大量更新

2026-05-19 14:28:44 +08:00
parent a8f6bda703
commit 9fc3372fa3
5299 changed files with 423176 additions and 426690 deletions
--- a/83-202604-重庆二级监管/1-批量脚本.sh
+++ b/83-202604-重庆二级监管/1-批量脚本.sh
@@ -0,0 +1,31 @@
+36.133.115.174
+
+ram账户
+zgydtxjtcqyxgs18883257311
+cqcmii
+2013SHUde#1
+
+uavcloud.env: cq-uas-260427
+
+12C 24GB 192.168.9.91  CMII
+12C 24GB 192.168.9.174  mysql
+12C 24GB 192.168.9.227  doris
+
+
+虚拟机
+8C 16GB 192.168.9.6
+
+root
+
+Dict@2024
+
+IFQ9jIkHy9,
+
+
+doris-fe-log-pvc  300GB DORIS数据库的日志
+doris-be-storage-pvc 1000GB DORIS数据库的持久化数据
+doris-fe-storage-pvc  300GB DORIS数据库的持久化数据
+nfs-backend-log-pvc 300GB 业务日志持久化存储
+helm-emqxs 200GB EMQX的持久化数据
+helm-mongo 300GB MONGO的持久化数据
+helm-rabbitmq 100GB RabbitMQ的持久化数据
--- a/83-202604-重庆二级监管/NodePort端口-监管.txt
+++ b/83-202604-重庆二级监管/NodePort端口-监管.txt
@@ -0,0 +1,37 @@
+cq-uas-260427  doris-cluster-be-service      9060   32189
+cq-uas-260427  doris-cluster-be-service      8040   31624
+cq-uas-260427  doris-cluster-be-service      9050   31625
+cq-uas-260427  doris-cluster-be-service      8060   31627
+cq-uas-260427  doris-cluster-fe-service      8030   31620
+cq-uas-260427  doris-cluster-fe-service      9020   31621
+cq-uas-260427  doris-cluster-fe-service      9030   31622
+cq-uas-260427  doris-cluster-fe-service      9010   31623
+cq-uas-260427  helm-emqxs                    1883   30883
+cq-uas-260427  helm-emqxs                    18083  32085
+cq-uas-260427  helm-emqxs                    8083   32086
+cq-uas-260427  helm-emqxs                    8883   31378
+cq-uas-260427  helm-minio                    9000   32090
+cq-uas-260427  helm-minio                    9001   32091
+cq-uas-260427  helm-mysql                    3306   31306
+cq-uas-260427  helm-nacos                    8848   31848
+cq-uas-260427  helm-nacos                    9848   32088
+cq-uas-260427  helm-nacos                    9849   31775
+cq-uas-260427  helm-rabbitmq                 5672   31672
+cq-uas-260427  helm-rabbitmq                 15672  31675
+cqejpt         cmii-admin-gateway            8080   30116
+cqejpt         cmii-uav-gateway              8080   30115
+cqejpt         cmii-uav-platform             30110  30110
+cqejpt         cmii-uav-platform-armypeople  9528   30111
+cqejpt         cmii-uav-platform-oms         9528   30112
+cqejpt         cmii-uav-sense-adapter        8080   31280
+cqejpt         cmii-uav-sense-adapter        8010   31554
+cqejpt         cmii-uav-sense-adapter        8011   31556
+cqejpt         cmii-uav-surveillance         8080   32324
+cqejpt         helm-emqxs                    1883   31883
+cqejpt         helm-emqxs                    18083  30085
+cqejpt         helm-emqxs                    8083   31083
+cqejpt         helm-mongo                    27017  31017
+cqejpt         helm-mysql                    3306   30413
+cqejpt         helm-nacos                    8848   30848
+cqejpt         helm-nacos                    9848   31474
+cqejpt         helm-nacos                    9849   30909
--- a/83-202604-重庆二级监管/NodePort端口情况.txt
+++ b/83-202604-重庆二级监管/NodePort端口情况.txt
@@ -0,0 +1,58 @@
+cq-fly-260311  cmii-fly-center               8080   31899
+cq-fly-260311  cmii-sky-converge             8080   31338
+cq-fly-260311  cmii-uav-platform-lite        9528   30416
+cq-fly-260311  cmii-uav-platform-lite-oms    9528   30418
+cq-fly-260311  helm-emqx-fly                 1883   31886
+cq-fly-260311  helm-emqx-fly                 18083  31085
+cq-fly-260311  helm-emqx-fly                 8083   31086
+cq-fly-260311  helm-emqx-fly                 8883   31887
+cq-fly-260311  helm-emqx-fly                 8084   31084
+cq-fly-260311  helm-minio-fly                9000   31090
+cq-fly-260311  helm-minio-fly                9001   31091
+cq-fly-260311  helm-mysql-fly                3306   32306
+cq-fly-260311  helm-rabbitmq-fly             5672   32672
+cq-fly-260311  helm-rabbitmq-fly             15672  32675
+cq-uas-260427  cmii-live-live-helper         7080   31080
+cq-uas-260427  cmii-live-live-op             7086   30086
+cq-uas-260427  cmii-live-live-proxy          7081   31081
+cq-uas-260427  cmii-uas-gateway              8080   31161
+cq-uas-260427  cmii-uav-platform-uas         9528   31234
+cq-uas-260427  cmii-uav-platform-uasms       9528   30749
+cq-uas-260427  doris-cluster-be-service      9060   32189
+cq-uas-260427  doris-cluster-be-service      8040   31624
+cq-uas-260427  doris-cluster-be-service      9050   31625
+cq-uas-260427  doris-cluster-be-service      8060   31627
+cq-uas-260427  doris-cluster-fe-service      8030   31620
+cq-uas-260427  doris-cluster-fe-service      9020   31621
+cq-uas-260427  doris-cluster-fe-service      9030   31622
+cq-uas-260427  doris-cluster-fe-service      9010   31623
+cq-uas-260427  helm-emqxs                    1883   30883
+cq-uas-260427  helm-emqxs                    18083  32085
+cq-uas-260427  helm-emqxs                    8083   32086
+cq-uas-260427  helm-emqxs                    8883   31378
+cq-uas-260427  helm-minio                    9000   32090
+cq-uas-260427  helm-minio                    9001   32091
+cq-uas-260427  helm-mysql                    3306   31306
+cq-uas-260427  helm-nacos                    8848   31848
+cq-uas-260427  helm-nacos                    9848   32088
+cq-uas-260427  helm-nacos                    9849   31775
+cq-uas-260427  helm-rabbitmq                 5672   31672
+cq-uas-260427  helm-rabbitmq                 15672  31675
+cqejpt         cmii-admin-gateway            8080   30116
+cqejpt         cmii-uav-gateway              8080   30115
+cqejpt         cmii-uav-platform             30110  30110
+cqejpt         cmii-uav-platform-armypeople  9528   30111
+cqejpt         cmii-uav-platform-oms         9528   30112
+cqejpt         cmii-uav-sense-adapter        8080   31280
+cqejpt         cmii-uav-sense-adapter        8010   31554
+cqejpt         cmii-uav-sense-adapter        8011   31556
+cqejpt         cmii-uav-surveillance         8080   32324
+cqejpt         helm-emqxs                    1883   31883
+cqejpt         helm-emqxs                    18083  30085
+cqejpt         helm-emqxs                    8083   31083
+cqejpt         helm-mongo                    27017  31017
+cqejpt         helm-mysql                    3306   30413
+cqejpt         helm-nacos                    8848   30848
+cqejpt         helm-nacos                    9848   31474
+cqejpt         helm-nacos                    9849   30909
+kube-system    kubernetes-dashboard          443    30999
--- a/83-202604-重庆二级监管/doris-deploy/doris-be-configmap.yaml
+++ b/83-202604-重庆二级监管/doris-deploy/doris-be-configmap.yaml
@@ -0,0 +1,82 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: doris-cluster-be-conf
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/component: be
+data:
+  be.conf: >
+    CUR_DATE=`date +%Y%m%d-%H%M%S`
+    
+    # Log dir
+    LOG_DIR="${DORIS_HOME}/log/"
+    
+    # For jdk 8
+    JAVA_OPTS="-Dfile.encoding=UTF-8 -Xmx2048m -DlogPath=$LOG_DIR/jni.log -Xloggc:$LOG_DIR/be.gc.log.$CUR_DATE -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=50M -Djavax.security.auth.useSubjectCredsOnly=false -Dsun.security.krb5.debug=true -Dsun.java.command=DorisBE -XX:-CriticalJNINatives"
+    
+    # Set your own JAVA_HOME
+    # JAVA_HOME=/path/to/jdk/
+    
+    # https://github.com/apache/doris/blob/master/docs/zh-CN/community/developer-guide/debug-tool.md#jemalloc-heap-profile
+    # https://jemalloc.net/jemalloc.3.html jemalloc 内存分配器设置参数
+    JEMALLOC_CONF="percpu_arena:percpu,background_thread:true,metadata_thp:auto,muzzy_decay_ms:15000,dirty_decay_ms:15000,oversize_threshold:0,prof:false,lg_prof_interval:32,lg_prof_sample:19,prof_gdump:false,prof_accum:false,prof_leak:false,prof_final:false"
+    JEMALLOC_PROF_PRFIX=""
+    
+    # ports for admin, web, heartbeat service
+    be_port = 9060
+    webserver_port = 8040
+    heartbeat_service_port = 9050
+    brpc_port = 8060
+    arrow_flight_sql_port = -1
+    
+    # HTTPS configures
+    enable_https = false
+    # path of certificate in PEM format.
+    #ssl_certificate_path = "$DORIS_HOME/conf/cert.pem"
+    # path of private key in PEM format.
+    #ssl_private_key_path = "$DORIS_HOME/conf/key.pem"
+    
+    # Choose one if there are more than one ip except loopback address.
+    # Note that there should at most one ip match this list.
+    # If no ip match this rule, will choose one randomly.
+    # use CIDR format, e.g. 10.10.10.0/24 or IP format, e.g. 10.10.10.1
+    # Default value is empty.
+    # priority_networks = 10.10.10.0/24;192.168.0.0/16
+    
+    # data root path, separate by ';'
+    # You can specify the storage type for each root path, HDD (cold data) or SSD (hot data)
+    # eg:
+    # storage_root_path = /home/disk1/doris;/home/disk2/doris;/home/disk2/doris
+    # storage_root_path = /home/disk1/doris,medium:SSD;/home/disk2/doris,medium:SSD;/home/disk2/doris,medium:HDD
+    # /home/disk2/doris,medium:HDD(default)
+    #
+    # you also can specify the properties by setting '<property>:<value>', separate by ','
+    # property 'medium' has a higher priority than the extension of path
+    #
+    # Default value is ${DORIS_HOME}/storage, you should create it by hand.
+    # storage_root_path = ${DORIS_HOME}/storage
+    
+    # Default dirs to put jdbc drivers,default value is ${DORIS_HOME}/jdbc_drivers
+    # jdbc_drivers_dir = ${DORIS_HOME}/jdbc_drivers
+    
+    # Advanced configurations
+    # INFO, WARNING, ERROR, FATAL
+    sys_log_level = INFO
+    # sys_log_roll_mode = SIZE-MB-1024
+    # sys_log_roll_num = 10
+    # sys_log_verbose_modules = *
+    # log_buffer_level = -1
+    
+    # aws sdk log level
+    #    Off = 0,
+    #    Fatal = 1,
+    #    Error = 2,
+    #    Warn = 3,
+    #    Info = 4,
+    #    Debug = 5,
+    #    Trace = 6
+    # Default to turn off aws sdk log, because aws sdk errors that need to be cared will be output through Doris logs
+    #aws_log_level=0
+    ## If you are not running in aws cloud, you can disable EC2 metadata
+    #AWS_EC2_METADATA_DISABLED=false
--- a/83-202604-重庆二级监管/doris-deploy/doris-be-internal-service.yaml
+++ b/83-202604-重庆二级监管/doris-deploy/doris-be-internal-service.yaml
@@ -0,0 +1,17 @@
+kind: Service
+apiVersion: v1
+metadata:
+  namespace: cq-uas-260427
+  name: doris-cluster-be-internal
+  labels:
+    app.kubernetes.io/component: doris-cluster-be-internal
+spec:
+  ports:
+    - name: heartbeat-port
+      protocol: TCP
+      port: 9050
+      targetPort: 9050
+  selector:
+    app.kubernetes.io/component: doris-cluster-be
+  clusterIP: None
+  type: ClusterIP
--- a/83-202604-重庆二级监管/doris-deploy/doris-be-service.yaml
+++ b/83-202604-重庆二级监管/doris-deploy/doris-be-service.yaml
@@ -0,0 +1,32 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: doris-cluster-be-service
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/component: doris-cluster-be
+spec:
+  ports:
+    - name: be-port
+      protocol: TCP
+      port: 9060
+      targetPort: 9060
+      nodePort: 32189
+    - name: webserver-port
+      protocol: TCP
+      port: 8040
+      targetPort: 8040
+      nodePort: 31624
+    - name: heartbeat-port
+      protocol: TCP
+      port: 9050
+      targetPort: 9050
+      nodePort: 31625
+    - name: brpc-port
+      protocol: TCP
+      port: 8060
+      targetPort: 8060
+      nodePort: 31627
+  selector:
+    app.kubernetes.io/component: doris-cluster-be
+  type: NodePort
--- a/83-202604-重庆二级监管/doris-deploy/doris-be-statusfulset.yaml
+++ b/83-202604-重庆二级监管/doris-deploy/doris-be-statusfulset.yaml
@@ -0,0 +1,214 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: doris-cluster-be
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/component: doris-cluster-be
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: doris-cluster-be
+  template:
+    metadata:
+      name: doris-cluster-be
+      labels:
+        app.kubernetes.io/component: doris-cluster-be
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      volumes:
+        - name: podinfo
+          downwardAPI:
+            items:
+              - path: labels
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.labels
+              - path: annotations
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.annotations
+            defaultMode: 420
+        - name: doris-cluster-be-conf
+          configMap:
+            name: doris-cluster-be-conf
+            defaultMode: 420
+        - name: be-storage
+          persistentVolumeClaim:
+              claimName: doris-be-storage-pvc
+        - name: be-log
+          persistentVolumeClaim:
+            claimName: doris-fe-log-pvc
+      initContainers:
+        - name: default-init
+          image: 'chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/tools:1.0'
+          command:
+            - /bin/sh
+          args:
+            - '-c'
+            - sysctl -w vm.max_map_count=2000000 && swapoff -a
+          resources:
+            limits:
+              cpu: '1'
+              memory: 1Gi
+            requests:
+              cpu: '0.5'
+              memory: 500Mi
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            privileged: true
+      containers:
+        - name: be
+          image: 'chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/doris.be-ubuntu:2.1.6'
+          command:
+            - /opt/apache-doris/be_entrypoint.sh
+          args:
+            - $(ENV_FE_ADDR)
+          ports:
+            - name: be-port
+              containerPort: 9060
+              protocol: TCP
+            - name: webserver-port
+              containerPort: 8040
+              protocol: TCP
+            - name: heartbeat-port
+              containerPort: 9050
+              protocol: TCP
+            - name: brpc-port
+              containerPort: 8060
+              protocol: TCP
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: status.podIP
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: status.hostIP
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONFIGMAP_MOUNT_PATH
+              value: /etc/doris
+            - name: USER
+              value: root
+            - name: DORIS_ROOT
+              value: /opt/apache-doris
+            - name: ENV_FE_ADDR
+              value: doris-cluster-fe-service
+            - name: FE_QUERY_PORT
+              value: '9030'
+          resources:
+            limits:
+              cpu: '8'
+              memory: 8Gi
+            requests:
+              cpu: '4'
+              memory: 4Gi
+          volumeMounts:
+            - name: podinfo
+              mountPath: /etc/podinfo
+            - name: be-storage
+              mountPath: /opt/apache-doris/be/storage
+            - name: be-log
+              mountPath: /opt/apache-doris/be/log
+            - name: doris-cluster-be-conf
+              mountPath: /etc/doris
+          livenessProbe:
+            tcpSocket:
+              port: 9050
+            initialDelaySeconds: 80
+            timeoutSeconds: 180
+            periodSeconds: 5
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /api/health
+              port: 8040
+              scheme: HTTP
+            timeoutSeconds: 1
+            periodSeconds: 5
+            successThreshold: 1
+            failureThreshold: 3
+          startupProbe:
+            tcpSocket:
+              port: 9050
+            timeoutSeconds: 1
+            periodSeconds: 5
+            successThreshold: 1
+            failureThreshold: 60
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /opt/apache-doris/be_prestop.sh
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: IfNotPresent
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: doris.cluster
+                    operator: In
+                    values:
+                      - "true"
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: app.kubernetes.io/component
+                      operator: In
+                      values:
+                        - doris-cluster-be
+                topologyKey: kubernetes.io/hostname
+      schedulerName: default-scheduler
+#  volumeClaimTemplates:
+#    - kind: PersistentVolumeClaim
+#      apiVersion: v1
+#      metadata:
+#        name: be-storage
+#      spec:
+#        accessModes:
+#          - ReadWriteOnce
+#        resources:
+#          requests:
+#            storage: '10'
+#        storageClassName: nfs-prod-distribute
+#        volumeMode: Filesystem
+#    - kind: PersistentVolumeClaim
+#      apiVersion: v1
+#      metadata:
+#        name: be-log
+#      spec:
+#        accessModes:
+#          - ReadWriteOnce
+#        resources:
+#          requests:
+#            storage: '10'
+#        storageClassName: nfs-prod-distribute
+#        volumeMode: Filesystem
+  serviceName: doris-cluster-be-internal
+  podManagementPolicy: Parallel
--- a/83-202604-重庆二级监管/doris-deploy/doris-fe-configmap.yaml
+++ b/83-202604-重庆二级监管/doris-deploy/doris-fe-configmap.yaml
@@ -0,0 +1,67 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: doris-cluster-fe-conf
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/component: fe
+data:
+  fe.conf: |
+    #####################################################################
+    ## The uppercase properties are read and exported by bin/start_fe.sh.
+    ## To see all Frontend configurations,
+    ## see fe/src/org/apache/doris/common/Config.java
+    #####################################################################
+    
+    CUR_DATE=`date +%Y%m%d-%H%M%S`
+    
+    # Log dir
+    LOG_DIR = ${DORIS_HOME}/log
+    
+    # For jdk 8
+    JAVA_OPTS="-Dfile.encoding=UTF-8 -Djavax.security.auth.useSubjectCredsOnly=false -Xss4m -Xmx8192m -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:+PrintGCDateStamps -XX:+PrintGCDetails -Xloggc:$LOG_DIR/log/fe.gc.log.$CUR_DATE -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=50M -Dlog4j2.formatMsgNoLookups=true"
+        
+    # Set your own JAVA_HOME
+    # JAVA_HOME=/path/to/jdk/
+    
+    ##
+    ## the lowercase properties are read by main program.
+    ##
+    
+    # store metadata, must be created before start FE.
+    # Default value is ${DORIS_HOME}/doris-meta
+    # meta_dir = ${DORIS_HOME}/doris-meta
+    
+    # Default dirs to put jdbc drivers,default value is ${DORIS_HOME}/jdbc_drivers
+    # jdbc_drivers_dir = ${DORIS_HOME}/jdbc_drivers
+    
+    http_port = 8030
+    rpc_port = 9020
+    query_port = 9030
+    edit_log_port = 9010
+    arrow_flight_sql_port = -1
+    
+    # Choose one if there are more than one ip except loopback address.
+    # Note that there should at most one ip match this list.
+    # If no ip match this rule, will choose one randomly.
+    # use CIDR format, e.g. 10.10.10.0/24 or IP format, e.g. 10.10.10.1
+    # Default value is empty.
