Supwisdom Source - institute/deploy-authx-service.git/blob

   1 # personal-security-center-zuul.yaml
   2
   3 ---
   4 apiVersion: v1
   5 kind: ConfigMap
   6 metadata:
   7   namespace: personal-security-center
   8   name: personal-security-center-zuul-env
   9 data:
  10   SERVER_PORT: "8080"
  11   SSL_ENABLED: "false"
  12   #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
  13   #SSL_KEYSTORE_PASSWORD: ""
  14   #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
  15   #SSL_TRUSTSTORE_PASSWORD: ""
  16
  17   SERVER_MAXHTTPHEADERSIZE: "10240"
  18
  19   SERVER_TOMCAT_ACCEPT_COUNT: "5000"
  20   SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
  21   SERVER_TOMCAT_MAX_THREADS: "800"
  22   SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
  23
  24   LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER: INFO
  25
  26
  27   SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
  28   SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
  29   SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
  30
  31
  32   ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000"
  33   ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000"
  34
  35   ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000"
  36
  37
  38   ZUUL_ROUTES_PERSONAL_ME_URL: http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1/me
  39   ZUUL_ROUTES_PERSONAL_BFF_URL: http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1
  40
  41   ZUUL_ROUTES_USER_BIZ_URL: http://user-data-service-biz-svc.user-data-service.svc.cluster.local:8080/api/v1/user/biz
  42
  43   # 修改为学校的 portal 的访问域名
  44   ZUUL_ROUTES_PORTAL_URL: http://portal.paas.xxx.edu.cn/portal-web/api
  45
  46
  47   INFRAS_SECURITY_BASIC_ENABLED: "false"
  48
  49   INFRAS_SECURITY_JWT_ENABLED: "true"
  50   #INFRAS_SECURITY_JWT_KEY_ALIAS: "supwisdom-jwt-key"
  51   #INFRAS_SECURITY_JWT_KEY_PASSWORD: "changeit"
  52   #INFRAS_SECURITY_JWT_KEY_STORE: "file:/certs/jwt/jwt.keystore"
  53   #INFRAS_SECURITY_JWT_KEY_STORE_PASSWORD: "changeit"
  54
  55   INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas
  56   #INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: ""
  57   INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey"
  58
  59
  60   INFRAS_SECURITY_CAS_ENABLED: "true"
  61   # 修改为学校的 personal-security-center 的访问域名
  62   APP_SERVER_HOST_URL: "http://personal-security-center.paas.xxx.edu.cn"
  63   #APP_LOGIN_URL: "/cas/login"
  64   #APP_LOGOUT_URL: "/cas/logout"
  65   # 修改为学校的 cas 的访问域名
  66   CAS_SERVER_HOST_URL: "http://cas.paas.xxx.edu.cn/cas"
  67
  68
  69   # 后端API服务，域名访问时，默认跳转地址
  70   # 修改为学校的 security-center 安全中心的访问域名
  71   APPLICATION_INDEX_REDIRECT_URI: "http://security-center.paas.xxx.edu.cn"
  72
  73
  74   ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
  75   #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: ""
  76   #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
  77   #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
  78
  79
  80   USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
  81   USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
  82   #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
  83   #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
  84   #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
  85   #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
  86   #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
  87
  88   USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
  89   USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
  90   #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
  91   #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
  92   #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
  93   #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
  94   #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
  95
  96 ---
