Run chart-testing (list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed --chart-dirs build/installer/wizard/config --target-branch ${{ github.event.repository.default_branch }})
-          if [[ -n "$changed" ]]; then
-            echo "changed=true" >> "$GITHUB_OUTPUT"
-          fi
+          bash build/package.sh

      - name: Run chart-testing (lint)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --chart-dirs build/installer/wizard/config --check-version-increment=false --target-branch ${{ github.event.repository.default_branch }}
+        run: ct lint --chart-dirs .dist/wizard/config,.dist/wizard/config/apps,.dist/wizard/config/gpu --check-version-increment=false --all

      # - name: Create kind cluster
      #   if: steps.list-changed.outputs.changed == 'true'
@@ -57,6 +48,32 @@ jobs:
      #   if: steps.list-changed.outputs.changed == 'true'
      #   run: ct install --chart-dirs wizard/charts,wizard/config --target-branch ${{ github.event.repository.default_branch }}

+  test-version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.generate.outputs.version }}
+    steps:
+      - id: generate
+        run: |
+          v=1.12.0-$(echo $RANDOM)
+          echo "version=$v" >> "$GITHUB_OUTPUT"
+
+  upload-cli:
+    needs: test-version
+    uses: ./.github/workflows/release-cli.yaml
+    secrets: inherit
+    with:
+      version: ${{ needs.test-version.outputs.version }}
+      ref: ${{ github.event.pull_request.head.ref }}
+
+  upload-daemon:
+    needs: test-version
+    uses: ./.github/workflows/release-daemon.yaml
+    secrets: inherit
+    with:
+      version: ${{ needs.test-version.outputs.version }}
+      ref: ${{ github.event.pull_request.head.ref }}
+
  push-image:
    runs-on: ubuntu-latest

@@ -68,32 +85,16 @@ jobs:
          ref: ${{ github.event.pull_request.head.ref }}
          repository: ${{ github.event.pull_request.head.repo.full_name }}

-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
      # test
      - env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
        run: |
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf

  push-image-arm64:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux, ARM64]

    steps:
      - name: 'Checkout source code'
@@ -103,22 +104,6 @@ jobs:
          ref: ${{ github.event.pull_request.head.ref }}
          repository: ${{ github.event.pull_request.head.repo.full_name }}

-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 

      - env: 
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -126,10 +111,11 @@ jobs:
          AWS_DEFAULT_REGION: 'us-east-1'
        run: |
          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64


  push-deps:
+    needs: [test-version, upload-daemon]
    runs-on: ubuntu-latest

    steps:
@@ -140,32 +126,18 @@ jobs:
          ref: ${{ github.event.pull_request.head.ref }}
          repository: ${{ github.event.pull_request.head.repo.full_name }}

-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
      # test
      - env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.test-version.outputs.version }}
        run: |
-          bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
+          bash build/deps-manifest.sh && bash build/upload-deps.sh

  push-deps-arm64:
-    runs-on: self-hosted
+    needs: [test-version, upload-daemon]
+    runs-on: [self-hosted, linux, ARM64]

    steps:
      - name: "Checkout source code"
@@ -178,73 +150,57 @@ jobs:
      - name: Install coscmd
        run: pip install coscmd        

-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
      # test
      - env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.test-version.outputs.version }}
        run: |
          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          bash scripts/deps-manifest.sh linux/arm64 && bash scripts/upload-deps.sh linux/arm64
+          bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64


+  upload-package:
+    needs: [lint-test, test-version, push-image, push-image-arm64, push-deps, push-deps-arm64]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.ref }}
+        repository: ${{ github.event.pull_request.head.repo.full_name }}
+
+    - name: Package installer
+      run: |
+        bash build/build.sh ${{ needs.test-version.outputs.version }}
+
+    - name: Upload package
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        AWS_DEFAULT_REGION: 'us-east-1'
+      run: |
+        md5sum install-wizard-v${{ needs.test-version.outputs.version }}.tar.gz > install-wizard-v${{ needs.test-version.outputs.version }}.md5sum.txt && \
+        aws s3 cp install-wizard-v${{ needs.test-version.outputs.version }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ needs.test-version.outputs.version }}.md5sum.txt --acl=public-read && \
+        aws s3 cp install-wizard-v${{ needs.test-version.outputs.version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ needs.test-version.outputs.version }}.tar.gz --acl=public-read
+

  install-test:
-    needs: [lint-test, push-image, push-image-arm64, push-deps, push-deps-arm64]
+    needs: [test-version, upload-cli, upload-package]
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.ref }}
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
-
-      - name: 'Test tag version'
-        id: vars
-        run: |
-          v=1.11.0-$(echo $RANDOM)
-          echo "tag_version=$v" >> $GITHUB_OUTPUT
-
-      - name: Package installer
-        run: |
-          bash scripts/build.sh ${{ steps.vars.outputs.tag_version }}
-
-      - name: Upload package
-        env: 
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: 'us-east-1'
-        run: |
-          md5sum install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz > install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt && \
-          aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt --acl=public-read && \
-          aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz --acl=public-read
-      
-
      - name: Deploy Request
        uses: fjogeleit/http-request-action@v1
        with:
          url: 'https://cloud-dev-api.bttcdn.com/v1/resource/installTest'
          method: 'POST'
          customHeaders: '{"Authorization": "${{ secrets.INSTALL_SECRET }}"}'
-          data: 'versions=${{ steps.vars.outputs.tag_version }}&downloadUrl=https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz'      
+          data: 'versions=${{ needs.test-version.outputs.version }}&downloadUrl=https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${{ needs.test-version.outputs.version }}.tar.gz'
          contentType: "application/x-www-form-urlencoded"

-      - name: Check Reault
+      - name: Check Result
        uses: eball/poll-check-endpoint@v0.1.0
        with:
          url: https://cloud-dev-api.bttcdn.com/v1/resource/installResult
@@ -255,4 +211,4 @@ jobs:
          timeout: 1800000
          interval: 30000
          customHeaders: '{"Authorization": "${{ secrets.INSTALL_SECRET }}", "Content-Type": "application/x-www-form-urlencoded"}'
-          data: 'versions=${{ steps.vars.outputs.tag_version }}'
+          data: 'versions=${{ needs.test-version.outputs.version }}'
--- a/.github/workflows/daily-lint-check.yaml
+++ b/.github/workflows/daily-lint-check.yaml
@@ -0,0 +1,37 @@
+name: Lint Check Charts
+
+on:
+  schedule:
+    # This is a UTC time
+    - cron: "30 1 * * *"
+  workflow_dispatch:
+
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+          
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.12.1
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.6.0
+      
+      - name: Pre package
+        run: |
+          bash build/package.sh
+
+      - name: Run chart-testing (lint)
+        run: |
+          ct lint --chart-dirs .dist/wizard/config,.dist/wizard/config/apps,.dist/wizard/config/gpu --check-version-increment=false --all
+
--- a/.github/workflows/push-deps-to-s3.yml
+++ b/.github/workflows/push-deps-to-s3.yml
@@ -5,7 +5,7 @@ on:

 jobs:
  push:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04

    steps:
      - name: "Checkout source code"
@@ -33,10 +33,10 @@ jobs:
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
        run: |
-          bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
+          bash build/deps-manifest.sh && bash build/upload-deps.sh

  push-arm64:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux, ARM64]

    steps:
      - name: "Checkout source code"
@@ -66,4 +66,4 @@ jobs:
          AWS_DEFAULT_REGION: "us-east-1"
        run: |
          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          bash scripts/deps-manifest.sh linux/arm64 && bash scripts/upload-deps.sh linux/arm64
+          bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64
--- a/.github/workflows/push-to-s3.yaml
+++ b/.github/workflows/push-to-s3.yaml
@@ -5,7 +5,7 @@ on:

 jobs:
  push:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04

    steps:
      - name: "Checkout source code"
@@ -33,10 +33,10 @@ jobs:
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
        run: |
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf

  push-arm64:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux, ARM64]

    steps:
      - name: "Checkout source code"
@@ -65,4 +65,4 @@ jobs:
          AWS_DEFAULT_REGION: "us-east-1"
        run: |
          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64
--- a/.github/workflows/release-cli.yaml
+++ b/.github/workflows/release-cli.yaml
@@ -0,0 +1,56 @@
+name: Release CLI
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+  workflow_dispatch:
+jobs:
+  goreleaser:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+          ref: ${{ inputs.ref }}
+
+      - name: Add Local Git Tag For GoReleaser
+        run: git tag ${{ inputs.version }}
+        continue-on-error: true
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.24.3
+          
+      - name: Install x86_64 cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y build-essential
+
+      - name: Install ARM cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3.1.0
+        with:
+          distribution: goreleaser
+          workdir: './cli'
+          version: v1.18.2
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload to S3
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+        run: |
+          cd cli/output && for file in *.tar.gz; do
+            aws s3 cp "$file" s3://terminus-os-install/$file --acl=public-read
+            # coscmd upload $file /$file
+          done
--- a/.github/workflows/release-daemon.yaml
+++ b/.github/workflows/release-daemon.yaml
@@ -0,0 +1,58 @@
+name: Release Daemon
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+  workflow_dispatch:
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+          ref: ${{ inputs.ref }}
+
+      - name: Add Local Git Tag For GoReleaser
+        run: git tag ${{ inputs.version }}
+        continue-on-error: true
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.22.1
+
+      - name: install udev-devel
+        run: |
+          sudo apt update && sudo apt install -y libudev-dev
+
+      - name: Install x86_64 cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y build-essential
+
+      - name: Install ARM cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y gcc-aarch64-linux-gnu
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3.1.0
+        with:
+          distribution: goreleaser
+          workdir: './daemon'
+          version: v1.18.2
+          args: release --clean
+
+      - name: Upload to CDN
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: 'us-east-1'
+        run: |
+          cd daemon/output && for file in *.tar.gz; do
+            aws s3 cp "$file" s3://terminus-os-install/$file --acl=public-read
+          done
--- a/.github/workflows/release-daily.yaml
+++ b/.github/workflows/release-daily.yaml
@@ -9,230 +9,163 @@ on:
  workflow_dispatch:

 jobs:
-  push-images:
+
+  daily-version:
    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.generate.outputs.version }}
+    steps:
+      - id: generate
+        run: |
+          v=1.12.0-$(date +"%Y%m%d")
+          echo "version=$v" >> "$GITHUB_OUTPUT"
+
+  release-cli:
+    needs: daily-version
+    uses: ./.github/workflows/release-cli.yaml
+    secrets: inherit
+    with:
+      version: ${{ needs.daily-version.outputs.version }}
+
+  release-daemon:
+    needs: daily-version
+    uses: ./.github/workflows/release-daemon.yaml
+    secrets: inherit
+    with:
+      version: ${{ needs.daily-version.outputs.version }}
+
+  push-images:
+    runs-on: ubuntu-22.04

    steps:
      - name: 'Checkout source code'
        uses: actions/checkout@v3

-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
      - env: 
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: 'us-east-1'
        run: |
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf

  push-images-arm64:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux, ARM64]

    steps:
      - name: 'Checkout source code'
        uses: actions/checkout@v3

-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
      - env: 
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: 'us-east-1'
        run: |
          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64

  push-deps:
+    needs: [daily-version, release-daemon]
    runs-on: ubuntu-latest

    steps:
      - name: "Checkout source code"
        uses: actions/checkout@v3

-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
      # test
      - env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.daily-version.outputs.version }}
        run: |
-          bash scripts/deps-manifest.sh && bash scripts/upload-deps.sh
+          bash build/deps-manifest.sh && bash build/upload-deps.sh

  push-deps-arm64:
-    runs-on: self-hosted
+    needs: [daily-version, release-daemon]
+    runs-on: [self-hosted, linux, ARM64]

    steps:
      - name: "Checkout source code"
        uses: actions/checkout@v3

-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
      # test
      - env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ needs.daily-version.outputs.version }}
        run: |
          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          bash scripts/deps-manifest.sh linux/arm64 && bash scripts/upload-deps.sh linux/arm64
+          bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64


  upload-package:
-    needs: [push-images, push-images-arm64, push-deps, push-deps-arm64]
+    needs: [daily-version, push-images, push-images-arm64, push-deps, push-deps-arm64]
    runs-on: ubuntu-latest
+    outputs:
+      md5sum: ${{ steps.upload.outputs.md5sum }}

    steps:
-      - name: 'Daily tag version'
-        id: vars
-        run: |
-          v=1.11.0-$(date +"%Y%m%d")
-          echo "tag_version=$v" >> $GITHUB_OUTPUT
-
      - name: 'Checkout source code'
        uses: actions/checkout@v3

      - name: Package installer
        run: |
-          bash scripts/build.sh ${{ steps.vars.outputs.tag_version }}
-
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-          
-      # - name: Upload to COS
-      #   run: |
-      #     md5sum install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz > install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt && \
-      #     coscmd upload ./install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt /install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt
-      #     coscmd upload ./install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz /install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz
+          bash build/build.sh ${{ needs.daily-version.outputs.version }}

      - name: Upload to S3
+        id: upload
        env: 
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: 'us-east-1'
        run: |
-          md5sum install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz > install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt && \
-          aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}.md5sum.txt --acl=public-read && \
-          aws s3 cp install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz --acl=public-read
+          md5sum install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz > install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz --acl=public-read && \
+          echo "md5sum=$(awk '{print $1}' install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt)" >> "$GITHUB_OUTPUT"
+

-          
  release:
-    needs: [upload-package]
+    needs: [daily-version, upload-package]
    runs-on: ubuntu-latest

    steps:
      - name: 'Checkout source code'
        uses: actions/checkout@v3

-      - name: 'Daily tag version'
-        id: vars
-        run: |
-          v=1.11.0-$(date +"%Y%m%d")
-          echo "tag_version=$v" >> $GITHUB_OUTPUT
-          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${v}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
-
      - name: Update checksum
        uses: eball/write-tag-to-version-file@latest
        with:
-          filename: 'build/installer/install.sh'
+          filename: 'build/base-package/install.sh'
          placeholder: '#__MD5SUM__'
-          tag: ${{ steps.vars.outputs.version_md5sum }}
+          tag: ${{ needs.upload-package.outputs.md5sum }}
      
      - name: Package installer
        run: |
-          bash scripts/build.sh ${{ steps.vars.outputs.tag_version }}
+          bash build/build.sh ${{ needs.daily-version.outputs.version }}

      - name: 'Archives'
        run: |
-          cp .dist/install-wizard/install.sh build/installer
-          cp build/installer/install.sh build/installer/publicInstaller.sh
-          cp .dist/install-wizard/install.ps1 build/installer
+          cp .dist/install-wizard/install.sh build/base-package
+          cp build/base-package/install.sh build/base-package/publicInstaller.sh
+          cp .dist/install-wizard/install.ps1 build/base-package
+          cp .dist/install-wizard/joincluster.sh build/base-package

      - name: Release public files
        uses: softprops/action-gh-release@v1
        with:
-          name: v${{ steps.vars.outputs.tag_version }} Release
-          tag_name: ${{ steps.vars.outputs.tag_version }}
+          name: v${{ needs.daily-version.outputs.version }} Release
+          tag_name: ${{ needs.daily-version.outputs.version }}
          files: |
-            install-wizard-v${{ steps.vars.outputs.tag_version }}.tar.gz
-            build/installer/publicInstaller.sh
-            build/installer/install.sh
-            build/installer/install.ps1
-            build/installer/publicAddnode.sh
-            build/installer/version.hint
-            build/installer/publicRestoreInstaller.sh
+            install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz
+            build/base-package/publicInstaller.sh
+            build/base-package/install.sh
+            build/base-package/install.ps1
+            build/base-package/joincluster.sh
+            build/base-package/publicAddnode.sh
+            build/base-package/version.hint
+            build/base-package/publicRestoreInstaller.sh
          prerelease: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/release-mdns-agent.yaml
+++ b/.github/workflows/release-mdns-agent.yaml
@@ -0,0 +1,71 @@
+name: Publish mdns-agent to Dockerhub
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+
+jobs:
+  update_dockerhub:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          context: ./daemon
+          tags: beclab/olaresd:${{ inputs.version }}
+          file: ./daemon/docker/Dockerfile.agent
+          platforms: linux/amd64,linux/arm64
+
+  upload_release_package:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+      - name: Add Local Git Tag For GoReleaser
+        run: git tag ${{ inputs.version }}
+        continue-on-error: true
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.22.1
+
+      - name: Install x86_64 cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y build-essential
+
+      - name: Install ARM cross-compiler
+        run: sudo apt-get update && sudo apt-get install -y gcc-aarch64-linux-gnu
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3.1.0
+        with:
+          distribution: goreleaser
+          version: v1.18.2
+          args: release --clean --skip-validate -f .goreleaser.agent.yml
+          workdir: './daemon'
+
+      - name: Upload to CDN
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: 'us-east-1'
+        run: |
+          cd daemon/output && for file in *.tar.gz; do
+            aws s3 cp "$file" s3://terminus-os-install/$file --acl=public-read
+          done
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -9,8 +9,23 @@ on:
        description: 'Release Tags'

 jobs:
+
+  release-cli:
+    uses: ./.github/workflows/release-cli.yaml
+    secrets: inherit
+    with:
+      version: ${{ github.event.inputs.tags }}
+      ref: ${{ github.event.inputs.tags }}
+
+  release-daemon:
+    uses: ./.github/workflows/release-daemon.yaml
+    secrets: inherit
+    with:
+      version: ${{ github.event.inputs.tags }}
+      ref: ${{ github.event.inputs.tags }}
+
  push:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04

    steps:
      - name: 'Checkout source code'
@@ -18,31 +33,16 @@ jobs:
        with:
          ref: ${{ github.event.inputs.tags }}

-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
      - env: 
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: 'us-east-1'
+          VERSION: ${{ github.event.inputs.tags }}
        run: |
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf

  push-arm64:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux, ARM64]

    steps:
      - name: 'Checkout source code'
@@ -50,33 +50,17 @@ jobs:
        with:
          ref: ${{ github.event.inputs.tags }}

-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
      - env: 
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: 'us-east-1'
+          VERSION: ${{ github.event.inputs.tags }}
        run: |
          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          bash scripts/image-manifest.sh && bash scripts/upload-images.sh .manifest/images.mf linux/arm64
+          bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64

  upload-package:
-    needs: [push, push-arm64]
+    needs: [push, push-arm64, release-daemon]
    runs-on: ubuntu-latest

    steps:
@@ -87,30 +71,7 @@ jobs:

      - name: Package installer
        run: |
-          bash scripts/build.sh ${{ github.event.inputs.tags }}
-
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-          
-      # - name: Upload to COS
-      #   run: |
-      #     md5sum install-wizard-v${{ github.event.inputs.tags }}.tar.gz > install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt && \
-      #     coscmd upload ./install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt /install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt
-      #     coscmd upload ./install-wizard-v${{ github.event.inputs.tags }}.tar.gz /install-wizard-v${{ github.event.inputs.tags }}.tar.gz
+          bash build/build.sh ${{ github.event.inputs.tags }}

      - name: Upload to S3
        env: 
@@ -133,7 +94,7 @@ jobs:
          ref: ${{ github.event.inputs.tags }}

      - name: Update env
-        working-directory: ./build/installer
+        working-directory: ./build/base-package
        run: |
          echo 'DEBUG_VERSION="false"' > .env

@@ -145,21 +106,22 @@ jobs:
      - name: Update checksum
        uses: eball/write-tag-to-version-file@latest
        with:
-          filename: 'build/installer/install.sh'
+          filename: 'build/base-package/install.sh'
          placeholder: '#__MD5SUM__'
          tag: ${{ steps.vars.outputs.version_md5sum }}

      - name: Package installer
        run: |
-          bash scripts/build.sh ${{ github.event.inputs.tags }}
+          bash build/build.sh ${{ github.event.inputs.tags }}
          
      - name: 'Archives'
        run: |
-          cp .dist/install-wizard/install.sh build/installer
-          cp build/installer/install.sh build/installer/publicInstaller.sh
-          cp build/installer/install.sh build/installer/publicInstaller.latest
-          cp .dist/install-wizard/install.ps1 build/installer
-          cp build/installer/install.ps1 build/installer/publicInstaller.latest.ps1
+          cp .dist/install-wizard/install.sh build/base-package
+          cp build/base-package/install.sh build/base-package/publicInstaller.sh
+          cp build/base-package/install.sh build/base-package/publicInstaller.latest
+          cp .dist/install-wizard/install.ps1 build/insbase-packagetaller
+          cp build/base-package/install.ps1 build/base-package/publicInstaller.latest.ps1
+          cp .dist/install-wizard/joincluster.sh build/base-package

      - name: Release public files
        uses: softprops/action-gh-release@v1
@@ -168,14 +130,15 @@ jobs:
          tag_name: ${{ github.event.inputs.tags }}
          files: |
            install-wizard-v${{ github.event.inputs.tags }}.tar.gz
-            build/installer/publicInstaller.sh
-            build/installer/publicInstaller.latest
-            build/installer/install.sh
-            build/installer/publicInstaller.latest.ps1
-            build/installer/install.ps1
-            build/installer/publicAddnode.sh
-            build/installer/version.hint
-            build/installer/publicRestoreInstaller.sh
+            build/base-package/publicInstaller.sh
+            build/base-package/publicInstaller.latest
+            build/base-package/install.sh
+            build/base-package/publicInstaller.latest.ps1
+            build/base-package/install.ps1
+            build/base-package/publicAddnode.sh
+            build/instbase-packagealler/joincluster.sh
+            build/base-package/version.hint
+            build/base-package/publicRestoreInstaller.sh
          prerelease: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -23,7 +23,12 @@ go.work

 .dist
 .manifest
+.dependencies
 install-wizard-*.tar.gz
 olares-cli-*.tar.gz
 !ks-console-*.tgz
 .vscode
+.DS_Store
+cli/output
+daemon/output
+daemon/bin
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 <div align="center">

-# Olares - Your Sovereign Cloud, an Open-Source Self-Hosted Alternative to Public Clouds <!-- omit in toc -->
+# Olares: An Open-Source Personal Cloud to </br>Reclaim Your Data<!-- omit in toc -->

 [![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br/>
 [![Last Commit](https://img.shields.io/github/last-commit/beclab/olares)](https://github.com/beclab/olares/commits/main)
@@ -13,73 +13,41 @@
 <p>
  <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
  <a href="./README_CN.md"><img alt="Readme in Chinese" src="https://img.shields.io/badge/简体中文-FFFFFF"></a>
+  <a href="./README_JP.md"><img alt="Readme in Japanese" src="https://img.shields.io/badge/日本語-FFFFFF"></a>
 </p>

 </div>

-https://github.com/user-attachments/assets/5ea2fe30-7bd2-49ed-be26-e12f1d5d8cb1
-
-*Build your local AI assistants, sync data across places, self-host your workspace, stream your own media, and more—all in your sovereign cloud made possible by Olares.*
-
 <p align="center">
-  <a href="https://olares.xyz">Website</a> ·
-  <a href="https://docs.olares.xyz">Documentation</a> ·
-  <a href="https://olares.xyz/larepass">Download LarePass</a> ·
+  <a href="https://olares.com">Website</a> ·
+  <a href="https://docs.olares.com">Documentation</a> ·
+  <a href="https://olares.com/larepass">Download LarePass</a> ·
  <a href="https://github.com/beclab/apps">Olares Apps</a> ·
-  <a href="https://space.olares.xyz">Olares Space</a>
+  <a href="https://space.olares.com">Olares Space</a>
 </p>

-> [!IMPORTANT]  
-> We just finished our rebranding from Terminus to Olares recently. For more information, refer to our [rebranding blog](https://olares.medium.com/terminus-is-now-olares-2c3bf782f9d1). 
+>*The modern internet built on public clouds is increasingly threatening your personal data privacy. As reliance on services like ChatGPT, Midjourney, and Facebook grows, so does the risk to your digital autonomy. Your data lives on their servers, subject to their terms, tracking, and potential censorship.*
+>
+>*It's time for a change.* 

-## Table of Contents <!-- omit in toc -->
- [Introduction](#introduction)
- [Motivation and design](#motivation-and-design)
- [Tech stacks](#tech-stacks)
- [Features](#features)
- [Feature comparison](#feature-comparison)
- [Getting started](#getting-started)
- [Project navigation](#project-navigation)
- [Contributing to Olares](#contributing-to-olares)
- [Community \& contact](#community--contact)
- [Staying ahead](#staying-ahead)
- [Special thanks](#special-thanks)
-  
-## Introduction
+![Personal Cloud](https://file.bttcdn.com/github/olares/public-cloud-to-personal-cloud.jpg)
+We believe you have a fundamental right to control your digital life. The most effective way to uphold this right is by hosting your data locally, on your own hardware.

-Olares is the sovereign cloud that puts you in control. It's an open-source, self-hosted alternative to public clouds like AWS, built to reclaim your data ownership and privacy. By combining the power of Kubernetes with a streamlined interface, Olares enables you to take full control of your data and computing resources. Whether you're managing a homelab, hosting applications, or safeguarding your privacy, Olares delivers the flexibility and capabilities of public clouds, without compromising privacy or security.
+Olares is an **open-source personal cloud operating system** designed to empower you to own and manage your digital assets locally. Instead of relying on public cloud services, you can deploy powerful open-source alternatives locally on Olares, such as Ollama for hosting LLMs, SD WebUI for image generation, and Mastodon for building censor free social space. Imagine the power of the cloud, but with you in complete command.

-Typical use cases of Olares include:
+> 🌟 *Star us to receive instant notifications about new releases and updates.* 

-🤖 **Local AI**: Host and run world-class open-source AI models locally, including large language models, image generation, and speech recognition. Create custom AI assistants that integrate seamlessly with your personal data and applications, all while ensuring enhanced privacy and control. <br>
+## Architecture 

-💻**Personal data repository**: Securely store, sync, and manage your photos, documents, and important files in a unified storage and access anywhere. <br>
+Just as Public clouds offer IaaS, PaaS, and SaaS layers, Olares provides open-source alternatives to each of these layers.

-🛠️ **Self-hosted workspace**: Create a free, powerful workspace for your team or family with open source self-hosted alternatives. <br>
+  ![Tech Stacks](https://file.bttcdn.com/github/olares/olares-architecture.jpg)

-🎥 **Private media server**: Host your own streaming services with your personal media collections. <br>
+ For detailed description of each component, refer to [Olares architecture](https://docs.olares.com/manual/system-architecture.html).

-🏡 **Smart Home Hub**: Create a central control point for your IoT devices and home automation. <br>
-
-🤝 **User-owned decentralized social media**: Easily install decentralized social media apps such as Mastodon, Ghost, and WordPress on Olares, allowing you to build a personal brand without the risk of being banned or paying platform commissions.<br>
-
-📚 **Learning platform**: Explore self-hosting, container orchestration, and cloud technologies hands-on.
-
-## Motivation and design
-
-We believe the current state of the internet, where user data is centralized and exploited by monopolistic corporations, is deeply flawed. Our goal is to empower individuals with true data ownership and control.
-
-Olares provides a next-generation decentralized Internet framework consisting of the following three integral components:  
-
- **Snowinning Protocol**: A decentralized identity and reputation system that integrates decentralized identifiers (DIDs), verifiable credentials (VCs), and reputation data. 
- **Olares OS**: An one-stop self-hosted operating system running on edge devices, allowing users to host their own data and applications.  
- **LarePass**: A comprehensive client software that securely bridges users to their Olares systems. It offers remote access, identity and device management, data storage, and productivity tools, providing a seamless interface for all Olares interactions.  
-
-## Tech stacks
-
- Public clouds have IaaS, PaaS, and SaaS layers. Olares provides open-source alternatives to these layers.
-
-  ![Tech Stacks](https://file.bttcdn.com/github/terminus/v2/tech-stack-olares.jpeg)
+> 🔍 **How is Olares different from traditional NAS?**
+>
+> Olares focuses on building an all-in-one self-hosted personal cloud experience. Its core features and target users differ significantly from traditional Network Attached Storage (NAS) systems, which primarily focus on network storage. For more details, see [Compare Olares and NAS](https://docs.olares.com/manual/olares-vs-nas.html).

 ## Features

@@ -94,145 +62,78 @@ Olares offers a wide array of features designed to enhance security, ease of use
 - **Seamless anywhere access**: Access your devices from anywhere using dedicated clients for mobile, desktop, and browsers.
 - **Development tools**: Comprehensive development tools for effortless application development and porting.

-## Feature comparison
+Here are some screenshots from the UI for a sneak peek:

-To help you understand how Olares stands out in the landscape, we've created a comparison table that highlights its features alongside those of other leading solutions in the market.
+| **Desktop–Streamlined and familiar portal**     |  **Files–A secure home to your data**
+| :--------: | :-------: |
+| ![Desktop](https://file.bttcdn.com/github/terminus/v2/desktop.jpg) | ![Files](https://file.bttcdn.com/github/terminus/v2/files.jpg) |
+| **Vault–1Password alternative**|**Market–App ecosystem in your control** |
+| ![vault](https://file.bttcdn.com/github/terminus/v2/vault.jpg) | ![market](https://file.bttcdn.com/github/terminus/v2/market.jpg) |
+|**Wise–Your digital secret garden** | **Settings–Manage Olares efficiently** |
+| ![settings](https://file.bttcdn.com/github/terminus/v2/wise.jpg) | ![](https://file.bttcdn.com/github/terminus/v2/settings.jpg) |
+|**Dashboard–Constant system monitoring**  | **Profile–Your unique homepage** |
+| ![dashboard](https://file.bttcdn.com/github/terminus/v2/dashboard.jpg) | ![profile](https://file.bttcdn.com/github/terminus/v2/profile.jpg) |
+| **Studio–Develop, debug, and deploy**|**Control Hub–Manage Kubernetes clusters easily**  |
+| ![Studio](https://file.bttcdn.com/github/terminus/v2/devbox.jpg) | ![Controlhub](https://file.bttcdn.com/github/terminus/v2/controlhub.jpg)|

-**Legend:** 

- 🚀: **Auto**, indicates that the system completes the task automatically.
- ✅: **Yes**, indicates that users without a developer background can complete the setup through the product's UI prompts.
- 🛠️: **Manual Configuration**, indicates that even users with an engineering background need to refer to tutorials to complete the setup.
- ❌:  **No**, indicates that the feature is not supported.
+## Key use cases

-| | Olares | Synology | TrueNAS | CasaOS | Unraid |
-| --- | --- | --- | --- | --- | --- |
-| Source Code License | Olares License | Closed | GPL 3.0 | Apache 2.0 | Closed |
-| Built On | Kubernetes | Linux | Kubernetes | Docker | Docker |
-| Multi-Node | ✅   | ❌   | ✅   | ❌   | ❌   |
-| Build-in Apps | ✅ (Rich desktop apps) | ✅ (Rich desktop apps) | ❌ (CLI) | ✅ (Simple desktop apps) | ✅ (Dashboard) |
-| Free Domain Name | ✅   | ✅   | ❌   | ❌   | ❌   |
-| Auto SSL Certificate | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ |
-| Reverse Proxy | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ |
-| VPN Management | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Graded App Entrance | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Multi-User Management | ✅ User management <br>🚀 Resource isolation | ✅ User management<br>🛠️ Resource isolation | ✅ User management<br>🛠️ Resource isolation | ❌   | ✅ User management  <br>🛠️ Resource isolation |
-| Single Login for All Apps | 🚀  | ❌   | ❌   | ❌   |  ❌   |
-| Cross-Node Storage | 🚀 (Juicefs+<br>MinIO) | ❌   | ❌   | ❌   | ❌   |
-| Database Solution | 🚀 (Built-in cloud-native solution) | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Disaster Recovery | 🚀 (MinIO's [**Erasure Coding**](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html)**)** | ✅ RAID | ✅ RAID | ✅ RAID | ✅ Unraid Storage |
-| Backup | ✅ App Data  <br>✅ User Data | ✅ User Data | ✅ User Data | ✅ User Data | ✅ User Data |
-| App Sandboxing | ✅   | ❌   | ❌ (K8S's namespace) | ❌   | ❌   |
-| App Ecosystem | ✅ (Official + third-party) | ✅ (Majorly official apps) | ✅ (Official + third-party submissions) | ✅ Majorly official apps | ✅ (Community app market) |
-| Developer Friendly | ✅ IDE  <br>✅ CLI  <br>✅ SDK  <br>✅ Doc | ✅ CLI  <br>✅ SDK  <br>✅ Doc | ✅ CLI  <br>✅ Doc | ✅ CLI  <br>✅ Doc | ✅ Doc |
-| Local LLM Hosting | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Local LLM app development | 🚀 | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| Client Platforms | ✅ Android  <br>✅ iOS  <br>✅ Windows  <br>✅ Mac  <br>✅ Chrome Plugin | ✅ Android  <br>✅ iOS | ❌   | ❌   | ❌   |
-| Client Functionality | ✅ (All-in-one client app) | ✅ (14 separate client apps) | ❌   | ❌   |  ❌   |
+Here is why and where you can count on Olares for private, powerful, and secure sovereign cloud experience:
+
+🤖 **Edge AI**: Run cutting-edge open AI models locally, including large language models, computer vision, and speech recognition. Create private AI services tailored to your data for enhanced functionality and privacy. <br>
+
+📊 **Personal data repository**: Securely store, sync, and manage your important files, photos, and documents across devices and locations.<br>
+
+🚀 **Self-hosted workspace**: Build a free collaborative workspace for your team using secure, open-source SaaS alternatives.<br>
+
+🎥 **Private media server**: Host your own streaming services with your personal media collections. <br>
+
+🏡 **Smart Home Hub**: Create a central control point for your IoT devices and home automation. <br>
+
+🤝 **User-owned decentralized social media**: Easily install decentralized social media apps such as Mastodon, Ghost, and WordPress on Olares, allowing you to build a personal brand without the risk of being banned or paying platform commissions.<br>
+
+📚 **Learning platform**: Explore self-hosting, container orchestration, and cloud technologies hands-on.

