Compare commits
101 Commits
fix/upgrad
...
files_init
| Author | SHA1 | Date | |
|---|---|---|---|
|
1595c0eb53 | ||
|
|
13d69572dd | ||
|
|
5e1680cf15 | ||
|
|
080927d500 | ||
|
|
e79a5235d5 | ||
|
|
15032a6a03 | ||
|
|
96ebf95ff2 | ||
|
|
74633d26f3 | ||
|
|
3306a33980 | ||
|
|
953f78318c | ||
|
|
b2408ade2b | ||
|
|
6216276623 | ||
|
|
c1353ff6f5 | ||
|
|
d7d611b5cd | ||
|
|
5725361d9b | ||
|
|
8e69ab9b97 | ||
|
|
026764477e | ||
|
|
b9da9d71a1 | ||
|
|
8e16d61be4 | ||
|
|
191f23454c | ||
|
|
a907e5f80d | ||
|
|
65acff0bf2 | ||
|
|
e76d1b87e5 | ||
|
|
e170092749 | ||
|
|
c1e53945f3 | ||
|
|
851356a399 | ||
|
|
5ceeb34079 | ||
|
|
ff45612602 | ||
|
|
7e20377f6a | ||
|
|
d2acac93bc | ||
|
|
8aefb66c4b | ||
|
|
5274efdbfa | ||
|
|
3c240ce7c6 | ||
|
|
611b356716 | ||
|
|
59b32f33b4 | ||
|
|
971401af3a | ||
|
|
31627d4f72 | ||
|
|
535e19acd8 | ||
|
|
6d08f2f4d4 | ||
|
|
5b8072e1e5 | ||
|
|
083f0c3866 | ||
|
|
17a1c8128e | ||
|
|
ee1a003001 | ||
|
|
dd94eea2f9 | ||
|
|
a6f82bc273 | ||
|
|
d53b1b6ec2 | ||
|
|
ababd15c90 | ||
|
|
ffb04cbd4b | ||
|
|
1f552ac613 | ||
|
|
f3603b22ce | ||
|
|
1fd597ff79 | ||
|
|
54f0a1143d | ||
|
|
3fb85fc3e5 | ||
|
|
58c952839a | ||
|
|
02ee7ca4ff | ||
|
|
ef08696851 | ||
|
|
f234187088 | ||
|
|
de09433738 | ||
|
|
bfdd500db3 | ||
|
|
2313e48e30 | ||
|
|
5672ad5691 | ||
|
|
6030c723fb | ||
|
|
b6607251b0 | ||
|
|
5502fdffb9 | ||
|
|
5632fa37a4 | ||
|
|
fa740be863 | ||
|
|
4cab48c1ac | ||
|
|
607a8b7476 | ||
|
|
b2a24cb23b | ||
|
|
e6711b6dd5 | ||
|
|
0549f0a948 | ||
|
|
107865ff83 | ||
|
|
bf1f9c8167 | ||
|
|
7b4c60ce8d | ||
|
|
735d0d06be | ||
|
|
d0fb912c31 | ||
|
|
500f50ec7b | ||
|
|
c548d15c61 | ||
|
|
469b36b3eb | ||
|
|
a5bec0f8e9 | ||
|
|
f6bff09f16 | ||
|
|
fd0ab0c92c | ||
|
|
d8f7cb29cc | ||
|
|
73c5433137 | ||
|
|
93ee2b85d7 | ||
|
|
632974d920 | ||
|
|
23276658e1 | ||
|
|
49b9ff6f41 | ||
|
|
7a6f9d8908 | ||
|
|
05f07bd8d8 | ||
|
|
4c526227be | ||
|
|
31a9a05fff | ||
|
|
86aeba659b | ||
|
|
1a817b5701 | ||
|
|
b294ee45fb | ||
|
|
81cdd392dc | ||
|
|
cf4dad6f77 | ||
|
|
34ddf31751 | ||
|
|
68c99c1d06 | ||
|
|
fad640c221 | ||
|
|
989b48d46b |
@@ -66,7 +66,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: edge-desktop
|
||||
image: beclab/desktop:v0.2.53
|
||||
image: beclab/desktop:v0.2.58
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
@@ -78,7 +78,7 @@ spec:
|
||||
value: http://bfl.{{ .Release.Namespace }}:8080
|
||||
|
||||
- name: desktop-server
|
||||
image: beclab/desktop-server:v0.2.53
|
||||
image: beclab/desktop-server:v0.2.58
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -140,7 +140,7 @@ spec:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: terminus-ws-sidecar
|
||||
image: 'beclab/ws-gateway:v1.0.3'
|
||||
image: 'beclab/ws-gateway:v1.0.5'
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /ws-gateway
|
||||
|
||||
@@ -220,7 +220,7 @@ spec:
|
||||
cpu: "1"
|
||||
memory: 300Mi
|
||||
- name: download-spider
|
||||
image: "beclab/download-spider:v0.0.19"
|
||||
image: "beclab/download-spider:v0.0.22"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
@@ -1,11 +1,15 @@
|
||||
|
||||
{{- $namespace := printf "%s" "os-system" -}}
|
||||
{{- $files_secret := (lookup "v1" "Secret" $namespace "files-secrets") -}}
|
||||
{{- $password := "" -}}
|
||||
|
||||
{{- $files_postgres_password := "" -}}
|
||||
{{ if $files_secret -}}
|
||||
{{ $password = (index $files_secret "data" "password") }}
|
||||
{{ $files_postgres_password = (index $files_secret "data" "files_postgres_password") }}
|
||||
{{- if not $files_postgres_password -}}
|
||||
{{ $files_postgres_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
{{ else -}}
|
||||
{{ $password = randAlphaNum 16 | b64enc }}
|
||||
{{ $files_postgres_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
{{- $files_redis_password := "" -}}
|
||||
@@ -45,9 +49,8 @@ spec:
|
||||
serviceAccount: os-internal
|
||||
serviceAccountName: os-internal
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
runAsUser: 0
|
||||
runAsNonRoot: false
|
||||
initContainers:
|
||||
- name: init-data
|
||||
image: busybox:1.28
|
||||
@@ -67,18 +70,40 @@ spec:
|
||||
- -c
|
||||
- |
|
||||
chown -R 1000:1000 /appdata; chown -R 1000:1000 /appcache; chown -R 1000:1000 /data
|
||||
- name: init-container
|
||||
image: 'postgres:16.0-alpine3.18'
|
||||
command:
|
||||
- sh
|
||||
- '-c'
|
||||
- >-
|
||||
echo -e "Checking for the availability of PostgreSQL Server
|
||||
deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB1
|
||||
-c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >>
|
||||
PostgreSQL DB Server has started";
|
||||
env:
|
||||
- name: PGHOST
|
||||
value: citus-headless.os-system
|
||||
- name: PGPORT
|
||||
value: '5432'
|
||||
- name: PGUSER
|
||||
value: files_os_system
|
||||
- name: PGPASSWORD
|
||||
value: {{ $files_postgres_password | b64dec }}
|
||||
- name: PGDB1
|
||||
value: os_system_files
|
||||
|
||||
containers:
|
||||
- name: gateway
|
||||
image: beclab/appdata-gateway:0.1.16
|
||||
image: beclab/appdata-gateway:0.1.18
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
runAsUser: 1000
|
||||
runAsUser: 0
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
env:
|
||||
- name: FILES_SERVER_TAG
|
||||
value: 'beclab/files-server:v0.2.60'
|
||||
value: 'beclab/files-server:v0.2.69'
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
@@ -98,7 +123,7 @@ spec:
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
runAsUser: 1000
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
ports:
|
||||
- containerPort: 9090
|
||||
@@ -114,11 +139,11 @@ spec:
|
||||
{{ end }}
|
||||
|
||||
- name: files
|
||||
image: beclab/files-server:v0.2.60
|
||||
image: beclab/files-server:v0.2.69
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
runAsUser: 1000
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: fb-data
|
||||
@@ -170,7 +195,7 @@ spec:
|
||||
# - name: ZINC_USER
|
||||
# value: zincuser-files-os-system
|
||||
# - name: ZINC_PASSWORD
|
||||
# value: {{ $password | b64dec }}
|
||||
# value: {{ $files_postgres_password | b64dec }}
|
||||
# - name: ZINC_HOST
|
||||
# value: zinc-server-svc.os-system
|
||||
# - name: ZINC_PORT
|
||||
@@ -220,6 +245,16 @@ spec:
|
||||
value: '1.11'
|
||||
- name: FILE_CACHE_DIR
|
||||
value: '/data/file_cache'
|
||||
- name: PGHOST
|
||||
value: citus-headless.os-system
|
||||
- name: PGPORT
