From: 刘洪青 Date: Thu, 10 Sep 2020 07:53:39 +0000 (+0800) Subject: docs: 整理认证授权产品的部署文档;将云平台的部署文档迁移至 deploy-admin-platform X-Git-Url: https://source.supwisdom.com/gerrit/gitweb?a=commitdiff_plain;h=9c2687bd230238b5752d2a2bb9d083ac1003eeba;p=institute%2Fdeploy-authx-service.git docs: 整理认证授权产品的部署文档;将云平台的部署文档迁移至 deploy-admin-platform --- diff --git "a/deploy-manifests/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md" "b/deploy-manifests/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md" index 89e4873..8f8e499 100644 --- "a/deploy-manifests/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md" +++ "b/deploy-manifests/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md" @@ -16,7 +16,7 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 ## 安装准备 -### mysql 初始配置 +### MySQL 初始配置及相关基础命令 数据文件目录:/var/lib/mysql @@ -53,26 +53,12 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 * 创建 database - ``` - user - user_authz - cas_server - token_server - personal_security_center - - agent_service - communicate_center - - admin_center - - tmp_data - ``` - 参考命令: ``` create database `user` DEFAULT CHARSET utf8 COLLATE utf8_general_ci; ``` + * 授予权限 将 database 的权限授予对应的帐号 @@ -106,10 +92,7 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 mysqldump -u root -p token_server > token_server.sql mysqldump -u root -p user > user.sql mysqldump -u root -p user_authz > user_authz.sql - mysqldump -u root -p admin_center > admin_center.sql - mysqldump -u root -p personal_security_center > personal_security_center.sql mysqldump -u root -p agent_service > agent_service.sql - mysqldump -u root -p communicate_center > communicate_center.sql ``` 还原: @@ -118,47 +101,11 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 mysql -u root -p token_server < token_server.sql mysql -u root -p user < user.sql mysql -u root -p user_authz < user_authz.sql - mysql -u root -p admin_center < admin_center.sql - mysql -u root -p personal_security_center < personal_security_center.sql mysql -u root -p agent_service < agent_service.sql - mysql -u root -p communicate_center < communicate_center.sql ``` -* 创建交换帐号 - - **待部署完成后操作** - - 如果,存在数据交换 须将组织机构数据、帐号数据 同步到用户服务的数据库的 - 则,需要创建一个 交换用的数据库帐号(user_trans),并为该帐号授予 表 user.TMP_ORGANIZATION_ORIGIN、user.TMP_ACCOUNT_ORIGIN 的读写操作的权限 - - 参考命令: - ``` - create user 'user_trans'@'%' identified with mysql_native_password by 'your_password'; - - grant select on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%'; - grant insert on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%'; - grant update on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%'; - grant delete on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%'; - - grant select on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%'; - grant insert on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%'; - grant update on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%'; - grant delete on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%'; - - grant select on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%'; - grant insert on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%'; - grant update on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%'; - grant delete on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%'; - - grant select on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%'; - grant insert on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%'; - grant update on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%'; - grant delete on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%'; - ``` - - -### harbor 准备 +### Harbor 准备及相关说明 * 创建 devops 帐号 @@ -184,17 +131,15 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 authx-service authx-service/* thirdparty-agent-service thirdparty-agent-service/* + user-data-service goa/* user-authorization-service user-authorization-service/* cas-server cas-server/* token-server token-server/* - communicate-center communicate-center/* + jobs-server jobs-server/* personal-security-center personal-security-center/* - admin-center admin-center/* - - admin-platform admin-platform/* ``` 同步规则,创建完成后,进行镜像同步 @@ -207,7 +152,7 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 项目 下,点击 项目名称,进入到 成员,添加用户,查找用户 devops,选择角色 访客,确定,添加即可 -### rancher 准备 +### Rancher 准备及相关说明 * 创建项目 @@ -224,6 +169,7 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 输入 名称,保存 + * 导入YAML 进入 全局 - 集群(具体名称视项目安装而定) - 项目(某个项目) @@ -245,10 +191,6 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 personal-security-center.paas.xxx.edu.cn 个人安全中心后端API security-center.paas.xxx.edu.cn 安全中心前端UI(帐号激活、忘记密码) - - admin-center.paas.xxx.edu.cn 云平台后端API - - admin-platform.paas.xxx.edu.cn 云平台前端UI ``` 如果使用 学校域名,则去除 .paas 即可,同时申请开通相关域名 @@ -261,7 +203,9 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 * 数据库帐号 - 服务 | 帐号 + 以下是 各服务对应的数据库帐号 + + 服务 | 数据库帐号 - | - 用户服务 user-data-service | user 授权服务 user-authorization-service | user_authz @@ -269,14 +213,10 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 认证服务(APP适用) token-server | token_server - | - 第三方代理服务 thridparty-agent-service | agent_service - 通信服务 communicate-center | communicate_center - - | - - 管理中心 admin-center | admin_center - | - v4认证迁移数据 | tmp_data - 创建命令 - + 命令: **请修改命令中的 `your_password` 为实际的数据库帐号的密码** ``` create user 'user'@'%' identified with mysql_native_password by 'your_password'; @@ -285,14 +225,102 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 create user 'token_server'@'%' identified with mysql_native_password by 'your_password'; create user 'agent_service'@'%' identified with mysql_native_password by 'your_password'; - create user 'communicate_center'@'%' identified with mysql_native_password by 'your_password'; - - create user 'admin_center'@'%' identified with mysql_native_password by 'your_password'; create user 'tmp_data'@'%' identified with mysql_native_password by 'your_password'; ``` +* 数据库 + + 以下是 各服务对应的数据库 + + 服务 | 数据库 + - | - + 用户服务 user-data-service | user + 授权服务 user-authorization-service | user_authz + 认证服务 cas-server | cas_server + 认证服务(APP适用) token-server | token_server + - | - + 第三方代理服务 thridparty-agent-service | agent_service + - | - + v4认证迁移数据 | tmp_data + + 命令: + ``` + create database `user` DEFAULT CHARSET utf8 COLLATE utf8_general_ci; + create database `user_authz` DEFAULT CHARSET utf8 COLLATE utf8_general_ci; + create database `cas_server` DEFAULT CHARSET utf8 COLLATE utf8_general_ci; + create database `token_server` DEFAULT CHARSET utf8 COLLATE utf8_general_ci; + + create database `agent_service` DEFAULT CHARSET utf8 COLLATE utf8_general_ci; + + create database `tmp_data` DEFAULT CHARSET utf8 COLLATE utf8_general_ci; + ``` + + +* 数据库权限授予 + + 将 database 的权限授予对应的帐号 + + 命令: + ``` + grant all privileges on `user`.* to 'user'@'%' with grant option; + grant all privileges on `user_authz`.* to 'user_authz'@'%' with grant option; + grant all privileges on `cas_server`.* to 'cas_server'@'%' with grant option; + grant all privileges on `token_server`.* to 'token_server'@'%' with grant option; + + grant all privileges on `agent_service`.* to 'agent_service'@'%' with grant option; + + grant all privileges on `tmp_data`.* to 'tmp_data'@'%' with grant option; + ``` + + +* SUPER 权限授予 + + 由于 部分帐号 需要创建 触发器,故,需要 SUPER 权限 + 涉及帐号有 user、user_authz、cas_server + + 命令: + ``` + grant SUPER on *.* to 'user'@'%'; + grant SUPER on *.* to 'user_authz'@'%'; + grant SUPER on *.* to 'cas_server'@'%'; + + grant SUPER on *.* to 'tmp_data'@'%'; + ``` + + +* 用户数据的交换帐号 + + **待部署完成后操作** + + 如果,存在数据交换 须将组织机构数据、帐号数据 同步到用户服务的数据库的 + 则,需要创建一个 交换用的数据库帐号(user_trans),并为该帐号授予 表 user.TMP_ORGANIZATION_ORIGIN、user.TMP_ACCOUNT_ORIGIN 的读写操作的权限 + + 命令: + ``` + create user 'user_trans'@'%' identified with mysql_native_password by 'your_password'; + + grant select on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%'; + grant insert on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%'; + grant update on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%'; + grant delete on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%'; + + grant select on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%'; + grant insert on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%'; + grant update on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%'; + grant delete on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%'; + + grant select on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%'; + grant insert on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%'; + grant update on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%'; + grant delete on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%'; + + grant select on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%'; + grant insert on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%'; + grant update on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%'; + grant delete on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%'; + ``` ### rancher 容器部署 @@ -301,7 +329,6 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 具体参考 yaml 文件中的说明 - 0.infras 基础设施,目前包含 MySQL数据库的Web管理端、SpringBoot服务的管理端 @@ -315,7 +342,6 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 ``` - 1.authx-service 业务中台 之 认证授权服务 @@ -332,7 +358,6 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 2.