From: 刘洪青 Date: Thu, 15 Oct 2020 08:21:23 +0000 (+0800) Subject: style: 新开普test,部署脚本整理、更新 X-Git-Url: https://source.supwisdom.com/gerrit/gitweb?a=commitdiff_plain;h=2a8d4c5e89fcae8eae71b7d2baedb972e961ca96;p=institute%2Fdeploy-authx-service.git style: 新开普test,部署脚本整理、更新 --- diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml index 3b757fb..93657ff 100644 --- a/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml +++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml @@ -5,27 +5,35 @@ # 文件服务器,对象存储 #################################################### +# 手动初始化默认的图片 +# +# 访问 https://authx-minio-test.paas.newcapec.cn +# 登录 1y8N@8R@a_2u , 8pxlIe9#lN7Q +# 创建 bucket: portrait , cas-server-site-ui +# 将 portrait 目录下的 图片,上传到 portrait 中(此为用户的默认头像) +# 将 cas-server-site-ui 目录下的 图片,上传到 cas-server-site-ui 中(此为认证登录界面上使用的图片,实际项目中,由UI进行设计后,替换) + --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - namespace: authx-service-test name: minio-data-pvc + namespace: authx-service-test spec: accessModes: - ReadWriteMany # 根据情况修改 - storageClassName: supwisdom-nfs-storage + storageClassName: nfs-client resources: requests: - storage: 5Gi + storage: 50Gi --- apiVersion: v1 kind: Secret metadata: - namespace: authx-service-test name: minio-env-secret + namespace: authx-service-test type: Opaque data: # 修改 access_key,并使用 base64 工具进行编码 @@ -96,20 +104,21 @@ spec: # 该 ingress 配置可选,主要用于实施调试用 -# --- -# apiVersion: extensions/v1beta1 -# kind: Ingress -# metadata: -# name: minio-ingress -# namespace: authx-service -# spec: -# rules: -# # 修改为学校的根域名 -# - host: minio.paas.xxx.edu.cn -# http: -# paths: -# - path: / -# backend: -# serviceName: minio-svc -# servicePort: http - +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: minio-ingress + namespace: authx-service-test + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 8m +spec: + rules: + # 修改为学校的根域名 + - host: authx-minio-test.paas.newcapec.cn + http: + paths: + - path: / + backend: + serviceName: minio-svc + servicePort: http diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/9.poa-api-docs-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/9.poa-api-docs-installer.yaml index 7c15066..2ef7e13 100644 --- a/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/9.poa-api-docs-installer.yaml +++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/9.poa-api-docs-installer.yaml @@ -12,7 +12,9 @@ data: ## # 平台OpenAPI的外网访问地址, # **修改** 学校的根域名 - POA_SERVER_URL: http://poa-test.newcapec.cn + POA_SERVER_URL: http://poa-test.paas.newcapec.cn + POA_SA_SERVER_URL: http://poa-sa-test.paas.newcapec.cn + # http://poa-test-platform-openapi-sa.poa-test.svc.cluster.local:8443 --- @@ -33,7 +35,7 @@ spec: containers: - name: poa-api-docs-installer # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/authx-service/poa-api-docs-installer:1.0.0-SNAPSHOT + image: harbor.supwisdom.com/authx-service/poa-api-docs-installer:1.1.0-SNAPSHOT imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/10.0.init.sql b/project/newcapec-test/k8s-rancher/1.authx-service/10.0.init.sql index f415dec..6faf626 100644 --- a/project/newcapec-test/k8s-rancher/1.authx-service/10.0.init.sql +++ b/project/newcapec-test/k8s-rancher/1.authx-service/10.0.init.sql @@ -34,6 +34,25 @@ where ID='122'; -- todo, modify commit; +-- 请注意图片的后缀名,须与实际的文件名保持一致 +update TB_CONFIG set CONFIG_VALUE='cas-server-site-ui__logo.png' where ID='51'; -- casServer.config.logo +update TB_CONFIG set CONFIG_VALUE='cas-server-site-ui__logo.png' where ID='52'; -- casServer.config.logoM + +update TB_CONFIG set CONFIG_VALUE='cas-server-site-ui__bg.png' where ID='53'; -- casServer.config.bg +update TB_CONFIG set CONFIG_VALUE='cas-server-site-ui__bg.png' where ID='54'; -- casServer.config.bgM + +update TB_CONFIG set CONFIG_VALUE='409EFF' where ID='55'; -- casServer.config.schemeColor + +update TB_CONFIG set CONFIG_VALUE='cas-server-site-ui__icon.png' where ID='56'; -- casServer.config.iconImageUrl + +update TB_CONFIG set CONFIG_VALUE='https://example.com/download.htm' where ID='57'; -- casServer.config.superappDownloadUrl +update TB_CONFIG set CONFIG_VALUE='超级APP' where ID='57-1'; -- casServer.config.superappName + +update TB_CONFIG set CONFIG_VALUE='cas-server-site-ui__favicon.ico' where ID='58'; -- casServer.config.webFavicon +update TB_CONFIG set CONFIG_VALUE='树维信息' where ID='59'; -- casServer.config.webTitle + +update TB_CONFIG set CONFIG_VALUE='' where