# personal-security-center-ingresses.yaml
-# 个人中心后端接口
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- namespace: personal-security-center
- name: personal-security-center-ingress
- annotations:
- nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
-spec:
- rules:
- # 修改为学校的根域名
- - host: personal-security-center.paas.xxx.edu.cn
- http:
- paths:
- - path: /
- backend:
- serviceName: personal-security-center-zuul-svc
- servicePort: http
+# 废弃,合并到 安全中心
+# # 个人中心后端接口
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+# namespace: personal-security-center
+# name: personal-security-center-ingress
+# annotations:
+# nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+# spec:
+# rules:
+# # 修改为学校的根域名
+# - host: personal-security-center.paas.xxx.edu.cn
+# http:
+# paths:
+# - path: /
+# backend:
+# serviceName: personal-security-center-zuul-svc
+# servicePort: http
-# 安全中心前端
+# 安全中心
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: personal-security-center
- name: security-center-ui-ingress
+ name: security-center-ingress
spec:
rules:
# 修改为学校的根域名
backend:
serviceName: security-center-ui-svc
servicePort: http
+ - path: /personal
+ backend:
+ serviceName: personal-security-center-zuul-svc
+ servicePort: http
# 修改为学校的 personal-security-center 的访问域名
- PERSONAL_SECURITY_CENTER_SERVER_PREFIX: http://personal-security-center.paas.xxx.edu.cn
+ PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://security-center.paas.xxx.edu.cn/personal
# 修改为学校的 cas 的访问域名
- CAS_SERVER_PREFIX: http://cas.paas.xxx.edu.cn/cas
+ CAS_SERVER_PREFIX: https://cas.paas.xxx.edu.cn/cas
PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/smtp
TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console
+ TPAS_FACE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/face/aiface
TPAS_CLIENT_AUTH_ENABLED: "false"
#TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
#TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
# COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
+
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
---
apiVersion: v1
kind: Secret
containers:
- name: personal-security-center-bff
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.3.1-RELEASE
+ image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.4.0-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
#SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
#SSL_TRUSTSTORE_PASSWORD: ""
+ SERVER_SERVLET_CONTEXT_PATH: "/personal"
+
SERVER_MAXHTTPHEADERSIZE: "10240"
SERVER_TOMCAT_ACCEPT_COUNT: "5000"
#INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://uniauth-prod-backend.uniauth.svc.cluster.local:9090/idtoken/publicKey"
- INFRAS_SECURITY_CAS_ENABLED: "true"
- # 修改为学校的 personal-security-center 的访问域名
- APP_SERVER_HOST_URL: "http://personal-security-center.paas.xxx.edu.cn"
+ INFRAS_SECURITY_CAS_ENABLED: "false"
+ # 修改为学校的 security-center 的访问域名
+ APP_SERVER_HOST_URL: "https://security-center.paas.xxx.edu.cn/personal"
#APP_LOGIN_URL: "/cas/login"
#APP_LOGOUT_URL: "/cas/logout"
# 修改为学校的 cas 的访问域名
- CAS_SERVER_HOST_URL: "http://cas.paas.xxx.edu.cn/cas"
+ CAS_SERVER_HOST_URL: "https://cas.paas.xxx.edu.cn/cas"
# 后端API服务,域名访问时,默认跳转地址
# 修改为学校的 security-center 安全中心的访问域名
- APPLICATION_INDEX_REDIRECT_URI: "http://security-center.paas.xxx.edu.cn"
+ APPLICATION_INDEX_REDIRECT_URI: "https://security-center.paas.xxx.edu.cn"
ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
containers:
- name: personal-security-center-zuul
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/personal-security-center/personal-security-zuul:1.3.1-RELEASE
+ image: harbor.supwisdom.com/personal-security-center/personal-security-zuul:1.4.0-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
memory: "512Mi"
readinessProbe:
httpGet:
- path: /actuator/health
+ path: /personal/actuator/health
port: 8080
initialDelaySeconds: 20
periodSeconds: 5
name: security-center-ui-env
data:
# **修改** 学校的根域名
- RESOURCE_PREFIX: http://authx-minio.paas.xxx.edu.cn/security-center-ui
+ RESOURCE_PREFIX: https://authx-minio.paas.xxx.edu.cn/security-center-ui
SCHOOL_NAME: ""
- MAIN_SERVER: http://security-center.paas.xxx.edu.cn
+ MAIN_SERVER: https://security-center.paas.xxx.edu.cn
- PERSONAL_CENTER_API: http://personal-security-center.paas.xxx.edu.cn
+ PERSONAL_CENTER_API: https://security-center.paas.xxx.edu.cn/personal
# 可选 cas,uniauth
AUTH_TYPE: cas
# AUTH_TYPE 为 uniauth 时,配置
- UNIAUTH_IDTOKEN: http://uniauth.paas.xxx.edu.cn/idtoken
+ UNIAUTH_IDTOKEN: https://uniauth.paas.xxx.edu.cn/idtoken
UNIAUTH_IDTOKEN_ISS: "uniauth"
UNIAUTH_CLIENT_ID: "22"
# AUTH_TYPE 为 cas 时,配置 AUTH_CAS、JWT_ISS、JWT_SECRET
- AUTH_CAS: http://cas.paas.xxx.edu.cn/cas
- JWT_ISS: http://cas.paas.xxx.edu.cn/cas
+ AUTH_CAS: https://cas.paas.xxx.edu.cn/cas
+ JWT_ISS: https://cas.paas.xxx.edu.cn/cas
JWT_SECRET: (@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2
containers:
- name: security-center-ui
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/personal-security-center/security-center-ui:1.3.1-RELEASE
+ image: harbor.supwisdom.com/personal-security-center/security-center-ui:1.4.0-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 80
Code Review / institute / deploy-authx-service.git / commitdiff