|
||||
value: '5432'
|
||||
- name: PGUSER
|
||||
value: files_os_system
|
||||
- name: PGPASSWORD
|
||||
value: {{ $files_postgres_password | b64dec }}
|
||||
- name: PGDB1
|
||||
value: os_system_files
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
@@ -236,7 +271,7 @@ spec:
|
||||
- /filebrowser
|
||||
- --noauth
|
||||
- name: uploader
|
||||
image: beclab/upload:v1.0.12
|
||||
image: beclab/upload:v1.0.14
|
||||
env:
|
||||
- name: UPLOAD_FILE_TYPE
|
||||
value: '*'
|
||||
@@ -262,7 +297,7 @@ spec:
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
runAsUser: 1000
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
- name: nginx
|
||||
image: 'nginx:stable-alpine3.17-slim'
|
||||
@@ -396,11 +431,12 @@ spec:
|
||||
name: check-nats
|
||||
containers:
|
||||
- name: files
|
||||
image: beclab/files-server:v0.2.60
|
||||
image: beclab/files-server:v0.2.69
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
runAsUser: 1000
|
||||
allowPrivilegeEscalation: true
|
||||
runAsUser: 0
|
||||
runAsNonRoot: false
|
||||
volumeMounts:
|
||||
- name: fb-data
|
||||
mountPath: /appdata
|
||||
@@ -409,12 +445,14 @@ spec:
|
||||
ports:
|
||||
- containerPort: 8110
|
||||
env:
|
||||
- name: FB_DATABASE
|
||||
value: /appdata/database/filebrowser.db
|
||||
- name: FB_CONFIG
|
||||
value: /appdata/config/settings.json
|
||||
- name: FB_ROOT
|
||||
- name: ROOT_PREFIX
|
||||
value: /data
|
||||
# - name: FB_DATABASE
|
||||
# value: /appdata/database/filebrowser.db
|
||||
# - name: FB_CONFIG
|
||||
# value: /appdata/config/settings.json
|
||||
# - name: FB_ROOT
|
||||
# value: /data
|
||||
- name: OLARES_VERSION
|
||||
value: '1.11'
|
||||
- name: NODE_NAME
|
||||
@@ -459,7 +497,7 @@ metadata:
|
||||
namespace: os-system
|
||||
type: Opaque
|
||||
data:
|
||||
password: {{ $password }}
|
||||
files_postgres_password: {{ $files_postgres_password }}
|
||||
files_redis_password: {{ $files_redis_password }}
|
||||
|
||||
---
|
||||
@@ -472,6 +510,26 @@ data:
|
||||
files_nats_password: {{ $files_nats_password }}
|
||||
type: Opaque
|
||||
|
||||
---
|
||||
apiVersion: apr.bytetrade.io/v1alpha1
|
||||
kind: MiddlewareRequest
|
||||
metadata:
|
||||
name: files-pg
|
||||
namespace: os-system
|
||||
spec:
|
||||
app: files
|
||||
appNamespace: os-system
|
||||
middleware: postgres
|
||||
postgreSQL:
|
||||
user: files_os_system
|
||||
password:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: files_postgres_password
|
||||
name: files-secrets
|
||||
databases:
|
||||
- name: files
|
||||
|
||||
---
|
||||
apiVersion: apr.bytetrade.io/v1alpha1
|
||||
kind: MiddlewareRequest
|
||||
|
||||
@@ -297,7 +297,7 @@ spec:
|
||||
# - /filebrowser
|
||||
# - --noauth
|
||||
- name: files-frontend
|
||||
image: beclab/files-frontend:v1.3.39
|
||||
image: beclab/files-frontend-1.11:v1.3.55
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
@@ -319,7 +319,7 @@ spec:
|
||||
- name: userspace-dir
|
||||
mountPath: /data
|
||||
- name: drive-server
|
||||
image: beclab/drive:v0.0.51
|
||||
image: beclab/drive:v0.0.72
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: OS_SYSTEM_SERVER
|
||||
@@ -342,7 +342,7 @@ spec:
|
||||
- name: userspace-app-dir
|
||||
mountPath: /data/Application
|
||||
- name: task-executor
|
||||
image: beclab/driveexecutor:v0.0.51
|
||||
image: beclab/driveexecutor:v0.0.72
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: OS_SYSTEM_SERVER
|
||||
@@ -758,11 +758,14 @@ data:
|
||||
prefix: "/upload"
|
||||
route:
|
||||
cluster: upload_original_dst
|
||||
timeout: 1800s
|
||||
idle_timeout: 1800s
|
||||
- match:
|
||||
prefix: "/"
|
||||
route:
|
||||
cluster: original_dst
|
||||
timeout: 1800s
|
||||
idle_timeout: 1800s
|
||||
http_protocol_options:
|
||||
accept_http_10: true
|
||||
http_filters:
|
||||
|
||||
@@ -168,7 +168,7 @@ spec:
|
||||
value: user_space_{{ .Values.bfl.username }}_knowledge
|
||||
containers:
|
||||
- name: knowledge
|
||||
image: "beclab/knowledge-base-api:v0.1.64"
|
||||
image: "beclab/knowledge-base-api:v0.1.72"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -183,6 +183,8 @@ spec:
|
||||
value: 'http://rss-server.os-system:1200'
|
||||
- name: SEARCH_URL
|
||||
value: 'http://search3.os-system:80'
|
||||
- name: UPLOAD_SAVE_PATH
|
||||
value: '/data/Home/Documents/'
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
@@ -236,7 +238,7 @@ spec:
|
||||
memory: 1Gi
|
||||
|
||||
- name: backend-server
|
||||
image: "beclab/recommend-backend:v0.0.27"
|
||||
image: "beclab/recommend-backend:v0.0.31"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
@@ -43,6 +43,7 @@ spec:
|
||||
app: appstore
|
||||
io.bytetrade.app: "true"
|
||||
spec:
|
||||
priorityClassName: "system-cluster-critical"
|
||||
initContainers:
|
||||
- args:
|
||||
- -it
|
||||
@@ -84,12 +85,12 @@ spec:
|
||||
fieldPath: status.podIP
|
||||
containers:
|
||||
- name: appstore
|
||||
image: beclab/market-frontend:v0.3.5
|
||||
image: beclab/market-frontend:v0.3.11
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
- name: appstore-backend
|
||||
image: beclab/market-backend:v0.3.5
|
||||
image: beclab/market-backend:v0.3.11
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 81
|
||||
@@ -169,7 +170,7 @@ spec:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: terminus-ws-sidecar
|
||||
image: 'beclab/ws-gateway:v1.0.3'
|
||||
image: 'beclab/ws-gateway:v1.0.5'
|
||||
command:
|
||||
- /ws-gateway
|
||||
env:
|
||||
|
||||
@@ -199,7 +199,7 @@ spec:
|
||||
value: os_system_search3
|
||||
containers:
|
||||
- name: search3
|
||||
image: beclab/search3:v0.0.28
|
||||
image: beclab/search3:v0.0.30
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
|
||||
4
apps/studio/README.md
Normal file
4
apps/studio/README.md
Normal file
@@ -0,0 +1,4 @@
|
||||
# devbox
|
||||
Terminus App development management tools
|
||||
|
||||
https://github.com/beclab/devbox
|
||||
23
apps/studio/config/user/helm-charts/studio/.helmignore
Normal file
23
apps/studio/config/user/helm-charts/studio/.helmignore
Normal file
@@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
26
apps/studio/config/user/helm-charts/studio/Chart.yaml
Normal file
26
apps/studio/config/user/helm-charts/studio/Chart.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
apiVersion: v2
|
||||
name: studio
|
||||
description: A Terminus app development tool
|
||||
maintainers:
