From: 刘洪青 <loie.engine@gmail.com>
Date: Wed, 19 Aug 2020 06:55:05 +0000 (+0800)
Subject: chore: 新增新开普郑州测试环境的部署脚本
X-Git-Url: https://source.supwisdom.com/gerrit/gitweb?a=commitdiff_plain;h=d0187d0aad431504515d724f0d75a0e731c2bddc;p=institute%2Fdeploy-authx-service.git

chore: 新增新开普郑州测试环境的部署脚本
---

diff --git "a/project/newcapec-test/k8s-rancher/0.1.0.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\351\203\250\347\275\262\346\236\266\346\236\204.md" "b/project/newcapec-test/k8s-rancher/0.1.0.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\351\203\250\347\275\262\346\236\266\346\236\204.md"
new file mode 100644
index 0000000..27ca2d8
--- /dev/null
+++ "b/project/newcapec-test/k8s-rancher/0.1.0.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\351\203\250\347\275\262\346\236\266\346\236\204.md"
@@ -0,0 +1,4 @@
+
+# è®¤è¯æææå¡é¨ç½²æ¶æ
+
+
diff --git "a/project/newcapec-test/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md" "b/project/newcapec-test/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md"
new file mode 100644
index 0000000..89e4873
--- /dev/null
+++ "b/project/newcapec-test/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md"
@@ -0,0 +1,599 @@
+
+# å®è£é¨ç½²æå
+
+**ä¸å¡ä¸­å°ä¹è®¤è¯æææå¡**
+
+
+* ä¿®è®¢åå²
+
+çæ¬ | ä½è | æ¥æ | å¤æ³¨
+- | - | - | -
+v1 | åæ´ªé | 2020-06-10 | åç¨¿
+
+
+[TOC]
+
+
+## å®è£åå¤
+
+### mysql åå§éç½®
+
+æ°æ®æä»¶ç®å½ï¼/var/lib/mysql
+
+* å®è£å®æåï¼è°æ´ mysql æå¡çéç½®åæ°
+
+  æ¥çå½åéç½®ï¼show variables;
+
+  æå¤§è¿æ¥æ°               max_connections
+  æä½æ¥å¿çä¿çæ¶é¿         binlog_expire_logs_seconds
+
+  åèå½ä»¤ï¼
+  ```
+  set global max_connections = 1000;
+  set persist max_connections = 1000;
+
+  // 7å¤©  86400 * 7
+  // 1å¤©  86400
+  set global binlog_expire_logs_seconds = 86400 * 7;
+  set persist binlog_expire_logs_seconds = 86400 * 7;
+  ```
+
+  æ¶åºè®¾ç½®
+
+    ç¡®ä¿MySQL çæ¶åºè®¾ç½®ä¸º GMT+8
+
+
+* åå»ºæ°æ®åºå¸å·
+
+  åèå½ä»¤ï¼
+  ```
+  create user 'user'@'%' identified with mysql_native_password  by 'your_password';
+  ```
+
+
+* åå»º database
+
+  ```
+  user
+  user_authz
+  cas_server
+  token_server
+  personal_security_center
+
+  agent_service
+  communicate_center
+
+  admin_center
+
+  tmp_data
+  ```
+
+  åèå½ä»¤ï¼
+  ```
+  create database `user` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+  ```
+
+* æäºæé
+
+  å° database çæéæäºå¯¹åºçå¸å·
+
+  åèå½ä»¤ï¼
+  ```
+  grant all privileges on `user`.* to 'user'@'%' with grant option;
+  ```
+
+
+* æäº SUPER æé
+  ç±äº é¨åå¸å· éè¦åå»º è§¦åå¨ï¼æï¼éè¦ SUPER æé
+  æ¶åå¸å·æ userãuser_authzãcas_server
+
+  åèå½ä»¤ï¼
+  ```
+  grant SUPER on *.* to 'user'@'%';
+  grant SUPER on *.* to 'user_authz'@'%';
+  grant SUPER on *.* to 'cas_server'@'%';
+
+  grant SUPER on *.* to 'tmp_data'@'%';
+  ```
+
+
+* å¤ä»½ä¸è¿å
+
+  åèå½ä»¤ï¼
+  å¤ä»½ï¼
+  ```
+  mysqldump -u root -p cas_server > cas_server.sql
+  mysqldump -u root -p token_server > token_server.sql
+  mysqldump -u root -p user > user.sql
+  mysqldump -u root -p user_authz > user_authz.sql
+  mysqldump -u root -p admin_center > admin_center.sql
+  mysqldump -u root -p personal_security_center > personal_security_center.sql
+  mysqldump -u root -p agent_service > agent_service.sql
+  mysqldump -u root -p communicate_center > communicate_center.sql
+  ```
+
+  è¿åï¼
+  ```
+  mysql -u root -p cas_server < cas_server.sql
+  mysql -u root -p token_server < token_server.sql
+  mysql -u root -p user < user.sql
+  mysql -u root -p user_authz < user_authz.sql
+  mysql -u root -p admin_center < admin_center.sql
+  mysql -u root -p personal_security_center < personal_security_center.sql
+  mysql -u root -p agent_service < agent_service.sql
+  mysql -u root -p communicate_center < communicate_center.sql
+  ```
+
+
+* åå»ºäº¤æ¢å¸å·
+
+  **å¾é¨ç½²å®æåæä½**
+
+  å¦æï¼å­å¨æ°æ®äº¤æ¢ é¡»å°ç»ç»æºææ°æ®ãå¸å·æ°æ® åæ­¥å°ç¨æ·æå¡çæ°æ®åºç
+  åï¼éè¦åå»ºä¸ä¸ª äº¤æ¢ç¨çæ°æ®åºå¸å·ï¼user_transï¼ï¼å¹¶ä¸ºè¯¥å¸å·æäº è¡¨ user.TMP_ORGANIZATION_ORIGINãuser.TMP_ACCOUNT_ORIGIN çè¯»åæä½çæé
+
+  åèå½ä»¤ï¼
+  ```
+  create user 'user_trans'@'%' identified with mysql_native_password  by 'your_password';
+
+  grant select on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+  grant insert on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+  grant update on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+  grant delete on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+
+  grant select on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+  grant insert on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+  grant update on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+  grant delete on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+
+  grant select on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+  grant insert on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+  grant update on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+  grant delete on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+
+  grant select on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+  grant insert on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+  grant update on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+  grant delete on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+  ```
+
+
+### harbor åå¤
+
+* åå»º devops å¸å·
+
+  ç¨äº rancher é¨ç½²æ¶æåéå
+
+  ç¨æ·ç®¡ç ä¸ åå»ºç¨æ·
+    å¦ devops
+
+
+* éååæ­¥
+
+  ä» https://harbor.supwisdom.com ä¸­åæ­¥éå
+    
+  ä»åºç®¡ç ä¸ æ°å»ºç®æ 
+  ```
+  supwisdom    https://harbor.supwisdom.com    rancher.devops / PWMgP85qiLFC
+  ```
+
+  åæ­¥ç®¡ç ä¸ æ°å»ºè§å
+
+  ```
+  admin-portal                  admin-portal/*
+  authx-service                 authx-service/*
+
+  thirdparty-agent-service      thirdparty-agent-service/*
+  user-data-service             goa/*
+  user-authorization-service    user-authorization-service/*
+  cas-server                    cas-server/*
+  token-server                  token-server/*
+  communicate-center            communicate-center/*
+  jobs-server                   jobs-server/*
+
+  personal-security-center      personal-security-center/*
+  admin-center                  admin-center/*
+
+  admin-platform                admin-platform/*
+  ```
+
+  åæ­¥è§åï¼åå»ºå®æåï¼è¿è¡éååæ­¥
+
+  éæ©æä¸ªåæ­¥è§åï¼ç¹å» åæ­¥ï¼ç­å¾ä»»å¡å®æ
+
+
+* æäº devops å¸å· å¯¹åä¸ªé¡¹ç®ç è®¿å®¢ æé
+
+  é¡¹ç® ä¸ï¼ç¹å» é¡¹ç®åç§°ï¼è¿å¥å° æåï¼æ·»å ç¨æ·ï¼æ¥æ¾ç¨æ· devopsï¼éæ©è§è² è®¿å®¢ï¼ç¡®å®ï¼æ·»å å³å¯
+
+
+### rancher åå¤
+
+* åå»ºé¡¹ç®
+
+  è¿å¥ å¨å± - éç¾¤ï¼å·ä½åç§°è§é¡¹ç®å®è£èå®ï¼ - é¡¹ç®/å½åç©ºé´ï¼æ·»å é¡¹ç®
+
+  è¾å¥ é¡¹ç®åç§°ï¼ä¿å­
+
+
+* åå»ºå½åç©ºé´
+
+  è¿å¥ å¨å± - éç¾¤ï¼å·ä½åç§°è§é¡¹ç®å®è£èå®ï¼ - é¡¹ç®/å½åç©ºé´
+
+  å¨æ°å»ºçé¡¹ç®ä¸­ï¼æ·»å å½åç©ºé´
+
+  è¾å¥ åç§°ï¼ä¿å­
+
+* å¯¼å¥YAML
+
+  è¿å¥ å¨å± - éç¾¤ï¼å·ä½åç§°è§é¡¹ç®å®è£èå®ï¼ - é¡¹ç®ï¼æä¸ªé¡¹ç®ï¼
+
+  è¿å¥ èµæº - å·¥ä½è´è½½
+
+
+### åååå¤
+
+* ç¡®å®åå
+
+  é¦åæç¡®æ¯å¦ä½¿ç¨æ³ååï¼å¦ï¼`*.paas.xxx.edu.cn`ï¼æ ç´æ¥ä½¿ç¨å­¦æ ¡åå `xxx.edu.cn`
+
+  æ¬äº§åå®è£éè¦çååå¦ä¸ï¼
+  ```
+  cas.paas.xxx.edu.cn                         è®¤è¯ï¼è§å·ä½æåµï¼å¯è°æ´ï¼
+  token.paas.xxx.edu.cn                       è®¤è¯ï¼APPéç¨ï¼
+
+  personal-security-center.paas.xxx.edu.cn    ä¸ªäººå®å¨ä¸­å¿åç«¯API
+
+  security-center.paas.xxx.edu.cn             å®å¨ä¸­å¿åç«¯UIï¼å¸å·æ¿æ´»ãå¿è®°å¯ç ï¼
+
+  admin-center.paas.xxx.edu.cn                äºå¹³å°åç«¯API
+
+  admin-platform.paas.xxx.edu.cn              äºå¹³å°åç«¯UI
+  ```
+
+  å¦æä½¿ç¨ å­¦æ ¡ååï¼åå»é¤ .paas å³å¯ï¼åæ¶ç³è¯·å¼éç¸å³åå
+
+
+## å¼å§å®è£
+
+
+### æ°æ®åºåå»º
+
+* æ°æ®åºå¸å·
+
+  æå¡ | å¸å·
+  - | -
+  ç¨æ·æå¡ user-data-service | user
+  æææå¡ user-authorization-service | user_authz
+  è®¤è¯æå¡ cas-server | cas_server
+  è®¤è¯æå¡ï¼APPéç¨ï¼ token-server | token_server
+  - | -
+  ç¬¬ä¸æ¹ä»£çæå¡ thridparty-agent-service | agent_service
+  éä¿¡æå¡ communicate-center | communicate_center
+  - | -
+  ç®¡çä¸­å¿ admin-center | admin_center
+  - | -
+  v4è®¤è¯è¿ç§»æ°æ® | tmp_data
+
+  åå»ºå½ä»¤
+
+  **è¯·ä¿®æ¹å½ä»¤ä¸­ç `your_password` ä¸ºå®éçæ°æ®åºå¸å·çå¯ç **
+  ```
+  create user 'user'@'%' identified with mysql_native_password  by 'your_password';
+  create user 'user_authz'@'%' identified with mysql_native_password  by 'your_password';
+  create user 'cas_server'@'%' identified with mysql_native_password  by 'your_password';
+  create user 'token_server'@'%' identified with mysql_native_password  by 'your_password';
+
+  create user 'agent_service'@'%' identified with mysql_native_password  by 'your_password';
+  create user 'communicate_center'@'%' identified with mysql_native_password  by 'your_password';
+
+  create user 'admin_center'@'%' identified with mysql_native_password  by 'your_password';
+
+  create user 'tmp_data'@'%' identified with mysql_native_password  by 'your_password';
+  ```
+
+
+
+
+### rancher å®¹å¨é¨ç½²
+
+* ä¿®æ¹ yaml ä¸­çç¸å³éç½®
+
+  å·ä½åè yaml æä»¶ä¸­çè¯´æ
+
+
+  0.infras
+
+  åºç¡è®¾æ½ï¼ç®ååå« MySQLæ°æ®åºçWebç®¡çç«¯ãSpringBootæå¡çç®¡çç«¯
+
+  ```
+  0.0.0.infras-base.yaml                è¯·ä¿®æ¹ harbor-registry çå¸å·å¯ç 
+
+  0.0.1.infras-mysql.yaml               è¯·ä¿®æ¹ MySQLæ°æ®åº çå°åãIPï¼mysql-adminer è®¿é®åå
+
+  0.0.2.infras-sba.yaml                 è¯·ä¿®æ¹ docker éåå°å
+
+  ```
+
+
+  1.authx-service
+
+  ä¸å¡ä¸­å° ä¹ è®¤è¯æææå¡
+
+  åè yaml ä¸­çè¯´æï¼ä¿®æ¹ç¸å³éç½®
+
+  ```
+  å¨åä¸ªæå¡çå®è£èæ¬ç®å½ä¸ï¼ä¿®æ¹ä»¥ä¸æä»¶ï¼è¥å­å¨ï¼ä¸­çéç½®
+    0.*-base.yaml                       è¯·ä¿®æ¹ harbor-registry çå¸å·å¯ç 
+
+    4.x.*.yaml, 5.*-datax-job.yaml      è¯·ä¿®æ¹ docker éåå°å
+
+    1.*-env.yaml, 5.*-datax-job.yaml    è¯·ä¿®æ¹ æ°æ®åºå¯ç 
+
+    2.*-ingresses.yaml                  è¯·ä¿®æ¹ è®¿é®åå
+
+
+  0.0.trans-service-v4
+
+    æ­¤ä¸º è®¤è¯v4 çæ°æ®è¿ç§»æå¡ï¼å¯éï¼
+
+    å° è®¤è¯v4 çæ°æ®å¯¼å¥å° tmp_data ä¸
+
+    æ°æ®è¿ç§»åï¼è¿éè¦æå¨ç¼åèæ¬ï¼å°æ°æ®è¿ç§»è³ ç¨æ·æå¡ãæææå¡ çæ°æ®åºä¸­
+
+
+  0.authx-service
+
+    æ­¤ä¸º å¬å±åºç¡æå¡
+
+    å¦ï¼MySQL æå¡å°åï¼Endpointsï¼ãæä»¶å­å¨æå¡
+
+    1.authx-service-mysql.yaml
+
+      è¯·ä¿®æ¹ mysql çæå¡å°å IP
+
+    2.authx-service-minio.yaml 
+
+      è¯·ä¿®æ¹ minio ç `MINIO_ACCESS_KEY`ã`MINIO_SECRET_KEY`
+
+      æ ¹æ®æåµä¿®æ¹ pvc ç storageClassName
+
+
+    9.poa-api-docs_install.yaml
+
+      ç¨äºå° è®¤è¯æææå¡ç poa æ¥å£ææ¡£ï¼å¯¼å¥å° poa-sa ä¸­ï¼**è¯·å¨ poa å®è£å®æåå¤ç**
+
+      è¯·ä¿®æ¹ poa çæå¡å°å `POA_SERVER_URL`
+
+
+  1.thirdparty-agent-service
+
+    æ­¤ä¸º ç¬¬ä¸æ¹æå¡çä»£çæå¡
+
+    file-minio
+
+      ä¿®æ¹ minio ç `FILE_MINIO_ACCESSKEY`ã`FILE_MINIO_SECRETKEY`
+
+    mail-smtp
+
+      è·å å­¦æ ¡ç smtp æå¡å°åï¼é®ç®±å¸å·ï¼ç¨äºåéé®ä»¶
+
+    sms-aliyun
+
+      å¦æ å­¦æ ¡ä½¿ç¨ é¿éäºçç­ä¿¡æå¡ï¼æä¾ `ACCESS_KEY_ID`ã`ACCESS_SECRET`ï¼
+      å¦åï¼æä¾ç¸å³çç­ä¿¡å¹³å°ï¼è¿è¡å®å¶å¼å
+
+
+  2.user-data-service
+
+    æ­¤ä¸º ç¨æ·æå¡
+
+    goa
+
+      å¦æ é¡»å°ç¨æ·æ°æ®çåæ´ä¸åå° Openldap ç­ç¬¬ä¸æ¹ä¸å¡ä¸­ï¼åé¡»éç½® `JOBS_RABBITMQ_*` ä¸ºå¼å¯ï¼ENABLED=trueï¼
+
+
+  3.user-authorization-service
+
+    æ­¤ä¸º æææå¡
+
+
+  4.cas-server
+
+    æ­¤ä¸º è®¤è¯æå¡
+
+    cas-server-site-webapp
+
+      çæå¬ç§é¥è¯ä¹¦ï¼åè certs/jwt/readme.md çæå¬ç§é¥pemï¼ä¿®æ¹ç¸å³éç½® `CASSERVER_JWT_PRIVATE_KEY_PEM_PKCS8`ã`CASSERVER_JWT_PUBLIC_KEY_PEM`
+
+      ä¿®æ¹ è®¤è¯æå¡çå¤ç½è®¿é®å°å `CAS_SERVER_NAME`
+
+      ä¿®æ¹ CAT TGC çå®å¨ï¼è¥ ä½¿ç¨ httpsï¼åé¡»ä¿®æ¹ `CAS_TGC_SECURE: "true"`
+
+      ä¿®æ¹ å®å¨ä¸­å¿ï¼å¸å·æ¿æ´»ãæ¾åå¯ç ï¼çé¾æ¥å°å `CASSERVERSITE_FORGOT_PASSWORD_URL`ã`CASSERVERSITE_ACTIVE_ACCOUNT_URL`
+
+      èåç»å½ï¼QQãå¾®ä¿¡ãä¼ä¸å¾®ä¿¡ãæ¯ä»å®ç­ï¼éç½® `CASSERVER_FEDERATION_*`
+
+      å¨æå¯ç è®¤è¯ ç¸å³éç½®
+      1. ç­ä¿¡æ¨¡æ¿ï¼å¨æå¯ç ï¼ `CASSERVERSITE_PASSWORDLESS_SMS_TEXT_TEMPLATE`
+      2. ç­ä¿¡æ¥å£å°å `TPAS_AGENT_SERVICE_SMS_SENDER_PATH`
+
+      å¦æ é¡»ä¸ è¶çº§APP å¯¹æ¥ï¼é¡»ä¿®æ¹ Token éªç­¾å¬é¥å°å `SUPERAPP_TOKEN_SIGNING_KEY_URL`
+
+      å¦æ é¡»å¼å¯å¾çéªè¯ç ï¼ä¿®æ¹ `CASSERVERSITE_CAPTCHA_ENABLED: "true"`
+
+
+  5.token-server
+
+    æ­¤ä¸º è®¤è¯æå¡ï¼éç¨äºAPPï¼å¯éï¼
+
+    token-server
+
+      çæå¬ç§é¥è¯ä¹¦ï¼ä¸cas-serverä¿æä¸è´ï¼ï¼åè certs/jwt/readme.md çæå¬ç§é¥pemï¼ä¿®æ¹ç¸å³éç½® `TOKEN_SERVER_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8`ã`TOKEN_SERVER_SECURITY_JWT_PUBLIC_KEY_PEM`
+
+      ä¿®æ¹ è®¤è¯æå¡çå¤ç½è®¿é®å°å `TOKEN_SERVER_PREFIX`
+
+      ä¿®æ¹ è®¤è¯æå¡ Id-Token çç­¾åèæ è¯ `TOKEN_SERVER_SECURITY_JWT_ISS`
+
+      å¨æå¯ç è®¤è¯ ç¸å³éç½®ï¼ä¸cas-serverä¿æä¸è´ï¼
+      1. ç­ä¿¡æ¨¡æ¿ï¼å¨æå¯ç ï¼ `TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE`
+      2. ç­ä¿¡æ¥å£å°å `TPAS_AGENT_SERVICE_SMS_SENDER_PATH`
+
+      äººè¸è®¤è¯ï¼é¡»éç½®äººè¸æå¡ï¼ç®åæ¯æ æ°å¼æ®äººè¸æå¡ãç¾åº¦äººè¸æå¡ï¼æ ¹æ®æåµè·åç¸å³éç½®åæ°
+
+      APP ç»å½ä¿¡æ¯ ä¸ªæ¨ï¼ä½¿ç¨äºæ¶æ¯æå¡çæ¥å£ï¼è¯¥æ¥å£ç± POA æä¾ï¼æé¡»
+      1. æ³¨å POA clientï¼è·å `clientId`ã`clientSecret`ï¼ç³è¯· Scope `messagecenter:v1:sendMessage`
+      2. è·å æ¶æ¯æå¡ç `appId`
+
+
+  6.personal-security-center
+
+    æ­¤ä¸º ä¸ªäººå®å¨ä¸­å¿ åç«¯APIï¼å®å¨ä¸­å¿ åç«¯UI
+
+    æä¾ä¸ªäººå¸å·ç¸å³çæä½çæ¥å£ï¼ä»¥å å¸å·æ¿æ´»ãå¯ç æ¾å ç­åè½
