arm部署文档和文件

Merge pull request '合并arm-build-zw' (#144 ) from arm-build-zw into arm-build
feat: 登出时退出火石平台
--- a/k8s/build-java.sh
+++ b/k8s/build-java.sh
@@ -1,6 +1,6 @@
 #!/bin/bash

 baseDir="/home/somuns/ci4s"
 baseDir="/data/code/manage-platform"


 #判断$1是否为all，如果是，则编译所有模块，否则只编译management-platform模块
--- a/k8s/build-node.sh
+++ b/k8s/build-node.sh
@@ -1,11 +1,9 @@
 #!/bin/bash

 baseDir="/home/somuns/ci4s"
 baseDir="/data/code/manage-platform"
 cd ${baseDir}/react-ui

 npm config set registry https://registry.npmmirror.com/
 npm config set proxy http://172.20.32.253:3128
 npm config set https-proxy http://172.20.32.253:3128

 npm install --force

--- a/k8s/build.sh
+++ b/k8s/build.sh
@@ -38,7 +38,7 @@ if [[ ! " ${valid_services[@]} " =~ " $service " ]]; then
 fi

 # 登录到目标环境
 baseDir="/home/somuns/ci4s"
 baseDir="/data/code/manage-platform"
 cd ${baseDir}

 # 创建目录
@@ -53,8 +53,7 @@ compile_front() {

    # 编译前端
    docker run -v ${baseDir}:${baseDir} \
      -e http_proxy=http://172.20.32.253:3128 -e https_proxy=http://172.20.32.253:3128 \
      172.20.32.187/ci4s/node:16.16.0 ${baseDir}/k8s/build-node.sh
      node:16.16.0 ${baseDir}/k8s/build-node.sh
    if [ $? -ne 0 ]; then
        echo "编译失败，请检查代码！"
        exit 1
@@ -71,9 +70,8 @@ compile_front() {
 compile_java() {
  param=$1
    # 编译java
  docker run -v ${baseDir}:${baseDir} -v /home/maven:/home/maven \
    -e http_proxy=http://172.20.32.253:3128 -e https_proxy=http://172.20.32.253:3128 \
    172.20.32.187/ci4s/build:v3 ${baseDir}/k8s/build-java.sh $param
  docker run -v ${baseDir}:${baseDir} -v /home/maven:/root/.m2/repository \
    maven:3.9 ${baseDir}/k8s/build-java.sh $param
  if [ $? -ne 0 ]; then
      echo "编译失败，请检查代码！"
      exit 1
--- a/k8s/build_and_deploy.sh
+++ b/k8s/build_and_deploy.sh
@@ -4,7 +4,7 @@
 startTime=$(date +%s)

 # 登录到目标环境
 baseDir="/home/somuns/ci4s"
 baseDir="/data/code/manage-platform"
 cd ${baseDir}

 #build
--- a/k8s/deploy.sh
+++ b/k8s/deploy.sh
@@ -51,8 +51,8 @@ else
  exit 1
 fi

 baseDir=/home/somuns/ci4s
 tag=$(date +'%Y%m%d%H%M')
 baseDir=/data/code/manage-platform
 tag=$(date +'%Y%m%d')-arm
 remote_deploy_dir=/home/deploy/manage-platform

 # 构建镜像函数
@@ -125,52 +125,52 @@ build_and_deploy() {
  local yaml_file=$3

  build_image ${dockerfile} ${image}
  prepare_yaml ${yaml_file} ${image}
  deploy_service ${yaml_file}
 #  prepare_yaml ${yaml_file} ${image}
 #  deploy_service ${yaml_file}
 }

 if [ "$service" == "front" ]; then
  build_and_deploy "nginx-dockerfile" "172.20.32.187/ci4s/ci4s-front:${tag}"  "k8s-12front.yaml"
  build_and_deploy "nginx-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-front:${tag}"  "k8s-12front.yaml"
 fi

 # 构建和部署 manage 服务
 if [ "$service" == "manage" ]; then
  build_and_deploy "managent-dockerfile" "172.20.32.187/ci4s/ci4s-managent:${tag}"  "k8s-7management.yaml"
  build_and_deploy "managent-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-managent:${tag}"  "k8s-7management.yaml"
 fi

 if [ "$service" == "auth" ]; then
  #部署认证中心
  build_and_deploy "auth-dockerfile" "172.20.32.187/ci4s/ci4s-auth:${tag}"  "k8s-5auth.yaml"
  build_and_deploy "auth-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-auth:${tag}"  "k8s-5auth.yaml"
 fi

 if [ "$service" == "gateway" ]; then
  #部署网关
  build_and_deploy "gateway-dockerfile" "172.20.32.187/ci4s/ci4s-gateway:${tag}"  "k8s-4gateway.yaml"
  build_and_deploy "gateway-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-gateway:${tag}"  "k8s-4gateway.yaml"
 fi

 if [ "$service" == "system" ]; then
  #部署系统服务
  build_and_deploy "system-dockerfile" "172.20.32.187/ci4s/ci4s-system:${tag}"  "k8s-6system.yaml"
  build_and_deploy "system-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-system:${tag}"  "k8s-6system.yaml"
 fi

 # 构建和部署 front 服务
 if [ "$service" == "manage-front" ]; then
  build_and_deploy "nginx-dockerfile" "172.20.32.187/ci4s/ci4s-front:${tag}"  "k8s-12front.yaml"
  build_and_deploy "managent-dockerfile" "172.20.32.187/ci4s/ci4s-managent:${tag}"  "k8s-7management.yaml"
  build_and_deploy "nginx-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-front:${tag}"  "k8s-12front.yaml"
  build_and_deploy "managent-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-managent:${tag}"  "k8s-7management.yaml"
 fi


 if [ "$service" == "all" ]; then
  #部署前端
  build_and_deploy "nginx-dockerfile" "172.20.32.187/ci4s/ci4s-front:${tag}"  "k8s-12front.yaml"
  build_and_deploy "nginx-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-front:${tag}"  "k8s-12front.yaml"
  #部署管理平台
  build_and_deploy "managent-dockerfile" "172.20.32.187/ci4s/ci4s-managent:${tag}"  "k8s-7management.yaml"
  build_and_deploy "managent-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-managent:${tag}"  "k8s-7management.yaml"
  #部署认证中心
  build_and_deploy "auth-dockerfile" "172.20.32.187/ci4s/ci4s-auth:${tag}"  "k8s-5auth.yaml"
  build_and_deploy "auth-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-auth:${tag}"  "k8s-5auth.yaml"
  #部署网关
  build_and_deploy "gateway-dockerfile" "172.20.32.187/ci4s/ci4s-gateway:${tag}"  "k8s-4gateway.yaml"
  build_and_deploy "gateway-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-gateway:${tag}"  "k8s-4gateway.yaml"
  #部署系统服务
  build_and_deploy "system-dockerfile" "172.20.32.187/ci4s/ci4s-system:${tag}"  "k8s-6system.yaml"
  build_and_deploy "system-dockerfile" "ccr.ccs.tencentyun.com/somunslotus/ci4s-system:${tag}"  "k8s-6system.yaml"
  #部署配置中心
  deploy_nacos "k8s-3nacos.yaml"
 fi
--- a/k8s/dockerfiles/auth-dockerfile
+++ b/k8s/dockerfiles/auth-dockerfile
@@ -1,6 +1,7 @@
 # 基础镜像
 #FROM  openjdk:8-jre
 FROM 172.20.32.187/ci4s/openjdk-dvc:2024829
 FROM  openjdk:8-jre
 #FROM 172.20.32.187/ci4s/openjdk-dvc:2024829

 # author
 MAINTAINER ruoyi

--- a/k8s/dockerfiles/file-dockerfile
+++ b/k8s/dockerfiles/file-dockerfile
@@ -1,6 +1,7 @@
 # 基础镜像
 FROM 172.20.32.187/ci4s/openjdk-dvc:2024829
 #FROM  openjdk:8-jre
 #FROM 172.20.32.187/ci4s/openjdk-dvc:2024829
 FROM  openjdk:8-jre

 # author
 MAINTAINER ruoyi

--- a/k8s/dockerfiles/gateway-dockerfile
+++ b/k8s/dockerfiles/gateway-dockerfile
@@ -1,6 +1,7 @@
 # 基础镜像
 #FROM  openjdk:8-jre
 FROM 172.20.32.187/ci4s/openjdk-dvc:2024829
 FROM  openjdk:8-jre
 #FROM 172.20.32.187/ci4s/openjdk-dvc:2024829

 # author
 MAINTAINER ruoyi

--- a/k8s/dockerfiles/gen-dockerfile
+++ b/k8s/dockerfiles/gen-dockerfile
@@ -1,6 +1,7 @@
 # 基础镜像
 #FROM  openjdk:8-jre
 FROM 172.20.32.187/ci4s/openjdk-dvc:2024829
 FROM  openjdk:8-jre
 #FROM 172.20.32.187/ci4s/openjdk-dvc:2024829

 # author
 MAINTAINER ruoyi

--- a/k8s/dockerfiles/job-dockerfile
+++ b/k8s/dockerfiles/job-dockerfile
@@ -1,6 +1,7 @@
 # 基础镜像
 #FROM  openjdk:8-jre
 FROM 172.20.32.187/ci4s/openjdk-dvc:2024829
 FROM  openjdk:8-jre
 #FROM 172.20.32.187/ci4s/openjdk-dvc:2024829

 # author
 MAINTAINER ruoyi

--- a/k8s/dockerfiles/managent-dockerfile
+++ b/k8s/dockerfiles/managent-dockerfile
@@ -1,6 +1,8 @@
 # 基础镜像
 #FROM  172.20.32.187/ci4s/openjdk:8u162
 FROM 172.20.32.187/ci4s/openjdk-dvc:2024829
 #FROM  openjdk:8-jre
 #FROM 172.20.32.187/ci4s/openjdk-dvc:2024829
 FROM ccr.ccs.tencentyun.com/somunslotus/jdk:20241025-arm

 # author
 MAINTAINER ruoyi

@@ -13,4 +15,4 @@ WORKDIR /home/ruoyi
 # 复制jar文件到路径
 COPY ./jar/management-platform.jar /home/ruoyi/management-platform.jar
 # 启动系统服务
 ENTRYPOINT ["java","-jar","-Djdk.tls.client.protocols=TLSv1.2","management-platform.jar"]
 ENTRYPOINT ["java","-jar","-Djdk.tls.client.protocols=TLSv1.2","-Dfile.encoding=UTF-8","management-platform.jar"]
--- a/k8s/dockerfiles/nginx-dockerfile
+++ b/k8s/dockerfiles/nginx-dockerfile
@@ -1,6 +1,6 @@
 # 基础镜像
 #FROM nginx:latest
 FROM 172.20.32.187/ci4s/nginx:latest
 FROM nginx:latest
 #FROM 172.20.32.187/ci4s/nginx:latest
 # author
 MAINTAINER ruoyi

--- a/k8s/dockerfiles/system-dockerfile
+++ b/k8s/dockerfiles/system-dockerfile
@@ -1,6 +1,7 @@
 # 基础镜像
 #FROM  openjdk:8-jre
 FROM 172.20.32.187/ci4s/openjdk-dvc:2024829
 FROM  openjdk:8-jre
 #FROM 172.20.32.187/ci4s/openjdk-dvc:2024829

 # author
 MAINTAINER ruoyi

--- a/k8s/dockerfiles/visual-dockerfile
+++ b/k8s/dockerfiles/visual-dockerfile
@@ -1,6 +1,7 @@
 # 基础镜像
 #FROM  openjdk:8-jre
 FROM 172.20.32.187/ci4s/openjdk-dvc:2024829
 FROM  openjdk:8-jre
 #FROM 172.20.32.187/ci4s/openjdk-dvc:2024829

 # author
 MAINTAINER ruoyi

--- a/k8s/template-yaml-aim/k8s-10gen.yaml
+++ b/k8s/template-yaml-aim/k8s-10gen.yaml
@@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ci4s-gen-deployment
  namespace: ci4s-test
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ci4s-gen
  template:
    metadata:
      labels:
        app: ci4s-gen
    spec:
      containers:
      - name: ci4s-gen
        image: ${k8s-10gen-image}
        ports:
        - containerPort: 9202

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: ci4s-gen-service
  namespace: ci4s-test
 spec:
  type: NodePort
  ports:
    - port: 9202
      nodePort: 31211
      protocol: TCP
  selector:
    app: ci4s-gen

--- a/k8s/template-yaml-aim/k8s-11visual.yaml
+++ b/k8s/template-yaml-aim/k8s-11visual.yaml
@@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ci4s-visual-deployment
  namespace: ci4s-test
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ci4s-visual
  template:
    metadata:
      labels:
        app: ci4s-visual
    spec:
      containers:
      - name: ci4s-visual
        image: ${k8s-11visual-image}
        ports:
        - containerPort: 9100

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: ci4s-visual-service
  namespace: ci4s-test
 spec:
  type: NodePort
  ports:
    - port: 9100
      nodePort: 31212
      protocol: TCP
  selector:
    app: ci4s-visual

--- a/k8s/template-yaml-aim/k8s-12front.yaml
+++ b/k8s/template-yaml-aim/k8s-12front.yaml
@@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ci4s-front-deployment
  namespace: argo
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ci4s-front
  template:
    metadata:
      labels:
        app: ci4s-front
    spec:
      containers:
      - name: ci4s-front
        image: ccr.ccs.tencentyun.com/somunslotus/ci4s-front:20241024-arm
        ports:
        - containerPort: 8000

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: ci4s-front-service
  namespace: argo
 spec:
  type: NodePort
  ports:
    - port: 8000
      nodePort: 31213
      protocol: TCP
  selector:
    app: ci4s-front

--- a/k8s/template-yaml-aim/k8s-3nacos.yaml
+++ b/k8s/template-yaml-aim/k8s-3nacos.yaml
@@ -0,0 +1,71 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  namespace: argo
  name: nacos-ci4s
  labels:
    app: nacos-ci4s
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: nacos-ci4s
  template:
    metadata:
      labels:
        app: nacos-ci4s
    spec:
      containers:
      - name: nacos-ci4s
        image: nacos/nacos-server:v2.2.0
        env:
        - name: SPRING_DATASOURCE_PLATFORM
          value: mysql
        - name: MODE
          value: standalone
        - name: MYSQL_SERVICE_HOST
          value: mysql.argo.svc
        - name: MYSQL_SERVICE_PORT
          value: "3306"
        - name: MYSQL_SERVICE_DB_NAME
          value: nacos-ci4s-config
        - name: MYSQL_SERVICE_USER
          value: root
        - name: MYSQL_SERVICE_PASSWORD
          value: qazxc123456.
        ports:
        - containerPort: 8848
        - containerPort: 9848
        - containerPort: 9849
      initContainers:
        - name: init-mydb
          image: busybox:1.31
          command: [ 'sh', '-c', 'nc -zv mysql.argo.svc 3306' ]
      restartPolicy: Always

 ---

 apiVersion: v1
 kind: Service
 metadata:
  namespace: argo
  name: nacos-ci4s
  labels:
    app: nacos-ci4s
 spec:
  type: NodePort
  selector:
    app: nacos-ci4s
  ports:
  - port: 8848
    targetPort: 8848
    nodePort: 31203
    name: web
  - port: 9848
    targetPort: 9848
    nodePort: 32203
    name: podsa
  - port: 9849
    targetPort: 9849
    nodePort: 32204
    name: tcp-9849
--- a/k8s/template-yaml-aim/k8s-4gateway.yaml
+++ b/k8s/template-yaml-aim/k8s-4gateway.yaml
@@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ci4s-gateway-deployment
  namespace: argo
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ci4s-gateway
  template:
    metadata:
      labels:
        app: ci4s-gateway
    spec:
      containers:
      - name: ci4s-gateway
        image: ccr.ccs.tencentyun.com/somunslotus/ci4s-gateway:20241024-arm
        ports:
        - containerPort: 8082

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: ci4s-gateway-service
  namespace: argo
 spec:
  type: NodePort
  ports:
    - port: 8082
      nodePort: 31205
      protocol: TCP
  selector:
    app: ci4s-gateway

--- a/k8s/template-yaml-aim/k8s-5auth.yaml
+++ b/k8s/template-yaml-aim/k8s-5auth.yaml
@@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ci4s-auth-deployment
  namespace: argo
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ci4s-auth
  template:
    metadata:
      labels:
        app: ci4s-auth
    spec:
      containers:
      - name: ci4s-auth
        image: ccr.ccs.tencentyun.com/somunslotus/ci4s-auth:20241024-arm
        ports:
        - containerPort: 9200

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: ci4s-auth-service
  namespace: argo
 spec:
  type: NodePort
  ports:
    - port: 9200
      nodePort: 31206
      protocol: TCP
  selector:
    app: ci4s-auth

--- a/k8s/template-yaml-aim/k8s-6system.yaml
+++ b/k8s/template-yaml-aim/k8s-6system.yaml
@@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ci4s-system-deployment
  namespace: argo
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ci4s-system
  template:
    metadata:
      labels:
        app: ci4s-system
    spec:
      containers:
      - name: ci4s-system
        image: ccr.ccs.tencentyun.com/somunslotus/ci4s-system:20241024-arm
        ports:
        - containerPort: 9201

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: ci4s-system-service
  namespace: argo
 spec:
  type: NodePort
  ports:
    - port: 9201
      nodePort: 31207
      protocol: TCP
  selector:
    app: ci4s-system

--- a/k8s/template-yaml-aim/k8s-7management.yaml
+++ b/k8s/template-yaml-aim/k8s-7management.yaml
@@ -0,0 +1,54 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ci4s-management-platform-deployment
  namespace: argo
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ci4s-management-platform
  template:
    metadata:
      labels:
        app: ci4s-management-platform
    spec:
      containers:
      - name: ci4s-management-platform
        image: ccr.ccs.tencentyun.com/somunslotus/ci4s-managent:20241024-arm
        env:
        - name: TZ
          value: Asia/Shanghai
        - name: JAVA_TOOL_OPTIONS
          value: "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=*:5005"
        ports:
        - containerPort: 9213
        volumeMounts:
        - name: resource-volume
          mountPath: /home/resource/
          subPath: mini-model-platform-data
      volumes:
      - name: resource-volume
        hostPath:
          path: /platform-data
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: ci4s-management-platform-service
  namespace: argo
 spec:
  type: NodePort
  ports:
    - name: http
      port: 9213
      nodePort: 31208
      protocol: TCP
    - name: debug
      nodePort: 31219
      port: 5005
      protocol: TCP
      targetPort: 5005
  selector:
    app: ci4s-management-platform

--- a/k8s/template-yaml-aim/k8s-8file.yaml
+++ b/k8s/template-yaml-aim/k8s-8file.yaml
@@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ci4s-file-deployment
  namespace: ci4s-test
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ci4s-file
  template:
    metadata:
      labels:
        app: ci4s-file
    spec:
      containers:
      - name: ci4s-file
        image: ${k8s-8file-image}
        ports:
        - containerPort: 9300

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: ci4s-file-service
  namespace: ci4s-test
 spec:
  type: NodePort
  ports:
    - port: 9300
      nodePort: 31209
      protocol: TCP
  selector:
    app: ci4s-file

--- a/k8s/template-yaml-aim/k8s-9job.yaml
+++ b/k8s/template-yaml-aim/k8s-9job.yaml
@@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: ci4s-job-deployment
  namespace: ci4s-test
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ci4s-job
  template:
    metadata:
      labels:
        app: ci4s-job
    spec:
      containers:
      - name: ci4s-job
        image: ${k8s-9job-image}
        ports:
        - containerPort: 9203

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: ci4s-job-service
  namespace: ci4s-test
 spec:
  type: NodePort
  ports:
    - port: 9203
      nodePort: 31210
      protocol: TCP
  selector:
    app: ci4s-job

--- a/react-ui/src/app.tsx
+++ b/react-ui/src/app.tsx
@@ -23,7 +23,10 @@ import { type GlobalInitialState } from '@/types';
 import { menuItemRender } from '@/utils/menuRender';
 import ErrorBoundary from './components/ErrorBoundary';
 import { needAuth } from './utils';
 import { gotoLoginPage } from './utils/ui';
 import { gotoLoginPage, logoutHuoShi } from './utils/ui';

 // 记录上一次的路由地址
 let fromPathname = '';

 /**
 * @see  https://umijs.org/zh-CN/plugins/plugin-initial-state
@@ -160,16 +163,21 @@ export const layout: RuntimeConfig['layout'] = ({ initialState }) => {
 };

 export const onRouteChange: RuntimeConfig['onRouteChange'] = async (e) => {
  const { location } = e;
  const { location, isFirst } = e;
  const toPathname = location.pathname;
  const menus = getRemoteMenu();
  console.log('onRouteChange', menus);
  if (menus === null && needAuth(location.pathname)) {
  // console.log('onRouteChange', e);
  if (menus === null && needAuth(toPathname)) {
    history.go(0);
  } else if (fromPathname !== toPathname && fromPathname === '/appsDeployment' && !isFirst) {
    logoutHuoShi();
    console.log('logoutHuoShi');
  }
  fromPathname = location.pathname;
 };

 export const patchRoutes: RuntimeConfig['patchRoutes'] = (e) => {
  //console.log('patchRoutes', e);
  console.log('patchRoutes', e);
 };

 export const patchClientRoutes: RuntimeConfig['patchClientRoutes'] = (e) => {
--- a/react-ui/src/components/IFramePage/index.tsx
+++ b/react-ui/src/components/IFramePage/index.tsx
@@ -1,8 +1,10 @@
 import FullScreenFrame from '@/components/FullScreenFrame';
 import KFSpin from '@/components/KFSpin';
 import { getLabelStudioUrl } from '@/services/developmentEnvironment';
 import { generateSign } from '@/utils';
 import { to } from '@/utils/promise';
 import SessionStorage from '@/utils/sessionStorage';
 import { useModel } from '@umijs/max';
 import classNames from 'classnames';
 import { useEffect, useState } from 'react';
 import { createPortal } from 'react-dom';
@@ -15,12 +17,20 @@ export enum IframePageType {
  GitLink = 'GitLink',
 }

 const getRequestAPI = (type: IframePageType): (() => Promise<any>) => {
 const getRequestAPI = (type: IframePageType, loginName: string): (() => Promise<any>) => {
  switch (type) {
    case IframePageType.DatasetAnnotation:
      return getLabelStudioUrl;
    case IframePageType.AppDevelopment:
      return () => Promise.resolve({ code: 200, data: 'http://172.20.32.185:30080/' });
    case IframePageType.AppDevelopment: {
      // return () => Promise.resolve({ code: 200, data: 'http://172.20.32.185:30080/' });
      const sign = generateSign(loginName);

      return () =>
        Promise.resolve({
          code: 200,
          data: `http://10.43.107.27:24078/uap/nudt/sso/login?name=${loginName}&sign=${sign}`,
        });
    }
    case IframePageType.DevEnv:
      return () =>
        Promise.resolve({
@@ -41,6 +51,9 @@ type IframePageProps = {
 function IframePage({ type, className, style }: IframePageProps) {
  const [iframeUrl, setIframeUrl] = useState('');
  const [loading, setLoading] = useState(false);
  const { initialState } = useModel('@@initialState');
  const { currentUser } = initialState || {};

  useEffect(() => {
    requestIframeUrl();
    return () => {
@@ -51,7 +64,7 @@ function IframePage({ type, className, style }: IframePageProps) {
  }, []);
  const requestIframeUrl = async () => {
    setLoading(true);
    const [res] = await to(getRequestAPI(type)());
    const [res] = await to(getRequestAPI(type, currentUser?.userName || '')());
    if (res && res.data) {
      setIframeUrl(res.data);
    } else {
--- a/react-ui/src/pages/Authorize/index.tsx
+++ b/react-ui/src/pages/Authorize/index.tsx
@@ -22,7 +22,6 @@ function Authorize() {
      code,
    };
    const [res] = await to(loginByOauth2Req(params));
    debugger;
    if (res && res.data) {
      const { access_token, expires_in } = res.data;
      setSessionToken(access_token, access_token, expires_in);
--- a/react-ui/src/utils/index.ts
+++ b/react-ui/src/utils/index.ts
@@ -6,6 +6,7 @@

 import { PageEnum } from '@/enums/pagesEnums';
 import G6 from '@antv/g6';
 import CryptoJS from 'crypto-js';