 ## Getting started

 ### System compatibility
-Olares is available for Linux, Raspberry Pi, Mac, and Windows. It has been tested and verified on the following systems:

-| Platform            | Operating system                     | Notes                                                 |
-|---------------------|--------------------------------------|-------------------------------------------------------|
-| Linux               | Ubuntu 24.04 <br/> Debian 12.8       |                                                       |
-| Raspberry Pi        | RaspbianOS                           | Verified on Raspberry Pi 4 Model B and Raspberry Pi 5 |
-| Windows             | Windows 11 23H2 <br/>Windows 10 22H2 |                                                       |
-| Mac (Apple silicon) | macOS Ventura 13.3.1               |                                                       |
-| Proxmox VE (PVE)    | Proxmox Virtual Environment 8.0      |                                                       |
+Olares has been tested and verified on the following Linux platforms:

-> **Note**
-> 
-> If you successfully install Olares on an operating system that is not listed in the compatibility table, please let us know! You can [open an issue](https://github.com/beclab/Olares/issues/new) or submit a pull request on our GitHub repository.
+- Ubuntu 24.04 LTS or later
+- Debian 11 or later

 ### Set up Olares
-To get started with Olares on your own device, follow the [Getting Started Guide](https://docs.olares.xyz/manual/get-started/) for step-by-step instructions.
+To get started with Olares on your own device, follow the [Getting Started Guide](https://docs.olares.com/manual/get-started/) for step-by-step instructions.

 ## Project navigation

-Olares consists of numerous code repositories publicly available on GitHub. The current repository is responsible for the final compilation, packaging, installation, and upgrade of the operating system, while specific changes mostly take place in their corresponding repositories.
+> [!NOTE]  
+> We are currently consolidating Olares subproject code into this repository. This process may take a few months. Once finished, you will get a comprehensive view of the entire Olares system here.

-The following table lists the project directories under Olares and their corresponding repositories. Find the one that interests you:

-<details>
-<summary><b>Framework components</b></summary>
-  
-| Directory | Repository | Description |
-| --- | --- | --- |
-| [frameworks/app-service](https://github.com/beclab/olares/tree/main/frameworks/app-service) | <https://github.com/beclab/app-service> | A system framework component that provides lifecycle management and various security controls for all apps in the system. |
-| [frameworks/backup-server](https://github.com/beclab/olares/tree/main/frameworks/backup-server) | <https://github.com/beclab/backup-server> | A system framework component that provides scheduled full or incremental cluster backup services. |
-| [frameworks/bfl](https://github.com/beclab/olares/tree/main/frameworks/bfl) | <https://github.com/beclab/bfl> | Backend For Launcher (BFL), a system framework component serving as the user access point and aggregating and proxying interfaces of various backend services. |
-| [frameworks/GPU](https://github.com/beclab/olares/tree/main/frameworks/GPU) | <https://github.com/grgalex/nvshare> | GPU sharing mechanism that allows multiple processes (or containers running on Kubernetes) to securely run on the same physical GPU concurrently, each having the whole GPU memory available. |
-| [frameworks/l4-bfl-proxy](https://github.com/beclab/olares/tree/main/frameworks/l4-bfl-proxy) | <https://github.com/beclab/l4-bfl-proxy> | Layer 4 network proxy for BFL. By prereading SNI, it provides a dynamic route to pass through into the user's Ingress. |
-| [frameworks/osnode-init](https://github.com/beclab/olares/tree/main/frameworks/osnode-init) | <https://github.com/beclab/osnode-init> | A system framework component that initializes node data when a new node joins the cluster. |
-| [frameworks/system-server](https://github.com/beclab/olares/tree/main/frameworks/system-server) | <https://github.com/beclab/system-server> | As a part of system runtime frameworks, it provides a mechanism for security calls between apps. |
-| [frameworks/tapr](https://github.com/beclab/olares/tree/main/frameworks/tapr) | <https://github.com/beclab/tapr> | Olares Application Runtime components. |
-</details>
+This section lists the main directories in the Olares repository:

-<details>
-<summary><b>System-Level Applications and Services</b></summary>
-  
-| Directory | Repository | Description |
-| --- | --- | --- |
-| [apps/analytic](https://github.com/beclab/olares/tree/main/apps/analytic) | <https://github.com/beclab/analytic> | Developed based on [Umami](https://github.com/umami-software/umami), Analytic is a simple, fast, privacy-focused alternative to Google Analytics. |
-| [apps/market](https://github.com/beclab/olares/tree/main/apps/market) | <https://github.com/beclab/market> | This repository deploys the front-end part of the application market in Olares. |
-| [apps/market-server](https://github.com/beclab/olares/tree/main/apps/market-server) | <https://github.com/beclab/market> | This repository deploys the back-end part of the application market in Olares. |
-| [apps/argo](https://github.com/beclab/olares/tree/main/apps/argo) | <https://github.com/argoproj/argo-workflows> | A workflow engine for orchestrating container execution of local recommendation algorithms. |
-| [apps/desktop](https://github.com/beclab/olares/tree/main/apps/desktop) | <https://github.com/beclab/desktop> | The built-in desktop application of the system. |
-| [apps/devbox](https://github.com/beclab/olares/tree/main/apps/devbox) | <https://github.com/beclab/devbox> | An IDE for developers to port and develop Olares applications. |
-| [apps/vault](https://github.com/beclab/olares/tree/main/apps/vault) | <https://github.com/beclab/termipass> | A free alternative to 1Password and Bitwarden for teams and enterprises of any size Developed based on [Padloc](https://github.com/padloc/padloc). It serves as the client that helps you manage DID, Olares ID, and Olares devices. |
-| [apps/files](https://github.com/beclab/olares/tree/main/apps/files) | <https://github.com/beclab/files> | A built-in file manager modified from [Filebrowser](https://github.com/filebrowser/filebrowser), providing management of files on Drive, Sync, and various Olares physical nodes. |
-| [apps/notifications](https://github.com/beclab/olares/tree/main/apps/notifications) | <https://github.com/beclab/notifications> | The notifications system of Olares |
-| [apps/profile](https://github.com/beclab/olares/tree/main/apps/profile) | <https://github.com/beclab/profile> | Linktree alternative in Olares|
-| [apps/rsshub](https://github.com/beclab/olares/tree/main/apps/rsshub) | <https://github.com/beclab/rsshub> | A RSS subscription manager based on [RssHub](https://github.com/DIYgod/RSSHub). |
-| [apps/settings](https://github.com/beclab/olares/tree/main/apps/settings) | <https://github.com/beclab/settings> | Built-in system settings. |
-| [apps/system-apps](https://github.com/beclab/olares/tree/main/apps/system-apps) | <https://github.com/beclab/system-apps> | Built based on the _kubesphere/console_ project, system-service provides a self-hosted cloud platform that helps users understand and control the system's runtime status and resource usage through a visual Dashboard and feature-rich ControlHub. |
-| [apps/wizard](https://github.com/beclab/olares/tree/main/apps/wizard) | <https://github.com/beclab/wizard> | A wizard application to walk users through the system activation process. |
-</details>
-
-<details>
-<summary><b>Third-party Components and Services</b></summary>
-
-| Directory | Repository | Description |
-| --- | --- | --- |
-| [third-party/authelia](https://github.com/beclab/olares/tree/main/third-party/authelia) | <https://github.com/beclab/authelia> | An open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. |
-| [third-party/headscale](https://github.com/beclab/olares/tree/main/third-party/headscale) | <https://github.com/beclab/headscale> | An open source, self-hosted implementation of the Tailscale control server in Olares to manage Tailscale in LarePass across different devices. |
-| [third-party/infisical](https://github.com/beclab/olares/tree/main/third-party/infisical) | <https://github.com/beclab/infisical> | An open-source secret management platform that syncs secrets across your teams/infrastructure and prevents secret leaks. |
-| [third-party/juicefs](https://github.com/beclab/olares/tree/main/third-party/juicefs) | <https://github.com/beclab/juicefs-ext> | A distributed POSIX file system built on top of Redis and S3, allowing apps on different nodes to access the same data via POSIX interface. |
-| [third-party/ks-console](https://github.com/beclab/olares/tree/main/third-party/ks-console) | <https://github.com/kubesphere/console> | Kubesphere console that allows for cluster management via a Web GUI. |
-| [third-party/ks-installer](https://github.com/beclab/olares/tree/main/third-party/ks-installer) | <https://github.com/beclab/ks-installer-ext> | Kubesphere installer component that automatically creates Kubesphere clusters based on cluster resource definitions. |
-| [third-party/kube-state-metrics](https://github.com/beclab/olares/tree/main/third-party/kube-state-metrics) | <https://github.com/beclab/kube-state-metrics> | kube-state-metrics (KSM) is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. |
-| [third-party/notification-manager](https://github.com/beclab/olares/tree/main/third-party/notification-manager) | <https://github.com/beclab/notification-manager-ext> | Kubesphere's notification management component for unified management of multiple notification channels and custom aggregation of notification content. |
-| [third-party/predixy](https://github.com/beclab/olares/tree/main/third-party/predixy) | <https://github.com/beclab/predixy> | Redis cluster proxy service that automatically identifies available nodes and adds namespace isolation. |
-| [third-party/redis-cluster-operator](https://github.com/beclab/olares/tree/main/third-party/redis-cluster-operator) | <https://github.com/beclab/redis-cluster-operator> | A cloud-native tool for creating and managing Redis clusters based on Kubernetes. |
-| [third-party/seafile-server](https://github.com/beclab/olares/tree/main/third-party/seafile-server) | <https://github.com/beclab/seafile-server> | The backend service of Seafile (Sync Drive) for handling data storage. |
-| [third-party/seahub](https://github.com/beclab/olares/tree/main/third-party/seahub) | <https://github.com/beclab/seahub> | The front-end and middleware service of Seafile (Sync Drive) for handling file sharing, data synchronization, etc. |
-| [third-party/tailscale](https://github.com/beclab/olares/tree/main/third-party/tailscale) | <https://github.com/tailscale/tailscale> | Tailscale has been integrated in LarePass of all platforms. |
-</details>
-
-<details>
-<summary><b>Additional libraries and components</b></summary>
-
-| Directory | Repository | Description |
-| --- | --- | --- |
-| [build/installer](https://github.com/beclab/olares/tree/main/build/installer) |     | The template for generating the installer build. |
-| [build/manifest](https://github.com/beclab/olares/tree/main/build/manifest) |     | Installation build image list template. |
-| [libs/fs-lib](https://github.com/beclab/olares/tree/main/libs) | <https://github.com/beclab/fs-lib> | The SDK library for the iNotify-compatible interface implemented based on JuiceFS. |
-| [scripts](https://github.com/beclab/olares/tree/main/scripts) |     | Assisting scripts for generating the installer build. |
-</details>
+* **`apps`**: Contains the code for system applications, primarily for `larepass`.
+* **`cli`**: Contains the code for `olares-cli`, the command-line interface tool for Olares.
+* **`daemon`**: Contains the code for `olaresd`, the system daemon process.
+* **`docs`**: Contains documentation for the project.
+* **`framework`**: Contains the Olares system services.
+* **`infrastructure`**: Contains code related to infrastructure components such as computing, storage, networking, and GPUs.
+* **`platform`**: Contains code for cloud-native components like databases and message queues.
+* **`vendor`**: Contains code from third-party hardware vendors.

 ## Contributing to Olares

 We are welcoming contributions in any form:

 - If you want to develop your own applications on Olares, refer to:<br>
-https://docs.olares.xyz/developer/develop/
+https://docs.olares.com/developer/develop/


 - If you want to help improve Olares, refer to:<br>
-https://docs.olares.xyz/developer/contribute/olares.html
+https://docs.olares.com/developer/contribute/olares.html

 ## Community & contact

@@ -240,14 +141,6 @@ https://docs.olares.xyz/developer/contribute/olares.html
 * [**GitHub Issues**](https://github.com/beclab/olares/issues). Best for filing bugs you encounter using Olares and submitting feature proposals. 
 * [**Discord**](https://discord.com/invite/BzfqrgQPDK). Best for sharing anything Olares.

-## Staying ahead
-
-Star the Olares project to receive instant notifications about new releases and updates.
-
- 
-![star us](https://file.bttcdn.com/github/terminus/terminus.git.v2.gif)
- 
-
 ## Special thanks

 The Olares project has incorporated numerous third-party open source projects, including: [Kubernetes](https://kubernetes.io/), [Kubesphere](https://github.com/kubesphere/kubesphere), [Padloc](https://padloc.app/), [K3S](https://k3s.io/), [JuiceFS](https://github.com/juicedata/juicefs), [MinIO](https://github.com/minio/minio), [Envoy](https://github.com/envoyproxy/envoy), [Authelia](https://github.com/authelia/authelia), [Infisical](https://github.com/Infisical/infisical), [Dify](https://github.com/langgenius/dify), [Seafile](https://github.com/haiwen/seafile),[HeadScale](https://headscale.net/), [tailscale](https://tailscale.com/), [Redis Operator](https://github.com/spotahome/redis-operator), [Nitro](https://nitro.jan.ai/), [RssHub](http://rsshub.app/), [predixy](https://github.com/joyieldInc/predixy), [nvshare](https://github.com/grgalex/nvshare), [LangChain](https://www.langchain.com/), [Quasar](https://quasar.dev/), [TrustWallet](https://trustwallet.com/), [Restic](https://restic.net/), [ZincSearch](https://zincsearch-docs.zinc.dev/), [filebrowser](https://filebrowser.org/), [lego](https://go-acme.github.io/lego/), [Velero](https://velero.io/), [s3rver](https://github.com/jamhall/s3rver), [Citusdata](https://www.citusdata.com/).
--- a/README_CN.md
+++ b/README_CN.md
@@ -1,6 +1,6 @@
 <div align="center">

-# Olares - 您的主权云，一个开源自托管的公有云替代方案<!-- omit in toc -->
+# Olares：助您重获数据主权的开源个人云

 [![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br/>
 [![Last Commit](https://img.shields.io/github/last-commit/beclab/terminus)](https://github.com/beclab/olares/commits/main)
@@ -13,73 +13,45 @@
 <p>
  <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
  <a href="./README_CN.md"><img alt="Readme in Chinese" src="https://img.shields.io/badge/简体中文-FFFFFF"></a>
+  <a href="./README_JP.md"><img alt="Readme in Japanese" src="https://img.shields.io/badge/日本語-FFFFFF"></a>
 </p>

 </div>

-
-[![cover](https://file.bttcdn.com/github/terminus/desktop-dark.jpeg)](https://github.com/user-attachments/assets/5ea2fe30-7bd2-49ed-be26-e12f1d5d8cb1)
-
-*Olares 让你体验更多可能：构建个人 AI 助理、随时随地同步数据、自托管团队协作空间、打造私人影视厅——无缝整合你的数字生活。*
-
 <p align="center">
-  <a href="https://olares.xyz">网站</a> ·
-  <a href="https://docs.olares.xyz">文档</a> ·
-  <a href="https://docs.olares.xyz/larepass">下载 LarePass</a> ·
+  <a href="https://olares.com">网站</a> ·
+  <a href="https://docs.olares.com">文档</a> ·
+  <a href="https://olares.com/larepass">下载 LarePass</a> ·
  <a href="https://github.com/beclab/apps">Olares 应用</a> ·
-  <a href="https://space.olares.xyz">Olares Space</a>
+  <a href="https://space.olares.com">Olares Space</a>
 </p>

-## 目录 <!-- omit in toc -->
+> *基于公有云构建的现代互联网日益威胁着您的个人数据隐私。随着您对 ChatGPT、Midjourney 和脸书等服务的依赖加深，您对数字自主权的掌控也在减弱。您的数据存储在他人服务器上，受其条款约束，被追踪并审查。*
+>
+> *是时候做出改变了。*

- [介绍](#介绍)
- [动机与设计](#动机与设计)
- [技术栈](#技术栈)
- [功能](#功能)
- [功能对比](#功能对比)
- [快速开始](#快速开始)
- [项目目录](#项目目录)
- [社区贡献](#社区贡献)
- [社区支持](#社区支持)
- [持续关注](#持续关注)
- [特别感谢](#特别感谢)
-  
-## 介绍
+![个人云](https://file.bttcdn.com/github/olares/public-cloud-to-personal-cloud.jpg)

-Olares 是一个让您完全掌控的主权云平台。它是一个开源的、自托管的公有云替代方案，旨在帮助您重获数据所有权和隐私控制权。通过将Kubernetes的强大功能与简化的用户界面相结合，Olares使您能够完全掌控自己的数据和计算资源。无论您是在管理家庭实验环境、部署应用程序，还是保护个人隐私，Olares都能提供与公有云同等的灵活性和功能，同时确保您的隐私和安全不受损害。
+我们坚信，**您拥有掌控自己数字生活的基本权利**。维护这一权利最有效的方式，就是将您的数据托管在本地，在您自己的硬件上。

-Olares 支持以下应用场景：
+Olares 是一款开源个人云操作系统，旨在让您能够轻松在本地拥有并管理自己的数字资产。您无需再依赖公有云服务，而可以在 Olares 上本地部署强大的开源平替服务或应用，例如可以使用 Ollama 托管大语言模型，使用 SD WebUI 用于图像生成，以及使用 Mastodon 构建不受审查的社交空间。Olares 让你坐拥云计算的强大威力，又能完全将其置于自己掌控之下。

-🤖**本地 AI 助手**：在本地部署运行顶级开源 AI 模型，涵盖语言处理、图像生成和语音识别等领域。根据个人需求定制 AI 助手，确保数据隐私和控制权均处于自己手中。<br>
+> 为 Olares 点亮 🌟 以及时获取新版本和更新的通知。

-💻**个人数据仓库**：所有个人文件，包括照片、文档和重要资料，都可以在这个安全的统一平台上存储和同步，随时随地都能方便地访问。<br>
+## 系统架构

-🛠️**自托管工作空间**：利用开源解决方案，无需成本即可为家庭或工作团队搭建一个功能强大的工作空间。<br>
-
-🎥**私人媒体服务器**：用自己的视频和音乐库搭建一个私人流媒体服务，随时享受个性化的娱乐体验。<br>
-
-🏡**智能家居中心**：将所有智能设备和自动化系统集中在一个易于管理的控制中心，实现家庭智能化的简便操作。<br>
-
-🤝**独立的社交媒体平台**：在 Olares 上部署去中心化社交媒体应用，如 Mastodon、Ghost 和 WordPress，自由建立和扩展个人品牌，无需担忧封号或支付额外费用。<br>
-
-📚**学习探索**：深入学习自托管服务、容器技术和云计算，并上手实践。<br>
-
-## 动机与设计
-
-我们深知当前互联网的局限性——用户的数据被主流互联网或云服务公司掌控，并用于其商业利益。我们致力于改变这一现状，希望通过 Olares 赋予用户真正的数据所有权和控制权。
-
-Olares 为此提供了一套全新的去中心化互联网框架，主要包括以下三个部分：
-
- **Snowinning Protocol**：一个去中心化的身份和声誉系统，融合了去中心化标识符（DIDs）、可验证凭证（VCs）以及声誉数据，帮助用户在网络世界中安全地管理自己的身份。
- **Olares**：一个专为边缘设备设计的自托管操作系统，用户可以在此系统上自主托管自己的数据和应用，确保数据的私密性和安全性。
- **LarePass**：一款功能全面的客户端软件，通过安全的方式将用户与其 Olares 系统连接起来。它不仅支持远程访问、身份和设备管理，还提供数据存储和各种办公工具，让用户高效管理其日常工作和个人数据。
-
-## 技术栈
 公有云具有基础设施即服务（IaaS）、平台即服务（PaaS）和软件即服务（SaaS）等层级。Olares 为这些层级提供了开源替代方案。

-  ![技术栈](https://file.bttcdn.com/github/terminus/v2/tech-stack-olares.jpeg)
+  ![技术栈](https://file.bttcdn.com/github/olares/olares-architecture.jpg)

-## 功能
+详细描述请参考 [Olares 架构](https://docs.olares.cn/zh/manual/system-architecture.html)文档。
+
+>🔍**Olares 和 NAS 有什么不同？**
+>
+> Olares 致力于打造一站式的自托管个人云体验。其核心功能与用户定位，均与专注于网络存储的传统 NAS 有着显著的不同，详情请参考 [Olares 与 NAS 对比](https://docs.olares.com/zh/manual/olares-vs-nas.html)。
+
+
+## 功能特性

 Olares 提供了一系列功能，旨在提升安全性、使用便捷性以及开发的灵活性：

@@ -92,163 +64,83 @@ Olares 提供了一系列功能，旨在提升安全性、使用便捷性以及
 - **无缝访问**：通过移动端、桌面端和网页浏览器客户端，从全球任何地方访问设备。
 - **开发工具**：提供全面的工具支持，便于开发和移植应用，加速开发进程。

-## 功能对比
+以下是用户界面的一些截图预览：

-为了帮您快速了解 Olares 在市场中的独特优势，我们制作了一张功能比较表，详细展示了 Olares 的功能以及与市场上其他主流解决方案的对比。
+| **桌面：熟悉高效的访问入口**     |  **文件管理器：安全存储数据**
+| :--------: | :-------: |
+| ![桌面](https://file.bttcdn.com/github/terminus/v2/desktop.jpg) | ![文件](https://file.bttcdn.com/github/terminus/v2/files.jpg) |
+| **Vault：密码无忧管理**|**市场：可控的应用生态系统** |
+| ![vault](https://file.bttcdn.com/github/terminus/v2/vault.jpg) | ![市场](https://file.bttcdn.com/github/terminus/v2/market.jpg) |
+|**Wise：数字后花园** | **设置：高效管理 Olares** |
+| ![设置](https://file.bttcdn.com/github/terminus/v2/wise.jpg) | ![](https://file.bttcdn.com/github/terminus/v2/settings.jpg) |
+|**仪表盘：持续监控 Olares**  | **Profile：独特的个人主页** |
+| ![面板](https://file.bttcdn.com/github/terminus/v2/dashboard.jpg) | ![profile](https://file.bttcdn.com/github/terminus/v2/profile.jpg) |
+| **Studio：一站式开发、调试和部署**|**控制面板：轻松管理 Kubernetes 集群**  |
+| ![Devbox](https://file.bttcdn.com/github/terminus/v2/devbox.jpg) | ![控制中心](https://file.bttcdn.com/github/terminus/v2/controlhub.jpg)|

-**图例：** 
+## 使用场景

- 🚀: **自动** - 表示系统自动完成任务。
- ✅: **支持** - 表示无开发背景的用户可以通过产品的 UI 提示完成设置。
- 🛠️: **手动配置** - 表示即使是有工程背景的用户也需要参考教程来完成设置。
- ❌: **不支持** - 表示不支持该功能。
+在以下场景中，Olares 为您带来私密、强大且安全的私有云体验：

-| | Olares | 群晖 | TrueNAS | CasaOS | Unraid |
-| --- | --- | --- | --- | --- | --- |
-| 源代码许可证 | Olares 许可证 | 闭源 | GPL 3.0 | Apache 2.0 | 闭源 |
-| 开发 | Kubernetes | Linux | Kubernetes | Docker | Docker |
-| 多节点支持 | ✅   | ❌   | ✅   | ❌   | ❌   |
-| 内置应用 | ✅（桌面应用丰富）| ✅（桌面应用丰富） | ❌ (CLI) | ✅ （桌面应用较少） | ✅（面板） |
-| 免费域名 | ✅   | ✅   | ❌   | ❌   | ❌   |
-| 自动 SSL 证书 | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ |
-| 反向代理 | 🚀  | ✅   | 🛠️ | 🛠️ | 🛠️ |
-| VPN 管理 | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| 分级应用入口 | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| 多用户管理 | ✅ 用户管理 <br>🚀 资源隔离 | ✅ 用户管理 <br>🛠️ 资源隔离 | ✅ 用户管理<br>🛠️ 资源隔离 | ❌   | ✅ 用户管理  <br>🛠️ 资源隔离 |
-| 单一登录 | 🚀  | ❌   | ❌   | ❌   |  ❌   |
-| 跨节点存储 | 🚀 (Juicefs+<br>MinIO) | ❌   | ❌   | ❌   | ❌   |
-| 数据库解决方案 | 🚀 (内置云原生解决方案) | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| 灾难恢复 | 🚀 (MinIO的[**纠错码**](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.html)**)** | ✅ RAID | ✅ RAID | ✅ RAID | ✅ Unraid Storage |
-| 备份 | ✅ 应用数据  <br>✅ 用户数据 | ✅ 用户数据 | ✅ 用户数据 | ✅ 用户数据 | ✅ 用户数据 |
-| 应用沙盒 | ✅   | ❌   | ❌ （K8S的命名空间） | ❌   | ❌   |
-| 应用生态系统 | ✅ （官方 + 第三方应用） | ✅ （官方应用为主） | ✅ （官方应用 + 第三方提交）| ✅ （官方应用为主） | ✅ （社区应用市场） |
-| 开发者友好 | ✅ IDE  <br>✅ CLI  <br>✅ SDK  <br>✅ 文档| ✅ CLI  <br>✅ SDK  <br>✅ 文档 | ✅ CLI  <br>✅ 文档 | ✅ CLI  <br>✅ 文档 | ✅ 文档 |
-| 本地 LLM 部署 | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| 本地 LLM 应用开发 | 🚀  | 🛠️ | 🛠️ | 🛠️ | 🛠️ |
-| 客户端 | ✅ Android  <br>✅ iOS  <br>✅ Windows  <br>✅ Mac  <br>✅ Chrome 插件 | ✅ Android  <br>✅ iOS | ❌   | ❌   | ❌   |
-| 客户端功能 | ✅ （一体化客户端应用） | ✅ （14个分散的客户端应用）| ❌   | ❌   |  ❌   |
+🤖**本地 AI 助手**：在本地部署运行顶级开源 AI 模型，涵盖语言处理、图像生成和语音识别等领域。根据个人需求定制 AI 助手，确保数据隐私和控制权均处于自己手中。<br>
+
+💻**个人数据仓库**：所有个人文件，包括照片、文档和重要资料，都可以在这个安全的统一平台上存储和同步，随时随地都能方便地访问。<br>
+
+🛠️**自托管工作空间**：利用开源 SaaS 平替方案，无需成本即可为家庭或工作团队搭建一个功能强大的工作空间。<br>
+
+🎥**私人媒体服务器**：用自己的视频和音乐库搭建一个私人流媒体服务，随时享受个性化的娱乐体验。<br>
+
+🏡**智能家居中心**：将所有智能设备和自动化系统集中在一个易于管理的控制中心，实现家庭智能化的简便操作。<br>
+
+🤝**独立的社交媒体平台**：在 Olares 上部署去中心化社交媒体应用，如 Mastodon、Ghost 和 WordPress，自由建立和扩展个人品牌，无需担忧封号或支付额外费用。<br>
+
+📚**学习探索**：深入学习自托管服务、容器技术和云计算，并上手实践。<br>

 ## 快速开始

 ### 系统兼容性
-你可以在 Linux、Raspberry Pi、Mac 和 Windows 上安装 Olares。目前已验证支持的系统环境如下：

-| 平台            | 操作系统                     | 备注                                                 |
-|---------------------|--------------------------------------|-------------------------------------------------------|
-| Linux               | Ubuntu 24.04 <br/> Debian 12.8       |                                                       |
-| Raspberry Pi        | RaspbianOS                           | 已在 Raspberry Pi 4 Model B 和 Raspberry Pi 5 上验证|
-| Windows             | Windows 11 23H2 <br/>Windows 10 22H2 |                                                       |
-| Mac (Apple Silicon) | macOS Ventura 13.3.1               |                                                       |
-| Proxmox VE (PVE)    | Proxmox Virtual Environment 8.0      |                                                       |
+Olares 已在以下 Linux 平台完成测试与验证：

-> **注意**
-> 
-> 如果你在未列出的系统版本上成功安装了 Olares，请告诉我们！你可以在 GitHub 仓库中[提交 Issue](https://github.com/beclab/Olares/issues/new) 或发起 Pull Request。
+- Ubuntu 24.04 LTS 及以上版本
+- Debian 11 及以上版本

 ### 安装 Olares
-
-> 当前文档仅有英文版本。
 
-参考[快速上手指南](https://docs.olares.xyz/manual/get-started/)安装并激活 Olares。
+参考[快速上手指南](https://docs.olares.cn/zh/manual/get-started/)安装并激活 Olares。

 ## 项目目录

-Olares 包含多个在 GitHub 上公开可用的代码仓库。当前仓库负责操作系统的最终编译、打包、安装和升级，而特定的更改主要在各自对应的仓库中进行。
+> [!NOTE]
+> 我们正将 Olares 子项目的代码移动到当前仓库。此过程可能会持续数月。届时您就可以通过本仓库了解 Olares 系统的全貌。