|
||||
- name: bytetrade
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||
# to be deployed.
|
||||
#
|
||||
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||
type: application
|
||||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.1.3
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "4.9.1"
|
||||
BIN
apps/studio/config/user/helm-charts/studio/devbox.png
Normal file
BIN
apps/studio/config/user/helm-charts/studio/devbox.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 749 KiB |
@@ -0,0 +1,549 @@
|
||||
{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
|
||||
{{- $studio_secret := (lookup "v1" "Secret" $namespace "studio-secrets") -}}
|
||||
|
||||
{{- $pg_password := "" -}}
|
||||
{{ if $studio_secret -}}
|
||||
{{ $pg_password = (index $studio_secret "data" "pg_password") }}
|
||||
{{ else -}}
|
||||
{{ $pg_password = randAlphaNum 16 | b64enc }}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: studio-secrets
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
type: Opaque
|
||||
data:
|
||||
pg_password: {{ $pg_password }}
|
||||
|
||||
---
|
||||
apiVersion: apr.bytetrade.io/v1alpha1
|
||||
kind: MiddlewareRequest
|
||||
metadata:
|
||||
name: studio-pg
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
spec:
|
||||
app: studio
|
||||
appNamespace: {{ .Release.Namespace }}
|
||||
middleware: postgres
|
||||
postgreSQL:
|
||||
user: studio_{{ .Values.bfl.username }}
|
||||
password:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: pg_password
|
||||
name: studio-secrets
|
||||
databases:
|
||||
- name: studio
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: studio-server
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
selector:
|
||||
app: studio-server
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 8080
|
||||
targetPort: 8088
|
||||
name: http
|
||||
- protocol: TCP
|
||||
port: 8083
|
||||
targetPort: 8083
|
||||
name: https
|
||||
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: chartmuseum-studio
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 8080
|
||||
targetPort: 8888
|
||||
selector:
|
||||
app: studio-server
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: studio-san-cnf
|
||||
namespace: {{ .Release.Namespace }}
|
||||
data:
|
||||
san.cnf: |
|
||||
[req]
|
||||
distinguished_name = req_distinguished_name
|
||||
req_extensions = v3_req
|
||||
prompt = no
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = CN
|
||||
stateOrProvinceName = Beijing
|
||||
localityName = Beijing
|
||||
0.organizationName = bytetrade
|
||||
commonName = studio-server.{{ .Release.Namespace }}.svc
|
||||
|
||||
[v3_req]
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
subjectAltName = @bytetrade
|
||||
|
||||
[bytetrade]
|
||||
DNS.1 = studio-server.{{ .Release.Namespace }}.svc
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: studio-server
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: studio-server
|
||||
applications.app.bytetrade.io/author: bytetrade.io
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: studio-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: studio-server
|
||||
spec:
|
||||
serviceAccountName: bytetrade-controller
|
||||
volumes:
|
||||
- name: chart
|
||||
hostPath:
|
||||
type: DirectoryOrCreate
|
||||
path: {{ .Values.userspace.appData}}/studio/Chart
|
||||
- name: data
|
||||
hostPath:
|
||||
type: DirectoryOrCreate
|
||||
path: {{ .Values.userspace.appData }}/studio/Data
|
||||
- name: storage-volume
|
||||
hostPath:
|
||||
path: {{ .Values.userspace.appData }}/studio/helm-repo-dev
|
||||
type: DirectoryOrCreate
|
||||
- name: config-san
|
||||
configMap:
|
||||
name: studio-san-cnf
|
||||
items:
|
||||
- key: san.cnf
|
||||
path: san.cnf
|
||||
- name: sidecar-configs-studio
|
||||
configMap:
|
||||
name: sidecar-configs-studio
|
||||
items:
|
||||
- key: envoy.yaml
|
||||
path: envoy.yaml
|
||||
- name: certs
|
||||
emptyDir: {}
|
||||
initContainers:
|
||||
- name: init-chmod-data
|
||||
image: busybox:1.28
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- sh
|
||||
- '-c'
|
||||
- |
|
||||
chown -R 1000:1000 /home/coder
|
||||
chown -R 65532:65532 /charts
|
||||
chown -R 65532:65532 /data
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
resources: { }
|
||||
volumeMounts:
|
||||
- name: storage-volume
|
||||
mountPath: /home/coder
|
||||
- name: chart
|
||||
mountPath: /charts
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: terminus-sidecar-init
|
||||
image: aboveos/openservicemesh-init:v1.2.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
iptables-restore --noflush <<EOF
|
||||
# sidecar interception rules
|
||||
*nat
|
||||
:PROXY_IN_REDIRECT - [0:0]
|
||||
:PROXY_INBOUND - [0:0]
|
||||
:PROXY_OUTBOUND - [0:0]
|
||||
:PROXY_OUT_REDIRECT - [0:0]
|
||||
|
||||
-A PREROUTING -p tcp -j PROXY_INBOUND
|
||||
-A OUTPUT -p tcp -j PROXY_OUTBOUND
|
||||
-A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
|
||||
-A PROXY_INBOUND -p tcp --dport 8083 -j RETURN
|
||||
-A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
|
||||
-A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
|
||||
|
||||
|
||||
-A PROXY_OUTBOUND -p tcp --dport 5432 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 6379 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 27017 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 443 -j RETURN
|
||||
-A PROXY_OUTBOUND -p tcp --dport 8080 -j RETURN
|
||||
|
||||
-A PROXY_OUTBOUND -d ${POD_IP}/32 -j RETURN
|
||||
|
||||
-A PROXY_OUTBOUND -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1555 -j PROXY_IN_REDIRECT
|
||||
-A PROXY_OUTBOUND -o lo -m owner ! --uid-owner 1555 -j RETURN
|
||||
-A PROXY_OUTBOUND -m owner --uid-owner 1555 -j RETURN
|
||||
-A PROXY_OUTBOUND -d 127.0.0.1/32 -j RETURN
|
||||
|
||||
-A PROXY_OUTBOUND -j PROXY_OUT_REDIRECT
|
||||
-A PROXY_OUT_REDIRECT -p tcp -j REDIRECT --to-port 15001
|
||||
|
||||
COMMIT
|
||||
EOF
|
||||
env:
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
|
||||
- name: generate-certs
|
||||
image: beclab/openssl:v3
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: [ "/bin/sh", "-c" ]
|
||||
args:
|
||||
- |
|
||||
openssl genrsa -out /etc/certs/ca.key 2048
|
||||
openssl req -new -x509 -days 3650 -key /etc/certs/ca.key -out /etc/certs/ca.crt \
|
||||
-subj "/CN=bytetrade CA/O=bytetrade/C=CN"
|
||||
openssl req -new -newkey rsa:2048 -nodes \
|
||||