 // 生成 8 位随机数
 export function s8() {
@@ -241,3 +242,24 @@ export const tableSorter = (a: any, b: any) => {
  }
  return 0;
 };

 // 生成火石平台 sign
 export const generateSign = (loginName: string) => {
  // 16-character custom password
  const key = '8c4ddb8cb50ade0e';

  const content = `${loginName}-${Math.floor(Date.now() / 1000)}`;

  // Generate the AES key (16 bytes for AES-128 or 32 bytes for AES-256)
  const byteKey = CryptoJS.enc.Utf8.parse(key);

  // Encrypt the content
  const encrypted = CryptoJS.AES.encrypt(content, byteKey, {
    mode: CryptoJS.mode.ECB,
    padding: CryptoJS.pad.Pkcs7,
  });

  const encryptedHex = encrypted.ciphertext.toString(CryptoJS.enc.Hex);

  return encryptedHex;
 };
--- a/react-ui/src/utils/ui.tsx
+++ b/react-ui/src/utils/ui.tsx
@@ -142,3 +142,14 @@ export const scrollToBottom = (element: HTMLElement | null, smooth: boolean = tr
    element.scrollTo(optons);
  }
 };

 // 退出火石平台
 export const logoutHuoShi = () => {
  const iframe = document.createElement('iframe');
  iframe.style.display = 'none';
  iframe.src = 'http://10.43.107.27:24078/uap/nudt/sso/logout';
  document.body.appendChild(iframe);
  setTimeout(() => {
    document.body.removeChild(iframe);
  }, 2000);
 };
--- a/ruoyi-auth/src/main/resources/bootstrap.yml
+++ b/ruoyi-auth/src/main/resources/bootstrap.yml
@@ -33,9 +33,4 @@ spring:
            refresh: true
          - data-id: ${spring.application.name}-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}
            group: DEFAULT_GROUP
            refresh: true

  redis:
    host: 172.20.32.150
    port: 6379
    password:
            refresh: true
--- a/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/service/impl/GitServiceImpl.java
+++ b/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/service/impl/GitServiceImpl.java
@@ -5,6 +5,7 @@ import com.ruoyi.platform.service.GitService;
 import com.ruoyi.platform.utils.JacksonUtil;
 import com.ruoyi.platform.utils.JsonUtils;
 import com.ruoyi.platform.utils.NewHttpUtils;
 import com.ruoyi.platform.utils.RedisUtil;
 import com.ruoyi.platform.vo.GitProjectVo;
 import com.ruoyi.system.api.model.LoginUser;
 import org.apache.commons.lang3.StringUtils;
@@ -26,14 +27,12 @@ import java.util.Map;
@Service
 public class GitServiceImpl implements GitService {

    @Value("${spring.redis.host}")
    private String redisHost;
    @Value("${spring.redis.port}")
    private Integer redisPort;
    @Value("${git.endpoint}")
    String gitendpoint;
    @Resource
    private NewHttpUtils httpUtils;
    @Resource
    private RedisUtil redisUtil;
    private static final Logger log = LoggerFactory.getLogger(GitServiceImpl.class);

    @Override
@@ -66,7 +65,7 @@ public class GitServiceImpl implements GitService {
            LoginUser loginUser = SecurityUtils.getLoginUser();
            String ci4sUsername = loginUser.getUsername();
            // 将access_token存入Redis
            Jedis jedis = new Jedis(redisHost, redisPort);
            Jedis jedis = redisUtil.getJedis();
            jedis.set(ci4sUsername + "_gitToken", accessToken);
            jedis.set(ci4sUsername + "_gitUserInfo", userReq);
            return accessToken;
@@ -77,7 +76,7 @@ public class GitServiceImpl implements GitService {
    }

    public String checkoutToken() {
        Jedis jedis = new Jedis(redisHost, redisPort);
        Jedis jedis = redisUtil.getJedis();
        LoginUser loginUser = SecurityUtils.getLoginUser();
        String ci4sUsername = loginUser.getUsername();
        String token = jedis.get(ci4sUsername + "_gitToken");
--- a/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/service/impl/ModelsServiceImpl.java
+++ b/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/service/impl/ModelsServiceImpl.java
@@ -98,10 +98,9 @@ public class ModelsServiceImpl implements ModelsService {
    @Resource
    private MinioUtil minioUtil;

    @Value("${spring.redis.host}")
    private String redisHost;
    @Value("${spring.redis.port}")
    private Integer redisPort;
    @Resource
    private RedisUtil redisUtil;

    @Value("${git.endpoint}")
    String gitendpoint;
    @Value("${git.localPath}")
@@ -1273,7 +1272,7 @@ public class ModelsServiceImpl implements ModelsService {
    }

    Map<String, Object> getUserInfo(String ci4sUsername, String gitLinkUsername, String gitLinkPassword) throws IOException {
        Jedis jedis = new Jedis(redisHost, redisPort);
        Jedis jedis = redisUtil.getJedis();
        String userReq = jedis.get(ci4sUsername + "_gitUserInfo");
        if (userReq == null) {
            gitService.login(gitLinkUsername, gitLinkPassword);
--- a/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/service/impl/NewDatasetServiceImpl.java
+++ b/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/service/impl/NewDatasetServiceImpl.java
@@ -51,10 +51,6 @@ public class NewDatasetServiceImpl implements NewDatasetService {
    @Resource
    private GitService gitService;

    @Value("${spring.redis.host}")
    private String redisHost;
    @Value("${spring.redis.port}")
    private Integer redisPort;
    @Value("${minio.accessKey}")
    String accessKeyId;
    @Value("${minio.secretKey}")
@@ -77,10 +73,13 @@ public class NewDatasetServiceImpl implements NewDatasetService {
    @Resource
    private MinioUtil minioUtil;

    @Resource
    private RedisUtil redisUtil;

    @Override
    public String newCreateDataset(NewDatasetVo datasetVo) throws Exception {
        String token = gitService.checkoutToken();
        Jedis jedis = new Jedis(redisHost, redisPort);
        Jedis jedis = redisUtil.getJedis();
        LoginUser loginUser = SecurityUtils.getLoginUser();
        String ci4sUsername = loginUser.getUsername();
        String gitLinkUsername = loginUser.getSysUser().getGitLinkUsername();
@@ -175,7 +174,7 @@ public class NewDatasetServiceImpl implements NewDatasetService {

    public String newCreateVersion(NewDatasetVo datasetVo) throws Exception {
        String token = gitService.checkoutToken();
        Jedis jedis = new Jedis(redisHost, redisPort);
        Jedis jedis = redisUtil.getJedis();
        LoginUser loginUser = SecurityUtils.getLoginUser();
        String ci4sUsername = loginUser.getUsername();
        String gitLinkUsername = loginUser.getSysUser().getGitLinkUsername();
@@ -290,7 +289,7 @@ public class NewDatasetServiceImpl implements NewDatasetService {
    @Override
    public Page<NewDatasetVo> newPersonalQueryByPage(Dataset dataset, PageRequest pageRequest) throws Exception {
        String token = gitService.checkoutToken();
        Jedis jedis = new Jedis(redisHost, redisPort);
        Jedis jedis = redisUtil.getJedis();
        LoginUser loginUser = SecurityUtils.getLoginUser();
        String ci4sUsername = loginUser.getUsername();
        String userReq = jedis.get(ci4sUsername + "_gitUserInfo");
@@ -315,7 +314,7 @@ public class NewDatasetServiceImpl implements NewDatasetService {
    @Override
    public Page<NewDatasetVo> newPubilcQueryByPage(Dataset dataset, PageRequest pageRequest) throws Exception {
        String token = gitService.checkoutToken();
        Jedis jedis = new Jedis(redisHost, redisPort);
        Jedis jedis = redisUtil.getJedis();
        LoginUser loginUser = SecurityUtils.getLoginUser();
        String ci4sUsername = loginUser.getUsername();
        String userReq = jedis.get(ci4sUsername + "_gitUserInfo");
--- a/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/utils/K8sClientUtil.java
+++ b/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/utils/K8sClientUtil.java
@@ -4,6 +4,8 @@ import com.alibaba.fastjson2.JSON;
 import com.ruoyi.platform.constant.Constant;
 import com.ruoyi.platform.domain.DevEnvironment;
 import com.ruoyi.platform.mapper.ComputingResourceDao;
 import io.fabric8.kubernetes.api.model.SecurityContext;
 import io.fabric8.kubernetes.api.model.SecurityContextBuilder;
 import io.kubernetes.client.Exec;
 import io.kubernetes.client.custom.IntOrString;
 import io.kubernetes.client.custom.Quantity;
@@ -12,7 +14,9 @@ import io.kubernetes.client.openapi.ApiException;
 import io.kubernetes.client.openapi.apis.AppsV1Api;
 import io.kubernetes.client.openapi.apis.CoreV1Api;
 import io.kubernetes.client.openapi.models.*;
 import io.kubernetes.client.util.ClientBuilder;
 import io.kubernetes.client.util.Config;
 import io.kubernetes.client.util.credentials.AccessTokenAuthentication;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.StringUtils;
 import org.json.JSONObject;
@@ -356,14 +360,14 @@ public class K8sClientUtil {
                .withPorts(new V1ContainerPort().containerPort(port).protocol("TCP"))
                .withVolumeMounts(new V1VolumeMount().name("workspace").mountPath(mountPath).subPath(subPath))
                .withNewSecurityContext().withNewPrivileged(true).endSecurityContext()
                .addNewEnv()
                .withName("HTTP_PROXY")
                .withValue("http://172.20.32.253:3128")
                .endEnv()
                .addNewEnv()
                .withName("HTTPS_PROXY")
                .withValue("http://172.20.32.253:3128")
                .endEnv()
 //                .addNewEnv()
 //                .withName("HTTP_PROXY")
 //                .withValue("http://172.20.32.253:3128")
 //                .endEnv()
 //                .addNewEnv()
 //                .withName("HTTPS_PROXY")
 //                .withValue("http://172.20.32.253:3128")
 //                .endEnv()
                .addNewEnv()
                .withName("NO_PROXY")
                .withValue("localhost,kubernetes.default.svc")
@@ -493,7 +497,7 @@ public class K8sClientUtil {
                .endContainer()
                .withVolumes(volumes)
                .withNodeSelector(nodeSelector)
                .withAffinity(v1Affinity)
 //                .withAffinity(v1Affinity)
                .endSpec()
                .build();

@@ -625,8 +629,8 @@ public class K8sClientUtil {
    public V1Pod createPodWithEnv(String podName, String namespace, String proxyUrl, String mountPath, String pvcName, String image) {
        CoreV1Api api = new CoreV1Api(apiClient);

        V1SecurityContext v1SecurityContext = new V1SecurityContext();
        v1SecurityContext.setPrivileged(true);
 //        V1SecurityContext v1SecurityContext = new V1SecurityContext();
 //        v1SecurityContext.setPrivileged(true);

        // 配置卷和卷挂载
        List<V1VolumeMount> volumeMounts = new ArrayList<>();
@@ -643,18 +647,18 @@ public class K8sClientUtil {
                .addNewContainer()
                .withName(podName)
                .withImage(image) // 替换为您实际要使用的镜像名称
                .withSecurityContext(v1SecurityContext)
 //                .withSecurityContext(v1SecurityContext)
 //                .withVolumeMounts(new V1VolumeMount().name("workspace").mountPath(mountPath))
                .withVolumeMounts(volumeMounts)
                .withNewSecurityContext().withNewPrivileged(true).endSecurityContext()
                .addNewEnv()
                .withName("HTTP_PROXY")
                .withValue(proxyUrl)
                .endEnv()
                .addNewEnv()
                .withName("HTTPS_PROXY")
                .withValue(proxyUrl)
                .endEnv()
 //                .addNewEnv()
 //                .withName("HTTP_PROXY")
 //                .withValue(proxyUrl)
 //                .endEnv()
 //                .addNewEnv()
 //                .withName("HTTPS_PROXY")
 //                .withValue(proxyUrl)
 //                .endEnv()
                .addNewEnv()
                .withName("NO_PROXY")
                .withValue("localhost,kubernetes.default.svc")
@@ -759,7 +763,7 @@ public class K8sClientUtil {
        }
        limitMap.put("cpu", new Quantity(String.valueOf(cpu)));
        limitMap.put("memory", new Quantity(memory));
        limitMap.put("ephemeral-storage", new Quantity("100Gi"));
        limitMap.put("ephemeral-storage", new Quantity("10Gi"));

        V1ResourceRequirements v1ResourceRequirements = new V1ResourceRequirements();
        v1ResourceRequirements.setRequests(limitMap);
--- a/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/utils/RedisUtil.java
+++ b/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/utils/RedisUtil.java
@@ -0,0 +1,26 @@
 package com.ruoyi.platform.utils;

 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import redis.clients.jedis.Jedis;

@Component
 public class RedisUtil {

    @Value("${spring.redis.host}")
    private String redisHost;
    @Value("${spring.redis.port}")
    private Integer redisPort;
    @Value("${spring.redis.password}")
    private String redisPassword;

    public Jedis getJedis() {
        Jedis jedis = new Jedis(redisHost, redisPort);
        String response = jedis.auth(redisPassword);
        if ("OK".equals(response)) {
            return jedis;
        } else {
            throw new IllegalStateException("redis密码错误");
        }
    }
 }
--- a/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/utils/YamlUtils.java
+++ b/ruoyi-modules/management-platform/src/main/java/com/ruoyi/platform/utils/YamlUtils.java
@@ -30,7 +30,7 @@ public class YamlUtils {
        DumperOptions options = new DumperOptions();
        options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
        options.setDefaultScalarStyle(DumperOptions.ScalarStyle.PLAIN);

        options.setAllowUnicode(true);

        // 创建Yaml实例
        Yaml yaml = new Yaml(options);
@@ -46,8 +46,6 @@ public class YamlUtils {
        String fullPath = path + "/" + fileName + ".yaml";

        try (FileWriter writer = new FileWriter(fullPath)) {
            String dump = yaml.dump(data);

            yaml.dump(data, writer);
        } catch (IOException e) {
            e.printStackTrace();
--- a/部署-arm/argo/argo-3.5.10-huoshi.yaml
+++ b/部署-arm/argo/argo-3.5.10-huoshi.yaml
--- a/部署-arm/argo/arguments-parameters.yaml
+++ b/部署-arm/argo/arguments-parameters.yaml
@@ -0,0 +1,23 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Workflow
 metadata:
  generateName: arguments-parameters-
 spec:
  entrypoint: whalesay
  # Parameters can be passed/overridden via the argo CLI.
  # To override the printed message, run `argo submit` with the -p option:
  # $ argo submit examples/arguments-parameters.yaml -p message="goodbye world"
  arguments:
    parameters:
    - name: message
      value: hello world

  templates:
  - name: whalesay
    inputs:
      parameters:
      - name: message
    container:
      image: ccr.ccs.tencentyun.com/somunslotus/huoshi-ubuntu-nginx:1.18-20.04_beta-arm64
      command: [echo]
      args: ["{{inputs.parameters.message}}"]
--- a/部署-arm/argo/pipeline-convert.yaml
+++ b/部署-arm/argo/pipeline-convert.yaml
@@ -0,0 +1,51 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: pipeline-convert
  namespace: argo
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: pipeline-convert
  template:
    metadata:
      labels:
        app: pipeline-convert
    spec:
      serviceAccountName: default
      containers:
        - name: pipeline-convert
          image: ccr.ccs.tencentyun.com/somunslotus/pipeline-convert:202410241506-arm
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
          volumeMounts:
            - mountPath: /var/log/pipeline-convert
              name: pipeline-convert-log
      volumes:
        - name: pipeline-convert-log
          hostPath:
            path: /work/pipeline-convert/log
            type: DirectoryOrCreate

 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: pipeline-convert-service
  namespace: argo
 spec:
  selector:
    app: pipeline-convert
  type: NodePort
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 31000





--- a/部署-arm/argo/plugin/README.md
+++ b/部署-arm/argo/plugin/README.md
@@ -0,0 +1,15 @@
 <!-- This is an auto-generated file. DO NOT EDIT -->
 # volcano

 * Needs: 
 * Image: 172.20.32.187/pipeline-service/argo-volcano-job-plugin:v1



 Install:

    kubectl apply -f volcano-executor-plugin-configmap.yaml

 Uninstall:
 	
    kubectl delete cm volcano-executor-plugin 
--- a/部署-arm/argo/plugin/aa.json
+++ b/部署-arm/argo/plugin/aa.json
--- a/部署-arm/argo/plugin/demo.yaml
+++ b/部署-arm/argo/plugin/demo.yaml
@@ -0,0 +1,82 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Workflow
 metadata:
  generateName: hello-
 spec:
  automountServiceAccountToken: true
  entrypoint: main
  templates:
    - name: main
      executor:
        serviceAccountName: volcano-executor-plugin
      plugin:
        volcano:
          job:
            apiVersion: batch.volcano.sh/v1alpha1
            kind: Job
            metadata:
              name: "{{workflow.name}}"
              namespace: "{{workflow.namespace}}"
              ownerReferences:
                - apiVersion: argoproj.io/v1alpha1
                  blockOwnerDeletion: true
                  controller: true
                  kind: Workflow
                  name: "{{workflow.name}}"
                  uid: "{{workflow.uid}}"
            spec:
              minAvailable: 3
              schedulerName: volcano
              plugins:
                env: []
                svc: []
              queue: default
              policies:
                - event: PodEvicted
                  action: RestartJob
                - event: TaskCompleted
                  action: CompleteJob
              tasks:
                - replicas: 1
                  name: ps
                  template:
                    spec:
                      containers:
                        - command:
                            - sh
                            - -c
                            - |
                              PS_HOST=`cat /etc/volcano/ps.host | sed 's/$/&:2222/g' | sed 's/^/"/;s/$/"/' | tr "\n" ","`;
                              WORKER_HOST=`cat /etc/volcano/worker.host | sed 's/$/&:2222/g' | sed 's/^/"/;s/$/"/' | tr "\n" ","`;
                              export TF_CONFIG={\"cluster\":{\"ps\":[${PS_HOST}],\"worker\":[${WORKER_HOST}]},\"task\":{\"type\":\"ps\",\"index\":${VK_TASK_INDEX}},\"environment\":\"cloud\"};
                              python /var/tf_dist_mnist/dist_mnist.py
                          image: volcanosh/dist-mnist-tf-example:0.0.1
                          name: tensorflow
                          ports:
                            - containerPort: 2222
                              name: tfjob-port
                          resources: {}
                      restartPolicy: Never
                - replicas: 2
                  name: worker
                  policies:
                    - event: TaskCompleted
                      action: CompleteJob
                  template:
                    spec:
                      containers:
                        - command:
                            - sh
                            - -c
                            - |
                              PS_HOST=`cat /etc/volcano/ps.host | sed 's/$/&:2222/g' | sed 's/^/"/;s/$/"/' | tr "\n" ","`;
                              WORKER_HOST=`cat /etc/volcano/worker.host | sed 's/$/&:2222/g' | sed 's/^/"/;s/$/"/' | tr "\n" ","`;
                              export TF_CONFIG={\"cluster\":{\"ps\":[${PS_HOST}],\"worker\":[${WORKER_HOST}]},\"task\":{\"type\":\"worker\",\"index\":${VK_TASK_INDEX}},\"environment\":\"cloud\"};
                              python /var/tf_dist_mnist/dist_mnist.py
                          image: volcanosh/dist-mnist-tf-example:0.0.1
                          name: tensorflow
                          ports:
                            - containerPort: 2222
                              name: tfjob-port
                          resources: {}
                      restartPolicy: Never
--- a/部署-arm/argo/plugin/images-test.yaml
+++ b/部署-arm/argo/plugin/images-test.yaml
@@ -0,0 +1,11 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: sleep-pod
 spec:
  containers:
  - name: sleep-container
    image: ccr.ccs.tencentyun.com/somunslotus/argo-execturo-plugin:v1-arm
    command: ["sleep", "3600"]
  restartPolicy: Never

--- a/部署-arm/argo/plugin/plugin.tar
+++ b/部署-arm/argo/plugin/plugin.tar
--- a/部署-arm/argo/plugin/plugin.yaml
+++ b/部署-arm/argo/plugin/plugin.yaml
@@ -0,0 +1,25 @@
 apiVersion: argoproj.io/v1alpha1
 kind: ExecutorPlugin
 metadata:
  name: volcano
 spec:
  sidecar:
    container:
      image: 172.20.32.187/pipeline-service/argo-volcano-job-plugin:v1
      name: volcano-executor-plugin
      args:
        - server
        - --port
        - 8080
      ports:
        - containerPort: 8080
      securityContext:
        runAsNonRoot: true
        runAsUser: 65534 # nobody
      resources:
        requests:
          memory: "64Mi"
          cpu: "250m"
        limits:
          memory: "512Mi"
          cpu: "1"
--- a/部署-arm/argo/plugin/rbac/rolebinding.yaml
+++ b/部署-arm/argo/plugin/rbac/rolebinding.yaml
@@ -0,0 +1,38 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: executor-role-bind
  namespace: argo
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: executor-vcjob
 subjects:
  - kind: ServiceAccount
    name: default
    namespace: argo
  - kind: ServiceAccount
    name: volcano-executor-plugin
    namespace: argo 
  - kind: ServiceAccount
    name: argo
    namespace: argo

