fix: add init container for files-server

fix: modify default theme configuration

apps/argo/config/user/helm-charts/recommend/templates/argo_fe_deploy.yaml

@@ -29,59 +29,6 @@ spec:
     app: recommend
   type: ClusterIP
 
----
-{{ if (eq .Values.debugVersion true) }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: recommend
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: recommend
-    applications.app.bytetrade.io/author: bytetrade.io
-
-    applications.app.bytetrade.io/name: recommend
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/recommend/icon.png
-    applications.app.bytetrade.io/title: recommend
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"recommend", "host":"argoworkflows-ui", "port":80,"title":"recommend"}]'
-
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: recommend
-  template:
-    metadata:
-      labels:
-        app: recommend
-        io.bytetrade.app: "true"
-    spec:
-      containers:
-        - name: recommend-proxy
-          image: nginx:stable-alpine3.17-slim
-          imagePullPolicy: IfNotPresent
-          ports:
-            - name: proxy
-              containerPort: 8080
-          volumeMounts:
-            - name: nginx-config
-              readOnly: true
-              mountPath: /etc/nginx/nginx.conf
-              subPath: nginx.conf
-      volumes:
-        - name: nginx-config
-          configMap:
-            name: recommend-nginx-configs
-            items:
-              - key: nginx.conf
-                path: nginx.conf
-{{ end }}
-
 
 
 ---

apps/desktop/config/user/helm-charts/desktop/templates/desktop_deploy.yaml

@@ -66,7 +66,7 @@ spec:
 
       containers:
       - name: edge-desktop
-        image: beclab/desktop:v0.2.46
+        image: beclab/desktop:v0.2.58
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: false
@@ -78,7 +78,7 @@ spec:
             value: http://bfl.{{ .Release.Namespace }}:8080
 
       - name: desktop-server
-        image: beclab/desktop-server:v0.2.46
+        image: beclab/desktop-server:v0.2.58
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -140,7 +140,7 @@ spec:
             fieldRef:
               fieldPath: status.podIP
       - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.3'
+        image: 'beclab/ws-gateway:v1.0.5'
         imagePullPolicy: IfNotPresent
         command:
           - /ws-gateway
@@ -517,9 +517,11 @@ data:
         
       clusters:
       - name: original_dst
-        connect_timeout: 5000s
+        connect_timeout: 120s
         type: ORIGINAL_DST
         lb_policy: CLUSTER_PROVIDED
+        common_http_protocol_options:
+          idle_timeout: 10s
       - name: authelia
         connect_timeout: 2s
         type: LOGICAL_DNS
@@ -692,6 +694,8 @@ data:
         connect_timeout: 5000s
         type: ORIGINAL_DST
         lb_policy: CLUSTER_PROVIDED
+        common_http_protocol_options:
+          idle_timeout: 10s
       - name: ws_original_dst
         connect_timeout: 5000s
         type: LOGICAL_DNS

apps/download/config/user/helm-charts/download/templates/download_deploy.yaml

@@ -172,7 +172,7 @@ spec:
             cpu: "1"
             memory: 300Mi
       - name: yt-dlp
-        image: "beclab/yt-dlp:v0.0.19"
+        image: "beclab/yt-dlp:v0.0.21"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -220,7 +220,7 @@ spec:
             cpu: "1"
             memory: 300Mi
       - name: download-spider
-        image: "beclab/download-spider:v0.0.16"
+        image: "beclab/download-spider:v0.0.22"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -251,6 +251,8 @@ spec:
           value: {{ $nat_password | b64dec }}
         - name: NATS_SUBJECT
           value: "terminus.{{ .Release.Namespace }}.download_status"
+        - name: SETTING_URL
+          value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
         volumeMounts:
         - name: download-dir
           mountPath: /downloads

apps/files/config/cluster/deploy/files_deploy.yaml

@@ -1,11 +1,15 @@
 
 {{- $namespace := printf "%s" "os-system" -}}
 {{- $files_secret := (lookup "v1" "Secret" $namespace "files-secrets") -}}
-{{- $password := "" -}}
+
+{{- $files_postgres_password := "" -}}
 {{ if $files_secret -}}
-{{ $password = (index $files_secret "data" "password") }}
+{{ $files_postgres_password = (index $files_secret "data" "files_postgres_password") }}
+{{- if not $files_postgres_password -}}
+{{ $files_postgres_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
 {{ else -}}
-{{ $password = randAlphaNum 16 | b64enc }}
+{{ $files_postgres_password = randAlphaNum 16 | b64enc }}
 {{- end -}}
 
 {{- $files_redis_password := "" -}}
@@ -45,9 +49,8 @@ spec:
       serviceAccount: os-internal
       serviceAccountName: os-internal
       securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
+        runAsUser: 0
+        runAsNonRoot: false
       initContainers:
         - name: init-data
           image: busybox:1.28
@@ -67,18 +70,40 @@ spec:
           - -c
           - |
             chown -R 1000:1000 /appdata; chown -R 1000:1000 /appcache; chown -R 1000:1000 /data
+        - name: init-container
+          image: 'postgres:16.0-alpine3.18'
+          command:
+            - sh
+            - '-c'
+            - >-
+              echo -e "Checking for the availability of PostgreSQL Server
+              deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB1
+              -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >>
+              PostgreSQL DB Server has started";
+          env:
+            - name: PGHOST
+              value: citus-headless.os-system
+            - name: PGPORT
+              value: '5432'
+            - name: PGUSER
+              value: files_os_system
+            - name: PGPASSWORD
+              value: {{ $files_postgres_password | b64dec }}
+            - name: PGDB1
+              value: os_system_files
+
       containers:
         - name: gateway
-          image: beclab/appdata-gateway:0.1.16
+          image: beclab/appdata-gateway:0.1.18
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: false
-            runAsUser: 1000
+            runAsUser: 0
           ports:
             - containerPort: 8080
           env:
             - name: FILES_SERVER_TAG
-              value: 'beclab/files-server:v0.2.54'
+              value: 'beclab/files-server:v0.2.69'
             - name: NAMESPACE
               valueFrom:
                 fieldRef:
@@ -98,7 +123,7 @@ spec:
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: true
-            runAsUser: 1000
+            runAsUser: 0
             privileged: true
           ports:
           - containerPort: 9090
@@ -114,11 +139,11 @@ spec:
 {{ end }}
 
         - name: files
-          image: beclab/files-server:v0.2.54
+          image: beclab/files-server:v0.2.69
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: true
-            runAsUser: 1000
+            runAsUser: 0
             privileged: true
           volumeMounts:
             - name: fb-data
@@ -170,7 +195,7 @@ spec:
 #            - name: ZINC_USER
 #              value: zincuser-files-os-system
 #            - name: ZINC_PASSWORD
-#              value: {{ $password | b64dec }}
+#              value: {{ $files_postgres_password | b64dec }}
 #            - name: ZINC_HOST
 #              value: zinc-server-svc.os-system
 #            - name: ZINC_PORT
@@ -218,6 +243,18 @@ spec:
               value: '1000'
             - name: OLARES_VERSION
               value: '1.11'
+            - name: FILE_CACHE_DIR
+              value: '/data/file_cache'
+            - name: PGHOST
+              value: citus-headless.os-system
+            - name: PGPORT
+              value: '5432'
+            - name: PGUSER
+              value: files_os_system
+            - name: PGPASSWORD
+              value: {{ $files_postgres_password | b64dec }}
+            - name: PGDB1
+              value: os_system_files
             - name: POD_NAME
               valueFrom:
                 fieldRef:
@@ -234,7 +271,7 @@ spec:
             - /filebrowser
             - --noauth
         - name: uploader
-          image: beclab/upload:v1.0.8
+          image: beclab/upload:v1.0.14
           env:
             - name: UPLOAD_FILE_TYPE
               value: '*'
@@ -260,7 +297,7 @@ spec:
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: true
-            runAsUser: 1000
+            runAsUser: 0
             privileged: true
         - name: nginx
           image: 'nginx:stable-alpine3.17-slim'
@@ -394,11 +431,12 @@ spec:
           name: check-nats
       containers:
         - name: files
-          image: beclab/files-server:v0.2.54
+          image: beclab/files-server:v0.2.69
           imagePullPolicy: IfNotPresent
           securityContext:
-            allowPrivilegeEscalation: false
-            runAsUser: 1000
+            allowPrivilegeEscalation: true
+            runAsUser: 0
+            runAsNonRoot: false
           volumeMounts:
             - name: fb-data
               mountPath: /appdata
@@ -407,12 +445,14 @@ spec:
           ports:
             - containerPort: 8110
           env:
-            - name: FB_DATABASE
-              value: /appdata/database/filebrowser.db
-            - name: FB_CONFIG
-              value: /appdata/config/settings.json
-            - name: FB_ROOT
+            - name: ROOT_PREFIX
               value: /data
+#            - name: FB_DATABASE
+#              value: /appdata/database/filebrowser.db
+#            - name: FB_CONFIG
+#              value: /appdata/config/settings.json
+#            - name: FB_ROOT
+#              value: /data
             - name: OLARES_VERSION
               value: '1.11'
             - name: NODE_NAME
@@ -457,7 +497,7 @@ metadata:
   namespace: os-system
 type: Opaque
 data:
-  password: {{ $password }}
+  files_postgres_password: {{ $files_postgres_password }}
   files_redis_password: {{ $files_redis_password }}
 
 ---
@@ -470,6 +510,26 @@ data:
   files_nats_password: {{ $files_nats_password }}
 type: Opaque
 
