feat: hertz-thrift recons: all apis replaced

feat: update system-frontend, chart repo and market backend version

.github/workflows/check.yaml

@@ -3,8 +3,12 @@ name: Lint and Test Charts
 on:
   push:
     branches: [ "main", "release-*" ]
+    paths-ignore:
+      - 'docs/**'    
   pull_request_target:
     branches: [ "main", "release-*" ]
+    paths-ignore:
+      - 'docs/**'    
 
   workflow_dispatch:
 
@@ -55,7 +59,7 @@ jobs:
     steps:
       - id: generate
         run: |
-          v=1.12.0-$(echo $RANDOM)
+          v=1.12.1-$(echo $RANDOM$RANDOM)
           echo "version=$v" >> "$GITHUB_OUTPUT"
 
   upload-cli:
@@ -99,6 +103,12 @@ jobs:
     runs-on: [self-hosted, linux, ARM64]
 
     steps:
+      - name: Install skopeo (Ubuntu)
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y skopeo
+          
+
       - name: 'Checkout source code'
         uses: actions/checkout@v3
         with:

.github/workflows/release-cli.yaml

@@ -10,6 +10,8 @@ on:
         type: string
       repository:
         type: string
+      release-id:
+        type: string
   workflow_dispatch:
     inputs:
       version:
@@ -19,6 +21,8 @@ on:
         type: string
       repository:
         type: string
+      release-id:
+        type: string
 jobs:
   goreleaser:
     runs-on: ubuntu-22.04
@@ -53,6 +57,7 @@ jobs:
           version: v1.18.2
           args: release --clean
         env:
+          OLARES_RELEASE_ID: ${{ inputs.release-id }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Upload to S3
@@ -61,6 +66,6 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
         run: |
-          cd cli/output && for file in *.tar.gz; do
+          cd cli/output && for file in $(ls *.tar.gz | grep -v no-release-id); do
             aws s3 cp "$file" s3://terminus-os-install${{ secrets.REPO_PATH }}${file} --acl=public-read
           done

.github/workflows/release-daemon.yaml

@@ -10,6 +10,8 @@ on:
         type: string
       repository:
         type: string
+      release-id:
+        type: string
   workflow_dispatch:
     inputs:
       version:
@@ -19,6 +21,8 @@ on:
         type: string
       repository:
         type: string
+      release-id:
+        type: string
 
 jobs:
   goreleaser:
@@ -52,6 +56,8 @@ jobs:
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v3.1.0
+        env:
+          OLARES_RELEASE_ID: ${{ inputs.release-id }}
         with:
           distribution: goreleaser
           workdir: './daemon'
@@ -64,6 +70,6 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
-          cd daemon/output && for file in *.tar.gz; do
+          cd daemon/output && for file in $(ls *.tar.gz | grep -v no-release-id); do
             aws s3 cp "$file" s3://terminus-os-install${{ secrets.REPO_PATH }}${file} --acl=public-read
           done

.github/workflows/release-daily.yaml

@@ -17,22 +17,36 @@ jobs:
     steps:
       - id: generate
         run: |
-          v=1.12.0-$(date +"%Y%m%d")
+          v=1.12.1-$(date +"%Y%m%d")
           echo "version=$v" >> "$GITHUB_OUTPUT"
 
+  release-id:
+    runs-on: ubuntu-latest
+    outputs:
+      id: ${{ steps.generate.outputs.id }}
+    steps:
+      - name: 'Checkout source code'
+        uses: actions/checkout@v3
+      - id: generate
+        run: |
+          hash=$(git rev-parse --short=7 HEAD)
+          echo "id=$hash" >> "$GITHUB_OUTPUT"
+
   release-cli:
-    needs: daily-version
+    needs: [daily-version, release-id]
     uses: ./.github/workflows/release-cli.yaml
     secrets: inherit
     with:
       version: ${{ needs.daily-version.outputs.version }}
+      release-id: ${{ needs.release-id.outputs.id }}
 
   release-daemon:
-    needs: daily-version
+    needs: [daily-version, release-id]
     uses: ./.github/workflows/release-daemon.yaml
     secrets: inherit
     with:
       version: ${{ needs.daily-version.outputs.version }}
+      release-id: ${{ needs.release-id.outputs.id }}
 
   push-images:
     runs-on: ubuntu-22.04
@@ -64,7 +78,7 @@ jobs:
           bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64
 
   push-deps:
-    needs: [daily-version, release-daemon]
+    needs: [daily-version, release-id, release-daemon]
     runs-on: ubuntu-latest
 
     steps:
@@ -77,12 +91,13 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
           VERSION: ${{ needs.daily-version.outputs.version }}
+          RELEASE_ID: ${{ needs.release-id.outputs.id }}
           REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           bash build/deps-manifest.sh && bash build/upload-deps.sh
 
   push-deps-arm64:
-    needs: [daily-version, release-daemon]
+    needs: [daily-version, release-id, release-daemon]
     runs-on: [self-hosted, linux, ARM64]
 
     steps:
@@ -95,6 +110,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
           VERSION: ${{ needs.daily-version.outputs.version }}
+          RELEASE_ID: ${{ needs.release-id.outputs.id }}
           REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
@@ -102,10 +118,8 @@ jobs:
 
 
   upload-package:
-    needs: [daily-version, push-images, push-images-arm64, push-deps, push-deps-arm64]
+    needs: [daily-version, release-id, push-images, push-images-arm64, push-deps, push-deps-arm64]
     runs-on: ubuntu-latest
-    outputs:
-      md5sum: ${{ steps.upload.outputs.md5sum }}
 
     steps:
       - name: 'Checkout source code'
@@ -113,7 +127,7 @@ jobs:
 
       - name: Package installer
         run: |
-          bash build/build.sh ${{ needs.daily-version.outputs.version }}
+          bash build/build.sh ${{ needs.daily-version.outputs.version }} ${{ needs.release-id.outputs.id }}
 
       - name: Upload to S3
         id: upload
@@ -125,27 +139,22 @@ jobs:
           md5sum install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz > install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt && \
           aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt --acl=public-read && \
           aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz --acl=public-read && \
-          echo "md5sum=$(awk '{print $1}' install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt)" >> "$GITHUB_OUTPUT"
+
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.${{ needs.release-id.outputs.id }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.${{ needs.release-id.outputs.id }}.tar.gz --acl=public-read
 
 
   release:
-    needs: [daily-version, upload-package]
+    needs: [daily-version, upload-package, release-cli, release-id]
     runs-on: ubuntu-latest
 
     steps:
       - name: 'Checkout source code'
         uses: actions/checkout@v3
 
-      - name: Update checksum
-        uses: eball/write-tag-to-version-file@latest
-        with:
-          filename: 'build/base-package/install.sh'
-          placeholder: '#__MD5SUM__'
-          tag: ${{ needs.upload-package.outputs.md5sum }}
-      
       - name: Package installer
         run: |
-          bash build/build.sh ${{ needs.daily-version.outputs.version }}
+          bash build/build.sh ${{ needs.daily-version.outputs.version }} ${{ needs.release-id.outputs.id }}
 
       - name: 'Archives'
         run: |

.github/workflows/release.yaml

@@ -10,18 +10,36 @@ on:
 
 jobs:
 
+  release-id:
+    runs-on: ubuntu-latest
+    outputs:
+      id: ${{ steps.generate.outputs.id }}
+    steps:
+      - name: 'Checkout source code'
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.tags }}
+      - id: generate
+        run: |
+          hash=$(git rev-parse --short=7 HEAD)
+          echo "id=$hash" >> "$GITHUB_OUTPUT"
+
   release-cli:
+    needs: [release-id]
     uses: ./.github/workflows/release-cli.yaml
     secrets: inherit
     with:
       version: ${{ github.event.inputs.tags }}
+      release-id: ${{ needs.release-id.outputs.id }}
       ref: ${{ github.event.inputs.tags }}
 
   release-daemon:
+    needs: [release-id]
     uses: ./.github/workflows/release-daemon.yaml
     secrets: inherit
     with:
       version: ${{ github.event.inputs.tags }}
+      release-id: ${{ needs.release-id.outputs.id }}
       ref: ${{ github.event.inputs.tags }}
 
   push:
@@ -59,8 +77,48 @@ jobs:
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/image-manifest.sh && bash build/upload-images.sh .manifest/images.mf linux/arm64
 
+  push-deps:
+    needs: [release-daemon, release-id]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ github.event.inputs.tags }}
+          RELEASE_ID: ${{ needs.release-id.outputs.id }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
+        run: |
+          bash build/deps-manifest.sh && bash build/upload-deps.sh
+
+  push-deps-arm64:
+    needs: [release-daemon, release-id]
+    runs-on: [self-hosted, linux, ARM64]
+
+    steps:
+      - name: "Checkout source code"
+        uses: actions/checkout@v3
+
+      # test
+      - env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: "us-east-1"
+          VERSION: ${{ github.event.inputs.tags }}
+          RELEASE_ID: ${{ needs.release-id.outputs.id }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
+        run: |
+          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
+          bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64
+
+
   upload-package:
-    needs: [push, push-arm64, release-daemon]
+    needs: [push, push-arm64, push-deps, push-deps-arm64, release-daemon, release-id]
     runs-on: ubuntu-latest
 
     steps:
@@ -71,7 +129,7 @@ jobs:
 
       - name: Package installer
         run: |
-          bash build/build.sh ${{ github.event.inputs.tags }}
+          bash build/build.sh ${{ github.event.inputs.tags }} ${{ needs.release-id.outputs.id }}
 
       - name: Upload to S3
         env: 
@@ -83,9 +141,12 @@ jobs:
           aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt --acl=public-read && \
           aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
 
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.${{ needs.release-id.outputs.id }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.${{ needs.release-id.outputs.id }}.tar.gz --acl=public-read
+
   release:
     runs-on: ubuntu-latest
-    needs: [upload-package]
+    needs: [upload-package, release-cli, release-id]
 
     steps:
       - name: 'Checkout source code'
@@ -101,7 +162,7 @@ jobs:
       - name: Get checksum
         id: vars
         run: |
-          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
+          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.${{ needs.release-id.outputs.id }}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
 
       - name: Update checksum
         uses: eball/write-tag-to-version-file@latest
@@ -112,14 +173,14 @@ jobs:
 
       - name: Package installer
         run: |
-          bash build/build.sh ${{ github.event.inputs.tags }}
+          bash build/build.sh ${{ github.event.inputs.tags }} ${{ needs.release-id.outputs.id }}
           
       - name: 'Archives'
         run: |
           cp .dist/install-wizard/install.sh build/base-package
           cp build/base-package/install.sh build/base-package/publicInstaller.sh
           cp build/base-package/install.sh build/base-package/publicInstaller.latest
-          cp .dist/install-wizard/install.ps1 build/insbase-packagetaller
+          cp .dist/install-wizard/install.ps1 build/base-package
           cp build/base-package/install.ps1 build/base-package/publicInstaller.latest.ps1
           cp .dist/install-wizard/joincluster.sh build/base-package
 
@@ -136,7 +197,7 @@ jobs:
             build/base-package/publicInstaller.latest.ps1
             build/base-package/install.ps1
             build/base-package/publicAddnode.sh
-            build/instbase-packagealler/joincluster.sh
+            build/base-package/joincluster.sh
             build/base-package/version.hint
             build/base-package/publicRestoreInstaller.sh
           prerelease: true

.gitignore

@@ -32,3 +32,9 @@ olares-cli-*.tar.gz
 cli/output
 daemon/output
 daemon/bin
+
+docs/.vitepress/dist/
+docs/.vitepress/cache/
+node_modules
+.idea/
+cli/olares-cli*

README.md

@@ -113,7 +113,7 @@ This section lists the main directories in the Olares repository:
 * **[`apps`](./apps)**: Contains the code for system applications, primarily for `larepass`.
 * **[`cli`](./cli)**: Contains the code for `olares-cli`, the command-line interface tool for Olares.
 * **[`daemon`](./daemon)**: Contains the code for `olaresd`, the system daemon process.
-* **`docs`**: Contains documentation for the project.
+* **[`docs`](./docs)**: Contains documentation for the project.
 * **[`framework`](./framework)**: Contains the Olares system services.
 * **[`infrastructure`](./infrastructure)**: Contains code related to infrastructure components such as computing, storage, networking, and GPUs.
 * **[`platform`](./platform)**: Contains code for cloud-native components like databases and message queues.

README_CN.md

@@ -115,7 +115,7 @@ Olares 代码库中的主要目录如下：
 * **[`apps`](./apps)**: 用于存放系统应用，主要是 `larepass` 的代码。
 * **[`cli`](./cli)**: 用于存放 `olares-cli`（Olares 的命令行界面工具）的代码。
 * **[`daemon`](./daemon)**: 用于存放 `olaresd`（系统守护进程）的代码。
-* **`docs`**: 用于存放 Olares 项目的文档。
+* **[`docs`**](./docs)**: 用于存放 Olares 项目的文档。
 * **[`framework`](./framework)**: 用来存放 Olares 系统服务代码。
 * **[`infrastructure`](./infrastructure)**: 用于存放计算，存储，网络，GPU 等基础设施的代码。
 * **[`platform`](./platform)**: 用于存放数据库、消息队列等云原生组件的代码。

README_JP.md

@@ -108,14 +108,13 @@ Olaresは以下のLinuxプラットフォームで動作検証を完了してい
 自分のデバイスでOlaresを始めるには、[はじめにガイド](https://docs.olares.com/manual/get-started/)に従ってステップバイステップの手順を確認してください。
 
 
-## プロジェクトナビゲーション
-
+## プロジェクトナビゲーションx
 このセクションでは、Olares リポジトリ内の主要なディレクトリをリストアップしています：
 
 * **[`apps`](./apps)**: システムアプリケーションのコードが含まれており、主に `larepass` 用です。
 * **[`cli`](./cli)**: Olares のコマンドラインインターフェースツールである `olares-cli` のコードが含まれています。
 * **[`daemon`](./daemon)**: システムデーモンプロセスである `olaresd` のコードが含まれています。
-* **`docs`**: プロジェクトのドキュメントが含まれています。
+* **[`docs`](./docs)**: プロジェクトのドキュメントが含まれています。
 * **[`framework`](./framework)**: Olares システムサービスが含まれています。
 * **[`infrastructure`](./infrastructure)**: コンピューティング、ストレージ、ネットワーキング、GPU などのインフラストラクチャコンポーネントに関連するコードが含まれています。
 * **[`platform`](./platform)**: データベースやメッセージキューなどのクラウドネイティブコンポーネントのコードが含まれています。

apps/.olares/config/user/helm-charts/studio/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

apps/.olares/config/user/helm-charts/studio/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: studio
-description: A Terminus app development tool
-maintainers:
-- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.3
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "4.9.1"

apps/.olares/config/user/helm-charts/studio/templates/deployment.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: studio-server
-  namespace: user-space-{{ .Values.bfl.username }}
-spec:
-  type: ExternalName
-  externalName: studio-server.os-framework.svc.cluster.local
-  ports:
-    - protocol: TCP
-      name: studio-server
-      port: 8080
-      targetPort: 8080

apps/.olares/config/user/helm-charts/studio/values.yaml

@@ -1,42 +0,0 @@
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  rss:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  studio:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""

apps/.olares/config/user/helm-charts/system-apps/templates/system-frontend.yaml

@@ -1,4 +1,5 @@
 {{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
+{{- $userspacenamespace := printf "%s%s" "user-space-" .Values.bfl.username -}}
 {{- $zinc_files_secret := (lookup "v1" "Secret" $namespace "zinc-files-secrets") -}}
 {{- $user_service_secret := (lookup "v1" "Secret" $namespace "user-service-secrets") -}}
 
@@ -50,7 +51,7 @@
 {{ $user_service_redis_password = randAlphaNum 16 | b64enc }}
 {{- end -}}
 
-{{- $user_service_nats_secret := (lookup "v1" "Secret" $namespace "user-service-nats-secret") -}}
+{{- $user_service_nats_secret := (lookup "v1" "Secret" $userspacenamespace "user-service-nats-secret") -}}
 {{- $nats_password := "" -}}
 {{ if $user_service_nats_secret -}}
 {{ $nats_password = (index $user_service_nats_secret "data" "nats_password") }}
@@ -165,19 +166,6 @@ spec:
 ---
 apiVersion: v1
 kind: Service
-metadata:
-  name: studio-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  selector:
-    app: system-frontend
-  ports:
-    - protocol: TCP
-      port: 8080
-      targetPort: 87
----
-apiVersion: v1
-kind: Service
 metadata:
   name: files-fe-service
   namespace: user-space-{{ .Values.bfl.username }}
@@ -246,11 +234,11 @@ metadata:
     applications.app.bytetrade.io/group: 'true'
     applications.app.bytetrade.io/author: bytetrade.io
   annotations:
-    applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png","studio":"https://file.bttcdn.com/appstore/devbox/icon.png","files":"https://file.bttcdn.com/appstore/files/icon.png","vault":"https://file.bttcdn.com/appstore/vault/icon.png","market":"https://file.bttcdn.com/appstore/appstore/icon.png"}'
-    applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","headscale":"Headscale","settings":"Settings","studio":"Studio","files":"Files","vault":"Vault","market":"Market"}'
-    applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","headscale":"0.0.1","settings":"0.0.1","studio":"0.0.1","files":"0.0.1","vault":"0.0.1","market":"0.0.1"}'
+    applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png","files":"https://file.bttcdn.com/appstore/files/icon.png","vault":"https://file.bttcdn.com/appstore/vault/icon.png","market":"https://file.bttcdn.com/appstore/appstore/icon.png"}'
+    applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","headscale":"Headscale","settings":"Settings","files":"Files","vault":"Vault","market":"Market"}'
+    applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","headscale":"0.0.1","settings":"0.0.1","files":"0.0.1","vault":"0.0.1","market":"0.0.1"}'
     applications.app.bytetrade.io/policies: '{"dashboard":{"policies":[{"entranceName":"dashboard","uriRegex":"/js/script.js", "level":"public"},{"entranceName":"dashboard","uriRegex":"/js/api/send", "level":"public"}]}}'
-    applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}],"studio":[{"name":"studio","host":"studio-svc","port":8080,"title":"Studio","openMethod":"window"}],"files":[{"name":"files", "host":"files-fe-service", "port":80,"title":"Files","windowPushState":true}],"vault":[{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true}],"market":[{"name":"appstore", "host":"appstore-fe-service", "port":80,"title":"Market","windowPushState":true}]}'
+    applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}],"files":[{"name":"files", "host":"files-fe-service", "port":80,"title":"Files","windowPushState":true}],"vault":[{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true}],"market":[{"name":"appstore", "host":"appstore-fe-service", "port":80,"title":"Market","windowPushState":true}]}'
 spec:
   replicas: 1
   selector:
@@ -345,7 +333,7 @@ spec:
             - name: PGDB
               value: user_space_{{ .Values.bfl.username }}_cloud_drive_integration
         - name: system-frontend-init
-          image: beclab/system-frontend:v1.3.102
+          image: beclab/system-frontend:v1.4.11
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -458,7 +446,7 @@ spec:
               value: os.market.{{ .Values.bfl.username}}
             - name: NATS_SUBJECT_APPLICATION
               value: os.application.{{ .Values.bfl.username}}
-            - name: NATS_SUBJECT_NOTIFICATION
+            - name: NATS_SUBJECT_USER_NOTIFICATION
               value: os.notification.{{ .Values.bfl.username}}
             - name: NATS_SUBJECT_FILES
               value: os.files.{{ .Values.bfl.username}}
@@ -467,7 +455,7 @@ spec:
             - name: NATS_SUBJECT_VAULT
               value: os.vault.{{ .Values.bfl.username}}
         - name: user-service
-          image: beclab/user-service:v0.0.21
+          image: beclab/user-service:v0.0.44
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000
@@ -525,7 +513,7 @@ spec:
               value: os.market.{{ .Values.bfl.username}}
             - name: NATS_SUBJECT_APPLICATION
               value: os.application.{{ .Values.bfl.username}}
-            - name: NATS_SUBJECT_NOTIFICATION
+            - name: NATS_SUBJECT_USER_NOTIFICATION
               value: os.notification.{{ .Values.bfl.username}}
             - name: NATS_SUBJECT_FILES
               value: os.files.{{ .Values.bfl.username}}
@@ -533,13 +521,17 @@ spec:
               value: os.knowledge.{{ .Values.bfl.username}}
             - name: NATS_SUBJECT_VAULT
               value: os.vault.{{ .Values.bfl.username}}
+            - name: NATS_SUBJECT_BACKUP
+              value: os.backup.{{ .Values.bfl.username}}
+            - name: NATS_SUBJECT_INTENT
+              value: os.intent.{{ .Values.bfl.username}}
             - name: REDIS_PASSWORD
               valueFrom:
                 secretKeyRef:
                   key: redis_password
                   name: user-service-secrets
             - name: REDIS_HOST
-              value: redis-cluster-proxy.user-system-guotest334
+              value: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
             - name: REDIS_PORT
               value: '6379'
               
@@ -1026,31 +1018,6 @@ status:
 ---
 apiVersion: sys.bytetrade.io/v1alpha1
 kind: ApplicationPermission
-metadata:
-  name: studio
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: studio
-  appid: studio
-  key: {{ .Values.os.studio.appKey }}
-  secret: {{ .Values.os.studio.appSecret }}
-  permissions:
-    - dataType: app
-      group: service.appstore
-      ops:
-        - InstallDevApp
-        - UninstallDevApp
-      version: v1
-    - dataType: legacy_api
-      group: api.intent
-      ops:
-        - POST
-      version: v2
-status:
-  state: active
----
-apiVersion: sys.bytetrade.io/v1alpha1
-kind: ApplicationPermission
 metadata:
   name: settings
   namespace: user-system-{{ .Values.bfl.username }}
@@ -1244,6 +1211,8 @@ spec:
       uri: /api/account/all
     - name: POST
       uri: /api/cookie/retrieve
+    - name: POST
+      uri: /api/cookie
 status:
   state: active
 ---
@@ -2175,5 +2144,13 @@ spec:
         permission:
           sub: allow
           pub: allow
+      - name: "backup.*"
+        permission:
+          sub: allow
+          pub: allow
+      - name: "intent.*"
+        permission:
+          sub: allow
+          pub: allow
 
     user: user-service-{{ .Values.bfl.username }}

apps/.olares/config/user/helm-charts/system-apps/values.yaml

@@ -44,5 +44,3 @@ os:
   dashboard:
     appKey: '${ks[0]}'
     appSecret: test
-kubesphere:
-  redis_password: ""

apps/.olares/config/user/helm-charts/wizard/templates/wizard_deploy.yaml

@@ -29,7 +29,7 @@ spec:
 
       containers:
       - name: wizard
-        image: beclab/wizard:v1.3.57
+        image: beclab/wizard:v1.4.3
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80

apps/.olares/config/user/helm-charts/wizard/values.yaml

@@ -34,5 +34,3 @@ os:
   appstore:
     appKey: '${ks[0]}'
     appSecret: test
-kubesphere:
-  redis_password: ""

build/base-package/install.ps1

@@ -2,6 +2,7 @@ $currentPath = Get-Location
 $architecture = $env:PROCESSOR_ARCHITECTURE
 $downloadCdnUrlFromEnv = $env:DOWNLOAD_CDN_URL
 $version = "#__VERSION__"
+$releaseID = "#__RELEASE_ID__"
 $downloadUrl = "https://dc3p1870nn3cj.cloudfront.net"
 
 function Test-Wait {
@@ -49,7 +50,11 @@ if (-Not (Test-Path $CLI_PROGRAM_PATH)) {
 }
 
 $CLI_VERSION = "$version"
-$CLI_FILE = "olares-cli-v{0}_windows_{1}.tar.gz" -f $CLI_VERSION, $arch
+if (-not [string]::IsNullOrEmpty($releaseID) -and $releaseID.Substring(0,3) -ne "#__") {
+  $CLI_FILE = "olares-cli-v{0}_windows_{1}.{2}.tar.gz" -f $CLI_VERSION, $arch, $releaseID
+} else {
+  $CLI_FILE = "olares-cli-v{0}_windows_{1}.tar.gz" -f $CLI_VERSION, $arch
+}
 $CLI_URL = "{0}/{1}" -f $downloadUrl, $CLI_FILE
 $CLI_PATH = "{0}{1}" -f $CLI_PROGRAM_PATH, $CLI_FILE
 

build/base-package/install.sh

@@ -10,7 +10,7 @@ function command_exists() {
 if [[ x"$VERSION" == x"" ]]; then
     if [[ "$LOCAL_RELEASE" == "1" ]]; then
         ts=$(date +%Y%m%d%H%M%S)
-        export VERSION="1.12.0-$ts"
+        export VERSION="1.12.1-$ts"
         echo "will build and use a local release of Olares with version: $VERSION"
         echo ""
     else
@@ -20,7 +20,7 @@ fi
 
 if [[ "x${VERSION}" == "x" || "x${VERSION:3}" == "xVERSION__" ]]; then
     echo "error: Olares version is unspecified, please set the VERSION env var and rerun this script."
-    echo "for example: VERSION=1.12.0-20241124 bash $0"
+    echo "for example: VERSION=1.12.1-20241124 bash $0"
     exit 1
 fi
 
@@ -74,9 +74,15 @@ if [ -z ${cdn_url} ]; then
     cdn_url="https://dc3p1870nn3cj.cloudfront.net"
 fi
 
