systemserver: change user-backend service account namespace and privilege (#1766)

* systemserver: change user backend service account namespace and privilege

* fix: get token from user-backend

* fix: clear file node service bug

---------

Co-authored-by: aby913 <aby913@163.com>

framework/backup-server/.olares/config/cluster/deploy/backup_server.yaml

@@ -1,6 +1,6 @@
 
 
-{{ $backupVersion := "0.3.45" }}
+{{ $backupVersion := "0.3.46" }}
 {{ $backup_server_rootpath := printf "%s%s" .Values.rootPath "/rootfs/backup-server" }}
 
 {{- $backup_nats_secret := (lookup "v1" "Secret" .Release.Namespace "backup-nats-secret") -}}

framework/bfl/.olares/config/launcher/templates/bfl_deploy.yaml

@@ -321,7 +321,7 @@ spec:
               apiVersion: v1
               fieldPath: spec.nodeName
       - name: ingress
-        image: beclab/bfl-ingress:v0.3.17
+        image: beclab/bfl-ingress:v0.3.18
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: ngxlog

framework/files/.olares/config/cluster/deploy/files_deploy.yaml

@@ -172,7 +172,7 @@ spec:
 {{ end }}
 
         - name: files
-          image: beclab/files-server:v0.2.101
+          image: beclab/files-server:v0.2.102
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: true

framework/system-server/.olares/config/user/helm-charts/systemserver/templates/permission.yaml

@@ -2,7 +2,20 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  namespace: {{ .Release.Namespace }}
+  namespace: user-system-{{ .Values.bfl.username }}
   name: user-backend
 
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:user-backend:settings-provider-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:settings-provider-svc
+subjects:
+- kind: ServiceAccount
+  name: user-backend
+  namespace: user-system-{{ .Values.bfl.username }}