## 安装准备
-### mysql 初始配置
+### MySQL 初始配置及相关基础命令
数据文件目录:/var/lib/mysql
* 创建 database
- ```
- user
- user_authz
- cas_server
- token_server
- personal_security_center
-
- agent_service
- communicate_center
-
- admin_center
-
- tmp_data
- ```
-
参考命令:
```
create database `user` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
```
+
* 授予权限
将 database 的权限授予对应的帐号
mysqldump -u root -p token_server > token_server.sql
mysqldump -u root -p user > user.sql
mysqldump -u root -p user_authz > user_authz.sql
- mysqldump -u root -p admin_center > admin_center.sql
- mysqldump -u root -p personal_security_center > personal_security_center.sql
mysqldump -u root -p agent_service > agent_service.sql
- mysqldump -u root -p communicate_center > communicate_center.sql
```
还原:
mysql -u root -p token_server < token_server.sql
mysql -u root -p user < user.sql
mysql -u root -p user_authz < user_authz.sql
- mysql -u root -p admin_center < admin_center.sql
- mysql -u root -p personal_security_center < personal_security_center.sql
mysql -u root -p agent_service < agent_service.sql
- mysql -u root -p communicate_center < communicate_center.sql
```
-* 创建交换帐号
-
- **待部署完成后操作**
-
- 如果,存在数据交换 须将组织机构数据、帐号数据 同步到用户服务的数据库的
- 则,需要创建一个 交换用的数据库帐号(user_trans),并为该帐号授予 表 user.TMP_ORGANIZATION_ORIGIN、user.TMP_ACCOUNT_ORIGIN 的读写操作的权限
-
- 参考命令:
- ```
- create user 'user_trans'@'%' identified with mysql_native_password by 'your_password';
-
- grant select on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
- grant insert on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
- grant update on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
- grant delete on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
-
- grant select on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
- grant insert on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
- grant update on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
- grant delete on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
-
- grant select on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
- grant insert on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
- grant update on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
- grant delete on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
-
- grant select on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
- grant insert on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
- grant update on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
- grant delete on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
- ```
-
-
-### harbor 准备
+### Harbor 准备及相关说明
* 创建 devops 帐号
authx-service authx-service/*
thirdparty-agent-service thirdparty-agent-service/*
+
user-data-service goa/*
user-authorization-service user-authorization-service/*
cas-server cas-server/*
token-server token-server/*
- communicate-center communicate-center/*
+
jobs-server jobs-server/*
personal-security-center personal-security-center/*
- admin-center admin-center/*
-
- admin-platform admin-platform/*
```
同步规则,创建完成后,进行镜像同步
项目 下,点击 项目名称,进入到 成员,添加用户,查找用户 devops,选择角色 访客,确定,添加即可
-### rancher 准备
+### Rancher 准备及相关说明
* 创建项目
输入 名称,保存
+
* 导入YAML
进入 全局 - 集群(具体名称视项目安装而定) - 项目(某个项目)
personal-security-center.paas.xxx.edu.cn 个人安全中心后端API
security-center.paas.xxx.edu.cn 安全中心前端UI(帐号激活、忘记密码)
-
- admin-center.paas.xxx.edu.cn 云平台后端API
-
- admin-platform.paas.xxx.edu.cn 云平台前端UI
```
如果使用 学校域名,则去除 .paas 即可,同时申请开通相关域名
* 数据库帐号
- 服务 | 帐号
+ 以下是 各服务对应的数据库帐号
+
+ 服务 | 数据库帐号
- | -
用户服务 user-data-service | user
授权服务 user-authorization-service | user_authz
认证服务(APP适用) token-server | token_server
- | -
第三方代理服务 thridparty-agent-service | agent_service
- 通信服务 communicate-center | communicate_center
- - | -
- 管理中心 admin-center | admin_center
- | -
v4认证迁移数据 | tmp_data
- 创建命令
-
+ 命令:
**请修改命令中的 `your_password` 为实际的数据库帐号的密码**
```
create user 'user'@'%' identified with mysql_native_password by 'your_password';
create user 'token_server'@'%' identified with mysql_native_password by 'your_password';
create user 'agent_service'@'%' identified with mysql_native_password by 'your_password';
- create user 'communicate_center'@'%' identified with mysql_native_password by 'your_password';
-
- create user 'admin_center'@'%' identified with mysql_native_password by 'your_password';
create user 'tmp_data'@'%' identified with mysql_native_password by 'your_password';
```
+* 数据库
+
+ 以下是 各服务对应的数据库
+
+ 服务 | 数据库
+ - | -
+ 用户服务 user-data-service | user
+ 授权服务 user-authorization-service | user_authz
+ 认证服务 cas-server | cas_server
+ 认证服务(APP适用) token-server | token_server
+ - | -
+ 第三方代理服务 thridparty-agent-service | agent_service
+ - | -
+ v4认证迁移数据 | tmp_data
+
+ 命令:
+ ```
+ create database `user` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ create database `user_authz` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ create database `cas_server` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ create database `token_server` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+
+ create database `agent_service` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+
+ create database `tmp_data` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ ```
+
+
+* 数据库权限授予
+
+ 将 database 的权限授予对应的帐号
+
+ 命令:
+ ```
+ grant all privileges on `user`.* to 'user'@'%' with grant option;
+ grant all privileges on `user_authz`.* to 'user_authz'@'%' with grant option;
+ grant all privileges on `cas_server`.* to 'cas_server'@'%' with grant option;
+ grant all privileges on `token_server`.* to 'token_server'@'%' with grant option;
+
+ grant all privileges on `agent_service`.* to 'agent_service'@'%' with grant option;
+
+ grant all privileges on `tmp_data`.* to 'tmp_data'@'%' with grant option;
+ ```
+
+
+* SUPER 权限授予
+
+ 由于 部分帐号 需要创建 触发器,故,需要 SUPER 权限
+ 涉及帐号有 user、user_authz、cas_server
+
+ 命令:
+ ```
+ grant SUPER on *.* to 'user'@'%';
+ grant SUPER on *.* to 'user_authz'@'%';
+ grant SUPER on *.* to 'cas_server'@'%';
+
+ grant SUPER on *.* to 'tmp_data'@'%';
+ ```
+
+
+* 用户数据的交换帐号
+
+ **待部署完成后操作**
+
+ 如果,存在数据交换 须将组织机构数据、帐号数据 同步到用户服务的数据库的
+ 则,需要创建一个 交换用的数据库帐号(user_trans),并为该帐号授予 表 user.TMP_ORGANIZATION_ORIGIN、user.TMP_ACCOUNT_ORIGIN 的读写操作的权限
+
+ 命令:
+ ```
+ create user 'user_trans'@'%' identified with mysql_native_password by 'your_password';
+
+ grant select on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+ grant insert on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+ grant update on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+ grant delete on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+
+ grant select on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+ grant insert on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+ grant update on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+ grant delete on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+
+ grant select on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+ grant insert on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+ grant update on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+ grant delete on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+
+ grant select on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+ grant insert on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+ grant update on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+ grant delete on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+ ```