-CLI_FILE="olares-cli-v${VERSION}_linux_${ARCH}.tar.gz"
+RELEASE_ID="#__RELEASE_ID__"
+if [[ $RELEASE_ID == "" || "${RELEASE_ID:3}" == "RELEASE_ID__" ]]; then
+  RELEASE_ID_SUFFIX=""
+else
+  RELEASE_ID_SUFFIX=".$RELEASE_ID"
+fi
+CLI_FILE="olares-cli-v${VERSION}_linux_${ARCH}${RELEASE_ID_SUFFIX}.tar.gz"
 if [[ x"$os_type" == x"Darwin" ]]; then
-    CLI_FILE="olares-cli-v${VERSION}_darwin_${ARCH}.tar.gz"
+    CLI_FILE="olares-cli-v${VERSION}_darwin_${ARCH}${RELEASE_ID_SUFFIX}.tar.gz"
 fi
 
 if [[ "$LOCAL_RELEASE" == "1" ]]; then
@@ -159,7 +165,10 @@ else
         fi
         echo "downloading installation wizard..."
         echo ""
-        $sh_c "$INSTALL_OLARES_CLI download wizard $PARAMS $KUBE_PARAM $CDN"
+        if [[ ! -z "$RELEASE_ID_SUFFIX" ]]; then
+            DOWNLOAD_WIZARD_RELEASE_ID_PARAM="--release-id $RELEASE_ID"
+        fi
+        $sh_c "$INSTALL_OLARES_CLI download wizard $PARAMS $KUBE_PARAM $CDN $DOWNLOAD_WIZARD_RELEASE_ID_PARAM"
         if [[ $? -ne 0 ]]; then
             echo "error: failed to download installation wizard"
             exit 1

build/base-package/joincluster.sh

@@ -149,7 +149,7 @@ export VERSION="#__VERSION__"
 
 if [[ "x${VERSION}" == "x" || "x${VERSION:3}" == "xVERSION__" ]]; then
     echo "error: Olares version is unspecified, please set the VERSION env var and rerun this script."
-    echo "for example: VERSION=1.12.0-20241124 bash $0"
+    echo "for example: VERSION=1.12.1-20241124 bash $0"
     exit 1
 fi
 
@@ -165,7 +165,13 @@ fi
 
 set_master_host_ssh_options
 
-CLI_FILE="olares-cli-v${VERSION}_linux_${ARCH}.tar.gz"
+RELEASE_ID="#__RELEASE_ID__"
+if [[ $RELEASE_ID == "" || "${RELEASE_ID:3}" == "RELEASE_ID__" ]]; then
+  RELEASE_ID_SUFFIX=""
+else
+  RELEASE_ID_SUFFIX=".$RELEASE_ID"
+fi
+CLI_FILE="olares-cli-v${VERSION}_linux_${ARCH}${RELEASE_ID_SUFFIX}.tar.gz"
 
 if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$VERSION" ]]; then
     INSTALL_OLARES_CLI=$(which olares-cli)
@@ -225,7 +231,10 @@ else
 
     echo "downloading installation wizard..."
     echo ""
-    $sh_c "$INSTALL_OLARES_CLI download wizard $PARAMS $CDN"
+    if [[ ! -z "$RELEASE_ID_SUFFIX" ]]; then
+        DOWNLOAD_WIZARD_RELEASE_ID_PARAM="--release-id $RELEASE_ID"
+    fi
+    $sh_c "$INSTALL_OLARES_CLI download wizard $PARAMS $KUBE_PARAM $CDN $DOWNLOAD_WIZARD_RELEASE_ID_PARAM"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to download installation wizard"
         exit 1

build/base-package/version.hint

@@ -1,2 +1,2 @@
 upgrade:
-  minVersion: 1.12.0-1
+  minVersion: 1.12.0-0

build/base-package/wizard/config/os-chart-template/templates/_helpers.tpl

@@ -76,7 +76,7 @@ Create the name of the service account to use
 {{- $caCertEnc = index $prevSecret "data" "ca.crt" }}
 {{- else }}
 {{- $altNames := list ( printf "%s-webhook.%s" (include "opentelemetry-operator.fullname" .) .Release.Namespace ) ( printf "%s-webhook.%s.svc" (include "opentelemetry-operator.fullname" .) .Release.Namespace ) -}}
-{{- $tmpperioddays := 3650 }}
+{{- $tmpperioddays := 36500 }}
 {{- $ca := genCA "opentelemetry-operator-operator-ca" $tmpperioddays }}
 {{- $cert := genSignedCert (include "opentelemetry-operator.fullname" .) nil $altNames $tmpperioddays $ca }}
 {{- $certCrtEnc = b64enc $cert.Cert }}

build/base-package/wizard/config/os-chart-template/values.yaml

@@ -1,5 +1,3 @@
-kubesphere:
-  redis_password: ""
 backup:
   bucket: "${BACKUP_CLUSTER_BUCKET}"
   key_prefix: "${BACKUP_KEY_PREFIX}"

build/base-package/wizard/config/settings/templates/terminus_cr.yaml

@@ -1,12 +1,14 @@
 # chart-testing: ignore-file
 
 {{ $cluster_id := randAlphaNum 16 }}
+{{ $version := "#__VERSION__" }}
 {{ if .Values.cluster_id }}
 {{ $cluster_id = .Values.cluster_id }}
 {{ end }}
-{{ $cr := (lookup "sys.bytetrade.io/v1alpha1" "terminus.sys.bytetrade.io" "" "terminus") }}
+{{ $cr := (lookup "sys.bytetrade.io/v1alpha1" "Terminus" "" "terminus") }}
 {{ if $cr }}
 {{ $cluster_id = (index $cr "metadata" "labels" "bytetrade.io/cluster-id") }}
+{{ $version = (index $cr "spec" "version") }}
 {{ end }}
 
 ---
@@ -22,7 +24,7 @@ metadata:
     bytetrade.io/s3-sk: '{{ .Values.s3_sk }}'
 spec:
   name: terminus-1
-  version: #__VERSION__
+  version: {{ .Values.version | default $version }}
   display: Terminus One
   releaseServer:
     serverType: github

build/build-manifest.py

@@ -9,6 +9,21 @@ import json
 
 CDN_URL = "https://dc3p1870nn3cj.cloudfront.net"
 
+def get_file_size(objectid, fileid):
+    url = f"{CDN_URL}/{objectid}"
+    try:
+        response = requests.head(url)
+        response.raise_for_status()
+        content_length = response.headers.get('Content-Length')
+        if content_length:
+            return int(content_length)
+        else:
+            print(f"Content-Length header missing for {fileid} from {url}", file=sys.stderr)
+            sys.exit(1)
+    except requests.RequestException as e:
+        print(f"Error getting file size for {fileid} from {url}: {e}", file=sys.stderr)
+        sys.exit(1)
+
 def download_checksum(name):
     """Downloads the checksum for a given name."""
     url = f"{CDN_URL}/{name}.checksum.txt"
@@ -39,6 +54,7 @@ def main():
 
     manifest_file = args.manifest_file
     version = os.environ.get("VERSION", "")
+    release_id = os.environ.get("RELEASE_ID", "")
     repo_path = os.environ.get("REPO_PATH", "/")
     manifest_amd64_data = {}
     manifest_arm64_data = {}
@@ -55,6 +71,9 @@ def main():
                 if version:
                     line = line.replace("#__VERSION__", version)
 
+                if release_id:
+                    line = line.replace("#__RELEASE_ID_SUFFIX__", "."+release_id)
+
                 # Replace repo path
                 if repo_path:
                     line = line.replace("#__REPO_PATH__", repo_path)
@@ -74,13 +93,17 @@ def main():
                 checksum_amd64 = download_checksum(url_amd64)
                 checksum_arm64 = download_checksum(url_arm64)
 
+                file_size_amd64 = get_file_size(url_amd64, fileid)
+                file_size_arm64 = get_file_size(url_arm64, fileid)
+
                 manifest_amd64_data[filename] = {
                     "type": "component",
                     "path": path,
                     "deps": deps,
                     "url_amd64": url_amd64,
                     "checksum_amd64": checksum_amd64,
-                    "fileid": fileid
+                    "fileid": fileid,
+                    "size": file_size_amd64,
                 }
 
 
@@ -90,7 +113,8 @@ def main():
                     "deps": deps,
                     "url_arm64": url_arm64,
                     "checksum_arm64": checksum_arm64,
-                    "fileid": fileid
+                    "fileid": fileid,
+                    "size": file_size_arm64,
                 }
 
     except FileNotFoundError:
@@ -115,6 +139,9 @@ def main():
                     checksum_amd64 = download_checksum(name)
                     checksum_arm64 = download_checksum(f"arm64/{name}")
 
+                    file_size_amd64 = get_file_size(url_amd64, line)
+                    file_size_arm64 = get_file_size(url_arm64, line)
+
                     # Get the image manifest
                     image_manifest_amd64 = get_image_manifest(name)
                     image_manifest_arm64 = get_image_manifest(f"arm64/{name}")
@@ -127,6 +154,7 @@ def main():
                         "url_amd64": url_amd64,
                         "checksum_amd64": checksum_amd64,
                         "fileid": line,
+                        "size": file_size_amd64,
                         "manifest": image_manifest_amd64
                     }
 
@@ -137,6 +165,7 @@ def main():
                         "url_arm64": url_arm64,
                         "checksum_arm64": checksum_arm64,
                         "fileid": line,
+                        "size": file_size_arm64,
                         "manifest": image_manifest_arm64
                     }
                     

build/build-manifest.sh

@@ -46,6 +46,13 @@ while read line; do
 done < components
 sed -i "s/#__VERSION__/${VERSION}/g" $manifest_file
 
+if [[ ! -z "$RELEASE_ID" ]]; then
+    RELEASE_ID_SUFFIX=".$RELEASE_ID"
+else
+    RELEASE_ID_SUFFIX=""
+fi
+sed -i "s/#__RELEASE_ID_SUFFIX__/${RELEASE_ID_SUFFIX}/g" $manifest_file
+
 path="${REPO_PATH:-/}"
 sed -i "s|#__REPO_PATH__|${path}|g" $manifest_file
 

build/build.sh

@@ -4,6 +4,23 @@ BASE_DIR=$(dirname $(realpath -s $0))
 rm -rf ${BASE_DIR}/../.dist
 DIST_PATH="${BASE_DIR}/../.dist/install-wizard" 
 export VERSION=$1
+export RELEASE_ID=$2
+
+
+# vendor replace
+if [[ "${REPO_PATH}" != "" && "$REPO_PATH" != "/" ]]; then
+    path="vendor${REPO_PATH}"
+    echo "replace vendor path: ${path}"
+    find ${BASE_DIR}/../$path -type f | while read l; 
+    do 
+        file=$(awk -F "$path" '{print $1$2}' <<< "$l")  
+        if [[ "$file" != ".gitkeep" ]]; then
+            echo "replace [$file] with [$l]"
+            cp -f "$l" "$file"
+        fi
+    done
+fi
+
 
 DIST_PATH=${DIST_PATH} bash ${BASE_DIR}/package.sh
 
@@ -43,6 +60,11 @@ else
     VERSION="debug"
 fi
 
+if [ ! -z $RELEASE_ID ]; then
+    sh -c "$SED 's/#__RELEASE_ID__/${RELEASE_ID}/' install.sh"
+    sh -c "$SED 's/#__RELEASE_ID__/${RELEASE_ID}/' install.ps1"
+    sh -c "$SED 's/#__RELEASE_ID__/${RELEASE_ID}/' joincluster.sh"
+fi
 
 $TAR --exclude=wizard/tools --exclude=.git -zcvf ${BASE_DIR}/../install-wizard-${VERSION}.tar.gz .
 

build/deps-manifest.sh

@@ -20,6 +20,21 @@ function get_key(){
     fi
 }
 
+# vendor replace
+if [[ "${REPO_PATH}" != "" && "$REPO_PATH" != "/" ]]; then
+    path="vendor${REPO_PATH}"
+    echo "replace vendor path: ${path}"
+    find ${BASE_DIR}/../$path -type f | while read l; 
+    do 
+        file=$(awk -F "$path" '{print $1$2}' <<< "$l")  
+        if [[ "$file" != ".gitkeep" ]]; then
+            echo "replace [$file] with [$l]"
+            cp -f "$l" "$file"
+        fi
+    done
+fi
+
+
 find $BASE_DIR/../ -type f -name Olares.yaml | while read f; do
   echo "Processing $f"
   declare -a bins
@@ -77,5 +92,13 @@ find $BASE_DIR/../ -type f -name Olares.yaml | while read f; do
 done
 
 sed -i "s/#__VERSION__/${VERSION}/g" ${manifest}
+
+if [[ ! -z "$RELEASE_ID" ]]; then
+    RELEASE_ID_SUFFIX=".$RELEASE_ID"
+else
+    RELEASE_ID_SUFFIX=""
+fi
+sed -i "s/#__RELEASE_ID_SUFFIX__/${RELEASE_ID_SUFFIX}/g" ${manifest}
+
 path="${REPO_PATH:-/}"
 sed -i "s|#__REPO_PATH__|${path}|g" ${manifest}

build/upload-images.sh

@@ -17,8 +17,7 @@ cat $1|while read image; do
         code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$name.tar.gz)
         if [ $code -eq 403 ]; then
             set -ex
-            docker pull $image
-            docker save $image -o $name.tar
+            skopeo copy --insecure-policy docker://$image oci-archive:$name.tar
             gzip $name.tar
 
             md5sum $name.tar.gz > $checksum
@@ -51,8 +50,7 @@ cat $1|while read image; do
         code=$(curl -o /dev/null -fsSLI -w "%{http_code}" https://dc3p1870nn3cj.cloudfront.net/$path$checksum)
         if [ $code -eq 403 ]; then
             set -ex
-            docker pull $image
-            docker save $image -o $name.tar
+            skopeo copy --insecure-policy docker://$image oci-archive:$name.tar
             gzip $name.tar
 
             md5sum $name.tar.gz > $checksum

cli/.goreleaser.yaml

@@ -27,10 +27,25 @@ builds:
       - -s
       - -w
       - -X github.com/beclab/Olares/cli/version.VERSION={{ .Version }}
+      - >-
+        {{- if index .Env "OLARES_VENDOR_TYPE" }}
+        -X github.com/beclab/Olares/cli/version.VENDOR={{ .Env.OLARES_VENDOR_TYPE }}
+        {{- end }}
+      - >-
+        {{- if index .Env "OLARES_VENDOR_REPO_PATH" }}
+        -X github.com/beclab/Olares/cli/version.VENDOR_REPO_PATH={{ .Env.OLARES_VENDOR_REPO_PATH }}
+        {{- end }}
 dist: ./output
 archives:
-  - id: olares-cli
+  - id: without-release-id
     name_template: "{{ .ProjectName }}-v{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+  - id: with-release-id
+    name_template: >-
+                   {{- if index .Env "OLARES_RELEASE_ID" }}
+                   {{- .ProjectName }}-v{{ .Version }}_{{ .Os }}_{{ .Arch }}.{{ .Env.OLARES_RELEASE_ID }}
+                   {{- else }}
+                   {{- .ProjectName }}-v{{ .Version }}_{{ .Os }}_{{ .Arch }}.no-release-id
+                   {{- end }}
 checksum:
   name_template: "checksums.txt"
 release:

cli/cmd/ctl/options/download_options.go

@@ -10,6 +10,8 @@ type CliDownloadWizardOptions struct {
 	KubeType       string
 	BaseDir        string
 	DownloadCdnUrl string
+	ReleaseID      string
+	UrlOverride    string
 }
 
 func NewCliDownloadWizardOptions() *CliDownloadWizardOptions {
@@ -21,6 +23,8 @@ func (o *CliDownloadWizardOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVarP(&o.BaseDir, "base-dir", "b", "", "Set Olares package base dir, defaults to $HOME/"+cc.DefaultBaseDir)
 	cmd.Flags().StringVar(&o.KubeType, "kube", "k3s", "Set kube type, e.g., k3s or k8s")
 	cmd.Flags().StringVar(&o.DownloadCdnUrl, "download-cdn-url", "", "Set the CDN accelerated download address in the format https://example.cdn.com. If not set, the default download address will be used")
+	cmd.Flags().StringVar(&o.UrlOverride, "url-override", "", "Set another URL for wizard download explicitly")
+	cmd.Flags().StringVar(&o.ReleaseID, "release-id", "", "Set the specific release id of the release version")
 }
 
 type CliDownloadOptions struct {

cli/cmd/ctl/os/logs.go

@@ -5,16 +5,19 @@ import (
 	"compress/gzip"
 	"fmt"
 	"io"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
 	"log"
+	"net"
 	"os"
 	"os/exec"
 	"path/filepath"
+	ctrl "sigs.k8s.io/controller-runtime"
 	"strings"
 	"time"
 
 	"github.com/beclab/Olares/cli/pkg/common"
 	"github.com/beclab/Olares/cli/pkg/core/util"
-
 	"github.com/spf13/cobra"
 )
 
@@ -30,14 +33,57 @@ type LogCollectOptions struct {
 	Components []string
 	// Whether to ignore errors from kubectl commands
 	IgnoreKubeErrors bool
+	// Skip retrieving logs from kube-apiserver
+	SkipKubeAPISserver bool
 }
 
 var servicesToCollectLogs = []string{"k3s", "containerd", "olaresd", "kubelet", "juicefs", "redis", "minio", "etcd", "NetworkManager"}
 
+// setSkipIfK8sNotReachable checks if the Kubernetes API server port is reachable
+// and automatically sets skip-kube-apiserver to true if not reachable
+func setSkipIfK8sNotReachable(options *LogCollectOptions) {
+	// if the env is not set explicitly by user
+	// fallback to k3s config path as it's a non-standard path
+	if os.Getenv(clientcmd.RecommendedConfigPathEnvVar) == "" {
+		os.Setenv(clientcmd.RecommendedConfigPathEnvVar, "/etc/rancher/k3s/k3s.yaml")
+	}
+	config, err := ctrl.GetConfig()
+	if err != nil {
+		fmt.Printf("Warning: failed to get kubeconfig: %v\n", err)
+		fmt.Println("Automatically setting skip-kube-apiserver option")
+		options.SkipKubeAPISserver = true
+		return
+	}
+	url, _, err := rest.DefaultServerUrlFor(config)
+	if err != nil {
+		fmt.Printf("Warning: failed to parse server url in kubeconfig: %v\n", err)
+		fmt.Println("Automatically setting skip-kube-apiserver option")
+		options.SkipKubeAPISserver = true
+		return
+	}
+	timeout := config.Timeout
+	if timeout == 0 {
+		timeout = 5 * time.Second
+	}
+	conn, err := net.DialTimeout("tcp", url.Host, timeout)
+	if err != nil {
+		fmt.Printf("Warning: Kubernetes API server at %s is not reachable: %v\n", config.Host, err)
+		fmt.Println("Automatically setting skip-kube-apiserver option")
+		options.SkipKubeAPISserver = true
+		return
+	}
+	conn.Close()
+}
+
 func collectLogs(options *LogCollectOptions) error {
 	if os.Getuid() != 0 {
 		return fmt.Errorf("os: please run as root")
 	}
+
+	if !options.SkipKubeAPISserver {
+		setSkipIfK8sNotReachable(options)
+	}
+
 	if err := os.MkdirAll(options.OutputDir, 0755); err != nil {
 		return fmt.Errorf("failed to create output directory: %v", err)
 	}
@@ -296,13 +342,21 @@ func collectKubernetesLogs(tw *tar.Writer, options *LogCollectOptions) error {
 		}
 	}
 
+	if options.SkipKubeAPISserver {
+		return nil
+	}
+
 	if _, err := util.GetCommand("kubectl"); err != nil {
 		fmt.Printf("warning: kubectl not found, skipping collecting cluster info from kube-apiserver\n")
 		return nil
 	}
 
-	cmd := exec.Command("kubectl", "get", "pods", "--all-namespaces", "-o", "wide")
-	output, err := tryKubectlCommand(cmd, "get pods", options)
+	var cmd *exec.Cmd
+	var output []byte
+	var err error
+
+	cmd = exec.Command("kubectl", "get", "pods", "--all-namespaces", "-o", "wide")
+	output, err = tryKubectlCommand(cmd, "get pods", options)
 	if err != nil && !options.IgnoreKubeErrors {
 		return err
 	}
@@ -517,7 +571,8 @@ func NewCmdLogs() *cobra.Command {
 	cmd.Flags().IntVar(&options.MaxLines, "max-lines", options.MaxLines, "Maximum number of lines to collect per log source, to limit the log file size")
 	cmd.Flags().StringVar(&options.OutputDir, "output-dir", options.OutputDir, "Directory to store collected logs, will be created if not existing")
 	cmd.Flags().StringSliceVar(&options.Components, "components", nil, "Specific components (systemd service) to collect logs from (comma-separated). If empty, collects from all Olares-related components that can be found")
-	cmd.Flags().BoolVar(&options.IgnoreKubeErrors, "ignore-kube-errors", options.IgnoreKubeErrors, "Continue collecting logs even if kubectl commands fail, e.g., when kube-apiserver is not reachable")
+	cmd.Flags().BoolVar(&options.IgnoreKubeErrors, "ignore-kube-errors", options.IgnoreKubeErrors, "Continue collecting logs even if kubectl commands fail")
+	cmd.Flags().BoolVar(&options.SkipKubeAPISserver, "skip-kube-apiserver", options.SkipKubeAPISserver, "Skip retrieving logs from kube-apiserver, it's automatically set if apiserver is not reachable. To tolerate other cases, set the ignore-kube-errors")
 
 	return cmd
 }

cli/cmd/ctl/os/release.go

@@ -49,7 +49,7 @@ func NewCmdRelease() *cobra.Command {
 			}
 
 			if version == "" {
-				version = fmt.Sprintf("1.12.0-%s", time.Now().Format("20060102150405"))
+				version = fmt.Sprintf("1.12.1-%s", time.Now().Format("20060102150405"))
 				fmt.Printf("--version unspecified, using: %s\n", version)
 				time.Sleep(1 * time.Second)
 			}

cli/cmd/ctl/os/root.go

@@ -1,15 +1,10 @@
 package os
 
 import (
-	"os/exec"
-
 	"github.com/spf13/cobra"
 )
 
 func NewOSCommands() []*cobra.Command {
-	_ = exec.Command("/bin/bash", "-c", "ulimit -u 65535").Run()
-	_ = exec.Command("/bin/bash", "-c", "ulimit -n 65535").Run()
-
 	return []*cobra.Command{
 		NewCmdPrecheck(),
 		NewCmdRootDownload(),

cli/cmd/ctl/os/upgrade.go

@@ -1,11 +1,17 @@
 package os
 
 import (
-	"log"
-
+	"encoding/json"
+	"fmt"
+	"github.com/Masterminds/semver/v3"
 	"github.com/beclab/Olares/cli/cmd/ctl/options"
+	"github.com/beclab/Olares/cli/pkg/phase"
 	"github.com/beclab/Olares/cli/pkg/pipelines"
+	"github.com/beclab/Olares/cli/pkg/upgrade"
+	"github.com/beclab/Olares/cli/version"
 	"github.com/spf13/cobra"
+	"log"
+	"os"
 )
 
 type UpgradeOsOptions struct {
@@ -30,10 +36,64 @@ func NewCmdUpgradeOs() *cobra.Command {
 		},
 	}
 	o.UpgradeOptions.AddFlags(cmd)
+	cmd.AddCommand(NewCmdCurrentVersionUpgradeSpec())
+	cmd.AddCommand(NewCmdUpgradeViable())
 	cmd.AddCommand(NewCmdUpgradePrecheck())
 	return cmd
 }
 
+func NewCmdCurrentVersionUpgradeSpec() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:     "spec",
+		Aliases: []string{"current-spec"},
+		Short:   fmt.Sprintf("Get the upgrade spec of the current olares-cli version (%s)", version.VERSION),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			spec, err := upgrade.CurrentVersionSpec()
+			if err != nil {
+				return err
+			}
+			jsonOutput, _ := json.MarshalIndent(spec, "", "  ")
+			fmt.Println(string(jsonOutput))
+			return nil
+		},
+	}
+	return cmd
+}
+
+func NewCmdUpgradeViable() *cobra.Command {
+	var baseVersionStr string
+	cmd := &cobra.Command{
+		Use:   "viable",
+		Short: fmt.Sprintf("Determine whether upgrade can be directly performed upon the base version (to %s)", version.VERSION),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if baseVersionStr == "" {
+				var err error
+				baseVersionStr, err = phase.GetOlaresVersion()
+				if err != nil {
+					return err
+				}
+			}
+			baseVersion, err := semver.NewVersion(baseVersionStr)
+			if err != nil {
+				return fmt.Errorf("invalid base version '%s': %v", baseVersionStr, err)
+			}
+			cliVersion, err := semver.NewVersion(version.VERSION)
+			if err != nil {
+				return fmt.Errorf("invalid cli version '%s': %v", version.VERSION, err)
+			}
+			err = upgrade.Check(baseVersion, cliVersion)
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			fmt.Printf("upgrade from %s to %s is viable\n", baseVersion, cliVersion)
+			return nil
+		},
+	}
+	cmd.Flags().StringVarP(&baseVersionStr, "base", "b", "", "base version, defaults to the current Olares system's version")
+	return cmd
+}
+
 func NewCmdUpgradePrecheck() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "precheck",

cli/cmd/ctl/osinfo/main.go

@@ -3,6 +3,7 @@ package osinfo
 import (
 	"fmt"
 
