Code Review / institute / deploy-authx-service.git / blob
? search:


49f640a1254bd3f6f77a6018a73c8a2d4d82bd2b
[institute/deploy-authx-service.git] /
1 # personal-security-center-bff.yaml
2
3 ---
4 apiVersion: v1
5 kind: ConfigMap
6 metadata:
7   namespace: personal-security-center-test
8   name: personal-security-center-bff-template-env
9 data:
10   # 根据情况,修改邮件模板
11   EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在激活帐号,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
12   EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
13   
14   EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
15   EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
16   EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在修改安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
17   EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
18
19   EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
20   EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
21   EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
22   EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
23   EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
24   EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
25   EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
26   EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
27
28   # 根据情况,修改短信模板
29   SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_PRE_MOBILE: '{prefix}{name}:您正在激活帐号,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
30   SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: '{prefix}{name}:您正在激活帐号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
31   SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{prefix}{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
32
33   SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{prefix}{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
34   SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{prefix}{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
35   SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{prefix}{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
36   SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: '{prefix}{name}:您正在修改安全手机,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
37
38   SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{prefix}{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
39   SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{prefix}{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
40   SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{prefix}{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
41   SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{prefix}{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
42   SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{prefix}{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
43   SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{prefix}{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
44   SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
45   SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
46
47   SMS_TEMPLATE_PREFIX: ''
48
49
50 ---
51 apiVersion: v1
52 kind: ConfigMap
53 metadata:
54   namespace: personal-security-center-test
55   name: personal-security-center-bff-env
56 data:
57   SERVER_PORT: "8080"
58   SSL_ENABLED: "false"
59   #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
60   #SSL_KEYSTORE_PASSWORD: ""
61   #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
62   #SSL_TRUSTSTORE_PASSWORD: ""
63
64   SERVER_MAXHTTPHEADERSIZE: "10240"
65
66   SERVER_TOMCAT_ACCEPT_COUNT: "5000"
67   SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
68   SERVER_TOMCAT_MAX_THREADS: "800"
69   SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
70
71   SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
72   SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
73   SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
74
75   LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
76
77
78   # 修改为学校的 personal-security-center 的访问域名
79   PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://personal-security-center-test.newcapec.edu.cn
80   # 修改为学校的 cas 的访问域名
81   CAS_SERVER_PREFIX: https://cas-test.paas.newcapec.cn/cas
82
83   PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
84
85
86   # 新开普人脸对接配置
87   # 修改为实际项目配置
88   PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
89   PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
90   PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
91   PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
92   PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
93
94
95   CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server-test.svc.cluster.local:8080/cas
96   CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
97   #CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
98   #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
99   #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
100   #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
101   #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
102
103   CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
104   CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
105   #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
106   #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
107   #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
108   #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
109   #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
110
111   USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
112   USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
113   #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
114   #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
115   #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
116   #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
117   #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
118
119
120   TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/file/db
121   TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/mail/smtp
122   TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/sms/console
123   TPAS_CLIENT_AUTH_ENABLED: "false"
124   #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
125   #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
126   #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
127   #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
128   #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
129
130
131   # COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
132   # COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
133   # COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
134   # COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
135   # COMMUNICATOR_EMAIL_VALIDATE: "true"
136
137   # COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
138
139 ---
140 apiVersion: v1
141 kind: Secret
142 metadata:
143   namespace: personal-security-center-test
144   name: personal-security-center-bff-env-secret
145 type: Opaque
146 data:
147
148
149
150 ---
151 apiVersion: v1
152 kind: Service
153 metadata:
154   namespace: personal-security-center-test
155   name: personal-security-center-bff-svc
156   labels:
157     app: personal-security-center-bff
158     needMonitor: 'true'
159 spec:
160   ports:
161     - port: 8080
162       targetPort: http
163       protocol: TCP
164       name: http
165     - port: 6060
166       targetPort: http-metrics
167       protocol: TCP
168       name: http-metrics
169   selector:
170     app: personal-security-center-bff
171
172 ---
173 apiVersion: apps/v1
174 kind: Deployment
175 metadata:
176   namespace: personal-security-center-test
177   name: personal-security-center-bff
178 spec:
179   selector:
180     matchLabels:
181       app: personal-security-center-bff
182   replicas: 1
183   template:
184     metadata:
185       labels:
186         app: personal-security-center-bff
187     spec:
188       containers:
189       - name: personal-security-center-bff
190         # 若使用了学校搭设的私有仓库,请修改
191         image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.0.2-SNAPSHOT
192         imagePullPolicy: Always
193         ports:
194         - containerPort: 8080
195           name: http
196         - containerPort: 6060
197           name: http-metrics
198         envFrom:
199         - configMapRef:
200             name: jvm-env
201         - secretRef:
202             name: redis-env-secret
203         - secretRef:
204             name: personal-security-center-bff-env-secret
205         - configMapRef:
206             name: personal-security-center-bff-env
207         - configMapRef:
208             name: personal-security-center-bff-template-env
209         resources:
210           requests:
211             memory: "1024Mi"
212           limits:
213             memory: "1024Mi"
214         readinessProbe:
215           httpGet:
216             path: /actuator/health
217             port: 8080
218           initialDelaySeconds: 20
219           periodSeconds: 5
220           timeoutSeconds: 5
221           successThreshold: 1
222           failureThreshold: 10
223       imagePullSecrets:
224         - name: harbor-registry
225
部署脚本,认证授权服务