ID='61'; -- casServer.config.copyrightContent +update TB_CONFIG set CONFIG_VALUE='' where ID='62'; -- casServer.config.copyrightContentM use user; diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml index 68a8363..96ea4e4 100644 --- a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml +++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml @@ -28,7 +28,7 @@ spec: containers: - name: cas-server-installer # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/cas-server/cas-server-installer:1.0.0-SNAPSHOT + image: harbor.supwisdom.com/cas-server/cas-server-installer:1.0 imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml index fc90464..cb3247a 100644 --- a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml +++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml @@ -86,7 +86,7 @@ spec: containers: - name: cas-server-sa-api # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/cas-server/cas-server-sa-api:1.0.0-SNAPSHOT + image: harbor.supwisdom.com/cas-server/cas-server-sa-api:1.0 imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml index bf0ba41..2aaa8c9 100644 --- a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml +++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml @@ -62,7 +62,7 @@ spec: containers: - name: cas-server-security-engine # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/cas-server/cas-server-security-engine:1.0.0-SNAPSHOT + image: harbor.supwisdom.com/cas-server/cas-server-security-engine:1.0 imagePullPolicy: Always ports: - containerPort: 6060 diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml index 6a782d3..86250e1 100644 --- a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml +++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml @@ -112,7 +112,8 @@ data: CASSERVERSITE_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300" CASSERVERSITE_PASSWORDLESS_SMS_FROM: 认证中心 # **修改** 根据实际情况,修改短信模板 - CASSERVERSITE_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】{name}:您正在登录统一身份认证,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。 + #CASSERVERSITE_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】{name}:您正在登录统一身份认证,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。 + CASSERVERSITE_PASSWORDLESS_SMS_TEXT_TEMPLATE: '{"signName": "树维认证", "templateCode": "SMS_184545298", "templateParam": {"code": "{token}"}}' TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080 @@ -125,7 +126,9 @@ data: # **修改** # 若须对接sms 接口,须进行二开定制 - TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send + TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/aliyun/send + + TPAS_AGENT_SERVICE_FILE_PATH: /api/v1/tpas/file/minio CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080 @@ -201,7 +204,7 @@ spec: containers: - name: cas-server-site-webapp # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/cas-server/cas-server-site-webapp:1.0.0-SNAPSHOT + image: harbor.supwisdom.com/cas-server/cas-server-site-webapp:1.0 imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml index 0c3c254..e081dbf 100644 --- a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml +++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml @@ -42,7 +42,7 @@ spec: containers: - name: cas-server-datax-job # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/cas-server/cas-server-datax-job:1.0.0-SNAPSHOT + image: harbor.supwisdom.com/cas-server/cas-server-datax-job:1.0 imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml index dbf24f4..47af3c1 100644 --- a/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml +++ b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml @@ -68,8 +68,9 @@ data: # passwordless TOKEN_SERVER_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300" - TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】{name}:您正在进行登录,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。 TOKEN_SERVER_PASSWORDLESS_SMS_FROM: 认证中心 + #TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】{name}:您正在进行登录,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。 + TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE: '{"signName": "树维认证", "templateCode": "SMS_184545298", "templateParam": {"code": "{token}"}}' CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080 diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml index 49f640a..8454183 100644 --- a/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml +++ b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml @@ -44,7 +44,10 @@ data: SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。' SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。' - SMS_TEMPLATE_PREFIX: '' + # 身份验证验证码 {"signName": "{prefix}", "templateCode": "SMS_184545299", "templateParam": {"code": "{code}"}} + # 信息变更验证码 {"signName": "{prefix}", "templateCode": "SMS_184545294", "templateParam": {"code": "{code}"}} + + SMS_TEMPLATE_PREFIX: '树维认证' --- diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml index 15168bb..1c3b8e4 100644 --- a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml +++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml @@ -28,7 +28,7 @@ spec: containers: - name: admin-center-sa-installer # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-sa-installer:1.0.0-SNAPSHOT + image: harbor.supwisdom.com/admin-center/admin-center-sa-installer:1.1 imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml index 9d8b3f1..b1e642f 100644 --- a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml +++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml @@ -85,7 +85,7 @@ spec: containers: - name: admin-center-poa # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-poa:1.0.2-SNAPSHOT + image: harbor.supwisdom.com/admin-center/admin-center-poa:1.1 imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml index 47e26a5..16776f5 100644 --- a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml +++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml @@ -66,7 +66,7 @@ spec: containers: - name: admin-center-sa # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-sa:1.0.0-SNAPSHOT + image: harbor.supwisdom.com/admin-center/admin-center-sa:1.1 imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml index 0d72be9..28d45ec 100644 --- a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml +++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml @@ -110,7 +110,7 @@ spec: containers: - name: admin-center-bff # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-bff:1.0.2-SNAPSHOT + image: harbor.supwisdom.com/admin-center/admin-center-bff:1.1 imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml index 05336f6..67bc36d 100644 --- a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml +++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml @@ -135,7 +135,7 @@ spec: containers: - name: admin-center-zuul # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-zuul:1.0.2-SNAPSHOT + image: harbor.supwisdom.com/admin-center/admin-center-zuul:1.1 imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.9.admin-center-management.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.9.admin-center-management.yaml index 103e535..5fe00b7 100644 --- a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.9.admin-center-management.yaml +++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.9.admin-center-management.yaml @@ -52,7 +52,7 @@ spec: containers: - name: admin-center-management # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-management:0.0.1-SNAPSHOT + image: harbor.supwisdom.com/admin-center/admin-center-management:1.1 imagePullPolicy: Always ports: - containerPort: 80 diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/9.poa-api-docs-installer.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/9.poa-api-docs-installer.yaml new file mode 100644 index 0000000..759770b --- /dev/null +++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/9.poa-api-docs-installer.yaml @@ -0,0 +1,47 @@ +# 9.poa-api-docs-installer.yaml + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: admin-center-test + name: poa-api-docs-installer-env +data: + ## + # 平台OpenAPI的外网访问地址, + # **修改** 学校的根域名 + POA_SERVER_URL: http://poa-test.paas.newcapec.cn + POA_SA_SERVER_URL: http://poa-sa-test.paas.newcapec.cn + # http://poa-test-platform-openapi-sa.poa-test.svc.cluster.local:8443 + + +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: admin-center-test + name: poa-api-docs-installer +spec: + completions: 1 + parallelism: 1 + template: + metadata: + labels: + app: poa-api-docs-installer + spec: + restartPolicy: Never + containers: + - name: poa-api-docs-installer + # 若使用了学校搭设的私有仓库,请修改 + image: harbor.supwisdom.com/admin-center/poa-api-docs-installer:1.1.0-SNAPSHOT + imagePullPolicy: Always + envFrom: + - configMapRef: + name: poa-api-docs-installer-env + # resources: + # requests: + # memory: "256Mi" + # limits: + # memory: "256Mi" + imagePullSecrets: + - name: harbor-registry