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: files-pg
+  namespace: os-system
+spec:
+  app: files
+  appNamespace: os-system
+  middleware: postgres
+  postgreSQL:
+    user: files_os_system
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: files_postgres_password
+          name: files-secrets
+    databases:
+      - name: files
+
 ---
 apiVersion: apr.bytetrade.io/v1alpha1
 kind: MiddlewareRequest
@@ -530,7 +590,7 @@ metadata:
 data:
   nginx.conf: |-
     user  nginx;
-    worker_processes  4;
+    worker_processes  auto;
 
     error_log  /var/log/nginx/error.log notice;
     pid        /var/run/nginx.pid;
@@ -608,12 +668,12 @@ data:
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Host $host;
 
-            client_body_timeout 60s;
+            client_body_timeout 600s;
             client_max_body_size 2000M;
             proxy_request_buffering off;
-            keepalive_timeout 75s;
-            proxy_read_timeout 60s;
-            proxy_send_timeout 60s;
+            keepalive_timeout 750s;
+            proxy_read_timeout 600s;
+            proxy_send_timeout 600s;
         }
 
         location /api/raw/AppData {
@@ -747,7 +807,7 @@ data:
 
             client_body_timeout 600s;
             client_max_body_size 4000M;
-            proxy_request_buffering off;
+            proxy_request_buffering on;
             keepalive_timeout 750s;
             proxy_read_timeout 600s;
             proxy_send_timeout 600s;
@@ -783,12 +843,12 @@ data:
 
             add_header Accept-Ranges bytes;
 
-            client_body_timeout 60s;
+            client_body_timeout 600s;
             client_max_body_size 2000M;
             proxy_request_buffering off;
-            keepalive_timeout 75s;
-            proxy_read_timeout 60s;
-            proxy_send_timeout 60s;
+            keepalive_timeout 750s;
+            proxy_read_timeout 600s;
+            proxy_send_timeout 600s;
         }
 
         location /seafhttp/ {
@@ -802,12 +862,12 @@ data:
 
             add_header Accept-Ranges bytes;
 
-            client_body_timeout 60s;
+            client_body_timeout 600s;
             client_max_body_size 2000M;
             proxy_request_buffering off;
-            keepalive_timeout 75s;
-            proxy_read_timeout 60s;
-            proxy_send_timeout 60s;
+            keepalive_timeout 750s;
+            proxy_read_timeout 600s;
+            proxy_send_timeout 600s;
         }
     	# files
     	# for all routes matching a dot, check for files and return 404 if not found

apps/files/config/user/helm-charts/files/templates/files_fe_deploy.yaml

@@ -297,7 +297,7 @@ spec:
 #        - /filebrowser
 #        - --noauth
       - name: files-frontend
-        image: beclab/files-frontend-1.11:v1.3.24
+        image: beclab/files-frontend-1.11:v1.3.55
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: false
@@ -319,7 +319,7 @@ spec:
         - name: userspace-dir
           mountPath: /data
       - name: drive-server
-        image: beclab/drive:v0.0.29
+        image: beclab/drive:v0.0.72
         imagePullPolicy: IfNotPresent
         env:
         - name: OS_SYSTEM_SERVER
@@ -333,6 +333,8 @@ spec:
         ports: 
         - containerPort: 8181
         volumeMounts:
+        - name: data-dir
+          mountPath: /data
         - name: upload-data
           mountPath: /data/Home
         - name: upload-appdata
@@ -340,7 +342,7 @@ spec:
         - name: userspace-app-dir
           mountPath: /data/Application
       - name: task-executor
-        image: beclab/driveexecutor:v0.0.29
+        image: beclab/driveexecutor:v0.0.72
         imagePullPolicy: IfNotPresent
         env:
         - name: OS_SYSTEM_SERVER
@@ -354,6 +356,8 @@ spec:
         ports: 
         - containerPort: 8181
         volumeMounts:
+        - name: data-dir
+          mountPath: /data
         - name: upload-data
           mountPath: /data/Home
         - name: upload-appdata
@@ -422,6 +426,10 @@ spec:
               fieldPath: status.podIP
 
       volumes:
+      - name: data-dir
+        hostPath:
+          path: {{ .Values.rootPath }}/rootfs/userspace
+          type: Directory
       - name: watch-dir
         hostPath:
           type: Directory
@@ -750,11 +758,14 @@ data:
                                 prefix: "/upload"
                               route:
                                 cluster: upload_original_dst
+                                timeout: 1800s
+                                idle_timeout: 1800s
                             - match:
                                 prefix: "/"
                               route:
                                 cluster: original_dst
-                                timeout: 600s
+                                timeout: 1800s
+                                idle_timeout: 1800s
                     http_protocol_options:
                       accept_http_10: true
                     http_filters:
@@ -841,9 +852,11 @@ data:
 
       clusters:
         - name: original_dst
-          connect_timeout: 5000s
+          connect_timeout: 120s
           type: ORIGINAL_DST
           lb_policy: CLUSTER_PROVIDED
+          common_http_protocol_options:
+            idle_timeout: 10s
         - name: upload_original_dst
           connect_timeout: 5000s
           type: LOGICAL_DNS

apps/knowledge/config/user/helm-charts/knowledge/templates/knowledge_deployment.yaml

@@ -168,7 +168,7 @@ spec:
             value: user_space_{{ .Values.bfl.username }}_knowledge
       containers:
       - name: knowledge
-        image: "beclab/knowledge-base-api:v0.1.61"
+        image: "beclab/knowledge-base-api:v0.1.72"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -183,6 +183,8 @@ spec:
           value: 'http://rss-server.os-system:1200'
         - name: SEARCH_URL
           value: 'http://search3.os-system:80'
+        - name: UPLOAD_SAVE_PATH
+          value: '/data/Home/Documents/'
         - name: REDIS_PASSWORD
           valueFrom:
             configMapKeyRef:
@@ -236,7 +238,7 @@ spec:
             memory: 1Gi
 
       - name: backend-server
-        image: "beclab/recommend-backend:v0.0.25"
+        image: "beclab/recommend-backend:v0.0.31"
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -296,7 +298,7 @@ spec:
         - name: YT_DLP_API_URL
           value: http://download-svc.user-space-{{ .Values.bfl.username }}:3082/api/v1/get_metadata
         - name: DOWNLOAD_API_URL
-          value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080/api/termius/download
+          value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080/api
         - name: SETTING_API_URL
           value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
         volumeMounts:

apps/market/config/user/helm-charts/market/templates/market_deploy.yaml

@@ -43,6 +43,7 @@ spec:
         app: appstore
         io.bytetrade.app: "true"
     spec:
+      priorityClassName: "system-cluster-critical"
       initContainers:
         - args:
           - -it
@@ -84,12 +85,12 @@ spec:
                 fieldPath: status.podIP
       containers:
       - name: appstore
-        image: beclab/market-frontend:v0.3.4
+        image: beclab/market-frontend:v0.3.11
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
       - name: appstore-backend
-        image: beclab/market-backend:v0.3.4
+        image: beclab/market-backend:v0.3.11
         imagePullPolicy: IfNotPresent
         ports:
           - containerPort: 81
@@ -169,7 +170,7 @@ spec:
             fieldRef:
               fieldPath: status.podIP
       - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.3'
+        image: 'beclab/ws-gateway:v1.0.5'
         command:
           - /ws-gateway
         env:

apps/notifications/config/user/helm-charts/notification/templates/notification_deploy.yaml

@@ -38,173 +38,6 @@ spec:
     databases:
     - name: notifications   
 
-{{ if (eq .Values.debugVersion true) }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: notifications-deployment
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: notifications
-    applications.app.bytetrade.io/author: bytetrade.io
-
-    applications.app.bytetrade.io/name: notifications
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-  annotations:
-    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/notifications/icon.png
-    applications.app.bytetrade.io/title: Notifications
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"notifications", "host":"notifications-service", "port":80,"title":"Notifications"}]'
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: notifications
-  template:
-    metadata:
-      labels:
-        app: notifications
-        io.bytetrade.app: "true"
-    spec:
-      initContainers:
-      - args:
-        - -it
-        - authelia-backend.os-system:9091
-        image: owncloudci/wait-for:latest
-        imagePullPolicy: IfNotPresent
-        name: check-auth
-      - name: terminus-sidecar-init
-        image: openservicemesh/init:v1.2.3
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-          capabilities: 
-            add:
-            - NET_ADMIN
-          runAsNonRoot: false
-          runAsUser: 0
-        command:
-        - /bin/sh
-        - -c
-        - |
-          iptables-restore --noflush <<EOF
-          # sidecar interception rules
-          *nat
-          :PROXY_IN_REDIRECT - [0:0]
-          :PROXY_INBOUND - [0:0]
-          -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-          -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-          -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-          -A PREROUTING -p tcp -j PROXY_INBOUND
-          COMMIT
-          EOF
-        
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-      containers:
-      - name: notifications-frontend
-        image: beclab/notifications-frontend:v0.1.22
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 80
-      - name: terminus-envoy-sidecar
-        image: bytetrade/envoy:v1.25.11
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        ports:
-        - name: proxy-admin
-          containerPort: 15000
-        - name: proxy-inbound
-          containerPort: 15003
-        volumeMounts:
-        - name: terminus-sidecar-config
-          readOnly: true
-          mountPath: /etc/envoy/envoy.yaml
-          subPath: envoy.yaml
-        command:
-        - /usr/local/bin/envoy
-        - --log-level
-        - debug
-        - -c
-        - /etc/envoy/envoy.yaml
-        env:
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-      volumes:
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-        # - name: REDIS_HOST
-        #   value: localhost
-        # - name: REDIS_PORT
-        #   value: "6379"
-      # - name: notifications-worker
-      #   image: aboveos/notifications-worker:v0.1.2
-      #   imagePullPolicy: IfNotPresent
-      #   env:
-      #   - name: MONGO_URL
-      #     value: mongodb://admin:123456@localhost:27017
-      #   - name: REDIS_HOST
-      #     value: localhost
-      #   - name: REDIS_CACHE_SERVICE_HOST
-      #     value: localhost
-      #   - name: REDIS_PORT
-      #     value: "6379"
-      # - name: mongodb
-      #   image: mongo:4.4.5
-      #   env:
-      #   - name: MONGO_INITDB_ROOT_USERNAME
-      #     value: admin
-      #   - name: MONGO_INITDB_ROOT_PASSWORD
-      #     value: '123456'
-      #   imagePullPolicy: IfNotPresent
-      #   ports:
-      #   - containerPort: 27017
-      #   volumeMounts:
-      #   - name: mongo-data
-      #     mountPath: /data/db
-      # - name: redis
-      #   image: redis:7.0.5-alpine3.16
-      #   imagePullPolicy: IfNotPresent
-      #   volumeMounts:
-      #   - name: redis-data
-      #     mountPath: /data
-      # volumes:
-      # - name: mongo-data
-      #   hostPath:
-      #     type: DirectoryOrCreate
-      #     path: {{ .Values.userspace.appCache}}/notification/db
-      # - name: redis-data
-      #   hostPath:
-      #     type: DirectoryOrCreate
-      #     path: {{ .Values.userspace.appCache}}/notification/redisdata
-{{ end }}
 