 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: executor-vcjob
  namespace: argo
  annotations:
    workflows.argoproj.io/description: |
      Recommended minimum permissions for the `docker` executor.
      This executor is superseded by  the `emmisary` executor, so we do not recommend you use it anymore.
 rules:
  - apiGroups:
      - "argoproj.io"
    resources:
      - "*"
    verbs:
      - "*"

--- a/部署-arm/argo/plugin/rbac/rolebinding_default.yaml
+++ b/部署-arm/argo/plugin/rbac/rolebinding_default.yaml
@@ -0,0 +1,34 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: executor-role-bind
  namespace: argo
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: executor-vcjob
 subjects:
  - kind: ServiceAccount
    name: default
    namespace: argo

 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: executor-vcjob
  namespace: argo
  annotations:
    workflows.argoproj.io/description: |
      Recommended minimum permissions for the `docker` executor.
      This executor is superseded by  the `emmisary` executor, so we do not recommend you use it anymore.
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtaskresults
      - workflowtasksets/status
    verbs:
      - create
      - patch

--- a/部署-arm/argo/plugin/rbac/sa.yaml
+++ b/部署-arm/argo/plugin/rbac/sa.yaml
@@ -0,0 +1,6 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: volcano-executor-plugin
  namespace: argo

--- a/部署-arm/argo/plugin/rbac/volcano-rbac.yaml
+++ b/部署-arm/argo/plugin/rbac/volcano-rbac.yaml
@@ -0,0 +1,30 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: volcano-atp
 rules:
  - apiGroups: ["apiextensions.k8s.io"]
    resources: ["customresourcedefinitions"]
    verbs: ["create", "get", "list", "watch", "delete"]
  - apiGroups: ["batch.volcano.sh"]
    resources: ["jobs"]
    verbs: ["create","get", "list", "watch", "update", "delete"]
  - apiGroups: ["batch.volcano.sh"]
    resources: ["jobs/status", "jobs/finalizers"]
    verbs: ["update", "patch"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: atp-volcano
 subjects:
  - kind: ServiceAccount
    name: default
    namespace: argo
  - kind: ServiceAccount
    name: volcano-executor-plugin
    namespace: argo
 roleRef:
  kind: ClusterRole
  name: volcano-atp
  apiGroup: rbac.authorization.k8s.io
--- a/部署-arm/argo/plugin/rbac/volcano-rbac.yaml.default
+++ b/部署-arm/argo/plugin/rbac/volcano-rbac.yaml.default
@@ -0,0 +1,27 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: volcano-atp
 rules:
  - apiGroups: ["apiextensions.k8s.io"]
    resources: ["customresourcedefinitions"]
    verbs: ["create", "get", "list", "watch", "delete"]
  - apiGroups: ["batch.volcano.sh"]
    resources: ["jobs"]
    verbs: ["create","get", "list", "watch", "update", "delete"]
  - apiGroups: ["batch.volcano.sh"]
    resources: ["jobs/status", "jobs/finalizers"]
    verbs: ["update", "patch"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: atp-volcano
 subjects:
  - kind: ServiceAccount
    name: default
    namespace: argo
 roleRef:
  kind: ClusterRole
  name: volcano-atp
  apiGroup: rbac.authorization.k8s.io
--- a/部署-arm/argo/plugin/token.yaml
+++ b/部署-arm/argo/plugin/token.yaml
@@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: volcano-executor-plugin.service-account-token
  annotations:
    kubernetes.io/service-account.name: volcano-executor-plugin
 type: kubernetes.io/service-account-token
--- a/部署-arm/argo/plugin/token_argo.yaml
+++ b/部署-arm/argo/plugin/token_argo.yaml
@@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: argo.service-account-token
  annotations:
    kubernetes.io/service-account.name: argo
 type: kubernetes.io/service-account-token
--- a/部署-arm/argo/plugin/vcjob-test-dag.yaml
+++ b/部署-arm/argo/plugin/vcjob-test-dag.yaml
@@ -0,0 +1,181 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Workflow
 metadata:
  generateName: volcano-dag-job-
 spec:
  entrypoint: volcano-dag-job
  serviceAccountName: argo
  templates:
  - name: volcano-dag-job
    dag:
      tasks:
      - name: echo-start
        template: start
        arguments:
          parameters: [{name: message, value: echo start}]
      - name: wholesay
        template: hello-tmpl
        arguments:
          parameters: [{name: message, value: hello2a}, {name: task, value: hello2a}]
        dependencies: [echo-start]  
      - name: echo-end
        template: end
        arguments:
          parameters: [{name: message, value: echo end}]
        dependencies: [wholesay]   
  - name: start
    inputs:
      parameters:
      - name: message
    plugin:
      volcano:
        job:          
            apiVersion: batch.volcano.sh/v1alpha1
            kind: Job
            metadata:
              namespace: "{{workflow.namespace}}"
              name: "{{workflow.name}}-echo-start"
              ownerReferences:
              - apiVersion: argoproj.io/v1alpha1
                blockOwnerDeletion: true
                kind: Workflow
                name: "{{workflow.name}}"
                uid: "{{workflow.uid}}"
            spec:
              minAvailable: 1
              schedulerName: volcano
              policies:
              - event: PodEvicted
                action: RestartJob
              plugins:
                ssh: []
                env: []
                svc: []
              maxRetry: 1
              #queue: vc-queue
              tasks:
              - name: "task1"
                replicas: 1 
                template:
                  metadata:
                    name: helloworld1
                  spec:
                    containers:
                    - image: ccr.ccs.tencentyun.com/somunslotus/alpine:latest-arm
                      name: echo
                      imagePullPolicy: IfNotPresent
                      command: [echo, "{{inputs.parameters.message}}"] 
                      resources:
                        requests:
                          cpu: "100m"
                    restartPolicy: Never           
  - name: end
    inputs:
      parameters:
      - name: message
    plugin:
      volcano:
        job:          
            apiVersion: batch.volcano.sh/v1alpha1
            kind: Job
            metadata:
              namespace: "{{workflow.namespace}}"
              name: "{{workflow.name}}-echo-end"
              ownerReferences:
              - apiVersion: argoproj.io/v1alpha1
                blockOwnerDeletion: true
                kind: Workflow
                name: "{{workflow.name}}"
                uid: "{{workflow.uid}}"
            spec:
              minAvailable: 1
              schedulerName: volcano
              policies:
              - event: PodEvicted
                action: RestartJob
              plugins:
                ssh: []
                env: []
                svc: []
              maxRetry: 1
              #queue: vc-queue
              tasks:
              - name: "task1"
                replicas: 1 
                template:
                  metadata:
                    name: helloworld1
                  spec:
                    containers:
                    - image: ccr.ccs.tencentyun.com/somunslotus/alpine:latest-arm
                      name: echo
                      imagePullPolicy: IfNotPresent
                      command: [echo, "{{inputs.parameters.message}}"] 
                      resources:
                        requests:
                          cpu: "100m"
                    restartPolicy: Never        
  - name: hello-tmpl
    inputs:
      parameters:
      - name: message
      - name: task
    plugin:
      volcano:
        job:          
            apiVersion: batch.volcano.sh/v1alpha1
            kind: Job
            metadata:
              namespace: "{{workflow.namespace}}"
              name: "{{workflow.name}}-main-task"
              ownerReferences:
              - apiVersion: argoproj.io/v1alpha1
                blockOwnerDeletion: true
                kind: Workflow
                name: "{{workflow.name}}"
                uid: "{{workflow.uid}}"
            spec:
              minAvailable: 1
              schedulerName: volcano
              policies:
              - event: PodEvicted
                action: RestartJob
              plugins:
                ssh: []
                env: []
                svc: []
              maxRetry: 1
              #queue: vc-queue
              tasks:
              - name: "task999"
                replicas: 1 
                template:
                  metadata:
                    name: helloworld1
                  spec:
                    containers:
                    - image: ccr.ccs.tencentyun.com/somunslotus/alpine:latest-arm
                      imagePullPolicy: IfNotPresent
                      command: ["/bin/sh", "-c"]
                      args: [sleep 60]
                      name: hello111
                      resources:
                        requests:
                          cpu: "2"
                          memory: "8Gi"
                    restartPolicy: Never
              - name: "task999999"
                replicas: 1 
                template:
                  metadata:
                    name: helloworld222
                  spec:
                    containers:
                    - image: ccr.ccs.tencentyun.com/somunslotus/alpine:latest-arm
                      imagePullPolicy: IfNotPresent
                      command: [echo, "{{inputs.parameters.message}}"]
                      name: hello222
                      resources:
                        requests:
                          cpu: "100m"
                    restartPolicy: Never
--- a/部署-arm/argo/plugin/volcano-executor-plugin-configmap.yaml
+++ b/部署-arm/argo/plugin/volcano-executor-plugin-configmap.yaml
@@ -0,0 +1,29 @@
 # This is an auto-generated file. DO NOT EDIT
 apiVersion: v1
 data:
  sidecar.automountServiceAccountToken: "true"
  sidecar.container: |
    args:
    - server
    - --port
    - "8080"
    image: ccr.ccs.tencentyun.com/somunslotus/argo-execturo-plugin:v1-arm
    name: volcano-executor-plugin
    ports:
    - containerPort: 8080
    resources:
      limits:
        cpu: "1"
        memory: 512Mi
      requests:
        cpu: 250m
        memory: 64Mi
    securityContext:
      runAsNonRoot: false
      runAsUser: 0
 kind: ConfigMap
 metadata:
  creationTimestamp: null
  labels:
    workflows.argoproj.io/configmap-type: ExecutorPlugin
  name: volcano-executor-plugin
--- a/部署-arm/argo/rolebindings.yaml
+++ b/部署-arm/argo/rolebindings.yaml
@@ -0,0 +1,68 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: custom-workflow
  namespace: argo
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflows
    verbs:
      - create
      - get
      - list
      - watch
      - update
      - patch
      - delete
  - apiGroups:
      - ""
    resources:
      - pods
      - services
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - ""
    resources:
      - pods/exec
    verbs:
      - create
      - get
      - list
      - watch
      - update
      - patch
      - delete
  - apiGroups:
      - "apps"
    resources:
      - deployments
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
 ---

 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: custom-workflow-default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: custom-workflow
 subjects:
  - kind: ServiceAccount
    name: default
--- a/部署-arm/jupyter/Dockerfile
+++ b/部署-arm/jupyter/Dockerfile
@@ -0,0 +1,48 @@
 FROM arm64v8/ubuntu:latest

 ENV DEBIAN_FRONTEND=noninteractive PATH="/root/miniconda3/bin:${PATH}" TZ=Asia/Shanghai PIP_ROOT_USER_ACTION=ignore

 ARG PATH="/root/miniconda3/bin:${PATH}"

 ADD Miniconda3-py311_24.3.0-0-Linux-aarch64.sh .

 RUN bash *.sh -b -u && ~/miniconda3/bin/conda init bash && rm -rf Miniconda3* ~/.cache

 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo '$TZ' > /etc/timezone &&\
    rm -rf /etc/apt/sources.list.d/cuda* /etc/apt/sources.list.d/* && gpg --keyserver keyserver.ubuntu.com --recv-keys A4B469963BF863CC 2>&1 > /dev/null &&\
    gpg --export --armor A4B469963BF863CC | apt-key add - 2>&1 > /dev/null && apt-get update &&\
    apt-get install -y tmux screen vim wget curl net-tools apt-utils unzip zip git openssl libaio1 libaio-dev iputils-ping openssh-server openssh-client &&\
    apt-get install -y git-lfs libssl-dev openssl make gcc libffi-dev zlib1g-dev libbz2-dev software-properties-common nginx lsof iftop htop tcpdump sysstat &&\
    apt-get install -y locate cmake g++ build-essential zlib1g-dev libncurses5-dev libgdbm-dev language-pack-zh-hans tree libgl1 libglib2.0-0 &&\
    apt-get install -y libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev libbz2-dev libjpeg-dev &&\
    apt-get install -y build-essential liblzma-dev libsqlite3-dev pkg-config libnuma-dev libgl1-mesa-glx xvfb &&\
    apt-get install -y libssh2-1-dev ca-certificates libfreetype6-dev mlocate swig llvm libncursesw5-dev tk-dev &&\
    apt-get install -y openmpi-bin openmpi-common libopenmpi-dev && apt-get clean && rm -rf /var/lib/apt/lists/*

 RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg &&\
    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null &&\
    apt update && apt install gh && apt-get clean && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/*

 RUN pip install --upgrade pip

 RUN pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple && pip config set install.trusted-host pypi.tuna.tsinghua.edu.cn && pip config set global.timeout 60

 RUN pip install --no-cache-dir huggingface_hub modelscope cloudpickle tensorboard jupyterlab jupyterlab-language-pack-zh-CN

 ADD plugin.jupyterlab-settings /root/.jupyter/lab/user-settings/\@jupyterlab/translation-extension/

 RUN jupyter lab --generate-config

 RUN echo "c.ServerApp.allow_root = True\nc.ExtensionApp.open_browser = False\nc.ServerApp.password_required = False\nc.ServerApp.ip = '*'\nc.ServerApp.token = ''\nc.ServerApp.root_dir = '/opt/notebooks/'\nc.ServerApp.tornado_settings = {'headers':{'Content-Security-Policy':\"frame-ancestors  'self' * \"}}\nc.NotebookApp.terminado_settings = {'shell_command' : ['/bin/bash']}" >> /root/.jupyter/jupyter_lab_config.py
 # 设置环境变量以避免在Jupyter中出现问题

 ENV LANG C.UTF-8
 # 设置工作目录

 WORKDIR /opt

 # 启动Jupyter Notebook服务器，并且让它在后台持续运行
 CMD ["jupyter", "lab"]



--- a/部署-arm/jupyter/Dockerfile.bck
+++ b/部署-arm/jupyter/Dockerfile.bck
@@ -0,0 +1,13 @@
 FROM ccr.ccs.tencentyun.com/somunslotus/jupyter:test1

 ENV DEBIAN_FRONTEND=noninteractive PATH="/root/miniconda3/bin:${PATH}" TZ=Asia/Shanghai PIP_ROOT_USER_ACTION=ignore

 ARG PATH="/root/miniconda3/bin:${PATH}"

 ENV LANG C.UTF-8

 # 设置工作目录
 WORKDIR /opt

 # 启动Jupyter Notebook服务器，并且让它在后台持续运行
 CMD ["jupyter", "lab"]
--- a/部署-arm/jupyter/Miniconda3-py311_24.3.0-0-Linux-aarch64.sh
+++ b/部署-arm/jupyter/Miniconda3-py311_24.3.0-0-Linux-aarch64.sh
--- a/部署-arm/jupyter/plugin.jupyterlab-settings
+++ b/部署-arm/jupyter/plugin.jupyterlab-settings
@@ -0,0 +1,15 @@
 {
    // Extension Manager
    // @jupyterlab/extensionmanager-extension:plugin
    // Extension manager settings.
    // *********************************************

    // Disclaimed Status
    // Whether the user understand that extensions managed through this interface run arbitrary code that may be dangerous
    "disclaimed": true,

    // Enabled Status
    // Enables extension manager (requires Node.js/npm).
    // WARNING: installing untrusted extensions may be unsafe.
    "enabled": true
 }
--- a/部署-arm/local-storage/local-storage.yaml
+++ b/部署-arm/local-storage/local-storage.yaml
@@ -0,0 +1,161 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: local-path-storage

 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: local-path-provisioner-service-account
  namespace: local-path-storage

 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: local-path-provisioner-role
  namespace: local-path-storage
 rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]

 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: local-path-provisioner-role
 rules:
  - apiGroups: [""]
    resources: ["nodes", "persistentvolumeclaims", "configmaps", "pods", "pods/log"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]

 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: local-path-provisioner-bind
  namespace: local-path-storage
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: local-path-provisioner-role
 subjects:
  - kind: ServiceAccount
    name: local-path-provisioner-service-account
    namespace: local-path-storage

 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: local-path-provisioner-bind
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: local-path-provisioner-role
 subjects:
  - kind: ServiceAccount
    name: local-path-provisioner-service-account
    namespace: local-path-storage

 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: local-path-provisioner
  namespace: local-path-storage
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: local-path-provisioner
  template:
    metadata:
      labels:
        app: local-path-provisioner
    spec:
      serviceAccountName: local-path-provisioner-service-account
      containers:
        - name: local-path-provisioner
          image: ccr.ccs.tencentyun.com/somunslotus/rancher-local-path-provisioner:v0.0.30-arm
          imagePullPolicy: IfNotPresent
          command:
            - local-path-provisioner
            - --debug
            - start
            - --config
            - /etc/config/config.json
          volumeMounts:
            - name: config-volume
              mountPath: /etc/config/
          env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONFIG_MOUNT_PATH
              value: /etc/config/
      volumes:
        - name: config-volume
          configMap:
            name: local-path-config

 ---
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
  name: local-path
 provisioner: rancher.io/local-path
 volumeBindingMode: WaitForFirstConsumer
 reclaimPolicy: Delete

 ---
 kind: ConfigMap
 apiVersion: v1
 metadata:
  name: local-path-config
  namespace: local-path-storage
 data:
  config.json: |-
    {
      "nodePathMap":[
        {
          "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
          "paths":["/opt/local-path-provisioner"]
        }
      ]
    }
  setup: |-
    #!/bin/sh
    set -eu
    mkdir -m 0777 -p "$VOL_DIR"
  teardown: |-
    #!/bin/sh
    set -eu
    rm -rf "$VOL_DIR"
  helperPod.yaml: |-
    apiVersion: v1
    kind: Pod
    metadata:
      name: helper-pod
    spec:
      priorityClassName: system-node-critical
      tolerations:
        - key: node.kubernetes.io/disk-pressure
          operator: Exists
          effect: NoSchedule
      containers:
        - name: helper-pod
          image: busybox
          imagePullPolicy: IfNotPresent
--- a/部署-arm/loki-log/grafana/grafana.yml
+++ b/部署-arm/loki-log/grafana/grafana.yml
@@ -0,0 +1,84 @@
 #apiVersion: v1
 #kind: PersistentVolumeClaim
 #metadata:
 #  name: grafana-pvc
 #spec:
 #  storageClassName: juicefs-sc
 #  accessModes:
 #    - ReadWriteOnce
 #  resources:
 #    requests:
 #      storage: 10Gi
 #---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    app: grafana
  name: grafana
 spec:
  selector:
    matchLabels:
      app: grafana
  template:
    metadata:
      labels:
        app: grafana
    spec:
      securityContext:
        fsGroup: 472
        supplementalGroups:
          - 0
      containers:
        - name: grafana
          image: grafana/grafana:latest
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 3000
              name: http-grafana
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /robots.txt
              port: 3000
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 30
            successThreshold: 1
            timeoutSeconds: 2
          livenessProbe:
            failureThreshold: 3
            initialDelaySeconds: 30
            periodSeconds: 10
            successThreshold: 1
            tcpSocket:
              port: 3000
            timeoutSeconds: 1
          resources:
            requests:
              cpu: 1000m
              memory: 2000Mi
 #          volumeMounts:
 #            - mountPath: /var/lib/grafana
 #              name: grafana-hostpath
 #              subPath: grafana
 #      volumes:
 #        - name: grafana-hostpath
 #          hostPath:
 #            path: /platform-data
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: grafana
 spec:
  ports:
    - port: 3000
      protocol: TCP
      targetPort: http-grafana
      nodePort: 31825
  selector:
    app: grafana
  sessionAffinity: None
  type: NodePort
--- a/部署-arm/loki-log/grafana/install.md
+++ b/部署-arm/loki-log/grafana/install.md
@@ -0,0 +1,8 @@
 ## Install grafana on Loki-log

 安装之前需要确认storageclass是否存在，如果不存在，则需要创建storageclass

 ```
 kubectl create namespace loki-log
 kubectl apply -f grafana.yaml
 ```
--- a/部署-arm/loki-log/loki-images-pull.sh
+++ b/部署-arm/loki-log/loki-images-pull.sh
@@ -0,0 +1,29 @@
 #!/bin/bash

 # Define images and tags
 images=(
    "ccr.ccs.tencentyun.com/somunslotus/quay.io-prometheus-operator-prometheus-config-reloader:v0.67.1-arm quay.io/prometheus-operator/prometheus-config-reloader:v0.67.1"
    "ccr.ccs.tencentyun.com/somunslotus/grafana-agent:v0.39.1-arm grafana/agent:v0.39.1"
    "ccr.ccs.tencentyun.com/somunslotus/grafana-promtail:latest-arm grafana/promtail:latest"
    "ccr.ccs.tencentyun.com/somunslotus/nginxinc/nginx-unprivileged:1.24-alpine-arm nginxinc/nginx-unprivileged:1.24-alpine"
    "ccr.ccs.tencentyun.com/somunslotus/grafana-agent-operator:v0.39.1-arm grafana/agent-operator:v0.39.1"
    "ccr.ccs.tencentyun.com/somunslotus/grafana-loki:2.9.3-arm grafana/loki:2.9.3"
    "ccr.ccs.tencentyun.com/somunslotus/grafana-grafana:latest-arm grafana/grafana:latest"
 )

 # Loop through each image, pull, and tag
 for image in "${images[@]}"; do
    # Split each entry into source and destination
    src="${image%% *}"
    dst="${image##* }"
    
    # Pull the source image
    echo "Pulling $src..."
    docker pull "$src"
    
    # Tag the image to the original target
    echo "Tagging $src as $dst..."
    docker tag "$src" "$dst"
 done

 echo "All images have been pulled and retagged."
--- a/部署-arm/loki-log/loki/install.md
+++ b/部署-arm/loki-log/loki/install.md
@@ -0,0 +1,8 @@
 ## Install Loki
 安装前先确认values.yaml里面的strorageclass和s3(minio)配置正确

