fix(desktop): improve data refresh logic by socket after network reconnection

backup-server: improve url check for snapshots retrieval and restore interface

.github/workflows/check.yaml

@@ -37,17 +37,8 @@ jobs:
         run: |
           bash scripts/package.sh
 
-      - name: Run chart-testing (list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed --chart-dirs build/installer/wizard/config --target-branch ${{ github.event.repository.default_branch }})
-          if [[ -n "$changed" ]]; then
-            echo "changed=true" >> "$GITHUB_OUTPUT"
-          fi
-
       - name: Run chart-testing (lint)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --chart-dirs build/installer/wizard/config --check-version-increment=false --target-branch ${{ github.event.repository.default_branch }}
+        run: ct lint --chart-dirs build/installer/wizard/config,build/installer/wizard/config/apps,build/installer/wizard/config/gpu --check-version-increment=false --all
 
       # - name: Create kind cluster
       #   if: steps.list-changed.outputs.changed == 'true'

.github/workflows/daily-lint-check.yaml

@@ -0,0 +1,37 @@
+name: Lint Check Charts
+
+on:
+  schedule:
+    # This is a UTC time
+    - cron: "30 1 * * *"
+  workflow_dispatch:
+
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+          
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.12.1
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.6.0
+      
+      - name: Pre package
+        run: |
+          bash scripts/package.sh
+
+      - name: Run chart-testing (lint)
+        run: |
+          ct lint --chart-dirs build/installer/wizard/config,build/installer/wizard/config/apps,build/installer/wizard/config/gpu --check-version-increment=false --all
+

README.md

@@ -65,19 +65,14 @@ Here is why and where you can count on Olares for private, powerful, and secure
 ## Getting started
 
 ### System compatibility
-Olares has been tested and verified on the following platforms:
 
-| Platform            | Operating system                     | Notes                                                 |
-|---------------------|--------------------------------------|-------------------------------------------------------|
-| Linux               | Ubuntu 20.04 LTS or later <br/> Debian 11 or later |                                          |
-| Raspberry Pi        | RaspbianOS                           | Verified on Raspberry Pi 4 Model B and Raspberry Pi 5 |
-| Windows             | Windows 11 23H2 or later <br/>Windows 10 22H2 or later<br/> WSL2 |                                     |
-| Mac                 | Monterey (12) or later              |                                                        |
-| Proxmox VE (PVE)    | Proxmox Virtual Environment 8.0      |                                                       |
+Olares has been tested and verified on the following Linux platforms:
 
-> **Note**
-> 
-> If you successfully install Olares on an operating system that is not listed in the compatibility table, please let us know! You can [open an issue](https://github.com/beclab/Olares/issues/new) or submit a pull request on our GitHub repository.
+- Ubuntu 20.04 LTS or later 
+- Debian 11 or later
+
+> **Other installation options**
+> Olares can also be installed on other platforms like macOS, Windows, PVE, and Raspberry Pi, or installed via docker compose on Linux. However, these are only for **testing and development purposes**. For detailed instructions, visit [Additional installation options](https://docs.olares.xyz/developer/install/additional-installations.html).
 
 ### Set up Olares
 To get started with Olares on your own device, follow the [Getting Started Guide](https://docs.olares.xyz/manual/get-started/) for step-by-step instructions.

README_CN.md

@@ -62,25 +62,18 @@ Olares 是为本地端侧 AI 打造的开源私有云操作系统，可轻松将
 ## 快速开始
 
 ### 系统兼容性
-Olares 已在以下平台完成测试验证：
 
-| 平台            | 操作系统                     | 备注                                                 |
-|---------------------|--------------------------------------|-------------------------------------------------------|
-| Linux               | Ubuntu 20.04 LTS 及以上 <br/> Debian 11 及以上  |                                               |
-| Raspberry Pi        | RaspbianOS                           | 已在 Raspberry Pi 4 Model B 和 Raspberry Pi 5 上验证    |
-| Windows             | Windows 11 23H2 及以上 <br/>Windows 10 22H2 及以上 <br/>WSL2 |                                           |
-| Mac                  | macOS Monterey (12) 及以上             |                                                         |
-| Proxmox VE (PVE)    | Proxmox Virtual Environment 8.0      |                                                         |
+Olares 已在以下 Linux 平台完成测试与验证：
 
-> **注意**
-> 
-> 如果你在未列出的系统版本上成功安装了 Olares，请告诉我们！你可以在 GitHub 仓库中[提交 Issue](https://github.com/beclab/Olares/issues/new) 或发起 Pull Request。
+- Ubuntu 20.04 LTS 及以上版本
+- Debian 11 及以上版本
+
+> **其他安装方式**
+> Olares 也支持在 macOS、Windows、PVE、树莓派等平台上运行，或通过 Docker Compose 在 Linux 上部署。但请注意，这些方式**仅适用于开发和测试环境**。详细安装指南请参阅[其他安装方式](https://docs.joinolares.cn/zh/developer/install/additional-installations.html)。
 
 ### 安装 Olares
-
-> 当前文档仅有英文版本。
  
-参考[快速上手指南](https://docs.olares.xyz/manual/get-started/)安装并激活 Olares。
+参考[快速上手指南](https://docs.joinolares.cn/zh/manual/get-started/)安装并激活 Olares。
 
 ## 系统架构
 Olares 的架构设计遵循两个核心原则：

README_JP.md

@@ -63,19 +63,14 @@ Olaresを使用して、ハードウェアをAIホームサーバーに変換し
 ## はじめに
 
 ### システム互換性
-Olaresは以下のプラットフォームでテストおよび検証されています：
 
-| プラットフォーム            | オペレーティングシステム                     | 備考                                                 |
-|---------------------|--------------------------------------|-------------------------------------------------------|
-| Linux               | Ubuntu 20.04 LTS以降 <br/> Debian 11以降 |                                          |
-| Raspberry Pi        | RaspbianOS                           | Raspberry Pi 4 Model BおよびRaspberry Pi 5で検証済み |
-| Windows             | Windows 11 23H2以降 <br/>Windows 10 22H2以降<br/> WSL2 |                                     |
-| Mac                 | Monterey (12)以降              |                                                        |
-| Proxmox VE (PVE)    | Proxmox Virtual Environment 8.0      |                                                       |
+Olaresは以下のLinuxプラットフォームで動作検証を完了しています：
 
-> **注意**
-> 
-> 互換性テーブルに記載されていないオペレーティングシステムでOlaresを正常にインストールした場合は、お知らせください！GitHubリポジトリで[問題を開く](https://github.com/beclab/Olares/issues/new)か、プルリクエストを送信できます。
+- Ubuntu 20.04 LTS 以降
+- Debian 11 以降
+
+> **追加インストール手順**
+> Olares は macOS、Windows、PVE、Raspberry Pi などのプラットフォームや、Linux 上での Docker Compose を用いたインストールにも対応しています。>ただし、これらの方法は開発およびテスト環境専用です。詳しくは[追加インストール手順](https://docs.olares.xyz/developer/install/additional-installations.html)をご参照ください。
 
 ### Olaresのセットアップ
 自分のデバイスでOlaresを始めるには、[はじめにガイド](https://docs.olares.xyz/manual/get-started/)に従ってステップバイステップの手順を確認してください。

apps/argo/config/cluster/deploy/argo-task.yaml

@@ -0,0 +1,67 @@
+{{- $namespace := printf "%s" "os-system" -}}
+{{- $rss_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
+{{- $password := "" -}}
+{{ if $rss_secret -}}
+{{ $password = (index $rss_secret "data" "pg_password") }}
+{{ else -}}
+{{ $password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+{{- $redis_password := "" -}}
+{{ if $rss_secret -}}
+{{ $redis_password = (index $rss_secret "data" "redis_password") }}
+{{ else -}}
+{{ $redis_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+
+{{- $redis_password_data := "" -}}
+{{ $redis_password_data = $redis_password | b64dec }}
+
+{{- $pg_password_data := "" -}}
+{{ $pg_password_data = $password | b64dec }}
+
+{{- $pg_user :=  printf "%s" "argo_os_system" -}}
+{{- $pg_user = $pg_user | b64enc -}}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rss-secrets
+  namespace: os-system
+type: Opaque
+data:
+  pg_user: {{ $pg_user }}
+  pg_password: {{ $password }}
+  redis_password: {{ $redis_password }}
+
+---
+
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: rss-pg
+  namespace: os-system
+spec:
+  app: rss
+  appNamespace: os-system
+  middleware: postgres
+  postgreSQL:
+    user: argo_os_system
+    password: 
+      valueFrom:
+        secretKeyRef:
+          key: pg_password
+          name: rss-secrets
+    databases:
+    - name: rss
+    - name: rss_v1
+    - name: argo
+
+
+
+
+
+    

apps/argo/config/cluster/deploy/server-crb.yaml

@@ -0,0 +1,26 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: os-system:argoworkflows
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argoworkflows
+subjects:
+  - kind: ServiceAccount
+    name: argoworkflows
+    namespace: os-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: os-system:argoworkflows-cluster-template
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argoworkflows-cluster-template
+subjects:
+  - kind: ServiceAccount
+    name: argoworkflows
+    namespace: os-system

apps/argo/config/cluster/deploy/server-deployment.yaml

@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argoworkflows
+  namespace: os-system
+  labels:
+    app: argoworkflows
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    applications.app.bytetrade.io/icon: https://argoproj.github.io/argo-workflows/assets/logo.png
+    applications.app.bytetrade.io/title: argoworkflows
+    applications.app.bytetrade.io/version: '0.35.0'
+spec:
+  selector:
+    matchLabels:
+      app: argoworkflows
+  template:
+    metadata:
+      labels:
+        app: argoworkflows
+    spec:
+      serviceAccountName: argoworkflows
+      containers:
+        - name: argo-server
+          image: quay.io/argoproj/argocli:v3.5.0
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+          args:
+            - server
+            - --configmap=argoworkflow-workflow-controller-configmap
+            - "--auth-mode=server"
+            - "--secure=false"
+            - "--x-frame-options="
+            - "--loglevel"
+            - "debug"
+            - "--gloglevel"
+            - "0"
+            - "--log-format"
+            - "text"
+          ports:
+            - name: web
+              containerPort: 2746
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 2746
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 20
+          env:
+            - name: IN_CLUSTER
+              value: "true"
+            - name: ARGO_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: BASE_HREF
+              value: /
+          volumeMounts:
+            - name: tmp
+              mountPath: /tmp
+        
+      volumes:
+        - name: tmp
+          emptyDir: {}
+      nodeSelector:
+        kubernetes.io/os: linux
+      tolerations:
+        - key: node.kubernetes.io/not-ready
+          operator: Exists
+          effect: NoExecute
+          tolerationSeconds: 300
+        - key: node.kubernetes.io/unreachable
+          operator: Exists
+          effect: NoExecute
+          tolerationSeconds: 300
+      
+

apps/argo/config/cluster/deploy/server-sa.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argoworkflows
+  namespace: os-system
+  

apps/argo/config/cluster/deploy/server-service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: argoworkflows-svc
+  namespace: os-system
+spec:
+  ports:
+  - port: 2746
+    name: http
+    protocol: TCP
+    targetPort: 2746
+  selector:
+    app: argoworkflows
+  sessionAffinity: None
+  type: ClusterIP
+  

apps/argo/config/cluster/deploy/workflow-controller-config-map.yaml

@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argoworkflow-workflow-controller-configmap
+  namespace: os-system
+data:
+  config: |
+    instanceID: os-system
+    artifactRepository:
+      archiveLogs: true
+      s3:
+        accessKeySecret:
+          key: AWS_ACCESS_KEY_ID
+          name: argo-workflow-log-fakes3
+        secretKeySecret:
+          key: AWS_SECRET_ACCESS_KEY
+          name: argo-workflow-log-fakes3
+        bucket: mongo-backup
+        endpoint: tapr-s3-svc:4568
+        insecure: true
+    persistence:
+      connectionPool:
+        maxIdleConns: 5
+        maxOpenConns: 0
+      archive: true
+      archiveTTL: 5d
+      postgresql:
+        host: citus-headless.os-system
+        port: 5432
+        database: os_system_argo
+        tableName: argo_workflows
+        userNameSecret:
+          name: rss-secrets
+          key: pg_user
+        passwordSecret:
+          name: rss-secrets
+          key: pg_password
+    nodeEvents:
+      enabled: true
+

apps/argo/config/cluster/deploy/workflow-controller-crb.yaml

@@ -0,0 +1,27 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: os-system:argoworkflow-workflow-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argoworkflow-workflow-controller
+subjects:
+  - kind: ServiceAccount
+    name: argoworkflow-workflow-controller
+    namespace: os-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: os-system:argoworkflow-workflow-controller-cluster-template
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argoworkflow-workflow-controller-cluster-template
+subjects:
+  - kind: ServiceAccount
+    name: argoworkflow-workflow-controller
+    namespace: os-system
+

apps/argo/config/cluster/deploy/workflow-controller-deployment.yaml

@@ -0,0 +1,89 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argoworkflow-workflow-controller
+  namespace: os-system
+  labels:
+    app.kubernetes.io/component: workflow-controller
+    app.kubernetes.io/instance: argo
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: argoworkflows-workflow-controller
+    app.kubernetes.io/part-of: argo-workflows
+    app.kubernetes.io/version: v3.5.0
+    helm.sh/chart: argoworkflows-0.35.0
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: argo
+      app.kubernetes.io/name: argoworkflows-workflow-controller
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: workflow-controller
+        app.kubernetes.io/instance: argo
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: argoworkflows-workflow-controller
+        app.kubernetes.io/part-of: argo-workflows
+        app.kubernetes.io/version: v3.5.0
+        helm.sh/chart: argoworkflows-0.35.0
+    spec:
+      serviceAccountName: argoworkflow-workflow-controller
+      serviceAccount: argoworkflow-workflow-controller
+      schedulerName: default-scheduler
+      containers:
+        - name: controller
+          image: quay.io/argoproj/workflow-controller:v3.5.0
+          imagePullPolicy: IfNotPresent
+          command: [ "workflow-controller" ]
+          args:
+          - "--configmap"
+          - "argoworkflow-workflow-controller-configmap"
+          - "--executor-image"
+          - "quay.io/argoproj/argoexec:v3.5.0"
+          - "--loglevel"
+          - "debug"
+          - "--gloglevel"
+          - "0"
+          - "--log-format"
+          - "text"
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+          env:
+            - name: ARGO_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: LEADER_ELECTION_IDENTITY
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+          
+          ports:
+            - name: metrics
+              containerPort: 9090
+              protocol: TCP
+            - containerPort: 6060
+              protocol: TCP
+          livenessProbe: 
+            httpGet:
+              path: /healthz
+              port: 6060
+              scheme: HTTP
+            initialDelaySeconds: 90
+            timeoutSeconds: 30
+            periodSeconds: 60
+            successThreshold: 1
+            failureThreshold: 3
+
+      nodeSelector:
+        kubernetes.io/os: linux
+      
+     

apps/argo/config/cluster/deploy/workflow-controller-sa.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argoworkflow-workflow-controller
+  namespace: os-system

apps/argo/config/cluster/deploy/workflow-controller-secrets.yaml

@@ -5,7 +5,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: argo-workflow-log-fakes3
-  namespace: {{ .Release.Namespace }}
+  namespace: os-system
 type: Opaque
 stringData:
   AWS_ACCESS_KEY_ID: S3RVER
@@ -16,7 +16,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: workflow-role
-  namespace: {{ .Release.Namespace }}
+  namespace: os-system
 rules:
 - apiGroups:
   - "*"
@@ -30,10 +30,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: workflow-rolebinding
-  namespace: {{ .Release.Namespace }}
+  namespace: os-system
 subjects:
   - kind: ServiceAccount
-    namespace: {{ .Release.Namespace }}
+    namespace: os-system
     name: default
 roleRef:
   kind: Role

apps/argo/config/cluster/deploy/workflow-rb.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: argoworkflow-workflow
+  namespace: os-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: argoworkflow-workflow
+subjects:
+  - kind: ServiceAccount
+    name: argo-workflow
+    namespace: os-system

apps/argo/config/cluster/deploy/workflow-role.yaml

@@ -1,10 +1,8 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ template "argo-workflows.fullname" $ }}-workflow
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
-  namespace: {{ $.Release.Namespace}}
+  name: argoworkflow-workflow
+  namespace: os-system
 rules:
   - apiGroups:
       - ""

apps/argo/config/user/helm-charts/argo/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: rss
+name: argo
 description: A Helm chart for Kubernetes
 maintainers:
 - name: bytetrade

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/Chart.yaml

@@ -1,39 +0,0 @@
-apiVersion: v2
-name: argoworkflows
-description: A Helm chart for Argo Workflows
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.35.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "v3.5.0"
-
-icon: https://argoproj.github.io/argo-workflows/assets/logo.png
-home: https://github.com/argoproj/argo-helm
-sources:
-  - https://github.com/argoproj/argo-workflows
-maintainers:
-  - name: argoproj
-    url: https://argoproj.github.io/
-annotations:
-  artifacthub.io/signKey: |
-    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
-    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
-  artifacthub.io/changes: |
-    - kind: changed
-      description: Upgrade to Argo Workflows v3.4.10

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/NOTES.txt

@@ -1,7 +0,0 @@
-1. Get Argo Server external IP/domain by running:
-
-kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }}
-
-2. Submit the hello-world workflow by running:
-
-argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/_helpers.tpl

@@ -1,189 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{/*
-Create argo workflows server name and version as used by the chart label.
-*/}}
-{{- define "argo-workflows.server.fullname-bak" -}}
-{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "argo-workflows.server.fullname" -}}
-argoworkflows
-{{- end -}}
-
-{{/*
-Create controller name and version as used by the chart label.
-*/}}
-{{- define "argo-workflows.controller.fullname" -}}
-{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "argo-workflows.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-*/}}
-{{/*{{- define "argo-workflows.fullname" -}}*/}}
-{{/*{{- if .Values.fullnameOverride -}}*/}}
-{{/*{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}*/}}
-{{/*{{- else -}}*/}}
-{{/*{{- $name := default .Chart.Name .Values.nameOverride -}}*/}}
-{{/*{{- if contains $name .Release.Name -}}*/}}
-{{/*{{- .Release.Name | trunc 63 | trimSuffix "-" -}}*/}}
-{{/*{{- else -}}*/}}
-{{/*{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}*/}}
-{{/*{{- end -}}*/}}
-{{/*{{- end -}}*/}}
-{{/*{{- end -}}*/}}
-
-{{- define "argo-workflows.fullname" -}}
-argoworkflow
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "argo-workflows.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create kubernetes friendly chart version label for the controller.
-Examples:
-image.tag = v3.4.4
-output    = v3.4.4
-
-image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696
-output    = v3.4.4
-*/}}
-{{- define "argo-workflows.controller_chart_version_label" -}}
-{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag) "") "" | trunc 63 | quote -}}
-{{- end -}}
-
-{{/*
-Create kubernetes friendly chart version label for the server.
-Examples:
-image.tag = v3.4.4
-output    = v3.4.4
-
-image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696
-output    = v3.4.4
-*/}}
-{{- define "argo-workflows.server_chart_version_label" -}}
-{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.server.image.tag) "") "" | trunc 63 | quote -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "argo-workflows.labels" -}}
-helm.sh/chart: {{ include "argo-workflows.chart" .context }}
-{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
-app.kubernetes.io/managed-by: {{ .context.Release.Service }}
-app.kubernetes.io/part-of: argo-workflows
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "argo-workflows.selectorLabels" -}}
-{{- if .name -}}
-app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }}
-{{ end -}}
-app.kubernetes.io/instance: {{ .context.Release.Name }}
-{{- if .component }}
-app.kubernetes.io/component: {{ .component }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create the name of the server service account to use
-*/}}
-{{- define "argo-workflows.serverServiceAccountName" -}}
-{{- if .Values.server.serviceAccount.create -}}
-    {{ default (include "argo-workflows.server.fullname" .) .Values.server.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.server.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the controller service account to use
-*/}}
-{{- define "argo-workflows.controllerServiceAccountName" -}}
-{{- if .Values.controller.serviceAccount.create -}}
-    {{ default (include "argo-workflows.controller.fullname" .) .Values.controller.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.controller.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for ingress
-*/}}
-{{- define "argo-workflows.ingress.apiVersion" -}}
-{{- if semverCompare "<1.14-0" (include "argo-workflows.kubeVersion" $) -}}
-{{- print "extensions/v1beta1" -}}
-{{- else if semverCompare "<1.19-0" (include "argo-workflows.kubeVersion" $) -}}
-{{- print "networking.k8s.io/v1beta1" -}}
-{{- else -}}
-{{- print "networking.k8s.io/v1" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the target Kubernetes version
-*/}}
-{{- define "argo-workflows.kubeVersion" -}}
-  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
-{{- end -}}
-
-{{/*
-Return the default Argo Workflows app version
-*/}}
-{{- define "argo-workflows.defaultTag" -}}
-  {{- default .Chart.AppVersion .Values.images.tag }}
-{{- end -}}
-
-{{/*
-Return full image name including or excluding registry based on existence
-*/}}
-{{- define "argo-workflows.image" -}}
-{{- if and .image.registry .image.repository -}}
-  {{ .image.registry }}/{{ .image.repository }}
-{{- else -}}
-  {{ .image.repository }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for autoscaling
-*/}}
-{{- define "argo-workflows.apiVersion.autoscaling" -}}
-{{- if .Values.apiVersionOverrides.autoscaling -}}
-{{- print .Values.apiVersionOverrides.autoscaling -}}
-{{- else if semverCompare "<1.23-0" (include "argo-workflows.kubeVersion" .) -}}
-{{- print "autoscaling/v2beta1" -}}
-{{- else -}}
-{{- print "autoscaling/v2" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for GKE resources
-*/}}
-{{- define "argo-workflows.apiVersions.cloudgoogle" -}}
-{{- if .Values.apiVersionOverrides.cloudgoogle -}}
-{{- print .Values.apiVersionOverrides.cloudgoogle -}}
-{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
-{{- print "cloud.google.com/v1" -}}
-{{- else -}}
-{{- print "cloud.google.com/v1beta1" -}}
-{{- end -}}
-{{- end -}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-config-map.yaml