+    # priority_networks = 10.10.10.0/24;192.168.0.0/16
+    
+    # Advanced configurations
+    # log_roll_size_mb = 1024
+    # INFO, WARN, ERROR, FATAL
+    sys_log_level = INFO
+    # NORMAL, BRIEF, ASYNC,FE 日志的输出模式，其中 NORMAL 为默认的输出模式，日志同步输出且包含位置信息。ASYNC 默认是日志异步输出且包含位置信息。 BRIEF 模式是日志异步输出但不包含位置信息。三种日志输出模式的性能依次递增
+    sys_log_mode = ASYNC
+    # sys_log_roll_num = 10
+    # sys_log_verbose_modules = org.apache.doris
+    # audit_log_dir = $LOG_DIR
+    # audit_log_modules = slow_query, query
+    # audit_log_roll_num = 10
+    # meta_delay_toleration_second = 10
+    # qe_max_connection = 1024
+    # qe_query_timeout_second = 300
+    # qe_slow_log_ms = 5000
+    #Fully Qualified Domain Name，完全限定域名,开启后各节点之间通信基于FQDN
+    enable_fqdn_mode = true
--- a/83-202604-重庆二级监管/doris-deploy/doris-fe-internal-service.yaml
+++ b/83-202604-重庆二级监管/doris-deploy/doris-fe-internal-service.yaml
@@ -0,0 +1,17 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: doris-cluster-fe-internal
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/component: doris-cluster-fe
+spec:
+  ports:
+    - name: query-port
+      protocol: TCP
+      port: 9030
+      targetPort: 9030
+  selector:
+    app.kubernetes.io/component: doris-cluster-fe
+  clusterIP: None
+  type: ClusterIP
--- a/83-202604-重庆二级监管/doris-deploy/doris-fe-service.yaml
+++ b/83-202604-重庆二级监管/doris-deploy/doris-fe-service.yaml
@@ -0,0 +1,32 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: doris-cluster-fe-service
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/component: doris-cluster-fe
+spec:
+  ports:
+    - name: http-port
+      protocol: TCP
+      port: 8030
+      targetPort: 8030
+      nodePort: 31620
+    - name: rpc-port
+      protocol: TCP
+      port: 9020
+      targetPort: 9020
+      nodePort: 31621
+    - name: query-port
+      protocol: TCP
+      port: 9030
+      targetPort: 9030
+      nodePort: 31622
+    - name: edit-log-port
+      protocol: TCP
+      port: 9010
+      targetPort: 9010
+      nodePort: 31623
+  selector:
+    app.kubernetes.io/component: doris-cluster-fe
+  type: NodePort
--- a/83-202604-重庆二级监管/doris-deploy/doris-fe-statusfulset.yaml
+++ b/83-202604-重庆二级监管/doris-deploy/doris-fe-statusfulset.yaml
@@ -0,0 +1,198 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: doris-cluster-fe
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/component: doris-cluster-fe
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: doris-cluster-fe
+  template:
+    metadata:
+      name: doris-cluster-fe
+      labels:
+        app.kubernetes.io/component: doris-cluster-fe
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      volumes:
+        - name: meta
+          persistentVolumeClaim:
+#            claimName: meta
+            claimName: doris-fe-meta-pvc
+        - name: log
+          persistentVolumeClaim:
+    #            claimName: meta
+            claimName: doris-fe-log-pvc
+        - name: podinfo
+          downwardAPI:
+            items:
+              - path: labels
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.labels
+              - path: annotations
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.annotations
+            defaultMode: 420
+        - name: doris-cluster-fe-conf
+          configMap:
+            name: doris-cluster-fe-conf
+            defaultMode: 420
+      containers:
+        - name: doris-cluster-fe
+          image: 'chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/doris.fe-ubuntu:2.1.6'
+          command:
+            - /opt/apache-doris/fe_entrypoint.sh
+          args:
+            - $(ENV_FE_ADDR)
+          ports:
+            - name: http-port
+              containerPort: 8030
+              protocol: TCP
+            - name: rpc-port
+              containerPort: 9020
+              protocol: TCP
+            - name: query-port
+              containerPort: 9030
+              protocol: TCP
+            - name: edit-log-port
+              containerPort: 9010
+              protocol: TCP
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: status.podIP
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: status.hostIP
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: CONFIGMAP_MOUNT_PATH
+              value: /etc/doris
+            - name: USER
+              value: root
+            - name: DORIS_ROOT
+              value: /opt/apache-doris
+            - name: ENV_FE_ADDR
+              value: doris-cluster-fe-service
+            - name: FE_QUERY_PORT
+              value: '9030'
+            - name: ELECT_NUMBER
+              value: '3'
+          resources:
+            limits:
+              cpu: '4'
+              memory: 8Gi
+            requests:
+              cpu: '2'
+              memory: 4Gi
+          volumeMounts:
+            - name: podinfo
+              mountPath: /etc/podinfo
+            - name: log
+              mountPath: /opt/apache-doris/fe/log
+            - name: meta
+              mountPath: /opt/apache-doris/fe/doris-meta
+            - name: doris-cluster-fe-conf
+              mountPath: /etc/doris
+          livenessProbe:
+            tcpSocket:
+              port: 9030
+            initialDelaySeconds: 80
+            timeoutSeconds: 180
+            periodSeconds: 5
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /api/health
+              port: 8030
+              scheme: HTTP
+            timeoutSeconds: 1
+            periodSeconds: 5
+            successThreshold: 1
+            failureThreshold: 3
+          startupProbe:
+            tcpSocket:
+              port: 9030
+            timeoutSeconds: 1
+            periodSeconds: 5
+            successThreshold: 1
+            failureThreshold: 60
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /opt/apache-doris/fe_prestop.sh
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: IfNotPresent
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: doris.cluster
+                    operator: In
+                    values:
+                      - "true"
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: app.kubernetes.io/component
+                      operator: In
+                      values:
+                        - doris-cluster-fe
+                topologyKey: kubernetes.io/hostname
+      schedulerName: default-scheduler
+#  volumeClaimTemplates:
+#    - kind: PersistentVolumeClaim
+#      apiVersion: v1
+#      metadata:
+#        name: meta
+#      spec:
+#        accessModes:
+#          - ReadWriteOnce
+#        resources:
+#          requests:
+#            storage: 10G
+#        storageClassName: hcms-efs-class
+#        volumeMode: Filesystem
+#    - kind: PersistentVolumeClaim
+#      apiVersion: v1
+#      metadata:
+#        name: log
+#      spec:
+#        accessModes:
+#          - ReadWriteOnce
+#        resources:
+#          requests:
+#            storage: '10'
+#        storageClassName: hcms-efs-class
+#        volumeMode: Filesystem
+  serviceName: doris-cluster-fe-internal
+  podManagementPolicy: Parallel
--- a/83-202604-重庆二级监管/doris-deploy/doris-pvc.yaml
+++ b/83-202604-重庆二级监管/doris-deploy/doris-pvc.yaml
@@ -0,0 +1,60 @@
+---
+# pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: doris-fe-meta-pvc
+  namespace: cq-uas-260427
+spec:
+  storageClassName: nfs-prod-distribute
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: doris-fe-log-pvc
+  namespace: cq-uas-260427
+spec:
+  storageClassName: nfs-prod-distribute
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: doris-be-storage-pvc
+  namespace: cq-uas-260427
+spec:
+  storageClassName: nfs-prod-distribute
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Gi  # 根据实际存储需求调整
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: doris-be-log-pvc
+  namespace: cq-uas-260427
+spec:
+  storageClassName: nfs-prod-distribute
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
--- a/83-202604-重庆二级监管/doris-deploy/修改pvc-然后statefulset中的image.txt
+++ b/83-202604-重庆二级监管/doris-deploy/修改pvc-然后statefulset中的image.txt
@@ -0,0 +1,5 @@
+
+
+修改PVC文件
+修改全部的NAMESPACE
+修改statefulset里面的IMAGE
--- a/83-202604-重庆二级监管/harborsecret.yaml
+++ b/83-202604-重庆二级监管/harborsecret.yaml
@@ -0,0 +1,9 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: harborsecret
+  namespace: cq-uas-260427
+data:
+  .dockerconfigjson: >-
+    eyJhdXRocyI6eyJjaG9uZ3FpbmdzaGNpcy1hMTg5ZWM5OC5lY2lzLmNob25ncWluZy0xLmNtZWNsb3VkLmNuIjp7InVzZXJuYW1lIjoiY3FjbWlpIiwicGFzc3dvcmQiOiJwTDgka3E5QG0iLCJhdXRoIjoiWTNGamJXbHBPbkJNT0NScmNUbEFiUT09In19fQ==
+type: kubernetes.io/dockerconfigjson
--- a/83-202604-重庆二级监管/k8s-app/helm-minio.yaml
+++ b/83-202604-重庆二级监管/k8s-app/helm-minio.yaml
@@ -0,0 +1,79 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: cq-uas-260427
+  name: helm-minio
+spec:
+  serviceName: helm-minio
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helm-minio
+  template:
+    metadata:
+      labels:
+        app: helm-minio
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      affinity: {}
+#        nodeAffinity:
+#          requiredDuringSchedulingIgnoredDuringExecution:
+#            nodeSelectorTerms:
+#              - matchExpressions:
+#                  - key: minio-deploy
+#                    operator: In
+#                    values:
+#                      - "true"
+      containers:
+        - name: minio
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/minio:RELEASE.2023-06-02T23-17-26Z
+          command: ["/bin/sh", "-c"]
+          args:
+            - minio server /data --console-address ":9001"
+          ports:
+            - containerPort: 9000
+              name: api
+            - containerPort: 9001
+              name: console
+          env:
+            - name: MINIO_ACCESS_KEY
+              value: "cmii"
+            - name: MINIO_SECRET_KEY
+              value: "B#923fC7mk"
+          volumeMounts:
+            - name: data
+              mountPath: /data
+          resources:
+            limits:
+              memory: 1Gi
+              cpu: "1"
+            requests:
+              memory: 200Mi
+              cpu: 200m
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: helm-minio
+#          hostPath:
+#            path: /var/lib/docker/minio-pv/
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-minio
+  namespace: cq-uas-260427
+spec:
+  selector:
+    app: helm-minio
+  ports:
+    - name: api
+      port: 9000
+      targetPort: 9000
+      nodePort: 32090
+    - name: console
+      port: 9001
+      targetPort: 9001
+      nodePort: 32091
+  type: NodePort
--- a/83-202604-重庆二级监管/k8s-app/k8s-backend.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-backend.yaml
--- a/83-202604-重庆二级监管/k8s-app/k8s-configmap.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-configmap.yaml
@@ -0,0 +1,686 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-open
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "open",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-threedsimulation
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "threedsimulation",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-qinghaitourism
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "qinghaitourism",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-classification
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "classification",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-smauth
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "smauth",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-eventsh5
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "eventsh5",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-awareness
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "awareness",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-ai-brain
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "ai-brain",
+      AppClientId: "APP_rafnuCAmBESIVYMH"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-mws
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "mws",
+      AppClientId: "APP_uKniXPELlRERBBwK"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-security
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "security",
+      AppClientId: "APP_JUSEMc7afyWXxvE7"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-pilot2cloud
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "pilot2cloud",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-secenter
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "secenter",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-iot
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "iot",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-cmsportal
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "cmsportal",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-detection
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "detection",
+      AppClientId: "APP_FDHW2VLVDWPnnOCy"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-jiangsuwenlv
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "jiangsuwenlv",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-qingdao
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "qingdao",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-visualization
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "visualization",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-uasms
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "uasms",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-uas
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "uas",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-uasms
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "uasms",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-media
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "media",
+      AppClientId: "APP_4AU8lbifESQO4FD6"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-hyper
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "hyper",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-scanner
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "scanner",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-dikongzhixingh5
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "dikongzhixingh5",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-lite
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "lite",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-pangu
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-emergency
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "emergency",
+      AppClientId: "APP_aGsTAY1uMZrpKdfk"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-logistics
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "logistics",
+      AppClientId: "APP_PvdfRRRBPL8xbIwl"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-seniclive
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "seniclive",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-supervisionh5
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "supervisionh5",
+      AppClientId: "APP_qqSu82THfexI8PLM"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-multiterminal
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "multiterminal",
+      AppClientId: "APP_PvdfRRRBPL8xbIwl"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-share
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "share",
+      AppClientId: "APP_4lVSVI0ZGxTssir8"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-splice
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "splice",
+      AppClientId: "APP_zE0M3sTRXrCIJS8Y"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-traffic
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "traffic",
+      AppClientId: "APP_Jc8i2wOQ1t73QEJS"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-uas
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "uas",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-mianyangbackend
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "mianyangbackend",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-uavmsmanager
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "uavmsmanager",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-armypeople
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "armypeople",
+      AppClientId: "APP_UIegse6Lfou9pO1U"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-base
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "base",
+      AppClientId: "APP_9LY41OaKSqk2btY0"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-oms
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "oms",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-hljtt
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "hljtt",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-smsecret
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "smsecret",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-flight-control
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "flight-control",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-securityh5
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "securityh5",
+      AppClientId: "APP_N3ImO0Ubfu9peRHD"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-dispatchh5
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "dispatchh5",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-blockchain
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "blockchain",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-renyike
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "renyike",
+      AppClientId: "empty"
+    }
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: tenant-prefix-supervision
+  namespace: cq-uas-260427
+data:
+  ingress-config.js: |-
+    var __GlobalIngressConfig = {
+      TenantEnvironment: "260427",
+      CloudHOST: "36.133.115.174:8088",
+      ApplicationShortName: "supervision",
+      AppClientId: "APP_qqSu82THfexI8PLM"
+    }
--- a/83-202604-重庆二级监管/k8s-app/k8s-dashboard.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-dashboard.yaml
@@ -0,0 +1,315 @@
+---
+# ------------------- Dashboard Namespace ------------------- #
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubernetes-dashboard
+
+---
+# ------------------- Service Account ------------------- #
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+
+---
+# ------------------- Dashboard Service (NodePort 39999) ------------------- #
+kind: Service
+apiVersion: v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+spec:
+  type: NodePort
+  ports:
+    - port: 443
+      targetPort: 8443
+      nodePort: 39999
+  selector:
+    k8s-app: kubernetes-dashboard
+
+---
+# ------------------- Dashboard Secrets ------------------- #
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-certs
+  namespace: kubernetes-dashboard
+type: Opaque
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-csrf
+  namespace: kubernetes-dashboard
+type: Opaque
+data:
+  csrf: ""
+
+---
+# ------------------- Dashboard Role (FIXED) ------------------- #
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-minimal
+  namespace: kubernetes-dashboard
+rules:
+  # [修复] 允许创建 Secrets，解决 panic 问题
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["create"]
+  # 允许对特定 Secrets 进行操作
+  - apiGroups: [""]
+    resources: ["secrets"]
+    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
+    verbs: ["get", "update", "delete"]
+  # ConfigMaps 权限
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["kubernetes-dashboard-settings"]
+    verbs: ["get", "update"]
+  # Metrics 权限
+  - apiGroups: [""]
+    resources: ["services"]
+    resourceNames: ["heapster", "dashboard-metrics-scraper"]
+    verbs: ["proxy"]
+  - apiGroups: [""]
+    resources: ["services/proxy"]
+    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
+    verbs: ["get"]
+
+---
+# ------------------- Dashboard RoleBinding ------------------- #
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard-minimal
+  namespace: kubernetes-dashboard
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubernetes-dashboard-minimal
+subjects:
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
+
+---
+# ------------------- Dashboard Deployment ------------------- #
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: kubernetes-dashboard
+  template:
+    metadata:
+      labels:
+        k8s-app: kubernetes-dashboard
+    spec:
+      containers:
+        - name: kubernetes-dashboard
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/dashboard:v2.7.0
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8443
+              protocol: TCP
+          args:
+            - --auto-generate-certificates
+            - --namespace=kubernetes-dashboard
+          volumeMounts:
+            - name: kubernetes-dashboard-certs
+              mountPath: /certs
+            - mountPath: /tmp
+              name: tmp-volume
+          livenessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /
+              port: 8443
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 1001
+            runAsGroup: 2001
+      volumes:
+        - name: kubernetes-dashboard-certs
+          secret:
+            secretName: kubernetes-dashboard-certs
+        - name: tmp-volume
+          emptyDir: {}
+      serviceAccountName: kubernetes-dashboard
+      nodeSelector:
+        "kubernetes.io/os": linux
+      tolerations:
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+        - key: node-role.kubernetes.io/control-plane
+          effect: NoSchedule
+
+---
+# ------------------- Metrics Scraper Service ------------------- #
+kind: Service
+apiVersion: v1
+metadata:
+  labels:
+    k8s-app: dashboard-metrics-scraper
+  name: dashboard-metrics-scraper
+  namespace: kubernetes-dashboard
+spec:
+  ports:
+    - port: 8000
+      targetPort: 8000
+  selector:
+    k8s-app: dashboard-metrics-scraper
+
+---
+# ------------------- Metrics Scraper Deployment ------------------- #
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  labels:
+    k8s-app: dashboard-metrics-scraper
+  name: dashboard-metrics-scraper
+  namespace: kubernetes-dashboard
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: dashboard-metrics-scraper
+  template:
+    metadata:
+      labels:
+        k8s-app: dashboard-metrics-scraper
+      annotations:
+        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
+    spec:
+      containers:
+        - name: dashboard-metrics-scraper
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/metrics-scraper:v1.0.9
+          ports:
+            - containerPort: 8000
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              scheme: HTTP
+              path: /
+              port: 8000
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+          volumeMounts:
+            - mountPath: /tmp
+              name: tmp-volume
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 1001
+            runAsGroup: 2001
+      serviceAccountName: kubernetes-dashboard
+      nodeSelector:
+        "kubernetes.io/os": linux
+      volumes:
+        - name: tmp-volume
+          emptyDir: {}
+      tolerations:
+        - key: node-role.kubernetes.io/master
+          effect: NoSchedule
+        - key: node-role.kubernetes.io/control-plane
+          effect: NoSchedule
+
+---
+# ==================================================================
+#                自定义用户配置部分 (ADMIN & READ-ONLY)
+# ==================================================================
+
+# ------------------- 1. Admin User (全部权限) ------------------- #
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: admin-user
+    namespace: kubernetes-dashboard
+
+---
+# ------------------- 2. Read-Only User (只读+看日志) ------------------- #
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: read-only-user
+  namespace: kubernetes-dashboard
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dashboard-view-with-logs
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps", "endpoints", "persistentvolumeclaims", "pods", "replicationcontrollers", "replicationcontrollers/scale", "serviceaccounts", "services", "nodes", "persistentvolumeclaims", "persistentvolumes", "namespaces"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods/log"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["batch"]
+    resources: ["cronjobs", "jobs"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["networking.k8s.io"]
+    resources: ["ingresses", "networkpolicies"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["events.k8s.io"]
+    resources: ["events"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: read-only-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: dashboard-view-with-logs
+subjects:
+  - kind: ServiceAccount
+    name: read-only-user
+    namespace: kubernetes-dashboard
--- a/83-202604-重庆二级监管/k8s-app/k8s-emqx.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-emqx.yaml
@@ -0,0 +1,664 @@
+---
+---
+# ============== Secret - 密码管理 ==============
+apiVersion: v1
+kind: Secret
+metadata:
+  name: emqx-credentials
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: middleware
+    cmii.app: helm-emqxs
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: "2.3"
+type: Opaque
+stringData:
+  # Dashboard管理员密码
+  dashboard-admin-password: "odD8#Ve7.B"
+  # MQTT用户密码
+  mqtt-admin-password: "odD8#Ve7.B"
+
+---
+# ============== ServiceAccount ==============
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: helm-emqxs
+  namespace: cq-uas-260427
+
+---
+# ============== Role - RBAC ==============
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: helm-emqxs
+  namespace: cq-uas-260427
+rules:
+  - apiGroups: [""]
+    resources:
+      - endpoints
+      - pods
+    verbs:
+      - get
+      - watch
+      - list
+
+---
+# ============== RoleBinding ==============
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: helm-emqxs
+  namespace: cq-uas-260427
+subjects:
+  - kind: ServiceAccount
+    name: helm-emqxs
+    namespace: cq-uas-260427
+roleRef:
+  kind: Role
+  name: helm-emqxs
+  apiGroup: rbac.authorization.k8s.io
+
+---
+# ============== ConfigMap - Bootstrap配置文件 ==============
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: emqx-bootstrap-config
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: middleware
+    cmii.app: helm-emqxs
+data:
+  # 主配置文件 - 覆盖默认配置
+  emqx.conf: |
+    # 节点配置
+    node {
+      name = "emqx@${POD_NAME}.helm-emqxs-headless.cq-uas-260427.svc.cluster.local"
+      cookie = "emqx-cluster-cookie-secret"
+      data_dir = "/opt/emqx/data"
+    }
+    
+    # 集群配置
+    cluster {
+      name = emqxcl
+      # 单节点 建议为 manual 多节点为k8s
+      discovery_strategy = manual
+      k8s {
+        apiserver = "https://kubernetes.default.svc.cluster.local:443"
+        service_name = "helm-emqxs-headless"
+        # 这里可以改为 hostname
+        address_type = dns
+        namespace = "cq-uas-260427"
+        suffix = "svc.cluster.local"
+      }
+    }
+    
+    # 日志配置
+    log {
+      console {
+        enable = true
+        level = info
+      }
+      file {
+        enable = true
+        level = warning
+        path = "/opt/emqx/log"
+      }
+    }
+    
+    # Dashboard配置
+    dashboard {
+      listeners.http {
+        bind = "0.0.0.0:18083"
+      }
+      default_username = "admin"
+      default_password = "public"
+    }
+    
+    # 监听器配置
+    listeners.tcp.default {
+      bind = "0.0.0.0:1883"
+      max_connections = 1024000
+    }
+    
+    listeners.ws.default {
+      bind = "0.0.0.0:8083"
+      max_connections = 1024000
+      websocket.mqtt_path = "/mqtt"
+    }
+    
+    listeners.ssl.default {
+      bind = "0.0.0.0:8883"
+      max_connections = 512000
+    }
+    
+    # 认证配置 - 使用内置数据库
+    authentication = [
+      {
+        mechanism = password_based
+        backend = built_in_database
+        user_id_type = username
+        password_hash_algorithm {
+          name = sha256
+          salt_position = suffix
+        }
+        # Bootstrap文件路径 - 用于初始化用户
+        bootstrap_file = "/opt/emqx/data/bootstrap_users.json"
+        bootstrap_type = plain
+      }
+    ]
+    
+    # 授权配置
+    authorization {
+      no_match = deny
+      deny_action = disconnect
+    
+      sources = [
+        {
+          type = built_in_database
+          enable = true
+        }
+      ]
+    }
+    
+    # MQTT协议配置
+    mqtt {
+      max_packet_size = "1MB"
+      max_clientid_len = 65535
+      max_topic_levels = 128
+      max_qos_allowed = 2
+      max_topic_alias = 65535
+      retain_available = true
+      wildcard_subscription = true
+      shared_subscription = true
+    }
+
+---
+# ============== ConfigMap - Users & ACL (严格 JSON 格式) ==============
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: emqx-bootstrap-users
+  namespace: cq-uas-260427
+data:
+  bootstrap_users.json: |
+    [
+      { "user_id": "admin", "password": "odD8#Ve7.B", "is_superuser": true },
+      { "user_id": "cmlc", "password": "odD8#Ve7.B", "is_superuser": false }
+    ]
+
+  # 【修改点】既然有jq，这里使用标准的 JSON 数组格式，最不容易出错
+  bootstrap_acl.json: |
+    [
+      {
+        "username": "admin",
+        "rules": [
+          {"action": "all", "permission": "allow", "topic": "#"}
+        ]
+      },
+      {
+        "username": "cmlc",
+        "rules": [
+          {"action": "publish", "permission": "allow", "topic": "#"},
+          {"action": "subscribe", "permission": "allow", "topic": "#"}
+        ]
+      }
+    ]
+
+---
+# ============== ConfigMap - 初始化脚本 (修正版) ==============
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: emqx-init-dashboard
+  namespace: cq-uas-260427
+data:
+  init-dashboard.sh: |
+    #!/bin/bash
+    set -e
+    
+    DASHBOARD_USER="admin"
+    DASHBOARD_PASS="${DASHBOARD_ADMIN_PASSWORD}"
+    EMQX_API="http://localhost:18083/api/v5"
+    ACL_FILE="/bootstrap/bootstrap_acl.json"
+    
+    # 辅助函数：打印带时间戳的日志
+    log() {
+      echo "[$(date +'%H:%M:%S')] $1"
+    }
+    
+    log "======================================"
+    log "初始化 Dashboard 与 ACL (Debug Version)"
+    log "======================================"
+    
+    # ----------------------------------------------------------------
+    # 1. 等待 EMQX API 就绪
+    # ----------------------------------------------------------------
+    log "[1/4] 等待 EMQX API 就绪..."