### rancher 容器部署
具体参考 yaml 文件中的说明
-
0.infras
基础设施,目前包含 MySQL数据库的Web管理端、SpringBoot服务的管理端
```
-
1.authx-service
业务中台 之 认证授权服务
2.*-ingresses.yaml 请修改 访问域名
-
0.0.trans-service-v4
此为 认证v4 的数据迁移服务(可选)
数据迁移后,还需要手动编写脚本,将数据迁移至 用户服务、授权服务 的数据库中
-
0.authx-service
此为 公共基础服务
根据情况修改 pvc 的 storageClassName
-
9.poa-api-docs_install.yaml
用于将 认证授权服务的 poa 接口文档,导入到 poa-sa 中,**请在 poa 安装完成后处理**
请修改 poa 的服务地址 `POA_SERVER_URL`
-
1.thirdparty-agent-service
此为 第三方服务的代理服务
如果 学校使用 阿里云的短信服务,提供 `ACCESS_KEY_ID`、`ACCESS_SECRET`;
否则,提供相关的短信平台,进行定制开发
-
2.user-data-service
此为 用户服务
如果 须将用户数据的变更下发到 Openldap 等第三方业务中,则须配置 `JOBS_RABBITMQ_*` 为开启(ENABLED=true)
-
3.user-authorization-service
此为 授权服务
-
4.cas-server
此为 认证服务
如果 须开启图片验证码,修改 `CASSERVERSITE_CAPTCHA_ENABLED: "true"`
-
5.token-server
此为 认证服务(适用于APP,可选)
1. 注册 POA client,获取 `clientId`、`clientSecret`,申请 Scope `messagecenter:v1:sendMessage`
2. 获取 消息服务的 `appId`
-
6.personal-security-center
此为 个人安全中心 后端API,安全中心 前端UI
提供个人帐号相关的操作的接口,以及 帐号激活、密码找回 等功能
-
-
TODO: 修改 bff、zuul 配置
TODO: 修改 security-center-ui 配置
-
9.jobs-server
此为 任务调度服务
* 源头数据进入到临时表后,写入用户的正式表
* 用户数据更新后,通过消息队列,增量更新 Openldap 数据
-
-
- ```
-
-
- 6.admin-platform
-
- 云平台
-
- ```
-
- 6.admin-center
-
- 此为 云平台 后端API
-
-
- 7.admin-platform
-
- 此为 云平台 前端UI
-
```
personal-security-center
- communicate-center
-
jobs-server
```
- 在项目 admin-platform 下创建 命名空间:
-
- ```
- admin-center
-
- admin-platform
-
- ```
-
* 导入YAML
在项目 authx-service 中,将 1.authx-service 下的 yaml 按编号依次导入
- 务必确保 `4.0.*-installer.yaml` 执行成功
-
-
- 在项目 admin-platform 中,将 6.admin-platform 下的 yaml 按编号依次导入
+ **务必确保 `4.0.*-installer.yaml` 执行成功**
### 数据配置
可默认创建几个管理员帐号,以及初始授权
-
-* **必选,6.admin-platform/10.0.init.sql**
-
- 修改 数据库数据初始化时的默认配置
-
-
-* 可选,6.admin-platform/10.1.init-flow.sql
-
- 若部署了 流程平台 的产品
-
- 将 流程平台 的管理菜单 添加到 云平台中
SERVER_MAXHTTPHEADERSIZE: "10240"
- # SERVER_TOMCAT_ACCEPT_COUNT: "1000"
- # SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
- # SERVER_TOMCAT_MAX_THREADS: "1000"
- # SERVER_TOMCAT_MIN_SPARE_THREADS: "10"
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+ SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+ SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
+ SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
## file-db
FILE_DB_AUTOCONFIGURE_ENABLED: "false"
SERVER_MAXHTTPHEADERSIZE: "10240"
-
SERVER_TOMCAT_ACCEPT_COUNT: "5000"
SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
SERVER_TOMCAT_MAX_THREADS: "800"
SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
SERVER_MAXHTTPHEADERSIZE: "10240"
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
SERVER_MAXHTTPHEADERSIZE: "10240"
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+ # LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_SA_MANGRANTED: debug
SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
# SBA_URL: http://spring-boot-admin-svc.base.svc.cluster.local:8080
- # LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_SA_MANGRANTED: debug
---
SERVER_MAXHTTPHEADERSIZE: "10240"
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+ SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+ SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
+ SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
+ SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+ SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+ SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
- # SERVER_TOMCAT_ACCEPT_COUNT: "100"
- # SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
- # SERVER_TOMCAT_MAX_THREADS: "200"
- # SERVER_TOMCAT_MIN_SPARE_THREADS: "10"
SERVICE_REFRESH_REDIS_TIMER_ENABLED: "true"
ACCOUNT_REFRESH_REDIS_TIMER_ENABLED: "false"
SERVER_TOMCAT_MAX_THREADS: "800"
SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
SERVER_TOMCAT_MAX_THREADS: "800"
SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+ LOGGING_LEVEL_COM_SUPWISDOM_INSITITUTE_TOKEN_SERVER: INFO
+
+
+ SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+ SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "50"
+ SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
- LOGGING_LEVEL_COM_SUPWISDOM_INSITITUTE_TOKEN_SERVER: INFO
-
# **修改** 从消息中心申请
MESSAGECENTER_ENABLED: "false"
SERVER_TOMCAT_MAX_THREADS: "800"
SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
+
+
SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
- LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
-
# 修改为学校的 personal-security-center 的访问域名
PERSONAL_SECURITY_CENTER_SERVER_PREFIX: http://personal-security-center.paas.xxx.edu.cn
SERVER_TOMCAT_MAX_THREADS: "800"
SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER: INFO
+
+
ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000"
ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000"
ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000"
- LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER: INFO
-
ZUUL_ROUTES_PERSONAL_ME_URL: http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1/me
ZUUL_ROUTES_PERSONAL_BFF_URL: http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1
+++ /dev/null
-# communicate-center-base.yaml
-
-####################################################
-# supwisdom harbor private docker registry
-####################################################
----
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/dockerconfigjson
-metadata:
- name: harbor-registry
- namespace: communicate-center
-data:
- # 修改harbor仓库配置,并使用 base64 工具进行编码
- # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
- .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
-
+++ /dev/null
-# communicate-center-env.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: communicate-center
- name: jvm-env
-data:
- MAX_RAM_PERCENTAGE: "75.0"
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- namespace: communicate-center
- name: datasource-env-secret
-type: Opaque
-data:
- # jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/communicate_center?serverTimezone=Asia/Shanghai
- JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvY29tbXVuaWNhdGVfY2VudGVyP3NlcnZlclRpbWV6b25lPUFzaWEvU2hhbmdoYWk=
- # communicate_center
- JDBC_USERNAME: Y29tbXVuaWNhdGVfY2VudGVy
- # 修改为实际的数据库密码,并使用 base64 工具进行编码
- # kingstar
- JDBC_PASSWORD: a2luZ3N0YXI=
-
+++ /dev/null
-# communicate-center-ingresses.yaml
-
-# 暂时不使用,直接使用内部地址
-# ---
-# apiVersion: extensions/v1beta1
-# kind: Ingress
-# metadata:
-# namespace: communicate-center
-# name: communicate-center-api-ingress
-# spec:
-# rules:
-# # 修改为学校的根域名
-# - host: communicate-center-api.paas.xxx.edu.cn
-# http:
-# paths:
-# - path: /
-# backend:
-# serviceName: communicate-center-poa-svc
-# servicePort: http
+++ /dev/null
-# communicate-center-installer.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: communicate-center
- name: communicate-center-installer-env
-data:
- DB_TYPE: mysql8
-
-
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: communicate-center-installer
- namespace: communicate-center
-spec:
- completions: 1
- parallelism: 1
- template:
- metadata:
- labels:
- app: communicate-center-installer
- spec:
- restartPolicy: Never
- containers:
- - name: communicate-center-installer
- # 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/communicate-center/communicate-center-installer:1.0.0-SNAPSHOT
- imagePullPolicy: Always
- envFrom:
- - configMapRef:
- name: jvm-env
- - secretRef:
- name: datasource-env-secret
- - configMapRef:
- name: communicate-center-installer-env
- resources:
- requests:
- memory: "256Mi"
- limits:
- memory: "256Mi"
- imagePullSecrets:
- - name: harbor-registry
+++ /dev/null
-# communicate-center-poa.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: communicate-center
- name: communicate-center-poa-env
-data:
- SERVER_PORT: "8080"
- SSL_ENABLED: "false"
- #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
- #SSL_KEYSTORE_PASSWORD: ""
- #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
- #SSL_TRUSTSTORE_PASSWORD: ""
-
- SERVER_MAXHTTPHEADERSIZE: "10240"
-
-
- USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
- USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
- #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
- #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
- #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
- #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- # 若须对接邮件服务,须提供 SMTP 帐号
- TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/console
- # 若须对接sms 接口,须进行二开定制
- TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console
-
- TPAS_CLIENT_AUTH_ENABLED: "false"
- #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
- #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
- #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
- #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
-
----
-apiVersion: v1
-kind: Service
-metadata:
- namespace: communicate-center
- name: communicate-center-poa-svc
- labels:
- app: communicate-center-poa
- needMonitor: 'true'
-spec:
- ports:
- - port: 8080
- targetPort: http
- protocol: TCP
- name: http
- - port: 6060
- targetPort: http-metrics
- protocol: TCP
- name: http-metrics
- selector:
- app: communicate-center-poa
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- namespace: communicate-center
- name: communicate-center-poa
-spec:
- selector:
- matchLabels:
- app: communicate-center-poa
- replicas: 1
- template:
- metadata:
- labels:
- app: communicate-center-poa
- spec:
- containers:
- - name: communicate-center-poa
- # 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/communicate-center/communicate-center-poa:1.0.0-SNAPSHOT
- imagePullPolicy: Always
- ports:
- - containerPort: 8080
- name: http
- - containerPort: 6060
- name: http-metrics
- envFrom:
- - configMapRef:
- name: jvm-env
- - secretRef:
- name: datasource-env-secret
- - configMapRef:
- name: communicate-center-poa-env
- resources:
- requests:
- memory: "512Mi"
- limits:
- memory: "512Mi"
- readinessProbe:
- httpGet:
- path: /actuator/health
- port: 8080
- initialDelaySeconds: 20
- periodSeconds: 5
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 10
- imagePullSecrets:
- - name: harbor-registry
+++ /dev/null
--- 10.1.init.sql
-
-/*
-将 paas.example.com 替换为 paas.学校域名.edu.cn
-*/
-
-
-use cas_server;
-
--- 更新 服务 admin-center 的信息
-
-update TB_SERVICE
-set
- INFORMATION_URL='http://admin-center.paas.example.com',
- LOGOUT_URL='http://admin-center.paas.example.com/cas/slo',
- SERVICE_ID='http://admin-center.paas.example.com/cas/(.*)'
-where ID='1'; -- todo, modify
-
--- 更新 服务 personal-security-center 的信息
-
-update TB_SERVICE
-set
- INFORMATION_URL='http://personal-security-center.paas.example.com',
- LOGOUT_URL='http://personal-security-center.paas.example.com/cas/slo',
- SERVICE_ID='http://personal-security-center.paas.example.com/cas/(.*)'
-where ID='2'; -- todo, modify
-
-commit;
-
-
-use user_authz;
-
--- 更新 admin-center 下的角色同步地址
-
-update TB_APPLICATION
-set
- SYNC_URL='http://admin-center.paas.example.com/api/v1/open/sync/roles'
-where ID='1'; -- todo, modify
-
-commit;
-
-
-use admin_center;
-
--- 更新 admin-management 下菜单的访问域
-
-update TB_MGT_PERMISSION
-set
- ORIGIN='http://admin-management.paas.example.com'
-where APPLICATION_ID='00000'
-;
-
-commit;
-
-
--- 更新 admin-platform 下菜单的访问域
-
-update TB_MGT_PERMISSION
-set
- ORIGIN='http://admin-platform.paas.example.com'
-where APPLICATION_ID='1'
-;
-
-commit;
-
-/*
-insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
-values ('23', 0, 'user-biz', '用户服务 - 业务接口', '1', '/api/v1/user/biz', 'http://localhost:8023/api/v1/biz', 1);
-
-update TB_MGT_ROUTE set URL='http://user-data-service-biz-svc.user-data-service.svc.cluster.local:8080/api/v1/biz' where ID='23';
-
-commit;
-*/
+++ /dev/null
--- 10.1.init.sql
-
-/*
-将 paas.example.com 替换为 paas.学校域名.edu.cn
-*/
-
--- 以下脚本为可选操作
-
-/*
- * 若部署了流程平台、门户的产品
- * 可初始化云平台下的相关菜单数据
- */
-
-use admin_center;
-
--- flow
--- 如果部署,流程平台,请处理
-
-insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
-values ('50', 0, 'flow-api', '管理门户 - 流程接口', '1', '/api/v1/flow-release', 'http://formflow-formflow-svc.formflow.svc.cluster.local:8080/formflow', 1);
-
-commit;
-
-/*
-update TB_MGT_ROUTE
-set
- URL='http://formflow.paas.example.com'
-where ID='50'; -- todo, modify
-
-commit;
-*/
-
-insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS)
-values ('50', 0, 'flow-admin', '流程表单管理员', '', '1');
-insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS)
-values ('51', 0, 'flow-biz', '流程操作员', '业务、应用组、应用相关管理的操作人员', '1');
-
-commit;
-
-
-update TB_MGT_PERMISSION
- set LFT = LFT+10
-where LFT>=82
-;
-
-update TB_MGT_PERMISSION
- set RGT = RGT+10
-where RGT>=82
-;
-
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('50000', 0, 'formflow-manager', '流程管理', '1', '2', '', '/', '1', '1', 50000, 1, 82, 91);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('50100', 0, 'formflow', '流程表单', '1', '2', 'su-icon-liuchengbiaodan', '/formflow', '1', '50000', 50100, 2, 83, 84);
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('50200', 0, 'workbench', '工作台', '1', '2', 'su-icon-gongzuotai', '/formflow/workbench', '1', '50000', 50200, 2, 85, 86);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('50300', 0, 'instanceManage', '实例管理', '1', '2', 'su-icon-shiliguanli', '/formflow/instanceManage', '1', '50000', 50300, 2, 87, 88);
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('50400', 0, 'agent', '代理代办', '0', '2', 'su-icon-dailidaiban', '/formflow/agent', '1', '50000', 50400, 2, 89, 90);
-
-commit;
-
-
-insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
-
-select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID
-from TB_MGT_PERMISSION
-where (ID like '5____' or ID='1')
- and CONCAT('1_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
-;
-
-insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
-
-select CONCAT('50_', ID) as ID, 0 as DELETED, '50' as ROLE_ID, ID as PERMISSION_ID
-from TB_MGT_PERMISSION
-where (ID like '5____' or ID='1')
- and CONCAT('50_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
-;
-
-commit;
-
-
--- 更新 admin-platform 下菜单的访问域
-
-update TB_MGT_PERMISSION
-set
- ORIGIN='http://admin-platform.paas.example.com'
-where LFT >= 82
- and RGT <= 91
-;
-
-commit;
+++ /dev/null
--- 10.1.init-message.sql
-
-
-/*
-将 paas.example.com 替换为 paas.学校域名.edu.cn
-*/
-
--- 以下脚本为可选操作
-
-/*
- * 若部署了流程平台、门户的产品
- * 可初始化云平台下的相关菜单数据
- */
-
-use admin_center;
-
--- message
--- 如果部署,流程平台,请处理
-
-
-insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS)
-values ('80', 0, 'message-admin', '消息平台管理员', '', '1');
-insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS)
-values ('81', 0, 'message-opt', '消息平台操作员', '', '1');
-
-commit;
-
-
-/*
-消息服务 message-backstage
-名称 路由 图标
-消息网关管理 /message-backstage/msgGateWay su-icon-xiaoxiwangguan
-短信模板管理 /message-backstage/SMSTemplateManage su-icon-mobanguanli
-消息类别管理 /message-backstage/msgTypes su-icon-xiaoxileibie
