#TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
---
apiVersion: v1
kind: Service
spec:
containers:
- name: authx-service-bff
- image: paas.harbor.nwpu.edu.cn/authx-service/authx-service-bff:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/authx-service/authx-service-bff:1.4.4-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
spec:
containers:
- name: authx-management
- image: paas.harbor.nwpu.edu.cn/authx-service/authx-management:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/authx-service/authx-management:1.4.4-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 80
insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
values ('22', 0, 'authx-service-open-api', '认证授权 - 聚合接口(公开)', '1', '/api/v2/open', 'http://localhost:8009', 0);
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('25', 0, 'authx-service-log-api', '认证授权 - 日志接口', '1', '/api/v2/log', 'http://localhost:8009', 0);
+
commit;
update TB_MGT_ROUTE set URL='http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080' where ID='20';
update TB_MGT_ROUTE set URL='http://authx-service-bff.authx-service.svc.cluster.local:8080' where ID='21';
update TB_MGT_ROUTE set URL='http://authx-service-bff.authx-service.svc.cluster.local:8080' where ID='22';
+update TB_MGT_ROUTE set URL='http://authx-log-sa.authx-log.svc.cluster.local:8080' where ID='25';
+
commit;
containers:
- name: user-data-service-installer
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/goa/installer:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/goa/installer:1.4.4-RELEASE
imagePullPolicy: Always
env:
- name: DB_TYPE
LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
---
apiVersion: v1
kind: Service
containers:
- name: user-data-service-poa
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/goa/poa-api:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/goa/poa-api:1.4.4-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
IPADDR_API_URL: http://ipaddr.ipaddr.svc.cluster.local:9090/v1/find
+ CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
+ CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
LOGGING_LEVEL_COM_SUPWISDOM_GOA: INFO
LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO
containers:
- name: user-data-service-goa
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/goa/goa-api:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/goa/goa-api:1.4.4-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
---
apiVersion: v1
kind: Service
containers:
- name: user-data-service-biz
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/goa/biz-api:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/goa/biz-api:1.4.4-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
containers:
- name: user-data-service-datax-job
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/goa/datax-job:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/goa/datax-job:1.4.4-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
containers:
- name: api-docs-installer
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/goa/api-docs-installer:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/goa/api-docs-installer:1.4.4-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
containers:
- name: user-authorization-installer
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-installer:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-installer:1.4.4-RELEASE
imagePullPolicy: Always
env:
- name: DB_TYPE
LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_COMMON_LOG: INFO
+
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
---
apiVersion: v1
kind: Service
containers:
- name: user-authorization-poa
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-poa:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-poa:1.4.4-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_COMMON_LOG: INFO
+
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
# SBA_URL: http://spring-boot-admin-svc.base.svc.cluster.local:8080
containers:
- name: user-authorization-sa
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-sa:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-sa:1.4.4-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
containers:
- name: user-authorization-datax-job
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-datax-job:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-datax-job:1.4.4-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
containers:
- name: api-docs-installer
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/user-authorization-service/api-docs-installer:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/user-authorization-service/api-docs-installer:1.4.4-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
#USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
---
apiVersion: v1
kind: Secret
containers:
- name: cas-server-sa-api
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-sa-api:1.3.4-RELEASE
+ image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-sa-api:1.4.4-SNAPSHOT
imagePullPolicy: Always
ports:
- containerPort: 8080
containers:
- name: cas-server-security-engine
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-security-engine:1.3.4-RELEASE
+ image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-security-engine:1.4.4-SNAPSHOT
imagePullPolicy: Always
ports:
- containerPort: 6060
SUPERAPP_TOKEN_SIGNING_KEY_URL: https://token.paas.xxx.edu.cn/jwt/publicKey
+ ATTEST_SERVER_URL: http://attest-server-svc.attest-server.svc.cluster.local:8080/attest
+ ATTEST_CLIENT_AUTH_ENABLED: "false"
+ #ATTEST_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #ATTEST_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090