+
+
+
+    TODO: ä¿®æ¹ bffãzuul éç½®
+    TODO: ä¿®æ¹ security-center-ui éç½®
+
+
+  9.jobs-server
+
+    æ­¤ä¸º ä»»å¡è°åº¦æå¡
+
+    åºäº å®æ¶ä»»å¡ãè§¦åä»»å¡ ç­ï¼å®æ ç¨æ·æ°æ®çåæ­¥
+
+    å¦ï¼
+    * æºå¤´æ°æ®è¿å¥å°ä¸´æ¶è¡¨åï¼åå¥ç¨æ·çæ­£å¼è¡¨
+    * ç¨æ·æ°æ®æ´æ°åï¼éè¿æ¶æ¯éåï¼å¢éæ´æ° Openldap æ°æ®
+
+
+
+  ```
+
+
+  6.admin-platform
+
+  äºå¹³å°
+
+  ```
+
+  6.admin-center
+
+    æ­¤ä¸º äºå¹³å° åç«¯API
+
+
+  7.admin-platform
+
+    æ­¤ä¸º äºå¹³å° åç«¯UI
+
+  ```
+
+
+* æ·»å é¡¹ç®ãå½åç©ºé´
+
+  é¡¹ç®
+  ```
+  infras                # åºç¡è®¾æ½ï¼å¯éï¼æ¹ä¾¿å®æ½å·¥ä½ï¼
+
+  authx-service         # è®¤è¯æææå¡
+
+  admin-platform        # ç®¡çå¹³å°
+
+  ```
+
+  å½åç©ºé´
+
+  å¨é¡¹ç® infras ä¸åå»º å½åç©ºé´ï¼
+
+  ```
+  base
+
+  ```
+
+  å¨é¡¹ç® authx-service ä¸åå»º å½åç©ºé´ï¼
+
+  ```
+  trans-serviceï¼è®¤è¯v4çæ°æ®è¿ç§»æå¡ï¼å¯éï¼
+
+  authx-service
+
+  thirdparty-agent-service
+
+  user-data-service
+  
+  user-authorization-service
+  
+  cas-server
+
+  token-server
+  
+  personal-security-center
+
+  communicate-center
+  
+  jobs-server
+
+  ```
+
+  å¨é¡¹ç® admin-platform ä¸åå»º å½åç©ºé´ï¼
+
+  ```
+  admin-center
+
+  admin-platform
+
+  ```
+
+
+* å¯¼å¥YAML
+
+  å¨é¡¹ç® infras ä¸­ï¼å° 0.infras ä¸ç yaml æç¼å·ä¾æ¬¡å¯¼å¥
+
+  ```
+  0.0.0.infras-base.yaml
+
+  0.0.1.infras-mysql.yaml                mysql webç®¡ç
+
+  0.0.2.infras-sba.yaml                    
+
+  ```
+
+  å¨é¡¹ç® authx-service ä¸­ï¼å° 1.authx-service ä¸ç yaml æç¼å·ä¾æ¬¡å¯¼å¥
+
+    å¡å¿ç¡®ä¿ `4.0.*-installer.yaml` æ§è¡æå
+
+
+  å¨é¡¹ç® admin-platform ä¸­ï¼å° 6.admin-platform ä¸ç yaml æç¼å·ä¾æ¬¡å¯¼å¥
+
+
+### æ°æ®éç½®
+
+  æ°æ®èæ¬åå§å
+
+  åä¿®æ¹ èæ¬ä¸­çååï¼å¦æå­å¨ï¼
+
+
+* å¯éï¼1.authx-service/10.0.tmp.sql
+
+    è¥éè¿äº¤æ¢åæ­¥ç»ç»æºæãå¸å·æ°æ®çï¼é¡»æ§è¡è¯¥æ°æ®åºèæ¬
+
+
+* å¯éï¼1.authx-service/10.1.init-flow.sql
+
+    è¥é¨ç½²äº æµç¨å¹³å° çäº§å
+
+    å¯é»è®¤åå»ºå ä¸ªç®¡çåå¸å·ï¼ä»¥ååå§ææ
+
+
+* **å¿éï¼6.admin-platform/10.0.init.sql**
+
+    ä¿®æ¹ æ°æ®åºæ°æ®åå§åæ¶çé»è®¤éç½®
+
+
+* å¯éï¼6.admin-platform/10.1.init-flow.sql
+
+    è¥é¨ç½²äº æµç¨å¹³å° çäº§å
+
+    å° æµç¨å¹³å° çç®¡çèå æ·»å å° äºå¹³å°ä¸­
diff --git "a/project/newcapec-test/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.pdf" "b/project/newcapec-test/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.pdf"
new file mode 100644
index 0000000..de752a8
Binary files /dev/null and "b/project/newcapec-test/k8s-rancher/0.1.1.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.pdf" differ
diff --git "a/project/newcapec-test/k8s-rancher/0.2.1.POA\357\274\210\345\271\263\345\217\260OpenAPI\357\274\211\346\234\215\345\212\241\346\263\250\345\206\214.md" "b/project/newcapec-test/k8s-rancher/0.2.1.POA\357\274\210\345\271\263\345\217\260OpenAPI\357\274\211\346\234\215\345\212\241\346\263\250\345\206\214.md"
new file mode 100644
index 0000000..5dcbbb6
--- /dev/null
+++ "b/project/newcapec-test/k8s-rancher/0.2.1.POA\357\274\210\345\271\263\345\217\260OpenAPI\357\274\211\346\234\215\345\212\241\346\263\250\345\206\214.md"
@@ -0,0 +1,7 @@
+
+# POAï¼å¹³å°OpenAPIï¼æå¡æ³¨å
+
+**è¯·ç¡®ä¿POAå·²ç»å®è£å®æ**
+
+æ ¹æ® 9.poa-api-docs ä¸ç readme.md çè¯´æè¿è¡æä½
+
diff --git "a/project/newcapec-test/k8s-rancher/0.2.2.\347\237\255\344\277\241\345\271\263\345\217\260\345\257\271\346\216\245\350\257\264\346\230\216.md" "b/project/newcapec-test/k8s-rancher/0.2.2.\347\237\255\344\277\241\345\271\263\345\217\260\345\257\271\346\216\245\350\257\264\346\230\216.md"
new file mode 100644
index 0000000..b786222
--- /dev/null
+++ "b/project/newcapec-test/k8s-rancher/0.2.2.\347\237\255\344\277\241\345\271\263\345\217\260\345\257\271\346\216\245\350\257\264\346\230\216.md"
@@ -0,0 +1,14 @@
+# ç­ä¿¡å¹³å°å¯¹æ¥è¯´æ
+
+
+## é¿éäºç­ä¿¡æå¡
+
+é¡»ç³è¯·é¿éäºç­ä¿¡æå¡
+
+åè docs ä¸ç ãé¿éäºç­ä¿¡ç³è¯·ï¼ç­¾åãæ¨¡æ¿ï¼ã
+
+
+## ç¬¬ä¸æ¹ç­ä¿¡å¹³å°
+
+é¡»è¿è¡å®å¶å¼å
+
diff --git a/project/newcapec-test/k8s-rancher/0.infras/0.0.0.infras-base.yaml b/project/newcapec-test/k8s-rancher/0.infras/0.0.0.infras-base.yaml
new file mode 100644
index 0000000..12b0340
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/0.infras/0.0.0.infras-base.yaml
@@ -0,0 +1,17 @@
+# 0.0.0.infras-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: base
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
diff --git a/project/newcapec-test/k8s-rancher/0.infras/0.0.1.infras-mysql.yaml b/project/newcapec-test/k8s-rancher/0.infras/0.0.1.infras-mysql.yaml
new file mode 100644
index 0000000..fd62f7d
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/0.infras/0.0.1.infras-mysql.yaml
@@ -0,0 +1,102 @@
+# 0.0.1.infras-mysql.yaml
+
+# æ­¤æå¡å¯éå®è£ï¼ç¨äºMySQLæ°æ®åºçç®¡çæä¾Webç«¯
+
+####################################################
+# mysql-server
+####################################################
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: base
+  name: mysql-server
+spec:
+  ports:
+  - name: tcp-mysql
+    port: 3306
+    protocol: TCP
+    targetPort: 3306
+---
+kind: Endpoints
+apiVersion: v1
+metadata:
+  namespace: base
+  name: mysql-server
+subsets:
+  - addresses:
+      # ä¿®æ¹å®éMySQLæå¡å¨çIPå°å
+      - ip: 172.30.104.82
+    ports:
+      - name: tcp-mysql
+        port: 3306
+        protocol: TCP
+
+
+####################################################
+# mysql-adminer
+####################################################
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: base
+  name: mysql-adminer
+spec:
+  ports:
+  - name: http
+    port: 8080
+    protocol: TCP
+    targetPort: http
+  selector:
+    app: mysql-adminer
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: base
+  name: mysql-adminer
+spec:
+  selector:
+    matchLabels:
+      app: mysql-adminer
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mysql-adminer
+    spec:
+      containers:
+      - name: mysql-adminer
+        image: adminer:4
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        env:
+        - name: ADMINER_DEFAULT_SERVER
+          value: mysql-server
+        resources:
+          requests:
+            memory: "512Mi"
+          limits:
+            memory: "512Mi"
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: mysql-adminer-ingress
+  namespace: base
+spec:
+  rules:
+  # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+  - host: mysql-adminer.paas.xxx.edu.cn
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: mysql-adminer
+          servicePort: http
+
diff --git a/project/newcapec-test/k8s-rancher/0.infras/0.0.2.infras-sba.yaml b/project/newcapec-test/k8s-rancher/0.infras/0.0.2.infras-sba.yaml
new file mode 100644
index 0000000..70b3269
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/0.infras/0.0.2.infras-sba.yaml
@@ -0,0 +1,117 @@
+# 0.0.2.infras-sba.yaml
+
+# æ­¤æå¡å¯éå®è£ï¼ç¨äºå¼åäººåææ¥é®é¢
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: base
+  name: spring-boot-admin-env-secret
+data:
+  # sbaadmin
+  SBA_USERNAME: c2JhYWRtaW4=
+  # sbanimda
+  SBA_PASSWORD: c2JhbmltZGE=
+
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: base
+  name: spring-boot-admin-env
+data:
+  SERVER_PORT: "8080"
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: base
+  name: spring-boot-admin-svc
+  labels:
+    app: spring-boot-admin
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: spring-boot-admin
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: base
+  name: spring-boot-admin
+spec:
+  selector:
+    matchLabels:
+      app: spring-boot-admin
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: spring-boot-admin
+    spec:
+      containers:
+      - name: spring-boot-admin
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/institute/spring-boot-admin:0.1.0-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - secretRef:
+            name: spring-boot-admin-env-secret
+        - configMapRef:
+            name: spring-boot-admin-env
+        resources:
+          requests:
+            memory: "400Mi"
+          limits:
+            memory: "400Mi"
+        readinessProbe:
+          tcpSocket:
+            port: 8080
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: sba-ingress
+  namespace: base
+spec:
+  rules:
+  # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+  - host: sba.paas.xxx.edu.cn
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: spring-boot-admin-svc
+          servicePort: http
+
diff --git a/project/newcapec-test/k8s-rancher/0.infras/0.0.x.infras-monitor.yaml b/project/newcapec-test/k8s-rancher/0.infras/0.0.x.infras-monitor.yaml
new file mode 100644
index 0000000..88c23c2
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/0.infras/0.0.x.infras-monitor.yaml
@@ -0,0 +1,21 @@
+# 
+
+# æ­¤éç½®å¯éå®è£ï¼ç¨äºéç½®çæ§
+
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: authx-service-monitor
+  namespace: cattle-prometheus
+spec:
+  selector:
+    matchLabels:
+      needMonitor: 'true'
+  namespaceSelector:
+    matchNames:
+    - user-data-service
+    - user-authorization-service
+    - cas-server
+  endpoints:
+  - port: http-metrics
+    path: /metrics
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/0.trans-service-v4-base.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/0.trans-service-v4-base.yaml
new file mode 100644
index 0000000..e37e2d5
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/0.trans-service-v4-base.yaml
@@ -0,0 +1,47 @@
+# 0.trans-service-v4-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: trans-service
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+
+####################################################
+# mysql-server
+####################################################
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: trans-service
+  name: mysql-server
+spec:
+  ports:
+  - name: tcp-mysql
+    port: 3306
+    protocol: TCP
+    targetPort: 3306
+---
+kind: Endpoints
+apiVersion: v1
+metadata:
+  namespace: trans-service
+  name: mysql-server
+subsets:
+  - addresses:
+      # ä¿®æ¹å®éMySQLæå¡å¨çIPå°å
+      - ip: 172.30.104.82
+    ports:
+      - name: tcp-mysql
+        port: 3306
+        protocol: TCP
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/1.trans-service-v4-env.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/1.trans-service-v4-env.yaml
new file mode 100644
index 0000000..7c65b68
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/1.trans-service-v4-env.yaml
@@ -0,0 +1,26 @@
+# 1.trans-service-v4-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: trans-service
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: trans-service
+  name: datasource-env-secret
+type: Opaque
+data:
+  # jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/tmp_data?serverTimezone=Asia/Shanghai
+  JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvdG1wX2RhdGE/c2VydmVyVGltZXpvbmU9QXNpYS9TaGFuZ2hhaQ==
+  # tmp_data
+  JDBC_USERNAME: dG1wX2RhdGE=
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # kingstar
+  JDBC_PASSWORD: a2luZ3N0YXI=
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/4.0.trans-service-v4-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/4.0.trans-service-v4-installer.yaml
new file mode 100644
index 0000000..7a14465
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/4.0.trans-service-v4-installer.yaml
@@ -0,0 +1,46 @@
+# 4.0.trans-service-v4-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: trans-service
+  name: trans-installer-env
+data:
+  DB_TYPE: mysql8
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: trans-installer
+  namespace: trans-service
+spec:
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: trans-installer
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: trans-installer
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/admin-portal/trans-installer:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: trans-installer-env
+        resources:
+          requests:
+            memory: "256Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/5.trans-service-v4-datax-job.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/5.trans-service-v4-datax-job.yaml
new file mode 100644
index 0000000..62581c7
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.0.trans-service-v4/5.trans-service-v4-datax-job.yaml
@@ -0,0 +1,55 @@
+# 5.trans-service-v4-datax-job.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: trans-service
+  name: trans-datax-job-env
+data:
+  EANBLED_JOBS: TMP_DM_GENDER,TMP_DM_ORGTYPE,TMP_DM_ACCOUNTTYPE,TMP_DM_IDENTITYTYPE,TMP_ORGANIZE,TMP_PERSON,TMP_ACCOUNT,TMP_REGISTERED_SERVICE,TMP_WEAK_PASSWORD_DICT,TMP_TB_ORGANIZE,TMP_TB_USER,TMP_TB_ACCOUNT,TMP_TB_USERGROUP,TMP_TB_ROLE,TMP_TB_APPLICATION,TMP_TB_FUNCTION,TMP_TB_RIGHT,TMP_TB_ACCOUNTSECURITYEMAIL,TMP_TB_ACCOUNTSECURITYMOBILE,TMP_REF_ORGANIZEUSER,TMP_REF_USERGROUPACCOUNT,TMP_REF_ACCOUNTROLE,TMP_REF_USERGROUPROLE,TMP_REF_USERROLE,TMP_REF_APPLICATIONROLE,TMP_REF_FUNCTIONROLE,TMP_REF_RIGHTROLE
+
+  ORACLEREADER_UNIAUTH_USERNAME: idc_u_uniauth