@@ -1,208 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}-configmap
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
-data:
-  config: |
-    {{- if .Values.controller.instanceID.enabled }}
-      {{- if .Values.controller.instanceID.useReleaseName }}
-    instanceID: {{ .Release.Namespace }}
-      {{- else }}
-    instanceID: {{ .Values.controller.instanceID.explicitID }}
-      {{- end }}
-    {{- end }}
-    {{- if .Values.controller.parallelism }}
-    parallelism: {{ .Values.controller.parallelism }}
-    {{- end }}
-    {{- if .Values.controller.resourceRateLimit }}
-    resourceRateLimit: {{ toYaml .Values.controller.resourceRateLimit | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.namespaceParallelism }}
-    namespaceParallelism: {{ . }}
-    {{- end }}
-    {{- with .Values.controller.initialDelay }}
-    initialDelay: {{ . }}
-    {{- end }}
-    {{- if or .Values.mainContainer.resources .Values.mainContainer.env .Values.mainContainer.envFrom .Values.mainContainer.securityContext}}
-    mainContainer:
-      imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.mainContainer.imagePullPolicy }}
-      {{- with .Values.mainContainer.resources }}
-      resources: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.mainContainer.env }}
-      env: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.mainContainer.envFrom }}
-      envFrom: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.mainContainer.securityContext }}
-      securityContext: {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- end }}
-    {{- if or .Values.executor.resources .Values.executor.env .Values.executor.args .Values.executor.securityContext}}
-    executor:
-      imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.executor.image.pullPolicy }}
-      {{- with .Values.executor.resources }}
-      resources: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.executor.args }}
-      args: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.executor.env }}
-      env: {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.executor.securityContext }}
-      securityContext: {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- end }}
-    {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }}
-    artifactRepository:
-      {{- if .Values.artifactRepository.archiveLogs }}
-      archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
-      {{- end }}
-      {{- with .Values.artifactRepository.gcs }}
-      gcs: {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      {{- with .Values.artifactRepository.azure }}
-      azure: {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      {{- if .Values.artifactRepository.s3 }}
-      s3:
-        {{- if .Values.useStaticCredentials }}
-        accessKeySecret:
-          key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }}
-          name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }}
-        secretKeySecret:
-          key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }}
-          name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }}
-        {{- end }}
-        bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
-        endpoint: workflow-archivelog-s3.user-system-{{ .Values.global.bfl.username }}:4568
-        insecure: {{ .Values.artifactRepository.s3.insecure }}
-        {{- if .Values.artifactRepository.s3.keyFormat }}
-        keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}
-        {{- end }}
-        {{- if .Values.artifactRepository.s3.region }}
-        region: {{ tpl .Values.artifactRepository.s3.region $ }}
-        {{- end }}
-        {{- if .Values.artifactRepository.s3.roleARN }}
-        roleARN: {{ .Values.artifactRepository.s3.roleARN }}
-        {{- end }}
-        {{- if .Values.artifactRepository.s3.useSDKCreds }}
-        useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }}
-        {{- end }}
-        {{- with .Values.artifactRepository.s3.encryptionOptions }}
-        encryptionOptions:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-      {{- end }}
-      {{- if .Values.customArtifactRepository }}
-      {{- toYaml .Values.customArtifactRepository | nindent 6 }}
-      {{- end }}
-    {{- end }}
-    {{- if .Values.controller.metricsConfig.enabled }}
-    metricsConfig:
-      enabled: {{ .Values.controller.metricsConfig.enabled }}
-      path: {{ .Values.controller.metricsConfig.path }}
-      port: {{ .Values.controller.metricsConfig.port }}
-      {{- if .Values.controller.metricsConfig.metricsTTL }}
-      metricsTTL: {{ .Values.controller.metricsConfig.metricsTTL }}
-      {{- end }}
-      ignoreErrors: {{ .Values.controller.metricsConfig.ignoreErrors }}
-      secure: {{ .Values.controller.metricsConfig.secure }}
-    {{- end }}
-    {{- if .Values.controller.telemetryConfig.enabled }}
-    telemetryConfig:
-      enabled: {{ .Values.controller.telemetryConfig.enabled }}
-      path: {{ .Values.controller.telemetryConfig.path }}
-      port: {{ .Values.controller.telemetryConfig.port }}
-      {{- if .Values.controller.telemetryConfig.metricsTTL }}
-      metricsTTL: {{ .Values.controller.telemetryConfig.metricsTTL }}
-      {{- end }}
-      ignoreErrors: {{ .Values.controller.telemetryConfig.ignoreErrors }}
-      secure: {{ .Values.controller.telemetryConfig.secure }}
-    {{- end }}
-    persistence:
-      connectionPool:
-        maxIdleConns: 5
-        maxOpenConns: 0
-      archive: true
-      archiveTTL: 5d
-      postgresql:
-        host: citus-master-svc.user-system-{{ .Values.global.bfl.username }}
-        port: 5432
-        database: user_space_{{ .Values.global.bfl.username }}_argo
-        tableName: argo_workflows
-        userNameSecret:
-          name: rss-secrets
-          key: pg_user
-        passwordSecret:
-          name: rss-secrets
-          key: pg_password
-
-    {{- if .Values.controller.workflowDefaults }}
-    workflowDefaults:
-{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }}
-    {{- if .Values.server.sso.enabled }}
-    sso:
-      issuer: {{ .Values.server.sso.issuer }}
-      clientId:
-        name: {{ .Values.server.sso.clientId.name }}
-        key: {{ .Values.server.sso.clientId.key }}
-      clientSecret:
-        name: {{ .Values.server.sso.clientSecret.name }}
-        key: {{ .Values.server.sso.clientSecret.key }}
-      redirectUrl: {{ .Values.server.sso.redirectUrl }}
-      rbac:
-        enabled: {{ .Values.server.sso.rbac.enabled }}
-      {{- with .Values.server.sso.scopes }}
-      scopes: {{ toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.sso.issuerAlias }}
-      issuerAlias: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.sessionExpiry }}
-      sessionExpiry: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.customGroupClaimName }}
-      customGroupClaimName: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.userInfoPath }}
-      userInfoPath: {{ toYaml . }}
-      {{- end }}
-      {{- with .Values.server.sso.insecureSkipVerify }}
-      insecureSkipVerify: {{ toYaml . }}
-      {{- end }}
-    {{- end }}
-    {{- with .Values.controller.workflowRestrictions }}
-    workflowRestrictions: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.links }}
-    links: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.columns }}
-    columns: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.navColor }}
-    navColor: {{ . }}
-    {{- end }}
-    {{- with .Values.controller.retentionPolicy }}
-    retentionPolicy: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.emissary.images }}
-    images: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    nodeEvents:
-      enabled: {{ .Values.controller.nodeEvents.enabled }}
-    {{- with .Values.controller.kubeConfig }}
-    kubeConfig: {{- toYaml . | nindent 6 }}
-    {{- end }}
-    {{- with .Values.controller.podGCGracePeriodSeconds }}
-    podGCGracePeriodSeconds: {{ . }}
-    {{- end }}
-    {{- with .Values.controller.podGCDeleteDelayDuration }}
-    podGCDeleteDelayDuration: {{ . }}
-    {{- end }}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-crb.yaml

@@ -1,45 +0,0 @@
-{{- if .Values.controller.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if .Values.singleNamespace }}
-kind: RoleBinding
-{{ else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.controller.fullname" . }}
-  {{- if .Values.singleNamespace }}
-  namespace: {{ .Release.Namespace | quote }}
-  {{- end }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if .Values.singleNamespace }}
-  kind: Role
-  {{ else }}
-  kind: ClusterRole
-  {{- end }}
-  name: {{ template "argo-workflows.controller.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
-
-{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.controller.fullname" . }}-cluster-template
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
-{{- end }}
-{{- end }}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-deployment.yaml

@@ -1,129 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "argo-workflows.controller.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
-  {{- with .Values.controller.deploymentAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  replicas: {{ .Values.controller.replicas }}
-  selector:
-    matchLabels:
-      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
-        {{- with.Values.controller.podLabels }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.controller.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    spec:
-      serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }}
-      {{- with .Values.controller.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.extraInitContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: controller
-          image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}"
-          imagePullPolicy: {{ .Values.images.pullPolicy }}
-          command: [ "workflow-controller" ]
-          args:
-          - "--configmap"
-          - "{{ template "argo-workflows.controller.fullname" . }}-configmap"
-          - "--executor-image"
-          - "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}"
-          - "--loglevel"
-          - "{{ .Values.controller.logging.level }}"
-          - "--gloglevel"
-          - "{{ .Values.controller.logging.globallevel }}"
-          - "--log-format"
-          - "{{ .Values.controller.logging.format }}"
-          {{- if .Values.singleNamespace }}
-          - "--namespaced"
-          {{- end }}
-          {{- with .Values.controller.workflowWorkers }}
-          - "--workflow-workers"
-          - {{ . | quote }}
-          {{- end }}
-          {{- with .Values.controller.extraArgs }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          securityContext:
-            {{- toYaml .Values.controller.securityContext | nindent 12 }}
-          env:
-            - name: ARGO_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: LEADER_ELECTION_IDENTITY
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.name
-          {{- with .Values.controller.extraEnv }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.controller.resources | nindent 12 }}
-          {{- with .Values.controller.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          ports:
-            - name: {{ .Values.controller.metricsConfig.portName }}
-              containerPort: {{ .Values.controller.metricsConfig.port }}
-            - containerPort: 6060
-          livenessProbe: {{ .Values.controller.livenessProbe | toYaml | nindent 12 }}
-        {{- with .Values.controller.extraContainers }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.images.pullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.volumes }}
-      volumes:
-        {{- toYaml . | nindent 6 }}
-      {{- end }}
-      {{- with .Values.controller.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-      - {{ toYaml $constraint | nindent 8 | trim }}
-        {{- if not $constraint.labelSelector }}
-        labelSelector:
-          matchLabels:
-            {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
-        {{- end }}
-        {{- end }}
-      {{- end }}
-      {{- with .Values.controller.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-controller-sa.yaml

@@ -1,16 +0,0 @@
-{{- if .Values.controller.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-  {{- with .Values.controller.serviceAccount.labels  }}
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{ with .Values.controller.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml .| nindent 4 }}
-  {{- end }}
-{{- end }}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/controller/workflow-rb.yaml

@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "argo-workflows.fullname" $ }}-workflow
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
-  namespace: {{ $.Release.Namespace}}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "argo-workflows.fullname" $ }}-workflow
-subjects:
-  - kind: ServiceAccount
-    name: {{ $.Values.workflow.serviceAccount.name }}
-    namespace: {{ $.Release.Namespace}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/extra-manifests.yaml

@@ -1,8 +0,0 @@
-{{ range .Values.extraObjects }}
----
-{{- if typeIs "string" . }}
-    {{- tpl . $ }}
-{{- else }}
-    {{- tpl (toYaml .) $ }}
-{{- end }}
-{{ end }}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-crb.yaml

@@ -1,45 +0,0 @@
-{{- if and .Values.server.enabled .Values.server.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if .Values.singleNamespace }}
-kind: RoleBinding
-{{ else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.server.fullname" . }}
-  {{- if .Values.singleNamespace }}
-  namespace: {{ .Release.Namespace | quote }}
-  {{- end }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if .Values.singleNamespace }}
-  kind: Role
-  {{ else }}
-  kind: ClusterRole
-  {{- end }}
-  name: {{ template "argo-workflows.server.fullname" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-
-{{- if .Values.server.clusterWorkflowTemplates.enabled }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:{{ template "argo-workflows.server.fullname" . }}-cluster-template
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
-subjects:
-- kind: ServiceAccount
-  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-{{- end -}}
-{{- end -}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-deployment.yaml

@@ -1,142 +0,0 @@
-{{- if .Values.server.enabled -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app: argoworkflows
-    app.kubernetes.io/managed-by: Helm
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
-  {{- with .Values.server.deploymentAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-    applications.app.bytetrade.io/icon: https://argoproj.github.io/argo-workflows/assets/logo.png
-    applications.app.bytetrade.io/title: argoworkflows
-    applications.app.bytetrade.io/version: '0.35.0'
-  {{- end }}
-spec:
-  {{- if not .Values.server.autoscaling.enabled }}
-  replicas: {{ .Values.server.replicas }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
-      app: argoworkflows
-  template:
-    metadata:
-      labels:
-        app: argoworkflows
-        {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
-        app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
-        {{- with .Values.server.podLabels }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.server.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    spec:
-      serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }}
-      {{- with .Values.server.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.extraInitContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: argo-server
-          image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.server.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}"
-          imagePullPolicy: {{ .Values.images.pullPolicy }}
-          securityContext:
-            {{- toYaml .Values.server.securityContext | nindent 12 }}
-          args:
-            - server
-            - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap
-          {{- with .Values.server.extraArgs }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- if .Values.server.authMode }}
-            - "--auth-mode={{ .Values.server.authMode }}"
-          {{- end }}
-            - "--secure={{ .Values.server.secure }}"
-            - "--x-frame-options="
-          {{- if .Values.singleNamespace }}
-            - "--namespaced"
-          {{- end }}
-            - "--loglevel"
-            - "{{ .Values.server.logging.level }}"
-            - "--gloglevel"
-            - "{{ .Values.server.logging.globallevel }}"
-            - "--log-format"
-            - "{{ .Values.server.logging.format }}"
-          ports:
-            - name: web
-              containerPort: 2746
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 2746
-              {{- if .Values.server.secure }}
-              scheme: HTTPS
-              {{- else }}
-              scheme: HTTP
-              {{- end }}
-            initialDelaySeconds: 10
-            periodSeconds: 20
-          env:
-            - name: IN_CLUSTER
-              value: "true"
-            - name: ARGO_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: BASE_HREF
-              value: {{ .Values.server.baseHref | quote }}
-          {{- with .Values.server.extraEnv }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.server.resources | nindent 12 }}
-          volumeMounts:
-            - name: tmp
-              mountPath: /tmp
-        
-      volumes:
-        - name: tmp
-          emptyDir: {}
-      {{- with .Values.server.volumes }}
-        {{- toYaml . | nindent 6}}
-      {{- end }}
-      {{- with .Values.server.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.server.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-        - {{ toYaml $constraint | nindent 8 | trim }}
-        {{- if not $constraint.labelSelector }}
-          labelSelector:
-            matchLabels:
-            {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }}
-        {{- end }}
-        {{- end }}
-      {{- end }}
-      {{- with .Values.server.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}
-
-{{- end -}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-sa.yaml

@@ -1,16 +0,0 @@
-{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-  {{- with .Values.server.serviceAccount.labels  }}
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{- with .Values.server.serviceAccount.annotations  }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end -}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/templates/server/server-service.yaml

@@ -1,36 +0,0 @@
-{{- if .Values.server.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "argo-workflows.server.fullname" . }}-svc
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
-  {{- with .Values.server.serviceAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  ports:
-  - port: {{ .Values.server.servicePort }}
-    {{- with .Values.server.servicePortName }}
-    name: {{ . }}
-    {{- end }}
-    targetPort: 2746
-    {{- if and (eq .Values.server.serviceType "NodePort") .Values.server.serviceNodePort }}
-    nodePort: {{ .Values.server.serviceNodePort }}
-    {{- end }}
-  selector:
-    app: {{ template "argo-workflows.server.fullname" . }}
-    {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
-  sessionAffinity: None
-  type: {{ .Values.server.serviceType }}
-  {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }}
-  {{- end }}
-  {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-    {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }}
-  {{- end }}
-{{- end -}}