*-ingresses.yaml 请修改 访问域名 - 0.0.trans-service-v4 此为 认证v4 的数据迁移服务(可选) @@ -341,7 +366,6 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 数据迁移后,还需要手动编写脚本,将数据迁移至 用户服务、授权服务 的数据库中 - 0.authx-service 此为 公共基础服务 @@ -358,14 +382,12 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 根据情况修改 pvc 的 storageClassName - 9.poa-api-docs_install.yaml 用于将 认证授权服务的 poa 接口文档,导入到 poa-sa 中,**请在 poa 安装完成后处理** 请修改 poa 的服务地址 `POA_SERVER_URL` - 1.thirdparty-agent-service 此为 第三方服务的代理服务 @@ -383,7 +405,6 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 如果 学校使用 阿里云的短信服务,提供 `ACCESS_KEY_ID`、`ACCESS_SECRET`; 否则,提供相关的短信平台,进行定制开发 - 2.user-data-service 此为 用户服务 @@ -392,12 +413,10 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 如果 须将用户数据的变更下发到 Openldap 等第三方业务中,则须配置 `JOBS_RABBITMQ_*` 为开启(ENABLED=true) - 3.user-authorization-service 此为 授权服务 - 4.cas-server 此为 认证服务 @@ -422,7 +441,6 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 如果 须开启图片验证码,修改 `CASSERVERSITE_CAPTCHA_ENABLED: "true"` - 5.token-server 此为 认证服务(适用于APP,可选) @@ -445,19 +463,15 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 1. 注册 POA client,获取 `clientId`、`clientSecret`,申请 Scope `messagecenter:v1:sendMessage` 2. 获取 消息服务的 `appId` - 6.personal-security-center 此为 个人安全中心 后端API,安全中心 前端UI 提供个人帐号相关的操作的接口,以及 帐号激活、密码找回 等功能 - - TODO: 修改 bff、zuul 配置 TODO: 修改 security-center-ui 配置 - 9.jobs-server 此为 任务调度服务 @@ -468,26 +482,6 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 * 源头数据进入到临时表后,写入用户的正式表 * 用户数据更新后,通过消息队列,增量更新 Openldap 数据 - - - ``` - - - 6.admin-platform - - 云平台 - - ``` - - 6.admin-center - - 此为 云平台 后端API - - - 7.admin-platform - - 此为 云平台 前端UI - ``` @@ -531,21 +525,10 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 personal-security-center - communicate-center - jobs-server ``` - 在项目 admin-platform 下创建 命名空间: - - ``` - admin-center - - admin-platform - - ``` - * 导入YAML @@ -562,10 +545,7 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 在项目 authx-service 中,将 1.authx-service 下的 yaml 按编号依次导入 - 务必确保 `4.0.*-installer.yaml` 执行成功 - - - 在项目 admin-platform 中,将 6.admin-platform 下的 yaml 按编号依次导入 + **务必确保 `4.0.*-installer.yaml` 执行成功** ### 数据配置 @@ -586,14 +566,3 @@ v1 | 刘洪青 | 2020-06-10 | 初稿 可默认创建几个管理员帐号,以及初始授权 - -* **必选,6.admin-platform/10.0.init.sql** - - 修改 数据库数据初始化时的默认配置 - - -* 可选,6.admin-platform/10.1.init-flow.sql - - 若部署了 流程平台 的产品 - - 将 流程平台 的管理菜单 添加到 云平台中 diff --git "a/deploy-manifests/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.pdf" "b/deploy-manifests/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.pdf" index de752a8..ca16e4c 100644 Binary files "a/deploy-manifests/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.pdf" and "b/deploy-manifests/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.pdf" differ diff --git a/deploy-manifests/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml b/deploy-manifests/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml index 9d68a04..4eb005e 100644 --- a/deploy-manifests/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml +++ b/deploy-manifests/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml @@ -14,10 +14,16 @@ data: SERVER_MAXHTTPHEADERSIZE: "10240" - # SERVER_TOMCAT_ACCEPT_COUNT: "1000" - # SERVER_TOMCAT_MAX_CONNECTIONS: "10000" - # SERVER_TOMCAT_MAX_THREADS: "1000" - # SERVER_TOMCAT_MIN_SPARE_THREADS: "10" + SERVER_TOMCAT_ACCEPT_COUNT: "5000" + SERVER_TOMCAT_MAX_CONNECTIONS: "10000" + SERVER_TOMCAT_MAX_THREADS: "800" + SERVER_TOMCAT_MIN_SPARE_THREADS: "100" + + + SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10" + SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20" + SPRING_DATASOURCE_DRUID_MIN_IDLE: "10" + ## file-db FILE_DB_AUTOCONFIGURE_ENABLED: "false" diff --git a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml index 982b380..d8ae7b2 100644 --- a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml +++ b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml @@ -16,12 +16,12 @@ data: SERVER_MAXHTTPHEADERSIZE: "10240" - SERVER_TOMCAT_ACCEPT_COUNT: "5000" SERVER_TOMCAT_MAX_CONNECTIONS: "10000" SERVER_TOMCAT_MAX_THREADS: "800" SERVER_TOMCAT_MIN_SPARE_THREADS: "100" + SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10" SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20" SPRING_DATASOURCE_DRUID_MIN_IDLE: "10" diff --git a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml index c2f1c21..b1669ef 100644 --- a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml +++ b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml @@ -16,6 +16,11 @@ data: SERVER_MAXHTTPHEADERSIZE: "10240" + SERVER_TOMCAT_ACCEPT_COUNT: "5000" + SERVER_TOMCAT_MAX_CONNECTIONS: "10000" + SERVER_TOMCAT_MAX_THREADS: "800" + SERVER_TOMCAT_MIN_SPARE_THREADS: "100" + SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10" SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20" diff --git a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml index cbe4218..4cf624a 100644 --- a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml +++ b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml @@ -16,6 +16,12 @@ data: SERVER_MAXHTTPHEADERSIZE: "10240" + SERVER_TOMCAT_ACCEPT_COUNT: "5000" + SERVER_TOMCAT_MAX_CONNECTIONS: "10000" + SERVER_TOMCAT_MAX_THREADS: "800" + SERVER_TOMCAT_MIN_SPARE_THREADS: "100" + + # LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_SA_MANGRANTED: debug SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10" SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20" @@ -24,7 +30,6 @@ data: # SBA_URL: http://spring-boot-admin-svc.base.svc.cluster.local:8080 - # LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_SA_MANGRANTED: debug --- diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml index f8e1452..1ab37de 100644 --- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml +++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml @@ -16,11 +16,20 @@ data: SERVER_MAXHTTPHEADERSIZE: "10240" + SERVER_TOMCAT_ACCEPT_COUNT: "5000" + SERVER_TOMCAT_MAX_CONNECTIONS: "10000" + SERVER_TOMCAT_MAX_THREADS: "800" + SERVER_TOMCAT_MIN_SPARE_THREADS: "100" + + + SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10" + SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20" + SPRING_DATASOURCE_DRUID_MIN_IDLE: "10" + + SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800" + SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100" + SPRING_REDIS_JEDIS_POOL_MINIDLE: "100" - # SERVER_TOMCAT_ACCEPT_COUNT: "100" - # SERVER_TOMCAT_MAX_CONNECTIONS: "10000" - # SERVER_TOMCAT_MAX_THREADS: "200" - # SERVER_TOMCAT_MIN_SPARE_THREADS: "10" SERVICE_REFRESH_REDIS_TIMER_ENABLED: "true" ACCOUNT_REFRESH_REDIS_TIMER_ENABLED: "false" diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml index cbd694e..b780c22 100644 --- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml +++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml @@ -20,6 +20,7 @@ data: SERVER_TOMCAT_MAX_THREADS: "800" SERVER_TOMCAT_MIN_SPARE_THREADS: "100" + SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800" SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100" SPRING_REDIS_JEDIS_POOL_MINIDLE: "100" diff --git a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml index 612a50b..d5e219e 100644 --- a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml +++ b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml @@ -20,12 +20,17 @@ data: SERVER_TOMCAT_MAX_THREADS: "800" SERVER_TOMCAT_MIN_SPARE_THREADS: "100" + LOGGING_LEVEL_COM_SUPWISDOM_INSITITUTE_TOKEN_SERVER: INFO + + + SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10" + SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "50" + SPRING_DATASOURCE_DRUID_MIN_IDLE: "10" + SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800" SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100" SPRING_REDIS_JEDIS_POOL_MINIDLE: "100" - LOGGING_LEVEL_COM_SUPWISDOM_INSITITUTE_TOKEN_SERVER: INFO - # **修改** 从消息中心申请 MESSAGECENTER_ENABLED: "false" diff --git a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml index 3c380e6..dc93b54 100644 --- a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml +++ b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml @@ -68,12 +68,13 @@ data: SERVER_TOMCAT_MAX_THREADS: "800" SERVER_TOMCAT_MIN_SPARE_THREADS: "100" + LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO + + SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800" SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100" SPRING_REDIS_JEDIS_POOL_MINIDLE: "100" - LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO - # 修改为学校的 personal-security-center 的访问域名 PERSONAL_SECURITY_CENTER_SERVER_PREFIX: http://personal-security-center.paas.xxx.edu.cn diff --git a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml index 19aa3a3..edd1b43 100644 --- a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml +++ b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml @@ -21,13 +21,14 @@ data: SERVER_TOMCAT_MAX_THREADS: "800" SERVER_TOMCAT_MIN_SPARE_THREADS: "100" + LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER: INFO + + ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000" ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000" ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000" - LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER: INFO - ZUUL_ROUTES_PERSONAL_ME_URL: http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1/me ZUUL_ROUTES_PERSONAL_BFF_URL: http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1 diff --git a/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/0.communicate-center-base.yaml b/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/0.communicate-center-base.yaml deleted file mode 100644 index 4181e1c..0000000 --- a/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/0.communicate-center-base.