-keyout /etc/certs/server.key -out /etc/certs/server.csr \
|
||||
-config /etc/san/san.cnf
|
||||
openssl x509 -req -days 3650 -in /etc/certs/server.csr \
|
||||
-CA /etc/certs/ca.crt -CAkey /etc/certs/ca.key \
|
||||
-CAcreateserial -out /etc/certs/server.crt \
|
||||
-extensions v3_req -extfile /etc/san/san.cnf
|
||||
chown -R 65532 /etc/certs/*
|
||||
volumeMounts:
|
||||
- name: config-san
|
||||
mountPath: /etc/san
|
||||
- name: certs
|
||||
mountPath: /etc/certs
|
||||
|
||||
containers:
|
||||
- name: studio
|
||||
image: beclab/studio-server:v0.1.50
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- server
|
||||
ports:
|
||||
- name: port
|
||||
containerPort: 8088
|
||||
protocol: TCP
|
||||
- name: ssl-port
|
||||
containerPort: 8083
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: chart
|
||||
mountPath: /charts
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- mountPath: /etc/certs
|
||||
name: certs
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- "/studio"
|
||||
- "clean"
|
||||
env:
|
||||
- name: BASE_DIR
|
||||
value: /charts
|
||||
- name: OS_API_KEY
|
||||
value: {{ .Values.os.studio.appKey }}
|
||||
- name: OS_API_SECRET
|
||||
value: {{ .Values.os.studio.appSecret }}
|
||||
- name: OS_SYSTEM_SERVER
|
||||
value: system-server.user-system-{{ .Values.bfl.username }}
|
||||
- name: NAME_SPACE
|
||||
value: {{ .Release.Namespace }}
|
||||
- name: OWNER
|
||||
value: '{{ .Values.bfl.username }}'
|
||||
- name: DB_HOST
|
||||
value: citus-master-svc.user-system-{{ .Values.bfl.username }}
|
||||
- name: DB_USERNAME
|
||||
value: studio_{{ .Values.bfl.username }}
|
||||
- name: DB_PASSWORD
|
||||
value: "{{ $pg_password | b64dec }}"
|
||||
- name: DB_NAME
|
||||
value: user_space_{{ .Values.bfl.username }}_studio
|
||||
- name: DB_PORT
|
||||
value: "5432"
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: "0.5"
|
||||
memory: 1000Mi
|
||||
- name: terminus-envoy-sidecar
|
||||
image: bytetrade/envoy:v1.25.11.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
runAsUser: 1555
|
||||
ports:
|
||||
- name: proxy-admin
|
||||
containerPort: 15000
|
||||
- name: proxy-inbound
|
||||
containerPort: 15003
|
||||
- name: proxy-outbound
|
||||
containerPort: 15001
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: "0.5"
|
||||
memory: 200Mi
|
||||
volumeMounts:
|
||||
- name: sidecar-configs-studio
|
||||
readOnly: true
|
||||
mountPath: /etc/envoy/envoy.yaml
|
||||
subPath: envoy.yaml
|
||||
command:
|
||||
- /usr/local/bin/envoy
|
||||
- --log-level
|
||||
- debug
|
||||
- -c
|
||||
- /etc/envoy/envoy.yaml
|
||||
env:
|
||||
- name: POD_UID
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.uid
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: APP_KEY
|
||||
value: {{ .Values.os.studio.appKey }}
|
||||
- name: APP_SECRET
|
||||
value: {{ .Values.os.studio.appSecret }}
|
||||
- name: chartmuseum
|
||||
image: aboveos/helm-chartmuseum:v0.15.0
|
||||
args:
|
||||
- '--port=8888'
|
||||
- '--storage-local-rootdir=/storage'
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8888
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: CHART_POST_FORM_FIELD_NAME
|
||||
value: chart
|
||||
- name: DISABLE_API
|
||||
value: 'false'
|
||||
- name: LOG_JSON
|
||||
value: 'true'
|
||||
- name: PROV_POST_FORM_FIELD_NAME
|
||||
value: prov
|
||||
- name: STORAGE
|
||||
value: local
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- name: storage-volume
|
||||
mountPath: /storage
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
envoy.yaml: |
|
||||
admin:
|
||||
access_log_path: "/dev/stdout"
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15000
|
||||
static_resources:
|
||||
listeners:
|
||||
- name: listener_0
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15003
|
||||
listener_filters:
|
||||
- name: envoy.filters.listener.original_dst
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
|
||||
filter_chains:
|
||||
- filters:
|
||||
- name: envoy.filters.network.http_connection_manager
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
||||
stat_prefix: desktop_http
|
||||
upgrade_configs:
|
||||
- upgrade_type: websocket
|
||||
- upgrade_type: tailscale-control-protocol
|
||||
skip_xff_append: false
|
||||
codec_type: AUTO
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
- name: service
|
||||
domains: ["*"]
|
||||
routes:
|
||||
- match:
|
||||
prefix: "/"
|
||||
route:
|
||||
cluster: original_dst
|
||||
timeout: 1800s
|
||||
http_protocol_options:
|
||||
accept_http_10: true
|
||||
http_filters:
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
- name: listener_1
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 15001
|
||||
listener_filters:
|
||||
- name: envoy.filters.listener.original_dst
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst
|
||||
filter_chains:
|
||||
- filters:
|
||||
- name: envoy.filters.network.http_connection_manager
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
||||
stat_prefix: studio_out_http
|
||||
skip_xff_append: false
|
||||
codec_type: AUTO
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
- name: service
|
||||
domains: ["*"]
|
||||
routes:
|
||||
- match:
|
||||
prefix: "/server/intent/send"
|
||||
request_headers_to_add:
|
||||
- header:
|
||||
key: X-App-Key
|
||||
value: {{ .Values.os.studio.appKey }}
|
||||
route:
|
||||
cluster: system-server
|
||||
prefix_rewrite: /system-server/v2/legacy_api/api.intent/v2/server/intent/send
|
||||
- match:
|
||||
prefix: "/"
|
||||
route:
|
||||
cluster: original_dst
|
||||
timeout: 1800s
|
||||
typed_per_filter_config:
|
||||
envoy.filters.http.lua:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
|
||||
disabled: true
|
||||
|
||||
http_protocol_options:
|
||||
accept_http_10: true
|
||||
http_filters:
|
||||
- name: envoy.filters.http.lua
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
|
||||
inline_code:
|
||||
local sha = require("lib.sha2")
|
||||
function envoy_on_request(request_handle)
|
||||
local app_key = os.getenv("APP_KEY")
|
||||
local app_secret = os.getenv("APP_SECRET")
|
||||
local current_time = os.time()
|
||||
local minute_level_time = current_time - (current_time % 60)
|
||||
local time_string = tostring(minute_level_time)
|
||||
local s = app_key .. app_secret .. time_string
|
||||
request_handle:logInfo("originstring:" .. s)
|
||||
local hash = sha.sha256(s)
|
||||
request_handle:logInfo("Hello World.")