apps/argo/config/user/helm-charts/argo/charts/argoworkflows/values.yaml

@@ -1,840 +0,0 @@
-images:
-  # -- Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`.
-  tag: ""
-  # -- imagePullPolicy to apply to all containers
-  pullPolicy: IfNotPresent
-  # -- Secrets with credentials to pull images from a private registry
-  pullSecrets: []
-  # - name: argo-pull-secret
-
-## Custom resource configuration
-crds:
-  # -- Install and upgrade CRDs
-  install: true
-  # -- Keep CRDs on chart uninstall
-  keep: true
-  # -- Annotations to be added to all CRDs
-  annotations: {}
-
-# -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds
-## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-createAggregateRoles: true
-
-# -- String to partially override "argo-workflows.fullname" template
-nameOverride:
-
-# -- String to fully override "argo-workflows.fullname" template
-fullnameOverride:
-
-# -- Override the Kubernetes version, which is used to evaluate certain manifests
-kubeVersionOverride: ""
-
-# Override APIVersions
-apiVersionOverrides:
-  # -- String to override apiVersion of autoscaling rendered by this helm chart
-  autoscaling: "" # autoscaling/v2
-  # -- String to override apiVersion of GKE resources rendered by this helm chart
-  cloudgoogle: "" # cloud.google.com/v1
-
-# -- Restrict Argo to operate only in a single namespace (the namespace of the
-# Helm release) by apply Roles and RoleBindings instead of the Cluster
-# equivalents, and start workflow-controller with the --namespaced flag. Use it
-# in clusters with strict access policy.
-singleNamespace: false
-
-workflow:
-  # -- Deprecated; use controller.workflowNamespaces instead.
-  namespace:
-  serviceAccount:
-    # -- Specifies whether a service account should be created
-    create: false
-    # -- Labels applied to created service account
-    labels: {}
-    # -- Annotations applied to created service account
-    annotations: {}
-    # -- Service account which is used to run workflows
-    name: "argo-workflow"
-    # -- Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets`
-    pullSecrets: []
-  rbac:
-    # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows.
-    # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below)
-    create: true
-
-controller:
-  image:
-    # -- Registry to use for the controller
-    registry: quay.io
-    # -- Registry to use for the controller
-    repository: argoproj/workflow-controller
-    # -- Image tag for the workflow controller. Defaults to `.Values.images.tag`.
-    tag: ""
-  # -- parallelism dictates how many workflows can be running at the same time
-  parallelism:
-  # -- Globally limits the rate at which pods are created.
-  # This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of
-  # parallel nodes.
-  resourceRateLimit: {}
-    # limit: 10
-  # burst: 1
-
-  rbac:
-    # -- Adds Role and RoleBinding for the controller.
-    create: true
-    # -- Allows controller to get, list, and watch certain k8s secrets
-    secretWhitelist: []
-    # -- Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty.
-    accessAllSecrets: false
-    # -- Allows controller to create and update ConfigMaps. Enables memoization feature
-    writeConfigMaps: false
-
-  # -- Limits the maximum number of incomplete workflows in a namespace
-  namespaceParallelism:
-  # -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224
-  initialDelay:
-  # -- deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment
-  deploymentAnnotations: {}
-  # -- podAnnotations is an optional map of annotations to be applied to the controller Pods
-  podAnnotations: {}
-  # -- Optional labels to add to the controller pods
-  podLabels: {}
-  # -- SecurityContext to set on the controller pods
-  podSecurityContext: {}
-  # podPortName: http
-  metricsConfig:
-    # -- Enables prometheus metrics server
-    enabled: false
-    # -- Path is the path where metrics are emitted. Must start with a "/".
-    path: /metrics
-    # -- Port is the port where metrics are emitted
-    port: 9090
-    # -- How often custom metrics are cleared from memory
-    metricsTTL: ""
-    # -- Flag that instructs prometheus to ignore metric emission errors.
-    ignoreErrors: false
-    # --  Flag that use a self-signed cert for TLS
-    secure: false
-    # -- Container metrics port name
-    portName: metrics
-    # -- Service metrics port
-    servicePort: 8090
-    # -- Service metrics port name
-    servicePortName: metrics
-    # -- ServiceMonitor relabel configs to apply to samples before scraping
-    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
-    relabelings: []
-    # -- ServiceMonitor metric relabel configs to apply to samples before ingestion
-    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
-    metricRelabelings: []
-    # -- ServiceMonitor will add labels from the service to the Prometheus metric
-    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec
-    targetLabels: []
-  # -- the controller container's securityContext
-  securityContext:
-    readOnlyRootFilesystem: true
-    runAsNonRoot: true
-    allowPrivilegeEscalation: false
-    capabilities:
-      drop:
-        - ALL
-  # -- enable persistence using postgres
-  persistence: {}
-  # connectionPool:
-  #   maxIdleConns: 100
-  #   maxOpenConns: 0
-  # # save the entire workflow into etcd and DB
-  # nodeStatusOffLoad: false
-  # # enable archiving of old workflows
-  # archive: false
-  # postgresql:
-  #   host: localhost
-  #   port: 5432
-  #   database: postgres
-  #   tableName: argo_workflows
-  #   # the database secrets must be in the same namespace of the controller
-  #   userNameSecret:
-  #     name: argo-postgres-config
-  #     key: username
-  #   passwordSecret:
-  #     name: argo-postgres-config
-  #     key: password
-
-  # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level.
-  # Only valid for 2.7+
-  ## See more: https://argoproj.github.io/argo-workflows/default-workflow-specs/
-  workflowDefaults: {}
-  #   spec:
-  #     ttlStrategy:
-  #       secondsAfterCompletion: 84600
-  #     # Ref: https://argoproj.github.io/argo-workflows/artifact-repository-ref/
-  #     artifactRepositoryRef:
-  #       configMap: my-artifact-repository # default is "artifact-repositories"
-  #       key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map.
-
-  # -- Number of workflow workers
-  workflowWorkers: # 32
-  # -- Restricts the Workflows that the controller will process.
-  # Only valid for 2.9+
-  workflowRestrictions: {}
-  # templateReferencing: Strict|Secure
-
-  # telemetryConfig controls the path and port for prometheus telemetry. Telemetry is enabled and emitted in the same endpoint
-  # as metrics by default, but can be overridden using this config.
-  telemetryConfig:
-    # -- Enables prometheus telemetry server
-    enabled: false
-    # -- telemetry path
-    path: /telemetry
-    # -- telemetry container port
-    port: 8081
-    # -- How often custom metrics are cleared from memory
-    metricsTTL: ""
-    # -- Flag that instructs prometheus to ignore metric emission errors.
-    ignoreErrors: false
-    # --  Flag that use a self-signed cert for TLS
-    secure: false
-    # -- telemetry service port
-    servicePort: 8081
-    # -- telemetry service port name
-    servicePortName: telemetry
-  serviceMonitor:
-    # -- Enable a prometheus ServiceMonitor
-    enabled: false
-    # -- Prometheus ServiceMonitor labels
-    additionalLabels: {}
-    # -- Prometheus ServiceMonitor namespace
-    namespace: "" # "monitoring"
-  serviceAccount:
-    # -- Create a service account for the controller
-    create: true
-    # -- Service account name
-    name: ""
-    # -- Labels applied to created service account
-    labels: {}
-    # -- Annotations applied to created service account
-    annotations: {}
-
-  # -- Workflow controller name string
-  name: workflow-controller
-
-  # -- Specify all namespaces where this workflow controller instance will manage
-  # workflows. This controls where the service account and RBAC resources will
-  # be created. Only valid when singleNamespace is false.
-  workflowNamespaces:
-    - default
-
-  instanceID:
-    # -- Configures the controller to filter workflow submissions
-    # to only those which have a matching instanceID attribute.
-    ## NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName`
-    ## or `instanceID.explicitID` must be defined.
-    enabled: true
-    # -- Use ReleaseName as instanceID
-    useReleaseName: true
-    # useReleaseName: true
-
-    # -- Use a custom instanceID
-    explicitID: ""
-    # explicitID: unique-argo-controller-identifier
-
-  logging:
-    # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
-    level: info
-    # -- Set the glog logging level
-    globallevel: "0"
-    # -- Set the logging format (one of: `text`, `json`)
-    format: "text"
-
-  # -- Service type of the controller Service
-  serviceType: ClusterIP
-  # -- Annotations to be applied to the controller Service
-  serviceAnnotations: {}
-  # -- Optional labels to add to the controller Service
-  serviceLabels: {}
-  # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
-  loadBalancerSourceRanges: []
-
-  # -- Resource limits and requests for the controller
-  resources: {}
-
-  # -- Configure liveness [probe] for the controller
-  # @default -- See [values.yaml]
-  livenessProbe:
-    httpGet:
-      port: 6060
-      path: /healthz
-    failureThreshold: 3
-    initialDelaySeconds: 90
-    periodSeconds: 60
-    timeoutSeconds: 30
-
-  # -- Extra environment variables to provide to the controller container
-  extraEnv: []
-    # - name: FOO
-  #   value: "bar"
-
-  # -- Extra arguments to be added to the controller
-  extraArgs: []
-  # -- Additional volume mounts to the controller main container
-  volumeMounts: []
-  # -- Additional volumes to the controller pod
-  volumes: []
-  # -- The number of controller pods to run
-  replicas: 1
-
-  pdb:
-    # -- Configure [Pod Disruption Budget] for the controller pods
-    enabled: false
-    # minAvailable: 1
-    # maxUnavailable: 1
-
-  # -- [Node selector]
-  nodeSelector:
-    kubernetes.io/os: linux
-  # -- [Tolerations] for use with node taints
-  tolerations: []
-  # -- Assign custom [affinity] rules
-  affinity: {}
-
-  # -- Assign custom [TopologySpreadConstraints] rules to the workflow controller
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
-  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
-  topologySpreadConstraints: []
-  # - maxSkew: 1
-  #   topologyKey: topology.kubernetes.io/zone
-  #   whenUnsatisfiable: DoNotSchedule
-
-  # -- Leverage a PriorityClass to ensure your pods survive resource shortages.
-  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
-  priorityClassName: ""
-
-  # -- Configure Argo Server to show custom [links]
-  ## Ref: https://argoproj.github.io/argo-workflows/links/
-  links: []
-  # -- Configure Argo Server to show custom [columns]
-  ## Ref: https://github.com/argoproj/argo-workflows/pull/10693
-  columns: []
-  # -- Set ui navigation bar background color
-  navColor: ""
-  clusterWorkflowTemplates:
-    # -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates.
-    enabled: true
-  # -- Extra containers to be added to the controller deployment
-  extraContainers: []
-
-  # -- Enables init containers to be added to the controller deployment
-  extraInitContainers: []
-
-  # -- Workflow retention by number of workflows
-  retentionPolicy: {}
-  #  completed: 10
-  #  failed: 3
-  #  errored: 3
-
-  nodeEvents:
-    # -- Enable to emit events on node completion.
-    ## This can take up a lot of space in k8s (typically etcd) resulting in errors when trying to create new events:
-    ## "Unable to create audit event: etcdserver: mvcc: database space exceeded"
-    enabled: true
-
-  # -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads,
-  # or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret.
-  # @default -- `{}` (See [values.yaml])
-  kubeConfig: {}
-    # # name of the kubeconfig secret, may not be empty when kubeConfig specified
-    # secretName: kubeconfig-secret
-    # # key of the kubeconfig secret, may not be empty when kubeConfig specified
-    # secretKey: kubeconfig
-    # # mounting path of the kubeconfig secret, default to /kube/config
-    # mountPath: /kubeconfig/mount/path
-    # # volume name when mounting the secret, default to kubeconfig
-  # volumeName: kube-config-volume
-
-  # -- Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately.
-  # @default -- `30` seconds (Kubernetes default)
-  podGCGracePeriodSeconds:
-
-  # -- The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately.
-  # @default -- `5s` (Argo Workflows default)
-  podGCDeleteDelayDuration: ""
-
-# mainContainer adds default config for main container that could be overriden in workflows template
-mainContainer:
-  # -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`.
-  imagePullPolicy: ""
-  # -- Resource limits and requests for the Workflow main container
-  resources: {}
-  # -- Adds environment variables for the Workflow main container
-  env: []
-  # -- Adds reference environment variables for the Workflow main container
-  envFrom: []
-  # -- sets security context for the Workflow main container
-  securityContext: {}
-
-# executor controls how the init and wait container should be customized
-executor:
-  image:
-    # -- Registry to use for the Workflow Executors
-    registry: quay.io
-    # -- Repository to use for the Workflow Executors
-    repository: argoproj/argoexec
-    # -- Image tag for the workflow executor. Defaults to `.Values.images.tag`.
-    tag: ""
-    # -- Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`.
-    pullPolicy: ""
-  # -- Resource limits and requests for the Workflow Executors
-  resources: {}
-  # -- Passes arguments to the executor processes
-  args: []
-  # -- Adds environment variables for the executor.
-  env: []
-  # -- sets security context for the executor container
-  securityContext: {}
-
-server:
-  # -- Deploy the Argo Server
-  enabled: true
-  # -- Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /.
-  ## only updates base url of resources on client side,
-  ## it's expected that a proxy server rewrites the request URL and gets rid of this prefix
-  ## https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190
-  baseHref: /
-  image:
-    # -- Registry to use for the server
-    registry: quay.io
-    # -- Repository to use for the server
-    repository: argoproj/argocli
-    # -- Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`.
-    tag: ""
-  # -- optional map of annotations to be applied to the ui Deployment
-  deploymentAnnotations: {}
-  # -- optional map of annotations to be applied to the ui Pods
-  podAnnotations: {}
-  # -- Optional labels to add to the UI pods
-  podLabels: {}
-  # -- SecurityContext to set on the server pods
-  podSecurityContext: {}
-  rbac:
-    # -- Adds Role and RoleBinding for the server.
-    create: true
-  # -- Servers container-level security context
-  securityContext:
-    readOnlyRootFilesystem: false
-    runAsNonRoot: true
-    allowPrivilegeEscalation: false
-    capabilities:
-      drop:
-        - ALL
-  # -- Server name string
-  name: server
-  # -- Service type for server pods
-  serviceType: ClusterIP
-  # -- Service port for server
-  servicePort: 2746
-  # -- Service node port
-  serviceNodePort: # 32746
-  # -- Service port name
-  servicePortName: "http" # http
-
-  serviceAccount:
-    # -- Create a service account for the server
-    create: true
-    # -- Service account name
-    name: ""
-    # -- Labels applied to created service account
-    labels: {}
-    # -- Annotations applied to created service account
-    annotations: {}
-
-  # -- Annotations to be applied to the UI Service
-  serviceAnnotations: {}
-  # -- Optional labels to add to the UI Service
-  serviceLabels: {}
-  # -- Static IP address to assign to loadBalancer service type `LoadBalancer`
-  loadBalancerIP: ""
-  # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
-  loadBalancerSourceRanges: []
-  # -- Resource limits and requests for the server
-  resources: {}
-  # -- The number of server pods to run
-  replicas: 1
-  ## Argo Server Horizontal Pod Autoscaler
-  autoscaling:
-    # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server
-    enabled: false
-    # -- Minimum number of replicas for the Argo Server [HPA]
-    minReplicas: 1
-    # -- Maximum number of replicas for the Argo Server [HPA]
-    maxReplicas: 5
-    # -- Average CPU utilization percentage for the Argo Server [HPA]
-    targetCPUUtilizationPercentage: 50
-    # -- Average memory utilization percentage for the Argo Server [HPA]
-    targetMemoryUtilizationPercentage: 50
-    # -- Configures the scaling behavior of the target in both Up and Down directions.
-    # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer
-    behavior: {}
-      # scaleDown:
-      #  stabilizationWindowSeconds: 300
-      #  policies:
-      #   - type: Pods
-      #     value: 1
-      #     periodSeconds: 180
-      # scaleUp:
-      #   stabilizationWindowSeconds: 300
-      #   policies:
-      #   - type: Pods
-    #     value: 2
-  pdb:
-    # -- Configure [Pod Disruption Budget] for the server pods
-    enabled: false
-    # minAvailable: 1
-    # maxUnavailable: 1
-
-  # -- [Node selector]
-  nodeSelector:
-    kubernetes.io/os: linux
-
-  # -- [Tolerations] for use with node taints
-  tolerations: []
-
-  # -- Assign custom [affinity] rules
-  affinity: {}
-
-  # -- Assign custom [TopologySpreadConstraints] rules to the argo server
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
-  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
-  topologySpreadConstraints: []
-  # - maxSkew: 1
-  #   topologyKey: topology.kubernetes.io/zone
-  #   whenUnsatisfiable: DoNotSchedule
-
-  # -- Leverage a PriorityClass to ensure your pods survive resource shortages
-  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
-  priorityClassName: ""
-
-  # -- Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs.
-  ## See the following documentation for more details on secure mode:
-  ## https://argoproj.github.io/argo-workflows/tls/
-  secure: false
-
-  # -- Extra environment variables to provide to the argo-server container
-  extraEnv: []
-    # - name: FOO
-  #   value: "bar"
-
-  # -- Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well.
-  ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/
-  authMode: "server"
-
-  # -- Extra arguments to provide to the Argo server binary.
-  ## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options
-  extraArgs: []
-
-  logging:
-    # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
-    level: info
-    # -- Set the glog logging level
-    globallevel: "0"
-    # -- Set the logging format (one of: `text`, `json`)
-    format: "text"
-
-  # -- Additional volume mounts to the server main container.
-  volumeMounts: []
-  # -- Additional volumes to the server pod.
-  volumes: []
-
-  ## Ingress configuration.
-  # ref: https://kubernetes.io/docs/user-guide/ingress/
-  ingress:
-    # -- Enable an ingress resource
-    enabled: false
-    # -- Additional ingress annotations
-    annotations: {}
-    # -- Additional ingress labels
-    labels: {}
-    # -- Defines which ingress controller will implement the resource
-    ingressClassName: ""
-
-    # -- List of ingress hosts
-    ## Hostnames must be provided if Ingress is enabled.
-    ## Secrets must be manually created in the namespace
-    hosts: []
-    # - argoworkflows.example.com
-
-    # -- List of ingress paths
-    paths:
-      - /
-
-    # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
-    pathType: Prefix
-    # -- Additional ingress paths
-    extraPaths: []
-      # - path: /*
-      #   backend:
-      #     serviceName: ssl-redirect
-      #     servicePort: use-annotation
-      ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used)
-      # - path: /*
-      #   pathType: Prefix
-      #   backend:
-      #     service
-      #       name: ssl-redirect
-      #       port:
-    #         name: use-annotation
-
-    # -- Ingress TLS configuration
-    tls: []
-      # - secretName: argoworkflows-example-tls
-      #   hosts:
-    #     - argoworkflows.example.com
-
-  ## Create a Google Backendconfig  for use with the GKE Ingress Controller
-  ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
-  GKEbackendConfig:
-    # -- Enable BackendConfig custom resource for Google Kubernetes Engine
-    enabled: false
-    # -- [BackendConfigSpec]
-    spec: {}
-  #  spec:
-  #    iap:
-  #      enabled: true
-  #      oauthclientCredentials:
-  #        secretName: argoworkflows-secret
-
-  ## Create a Google Managed Certificate for use with the GKE Ingress Controller
-  ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
-  GKEmanagedCertificate:
-    # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine.
-    enabled: false
-    # -- Domains for the Google Managed Certificate
-    domains:
-      - argoworkflows.example.com
-
-  ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller
-  ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
-  GKEfrontendConfig:
-    # -- Enable FrontConfig custom resource for Google Kubernetes Engine
-    enabled: false
-    # -- [FrontendConfigSpec]
-    spec: {}
-  # spec:
-  #   redirectToHttps:
-  #     enabled: true
-  #     responseCodeName: RESPONSE_CODE
-
-  clusterWorkflowTemplates:
-    # -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates.
-    enabled: true
-    # -- Give the server permissions to edit ClusterWorkflowTemplates.
-    enableEditing: true
-
-  # SSO configuration when SSO is specified as a server auth mode.
-  sso:
-    # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`.
-    enabled: false
-    # -- The root URL of the OIDC identity provider
-    issuer: https://accounts.google.com
-    clientId:
-      # -- Name of secret to retrieve the app OIDC client ID
-      name: argo-server-sso
-      # -- Key of secret to retrieve the app OIDC client ID
-      key: client-id
-    clientSecret:
-      # -- Name of a secret to retrieve the app OIDC client secret
-      name: argo-server-sso
-      # -- Key of a secret to retrieve the app OIDC client secret
-      key: client-secret
-    # - The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
-    redirectUrl: https://argo/oauth2/callback
-    rbac:
-      # -- Adds ServiceAccount Policy to server (Cluster)Role.
-      enabled: true
-      # -- Whitelist to allow server to fetch Secrets
-      ## When present, restricts secrets the server can read to a given list.
-      ## You can use it to restrict the server to only be able to access the
-      ## service account token secrets that are associated with service accounts
-      ## used for authorization.
-      secretWhitelist: []
-    # -- Scopes requested from the SSO ID provider
-    ## The 'groups' scope requests group membership information, which is usually used for authorization decisions.
-    scopes: []
-    # - groups
-    # -- Define how long your login is valid for (in hours)
-    ## If omitted, defaults to 10h.
-    sessionExpiry: ""
-    # -- Alternate root URLs that can be included for some OIDC providers
-    issuerAlias: ""
-    # -- Override claim name for OIDC groups
-    customGroupClaimName: ""
-    # -- Specify the user info endpoint that contains the groups claim
-    ## Configure this if your OIDC provider provides groups information only using the user-info endpoint (e.g. Okta)
-    userInfoPath: ""
-    # -- Skip TLS verification for the HTTP client
-    insecureSkipVerify: false
-
-  # -- Extra containers to be added to the server deployment
-  extraContainers: []
-
-  # -- Enables init containers to be added to the server deployment
-  extraInitContainers: []
-
-# -- Array of extra K8s manifests to deploy
-extraObjects: []
-  # - apiVersion: secrets-store.csi.x-k8s.io/v1
-  #   kind: SecretProviderClass
-  #   metadata:
-  #     name: argo-server-sso
-  #   spec:
-  #     provider: aws
-  #     parameters:
-  #       objects: |
-  #         - objectName: "argo/server/sso"
-  #           objectType: "secretsmanager"
-  #           jmesPath:
-  #               - path: "client_id"
-  #                 objectAlias: "client_id"
-  #               - path: "client_secret"
-  #                 objectAlias: "client_secret"
-  #     secretObjects:
-  #     - data:
-  #       - key: client_id
-  #         objectName: client_id
-  #       - key: client_secret
-  #         objectName: client_secret
-  #       secretName: argo-server-sso-secrets-store
-#       type: Opaque
-
-# -- Use static credentials for S3 (eg. when not using AWS IRSA)
-useStaticCredentials: true
-artifactRepository:
-  # -- Archive the main container logs as an artifact
-  archiveLogs: true
-  # -- Store artifact in a S3-compliant object store
-  # @default -- See [values.yaml]
-  s3: 
-    # # Note the `key` attribute is not the actual secret, it's the PATH to
-    # # the contents in the associated secret, as defined by the `name` attribute.
-    accessKeySecret:
-      name: argo-workflow-log-fakes3
-      key: AWS_ACCESS_KEY_ID
-    secretKeySecret:
-      name: argo-workflow-log-fakes3
-      key: AWS_SECRET_ACCESS_KEY
-    # # insecure will disable TLS. Primarily used for minio installs not configured with TLS
-    insecure: true
-    keyFormat: "{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}"
-    bucket: mongo-backup
-    # endpoint: workflow-archivelog-s3:4568
-    # region:
-    # roleARN:
-    # useSDKCreds: true
-    # encryptionOptions:
-  #    enableEncryption: true
-  # -- Store artifact in a GCS object store
-  # @default -- `{}` (See [values.yaml])
-  gcs: {}
-  # bucket: <project>-argo
-  # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}"
-  # serviceAccountKeySecret is a secret selector.
-  # It references the k8s secret named 'my-gcs-credentials'.
-  # This secret is expected to have have the key 'serviceAccountKey',
-  # containing the base64 encoded credentials
-  # to the bucket.
-  #
-  # If it's running on GKE and Workload Identity is used,
-  # serviceAccountKeySecret is not needed.
-  # serviceAccountKeySecret:
-  # name: my-gcs-credentials
-  # key: serviceAccountKey
-  # -- Store artifact in Azure Blob Storage
-  # @default -- `{}` (See [values.yaml])
-  azure: {}
-  # endpoint: https://mystorageaccountname.blob.core.windows.net
-  # container: my-container-name
-  # blobNameFormat: path/in/container
-  ## accountKeySecret is a secret selector.
-  ## It references the k8s secret named 'my-azure-storage-credentials'.
-  ## This secret is expected to have have the key 'account-access-key',
-  ## containing the base64 encoded credentials to the storage account.
-  ## If a managed identity has been assigned to the machines running the
-  ## workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity)
-  ## then accountKeySecret is not needed, and useSDKCreds should be
-  ## set to true instead:
-  # useSDKCreds: true
-  # accountKeySecret:
-  #  name: my-azure-storage-credentials
-  #  key: account-access-key
-
-# -- The section of custom artifact repository.
-# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure)
-customArtifactRepository: {}
-# artifactory:
-#   repoUrl: https://artifactory.example.com/raw
-#   usernameSecret:
-#     name: artifactory-creds
-#     key: username
-#   passwordSecret:
-#     name: artifactory-creds
-#     key: password
-
-# -- The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/).
-# Each map key is the name of configmap
-# @default -- `{}` (See [values.yaml])
-artifactRepositoryRef: {}
-  # # -- 1st ConfigMap
-  # # If you want to use this config map by default, name it "artifact-repositories".
-  # # Otherwise, you can provide a reference to a
-  # # different config map in `artifactRepositoryRef.configMap`.
-  # artifact-repositories:
-  #   # -- v3.0 and after - if you want to use a specific key, put that key into this annotation.
-  #   annotations:
-  #     workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository
-  #   # 1st data of configmap. See above artifactRepository or customArtifactRepository.
-  #   default-v1-s3-artifact-repository:
-  #     archiveLogs: false
-  #     s3:
-  #       bucket: my-bucket
-  #       endpoint: minio:9000
-  #       insecure: true
-  #       accessKeySecret:
-  #         name: my-minio-cred
-  #         key: accesskey
-  #       secretKeySecret:
-  #         name: my-minio-cred
-  #         key: secretkey
-  #    # 2nd data
-  #    oss-artifact-repository:
-  #      archiveLogs: false
-  #      oss:
-  #        endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com
-  #        bucket: $mybucket
-  #        # accessKeySecret and secretKeySecret are secret selectors.
-  #        # It references the k8s secret named 'bucket-workflow-artifect-credentials'.
-  #        # This secret is expected to have have the keys 'accessKey'
-  #        # and 'secretKey', containing the base64 encoded credentials
-  #        # to the bucket.
-  #        accessKeySecret:
-  #          name: $mybucket-credentials
-  #          key: accessKey
-  #        secretKeySecret:
-  #          name: $mybucket-credentials
-  #          key: secretKey
-  # # 2nd ConfigMap
-  # another-artifact-repositories:
-  #   annotations:
-  #     workflows.argoproj.io/default-artifact-repository: gcs
-  #   gcs:
-  #     bucket: my-bucket
-  #     keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}}
-  #     serviceAccountKeySecret:
-  #       name: my-gcs-credentials
-#       key: serviceAccountKey
-
-emissary:
-  # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used.
-  ## See more: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary
-  images: []
-  #  argoproj/argosay:v2:
-  #    cmd: [/argosay]
-  #  docker/whalesay:latest:
-  #    cmd: [/bin/bash]

apps/argo/config/user/helm-charts/argo/templates/argo_deployment.yaml

@@ -1,174 +1,4 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $rss_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
-{{- $password := "" -}}
-{{ if $rss_secret -}}
-{{ $password = (index $rss_secret "data" "pg_password") }}
-{{ else -}}
-{{ $password = randAlphaNum 16 | b64enc }}
-{{- end -}}
 
