kind: Ingress
metadata:
namespace: authx-service
- name: authx-management-ingress
+ name: authx-service-authx-management-ingress
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
# 修改为学校的根域名
- - host: admin-platform.paas.xxx.edu.cn
+ - host: authx-service.paas.xxx.edu.cn
http:
paths:
- path: /authx-management/(.*)
name: cas-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
- # cert-manager.io/cluster-issuer: "letsencrypt-staging"
- # nginx.ingress.kubernetes.io/ssl-redirect: "true"
- # nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
- # nginx.ingress.kubernetes.io/auth-tls-secret: "cas-server/ca-secret"
- # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
spec:
- # tls:
- # - hosts:
- # - cas.paas.xxx.edu.cn
- # secretName: cas-ingress-tls
rules:
# 修改为学校的根域名
- host: cas.paas.xxx.edu.cn
backend:
serviceName: cas-server-site-scheme-svc
servicePort: http
-
-
-# TODO: https 配置说明
CASSERVERSITE_SMS_SENDER_IMPL: agent-service
# **修改** 学校的根域名
- CASSERVERSITE_FORGOT_PASSWORD_URL: https://security-center.paas.xxx.edu.cn/find-pwd
- CASSERVERSITE_ACTIVE_ACCOUNT_URL: https://security-center.paas.xxx.edu.cn/active-account
+ CASSERVERSITE_FORGOT_PASSWORD_URL: https://authx-service.paas.xxx.edu.cn/find-pwd
+ CASSERVERSITE_ACTIVE_ACCOUNT_URL: https://authx-service.paas.xxx.edu.cn/active-account
## 动态码登录相关配置
CASSERVERSITE_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300"
##
# 超级APP Token 的验签公钥
- # 如须和 超级APP 进行对接,修改此配置
- # **修改** 学校的根域名
- SUPERAPP_TOKEN_SIGNING_KEY_URL: https://token.paas.xxx.edu.cn/jwt/publicKey
+ SUPERAPP_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token/jwt/publicKey
TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
#USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+ ATTEST_SERVER_URL: http://attest-server-svc.attest-server.svc.cluster.local:8080/attest
+ ATTEST_CLIENT_AUTH_ENABLED: "false"
+ #ATTEST_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #ATTEST_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090
+ IPADDR_CLIENT_AUTH_ENABLED: "false"
+ #IPADDR_CLIENT_AUTH_KEY_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
AUTHX_LOG_ENABLED: "true"
AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
AUTHX_LOG_RABBITMQ_PORT: "5672"
spec:
rules:
# 修改为学校的根域名
- - host: token.paas.xxx.edu.cn
+ - host: cas.paas.xxx.edu.cn
http:
paths:
- path: /token
# **修改** 学校的根域名
- TOKEN_SERVER_PREFIX: https://token.paas.xxx.edu.cn
+ TOKEN_SERVER_PREFIX: https://token.paas.xxx.edu.cn/token
# **修改** 学校的根域名
TOKEN_SERVER_SECURITY_JWT_ISS: token.paas.xxx.edu.cn
#TOKEN_SERVER_SECURITY_JWT_EXPIRATION: 2592000
POA_SCOPES: messagecenter:v1:sendMessage
+ TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
+ TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
+ TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
+
+
CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
#CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
#USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
- TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
- TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+ ATTEST_SERVER_URL: http://attest-server-svc.attest-server.svc.cluster.local:8080/attest
+ ATTEST_CLIENT_AUTH_ENABLED: "false"
+ #ATTEST_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #ATTEST_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
- TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
- TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
+
+ IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090
+ IPADDR_CLIENT_AUTH_ENABLED: "false"
+ #IPADDR_CLIENT_AUTH_KEY_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+ ##
+ # authx-log rabbitmq
+ #
AUTHX_LOG_ENABLED: "true"
AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
AUTHX_LOG_RABBITMQ_PORT: "5672"
AUTHX_LOG_RABBITMQ_PASSWORD: guest
+ ##
+ # 接收 user 推送的 rabbitmq 数据
+ #
+ USER_RABBITMQ_ENABLED: "true"
+ USER_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ USER_RABBITMQ_PORT: "5672"