-消息任务监控 /message-backstage/msgTaskMonitor su-icon-renwujiankong
-消息日志审计 /message-backstage/msgLogAudit su-icon-details
-应用管理 /message-backstage/msgSoftManage su-icon-sort
-敏感词管理 /message-backstage/SensitiveWords su-icon-lock-w
-设置 /message-backstage/msgSendCondition su-icon-print
-*/
-
-update TB_MGT_PERMISSION
- set LFT = LFT+18
-where LFT>=92
-;
-
-update TB_MGT_PERMISSION
- set RGT = RGT+18
-where RGT>=92
-;
-
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('80000', 0, 'message-backstage', '消息服务', '1', '2', '', '/', '1', '1', 80000, 1, 92, 109);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('80100', 0, 'formflow', '消息网关管理', '1', '2', 'su-icon-xiaoxiwangguan', '/message-backstage/msgGateWay', '1', '80000', 80100, 2, 93, 94);
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('80200', 0, 'workbench', '短信模板管理', '1', '2', 'su-icon-mobanguanli', '/message-backstage/SMSTemplateManage', '1', '80000', 80200, 2, 95, 96);
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('80300', 0, 'instanceManage', '消息类别管理', '1', '2', 'su-icon-xiaoxileibie', '/message-backstage/msgTypes', '1', '80000', 80300, 2, 97, 98);
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('80400', 0, 'agent', '消息任务监控', '1', '2', 'su-icon-renwujiankong', '/message-backstage/msgTaskMonitor', '1', '80000', 80400, 2, 99, 100);
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('80500', 0, 'agent', '消息日志审计', '1', '2', 'su-icon-details', '/message-backstage/msgLogAudit', '1', '80000', 80500, 2, 101, 102);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('80600', 0, 'agent', '应用管理', '1', '2', 'su-icon-sort', '/message-backstage/msgSoftManage', '1', '80000', 80600, 2, 103, 104);
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('80700', 0, 'agent', '敏感词管理', '1', '2', 'su-icon-lock-w', '/message-backstage/SensitiveWords', '1', '80000', 80700, 2, 105, 106);
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('80800', 0, 'agent', '设置', '1', '2', 'su-icon-print', '/message-backstage/msgSendCondition', '1', '80000', 80800, 2, 107, 108);
-
-commit;
-
-
-insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
-
-select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID
-from TB_MGT_PERMISSION
-where (ID like '8____' or ID='1')
- and CONCAT('1_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
-;
-
-insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
-
-select CONCAT('80_', ID) as ID, 0 as DELETED, '50' as ROLE_ID, ID as PERMISSION_ID
-from TB_MGT_PERMISSION
-where (ID like '8____' or ID='1')
- and CONCAT('80_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
-;
-
-commit;
-
-
--- 更新 admin-platform 下菜单的访问域
-
-update TB_MGT_PERMISSION
-set
- ORIGIN='http://admin-platform.paas.example.com'
-where LFT >= 92
- and RGT <= 109
-;
-
-commit;
+++ /dev/null
--- 10.1.init.sql
-
-/*
-将 paas.example.com 替换为 paas.学校域名.edu.cn
-*/
-
--- 以下脚本为可选操作
-
-/*
- * 若部署了流程平台、门户的产品
- * 可初始化云平台下的相关菜单数据
- */
-
-use admin_center;
-
--- portal
--- 如果部署,门户V5,请处理
-
-insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
-values ('60', 0, 'portal-api', '管理门户 - 门户接口', '1', '/api/v1/portal', 'http://ecampus.paas.example.com/', 1);
-
-commit;
-
-
-update TB_MGT_ROUTE
-set
- URL='http://ecampus.paas.example.com'
-where ID='60'; -- todo, modify
-
-commit;
-/*
-http://portal-web.portal.svc.cluster.local:8080/portal-web/api
-*/
-
-
-insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS)
-values ('60', 0, 'portal-admin', '门户管理员', '', '1');
-
-commit;
-
-
-/*
-update TB_MGT_PERMISSION
- set LFT = LFT+10
-where LFT>=89
-;
-
-update TB_MGT_PERMISSION
- set RGT = RGT+10
-where RGT>=89
-;
-*/
-
-
-/*
-门户管理
- web端管理
- 系统管理
- 组件模板
- 主题管理
- 主题方案
- 授权管理
- 角色管理
- 服务管理
- 服务管理
- 服务评价管理
- 标签分类管理
- CMS管理
- 幻灯片管理
- 栏目管理
- 内容管理
- 流程管理
- 模板管理
- 滚动公告管理
- 消息管理
- 第三方消息发送设置
- 消息类型管理
- 消息发送详情
-*/
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('60', 0, 'portal-manage', '门户管理', '1', '1', 'el-icon-s-help', '/',
- '60', '0', 60, 1, 93, 136);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6010000', 0, 'web', 'web端管理',
- '1', '2', null, null,
- '60', '60', 6010000, 1, 94, 105);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6010001', 0, 'web-systemManager', '系统管理',
- '1', '2', 'su-icon-xitongguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/systemManager/view.html',
- '60', '6010000', 6010001, 2, 95, 96);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6010002', 0, 'web-widgetTemplate', '组件模板',
- '1', '2', 'su-icon-zujianmoban', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/widgetTemplate/view.html',
- '60', '6010000', 6010002, 2, 97, 98);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6010003', 0, 'web-themeManager', '主题管理',
- '1', '2', 'su-icon-hutiguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/themeManager/view.html',
- '60', '6010000', 6010003, 2, 99, 100);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6010004', 0, 'web-themeScheme', '主题方案',
- '1', '2', 'su-icon-zhutifangan', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/themeScheme/view.html',
- '60', '6010000', 6010004, 2, 101, 102);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6010005', 0, 'web-oauthManager', 'oauth管理',
- '1', '2', 'su-icon-authguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/oauthManager/view.html',
- '60', '6010000', 6010005, 2, 103, 104);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6020000', 0, 'auth', '授权管理',
- '1', '2', null, null,
- '60', '60', 6020000, 1, 106, 109);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6020003', 0, 'auth-roleManager', '角色管理',
- '1', '2', 'su-icon-jiaoseguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#auth/roleManager/view.html',
- '60', '6020000', 6020003, 2, 107, 108);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6030000', 0, 'service', '服务管理',
- '1', '2', null, null,
- '60', '60', 6030000, 1, 110, 117);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6030001', 0, 'service-appservice', '服务管理',
- '1', '2', 'su-icon-fuwuguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/appservice/tabs.html',
- '60', '6030000', 6030001, 2, 111, 112);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6030002', 0, 'service-evaluate', '服务评价管理',
- '1', '2', 'su-icon-fuwupingjiaguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/evaluate/form.html',
- '60', '6030000', 6030002, 2, 113, 114);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6030003', 0, 'service-tagging', '标签分类管理',
- '1', '2', 'su-icon-biaoqianfenleiguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/tagging/form.html',
- '60', '6030000', 6030003, 2, 115, 116);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6040000', 0, 'cms', 'CMS管理',
- '1', '2', null, null,
- '60', '60', 6040000, 1, 118, 131);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6040001', 0, 'cms-slide', '幻灯片管理',
- '1', '2', 'su-icon-huandengpianguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/slide/list.html',
- '60', '6040000', 6040001, 2, 119, 120);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6040002', 0, 'cms-column', '栏目管理',
- '1', '2', 'su-icon-lanmuguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/column/list.html',
- '60', '6040000', 6040002, 2, 121, 122);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6040003', 0, 'cms-content', '内容管理',
- '1', '2', 'su-icon-neirongguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/content/list-manage.html',
