--- /dev/null
+# 4.1.attest-server.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: attest-server
+ name: attest-server-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEY_PASSWORD: ""
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+
+ SERVER_SERVLET_CONTEXT_PATH: "/attest"
+
+ SERVER_MAXHTTPHEADERSIZE: "20480"
+
+ SERVER_TOMCAT_ACCEPT_COUNT: "500"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "500"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+ # **修改** 从POA申请
+ POA_SERVER_URL: https://poa.paas.xxx.edu.cn
+ POA_CLIENT_ID: ""
+ POA_CLIENT_SECRET: ""
+ POA_SCOPES: appPush:v1:apppushByMessageType
+
+
+ # 修改为学校的根域名
+ ATTEST_SERVER_PREFIX: https://attest.paas.xxx.edu.cn/attest
+
+
+ # guard
+ ATTEST_SERVER_SECUREPHONE_SMS_TEXT_TEMPLATE: 【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。
+ ATTEST_SERVER_SECUREPHONE_SMS_FROM: 认证服务
+
+ ATTEST_SERVER_SECUREEMAIL_MAIL_TEXT_TEMPLATE: 【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。
+ ATTEST_SERVER_SECUREEMAIL_MAIL_FROM: 认证服务
+
+ # 在超级APP 中唤起人脸识别的 URL Scheme
+ ATTEST_SERVER_FACEVERIFY_SUPERAPP_URL_SCHEME: superapp
+
+
+ # 超级APP Token 的验签公钥
+ TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/jwt/publicKey
+
+
+ USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
+ TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
+ TPAS_AGENT_SERVICE_MAIL_SENDER_PATH: /api/v1/tpas/mail/console/send
+ TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
+
+
+ ##
+ # token-server
+ #
+ TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080
+
+
+ ##
+ # 将 attest 数据 推送到 rabbitmq
+ #
+ # ATTEST_RABBITMQ_ENABLED: "false"
+ # ATTEST_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ # ATTEST_RABBITMQ_PORT: "5672"
+ # ATTEST_RABBITMQ_USERNAME: guest
+ # ATTEST_RABBITMQ_PASSWORD: guest
+ #
+ # ATTEST_RABBITMQ_APPPUSHATTEST2TOKENRABBITSENDER_ENABLED: "false"
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: attest-server
+ name: attest-server-env-secret
+type: Opaque
+data:
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: attest-server
+ name: attest-server-svc
+ labels:
+ app: attest-server
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: attest-server
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: attest-server
+ name: attest-server
+spec:
+ selector:
+ matchLabels:
+ app: attest-server
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: attest-server
+ spec:
+ containers:
+ - name: attest-server
+ image: harbor.supwisdom.com/attest-server/attest-server:1.0.0-SNAPSHOT-DEV
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - configMapRef:
+ name: attest-server-env
+ - secretRef:
+ name: attest-server-env-secret
+ resources:
+ requests:
+ memory: "512Mi"
+ limits:
+ memory: "512Mi"
+ readinessProbe:
+ httpGet:
+ path: /attest/actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+
Code Review / institute / deploy-authx-service.git / commitdiff