-{{- $redis_password := "" -}}
-{{ if $rss_secret -}}
-{{ $redis_password = (index $rss_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-
-{{- $redis_password_data := "" -}}
-{{ $redis_password_data = $redis_password | b64dec }}
-
-{{- $pg_password_data := "" -}}
-{{ $pg_password_data = $password | b64dec }}
-
-{{- $mongo_secret := (lookup "v1" "Secret" .Release.Namespace "knowledge-mongodb") -}}
-{{- $mongo_password := randAlphaNum 16 | b64enc -}}
-
-{{- $mongo_password_data := "" -}}
-{{ if $mongo_secret -}}
-  {{ $mongo_password_data = (index $mongo_secret "data" "mongodb-passwords" ) | b64dec }}
-{{ else -}}
-  {{ $mongo_password_data = $mongo_password | b64dec }}
-{{- end -}}
-
-{{- $pg_user :=  printf "%s%s" "rss_" .Values.bfl.username -}}
-{{- $pg_user = $pg_user | b64enc -}}
-
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rss-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $password }}
-  redis_password: {{ $redis_password }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rss-secrets
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  pg_user: {{ $pg_user }}
-  pg_password: {{ $password }}
-  redis_password: {{ $redis_password }}
-
-
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: knowledge-mongodb
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-
-{{ if $mongo_secret -}}
-data:
-  mongodb-passwords: {{ index $mongo_secret "data" "mongodb-passwords" }}
-{{ else -}}
-data:
-  mongodb-passwords: {{ $mongo_password }}
-{{ end }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: knowledge-mongodb
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-
-{{ if $mongo_secret -}}
-data:
-  mongodb-passwords: {{ index $mongo_secret "data" "mongodb-passwords" }}
-{{ else -}}
-data:
-  mongodb-passwords: {{ $mongo_password }}
-{{ end }}
-
----
-
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: rss-secrets-auth
-  namespace: {{ .Release.Namespace }}
-data:
-  redis_password: "{{ $redis_password_data }}"
-  redis_addr: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379
-  redis_host: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-  redis_port: '6379'
-  pg_url: postgres://rss_{{ .Values.bfl.username }}:{{ $pg_password_data }}@citus-master-svc.user-system-{{ .Values.bfl.username }}/user_space_{{ .Values.bfl.username }}_rss_v1?sslmode=disable
-  mongo_url: mongodb://knowledge-{{ .Values.bfl.username }}:{{ $mongo_password_data }}@mongo-cluster-mongos.user-system-{{ .Values.bfl.username }}:27017/{{ .Release.Namespace }}_knowledge
-  mongo_db: {{ .Release.Namespace }}_knowledge
-  postgres_host: citus-master-svc.user-system-{{ .Values.bfl.username }}
-  postgres_user: knowledge_{{ .Values.bfl.username }}
-  postgres_password: "{{ $pg_password_data }}"
-  postgres_db: user_space_{{ .Values.bfl.username }}_knowledge
-  postgres_port: '5432'
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: rss-userspace-data
-  namespace: {{ .Release.Namespace }}
-data:
-  appData: "{{ .Values.userspace.appData }}"
-  appCache: "{{ .Values.userspace.appCache }}"
-  username: "{{ .Values.bfl.username }}"
-
-
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: rss-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: rss
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: rss_{{ .Values.bfl.username }}
-    password: 
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: rss-secrets
-    databases:
-    - name: rss
-    - name: rss_v1
-    - name: argo
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: knowledge-redis
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: rss
-  appNamespace: {{ .Release.Namespace }}
-  middleware: redis
-  redis:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: redis_password
-          name: rss-secrets
-    namespace: knowledge
-
----
-    
 apiVersion: v1
 kind: Service
 metadata:
@@ -183,3 +13,22 @@ spec:
       name: fakes3
       port: 4568
       targetPort: 4568
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: knowledge-base-api
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  type: ClusterIP
+  selector:
+    app: systemserver
+  ports:
+    - protocol: TCP
+      name: knowledge-api
+      port: 3010
+      targetPort: 3010  
+
+
+

apps/argo/config/user/helm-charts/argo/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   nodeport: 30883
   nodeport_ingress_http: 30083
@@ -40,4 +39,4 @@ os:
     appKey: '${ks[0]}'
     appSecret: test
 kubesphere:
-  redis_password: ""
+  redis_password: ""

apps/argo/config/user/helm-charts/recommend/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

apps/argo/config/user/helm-charts/recommend/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: recommend
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

apps/argo/config/user/helm-charts/recommend/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "recommend.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "recommend.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "recommend.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "recommend.labels" -}}
-helm.sh/chart: {{ include "recommend.chart" . }}
-{{ include "recommend.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "recommend.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "recommend.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "recommend.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "recommend.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

apps/argo/config/user/helm-charts/recommend/templates/argo_fe_deploy.yaml

@@ -1,64 +0,0 @@
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: recommend
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ExternalName
-  externalName: argoworkflows-svc.{{ .Release.Namespace }}.svc.cluster.local
-  ports:
-    - name: http
-      port: 2746
-      protocol: TCP
-      targetPort: 2746
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: argoworkflows-ui
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-    - port: 80
-      protocol: TCP
-      targetPort: 8080
-  selector:
-    app: recommend
-  type: ClusterIP
-
-
-
----
-apiVersion: v1
-data:
-  nginx.conf: |
-    # Configuration checksum:
-
-    pid /var/run/nginx.pid;
-
-    worker_processes auto;
-
-    events {
-      worker_connections 1024;
-    }
-
-    http {
-      server {
-        listen 8080;
-
-        location / {
-          proxy_pass http://recommend:2746;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-      }
-    }
-kind: ConfigMap
-metadata:
-  name: recommend-nginx-configs
-  namespace: {{ .Release.Namespace }}
-

apps/desktop/config/user/helm-charts/desktop/templates/desktop_deploy.yaml

@@ -66,7 +66,7 @@ spec:
 
       containers:
       - name: edge-desktop
-        image: beclab/desktop:v0.2.56
+        image: beclab/desktop:v0.2.59
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: false
@@ -78,7 +78,7 @@ spec:
             value: http://bfl.{{ .Release.Namespace }}:8080
 
       - name: desktop-server
-        image: beclab/desktop-server:v0.2.56
+        image: beclab/desktop-server:v0.2.59
         imagePullPolicy: IfNotPresent
         securityContext:
           allowPrivilegeEscalation: false
@@ -156,7 +156,7 @@ spec:
       - name: userspace-dir
         hostPath:
           type: Directory
-          path: {{ .Values.userspace.userData }}
+          path: '{{ .Values.userspace.userData }}'
       - name: terminus-sidecar-config
         configMap:
           name: sidecar-ws-configs

apps/desktop/config/user/helm-charts/desktop/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   username: 'test'
   url: 'test'

apps/download/README.md

@@ -1,3 +0,0 @@
-# vault
-
-https://github.com/beclab/analytic

apps/download/config/user/helm-charts/download/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

apps/download/config/user/helm-charts/download/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: download
-description: A Helm chart for Kubernetes
-maintainers:
-- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

apps/download/config/user/helm-charts/download/templates/download_deploy.yaml

@@ -1,321 +0,0 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $download_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
-
-{{- $pg_password := "" -}}
-{{ if $download_secret -}}
-{{ $pg_password = (index $download_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password := "" -}}
-{{ if $download_secret -}}
-{{ $redis_password = (index $download_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $download_nats_secret := (lookup "v1" "Secret" $namespace "download-secrets") -}}
-{{- $nat_password := "" -}}
-{{ if $download_nats_secret -}}
-{{ $nat_password = (index $download_nats_secret "data" "nat_password") }}
-{{ else -}}
-{{ $nat_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: download-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
-  redis_password: {{ $redis_password }}
-  nat_password: {{ $nat_password }}
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: download-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: download
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: knowledge_{{ .Values.bfl.username }}
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: download-secrets
-    databases:
-    - name: knowledge
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: download-nat
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: download
-  appNamespace: {{ .Release.Namespace }}
-  middleware: nats
-  nats:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: nat_password
-          name: download-secrets
-    refs: []
-    subjects:
-    - name: download_status
-      permission:
-        pub: allow
-        sub: allow
-      export:
-      - appName: knowledge
-        sub: allow
-        pub: allow
-    user: user-system-{{ .Values.bfl.username }}-download
----
-
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: download
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: download
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: download
-  template:
-    metadata:
-      labels:
-        app: download
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-
-      initContainers:
-      - name: init-data
-        image: busybox:1.28
-        securityContext:
-          privileged: true
-          runAsNonRoot: false
-          runAsUser: 0
-        volumeMounts:
-        - name: config-dir
-          mountPath: /config
-        - name: download-dir
-          mountPath: /downloads
-        command:
-        - sh
-        - -c
-        - |
-          chown -R 1000:1000 /config && \
-          chown -R 1000:1000 /downloads
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: knowledge_{{ .Values.bfl.username }}
-          - name: PGPASSWORD
-            value: {{ $pg_password | b64dec }}
-          - name: PGDB
-            value: user_space_{{ .Values.bfl.username }}_knowledge
-      containers:
-      - name: aria2
-        image: "beclab/aria2:v0.0.4"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-        ports:
-        - containerPort: 6800
-        - containerPort: 6888
-        env:
-        - name: RPC_SECRET
-          value: kubespider
-        - name: PUID
-          value: "1000"
-        - name: PGID
-          value: "1000"
-        volumeMounts:
-        - name: download-dir
-          mountPath: /downloads
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-      - name: yt-dlp
-        image: "beclab/yt-dlp:v0.0.21"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        ports:
-        - containerPort: 3082
-        env:
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        - name: SETTING_URL
-          value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
-        - name: REDIS_HOST
-          value: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-        - name: REDIS_PASSWORD
-          value: {{ $redis_password | b64dec }}
-        - name: NATS_HOST
-          value: nats.user-system-{{ .Values.bfl.username }}
-        - name: NATS_PORT
-          value: "4222"
-        - name: NATS_USERNAME
-          value: user-system-{{ .Values.bfl.username }}-download
-        - name: NATS_PASSWORD
-          value: {{ $nat_password | b64dec }}
-        - name: NATS_SUBJECT
-          value: "terminus.{{ .Release.Namespace }}.download_status"
-        volumeMounts:
-        - name: config-dir
-          mountPath: /app/config
-        - name: download-dir
-          mountPath: /app/downloads
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-      - name: download-spider
-        image: "beclab/download-spider:v0.0.21"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        env:
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        - name: REDIS_HOST
-          value: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-        - name: REDIS_PASSWORD
-          value: {{ $redis_password | b64dec }}
-        - name: NATS_HOST
-          value: nats.user-system-{{ .Values.bfl.username }}
-        - name: NATS_PORT
-          value: "4222"
-        - name: NATS_USERNAME
-          value: user-system-{{ .Values.bfl.username }}-download
-        - name: NATS_PASSWORD
-          value: {{ $nat_password | b64dec }}
-        - name: NATS_SUBJECT
-          value: "terminus.{{ .Release.Namespace }}.download_status"
-        - name: SETTING_URL
-          value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
-        volumeMounts:
-        - name: download-dir
-          mountPath: /downloads
-        
-        ports:
-        - containerPort: 3080
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-
-      volumes:
-      - name: config-dir
-        hostPath: 
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.appData}}/Downloads/config
-      - name: download-dir
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.userData }}
-
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: download-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: download
-  ports:
-    - name: "download-spider"
-      protocol: TCP
-      port: 3080
-      targetPort: 3080
-    - name: "aria2-server"
-      protocol: TCP
-      port: 6800
-      targetPort: 6800
-    - name: ytdlp-server
-      protocol: TCP
-      port: 3082
-      targetPort: 3082
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: download-api
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  type: ClusterIP
-  selector:
-    app: systemserver
-  ports:
-    - protocol: TCP
-      name: download-api
-      port: 3080
-      targetPort: 3080  
-
-

apps/download/config/user/helm-charts/download/values.yaml

@@ -1,43 +0,0 @@
-
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  wise:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""

apps/files/config/cluster/deploy/files_deploy.yaml

@@ -43,8 +43,8 @@ spec:
       labels:
         app: files
       annotations:
-        # instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
-        # instrumentation.opentelemetry.io/inject-nginx-container-names: "nginx"    
+        instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-nginx-container-names: "nginx"    
         instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
         instrumentation.opentelemetry.io/go-container-names: "gateway,files,uploader"    
         instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/filebrowser"
@@ -73,6 +73,28 @@ spec:
           - -c
           - |
             chown -R 1000:1000 /appdata; chown -R 1000:1000 /appcache; chown -R 1000:1000 /data
+        - name: init-container
+          image: 'postgres:16.0-alpine3.18'
+          command:
+            - sh
+            - '-c'
+            - >-
+              echo -e "Checking for the availability of PostgreSQL Server
+              deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB1
+              -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >>
+              PostgreSQL DB Server has started";
+          env:
+            - name: PGHOST
+              value: citus-headless.os-system
+            - name: PGPORT
+              value: '5432'
+            - name: PGUSER
+              value: files_os_system
+            - name: PGPASSWORD
+              value: {{ $files_postgres_password | b64dec }}
+            - name: PGDB1
+              value: os_system_files
+
       containers:
         - name: gateway
           image: beclab/appdata-gateway:0.1.18
@@ -84,7 +106,7 @@ spec:
             - containerPort: 8080
           env:
             - name: FILES_SERVER_TAG
-              value: 'beclab/files-server:v0.2.67'
+              value: 'beclab/files-server:v0.2.69'
             - name: NAMESPACE
               valueFrom:
                 fieldRef:
@@ -120,7 +142,7 @@ spec:
 {{ end }}
 
         - name: files
-          image: beclab/files-server:v0.2.67
+          image: beclab/files-server:v0.2.69
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: true
@@ -281,7 +303,7 @@ spec:
             runAsUser: 0
             privileged: true
         - name: nginx
-          image: 'nginx:stable-alpine3.17-slim'
+          image: 'eball/nginx-header-more:test-3'
           securityContext:
             runAsNonRoot: false
             runAsUser: 0
@@ -304,14 +326,14 @@ spec:
         - name: userspace-dir
           hostPath:
             type: Directory
-            path: {{ .Values.rootPath }}/rootfs/userspace
+            path: '{{ .Values.rootPath }}/rootfs/userspace'
         - name: fb-data
           hostPath:
             type: DirectoryOrCreate
-            path: {{ .Values.rootPath }}/userdata/Cache/files
+            path: '{{ .Values.rootPath }}/userdata/Cache/files'
         - name: upload-appdata
           hostPath:
-            path: {{ .Values.rootPath }}/userdata/Cache
+            path: '{{ .Values.rootPath }}/userdata/Cache'
             type: DirectoryOrCreate
         - name: files-nginx-config
           configMap:
@@ -324,13 +346,13 @@ spec:
             defaultMode: 420
         - name: user-appdata-dir
           hostPath:
-            path: {{ .Values.rootPath }}/userdata/Cache
+            path: '{{ .Values.rootPath }}/userdata/Cache'
             type: Directory
         
 {{ if .Values.sharedlib }}        
         - name: shared-lib
           hostPath:
-            path: {{ .Values.sharedlib }}
+            path: "{{ .Values.sharedlib }}"
             type: Directory
 {{ end }}            
 
@@ -412,7 +434,7 @@ spec:
           name: check-nats
       containers:
         - name: files
-          image: beclab/files-server:v0.2.67
+          image: beclab/files-server:v0.2.69
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: true
@@ -447,11 +469,11 @@ spec:
         - name: user-appdata-dir
           hostPath:
             type: Directory
-            path: {{ .Values.rootPath }}/userdata/Cache
+            path: '{{ .Values.rootPath }}/userdata/Cache'
         - name: fb-data
           hostPath:
             type: DirectoryOrCreate
-            path: {{ .Values.rootPath }}/userdata/Cache/files-appdata
+            path: '{{ .Values.rootPath }}/userdata/Cache/files-appdata'
 
 ---
 apiVersion: v1

apps/files/config/user/helm-charts/files/templates/files_fe_deploy.yaml

@@ -114,9 +114,11 @@ spec:
         io.bytetrade.app: "true"
       annotations:
         # support nginx 1.24.3 1.25.3
-        # instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
-        # instrumentation.opentelemetry.io/inject-nginx-container-names: "files-frontend"    
-        # instrumentation.opentelemetry.io/otel-go-auto-target-exe: "drive"
+        instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-nginx-container-names: "files-frontend"    
+        instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
+        instrumentation.opentelemetry.io/go-container-names: "driver-server"    
+        instrumentation.opentelemetry.io/otel-go-auto-target-exe: "drive"
     spec:
       serviceAccountName: bytetrade-controller
       securityContext:
@@ -204,6 +206,20 @@ spec:
             value: "{{ $pg_password | b64dec }}"
           - name: PGDB
             value: user_space_{{ .Values.bfl.username }}_cloud_drive_integration
+      - name: files-frontend-init
+        image: beclab/files-frontend:v1.3.61
+        imagePullPolicy: IfNotPresent
+        volumeMounts:
+          - name: app
+            mountPath: /cp_app
+          - name: nginx-confd
+            mountPath: /confd
+        command:
+        - sh
+        - -c
+        - |
+          cp -rf /app/* /cp_app/. && cp -rf /etc/nginx/conf.d/* /confd/.
+
       containers:
 #      - name: gateway
 #        image: beclab/appdata-gateway:0.1.12
@@ -302,7 +318,7 @@ spec:
 #        - /filebrowser
 #        - --noauth
       - name: files-frontend
-        image: beclab/files-frontend:v1.3.45
+        image: eball/nginx-header-more:test-3
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: false
@@ -323,8 +339,12 @@ spec:
         volumeMounts:
         - name: userspace-dir
           mountPath: /data
+        - name: app
+          mountPath: /app
+        - name: nginx-confd
+          mountPath: /etc/nginx/conf.d
       - name: drive-server
-        image: beclab/drive:v0.0.70
+        image: beclab/drive:v0.0.72
         imagePullPolicy: IfNotPresent
         env:
         - name: OS_SYSTEM_SERVER
@@ -347,7 +367,7 @@ spec:
         - name: data-dir
           mountPath: /data
       - name: task-executor
-        image: beclab/driveexecutor:v0.0.70
+        image: beclab/driveexecutor:v0.0.72
         imagePullPolicy: IfNotPresent
         env:
         - name: OS_SYSTEM_SERVER
@@ -433,42 +453,46 @@ spec:
       volumes:
       - name: data-dir
         hostPath:
-          path: {{ .Values.rootPath }}/rootfs/userspace
+          path: '{{ .Values.rootPath }}/rootfs/userspace'
           type: Directory
       - name: watch-dir
         hostPath:
           type: Directory
-          path: {{ .Values.userspace.userData }}/Documents
+          path: '{{ .Values.userspace.userData }}/Documents'
       - name: userspace-dir
         hostPath:
           type: Directory
-          path: {{ .Values.userspace.userData }}
+          path: '{{ .Values.userspace.userData }}'
       - name: userspace-app-dir
         hostPath:
           type: Directory
-          path: {{ .Values.userspace.appData }}
+          path: '{{ .Values.userspace.appData }}'
       - name: fb-data
         hostPath:
           type: DirectoryOrCreate
-          path: {{ .Values.userspace.appCache}}/files
+          path: '{{ .Values.userspace.appCache}}/files'
       - name: upload-data
         hostPath:
           type: Directory
-          path: {{ .Values.userspace.userData }}
+          path: '{{ .Values.userspace.userData }}'
       - name: upload-appdata
         hostPath:
           type: Directory
-          path: {{ .Values.userspace.appCache}}
+          path: '{{ .Values.userspace.appCache}}'
       - name: uploads-temp
         hostPath:
           type: DirectoryOrCreate
-          path: {{ .Values.userspace.appCache }}/files/uploadstemp
+          path: '{{ .Values.userspace.appCache }}/files/uploadstemp'
       - name: terminus-sidecar-config
         configMap:
           name: sidecar-upload-configs
           items:
           - key: envoy.yaml
             path: envoy.yaml
+      - name: app
+        emptyDir: {}
+      - name: nginx-confd
+        emptyDir: {}
 