+ USER_RABBITMQ_USERNAME: guest
+ USER_RABBITMQ_PASSWORD: guest
+
+ USER_RABBITMQ_CONSUMER_ENABLED: "true"
+
+
---
apiVersion: v1
kind: Secret
# personal-security-center-ingresses.yaml
-# 废弃,合并到 安全中心
+# 废弃,合并到 authx-service
# # 个人中心后端接口
# ---
# apiVersion: extensions/v1beta1
# serviceName: personal-security-center-zuul-svc
# servicePort: http
+# 废弃,合并到 authx-service
+# # 安全中心
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+# namespace: personal-security-center
+# name: security-center-ingress
+# spec:
+# rules:
+# # 修改为学校的根域名
+# - host: security-center.paas.xxx.edu.cn
+# http:
+# paths:
+# - path: /
+# backend:
+# serviceName: security-center-ui-svc
+# servicePort: http
+
-# 安全中心
+# 安全中心 前端UI、后端API
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: personal-security-center
- name: security-center-ingress
+ name: authx-service-security-center-ingress
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
spec:
rules:
# 修改为学校的根域名
- - host: security-center.paas.xxx.edu.cn
+ - host: authx-service.paas.xxx.edu.cn
http:
paths:
- path: /
# 修改为学校的 personal-security-center 的访问域名
- PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://security-center.paas.xxx.edu.cn/personal
+ PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://authx-service.paas.xxx.edu.cn/personal
# 修改为学校的 cas 的访问域名
CAS_SERVER_PREFIX: https://cas.paas.xxx.edu.cn/cas
INFRAS_SECURITY_CAS_ENABLED: "false"
# 修改为学校的 security-center 的访问域名
- APP_SERVER_HOST_URL: "https://security-center.paas.xxx.edu.cn/personal"
+ APP_SERVER_HOST_URL: "https://authx-service.paas.xxx.edu.cn/personal"
#APP_LOGIN_URL: "/cas/login"
#APP_LOGOUT_URL: "/cas/logout"
# 修改为学校的 cas 的访问域名
# 后端API服务,域名访问时,默认跳转地址
# 修改为学校的 security-center 安全中心的访问域名
- APPLICATION_INDEX_REDIRECT_URI: "https://security-center.paas.xxx.edu.cn"
+ APPLICATION_INDEX_REDIRECT_URI: "https://authx-service.paas.xxx.edu.cn"
ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
# **修改** 学校的根域名
RESOURCE_PREFIX: https://authx-minio.paas.xxx.edu.cn/security-center-ui
SCHOOL_NAME: ""
- MAIN_SERVER: https://security-center.paas.xxx.edu.cn
+ MAIN_SERVER: https://authx-service.paas.xxx.edu.cn
- PERSONAL_CENTER_API: https://security-center.paas.xxx.edu.cn/personal
+ PERSONAL_CENTER_API: https://authx-service.paas.xxx.edu.cn/personal
# 可选 cas,uniauth
AUTH_TYPE: cas
metadata:
name: attest-server-ingress
namespace: attest-server
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
spec:
rules:
# 修改为学校的根域名
- - host: attest.paas.xxx.edu.cn
+ - host: cas.paas.xxx.edu.cn
http:
paths:
- path: /attest
# 超级APP Token 的验签公钥
- TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/jwt/publicKey
+ TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token/jwt/publicKey
USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
##
# token-server
#
- TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080
+ TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token
##
spec:
containers:
- name: attest-server
- image: harbor.supwisdom.com/attest-server/attest-server:1.0.0-SNAPSHOT-DEV
+ image: harbor.supwisdom.com/attest-server/attest-server:1.4.0-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
name: attest-server-env-secret
resources:
requests:
- memory: "512Mi"
+ memory: "1024Mi"
limits:
- memory: "512Mi"
+ memory: "1024Mi"
readinessProbe:
httpGet:
path: /attest/actuator/health
name: datasource-env-secret
- configMapRef:
name: authx-log-installer-env
- resources:
- requests:
- memory: "256Mi"
- limits:
- memory: "256Mi"
imagePullSecrets:
- - name: harbor-supwisdom
+ - name: harbor-registry
name: authx-log-sa-env
resources:
requests:
- memory: "400Mi"
+ memory: "1024Mi"
limits:
- memory: "400Mi"
+ memory: "1024Mi"
readinessProbe:
httpGet:
path: /actuator/health
successThreshold: 1
failureThreshold: 10
imagePullSecrets:
- - name: harbor-supwisdom
+ - name: harbor-registry
Code Review / institute / deploy-authx-service.git / commitdiff
