大量更新

.idea/encodings.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="Encoding">
+    <file url="file://$PROJECT_DIR$/70-202511-XA低空平台/2026年2月4日-基线扫描/Debian_配置规范/readme.txt" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/70-202511-XA低空平台/2026年2月4日-基线扫描/MySQL_配置规范_(Linux)/readme.txt" charset="GB2312" />
+  </component>
+</project>

.idea/sqldialects.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="SqlDialectMappings">
+    <file url="file://$PROJECT_DIR$/80-202603-山东潍坊滨海GA/all_tables_demo_0326(1).sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-数据库脚本/archive/nacos-2.1.2-ddl.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-数据库脚本/监管服务/2.3/1node_table_init_v2.3.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-数据库脚本/监管服务/2.3/3nodes_table_init_v2.3.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-数据库脚本/视频流媒体/live-op-init.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-数据库脚本/视频流媒体/live-proxy-init.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-数据库脚本/视频流媒体/wvp-init.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-数据库脚本/飞行服务/2.1/cmii_fly_center.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-数据库脚本/飞行服务/2.1/cmii_sky_converge.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-数据库脚本/飞行服务/2.1/cmii_sky_integration.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-部署模板/视频流媒体-helm-2604/sql-init/live-op-init.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-部署模板/视频流媒体-helm-2604/sql-init/live-proxy-init.sql" dialect="SQLite" />
+    <file url="file://$PROJECT_DIR$/999-部署模板/视频流媒体-helm-2604/sql-init/wvp-init.sql" dialect="SQLite" />
+  </component>
+</project>

0-archived/1-outside-deploy/1-base-env-shell/0.1-mountNodeVolume.sh

@@ -0,0 +1,80 @@
+#! /bin/bash
+
+## 关闭虚拟缓存
+#swapoff -a
+#cp -f /etc/fstab /etc/fstab_bak
+#cat /etc/fstab_bak | grep -v swap >/etc/fstab
+
+# echo "-----------------------------------------------------------------------"
+# RootVolumeSizeBefore=$(df -TH | grep -w "/dev/mapper/centos-root" | awk '{print $3}')
+# echo "扩容之前的root目录的容量为：${RootVolumeSizeBefore}"
+
+# echo "y
+
+
+# " | lvremove /dev/mapper/centos-swap
+
+# freepesize=$(vgdisplay centos | grep 'Free  PE' | awk '{print $5}')
+
+# lvextend  -l+${freepesize} /dev/mapper/centos-root
+
+
+# ## #自动扩展XFS文件系统到最大的可用大小
+# xfs_growfs /dev/mapper/centos-root
+
+# df -TH | grep -w "/dev/mapper/centos-root" | awk '{print $3}'
+
+# echo "-----------------------------------------------------------------------"
+# RootVolumeSizeAfter=$(df -TH | grep -w "/dev/mapper/centos-root" | awk '{print $3}')
+# echo "扩容之后的root目录的容量为：${RootVolumeSizeAfter}"
+# RootVolumeSizeBeforeNum=$(echo $RootVolumeSizeBefore | cut -d "G" -f1)
+# RootVolumeSizeAfterNum=$(echo $RootVolumeSizeAfter | cut -d "G" -f1)
+
+# echo "恭喜，您的root目录容量增加了+++++++$(( ${RootVolumeSizeAfterNum}-${RootVolumeSizeBeforeNum} ))GB+++++"
+
+echo ""
+echo ""
+echo ""
+echo "-----------------------------------------------------------------------"
+
+VG_NAME=datavg
+
+echo "n
+p
+
+
+
+t
+
+8e
+w
+" | fdisk /dev/vdb
+partprobe
+# 如果已经存在卷组，直接进行添加
+# vgextend /dev/mapper/centos /dev/vda3
+vgcreate ${VG_NAME} /dev/vdb1
+selfpesize=$(vgdisplay ${VG_NAME} | grep 'Total PE' | awk '{print $3}')
+# 大小根据实际情况调整
+lvcreate -l ${selfpesize} -n lvdata ${VG_NAME}
+mkfs.xfs /dev/mapper/${VG_NAME}-lvdata
+mkdir -p /data
+selffstab="/dev/mapper/${VG_NAME}-lvdata       /data         xfs    defaults        0 0"
+echo "${selffstab}" >> /etc/fstab
+mount -a
+
+echo ""
+echo ""
+echo ""
+df -TH
+echo "-----------------------------------------------------------------------"
+
+# 扩容根目录，${VG_NAME}-root 通过df -Th获取需要扩容的文件系统
+# lvextend -l +100%FREE /dev/mapper/${VG_NAME}-root
+# xfs_growfs /dev/mapper/${VG_NAME}-roo
+#
+#
+VG_NAME=sata-data
+# vgcreate ${VG_NAME} /dev/vdb1
+selfpesize=$(vgdisplay ${VG_NAME} | grep 'Total PE' | awk '{print $3}')
+## 大小根据实际情况调整
+lvcreate -l ${selfpesize} -n lvdata ${VG_NAME}