 ###
 ```
 kubectl create namespace loki-log
 helm upgrade --install loki ./loki  -n loki-log  -f values.yaml
 ```
--- a/部署-arm/loki-log/loki/loki-5.42.0.tgz
+++ b/部署-arm/loki-log/loki/loki-5.42.0.tgz
--- a/部署-arm/loki-log/loki/loki-manifest.yaml
+++ b/部署-arm/loki-log/loki/loki-manifest.yaml
--- a/部署-arm/loki-log/loki/loki-stack-2.10.2.tgz
+++ b/部署-arm/loki-log/loki/loki-stack-2.10.2.tgz
--- a/部署-arm/loki-log/loki/loki-stack-values.yaml
+++ b/部署-arm/loki-log/loki/loki-stack-values.yaml
@@ -0,0 +1,22 @@
 loki:
  enabled: true
  persistence:
    enabled: true
    storageClassName: hostpath
    accessModes:
      - ReadWriteOnce
    size: 10Gi

 promtail:
  enabled: true

 grafana:
  enabled: true
  service:
    type: NodePort
  persistence:
    enabled: true
    storageClassName: hostpath
    accessModes:
      - ReadWriteOnce
    size: 10Gi
--- a/部署-arm/loki-log/loki/loki/Chart.lock
+++ b/部署-arm/loki-log/loki/loki/Chart.lock
@@ -0,0 +1,9 @@
 dependencies:
 - name: minio
  repository: https://charts.min.io/
  version: 4.0.15
 - name: grafana-agent-operator
  repository: https://grafana.github.io/helm-charts
  version: 0.3.15
 digest: sha256:b7a42cd0e56544f6168a586fde03e26c801bb20cf69bc004a8f6000d93b98100
 generated: "2024-01-27T21:57:28.190462917+05:30"
--- a/部署-arm/loki-log/loki/loki/Chart.yaml
+++ b/部署-arm/loki-log/loki/loki/Chart.yaml
@@ -0,0 +1,26 @@
 apiVersion: v2
 appVersion: 2.9.3
 dependencies:
 - alias: minio
  condition: minio.enabled
  name: minio
  repository: https://charts.min.io/
  version: 4.0.15
 - alias: grafana-agent-operator
  condition: monitoring.selfMonitoring.grafanaAgent.installOperator
  name: grafana-agent-operator
  repository: https://grafana.github.io/helm-charts
  version: 0.3.15
 description: Helm chart for Grafana Loki in simple, scalable mode
 home: https://grafana.github.io/helm-charts
 icon: https://grafana.com/docs/loki/latest/logo_and_name.png
 maintainers:
 - name: trevorwhitney
 - name: jeschkies
 name: loki
 sources:
 - https://github.com/grafana/loki
 - https://grafana.com/oss/loki/
 - https://grafana.com/docs/loki/latest/
 type: application
 version: 5.42.0
--- a/部署-arm/loki-log/loki/loki/Makefile
+++ b/部署-arm/loki-log/loki/loki/Makefile
@@ -0,0 +1,7 @@
 .DEFAULT_GOAL := all
 .PHONY: lint lint-yaml

 lint: lint-yaml

 lint-yaml:
 	yamllint -c $(CURDIR)/src/.yamllint.yaml $(CURDIR)/src
--- a/部署-arm/loki-log/loki/loki/README.md
+++ b/部署-arm/loki-log/loki/loki/README.md
@@ -0,0 +1,20 @@
 # loki

 ![Version: 5.42.0](https://img.shields.io/badge/Version-5.42.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.3](https://img.shields.io/badge/AppVersion-2.9.3-informational?style=flat-square)

 Helm chart for Grafana Loki in simple, scalable mode

 ## Source Code

 * <https://github.com/grafana/loki>
 * <https://grafana.com/oss/loki/>
 * <https://grafana.com/docs/loki/latest/>

 ## Requirements

 | Repository | Name | Version |
 |------------|------|---------|
 | https://charts.min.io/ | minio(minio) | 4.0.15 |
 | https://grafana.github.io/helm-charts | grafana-agent-operator(grafana-agent-operator) | 0.3.15 |

 Find more information in the Loki Helm Chart [documentation](https://grafana.com/docs/loki/next/installation/helm).
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/.helmignore
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/.helmignore
@@ -0,0 +1,22 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/Chart.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/Chart.yaml
@@ -0,0 +1,13 @@
 apiVersion: v2
 appVersion: 0.39.1
 description: A Helm chart for Grafana Agent Operator
 home: https://grafana.com/docs/agent/v0.39/
 icon: https://raw.githubusercontent.com/grafana/agent/v0.39.1/docs/sources/assets/logo_and_name.png
 maintainers:
 - email: grafana-agent-team@googlegroups.com
  name: Grafana Agent Team
 name: grafana-agent-operator
 sources:
 - https://github.com/grafana/agent/tree/v0.39.1/pkg/operator
 type: application
 version: 0.3.15
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/README.md
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/README.md
@@ -0,0 +1,78 @@
 # grafana-agent-operator

 ![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.1](https://img.shields.io/badge/AppVersion-0.39.1-informational?style=flat-square)

 A Helm chart for Grafana Agent Operator

 ⚠️  **Please create issues relating to this Helm chart in the [Agent](https://github.com/grafana/agent/issues) repo.**

 ## Source Code

 * <https://github.com/grafana/agent/tree/v0.39.1/pkg/operator>

 Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources.

 To learn how to deploy these resources, please see Grafana's [Agent Operator getting started guide](https://grafana.com/docs/agent/latest/operator/getting-started/).

 ## CRDs

 The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs.

 ## Get Repo Info

 ```console
 helm repo add grafana https://grafana.github.io/helm-charts
 helm repo update
 ```

 _See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._

 ## Installing the Chart

 To install the chart with the release name `my-release`:

 ```console
 helm install my-release grafana/grafana-agent-operator
 ```

 ## Uninstalling the Chart

 To uninstall/delete the my-release deployment:

 ```console
 helm delete my-release
 ```

 The command removes all the Kubernetes components associated with the chart and deletes the release.

 ## Upgrading an existing Release to a new major version

 A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. Until this chart's version reaches `v1.0`, there are no promises of backwards compatibility.

 ## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Pod affinity configuration |
 | annotations | object | `{}` | Annotations for the Deployment |
 | containerSecurityContext | object | `{}` | Container security context (allowPrivilegeEscalation, etc.) |
 | extraArgs | list | `[]` | List of additional cli arguments to configure agent-operator (example: `--log.level`) |
 | fullnameOverride | string | `""` | Overrides the chart's computed fullname |
 | hostAliases | list | `[]` | hostAliases to add |
 | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
 | image.pullSecrets | list | `[]` | Image pull secrets |
 | image.registry | string | `"docker.io"` | Image registry |
 | image.repository | string | `"grafana/agent-operator"` | Image repo |
 | image.tag | string | `"v0.39.1"` | Image tag |
 | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets |
 | nameOverride | string | `""` | Overrides the chart's name |
 | nodeSelector | object | `{}` | nodeSelector configuration |
 | podAnnotations | object | `{}` | Annotations for the Deployment Pods |
 | podLabels | object | `{}` | Annotations for the Deployment Pods |
 | podSecurityContext | object | `{}` | Pod security context (runAsUser, etc.) |
 | rbac.create | bool | `true` | Toggle to create ClusterRole and ClusterRoleBinding |
 | rbac.podSecurityPolicyName | string | `""` | Name of a PodSecurityPolicy to use in the ClusterRole. If unset, no PodSecurityPolicy is used. |
 | resources | object | `{}` | Resource limits and requests config |
 | serviceAccount.create | bool | `true` | Toggle to create ServiceAccount |
 | serviceAccount.name | string | `nil` | Service account name |
 | tolerations | list | `[]` | Tolerations applied to Pods |
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/README.md.gotmpl
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/README.md.gotmpl
@@ -0,0 +1,52 @@
 {{ template "chart.header" . }}

 {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}

 {{ template "chart.description" . }}

 ⚠️  **Please create issues relating to this Helm chart in the [Agent](https://github.com/grafana/agent/issues) repo.**

 {{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

 Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources.

 To learn how to deploy these resources, please see Grafana's [Agent Operator getting started guide](https://grafana.com/docs/agent/latest/operator/getting-started/).

 ## CRDs

 The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs.

 ## Get Repo Info

 ```console
 helm repo add grafana https://grafana.github.io/helm-charts
 helm repo update
 ```

 _See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._

 ## Installing the Chart

 To install the chart with the release name `my-release`:

 ```console
 helm install my-release grafana/grafana-agent-operator
 ```

 ## Uninstalling the Chart

 To uninstall/delete the my-release deployment:

 ```console
 helm delete my-release
 ```

 The command removes all the Kubernetes components associated with the chart and deletes the release.

 ## Upgrading an existing Release to a new major version

 A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. Until this chart's version reaches `v1.0`, there are no promises of backwards compatibility.

