From d5bbc1d32f6091b0795d2d0f2c8a4c96b98f3b9d Mon Sep 17 00:00:00 2001
From: eball <liuy102@hotmail.com>
Date: Fri, 29 Aug 2025 21:24:49 +0800
Subject: [PATCH] systemserver: change user-backend service account namespace
 and privilege (#1766)

* systemserver: change user backend service account namespace and privilege

* fix: get token from user-backend

* fix: clear file node service bug

---------

Co-authored-by: aby913 <aby913@163.com>
---
 .../config/cluster/deploy/backup_server.yaml      |  2 +-
 .../config/launcher/templates/bfl_deploy.yaml     |  2 +-
 .../config/cluster/deploy/files_deploy.yaml       |  2 +-
 .../systemserver/templates/permission.yaml        | 15 ++++++++++++++-
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/framework/backup-server/.olares/config/cluster/deploy/backup_server.yaml b/framework/backup-server/.olares/config/cluster/deploy/backup_server.yaml
index 6349c1864..c89954746 100644
--- a/framework/backup-server/.olares/config/cluster/deploy/backup_server.yaml
+++ b/framework/backup-server/.olares/config/cluster/deploy/backup_server.yaml
@@ -1,6 +1,6 @@
 
 
-{{ $backupVersion := "0.3.45" }}
+{{ $backupVersion := "0.3.46" }}
 {{ $backup_server_rootpath := printf "%s%s" .Values.rootPath "/rootfs/backup-server" }}
 
 {{- $backup_nats_secret := (lookup "v1" "Secret" .Release.Namespace "backup-nats-secret") -}}
diff --git a/framework/bfl/.olares/config/launcher/templates/bfl_deploy.yaml b/framework/bfl/.olares/config/launcher/templates/bfl_deploy.yaml
index 352310219..624137a12 100644
--- a/framework/bfl/.olares/config/launcher/templates/bfl_deploy.yaml
+++ b/framework/bfl/.olares/config/launcher/templates/bfl_deploy.yaml
@@ -321,7 +321,7 @@ spec:
               apiVersion: v1
               fieldPath: spec.nodeName
       - name: ingress
-        image: beclab/bfl-ingress:v0.3.17
+        image: beclab/bfl-ingress:v0.3.18
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: ngxlog
diff --git a/framework/files/.olares/config/cluster/deploy/files_deploy.yaml b/framework/files/.olares/config/cluster/deploy/files_deploy.yaml
index cf9615a44..00fbf18e3 100644
--- a/framework/files/.olares/config/cluster/deploy/files_deploy.yaml
+++ b/framework/files/.olares/config/cluster/deploy/files_deploy.yaml
@@ -172,7 +172,7 @@ spec:
 {{ end }}
 
         - name: files
-          image: beclab/files-server:v0.2.101
+          image: beclab/files-server:v0.2.102
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: true
diff --git a/framework/system-server/.olares/config/user/helm-charts/systemserver/templates/permission.yaml b/framework/system-server/.olares/config/user/helm-charts/systemserver/templates/permission.yaml
index 14bf999d6..8a42f6bec 100644
--- a/framework/system-server/.olares/config/user/helm-charts/systemserver/templates/permission.yaml
+++ b/framework/system-server/.olares/config/user/helm-charts/systemserver/templates/permission.yaml
@@ -2,7 +2,20 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  namespace: {{ .Release.Namespace }}
+  namespace: user-system-{{ .Values.bfl.username }}
   name: user-backend
 
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Values.bfl.username }}:user-backend:settings-provider-svc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:settings-provider-svc
+subjects:
+- kind: ServiceAccount
+  name: user-backend
+  namespace: user-system-{{ .Values.bfl.username }}
\ No newline at end of file