+  ORACLEREADER_UNIAUTH_PASSWORD: kingstar
+  ORACLEREADER_UNIAUTH_JDBC_URL: jdbc:oracle:thin:@172.30.104.101:1521/xydb
+
+  MYSQLWRITER8_TMP_USERNAME: tmp_data
+  MYSQLWRITER8_TMP_PASSWORD: kingstar
+  MYSQLWRITER8_TMP_JDBC_URL: jdbc:mysql://mysql-server:3306/tmp_data
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: trans-datax-job
+  namespace: trans-service
+spec:
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: trans-datax-job
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: trans-datax-job
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/admin-portal/trans-datax-job:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: trans-datax-job-env
+        resources:
+          # requests:
+          #   memory: "400Mi"
+          # limits:
+          #   memory: "400Mi"
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/0.authx-service-base.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/0.authx-service-base.yaml
new file mode 100644
index 0000000..cb85dba
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/0.authx-service-base.yaml
@@ -0,0 +1,16 @@
+# 0.authx-service-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: authx-service-test
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/1.authx-service-mysql.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/1.authx-service-mysql.yaml
new file mode 100644
index 0000000..7a59dc3
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/1.authx-service-mysql.yaml
@@ -0,0 +1,32 @@
+# 0.0.1.authx-service-mysql.yaml
+
+####################################################
+# mysql-server
+# å¤é¨ MySQL çæå¡å°åæ å°
+####################################################
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: authx-service-test
+  name: mysql-server
+spec:
+  ports:
+  - name: tcp-mysql
+    port: 3306
+    protocol: TCP
+    targetPort: 3306
+---
+kind: Endpoints
+apiVersion: v1
+metadata:
+  namespace: authx-service-test
+  name: mysql-server
+subsets:
+  - addresses:
+      # ä¿®æ¹å®éMySQLæå¡å¨çIPå°å
+      - ip: 192.168.116.91
+    ports:
+      - name: tcp-mysql
+        port: 3306
+        protocol: TCP
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml
new file mode 100644
index 0000000..3b757fb
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml
@@ -0,0 +1,115 @@
+# 2.authx-service-minio.yaml
+
+####################################################
+# minio
+# æä»¶æå¡å¨ï¼å¯¹è±¡å­å¨
+####################################################
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: authx-service-test
+  name: minio-data-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  # æ ¹æ®æåµä¿®æ¹
+  storageClassName: supwisdom-nfs-storage
+  resources:
+    requests:
+      storage: 5Gi
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: authx-service-test
+  name: minio-env-secret
+type: Opaque
+data:
+  # ä¿®æ¹ access_keyï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # é»è®¤å¼ï¼1y8N@8R@a_2u
+  MINIO_ACCESS_KEY: MXk4TkA4UkBhXzJ1
+  # ä¿®æ¹ secret_keyï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # é»è®¤è³ï¼8pxlIe9#lN7Q
+  MINIO_SECRET_KEY: OHB4bEllOSNsTjdR
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: authx-service-test
+  name: minio-svc
+  labels:
+    app: minio
+spec:
+  ports:
+    - port: 9000
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app: minio
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: authx-service-test
+  name: minio
+spec:
+  selector:
+    matchLabels:
+      app: minio
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: minio
+    spec:
+      containers:
+      - name: minio
+        image: minio/minio:RELEASE.2020-04-23T00-58-49Z
+        imagePullPolicy: Always
+        args: 
+        - "server"
+        - "/data"
+        ports:
+        - containerPort: 9000
+          name: http
+        envFrom:
+        - secretRef:
+            name: minio-env-secret
+        volumeMounts:
+        - mountPath: /data
+          name: minio-data
+        resources:
+          requests:
+            memory: "256Mi"
+          limits:
+            memory: "256Mi"
+      volumes:
+      - name: minio-data
+        persistentVolumeClaim:
+          claimName: minio-data-pvc
+
+
+# è¯¥ ingress éç½®å¯éï¼ä¸»è¦ç¨äºå®æ½è°è¯ç¨
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+#   name: minio-ingress
+#   namespace: authx-service
+# spec:
+#   rules:
+#   # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+#   - host: minio.paas.xxx.edu.cn
+#     http:
+#       paths:
+#       - path: /
+#         backend:
+#           serviceName: minio-svc
+#           servicePort: http
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/8.echo-server.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/8.echo-server.yaml
new file mode 100644
index 0000000..0c2de7e
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/8.echo-server.yaml
@@ -0,0 +1,58 @@
+# 8.echo-server.yaml
+
+# ç¨äºç¯å¢æµè¯
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: echo-server
+  namespace: default
+  labels:
+    run: echo-server
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: 8080
+      protocol: TCP
+      name: http
+  selector:
+    run: echo-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: echo-server
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      run: echo-server
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        run: echo-server
+    spec:
+      containers:
+      - name: echo-server
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: inanimate/echo-server:latest
+        ports:
+        - containerPort: 8080
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: echo-server-ingress
+  namespace: default
+spec:
+  rules:
+  # **ä¿®æ¹** å­¦æ ¡çæ ¹åå
+  - host: echo.paas.xxx.edu.cn
+    http:
+      paths:
+      - backend:
+          serviceName: echo-server
+          servicePort: 80
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/9.poa-api-docs-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/9.poa-api-docs-installer.yaml
new file mode 100644
index 0000000..4b24f61
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/0.authx-service/9.poa-api-docs-installer.yaml
@@ -0,0 +1,47 @@
+# 10.9.poa-api-docs-installer.yaml
+
+# å®è£å® POA åï¼æ§è¡
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: authx-service-test
+  name: poa-api-docs-installer-env
+data:
+  ##
+  # å¹³å°OpenAPIçå¤ç½è®¿é®å°åï¼
+  # **ä¿®æ¹** å­¦æ ¡çæ ¹åå
+  POA_SERVER_URL: http://poa.paas.xxx.edu.cn
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: authx-service-test
+  name: poa-api-docs-installer
+spec:
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: poa-api-docs-installer
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: poa-api-docs-installer
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/authx-service/poa-api-docs-installer:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: poa-api-docs-installer-env
+        resources:
+          requests:
+            memory: "256Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/1.thirdparty-agent-service/0.thirdparty-agent-service-base.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/1.thirdparty-agent-service/0.thirdparty-agent-service-base.yaml
new file mode 100644
index 0000000..053cea8
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/1.thirdparty-agent-service/0.thirdparty-agent-service-base.yaml
@@ -0,0 +1,16 @@
+# thirdparty-agent-service-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: thirdparty-agent-service-test
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/1.thirdparty-agent-service/1.thirdparty-agent-service-env.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/1.thirdparty-agent-service/1.thirdparty-agent-service-env.yaml
new file mode 100644
index 0000000..8ad8c6e
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/1.thirdparty-agent-service/1.thirdparty-agent-service-env.yaml
@@ -0,0 +1,26 @@
+# thirdparty-agent-service-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: thirdparty-agent-service-test
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: thirdparty-agent-service-test
+  name: datasource-env-secret
+type: Opaque
+data:
+  # jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/agent_service?serverTimezone=Asia/Shanghai
+  SPRING_DATASOURCE_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLXRlc3Quc3ZjLmNsdXN0ZXIubG9jYWw6MzMwNi9hZ2VudF9zZXJ2aWNlP3NlcnZlclRpbWV6b25lPUFzaWEvU2hhbmdoYWk=
+  # agent_service
+  SPRING_DATASOURCE_USERNAME: YWdlbnRfc2VydmljZQ==
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # Nwpu@Supwisdom123
+  SPRING_DATASOURCE_PASSWORD: TndwdUBTdXB3aXNkb20xMjM=
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml
new file mode 100644
index 0000000..a9b3341
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml
@@ -0,0 +1,149 @@
+# thirdparty-agent-service.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: thirdparty-agent-service-test
+  name: agent-service-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  # SERVER_TOMCAT_ACCEPT_COUNT: "1000"
+  # SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  # SERVER_TOMCAT_MAX_THREADS: "1000"
+  # SERVER_TOMCAT_MIN_SPARE_THREADS: "10"
+
+  ## file-db
+  FILE_DB_AUTOCONFIGURE_ENABLED: "false"
+
+  ## file-minio
+  FILE_MINIO_AUTOCONFIGURE_ENABLED: "true"
+  FILE_MINIO_ENDPOINT: http://minio-svc.authx-service-test.svc.cluster.local:9000
+  # FILE_MINIO_ACCESSKEY: ""
+  # FILE_MINIO_SECRETKEY: ""
+
+  ## mail-console
+  MAIL_CONSOLE_AUTOCONFIGURE_ENABLED: "true"
+
+  # è¥é¡»å¯¹æ¥é®ä»¶æå¡ï¼é¡»æä¾ SMTP å¸å·
+  ## mail-smtp
+  MAIL_SMTP_AUTOCONFIGURE_ENABLED: "false"
+  MAIL_SMTP_HOST: smtp.mxhichina.com
+  MAIL_SMTP_PORT: "25"
+  MAIL_SMTP_SECURE_MODE: NONE
+  MAIL_SMTP_USERNAME: security.institute@supwisdom.com
+  MAIL_SMTP_PASSWORD: Security2019
+  MAIL_SMTP_FROM: security.institute@supwisdom.com
+  MAIL_SMTP_FROM_PERSONAL: æºæ§æ ¡å­
+
+  ## sms-console
+  SMS_CONSOLE_AUTOCONFIGURE_ENABLED: "true"
+
+  # è¥é¡»ä½¿ç¨é¿éäºç­ä¿¡æå¡ï¼é¡»æä¾å¸å·
+  ## sms-aliyun
+  SMS_ALIYUN_AUTOCONFIGURE_ENABLED: "false"
+  SMS_ALIYUN_REGION_ID: cn-hangzhou
+  SMS_ALIYUN_ACCESS_KEY_ID: ""
+  SMS_ALIYUN_ACCESS_SECRET: ""
+
+  # è¥é¡»å¯¹æ¥sms æ¥å£ï¼é¡»è¿è¡äºå¼å®å¶
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: thirdparty-agent-service-test
+  name: agent-service-env-secret
+type: Opaque
+data:
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  ## file-minio
+  FILE_MINIO_ACCESSKEY: MXk4TkA4UkBhXzJ1
+  # 1y8N@8R@a_2u
+  FILE_MINIO_SECRETKEY: OHB4bEllOSNsTjdR
+  # 8pxlIe9#lN7Q
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: thirdparty-agent-service-test
+  name: agent-service-svc
+  labels:
+    app: agent-service
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: agent-service
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: thirdparty-agent-service-test
+  name: agent-service
+spec:
+  selector:
+    matchLabels:
+      app: agent-service
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: agent-service
+    spec:
+      containers:
+      - name: agent-service
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/thirdparty-agent-service/agent-service:0.0.1-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - secretRef:
+            name: agent-service-env-secret
+        - configMapRef:
+            name: agent-service-env
+        resources:
+          requests:
+            memory: "512Mi"
+          limits:
+            memory: "512Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/10.0.init.sql b/project/newcapec-test/k8s-rancher/1.authx-service/10.0.init.sql
new file mode 100644
index 0000000..42cfae0
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/10.0.init.sql
@@ -0,0 +1,102 @@
+-- 10.0.init.sql
+
+
+use cas_server;
+
+
+INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, 
+  `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`, 
+  `RESPONSE_TYPE`, `LOGOUT_TYPE`, 
+  `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`, 
+  `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`, 
+  `APPLICATION_ID`, `EXTERNAL_ID`)
+VALUES ('122', '1', 0, 'admin', '2020-07-01 00:00:00',
+  'å®å¨ä¸­å¿-test', 'å®å¨ä¸­å¿-test', 'https://security-center.paas.example.com', 'https://security-center.paas.example.com/logout', 
+  'REDIRECT', 'FRONT_CHANNEL', 
+  122, 'å®å¨ä¸­å¿-test', 122, 'https://security-center.paas.example.com/(.*)', 
+  1, 1, 1, 
+  '122', '122');
+
+commit;
+
+
+-- ä¿®æ¹æ ¹åå
+update TB_SERVICE 
+set 
+  INFORMATION_URL='https://security-center-test.paas.newcapec.cn', 
+  LOGOUT_URL='https://security-center-test.paas.newcapec.cn/logout', 
+  SERVICE_ID='https://security-center-test.paas.newcapec.cn/(.*)', 
+  ID_TOKEN_ENABLED=1,
+  JWT_AS_SERVICE_TICKET=1,
+  APPLICATION_DOMAIN='security-center.paas.newcapec.cn'
+where ID='122';  -- todo, modify
+
+commit;
+
+
+
+
+use user;
+
+-- **éç½® èº«ä»½å¯¹åºçå¸å· é¡»èªå¨å³èç ç¨æ·ç»**