0-archived/1-outside-deploy/1-base-env-shell/3-bootUPk8s.sh

@@ -0,0 +1,235 @@
+#!/usr/bin/env bash
+
+### 需要修改以下的内容  ###
+### 需要修改以下的内容  ###
+### 需要修改以下的内容  ###
+
+# 理论上来说，能访问公网的服务器 用来部署Harbor服务器
+# 所有的主机均可以访问公网的话，填写  除了harbor服务器的 其他所有主机的地址
+PrivateServerIPs=(192.168.8.66 192.168.8.67 192.168.8.68) # 内网服务器的IP地址，不包括可以访问公网IP的服务器
+
+### 需要修改以上的内容  ###
+### 需要修改以上的内容  ###
+### 需要修改以上的内容  ###
+
+RED="31m"    ## 姨妈红
+GREEN="32m"  ## 水鸭青
+YELLOW="33m" ## 鸭屎黄
+PURPLE="35m" ## 基佬紫
+BLUE="36m"   ## 天依蓝
+
+colorEcho() {
+  # shellcheck disable=SC2145
+  echo -e "\033[${1}${@:2}\033[0m" 1>&2
+}
+
+check_root() {
+  if [[ $EUID != 0 ]]; then
+    colorEcho ${RED} "当前非root账号(或没有root权限)，无法继续操作，请更换root账号!"
+    colorEcho ${YELLOW} "使用sudo -命令获取临时root权限（执行后可能会提示输入root密码）"
+    exit 1
+  fi
+}
+
+startFunc(){
+  colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
+  colorEcho ${BLUE} "开始执行 启动RKE集群的操作 ………"
+  echo ""
+
+  colorEcho ${BLUE} "本脚本的运行有一些列的前提依赖，请确定以下的项目都已完成！！！！"
+  colorEcho ${YELLOW} "----------------------------------------------------------"
+  colorEcho ${RED} "1. 完成基础环境初始化，将rke系统镜像均上传至私有Harbor中！"
+  colorEcho ${RED} "2. 配置并修改好 rke集群的模板文件，命名为 cluster.yml !!"
+  colorEcho ${RED} "3. ……"
+  colorEcho ${YELLOW} "----------------------------------------------------------"
+
+  while true; do
+      colorEcho ${RED} "请确保您已经将上述的项目完成！！"
+      read -r -p "请输入yes进行确认，脚本才可继续运行！！" input
+      case $input in
+      yes)
+        colorEcho ${GREEN} "您已确认上述的项目均已完成！！"
+        colorEcho ${GREEN} "----------------------------------------------------------"
+        echo ""
+        colorEcho ${BLUE} "开始执行 RKE集群的启动过程！！！"
+        echo ""
+        main
+        break
+        ;;
+      *)
+        echo ""
+        colorEcho ${RED} "输入有误！！！ 请输入 >> yes << 进行确认"
+        break
+        colorEcho ${RED} "-----------------------------------------------------"
+        echo ""
+        ;;
+      esac
+  done
+}
+
+installRKE(){
+  colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
+  colorEcho ${BLUE} "开始下载并安装 RKE 工具 ………"
+  echo ""
+
+  colorEcho ${BLUE} "开始从rancher镜像下载rke工具……"
+  wget http://rancher-mirror.cnrancher.com/rke/v1.2.6/rke_linux-amd64
+  if [ -s rke_linux-amd64 ]; then
+    colorEcho ${GREEN} "rke工具下载完成！"
+    chmod +x rke_linux-amd64
+    mv ./rke_linux-amd64 /usr/local/bin/rke
+    colorEcho ${GREEN} "----------------------------------------------------------"
+    rke --version
+    colorEcho ${GREEN} "----------------------------------------------------------"
+    rke config --list-version --all
+    echo ""
+    colorEcho ${BLUE} "开始从rancher镜像下载 kubectl 工具……"
+    wget http://rancher-mirror.cnrancher.com/kubectl/v1.20.4/linux-amd64-v1.20.4-kubectl
+    chmod +x linux-amd64-v1.20.4-kubectl
+    mv linux-amd64-v1.20.4-kubectl /usr/local/bin/kubectl
+    colorEcho ${GREEN} "----------------------------------------------------------"
+    kubectl version
+    colorEcho ${GREEN} "----------------------------------------------------------"
+  else
+    colorEcho ${RED} "rke工具下载失败！！！脚本无法继续运行，请手动下载rke工具！"
+    colorEcho ${RED} "rke工具下载失败！！！脚本无法继续运行，请手动下载rke工具！"
+    colorEcho ${RED} "rke工具下载失败！！！脚本无法继续运行，请手动下载rke工具！"
+    return 1
+  fi
+}
+
+createRKEInstallerUser(){
+  colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
+  colorEcho ${BLUE} "开始创建 rke-installer 用户………"
+  echo ""
+  useradd rke-installer
+  echo "rke-installer
+rke-installer
+" | passwd rke-installer
+  #将登陆用户develop加入到docker用户组中
+  gpasswd -a rke-installer docker
+  #更新用户组
+  newgrp docker
+  echo ""
+  if [ -d /home/rke-installer ]; then
+      colorEcho ${GREEN} "rke-installer 用户创建成功！！ "
+      echo ""
+  else
+     colorEcho ${YELLOW} "检测到 rke-installer 用户已经存在"
+  fi
+
+  if [[ -s cluster.yaml || -s cluster.yml ]]; then
+      colorEcho ${BLUE} "开始将 cluster.yaml文件复制到 rke-installer目录下…………"
+      mv cluster.y* /home/rke-installer/cluster.yml
+      if [ -s /home/rke-installer/cluster.yml ]; then
+          colorEcho ${BLUE} "cluster.yml文件已经放置完成！"
+          chown rke-installer:rke-installer /home/rke-installer/cluster.yml
+      else
+          colorEcho ${RED} "当前目录下未检测到 rke集群的模板文件！！"
+          colorEcho ${RED} "程序无法继续，将退出！！"
+          return 1
+      fi
+  else
+      colorEcho ${RED} "当前目录下未检测到 rke集群的模板文件！！"
+      colorEcho ${RED} "程序无法继续，将退出！！"
+      echo ""
+      colorEcho ${YELLOW} "--------------------------------------------------"
+      colorEcho ${RED} "请创建RKE集群的模板文件，并命名为 cluster.yml "
+      colorEcho ${RED} "请创建RKE集群的模板文件，并命名为 cluster.yml "
+      colorEcho ${RED} "请创建RKE集群的模板文件，并命名为 cluster.yml "
+      colorEcho ${YELLOW} "--------------------------------------------------"
+      return 1
+  fi
+
+  colorEcho ${BLUE} "开始切换当前用户至 rke-installer "
+  su rke-installer
+  echo ""
+  colorEcho ${BLUE} "请检查rke-installer用户能否执行 docker ps 命令！！"
+  docker ps
+  colorEcho ${BLUE} "----------------------------------------------------------"
+}
+
+generateRKEUserKey(){
+  colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
+  colorEcho ${BLUE} "开始创建 rke-installer用户的 ssh key ……"
+  echo ""
+  su rke-installer
+  ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
+  cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
+  chmod 600 ~/.ssh/authorized_keys
+  colorEcho ${GREEN} "--------------------------------------------------------------"
+  colorEcho ${GREEN} "-----------本机配置完成！-------------"
+  echo ""
+
+  for ip in "${PrivateServerIPs[@]}"; do
+    colorEcho ${BLUE} "请手动将如下的命令，以 root 权限在主机 ${ip} 上运行"
+    colorEcho ${BLUE} "请手动将如下的命令，以 root 权限在主机 ${ip} 上运行"
+    colorEcho ${BLUE} "请手动将如下的命令，以 root 权限在主机 ${ip} 上运行"
+    colorEcho ${BLUE} "-----------------------------------------------"
+    echo ""
+    echo ""
+    colorEcho ${RED} "                        请以 root 角色 运行！！！                    "
+    colorEcho ${RED} "                        请以 root 角色 运行！！！                    "
+    colorEcho ${RED} "                        请以 root 角色 运行！！！                    "
+    echo ""
+    echo "useradd rke-installer && echo \"rke-installer
+rke-installer
+\" | passwd rke-installer && gpasswd -a rke-installer docker && newgrp docker && su rke-installer && docker ps "
+    echo ""
+    echo "clear && ssh-keygen -t rsa -P \"\" -f ~/.ssh/id_rsa && echo \"$(cat ~/.ssh/id_rsa.pub)\" >> ~/.ssh/authorized_keys && echo \"\" && cat ~/.ssh/authorized_keys"
+    echo ""
+    echo ""
+    while true; do
+      colorEcho ${RED} "请确保您已经将上述的命令在主机${ip}上执行了！！"
+      read -r -p "请输入yes进行确认，脚本才可继续运行！！" input
+      case $input in
+      yes)
+        colorEcho ${GREEN} "您已确认在主机${ip}上添加了私有的ssh key！"
+        echo ""
+        break
+        ;;
+      *)
+        echo ""
+        colorEcho ${RED} "输入有误！！！ 请输入 >> yes << 进行确认"
+        colorEcho ${RED} "请在主机${ip}上执行上述命令！！！"
+        colorEcho ${RED} "否则本脚本的功能会失效！！"
+        colorEcho ${RED} "-----------------------------------------------------"
+        echo ""
+        ;;
+      esac
+    done
+  done
+}
+
+startRKECLuster(){
+  colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
+  colorEcho ${BLUE} "开始 启动 rke集群 ！！！"
+  colorEcho ${BLUE} "开始 启动 rke集群 ！！！"
+  colorEcho ${BLUE} "开始 启动 rke集群 ！！！"
+  echo ""
+  if [[ $(pwd) == "/home/rke-installer" ]]; then
+      colorEcho ${BLUE} "检测到当前目录为 /home/rke-installer"
+      echo ""
+      colorEcho ${BLUE} "开始执行 RKE 集群的启动过程 ！！！"
+      colorEcho ${BLUE} "-------------------------------------------------------------"
+      for i in {3..1..-1}; do
+        colorEcho ${BLUE} "倒计时开始 ->> $i 秒 <<-，准备启动RKE，上文的日志输出将会消失！！"
+        sleep 2
+      done
+      clear
+      rke up
+  else
+    colorEcho ${BLUE} "当前目录不为 /home/rke-installer，开始跳转目录！"
+    cd /home/rke-installer
+    startRKECLuster
+  fi
+}
+
+main(){
+  check_root
+
+  generateRKEUserKey || return $?
+  startRKECLuster || return $?
+}
+
+startFunc

0-archived/1-outside-deploy/1-base-env-shell/kubernetes-admin-user-rbac.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kube-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: admin-user
+    namespace: kube-system
+

0-archived/1-outside-deploy/1-base-env-shell/kubernetes-dashboad.yaml

@@ -0,0 +1,299 @@
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-system
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+    kubernetes.io/cluster-service: "true"
+  name: kubernetes-dashboard
+  namespace: kube-system
+spec:
+  ports:
+    - port: 443
+      targetPort: 8443
+  selector:
+    k8s-app: kubernetes-dashboard
+  type: NodePort
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-certs
+  namespace: kube-system
+type: Opaque
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-csrf
+  namespace: kube-system
+type: Opaque
+data:
+  csrf: ""
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-key-holder
+  namespace: kube-system
+type: Opaque
+
+---
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-settings
+  namespace: kube-system
+
+---
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+rules:
+  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+  - apiGroups: [""]
+    resources: ["secrets"]
+    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
+    verbs: ["get", "update", "delete"]
+    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["kubernetes-dashboard-settings"]
+    verbs: ["get", "update"]
+    # Allow Dashboard to get metrics.
+  - apiGroups: [""]
+    resources: ["services"]
+    resourceNames: ["heapster", "dashboard-metrics-scraper"]
+    verbs: ["proxy"]
+  - apiGroups: [""]
+    resources: ["services/proxy"]
+    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
+    verbs: ["get"]
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+rules:
+  # Allow Metrics Scraper to get metrics from the Metrics server
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["pods", "nodes"]
+    verbs: ["get", "list", "watch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubernetes-dashboard
+subjects:
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kube-system
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-dashboard
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubernetes-dashboard
+subjects:
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kube-system
+
+---
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: kubernetes-dashboard
+  template:
+    metadata:
+      labels:
+        k8s-app: kubernetes-dashboard
+    spec:
+      containers:
+        - name: kubernetes-dashboard
+          image: kubernetesui/dashboard:v2.0.1
+          ports:
+            - containerPort: 8443
+              protocol: TCP
+          args:
+            - --auto-generate-certificates
+            - --namespace=kube-system
+            # Uncomment the following line to manually specify Kubernetes API server Host
+            # If not specified, Dashboard will attempt to auto discover the API server and connect
+            # to it. Uncomment only if the default does not work.
+            # - --apiserver-host=http://my-address:port
+          volumeMounts:
+            - name: kubernetes-dashboard-certs
+              mountPath: /certs
+              # Create on-disk volume to store exec logs
+            - mountPath: /tmp
+              name: tmp-volume
+          livenessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /
+              port: 8443
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 1001
+            runAsGroup: 2001
+      volumes:
+        - name: kubernetes-dashboard-certs
+          secret:
+            secretName: kubernetes-dashboard-certs
+        - name: tmp-volume
+          emptyDir: {}
+      serviceAccountName: kubernetes-dashboard
+      # Comment the following tolerations if Dashboard must not be deployed on master
+      tolerations:
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  labels:
+    k8s-app: dashboard-metrics-scraper
+  name: dashboard-metrics-scraper
+  namespace: kube-system
+spec:
+  ports:
+    - port: 8000
+      targetPort: 8000
+  selector:
+    k8s-app: dashboard-metrics-scraper
+
+---
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  labels:
+    k8s-app: dashboard-metrics-scraper
+  name: dashboard-metrics-scraper
+  namespace: kube-system
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: dashboard-metrics-scraper
+  template:
+    metadata:
+      labels:
+        k8s-app: dashboard-metrics-scraper
+      annotations:
+        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
+    spec:
+      containers:
+        - name: dashboard-metrics-scraper
+          image: kubernetesui/metrics-scraper:v1.0.4
+          ports:
+            - containerPort: 8000
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              scheme: HTTP
+              path: /
+              port: 8000
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+          volumeMounts:
+            - mountPath: /tmp
+              name: tmp-volume
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 1001
+            runAsGroup: 2001
+      serviceAccountName: kubernetes-dashboard
+      # Comment the following tolerations if Dashboard must not be deployed on master
+      tolerations:
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+      volumes:
+        - name: tmp-volume
+          emptyDir: {}

