Code Review / institute / deploy-authx-service.git / blob
? search:


ae9611cee6b308b1474b1ab0417e469916707b7b
[institute/deploy-authx-service.git] /
1 # personal-security-center-bff.yaml
2
3 ---
4 apiVersion: v1
5 kind: ConfigMap
6 metadata:
7   namespace: personal-security-center
8   name: personal-security-center-bff-template-env
9 data:
10   # 根据情况,修改邮件模板
11   EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在激活帐号,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
12   EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
13   
14   EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
15   EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
16   EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在修改安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
17   EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
18
19   EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
20   EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
21   EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
22   EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
23   EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
24   EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
25   EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
26   EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
27   EMAIL_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE: '{name}:您正在绑定钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
28   EMAIL_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE_UNBIND_DINGTALK: '{name}:您正在解绑钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
29
30   EMAIL_TEMPLATE_USER_COMPLETED_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在绑定安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
31
32   # 根据情况,修改短信模板
33   SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_PRE_MOBILE: '{prefix}您正在激活帐号,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
34   SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: '{prefix}您正在激活帐号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
35   SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{prefix}您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
36
37   SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{prefix}您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
38   SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{prefix}您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
39   SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{prefix}您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
40   SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: '{prefix}您正在修改安全手机,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
41
42   SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{prefix}您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
43   SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{prefix}您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
44   SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{prefix}您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
45   SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{prefix}您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
46   SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{prefix}您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
47   SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{prefix}您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
48   SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
49   SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
50   SMS_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE: '{prefix}{name}:您正在绑定钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
51   SMS_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE_UNBIND_DINGTALK: '{prefix}{name}:您正在解绑钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
52
53   SMS_TEMPLATE_USER_COMPLETED_SECURITY_MOBILE_SEND_CODE: '{name}:您正在绑定安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
54
55   SMS_TEMPLATE_USER_COMPLETED_REALNAME_SEND_CODE_BY_PRE_MOBILE: '{name}:您正在实名认证,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
56
57   SMS_TEMPLATE_ACCOUNT_INFO_SEND_CODE_BY_MOBILE: '{prefix}您当前正在查询账号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
58   SMS_TEMPLATE_ACCOUNT_INFO_SEND_ACCOUNT_NAME: '{prefix}您当前正在查询账号,查询结果为:{accountName},账号是您在学校中的重要信息,请妥善保管。'
59
60   SMS_TEMPLATE_PREFIX: ''
61
62
63 ---
64 apiVersion: v1
65 kind: ConfigMap
66 metadata:
67   namespace: personal-security-center
68   name: personal-security-center-bff-env
69 data:
70   SERVER_PORT: "8080"
71   SSL_ENABLED: "false"
72   #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
73   #SSL_KEYSTORE_PASSWORD: ""
74   #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
75   #SSL_TRUSTSTORE_PASSWORD: ""
76
77   SERVER_MAXHTTPHEADERSIZE: "10240"
78
79   SERVER_TOMCAT_ACCEPT_COUNT: "5000"
80   SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
81   SERVER_TOMCAT_MAX_THREADS: "800"
82   SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
83
84   LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
85
86
87   SPRING_SERVLET_MULTIPART_MAX_FILE_SIZE: 10Mb
88   # SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE: 10Mb
89
90   SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
91   SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
92   SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
93
94
95   # 修改为学校的 personal-security-center 的访问域名
96   PERSONAL_SECURITY_CENTER_SERVER_PREFIX: http://personal-security-center.paas.xxx.edu.cn
97   # 修改为学校的 cas 的访问域名
98   CAS_SERVER_PREFIX: http://cas.paas.xxx.edu.cn/cas
99
100   PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
101
102
103   ## 密码验证接口(外部接口)
104   PERSONAL_SECURITY_BFF_SECURITY_PASSWORD_VERIFY_URL: ""
105   # http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080/api/v1/security/accounts/verifyAccountPassword
106
107
108   # 新开普人脸对接配置
109   # 修改为实际项目配置
110   PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
111   PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
112   PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
113   PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
114   PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
115
116
117   CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas
118   CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
119   #CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
120   #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
121   #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
122   #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
123   #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
124
125   CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
126   CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
127   #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
128   #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
129   #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
130   #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
131   #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
132
133   USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
134   USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
135   #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
136   #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
137   #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
138   #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
139   #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
140
141   # PERSONAL_SECURITY_CENTER_SA_API_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
142   # PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_ENABLED: "false"
143   #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
144   #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
145   #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
146   #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
147   #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
148
149
150   TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
151   TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/smtp
152   TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console
153   TPAS_CLIENT_AUTH_ENABLED: "false"
154   #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
155   #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
156   #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
157   #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
158   #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
159
160
161   # COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
162   # COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
163   # COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
164   # COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
165   # COMMUNICATOR_EMAIL_VALIDATE: "true"
166
167   # COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
168
169 ---
170 apiVersion: v1
171 kind: Secret
172 metadata:
173   namespace: personal-security-center
174   name: personal-security-center-bff-env-secret
175 type: Opaque
176 data:
177
178
179
180 ---
181 apiVersion: v1
182 kind: Service
183 metadata:
184   namespace: personal-security-center
185   name: personal-security-center-bff-svc
186   labels:
187     app: personal-security-center-bff
188     needMonitor: 'true'
189 spec:
190   ports:
191     - port: 8080
192       targetPort: http
193       protocol: TCP
194       name: http
195     - port: 6060
196       targetPort: http-metrics
197       protocol: TCP
198       name: http-metrics
199   selector:
200     app: personal-security-center-bff
201
202 ---
203 apiVersion: apps/v1
204 kind: Deployment
205 metadata:
206   namespace: personal-security-center
207   name: personal-security-center-bff
208 spec:
209   selector:
210     matchLabels:
211       app: personal-security-center-bff
212   replicas: 1
213   template:
214     metadata:
215       labels:
216         app: personal-security-center-bff
217     spec:
218       containers:
219       - name: personal-security-center-bff
220         # 若使用了学校搭设的私有仓库,请修改
221         image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.3.1-RELEASE
222         imagePullPolicy: Always
223         ports:
224         - containerPort: 8080
225           name: http
226         - containerPort: 6060
227           name: http-metrics
228         envFrom:
229         - configMapRef:
230             name: jvm-env
231         - secretRef:
232             name: redis-env-secret
233         - secretRef:
234             name: personal-security-center-bff-env-secret
235         - configMapRef:
236             name: personal-security-center-bff-env
237         - configMapRef:
238             name: personal-security-center-bff-template-env
239         resources:
240           requests:
241             memory: "512Mi"
242           limits:
243             memory: "512Mi"
244         readinessProbe:
245           httpGet:
246             path: /actuator/health
247             port: 8080
248           initialDelaySeconds: 20
249           periodSeconds: 5
250           timeoutSeconds: 5
251           successThreshold: 1
252           failureThreshold: 10
253       imagePullSecrets:
254         - name: harbor-registry
255
部署脚本,认证授权服务