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# communicate-center-base.yaml - -#################################################### -# supwisdom harbor private docker registry -#################################################### ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/dockerconfigjson -metadata: - name: harbor-registry - namespace: communicate-center -data: - # 修改harbor仓库配置,并使用 base64 工具进行编码 - # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}} - .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19 - diff --git a/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/1.communicate-center-env.yaml b/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/1.communicate-center-env.yaml deleted file mode 100644 index 3e23835..0000000 --- a/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/1.communicate-center-env.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# communicate-center-env.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: communicate-center - name: jvm-env -data: - MAX_RAM_PERCENTAGE: "75.0" - ---- -apiVersion: v1 -kind: Secret -metadata: - namespace: communicate-center - name: datasource-env-secret -type: Opaque -data: - # jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/communicate_center?serverTimezone=Asia/Shanghai - JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvY29tbXVuaWNhdGVfY2VudGVyP3NlcnZlclRpbWV6b25lPUFzaWEvU2hhbmdoYWk= - # communicate_center - JDBC_USERNAME: Y29tbXVuaWNhdGVfY2VudGVy - # 修改为实际的数据库密码,并使用 base64 工具进行编码 - # kingstar - JDBC_PASSWORD: a2luZ3N0YXI= - diff --git a/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/2.communicate-center-ingresses.yaml b/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/2.communicate-center-ingresses.yaml deleted file mode 100644 index 354aeeb..0000000 --- a/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/2.communicate-center-ingresses.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# communicate-center-ingresses.yaml - -# 暂时不使用,直接使用内部地址 -# --- -# apiVersion: extensions/v1beta1 -# kind: Ingress -# metadata: -# namespace: communicate-center -# name: communicate-center-api-ingress -# spec: -# rules: -# # 修改为学校的根域名 -# - host: communicate-center-api.paas.xxx.edu.cn -# http: -# paths: -# - path: / -# backend: -# serviceName: communicate-center-poa-svc -# servicePort: http diff --git a/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/4.0.communicate-center-installer.yaml b/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/4.0.communicate-center-installer.yaml deleted file mode 100644 index 0c3c84f..0000000 --- a/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/4.0.communicate-center-installer.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# communicate-center-installer.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: communicate-center - name: communicate-center-installer-env -data: - DB_TYPE: mysql8 - - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: communicate-center-installer - namespace: communicate-center -spec: - completions: 1 - parallelism: 1 - template: - metadata: - labels: - app: communicate-center-installer - spec: - restartPolicy: Never - containers: - - name: communicate-center-installer - # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/communicate-center/communicate-center-installer:1.0.0-SNAPSHOT - imagePullPolicy: Always - envFrom: - - configMapRef: - name: jvm-env - - secretRef: - name: datasource-env-secret - - configMapRef: - name: communicate-center-installer-env - resources: - requests: - memory: "256Mi" - limits: - memory: "256Mi" - imagePullSecrets: - - name: harbor-registry diff --git a/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/4.1.communicate-center-poa.yaml b/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/4.1.communicate-center-poa.yaml deleted file mode 100644 index f20140a..0000000 --- a/deploy-manifests/k8s-rancher/1.authx-service/8.communicate-center/4.1.communicate-center-poa.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# communicate-center-poa.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: communicate-center - name: communicate-center-poa-env -data: - SERVER_PORT: "8080" - SSL_ENABLED: "false" - #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore - #SSL_KEYSTORE_PASSWORD: "" - #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore - #SSL_TRUSTSTORE_PASSWORD: "" - - SERVER_MAXHTTPHEADERSIZE: "10240" - - - USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080 - USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false" - #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" - #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore - #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore - #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - # 若须对接邮件服务,须提供 SMTP 帐号 - TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/console - # 若须对接sms 接口,须进行二开定制 - TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console - - TPAS_CLIENT_AUTH_ENABLED: "false" - #TPAS_CLIENT_AUTH_KEY_PASSWORD: "" - #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore - #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore - #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - ---- -apiVersion: v1 -kind: Service -metadata: - namespace: communicate-center - name: communicate-center-poa-svc - labels: - app: communicate-center-poa - needMonitor: 'true' -spec: - ports: - - port: 8080 - targetPort: http - protocol: TCP - name: http - - port: 6060 - targetPort: http-metrics - protocol: TCP - name: http-metrics - selector: - app: communicate-center-poa - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: communicate-center - name: communicate-center-poa -spec: - selector: - matchLabels: - app: communicate-center-poa - replicas: 1 - template: - metadata: - labels: - app: communicate-center-poa - spec: - containers: - - name: communicate-center-poa - # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/communicate-center/communicate-center-poa:1.0.0-SNAPSHOT - imagePullPolicy: Always - ports: - - containerPort: 8080 - name: http - - containerPort: 6060 - name: http-metrics - envFrom: - - configMapRef: - name: jvm-env - - secretRef: - name: datasource-env-secret - - configMapRef: - name: communicate-center-poa-env - resources: - requests: - memory: "512Mi" - limits: - memory: "512Mi" - readinessProbe: - httpGet: - path: /actuator/health - port: 8080 - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 10 - imagePullSecrets: - - name: harbor-registry diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/10.0.init.sql b/deploy-manifests/k8s-rancher/6.admin-platform/10.0.init.sql deleted file mode 100644 index 579d3db..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/10.0.init.sql +++ /dev/null @@ -1,73 +0,0 @@ --- 10.1.init.sql - -/* -将 paas.example.com 替换为 paas.学校域名.edu.cn -*/ - - -use cas_server; - --- 更新 服务 admin-center 的信息 - -update TB_SERVICE -set - INFORMATION_URL='http://admin-center.paas.example.com', - LOGOUT_URL='http://admin-center.paas.example.com/cas/slo', - SERVICE_ID='http://admin-center.paas.example.com/cas/(.*)' -where ID='1'; -- todo, modify - --- 更新 服务 personal-security-center 的信息 - -update TB_SERVICE -set - INFORMATION_URL='http://personal-security-center.paas.example.com', - LOGOUT_URL='http://personal-security-center.paas.example.com/cas/slo', - SERVICE_ID='http://personal-security-center.paas.example.com/cas/(.