 {{ template "chart.valuesSection" . }}
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml
@@ -0,0 +1,679 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.9.2
  creationTimestamp: null
  name: podmonitors.monitoring.coreos.com
 spec:
  group: monitoring.coreos.com
  names:
    categories:
    - prometheus-operator
    kind: PodMonitor
    listKind: PodMonitorList
    plural: podmonitors
    shortNames:
    - pmon
    singular: podmonitor
  scope: Namespaced
  versions:
  - name: v1
    schema:
      openAPIV3Schema:
        description: PodMonitor defines monitoring for a set of pods.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: Specification of desired Pod selection for target discovery
              by Prometheus.
            properties:
              attachMetadata:
                description: Attaches node metadata to discovered targets. Requires
                  Prometheus v2.35.0 and above.
                properties:
                  node:
                    description: When set to true, Prometheus must have permissions
                      to get Nodes.
                    type: boolean
                type: object
              jobLabel:
                description: The label to use to retrieve the job name from.
                type: string
              labelLimit:
                description: Per-scrape limit on number of labels that will be accepted
                  for a sample. Only valid in Prometheus versions 2.27.0 and newer.
                format: int64
                type: integer
              labelNameLengthLimit:
                description: Per-scrape limit on length of labels name that will be
                  accepted for a sample. Only valid in Prometheus versions 2.27.0
                  and newer.
                format: int64
                type: integer
              labelValueLengthLimit:
                description: Per-scrape limit on length of labels value that will
                  be accepted for a sample. Only valid in Prometheus versions 2.27.0
                  and newer.
                format: int64
                type: integer
              namespaceSelector:
                description: Selector to select which namespaces the Endpoints objects
                  are discovered from.
                properties:
                  any:
                    description: Boolean describing whether all namespaces are selected
                      in contrast to a list restricting them.
                    type: boolean
                  matchNames:
                    description: List of namespace names to select from.
                    items:
                      type: string
                    type: array
                type: object
              podMetricsEndpoints:
                description: A list of endpoints allowed as part of this PodMonitor.
                items:
                  description: PodMetricsEndpoint defines a scrapeable endpoint of
                    a Kubernetes Pod serving Prometheus metrics.
                  properties:
                    authorization:
                      description: Authorization section for this endpoint
                      properties:
                        credentials:
                          description: The secret's key that contains the credentials
                            of the request
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        type:
                          description: Set the authentication type. Defaults to Bearer,
                            Basic will cause an error
                          type: string
                      type: object
                    basicAuth:
                      description: 'BasicAuth allow an endpoint to authenticate over
                        basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
                      properties:
                        password:
                          description: The secret in the service monitor namespace
                            that contains the password for authentication.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        username:
                          description: The secret in the service monitor namespace
                            that contains the username for authentication.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                      type: object
                    bearerTokenSecret:
                      description: Secret to mount to read bearer token for scraping
                        targets. The secret needs to be in the same namespace as the
                        pod monitor and accessible by the Prometheus Operator.
                      properties:
                        key:
                          description: The key of the secret to select from.  Must
                            be a valid secret key.
                          type: string
                        name:
                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?'
                          type: string
                        optional:
                          description: Specify whether the Secret or its key must
                            be defined
                          type: boolean
                      required:
                      - key
                      type: object
                      x-kubernetes-map-type: atomic
                    enableHttp2:
                      description: Whether to enable HTTP2.
                      type: boolean
                    filterRunning:
                      description: 'Drop pods that are not running. (Failed, Succeeded).
                        Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase'
                      type: boolean
                    followRedirects:
                      description: FollowRedirects configures whether scrape requests
                        follow HTTP 3xx redirects.
                      type: boolean
                    honorLabels:
                      description: HonorLabels chooses the metric's labels on collisions
                        with target labels.
                      type: boolean
                    honorTimestamps:
                      description: HonorTimestamps controls whether Prometheus respects
                        the timestamps present in scraped data.
                      type: boolean
                    interval:
                      description: Interval at which metrics should be scraped If
                        not specified Prometheus' global scrape interval is used.
                      pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
                      type: string
                    metricRelabelings:
                      description: MetricRelabelConfigs to apply to samples before
                        ingestion.
                      items:
                        description: 'RelabelConfig allows dynamic rewriting of the
                          label set, being applied to samples before ingestion. It
                          defines `<metric_relabel_configs>`-section of Prometheus
                          configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
                        properties:
                          action:
                            default: replace
                            description: Action to perform based on regex matching.
                              Default is 'replace'. uppercase and lowercase actions
                              require Prometheus >= 2.36.
                            enum:
                            - replace
                            - Replace
                            - keep
                            - Keep
                            - drop
                            - Drop
                            - hashmod
                            - HashMod
                            - labelmap
                            - LabelMap
                            - labeldrop
                            - LabelDrop
                            - labelkeep
                            - LabelKeep
                            - lowercase
                            - Lowercase
                            - uppercase
                            - Uppercase
                            - keepequal
                            - KeepEqual
                            - dropequal
                            - DropEqual
                            type: string
                          modulus:
                            description: Modulus to take of the hash of the source
                              label values.
                            format: int64
                            type: integer
                          regex:
                            description: Regular expression against which the extracted
                              value is matched. Default is '(.*)'
                            type: string
                          replacement:
                            description: Replacement value against which a regex replace
                              is performed if the regular expression matches. Regex
                              capture groups are available. Default is '$1'
                            type: string
                          separator:
                            description: Separator placed between concatenated source
                              label values. default is ';'.
                            type: string
                          sourceLabels:
                            description: The source labels select values from existing
                              labels. Their content is concatenated using the configured
                              separator and matched against the configured regular
                              expression for the replace, keep, and drop actions.
                            items:
                              description: LabelName is a valid Prometheus label name
                                which may only contain ASCII letters, numbers, as
                                well as underscores.
                              pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
                              type: string
                            type: array
                          targetLabel:
                            description: Label to which the resulting value is written
                              in a replace action. It is mandatory for replace actions.
                              Regex capture groups are available.
                            type: string
                        type: object
                      type: array
                    oauth2:
                      description: OAuth2 for the URL. Only valid in Prometheus versions
                        2.27.0 and newer.
                      properties:
                        clientId:
                          description: The secret or configmap containing the OAuth2
                            client id
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        clientSecret:
                          description: The secret containing the OAuth2 client secret
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        endpointParams:
                          additionalProperties:
                            type: string
                          description: Parameters to append to the token URL
                          type: object
                        scopes:
                          description: OAuth2 scopes used for the token request
                          items:
                            type: string
                          type: array
                        tokenUrl:
                          description: The URL to fetch the token from
                          minLength: 1
                          type: string
                      required:
                      - clientId
                      - clientSecret
                      - tokenUrl
                      type: object
                    params:
                      additionalProperties:
                        items:
                          type: string
                        type: array
                      description: Optional HTTP URL parameters
                      type: object
                    path:
                      description: HTTP path to scrape for metrics. If empty, Prometheus
                        uses the default value (e.g. `/metrics`).
                      type: string
                    port:
                      description: Name of the pod port this endpoint refers to. Mutually
                        exclusive with targetPort.
                      type: string
                    proxyUrl:
                      description: ProxyURL eg http://proxyserver:2195 Directs scrapes
                        to proxy through this endpoint.
                      type: string
                    relabelings:
                      description: 'RelabelConfigs to apply to samples before scraping.
                        Prometheus Operator automatically adds relabelings for a few
                        standard Kubernetes fields. The original scrape job''s name
                        is available via the `__tmp_prometheus_job_name` label. More
                        info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
                      items:
                        description: 'RelabelConfig allows dynamic rewriting of the
                          label set, being applied to samples before ingestion. It
                          defines `<metric_relabel_configs>`-section of Prometheus
                          configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
                        properties:
                          action:
                            default: replace
                            description: Action to perform based on regex matching.
                              Default is 'replace'. uppercase and lowercase actions
                              require Prometheus >= 2.36.
                            enum:
                            - replace
                            - Replace
                            - keep
                            - Keep
                            - drop
                            - Drop
                            - hashmod
                            - HashMod
                            - labelmap
                            - LabelMap
                            - labeldrop
                            - LabelDrop
                            - labelkeep
                            - LabelKeep
                            - lowercase
                            - Lowercase
                            - uppercase
                            - Uppercase
                            - keepequal
                            - KeepEqual
                            - dropequal
                            - DropEqual
                            type: string
                          modulus:
                            description: Modulus to take of the hash of the source
                              label values.
                            format: int64
                            type: integer
                          regex:
                            description: Regular expression against which the extracted
                              value is matched. Default is '(.*)'
                            type: string
                          replacement:
                            description: Replacement value against which a regex replace
                              is performed if the regular expression matches. Regex
                              capture groups are available. Default is '$1'
                            type: string
                          separator:
                            description: Separator placed between concatenated source
                              label values. default is ';'.
                            type: string
                          sourceLabels:
                            description: The source labels select values from existing
                              labels. Their content is concatenated using the configured
                              separator and matched against the configured regular
                              expression for the replace, keep, and drop actions.
                            items:
                              description: LabelName is a valid Prometheus label name
                                which may only contain ASCII letters, numbers, as
                                well as underscores.
                              pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
                              type: string
                            type: array
                          targetLabel:
                            description: Label to which the resulting value is written
                              in a replace action. It is mandatory for replace actions.
                              Regex capture groups are available.
                            type: string
                        type: object
                      type: array
                    scheme:
                      description: HTTP scheme to use for scraping. `http` and `https`
                        are the expected values unless you rewrite the `__scheme__`
                        label via relabeling. If empty, Prometheus uses the default
                        value `http`.
                      enum:
                      - http
                      - https
                      type: string
                    scrapeTimeout:
                      description: Timeout after which the scrape is ended If not
                        specified, the Prometheus global scrape interval is used.
                      pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
                      type: string
                    targetPort:
                      anyOf:
                      - type: integer
                      - type: string
                      description: 'Deprecated: Use ''port'' instead.'
                      x-kubernetes-int-or-string: true
                    tlsConfig:
                      description: TLS configuration to use when scraping the endpoint.
                      properties:
                        ca:
                          description: Certificate authority used when verifying server
                            certificates.
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        cert:
                          description: Client certificate to present when doing client-authentication.
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        insecureSkipVerify:
                          description: Disable target certificate validation.
                          type: boolean
                        keySecret:
                          description: Secret containing the client key file for the
                            targets.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        serverName:
                          description: Used to verify the hostname for the targets.
                          type: string
                      type: object
                  type: object
                type: array
              podTargetLabels:
                description: PodTargetLabels transfers labels on the Kubernetes Pod
                  onto the target.
                items:
                  type: string
                type: array
              sampleLimit:
                description: SampleLimit defines per-scrape limit on number of scraped
                  samples that will be accepted.
                format: int64
                type: integer
              selector:
                description: Selector to select Pod objects.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              targetLimit:
                description: TargetLimit defines a limit on the number of scraped
                  targets that will be accepted.
                format: int64
                type: integer
            required:
            - podMetricsEndpoints
            - selector
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml
@@ -0,0 +1,722 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.9.2
  creationTimestamp: null
  name: probes.monitoring.coreos.com
 spec:
  group: monitoring.coreos.com
  names:
    categories:
    - prometheus-operator
    kind: Probe
    listKind: ProbeList
    plural: probes
    shortNames:
    - prb
    singular: probe
  scope: Namespaced
  versions:
  - name: v1
    schema:
      openAPIV3Schema:
        description: Probe defines monitoring for a set of static targets or ingresses.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: Specification of desired Ingress selection for target discovery
              by Prometheus.
            properties:
              authorization:
                description: Authorization section for this endpoint
                properties:
                  credentials:
                    description: The secret's key that contains the credentials of
                      the request
                    properties:
                      key:
                        description: The key of the secret to select from.  Must be
                          a valid secret key.
                        type: string
                      name:
                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                          TODO: Add other useful fields. apiVersion, kind, uid?'
                        type: string
                      optional:
                        description: Specify whether the Secret or its key must be
                          defined
                        type: boolean
                    required:
                    - key
                    type: object
                    x-kubernetes-map-type: atomic
                  type:
                    description: Set the authentication type. Defaults to Bearer,
                      Basic will cause an error
                    type: string
                type: object
              basicAuth:
                description: 'BasicAuth allow an endpoint to authenticate over basic
                  authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
                properties:
                  password:
                    description: The secret in the service monitor namespace that
                      contains the password for authentication.
                    properties:
                      key:
                        description: The key of the secret to select from.  Must be
                          a valid secret key.
                        type: string
                      name:
                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                          TODO: Add other useful fields. apiVersion, kind, uid?'
                        type: string
                      optional:
                        description: Specify whether the Secret or its key must be
                          defined
                        type: boolean
                    required:
                    - key
                    type: object
                    x-kubernetes-map-type: atomic
                  username:
                    description: The secret in the service monitor namespace that
                      contains the username for authentication.
                    properties:
                      key:
                        description: The key of the secret to select from.  Must be
                          a valid secret key.
                        type: string
                      name:
                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                          TODO: Add other useful fields. apiVersion, kind, uid?'
                        type: string
                      optional:
                        description: Specify whether the Secret or its key must be
                          defined
                        type: boolean
                    required:
                    - key
                    type: object
                    x-kubernetes-map-type: atomic
                type: object
              bearerTokenSecret:
                description: Secret to mount to read bearer token for scraping targets.
                  The secret needs to be in the same namespace as the probe and accessible
                  by the Prometheus Operator.
                properties:
                  key:
                    description: The key of the secret to select from.  Must be a
                      valid secret key.
                    type: string
                  name:
                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                      TODO: Add other useful fields. apiVersion, kind, uid?'
                    type: string
                  optional:
                    description: Specify whether the Secret or its key must be defined
                    type: boolean
                required:
                - key
                type: object
                x-kubernetes-map-type: atomic
              interval:
                description: Interval at which targets are probed using the configured
                  prober. If not specified Prometheus' global scrape interval is used.
                pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
                type: string
              jobName:
                description: The job name assigned to scraped metrics by default.
                type: string
              labelLimit:
                description: Per-scrape limit on number of labels that will be accepted
                  for a sample. Only valid in Prometheus versions 2.27.0 and newer.
                format: int64
                type: integer
              labelNameLengthLimit:
                description: Per-scrape limit on length of labels name that will be
                  accepted for a sample. Only valid in Prometheus versions 2.27.0
                  and newer.
                format: int64
                type: integer
              labelValueLengthLimit:
                description: Per-scrape limit on length of labels value that will
                  be accepted for a sample. Only valid in Prometheus versions 2.27.0
                  and newer.
                format: int64
                type: integer
              metricRelabelings:
                description: MetricRelabelConfigs to apply to samples before ingestion.
                items:
                  description: 'RelabelConfig allows dynamic rewriting of the label
                    set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section
                    of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
                  properties:
                    action:
                      default: replace
                      description: Action to perform based on regex matching. Default
                        is 'replace'. uppercase and lowercase actions require Prometheus
                        >= 2.36.
                      enum:
                      - replace
                      - Replace
                      - keep
                      - Keep
                      - drop
                      - Drop
                      - hashmod
                      - HashMod
                      - labelmap
                      - LabelMap
                      - labeldrop
                      - LabelDrop
                      - labelkeep
                      - LabelKeep
                      - lowercase
                      - Lowercase
                      - uppercase
                      - Uppercase
                      - keepequal
                      - KeepEqual
                      - dropequal
                      - DropEqual
                      type: string
                    modulus:
                      description: Modulus to take of the hash of the source label
                        values.
                      format: int64
                      type: integer
                    regex:
                      description: Regular expression against which the extracted
                        value is matched. Default is '(.*)'
                      type: string
                    replacement:
                      description: Replacement value against which a regex replace
                        is performed if the regular expression matches. Regex capture
                        groups are available. Default is '$1'
                      type: string
                    separator:
                      description: Separator placed between concatenated source label
                        values. default is ';'.
                      type: string
                    sourceLabels:
                      description: The source labels select values from existing labels.
                        Their content is concatenated using the configured separator
                        and matched against the configured regular expression for
                        the replace, keep, and drop actions.
                      items:
                        description: LabelName is a valid Prometheus label name which
                          may only contain ASCII letters, numbers, as well as underscores.
                        pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
                        type: string
                      type: array
                    targetLabel:
                      description: Label to which the resulting value is written in
                        a replace action. It is mandatory for replace actions. Regex
                        capture groups are available.
                      type: string
                  type: object
                type: array
              module:
                description: 'The module to use for probing specifying how to probe
                  the target. Example module configuring in the blackbox exporter:
                  https://github.com/prometheus/blackbox_exporter/blob/master/example.yml'
                type: string
              oauth2:
                description: OAuth2 for the URL. Only valid in Prometheus versions
                  2.27.0 and newer.
                properties:
                  clientId:
                    description: The secret or configmap containing the OAuth2 client
                      id
                    properties:
                      configMap:
                        description: ConfigMap containing data to use for the targets.
                        properties:
                          key:
                            description: The key to select.
                            type: string
                          name:
                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                              TODO: Add other useful fields. apiVersion, kind, uid?'
                            type: string
                          optional:
                            description: Specify whether the ConfigMap or its key
                              must be defined
                            type: boolean
                        required:
                        - key
                        type: object
                        x-kubernetes-map-type: atomic
                      secret:
                        description: Secret containing data to use for the targets.
                        properties:
                          key:
                            description: The key of the secret to select from.  Must
                              be a valid secret key.
                            type: string
                          name:
                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                              TODO: Add other useful fields. apiVersion, kind, uid?'
                            type: string
                          optional:
                            description: Specify whether the Secret or its key must
                              be defined
                            type: boolean
                        required:
                        - key
                        type: object
                        x-kubernetes-map-type: atomic
                    type: object
                  clientSecret:
                    description: The secret containing the OAuth2 client secret
                    properties:
                      key:
                        description: The key of the secret to select from.  Must be
                          a valid secret key.
                        type: string
                      name:
                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                          TODO: Add other useful fields. apiVersion, kind, uid?'
                        type: string
                      optional:
                        description: Specify whether the Secret or its key must be
                          defined
                        type: boolean
                    required:
                    - key
                    type: object
                    x-kubernetes-map-type: atomic
                  endpointParams:
                    additionalProperties:
                      type: string
                    description: Parameters to append to the token URL
                    type: object
                  scopes:
                    description: OAuth2 scopes used for the token request
                    items:
                      type: string
                    type: array
                  tokenUrl:
                    description: The URL to fetch the token from
                    minLength: 1
                    type: string
                required:
                - clientId
                - clientSecret
                - tokenUrl
                type: object
              prober:
                description: Specification for the prober to use for probing targets.
                  The prober.URL parameter is required. Targets cannot be probed if
                  left empty.
                properties:
                  path:
                    default: /probe
                    description: Path to collect metrics from. Defaults to `/probe`.
                    type: string
                  proxyUrl:
                    description: Optional ProxyURL.
                    type: string
                  scheme:
                    description: HTTP scheme to use for scraping. `http` and `https`
                      are the expected values unless you rewrite the `__scheme__`
                      label via relabeling. If empty, Prometheus uses the default
                      value `http`.
                    enum:
                    - http
                    - https
                    type: string
                  url:
                    description: Mandatory URL of the prober.
                    type: string
                required:
                - url
                type: object
              sampleLimit:
                description: SampleLimit defines per-scrape limit on number of scraped
                  samples that will be accepted.
                format: int64
                type: integer
              scrapeTimeout:
                description: Timeout for scraping metrics from the Prometheus exporter.
                  If not specified, the Prometheus global scrape timeout is used.
                pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
                type: string
              targetLimit:
                description: TargetLimit defines a limit on the number of scraped
                  targets that will be accepted.
                format: int64
                type: integer
              targets:
                description: Targets defines a set of static or dynamically discovered
                  targets to probe.
                properties:
                  ingress:
                    description: ingress defines the Ingress objects to probe and
                      the relabeling configuration. If `staticConfig` is also defined,
                      `staticConfig` takes precedence.
                    properties:
                      namespaceSelector:
                        description: From which namespaces to select Ingress objects.
                        properties:
                          any:
                            description: Boolean describing whether all namespaces
                              are selected in contrast to a list restricting them.
                            type: boolean
                          matchNames:
                            description: List of namespace names to select from.
                            items:
                              type: string
                            type: array
                        type: object
                      relabelingConfigs:
                        description: 'RelabelConfigs to apply to the label set of
                          the target before it gets scraped. The original ingress
                          address is available via the `__tmp_prometheus_ingress_address`
                          label. It can be used to customize the probed URL. The original
                          scrape job''s name is available via the `__tmp_prometheus_job_name`
                          label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
                        items:
                          description: 'RelabelConfig allows dynamic rewriting of
                            the label set, being applied to samples before ingestion.
                            It defines `<metric_relabel_configs>`-section of Prometheus
                            configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
                          properties:
                            action:
                              default: replace
                              description: Action to perform based on regex matching.
                                Default is 'replace'. uppercase and lowercase actions
                                require Prometheus >= 2.36.
                              enum:
                              - replace
                              - Replace
                              - keep
                              - Keep
                              - drop
                              - Drop
                              - hashmod
                              - HashMod
                              - labelmap
                              - LabelMap
                              - labeldrop
                              - LabelDrop
                              - labelkeep
                              - LabelKeep
                              - lowercase
                              - Lowercase
                              - uppercase
                              - Uppercase
                              - keepequal
                              - KeepEqual
                              - dropequal
                              - DropEqual
                              type: string
                            modulus:
                              description: Modulus to take of the hash of the source
                                label values.
                              format: int64
                              type: integer
                            regex:
                              description: Regular expression against which the extracted
                                value is matched. Default is '(.*)'
                              type: string
                            replacement:
                              description: Replacement value against which a regex
                                replace is performed if the regular expression matches.
                                Regex capture groups are available. Default is '$1'
                              type: string
                            separator:
                              description: Separator placed between concatenated source
                                label values. default is ';'.
                              type: string
                            sourceLabels:
                              description: The source labels select values from existing
                                labels. Their content is concatenated using the configured
                                separator and matched against the configured regular
                                expression for the replace, keep, and drop actions.
                              items:
                                description: LabelName is a valid Prometheus label
                                  name which may only contain ASCII letters, numbers,
                                  as well as underscores.
                                pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
                                type: string
                              type: array
                            targetLabel:
                              description: Label to which the resulting value is written
                                in a replace action. It is mandatory for replace actions.
                                Regex capture groups are available.
                              type: string
                          type: object
                        type: array
                      selector:
                        description: Selector to select the Ingress objects.
                        properties:
                          matchExpressions:
                            description: matchExpressions is a list of label selector
                              requirements. The requirements are ANDed.
                            items:
                              description: A label selector requirement is a selector
                                that contains values, a key, and an operator that
                                relates the key and values.
                              properties:
                                key:
                                  description: key is the label key that the selector
                                    applies to.
                                  type: string
                                operator:
                                  description: operator represents a key's relationship
                                    to a set of values. Valid operators are In, NotIn,
                                    Exists and DoesNotExist.
                                  type: string
                                values:
                                  description: values is an array of string values.
                                    If the operator is In or NotIn, the values array
                                    must be non-empty. If the operator is Exists or
                                    DoesNotExist, the values array must be empty.
                                    This array is replaced during a strategic merge
                                    patch.
                                  items:
                                    type: string
                                  type: array
                              required:
                              - key
                              - operator
                              type: object
                            type: array
                          matchLabels:
                            additionalProperties:
                              type: string
                            description: matchLabels is a map of {key,value} pairs.
                              A single {key,value} in the matchLabels map is equivalent
                              to an element of matchExpressions, whose key field is
                              "key", the operator is "In", and the values array contains
                              only "value". The requirements are ANDed.
                            type: object
                        type: object
                        x-kubernetes-map-type: atomic
                    type: object
                  staticConfig:
                    description: 'staticConfig defines the static list of targets
                      to probe and the relabeling configuration. If `ingress` is also
                      defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.'
                    properties:
                      labels:
                        additionalProperties:
                          type: string
                        description: Labels assigned to all metrics scraped from the
                          targets.
                        type: object
                      relabelingConfigs:
                        description: 'RelabelConfigs to apply to the label set of
                          the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
                        items:
                          description: 'RelabelConfig allows dynamic rewriting of
                            the label set, being applied to samples before ingestion.
                            It defines `<metric_relabel_configs>`-section of Prometheus
                            configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
                          properties:
                            action:
                              default: replace
                              description: Action to perform based on regex matching.
                                Default is 'replace'. uppercase and lowercase actions
                                require Prometheus >= 2.36.
                              enum:
                              - replace
                              - Replace
                              - keep
                              - Keep
                              - drop
                              - Drop
                              - hashmod
                              - HashMod
                              - labelmap
                              - LabelMap
                              - labeldrop
                              - LabelDrop
                              - labelkeep
                              - LabelKeep
                              - lowercase
                              - Lowercase
                              - uppercase
                              - Uppercase
                              - keepequal
                              - KeepEqual
                              - dropequal
                              - DropEqual
                              type: string
                            modulus:
                              description: Modulus to take of the hash of the source
                                label values.
                              format: int64
                              type: integer
                            regex:
                              description: Regular expression against which the extracted
                                value is matched. Default is '(.*)'
                              type: string
                            replacement:
                              description: Replacement value against which a regex
                                replace is performed if the regular expression matches.
                                Regex capture groups are available. Default is '$1'
                              type: string
                            separator:
                              description: Separator placed between concatenated source
                                label values. default is ';'.
                              type: string
                            sourceLabels:
                              description: The source labels select values from existing
                                labels. Their content is concatenated using the configured
                                separator and matched against the configured regular
                                expression for the replace, keep, and drop actions.
                              items:
                                description: LabelName is a valid Prometheus label
                                  name which may only contain ASCII letters, numbers,
                                  as well as underscores.
                                pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
                                type: string
                              type: array
                            targetLabel:
                              description: Label to which the resulting value is written
                                in a replace action. It is mandatory for replace actions.
                                Regex capture groups are available.
                              type: string
                          type: object
                        type: array
                      static:
                        description: The list of hosts to probe.
                        items:
                          type: string
                        type: array
                    type: object
                type: object
              tlsConfig:
                description: TLS configuration to use when scraping the endpoint.
                properties:
                  ca:
                    description: Certificate authority used when verifying server
                      certificates.
                    properties:
                      configMap:
                        description: ConfigMap containing data to use for the targets.
                        properties:
                          key:
                            description: The key to select.
                            type: string
                          name:
                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                              TODO: Add other useful fields. apiVersion, kind, uid?'
                            type: string
                          optional:
                            description: Specify whether the ConfigMap or its key
                              must be defined
                            type: boolean
                        required:
                        - key
                        type: object
                        x-kubernetes-map-type: atomic
                      secret:
                        description: Secret containing data to use for the targets.
                        properties:
                          key:
                            description: The key of the secret to select from.  Must
                              be a valid secret key.
                            type: string
                          name:
                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                              TODO: Add other useful fields. apiVersion, kind, uid?'
                            type: string
                          optional:
                            description: Specify whether the Secret or its key must
                              be defined
                            type: boolean
                        required:
                        - key
                        type: object
                        x-kubernetes-map-type: atomic
                    type: object
                  cert:
                    description: Client certificate to present when doing client-authentication.
                    properties:
                      configMap:
                        description: ConfigMap containing data to use for the targets.
                        properties:
                          key:
                            description: The key to select.
                            type: string
                          name:
                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                              TODO: Add other useful fields. apiVersion, kind, uid?'
                            type: string
                          optional:
                            description: Specify whether the ConfigMap or its key
                              must be defined
                            type: boolean
                        required:
                        - key
                        type: object
                        x-kubernetes-map-type: atomic
                      secret:
                        description: Secret containing data to use for the targets.
                        properties:
                          key:
                            description: The key of the secret to select from.  Must
                              be a valid secret key.
                            type: string
                          name:
                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                              TODO: Add other useful fields. apiVersion, kind, uid?'
                            type: string
                          optional:
                            description: Specify whether the Secret or its key must
                              be defined
                            type: boolean
                        required:
                        - key
                        type: object
                        x-kubernetes-map-type: atomic
                    type: object
                  insecureSkipVerify:
                    description: Disable target certificate validation.
                    type: boolean
                  keySecret:
                    description: Secret containing the client key file for the targets.
                    properties:
                      key:
                        description: The key of the secret to select from.  Must be
                          a valid secret key.
                        type: string
                      name:
                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                          TODO: Add other useful fields. apiVersion, kind, uid?'
                        type: string
                      optional:
                        description: Specify whether the Secret or its key must be
                          defined
                        type: boolean
                    required:
                    - key
                    type: object
                    x-kubernetes-map-type: atomic
                  serverName:
                    description: Used to verify the hostname for the targets.
                    type: string
                type: object
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml
@@ -0,0 +1,709 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.9.2
  creationTimestamp: null
  name: servicemonitors.monitoring.coreos.com
 spec:
  group: monitoring.coreos.com
  names:
    categories:
    - prometheus-operator
    kind: ServiceMonitor
    listKind: ServiceMonitorList
    plural: servicemonitors
    shortNames:
    - smon
    singular: servicemonitor
  scope: Namespaced
  versions:
  - name: v1
    schema:
      openAPIV3Schema:
        description: ServiceMonitor defines monitoring for a set of services.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: Specification of desired Service selection for target discovery
              by Prometheus.
            properties:
              attachMetadata:
                description: Attaches node metadata to discovered targets. Requires
                  Prometheus v2.37.0 and above.
                properties:
                  node:
                    description: When set to true, Prometheus must have permissions
                      to get Nodes.
                    type: boolean
                type: object
              endpoints:
                description: A list of endpoints allowed as part of this ServiceMonitor.
                items:
                  description: Endpoint defines a scrapeable endpoint serving Prometheus
                    metrics.
                  properties:
                    authorization:
                      description: Authorization section for this endpoint
                      properties:
                        credentials:
                          description: The secret's key that contains the credentials
                            of the request
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        type:
                          description: Set the authentication type. Defaults to Bearer,
                            Basic will cause an error
                          type: string
                      type: object
                    basicAuth:
                      description: 'BasicAuth allow an endpoint to authenticate over
                        basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
                      properties:
                        password:
                          description: The secret in the service monitor namespace
                            that contains the password for authentication.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        username:
                          description: The secret in the service monitor namespace
                            that contains the username for authentication.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                      type: object
                    bearerTokenFile:
                      description: File to read bearer token for scraping targets.
                      type: string
                    bearerTokenSecret:
                      description: Secret to mount to read bearer token for scraping
                        targets. The secret needs to be in the same namespace as the
                        service monitor and accessible by the Prometheus Operator.
                      properties:
                        key:
                          description: The key of the secret to select from.  Must
                            be a valid secret key.
                          type: string
                        name:
                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?'
                          type: string
                        optional:
                          description: Specify whether the Secret or its key must
                            be defined
                          type: boolean
                      required:
                      - key
                      type: object
                      x-kubernetes-map-type: atomic
                    enableHttp2:
                      description: Whether to enable HTTP2.
                      type: boolean
                    filterRunning:
                      description: 'Drop pods that are not running. (Failed, Succeeded).
                        Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase'
                      type: boolean
                    followRedirects:
                      description: FollowRedirects configures whether scrape requests
                        follow HTTP 3xx redirects.
                      type: boolean
                    honorLabels:
                      description: HonorLabels chooses the metric's labels on collisions
                        with target labels.
                      type: boolean
                    honorTimestamps:
                      description: HonorTimestamps controls whether Prometheus respects
                        the timestamps present in scraped data.
                      type: boolean
                    interval:
                      description: Interval at which metrics should be scraped If
                        not specified Prometheus' global scrape interval is used.
                      pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
                      type: string
                    metricRelabelings:
                      description: MetricRelabelConfigs to apply to samples before
                        ingestion.
                      items:
                        description: 'RelabelConfig allows dynamic rewriting of the
                          label set, being applied to samples before ingestion. It
                          defines `<metric_relabel_configs>`-section of Prometheus
                          configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
                        properties:
                          action:
                            default: replace
                            description: Action to perform based on regex matching.
                              Default is 'replace'. uppercase and lowercase actions
                              require Prometheus >= 2.36.
                            enum:
                            - replace
                            - Replace
                            - keep
                            - Keep
                            - drop
                            - Drop
                            - hashmod
                            - HashMod
                            - labelmap
                            - LabelMap
                            - labeldrop
                            - LabelDrop
                            - labelkeep
                            - LabelKeep
                            - lowercase
                            - Lowercase
                            - uppercase
                            - Uppercase
                            - keepequal
                            - KeepEqual
                            - dropequal
                            - DropEqual
                            type: string
                          modulus:
                            description: Modulus to take of the hash of the source
                              label values.
                            format: int64
                            type: integer
                          regex:
                            description: Regular expression against which the extracted
                              value is matched. Default is '(.*)'
                            type: string
                          replacement:
                            description: Replacement value against which a regex replace
                              is performed if the regular expression matches. Regex
                              capture groups are available. Default is '$1'
                            type: string
                          separator:
                            description: Separator placed between concatenated source
                              label values. default is ';'.
                            type: string
                          sourceLabels:
                            description: The source labels select values from existing
                              labels. Their content is concatenated using the configured
                              separator and matched against the configured regular
                              expression for the replace, keep, and drop actions.
                            items:
                              description: LabelName is a valid Prometheus label name
                                which may only contain ASCII letters, numbers, as
                                well as underscores.
                              pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
                              type: string
                            type: array
                          targetLabel:
                            description: Label to which the resulting value is written
                              in a replace action. It is mandatory for replace actions.
                              Regex capture groups are available.
                            type: string
                        type: object
                      type: array
                    oauth2:
                      description: OAuth2 for the URL. Only valid in Prometheus versions
                        2.27.0 and newer.
                      properties:
                        clientId:
                          description: The secret or configmap containing the OAuth2
                            client id
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        clientSecret:
                          description: The secret containing the OAuth2 client secret
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        endpointParams:
                          additionalProperties:
                            type: string
                          description: Parameters to append to the token URL
                          type: object
                        scopes:
                          description: OAuth2 scopes used for the token request
                          items:
                            type: string
                          type: array
                        tokenUrl:
                          description: The URL to fetch the token from
                          minLength: 1
                          type: string
                      required:
                      - clientId
                      - clientSecret
                      - tokenUrl
                      type: object
                    params:
                      additionalProperties:
                        items:
                          type: string
                        type: array
                      description: Optional HTTP URL parameters
                      type: object
                    path:
                      description: HTTP path to scrape for metrics. If empty, Prometheus
                        uses the default value (e.g. `/metrics`).
                      type: string
                    port:
                      description: Name of the service port this endpoint refers to.
                        Mutually exclusive with targetPort.
                      type: string
                    proxyUrl:
                      description: ProxyURL eg http://proxyserver:2195 Directs scrapes
                        to proxy through this endpoint.
                      type: string
                    relabelings:
                      description: 'RelabelConfigs to apply to samples before scraping.
                        Prometheus Operator automatically adds relabelings for a few
                        standard Kubernetes fields. The original scrape job''s name
                        is available via the `__tmp_prometheus_job_name` label. More
                        info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
                      items:
                        description: 'RelabelConfig allows dynamic rewriting of the
                          label set, being applied to samples before ingestion. It
                          defines `<metric_relabel_configs>`-section of Prometheus
                          configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
                        properties:
                          action:
                            default: replace
                            description: Action to perform based on regex matching.
                              Default is 'replace'. uppercase and lowercase actions
                              require Prometheus >= 2.36.
                            enum:
                            - replace
                            - Replace
                            - keep
                            - Keep
                            - drop
                            - Drop
                            - hashmod
                            - HashMod
                            - labelmap
                            - LabelMap
                            - labeldrop
                            - LabelDrop
                            - labelkeep
                            - LabelKeep
                            - lowercase
                            - Lowercase
                            - uppercase
                            - Uppercase