0-archived/1-outside-deploy/1-base-env-shell/kubernetes-images-2.5.7-1.18.6.txt

@@ -0,0 +1,64 @@
+busybox
+rancher/backup-restore-operator:v1.0.3
+rancher/calico-cni:v3.13.4
+rancher/calico-ctl:v3.13.4
+rancher/calico-kube-controllers:v3.13.4
+rancher/calico-node:v3.13.4
+rancher/calico-pod2daemon-flexvol:v3.13.4
+rancher/cis-operator:v1.0.3
+rancher/cluster-proportional-autoscaler:1.7.1
+rancher/configmap-reload:v0.3.0-rancher4
+rancher/coredns-coredns:1.6.9
+rancher/coreos-etcd:v3.4.3-rancher1
+rancher/coreos-flannel:v0.12.0
+rancher/coreos-flannel:v0.13.0-rancher1
+rancher/coreos-kube-state-metrics:v1.9.7
+rancher/coreos-prometheus-config-reloader:v0.39.0
+rancher/coreos-prometheus-operator:v0.39.0
+rancher/externalip-webhook:v0.1.6
+rancher/flannel-cni:v0.3.0-rancher6
+rancher/fleet-agent:v0.3.4
+rancher/fleet:v0.3.4
+rancher/fluentd:v0.1.24
+rancher/grafana-grafana:7.1.5
+rancher/hyperkube:v1.18.16-rancher1
+rancher/jimmidyson-configmap-reload:v0.3.0
+rancher/k8s-dns-dnsmasq-nanny:1.15.2
+rancher/k8s-dns-kube-dns:1.15.2
+rancher/k8s-dns-node-cache:1.15.7
+rancher/k8s-dns-sidecar:1.15.2
+rancher/klipper-lb:v0.1.2
+rancher/kube-api-auth:v0.1.4
+rancher/kubectl:v1.18.6
+rancher/kubernetes-external-dns:v0.7.3
+rancher/library-busybox:1.31.1
+rancher/library-busybox:1.32.1
+rancher/library-nginx:1.19.2-alpine
+rancher/library-traefik:1.7.19
+rancher/local-path-provisioner:v0.0.11
+rancher/local-path-provisioner:v0.0.14
+rancher/local-path-provisioner:v0.0.19
+rancher/log-aggregator:v0.1.7
+rancher/istio-kubectl:1.5.10
+rancher/metrics-server:v0.3.6
+rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1
+rancher/nginx-ingress-controller:nginx-0.35.0-rancher2
+rancher/opa-gatekeeper:v3.1.0-beta.7
+rancher/openzipkin-zipkin:2.14.2
+rancher/pause:3.1
+rancher/plugins-docker:18.09
+rancher/prom-alertmanager:v0.21.0
+rancher/prom-node-exporter:v1.0.1
+rancher/prom-prometheus:v2.12.0
+rancher/prom-prometheus:v2.18.2
+rancher/prometheus-auth:v0.2.1
+rancher/rancher-agent:v2.5.7
+rancher/rancher-webhook:v0.1.0-beta9
+rancher/rancher:v2.5.7
+rancher/rke-tools:v0.1.72
+rancher/security-scan:v0.1.14
+rancher/security-scan:v0.2.2
+rancher/shell:v0.1.6
+rancher/sonobuoy-sonobuoy:v0.16.3
+rancher/system-upgrade-controller:v0.6.2
+

0-archived/1-outside-deploy/1-base-env-shell/middleware-images.txt

@@ -0,0 +1,18 @@
+docker.io/bitnami/redis:6.2.6-debian-10-r0
+docker.io/bitnami/mysql:8.0.26-debian-10-r0
+docker.io/bitnami/bitnami-shell:10-debian-10-r140
+docker.io/bitnami/rabbitmq:3.9.12-debian-10-r3
+docker.io/bitnami/minio:2021.3.26-debian-10-r0
+docker.io/ossrs/srs:v4.0.136
+docker.io/emqx/emqx:4.2.12
+docker.io/nacos/nacos-server:2.0.1
+docker.io/mongo:5.0
+docker.io/rabbitmq:3.7-management
+docker.io/v2fly/v2fly-core:v4.38.3
+docker.io/pollyduan/ingress-nginx-controller:v0.44.0
+docker.io/jettech/kube-webhook-certgen:v1.5.1
+docker.io/minio/minio:RELEASE.2022-03-26T06-49-28Z
+docker.io/minio/minio:RELEASE.2022.5.4
+docker.io/ossrs/srs:v4.0-b9
+docker.io/kubernetesui/dashboard:v2.0.1
+docker.io/kubernetesui/metrics-scraper:v1.0.4

