feat(front): add front app build command and minio support

- Add new command "front" with flags for replica count and vendor
- Implement front app build logic in maker.AppFront method
- Add minio to make command list
- Add minio and minio-init images to image list
- Change EMQX dependency path to "dependency/emqx"
- Update app OEM logic to use model.GetVendor for vendor info
- Fix app OEM download and rename logic with updated vendor fields
- Modify nginx deployment manifest to allow configurable replicas
- Update user app mysql address to mysql-cluster-mysql-master.db-mysql:3306
- Add server_license_init.conf generation script for configmap upsert
- Clean and reformat imports across several files
- Remove unused package files for make.mysql.go, make.redis.go, make.longhorn.go

internal/cmd/make.go

@@ -58,6 +58,7 @@ func makeCmd() *cobra.Command {
 		makecmd.Redis(),
 		makecmd.ES(),
 		makecmd.EMQX(),
+		makecmd.Minio(),
 		makecmd.Yosguard(),
 		makecmd.LessDNS(),
 		makecmd.HSNet(),

internal/cmd/make.longhorn.go

@@ -1 +0,0 @@
-package cmd

internal/cmd/make.mysql.go

@@ -1 +0,0 @@
-package cmd

internal/cmd/make.redis.go

@@ -1 +0,0 @@
-package cmd

internal/cmd/makecmd/app.go

@@ -18,6 +18,7 @@ func App() *cobra.Command {
 		appGateway(),
 		appMie(),
 		appOEM(),
+		appFront(),
 		appNginx(),
 	)
 
@@ -121,6 +122,27 @@ func appOEM() *cobra.Command {
 	return _cmd
 }
 
+func appFront() *cobra.Command {
+	var (
+		replica int
+		vendor  string
+	)
+
+	_cmd := &cobra.Command{
+		Use:   "front",
+		Short: "Make Front App",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			mk := maker.NewMaker(opt.Cfg.Make.Dir)
+			return mk.AppFront(cmd.Context(), vendor, replica)
+		},
+	}
+
+	_cmd.Flags().IntVar(&replica, "replica-count", 2, "Replica count")
+	_cmd.Flags().StringVar(&vendor, "vendor", "standard", "Vendor name")
+
+	return _cmd
+}
+
 func appNginx() *cobra.Command {
 	var (
 		replica        int

internal/cmd/makecmd/minio.go

@@ -0,0 +1,28 @@
+package makecmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+	"yizhisec.com/hsv2/forge/internal/controller/maker"
+	"yizhisec.com/hsv2/forge/internal/opt"
+)
+
+func Minio() *cobra.Command {
+	var (
+		storage int
+	)
+
+	_cmd := &cobra.Command{
+		Use:   "minio",
+		Short: "Make Minio",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			mk := maker.NewMaker(opt.Cfg.Make.Dir)
+			return mk.Minio(cmd.Context(), fmt.Sprintf("%dGi", storage))
+		},
+	}
+
+	_cmd.Flags().IntVar(&storage, "storage-size", 100, "Storage size(GB)")
+
+	return _cmd
+}

