eliott/Olares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cc2a714283ccdf30d8a2d9a412c75e7a9a2e7b60
Olares/frameworks/bfl/config/launcher/templates/bfl_deploy.yaml
wiy 5632fa37a4 feat(settings): update settings support configuration sub-routes, ACL, and SSH, third-party domain (#1136) 
* feat(settings): add entrance endpoint url & fix WebSocket keep-alive

* feat: update settings system page support VPN config

* feat:  settings supports custom third-party domain

* feat: ts routes

---------

Co-authored-by: hys <hysyeah@gmail.com>
2025-03-28 21:30:10 +08:00

465 lines
13 KiB
YAML
Raw Blame History

{{ $userspace_pv_rootpath := printf "%s%s" .Values.rootPath "/rootfs/userspace" }}
{{ $appcache_pv_rootpath := printf "%s%s" .Values.rootPath "/userdata/Cache" }}
{{ $dbdata_pv_rootpath := printf "%s%s" .Values.rootPath "/userdata/dbdata" }}
{{ $userspace_rand16 := randAlphaNum 16 | lower }}
{{ if .Values.bfl.userspace_rand16 }}
{{ $userspace_rand16 = .Values.bfl.userspace_rand16 }}
{{ end }}
{{ $userspace_pv := printf "pv-userspace-%s-%s" .Values.bfl.username $userspace_rand16 }}
{{ $userspace_pvc := printf "pvc-userspace-%s-%s" .Values.bfl.username $userspace_rand16 }}
{{ $userspace_sc := printf "juicefs-localpath-userspace-%s" .Values.bfl.username -}}
{{ $userspace_storage := "50Gi" -}}
{{ $appcache_rand16 := randAlphaNum 16 | lower }}
{{ if .Values.bfl.appcache_rand16 }}
{{ $appcache_rand16 = .Values.bfl.appcache_rand16 }}
{{ end }}
{{ $appcache_pv := printf "pv-appcache-%s-%s" .Values.bfl.username $appcache_rand16 }}
{{ $appcache_pvc := printf "pvc-appcache-%s-%s" .Values.bfl.username $appcache_rand16 }}
{{ $appcache_sc := printf "hostpath-appcache-%s" .Values.bfl.username }}
{{ $appcache_storage := "50Gi" -}}
{{ $dbdata_rand16 := randAlphaNum 16 | lower }}
{{ if .Values.bfl.dbdata_rand16 }}
{{ $dbdata_rand16 = .Values.bfl.dbdata_rand16 }}
{{ end }}
{{ $dbdata_pv := printf "pv-dbdata-%s-%s" .Values.bfl.username $dbdata_rand16 }}
{{ $dbdata_pvc := printf "pvc-dbdata-%s-%s" .Values.bfl.username $dbdata_rand16 }}
{{ $dbdata_sc := printf "hostpath-dbdata-%s" .Values.bfl.username }}
{{ $dbdata_storage := "80Gi" -}}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ default $userspace_pv .Values.bfl.userspace_pv }}
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: {{ $userspace_storage }}
hostPath:
path: {{ $userspace_pv_rootpath }}/{{ default $userspace_pvc .Values.bfl.userspace_pvc }}
type: DirectoryOrCreate
persistentVolumeReclaimPolicy: Delete
volumeMode: Filesystem
storageClassName: {{ default $userspace_sc .Values.bfl.userspace_sc }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ default $userspace_pvc .Values.bfl.userspace_pvc }}
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ $userspace_storage }}
volumeMode: Filesystem
{{ if .Values.bfl.userspace_pv }}
volumeName: {{ .Values.bfl.userspace_pv }}
{{ end }}
storageClassName: {{ default $userspace_sc .Values.bfl.userspace_sc }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ default $appcache_pv .Values.bfl.appcache_pv }}
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: {{ $appcache_storage }}
hostPath:
path: {{ $appcache_pv_rootpath }}/{{ default $appcache_pvc .Values.bfl.appcache_pvc }}
type: DirectoryOrCreate
persistentVolumeReclaimPolicy: Delete
volumeMode: Filesystem
storageClassName: {{ default $appcache_sc .Values.bfl.appcache_sc }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ default $appcache_pvc .Values.bfl.appcache_pvc }}
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ $appcache_storage }}
volumeMode: Filesystem
{{ if .Values.bfl.appcache_pv }}
volumeName: {{ .Values.bfl.appcache_pv }}
{{ end }}
storageClassName: {{ default $appcache_sc .Values.bfl.appcache_sc }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ default $dbdata_pv .Values.bfl.dbdata_pv }}