+	"github.com/beclab/Olares/cli/pkg/common"
 	"github.com/beclab/Olares/cli/pkg/core/connector"
 	"github.com/spf13/cobra"
 )
@@ -14,6 +15,7 @@ func NewCmdInfo() *cobra.Command {
 		Long:  "help for printing info",
 	}
 	infoCmd.AddCommand(showInfoCommand())
+	infoCmd.AddCommand(showAllCommand())
 
 	return infoCmd
 }
@@ -37,3 +39,17 @@ OS_INFO=%s
 	}
 	return cmd
 }
+
+func showAllCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "showall",
+		Short: "Print full os information",
+		Long:  "help for printing os info",
+		Run: func(cmd *cobra.Command, args []string) {
+			arg := common.NewArgument()
+
+			arg.SystemInfo.Print()
+		},
+	}
+	return cmd
+}

cli/cmd/ctl/root.go

@@ -5,22 +5,34 @@ import (
 	"github.com/beclab/Olares/cli/cmd/ctl/node"
 	"github.com/beclab/Olares/cli/cmd/ctl/os"
 	"github.com/beclab/Olares/cli/cmd/ctl/osinfo"
+	"github.com/beclab/Olares/cli/cmd/ctl/user"
 	"github.com/beclab/Olares/cli/version"
 	"github.com/spf13/cobra"
 )
 
 func NewDefaultCommand() *cobra.Command {
+	var showVendor bool
 	cmds := &cobra.Command{
 		Use:               "olares-cli",
 		Short:             "Olares Installer",
 		CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true},
 		Version:           version.VERSION,
+		Run: func(cmd *cobra.Command, args []string) {
+			if showVendor {
+				println(version.VENDOR)
+			} else {
+				cmd.Usage()
+			}
+			return
+		},
 	}
+	cmds.Flags().BoolVar(&showVendor, "vendor", false, "show the vendor type of olares-cli")
 
 	cmds.AddCommand(osinfo.NewCmdInfo())
 	cmds.AddCommand(os.NewOSCommands()...)
 	cmds.AddCommand(node.NewNodeCommand())
 	cmds.AddCommand(gpu.NewCmdGpu())
+	cmds.AddCommand(user.NewUserCommand())
 
 	return cmds
 }

cli/cmd/ctl/user/create.go

@@ -0,0 +1,192 @@
+package user
+
+import (
+	"bytetrade.io/web3os/app-service/api/sys.bytetrade.io/v1alpha1"
+	"context"
+	"fmt"
+	"github.com/beclab/Olares/cli/pkg/utils"
+	"github.com/pkg/errors"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/validation"
+	"log"
+	"strings"
+
+	iamv1alpha2 "github.com/beclab/api/iam/v1alpha2"
+	"github.com/spf13/cobra"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type createUserOptions struct {
+	name        string
+	displayName string
+	domain      string
+	role        string
+	resourceLimit
+	password    string
+	description string
+	kubeConfig  string
+}
+
+func NewCmdCreateUser() *cobra.Command {
+	o := &createUserOptions{}
+	cmd := &cobra.Command{
+		Use:     "create {name}",
+		Aliases: []string{"add", "new"},
+		Short:   "create a new user",
+		Args:    cobra.ExactArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			o.name = args[0]
+			if err := o.Validate(); err != nil {
+				log.Fatal(err)
+			}
+			if err := o.Run(); err != nil {
+				log.Fatal(err)
+			}
+		},
+	}
+	o.AddFlags(cmd)
+	return cmd
+}
+
+func (o *createUserOptions) AddFlags(cmd *cobra.Command) {
+	cmd.Flags().StringVar(&o.displayName, "display-name", "", "display name (optional)")
+	cmd.Flags().StringVar(&o.domain, "domain", "", "domain (optional, defaults to the Olares system's domain)")
+	cmd.Flags().StringVarP(&o.role, "role", "r", "normal", "owner role (optional, one of owner, admin, normal)")
+	cmd.Flags().StringVarP(&o.memoryLimit, "memory-limit", "m", defaultMemoryLimit, "memory limit (optional)")
+	cmd.Flags().StringVarP(&o.cpuLimit, "cpu-limit", "c", defaultCPULimit, "cpu limit (optional)")
+	cmd.Flags().StringVarP(&o.password, "password", "p", "", "initial password (optional)")
+	cmd.Flags().StringVar(&o.description, "description", "", "user description (optional)")
+	cmd.Flags().StringVar(&o.kubeConfig, "kubeconfig", "", "path to kubeconfig file (optional)")
+}
+
+func (o *createUserOptions) Validate() error {
+	if o.name == "" {
+		return fmt.Errorf("name is required")
+	}
+
+	if errs := validation.IsDNS1123Subdomain(o.name); len(errs) > 0 {
+		return fmt.Errorf("invalid name: %s", strings.Join(errs, ","))
+	}
+
+	if o.domain != "" {
+		if errs := validation.IsDNS1123Subdomain(o.domain); len(errs) > 0 {
+			return fmt.Errorf("invalid domain: %s", strings.Join(errs, ","))
+		}
+		if len(strings.Split(o.domain, ".")) < 2 {
+			return errors.New("invalid domain: should be a domain with at least two segments separated by dots")
+		}
+		for _, label := range strings.Split(o.domain, ".") {
+			if errs := validation.IsDNS1123Label(label); len(errs) > 0 {
+				return fmt.Errorf("invalid domain: %s", strings.Join(errs, ","))
+			}
+		}
+	}
+
+	if o.role != "" {
+		if o.role != roleOwner && o.role != roleAdmin && o.role != roleNormal {
+			return fmt.Errorf("invalid role: should be one of owner, admin, or normal")
+		}
+	}
+
+	if err := validateResourceLimit(o.resourceLimit); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (o *createUserOptions) Run() error {
+	ctx := context.Background()
+	userClient, err := newUserClientFromKubeConfig(o.kubeConfig)
+	if err != nil {
+		return err
+	}
+
+	if o.memoryLimit == "" {
+		o.memoryLimit = defaultMemoryLimit
+	}
+
+	if o.cpuLimit == "" {
+		o.cpuLimit = defaultCPULimit
+	}
+
+	if o.domain == "" {
+		var system v1alpha1.Terminus
+		err := userClient.Get(ctx, types.NamespacedName{Name: systemObjectName}, &system)
+		if err != nil {
+			return fmt.Errorf("failed to get system info: %v", err)
+		}
+		o.domain = system.Spec.Settings[systemObjectDomainKey]
+	}
+
+	var userList iamv1alpha2.UserList
+	err = userClient.List(ctx, &userList)
+	if err != nil {
+		return fmt.Errorf("failed to list users to set creator: %w", err)
+	}
+	var owners []iamv1alpha2.User
+	for _, user := range userList.Items {
+		if role, ok := user.Annotations[annotationKeyRole]; ok && role == roleOwner {
+			owners = append(owners, user)
+		}
+	}
+	if len(owners) > 1 {
+		fmt.Printf("Warning: multiple owners found\n")
+	}
+	if o.role == roleOwner && len(owners) > 0 {
+		return fmt.Errorf("an owner '%s' already exists", owners[0].Name)
+	}
+
+	if o.password == "" {
+		password, passwordEncrypted, err := utils.GenerateEncryptedPassword(8)
+		if err != nil {
+			return fmt.Errorf("error generating password: %v", err)
+		}
+		log.Println("generated initial password:", password)
+		o.password = passwordEncrypted
+	} else {
+		o.password = utils.MD5(o.password + "@Olares2025")
+	}
+
+	olaresName := fmt.Sprintf("%s@%s", o.name, o.domain)
+
+	user := &iamv1alpha2.User{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: iamv1alpha2.SchemeGroupVersion.String(),
+			Kind:       iamv1alpha2.ResourceKindUser,
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: o.name,
+			Annotations: map[string]string{
+				"bytetrade.io/creator":               creatorCLI,
+				annotationKeyRole:                    o.role,
+				"bytetrade.io/is-ephemeral":          "true",
+				"bytetrade.io/terminus-name":         olaresName,
+				"bytetrade.io/launcher-auth-policy":  "two_factor",
+				"bytetrade.io/launcher-access-level": "1",
+				annotationKeyMemoryLimit:             o.memoryLimit,
+				annotationKeyCPULimit:                o.cpuLimit,
+				"iam.kubesphere.io/sync-to-lldap":    "true",
+				"iam.kubesphere.io/synced-to-lldap":  "false",
+			},
+		},
+		Spec: iamv1alpha2.UserSpec{
+			DisplayName:     o.displayName,
+			Email:           olaresName,
+			InitialPassword: o.password,
+			Description:     o.description,
+		},
+	}
+
+	if o.role == roleOwner || o.role == roleAdmin {
+		user.Spec.Groups = append(user.Spec.Groups, lldapGroupAdmin)
+	}
+
+	err = userClient.Create(ctx, user)
+	if err != nil {
+		return fmt.Errorf("failed to create user: %w", err)
+	}
+
+	fmt.Printf("User '%s' created successfully\n", o.name)
+	return nil
+}

cli/cmd/ctl/user/delete.go

@@ -0,0 +1,81 @@
+package user
+
+import (
+	"context"
+	"fmt"
+	iamv1alpha2 "github.com/beclab/api/iam/v1alpha2"
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/types"
+	"log"
+)
+
+type deleteUserOptions struct {
+	name       string
+	kubeConfig string
+}
+
+func NewCmdDeleteUser() *cobra.Command {
+	o := &deleteUserOptions{}
+	cmd := &cobra.Command{
+		Use:     "delete {name}",
+		Short:   "delete an existing user",
+		Aliases: []string{"d", "del", "rm", "remove"},
+		Args:    cobra.ExactArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			o.name = args[0]
+			if err := o.Validate(); err != nil {
+				log.Fatal(err)
+			}
+			if err := o.Run(); err != nil {
+				log.Fatal(err)
+			}
+		},
+	}
+	o.AddFlags(cmd)
+	return cmd
+}
+
+func (o *deleteUserOptions) AddFlags(cmd *cobra.Command) {
+	cmd.Flags().StringVar(&o.kubeConfig, "kubeconfig", "", "path to kubeconfig file")
+}
+
+func (o *deleteUserOptions) Validate() error {
+	if o.name == "" {
+		return fmt.Errorf("name is required")
+	}
+	return nil
+}
+
+func (o *deleteUserOptions) Run() error {
+	ctx := context.Background()
+	userClient, err := newUserClientFromKubeConfig(o.kubeConfig)
+	if err != nil {
+		return err
+	}
+
+	var user iamv1alpha2.User
+	err = userClient.Get(ctx, types.NamespacedName{Name: o.name}, &user)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return fmt.Errorf("user '%s' not found", o.name)
+		}
+		return fmt.Errorf("failed to get user: %w", err)
+	}
+
+	if user.Status.State == "Creating" {
+		return fmt.Errorf("user '%s' is under creation", o.name)
+	}
+
+	if role, ok := user.Annotations[annotationKeyRole]; ok && role == roleOwner {
+		return fmt.Errorf("cannot delete user '%s' with role '%s' ", o.name, role)
+	}
+
+	err = userClient.Delete(ctx, &user)
+	if err != nil && !errors.IsNotFound(err) {
+		return fmt.Errorf("failed to delete user: %w", err)
+	}
+
+	fmt.Printf("User '%s' deleted successfully\n", o.name)
+	return nil
+}

cli/cmd/ctl/user/get.go

@@ -0,0 +1,84 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	iamv1alpha2 "github.com/beclab/api/iam/v1alpha2"
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/types"
+	"log"
+)
+
+type getUserOptions struct {
+	name       string
+	kubeConfig string
+	output     string
+	noHeaders  bool
+}
+
+func NewCmdGetUser() *cobra.Command {
+	o := &getUserOptions{}
+	cmd := &cobra.Command{
+		Use:   "get {name}",
+		Short: "get user details",
+		Args:  cobra.ExactArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			o.name = args[0]
+			if err := o.Validate(); err != nil {
+				log.Fatal(err)
+			}
+			if err := o.Run(); err != nil {
+				log.Fatal(err)
+			}
+		},
+	}
+	o.AddFlags(cmd)
+	return cmd
+}
+
+func (o *getUserOptions) AddFlags(cmd *cobra.Command) {
+	cmd.Flags().StringVar(&o.kubeConfig, "kubeconfig", "", "path to kubeconfig file")
+	cmd.Flags().StringVarP(&o.output, "output", "o", "table", "output format (table, json)")
+	cmd.Flags().BoolVar(&o.noHeaders, "no-headers", false, "disable headers")
+}
+
+func (o *getUserOptions) Validate() error {
+	if o.name == "" {
+		return fmt.Errorf("name is required")
+	}
+	return nil
+}
+
+func (o *getUserOptions) Run() error {
+	ctx := context.Background()
+
+	userClient, err := newUserClientFromKubeConfig(o.kubeConfig)
+	if err != nil {
+		return err
+	}
+
+	var user iamv1alpha2.User
+	err = userClient.Get(ctx, types.NamespacedName{Name: o.name}, &user)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return fmt.Errorf("user '%s' not found", o.name)
+		}
+		return fmt.Errorf("failed to get user: %w", err)
+	}
+
+	info := convertUserObjectToUserInfo(user)
+
+	if o.output == "json" {
+		jsonOutput, _ := json.MarshalIndent(info, "", "  ")
+		fmt.Println(string(jsonOutput))
+	} else {
+		if !o.noHeaders {
+			printUserTableHeaders()
+		}
+		printUserTableRow(info)
+	}
+
+	return nil
+}

cli/cmd/ctl/user/list.go

@@ -0,0 +1,182 @@
+package user
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	iamv1alpha2 "github.com/beclab/api/iam/v1alpha2"
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/api/resource"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"log"
+	"slices"
+	"sort"
+	"strings"
+)
+
+var sortFuncs = map[string]func(users []iamv1alpha2.User, i, j int) bool{
+	"name": func(users []iamv1alpha2.User, i, j int) bool {
+		return strings.Compare(users[i].Name, users[j].Name) == -1
+	},
+	"role": func(users []iamv1alpha2.User, i, j int) bool {
+		return strings.Compare(users[i].Annotations[annotationKeyRole], users[j].Annotations[annotationKeyRole]) == -1
+	},
+	"create-time": func(users []iamv1alpha2.User, i, j int) bool {
+		return users[i].CreationTimestamp.Before(&users[j].CreationTimestamp)
+	},
+	"memory": func(users []iamv1alpha2.User, i, j int) bool {
+		iMemoryStr, ok := users[i].Annotations[annotationKeyMemoryLimit]
+		if !ok || iMemoryStr == "" {
+			return false
+		}
+		jMemoryStr, ok := users[j].Annotations[annotationKeyMemoryLimit]
+		if !ok || jMemoryStr == "" {
+			return true
+		}
+		iMemory, err := resource.ParseQuantity(iMemoryStr)
+		if err != nil {
+			fmt.Printf("Warning: invalid memory limit '%s' is set on user '%s'\n", iMemoryStr, users[i].Name)
+			return false
+		}
+		jMemory, err := resource.ParseQuantity(jMemoryStr)
+		if err != nil {
+			fmt.Printf("Warning: invalid memory limit '%s' is set on user '%s'\n", jMemoryStr, users[j].Name)
+			return true
+		}
+		return iMemory.Cmp(jMemory) == -1
+	},
+	"cpu": func(users []iamv1alpha2.User, i, j int) bool {
+		iCPUStr, ok := users[i].Annotations[annotationKeyCPULimit]
+		if !ok || iCPUStr == "" {
+			return false
+		}
+		jCPUStr, ok := users[j].Annotations[annotationKeyCPULimit]
+		if !ok || jCPUStr == "" {
+			return true
+		}
+		iCPU, err := resource.ParseQuantity(iCPUStr)
+		if err != nil {
+			fmt.Printf("Warning: invalid cpu limit '%s' is set on user '%s'", iCPUStr, users[i].Name)
+			return false
+		}
+		jCPU, err := resource.ParseQuantity(jCPUStr)
+		if err != nil {
+			fmt.Printf("Warning: invalid cpu limit '%s' is set on user '%s'", jCPUStr, users[j].Name)
+			return true
+		}
+		return iCPU.Cmp(jCPU) == -1
+	},
+}
+
+var sortAliases = map[string]sets.Set[string]{
+	"name":        sets.New[string]("n", "N", "Name"),
+	"role":        sets.New[string]("r", "R", "Role"),
+	"create-time": sets.New[string]("creation", "created", "created-at", "createdat", "createtime"),
+	"cpu":         sets.New[string]("c", "C", "CPU"),
+	"memory":      sets.New[string]("m", "M", "Memory"),
+}
+
+func getSortFunc(sortBy string) func(users []iamv1alpha2.User, i, j int) bool {
+	if f, ok := sortFuncs[sortBy]; ok {
+		return f
+	}
+	for origin, sortAlias := range sortAliases {
+		if sortAlias.Has(sortBy) {
+			return sortFuncs[origin]
+		}
+	}
+	return nil
+}
+
+type listUsersOptions struct {
+	kubeConfig string
+	output     string
+	noHeaders  bool
+	sortBys    []string
+	reverse    bool
+}
+
+func NewCmdListUsers() *cobra.Command {
+	o := &listUsersOptions{}
+	cmd := &cobra.Command{
+		Use:     "list",
+		Aliases: []string{"ls", "l"},
+		Short:   "list all users",
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := o.Validate(); err != nil {
+				log.Fatal(err)
+			}
+			if err := o.Run(); err != nil {
+				log.Fatal(err)
+			}
+		},
+	}
+	o.AddFlags(cmd)
+	return cmd
+}
+
+func (o *listUsersOptions) AddFlags(cmd *cobra.Command) {
+	cmd.Flags().StringVar(&o.kubeConfig, "kubeconfig", "", "path to kubeconfig file")
+	cmd.Flags().StringVarP(&o.output, "output", "o", "table", "output format (table, json)")
+	cmd.Flags().BoolVar(&o.noHeaders, "no-headers", false, "disable headers")
+	cmd.Flags().StringSliceVar(&o.sortBys, "sort", []string{}, "sort output order by (name, role, create-time, memory, cpu)")
+	cmd.Flags().BoolVarP(&o.reverse, "reverse", "r", false, "reverse order")
+}
+
+func (o *listUsersOptions) Validate() error {
+	for _, sortBy := range o.sortBys {
+		f := getSortFunc(sortBy)
+		if f == nil {
+			return fmt.Errorf("unknown sort option: %s", sortBy)
+		}
+	}
+	return nil
+}
+
+func (o *listUsersOptions) Run() error {
+	ctx := context.Background()
+
+	userClient, err := newUserClientFromKubeConfig(o.kubeConfig)
+	if err != nil {
+		return err
+	}
+
+	var userList iamv1alpha2.UserList
+	err = userClient.List(ctx, &userList)
+	if err != nil {
+		return fmt.Errorf("failed to list users: %w", err)
+	}
+
+	for _, sortBy := range o.sortBys {
+		sort.SliceStable(userList.Items, func(i, j int) bool {
+			f := getSortFunc(sortBy)
+			if f == nil {
+				log.Fatalf("unkown sort option: %s", sortBy)
+			}
+			return f(userList.Items, i, j)
+		})
+	}
+
+	if o.reverse {
+		slices.Reverse(userList.Items)
+	}
+
+	users := make([]userInfo, 0, len(userList.Items))
+	for _, user := range userList.Items {
+		users = append(users, convertUserObjectToUserInfo(user))
+	}
+
+	if o.output == "json" {
+		jsonOutput, _ := json.MarshalIndent(users, "", "  ")
+		fmt.Println(string(jsonOutput))
+	} else {
+		if !o.noHeaders {
+			printUserTableHeaders()
+		}
+		for _, user := range users {
+			printUserTableRow(user)
+		}
+	}
+
+	return nil
+}

cli/cmd/ctl/user/root.go

@@ -0,0 +1,16 @@
+package user
+
+import "github.com/spf13/cobra"
+
+func NewUserCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "user",
+		Short: "user management operations",
+	}
+	cmd.AddCommand(NewCmdCreateUser())
+	cmd.AddCommand(NewCmdDeleteUser())
+	cmd.AddCommand(NewCmdListUsers())
+	cmd.AddCommand(NewCmdGetUser())
+	// cmd.AddCommand(NewCmdUpdateUserLimits())
+	return cmd
+}

cli/cmd/ctl/user/types.go

@@ -0,0 +1,43 @@
+package user
+
+type resourceLimit struct {
+	memoryLimit string
+	cpuLimit    string
+}
+
+type userInfo struct {
+	UID               string   `json:"uid"`
+	Name              string   `json:"name"`
+	DisplayName       string   `json:"display_name"`
+	Description       string   `json:"description"`
+	Email             string   `json:"email"`
+	State             string   `json:"state"`
+	LastLoginTime     *int64   `json:"last_login_time"`
+	CreationTimestamp int64    `json:"creation_timestamp"`
+	Avatar            string   `json:"avatar"`
+	TerminusName      string   `json:"terminusName"`
+	WizardComplete    bool     `json:"wizard_complete"`
+	Roles             []string `json:"roles"`
+	MemoryLimit       string   `json:"memory_limit"`
+	CpuLimit          string   `json:"cpu_limit"`
+}
+
+var (
+	annotationKeyRole        = "bytetrade.io/owner-role"
+	annotationKeyMemoryLimit = "bytetrade.io/user-memory-limit"
+	annotationKeyCPULimit    = "bytetrade.io/user-cpu-limit"
+
+	roleOwner  = "owner"
+	roleAdmin  = "admin"
+	roleNormal = "normal"
+
+	creatorCLI = "cli"
+
+	lldapGroupAdmin = "lldap_admin"
+
+	defaultMemoryLimit = "3G"
+	defaultCPULimit    = "1"
+
+	systemObjectName      = "terminus"
+	systemObjectDomainKey = "domainName"
+)

cli/cmd/ctl/user/update.go

@@ -0,0 +1,97 @@
+package user
+
+import (
+	"context"
+	"fmt"
+	iamv1alpha2 "github.com/beclab/api/iam/v1alpha2"
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/types"
+	"log"
+)
+
+type updateUserLimitsOptions struct {
+	name string
+	resourceLimit
+	kubeConfig string
+}
+
+func NewCmdUpdateUserLimits() *cobra.Command {
+	o := &updateUserLimitsOptions{}
+	cmd := &cobra.Command{
+		Use:     "update-limits {name}",
+		Aliases: []string{"update-limit", "ulimit", "ulimits"},
+		Short:   "update user resource limits",
+		Args:    cobra.ExactArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			o.name = args[0]
+			if err := o.Validate(); err != nil {
+				log.Fatal(err)
+			}
+			if err := o.Run(); err != nil {
+				log.Fatal(err)
+			}
+		},
+	}
+	o.AddFlags(cmd)
+	return cmd
+}
+
+func (o *updateUserLimitsOptions) AddFlags(cmd *cobra.Command) {
+	cmd.Flags().StringVarP(&o.memoryLimit, "memory-limit", "m", "", "memory limit")
+	cmd.Flags().StringVarP(&o.cpuLimit, "cpu-limit", "c", "", "cpu limit")
+	cmd.Flags().StringVar(&o.kubeConfig, "kubeconfig", "", "path to kubeconfig file")
+}
+
+func (o *updateUserLimitsOptions) Validate() error {
+	if o.name == "" {
+		return fmt.Errorf("user name is required")
+	}
+
+	if o.memoryLimit == "" && o.cpuLimit == "" {
+		return fmt.Errorf("one of memory limit or cpu limit is required")
+	}
+
+	if err := validateResourceLimit(o.resourceLimit); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (o *updateUserLimitsOptions) Run() error {
+	ctx := context.Background()
+
+	userClient, err := newUserClientFromKubeConfig(o.kubeConfig)
+	if err != nil {
+		return err
+	}
+
+	var user iamv1alpha2.User
+	err = userClient.Get(ctx, types.NamespacedName{Name: o.name}, &user)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return fmt.Errorf("user '%s' not found", o.name)
+		}
+		return fmt.Errorf("failed to get user: %w", err)
+	}
+
+	if user.Annotations == nil {
+		user.Annotations = make(map[string]string)
+	}
+
+	if o.memoryLimit != "" {
+		user.Annotations[annotationKeyMemoryLimit] = o.memoryLimit
+	}
+	if o.cpuLimit != "" {
+		user.Annotations[annotationKeyCPULimit] = o.cpuLimit
+	}
+
+	err = userClient.Update(ctx, &user)
+	if err != nil {
+		return fmt.Errorf("failed to update user: %w", err)
+	}
+
+	fmt.Printf("User '%s' resource limits updated successfully\n", o.name)
+	return nil
+}

cli/cmd/ctl/user/utils.go

@@ -0,0 +1,120 @@
+package user
+
+import (
+	"bytetrade.io/web3os/app-service/api/sys.bytetrade.io/v1alpha1"
+	"fmt"
+	iamv1alpha2 "github.com/beclab/api/iam/v1alpha2"
+	"k8s.io/apimachinery/pkg/api/resource"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/tools/clientcmd"
+	"os"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strconv"
+	"time"
+)
+
+func newUserClientFromKubeConfig(kubeconfig string) (client.Client, error) {
+	if kubeconfig == "" {
+		kubeconfig = os.Getenv("KUBECONFIG")
+		if kubeconfig == "" {
+			kubeconfig = clientcmd.RecommendedHomeFile
+		}
+	}
+
+	config, err := clientcmd.BuildConfigFromFlags("", kubeconfig)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get kubeconfig: %w", err)
+	}
+
+	scheme := runtime.NewScheme()
+
+	if err := iamv1alpha2.AddToScheme(scheme); err != nil {
+		return nil, fmt.Errorf("failed to add user scheme: %w", err)
+	}
+
+	if err := v1alpha1.AddToScheme(scheme); err != nil {
+		return nil, fmt.Errorf("failed to add system scheme: %w", err)
+	}
+
+	userClient, err := client.New(config, client.Options{Scheme: scheme})
+	if err != nil {
+		return nil, fmt.Errorf("failed to create user client: %w", err)
+	}
+	return userClient, nil
+}
+
+func validateResourceLimit(limit resourceLimit) error {
+	if limit.memoryLimit != "" {
+		memLimit, err := resource.ParseQuantity(limit.memoryLimit)
+		if err != nil {
+			return fmt.Errorf("invalid memory limit: %v", err)
+		}
+		minMemLimit, _ := resource.ParseQuantity(defaultMemoryLimit)
+		if memLimit.Cmp(minMemLimit) < 0 {
+			return fmt.Errorf("invalid memory limit: %s is less than minimum required: %s", memLimit.String(), minMemLimit.String())
+		}
+	}
+
+	if limit.cpuLimit != "" {
+		cpuLimit, err := resource.ParseQuantity(limit.cpuLimit)
+		if err != nil {
+			return fmt.Errorf("invalid cpu limit: %v", err)
+		}
+		minCPULimit, _ := resource.ParseQuantity(defaultCPULimit)
+		if cpuLimit.Cmp(minCPULimit) < 0 {
+			return fmt.Errorf("invalid cpu limit: %s is less than minimum required: %s", cpuLimit.String(), minCPULimit.String())
+		}
+	}
+
+	return nil
+}
+
+func convertUserObjectToUserInfo(user iamv1alpha2.User) userInfo {
+	info := userInfo{
+		UID:               string(user.UID),
+		Name:              user.Name,
+		DisplayName:       user.Spec.DisplayName,
+		Description:       user.Spec.Description,
+		Email:             user.Spec.Email,
+		State:             string(user.Status.State),
+		CreationTimestamp: user.CreationTimestamp.Unix(),
+	}
+
+	if user.Annotations != nil {
+		if role, ok := user.Annotations[annotationKeyRole]; ok {
+			info.Roles = []string{role}
+		}
+		if terminusName, ok := user.Annotations["bytetrade.io/terminus-name"]; ok {
+			info.TerminusName = terminusName
+		}
+		if avatar, ok := user.Annotations["bytetrade.io/avatar"]; ok {
+			info.Avatar = avatar
+		}
+		if memoryLimit, ok := user.Annotations[annotationKeyMemoryLimit]; ok {
+			info.MemoryLimit = memoryLimit
+		}
+		if cpuLimit, ok := user.Annotations[annotationKeyCPULimit]; ok {
+			info.CpuLimit = cpuLimit
+		}
+	}
+
+	if user.Status.LastLoginTime != nil {
+		lastLogin := user.Status.LastLoginTime.Unix()
+		info.LastLoginTime = &lastLogin
+	}
+
+	return info
+}
+
+func printUserTableHeaders() {
+	fmt.Printf("%-20s %-10s %-10s %-30s %-10s %-10s %-10s\n", "NAME", "ROLE", "STATE", "CREATE TIME", "ACTIVATED", "MEMORY", "CPU")
+}
+
+func printUserTableRow(info userInfo) {
+	role := roleNormal
+	if len(info.Roles) > 0 {
+		role = info.Roles[0]
+	}
+	fmt.Printf("%-20s %-10s %-10s %-30s %-10s %-10s %-10s\n",
+		info.Name, role, info.State, time.Unix(info.CreationTimestamp, 0).Format(time.RFC3339), strconv.FormatBool(info.WizardComplete), info.MemoryLimit, info.CpuLimit)
+}