- '60', '6040000', 6040003, 2, 123, 124);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6040004', 0, 'cms-flow', '流程管理',
- '1', '2', 'su-icon-liuchengguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/flow/list.html',
- '60', '6040000', 6040004, 2, 125, 126);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6040005', 0, 'cms-template', '模板管理',
- '1', '2', 'su-icon-mobanguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/template/list.html',
- '60', '6040000', 6040005, 2, 127, 128);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6040006', 0, 'cms-notice', '滚动公告管理',
- '1', '2', 'su-icon-gundonggonggaoguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/notice/list.html',
- '60', '6040000', 6040006, 2, 129, 130);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6050000', 0, 'message', '消息管理',
- '1', '2', null, null,
- '60', '60', 6050000, 1, 132, 139);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6050001', 0, 'message-sendsetting', '第三方消息发送设置',
- '1', '2', 'su-icon-disanfangxiaoxifasongshezhi', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/sendsetting/tabs.html',
- '60', '6050000', 6050001, 2, 133, 134);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6050002', 0, 'message-type', '消息类型管理',
- '1', '2', 'su-icon-xiaoxileixingguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/type/form.html',
- '60', '6050000', 6050002, 2, 135, 136);
-
-insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
- STATUS, TYPE_, ICON, URL,
- APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
-values ('6050003', 0, 'message-log', '消息发送详情',
- '1', '2', 'su-icon-xiaoxifasongxiangqing', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/sendlog/list.html',
- '60', '6050000', 6050003, 2, 137, 138);
-
-
-commit;
-
-
-
-insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
-
-select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID
-from TB_MGT_PERMISSION
-where ID like '60_____' or ID='60'
-;
-
-
-
-insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
-
-select CONCAT('60_', ID) as ID, 0 as DELETED, '60' as ROLE_ID, ID as PERMISSION_ID
-from TB_MGT_PERMISSION
-where ID like '60_____' or ID='60' or ID='1'
-;
-
-commit;
-
-
-/* 更新 TB_MGT_PERMISSION 的 ORIGIN */
-/*
-select *
-from TB_MGT_PERMISSION
-where LFT >= (select LFT from TB_MGT_PERMISSION where ID='1')
- and RGT <= (select RGT from TB_MGT_PERMISSION where ID='1')
-;
-*/
-
-update TB_MGT_PERMISSION
-set
- ORIGIN='http://ecampus.paas.example.com'
-where APPLICATION_ID = '60'
-;
-
-commit;
-
+++ /dev/null
-# admin-center-base.yaml
-
-# 在 rancher 中 命名空间 须手动创建
-
-####################################################
-# namespace
-####################################################
-apiVersion: v1
-kind: Namespace
-metadata:
- name: admin-center
- # labels:
- # istio-injection: enabled
-
-
-####################################################
-# supwisdom harbor private docker registry
-####################################################
----
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/dockerconfigjson
-metadata:
- namespace: admin-center
- name: harbor-registry
-data:
- # 修改harbor仓库配置,并使用 base64 工具进行编码
- # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
- .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
-
-
-####################################################
-# mysql-server
-####################################################
----
-apiVersion: v1
-kind: Service
-metadata:
- namespace: admin-center
- name: mysql-server
-spec:
- ports:
- - name: tcp-mysql
- port: 3306
- protocol: TCP
- targetPort: 3306
----
-kind: Endpoints
-apiVersion: v1
-metadata:
- namespace: admin-center
- name: mysql-server
-subsets:
- - addresses:
- # 修改实际MySQL服务器的IP地址
- - ip: 172.30.104.82
- ports:
- - name: tcp-mysql
- port: 3306
- protocol: TCP
-
-
-####################################################
-# redis-server
-####################################################
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app: redis
- release: redis-server
- name: redis-server
- namespace: admin-center
-type: Opaque
-data:
- REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
-
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app: redis
- release: redis-server
- name: redis-server
- namespace: admin-center
-spec:
- ports:
- - name: redis
- port: 6379
- protocol: TCP
- targetPort: redis
- selector:
- app: redis
- release: redis-server
- role: master
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- labels:
- app: redis
- release: redis-server
- name: redis-server
- namespace: admin-center
-spec:
- podManagementPolicy: OrderedReady
- replicas: 1
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- app: redis
- release: redis-server
- role: master
- serviceName: redis-master
- template:
- metadata:
- labels:
- app: redis
- release: redis-server
- role: master
- spec:
- containers:
- - name: redis-server
- env:
- - name: REDIS_DISABLE_COMMANDS
- value: FLUSHDB,FLUSHALL
- - name: REDIS_REPLICATION_MODE
- value: master
- - name: REDIS_PASSWORD
- valueFrom:
- secretKeyRef:
- name: redis-server
- key: REDIS_PASSWORD
- # 若使用了学校搭设的私有仓库,请修改
- image: bitnami/redis:4.0
- # 若使用了学校搭设的私有仓库,请修改 为 Always
- imagePullPolicy: IfNotPresent
- # imagePullPolicy: Always
- livenessProbe:
- exec:
- command:
- - redis-cli
- - ping
- failureThreshold: 5
- initialDelaySeconds: 30
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- ports:
- - containerPort: 6379
- name: redis
- protocol: TCP
- readinessProbe:
- exec:
- command:
- - redis-cli
- - ping
- failureThreshold: 5
- initialDelaySeconds: 5
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- volumeMounts:
- - mountPath: /bitnami/redis/data
- name: redis-data
- dnsPolicy: ClusterFirst
- restartPolicy: Always
- securityContext:
- fsGroup: 1001
- # runAsUser: 1001
- # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
- runAsUser: 0
- terminationGracePeriodSeconds: 30
- volumes:
- - emptyDir: {}
- name: redis-data
- # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可)
- # imagePullSecrets:
- # - name: harbor-registry
- updateStrategy:
- rollingUpdate:
- partition: 0
- type: RollingUpdate
-
+++ /dev/null
-# admin-center-env.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: admin-center
- name: jvm-env
-data:
- MAX_RAM_PERCENTAGE: "75.0"
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- namespace: admin-center
- name: datasource-env-secret
-type: Opaque
-data:
- # jdbc:mysql://mysql-server:3306/admin_center?serverTimezone=Asia/Shanghai
- JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlcjozMzA2L2FkbWluX2NlbnRlcj9zZXJ2ZXJUaW1lem9uZT1Bc2lhL1NoYW5naGFp
- # admin_center
- JDBC_USERNAME: YWRtaW5fY2VudGVy
- # 修改为实际的数据库密码,并使用 base64 工具进行编码
- # kingstar
- JDBC_PASSWORD: a2luZ3N0YXI=
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- namespace: admin-center
- name: redis-env-secret
-type: Opaque
-data:
- SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
- SPRING_REDIS_PORT: NjM3OQ==
- SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
-
+++ /dev/null
-# admin-center-ingresses.yaml
-
-
-# 云平台管理后端接口
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- namespace: admin-center
- name: admin-center-ingress
- annotations:
- nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
-spec:
- rules:
- # 修改为学校的根域名
- - host: admin-center.paas.xxx.edu.cn
- http:
- paths:
- - path: /
- backend:
- serviceName: admin-center-zuul-svc
- servicePort: http
-
-