 ---
 apiVersion: apps/v1
@@ -289,17 +122,6 @@ kind: Service
 metadata:
   name: notifications-service
   namespace: {{ .Release.Namespace }}
-{{ if (eq .Values.debugVersion true) }}
-spec:
-  type: ClusterIP
-  selector:
-    app: notifications
-  ports:
-  - name: "notifications-frontend"
-    protocol: TCP
-    port: 80
-    targetPort: 80
-{{ else }}    
 spec:
   type: ClusterIP
   selector:
@@ -309,7 +131,6 @@ spec:
     protocol: TCP
     port: 80
     targetPort: 3010
-{{ end }}
 
 ---
 apiVersion: v1

apps/rss/config/cluster/deploy/rss_deploy.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       containers:
         - name: rss-server
-          image: beclab/rsshub-server:v0.0.3
+          image: beclab/rsshub-server:v0.0.5
           imagePullPolicy: IfNotPresent
           ports:
           - containerPort: 1200

apps/search3/config/cluster/deploy/search3_server_deploy.yaml

@@ -199,7 +199,7 @@ spec:
             value: os_system_search3
       containers:
       - name: search3
-        image: beclab/search3:v0.0.24
+        image: beclab/search3:v0.0.30
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 8080

apps/studio/README.md

@@ -0,0 +1,4 @@
+# devbox
+Terminus App development management tools
+
+https://github.com/beclab/devbox

apps/studio/config/user/helm-charts/studio/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

apps/studio/config/user/helm-charts/studio/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+name: studio
+description: A Terminus app development tool
+maintainers:
+- name: bytetrade
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.3
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "4.9.1"