+    for i in $(seq 1 60); do
+      if curl -s -f -m 5 "${EMQX_API}/status" > /dev/null 2>&1; then
+        log "✓ EMQX API 已就绪"
+        break
+      fi
+      if [ $i -eq 60 ]; then
+        log "✗ EMQX API 启动超时"
+        exit 1
+      fi
+      sleep 5
+    done
+    
+    # ----------------------------------------------------------------
+    # 2. 修改 Dashboard 密码
+    # ----------------------------------------------------------------
+    log "[2/4] 检查/更新 Dashboard 密码..."
+    
+    # 获取 Token (尝试默认密码)
+    LOGIN_RESP=$(curl -s -X POST "${EMQX_API}/login" \
+      -H 'Content-Type: application/json' \
+      -d "{\"username\":\"${DASHBOARD_USER}\",\"password\":\"public\"}")
+    
+    TOKEN=$(echo "$LOGIN_RESP" | jq -r '.token // empty')
+    
+    if [ -n "$TOKEN" ]; then
+      log "  检测到默认密码，正在更新..."
+      curl -s -f -X POST "${EMQX_API}/users/${DASHBOARD_USER}/change_pwd" \
+        -H "Authorization: Bearer ${TOKEN}" \
+        -H 'Content-Type: application/json' \
+        -d "{\"old_pwd\":\"public\",\"new_pwd\":\"${DASHBOARD_PASS}\"}"
+      log "  ✓ Dashboard 密码已更新"
+    else
+      log "  ℹ 无法使用默认密码登录，跳过更新（可能已修改）"
+    fi
+    
+    # ----------------------------------------------------------------
+    # 3. 导入 ACL 规则
+    # ----------------------------------------------------------------
+    echo "[3/3] 导入ACL规则..."
+
+    # 重新登录获取最新 Token
+    LOGIN_RESP=$(curl -sS -X POST "${EMQX_API}/login" \
+      -H 'Content-Type: application/json' \
+      -d "{\"username\":\"${DASHBOARD_USER}\",\"password\":\"${DASHBOARD_PASS}\"}")
+
+    TOKEN=$(echo "$LOGIN_RESP" | jq -r '.token // empty')
+
+    if [ -z "$TOKEN" ]; then
+      echo "  ✗ 无法获取Token，请检查密码设置"
+      exit 0
+    fi
+
+    if [ -f "$ACL_FILE" ]; then
+      echo "  正在解析 ACL 文件: $ACL_FILE"
+
+      if ! jq -e . "$ACL_FILE" >/dev/null 2>&1; then
+         echo "  ✗ ACL 文件 JSON 格式错误，跳过处理"
+         exit 0
+      fi
+
+      jq -c '.[]' "$ACL_FILE" | while read -r user_config; do
+        USERNAME=$(echo "$user_config" | jq -r '.username // empty')
+
+        # ✅ PUT/POST 都需要 username + rules（username 是 required）
+        REQ_BODY=$(echo "$user_config" | jq -c '{username: .username, rules: .rules}')
+
+        if [ -z "$USERNAME" ]; then
+          echo "  ✗ ACL 条目缺少 username，跳过"
+          continue
+        fi
+
+        echo "  配置用户 ${USERNAME} 的ACL规则..."
+
+        # 1) 优先 PUT（覆盖更新）
+        http_code=$(curl -sS -o /tmp/emqx_acl_resp.json -w '%{http_code}' \
+          -X PUT "${EMQX_API}/authorization/sources/built_in_database/rules/users/${USERNAME}" \
+          -H "Authorization: Bearer ${TOKEN}" \
+          -H 'Content-Type: application/json' \
+          -d "$REQ_BODY")
+
+        if [ "$http_code" = "204" ]; then
+          echo "    ✓ PUT 更新成功"
+        elif [ "$http_code" = "404" ]; then
+          # 2) 不存在则 POST 创建
+          http_code2=$(curl -sS -o /tmp/emqx_acl_resp.json -w '%{http_code}' \
+            -X POST "${EMQX_API}/authorization/sources/built_in_database/rules/users" \
+            -H "Authorization: Bearer ${TOKEN}" \
+            -H 'Content-Type: application/json' \
+            -d "$REQ_BODY")
+
+          if [ "$http_code2" = "204" ]; then
+            echo "    ✓ POST 创建成功"
+          else
+            echo "    ✗ POST 失败 (HTTP ${http_code2})：$(cat /tmp/emqx_acl_resp.json 2>/dev/null || true)"
+            exit 1
+          fi
+        else
+          echo "    ✗ PUT 失败 (HTTP ${http_code})：$(cat /tmp/emqx_acl_resp.json 2>/dev/null || true)"
+          exit 1
+        fi
+
+        # 3) 导入后验证（可选但强烈建议保留）
+        verify_code=$(curl -sS -o /tmp/emqx_acl_verify.json -w '%{http_code}' \
+          -H "Authorization: Bearer ${TOKEN}" \
+          "${EMQX_API}/authorization/sources/built_in_database/rules/users/${USERNAME}")
+
+        if [ "$verify_code" = "200" ]; then
+          echo "    ✓ 验证成功：$(cat /tmp/emqx_acl_verify.json | jq -c '.')"
+        else
+          echo "    ✗ 验证失败 (HTTP ${verify_code})：$(cat /tmp/emqx_acl_verify.json 2>/dev/null || true)"
+          exit 1
+        fi
+      done
+
+      echo "  ✓ ACL 规则导入完成"
+    else
+      echo "  ℹ 未找到 ACL 文件"
+    fi
+
+---
+# ============== StatefulSet ==============
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: helm-emqxs
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: middleware
+    cmii.app: helm-emqxs
+    cmii.emqx.architecture: cluster
+    helm.sh/chart: emqx-1.1.0
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: "2.3"
+spec:
+  replicas: 1
+  serviceName: helm-emqxs-headless
+  podManagementPolicy: Parallel
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      cmii.type: middleware
+      cmii.app: helm-emqxs
+      cmii.emqx.architecture: cluster
+
+  template:
+    metadata:
+      labels:
+        cmii.type: middleware
+        cmii.app: helm-emqxs
+        cmii.emqx.architecture: cluster
+        helm.sh/chart: emqx-1.1.0
+        app.kubernetes.io/managed-by: octopus-control
+        app.kubernetes.io/version: "2.3"
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: uavcloud.env
+                    operator: In
+                    values:
+                      - cq-uas-260427
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: cmii.app
+                      operator: In
+                      values:
+                        - helm-emqxs
+                topologyKey: kubernetes.io/hostname
+
+      imagePullSecrets:
+        - name: harborsecret
+
+      serviceAccountName: helm-emqxs
+
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+
+      # InitContainer - 准备bootstrap文件
+      initContainers:
+        - name: prepare-bootstrap
+          # 动态选择 tools 镜像
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii/os-shell:12-debian-12-r51
+          imagePullPolicy: IfNotPresent
+          # =========================================================
+          # 权限: 必须以 root 身份运行才能 chown
+          # =========================================================
+          securityContext:
+            runAsUser: 0
+          command:
+            - /bin/sh
+            - -c
+            - |
+              echo "准备bootstrap文件..."
+              
+              # 创建数据目录
+              mkdir -p /opt/emqx/data
+              
+              # 复制bootstrap文件到数据目录
+              # 只在文件不存在时复制，避免覆盖已有数据
+              if [ ! -f /opt/emqx/data/bootstrap_users.json ]; then
+                cp /bootstrap-src/bootstrap_users.json /opt/emqx/data/
+                echo "✓ 已复制用户bootstrap文件"
+              else
+                echo "ℹ 用户bootstrap文件已存在，跳过"
+              fi
+              
+              # 设置权限 (现在有root权限，可以成功)
+              chown -R 1000:1000 /opt/emqx/data
+              
+              echo "✓ Bootstrap准备完成"
+          volumeMounts:
+            - name: emqx-data
+              mountPath: /opt/emqx/data
+            - name: bootstrap-users
+              mountPath: /bootstrap-src
+
+      containers:
+        # 主容器 - EMQX
+        - name: emqx
+          # 动态选择 emqx 镜像
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/emqx:5.8.8
+          imagePullPolicy: IfNotPresent
+
+          env:
+            # Pod信息
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: EMQX_DATA_DIR
+              value: "/opt/emqx/data"
+
+          ports:
+            - name: mqtt
+              containerPort: 1883
+            - name: mqttssl
+              containerPort: 8883
+            - name: ws
+              containerPort: 8083
+            - name: dashboard
+              containerPort: 18083
+            - name: ekka
+              containerPort: 4370
+
+          resources:
+            requests:
+              cpu: "500m"
+              memory: "512Mi"
+            limits:
+              cpu: "2000m"
+              memory: "2Gi"
+
+          livenessProbe:
+            httpGet:
+              path: /status
+              port: 18083
+            initialDelaySeconds: 60
+            periodSeconds: 30
+            timeoutSeconds: 10
+            failureThreshold: 3
+
+          readinessProbe:
+            httpGet:
+              path: /status
+              port: 18083
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
+
+          startupProbe:
+            httpGet:
+              path: /status
+              port: 18083
+            initialDelaySeconds: 10
+            periodSeconds: 5
+            failureThreshold: 30
+
+          volumeMounts:
+            - name: emqx-data
+              mountPath: /opt/emqx/data
+            # 使用 subPath 挂载单个配置文件，避免覆盖目录
+            - name: bootstrap-config
+              mountPath: /opt/emqx/etc/emqx.conf
+              subPath: emqx.conf
+
+        # Sidecar - 初始化Dashboard密码和ACL
+        - name: init-dashboard
+          # 动态选择 tools 镜像
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii/os-shell:12-debian-12-r51
+          imagePullPolicy: IfNotPresent
+
+          command:
+            - /bin/sh
+            - -c
+            - |
+              # 等待主容器启动
+              echo "等待EMQX启动..."
+              sleep 20
+              
+              # 执行初始化
+              /bin/sh /scripts/init-dashboard.sh
+              
+              # 保持运行
+              echo "初始化完成，进入守护模式..."
+              while true; do sleep 3600; done
+
+          env:
+            - name: DASHBOARD_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: emqx-credentials
+                  key: dashboard-admin-password
+
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "64Mi"
+            limits:
+              cpu: "200m"
+              memory: "128Mi"
+
+          volumeMounts:
+            - name: init-script
+              mountPath: /scripts
+            - name: bootstrap-users
+              mountPath: /bootstrap
+
+      volumes:
+        - name: bootstrap-config
+          configMap:
+            name: emqx-bootstrap-config
+        - name: bootstrap-users
+          configMap:
+            name: emqx-bootstrap-users
+        - name: init-script
+          configMap:
+            name: emqx-init-dashboard
+            defaultMode: 0755
+        - name: emqx-data
+          persistentVolumeClaim:
+            claimName: helm-emqxs
+
+---
+# ============== Service - Headless ==============
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-emqxs-headless
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: middleware
+    cmii.app: helm-emqxs
+    cmii.emqx.architecture: cluster
+    helm.sh/chart: emqx-1.1.0
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: "2.3"
+spec:
+  type: ClusterIP
+  clusterIP: None
+  publishNotReadyAddresses: true
+  selector:
+    cmii.type: middleware
+    cmii.app: helm-emqxs
+    cmii.emqx.architecture: cluster
+  ports:
+    - name: mqtt
+      port: 1883
+      targetPort: 1883
+    - name: mqttssl
+      port: 8883
+      targetPort: 8883
+    - name: ws
+      port: 8083
+      targetPort: 8083
+    - name: dashboard
+      port: 18083
+      targetPort: 18083
+    - name: ekka
+      port: 4370
+      targetPort: 4370
+
+---
+# ============== Service - NodePort ==============
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-emqxs
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: middleware
+    cmii.app: helm-emqxs
+    cmii.emqx.architecture: cluster
+    helm.sh/chart: emqx-1.1.0
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: "2.3"
+spec:
+  type: NodePort
+  selector:
+    cmii.type: middleware
+    cmii.app: helm-emqxs
+    cmii.emqx.architecture: cluster
+  ports:
+    - name: mqtt
+      port: 1883
+      targetPort: 1883
+      nodePort: 30883
+    - name: dashboard
+      port: 18083
+      targetPort: 18083
+      nodePort: 32085
+    - name: ws
+      port: 8083
+      targetPort: 8083
+      nodePort: 32086
+    - name: mqttssl
+      port: 8883
+      targetPort: 8883
--- a/83-202604-重庆二级监管/k8s-app/k8s-frontend.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-frontend.yaml
@@ -0,0 +1,203 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: nginx-cm
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: frontend
+data:
+  nginx.conf: |
+    server {
+        listen       9528;
+        server_name  localhost;
+        gzip on;
+
+        location / {
+            root   /home/cmii-platform/dist;
+            index  index.html index.htm;
+        }
+
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cmii-uav-platform-uas
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: frontend
+    cmii.app: cmii-uav-platform-uas
+    octopus.control: frontend-app-wdd
+    app.kubernetes.io/app-version: "2.3"
+spec:
+  replicas: 0
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      cmii.type: frontend
+      cmii.app: cmii-uav-platform-uas
+  template:
+    metadata:
+      labels:
+        cmii.type: frontend
+        cmii.app: cmii-uav-platform-uas
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      containers:
+        - name: cmii-uav-platform-uas
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-uav-platform-uas:2.3.0-pro-20260312
+          imagePullPolicy: Always
+          env:
+            - name: K8S_NAMESPACE
+              value: cq-uas-260427
+            - name: APPLICATION_NAME
+              value: cmii-uav-platform-uas
+          ports:
+            - name: platform-9528
+              containerPort: 9528
+              protocol: TCP
+          resources:
+            limits:
+              cpu: "1"
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+          volumeMounts:
+            - name: nginx-conf
+              mountPath: /etc/nginx/conf.d/nginx.conf
+              subPath: nginx.conf
+            - name: tenant-prefix
+              subPath: ingress-config.js
+              mountPath: /home/cmii-platform/dist/ingress-config.js
+      volumes:
+        - name: nginx-conf
+          configMap:
+            name: nginx-cm
+            items:
+              - key: nginx.conf
+                path: nginx.conf
+        - name: tenant-prefix
+          configMap:
+            name: tenant-prefix-uas
+            items:
+              - key: ingress-config.js
+                path: ingress-config.js
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: cmii-uav-platform-uas
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: frontend
+    cmii.app: cmii-uav-platform-uas
+    octopus.control: frontend-app-wdd
+    app.kubernetes.io/version: "2.3"
+spec:
+  type: ClusterIP
+  selector:
+    cmii.type: frontend
+    cmii.app: cmii-uav-platform-uas
+  ports:
+    - name: web-svc-port
+      port: 9528
+      protocol: TCP
+      targetPort: 9528
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cmii-uav-platform-uasms
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: frontend
+    cmii.app: cmii-uav-platform-uasms
+    octopus.control: frontend-app-wdd
+    app.kubernetes.io/app-version: "2.3"
+spec:
+  replicas: 0
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      cmii.type: frontend
+      cmii.app: cmii-uav-platform-uasms
+  template:
+    metadata:
+      labels:
+        cmii.type: frontend
+        cmii.app: cmii-uav-platform-uasms
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      containers:
+        - name: cmii-uav-platform-uasms
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-uav-platform-uasms:2.3.0-pro-20260312
+          imagePullPolicy: Always
+          env:
+            - name: K8S_NAMESPACE
+              value: cq-uas-260427
+            - name: APPLICATION_NAME
+              value: cmii-uav-platform-uasms
+          ports:
+            - name: platform-9528
+              containerPort: 9528
+              protocol: TCP
+          resources:
+            limits:
+              cpu: "1"
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+          volumeMounts:
+            - name: nginx-conf
+              mountPath: /etc/nginx/conf.d/nginx.conf
+              subPath: nginx.conf
+            - name: tenant-prefix
+              subPath: ingress-config.js
+              mountPath: /home/cmii-platform/dist/ingress-config.js
+      volumes:
+        - name: nginx-conf
+          configMap:
+            name: nginx-cm
+            items:
+              - key: nginx.conf
+                path: nginx.conf
+        - name: tenant-prefix
+          configMap:
+            name: tenant-prefix-uasms
+            items:
+              - key: ingress-config.js
+                path: ingress-config.js
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: cmii-uav-platform-uasms
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: frontend
+    cmii.app: cmii-uav-platform-uasms
+    octopus.control: frontend-app-wdd
+    app.kubernetes.io/version: "2.3"
+spec:
+  type: ClusterIP
+  selector:
+    cmii.type: frontend
+    cmii.app: cmii-uav-platform-uasms
+  ports:
+    - name: web-svc-port
+      port: 9528
+      protocol: TCP
+      targetPort: 9528
--- a/83-202604-重庆二级监管/k8s-app/k8s-ingress.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-ingress.yaml
--- a/83-202604-重庆二级监管/k8s-app/k8s-mongo.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-mongo.yaml
@@ -0,0 +1,77 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-mongo
+  namespace: cq-uas-260427
+  labels:
+    cmii.app: helm-mongo
+    cmii.type: middleware
+    helm.sh/chart: mongo-1.1.0
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: "2.3"
+spec:
+  type: ClusterIP
+  selector:
+    cmii.app: helm-mongo
+    cmii.type: middleware
+  ports:
+    - port: 27017
+      name: server-27017
+      targetPort: 27017
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: helm-mongo
+  namespace: cq-uas-260427
+  labels:
+    cmii.app: helm-mongo
+    cmii.type: middleware
+    helm.sh/chart: mongo-1.1.0
+    app.kubernetes.io/managed-by: octopus-control
+    app.kubernetes.io/version: "2.3"
+spec:
+  serviceName: helm-mongo
+  replicas: 1
+  selector:
+    matchLabels:
+      cmii.app: helm-mongo
+      cmii.type: middleware
+  template:
+    metadata:
+      labels:
+        cmii.app: helm-mongo
+        cmii.type: middleware
+        helm.sh/chart: mongo-1.1.0
+        app.kubernetes.io/managed-by: octopus-control
+        app.kubernetes.io/version: "2.3"
+      annotations:
+        pod.alpha.kubernetes.io/initialized: "true"
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      affinity: {}
+      containers:
+        - name: helm-mongo
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/mongo:5.0
+          resources: {}
+          ports:
+            - containerPort: 27017
+              name: mongo27017
+              protocol: TCP
+          env:
+            - name: MONGO_INITDB_ROOT_USERNAME
+              value: cmlc
+            - name: MONGO_INITDB_ROOT_PASSWORD
+              value: REdPza8#oVlt
+          volumeMounts:
+            - name: mongo-data
+              mountPath: /data/db
+              readOnly: false
+              subPath: default/helm-mongo/data/db
+      volumes:
+        - name: mongo-data
+          persistentVolumeClaim:
+            claimName: helm-mongo
+---
--- a/83-202604-重庆二级监管/k8s-app/k8s-mysql.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-mysql.yaml
@@ -0,0 +1,410 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: helm-mysql
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: mysql-db
+    octopus.control: mysql-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+  annotations: {}
+secrets:
+  - name: helm-mysql
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: helm-mysql
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: mysql-db
+    octopus.control: mysql-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+type: Opaque
+data:
+  mysql-root-password: "UXpmWFFoZDNiUQ=="
+  mysql-password: "S0F0cm5PckFKNw=="
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: helm-mysql
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: mysql-db
+    octopus.control: mysql-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+    app.kubernetes.io/component: primary
+data:
+  my.cnf: |-
+    
+    [mysqld]
+    port=3306
+    basedir=/opt/bitnami/mysql
+    datadir=/bitnami/mysql/data
+    pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+    socket=/opt/bitnami/mysql/tmp/mysql.sock
+    log-error=/bitnami/mysql/data/error.log
+    general_log_file = /bitnami/mysql/data/general.log
+    slow_query_log_file = /bitnami/mysql/data/slow.log
+    innodb_data_file_path = ibdata1:512M:autoextend
+    innodb_buffer_pool_size = 512M
+    innodb_buffer_pool_instances = 2
+    innodb_log_file_size = 512M
+    innodb_log_files_in_group = 4
+    innodb_log_files_in_group = 4
+    log-bin = /bitnami/mysql/data/mysql-bin
+    max_binlog_size=1G
+    transaction_isolation = REPEATABLE-READ
+    default_storage_engine = innodb
+    character-set-server = utf8mb4
+    collation-server=utf8mb4_bin
+    binlog_format = ROW
+    binlog_rows_query_log_events=on
+    binlog_cache_size=4M
+    binlog_expire_logs_seconds  = 1296000
+    max_binlog_cache_size=2G
+    gtid_mode = on
+    enforce_gtid_consistency = 1
+    sync_binlog = 1
+    innodb_flush_log_at_trx_commit = 1
+    innodb_flush_method = O_DIRECT
+    log_slave_updates=1
+    relay_log_recovery = 1
+    relay-log-purge = 1
+    default_time_zone = '+08:00'
+    lower_case_table_names=1
+    log_bin_trust_function_creators=1
+    group_concat_max_len=67108864
+    innodb_io_capacity = 4000
+    innodb_io_capacity_max = 8000
+    innodb_flush_sync = 0
+    innodb_flush_neighbors = 0
+    innodb_write_io_threads = 8
+    innodb_read_io_threads = 8
+    innodb_purge_threads = 4
+    innodb_page_cleaners = 4
+    innodb_open_files = 65535
+    innodb_max_dirty_pages_pct = 50
+    innodb_lru_scan_depth = 4000
+    innodb_checksum_algorithm = crc32
+    innodb_lock_wait_timeout = 10
+    innodb_rollback_on_timeout = 1
+    innodb_print_all_deadlocks = 1
+    innodb_file_per_table = 1
+    innodb_online_alter_log_max_size = 4G
+    innodb_stats_on_metadata = 0
+    innodb_thread_concurrency = 0
+    innodb_sync_spin_loops = 100
+    innodb_spin_wait_delay = 30
+    lock_wait_timeout = 3600
+    slow_query_log = 1
+    long_query_time = 10
+    log_queries_not_using_indexes =1
+    log_throttle_queries_not_using_indexes = 60
+    min_examined_row_limit = 100
+    log_slow_admin_statements = 1
+    log_slow_slave_statements = 1
+    default_authentication_plugin=mysql_native_password
+    skip-name-resolve=1
+    explicit_defaults_for_timestamp=1
+    plugin_dir=/opt/bitnami/mysql/plugin
+    max_allowed_packet=128M
+    max_connections = 2000
+    max_connect_errors = 1000000
+    table_definition_cache=2000
+    table_open_cache_instances=64
+    tablespace_definition_cache=1024
+    thread_cache_size=256
+    interactive_timeout = 600
+    wait_timeout = 600
+    tmpdir=/opt/bitnami/mysql/tmp
+    max_allowed_packet=32M
+    bind-address=0.0.0.0
+    performance_schema = 1
+    performance_schema_instrument = '%memory%=on'
+    performance_schema_instrument = '%lock%=on'
+    innodb_monitor_enable=ALL
+    
+    [mysql]
+    no-auto-rehash
+    
+    [mysqldump]
+    quick
+    max_allowed_packet = 32M
+    
+    [client]
+    port=3306
+    socket=/opt/bitnami/mysql/tmp/mysql.sock
+    default-character-set=UTF8
+    plugin_dir=/opt/bitnami/mysql/plugin
+    
+    [manager]
+    port=3306
+    socket=/opt/bitnami/mysql/tmp/mysql.sock
+    pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: helm-mysql-init-scripts
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: mysql-db
+    octopus.control: mysql-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+    app.kubernetes.io/component: primary
+data:
+  create_users_grants_core.sql: |-
+    create user zyly@'%' identified by 'Cmii@451315';
+    grant select on *.* to zyly@'%';
+    create user zyly_qc@'%' identified by 'Uh)E_owCyb16';
+    grant all on *.* to zyly_qc@'%';
+    create user k8s_admin@'%' identified by 'fP#UaH6qQ3)8';
+    grant all on *.* to k8s_admin@'%';
+    create user audit_dba@'%' identified by 'PjCzqiBmJaTpgkoYXynH';
+    grant all on *.* to audit_dba@'%';
+    create user db_backup@'%' identified by 'RU5Pu(4FGdT9';
+    GRANT SELECT, RELOAD, PROCESS, LOCK TABLES, REPLICATION CLIENT, EVENT on *.* to db_backup@'%';
+    create user monitor@'%' identified by 'PL3#nGtrWbf-';
+    grant REPLICATION CLIENT on *.* to monitor@'%';
+    flush privileges;
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: cmii-mysql
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/managed-by: octopus
+    app.kubernetes.io/name: mysql-db
+    app.kubernetes.io/release: cq-uas-260427
+    cmii.app: mysql
+    cmii.type: middleware
+    octopus.control: mysql-db-wdd
+spec:
+  ports:
+    - name: mysql
+      protocol: TCP
+      port: 13306
+      targetPort: mysql
+  selector:
+    app.kubernetes.io/component: primary
+    app.kubernetes.io/name: mysql-db
+    app.kubernetes.io/release: cq-uas-260427
+    cmii.app: mysql
+    cmii.type: middleware
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-mysql-headless
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: mysql-db
+    octopus.control: mysql-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+    cmii.type: middleware
+    cmii.app: mysql
+    app.kubernetes.io/component: primary
+  annotations: {}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  publishNotReadyAddresses: true
+  ports:
+    - name: mysql
+      port: 3306
+      targetPort: mysql
+  selector: 
+    app.kubernetes.io/name: mysql-db
+    app.kubernetes.io/release: cq-uas-260427
+    cmii.type: middleware
+    cmii.app: mysql
+    app.kubernetes.io/component: primary
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-mysql
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: mysql-db
+    octopus.control: mysql-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+    cmii.type: middleware
+    cmii.app: mysql
+    app.kubernetes.io/component: primary
+  annotations: {}
+spec:
+  type: NodePort
+  ports:
+    - name: mysql
+      port: 3306
+      protocol: TCP
+      targetPort: mysql
+      nodePort: 31306
+  selector: 
+    app.kubernetes.io/name: mysql-db
+    app.kubernetes.io/release: cq-uas-260427
+    cmii.type: middleware
+    cmii.app: mysql
+    app.kubernetes.io/component: primary
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: helm-mysql
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: mysql-db
+    octopus.control: mysql-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+    cmii.type: middleware
+    cmii.app: mysql
+    app.kubernetes.io/component: primary
+spec:
+  replicas: 1
+  selector:
+    matchLabels: 
+      app.kubernetes.io/name: mysql-db
+      app.kubernetes.io/release: cq-uas-260427
+      cmii.type: middleware
+      cmii.app: mysql
+      app.kubernetes.io/component: primary
+  serviceName: helm-mysql
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        checksum/configuration: 6b60fa0f3a846a6ada8effdc4f823cf8003d42a8c8f630fe8b1b66d3454082dd
+      labels:
+        app.kubernetes.io/name: mysql-db
+        octopus.control: mysql-db-wdd
+        app.kubernetes.io/release: cq-uas-260427
+        app.kubernetes.io/managed-by: octopus
+        cmii.type: middleware
+        cmii.app: mysql
+        app.kubernetes.io/component: primary
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      serviceAccountName: helm-mysql
+      affinity: {}
+      nodeSelector:
+        mysql-deploy: "true"
+      securityContext:
+        fsGroup: 1001
+      initContainers:
+        - name: change-volume-permissions
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/os-shell:12-debian-12-r51
+          imagePullPolicy: "Always"
+          command:
+            - /bin/bash
+            - -ec
+            - |
+              chown -R 1001:1001 /bitnami/mysql
+          securityContext:
+            runAsUser: 0
+          volumeMounts:
+            - name: mysql-data
+              mountPath: /bitnami/mysql
+      containers:
+        - name: mysql
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/mysql:8.1.0-debian-11-r42
+          imagePullPolicy: "IfNotPresent"
+          securityContext:
+            runAsUser: 1001
+          env:
+            - name: BITNAMI_DEBUG
+              value: "true"
+            - name: MYSQL_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: helm-mysql
+                  key: mysql-root-password
+            - name: MYSQL_DATABASE
+              value: "cmii"
+          ports:
+            - name: mysql
+              containerPort: 3306
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 120
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 3
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - |
+                  password_aux="${MYSQL_ROOT_PASSWORD:-}"
+                  if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then
+                      password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE")
+                  fi
+                  mysqladmin status -uroot -p"${password_aux}"
+          readinessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 3
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - |
+                  password_aux="${MYSQL_ROOT_PASSWORD:-}"
+                  if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then
+                      password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE")
+                  fi
+                  mysqladmin status -uroot -p"${password_aux}"
+          startupProbe:
+            failureThreshold: 60
+            initialDelaySeconds: 120
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - |
+                  password_aux="${MYSQL_ROOT_PASSWORD:-}"
+                  if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then
+                      password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE")
+                  fi
+                  mysqladmin status -uroot -p"${password_aux}"
+          resources: 
+            limits: {}
+            requests: {}
+          volumeMounts:
+            - name: mysql-data
+              mountPath: /bitnami/mysql
+            - name: custom-init-scripts
+              mountPath: /docker-entrypoint-initdb.d
+            - name: config
+              mountPath: /opt/bitnami/mysql/conf/my.cnf
+              subPath: my.cnf
+      volumes:
+        - name: config
+          configMap:
+            name: helm-mysql
+        - name: custom-init-scripts
+          configMap:
+            name: helm-mysql-init-scripts
+        - name: mysql-data
+          hostPath:
+            path: /var/lib/docker/mysql-pv/cq-uas-260427/
--- a/83-202604-重庆二级监管/k8s-app/k8s-nacos.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-nacos.yaml
@@ -0,0 +1,130 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: helm-nacos-cm
+  namespace: cq-uas-260427
+  labels:
+    cmii.app: helm-nacos
+    cmii.type: middleware
+    octopus.control: nacos-wdd
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: "2.3"
+data:
+  mysql.db.name: "cmii_nacos_config"
+  mysql.db.host: "helm-mysql"
+  mysql.port: "3306"
+  mysql.user: "k8s_admin"
+  mysql.password: "fP#UaH6qQ3)8"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-nacos
+  namespace: cq-uas-260427
+  labels:
+    cmii.app: helm-nacos
+    cmii.type: middleware
+    octopus.control: nacos-wdd
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: "2.3"
+spec:
+  type: NodePort
+  selector:
+    cmii.app: helm-nacos
+    cmii.type: middleware
+  ports:
+    - port: 8848
+      name: server
+      targetPort: 8848
+      nodePort: 31848
+    - port: 9848
+      name: server12
+      targetPort: 9848
+    - port: 9849
+      name: server23
+      targetPort: 9849
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: helm-nacos
+  namespace: cq-uas-260427
+  labels:
+    cmii.app: helm-nacos
+    cmii.type: middleware
+    octopus.control: nacos-wdd
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: "2.3"
+spec:
+  serviceName: helm-nacos
+  replicas: 1
+  selector:
+    matchLabels:
+      cmii.app: helm-nacos
+      cmii.type: middleware
+  template:
+    metadata:
+      labels:
+        cmii.app: helm-nacos
+        cmii.type: middleware
+        octopus.control: nacos-wdd
+        app.kubernetes.io/managed-by: octopus
+        app.kubernetes.io/version: "2.3"
+      annotations:
+        pod.alpha.kubernetes.io/initialized: "true"
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      affinity: {}
+      containers:
+        - name: nacos-server
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/nacos-server:v2.1.2-slim
+          ports:
+            - containerPort: 8848
+              name: dashboard
+            - containerPort: 9848
+              name: tcp-9848
+            - containerPort: 9849
+              name: tcp-9849
+          env:
+            - name: NACOS_AUTH_ENABLE
+              value: "false"
+            - name: NACOS_REPLICAS
+              value: "1"
+            - name: MYSQL_SERVICE_DB_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: helm-nacos-cm
+                  key: mysql.db.name
+            - name: MYSQL_SERVICE_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: helm-nacos-cm
+                  key: mysql.port
+            - name: MYSQL_SERVICE_USER
+              valueFrom:
+                configMapKeyRef:
+                  name: helm-nacos-cm
+                  key: mysql.user
+            - name: MYSQL_SERVICE_PASSWORD
+              valueFrom:
+                configMapKeyRef:
+                  name: helm-nacos-cm
+                  key: mysql.password
+            - name: MYSQL_SERVICE_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: helm-nacos-cm
+                  key: mysql.db.host
+            - name: NACOS_SERVER_PORT
+              value: "8848"
+            - name: NACOS_APPLICATION_PORT
+              value: "8848"
+            - name: PREFER_HOST_MODE
+              value: "hostname"
+            - name: MODE
+              value: standalone
+            - name: SPRING_DATASOURCE_PLATFORM
+              value: mysql
+---
--- a/83-202604-重庆二级监管/k8s-app/k8s-nfs-test.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-nfs-test.yaml
@@ -0,0 +1,39 @@
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: test-claim
+  annotations:
+    volume.beta.kubernetes.io/storage-class: "nfs-prod-distribute"   #与nfs-StorageClass.yaml metadata.name保持一致
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: nfs-prod-distribute
+  resources:
+    requests:
+      storage: 1Mi
+---
+kind: Pod
+apiVersion: v1
+metadata:
+  name: test-pod
+spec:
+  imagePullSecrets:
+    - name: harborsecret
+  containers:
+
+    - name: test-pod
+      image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/os-shell:12-debian-12-r51
+      command:
+        - "/bin/sh"
+      args:
+        - "-c"
+        - "touch /mnt/NFS-CREATE-SUCCESS && exit 0 || exit 1"   #创建一个SUCCESS文件后退出
+      volumeMounts:
+        - name: nfs-pvc
+          mountPath: "/mnt"
+  restartPolicy: "Never"
+  volumes:
+    - name: nfs-pvc
+      persistentVolumeClaim:
+        claimName: test-claim  #与PVC名称保持一致
--- a/83-202604-重庆二级监管/k8s-app/k8s-nfs.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-nfs.yaml
@@ -0,0 +1,114 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: nfs-client-provisioner
+  # replace with namespace where provisioner is deployed
+  namespace: kube-system        #根据实际环境设定namespace,下面类同
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: nfs-client-provisioner-runner
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: run-nfs-client-provisioner
+subjects:
+  - kind: ServiceAccount
+    name: nfs-client-provisioner
+    # replace with namespace where provisioner is deployed
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+#  name: nfs-client-provisioner-runner
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: leader-locking-nfs-client-provisioner
+  # replace with namespace where provisioner is deployed
+  namespace: kube-system
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: leader-locking-nfs-client-provisioner
+subjects:
+  - kind: ServiceAccount
+    name: nfs-client-provisioner
+    # replace with namespace where provisioner is deployed
+    namespace: kube-system
+roleRef:
+  kind: Role
+  name: leader-locking-nfs-client-provisioner
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: nfs-prod-distribute
+provisioner: cmlc-nfs-storage #这里的名称要和provisioner配置文件中的环境变量PROVISIONER_NAME保持一致parameters:  archiveOnDelete: "false"
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nfs-client-provisioner
+  labels:
+    app: nfs-client-provisioner
+  # replace with namespace where provisioner is deployed
+  namespace: kube-system  #与RBAC文件中的namespace保持一致
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nfs-client-provisioner
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: nfs-client-provisioner
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      serviceAccountName: nfs-client-provisioner
+      containers:
+        - name: nfs-client-provisioner
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/nfs-subdir-external-provisioner:v4.0.2
+          volumeMounts:
+            - name: nfs-client-root
+              mountPath: /persistentvolumes
+          env:
+            - name: PROVISIONER_NAME
+              value: cmlc-nfs-storage
+            - name: NFS_SERVER
+              value: 192.168.2.19
+            - name: NFS_PATH
+              value: /var/lib/docker/nfs_data
+      volumes:
+        - name: nfs-client-root
+          nfs:
+            server: 192.168.2.19
+            path: /var/lib/docker/nfs_data
--- a/83-202604-重庆二级监管/k8s-app/k8s-pvc.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-pvc.yaml
@@ -0,0 +1,76 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-backend-log-pvc
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: middleware-base
+    cmii.app: nfs-backend-log-pvc
+    helm.sh/chart: all-persistence-volume-claims-1.1.0
+    app.kubernetes.io/version: "2.3"
+spec:
+  storageClassName: nfs-prod-distribute
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 100Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: helm-emqxs
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: middleware-base
+    cmii.app: helm-emqxs
+    helm.sh/chart: all-persistence-volume-claims-1.1.0
+    app.kubernetes.io/version: "2.3"
+spec:
+  storageClassName: nfs-prod-distribute
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: helm-mongo
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: middleware-base
+    cmii.app: helm-mongo
+    helm.sh/chart: all-persistence-volume-claims-1.1.0
+    app.kubernetes.io/version: "2.3"
+spec:
+  storageClassName: nfs-prod-distribute
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 30Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: helm-rabbitmq
+  namespace: cq-uas-260427
+  labels:
+    cmii.type: middleware-base
+    cmii.app: helm-rabbitmq
+    helm.sh/chart: all-persistence-volume-claims-1.1.0
+    app.kubernetes.io/version: "2.3"
+spec:
+  storageClassName: nfs-prod-distribute
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 20Gi
--- a/83-202604-重庆二级监管/k8s-app/k8s-rabbitmq.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-rabbitmq.yaml