+
+/*
+
+IDENTITY_TYPE
+
+1     admin         ç³»ç»ç¨æ·
+
+T01   T01           æèå·¥
+
+S01   S01           æ¬ç§ç
+S02   S02           ç ç©¶ç
+S03   S03           éå­¦åç
+
+P01   P01           èç¨äººå
+P02   P02           å¤èæå¸
+P99   P99           å¨è/ä¼ä¸åå£«å
+
+
+GROUP
+
+11  teacher       æèå·¥ç¨æ·ç»
+12  student       æ¬ç§çç¨æ·ç»
+13  graduate      ç ç©¶çç¨æ·ç»
+14  fellow        æ ¡åç¨æ·ç»
+
+16  admin         ç®¡çäººåç¨æ·ç»
+17  retire        éä¼ç¨æ·ç»
+
+010883e0ac5e11eaaaee297ae5eef932    bsh           å¨è/ä¼ä¸åå£«å
+
+23f87450ac5e11eaaaee297ae5eef932    wpjs          å¤èæå¸
+f1e42c20ac5d11eaaaee297ae5eef932    pyry          èç¨äººå
+
+ffa610e0ac6111eaaaee297ae5eef932    fxls          éå­¦åçç¨æ·ç»
+
+*/
+
+
+insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
+values ('1', 0, 'init', 'T01', '11');
+
+insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
+values ('2', 0, 'init', 'S01', '12');
+
+insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
+values ('3', 0, 'init', 'S02', '13');
+
+insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
+values ('4', 0, 'init', 'S03', 'ffa610e0ac6111eaaaee297ae5eef932');
+
+insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
+values ('5', 0, 'init', 'P01', 'f1e42c20ac5d11eaaaee297ae5eef932');
+
+insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
+values ('6', 0, 'init', 'P02', '23f87450ac5e11eaaaee297ae5eef932');
+
+insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
+values ('7', 0, 'init', 'P99', '010883e0ac5e11eaaaee297ae5eef932');
+
+commit;
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/10.0.tmp.sql b/project/newcapec-test/k8s-rancher/1.authx-service/10.0.tmp.sql
new file mode 100644
index 0000000..b7aaa52
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/10.0.tmp.sql
@@ -0,0 +1,206 @@
+
+/*
+ * è¥éè¿äº¤æ¢åæ­¥ç»ç»æºæãå¸å·æ°æ®çï¼é¡»æ§è¡è¯¥æ°æ®åºèæ¬
+ */
+
+use user;
+
+/*
+
+delete from TB_B_ACCOUNT_ORGANIZATION where ADD_ACCOUNT='trans';
+
+delete from TB_B_SAFETY where ADD_ACCOUNT='trans';
+delete from TB_B_ACCOUNT where ADD_ACCOUNT='trans';
+delete from TB_B_USER where ADD_ACCOUNT='trans';
+
+delete from TMP_ACCOUNT_TRANS;
+
+update TMP_ACCOUNT_ORIGIN set UID=UID;
+*/
+
+
+DROP TRIGGER IF EXISTS after_update_organization_origin;
+
+delimiter //
+create trigger after_update_organization_origin after update on TMP_ORGANIZATION_ORIGIN for each row
+begin
+  declare ID1 varchar(100);
+  declare ID2 varchar(100);
+
+  -- new ä»£è¡¨ è¡¨ä¸­æ°å¢çæ°æ®
+  set ID1 = (select ID from TMP_ORGANIZATION_TRANS
+  where ((ID is null and new.ID is null) or ID=new.ID)
+    and ((PARENT_ORGANIZATION_ID is null and new.PARENT_ORGANIZATION_ID is null) or PARENT_ORGANIZATION_ID=new.PARENT_ORGANIZATION_ID)
+    and ((CODE is null and new.CODE is null) or CODE=new.CODE)
+    and ((NAME is null and new.NAME is null) or NAME=new.NAME)
+    and ((DESCRIPTION is null and new.DESCRIPTION is null) or DESCRIPTION=new.DESCRIPTION)
+    and ((TYPE_ID is null and new.TYPE_ID is null) or TYPE_ID=new.TYPE_ID)
+    and ((STATE is null and new.STATE is null) or STATE=new.STATE)
+    and ((ENABLE is null and new.ENABLE is null) or ENABLE=new.ENABLE)
+    and ((IS_DATA_CENTER is null and new.IS_DATA_CENTER is null) or IS_DATA_CENTER=new.IS_DATA_CENTER)
+  );
+  -- into @ID1;
+
+  if ID1 is null then
+      set ID2 = (select ID from TMP_ORGANIZATION_TRANS where ID=new.ID); -- into @ID2;
+
+      if ID2 is null then
+        insert into TMP_ORGANIZATION_TRANS(TRANS_STATUS, TRANS_TIME, PROC_STATUS, PROC_TIME,
+          ID, PARENT_ORGANIZATION_ID,
+          CODE, NAME, DESCRIPTION,
+          TYPE_ID, 
+          STATE, ENABLE, 
+          IS_DATA_CENTER
+        )
+        values ('1', now(), '0', null,
+          new.ID, new.PARENT_ORGANIZATION_ID,
+          new.CODE, new.NAME, new.DESCRIPTION,
+          new.TYPE_ID, 
+          new.STATE, new.ENABLE, 
+          new.IS_DATA_CENTER
+        )
+        ;
+
+      else
+        update TMP_ORGANIZATION_TRANS set
+          TRANS_STATUS='2',
+          TRANS_TIME=now(),
+          PROC_STATUS='0',
+          PARENT_ORGANIZATION_ID=new.PARENT_ORGANIZATION_ID,
+          CODE=new.CODE,
+          NAME=new.NAME,
+          DESCRIPTION=new.DESCRIPTION,
+          TYPE_ID=new.TYPE_ID,
+          STATE=new.STATE,
+          ENABLE=new.ENABLE,
+          IS_DATA_CENTER=new.IS_DATA_CENTER
+        where ID=new.ID
+        ;
+
+      end if;
+
+    else
+
+      -- å¦ææ°æ®æ²¡ååï¼ä½å­å¨è®°å½ï¼ä¸è¢«å¤çï¼åæ è®°æª ä¸æ´æ°ãä¸å¤ç
+      update TMP_ORGANIZATION_TRANS set
+        TRANS_STATUS='0',
+        TRANS_TIME=now(),
+        PROC_STATUS='0'
+      where ID=new.ID
+        and PROC_RESULT!='0'
+      ;
+
+    end if;
+
+end //
+delimiter ;
+
+
+DROP TRIGGER IF EXISTS after_update_account_origin;
+
+delimiter //
+create trigger after_update_account_origin after update on TMP_ACCOUNT_ORIGIN for each row
+begin
+  declare ID1 varchar(100);
+  declare ID2 varchar(100);
+
+  -- new ä»£è¡¨ è¡¨ä¸­æ°å¢çæ°æ®
+  set ID1 = (select ID from TMP_ACCOUNT_TRANS
+  where ((ID is null and new.ID is null) or ID=new.ID)
+    and ((UID is null and new.UID is null) or UID=new.UID)
+    and ((NAME is null and new.NAME is null) or NAME=new.NAME)
+    and ((NAME_SPELLING is null and new.NAME_SPELLING is null) or NAME_SPELLING=new.NAME_SPELLING)
+    and ((FULL_NAME_SPELLING is null and new.FULL_NAME_SPELLING is null) or FULL_NAME_SPELLING=new.FULL_NAME_SPELLING)
+    and ((CERTIFICATE_TYPE_ID is null and new.CERTIFICATE_TYPE_ID is null) or CERTIFICATE_TYPE_ID=new.CERTIFICATE_TYPE_ID)
+    and ((CERTIFICATE_NUMBER is null and new.CERTIFICATE_NUMBER is null) or CERTIFICATE_NUMBER=new.CERTIFICATE_NUMBER)
+    and ((PHONE_NUMBER is null and new.PHONE_NUMBER is null) or PHONE_NUMBER=new.PHONE_NUMBER)
+    and ((EMAIL is null and new.EMAIL is null) or EMAIL=new.EMAIL)
+    and ((IMAGE_URL is null and new.IMAGE_URL is null) or IMAGE_URL=new.IMAGE_URL)
+    and ((GENDER_ID is null and new.GENDER_ID is null) or GENDER_ID=new.GENDER_ID)
+    and ((NATION_ID is null and new.NATION_ID is null) or NATION_ID=new.NATION_ID)
+    and ((COUNTRY_ID is null and new.COUNTRY_ID is null) or COUNTRY_ID=new.COUNTRY_ID)
+    and ((ADDRESS_ID is null and new.ADDRESS_ID is null) or ADDRESS_ID=new.ADDRESS_ID)
+    and ((ACCOUNT_NAME is null and new.ACCOUNT_NAME is null) or ACCOUNT_NAME=new.ACCOUNT_NAME)
+    and ((ACCOUNT_EXPIRY_DATE is null and new.ACCOUNT_EXPIRY_DATE is null) or ACCOUNT_EXPIRY_DATE=new.ACCOUNT_EXPIRY_DATE)
+    and ((ORGANIZATION_ID is null and new.ORGANIZATION_ID is null) or ORGANIZATION_ID=new.ORGANIZATION_ID)
+    and ((IDENTITY_TYPE_ID is null and new.IDENTITY_TYPE_ID is null) or IDENTITY_TYPE_ID=new.IDENTITY_TYPE_ID)
+    and ((ACTIVATION is null and new.ACTIVATION is null) or ACTIVATION=new.ACTIVATION)
+    and ((STATE is null and new.STATE is null) or STATE=new.STATE)
+    and ((IS_DATA_CENTER is null and new.IS_DATA_CENTER is null) or IS_DATA_CENTER=new.IS_DATA_CENTER)
+  );
+  -- into @ID1;
+
+  if ID1 is null then
+      set ID2 = (select ID from TMP_ACCOUNT_TRANS where ID=new.ID); -- into @ID2;
+
+      if ID2 is null then
+        insert into TMP_ACCOUNT_TRANS(TRANS_STATUS, TRANS_TIME, PROC_STATUS, PROC_TIME,
+          ID, UID, 
+          NAME, NAME_SPELLING, FULL_NAME_SPELLING,
+          CERTIFICATE_TYPE_ID, CERTIFICATE_NUMBER, 
+          PHONE_NUMBER, EMAIL, 
+          IMAGE_URL,
+          GENDER_ID, NATION_ID, COUNTRY_ID, ADDRESS_ID, 
+          ACCOUNT_NAME, ACCOUNT_EXPIRY_DATE, ORGANIZATION_ID, IDENTITY_TYPE_ID, 
+          ACTIVATION, STATE, 
+          IS_DATA_CENTER
+        )
+        values ('1', now(), '0', null,
+          new.ID, new.UID, 
+          new.NAME, new.NAME_SPELLING, new.FULL_NAME_SPELLING,
+          new.CERTIFICATE_TYPE_ID, new.CERTIFICATE_NUMBER, 
+          new.PHONE_NUMBER, new.EMAIL, 
+          new.IMAGE_URL, 
+          new.GENDER_ID, new.NATION_ID, new.COUNTRY_ID, new.ADDRESS_ID, 
+          new.ACCOUNT_NAME, new.ACCOUNT_EXPIRY_DATE, new.ORGANIZATION_ID, new.IDENTITY_TYPE_ID, 
+          new.ACTIVATION, new.STATE, 
+          new.IS_DATA_CENTER
+        )
+        ;
+
+      else
+        update TMP_ACCOUNT_TRANS set
+          TRANS_STATUS='2',
+          TRANS_TIME=now(),
+          PROC_STATUS='0',
+          UID=new.UID,
+          NAME=new.NAME,
+          NAME_SPELLING=new.NAME_SPELLING,
+          FULL_NAME_SPELLING=new.FULL_NAME_SPELLING,
+          CERTIFICATE_TYPE_ID=new.CERTIFICATE_TYPE_ID,
+          CERTIFICATE_NUMBER=new.CERTIFICATE_NUMBER,
+          PHONE_NUMBER=new.PHONE_NUMBER,
+          EMAIL=new.EMAIL,
+          IMAGE_URL=new.IMAGE_URL,
+          GENDER_ID=new.GENDER_ID,
+          NATION_ID=new.NATION_ID,
+          COUNTRY_ID=new.COUNTRY_ID,
+          ADDRESS_ID=new.ADDRESS_ID,
+          ACCOUNT_NAME=new.ACCOUNT_NAME,
+          ACCOUNT_EXPIRY_DATE=new.ACCOUNT_EXPIRY_DATE,
+          ORGANIZATION_ID=new.ORGANIZATION_ID,
+          IDENTITY_TYPE_ID=new.IDENTITY_TYPE_ID,
+          ACTIVATION=new.ACTIVATION,
+          STATE=new.STATE,
+          IS_DATA_CENTER=new.IS_DATA_CENTER
+        where ID=new.ID
+        ;
+
+      end if;
+
+    else
+
+      -- å¦ææ°æ®æ²¡ååï¼ä½å­å¨è®°å½ï¼ä¸è¢«å¤çï¼åæ è®°æª ä¸æ´æ°ãä¸å¤ç
+      update TMP_ACCOUNT_TRANS set
+        TRANS_STATUS='0',
+        TRANS_TIME=now(),
+        PROC_STATUS='0'
+      where ID=new.ID
+        and PROC_RESULT!='0'
+      ;
+
+    end if;
+
+end //
+delimiter ;
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/10.0.trans.sql b/project/newcapec-test/k8s-rancher/1.authx-service/10.0.trans.sql
new file mode 100644
index 0000000..784af9b
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/10.0.trans.sql
@@ -0,0 +1,73 @@
+-- 10.0.trans.sql
+
+/*
+  èæ¬ç¨äº è®¤è¯v4 çæ°æ®è¿ç§»
+*/
+
+--æ§è¡å TB_B_USER.UID å ç´¢å¼
+
+
+
+-- æ´æ°èè®¤è¯çå¯ç 
+UPDATE user.TB_B_USER u, (
+  select ACCOUNT_NAME, case when ENCODED_PASSWORD is null then PASSWORD else ENCODED_PASSWORD end as PASSWORD 
+  from tmp_data.TMP_ACCOUNT
+) a 
+SET u.PASSWORD = a.PASSWORD
+WHERE u.UID = a.ACCOUNT_NAME 
+
+
+
+-- æ´æ°æ¿æ´»ç¶æ
+update user.TB_B_ACCOUNT a, (
+  select TB_B_USER.ID from tmp_data.TMP_ACCOUNT
+  inner join user.TB_B_USER on TMP_ACCOUNT.ACCOUNT_NAME=TB_B_USER.UID
+  where TMP_ACCOUNT.IS_ACTIVATED=1
+) tmp
+set a.ACTIVATION=1
+where a.USER_ID=tmp.ID
+
+
+
+-- æ´æ°èè®¤è¯çå®å¨é®ç®±
+update user.TB_B_SAFETY s, (
+  select TB_B_USER.ID, TMP_TB_ACCOUNTSECURITYEMAIL.EMAILACCOUNTID as ACCOUNTID, EMAILINFO
+  from tmp_data.TMP_TB_ACCOUNTSECURITYEMAIL 
+  inner join tmp_data.TMP_TB_ACCOUNT on TMP_TB_ACCOUNTSECURITYEMAIL.EMAILACCOUNTID=TMP_TB_ACCOUNT.ACCOUNTKEY
+  inner join user.TB_B_USER on TMP_TB_ACCOUNT.ACCOUNTKEY=TB_B_USER.UID
+  where EMAILINFO is not null and EMAILINFO!='' and EMAILINFO!='-1' and EMAILSTATUS in ('å·²éªè¯', 'å¾ä¿®æ¹')
+) email
+set s.SECURE_EMAIL=email.EMAILINFO
+where s.USER_ID=email.ID
+;
+
+-- æ´æ°èè®¤è¯çå®å¨ææº
+update user.TB_B_SAFETY s, (
+  select TB_B_USER.ID, TMP_TB_ACCOUNTSECURITYMOBILE.MOBILEACCOUNTID as ACCOUNTID, MOBILEINFO
+  from tmp_data.TMP_TB_ACCOUNTSECURITYMOBILE
+  inner join tmp_data.TMP_TB_ACCOUNT on TMP_TB_ACCOUNTSECURITYMOBILE.MOBILEACCOUNTID=TMP_TB_ACCOUNT.ACCOUNTKEY
+  inner join user.TB_B_USER on TMP_TB_ACCOUNT.ACCOUNTKEY=TB_B_USER.UID
+  where MOBILEINFO is not null and MOBILEINFO!='' and MOBILEINFO!='-1' and MOBILESTATUS in ('å·²éªè¯', 'å¾ä¿®æ¹')
+) mobile
+set s.SECURE_PHONE=mobile.MOBILEINFO
+where s.USER_ID=mobile.ID
+;
+
+
+
+
+-- è¿ç§» å¾®ä¿¡ ç»å®ä¿¡æ¯
+insert into cas_server.TB_FEDERATION (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, USER_NO, FEDERATED_TYPE, FEDERATED_ID)
+select ID, '1', 0, 'trans', 
+  ACCOUNT_NAME, 'openweixin', WECHAT_UNIONID
+from tmp_data.TMP_ACCOUNT_WECHAT
+;
+
+
+-- è¿ç§» QQ ç»å®ä¿¡æ¯
+insert into cas_server.TB_FEDERATION (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, USER_NO, FEDERATED_TYPE, FEDERATED_ID)
+select ID, '1', 0, 'trans', 
+  ACCOUNT_NAME, 'qq', QQ_OPENID
+from tmp_data.TMP_ACCOUNT_QQ
+;
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/10.1.init-flow.sql b/project/newcapec-test/k8s-rancher/1.authx-service/10.1.init-flow.sql
new file mode 100644
index 0000000..4b1a696
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/10.1.init-flow.sql
@@ -0,0 +1,122 @@
+-- 10.1.init.sql
+
+/*
+å° paas.example.com æ¿æ¢ä¸º paas.å­¦æ ¡åå.edu.cn
+*/
+
+
+-- ä»¥ä¸èæ¬ä¸ºå¯éæä½
+
+/*
+ * è¥é¨ç½²äºæµç¨å¹³å°ãé¨æ·çäº§å
+ * å¯é»è®¤åå»ºå ä¸ªç®¡çåå¸å·ï¼ä»¥ååå§ææ
+ */
+
+
+-- åå»ºç®¡çå¸å·
+
+use user;
+
+-- flowadmin
+INSERT INTO `TB_B_USER` (`ID`, `DELETED`, 
+  `UID`, `PASSWORD`, `NAME`, `NAME_SPELLING`, `FULL_NAME_SPELLING`, 
+  `CERTIFICATE_TYPE_ID`, `CERTIFICATE_NUMBER`, `PHONE_NUMBER`, `EMAIL`,
+  `GENDER_ID`, `NATION_ID`, `COUNTRY_ID`, `ADDRESS_ID`)
+VALUES ('50', 0, 
+  '50', 'flowadmin', 'æµç¨è¡¨åç®¡çå', 'flowadmin', 'flowadmin', 