apps/studio/config/user/helm-charts/studio/templates/deployment.yaml

@@ -0,0 +1,549 @@
+{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
+{{- $studio_secret := (lookup "v1" "Secret" $namespace "studio-secrets") -}}
+
+{{- $pg_password := "" -}}
+{{ if $studio_secret -}}
+{{ $pg_password = (index $studio_secret "data" "pg_password") }}
+{{ else -}}
+{{ $pg_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: studio-secrets
+  namespace: user-system-{{ .Values.bfl.username }}
+type: Opaque
+data:
+  pg_password: {{ $pg_password }}
+
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: studio-pg
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: studio
+  appNamespace: {{ .Release.Namespace }}
+  middleware: postgres
+  postgreSQL:
+    user: studio_{{ .Values.bfl.username }}
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: pg_password
+          name: studio-secrets
+    databases:
+      - name: studio
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: studio-server
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: studio-server
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8088
+      name: http
+    - protocol: TCP
+      port: 8083
+      targetPort: 8083
+      name: https
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: chartmuseum-studio
+  namespace: {{ .Release.Namespace }}
+spec:
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8080
+      targetPort: 8888
+  selector:
+    app: studio-server
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: studio-san-cnf
+  namespace: {{ .Release.Namespace }}
+data:
+  san.cnf: |
+    [req]
+    distinguished_name = req_distinguished_name
+    req_extensions = v3_req
+    prompt = no
+
+    [req_distinguished_name]
+    countryName = CN
+    stateOrProvinceName = Beijing
+    localityName = Beijing
+    0.organizationName = bytetrade
+    commonName = studio-server.{{ .Release.Namespace }}.svc
+
+    [v3_req]
+    basicConstraints = CA:FALSE
+    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+    subjectAltName = @bytetrade
+
+    [bytetrade]
+    DNS.1 = studio-server.{{ .Release.Namespace }}.svc
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: studio-server
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: studio-server
+    applications.app.bytetrade.io/author: bytetrade.io
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: studio-server
+  template:
+    metadata:
+      labels:
+        app: studio-server
+    spec:
+      serviceAccountName: bytetrade-controller
+      volumes:
+        - name: chart
+          hostPath:
+            type: DirectoryOrCreate
+            path: {{ .Values.userspace.appData}}/studio/Chart
+        - name: data
+          hostPath:
+            type: DirectoryOrCreate
+            path: {{ .Values.userspace.appData }}/studio/Data
+        - name: storage-volume
+          hostPath:
+            path: {{ .Values.userspace.appData }}/studio/helm-repo-dev
+            type: DirectoryOrCreate
+        - name: config-san
+          configMap:
+            name: studio-san-cnf
+            items:
+              - key: san.cnf
+                path: san.cnf
+        - name: sidecar-configs-studio
+          configMap:
+            name: sidecar-configs-studio
+            items:
+              - key: envoy.yaml
+                path: envoy.yaml
+        - name: certs
+          emptyDir: {}
+      initContainers:
+        - name: init-chmod-data
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          command:
+            - sh
+            - '-c'
+            - |
+              chown -R 1000:1000 /home/coder
+              chown -R 65532:65532 /charts
+              chown -R 65532:65532 /data
+          securityContext:
+            runAsUser: 0
+          resources: { }
+          volumeMounts:
+            - name: storage-volume
+              mountPath: /home/coder
+            - name: chart
+              mountPath: /charts
+            - name: data
+              mountPath: /data
+        - name: terminus-sidecar-init
+          image: aboveos/openservicemesh-init:v1.2.3
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - -c
+            - |
+              iptables-restore --noflush <<EOF
+              # sidecar interception rules
+              *nat
+              :PROXY_IN_REDIRECT - [0:0]
+              :PROXY_INBOUND - [0:0]
+              :PROXY_OUTBOUND - [0:0]
+              :PROXY_OUT_REDIRECT - [0:0]
+
+              -A PREROUTING -p tcp -j PROXY_INBOUND
+              -A OUTPUT -p tcp -j PROXY_OUTBOUND
+              -A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
+              -A PROXY_INBOUND -p tcp --dport 8083 -j RETURN
+              -A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
+              -A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
+
+
+              -A PROXY_OUTBOUND -p tcp --dport 5432 -j RETURN
+              -A PROXY_OUTBOUND -p tcp --dport 6379 -j RETURN
+              -A PROXY_OUTBOUND -p tcp --dport 27017 -j RETURN
+              -A PROXY_OUTBOUND -p tcp --dport 443 -j RETURN
+              -A PROXY_OUTBOUND -p tcp --dport 8080 -j RETURN
+
+              -A PROXY_OUTBOUND -d ${POD_IP}/32 -j RETURN
+
+              -A PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1555 -j PROXY_IN_REDIRECT
+              -A PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1555 -j RETURN
+              -A PROXY_OUTBOUND -m owner --uid-owner 1555 -j RETURN
+              -A PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
+
+              -A PROXY_OUTBOUND -j PROXY_OUT_REDIRECT
+              -A PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
+
+              COMMIT
+              EOF
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: status.podIP
+          securityContext:
+            privileged: true
+            capabilities:
+              add:
+                - NET_ADMIN
+            runAsNonRoot: false
+            runAsUser: 0
+
+        - name: generate-certs
+          image: beclab/openssl:v3
+          imagePullPolicy: IfNotPresent
+          command: [ "/bin/sh", "-c" ]
+          args:
+            - |
+              openssl genrsa -out /etc/certs/ca.key 2048
+              openssl req -new -x509 -days 3650 -key /etc/certs/ca.key -out /etc/certs/ca.crt \
+                -subj "/CN=bytetrade CA/O=bytetrade/C=CN"
+              openssl req -new -newkey rsa:2048 -nodes \
+                -keyout /etc/certs/server.key -out /etc/certs/server.csr \
+                -config /etc/san/san.cnf
+              openssl x509 -req -days 3650 -in /etc/certs/server.csr \
+                -CA /etc/certs/ca.crt -CAkey /etc/certs/ca.key \
+                -CAcreateserial -out /etc/certs/server.crt \
+                -extensions v3_req -extfile /etc/san/san.cnf
+              chown -R 65532 /etc/certs/*
+          volumeMounts:
+            - name: config-san
+              mountPath: /etc/san
+            - name: certs
+              mountPath: /etc/certs
+
+      containers:
+        - name: studio
+          image: beclab/studio-server:v0.1.50
+          imagePullPolicy: IfNotPresent
+          args:
+            - server
+          ports:
+            - name: port
+              containerPort: 8088
+              protocol: TCP
+            - name: ssl-port
+              containerPort: 8083
+              protocol: TCP
+          volumeMounts:
+            - name: chart
+              mountPath: /charts
+            - name: data
+              mountPath: /data
+            - mountPath: /etc/certs
+              name: certs
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - "/studio"
+                  - "clean"
+          env:
+            - name: BASE_DIR
+              value: /charts
+            - name: OS_API_KEY
+              value: {{ .Values.os.studio.appKey }}
+            - name: OS_API_SECRET
+              value: {{ .Values.os.studio.appSecret }}
+            - name: OS_SYSTEM_SERVER
+              value: system-server.user-system-{{ .Values.bfl.username }}
+            - name: NAME_SPACE
+              value: {{ .Release.Namespace }}
+            - name: OWNER
+              value: '{{ .Values.bfl.username }}'
+            - name: DB_HOST
+              value: citus-master-svc.user-system-{{ .Values.bfl.username }}
+            - name: DB_USERNAME
+              value: studio_{{ .Values.bfl.username }}
+            - name: DB_PASSWORD
+              value: "{{ $pg_password | b64dec }}"
+            - name: DB_NAME
+              value: user_space_{{ .Values.bfl.username }}_studio
+            - name: DB_PORT
+              value: "5432"
+          resources:
+            requests:
+              cpu: "50m"
+              memory: 100Mi
+            limits:
+              cpu: "0.5"
+              memory: 1000Mi
+        - name: terminus-envoy-sidecar
+          image: bytetrade/envoy:v1.25.11.1
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsUser: 1555
+          ports:
+            - name: proxy-admin
+              containerPort: 15000
+            - name: proxy-inbound
+              containerPort: 15003
+            - name: proxy-outbound
+              containerPort: 15001
+          resources:
+            requests:
+              cpu: "50m"
+              memory: 100Mi
+            limits:
+              cpu: "0.5"
+              memory: 200Mi
+          volumeMounts:
+            - name: sidecar-configs-studio
+              readOnly: true
+              mountPath: /etc/envoy/envoy.yaml
+              subPath: envoy.yaml
+          command:
+            - /usr/local/bin/envoy
+            - --log-level
+            - debug
+            - -c
+            - /etc/envoy/envoy.yaml
+          env:
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: APP_KEY
+              value: {{ .Values.os.studio.appKey }}
+            - name: APP_SECRET
+              value: {{ .Values.os.studio.appSecret }}
+        - name: chartmuseum
+          image: aboveos/helm-chartmuseum:v0.15.0
+          args:
+            - '--port=8888'
+            - '--storage-local-rootdir=/storage'
+          ports:
+            - name: http
+              containerPort: 8888
+              protocol: TCP
+          env:
+            - name: CHART_POST_FORM_FIELD_NAME
+              value: chart
+            - name: DISABLE_API
+              value: 'false'
+            - name: LOG_JSON
+              value: 'true'
+            - name: PROV_POST_FORM_FIELD_NAME
+              value: prov
+            - name: STORAGE
+              value: local
+          resources:
+            requests:
+              cpu: "50m"
+              memory: 100Mi
+            limits:
+              cpu: 1000m
+              memory: 512Mi
+          volumeMounts:
+            - name: storage-volume
+              mountPath: /storage
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: 5
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: 5
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+
+---
+apiVersion: v1
+data:
+  envoy.yaml: |
+    admin:
+      access_log_path: "/dev/stdout"
+      address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 15000
+    static_resources:
+      listeners:
+        - name: listener_0
+          address:
+            socket_address:
+              address: 0.0.0.0
+              port_value: 15003
+          listener_filters:
+            - name: envoy.filters.listener.original_dst
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
+          filter_chains:
+            - filters:
+                - name: envoy.filters.network.http_connection_manager
+                  typed_config:
+                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                    stat_prefix: desktop_http
+                    upgrade_configs:
+                      - upgrade_type: websocket
+                      - upgrade_type: tailscale-control-protocol
+                    skip_xff_append: false
+                    codec_type: AUTO
+                    route_config:
+                      name: local_route
+                      virtual_hosts:
+                        - name: service
+                          domains: ["*"]
+                          routes:
+                            - match:
+                                prefix: "/"
+                              route:
+                                cluster: original_dst
+                                timeout: 1800s
+                    http_protocol_options:
+                      accept_http_10: true
+                    http_filters:
+                      - name: envoy.filters.http.router
+                        typed_config:
+                          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        - name: listener_1
+          address:
+            socket_address:
+              address: 0.0.0.0
+              port_value: 15001
+          listener_filters:
+            - name: envoy.filters.listener.original_dst
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
+          filter_chains:
+            - filters:
+                - name: envoy.filters.network.http_connection_manager
+                  typed_config:
+                    "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                    stat_prefix: studio_out_http
+                    skip_xff_append: false
+                    codec_type: AUTO
+                    route_config:
+                      name: local_route
+                      virtual_hosts:
+                        - name: service
+                          domains: ["*"]
+                          routes:
+                            - match:
+                                prefix: "/server/intent/send"
+                              request_headers_to_add:
+                                - header:
+                                    key: X-App-Key
+                                    value: {{ .Values.os.studio.appKey }}
+                              route:
+                                cluster: system-server
+                                prefix_rewrite: /system-server/v2/legacy_api/api.intent/v2/server/intent/send
+                            - match:
+                                prefix: "/"
+                              route:
+                                cluster: original_dst
+                                timeout: 1800s
+                              typed_per_filter_config:
+                                envoy.filters.http.lua:
+                                  "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
+                                  disabled: true
+
+                    http_protocol_options:
+                      accept_http_10: true
+                    http_filters:
+                      - name: envoy.filters.http.lua
+                        typed_config:
+                          "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
+                          inline_code:
+                            local sha = require("lib.sha2")
+                            function envoy_on_request(request_handle)
+                            local app_key = os.getenv("APP_KEY")
+                            local app_secret = os.getenv("APP_SECRET")
+                            local current_time = os.time()
+                            local minute_level_time = current_time - (current_time % 60)
+                            local time_string = tostring(minute_level_time)
+                            local s = app_key .. app_secret .. time_string
+                            request_handle:logInfo("originstring:" .. s)
+                            local hash = sha.sha256(s)
+                            request_handle:logInfo("Hello World.")
+                            request_handle:logInfo(hash)
+                            request_handle:headers():add("X-Auth-Signature",hash)
+                            end
+                      - name: envoy.filters.http.router
+                        typed_config:
+                          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+
+
+      clusters:
+        - name: original_dst
+          connect_timeout: 5000s
+          type: ORIGINAL_DST
+          lb_policy: CLUSTER_PROVIDED
+        - name: system-server
+          connect_timeout: 2s
+          type: LOGICAL_DNS
+          dns_lookup_family: V4_ONLY
+          dns_refresh_rate: 600s
+          lb_policy: ROUND_ROBIN
+          load_assignment:
+            cluster_name: system-server
+            endpoints:
+              - lb_endpoints:
+                  - endpoint:
+                      address:
+                        socket_address:
+                          address: system-server.user-system-{{ .Values.bfl.username }}
+                          port_value: 80
+kind: ConfigMap
+metadata:
+  name: sidecar-configs-studio
+  namespace: {{ .Release.Namespace }}

apps/studio/config/user/helm-charts/studio/values.yaml

@@ -0,0 +1,44 @@
+
+bfl:
+  nodeport: 30883
+  nodeport_ingress_http: 30083
+  nodeport_ingress_https: 30082
+  username: 'test'
+  url: 'test'
+  nodeName: test
+pvc:
+  userspace: test
+userspace:
+  userData: test/Home
+  appData: test/Data
+  appCache: test
+  dbdata: test
+docs:
+  nodeport: 30881
+desktop:
+  nodeport: 30180
+os:
+  portfolio:
+    appKey: '${ks[0]}'
+    appSecret: test
+  vault:
+    appKey: '${ks[0]}'
+    appSecret: test
+  desktop:
+    appKey: '${ks[0]}'
+    appSecret: test
+  message:
+    appKey: '${ks[0]}'
+    appSecret: test
+  rss:
+    appKey: '${ks[0]}'
+    appSecret: test
+  search:
+    appKey: '${ks[0]}'
+    appSecret: test
+  search2:
+    appKey: '${ks[0]}'
+    appSecret: test
+kubesphere:
+  redis_password: ""
+

apps/system-apps/config/user/helm-charts/monitoring/templates/system-frontend.yaml