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: {{ $dbdata_storage }}
hostPath:
path: {{ $dbdata_pv_rootpath }}/{{ default $dbdata_pvc .Values.bfl.dbdata_pvc }}
type: DirectoryOrCreate
persistentVolumeReclaimPolicy: Delete
volumeMode: Filesystem
storageClassName: {{ default $dbdata_sc .Values.bfl.dbdata_sc }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ default $dbdata_pvc .Values.bfl.dbdata_pvc }}
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ $dbdata_storage }}
{{ if .Values.bfl.dbdata_pv }}
volumeName: {{ .Values.bfl.dbdata_pv }}
{{ end }}
volumeMode: Filesystem
storageClassName: {{ default $dbdata_sc .Values.bfl.dbdata_sc }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bytetrade-controller
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Namespace }}:bytetrade-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: bytetrade-controller
namespace: {{ .Release.Namespace }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: bfl
namespace: {{ .Release.Namespace }}
labels:
tier: bfl
applications.app.bytetrade.io/author: bytetrade.io
annotations:
username: '{{ .Values.bfl.username }}'
userspace_rand16: {{ default $userspace_rand16 .Values.bfl.userspace_rand16 }}
userspace_pv: {{ default $userspace_pv .Values.bfl.userspace_pv }}
userspace_pvc: {{ default $userspace_pvc .Values.bfl.userspace_pvc }}
userspace_sc: {{ default $userspace_sc .Values.bfl.userspace_sc }}
userspace_hostpath: {{ $userspace_pv_rootpath }}/{{ default $userspace_pvc .Values.bfl.userspace_pvc }}
userspace_storage: {{ $userspace_storage }}
appcache_rand16: {{ default $appcache_rand16 .Values.bfl.appcache_rand16 }}
appcache_pv: {{ default $appcache_pv .Values.bfl.appcache_pv }}
appcache_pvc: {{ default $appcache_pvc .Values.bfl.appcache_pvc }}
appcache_sc: {{ default $appcache_sc .Values.bfl.appcache_sc }}
appcache_hostpath: {{ $appcache_pv_rootpath }}/{{ default $appcache_pvc .Values.bfl.appcache_pvc }}
appcache_storage: {{ $appcache_storage }}
dbdata_rand16: {{ default $dbdata_rand16 .Values.bfl.dbdata_rand16 }}
dbdata_pv: {{ default $dbdata_pv .Values.bfl.dbdata_pv }}
dbdata_pvc: {{ default $dbdata_pvc .Values.bfl.dbdata_pvc }}
dbdata_sc: {{ default $dbdata_sc .Values.bfl.dbdata_sc }}
dbdata_hostpath: {{ $dbdata_pv_rootpath }}/{{ default $dbdata_pvc .Values.bfl.dbdata_pvc }}
dbdata_storage: {{ $dbdata_storage }}
spec:
serviceName: bfl
replicas: 1
selector:
matchLabels:
tier: bfl
template:
metadata:
labels:
tier: bfl
spec:
{{ if .Values.bfl.admin_user }}
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: node-role.kubernetes.io/master
operator: Exists
weight: 10
{{ end }}
serviceAccountName: bytetrade-controller
priorityClassName: "system-cluster-critical"
initContainers:
- name: init-userspace
image: busybox:1.28
volumeMounts:
- name: userspace-dir
mountPath: /userspace
- name: appcache-dir
mountPath: /appdata
- name: dbdata-dir
mountPath: /dbdata
command:
- sh
- -c
- |
mkdir -p /userspace/Home/Documents && \
mkdir -p /userspace/Home/Downloads && \
mkdir -p /userspace/Home/Pictures && \
mkdir -p /userspace/Home/Movies && \
mkdir -p /userspace/Home/Music && \
mkdir -p /userspace/Home/Code && \
mkdir -p /userspace/Data && \
chown -R 1000:1000 /userspace/Home && \
chown -R 1000:1000 /userspace/Data && \
chown -R 1000:1000 /appdata
containers:
- name: api
image: beclab/bfl:v0.3.73
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 1000
volumeMounts:
- name: userspace-dir
mountPath: /userspace
- name: appcache-dir
mountPath: /appdata
command:
- /bfl-api
- -u
- '{{ .Values.bfl.username }}'
- --log-level
- debug
ports:
- containerPort: 8080
protocol: TCP
livenessProbe:
initialDelaySeconds: 3
tcpSocket:
port: 8080
env:
- name: APP_SERVICE_SERVICE_HOST
value: app-service.os-system
- name: APP_SERVICE_SERVICE_PORT
value: '6755'
- name: USER_DEFAULT_MEMORY_LIMIT
value: '3G'
- name: USER_DEFAULT_CPU_LIMIT
value: '1000m'