    
 

apps/files/config/user/helm-charts/files/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   nodeport: 30883
   nodeport_ingress_http: 30083
@@ -46,4 +45,4 @@ os:
     appKey: '${ks[0]}'
     appSecret: test
 kubesphere:
-  redis_password: ""
+  redis_password: ""

apps/knowledge/config/cluster/deploy/knowledge_deployment.yaml

@@ -0,0 +1,646 @@
+{{- $share_secret := (lookup "v1" "Secret" "os-system" "knowledge-share-secrets") -}}
+
+{{- $redis_password := "" -}}
+{{ if $share_secret -}}
+{{ $redis_password = (index $share_secret "data" "redis_password") }}
+{{ else -}}
+{{ $redis_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+{{- $redis_password_data := "" -}}
+{{ $redis_password_data = $redis_password | b64dec }}
+
+
+{{- $pg_password := "" -}}
+{{ if $share_secret -}}
+{{ $pg_password = (index $share_secret "data" "pg_password") }}
+{{ else -}}
+{{ $pg_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+{{- $knowledge_nats_secret := (lookup "v1" "Secret" "os-system" "knowledge-secrets") -}}
+{{- $nat_password := "" -}}
+{{ if $knowledge_nats_secret -}}
+{{ $nat_password = (index $knowledge_nats_secret "data" "nat_password") }}
+{{ else -}}
+{{ $nat_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: knowledge-secrets
+  namespace: os-system
+type: Opaque
+data:
+  nat_password: {{ $nat_password }}
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: knowledge-share-secrets
+  namespace: os-system
+type: Opaque
+data:
+  pg_password: {{ $pg_password }}
+  redis_password: {{ $redis_password }}
+---  
+
+
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: knowledge-pg
+  namespace: os-system
+spec:
+  app: knowledge
+  appNamespace: os-system
+  middleware: postgres
+  postgreSQL:
+    user: knowledge_os_system
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: pg_password
+          name: knowledge-share-secrets
+    databases:
+    - name: knowledge
+      extensions:
+      - pg_trgm
+      - btree_gin
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: knowledge-redis
+  namespace: os-system
+spec:
+  app: rss
+  appNamespace: os-system
+  middleware: redis
+  redis:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: redis_password
+          name: knowledge-share-secrets
+    namespace: knowledge
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: knowledge-nat
+  namespace: os-system
+spec:
+  app: knowledge
+  appNamespace: os-system
+  middleware: nats
+  nats:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: nat_password
+          name: knowledge-secrets
+    refs:
+    - appName: download
+      appNamespace: os-system
+      subjects:
+      - name: download_status
+        perm:
+        - pub
+        - sub
+    user: os-system-knowledge
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: knowledge
+  namespace: os-system
+  labels:
+    app: knowledge
+    applications.app.bytetrade.io/author: bytetrade.io
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: knowledge
+  template:
+    metadata:
+      labels:
+        app: knowledge
+    spec:
+      serviceAccount: os-internal
+      serviceAccountName: os-internal
+      securityContext:
+        runAsUser: 0
+        runAsNonRoot: false
+      initContainers:
+      - name: init-data
+        image: busybox:1.28
+        securityContext:
+          privileged: true
+          runAsNonRoot: false
+          runAsUser: 0
+        volumeMounts:
+        - name: userspace-dir
+          mountPath: /data
+        - name: cache-dir
+          mountPath: /appCache
+        command:
+        - sh
+        - -c
+        - |
+          chown -R 1000:1000 /data && \
+          chown -R 1000:1000 /appCache
+      - name: init-container
+        image: 'postgres:16.0-alpine3.18'
+        command:
+          - sh
+          - '-c'
+          - >-
+            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
+        env:
+          - name: PGHOST
+            value: citus-headless.os-system
+          - name: PGPORT
+            value: "5432"
+          - name: PGUSER
+            value: knowledge_os_system
+          - name: PGPASSWORD
+            value: {{ $pg_password | b64dec }}
+          - name: PGDB
+            value: os_system_knowledge
+      containers:
+      - name: knowledge
+        image: "beclab/knowledge-base-api:v0.12.5"
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsUser: 1000
+        ports:
+        - containerPort: 3010
+        env:
+        - name: BACKEND_URL
+          value: http://127.0.0.1:8080
+        - name: RSSHUB_URL
+          value: 'http://rss-server.os-system:1200'
+        - name: UPLOAD_SAVE_PATH
+          value: '/data/'
+        - name: SEARCH_URL
+          value: 'http://search3.os-system:80'
+        - name: REDIS_PASSWORD
+          value: {{ $redis_password_data }}
+        - name: REDIS_ADDR
+          value: redis-cluster-proxy.os-system
+        - name: PG_USERNAME
+          value: knowledge_os_system
+        - name: PG_PASSWORD
+          value: {{ $pg_password | b64dec }}
+        - name: PG_HOST
+          value: citus-headless.os-system
+        - name: PG_PORT
+          value: "5432"
+        - name: PG_DATABASE
+          value: os_system_knowledge
+        - name: DOWNLOAD_URL
+          value: http://download-svc.os-system:3080
+        - name: YTDLP_DOWNLOAD_URL
+          value: http://download-svc.os-system:3082
+        - name: NATS_HOST
+          value: nats
+        - name: NATS_PORT
+          value: "4222"
+        - name: NATS_USERNAME
+          value: os-system-knowledge
+        - name: NATS_PASSWORD
+          value: {{ $nat_password | b64dec }}
+        - name: NATS_SUBJECT
+          value: terminus.os-system.download_status
+        - name: SOCKET_URL
+          value: 'http://localhost:40010'
+        volumeMounts:
+          - name: userspace-dir
+            mountPath: /data
+        resources:
+          requests:
+            cpu: 20m
+            memory: 50Mi
+          limits:
+            cpu: "1"
+            memory: 1Gi
+
+      - name: backend-server
+        image: "beclab/recommend-backend:v0.12.0"
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsUser: 1000
+        env:
+        - name: LISTEN_ADDR
+          value: 127.0.0.1:8080
+        - name: REDIS_PASSWORD
+          value: {{ $redis_password_data }}
+        - name: REDIS_ADDR
+          value: redis-cluster-proxy.os-system:6379
+        - name: RSS_HUB_URL
+          value: 'http://rss-server.os-system:1200/'
+        - name: WE_CHAT_REFRESH_FEED_URL
+          value: https://recommend-wechat-prd.bttcdn.com/api/wechat/entries
+        - name: WECHAT_ENTRY_CONTENT_GET_API_URL
+          value: https://recommend-wechat-prd.bttcdn.com/api/wechat/entry/content
+        - name: PG_USERNAME
+          value: knowledge_os_system
+        - name: PG_PASSWORD
+          value: {{ $pg_password | b64dec }}
+        - name: PG_HOST
+          value: citus-headless.os-system
+        - name: PG_PORT
+          value: "5432"
+        - name: PG_DATABASE
+          value: os_system_knowledge
+        - name: WATCH_DIR
+          value: /data/
+        - name: YT_DLP_API_URL
+          value: http://download-svc.os-system:3082/api/v1/get_metadata
+        - name: DOWNLOAD_API_URL
+          value: http://download-svc.os-system:3080/api
+        volumeMounts:
+          - name: userspace-dir
+            mountPath: /data
+        ports:
+        - containerPort: 8080
+        resources:
+          requests:
+            cpu: 20m
+            memory: 50Mi
+          limits:
+            cpu: "800m"
+            memory: 400Mi
+
+      - name: sync
+        image: "beclab/recommend-sync:v0.12.0"
+        securityContext:
+          runAsUser: 0
+          runAsNonRoot: false
+        env:
+        - name: USERSPACE_DIRECTORY
+          value: /data
+        - name: KNOWLEDGE_BASE_API_URL
+          value: http://127.0.0.1:3010
+        - name: PG_HOST
+          value: citus-headless.os-system
+        - name: PG_USERNAME
+          value: knowledge_os_system
+        - name: PG_PASSWORD
+          value: {{ $pg_password | b64dec }}
+        - name: PG_DATABASE
+          value: os_system_knowledge
+        - name: PG_PORT
+          value: "5432"
+        - name: TERMINUS_RECOMMEND_REDIS_ADDR
+          value: redis-cluster-proxy.os-system:6379
+        - name: TERMINUS_RECOMMEND_REDIS_PASSOWRD
+          value: {{ $redis_password_data }}
+        volumeMounts:
+          - name: userspace-dir
+            mountPath: /data
+       
+      - name: crawler
+        image: "beclab/recommend-crawler:v0.12.1"
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsUser: 1000
+        env:
+        - name: KNOWLEDGE_BASE_API_URL
+          value: http://127.0.0.1:3010
+        resources:
+          requests:
+            cpu: 20m
+            memory: 50Mi
+          limits:
+            cpu: "800m"
+            memory: 800Mi
+        volumeMounts:
+          - name: cache-dir
+            mountPath: /appCache
+
+      - name: terminus-ws-sidecar
+        image: 'beclab/ws-gateway:v1.0.4'
+        imagePullPolicy: IfNotPresent
+        command:
+          - /ws-gateway
+        env:
+          - name: WS_PORT
+            value: '3010'
+          - name: WS_URL
+            value: /knowledge/websocket/message
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+
+      
+      volumes:
+      - name: userspace-dir
+        hostPath:
+          type: Directory
+          path: '{{ .Values.rootPath }}/rootfs/userspace'
+      - name: cache-dir
+        hostPath:
+          path: '{{ .Values.rootPath }}/userdata/Cache/rss'
+          type: DirectoryOrCreate
+      - name: terminus-sidecar-config
+        configMap:
+          name: sidecar-ws-configs
+          items:
+          - key: envoy.yaml
+            path: envoy.yaml
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rss-svc
+  namespace: os-system
+spec:
+  type: ClusterIP
+  selector:
+    app: knowledge
+  ports:
+    - name: "backend-server"
+      protocol: TCP
+      port: 8080
+      targetPort: 8080
+    - name: "knowledge-base-api"
+      protocol: TCP
+      port: 3010
+      targetPort: 3010
+    - name: "knowledge-websocket"
+      protocol: TCP
+      port: 40010
+      targetPort: 40010
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: knowledge-base-api
+  namespace: os-system
+spec:
+  type: ClusterIP
+  selector:
+    app: systemserver
+  ports:
+    - protocol: TCP
+      name: knowledge-api
+      port: 3010
+      targetPort: 3010  
+
+---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: download-nat
+  namespace: os-system
+spec:
+  app: download
+  appNamespace: os-system
+  middleware: nats
+  nats:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: nat_password
+          name: knowledge-secrets
+    refs: []
+    subjects:
+    - name: download_status
+      permission:
+        pub: allow
+        sub: allow
+      export:
+      - appName: knowledge
+        sub: allow
+        pub: allow
+    user: os-system-download
+---
+
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: download
+  namespace: os-system
+  labels:
+    app: download
+    applications.app.bytetrade.io/author: bytetrade.io
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: download
+  template:
+    metadata:
+      labels:
+        app: download
+    spec:
+      serviceAccount: os-internal
+      serviceAccountName: os-internal
+      securityContext:
+        runAsUser: 0
+        runAsNonRoot: false
+
+      initContainers:
+      - name: init-data
+        image: busybox:1.28
+        securityContext:
+          privileged: true
+          runAsNonRoot: false
+          runAsUser: 0
+        volumeMounts:
+        - name: config-dir
+          mountPath: /config
+        - name: download-dir
+          mountPath: /downloads
+        command:
+        - sh
+        - -c
+        - |
+          chown -R 1000:1000 /config && \
+          chown -R 1000:1000 /downloads
+      - name: init-container
+        image: 'postgres:16.0-alpine3.18'
+        command:
+          - sh
+          - '-c'
+          - >-
+            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
+        env:
+          - name: PGHOST
+            value: citus-headless.os-system
+          - name: PGPORT
+            value: "5432"
+          - name: PGUSER
+            value: knowledge_os_system
+          - name: PGPASSWORD
+            value: {{ $pg_password | b64dec }}
+          - name: PGDB
+            value: os_system_knowledge
+      containers:
+      - name: aria2
+        image: "beclab/aria2:v0.0.4"
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          runAsNonRoot: false
+          runAsUser: 0
+        ports:
+        - containerPort: 6800
+        - containerPort: 6888
+        env:
+        - name: RPC_SECRET
+          value: kubespider
+        - name: PUID
+          value: "1000"
+        - name: PGID
+          value: "1000"
+        volumeMounts:
+        - name: download-dir
+          mountPath: /downloads
+        resources:
+          requests:
+            cpu: 20m
+            memory: 50Mi
+          limits:
+            cpu: "1"
+            memory: 300Mi
+      - name: yt-dlp
+        image: "beclab/yt-dlp:v0.12.2"
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsUser: 1000
+
+        ports:
+        - containerPort: 3082
+        env:
+        - name: PG_USERNAME
+          value: knowledge_os_system
+        - name: PG_PASSWORD
+          value: {{ $pg_password | b64dec }}
+        - name: PG_HOST
+          value: citus-headless.os-system
+        - name: PG_PORT
+          value: "5432"
+        - name: PG_DATABASE
+          value: os_system_knowledge
+        - name: REDIS_HOST
+          value: redis-cluster-proxy.os-system
+        - name: REDIS_PASSWORD
+          value: {{ $redis_password | b64dec }}
+        - name: NATS_HOST
+          value: nats
+        - name: NATS_PORT
+          value: "4222"
+        - name: NATS_USERNAME
+          value: os-system-download
+        - name: NATS_PASSWORD
+          value: {{ $nat_password | b64dec }}
+        - name: NATS_SUBJECT
+          value: terminus.os-system.download_status
+        volumeMounts:
+        - name: config-dir
+          mountPath: /app/config
+        - name: download-dir
+          mountPath: /app/downloads
+        resources:
+          requests:
+            cpu: 20m
+            memory: 50Mi
+          limits:
+            cpu: "1"
+            memory: 300Mi
+      - name: download-spider
+        image: "beclab/download-spider:v0.12.2"
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsUser: 1000
+
+        env:
+        - name: PG_USERNAME
+          value: knowledge_os_system
+        - name: PG_PASSWORD
+          value: {{ $pg_password | b64dec }}
+        - name: PG_HOST
+          value: citus-headless.os-system
+        - name: PG_PORT
+          value: "5432"
+        - name: PG_DATABASE
+          value: os_system_knowledge
+        - name: REDIS_HOST
+          value: redis-cluster-proxy.os-system
+        - name: REDIS_PASSWORD
+          value: {{ $redis_password | b64dec }}
+        - name: NATS_HOST
+          value: nats
+        - name: NATS_PORT
+          value: "4222"
+        - name: NATS_USERNAME
+          value: os-system-download
+        - name: NATS_PASSWORD
+          value: {{ $nat_password | b64dec }}
+        - name: NATS_SUBJECT
+          value: terminus.os-system.download_status
+        volumeMounts:
+        - name: download-dir
+          mountPath: /downloads
+        
+        ports:
+        - containerPort: 3080
+        resources:
+          requests:
+            cpu: 20m
+            memory: 50Mi
+          limits:
+            cpu: "1"
+            memory: 300Mi
+
+      volumes:
+      - name: config-dir
+        hostPath: 
+          type: DirectoryOrCreate
+          path: '{{ .Values.rootPath }}/userdata/Cache/download'
+      - name: download-dir
+        hostPath:
+          type: DirectoryOrCreate
+          path: '{{ .Values.rootPath }}/rootfs/userspace'
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: download-svc
+  namespace: os-system
+spec:
+  type: ClusterIP
+  selector:
+    app: download
+  ports:
+    - name: "download-spider"
+      protocol: TCP
+      port: 3080
+      targetPort: 3080
+    - name: "aria2-server"
+      protocol: TCP
+      port: 6800
+      targetPort: 6800
+    - name: ytdlp-server
+      protocol: TCP
+      port: 3082
+      targetPort: 3082

apps/knowledge/config/user/helm-charts/knowledge/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

apps/knowledge/config/user/helm-charts/knowledge/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: knowledge
-description: A Helm chart for Kubernetes
-maintainers:
-- name: bytetrade
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

apps/knowledge/config/user/helm-charts/knowledge/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "knowledge.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "knowledge.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "knowledge.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "knowledge.labels" -}}
-helm.sh/chart: {{ include "knowledge.chart" . }}
-{{ include "knowledge.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "knowledge.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "knowledge.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "knowledge.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "knowledge.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

apps/knowledge/config/user/helm-charts/knowledge/templates/knowledge_deployment.yaml

@@ -1,570 +0,0 @@
-{{- $namespace := printf "%s%s" "user-system-" .Values.bfl.username -}}
-{{- $knowledge_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
-
-{{- $redis_password := "" -}}
-{{ if $knowledge_secret -}}
-{{ $redis_password = (index $knowledge_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password_data := "" -}}
-{{ $redis_password_data = $redis_password | b64dec }}
-
-
-{{- $pg_password := "" -}}
-{{ if $knowledge_secret -}}
-{{ $pg_password = (index $knowledge_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $knowledge_nats_secret := (lookup "v1" "Secret" $namespace "knowledge-secrets") -}}
-{{- $nat_password := "" -}}
-{{ if $knowledge_nats_secret -}}
-{{ $nat_password = (index $knowledge_nats_secret "data" "nat_password") }}
-{{ else -}}
-{{ $nat_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: knowledge-secrets
-  namespace: user-system-{{ .Values.bfl.username }}
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
-  nat_password: {{ $nat_password }}
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: knowledge-pg
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: knowledge
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: knowledge_{{ .Values.bfl.username }}
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: knowledge-secrets
-    databases:
-    - name: knowledge
-      extensions:
-      - pg_trgm
-      - btree_gin
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: knowledge-nat
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  app: knowledge
-  appNamespace: {{ .Release.Namespace }}
-  middleware: nats
-  nats:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: nat_password
-          name: knowledge-secrets
-    refs:
-    - appName: download
-      appNamespace: {{ .Release.Namespace }}
-      subjects:
-      - name: download_status
-        perm:
-        - pub
-        - sub
-    user: user-system-{{ .Values.bfl.username }}-knowledge
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: knowledge-secrets-auth
-  namespace: {{ .Release.Namespace }}
-data:
-  redis_password: {{ $redis_password_data }}
-  redis_addr: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}:6379
-  redis_host: redis-cluster-proxy.user-system-{{ .Values.bfl.username }}
-  redis_port: '6379'
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: knowledge-userspace-data
-  namespace: {{ .Release.Namespace }}
-data:
-  appData: "{{ .Values.userspace.appData }}"
-  appCache: "{{ .Values.userspace.appCache }}"
-  username: "{{ .Values.bfl.username }}"
-
----
-
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: knowledge
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: knowledge
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: knowledge
-  template:
-    metadata:
-      labels:
-        app: knowledge
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-
-      initContainers:
-      - name: init-data
-        image: busybox:1.28
-        securityContext:
-          privileged: true
-          runAsNonRoot: false
-          runAsUser: 0
-        volumeMounts:
-        - name: juicefs
-          mountPath: /juicefs
-        command:
-        - sh
-        - -c
-        - |
-          chown -R 1000:1000 /juicefs
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: knowledge_{{ .Values.bfl.username }}
-          - name: PGPASSWORD
-            value: {{ $pg_password | b64dec }}
-          - name: PGDB
-            value: user_space_{{ .Values.bfl.username }}_knowledge
-      containers:
-      - name: knowledge
-        image: "beclab/knowledge-base-api:v0.1.68"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        ports:
-        - containerPort: 3010
-        env:
-        - name: BACKEND_URL
-          value: http://127.0.0.1:8080
-        - name: RSSHUB_URL
-          value: 'http://rss-server.os-system:1200'
-        - name: UPLOAD_SAVE_PATH
-          value: '/data/Home/Documents/'
-        - name: SEARCH_URL
-          value: 'http://search3.os-system:80'
-        - name: REDIS_PASSWORD
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_password
-        - name: REDIS_ADDR
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_addr
-        - name: PDF_SAVE_PATH
-          value: /data/Home/Documents/Pdf/
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        - name: DOWNLOAD_URL
-          value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080
-        - name: BFL_USER_NAME
-          value: "{{ .Values.bfl.username }}"
-        - name: SETTING_URL
-          value: http://system-server.user-system-{{ .Values.bfl.username }}
-        - name: NATS_HOST
-          value: nats.user-system-{{ .Values.bfl.username }}
-        - name: NATS_PORT
-          value: "4222"
-        - name: NATS_USERNAME
-          value: user-system-{{ .Values.bfl.username }}-knowledge
-        - name: NATS_PASSWORD
-          value: {{ $nat_password | b64dec }}
-        - name: NATS_SUBJECT
-          value: "terminus.{{ .Release.Namespace }}.download_status"
-        - name: SOCKET_URL
-          value: 'http://localhost:40010'
-        volumeMounts:
-        - name: watch-dir
-          mountPath: /data/Home/Documents
-
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 1Gi
-
-      - name: backend-server
-        image: "beclab/recommend-backend:v0.0.30"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        env:
-        - name: LISTEN_ADDR
-          value: 127.0.0.1:8080
-        - name: REDIS_PASSWORD
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_password
-        - name: REDIS_ADDR
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_addr
-        - name: OS_SYSTEM_SERVER
-          value: system-server.user-system-{{ .Values.bfl.username }}
-        - name: OS_APP_SECRET
-          value: '{{ .Values.os.wise.appSecret }}'
-        - name: OS_APP_KEY
-          value: {{ .Values.os.wise.appKey }}
-        - name: RSS_HUB_URL
-          value: 'http://rss-server.os-system:1200/'
-        - name: WE_CHAT_REFRESH_FEED_URL
-          value: https://recommend-wechat-prd.bttcdn.com/api/wechat/entries
-        - name: WECHAT_ENTRY_CONTENT_GET_API_URL
-          value: https://recommend-wechat-prd.bttcdn.com/api/wechat/entry/content
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        - name: WATCH_DIR
-          value: /data/Home/Downloads
-        - name: NOTIFY_SERVER
-          value: fsnotify-svc.user-system-{{ .Values.bfl.username }}:5079
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.name
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        - name: CONTAINER_NAME
-          value: backend-server
-        - name: YT_DLP_API_URL
-          value: http://download-svc.user-space-{{ .Values.bfl.username }}:3082/api/v1/get_metadata
-        - name: DOWNLOAD_API_URL
-          value: http://download-svc.user-space-{{ .Values.bfl.username }}:3080/api
-        - name: SETTING_API_URL
-          value: http://system-server.user-system-{{ .Values.bfl.username }}/legacy/v1alpha1/service.settings/v1/api/cookie/retrieve
-        volumeMounts:
-          - name: watch-dir
-            mountPath: /data/Home/Downloads
-        ports:
-        - containerPort: 8080
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "800m"
-            memory: 400Mi
-
-      - name: sync
-        image: "beclab/recommend-sync:v0.0.15"
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        env:
-        - name: TERMIUS_USER_NAME
-          value: "{{ .Values.bfl.username }}"
-        - name: JUICEFS_ROOT_DIRECTORY
-          value: /juicefs
-        - name: KNOWLEDGE_BASE_API_URL
-          value: http://127.0.0.1:3010
-        - name: PG_HOST
-          value: citus-master-svc.user-system-{{ .Values.bfl.username }}
-        - name: PG_USERNAME
-          value: knowledge_{{ .Values.bfl.username }}
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_DATABASE
-          value: user_space_{{ .Values.bfl.username }}_knowledge
-        - name: PG_PORT
-          value: "5432"
-        - name: TERMINUS_RECOMMEND_REDIS_ADDR
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_addr
-        - name: TERMINUS_RECOMMEND_REDIS_PASSOWRD
-          valueFrom:
-            configMapKeyRef:
-              name: knowledge-secrets-auth
-              key: redis_password
-        volumeMounts:
-        - name: juicefs
-          mountPath: /juicefs
-       
-      - name: crawler
-        image: "beclab/recommend-crawler:v0.0.14"
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        env:
-        - name: TERMIUS_USER_NAME
-          value: "{{ .Values.bfl.username }}"
-        - name: KNOWLEDGE_BASE_API_URL
-          value: http://127.0.0.1:3010
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "800m"
-            memory: 800Mi
-
-      - name: terminus-ws-sidecar
-        image: 'beclab/ws-gateway:v1.0.4'
-        imagePullPolicy: IfNotPresent
-        command:
-          - /ws-gateway
-        env:
-          - name: WS_PORT
-            value: '3010'
-          - name: WS_URL
-            value: /knowledge/websocket/message
-        resources: {}
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-
-      - name: recommend-debug
-        image: "beclab/recommenddebug:v0.0.25"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        env:
-          - name: KNOWLEDGE_BASE_API_URL
-            value: http://127.0.0.1:3010
-        volumeMounts:
-          - mountPath: /opt/rank_model
-            name: model
-
-      volumes:
-      - name: watch-dir
-        hostPath:
-          type: Directory
-          path: {{ .Values.userspace.userData }}
-      - name: juicefs
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.appData }}/rss/data
-          
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-ws-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-      - name: model
-        hostPath:
-          type: DirectoryOrCreate
-          path: {{ .Values.userspace.appData }}/rss/model
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: rss-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: knowledge
-  ports:
-    - name: "backend-server"
-      protocol: TCP
-      port: 8080
-      targetPort: 8080
-    # - name: "rss-sdk"
-    #   protocol: TCP
-    #   port: 3000
-    #   targetPort: 3000
-    - name: "knowledge-base-api"
-      protocol: TCP
-      port: 3010
-      targetPort: 3010
-    - name: "knowledge-websocket"
-      protocol: TCP
-      port: 40010
-      targetPort: 40010
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: knowledge-base-api
-  namespace: user-system-{{ .Values.bfl.username }}
-spec:
-  type: ClusterIP
-  selector:
-    app: systemserver
-  ports:
-    - protocol: TCP
-      name: knowledge-api
-      port: 3010
-      targetPort: 3010  
----
-#apiVersion: v1
-#data:
-#  mappings: |
-#    {
-#      "properties": {
-#        "@timestamp": {
-#          "type": "date",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "_id": {
-#          "type": "keyword",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "content": {
-#          "type": "text",
-#          "index": true,
-#          "store": true,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": true
-#        },
-#        "created": {
-#          "type": "numeric",
-#          "index": true,
-#          "store": false,
-#          "sortable": true,
-#          "aggregatable": true,
-#          "highlightable": false
-#        },
-#        "format_name": {
-#          "type": "text",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "md5": {
-#          "type": "text",
-#          "analyzer": "keyword",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "meta": {
-#          "type": "text",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "name": {
-#          "type": "text",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        },
-#        "where": {
-#          "type": "text",
-#          "analyzer": "keyword",
-#          "index": true,
-#          "store": false,
-#          "sortable": false,
-#          "aggregatable": false,
-#          "highlightable": false
-#        }
-#      }
-#    }
-#kind: ConfigMap
-#metadata:
-#  name: zinc-knowledge
-#  namespace: user-system-{{ .Values.bfl.username }}
-#---
-
-
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: SysEventRegistry
-metadata:
-  name: konwledgebase-recommend-install-cb
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: subscriber
-  event: recommend.install
-  callback: http://rss-svc.{{ .Release.Namespace }}:3010/knowledge/algorithm/recommend/install
-  
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: SysEventRegistry
-metadata:
-  name: konwledgebase-recommend-uninstall-cb
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: subscriber
-  event: recommend.uninstall
-  callback: http://rss-svc.{{ .Release.Namespace }}:3010/knowledge/algorithm/recommend/uninstall