@@ -109,6 +109,19 @@ spec:
       port: 3010
       targetPort: 3010
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: studio-svc
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: system-frontend
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 87
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -121,11 +134,11 @@ metadata:
     applications.app.bytetrade.io/group: 'true'
     applications.app.bytetrade.io/author: bytetrade.io
   annotations:
-    applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","wise":"https://file.bttcdn.com/appstore/rss/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png"}'
-    applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","wise":"Wise","headscale":"Headscale","settings":"Settings"}'
-    applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","wise":"0.0.1","headscale":"0.0.1","settings":"0.0.1"}'
+    applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","wise":"https://file.bttcdn.com/appstore/rss/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png","studio":"https://file.bttcdn.com/appstore/devbox/icon.png"}'
+    applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","wise":"Wise","headscale":"Headscale","settings":"Settings","studio":"Studio"}'
+    applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","wise":"0.0.1","headscale":"0.0.1","settings":"0.0.1","studio":"0.0.1"}'
     applications.app.bytetrade.io/policies: '{"dashboard":{"policies":[{"entranceName":"dashboard","uriRegex":"/js/script.js", "level":"public"},{"entranceName":"dashboard","uriRegex":"/js/api/send", "level":"public"}]}}'
-    applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"wise":[{"name":"wise", "host":"wise-svc", "port":80,"title":"Wise","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}]}'
+    applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"wise":[{"name":"wise", "host":"wise-svc", "port":80,"title":"Wise","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}],"studio":[{"name":"studio","host":"studio-svc","port":8080,"title":"Studio","openMethod":"window"}]}'
 spec:
   replicas: 1
   selector:
@@ -190,7 +203,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: control-hub-init
-          image: beclab/admin-console-frontend-v1:v0.4.12
+          image: beclab/admin-console-frontend-v1:v0.5.8
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -202,7 +215,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: profile-editor-init
-          image: beclab/profile-editor:v0.2.1
+          image: beclab/profile-editor:v0.2.21
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -214,7 +227,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: profile-preview-init
-          image: beclab/profile-preview:v0.2.1
+          image: beclab/profile-preview:v0.2.21
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -226,7 +239,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: wise-init
-          image: beclab/wise:v1.3.24
+          image: beclab/wise:v1.3.55
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -238,7 +251,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: settings-init
-          image: beclab/settings:v0.2.10
+          image: beclab/settings:v0.2.19
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -249,6 +262,18 @@ spec:
           volumeMounts:
             - mountPath: /www
               name: www-dir
+        - name: studio-init
+          image: beclab/studio:v0.2.11
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - -c
+            - |
+              mkdir -p /www/studio
+              cp -r /app/* /www/studio
+          volumeMounts:
+            - mountPath: /www
+              name: www-dir
       containers:
         - name: terminus-envoy-sidecar
           image: bytetrade/envoy:v1.25.11
@@ -284,6 +309,7 @@ spec:
             - containerPort: 84
             - containerPort: 85
             - containerPort: 86
+            - containerPort: 87
             - containerPort: 8090
           command:
             - /bin/sh
@@ -321,6 +347,9 @@ spec:
             - name: system-frontend-nginx-config
               mountPath: /etc/nginx/conf.d/settings.conf
               subPath: settings.conf
+            - name: system-frontend-nginx-config
+              mountPath: /etc/nginx/conf.d/studio.conf
+              subPath: studio.conf
           env:
             - name: POD_UID
               valueFrom:
@@ -339,7 +368,7 @@ spec:
                 fieldRef:
                   fieldPath: status.podIP
         - name: terminus-ws-sidecar
-          image: 'beclab/ws-gateway:v1.0.4'
+          image: 'beclab/ws-gateway:v1.0.5'
           imagePullPolicy: IfNotPresent
           command:
             - /ws-gateway
@@ -352,7 +381,7 @@ spec:
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
         - name: settings-server
-          image: beclab/settings-server:v0.2.10
+          image: beclab/settings-server:v0.2.19
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000
@@ -423,6 +452,8 @@ spec:
                 path: headscale.conf
               - key: settings.conf
                 path: settings.conf
+              - key: studio.conf
+                path: studio.conf
 
 
 ---
@@ -478,6 +509,31 @@ status:
 ---
 apiVersion: sys.bytetrade.io/v1alpha1
 kind: ApplicationPermission
+metadata:
+  name: studio
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: studio
+  appid: studio
+  key: {{ .Values.os.studio.appKey }}
+  secret: {{ .Values.os.studio.appSecret }}
+  permissions:
+    - dataType: app
+      group: service.appstore
+      ops:
+        - InstallDevApp
+        - UninstallDevApp
+      version: v1
+    - dataType: legacy_api
+      group: api.intent
+      ops:
+        - POST
+      version: v2
+status:
+  state: active
+---
+apiVersion: sys.bytetrade.io/v1alpha1
+kind: ApplicationPermission
 metadata:
   name: settings
   namespace: user-system-{{ .Values.bfl.username }}
@@ -1321,3 +1377,189 @@ data:
             add_header Cache-Control "public, max-age=2678400";
         }
     }
+  studio.conf: |-
+    upstream SettingsServerStudio {
+        server monitoring-server.os-system;
+    }
+
+    upstream MiddlewareStudio {
+        server middleware-service.os-system;
+    }
+
+    upstream AnalyticsStudio {
+      server anayltic2-server.os-system:3010;
+    }
+
+    server {
+        listen 87;
+        # Gzip Settings
+        gzip off;
+        gzip_disable "msie6";
+        gzip_min_length 1k;
+        gzip_buffers 16 64k;
+        gzip_http_version 1.1;
+        gzip_comp_level 6;
+        gzip_types *;
+        root /www/studio;
+
+        location / {
+          try_files $uri $uri/index.html /index.html;
+          add_header Cache-Control "private,no-cache";
+          add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
+          expires 0;
+        }
+
+       location /api/command {
+          proxy_pass http://studio-server:8080;
+          proxy_set_header            Host $http_host;
+          proxy_set_header            X-real-ip $remote_addr;
+          proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection $http_connection;
+          proxy_set_header Accept-Encoding gzip;
+          proxy_read_timeout 180;
+      }
+      location /api/apps {
+          proxy_pass http://studio-server:8080;
+          proxy_set_header            Host $http_host;
+          proxy_set_header            X-real-ip $remote_addr;
+          proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection $http_connection;
+          proxy_set_header Accept-Encoding gzip;
+          proxy_read_timeout 180;
+      }
+      location /api/app-cfg {
+        proxy_pass http://studio-server:8080;
+        proxy_set_header            Host $http_host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Accept-Encoding gzip;
+        proxy_read_timeout 180;
+      }
+      location /api/app-state {
+        proxy_pass http://studio-server:8080;
+        proxy_set_header            Host $http_host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Accept-Encoding gzip;
+        proxy_read_timeout 180;
+      }
+      location /api/app-status {
+        proxy_pass http://studio-server:8080;
+        proxy_set_header            Host $http_host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Accept-Encoding gzip;
+        proxy_read_timeout 180;
+      }
+      location /api/list-my-containers {
+        proxy_pass http://studio-server:8080;
+        proxy_set_header            Host $http_host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Accept-Encoding gzip;
+        proxy_read_timeout 180;
+      }
+      location /api/files {
+        proxy_pass http://studio-server:8080;
+        proxy_set_header            Host $http_host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Accept-Encoding gzip;
+        proxy_read_timeout 180;
+      }
+
+      location /ws {
+        proxy_pass http://127.0.0.1:40010;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+      }
+
+      location /bfl {
+        add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
+        proxy_pass http://bfl;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        add_header X-Frame-Options SAMEORIGIN;
+      }
+
+      location /kapis {
+        proxy_pass http://SettingsServerStudio;
+      }
+
+      location /api/profile/init {
+        proxy_pass http://127.0.0.1:3010;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+      }
+
+      location /api {
+        proxy_pass http://SettingsServerStudio;
+      }
+
+      location /capi {
+        proxy_pass http://SettingsServerStudio;
+        proxy_set_header            Host $host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+      }
+
+      location = /js/api/send {
+        proxy_pass http://AnalyticsStudio;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        rewrite ^/js(.*)$ $1 break;
+      }
+
+      location /analytics_service {
+        proxy_pass http://AnalyticsStudio;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        rewrite ^/analytics_service(.*)$ $1 break;
+      }
+
+      location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
+        proxy_pass http://SettingsServerStudio;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+      }
+
+
+      location = /js/script.js {
+        add_header Access-Control-Allow-Origin "*";
+      }
+
+      location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
+        add_header Cache-Control "public, max-age=2678400";
+      }
+    }

apps/vault/config/cluster/deploy/vault_server_deploy.yaml

@@ -83,7 +83,7 @@ spec:
             value: os_system_vault
       containers:
       - name: vault-server
-        image: beclab/vault-server:v1.3.24
+        image: beclab/vault-server:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3000
@@ -114,7 +114,7 @@ spec:
         - name: vault-attach
           mountPath: /padloc/packages/server/attachments
       - name: vault-admin
-        image: beclab/vault-admin:v1.3.24
+        image: beclab/vault-admin:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010

apps/vault/config/user/helm-charts/vault/templates/vault_deploy.yaml

@@ -88,13 +88,13 @@ spec:
 
       containers:
       - name: vault-frontend
-        image: beclab/vault-frontend:v1.3.24
+        image: beclab/vault-frontend:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
       
       - name: notification-server
-        image: beclab/vault-notification:v1.3.24
+        image: beclab/vault-notification:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010

build/installer/install.ps1

@@ -48,7 +48,7 @@ if (-Not (Test-Path $CLI_PROGRAM_PATH)) {
   New-Item -Path $CLI_PROGRAM_PATH -ItemType Directory
 }
 
-$CLI_VERSION = "0.1.107"
+$CLI_VERSION = "0.1.127"
 $CLI_FILE = "olares-cli-v{0}_windows_{1}.tar.gz" -f $CLI_VERSION, $arch
 $CLI_URL = "{0}/{1}" -f $downloadUrl, $CLI_FILE
 $CLI_PATH = "{0}{1}" -f $CLI_PROGRAM_PATH, $CLI_FILE

build/installer/install.sh

@@ -74,7 +74,7 @@ if [ -z ${cdn_url} ]; then
     cdn_url="https://dc3p1870nn3cj.cloudfront.net"
 fi
 