-# 云平台菜单开放接口
-# 暂时不使用,直接使用内部地址
-# ---
-# apiVersion: extensions/v1beta1
-# kind: Ingress
-# metadata:
-# namespace: admin-center
-# name: admin-center-api-ingress
-# spec:
-# rules:
-# # 修改为学校的根域名
-# - host: admin-center-api.paas.xxx.edu.cn
-# http:
-# paths:
-# - path: /
-# backend:
-# serviceName: admin-center-poa-svc
-# servicePort: http
-
-
-# 云平台管理前端
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- namespace: admin-center
- name: admin-center-management-ingress
-spec:
- rules:
- # 修改为学校的根域名
- - host: admin-management.paas.xxx.edu.cn
- http:
- paths:
- - path: /
- backend:
- serviceName: admin-center-management-svc
- servicePort: http
-
+++ /dev/null
-# admin-center-sa-installer.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: admin-center
- name: admin-center-sa-installer-env
-data:
- DB_TYPE: mysql8
-
-
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- namespace: admin-center
- name: admin-center-sa-installer
-spec:
- completions: 1
- parallelism: 1
- template:
- metadata:
- labels:
- app: admin-center-sa-installer
- spec:
- restartPolicy: Never
- containers:
- - name: admin-center-sa-installer
- # 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/admin-center/admin-center-sa-installer:1.0.0-SNAPSHOT
- imagePullPolicy: Always
- envFrom:
- - configMapRef:
- name: jvm-env
- - secretRef:
- name: datasource-env-secret
- - configMapRef:
- name: admin-center-sa-installer-env
- resources:
- requests:
- memory: "256Mi"
- limits:
- memory: "256Mi"
- imagePullSecrets:
- - name: harbor-registry
-
+++ /dev/null
-# admin-center-poa.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: admin-center
- name: admin-center-poa-env
-data:
- SERVER_PORT: "8080"
- SSL_ENABLED: "false"
- #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
- #SSL_KEYSTORE_PASSWORD: ""
- #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
- #SSL_TRUSTSTORE_PASSWORD: ""
-
- SERVER_MAXHTTPHEADERSIZE: "10240"
-
- LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_ADMIN_CENTER_POA: INFO
-
-
- ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
- ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
- #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
- #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
- USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
- #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
- #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
- USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
-
----
-apiVersion: v1
-kind: Service
-metadata:
- namespace: admin-center
- name: admin-center-poa-svc
- labels:
- app: admin-center-poa
- needMonitor: 'true'
-spec:
- ports:
- - port: 8080
- targetPort: http
- protocol: TCP
- name: http
- - port: 6060
- targetPort: http-metrics
- protocol: TCP
- name: http-metrics
- selector:
- app: admin-center-poa
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- namespace: admin-center
- name: admin-center-poa
-spec:
- selector:
- matchLabels:
- app: admin-center-poa
- replicas: 1
- template:
- metadata:
- labels:
- app: admin-center-poa
- spec:
- containers:
- - name: admin-center-poa
- # 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/admin-center/admin-center-poa:1.0.2-SNAPSHOT
- imagePullPolicy: Always
- ports:
- - containerPort: 8080
- name: http
- - containerPort: 6060
- name: http-metrics
- envFrom:
- - configMapRef:
- name: jvm-env
- - secretRef:
- name: redis-env-secret
- - configMapRef:
- name: admin-center-poa-env
- resources:
- requests:
- memory: "400Mi"
- limits:
- memory: "400Mi"
- readinessProbe:
- httpGet:
- path: /actuator/health
- port: 8080
- initialDelaySeconds: 20
- periodSeconds: 5
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 10
- imagePullSecrets:
- - name: harbor-registry
+++ /dev/null
-# admin-center-sa.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: admin-center
- name: admin-center-sa-env
-data:
- SERVER_PORT: "8080"
- SSL_ENABLED: "false"
- #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
- #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
-
- SERVER_MAXHTTPHEADERSIZE: "10240"
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- namespace: admin-center
- name: admin-center-sa-env-secret
-type: Opaque
-data:
- #SSL_KEYSTORE_PASSWORD: ""
- #SSL_TRUSTSTORE_PASSWORD: ""
-
-
----
-apiVersion: v1
-kind: Service
-metadata:
- namespace: admin-center
- name: admin-center-sa-svc
- labels:
- app: admin-center-sa
- needMonitor: 'true'
-spec:
- ports:
- - port: 8080
- targetPort: http
- protocol: TCP
- name: http
- - port: 6060
- targetPort: http-metrics
- protocol: TCP
- name: http-metrics
- selector:
- app: admin-center-sa
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- namespace: admin-center
- name: admin-center-sa
-spec:
- selector:
- matchLabels:
- app: admin-center-sa
- replicas: 1
- template:
- metadata:
- labels:
- app: admin-center-sa
- spec:
- containers:
- - name: admin-center-sa
- # 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/admin-center/admin-center-sa:1.0.0-SNAPSHOT
- imagePullPolicy: Always
- ports:
- - containerPort: 8080
- name: http
- - containerPort: 6060
- name: http-metrics
- envFrom:
- - configMapRef:
- name: jvm-env
- - secretRef:
- name: datasource-env-secret
- - secretRef:
- name: admin-center-sa-env-secret
- - configMapRef:
- name: admin-center-sa-env
- resources:
- requests:
- memory: "400Mi"
- limits:
- memory: "400Mi"
- readinessProbe:
- httpGet:
- path: /actuator/health
- port: 8080
- initialDelaySeconds: 20
- periodSeconds: 5
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 10
- imagePullSecrets:
- - name: harbor-registry
-
+++ /dev/null
-# admin-center-bff.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: admin-center
- name: admin-center-bff-env
-data:
- SERVER_PORT: "8080"
- SSL_ENABLED: "false"
- #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
- #SSL_KEYSTORE_PASSWORD: ""
- #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
- #SSL_TRUSTSTORE_PASSWORD: ""
-
- SERVER_MAXHTTPHEADERSIZE: "10240"
-
- LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_ADMIN_CENTER_BFF: INFO
-
-
- ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
- ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
- #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
- #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
- CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
- #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
- #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
- USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
- #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
- #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
- USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- # PERSONAL_SECURITY_CENTER_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
- # PERSONAL_SECURITY_CENTER_CLIENT_AUTH_ENABLED: "false"
- #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEY_PASSWORD: ""
- #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
-
- TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/db
- TPAS_CLIENT_AUTH_ENABLED: "false"
- #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
- #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
- #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
- #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
-
----
-apiVersion: v1
-kind: Service
-metadata:
- namespace: admin-center
- name: admin-center-bff-svc
