Code Review / institute / deploy-authx-service.git / blob
? search:


44f140e26c9c9a815c119478d3231850c29170ce
[institute/deploy-authx-service.git] /
1 # personal-security-center-zuul.yaml
2
3 ---
4 apiVersion: v1
5 kind: ConfigMap
6 metadata:
7   namespace: personal-security-center
8   name: personal-security-center-zuul-env
9 data:
10   SERVER_PORT: "8080"
11   SSL_ENABLED: "false"
12   #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
13   #SSL_KEYSTORE_PASSWORD: ""
14   #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
15   #SSL_TRUSTSTORE_PASSWORD: ""
16
17   SERVER_MAXHTTPHEADERSIZE: "10240"
18
19   SERVER_TOMCAT_ACCEPT_COUNT: "5000"
20   SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
21   SERVER_TOMCAT_MAX_THREADS: "800"
22   SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
23
24   LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER: INFO
25
26
27   SPRING_SERVLET_MULTIPART_MAX_FILE_SIZE: 10Mb
28   # SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE: 10Mb
29
30   SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
31   SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
32   SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
33
34
35   ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000"
36   ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000"
37
38   ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000"
39
40
41   ZUUL_ROUTES_PERSONAL_ME_URL: http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1/me
42   ZUUL_ROUTES_PERSONAL_BFF_URL: http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1
43
44   ZUUL_ROUTES_USER_BIZ_URL: http://user-data-service-biz-svc.user-data-service.svc.cluster.local:8080/api/v1/user/biz
45
46   # 修改为学校的 portal 的访问域名
47   ZUUL_ROUTES_PORTAL_URL: http://portal.paas.xxx.edu.cn/portal-web/api
48
49
50   INFRAS_SECURITY_BASIC_ENABLED: "false"
51   
52   INFRAS_SECURITY_JWT_ENABLED: "true"
53   #INFRAS_SECURITY_JWT_KEY_ALIAS: "supwisdom-jwt-key"
54   #INFRAS_SECURITY_JWT_KEY_PASSWORD: "changeit"
55   #INFRAS_SECURITY_JWT_KEY_STORE: "file:/certs/jwt/jwt.keystore"
56   #INFRAS_SECURITY_JWT_KEY_STORE_PASSWORD: "changeit"
57
58   INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas
59   #INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: ""
60   INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey"
61
62
63   INFRAS_SECURITY_CAS_ENABLED: "true"
64   # 修改为学校的 personal-security-center 的访问域名
65   APP_SERVER_HOST_URL: "http://personal-security-center.paas.xxx.edu.cn"
66   #APP_LOGIN_URL: "/cas/login"
67   #APP_LOGOUT_URL: "/cas/logout"
68   # 修改为学校的 cas 的访问域名
69   CAS_SERVER_HOST_URL: "http://cas.paas.xxx.edu.cn/cas"
70
71
72   # 后端API服务,域名访问时,默认跳转地址
73   # 修改为学校的 security-center 安全中心的访问域名
74   APPLICATION_INDEX_REDIRECT_URI: "http://security-center.paas.xxx.edu.cn"
75
76
77   ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
78   #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: ""
79   #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
80   #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
81
82
83   USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
84   USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
85   #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
86   #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
87   #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
88   #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
89   #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
90
91   USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
92   USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
93   #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
94   #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
95   #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
96   #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
97   #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