+ IPADDR_CLIENT_AUTH_ENABLED: "false"
+ #IPADDR_CLIENT_AUTH_KEY_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
##
# 第三方CAS 认证对接
#
containers:
- name: cas-server-site-webapp
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-site-webapp:1.3.4-RELEASE
+ image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-site-webapp:1.4.4-SNAPSHOT
imagePullPolicy: Always
ports:
- containerPort: 8080
memory: "256Mi"
- name: cas-server-site-scheme-generator
# 根据情况修改镜像地址
- image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-site-scheme:1.3.4-RELEASE
+ image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-site-scheme:1.4.4-SNAPSHOT
imagePullPolicy: Always
envFrom:
- configMapRef:
containers:
- name: cas-server-datax-job
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-datax-job:1.3.4-RELEASE
+ image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-datax-job:1.4.4-SNAPSHOT
imagePullPolicy: Always
envFrom:
- configMapRef:
containers:
- name: token-server-installer
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/token-server/token-server-installer:1.3.4-RELEASE
+ image: paas.harbor.nwpu.edu.cn/token-server/token-server-installer:1.4.3-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
+
+ ATTEST_SERVER_URL: http://attest-server-svc.attest-server.svc.cluster.local:8080/attest
+ ATTEST_CLIENT_AUTH_ENABLED: "false"
+ #ATTEST_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #ATTEST_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090
+ IPADDR_CLIENT_AUTH_ENABLED: "false"
+ #IPADDR_CLIENT_AUTH_KEY_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ ##
+ # authx-log rabbitmq
+ #
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
+ ##
+ # 接收 user 推送的 rabbitmq 数据
+ #
+ USER_RABBITMQ_ENABLED: "true"
+ USER_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ USER_RABBITMQ_PORT: "5672"
+ USER_RABBITMQ_USERNAME: guest
+ USER_RABBITMQ_PASSWORD: guest
+
+ USER_RABBITMQ_CONSUMER_ENABLED: "true"
+
+
---
apiVersion: v1
kind: Secret
containers:
- name: token-server
# 若使用了学校搭设的私有仓库,请 **修改**
- image: paas.harbor.nwpu.edu.cn/token-server/token-server:1.3.4-RELEASE
+ image: paas.harbor.nwpu.edu.cn/token-server/token-server:1.4.3-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
containers:
- name: api-docs-installer
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/token-server/api-docs-installer:1.3.4-RELEASE
+ image: paas.harbor.nwpu.edu.cn/token-server/api-docs-installer:1.4.3-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
# COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
+
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
---
apiVersion: v1
kind: Secret
containers:
- name: personal-security-center-bff
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/personal-security-center/personal-security-bff:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/personal-security-center/personal-security-bff:1.4.4-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
containers:
- name: personal-security-center-zuul
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/personal-security-center/personal-security-zuul:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/personal-security-center/personal-security-zuul:1.4.4-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
containers:
- name: security-center-ui
# 若使用了学校搭设的私有仓库,请修改
- image: paas.harbor.nwpu.edu.cn/personal-security-center/security-center-ui:1.3.6-RELEASE
+ image: paas.harbor.nwpu.edu.cn/personal-security-center/security-center-ui:1.4.4-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 80
--- /dev/null
+# 0.attest-server-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+ namespace: attest-server
+ name: harbor-registry
+data:
+ # 修改harbor仓库配置,并使用 base64 工具进行编码
+ # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+ .dockerconfigjson: eyJhdXRocyI6eyJwYWFzLmhhcmJvci5ud3B1LmVkdS5jbiI6eyJwYXNzd29yZCI6IjBuSnExS2lldnJOT3QyR1Q3TCIsInVzZXJuYW1lIjoibndwdS5kZXZvcHMifX19
--- /dev/null
+# 1.attest-server-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: attest-server
+ name: jvm-env
+data:
+ MAX_RAM_PERCENTAGE: "75.0"
--- /dev/null
+# 2.attest-server-ingresses.yaml
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: attest-server-ingress
+ namespace: attest-server
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+spec:
+ rules:
+ # 修改为学校的根域名
+ - host: uis.paas.nwpu.edu.cn
+ http:
+ paths:
+ - path: /attest
+ backend:
+ serviceName: attest-server-svc
+ servicePort: http
+
--- /dev/null
+# 4.1.attest-server.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: attest-server
+ name: attest-server-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEY_PASSWORD: ""
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+
+ SERVER_SERVLET_CONTEXT_PATH: "/attest"
+
+ SERVER_MAXHTTPHEADERSIZE: "20480"
+
+ SERVER_TOMCAT_ACCEPT_COUNT: "500"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "500"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+ # **修改** 从POA申请
+ POA_SERVER_URL: http://poa.paas.nwpu.edu.cn
+ POA_CLIENT_ID: ""
+ POA_CLIENT_SECRET: ""
+ POA_SCOPES: appPush:v1:apppushByMessageType
+
+
+ # 修改为学校的根域名
+ ATTEST_SERVER_PREFIX: http://uis.paas.nwpu.edu.cn/attest
+
+
+ # guard
+ ATTEST_SERVER_SECUREPHONE_SMS_TEXT_TEMPLATE: 【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。
+ ATTEST_SERVER_SECUREPHONE_SMS_FROM: 认证服务
+
+ # **修改** 根据实际情况,修改短信模板
+ ATTEST_SERVER_SECUREEMAIL_MAIL_TEXT_TEMPLATE: 【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。
+ ATTEST_SERVER_SECUREEMAIL_MAIL_FROM: 认证服务
+