- name: BFL_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OS_SYSTEM_SERVER
value: system-server.user-system-{{ .Values.bfl.username }}
- name: OS_APP_SECRET
value: {{ .Values.bfl.appSecret }}
- name: OS_APP_KEY
value: {{ .Values.bfl.appKey }}
- name: BACKUP_SERVER
value: backup-server.os-system:8082
- name: L4_PROXY_IMAGE_VERSION
value: v0.2.8
- name: REVERSE_PROXY_AGENT_IMAGE_VERSION
value: v0.1.9
- name: TERMINUS_CERT_SERVICE_API
value: {{ .Values.bfl.terminus_cert_service_api }}
- name: TERMINUS_DNS_SERVICE_API
value: {{ .Values.bfl.terminus_dns_service_api }}
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: ingress
image: beclab/bfl-ingress:v0.2.23
imagePullPolicy: IfNotPresent
volumeMounts:
- name: ngxlog
mountPath: /var/log/nginx
command:
- /bfl-ingress
- -user
- '{{ .Values.bfl.username }}'
- -enable-nginx
- -bfl-svc
- bfl
env:
- name: AUTH_ENABLED
value: "true"
ports:
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
- containerPort: 8081
protocol: TCP
- containerPort: 8082
protocol: TCP
livenessProbe:
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 10
terminationGracePeriodSeconds: 3
httpGet:
port: 8082
path: /healthz
scheme: HTTP
volumes:
- name: ngxlog
emptyDir: {}
- name: userspace-dir
persistentVolumeClaim:
claimName: {{ default $userspace_pvc .Values.bfl.userspace_pvc }}
- name: appcache-dir
persistentVolumeClaim:
claimName: {{ default $appcache_pvc .Values.bfl.appcache_pvc }}
- name: dbdata-dir
persistentVolumeClaim:
claimName: {{ default $dbdata_pvc .Values.bfl.dbdata_pvc }}
---
apiVersion: v1
kind: Service
metadata:
name: bfl
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
ports:
- name: api
port: 80
targetPort: 8080
protocol: TCP
- name: ingress-http
port: 1080
targetPort: 80
protocol: TCP
- name: ingress-https
port: 443
targetPort: 443
protocol: TCP
selector:
tier: bfl
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ApplicationPermission
metadata:
name: bfl
namespace: user-system-{{ .Values.bfl.username }}
spec:
app: bfl
appid: bfl
key: {{ .Values.bfl.appKey }}
secret: {{ .Values.bfl.appSecret }}
permissions:
- dataType: event
group: message-disptahcer.system-server
ops:
- Create
version: v1
status:
state: active
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ProviderRegistry
metadata:
name: bfl-app-provider
namespace: user-system-{{ .Values.bfl.username }}
spec:
dataType: app
deployment: bfl
description: app store provider
endpoint: bfl.{{ .Release.Namespace }}
group: service.bfl
kind: provider
namespace: {{ .Release.Namespace }}
opApis:
- name: InstallDevApp
uri: /bfl/app_store/v1alpha1/applications/installdev
- name: UserApps
uri: /bfl/backend/v1/myapps
version: v1
status:
state: active
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ProviderRegistry
metadata:
name: bfl-datastore-provider
namespace: user-system-{{ .Values.bfl.username }}
spec:
dataType: datastore
deployment: bfl
description: data store provider
endpoint: bfl.{{ .Release.Namespace }}
group: service.bfl
kind: provider
namespace: {{ .Release.Namespace }}
opApis:
- name: GetKey
uri: /bfl/datastore/v1alpha1/get
- name: GetKeyPrefix
uri: /bfl/datastore/v1alpha1/get/prefix
- name: SetKey
uri: /bfl/datastore/v1alpha1/put
- name: DeleteKey
uri: /bfl/datastore/v1alpha1/delete
version: v1
status:
state: active
---
apiVersion: apr.bytetrade.io/v1alpha1
kind: SysEventRegistry
metadata:
name: bfl-backup-new-cb
namespace: {{ .Release.Namespace }}
spec:
type: subscriber
event: backup.new
callback: http://bfl.{{ .Release.Namespace }}/bfl/callback/v1alpha1/backup/new
---
apiVersion: apr.bytetrade.io/v1alpha1
kind: SysEventRegistry
metadata:
name: bfl-backup-finish-cb
namespace: {{ .Release.Namespace }}
spec:
type: subscriber
event: backup.finish
callback: http://bfl.{{ .Release.Namespace }}/bfl/callback/v1alpha1/backup/finish
Reference in New Issue View Git Blame Copy Permalink