98
99 ---
100 apiVersion: v1
101 kind: Secret
102 metadata:
103   namespace: personal-security-center
104   name: personal-security-center-zuul-env-secret
105 type: Opaque
106 data:
107   # 参考 certs/jwt/readme.md 生成公私钥pem,替换相关配置
108   INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDeW9BNzhMbTlHT3NlS1pPL1lZenlWWUJ6cQpaREVzdWlXNVFleXJDL2JFWFZrT2lKc0RnNFRjc2o5Vnp5dGp2MEFZVmxEcmkxdlExaWZhSG9HN0Z1dE40cTVICllxbGZDSzdvOXpNRWo2cU40NFIydUtjR3BCQnd0WlNCZGxWc2tLZ2NOWGlvU3RTRjZZTFp1Q25jWU5HUXZaOSsKeGY5bll5L09scXczWUFQRUx3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==
109   INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFMS2dEdnd1YjBZNng0cGsKNzloalBKVmdIT3BrTVN5NkpibEI3S3NMOXNSZFdRNkltd09EaE55eVAxWFBLMk8vUUJoV1VPdUxXOURXSjlvZQpnYnNXNjAzaXJrZGlxVjhJcnVqM013U1BxbzNqaEhhNHB3YWtFSEMxbElGMlZXeVFxQncxZUtoSzFJWHBndG00CktkeGcwWkM5bjM3Ri8yZGpMODZXckRkZ0E4UXZBZ01CQUFFQ2dZRUFuakhFczdDSUdlR0t3TlZkMlAwaU5ZU1cKZHp0ZWxhY1NLN3puMWlCVlhsanh1ejVlVXNGU2xJWkVNMEd6d3JZcEZLUzFLN1lURGFQc1RXOUJJNmxMb0FaawpnaU1vOUE5YnMzdW5XOEg3N2M5T3NTUXZpdHM1eGp3MEJ0dFo0dVhwYmdlUlJmS1dFOFp6MngyYWFIeVdyU1ZIClJINGVya3JYSTFrZzZwQTlyaWtDUVFEaVd0VW5kWktpWHFNTkhJb1RrOUpLNXFyaVJqdS9FTzdtVncvRGo4RmEKSVhFOTMvTkhSVllMZ3E2cFY4SUJiNmlhZnpXbittdkplR3AvbEJsaU81dHpBa0VBeWdUMTE4V25jaFl5elNlTAp3NlVDUkhIOHlJRGx6aGwzWFhxTnhDV2M5V1dGbVpZSERIVy92L2x5dnpwUEtmb3VucmhoUTVXY2g4eGVDSDVqCml1WjlWUUpCQUtsRkJkdUJSOHVXZTlaRlBsaFBsZFlmVXpEdEZxYldVZUQ4d0RRZFg1azRJd2dEWGxrdzE1eTUKK0VWNDlBTEE3bFBDeDJ3N2o3bFZERWNsaUNuMnExTUNRQnltSTI4Y0dxajFPUE1iSHBqNk41NFpSQzN6Q2FQMgp2SlRISW4ra2plUEhKL0VsODQzeXpPU2VyWVVzOGJrVVA3UkdsWlNPRFFxOUVzREZtN3hBLzVrQ1FRQ3A1ZldQCnNWbjFsek15ckYxNHJSK0ZSSWZMazBFMnBMdm5aYzV0NjB3OFpzSVFPRGlOTXZvSDRZUEdSemFpcG9LQnlSeE0KazR1WElVVTMxaVN6VGR4ZgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t
110
111
112 ---
113 apiVersion: v1
114 kind: Service
115 metadata:
116   namespace: personal-security-center
117   name: personal-security-center-zuul-svc
118   labels:
119     app: personal-security-center-zuul
120     needMonitor: 'true'
121 spec:
122   ports:
123     - port: 8080
124       targetPort: http
125       protocol: TCP
126       name: http
127     - port: 6060
128       targetPort: http-metrics
129       protocol: TCP
130       name: http-metrics
131   selector:
132     app: personal-security-center-zuul
133
134 ---
135 apiVersion: apps/v1
136 kind: Deployment
137 metadata:
138   namespace: personal-security-center
139   name: personal-security-center-zuul
140 spec:
141   selector:
142     matchLabels:
143       app: personal-security-center-zuul
144   replicas: 1
145   template:
146     metadata:
147       labels:
148         app: personal-security-center-zuul
149     spec:
150       containers:
151       - name: personal-security-center-zuul
152         # 若使用了学校搭设的私有仓库,请修改
153         image: harbor.supwisdom.com/personal-security-center/personal-security-zuul:1.0.9-RELEASE
154         imagePullPolicy: Always
155         ports:
156         - containerPort: 8080
157           name: http
158         - containerPort: 6060
159           name: http-metrics
160         envFrom:
161         - configMapRef:
162             name: jvm-env
163         - secretRef:
164             name: redis-env-secret
165         - secretRef:
166             name: personal-security-center-zuul-env-secret
167         - configMapRef:
168             name: personal-security-center-zuul-env
169         resources:
170           requests:
171             memory: "512Mi"
172           limits:
173             memory: "512Mi"
174         readinessProbe:
175           httpGet:
176             path: /actuator/health
177             port: 8080
178           initialDelaySeconds: 20
179           periodSeconds: 5
180           timeoutSeconds: 5
181           successThreshold: 1
182           failureThreshold: 10
183       imagePullSecrets:
184         - name: harbor-registry
185
部署脚本,认证授权服务