0-archived/1-outside-deploy/1-base-env-shell/rke-cluster.yml

@@ -0,0 +1,252 @@
+nodes:
+  - address: 192.168.8.65
+    user: rke-installer
+    role:
+      - controlplane
+      - etcd
+      - worker
+    internal_address: 192.168.8.65
+  - address: 192.168.8.66
+    user: rke-installer
+    role:
+      - worker
+    labels:
+      ingress-deploy: true
+    internal_address: 192.168.8.66
+  - address: 192.168.8.67
+    user: rke-installer
+    role:
+      - worker
+    internal_address: 192.168.8.67
+    labels:
+      mysql-deploy: true
+  - address: 192.168.8.68
+    user: rke-installer
+    role:
+      - worker
+    internal_address: 192.168.8.68
+    labels:
+      minio-deploy: true
+
+authentication:
+  strategy: x509
+  sans:
+    - "192.168.8.6"
+
+private_registries:
+  - url: 192.168.8.65:8033 # 私有镜像库地址
+    user: admin
+    password: "V2ryStr@ngPss"
+    is_default: true
+
+##############################################################################
+
+# 默认值为false，如果设置为true，当发现不支持的Docker版本时，RKE不会报错
+ignore_docker_version: true
+
+# Set the name of the Kubernetes cluster
+cluster_name: rke-cluster
+
+kubernetes_version: v1.20.4-rancher1-1
+
+ssh_key_path: /home/rke-installer/.ssh/id_rsa
+
+# Enable running cri-dockerd
+# Up to Kubernetes 1.23, kubelet contained code called dockershim
+# to support Docker runtime. The replacement is called cri-dockerd
+# and should be enabled if you want to keep using Docker as your
+# container runtime
+# Only available to enable in Kubernetes 1.21 and higher
+enable_cri_dockerd: true
+
+
+services:
+  etcd:
+    backup_config:
+      enabled: false
+      interval_hours: 72
+      retention: 3
+      safe_timestamp: false
+      timeout: 300
+    creation: 12h
+    extra_args:
+        election-timeout: 5000
+        heartbeat-interval: 500
+    gid: 0
+    retention: 72h
+    snapshot: false
+    uid: 0
+
+  kube-api:
+    # IP range for any services created on Kubernetes
+    # This must match the service_cluster_ip_range in kube-controller
+    service_cluster_ip_range: 10.74.0.0/16
+    # Expose a different port range for NodePort services
+    service_node_port_range: 30000-40000
+    always_pull_images: true
+    pod_security_policy: false
+    # Add additional arguments to the kubernetes API server
+    # This WILL OVERRIDE any existing defaults
+    extra_args:
+      # Enable audit log to stdout
+      audit-log-path: "-"
+      # Increase number of delete workers
+      delete-collection-workers: 3
+      # Set the level of log output to warning-level
+      v: 1
+  kube-controller:
+    # CIDR pool used to assign IP addresses to pods in the cluster
+    cluster_cidr: 10.100.0.0/16
+    # IP range for any services created on Kubernetes
+    # This must match the service_cluster_ip_range in kube-api
+    service_cluster_ip_range: 10.74.0.0/16
+    # Add additional arguments to the kubernetes API server
+    # This WILL OVERRIDE any existing defaults
+    extra_args:
+      # Set the level of log output to debug-level
+      v: 1
+      # Enable RotateKubeletServerCertificate feature gate
+      feature-gates: RotateKubeletServerCertificate=true
+      # Enable TLS Certificates management
+      # https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
+      cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem"
+      cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"
+  kubelet:
+    # Base domain for the cluster
+    cluster_domain: cluster.local
+    # IP address for the DNS service endpoint
+    cluster_dns_server: 10.74.0.10
+    # Fail if swap is on
+    fail_swap_on: false
+    # Set max pods to 250 instead of default 110
+    extra_binds:
+      - "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加
+    extra_args:
+      max-pods: 122
+    # Optionally define additional volume binds to a service
+  scheduler:
+    extra_args:
+      # Set the level of log output to warning-level
+      v: 0
+  kubeproxy:
+    extra_args:
+      # Set the level of log output to warning-level
+      v: 0
+
+authorization:
+  mode: rbac
+
+addon_job_timeout: 30
+
+# Specify network plugin-in (canal, calico, flannel, weave, or none)
+#network:
+#  mtu: 1440
+#  options:
+#    flannel_backend_type: vxlan
+#  plugin: calico
+#  tolerations:
+#    - key: "node.kubernetes.io/unreachable"
+#      operator: "Exists"
+#      effect: "NoExecute"
+#      tolerationseconds: 300
+#    - key: "node.kubernetes.io/not-ready"
+#      operator: "Exists"
+#      effect: "NoExecute"
+#      tolerationseconds: 300
+
+network:
+  options:
+    flannel_backend_type: vxlan
+    flannel_iface: eth0
+    flannel_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
+    flannel_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
+  plugin: flannel
+  tolerations:
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationseconds: 300
+    - key: "node.kubernetes.io/not-ready"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationseconds: 300
+
+# Specify DNS provider (coredns or kube-dns)
+dns:
+  provider: coredns
+  nodelocal:
+    ip_address: '10.74.0.99'
+    node_selector: null
+    update_strategy:
+  # Available as of v1.1.0
+  update_strategy:
+    strategy: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 20%
+      maxSurge: 15%
+    linear_autoscaler_params:
+      cores_per_replica: 0.34
+      nodes_per_replica: 4
+      prevent_single_point_failure: true
+      min: 2
+      max: 3
+  tolerations:
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationseconds: 300
+    - key: "node.kubernetes.io/not-ready"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationseconds: 300
+
+# Specify monitoring provider (metrics-server)
+monitoring:
+  provider: metrics-server
+  # Available as of v1.1.0
+  update_strategy:
+    strategy: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 8
+
+ingress:
+  provider: nginx
+  default_backend: true
+  http_port: 30500
+  https_port: 31500
+  extra_envs:
+    - name: TZ
+      value: Asia/Shanghai
+  node_selector:
+    ingress-deploy: true
+  options:
+    use-forwarded-headers: "true"
+    access-log-path: /var/log/nginx/access.log
+    client-body-timeout: '6000'
+    compute-full-forwarded-for: 'true'
+    enable-underscores-in-headers: 'true'
+    log-format-escape-json: 'true'
+    log-format-upstream: >-
+      { "msec": "$msec", "connection": "$connection", "connection_requests":
+      "$connection_requests", "pid": "$pid", "request_id": "$request_id",
+      "request_length": "$request_length", "remote_addr": "$remote_addr",
+      "remote_user": "$remote_user", "remote_port": "$remote_port",
+      "http_x_forwarded_for": "$http_x_forwarded_for", "time_local":
+      "$time_local", "time_iso8601": "$time_iso8601", "request": "$request",
+      "request_uri": "$request_uri", "args": "$args", "status": "$status",
+      "body_bytes_sent": "$body_bytes_sent", "bytes_sent": "$bytes_sent",
+      "http_referer": "$http_referer", "http_user_agent": "$http_user_agent",
+      "http_host": "$http_host", "server_name": "$server_name", "request_time":
+      "$request_time", "upstream": "$upstream_addr", "upstream_connect_time":
+      "$upstream_connect_time", "upstream_header_time": "$upstream_header_time",
+      "upstream_response_time": "$upstream_response_time",
+      "upstream_response_length": "$upstream_response_length",
+      "upstream_cache_status": "$upstream_cache_status", "ssl_protocol":
+      "$ssl_protocol", "ssl_cipher": "$ssl_cipher", "scheme": "$scheme",
+      "request_method": "$request_method", "server_protocol": "$server_protocol",
+      "pipe": "$pipe", "gzip_ratio": "$gzip_ratio", "http_cf_ray": "$http_cf_ray",
+      "geoip_country_code": "$geoip_country_code" }
+    proxy-body-size: 5120m
+    proxy-read-timeout: '6000'
+    proxy-send-timeout: '6000'
+

0-archived/1-outside-deploy/1.json

@@ -1,8 +1,8 @@
-server {
-  listen 30080 default;
-  location /rtc/v1/ {
-  add_header Access-Control-Allow-Headers X-Requested-With;
-  add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
-  proxy_pass http://localhost:30985/rtc/v1/;
-}
-}
+server {
+  listen 30080 default;
+  location /rtc/v1/ {
+  add_header Access-Control-Allow-Headers X-Requested-With;
+  add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
+  proxy_pass http://localhost:30985/rtc/v1/;
+}
+}

0-archived/1-outside-deploy/2-helm-chart/.helmignore

@@ -0,0 +1,26 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+.vscode/
+charts/frontend-app/templates/traefik.yaml
+charts/all-middleware/charts/rabbitmq-backup
+charts/minio-pv
+charts/minio-storage

0-archived/1-outside-deploy/2-helm-chart/2.yaml

@@ -0,0 +1,17 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-logistic-application
+  namespace: uavcloud-devflight
+  labels:
+    app.kubernetes.io/managed-by: Helm
+data:
+  ingress-config.js: |-
+    // 从ConfigMap中注入
+    // injected from ConfigMap
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "devflight",
+      CloudHOST: "lab.uavcmlc.com",
+      ApplicationShortName: "logistic",
+      AppClientId: "APP_PvdfRRRBPL8xbIwl"
+    }

0-archived/1-outside-deploy/2-helm-chart/charts/all-ingress-config/templates/configmap.yaml

@@ -0,0 +1,51 @@
+{{- if .Values.enabled }}
+  {{- $namespace := .Release.Namespace -}}
+  {{- $TenantEnvironment := .Values.global.domain.TenantEnvironment -}}
+  {{- $DeployDomainName := .Values.global.domain.DeployDomainName -}}
+  {{- $IsPrivateDeployment := .Values.global.domain.IsPrivateDeployment -}}
+  {{- range $applicationName, $values := .Values.frontendApplication.manifest }}
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  {{- if eq $values.shortname "" }}
+  name: tenant-prefix-platform
+  {{- else }}
+  name: tenant-prefix-{{ $values.shortname }}
+  {{- end }}
+  namespace: {{ $namespace }}
+data:
+  ingress-config.js: |-
+    // 从ConfigMap中注入
+    // injected from ConfigMap
+    var __GlobalIngressConfig = {
+    {{- if $IsPrivateDeployment }}
+      TenantEnvironment: "",
+    {{- else }}
+      TenantEnvironment: {{ $TenantEnvironment | quote -}},
+    {{- end }}
+      CloudHOST: {{ $DeployDomainName | quote -}},
+    {{- if not (contains "appli" $values.shortname ) }}
+    {{- /* short name not contains application, judge for situations */}}
+    {{- if contains "cms-portal" $values.shortname }}
+        ApplicationShortName: "cmsportal",
+    {{- else if contains "-rescue" $values.shortname }}
+        ApplicationShortName: {{ trimSuffix "-rescue" $values.shortname | quote -}},
+    {{- else if contains "screen" $values.shortname }}
+        ApplicationShortName: {{ trimSuffix "-screen" $values.shortname | quote -}},
+    {{- else }}
+      ApplicationShortName: {{ $values.shortname | quote }},
+    {{- end }}
+    {{- else }}
+      ApplicationShortName: {{ trimSuffix "-application" $values.shortname | quote -}},
+    {{- end }}
+    {{- range $appShortNamePlusTenantEnv, $appClientId := $values}}
+    {{- $realApplicationNamePlusTenantEnv := cat $values.shortname $TenantEnvironment | replace " " "-" }}
+    {{- if hasPrefix $appShortNamePlusTenantEnv $realApplicationNamePlusTenantEnv }}
+      AppClientId: {{ $appClientId | quote }}
+    {{- end }}
+    {{- end }}
+    }
+---
+{{- end }}
+  {{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-ingress-config/templates/ingress-frontend.yaml