|
||||
request_handle:logInfo(hash)
|
||||
request_handle:headers():add("X-Auth-Signature",hash)
|
||||
end
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
|
||||
|
||||
clusters:
|
||||
- name: original_dst
|
||||
connect_timeout: 5000s
|
||||
type: ORIGINAL_DST
|
||||
lb_policy: CLUSTER_PROVIDED
|
||||
- name: system-server
|
||||
connect_timeout: 2s
|
||||
type: LOGICAL_DNS
|
||||
dns_lookup_family: V4_ONLY
|
||||
dns_refresh_rate: 600s
|
||||
lb_policy: ROUND_ROBIN
|
||||
load_assignment:
|
||||
cluster_name: system-server
|
||||
endpoints:
|
||||
- lb_endpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
socket_address:
|
||||
address: system-server.user-system-{{ .Values.bfl.username }}
|
||||
port_value: 80
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: sidecar-configs-studio
|
||||
namespace: {{ .Release.Namespace }}
|
||||
44
apps/studio/config/user/helm-charts/studio/values.yaml
Normal file
44
apps/studio/config/user/helm-charts/studio/values.yaml
Normal file
@@ -0,0 +1,44 @@
|
||||
|
||||
bfl:
|
||||
nodeport: 30883
|
||||
nodeport_ingress_http: 30083
|
||||
nodeport_ingress_https: 30082
|
||||
username: 'test'
|
||||
url: 'test'
|
||||
nodeName: test
|
||||
pvc:
|
||||
userspace: test
|
||||
userspace:
|
||||
userData: test/Home
|
||||
appData: test/Data
|
||||
appCache: test
|
||||
dbdata: test
|
||||
docs:
|
||||
nodeport: 30881
|
||||
desktop:
|
||||
nodeport: 30180
|
||||
os:
|
||||
portfolio:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
vault:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
desktop:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
message:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
rss:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
search:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
search2:
|
||||
appKey: '${ks[0]}'
|
||||
appSecret: test
|
||||
kubesphere:
|
||||
redis_password: ""
|
||||
|
||||
@@ -109,6 +109,19 @@ spec:
|
||||
port: 3010
|
||||
targetPort: 3010
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: studio-svc
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
selector:
|
||||
app: system-frontend
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 8080
|
||||
targetPort: 87
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@@ -121,11 +134,11 @@ metadata:
|
||||
applications.app.bytetrade.io/group: 'true'
|
||||
applications.app.bytetrade.io/author: bytetrade.io
|
||||
annotations:
|
||||
applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","wise":"https://file.bttcdn.com/appstore/rss/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png"}'
|
||||
applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","wise":"Wise","headscale":"Headscale","settings":"Settings"}'
|
||||
applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","wise":"0.0.1","headscale":"0.0.1","settings":"0.0.1"}'
|
||||
applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","wise":"https://file.bttcdn.com/appstore/rss/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png","studio":"https://file.bttcdn.com/appstore/devbox/icon.png"}'
|
||||
applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","wise":"Wise","headscale":"Headscale","settings":"Settings","studio":"Studio"}'
|
||||
applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","wise":"0.0.1","headscale":"0.0.1","settings":"0.0.1","studio":"0.0.1"}'
|
||||
applications.app.bytetrade.io/policies: '{"dashboard":{"policies":[{"entranceName":"dashboard","uriRegex":"/js/script.js", "level":"public"},{"entranceName":"dashboard","uriRegex":"/js/api/send", "level":"public"}]}}'
|
||||
applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"wise":[{"name":"wise", "host":"wise-svc", "port":80,"title":"Wise","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}]}'
|
||||
applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"wise":[{"name":"wise", "host":"wise-svc", "port":80,"title":"Wise","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}],"studio":[{"name":"studio","host":"studio-svc","port":8080,"title":"Studio","openMethod":"window"}]}'
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
@@ -190,7 +203,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: control-hub-init
|
||||
image: beclab/admin-console-frontend-v1:v0.5.1
|
||||
image: beclab/admin-console-frontend-v1:v0.5.8
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -202,7 +215,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: profile-editor-init
|
||||
image: beclab/profile-editor:v0.2.1
|
||||
image: beclab/profile-editor:v0.2.21
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -214,7 +227,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: profile-preview-init
|
||||
image: beclab/profile-preview:v0.2.1
|
||||
image: beclab/profile-preview:v0.2.21
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -226,7 +239,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: wise-init
|
||||
image: beclab/wise:v1.3.38
|
||||
image: beclab/wise:v1.3.55
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -238,7 +251,7 @@ spec:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: settings-init
|
||||
image: beclab/settings:v0.2.11
|
||||
image: beclab/settings:v0.2.19
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -249,6 +262,18 @@ spec:
|
||||
volumeMounts:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
- name: studio-init
|
||||
image: beclab/studio:v0.2.11
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
mkdir -p /www/studio
|
||||
cp -r /app/* /www/studio
|
||||
volumeMounts:
|
||||
- mountPath: /www
|
||||
name: www-dir
|
||||
containers:
|
||||
- name: terminus-envoy-sidecar
|
||||
image: bytetrade/envoy:v1.25.11
|
||||
@@ -284,6 +309,7 @@ spec:
|
||||
- containerPort: 84
|
||||
- containerPort: 85
|
||||
- containerPort: 86
|
||||
- containerPort: 87
|
||||
- containerPort: 8090
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -321,6 +347,9 @@ spec:
|
||||
- name: system-frontend-nginx-config
|
||||
mountPath: /etc/nginx/conf.d/settings.conf
|
||||
subPath: settings.conf
|
||||
- name: system-frontend-nginx-config
|
||||
mountPath: /etc/nginx/conf.d/studio.conf
|
||||
subPath: studio.conf
|
||||
env:
|
||||
- name: POD_UID
|
||||
valueFrom:
|
||||
@@ -339,7 +368,7 @@ spec:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: terminus-ws-sidecar
|
||||
image: 'beclab/ws-gateway:v1.0.4'
|
||||
image: 'beclab/ws-gateway:v1.0.5'
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /ws-gateway
|
||||
@@ -352,7 +381,7 @@ spec:
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
- name: settings-server
|
||||
image: beclab/settings-server:v0.2.12
|
||||
image: beclab/settings-server:v0.2.19
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
@@ -423,6 +452,8 @@ spec:
|
||||
path: headscale.conf
|
||||
- key: settings.conf
|
||||
path: settings.conf
|
||||
- key: studio.conf
|
||||
path: studio.conf
|
||||
|
||||
|
||||
---
|
||||
@@ -478,6 +509,31 @@ status:
|
||||
---
|
||||
apiVersion: sys.bytetrade.io/v1alpha1
|
||||
kind: ApplicationPermission
|
||||
metadata:
|
||||
name: studio
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
spec:
|
||||
app: studio
|
||||
appid: studio
|
||||
key: {{ .Values.os.studio.appKey }}
|
||||
secret: {{ .Values.os.studio.appSecret }}
|
||||
permissions:
|
||||
- dataType: app
|
||||
group: service.appstore
|
||||
ops:
|
||||
- InstallDevApp
|
||||
- UninstallDevApp
|
||||
version: v1
|
||||
- dataType: legacy_api
|
||||
group: api.intent
|
||||
ops:
|
||||
- POST
|
||||
version: v2
|
||||
status:
|
||||
state: active
|
||||
---
|
||||
apiVersion: sys.bytetrade.io/v1alpha1
|
||||
kind: ApplicationPermission
|
||||
metadata:
|
||||
name: settings
|
||||
namespace: user-system-{{ .Values.bfl.username }}
|
||||
@@ -1321,3 +1377,189 @@ data:
|
||||
add_header Cache-Control "public, max-age=2678400";
|
||||
}
|
||||
}
|
||||
studio.conf: |-
|
||||
upstream SettingsServerStudio {
|
||||
server monitoring-server.os-system;
|
||||
}
|
||||
|
||||
upstream MiddlewareStudio {
|
||||
server middleware-service.os-system;
|
||||
}
|
||||
|
||||
upstream AnalyticsStudio {
|
||||
server anayltic2-server.os-system:3010;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 87;
|
||||
# Gzip Settings
|
||||
gzip off;
|
||||
gzip_disable "msie6";
|
||||
gzip_min_length 1k;
|
||||