-CLI_VERSION="0.1.107"
+CLI_VERSION="0.1.127"
 CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
 if [[ x"$os_type" == x"Darwin" ]]; then
     CLI_FILE="olares-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"

build/installer/joincluster.sh

@@ -157,7 +157,7 @@ fi
 
 set_master_host_ssh_options
 
-CLI_VERSION="0.1.107"
+CLI_VERSION="0.1.127"
 CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
 
 if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$CLI_VERSION" ]]; then

build/installer/upgrade_cmd.sh

@@ -146,7 +146,7 @@ function get_app_key_secret(){
 
 function get_app_settings(){
     local username=$1
-    local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "devbox" "profile" "agent" "files")
+    local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "studio" "profile" "agent" "files")
     for a in ${apps[@]};do
         ks=($(get_app_key_secret "$username" "$a"))
         echo '
@@ -175,7 +175,7 @@ function gen_bfl_values(){
     echo '
 bfl:
   nodeport: '${user_bfl_port}'
-  username: '${username}'
+  username: "'${username}'"
 
   userspace_rand16: '${userspace_rand16}'
   userspace_pv: '${pvc_path[2]}'
@@ -263,7 +263,16 @@ function get_appservice_pod(){
 }
 
 function get_appservice_status(){
-    $sh_c "${KUBECTL} get pod  -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].status.phase}'"
+    local s=$($sh_c "${KUBECTL} get pods app-service-0 -n os-system --no-headers|awk '{print \$3}'")
+    if [[ $s == "Running" ]]; then
+        local ip=$($sh_c "${KUBECTL} get svc -n os-system app-service --no-headers|awk '{print \$3}'")
+        curl -SsIk https://${ip}:8433 > /dev/null
+        if [[ $? -ne 0 ]]; then
+            echo "initializing"
+        fi
+    fi
+
+    echo "$s"
 }
 
 function get_desktop_status(){
@@ -279,7 +288,34 @@ function get_vault_status(){
 
 function get_bfl_status(){
     local username=$1
-    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].status.phase}'"
+    $sh_c "${KUBECTL} get pods bfl-0 -n user-space-${username} --no-headers|awk '{print \$3}'"
+}
+
+function get_fileserver_status(){
+    $sh_c "${KUBECTL} get pod  -n os-system -l 'app=files' -o jsonpath='{.items[*].status.phase}'"
+}
+
+function get_filefe_status(){
+    local username=$1
+    $sh_c "${KUBECTL} get pod  -n user-space-${username} -l 'app=files' -o jsonpath='{.items[*].status.phase}'"
+}
+
+function check_fileserver(){
+    local status=$(get_fileserver_status)
+    local n=0
+    while [ "x${status}" != "xRunning" ]; do
+        n=$(expr $n + 1)
+        local dotn=$(($n % 10))
+        local dot=$(repeat $dotn '>')
+
+        echo -ne "\rWaiting for file-server starting ${dot}"
+        sleep 0.5
+
+        status=$(get_fileserver_status)
+        echo -ne "\rWaiting for file-server starting          "
+
+    done
+    echo
 }
 
 function check_appservice(){
@@ -300,6 +336,25 @@ function check_appservice(){
     echo
 }
 
+function check_filesfe(){
+    local username=$1
+    local status=$(get_filefe_status ${username})
+    local n=0
+    while [ "x${status}" != "xRunning" ]; do
+        n=$(expr $n + 1)
+        local dotn=$(($n % 10))
+        local dot=$(repeat $dotn '>')
+
+        echo -ne "\rPlease waiting ${dot}"
+        sleep 0.5
+
+        status=$(get_filefe_status ${username})
+        echo -ne "\rPlease waiting          "
+
+    done
+    echo
+}
+
 function check_bfl(){
     local username=$1
     local status=$(get_bfl_status ${username})
@@ -473,17 +528,40 @@ function upgrade_terminus(){
     # upgrade_jfs ${users[@]}
     local selfhosted=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.selfhosted}'")
     local domainname=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.domainName}'")
+    local current_version=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.version}'")
     sed -i "s/#__DOMAIN_NAME__/${domainname}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
     sed -i "s/#__SELFHOSTED__/${selfhosted}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
 
     echo "Upgrading olares system components ... "
     gen_settings_values ${admin_user}
-    ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings -n default --reuse-values"
+    ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings -n default --reuse-values --atomic"
+
+    local new_version=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.version}'")
+    if [ "$new_version" == "$current_version" ]; then
+        echo "get new version error, try to get from file"
+        new_version=$(grep version ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml|awk '{print $2}')
+        echo "find new version from file: ${new_version}"        
+    fi
+    $sh_c "${KUBECTL} patch terminus terminus --type=merge  --patch='{\"spec\": {\"version\":\"${current_version}\"}}'"
 
     # patch
     ensure_success $sh_c "${KUBECTL} apply -f ${BASE_DIR}/deploy/patch-globalrole-workspace-manager.yaml"
     ensure_success $sh_c "$KUBECTL apply -f ${BASE_DIR}/deploy/patch-notification-manager.yaml"
 
+    echo "Upgrading admin ${admin_user}'s launcher ... "
+    gen_bfl_values ${admin_user}
+
+    # gen bfl app key and secret
+    bfl_ks=($(get_app_key_secret ${admin_user} "bfl"))
+
+    # install launcher , and init pv
+    ensure_success $sh_c "${HELM} upgrade -i launcher-${admin_user} ${BASE_DIR}/wizard/config/launcher -n user-space-${admin_user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
+
+    echo 'Starting BFL ...'
+    check_bfl ${admin_user}
+    echo
+
+
     # clear apps values.yaml
     cat /dev/null > ${BASE_DIR}/wizard/config/apps/values.yaml
     cat /dev/null > ${BASE_DIR}/wizard/config/launcher/values.yaml
@@ -494,44 +572,8 @@ function upgrade_terminus(){
     done
 
     local ks_redis_pwd=$($sh_c "${KUBECTL} get secret -n kubesphere-system redis-secret -o jsonpath='{.data.auth}' |base64 -d")
-    for user in ${users[@]}; do
-        echo "Upgrading user ${user} ... "
-        gen_bfl_values ${user}
 
-        # gen bfl app key and secret
-        bfl_ks=($(get_app_key_secret ${user} "bfl"))
-
-        # install launcher , and init pv
-        ensure_success $sh_c "${HELM} upgrade -i launcher-${user} ${BASE_DIR}/wizard/config/launcher -n user-space-${user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
-
-        gen_app_values ${user}
-        close_apps ${user}
-
-        for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
-          if [ -d "$appdir" ]; then
-            releasename=$(basename "$appdir")
-            if [ "$user" != "$admin_user" ];then
-                releasename=${releasename}-${user}
-            fi
-            ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${user} --reuse-values --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
-          fi
-        done
-
-    done
-
-    echo 'Waiting for Vault ...'
-    check_vault ${admin_user}
-    echo
-
-    echo 'Starting BFL ...'
-    check_bfl ${admin_user}
-    echo
-
-    echo 'Starting Desktop ...'
-    check_desktop ${admin_user}
-    echo
-
-    # upgrade app service in the last. keep app service online longer
+    # upgrade app service 
     local terminus_is_cloud_version=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.terminus-is-cloud-version}'")
     local backup_cluster_bucket=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-cluster-bucket}'")
     local backup_key_prefix=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-key-prefix}'")
@@ -543,19 +585,72 @@ function upgrade_terminus(){
         --set backup.key_prefix=\"${backup_key_prefix}\" --set backup.is_cloud_version=\"${terminus_is_cloud_version}\" \
         --set backup.sync_secret=\"${backup_secret}\""
 
+    local market_provider=$($sh_c "${KUBECTL} get deploy -n user-space-${admin_user}  market-deployment -o jsonpath='{.spec.template.spec.containers[1].env[?(@.name==\"MARKET_PROVIDER\")].value }'")
+    if [ "$market_provider" != "" ]; then
+        $sh_c "${KUBECTL} set env sts/app-service -n os-system MARKET_PROVIDER=${market_provider}"
+    fi
+
     echo 'Waiting for App-Service ...'
-    check_appservice
+    sleep 2 # wait for controller reconiling
     echo
 
-    # upgrade_ksapi ${users[@]}
-    # echo
+    # update kvrocks namespace
+    $sh_c "${KUBECTL} rollout restart deployment tapr-middleware -n os-system"
 
-    local gpu=$($sh_c "${KUBECTL} get ds -n gpu-system orionx-server -o jsonpath='{.meta.name}'")
-    if [ "x$gpu" != "x" ]; then
-        echo "upgrade"
-        local GPU_DOMAIN=$($sh_c "${KUBECTL} get ds -n gpu-system orionx-server -o jsonpath='{.meta.annotations.gpu-server}'")
-        ensure_success $sh_c "${HELM} upgrade -i gpu ${BASE_DIR}/wizard/config/gpu -n gpu-system --set gpu.server=${GPU_DOMAIN} --reuse-values"
-    fi
+    for user in ${users[@]}; do
+        check_appservice
+        echo "Upgrading user ${user} ... "
+        gen_bfl_values ${user}
+
+        if [ "$user" != "$admin_user" ];then
+            # gen bfl app key and secret
+            bfl_ks=($(get_app_key_secret ${user} "bfl"))
+
+            # install launcher , and init pv
+            ensure_success $sh_c "${HELM} upgrade -i launcher-${user} ${BASE_DIR}/wizard/config/launcher -n user-space-${user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
+        fi
+
+        gen_app_values ${user}
+        close_apps ${user}
+
+        for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
+          if [ -d "$appdir" ]; then
+            releasename=$(basename "$appdir")
+
+            # ignore wizard
+            # FIXME: unintitialized user's wizard should be upgrade
+            if [ x"${releasename}" == x"wizard" ]; then 
+                continue
+            fi
+
+            if [ "$user" != "$admin_user" ];then
+                releasename=${releasename}-${user}
+            fi
+            ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${user} --reuse-values --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
+          fi
+        done
+
+        # update user market env
+        if [[ "$user" != "$admin_user" && "$market_provider" != "" ]];then
+            $sh_c "${KUBECTL} set env deployment/market-deployment -n user-space-${user} MARKET_PROVIDER=${market_provider}"
+        fi
+
+    done
+
+    echo 'Waiting for Vault ...'
+    check_vault ${admin_user}
+    echo
+
+    echo 'Starting files ...'
+    check_fileserver
+    check_filesfe ${admin_user}
+    echo
+
+    echo 'Starting Desktop ...'
+    check_desktop ${admin_user}
+    echo
+
+    $sh_c "${KUBECTL} patch terminus terminus --type=merge  --patch='{\"spec\": {\"version\":\"${new_version}\"}}'"
 }
 