-以下表格列出了 Olares 下的项目目录及其对应的仓库。
+Olares 代码库中的主要目录如下：

-<details>
-<summary><b>框架组件</b></summary>
-
-| 路径 | 仓库 | 说明 |
-| --- | --- | --- |
-| [frameworks/app-service](https://github.com/beclab/olares/tree/main/frameworks/app-service) | <https://github.com/beclab/app-service> | 系统框架组件，负责提供全系统应用的生命周期管理及多种安全控制。 |
-| [frameworks/backup-server](https://github.com/beclab/olares/tree/main/frameworks/backup-server) | <https://github.com/beclab/backup-server> | 系统框架组件，提供定时的全量或增量集群备份服务。 |
-| [frameworks/bfl](https://github.com/beclab/olares/tree/main/frameworks/bfl) | <https://github.com/beclab/bfl> | 启动器后端（Backend For Launcher, BFL），作为用户访问点的系统框架组件，整合并代理各种后端服务的接口。 |
-| [frameworks/GPU](https://github.com/beclab/olares/tree/main/frameworks/GPU) | <https://github.com/grgalex/nvshare> | GPU共享机制，允许多个进程（或运行在 Kubernetes 上的容器）安全地同时在同一物理 GPU 上运行，每个进程都可访问全部 GPU 内存。 |
-| [frameworks/l4-bfl-proxy](https://github.com/beclab/olares/tree/main/frameworks/l4-bfl-proxy) | <https://github.com/beclab/l4-bfl-proxy> | 针对 BFL 的第4层网络代理。通过预读服务器名称指示（SNI），提供一条动态路由至用户的 Ingress。 |
-| [frameworks/osnode-init](https://github.com/beclab/olares/tree/main/frameworks/osnode-init) | <https://github.com/beclab/osnode-init> | 系统框架组件，用于初始化新节点加入集群时的节点数据。 |
-| [frameworks/system-server](https://github.com/beclab/olares/tree/main/frameworks/system-server) | <https://github.com/beclab/system-server> | 作为系统运行时框架的一部分，提供应用间安全通信的机制。 |
-| [frameworks/tapr](https://github.com/beclab/olares/tree/main/frameworks/tapr) | <https://github.com/beclab/tapr> | Olares 应用运行时组件。 |
-
-</details>
-
-<details>
-<summary><b>系统级应用程序和服务</b></summary>
-
-| 路径 | 仓库 | 说明 |
-| --- | --- | --- |
-| [apps/analytic](https://github.com/beclab/olares/tree/main/apps/analytic) | <https://github.com/beclab/analytic> | 基于 [Umami](https://github.com/umami-software/umami) 开发的 Analytic，是一个简单、快速、注重隐私的 Google Analytics 替代品。 |
-| [apps/market](https://github.com/beclab/olares/tree/main/apps/market) | <https://github.com/beclab/market> | 此代码库部署了 Olares 应用市场的前端部分。 |
-| [apps/market-server](https://github.com/beclab/olares/tree/main/apps/market-server) | <https://github.com/beclab/market> | 此代码库部署了 Olares 应用市场的后端部分。 |
-| [apps/argo](https://github.com/beclab/olares/tree/main/apps/argo) | <https://github.com/argoproj/argo-workflows> | 用于协调本地推荐算法容器执行的工作流引擎。 |
-| [apps/desktop](https://github.com/beclab/olares/tree/main/apps/desktop) | <https://github.com/beclab/desktop> | 系统内置的桌面应用程序。 |
-| [apps/devbox](https://github.com/beclab/olares/tree/main/apps/devbox) | <https://github.com/beclab/devbox> | 为开发者提供的 IDE，用于移植和开发 Olares 应用。 |
-| [apps/vault](https://github.com/beclab/olares/tree/main/apps/vault) | <https://github.com/beclab/termipass> | 基于 [Padloc](https://github.com/padloc/padloc) 开发的团队和企业的免费 1Password 和 Bitwarden 替代品，作为客户端帮助您管理 DID、Olares ID和 Olares 设备。 |
-| [apps/files](https://github.com/beclab/olares/tree/main/apps/files) | <https://github.com/beclab/files> | 基于 [Filebrowser](https://github.com/filebrowser/filebrowser) 修改的内置文件管理器，管理 Drive、Sync 和各种 Olares 物理节点上的文件。|
-| [apps/notifications](https://github.com/beclab/olares/tree/main/apps/notifications) | <https://github.com/beclab/notifications> | Olares 的通知系统。 |
-| [apps/profile](https://github.com/beclab/olares/tree/main/apps/profile) | <https://github.com/beclab/profile> | Olares 中的 Linktree 替代品。|
-| [apps/rsshub](https://github.com/beclab/olares/tree/main/apps/rsshub) | <https://github.com/beclab/rsshub> | 基于 [RssHub](https://github.com/DIYgod/RSSHub) 的 RSS 订阅管理器。 |
-| [apps/settings](https://github.com/beclab/olares/tree/main/apps/settings) | <https://github.com/beclab/settings> | 内置系统设置。 |
-| [apps/system-apps](https://github.com/beclab/olares/tree/main/apps/system-apps) | <https://github.com/beclab/system-apps> | 基于 *kubesphere/console* 项目构建的 system-service 提供一个自托管的云平台，通过视觉仪表板和功能丰富的 ControlHub 帮助用户了解和控制系统的运行状态和资源使用。 |
-| [apps/wizard](https://github.com/beclab/olares/tree/main/apps/wizard) | <https://github.com/beclab/wizard> | 向用户介绍系统激活过程的向导应用程序。 |
-</details>
-
-<details>
-<summary><b>第三方组件和服务</b></summary>
-
-| 路径 | 仓库 | 说明 |
-| --- | --- | --- |
-| [third-party/authelia](https://github.com/beclab/olares/tree/main/third-party/authelia) | <https://github.com/beclab/authelia> | 一个开源的认证和授权服务器，通过网络门户为应用程序提供双因素认证和单点登录（SSO）。 |
-| [third-party/headscale](https://github.com/beclab/olares/tree/main/third-party/headscale) | <https://github.com/beclab/headscale> | 在 Olares 中的 Tailscale 控制服务器的开源自托管实现，用于管理 LarePass 中不同设备上的 Tailscale。|
-| [third-party/infisical](https://github.com/beclab/olares/tree/main/third-party/infisical) | <https://github.com/beclab/infisical> | 一个开源的密钥管理平台，可以在团队/基础设施之间同步密钥并防止泄露。 |
-| [third-party/juicefs](https://github.com/beclab/olares/tree/main/third-party/juicefs) | <https://github.com/beclab/juicefs-ext> | 基于 Redis 和 S3 之上构建的分布式 POSIX 文件系统，允许不同节点上的应用通过 POSIX 接口访问同一数据。 |
-| [third-party/ks-console](https://github.com/beclab/olares/tree/main/third-party/ks-console) | <https://github.com/kubesphere/console> | Kubesphere 控制台，允许通过 Web GUI 进行集群管理。 |
-| [third-party/ks-installer](https://github.com/beclab/olares/tree/main/third-party/ks-installer) | <https://github.com/beclab/ks-installer-ext> | Kubesphere 安装组件，根据集群资源定义自动创建 Kubesphere 集群。 |
-| [third-party/kube-state-metrics](https://github.com/beclab/olares/tree/main/third-party/kube-state-metrics) | <https://github.com/beclab/kube-state-metrics> | kube-state-metrics（KSM）是一个简单的服务，监听 Kubernetes API 服务器并生成关于对象状态的指标。 |
-| [third-party/notification-manager](https://github.com/beclab/olares/tree/main/third-party/notification-manager) | <https://github.com/beclab/notification-manager-ext> | Kubesphere 的通知管理组件，用于统一管理多个通知渠道和自定义聚合通知内容。 |
-| [third-party/predixy](https://github.com/beclab/olares/tree/main/third-party/predixy) | <https://github.com/beclab/predixy> | Redis 集群代理服务，自动识别可用节点并添加命名空间隔离。 |
-| [third-party/redis-cluster-operator](https://github.com/beclab/olares/tree/main/third-party/redis-cluster-operator) | <https://github.com/beclab/redis-cluster-operator> | 一个基于 Kubernetes 的云原生工具，用于创建和管理 Redis 集群。 |
-| [third-party/seafile-server](https://github.com/beclab/olares/tree/main/third-party/seafile-server) | <https://github.com/beclab/seafile-server> | Seafile（同步驱动器）的后端服务，用于处理数据存储。 |
-| [third-party/seahub](https://github.com/beclab/olares/tree/main/third-party/seahub) | <https://github.com/beclab/seahub> | Seafile（同步驱动器）的前端和中间件服务，用于处理文件共享、数据同步等。 |
-| [third-party/tailscale](https://github.com/beclab/olares/tree/main/third-party/tailscale) | <https://github.com/tailscale/tailscale> | Tailscale 已在所有平台的 LarePass 中集成。 |
-</details>
-
-<details>
-<summary><b>其他库和组件</b></summary>
-
-| 路径 | 仓库 | 说明 |
-| --- | --- | --- |
-| [build/installer](https://github.com/beclab/olares/tree/main/build/installer) |     | 用于生成安装程序构建的模板。 |
-| [build/manifest](https://github.com/beclab/olares/tree/main/build/manifest) |     | 安装构建镜像列表模板。 |
-| [libs/fs-lib](https://github.com/beclab/olares/tree/main/libs) | <https://github.com/beclab/fs-lib> | 基于 JuiceFS 实现的 iNotify 兼容接口的SDK库。 |
-| [scripts](https://github.com/beclab/olares/tree/main/scripts) |     | 生成安装程序构建的辅助脚本。 |
-</details>
+* **`apps`**: 用于存放系统应用，主要是 `larepass` 的代码。
+* **`cli`**: 用于存放 `olares-cli`（Olares 的命令行界面工具）的代码。
+* **`daemon`**: 用于存放 `olaresd`（系统守护进程）的代码。
+* **`docs`**: 用于存放 Olares 项目的文档。
+* **`framework`**: 用来存放 Olares 系统服务代码。
+* **`infrastructure`**: 用于存放计算，存储，网络，GPU 等基础设施的代码。
+* **`platform`**: 用于存放数据库、消息队列等云原生组件的代码。
+* **`vendor`**: 用于存放来自第三方硬件供应商的代码。

 ## 社区贡献

 我们欢迎任何形式的贡献！

 - 如果您想在 Olares 上开发自己的应用，请参考：<br>
-https://docs.olares.xyz/developer/develop/
+https://docs.olares.com/developer/develop/


 - 如果您想帮助改进 Olares，请参考：<br>
-https://docs.olares.xyz/developer/contribute/olares.html
+https://docs.olares.com/developer/contribute/olares.html

 ## 社区支持

 * [**GitHub Discussion**](https://github.com/beclab/olares/discussions) - 讨论 Olares 使用过程中的疑问。
 * [**GitHub Issues**](https://github.com/beclab/olares/issues) - 报告 Olares 的遇到的问题或提出功能改进建议。
 * [**Discord**](https://discord.com/invite/BzfqrgQPDK) - 日常交流，分享经验，或讨论与 Olares 相关的任何主题。
- 
-## 持续关注
-
-关注 Olares 项目，及时获取新版本和更新的通知。
-
- 
-![点亮星标](https://file.bttcdn.com/github/terminus/terminus.git.v2.gif)
- 

 ## 特别感谢

--- a/README_JP.md
+++ b/README_JP.md
@@ -0,0 +1,146 @@
+<div align="center">
+
+# Olares: ローカルAIのためのオープンソース主権クラウドOS<!-- omit in toc -->
+
+[![Mission](https://img.shields.io/badge/Mission-Let%20people%20own%20their%20data%20again-purple)](#)<br/>
+[![Last Commit](https://img.shields.io/github/last-commit/beclab/olares)](https://github.com/beclab/olares/commits/main)
+![Build Status](https://github.com/beclab/olares/actions/workflows/release-daily.yaml/badge.svg)
+[![GitHub release (latest by date)](https://img.shields.io/github/v/release/beclab/olares)](https://github.com/beclab/olares/releases)
+[![GitHub Repo stars](https://img.shields.io/github/stars/beclab/olares?style=social)](https://github.com/beclab/olares/stargazers)
+[![Discord](https://img.shields.io/badge/Discord-7289DA?logo=discord&logoColor=white)](https://discord.com/invite/BzfqrgQPDK)
+[![License](https://img.shields.io/badge/License-Olares-darkblue)](https://github.com/beclab/olares/blob/main/LICENSE.md)
+
+<p>
+  <a href="./README.md"><img alt="Readme in English" src="https://img.shields.io/badge/English-FFFFFF"></a>
+  <a href="./README_CN.md"><img alt="Readme in Chinese" src="https://img.shields.io/badge/简体中文-FFFFFF"></a>
+  <a href="./README_JP.md"><img alt="Readme in Japanese" src="https://img.shields.io/badge/日本語-FFFFFF"></a>
+</p>
+
+</div>
+
+<p align="center">
+  <a href="https://olares.com">ウェブサイト</a> ·
+  <a href="https://docs.olares.com">ドキュメント</a> ·
+  <a href="https://olares.com/larepass">LarePassをダウンロード</a> ·
+  <a href="https://github.com/beclab/apps">Olaresアプリ</a> ·
+  <a href="https://space.olares.com">Olares Space</a>
+</p>
+
+> *パブリッククラウドを基盤とする現代のインターネットは、あなたの個人データのプライバシーをますます脅かしています。ChatGPT、Midjourney、Facebookといったサービスへの依存が深まるにつれ、デジタル主権に対するあなたのコントロールも弱まっています。あなたのデータは他者のサーバーに保存され、その利用規約に縛られ、追跡され、検閲されているのです。*
+>
+>*今こそ、変革の時です。*
+
+![自身のデジタル](https://file.bttcdn.com/github/olares/public-cloud-to-personal-cloud.jpg)
+
+私たちは、あなたが自身のデジタルライフをコントロールする基本的な権利を有すると確信しています。この権利を守る最も効果的な方法は、あなたのデータをローカルの、あなた自身のハードウェア上でホストすることです。
+
+Olaresは、あなたが自身のデジタル資産をローカルで容易に所有し管理できるよう設計された、オープンソースのパーソナルクラウドOSです。もはやパブリッククラウドサービスに依存する必要はありません。Olares上で、例えばOllamaを利用した大規模言語モデルのホスティング、SD WebUIによる画像生成、Mastodonを用いた検閲のないソーシャルスペースの構築など、強力なオープンソースの代替サービスやアプリケーションをローカルにデプロイできます。Olaresは、クラウドコンピューティングの絶大な力を活用しつつ、それを完全に自身のコントロール下に置くことを可能にします。
+
+> 🌟 *新しいリリースや更新についての通知を受け取るために、スターを付けてください。*
+
+## アーキテクチャ
+
+パブリッククラウドは、IaaS (Infrastructure as a Service)、PaaS (Platform as a Service)、SaaS (Software as a Service) といったサービスレイヤーで構成されています。Olaresは、これら各レイヤーに対するオープンソースの代替ソリューションを提供しています。
+
+  ![Olaresのアーキテクチ](https://file.bttcdn.com/github/olares/olares-architecture.jpg)
+
+各コンポーネントの詳細については、[Olares アーキテクチャ](https://docs.olares.com/manual/system-architecture.html)（英語版）をご参照ください。
+
+> 🔍**OlaresとNASの違いは何ですか？**
+>
+> Olaresは、ワンストップのセルフホスティング・パーソナルクラウド体験の実現を目指しています。そのコア機能とユーザーの位置付けは、ネットワークストレージに特化した従来のNASとは大きく異なります。詳細は、[OlaresとNASの比較](https://docs.olares.com/manual/olares-vs-nas.html)（英語版）をご参照ください。
+
+## 機能
+
+Olaresは、セキュリティ、使いやすさ、開発の柔軟性を向上させるための幅広い機能を提供します：
+
+- **エンタープライズグレードのセキュリティ**: Tailscale、Headscale、Cloudflare Tunnel、FRPを使用してネットワーク構成を簡素化します。
+- **安全で許可のないアプリケーションエコシステム**: サンドボックス化によりアプリケーションの分離とセキュリティを確保します。
+- **統一ファイルシステムとデータベース**: 自動スケーリング、バックアップ、高可用性を提供します。
+- **シングルサインオン**: 一度ログインするだけで、Olares内のすべてのアプリケーションに共有認証サービスを使用してアクセスできます。
+- **AI機能**: GPU管理、ローカルAIモデルホスティング、プライベートナレッジベースの包括的なソリューションを提供し、データプライバシーを維持します。
+- **内蔵アプリケーション**: ファイルマネージャー、同期ドライブ、ボールト、リーダー、アプリマーケット、設定、ダッシュボードを含みます。
+- **どこからでもシームレスにアクセス**: モバイル、デスクトップ、ブラウザ用の専用クライアントを使用して、どこからでもデバイスにアクセスできます。
+- **開発ツール**: アプリケーションの開発と移植を容易にする包括的な開発ツールを提供します。
+
+以下はUIのスクリーンショットプレビューです。
+
+| **デスクトップ：馴染みやすく効率的なアクセスポイント** |  **ファイルマネージャー：データを安全に保管** |
+| :--------: | :-------: |
+| ![桌面](https://file.bttcdn.com/github/terminus/v2/desktop.jpg) | ![文件](https://file.bttcdn.com/github/terminus/v2/files.jpg) |
+| **Vault：安心のパスワード管理**|**マーケット：コントロール可能なアプリエコシステム** |
+| ![vault](https://file.bttcdn.com/github/terminus/v2/vault.jpg) | ![市场](https://file.bttcdn.com/github/terminus/v2/market.jpg) |
+| **Wise：あなただけのデジタルガーデン** | **設定：Olaresを効率的に管理** |
+| ![设置](https://file.bttcdn.com/github/terminus/v2/wise.jpg) | ![](https://file.bttcdn.com/github/terminus/v2/settings.jpg) |
+| **ダッシュボード：Olaresを継続的に監視** | **プロフィール：ユニークなパーソナルページ** |
+| ![面板](https://file.bttcdn.com/github/terminus/v2/dashboard.jpg) | ![profile](https://file.bttcdn.com/github/terminus/v2/profile.jpg) |
+| **Studio：開発、デバッグ、デプロイをワンストップで**|**コントロールパネル：Kubernetesクラスターを簡単に管理** |
+| ![Devbox](https://file.bttcdn.com/github/terminus/v2/devbox.jpg) | ![控制中心](https://file.bttcdn.com/github/terminus/v2/controlhub.jpg)|
+
+## なぜOlaresなのか？
+
+以下の理由とシナリオで、Olaresはプライベートで強力かつ安全な主権クラウド体験を提供します：
+
+🤖 **エッジAI**: 最先端のオープンAIモデルをローカルで実行し、大規模言語モデル、コンピュータビジョン、音声認識などを含みます。データに合わせてプライベートAIサービスを作成し、機能性とプライバシーを向上させます。<br>
+
+📊 **個人データリポジトリ**: 重要なファイル、写真、ドキュメントを安全に保存し、デバイスや場所を問わず同期および管理します。<br>
+
+🚀 **セルフホストワークスペース**: 安全なオープンソースSaaS代替品を使用して、チームのための無料のコラボレーションワークスペースを構築します。<br>
+
+🎥 **プライベートメディアサーバー**: 個人のメディアコレクションをホストし、独自のストリーミングサービスを提供します。<br>
+
+🏡 **スマートホームハブ**: IoTデバイスやホームオートメーションの中央制御ポイントを作成します。<br>
+
+🤝 **ユーザー所有の分散型ソーシャルメディア**: Mastodon、Ghost、WordPressなどの分散型ソーシャルメディアアプリをOlaresに簡単にインストールし、プラットフォームの手数料やアカウント停止のリスクなしに個人ブランドを構築します。<br>
+
+📚 **学習プラットフォーム**: セルフホスティング、コンテナオーケストレーション、クラウド技術を実践的に学びます。
+
+## はじめに
+
+### システム互換性
+
+Olaresは以下のLinuxプラットフォームで動作検証を完了しています：
+
+- Ubuntu 24.04 LTS 以降
+- Debian 11 以降
+
+### Olaresのセットアップ
+自分のデバイスでOlaresを始めるには、[はじめにガイド](https://docs.olares.com/manual/get-started/)に従ってステップバイステップの手順を確認してください。
+
+
+## プロジェクトナビゲーション
+
+> [!NOTE]
+> 現在、Olaresのサブプロジェクトのコードを当リポジトリへ移行する作業を進めています。この作業が完了するまでには数ヶ月を要する見込みです。完了後には、当リポジトリを通じてOlaresシステムの全貌をご覧いただけるようになります。
+
+このセクションでは、Olares リポジトリ内の主要なディレクトリをリストアップしています：
+
+* **`apps`**: システムアプリケーションのコードが含まれており、主に `larepass` 用です。
+* **`cli`**: Olares のコマンドラインインターフェースツールである `olares-cli` のコードが含まれています。
+* **`daemon`**: システムデーモンプロセスである `olaresd` のコードが含まれています。
+* **`docs`**: プロジェクトのドキュメントが含まれています。
+* **`framework`**: Olares システムサービスが含まれています。
+* **`infrastructure`**: コンピューティング、ストレージ、ネットワーキング、GPU などのインフラストラクチャコンポーネントに関連するコードが含まれています。
+* **`platform`**: データベースやメッセージキューなどのクラウドネイティブコンポーネントのコードが含まれています。
+* **`vendor`**: サードパーティのハードウェアベンダーからのコードが含まれています。
+
+## Olaresへの貢献
+
+あらゆる形での貢献を歓迎します：
+
+- Olaresで独自のアプリケーションを開発したい場合は、以下を参照してください：<br>
+https://docs.olares.com/developer/develop/
+
+
+- Olaresの改善に協力したい場合は、以下を参照してください：<br>
+https://docs.olares.com/developer/contribute/olares.html
+
+## コミュニティと連絡先
+
+* [**GitHub Discussion**](https://github.com/beclab/olares/discussions). フィードバックの共有や質問に最適です。
+* [**GitHub Issues**](https://github.com/beclab/olares/issues). Olaresの使用中に遭遇したバグの報告や機能提案の提出に最適です。 
+* [**Discord**](https://discord.com/invite/BzfqrgQPDK). Olaresに関するあらゆることを共有するのに最適です。
+
+## 特別な感謝
+
+Olaresプロジェクトは、次のような多数のサードパーティオープンソースプロジェクトを統合しています：[Kubernetes](https://kubernetes.io/)、[Kubesphere](https://github.com/kubesphere/kubesphere)、[Padloc](https://padloc.app/)、[K3S](https://k3s.io/)、[JuiceFS](https://github.com/juicedata/juicefs)、[MinIO](https://github.com/minio/minio)、[Envoy](https://github.com/envoyproxy/envoy)、[Authelia](https://github.com/authelia/authelia)、[Infisical](https://github.com/Infisical/infisical)、[Dify](https://github.com/langgenius/dify)、[Seafile](https://github.com/haiwen/seafile)、[HeadScale](https://headscale.net/)、 [tailscale](https://tailscale.com/)、[Redis Operator](https://github.com/spotahome/redis-operator)、[Nitro](https://nitro.jan.ai/)、[RssHub](http://rsshub.app/)、[predixy](https://github.com/joyieldInc/predixy)、[nvshare](https://github.com/grgalex/nvshare)、[LangChain](https://www.langchain.com/)、[Quasar](https://quasar.dev/)、[TrustWallet](https://trustwallet.com/)、[Restic](https://restic.net/)、[ZincSearch](https://zincsearch-docs.zinc.dev/)、[filebrowser](https://filebrowser.org/)、[lego](https://go-acme.github.io/lego/)、[Velero](https://velero.io/)、[s3rver](https://github.com/jamhall/s3rver)、[Citusdata](https://www.citusdata.com/)。
--- a/apps/.olares/config/user/helm-charts/market/.helmignore
+++ b/apps/.olares/config/user/helm-charts/market/.helmignore
--- a/apps/.olares/config/user/helm-charts/market/Chart.yaml
+++ b/apps/.olares/config/user/helm-charts/market/Chart.yaml
--- a/apps/.olares/config/user/helm-charts/market/templates/NOTES.txt
+++ b/apps/.olares/config/user/helm-charts/market/templates/NOTES.txt
--- a/apps/.olares/config/user/helm-charts/market/templates/_helpers.tpl
+++ b/apps/.olares/config/user/helm-charts/market/templates/_helpers.tpl
--- a/apps/.olares/config/user/helm-charts/market/templates/market_deploy.yaml
+++ b/apps/.olares/config/user/helm-charts/market/templates/market_deploy.yaml
@@ -1,13 +1,30 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $market_secret := (lookup "v1" "Secret" $namespace "market-secrets") -}}
+{{- $market_secret := (lookup "v1" "Secret" .Release.Namespace "market-secrets") -}}

 {{- $redis_password := "" -}}
 {{ if $market_secret -}}
-{{ $redis_password = (index $market_secret "data" "redis_password") }}
+{{ $redis_password = (index $market_secret "data" "redis-passwords") }}
 {{ else -}}
 {{ $redis_password = randAlphaNum 16 | b64enc }}
 {{- end -}}

+{{- $market_backend_nats_secret := (lookup "v1" "Secret" .Release.Namespace "market-backend-nats-secret") -}}
+{{- $nats_password := "" -}}
+{{ if $market_backend_nats_secret -}}
+{{ $nats_password = (index $market_backend_nats_secret "data" "nats_password") }}
+{{ else -}}
+{{ $nats_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: market-backend-nats-secret
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  nats_password: {{ $nats_password }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
@@ -25,14 +42,7 @@ metadata:
  namespace: {{ .Release.Namespace }}
  labels:
    app: appstore
-    applications.app.bytetrade.io/name: market
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
    applications.app.bytetrade.io/author: bytetrade.io
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/appstore/icon.png
-    applications.app.bytetrade.io/title: Market
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"appstore-service", "host":"appstore-service", "port":80,"title":"Market","windowPushState":true}]'
 spec:
  replicas: 1
  selector:
@@ -43,11 +53,16 @@ spec:
      labels:
        app: appstore
        io.bytetrade.app: "true"
+      annotations:
+        instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
+        instrumentation.opentelemetry.io/go-container-names: "appstore-backend"    
+        instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/opt/app/market"
    spec:
+      priorityClassName: "system-cluster-critical"
      initContainers:
        - args:
          - -it
-          - authelia-backend.os-system:9091
+          - authelia-backend.os-framework:9091
          image: owncloudci/wait-for:latest
          imagePullPolicy: IfNotPresent
          name: check-auth
@@ -82,15 +97,10 @@ spec:
            valueFrom:
              fieldRef:
                apiVersion: v1
-                fieldPath: status.podIP
+                fieldPath: status.podIP         
      containers:
-      - name: appstore
-        image: beclab/market-frontend:v0.2.30
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 80
      - name: appstore-backend
-        image: beclab/market-backend:v0.2.30
+        image: beclab/market-backend:v0.3.12
        imagePullPolicy: IfNotPresent
        ports:
          - containerPort: 81
@@ -108,7 +118,7 @@ spec:
          - name: APP_SOTRE_SERVICE_SERVICE_PORT
            value: '443'
          - name: APP_SERVICE_SERVICE_HOST
-            value: app-service.os-system
+            value: app-service.os-framework
          - name: APP_SERVICE_SERVICE_PORT
            value: '6755'
          - name: REPO_URL_PORT
@@ -126,7 +136,21 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
-
+          - name: NATS_HOST
+            value: nats.user-system-{{ .Values.bfl.username }}
+          - name: NATS_PORT
+            value: '4222'
+          - name: NATS_USERNAME
+            value: os-market-backend
+          - name: NATS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: market-backend-nats-secret
+                key: nats_password
+          - name: NATS_SUBJECT_APPLICATION
+            value: os.application
+          - name: NATS_SUBJECT_MARKET
+            value: os.market
        volumeMounts:
          - name: opt-data
            mountPath: /opt/app/data
@@ -170,7 +194,7 @@ spec:
            fieldRef:
              fieldPath: status.podIP
      - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.3'
+        image: 'beclab/ws-gateway:v1.0.5'
        command:
          - /ws-gateway
        env:
@@ -191,8 +215,12 @@ spec:
            path: envoy.yaml
      - name: opt-data
        hostPath:
-          path: {{ .Values.userspace.appData}}/appstore/data
+          path: '{{ .Values.userspace.appData}}/appstore/data'
          type: DirectoryOrCreate
+      - name: app
+        emptyDir: {}
+      - name: nginx-confd
+        emptyDir: {}

 ---
 apiVersion: v1
@@ -205,10 +233,6 @@ spec:
    app: appstore
  type: ClusterIP
  ports:
-    - protocol: TCP
-      name: appstore
-      port: 80
-      targetPort: 80
    - protocol: TCP
      name: appstore-backend
      port: 81
@@ -249,7 +273,7 @@ spec:
  dataType: app
  deployment: market
  description: app store provider
-  endpoint: appstore-service.{{ .Release.Namespace }}
+  endpoint: appstore-service.{{ .Release.Namespace }}:81
  group: service.appstore
  kind: provider
  namespace: {{ .Release.Namespace }}
@@ -277,4 +301,55 @@ spec:
        secretKeyRef:
          key: redis-passwords
          name: market-secrets
-    namespace: market
+    namespace: market
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: appstore-svc
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    app: appstore
+  ports:
+    - name: "appstore-backend"
+      protocol: TCP
+      port: 81
+      targetPort: 81
+    - name: "appstore-websocket"
+      protocol: TCP
+      port: 40010
+      targetPort: 40010
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: market-backend-nats
+  namespace: {{ .Release.Namespace }}
+spec:
+  app: market-backend
+  appNamespace: os
+  middleware: nats
+  nats:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: nats_password
+          name: market-backend-nats-secret
+    refs:
+      - appName: user-service
+        appNamespace: os
+        subjects:
+          - name: "application.*"
+            perm:
+              - pub
+              - sub
+      - appName: user-service
+        appNamespace: os
+        subjects:
+          - name: "market.*"
+            perm:
+              - pub
+              - sub
+    user: os-market-backend
--- a/apps/.olares/config/user/helm-charts/market/values.yaml
+++ b/apps/.olares/config/user/helm-charts/market/values.yaml
@@ -1,4 +1,3 @@
-
 bfl:
  nodeport: 30883
  nodeport_ingress_http: 30083
@@ -42,4 +41,4 @@ os:
  appstore:
    marketProvider: ''
 kubesphere:
-  redis_password: ""
+  redis_password: ""
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/.helmignore
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/.helmignore
--- a/apps/download/config/user/helm-charts/download/Chart.yaml
+++ b/apps/download/config/user/helm-charts/download/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-name: download
-description: A Helm chart for Kubernetes
+name: studio
+description: A Terminus app development tool
 maintainers:
 - name: bytetrade