apps/knowledge/config/user/helm-charts/knowledge/values.yaml

@@ -1,43 +0,0 @@
-
-bfl:
-  nodeport: 30883
-  nodeport_ingress_http: 30083
-  nodeport_ingress_https: 30082
-  username: 'test'
-  url: 'test'
-  nodeName: test
-pvc:
-  userspace: test
-userspace:
-  userData: test/Home
-  appData: test/Data
-  appCache: test
-  dbdata: test
-docs:
-  nodeport: 30881
-desktop:
-  nodeport: 30180
-os:
-  portfolio:
-    appKey: '${ks[0]}'
-    appSecret: test
-  vault:
-    appKey: '${ks[0]}'
-    appSecret: test
-  desktop:
-    appKey: '${ks[0]}'
-    appSecret: test
-  message:
-    appKey: '${ks[0]}'
-    appSecret: test
-  wise:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search:
-    appKey: '${ks[0]}'
-    appSecret: test
-  search2:
-    appKey: '${ks[0]}'
-    appSecret: test
-kubesphere:
-  redis_password: ""

apps/market/config/user/helm-charts/market/templates/market_deploy.yaml

@@ -43,7 +43,14 @@ spec:
       labels:
         app: appstore
         io.bytetrade.app: "true"
+      annotations:
+        instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
+        instrumentation.opentelemetry.io/go-container-names: "appstore-backend"    
+        instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/opt/app/market"
+        instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-nginx-container-names: "appstore"    
     spec:
+      priorityClassName: "system-cluster-critical"
       initContainers:
         - args:
           - -it
@@ -83,14 +90,33 @@ spec:
               fieldRef:
                 apiVersion: v1
                 fieldPath: status.podIP
+        - name: nginx-init
+          image: beclab/market-frontend:v0.3.11
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: app
+              mountPath: /cp_app
+            - name: nginx-confd
+              mountPath: /confd
+          command:
+          - sh
+          - -c
+          - |
+            cp -rf /app/* /cp_app/. && cp -rf /etc/nginx/conf.d/* /confd/.            
       containers:
       - name: appstore
-        image: beclab/market-frontend:v0.3.9
+        image: eball/nginx-header-more:test-3
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
+        volumeMounts:
+        - name: app
+          mountPath: /app
+        - name: nginx-confd
+          mountPath: /etc/nginx/conf.d
+        
       - name: appstore-backend
-        image: beclab/market-backend:v0.3.9
+        image: beclab/market-backend:v0.3.11
         imagePullPolicy: IfNotPresent
         ports:
           - containerPort: 81
@@ -191,8 +217,12 @@ spec:
             path: envoy.yaml
       - name: opt-data
         hostPath:
-          path: {{ .Values.userspace.appData}}/appstore/data
+          path: '{{ .Values.userspace.appData}}/appstore/data'
           type: DirectoryOrCreate
+      - name: app
+        emptyDir: {}
+      - name: nginx-confd
+        emptyDir: {}
 
 ---
 apiVersion: v1

apps/market/config/user/helm-charts/market/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   nodeport: 30883
   nodeport_ingress_http: 30083
@@ -42,4 +41,4 @@ os:
   appstore:
     marketProvider: ''
 kubesphere:
-  redis_password: ""
+  redis_password: ""

apps/notifications/config/cluster/deploy/notification_deploy.yaml

@@ -83,6 +83,23 @@ spec:
         permission:
           pub: allow
           sub: allow
+      - export:
+          - appName: lldap
+            pub: allow
+            sub: allow
+          - appName: vault-server
+            pub: deny
+            sub: allow
+          - appName: seahub
+            pub: deny
+            sub: allow
+          - appName: knowledge
+            pub: deny
+            sub: allow
+        name: system.users
+        permission:
+          pub: allow
+          sub: allow
     user: os-system-notifications
 
 ---
@@ -131,7 +148,7 @@ spec:
             value: os_system_notifications
       containers:
       - name: notifications-api
-        image: beclab/notifications-api:v1.12.2
+        image: beclab/notifications-api:v1.12.3
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010
@@ -160,6 +177,8 @@ spec:
               name: notifications-secrets
         - name: NATS_SUBJECT
           value: "terminus.{{ .Release.Namespace }}.system.notification"
+        - name: NATS_SUBJECT_SYSTEM_USERS
+          value: "terminus.{{ .Release.Namespace }}.system.users"
 
         livenessProbe:
           tcpSocket:

apps/notifications/config/user/helm-charts/notification/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   nodeport: 30883
   nodeport_ingress_http: 30083
@@ -40,4 +39,4 @@ os:
     appKey: '${ks[0]}'
     appSecret: test
 kubesphere:
-  redis_password: ""
+  redis_password: ""

apps/studio/config/user/helm-charts/studio/templates/deployment.yaml

@@ -125,14 +125,14 @@ spec:
         - name: chart
           hostPath:
             type: DirectoryOrCreate
-            path: {{ .Values.userspace.appData}}/studio/Chart
+            path: '{{ .Values.userspace.appData}}/studio/Chart'
         - name: data
           hostPath:
             type: DirectoryOrCreate
-            path: {{ .Values.userspace.appData }}/studio/Data
+            path: '{{ .Values.userspace.appData }}/studio/Data'
         - name: storage-volume
           hostPath:
-            path: {{ .Values.userspace.appData }}/studio/helm-repo-dev
+            path: '{{ .Values.userspace.appData }}/studio/helm-repo-dev'
             type: DirectoryOrCreate
         - name: config-san
           configMap:
@@ -196,7 +196,7 @@ spec:
               -A PROXY_OUTBOUND -p tcp --dport 6379 -j RETURN
               -A PROXY_OUTBOUND -p tcp --dport 27017 -j RETURN
               -A PROXY_OUTBOUND -p tcp --dport 443 -j RETURN
-
+              -A PROXY_OUTBOUND -p tcp --dport 8080 -j RETURN
 
               -A PROXY_OUTBOUND -d ${POD_IP}/32 -j RETURN
 
@@ -249,7 +249,7 @@ spec:
 
       containers:
         - name: studio
-          image: beclab/devbox-server:v0.1.46
+          image: beclab/studio-server:v0.1.50
           imagePullPolicy: IfNotPresent
           args:
             - server
@@ -271,7 +271,7 @@ spec:
             preStop:
               exec:
                 command:
-                  - "/devbox"
+                  - "/studio"
                   - "clean"
           env:
             - name: BASE_DIR
@@ -352,9 +352,9 @@ spec:
                 fieldRef:
                   fieldPath: status.podIP
             - name: APP_KEY
-              value: {{ .Values.os.appKey }}
+              value: {{ .Values.os.studio.appKey }}
             - name: APP_SECRET
-              value: {{ .Values.os.appSecret }}
+              value: {{ .Values.os.studio.appSecret }}
         - name: chartmuseum
           image: aboveos/helm-chartmuseum:v0.15.0
           args:
@@ -380,8 +380,8 @@ spec:
               cpu: "50m"
               memory: 100Mi
             limits:
-              cpu: "0.5"
-              memory: 256Mi
+              cpu: 1000m
+              memory: 512Mi
           volumeMounts:
             - name: storage-volume
               mountPath: /storage
@@ -448,7 +448,7 @@ data:
                                 prefix: "/"
                               route:
                                 cluster: original_dst
-                                timeout: 180s
+                                timeout: 1800s
                     http_protocol_options:
                       accept_http_10: true
                     http_filters:
@@ -469,7 +469,7 @@ data:
                 - name: envoy.filters.network.http_connection_manager
                   typed_config:
                     "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
-                    stat_prefix: devbox_out_http
+                    stat_prefix: studio_out_http
                     skip_xff_append: false
                     codec_type: AUTO
                     route_config:
@@ -483,7 +483,7 @@ data:
                               request_headers_to_add:
                                 - header:
                                     key: X-App-Key
-                                    value: {{ .Values.os.appKey }}
+                                    value: {{ .Values.os.studio.appKey }}
                               route:
                                 cluster: system-server
                                 prefix_rewrite: /system-server/v2/legacy_api/api.intent/v2/server/intent/send
@@ -491,7 +491,7 @@ data:
                                 prefix: "/"
                               route:
                                 cluster: original_dst
-                                timeout: 180s
+                                timeout: 1800s
                               typed_per_filter_config:
                                 envoy.filters.http.lua:
                                   "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute

apps/studio/config/user/helm-charts/studio/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   nodeport: 30883
   nodeport_ingress_http: 30083
@@ -36,9 +35,8 @@ os:
   search:
     appKey: '${ks[0]}'
     appSecret: test
-  search2:
+  studio:
     appKey: '${ks[0]}'
     appSecret: test
 kubesphere:
   redis_password: ""
-

apps/system-apps/config/user/helm-charts/monitoring/templates/system-frontend.yaml

@@ -149,11 +149,11 @@ spec:
       labels:
         app: system-frontend
         io.bytetrade.app: "true"
-      # annotations:
-        # instrumentation.opentelemetry.io/inject-nodejs: "olares-instrumentation"
-        # instrumentation.opentelemetry.io/nodejs-container-names: "settings-server"    
-        # instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
-        # instrumentation.opentelemetry.io/inject-nginx-container-names: "system-frontend"    
+      annotations:
+        instrumentation.opentelemetry.io/inject-nodejs: "olares-instrumentation"
+        instrumentation.opentelemetry.io/nodejs-container-names: "settings-server"    
+        instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
+        instrumentation.opentelemetry.io/inject-nginx-container-names: "system-frontend"    
     spec:
       priorityClassName: "system-cluster-critical"
       initContainers:
@@ -208,7 +208,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: control-hub-init
-          image: beclab/admin-console-frontend-v1:v0.5.2
+          image: beclab/admin-console-frontend-v1:v0.5.8
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -220,7 +220,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: profile-editor-init
-          image: beclab/profile-editor:v0.2.1
+          image: beclab/profile-editor:v0.2.21
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -232,7 +232,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: profile-preview-init
-          image: beclab/profile-preview:v0.2.1
+          image: beclab/profile-preview:v0.2.21
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -244,7 +244,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: wise-init
-          image: beclab/wise:v1.3.44
+          image: beclab/wise:v1.3.55
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -256,7 +256,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: settings-init
-          image: beclab/settings:v0.2.17
+          image: beclab/settings:v1.3.62
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -268,7 +268,7 @@ spec:
             - mountPath: /www
               name: www-dir
         - name: studio-init
-          image: beclab/devbox:v0.2.2
+          image: beclab/studio:v0.2.11
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -305,7 +305,7 @@ spec:
             - -c
             - /etc/envoy/envoy.yaml
         - name: system-frontend
-          image: beclab/docker-nginx-headers-more:v0.1.0
+          image: eball/nginx-header-more:test-3
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 81
@@ -385,7 +385,7 @@ spec:
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
         - name: settings-server
-          image: beclab/settings-server:v0.2.17
+          image: beclab/settings-server:v0.2.22
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000
@@ -425,7 +425,7 @@ spec:
         - name: userspace-dir
           hostPath:
             type: Directory
-            path: {{ .Values.userspace.userData }}
+            path: '{{ .Values.userspace.userData }}'
         - name: terminus-sidecar-config
           configMap:
             name: sidecar-configs
@@ -437,7 +437,7 @@ spec:
         - name: wise-download-dir
           hostPath:
             type: Directory
-            path: {{ .Values.userspace.userData }}
+            path: '{{ .Values.userspace.userData }}'
         - name: system-frontend-nginx-config
           configMap:
             name: system-frontend-nginx-config
@@ -673,6 +673,16 @@ metadata:
   namespace: user-system-{{ .Values.bfl.username }}
 spec:
   callbacks:
+    - filters:
+        type:
+          - backup-state-event
+      op: Create
+      uri: /api/event/backup_state_event
+    - filters:
+        type:
+          - restore-state-event
+      op: Create
+      uri: /api/event/restore_state_event
     - filters:
         type:
           - app-installation-event
@@ -814,6 +824,10 @@ data:
         server anayltic2-server.os-system:3010;
     }
 
+    upstream HamiServer {
+        server hami-webui.kube-system:3000;
+    }
+
     server {
       listen 81;
       gzip off;
@@ -853,6 +867,11 @@ data:
       location /kapis {
         proxy_pass http://SettingsServer;
       }
+
+      location /hami/ {
+        proxy_pass http://HamiServer/;
+      }
+
     
       location /api/profile/init {
         proxy_pass http://127.0.0.1:3010;
@@ -1094,7 +1113,7 @@ data:
     }
   wise.conf: |-
     upstream KnowledgeServer {
-        server rss-svc:3010;
+        server rss-svc.os-system:3010;
     }
 
     upstream RSSServer {
@@ -1102,7 +1121,7 @@ data:
     }
 
     upstream ArgoworkflowsSever {
-        server argoworkflows-svc:2746;
+        server argoworkflows-svc.os-system:2746;
     }
 
     server {
@@ -1130,7 +1149,7 @@ data:
       }
 
       location /ws {
-        proxy_pass http://rss-svc:40010;
+        proxy_pass http://rss-svc.os-system:40010;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
@@ -1274,6 +1293,10 @@ data:
         server infisical-service:8080;
     }
 
+    upstream BackupServer {
+        server backup-server.os-system:8082;
+    }
+
     server {
         listen 86;
 
@@ -1331,6 +1354,31 @@ data:
             proxy_set_header X-Forwarded-Host $host;
         }
 
+        location /apis/backup {
+            proxy_pass http://backup-server.os-system:8082;
+           add_header Accept "application/json, text/plain, */*";
+           add_header Content-Type "application/json; charset=utf-8";
+        }
+
+        location /api/resources {
+           proxy_pass http://files-service.os-system:80;
+           # rewrite ^/server(.*)$ $1 break;
+
+           # Add original-request-related headers
+           proxy_set_header X-Real-IP $remote_addr;
+           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+           proxy_set_header X-Forwarded-Host $host;
+
+           add_header Accept-Ranges bytes;
+
+           client_body_timeout 600s;
+           client_max_body_size 4000M;
+           proxy_request_buffering off;
+           keepalive_timeout 750s;
+           proxy_read_timeout 600s;
+           proxy_send_timeout 600s;
+        }
+
         location /drive {
             proxy_pass http://127.0.0.1:8080;
 
@@ -1438,6 +1486,28 @@ data:
         proxy_set_header Accept-Encoding gzip;
         proxy_read_timeout 180;
       }
+      location /api/app-state {
+        proxy_pass http://studio-server:8080;
+        proxy_set_header            Host $http_host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Accept-Encoding gzip;
+        proxy_read_timeout 180;
+      }
+      location /api/app-status {
+        proxy_pass http://studio-server:8080;
+        proxy_set_header            Host $http_host;
+        proxy_set_header            X-real-ip $remote_addr;
+        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Accept-Encoding gzip;
+        proxy_read_timeout 180;
+      }
       location /api/list-my-containers {
         proxy_pass http://studio-server:8080;
         proxy_set_header            Host $http_host;

apps/system-apps/config/user/helm-charts/monitoring/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   nodeport: 30883
   nodeport_ingress_http: 30083
@@ -18,10 +17,10 @@ docs:
 desktop:
   nodeport: 30180
 os:
-  portfolio:
+  profile:
     appKey: '${ks[0]}'
     appSecret: test
-  vault:
+  studio:
     appKey: '${ks[0]}'
     appSecret: test
   desktop:
@@ -39,5 +38,11 @@ os:
   search2:
     appKey: '${ks[0]}'
     appSecret: test
+  settings:
+    appKey: '${ks[0]}'
+    appSecret: test
+  dashboard:
+    appKey: '${ks[0]}'
+    appSecret: test
 kubesphere:
-  redis_password: ""
+  redis_password: ""

apps/vault/config/cluster/deploy/vault_server_deploy.yaml

@@ -83,7 +83,7 @@ spec:
             value: os_system_vault
       containers:
       - name: vault-server
-        image: beclab/vault-server:v1.3.44
+        image: beclab/vault-server:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3000
@@ -114,7 +114,7 @@ spec:
         - name: vault-attach
           mountPath: /padloc/packages/server/attachments
       - name: vault-admin
-        image: beclab/vault-admin:v1.3.44
+        image: beclab/vault-admin:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010
@@ -135,11 +135,11 @@ spec:
       - name: vault-data
         hostPath:
           type: DirectoryOrCreate
-          path: {{ $vault_rootpath }}/data
+          path: '{{ $vault_rootpath }}/data'
       - name: vault-attach
         hostPath:
           type: DirectoryOrCreate
-          path: {{ $vault_rootpath }}/attachments
+          path: '{{ $vault_rootpath }}/attachments'
 ---
 apiVersion: v1
 kind: Service

apps/vault/config/user/helm-charts/vault/templates/vault_deploy.yaml

@@ -88,13 +88,13 @@ spec:
 
       containers:
       - name: vault-frontend
-        image: beclab/vault-frontend:v1.3.44
+        image: beclab/vault-frontend:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
       
       - name: notification-server
-        image: beclab/vault-notification:v1.3.44
+        image: beclab/vault-notification:v1.3.55
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 3010

apps/vault/config/user/helm-charts/vault/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   nodeport: 30883
   nodeport_ingress_http: 30083
@@ -40,4 +39,4 @@ os:
     appKey: '${ks[0]}'
     appSecret: test
 kubesphere:
-  redis_password: ""
+  redis_password: ""

apps/wizard/config/user/helm-charts/wizard/templates/wizard_deploy.yaml

@@ -61,7 +61,7 @@ spec:
 
       containers:
       - name: wizard
-        image: beclab/wizard:v0.5.12
+        image: beclab/wizard:v1.3.57
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80
@@ -132,7 +132,7 @@ spec:
       - name: userspace-dir
         hostPath:
           type: Directory
-          path: {{ .Values.userspace.userData }}
+          path: "{{ .Values.userspace.userData }}"
       # - name: terminus-sidecar-config
       #   configMap:
       #     name: sidecar-configs

apps/wizard/config/user/helm-charts/wizard/values.yaml

@@ -1,4 +1,3 @@
-
 bfl:
   username: 'test'
   url: 'test'

build/installer/install.ps1

@@ -48,7 +48,7 @@ if (-Not (Test-Path $CLI_PROGRAM_PATH)) {
   New-Item -Path $CLI_PROGRAM_PATH -ItemType Directory
 }
 
