From eea2dfb67a564914d221e08ade9f97b260421a04 Mon Sep 17 00:00:00 2001 From: eball Date: Tue, 2 Dec 2025 23:40:37 +0800 Subject: [PATCH] download, search: add download and search3 provider configurations (#2140) feat: add download and search3 provider configurations --- .../cluster/deploy/download_provider.yaml | 128 ++++++++++++++++++ .../cluster/deploy/search3_provider.yaml | 87 ++++++++++++ 2 files changed, 215 insertions(+) create mode 100644 framework/download-server/.olares/config/cluster/deploy/download_provider.yaml create mode 100644 framework/search3/.olares/config/cluster/deploy/search3_provider.yaml diff --git a/framework/download-server/.olares/config/cluster/deploy/download_provider.yaml b/framework/download-server/.olares/config/cluster/deploy/download_provider.yaml new file mode 100644 index 000000000..288e4b7ba --- /dev/null +++ b/framework/download-server/.olares/config/cluster/deploy/download_provider.yaml @@ -0,0 +1,128 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: download-provider + applications.app.bytetrade.io/author: bytetrade.io + name: download-provider + namespace: {{ .Release.Namespace }} +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: download-provider + strategy: + type: Recreate + template: + metadata: + creationTimestamp: null + labels: + app: download-provider + io.bytetrade.app: "true" + provider: "true" + spec: + containers: + - name: provider-proxy + image: beclab/provider-proxy:0.1.0 + imagePullPolicy: IfNotPresent + args: + - --logtostderr + - --insecure-listen-address=:28080 + - --upstream=http://download-svc:8090/ + ports: + - containerPort: 28080 + resources: + requests: + cpu: 10m + memory: 200Mi + limits: + cpu: "500m" + memory: 350Mi + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + priorityClassName: system-cluster-critical + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: provider-sa + serviceAccountName: provider-sa + terminationGracePeriodSeconds: 30 + +--- +apiVersion: v1 +kind: Service +metadata: + name: download-provider-svc + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + selector: + app: download-provider + ports: + - name: server + protocol: TCP + port: 28080 + targetPort: 28080 + +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: provider-sa + namespace: {{ .Release.Namespace }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: backend:{{ .Release.Namespace }}:provider +rules: + - apiGroups: + - "*" + resources: + - clusterrolebindings + - clusterroles + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "*" + resources: + - tokenreviews + - subjectaccessreviews + verbs: + - create + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: backend:{{ .Release.Namespace }}:provider +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: backend:{{ .Release.Namespace }}:provider +subjects: + - kind: ServiceAccount + name: provider-sa + namespace: {{ .Release.Namespace }} + +--- +# provider role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: backend:download-provider + annotations: + provider-registry-ref: {{ .Release.Namespace }}/download-provider-svc + provider-service-ref: download-provider-svc.{{ .Release.Namespace }}:28080 +rules: + - nonResourceURLs: ["/api/download/*"] + verbs: ["*"] diff --git a/framework/search3/.olares/config/cluster/deploy/search3_provider.yaml b/framework/search3/.olares/config/cluster/deploy/search3_provider.yaml new file mode 100644 index 000000000..91e4b26cf --- /dev/null +++ b/framework/search3/.olares/config/cluster/deploy/search3_provider.yaml @@ -0,0 +1,87 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: search3-provider + applications.app.bytetrade.io/author: bytetrade.io + name: search3-provider + namespace: {{ .Release.Namespace }} +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: search3-provider + strategy: + type: Recreate + template: + metadata: + creationTimestamp: null + labels: + app: search3-provider + io.bytetrade.app: "true" + provider: "true" + spec: + containers: + - name: provider-proxy + image: beclab/provider-proxy:0.1.0 + imagePullPolicy: IfNotPresent + args: + - --logtostderr + - --insecure-listen-address=:28080 + - --upstream=http://search3:80/ + ports: + - containerPort: 28080 + resources: + requests: + cpu: 10m + memory: 200Mi + limits: + cpu: "500m" + memory: 350Mi + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + priorityClassName: system-cluster-critical + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: provider-sa + serviceAccountName: provider-sa + terminationGracePeriodSeconds: 30 + +--- +apiVersion: v1 +kind: Service +metadata: + name: search3-provider-svc + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + selector: + app: search3-provider + ports: + - name: server + protocol: TCP + port: 28080 + targetPort: 28080 + +--- +# provider role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: backend:search3-provider + annotations: + provider-registry-ref: {{ .Release.Namespace }}/search3-provider-svc + provider-service-ref: search3-provider-svc.{{ .Release.Namespace }}:28080 +rules: + - nonResourceURLs: + - "/document/get_by_resource_uri" + - "/document/add" + - "/document/delete/*" + - "/document/update/*" + verbs: ["*"]