cli/cmd/main.go

@@ -1,16 +1,12 @@
 package main
 
 import (
-	"os"
-	"os/exec"
-
 	"github.com/beclab/Olares/cli/cmd/ctl"
+	"os"
 )
 
 func main() {
 	cmd := ctl.NewDefaultCommand()
-	_ = exec.Command("/bin/bash", "-c", "ulimit -u 65535").Run()
-	_ = exec.Command("/bin/bash", "-c", "ulimit -n 65535").Run()
 
 	if err := cmd.Execute(); err != nil {
 		// fmt.Println(err)

cli/go.mod

@@ -5,61 +5,67 @@ go 1.24.0
 toolchain go1.24.3
 
 replace (
+	bytetrade.io/web3os/app-service => github.com/beclab/app-service v0.2.33
 	bytetrade.io/web3os/backups-sdk => github.com/Above-Os/backups-sdk v0.1.17
 	github.com/containers/image/v5 => github.com/containers/image/v5 v5.21.1
-	github.com/containers/ocicrypt => github.com/containers/ocicrypt v1.1.10
 	github.com/containers/storage => github.com/containers/storage v1.40.0
 	github.com/estesp/manifest-tool/v2 => github.com/estesp/manifest-tool/v2 v2.0.3
 	github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.1.0
 )
 
 require (
+	bytetrade.io/web3os/app-service v0.0.0-00010101000000-000000000000
 	bytetrade.io/web3os/backups-sdk v0.0.0-00010101000000-000000000000
-	github.com/Masterminds/semver/v3 v3.3.0
+	github.com/Masterminds/semver/v3 v3.4.0
 	github.com/PaesslerAG/jsonpath v0.1.1
 	github.com/alecthomas/assert/v2 v2.11.0
+	github.com/beclab/api v0.0.0-20250805111305-08be8f53edf0
 	github.com/cavaliergopher/grab/v3 v3.0.1
-	github.com/containerd/containerd v1.7.27
+	github.com/containerd/containerd v1.7.28
 	github.com/decentralized-identity/web5-go v0.25.0
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0
+	github.com/distribution/reference v0.6.0
 	github.com/dominodatalab/os-release v0.0.0-20190522011736-bcdb4a3e3c2f
-	github.com/go-playground/validator/v10 v10.22.0
+	github.com/go-playground/validator/v10 v10.27.0
 	github.com/google/uuid v1.6.0
 	github.com/jmoiron/sqlx v1.4.0
 	github.com/joho/godotenv v1.5.1
 	github.com/libp2p/go-netroute v0.2.2
 	github.com/lithammer/dedent v1.1.0
-	github.com/mattn/go-sqlite3 v1.14.22
-	github.com/mitchellh/mapstructure v1.5.0
+	github.com/mattn/go-sqlite3 v1.14.30
+	github.com/mitchellh/mapstructure v1.4.1
 	github.com/modood/table v0.0.0-20220527013332-8d47e76dad33
 	github.com/mr-tron/base58 v1.2.0
 	github.com/multiformats/go-varint v0.0.7
 	github.com/pelletier/go-toml v1.9.5
 	github.com/pkg/errors v0.9.1
-	github.com/pkg/sftp v1.13.6
+	github.com/pkg/sftp v1.10.1
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
-	github.com/schollz/progressbar/v3 v3.17.1
-	github.com/shirou/gopsutil/v4 v4.25.2
+	github.com/schollz/progressbar/v3 v3.18.0
+	github.com/shirou/gopsutil/v4 v4.25.7
 	github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c
 	github.com/spf13/cobra v1.9.1
+	github.com/spf13/pflag v1.0.6
 	github.com/stretchr/testify v1.10.0
 	github.com/syndtr/goleveldb v1.0.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/crypto v0.37.0
-	golang.org/x/term v0.31.0
-	golang.org/x/text v0.24.0
+	golang.org/x/crypto v0.40.0
+	golang.org/x/sys v0.34.0
+	golang.org/x/term v0.33.0
+	golang.org/x/text v0.27.0
 	gopkg.in/yaml.v2 v2.4.0
-	helm.sh/helm/v3 v3.18.1
-	k8s.io/api v0.33.0
-	k8s.io/apimachinery v0.33.0
-	k8s.io/cli-runtime v0.33.0
-	k8s.io/client-go v0.33.0
-	k8s.io/kubectl v0.33.0
+	helm.sh/helm/v3 v3.18.4
+	k8s.io/api v0.33.3
+	k8s.io/apimachinery v0.33.3
+	k8s.io/cli-runtime v0.33.3
+	k8s.io/client-go v0.33.3
+	k8s.io/klog/v2 v2.130.1
+	k8s.io/kubectl v0.33.3
 	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
 	sigs.k8s.io/controller-runtime v0.21.0
-	sigs.k8s.io/kustomize/kyaml v0.19.0
-	sigs.k8s.io/yaml v1.4.0
+	sigs.k8s.io/kustomize/kyaml v0.20.1
+	sigs.k8s.io/yaml v1.5.0
 )
 
 require (
@@ -79,7 +85,6 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/bshuster-repo/logrus-logstash-hook v1.0.2 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/containerd/cgroups v1.1.0 // indirect
@@ -93,7 +98,6 @@ require (
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
 	github.com/cyphar/filepath-securejoin v0.4.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/ebitengine/purego v0.8.4 // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
@@ -101,15 +105,19 @@ require (
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect
-	github.com/fatih/color v1.15.0 // indirect
+	github.com/fatih/color v1.13.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-resty/resty/v2 v2.16.5 // indirect
@@ -129,15 +137,19 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hexops/gotextdiff v1.0.3 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jonboulle/clockwork v0.4.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/kr/fs v0.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
@@ -147,7 +159,7 @@ require (
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
-	github.com/moby/sys/mountinfo v0.7.1 // indirect
+	github.com/moby/sys/mountinfo v0.6.2 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
 	github.com/moby/sys/user v0.3.0 // indirect
@@ -177,8 +189,8 @@ require (
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/smartystreets/goconvey v1.8.1 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
-	github.com/tklauser/go-sysconf v0.3.12 // indirect
-	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/tklauser/go-sysconf v0.3.15 // indirect
+	github.com/tklauser/numcpus v0.10.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -191,42 +203,30 @@ require (
 	go.opentelemetry.io/otel v1.33.0 // indirect
 	go.opentelemetry.io/otel/metric v1.33.0 // indirect
 	go.opentelemetry.io/otel/trace v1.33.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/oauth2 v0.28.0 // indirect
-	golang.org/x/sync v0.14.0 // indirect
-	golang.org/x/time v0.9.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.yaml.in/yaml/v2 v2.4.2 // indirect
+	go.yaml.in/yaml/v3 v3.0.3 // indirect
+	golang.org/x/net v0.42.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/time v0.12.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect
 	google.golang.org/grpc v1.68.1 // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	k8s.io/apiextensions-apiserver v0.33.0 // indirect
-	k8s.io/apiserver v0.33.0 // indirect
-	k8s.io/component-base v0.33.0 // indirect
-	k8s.io/component-helpers v0.33.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.33.2 // indirect
+	k8s.io/apiserver v0.33.2 // indirect
+	k8s.io/component-base v0.33.3 // indirect
+	k8s.io/component-helpers v0.33.3 // indirect
 	k8s.io/cri-api v0.27.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
-	oras.land/oras-go/v2 v2.5.0 // indirect
+	oras.land/oras-go/v2 v2.6.0 // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/kustomize/api v0.19.0 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
 )
-
-require (
-	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.21.0 // indirect
-	github.com/go-openapi/swag v0.23.0 // indirect
-	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
-	github.com/kr/fs v0.1.0 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/spf13/pflag v1.0.6
-	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/sys v0.33.0
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/klog/v2 v2.130.1
-)

cli/go.sum

@@ -20,8 +20,8 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0=
-github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
+github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
 github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
 github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=
@@ -43,13 +43,16 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/beclab/api v0.0.0-20250805111305-08be8f53edf0 h1:U8AFy37epib5ya5By0gHAWVRT+BetExFkmGTjkhZCoY=
+github.com/beclab/api v0.0.0-20250805111305-08be8f53edf0/go.mod h1:1tq7ut9hrjgYWTh6UTth0xPRa7Ags0VJvUmbr4GuJuM=
+github.com/beclab/app-service v0.2.33 h1:fsv9sTL7guTdU8z8sO5KIxxd1N5K+Rp4zORRebs+wmI=
+github.com/beclab/app-service v0.2.33/go.mod h1:Gpp5e2XPU/nHufT7ZBsRMZrYxpFbI6R4AEiKine+RhI=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/bshuster-repo/logrus-logstash-hook v1.0.2 h1:JYRWo+QGnQdedgshosug9hxpPYTB9oJ1ZZD3fY31alU=
-github.com/bshuster-repo/logrus-logstash-hook v1.0.2/go.mod h1:HgYntJprnHSPaF9VPPPLP1L5S1vMWxRfa1J+vzDrDTw=
 github.com/cavaliergopher/grab/v3 v3.0.1 h1:4z7TkBfmPjmLAAmkkAZNX/6QJ1nNFdv3SdIHXju0Fr4=
 github.com/cavaliergopher/grab/v3 v3.0.1/go.mod h1:1U/KNnD+Ft6JJiYoYBAimKH2XrYptb8Kl3DFGmsjpq4=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
@@ -65,8 +68,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
-github.com/containerd/containerd v1.7.27 h1:yFyEyojddO3MIGVER2xJLWoCIn+Up4GaHFquP7hsFII=
-github.com/containerd/containerd v1.7.27/go.mod h1:xZmPnl75Vc+BLGt4MIfu6bp+fy03gdHAn9bz+FreFR0=
+github.com/containerd/containerd v1.7.28 h1:Nsgm1AtcmEh4AHAJ4gGlNSaKgXiNccU270Dnf81FQ3c=
+github.com/containerd/containerd v1.7.28/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs=
 github.com/containerd/containerd/api v1.8.0 h1:hVTNJKR8fMc/2Tiw60ZRijntNMd1U+JVMyTRdsD2bS0=
 github.com/containerd/containerd/api v1.8.0/go.mod h1:dFv4lt6S20wTu/hMcP4350RL87qPWLVa/OHOwmmdnYc=
 github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII=
@@ -86,6 +89,7 @@ github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3H
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
@@ -96,10 +100,10 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decentralized-identity/web5-go v0.25.0 h1:7QcWuIXHybscmoQ6eoEcDGdbQSPqHIJ4WAo7FBbntIE=
 github.com/decentralized-identity/web5-go v0.25.0/go.mod h1:fzRcApHJZmekJXwjdbG8tYSFxdyZjyjUEmfh92mdhwY=
-github.com/decred/dcrd/crypto/blake256 v1.0.1 h1:7PltbUIQB7u/FfZ39+DGa/ShuMyJ5ilcvdfma9wOH6Y=
-github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
+github.com/decred/dcrd/crypto/blake256 v1.1.0 h1:zPMNGQCm0g4QTY27fOCorQW7EryeQ/U0x++OzVrdms8=
+github.com/decred/dcrd/crypto/blake256 v1.1.0/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/distribution/distribution/v3 v3.0.0 h1:q4R8wemdRQDClzoNNStftB2ZAfqOiN6UX90KJc4HjyM=
@@ -130,8 +134,8 @@ github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
 github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8=
 github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
-github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
-github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI=
@@ -143,8 +147,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
-github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
@@ -158,10 +162,12 @@ github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
 github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
-github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
-github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
@@ -170,8 +176,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
-github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4=
+github.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
 github.com/go-resty/resty/v2 v2.16.5 h1:hBKqmWrr7uRc3euHVqmh1HTHcKn99Smr7o5spptdhTM=
 github.com/go-resty/resty/v2 v2.16.5/go.mod h1:hkJtXbA2iKHzJheXYvQ8snQES5ZLGKMwQ07xAwp/fiA=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
@@ -254,7 +260,6 @@ github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvH
 github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
-github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@@ -278,8 +283,11 @@ github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zt
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
@@ -302,16 +310,20 @@ github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
 github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.30 h1:bVreufq3EAIG1Quvws73du3/QgdeZ3myglJlrzSYYCY=
+github.com/mattn/go-sqlite3 v1.14.30/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM=
 github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=
 github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
@@ -320,16 +332,16 @@ github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa1
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
+github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
 github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
-github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g=
-github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
+github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
+github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
 github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
 github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=
@@ -357,16 +369,19 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg=
 github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw=
-github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/onsi/gomega v1.38.0 h1:c/WX+w8SLAinvuKKQFh77WEucCnPk4j2OTUr7lt7BeY=
+github.com/onsi/gomega v1.38.0/go.mod h1:OcXcwId0b9QsE7Y49u+BTrL4IdKOBOKnD6VQNTJEB6o=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
@@ -381,10 +396,11 @@ github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+v
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo=
-github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk=
+github.com/pkg/sftp v1.10.1 h1:VasscCm72135zRysgrJDKsntdmPN+OuU3+nnHYA9wyc=
+github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -420,17 +436,16 @@ github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d h1:hrujxIzL1woJ7
 github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d/go.mod h1:uugorj2VCxiV1x+LzaIdVa9b4S4qGAcH6cbhh4qVxOU=
 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
-github.com/schollz/progressbar/v3 v3.17.1 h1:bI1MTaoQO+v5kzklBjYNRQLoVpe0zbyRZNK6DFkVC5U=
-github.com/schollz/progressbar/v3 v3.17.1/go.mod h1:RzqpnsPQNjUyIgdglUjRLgD7sVnxN1wpmBMV+UiEbL4=
+github.com/schollz/progressbar/v3 v3.18.0 h1:uXdoHABRFmNIjUfte/Ex7WtuyVslrw2wVPQmCN62HpA=
+github.com/schollz/progressbar/v3 v3.18.0/go.mod h1:IsO3lpbaGuzh8zIMzgY3+J8l4C8GjO0Y9S69eFvNsec=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
-github.com/shirou/gopsutil/v4 v4.25.2 h1:NMscG3l2CqtWFS86kj3vP7soOczqrQYIEhO/pMvvQkk=
-github.com/shirou/gopsutil/v4 v4.25.2/go.mod h1:34gBYJzyqCDT11b6bMHP0XCvWeU3J61XRT7a2EmCRTA=
+github.com/shirou/gopsutil/v4 v4.25.7 h1:bNb2JuqKuAu3tRlPv5piSmBZyMfecwQ+t/ILq+1JqVM=
+github.com/shirou/gopsutil/v4 v4.25.7/go.mod h1:XV/egmwJtd3ZQjBpJVY5kndsiOO4IRqy9TQnmm6VP7U=
 github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c h1:aqg5Vm5dwtvL+YgDpBcK1ITf3o96N/K7/wsRXQnUTEs=
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c/go.mod h1:owqhoLW1qZoYLZzLnBw+QkPP9WZnjlSWihhxAJC1+/M=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smarty/assertions v1.15.0 h1:cR//PqUBUiQRakZWqBiFFQ9wb8emQGDb0HeGdqGByCY=
@@ -450,6 +465,7 @@ github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -459,10 +475,10 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
-github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU=
-github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI=
-github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
-github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY=
+github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4=
+github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4=
+github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso=
+github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -476,7 +492,6 @@ github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
 github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
@@ -533,13 +548,16 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
+go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
+go.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE=
+go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
+golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -548,9 +566,8 @@ golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPI
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
+golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -561,57 +578,44 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
+golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
-golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
+golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
-golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
+golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
+golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
+golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
-golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
-golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
-golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
+golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
+golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
+golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -621,9 +625,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
-golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
+golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -659,69 +662,70 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
 gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
-gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-helm.sh/helm/v3 v3.18.1 h1:qLhXmtqXOHQb0Xv9HJolOLlah8RWbgyzt50xrtTWAlg=
-helm.sh/helm/v3 v3.18.1/go.mod h1:43QHS1W97RcoFJRk36ZBhHdTfykqBlJdsWp3yhzdq8w=
+helm.sh/helm/v3 v3.18.4 h1:pNhnHM3nAmDrxz6/UC+hfjDY4yeDATQCka2/87hkZXQ=
+helm.sh/helm/v3 v3.18.4/go.mod h1:WVnwKARAw01iEdjpEkP7Ii1tT1pTPYfM1HsakFKM3LI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.33.0 h1:yTgZVn1XEe6opVpP1FylmNrIFWuDqe2H0V8CT5gxfIU=
-k8s.io/api v0.33.0/go.mod h1:CTO61ECK/KU7haa3qq8sarQ0biLq2ju405IZAd9zsiM=
-k8s.io/apiextensions-apiserver v0.33.0 h1:d2qpYL7Mngbsc1taA4IjJPRJ9ilnsXIrndH+r9IimOs=
-k8s.io/apiextensions-apiserver v0.33.0/go.mod h1:VeJ8u9dEEN+tbETo+lFkwaaZPg6uFKLGj5vyNEwwSzc=
-k8s.io/apimachinery v0.33.0 h1:1a6kHrJxb2hs4t8EE5wuR/WxKDwGN1FKH3JvDtA0CIQ=
-k8s.io/apimachinery v0.33.0/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
-k8s.io/apiserver v0.33.0 h1:QqcM6c+qEEjkOODHppFXRiw/cE2zP85704YrQ9YaBbc=
-k8s.io/apiserver v0.33.0/go.mod h1:EixYOit0YTxt8zrO2kBU7ixAtxFce9gKGq367nFmqI8=
-k8s.io/cli-runtime v0.33.0 h1:Lbl/pq/1o8BaIuyn+aVLdEPHVN665tBAXUePs8wjX7c=
-k8s.io/cli-runtime v0.33.0/go.mod h1:QcA+r43HeUM9jXFJx7A+yiTPfCooau/iCcP1wQh4NFw=
-k8s.io/client-go v0.33.0 h1:UASR0sAYVUzs2kYuKn/ZakZlcs2bEHaizrrHUZg0G98=
-k8s.io/client-go v0.33.0/go.mod h1:kGkd+l/gNGg8GYWAPr0xF1rRKvVWvzh9vmZAMXtaKOg=
-k8s.io/component-base v0.33.0 h1:Ot4PyJI+0JAD9covDhwLp9UNkUja209OzsJ4FzScBNk=
-k8s.io/component-base v0.33.0/go.mod h1:aXYZLbw3kihdkOPMDhWbjGCO6sg+luw554KP51t8qCU=
-k8s.io/component-helpers v0.33.0 h1:0AdW0A0mIgljLgtG0hJDdJl52PPqTrtMgOgtm/9i/Ys=
-k8s.io/component-helpers v0.33.0/go.mod h1:9SRiXfLldPw9lEEuSsapMtvT8j/h1JyFFapbtybwKvU=
+k8s.io/api v0.33.3 h1:SRd5t//hhkI1buzxb288fy2xvjubstenEKL9K51KBI8=
+k8s.io/api v0.33.3/go.mod h1:01Y/iLUjNBM3TAvypct7DIj0M0NIZc+PzAHCIo0CYGE=
+k8s.io/apiextensions-apiserver v0.33.2 h1:6gnkIbngnaUflR3XwE1mCefN3YS8yTD631JXQhsU6M8=
+k8s.io/apiextensions-apiserver v0.33.2/go.mod h1:IvVanieYsEHJImTKXGP6XCOjTwv2LUMos0YWc9O+QP8=
+k8s.io/apimachinery v0.33.3 h1:4ZSrmNa0c/ZpZJhAgRdcsFcZOw1PQU1bALVQ0B3I5LA=
+k8s.io/apimachinery v0.33.3/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
+k8s.io/apiserver v0.33.2 h1:KGTRbxn2wJagJowo29kKBp4TchpO1DRO3g+dB/KOJN4=
+k8s.io/apiserver v0.33.2/go.mod h1:9qday04wEAMLPWWo9AwqCZSiIn3OYSZacDyu/AcoM/M=
+k8s.io/cli-runtime v0.33.3 h1:Dgy4vPjNIu8LMJBSvs8W0LcdV0PX/8aGG1DA1W8lklA=
+k8s.io/cli-runtime v0.33.3/go.mod h1:yklhLklD4vLS8HNGgC9wGiuHWze4g7x6XQZ+8edsKEo=
+k8s.io/client-go v0.33.3 h1:M5AfDnKfYmVJif92ngN532gFqakcGi6RvaOF16efrpA=
+k8s.io/client-go v0.33.3/go.mod h1:luqKBQggEf3shbxHY4uVENAxrDISLOarxpTKMiUuujg=
+k8s.io/component-base v0.33.3 h1:mlAuyJqyPlKZM7FyaoM/LcunZaaY353RXiOd2+B5tGA=
+k8s.io/component-base v0.33.3/go.mod h1:ktBVsBzkI3imDuxYXmVxZ2zxJnYTZ4HAsVj9iF09qp4=
+k8s.io/component-helpers v0.33.3 h1:fjWVORSQfI0WKzPeIFSju/gMD9sybwXBJ7oPbqQu6eM=
+k8s.io/component-helpers v0.33.3/go.mod h1:7iwv+Y9Guw6X4RrnNQOyQlXcvJrVjPveHVqUA5dm31c=
 k8s.io/cri-api v0.27.1 h1:KWO+U8MfI9drXB/P4oU9VchaWYOlwDglJZVHWMpTT3Q=
 k8s.io/cri-api v0.27.1/go.mod h1:+Ts/AVYbIo04S86XbTD73UPp/DkTiYxtsFeOFEu32L0=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
 k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
-k8s.io/kubectl v0.33.0 h1:HiRb1yqibBSCqic4pRZP+viiOBAnIdwYDpzUFejs07g=
-k8s.io/kubectl v0.33.0/go.mod h1:gAlGBuS1Jq1fYZ9AjGWbI/5Vk3M/VW2DK4g10Fpyn/0=
+k8s.io/kubectl v0.33.3 h1:r/phHvH1iU7gO/l7tTjQk2K01ER7/OAJi8uFHHyWSac=
+k8s.io/kubectl v0.33.3/go.mod h1:euj2bG56L6kUGOE/ckZbCoudPwuj4Kud7BR0GzyNiT0=
 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c=
-oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg=
+oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc=
+oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o=
 sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8=
 sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/kustomize/api v0.19.0 h1:F+2HB2mU1MSiR9Hp1NEgoU2q9ItNOaBJl0I4Dlus5SQ=
 sigs.k8s.io/kustomize/api v0.19.0/go.mod h1:/BbwnivGVcBh1r+8m3tH1VNxJmHSk1PzP5fkP6lbL1o=
-sigs.k8s.io/kustomize/kyaml v0.19.0 h1:RFge5qsO1uHhwJsu3ipV7RNolC7Uozc0jUBC/61XSlA=
-sigs.k8s.io/kustomize/kyaml v0.19.0/go.mod h1:FeKD5jEOH+FbZPpqUghBP8mrLjJ3+zD3/rf9NNu1cwY=
+sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A78=
+sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po=
 sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
 sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
 sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
 sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc=
 sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
-sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
+sigs.k8s.io/yaml v1.5.0 h1:M10b2U7aEUY6hRtU870n2VTPgR5RZiL/I6Lcc2F4NUQ=
+sigs.k8s.io/yaml v1.5.0/go.mod h1:wZs27Rbxoai4C0f8/9urLZtZtF3avA3gKvGyPdDqTO4=

cli/pkg/bootstrap/os/module.go

@@ -166,6 +166,15 @@ func (c *ConfigureOSModule) Init() {
 		Parallel: true,
 	}
 
+	symlinkSysconf := &task.RemoteTask{
+		Name:     "SymlinkSysconf",
+		Desc:     "Create symbolic link to sysconf if non-existing",
+		Hosts:    c.Runtime.GetAllHosts(),
+		Prepare:  &kubernetes.NodeInCluster{Not: true},
+		Action:   new(SymLinkSysconf),
+		Parallel: true,
+	}
+
 	ConfigureNtpServer := &task.RemoteTask{
 		Name:  "ConfigureNtpServer",
 		Desc:  "configure the ntp server for each node",
@@ -191,6 +200,7 @@ func (c *ConfigureOSModule) Init() {
 		initOS,
 		GenerateScript,
 		ExecScript,
+		symlinkSysconf,
 		ConfigureNtpServer,
 		configureSwap,
 	}

cli/pkg/bootstrap/os/tasks.go

@@ -371,6 +371,35 @@ func (n *NodeExecScript) Execute(runtime connector.Runtime) error {
 	return nil
 }
 