+  '20001', '50', null, 'flowadmin@supwisdom.com',
+  '30001', '40001', '50156', '310000');
+
+INSERT INTO `TB_B_ACCOUNT` (`ID`, `DELETED`, `USER_ID`, 
+  `ACCOUNT_NAME`, `ACCOUNT_EXPIRY_DATE`, `ORGANIZATION_ID`, `IDENTITY_TYPE_ID`, 
+  `ACTIVATION`, `STATE`, `IS_DATA_CENTER`)
+VALUES ('50', 0, '50', 
+  'flowadmin', null, '1', '1',
+  1, 'NORMAL', 0);
+
+INSERT INTO `TB_B_SAFETY`(`ID`, `DELETED`, `USER_ID`, `SCORE`, `PASSWORD_SCORE`, `SECURE_EMAIL`, `SECURE_PHONE`)
+VALUES ('50', 0, '50', '0', '0', null, null);
+
+INSERT INTO `TB_B_ACCOUNT_ORGANIZATION` (`ID`, `DELETED`, 
+  `ROOT_ORGANIZATION_ID`, `ACCOUNT_ID`, `ORGANIZATION_ID`)
+VALUES ('50_1', 0, 
+  '0', '50', '1');
+
+INSERT INTO `TB_B_ACCOUNT_LABEL`(`ID`, `DELETED`, 
+  `ACCOUNT_ID`, `LABEL_ID`)
+VALUES ('50_1', 0, '50', '1');
+
+commit;
+
+
+-- åå»ºç®¡çå¸å·çææ
+
+use user_authz;
+
+-- flow
+INSERT INTO `TB_ROLE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, `APPLICATION_ID`, `CODE`, `NAME`, `DESCRIPTION`, `ENABLED`, `EXTERNAL_ID`)
+VALUES ('50', '1', 0, 'admin', '2019-07-01 00:00:00', '1', 'flow-admin', 'æµç¨ç®¡çå', 'æµç¨ç®¡çå', 1, '50');
+INSERT INTO `TB_ROLE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, `APPLICATION_ID`, `CODE`, `NAME`, `DESCRIPTION`, `ENABLED`, `EXTERNAL_ID`)
+VALUES ('51', '1', 0, 'admin', '2019-07-01 00:00:00', '1', 'flow-biz', 'æµç¨ä¸å¡å', 'æµç¨ä¸å¡å', 1, '51');
+
+INSERT INTO `TB_GRANTED_ACCOUNT_ROLE` (`ID`, `COMPANY_ID`, `DELETED`,
+  `ACCOUNT_ID`, `ROLE_ID`, 
+  `GRANT_EXPIRED_DATE`)
+VALUES ('50_50', '1', 0, 
+  '50', '50',
+  NULL);
+
+INSERT INTO `TB_ROLE_USER` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+  `ORIGIN_TYPE`, `ORIGIN_PK`, 
+  `APPLICATION_ID`, `ROLE_ID`, `ACCOUNT_ID`, 
+  `GRANT_EXPIRED_DATE`)
+VALUES ('50_50', '1', 0, 'admin', '2019-07-01 00:00:00',
+  NULL, NULL, 
+  '1', '50', '50', 
+  NULL);
+
+commit;
+
+
+-- åå»ºè®¤è¯å¸å·ãè®¤è¯å¯¹æ¥
+
+use cas_server;
+
+-- flow
+
+INSERT INTO `TB_ACCOUNT` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, 
+  `USERNAME`, `PASSWORD`, `DESCRIPTION`, `ENABLED`, `ACCOUNT_NON_EXPIRED`, `ACCOUNT_NON_LOCKED`, `CREDENTIALS_NON_EXPIRED`,
+  `IDENTITY`, `USER_NO`, `NAME`, `MOBILE`, `EMAIL_ADDRESS`, `IDENTITY_TYPE`, `IDENTITY_NO`, 
+  `EXTERNAL_ID`)
+VALUES ('50', '1', 0, 'admin', '2019-07-01 00:00:00',
+  'flowadmin', 'flowadmin', 'æµç¨ç®¡çå', 1, 1, 1, 1,
+  'admin', '50', 'æµç¨ç®¡çå', '', 'flowadmin@supwisdom.com', '20001', '', 
+  '50');
+
+commit;
+
+INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, 
+  `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`, 
+  `RESPONSE_TYPE`, `LOGOUT_TYPE`, 
+  `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`, 
+  `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`, 
+  `APPLICATION_ID`, `EXTERNAL_ID`)
+VALUES ('50', '1', 0, 'admin', '2019-07-01 00:00:00',
+  'æµç¨å¹³å°', 'æµç¨å¹³å°', 'https://formflow.paas.example.com', 'https://formflow.paas.example.com/formflow/cas/authen/logout', 
+  'REDIRECT', 'FRONT_CHANNEL', 
+  50, 'æµç¨å¹³å°', 50, 'https://formflow.paas.example.com/(.*)', 
+  1, 1, 1, 
+  '50', '50');
+
+commit;
+
+update TB_SERVICE 
+set 
+  INFORMATION_URL='http://formflow.paas.example.com', 
+  LOGOUT_URL='http://formflow.paas.example.com/formflow/cas/authen/logout', 
+  SERVICE_ID='http://formflow.paas.example.com/(.*)', 
+  ID_TOKEN_ENABLED=1 
+where ID='50';  -- todo, modify
+
+commit;
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/10.1.init-message.sql b/project/newcapec-test/k8s-rancher/1.authx-service/10.1.init-message.sql
new file mode 100644
index 0000000..f69dbfe
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/10.1.init-message.sql
@@ -0,0 +1,78 @@
+-- 10.1.init-message.sql
+
+/*
+å° paas.example.com æ¿æ¢ä¸º paas.å­¦æ ¡åå.edu.cn
+*/
+
+
+-- ä»¥ä¸èæ¬ä¸ºå¯éæä½
+
+/*
+ * è¥é¨ç½²äºæ¶æ¯æå¡äº§å
+ * å¯é»è®¤åå»ºå ä¸ªç®¡çåå¸å·ï¼ä»¥ååå§ææ
+ */
+
+
+-- åå»ºç®¡çå¸å·
+
+use user;
+
+-- messageadmin
+INSERT INTO `TB_B_USER` (`ID`, `DELETED`, 
+  `UID`, `PASSWORD`, `NAME`, `NAME_SPELLING`, `FULL_NAME_SPELLING`, 
+  `CERTIFICATE_TYPE_ID`, `CERTIFICATE_NUMBER`, `PHONE_NUMBER`, `EMAIL`,
+  `GENDER_ID`, `NATION_ID`, `COUNTRY_ID`, `ADDRESS_ID`)
+VALUES ('80', 0, 
+  '80', 'messageadmin', 'æµç¨è¡¨åç®¡çå', 'messageadmin', 'messageadmin', 
+  '20001', '80', null, 'messageadmin@supwisdom.com',
+  '30001', '40001', '50156', '310000');
+
+INSERT INTO `TB_B_ACCOUNT` (`ID`, `DELETED`, `USER_ID`, 
+  `ACCOUNT_NAME`, `ACCOUNT_EXPIRY_DATE`, `ORGANIZATION_ID`, `IDENTITY_TYPE_ID`, 
+  `ACTIVATION`, `STATE`, `IS_DATA_CENTER`)
+VALUES ('80', 0, '80', 
+  'messageadmin', null, '1', '1',
+  1, 'NORMAL', 0);
+
+INSERT INTO `TB_B_SAFETY`(`ID`, `DELETED`, `USER_ID`, `SCORE`, `PASSWORD_SCORE`, `SECURE_EMAIL`, `SECURE_PHONE`)
+VALUES ('80', 0, '80', '0', '0', null, null);
+
+INSERT INTO `TB_B_ACCOUNT_ORGANIZATION` (`ID`, `DELETED`, 
+  `ROOT_ORGANIZATION_ID`, `ACCOUNT_ID`, `ORGANIZATION_ID`)
+VALUES ('80_1', 0, 
+  '0', '80', '1');
+
+INSERT INTO `TB_B_ACCOUNT_LABEL`(`ID`, `DELETED`, 
+  `ACCOUNT_ID`, `LABEL_ID`)
+VALUES ('80_1', 0, '80', '1');
+
+commit;
+
+
+-- åå»ºç®¡çå¸å·çææ
+
+use user_authz;
+
+-- message
+INSERT INTO `TB_ROLE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, `APPLICATION_ID`, `CODE`, `NAME`, `DESCRIPTION`, `ENABLED`, `EXTERNAL_ID`)
+VALUES ('80', '1', 0, 'admin', '2020-07-01 00:00:00', '1', 'message-admin', 'æ¶æ¯å¹³å°ç®¡çå', 'æ¶æ¯å¹³å°ç®¡çå', 1, '80');
+INSERT INTO `TB_ROLE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, `APPLICATION_ID`, `CODE`, `NAME`, `DESCRIPTION`, `ENABLED`, `EXTERNAL_ID`)
+VALUES ('81', '1', 0, 'admin', '2020-07-01 00:00:00', '1', 'message-opt', 'æ¶æ¯å¹³å°æä½å', 'æ¶æ¯å¹³å°æä½å', 1, '81');
+
+INSERT INTO `TB_GRANTED_ACCOUNT_ROLE` (`ID`, `COMPANY_ID`, `DELETED`,
+  `ACCOUNT_ID`, `ROLE_ID`, 
+  `GRANT_EXPIRED_DATE`)
+VALUES ('80_80', '1', 0, 
+  '80', '80',
+  NULL);
+
+INSERT INTO `TB_ROLE_USER` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+  `ORIGIN_TYPE`, `ORIGIN_PK`, 
+  `APPLICATION_ID`, `ROLE_ID`, `ACCOUNT_ID`, 
+  `GRANT_EXPIRED_DATE`)
+VALUES ('80_80', '1', 0, 'admin', '2019-07-01 00:00:00',
+  NULL, NULL, 
+  '1', '80', '80', 
+  NULL);
+
+commit;
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/10.1.init-portal.sql b/project/newcapec-test/k8s-rancher/1.authx-service/10.1.init-portal.sql
new file mode 100644
index 0000000..61b09d4
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/10.1.init-portal.sql
@@ -0,0 +1,140 @@
+-- 10.1.init.sql
+
+/*
+å° paas.example.com æ¿æ¢ä¸º paas.å­¦æ ¡åå.edu.cn
+*/
+
+
+-- ä»¥ä¸èæ¬ä¸ºå¯éæä½
+
+/*
+ * è¥é¨ç½²äºæµç¨å¹³å°ãé¨æ·çäº§å
+ * å¯é»è®¤åå»ºå ä¸ªç®¡çåå¸å·ï¼ä»¥ååå§ææ
+ */
+
+
+-- åå»ºç®¡çå¸å·
+
+use user;
+
+-- portaladmin
+INSERT INTO `TB_B_USER` (`ID`, `DELETED`, 
+  `UID`, `PASSWORD`, `NAME`, `NAME_SPELLING`, `FULL_NAME_SPELLING`, 
+  `CERTIFICATE_TYPE_ID`, `CERTIFICATE_NUMBER`, `PHONE_NUMBER`, `EMAIL`,
+  `GENDER_ID`, `NATION_ID`, `COUNTRY_ID`, `ADDRESS_ID`)
+VALUES ('60', 0, 
+  '60', 'portaladmin', 'é¨æ·ç®¡çå', 'portaladmin', 'portaladmin', 
+  '20001', '60', null, 'portaladmin@supwisdom.com',
+  '30001', '40001', '50156', '310000');
+
+INSERT INTO `TB_B_ACCOUNT` (`ID`, `DELETED`, `USER_ID`, 
+  `ACCOUNT_NAME`, `ACCOUNT_EXPIRY_DATE`, `ORGANIZATION_ID`, `IDENTITY_TYPE_ID`, 
+  `ACTIVATION`, `STATE`, `IS_DATA_CENTER`)
+VALUES ('60', 0, '60', 
+  'portaladmin', null, '1', '1',
+  1, 'NORMAL', 0);
+
+INSERT INTO `TB_B_SAFETY`(`ID`, `DELETED`, `USER_ID`, `SCORE`, `PASSWORD_SCORE`, `SECURE_EMAIL`, `SECURE_PHONE`)
+VALUES ('60', 0, '60', '0', '0', null, null);
+
+INSERT INTO `TB_B_ACCOUNT_ORGANIZATION` (`ID`, `DELETED`, 
+  `ROOT_ORGANIZATION_ID`, `ACCOUNT_ID`, `ORGANIZATION_ID`)
+VALUES ('60_1', 0, 
+  '0', '60', '1');
+
+INSERT INTO `TB_B_ACCOUNT_LABEL`(`ID`, `DELETED`, 
+  `ACCOUNT_ID`, `LABEL_ID`)
+VALUES ('60_1', 0, '60', '1');
+
+commit;
+
+
+-- åå»ºç®¡çå¸å·çææ
+
+use user_authz;
+
+-- portal
+INSERT INTO `TB_SYSTEM` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, 
+  `BUSINESS_DOMAIN_ID`, 
+  `CODE`, `NAME`, `DESCRIPTION`, `ENABLED`)
+VALUES ('60', '1', 0, 'admin', '2019-07-01 00:00:00', 
+  '1', 
+  'portal', 'é¨æ·', 'é¨æ·', 1);
+
+INSERT INTO `TB_APPLICATION` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, 
+  `BUSINESS_DOMAIN_ID`, `SYSTEM_ID`, 
+  `NAME`, `APPLICATION_ID`, `SYNC_URL`, `ENABLED`)
+VALUES ('60', '1', 0, 'admin', '2019-07-01 00:00:00', 
+  '1', '60', 
+  'é¨æ·', '60', '', 1);
+
+INSERT INTO `TB_ROLE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, 
+  `APPLICATION_ID`, `CODE`, `NAME`, `DESCRIPTION`, `ENABLED`, `EXTERNAL_ID`)
+VALUES ('60', '1', 0, 'admin', '2019-07-01 00:00:00', 
+  '60', 'portal-admin', 'é¨æ·ç®¡çå', 'é¨æ·ç®¡çå', 1, '60');
+
+INSERT INTO `TB_ROLE_USER` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+  `ORIGIN_TYPE`, `ORIGIN_PK`, 
+  `APPLICATION_ID`, `ROLE_ID`, `ACCOUNT_ID`, 
+  `GRANT_EXPIRED_DATE`)
+VALUES ('60_60_60', '1', 0, 'admin', '2019-07-01 00:00:00',
+  NULL, NULL, 
+  '60', '60', '60', 
+  NULL);
+
+commit;
+
+
+-- éç½®é¨æ·è§è²çåæ­¥æ¥å£
+
+update TB_APPLICATION
+set
+  SYNC_URL='http://portal.paas.example.com/portal-web/api/open/role/findAll'
+where ID='60';  -- todo, modify
+
+commit;
+
+
+-- åå»ºè®¤è¯å¸å·ãè®¤è¯å¯¹æ¥
+
+use cas_server;
+
+-- portal
+
+INSERT INTO `TB_ACCOUNT` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, 
+  `USERNAME`, `PASSWORD`, `DESCRIPTION`, `ENABLED`, `ACCOUNT_NON_EXPIRED`, `ACCOUNT_NON_LOCKED`, `CREDENTIALS_NON_EXPIRED`,
+  `IDENTITY`, `USER_NO`, `NAME`, `MOBILE`, `EMAIL_ADDRESS`, `IDENTITY_TYPE`, `IDENTITY_NO`, 
+  `EXTERNAL_ID`)
+VALUES ('60', '1', 0, 'admin', '2019-07-01 00:00:00',
+  'portaladmin', 'portaladmin', 'é¨æ·ç®¡çå', 1, 1, 1, 1,
+  'admin', '60', 'é¨æ·ç®¡çå', '', 'portaladmin@supwisdom.com', '20001', '', 
+  '60');
+
+commit;
+
+
+INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`, 
+  `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`, 
+  `RESPONSE_TYPE`, `LOGOUT_TYPE`, 
+  `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`, 
+  `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`, 
+  `APPLICATION_ID`, `EXTERNAL_ID`)
+VALUES ('60', '1', 0, 'admin', '2019-07-01 00:00:00',
+  'é¨æ·', 'é¨æ·', 'https://ecampus.paas.example.com', 'https://ecampus.paas.example.com/cas/slo', 
+  'REDIRECT', 'FRONT_CHANNEL', 
+  60, 'é¨æ·', 60, 'https://ecampus.paas.example.com/login', 
+  1, 1, 1, 
+  '60', '60');
+
+commit;
+
+update TB_SERVICE 
+set 
+  INFORMATION_URL='http://ecampus.paas.example.com', 
+  LOGOUT_URL='http://ecampus.paas.example.com/cas/slo', 
+  SERVICE_ID='http://ecampus.paas.example.com/cas/(.*)', 
+  ID_TOKEN_ENABLED=1 
+where ID='60';  -- todo, modify
+
+commit;
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/0.user-data-service-base.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/0.user-data-service-base.yaml
new file mode 100644
index 0000000..474a9ec
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/0.user-data-service-base.yaml
@@ -0,0 +1,213 @@
+# user-data-service-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: user-data-service-test
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+
+####################################################
+# redis-server
+####################################################
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: redis
+    release: redis-server
+  name: redis-server
+  namespace: user-data-service-test
+type: Opaque
+data:
+  REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: redis
+    release: redis-server
+  name: redis-server
+  namespace: user-data-service-test
+spec:
+  ports:
+  - name: redis
+    port: 6379
+    protocol: TCP
+    targetPort: redis
+  selector:
+    app: redis
+    release: redis-server
+    role: master
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: redis
+    release: redis-server
+  name: redis-server
+  namespace: user-data-service-test
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: redis
+      release: redis-server
+      role: master
+  serviceName: redis-master
+  template:
+    metadata:
+      labels:
+        app: redis
+        release: redis-server
+        role: master
+    spec:
+      containers:
+      - name: redis-server
+        env:
+        - name: REDIS_DISABLE_COMMANDS
+          value: FLUSHDB,FLUSHALL
+        - name: REDIS_REPLICATION_MODE
+          value: master
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-server
+              key: REDIS_PASSWORD
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: bitnami/redis:4.0
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹ ä¸º Always
+        imagePullPolicy: IfNotPresent
+        # imagePullPolicy: Always
+        livenessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        ports:
+        - containerPort: 6379
+          name: redis
+          protocol: TCP
+        readinessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+        - mountPath: /bitnami/redis/data