@@ -0,0 +1,121 @@
+{{- if and .Values.enabled .Values.frontendApplication.enabled }}
+  {{- $namespace := .Release.Namespace -}}
+  {{- $TenantEnvironment  := .Values.global.domain.TenantEnvironment -}}
+  {{- $DeployDomainName := ternary (first (regexSplit ":" .Values.global.domain.DeployDomainName -1)) ( .Values.global.domain.DeployDomainName ) (contains ":" .Values.global.domain.DeployDomainName) -}}
+  {{- $IsPrivateDeployment := .Values.global.domain.IsPrivateDeployment -}}
+  {{- $scope := $ -}}
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: frontend-applications-ingress
+  namespace: {{ $namespace }}
+  labels:
+    type: {{ .Values.frontendApplication.type }}
+    accessmode: {{ $.Values.frontendApplication.accessmode }}
+    helm.sh/chart: {{ include "all-ingress.name" $scope }}
+    app.kubernetes.io/managed-by: {{ $.Release.Service }}
+    {{- if $.Values.global.image.tag }}
+    app.kubernetes.io/version: {{ $.Values.global.image.tag | quote }}
+  {{- end }}
+  annotations:
+    {{- include "all-ingress.frontend.commom.annotations" $scope | nindent 4 }}
+    {{- if .Values.global.ingress.tls_enabled  }}
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/permanent-redirect-code: '301'
+    {{- end }}
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      {{- range $applicationName, $values := .Values.frontendApplication.manifest }}
+      {{- if $IsPrivateDeployment }}
+      {{- if eq $values.shortname "" }}
+      {{- /*  主域名的情况, 域名改造  */}}
+      rewrite ^(/green)$ $1/ redirect;
+      rewrite ^(/supervision)$ $1/ redirect;
+      rewrite ^(/inspection)$ $1/ redirect;
+      rewrite ^(/pangu)$ $1/ redirect;
+      {{- /*  主域名的情况, 域名改造 end end end */}}
+      {{- else if not (contains "appli" $values.shortname) }}
+      {{- /*  特殊短域名的情况   */}}
+      {{- /* short name not contains application, judge for situations */}}
+      {{- if contains "-portal" $values.shortname}}
+      rewrite ^(/cmsportal)$ $1/ redirect;
+      {{- else if contains "-rescue" $values.shortname }}
+      rewrite ^(/{{ trimSuffix "-rescue" $values.shortname }})$ $1/ redirect;
+      {{- else if contains "screen" $values.shortname }}
+      rewrite ^(/ {{ trimSuffix "-screen" $values.shortname }})$ $1/ redirect;
+      {{- else }}
+      {{- /*  没有特殊规则的域名 全部会出现在这里    */}}
+      rewrite ^(/{{ $values.shortname }})$ $1/ redirect;
+      {{- end }}
+      {{- else if  (contains "appli" $values.shortname) }}
+      rewrite ^(/{{ trimSuffix "-application" $values.shortname }})$ $1/ redirect;
+      {{- else }}
+      {{- /*  备份一下 以防万一    */}}
+      rewrite ^(/{{ $values.shortname }})$ $1/ redirect;
+      {{- end }}
+      {{- else }}
+      {{- if eq $values.shortname "" }}
+      rewrite ^(/{{- $TenantEnvironment -}})$ $1/ redirect;
+      {{- else }}
+      rewrite ^(/{{- cat $TenantEnvironment $values.shortname | replace " " "/" -}})$ $1/ redirect;
+      {{- end }}
+      {{- end }}
+  {{- end }}
+spec:
+  rules:
+    - host: {{ $DeployDomainName }}
+      http:
+        paths:
+          {{- /* 域名改造, add for demo  */}}
+          - path: /inspection/?(.*)
+            pathType: ImplementationSpecific
+            backend:
+              serviceName: cmii-uav-platform
+              servicePort: 9528
+          - path: /supervision/?(.*)
+            pathType: ImplementationSpecific
+            backend:
+              serviceName: cmii-uav-platform
+              servicePort: 9528
+          - path: /green/?(.*)
+            pathType: ImplementationSpecific
+            backend:
+              serviceName: cmii-uav-platform
+              servicePort: 9528
+          - path: /pangu/?(.*)
+            pathType: ImplementationSpecific
+            backend:
+              serviceName: cmii-uav-platform
+              servicePort: 9528
+          {{- /* 域名改造, end end end  */}}
+          {{- range $applicationName, $values := .Values.frontendApplication.manifest }}
+          {{- if $IsPrivateDeployment }}
+          {{- if eq $values.shortname ""}}
+          - path: /?(.*)
+          {{- else if (contains "appli" $values.shortname) }}
+          - path: /{{ trimSuffix "-application" $values.shortname }}/?(.*)
+          {{- else }}
+          - path: /{{ $values.shortname }}/?(.*)
+          {{- end }}
+          {{- else }}
+          {{- if eq $values.shortname ""}}
+          - path: /{{ $TenantEnvironment }}/?(.*)
+          {{- else if  not (contains "appli" $values.shortname) }}
+          - path: /{{ $TenantEnvironment }}/{{ trimSuffix "-application" $values.shortname }}/?(.*)
+          {{- else }}
+          - path: /{{- cat $TenantEnvironment $values.shortname | replace " " "/" -}}/?(.*)
+            {{- end }}
+            {{- end }}
+            pathType: ImplementationSpecific
+            backend:
+              serviceName: {{ $applicationName }}
+              servicePort: 9528
+  {{- end }}
+  {{- if .Values.global.ingress.tls_enabled  }}
+  tls:
+    - hosts:
+        - {{ $DeployDomainName }}
+    - secretName: {{ $DeployDomainName | quote }}
+  {{- end }}
+  {{- end }}
+

0-archived/1-outside-deploy/2-helm-chart/charts/all-ingress-config/values.yaml

@@ -0,0 +1,156 @@
+# Default values for uavcloud-ingress-core.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+  domain:
+    DeployDomainName: "lab.uavcmlc.com:31500" # will be overridden by upper values
+    TenantEnvironment: "outside" # please don't modify this, unless you know what you are doing
+    IsPrivateDeployment: true  # please don't modify this, unless you know what you are doing
+  ingress:
+    tls_enabled: false
+
+enabled: true
+
+frontendApplication:
+  enabled: true
+  type: frontend
+  accessmode: public
+  manifest:
+    # AppFullName vs AppShortName for frontend applications
+    cmii-uav-platform:
+      shortname: ""
+    cmii-uav-platform-ai-brain:
+      shortname: "ai-brain"
+      ai-brain-dev: APP_i6mlNKODBo42OIVn
+      ai-brain-test: APP_0BF17ayVaSpY89O4
+      ai-brain-feature: APP_0BF17ayVaSpY89O4
+      ai-brain-devbase: APP_0BF17ayVaSpY89O4
+      ai-brain-uat: APP_kZeiSXxg9qZxj6ue
+      ai-brain-demo: APP_rafnuCAmBESIVYMH
+      ai-brain-outside: APP_rafnuCAmBESIVYMH # this is actually outside works, copy from demo
+    cmii-uav-platform-hyperspectral:
+      shortname: "hyper"
+      hyper-dev: APP_CN713PC4qwViGj1d
+      hyper-test: APP_xtN9XF2L1J4IRHaB
+      hyper-devbase: APP_xtN9XF2L1J4IRHaB
+      hyper-feature: APP_xtN9XF2L1J4IRHaB
+      hyper-uat: APP_OT4l1kYrzWT4tiif
+      hyper-demo: APP_xbMkKdsbsbv8SH4w
+      hyper-outside: APP_xbMkKdsbsbv8SH4w # this is actually outside works, copy from demo
+    cmii-uav-platform-mws:
+      shortname: "mws"
+      mws-dev: APP_4lVSVI0ZGxTssir8
+      mws-test: APP_MEeBJHp1fSVD1Wuw
+      mws-devbase: APP_MEeBJHp1fSVD1Wuw
+      mws-feature: APP_MEeBJHp1fSVD1Wuw
+      mws-uat: APP_U4GEiHutGQL5prSP
+      mws-demo: APP_uKniXPELlRERBBwK
+      mws-outside: APP_uKniXPELlRERBBwK # this is actually outside works, copy from demo
+    cmii-uav-platform-mws-admin:
+      shortname: "mws-admin"
+    cmii-uav-platform-oms:
+      shortname: "oms"
+    cmii-uav-platform-cms:
+      shortname: "cms"
+    cmii-uav-platform-cms-portal:
+      shortname: "cmsportal"
+    cmii-uav-platform-open:
+      shortname: "open"
+    cmii-uav-platform-splice:
+      shortname: "splice"
+      splice-dev: APP_bYdlPsBBIncZdaYR
+      splice-test: APP_l4HIMixfIXhlCTi9
+      splice-devbase: APP_l4HIMixfIXhlCTi9
+      splice-feature: APP_l4HIMixfIXhlCTi9
+      splice-uat: APP
+      splice-demo: APP_zE0M3sTRXrCIJS8Y
+      splice-outside: APP_zE0M3sTRXrCIJS8Y  # this is actually outside works, copy from demo
+    cmii-uav-platform-splice-visual:
+      shortname: "splice-visual"
+    cmii-uav-platform-detection:
+      shortname: "detection"
+      detectiondemo: APP_FDHW2VLVDWPnnOCy
+      detection-outside: APP_FDHW2VLVDWPnnOCy  # this is actually outside works, copy from demo
+    cmii-uav-platform-security:
+      shortname: "security"
+      security-demo: APP_JUSEMc7afyWXxvE7
+      security-outside: APP_JUSEMc7afyWXxvE7  # this is actually outside works, copy from demo
+    cmii-uav-platform-visualization:
+      shortname: "visualization"
+      visualization-demo: APP_Jc8i2wOQ1t73QEJS
+      visualization-outside: APP_Jc8i2wOQ1t73QEJS  # this is actually outside works, copy from demo
+    cmii-uav-platform-logistics:
+      shortname: "logistics"
+      logistics-demo: APP_PvdfRRRBPL8xbIwl
+      logistics-outside: APP_PvdfRRRBPL8xbIwl
+    cmii-uav-platform-share:
+      shortname: "share"
+      share-demo: APP_4lVSVI0ZGxTssir8
+      share-outside: APP_4lVSVI0ZGxTssir8
+    cmii-uav-platform-base:
+      shortname: "base"
+      base-demo: APP_9LY41OaKSqk2btY0
+      base-outside: APP_9LY41OaKSqk2btY0 # this is actually outside works, copy from demo
+    cmii-uav-platform-traffic-screen:
+      shortname: "traffic"
+      traffic-demo: APP_PvdfRRRBPL8xbIwl
+      traffic-outside: APP_PvdfRRRBPL8xbIwl
+    cmii-uav-platform-emergency-rescue:
+      shortname: "emergency"
+      emergency-demo: APP_aGsTAY1uMZrpKdfk
+      emergency-outside: APP_aGsTAY1uMZrpKdfk
+
+
+backendApplication:
+  enabled: true
+  type: backend
+  # this ingress is for swagger url, CI/CD url,they can only be accessed only by internal network
+  accessmode: internal
+  manifest:
+    # all backend applications
+    cmii-admin-data: false
+    cmii-admin-user: false
+    cmii-uav-airspace: false
+    cmii-uav-brain: false
+    cmii-uav-clusters: false
+    cmii-uav-data-post-process: false
+    cmii-uav-developer: false
+    cmii-uav-device: false
+    cmii-uav-kpi-monitor: false
+    cmii-uav-live: false
+    cmii-uav-logger: false
+    cmii-uav-mission: false
+    cmii-uav-monitor: false
+    cmii-uav-mqtthandler: false
+    cmii-uav-notice: false
+    cmii-uav-oauth: false
+    cmii-uav-process: false
+    cmii-uav-security-system: false
+    cmii-uav-surveillance: false
+    cmii-uav-user: false
+    cmii-uav-waypoint: false
+    cmii-uav-cms: false
+    cmii-uav-industrial-portfolio: false
+    cmii-project-minio: false
+    cmii-uav-material-warehouse: false
+    cmii-uav-gateway: false
+    cmii-open-gateway: false
+    cmii-admin-gateway: false
+
+apiGatewayApplication:
+  enabled: true
+  type: "api-gateway"
+  # this ingress is for apis and gateways
+  accessmode: pulic
+  manifest:
+    # all applications need to expose api/gateway to public network
+    #    cmii-project-minio: false # deprecated
+    cmii-uav-material-warehouse: true
+    cmii-uav-gateway: false
+    cmii-open-gateway: false
+    cmii-admin-gateway: false
+
+
+
+
+