gzip_buffers 16 64k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_comp_level 6;
|
||||
gzip_types *;
|
||||
root /www/studio;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/index.html /index.html;
|
||||
add_header Cache-Control "private,no-cache";
|
||||
add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
|
||||
expires 0;
|
||||
}
|
||||
|
||||
location /api/command {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/apps {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/app-cfg {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/app-state {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/app-status {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/list-my-containers {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
location /api/files {
|
||||
proxy_pass http://studio-server:8080;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
proxy_read_timeout 180;
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:40010;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
location /bfl {
|
||||
add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
|
||||
proxy_pass http://bfl;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
}
|
||||
|
||||
location /kapis {
|
||||
proxy_pass http://SettingsServerStudio;
|
||||
}
|
||||
|
||||
location /api/profile/init {
|
||||
proxy_pass http://127.0.0.1:3010;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /api {
|
||||
proxy_pass http://SettingsServerStudio;
|
||||
}
|
||||
|
||||
location /capi {
|
||||
proxy_pass http://SettingsServerStudio;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-real-ip $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location = /js/api/send {
|
||||
proxy_pass http://AnalyticsStudio;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
rewrite ^/js(.*)$ $1 break;
|
||||
}
|
||||
|
||||
location /analytics_service {
|
||||
proxy_pass http://AnalyticsStudio;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
rewrite ^/analytics_service(.*)$ $1 break;
|
||||
}
|
||||
|
||||
location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
|
||||
proxy_pass http://SettingsServerStudio;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
|
||||
location = /js/script.js {
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
}
|
||||
|
||||
location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
|
||||
add_header Cache-Control "public, max-age=2678400";
|
||||
}
|
||||
}
|
||||
@@ -83,7 +83,7 @@ spec:
|
||||
value: os_system_vault
|
||||
containers:
|
||||
- name: vault-server
|
||||
image: beclab/vault-server:v1.3.38
|
||||
image: beclab/vault-server:v1.3.55
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
@@ -114,7 +114,7 @@ spec:
|
||||
- name: vault-attach
|
||||
mountPath: /padloc/packages/server/attachments
|
||||
- name: vault-admin
|
||||
image: beclab/vault-admin:v1.3.38
|
||||
image: beclab/vault-admin:v1.3.55
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3010
|
||||
|
||||
@@ -88,13 +88,13 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: vault-frontend
|
||||
image: beclab/vault-frontend:v1.3.38
|
||||
image: beclab/vault-frontend:v1.3.55
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
- name: notification-server
|
||||
image: beclab/vault-notification:v1.3.38
|
||||
image: beclab/vault-notification:v1.3.55
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3010
|
||||
|
||||
@@ -48,7 +48,7 @@ if (-Not (Test-Path $CLI_PROGRAM_PATH)) {
|
||||
New-Item -Path $CLI_PROGRAM_PATH -ItemType Directory
|
||||
}
|
||||
|
||||
$CLI_VERSION = "0.1.116"
|
||||
$CLI_VERSION = "0.1.127"
|
||||
$CLI_FILE = "olares-cli-v{0}_windows_{1}.tar.gz" -f $CLI_VERSION, $arch
|
||||
$CLI_URL = "{0}/{1}" -f $downloadUrl, $CLI_FILE
|
||||
$CLI_PATH = "{0}{1}" -f $CLI_PROGRAM_PATH, $CLI_FILE
|
||||
|
||||
@@ -74,7 +74,7 @@ if [ -z ${cdn_url} ]; then
|
||||
cdn_url="https://dc3p1870nn3cj.cloudfront.net"
|
||||
fi
|
||||
|
||||
CLI_VERSION="0.1.116"
|
||||
CLI_VERSION="0.1.127"
|
||||
CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
|
||||
if [[ x"$os_type" == x"Darwin" ]]; then
|
||||
CLI_FILE="olares-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
|
||||
|
||||
@@ -157,7 +157,7 @@ fi
|
||||
|
||||
set_master_host_ssh_options
|
||||
|
||||
CLI_VERSION="0.1.116"
|
||||
CLI_VERSION="0.1.127"
|
||||
CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
|
||||
|
||||
if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$CLI_VERSION" ]]; then
|
||||
|
||||
@@ -146,7 +146,7 @@ function get_app_key_secret(){
|
||||
|
||||
function get_app_settings(){
|
||||
local username=$1
|
||||
local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "devbox" "profile" "agent" "files")
|
||||
local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "studio" "profile" "agent" "files")
|
||||
for a in ${apps[@]};do
|
||||
ks=($(get_app_key_secret "$username" "$a"))
|
||||
echo '
|
||||
@@ -175,7 +175,7 @@ function gen_bfl_values(){
|
||||
echo '
|
||||
bfl:
|
||||
nodeport: '${user_bfl_port}'
|
||||
username: '${username}'
|
||||
username: "'${username}'"
|
||||
|
||||
userspace_rand16: '${userspace_rand16}'
|
||||
userspace_pv: '${pvc_path[2]}'
|
||||
@@ -263,7 +263,16 @@ function get_appservice_pod(){
|
||||
}
|
||||
|
||||
function get_appservice_status(){
|
||||
$sh_c "${KUBECTL} get pod -n os-system -l 'tier=app-service' -o jsonpath='{.items[*].status.phase}'"
|
||||
local s=$($sh_c "${KUBECTL} get pods app-service-0 -n os-system --no-headers|awk '{print \$3}'")
|
||||
if [[ $s == "Running" ]]; then
|
||||
local ip=$($sh_c "${KUBECTL} get svc -n os-system app-service --no-headers|awk '{print \$3}'")
|
||||
curl -SsIk https://${ip}:8433 > /dev/null
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "initializing"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "$s"
|
||||
}
|
||||
|
||||
function get_desktop_status(){
|
||||
@@ -279,7 +288,7 @@ function get_vault_status(){
|
||||
|
||||
function get_bfl_status(){
|
||||
local username=$1
|
||||
$sh_c "${KUBECTL} get pod -n user-space-${username} -l 'tier=bfl' -o jsonpath='{.items[*].status.phase}'"
|
||||
$sh_c "${KUBECTL} get pods bfl-0 -n user-space-${username} --no-headers|awk '{print \$3}'"
|
||||
}
|
||||
|
||||
function get_fileserver_status(){
|
||||
@@ -519,17 +528,40 @@ function upgrade_terminus(){
|
||||
# upgrade_jfs ${users[@]}
|
||||
local selfhosted=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.selfhosted}'")
|
||||
local domainname=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.settings.domainName}'")
|
||||
local current_version=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.version}'")
|
||||
sed -i "s/#__DOMAIN_NAME__/${domainname}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
|
||||
sed -i "s/#__SELFHOSTED__/${selfhosted}/" ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml
|
||||
|
||||
echo "Upgrading olares system components ... "
|
||||
gen_settings_values ${admin_user}
|
||||
ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings -n default --reuse-values"
|
||||
ensure_success $sh_c "${HELM} upgrade -i settings ${BASE_DIR}/wizard/config/settings -n default --reuse-values --atomic"
|
||||
|
||||
local new_version=$($sh_c "${KUBECTL} get terminus terminus -o jsonpath='{.spec.version}'")
|
||||
if [ "$new_version" == "$current_version" ]; then
|
||||
echo "get new version error, try to get from file"
|
||||
new_version=$(grep version ${BASE_DIR}/wizard/config/settings/templates/terminus_cr.yaml|awk '{print $2}')
|
||||
echo "find new version from file: ${new_version}"
|
||||
fi
|
||||
$sh_c "${KUBECTL} patch terminus terminus --type=merge --patch='{\"spec\": {\"version\":\"${current_version}\"}}'"
|
||||
|
||||
# patch
|
||||
ensure_success $sh_c "${KUBECTL} apply -f ${BASE_DIR}/deploy/patch-globalrole-workspace-manager.yaml"
|
||||
ensure_success $sh_c "$KUBECTL apply -f ${BASE_DIR}/deploy/patch-notification-manager.yaml"
|
||||
|
||||
echo "Upgrading admin ${admin_user}'s launcher ... "
|
||||
gen_bfl_values ${admin_user}
|
||||
|
||||
# gen bfl app key and secret
|
||||
bfl_ks=($(get_app_key_secret ${admin_user} "bfl"))
|
||||
|
||||
# install launcher , and init pv
|
||||
ensure_success $sh_c "${HELM} upgrade -i launcher-${admin_user} ${BASE_DIR}/wizard/config/launcher -n user-space-${admin_user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
|
||||
|
||||
echo 'Starting BFL ...'