+type SymLinkSysconf struct {
+	common.KubeAction
+}
+
+func (a *SymLinkSysconf) Execute(runtime connector.Runtime) error {
+	sysconfPath := "/etc/sysctl.conf"
+	sysconfSymLinkPath := "/etc/sysctl.d/99-sysctl.conf"
+	linkExists, err := runtime.GetRunner().FileExist(sysconfSymLinkPath)
+	if err != nil {
+		return fmt.Errorf("failed to check if %s exists", sysconfSymLinkPath)
+	}
+	if linkExists {
+		return nil
+	}
+	sysconfDir := filepath.Dir(sysconfSymLinkPath)
+	dirExists, err := runtime.GetRunner().DirExist(sysconfDir)
+	if err != nil {
+		return fmt.Errorf("failed to check if %s exists", sysconfDir)
+	}
+	if !dirExists {
+		err = runtime.GetRunner().MkDir(sysconfDir)
+		if err != nil {
+			return err
+		}
+	}
+	_, err = runtime.GetRunner().SudoCmd(fmt.Sprintf("ln -s %s %s", sysconfPath, sysconfSymLinkPath), true, false)
+	return err
+}
+
 var (
 	etcdFiles = []string{
 		"/usr/local/bin/etcd",

cli/pkg/bootstrap/os/templates/init_script.go

@@ -152,9 +152,6 @@ update-alternatives --set arptables /usr/sbin/arptables-legacy >/dev/null 2>&1 |
 update-alternatives --set ebtables /usr/sbin/ebtables-legacy >/dev/null 2>&1 || true
 
 for i in $(systemctl list-unit-files --no-legend --no-pager -l | grep --color=never -o .*.slice | grep kubepod); do sudo systemctl stop $i; done
-
-ulimit -u 65535
-ulimit -n 65535
 `)))
 
 func GenerateHosts(runtime connector.ModuleRuntime, kubeConf *common.KubeConf) []string {

cli/pkg/bootstrap/precheck/tasks.go

@@ -75,7 +75,22 @@ func (t *SystemSupportCheck) Name() string {
 }
 
 func (t *SystemSupportCheck) Check(runtime connector.Runtime) error {
-	return runtime.GetSystemInfo().IsSupport()
+	err := runtime.GetSystemInfo().IsSupport()
+	if err == nil {
+		return nil
+	}
+	// Interactive warning instead of outright failure
+	fmt.Printf("%v Use at your own risk, would you like to continue? (Y/N): ", err)
+	reader, err := utils.GetBufIOReaderOfTerminalInput()
+	if err != nil {
+		return fmt.Errorf("could not read terminal input: %v", err)
+	}
+	input, _ := reader.ReadString('\n')
+	input = strings.TrimSpace(input)
+	if !strings.HasPrefix("yes", strings.ToLower(input)) {
+		return err
+	}
+	return nil
 }
 
 type RequiredPortsCheck struct{}

cli/pkg/certs/templates/certs_renew_service.go

@@ -40,6 +40,7 @@ Description=Timer to renew K8S control plane certificates
 [Timer]
 OnCalendar=Mon *-*-* 03:00:00
 Unit=k8s-certs-renew.service
+Persistent=true
 [Install]
 WantedBy=multi-user.target
     `)))

cli/pkg/common/common.go

@@ -23,8 +23,8 @@ import (
 )
 
 const (
-	DefaultK8sVersion          = "v1.32.2"
-	DefaultK3sVersion          = "v1.32.2-k3s"
+	DefaultK8sVersion          = "v1.33.3"
+	DefaultK3sVersion          = "v1.33.3-k3s"
 	DefaultKubernetesVersion   = ""
 	DefaultKubeSphereVersion   = "v3.3.0"
 	DefaultTokenMaxAge         = 31536000
@@ -333,8 +333,10 @@ var TerminusGlobalEnvs = map[string]interface{}{
 	"FRP_LIST_URL":               "https://terminus-frp.snowinning.com",
 	"TAILSCALE_CONTROLPLANE_URL": "https://controlplane.snowinning.com",
 	"OLARES_ROOT_DIR":            "/olares",
-	ENV_DOWNLOAD_CDN_URL:         cc.DownloadUrl,
-	ENV_MARKET_PROVIDER:          "appstore-server-prod.bttcdn.com",
+	// the default value used by kubeadm
+	"COREDNS_SVC":        "10.96.0.10",
+	ENV_DOWNLOAD_CDN_URL: cc.DownloadUrl,
+	ENV_MARKET_PROVIDER:  "appstore-server-prod.bttcdn.com",
 }
 
 const (

cli/pkg/common/kube_runtime.go

@@ -256,13 +256,14 @@ type Frp struct {
 }
 
 func NewArgument() *Argument {
+	si := connector.GetSystemInfo()
 	arg := &Argument{
 		KsEnable:         true,
 		KsVersion:        DefaultKubeSphereVersion,
 		InstallPackages:  false,
 		SKipPushImages:   false,
 		ContainerManager: Containerd,
-		SystemInfo:       connector.GetSystemInfo(),
+		SystemInfo:       si,
 		Storage: &Storage{
 			StorageType: ManagedMinIO,
 		},
@@ -286,6 +287,7 @@ func NewArgument() *Argument {
 	arg.IsCloudInstance, _ = strconv.ParseBool(os.Getenv(ENV_TERMINUS_IS_CLOUD_VERSION))
 	arg.PublicNetworkInfo.PubliclyAccessible, _ = strconv.ParseBool(os.Getenv(ENV_PUBLICLY_ACCESSIBLE))
 	arg.IsOlaresInContainer = os.Getenv("CONTAINER_MODE") == "oic"
+	si.IsOIC = arg.IsOlaresInContainer
 
 	if err := arg.LoadReleaseInfo(); err != nil {
 		fmt.Printf("error loading release info: %v", err)
@@ -327,7 +329,7 @@ func (a *Argument) SaveReleaseInfo() error {
 		ENV_OLARES_VERSION:  a.OlaresVersion,
 	}
 
-	if a.User != nil {
+	if a.User != nil && a.User.UserName != "" && a.User.DomainName != "" {
 		releaseInfoMap["OLARES_NAME"] = fmt.Sprintf("%s@%s", a.User.UserName, a.User.DomainName)
 	} else {
 		if util.IsExist(OlaresReleaseFile) {

cli/pkg/container/containerd.go

@@ -404,3 +404,14 @@ func (t *KillContainerdProcess) Execute(runtime connector.Runtime) error {
 
 	return nil
 }
+
+type RestartContainerd struct {
+	common.KubeAction
+}
+
+func (t *RestartContainerd) Execute(runtime connector.Runtime) error {
+	if _, err := runtime.GetRunner().SudoCmd("systemctl restart containerd", false, true); err != nil {
+		return errors.Wrap(errors.WithStack(err), "Failed to restart containerd")
+	}
+	return nil
+}

cli/pkg/container/templates/containerd_config.go

@@ -29,151 +29,27 @@ root = {{ .DataRoot }}
 {{ else }}
 root = "/var/lib/containerd"
 {{- end }}
-state = "/run/containerd"
-
-[cgroup]
-  path = ""
-
-[debug]
-  address = ""
-  format = ""
-  gid = 0
-  level = ""
-  uid = 0
-
-[grpc]
-  address = "/run/containerd/containerd.sock"
-  gid = 0
-  max_recv_message_size = 16777216
-  max_send_message_size = 16777216
-	tcp_address = ""
-  tcp_tls_ca = ""
-  tcp_tls_cert = ""
-  tcp_tls_key = ""
-  uid = 0
-
-[metrics]
-  address = ""
-  grpc_histogram = false
-
-[ttrpc]
-  address = ""
-  uid = 0
-  gid = 0
-
-[timeouts]
-  "io.containerd.timeout.shim.cleanup" = "5s"
-  "io.containerd.timeout.shim.load" = "5s"
-  "io.containerd.timeout.shim.shutdown" = "3s"
-  "io.containerd.timeout.task.state" = "2s"
 
 [plugins]
-	[plugins."io.containerd.gc.v1.scheduler"]
-    deletion_threshold = 0
-    mutation_threshold = 100
-    pause_threshold = 0.02
-    schedule_delay = "0s"
-    startup_delay = "100ms"
 
   [plugins."io.containerd.grpc.v1.cri"]
-		device_ownership_from_security_context = false
-    disable_apparmor = false
-    disable_cgroup = false
-    disable_hugetlb_controller = true
-    disable_proc_mount = false
-    disable_tcp_service = true
-    enable_selinux = false
-    enable_tls_streaming = false
-    enable_unprivileged_icmp = false
-    enable_unprivileged_ports = false
-    ignore_image_defined_volumes = false
-    max_concurrent_downloads = 3
-    max_container_log_line_size = 16384
-    netns_mounts_under_state_dir = false
-    restrict_oom_score_adj = false
-    selinux_category_range = 1024
-    stats_collect_period = 10
-    stream_idle_timeout = "4h0m0s"
-    stream_server_address = "127.0.0.1"
-    stream_server_port = "10010"
-    systemd_cgroup = false
-    tolerate_missing_hugetlb_controller = true
-    unset_seccomp_profile = ""
     sandbox_image = "{{ .SandBoxImage }}"
 
-    [plugins."io.containerd.grpc.v1.cri".cni]
-      bin_dir = "/opt/cni/bin"
-      conf_dir = "/etc/cni/net.d"
-      max_conf_num = 1
-      conf_template = ""
-
-		[plugins."io.containerd.grpc.v1.cri".containerd]
+    [plugins."io.containerd.grpc.v1.cri".containerd]
       default_runtime_name = "runc"
-      disable_snapshot_annotations = true
-      discard_unpacked_layers = false
-      ignore_rdt_not_enabled_errors = false
-      no_pivot = false
-      snapshotter = "{{ .FsType }}"
-
-      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
-        base_runtime_spec = ""
-        cni_conf_dir = ""
-        cni_max_conf_num = 0
-        container_annotations = []
-        pod_annotations = []
-        privileged_without_host_devices = false
-        runtime_engine = ""
-        runtime_path = ""
-        runtime_root = ""
-        runtime_type = ""
-
-        [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]
 
       [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
 
         [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-          base_runtime_spec = ""
-          cni_conf_dir = ""
-          cni_max_conf_num = 0
-          container_annotations = []
-          pod_annotations = []
-          privileged_without_host_devices = false
-          runtime_engine = ""
-          runtime_path = ""
-          runtime_root = ""
-          runtime_type = "io.containerd.runc.v2"
+          runtime_type = 'io.containerd.runc.v2'
+          sandboxer = 'podsandbox'
+          snapshotter = "{{ .FsType }}"
 
           [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-            BinaryName = ""
-            CriuImagePath = ""
-            CriuPath = ""
-            CriuWorkPath = ""
-            IoGid = 0
-            IoUid = 0
-            NoNewKeyring = false
-            NoPivotRoot = false
-            Root = ""
-            ShimCgroup = ""
             SystemdCgroup = true
 
-      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
-        base_runtime_spec = ""
-        cni_conf_dir = ""
-        cni_max_conf_num = 0
-        container_annotations = []
-        pod_annotations = []
-        privileged_without_host_devices = false
-        runtime_engine = ""
-        runtime_path = ""
-        runtime_root = ""
-        runtime_type = ""
-
-        [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]
-
-    [plugins."io.containerd.grpc.v1.cri".image_decryption]
-      key_model = "node"
-
     [plugins."io.containerd.grpc.v1.cri".registry]
+
       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
         {{- if .Mirrors }}
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
@@ -201,84 +77,6 @@ state = "/run/containerd"
           {{- end}}
         {{- end}}
 
-	[plugins."io.containerd.internal.v1.opt"]
-    path = "/opt/containerd"
-
-  [plugins."io.containerd.internal.v1.restart"]
-    interval = "10s"
-
-  [plugins."io.containerd.internal.v1.tracing"]
-    sampling_ratio = 1.0
-    service_name = "containerd"
-
-  [plugins."io.containerd.metadata.v1.bolt"]
-    content_sharing_policy = "shared"
-
-  [plugins."io.containerd.monitor.v1.cgroups"]
-    no_prometheus = false
-
-  [plugins."io.containerd.runtime.v1.linux"]
-    no_shim = false
-    runtime = "runc"
-    runtime_root = ""
-    shim = "containerd-shim"
-    shim_debug = false
-
-  [plugins."io.containerd.runtime.v2.task"]
-    platforms = ["linux/amd64"]
-    sched_core = false
-
-  [plugins."io.containerd.service.v1.diff-service"]
-    default = ["walking"]
-
-  [plugins."io.containerd.service.v1.tasks-service"]
-    rdt_config_file = ""
-
-  [plugins."io.containerd.snapshotter.v1.aufs"]
-    root_path = ""
-
-  [plugins."io.containerd.snapshotter.v1.btrfs"]
-    root_path = ""
-
-  [plugins."io.containerd.snapshotter.v1.devmapper"]
-    async_remove = false
-    base_image_size = ""
-    discard_blocks = false
-    fs_options = ""
-    fs_type = ""
-    pool_name = ""
-    root_path = ""
-
-  [plugins."io.containerd.snapshotter.v1.native"]
-    root_path = ""
-
-  [plugins."io.containerd.snapshotter.v1.overlayfs"]
-    root_path = ""
-    upperdir_label = false
-
   [plugins."io.containerd.snapshotter.v1.zfs"]
     root_path = "{{ .ZfsRootPath }}"
-
-  [plugins."io.containerd.tracing.processor.v1.otlp"]
-    endpoint = ""
-    insecure = false
-    protocol = ""
-
-[proxy_plugins]
-
-[stream_processors]
-
-  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
-    accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
-    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
-    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
-    path = "ctd-decoder"
-    returns = "application/vnd.oci.image.layer.v1.tar"
-
-  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
-    accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
-    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
-    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
-    path = "ctd-decoder"
-    returns = "application/vnd.oci.image.layer.v1.tar+gzip"
 `)))

cli/pkg/core/connector/system.go

@@ -114,6 +114,7 @@ type SystemInfo struct {
 	LocalIp    string          `json:"local_ip"`
 	NatGateway string          `json:"nat_gateway"`
 	PkgManager string          `json:"pkg_manager"`
+	IsOIC      bool            `json:"is_oic,omitempty"`
 }
 
 func (s *SystemInfo) IsSupport() error {
@@ -217,7 +218,7 @@ func (s *SystemInfo) IsPveOrPveLxc() bool {
 }
 
 func (s *SystemInfo) IsWsl() bool {
-	return s.HostInfo.OsPlatform == common.WSL
+	return s.HostInfo.OsPlatform == common.WSL && !s.IsOIC
 }
 
 func (s *SystemInfo) IsRaspbian() bool {
@@ -301,6 +302,8 @@ func (s *SystemInfo) Print() {
 	fmt.Printf("fs info, fs: %s, zfsmount: %s\n", s.FsInfo.Type, s.FsInfo.DefaultZfsPrefixName)
 	fmt.Printf("mem info, total: %s, free: %s\n", util.FormatBytes(int64(s.MemoryInfo.Total)), util.FormatBytes(int64(s.MemoryInfo.Free)))
 	fmt.Printf("cgroup info, cpu: %d, mem: %d\n", s.CgroupInfo.CpuEnabled, s.CgroupInfo.MemoryEnabled)
+	fmt.Printf("oic: %t\n", s.IsOIC)
+	fmt.Printf("in wsl: %t\n", s.IsWsl())
 }
 
 func GetSystemInfo() *SystemInfo {

cli/pkg/core/util/file.go

@@ -344,7 +344,7 @@ func Untar(src, dst string) error {
 				}
 			}
 
-			file, err := os.OpenFile(dstPath, os.O_CREATE|os.O_RDWR, os.FileMode(hdr.Mode))
+			file, err := os.OpenFile(dstPath, os.O_CREATE|os.O_RDWR|os.O_TRUNC, os.FileMode(hdr.Mode))
 			if err != nil {
 				return err
 			}

cli/pkg/daemon/module.go

@@ -92,6 +92,12 @@ func (i *InstallTerminusdBinaryModule) Init() {
 	i.Name = "InstallOlaresdBinaryModule"
 	i.Desc = "Install olaresd"
 
+	updateHost := &task.LocalTask{
+		Name:    "UpdateHosts",
+		Action:  new(terminus.UpdateKubeKeyHosts),
+		Prepare: new(HostnameNotResolvable),
+	}
+
 	install := &task.RemoteTask{
 		Name:  "InstallOlaresdBinary",
 		Desc:  "Install olaresd using binary",
@@ -134,6 +140,7 @@ func (i *InstallTerminusdBinaryModule) Init() {
 	}
 
 	i.Tasks = []task.Interface{
+		updateHost,
 		install,
 		generateEnv,
 		generateService,

cli/pkg/daemon/prepares.go

@@ -0,0 +1,21 @@
+package daemon
+
+import (
+	"github.com/beclab/Olares/cli/pkg/common"
+	"github.com/beclab/Olares/cli/pkg/core/connector"
+	"net"
+)
+
+type HostnameNotResolvable struct {
+	common.KubePrepare
+}
+
+func (p *HostnameNotResolvable) PreCheck(runtime connector.Runtime) (bool, error) {
+	ips, _ := net.LookupIP(runtime.GetSystemInfo().GetHostname())
+	for _, ip := range ips {
+		if ip.To4() != nil && ip.To4().String() == runtime.GetSystemInfo().GetLocalIp() {
+			return false, nil
+		}
+	}
+	return true, nil
+}

cli/pkg/files/file.go

@@ -327,12 +327,6 @@ func NewKubeBinary(name, arch, osType, osVersion, osPlatformFamily, version, pre
 		component.Url = fmt.Sprintf("https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-%s.tar.gz", version)
 		component.CheckSum = false
 		component.BaseDir = filepath.Join(prePath, component.Type)
-	case installwizard:
-		component.Type = WIZARD
-		component.FileName = fmt.Sprintf("install-wizard-v%s.tar.gz", version)
-		component.Url = fmt.Sprintf("%s/install-wizard-v%s.tar.gz", component.getDownloadMirrors(downloadMirrors), version)
-		component.CheckSum = false
-		component.BaseDir = filepath.Join(prePath, fmt.Sprintf("v%s", version))
 	case cudakeyring: // + gpu
 		if strings.Contains(osVersion, "24.") {
 			version = "1.1"
@@ -385,7 +379,7 @@ func NewKubeBinary(name, arch, osType, osVersion, osPlatformFamily, version, pre
 	return component
 }
 
-func (b *KubeBinary) getDownloadMirrors(downloadMirrors string) string {
+func (b *KubeBinary) GetDownloadMirrors(downloadMirrors string) string {
 	if downloadMirrors == "" {
 		return common.DownloadUrl
 	}

cli/pkg/gpu/module.go

@@ -1,6 +1,7 @@
 package gpu
 
 import (
+	"github.com/beclab/Olares/cli/pkg/container"
 	"time"
 
 	"github.com/beclab/Olares/cli/pkg/common"
@@ -174,7 +175,7 @@ func (m *RestartContainerdModule) Init() {
 		Prepare: &prepare.PrepareCollection{
 			new(ContainerdInstalled),
 		},
-		Action:   new(RestartContainerd),
+		Action:   new(container.RestartContainerd),
 		Parallel: false,
 		Retry:    1,
 	}

cli/pkg/gpu/tasks.go

@@ -290,24 +290,13 @@ type ConfigureContainerdRuntime struct {
 }
 
 func (t *ConfigureContainerdRuntime) Execute(runtime connector.Runtime) error {
-	if _, err := runtime.GetRunner().SudoCmd("nvidia-ctk runtime configure --runtime=containerd --set-as-default --config-source=command", false, true); err != nil {
+	if _, err := runtime.GetRunner().SudoCmd("nvidia-ctk runtime configure --runtime=containerd --set-as-default --config-source=file", false, true); err != nil {
 		return errors.Wrap(errors.WithStack(err), "Failed to nvidia-ctk runtime configure")
 	}
 
 	return nil
 }
 
-type RestartContainerd struct {
-	common.KubeAction
-}
-
-func (t *RestartContainerd) Execute(runtime connector.Runtime) error {
-	if _, err := runtime.GetRunner().SudoCmd("systemctl restart containerd", false, true); err != nil {
-		return errors.Wrap(errors.WithStack(err), "Failed to restart containerd")
-	}
-	return nil
-}
-
 type InstallPlugin struct {
 	common.KubeAction
 }

cli/pkg/images/load.go

@@ -2,20 +2,19 @@ package images
 
 import (
 	"fmt"
+	"github.com/distribution/reference"
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
 
-	"github.com/containerd/containerd/pkg/cri/labels"
-	"github.com/containerd/containerd/reference/docker"
-
 	"github.com/beclab/Olares/cli/pkg/common"
 	"github.com/beclab/Olares/cli/pkg/core/cache"
 	"github.com/beclab/Olares/cli/pkg/core/connector"
 	"github.com/beclab/Olares/cli/pkg/core/logger"
 	"github.com/beclab/Olares/cli/pkg/manifest"
 	"github.com/beclab/Olares/cli/pkg/utils"
+	"github.com/containerd/containerd/pkg/cri/labels"
 )
 
 const MAX_IMPORT_RETRY int = 5
@@ -109,11 +108,18 @@ func (t *LoadImages) Execute(runtime connector.Runtime) (reserr error) {
 			loadParm = "--no-unpack"
 		}
 
+		parsedRef, err := reference.ParseNormalizedNamed(imageRepoTag)
+		if err != nil {
+			logger.Warnf("parse image name %s error: %v, skip importing", imageRepoTag, err)
+			continue
+		}
+
 		if runtime.RemoteHost().GetOs() == common.Darwin {
+			loadCmd = fmt.Sprintf("%s -p %s ssh --native-ssh=false 'sudo ctr -n k8s.io i import --index-name %s -'", minikubepath, minikubeprofile, parsedRef)
 			if HasSuffixI(imgFileName, ".tar.gz", ".tgz") {
-				loadCmd = fmt.Sprintf("gunzip -c %s | %s -p %s image load -", imageFileName, minikubepath, minikubeprofile)
+				loadCmd = fmt.Sprintf("gunzip -c %s | ", imageFileName) + loadCmd
 			} else {
-				loadCmd = fmt.Sprintf("%s -p %s image load %s", minikubepath, minikubeprofile, imageFileName)
+				loadCmd = fmt.Sprintf("cat %s | ", imageFileName) + loadCmd
 			}
 		} else {
 			switch containerManager {
@@ -121,7 +127,7 @@ func (t *LoadImages) Execute(runtime connector.Runtime) (reserr error) {
 				loadCmd = "ctr" // not implement
 			case "containerd":
 				if HasSuffixI(imgFileName, ".tar.gz", ".tgz") {
-					loadCmd = fmt.Sprintf("gunzip -c %s | ctr -n k8s.io images import %s -", imageFileName, loadParm)
+					loadCmd = fmt.Sprintf("gunzip -c %s | ctr -n k8s.io images import --index-name %s %s -", imageFileName, parsedRef, loadParm)
 				} else {
 					loadCmd = fmt.Sprintf("ctr -n k8s.io images import %s %s", imageFileName, loadParm)
 				}
@@ -157,12 +163,15 @@ func (a *PinImages) Execute(runtime connector.Runtime) error {
 		return nil
 	}
 	for _, ref := range manifests {
-		parsedRef, err := docker.ParseNormalizedNamed(ref)
+		parsedRef, err := reference.ParseNormalizedNamed(ref)
 		if err != nil {
 			logger.Warnf("parse image name %s error: %v, skip pinning", ref, err)
 			continue
 		}
 		if _, err := runtime.GetRunner().SudoCmd(fmt.Sprintf("ctr -n k8s.io i label %s %s=%s", parsedRef.String(), labels.PinnedImageLabelKey, labels.PinnedImageLabelValue), false, false); err != nil {
+			if strings.Contains(err.Error(), "DEPRECATION") {
+				continue
+			}
 			// tolerate cases where some images are not found
 			// e.g., like in the cloud environment and some images are not in the ami
 			logger.Warnf("pin image %s error: %v", parsedRef.String(), err)

cli/pkg/k3s/templates/k3sServiceEnv.go

@@ -42,5 +42,6 @@ K3S_KUBECONFIG_MODE=644
 K3S_TOKEN={{ .Token }}
 {{ end }}
 GODEBUG=netdns=go
+CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=36500
 
     `)))

cli/pkg/kubesphere/minikube.go

@@ -50,7 +50,7 @@ func (t *CreateMiniKubeCluster) Execute(runtime connector.Runtime) error {
 		}
 	}
 	logger.Infof("creating minikube cluster %s ...", t.KubeConf.Arg.MinikubeProfile)
-	cmd = fmt.Sprintf("%s start -p '%s' --kubernetes-version=v1.22.10 --container-runtime=containerd --network-plugin=cni --cni=calico --cpus='4' --memory='8g' --ports=30180:30180,443:443,80:80", minikube, t.KubeConf.Arg.MinikubeProfile)
+	cmd = fmt.Sprintf("%s start -p '%s' --kubernetes-version=v1.33.3 --container-runtime=containerd --network-plugin=cni --cni=calico --cpus='4' --memory='8g' --ports=30180:30180,443:443,80:80", minikube, t.KubeConf.Arg.MinikubeProfile)
 	if _, err := runtime.GetRunner().Cmd(cmd, false, true); err != nil {
 		return errors.Wrap(err, "failed to create minikube cluster")
 	}

cli/pkg/kubesphere/plugins/files/build/ks-core-config/values.yaml

@@ -59,14 +59,7 @@ securityContext: {}
 # Kubernetes Version shows in KubeSphere console
 # kube_version: "v1.19.4" # ! 这里要替换下
 
-env:
-- name: KUBESPHERE_REDIS_PASSWORD
-  valueFrom:
-    secretKeyRef:
-      name: redis-secret
-      key: auth
-
-tolerations: 
+tolerations:
   - key: node-role.kubernetes.io/master
     effect: NoSchedule
   - key: CriticalAddonsOnly

cli/pkg/kubesphere/plugins/files/build/ks-core/templates/ks-apiserver.yml

@@ -32,7 +32,7 @@ spec:
       - command:
         - ks-apiserver
         - --logtostderr=true
-        image: beclab/ks-apiserver:0.0.21
+        image: beclab/ks-apiserver:0.0.22
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         name: ks-apiserver
         ports:
@@ -49,10 +49,6 @@ spec:
         {{- if .Values.apiserver.extraVolumeMounts }}
           {{- toYaml .Values.apiserver.extraVolumeMounts | nindent 8 }}
         {{- end }}
-        env:
-        {{- if .Values.env }}
-        {{- toYaml .Values.env | nindent 8 }}
-        {{- end }}
         livenessProbe:
           failureThreshold: 8
           httpGet:

cli/pkg/kubesphere/plugins/files/build/ks-core/values.yaml

@@ -58,14 +58,7 @@ securityContext: {}
 # Kubernetes Version shows in KubeSphere console
 # kube_version: "v1.19.4" # ! 这里要替换下
 