*)' -where ID='2'; -- todo, modify - -commit; - - -use user_authz; - --- 更新 admin-center 下的角色同步地址 - -update TB_APPLICATION -set - SYNC_URL='http://admin-center.paas.example.com/api/v1/open/sync/roles' -where ID='1'; -- todo, modify - -commit; - - -use admin_center; - --- 更新 admin-management 下菜单的访问域 - -update TB_MGT_PERMISSION -set - ORIGIN='http://admin-management.paas.example.com' -where APPLICATION_ID='00000' -; - -commit; - - --- 更新 admin-platform 下菜单的访问域 - -update TB_MGT_PERMISSION -set - ORIGIN='http://admin-platform.paas.example.com' -where APPLICATION_ID='1' -; - -commit; - -/* -insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) -values ('23', 0, 'user-biz', '用户服务 - 业务接口', '1', '/api/v1/user/biz', 'http://localhost:8023/api/v1/biz', 1); - -update TB_MGT_ROUTE set URL='http://user-data-service-biz-svc.user-data-service.svc.cluster.local:8080/api/v1/biz' where ID='23'; - -commit; -*/ diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/10.1.init-flow.sql b/deploy-manifests/k8s-rancher/6.admin-platform/10.1.init-flow.sql deleted file mode 100644 index 019bfb5..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/10.1.init-flow.sql +++ /dev/null @@ -1,96 +0,0 @@ --- 10.1.init.sql - -/* -将 paas.example.com 替换为 paas.学校域名.edu.cn -*/ - --- 以下脚本为可选操作 - -/* - * 若部署了流程平台、门户的产品 - * 可初始化云平台下的相关菜单数据 - */ - -use admin_center; - --- flow --- 如果部署,流程平台,请处理 - -insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) -values ('50', 0, 'flow-api', '管理门户 - 流程接口', '1', '/api/v1/flow-release', 'http://formflow-formflow-svc.formflow.svc.cluster.local:8080/formflow', 1); - -commit; - -/* -update TB_MGT_ROUTE -set - URL='http://formflow.paas.example.com' -where ID='50'; -- todo, modify - -commit; -*/ - -insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS) -values ('50', 0, 'flow-admin', '流程表单管理员', '', '1'); -insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS) -values ('51', 0, 'flow-biz', '流程操作员', '业务、应用组、应用相关管理的操作人员', '1'); - -commit; - - -update TB_MGT_PERMISSION - set LFT = LFT+10 -where LFT>=82 -; - -update TB_MGT_PERMISSION - set RGT = RGT+10 -where RGT>=82 -; - - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('50000', 0, 'formflow-manager', '流程管理', '1', '2', '', '/', '1', '1', 50000, 1, 82, 91); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('50100', 0, 'formflow', '流程表单', '1', '2', 'su-icon-liuchengbiaodan', '/formflow', '1', '50000', 50100, 2, 83, 84); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('50200', 0, 'workbench', '工作台', '1', '2', 'su-icon-gongzuotai', '/formflow/workbench', '1', '50000', 50200, 2, 85, 86); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('50300', 0, 'instanceManage', '实例管理', '1', '2', 'su-icon-shiliguanli', '/formflow/instanceManage', '1', '50000', 50300, 2, 87, 88); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('50400', 0, 'agent', '代理代办', '0', '2', 'su-icon-dailidaiban', '/formflow/agent', '1', '50000', 50400, 2, 89, 90); - -commit; - - -insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) - -select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID -from TB_MGT_PERMISSION -where (ID like '5____' or ID='1') - and CONCAT('1_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION) -; - -insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) - -select CONCAT('50_', ID) as ID, 0 as DELETED, '50' as ROLE_ID, ID as PERMISSION_ID -from TB_MGT_PERMISSION -where (ID like '5____' or ID='1') - and CONCAT('50_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION) -; - -commit; - - --- 更新 admin-platform 下菜单的访问域 - -update TB_MGT_PERMISSION -set - ORIGIN='http://admin-platform.paas.example.com' -where LFT >= 82 - and RGT <= 91 -; - -commit; diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/10.1.init-message.sql b/deploy-manifests/k8s-rancher/6.admin-platform/10.1.init-message.sql deleted file mode 100644 index 1a03689..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/10.1.init-message.sql +++ /dev/null @@ -1,105 +0,0 @@ --- 10.1.init-message.sql - - -/* -将 paas.example.com 替换为 paas.学校域名.edu.cn -*/ - --- 以下脚本为可选操作 - -/* - * 若部署了流程平台、门户的产品 - * 可初始化云平台下的相关菜单数据 - */ - -use admin_center; - --- message --- 如果部署,流程平台,请处理 - - -insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS) -values ('80', 0, 'message-admin', '消息平台管理员', '', '1'); -insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS) -values ('81', 0, 'message-opt', '消息平台操作员', '', '1'); - -commit; - - -/* -消息服务 message-backstage -名称 路由 图标 -消息网关管理 /message-backstage/msgGateWay su-icon-xiaoxiwangguan -短信模板管理 /message-backstage/SMSTemplateManage su-icon-mobanguanli -消息类别管理 /message-backstage/msgTypes su-icon-xiaoxileibie -消息任务监控 /message-backstage/msgTaskMonitor su-icon-renwujiankong -消息日志审计 /message-backstage/msgLogAudit su-icon-details -应用管理 /message-backstage/msgSoftManage su-icon-sort -敏感词管理 /message-backstage/SensitiveWords su-icon-lock-w -设置 /message-backstage/msgSendCondition su-icon-print -*/ - -update TB_MGT_PERMISSION - set LFT = LFT+18 -where LFT>=92 -; - -update TB_MGT_PERMISSION - set RGT = RGT+18 -where RGT>=92 -; - - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('80000', 0, 'message-backstage', '消息服务', '1', '2', '', '/', '1', '1', 80000, 1, 92, 109); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('80100', 0, 'formflow', '消息网关管理', '1', '2', 'su-icon-xiaoxiwangguan', '/message-backstage/msgGateWay', '1', '80000', 80100, 2, 93, 94); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('80200', 0, 'workbench', '短信模板管理', '1', '2', 'su-icon-mobanguanli', '/message-backstage/SMSTemplateManage', '1', '80000', 80200, 2, 95, 96); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('80300', 0, 'instanceManage', '消息类别管理', '1', '2', 'su-icon-xiaoxileibie', '/message-backstage/msgTypes', '1', '80000', 80300, 2, 97, 98); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('80400', 0, 'agent', '消息任务监控', '1', '2', 'su-icon-renwujiankong', '/message-backstage/msgTaskMonitor', '1', '80000', 80400, 2, 99, 100); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('80500', 0, 'agent', '消息日志审计', '1', '2', 'su-icon-details', '/message-backstage/msgLogAudit', '1', '80000', 80500, 2, 101, 102); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('80600', 0, 'agent', '应用管理', '1', '2', 'su-icon-sort', '/message-backstage/msgSoftManage', '1', '80000', 80600, 2, 103, 104); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('80700', 0, 'agent', '敏感词管理', '1', '2', 'su-icon-lock-w', '/message-backstage/SensitiveWords', '1', '80000', 80700, 2, 105, 106); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('80800', 0, 'agent', '设置', '1', '2', 'su-icon-print', '/message-backstage/msgSendCondition', '1', '80000', 80800, 2, 107, 108); - -commit; - - -insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) - -select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID -from TB_MGT_PERMISSION -where (ID like '8____' or ID='1') - and CONCAT('1_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION) -; - -insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) - -select CONCAT('80_', ID) as ID, 0 as DELETED, '50' as ROLE_ID, ID as PERMISSION_ID -from TB_MGT_PERMISSION -where (ID like '8____' or ID='1') - and CONCAT('80_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION) -; - -commit; - - --- 更新 admin-platform 下菜单的访问域 - -update TB_MGT_PERMISSION -set - ORIGIN='http://admin-platform.paas.example.com' -where LFT >= 92 - and RGT <= 109 -; - -commit; diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/10.1.init-portal.sql b/deploy-manifests/k8s-rancher/6.admin-platform/10.1.init-portal.sql deleted file mode 100644 index d7357e6..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/10.1.init-portal.sql +++ /dev/null @@ -1,287 +0,0 @@ --- 10.1.init.sql - -/* -将 paas.example.com 替换为 paas.学校域名.edu.cn -*/ - --- 以下脚本为可选操作 - -/* - * 若部署了流程平台、门户的产品 - * 可初始化云平台下的相关菜单数据 - */ - -use admin_center; - --- portal --- 如果部署,门户V5,请处理 - -insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) -values ('60', 0, 'portal-api', '管理门户 - 门户接口', '1', '/api/v1/portal', 'http://ecampus.paas.example.com/', 1); - -commit; - - -update TB_MGT_ROUTE -set - URL='http://ecampus.paas.example.com' -where ID='60'; -- todo, modify - -commit; -/* -http://portal-web.portal.svc.cluster.local:8080/portal-web/api -*/ - - -insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS) -values ('60', 0, 'portal-admin', '门户管理员', '', '1'); - -commit; - - -/* -update TB_MGT_PERMISSION - set LFT = LFT+10 -where LFT>=89 -; - -update TB_MGT_PERMISSION - set RGT = RGT+10 -where RGT>=89 -; -*/ - - -/* -门户管理 - web端管理 - 系统管理 - 组件模板 - 主题管理 - 主题方案 - 授权管理 - 角色管理 - 服务管理 - 服务管理 - 服务评价管理 - 标签分类管理 - CMS管理 - 幻灯片管理 - 栏目管理 - 内容管理 - 流程管理 - 模板管理 - 滚动公告管理 - 消息管理 - 第三方消息发送设置 - 消息类型管理 - 消息发送详情 -*/ - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('60', 0, 'portal-manage', '门户管理', '1', '1', 'el-icon-s-help', '/', - '60', '0', 60, 1, 93, 136); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6010000', 0, 'web', 'web端管理', - '1', '2', null, null, - '60', '60', 6010000, 1, 94, 105); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6010001', 0, 'web-systemManager', '系统管理', - '1', '2', 'su-icon-xitongguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/systemManager/view.html', - '60', '6010000', 6010001, 2, 95, 96); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6010002', 0, 'web-widgetTemplate', '组件模板', - '1', '2', 'su-icon-zujianmoban', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/widgetTemplate/view.html', - '60', '6010000', 6010002, 2, 97, 98); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6010003', 0, 'web-themeManager', '主题管理', - '1', '2', 'su-icon-hutiguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/themeManager/view.html', - '60', '6010000', 6010003, 2, 99, 100); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6010004', 0, 'web-themeScheme', '主题方案', - '1', '2', 'su-icon-zhutifangan', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/themeScheme/view.html', - '60', '6010000', 6010004, 2, 101, 102); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6010005', 0, 'web-oauthManager', 'oauth管理', - '1', '2', 'su-icon-authguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/oauthManager/view.html', - '60', '6010000', 6010005, 2, 103, 104); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6020000', 0, 'auth', '授权管理', - '1', '2', null, null, - '60', '60', 6020000, 1, 106, 109); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6020003', 0, 'auth-roleManager', '角色管理', - '1', '2', 'su-icon-jiaoseguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#auth/roleManager/view.html', - '60', '6020000', 6020003, 2, 107, 108); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6030000', 0, 'service', '服务管理', - '1', '2', null, null, - '60', '60', 6030000, 1, 110, 117); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6030001', 0, 'service-appservice', '服务管理', - '1', '2', 'su-icon-fuwuguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/appservice/tabs.html', - '60', '6030000', 6030001, 2, 111, 112); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6030002', 0, 'service-evaluate', '服务评价管理', - '1', '2', 'su-icon-fuwupingjiaguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/evaluate/form.html', - '60', '6030000', 6030002, 2, 113, 114); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6030003', 0, 'service-tagging', '标签分类管理', - '1', '2', 'su-icon-biaoqianfenleiguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/tagging/form.html', - '60', '6030000', 6030003, 2, 115, 116); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6040000', 0, 'cms', 'CMS管理', - '1', '2', null, null, - '60', '60', 6040000, 1, 118, 131); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6040001', 0, 'cms-slide', '幻灯片管理', - '1', '2', 'su-icon-huandengpianguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/slide/list.html', - '60', '6040000', 6040001, 2, 119, 120); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6040002', 0, 'cms-column', '栏目管理', - '1', '2', 'su-icon-lanmuguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/column/list.html', - '60', '6040000', 6040002, 2, 121, 122); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6040003', 0, 'cms-content', '内容管理', - '1', '2', 'su-icon-neirongguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/content/list-manage.html', - '60', '6040000', 6040003, 2, 123, 124); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6040004', 0, 'cms-flow', '流程管理', - '1', '2', 'su-icon-liuchengguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/flow/list.html', - '60', '6040000', 6040004, 2, 125, 126); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6040005', 0, 'cms-template', '模板管理', - '1', '2', 'su-icon-mobanguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/template/list.html', - '60', '6040000', 6040005, 2, 127, 128); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6040006', 0, 'cms-notice', '滚动公告管理', - '1', '2', 'su-icon-gundonggonggaoguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/notice/list.html', - '60', '6040000', 6040006, 2, 129, 130); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6050000', 0, 'message', '消息管理', - '1', '2', null, null, - '60', '60', 6050000, 1, 132, 139); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6050001', 0, 'message-sendsetting', '第三方消息发送设置', - '1', '2', 'su-icon-disanfangxiaoxifasongshezhi', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/sendsetting/tabs.html', - '60', '6050000', 6050001, 2, 133, 134); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6050002', 0, 'message-type', '消息类型管理', - '1', '2', 'su-icon-xiaoxileixingguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/type/form.html', - '60', '6050000', 6050002, 2, 135, 136); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, - STATUS, TYPE_, ICON, URL, - APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('6050003', 0, 'message-log', '消息发送详情', - '1', '2', 'su-icon-xiaoxifasongxiangqing', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/sendlog/list.html', - '60', '6050000', 6050003, 2, 137, 138); - - -commit; - - - -insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) - -select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID -from TB_MGT_PERMISSION -where ID like '60_____' or ID='60' -; - - - -insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) - -select CONCAT('60_', ID) as ID, 0 as DELETED, '60' as ROLE_ID, ID as PERMISSION_ID -from TB_MGT_PERMISSION -where ID like '60_____' or ID='60' or ID='1' -; - -commit; - - -/* 更新 TB_MGT_PERMISSION 的 ORIGIN */ -/* -select * -from TB_MGT_PERMISSION -where LFT >= (select LFT from TB_MGT_PERMISSION where ID='1') - and RGT <= (select RGT from TB_MGT_PERMISSION where ID='1') -; -*/ - -update TB_MGT_PERMISSION -set - ORIGIN='http://ecampus.paas.example.com' -where APPLICATION_ID = '60' -; - -commit; - diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/0.admin-center-base.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/0.admin-center-base.yaml deleted file mode 100644 index 9aeb1f2..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/0.admin-center-base.yaml +++ /dev/null @@ -1,188 +0,0 @@ -# admin-center-base.yaml - -# 在 rancher 中 命名空间 须手动创建 - -#################################################### -# namespace -#################################################### -apiVersion: v1 -kind: Namespace -metadata: - name: admin-center - # labels: - # istio-injection: enabled - - -#################################################### -# supwisdom harbor private docker registry -#################################################### ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/dockerconfigjson -metadata: - namespace: admin-center - name: harbor-registry -data: - # 修改harbor仓库配置,并使用 base64 工具进行编码 - # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}} - .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19 - - -#################################################### -# mysql-server -#################################################### ---- -apiVersion: v1 -kind: Service -metadata: - namespace: admin-center - name: mysql-server -spec: - ports: - - name: tcp-mysql - port: 3306 - protocol: TCP - targetPort: 3306 ---- -kind: Endpoints -apiVersion: v1 -metadata: - namespace: admin-center - name: mysql-server -subsets: - - addresses: - # 修改实际MySQL服务器的IP地址 - - ip: 172.30.104.82 - ports: - - name: tcp-mysql - port: 3306 - protocol: TCP - - -#################################################### -# redis-server -#################################################### - ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - app: redis - release: redis-server - name: redis-server - namespace: admin-center -type: Opaque -data: - REDIS_PASSWORD: OEt1d29zbE9pdXc3SA== - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: redis - release: redis-server - name: redis-server - namespace: admin-center -spec: - ports: - - name: redis - port: 6379 - protocol: TCP - targetPort: redis - selector: - app: redis - release: redis-server - role: master - type: ClusterIP ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app: redis - release: redis-server - name: redis-server - namespace: admin-center -spec: - podManagementPolicy: OrderedReady - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: redis - release: redis-server - role: master - serviceName: redis-master - template: - metadata: - labels: - app: redis - release: redis-server - role: master - spec: - containers: - - name: redis-server - env: - - name: REDIS_DISABLE_COMMANDS - value: FLUSHDB,FLUSHALL - - name: REDIS_REPLICATION_MODE - value: master - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-server - key: REDIS_PASSWORD - # 若使用了学校搭设的私有仓库,请修改 - image: bitnami/redis:4.0 - # 若使用了学校搭设的私有仓库,请修改 为 Always - imagePullPolicy: IfNotPresent - # imagePullPolicy: Always - livenessProbe: - exec: - command: - - redis-cli - - ping - failureThreshold: 5 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - ports: - - containerPort: 6379 - name: redis - protocol: TCP - readinessProbe: - exec: - command: - - redis-cli - - ping - failureThreshold: 5 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /bitnami/redis/data - name: redis-data - dnsPolicy: ClusterFirst - restartPolicy: Always - securityContext: - fsGroup: 1001 - # runAsUser: 1001 - # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372 - runAsUser: 0 - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: redis-data - # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可) - # imagePullSecrets: - # - name: harbor-registry - updateStrategy: - rollingUpdate: - partition: 0 - type: RollingUpdate - diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/1.admin-center-env.