|
||||
check_bfl ${admin_user}
|
||||
echo
|
||||
|
||||
|
||||
# clear apps values.yaml
|
||||
cat /dev/null > ${BASE_DIR}/wizard/config/apps/values.yaml
|
||||
cat /dev/null > ${BASE_DIR}/wizard/config/launcher/values.yaml
|
||||
@@ -540,49 +572,8 @@ function upgrade_terminus(){
|
||||
done
|
||||
|
||||
local ks_redis_pwd=$($sh_c "${KUBECTL} get secret -n kubesphere-system redis-secret -o jsonpath='{.data.auth}' |base64 -d")
|
||||
for user in ${users[@]}; do
|
||||
echo "Upgrading user ${user} ... "
|
||||
gen_bfl_values ${user}
|
||||
|
||||
# gen bfl app key and secret
|
||||
bfl_ks=($(get_app_key_secret ${user} "bfl"))
|
||||
|
||||
# install launcher , and init pv
|
||||
ensure_success $sh_c "${HELM} upgrade -i launcher-${user} ${BASE_DIR}/wizard/config/launcher -n user-space-${user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
|
||||
|
||||
gen_app_values ${user}
|
||||
close_apps ${user}
|
||||
|
||||
for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
|
||||
if [ -d "$appdir" ]; then
|
||||
releasename=$(basename "$appdir")
|
||||
if [ "$user" != "$admin_user" ];then
|
||||
releasename=${releasename}-${user}
|
||||
fi
|
||||
ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${user} --reuse-values --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
|
||||
fi
|
||||
done
|
||||
|
||||
done
|
||||
|
||||
echo 'Waiting for Vault ...'
|
||||
check_vault ${admin_user}
|
||||
echo
|
||||
|
||||
echo 'Starting BFL ...'
|
||||
check_bfl ${admin_user}
|
||||
echo
|
||||
|
||||
echo 'Starting files ...'
|
||||
check_fileserver
|
||||
check_filesfe ${admin_user}
|
||||
echo
|
||||
|
||||
echo 'Starting Desktop ...'
|
||||
check_desktop ${admin_user}
|
||||
echo
|
||||
|
||||
# upgrade app service in the last. keep app service online longer
|
||||
# upgrade app service
|
||||
local terminus_is_cloud_version=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.terminus-is-cloud-version}'")
|
||||
local backup_cluster_bucket=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-cluster-bucket}'")
|
||||
local backup_key_prefix=$($sh_c "${KUBECTL} get cm -n os-system backup-config -o jsonpath='{.data.backup-key-prefix}'")
|
||||
@@ -594,10 +585,72 @@ function upgrade_terminus(){
|
||||
--set backup.key_prefix=\"${backup_key_prefix}\" --set backup.is_cloud_version=\"${terminus_is_cloud_version}\" \
|
||||
--set backup.sync_secret=\"${backup_secret}\""
|
||||
|
||||
local market_provider=$($sh_c "${KUBECTL} get deploy -n user-space-${admin_user} market-deployment -o jsonpath='{.spec.template.spec.containers[1].env[?(@.name==\"MARKET_PROVIDER\")].value }'")
|
||||
if [ "$market_provider" != "" ]; then
|
||||
$sh_c "${KUBECTL} set env sts/app-service -n os-system MARKET_PROVIDER=${market_provider}"
|
||||
fi
|
||||
|
||||
echo 'Waiting for App-Service ...'
|
||||
check_appservice
|
||||
sleep 2 # wait for controller reconiling
|
||||
echo
|
||||
|
||||
# update kvrocks namespace
|
||||
$sh_c "${KUBECTL} rollout restart deployment tapr-middleware -n os-system"
|
||||
|
||||
for user in ${users[@]}; do
|
||||
check_appservice
|
||||
echo "Upgrading user ${user} ... "
|
||||
gen_bfl_values ${user}
|
||||
|
||||
if [ "$user" != "$admin_user" ];then
|
||||
# gen bfl app key and secret
|
||||
bfl_ks=($(get_app_key_secret ${user} "bfl"))
|
||||
|
||||
# install launcher , and init pv
|
||||
ensure_success $sh_c "${HELM} upgrade -i launcher-${user} ${BASE_DIR}/wizard/config/launcher -n user-space-${user} --set bfl.appKey=${bfl_ks[0]} --set bfl.appSecret=${bfl_ks[1]} -f ${BASE_DIR}/wizard/config/launcher/values.yaml --reuse-values"
|
||||
fi
|
||||
|
||||
gen_app_values ${user}
|
||||
close_apps ${user}
|
||||
|
||||
for appdir in "${BASE_DIR}/wizard/config/apps"/*/; do
|
||||
if [ -d "$appdir" ]; then
|
||||
releasename=$(basename "$appdir")
|
||||
|
||||
# ignore wizard
|
||||
# FIXME: unintitialized user's wizard should be upgrade
|
||||
if [ x"${releasename}" == x"wizard" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
if [ "$user" != "$admin_user" ];then
|
||||
releasename=${releasename}-${user}
|
||||
fi
|
||||
ensure_success $sh_c "${HELM} upgrade -i ${releasename} ${appdir} -n user-space-${user} --reuse-values --set kubesphere.redis_password=${ks_redis_pwd} -f ${BASE_DIR}/wizard/config/apps/values.yaml"
|
||||
fi
|
||||
done
|
||||
|
||||
# update user market env
|
||||
if [[ "$user" != "$admin_user" && "$market_provider" != "" ]];then
|
||||
$sh_c "${KUBECTL} set env deployment/market-deployment -n user-space-${user} MARKET_PROVIDER=${market_provider}"
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
echo 'Waiting for Vault ...'
|
||||
check_vault ${admin_user}
|
||||
echo
|
||||
|
||||
echo 'Starting files ...'
|
||||
check_fileserver
|
||||
check_filesfe ${admin_user}
|
||||
echo
|
||||
|
||||
echo 'Starting Desktop ...'