-env:
-- name: KUBESPHERE_REDIS_PASSWORD
-  valueFrom:
-    secretKeyRef:
-      name: redis-secret
-      key: auth
-
-tolerations: 
+tolerations:
   - key: node-role.kubernetes.io/master
     effect: NoSchedule
   - key: CriticalAddonsOnly

cli/pkg/kubesphere/plugins/files/build/prometheus/node-exporter/node-exporter-daemonset.yaml

@@ -42,7 +42,7 @@ spec:
         - --collector.netdev.address-info
         - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)
         - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$
-        image: beclab/node-exporter:0.0.3
+        image: beclab/node-exporter:0.0.4
         name: node-exporter
         securityContext:
           privileged: true

cli/pkg/kubesphere/plugins/files/build/redis/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

cli/pkg/kubesphere/plugins/files/build/redis/Chart.yaml

@@ -1,15 +0,0 @@
-apiVersion: v2
-
-appVersion: 5.0.14
-name: redis
-description: A Helm chart for redis
-version: 0.2.0
-kubeVersion: ">=1.17.0-0"
-home: https://github.com/kubernetes-csi/external-snapshotter
-sources:
-- https://github.com/kubesphere/helm-charts
-keywords:
-- redis
-maintainers:
-- name: aby913
-  email: aby913@gmail.com

cli/pkg/kubesphere/plugins/files/build/redis/templates/setup-redis.yaml

@@ -1,136 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: redis-pvc
-  namespace: kubesphere-system
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistentVolume.size }}
-
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: redis
-    tier: database
-    version: {{ .Values.version }}
-  name: redis
-  namespace: kubesphere-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: redis
-      tier: database
-  template:
-    metadata:
-      labels:
-        app: redis
-        tier: database
-        version: {{ .Values.version }}
-    spec:
-      initContainers:
-      - name: init
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        command: ['sh', '-c', 'cat /tmp/redis/redis.conf | sed "s/REDIS_PASSWORD/$KUBESPHERE_REDIS_PASSWORD/" > /data/redis.conf']
-        volumeMounts:
-        - mountPath: /data
-          name: redis-pvc
-          subPath: redis-data
-        - name: redis-config
-          mountPath: "/tmp/redis"
-          readOnly: true
-        env:
-        - name: KUBESPHERE_REDIS_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: redis-secret
-              key: auth
-      containers:
-      - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        imagePullPolicy: IfNotPresent
-        name: redis
-        args: ["/data/redis.conf"]
-        volumeMounts:
-        - mountPath: /data
-          name: redis-pvc
-          subPath: redis-data
-        ports:
-        - containerPort: 6379
-          protocol: TCP
-        resources:
-          limits:
-            cpu: 1000m
-            memory: 1000Mi
-          requests:
-            cpu: 20m
-            memory: 100Mi
-      volumes:
-      - name: redis-pvc
-        persistentVolumeClaim:
-          claimName: redis-pvc
-      - name: redis-config
-        configMap:
-          name: redis-configmap
-      affinity:
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 100
-            preference:
-              matchExpressions:
-              - key: node-role.kubernetes.io/master
-                operator: In
-                values:
-                - ""
-      nodeSelector: {}
-      tolerations:
-        - key: node-role.kubernetes.io/master
-          effect: NoSchedule
-        - key: CriticalAddonsOnly
-          operator: Exists
-
-
-
----
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: redis-configmap
-  namespace: kubesphere-system
-  labels:
-    app: redis
-    tier: database
-    version: {{ .Values.version }}
-data:
-  redis.conf: |
-    requirepass REDIS_PASSWORD
-    masterauth REDIS_PASSWORD
-
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: redis
-    tier: database
-  name: redis
-  namespace: kubesphere-system
-spec:
-  ports:
-  - name: redis
-    port: 6379
-    protocol: TCP
-    targetPort: 6379
-  selector:
-    app: redis
-    tier: database
-  sessionAffinity: None
-  type: ClusterIP

cli/pkg/kubesphere/plugins/files/build/redis/values.yaml

@@ -1,263 +0,0 @@
-## Configure resource requests and limits
-## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-##
-version: redis-4.0
-image:
-  repository: redis
-  tag: 5.0.14-alpine
-  pullPolicy: IfNotPresent
-## replicas number for each component
-replicas: 3
-
-## Kubernetes priorityClass name for the redis-ha-server pod
-# priorityClassName: ""
-
-## Custom labels for the redis pod
-labels: {}
-
-## Pods Service Account
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
-serviceAccount:
-  ## Specifies whether a ServiceAccount should be created
-  ##
-  create: true
-  ## The name of the ServiceAccount to use.
-  ## If not set and create is true, a name is generated using the redis-ha.fullname template
-  # name:
-
-## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
-## Recommend for externally exposed Redis clusters.
-## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html
-haproxy:
-  enabled: true
-  # Enable if you want a dedicated port in haproxy for redis-slaves
-  readOnly:
-    enabled: false
-    port: 6380
-  replicas: 3
-
-  image:
-    repository: haproxy
-    tag: 2.0.25-alpine
-    pullPolicy: IfNotPresent
-  annotations: {}
-  resources: {}
-  ## Kubernetes priorityClass name for the haproxy pod
-  # priorityClassName: ""
-  ## Service type for HAProxy
-  ##
-  service:
-    type: ClusterIP
-    loadBalancerIP:
-    annotations: {}
-  serviceAccount:
-    create: true
-  ## Prometheus metric exporter for HAProxy.
-  ##
-  exporter:
-    image:
-      repository: quay.io/prometheus/haproxy-exporter
-      tag: v0.9.0
-    enabled: false
-    port: 9101
-  init:
-    resources: {}
-  timeout:
-    connect: 10s
-    server: 360s
-    client: 360s
-  securityContext:
-    runAsUser: 1000
-    fsGroup: 1000
-    runAsNonRoot: true
-
-
-## Role Based Access
-## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
-##
-rbac:
-  create: true
-
-sysctlImage:
-  enabled: false
-  command: []
-  registry: docker.io
-  repository: bitnami/minideb
-  tag: latest
-  pullPolicy: Always
-  mountHostSys: false
-
-## Use an alternate scheduler, e.g. "stork".
-## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
-##
-# schedulerName:
-
-## Redis specific configuration options
-redis:
-  port: 6379
-  masterGroupName: mymaster
-  config:
-    ## Additional redis conf options can be added below
-    ## For all available options see http://download.redis.io/redis-stable/redis.conf
-    min-replicas-to-write: 1
-    min-replicas-max-lag: 5   # Value in seconds
-    maxmemory: "0"       # Max memory to use for each redis instance. Default is unlimited.
-    maxmemory-policy: "volatile-lru"  # Max memory policy to use for each redis instance. Default is volatile-lru.
-    # Determines if scheduled RDB backups are created. Default is false.
-    # Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication.
-    save: "900 1"
-    # When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false.
-    repl-diskless-sync: "yes"
-    rdbcompression: "yes"
-    rdbchecksum: "yes"
-
-
-  ## Custom redis.conf files used to override default settings. If this file is
-  ## specified then the redis.config above will be ignored.
-  # customConfig: |-
-      # Define configuration here
-
-  resources: {}
-  #  requests:
-  #    memory: 200Mi
-  #    cpu: 100m
-  #  limits:
-  #    memory: 700Mi
-
-## Sentinel specific configuration options
-sentinel:
-  port: 26379
-  quorum: 2
-  config:
-    ## Additional sentinel conf options can be added below. Only options that
-    ## are expressed in the format simialar to 'sentinel xxx mymaster xxx' will
-    ## be properly templated.
-    ## For available options see http://download.redis.io/redis-stable/sentinel.conf
-    down-after-milliseconds: 10000
-    ## Failover timeout value in milliseconds
-    failover-timeout: 180000
-    parallel-syncs: 5
-
-  ## Custom sentinel.conf files used to override default settings. If this file is
-  ## specified then the sentinel.config above will be ignored.
-  # customConfig: |-
-      # Define configuration here
-
-  resources: {}
-  #  requests:
-  #    memory: 200Mi
-  #    cpu: 100m
-  #  limits:
-  #    memory: 200Mi
-
-securityContext:
-  runAsUser: 1000
-  fsGroup: 1000
-  runAsNonRoot: true
-
-## Node labels, affinity, and tolerations for pod assignment
-## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
-## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
-## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-nodeSelector: {}
-
-tolerations: []
-
-
-
-## Whether the Redis server pods should be forced to run on separate nodes.
-## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred.
-## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature
-##
-hardAntiAffinity: true
-
-## Additional affinities to add to the Redis server pods.
-##
-## Example:
-##   nodeAffinity:
-##     preferredDuringSchedulingIgnoredDuringExecution:
-##       - weight: 50
-##         preference:
-##           matchExpressions:
-##             - key: spot
-##               operator: NotIn
-##               values:
-##                 - "true"
-##
-## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-##
-additionalAffinities:
-  nodeAffinity:
-      preferredDuringSchedulingIgnoredDuringExecution:
-        - weight: 100
-          preference:
-            matchExpressions:
-              - key: node-role.kubernetes.io/master
-                operator: In
-                values:
-                  - ""
-
-## Override all other affinity settings for the Redis server pods with a string.
-affinity: |
-
-# Prometheus exporter specific configuration options
-exporter:
-  enabled: false
-  image: oliver006/redis_exporter
-  tag: v0.31.0
-  pullPolicy: IfNotPresent
-
-  # prometheus port & scrape path
-  port: 9121
-  scrapePath: /metrics
-
-  # cpu/memory resource limits/requests
-  resources: {}
-
-  # Additional args for redis exporter
-  extraArgs: {}
-
-podDisruptionBudget: {}
-  # maxUnavailable: 1
-  # minAvailable: 1
-
-## Configures redis with AUTH (requirepass & masterauth conf params)
-auth: true
-# redisPassword:
-
-## Use existing secret containing key `authKey` (ignores redisPassword)
-existingSecret: redis-secret
-  
-
-## Defines the key holding the redis password in existing secret.
-authKey: auth
-
-persistentVolume:
-  enabled: true
-  ## redis-ha data Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  ##
-
-  accessModes:
-    - ReadWriteOnce
-  size: 2Gi
-
-  annotations: {}
-init:
-  resources: {}
-
-# To use a hostPath for data, set persistentVolume.enabled to false
-# and define hostPath.path.
-# Warning: this might overwrite existing folders on the host system!
-hostPath:
-  ## path is evaluated as template so placeholders are replaced
-  # path: "/data/redis"
-
-  # if chown is true, an init-container with root permissions is launched to
-  # change the owner of the hostPath folder to the user defined in the
-  # security context
-  chown: true

cli/pkg/phase/cluster/create_cluster.go

@@ -39,7 +39,7 @@ func NewDarwinClusterPhase(runtime *common.KubeRuntime, manifestMap manifest.Ins
 		&kubesphere.DeployMiniKubeModule{},
 		&kubesphere.DeployModule{Skip: !runtime.Cluster.KubeSphere.Enabled},
 		&ksplugins.DeployKsPluginsModule{},
-		&ksplugins.DeployRedisModule{},
+		//&ksplugins.DeployRedisModule{},
 		&ksplugins.CreateKubeSphereSecretModule{},
 		&ksplugins.DeployKsCoreConfigModule{}, // ks-core-config
 		&ksplugins.CreateMonitorDashboardModule{},
@@ -98,7 +98,7 @@ func NewK3sCreateClusterPhase(runtime *common.KubeRuntime, manifestMap manifest.
 		&storage.DeployLocalVolumeModule{Skip: skipLocalStorage},
 		&kubesphere.DeployModule{Skip: !runtime.Cluster.KubeSphere.Enabled}, //
 		&ksplugins.DeployKsPluginsModule{},
-		&ksplugins.DeployRedisModule{},
+		//&ksplugins.DeployRedisModule{},
 		&ksplugins.CreateKubeSphereSecretModule{},
 		&ksplugins.DeployKsCoreConfigModule{}, // ks-core-config
 		&ksplugins.CreateMonitorDashboardModule{},
@@ -161,7 +161,7 @@ func NewCreateClusterPhase(runtime *common.KubeRuntime, manifestMap manifest.Ins
 		&storage.DeployLocalVolumeModule{Skip: skipLocalStorage},
 		&kubesphere.DeployModule{Skip: !runtime.Cluster.KubeSphere.Enabled},
 		&ksplugins.DeployKsPluginsModule{},
-		&ksplugins.DeployRedisModule{},
+		//&ksplugins.DeployRedisModule{},
 		&ksplugins.CreateKubeSphereSecretModule{},
 		&ksplugins.DeployKsCoreConfigModule{}, // ! ks-core-config
 		&ksplugins.CreateMonitorDashboardModule{},

cli/pkg/phase/download/download_wizard.go

@@ -8,11 +8,11 @@ import (
 	"github.com/beclab/Olares/cli/pkg/terminus"
 )
 
-func NewDownloadWizard(runtime *common.KubeRuntime) *pipeline.Pipeline {
+func NewDownloadWizard(runtime *common.KubeRuntime, urlOverride, releaseID string) *pipeline.Pipeline {
 
 	m := []module.Module{
 		&precheck.GreetingsModule{},
-		&terminus.InstallWizardDownloadModule{Version: runtime.Arg.OlaresVersion, DownloadCdnUrl: runtime.Arg.DownloadCdnUrl},
+		&terminus.InstallWizardDownloadModule{Version: runtime.Arg.OlaresVersion, DownloadCdnUrl: runtime.Arg.DownloadCdnUrl, UrlOverride: urlOverride, ReleaseID: releaseID},
 	}
 
 	return &pipeline.Pipeline{

cli/pkg/pipelines/download_wizard.go

@@ -26,7 +26,7 @@ func DownloadInstallationWizard(opts *options.CliDownloadWizardOptions) error {
 		return fmt.Errorf("--download-cdn-url invalid")
 	}
 
-	p := download.NewDownloadWizard(runtime)
+	p := download.NewDownloadWizard(runtime, opts.UrlOverride, opts.ReleaseID)
 	if err := p.Start(); err != nil {
 		logger.Errorf("download wizard failed %v", err)
 		return err

cli/pkg/pipelines/upgrade.go

@@ -2,11 +2,10 @@ package pipelines
 
 import (
 	"fmt"
-	"os"
-	"path"
-
 	"github.com/beclab/Olares/cli/pkg/upgrade"
 	"github.com/beclab/Olares/cli/pkg/utils"
+	"github.com/beclab/Olares/cli/version"
+	"path"
 
 	"github.com/beclab/Olares/cli/cmd/ctl/options"
 	"github.com/beclab/Olares/cli/pkg/common"
@@ -30,19 +29,18 @@ func UpgradeOlaresPipeline(opts *options.UpgradeOptions) error {
 		return fmt.Errorf("error parsing current Olares version: %v", err)
 	}
 
-	// validate the expected version is non-empty before the NewArgument() call
-	// as it will fall back to load the current olares release
+	// should only be and defaults to the current cli version
+	// this argument is for backwards-compatibility with older olaresd
 	if opts.Version == "" {
-		return errors.New("target version is required")
+		opts.Version = version.VERSION
 	}
 	targetVersion, err := utils.ParseOlaresVersionString(opts.Version)
 	if err != nil {
 		return fmt.Errorf("error parsing target Olares version: %v", err)
 	}
 
-	if !targetVersion.GreaterThan(currentVersion) {
-		fmt.Printf("current version is: %s, no need to upgrade to %s\n", currentVersion.String(), opts.Version)
-		os.Exit(0)
+	if err := upgrade.Check(currentVersion, targetVersion); err != nil {
+		return err
 	}
 
 	arg := common.NewArgument()
@@ -59,9 +57,8 @@ func UpgradeOlaresPipeline(opts *options.UpgradeOptions) error {
 	manifest := path.Join(runtime.GetInstallerDir(), "installation.manifest")
 	runtime.Arg.SetManifest(manifest)
 
-	upgradeModule := &upgrade.UpgradeModule{
-		CurrentVersion: currentVersion,
-		TargetVersion:  targetVersion,
+	upgradeModule := &upgrade.Module{
+		TargetVersion: targetVersion,
 	}
 
 	p := &pipeline.Pipeline{

cli/pkg/release/manifest/manifest.go

@@ -276,17 +276,17 @@ func (m *Manager) scan() error {
 
 	return nil
 }
-func (m *Manager) getLatestDailyBuildTag() (string, error) {
+func (m *Manager) getLatestDailyBuildTagAndCommit() (string, string, error) {
 	cmd := exec.Command("git", "tag", "-l")
 	cmd.Dir = m.olaresRepoRoot
 	output, err := cmd.CombinedOutput()
 	if err != nil {
-		return "", fmt.Errorf("failed to get git tags: %v", err)
+		return "", "", fmt.Errorf("failed to get git tags: %v", err)
 	}
 
 	tags := strings.Split(strings.TrimSpace(string(output)), "\n")
 	if len(tags) == 0 || (len(tags) == 1 && tags[0] == "") {
-		return "", fmt.Errorf("no git tags found")
+		return "", "", fmt.Errorf("no git tags found")
 	}
 
 	var dailyTags []string
@@ -300,7 +300,7 @@ func (m *Manager) getLatestDailyBuildTag() (string, error) {
 	}
 
 	if len(dailyTags) == 0 {
-		return "", fmt.Errorf("no daily build tags found")
+		return "", "", fmt.Errorf("no daily build tags found")
 	}
 
 	sort.Slice(dailyTags, func(i, j int) bool {
@@ -314,7 +314,13 @@ func (m *Manager) getLatestDailyBuildTag() (string, error) {
 		}
 		return iv.LessThan(jv)
 	})
-	return dailyTags[len(dailyTags)-1], nil
+	tag := dailyTags[len(dailyTags)-1]
+	parseCommitCMD := exec.Command("git", "rev-parse", "--short=7", tag)
+	commitSHA, err := parseCommitCMD.CombinedOutput()
+	if err != nil {
+		return "", "", fmt.Errorf("failed to parse git commit: %v", err)
+	}
+	return tag, strings.TrimSpace(string(commitSHA)), nil
 }
 
 // Helper function to patch extracted image name
@@ -350,7 +356,7 @@ func (m *Manager) patchComponent(component BinaryOutput) (BinaryOutput, error) {
 		return component, nil
 	}
 
-	latestDailyBuildTag, err := m.getLatestDailyBuildTag()
+	latestDailyBuildTag, latestDailyBuildCommit, err := m.getLatestDailyBuildTagAndCommit()
 	if err != nil {
 		return BinaryOutput{}, fmt.Errorf("failed to get latest daily build tag (required to replace olaresd version): %v", err)
 	}
@@ -360,6 +366,11 @@ func (m *Manager) patchComponent(component BinaryOutput) (BinaryOutput, error) {
 	component.Name = strings.ReplaceAll(component.Name, "#__VERSION__", latestDailyBuildTag)
 	component.AMD64 = strings.ReplaceAll(component.AMD64, "#__VERSION__", latestDailyBuildTag)
 	component.ARM64 = strings.ReplaceAll(component.ARM64, "#__VERSION__", latestDailyBuildTag)
+
+	releaseIDSuffix := fmt.Sprintf(".%s", latestDailyBuildCommit)
+	component.Name = strings.ReplaceAll(component.Name, "#__RELEASE_ID_SUFFIX__", releaseIDSuffix)
+	component.AMD64 = strings.ReplaceAll(component.AMD64, "#__RELEASE_ID_SUFFIX__", releaseIDSuffix)
+	component.ARM64 = strings.ReplaceAll(component.ARM64, "#__RELEASE_ID_SUFFIX__", releaseIDSuffix)
 	return component, nil
 
 }

cli/pkg/storage/juicefs.go

@@ -269,3 +269,14 @@ func getManagedMinIOAccessFlags(localIp string) (string, error) {
 	return fmt.Sprintf(" --storage minio --bucket http://%s:9000/%s --access-key %s --secret-key %s",
 		localIp, cc.OlaresDir, MinioRootUser, minioPassword), nil
 }
+
+func GetRootFSType() string {
+	if util.IsExist(JuiceFsServiceFile) {
+		return "jfs"
+	}
+	return "fs"
+}
+
+func init() {
+	common.TerminusGlobalEnvs["OLARES_FS_TYPE"] = GetRootFSType()
+}

cli/pkg/terminus/apps.go

@@ -82,10 +82,10 @@ func (u *PrepareAppValues) Execute(runtime connector.Runtime) error {
 	defer cancel()
 
 	ns := fmt.Sprintf("user-space-%s", u.KubeConf.Arg.User.UserName)
-	redisPassword, err := getRedisPassword(client, runtime)
-	if err != nil {
-		return err
-	}
+	//redisPassword, err := getRedisPassword(client, runtime)
+	//if err != nil {
+	//	return err
+	//}
 
 	bfDocUrl, _ := getDocUrl(ctx, runtime)
 	bflNodeName, err := getBflPod(ctx, ns, client, runtime)
@@ -96,7 +96,7 @@ func (u *PrepareAppValues) Execute(runtime connector.Runtime) error {
 	if err != nil {
 		return err
 	}
-	fsType := getRootFSType()
+	fsType := storage.GetRootFSType()
 	gpuType := getGpuType(u.KubeConf.Arg.GPU.Enable)
 	appValues := getAppSecrets(getAppPatches())
 
@@ -131,9 +131,9 @@ func (u *PrepareAppValues) Execute(runtime connector.Runtime) error {
 		"gpu":          gpuType,
 		"fs_type":      fsType,
 		"os":           appValues,
-		"kubesphere": map[string]interface{}{
-			"redis_password": redisPassword,
-		},
+		//"kubesphere": map[string]interface{}{
+		//	"redis_password": redisPassword,
+		//},
 		common.HelmValuesKeyTerminusGlobalEnvs: common.TerminusGlobalEnvs,
 		common.HelmValuesKeyOlaresRootFSPath:   storage.OlaresRootDir,
 	}

cli/pkg/terminus/modules.go

@@ -33,6 +33,8 @@ type InstallWizardDownloadModule struct {
 	common.KubeModule
 	Version        string
 	DownloadCdnUrl string
+	UrlOverride    string
+	ReleaseID      string
 }
 
 func (m *InstallWizardDownloadModule) Init() {
@@ -42,6 +44,8 @@ func (m *InstallWizardDownloadModule) Init() {
 		Action: &Download{
 			Version:        m.Version,
 			DownloadCdnUrl: m.DownloadCdnUrl,
+			UrlOverride:    m.UrlOverride,
+			ReleaseID:      m.ReleaseID,
 		},
 		Retry: 1,
 	}

cli/pkg/terminus/ossystem.go

@@ -27,27 +27,12 @@ type InstallOsSystem struct {
 }
 
 func (t *InstallOsSystem) Execute(runtime connector.Runtime) error {
-	kubectl, err := util.GetCommand(common.CommandKubectl)
-	if err != nil {
-		return errors.Wrap(errors.WithStack(err), "kubectl not found")
-	}
-
 	if !runtime.GetSystemInfo().IsDarwin() {
 		if _, err := runtime.GetRunner().SudoCmd(fmt.Sprintf("mkdir -p %s && chown 1000:1000 %s", storage.OlaresSharedLibDir, storage.OlaresSharedLibDir), false, false); err != nil {
 			return errors.Wrap(errors.WithStack(err), "failed to create shared lib dir")
 		}
 	}
 
-	var cmd = fmt.Sprintf("%s get secret -n kubesphere-system redis-secret -o jsonpath='{.data.auth}' |base64 -d", kubectl)
-	redisPwd, err := runtime.GetRunner().SudoCmd(cmd, false, false)
-	if err != nil {
-		return errors.Wrap(errors.WithStack(err), "get redis secret error")
-	}
-
-	if redisPwd == "" {
-		return fmt.Errorf("redis secret not found")
-	}
-
 	config, err := ctrl.GetConfig()
 	if err != nil {
 		return err
@@ -61,7 +46,6 @@ func (t *InstallOsSystem) Execute(runtime connector.Runtime) error {
 	defer cancel()
 
 	vals := map[string]interface{}{
-		"kubesphere": map[string]interface{}{"redis_password": redisPwd},
 		"backup": map[string]interface{}{
 			"bucket":           t.KubeConf.Arg.Storage.BackupClusterBucket,
 			"key_prefix":       t.KubeConf.Arg.Storage.StoragePrefix,
@@ -70,7 +54,7 @@ func (t *InstallOsSystem) Execute(runtime connector.Runtime) error {
 		},
 		"gpu":                                  getGpuType(t.KubeConf.Arg.GPU.Enable),
 		"s3_bucket":                            t.KubeConf.Arg.Storage.StorageBucket,
-		"fs_type":                              getRootFSType(),
+		"fs_type":                              storage.GetRootFSType(),
 		common.HelmValuesKeyTerminusGlobalEnvs: common.TerminusGlobalEnvs,
 		common.HelmValuesKeyOlaresRootFSPath:   storage.OlaresRootDir,
 	}
@@ -296,13 +280,6 @@ func cloudValue(cloudInstance bool) string {
 	return ""
 }
 