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/common/templates/_labels.tpl

@@ -0,0 +1,58 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Kubernetes standard labels
+*/}}
+{{- define "common.labels.middleware.minio" -}}
+{{ include "common.labels.standard.middleware" . }}
+cmii.app: minio
+{{- end -}}
+
+{{- define "common.labels.matchLabels.minio" -}}
+{{ include "common.labels.matchLabels.middleware" . }}
+cmii.app: minio
+{{- end -}}
+
+{{- define "common.labels.middleware.mysql" -}}
+{{ include "common.labels.standard.middleware" . }}
+cmii.app: mysql
+{{- end -}}
+
+{{- define "common.labels.matchLabels.mysql" -}}
+{{ include "common.labels.matchLabels.middleware" . }}
+cmii.app: mysql
+{{- end -}}
+
+{{- define "common.labels.middleware.redis" -}}
+{{ include "common.labels.standard.middleware" . }}
+cmii.app: redis
+{{- end -}}
+
+{{- define "common.labels.matchLabels.redis" -}}
+{{ include "common.labels.matchLabels.middleware" . }}
+cmii.app: redis
+{{- end -}}
+
+{{- define "common.labels.standard.middleware" -}}
+{{ include "common.labels.standard" . }}
+cmii.type: middleware
+{{- end -}}
+
+{{- define "common.labels.matchLabels.middleware" -}}
+{{ include "common.labels.matchLabels" . }}
+cmii.type: middleware
+{{- end -}}
+
+{{- define "common.labels.standard" -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}
+helm.sh/chart: {{ include "common.names.chart" . }}
+app.kubernetes.io/release: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Chart.Name }}
+{{- end -}}
+
+{{/*
+Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
+*/}}
+{{- define "common.labels.matchLabels" -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}
+app.kubernetes.io/release: {{ .Release.Name }}
+{{- end -}}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/cluster/statefulset-cluster.yaml

@@ -0,0 +1,94 @@
+{{- if .Values.enabled.clusterMode  }}
+{{- $namespace := .Release.Namespace -}}
+{{- $applicationName := .Values.appName.clusterMode -}}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ $applicationName }}
+  namespace: {{ $namespace }}
+  labels:
+    {{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicas.clusterMode }}
+  serviceName: {{ $applicationName }}-headless
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      {{- include "uavcloud-middleware.emqx.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 8 }}
+    spec:
+      {{- if .Values.global.affinity }}
+      affinity: {{- include "common.tplvalues.render" (dict "value" .Values.global.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        {{- /*        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAffinityPreset "context" $) | nindent 10 -}}*/}}
+        {{- /*        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAntiAffinityPreset "context" $) | nindent 10 }}*/}}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.global.nodeAffinityPreset.type "key" .Values.global.nodeAffinityPreset.key "values" .Values.global.nodeAffinityPreset.values) | nindent 10 -}}
+      {{- end }}
+      serviceAccountName: {{ $applicationName }}
+      containers:
+        - name: {{ $applicationName }}
+          image: "{{ .Values.global.image.repository | default .Values.image.repository }}/emqx:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.global.image.pullPolicy }}
+          ports:
+            - name: mqtt
+              containerPort: {{ .Values.containerPort.mqtt }}
+            - name: mqttssl
+              containerPort: {{ .Values.containerPort.mqttssl }}
+            - name: mgmt
+              containerPort: {{ .Values.containerPort.mgmt }}
+            - name: ws
+              containerPort: {{ .Values.containerPort.websocket }}
+            - name: wss
+              containerPort: {{ .Values.containerPort.wss }}
+            - name: dashboard
+              containerPort: {{ .Values.containerPort.dashboard }}
+            - name: ekka
+              containerPort: 4370
+          envFrom:
+            - configMapRef:
+                name: {{ $applicationName }}-env
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          readinessProbe:
+            httpGet:
+              path: /status
+              port: {{ .Values.containerPort.mgmt | default 8081 }}
+            initialDelaySeconds: 5
+            periodSeconds: 5
+          volumeMounts:
+            - name: emqx-data
+              mountPath: "/opt/emqx/data/mnesia"
+              readOnly: false
+            - name: {{ $applicationName }}-cm
+              mountPath: "/opt/emqx/etc/plugins/emqx_auth_username.conf"
+              subPath: emqx_auth_username.conf
+              readOnly: false
+            - name: {{ $applicationName }}-cm
+              mountPath: "/opt/emqx/etc/acl.conf"
+              subPath: "acl.conf"
+              readOnly: false
+            - name: {{ $applicationName }}-cm
+              mountPath: "/opt/emqx/data/loaded_plugins"
+              subPath: loaded_plugins
+              readOnly: false
+      volumes:
+        - name: emqx-data
+          persistentVolumeClaim:
+            claimName: helm-emqxs
+        - name: {{ $applicationName }}-cm
+          configMap:
+            name: {{ $applicationName }}-cm
+            items:
+              - key: emqx_auth_username.conf
+                path: emqx_auth_username.conf
+              - key: acl.conf
+                path: acl.conf
+              - key: loaded_plugins
+                path: loaded_plugins
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/templates/standalone/statefulset.yaml

@@ -0,0 +1,82 @@
+{{- if and .Values.enabled.standaloneMode (not .Values.enabled.clusterMode) }}
+{{- $namespace := .Release.Namespace -}}
+{{- $applicationName := .Values.appName.standaloneMode -}}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ $applicationName }}
+  namespace: {{ $namespace }}
+  labels:
+    {{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 4 }}
+spec:
+  serviceName: {{ $applicationName }}
+  replicas: {{ .Values.replicas.standaloneMode }}
+  selector:
+    matchLabels:
+      {{- include "uavcloud-middleware.emqx.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "uavcloud-middleware.emqx.labels.standard" . | nindent 8 }}
+      annotations:
+        pod.alpha.kubernetes.io/initialized: "true"
+    spec:
+      {{- if .Values.global.affinity }}
+      affinity: {{- include "common.tplvalues.render" (dict "value" .Values.global.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        {{- /*        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAffinityPreset "context" $) | nindent 10 -}}*/}}
+        {{- /*        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAntiAffinityPreset "context" $) | nindent 10 }}*/}}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.global.nodeAffinityPreset.type "key" .Values.global.nodeAffinityPreset.key "values" .Values.global.nodeAffinityPreset.values) | nindent 10 -}}
+      {{- end }}
+      containers:
+        - name: {{ $applicationName }}
+          image: "{{ .Values.global.image.repository | default .Values.image.repository }}/emqx:{{ .Values.image.tag }}"
+          securityContext:
+            privileged: true
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          ports:
+            - containerPort: {{ .Values.containerPort.mqtt }}
+              name: mqtt
+              protocol: TCP
+            - containerPort: {{ .Values.containerPort.dashboard }}
+              name: dashboard
+              protocol: TCP
+            - containerPort: {{ .Values.containerPort.websocket }}
+              name: mqtt-websocket
+              protocol: TCP
+          volumeMounts:
+            - name: {{ $applicationName }}-plugins
+              mountPath: /opt/emqx/data/loaded_plugins
+              subPath: loaded_plugins
+            - name: {{ $applicationName }}-auth
+              mountPath: /opt/emqx/etc/plugins/emqx_auth_username.conf
+              subPath: emqx_auth_username.conf
+            - name: emqx-data
+              mountPath: /opt/emqx/data/emqx_erl_pipes
+              readOnly: false
+              subPath: {{ $namespace }}/{{ $applicationName }}/data
+            - name: emqx-data
+              mountPath: /opt/emqx/log
+              readOnly: false
+              subPath: {{ $namespace }}/{{ $applicationName }}/log
+      volumes:
+        - name: emqx-data
+          persistentVolumeClaim:
+            claimName: helm-emqxs
+        - name: {{ $applicationName }}-plugins
+          configMap:
+            name: {{ $applicationName }}-plugins
+            items:
+              - key: loaded_plugins
+                path: loaded_plugins
+        - name: {{ $applicationName }}-auth
+          configMap:
+            name: {{ $applicationName }}-auth
+            items:
+              - key: emqx_auth_username.conf
+                path: emqx_auth_username.conf
+---
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/emqx/values.yaml