+          name: redis-data
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      securityContext:
+        fsGroup: 1001
+        # runAsUser: 1001
+        # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+        runAsUser: 0
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: redis-data
+      # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·å¢å ä»¥ä¸éç½®ï¼åæ¶æ³¨éå³å¯ï¼
+      # imagePullSecrets:
+      #   - name: harbor-registry
+  updateStrategy:
+    rollingUpdate:
+      partition: 0
+    type: RollingUpdate
+
+
+
+####################################################
+# rabbitmq-server
+####################################################
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: rabbitmq
+    release: rabbitmq-server
+  name: rabbitmq-server
+  namespace: user-data-service-test
+type: Opaque
+data:
+  RABBITMQ_USERNAME: Z3Vlc3Q=
+  RABBITMQ_PASSWORD: Z3Vlc3Q=
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rabbitmq-server
+  namespace: user-data-service-test
+  labels:
+    app: rabbitmq-server
+spec:
+  ports:
+    - port: 5672
+      targetPort: tcp-1
+      protocol: TCP
+      name: tcp-1
+    - port: 15672
+      targetPort: tcp-2
+      protocol: TCP
+      name: tcp-2
+  selector:
+    app: rabbitmq-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rabbitmq-server
+  namespace: user-data-service-test
+spec:
+  selector:
+    matchLabels:
+      app: rabbitmq-server
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: rabbitmq-server
+      annotations:
+        sidecar.istio.io/inject: "false"
+    spec:
+      containers:
+      - name: rabbitmq-server
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: rabbitmq:management
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹ ä¸º Always
+        imagePullPolicy: IfNotPresent
+        # imagePullPolicy: Always
+        ports:
+        - containerPort: 5672
+          name: tcp-1
+        - containerPort: 15672
+          name: tcp-2
+      # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·å¢å ä»¥ä¸éç½®ï¼åæ¶æ³¨éå³å¯ï¼
+      # imagePullSecrets:
+      #   - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/1.user-data-service-env.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/1.user-data-service-env.yaml
new file mode 100644
index 0000000..00ccef7
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/1.user-data-service-env.yaml
@@ -0,0 +1,52 @@
+# user-data-service-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-data-service-test
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: user-data-service-test
+  name: datasource-env-secret
+type: Opaque
+data:
+  # jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai
+  JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLXRlc3Quc3ZjLmNsdXN0ZXIubG9jYWw6MzMwNi91c2VyP3NlcnZlclRpbWV6b25lPUFzaWEvU2hhbmdoYWk=
+  # user
+  JDBC_USERNAME: dXNlcg==
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # Nwpu@Supwisdom123
+  JDBC_PASSWORD: TndwdUBTdXB3aXNkb20xMjM=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: user-data-service-test
+  name: redis-env-secret
+type: Opaque
+data:
+  SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+  SPRING_REDIS_PORT: NjM3OQ==
+  SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: user-data-service-test
+  name: rabbitmq-env-secret
+type: Opaque
+data:
+  SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVy
+  SPRING_RABBITMQ_PORT: NTY3Mg==
+  SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
+  SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/2.user-data-service-ingresses.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/2.user-data-service-ingresses.yaml
new file mode 100644
index 0000000..30ad33a
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/2.user-data-service-ingresses.yaml
@@ -0,0 +1,20 @@
+# user-data-service-ingresses.yaml
+
+# ææ¶ä¸ä½¿ç¨ï¼ç´æ¥ä½¿ç¨åé¨å°å
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+#   namespace: user-data-service-test
+#   name: user-api-ingress
+# spec:
+#   rules:
+#   # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+#   - host: user-api.paas.xxx.edu.cn
+#     http:
+#       paths:
+#       - path: /
+#         backend:
+#           serviceName: user-data-service-poa-svc
+#           servicePort: http
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
new file mode 100644
index 0000000..46b78db
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
@@ -0,0 +1,46 @@
+# user-data-service-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-installer-env
+data:
+  DB_TYPE: mysql8
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-installer
+spec:
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: user-data-service-installer
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: user-data-service-installer
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/goa/installer:0.1.1-SNAPSHOT
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: user-data-service-installer-env
+        resources:
+          requests:
+            memory: "256Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml
new file mode 100644
index 0000000..6121637
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml
@@ -0,0 +1,117 @@
+# user-data-service-poa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-poa-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+  SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  SERVER_TOMCAT_MAX_THREADS: "800"
+  SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+  SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+  SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "50"
+  SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
+
+  CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
+  CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/file/db
+  TPAS_CLIENT_AUTH_ENABLED: "false"
+  #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+  #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-poa-svc
+  labels:
+    app: user-data-service-poa
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: user-data-service-poa
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-poa
+spec:
+  selector:
+    matchLabels:
+      app: user-data-service-poa
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: user-data-service-poa
+    spec:
+      containers:
+      - name: user-data-service-poa
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/goa/poa-api:0.1.1-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: user-data-service-poa-env
+        resources:
+          requests:
+            memory: "512Mi"
+          limits:
+            memory: "512Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml
new file mode 100644
index 0000000..515ddde
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml
@@ -0,0 +1,137 @@
+# user-data-service-goa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-goa-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+
+  SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+  SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  SERVER_TOMCAT_MAX_THREADS: "800"
+  SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+  SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+  SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
+  SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
+  SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+  SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+  SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
+
+
+  # å å¯ç®æ³çå®ç°ï¼é»è®¤ defaultï¼æ¯æ bcrypt ç­å å¯ç®æ³ï¼ SHA-256 æ¯æ SHA-256 å å¯ç®æ³
+  PASSWORD_ENCODER_IMPL: default
+
+  SECURITY_API_SECURITY_ACCOUNT_SERVICE_IMPL: redis
+
+
+  # æ¨éæ°æ®å° jobs-server çéç½®
+  JOBS_RABBITMQ_ENABLED: "false"
+  JOBS_RABBITMQ_HOST: rabbitmq-server.jobs-server-test.svc.cluster.local
+  JOBS_RABBITMQ_PORT: "5672"
+  JOBS_RABBITMQ_USERNAME: guest
+  JOBS_RABBITMQ_PASSWORD: guest
+
+
+  # æ¯å¦åæ­¥å¸å·å° openldapï¼å·²å¼ç¨ï¼
+  # JOBS_RABBITMQ_ACCOUNTUSERSVC2OPENLDAPRABBITSENDER_ENABLED: "false"
+
+  # æ¯å¦åæ­¥å¸å·æ°æ®è³ jobs ç MQï¼ç± jobs åè¿è¡ååï¼å¦ååå° openldapï¼
+  JOBS_RABBITMQ_ACCOUNTUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
+  # æ¯å¦åæ­¥å¯ç ï¼ææå¯ç ï¼å° jobs ç MQï¼ç± jobs åè¿è¡ååï¼å¦ååå° åå¸ç­ç¹ï¼
+  JOBS_RABBITMQ_ACCOUNTUSERSVC2JOBSSYNCPASSWORDRABBITSENDER_ENABLED: "false"
+
+  # æ¯å¦åæ­¥ç»ç»æºææ°æ®è³ jobs ç MQï¼ç± jobs åè¿è¡ååï¼å¦ååå° openldapï¼
+  JOBS_RABBITMQ_ORGANIZATIONUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
+
+  # æ¯å¦åæ­¥ç¨æ·ç»æ°æ®è³ jobs ç MQï¼ç± jobs åè¿è¡ååï¼å¦ååå° openldapï¼
+  JOBS_RABBITMQ_GROUPUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-goa-svc
+  labels:
+    app: user-data-service-goa
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: user-data-service-goa
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-goa
+spec:
+  selector:
+    matchLabels:
+      app: user-data-service-goa
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: user-data-service-goa
+    spec:
+      containers:
+      - name: user-data-service-goa
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/goa/goa-api:0.1.1-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - secretRef:
+            name: redis-env-secret
+        - secretRef:
+            name: rabbitmq-env-secret
+        - configMapRef:
+            name: user-data-service-goa-env
+        resources:
+          requests:
+            memory: "1024Mi"
+          limits:
+            memory: "1024Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml
new file mode 100644
index 0000000..46ade42
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml
@@ -0,0 +1,112 @@
+# user-data-service-biz.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-biz-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+
+  SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+  SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
+  SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
+
+  CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
+  CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/file/db
+  TPAS_CLIENT_AUTH_ENABLED: "false"
+  #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+  #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-biz-svc
+  labels:
+    app: user-data-service-biz
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: user-data-service-biz
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-biz
+spec:
+  selector:
+    matchLabels:
+      app: user-data-service-biz
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: user-data-service-biz
+    spec:
+      containers:
+      - name: user-data-service-biz
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/goa/biz-api:0.1.1-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: user-data-service-biz-env
+        resources:
+          requests:
+            memory: "512Mi"
+          limits:
+            memory: "512Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml
new file mode 100644
index 0000000..1a94845
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml
@@ -0,0 +1,56 @@
+# user-data-service-datax-job.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-datax-job-env
+data:
+  JOB_APPLICATION_AUTHZ2USER_MYSQLREADER8_USERNAME: "user_authz"
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç 
+  JOB_APPLICATION_AUTHZ2USER_MYSQLREADER8_PASSWORD: "Nwpu@Supwisdom123"
+  JOB_APPLICATION_AUTHZ2USER_MYSQLREADER8_JDBC_URL: "jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user_authz?serverTimezone=Asia/Shanghai"
+
+  JOB_APPLICATION_AUTHZ2USER_MYSQLWRITER8_USERNAME: "user"
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç 
+  JOB_APPLICATION_AUTHZ2USER_MYSQLWRITER8_PASSWORD: "Nwpu@Supwisdom123"
+  JOB_APPLICATION_AUTHZ2USER_MYSQLWRITER8_JDBC_URL: "jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai"
+
+---
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  namespace: user-data-service-test
+  name: user-data-service-datax-job
+spec:
+  schedule: "*/10 * * * *"
+  jobTemplate:
+    metadata:
+      labels:
+        app: user-data-service-datax-job
+    spec:
+      completions: 1
+      parallelism: 1
+      template:
+        metadata:
+          labels:
+            app: user-data-service-datax-job
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: user-data-service-datax-job
+            # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+            image: harbor.supwisdom.com/goa/datax-job:0.1.1-SNAPSHOT
+            imagePullPolicy: Always
+            envFrom:
+            - configMapRef:
+                name: user-data-service-datax-job-env
+            # resources:
+            #   requests:
+            #     memory: "400Mi"
+            #   limits:
+            #     memory: "400Mi"
+          imagePullSecrets:
+            - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/0.user-authorization-service-base.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/0.user-authorization-service-base.yaml
new file mode 100644
index 0000000..6e1d29b
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/0.user-authorization-service-base.yaml
@@ -0,0 +1,17 @@
+# user-authorization-service-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: user-authorization-service-test
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/1.user-authorization-service-env.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/1.user-authorization-service-env.yaml
new file mode 100644
index 0000000..18669c0
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/1.user-authorization-service-env.yaml
@@ -0,0 +1,26 @@
+# user-authorization-service-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-authorization-service-test
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: user-authorization-service-test
+  name: datasource-env-secret
+type: Opaque
+data:
+  # jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user_authz?serverTimezone=Asia/Shanghai
+  JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLXRlc3Quc3ZjLmNsdXN0ZXIubG9jYWw6MzMwNi91c2VyX2F1dGh6P3NlcnZlclRpbWV6b25lPUFzaWEvU2hhbmdoYWk=
+  # user_authz
+  JDBC_USERNAME: dXNlcl9hdXRoeg==
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # Nwpu@Supwisdom123
+  JDBC_PASSWORD: TndwdUBTdXB3aXNkb20xMjM=
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/2.user-authorization-service-ingresses.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/2.user-authorization-service-ingresses.yaml
new file mode 100644
index 0000000..93fa95b
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/2.user-authorization-service-ingresses.yaml
@@ -0,0 +1,27 @@
+# user-authorization-service-ingresses.yaml
+
+# åå»º ca-secret
+
+# cd PATH/ca/certs/client
+
+# kubectl describe secret ca-secret -n user-authorization-service
+
+# kubectl create secret generic ca-secret --from-file=client.truststore=client.truststore -n user-authorization-service
+
+# ææ¶ä¸ä½¿ç¨ï¼ç´æ¥ä½¿ç¨åé¨å°å
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+#   namespace: user-authorization-service-test
+#   name: user-authz-api-ingress
+# spec:
+#   rules:
+#   # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+#   - host: user-authz-api.paas.xxx.edu.cn
+#     http:
+#       paths:
+#       - path: /
+#         backend:
+#           serviceName: user-authorization-poa-svc
+#           servicePort: http
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml
new file mode 100644
index 0000000..c88d74b
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml
@@ -0,0 +1,47 @@
+# user-authorization-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-authorization-service-test
+  name: user-authorization-installer-env
+data:
+  DB_TYPE: mysql8
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: user-authorization-service-test
+  name: user-authorization-installer
+spec:
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: user-authorization-installer
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: user-authorization-installer
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/user-authorization-service/user-authorization-installer:1.0.1-SNAPSHOT
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: user-authorization-installer-env
+        resources:
+          requests:
+            memory: "256Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml
new file mode 100644
index 0000000..5d55242
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml
@@ -0,0 +1,110 @@
+# user-authorization-poa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-authorization-service-test
+  name: user-authorization-poa-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+  SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  SERVER_TOMCAT_MAX_THREADS: "800"
+  SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+  SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+  SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "50"
+  SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
+
+  USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
+  USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: user-authorization-service-test
+  name: user-authorization-poa-svc
+  labels:
+    app: user-authorization-poa
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: user-authorization-poa
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: user-authorization-service-test
+  name: user-authorization-poa
+spec:
+  selector:
+    matchLabels:
+      app: user-authorization-poa
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: user-authorization-poa
+    spec:
+      containers:
+      - name: user-authorization-poa
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/user-authorization-service/user-authorization-poa:1.0.1-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: jvm-env
+        - configMapRef:
+            name: user-authorization-poa-env
+        resources:
+          requests:
+            memory: "512Mi"
+          limits:
+            memory: "512Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml
new file mode 100644
index 0000000..54cd1fd
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml
@@ -0,0 +1,106 @@
+# user-authorization-sa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-authorization-service-test
+  name: user-authorization-sa-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+  SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  SERVER_TOMCAT_MAX_THREADS: "800"
+  SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+  SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+  SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
+  SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
+
+  # SBA_URL: http://spring-boot-admin-svc.base.svc.cluster.local:8080
+
+  # LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_SA_MANGRANTED: debug
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: user-authorization-service-test
+  name: user-authorization-sa-svc
+  labels:
+    app: user-authorization-sa
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: user-authorization-sa
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: user-authorization-service-test
+  name: user-authorization-sa
+spec:
+  selector:
+    matchLabels:
+      app: user-authorization-sa
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: user-authorization-sa
+    spec:
+      containers:
+      - name: user-authorization-sa
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/user-authorization-service/user-authorization-sa:1.0.1-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: jvm-env
+        - configMapRef:
+            name: user-authorization-sa-env
+        resources:
+          requests:
+            memory: "1024Mi"
+          limits:
+            memory: "1024Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8888
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml
new file mode 100644
index 0000000..a8e0f95
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml
@@ -0,0 +1,57 @@
+# user-authorization-datax-job.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: user-authorization-service-test
+  name: user-authorization-datax-job-env
+data:
+  JOB_USER2AUTHZ_MYSQLREADER8_USERNAME: "user"
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç 
+  JOB_USER2AUTHZ_MYSQLREADER8_PASSWORD: "kingstar"
+  JOB_USER2AUTHZ_MYSQLREADER8_JDBC_URL: "jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai"
+
+  JOB_USER2AUTHZ_MYSQLWRITER8_USERNAME: "user_authz"
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç 
+  JOB_USER2AUTHZ_MYSQLWRITER8_PASSWORD: "kingstar"
+  JOB_USER2AUTHZ_MYSQLWRITER8_JDBC_URL: "jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user_authz?serverTimezone=Asia/Shanghai"
+
+
+---
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  namespace: user-authorization-service-test
+  name: user-authorization-datax-job
+spec:
+  schedule: "*/10 * * * *"
+  jobTemplate:
+    metadata:
+      labels:
+        app: user-authorization-datax-job
+    spec:
+      completions: 1
+      parallelism: 1
+      template:
+        metadata:
+          labels:
+            app: user-authorization-datax-job
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: user-authorization-datax-job
+            # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+            image: harbor.supwisdom.com/user-authorization-service/user-authorization-datax-job:1.0.1-SNAPSHOT
+            imagePullPolicy: Always
+            envFrom:
+            - configMapRef:
+                name: user-authorization-datax-job-env
+            # resources:
+            #   requests:
+            #     memory: "400Mi"
+            #   limits:
+            #     memory: "400Mi"
+          imagePullSecrets:
+            - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/0.cas-server-base.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/0.cas-server-base.yaml
new file mode 100644
index 0000000..673353c
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/0.cas-server-base.yaml
@@ -0,0 +1,215 @@
+# cas-server-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: cas-server-test
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+
+####################################################
+# redis-server
+####################################################
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: cas-server-test
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+type: Opaque
+data:
+  REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: cas-server-test
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+spec:
+  ports:
+  - name: redis
+    port: 6379
+    protocol: TCP
+    targetPort: redis
+  selector:
+    app: redis
+    release: redis-server
+    role: master
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: cas-server-test
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: redis
+      release: redis-server
+      role: master
+  serviceName: redis-master
+  template:
+    metadata:
+      labels:
+        app: redis
+        release: redis-server
+        role: master
+    spec:
+      containers:
+      - name: redis-server
+        env:
+        - name: REDIS_DISABLE_COMMANDS
+          value: FLUSHDB,FLUSHALL
+        - name: REDIS_REPLICATION_MODE
+          value: master
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-server
+              key: REDIS_PASSWORD
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: bitnami/redis:4.0
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹ ä¸º Always
+        imagePullPolicy: IfNotPresent
+        # imagePullPolicy: Always
+        livenessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        ports:
+        - containerPort: 6379
+          name: redis
+          protocol: TCP
+        readinessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+        - mountPath: /bitnami/redis/data
+          name: redis-data
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      securityContext:
+        fsGroup: 1001
+        # runAsUser: 1001
+        # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+        runAsUser: 0
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: redis-data
+      # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·å¢å ä»¥ä¸éç½®ï¼åæ¶æ³¨éå³å¯ï¼
+      # imagePullSecrets:
+      #   - name: harbor-registry
+  updateStrategy:
+    rollingUpdate:
+      partition: 0
+    type: RollingUpdate
+
+
+####################################################
+# rabbitmq-server
+####################################################
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: cas-server-test
+  name: rabbitmq-server
+  labels:
+    app: rabbitmq
+    release: rabbitmq-server
+type: Opaque
+data:
+  RABBITMQ_USERNAME: Z3Vlc3Q=
+  RABBITMQ_PASSWORD: Z3Vlc3Q=
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: cas-server-test
+  name: rabbitmq-server
+  labels:
+    app: rabbitmq-server
+spec:
+  ports:
+    - port: 5672
+      targetPort: tcp-1
+      protocol: TCP
+      name: tcp-1
+    - port: 15672
+      targetPort: tcp-2
+      protocol: TCP
+      name: tcp-2
+  selector:
+    app: rabbitmq-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cas-server-test
+  name: rabbitmq-server
+spec:
+  selector:
+    matchLabels:
+      app: rabbitmq-server
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: rabbitmq-server
+      annotations:
+        sidecar.istio.io/inject: "false"
+    spec:
+      containers:
+      - name: rabbitmq-server
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: rabbitmq:management
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹ ä¸º Always
+        imagePullPolicy: IfNotPresent
+        # imagePullPolicy: Always
+        ports:
+        - containerPort: 5672
+          name: tcp-1
+        - containerPort: 15672