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/1.admin-center-env.yaml deleted file mode 100644 index faaad82..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/1.admin-center-env.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# admin-center-env.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: admin-center - name: jvm-env -data: - MAX_RAM_PERCENTAGE: "75.0" - ---- -apiVersion: v1 -kind: Secret -metadata: - namespace: admin-center - name: datasource-env-secret -type: Opaque -data: - # jdbc:mysql://mysql-server:3306/admin_center?serverTimezone=Asia/Shanghai - JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlcjozMzA2L2FkbWluX2NlbnRlcj9zZXJ2ZXJUaW1lem9uZT1Bc2lhL1NoYW5naGFp - # admin_center - JDBC_USERNAME: YWRtaW5fY2VudGVy - # 修改为实际的数据库密码,并使用 base64 工具进行编码 - # kingstar - JDBC_PASSWORD: a2luZ3N0YXI= - ---- -apiVersion: v1 -kind: Secret -metadata: - namespace: admin-center - name: redis-env-secret -type: Opaque -data: - SPRING_REDIS_HOST: cmVkaXMtc2VydmVy - SPRING_REDIS_PORT: NjM3OQ== - SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA== - diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/2.admin-center-ingresses.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/2.admin-center-ingresses.yaml deleted file mode 100644 index ec07477..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/2.admin-center-ingresses.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# admin-center-ingresses.yaml - - -# 云平台管理后端接口 ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - namespace: admin-center - name: admin-center-ingress - annotations: - nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" -spec: - rules: - # 修改为学校的根域名 - - host: admin-center.paas.xxx.edu.cn - http: - paths: - - path: / - backend: - serviceName: admin-center-zuul-svc - servicePort: http - - -# 云平台菜单开放接口 -# 暂时不使用,直接使用内部地址 -# --- -# apiVersion: extensions/v1beta1 -# kind: Ingress -# metadata: -# namespace: admin-center -# name: admin-center-api-ingress -# spec: -# rules: -# # 修改为学校的根域名 -# - host: admin-center-api.paas.xxx.edu.cn -# http: -# paths: -# - path: / -# backend: -# serviceName: admin-center-poa-svc -# servicePort: http - - -# 云平台管理前端 ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - namespace: admin-center - name: admin-center-management-ingress -spec: - rules: - # 修改为学校的根域名 - - host: admin-management.paas.xxx.edu.cn - http: - paths: - - path: / - backend: - serviceName: admin-center-management-svc - servicePort: http - diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml deleted file mode 100644 index 7f456ce..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# admin-center-sa-installer.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: admin-center - name: admin-center-sa-installer-env -data: - DB_TYPE: mysql8 - - ---- -apiVersion: batch/v1 -kind: Job -metadata: - namespace: admin-center - name: admin-center-sa-installer -spec: - completions: 1 - parallelism: 1 - template: - metadata: - labels: - app: admin-center-sa-installer - spec: - restartPolicy: Never - containers: - - name: admin-center-sa-installer - # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-sa-installer:1.0.0-SNAPSHOT - imagePullPolicy: Always - envFrom: - - configMapRef: - name: jvm-env - - secretRef: - name: datasource-env-secret - - configMapRef: - name: admin-center-sa-installer-env - resources: - requests: - memory: "256Mi" - limits: - memory: "256Mi" - imagePullSecrets: - - name: harbor-registry - diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml deleted file mode 100644 index 1534603..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml +++ /dev/null @@ -1,117 +0,0 @@ -# admin-center-poa.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: admin-center - name: admin-center-poa-env -data: - SERVER_PORT: "8080" - SSL_ENABLED: "false" - #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore - #SSL_KEYSTORE_PASSWORD: "" - #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore - #SSL_TRUSTSTORE_PASSWORD: "" - - SERVER_MAXHTTPHEADERSIZE: "10240" - - LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_ADMIN_CENTER_POA: INFO - - - ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080 - ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false" - #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: "" - #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080 - USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false" - #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" - #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080 - USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false" - #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" - #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - ---- -apiVersion: v1 -kind: Service -metadata: - namespace: admin-center - name: admin-center-poa-svc - labels: - app: admin-center-poa - needMonitor: 'true' -spec: - ports: - - port: 8080 - targetPort: http - protocol: TCP - name: http - - port: 6060 - targetPort: http-metrics - protocol: TCP - name: http-metrics - selector: - app: admin-center-poa - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: admin-center - name: admin-center-poa -spec: - selector: - matchLabels: - app: admin-center-poa - replicas: 1 - template: - metadata: - labels: - app: admin-center-poa - spec: - containers: - - name: admin-center-poa - # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-poa:1.0.2-SNAPSHOT - imagePullPolicy: Always - ports: - - containerPort: 8080 - name: http - - containerPort: 6060 - name: http-metrics - envFrom: - - configMapRef: - name: jvm-env - - secretRef: - name: redis-env-secret - - configMapRef: - name: admin-center-poa-env - resources: - requests: - memory: "400Mi" - limits: - memory: "400Mi" - readinessProbe: - httpGet: - path: /actuator/health - port: 8080 - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 10 - imagePullSecrets: - - name: harbor-registry diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml deleted file mode 100644 index d7c8aee..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml +++ /dev/null @@ -1,101 +0,0 @@ -# admin-center-sa.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: admin-center - name: admin-center-sa-env -data: - SERVER_PORT: "8080" - SSL_ENABLED: "false" - #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore - #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore - - SERVER_MAXHTTPHEADERSIZE: "10240" - ---- -apiVersion: v1 -kind: Secret -metadata: - namespace: admin-center - name: admin-center-sa-env-secret -type: Opaque -data: - #SSL_KEYSTORE_PASSWORD: "" - #SSL_TRUSTSTORE_PASSWORD: "" - - ---- -apiVersion: v1 -kind: Service -metadata: - namespace: admin-center - name: admin-center-sa-svc - labels: - app: admin-center-sa - needMonitor: 'true' -spec: - ports: - - port: 8080 - targetPort: http - protocol: TCP - name: http - - port: 6060 - targetPort: http-metrics - protocol: TCP - name: http-metrics - selector: - app: admin-center-sa ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: admin-center - name: admin-center-sa -spec: - selector: - matchLabels: - app: admin-center-sa - replicas: 1 - template: - metadata: - labels: - app: admin-center-sa - spec: - containers: - - name: admin-center-sa - # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-sa:1.0.0-SNAPSHOT - imagePullPolicy: Always - ports: - - containerPort: 8080 - name: http - - containerPort: 6060 - name: http-metrics - envFrom: - - configMapRef: - name: jvm-env - - secretRef: - name: datasource-env-secret - - secretRef: - name: admin-center-sa-env-secret - - configMapRef: - name: admin-center-sa-env - resources: - requests: - memory: "400Mi" - limits: - memory: "400Mi" - readinessProbe: - httpGet: - path: /actuator/health - port: 8080 - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 10 - imagePullSecrets: - - name: harbor-registry - diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml deleted file mode 100644 index f03a397..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml +++ /dev/null @@ -1,143 +0,0 @@ -# admin-center-bff.