-$CLI_VERSION = "0.2.27"
+$CLI_VERSION = "0.2.35"
 $CLI_FILE = "olares-cli-v{0}_windows_{1}.tar.gz" -f $CLI_VERSION, $arch
 $CLI_URL = "{0}/{1}" -f $downloadUrl, $CLI_FILE
 $CLI_PATH = "{0}{1}" -f $CLI_PROGRAM_PATH, $CLI_FILE
@@ -82,6 +82,6 @@ if ($download -eq 1) {
 Start-Sleep -Seconds 3
 Write-Host ("Preparing to start the installation of Olares {0}. Depending on your network conditions, this process may take several minutes." -f $version)
 
-$command = "{0}\olares-cli.exe olares install --version {1}" -f $CLI_PROGRAM_PATH, $version
+$command = "{0}\olares-cli.exe install --version {1}" -f $CLI_PROGRAM_PATH, $version
 Start-Process cmd -ArgumentList '/k',$command -Wait -Verb RunAs
 

build/installer/install.sh

@@ -74,7 +74,7 @@ if [ -z ${cdn_url} ]; then
     cdn_url="https://dc3p1870nn3cj.cloudfront.net"
 fi
 
-CLI_VERSION="0.2.27"
+CLI_VERSION="0.2.35"
 CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
 if [[ x"$os_type" == x"Darwin" ]]; then
     CLI_FILE="olares-cli-v${CLI_VERSION}_darwin_${ARCH}.tar.gz"
@@ -137,7 +137,7 @@ else
             echo ""
         else
             echo "building local release ..."
-            $sh_c "$INSTALL_OLARES_CLI olares release $PARAMS $CDN"
+            $sh_c "$INSTALL_OLARES_CLI release $PARAMS $CDN"
             if [[ $? -ne 0 ]]; then
                 echo "error: failed to build local release"
                 exit 1
@@ -146,13 +146,13 @@ else
     else
         echo "running system prechecks ..."
         echo ""
-        $sh_c "$INSTALL_OLARES_CLI olares precheck $PARAMS"
+        $sh_c "$INSTALL_OLARES_CLI precheck $PARAMS"
         if [[ $? -ne 0 ]]; then
             exit 1
         fi
         echo "downloading installation wizard..."
         echo ""
-        $sh_c "$INSTALL_OLARES_CLI olares download wizard $PARAMS $KUBE_PARAM $CDN"
+        $sh_c "$INSTALL_OLARES_CLI download wizard $PARAMS $KUBE_PARAM $CDN"
         if [[ $? -ne 0 ]]; then
             echo "error: failed to download installation wizard"
             exit 1
@@ -161,7 +161,7 @@ else
 
     echo "downloading installation packages..."
     echo ""
-    $sh_c "$INSTALL_OLARES_CLI olares download component $PARAMS $KUBE_PARAM $CDN"
+    $sh_c "$INSTALL_OLARES_CLI download component $PARAMS $KUBE_PARAM $CDN"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to download installation packages"
         exit 1
@@ -173,7 +173,7 @@ else
     if [ x"$REGISTRY_MIRRORS" != x"" ]; then
         extra="--registry-mirrors $REGISTRY_MIRRORS"
     fi
-    $sh_c "$INSTALL_OLARES_CLI olares prepare $PARAMS $KUBE_PARAM $extra"
+    $sh_c "$INSTALL_OLARES_CLI prepare $PARAMS $KUBE_PARAM $extra"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to prepare installation environment"
         exit 1
@@ -198,7 +198,7 @@ if [[ "$JUICEFS" == "1" ]]; then
     else
         echo "checking storage config ..."
     fi
-    $sh_c "$INSTALL_OLARES_CLI olares install storage $PARAMS"
+    $sh_c "$INSTALL_OLARES_CLI install storage $PARAMS"
     if [[ $? -ne 0 ]]; then
       exit 1
     fi
@@ -221,7 +221,7 @@ if [[ -n "$ZRAM_SWAP_PRIORITY" ]]; then
 fi
 echo "installing Olares..."
 echo ""
-$sh_c "$INSTALL_OLARES_CLI olares install $PARAMS $KUBE_PARAM $fsflag $swapflag"
+$sh_c "$INSTALL_OLARES_CLI install $PARAMS $KUBE_PARAM $fsflag $swapflag"
 
 if [[ $? -ne 0 ]]; then
     echo "error: failed to install Olares"

build/installer/joincluster.sh

@@ -157,7 +157,7 @@ fi
 
 set_master_host_ssh_options
 
-CLI_VERSION="0.2.27"
+CLI_VERSION="0.2.35"
 CLI_FILE="olares-cli-v${CLI_VERSION}_linux_${ARCH}.tar.gz"
 
 if command_exists olares-cli && [[ "$(olares-cli -v | awk '{print $3}')" == "$CLI_VERSION" ]]; then
@@ -211,14 +211,14 @@ if [[ -f $BASE_DIR/.prepared ]]; then
 else
     echo "running system prechecks ..."
     echo ""
-    $sh_c "$INSTALL_OLARES_CLI olares precheck $PARAMS"
+    $sh_c "$INSTALL_OLARES_CLI precheck $PARAMS"
     if [[ $? -ne 0 ]]; then
         exit 1
     fi
 
     echo "downloading installation wizard..."
     echo ""
-    $sh_c "$INSTALL_OLARES_CLI olares download wizard $PARAMS $CDN"
+    $sh_c "$INSTALL_OLARES_CLI download wizard $PARAMS $CDN"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to download installation wizard"
         exit 1
@@ -226,7 +226,7 @@ else
 
     echo "downloading installation packages..."
     echo ""
-    $sh_c "$INSTALL_OLARES_CLI olares download component $PARAMS $CDN"
+    $sh_c "$INSTALL_OLARES_CLI download component $PARAMS $CDN"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to download installation packages"
         exit 1
@@ -238,7 +238,7 @@ else
     if [ x"$REGISTRY_MIRRORS" != x"" ]; then
         extra="--registry-mirrors $REGISTRY_MIRRORS"
     fi
-    $sh_c "$INSTALL_OLARES_CLI olares prepare $PARAMS $extra"
+    $sh_c "$INSTALL_OLARES_CLI prepare $PARAMS $extra"
     if [[ $? -ne 0 ]]; then
         echo "error: failed to prepare installation environment"
         exit 1

build/installer/upgrade_cmd.sh

@@ -146,7 +146,7 @@ function get_app_key_secret(){
 
 function get_app_settings(){
     local username=$1
-    local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "devbox" "profile" "agent" "files")
+    local apps=("vault" "desktop" "message" "wise" "search" "appstore" "notification" "dashboard" "settings" "studio" "profile" "agent" "files")
     for a in ${apps[@]};do
         ks=($(get_app_key_secret "$username" "$a"))
         echo '

build/installer/version.hint

@@ -1,2 +1,2 @@
 upgrade:
-  minVersion: 1.12.0-0000000
+  minVersion: 1.12.0-1

build/installer/wizard/config/account/templates/account.yaml

@@ -20,5 +20,7 @@ metadata:
 spec:
   email: "{{.Values.user.email}}"
   initialPassword: "{{ .Values.user.password }}"
+  groups:
+  - lldap_admin
 status:
   state: Active

build/installer/wizard/config/system/values.yaml

@@ -1,5 +1,3 @@
-
-
 kubesphere:
   redis_password: ""
 backup:

build/manifest/components

@@ -1,4 +1,4 @@
-olaresd-v1.12.0.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.12.0-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.12.0-linux-arm64.tar.gz,olaresd
+olaresd-v1.12.0-rc.10.tar.gz,pkg/components,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.12.0-rc.10-linux-amd64.tar.gz,https://dc3p1870nn3cj.cloudfront.net/olaresd-v1.12.0-rc.10-linux-arm64.tar.gz,olaresd
 socat-1.7.3.2.tar.gz,pkg/components,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,https://src.fedoraproject.org/lookaside/pkgs/socat/socat-1.7.3.2.tar.gz/sha512/540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972/socat-1.7.3.2.tar.gz,socat
 conntrack-tools-1.4.1.tar.gz,pkg/components,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,https://github.com/fqrouter/conntrack-tools/archive/refs/tags/conntrack-tools-1.4.1.tar.gz,conntrack-tools
 minio.RELEASE.2023-05-04T21-44-30Z,pkg/components,https://dl.min.io/server/minio/release/linux-amd64/archive/minio.RELEASE.2023-05-04T21-44-30Z,https://dl.min.io/server/minio/release/linux-arm64/archive/minio.RELEASE.2023-05-04T21-44-30Z,minio

build/manifest/images

@@ -1,5 +1,5 @@
-beclab/ks-apiserver:0.0.8
-beclab/ks-controller-manager:0.0.8
+beclab/ks-apiserver:0.0.11
+beclab/ks-controller-manager:0.0.11
 beclab/kube-state-metrics:v2.3.0-ext.1
 calico/cni:v3.29.2
 calico/kube-controllers:v3.29.2
@@ -18,7 +18,7 @@ kubesphere/prometheus-operator:v0.55.1
 openebs/linux-utils:3.3.0
 openebs/provisioner-localpv:3.3.0
 beclab/percona-server-mongodb-operator:1.15.2
-prom/node-exporter:v1.3.1
+beclab/node-exporter:0.0.1
 prom/prometheus:v2.34.0
 quay.io/argoproj/argocli:v3.5.0
 quay.io/argoproj/argoexec:v3.5.0
@@ -36,6 +36,12 @@ beclab/reverse-proxy:v0.1.8
 beclab/upgrade-job:0.1.7
 bytetrade/envoy:v1.25.11.1
 liangjw/kube-webhook-certgen:v1.1.1
-beclab/hami:v2.5.1
+beclab/hami:v2.5.2
 alpine:3.14
 mirrorgooglecontainers/defaultbackend-amd64:1.4
+projecthami/hami-webui-fe-oss:v1.0.5
+projecthami/hami-webui-be-oss:v1.0.5
+nvidia/dcgm-exporter:4.1.1-4.0.4-ubuntu22.04
+ghcr.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:v0.19.0-alpha
+bytetrade/autoinstrumentation-apache-httpd:1.0.4-fix
+ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs:0.40.0

build/manifest/pkgs

@@ -1,5 +1,5 @@
 cni-plugins-v1.6.2.tgz,pkg/cni/v1.6.2,https://github.com/containernetworking/plugins/releases/download/v1.6.2/cni-plugins-linux-amd64-v1.6.2.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.2/cni-plugins-linux-arm-v1.6.2.tgz,cni-plugins
-containerd-1.6.4.tar.gz,pkg/containerd/1.6.4,https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz,https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz,containerd
+containerd-1.6.36.tar.gz,pkg/containerd/1.6.36,https://github.com/containerd/containerd/releases/download/v1.6.36/containerd-1.6.36-linux-amd64.tar.gz,https://github.com/containerd/containerd/releases/download/v1.6.36/containerd-1.6.36-linux-arm64.tar.gz,containerd
 crictl-v1.32.0.tar.gz,pkg/crictl/v1.32.0,https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.32.0/crictl-v1.32.0-linux-amd64.tar.gz,https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.32.0/crictl-v1.32.0-linux-arm64.tar.gz,crictl
 etcd-v3.5.18.tar.gz,pkg/etcd/v3.5.18,https://github.com/coreos/etcd/releases/download/v3.5.18/etcd-v3.5.18-linux-amd64.tar.gz,https://github.com/coreos/etcd/releases/download/v3.5.18/etcd-v3.5.18-linux-arm64.tar.gz,etcd
 helm-v3.9.0.tar.gz,pkg/helm/v3.9.0,https://get.helm.sh/helm-v3.17.1-linux-amd64.tar.gz,https://get.helm.sh/helm-v3.17.1-linux-arm.tar.gz,helm

frameworks/GPU/config/gpu/hami/Chart.yaml

@@ -13,4 +13,3 @@ maintainers:
   - name: zhangxiao
     email: xiaozhang0210@hotmail.com
 appVersion: "2.5.0"
-

frameworks/GPU/config/gpu/hami/templates/_helpers.tpl

@@ -106,3 +106,167 @@ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 2 }}
 {{- define "strippedKubeVersion" -}}
 {{ regexReplaceAll "^(v[0-9]+\\.[0-9]+\\.[0-9]+)(.*)$" .Capabilities.KubeVersion.Version "$1" }}
 {{- end -}}
+
+
+{{- define "dcgm-exporter.name" -}}
+{{- .Values.dcgmExporter.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "dcgm-exporter.fullname" -}}
+{{- if .Values.dcgmExporter.fullnameOverride -}}
+{{- .Values.dcgmExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := .Values.dcgmExporter.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "hami-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "dcgm-exporter.namespace" -}}
+  {{- if .Values.dcgmExporter.namespaceOverride -}}
+    {{- .Values.dcgmExporter.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "dcgm-exporter.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "dcgm-exporter.labels" -}}
+helm.sh/chart: {{ include "dcgm-exporter.chart" . }}
+{{ include "dcgm-exporter.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "dcgm-exporter.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "dcgm-exporter.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "dcgm-exporter.serviceAccountName" -}}
+{{- if .Values.dcgmExporter.serviceAccount.create -}}
+    {{ default (include "dcgm-exporter.fullname" .) .Values.dcgmExporter.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.dcgmExporter.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Create the name of the tls secret to use
+*/}}
+{{- define "dcgm-exporter.tlsCertsSecretName" -}}
+{{- if .Values.dcgmExporter.tlsServerConfig.existingSecret -}}
+    {{- printf "%s" (tpl .Values.dcgmExporter.tlsServerConfig.existingSecret $) -}}
+{{- else -}}
+    {{ printf "%s-tls" (include "dcgm-exporter.fullname" .) }}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Create the name of the web-config configmap name to use
+*/}}
+{{- define "dcgm-exporter.webConfigConfigMap" -}}
+  {{ printf "%s-web-config.yml" (include "dcgm-exporter.fullname" .) }}
+{{- end -}}
+
+{{- define "hami-webui.name" -}}
+{{- .Values.webui.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "hami-webui.fullname" -}}
+{{- if .Values.webui.fullnameOverride }}
+{{- .Values.webui.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := .Values.webui.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "hami-%s" $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "hami-webui.namespace" -}}
+  {{- if .Values.webui.namespaceOverride -}}
+    {{- .Values.webui.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "hami-webui.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "hami-webui.labels" -}}
+helm.sh/chart: {{ include "hami-webui.chart" . }}
+{{ include "hami-webui.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "hami-webui.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "hami-webui.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "hami-webui.serviceAccountName" -}}
+{{- if .Values.webui.serviceAccount.create }}
+{{- default (include "hami-webui.fullname" .) .Values.webui.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.webui.serviceAccount.name }}
+{{- end }}
+{{- end }}

frameworks/GPU/config/gpu/hami/templates/dcgm-exporter/daemonset.yaml

@@ -0,0 +1,168 @@
+# Copyright (c) 2021, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "dcgm-exporter.fullname" . }}
+  namespace: {{ include "dcgm-exporter.namespace" . }}
+  labels:
+    {{- include "dcgm-exporter.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "dcgm-exporter"
+spec:
+  updateStrategy:
+    type: RollingUpdate
+    {{- with .Values.dcgmExporter.rollingUpdate }}
+    rollingUpdate:
+      maxUnavailable: {{ .maxUnavailable }}
+      maxSurge: {{ .maxSurge }}
+    {{- end }}
+  selector:
+    matchLabels:
+      {{- include "dcgm-exporter.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: "dcgm-exporter"
+  template:
+    metadata:
+      labels:
+        {{- include "dcgm-exporter.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: "dcgm-exporter"
+      {{- if .Values.dcgmExporter.podLabels }}
+        {{- toYaml .Values.podLabels | nindent 8 }}
+      {{- end }}
+      {{- if .Values.dcgmExporter.podAnnotations }}
+      annotations:
+        {{- toYaml .Values.dcgmExporter.podAnnotations | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- if .Values.dcgmExporter.runtimeClassName }}
+      runtimeClassName: {{ .Values.dcgmExporter.runtimeClassName }}
+      {{- end }}
+      priorityClassName: {{ .Values.dcgmExporter.priorityClassName | default "system-node-critical" }}
+      serviceAccountName: {{ include "dcgm-exporter.serviceAccountName" . }}
+      {{- if .Values.dcgmExporter.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- end }}
+      {{- if .Values.dcgmExporter.affinity }}
+      affinity:
+        {{- toYaml .Values.dcgmExporter.affinity | nindent 8 }}
+      {{- end }}
+      {{- if .Values.dcgmExporter.nodeSelector }}
+      nodeSelector:
+        {{- toYaml .Values.dcgmExporter.nodeSelector | nindent 8 }}
+      {{- end }}
+      {{- with .Values.dcgmExporter.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      volumes:
+      - name: "pod-gpu-resources"
+        hostPath:
+          path: '{{ .Values.dcgmExporter.kubeletPath }}'
+      {{- if and .Values.dcgmExporter.tlsServerConfig.enabled }}
+      - name: "tls"
+        secret:
+          secretName: {{ include "dcgm-exporter.tlsCertsSecretName" . }}
+          defaultMode: 0664
+      {{- end }}
+      {{- if or .Values.dcgmExporter.tlsServerConfig.enabled $.Values.dcgmExporter.basicAuth.users}}
+      - name: "web-config-yaml"
+        configMap:
+          name: {{ include "dcgm-exporter.webConfigConfigMap" . }}
+          defaultMode: 0664
+      {{- end }}
+      {{- range .Values.dcgmExporter.extraHostVolumes }}
+      - name: {{ .name | quote }}
+        hostPath:
+          path: {{ .hostPath | quote }}
+      {{- end }}
+      {{- with .Values.dcgmExporter.extraConfigMapVolumes }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      containers:
+      - name: exporter
+        securityContext:
+          {{- toYaml .Values.dcgmExporter.securityContext | nindent 10 }}
+        {{- if .Values.dcgmExporter.image.tag }}
+        image: "{{ .Values.dcgmExporter.image.repository }}:{{ .Values.dcgmExporter.image.tag }}"
+        {{- else }}
+        image: "{{ .Values.dcgmExporter.image.repository }}:{{ .Chart.AppVersion }}"
+        {{- end }}
+        imagePullPolicy: "{{ .Values.dcgmExporter.image.pullPolicy }}"
+        args:
+        {{- range $.Values.dcgmExporter.arguments }}
+        - {{ . }}
+        {{- end }}
+        env:
+        - name: "DCGM_EXPORTER_KUBERNETES"
+          value: "true"
+        - name: "DCGM_EXPORTER_LISTEN"
+          value: "{{ .Values.dcgmExporter.service.address }}"
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        {{- if or .Values.dcgmExporter.tlsServerConfig.enabled $.Values.dcgmExporter.basicAuth.users}}
+        - name: "DCGM_EXPORTER_WEB_CONFIG_FILE"
+          value: /etc/dcgm-exporter/web-config.yaml
+        {{- end }}
+        {{- if .Values.dcgmExporter.extraEnv }}
+        {{- toYaml .Values.dcgmExporter.extraEnv | nindent 8 }}
+        {{- end }}
+        ports:
+        - name: "metrics"
+          containerPort: {{ .Values.dcgmExporter.service.port }}
+        volumeMounts:
+        - name: "pod-gpu-resources"
+          readOnly: true
+          mountPath: "/var/lib/kubelet/pod-resources"
+        {{- if and .Values.dcgmExporter.tlsServerConfig.enabled }}
+        - name: "tls"
+          mountPath: /etc/dcgm-exporter/tls
+        {{- end }}
+        {{- if or .Values.dcgmExporter.tlsServerConfig.enabled $.Values.dcgmExporter.basicAuth.users}}
+        - name: "web-config-yaml"
+          mountPath: /etc/dcgm-exporter/web-config.yaml
+          subPath: web-config.yaml
+        {{- end }}
+        {{- if .Values.dcgmExporter.extraVolumeMounts }}
+        {{- toYaml .Values.dcgmExporter.extraVolumeMounts | nindent 8 }}
+        {{- end }}
+        livenessProbe:
+          {{- if not $.Values.dcgmExporter.basicAuth.users }}
+          httpGet:
+            path: /health
+            port: {{ .Values.dcgmExporter.service.port }}
+            scheme: {{ ternary "HTTPS" "HTTP" $.Values.dcgmExporter.tlsServerConfig.enabled }}
+          {{- else }}
+          tcpSocket:
+              port: {{ .Values.dcgmExporter.service.port }}
+          {{- end }}
+          initialDelaySeconds: 45
+          periodSeconds: 5
+        readinessProbe:
+          {{- if not $.Values.dcgmExporter.basicAuth.users }}
+          httpGet:
+            path: /health
+            port: {{ .Values.dcgmExporter.service.port }}
+            scheme: {{ ternary "HTTPS" "HTTP" $.Values.dcgmExporter.tlsServerConfig.enabled }}
+          {{- else }}
+          tcpSocket:
+              port: {{ .Values.dcgmExporter.service.port }}
+          {{- end }}
+          initialDelaySeconds: 45
+        {{- if .Values.dcgmExporter.resources }}
+        resources:
+          {{- toYaml .Values.dcgmExporter.resources | nindent 10 }}
+        {{- end }}