@@ -0,0 +1,328 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: helm-rabbitmq
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: helm-rabbitmq
+    helm.sh/chart: rabbitmq-8.26.1
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: rabbitmq
+automountServiceAccountToken: true
+secrets:
+    - name: helm-rabbitmq
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: helm-rabbitmq
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: helm-rabbitmq
+    helm.sh/chart: rabbitmq-8.26.1
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: rabbitmq
+type: Opaque
+data:
+  rabbitmq-password: "blljUk45MXIuX2hq"
+  rabbitmq-erlang-cookie: "emFBRmt1ZU1xMkJieXZvdHRYbWpoWk52UThuVXFzcTU="
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: helm-rabbitmq-config
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: helm-rabbitmq
+    helm.sh/chart: rabbitmq-8.26.1
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: rabbitmq
+data:
+  rabbitmq.conf: |-
+    ## Username and password
+    ##
+    default_user = admin
+    default_pass = nYcRN91r._hj
+    ## Clustering
+    ##
+    cluster_formation.peer_discovery_backend  = rabbit_peer_discovery_k8s
+    cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
+    cluster_formation.node_cleanup.interval = 10
+    cluster_formation.node_cleanup.only_log_warning = true
+    cluster_partition_handling = autoheal
+    # queue master locator
+    queue_master_locator = min-masters
+    # enable guest user
+    loopback_users.guest = false
+    #default_vhost = default-vhost
+    #disk_free_limit.absolute = 50MB
+    #load_definitions = /app/load_definition.json
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: helm-rabbitmq-endpoint-reader
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: helm-rabbitmq
+    helm.sh/chart: rabbitmq-8.26.1
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: rabbitmq
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: helm-rabbitmq-endpoint-reader
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: helm-rabbitmq
+    helm.sh/chart: rabbitmq-8.26.1
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: rabbitmq
+subjects:
+  - kind: ServiceAccount
+    name: helm-rabbitmq
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: helm-rabbitmq-endpoint-reader
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-rabbitmq-headless
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: helm-rabbitmq
+    helm.sh/chart: rabbitmq-8.26.1
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: rabbitmq
+spec:
+  clusterIP: None
+  ports:
+    - name: epmd
+      port: 4369
+      targetPort: epmd
+    - name: amqp
+      port: 5672
+      targetPort: amqp
+    - name: dist
+      port: 25672
+      targetPort: dist
+    - name: dashboard
+      port: 15672
+      targetPort: stats
+  selector: 
+    app.kubernetes.io/name: helm-rabbitmq
+    app.kubernetes.io/release: cq-uas-260427
+  publishNotReadyAddresses: true
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-rabbitmq
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: helm-rabbitmq
+    helm.sh/chart: rabbitmq-8.26.1
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: rabbitmq
+spec:
+  type: NodePort
+  ports:
+    - name: amqp
+      port: 5672
+      targetPort: amqp
+      nodePort: 34672
+    - name: dashboard
+      port: 15672
+      targetPort: dashboard
+      nodePort: 34675
+  selector: 
+    app.kubernetes.io/name: helm-rabbitmq
+    app.kubernetes.io/release: cq-uas-260427
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: helm-rabbitmq
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: helm-rabbitmq
+    helm.sh/chart: rabbitmq-8.26.1
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: rabbitmq
+spec:
+  serviceName: helm-rabbitmq-headless
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: helm-rabbitmq
+      app.kubernetes.io/release: cq-uas-260427
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: helm-rabbitmq
+        helm.sh/chart: rabbitmq-8.26.1
+        app.kubernetes.io/release: cq-uas-260427
+        app.kubernetes.io/managed-by: rabbitmq
+      annotations:
+        checksum/config: d6c2caa9572f64a06d9f7daa34c664a186b4778cd1697ef8e59663152fc628f1
+        checksum/secret: d764e7b3d999e7324d1afdfec6140092a612f04b6e0306818675815cec2f454f
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      serviceAccountName: helm-rabbitmq
+      affinity: {}
+      securityContext:
+        fsGroup: 5001
+        runAsUser: 5001
+      terminationGracePeriodSeconds: 120
+      initContainers:
+        - name: volume-permissions
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/os-shell:12-debian-12-r51
+          imagePullPolicy: "Always"
+          command:
+            - /bin/bash
+          args:
+            - -ec
+            - |
+              mkdir -p "/bitnami/rabbitmq/mnesia"
+              chown -R "5001:5001" "/bitnami/rabbitmq/mnesia"
+          securityContext:
+            runAsUser: 0
+          resources:
+            limits: {}
+            requests: {}
+          volumeMounts:
+            - name: data
+              mountPath: /bitnami/rabbitmq/mnesia
+      containers:
+        - name: rabbitmq
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/rabbitmq:3.13.7-debian-12-r5
+          imagePullPolicy: "Always"
+          env:
+            - name: BITNAMI_DEBUG
+              value: "false"
+            - name: MY_POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: MY_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: MY_POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: K8S_SERVICE_NAME
+              value: "helm-rabbitmq-headless"
+            - name: K8S_ADDRESS_TYPE
+              value: hostname
+            - name: RABBITMQ_FORCE_BOOT
+              value: "no"
+            - name: RABBITMQ_NODE_NAME
+              value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local"
+            - name: K8S_HOSTNAME_SUFFIX
+              value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local"
+            - name: RABBITMQ_MNESIA_DIR
+              value: "/bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)"
+            - name: RABBITMQ_LDAP_ENABLE
+              value: "no"
+            - name: RABBITMQ_LOGS
+              value: "-"
+            - name: RABBITMQ_ULIMIT_NOFILES
+              value: "65536"
+            - name: RABBITMQ_USE_LONGNAME
+              value: "true"
+            - name: RABBITMQ_ERL_COOKIE
+              valueFrom:
+                secretKeyRef:
+                  name: helm-rabbitmq
+                  key: rabbitmq-erlang-cookie
+            - name: RABBITMQ_LOAD_DEFINITIONS
+              value: "no"
+            - name: RABBITMQ_SECURE_PASSWORD
+              value: "yes"
+            - name: RABBITMQ_USERNAME
+              value: "admin"
+            - name: RABBITMQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: helm-rabbitmq
+                  key: rabbitmq-password
+            - name: RABBITMQ_PLUGINS
+              value: "rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_shovel, rabbitmq_shovel_management, rabbitmq_auth_backend_ldap"
+          ports:
+            - name: amqp
+              containerPort: 5672
+            - name: dist
+              containerPort: 25672
+            - name: dashboard
+              containerPort: 15672
+            - name: epmd
+              containerPort: 4369
+          livenessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - rabbitmq-diagnostics -q ping
+            initialDelaySeconds: 120
+            periodSeconds: 30
+            timeoutSeconds: 20
+            successThreshold: 1
+            failureThreshold: 6
+          readinessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
+            initialDelaySeconds: 10
+            periodSeconds: 30
+            timeoutSeconds: 20
+            successThreshold: 1
+            failureThreshold: 3
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /bin/bash
+                  - -ec
+                  - |
+                    if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
+                        /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d  "false"
+                    else
+                        rabbitmqctl stop_app
+                    fi
+          resources:
+            limits: {}
+            requests: {}
+          volumeMounts:
+            - name: configuration
+              mountPath: /bitnami/rabbitmq/conf
+            - name: data
+              mountPath: /bitnami/rabbitmq/mnesia
+      volumes:
+        - name: configuration
+          configMap:
+            name: helm-rabbitmq-config
+            items:
+              - key: rabbitmq.conf
+                path: rabbitmq.conf
+        - name: data
+          persistentVolumeClaim:
+            claimName: helm-rabbitmq
--- a/83-202604-重庆二级监管/k8s-app/k8s-redis.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-redis.yaml
@@ -0,0 +1,585 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: true
+metadata:
+  name: helm-redis
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: redis-db
+    octopus.control: redis-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: helm-redis
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: redis-db
+    octopus.control: redis-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+type: Opaque
+data:
+  redis-password: "TWNhY2hlQDQ1MjI="
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: helm-redis-configuration
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: redis-db
+    octopus.control: redis-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+data:
+  redis.conf: |-
+    # User-supplied common configuration:
+    # Enable AOF https://redis.io/topics/persistence#append-only-file
+    appendonly yes
+    # Disable RDB persistence, AOF persistence already enabled.
+    save ""
+    # End of common configuration
+  master.conf: |-
+    dir /data
+    # User-supplied master configuration:
+    rename-command FLUSHDB ""
+    rename-command FLUSHALL ""
+    # End of master configuration
+  replica.conf: |-
+    dir /data
+    slave-read-only yes
+    # User-supplied replica configuration:
+    rename-command FLUSHDB ""
+    rename-command FLUSHALL ""
+    # End of replica configuration
+---
+# Source: outside-deploy/charts/redis-db/templates/health-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: helm-redis-health
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: redis-db
+    octopus.control: redis-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+data:
+  ping_readiness_local.sh: |-
+    #!/bin/bash
+
+    [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
+    [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
+    response=$(
+      timeout -s 3 $1 \
+      redis-cli \
+        -h localhost \
+        -p $REDIS_PORT \
+        ping
+    )
+    if [ "$response" != "PONG" ]; then
+      echo "$response"
+      exit 1
+    fi
+  ping_liveness_local.sh: |-
+    #!/bin/bash
+
+    [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
+    [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
+    response=$(
+      timeout -s 3 $1 \
+      redis-cli \
+        -h localhost \
+        -p $REDIS_PORT \
+        ping
+    )
+    if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
+      echo "$response"
+      exit 1
+    fi
+  ping_readiness_master.sh: |-
+    #!/bin/bash
+
+    [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
+    [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
+    response=$(
+      timeout -s 3 $1 \
+      redis-cli \
+        -h $REDIS_MASTER_HOST \
+        -p $REDIS_MASTER_PORT_NUMBER \
+        ping
+    )
+    if [ "$response" != "PONG" ]; then
+      echo "$response"
+      exit 1
+    fi
+  ping_liveness_master.sh: |-
+    #!/bin/bash
+
+    [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
+    [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
+    response=$(
+      timeout -s 3 $1 \
+      redis-cli \
+        -h $REDIS_MASTER_HOST \
+        -p $REDIS_MASTER_PORT_NUMBER \
+        ping
+    )
+    if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
+      echo "$response"
+      exit 1
+    fi
+  ping_readiness_local_and_master.sh: |-
+    script_dir="$(dirname "$0")"
+    exit_status=0
+    "$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
+    "$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
+    exit $exit_status
+  ping_liveness_local_and_master.sh: |-
+    script_dir="$(dirname "$0")"
+    exit_status=0
+    "$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
+    "$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
+    exit $exit_status
+---
+# Source: outside-deploy/charts/redis-db/templates/scripts-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: helm-redis-scripts
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: redis-db
+    octopus.control: redis-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+data:
+  start-master.sh: |
+    #!/bin/bash
+
+    [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
+    if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
+        cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
+    fi
+    if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+        cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+    fi
+    ARGS=("--port" "${REDIS_PORT}")
+    ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+    ARGS+=("--masterauth" "${REDIS_PASSWORD}")
+    ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+    ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
+    exec redis-server "${ARGS[@]}"
+  start-replica.sh: |
+    #!/bin/bash
+
+    get_port() {
+        hostname="$1"
+        type="$2"
+
+        port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
+        port=${!port_var}
+        
+        if [ -z "$port" ]; then
+            case $type in
+                "SENTINEL")
+                    echo 26379
+                    ;;
+                "REDIS")
+                    echo 6379
+                    ;;
+            esac
+        else
+            echo $port
+        fi
+    }
+
+    get_full_hostname() {
+        hostname="$1"
+        echo "${hostname}.${HEADLESS_SERVICE}"
+    }
+
+    REDISPORT=$(get_port "$HOSTNAME" "REDIS")
+    
+    [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
+    [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
+    if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
+        cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
+    fi
+    if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+        cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+    fi
+
+    echo "" >> /opt/bitnami/redis/etc/replica.conf
+    echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf
+    echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf
+    ARGS=("--port" "${REDIS_PORT}")
+    ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
+    ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+    ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
+    ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+    ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
+    exec redis-server "${ARGS[@]}"
+---
+# Source: outside-deploy/charts/redis-db/templates/headless-svc.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-redis-headless
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: redis-db
+    octopus.control: redis-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    - name: tcp-redis
+      port: 6379
+      targetPort: redis
+  selector:
+    app.kubernetes.io/name: redis-db
+    app.kubernetes.io/release: cq-uas-260427
+---
+# Source: outside-deploy/charts/redis-db/templates/master/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-redis-master
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: redis-db
+    octopus.control: redis-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+    cmii.type: middleware
+    cmii.app: redis
+    app.kubernetes.io/component: master
+spec:
+  type: ClusterIP
+  
+  ports:
+    - name: tcp-redis
+      port: 6379
+      targetPort: redis
+      nodePort: null
+  selector:
+    app.kubernetes.io/name: redis-db
+    app.kubernetes.io/release: cq-uas-260427
+    cmii.type: middleware
+    cmii.app: redis
+    app.kubernetes.io/component: master
+---
+# Source: outside-deploy/charts/redis-db/templates/replicas/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-redis-replicas
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: redis-db
+    octopus.control: redis-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+    app.kubernetes.io/component: replica
+spec:
+  type: ClusterIP
+  ports:
+    - name: tcp-redis
+      port: 6379
+      targetPort: redis
+      nodePort: null
+  selector:
+    app.kubernetes.io/name: redis-db
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/component: replica
+---
+# Source: outside-deploy/charts/redis-db/templates/master/statefulset.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: helm-redis-master
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: redis-db
+    octopus.control: redis-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+    cmii.type: middleware
+    cmii.app: redis
+    app.kubernetes.io/component: master
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: redis-db
+      app.kubernetes.io/release: cq-uas-260427
+      cmii.type: middleware
+      cmii.app: redis
+      app.kubernetes.io/component: master
+  serviceName: helm-redis-headless
+  updateStrategy:
+    rollingUpdate: {}
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: redis-db
+        octopus.control: redis-db-wdd
+        app.kubernetes.io/release: cq-uas-260427
+        app.kubernetes.io/managed-by: octopus
+        cmii.type: middleware
+        cmii.app: redis
+        app.kubernetes.io/component: master
+      annotations:
+        checksum/configmap: b64aa5db67e6e63811f3c1095b9fce34d83c86a471fccdda0e48eedb53a179b0
+        checksum/health: 6e0a6330e5ac63e565ae92af1444527d72d8897f91266f333555b3d323570623
+        checksum/scripts: b88df93710b7c42a76006e20218f05c6e500e6cc2affd4bb1985832f03166e98
+        checksum/secret: 43f1b0e20f9cb2de936bd182bc3683b720fc3cf4f4e76cb23c06a52398a50e8d
+    spec:
+      affinity: {}
+      securityContext:
+        fsGroup: 1001
+      serviceAccountName: helm-redis
+      imagePullSecrets:
+        - name: harborsecret
+      terminationGracePeriodSeconds: 30
+      containers:
+        - name: redis
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/redis:6.2.14-debian-11-r19
+          imagePullPolicy: "Always"
+          securityContext:
+            runAsUser: 1001
+          command:
+            - /bin/bash
+          args:
+            - -c
+            - /opt/bitnami/scripts/start-scripts/start-master.sh
+          env:
+            - name: BITNAMI_DEBUG
+              value: "false"
+            - name: REDIS_REPLICATION_MODE
+              value: master
+            - name: ALLOW_EMPTY_PASSWORD
+              value: "no"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: helm-redis
+                  key: redis-password
+            - name: REDIS_TLS_ENABLED
+              value: "no"
+            - name: REDIS_PORT
+              value: "6379"
+          ports:
+            - name: redis
+              containerPort: 6379
+          livenessProbe:
+            initialDelaySeconds: 20
+            periodSeconds: 5
+            # One second longer than command timeout should prevent generation of zombie processes.