- labels:
- app: admin-center-bff
- needMonitor: 'true'
-spec:
- ports:
- - port: 8080
- targetPort: http
- protocol: TCP
- name: http
- - port: 6060
- targetPort: http-metrics
- protocol: TCP
- name: http-metrics
- selector:
- app: admin-center-bff
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- namespace: admin-center
- name: admin-center-bff
-spec:
- selector:
- matchLabels:
- app: admin-center-bff
- replicas: 1
- template:
- metadata:
- labels:
- app: admin-center-bff
- spec:
- containers:
- - name: admin-center-bff
- # 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/admin-center/admin-center-bff:1.0.2-SNAPSHOT
- imagePullPolicy: Always
- ports:
- - containerPort: 8080
- name: http
- - containerPort: 6060
- name: http-metrics
- envFrom:
- - configMapRef:
- name: jvm-env
- - secretRef:
- name: redis-env-secret
- - configMapRef:
- name: admin-center-bff-env
- resources:
- requests:
- memory: "400Mi"
- limits:
- memory: "400Mi"
- readinessProbe:
- httpGet:
- path: /actuator/health
- port: 8080
- initialDelaySeconds: 20
- periodSeconds: 5
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 10
- imagePullSecrets:
- - name: harbor-registry
-
+++ /dev/null
-# admin-center-zuul.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: admin-center
- name: admin-center-zuul-env
-data:
- SERVER_PORT: "8080"
- SSL_ENABLED: "false"
- #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
- #SSL_KEYSTORE_PASSWORD: ""
- #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
- #SSL_TRUSTSTORE_PASSWORD: ""
-
- SERVER_MAXHTTPHEADERSIZE: "10240"
-
- # SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
- # SERVER_TOMCAT_ACCEPT_COUNT: "5000"
- # SERVER_TOMCAT_MAX_THREADS: "800"
- # SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
-
- # SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
-
-
- ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000"
- ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000"
-
- ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000"
-
-
- INFRAS_SECURITY_BASIC_ENABLED: "false"
-
- INFRAS_SECURITY_JWT_ENABLED: "true"
- #INFRAS_SECURITY_JWT_KEY_ALIAS: "supwisdom-jwt-key"
- #INFRAS_SECURITY_JWT_KEY_PASSWORD: "changeit"
- #INFRAS_SECURITY_JWT_KEY_STORE: "file:/certs/jwt/jwt.keystore"
- #INFRAS_SECURITY_JWT_KEY_STORE_PASSWORD: "changeit"
-
- INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas
- INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: ""
- INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey"
-
-
- INFRAS_SECURITY_CAS_ENABLED: "true"
- # 修改为学校的admin-center的访问域名
- APP_SERVER_HOST_URL: "http://admin-center.paas.xxx.edu.cn"
- #APP_LOGIN_URL: "/cas/login"
- #APP_LOGOUT_URL: "/cas/logout"
- # 修改为学校的cas的访问域名
- CAS_SERVER_HOST_URL: "http://cas.paas.xxx.edu.cn/cas"
-
-
- ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
- #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: ""
- #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
-
- ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
- ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
- #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
- #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
- USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
- #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
- #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
- USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
- #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- namespace: admin-center
- name: admin-center-zuul-env-secret
-type: Opaque
-data:
- # 参考 certs/jwt/readme.md 生成公私钥pem,替换相关配置
- INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDcWUzYUpRVm1VNWY1VDhIdU1PcEloMjhrZQpNU3hpUkh2NXNNa29iVGd5T3VRaVVYVEJLS3JwUjVNUWFiaERFZG1WSHlVWFowUFRLRHJCYk9rWkVwTVRmbXBHCnBibE5hOHJkS0RRZG5MYVFLNHBkKzN1clJSdDQzYXhISTdQZHdnRmx3ZThybmYvZllVK3lpcWhDaFBjbkdSNXAKUE9hOE4xZFkzQXlwWWhZa2dRSURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==
- INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFLcDdkb2xCV1pUbC9sUHcKZTR3NmtpSGJ5UjR4TEdKRWUvbXd5U2h0T0RJNjVDSlJkTUVvcXVsSGt4QnB1RU1SMlpVZkpSZG5ROU1vT3NGcwo2UmtTa3hOK2FrYWx1VTFyeXQwb05CMmN0cEFyaWwzN2U2dEZHM2pkckVjanM5M0NBV1hCN3l1ZC85OWhUN0tLCnFFS0U5eWNaSG1rODVydzNWMWpjREtsaUZpU0JBZ01CQUFFQ2dZRUFuNXN2QXBrMzhQclIvR3ZzZndCbXgyUXAKQ2ljblVtaWpXTVIxejI5UmFWVlJOLy9pdXVRRC9wcVB5Skh4ZkhrOXB5cWRZeWUraS9YaDdDeTJuazZSZWVyMAowcG5lbUFJNFpNVnFaWW8rUHFIdU1ZSnRjS1ZpSHRLUElVZFVEaGpleE1iVjhPdXdFRjdDNERsNXhveXV6cUZvClZzRTFlaVNpVERmQWNUcmc4SEVDUVFEYjVrZU5FUUxtMEFPK0I3TDZvUi9URExHODZiaXU1Szc0VEVzMmphM0gKQ0JBa1FLUXJvMWwxS3c2Y1ZKcXlGR09SMEI1ZG9Mc2V2cVNTWVV5KytrZGpBa0VBeG5oUzh5SnF1Z3ordFV2ZApKMW1sSm9UbTFxNjFHNDBzTFhMY1RtU3F1a2dyTDBDMm1ycXJGQUF4MjF2ek83azF0NU44aEZUY1VnR3BMa015CjNiOGp5d0pBWEFBVk1XekxsUHUwaFIyOWdPUkdaMHNwVll0SFRFeTY4NEVmK3B2OTk0WmxFblhFK2NqbTFZR0YKSkZ5MU9Bb1Z1bHlqUjdMR2RzOTJGUlFHUXVSOVZ3SkJBS1JNUlhicS9la3BDczR3a0ZLYi9vQ2xzcWIwR0E5SAp6ZE9ONjF5bUwwTm9yUDlBRmlwKzcxTHVXbGVhaGYvaDhkc1hxQk93WUhjdTBzdnVhelJ3b0FNQ1FRQ05yM0FrCkZ6aUZBZGQvWkFmaFhpSURHemo1dlRCRkpaQ01TR1hXbVBJcTdnWEN0RUM4Y2VvRHhOY0JLRGtxeEQvaGJVcmwKZStmeDdqeE9kUXhwQkF1RQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t
-
-
----
-apiVersion: v1
-kind: Service
-metadata:
- namespace: admin-center
- name: admin-center-zuul-svc
- labels:
- app: admin-center-zuul
- needMonitor: 'true'
-spec:
- ports:
- - port: 8080
- targetPort: http
- protocol: TCP
- name: http
- - port: 6060
- targetPort: http-metrics
- protocol: TCP
- name: http-metrics
- selector:
- app: admin-center-zuul
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- namespace: admin-center
- name: admin-center-zuul
-spec:
- selector:
- matchLabels:
- app: admin-center-zuul
- replicas: 1
- template:
- metadata:
- labels:
- app: admin-center-zuul
- spec:
- containers:
- - name: admin-center-zuul
- # 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/admin-center/admin-center-zuul:1.0.2-SNAPSHOT
- imagePullPolicy: Always
- ports:
- - containerPort: 8080
- name: http
- - containerPort: 6060
- name: http-metrics
- envFrom:
- - configMapRef:
- name: jvm-env
- - secretRef:
- name: redis-env-secret
- - secretRef:
- name: admin-center-zuul-env-secret
- - configMapRef:
- name: admin-center-zuul-env
- resources:
- requests:
- memory: "400Mi"
- limits:
- memory: "400Mi"
- readinessProbe:
- httpGet:
- path: /actuator/health
- port: 8080
- initialDelaySeconds: 20
- periodSeconds: 5
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 10
- imagePullSecrets:
- - name: harbor-registry
-
+++ /dev/null
-# 4.9.admin-center-management.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: admin-center
- name: admin-center-management-env
-data:
- SCHOOL_NAME: "none"
- # 修改为学校的 admin-center 的访问域名
- AUTH_URL: http://admin-center.paas.xxx.edu.cn/jwt/cas
- # 修改为学校的 admin-center 的访问域名
- BACKEND_URL: http://admin-center.paas.xxx.edu.cn
- # 修改为学校的 admin-management 的访问域名
- SERVER_URL: http://admin-management.paas.xxx.edu.cn
-
-
----
-apiVersion: v1
-kind: Service
-metadata:
- namespace: admin-center
- name: admin-center-management-svc
- labels:
- app: admin-center-management-svc
-spec:
- ports:
- - port: 80
- targetPort: http
- protocol: TCP
- name: http
- selector:
- app: admin-center-management
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- namespace: admin-center
- name: admin-center-management
-spec:
- selector:
- matchLabels:
- app: admin-center-management
- replicas: 1
- template:
- metadata:
- labels:
- app: admin-center-management
- spec:
- containers:
- - name: admin-center-management
- # 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/admin-center/admin-center-management:0.0.1-SNAPSHOT
- imagePullPolicy: Always
- ports:
- - containerPort: 80
- name: http
- envFrom:
- - configMapRef:
- name: admin-center-management-env
- resources:
- requests:
- memory: "128Mi"
- limits:
- memory: "256Mi"
- imagePullSecrets:
- - name: harbor-registry
+++ /dev/null
-# readme.md
-
-
-## 使用 openssl 生成 公私钥
-
-
-1. 生成私钥 App Private Key
-
-必须为 RSA2(SHA256)
-
-```bash
-openssl genrsa -out jwt_private_key.pem 1024
-```
-
-2. 将私钥转换为 PKCS8 格式
-
-```bash
-openssl pkcs8 -topk8 -inform PEM -in jwt_private_key.pem -outform PEM -nocrypt -out jwt_private_key_pkcs8.pem
-```
-
-3. 导出公钥 App Public Key
-
-```bash
-openssl rsa -in jwt_private_key.pem -pubout -out jwt_public_key.pem
-```
-
-4. 将 jwt_public_key.pem 中的内容,去除换行和空格,转成字符串。
-
-处理前:
-```language
------BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI
-2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbB
-XVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3
-FugvRF/6jdTQis2LcQIDAQAB
------END PUBLIC KEY-----
-```
-处理后:
-```language
------BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbBXVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3FugvRF/6jdTQis2LcQIDAQAB
------END PUBLIC KEY-----
-```
-
-4. 将 jwt_private_key_pkcs8.pem 中的内容,去除换行和空格,转成字符串。
-
-处理前:
-```language
------BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTX
-tPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRI
-H9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxE
-mbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7r
-Y0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+
-qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH
-04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU
-/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/
-hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vq
-kcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f
-3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxam
-TnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZ
-y7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqR
-hh20uoiJ/Hfky6A=
------END PRIVATE KEY-----
-```
-处理后:
-```language
------BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTXtPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRIH9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxEmbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7rY0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vqkcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxamTnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZy7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqRhh20uoiJ/Hfky6A=
------END PRIVATE KEY-----
-```
-
-
-5. (可选)将pem内容进行 base64 编码后,配置到k8s
-
-echo -n '-----BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbBXVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3FugvRF/6jdTQis2LcQIDAQAB
------END PUBLIC KEY-----' |base64
-
-
-echo -n '-----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTXtPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRIH9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxEmbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7rY0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vqkcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxamTnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZy7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqRhh20uoiJ/Hfky6A=
------END PRIVATE KEY-----' |base64
+++ /dev/null
-# 0.admin-platform-base.yaml
-
-# 在 rancher 中 命名空间 须手动创建
-
-####################################################
-# namespace
-####################################################
-apiVersion: v1
-kind: Namespace
-metadata:
- name: admin-platform
- # labels:
- # istio-injection: enabled
-
-
-####################################################
-# supwisdom harbor private docker registry
-####################################################
----
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/dockerconfigjson
-metadata:
- name: harbor-registry
- namespace: admin-platform
-data:
- # 修改harbor仓库配置,并使用 base64 工具进行编码
- # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
- .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+++ /dev/null
-# 2.admin-platform-ingresses.yaml
-
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- name: admin-platform-ingress
- namespace: admin-platform
-spec:
- rules:
- # 修改为学校的根域名
- - host: admin-platform.paas.xxx.edu.cn
- http:
- paths:
- - path: /
- backend:
- serviceName: admin-platform-svc
- servicePort: http
-
-
-# ---
-# apiVersion: extensions/v1beta1
-# kind: Ingress
-# metadata:
-# name: personal-center-ingress
-# namespace: admin-platform
-# spec:
-# rules:
-# # 修改为学校的根域名
-# - host: personal-center.paas.supwisdom.com
-# http:
-# paths:
-# - path: /
-# backend:
-# serviceName: personal-center-svc
-# servicePort: http
+++ /dev/null
-# 04-2-admin-platform.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: admin-platform
- name: admin-platform-env
-data:
- # 修改为学校的 admin-platform 的访问域名
- LAYOUT_SPA_URL: http://admin-platform.paas.xxx.edu.cn/layout
- CAS_SERVER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/cas-server
- USER_SERVER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/user-server
- AUTH_SERVER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/auth-server
- ACCOUNT_CENTER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/account-center
- FORM_FLOW_SPA_URL: http://admin-platform.paas.xxx.edu.cn/form-flow
-
- SCHOOL_NAME: "none"
- MAIN_SERVER: http://admin-platform.paas.xxx.edu.cn
-
- # 修改为学校的访问域名
- SERVER_CONFIG: '{"ROOT": "http://admin-platform.paas.xxx.edu.cn/","AUTH": "http://admin-center.paas.xxx.edu.cn/jwt/cas","BASE_BACK_API": "http://admin-center.paas.xxx.edu.cn/","AUTH_PERSONAL": "http://admin-center.paas.xxx.edu.cn/jwt/cas","PERSONAL_CENTER_API": "http://admin-center.paas.xxx.edu.cn/","PERSONAL_CENTER": "http://admin-platform.paas.xxx.edu.cn/personal-center/","AUTH_FORMFLOW": "http://formflow.paas.xxx.edu.cn/release/cas/authen/redirect","FORM_DESIGN": "http://formflow.paas.xxx.edu.cn/form-design","FORM_DESIGN_PORTAL": "http://formflow.paas.xxx.edu.cn/form-design-portal","FORM_FILE": "http://formflow.paas.xxx.edu.cn/form-file","PERSONAL_CENTER_API_L": "http://portal.paas.xxx.edu.cn/portal-web/","PERSONAL_CENTER_IMAGE_API": "http://portal.paas.xxx.edu.cn/resources/",}'
-
----
-apiVersion: v1
-kind: Service
-metadata:
- namespace: admin-platform
- name: admin-platform-svc
- labels:
- app: admin-platform-svc
-spec:
- ports:
- - port: 80
- targetPort: http
- protocol: TCP
- name: http
- selector:
- app: admin-platform
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- namespace: admin-platform
- name: admin-platform
-spec:
- selector:
- matchLabels:
- app: admin-platform
- replicas: 1
- template:
- metadata:
- labels:
- app: admin-platform
- spec:
- containers:
- - name: admin-platform
- # 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/admin-platform/admin-platform:1.0.0
- imagePullPolicy: Always
- ports:
- - containerPort: 80
- name: http
- envFrom:
- - configMapRef:
- name: admin-platform-env
- resources:
- requests:
- memory: "128Mi"
- limits:
- memory: "256Mi"
- imagePullSecrets:
- - name: harbor-registry
Code Review / institute / deploy-authx-service.git / commitdiff