frameworks/GPU/config/gpu/hami/templates/dcgm-exporter/metrics-configmap.yaml

@@ -0,0 +1,96 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: exporter-metrics-config-map
+  namespace: {{ include "dcgm-exporter.namespace" . }}
+data:
+{{- if .Values.dcgmExporter.customMetrics }}
+  metrics: |
+{{- .Values.dcgmExporter.customMetrics | nindent 4 }}
+{{- else }}
+  metrics: |
+      # Format
+      # If line starts with a '#' it is considered a comment
+      # DCGM FIELD, Prometheus metric type, help message
+      
+      DCGM_FI_DRIVER_VERSION, label, Driver Version.
+
+      DCGM_FI_DEV_BRAND,  label, Device Brand.
+      
+      DCGM_FI_DEV_SERIAL, label, Device Serial Number.
+
+      # Clocks
+      DCGM_FI_DEV_SM_CLOCK,  gauge, SM clock frequency (in MHz).
+      DCGM_FI_DEV_MEM_CLOCK, gauge, Memory clock frequency (in MHz).
+      
+      # Temperature
+      DCGM_FI_DEV_MEMORY_TEMP, gauge, Memory temperature (in C).
+      DCGM_FI_DEV_GPU_TEMP,    gauge, GPU temperature (in C).
+      
+      # Power
+      DCGM_FI_DEV_POWER_USAGE,              gauge, Power draw (in W).
+      DCGM_FI_DEV_TOTAL_ENERGY_CONSUMPTION, counter, Total energy consumption since boot (in mJ).
+      
+      # PCIE
+      # DCGM_FI_PROF_PCIE_TX_BYTES,  counter, Total number of bytes transmitted through PCIe TX via NVML.
+      # DCGM_FI_PROF_PCIE_RX_BYTES,  counter, Total number of bytes received through PCIe RX via NVML.
+      DCGM_FI_DEV_PCIE_REPLAY_COUNTER, counter, Total number of PCIe retries.
+      
+      # Utilization (the sample period varies depending on the product)
+      DCGM_FI_DEV_GPU_UTIL,      gauge, GPU utilization (in %).
+      DCGM_FI_DEV_MEM_COPY_UTIL, gauge, Memory utilization (in %).
+      DCGM_FI_DEV_ENC_UTIL,      gauge, Encoder utilization (in %).
+      DCGM_FI_DEV_DEC_UTIL ,     gauge, Decoder utilization (in %).
+      
+      # Errors and violations
+      DCGM_FI_DEV_XID_ERRORS,            gauge,   Value of the last XID error encountered.
+      # DCGM_FI_DEV_POWER_VIOLATION,       counter, Throttling duration due to power constraints (in us).
+      # DCGM_FI_DEV_THERMAL_VIOLATION,     counter, Throttling duration due to thermal constraints (in us).
+      # DCGM_FI_DEV_SYNC_BOOST_VIOLATION,  counter, Throttling duration due to sync-boost constraints (in us).
+      # DCGM_FI_DEV_BOARD_LIMIT_VIOLATION, counter, Throttling duration due to board limit constraints (in us).
+      # DCGM_FI_DEV_LOW_UTIL_VIOLATION,    counter, Throttling duration due to low utilization (in us).
+      # DCGM_FI_DEV_RELIABILITY_VIOLATION, counter, Throttling duration due to reliability constraints (in us).
+      
+      # Memory usage
+      DCGM_FI_DEV_FB_FREE, gauge, Framebuffer memory free (in MiB).
+      DCGM_FI_DEV_FB_USED, gauge, Framebuffer memory used (in MiB).
+      
+      # ECC
+      # DCGM_FI_DEV_ECC_SBE_VOL_TOTAL, counter, Total number of single-bit volatile ECC errors.
+      # DCGM_FI_DEV_ECC_DBE_VOL_TOTAL, counter, Total number of double-bit volatile ECC errors.
+      # DCGM_FI_DEV_ECC_SBE_AGG_TOTAL, counter, Total number of single-bit persistent ECC errors.
+      # DCGM_FI_DEV_ECC_DBE_AGG_TOTAL, counter, Total number of double-bit persistent ECC errors.
+      
+      # Retired pages
+      # DCGM_FI_DEV_RETIRED_SBE,     counter, Total number of retired pages due to single-bit errors.
+      # DCGM_FI_DEV_RETIRED_DBE,     counter, Total number of retired pages due to double-bit errors.
+      # DCGM_FI_DEV_RETIRED_PENDING, counter, Total number of pages pending retirement.
+      
+      # NVLink
+      # DCGM_FI_DEV_NVLINK_CRC_FLIT_ERROR_COUNT_TOTAL, counter, Total number of NVLink flow-control CRC errors.
+      # DCGM_FI_DEV_NVLINK_CRC_DATA_ERROR_COUNT_TOTAL, counter, Total number of NVLink data CRC errors.
+      # DCGM_FI_DEV_NVLINK_REPLAY_ERROR_COUNT_TOTAL,   counter, Total number of NVLink retries.
+      # DCGM_FI_DEV_NVLINK_RECOVERY_ERROR_COUNT_TOTAL, counter, Total number of NVLink recovery errors.
+      DCGM_FI_DEV_NVLINK_BANDWIDTH_TOTAL,            counter, Total number of NVLink bandwidth counters for all lanes.
+      # DCGM_FI_DEV_NVLINK_BANDWIDTH_L0,               counter, The number of bytes of active NVLink rx or tx data including both header and payload.
+      
+      # VGPU License status
+      DCGM_FI_DEV_VGPU_LICENSE_STATUS, gauge, vGPU License status
+      
+      # Remapped rows
+      DCGM_FI_DEV_UNCORRECTABLE_REMAPPED_ROWS, counter, Number of remapped rows for uncorrectable errors
+      DCGM_FI_DEV_CORRECTABLE_REMAPPED_ROWS,   counter, Number of remapped rows for correctable errors
+      DCGM_FI_DEV_ROW_REMAP_FAILURE,           gauge,   Whether remapping of rows has failed
+      
+      # DCP metrics
+      DCGM_FI_PROF_GR_ENGINE_ACTIVE,   gauge, Ratio of time the graphics engine is active.
+      # DCGM_FI_PROF_SM_ACTIVE,          gauge, The ratio of cycles an SM has at least 1 warp assigned.
+      # DCGM_FI_PROF_SM_OCCUPANCY,       gauge, The ratio of number of warps resident on an SM.
+      DCGM_FI_PROF_PIPE_TENSOR_ACTIVE, gauge, Ratio of cycles the tensor (HMMA) pipe is active.
+      DCGM_FI_PROF_DRAM_ACTIVE,        gauge, Ratio of cycles the device memory interface is active sending or receiving data.
+      # DCGM_FI_PROF_PIPE_FP64_ACTIVE,   gauge, Ratio of cycles the fp64 pipes are active.
+      # DCGM_FI_PROF_PIPE_FP32_ACTIVE,   gauge, Ratio of cycles the fp32 pipes are active.
+      # DCGM_FI_PROF_PIPE_FP16_ACTIVE,   gauge, Ratio of cycles the fp16 pipes are active.
+      DCGM_FI_PROF_PCIE_TX_BYTES,      counter, The number of bytes of active pcie tx data including both header and payload.
+      DCGM_FI_PROF_PCIE_RX_BYTES,      counter, The number of bytes of active pcie rx data including both header and payload.
+{{- end }}

frameworks/GPU/config/gpu/hami/templates/dcgm-exporter/role.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: dcgm-exporter-read-cm
+  namespace: {{ include "dcgm-exporter.namespace" . }}
+  labels:
+    {{- include "dcgm-exporter.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "dcgm-exporter"
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  resourceNames: ["exporter-metrics-config-map"]
+  verbs: ["get"]

frameworks/GPU/config/gpu/hami/templates/dcgm-exporter/rolebinding.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "dcgm-exporter.fullname" . }}
+  namespace: {{ include "dcgm-exporter.namespace" . }}
+  labels:
+    {{- include "dcgm-exporter.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "dcgm-exporter"
+subjects:
+- kind: ServiceAccount
+  name: {{ include "dcgm-exporter.serviceAccountName" . }}
+  namespace: {{ include "dcgm-exporter.namespace" . }}
+roleRef:
+  kind: Role 
+  name: dcgm-exporter-read-cm
+  apiGroup: rbac.authorization.k8s.io

frameworks/GPU/config/gpu/hami/templates/dcgm-exporter/service-monitor.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.dcgmExporter.serviceMonitor.enabled }}
+# Copyright (c) 2021, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: {{ .Values.dcgmExporter.serviceMonitor.apiVersion }}
+kind: ServiceMonitor
+metadata:
+  name: {{ include "dcgm-exporter.fullname" . }}
+  namespace: kubesphere-monitoring-system
+  labels:
+    {{- include "dcgm-exporter.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "dcgm-exporter"
+    {{- if .Values.dcgmExporter.serviceMonitor.additionalLabels }}
+    {{- toYaml .Values.dcgmExporter.serviceMonitor.additionalLabels | nindent 4 }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "dcgm-exporter.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: "dcgm-exporter"
+  namespaceSelector:
+    matchNames:
+    - "{{ include "dcgm-exporter.namespace" . }}"
+  endpoints:
+  - port: "metrics"
+    path: "/metrics"
+    interval: "{{ .Values.dcgmExporter.serviceMonitor.interval }}"
+    honorLabels: {{ .Values.dcgmExporter.serviceMonitor.honorLabels }}
+    relabelings:
+      {{ toYaml .Values.dcgmExporter.serviceMonitor.relabelings | nindent 6 }}
+{{- end -}}

frameworks/GPU/config/gpu/hami/templates/dcgm-exporter/service.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.dcgmExporter.service.enable }}
+# Copyright (c) 2021, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "dcgm-exporter.fullname" . }}
+  namespace: {{ include "dcgm-exporter.namespace" . }}
+  labels:
+    {{- include "dcgm-exporter.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "dcgm-exporter"
+  {{- with .Values.dcgmExporter.service.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.dcgmExporter.service.type }}
+  {{- if .Values.dcgmExporter.service.clusterIP }}
+  clusterIP: {{ .Values.dcgmExporter.service.clusterIP | quote }}
+  {{- end }}
+  ports:
+  - name: "metrics"
+    port: {{ .Values.dcgmExporter.service.port }}
+    targetPort: {{ .Values.dcgmExporter.service.port }}
+    protocol: TCP
+  selector:
+    {{- include "dcgm-exporter.selectorLabels" . | nindent 4 }}
+{{- end }}

frameworks/GPU/config/gpu/hami/templates/dcgm-exporter/serviceaccount.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.dcgmExporter.serviceAccount.create -}}
+# Copyright (c) 2021, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "dcgm-exporter.serviceAccountName" . }}
+  namespace: {{ include "dcgm-exporter.namespace" . }}
+  labels:
+    {{- include "dcgm-exporter.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "dcgm-exporter"
+  {{- with .Values.dcgmExporter.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

frameworks/GPU/config/gpu/hami/templates/dcgm-exporter/tls-secret.yaml

@@ -0,0 +1,43 @@
+# Copyright (c) 2024, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+{{- if and .Values.dcgmExporter.tlsServerConfig.enabled (not .Values.dcgmExporter.tlsServerConfig.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ (include "dcgm-exporter.tlsCertsSecretName" .) }}
+  namespace: {{ include "dcgm-exporter.namespace" . }}
+  labels:
+    app.kubernetes.io/component: "dcgm-exporter"
+    {{- include "dcgm-exporter.labels" . | nindent 4 }}
+type: Opaque
+data:
+  {{- if .Values.dcgmExporter.tlsServerConfig.autoGenerated }}
+  {{- $ca := genCA "dcgm-exporter-ca" 3650 }}
+  {{- $hostname := printf "%s" (include "dcgm-exporter.fullname" .) }}
+  {{- $cert := genSignedCert $hostname nil (list $hostname) 3650 $ca }}
+  {{ .Values.dcgmExporter.tlsServerConfig.certFilename }}: {{ $cert.Cert | b64enc | quote }}
+  {{ .Values.dcgmExporter.tlsServerConfig.keyFilename }}: {{ $cert.Key | b64enc | quote }}
+  {{- if .Values.dcgmExporter.tlsServerConfig.clientAuthType }}
+  {{ .Values.dcgmExporter.tlsServerConfig.caFilename }}: {{ $ca.Cert | b64enc | quote }}
+  {{- end }}
+  {{- else }}
+  {{ .Values.dcgmExporter.tlsServerConfig.certFilename }}: {{ required "'tlsServerConfig.cert' is required when 'tlsServerConfig.enabled=true'" .Values.dcgmExporter.tlsServerConfig.cert | b64enc | quote }}
+  {{ .Values.dcgmExporter.tlsServerConfig.keyFilename }}: {{ required "'tlsServerConfig.key' is required when 'tlsServerConfig.enabled=true'" .Values.dcgmExporter.tlsServerConfig.key | b64enc | quote }}
+  {{- if .Values.dcgmExporter.tlsServerConfig.clientAuthType }}
+  {{ .Values.dcgmExporter.tlsServerConfig.caFilename }}: {{ required "'tlsServerConfig.ca' is required when 'tlsServerConfig.clientAuthType' is provided" .Values.dcgmExporter.tlsServerConfig.ca | b64enc | quote }}
+  {{- end }}
+  {{- end }}
+{{- end }}

frameworks/GPU/config/gpu/hami/templates/dcgm-exporter/web-config-configmap.yaml

@@ -0,0 +1,40 @@
+# Copyright (c) 2024, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if or .Values.dcgmExporter.tlsServerConfig.enabled .Values.dcgmExporter.basicAuth.users }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "dcgm-exporter.webConfigConfigMap" . }}
+  namespace: {{ include "dcgm-exporter.namespace" . }}
+  labels:
+    app.kubernetes.io/component: "dcgm-exporter"
+    {{- include "dcgm-exporter.labels" . | nindent 4 }}
+data:
+  web-config.yaml: |
+{{- if .Values.dcgmExporter.tlsServerConfig.enabled }}
+    tls_server_config:
+       cert_file: {{ required "'tlsServerConfig.certFilename' is required when 'tlsServerConfig.enabled=true'" .Values.dcgmExporter.tlsServerConfig.certFilename | printf "/etc/dcgm-exporter/tls/%s" | quote }}
+       key_file: {{ required "'tlsServerConfig.keyFilename' is required when 'tlsServerConfig.enabled=true'" .Values.dcgmExporter.tlsServerConfig.keyFilename | printf "/etc/dcgm-exporter/tls/%s" | quote }}
+       {{- if .Values.dcgmExporter.tlsServerConfig.clientAuthType }}
+       client_auth_type: {{ .Values.dcgmExporter.tlsServerConfig.clientAuthType }}
+       client_ca_file: {{ required "'tlsServerConfig.caFilename' is required when 'tlsServerConfig.clientAuthType' is provided" .Values.dcgmExporter.tlsServerConfig.caFilename | printf "/etc/dcgm-exporter/tls/%s" | quote }}
+       {{- end }}
+{{- end }}
+{{- if .Values.dcgmExporter.basicAuth.users }}
+    basic_auth_users:
+      {{- range $user, $password := .Values.dcgmExporter.basicAuth.users }}
+      {{ $user }}: {{ (split ":" (htpasswd $user $password))._1 }}
+      {{- end }}
+{{- end }}
+{{- end }}

frameworks/GPU/config/gpu/hami/templates/device-plugin/daemonsetnvidia.yaml

@@ -112,12 +112,12 @@ spec:
             - name: NVIDIA_MIG_MONITOR_DEVICES
               value: all
             - name: HOOK_PATH
-              value: {{ .Values.global.gpuHookPath }}/vgpu
+              value: '{{ .Values.global.gpuHookPath }}/vgpu'
           resources:
           {{- toYaml .Values.devicePlugin.vgpuMonitor.resources | nindent 12 }}
           volumeMounts:
             - name: ctrs
-              mountPath: {{ .Values.devicePlugin.monitorctrPath }}
+              mountPath: '{{ .Values.devicePlugin.monitorctrPath }}'
             - name: dockers
               mountPath: /run/docker
             - name: containerds
@@ -131,7 +131,7 @@ spec:
       volumes:
         - name: ctrs
           hostPath:
-            path: {{ .Values.devicePlugin.monitorctrPath }}
+            path: '{{ .Values.devicePlugin.monitorctrPath }}'
         - name: hosttmp
           hostPath:
             path: /tmp
@@ -143,10 +143,10 @@ spec:
             path: /run/containerd
         - name: device-plugin
           hostPath:
-            path: {{ .Values.devicePlugin.pluginPath }}
+            path: '{{ .Values.devicePlugin.pluginPath }}'
         - name: lib
           hostPath:
-            path: {{ .Values.devicePlugin.libPath }}
+            path: '{{ .Values.devicePlugin.libPath }}'
         - name: usrbin
           hostPath:
             path: /usr/bin

frameworks/GPU/config/gpu/hami/templates/webui/configmap.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "hami-webui.fullname" . }}-config
+  namespace: {{ include "hami-webui.namespace" . }}
+data:
+  config.yaml: |
+    server:
+      http:
+        addr: 0.0.0.0:8000
+        timeout: 1s
+      grpc:
+        addr: 0.0.0.0:9000
+        timeout: 1s
+    prometheus:
+      address: {{ ternary .Values.webui.externalPrometheus.address (printf "http://%s-kube-prometh-prometheus.%s.svc.cluster.local:9090" (include "hami-webui.fullname" .) (include "hami-webui.namespace" .)) .Values.webui.externalPrometheus.enabled }}
+      timeout: 1m
+    node_selectors:
+    {{- range $key, $value := .Values.webui.vendorNodeSelectors }}
+      {{ $key }}: {{ $value }}
+    {{- end }}

frameworks/GPU/config/gpu/hami/templates/webui/deployment.yaml

@@ -0,0 +1,82 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "hami-webui.fullname" . }}
+  namespace: {{ include "hami-webui.namespace" . }}
+  labels:
+    {{- include "hami-webui.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "hami-webui"
+spec:
+  replicas: {{ .Values.webui.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "hami-webui.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: "hami-webui"
+  template:
+    metadata:
+      {{- with .Values.webui.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "hami-webui.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: "hami-webui"
+    spec:
+      serviceAccountName: {{ include "hami-webui.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.webui.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Release.Name }}-fe-oss
+          securityContext:
+            {{- toYaml .Values.webui.securityContext | nindent 12 }}
+          image: "{{ .Values.webui.image.frontend.repository }}:{{ .Values.webui.image.frontend.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.webui.image.frontend.pullPolicy }}
+          env:
+            {{- toYaml .Values.webui.env.frontend | nindent 12 }}
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+          command:
+            - "node"
+          args:
+            - "/apps/dist/main"
+          resources:
+            {{- toYaml .Values.webui.resources.frontend | nindent 12 }}
+        - name: {{ .Release.Name }}-be-oss
+          securityContext:
+                  {{- toYaml .Values.webui.securityContext | nindent 12 }}
+          image: "{{ .Values.webui.image.backend.repository }}:{{ .Values.webui.image.backend.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.webui.image.backend.pullPolicy }}
+          env:
+            {{- toYaml .Values.webui.env.backend | nindent 12 }}
+          ports:
+            - name: metrics
+              containerPort: 8000
+              protocol: TCP
+          command:
+            - "/apps/server"
+          args:
+            - "--conf"
+            - "/apps/config/config.yaml"
+          resources:
+            {{- toYaml .Values.webui.resources.backend | nindent 12 }}
+          volumeMounts:
+            - name: config
+              mountPath: /apps/config/
+      {{- with .Values.webui.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.webui.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "hami-webui.fullname" . }}-config

frameworks/GPU/config/gpu/hami/templates/webui/hamiservicemonitor.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.webui.hamiServiceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "hami-webui.fullname" . }}-hami-svc-monitor
+  namespace: kubesphere-monitoring-system
+  labels:
+    {{- include "hami-webui.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "hami-webui"
+    {{- if .Values.webui.hamiServiceMonitor.additionalLabels }}
+    {{- toYaml .Values.webui.hamiServiceMonitor.additionalLabels | nindent 4 }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: hami-device-plugin
+  namespaceSelector:
+    matchNames:
+      - "{{ .Values.webui.hamiServiceMonitor.svcNamespace }}"
+  endpoints:
+  - path: /metrics
+    port: monitorport
+    interval: "{{ .Values.webui.hamiServiceMonitor.interval }}"
+    honorLabels: {{ .Values.webui.hamiServiceMonitor.honorLabels }}
+    relabelings:
+      {{ toYaml .Values.webui.hamiServiceMonitor.relabelings | nindent 6 }}
+{{- end -}}

frameworks/GPU/config/gpu/hami/templates/webui/role.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: hami-webui-reader
+  namespace: {{ include "hami-webui.namespace" . }}
+  labels:
+    {{- include "hami-webui.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "hami-webui"
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "nodes" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: [ "get", "list", "watch" ]

frameworks/GPU/config/gpu/hami/templates/webui/rolebinding.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "hami-webui.fullname" . }}
+  namespace: {{ include "hami-webui.namespace" . }}
+  labels:
+    {{- include "hami-webui.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "hami-webui"
+subjects:
+- kind: ServiceAccount
+  name: {{ include "hami-webui.serviceAccountName" . }}
+  namespace: {{ include "hami-webui.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: hami-webui-reader
+  apiGroup: rbac.authorization.k8s.io

frameworks/GPU/config/gpu/hami/templates/webui/service.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "hami-webui.fullname" . }}
+  namespace: {{ include "hami-webui.namespace" . }}
+  labels:
+    {{- include "hami-webui.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "hami-webui"
+spec:
+  type: {{ .Values.webui.service.type }}
+  ports:
+    - port: {{ .Values.webui.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 8000
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+  selector:
+    {{- include "hami-webui.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: "hami-webui"

frameworks/GPU/config/gpu/hami/templates/webui/serviceaccount.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.webui.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "hami-webui.serviceAccountName" . }}
+  namespace: {{ include "hami-webui.namespace" . }}
+  labels:
+    {{- include "hami-webui.labels" . | nindent 4 }}
+    app.kubernetes.io/component: "hami-webui"
+  {{- with .Values.webui.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}