internal/controller/maker/app.front.go

@@ -0,0 +1,73 @@
+package maker
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/model"
+	"yizhisec.com/hsv2/forge/pkg/resource"
+)
+
+func (m *maker) AppFront(ctx context.Context, vendor string, replica int) error {
+	var (
+		err      error
+		location = filepath.Join(m.workdir, "app", "front")
+		bs       []byte
+		_vendor  = model.GetVendor(vendor)
+	)
+
+	logger.Info("☑️ maker.Front: 开始构建 front app..., workdir = %s", location)
+
+	if _vendor == nil {
+		logger.Debug("❌ maker.Front: vendor not supported, vendor = %s", vendor)
+		return fmt.Errorf("vendor not supported: %s", vendor)
+	}
+
+	if err = os.MkdirAll(location, 0755); err != nil {
+		logger.Debug("❌ maker.Front: 创建目录失败: path = %s, err = %v", location, err)
+		return err
+	}
+
+	path := filepath.Join(location, "front.user.yaml")
+	logger.Debug("☑️ maker.Front: writing front.user.yaml, path = %s", path)
+	bs = []byte(fmt.Sprintf(resource.YAMLAppFrontUser, replica))
+	if err = os.WriteFile(path, bs, 0644); err != nil {
+		logger.Debug("❌ maker.Front: 写入 front.user.yaml 失败: path = %s, err = %v", path, err)
+		return err
+	}
+	logger.Debug("✅ maker.Front: write front.user.yaml success, path = %s", path)
+
+	path = filepath.Join(location, "front.admin.yaml")
+	logger.Debug("☑️ maker.Front: writing front.admin.yaml, path = %s", path)
+	bs = []byte(fmt.Sprintf(resource.YAMLAppFrontAdmin, replica))
+	if err = os.WriteFile(path, bs, 0644); err != nil {
+		logger.Debug("❌ maker.Front: 写入 front.admin.yaml 失败: path = %s, err = %v", path, err)
+		return err
+	}
+	logger.Debug("✅ maker.Front: write front.admin.yaml success, path = %s", path)
+
+	// todo, pull front images
+	// 1. make image dir
+	imgDir := filepath.Join(m.workdir, "dependency", "image")
+	if err = os.MkdirAll(imgDir, 0755); err != nil {
+		logger.Debug("❌ maker.Front: 创建目录失败: path = %s, err = %v", imgDir, err)
+		return err
+	}
+
+	logger.Debug("☑️ maker.Front: pulling front images, vendor = %s", vendor)
+	if err = m.Image(ctx, _vendor.AppFrontUserImageName, WithImageSave(filepath.Join(imgDir, "app.front.user.tar")), WithImageForcePull(true)); err != nil {
+		logger.Debug("❌ maker.Front: 拉取 front 用户镜像失败: %s, err = %v", _vendor.AppFrontUserImageName, err)
+		return err
+	}
+	if err = m.Image(ctx, _vendor.AppFrontAdminImageName, WithImageSave(filepath.Join(imgDir, "app.front.admin.tar")), WithImageForcePull(true)); err != nil {
+		logger.Debug("❌ maker.Front: 拉取 front 管理镜像失败: %s, err = %v", _vendor.AppFrontAdminImageName, err)
+		return err
+	}
+
+	logger.Info("✅ maker.Front: 构建 front app 完成")
+
+	return nil
+}

internal/controller/maker/app.nginx.go

@@ -59,7 +59,7 @@ kubectl create configmap ssl-client-server-key --namespace hsv2 --from-file=clie
 kubectl create configmap ssl-web-server-crt --namespace hsv2 --from-file=web.server.crt=./ssl/web.server.crt --dry-run=client -o yaml | kubectl apply -f -
 kubectl create configmap ssl-web-server-key --namespace hsv2 --from-file=web.server.key=./ssl/web.server.key --dry-run=client -o yaml | kubectl apply -f -
 
-kubectl apply -f deployment.yaml
+kubectl apply -f nginx.yaml
 kubectl rollout restart deployment nginx-deployment -n hsv2`
 	)
 	var (

internal/controller/maker/app.oem.go

@@ -8,8 +8,8 @@ import (
 	"path/filepath"
 
 	"gitea.loveuer.com/yizhisec/pkg3/logger"
-	"github.com/samber/lo"
 	"yizhisec.com/hsv2/forge/pkg/archiver"
+	"yizhisec.com/hsv2/forge/pkg/model"
 	"yizhisec.com/hsv2/forge/pkg/resource"
 )
 
@@ -54,30 +54,17 @@ COPY nginx.conf /etc/nginx/nginx.conf
 CMD ["nginx", "-g", "daemon off;"]`
 		_image = "hub.yizhisec.com/hybridscope/v2/oem-%s:latest"
 	)
-	type Vendor struct {
-		URL string
-		Dir string
-	}
 	var (
-		vendorURLMap = map[string]*Vendor{
-			"standard":    &Vendor{URL: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem.tar.gz", Dir: "oem"},
-			"elink":       &Vendor{URL: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_csgElink.tar.gz", Dir: "oem_csgElink"},
-			"noah":        &Vendor{URL: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_noah.tar.gz", Dir: "oem_noah"},
-			"heishuimeng": &Vendor{URL: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_heishuimeng.tar.gz", Dir: "oem_heishuimeng"},
-		}
 		err     error
-		_vendor *Vendor
+		_vendor = model.GetVendor(vendor)
-		ok      bool
 		workdir = filepath.Join(m.workdir, "app", "oem")
 		output  []byte
 	)
 
 	logger.Info("☑️ maker.AppOEM: 开始构建 oem[%s], workdir = %s", vendor, workdir)
 