+ # 在超级APP 中唤起人脸识别的 URL Scheme
+ ATTEST_SERVER_FACEVERIFY_SUPERAPP_URL_SCHEME: superapp
+
+
+ # 超级APP Token 的验签公钥
+ TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token/jwt/publicKey
+
+
+ USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
+ TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ # **修改**
+ # 若须对接sms 接口,须进行二开定制
+ TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
+ TPAS_AGENT_SERVICE_MAIL_SENDER_PATH: /api/v1/tpas/mail/smtp/send
+ TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
+
+
+ ##
+ # token-server
+ #
+ TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token
+
+
+ ##
+ # 将 attest 数据 推送到 rabbitmq
+ #
+ # ATTEST_RABBITMQ_ENABLED: "false"
+ # ATTEST_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ # ATTEST_RABBITMQ_PORT: "5672"
+ # ATTEST_RABBITMQ_USERNAME: guest
+ # ATTEST_RABBITMQ_PASSWORD: guest
+ #
+ # ATTEST_RABBITMQ_APPPUSHATTEST2TOKENRABBITSENDER_ENABLED: "false"
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: attest-server
+ name: attest-server-env-secret
+type: Opaque
+data:
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: attest-server
+ name: attest-server-svc
+ labels:
+ app: attest-server
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: attest-server
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: attest-server
+ name: attest-server
+spec:
+ selector:
+ matchLabels:
+ app: attest-server
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: attest-server
+ spec:
+ containers:
+ - name: attest-server
+ image: paas.harbor.nwpu.edu.cn/attest-server/attest-server:1.4.3-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - configMapRef:
+ name: attest-server-env
+ - secretRef:
+ name: attest-server-env-secret
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
+ readinessProbe:
+ httpGet:
+ path: /attest/actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+
--- /dev/null
+# 0.authx-log-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+ namespace: authx-log
+ name: harbor-registry
+data:
+ # 修改harbor仓库配置,并使用 base64 工具进行编码
+ # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+ .dockerconfigjson: eyJhdXRocyI6eyJwYWFzLmhhcmJvci5ud3B1LmVkdS5jbiI6eyJwYXNzd29yZCI6IjBuSnExS2lldnJOT3QyR1Q3TCIsInVzZXJuYW1lIjoibndwdS5kZXZvcHMifX19
--- /dev/null
+# 1.authx-log-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: authx-log
+ name: jvm-env
+data:
+ MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: authx-log
+ name: datasource-env-secret
+type: Opaque
+data:
+ # jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/authx_log?serverTimezone=Asia/Shanghai
+ # JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvYXV0aHhfbG9nP3NlcnZlclRpbWV6b25lPUFzaWEvU2hhbmdoYWk=
+ JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvYXV0aHhfbG9nX3Rlc3Q/c2VydmVyVGltZXpvbmU9QXNpYS9TaGFuZ2hhaQ==
+ # authx_log
+ # JDBC_USERNAME: YXV0aHhfbG9n
+ JDBC_USERNAME: YXV0aHhfbG9nX3Rlc3Q=
+ # 修改为实际的数据库密码,并使用 base64 工具进行编码
+ # kingstar
+ # JDBC_PASSWORD: a2luZ3N0YXI=
+ JDBC_PASSWORD: U3Vwd2lzZG9tIU53cHUxMjM=
--- /dev/null
+# 4.0.authx-log-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: authx-log
+ name: authx-log-installer-env
+data:
+ DB_TYPE: mysql8
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ namespace: authx-log
+ name: authx-log-installer
+spec:
+ completions: 1
+ parallelism: 1
+ template:
+ metadata:
+ labels:
+ app: authx-log-installer
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: authx-log-installer
+ image: harbor.supwisdom.com/authx-log/authx-log-installer:1.4.4-RELEASE
+ imagePullPolicy: Always
+ env:
+ - name: DB_TYPE
+ value: mysql8
+ - name: JDBC_URL
+ value: jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/authx_log_test?serverTimezone=Asia/Shanghai
+ - name: JDBC_USERNAME
+ value: authx_log_test
+ - name: JDBC_PASSWORD
+ value: Supwisdom!Nwpu123
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ # - secretRef:
+ # name: datasource-env-secret
+ - configMapRef:
+ name: authx-log-installer-env
+ imagePullSecrets:
+ - name: harbor-registry
--- /dev/null
+# 4.2.authx-log-sa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: authx-log
+ name: authx-log-sa-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ #同环境中用户的地址
+ USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ # USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ # USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ # USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ #ipaddr
+ IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090
+ IPADDR_CLIENT_AUTH_ENABLED: "false"
+ #IPADDR_CLIENT_AUTH_KEY_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ AUTHX_LOG_ENABLED: "true"
+ AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ AUTHX_LOG_RABBITMQ_PORT: "5672"
+ AUTHX_LOG_RABBITMQ_USERNAME: guest
+ AUTHX_LOG_RABBITMQ_PASSWORD: guest
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: authx-log
+ name: authx-log-sa-svc
+ labels:
+ app: authx-log-sa
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: authx-log-sa
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: authx-log
+ name: authx-log-sa
+spec:
+ selector:
+ matchLabels:
+ app: authx-log-sa
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: authx-log-sa
+ annotations:
+ co.elastic.logs/enabled: "true"
+ spec:
+ containers:
+ - name: authx-log-sa
+ image: paas.harbor.nwpu.edu.cn/authx-log/authx-log-sa:1.4.4-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: datasource-env-secret
+ - configMapRef:
+ name: authx-log-sa-env
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
Code Review / institute / deploy-authx-service.git / commitdiff