 

build/installer/wizard/config/account/templates/account.yaml

@@ -7,14 +7,14 @@ metadata:
     iam.kubesphere.io/uninitialized: "true"
     helm.sh/resource-policy: keep
     bytetrade.io/owner-role: platform-admin
-    bytetrade.io/terminus-name: {{.Values.user.terminus_name}}
+    bytetrade.io/terminus-name: "{{.Values.user.terminus_name}}"
     bytetrade.io/launcher-auth-policy: two_factor
     bytetrade.io/launcher-access-level: "1"
 {{ if .Values.nat_gateway_ip }}
     bytetrade.io/nat-gateway-ip: {{ .Values.nat_gateway_ip }}
 {{ end }}            
 spec:
-  email: {{.Values.user.email}}
-  password: {{.Values.user.password}}
+  email: "{{.Values.user.email}}"
+  password: "{{.Values.user.password}}"
 status:
   state: Active

build/manifest/components

@@ -1,4 +1,4 @@
-olaresd-v0.0.57.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v0.0.57-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v0.0.57-linux-arm64.tar.gz,olaresd
+olaresd-v1.11.7.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.11.7-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.11.7-linux-arm64.tar.gz,olaresd
 socat-1.7.3.2.tar.gz,pkg/components,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,socat
 conntrack-tools-1.4.1.tar.gz,pkg/components,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,conntrack-tools
 minio.RELEASE.2023-05-04T21-44-30Z,pkg/components,https://dl.min.io/server/minio/release/linux-amd64/archive/minio.RELEASE.2023-05-04T21-44-30Z,https://dl.min.io/server/minio/release/linux-arm64/archive/minio.RELEASE.2023-05-04T21-44-30Z,minio
@@ -20,3 +20,5 @@ debian11_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.nv
 libnvidia-gpgkey,pkg/components,https://nvidia.github.io/libnvidia-container/gpgkey,https://nvidia.github.io/libnvidia-container/gpgkey,libnvidia-gpgkey
 libnvidia-container.list,pkg/components,https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list,https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list,libnvidia-container.list
 
+restic-linux-0.17.3,pkg/components,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_linux_amd64.bz2,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_linux_arm64.bz2,restic
+restic-darwin-0.17.3,pkg/components,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_darwin_amd64.bz2,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_darwin_arm64.bz2,restic

build/manifest/images

@@ -1,4 +1,4 @@
-beclab/ks-apiserver:v3.3.0-ext-3
+beclab/ks-apiserver:v3.3.0-ext-5
 beclab/kube-state-metrics:v2.3.0-ext
 beclab/notification-manager-ext:v0.1.1-ext
 beclab/notification-manager-operator-ext:v0.1.0-ext
@@ -53,7 +53,7 @@ quay.io/argoproj/workflow-controller:v3.5.0
 redis:5.0.14-alpine
 beclab/velero:v1.11.3
 beclab/velero-plugin-for-terminus:v1.0.2
-beclab/l4-bfl-proxy:v0.2.7
+beclab/l4-bfl-proxy:v0.2.8
 gcr.io/k8s-minikube/storage-provisioner:v5
 owncloudci/wait-for:latest
 beclab/recommend-argotask:v0.0.12
@@ -67,5 +67,7 @@ rancher/mirrored-library-busybox:1.34.1
 rancher/mirrored-library-traefik:2.6.2
 rancher/mirrored-metrics-server:v0.5.2
 rancher/mirrored-pause:3.6
-beclab/reverse-proxy:v0.1.4
-beclab/upgrade-job:0.1.5
+beclab/reverse-proxy:v0.1.9
+beclab/upgrade-job:0.1.7
+bytetrade/envoy:v1.25.11.1
+alpine:3.14

frameworks/app-service/config/cluster/crds/app.bytetrade.io_applications.yaml

@@ -54,7 +54,7 @@ spec:
             properties:
               appid:
                 description: the unique id of the application for sys application
-                  appid equal name otherwise appid equal md5(name)[:8]  
+                  appid equal name otherwise appid equal md5(name)[:8]
                 type: string
               deployment:
                 description: the deployment of the application
@@ -116,6 +116,8 @@ spec:
               ports:
                 items:
                   properties:
+                    addToTailscaleAcl:
+                      type: boolean
                     exposePort:
                       format: int32
                       type: integer
@@ -128,7 +130,7 @@ spec:
                       type: integer
                     protocol:
                       description: The protocol for this entrance. Supports "tcp"
-                        and "udp". Default is tcp.
+                        and "udp","". Default is tcp/udp, "" mean tcp and udp.
                       type: string
                   required:
                   - host
@@ -141,6 +143,53 @@ spec:
                   type: string
                 description: the extend settings of the application
                 type: object
+              tailscale:
+                properties:
+                  acls:
+                    items:
+                      properties:
+                        action:
+                          type: string
+                        dst:
+                          items:
+                            type: string
+                          type: array
+                        proto:
+                          type: string
+                        src:
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - dst
+                      - proto
+                      type: object
+                    type: array
+                  subRoutes:
+                    items:
+                      type: string
+                    type: array
+                type: object
+              tailscaleAcls:
+                items:
+                  properties:
+                    action:
+                      type: string
+                    dst:
+                      items:
+                        type: string
+                      type: array
+                    proto:
+                      type: string
+                    src:
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - dst
+                  - proto
+                  type: object
+                type: array
             required:
             - appid
             - isSysApp

frameworks/app-service/config/cluster/deploy/appservice_deploy.yaml

@@ -149,7 +149,7 @@ spec:
       priorityClassName: "system-cluster-critical"
       containers:
       - name: app-service
-        image: beclab/app-service:0.2.72
+        image: beclab/app-service:0.2.98
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 0
@@ -163,9 +163,9 @@ spec:
         - name: KS_APISERVER_SERVICE_PORT
           value: '80'
         - name: REQUIRE_PERMISSION_APPS
-          value: "vault,desktop,message,wise,search,appstore,notification,dashboard,settings,devbox,profile"
+          value: "vault,desktop,message,wise,search,appstore,notification,dashboard,settings,studio,profile"
         - name: SYS_APPS
-          value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard,nitro,system-frontend"
+          value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard,nitro,system-frontend,studio"
         - name: GENERATED_APPS
           value: "citus,mongo-cluster-cfg,mongo-cluster-mongos,mongo-cluster-rs0,frp-agent,l4-bfl-proxy,drc-redis-cluster,appdata-backend,argoworkflows,argoworkflow-workflow-controller,velero,kvrocks"
         - name: WS_CONTAINER_IMAGE
@@ -173,7 +173,7 @@ spec:
         - name: UPLOAD_CONTAINER_IMAGE
           value: "beclab/upload:v1.0.3"
         - name: JOB_IMAGE
-          value: "beclab/upgrade-job:0.1.5"
+          value: "beclab/upgrade-job:0.1.7"
         - name: SHARED_LIB_PATH
           value: {{ .Values.sharedlib }}
         - name: CLUSTER_CPU_THRESHOLD
@@ -202,6 +202,8 @@ spec:
           name: certs
         - mountPath: /etc/containerd/config.toml
           name: configtoml
+        - mountPath: /Cache
+          name: app-cache
       initContainers:
       - name: generate-certs
         image: beclab/openssl:v3
@@ -225,6 +227,10 @@ spec:
           - name: certs
             mountPath: /etc/certs
       volumes:
+      - name: app-cache
+        hostPath:
+          path: {{ .Values.rootPath }}/userdata/Cache
+          type: DirectoryOrCreate
       - name: configtoml
         hostPath:
           path: /etc/containerd/config.toml
@@ -361,7 +367,7 @@ spec:
       hostNetwork: true
       containers:
         - name: image-service
-          image: beclab/image-service:0.2.66
+          image: beclab/image-service:0.2.98
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsUser: 0

frameworks/bfl/config/launcher/templates/bfl_deploy.yaml

@@ -243,7 +243,7 @@ spec:
 
       containers:
       - name: api
-        image: beclab/bfl:v0.3.63
+        image: beclab/bfl:v0.3.74
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 1000
@@ -287,16 +287,20 @@ spec:
         - name: BACKUP_SERVER
           value: backup-server.os-system:8082
         - name: L4_PROXY_IMAGE_VERSION
-          value: v0.2.7
+          value: v0.2.8
         - name: REVERSE_PROXY_AGENT_IMAGE_VERSION
-          value: v0.1.4
+          value: v0.1.9
         - name: TERMINUS_CERT_SERVICE_API
           value: {{ .Values.bfl.terminus_cert_service_api }}
         - name: TERMINUS_DNS_SERVICE_API
           value: {{ .Values.bfl.terminus_dns_service_api }}
-
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
       - name: ingress
-        image: beclab/bfl-ingress:v0.2.19
+        image: beclab/bfl-ingress:v0.2.23
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: ngxlog

frameworks/tapr/config/cluster/deploy/middleware_deploy.yaml

@@ -99,7 +99,7 @@ spec:
         - name: DISABLE_TELEMETRY
           value: "false"
       - name: operator-api
-        image: beclab/middleware-operator:0.1.38
+        image: beclab/middleware-operator:0.1.43
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9080

frameworks/tapr/config/cluster/deploy/redixcluster_deploy.yaml

@@ -77,7 +77,7 @@ spec:
         memory: 1Gi
       requests:
         cpu: 20m
-        memory: 100Mi  
+        memory: 60Mi  
     