-	if _vendor, ok = vendorURLMap[vendor]; !ok {
+	if _vendor == nil {
-		supported := lo.MapToSlice(vendorURLMap, func(key string, _ *Vendor) string {
+		supported := model.GetVendorNames()
-			return key
-		})
 		logger.Debug("❌ maker.AppOEM: vendor not supported, 支持的 vendor 有: %v", supported)
 		return fmt.Errorf("请检查 vendor 是否正确, 支持的 vendor 有: %v", supported)
 	}
@@ -91,13 +78,13 @@ CMD ["nginx", "-g", "daemon off;"]`
 
 	// 2. download oem.tar.gz
 	logger.Debug("☑️ maker.AppOEM: 开始下载 oem[%s] url = %s", vendor, _vendor)
-	if err = archiver.DownloadAndExtract(ctx, _vendor.URL, workdir); err != nil {
+	if err = archiver.DownloadAndExtract(ctx, _vendor.OEMUrl, workdir); err != nil {
-		logger.Debug("❌ maker.AppOEM: oem[%s] tar 下载失败, url = %s, err = %v", vendor, _vendor.URL, err)
+		logger.Debug("❌ maker.AppOEM: oem[%s] tar 下载失败, url = %s, err = %v", vendor, _vendor.OEMUrl, err)
 		return err
 	}
-	if _vendor.Dir != "oem" {
+	if _vendor.OEMDir != "oem" {
 		if err = os.Rename(
-			filepath.Join(workdir, _vendor.Dir),
+			filepath.Join(workdir, _vendor.OEMDir),
 			filepath.Join(workdir, "oem"),
 		); err != nil {
 			logger.Debug("❌ maker.AppOEM: oem[%s] tar 重命名失败, err = %v", vendor, err)

internal/controller/maker/app.user.go

@@ -19,7 +19,7 @@ Database:
   IPDB:
     Path: /etc/hs_user_management/ipdb/ip.ipdb
   Mysql:
-    Address: mysql.db-mysql:3306
+    Address: mysql-cluster-mysql-master.db-mysql:3306
     DBName: mie
     Password: L0hMysql.
     UserName: root

internal/controller/maker/configmap.go

@@ -1,17 +1,17 @@
 package maker
 
 import (
-    "context"
+	"context"
-    "fmt"
+	"fmt"
-    "os"
+	"os"
-    "path/filepath"
+	"path/filepath"
-    "strings"
+	"strings"
 
-    "gitea.loveuer.com/yizhisec/pkg3/logger"
+	"gitea.loveuer.com/yizhisec/pkg3/logger"
-    "github.com/samber/lo"
+	"github.com/samber/lo"
-    "yizhisec.com/hsv2/forge/pkg/downloader"
+	"yizhisec.com/hsv2/forge/pkg/downloader"
-    "yizhisec.com/hsv2/forge/pkg/extractor"
+	"yizhisec.com/hsv2/forge/pkg/extractor"
-    "yizhisec.com/hsv2/forge/pkg/tool/random"
+	"yizhisec.com/hsv2/forge/pkg/tool/random"
 )
 
 type ConfigMapOpt func(*configMapOpt)
@@ -85,6 +85,11 @@ EEuYRYXDouPJ1F//rYraSoJ4mtaipB6z1A==
 -----END EC PRIVATE KEY-----`
 		upsert = `#!/bin/bash
 
+# Generate server_license_init.conf
+uuid=$(cat /proc/sys/kernel/random/uuid)
+now=$(date +%s)
+echo "{\"uuid\": \"$uuid\", \"install_time\": $now}" > ./server_license_init.conf
+
 kubectl create configmap config-token --namespace hsv2 --from-file=token=./token --dry-run=client -o yaml | kubectl apply -f -
 kubectl create configmap config-license-init --namespace hsv2 --from-file=server_license_init.conf=./server_license_init.conf --dry-run=client -o yaml | kubectl apply -f -
 kubectl create configmap config-oem-data --namespace hsv2 --from-file=data.json=./oem_data.json --dry-run=client -o yaml | kubectl apply -f -
@@ -100,7 +105,7 @@ kubectl create configmap ssl-web-crt --namespace hsv2 --from-file=web.server.crt
 
 	var (
 		err          error
-    dir          = filepath.Join(m.workdir, "configmap")
+		dir          = filepath.Join(m.workdir, "configmap")
 		vendorUrlMap = map[string]string{
 			"standard": "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem.tar.gz",
 			"elink":    "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_csgElink.tar.gz",

internal/controller/maker/emqx.go

@@ -12,7 +12,7 @@ import (
 func (m *maker) EMQX(ctx context.Context) error {
 	var (
 		err      error
-		location = filepath.Join(m.workdir, "emqx")
+		location = filepath.Join(m.workdir, "dependency", "emqx")
 	)
 
 	logger.Info("☑️ maker.EMQX: 开始构建 emqx(mqtt) 依赖...")

internal/controller/maker/image.go

@@ -148,8 +148,9 @@ func (m *maker) Images(ctx context.Context) error {
 		{Name: "hub.yizhisec.com/external/kibana:7.17.28", Fallback: "", Save: "kibana.7.17.28.tar"},
 		{Name: "hub.yizhisec.com/external/emqx:5.1", Fallback: "", Save: "emqx.5.1.tar"},
 
-		{Name: "hub.yizhisec.com/build/hybirdscope/front/admin:latest", Fallback: "", Save: "app.front.admin.tar", Force: true},
+		{Name: "hub.yizhisec.com/hybridscope/v3/minio-init:latest", Fallback: "", Save: "dep.minio-init.tar"},
-		{Name: "hub.yizhisec.com/hybridscope/v2/front-user:latest", Fallback: "", Save: "app.front.user.tar", Force: true},
+		{Name: "hub.yizhisec.com/external/minio:RELEASE.2025-03-12T18-04-18Z", Fallback: "", Save: "dep.minio.tar"},
+
 		{Name: "hub.yizhisec.com/hybridscope/user_management:latest", Fallback: "", Save: "app.user.tar", Force: true},
 		{Name: "hub.yizhisec.com/hybridscope/gateway_controller:latest", Fallback: "", Save: "app.gateway.tar", Force: true},
 		{Name: "hub.yizhisec.com/hybridscope/client_server:latest", Fallback: "", Save: "app.client.tar", Force: true},

internal/controller/maker/minio.go

@@ -0,0 +1,41 @@
+package maker
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"gitea.loveuer.com/yizhisec/pkg3/logger"
+	"yizhisec.com/hsv2/forge/pkg/resource"
+)
+
+// todo, remake minio-init image
+func (m *maker) Minio(ctx context.Context, storage string) error {
+	var (
+		err     error
+		workdir = filepath.Join(m.workdir, "dependency", "minio")
+	)
+
+	logger.Info("☑️ maker.Minio: 开始构建 minio 依赖, workdir = %s", workdir)
+
+	logger.Debug("☑️ maker.Minio: 构建工作目录, workdir = %s", workdir)
+	if err = os.MkdirAll(workdir, 0755); err != nil {
+		logger.Debug("❌ maker.Minio: 创建工作目录失败, workdir = %s, err = %v", workdir, err)
+		return err
+	}
+	logger.Debug("✅ maker.Minio: 创建工作目录成功, workdir = %s", workdir)
+
+	filename := filepath.Join(workdir, "minio.yaml")
+	logger.Debug("☑️ maker.Minio: 准备资源文件, filename = %s, storage = %s", filename, storage)
+	bs := []byte(fmt.Sprintf(resource.YAMLMinIO, storage))
+	if err = os.WriteFile(filename, bs, 0644); err != nil {
+		logger.Debug("❌ maker.Minio: 写入资源文件失败, filename = %s, err = %v", filename, err)
+		return err
+	}
+	logger.Debug("✅ maker.Minio: 准备资源文件成功, filename = %s", filename)
+
+	logger.Info("✅ maker.Minio: 构建 minio 依赖成功, workdir = %s", workdir)
+
+	return nil
+}

pkg/model/vendor.go

@@ -0,0 +1,58 @@
+package model
+
+type Vendor struct {
+	Name                   string
+	OEMUrl                 string
+	OEMDir                 string
+	AppFrontUserImageName  string
+	AppFrontAdminImageName string
+}
+
+var (
+	vendorMap = map[string]*Vendor{
+		"standard": &Vendor{
+			Name:                   "Standard",
+			OEMUrl:                 "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem.tar.gz",
+			OEMDir:                 "oem",
+			AppFrontUserImageName:  "hub.yizhisec.com/hybridscope/v2/front-user:latest",
+			AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest",
+		},
+		"elink": &Vendor{
+			Name:                   "elink",
+			OEMUrl:                 "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_csgElink.tar.gz",
+			OEMDir:                 "oem_csgElink",
+			AppFrontUserImageName:  "hub.yizhisec.com/hybridscope/v2/front-user-elink:latest",
+			AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest",
+		},
+		"noah": &Vendor{
+			Name:                   "noah",
+			OEMUrl:                 "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_noah.tar.gz",
+			OEMDir:                 "oem_noah",
+			AppFrontUserImageName:  "hub.yizhisec.com/hybridscope/v2/front-user:latest",
+			AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest",
+		},
+		"heishuimeng": &Vendor{
+			Name:                   "heishuimeng",
+			OEMUrl:                 "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_heishuimeng.tar.gz",
+			OEMDir:                 "oem_heishuimeng",
+			AppFrontUserImageName:  "hub.yizhisec.com/hybridscope/v2/front-user:latest",
+			AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest",
+		},
+	}
+)
+
+func GetVendor(name string) *Vendor {
+	if vendor, ok := vendorMap[name]; ok {
+		return vendor
+	}
+
+	return nil
+}
+
+func GetVendorNames() []string {
+	names := make([]string, 0, len(vendorMap))
+	for name := range vendorMap {
+		names = append(names, name)
+	}
+	return names
+}

pkg/resource/resource.go

@@ -20,6 +20,9 @@ var (
 	//go:embed yaml/emqx.yaml
 	YAMLEMQX []byte
 
+	//go:embed yaml/minio.yaml
+	YAMLMinIO string
+
 	//go:embed sql/yosguard.create.sql
 	SQLYosguard []byte
 
@@ -56,6 +59,12 @@ var (
 	//go:embed yaml/app.oem.yaml
 	YAMLAppOEM string
 
+	//go:embed yaml/app.front.user.yaml
+	YAMLAppFrontUser string
+
+	//go:embed yaml/app.front.admin.yaml
+	YAMLAppFrontAdmin string
+
 	//go:embed yaml/app.nginx.yaml
 	YAMLAppNGINX string
 

pkg/resource/yaml/app.front.admin.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: front-admin-deployment
+  namespace: hsv2
+spec:
+  replicas: %d
+  selector:
+    matchLabels:
+      app: front-admin
+  template:
+    metadata:
+      labels:
+        app: front-admin
+    spec:
+      topologySpreadConstraints:
+      - maxSkew: 1 
+        topologyKey: kubernetes.io/hostname 
+        whenUnsatisfiable: ScheduleAnyway 
+        labelSelector:
+          matchLabels:
+            app: front-admin
+      containers:
+      - name: front-admin
+        image: hub.yizhisec.com/build/hybirdscope/front/admin:latest
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: front-admin-service
+  namespace: hsv2
+spec:
+  selector:
+    app: front-admin
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+  type: ClusterIP

pkg/resource/yaml/app.front.user.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: front-user-deployment
+  namespace: hsv2
+spec:
+  replicas: %d
+  selector:
+    matchLabels:
+      app: front-user
+  template:
+    metadata:
+      labels:
+        app: front-user
+    spec:
+      topologySpreadConstraints:
+      - maxSkew: 1 
+        topologyKey: kubernetes.io/hostname 
+        whenUnsatisfiable: ScheduleAnyway 
+        labelSelector:
+          matchLabels:
+            app: front-user
+      containers:
+      - name: front-user
+        image: hub.yizhisec.com/hybridscope/v2/front-user:latest
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: front-user-service
+  namespace: hsv2
+spec:
+  selector:
+    app: front-user
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+  type: ClusterIP

pkg/resource/yaml/app.nginx.yaml

@@ -4,7 +4,7 @@ metadata:
   name: nginx-deployment
   namespace: hsv2
 spec:
-  replicas: 2
+  replicas: %d
   selector:
     matchLabels:
       app: nginx

pkg/resource/yaml/app.user.yaml

@@ -1,3 +1,4 @@
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: user-deployment

pkg/resource/yaml/minio.yaml

@@ -0,0 +1,184 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: db-minio
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: minio-init-job
+  namespace: db-minio
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: minio-init
+          image: hub.yizhisec.com/hybridscope/v3/minio-init:latest
+          command:
+            - /bin/sh
+            - -c
+          args:
+            - |
+              #!/bin/sh
+              set -e
+
+              # Function to add timestamp to log messages
+              log() {
+                echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
+              }
+
+              log "Starting MinIO initialization..."
+              log "Environment: MINIO_ROOT_USER=admin, MINIO_ROOT_PASSWORD=YizhiSEC@123"
+              log "Target MinIO endpoint: http://minio-service:9000"
+
+              # 等待 MinIO 服务就绪
+              log "Phase 1: Waiting for MinIO service to be ready..."
+              log "Checking network connectivity to minio-service:9000..."
+
+              # 首先等待服务可达
+              RETRY_COUNT=0
+              until timeout 10 nc -z minio-service 9000; do
+                RETRY_COUNT=$((RETRY_COUNT + 1))
+                log "Attempt $RETRY_COUNT: MinIO service is not reachable - sleeping 5 seconds..."
+                sleep 5
+              done
+
+              log "✓ Network connectivity to MinIO service established"
+              log "Phase 2: Waiting for MinIO API to respond..."
+
+              # 然后等待 MinIO API 响应
+              RETRY_COUNT=0
+              until mc alias set minio http://minio-service:9000 admin YizhiSEC@123; do
+                RETRY_COUNT=$((RETRY_COUNT + 1))
+                log "Attempt $RETRY_COUNT: MinIO API is not ready - sleeping 5 seconds..."
+                sleep 5
+              done
+
+              log "✓ MinIO API is ready and responding"
+
+              # 创建服务账户
+              log "Phase 3: Creating service account..."
+              if mc admin user svcacct add minio admin --access-key "pU3bsxic6LGNQbKLhsTf" --secret-key "GGmvLzY4IZUsV1taKA27YpTgN3ieES2DzCrKQe6p"; then
+                log "✓ User created successfully"
+              else
+                log "✗ Failed to create user"
+                exit 1
+              fi
+
+              # 创建存储桶
+              log "Phase 4: Creating storage buckets..."
+              log "Creating bucket: hsv2"
+
+              if mc mb minio/hsv2; then
+                log "✓ Bucket 'hsv2' created successfully"
+              else
+                log "ℹ Bucket 'hsv2' already exists or creation failed"
+              fi
+
+              # 上传 ipv4.ipdb 文件
+              log "Phase 5: Uploading ipv4.ipdb file..."
+              log "Checking if /data/ipv4.ipdb exists..."
+
+              if [ -f "/data/ipv4.ipdb" ]; then
+                log "✓ Found ipv4.ipdb file, uploading to hsv2 bucket..."
+                if mc cp /data/ipv4.ipdb minio/hsv2/db/ipv4.ipdb; then
+                  log "✓ Successfully uploaded ipv4.ipdb to hsv2/db/ipv4.ipdb"
+                else
+                  log "✗ Failed to upload ipv4.ipdb file"
+                  exit 1
+                fi
+              else
+                log "⚠ Warning: /data/ipv4.ipdb file not found, skipping upload"
+              fi
+
+              log "🎉 MinIO initialization completed successfully!"
+              log "Summary:"
+              log "  - MinIO service: Ready"
+              log "  - Service account: Created for API access"
+              log "  - Bucket 'hsv2': Available"
+              log "  - File 'db/ipv4.ipdb': Uploaded to hsv2 bucket"
+
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: minio
+  namespace: db-minio
+  labels:
+    app: minio
+spec:
+  serviceName: minio-service
+  replicas: 1
+  selector:
+    matchLabels:
+      app: minio
+  template:
+    metadata:
+      labels:
+        app: minio
+    spec:
+      containers:
+        - name: minio
+          image: hub.yizhisec.com/external/minio:RELEASE.2025-03-12T18-04-18Z
+          command:
+            - /bin/sh
+            - -c
+          args:
+            - minio server /data --console-address ":9001"
+          env:
+            - name: MINIO_ROOT_USER
+              value: "admin"
+            - name: MINIO_ROOT_PASSWORD
+              value: "YizhiSEC@123"
+          ports:
+            - containerPort: 9000
+              name: api
+            - containerPort: 9001
+              name: console
+          volumeMounts:
+            - name: minio-data
+              mountPath: /data
+          readinessProbe:
+            httpGet:
+              path: /minio/health/ready
+              port: 9001
+            initialDelaySeconds: 15
+            timeoutSeconds: 2
+          livenessProbe:
+            httpGet:
+              path: /minio/health/live
+              port: 9001
+            initialDelaySeconds: 30
+      volumes:
+        - name: minio-data
+          persistentVolumeClaim:
+            claimName: minio-data
+  volumeClaimTemplates:
+    - metadata:
+        name: minio-data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: longhorn
+        resources:
+          requests:
+            storage: %s
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: minio-service
+  namespace: db-minio
+spec:
+  type: ClusterIP
+  selector:
+    app: minio
+  ports:
+    - name: api
+      port: 9000
+      protocol: TCP
+      targetPort: api
+    - name: console
+      port: 9001
+      protocol: TCP
+      targetPort: console