@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
+version: 0.1.3

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "4.9.1"
--- a/apps/.olares/config/user/helm-charts/studio/devbox.png
+++ b/apps/.olares/config/user/helm-charts/studio/devbox.png
--- a/apps/.olares/config/user/helm-charts/studio/templates/deployment.yaml
+++ b/apps/.olares/config/user/helm-charts/studio/templates/deployment.yaml
@@ -0,0 +1,294 @@
+{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
+{{- $studio_secret := (lookup "v1" "Secret" $namespace "studio-secrets") -}}
+
+{{- $pg_password := "" -}}
+{{ if $studio_secret -}}
+{{ $pg_password = (index $studio_secret "data" "pg_password") }}
+{{ else -}}
+{{ $pg_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: studio-secrets
+  namespace: user-system-{{ .Values.bfl.username }}
+type: Opaque
+data:
+  pg_password: {{ $pg_password }}
+
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: studio-pg
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: studio
+  appNamespace: {{ .Release.Namespace }}
+  middleware: postgres
+  postgreSQL:
+    user: studio_{{ .Values.bfl.username }}
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: pg_password
+          name: studio-secrets
+    databases:
+      - name: studio
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: studio-server
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: studio-server
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8088
+      name: http
+    - protocol: TCP
+      port: 8083
+      targetPort: 8083
+      name: https
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: chartmuseum-studio
+  namespace: {{ .Release.Namespace }}
+spec:
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8080
+      targetPort: 8888
+  selector:
+    app: studio-server
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: studio-san-cnf
+  namespace: {{ .Release.Namespace }}
+data:
+  san.cnf: |
+    [req]
+    distinguished_name = req_distinguished_name
+    req_extensions = v3_req
+    prompt = no
+
+    [req_distinguished_name]
+    countryName = CN
+    stateOrProvinceName = Beijing
+    localityName = Beijing
+    0.organizationName = bytetrade
+    commonName = studio-server.{{ .Release.Namespace }}.svc
+
+    [v3_req]
+    basicConstraints = CA:FALSE
+    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+    subjectAltName = @bytetrade
+
+    [bytetrade]
+    DNS.1 = studio-server.{{ .Release.Namespace }}.svc
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: studio-server
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: studio-server
+    applications.app.bytetrade.io/author: bytetrade.io
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: studio-server
+  template:
+    metadata:
+      labels:
+        app: studio-server
+    spec:
+      serviceAccountName: bytetrade-controller
+      volumes:
+        - name: chart
+          hostPath:
+            type: DirectoryOrCreate
+            path: '{{ .Values.userspace.appData}}/studio/Chart'
+        - name: data
+          hostPath:
+            type: DirectoryOrCreate
+            path: '{{ .Values.userspace.appData }}/studio/Data'
+        - name: storage-volume
+          hostPath:
+            path: '{{ .Values.userspace.appData }}/studio/helm-repo-dev'
+            type: DirectoryOrCreate
+        - name: config-san
+          configMap:
+            name: studio-san-cnf
+            items:
+              - key: san.cnf
+                path: san.cnf
+        - name: certs
+          emptyDir: {}
+      initContainers:
+        - name: init-chmod-data
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          command:
+            - sh
+            - '-c'
+            - |
+              chown -R 1000:1000 /home/coder
+              chown -R 65532:65532 /charts
+              chown -R 65532:65532 /data
+          securityContext:
+            runAsUser: 0
+          resources: { }
+          volumeMounts:
+            - name: storage-volume
+              mountPath: /home/coder
+            - name: chart
+              mountPath: /charts
+            - name: data
+              mountPath: /data
+        - name: generate-certs
+          image: beclab/openssl:v3
+          imagePullPolicy: IfNotPresent
+          command: [ "/bin/sh", "-c" ]
+          args:
+            - |
+              openssl genrsa -out /etc/certs/ca.key 2048
+              openssl req -new -x509 -days 3650 -key /etc/certs/ca.key -out /etc/certs/ca.crt \
+                -subj "/CN=bytetrade CA/O=bytetrade/C=CN"
+              openssl req -new -newkey rsa:2048 -nodes \
+                -keyout /etc/certs/server.key -out /etc/certs/server.csr \
+                -config /etc/san/san.cnf
+              openssl x509 -req -days 3650 -in /etc/certs/server.csr \
+                -CA /etc/certs/ca.crt -CAkey /etc/certs/ca.key \
+                -CAcreateserial -out /etc/certs/server.crt \
+                -extensions v3_req -extfile /etc/san/san.cnf
+              chown -R 65532 /etc/certs/*
+          volumeMounts:
+            - name: config-san
+              mountPath: /etc/san
+            - name: certs
+              mountPath: /etc/certs
+
+      containers:
+        - name: studio
+          image: beclab/studio-server:v0.1.51
+          imagePullPolicy: IfNotPresent
+          args:
+            - server
+          ports:
+            - name: port
+              containerPort: 8088
+              protocol: TCP
+            - name: ssl-port
+              containerPort: 8083
+              protocol: TCP
+          volumeMounts:
+            - name: chart
+              mountPath: /charts
+            - name: data
+              mountPath: /data
+            - mountPath: /etc/certs
+              name: certs
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - "/studio"
+                  - "clean"
+          env:
+            - name: BASE_DIR
+              value: /charts
+            - name: OS_API_KEY
+              value: {{ .Values.os.studio.appKey }}
+            - name: OS_API_SECRET
+              value: {{ .Values.os.studio.appSecret }}
+            - name: OS_SYSTEM_SERVER
+              value: system-server.user-system-{{ .Values.bfl.username }}
+            - name: NAME_SPACE
+              value: {{ .Release.Namespace }}
+            - name: OWNER
+              value: '{{ .Values.bfl.username }}'
+            - name: DB_HOST
+              value: citus-master-svc.user-system-{{ .Values.bfl.username }}
+            - name: DB_USERNAME
+              value: studio_{{ .Values.bfl.username }}
+            - name: DB_PASSWORD
+              value: "{{ $pg_password | b64dec }}"
+            - name: DB_NAME
+              value: user_space_{{ .Values.bfl.username }}_studio
+            - name: DB_PORT
+              value: "5432"
+          resources:
+            requests:
+              cpu: "50m"
+              memory: 100Mi
+            limits:
+              cpu: "0.5"
+              memory: 1000Mi
+        - name: chartmuseum
+          image: aboveos/helm-chartmuseum:v0.15.0
+          args:
+            - '--port=8888'
+            - '--storage-local-rootdir=/storage'
+          ports:
+            - name: http
+              containerPort: 8888
+              protocol: TCP
+          env:
+            - name: CHART_POST_FORM_FIELD_NAME
+              value: chart
+            - name: DISABLE_API
+              value: 'false'
+            - name: LOG_JSON
+              value: 'true'
+            - name: PROV_POST_FORM_FIELD_NAME
+              value: prov
+            - name: STORAGE
+              value: local
+          resources:
+            requests:
+              cpu: "50m"
+              memory: 100Mi
+            limits:
+              cpu: 1000m
+              memory: 512Mi
+          volumeMounts:
+            - name: storage-volume
+              mountPath: /storage
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: 5
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: 5
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
--- a/apps/.olares/config/user/helm-charts/studio/values.yaml
+++ b/apps/.olares/config/user/helm-charts/studio/values.yaml
@@ -0,0 +1,42 @@
+bfl:
+  nodeport: 30883
+  nodeport_ingress_http: 30083
+  nodeport_ingress_https: 30082
+  username: 'test'
+  url: 'test'
+  nodeName: test
+pvc:
+  userspace: test
+userspace:
+  userData: test/Home
+  appData: test/Data
+  appCache: test
+  dbdata: test
+docs:
+  nodeport: 30881
+desktop:
+  nodeport: 30180
+os:
+  portfolio:
+    appKey: '${ks[0]}'
+    appSecret: test
+  vault:
+    appKey: '${ks[0]}'
+    appSecret: test
+  desktop:
+    appKey: '${ks[0]}'
+    appSecret: test
+  message:
+    appKey: '${ks[0]}'
+    appSecret: test
+  rss:
+    appKey: '${ks[0]}'
+    appSecret: test
+  search:
+    appKey: '${ks[0]}'
+    appSecret: test
+  studio:
+    appKey: '${ks[0]}'
+    appSecret: test
+kubesphere:
+  redis_password: ""
--- a/apps/.olares/config/user/helm-charts/system-apps/.helmignore
+++ b/apps/.olares/config/user/helm-charts/system-apps/.helmignore
--- a/apps/system-apps/config/user/helm-charts/monitoring/Chart.yaml
+++ b/apps/system-apps/config/user/helm-charts/monitoring/Chart.yaml
--- a/apps/.olares/config/user/helm-charts/system-apps/templates/NOTES.txt
+++ b/apps/.olares/config/user/helm-charts/system-apps/templates/NOTES.txt
--- a/apps/system-apps/config/user/helm-charts/monitoring/templates/_helpers.tpl
+++ b/apps/system-apps/config/user/helm-charts/monitoring/templates/_helpers.tpl
--- a/apps/.olares/config/user/helm-charts/system-apps/templates/system-frontend.yaml
+++ b/apps/.olares/config/user/helm-charts/system-apps/templates/system-frontend.yaml
--- a/apps/.olares/config/user/helm-charts/system-apps/values.yaml
+++ b/apps/.olares/config/user/helm-charts/system-apps/values.yaml
@@ -1,4 +1,3 @@
-
 bfl:
  nodeport: 30883
  nodeport_ingress_http: 30083
@@ -18,10 +17,10 @@ docs:
 desktop:
  nodeport: 30180
 os:
-  portfolio:
+  profile:
    appKey: '${ks[0]}'
    appSecret: test
-  vault:
+  studio:
    appKey: '${ks[0]}'
    appSecret: test
  desktop:
@@ -39,11 +38,11 @@ os:
  search2:
    appKey: '${ks[0]}'
    appSecret: test
-  agent:
+  settings:
    appKey: '${ks[0]}'
    appSecret: test
-  files:
+  dashboard:
    appKey: '${ks[0]}'
    appSecret: test
 kubesphere:
-  redis_password: ""
+  redis_password: ""
--- a/apps/desktop/config/user/helm-charts/desktop/.helmignore
+++ b/apps/desktop/config/user/helm-charts/desktop/.helmignore
--- a/apps/.olares/config/user/helm-charts/wizard/Chart.yaml
+++ b/apps/.olares/config/user/helm-charts/wizard/Chart.yaml
--- a/apps/desktop/config/user/helm-charts/desktop/templates/NOTES.txt
+++ b/apps/desktop/config/user/helm-charts/desktop/templates/NOTES.txt
--- a/apps/desktop/config/user/helm-charts/desktop/templates/_helpers.tpl
+++ b/apps/desktop/config/user/helm-charts/desktop/templates/_helpers.tpl
--- a/apps/.olares/config/user/helm-charts/wizard/templates/wizard_deploy.yaml
+++ b/apps/.olares/config/user/helm-charts/wizard/templates/wizard_deploy.yaml
@@ -0,0 +1,62 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wizard
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: wizard
+    applications.app.bytetrade.io/author: bytetrade.io
+  annotations:
+    applications.app.bytetrade.io/version: '0.0.1'
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wizard
+  template:
+    metadata:
+      labels:
+        app: wizard
+    spec:
+      initContainers:
+      - args:
+        - -it
+        - authelia-backend.os-framework:9091
+        image: owncloudci/wait-for:latest
+        imagePullPolicy: IfNotPresent
+        name: check-auth
+
+      containers:
+      - name: wizard
+        image: beclab/wizard:v1.3.57
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 80
+        env:
+          - name: apiServerURL
+            value: http://bfl.{{ .Release.Namespace }}:8080
+      volumes:
+      - name: userspace-dir
+        hostPath:
+          type: Directory
+          path: "{{ .Values.userspace.userData }}"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wizard
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: NodePort
+  selector:
+    app: wizard
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+      {{ if and .Values.desktop .Values.desktop.nodeport }}
+      nodePort: {{ .Values.desktop.nodeport }}
+      {{ end }}
+
--- a/apps/.olares/config/user/helm-charts/wizard/values.yaml
+++ b/apps/.olares/config/user/helm-charts/wizard/values.yaml
@@ -1,4 +1,3 @@
-
 bfl:
  username: 'test'
  url: 'test'
--- a/apps/search3/README.md
+++ b/apps/search3/README.md
--- a/apps/argo/README.md
+++ b/apps/argo/README.md
@@ -1,2 +0,0 @@
-# RSS Recommend
-
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/Chart.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/Chart.yaml
@@ -1,39 +0,0 @@
-apiVersion: v2
-name: argoworkflows
-description: A Helm chart for Argo Workflows
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.35.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "v3.5.0"
-
-icon: https://argoproj.github.io/argo-workflows/assets/logo.png
-home: https://github.com/argoproj/argo-helm
-sources:
-  - https://github.com/argoproj/argo-workflows
-maintainers:
-  - name: argoproj
-    url: https://argoproj.github.io/
-annotations:
-  artifacthub.io/signKey: |
-    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
-    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
-  artifacthub.io/changes: |
-    - kind: changed
-      description: Upgrade to Argo Workflows v3.4.10
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/NOTES.txt
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/NOTES.txt
@@ -1,7 +0,0 @@
-1. Get Argo Server external IP/domain by running:
-
-kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }}
-
-2. Submit the hello-world workflow by running:
-
-argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/_helpers.tpl
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/_helpers.tpl
@@ -1,189 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{/*
-Create argo workflows server name and version as used by the chart label.
-*/}}
-{{- define "argo-workflows.server.fullname-bak" -}}
-{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "argo-workflows.server.fullname" -}}
-argoworkflows
-{{- end -}}
-
-{{/*
-Create controller name and version as used by the chart label.
-*/}}
-{{- define "argo-workflows.controller.fullname" -}}
-{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "argo-workflows.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-*/}}
-{{/*{{- define "argo-workflows.fullname" -}}*/}}
-{{/*{{- if .Values.fullnameOverride -}}*/}}
-{{/*{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}*/}}
-{{/*{{- else -}}*/}}
-{{/*{{- $name := default .Chart.Name .Values.nameOverride -}}*/}}
-{{/*{{- if contains $name .Release.Name -}}*/}}
-{{/*{{- .Release.Name | trunc 63 | trimSuffix "-" -}}*/}}
-{{/*{{- else -}}*/}}
-{{/*{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}*/}}
-{{/*{{- end -}}*/}}
-{{/*{{- end -}}*/}}
-{{/*{{- end -}}*/}}
-
-{{- define "argo-workflows.fullname" -}}
-argoworkflow
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "argo-workflows.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create kubernetes friendly chart version label for the controller.
-Examples:
-image.tag = v3.4.4
-output    = v3.4.4
-
-image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696
-output    = v3.4.4
-*/}}
-{{- define "argo-workflows.controller_chart_version_label" -}}
-{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag) "") "" | trunc 63 | quote -}}
-{{- end -}}
-
-{{/*
-Create kubernetes friendly chart version label for the server.
-Examples:
-image.tag = v3.4.4
-output    = v3.4.4
-
-image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696
-output    = v3.4.4
-*/}}
-{{- define "argo-workflows.server_chart_version_label" -}}
-{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.server.image.tag) "") "" | trunc 63 | quote -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "argo-workflows.labels" -}}
-helm.sh/chart: {{ include "argo-workflows.chart" .context }}
-{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
-app.kubernetes.io/managed-by: {{ .context.Release.Service }}
-app.kubernetes.io/part-of: argo-workflows
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "argo-workflows.selectorLabels" -}}
-{{- if .name -}}
-app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }}
-{{ end -}}
-app.kubernetes.io/instance: {{ .context.Release.Name }}
-{{- if .component }}
-app.kubernetes.io/component: {{ .component }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create the name of the server service account to use
-*/}}
-{{- define "argo-workflows.serverServiceAccountName" -}}
-{{- if .Values.server.serviceAccount.create -}}
-    {{ default (include "argo-workflows.server.fullname" .) .Values.server.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.server.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the controller service account to use
-*/}}
-{{- define "argo-workflows.controllerServiceAccountName" -}}
-{{- if .Values.controller.serviceAccount.create -}}
-    {{ default (include "argo-workflows.controller.fullname" .) .Values.controller.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.controller.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for ingress
-*/}}
-{{- define "argo-workflows.ingress.apiVersion" -}}
-{{- if semverCompare "<1.14-0" (include "argo-workflows.kubeVersion" $) -}}
-{{- print "extensions/v1beta1" -}}
-{{- else if semverCompare "<1.19-0" (include "argo-workflows.kubeVersion" $) -}}
-{{- print "networking.k8s.io/v1beta1" -}}
-{{- else -}}
-{{- print "networking.k8s.io/v1" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the target Kubernetes version
-*/}}
-{{- define "argo-workflows.kubeVersion" -}}
-  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
-{{- end -}}
-
-{{/*
-Return the default Argo Workflows app version
-*/}}
-{{- define "argo-workflows.defaultTag" -}}
-  {{- default .Chart.AppVersion .Values.images.tag }}
-{{- end -}}
-
-{{/*
-Return full image name including or excluding registry based on existence
-*/}}
-{{- define "argo-workflows.image" -}}
-{{- if and .image.registry .image.repository -}}
-  {{ .image.registry }}/{{ .image.repository }}
-{{- else -}}
-  {{ .image.repository }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for autoscaling
-*/}}
-{{- define "argo-workflows.apiVersion.autoscaling" -}}
-{{- if .Values.apiVersionOverrides.autoscaling -}}
-{{- print .Values.apiVersionOverrides.autoscaling -}}
-{{- else if semverCompare "<1.23-0" (include "argo-workflows.kubeVersion" .) -}}
-{{- print "autoscaling/v2beta1" -}}
-{{- else -}}
-{{- print "autoscaling/v2" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for GKE resources
-*/}}
-{{- define "argo-workflows.apiVersions.cloudgoogle" -}}
-{{- if .Values.apiVersionOverrides.cloudgoogle -}}
-{{- print .Values.apiVersionOverrides.cloudgoogle -}}
-{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
-{{- print "cloud.google.com/v1" -}}
-{{- else -}}
-{{- print "cloud.google.com/v1beta1" -}}
-{{- end -}}
-{{- end -}}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-config-map.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-config-map.yaml
@@ -1,208 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}-configmap
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
-data:
-  config: |
-    {{- if .Values.controller.instanceID.enabled }}
-      {{- if .Values.controller.instanceID.useReleaseName }}
-    instanceID: {{ .Release.Namespace }}
-      {{- else }}
-    instanceID: {{ .Values.controller.instanceID.explicitID }}
-      {{- end }}
-    {{- end }}
-    {{- if .Values.controller.parallelism }}
-    parallelism: {{ .Values.controller.parallelism }}
-    {{- end }}
-    {{- if .Values.controller.resourceRateLimit }}
-    resourceRateLimit: {{ toYaml .Values.controller.resourceRateLimit | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.namespaceParallelism }}
-    namespaceParallelism: {{ . }}
-    {{- end }}
-    {{- with .Values.controller.initialDelay }}
-    initialDelay: {{ . }}
-    {{- end }}
-    {{- if or .Values.mainContainer.resources .Values.mainContainer.env .Values.mainContainer.envFrom .Values.mainContainer.securityContext}}
-    mainContainer:
-      imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.mainContainer.imagePullPolicy }}
-      {{- with .Values.mainContainer.resources }}
-      resources: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.mainContainer.env }}
-      env: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.mainContainer.envFrom }}
-      envFrom: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.mainContainer.securityContext }}
-      securityContext: {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- end }}
-    {{- if or .Values.executor.resources .Values.executor.env .Values.executor.args .Values.executor.securityContext}}
-    executor:
-      imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.executor.image.pullPolicy }}
-      {{- with .Values.executor.resources }}
-      resources: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.executor.args }}
-      args: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.executor.env }}
-      env: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.executor.securityContext }}
-      securityContext: {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- end }}
-    {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }}
-    artifactRepository:
-      {{- if .Values.artifactRepository.archiveLogs }}
-      archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
-      {{- end }}
-      {{- with .Values.artifactRepository.gcs }}
-      gcs: {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      {{- with .Values.artifactRepository.azure }}
-      azure: {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      {{- if .Values.artifactRepository.s3 }}
-      s3:
-        {{- if .Values.useStaticCredentials }}
-        accessKeySecret:
-          key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }}
-          name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }}
-        secretKeySecret:
-          key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }}
-          name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }}
-        {{- end }}
-        bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
-        endpoint: workflow-archivelog-s3.user-system-{{ .Values.global.bfl.username }}:4568
-        insecure: {{ .Values.artifactRepository.s3.insecure }}
-        {{- if .Values.artifactRepository.s3.keyFormat }}
-        keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}
-        {{- end }}
-        {{- if .Values.artifactRepository.s3.region }}
-        region: {{ tpl .Values.artifactRepository.s3.region $ }}
-        {{- end }}
-        {{- if .Values.artifactRepository.s3.roleARN }}
-        roleARN: {{ .Values.artifactRepository.s3.roleARN }}
-        {{- end }}
-        {{- if .Values.artifactRepository.s3.useSDKCreds }}
-        useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }}
-        {{- end }}
-        {{- with .Values.artifactRepository.s3.encryptionOptions }}
-        encryptionOptions:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-      {{- end }}
-      {{- if .Values.customArtifactRepository }}
-      {{- toYaml .Values.customArtifactRepository | nindent 6 }}
-      {{- end }}
-    {{- end }}
-    {{- if .Values.controller.metricsConfig.enabled }}
-    metricsConfig:
-      enabled: {{ .Values.controller.metricsConfig.enabled }}
-      path: {{ .Values.controller.metricsConfig.path }}
-      port: {{ .Values.controller.metricsConfig.port }}
-      {{- if .Values.controller.metricsConfig.metricsTTL }}
-      metricsTTL: {{ .Values.controller.metricsConfig.metricsTTL }}
-      {{- end }}
-      ignoreErrors: {{ .Values.controller.metricsConfig.ignoreErrors }}
-      secure: {{ .Values.controller.metricsConfig.secure }}
-    {{- end }}
-    {{- if .Values.controller.telemetryConfig.enabled }}
-    telemetryConfig:
-      enabled: {{ .Values.controller.telemetryConfig.enabled }}
-      path: {{ .Values.controller.telemetryConfig.path }}
-      port: {{ .Values.controller.telemetryConfig.port }}
-      {{- if .Values.controller.telemetryConfig.metricsTTL }}
-      metricsTTL: {{ .Values.controller.telemetryConfig.metricsTTL }}
-      {{- end }}
-      ignoreErrors: {{ .Values.controller.telemetryConfig.ignoreErrors }}
-      secure: {{ .Values.controller.telemetryConfig.secure }}
-    {{- end }}
-    persistence:
-      connectionPool:
-        maxIdleConns: 5
-        maxOpenConns: 0
-      archive: true
-      archiveTTL: 5d
-      postgresql:
-        host: citus-master-svc.user-system-{{ .Values.global.bfl.username }}
-        port: 5432
-        database: user_space_{{ .Values.global.bfl.username }}_argo
-        tableName: argo_workflows
-        userNameSecret:
-          name: rss-secrets
-          key: pg_user
-        passwordSecret:
-          name: rss-secrets
-          key: pg_password
-
-    {{- if .Values.controller.workflowDefaults }}
-    workflowDefaults:
-{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }}
-    {{- if .Values.server.sso.enabled }}
-    sso:
-      issuer: {{ .Values.server.sso.issuer }}
-      clientId:
-        name: {{ .Values.server.sso.clientId.name }}
-        key: {{ .Values.server.sso.clientId.key }}
-      clientSecret:
-        name: {{ .Values.server.sso.clientSecret.name }}
-        key: {{ .Values.server.sso.clientSecret.key }}
-      redirectUrl: {{ .Values.server.sso.redirectUrl }}
-      rbac:
-        enabled: {{ .Values.server.sso.rbac.enabled }}
-      {{- with .Values.server.sso.scopes }}
-      scopes: {{ toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.sso.issuerAlias }}
-      issuerAlias: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.sessionExpiry }}
-      sessionExpiry: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.customGroupClaimName }}
-      customGroupClaimName: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.userInfoPath }}
-      userInfoPath: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.insecureSkipVerify }}
-      insecureSkipVerify: {{ toYaml . }}
-      {{- end }}
-    {{- end }}
-    {{- with .Values.controller.workflowRestrictions }}
-    workflowRestrictions: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.links }}
-    links: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.columns }}
-    columns: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.navColor }}
-    navColor: {{ . }}
-    {{- end }}
-    {{- with .Values.controller.retentionPolicy }}
-    retentionPolicy: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.emissary.images }}
-    images: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    nodeEvents:
-      enabled: {{ .Values.controller.nodeEvents.enabled }}
-    {{- with .Values.controller.kubeConfig }}
-    kubeConfig: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.podGCGracePeriodSeconds }}
-    podGCGracePeriodSeconds: {{ . }}
-    {{- end }}
-    {{- with .Values.controller.podGCDeleteDelayDuration }}
-    podGCDeleteDelayDuration: {{ . }}
-    {{- end }}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-crb.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-crb.yaml
@@ -1,45 +0,0 @@
-{{- if .Values.controller.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if .Values.singleNamespace }}
-kind: RoleBinding
-{{ else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.controller.fullname" . }}
-  {{- if .Values.singleNamespace }}
-  namespace: {{ .Release.Namespace | quote }}
-  {{- end }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if .Values.singleNamespace }}
-  kind: Role
-  {{ else }}
-  kind: ClusterRole
-  {{- end }}
-  name: {{ template "argo-workflows.controller.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
-
-{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.controller.fullname" . }}-cluster-template
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
-{{- end }}
-{{- end }}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-deployment.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-deployment.yaml
@@ -1,129 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
-  {{- with .Values.controller.deploymentAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  replicas: {{ .Values.controller.replicas }}
-  selector:
-    matchLabels:
-      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
-        {{- with.Values.controller.podLabels }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.controller.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    spec:
-      serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }}
-      {{- with .Values.controller.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.extraInitContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: controller
-          image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}"
-          imagePullPolicy: {{ .Values.images.pullPolicy }}
-          command: [ "workflow-controller" ]
-          args:
-          - "--configmap"
-          - "{{ template "argo-workflows.controller.fullname" . }}-configmap"
-          - "--executor-image"
-          - "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}"
-          - "--loglevel"
-          - "{{ .Values.controller.logging.level }}"
-          - "--gloglevel"
-          - "{{ .Values.controller.logging.globallevel }}"
-          - "--log-format"
-          - "{{ .Values.controller.logging.format }}"
-          {{- if .Values.singleNamespace }}
-          - "--namespaced"
-          {{- end }}
-          {{- with .Values.controller.workflowWorkers }}
-          - "--workflow-workers"
-          - {{ . | quote }}
-          {{- end }}
-          {{- with .Values.controller.extraArgs }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          securityContext:
-            {{- toYaml .Values.controller.securityContext | nindent 12 }}
-          env:
-            - name: ARGO_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: LEADER_ELECTION_IDENTITY
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.name
-          {{- with .Values.controller.extraEnv }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.controller.resources | nindent 12 }}
-          {{- with .Values.controller.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          ports:
-            - name: {{ .Values.controller.metricsConfig.portName }}
-              containerPort: {{ .Values.controller.metricsConfig.port }}
-            - containerPort: 6060
-          livenessProbe: {{ .Values.controller.livenessProbe | toYaml | nindent 12 }}
-        {{- with .Values.controller.extraContainers }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.images.pullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.volumes }}
-      volumes:
-        {{- toYaml . | nindent 6 }}
-      {{- end }}
-      {{- with .Values.controller.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-      - {{ toYaml $constraint | nindent 8 | trim }}
-        {{- if not $constraint.labelSelector }}
-        labelSelector:
-          matchLabels:
-            {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
-        {{- end }}
-        {{- end }}
-      {{- end }}
-      {{- with .Values.controller.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-sa.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-sa.yaml
@@ -1,16 +0,0 @@
-{{- if .Values.controller.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-  {{- with .Values.controller.serviceAccount.labels  }}
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{ with .Values.controller.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml .| nindent 4 }}
-  {{- end }}
-{{- end }}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-rb.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-rb.yaml
@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "argo-workflows.fullname" $ }}-workflow
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
-  namespace: {{ $.Release.Namespace}}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "argo-workflows.fullname" $ }}-workflow
-subjects:
-  - kind: ServiceAccount
-    name: {{ $.Values.workflow.serviceAccount.name }}
-    namespace: {{ $.Release.Namespace}}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/extra-manifests.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/extra-manifests.yaml
@@ -1,8 +0,0 @@
-{{ range .Values.extraObjects }}
---
-{{- if typeIs "string" . }}
-    {{- tpl . $ }}
-{{- else }}
-    {{- tpl (toYaml .) $ }}
-{{- end }}
-{{ end }}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-crb.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-crb.yaml
@@ -1,45 +0,0 @@
-{{- if and .Values.server.enabled .Values.server.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if .Values.singleNamespace }}
-kind: RoleBinding
-{{ else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.server.fullname" . }}
-  {{- if .Values.singleNamespace }}
-  namespace: {{ .Release.Namespace | quote }}
-  {{- end }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if .Values.singleNamespace }}
-  kind: Role
-  {{ else }}
-  kind: ClusterRole
-  {{- end }}
-  name: {{ template "argo-workflows.server.fullname" . }}
-subjects:
- kind: ServiceAccount
-  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-
-{{- if .Values.server.clusterWorkflowTemplates.enabled }}
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.server.fullname" . }}-cluster-template
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
-subjects:
- kind: ServiceAccount
-  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-{{- end -}}
-{{- end -}}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-deployment.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-deployment.yaml
@@ -1,142 +0,0 @@
-{{- if .Values.server.enabled -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app: argoworkflows
-    app.kubernetes.io/managed-by: Helm
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
-  {{- with .Values.server.deploymentAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-    applications.app.bytetrade.io/icon: https://argoproj.github.io/argo-workflows/assets/logo.png
-    applications.app.bytetrade.io/title: argoworkflows
-    applications.app.bytetrade.io/version: '0.35.0'
-  {{- end }}
-spec:
-  {{- if not .Values.server.autoscaling.enabled }}
-  replicas: {{ .Values.server.replicas }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
-      app: argoworkflows
-  template:
-    metadata:
-      labels:
-        app: argoworkflows
-        {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
-        {{- with .Values.server.podLabels }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.server.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    spec:
-      serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }}
-      {{- with .Values.server.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.extraInitContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: argo-server
-          image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.server.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}"
-          imagePullPolicy: {{ .Values.images.pullPolicy }}
-          securityContext:
-            {{- toYaml .Values.server.securityContext | nindent 12 }}
-          args:
-            - server
-            - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap
-          {{- with .Values.server.extraArgs }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- if .Values.server.authMode }}
-            - "--auth-mode={{ .Values.server.authMode }}"
-          {{- end }}
-            - "--secure={{ .Values.server.secure }}"
-            - "--x-frame-options="
-          {{- if .Values.singleNamespace }}
-            - "--namespaced"
-          {{- end }}
-            - "--loglevel"
-            - "{{ .Values.server.logging.level }}"
-            - "--gloglevel"
-            - "{{ .Values.server.logging.globallevel }}"
-            - "--log-format"
-            - "{{ .Values.server.logging.format }}"
-          ports:
-            - name: web
-              containerPort: 2746
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 2746
-              {{- if .Values.server.secure }}
-              scheme: HTTPS
-              {{- else }}
-              scheme: HTTP
-              {{- end }}
-            initialDelaySeconds: 10
-            periodSeconds: 20
-          env:
-            - name: IN_CLUSTER
-              value: "true"
-            - name: ARGO_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: BASE_HREF
-              value: {{ .Values.server.baseHref | quote }}
-          {{- with .Values.server.extraEnv }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.server.resources | nindent 12 }}
-          volumeMounts:
-            - name: tmp
-              mountPath: /tmp
-        
-      volumes:
-        - name: tmp
-          emptyDir: {}
-      {{- with .Values.server.volumes }}
-        {{- toYaml . | nindent 6}}
-      {{- end }}
-      {{- with .Values.server.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-        - {{ toYaml $constraint | nindent 8 | trim }}
-        {{- if not $constraint.labelSelector }}
-          labelSelector:
-            matchLabels:
-            {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }}
-        {{- end }}
-        {{- end }}
-      {{- end }}
-      {{- with .Values.server.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}
-
-{{- end -}}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-sa.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-sa.yaml
@@ -1,16 +0,0 @@
-{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-  {{- with .Values.server.serviceAccount.labels  }}
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{- with .Values.server.serviceAccount.annotations  }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end -}}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-service.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-service.yaml
@@ -1,36 +0,0 @@
-{{- if .Values.server.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "argo-workflows.server.fullname" . }}-svc
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
-  {{- with .Values.server.serviceAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  ports:
-  - port: {{ .Values.server.servicePort }}
-    {{- with .Values.server.servicePortName }}
-    name: {{ . }}
-    {{- end }}
-    targetPort: 2746
-    {{- if and (eq .Values.server.serviceType "NodePort") .Values.server.serviceNodePort }}
-    nodePort: {{ .Values.server.serviceNodePort }}
-    {{- end }}
-  selector:
-    app: {{ template "argo-workflows.server.fullname" . }}
-    {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
-  sessionAffinity: None
-  type: {{ .Values.server.serviceType }}
-  {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }}
-  {{- end }}
-  {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-    {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }}
-  {{- end }}
-{{- end -}}
--- a/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/values.yaml
+++ b/apps/argo/config/user/helm-charts/argo/charts/argoworkflows/values.yaml
@@ -1,840 +0,0 @@
-images:
-  # -- Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`.
-  tag: ""
-  # -- imagePullPolicy to apply to all containers
-  pullPolicy: IfNotPresent
-  # -- Secrets with credentials to pull images from a private registry
-  pullSecrets: []
-  # - name: argo-pull-secret
-
-## Custom resource configuration
-crds:
-  # -- Install and upgrade CRDs
-  install: true
-  # -- Keep CRDs on chart uninstall
-  keep: true
-  # -- Annotations to be added to all CRDs
-  annotations: {}
-
-# -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds
-## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-createAggregateRoles: true
-
-# -- String to partially override "argo-workflows.fullname" template
-nameOverride:
-
-# -- String to fully override "argo-workflows.fullname" template
-fullnameOverride:
-
-# -- Override the Kubernetes version, which is used to evaluate certain manifests
-kubeVersionOverride: ""
-
-# Override APIVersions
-apiVersionOverrides:
-  # -- String to override apiVersion of autoscaling rendered by this helm chart
-  autoscaling: "" # autoscaling/v2
-  # -- String to override apiVersion of GKE resources rendered by this helm chart
-  cloudgoogle: "" # cloud.google.com/v1
-
-# -- Restrict Argo to operate only in a single namespace (the namespace of the
-# Helm release) by apply Roles and RoleBindings instead of the Cluster
-# equivalents, and start workflow-controller with the --namespaced flag. Use it
-# in clusters with strict access policy.
-singleNamespace: false
-
-workflow:
-  # -- Deprecated; use controller.workflowNamespaces instead.
-  namespace:
-  serviceAccount:
-    # -- Specifies whether a service account should be created
-    create: false
-    # -- Labels applied to created service account
-    labels: {}
-    # -- Annotations applied to created service account
-    annotations: {}
-    # -- Service account which is used to run workflows
-    name: "argo-workflow"
-    # -- Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets`
-    pullSecrets: []
-  rbac:
-    # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows.
-    # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below)
-    create: true
-
-controller:
-  image:
-    # -- Registry to use for the controller
-    registry: quay.io
-    # -- Registry to use for the controller
-    repository: argoproj/workflow-controller
-    # -- Image tag for the workflow controller. Defaults to `.Values.images.tag`.
-    tag: ""
-  # -- parallelism dictates how many workflows can be running at the same time
-  parallelism:
-  # -- Globally limits the rate at which pods are created.
-  # This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of
-  # parallel nodes.
-  resourceRateLimit: {}
-    # limit: 10
-  # burst: 1
-
-  rbac:
-    # -- Adds Role and RoleBinding for the controller.
-    create: true
-    # -- Allows controller to get, list, and watch certain k8s secrets
-    secretWhitelist: []
-    # -- Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty.
-    accessAllSecrets: false
-    # -- Allows controller to create and update ConfigMaps. Enables memoization feature
-    writeConfigMaps: false
-
-  # -- Limits the maximum number of incomplete workflows in a namespace
-  namespaceParallelism:
-  # -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224
-  initialDelay:
-  # -- deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment
-  deploymentAnnotations: {}
-  # -- podAnnotations is an optional map of annotations to be applied to the controller Pods
-  podAnnotations: {}
-  # -- Optional labels to add to the controller pods
-  podLabels: {}
-  # -- SecurityContext to set on the controller pods
-  podSecurityContext: {}
-  # podPortName: http
-  metricsConfig:
-    # -- Enables prometheus metrics server
-    enabled: false
-    # -- Path is the path where metrics are emitted. Must start with a "/".
-    path: /metrics
-    # -- Port is the port where metrics are emitted
-    port: 9090
-    # -- How often custom metrics are cleared from memory
-    metricsTTL: ""
-    # -- Flag that instructs prometheus to ignore metric emission errors.
-    ignoreErrors: false
-    # --  Flag that use a self-signed cert for TLS
-    secure: false
-    # -- Container metrics port name
-    portName: metrics
-    # -- Service metrics port
-    servicePort: 8090
-    # -- Service metrics port name
-    servicePortName: metrics
-    # -- ServiceMonitor relabel configs to apply to samples before scraping
-    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
-    relabelings: []
-    # -- ServiceMonitor metric relabel configs to apply to samples before ingestion
-    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
-    metricRelabelings: []
-    # -- ServiceMonitor will add labels from the service to the Prometheus metric
-    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec
-    targetLabels: []
-  # -- the controller container's securityContext
-  securityContext:
-    readOnlyRootFilesystem: true
-    runAsNonRoot: true
-    allowPrivilegeEscalation: false
-    capabilities:
-      drop:
-        - ALL
-  # -- enable persistence using postgres
-  persistence: {}
-  # connectionPool:
-  #   maxIdleConns: 100
-  #   maxOpenConns: 0
-  # # save the entire workflow into etcd and DB
-  # nodeStatusOffLoad: false
-  # # enable archiving of old workflows
-  # archive: false
-  # postgresql:
-  #   host: localhost
-  #   port: 5432
-  #   database: postgres
-  #   tableName: argo_workflows
-  #   # the database secrets must be in the same namespace of the controller
-  #   userNameSecret:
-  #     name: argo-postgres-config
-  #     key: username
-  #   passwordSecret:
-  #     name: argo-postgres-config
-  #     key: password
-
-  # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level.
-  # Only valid for 2.7+
-  ## See more: https://argoproj.github.io/argo-workflows/default-workflow-specs/
-  workflowDefaults: {}
-  #   spec:
-  #     ttlStrategy:
-  #       secondsAfterCompletion: 84600
-  #     # Ref: https://argoproj.github.io/argo-workflows/artifact-repository-ref/
-  #     artifactRepositoryRef:
-  #       configMap: my-artifact-repository # default is "artifact-repositories"
-  #       key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map.
-
-  # -- Number of workflow workers
-  workflowWorkers: # 32
-  # -- Restricts the Workflows that the controller will process.
-  # Only valid for 2.9+
-  workflowRestrictions: {}
-  # templateReferencing: Strict|Secure
-
-  # telemetryConfig controls the path and port for prometheus telemetry. Telemetry is enabled and emitted in the same endpoint
-  # as metrics by default, but can be overridden using this config.
-  telemetryConfig:
-    # -- Enables prometheus telemetry server
-    enabled: false
-    # -- telemetry path
-    path: /telemetry
-    # -- telemetry container port
-    port: 8081
-    # -- How often custom metrics are cleared from memory
-    metricsTTL: ""
-    # -- Flag that instructs prometheus to ignore metric emission errors.
-    ignoreErrors: false
-    # --  Flag that use a self-signed cert for TLS
-    secure: false
-    # -- telemetry service port
-    servicePort: 8081
-    # -- telemetry service port name
-    servicePortName: telemetry
-  serviceMonitor:
-    # -- Enable a prometheus ServiceMonitor
-    enabled: false
-    # -- Prometheus ServiceMonitor labels
-    additionalLabels: {}
-    # -- Prometheus ServiceMonitor namespace
-    namespace: "" # "monitoring"
-  serviceAccount:
-    # -- Create a service account for the controller
-    create: true
-    # -- Service account name
-    name: ""
-    # -- Labels applied to created service account
-    labels: {}
-    # -- Annotations applied to created service account
-    annotations: {}
-
-  # -- Workflow controller name string
-  name: workflow-controller
-
-  # -- Specify all namespaces where this workflow controller instance will manage
-  # workflows. This controls where the service account and RBAC resources will
-  # be created. Only valid when singleNamespace is false.
-  workflowNamespaces:
-    - default
-
-  instanceID:
-    # -- Configures the controller to filter workflow submissions
-    # to only those which have a matching instanceID attribute.
-    ## NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName`
-    ## or `instanceID.explicitID` must be defined.
-    enabled: true
-    # -- Use ReleaseName as instanceID
-    useReleaseName: true
-    # useReleaseName: true
-
-    # -- Use a custom instanceID
-    explicitID: ""
-    # explicitID: unique-argo-controller-identifier
-
-  logging:
-    # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
-    level: info
-    # -- Set the glog logging level
-    globallevel: "0"
-    # -- Set the logging format (one of: `text`, `json`)
-    format: "text"
-
-  # -- Service type of the controller Service
-  serviceType: ClusterIP
-  # -- Annotations to be applied to the controller Service
-  serviceAnnotations: {}
-  # -- Optional labels to add to the controller Service
-  serviceLabels: {}
-  # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
-  loadBalancerSourceRanges: []
-
-  # -- Resource limits and requests for the controller
-  resources: {}
-
-  # -- Configure liveness [probe] for the controller
-  # @default -- See [values.yaml]
-  livenessProbe:
-    httpGet:
-      port: 6060
-      path: /healthz
-    failureThreshold: 3
-    initialDelaySeconds: 90
-    periodSeconds: 60
-    timeoutSeconds: 30
-
-  # -- Extra environment variables to provide to the controller container
-  extraEnv: []
-    # - name: FOO
-  #   value: "bar"
-
-  # -- Extra arguments to be added to the controller
-  extraArgs: []
-  # -- Additional volume mounts to the controller main container
-  volumeMounts: []
-  # -- Additional volumes to the controller pod
-  volumes: []
-  # -- The number of controller pods to run
-  replicas: 1
-
-  pdb:
-    # -- Configure [Pod Disruption Budget] for the controller pods
-    enabled: false
-    # minAvailable: 1
-    # maxUnavailable: 1
-
-  # -- [Node selector]
-  nodeSelector:
-    kubernetes.io/os: linux
-  # -- [Tolerations] for use with node taints
-  tolerations: []
-  # -- Assign custom [affinity] rules
-  affinity: {}
-
-  # -- Assign custom [TopologySpreadConstraints] rules to the workflow controller
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
-  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
-  topologySpreadConstraints: []
-  # - maxSkew: 1
-  #   topologyKey: topology.kubernetes.io/zone
-  #   whenUnsatisfiable: DoNotSchedule
-
-  # -- Leverage a PriorityClass to ensure your pods survive resource shortages.
-  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
-  priorityClassName: ""
-
-  # -- Configure Argo Server to show custom [links]
-  ## Ref: https://argoproj.github.io/argo-workflows/links/
-  links: []
-  # -- Configure Argo Server to show custom [columns]
-  ## Ref: https://github.com/argoproj/argo-workflows/pull/10693
-  columns: []
-  # -- Set ui navigation bar background color
-  navColor: ""
-  clusterWorkflowTemplates:
-    # -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates.
-    enabled: true
-  # -- Extra containers to be added to the controller deployment
-  extraContainers: []
-
-  # -- Enables init containers to be added to the controller deployment
-  extraInitContainers: []
-
-  # -- Workflow retention by number of workflows
-  retentionPolicy: {}
-  #  completed: 10
-  #  failed: 3
-  #  errored: 3
-
-  nodeEvents:
-    # -- Enable to emit events on node completion.
-    ## This can take up a lot of space in k8s (typically etcd) resulting in errors when trying to create new events:
-    ## "Unable to create audit event: etcdserver: mvcc: database space exceeded"
-    enabled: true
-
-  # -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads,
-  # or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret.
-  # @default -- `{}` (See [values.yaml])
-  kubeConfig: {}
-    # # name of the kubeconfig secret, may not be empty when kubeConfig specified
-    # secretName: kubeconfig-secret
-    # # key of the kubeconfig secret, may not be empty when kubeConfig specified
-    # secretKey: kubeconfig
-    # # mounting path of the kubeconfig secret, default to /kube/config
-    # mountPath: /kubeconfig/mount/path
-    # # volume name when mounting the secret, default to kubeconfig
-  # volumeName: kube-config-volume
-
-  # -- Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately.
-  # @default -- `30` seconds (Kubernetes default)
-  podGCGracePeriodSeconds:
-
-  # -- The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately.
-  # @default -- `5s` (Argo Workflows default)
-  podGCDeleteDelayDuration: ""
-
-# mainContainer adds default config for main container that could be overriden in workflows template
-mainContainer:
-  # -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`.
-  imagePullPolicy: ""
-  # -- Resource limits and requests for the Workflow main container
-  resources: {}
-  # -- Adds environment variables for the Workflow main container
-  env: []
-  # -- Adds reference environment variables for the Workflow main container
-  envFrom: []
-  # -- sets security context for the Workflow main container
-  securityContext: {}
-
-# executor controls how the init and wait container should be customized
-executor:
-  image:
-    # -- Registry to use for the Workflow Executors
-    registry: quay.io
-    # -- Repository to use for the Workflow Executors
-    repository: argoproj/argoexec
-    # -- Image tag for the workflow executor. Defaults to `.Values.images.tag`.
-    tag: ""
-    # -- Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`.
-    pullPolicy: ""
-  # -- Resource limits and requests for the Workflow Executors
-  resources: {}
-  # -- Passes arguments to the executor processes
-  args: []
-  # -- Adds environment variables for the executor.
-  env: []
-  # -- sets security context for the executor container
-  securityContext: {}
-
-server:
-  # -- Deploy the Argo Server
-  enabled: true
-  # -- Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /.
-  ## only updates base url of resources on client side,
-  ## it's expected that a proxy server rewrites the request URL and gets rid of this prefix
-  ## https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190
-  baseHref: /
-  image:
-    # -- Registry to use for the server
-    registry: quay.io
-    # -- Repository to use for the server
-    repository: argoproj/argocli
-    # -- Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`.
-    tag: ""
-  # -- optional map of annotations to be applied to the ui Deployment
-  deploymentAnnotations: {}
-  # -- optional map of annotations to be applied to the ui Pods
-  podAnnotations: {}
-  # -- Optional labels to add to the UI pods
-  podLabels: {}
-  # -- SecurityContext to set on the server pods
-  podSecurityContext: {}
-  rbac:
-    # -- Adds Role and RoleBinding for the server.
-    create: true
-  # -- Servers container-level security context
-  securityContext:
-    readOnlyRootFilesystem: false
-    runAsNonRoot: true
-    allowPrivilegeEscalation: false
-    capabilities:
-      drop:
-        - ALL
-  # -- Server name string
-  name: server
-  # -- Service type for server pods
-  serviceType: ClusterIP
-  # -- Service port for server
-  servicePort: 2746
-  # -- Service node port
-  serviceNodePort: # 32746
-  # -- Service port name
-  servicePortName: "http" # http
-
-  serviceAccount:
-    # -- Create a service account for the server
-    create: true
-    # -- Service account name
-    name: ""
-    # -- Labels applied to created service account
-    labels: {}
-    # -- Annotations applied to created service account
-    annotations: {}
-
-  # -- Annotations to be applied to the UI Service
-  serviceAnnotations: {}
-  # -- Optional labels to add to the UI Service
-  serviceLabels: {}
-  # -- Static IP address to assign to loadBalancer service type `LoadBalancer`
-  loadBalancerIP: ""
-  # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
-  loadBalancerSourceRanges: []
-  # -- Resource limits and requests for the server
-  resources: {}
-  # -- The number of server pods to run
-  replicas: 1
-  ## Argo Server Horizontal Pod Autoscaler
-  autoscaling:
-    # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server
-    enabled: false
-    # -- Minimum number of replicas for the Argo Server [HPA]
-    minReplicas: 1
-    # -- Maximum number of replicas for the Argo Server [HPA]
-    maxReplicas: 5
-    # -- Average CPU utilization percentage for the Argo Server [HPA]
-    targetCPUUtilizationPercentage: 50
-    # -- Average memory utilization percentage for the Argo Server [HPA]
-    targetMemoryUtilizationPercentage: 50
-    # -- Configures the scaling behavior of the target in both Up and Down directions.
-    # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer
-    behavior: {}
-      # scaleDown:
-      #  stabilizationWindowSeconds: 300
-      #  policies:
-      #   - type: Pods
-      #     value: 1
-      #     periodSeconds: 180
-      # scaleUp:
-      #   stabilizationWindowSeconds: 300
-      #   policies:
-      #   - type: Pods
-    #     value: 2
-  pdb:
-    # -- Configure [Pod Disruption Budget] for the server pods
-    enabled: false
-    # minAvailable: 1
-    # maxUnavailable: 1
-
-  # -- [Node selector]
-  nodeSelector:
-    kubernetes.io/os: linux
-
-  # -- [Tolerations] for use with node taints
-  tolerations: []
-
-  # -- Assign custom [affinity] rules
-  affinity: {}
-
-  # -- Assign custom [TopologySpreadConstraints] rules to the argo server
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
-  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
-  topologySpreadConstraints: []
-  # - maxSkew: 1
-  #   topologyKey: topology.kubernetes.io/zone
-  #   whenUnsatisfiable: DoNotSchedule
-
-  # -- Leverage a PriorityClass to ensure your pods survive resource shortages
-  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
-  priorityClassName: ""
-
-  # -- Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs.
-  ## See the following documentation for more details on secure mode:
-  ## https://argoproj.github.io/argo-workflows/tls/
-  secure: false
-
-  # -- Extra environment variables to provide to the argo-server container
-  extraEnv: []
-    # - name: FOO
-  #   value: "bar"
-
-  # -- Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well.
-  ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/
-  authMode: "server"
-
-  # -- Extra arguments to provide to the Argo server binary.
-  ## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options
-  extraArgs: []
-
-  logging:
-    # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
-    level: info
-    # -- Set the glog logging level
-    globallevel: "0"
-    # -- Set the logging format (one of: `text`, `json`)
-    format: "text"
-
-  # -- Additional volume mounts to the server main container.
-  volumeMounts: []
-  # -- Additional volumes to the server pod.
-  volumes: []
-
-  ## Ingress configuration.
-  # ref: https://kubernetes.io/docs/user-guide/ingress/
-  ingress:
-    # -- Enable an ingress resource
-    enabled: false
-    # -- Additional ingress annotations
-    annotations: {}
-    # -- Additional ingress labels
-    labels: {}
-    # -- Defines which ingress controller will implement the resource
-    ingressClassName: ""
-
-    # -- List of ingress hosts
-    ## Hostnames must be provided if Ingress is enabled.
-    ## Secrets must be manually created in the namespace
-    hosts: []
-    # - argoworkflows.example.com
-
-    # -- List of ingress paths
-    paths:
-      - /
-
-    # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
-    pathType: Prefix
-    # -- Additional ingress paths
-    extraPaths: []
-      # - path: /*
-      #   backend:
-      #     serviceName: ssl-redirect
-      #     servicePort: use-annotation
-      ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used)
-      # - path: /*
-      #   pathType: Prefix
-      #   backend:
-      #     service
-      #       name: ssl-redirect
-      #       port:
-    #         name: use-annotation
-
-    # -- Ingress TLS configuration
-    tls: []
-      # - secretName: argoworkflows-example-tls
-      #   hosts:
-    #     - argoworkflows.example.com
-
-  ## Create a Google Backendconfig  for use with the GKE Ingress Controller
-  ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
-  GKEbackendConfig:
-    # -- Enable BackendConfig custom resource for Google Kubernetes Engine
-    enabled: false
-    # -- [BackendConfigSpec]
-    spec: {}
-  #  spec:
-  #    iap:
-  #      enabled: true
-  #      oauthclientCredentials:
-  #        secretName: argoworkflows-secret
-
-  ## Create a Google Managed Certificate for use with the GKE Ingress Controller
-  ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
-  GKEmanagedCertificate:
-    # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine.
-    enabled: false
-    # -- Domains for the Google Managed Certificate
-    domains:
-      - argoworkflows.example.com
-
-  ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller
-  ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
-  GKEfrontendConfig:
-    # -- Enable FrontConfig custom resource for Google Kubernetes Engine
-    enabled: false
-    # -- [FrontendConfigSpec]
-    spec: {}
-  # spec:
-  #   redirectToHttps:
-  #     enabled: true
-  #     responseCodeName: RESPONSE_CODE
-
-  clusterWorkflowTemplates:
-    # -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates.
-    enabled: true
-    # -- Give the server permissions to edit ClusterWorkflowTemplates.
-    enableEditing: true
-
-  # SSO configuration when SSO is specified as a server auth mode.
-  sso:
-    # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`.
-    enabled: false
-    # -- The root URL of the OIDC identity provider
-    issuer: https://accounts.google.com
-    clientId:
-      # -- Name of secret to retrieve the app OIDC client ID
-      name: argo-server-sso
-      # -- Key of secret to retrieve the app OIDC client ID
-      key: client-id
-    clientSecret:
-      # -- Name of a secret to retrieve the app OIDC client secret
-      name: argo-server-sso
-      # -- Key of a secret to retrieve the app OIDC client secret
-      key: client-secret
-    # - The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
-    redirectUrl: https://argo/oauth2/callback
-    rbac:
-      # -- Adds ServiceAccount Policy to server (Cluster)Role.
-      enabled: true
-      # -- Whitelist to allow server to fetch Secrets
-      ## When present, restricts secrets the server can read to a given list.
-      ## You can use it to restrict the server to only be able to access the
-      ## service account token secrets that are associated with service accounts
-      ## used for authorization.
-      secretWhitelist: []
-    # -- Scopes requested from the SSO ID provider
-    ## The 'groups' scope requests group membership information, which is usually used for authorization decisions.
-    scopes: []
-    # - groups
-    # -- Define how long your login is valid for (in hours)
-    ## If omitted, defaults to 10h.
-    sessionExpiry: ""
-    # -- Alternate root URLs that can be included for some OIDC providers
-    issuerAlias: ""
-    # -- Override claim name for OIDC groups
-    customGroupClaimName: ""
-    # -- Specify the user info endpoint that contains the groups claim
-    ## Configure this if your OIDC provider provides groups information only using the user-info endpoint (e.g. Okta)
-    userInfoPath: ""
-    # -- Skip TLS verification for the HTTP client
-    insecureSkipVerify: false
-
-  # -- Extra containers to be added to the server deployment
-  extraContainers: []
-
-  # -- Enables init containers to be added to the server deployment
-  extraInitContainers: []
-
-# -- Array of extra K8s manifests to deploy
-extraObjects: []
-  # - apiVersion: secrets-store.csi.x-k8s.io/v1
-  #   kind: SecretProviderClass
-  #   metadata:
-  #     name: argo-server-sso
-  #   spec:
-  #     provider: aws
-  #     parameters:
-  #       objects: |
-  #         - objectName: "argo/server/sso"
-  #           objectType: "secretsmanager"
-  #           jmesPath:
-  #               - path: "client_id"
-  #                 objectAlias: "client_id"
-  #               - path: "client_secret"
-  #                 objectAlias: "client_secret"
-  #     secretObjects:
-  #     - data:
-  #       - key: client_id
-  #         objectName: client_id
-  #       - key: client_secret
-  #         objectName: client_secret
-  #       secretName: argo-server-sso-secrets-store
-#       type: Opaque
-
-# -- Use static credentials for S3 (eg. when not using AWS IRSA)
-useStaticCredentials: true
-artifactRepository:
-  # -- Archive the main container logs as an artifact
-  archiveLogs: true
-  # -- Store artifact in a S3-compliant object store
-  # @default -- See [values.yaml]
-  s3: 
-    # # Note the `key` attribute is not the actual secret, it's the PATH to
-    # # the contents in the associated secret, as defined by the `name` attribute.
-    accessKeySecret:
-      name: argo-workflow-log-fakes3
-      key: AWS_ACCESS_KEY_ID
-    secretKeySecret:
-      name: argo-workflow-log-fakes3
-      key: AWS_SECRET_ACCESS_KEY
-    # # insecure will disable TLS. Primarily used for minio installs not configured with TLS
-    insecure: true
-    keyFormat: "{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}"
-    bucket: mongo-backup
-    # endpoint: workflow-archivelog-s3:4568
-    # region:
-    # roleARN:
-    # useSDKCreds: true
-    # encryptionOptions:
-  #    enableEncryption: true
-  # -- Store artifact in a GCS object store
-  # @default -- `{}` (See [values.yaml])
-  gcs: {}
-  # bucket: <project>-argo
-  # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}"
-  # serviceAccountKeySecret is a secret selector.
-  # It references the k8s secret named 'my-gcs-credentials'.
-  # This secret is expected to have have the key 'serviceAccountKey',
-  # containing the base64 encoded credentials
-  # to the bucket.
-  #
-  # If it's running on GKE and Workload Identity is used,
-  # serviceAccountKeySecret is not needed.
-  # serviceAccountKeySecret:
-  # name: my-gcs-credentials
-  # key: serviceAccountKey
-  # -- Store artifact in Azure Blob Storage
-  # @default -- `{}` (See [values.yaml])
-  azure: {}
-  # endpoint: https://mystorageaccountname.blob.core.windows.net
-  # container: my-container-name
-  # blobNameFormat: path/in/container
-  ## accountKeySecret is a secret selector.
-  ## It references the k8s secret named 'my-azure-storage-credentials'.
-  ## This secret is expected to have have the key 'account-access-key',
-  ## containing the base64 encoded credentials to the storage account.
-  ## If a managed identity has been assigned to the machines running the
-  ## workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity)
-  ## then accountKeySecret is not needed, and useSDKCreds should be
-  ## set to true instead:
-  # useSDKCreds: true
-  # accountKeySecret:
-  #  name: my-azure-storage-credentials
-  #  key: account-access-key
-
-# -- The section of custom artifact repository.
-# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure)
-customArtifactRepository: {}
-# artifactory:
-#   repoUrl: https://artifactory.example.com/raw
-#   usernameSecret:
-#     name: artifactory-creds
-#     key: username
-#   passwordSecret:
-#     name: artifactory-creds
-#     key: password
-
-# -- The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/).
-# Each map key is the name of configmap
-# @default -- `{}` (See [values.yaml])
-artifactRepositoryRef: {}
-  # # -- 1st ConfigMap
-  # # If you want to use this config map by default, name it "artifact-repositories".
-  # # Otherwise, you can provide a reference to a
-  # # different config map in `artifactRepositoryRef.configMap`.
-  # artifact-repositories:
-  #   # -- v3.0 and after - if you want to use a specific key, put that key into this annotation.
-  #   annotations:
-  #     workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository
-  #   # 1st data of configmap. See above artifactRepository or customArtifactRepository.
-  #   default-v1-s3-artifact-repository:
-  #     archiveLogs: false
-  #     s3:
-  #       bucket: my-bucket
-  #       endpoint: minio:9000
-  #       insecure: true
-  #       accessKeySecret:
-  #         name: my-minio-cred
-  #         key: accesskey
-  #       secretKeySecret:
-  #         name: my-minio-cred
-  #         key: secretkey
-  #    # 2nd data
-  #    oss-artifact-repository:
-  #      archiveLogs: false
-  #      oss:
-  #        endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com
-  #        bucket: $mybucket
-  #        # accessKeySecret and secretKeySecret are secret selectors.
-  #        # It references the k8s secret named 'bucket-workflow-artifect-credentials'.
-  #        # This secret is expected to have have the keys 'accessKey'
-  #        # and 'secretKey', containing the base64 encoded credentials
-  #        # to the bucket.
-  #        accessKeySecret:
-  #          name: $mybucket-credentials
-  #          key: accessKey
-  #        secretKeySecret:
-  #          name: $mybucket-credentials
-  #          key: secretKey
-  # # 2nd ConfigMap
-  # another-artifact-repositories:
-  #   annotations:
-  #     workflows.argoproj.io/default-artifact-repository: gcs
-  #   gcs:
-  #     bucket: my-bucket
-  #     keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}}
-  #     serviceAccountKeySecret:
-  #       name: my-gcs-credentials
-#       key: serviceAccountKey
-
-emissary:
-  # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used.
-  ## See more: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary
-  images: []
-  #  argoproj/argosay:v2:
-  #    cmd: [/argosay]
-  #  docker/whalesay:latest:
-  #    cmd: [/bin/bash]
--- a/apps/argo/config/user/helm-charts/argo/templates/argo_deployment.yaml
+++ b/apps/argo/config/user/helm-charts/argo/templates/argo_deployment.yaml
@@ -1,185 +0,0 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $rss_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
-{{- $password := "" -}}
-{{ if $rss_secret -}}
-{{ $password = (index $rss_secret "data" "pg_password") }}
-{{ else -}}
-{{ $password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password := "" -}}
-{{ if $rss_secret -}}
-{{ $redis_password = (index $rss_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-
-{{- $redis_password_data := "" -}}
-{{ $redis_password_data = $redis_password | b64dec }}
-
-{{- $pg_password_data := "" -}}
-{{ $pg_password_data = $password | b64dec }}
-
-{{- $mongo_secret := (lookup "v1" "Secret" .Release.Namespace "knowledge-mongodb") -}}
-{{- $mongo_password := randAlphaNum 16 | b64enc -}}
-
-{{- $mongo_password_data := "" -}}
-{{ if $mongo_secret -}}
-  {{ $mongo_password_data = (index $mongo_secret "data" "mongodb-passwords" ) | b64dec }}
-{{ else -}}
-  {{ $mongo_password_data = $mongo_password | b64dec }}
-{{- end -}}
-
-{{- $pg_user :=  printf "%s%s" "rss_" .Values.bfl.username -}}
-{{- $pg_user = $pg_user | b64enc -}}
-
---
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rss-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $password }}
-  redis_password: {{ $redis_password }}
-
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rss-secrets
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  pg_user: {{ $pg_user }}
-  pg_password: {{ $password }}
-  redis_password: {{ $redis_password }}
-
-
---
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: knowledge-mongodb
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-
-{{ if $mongo_secret -}}
-data:
-  mongodb-passwords: {{ index $mongo_secret "data" "mongodb-passwords" }}
-{{ else -}}
-data:
-  mongodb-passwords: {{ $mongo_password }}
-{{ end }}
-
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: knowledge-mongodb
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-
-{{ if $mongo_secret -}}
-data:
-  mongodb-passwords: {{ index $mongo_secret "data" "mongodb-passwords" }}
-{{ else -}}
-data:
-  mongodb-passwords: {{ $mongo_password }}
-{{ end }}
-
---
-
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: rss-secrets-auth
-  namespace: {{ .Release.Namespace }}
-data:
-  redis_password: "{{ $redis_password_data }}"
-  redis_addr: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379
-  redis_host: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-  redis_port: '6379'
-  pg_url: postgres://rss_{{ .Values.bfl.username }}:{{ $pg_password_data }}@citus-master-svc.user-system-{{ .Values.bfl.username }}/user_space_{{ .Values.bfl.username }}_rss_v1?sslmode=disable
-  mongo_url: mongodb://knowledge-{{ .Values.bfl.username }}:{{ $mongo_password_data }}@mongo-cluster-mongos.user-system-{{ .Values.bfl.username }}:27017/{{ .Release.Namespace }}_knowledge
-  mongo_db: {{ .Release.Namespace }}_knowledge
-  postgres_host: citus-master-svc.user-system-{{ .Values.bfl.username }}
-  postgres_user: knowledge_{{ .Values.bfl.username }}
-  postgres_password: "{{ $pg_password_data }}"
-  postgres_db: user_space_{{ .Values.bfl.username }}_knowledge
-  postgres_port: '5432'
-
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: rss-userspace-data
-  namespace: {{ .Release.Namespace }}
-data:
-  appData: "{{ .Values.userspace.appData }}"
-  appCache: "{{ .Values.userspace.appCache }}"
-  username: "{{ .Values.bfl.username }}"
-
-
-
---
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: rss-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: rss
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: rss_{{ .Values.bfl.username }}
-    password: 
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: rss-secrets
-    databases:
-    - name: rss
-    - name: rss_v1
-    - name: argo
-
---
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: knowledge-redis
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: rss
-  appNamespace: {{ .Release.Namespace }}
-  middleware: redis
-  redis:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: redis_password
-          name: rss-secrets
-    namespace: knowledge
-
---
-    
-apiVersion: v1
-kind: Service
-metadata:
-  name: workflow-archivelog-s3
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  type: ClusterIP
-  selector:
-    app: systemserver
-  ports:
-    - protocol: TCP
-      name: fakes3
-      port: 4568
-      targetPort: 4568
--- a/apps/argo/config/user/helm-charts/recommend/Chart.yaml
+++ b/apps/argo/config/user/helm-charts/recommend/Chart.yaml
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: recommend
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
--- a/apps/argo/config/user/helm-charts/recommend/templates/_helpers.tpl
+++ b/apps/argo/config/user/helm-charts/recommend/templates/_helpers.tpl
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "recommend.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "recommend.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "recommend.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "recommend.labels" -}}
-helm.sh/chart: {{ include "recommend.chart" . }}
-{{ include "recommend.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "recommend.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "recommend.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "recommend.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "recommend.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
--- a/apps/argo/config/user/helm-charts/recommend/templates/argo_fe_deploy.yaml
+++ b/apps/argo/config/user/helm-charts/recommend/templates/argo_fe_deploy.yaml
@@ -1,117 +0,0 @@
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: recommend
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ExternalName
-  externalName: argoworkflows-svc.{{ .Release.Namespace }}.svc.cluster.local
-  ports:
-    - name: http
-      port: 2746
-      protocol: TCP
-      targetPort: 2746
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: argoworkflows-ui
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-    - port: 80
-      protocol: TCP
-      targetPort: 8080
-  selector:
-    app: recommend
-  type: ClusterIP
-
---
-{{ if (eq .Values.debugVersion true) }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: recommend
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: recommend
-    applications.app.bytetrade.io/author: bytetrade.io
-
-    applications.app.bytetrade.io/name: recommend
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/recommend/icon.png
-    applications.app.bytetrade.io/title: recommend
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"recommend", "host":"argoworkflows-ui", "port":80,"title":"recommend"}]'
-
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: recommend
-  template:
-    metadata:
-      labels:
-        app: recommend
-        io.bytetrade.app: "true"
-    spec:
-      containers:
-        - name: recommend-proxy
-          image: nginx:stable-alpine3.17-slim
-          imagePullPolicy: IfNotPresent
-          ports:
-            - name: proxy
-              containerPort: 8080
-          volumeMounts:
-            - name: nginx-config
-              readOnly: true
-              mountPath: /etc/nginx/nginx.conf
-              subPath: nginx.conf
-      volumes:
-        - name: nginx-config
-          configMap:
-            name: recommend-nginx-configs
-            items:
-              - key: nginx.conf
-                path: nginx.conf
-{{ end }}
-
-
-
---
-apiVersion: v1
-data:
-  nginx.conf: |
-    # Configuration checksum:
-
-    pid /var/run/nginx.pid;
-
-    worker_processes auto;
-
-    events {
-      worker_connections 1024;
-    }
-
-    http {
-      server {
-        listen 8080;
-
-        location / {
-          proxy_pass http://recommend:2746;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-      }
-    }
-kind: ConfigMap
-metadata:
-  name: recommend-nginx-configs
-  namespace: {{ .Release.Namespace }}
-
--- a/apps/desktop/README.md
+++ b/apps/desktop/README.md
@@ -1,3 +0,0 @@
-# desktop
-
-https://github.com/beclab/desktop
--- a/apps/desktop/config/user/helm-charts/desktop/templates/desktop_deploy.yaml
+++ b/apps/desktop/config/user/helm-charts/desktop/templates/desktop_deploy.yaml
@@ -1,742 +0,0 @@
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: edge-desktop
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: edge-desktop
-    applications.app.bytetrade.io/author: bytetrade.io
-  annotations:
-    applications.app.bytetrade.io/version: '0.0.1'
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: edge-desktop
-  template:
-    metadata:
-      labels:
-        app: edge-desktop
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-      initContainers:
-      - args:
-        - -it
-        - authelia-backend.os-system:9091,system-server.user-system-{{ .Values.bfl.username }}:80
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      - name: terminus-sidecar-init
-        image: openservicemesh/init:v1.2.3
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-          capabilities: 
-            add:
-            - NET_ADMIN
-          runAsNonRoot: false
-          runAsUser: 0
-        command:
-        - /bin/sh
-        - -c
-        - |
-          iptables-restore --noflush <<EOF
-          # sidecar interception rules
-          *nat
-          :PROXY_IN_REDIRECT - [0:0]
-          :PROXY_INBOUND - [0:0]
-          -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-          -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-          -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-          -A PREROUTING -p tcp -j PROXY_INBOUND
-          COMMIT
-          EOF
-        
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-
-      containers:
-      - name: edge-desktop
-        image: beclab/desktop:v0.2.45
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-        ports:
-        - containerPort: 80
-        env:
-          - name: apiServerURL
-            value: http://bfl.{{ .Release.Namespace }}:8080
-
-      - name: desktop-server
-        image: beclab/desktop-server:v0.2.45
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        volumeMounts:
-        - name: userspace-dir
-          mountPath: /Home
-        ports:
-        - containerPort: 3000
-        env:
-        - name: OS_SYSTEM_SERVER
-          value: system-server.user-system-{{ .Values.bfl.username }}
-        - name: OS_APP_SECRET
-          value: '{{ .Values.os.desktop.appSecret }}'
-        - name: OS_APP_KEY
-          value: {{ .Values.os.desktop.appKey }}
-        - name: APP_SERVICE_SERVICE_HOST
-          value: app-service.os-system
-        - name: APP_SERVICE_SERVICE_PORT
-          value: '6755'
-
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-      - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.3'
-        imagePullPolicy: IfNotPresent
-        command:
-          - /ws-gateway
-        env:
-          - name: WS_PORT
-            value: '3010'
-          - name: WS_URL
-            value: /websocket/message
-        resources: {}
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-      volumes:
-      - name: userspace-dir
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.userData }}
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-ws-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: edge-desktop
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: edge-desktop
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 80
-      
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  namespace: {{ .Release.Namespace }}
-  name: internal-kubectl
-
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:edge-desktop-rb
-subjects:
-  - kind: ServiceAccount
-    namespace: {{ .Release.Namespace }}
-    name: internal-kubectl
-roleRef:
-  # kind: Role
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: app-event-watcher
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  callbacks:
-  - filters:
-      type:
-      - app-installation-event
-    op: Create
-    uri: /server/app_installation_event
-  - filters:
-      type:
-        - entrance-state-event
-    op: Create
-    uri: /server/entrance_state_event
-  - filters:
-      type:
-      - settings-event
-    op: Create
-    uri: /server/app_installation_event
-  - filters:
-      type:
-      - system-upgrade-event
-    op: Create
-    uri: /server/system_upgrade_event
-  dataType: event
-  deployment: edge-desktop
-  description: desktop event watcher
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: message-disptahcer.system-server
-  kind: watcher
-  namespace: {{ .Release.Namespace }}
-  version: v1
-status:
-  state: active
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: intent-api
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: legacy_api
-  deployment: edge-desktop
-  description: edge-desktop legacy api
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: api.intent
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  version: v1
-  opApis:
-  - name: POST
-    uri: /server/intent/send
-status:
-  state: active
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: intent-api-v2
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: legacy_api
-  deployment: edge-desktop
-  description: edge-desktop legacy api
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: api.intent
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  version: v2
-  opApis:
-    - name: POST
-      uri: /server/intent/send
-status:
-  state: active
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: destktop-ai-provider
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: ai_message
-  deployment: edge-desktop
-  description: search ai callback
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: service.desktop
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: AIMessage
-    uri: /server/ai_message
-  version: v1
-status:
-  state: active
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: desktop-notification
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: notification
-  deployment: edge-desktop
-  description: send notification to desktop client
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: service.desktop
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: Create
-    uri: /notification/create
-  - name: Query
-    uri: /notification/query
-  version: v1
-status:
-  state: active
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ApplicationPermission
-metadata:
-  name: desktop