+            timeoutSeconds: 6
+            successThreshold: 1
+            failureThreshold: 5
+            exec:
+              command:
+                - sh
+                - -c
+                - /health/ping_liveness_local.sh 5
+          readinessProbe:
+            initialDelaySeconds: 20
+            periodSeconds: 5
+            timeoutSeconds: 2
+            successThreshold: 1
+            failureThreshold: 5
+            exec:
+              command:
+                - sh
+                - -c
+                - /health/ping_readiness_local.sh 1
+          resources:
+            limits:
+              cpu: "2"
+              memory: 8Gi
+            requests:
+              cpu: "2"
+              memory: 8Gi
+          volumeMounts:
+            - name: start-scripts
+              mountPath: /opt/bitnami/scripts/start-scripts
+            - name: health
+              mountPath: /health
+            - name: redis-data
+              mountPath: /data
+              subPath: 
+            - name: config
+              mountPath: /opt/bitnami/redis/mounted-etc
+            - name: redis-tmp-conf
+              mountPath: /opt/bitnami/redis/etc/
+            - name: tmp
+              mountPath: /tmp
+      volumes:
+        - name: start-scripts
+          configMap:
+            name: helm-redis-scripts
+            defaultMode: 0755
+        - name: health
+          configMap:
+            name: helm-redis-health
+            defaultMode: 0755
+        - name: config
+          configMap:
+            name: helm-redis-configuration
+        - name: redis-tmp-conf
+          emptyDir: {}
+        - name: tmp
+          emptyDir: {}
+        - name: redis-data
+          emptyDir: {}
+---
+# Source: outside-deploy/charts/redis-db/templates/replicas/statefulset.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: helm-redis-replicas
+  namespace: cq-uas-260427
+  labels:
+    app.kubernetes.io/name: redis-db
+    octopus.control: redis-db-wdd
+    app.kubernetes.io/release: cq-uas-260427
+    app.kubernetes.io/managed-by: octopus
+    app.kubernetes.io/component: replica
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: redis-db
+      app.kubernetes.io/release: cq-uas-260427
+      app.kubernetes.io/component: replica
+  serviceName: helm-redis-headless
+  updateStrategy:
+    rollingUpdate: {}
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: redis-db
+        octopus.control: redis-db-wdd
+        app.kubernetes.io/release: cq-uas-260427
+        app.kubernetes.io/managed-by: octopus
+        app.kubernetes.io/component: replica
+      annotations:
+        checksum/configmap: b64aa5db67e6e63811f3c1095b9fce34d83c86a471fccdda0e48eedb53a179b0
+        checksum/health: 6e0a6330e5ac63e565ae92af1444527d72d8897f91266f333555b3d323570623
+        checksum/scripts: b88df93710b7c42a76006e20218f05c6e500e6cc2affd4bb1985832f03166e98
+        checksum/secret: 43f1b0e20f9cb2de936bd182bc3683b720fc3cf4f4e76cb23c06a52398a50e8d
+    spec:
+      imagePullSecrets:
+        - name: harborsecret
+      securityContext:
+        fsGroup: 1001
+      serviceAccountName: helm-redis
+      terminationGracePeriodSeconds: 30
+      containers:
+        - name: redis
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/redis:6.2.14-debian-11-r19
+          imagePullPolicy: "Always"
+          securityContext:
+            runAsUser: 1001
+          command:
+            - /bin/bash
+          args:
+            - -c
+            - /opt/bitnami/scripts/start-scripts/start-replica.sh
+          env:
+            - name: BITNAMI_DEBUG
+              value: "false"
+            - name: REDIS_REPLICATION_MODE
+              value: slave
+            - name: REDIS_MASTER_HOST
+              value: helm-redis-master-0.helm-redis-headless.cq-uas-260427.svc.cluster.local
+            - name: REDIS_MASTER_PORT_NUMBER
+              value: "6379"
+            - name: ALLOW_EMPTY_PASSWORD
+              value: "no"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: helm-redis
+                  key: redis-password
+            - name: REDIS_MASTER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: helm-redis
+                  key: redis-password
+            - name: REDIS_TLS_ENABLED
+              value: "no"
+            - name: REDIS_PORT
+              value: "6379"
+          ports:
+            - name: redis
+              containerPort: 6379
+          livenessProbe:
+            initialDelaySeconds: 20
+            periodSeconds: 5
+            timeoutSeconds: 6
+            successThreshold: 1
+            failureThreshold: 5
+            exec:
+              command:
+                - sh
+                - -c
+                - /health/ping_liveness_local_and_master.sh 5
+          readinessProbe:
+            initialDelaySeconds: 20
+            periodSeconds: 5
+            timeoutSeconds: 2
+            successThreshold: 1
+            failureThreshold: 5
+            exec:
+              command:
+                - sh
+                - -c
+                - /health/ping_readiness_local_and_master.sh 1
+          resources:
+            limits:
+              cpu: "2"
+              memory: 8Gi
+            requests:
+              cpu: "2"
+              memory: 8Gi
+          volumeMounts:
+            - name: start-scripts
+              mountPath: /opt/bitnami/scripts/start-scripts
+            - name: health
+              mountPath: /health
+            - name: redis-data
+              mountPath: /data
+              subPath: 
+            - name: config
+              mountPath: /opt/bitnami/redis/mounted-etc
+            - name: redis-tmp-conf
+              mountPath: /opt/bitnami/redis/etc
+      volumes:
+        - name: start-scripts
+          configMap:
+            name: helm-redis-scripts
+            defaultMode: 0755
+        - name: health
+          configMap:
+            name: helm-redis-health
+            defaultMode: 0755
+        - name: config
+          configMap:
+            name: helm-redis-configuration
+        - name: redis-tmp-conf
+          emptyDir: {}
+        - name: redis-data
+          emptyDir: {}
+
--- a/83-202604-重庆二级监管/k8s-app/k8s-srs.yaml
+++ b/83-202604-重庆二级监管/k8s-app/k8s-srs.yaml
@@ -0,0 +1,496 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: helm-live-srs-cm
+  namespace: cq-uas-260427
+  labels:
+    cmii.app: live-srs
+    cmii.type: live
+    octopus.control: wdd
+    app.kubernetes.io/managed-by: octopus
+    helm.sh/chart: cmlc-live-srs-rtc-2.0.0
+data:
+  srs.rtc.conf: |-
+    listen              31935;
+    max_connections     4096;
+    srs_log_tank        console;
+    srs_log_level       info;
+    srs_log_file        /home/srs.log;
+    daemon              off;
+    http_api {
+        enabled         on;
+        listen          1985;
+        crossdomain     on;
+    }
+    stats {
+        network         0;
+    }
+    http_server {
+        enabled         on;
+        listen          8080;
+        dir             /home/hls;
+    }
+    srt_server {
+        enabled         on;
+        listen          30556;
+        maxbw           1000000000;
+        connect_timeout 4000;
+        peerlatency     600;
+        recvlatency     600;
+    }
+    rtc_server {
+        enabled         on;
+        listen          30090;
+        candidate       $CANDIDATE;
+    }
+    vhost __defaultVhost__ {
+        http_hooks {
+            enabled       on;
+            on_publish    http://helm-live-op-svc-v2:8080/hooks/on_push;
+        }
+        http_remux {
+            enabled     on;
+        }
+        rtc {
+            enabled     on;
+            rtmp_to_rtc on;
+            rtc_to_rtmp on;
+            keep_bframe off;
+        }
+        tcp_nodelay     on;
+        min_latency     on;
+        play {
+            gop_cache       off;
+            mw_latency      100;
+            mw_msgs         10;
+        }
+        publish {
+            firstpkt_timeout    8000;
+            normal_timeout      4000;
+            mr on;
+        }
+        dvr {
+            enabled         off;
+            dvr_path        /home/dvr/[app]/[stream]/[2006][01]/[timestamp].mp4;
+            dvr_plan        session;
+        }
+        hls {
+            enabled          on;
+            hls_path         /home/hls;
+            hls_fragment     10;
+            hls_window       60;
+            hls_m3u8_file    [app]/[stream].m3u8;
+            hls_ts_file      [app]/[stream]/[2006][01][02]/[timestamp]-[duration].ts;
+            hls_cleanup      on;
+            hls_entry_prefix http://36.133.115.174:8088;
+        }
+    }
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: helm-live-srs-svc-exporter
+  namespace: cq-uas-260427
+  labels:
+    octopus.control: wdd
+    app.kubernetes.io/managed-by: octopus
+spec:
+  ports:
+    - name: rtmp
+      protocol: TCP
+      port: 31935
+      targetPort: 31935
+      nodePort: 31935
+    - name: rtc
+      protocol: UDP
+      port: 30090
+      targetPort: 30090
+      nodePort: 30090
+    - name: rtc-tcp
+      protocol: TCP
+      port: 30090
+      targetPort: 30090
+      nodePort: 30090
+    - name: srt
+      protocol: UDP
+      port: 30556
+      targetPort: 30556
+      nodePort: 30556
+    - name: api
+      protocol: TCP
+      port: 1985
+      targetPort: 1985
+      nodePort: 30080
+  selector:
+    srs-role: rtc
+  type: NodePort
+  sessionAffinity: None
+  externalTrafficPolicy: Cluster
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: helm-live-srs-svc
+  namespace: cq-uas-260427
+  labels:
+    octopus.control: wdd
+    app.kubernetes.io/managed-by: octopus
+spec:
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8080
+      targetPort: 8080
+    - name: api
+      protocol: TCP
+      port: 1985
+      targetPort: 1985
+  selector:
+    srs-role: rtc
+  type: ClusterIP
+  sessionAffinity: None
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: helm-live-srsrtc-svc
+  namespace: cq-uas-260427
+  labels:
+    octopus.control: wdd
+    app.kubernetes.io/managed-by: octopus
+spec:
+  ports:
+    - name: rtmp
+      protocol: TCP
+      port: 31935
+      targetPort: 31935
+  selector:
+    srs-role: rtc
+  type: ClusterIP
+  sessionAffinity: None
+
+---
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: helm-live-srs-rtc
+  namespace: cq-uas-260427
+  labels:
+    octopus.control: wdd
+    app.kubernetes.io/managed-by: octopus
+    cmii.app: live-srs
+    cmii.type: live
+    helm.sh/chart: cmlc-live-srs-rtc-2.0.0
+    srs-role: rtc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      srs-role: rtc
+  template:
+    metadata:
+      labels:
+        srs-role: rtc
+    spec:
+      volumes:
+        - name: srs-conf-file
+          configMap:
+            name: helm-live-srs-cm
+            items:
+              - key: srs.rtc.conf
+                path: docker.conf
+            defaultMode: 420
+        - name: srs-vol
+          emptyDir:
+            sizeLimit: 8Gi
+      containers:
+        - name: srs-rtc
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/srs:v5.0.195
+          ports:
+            - name: srs-rtmp
+              containerPort: 31935
+              protocol: TCP
+            - name: srs-api
+              containerPort: 1985
+              protocol: TCP
+            - name: srs-flv
+              containerPort: 8080
+              protocol: TCP
+            - name: srs-webrtc
+              containerPort: 30090
+              protocol: UDP
+            - name: srs-webrtc-tcp
+              containerPort: 30090
+              protocol: TCP
+            - name: srs-srt
+              containerPort: 30556
+              protocol: UDP
+          env:
+            - name: CANDIDATE
+              value: 36.133.115.174
+          resources:
+            limits:
+              cpu: 2000m
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+          volumeMounts:
+            - name: srs-conf-file
+              mountPath: /usr/local/srs/conf/docker.conf
+              subPath: docker.conf
+            - name: srs-vol
+              mountPath: /home/dvr
+              subPath: cq-uas-260427/helm-live/dvr
+            - name: srs-vol
+              mountPath: /home/hls
+              subPath: cq-uas-260427/helm-live/hls
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: Always
+        - name: oss-adaptor
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-srs-oss-adaptor:2023-SA-skip-CHL
+          env:
+            - name: OSS_ENDPOINT
+              value: 'http://helm-minio:9000'
+            - name: OSS_AK
+              value: cmii
+            - name: OSS_SK
+              value: 'B#923fC7mk'
+            - name: OSS_BUCKET
+              value: live-cluster-hls
+            - name: SRS_OP
+              value: 'http://helm-live-op-svc-v2:8080'
+            - name: MYSQL_ENDPOINT
+              value: 'helm-mysql:3306'
+            - name: MYSQL_USERNAME
+              value: k8s_admin
+            - name: MYSQL_PASSWORD
+              value: fP#UaH6qQ3)8
+            - name: MYSQL_DATABASE
+              value: cmii_live_srs_op
+            - name: MYSQL_TABLE
+              value: live_segment
+            - name: LOG_LEVEL
+              value: info
+            - name: OSS_META
+              value: 'yes'
+          resources:
+            limits:
+              cpu: 2000m
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+          volumeMounts:
+            - name: srs-vol
+              mountPath: /cmii/share/hls
+              subPath: cq-uas-260427/helm-live/hls
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: Always
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      imagePullSecrets:
+        - name: harborsecret
+      affinity: {}
+      schedulerName: default-scheduler
+  serviceName: helm-live-srsrtc-svc
+  podManagementPolicy: OrderedReady
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      partition: 0
+  revisionHistoryLimit: 10
+---
+# live-srs部分
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: helm-live-op-v2
+  namespace: cq-uas-260427
+  labels:
+    octopus.control: wdd
+    app.kubernetes.io/managed-by: octopus
+    cmii.app: live-engine
+    cmii.type: live
+    helm.sh/chart: cmlc-live-live-op-2.0.0
+    live-role: op-v2
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      live-role: op-v2
+  template:
+    metadata:
+      labels:
+        live-role: op-v2
+    spec:
+      volumes:
+        - name: srs-conf-file
+          configMap:
+            name: helm-live-op-cm-v2
+            items:
+              - key: live.op.conf
+                path: bootstrap.yaml
+            defaultMode: 420
+      containers:
+        - name: helm-live-op-v2
+          image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-live-operator:5.2.0
+          ports:
+            - name: operator
+              containerPort: 8080
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 4800m
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+          volumeMounts:
+            - name: srs-conf-file
+              mountPath: /cmii/bootstrap.yaml
+              subPath: bootstrap.yaml
+          livenessProbe:
+            httpGet:
+              path: /cmii/health
+              port: 8080
+              scheme: HTTP
+            initialDelaySeconds: 60
+            timeoutSeconds: 5
+            periodSeconds: 20
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /cmii/health
+              port: 8080
+              scheme: HTTP
+            initialDelaySeconds: 60
+            timeoutSeconds: 5
+            periodSeconds: 20
+            successThreshold: 1
+            failureThreshold: 3
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: Always
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      imagePullSecrets:
+        - name: harborsecret
+      affinity: {}
+      schedulerName: default-scheduler
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 25%
+      maxSurge: 25%
+  revisionHistoryLimit: 10
+  progressDeadlineSeconds: 600
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: helm-live-op-svc-v2
+  namespace: cq-uas-260427
+  labels:
+    octopus.control: wdd
+    app.kubernetes.io/managed-by: octopus
+spec:
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+      nodePort: 30333
+  selector:
+    live-role: op-v2
+  type: NodePort
+  sessionAffinity: None
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: helm-live-op-svc
+  namespace: cq-uas-260427
+  labels:
+    octopus.control: wdd
+    app.kubernetes.io/managed-by: octopus
+spec:
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+  selector:
+    live-role: op
+  type: ClusterIP
+  sessionAffinity: None
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: helm-live-op-cm-v2
+  namespace: cq-uas-260427
+  labels:
+    octopus.control: wdd
+    app.kubernetes.io/managed-by: octopus
+    cmii.app: live-engine
+    cmii.type: live
+data:
+  live.op.conf: |-
+    server:
+      port: 8080
+    spring:
+      main:
+        allow-bean-definition-overriding: true
+        allow-circular-references: true
+      application:
+        name: cmii-live-operator
+      platform:
+        info:
+          name: cmii-live-operator
+          description: cmii-live-operator
+          version: 2.3
+          scanPackage: com.cmii.live.op
+      cloud:
+        nacos:
+          config:
+            username: nacos
+            password: KingKong@95461234
+            server-addr: helm-nacos:8848
+            extension-configs:
+              - data-id: cmii-live-operator.yml
+                group: 2.3
+                refresh: true
+            shared-configs:
+              - data-id: cmii-backend-system.yml
+                group: 2.3
+                refresh: true
+          discovery:
+            enabled: false
+
+    live:
+      engine:
+        type: srs
+        endpoint:  'http://helm-live-srs-svc:1985'
+      proto:
+        rtmp: 'rtmp://36.133.115.174:31935'
+        rtsp: 'rtsp://36.133.115.174:30554'
+        srt: 'srt://36.133.115.174:30556'
+        flv: 'http://36.133.115.174:30500'
+        hls: 'http://36.133.115.174:30500'
+        rtc: 'webrtc://36.133.115.174:30080'
+        replay: 'https://36.133.115.174:30333'
+      minio:
+        endpoint: http://helm-minio:9000
+        access-key: cmii
+        secret-key: B#923fC7mk
+        bucket: live-cluster-hls
--- a/83-202604-重庆二级监管/nginx-proxy-260429.conf
+++ b/83-202604-重庆二级监管/nginx-proxy-260429.conf
@@ -0,0 +1,304 @@
+server
+{
+
+	listen 8888;
+	server_name localhost;
+
+	location /lite/
+	{
+
+		rewrite ^/lite/(.*) /$1 break;
+		proxy_pass http://192.168.9.11:30416;
+		client_max_body_size 5120m;
+		client_body_buffer_size 5120m;
+		client_body_timeout 6000s;
+		proxy_send_timeout 10000s;
+		proxy_read_timeout 10000s;
+		proxy_connect_timeout 600s;
+		proxy_max_temp_file_size 5120m;
+		proxy_request_buffering on;
+		proxy_buffering off;
+		proxy_buffer_size 4k;
+		proxy_buffers 4 12k;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+
+	location /center/ws
+	{
+
+		proxy_pass http://192.168.9.11:31086/mqtt;
+		proxy_http_version 1.1;
+		proxy_set_header Sec-WebSocket-Protocol mqtt;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "Upgrade";
+		proxy_set_header X-real-ip $remote_addr;
+		proxy_set_header X-Forwarded-For $remote_addr;
+	}
+
+	location /converge/
+	{
+		rewrite ^/converge/(.*) /$1 break;
+		proxy_pass http://192.168.9.11:31338/;
+		client_max_body_size 5120m;
+		client_body_buffer_size 5120m;
+		client_body_timeout 6000s;
+		proxy_send_timeout 10000s;
+		proxy_read_timeout 10000s;
+		proxy_connect_timeout 600s;
+		proxy_max_temp_file_size 5120m;
+		proxy_request_buffering on;
+		proxy_buffering off;
+		proxy_buffer_size 4k;
+		proxy_buffers 4 12k;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+
+	#高德内网代理
+	location /_AMapService/
+	{
+		proxy_pass https://restapi.amap.com/;
+	}
+
+	location /center/storage/
+	{
+
+		proxy_pass http://192.168.9.11:31899/storage/;
+	}
+
+	location /pangu/
+	{
+
+		rewrite ^/pangu/(.*) /$1 break;
+		proxy_pass http://192.168.9.11:30110;
+		client_max_body_size 5120m;
+		client_body_buffer_size 5120m;
+		client_body_timeout 6000s;
+		proxy_send_timeout 10000s;
+		proxy_read_timeout 10000s;
+		proxy_connect_timeout 600s;
+		proxy_max_temp_file_size 5120m;
+		proxy_request_buffering on;
+		proxy_buffering off;
+		proxy_buffer_size 4k;
+		proxy_buffers 4 12k;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+
+	location /oms/
+	{
+
+		rewrite ^/oms/(.*) /$1 break;
+		proxy_pass http://192.168.9.11:30112;
+		client_max_body_size 5120m;
+		client_body_buffer_size 5120m;
+		client_body_timeout 6000s;
+		proxy_send_timeout 10000s;
+		proxy_read_timeout 10000s;
+		proxy_connect_timeout 600s;
+		proxy_max_temp_file_size 5120m;
+		proxy_request_buffering on;
+		proxy_buffering off;
+		proxy_buffer_size 4k;
+		proxy_buffers 4 12k;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+	location /armypeople
+	{
+
+		rewrite ^/armypeople/(.*) /$1 break;
+		proxy_pass http://192.168.9.11:30111;
+		client_max_body_size 5120m;
+		client_body_buffer_size 5120m;
