download, search: add download and search3 provider configurations (#2140)

feat: add download and search3 provider configurations
2026-05-24 09:18:23 +00:00 · 2025-12-02 23:40:37 +08:00 · 2025-12-02 23:40:37 +08:00 · eea2dfb67a
commit eea2dfb67a
parent 316ffe4f35
2 changed files with 215 additions and 0 deletions
--- a/framework/download-server/.olares/config/cluster/deploy/download_provider.yaml
+++ b/framework/download-server/.olares/config/cluster/deploy/download_provider.yaml
@ -0,0 +1,128 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: download-provider
+    applications.app.bytetrade.io/author: bytetrade.io
+  name: download-provider
+  namespace: {{ .Release.Namespace }}
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: download-provider
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: download-provider
+        io.bytetrade.app: "true"
+        provider: "true"
+    spec:
+      containers:
+        - name: provider-proxy
+          image: beclab/provider-proxy:0.1.0
+          imagePullPolicy: IfNotPresent
+          args:
+            - --logtostderr
+            - --insecure-listen-address=:28080
+            - --upstream=http://download-svc:8090/
+          ports:
+            - containerPort: 28080
+          resources:
+            requests:
+              cpu: 10m
+              memory: 200Mi
+            limits:
+              cpu: "500m"
+              memory: 350Mi
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      priorityClassName: system-cluster-critical
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      serviceAccount: provider-sa
+      serviceAccountName: provider-sa
+      terminationGracePeriodSeconds: 30
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: download-provider-svc
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    app: download-provider
+  ports:
+    - name: server
+      protocol: TCP
+      port: 28080
+      targetPort: 28080
+
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: provider-sa
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: backend:{{ .Release.Namespace }}:provider
+rules:
+  - apiGroups:
+      - "*"
+    resources:
+      - clusterrolebindings
+      - clusterroles
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - "*"
+    resources:
+      - tokenreviews
+      - subjectaccessreviews
+    verbs:
+      - create
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: backend:{{ .Release.Namespace }}:provider
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: backend:{{ .Release.Namespace }}:provider
+subjects:
+  - kind: ServiceAccount
+    name: provider-sa
+    namespace: {{ .Release.Namespace }}
+
+---
+# provider role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: backend:download-provider
+  annotations:
+    provider-registry-ref: {{ .Release.Namespace }}/download-provider-svc
+    provider-service-ref: download-provider-svc.{{ .Release.Namespace }}:28080
+rules:
+  - nonResourceURLs: ["/api/download/*"]
+    verbs: ["*"]
--- a/framework/search3/.olares/config/cluster/deploy/search3_provider.yaml
+++ b/framework/search3/.olares/config/cluster/deploy/search3_provider.yaml
@ -0,0 +1,87 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: search3-provider
+    applications.app.bytetrade.io/author: bytetrade.io
+  name: search3-provider
+  namespace: {{ .Release.Namespace }}
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: search3-provider
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: search3-provider
+        io.bytetrade.app: "true"
+        provider: "true"
+    spec:
+      containers:
+        - name: provider-proxy
+          image: beclab/provider-proxy:0.1.0
+          imagePullPolicy: IfNotPresent
+          args:
+            - --logtostderr
+            - --insecure-listen-address=:28080
+            - --upstream=http://search3:80/
+          ports:
+            - containerPort: 28080
+          resources:
+            requests:
+              cpu: 10m
+              memory: 200Mi
+            limits:
+              cpu: "500m"
+              memory: 350Mi
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      priorityClassName: system-cluster-critical
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      serviceAccount: provider-sa
+      serviceAccountName: provider-sa
+      terminationGracePeriodSeconds: 30
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: search3-provider-svc
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    app: search3-provider
+  ports:
+    - name: server
+      protocol: TCP
+      port: 28080
+      targetPort: 28080
+
+---
+# provider role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: backend:search3-provider
+  annotations:
+    provider-registry-ref: {{ .Release.Namespace }}/search3-provider-svc
+    provider-service-ref: search3-provider-svc.{{ .Release.Namespace }}:28080
+rules:
+  - nonResourceURLs: 
+      - "/document/get_by_resource_uri"
+      - "/document/add"
+      - "/document/delete/*"
+      - "/document/update/*"
+    verbs: ["*"]