-func getRootFSType() string {
-	if util.IsExist(storage.JuiceFsServiceFile) {
-		return "jfs"
-	}
-	return "fs"
-}
-
 func getRedisPassword(client clientset.Client, runtime connector.Runtime) (string, error) {
 	secret, err := client.Kubernetes().CoreV1().Secrets(common.NamespaceKubesphereSystem).Get(context.Background(), "redis-secret", metav1.GetOptions{})
 	if err != nil {

cli/pkg/terminus/tasks.go

@@ -5,10 +5,12 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
+	"github.com/beclab/Olares/cli/version"
 	"io/fs"
 	"io/ioutil"
 	"net"
 	"net/http"
+	"net/url"
 	"os"
 	"os/exec"
 	"path"
@@ -91,23 +93,24 @@ func (t *CheckKeyPodsRunning) Execute(runtime connector.Runtime) error {
 			logger.Debugf("skipping pod %s that's not on node %s", pod.Name, t.Node)
 			continue
 		}
-		if strings.HasPrefix(pod.Namespace, "user-space") ||
-			strings.HasPrefix(pod.Namespace, "user-system") ||
-			pod.Namespace == "os-platform" ||
-			pod.Namespace == "os-framework" {
-			if pod.Status.Phase != corev1.PodRunning {
-				return fmt.Errorf("pod %s/%s is not running", pod.Namespace, pod.Name)
+		if !strings.HasPrefix(pod.Namespace, "user-") && !strings.HasPrefix(pod.Namespace, "os-") {
+			continue
+		}
+		if pod.Status.Phase != corev1.PodRunning {
+			return fmt.Errorf("pod %s/%s is not running", pod.Namespace, pod.Name)
+		}
+		if len(pod.Status.ContainerStatuses) != len(pod.Spec.Containers) {
+			return fmt.Errorf("pod %s/%s has not started all containers yet", pod.Namespace, pod.Name)
+		}
+		for _, cStatus := range pod.Status.ContainerStatuses {
+			if cStatus.State.Terminated != nil && cStatus.State.Terminated.ExitCode != 0 {
+				return fmt.Errorf("container %s in pod %s/%s is terminated", cStatus.Name, pod.Namespace, pod.Name)
 			}
-			if len(pod.Status.ContainerStatuses) == 0 {
-				return fmt.Errorf("pod %s/%s has no container statuses yet", pod.Namespace, pod.Name)
+			if cStatus.State.Running == nil {
+				return fmt.Errorf("container %s in pod %s/%s is not running", cStatus.Name, pod.Namespace, pod.Name)
 			}
-			for _, cStatus := range pod.Status.ContainerStatuses {
-				if cStatus.State.Terminated != nil && cStatus.State.Terminated.ExitCode != 0 {
-					return fmt.Errorf("container %s in pod %s/%s is terminated", cStatus.Name, pod.Namespace, pod.Name)
-				}
-				if cStatus.State.Running == nil {
-					return fmt.Errorf("container %s in pod %s/%s is not running", cStatus.Name, pod.Namespace, pod.Name)
-				}
+			if !cStatus.Ready {
+				return fmt.Errorf("container %s in pod %s/%s is not ready", cStatus.Name, pod.Namespace, pod.Name)
 			}
 		}
 	}
@@ -154,28 +157,43 @@ type Download struct {
 	Version        string
 	BaseDir        string
 	DownloadCdnUrl string
+	UrlOverride    string
+	ReleaseID      string
 }
 
 func (t *Download) Execute(runtime connector.Runtime) error {
-	if t.KubeConf.Arg.OlaresVersion == "" {
+	if t.UrlOverride == "" && t.KubeConf.Arg.OlaresVersion == "" {
 		return errors.New("unknown version to download")
 	}
 
-	var fetchMd5 = fmt.Sprintf("curl -sSfL %s/install-wizard-v%s.md5sum.txt |awk '{print $1}'", t.DownloadCdnUrl, t.Version)
-	md5sum, err := runtime.GetRunner().Cmd(fetchMd5, false, false)
-	if err != nil {
-		return errors.New("get md5sum failed")
+	var stem string
+	if t.ReleaseID != "" {
+		stem = fmt.Sprintf("install-wizard-v%s.%s", t.Version, t.ReleaseID)
+	} else {
+		stem = fmt.Sprintf("install-wizard-v%s", t.Version)
+	}
+	wizard := &files.KubeBinary{
+		ID:       "install-wizard",
+		Type:     files.WIZARD,
+		BaseDir:  filepath.Join(runtime.GetBaseDir(), "versions", fmt.Sprintf("v%s", t.Version)),
+		FileName: fmt.Sprintf("%s.tar.gz", stem),
 	}
 
-	var osArch = runtime.GetSystemInfo().GetOsArch()
-	var osType = runtime.GetSystemInfo().GetOsType()
-	var osVersion = runtime.GetSystemInfo().GetOsVersion()
-	var osPlatformFamily = runtime.GetSystemInfo().GetOsPlatformFamily()
-	var baseDir = runtime.GetBaseDir()
-	var prePath = path.Join(baseDir, "versions")
-	var wizard = files.NewKubeBinary("install-wizard", osArch, osType, osVersion, osPlatformFamily, t.Version, prePath, t.DownloadCdnUrl)
-	wizard.CheckMd5Sum = true
-	wizard.Md5sum = md5sum
+	if t.UrlOverride == "" {
+		md5URL, _ := url.JoinPath(wizard.GetDownloadMirrors(t.DownloadCdnUrl), version.VENDOR_REPO_PATH, fmt.Sprintf("%s.md5sum.txt", stem))
+		var fetchMd5 = fmt.Sprintf("curl -sSfL %s |awk '{print $1}'", md5URL)
+		md5sum, err := runtime.GetRunner().Cmd(fetchMd5, false, false)
+		if err != nil {
+			return errors.New("get md5sum failed")
+		}
+		wizard.Url, _ = url.JoinPath(wizard.GetDownloadMirrors(t.DownloadCdnUrl), version.VENDOR_REPO_PATH, fmt.Sprintf("%s.tar.gz", stem))
+		wizard.CheckMd5Sum = true
+		wizard.Md5sum = md5sum
+	} else {
+		wizard.CheckMd5Sum = false
+		wizard.Url = t.UrlOverride
+		util.RemoveFile(wizard.Path())
+	}
 
 	if err := wizard.CreateBaseDir(); err != nil {
 		return errors.Wrapf(errors.WithStack(err), "create file %s base dir failed", wizard.FileName)

cli/pkg/upgrade/1_12_0_20250702.go

@@ -0,0 +1,94 @@
+package upgrade
+
+import (
+	"fmt"
+	"github.com/Masterminds/semver/v3"
+	"github.com/beclab/Olares/cli/pkg/common"
+	"github.com/beclab/Olares/cli/pkg/core/connector"
+	"github.com/beclab/Olares/cli/pkg/core/logger"
+	"github.com/beclab/Olares/cli/pkg/core/task"
+	"os"
+	"strings"
+)
+
+type upgrader_1_12_0_20250702 struct {
+	breakingUpgraderBase
+}
+
+func (u upgrader_1_12_0_20250702) Version() *semver.Version {
+	return semver.MustParse("1.12.0-20250702")
+}
+
+func (u upgrader_1_12_0_20250702) PrepareForUpgrade() []task.Interface {
+	preTasks := []task.Interface{
+		&task.LocalTask{
+			Name:   "UpdateSysctlReservedPorts",
+			Action: new(updateSysctlReservedPorts),
+		},
+	}
+	return append(preTasks, u.upgraderBase.PrepareForUpgrade()...)
+}
+
+type updateSysctlReservedPorts struct {
+	common.KubeAction
+}
+
+func (u *updateSysctlReservedPorts) Execute(runtime connector.Runtime) error {
+	const sysctlFile = "/etc/sysctl.conf"
+	const reservedPortsKey = "net.ipv4.ip_local_reserved_ports"
+	const expectedValue = "30000-32767,46800-50000"
+
+	content, err := os.ReadFile(sysctlFile)
+	if err != nil {
+		return fmt.Errorf("failed to read sysctl.conf: %v", err)
+	}
+
+	lines := strings.Split(string(content), "\n")
+	var foundKey bool
+	var needUpdate bool
+	var updatedLines []string
+
+	for _, line := range lines {
+		trimmedLine := strings.TrimSpace(line)
+		if strings.HasPrefix(trimmedLine, reservedPortsKey) {
+			foundKey = true
+			parts := strings.SplitN(trimmedLine, "=", 2)
+			if len(parts) == 2 {
+				currentValue := strings.TrimSpace(parts[1])
+				if currentValue != expectedValue {
+					logger.Infof("updating %s from %s to %s", reservedPortsKey, currentValue, expectedValue)
+					updatedLines = append(updatedLines, fmt.Sprintf("%s=%s", reservedPortsKey, expectedValue))
+					needUpdate = true
+				} else {
+					updatedLines = append(updatedLines, line)
+				}
+			} else {
+				updatedLines = append(updatedLines, line)
+			}
+		} else {
+			updatedLines = append(updatedLines, line)
+		}
+	}
+
+	if !foundKey {
+		logger.Infof("key %s not found in sysctl.conf, adding it", reservedPortsKey)
+		updatedLines = append(updatedLines, fmt.Sprintf("%s=%s", reservedPortsKey, expectedValue))
+		needUpdate = true
+	}
+
+	if needUpdate {
+		updatedContent := strings.Join(updatedLines, "\n")
+		if err := os.WriteFile(sysctlFile, []byte(updatedContent), 0644); err != nil {
+			return fmt.Errorf("failed to write updated sysctl.conf: %v", err)
+		}
+
+		if _, err := runtime.GetRunner().SudoCmd("sysctl -p", false, false); err != nil {
+			return fmt.Errorf("failed to reload sysctl: %v", err)
+		}
+		logger.Infof("updated and reloaded sysctl configuration")
+	} else {
+		logger.Debugf("%s already has the expected value: %s", reservedPortsKey, expectedValue)
+	}
+
+	return nil
+}

cli/pkg/upgrade/1_12_0_20250723.go

@@ -0,0 +1,50 @@
+package upgrade
+
+import (
+	"github.com/Masterminds/semver/v3"
+	"github.com/beclab/Olares/cli/pkg/common"
+	"github.com/beclab/Olares/cli/pkg/container"
+	"github.com/beclab/Olares/cli/pkg/core/connector"
+	"github.com/beclab/Olares/cli/pkg/core/task"
+	"github.com/beclab/Olares/cli/pkg/manifest"
+)
+
+type upgrader_1_12_0_20250723 struct {
+	breakingUpgraderBase
+}
+
+func (u upgrader_1_12_0_20250723) Version() *semver.Version {
+	return semver.MustParse("1.12.0-20250723")
+}
+
+func (u upgrader_1_12_0_20250723) PrepareForUpgrade() []task.Interface {
+	preTasks := []task.Interface{
+		&task.LocalTask{
+			Name:   "UpgradeContainerd",
+			Action: new(upgradeContainerd),
+		},
+		&task.LocalTask{
+			Name:   "RestartContainerd",
+			Action: new(container.RestartContainerd),
+		},
+	}
+	return append(preTasks, u.upgraderBase.PrepareForUpgrade()...)
+}
+
+type upgradeContainerd struct {
+	common.KubeAction
+}
+
+func (u *upgradeContainerd) Execute(runtime connector.Runtime) error {
+	m, err := manifest.ReadAll(u.KubeConf.Arg.Manifest)
+	if err != nil {
+		return err
+	}
+	action := &container.SyncContainerd{
+		ManifestAction: manifest.ManifestAction{
+			Manifest: m,
+			BaseDir:  runtime.GetBaseDir(),
+		},
+	}
+	return action.Execute(runtime)
+}

cli/pkg/upgrade/1_12_0_20250730.go

@@ -0,0 +1,112 @@
+package upgrade
+
+import (
+	"fmt"
+	"github.com/Masterminds/semver/v3"
+	"github.com/beclab/Olares/cli/pkg/bootstrap/precheck"
+	"github.com/beclab/Olares/cli/pkg/common"
+	"github.com/beclab/Olares/cli/pkg/core/connector"
+	"github.com/beclab/Olares/cli/pkg/core/task"
+	"github.com/beclab/Olares/cli/pkg/core/util"
+	"github.com/beclab/Olares/cli/pkg/gpu"
+	k3stemplates "github.com/beclab/Olares/cli/pkg/k3s/templates"
+	"github.com/beclab/Olares/cli/pkg/manifest"
+	"github.com/beclab/Olares/cli/pkg/terminus"
+	"github.com/pkg/errors"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+type upgrader_1_12_0_20250730 struct {
+	breakingUpgraderBase
+}
+
+func (u upgrader_1_12_0_20250730) Version() *semver.Version {
+	return semver.MustParse("1.12.0-20250730")
+}
+
+func (u upgrader_1_12_0_20250730) PrepareForUpgrade() []task.Interface {
+	var preTasks []task.Interface
+	if util.IsExist(filepath.Join("/etc/systemd/system/", k3stemplates.K3sService.Name())) {
+		preTasks = append(preTasks,
+			&task.LocalTask{
+				Name:   "UpgradeK3sBinary",
+				Action: new(upgradeK3sBinary),
+			},
+			&task.LocalTask{
+				Name:   "UpdateK3sServiceEnv",
+				Action: new(injectK3sCertExpireTime),
+			},
+			&task.LocalTask{
+				Name: "RestartK3sService",
+				Action: &terminus.SystemctlCommand{
+					UnitNames:           []string{common.K3s},
+					Command:             "restart",
+					DaemonReloadPreExec: true,
+				},
+			},
+			&task.LocalTask{
+				Name:   "WaitForKubeAPIServerUp",
+				Action: new(precheck.GetKubernetesNodesStatus),
+				Retry:  10,
+				Delay:  10,
+			})
+	}
+	return append(preTasks, u.upgraderBase.PrepareForUpgrade()...)
+}
+
+func (u upgrader_1_12_0_20250730) UpgradeSystemComponents() []task.Interface {
+	preTasks := []task.Interface{
+		&task.LocalTask{
+			Name:   "UpgradeGPUPlugin",
+			Action: new(gpu.InstallPlugin),
+		},
+	}
+	return append(preTasks, u.upgraderBase.UpgradeSystemComponents()...)
+}
+
+type upgradeK3sBinary struct {
+	common.KubeAction
+}
+
+func (u *upgradeK3sBinary) Execute(runtime connector.Runtime) error {
+	m, err := manifest.ReadAll(u.KubeConf.Arg.Manifest)
+	if err != nil {
+		return err
+	}
+	binary, err := m.Get(common.K3s)
+	if err != nil {
+		return fmt.Errorf("get k3s binary info failed: %v", err)
+	}
+
+	path := binary.FilePath(runtime.GetBaseDir())
+	dst := filepath.Join(common.BinDir, common.K3s)
+	// replacing the binary does not interrupt the running k3s server
+	if err := runtime.GetRunner().SudoScp(path, dst); err != nil {
+		return errors.Wrap(errors.WithStack(err), fmt.Sprintf("upgrade k3s binary failed"))
+	}
+	if _, err := runtime.GetRunner().SudoCmd(fmt.Sprintf("chmod +x %s", dst), false, false); err != nil {
+		return err
+	}
+	return nil
+}
+
+type injectK3sCertExpireTime struct {
+	common.KubeAction
+}
+
+func (u *injectK3sCertExpireTime) Execute(runtime connector.Runtime) error {
+	expireTimeEnv := "CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS"
+	envFile := filepath.Join("/etc/systemd/system/", k3stemplates.K3sServiceEnv.Name())
+	content, err := os.ReadFile(envFile)
+	if err != nil && !os.IsNotExist(err) {
+		return fmt.Errorf("failed to read k3s service env file: %v", err)
+	}
+	if strings.Contains(string(content), expireTimeEnv) {
+		return nil
+	}
+	newContent := string(content) + fmt.Sprintf("\n%s=36500\n", expireTimeEnv)
+	err = os.WriteFile(envFile, []byte(newContent), 0644)
+	return err
+}

cli/pkg/upgrade/1_12_1.go

@@ -0,0 +1,37 @@
+package upgrade
+
+import (
+	"github.com/Masterminds/semver/v3"
+	"github.com/beclab/Olares/cli/version"
+)
+
+var version_12_1_1 = semver.MustParse("1.12.1")
+
+type upgrader_1_12_1 struct {
+	breakingUpgraderBase
+}
+
+func (u upgrader_1_12_1) Version() *semver.Version {
+	cliVersion, err := semver.NewVersion(version.VERSION)
+	// tolerate local dev version
+	if err != nil {
+		return version_12_1_1
+	}
+	if samePatchLevelVersion(version_12_1_1, cliVersion) && getReleaseLineOfVersion(cliVersion) == mainLine {
+		return cliVersion
+	}
+	return version_12_1_1
+}
+
+func (u upgrader_1_12_1) AddedBreakingChange() bool {
+	if u.Version().Equal(version_12_1_1) {
+		// if this version introduced breaking change
+		return true
+	}
+	if u.Version().Equal(semver.MustParse("1.12.1-alpha.2")) {
+		// if this alpha version introduced more breaking change
+		// halfway through release
+		return true
+	}
+	return false
+}

cli/pkg/upgrade/base.go

@@ -3,9 +3,13 @@ package upgrade
 import (
 	"context"
 	"fmt"
+	"github.com/beclab/Olares/cli/pkg/core/task"
+	"github.com/beclab/Olares/cli/pkg/terminus"
+	iamv1alpha2 "github.com/beclab/api/iam/v1alpha2"
+	kruntime "k8s.io/apimachinery/pkg/runtime"
 	"os"
 	"path"
-	"strings"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 
 	"github.com/beclab/Olares/cli/pkg/common"
@@ -14,44 +18,161 @@ import (
 	"github.com/beclab/Olares/cli/pkg/utils"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/kubernetes"
-	metadataclient "k8s.io/client-go/metadata"
 	ctrl "sigs.k8s.io/controller-runtime"
 )
 
-type PrepareUserInfoForUpgrade struct {
+type breakingUpgraderBase struct {
+	upgraderBase
+}
+
+func (u breakingUpgraderBase) AddedBreakingChange() bool {
+	return true
+}
+
+// upgraderBase is the general-purpose upgrader implementation
+// for upgrading across versions without any breaking changes.
+// Other implementations of breakingUpgrader,
+// targeted for versions with breaking changes,
+// should use this as a base for injecting and/or rewriting specific tasks as needed
+type upgraderBase struct{}
+
+func (u upgraderBase) AddedBreakingChange() bool {
+	return false
+}
+
+func (u upgraderBase) PrepareForUpgrade() []task.Interface {
+	return []task.Interface{
+		&task.LocalTask{
+			Name:   "PrepareUserInfoForUpgrade",
+			Action: new(prepareUserInfoForUpgrade),
+			Retry:  5,
+		},
+	}
+}
+
+func (u upgraderBase) ClearAppChartValues() []task.Interface {
+	return []task.Interface{
+		&task.LocalTask{
+			Name:   "ClearAppChartValues",
+			Action: new(terminus.ClearAppValues),
+		},
+	}
+}
+
+func (u upgraderBase) ClearBFLChartValues() []task.Interface {
+	return []task.Interface{
+		&task.LocalTask{
+			Name:   "ClearBFLChartValues",
+			Action: new(terminus.ClearBFLValues),
+		},
+	}
+}
+
+func (u upgraderBase) UpdateChartsInAppService() []task.Interface {
+	return []task.Interface{
+		&task.LocalTask{
+			Name:   "UpdateChartsInAppService",
+			Action: new(terminus.CopyAppServiceHelmFiles),
+			Retry:  5,
+		},
+	}
+}
+
+func (u upgraderBase) UpgradeUserComponents() []task.Interface {
+	return []task.Interface{
+		&task.LocalTask{
+			Name:   "UpgradeUserComponents",
+			Action: new(upgradeUserComponents),
+			Retry:  5,
+			Delay:  15 * time.Second,
+		},
+	}
+}
+
+func (u upgraderBase) UpdateReleaseFile() []task.Interface {
+	return []task.Interface{
+		&task.LocalTask{
+			Name:   "UpdateReleaseFile",
+			Action: new(terminus.WriteReleaseFile),
+		},
+	}
+}
+
+func (u upgraderBase) UpgradeSystemComponents() []task.Interface {
+	// this task updates the version in the CR
+	// so put this at last to make the whole pipeline
+	// reentrant
+	return []task.Interface{
+		&task.LocalTask{
+			Name:   "UpgradeSystemComponents",
+			Action: new(upgradeSystemComponents),
+			Retry:  10,
+			Delay:  15 * time.Second,
+		},
+	}
+}
+
+func (u upgraderBase) UpdateOlaresVersion() []task.Interface {
+	return []task.Interface{
+		&task.LocalTask{
+			Name:   "UpdateOlaresVersion",
+			Action: new(updateOlaresVersion),
+		},
+	}
+}
+
+func (u upgraderBase) PostUpgrade() []task.Interface {
+	return []task.Interface{
+		&task.LocalTask{
+			Name:   "EnsurePodsUpAndRunningAgain",
+			Action: new(terminus.CheckKeyPodsRunning),
+			Delay:  15 * time.Second,
+			Retry:  60,
+		},
+	}
+}
+
+type prepareUserInfoForUpgrade struct {
 	common.KubeAction
 }
 
-func (p *PrepareUserInfoForUpgrade) Execute(runtime connector.Runtime) error {
+func (p *prepareUserInfoForUpgrade) Execute(runtime connector.Runtime) error {
 	config, err := ctrl.GetConfig()
 	if err != nil {
 		return fmt.Errorf("failed to get rest config: %s", err)
 	}
-	// we only need user's metadata, this avoids the dependency on kubesphere's module
-	metadataClient, err := metadataclient.NewForConfig(config)
+	scheme := kruntime.NewScheme()
+	err = iamv1alpha2.AddToScheme(scheme)
 	if err != nil {
-		return fmt.Errorf("failed to get metadata client: %s", err)
+		return fmt.Errorf("failed to add user scheme: %s", err)
 	}
-	userGVR := schema.GroupVersionResource{
-		Group:    "iam.kubesphere.io",
-		Version:  "v1alpha2",
-		Resource: "users",
+	userClient, err := ctrlclient.New(config, ctrlclient.Options{Scheme: scheme})
+	if err != nil {
+		return fmt.Errorf("failed to create client: %s", err)
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
 	defer cancel()
-	users, err := metadataClient.Resource(userGVR).List(ctx, metav1.ListOptions{})
+	var userList iamv1alpha2.UserList
+	err = userClient.List(ctx, &userList)
 	if err != nil {
 		return fmt.Errorf("failed to list users: %s", err)
 	}
-	var usersToUpgrade []metav1.PartialObjectMetadata
+	var usersToUpgrade []iamv1alpha2.User
 	var adminUser string
 	client, err := kubernetes.NewForConfig(config)
 	if err != nil {
 		return fmt.Errorf("failed to create kubernetes client: %s", err)
 	}
-	for _, user := range users.Items {
+	for _, user := range userList.Items {
+		if user.Status.State == "Failed" {
+			logger.Infof("skipping user %s that failed to be created", user.Name)
+			continue
+		}
+		if user.Status.State == "Deleting" || user.DeletionTimestamp != nil {
+			logger.Infof("skipping user %s that's being deleted", user.Name)
+			continue
+		}
 		ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
 		defer cancel()
 		_, err := client.CoreV1().Namespaces().Get(ctx, fmt.Sprintf("user-space-%s", user.Name), metav1.GetOptions{})
@@ -63,7 +184,7 @@ func (p *PrepareUserInfoForUpgrade) Execute(runtime connector.Runtime) error {
 			return fmt.Errorf("failed to get user-space-%x: %v", user.Name, err)
 		}
 		usersToUpgrade = append(usersToUpgrade, user)
-		if role, ok := user.Annotations["bytetrade.io/owner-role"]; ok && role == "platform-admin" {
+		if role, ok := user.Annotations["bytetrade.io/owner-role"]; ok && role == "owner" {
 			adminUser = user.Name
 		}
 	}
@@ -79,11 +200,11 @@ func (p *PrepareUserInfoForUpgrade) Execute(runtime connector.Runtime) error {
 	return nil
 }
 
-type UpgradeUserComponents struct {
+type upgradeUserComponents struct {
 	common.KubeAction
 }
 
-func (u *UpgradeUserComponents) Execute(runtime connector.Runtime) error {
+func (u *upgradeUserComponents) Execute(runtime connector.Runtime) error {
 	config, err := ctrl.GetConfig()
 	if err != nil {
 		return fmt.Errorf("failed to get rest config: %s", err)
@@ -97,7 +218,7 @@ func (u *UpgradeUserComponents) Execute(runtime connector.Runtime) error {
 	if !ok {
 		return fmt.Errorf("no users to upgrade found in cache")
 	}
-	users := usersCache.([]metav1.PartialObjectMetadata)
+	users := usersCache.([]iamv1alpha2.User)
 	adminUserCache, ok := u.PipelineCache.Get(common.CacheUpgradeAdminUser)
 	if !ok {
 		return fmt.Errorf("no admin user to upgrade found in cache")
@@ -154,7 +275,7 @@ func (u *UpgradeUserComponents) Execute(runtime connector.Runtime) error {
 		}
 
 		var wizardNeedUpgrade bool
-		if wizardStatus, ok := user.Annotations["bytetrade.io/wizard-status"]; ok && wizardStatus == "completed" {
+		if wizardStatus, ok := user.Annotations["bytetrade.io/wizard-status"]; !ok || wizardStatus != "completed" {
 			wizardNeedUpgrade = true
 		}
 
@@ -178,11 +299,11 @@ func (u *UpgradeUserComponents) Execute(runtime connector.Runtime) error {
 	return nil
 }
 
-type UpgradeSystemComponents struct {
+type upgradeSystemComponents struct {
 	common.KubeAction
 }
 
-func (u *UpgradeSystemComponents) Execute(runtime connector.Runtime) error {
+func (u *upgradeSystemComponents) Execute(runtime connector.Runtime) error {
 	config, err := ctrl.GetConfig()
 	if err != nil {
 		return fmt.Errorf("failed to get rest config: %s", err)
@@ -223,66 +344,26 @@ func (u *UpgradeSystemComponents) Execute(runtime connector.Runtime) error {
 	return nil
 }
 
-type UpdateSysctlReservedPorts struct {
+type updateOlaresVersion struct {
 	common.KubeAction
 }
 