                            - keepequal
                            - KeepEqual
                            - dropequal
                            - DropEqual
                            type: string
                          modulus:
                            description: Modulus to take of the hash of the source
                              label values.
                            format: int64
                            type: integer
                          regex:
                            description: Regular expression against which the extracted
                              value is matched. Default is '(.*)'
                            type: string
                          replacement:
                            description: Replacement value against which a regex replace
                              is performed if the regular expression matches. Regex
                              capture groups are available. Default is '$1'
                            type: string
                          separator:
                            description: Separator placed between concatenated source
                              label values. default is ';'.
                            type: string
                          sourceLabels:
                            description: The source labels select values from existing
                              labels. Their content is concatenated using the configured
                              separator and matched against the configured regular
                              expression for the replace, keep, and drop actions.
                            items:
                              description: LabelName is a valid Prometheus label name
                                which may only contain ASCII letters, numbers, as
                                well as underscores.
                              pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
                              type: string
                            type: array
                          targetLabel:
                            description: Label to which the resulting value is written
                              in a replace action. It is mandatory for replace actions.
                              Regex capture groups are available.
                            type: string
                        type: object
                      type: array
                    scheme:
                      description: HTTP scheme to use for scraping. `http` and `https`
                        are the expected values unless you rewrite the `__scheme__`
                        label via relabeling. If empty, Prometheus uses the default
                        value `http`.
                      enum:
                      - http
                      - https
                      type: string
                    scrapeTimeout:
                      description: Timeout after which the scrape is ended If not
                        specified, the Prometheus global scrape timeout is used unless
                        it is less than `Interval` in which the latter is used.
                      pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
                      type: string
                    targetPort:
                      anyOf:
                      - type: integer
                      - type: string
                      description: Name or number of the target port of the Pod behind
                        the Service, the port must be specified with container port
                        property. Mutually exclusive with port.
                      x-kubernetes-int-or-string: true
                    tlsConfig:
                      description: TLS configuration to use when scraping the endpoint
                      properties:
                        ca:
                          description: Certificate authority used when verifying server
                            certificates.
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        caFile:
                          description: Path to the CA cert in the Prometheus container
                            to use for the targets.
                          type: string
                        cert:
                          description: Client certificate to present when doing client-authentication.
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        certFile:
                          description: Path to the client cert file in the Prometheus
                            container for the targets.
                          type: string
                        insecureSkipVerify:
                          description: Disable target certificate validation.
                          type: boolean
                        keyFile:
                          description: Path to the client key file in the Prometheus
                            container for the targets.
                          type: string
                        keySecret:
                          description: Secret containing the client key file for the
                            targets.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        serverName:
                          description: Used to verify the hostname for the targets.
                          type: string
                      type: object
                  type: object
                type: array
              jobLabel:
                description: "JobLabel selects the label from the associated Kubernetes
                  service which will be used as the `job` label for all metrics. \n
                  For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo:
                  bar`, then the `job=\"bar\"` label is added to all metrics. \n If
                  the value of this field is empty or if the label doesn't exist for
                  the given Service, the `job` label of the metrics defaults to the
                  name of the Kubernetes Service."
                type: string
              labelLimit:
                description: Per-scrape limit on number of labels that will be accepted
                  for a sample. Only valid in Prometheus versions 2.27.0 and newer.
                format: int64
                type: integer
              labelNameLengthLimit:
                description: Per-scrape limit on length of labels name that will be
                  accepted for a sample. Only valid in Prometheus versions 2.27.0
                  and newer.
                format: int64
                type: integer
              labelValueLengthLimit:
                description: Per-scrape limit on length of labels value that will
                  be accepted for a sample. Only valid in Prometheus versions 2.27.0
                  and newer.
                format: int64
                type: integer
              namespaceSelector:
                description: Selector to select which namespaces the Kubernetes Endpoints
                  objects are discovered from.
                properties:
                  any:
                    description: Boolean describing whether all namespaces are selected
                      in contrast to a list restricting them.
                    type: boolean
                  matchNames:
                    description: List of namespace names to select from.
                    items:
                      type: string
                    type: array
                type: object
              podTargetLabels:
                description: PodTargetLabels transfers labels on the Kubernetes `Pod`
                  onto the created metrics.
                items:
                  type: string
                type: array
              sampleLimit:
                description: SampleLimit defines per-scrape limit on number of scraped
                  samples that will be accepted.
                format: int64
                type: integer
              selector:
                description: Selector to select Endpoints objects.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              targetLabels:
                description: TargetLabels transfers labels from the Kubernetes `Service`
                  onto the created metrics.
                items:
                  type: string
                type: array
              targetLimit:
                description: TargetLimit defines a limit on the number of scraped
                  targets that will be accepted.
                format: int64
                type: integer
            required:
            - endpoints
            - selector
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml
@@ -0,0 +1,500 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.9.2
  creationTimestamp: null
  name: logsinstances.monitoring.grafana.com
 spec:
  group: monitoring.grafana.com
  names:
    categories:
    - agent-operator
    kind: LogsInstance
    listKind: LogsInstanceList
    plural: logsinstances
    singular: logsinstance
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: LogsInstance controls an individual logs instance within a Grafana
          Agent deployment.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: Spec holds the specification of the desired behavior for
              the logs instance.
            properties:
              additionalScrapeConfigs:
                description: "AdditionalScrapeConfigs allows specifying a key of a
                  Secret containing additional Grafana Agent logging scrape configurations.
                  Scrape configurations specified are appended to the configurations
                  generated by the Grafana Agent Operator. \n Job configurations specified
                  must have the form as specified in the official Promtail documentation:
                  \n https://grafana.com/docs/loki/latest/clients/promtail/configuration/#scrape_configs
                  \n As scrape configs are appended, the user is responsible to make
                  sure it is valid. Note that using this feature may expose the possibility
                  to break upgrades of Grafana Agent. It is advised to review both
                  Grafana Agent and Promtail release notes to ensure that no incompatible
                  scrape configs are going to break Grafana Agent after the upgrade."
                properties:
                  key:
                    description: The key of the secret to select from.  Must be a
                      valid secret key.
                    type: string
                  name:
                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                      TODO: Add other useful fields. apiVersion, kind, uid?'
                    type: string
                  optional:
                    description: Specify whether the Secret or its key must be defined
                    type: boolean
                required:
                - key
                type: object
                x-kubernetes-map-type: atomic
              clients:
                description: Clients controls where logs are written to for this instance.
                items:
                  description: LogsClientSpec defines the client integration for logs,
                    indicating which Loki server to send logs to.
                  properties:
                    backoffConfig:
                      description: Configures how to retry requests to Loki when a
                        request fails. Defaults to a minPeriod of 500ms, maxPeriod
                        of 5m, and maxRetries of 10.
                      properties:
                        maxPeriod:
                          description: Maximum backoff time between retries.
                          type: string
                        maxRetries:
                          description: Maximum number of retries to perform before
                            giving up a request.
                          type: integer
                        minPeriod:
                          description: Initial backoff time between retries. Time
                            between retries is increased exponentially.
                          type: string
                      type: object
                    basicAuth:
                      description: BasicAuth for the Loki server.
                      properties:
                        password:
                          description: The secret in the service monitor namespace
                            that contains the password for authentication.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        username:
                          description: The secret in the service monitor namespace
                            that contains the username for authentication.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                      type: object
                    batchSize:
                      description: Maximum batch size (in bytes) of logs to accumulate
                        before sending the batch to Loki.
                      type: integer
                    batchWait:
                      description: Maximum amount of time to wait before sending a
                        batch, even if that batch isn't full.
                      type: string
                    bearerToken:
                      description: BearerToken used for remote_write.
                      type: string
                    bearerTokenFile:
                      description: BearerTokenFile used to read bearer token.
                      type: string
                    externalLabels:
                      additionalProperties:
                        type: string
                      description: ExternalLabels are labels to add to any time series
                        when sending data to Loki.
                      type: object
                    oauth2:
                      description: Oauth2 for URL
                      properties:
                        clientId:
                          description: The secret or configmap containing the OAuth2
                            client id
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        clientSecret:
                          description: The secret containing the OAuth2 client secret
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        endpointParams:
                          additionalProperties:
                            type: string
                          description: Parameters to append to the token URL
                          type: object
                        scopes:
                          description: OAuth2 scopes used for the token request
                          items:
                            type: string
                          type: array
                        tokenUrl:
                          description: The URL to fetch the token from
                          minLength: 1
                          type: string
                      required:
                      - clientId
                      - clientSecret
                      - tokenUrl
                      type: object
                    proxyUrl:
                      description: ProxyURL to proxy requests through. Optional.
                      type: string
                    tenantId:
                      description: Tenant ID used by default to push logs to Loki.
                        If omitted assumes remote Loki is running in single-tenant
                        mode or an authentication layer is used to inject an X-Scope-OrgID
                        header.
                      type: string
                    timeout:
                      description: Maximum time to wait for a server to respond to
                        a request.
                      type: string
                    tlsConfig:
                      description: TLSConfig to use for the client. Only used when
                        the protocol of the URL is https.
                      properties:
                        ca:
                          description: Certificate authority used when verifying server
                            certificates.
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        caFile:
                          description: Path to the CA cert in the Prometheus container
                            to use for the targets.
                          type: string
                        cert:
                          description: Client certificate to present when doing client-authentication.
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        certFile:
                          description: Path to the client cert file in the Prometheus
                            container for the targets.
                          type: string
                        insecureSkipVerify:
                          description: Disable target certificate validation.
                          type: boolean
                        keyFile:
                          description: Path to the client key file in the Prometheus
                            container for the targets.
                          type: string
                        keySecret:
                          description: Secret containing the client key file for the
                            targets.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        serverName:
                          description: Used to verify the hostname for the targets.
                          type: string
                      type: object
                    url:
                      description: 'URL is the URL where Loki is listening. Must be
                        a full HTTP URL, including protocol. Required. Example: https://logs-prod-us-central1.grafana.net/loki/api/v1/push.'
                      type: string
                  required:
                  - url
                  type: object
                type: array
              podLogsNamespaceSelector:
                description: Set of labels to determine which namespaces should be
                  watched for PodLogs. If not provided, checks only namespace of the
                  instance.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              podLogsSelector:
                description: Determines which PodLogs should be selected for including
                  in this instance.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              targetConfig:
                description: Configures how tailed targets are watched.
                properties:
                  syncPeriod:
                    description: Period to resync directories being watched and files
                      being tailed to discover new ones or stop watching removed ones.
                    type: string
                type: object
            type: object
        type: object
    served: true
    storage: true
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml
@@ -0,0 +1,861 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.9.2
  creationTimestamp: null
  name: metricsinstances.monitoring.grafana.com
 spec:
  group: monitoring.grafana.com
  names:
    categories:
    - agent-operator
    kind: MetricsInstance
    listKind: MetricsInstanceList
    plural: metricsinstances
    singular: metricsinstance
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: MetricsInstance controls an individual Metrics instance within
          a Grafana Agent deployment.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: Spec holds the specification of the desired behavior for
              the Metrics instance.
            properties:
              additionalScrapeConfigs:
                description: 'AdditionalScrapeConfigs lets you specify a key of a
                  Secret containing additional Grafana Agent Prometheus scrape configurations.
                  The specified scrape configurations are appended to the configurations
                  generated by Grafana Agent Operator. Specified job configurations
                  must have the form specified in the official Prometheus documentation:
                  https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.
                  As scrape configs are appended, you must make sure the configuration
                  is still valid. Note that it''s possible that this feature will
                  break future upgrades of Grafana Agent. Review both Grafana Agent
                  and Prometheus release notes to ensure that no incompatible scrape
                  configs will break Grafana Agent after the upgrade.'
                properties:
                  key:
                    description: The key of the secret to select from.  Must be a
                      valid secret key.
                    type: string
                  name:
                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                      TODO: Add other useful fields. apiVersion, kind, uid?'
                    type: string
                  optional:
                    description: Specify whether the Secret or its key must be defined
                    type: boolean
                required:
                - key
                type: object
                x-kubernetes-map-type: atomic
              maxWALTime:
                description: MaxWALTime is the maximum amount of time that series
                  and samples can exist in the WAL before being forcibly deleted.
                type: string
              minWALTime:
                description: MinWALTime is the minimum amount of time that series
                  and samples can exist in the WAL before being considered for deletion.
                type: string
              podMonitorNamespaceSelector:
                description: PodMonitorNamespaceSelector are the set of labels to
                  determine which namespaces to watch for PodMonitor discovery. If
                  nil, it only checks its own namespace.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              podMonitorSelector:
                description: PodMonitorSelector determines which PodMonitors to selected
                  for target discovery. Experimental.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              probeNamespaceSelector:
                description: ProbeNamespaceSelector is the set of labels that determines
                  which namespaces to watch for Probe discovery. If nil, it only checks
                  own namespace.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              probeSelector:
                description: ProbeSelector determines which Probes to select for target
                  discovery.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              remoteFlushDeadline:
                description: RemoteFlushDeadline is the deadline for flushing data
                  when an instance shuts down.
                type: string
              remoteWrite:
                description: RemoteWrite controls remote_write settings for this instance.
                items:
                  description: RemoteWriteSpec defines the remote_write configuration
                    for Prometheus.
                  properties:
                    basicAuth:
                      description: BasicAuth for the URL.
                      properties:
                        password:
                          description: The secret in the service monitor namespace
                            that contains the password for authentication.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        username:
                          description: The secret in the service monitor namespace
                            that contains the username for authentication.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                      type: object
                    bearerToken:
                      description: BearerToken used for remote_write.
                      type: string
                    bearerTokenFile:
                      description: BearerTokenFile used to read bearer token.
                      type: string
                    headers:
                      additionalProperties:
                        type: string
                      description: Headers is a set of custom HTTP headers to be sent
                        along with each remote_write request. Be aware that any headers
                        set by Grafana Agent itself can't be overwritten.
                      type: object
                    metadataConfig:
                      description: MetadataConfig configures the sending of series
                        metadata to remote storage.
                      properties:
                        send:
                          description: Send enables metric metadata to be sent to
                            remote storage.
                          type: boolean
                        sendInterval:
                          description: SendInterval controls how frequently metric
                            metadata is sent to remote storage.
                          type: string
                      type: object
                    name:
                      description: Name of the remote_write queue. Must be unique
                        if specified. The name is used in metrics and logging in order
                        to differentiate queues.
                      type: string
                    oauth2:
                      description: Oauth2 for URL
                      properties:
                        clientId:
                          description: The secret or configmap containing the OAuth2
                            client id
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        clientSecret:
                          description: The secret containing the OAuth2 client secret
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        endpointParams:
                          additionalProperties:
                            type: string
                          description: Parameters to append to the token URL
                          type: object
                        scopes:
                          description: OAuth2 scopes used for the token request
                          items:
                            type: string
                          type: array
                        tokenUrl:
                          description: The URL to fetch the token from
                          minLength: 1
                          type: string
                      required:
                      - clientId
                      - clientSecret
                      - tokenUrl
                      type: object
                    proxyUrl:
                      description: ProxyURL to proxy requests through. Optional.
                      type: string
                    queueConfig:
                      description: QueueConfig allows tuning of the remote_write queue
                        parameters.
                      properties:
                        batchSendDeadline:
                          description: BatchSendDeadline is the maximum time a sample
                            will wait in the buffer.
                          type: string
                        capacity:
                          description: Capacity is the number of samples to buffer
                            per shard before samples start being dropped.
                          type: integer
                        maxBackoff:
                          description: MaxBackoff is the maximum retry delay.
                          type: string
                        maxRetries:
                          description: MaxRetries is the maximum number of times to
                            retry a batch on recoverable errors.
                          type: integer
                        maxSamplesPerSend:
                          description: MaxSamplesPerSend is the maximum number of
                            samples per send.
                          type: integer
                        maxShards:
                          description: MaxShards is the maximum number of shards,
                            i.e., the amount of concurrency.
                          type: integer
                        minBackoff:
                          description: MinBackoff is the initial retry delay. MinBackoff
                            is doubled for every retry.
                          type: string
                        minShards:
                          description: MinShards is the minimum number of shards,
                            i.e., the amount of concurrency.
                          type: integer
                        retryOnRateLimit:
                          description: RetryOnRateLimit retries requests when encountering
                            rate limits.
                          type: boolean
                      type: object
                    remoteTimeout:
                      description: RemoteTimeout is the timeout for requests to the
                        remote_write endpoint.
                      type: string
                    sigv4:
                      description: SigV4 configures SigV4-based authentication to
                        the remote_write endpoint. SigV4-based authentication is used
                        if SigV4 is defined, even with an empty object.
                      properties:
                        accessKey:
                          description: AccessKey holds the secret of the AWS API access
                            key to use for signing. If not provided, the environment
                            variable AWS_ACCESS_KEY_ID is used.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        profile:
                          description: Profile is the named AWS profile to use for
                            authentication.
                          type: string
                        region:
                          description: Region of the AWS endpoint. If blank, the region
                            from the default credentials chain is used.
                          type: string
                        roleARN:
                          description: RoleARN is the AWS Role ARN to use for authentication,
                            as an alternative for using the AWS API keys.
                          type: string
                        secretKey:
                          description: SecretKey of the AWS API to use for signing.
                            If blank, the environment variable AWS_SECRET_ACCESS_KEY
                            is used.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                      type: object
                    tlsConfig:
                      description: TLSConfig to use for remote_write.
                      properties:
                        ca:
                          description: Certificate authority used when verifying server
                            certificates.
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        caFile:
                          description: Path to the CA cert in the Prometheus container
                            to use for the targets.
                          type: string
                        cert:
                          description: Client certificate to present when doing client-authentication.
                          properties:
                            configMap:
                              description: ConfigMap containing data to use for the
                                targets.
                              properties:
                                key:
                                  description: The key to select.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
                                    key must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                            secret:
                              description: Secret containing data to use for the targets.
                              properties:
                                key:
                                  description: The key of the secret to select from.  Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
                                    must be defined
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        certFile:
                          description: Path to the client cert file in the Prometheus
                            container for the targets.
                          type: string
                        insecureSkipVerify:
                          description: Disable target certificate validation.
                          type: boolean
                        keyFile:
                          description: Path to the client key file in the Prometheus
                            container for the targets.
                          type: string
                        keySecret:
                          description: Secret containing the client key file for the
                            targets.
                          properties:
                            key:
                              description: The key of the secret to select from.  Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
                                be defined
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        serverName:
                          description: Used to verify the hostname for the targets.
                          type: string
                      type: object
                    url:
                      description: URL of the endpoint to send samples to.
                      type: string
                    writeRelabelConfigs:
                      description: WriteRelabelConfigs holds relabel_configs to relabel
                        samples before they are sent to the remote_write endpoint.
                      items:
                        description: 'RelabelConfig allows dynamic rewriting of the
                          label set, being applied to samples before ingestion. It
                          defines `<metric_relabel_configs>`-section of Prometheus
                          configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
                        properties:
                          action:
                            default: replace
                            description: Action to perform based on regex matching.
                              Default is 'replace'. uppercase and lowercase actions
                              require Prometheus >= 2.36.
                            enum:
                            - replace
                            - Replace
                            - keep
                            - Keep
                            - drop
                            - Drop
                            - hashmod
                            - HashMod
                            - labelmap
                            - LabelMap
                            - labeldrop
                            - LabelDrop
                            - labelkeep
                            - LabelKeep
                            - lowercase
                            - Lowercase
                            - uppercase
                            - Uppercase
                            - keepequal
                            - KeepEqual
                            - dropequal
                            - DropEqual
                            type: string
                          modulus:
                            description: Modulus to take of the hash of the source
                              label values.
                            format: int64
                            type: integer
                          regex:
                            description: Regular expression against which the extracted
                              value is matched. Default is '(.*)'
                            type: string
                          replacement:
                            description: Replacement value against which a regex replace
                              is performed if the regular expression matches. Regex
                              capture groups are available. Default is '$1'
                            type: string
                          separator:
                            description: Separator placed between concatenated source
                              label values. default is ';'.
                            type: string
                          sourceLabels:
                            description: The source labels select values from existing
                              labels. Their content is concatenated using the configured
                              separator and matched against the configured regular
                              expression for the replace, keep, and drop actions.
                            items:
                              description: LabelName is a valid Prometheus label name
                                which may only contain ASCII letters, numbers, as
                                well as underscores.
                              pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
                              type: string
                            type: array
                          targetLabel:
                            description: Label to which the resulting value is written
                              in a replace action. It is mandatory for replace actions.
                              Regex capture groups are available.
                            type: string
                        type: object
                      type: array
                  required:
                  - url
                  type: object
                type: array
              serviceMonitorNamespaceSelector:
                description: ServiceMonitorNamespaceSelector is the set of labels
                  that determine which namespaces to watch for ServiceMonitor discovery.
                  If nil, it only checks its own namespace.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              serviceMonitorSelector:
                description: ServiceMonitorSelector determines which ServiceMonitors
                  to select for target discovery.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              walTruncateFrequency:
                description: WALTruncateFrequency specifies how frequently to run
                  the WAL truncation process. Higher values cause the WAL to increase
                  and for old series to stay in the WAL longer, but reduces the chance
                  of data loss when remote_write fails for longer than the given frequency.
                type: string
              writeStaleOnShutdown:
                description: WriteStaleOnShutdown writes staleness markers on shutdown
                  for all series.
                type: boolean
            type: object
        type: object
    served: true
    storage: true
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml
@@ -0,0 +1,588 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.9.2
  creationTimestamp: null
  name: podlogs.monitoring.grafana.com
 spec:
  group: monitoring.grafana.com
  names:
    categories:
    - agent-operator
    kind: PodLogs
    listKind: PodLogsList
    plural: podlogs
    singular: podlogs
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: PodLogs defines how to collect logs for a pod.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: Spec holds the specification of the desired behavior for
              the PodLogs.
            properties:
              jobLabel:
                description: The label to use to retrieve the job name from.
                type: string
              namespaceSelector:
                description: Selector to select which namespaces the Pod objects are
                  discovered from.
                properties:
                  any:
                    description: Boolean describing whether all namespaces are selected
                      in contrast to a list restricting them.
                    type: boolean
                  matchNames:
                    description: List of namespace names to select from.
                    items:
                      type: string
                    type: array
                type: object
              pipelineStages:
                description: Pipeline stages for this pod. Pipeline stages support
                  transforming and filtering log lines.
                items:
                  description: "PipelineStageSpec defines an individual pipeline stage.
                    Each stage type is mutually exclusive and no more than one may
                    be set per stage. \n More information on pipelines can be found
                    in the Promtail documentation: https://grafana.com/docs/loki/latest/clients/promtail/pipelines/"
                  properties:
                    cri:
                      description: 'CRI is a parsing stage that reads log lines using
                        the standard CRI logging format. Supply cri: {} to enable.'
                      type: object
                    docker:
                      description: 'Docker is a parsing stage that reads log lines
                        using the standard Docker logging format. Supply docker: {}
                        to enable.'
                      type: object
                    drop:
                      description: Drop is a filtering stage that lets you drop certain
                        logs.
                      properties:
                        dropCounterReason:
                          description: Every time a log line is dropped, the metric
                            logentry_dropped_lines_total is incremented. A "reason"
                            label is added, and can be customized by providing a custom
                            value here. Defaults to "drop_stage".
                          type: string
                        expression:
                          description: "RE2 regular expression. \n If source is provided,
                            the regex attempts to match the source. \n If no source
                            is provided, then the regex attempts to attach the log
                            line. \n If the provided regex matches the log line or
                            a provided source, the line is dropped."
                          type: string
                        longerThan:
                          description: LongerThan will drop a log line if it its content
                            is longer than this value (in bytes). Can be expressed
                            as an integer (8192) or a number with a suffix (8kb).
                          type: string
                        olderThan:
                          description: OlderThan will be parsed as a Go duration.
                            If the log line's timestamp is older than the current
                            time minus the provided duration, it will be dropped.
                          type: string
                        source:
                          description: Name from the extract data to parse. If empty,
                            uses the log message.
                          type: string
                        value:
                          description: "Value can only be specified when source is
                            specified. If the value provided is an exact match for
                            the given source then the line will be dropped. \n Mutually
                            exclusive with expression."
                          type: string
                      type: object
                    json:
                      description: "JSON is a parsing stage that reads the log line
                        as JSON and accepts JMESPath expressions to extract data.
                        \n Information on JMESPath: http://jmespath.org/"
                      properties:
                        expressions:
                          additionalProperties:
                            type: string
                          description: "Set of the key/value pairs of JMESPath expressions.
                            The key will be the key in the extracted data while the
                            expression will be the value, evaluated as a JMESPath
                            from the source data. \n Literal JMESPath expressions
                            can be used by wrapping a key in double quotes, which
                            then must be wrapped again in single quotes in YAML so
                            they get passed to the JMESPath parser."
                          type: object
                        source:
                          description: Name from the extracted data to parse as JSON.
                            If empty, uses entire log message.
                          type: string
                      type: object
                    labelAllow:
                      description: LabelAllow is an action stage that only allows
                        the provided labels to be included in the label set that is
                        sent to Loki with the log entry.
                      items:
                        type: string
                      type: array
                    labelDrop:
                      description: LabelDrop is an action stage that drops labels
                        from the label set that is sent to Loki with the log entry.
                      items:
                        type: string
                      type: array
                    labels:
                      additionalProperties:
                        type: string
                      description: "Labels is an action stage that takes data from
                        the extracted map and modifies the label set that is sent
                        to Loki with the log entry. \n The key is REQUIRED and represents
                        the name for the label that will be created. Value is optional
                        and will be the name from extracted data to use for the value
                        of the label. If the value is not provided, it defaults to
                        match the key."
                      type: object
                    limit:
                      description: Limit is a rate-limiting stage that throttles logs
                        based on several options.
                      properties:
                        burst:
                          description: The cap in the quantity of burst lines that
                            Promtail will push to Loki.
                          type: integer
                        drop:
                          description: "When drop is true, log lines that exceed the
                            current rate limit are discarded. When drop is false,
                            log lines that exceed the current rate limit wait to enter
                            the back pressure mode. \n Defaults to false."
                          type: boolean
                        rate:
                          description: The rate limit in lines per second that Promtail
                            will push to Loki.
                          type: integer
                      type: object
                    match:
                      description: Match is a filtering stage that conditionally applies
                        a set of stages or drop entries when a log entry matches a
                        configurable LogQL stream selector and filter expressions.
                      properties:
                        action:
                          description: Determines what action is taken when the selector
                            matches the log line. Can be keep or drop. Defaults to
                            keep. When set to drop, entries are dropped and no later
                            metrics are recorded. Stages must be empty when dropping
                            metrics.
                          type: string
                        dropCounterReason:
                          description: Every time a log line is dropped, the metric
                            logentry_dropped_lines_total is incremented. A "reason"
                            label is added, and can be customized by providing a custom
                            value here. Defaults to "match_stage."
                          type: string
                        pipelineName:
                          description: Names the pipeline. When defined, creates an
                            additional label in the pipeline_duration_seconds histogram,
                            where the value is concatenated with job_name using an
                            underscore.
                          type: string
                        selector:
                          description: LogQL stream selector and filter expressions.
                            Required.
                          type: string
                        stages:
                          description: "Nested set of pipeline stages to execute when
                            action is keep and the log line matches selector. \n An
                            example value for stages may be: \n stages: | - json:
                            {} - labelAllow: [foo, bar] \n Note that stages is a string
                            because SIG API Machinery does not support recursive types,
                            and so it cannot be validated for correctness. Be careful
                            not to mistype anything."
                          type: string
                      required:
                      - selector
                      type: object
                    metrics:
                      additionalProperties:
                        description: MetricsStageSpec is an action stage that allows
                          for defining and updating metrics based on data from the
                          extracted map. Created metrics are not pushed to Loki or
                          Prometheus and are instead exposed via the /metrics endpoint
                          of the Grafana Agent pod. The Grafana Agent Operator should
                          be configured with a MetricsInstance that discovers the
                          logging DaemonSet to collect metrics created by this stage.
                        properties:
                          action:
                            description: "The action to take against the metric. Required.
                              \n Must be either \"inc\" or \"add\" for type: counter
                              or type: histogram. When type: gauge, must be one of
                              \"set\", \"inc\", \"dec\", \"add\", or \"sub\". \n \"add\",
                              \"set\", or \"sub\" requires the extracted value to
                              be convertible to a positive float."
                            type: string
                          buckets:
                            description: 'Buckets to create. Bucket values must be
                              convertible to float64s. Extremely large or small numbers
                              are subject to some loss of precision. Only valid for
                              type: histogram.'
                            items:
                              type: string
                            type: array
                          countEntryBytes:
                            description: "If true all log line bytes are counted.
                              Can only be set with matchAll: true and action: add.
                              \n Only valid for type: counter."
                            type: boolean
                          description:
                            description: Sets the description for the created metric.
                            type: string
                          matchAll:
                            description: "If true, all log lines are counted without
                              attempting to match the source to the extracted map.
                              Mutually exclusive with value. \n Only valid for type:
                              counter."
                            type: boolean
                          maxIdleDuration:
                            description: "Label values on metrics are dynamic which
                              can cause exported metrics to go stale. To prevent unbounded
                              cardinality, any metrics not updated within MaxIdleDuration
                              are removed. \n Must be greater or equal to 1s. Defaults
                              to 5m."
                            type: string
                          prefix:
                            description: Sets the custom prefix name for the metric.
                              Defaults to "promtail_custom_".
                            type: string
                          source:
                            description: Key from the extracted data map to use for
                              the metric. Defaults to the metrics name if not present.
                            type: string
                          type:
                            description: The metric type to create. Must be one of
                              counter, gauge, histogram. Required.
                            type: string
                          value:
                            description: Filters down source data and only changes
                              the metric if the targeted value matches the provided
                              string exactly. If not present, all data matches.
                            type: string
                        required:
                        - action
                        - type
                        type: object
                      description: Metrics is an action stage that supports defining
                        and updating metrics based on data from the extracted map.
                        Created metrics are not pushed to Loki or Prometheus and are
                        instead exposed via the /metrics endpoint of the Grafana Agent
                        pod. The Grafana Agent Operator should be configured with
                        a MetricsInstance that discovers the logging DaemonSet to
                        collect metrics created by this stage.
                      type: object
                    multiline:
                      description: Multiline stage merges multiple lines into a multiline
                        block before passing it on to the next stage in the pipeline.
                      properties:
                        firstLine:
                          description: RE2 regular expression. Creates a new multiline
                            block when matched. Required.
                          type: string
                        maxLines:
                          description: Maximum number of lines a block can have. A
                            new block is started if the number of lines surpasses
                            this value. Defaults to 128.
                          type: integer
                        maxWaitTime:
                          description: Maximum time to wait before passing on the
                            multiline block to the next stage if no new lines are
                            received. Defaults to 3s.
                          type: string
                      required:
                      - firstLine
                      type: object
                    output:
                      description: Output stage is an action stage that takes data
                        from the extracted map and changes the log line that will
                        be sent to Loki.
                      properties:
                        source:
                          description: Name from extract data to use for the log entry.
                            Required.
                          type: string
                      required:
                      - source
                      type: object
                    pack:
                      description: Pack is a transform stage that lets you embed extracted
                        values and labels into the log line by packing the log line
                        and labels inside of a JSON object.
                      properties:
                        ingestTimestamp:
                          description: If the resulting log line should use any existing
                            timestamp or use time.Now() when the line was created.
                            Set to true when combining several log streams from different
                            containers to avoid out of order errors.
                          type: boolean
                        labels:
                          description: Name from extracted data or line labels. Required.
                            Labels provided here are automatically removed from output
                            labels.
                          items:
                            type: string
                          type: array
                      required:
                      - labels
                      type: object
                    regex:
                      description: Regex is a parsing stage that parses a log line
                        using a regular expression.  Named capture groups in the regex
                        allows for adding data into the extracted map.
                      properties:
                        expression:
                          description: RE2 regular expression. Each capture group
                            MUST be named. Required.
                          type: string
                        source:
                          description: Name from extracted data to parse. If empty,
                            defaults to using the log message.
                          type: string
                      required:
                      - expression
                      type: object
                    replace:
                      description: Replace is a parsing stage that parses a log line
                        using a regular expression and replaces the log line. Named
                        capture groups in the regex allows for adding data into the
                        extracted map.
                      properties:
                        expression:
                          description: RE2 regular expression. Each capture group
                            MUST be named. Required.
                          type: string
                        replace:
                          description: Value to replace the captured group with.
                          type: string
                        source:
                          description: Name from extracted data to parse. If empty,
                            defaults to using the log message.
                          type: string
                      required:
                      - expression
                      type: object
                    template:
                      description: Template is a transform stage that manipulates
                        the values in the extracted map using Go's template syntax.
                      properties:
                        source:
                          description: Name from extracted data to parse. Required.
                            If empty, defaults to using the log message.
                          type: string
                        template:
                          description: Go template string to use. Required. In addition
                            to normal template functions, ToLower, ToUpper, Replace,
                            Trim, TrimLeft, TrimRight, TrimPrefix, and TrimSpace are
                            also available.
                          type: string
                      required:
                      - source
                      - template
                      type: object
                    tenant:
                      description: Tenant is an action stage that sets the tenant
                        ID for the log entry picking it from a field in the extracted
                        data map. If the field is missing, the default LogsClientSpec.tenantId
                        will be used.
                      properties:
                        label:
                          description: Name from labels whose value should be set
                            as tenant ID. Mutually exclusive with source and value.
                          type: string
                        source:
                          description: Name from extracted data to use as the tenant
                            ID. Mutually exclusive with label and value.
                          type: string
                        value:
                          description: Value to use for the template ID. Useful when
                            this stage is used within a conditional pipeline such
                            as match. Mutually exclusive with label and source.
                          type: string
                      type: object
                    timestamp:
                      description: Timestamp is an action stage that can change the
                        timestamp of a log line before it is sent to Loki. If not
                        present, the timestamp of a log line defaults to the time
                        when the log line was read.
                      properties:
                        actionOnFailure:
                          description: Action to take when the timestamp can't be
                            extracted or parsed. Can be skip or fudge. Defaults to
                            fudge.
                          type: string
                        fallbackFormats:
                          description: Fallback formats to try if format fails.
                          items:
                            type: string
                          type: array
                        format:
                          description: 'Determines format of the time string. Required.
                            Can be one of: ANSIC, UnixDate, RubyDate, RFC822, RFC822Z,
                            RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Unix,
                            UnixMs, UnixUs, UnixNs.'
                          type: string
                        location:
                          description: IANA Timezone Database string.
                          type: string
                        source:
                          description: Name from extracted data to use as the timestamp.
                            Required.
                          type: string
                      required:
                      - format
                      - source
                      type: object
                  type: object
                type: array
              podTargetLabels:
                description: PodTargetLabels transfers labels on the Kubernetes Pod
                  onto the target.
                items:
                  type: string
                type: array
              relabelings:
                description: "RelabelConfigs to apply to logs before delivering. Grafana
                  Agent Operator automatically adds relabelings for a few standard
                  Kubernetes fields and replaces original scrape job name with __tmp_logs_job_name.
                  \n More info: https://grafana.com/docs/loki/latest/clients/promtail/configuration/#relabel_configs"
                items:
                  description: 'RelabelConfig allows dynamic rewriting of the label
                    set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section
                    of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
                  properties:
                    action:
                      default: replace
                      description: Action to perform based on regex matching. Default
                        is 'replace'. uppercase and lowercase actions require Prometheus
                        >= 2.36.
                      enum:
                      - replace
                      - Replace
                      - keep
                      - Keep
                      - drop
                      - Drop
                      - hashmod
                      - HashMod
                      - labelmap
                      - LabelMap
                      - labeldrop
                      - LabelDrop
                      - labelkeep
                      - LabelKeep
                      - lowercase
                      - Lowercase
                      - uppercase
                      - Uppercase
                      - keepequal
                      - KeepEqual
                      - dropequal
                      - DropEqual
                      type: string
                    modulus:
                      description: Modulus to take of the hash of the source label
                        values.
                      format: int64
                      type: integer
                    regex:
                      description: Regular expression against which the extracted
                        value is matched. Default is '(.*)'
                      type: string
                    replacement:
                      description: Replacement value against which a regex replace
                        is performed if the regular expression matches. Regex capture
                        groups are available. Default is '$1'
                      type: string
                    separator:
                      description: Separator placed between concatenated source label
                        values. default is ';'.
                      type: string
                    sourceLabels:
                      description: The source labels select values from existing labels.
                        Their content is concatenated using the configured separator
                        and matched against the configured regular expression for
                        the replace, keep, and drop actions.
                      items:
                        description: LabelName is a valid Prometheus label name which
                          may only contain ASCII letters, numbers, as well as underscores.
                        pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
                        type: string
                      type: array
                    targetLabel:
                      description: Label to which the resulting value is written in
                        a replace action. It is mandatory for replace actions. Regex
                        capture groups are available.
                      type: string
                  type: object
                type: array
              selector:
                description: Selector to select Pod objects. Required.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
            required:
            - selector
            type: object
        type: object
    served: true
    storage: true
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/_helpers.tpl
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/_helpers.tpl
@@ -0,0 +1,67 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "ga-operator.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}