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: desktop
-  appid: desktop
-  key: {{ .Values.os.desktop.appKey }}
-  secret: {{ .Values.os.desktop.appSecret }}
-  permissions:
-  - dataType: files
-    group: service.files
-    ops:
-    - Query
-    version: v1
-  - dataType: datastore
-    group: service.bfl
-    ops:
-    - GetKey
-    - GetKeyPrefix
-    - SetKey
-    - DeleteKey
-    version: v1
-  - dataType: app
-    group: service.bfl
-    ops:
-    - UserApps
-    version: v1
-  - dataType: app
-    group: service.appstore
-    ops:
-    - UninstallDevApp
-    version: v1
-status:
-  state: active
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: desktop-config
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: config
-  deployment: edge-desktop
-  description: Set Desktop Config
-  endpoint: edge-desktop.{{ .Release.Namespace }}
-  group: service.desktop
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: Update
-    uri: /server/updateDesktopConfig
-  version: v1
-status:
-  state: active
-
---
-apiVersion: v1
-data:
-  envoy.yaml: |
-    admin:
-      access_log_path: "/dev/stdout"
-      address:
-        socket_address:
-          address: 0.0.0.0
-          port_value: 15000
-    static_resources:
-      listeners:
-      - name: listener_0
-        address:
-          socket_address:
-            address: 0.0.0.0
-            port_value: 15003
-        listener_filters:
-          - name: envoy.filters.listener.original_dst
-            typed_config:
-              "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
-        filter_chains:
-          - filters:
-              - name: envoy.filters.network.http_connection_manager
-                typed_config:
-                  "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                  stat_prefix: desktop_http
-                  upgrade_configs:
-                  - upgrade_type: websocket      
-                  - upgrade_type: tailscale-control-protocol            
-                  skip_xff_append: false
-                  max_request_headers_kb: 500
-                  codec_type: AUTO
-                  route_config:
-                    name: local_route
-                    virtual_hosts:
-                      - name: service
-                        domains: ["*"]
-                        routes:
-                          - match:
-                              prefix: "/"
-                            route:
-                              cluster: original_dst
-                              timeout: 180s
-                  http_protocol_options:
-                    accept_http_10: true
-                  http_filters:
-                  - name: envoy.filters.http.ext_authz
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
-                      http_service:
-                        path_prefix: '/api/verify/'
-                        server_uri:
-                          uri: authelia-backend.os-system:9091
-                          cluster: authelia
-                          timeout: 2s
-                        authorization_request:
-                          allowed_headers:
-                            patterns:
-                              - exact: accept
-                              - exact: cookie
-                              - exact: proxy-authorization
-                              - prefix: x-unauth-
-                              - exact: x-authorization
-                              - exact: x-bfl-user
-                              - exact: terminus-nonce
-                          headers_to_add:
-                            - key: X-Forwarded-Method
-                              value: '%REQ(:METHOD)%'
-                            - key: X-Forwarded-Proto
-                              value: '%REQ(:SCHEME)%'
-                            - key: X-Forwarded-Host
-                              value: '%REQ(:AUTHORITY)%'
-                            - key: X-Forwarded-Uri
-                              value: '%REQ(:PATH)%'
-                            - key: X-Forwarded-For
-                              value: '%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%'
-                        authorization_response:
-                          allowed_upstream_headers:
-                            patterns:
-                              - exact: authorization
-                              - exact: proxy-authorization
-                              - prefix: remote-
-                              - prefix: authelia-
-                          allowed_client_headers:
-                            patterns:
-                              - exact: set-cookie
-                          allowed_client_headers_on_success:
-                            patterns:
-                              - exact: set-cookie
-                      failure_mode_allow: false                      
-                  - name: envoy.filters.http.router
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-
-      - name: listener_image
-        address:
-          socket_address:
-            address: 127.0.0.1
-            port_value: 15080
-        filter_chains:
-          - filters:
-              - name: envoy.filters.network.http_connection_manager
-                typed_config:
-                  "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                  stat_prefix: tapr_http
-                  http_protocol_options:
-                    accept_http_10: true
-                  upgrade_configs:
-                  - upgrade_type: websocket                  
-                  skip_xff_append: false
-                  codec_type: AUTO
-                  route_config:
-                    name: local_route
-                    virtual_hosts:
-                      - name: service
-                        domains: ["*"]
-                        routes:
-                          - match:
-                              prefix: "/images/upload"
-                            route:
-                              cluster: images
-                  http_protocol_options:
-                    accept_http_10: true
-                  http_filters:
-                  - name: envoy.filters.http.router
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-        
-        
-      clusters:
-      - name: original_dst
-        connect_timeout: 5000s
-        type: ORIGINAL_DST
-        lb_policy: CLUSTER_PROVIDED
-      - name: authelia
-        connect_timeout: 2s
-        type: LOGICAL_DNS
-        dns_lookup_family: V4_ONLY
-        dns_refresh_rate: 600s
-        lb_policy: ROUND_ROBIN
-        load_assignment:
-          cluster_name: authelia
-          endpoints:
-            - lb_endpoints:
-                - endpoint:
-                    address:
-                      socket_address:
-                        address: authelia-backend.os-system
-                        port_value: 9091
-      - name: images
-        connect_timeout: 5s
-        type: LOGICAL_DNS
-        dns_lookup_family: V4_ONLY
-        dns_refresh_rate: 600s
-        lb_policy: ROUND_ROBIN
-        load_assignment:
-          cluster_name: images
-          endpoints:
-            - lb_endpoints:
-                - endpoint:
-                    address:
-                      socket_address:
-                        address: tapr-images-svc.user-system-{{ .Values.bfl.username }}
-                        port_value: 8080
-kind: ConfigMap
-metadata:
-  name: sidecar-configs
-  namespace: {{ .Release.Namespace }}
-
---
-apiVersion: v1
-data:
-  envoy.yaml: |
-    admin:
-      access_log_path: "/dev/stdout"
-      address:
-        socket_address:
-          address: 0.0.0.0
-          port_value: 15000
-    static_resources:
-      listeners:
-      - name: listener_0
-        address:
-          socket_address:
-            address: 0.0.0.0
-            port_value: 15003
-        listener_filters:
-          - name: envoy.filters.listener.original_dst
-            typed_config:
-              "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
-        filter_chains:
-          - filters:
-              - name: envoy.filters.network.http_connection_manager
-                typed_config:
-                  "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                  stat_prefix: desktop_http
-                  upgrade_configs:
-                  - upgrade_type: websocket      
-                  - upgrade_type: tailscale-control-protocol            
-                  skip_xff_append: false
-                  max_request_headers_kb: 500
-                  codec_type: AUTO
-                  route_config:
-                    name: local_route
-                    virtual_hosts:
-                      - name: service
-                        domains: ["*"]
-                        routes:
-                          - match:
-                              prefix: "/ws"
-                            route:
-                              cluster: ws_original_dst
-                          - match:
-                              prefix: "/"
-                            route:
-                              cluster: original_dst
-                              timeout: 180s
-                  http_protocol_options:
-                    accept_http_10: true
-                  http_filters:
-                  - name: envoy.filters.http.ext_authz
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
-                      http_service:
-                        path_prefix: '/api/verify/'
-                        server_uri:
-                          uri: authelia-backend.os-system:9091
-                          cluster: authelia
-                          timeout: 2s
-                        authorization_request:
-                          allowed_headers:
-                            patterns:
-                              - exact: accept
-                              - exact: cookie
-                              - exact: proxy-authorization
-                              - prefix: x-unauth-
-                              - exact: x-authorization
-                              - exact: x-bfl-user
-                              - exact: terminus-nonce
-                          headers_to_add:
-                            - key: X-Forwarded-Method
-                              value: '%REQ(:METHOD)%'
-                            - key: X-Forwarded-Proto
-                              value: '%REQ(:SCHEME)%'
-                            - key: X-Forwarded-Host
-                              value: '%REQ(:AUTHORITY)%'
-                            - key: X-Forwarded-Uri
-                              value: '%REQ(:PATH)%'
-                            - key: X-Forwarded-For
-                              value: '%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%'
-                        authorization_response:
-                          allowed_upstream_headers:
-                            patterns:
-                              - exact: authorization
-                              - exact: proxy-authorization
-                              - prefix: remote-
-                              - prefix: authelia-
-                          allowed_client_headers:
-                            patterns:
-                              - exact: set-cookie
-                          allowed_client_headers_on_success:
-                            patterns:
-                              - exact: set-cookie
-                      failure_mode_allow: false                      
-                  - name: envoy.filters.http.router
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-
-      - name: listener_image
-        address:
-          socket_address:
-            address: 127.0.0.1
-            port_value: 15080
-        filter_chains:
-          - filters:
-              - name: envoy.filters.network.http_connection_manager
-                typed_config:
-                  "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                  stat_prefix: tapr_http
-                  http_protocol_options:
-                    accept_http_10: true
-                  upgrade_configs:
-                  - upgrade_type: websocket                  
-                  skip_xff_append: false
-                  codec_type: AUTO
-                  route_config:
-                    name: local_route
-                    virtual_hosts:
-                      - name: service
-                        domains: ["*"]
-                        routes:
-                          - match:
-                              prefix: "/images/upload"
-                            route:
-                              cluster: images
-                  http_filters:
-                  - name: envoy.filters.http.router
-                    typed_config:
-                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-        
-        
-      clusters:
-      - name: original_dst
-        connect_timeout: 5000s
-        type: ORIGINAL_DST
-        lb_policy: CLUSTER_PROVIDED
-      - name: ws_original_dst
-        connect_timeout: 5000s
-        type: LOGICAL_DNS
-        dns_lookup_family: V4_ONLY
-        dns_refresh_rate: 600s
-        lb_policy: ROUND_ROBIN
-        load_assignment:
-          cluster_name: ws_original_dst
-          endpoints:
-            - lb_endpoints:
-                - endpoint:
-                    address:
-                      socket_address:
-                        address: localhost
-                        port_value: 40010
-      - name: authelia
-        connect_timeout: 2s
-        type: LOGICAL_DNS
-        dns_lookup_family: V4_ONLY
-        dns_refresh_rate: 600s
-        lb_policy: ROUND_ROBIN
-        load_assignment:
-          cluster_name: authelia
-          endpoints:
-            - lb_endpoints:
-                - endpoint:
-                    address:
-                      socket_address:
-                        address: authelia-backend.os-system
-                        port_value: 9091
-      - name: images
-        connect_timeout: 5s
-        type: LOGICAL_DNS
-        dns_lookup_family: V4_ONLY
-        dns_refresh_rate: 600s
-        lb_policy: ROUND_ROBIN
-        load_assignment:
-          cluster_name: images
-          endpoints:
-            - lb_endpoints:
-                - endpoint:
-                    address:
-                      socket_address:
-                        address: tapr-images-svc.user-system-{{ .Values.bfl.username }}
-                        port_value: 8080
-kind: ConfigMap
-metadata:
-  name: sidecar-ws-configs
-  namespace: {{ .Release.Namespace }}
--- a/apps/desktop/config/user/helm-charts/desktop/values.yaml
+++ b/apps/desktop/config/user/helm-charts/desktop/values.yaml
@@ -1,39 +0,0 @@
-
-bfl:
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  rss:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-  appstore:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""
--- a/apps/download/.DS_Store
+++ b/apps/download/.DS_Store
--- a/apps/download/README.md
+++ b/apps/download/README.md
@@ -1,3 +0,0 @@
-# vault
-
-https://github.com/beclab/analytic
--- a/apps/download/config/user/helm-charts/.DS_Store
+++ b/apps/download/config/user/helm-charts/.DS_Store
--- a/apps/download/config/user/helm-charts/download/.DS_Store
+++ b/apps/download/config/user/helm-charts/download/.DS_Store
--- a/apps/download/config/user/helm-charts/download/templates/download_deploy.yaml
+++ b/apps/download/config/user/helm-charts/download/templates/download_deploy.yaml
@@ -1,319 +0,0 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $download_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
-
-{{- $pg_password := "" -}}
-{{ if $download_secret -}}
-{{ $pg_password = (index $download_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password := "" -}}
-{{ if $download_secret -}}
-{{ $redis_password = (index $download_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $download_nats_secret := (lookup "v1" "Secret" $namespace "download-secrets") -}}
-{{- $nat_password := "" -}}
-{{ if $download_nats_secret -}}
-{{ $nat_password = (index $download_nats_secret "data" "nat_password") }}
-{{ else -}}
-{{ $nat_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: download-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
-  redis_password: {{ $redis_password }}
-  nat_password: {{ $nat_password }}
---
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: download-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: download
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: knowledge_{{ .Values.bfl.username }}
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: download-secrets
-    databases:
-    - name: knowledge
---
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: download-nat
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: download
-  appNamespace: {{ .Release.Namespace }}
-  middleware: nats
-  nats:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: nat_password
-          name: download-secrets
-    refs: []
-    subjects:
-    - name: download_status
-      permission:
-        pub: allow
-        sub: allow
-      export:
-      - appName: knowledge
-        sub: allow
-        pub: allow
-    user: user-system-{{ .Values.bfl.username }}-download
---
-
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: download
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: download
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: download
-  template:
-    metadata:
-      labels:
-        app: download
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-
-      initContainers:
-      - name: init-data
-        image: busybox:1.28
-        securityContext:
-          privileged: true
-          runAsNonRoot: false
-          runAsUser: 0
-        volumeMounts:
-        - name: config-dir
-          mountPath: /config
-        - name: download-dir
-          mountPath: /downloads
-        command:
-        - sh
-        - -c
-        - |
-          chown -R 1000:1000 /config && \
-          chown -R 1000:1000 /downloads
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: knowledge_{{ .Values.bfl.username }}
-          - name: PGPASSWORD
-            value: {{ $pg_password | b64dec }}
-          - name: PGDB
-            value: user_space_{{ .Values.bfl.username }}_knowledge
-      containers:
-      - name: aria2
-        image: "beclab/aria2:v0.0.3"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-        ports:
-        - containerPort: 6800
-        - containerPort: 6888
-        env:
-        - name: RPC_SECRET
-          value: kubespider
-        - name: PUID
-          value: "1000"
-        - name: PGID
-          value: "1000"
-        volumeMounts:
-        - name: download-dir
-          mountPath: /downloads
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-      - name: yt-dlp
-        image: "beclab/yt-dlp:v0.0.16"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        ports:
-        - containerPort: 3082
-        env:
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        - name: SETTING_URL
-          value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
-        - name: REDIS_HOST
-          value: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-        - name: REDIS_PASSWORD
-          value: {{ $redis_password | b64dec }}
-        - name: NATS_HOST
-          value: nats.user-system-{{ .Values.bfl.username }}
-        - name: NATS_PORT
-          value: "4222"
-        - name: NATS_USERNAME
-          value: user-system-{{ .Values.bfl.username }}-download
-        - name: NATS_PASSWORD
-          value: {{ $nat_password | b64dec }}
-        - name: NATS_SUBJECT
-          value: "terminus.{{ .Release.Namespace }}.download_status"
-        volumeMounts:
-        - name: config-dir
-          mountPath: /app/config
-        - name: download-dir
-          mountPath: /app/downloads
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-      - name: download-spider
-        image: "beclab/download-spider:v0.0.15"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        env:
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        - name: REDIS_HOST
-          value: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-        - name: REDIS_PASSWORD
-          value: {{ $redis_password | b64dec }}
-        - name: NATS_HOST
-          value: nats.user-system-{{ .Values.bfl.username }}
-        - name: NATS_PORT
-          value: "4222"
-        - name: NATS_USERNAME
-          value: user-system-{{ .Values.bfl.username }}-download
-        - name: NATS_PASSWORD
-          value: {{ $nat_password | b64dec }}
-        - name: NATS_SUBJECT
-          value: "terminus.{{ .Release.Namespace }}.download_status"
-        volumeMounts:
-        - name: download-dir
-          mountPath: /downloads
-        
-        ports:
-        - containerPort: 3080
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-
-      volumes:
-      - name: config-dir
-        hostPath: 
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.appData}}/Downloads/config
-      - name: download-dir
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.userData }}
-
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: download-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: download
-  ports:
-    - name: "download-spider"
-      protocol: TCP
-      port: 3080
-      targetPort: 3080
-    - name: "aria2-server"
-      protocol: TCP
-      port: 6800
-      targetPort: 6800
-    - name: ytdlp-server
-      protocol: TCP
-      port: 3082
-      targetPort: 3082
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: download-api
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  type: ClusterIP
-  selector:
-    app: systemserver
-  ports:
-    - protocol: TCP
-      name: download-api
-      port: 3080
-      targetPort: 3080  
-
-
--- a/apps/download/config/user/helm-charts/download/values.yaml
+++ b/apps/download/config/user/helm-charts/download/values.yaml
@@ -1,43 +0,0 @@
-
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  wise:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""
--- a/apps/files/README.md
+++ b/apps/files/README.md
@@ -1,3 +0,0 @@
-# files
-
-https://github.com/beclab/files
--- a/apps/files/config/user/helm-charts/files/templates/_helpers.tpl
+++ b/apps/files/config/user/helm-charts/files/templates/_helpers.tpl
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "files.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "files.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "files.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "files.labels" -}}
-helm.sh/chart: {{ include "files.chart" . }}
-{{ include "files.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "files.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "files.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "files.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "files.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
--- a/apps/files/config/user/helm-charts/files/templates/files_fe_deploy.yaml
+++ b/apps/files/config/user/helm-charts/files/templates/files_fe_deploy.yaml
@@ -1,835 +0,0 @@
-
-
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $zinc_files_secret := (lookup "v1" "Secret" $namespace "zinc-files-secrets") -}}
-
-{{- $password := "" -}}
-{{ if $zinc_files_secret -}}
-{{ $password = (index $zinc_files_secret "data" "password") }}
-{{ else -}}
-{{ $password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password := "" -}}
-{{ if $zinc_files_secret -}}
-{{ $redis_password = (index $zinc_files_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password_data := "" -}}
-{{ $redis_password_data = $redis_password | b64dec }}
-
-{{- $pg_password := "" -}}
-{{ if $zinc_files_secret -}}
-{{ $pg_password = (index $zinc_files_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cloud-drive-integration-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
---
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: cloud-drive-integration-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: cloud-drive-integration
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: cloud_drive_integration_{{ .Values.bfl.username }}
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: cloud-drive-integration-secrets
-    databases:
-    - name: cloud-drive-integration
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cloud-drive-integration-secrets-auth
-  namespace: {{ .Release.Namespace }}
-data:
-  redis_password: {{ $redis_password_data }}
-  redis_addr: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379
-  redis_host: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-  redis_port: '6379'
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cloud-drive-integration-userspace-data
-  namespace: {{ .Release.Namespace }}
-data:
-  appData: "{{ .Values.userspace.appData }}"
-  appCache: "{{ .Values.userspace.appCache }}"
-  username: "{{ .Values.bfl.username }}"
-
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: files-deployment
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: files
-    applications.app.bytetrade.io/name: files
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-    applications.app.bytetrade.io/author: bytetrade.io
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/files/icon.png
-    applications.app.bytetrade.io/title: Files
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"files", "host":"files-service", "port":80,"title":"Files","windowPushState":true}]'
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: files
-  template:
-    metadata:
-      labels:
-        app: files
-        io.bytetrade.app: "true"
-    spec:
-      serviceAccountName: bytetrade-controller
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-      initContainers:
-      - name: init-data
-        image: busybox:1.28
-        securityContext:
-          privileged: true
-          runAsNonRoot: false
-          runAsUser: 0
-        volumeMounts:
-        - name: fb-data
-          mountPath: /appdata
-        - name: uploads-temp
-          mountPath: /uploadstemp
-        command:
-        - sh
-        - -c
-        - |
-          chown -R 1000:1000 /uploadstemp && \
-          chown -R 1000:1000 /appdata
-      - args:
-        - -it
-        - authelia-backend.os-system:9091
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      - name: terminus-sidecar-init
-        image: openservicemesh/init:v1.2.3
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-          capabilities: 
-            add:
-            - NET_ADMIN
-          runAsNonRoot: false
-          runAsUser: 0
-        command:
-        - /bin/sh
-        - -c
-        - |
-          iptables-restore --noflush <<EOF
-          # sidecar interception rules
-          *nat
-          :PROXY_IN_REDIRECT - [0:0]
-          :PROXY_INBOUND - [0:0]
-          -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-          -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-          -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-          -A PREROUTING -p tcp -j PROXY_INBOUND
-          COMMIT
-          EOF
-        
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: cloud_drive_integration_{{ .Values.bfl.username }}
-          - name: PGPASSWORD
-            value: "{{ $pg_password | b64dec }}"
-          - name: PGDB
-            value: user_space_{{ .Values.bfl.username }}_cloud_drive_integration
-      containers:
-#      - name: gateway
-#        image: beclab/appdata-gateway:0.1.12
-#        imagePullPolicy: IfNotPresent
-#        ports:
-#        - containerPort: 8080
-#        env:
-#        - name: FILES_SERVER_TAG
-#          value: 'beclab/files-server:v0.2.27'
-#        - name: NAMESPACE
-#          valueFrom:
-#            fieldRef:
-#              fieldPath: metadata.namespace
-#        - name: OS_SYSTEM_SERVER
-#          value: system-server.user-system-{{ .Values.bfl.username }}
-
-#      - name: files
-#        image: beclab/files-server:v0.2.27
-#        imagePullPolicy: IfNotPresent
-#        volumeMounts:
-#        - name: fb-data
-#          mountPath: /appdata
-#        - name: userspace-dir
-#          mountPath: /data/Home
-#        - name: userspace-app-dir
-#          mountPath: /data/Application
-#        - name: watch-dir
-#          mountPath: /data/Home/Documents
-#        - name: upload-appdata
-#          mountPath: /appcache/
-#        ports:
-#        - containerPort: 8110
-#        env:
-#        - name: ES_ENABLED
-#          value: 'True'
-#        - name: WATCHER_ENABLED
-#          value: 'True'
-#        - name: cloud-drive-integration_BASE_ENABLED
-#          value: 'True'
-#        - name: BFL_NAME
-#          value: '{{ .Values.bfl.username }}'
-#        - name: FB_DATABASE
-#          value: /appdata/database/filebrowser.db
-#        - name: FB_CONFIG
-#          value: /appdata/config/settings.json
-#        - name: FB_ROOT
-#          value: /data
-#        - name: OS_SYSTEM_SERVER
-#          value: system-server.user-system-{{ .Values.bfl.username }}
-#        - name: OS_APP_SECRET
-#          value: '{{ .Values.os.files.appSecret }}'
-#        - name: OS_APP_KEY
-#          value: {{ .Values.os.files.appKey }}
-#        - name: ZINC_USER
-#          value: zincuser-files-{{ .Values.bfl.username }}
-#        - name: ZINC_PASSWORD
-#          value: {{ $password | b64dec }}
-#        - name: ZINC_HOST
-#          value: zinc-server-svc.user-system-{{ .Values.bfl.username }}
-#        - name: ZINC_PORT
-#          value: "80"
-#        - name: ZINC_INDEX
-#          value: {{ .Release.Namespace }}_zinc-files
-#        - name: WATCH_DIR
-#          value: /data/Home/Documents
-#        - name: PATH_PREFIX
-#          value: /data/Home
-#        - name: REDIS_HOST
-#          value: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-#        - name: REDIS_PORT
-#          value: '6379'
-#        - name: REDIS_USERNAME
-#          value: ''
-#        - name: REDIS_PASSWORD
-#          value: {{ $redis_password | b64dec }}
-#        - name: REDIS_USE_SSL
-#          value: 'false'
-#          # use redis db 0 for redis cache
-#        - name: REDIS_DB
-#          value: '0'
-#        - name: REDIS_URL
-#          value: 'redis://:{{ $redis_password | b64dec }}@redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379/0'
-#        - name: POD_NAME
-#          valueFrom:
-#            fieldRef:
-#              fieldPath: metadata.name
-#        - name: NAMESPACE
-#          valueFrom:
-#            fieldRef:
-#              fieldPath: metadata.namespace
-#        - name: CONTAINER_NAME
-#          value: files
-#        - name: NOTIFY_SERVER
-#          value: fsnotify-svc.user-system-{{ .Values.bfl.username }}:5079
-#        command:
-#        - /filebrowser
-#        - --noauth
-      - name: files-frontend
-        image: beclab/files-frontend:v1.2.69
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-        ports:
-        - containerPort: 80
-        volumeMounts:
-        - name: userspace-dir
-          mountPath: /data
-      - name: drive-server
-        image: beclab/drive:v0.0.29
-        imagePullPolicy: IfNotPresent
-        env:
-        - name: OS_SYSTEM_SERVER
-          value: system-server.user-system-{{ .Values.bfl.username }}
-        - name: DATABASE_URL
-          value: postgres://cloud_drive_integration_{{ .Values.bfl.username }}:{{ $pg_password | b64dec }}@citus-master-svc.user-system-{{ .Values.bfl.username }}:5432/user_space_{{ .Values.bfl.username }}_cloud_drive_integration
-        - name: REDIS_URL
-          value: redis://:{{ $redis_password | b64dec }}@redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379/0
-        - name: TASK_EXECUTOR_MAX_THREADS
-          value: '6'
-        ports: 
-        - containerPort: 8181
-        volumeMounts:
-        - name: upload-data
-          mountPath: /data/Home
-        - name: upload-appdata
-          mountPath: /appdata/
-        - name: userspace-app-dir
-          mountPath: /data/Application
-      - name: task-executor
-        image: beclab/driveexecutor:v0.0.29
-        imagePullPolicy: IfNotPresent
-        env:
-        - name: OS_SYSTEM_SERVER
-          value: system-server.user-system-{{ .Values.bfl.username }}
-        - name: DATABASE_URL
-          value: postgres://cloud_drive_integration_{{ .Values.bfl.username }}:{{ $pg_password | b64dec }}@citus-master-svc.user-system-{{ .Values.bfl.username }}:5432/user_space_{{ .Values.bfl.username }}_cloud_drive_integration
-        - name: REDIS_URL
-          value: redis://:{{ $redis_password | b64dec }}@redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379/0
-        - name: TASK_EXECUTOR_MAX_THREADS
-          value: '6'
-        ports: 
-        - containerPort: 8181
-        volumeMounts:
-        - name: upload-data
-          mountPath: /data/Home
-        - name: upload-appdata
-          mountPath: /appdata/
-        - name: userspace-app-dir
-          mountPath: /data/Application
-#      - name: terminus-upload-sidecar
-#        image: beclab/upload:v1.0.3
-#        env:
-#        - name: UPLOAD_FILE_TYPE
-#          value: '*'
-#        - name: UPLOAD_LIMITED_SIZE
-#          value: '21474836481'
-#        volumeMounts:
-#        - name: upload-data
-#          mountPath: /data/Home
-#        - name: upload-appdata
-#          mountPath: /appdata/
-#        - name: userspace-app-dir
-#          mountPath: /data/Application
-#        - name: uploads-temp
-#          mountPath: /uploadstemp
-#        resources: { }
-#        terminationMessagePath: /dev/termination-log
-#        terminationMessagePolicy: File
-#        imagePullPolicy: IfNotPresent
-
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-
-      volumes:
-      - name: watch-dir
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.userData }}/Documents
-      - name: userspace-dir
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.userData }}
-      - name: userspace-app-dir
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.appData }}
-      - name: fb-data
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.appCache}}/files
-      - name: upload-data
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.userData }}
-      - name: upload-appdata
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.appCache}}
-      - name: uploads-temp
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.appCache }}/files/uploadstemp
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-upload-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-
-   
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: files-service
-  namespace: {{ .Release.Namespace }}
-spec:
-  selector:
-    app: files
-  type: ClusterIP
-  ports:
-    - protocol: TCP
-      name: files
-      port: 80
-      targetPort: 80
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: files-provider
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: files
-  deployment: files
-  description: files provider
-  endpoint: files-service.{{ .Release.Namespace }}
-  group: service.files
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-    - name: Query
-      uri: /provider/query_file
-    - name: GetSearchFolderStatus
-      uri: /provider/get_search_folder_status
-    - name: UpdateSearchFolderPaths
-      uri: /provider/update_search_folder_paths
-    - name: GetDatasetFolderStatus
-      uri: /provider/get_dataset_folder_status
-    - name: UpdateDatasetFolderPaths
-      uri: /provider/update_dataset_folder_paths
-  version: v1
-status:
-  state: active
-
-#---
-#apiVersion: sys.bytetrade.io/v1alpha1
-#kind: ApplicationPermission
-#metadata:
-#  name: files
-#  namespace: user-system-{{ .Values.bfl.username }}
-#spec:
-#  app: files
-#  appid: files
-#  key: {{ .Values.os.files.appKey }}
-#  secret: {{ .Values.os.files.appSecret }}
-#  permissions:
-#    - dataType: gateway
-#      group: service.difyfusionclient
-#      ops:
-#        - DifyGatewayBaseProvider
-#      version: v1
-#status:
-#  state: active
-
-#---
-#apiVersion: v1
-#data:
-#  mappings: |
-#    {
-#      "properties": {
-#        "@timestamp": {
-#          "type": "date",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "_id": {
-#          "type": "keyword",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "content": {
-#          "type": "text",
-#          "index": true,
-#          "store": true,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": true
-#        },
-#        "created": {
-#          "type": "numeric",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "format_name": {
-#          "type": "text",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "md5": {
-#          "type": "text",
-#          "analyzer": "keyword",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "name": {
-#          "type": "text",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "size": {
-#          "type": "numeric",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "updated": {
-#          "type": "numeric",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "where": {
-#          "type": "text",
-#          "analyzer": "keyword",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        }
-#      }
-#    }
-#kind: ConfigMap
-#metadata:
-#  name: zinc-files
-#  namespace: user-system-{{ .Values.bfl.username }}
-
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: zinc-files-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  password: {{ $password }}
-  redis_password: {{ $redis_password }}
-  pg_password: {{ $pg_password }}
-
-#---
-#apiVersion: apr.bytetrade.io/v1alpha1
-#kind: MiddlewareRequest
-#metadata:
-#  name: zinc-files
-#  namespace: user-system-{{ .Values.bfl.username }}
-#spec:
-#  app: files
-#  appNamespace: user-space-{{ .Values.bfl.username }}
-#  middleware: zinc
-#  zinc:
-#    user: zincuser-files-{{ .Values.bfl.username }}
-#    password:
-#      valueFrom:
-#        secretKeyRef:
-#          key: password
-#          name: zinc-files-secrets
-#    indexes:
-#      - name: zinc-files
-#        namespace: user-system-{{ .Values.bfl.username }}
-#        key: mappings
-
---
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: zinc-files-redis
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: files
-  appNamespace: user-space-{{ .Values.bfl.username }}
-  middleware: redis
-  redis:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: redis_password
-          name: zinc-files-secrets
-    namespace: zinc-files
-
-
---
-apiVersion: v1
-data:
-  envoy.yaml: |
-    admin:
-      access_log_path: "/dev/stdout"
-      address:
-        socket_address:
-          address: 0.0.0.0
-          port_value: 15000
-    static_resources:
-      listeners:
-        - name: listener_0
-          address:
-            socket_address:
-              address: 0.0.0.0
-              port_value: 15003
-          listener_filters:
-            - name: envoy.filters.listener.original_dst
-              typed_config:
-                "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
-          filter_chains:
-            - filters:
-                - name: envoy.filters.network.http_connection_manager
-                  typed_config:
-                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                    stat_prefix: desktop_http
-                    upgrade_configs:
-                      - upgrade_type: websocket
-                      - upgrade_type: tailscale-control-protocol
-                    skip_xff_append: false
-                    max_request_headers_kb: 500
-                    codec_type: AUTO
-                    route_config:
-                      name: local_route
-                      virtual_hosts:
-                        - name: service
-                          domains: ["*"]
-                          routes:
-                            - match:
-                                prefix: "/upload"
-                              route:
-                                cluster: upload_original_dst
-                            - match:
-                                prefix: "/"
-                              route:
-                                cluster: original_dst
-                                timeout: 600s
-                    http_protocol_options:
-                      accept_http_10: true
-                    http_filters:
-                      - name: envoy.filters.http.ext_authz
-                        typed_config:
-                          "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
-                          http_service:
-                            path_prefix: '/api/verify/'
-                            server_uri:
-                              uri: authelia-backend.os-system:9091
-                              cluster: authelia
-                              timeout: 2s
-                            authorization_request:
-                              allowed_headers:
-                                patterns:
-                                  - exact: accept
-                                  - exact: cookie
-                                  - exact: proxy-authorization
-                                  - prefix: x-unauth-
-                                  - exact: x-authorization
-                                  - exact: x-bfl-user
-                                  - exact: terminus-nonce
-                              headers_to_add:
-                                - key: X-Forwarded-Method
-                                  value: '%REQ(:METHOD)%'
-                                - key: X-Forwarded-Proto
-                                  value: '%REQ(:SCHEME)%'
-                                - key: X-Forwarded-Host
-                                  value: '%REQ(:AUTHORITY)%'
-                                - key: X-Forwarded-Uri
-                                  value: '%REQ(:PATH)%'