|
||||
check_desktop ${admin_user}
|
||||
echo
|
||||
|
||||
$sh_c "${KUBECTL} patch terminus terminus --type=merge --patch='{\"spec\": {\"version\":\"${new_version}\"}}'"
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -7,14 +7,14 @@ metadata:
|
||||
iam.kubesphere.io/uninitialized: "true"
|
||||
helm.sh/resource-policy: keep
|
||||
bytetrade.io/owner-role: platform-admin
|
||||
bytetrade.io/terminus-name: {{.Values.user.terminus_name}}
|
||||
bytetrade.io/terminus-name: "{{.Values.user.terminus_name}}"
|
||||
bytetrade.io/launcher-auth-policy: two_factor
|
||||
bytetrade.io/launcher-access-level: "1"
|
||||
{{ if .Values.nat_gateway_ip }}
|
||||
bytetrade.io/nat-gateway-ip: {{ .Values.nat_gateway_ip }}
|
||||
{{ end }}
|
||||
spec:
|
||||
email: {{.Values.user.email}}
|
||||
password: {{.Values.user.password}}
|
||||
email: "{{.Values.user.email}}"
|
||||
password: "{{.Values.user.password}}"
|
||||
status:
|
||||
state: Active
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
olaresd-v0.0.60.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v0.0.60-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v0.0.60-linux-arm64.tar.gz,olaresd
|
||||
olaresd-v1.11.7.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.11.7-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.11.7-linux-arm64.tar.gz,olaresd
|
||||
socat-1.7.3.2.tar.gz,pkg/components,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,socat
|
||||
conntrack-tools-1.4.1.tar.gz,pkg/components,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,conntrack-tools
|
||||
minio.RELEASE.2023-05-04T21-44-30Z,pkg/components,https://dl.min.io/server/minio/release/linux-amd64/archive/minio.RELEASE.2023-05-04T21-44-30Z,https://dl.min.io/server/minio/release/linux-arm64/archive/minio.RELEASE.2023-05-04T21-44-30Z,minio
|
||||
@@ -20,3 +20,5 @@ debian11_cuda-keyring_1.1-1_all.deb,pkg/components,https://developer.download.nv
|
||||
libnvidia-gpgkey,pkg/components,https://nvidia.github.io/libnvidia-container/gpgkey,https://nvidia.github.io/libnvidia-container/gpgkey,libnvidia-gpgkey
|
||||
libnvidia-container.list,pkg/components,https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list,https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list,libnvidia-container.list
|
||||
|
||||
restic-linux-0.17.3,pkg/components,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_linux_amd64.bz2,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_linux_arm64.bz2,restic
|
||||
restic-darwin-0.17.3,pkg/components,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_darwin_amd64.bz2,https://github.com/restic/restic/releases/download/v0.17.3/restic_0.17.3_darwin_arm64.bz2,restic
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
beclab/ks-apiserver:v3.3.0-ext-3
|
||||
beclab/ks-apiserver:v3.3.0-ext-5
|
||||
beclab/kube-state-metrics:v2.3.0-ext
|
||||
beclab/notification-manager-ext:v0.1.1-ext
|
||||
beclab/notification-manager-operator-ext:v0.1.0-ext
|
||||
@@ -53,7 +53,7 @@ quay.io/argoproj/workflow-controller:v3.5.0
|
||||
redis:5.0.14-alpine
|
||||
beclab/velero:v1.11.3
|
||||
beclab/velero-plugin-for-terminus:v1.0.2
|
||||
beclab/l4-bfl-proxy:v0.2.7
|
||||
beclab/l4-bfl-proxy:v0.2.8
|
||||
gcr.io/k8s-minikube/storage-provisioner:v5
|
||||
owncloudci/wait-for:latest
|
||||
beclab/recommend-argotask:v0.0.12
|
||||
@@ -67,6 +67,7 @@ rancher/mirrored-library-busybox:1.34.1
|
||||
rancher/mirrored-library-traefik:2.6.2
|
||||
rancher/mirrored-metrics-server:v0.5.2
|
||||
rancher/mirrored-pause:3.6
|
||||
beclab/reverse-proxy:v0.1.4
|
||||
beclab/reverse-proxy:v0.1.9
|
||||
beclab/upgrade-job:0.1.7
|
||||
bytetrade/envoy:v1.25.11.1
|
||||
alpine:3.14
|
||||
|
||||
@@ -116,6 +116,8 @@ spec:
|
||||
ports:
|
||||
items:
|
||||
properties:
|
||||
addToTailscaleAcl:
|
||||
type: boolean
|
||||
exposePort:
|
||||
format: int32
|
||||
type: integer
|
||||
@@ -128,7 +130,7 @@ spec:
|
||||
type: integer
|
||||
protocol:
|
||||
description: The protocol for this entrance. Supports "tcp"
|
||||
and "udp". Default is tcp.
|
||||
and "udp","". Default is tcp/udp, "" mean tcp and udp.
|
||||
type: string
|
||||
required:
|
||||
- host
|
||||
@@ -141,6 +143,33 @@ spec:
|
||||
type: string
|
||||
description: the extend settings of the application
|
||||
type: object
|
||||
tailscale:
|
||||
properties:
|
||||
acls:
|
||||
items:
|
||||
properties:
|
||||
action:
|
||||
type: string
|
||||
dst:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
proto:
|
||||
type: string
|
||||
src:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- dst
|
||||
- proto
|
||||
type: object
|
||||
type: array
|
||||
subRoutes:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
tailscaleAcls:
|
||||
items:
|
||||
properties:
|
||||
|
||||
@@ -149,7 +149,7 @@ spec:
|
||||
priorityClassName: "system-cluster-critical"
|
||||
containers:
|
||||
- name: app-service
|
||||
image: beclab/app-service:0.2.82
|
||||
image: beclab/app-service:0.2.98
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
@@ -163,9 +163,9 @@ spec:
|
||||
- name: KS_APISERVER_SERVICE_PORT
|
||||
value: '80'
|
||||
- name: REQUIRE_PERMISSION_APPS
|
||||
value: "vault,desktop,message,wise,search,appstore,notification,dashboard,settings,devbox,profile"
|
||||
value: "vault,desktop,message,wise,search,appstore,notification,dashboard,settings,studio,profile"
|
||||
- name: SYS_APPS
|
||||
value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard,nitro,system-frontend"
|
||||
value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard,nitro,system-frontend,studio"
|
||||
- name: GENERATED_APPS
|
||||
value: "citus,mongo-cluster-cfg,mongo-cluster-mongos,mongo-cluster-rs0,frp-agent,l4-bfl-proxy,drc-redis-cluster,appdata-backend,argoworkflows,argoworkflow-workflow-controller,velero,kvrocks"
|
||||
- name: WS_CONTAINER_IMAGE
|
||||
@@ -367,7 +367,7 @@ spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: image-service
|
||||
image: beclab/image-service:0.2.66
|
||||
image: beclab/image-service:0.2.98
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
|
||||
@@ -243,7 +243,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: api
|
||||
image: beclab/bfl:v0.3.70
|
||||
image: beclab/bfl:v0.3.74
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
@@ -287,16 +287,20 @@ spec:
|
||||
- name: BACKUP_SERVER
|
||||
value: backup-server.os-system:8082
|
||||
- name: L4_PROXY_IMAGE_VERSION
|
||||
value: v0.2.7
|
||||
value: v0.2.8
|
||||
- name: REVERSE_PROXY_AGENT_IMAGE_VERSION
|
||||
value: v0.1.4
|
||||
value: v0.1.9
|
||||
- name: TERMINUS_CERT_SERVICE_API
|
||||
value: {{ .Values.bfl.terminus_cert_service_api }}
|
||||
- name: TERMINUS_DNS_SERVICE_API
|
||||
value: {{ .Values.bfl.terminus_dns_service_api }}
|
||||
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: spec.nodeName
|
||||
- name: ingress
|
||||
image: beclab/bfl-ingress:v0.2.22
|
||||
image: beclab/bfl-ingress:v0.2.23
|
||||
imagePullPolicy: IfNotPresent
|
||||
volumeMounts:
|
||||
- name: ngxlog
|
||||
|
||||
@@ -99,7 +99,7 @@ spec:
|
||||
- name: DISABLE_TELEMETRY
|
||||
value: "false"
|
||||
- name: operator-api
|
||||
image: beclab/middleware-operator:0.1.40
|
||||
image: beclab/middleware-operator:0.1.43
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9080
|
||||
|
||||
@@ -77,7 +77,7 @@ spec:
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 20m
|
||||
memory: 100Mi
|
||||
memory: 60Mi
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -338,7 +338,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: authelia
|
||||
image: beclab/auth:0.1.41
|
||||
image: beclab/auth:0.1.44
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 9091
|
||||
|
||||
@@ -28,7 +28,7 @@ spec:
|
||||
name: check-auth
|
||||
containers:
|
||||
- name: auth-front
|
||||
image: beclab/login:v0.1.39
|
||||
image: beclab/login:v0.1.40
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
@@ -286,6 +286,8 @@ spec:
|
||||
- name: proxy
|
||||
containerPort: 8080
|
||||
env:
|
||||
- name: INFISICAL_URL
|
||||
value: http://localhost:4000
|
||||
- name: OWNER
|
||||
value: '{{ .Values.bfl.username }}'
|
||||
- name: PG_USER
|
||||
|
||||
Reference in New Issue
Block a user