     
     

scripts/upload-deps.sh

@@ -34,14 +34,28 @@ for deps in "components" "pkgs"; do
         name=$(echo -n "$filename"|md5sum|awk '{print $1}')
         checksum="$name.checksum.txt"
         md5sum $name > $checksum
+        backup_file=$(awk '{print $1}' $checksum)
+        if [ x"$backup_file"  == x""  ]; then
+            echo  "invalid checksum"
+            exit 1
+        fi
 
        curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$name > /dev/null
        if [ $? -ne 0 ]; then
-            set -ex
-            aws s3 cp $name s3://terminus-os-install/$path$name --acl=public-read
-            aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
-            echo "upload $name to s3 completed"
-            set +ex
+            code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz)
+            if [ $code -eq 403 ]; then
+                set -ex
+                aws s3 cp $name s3://terminus-os-install/$path$name --acl=public-read
+                aws s3 cp $name s3://terminus-os-install/backup/$path$backup_file --acl=public-read
+                aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
+                echo "upload $name to s3 completed"
+                set +ex
+            else
+                if [ $code -ne 200  ]; then
+                    echo  "failed to check image"
+                    exit -1
+                fi
+            fi
        fi        
 
        # upload to tencent cloud cos

scripts/upload-images.sh

@@ -13,18 +13,33 @@ cat $1|while read image; do
 
     curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz > /dev/null
     if [ $? -ne 0 ]; then
-        set -e
-        docker pull $image
-        docker save $image -o $name.tar
-        gzip $name.tar
+        code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz)
+        if [ $code -eq 403 ]; then
+            set -ex
+            docker pull $image
+            docker save $image -o $name.tar
+            gzip $name.tar
 
-        md5sum $name.tar.gz > $checksum
+            md5sum $name.tar.gz > $checksum
+            backup_file=$(awk '{print $1}' $checksum)
+            if [ x"$backup_file"  == x""  ]; then
+                echo  "invalid checksum"
+                exit 1
+            fi
 
-        aws s3 cp $name.tar.gz s3://terminus-os-install/$path$name.tar.gz --acl=public-read
-        aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
-        echo "upload $name completed"
-        
-        set +e
+            echo "start to upload [$name.tar.gz]"
+            aws s3 cp $name.tar.gz s3://terminus-os-install/$path$name.tar.gz --acl=public-read
+            aws s3 cp $name.tar.gz s3://terminus-os-install/backup/$path$backup_file --acl=public-read
+            aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
+            echo "upload $name completed"
+            
+            set +ex
+        else
+            if [ $code -ne 200  ]; then
+                echo  "failed to check image"
+                exit -1
+            fi
+        fi
     fi
 
     
@@ -32,17 +47,31 @@ cat $1|while read image; do
     # re-upload checksum.txt
     curl -fsSLI https://dc3p1870nn3cj.cloudfront.net/$path$checksum > /dev/null
     if [ $? -ne 0 ]; then
-        set -e
-        docker pull $image
-        docker save $image -o $name.tar
-        gzip $name.tar
+        code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$checksum)
+        if [ $code -eq 403 ]; then
+            set -ex
+            docker pull $image
+            docker save $image -o $name.tar
+            gzip $name.tar
 
-        md5sum $name.tar.gz > $checksum
+            md5sum $name.tar.gz > $checksum
+            backup_file=$(awk '{print $1}' $checksum)
+            if [ x"$backup_file"  == x""  ]; then
+                echo  "invalid checksum"
+                exit 1
+            fi
 
-        aws s3 cp $name.tar.gz s3://terminus-os-install/$path$name.tar.gz --acl=public-read
-        aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
-        echo "upload $name completed"
-        set +e
+            aws s3 cp $name.tar.gz s3://terminus-os-install/$path$name.tar.gz --acl=public-read
+            aws s3 cp $name.tar.gz s3://terminus-os-install/backup/$path$backup_file --acl=public-read
+            aws s3 cp $checksum s3://terminus-os-install/$path$checksum --acl=public-read
+            echo "upload $name completed"
+            set +ex
+        else
+            if [ $code -ne 200  ]; then
+                echo  "failed to check image"
+                exit -1
+            fi
+        fi
     fi
 
     # upload to tencent cloud cos

third-party/authelia/config/cluster/deploy/auth_backend_deploy.yaml

@@ -338,7 +338,7 @@ spec:
 
       containers:      
       - name: authelia
-        image: beclab/auth:0.1.41
+        image: beclab/auth:0.1.44
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9091

third-party/authelia/config/user/helm-charts/auth/templates/auth_deploy.yaml

@@ -28,7 +28,7 @@ spec:
         name: check-auth
       containers:
       - name: auth-front
-        image: beclab/login:v0.1.34
+        image: beclab/login:v0.1.40
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80

third-party/infisical/config/user/helm-charts/infisical/templates/infisical_deploy.yaml

@@ -168,16 +168,6 @@ metadata:
     app: infisical
     applications.app.bytetrade.io/author: bytetrade.io
 
-{{ if (eq .Values.debugVersion true) }}
-    applications.app.bytetrade.io/name: infisical
-    applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
-  annotations:
-    applications.app.bytetrade.io/icon: https://bookface-images.s3.amazonaws.com/small_logos/621cb43ec50d1aae545391abcc114014c84d295f.png
-    applications.app.bytetrade.io/title: Infisical
-    applications.app.bytetrade.io/version: '0.0.1'
-    applications.app.bytetrade.io/entrances: '[{"name":"infisical", "host":"infisical-service", "port":80,"title":"Infisical"}]'
-{{ end }}    
-
 spec:
   replicas: 1
   strategy:
@@ -277,23 +267,6 @@ spec:
         - name: REDIS_URL
           value: "redis://:$(REDIS_PASSWORD)@redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379/0"
 
-{{ if (eq .Values.debugVersion true) }}
-      - name: infisical-frontend
-        image: beclab/infisical-frontend:0.1.1
-        imagePullPolicy: IfNotPresent
-        readinessProbe:
-          httpGet:
-            path: /
-            port: 3000
-          initialDelaySeconds: 10
-          periodSeconds: 10
-        envFrom:
-        - secretRef:
-            name: infisical-frontend
-        ports:
-        - containerPort: 3000
-{{ end }}    
-
       - name: infisical-proxy
         image: nginx:stable-alpine3.17-slim
         imagePullPolicy: IfNotPresent
@@ -313,6 +286,8 @@ spec:
         - name: proxy
           containerPort: 8080
         env:
+        - name: INFISICAL_URL
+          value: http://localhost:4000
         - name: OWNER
           value: '{{ .Values.bfl.username }}'
         - name: PG_USER
@@ -459,20 +434,6 @@ data:
 
             location / {
                 include /etc/nginx/mime.types;
-
-{{ if (eq .Values.debugVersion true) }}
-                proxy_set_header X-Real-RIP $remote_addr;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-                proxy_set_header Host $http_host;
-                proxy_set_header X-NginX-Proxy true;
-
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-
-                proxy_pass http://localhost:3000; # for frontend
-                proxy_redirect off;
-{{ end }}    
             }
         }
     }

third-party/seahub/config/cluster/deploy/seafile_deploy.yaml

@@ -189,11 +189,11 @@ data:
         sendfile        on;
         #tcp_nopush     on;
 
-        keepalive_timeout  75s;
+        keepalive_timeout  750s;
 
         #gzip  on;
-        client_max_body_size 50M;
-        client_body_buffer_size 50M;
+        client_max_body_size 2000M;
+        client_body_buffer_size 2000M;
 
         include /etc/nginx/conf.d/*.conf;
     }
@@ -417,7 +417,7 @@ spec:
 #          protocol: TCP
 
       - name: sync-backend
-        image: beclab/seahub_pgserver:v0.0.11
+        image: beclab/seahub_pgserver:v0.0.12
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: sync-data

third-party/seahub/config/user/helm-charts/seafile/templates/seafile_fe_deploy.yaml

@@ -54,11 +54,7 @@ spec:
 #    applications.app.bytetrade.io/icon: https://file.bttcdn.com/appstore/seafiles/icon.png
 #    applications.app.bytetrade.io/title: Seafile
 #    applications.app.bytetrade.io/version: '0.0.1'
-#{{ if (eq .Values.debugVersion true) }}
-#    applications.app.bytetrade.io/entrances: '[{"name":"seafile-ui", "host":"seafile-ui", "port":80,"title":"Seafile"}]'
-#{{ else }}
 #    applications.app.bytetrade.io/entrances: '[{"name":"seafile-ui", "host":"seafile-ui", "port":80,"title":"Seafile","invisible": true}]'
-#{{ end }}
 #
 #spec:
 #  replicas: 1