 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "ga-operator.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}

 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "ga-operator.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}

 {{/*
 Common labels
 */}}
 {{- define "ga-operator.labels" -}}
 {{ include "ga-operator.selectorLabels" . }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/component: operator
 helm.sh/chart: {{ include "ga-operator.chart" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 {{- if .Values.customLabels }}
 {{ toYaml .Values.customLabels }}
 {{- end }}
 {{- end }}

 {{/*
 Selector labels
 */}}
 {{- define "ga-operator.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "ga-operator.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}

 {{/*
 Create the name of the service account to use
 */}}
 {{- define "ga-operator.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "ga-operator.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}

--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/operator-clusterrole.yaml
@@ -0,0 +1,62 @@
 {{- if .Values.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "ga-operator.fullname" . }}
  labels:
 {{ include "ga-operator.labels" . | indent 4 }}
 rules:
 - apiGroups: [monitoring.grafana.com]
  resources:
  - grafanaagents
  - metricsinstances
  - logsinstances
  - podlogs
  - integrations
  verbs: [get, list, watch]
 - apiGroups: [monitoring.grafana.com]
  resources:
  - grafanaagents/finalizers
  - metricsinstances/finalizers
  - logsinstances/finalizers
  - podlogs/finalizers
  - integrations/finalizers
  verbs: [get, list, watch, update]
 - apiGroups: [monitoring.coreos.com]
  resources:
  - podmonitors
  - probes
  - servicemonitors
  verbs: [get, list, watch]
 - apiGroups: [monitoring.coreos.com]
  resources:
  - podmonitors/finalizers
  - probes/finalizers
  - servicemonitors/finalizers
  verbs: [get, list, watch, update]
 - apiGroups: [""]
  resources:
  - namespaces
  - nodes
  verbs: [get, list, watch]
 - apiGroups: [""]
  resources:
  - secrets
  - services
  - configmaps
  - endpoints
  verbs: [get, list, watch, create, update, patch, delete]
 - apiGroups: ["apps"]
  resources:
  - statefulsets
  - daemonsets
  - deployments
  verbs: [get, list, watch, create, update, patch, delete]
 {{- with .Values.rbac.podSecurityPolicyName }}
 - apiGroups: [policy]
  resources:
  - podsecuritypolicies
  verbs:         [use]
  resourceNames: [ {{ . }} ]
 {{- end -}}
 {{- end -}}
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/operator-clusterrolebinding.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/operator-clusterrolebinding.yaml
@@ -0,0 +1,17 @@
 {{- if .Values.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ include "ga-operator.fullname" . }}
  labels:
 {{ include "ga-operator.labels" . | indent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "ga-operator.fullname" . }}
 subjects:
 - kind: ServiceAccount
  name: {{ template "ga-operator.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
 {{- end -}}

--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/operator-deployment.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/operator-deployment.yaml
@@ -0,0 +1,78 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "ga-operator.fullname" . }}
  labels:
 {{ include "ga-operator.labels" . | indent 4 }}
  {{- with .Values.annotations }}
  annotations:
  {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  replicas: 1
  selector:
    matchLabels:
 {{ include "ga-operator.selectorLabels" . | indent 6 }}
  template:
    metadata:
      labels:
 {{ include "ga-operator.selectorLabels" . | indent 8 }}
 {{- with .Values.podLabels }}
 {{- toYaml . | nindent 8 }}
 {{- end }}
 {{- with .Values.podAnnotations }}
      annotations:
 {{ toYaml . | indent 8 }}
 {{- end }}
    spec:
      {{- with .Values.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      serviceAccountName: {{ template "ga-operator.serviceAccountName" . }}
      {{- with .Values.podSecurityContext }}
      securityContext:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
      - name: {{ include "ga-operator.name" . }}
        image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        {{- with .Values.containerSecurityContext }}
        securityContext:
        {{- toYaml . | nindent 10 }}
        {{- end }}
        {{- with .Values.resources }}
        resources:
        {{- toYaml . | nindent 10 }}
        {{- end }}
        {{- if or (and .Values.kubeletService.namespace .Values.kubeletService.serviceName) (.Values.extraArgs) }}
        args:
          {{- if and .Values.kubeletService.namespace .Values.kubeletService.serviceName }}
          - --kubelet-service={{ .Values.kubeletService.namespace }}/{{ .Values.kubeletService.serviceName }}
          {{- end }}
          {{- if .Values.extraArgs  }}
          {{- range .Values.extraArgs  }}
          - {{ . }}
          {{- end }}
          {{- end }}
        {{- end }}
      {{- with .Values.image.pullSecrets }}
      imagePullSecrets:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.hostAliases }}
      hostAliases:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
      {{- toYaml . | nindent 8 }}
      {{- end }}
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml
@@ -0,0 +1,10 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "ga-operator.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
 {{ include "ga-operator.labels" . | indent 4 }}
 {{- end -}}

--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/tests/test-grafanaagent.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/templates/tests/test-grafanaagent.yaml
@@ -0,0 +1,118 @@
 apiVersion: monitoring.grafana.com/v1alpha1
 kind: GrafanaAgent
 metadata:
  name: grafana-agent-test
  labels:
    app: grafana-agent-test
  annotations:
    "helm.sh/hook": test
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
 spec:
  image: "{{ .Values.image.registry }}/grafana/agent:{{ .Values.image.tag }}"
  logLevel: info
  serviceAccountName: grafana-agent-test-sa
  metrics:
    instanceSelector:
      matchLabels:
        agent: grafana-agent-test

 ---

 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: grafana-agent-test-sa
  annotations:
    "helm.sh/hook": test
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed

 ---

 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: grafana-agent-test-cr
  annotations:
    "helm.sh/hook": test
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
 rules:
 - apiGroups:
  - ""
  resources:
  - nodes
  - nodes/proxy
  - nodes/metrics
  - services
  - endpoints
  - pods
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
 - nonResourceURLs:
  - /metrics
  - /metrics/cadvisor
  verbs:
  - get

 ---

 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: grafana-agent-test-crb
  annotations:
    "helm.sh/hook": test
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: grafana-agent-test-cr
 subjects:
 - kind: ServiceAccount
  name: grafana-agent-test-sa
  namespace: {{ .Release.Namespace }}

 ---

 apiVersion: monitoring.grafana.com/v1alpha1
 kind: MetricsInstance
 metadata:
  name: primary-test
  annotations:
    "helm.sh/hook": test
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
  labels:
    agent: grafana-agent-test
 spec: {}

 ---

 apiVersion: v1
 kind: Pod
 metadata:
  name: grafana-agent-test-probe
  annotations:
    "helm.sh/hook": test
    "helm.sh/hook-weight": "1"
    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
 spec:
  containers:
  - name: busybox
    image: busybox
    command: ['wget']
    args:  ['grafana-agent-test-operated:8080/-/healthy']
  # Wait for GrafanaAgent CR
  initContainers:
  - name: sleep
    image: busybox
    command: ['sleep', '60']
  restartPolicy: Never
--- a/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/values.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/grafana-agent-operator/values.yaml
@@ -0,0 +1,71 @@
 # -- Overrides the chart's name
 nameOverride: ""

 # -- Overrides the chart's computed fullname
 fullnameOverride: ""

 # -- Annotations for the Deployment
 annotations: {}

 # -- Annotations for the Deployment Pods
 podAnnotations: {}

 # -- Annotations for the Deployment Pods
 podLabels: {}

 # -- Pod security context (runAsUser, etc.)
 podSecurityContext: {}

 # -- Container security context (allowPrivilegeEscalation, etc.)
 containerSecurityContext: {}

 rbac:
  # -- Toggle to create ClusterRole and ClusterRoleBinding
  create: true
  # -- Name of a PodSecurityPolicy to use in the ClusterRole. If unset, no PodSecurityPolicy is used.
  podSecurityPolicyName: ''

 serviceAccount:
  # -- Toggle to create ServiceAccount
  create: true
  # -- Service account name
  name:

 image:
  # -- Image registry
  registry: docker.io
  # -- Image repo
  repository: grafana/agent-operator
  # -- Image tag
  tag: v0.39.1
  # -- Image pull policy
  pullPolicy: IfNotPresent
  # -- Image pull secrets
  pullSecrets: []

 # -- hostAliases to add
 hostAliases: []
 #  - ip: 1.2.3.4
 #    hostnames:
 #      - domain.tld

 # -- If both are set, Agent Operator will create and maintain a service for scraping kubelets
 # https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets
 kubeletService:
  namespace: default
  serviceName: kubelet

 # -- List of additional cli arguments to configure agent-operator (example: `--log.level`)
 extraArgs: []

 # -- Resource limits and requests config
 resources: {}

 # -- nodeSelector configuration
 nodeSelector: {}

 # -- Tolerations applied to Pods
 tolerations: []

 # -- Pod affinity configuration
 affinity: {}
--- a/部署-arm/loki-log/loki/loki/charts/minio/.helmignore
+++ b/部署-arm/loki-log/loki/loki/charts/minio/.helmignore
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 # OWNERS file for Kubernetes
 OWNERS
--- a/部署-arm/loki-log/loki/loki/charts/minio/Chart.yaml
+++ b/部署-arm/loki-log/loki/loki/charts/minio/Chart.yaml
@@ -0,0 +1,18 @@
 apiVersion: v1
 appVersion: RELEASE.2022-09-17T00-09-45Z
 description: Multi-Cloud Object Storage
 home: https://min.io
 icon: https://min.io/resources/img/logo/MINIO_wordmark.png
 keywords:
 - minio
 - storage
 - object-storage
 - s3
 - cluster
 maintainers:
 - email: dev@minio.io
  name: MinIO, Inc
 name: minio
 sources:
 - https://github.com/minio/minio
 version: 4.0.15
--- a/部署-arm/loki-log/loki/loki/charts/minio/README.md
+++ b/部署-arm/loki-log/loki/loki/charts/minio/README.md
@@ -0,0 +1,236 @@
 # MinIO Helm Chart

 [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![license](https://img.shields.io/badge/license-AGPL%20V3-blue)](https://github.com/minio/minio/blob/master/LICENSE)

 MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads.

 For more detailed documentation please visit [here](https://docs.minio.io/)

 ## Introduction

 This chart bootstraps MinIO Cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager.

 ## Prerequisites

 - Helm cli with Kubernetes cluster configured.
 - PV provisioner support in the underlying infrastructure. (We recommend using <https://github.com/minio/direct-csi>)
 - Use Kubernetes version v1.19 and later for best experience.

 ## Configure MinIO Helm repo

 ```bash
 helm repo add minio https://charts.min.io/
 ```

 ### Installing the Chart

 Install this chart using:

 ```bash
 helm install --namespace minio --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio
 ```

 The command deploys MinIO on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.