@@ -0,0 +1,54 @@
+enabled:
+  clusterMode: true
+  standaloneMode: false
+
+auth:
+  username: cmii
+  password: odD8#Ve7.B
+
+storageClass:
+  accessMode: "ReadWriteOnce"
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 16Gi
+
+nodePort:
+  enabled: true
+  mqtt: 31883
+  dashboard: 48083
+  mqttWebSocket: 38083
+
+ingress:
+  enabled: false
+
+image:
+  repository: docker.io/emqx  # commonly no use
+  tag: 4.2.12
+
+replicas:
+  clusterMode: 3
+  standaloneMode: 1
+
+appName:
+  clusterMode: helm-emqxs
+  standaloneMode: helm-emqx
+
+# please don't modify this values below !!!
+containerPort:
+  mqtt: 1883
+  mgmt: 8081
+  websocket: 8083
+  wss: 8084
+  mqttssl: 8883
+  dashboard: 18083
+
+resources:
+  limits:
+    memory: 2Gi
+    cpu: "1"
+  requests:
+    memory: 1Gi
+    cpu: 300m
+
+

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/mongo/templates/statefulset.yaml

@@ -0,0 +1,57 @@
+{{- if .Values.enabled }}
+{{- $namespace := .Release.Namespace -}}
+{{- $applicationName := .Values.appName -}}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ $applicationName }}
+  namespace: {{ $namespace }}
+  labels:
+    {{- include "uavcloud-middleware.mongo.labels.standard" . | nindent 4 }}
+spec:
+  serviceName: {{ $applicationName }}
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "uavcloud-middleware.mongo.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "uavcloud-middleware.mongo.labels.standard" . | nindent 8 }}
+      annotations:
+        pod.alpha.kubernetes.io/initialized: "true"
+    spec:
+      {{- if .Values.global.affinity }}
+      affinity: {{- include "common.tplvalues.render" (dict "value" .Values.global.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+{{- /*        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAffinityPreset "context" $) | nindent 10 -}}*/}}
+{{- /*        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAntiAffinityPreset "context" $) | nindent 10 }}*/}}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.global.nodeAffinityPreset.type "key" .Values.global.nodeAffinityPreset.key "values" .Values.global.nodeAffinityPreset.values) | nindent 10 -}}
+      {{- end }}
+      containers:
+        - name: {{ $applicationName }}
+          image: "{{ .Values.global.image.repository | default .Values.image.repository }}/mongo:{{ .Values.image.tag }}"
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          ports:
+            - containerPort: {{ .Values.containerPort.mongo }}
+              name: mongo27017
+              protocol: TCP
+          env:
+            - name: MONGO_INITDB_ROOT_USERNAME
+              value: {{ .Values.auth.username }}
+            - name: MONGO_INITDB_ROOT_PASSWORD
+              value: {{ .Values.auth.password }}
+          volumeMounts:
+            - name: mongo-data
+              mountPath: /data/db
+              readOnly: false
+              subPath: {{ $namespace }}/{{ $applicationName }}/data/db
+      volumes:
+        - name: mongo-data
+          persistentVolumeClaim:
+            claimName: helm-mongo
+---
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/mongo/values.yaml

@@ -0,0 +1,35 @@
+image:
+  repository: docker.io
+  tag: "5.0"
+
+replicaCount: 1
+
+enabled: true
+
+appName: helm-mongo
+
+auth:
+  username: cmlc
+  password: REdPza8#oVlt
+
+nodePort:
+  mongo: 37017
+
+containerPort:
+  mongo: 27017
+
+resources:
+  limits:
+    memory: 4Gi
+    cpu: "2"
+  requests:
+    memory: 2Gi
+    cpu: "1"
+
+storageClass:
+  accessMode: "ReadWriteMany"
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 16Gi
+

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/nacos/templates/statefulset.yaml

@@ -0,0 +1,82 @@
+{{- if .Values.enabled }}
+{{- $namespace := .Release.Namespace -}}
+{{- $applicationName := .Values.appName -}}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ $applicationName }}
+  namespace: {{ $namespace }}
+  labels:
+    {{- include "uavcloud-middleware.nacos.labels.standard" . | nindent 4 }}
+spec:
+  serviceName: {{ $applicationName }}
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "uavcloud-middleware.nacos.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "uavcloud-middleware.nacos.labels.standard" . | nindent 8 }}
+      annotations:
+        pod.alpha.kubernetes.io/initialized: "true"
+    spec:
+      {{- if .Values.global.affinity }}
+      affinity: {{- include "common.tplvalues.render" (dict "value" .Values.global.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        {{- /*        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAffinityPreset "context" $) | nindent 10 -}}*/}}
+        {{- /*        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAntiAffinityPreset "context" $) | nindent 10 }}*/}}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.global.nodeAffinityPreset.type "key" .Values.global.nodeAffinityPreset.key "values" .Values.global.nodeAffinityPreset.values) | nindent 10 -}}
+      {{- end }}
+      containers:
+        - name: nacos-server
+          image: "{{ .Values.global.image.repository | default .Values.image.repository }}/nacos-server:{{ .Values.image.tag }}"
+          ports:
+            - containerPort: {{ .Values.containerPort.dashboard }}
+              name: dashboard
+          env:
+            - name: NACOS_AUTH_ENABLE
+              value: "true"
+            - name: NACOS_REPLICAS
+              value: "1"
+            - name: MYSQL_SERVICE_DB_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $applicationName }}-cm
+                  key: mysql.db.name
+            - name: MYSQL_SERVICE_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $applicationName }}-cm
+                  key: mysql.port
+            - name: MYSQL_SERVICE_USER
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $applicationName }}-cm
+                  key: mysql.user
+            - name: MYSQL_SERVICE_PASSWORD
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $applicationName }}-cm
+                  key: mysql.password
+            - name: MYSQL_SERVICE_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $applicationName }}-cm
+                  key: mysql.db.host
+            - name: NACOS_SERVER_PORT
+              value: "{{ .Values.containerPort.dashboard }}"
+            - name: NACOS_APPLICATION_PORT
+              value: "{{ .Values.containerPort.dashboard }}"
+            - name: PREFER_HOST_MODE
+              value: "hostname"
+            - name: MODE
+              value: standalone
+            - name: SPRING_DATASOURCE_PLATFORM
+              value: mysql
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+---
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/NOTES.txt