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: admin-center - name: admin-center-bff-env -data: - SERVER_PORT: "8080" - SSL_ENABLED: "false" - #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore - #SSL_KEYSTORE_PASSWORD: "" - #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore - #SSL_TRUSTSTORE_PASSWORD: "" - - SERVER_MAXHTTPHEADERSIZE: "10240" - - LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_ADMIN_CENTER_BFF: INFO - - - ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080 - ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false" - #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: "" - #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080 - CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false" - #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: "" - #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080 - USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false" - #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" - #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080 - USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false" - #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" - #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - # PERSONAL_SECURITY_CENTER_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080 - # PERSONAL_SECURITY_CENTER_CLIENT_AUTH_ENABLED: "false" - #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEY_PASSWORD: "" - #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - - TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/db - TPAS_CLIENT_AUTH_ENABLED: "false" - #TPAS_CLIENT_AUTH_KEY_PASSWORD: "" - #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore - #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore - #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - ---- -apiVersion: v1 -kind: Service -metadata: - namespace: admin-center - name: admin-center-bff-svc - labels: - app: admin-center-bff - needMonitor: 'true' -spec: - ports: - - port: 8080 - targetPort: http - protocol: TCP - name: http - - port: 6060 - targetPort: http-metrics - protocol: TCP - name: http-metrics - selector: - app: admin-center-bff - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: admin-center - name: admin-center-bff -spec: - selector: - matchLabels: - app: admin-center-bff - replicas: 1 - template: - metadata: - labels: - app: admin-center-bff - spec: - containers: - - name: admin-center-bff - # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-bff:1.0.2-SNAPSHOT - imagePullPolicy: Always - ports: - - containerPort: 8080 - name: http - - containerPort: 6060 - name: http-metrics - envFrom: - - configMapRef: - name: jvm-env - - secretRef: - name: redis-env-secret - - configMapRef: - name: admin-center-bff-env - resources: - requests: - memory: "400Mi" - limits: - memory: "400Mi" - readinessProbe: - httpGet: - path: /actuator/health - port: 8080 - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 10 - imagePullSecrets: - - name: harbor-registry - diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml deleted file mode 100644 index 71ed6d3..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# admin-center-zuul.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: admin-center - name: admin-center-zuul-env -data: - SERVER_PORT: "8080" - SSL_ENABLED: "false" - #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore - #SSL_KEYSTORE_PASSWORD: "" - #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore - #SSL_TRUSTSTORE_PASSWORD: "" - - SERVER_MAXHTTPHEADERSIZE: "10240" - - # SERVER_TOMCAT_MAX_CONNECTIONS: "10000" - # SERVER_TOMCAT_ACCEPT_COUNT: "5000" - # SERVER_TOMCAT_MAX_THREADS: "800" - # SERVER_TOMCAT_MIN_SPARE_THREADS: "100" - - # SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800" - - - ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000" - ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000" - - ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000" - - - INFRAS_SECURITY_BASIC_ENABLED: "false" - - INFRAS_SECURITY_JWT_ENABLED: "true" - #INFRAS_SECURITY_JWT_KEY_ALIAS: "supwisdom-jwt-key" - #INFRAS_SECURITY_JWT_KEY_PASSWORD: "changeit" - #INFRAS_SECURITY_JWT_KEY_STORE: "file:/certs/jwt/jwt.keystore" - #INFRAS_SECURITY_JWT_KEY_STORE_PASSWORD: "changeit" - - INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas - INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: "" - INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey" - - - INFRAS_SECURITY_CAS_ENABLED: "true" - # 修改为学校的admin-center的访问域名 - APP_SERVER_HOST_URL: "http://admin-center.paas.xxx.edu.cn" - #APP_LOGIN_URL: "/cas/login" - #APP_LOGOUT_URL: "/cas/logout" - # 修改为学校的cas的访问域名 - CAS_SERVER_HOST_URL: "http://cas.paas.xxx.edu.cn/cas" - - - ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false" - #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: "" - #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - - ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080 - ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false" - #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: "" - #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080 - USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false" - #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" - #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - - USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080 - USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false" - #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" - #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore - #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" - #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore - #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" - ---- -apiVersion: v1 -kind: Secret -metadata: - namespace: admin-center - name: admin-center-zuul-env-secret -type: Opaque -data: - # 参考 certs/jwt/readme.md 生成公私钥pem,替换相关配置 - INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDcWUzYUpRVm1VNWY1VDhIdU1PcEloMjhrZQpNU3hpUkh2NXNNa29iVGd5T3VRaVVYVEJLS3JwUjVNUWFiaERFZG1WSHlVWFowUFRLRHJCYk9rWkVwTVRmbXBHCnBibE5hOHJkS0RRZG5MYVFLNHBkKzN1clJSdDQzYXhISTdQZHdnRmx3ZThybmYvZllVK3lpcWhDaFBjbkdSNXAKUE9hOE4xZFkzQXlwWWhZa2dRSURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ== - INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFLcDdkb2xCV1pUbC9sUHcKZTR3NmtpSGJ5UjR4TEdKRWUvbXd5U2h0T0RJNjVDSlJkTUVvcXVsSGt4QnB1RU1SMlpVZkpSZG5ROU1vT3NGcwo2UmtTa3hOK2FrYWx1VTFyeXQwb05CMmN0cEFyaWwzN2U2dEZHM2pkckVjanM5M0NBV1hCN3l1ZC85OWhUN0tLCnFFS0U5eWNaSG1rODVydzNWMWpjREtsaUZpU0JBZ01CQUFFQ2dZRUFuNXN2QXBrMzhQclIvR3ZzZndCbXgyUXAKQ2ljblVtaWpXTVIxejI5UmFWVlJOLy9pdXVRRC9wcVB5Skh4ZkhrOXB5cWRZeWUraS9YaDdDeTJuazZSZWVyMAowcG5lbUFJNFpNVnFaWW8rUHFIdU1ZSnRjS1ZpSHRLUElVZFVEaGpleE1iVjhPdXdFRjdDNERsNXhveXV6cUZvClZzRTFlaVNpVERmQWNUcmc4SEVDUVFEYjVrZU5FUUxtMEFPK0I3TDZvUi9URExHODZiaXU1Szc0VEVzMmphM0gKQ0JBa1FLUXJvMWwxS3c2Y1ZKcXlGR09SMEI1ZG9Mc2V2cVNTWVV5KytrZGpBa0VBeG5oUzh5SnF1Z3ordFV2ZApKMW1sSm9UbTFxNjFHNDBzTFhMY1RtU3F1a2dyTDBDMm1ycXJGQUF4MjF2ek83azF0NU44aEZUY1VnR3BMa015CjNiOGp5d0pBWEFBVk1XekxsUHUwaFIyOWdPUkdaMHNwVll0SFRFeTY4NEVmK3B2OTk0WmxFblhFK2NqbTFZR0YKSkZ5MU9Bb1Z1bHlqUjdMR2RzOTJGUlFHUXVSOVZ3SkJBS1JNUlhicS9la3BDczR3a0ZLYi9vQ2xzcWIwR0E5SAp6ZE9ONjF5bUwwTm9yUDlBRmlwKzcxTHVXbGVhaGYvaDhkc1hxQk93WUhjdTBzdnVhelJ3b0FNQ1FRQ05yM0FrCkZ6aUZBZGQvWkFmaFhpSURHemo1dlRCRkpaQ01TR1hXbVBJcTdnWEN0RUM4Y2VvRHhOY0JLRGtxeEQvaGJVcmwKZStmeDdqeE9kUXhwQkF1RQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t - - ---- -apiVersion: v1 -kind: Service -metadata: - namespace: admin-center - name: admin-center-zuul-svc - labels: - app: admin-center-zuul - needMonitor: 'true' -spec: - ports: - - port: 8080 - targetPort: http - protocol: TCP - name: http - - port: 6060 - targetPort: http-metrics - protocol: TCP - name: http-metrics - selector: - app: admin-center-zuul - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: admin-center - name: admin-center-zuul -spec: - selector: - matchLabels: - app: admin-center-zuul - replicas: 1 - template: - metadata: - labels: - app: admin-center-zuul - spec: - containers: - - name: admin-center-zuul - # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-zuul:1.0.2-SNAPSHOT - imagePullPolicy: Always - ports: - - containerPort: 8080 - name: http - - containerPort: 6060 - name: http-metrics - envFrom: - - configMapRef: - name: jvm-env - - secretRef: - name: redis-env-secret - - secretRef: - name: admin-center-zuul-env-secret - - configMapRef: - name: admin-center-zuul-env - resources: - requests: - memory: "400Mi" - limits: - memory: "400Mi" - readinessProbe: - httpGet: - path: /actuator/health - port: 8080 - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 10 - imagePullSecrets: - - name: harbor-registry - diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.9.admin-center-management.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.9.admin-center-management.yaml deleted file mode 100644 index 4684a8c..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.9.admin-center-management.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# 4.9.admin-center-management.