+		client_body_timeout 6000s;
+		proxy_send_timeout 10000s;
+		proxy_read_timeout 10000s;
+		proxy_connect_timeout 600s;
+		proxy_max_temp_file_size 5120m;
+		proxy_request_buffering on;
+		proxy_buffering off;
+		proxy_buffer_size 4k;
+		proxy_buffers 4 12k;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+
+	location /share
+	{
+		rewrite ^/share/(.*) /$1 break;
+		#proxy_pass http://192.168.9.2:30158;
+		proxy_pass http://10.232.3.176:9528;
+		client_max_body_size 5120m;
+		client_body_buffer_size 5120m;
+		client_body_timeout 6000s;
+		proxy_send_timeout 10000s;
+		proxy_read_timeout 10000s;
+		proxy_connect_timeout 600s;
+		proxy_max_temp_file_size 5120m;
+		proxy_request_buffering on;
+		proxy_buffering off;
+		proxy_buffer_size 4k;
+		proxy_buffers 4 12k;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+
+	# 拦截 /api/swagger-resources 开头的请求
+	# 2026年3月19日-安全
+	location ^~ /api/swagger-resources
+	{
+		return 404;
+	}
+
+	location /api/
+	{
+
+		rewrite ^/api/(.*) /$1 break;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_pass http://192.168.9.11:30115;
+	}
+	location /oms/api
+	{
+
+		rewrite ^/oms/api/(.*) /$1 break;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_pass http://192.168.9.11:30116;
+	}
+
+	location /zlm/
+	{
+		add_header Access-Control-Allow-Headers X-Requested-With;
+		add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
+		proxy_pass http://192.168.9.5:30500/zlm/;
+	}
+	location /live/
+	{
+		add_header Access-Control-Allow-Headers X-Requested-With;
+		add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
+		proxy_pass http://192.168.9.5:30500/live/;
+	}
+	location /index/api/webrtc
+	{
+		add_header Access-Control-Allow-Headers X-Requested-With;
+		add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
+		proxy_pass http://192.168.9.5:30500/index/api/webrtc;
+	}
+
+
+	location /ms/
+	{
+
+		rewrite ^/ms/(.*) /$1 break;
+		proxy_pass http://192.168.9.11:30418;
+		client_max_body_size 5120m;
+		client_body_buffer_size 5120m;
+		client_body_timeout 6000s;
+		proxy_send_timeout 10000s;
+		proxy_read_timeout 10000s;
+		proxy_connect_timeout 600s;
+		proxy_max_temp_file_size 5120m;
+		proxy_request_buffering on;
+		proxy_buffering off;
+		proxy_buffer_size 4k;
+		proxy_buffers 4 12k;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+
+	location /uas/
+	{
+
+		rewrite ^/uas/(.*) /$1 break;
+		proxy_pass http://192.168.9.11:31234;
+		client_max_body_size 5120m;
+		client_body_buffer_size 5120m;
+		client_body_timeout 6000s;
+		proxy_send_timeout 10000s;
+		proxy_read_timeout 10000s;
+		proxy_connect_timeout 600s;
+		proxy_max_temp_file_size 5120m;
+		proxy_request_buffering on;
+		proxy_buffering off;
+		proxy_buffer_size 4k;
+		proxy_buffers 4 12k;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+
+    location /uasms/
+	{
+
+		rewrite ^/uasms/(.*) /$1 break;
+		proxy_pass http://192.168.9.11:30749;
+		client_max_body_size 5120m;
+		client_body_buffer_size 5120m;
+		client_body_timeout 6000s;
+		proxy_send_timeout 10000s;
+		proxy_read_timeout 10000s;
+		proxy_connect_timeout 600s;
+		proxy_max_temp_file_size 5120m;
+		proxy_request_buffering on;
+		proxy_buffering off;
+		proxy_buffer_size 4k;
+		proxy_buffers 4 12k;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+
+	location /uas/api
+	{
+
+		rewrite ^/uas/api/(.*) /$1 break;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_pass http://192.168.9.11:31161;
+	}
+
+
+	location ~ ^/\w*/actuator/
+	{
+
+		return 403;
+	}
+}
--- a/83-202604-重庆二级监管/srs-live/live-helper-configmap.yaml
+++ b/83-202604-重庆二级监管/srs-live/live-helper-configmap.yaml
@@ -0,0 +1,24 @@
+---
+# Source: cmii-live-services/templates/live-helper-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-live-helper-config
+  labels:
+    app: live-helper
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+data:
+  config.yaml: |
+    app:
+      port: 7080
+      workers: 4
+      log:
+        level: INFO
+
+      client:
+        zlm: "http://cmii-live-zlm:7088"
+
+      downloader:
+        allow_domains: all
--- a/83-202604-重庆二级监管/srs-live/live-helper-deployment.yaml
+++ b/83-202604-重庆二级监管/srs-live/live-helper-deployment.yaml
@@ -0,0 +1,73 @@
+---
+# Source: cmii-live-services/templates/cmii-live-helper-deployment.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-live-helper
+  labels:
+    app: live-helper
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+spec:
+  type: NodePort
+  ports:
+    - name: http
+      port: 7080
+      targetPort: http
+      nodePort: 31080
+      protocol: TCP
+  selector:
+    app: live-helper
+    release: cmii-live
+---
+# Source: cmii-live-services/templates/cmii-live-helper-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-live-helper
+  labels:
+    app: live-helper
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: live-helper
+      release: cmii-live
+  template:
+    metadata:
+      labels:
+        app: live-helper
+        release: cmii-live
+    spec:
+      containers:
+        - name: live-helper
+          image: "chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-hls-downloader:v2.7.4"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 7080
+              protocol: TCP
+          env:
+            - name: ALLOW_DOWNLOAD
+              value: "all"
+          volumeMounts:
+            - name: config
+              mountPath: /cmii/live-helper/config.yaml
+              subPath: config.yaml
+          resources:
+            limits:
+              cpu: "1"
+              memory: 1Gi
+            requests:
+              cpu: 500m
+              memory: 512Mi
+      volumes:
+        - name: config
+          configMap:
+            name: cmii-live-live-helper-config
+      imagePullSecrets:
+        - name: harborsecret
--- a/83-202604-重庆二级监管/srs-live/live-op-configmap.yaml
+++ b/83-202604-重庆二级监管/srs-live/live-op-configmap.yaml
@@ -0,0 +1,88 @@
+---
+# Source: cmii-live-services/templates/live-op-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-live-op-config
+  labels:
+    app: live-op
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+data:
+  application.yaml: |
+    debug: false
+    server:
+      port: 7086
+
+    spring:
+      web:
+        resources:
+          static-locations: classpath:/static/
+      main:
+        allow-bean-definition-overriding: true
+        allow-circular-references: true
+      application:
+        name: cmii-live-operator
+      thymeleaf:
+        check-template-location: false
+        cache: false
+      platform:
+        info:
+          name: cmii-live-operator
+          description: cmii-live-operator
+          version: 5.8.0
+          scanPackage: com.cmii.live.op
+      jackson:
+        time-zone: GMT+8
+      mvc:
+        pathmatch:
+          matching-strategy: ANT_PATH_MATCHER
+
+      datasource:
+        driver-class-name: com.mysql.cj.jdbc.Driver
+        type: com.alibaba.druid.pool.DruidDataSource
+        url: jdbc:mysql://helm-mysql:3306/cmii_live_operator?characterEncoding=utf8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true
+        username: k8s_admin
+        password: fP#UaH6qQ3)8
+        druid:
+          initial-size: 10
+          min-idle: 5
+          max-active: 20
+          max-wait: 60000
+          time-between-eviction-runs-millis: 60000
+          min-evictable-idle-time-millis: 300000
+          validation-query: SELECT 1
+          test-while-idle: true
+          test-on-borrow: false
+          test-on-return: false
+          use-ping-method: false
+          keep-alive: true
+      redis:
+        host: helm-redis-master
+        port: 6379
+        database: 1
+        password: Mcache@4522
+
+    live:
+      sync:
+        pool:
+          monitor:
+            enabled: false
+            core: 10
+            max: 20
+            queue: 1
+            keepalive: 20
+
+    logging:
+      config: classpath:logback-operator.xml
+      level:
+        root: info
+        com.cmii.live.op.mapper: info
+
+    mybatis-plus:
+      global-config:
+        banner: false
+
+    knife4j:
+      enable: true
--- a/83-202604-重庆二级监管/srs-live/live-op-deployment.yaml
+++ b/83-202604-重庆二级监管/srs-live/live-op-deployment.yaml
@@ -0,0 +1,105 @@
+---
+# Source: cmii-live-services/templates/cmii-live-op-deployment.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-live-op
+  labels:
+    app: live-op
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+spec:
+  type: NodePort
+  ports:
+    - name: http
+      port: 7086
+      targetPort: http
+      nodePort: 31086
+      protocol: TCP
+  selector:
+    app: live-op
+    release: cmii-live
+---
+# Source: cmii-live-services/templates/cmii-live-op-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-live-op
+  labels:
+    app: live-op
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: live-op
+      release: cmii-live
+  template:
+    metadata:
+      labels:
+        app: live-op
+        release: cmii-live
+    spec:
+      containers:
+        - name: live-op
+          image: "chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-live-operator:v5.8.0"
+          imagePullPolicy: Always
+          ports:
+            - name: http
+              containerPort: 7086
+              protocol: TCP
+          env:
+            - name: LIVE_IP_PUBLIC
+              value: "192.168.9.91"
+            - name: LIVE_IP_PRIVATE
+              value: "192.168.9.91"
+            - name: LIVE_OP_PORT_HTTP
+              value: "7086"
+            - name: LIVE_WVP_PORT_HTTP
+              value: "7082"
+            - name: LIVE_ZLM_PORT_HTTP
+              value: "7088"
+            - name: LIVE_ZLM_PORT_HTTPS
+              value: "7089"
+            - name: LIVE_ZLM_PORT_RTMP
+              value: "7935"
+            - name: LIVE_ZLM_PORT_RTSP
+              value: "7554"
+            - name: LIVE_ZLM_PORT_SRT
+              value: "7556"
+            - name: LIVE_ZLM_API_PASSWD
+              value: "035c7GB5cc"
+            - name: OSS_ENDPOINT
+              value: "http://helm-minio:9000"
+            - name: OSS_AK
+              value: "cmii"
+            - name: OSS_SK
+              value: "B#923fC7mk"
+            - name: RABBITMQ_HOST
+              value: "helm-rabbitmq"
+            - name: RABBITMQ_USERNAME
+              value: "admin"
+            - name: RABBITMQ_PASSWORD
+              value: "nYcRN91r._hj"
+            - name: RABBITMQ_PORT
+              value: "5672"
+          volumeMounts:
+            - name: config
+              mountPath: /cmii/application.yaml
+              subPath: application.yaml
+          resources:
+            limits:
+              cpu: "2"
+              memory: 2Gi
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      volumes:
+        - name: config
+          configMap:
+            name: cmii-live-live-op-config
+      imagePullSecrets:
+        - name: harborsecret
--- a/83-202604-重庆二级监管/srs-live/live-proxy-configmap.yaml
+++ b/83-202604-重庆二级监管/srs-live/live-proxy-configmap.yaml
@@ -0,0 +1,105 @@
+---
+# Source: cmii-live-services/templates/live-proxy-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cmii-live-live-proxy-config
+  namespace: cq-uas-260427
+  labels:
+    app: live-proxy
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+data:
+  application.yaml: |
+    server:
+      port: 7081
+
+    live:
+      proxy:
+        ffmpeg:
+          ffmpeg-path: /usr/bin/ffmpeg
+          ffprobe-path: /usr/bin/ffprobe
+          ffplay-path: /usr/bin/ffplay
+          check-win-pid: tasklist /FI "PID eq %s " /FO LIST
+          check-unix-pid: ps -p %s
+          os-name: windows
+        upload:
+          path: /proxy/uploads
+          src-all-size: 4294967296
+          dest-all-size: 4294967296
+        ws:
+          url: "192.168.9.91:37081"
+        minio:
+          endpoint: http://helm-minio:9000
+          access-key: cmii
+          secret-key: B#923fC7mk
+          bucket-name: ilm-detect
+
+    spring:
+      platform:
+        info:
+          name: cmii-live-proxy
+          description: ffmpeg服务小工具
+          version: 1.0.3
+          scanPackage: com.cmii.live.proxy.web.controller
+      profiles:
+        active: local
+      jackson:
+        time-zone: GMT+8
+      mvc:
+        pathmatch:
+          matching-strategy: ANT_PATH_MATCHER
+      thymeleaf:
+        check-template-location: false
+        cache: false
+      servlet:
+        multipart:
+          max-file-size: 1024MB
+          max-request-size: 1024MB
+      datasource:
+        driver-class-name: com.mysql.cj.jdbc.Driver
+        type: com.alibaba.druid.pool.DruidDataSource
+        druid:
+          url: jdbc:mysql://helm-mysql:3306/cmii_live_proxy?characterEncoding=utf8&useSSL=false&serverTimezone=GMT%2B8&allowPublicKeyRetrieval=true
+          username: k8s_admin
+          password: fP#UaH6qQ3)8
+          initial-size: 5
+          min-idle: 5
+          max-active: 20
+          max-wait: 60000
+          time-between-eviction-runs-millis: 60000
+          min-evictable-idle-time-millis: 300000
+          max-evictable-idle-time-millis: 600000
+          validation-query: SELECT 1
+          test-while-idle: true
+          test-on-borrow: false
+          test-on-return: false
+          filters: stat,wall,slf4j
+          connection-properties: connectTimeout=10000;socketTimeout=30000
+      redis:
+        host: helm-redis-master
+        port: 6379
+        password: Mcache@4522
+        database: 3
+        timeout: 10s
+        lettuce:
+          pool:
+            min-idle: 0
+            max-idle: 10
+            max-active: 10
+            max-wait: -1ms
+
+    springdoc:
+      api-docs:
+        enabled: true
+      swagger-ui:
+        enabled: true
+
+    mybatis-plus:
+      global-config:
+        banner: false
+
+    logging:
+      config: classpath:logback-proxy.xml
+      level:
+        com.cmii.live.proxy.web.mapper: info
--- a/83-202604-重庆二级监管/srs-live/live-proxy-deployment.yaml
+++ b/83-202604-重庆二级监管/srs-live/live-proxy-deployment.yaml
@@ -0,0 +1,89 @@
+---
+# Source: cmii-live-services/templates/cmii-live-proxy-deployment.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-live-proxy
+  labels:
+    app: live-proxy
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+spec:
+  type: NodePort
+  ports:
+    - name: http
+      port: 7081
+      targetPort: http
+      nodePort: 31081
+      protocol: TCP
+  selector:
+    app: live-proxy
+    release: cmii-live
+---
+# Source: cmii-live-services/templates/cmii-live-proxy-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-live-proxy
+  labels:
+    app: live-proxy
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: live-proxy
+      release: cmii-live
+  template:
+    metadata:
+      labels:
+        app: live-proxy
+        release: cmii-live
+    spec:
+      containers:
+        - name: live-proxy
+          image: "chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-live-proxy:v1.0.3"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 7081
+              protocol: TCP
+          env:
+            - name: LIVE_IP_PRIVATE
+              value: "192.168.9.91"
+            - name: LIVE_ZLM_PORT_HTTP
+              value: "7088"
+            - name: LIVE_ZLM_PORT_HTTPS
+              value: "7089"
+            - name: LIVE_ZLM_PORT_RTMP
+              value: "7935"
+            - name: LIVE_ZLM_PORT_RTSP
+              value: "7554"
+            - name: LIVE_OP_PORT_HTTP
+              value: "37086"
+          volumeMounts:
+            - name: config
+              mountPath: /proxy/application.yaml
+              subPath: application.yaml
+            - name: shared-data
+              mountPath: /cmii/uploads
+              subPath: uploads
+          resources:
+            limits:
+              cpu: "1"
+              memory: 2Gi
+            requests:
+              cpu: "1"
+              memory: 1Gi
+      volumes:
+        - name: config
+          configMap:
+            name: cmii-live-live-proxy-config
+        - name: shared-data
+          persistentVolumeClaim:
+            claimName: cmii-live-shared-data-pvc
+      imagePullSecrets:
+        - name: harborsecret
--- a/83-202604-重庆二级监管/srs-live/media-suite-deployment.yaml
+++ b/83-202604-重庆二级监管/srs-live/media-suite-deployment.yaml
@@ -0,0 +1,369 @@
+---
+# Source: cmii-live-services/templates/media-suite-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-media-suite
+  labels:
+    app: media-suite
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: media-suite
+      release: cmii-live
+  template:
+    metadata:
+      labels:
+        app: media-suite
+        release: cmii-live
+    spec:
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      # 配置到固定node上
+      nodeSelector:
+        kubernetes.io/hostname: "kcs-cmii-drone-s-n7854"
+      containers:
+        # WVP Container
+        - name: wvp
+          image: "chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/wvp:v2.7.4"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: wvp-http
+              containerPort: 7082
+              hostPort: 7082
+              protocol: TCP
+            - name: wvp-sip
+              containerPort: 7060
+              hostPort: 7060
+              protocol: UDP
+          env:
+            - name: TZ
+              value: "Asia/Shanghai"
+            - name: NODE_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+          volumeMounts:
+            - name: wvp-config
+              mountPath: /home/koisi/wvp.yaml
+              subPath: application.yaml
+          resources:
+            limits:
+              cpu: "2"
+              memory: 4Gi
+            requests:
+              cpu: "1"
+              memory: 2Gi
+        # ZLM Container
+        - name: zlm
+          image: "chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/zlm:v2.7.5"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: zlm-http
+              containerPort: 7088
+              hostPort: 7088
+              protocol: TCP
+            - name: zlm-https
+              containerPort: 7089
+              hostPort: 7089
+              protocol: TCP
+            - name: zlm-rtmp
+              containerPort: 7935
+              hostPort: 7935
+              protocol: TCP
+            - name: zlm-rtsp
+              containerPort: 7554
+              hostPort: 7554
+              protocol: TCP
+            - name: zlm-webrtc-tcp
+              containerPort: 7090
+              hostPort: 7090
+              protocol: TCP
+            - name: zlm-webrtc-udp
+              containerPort: 7090
+              hostPort: 7090
+              protocol: UDP
+            - name: zlm-srt
+              containerPort: 7556
+              hostPort: 7556
+              protocol: TCP
+            - name: zlm-rtp-proxy
+              containerPort: 7100
+              hostPort: 7100
+              protocol: UDP
+            - name: zlm-rtp-7200
+              containerPort: 7200
+              hostPort: 7200
+              protocol: UDP
+            - name: zlm-rtp-7201
+              containerPort: 7201
+              hostPort: 7201
+              protocol: UDP
+            - name: zlm-rtp-7202
+              containerPort: 7202
+              hostPort: 7202
+              protocol: UDP
+            - name: zlm-rtp-7203
+              containerPort: 7203
+              hostPort: 7203
+              protocol: UDP
+            - name: zlm-rtp-7204
+              containerPort: 7204
+              hostPort: 7204
+              protocol: UDP
+            - name: zlm-rtp-7205
+              containerPort: 7205
+              hostPort: 7205
+              protocol: UDP
+            - name: zlm-rtp-7206
+              containerPort: 7206
+              hostPort: 7206
+              protocol: UDP
+            - name: zlm-rtp-7207
+              containerPort: 7207
+              hostPort: 7207
+              protocol: UDP
+            - name: zlm-rtp-7208
+              containerPort: 7208
+              hostPort: 7208
+              protocol: UDP
+            - name: zlm-rtp-7209
+              containerPort: 7209
+              hostPort: 7209
+              protocol: UDP
+            - name: zlm-rtp-7210
+              containerPort: 7210
+              hostPort: 7210
+              protocol: UDP
+            - name: zlm-rtp-7211
+              containerPort: 7211
+              hostPort: 7211
+              protocol: UDP
+            - name: zlm-rtp-7212
+              containerPort: 7212
+              hostPort: 7212
+              protocol: UDP
+            - name: zlm-rtp-7213
+              containerPort: 7213
+              hostPort: 7213
+              protocol: UDP
+            - name: zlm-rtp-7214
+              containerPort: 7214
+              hostPort: 7214
+              protocol: UDP
+            - name: zlm-rtp-7215
+              containerPort: 7215
+              hostPort: 7215
+              protocol: UDP
+            - name: zlm-rtp-7216
+              containerPort: 7216
+              hostPort: 7216
+              protocol: UDP
+            - name: zlm-rtp-7217
+              containerPort: 7217