  97 apiVersion: v1
  98 kind: Secret
  99 metadata:
 100   namespace: personal-security-center
 101   name: personal-security-center-zuul-env-secret
 102 type: Opaque
 103 data:
 104   # 参考 certs/jwt/readme.md 生成公私钥pem，替换相关配置
 105   INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDeW9BNzhMbTlHT3NlS1pPL1lZenlWWUJ6cQpaREVzdWlXNVFleXJDL2JFWFZrT2lKc0RnNFRjc2o5Vnp5dGp2MEFZVmxEcmkxdlExaWZhSG9HN0Z1dE40cTVICllxbGZDSzdvOXpNRWo2cU40NFIydUtjR3BCQnd0WlNCZGxWc2tLZ2NOWGlvU3RTRjZZTFp1Q25jWU5HUXZaOSsKeGY5bll5L09scXczWUFQRUx3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==
 106   INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFMS2dEdnd1YjBZNng0cGsKNzloalBKVmdIT3BrTVN5NkpibEI3S3NMOXNSZFdRNkltd09EaE55eVAxWFBLMk8vUUJoV1VPdUxXOURXSjlvZQpnYnNXNjAzaXJrZGlxVjhJcnVqM013U1BxbzNqaEhhNHB3YWtFSEMxbElGMlZXeVFxQncxZUtoSzFJWHBndG00CktkeGcwWkM5bjM3Ri8yZGpMODZXckRkZ0E4UXZBZ01CQUFFQ2dZRUFuakhFczdDSUdlR0t3TlZkMlAwaU5ZU1cKZHp0ZWxhY1NLN3puMWlCVlhsanh1ejVlVXNGU2xJWkVNMEd6d3JZcEZLUzFLN1lURGFQc1RXOUJJNmxMb0FaawpnaU1vOUE5YnMzdW5XOEg3N2M5T3NTUXZpdHM1eGp3MEJ0dFo0dVhwYmdlUlJmS1dFOFp6MngyYWFIeVdyU1ZIClJINGVya3JYSTFrZzZwQTlyaWtDUVFEaVd0VW5kWktpWHFNTkhJb1RrOUpLNXFyaVJqdS9FTzdtVncvRGo4RmEKSVhFOTMvTkhSVllMZ3E2cFY4SUJiNmlhZnpXbittdkplR3AvbEJsaU81dHpBa0VBeWdUMTE4V25jaFl5elNlTAp3NlVDUkhIOHlJRGx6aGwzWFhxTnhDV2M5V1dGbVpZSERIVy92L2x5dnpwUEtmb3VucmhoUTVXY2g4eGVDSDVqCml1WjlWUUpCQUtsRkJkdUJSOHVXZTlaRlBsaFBsZFlmVXpEdEZxYldVZUQ4d0RRZFg1azRJd2dEWGxrdzE1eTUKK0VWNDlBTEE3bFBDeDJ3N2o3bFZERWNsaUNuMnExTUNRQnltSTI4Y0dxajFPUE1iSHBqNk41NFpSQzN6Q2FQMgp2SlRISW4ra2plUEhKL0VsODQzeXpPU2VyWVVzOGJrVVA3UkdsWlNPRFFxOUVzREZtN3hBLzVrQ1FRQ3A1ZldQCnNWbjFsek15ckYxNHJSK0ZSSWZMazBFMnBMdm5aYzV0NjB3OFpzSVFPRGlOTXZvSDRZUEdSemFpcG9LQnlSeE0KazR1WElVVTMxaVN6VGR4ZgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t
 107
 108
 109 ---
 110 apiVersion: v1
 111 kind: Service
 112 metadata:
 113   namespace: personal-security-center
 114   name: personal-security-center-zuul-svc
 115   labels:
 116     app: personal-security-center-zuul
 117     needMonitor: 'true'
 118 spec:
 119   ports:
 120     - port: 8080
 121       targetPort: http
 122       protocol: TCP
 123       name: http
 124     - port: 6060
 125       targetPort: http-metrics
 126       protocol: TCP
 127       name: http-metrics
 128   selector:
 129     app: personal-security-center-zuul
 130
 131 ---
 132 apiVersion: apps/v1
 133 kind: Deployment
 134 metadata:
 135   namespace: personal-security-center
 136   name: personal-security-center-zuul
 137 spec:
 138   selector:
 139     matchLabels:
 140       app: personal-security-center-zuul
 141   replicas: 1
 142   template:
 143     metadata:
 144       labels:
 145         app: personal-security-center-zuul
 146     spec:
 147       containers:
 148       - name: personal-security-center-zuul
 149         # 若使用了学校搭设的私有仓库，请修改
 150         image: harbor.supwisdom.com/personal-security-center/personal-security-zuul:1.0
 151         imagePullPolicy: Always
 152         ports:
 153         - containerPort: 8080
 154           name: http
 155         - containerPort: 6060
 156           name: http-metrics
 157         envFrom:
 158         - configMapRef:
 159             name: jvm-env
 160         - secretRef:
 161             name: redis-env-secret
 162         - secretRef:
 163             name: personal-security-center-zuul-env-secret
 164         - configMapRef:
 165             name: personal-security-center-zuul-env
 166         resources:
 167           requests:
 168             memory: "512Mi"
 169           limits:
 170             memory: "512Mi"
 171         readinessProbe:
 172           httpGet:
 173             path: /actuator/health
 174             port: 8080
 175           initialDelaySeconds: 20
 176           periodSeconds: 5
 177           timeoutSeconds: 5
 178           successThreshold: 1
 179           failureThreshold: 10
 180       imagePullSecrets:
 181         - name: harbor-registry
 182