 ### Upgrading the Chart

 You can use Helm to update MinIO version in a live release. Assuming your release is named as `my-release`, get the values using the command:

 ```bash
 helm get values my-release > old_values.yaml
 ```

 Then change the field `image.tag` in `old_values.yaml` file with MinIO image tag you want to use. Now update the chart using

 ```bash
 helm upgrade -f old_values.yaml my-release minio/minio
 ```

 Default upgrade strategies are specified in the `values.yaml` file. Update these fields if you'd like to use a different strategy.

 ### Configuration

 Refer the [Values file](./values.yaml) for all the possible config fields.

 You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

 ```bash
 helm install --name my-release --set persistence.size=1Ti minio/minio
 ```

 The above command deploys MinIO server with a 1Ti backing persistent volume.

 Alternately, you can provide a YAML file that specifies parameter values while installing the chart. For example,

 ```bash
 helm install --name my-release -f values.yaml minio/minio
 ```

 ### Persistence

 This chart provisions a PersistentVolumeClaim and mounts corresponding persistent volume to default location `/export`. You'll need physical storage available in the Kubernetes cluster for this to work. If you'd rather use `emptyDir`, disable PersistentVolumeClaim by:

 ```bash
 helm install --set persistence.enabled=false minio/minio
 ```

 > *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."*

 ### Existing PersistentVolumeClaim

 If a Persistent Volume Claim already exists, specify it during installation.

 1. Create the PersistentVolume
 2. Create the PersistentVolumeClaim
 3. Install the chart

 ```bash
 helm install --set persistence.existingClaim=PVC_NAME minio/minio
 ```

 ### NetworkPolicy

 To enable network policy for MinIO,
 install [a networking plugin that implements the Kubernetes
 NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin),
 and set `networkPolicy.enabled` to `true`.

 For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting
 the DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace:

 ```
 kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
 ```

 With NetworkPolicy enabled, traffic will be limited to just port 9000.

 For more precise policy, set `networkPolicy.allowExternal=true`. This will
 only allow pods with the generated client label to connect to MinIO.
 This label will be displayed in the output of a successful install.

 ### Existing secret

 Instead of having this chart create the secret for you, you can supply a preexisting secret, much
 like an existing PersistentVolumeClaim.

 First, create the secret:

 ```bash
 kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux
 ```

 Then install the chart, specifying that you want to use an existing secret:

 ```bash
 helm install --set existingSecret=my-minio-secret minio/minio
 ```

 The following fields are expected in the secret:

 | .data.\<key\> in Secret | Corresponding variable | Description    | Required |
 |:------------------------|:-----------------------|:---------------|:---------|
 | `rootUser`              | `rootUser`             | Root user.     | yes      |
 | `rootPassword`          | `rootPassword`         | Root password. | yes      |

 All corresponding variables will be ignored in values file.

 ### Configure TLS

 To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using

 ```bash
 kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt
 ```

 Then install the chart, specifying that you want to use the TLS secret:

 ```bash
 helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio
 ```

 ### Installing certificates from third party CAs

 MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted.

 For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`:

 ```
 kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt
 ```

 If TLS is not enabled, you would need only the third party CA:

 ```
 kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt
 ```

 The name of the generated secret can then be passed to Helm using a values file or the `--set` parameter:

 ```
 trustedCertsSecret: "minio-trusted-certs"

 or

 --set trustedCertsSecret=minio-trusted-certs
 ```

 ### Create buckets after install

 Install the chart, specifying the buckets you want to create after install:

 ```bash
 helm install --set buckets[0].name=bucket1,buckets[0].policy=none,buckets[0].purge=false minio/minio
 ```

 Description of the configuration parameters used above -

 - `buckets[].name` - name of the bucket to create, must be a string with length > 0
 - `buckets[].policy` - can be one of none|download|upload|public
 - `buckets[].purge` - purge if bucket exists already

 ### Create policies after install

 Install the chart, specifying the policies you want to create after install:

 ```bash
 helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio
 ```

 Description of the configuration parameters used above -

 - `policies[].name` - name of the policy to create, must be a string with length > 0
 - `policies[].statements[]` - list of statements, includes actions and resources
 - `policies[].statements[].resources[]` - list of resources that applies the statement
 - `policies[].statements[].actions[]` - list of actions granted

 ### Create user after install

 Install the chart, specifying the users you want to create after install:

 ```bash
 helm install --set users[0].accessKey=accessKey,users[0].secretKey=secretKey,users[0].policy=none,users[1].accessKey=accessKey2,users[1].secretRef=existingSecret,users[1].secretKey=password,users[1].policy=none minio/minio
 ```

 Description of the configuration parameters used above -

 - `users[].accessKey` - accessKey of user
 - `users[].secretKey` - secretKey of usersecretRef
 - `users[].existingSecret` - secret name that contains the secretKey of user
 - `users[].existingSecretKey` - data key in existingSecret secret containing the secretKey
 - `users[].policy` - name of the policy to assign to user

 ## Uninstalling the Chart

 Assuming your release is named as `my-release`, delete it using the command:

 ```bash
 helm delete my-release
 ```

 or

 ```bash
 helm uninstall my-release
 ```

 The command removes all the Kubernetes components associated with the chart and deletes the release.
--- a/部署-arm/loki-log/loki/loki/charts/minio/templates/NOTES.txt
+++ b/部署-arm/loki-log/loki/loki/charts/minio/templates/NOTES.txt
@@ -0,0 +1,43 @@
 {{- if eq .Values.service.type "ClusterIP" "NodePort" }}
 MinIO can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
 {{ template "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local

 To access MinIO from localhost, run the below commands:

  1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")

  2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }}

 Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/

 You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client:

  1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide

  2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }}

  3. mc ls {{ template "minio.fullname" . }}-local

 {{- end }}
 {{- if eq .Values.service.type "LoadBalancer" }}
 MinIO can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by:
 kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }}

 Note that the public IP may take a couple of minutes to be available.

 You can now access MinIO server on http://<External-IP>:9000. Follow the below steps to connect to MinIO server with mc client:

  1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide

  2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret {{ template "minio.secretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@<External-IP>:{{ .Values.service.port }}

  3. mc ls {{ template "minio.fullname" . }}

 Alternately, you can use your browser or the MinIO SDK to access the server - https://docs.minio.io/categories/17
 {{- end }}

 {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
 Note: Since NetworkPolicy is enabled, only pods with label
 {{ template "minio.fullname" . }}-client=true"
 will be able to connect to this minio cluster.
 {{- end }}
--- a/部署-arm/loki-log/loki/loki/charts/minio/templates/_helper_create_bucket.txt
+++ b/部署-arm/loki-log/loki/loki/charts/minio/templates/_helper_create_bucket.txt
@@ -0,0 +1,123 @@
 #!/bin/sh
 set -e ; # Have script exit in the event of a failed command.

 {{- if .Values.configPathmc }}
 MC_CONFIG_DIR="{{ .Values.configPathmc }}"
 MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
 {{- else }}
 MC="/usr/bin/mc --insecure"
 {{- end }}

 # connectToMinio
 # Use a check-sleep-check loop to wait for MinIO service to be available
 connectToMinio() {
  SCHEME=$1
  ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
  set -e ; # fail if we can't read the keys.
  ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
  set +e ; # The connections to minio are allowed to fail.
  echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
  MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
  $MC_COMMAND ;
  STATUS=$? ;
  until [ $STATUS = 0 ]
  do
    ATTEMPTS=`expr $ATTEMPTS + 1` ;
    echo \"Failed attempts: $ATTEMPTS\" ;
    if [ $ATTEMPTS -gt $LIMIT ]; then
      exit 1 ;
    fi ;
    sleep 2 ; # 1 second intervals between attempts
    $MC_COMMAND ;
    STATUS=$? ;
  done ;
  set -e ; # reset `e` as active
  return 0
 }

 # checkBucketExists ($bucket)
 # Check if the bucket exists, by using the exit code of `mc ls`
 checkBucketExists() {
  BUCKET=$1
  CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1)
  return $?
 }

 # createBucket ($bucket, $policy, $purge)
 # Ensure bucket exists, purging if asked to
 createBucket() {
  BUCKET=$1
  POLICY=$2
  PURGE=$3
  VERSIONING=$4
  OBJECTLOCKING=$5

  # Purge the bucket, if set & exists
  # Since PURGE is user input, check explicitly for `true`
  if [ $PURGE = true ]; then
    if checkBucketExists $BUCKET ; then
      echo "Purging bucket '$BUCKET'."
      set +e ; # don't exit if this fails
      ${MC} rm -r --force myminio/$BUCKET
      set -e ; # reset `e` as active
    else
      echo "Bucket '$BUCKET' does not exist, skipping purge."
    fi
  fi

 # Create the bucket if it does not exist and set objectlocking if enabled (NOTE: versioning will be not changed if OBJECTLOCKING is set because it enables versioning to the Buckets created)
 if ! checkBucketExists $BUCKET ; then
    if [ ! -z $OBJECTLOCKING ] ; then
      if [ $OBJECTLOCKING = true ] ; then
          echo "Creating bucket with OBJECTLOCKING '$BUCKET'"
          ${MC} mb --with-lock myminio/$BUCKET
      elif [ $OBJECTLOCKING = false ] ; then
            echo "Creating bucket '$BUCKET'"
            ${MC} mb myminio/$BUCKET
      fi
  elif [ -z $OBJECTLOCKING ] ; then
        echo "Creating bucket '$BUCKET'"
        ${MC} mb myminio/$BUCKET
  else
    echo "Bucket '$BUCKET' already exists."  
  fi
  fi


  # set versioning for bucket if objectlocking is disabled or not set
  if [ -z $OBJECTLOCKING ] ; then
  if [ ! -z $VERSIONING ] ; then
    if [ $VERSIONING = true ] ; then
        echo "Enabling versioning for '$BUCKET'"
        ${MC} version enable myminio/$BUCKET
    elif [ $VERSIONING = false ] ; then
        echo "Suspending versioning for '$BUCKET'"
        ${MC} version suspend myminio/$BUCKET
    fi
    fi
  else
      echo "Bucket '$BUCKET' versioning unchanged."
  fi


  # At this point, the bucket should exist, skip checking for existence
  # Set policy on the bucket
  echo "Setting policy of bucket '$BUCKET' to '$POLICY'."
  ${MC} policy set $POLICY myminio/$BUCKET
 }

 # Try connecting to MinIO instance
 {{- if .Values.tls.enabled }}
 scheme=https
 {{- else }}
 scheme=http
 {{- end }}
 connectToMinio $scheme

 {{ if .Values.buckets }}
 {{ $global := . }}
 # Create the buckets
 {{- range .Values.buckets }}
 createBucket {{ tpl .name $global }} {{ .policy }} {{ .purge }} {{ .versioning }} {{ .objectlocking }}
 {{- end }}
 {{- end }}
--- a/部署-arm/loki-log/loki/loki/charts/minio/templates/_helper_create_policy.txt
+++ b/部署-arm/loki-log/loki/loki/charts/minio/templates/_helper_create_policy.txt
@@ -0,0 +1,75 @@
 #!/bin/sh
 set -e ; # Have script exit in the event of a failed command.

 {{- if .Values.configPathmc }}
 MC_CONFIG_DIR="{{ .Values.configPathmc }}"
 MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
 {{- else }}
 MC="/usr/bin/mc --insecure"
 {{- end }}

 # connectToMinio
 # Use a check-sleep-check loop to wait for MinIO service to be available
 connectToMinio() {
  SCHEME=$1
  ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
  set -e ; # fail if we can't read the keys.
  ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
  set +e ; # The connections to minio are allowed to fail.
  echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
  MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
  $MC_COMMAND ;
  STATUS=$? ;
  until [ $STATUS = 0 ]
  do
    ATTEMPTS=`expr $ATTEMPTS + 1` ;
    echo \"Failed attempts: $ATTEMPTS\" ;
    if [ $ATTEMPTS -gt $LIMIT ]; then
      exit 1 ;
    fi ;
    sleep 2 ; # 1 second intervals between attempts
    $MC_COMMAND ;
    STATUS=$? ;
  done ;
  set -e ; # reset `e` as active
  return 0
 }

 # checkPolicyExists ($policy)
 # Check if the policy exists, by using the exit code of `mc admin policy info`
 checkPolicyExists() {
  POLICY=$1
  CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1)
  return $?
 }

 # createPolicy($name, $filename)
 createPolicy () {
  NAME=$1
  FILENAME=$2

  # Create the name if it does not exist
  echo "Checking policy: $NAME (in /config/$FILENAME.json)"
  if ! checkPolicyExists $NAME ; then
    echo "Creating policy '$NAME'"
  else
    echo "Policy '$NAME' already exists."
  fi
  ${MC} admin policy add myminio $NAME /config/$FILENAME.json

 }

 # Try connecting to MinIO instance
 {{- if .Values.tls.enabled }}
 scheme=https
 {{- else }}
 scheme=http
 {{- end }}
 connectToMinio $scheme

 {{ if .Values.policies }}
 # Create the policies
 {{- range $idx, $policy := .Values.policies }}
 createPolicy {{ $policy.name }} policy_{{ $idx }}
 {{- end }}
 {{- end }}
--- a/部署-arm/loki-log/loki/loki/charts/minio/templates/_helper_create_user.txt
+++ b/部署-arm/loki-log/loki/loki/charts/minio/templates/_helper_create_user.txt
@@ -0,0 +1,105 @@
 #!/bin/sh
 set -e ; # Have script exit in the event of a failed command.

 {{- if .Values.configPathmc }}
 MC_CONFIG_DIR="{{ .Values.configPathmc }}"
 MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
 {{- else }}
 MC="/usr/bin/mc --insecure"
 {{- end }}

 # AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters.
 # Special characters for example : ',",<,>,{,}
 MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_tmp"

 # connectToMinio
 # Use a check-sleep-check loop to wait for MinIO service to be available
 connectToMinio() {
  SCHEME=$1
  ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
  set -e ; # fail if we can't read the keys.
  ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
  set +e ; # The connections to minio are allowed to fail.
  echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
  MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
  $MC_COMMAND ;
  STATUS=$? ;
  until [ $STATUS = 0 ]
  do
    ATTEMPTS=`expr $ATTEMPTS + 1` ;
    echo \"Failed attempts: $ATTEMPTS\" ;
    if [ $ATTEMPTS -gt $LIMIT ]; then
      exit 1 ;
    fi ;
    sleep 2 ; # 1 second intervals between attempts
    $MC_COMMAND ;
    STATUS=$? ;
  done ;
  set -e ; # reset `e` as active
  return 0
 }

 # checkUserExists ()
 # Check if the user exists, by using the exit code of `mc admin user info`
 checkUserExists() {
  CMD=$(${MC} admin user info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1)
  return $?
 }

 # createUser ($policy)
 createUser() {
  POLICY=$1
  #check accessKey_and_secretKey_tmp file
  if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then
    echo "credentials file does not exist"
    return 1
  fi
  if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then
    echo "credentials file is invalid"
    rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP
    return 1
  fi
  USER=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP)
  # Create the user if it does not exist
  if ! checkUserExists ; then
    echo "Creating user '$USER'"
    cat $MINIO_ACCESSKEY_SECRETKEY_TMP | ${MC} admin user add myminio
  else
    echo "User '$USER' already exists."
  fi
  #clean up credentials files.
  rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP

  # set policy for user
  if [ ! -z $POLICY -a $POLICY != " " ] ; then
      echo "Adding policy '$POLICY' for '$USER'"
      ${MC} admin policy set myminio $POLICY user=$USER
  else
      echo "User '$USER' has no policy attached."
  fi
 }

 # Try connecting to MinIO instance
 {{- if .Values.tls.enabled }}
 scheme=https
 {{- else }}
 scheme=http
 {{- end }}
 connectToMinio $scheme

 {{ if .Values.users }}
 {{ $global := . }}
 # Create the users
 {{- range .Values.users }}
 echo {{ tpl .accessKey $global }} > $MINIO_ACCESSKEY_SECRETKEY_TMP
 {{- if .existingSecret }}
 cat /config/secrets/{{ tpl .existingSecretKey $global }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP
 # Add a new line if it doesn't exist
 sed -i '$a\' $MINIO_ACCESSKEY_SECRETKEY_TMP
 createUser {{ .policy }}
 {{ else }}
 echo {{ .secretKey }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP
 createUser {{ .policy }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/部署-arm/loki-log/loki/loki/charts/minio/templates/_helper_custom_command.txt
+++ b/部署-arm/loki-log/loki/loki/charts/minio/templates/_helper_custom_command.txt
@@ -0,0 +1,58 @@
 #!/bin/sh
 set -e ; # Have script exit in the event of a failed command.

 {{- if .Values.configPathmc }}
 MC_CONFIG_DIR="{{ .Values.configPathmc }}"
 MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
 {{- else }}
 MC="/usr/bin/mc --insecure"
 {{- end }}

 # connectToMinio
 # Use a check-sleep-check loop to wait for MinIO service to be available
 connectToMinio() {
  SCHEME=$1
  ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
  set -e ; # fail if we can't read the keys.
  ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
  set +e ; # The connections to minio are allowed to fail.
  echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
  MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
  $MC_COMMAND ;
  STATUS=$? ;
  until [ $STATUS = 0 ]
  do
    ATTEMPTS=`expr $ATTEMPTS + 1` ;
    echo \"Failed attempts: $ATTEMPTS\" ;
    if [ $ATTEMPTS -gt $LIMIT ]; then
      exit 1 ;
    fi ;
    sleep 2 ; # 1 second intervals between attempts
    $MC_COMMAND ;
    STATUS=$? ;
  done ;
  set -e ; # reset `e` as active
  return 0
 }

 # runCommand ($@)
 # Run custom mc command
 runCommand() {
  ${MC} "$@"
  return $?
 }

 # Try connecting to MinIO instance
 {{- if .Values.tls.enabled }}
 scheme=https
 {{- else }}
 scheme=http
 {{- end }}
 connectToMinio $scheme

 {{ if .Values.customCommands }}
 # Run custom commands
 {{- range .Values.customCommands }}
 runCommand {{ .command }}
 {{- end }}
 {{- end }}
--- a/部署-arm/loki-log/loki/loki/charts/minio/templates/_helper_policy.tpl
+++ b/部署-arm/loki-log/loki/loki/charts/minio/templates/_helper_policy.tpl
@@ -0,0 +1,28 @@
 {{- $statements_length := len .statements -}}
 {{- $statements_length := sub $statements_length 1 -}}
 {
  "Version": "2012-10-17",
  "Statement": [
 {{- range $i, $statement := .statements }}
    {
      "Effect": "Allow",
      "Action": [
 "{{ $statement.actions | join "\",\n\"" }}"
      ]{{ if $statement.resources }},
      "Resource": [
 "{{ $statement.resources | join "\",\n\"" }}"
      ]{{ end }}
 {{- if $statement.conditions }}
 {{- $condition_len := len $statement.conditions }}
 {{- $condition_len := sub $condition_len 1 }}
      ,
      "Condition": {
 {{- range $k,$v := $statement.conditions }}
 {{- range $operator,$object := $v }}
        "{{ $operator }}": { {{ $object }} }{{- if lt $k $condition_len }},{{- end }}
 {{- end }}{{- end }}
      }{{- end }} 
    }{{ if lt $i $statements_length }},{{end }}
 {{- end }}
  ]
 }
Author	SHA1	Message	Date
chenzhihang	19dc4a5e4b	arm部署文档和文件	1 year ago
cp3hnu	8232e7daf1	Merge pull request '合并arm-build-zw' (#144 ) from arm-build-zw into arm-build	1 year ago
cp3hnu	8a1373053d	feat: 登出时退出火石平台	1 year ago
chenzhihang	a001aaa5b5	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
chenzhihang	c333d35c7b	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
cp3hnu	4e13e1a036	Merge pull request '合并arm-build-zw' (#143 ) from arm-build-zw into arm-build	1 year ago
cp3hnu	1531667dfc	feat: 传递username	1 year ago
chenzhihang	50e72cab97	开发环境部署减少资源占用	1 year ago
chenzhihang	ea09bb2e8e	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
cp3hnu	c235dcb350	Merge pull request '合并arm-build-zw' (#142 ) from arm-build-zw into arm-build	1 year ago
cp3hnu	ca5d206c85	feat: 火石平台调试	1 year ago
chenzhihang	cb0ecc5275	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
chenzhihang	2a3c162f56	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
chenzhihang	9c24f34d0c	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
chenzhihang	585b640936	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
chenzhihang	5b5577714a	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
chenzhihang	1c8e08957c	Merge remote-tracking branch 'origin/dev' into arm-build # Conflicts: # k8s/deploy.sh	1 year ago
chenzhihang	78570f77eb	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
chenzhihang	6b882539da	修改配置	1 year ago
chenzhihang	87b5c8894a	取消亲和性反亲和性	1 year ago
liuhuazhong	f3b9b75c19	Merge branch 'dev-lhz' into arm-build	1 year ago
chenzhihang	4611f67511	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
chenzhihang	0e69f323d9	tensorboard部署取消代理	1 year ago
chenzhihang	301b17fe03	k8s使用fromCluster访问方式	1 year ago
chenzhihang	0dd7163338	k8s还原token访问方式	1 year ago
chenzhihang	e9971d544c	修改docker容器部署测试	1 year ago
chenzhihang	428a37bd92	修改docker容器部署测试	1 year ago
chenzhihang	84a42a749f	Merge remote-tracking branch 'origin/dev' into arm-build	1 year ago
chenzhihang	1c50aff69d	修改部署根路径	1 year ago
chenzhihang	d3d883abe7	Merge remote-tracking branch 'origin/dev' into arm-build # Conflicts: # k8s/build_and_deploy.sh	1 year ago
chenzhihang	22df29cf5b	修改docker容器部署	1 year ago
chenzhihang	6fe504f47e	arm环境中文乱码测试	1 year ago
chenzhihang	5d424eda38	arm环境中文乱码测试	1 year ago
chenzhihang	aad13ca869	arm环境中文乱码测试	1 year ago
chenzhihang	f96d2ccdb8	修改部署文件部署华为云	1 year ago
chenzhihang	65be70ff73	修改部署文件部署华为云	1 year ago
chenzhihang	3929cb8357	修改部署文件部署华为云	1 year ago
chenzhihang	9856508700	redis添加密码	1 year ago
chenzhihang	3732c2f022	修改部署文件部署华为云	1 year ago
chenzhihang	d4a5b6e942	修改部署文件部署华为云	1 year ago
chenzhihang	8f2add0820	修改部署文件部署华为云	1 year ago
chenzhihang	9b8d3a9221	修改部署文件部署华为云	1 year ago
chenzhihang	6a8da646b8	修改部署文件部署华为云	1 year ago
chenzhihang	2543eca2a6	修改部署文件部署华为云	1 year ago