-                                - key: X-Forwarded-For
-                                  value: '%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%'
-                            authorization_response:
-                              allowed_upstream_headers:
-                                patterns:
-                                  - exact: authorization
-                                  - exact: proxy-authorization
-                                  - prefix: remote-
-                                  - prefix: authelia-
-                              allowed_client_headers:
-                                patterns:
-                                  - exact: set-cookie
-                              allowed_client_headers_on_success:
-                                patterns:
-                                  - exact: set-cookie
-                          failure_mode_allow: false
-                      - name: envoy.filters.http.router
-                        typed_config:
-                          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-
-        - name: listener_image
-          address:
-            socket_address:
-              address: 127.0.0.1
-              port_value: 15080
-          filter_chains:
-            - filters:
-                - name: envoy.filters.network.http_connection_manager
-                  typed_config:
-                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                    stat_prefix: tapr_http
-                    http_protocol_options:
-                      accept_http_10: true
-                    upgrade_configs:
-                      - upgrade_type: websocket
-                    skip_xff_append: false
-                    codec_type: AUTO
-                    route_config:
-                      name: local_route
-                      virtual_hosts:
-                        - name: service
-                          domains: ["*"]
-                          routes:
-                            - match:
-                                prefix: "/images/upload"
-                              route:
-                                cluster: images
-                    http_filters:
-                      - name: envoy.filters.http.router
-                        typed_config:
-                          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
-
-
-      clusters:
-        - name: original_dst
-          connect_timeout: 5000s
-          type: ORIGINAL_DST
-          lb_policy: CLUSTER_PROVIDED
-        - name: upload_original_dst
-          connect_timeout: 5000s
-          type: LOGICAL_DNS
-          dns_lookup_family: V4_ONLY
-          dns_refresh_rate: 600s
-          lb_policy: ROUND_ROBIN
-          load_assignment:
-            cluster_name: upload_original_dst
-            endpoints:
-              - lb_endpoints:
-                  - endpoint:
-                      address:
-                        socket_address:
-                          address: files-service.os-system
-                          port_value: 80
-        - name: authelia
-          connect_timeout: 2s
-          type: LOGICAL_DNS
-          dns_lookup_family: V4_ONLY
-          dns_refresh_rate: 600s
-          lb_policy: ROUND_ROBIN
-          load_assignment:
-            cluster_name: authelia
-            endpoints:
-              - lb_endpoints:
-                  - endpoint:
-                      address:
-                        socket_address:
-                          address: authelia-backend.os-system
-                          port_value: 9091
-        - name: images
-          connect_timeout: 5s
-          type: LOGICAL_DNS
-          dns_lookup_family: V4_ONLY
-          dns_refresh_rate: 600s
-          lb_policy: ROUND_ROBIN
-          load_assignment:
-            cluster_name: images
-            endpoints:
-              - lb_endpoints:
-                  - endpoint:
-                      address:
-                        socket_address:
-                          address: tapr-images-svc.user-system-{{ .Values.bfl.username }}
-                          port_value: 8080
-kind: ConfigMap
-metadata:
-  name: sidecar-upload-configs
-  namespace: {{ .Release.Namespace }}
--- a/apps/knowledge/config/user/helm-charts/knowledge/Chart.yaml
+++ b/apps/knowledge/config/user/helm-charts/knowledge/Chart.yaml
@@ -1,26 +0,0 @@
-apiVersion: v2
-name: knowledge
-description: A Helm chart for Kubernetes
-maintainers:
- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
--- a/apps/knowledge/config/user/helm-charts/knowledge/templates/_helpers.tpl
+++ b/apps/knowledge/config/user/helm-charts/knowledge/templates/_helpers.tpl
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "knowledge.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "knowledge.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "knowledge.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "knowledge.labels" -}}
-helm.sh/chart: {{ include "knowledge.chart" . }}
-{{ include "knowledge.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "knowledge.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "knowledge.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "knowledge.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "knowledge.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
--- a/apps/knowledge/config/user/helm-charts/knowledge/templates/knowledge_deployment.yaml
+++ b/apps/knowledge/config/user/helm-charts/knowledge/templates/knowledge_deployment.yaml
@@ -1,548 +0,0 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $knowledge_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
-
-{{- $redis_password := "" -}}
-{{ if $knowledge_secret -}}
-{{ $redis_password = (index $knowledge_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password_data := "" -}}
-{{ $redis_password_data = $redis_password | b64dec }}
-
-
-{{- $pg_password := "" -}}
-{{ if $knowledge_secret -}}
-{{ $pg_password = (index $knowledge_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $knowledge_nats_secret := (lookup "v1" "Secret" $namespace "knowledge-secrets") -}}
-{{- $nat_password := "" -}}
-{{ if $knowledge_nats_secret -}}
-{{ $nat_password = (index $knowledge_nats_secret "data" "nat_password") }}
-{{ else -}}
-{{ $nat_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: knowledge-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
-  nat_password: {{ $nat_password }}
---
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: knowledge-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: knowledge
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: knowledge_{{ .Values.bfl.username }}
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: knowledge-secrets
-    databases:
-    - name: knowledge
-      extensions:
-      - pg_trgm
-      - btree_gin
---
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: knowledge-nat
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: knowledge
-  appNamespace: {{ .Release.Namespace }}
-  middleware: nats
-  nats:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: nat_password
-          name: knowledge-secrets
-    refs:
-    - appName: download
-      appNamespace: {{ .Release.Namespace }}
-      subjects:
-      - name: download_status
-        perm:
-        - pub
-        - sub
-    user: user-system-{{ .Values.bfl.username }}-knowledge
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: knowledge-secrets-auth
-  namespace: {{ .Release.Namespace }}
-data:
-  redis_password: {{ $redis_password_data }}
-  redis_addr: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379
-  redis_host: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-  redis_port: '6379'
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: knowledge-userspace-data
-  namespace: {{ .Release.Namespace }}
-data:
-  appData: "{{ .Values.userspace.appData }}"
-  appCache: "{{ .Values.userspace.appCache }}"
-  username: "{{ .Values.bfl.username }}"
-
---
-
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: knowledge
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: knowledge
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: knowledge
-  template:
-    metadata:
-      labels:
-        app: knowledge
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-
-      initContainers:
-      - name: init-data
-        image: busybox:1.28
-        securityContext:
-          privileged: true
-          runAsNonRoot: false
-          runAsUser: 0
-        volumeMounts:
-        - name: juicefs
-          mountPath: /juicefs
-        command:
-        - sh
-        - -c
-        - |
-          chown -R 1000:1000 /juicefs
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: knowledge_{{ .Values.bfl.username }}
-          - name: PGPASSWORD
-            value: {{ $pg_password | b64dec }}
-          - name: PGDB
-            value: user_space_{{ .Values.bfl.username }}_knowledge
-      containers:
-      - name: knowledge
-        image: "beclab/knowledge-base-api:v0.1.56"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        ports:
-        - containerPort: 3010
-        env:
-        - name: BACKEND_URL
-          value: http://127.0.0.1:8080
-        - name: RSSHUB_URL
-          value: 'http://rss-server.os-system:1200'
-        - name: SEARCH_URL
-          value: 'http://search3.os-system:80'
-        - name: REDIS_PASSWORD
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_password
-        - name: REDIS_ADDR
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_addr
-        - name: PDF_SAVE_PATH
-          value: /data/Home/Documents/Pdf/
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        - name: DOWNLOAD_URL
-          value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080
-        - name: BFL_USER_NAME
-          value: "{{ .Values.bfl.username }}"
-        - name: SETTING_URL
-          value: http://system-server.user-system-{{ .Values.bfl.username }}
-        - name: NATS_HOST
-          value: nats.user-system-{{ .Values.bfl.username }}
-        - name: NATS_PORT
-          value: "4222"
-        - name: NATS_USERNAME
-          value: user-system-{{ .Values.bfl.username }}-knowledge
-        - name: NATS_PASSWORD
-          value: {{ $nat_password | b64dec }}
-        - name: NATS_SUBJECT
-          value: "terminus.{{ .Release.Namespace }}.download_status"
-        - name: SOCKET_URL
-          value: 'http://localhost:40010'
-        volumeMounts:
-        - name: watch-dir
-          mountPath: /data/Home/Documents
-
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 1Gi
-
-      - name: backend-server
-        image: "beclab/recommend-backend:v0.0.24"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        env:
-        - name: LISTEN_ADDR
-          value: 127.0.0.1:8080
-        - name: REDIS_PASSWORD
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_password
-        - name: REDIS_ADDR
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_addr
-        - name: OS_SYSTEM_SERVER
-          value: system-server.user-system-{{ .Values.bfl.username }}
-        - name: OS_APP_SECRET
-          value: '{{ .Values.os.wise.appSecret }}'
-        - name: OS_APP_KEY
-          value: {{ .Values.os.wise.appKey }}
-        - name: RSS_HUB_URL
-          value: 'http://rss-server.os-system:1200/'
-        - name: WE_CHAT_REFRESH_FEED_URL
-          value: https://recommend-wechat-prd.bttcdn.com/api/wechat/entries
-        - name: WECHAT_ENTRY_CONTENT_GET_API_URL
-          value: https://recommend-wechat-prd.bttcdn.com/api/wechat/entry/content
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        - name: WATCH_DIR
-          value: /data/Home/Downloads
-        - name: NOTIFY_SERVER
-          value: fsnotify-svc.user-system-{{ .Values.bfl.username }}:5079
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.name
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        - name: CONTAINER_NAME
-          value: backend-server
-        - name: YT_DLP_API_URL
-          value: http://download-svc.user-space-{{ .Values.bfl.username }}:3082/api/v1/get_metadata
-        - name: DOWNLOAD_API_URL
-          value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080/api/termius/download
-        - name: SETTING_API_URL
-          value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
-        volumeMounts:
-          - name: watch-dir
-            mountPath: /data/Home/Downloads
-        ports:
-        - containerPort: 8080
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "800m"
-            memory: 400Mi
-
-      - name: sync
-        image: "beclab/recommend-sync:v0.0.15"
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        env:
-        - name: TERMIUS_USER_NAME
-          value: "{{ .Values.bfl.username }}"
-        - name: JUICEFS_ROOT_DIRECTORY
-          value: /juicefs
-        - name: KNOWLEDGE_BASE_API_URL
-          value: http://127.0.0.1:3010
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        - name: PG_PORT
-          value: "5432"
-        - name: TERMINUS_RECOMMEND_REDIS_ADDR
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_addr
-        - name: TERMINUS_RECOMMEND_REDIS_PASSOWRD
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_password
-        volumeMounts:
-        - name: juicefs
-          mountPath: /juicefs
-       
-      - name: crawler
-        image: "beclab/recommend-crawler:v0.0.14"
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        env:
-        - name: TERMIUS_USER_NAME
-          value: "{{ .Values.bfl.username }}"
-        - name: KNOWLEDGE_BASE_API_URL
-          value: http://127.0.0.1:3010
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "800m"
-            memory: 800Mi
-
-      - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.3'
-        imagePullPolicy: IfNotPresent
-        command:
-          - /ws-gateway
-        env:
-          - name: WS_PORT
-            value: '3010'
-          - name: WS_URL
-            value: /knowledge/websocket/message
-        resources: {}
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-
-      volumes:
-      - name: watch-dir
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.userData }}
-      - name: juicefs
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.appData }}/rss/data
-          
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-ws-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-      
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: rss-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: knowledge
-  ports:
-    - name: "backend-server"
-      protocol: TCP
-      port: 8080
-      targetPort: 8080
-    # - name: "rss-sdk"
-    #   protocol: TCP
-    #   port: 3000
-    #   targetPort: 3000
-    - name: "knowledge-base-api"
-      protocol: TCP
-      port: 3010
-      targetPort: 3010
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: knowledge-base-api
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  type: ClusterIP
-  selector:
-    app: systemserver
-  ports:
-    - protocol: TCP
-      name: knowledge-api
-      port: 3010
-      targetPort: 3010  
---
-#apiVersion: v1
-#data:
-#  mappings: |
-#    {
-#      "properties": {
-#        "@timestamp": {
-#          "type": "date",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "_id": {
-#          "type": "keyword",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "content": {
-#          "type": "text",
-#          "index": true,
-#          "store": true,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": true
-#        },
-#        "created": {
-#          "type": "numeric",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "format_name": {
-#          "type": "text",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "md5": {
-#          "type": "text",
-#          "analyzer": "keyword",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "meta": {
-#          "type": "text",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "name": {
-#          "type": "text",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "where": {
-#          "type": "text",
-#          "analyzer": "keyword",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        }
-#      }
-#    }
-#kind: ConfigMap
-#metadata:
-#  name: zinc-knowledge
-#  namespace: user-system-{{ .Values.bfl.username }}
-#---
-
-
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: SysEventRegistry
-metadata:
-  name: konwledgebase-recommend-install-cb
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: subscriber
-  event: recommend.install
-  callback: http://rss-svc.{{ .Release.Namespace }}:3010/knowledge/algorithm/recommend/install
-  
---
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: SysEventRegistry
-metadata:
-  name: konwledgebase-recommend-uninstall-cb
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: subscriber
-  event: recommend.uninstall
-  callback: http://rss-svc.{{ .Release.Namespace }}:3010/knowledge/algorithm/recommend/uninstall
--- a/apps/knowledge/config/user/helm-charts/knowledge/values.yaml
+++ b/apps/knowledge/config/user/helm-charts/knowledge/values.yaml
@@ -1,43 +0,0 @@
-
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  wise:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""
--- a/apps/market-server/README.md
+++ b/apps/market-server/README.md
@@ -1,3 +0,0 @@
-# market-server
-
-https://github.com/beclab/market-server
--- a/apps/market/README.md
+++ b/apps/market/README.md
@@ -1,3 +0,0 @@
-# Market (app store)
-
-https://github.com/beclab/market
--- a/apps/notifications/config/user/helm-charts/notification/Chart.yaml
+++ b/apps/notifications/config/user/helm-charts/notification/Chart.yaml
@@ -1,26 +0,0 @@
-apiVersion: v2
-name: notification
-description: A Helm chart for Kubernetes
-maintainers:
- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
--- a/apps/notifications/config/user/helm-charts/notification/templates/notification_deploy.yaml
+++ b/apps/notifications/config/user/helm-charts/notification/templates/notification_deploy.yaml
@@ -1,413 +0,0 @@
-
-
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $notifications_secret := (lookup "v1" "Secret" $namespace "notifications-secrets") -}}
-{{- $password := "" -}}
-{{ if $notifications_secret -}}
-{{ $password = (index $notifications_secret "data" "pg_password") }}
-{{ else -}}
-{{ $password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: notifications-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $password }}
---
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: notifications-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: notifications
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: notifications_{{ .Values.bfl.username }}
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: notifications-secrets
-    databases:
-    - name: notifications   
-
-{{ if (eq .Values.debugVersion true) }}
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: notifications-deployment
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: notifications
-    applications.app.bytetrade.io/author: bytetrade.io
-
-    applications.app.bytetrade.io/name: notifications
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/notifications/icon.png
-    applications.app.bytetrade.io/title: Notifications
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"notifications", "host":"notifications-service", "port":80,"title":"Notifications"}]'
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: notifications
-  template:
-    metadata:
-      labels:
-        app: notifications
-        io.bytetrade.app: "true"
-    spec:
-      initContainers:
-      - args:
-        - -it
-        - authelia-backend.os-system:9091
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      - name: terminus-sidecar-init
-        image: openservicemesh/init:v1.2.3
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-          capabilities: 
-            add:
-            - NET_ADMIN
-          runAsNonRoot: false
-          runAsUser: 0
-        command:
-        - /bin/sh
-        - -c
-        - |
-          iptables-restore --noflush <<EOF
-          # sidecar interception rules
-          *nat
-          :PROXY_IN_REDIRECT - [0:0]
-          :PROXY_INBOUND - [0:0]
-          -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-          -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-          -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-          -A PREROUTING -p tcp -j PROXY_INBOUND
-          COMMIT
-          EOF
-        
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-      containers:
-      - name: notifications-frontend
-        image: beclab/notifications-frontend:v0.1.22
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 80
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-      volumes:
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-        # - name: REDIS_HOST
-        #   value: localhost
-        # - name: REDIS_PORT
-        #   value: "6379"
-      # - name: notifications-worker
-      #   image: aboveos/notifications-worker:v0.1.2
-      #   imagePullPolicy: IfNotPresent
-      #   env:
-      #   - name: MONGO_URL
-      #     value: mongodb://admin:123456@localhost:27017
-      #   - name: REDIS_HOST
-      #     value: localhost
-      #   - name: REDIS_CACHE_SERVICE_HOST
-      #     value: localhost
-      #   - name: REDIS_PORT
-      #     value: "6379"
-      # - name: mongodb
-      #   image: mongo:4.4.5
-      #   env:
-      #   - name: MONGO_INITDB_ROOT_USERNAME
-      #     value: admin
-      #   - name: MONGO_INITDB_ROOT_PASSWORD
-      #     value: '123456'
-      #   imagePullPolicy: IfNotPresent
-      #   ports:
-      #   - containerPort: 27017
-      #   volumeMounts:
-      #   - name: mongo-data
-      #     mountPath: /data/db
-      # - name: redis
-      #   image: redis:7.0.5-alpine3.16
-      #   imagePullPolicy: IfNotPresent
-      #   volumeMounts:
-      #   - name: redis-data
-      #     mountPath: /data
-      # volumes:
-      # - name: mongo-data
-      #   hostPath:
-      #     type: DirectoryOrCreate
-      #     path: {{ .Values.userspace.appCache}}/notification/db
-      # - name: redis-data
-      #   hostPath:
-      #     type: DirectoryOrCreate
-      #     path: {{ .Values.userspace.appCache}}/notification/redisdata
-{{ end }}
-
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: notifications-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: notifications-server
-    applications.app.bytetrade.io/author: bytetrade.io
-  annotations:
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: notifications-server
-  template:
-    metadata:
-      labels:
-        app: notifications-server
-    spec:
-      initContainers:
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: notifications_{{ .Values.bfl.username }}
-          - name: PGPASSWORD
-            value: {{ $password | b64dec }}
-          - name: PGDB
-            value: user_space_{{ .Values.bfl.username }}_notifications
-      containers:
-      - name: notifications-api
-        image: beclab/notifications-api:v0.1.25
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 3010
-          protocol: TCP
-        env:
-        - name: OS_SYSTEM_SERVER
-          value: system-server.user-system-{{ .Values.bfl.username }}
-        - name: OS_APP_SECRET
-          value: '{{ .Values.os.notification.appSecret }}'
-        - name: OS_APP_KEY
-          value: {{ .Values.os.notification.appKey }}
-        - name: DATABASE_PASSWORD
-          value: {{ $password | b64dec }}
-        - name: PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING
-          value: '1'
-        - name: DATABASE_URL
-          value: postgres://notifications_{{ .Values.bfl.username }}:$(DATABASE_PASSWORD)@citus-master-svc.user-system-{{ .Values.bfl.username }}/user_space_{{ .Values.bfl.username }}_notifications?sslmode=disable
-        livenessProbe:
-          tcpSocket:
-            port: 3010
-          initialDelaySeconds: 25
-          timeoutSeconds: 15
-          periodSeconds: 10
-          successThreshold: 1
-          failureThreshold: 8
-        readinessProbe:
-          tcpSocket:
-            port: 3010
-          initialDelaySeconds: 25
-          periodSeconds: 10
-
-
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: notifications-service
-  namespace: {{ .Release.Namespace }}
-{{ if (eq .Values.debugVersion true) }}
-spec:
-  type: ClusterIP
-  selector:
-    app: notifications
-  ports:
-  - name: "notifications-frontend"
-    protocol: TCP
-    port: 80
-    targetPort: 80
-{{ else }}    
-spec:
-  type: ClusterIP
-  selector:
-    app: notifications-server
-  ports:
-  - name: "notifications-server"
-    protocol: TCP
-    port: 80
-    targetPort: 3010
-{{ end }}
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: notifications-server
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: notifications-server
-  ports:
-  - name: "server"
-    protocol: TCP
-    port: 80
-    targetPort: 3010
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: notifications-token-provider
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: token
-  deployment: notifications-server
-  description: notifications provider
-  endpoint: notifications-server.{{ .Release.Namespace }}
-  group: service.notification
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: Create
-    uri: /termipass/create_token
-  version: v1
-status:
-  state: active
- 
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: notifications-message-provider
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: message
-  deployment: notifications-server
-  description: notifications provider
-  endpoint: notifications-server.{{ .Release.Namespace }}
-  group: service.notification
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: SendMassage
-    uri: /notification/create_job
-  - name: SystemMessage
-    uri: /notification/system/push
-  version: v1
-status:
-  state: active
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ApplicationPermission
-metadata:
-  name: notification-call-vault
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: notifications
-  appid: notifications
-  key: {{ .Values.os.notification.appKey }}
-  secret: {{ .Values.os.notification.appSecret }}
-  permissions:
-  - dataType: notification
-    group: service.vault
-    ops:
-    - Create
-    - Query
-    version: v1
-  - dataType: notification
-    group: service.desktop
-    ops:
-    - Create
-    - Query
-    version: v1
-  - dataType: secret
-    group: secret.infisical
-    ops:
-    - RetrieveSecret?workspace=notification
-    - CreateSecret?workspace=notification
-    - DeleteSecret?workspace=notification
-    - UpdateSecret?workspace=notification
-    - ListSecret?workspace=notification
-    version: v1
-  - dataType: app
-    group: service.bfl
-    ops:
-    - UserApps
-    version: v1
-status:
-  state: active
--- a/apps/rss/README.md
+++ b/apps/rss/README.md
@@ -1,3 +0,0 @@
-# vault
-
-https://github.com/beclab/analytic
--- a/apps/search/README.md
+++ b/apps/search/README.md
@@ -1,3 +0,0 @@
-# search
-
-https://github.com/beclab/dify-gateway
--- a/apps/system-apps/README.md
+++ b/apps/system-apps/README.md
@@ -1,5 +0,0 @@
-# system-apps
-
-dashboard control-hub
-
-https://github.com/beclab/system-apps
--- a/apps/system-apps/config/user/helm-charts/monitoring/templates/system-frontend.yaml
+++ b/apps/system-apps/config/user/helm-charts/monitoring/templates/system-frontend.yaml
--- a/apps/vault/README.md
+++ b/apps/vault/README.md
@@ -1,3 +0,0 @@
-# TermiPass
-
-https://github.com/beclab/TermiPass
--- a/apps/vault/config/user/helm-charts/vault/Chart.yaml
+++ b/apps/vault/config/user/helm-charts/vault/Chart.yaml
@@ -1,26 +0,0 @@
-apiVersion: v2
-name: vault
-description: A Helm chart for Kubernetes
-maintainers:
- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
--- a/apps/vault/config/user/helm-charts/vault/templates/_helpers.tpl
+++ b/apps/vault/config/user/helm-charts/vault/templates/_helpers.tpl
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "vault.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "vault.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "vault.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "vault.labels" -}}
-helm.sh/chart: {{ include "vault.chart" . }}
-{{ include "vault.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "vault.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "vault.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "vault.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "vault.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
--- a/apps/vault/config/user/helm-charts/vault/templates/vault_deploy.yaml
+++ b/apps/vault/config/user/helm-charts/vault/templates/vault_deploy.yaml
@@ -1,240 +0,0 @@
-
-
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: vault-deployment
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: vault
-    applications.app.bytetrade.io/name: vault
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-    applications.app.bytetrade.io/author: bytetrade.io
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/vault/icon.png
-    applications.app.bytetrade.io/title: Vault
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true}]'
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: vault
-  template:
-    metadata:
-      labels:
-        app: vault
-        io.bytetrade.app: "true"
-    spec:
-      initContainers:
-      - args:
-        - -it
-        - authelia-backend.os-system:9091
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      - name: terminus-sidecar-init
-        image: openservicemesh/init:v1.2.3
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-          capabilities: 
-            add:
-            - NET_ADMIN
-          runAsNonRoot: false
-          runAsUser: 0
-        command:
-        - /bin/sh
-        - -c
-        - |
-          iptables-restore --noflush <<EOF
-          # sidecar interception rules
-          *nat
-          :PROXY_IN_REDIRECT - [0:0]
-          :PROXY_INBOUND - [0:0]
-          -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-          -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-          -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-          -A PREROUTING -p tcp -j PROXY_INBOUND
-          COMMIT
-          EOF
-        
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-
-
-      containers:
-      - name: vault-frontend
-        image: beclab/vault-frontend:v1.2.69
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 80
-      
-      - name: notification-server
-        image: beclab/vault-notification:v1.2.69
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 3010
-        env:
-        {{- range $key, $val := .Values.terminusGlobalEnvs }}
-          - name: {{ $key }}
-            value: {{ $val | quote }}
-        {{- end }}
-          - name: OS_SYSTEM_SERVER
-            value: system-server.user-system-{{ .Values.bfl.username }}
-          - name: OS_APP_SECRET
-            value: '{{ .Values.os.vault.appSecret }}'
-          - name: OS_APP_KEY
-            value: {{ .Values.os.vault.appKey }}
-
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-      - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.3'
-        imagePullPolicy: IfNotPresent
-        command:
-          - /ws-gateway
-        env:
-          - name: WS_PORT
-            value: '3010'
-          - name: WS_URL
-            value: /websocket/message
-        resources: {}
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-
-      volumes:
-      # - name: vault-data
-      #   hostPath:
-      #     type: DirectoryOrCreate
-      #     path: {{ .Values.userspace.appCache}}/vault/data
-      # - name: vault-sign
-      #   hostPath:
-      #     type: DirectoryOrCreate
-      #     path: {{ .Values.userspace.appCache}}/vault/sign
-      # - name: vault-attach
-      #   hostPath:
-      #     type: DirectoryOrCreate
-      #     path: {{ .Values.userspace.appCache}}/vault/attachments
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-ws-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: vault-service
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: vault
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 80
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: vault-server
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ExternalName
-  externalName: vault-server.os-system.svc.cluster.local
-  ports:
-    - protocol: TCP
-      port: 3000
-      targetPort: 3000
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ProviderRegistry
-metadata:
-  name: vault-notification
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  dataType: notification
-  deployment: vault
-  description: send notification to desktop client
-  endpoint: vault-service.{{ .Release.Namespace }}
-  group: service.vault
-  kind: provider
-  namespace: {{ .Release.Namespace }}
-  opApis:
-  - name: Create
-    uri: /notification/create
-  - name: Query
-    uri: /notification/query
-  version: v1
-status:
-  state: active
-
---
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ApplicationPermission
-metadata:
-  name: vault
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: vault
-  appid: vault
-  key: {{ .Values.os.vault.appKey }}
-  secret: {{ .Values.os.vault.appSecret }}
-  permissions:
-  - dataType: token
-    group: service.notification
-    ops:
-    - Create
-    version: v1
-status:
-  state: active
--- a/apps/wizard/README.md
+++ b/apps/wizard/README.md
@@ -1,3 +0,0 @@
-# wizard
-
-https://github.com/beclab/wizard
--- a/apps/wizard/config/user/helm-charts/wizard/templates/wizard_deploy.yaml
+++ b/apps/wizard/config/user/helm-charts/wizard/templates/wizard_deploy.yaml
@@ -1,160 +0,0 @@
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: wizard
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: wizard
-    applications.app.bytetrade.io/author: bytetrade.io
-  annotations:
-    applications.app.bytetrade.io/version: '0.0.1'
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: wizard
-  template:
-    metadata:
-      labels:
-        app: wizard
-    spec:
-      initContainers:
-      - args:
-        - -it
-        - authelia-backend.os-system:9091
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      # - name: terminus-sidecar-init
-      #   image: openservicemesh/init:v1.2.3
-      #   imagePullPolicy: IfNotPresent
-      #   securityContext:
-      #     privileged: true
-      #     capabilities: 
-      #       add:
-      #       - NET_ADMIN
-      #     runAsNonRoot: false
-      #     runAsUser: 0
-      #   command:
-      #   - /bin/sh
-      #   - -c
-      #   - |
-      #     iptables-restore --noflush <<EOF
-      #     # sidecar interception rules
-      #     *nat
-      #     :PROXY_IN_REDIRECT - [0:0]
-      #     :PROXY_INBOUND - [0:0]
-      #     -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-      #     -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-      #     -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-      #     -A PREROUTING -p tcp -j PROXY_INBOUND
-      #     COMMIT
-      #     EOF
-        
-      #   env:
-      #   - name: POD_IP
-      #     valueFrom:
-      #       fieldRef:
-      #         apiVersion: v1
-      #         fieldPath: status.podIP
-
-      containers:
-      - name: wizard
-        image: beclab/wizard:v0.5.11
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 80
-        env:
-          - name: apiServerURL
-            value: http://bfl.{{ .Release.Namespace }}:8080
-
-      # - name: wizard-server
-      #   image: aboveos/wizard-server:v0.4.2
-      #   imagePullPolicy: IfNotPresent
-      #   volumeMounts:
-      #   - name: userspace-dir
-      #     mountPath: /Home
-      #   ports:
-      #   - containerPort: 3000
-      #   env:
-      #   - name: OS_SYSTEM_SERVER
-      #     value: system-server.user-system-{{ .Values.bfl.username }}
-      #   - name: OS_APP_SECRET
-      #     value: '{{ .Values.os.desktop.appSecret }}'
-      #   - name: OS_APP_KEY
-      #     value: {{ .Values.os.desktop.appKey }}
-      #   - name: APP_SERVICE_SERVICE_HOST
-      #     value: app-service.os-system
-      #   - name: APP_SERVICE_SERVICE_PORT
-      #     value: '6755'
-
-      # - name: terminus-envoy-sidecar
-      #   image: bytetrade/envoy:v1.25.11
-      #   imagePullPolicy: IfNotPresent
-      #   securityContext:
-      #     allowPrivilegeEscalation: false
-      #     runAsUser: 1000
-      #   ports:
-      #   - name: proxy-admin
-      #     containerPort: 15000
-      #   - name: proxy-inbound
-      #     containerPort: 15003
-      #   volumeMounts:
-      #   - name: terminus-sidecar-config
-      #     readOnly: true
-      #     mountPath: /etc/envoy/envoy.yaml
-      #     subPath: envoy.yaml
-      #   command:
-      #   - /usr/local/bin/envoy
-      #   - --log-level
-      #   - debug
-      #   - -c
-      #   - /etc/envoy/envoy.yaml
-      #   env:
-      #   - name: POD_UID
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: metadata.uid
-      #   - name: POD_NAME
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: metadata.name
-      #   - name: POD_NAMESPACE
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: metadata.namespace
-      #   - name: POD_IP
-      #     valueFrom:
-      #       fieldRef:
-      #         fieldPath: status.podIP
-      volumes:
-      - name: userspace-dir
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.userData }}
-      # - name: terminus-sidecar-config
-      #   configMap:
-      #     name: sidecar-configs
-      #     items:
-      #     - key: envoy.yaml
-      #       path: envoy.yaml
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: wizard
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: NodePort
-  selector:
-    app: wizard
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 80
-      {{ if and .Values.desktop .Values.desktop.nodeport }}
-      nodePort: {{ .Values.desktop.nodeport }}
-      {{ end }}
-
--- a/build/base-package/.env
+++ b/build/base-package/.env
--- a/build/base-package/Makefile
+++ b/build/base-package/Makefile
--- a/build/base-package/deploy/containerd.service
+++ b/build/base-package/deploy/containerd.service
--- a/build/base-package/deploy/patch-globalrole-workspace-manager.yaml
+++ b/build/base-package/deploy/patch-globalrole-workspace-manager.yaml
--- a/build/base-package/deploy/patch-k3s.yaml
+++ b/build/base-package/deploy/patch-k3s.yaml
--- a/build/base-package/install.ps1
+++ b/build/base-package/install.ps1
@@ -0,0 +1,87 @@
+$currentPath = Get-Location
+$architecture = $env:PROCESSOR_ARCHITECTURE
+$downloadCdnUrlFromEnv = $env:DOWNLOAD_CDN_URL
+$version = "#__VERSION__"
+$downloadUrl = "https://dc3p1870nn3cj.cloudfront.net"
+
+function Test-Wait {
+  while ($true) {
+    Start-Sleep -Seconds 1
+  }
+}
+
+$runAsAdmin = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
+if (-not $runAsAdmin.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
+    Write-Host "`n`nThe installation script needs to be run as an administrator.`n"
+    Write-Host "Please try the following methods:`n"
+    Write-Host "1. Search for 'PowerShell' in the Start menu, right-click it, and select 'Run as administrator'. "
+    Write-Host "   Navigate to the directory where the installation script is located and run the installation script.`n"
+    Write-Host "2. Press Win + R, type 'powershell', and then press Ctrl + Shift + Enter. "
+    Write-Host "   Navigate to the directory where the installation script is located and run the installation script.`n"
+    Write-Host "`nPress Ctrl+C to exit.`n"
+    Test-Wait
+}
+
+$process = Get-Process -Name olares-cli -ErrorAction SilentlyContinue
+if ($process) {
+  Write-Host "olares-cli.exe is running, Press Ctrl+C to exit."
+  Test-Wait
+}
+
+$distro = wsl --list | Select-String -Pattern "^Ubuntu$"
+if (-not $distro -eq "") {
+  Write-Host "Distro Olares exists, please unregister it first."
+  exit 1
+}
+
+$arch = "amd64"
+if ($architecture -like "ARM") {
+  $arch = "arm64"
+}
+
+if (-Not $downloadCdnUrlFromEnv -eq "") {
+  $downloadUrl = $downloadCdnUrlFromEnv
+}
+
+$CLI_PROGRAM_PATH = "{0}\" -f $currentPath
+if (-Not (Test-Path $CLI_PROGRAM_PATH)) {
+  New-Item -Path $CLI_PROGRAM_PATH -ItemType Directory
+}
+
+$CLI_VERSION = "$version"
+$CLI_FILE = "olares-cli-v{0}_windows_{1}.tar.gz" -f $CLI_VERSION, $arch
+$CLI_URL = "{0}/{1}" -f $downloadUrl, $CLI_FILE
+$CLI_PATH = "{0}{1}" -f $CLI_PROGRAM_PATH, $CLI_FILE
+
+$download = 0
+if (Test-Path $CLI_PATH) {
+  tar -xzf $CLI_PATH -C $CLI_PROGRAM_PATH *> $null
+  if (-Not ($LASTEXITCODE -eq 0)) {
+    Remove-Item -Path $CLI_PATH
+    $download = 1
+  }
+} else {
+  $download = 1
+}
+
+if ($download -eq 1) {
+  curl -Uri $CLI_URL -OutFile $CLI_PATH
+  Write-Host "Downloading olares-cli.exe..."
+  if (-Not (Test-Path $CLI_PATH)) {
+    Write-Host "Download olares-cli.exe failed."
+    exit 1
+  }
+  tar -xzf $CLI_PATH -C $CLI_PROGRAM_PATH *> $null
+  $cliPath = "{0}\olares-cli.exe" -f $CLI_PROGRAM_PATH
+  if ( -Not (Test-Path $cliPath)) {
+    Write-Host "olares-cli.exe not found."
+    exit 1
+  }
+}
+
+Start-Sleep -Seconds 3
+Write-Host ("Preparing to start the installation of Olares {0}. Depending on your network conditions, this process may take several minutes." -f $version)
+
+$command = "{0}\olares-cli.exe install --version {1}" -f $CLI_PROGRAM_PATH, $version
+Start-Process cmd -ArgumentList '/k',$command -Wait -Verb RunAs
+
--- a/build/base-package/install.sh
+++ b/build/base-package/install.sh
@@ -10,7 +10,7 @@ function command_exists() {
 if [[ x"$VERSION" == x"" ]]; then
    if [[ "$LOCAL_RELEASE" == "1" ]]; then
        ts=$(date +%Y%m%d%H%M%S)
-        export VERSION="0.0.0-local-dev-$ts"
+        export VERSION="1.12.0-$ts"
        echo "will build and use a local release of Olares with version: $VERSION"
        echo ""
    else
@@ -20,7 +20,7 @@ fi

