yizhisec/forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 🏡 make apps

Browse Source
This commit is contained in:
zhaoyupeng
2025-11-26 16:17:38 +08:00
parent 1d3c159c00
commit 4ec58ce4e5
32 changed files with 1856 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
pkg/resource/app.client.yaml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: client-deployment
namespace: hsv2
spec:
replicas: %d
selector:
matchLabels:
app: client
template:
metadata:
labels:
app: client
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: client
containers:
- name: client
image: hub.yizhisec.com/hybridscope/client_server:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- name: ssl-pub-crt
mountPath: /etc/yizhisec/license/pub_key
subPath: pub_key
readOnly: true
- name: config-volume
mountPath: /etc/client_server/config.yml
subPath: config.yml
readOnly: true
volumes:
- name: ssl-pub-crt
configMap:
name: ssl-pub-crt
items:
- key: pub_key
path: pub_key
- name: config-volume
configMap:
name: config-client
items:
- key: config.yml
path: config.yml
---
apiVersion: v1
kind: Service
metadata:
name: client-service
namespace: hsv2
spec:
selector:
app: client
ports:
- protocol: TCP
name: web
port: 9129
targetPort: 9129
- protocol: TCP
name: web2
port: 9024
targetPort: 9024
- protocol: TCP
name: web-message
port: 9025
targetPort: 9025
type: ClusterIP

83
pkg/resource/app.gateway.yaml Normal file
View File

@@ -0,0 +1,83 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gateway-deployment
namespace: hsv2
spec:
replicas: %d
selector:
matchLabels:
app: gateway
template:
metadata:
labels:
app: gateway
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: gateway
containers:
- name: gateway
image: hub.yizhisec.com/hybridscope/gateway_controller:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- name: config-volume
mountPath: /etc/gateway_controller/config.yml
subPath: config.yml
readOnly: true
- name: config-token
mountPath: /etc/yizhisec/token
subPath: token
readOnly: true
- name: ssl-client-crt
mountPath: /yizhisec/ssl/client.crt
subPath: client.crt
readOnly: true
- name: ssl-client-key
mountPath: /yizhisec/ssl/client.key
subPath: client.key
readOnly: true
volumes:
- name: config-volume
configMap:
name: config-gateway
items:
- key: config.yml
path: config.yml
- name: config-token
configMap:
name: config-token
items:
- key: token
path: token
- name: ssl-client-crt
configMap:
name: ssl-client-crt
items:
- key: client.crt
path: client.crt
- name: ssl-client-key
configMap:
name: ssl-client-key
items:
- key: client.key
path: client.key
---
apiVersion: v1
kind: Service
metadata:
name: gateway-service
namespace: hsv2
spec:
selector:
app: gateway
ports:
- protocol: TCP
name: gateway-api
port: 9012
targetPort: 9012
type: ClusterIP

95
pkg/resource/app.mie.api.yaml Normal file
View File

@@ -0,0 +1,95 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-deployment
namespace: hsv2
spec:
replicas: %d
selector:
matchLabels:
app: api
template:
metadata:
labels:
app: api
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: api
containers:
- name: api
image: hub.yizhisec.com/hybridscope/mie-server:latest
imagePullPolicy: IfNotPresent
args: ["server.app", "--master", "--debug"]
volumeMounts:
- name: ssl-pub-crt
mountPath: /etc/mie-server/license/pub_key
subPath: pub_key
readOnly: true
- name: config-volume
mountPath: /yizhisec/web_server/conf/conf.yml
subPath: conf.yml
readOnly: true
- name: config-license-init
mountPath: /etc/mie-server/server_license_init.conf
subPath: server_license_init.conf
readOnly: true
- name: ssl-web-crt
mountPath: /yizhisec/hs_nginx/ssl/web.server.crt
subPath: web.server.crt
readOnly: true
- name: config-oem-data
mountPath: /yizhisec/hs_nginx/data/443/oem/data.json
subPath: data.json
readOnly: true
volumes:
- name: ssl-pub-crt
configMap:
name: ssl-pub-crt
items:
- key: pub_key
path: pub_key
- name: config-volume
configMap:
name: config-api
items:
- key: conf.yml
path: conf.yml
- name: config-license-init
configMap:
name: config-license-init
items:
- key: server_license_init.conf
path: server_license_init.conf
- name: ssl-web-crt
configMap:
name: ssl-web-crt
items:
- key: web.server.crt
path: web.server.crt
- name: config-oem-data
configMap:
name: config-oem-data
items:
- key: data.json
path: data.json
---
apiVersion: v1
kind: Service
metadata:
name: api-service
namespace: hsv2
spec:
selector:
app: api
ports:
- protocol: TCP
name: mie-api
port: 9002
targetPort: 9002
type: ClusterIP

32
pkg/resource/app.mie.cron.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-cron-deployment
namespace: hsv2
spec:
replicas: 1
selector:
matchLabels:
app: api-cron
template:
metadata:
labels:
app: api-cron
spec:
containers:
- name: api-cron
image: hub.yizhisec.com/hybridscope/mie-server:latest
imagePullPolicy: IfNotPresent
args: ["server.schedule"]
volumeMounts:
- name: config-volume
mountPath: /yizhisec/web_server/conf/conf.yml
subPath: conf.yml
readOnly: true
volumes:
- name: config-volume
configMap:
name: config-api
items:
- key: conf.yml
path: conf.yml

36
pkg/resource/app.mie.sweeper.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-sweeper-deployment
namespace: hsv2
spec:
replicas: 1
selector:
matchLabels:
app: api-sweeper
template:
metadata:
labels:
app: api-sweeper
spec:
containers:
- name: api-sweeper
image: hub.yizhisec.com/hybridscope/mie-server:latest
imagePullPolicy: IfNotPresent
args: ["server.delay_sweeper"]
volumeMounts:
- name: config-volume
mountPath: /yizhisec/web_server/conf/conf.yml
subPath: conf.yml
readOnly: true
- name: log-data
mountPath: /yizhisec/web_server/logs
volumes:
- name: log-data
emptyDir: {}
- name: config-volume
configMap:
name: config-api
items:
- key: conf.yml
path: conf.yml

36
pkg/resource/app.mie.worker.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-worker-deployment
namespace: hsv2
spec:
replicas: 1
selector:
matchLabels:
app: api-worker
template:
metadata:
labels:
app: api-worker
spec:
containers:
- name: api-worker
image: hub.yizhisec.com/hybridscope/mie-server:latest
imagePullPolicy: IfNotPresent
args: ["server.delay_worker"]
volumeMounts:
- name: config-volume
mountPath: /yizhisec/web_server/conf/conf.yml
subPath: conf.yml
readOnly: true
- name: log-data
mountPath: /yizhisec/web_server/logs
volumes:
- name: log-data
emptyDir: {}
- name: config-volume
configMap:
name: config-api
items:
- key: conf.yml
path: conf.yml

42
pkg/resource/app.oem.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: oem-deployment
namespace: hsv2
spec:
replicas: %d
selector:
matchLabels:
app: oem
template:
metadata:
labels:
app: oem
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: oem
containers:
- name: oem
image: %s
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: oem-service
namespace: hsv2
spec:
selector:
app: oem
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP

63
pkg/resource/app.user.yaml Normal file
View File

@@ -0,0 +1,63 @@
kind: Deployment
metadata:
name: user-deployment
namespace: hsv2
spec:
replicas: %d
selector:
matchLabels:
app: user
template:
metadata:
labels:
app: user
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: user
containers:
- name: user
image: hub.yizhisec.com/hybridscope/user_management:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9013
volumeMounts:
- name: config-volume
mountPath: /etc/hs_user_management/config.yml
subPath: config.yml
readOnly: true
- name: ssl-client-crt
mountPath: /etc/hs_user_management/proxy/certs/client.crt
subPath: client.crt
readOnly: true
volumes:
- name: config-volume
configMap:
name: config-user
items:
- key: config.yml
path: config.yml
- name: ssl-client-crt
configMap:
name: ssl-client-crt
items:
- key: client.crt
path: client.crt
---
apiVersion: v1
kind: Service
metadata:
name: user-service
namespace: hsv2
spec:
selector:
app: user
ports:
- protocol: TCP
port: 9013
targetPort: 9013
type: ClusterIP

54
pkg/resource/backup-seafile.yaml Normal file
View File

@@ -0,0 +1,54 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: backup-seafile-deployment
namespace: seafile
spec:
replicas: 1
selector:
matchLabels:
app: backup-seafile
template:
metadata:
labels:
app: backup-seafile
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: backup-seafile
containers:
- name: backup-seafile
image: hub.yizhisec.com/hybridscope/hs_backup_seafile:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9027
volumeMounts:
- name: config-volume
mountPath: /etc/hs_backup_seafile/config.yml
subPath: config.yml
readOnly: true
volumes:
- name: config-volume
configMap:
name: config-backup-seafile
items:
- key: config.yml
path: config.yml
---
apiVersion: v1
kind: Service
metadata:
name: backup-seafile-service
namespace: seafile
spec:
selector:
app: backup-seafile
ports:
- protocol: TCP
port: 9027
targetPort: 9027
type: ClusterIP

33
pkg/resource/resource.go
View File

@@ -25,4 +25,37 @@ var (
//go:embed less-dns.yaml
YAMLLessDNS []byte
//go:embed seafile.yaml
YAMLSeafile string
//go:embed backup-seafile.yaml
YAMLBackupSeafile string
//go:embed seafile.conf
NGINXSeafile []byte
//go:embed app.user.yaml
YAMLAppUser string
//go:embed app.gateway.yaml
YAMLAppGateway string
//go:embed app.client.yaml
YAMLAppClient string
//go:embed app.mie.api.yaml
YAMLAppMieAPI string
//go:embed app.mie.worker.yaml
YAMLAppMieWorker []byte
//go:embed app.mie.cron.yaml
YAMLAppMieCron []byte
//go:embed app.mie.sweeper.yaml
YAMLAppMieSweeper []byte
//go:embed app.oem.yaml
YAMLAppOEM string
)

81
pkg/resource/seafile.conf Normal file
View File

@@ -0,0 +1,81 @@
server {
listen 443 ssl proxy_protocol;
server_name seafile.yizhisec.com cloud.hybridscope.com seafile-yizhise-com cloud-hybridscope-com;
ssl_certificate /etc/nginx/ssl/client.server.crt;
ssl_certificate_key /etc/nginx/ssl/client.server.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_trusted_certificate /etc/nginx/ssl/client.ca.crt;
ssl_client_certificate /etc/nginx/ssl/client.ca.crt;
ssl_verify_client on;
client_max_body_size 500M;
# location = /auth-sharing {
# internal;
# proxy_pass http://client-service:9129/api/auth-sharing;
# proxy_http_version 1.1;
# proxy_pass_request_body off;
# proxy_set_header Content-Length "";
# proxy_set_header X-Original-URI $request_uri;
# }
location /f/ {
rewrite ^(.+[^/])$ $1/ last; # 补上末尾的 /,避免重定向两次
# auth_request /auth-sharing;
# proxy_pass http://hs-openresty:13381;
proxy_pass http://seafile-service.seafile;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /api/v1/ {
proxy_pass http://backup-seafile-service.seafile:9027;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /api2/ {
# proxy_pass http://hs-resource-server:19980;
proxy_pass http://seafile-service.seafile;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /api/v2.1/ {
# proxy_pass http://hs-resource-server:19980;
proxy_pass http://seafile-service.seafile;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_read_timeout 300s;
}
location /seafhttp/ {
# proxy_pass http://hs-resource-server:19980;
proxy_pass http://seafile-service.seafile;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
}

29
pkg/resource/seafile.yaml
View File

@@ -20,7 +20,8 @@ spec:
spec:
containers:
- name: memcached
image: hub.yizhisec.com/product/hybridscope/memcached
image: hub.yizhisec.com/product/hybridscope/memcached:latest
imagePullPolicy: IfNotPresent
args: ["-m", "256"]
ports:
- containerPort: 11211
@@ -60,19 +61,19 @@ spec:
imagePullPolicy: IfNotPresent
env:
- name: DB_HOST
value: "mysql-cluster-mysql-master.db-mysql"
value: "%s"
- name: DB_ROOT_PASSWD
value: "L0hMysql." #db's password
value: "%s" #db's password
- name: TIME_ZONE
value: "Asia/Shanghai"
- name: SEAFILE_ADMIN_EMAIL
value: "admin@yizhisec.com" #admin email
value: "%s" #admin email
- name: SEAFILE_ADMIN_PASSWORD
value: "asecret" #admin password
value: "%s" #admin password
- name: SEAFILE_SERVER_LETSENCRYPT
value: "false"
- name: SEAFILE_SERVER_HOSTNAME
value: "cloud.hybridscope.com" #hostname
value: "%s" #hostname
ports:
- containerPort: 80
volumeMounts:
@@ -95,4 +96,18 @@ spec:
storageClassName: longhorn
resources:
requests:
storage: 10Gi
storage: %s
---
apiVersion: v1
kind: Service
metadata:
name: seafile-service
namespace: seafile
spec:
selector:
app: seafile
type: ClusterIP
ports:
- protocol: TCP
port: 80
targetPort: 80