@@ -0,0 +1,163 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+{{- $servicePort := or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) | ternary .Values.service.port .Values.service.tlsPort -}}
+{{- $serviceNodePort := or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) | ternary .Values.service.nodePort .Values.service.tlsNodePort -}}
+** Please be patient while the chart is being deployed **
+
+{{- if .Values.diagnosticMode.enabled }}
+The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
+
+  command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
+  args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
+
+Get the list of pods by executing:
+
+  kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
+
+Access the pod you want to debug by executing
+
+  kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
+
+In order to replicate the container startup scripts execute this command:
+
+    /opt/bitnami/scripts/rabbitmq/entrypoint.sh /opt/bitnami/scripts/rabbitmq/run.sh
+
+{{- else }}
+
+Credentials:
+
+{{- if not .Values.loadDefinition.enabled }}
+    echo "Username      : {{ .Values.auth.username }}"
+    echo "Password      : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "rabbitmq.secretPasswordName" . }} -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)"
+{{- end }}
+    echo "ErLang Cookie : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "rabbitmq.secretErlangName" . }} -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 --decode)"
+
+Note that the credentials are saved in persistent volume claims and will not be changed upon upgrade or reinstallation unless the persistent volume claim has been deleted. If this is not the first installation of this chart, the credentials may not be valid.
+This is applicable when no passwords are set and therefore the random password is autogenerated. In case of using a fixed password, you should specify it when upgrading.
+More information about the credentials may be found at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases.
+
+RabbitMQ can be accessed within the cluster on port {{ $serviceNodePort }} at {{ include "rabbitmq.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clustering.k8s_domain }}
+
+To access for outside the cluster, perform the following steps:
+
+{{- if .Values.ingress.enabled }}
+{{- if contains "NodePort" .Values.service.type }}
+
+To Access the RabbitMQ AMQP port:
+
+1. Obtain the NodePort IP and ports:
+
+    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    export NODE_PORT_AMQP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "rabbitmq.fullname" . }})
+    echo "URL : amqp://$NODE_IP:$NODE_PORT_AMQP/"
+
+{{- else if contains "LoadBalancer" .Values.service.type }}
+
+To Access the RabbitMQ AMQP port:
+
+1. Obtain the LoadBalancer IP:
+
+NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+      Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "rabbitmq.fullname" . }}'
+
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rabbitmq.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+    echo "URL : amqp://$SERVICE_IP:{{ $servicePort }}/"
+
+{{- else if contains "ClusterIP"  .Values.service.type }}
+
+To Access the RabbitMQ AMQP port:
+
+1. Create a port-forward to the AMQP port:
+
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ $servicePort }}:{{ $servicePort }} &
+    echo "URL : amqp://127.0.0.1:{{ $servicePort }}/"
+
+{{- end }}
+
+2. Access RabbitMQ using using the obtained URL.
+
+To Access the RabbitMQ Management interface:
+
+1. Get the RabbitMQ Management URL and associate its hostname to your cluster external IP:
+
+   export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
+   echo "RabbitMQ Management: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/"
+   echo "$CLUSTER_IP  {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts
+
+2. Open a browser and access RabbitMQ Management using the obtained URL.
+
+{{- else }}
+{{- if contains "NodePort" .Values.service.type }}
+
+Obtain the NodePort IP and ports:
+
+    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    export NODE_PORT_AMQP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "rabbitmq.fullname" . }})
+    export NODE_PORT_STATS=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[3].nodePort}" services {{ include "rabbitmq.fullname" . }})
+
+To Access the RabbitMQ AMQP port:
+
+    echo "URL : amqp://$NODE_IP:$NODE_PORT_AMQP/"
+
+To Access the RabbitMQ Management interface:
+
+    echo "URL : http://$NODE_IP:$NODE_PORT_STATS/"
+
+{{- else if contains "LoadBalancer" .Values.service.type }}
+
+Obtain the LoadBalancer IP:
+
+NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+      Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "rabbitmq.fullname" . }}'
+
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rabbitmq.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+
+To Access the RabbitMQ AMQP port:
+
+    echo "URL : amqp://$SERVICE_IP:{{ $servicePort }}/"
+
+To Access the RabbitMQ Management interface:
+
+    echo "URL : http://$SERVICE_IP:{{ .Values.service.managerPort }}/"
+
+{{- else if contains "ClusterIP"  .Values.service.type }}
+
+To Access the RabbitMQ AMQP port:
+
+    echo "URL : amqp://127.0.0.1:{{ $servicePort }}/"
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ $servicePort }}:{{ $servicePort }}
+
+To Access the RabbitMQ Management interface:
+
+    echo "URL : http://127.0.0.1:{{ .Values.service.managerPort }}/"
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ .Values.service.managerPort }}:{{ .Values.service.managerPort }}
+
+{{- end }}
+{{- end }}
+
+{{- if .Values.metrics.enabled }}
+
+To access the RabbitMQ Prometheus metrics, get the RabbitMQ Prometheus URL by running:
+
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "rabbitmq.fullname" . }} {{ .Values.service.metricsPort }}:{{ .Values.service.metricsPort }} &
+    echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.service.metricsPort }}/metrics"
+
+Then, open the obtained URL in a browser.
+
+{{- end }}
+
+{{- include "common.warnings.rollingTag" .Values.image }}
+{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
+{{- include "rabbitmq.validateValues" . -}}
+
+{{- $requiredPassword := list -}}
+{{- $secretNameRabbitmq := include "rabbitmq.secretPasswordName" . -}}
+
+{{- if and (not .Values.auth.existingPasswordSecret) (not .Values.loadDefinition.enabled) -}}
+  {{- $requiredRabbitmqPassword := dict "valueKey" "auth.password" "secret" $secretNameRabbitmq "field" "rabbitmq-password" -}}
+  {{- $requiredPassword = append $requiredPassword $requiredRabbitmqPassword -}}
+{{- end -}}
+
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/configuration.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "rabbitmq.fullname" . }}-config
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  rabbitmq.conf: |-
+    {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }}
+  {{- if .Values.advancedConfiguration }}
+  advanced.config: |-
+    {{- include "common.tplvalues.render" (dict "value" .Values.advancedConfiguration "context" $) | nindent 4 }}
+  {{- end }}
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/ingress.yaml

@@ -0,0 +1,59 @@
+{{- if .Values.enabled }}
+{{- if .Values.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ include "rabbitmq.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  annotations:
+    {{- if .Values.ingress.certManager }}
+    kubernetes.io/tls-acme: "true"
+    {{- end }}
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.ingress.annotations }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  {{- end }}
+  rules:
+    {{- if .Values.ingress.domain }}
+    - host: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.hostname "context" $ ) }}
+      http:
+        paths:
+          {{- if .Values.ingress.extraPaths }}
+          {{- toYaml .Values.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ .Values.ingress.path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+            pathType: {{ .Values.ingress.pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.service.managerPortName "context" $)  | nindent 14 }}
+    {{- end }}
+    {{- range .Values.ingress.extraHosts }}
+    - host: {{ include "common.tplvalues.render" ( dict "value" .name "context" $ ) }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http-stats" "context" $) | nindent 14 }}
+    {{- end }}
+  {{- if or (and .Values.ingress.tls (or (include "rabbitmq.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
+  tls:
+    {{- if and .Values.ingress.tls (or (include "rabbitmq.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned) }}
+    - hosts:
+        - {{ .Values.ingress.domain | quote }}
+      secretName: {{ printf "%s-tls" .Values.ingress.domain }}
+    {{- end }}
+    {{- if .Values.ingress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/networkpolicy.yaml

@@ -0,0 +1,39 @@
+{{- if .Values.enabled }}
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ include "rabbitmq.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 4369  # EPMD
+        - port: {{ .Values.service.port }}
+        - port: {{ .Values.service.tlsPort }}
+        - port: {{ .Values.service.distPort }}
+        - port: {{ .Values.service.managerPort }}
+      {{- if not .Values.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels:
+              {{ template "rabbitmq.fullname" . }}-client: "true"
+        - podSelector:
+            matchLabels:
+              {{- include "common.labels.matchLabels" . | nindent 14 }}
+        {{- if .Values.networkPolicy.additionalRules }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.additionalRules "context" $) | nindent 8 }}
+        {{- end }}
+      {{- end }}
+    # Allow prometheus scrapes
+    - ports:
+        - port: {{ .Values.service.metricsPort }}
+{{- end }}
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/pdb.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.enabled }}
+{{- if .Values.pdb.create }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "rabbitmq.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.pdb.minAvailable }}
+  minAvailable: {{ .Values.pdb.minAvailable }}
+  {{- end }}
+  {{- if .Values.pdb.maxUnavailable }}
+  maxUnavailable: {{ .Values.pdb.maxUnavailable }}
+  {{- end }}
+  selector:
+    matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }}
+{{- end }}
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/prometheusrule.yaml

@@ -0,0 +1,26 @@
+{{- if .Values.enabled }}
+{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "rabbitmq.fullname" . }}
+  {{- if .Values.metrics.prometheusRule.namespace }}
+  namespace: {{ .Values.metrics.prometheusRule.namespace }}
+  {{- else }}
+  namespace: {{ .Release.Namespace | quote }}
+  {{- end }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.metrics.prometheusRule.additionalLabels }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  groups:
+  {{- with .Values.metrics.prometheusRule.rules }}
+    - name: {{ template "rabbitmq.name" $ }}
+      rules: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}
+  {{- end }}
+{{- end }}
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/role.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.enabled }}
+  {{- if .Values.rbac.create }}
+kind: Role
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+metadata:
+  name: {{ template "rabbitmq.fullname" . }}-endpoint-reader
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create"]
+  {{- end }}
+
+  {{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/rolebinding.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.enabled }}
+{{- if and .Values.serviceAccount.create .Values.rbac.create }}
+kind: RoleBinding
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+metadata:
+  name: {{ template "rabbitmq.fullname" . }}-endpoint-reader
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "rabbitmq.serviceAccountName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "rabbitmq.fullname" . }}-endpoint-reader
+{{- end }}
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/secrets.yaml

@@ -0,0 +1,48 @@
+{{- if .Values.enabled }}
+{{- if or (not .Values.auth.existingErlangSecret) (not .Values.auth.existingPasswordSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "rabbitmq.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  {{- if and (not .Values.auth.existingPasswordSecret) (not .Values.loadDefinition.enabled) }}
+  {{- if .Values.auth.password }}
+  rabbitmq-password: {{ .Values.auth.password | b64enc | quote }}
+  {{- else }}
+  rabbitmq-password: {{ randAlphaNum 10 | b64enc | quote }}
+  {{- end }}
+  {{- end }}
+  {{- if not .Values.auth.existingErlangSecret }}
+  {{- if .Values.auth.erlangCookie }}
+  rabbitmq-erlang-cookie: {{ .Values.auth.erlangCookie | b64enc | quote }}
+  {{- else }}
+  rabbitmq-erlang-cookie: {{ randAlphaNum 32 | b64enc | quote }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- $extraSecretsPrependReleaseName := .Values.extraSecretsPrependReleaseName }}
+{{- range $key, $value := .Values.extraSecrets }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  {{- if $extraSecretsPrependReleaseName }}
+  name: {{ $.Release.Name }}-{{ $key }}
+  {{- else }}
+  name: {{ $key }}
+  {{- end }}
+  namespace: {{ $.Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" $ | nindent 4 }}
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+stringData: {{- include "common.tplvalues.render" (dict "value" $value "context" $) | nindent 2 }}
+{{- end }}
+{{- end }}

0-archived/1-outside-deploy/2-helm-chart/charts/all-middleware/charts/rabbitmq/templates/serviceaccount.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.enabled }}
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "rabbitmq.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+secrets:
+  - name: {{ include "rabbitmq.fullname" . }}
+{{- end }}
+{{- end }}
+