 if [[ "x${VERSION}" == "x" || "x${VERSION:3}" == "xVERSION__" ]]; then
    echo "error: Olares version is unspecified, please set the VERSION env var and rerun this script."
-    echo "for example: VERSION=1.11.0-20241124 bash $0"
+    echo "for example: VERSION=1.12.0-20241124 bash $0"
    exit 1
 fi

@@ -28,16 +28,16 @@ fi
 os_type=$(uname -s)
 os_arch=$(uname -m)

-case "$os_arch" in 
-    arm64) ARCH=arm64; ;; 
-    x86_64) ARCH=amd64; ;; 
-    armv7l) ARCH=arm; ;; 
-    aarch64) ARCH=arm64; ;; 
-    ppc64le) ARCH=ppc64le; ;; 
-    s390x) ARCH=s390x; ;; 
+case "$os_arch" in
+    arm64) ARCH=arm64; ;;
+    x86_64) ARCH=amd64; ;;
+    armv7l) ARCH=arm; ;;
+    aarch64) ARCH=arm64; ;;
+    ppc64le) ARCH=ppc64le; ;;
+    s390x) ARCH=s390x; ;;
    *) echo "error: unsupported arch \"$os_arch\"";
    exit 1; ;;
-esac 
+esac

 # set shell execute command
 user="$(id -un 2>/dev/null || true)"
@@ -74,52 +74,60 @@ if [ -z ${cdn_url} ]; then
    cdn_url="https://dc3p1870nn3cj.cloudfront.net"
 fi

-CLI_VERSION="0.1.75"
-CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
+CLI_FILE="olares-cli-v${VERSION}_linux_${ARCH}.tar.gz"
 if [[ x"$os_type" == x"Darwin" ]]; then
-    CLI_FILE="olares-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
+    CLI_FILE="olares-cli-v${VERSION}_darwin_${ARCH}.tar.gz"
 fi

-if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$CLI_VERSION" ]]; then
-    echo "olares-cli already installed and is the expected version"
-    echo ""
+if [[ "$LOCAL_RELEASE" == "1" ]]; then
+    if ! command_exists olares-cli ; then
+        echo "error: LOCAL_RELEASE specified but olares-cli not found"
+        exit 1
+    fi
+    INSTALL_OLARES_CLI=$(which olares-cli)
 else
-    if [[ ! -f ${CLI_FILE} ]]; then
-        CLI_URL="${cdn_url}/${CLI_FILE}"
-
-        echo "downloading Olares installer from ${CLI_URL} ..."
+    if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$VERSION" ]]; then
+        INSTALL_OLARES_CLI=$(which olares-cli)
+        echo "olares-cli already installed and is the expected version"
        echo ""
+    else
+        if [[ ! -f ${CLI_FILE} ]]; then
+            CLI_URL="${cdn_url}/${CLI_FILE}"

-        curl -Lo ${CLI_FILE} ${CLI_URL}
+            echo "downloading Olares installer from ${CLI_URL} ..."
+            echo ""
+
+            curl -Lo ${CLI_FILE} ${CLI_URL}
+
+            if [[ $? -ne 0 ]]; then
+                echo "error: failed to download Olares installer"
+                exit 1
+            else
+                echo "Olares installer ${VERSION} download complete!"
+                echo ""
+            fi
+        fi
+        INSTALL_OLARES_CLI="/usr/local/bin/olares-cli"
+        echo "unpacking Olares installer to $INSTALL_OLARES_CLI..."
+        echo ""
+        tar -zxf ${CLI_FILE} olares-cli && chmod +x olares-cli
+        if [[ x"$os_type" == x"Darwin" ]]; then
+            if [ ! -f "/usr/local/Cellar/olares" ]; then
+                current_user=$(whoami)
+                $sh_c "sudo mkdir -p /usr/local/Cellar/olares && sudo chown ${current_user}:staff /usr/local/Cellar/olares"
+            fi
+            $sh_c "mv olares-cli /usr/local/Cellar/olares/olares-cli && \
+                   sudo rm -rf /usr/local/bin/olares-cli && \
+                   sudo ln -s /usr/local/Cellar/olares/olares-cli $INSTALL_OLARES_CLI"
+        else
+            $sh_c "mv olares-cli $INSTALL_OLARES_CLI"
+        fi

        if [[ $? -ne 0 ]]; then
-            echo "error: failed to download Olares installer"
+            echo "error: failed to unpack Olares installer"
            exit 1
-        else
-            echo "Olares installer ${CLI_VERSION} download complete!"
-            echo ""
        fi
    fi
-    INSTALL_OLARES_CLI="/usr/local/bin/olares-cli"
-    echo "unpacking Olares installer to $INSTALL_OLARES_CLI..."
-    echo ""
-    tar -zxf ${CLI_FILE} olares-cli && chmod +x olares-cli
-    if [[ x"$os_type" == x"Darwin" ]]; then
-        if [ ! -f "/usr/local/Cellar/olares" ]; then
-            current_user=$(whoami)
-            $sh_c "sudo mkdir -p /usr/local/Cellar/olares && sudo chown ${current_user}:staff /usr/local/Cellar/olares"
-        fi
-        $sh_c "mv olares-cli /usr/local/Cellar/olares/olares-cli && \
-               sudo rm -rf /usr/local/bin/olares-cli && \
-               sudo ln -s /usr/local/Cellar/olares/olares-cli $INSTALL_OLARES_CLI"
-    else
-        $sh_c "mv olares-cli $INSTALL_OLARES_CLI"
-    fi
-
-    if [[ $? -ne 0 ]]; then
-        echo "error: failed to unpack Olares installer"
-        exit 1
-    fi
 fi

 PARAMS="--version $VERSION --base-dir $BASE_DIR"
@@ -136,16 +144,22 @@ else
            echo ""
        else
            echo "building local release ..."
-            $sh_c "olares-cli olares release $PARAMS $CDN"
+            $sh_c "$INSTALL_OLARES_CLI release $PARAMS $CDN"
            if [[ $? -ne 0 ]]; then
                echo "error: failed to build local release"
                exit 1
            fi
        fi
    else
+        echo "running system prechecks ..."
+        echo ""
+        $sh_c "$INSTALL_OLARES_CLI precheck $PARAMS"
+        if [[ $? -ne 0 ]]; then
+            exit 1
+        fi
        echo "downloading installation wizard..."
        echo ""
-        $sh_c "olares-cli olares download wizard $PARAMS $KUBE_PARAM $CDN"
+        $sh_c "$INSTALL_OLARES_CLI download wizard $PARAMS $KUBE_PARAM $CDN"
        if [[ $? -ne 0 ]]; then
            echo "error: failed to download installation wizard"
            exit 1
@@ -154,7 +168,7 @@ else

    echo "downloading installation packages..."
    echo ""
-    $sh_c "olares-cli olares download component $PARAMS $KUBE_PARAM $CDN"
+    $sh_c "$INSTALL_OLARES_CLI download component $PARAMS $KUBE_PARAM $CDN"
    if [[ $? -ne 0 ]]; then
        echo "error: failed to download installation packages"
        exit 1
@@ -166,10 +180,7 @@ else
    if [ x"$REGISTRY_MIRRORS" != x"" ]; then
        extra="--registry-mirrors $REGISTRY_MIRRORS"
    fi
-    if [[ "$JUICEFS" == "1" ]]; then
-        extra="$extra --with-juicefs=true"
-    fi
-    $sh_c "olares-cli olares prepare $PARAMS $KUBE_PARAM $extra"
+    $sh_c "$INSTALL_OLARES_CLI prepare $PARAMS $KUBE_PARAM $extra"
    if [[ $? -ne 0 ]]; then
        echo "error: failed to prepare installation environment"
        exit 1
@@ -185,9 +196,39 @@ if [ "$PREINSTALL" == "1" ]; then
    echo "Pre Install mode is specified by the \"PREINSTALL\" env var, skip installing"
    exit 0
 fi
+
+if [[ "$JUICEFS" == "1" ]]; then
+    echo "JuiceFS is enabled"
+    fsflag="--with-juicefs=true"
+    if [[ "$STORAGE" == "" ]]; then
+        echo "installing MinIO ..."
+    else
+        echo "checking storage config ..."
+    fi
+    $sh_c "$INSTALL_OLARES_CLI install storage $PARAMS"
+    if [[ $? -ne 0 ]]; then
+      exit 1
+    fi
+fi
+
+if [[ -n "$SWAPPINESS" ]]; then
+    swapflag="$swapflag --swappiness $SWAPPINESS"
+fi
+if [[ "$ENABLE_POD_SWAP" == "1" ]]; then
+    swapflag="$swapflag --enable-pod-swap"
+fi
+if [[ "$ENABLE_ZRAM" == "1" ]]; then
+    swapflag="$swapflag --enable-zram"
+fi
+if [[ -n "$ZRAM_SIZE" ]]; then
+    swapflag="$swapflag --zram-size $ZRAM_SIZE"
+fi
+if [[ -n "$ZRAM_SWAP_PRIORITY" ]]; then
+    swapflag="$swapflag --zram-swap-priority $ZRAM_SWAP_PRIORITY"
+fi
 echo "installing Olares..."
 echo ""
-$sh_c "olares-cli olares install $PARAMS $KUBE_PARAM"
+$sh_c "$INSTALL_OLARES_CLI install $PARAMS $KUBE_PARAM $fsflag $swapflag"

 if [[ $? -ne 0 ]]; then
    echo "error: failed to install Olares"
--- a/build/base-package/joincluster.sh
+++ b/build/base-package/joincluster.sh
@@ -0,0 +1,268 @@
+#!/usr/bin/env bash
+
+set -o pipefail
+set -e
+
+function command_exists() {
+	  command -v "$@" > /dev/null 2>&1
+}
+
+function read_tty() {
+    echo -n $1
+    read $2 < /dev/tty
+}
+
+function confirm() {
+    if [[ "$QUIET" == "1" ]]; then
+        return 0
+    fi
+    answer=""
+    while :; do
+        read_tty "Do you confirm to continue? (y/n): " answer
+        if [[ "$answer" != "y" && "$answer" != "n" ]]; then
+            echo "Please input the letter y or n"
+            continue
+        fi
+        if [[ "$answer" == "y" ]]; then
+            return 0
+        fi
+        if [[ "$answer" == "n" ]]; then
+            exit 0
+        fi
+    done
+}
+
+function validate_ip() {
+    if [[ ! "$1" ]]; then
+        echo "invalid IP: empty address"
+        return 1
+    elif [[ ! $1 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+        echo "invalid IP: illegal format"
+        return 1
+    elif [[ $1 =~ ^127 ]]; then
+        echo "invalid IP: loopback address"
+        return 1
+    else
+        return 0
+    fi
+}
+
+MASTER_SSH_OPTIONS=""
+
+function add_master_host_ssh_options() {
+    MASTER_SSH_OPTIONS="$MASTER_SSH_OPTIONS --$1 $2"
+}
+
+function set_master_host_ssh_options() {
+    master_host="$MASTER_HOST"
+    if [[ ! "$master_host" ]]; then
+        read_tty "Enter the master node's IP: " master_host
+    fi
+
+    while :; do
+        if ! validate_ip "$master_host"; then
+            read_tty "Enter the master node's IP: " master_host
+        else
+            break
+        fi
+    done
+
+    add_master_host_ssh_options master-host "$master_host"
+
+    if [[ "$MASTER_NODE_NAME" ]]; then
+        add_master_host_ssh_options master-node-name "$MASTER_NODE_NAME"
+    fi
+
+    if [[ "$MASTER_SSH_USER" ]]; then
+        add_master_host_ssh_options master-ssh-user "$MASTER_SSH_USER"
+    else
+        echo "the environment variable \$MASTER_SSH_USER is not set"
+        echo "the default remote user \"root\" on the master node will be used to authenticate"
+        echo "if this is unexpected, please set it explicitly"
+        confirm
+    fi
+
+    if [[ "$MASTER_SSH_PASSWORD" ]]; then
+        add_master_host_ssh_options master-ssh-password "$MASTER_SSH_PASSWORD"
+    fi
+
+    if [[ "$MASTER_SSH_PRIVATE_KEY_PATH" ]]; then
+        add_master_host_ssh_options master-ssh-private-key-path "$MASTER_SSH_PRIVATE_KEY_PATH"
+    elif [[ ! "$MASTER_SSH_PASSWORD" ]]; then
+        echo "the environment variable \$MASTER_SSH_PRIVATE_KEY_PATH is not set"
+        echo "the default key in the local path /root/.ssh/id_rsa will be used to authenticate to the master"
+        echo "please make sure the key exists and the public key has already been added to the master node"
+        echo "if this is unexpected, please set it explicitly"
+        confirm
+    fi
+
+    if [[ "$MASTER_SSH_PORT" ]]; then
+        add_master_host_ssh_options master-ssh-port "$MASTER_SSH_PORT"
+    fi
+}
+
+function getmasterinfo() {
+    $sh_c "$INSTALL_OLARES_CLI node masterinfo $MASTER_SSH_OPTIONS" | tee /proc/$$/fd/1
+    if [[ $? -ne 0 ]]; then
+        exit 1
+    fi
+    echo "" > /proc/$$/fd/1
+}
+
+# check os type and arch
+os_type=$(uname -s)
+os_arch=$(uname -m)
+
+case "$os_arch" in
+    arm64) ARCH=arm64; ;;
+    x86_64) ARCH=amd64; ;;
+    armv7l) ARCH=arm; ;;
+    aarch64) ARCH=arm64; ;;
+    ppc64le) ARCH=ppc64le; ;;
+    s390x) ARCH=s390x; ;;
+    *) echo "error: unsupported arch \"$os_arch\"";
+    exit 1; ;;
+esac
+
+if [[ "$os_type" != "Linux" ]]; then
+    echo "error: only Linux machine can be added to the cluster"
+    exit 1
+fi
+
+# set shell execute command
+user="$(id -un 2>/dev/null || true)"
+sh_c='sh -c'
+if [ "$user" != 'root' ]; then
+    if ! command_exists sudo; then
+        echo "error: the ability to run as root is needed, but the command \"sudo\" can not be found"
+        exit 1
+    fi
+    sh_c='sudo -E sh -c'
+fi
+
+if ! command_exists tar; then
+    echo "error: the \"tar\" command is needed to unpack installation files, but can not be found"
+    exit 1
+fi
+
+export VERSION="#__VERSION__"
+
+if [[ "x${VERSION}" == "x" || "x${VERSION:3}" == "xVERSION__" ]]; then
+    echo "error: Olares version is unspecified, please set the VERSION env var and rerun this script."
+    echo "for example: VERSION=1.12.0-20241124 bash $0"
+    exit 1
+fi
+
+BASE_DIR="$HOME/.olares"
+if [ ! -d $BASE_DIR ]; then
+    mkdir -p $BASE_DIR
+fi
+
+cdn_url=${DOWNLOAD_CDN_URL}
+if [[ -z "${cdn_url}" ]]; then
+    cdn_url="https://dc3p1870nn3cj.cloudfront.net"
+fi
+
+set_master_host_ssh_options
+
+CLI_FILE="olares-cli-v${VERSION}_linux_${ARCH}.tar.gz"
+
+if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$VERSION" ]]; then
+    INSTALL_OLARES_CLI=$(which olares-cli)
+    echo "olares-cli already installed and is the expected version"
+    echo ""
+else
+    if [[ ! -f ${CLI_FILE} ]]; then
+        CLI_URL="${cdn_url}/${CLI_FILE}"
+
+        echo "downloading Olares installer from ${CLI_URL} ..."
+        echo ""
+
+        curl -Lo ${CLI_FILE} ${CLI_URL}
+
+        if [[ $? -ne 0 ]]; then
+            echo "error: failed to download Olares installer"
+            exit 1
+        else
+            echo "Olares installer ${VERSION} download complete!"
+            echo ""
+        fi
+    fi
+    INSTALL_OLARES_CLI="/usr/local/bin/olares-cli"
+    echo "unpacking Olares installer to $INSTALL_OLARES_CLI..."
+    echo ""
+    tar -zxf ${CLI_FILE} olares-cli && chmod +x olares-cli
+    $sh_c "mv olares-cli $INSTALL_OLARES_CLI"
+
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to unpack Olares installer"
+        exit 1
+    fi
+fi
+
+echo "getting master info and checking current machine's eligibility to join the cluster"
+echo ""
+master_olares_version="$( getmasterinfo | grep OlaresVersion | awk '{print $2}' )"
+if [[ ! "$master_olares_version" ]]; then
+    echo "failed to fetch the version of Olares installed on master node"
+    exit 1
+fi
+PARAMS="--version $master_olares_version --base-dir $BASE_DIR"
+CDN="--download-cdn-url ${cdn_url}"
+
+if [[ -f $BASE_DIR/.prepared ]]; then
+    echo "file $BASE_DIR/.prepared detected, skip preparing phase"
+    echo ""
+    echo "please make sure the prepared Olares version is the same as the master, or there might be compatibility issues"
+    echo ""
+else
+    echo "running system prechecks ..."
+    echo ""
+    $sh_c "$INSTALL_OLARES_CLI precheck $PARAMS"
+    if [[ $? -ne 0 ]]; then
+        exit 1
+    fi
+
+    echo "downloading installation wizard..."
+    echo ""
+    $sh_c "$INSTALL_OLARES_CLI download wizard $PARAMS $CDN"
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to download installation wizard"
+        exit 1
+    fi
+
+    echo "downloading installation packages..."
+    echo ""
+    $sh_c "$INSTALL_OLARES_CLI download component $PARAMS $CDN"
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to download installation packages"
+        exit 1
+    fi
+
+    echo "preparing installation environment..."
+    echo ""
+    # env 'REGISTRY_MIRRORS' is a docker image cache mirrors, separated by commas
+    if [ x"$REGISTRY_MIRRORS" != x"" ]; then
+        extra="--registry-mirrors $REGISTRY_MIRRORS"
+    fi
+    $sh_c "$INSTALL_OLARES_CLI prepare $PARAMS $extra"
+    if [[ $? -ne 0 ]]; then
+        echo "error: failed to prepare installation environment"
+        exit 1
+    fi
+fi
+
+if [ -f $BASE_DIR/.installed ]; then
+    echo "file $BASE_DIR/.installed detected, skip installing"
+    echo "if it is left by an unclean uninstallation, please manually remove it and invoke the installer again"
+    exit 0
+fi
+
+echo "installing Kubernetes and joining Olares cluster..."
+echo ""
+$sh_c "$INSTALL_OLARES_CLI node add $PARAMS $MASTER_SSH_OPTIONS"
+
+if [[ $? -ne 0 ]]; then
+    echo "error: failed to install Olares"
+    exit 1
+fi
--- a/build/base-package/publicAddnode.sh
+++ b/build/base-package/publicAddnode.sh
--- a/Show More
+++ b/Show More