-func (u *UpdateSysctlReservedPorts) Execute(runtime connector.Runtime) error {
-	const sysctlFile = "/etc/sysctl.conf"
-	const reservedPortsKey = "net.ipv4.ip_local_reserved_ports"
-	const expectedValue = "30000-32767,46800-50000"
-
-	content, err := os.ReadFile(sysctlFile)
+func (u *updateOlaresVersion) Execute(runtime connector.Runtime) error {
+	config, err := ctrl.GetConfig()
 	if err != nil {
-		return fmt.Errorf("failed to read sysctl.conf: %v", err)
+		return fmt.Errorf("failed to get rest config: %s", err)
 	}
-
-	lines := strings.Split(string(content), "\n")
-	var foundKey bool
-	var needUpdate bool
-	var updatedLines []string
-
-	for _, line := range lines {
-		trimmedLine := strings.TrimSpace(line)
-		if strings.HasPrefix(trimmedLine, reservedPortsKey) {
-			foundKey = true
-			parts := strings.SplitN(trimmedLine, "=", 2)
-			if len(parts) == 2 {
-				currentValue := strings.TrimSpace(parts[1])
-				if currentValue != expectedValue {
-					logger.Infof("updating %s from %s to %s", reservedPortsKey, currentValue, expectedValue)
-					updatedLines = append(updatedLines, fmt.Sprintf("%s=%s", reservedPortsKey, expectedValue))
-					needUpdate = true
-				} else {
-					updatedLines = append(updatedLines, line)
-				}
-			} else {
-				updatedLines = append(updatedLines, line)
-			}
-		} else {
-			updatedLines = append(updatedLines, line)
-		}
+	actionConfig, settings, err := utils.InitConfig(config, common.NamespaceDefault)
+	if err != nil {
+		return err
 	}
+	ctx, cancelSettings := context.WithTimeout(context.Background(), 3*time.Minute)
+	defer cancelSettings()
+	settingsChartPath := path.Join(runtime.GetInstallerDir(), "wizard", "config", "settings")
 
-	if !foundKey {
-		logger.Infof("key %s not found in sysctl.conf, adding it", reservedPortsKey)
-		updatedLines = append(updatedLines, fmt.Sprintf("%s=%s", reservedPortsKey, expectedValue))
-		needUpdate = true
+	vals := map[string]interface{}{"version": u.KubeConf.Arg.OlaresVersion}
+	if err := utils.UpgradeCharts(ctx, actionConfig, settings, common.ChartNameSettings, settingsChartPath, "", common.NamespaceDefault, vals, true); err != nil {
+		return err
 	}
-
-	if needUpdate {
-		updatedContent := strings.Join(updatedLines, "\n")
-		if err := os.WriteFile(sysctlFile, []byte(updatedContent), 0644); err != nil {
-			return fmt.Errorf("failed to write updated sysctl.conf: %v", err)
-		}
-
-		if _, err := runtime.GetRunner().SudoCmd("sysctl -p", false, false); err != nil {
-			return fmt.Errorf("failed to reload sysctl: %v", err)
-		}
-		logger.Infof("updated and reloaded sysctl configuration")
-	} else {
-		logger.Debugf("%s already has the expected value: %s", reservedPortsKey, expectedValue)
-	}
-
 	return nil
 }

cli/pkg/upgrade/interfaces.go

@@ -0,0 +1,24 @@
+package upgrade
+
+import (
+	"github.com/Masterminds/semver/v3"
+	"github.com/beclab/Olares/cli/pkg/core/task"
+)
+
+type upgrader interface {
+	PrepareForUpgrade() []task.Interface
+	ClearAppChartValues() []task.Interface
+	ClearBFLChartValues() []task.Interface
+	UpdateChartsInAppService() []task.Interface
+	UpgradeUserComponents() []task.Interface
+	UpdateReleaseFile() []task.Interface
+	UpgradeSystemComponents() []task.Interface
+	UpdateOlaresVersion() []task.Interface
+	PostUpgrade() []task.Interface
+	AddedBreakingChange() bool
+}
+
+type breakingUpgrader interface {
+	upgrader
+	Version() *semver.Version
+}

cli/pkg/upgrade/modules.go

@@ -0,0 +1,54 @@
+package upgrade
+
+import (
+	"github.com/beclab/Olares/cli/pkg/bootstrap/precheck"
+	"github.com/beclab/Olares/cli/pkg/manifest"
+
+	"github.com/Masterminds/semver/v3"
+	"github.com/beclab/Olares/cli/pkg/common"
+	"github.com/beclab/Olares/cli/pkg/core/task"
+)
+
+type Module struct {
+	common.KubeModule
+	manifest.ManifestModule
+	TargetVersion *semver.Version
+}
+
+func (m *Module) Init() {
+	m.Name = "UpgradeOlares"
+
+	u := getUpgraderByVersion(m.TargetVersion)
+	m.Tasks = append(m.Tasks, u.PrepareForUpgrade()...)
+	m.Tasks = append(m.Tasks, u.ClearAppChartValues()...)
+	m.Tasks = append(m.Tasks, u.ClearBFLChartValues()...)
+	m.Tasks = append(m.Tasks, u.UpdateChartsInAppService()...)
+	m.Tasks = append(m.Tasks, u.UpgradeSystemComponents()...)
+	m.Tasks = append(m.Tasks, u.UpgradeUserComponents()...)
+	m.Tasks = append(m.Tasks, u.UpdateReleaseFile()...)
+	m.Tasks = append(m.Tasks, u.UpdateOlaresVersion()...)
+	m.Tasks = append(m.Tasks, u.PostUpgrade()...)
+}
+
+type PrecheckModule struct {
+	common.KubeModule
+}
+
+func (m *PrecheckModule) Init() {
+	m.Name = "UpgradePrecheck"
+
+	checkers := []precheck.Checker{
+		new(precheck.MasterNodeReadyCheck),
+		new(precheck.RootPartitionAvailableSpaceCheck),
+	}
+	runPreChecks := &task.LocalTask{
+		Name: "UpgradePrecheck",
+		Action: &precheck.RunChecks{
+			Checkers: checkers,
+		},
+	}
+
+	m.Tasks = []task.Interface{
+		runPreChecks,
+	}
+}

cli/pkg/upgrade/upgrade.go

@@ -1,181 +0,0 @@
-package upgrade
-
-import (
-	"time"
-
-	"github.com/beclab/Olares/cli/pkg/bootstrap/precheck"
-
-	"github.com/Masterminds/semver/v3"
-	"github.com/beclab/Olares/cli/pkg/common"
-	"github.com/beclab/Olares/cli/pkg/core/task"
-	"github.com/beclab/Olares/cli/pkg/terminus"
-)
-
-type UpgradeModule struct {
-	common.KubeModule
-	CurrentVersion *semver.Version
-	TargetVersion  *semver.Version
-}
-
-var (
-	preTasks = []*upgradeTask{
-		{
-			Task: &task.LocalTask{
-				Name:   "UpdateSysctlReservedPorts",
-				Action: new(UpdateSysctlReservedPorts),
-			},
-			Current: &explicitVersionMatcher{max: semver.New(1, 12, 0, "20250701", "")},
-			Target:  anyVersion,
-		},
-	}
-
-	coreTasks = []*upgradeTask{
-		{
-			Task: &task.LocalTask{
-				Name:   "PrepareUserInfoForUpgrade",
-				Action: new(PrepareUserInfoForUpgrade),
-				Retry:  5,
-			},
-			Current: atLeasVersion112,
-			Target:  atLeasVersion112,
-		},
-		{
-			Task: &task.LocalTask{
-				Name:   "ClearAppChartValues",
-				Action: new(terminus.ClearAppValues),
-			},
-			Current: atLeasVersion112,
-			Target:  atLeasVersion112,
-		},
-		{
-			Task: &task.LocalTask{
-				Name:   "ClearBFLChartValues",
-				Action: new(terminus.ClearBFLValues),
-			},
-			Current: atLeasVersion112,
-			Target:  atLeasVersion112,
-		},
-		{
-			Task: &task.LocalTask{
-				Name:   "UpdateChartsInAppService",
-				Action: new(terminus.CopyAppServiceHelmFiles),
-				Retry:  5,
-			},
-			Current: atLeasVersion112,
-			Target:  atLeasVersion112,
-		},
-		{
-			Task: &task.LocalTask{
-				Name:   "UpgradeUserComponents",
-				Action: new(UpgradeUserComponents),
-				Retry:  5,
-				Delay:  15 * time.Second,
-			},
-			Current: atLeasVersion112,
-			Target:  atLeasVersion112,
-		},
-		{
-			Task: &task.LocalTask{
-				Name:   "UpdateReleaseFile",
-				Action: new(terminus.WriteReleaseFile),
-			},
-			Current: atLeasVersion112,
-			Target:  atLeasVersion112,
-		},
-		// this task updates the version in the CR
-		// so put this at last to make the whole pipeline
-		// reentrant
-		// maybe it should be put at the last of post tasks
-		// when post tasks are actually needed
-		{
-			Task: &task.LocalTask{
-				Name:   "UpgradeSystemComponents",
-				Action: new(UpgradeSystemComponents),
-				Retry:  10,
-				Delay:  15 * time.Second,
-			},
-			Current: atLeasVersion112,
-			Target:  atLeasVersion112,
-		},
-		{
-			Task: &task.LocalTask{
-				Name:   "EnsurePodsUpAndRunningAgain",
-				Action: new(terminus.CheckKeyPodsRunning),
-				Delay:  15 * time.Second,
-				Retry:  60,
-			},
-			Current: atLeasVersion112,
-			Target:  atLeasVersion112,
-		},
-	}
-
-	postTasks []*upgradeTask
-)
-
-func (m *UpgradeModule) Init() {
-	m.Name = "UpgradeOlares"
-
-	// calculate tasks based on version difference
-	tasks := m.calculateUpgradeTasks()
-
-	m.Tasks = tasks
-}
-
-func (m *UpgradeModule) calculateUpgradeTasks() []task.Interface {
-	var tasks []task.Interface
-
-	// for now, tasks are grouped into pre-upgrade/core-upgrade/post-upgrade tasks
-	// only for business logic compatibility
-	// they are still a normal sequence of tasks to be executed
-	// for the module layer
-	tasks = append(tasks, m.calculatePreUpgradeTasks()...)
-	tasks = append(tasks, m.calculateCoreUpgradeTasks()...)
-	tasks = append(tasks, m.calculatePostUpgradeTasks()...)
-
-	return tasks
-}
-
-func (m *UpgradeModule) getTasksToExecute(unfiltered []*upgradeTask) []task.Interface {
-	var filtered []task.Interface
-	for _, t := range unfiltered {
-		if t.Match(m.CurrentVersion, m.TargetVersion) {
-			filtered = append(filtered, t.Task)
-		}
-	}
-	return filtered
-}
-
-func (m *UpgradeModule) calculatePreUpgradeTasks() []task.Interface {
-	return m.getTasksToExecute(preTasks)
-}
-
-func (m *UpgradeModule) calculateCoreUpgradeTasks() []task.Interface {
-	return m.getTasksToExecute(coreTasks)
-}
-
-func (m *UpgradeModule) calculatePostUpgradeTasks() []task.Interface {
-	return m.getTasksToExecute(postTasks)
-}
-
-type PrecheckModule struct {
-	common.KubeModule
-}
-
-func (m *PrecheckModule) Init() {
-	m.Name = "UpgradePrecheck"
-
-	checkers := []precheck.Checker{
-		new(precheck.MasterNodeReadyCheck),
-		new(precheck.RootPartitionAvailableSpaceCheck),
-	}
-	runPreChecks := &task.LocalTask{
-		Name: "UpgradePrecheck",
-		Action: &precheck.RunChecks{
-			Checkers: checkers,
-		},
-	}
-
-	m.Tasks = []task.Interface{
-		runPreChecks,
-	}
-}

cli/pkg/upgrade/version.go

@@ -1,61 +1,244 @@
 package upgrade
 
 import (
+	"fmt"
 	"github.com/Masterminds/semver/v3"
-	"github.com/beclab/Olares/cli/pkg/core/task"
+	"github.com/beclab/Olares/cli/pkg/utils"
+	"github.com/beclab/Olares/cli/version"
+	"sort"
+	"strconv"
+	"strings"
 )
 
-// versionMatcher checks if the specified version matches its condition
-type versionMatcher interface {
-	Match(version *semver.Version) bool
+type VersionSpec struct {
+	Version                   string                    `json:"version"`
+	Major                     uint64                    `json:"major"`
+	Minor                     uint64                    `json:"minor"`
+	Patch                     uint64                    `json:"patch"`
+	ReleaseType               string                    `json:"releaseType"`
+	ReleaseNum                int                       `json:"releaseNum"`
+	PreRelease                bool                      `json:"prerelease"`
+	AddedBreakingChange       bool                      `json:"addedBreakingChange"`
+	MinimumUpgradableVersions MinimumVersionConstraints `json:"minimumUpgradableVersions"`
 }
 
-// explicitVersionMatcher matches the specified version by a range of explicitly
-// set version range by min/max version
-// and additionally explicitly included/excluded versions
-// if any type of condition is not set, that check is omitted
-// i.e., if min is not set, there's no limit on the minimum version
-// and if no condition is set, the matcher matches all non-nil versions
-type explicitVersionMatcher struct {
-	min     *semver.Version
-	max     *semver.Version
-	include []*semver.Version
-	exclude []*semver.Version
-}
+type VersionConstraints map[string]*semver.Version
+type MinimumVersionConstraints VersionConstraints
 
-func (m *explicitVersionMatcher) Match(version *semver.Version) bool {
-	if version == nil {
-		return false
+func (c MinimumVersionConstraints) SatisfiedBy(base *semver.Version) (bool, error) {
+	if base == nil {
+		return false, nil
 	}
-	for _, v := range m.include {
-		if v.Equal(version) {
-			return true
+	var minVersion *semver.Version
+	prerelease := base.Prerelease()
+	if prerelease == "" {
+		minVersion = c[releaseTypeStable]
+	} else {
+		prereleaseType, _, err := parsePrereleaseVersion(prerelease)
+		if err != nil {
+			return false, fmt.Errorf("invalid version '%s': %v", base, err)
+		}
+		minVersion = c[prereleaseType]
+	}
+	return minVersion != nil && minVersion.LessThanEqual(base), nil
+}
+
+type releaseLine string
+
+var (
+	mainLine  = releaseLine("main")
+	dailyLine = releaseLine("daily")
+
+	// the versions when current upgrade framework is introduced
+	minUpgradableStableVersion = semver.MustParse("1.12.0")
+	minUpgradableDailyVersion  = semver.MustParse("1.12.0-0")
+
+	releaseTypeStable = "stable"
+	releaseTypeDaily  = "daily"
+	releaseTypeRC     = "rc"
+	releaseTypeBeta   = "beta"
+	releaseTypeAlpha  = "alpha"
+	prereleaseSep     = "."
+
+	dailyUpgraders = []breakingUpgrader{
+		upgrader_1_12_0_20250702{},
+		upgrader_1_12_0_20250723{},
+		upgrader_1_12_0_20250730{},
+	}
+	mainUpgraders = []breakingUpgrader{
+		upgrader_1_12_1{},
+	}
+)
+
+func getReleaseLineOfVersion(v *semver.Version) releaseLine {
+	preRelease := v.Prerelease()
+	mainLinePrereleasePrefixes := []string{releaseTypeRC, releaseTypeBeta, releaseTypeAlpha}
+	if preRelease == "" {
+		return mainLine
+	}
+	for _, prefix := range mainLinePrereleasePrefixes {
+		if strings.HasPrefix(preRelease, prefix) {
+			return mainLine
 		}
 	}
-	for _, v := range m.exclude {
-		if v.Equal(version) {
-			return false
+	return dailyLine
+}
+
+func Check(base *semver.Version, target *semver.Version) error {
+	if base == nil {
+		return fmt.Errorf("base version is nil")
+	}
+
+	cliVersion, err := utils.ParseOlaresVersionString(version.VERSION)
+	if err != nil {
+		return fmt.Errorf("invalid olares-cli version :\"%s\"", version.VERSION)
+	}
+
+	if target != nil {
+		if !target.GreaterThan(base) {
+			return fmt.Errorf("base version: %s, target version: %s, no need to upgrade", base, target)
+		}
+		if !target.Equal(cliVersion) {
+			return fmt.Errorf("target version: %s is not the same with cli version: %s", target, cliVersion)
 		}
 	}
-	if m.min != nil && version.LessThan(m.min) {
-		return false
+
+	currentVersionSpec, err := CurrentVersionSpec()
+	if err != nil {
+		return fmt.Errorf("failed to get current version's upgrade spec: %v", err)
 	}
-	if m.max != nil && version.GreaterThan(m.max) {
-		return false
+
+	satisfied, err := currentVersionSpec.MinimumUpgradableVersions.SatisfiedBy(base)
+	if err != nil {
+		return err
 	}
-	return true
+
+	if !satisfied {
+		return fmt.Errorf("cannot upgrade to version '%s' from '%s': version constraints not satified: %v", target, base, currentVersionSpec.MinimumUpgradableVersions)
+	}
+
+	return nil
 }
 
-// todo: do we need to check at least 1.12 in cli?
-var anyVersion versionMatcher = &explicitVersionMatcher{}
-var atLeasVersion112 versionMatcher = &explicitVersionMatcher{min: semver.New(1, 12, 0, "1", "")}
+func getUpgraderByVersion(target *semver.Version) upgrader {
+	for _, upgraders := range [][]breakingUpgrader{
+		dailyUpgraders,
+		mainUpgraders,
+	} {
 
-type upgradeTask struct {
-	Task    task.Interface
-	Current versionMatcher
-	Target  versionMatcher
+		for _, u := range upgraders {
+			if u.Version().Equal(target) {
+				return u
+			}
+		}
+	}
+	return upgraderBase{}
 }
 
-func (t *upgradeTask) Match(current, target *semver.Version) bool {
-	return t.Current.Match(current) && t.Target.Match(target)
+func parsePrereleaseVersion(prereleaseVersion string) (string, int, error) {
+	if !strings.Contains(prereleaseVersion, prereleaseSep) {
+		n, err := strconv.Atoi(prereleaseVersion)
+		if err != nil {
+			return "", 0, fmt.Errorf("invalid prereleaseVersion: %s", prereleaseVersion)
+		}
+		return releaseTypeDaily, n, nil
+	}
+	parts := strings.Split(prereleaseVersion, prereleaseSep)
+	if len(parts) != 2 {
+		return "", 0, fmt.Errorf("invalid prereleaseVersion: %s", prereleaseVersion)
+	}
+	tStr, nStr := parts[0], parts[1]
+	if tStr != releaseTypeRC && tStr != releaseTypeBeta && tStr != releaseTypeAlpha {
+		return "", 0, fmt.Errorf("invalid prereleaseVersion: %s", prereleaseVersion)
+	}
+	n, err := strconv.Atoi(nStr)
+	if err != nil {
+		return "", 0, fmt.Errorf("invalid prereleaseVersion: %s", prereleaseVersion)
+	}
+	return tStr, n, nil
+}
+
+func formatPrereleaseVersion(releaseType string, releaseNum int) string {
+	if releaseType == releaseTypeDaily {
+		return strconv.Itoa(releaseNum)
+	}
+	return fmt.Sprintf("%s%s%s", releaseType, prereleaseSep, strconv.Itoa(releaseNum))
+}
+
+func CurrentVersionSpec() (spec *VersionSpec, err error) {
+	v, err := semver.NewVersion(version.VERSION)
+	if err != nil {
+		return nil, fmt.Errorf("current version '%s' is invalid: %v", version.VERSION, err)
+	}
+	spec = &VersionSpec{}
+	spec.Version, spec.Major, spec.Minor, spec.Patch = v.Original(), v.Major(), v.Minor(), v.Patch()
+	if v.Prerelease() != "" {
+		spec.PreRelease = true
+		spec.ReleaseType, spec.ReleaseNum, err = parsePrereleaseVersion(v.Prerelease())
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		spec.ReleaseType = releaseTypeStable
+	}
+	u := getUpgraderByVersion(v)
+	spec.AddedBreakingChange = u.AddedBreakingChange()
+	if spec.ReleaseType == releaseTypeDaily {
+		lastBreakingVersion := getLastBreakingVersion(dailyUpgraders, v)
+		if lastBreakingVersion == nil {
+			lastBreakingVersion = minUpgradableDailyVersion
+		}
+		spec.MinimumUpgradableVersions = MinimumVersionConstraints{releaseTypeDaily: lastBreakingVersion}
+	} else {
+		lastBreakingVersion := getLastBreakingVersion(mainUpgraders, v)
+		if lastBreakingVersion == nil {
+			lastBreakingVersion = minUpgradableStableVersion
+		}
+		// all mainline release types support upgrade from stable release
+		spec.MinimumUpgradableVersions = MinimumVersionConstraints{
+			releaseTypeStable: semver.New(lastBreakingVersion.Major(), lastBreakingVersion.Minor(), lastBreakingVersion.Patch(), "", ""),
+		}
+		switch spec.ReleaseType {
+		// both stable and rc release types support upgrade from stable/rc release
+		case releaseTypeStable, releaseTypeRC:
+			spec.MinimumUpgradableVersions[releaseTypeRC] = semver.New(lastBreakingVersion.Major(), lastBreakingVersion.Minor(), lastBreakingVersion.Patch(), formatPrereleaseVersion(releaseTypeRC, 0), "")
+		case releaseTypeAlpha:
+			// alpha release type supports upgrade from the last alpha release
+			// if it exists
+			// and no breaking change is added to the current version
+			if !spec.AddedBreakingChange && spec.ReleaseNum > 0 {
+				spec.MinimumUpgradableVersions[releaseTypeAlpha] = semver.New(spec.Major, spec.Minor, spec.Patch, formatPrereleaseVersion(releaseTypeAlpha, spec.ReleaseNum-1), "")
+			}
+		}
+	}
+
+	return spec, nil
+}
+
+func getLastBreakingVersion(upgraders []breakingUpgrader, current *semver.Version) *semver.Version {
+	sort.Slice(upgraders, func(i, j int) bool {
+		return upgraders[i].Version().LessThan(upgraders[j].Version())
+	})
+	for i := len(upgraders) - 1; i >= 0; i-- {
+		if !upgraders[i].AddedBreakingChange() {
+			continue
+		}
+		if upgraders[i].Version().GreaterThanEqual(current) {
+			continue
+		}
+		return upgraders[i].Version()
+	}
+	return nil
+}
+
+func samePatchLevelVersion(a, b *semver.Version) bool {
+	return a.Major() == b.Major() && a.Minor() == b.Minor() && a.Patch() == b.Patch()
+}
+
+func sameMinorLevelVersion(a, b *semver.Version) bool {
+	return a.Major() == b.Major() && a.Minor() == b.Minor()
+}
+
+func sameMajorLevelVersion(a, b *semver.Version) bool {
+	return a.Major() == b.Major()
 }

cli/pkg/utils/certs/certs.go

@@ -34,7 +34,7 @@ import (
 
 const (
 	// CertificateValidity defines the validity for all the signed certificates generated by kubeadm
-	CertificateValidity = time.Hour * 24 * 365 * 10
+	CertificateValidity = time.Hour * 24 * 365 * 100
 	// CertificateBlockType is a possible value for pem.Block.Type.
 	CertificateBlockType = "CERTIFICATE"
 	rsaKeySize           = 2048

cli/pkg/web5/jws/checkjws.go

@@ -191,9 +191,11 @@ func CheckJWS(jws string, duration int64) (*CheckJWSResult, error) {
 
 	// Verify DID matches
 	if resolutionResult.Document.ID != kid {
-		return nil, fmt.Errorf("DID does not match")
-	}
-
+        	sid := resolutionResult.Document.ID + resolutionResult.Document.VerificationMethod[0].ID
+        	if sid != kid {
+            		return nil, fmt.Errorf("DID does not match: expected %s, got %  s", sid, kid)
+        	}
+    	}
 	// Get verification method
 	if len(resolutionResult.Document.VerificationMethod) == 0 || resolutionResult.Document.VerificationMethod[0].PublicKeyJwk == nil {
 		return nil, fmt.Errorf("invalid DID document: missing verification method")

cli/version/vendor.go

@@ -0,0 +1,4 @@
+package version
+
+var VENDOR = "main"
+var VENDOR_REPO_PATH = ""

daemon/.goreleaser.yml

@@ -1,44 +1,43 @@
 project_name: olaresd
 builds:
-- id: linux_amd64 
-  env:
-  - CGO_ENABLED=1
-  main: ./cmd/terminusd/main.go
-  binary: olaresd
-  goarch:
-    - amd64
-  goos:
-    - linux
-  tags:
-    containers_image_openpgp
-  ldflags:
-    - -w
-    - -s
-    - -X 'github.com/beclab/Olares/daemon/cmd/terminusd/version.version=v{{ .Version }}'
-- id: linux_arm64 
-  env:
+- env:
   - CGO_ENABLED=0
   # - CC=aarch64-linux-gnu-gcc
   # - CXX=aarch64-linux-gnu-g++
   main: ./cmd/terminusd/main.go
   binary: olaresd
   goarch:
+    - amd64
     - arm64
   goos:
     - linux
+  overrides:
+    - goarch: amd64
+      goos: linux
+      goamd64: v1
+      env:
+        - CGO_ENABLED=1
   tags:
     containers_image_openpgp
   ldflags:
     - -w
     - -s
     - -X 'github.com/beclab/Olares/daemon/cmd/terminusd/version.version=v{{ .Version }}'
+    - >-
+      {{- if index .Env "OLARES_VENDOR_TYPE" }}
+      -X github.com/beclab/Olares/daemon/cmd/terminusd/version.VENDOR={{ .Env.OLARES_VENDOR_TYPE }}
+      {{- end }}
 dist: output
 archives:
-- name_template: "olaresd-v{{ .Version }}-{{ .Os }}-{{ .Arch }}"
-  replacements:
-    linux: linux
-    amd64: amd64
-    arm64: arm64
+- id: without-release-id
+  name_template: "{{ .ProjectName }}-v{{ .Version }}-{{ .Os }}-{{ .Arch }}"
+- id: with-release-id
+  name_template: >-
+                 {{- if index .Env "OLARES_RELEASE_ID" }}
+                 {{- .ProjectName }}-v{{ .Version }}-{{ .Os }}-{{ .Arch }}.{{ .Env.OLARES_RELEASE_ID }}
+                 {{- else }}
+                 {{- .ProjectName }}-v{{ .Version }}-{{ .Os }}-{{ .Arch }}.no-release-id
+                 {{- end }}
   files:
     - none*
 checksum: