refactor: 整理结构和 maker 构建方式

pkg/resource/yaml/app.client.yaml

@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: client-deployment
+  namespace: hsv2
+spec:
+  replicas: %d
+  selector:
+    matchLabels:
+      app: client
+  template:
+    metadata:
+      labels:
+        app: client
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: client
+      containers:
+        - name: client
+          image: hub.yizhisec.com/hybridscope/client_server:latest
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: ssl-pub-crt
+              mountPath: /etc/yizhisec/license/pub_key
+              subPath: pub_key
+              readOnly: true
+            - name: config-volume
+              mountPath: /etc/client_server/config.yml
+              subPath: config.yml
+              readOnly: true
+      volumes:
+        - name: ssl-pub-crt
+          configMap:
+            name: ssl-pub-crt
+            items:
+              - key: pub_key
+                path: pub_key
+        - name: config-volume
+          configMap:
+            name: config-client
+            items:
+              - key: config.yml
+                path: config.yml
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: client-service
+  namespace: hsv2
+spec:
+  selector:
+    app: client
+  ports:
+    - protocol: TCP
+      name: web
+      port: 9129
+      targetPort: 9129
+    - protocol: TCP
+      name: web2
+      port: 9024
+      targetPort: 9024
+    - protocol: TCP
+      name: web-message
+      port: 9025
+      targetPort: 9025
+  type: ClusterIP

pkg/resource/yaml/app.gateway.yaml

@@ -0,0 +1,83 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gateway-deployment
+  namespace: hsv2
+spec:
+  replicas: %d
+  selector:
+    matchLabels:
+      app: gateway
+  template:
+    metadata:
+      labels:
+        app: gateway
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: gateway
+      containers:
+        - name: gateway
+          image: hub.yizhisec.com/hybridscope/gateway_controller:latest
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/gateway_controller/config.yml
+              subPath: config.yml
+              readOnly: true
+            - name: config-token
+              mountPath: /etc/yizhisec/token
+              subPath: token
+              readOnly: true
+            - name: ssl-client-crt
+              mountPath: /yizhisec/ssl/client.crt
+              subPath: client.crt
+              readOnly: true
+            - name: ssl-client-key
+              mountPath: /yizhisec/ssl/client.key
+              subPath: client.key
+              readOnly: true
+      volumes:
+        - name: config-volume
+          configMap:
+            name: config-gateway
+            items:
+              - key: config.yml
+                path: config.yml
+        - name: config-token
+          configMap:
+            name: config-token
+            items:
+              - key: token
+                path: token
+        - name: ssl-client-crt
+          configMap:
+            name: ssl-client-crt
+            items:
+              - key: client.crt
+                path: client.crt
+        - name: ssl-client-key
+          configMap:
+            name: ssl-client-key
+            items:
+              - key: client.key
+                path: client.key
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gateway-service
+  namespace: hsv2
+spec:
+  selector:
+    app: gateway
+  ports:
+    - protocol: TCP
+      name: gateway-api
+      port: 9012
+      targetPort: 9012
+  type: ClusterIP

pkg/resource/yaml/app.mie.api.yaml

@@ -0,0 +1,95 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-deployment
+  namespace: hsv2
+spec:
+  replicas: %d
+  selector:
+    matchLabels:
+      app: api
+  template:
+    metadata:
+      labels:
+        app: api
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: api
+      containers:
+        - name: api
+          image: hub.yizhisec.com/hybridscope/mie-server:latest
+          imagePullPolicy: IfNotPresent
+          args: ["server.app", "--master", "--debug"]
+          volumeMounts:
+            - name: ssl-pub-crt
+              mountPath: /etc/mie-server/license/pub_key
+              subPath: pub_key
+              readOnly: true
+            - name: config-volume
+              mountPath: /yizhisec/web_server/conf/conf.yml
+              subPath: conf.yml
+              readOnly: true
+            - name: config-license-init
+              mountPath: /etc/mie-server/server_license_init.conf
+              subPath: server_license_init.conf
+              readOnly: true
+            - name: ssl-web-crt
+              mountPath: /yizhisec/hs_nginx/ssl/web.server.crt
+              subPath: web.server.crt
+              readOnly: true
+            - name: config-oem-data
+              mountPath: /yizhisec/hs_nginx/data/443/oem/data.json
+              subPath: data.json
+              readOnly: true
+      volumes:
+        - name: ssl-pub-crt
+          configMap:
+            name: ssl-pub-crt
+            items:
+              - key: pub_key
+                path: pub_key
+        - name: config-volume
+          configMap:
+            name: config-api
+            items:
+              - key: conf.yml
+                path: conf.yml
+        - name: config-license-init
+          configMap:
+            name: config-license-init
+            items:
+              - key: server_license_init.conf
+                path: server_license_init.conf
+        - name: ssl-web-crt
+          configMap:
+            name: ssl-web-crt
+            items:
+              - key: web.server.crt
+                path: web.server.crt
+        - name: config-oem-data
+          configMap:
+            name: config-oem-data
+            items:
+              - key: data.json
+                path: data.json
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: api-service
+  namespace: hsv2
+spec:
+  selector:
+    app: api
+  ports:
+    - protocol: TCP
+      name: mie-api
+      port: 9002
+      targetPort: 9002
+  type: ClusterIP

pkg/resource/yaml/app.mie.cron.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-cron-deployment
+  namespace: hsv2
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: api-cron
+  template:
+    metadata:
+      labels:
+        app: api-cron
+    spec:
+      containers:
+        - name: api-cron
+          image: hub.yizhisec.com/hybridscope/mie-server:latest
+          imagePullPolicy: IfNotPresent
+          args: ["server.schedule"]
+          volumeMounts:
+            - name: config-volume
+              mountPath: /yizhisec/web_server/conf/conf.yml
+              subPath: conf.yml
+              readOnly: true
+      volumes:
+        - name: config-volume
+          configMap:
+            name: config-api
+            items:
+              - key: conf.yml
+                path: conf.yml

pkg/resource/yaml/app.mie.sweeper.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-sweeper-deployment
+  namespace: hsv2
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: api-sweeper
+  template:
+    metadata:
+      labels:
+        app: api-sweeper
+    spec:
+      containers:
+        - name: api-sweeper
+          image: hub.yizhisec.com/hybridscope/mie-server:latest
+          imagePullPolicy: IfNotPresent
+          args: ["server.delay_sweeper"]
+          volumeMounts:
+            - name: config-volume
+              mountPath: /yizhisec/web_server/conf/conf.yml
+              subPath: conf.yml
+              readOnly: true
+            - name: log-data
+              mountPath: /yizhisec/web_server/logs
+      volumes:
+        - name: log-data
+          emptyDir: {}
+        - name: config-volume
+          configMap:
+            name: config-api
+            items:
+              - key: conf.yml
+                path: conf.yml

pkg/resource/yaml/app.mie.worker.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api-worker-deployment
+  namespace: hsv2
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: api-worker
+  template:
+    metadata:
+      labels:
+        app: api-worker
+    spec:
+      containers:
+        - name: api-worker
+          image: hub.yizhisec.com/hybridscope/mie-server:latest
+          imagePullPolicy: IfNotPresent
+          args: ["server.delay_worker"]
+          volumeMounts:
+            - name: config-volume
+              mountPath: /yizhisec/web_server/conf/conf.yml
+              subPath: conf.yml
+              readOnly: true
+            - name: log-data
+              mountPath: /yizhisec/web_server/logs
+      volumes:
+        - name: log-data
+          emptyDir: {}
+        - name: config-volume
+          configMap:
+            name: config-api
+            items:
+              - key: conf.yml
+                path: conf.yml

pkg/resource/yaml/app.nginx.yaml

@@ -0,0 +1,209 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  namespace: hsv2
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: nginx
+      containers:
+        - name: nginx
+          image: hub.yizhisec.com/external/nginx:1.29.1-alpine3.22
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: nginx-main
+              mountPath: /etc/nginx/nginx.conf
+              subPath: nginx.conf
+              readOnly: true
+            - name: nginx-user
+              mountPath: /etc/nginx/sites-enabled/user.conf
+              subPath: user.conf
+              readOnly: true
+            - name: nginx-gateway
+              mountPath: /etc/nginx/sites-enabled/gateway.conf
+              subPath: gateway.conf
+              readOnly: true
+            - name: nginx-web
+              mountPath: /etc/nginx/sites-enabled/web.conf
+              subPath: web.conf
+              readOnly: true
+            - name: nginx-client
+              mountPath: /etc/nginx/sites-enabled/client.conf
+              subPath: client.conf
+              readOnly: true
+            - name: nginx-common
+              mountPath: /etc/nginx/common/common.conf
+              subPath: common.conf
+              readOnly: true
+            - name: ssl-ffdhe2048
+              mountPath: /etc/nginx/ssl/ffdhe2048.txt
+              subPath: ffdhe2048.txt
+              readOnly: true
+            - name: ssl-ca-crt
+              mountPath: /yizhisec/ssl/ca.crt
+              subPath: ca.crt
+              readOnly: true
+            - name: ssl-server-crt
+              mountPath: /yizhisec/ssl/server.crt
+              subPath: server.crt
+              readOnly: true
+            - name: ssl-server-key
+              mountPath: /yizhisec/ssl/server.key
+              subPath: server.key
+              readOnly: true
+            - name: ssl-mqtt-crt
+              mountPath: /etc/nginx/ssl/mqtt.server.crt
+              subPath: mqtt.server.crt
+              readOnly: true
+            - name: ssl-mqtt-key
+              mountPath: /etc/nginx/ssl/mqtt.server.key
+              subPath: mqtt.server.key
+              readOnly: true
+            - name: ssl-client-server-crt
+              mountPath: /etc/nginx/ssl/client.server.crt
+              subPath: client.server.crt
+              readOnly: true
+            - name: ssl-client-server-key
+              mountPath: /etc/nginx/ssl/client.server.key
+              subPath: client.server.key
+              readOnly: true
+            - name: ssl-web-server-crt
+              mountPath: /etc/nginx/ssl/web.server.crt
+              subPath: web.server.crt
+              readOnly: true
+            - name: ssl-web-server-key
+              mountPath: /etc/nginx/ssl/web.server.key
+              subPath: web.server.key
+              readOnly: true
+      volumes:
+        - name: nginx-main
+          configMap:
+            name: nginx-main
+            items:
+              - key: nginx.conf
+                path: nginx.conf
+        - name: nginx-user
+          configMap:
+            name: nginx-user
+            items:
+              - key: user.conf
+                path: user.conf
+        - name: nginx-gateway
+          configMap:
+            name: nginx-gateway
+            items:
+              - key: gateway.conf
+                path: gateway.conf
+        - name: nginx-web
+          configMap:
+            name: nginx-web
+            items:
+              - key: web.conf
+                path: web.conf
+        - name: nginx-client
+          configMap:
+            name: nginx-client
+            items:
+              - key: client.conf
+                path: client.conf
+        - name: nginx-common
+          configMap:
+            name: nginx-common
+            items:
+              - key: common.conf
+                path: common.conf
+        - name: ssl-ffdhe2048
+          configMap:
+            name: ssl-ffdhe2048
+            items:
+              - key: ffdhe2048.txt
+                path: ffdhe2048.txt
+        - name: ssl-ca-crt
+          configMap:
+            name: ssl-ca-crt
+            items:
+              - key: ca.crt
+                path: ca.crt
+        - name: ssl-server-crt
+          configMap:
+            name: ssl-server-crt
+            items:
+              - key: server.crt
+                path: server.crt
+        - name: ssl-server-key
+          configMap:
+            name: ssl-server-key
+            items:
+              - key: server.key
+                path: server.key
+        - name: ssl-mqtt-crt
+          configMap:
+            name: ssl-mqtt-crt
+            items:
+              - key: mqtt.server.crt
+                path: mqtt.server.crt
+        - name: ssl-mqtt-key
+          configMap:
+            name: ssl-mqtt-key
+            items:
+              - key: mqtt.server.key
+                path: mqtt.server.key
+        - name: ssl-client-server-crt
+          configMap:
+            name: ssl-client-server-crt
+            items:
+              - key: client.server.crt
+                path: client.server.crt
+        - name: ssl-client-server-key
+          configMap:
+            name: ssl-client-server-key
+            items:
+              - key: client.server.key
+                path: client.server.key
+        - name: ssl-web-server-crt
+          configMap:
+            name: ssl-web-server-crt
+            items:
+              - key: web.server.crt
+                path: web.server.crt
+        - name: ssl-web-server-key
+          configMap:
+            name: ssl-web-server-key
+            items:
+              - key: web.server.key
+                path: web.server.key
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-service
+  namespace: hsv2
+spec:
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      name: o-443
+      port: 443
+      targetPort: 23443
+      nodePort: 31443
+    - protocol: TCP
+      name: o-8443
+      port: 8443
+      targetPort: 8443
+      nodePort: 32443
+  type: NodePort

pkg/resource/yaml/app.oem.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: oem-deployment
+  namespace: hsv2
+spec:
+  replicas: %d
+  selector:
+    matchLabels:
+      app: oem
+  template:
+    metadata:
+      labels:
+        app: oem
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: oem
+      containers:
+        - name: oem
+          image: %s
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: oem-service
+  namespace: hsv2
+spec:
+  selector:
+    app: oem
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+  type: ClusterIP

pkg/resource/yaml/app.user.yaml

@@ -0,0 +1,63 @@
+kind: Deployment
+metadata:
+  name: user-deployment
+  namespace: hsv2
+spec:
+  replicas: %d
+  selector:
+    matchLabels:
+      app: user
+  template:
+    metadata:
+      labels:
+        app: user
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: user
+      containers:
+        - name: user
+          image: hub.yizhisec.com/hybridscope/user_management:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 9013
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/hs_user_management/config.yml
+              subPath: config.yml
+              readOnly: true
+            - name: ssl-client-crt
+              mountPath: /etc/hs_user_management/proxy/certs/client.crt
+              subPath: client.crt
+              readOnly: true
+      volumes:
+        - name: config-volume
+          configMap:
+            name: config-user
+            items:
+              - key: config.yml
+                path: config.yml
+        - name: ssl-client-crt
+          configMap:
+            name: ssl-client-crt
+            items:
+              - key: client.crt
+                path: client.crt
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: user-service
+  namespace: hsv2
+spec:
+  selector:
+    app: user
+  ports:
+    - protocol: TCP
+      port: 9013
+      targetPort: 9013
+  type: ClusterIP

pkg/resource/yaml/backup-seafile.yaml

@@ -0,0 +1,65 @@
+apiVersion: mysql.presslabs.org/v1alpha1
+kind: MysqlDatabase
+metadata:
+  name: my-database-backup-server
+  namespace: db-mysql
+spec:
+  database: backup_server
+  clusterRef:
+    name: mysql-cluster
+    namespace: db-mysql
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backup-seafile-deployment
+  namespace: seafile
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: backup-seafile
+  template:
+    metadata:
+      labels:
+        app: backup-seafile
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: backup-seafile
+      containers:
+        - name: backup-seafile
+          image: hub.yizhisec.com/hybridscope/hs_backup_seafile:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 9027
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/hs_backup_seafile/config.yml
+              subPath: config.yml
+              readOnly: true
+      volumes:
+        - name: config-volume
+          configMap:
+            name: config-backup-seafile
+            items:
+              - key: config.yml
+                path: config.yml
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backup-seafile-service
+  namespace: seafile
+spec:
+  selector:
+    app: backup-seafile
+  ports:
+    - protocol: TCP
+      port: 9027
+      targetPort: 9027
+  type: ClusterIP

pkg/resource/yaml/emqx.yaml

@@ -0,0 +1,62 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: db-emqx
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: emqx
+  namespace: db-emqx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: emqx
+  template:
+    metadata:
+      labels:
+        app: emqx
+    spec:
+      containers:
+        - name: emqx
+          image: hub.yizhisec.com/external/emqx:5.1
+          ports:
+            - containerPort: 1883
+              name: mqtt
+            - containerPort: 8883
+              name: mqtt-ssl
+            - containerPort: 18083
+              name: dashboard
+            - containerPort: 18084
+              name: websocket
+          env:
+            - name: EMQX_NODE_NAME
+              value: "emqx@single-node"
+            - name: EMQX_DASHBOARD__DEFAULT_PASSWORD
+              value: "YizhiSEC@123"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: emqx-service
+  namespace: db-emqx
+spec:
+  selector:
+    app: emqx
+  type: ClusterIP
+  ports:
+    - name: mqtt
+      port: 1883
+      targetPort: 1883
+    - name: mqtt-ssl
+      port: 8883
+      targetPort: 8883
+    - name: dashboard
+      port: 18083
+      targetPort: 18083
+    - name: websocket
+      port: 18084
+      targetPort: 18084
+

pkg/resource/yaml/es.yaml

@@ -0,0 +1,121 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: db-es
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: elasticsearch
+  namespace: db-es
+spec:
+  serviceName: elasticsearch
+  replicas: 1
+  selector:
+    matchLabels:
+      app: elasticsearch
+  template:
+    metadata:
+      labels:
+        app: elasticsearch
+    spec:
+      volumes:
+        - name: shared-data
+          emptyDir: {}
+      securityContext:
+        fsGroup: 1000
+      initContainers:
+        - name: fix-permissions
+          image: hub.yizhisec.com/hybridscope/v2/es-init-helper:alpine-3.22.2
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - -c
+          args: 
+            - | 
+              #/bin/sh
+              cp -rf /data/plugins/* /app/shared/
+              chown -R 1000:1000 /usr/share/elasticsearch/data           
+          volumeMounts:
+            - name: es-data
+              mountPath: /usr/share/elasticsearch/data
+            - name: shared-data
+              mountPath: /app/shared
+          securityContext:
+            runAsUser: 0
+      containers:
+        - name: elasticsearch
+          image: hub.yizhisec.com/external/elasticsearch:7.17.28
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: discovery.type
+              value: single-node
+            - name: ES_JAVA_OPTS
+              value: "-Xms%dg -Xmx%dg"
+            - name: node.name
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          ports:
+            - containerPort: 9200
+              name: http
+            - containerPort: 9300
+              name: transport
+          volumeMounts:
+            - name: es-data
+              mountPath: /usr/share/elasticsearch/data
+            - name: shared-data
+              mountPath: /usr/share/elasticsearch/plugins
+          resources:
+            requests:
+              memory: "%dGi"
+              cpu: "%d"
+            limits:
+              memory: "%dGi"
+              cpu: "%d"
+  volumeClaimTemplates:
+    - metadata:
+        name: es-data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: longhorn
+        resources:
+          requests:
+            storage: %s
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: es-service
+  namespace: db-es
+spec:
+  type: ClusterIP
+  selector:
+    app: elasticsearch
+  ports:
+    - name: http
+      protocol: TCP
+      port: 9200
+      targetPort: http
+    - name: transport
+      protocol: TCP
+      port: 9300
+      targetPort: transport
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: es-init-job
+  namespace: db-es
+spec:
+  template:
+    spec:
+      containers:
+        - name: es-init
+          image: hub.yizhisec.com/hybridscope/v2/es-init-helper:alpine-3.22.2
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - /data/create_index.sh
+      restartPolicy: Never
+  backoffLimit: 2

pkg/resource/yaml/flannel.yaml

@@ -0,0 +1,215 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    k8s-app: flannel
+    pod-security.kubernetes.io/enforce: privileged
+  name: kube-flannel
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-app: flannel
+  name: flannel
+  namespace: kube-flannel
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    k8s-app: flannel
+  name: flannel
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/status
+    verbs:
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    k8s-app: flannel
+  name: flannel
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flannel
+subjects:
+  - kind: ServiceAccount
+    name: flannel
+    namespace: kube-flannel
+---
+apiVersion: v1
+data:
+  cni-conf.json: |
+    {
+      "name": "cbr0",
+      "cniVersion": "0.3.1",
+      "plugins": [
+        {
+          "type": "flannel",
+          "delegate": {
+            "hairpinMode": true,
+            "isDefaultGateway": true
+          }
+        },
+        {
+          "type": "portmap",
+          "capabilities": {
+            "portMappings": true
+          }
+        }
+      ]
+    }
+  net-conf.json: |
+    {
+      "Network": "10.244.0.0/16",
+      "EnableNFTables": false,
+      "Backend": {
+        "Type": "%s",
+        "DirectRouting": true
+      }
+    }
+kind: ConfigMap
+metadata:
+  labels:
+    app: flannel
+    k8s-app: flannel
+    tier: node
+  name: kube-flannel-cfg
+  namespace: kube-flannel
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: flannel
+    k8s-app: flannel
+    tier: node
+  name: kube-flannel-ds
+  namespace: kube-flannel
+spec:
+  selector:
+    matchLabels:
+      app: flannel
+      k8s-app: flannel
+  template:
+    metadata:
+      labels:
+        app: flannel
+        k8s-app: flannel
+        tier: node
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+      containers:
+        - args:
+            - --ip-masq
+            - --kube-subnet-mgr
+          command:
+            - /opt/bin/flanneld
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: EVENT_QUEUE_DEPTH
+              value: "5000"
+            - name: CONT_WHEN_CACHE_NOT_READY
+              value: "false"
+          image: ghcr.io/flannel-io/flannel:v0.27.4
+          name: kube-flannel
+          resources:
+            requests:
+              cpu: 100m
+              memory: 50Mi
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+                - NET_RAW
+            privileged: false
+          volumeMounts:
+            - mountPath: /run/flannel
+              name: run
+            - mountPath: /etc/kube-flannel/
+              name: flannel-cfg
+            - mountPath: /run/xtables.lock
+              name: xtables-lock
+      hostNetwork: true
+      initContainers:
+        - args:
+            - -f
+            - /flannel
+            - /opt/cni/bin/flannel
+          command:
+            - cp
+          image: ghcr.io/flannel-io/flannel-cni-plugin:v1.8.0-flannel1
+          name: install-cni-plugin
+          volumeMounts:
+            - mountPath: /opt/cni/bin
+              name: cni-plugin
+        - args:
+            - -f
+            - /etc/kube-flannel/cni-conf.json
+            - /etc/cni/net.d/10-flannel.conflist
+          command:
+            - cp
+          image: ghcr.io/flannel-io/flannel:v0.27.4
+          name: install-cni
+          volumeMounts:
+            - mountPath: /etc/cni/net.d
+              name: cni
+            - mountPath: /etc/kube-flannel/
+              name: flannel-cfg
+      priorityClassName: system-node-critical
+      serviceAccountName: flannel
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
+      volumes:
+        - hostPath:
+            path: /run/flannel
+          name: run
+        - hostPath:
+            path: /opt/cni/bin
+          name: cni-plugin
+        - hostPath:
+            path: /etc/cni/net.d
+          name: cni
+        - configMap:
+            name: kube-flannel-cfg
+          name: flannel-cfg
+        - hostPath:
+            path: /run/xtables.lock
+            type: FileOrCreate
+          name: xtables-lock

pkg/resource/yaml/kibana.yaml

@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kibana
+  namespace: db-es
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kibana
+  template:
+    metadata:
+      labels:
+        app: kibana
+    spec:
+      containers:
+        - name: kibana
+          image: hub.yizhisec.com/external/kibana:7.17.28
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: ELASTICSEARCH_HOSTS
+              value: http://es-service:9200
+            - name: SERVER_HOST
+              value: 0.0.0.0
+          ports:
+            - containerPort: 5601
+              name: http
+          resources:
+            limits:
+              memory: 2Gi
+              cpu: 1
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kibana-service
+  namespace: db-es
+spec:
+  type: NodePort
+  selector:
+    app: kibana
+  ports:
+    - name: http
+      protocol: TCP
+      port: 5601
+      targetPort: 5601
+      nodePort: 31601

pkg/resource/yaml/less-dns.yaml

@@ -0,0 +1,83 @@
+# k8s-hs-less-dns.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: hs-net
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-less-dns
+  namespace: hs-net
+data:
+  config.yml: |
+    {
+      "log": {
+        "level": "info"
+      },
+      "vnet4": "100.64.0.1/10",
+      "vnet6": "fc00:eeaa:0000:0000::/48",
+      "redis": {
+        "custom": [
+          {
+            "username": null,
+            "password": "HybridScope0xRed1s.",
+            "host": "redis-master.db-redis",
+            "port": 6379,
+            "tls_insecure": null,
+            "db": 10
+          }
+        ]
+      },
+      "mqtt": {
+        "client_id": "dns_mqtt_client",
+        "protocol": "tls",
+        "host": "emqx-service.db-emqx",
+        "port": 1883,
+        "cert": "",
+        "key": "",
+        "keep_alive": 60
+      }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: less-dns
+  namespace: hs-net
+  labels:
+    app: less-dns
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: less-dns
+  template:
+    metadata:
+      labels:
+        app: less-dns
+    spec:
+      topologySpreadConstraints:
+      - maxSkew: 1 
+        topologyKey: kubernetes.io/hostname 
+        whenUnsatisfiable: ScheduleAnyway 
+        labelSelector:
+          matchLabels:
+            app: less-dns
+      containers:
+      - name: less-dns
+        image: hub.yizhisec.com/hybridscope/less_dns_service:latest
+        imagePullPolicy: IfNotPresent
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/less_dns_service
+        securityContext:
+          privileged: true
+      volumes:
+      - name: config-volume
+        configMap:
+          name: config-less-dns
+          items:
+          - key: config.yml
+            path: config.yml
+      restartPolicy: Always

pkg/resource/yaml/seafile.yaml

@@ -0,0 +1,113 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: seafile
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: memcached
+  namespace: seafile
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: memcached
+  template:
+    metadata:
+      labels:
+        app: memcached
+    spec:
+      containers:
+        - name: memcached
+          image: hub.yizhisec.com/product/hybridscope/memcached:latest
+          imagePullPolicy: IfNotPresent
+          args: ["-m", "256"]
+          ports:
+            - containerPort: 11211
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: memcached
+  namespace: seafile
+spec:
+  selector:
+    app: memcached
+  ports:
+    - protocol: TCP
+      port: 11211
+      targetPort: 11211
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: seafile
+  namespace: seafile
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: seafile
+  template:
+    metadata:
+      labels:
+        app: seafile
+    spec:
+      containers:
+        - name: seafile
+          image: hub.yizhisec.com/product/hybridscope/seafile-mc:latest
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_HOST
+              value: "%s"
+            - name: DB_ROOT_PASSWD
+              value: "%s" #db's password
+            - name: TIME_ZONE
+              value: "Asia/Shanghai"
+            - name: SEAFILE_ADMIN_EMAIL
+              value: "%s" #admin email
+            - name: SEAFILE_ADMIN_PASSWORD
+              value: "%s" #admin password
+            - name: SEAFILE_SERVER_LETSENCRYPT
+              value: "false"
+            - name: SEAFILE_SERVER_HOSTNAME
+              value: "%s" #hostname
+          ports:
+            - containerPort: 80
+          volumeMounts:
+            - name: seafile-data
+              mountPath: /shared
+      volumes:
+        - name: seafile-data
+          persistentVolumeClaim:
+            claimName: seafile-data
+      restartPolicy: Always
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: seafile-data
+  namespace: seafile
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: %s
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: seafile-service
+  namespace: seafile
+spec:
+  selector:
+    app: seafile
+  type: ClusterIP
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80