+              hostPort: 7217
+              protocol: UDP
+            - name: zlm-rtp-7218
+              containerPort: 7218
+              hostPort: 7218
+              protocol: UDP
+            - name: zlm-rtp-7219
+              containerPort: 7219
+              hostPort: 7219
+              protocol: UDP
+            - name: zlm-rtp-7220
+              containerPort: 7220
+              hostPort: 7220
+              protocol: UDP
+            - name: zlm-rtp-7221
+              containerPort: 7221
+              hostPort: 7221
+              protocol: UDP
+            - name: zlm-rtp-7222
+              containerPort: 7222
+              hostPort: 7222
+              protocol: UDP
+            - name: zlm-rtp-7223
+              containerPort: 7223
+              hostPort: 7223
+              protocol: UDP
+            - name: zlm-rtp-7224
+              containerPort: 7224
+              hostPort: 7224
+              protocol: UDP
+            - name: zlm-rtp-7225
+              containerPort: 7225
+              hostPort: 7225
+              protocol: UDP
+            - name: zlm-rtp-7226
+              containerPort: 7226
+              hostPort: 7226
+              protocol: UDP
+            - name: zlm-rtp-7227
+              containerPort: 7227
+              hostPort: 7227
+              protocol: UDP
+            - name: zlm-rtp-7228
+              containerPort: 7228
+              hostPort: 7228
+              protocol: UDP
+            - name: zlm-rtp-7229
+              containerPort: 7229
+              hostPort: 7229
+              protocol: UDP
+            - name: zlm-rtp-7230
+              containerPort: 7230
+              hostPort: 7230
+              protocol: UDP
+            - name: zlm-rtp-7231
+              containerPort: 7231
+              hostPort: 7231
+              protocol: UDP
+            - name: zlm-rtp-7232
+              containerPort: 7232
+              hostPort: 7232
+              protocol: UDP
+            - name: zlm-rtp-7233
+              containerPort: 7233
+              hostPort: 7233
+              protocol: UDP
+            - name: zlm-rtp-7234
+              containerPort: 7234
+              hostPort: 7234
+              protocol: UDP
+            - name: zlm-rtp-7235
+              containerPort: 7235
+              hostPort: 7235
+              protocol: UDP
+            - name: zlm-rtp-7236
+              containerPort: 7236
+              hostPort: 7236
+              protocol: UDP
+            - name: zlm-rtp-7237
+              containerPort: 7237
+              hostPort: 7237
+              protocol: UDP
+            - name: zlm-rtp-7238
+              containerPort: 7238
+              hostPort: 7238
+              protocol: UDP
+            - name: zlm-rtp-7239
+              containerPort: 7239
+              hostPort: 7239
+              protocol: UDP
+            - name: zlm-rtp-7240
+              containerPort: 7240
+              hostPort: 7240
+              protocol: UDP
+            - name: zlm-rtp-7241
+              containerPort: 7241
+              hostPort: 7241
+              protocol: UDP
+            - name: zlm-rtp-7242
+              containerPort: 7242
+              hostPort: 7242
+              protocol: UDP
+            - name: zlm-rtp-7243
+              containerPort: 7243
+              hostPort: 7243
+              protocol: UDP
+            - name: zlm-rtp-7244
+              containerPort: 7244
+              hostPort: 7244
+              protocol: UDP
+            - name: zlm-rtp-7245
+              containerPort: 7245
+              hostPort: 7245
+              protocol: UDP
+            - name: zlm-rtp-7246
+              containerPort: 7246
+              hostPort: 7246
+              protocol: UDP
+            - name: zlm-rtp-7247
+              containerPort: 7247
+              hostPort: 7247
+              protocol: UDP
+            - name: zlm-rtp-7248
+              containerPort: 7248
+              hostPort: 7248
+              protocol: UDP
+            - name: zlm-rtp-7249
+              containerPort: 7249
+              hostPort: 7249
+              protocol: UDP
+            - name: zlm-rtp-7250
+              containerPort: 7250
+              hostPort: 7250
+              protocol: UDP
+          env:
+            - name: TZ
+              value: "Asia/Shanghai"
+            - name: NODE_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+          volumeMounts:
+            - name: zlm-config
+              mountPath: /home/koisi/zlm.ini
+              subPath: zlm.ini
+            - name: shared-data
+              mountPath: /home/koisi/zlm/www/zlm/hls
+              subPath: hls
+          resources:
+            limits:
+              cpu: "2"
+              memory: 4Gi
+            requests:
+              cpu: "2"
+              memory: 2Gi
+        # ZLM-OSS Container
+        - name: zlm-oss
+          image: "chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/zlm-oss-adaptor:v2.7.5"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: zlm-oss-http
+              containerPort: 7084
+              hostPort: 7084
+              protocol: TCP
+          volumeMounts:
+            - name: zlm-oss-config
+              mountPath: /cmii/oss-adaptor/boot/config.yaml
+              subPath: config.yaml
+            - name: shared-data
+              mountPath: /cmii/share/hls
+              subPath: hls
+          resources:
+            limits:
+              cpu: "2"
+              memory: 2Gi
+            requests:
+              cpu: "1"
+              memory: 1Gi
+
+      volumes:
+        - name: wvp-config
+          configMap:
+            name: cmii-live-wvp-config
+        - name: zlm-config
+          configMap:
+            name: cmii-live-zlm-config
+        - name: zlm-oss-config
+          configMap:
+            name: cmii-live-zlm-oss-config
+        - name: shared-data
+          persistentVolumeClaim:
+            claimName: cmii-live-shared-data-pvc
+      imagePullSecrets:
+        - name: harborsecret
--- a/83-202604-重庆二级监管/srs-live/pvc.yaml
+++ b/83-202604-重庆二级监管/srs-live/pvc.yaml
@@ -0,0 +1,19 @@
+---
+# Source: cmii-live-services/templates/pvc.yaml
+# 单个共享 PVC，通过 subPath 区分不同服务的数据
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-shared-data-pvc
+  labels:
+    app: media-suite
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: nfs-prod-distribute
--- a/83-202604-重庆二级监管/srs-live/wvp-configmap.yaml
+++ b/83-202604-重庆二级监管/srs-live/wvp-configmap.yaml
@@ -0,0 +1,98 @@
+---
+# Source: cmii-live-services/templates/wvp-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-wvp-config
+  labels:
+    app: wvp
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+data:
+  application.yaml: |
+    spring:
+      cache:
+        type: redis
+      thymeleaf:
+        cache: false
+      mvc:
+        async:
+          request-timeout: 20000
+      servlet:
+        multipart:
+          max-file-size: 10MB
+          max-request-size: 100MB
+      data:
+        redis:
+          host: helm-redis-master
+          port: 6379
+          database: 2
+          password: Mcache@4522
+          timeout: 10000
+      datasource:
+        type: com.zaxxer.hikari.HikariDataSource
+        driver-class-name: com.mysql.cj.jdbc.Driver
+        url: jdbc:mysql://helm-mysql:3306/wvp?useUnicode=true&characterEncoding=UTF8&rewriteBatchedStatements=true&serverTimezone=PRC&useSSL=false&allowMultiQueries=true&allowPublicKeyRetrieval=true
+        username: k8s_admin
+        password: fP#UaH6qQ3)8
+
+    server:
+      port: 7082
+      ssl:
+        enabled: false
+
+    sip:
+      ip: ${NODE_IP}
+      show-ip: ${NODE_IP}
+      port: 7060
+      domain: 5101000049
+      id: "51010000492000000228"
+      password: 035c7GB5cc
+      register-time-interval: 60
+      ptz-speed: 50
+      keepalliveToOnline: true
+      alarm: true
+      timeout: 1000
+
+    media:
+      id: koisi_gb_228
+      ip: 127.0.0.1
+      http-port: 7088
+      http-ssl-port: 0
+      flv-port: 7088
+      flv-ssl-port: 7089
+      ws-flv-port: 7088
+      ws-flv-ssl-port: 7089
+      rtp-proxy-port: 7088
+      rtmp-port: 7089
+      rtmp-ssl-port: 0
+      rtsp-port: 7554
+      rtsp-ssl-port: 0
+      auto-config: false
+      secret: 035c7GB5cc
+      rtp:
+        enable: true
+        port-range: 7200,7250
+        send-port-range: 30800,30990
+      record-path: /opt/media/bin/www/record/
+      record-day: 7
+      record-assist-port: 0
+
+    user-settings:
+      auto-apply-play: true
+      play-timeout: 30000
+      wait-track: false
+      record-push-live: false
+      record-sip: true
+      stream-on-demand: true
+      interface-authentication: true
+      broadcast-for-platform: TCP-PASSIVE
+      push-stream-after-ack: true
+      send-to-platforms-when-id-lost: true
+      interface-authentication-excludes:
+        - /api/**
+      push-authority: true
+
+    logging:
+      config: classpath:logback-spring.xml
--- a/83-202604-重庆二级监管/srs-live/zlm-configmap.yaml
+++ b/83-202604-重庆二级监管/srs-live/zlm-configmap.yaml
@@ -0,0 +1,213 @@
+---
+# Source: cmii-live-services/templates/zlm-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-zlm-config
+  labels:
+    app: zlm
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+data:
+  zlm.ini: |
+    [api]
+    apiDebug = 0
+    secret = 035c7GB5cc
+    snapRoot = ./www/snap/
+    defaultSnap = ./www/logo.png
+    downloadRoot = ./www
+
+    [ffmpeg]
+    bin = /usr/bin/ffmpeg
+    cmd = %s -re -i %s -c:a aac -strict -2 -ar 44100 -ab 48k -c:v libx264 -f flv %s
+    log = ./ffmpeg/ffmpeg.log
+    restart_sec = 0
+    snap = %s -rtsp_transport tcp -i %s -y -f mjpeg -frames:v 1 %s
+
+    [protocol]
+    modify_stamp = 2
+    enable_audio = 1
+    add_mute_audio = 0
+    auto_close = 0
+    continue_push_ms = 3000
+    paced_sender_ms = 0
+    enable_hls = 1
+    enable_hls_fmp4 = 0
+    enable_rtmp = 1
+    enable_ts = 1
+    enable_fmp4 = 1
+    enable_rtsp = 1
+    enable_mp4 = 0
+    mp4_as_player = 0
+    mp4_max_second = 3600
+    mp4_save_path = ./www
+    hls_save_path = ./www/zlm/hls
+    hls_demand = 0
+    rtsp_demand = 0
+    rtmp_demand = 0
+    ts_demand = 0
+    fmp4_demand = 0
+
+    [general]
+    enableVhost = 0
+    flowThreshold = 1024
+    enable_ffmpeg_log = 0
+    listen_ip = ::
+    maxStreamWaitMS = 0
+    streamNoneReaderDelayMS = 120000
+    resetWhenRePlay = 1
+    mergeWriteMS = 0
+    mediaServerId = koisi_gb_228
+    wait_audio_track_data_ms = 1000
+    wait_track_ready_ms = 8000
+    wait_add_track_ms = 2000
+    unready_frame_cache = 96
+    check_nvidia_dev = 1
+    broadcast_player_count_changed = 0
+
+    [hls]
+    fileBufSize = 65536
+    segDur = 10
+    segNum = 3
+    segDelay = 0
+    segRetain = 5
+    broadcastRecordTs = 1
+    deleteDelaySec = 10
+    segKeep = 0
+    fastRegister = 0
+
+    [hook]
+    enable = 1
+    on_flow_report =
+    on_http_access =
+    # ZLM → Live Operator
+    on_play = http://cmii-live-live-op:7086/hooks/on_play
+    on_publish = http://cmii-live-live-op:7086/hooks/on_push
+    on_stream_changed = http://cmii-live-live-op:7086/hooks/on_stream_changed
+
+    # ZLM → WVP
+    on_stream_none_reader = http://127.0.0.1:7082/index/hook/on_stream_none_reader
+    on_stream_not_found = http://127.0.0.1:7082/index/hook/on_stream_not_found
+    on_rtp_server_timeout = http://127.0.0.1:7082/index/hook/on_rtp_server_timeout
+    on_send_rtp_stopped = http://127.0.0.1:7082/index/hook/on_send_rtp_stopped
+    on_server_started = http://127.0.0.1:7082/index/hook/on_server_started
+    on_server_keepalive = http://127.0.0.1:7082/index/hook/on_server_keepalive
+    on_record_mp4 = http://127.0.0.1:7082/index/hook/on_record_mp4
+
+    on_server_exited =
+    on_rtsp_auth =
+    on_rtsp_realm =
+    on_shell_login =
+    # ZLM → ZLM OSS
+    on_record_ts = http://127.0.0.1:7084/hooks/on_record_ts
+    stream_changed_schemas = rtsp/rtmp/fmp4/ts/hls/hls.fmp4
+    timeoutSec = 30
+    alive_interval = 10.0
+    retry = 1
+    retry_delay = 3.0
+
+    [cluster]
+    origin_url =
+    timeout_sec = 15
+    retry_count = 3
+
+    [http]
+    port = 7088
+    sslport = 7089
+    charSet = utf-8
+    keepAliveSecond = 30
+    maxReqSize = 40960
+    notFound = <html><head><title>404 Not Found</title></head><body><div>404 Not Found</div></body></html>
+    rootPath = ./www
+    sendBufSize = 65536
+    dirMenu = 1
+    virtualPath =
+    forbidCacheSuffix =
+    allow_cross_domains = 1
+    allow_ip_range = ::1,127.0.0.1,172.1.0.0-172.31.255.255,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255
+
+    [multicast]
+    addrMax = 239.255.255.255
+    addrMin = 239.0.0.0
+    udpTTL = 64
+
+    [record]
+    appName = record
+    fileBufSize = 65536
+    sampleMS = 500
+    fastStart = 0
+    fileRepeat = 0
+    enableFmp4 = 0
+
+    [rtmp]
+    port = 7935
+    sslport = 0
+    handshakeSecond = 15
+    keepAliveSecond = 15
+    directProxy = 1
+    enhanced = 0
+
+    [rtp]
+    audioMtuSize = 600
+    videoMtuSize = 1400
+    rtpMaxSize = 10
+    lowLatency = 0
+    h264_stap_a = 1
+
+    [rtp_proxy]
+    port = 7100
+    port_range = 7200-7250
+    dumpDir =
+    timeoutSec = 5
+    h264_pt = 98
+    h265_pt = 99
+    ps_pt = 96
+    opus_pt = 100
+    gop_cache = 1
+    rtp_g711_dur_ms = 100
+    udp_recv_socket_buffer = 4194304
+
+    [rtc]
+    bfilter=0
+    datachannel_echo=0
+    maxRtpCacheMS=5000
+    maxRtpCacheSize=2048
+    externIP = $(NODE_IP)
+    port = 7090
+    tcpPort = 7090
+    timeoutSec = 30
+    rembBitRate = 0
+    preferredCodecA = PCMA,PCMU,opus,mpeg4-generic
+    preferredCodecV = H264,H265,AV1,VP9,VP8
+    start_bitrate = 0
+    max_bitrate = 0
+    min_bitrate = 0
+    maxNackMS = 4000
+    rtpCacheCheckInterval = 96
+    nackMaxSize = 2048
+    nackMaxMS = 3000
+    nackMaxCount = 15
+    nackIntervalRatio = 1.0
+    nackRtpSize = 8
+
+    [srt]
+    port = 7556
+    timeoutSec = 5
+    latencyMul = 4
+    pktBufSize = 8192
+    passPhrase=
+
+    [rtsp]
+    port = 7554
+    sslport = 0
+    authBasic = 0
+    directProxy = 1
+    handshakeSecond = 15
+    keepAliveSecond = 15
+    lowLatency = 1
+    rtpTransportType = -1
+
+    [shell]
+    maxReqSize = 1024
+    port = 0
--- a/83-202604-重庆二级监管/srs-live/zlm-oss-configmap.yaml
+++ b/83-202604-重庆二级监管/srs-live/zlm-oss-configmap.yaml
@@ -0,0 +1,85 @@
+---
+# Source: cmii-live-services/templates/zlm-oss-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cq-uas-260427
+  name: cmii-live-zlm-oss-config
+  labels:
+    app: media-suite
+    chart: cmii-live-services-1.0.0
+    release: cmii-live
+data:
+  config.yaml: |
+    app:
+      env: default
+      listen:
+        host: 0.0.0.0
+        port: 7084
+
+      workers: 4
+      thread_pool: 8
+
+      log:
+        level: INFO
+        onfile_logger_interval: 10
+      backup_on_fails: true
+      skip_on_initializing_seconds: 4
+      skip_hubs: "Hangar, ai-5g-a"
+      file_dir:
+        shared: "/cmii/share/hls"
+        backup: "/cmii/backup"
+      debug:
+        save_all: false
+        save_to: "UASMS"
+      max_duration: 120
+
+      minio:
+        endpoint: "http://helm-minio:9000"
+        access_key: "cmii"
+        secret_key: "B#923fC7mk"
+      mysql:
+        host: helm-mysql
+        port: 3306
+        username: k8s_admin
+        password: fP#UaH6qQ3)8
+      redis:
+        host: helm-redis-master
+        port: 6379
+        database: 1
+        password: Mcache@4522
+      rabbitmq:
+        host: helm-rabbitmq
+        port: 5672
+        username: admin
+        password: nYcRN91r._hj
+
+    platforms:
+      live_op:
+        db_schema: "cmii_live_operator"
+
+      old_cmlc:
+        cloud_live: "cmii-uav-cloud-live"
+        quota: false
+        oss_bucket: "ilm-detect"
+        meta:
+          src_id: "1323096648758464518"
+          user_id: 0
+          company_id: 0
+
+      uasms:
+        scope_prefix: "UASMS"
+        oss_bucket: "ilm-detect"
+        meta:
+          src_id: "1323096648758464523"
+          platform: "REGULATOR"
+          user_id: 0
+
+      lite:
+        scope_prefix: "LITE"
+        oss_bucket: "ilm-detect"
+        routing_key: "sky.live.video"
+        meta:
+          src_id: "1111111112222222222"
+          platform: "LITE"
+          user_id: 0
--- a/83-202604-重庆二级监管/srs-live/替换模板.txt
+++ b/83-202604-重庆二级监管/srs-live/替换模板.txt
@@ -0,0 +1,4 @@
+cq-uas-260427
+chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn
+192.168.9.91
+kcs-cmii-drone-s-n7854
--- a/83-202604-重庆二级监管/srs-live/镜像列表.txt
+++ b/83-202604-重庆二级监管/srs-live/镜像列表.txt
@@ -0,0 +1,10 @@
+harbor.cdcyy.com.cn/cmii/cmlc-live/zlm:v2.7.5
+harbor.cdcyy.com.cn/cmii/cmlc-live/wvp:v2.7.4
+harbor.cdcyy.com.cn/cmii/cmlc-live/cmii-live-operator:v5.8.0
+harbor.cdcyy.com.cn/cmii/cmlc-live/zlm-oss-adaptor:v2.7.5
+harbor.cdcyy.com.cn/cmii/cmlc-live/cmii-hls-downloader:v2.7.4
+harbor.cdcyy.com.cn/cmii/cmlc-live/cmii-live-proxy:v1.0.3
+
+
+
+zlm=v2.7.5=2026-04-29=235.tar.gz
--- a/83-202604-重庆二级监管/镜像-单个推送.sh
+++ b/83-202604-重庆二级监管/镜像-单个推送.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# ============================================================
+# 配置区：修改以下变量
+# ============================================================
+REGISTRY="chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn"            # 登录地址 / 目标仓库域名
+NAMESPACE="cmii"              # 目标命名空间
+USERNAME="cqcmii"      # 仓库登录用户名
+PASSWORD='pL8$kq9@m'     # 仓库登录密码
+# ============================================================
+
+# 参数校验
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 <image>"
+    echo "Example:"
+    echo "  $0 nginx:latest"
+    echo "  $0 harbor.cdcyy.com.cm/cmii/asdad:v1.2"
+    echo "  $0 harbor.cdcyy.com.cm/cmii/cmii-live/asdad:v1.2"
+    exit 1
+fi
+
+SRC_IMAGE="$1"
+
+# ---------- 解析 image name 和 tag ----------
+# 先分离 tag（冒号后面部分）
+if [[ "$SRC_IMAGE" =~ ^(.*):([^:/]+)$ ]]; then
+    repo="${BASH_REMATCH[1]}"
+    tag="${BASH_REMATCH[2]}"
+else
+    repo="$SRC_IMAGE"
+    tag="latest"
+fi
+
+# 只取路径最后一段作为镜像名（去掉任意层级 namespace/domain）
+image_name="${repo##*/}"
+
+DEST_IMAGE="${REGISTRY}/${NAMESPACE}/${image_name}:${tag}"
+# --------------------------------------------
+
+echo ">>> Source : $SRC_IMAGE"
+echo ">>> Target : $DEST_IMAGE"
+echo ""
+
+# 登录
+echo ">>> Logging in to $REGISTRY..."
+echo "$PASSWORD" | docker login "$REGISTRY" -u "$USERNAME" --password-stdin
+
+# Pull
+echo ">>> [pull ] $SRC_IMAGE"
+docker pull "$SRC_IMAGE"
+
+# Tag
+echo ">>> [tag  ] $SRC_IMAGE  →  $DEST_IMAGE"
+docker tag "$SRC_IMAGE" "$DEST_IMAGE"
+
+# Push
+echo ">>> [push ] $DEST_IMAGE"
+docker push "$DEST_IMAGE"
+
+echo ""
+echo ">>> Done: $DEST_IMAGE"
--- a/83-202604-重庆二级监管/镜像-批量推送.sh
+++ b/83-202604-重庆二级监管/镜像-批量推送.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# ============================================================
+# 配置区：修改以下变量
+# ============================================================
+REGISTRY="chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn"            # 登录地址 / 目标仓库域名
+NAMESPACE="cmii"              # 目标命名空间
+USERNAME="cqcmii"      # 仓库登录用户名
+PASSWORD='pL8$kq9@m'     # 仓库登录密码
+INPUT_FILE="uas23-260423.txt"       # 镜像列表文件路径
+# ============================================================
+
+# 登录到私有仓库
+echo ">>> Logging in to $REGISTRY..."
+echo "$PASSWORD" | docker login "$REGISTRY" -u "$USERNAME" --password-stdin
+
+# 逐行处理镜像
+while IFS= read -r line || [ -n "$line" ]; do
+    # 跳过空行和注释行
+    [[ -z "$line" || "$line" == \#* ]] && continue
+
+    # 拆分 repo 和 tag
+    if [[ "$line" =~ (.*):(.*) ]]; then
+        repo="${BASH_REMATCH[1]}"
+        tag="${BASH_REMATCH[2]}"
+    else
+        repo="$line"
+        tag="latest"
+    fi
+
+    # 只保留镜像名最后一段（去掉原有 namespace/domain）
+    image_name="${repo##*/}"
+
+    src_image="${repo}:${tag}"
+    dest_image="${REGISTRY}/${NAMESPACE}/${image_name}:${tag}"
+
+    echo ""
+    echo ">>> [pull ] $src_image"
+    docker pull "$src_image"
+
+    echo ">>> [tag  ] $src_image  →  $dest_image"
+    docker tag "$src_image" "$dest_image"
+
+    echo ">>> [push ] $dest_image"
+    docker push "$dest_image"
+
+done < "$INPUT_FILE"
+
+echo ""
+echo ">>> All done."
--- a/83-202604-重庆二级监管/镜像列表.txt
+++ b/83-202604-重庆二级监管/镜像列表.txt
@@ -0,0 +1,15 @@
+harbor.cdcyy.com.cn/cmii/cmii-uas-gateway:2.3.0-pro-20260226
+harbor.cdcyy.com.cn/cmii/cmii-uas-lifecycle:2.3.0-pro-20260304
+harbor.cdcyy.com.cn/cmii/cmii-uas-perception-live:2.3.0-pro-20260226
+harbor.cdcyy.com.cn/cmii/cmii-uas-datahub:2.3.0-pro-20260311
+harbor.cdcyy.com.cn/cmii/cmii-uav-material-warehouse:2.3.0-pro-20260225
+harbor.cdcyy.com.cn/cmii/cmii-uav-data-center:2.3.0-pro-20260225
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-uasms:2.3.0-pro-20260312
+harbor.cdcyy.com.cn/cmii/cmii-uav-platform-uas:2.3.0-pro-20260312
+harbor.cdcyy.com.cn/cmii/cmii-uas-fusion:2.2.0-112
+bitnamilegacy/redis:7.4.3-debian-12-r0
+bitnamilegacy/mysql:8.1.0-debian-11-r42
+bitnamilegacy/os-shell:12-debian-12-r51
+bitnamilegacy/rabbitmq:3.13.7-debian-12-r5
+harbor.cdcyy.com.cn/cmii/doris.be-ubuntu:2.1.6
+harbor.cdcyy.com.cn/cmii/doris.fe-ubuntu:2.1.6