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: admin-center - name: admin-center-management-env -data: - SCHOOL_NAME: "none" - # 修改为学校的 admin-center 的访问域名 - AUTH_URL: http://admin-center.paas.xxx.edu.cn/jwt/cas - # 修改为学校的 admin-center 的访问域名 - BACKEND_URL: http://admin-center.paas.xxx.edu.cn - # 修改为学校的 admin-management 的访问域名 - SERVER_URL: http://admin-management.paas.xxx.edu.cn - - ---- -apiVersion: v1 -kind: Service -metadata: - namespace: admin-center - name: admin-center-management-svc - labels: - app: admin-center-management-svc -spec: - ports: - - port: 80 - targetPort: http - protocol: TCP - name: http - selector: - app: admin-center-management - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: admin-center - name: admin-center-management -spec: - selector: - matchLabels: - app: admin-center-management - replicas: 1 - template: - metadata: - labels: - app: admin-center-management - spec: - containers: - - name: admin-center-management - # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-center/admin-center-management:0.0.1-SNAPSHOT - imagePullPolicy: Always - ports: - - containerPort: 80 - name: http - envFrom: - - configMapRef: - name: admin-center-management-env - resources: - requests: - memory: "128Mi" - limits: - memory: "256Mi" - imagePullSecrets: - - name: harbor-registry diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/certs/jwt/readme.md b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/certs/jwt/readme.md deleted file mode 100644 index 5ea3539..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/certs/jwt/readme.md +++ /dev/null @@ -1,83 +0,0 @@ -# readme.md - - -## 使用 openssl 生成 公私钥 - - -1. 生成私钥 App Private Key - -必须为 RSA2(SHA256) - -```bash -openssl genrsa -out jwt_private_key.pem 1024 -``` - -2. 将私钥转换为 PKCS8 格式 - -```bash -openssl pkcs8 -topk8 -inform PEM -in jwt_private_key.pem -outform PEM -nocrypt -out jwt_private_key_pkcs8.pem -``` - -3. 导出公钥 App Public Key - -```bash -openssl rsa -in jwt_private_key.pem -pubout -out jwt_public_key.pem -``` - -4. 将 jwt_public_key.pem 中的内容,去除换行和空格,转成字符串。 - -处理前: -```language ------BEGIN PUBLIC KEY----- -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI -2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbB -XVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3 -FugvRF/6jdTQis2LcQIDAQAB ------END PUBLIC KEY----- -``` -处理后: -```language ------BEGIN PUBLIC KEY----- -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbBXVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3FugvRF/6jdTQis2LcQIDAQAB ------END PUBLIC KEY----- -``` - -4. 将 jwt_private_key_pkcs8.pem 中的内容,去除换行和空格,转成字符串。 - -处理前: -```language ------BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTX -tPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRI -H9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxE -mbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7r -Y0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+ -qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH -04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU -/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/ -hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vq -kcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f -3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxam -TnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZ -y7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqR -hh20uoiJ/Hfky6A= ------END PRIVATE KEY----- -``` -处理后: -```language ------BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTXtPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRIH9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxEmbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7rY0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vqkcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxamTnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZy7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqRhh20uoiJ/Hfky6A= ------END PRIVATE KEY----- -``` - - -5. (可选)将pem内容进行 base64 编码后,配置到k8s - -echo -n '-----BEGIN PUBLIC KEY----- -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbBXVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3FugvRF/6jdTQis2LcQIDAQAB ------END PUBLIC KEY-----' |base64 - - -echo -n '-----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTXtPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRIH9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxEmbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7rY0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vqkcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxamTnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZy7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqRhh20uoiJ/Hfky6A= ------END PRIVATE KEY-----' |base64 diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/7.admin-platform/0.admin-platform-base.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/7.admin-platform/0.admin-platform-base.yaml deleted file mode 100644 index 3777c8e..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/7.admin-platform/0.admin-platform-base.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# 0.admin-platform-base.yaml - -# 在 rancher 中 命名空间 须手动创建 - -#################################################### -# namespace -#################################################### -apiVersion: v1 -kind: Namespace -metadata: - name: admin-platform - # labels: - # istio-injection: enabled - - -#################################################### -# supwisdom harbor private docker registry -#################################################### ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/dockerconfigjson -metadata: - name: harbor-registry - namespace: admin-platform -data: - # 修改harbor仓库配置,并使用 base64 工具进行编码 - # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}} - .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19 diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/7.admin-platform/2.admin-platform-ingresses.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/7.admin-platform/2.admin-platform-ingresses.yaml deleted file mode 100644 index f8c644b..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/7.admin-platform/2.admin-platform-ingresses.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# 2.admin-platform-ingresses.yaml - ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: admin-platform-ingress - namespace: admin-platform -spec: - rules: - # 修改为学校的根域名 - - host: admin-platform.paas.xxx.edu.cn - http: - paths: - - path: / - backend: - serviceName: admin-platform-svc - servicePort: http - - -# --- -# apiVersion: extensions/v1beta1 -# kind: Ingress -# metadata: -# name: personal-center-ingress -# namespace: admin-platform -# spec: -# rules: -# # 修改为学校的根域名 -# - host: personal-center.paas.supwisdom.com -# http: -# paths: -# - path: / -# backend: -# serviceName: personal-center-svc -# servicePort: http diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/7.admin-platform/4.2.admin-platform.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/7.admin-platform/4.2.admin-platform.yaml deleted file mode 100644 index c0f91f4..0000000 --- a/deploy-manifests/k8s-rancher/6.admin-platform/7.admin-platform/4.2.admin-platform.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# 04-2-admin-platform.yaml - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: admin-platform - name: admin-platform-env -data: - # 修改为学校的 admin-platform 的访问域名 - LAYOUT_SPA_URL: http://admin-platform.paas.xxx.edu.cn/layout - CAS_SERVER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/cas-server - USER_SERVER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/user-server - AUTH_SERVER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/auth-server - ACCOUNT_CENTER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/account-center - FORM_FLOW_SPA_URL: http://admin-platform.paas.xxx.edu.cn/form-flow - - SCHOOL_NAME: "none" - MAIN_SERVER: http://admin-platform.paas.xxx.edu.cn - - # 修改为学校的访问域名 - SERVER_CONFIG: '{"ROOT": "http://admin-platform.paas.xxx.edu.cn/","AUTH": "http://admin-center.paas.xxx.edu.cn/jwt/cas","BASE_BACK_API": "http://admin-center.paas.xxx.edu.cn/","AUTH_PERSONAL": "http://admin-center.paas.xxx.edu.cn/jwt/cas","PERSONAL_CENTER_API": "http://admin-center.paas.xxx.edu.cn/","PERSONAL_CENTER": "http://admin-platform.paas.xxx.edu.cn/personal-center/","AUTH_FORMFLOW": "http://formflow.paas.xxx.edu.cn/release/cas/authen/redirect","FORM_DESIGN": "http://formflow.paas.xxx.edu.cn/form-design","FORM_DESIGN_PORTAL": "http://formflow.paas.xxx.edu.cn/form-design-portal","FORM_FILE": "http://formflow.paas.xxx.edu.cn/form-file","PERSONAL_CENTER_API_L": "http://portal.paas.xxx.edu.cn/portal-web/","PERSONAL_CENTER_IMAGE_API": "http://portal.paas.xxx.edu.cn/resources/",}' - ---- -apiVersion: v1 -kind: Service -metadata: - namespace: admin-platform - name: admin-platform-svc - labels: - app: admin-platform-svc -spec: - ports: - - port: 80 - targetPort: http - protocol: TCP - name: http - selector: - app: admin-platform - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: admin-platform - name: admin-platform -spec: - selector: - matchLabels: - app: admin-platform - replicas: 1 - template: - metadata: - labels: - app: admin-platform - spec: - containers: - - name: admin-platform - # 若使用了学校搭设的私有仓库,请修改 - image: harbor.supwisdom.com/admin-platform/admin-platform:1.0.0 - imagePullPolicy: Always - ports: - - containerPort: 80 - name: http - envFrom: - - configMapRef: - name: admin-platform-env - resources: - requests: - memory: "128Mi" - limits: - memory: "256Mi" - imagePullSecrets: - - name: harbor-registry