+          name: tcp-2
+      # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·å¢å ä»¥ä¸éç½®ï¼åæ¶æ³¨éå³å¯ï¼
+      # imagePullSecrets:
+      #   - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/1.cas-server-env.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/1.cas-server-env.yaml
new file mode 100644
index 0000000..39a3199
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/1.cas-server-env.yaml
@@ -0,0 +1,51 @@
+# cas-server-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cas-server-test
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: cas-server-test
+  name: datasource-env-secret
+type: Opaque
+data:
+  # jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/cas_server?serverTimezone=Asia/Shanghai
+  JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLXRlc3Quc3ZjLmNsdXN0ZXIubG9jYWw6MzMwNi9jYXNfc2VydmVyP3NlcnZlclRpbWV6b25lPUFzaWEvU2hhbmdoYWk=
+  # cas_server
+  JDBC_USERNAME: Y2FzX3NlcnZlcg==
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # Nwpu@Supwisdom123
+  JDBC_PASSWORD: TndwdUBTdXB3aXNkb20xMjM=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: cas-server-test
+  name: redis-env-secret
+type: Opaque
+data:
+  SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+  SPRING_REDIS_PORT: NjM3OQ==
+  SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: cas-server-test
+  name: rabbitmq-env-secret
+type: Opaque
+data:
+  SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVy
+  SPRING_RABBITMQ_PORT: NTY3Mg==
+  SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
+  SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/2.cas-server-ingresses.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/2.cas-server-ingresses.yaml
new file mode 100644
index 0000000..a200ce3
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/2.cas-server-ingresses.yaml
@@ -0,0 +1,41 @@
+# cas-server-ingresses.yaml
+
+# åå»º ca-secret
+
+# cd PATH/ca/certs/client
+
+# kubectl describe secret ca-secret -n cas-server
+
+# kubectl create secret generic ca-secret --from-file=client.truststore=client.truststore -n cas-server
+
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: cas-server-test
+  name: cas-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+  #   cert-manager.io/cluster-issuer: "letsencrypt-staging"
+  #   nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  #   nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+  #   nginx.ingress.kubernetes.io/auth-tls-secret: "cas-server/ca-secret"
+  #   nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
+spec:
+  # tls:
+  # - hosts:
+  #   - cas.paas.xxx.edu.cn
+  #   secretName: cas-ingress-tls
+  rules:
+  # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+  - host: cas-test.paas.newcapec.cn
+    http:
+      paths:
+      - path: /cas
+        backend:
+          serviceName: cas-server-site-webapp-svc
+          servicePort: http
+
+
+# TODO: https éç½®è¯´æ
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml
new file mode 100644
index 0000000..68a8363
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml
@@ -0,0 +1,47 @@
+# cas-server-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cas-server-test
+  name: cas-server-installer-env
+data:
+  DB_TYPE: mysql8
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: cas-server-test
+  name: cas-server-installer
+spec:
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: cas-server-installer
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: cas-server-installer
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/cas-server/cas-server-installer:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: cas-server-installer-env
+        resources:
+          requests:
+            memory: "256Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml
new file mode 100644
index 0000000..fc90464
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml
@@ -0,0 +1,125 @@
+# cas-server-sa-api.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cas-server-test
+  name: cas-server-sa-api-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+
+  # SERVER_TOMCAT_ACCEPT_COUNT: "100"
+  # SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  # SERVER_TOMCAT_MAX_THREADS: "200"
+  # SERVER_TOMCAT_MIN_SPARE_THREADS: "10"
+
+  SERVICE_REFRESH_REDIS_TIMER_ENABLED: "true"
+  ACCOUNT_REFRESH_REDIS_TIMER_ENABLED: "false"
+  FEDERATION_REFRESH_REDIS_TIMER_ENABLED: "true"
+
+
+  USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
+  USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: cas-server-test
+  name: cas-server-sa-api-env-secret
+type: Opaque
+data:
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: Y2xpZW50
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: Y2xpZW50
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: Y2xpZW50
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: cas-server-test
+  name: cas-server-sa-api-svc
+  labels:
+    app: cas-server-sa-api
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: cas-server-sa-api
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cas-server-test
+  name: cas-server-sa-api
+spec:
+  selector:
+    matchLabels:
+      app: cas-server-sa-api
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cas-server-sa-api
+    spec:
+      containers:
+      - name: cas-server-sa-api
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/cas-server/cas-server-sa-api:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - secretRef:
+            name: redis-env-secret
+        - secretRef:
+            name: rabbitmq-env-secret
+        - configMapRef:
+            name: cas-server-sa-api-env
+        - secretRef:
+            name: cas-server-sa-api-env-secret
+        resources:
+          requests:
+            memory: "512Mi"
+          limits:
+            memory: "512Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml
new file mode 100644
index 0000000..bf0ba41
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml
@@ -0,0 +1,88 @@
+# cas-server-security-engine.yaml
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: cas-server-test
+  name: cas-server-security-engine-env-secret
+type: Opaque
+data:
+  #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: Y2xpZW50
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: Y2xpZW50
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: Y2xpZW50
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cas-server-test
+  name: cas-server-security-engine-env
+data:
+  CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
+  CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: cas-server-test
+  name: cas-server-security-engine-svc
+  labels:
+    app: cas-server-security-engine
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: cas-server-security-engine
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cas-server-test
+  name: cas-server-security-engine
+spec:
+  selector:
+    matchLabels:
+      app: cas-server-security-engine
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cas-server-security-engine
+    spec:
+      containers:
+      - name: cas-server-security-engine
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/cas-server/cas-server-security-engine:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - secretRef:
+            name: rabbitmq-env-secret
+        - configMapRef:
+            name: cas-server-security-engine-env
+        - secretRef:
+            name: cas-server-security-engine-env-secret
+        resources:
+          requests:
+            memory: "400Mi"
+          limits:
+            memory: "400Mi"
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
new file mode 100644
index 0000000..6a782d3
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
@@ -0,0 +1,235 @@
+# cas-server-site-webapp.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cas-server-test
+  name: cas-server-site-webapp-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEY_PASSWORD: ""
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+  SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  SERVER_TOMCAT_MAX_THREADS: "800"
+  SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+  SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+  SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+  SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
+
+
+  LOGGING_CONFIG: file:/etc/cas/log4j2-file.xml
+
+
+  ##
+  # è®¤è¯æå¡çå¤ç½è®¿é®å°åï¼
+  # **ä¿®æ¹** å­¦æ ¡çæ ¹åå
+  CAS_SERVER_NAME: https://cas-test.paas.newcapec.cn
+
+  # Ticket Granting Cookie
+  CAS_TGC_SECURE: "true"
+
+  # TGT Expiration Policy
+  CAS_TICKET_TGT_MAX_TIME_TO_LIVE_IN_SECONDS: "1209600"
+  CAS_TICKET_TGT_TIME_TO_KILL_IN_SECONDS: "172800"
+
+  # JWT Tickets
+  CAS_AUTHN_TOKEN_CRYPTO_SIGNING_KEY: "(@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2"
+
+  ##
+  # ç»å½UIï¼ä¸»é¢
+  SPRING_THYMELEAF_PREFIX: classpath:/templates/themes/classic/
+
+  ##
+  # æµè¯ç¯å¢ä¸­å¯ä½¿ç¨ï¼æ­£å¼ç¯å¢ä¸è¯·éç½®ä¸ºç©º
+  #
+  CAS_AUTHN_ACCEPT_USERS: ""
+
+
+  ## éç½®ç¬¬ä¸æ¹è®¤è¯çç¸å³åæ°
+  CASSERVER_FEDERATION_QQ_ENABLED: "true"
+  CASSERVER_FEDERATION_QQ_NAME: QQ
+  CASSERVER_FEDERATION_QQ_APPID: ""
+  CASSERVER_FEDERATION_QQ_APPKEY: ""
+
+  CASSERVER_FEDERATION_OPENWEIXIN_ENABLED: "true"
+  CASSERVER_FEDERATION_OPENWEIXIN_NAME: å¾®ä¿¡
+  CASSERVER_FEDERATION_OPENWEIXIN_APPID: ""
+  CASSERVER_FEDERATION_OPENWEIXIN_APPSECRET: ""
+
+  CASSERVER_FEDERATION_WORKWEIXIN_ENABLED: "true"
+  CASSERVER_FEDERATION_WORKWEIXIN_NAME: ä¼ä¸å¾®ä¿¡
+  CASSERVER_FEDERATION_WORKWEIXIN_CORPID: ""
+  CASSERVER_FEDERATION_WORKWEIXIN_AGENTID: ""
+  CASSERVER_FEDERATION_WORKWEIXIN_SECRET: ""
+
+  CASSERVER_FEDERATION_ALIPAY_ENABLED: "true"
+  CASSERVER_FEDERATION_ALIPAY_NAME: æ¯ä»å®
+  CASSERVER_FEDERATION_ALIPAY_APPID: ""
+  CASSERVER_FEDERATION_ALIPAY_APPPRIVATEKEY: ""
+  CASSERVER_FEDERATION_ALIPAY_ALIPAYPUBLICKEY: ""
+
+
+  # **ä¿®æ¹**
+  # jwt çç­¾åæ¹æ è¯ï¼ä¸è¬ä¸º è®¤è¯çåå
+  CASSERVER_JWT_ISS: cas-test.paas.newcapec.cn
+  # **ä¿®æ¹**
+  # åè certs/jwt/readme.md çæå¬ç§é¥pemï¼ä¿®æ¹ç¸å³éç½®
+  CASSERVER_JWT_PRIVATE_KEY_PEM_PKCS8: "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgShIdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyqfNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0+Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+95sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtWLiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCPWbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7MsmcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/DmcgSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8lXDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsSDS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr94RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1bLsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dOjAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvistOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38voNcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtksniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNmJMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8evFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Aiut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/cUPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdTWVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8KLdTYUkvPHsEAtxR+kwTAg=="
+  CASSERVER_JWT_PUBLIC_KEY_PEM: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQAB"
+
+  # **è§æåµä¿®æ¹**
+  ## æ¯å¦å¯ç¨ç»å½éªè¯ç 
+  CASSERVERSITE_CAPTCHA_ENABLED: "false"
+
+  ## éç½®ç¨æ·çç»å½åçæ­£åæ ¡éªï¼ç¨äºææºãé®ç®±ç»å½çå¤æ­ï¼
+  #CASSERVERSITE_USERNAME_REGEX_MOBILE: ""
+  # \d{11}$
+  #CASSERVERSITE_USERNAME_REGEX_EMAIL_ADDRESS: ""
+  # \w+\.?\w+@\w+\.[a-z]+(\.[a-z]+)?
+
+  ## éç½®è®¤è¯æ¶ï¼å¸å·æå¡çå®ç°ï¼ redis å¸å·æ°æ®å­æ¾å¨redisä¸­ï¼ user-sa å¸å·æ°æ®ä»ç¨æ·æå¡è·åï¼
+  CASSERVERSITE_ACCOUNT_SERVICE_IMPL: user-sa
+
+  ## éç½®è®¤è¯æ¶ï¼è§è²æå¡çå®ç°ï¼ redis è§è²æ°æ®å­æ¾å¨redisä¸­ï¼ user-authz-sa è§è²æ°æ®ä»æææå¡è·åï¼
+  CASSERVERSITE_ROLE_SERVICE_IMPL: user-authz-sa
+
+  ## éç½®è®¤è¯æ¶ï¼å¨æç çç­ä¿¡åéå®ç°ï¼ default æ§å¶å°è¾åºï¼ agent-service ä»£çæå¡ï¼
+  CASSERVERSITE_SMS_SENDER_IMPL: agent-service
+
+  # **ä¿®æ¹** å­¦æ ¡çæ ¹åå
+  CASSERVERSITE_FORGOT_PASSWORD_URL: https://security-center-test.paas.newcapec.cn/find-pwd
+  CASSERVERSITE_ACTIVE_ACCOUNT_URL: https://security-center-test.paas.newcapec.cn/active-account
+
+  ## å¨æç ç»å½ç¸å³éç½®
+  CASSERVERSITE_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300"
+  CASSERVERSITE_PASSWORDLESS_SMS_FROM: è®¤è¯ä¸­å¿
+  # **ä¿®æ¹** æ ¹æ®å®éæåµï¼ä¿®æ¹ç­ä¿¡æ¨¡æ¿
+  CASSERVERSITE_PASSWORDLESS_SMS_TEXT_TEMPLATE: ãè®¤è¯ä¸­å¿ã{name}ï¼æ¨æ­£å¨ç»å½ç»ä¸èº«ä»½è®¤è¯ï¼æ¬æ¬¡ç»å½çå¨æå¯ç ä¸º{token}ï¼æææ5åéï¼è¯·å°½å¿«å®æç»å½ã
+
+
+  TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080
+  TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  # **ä¿®æ¹**
+  # è¥é¡»å¯¹æ¥sms æ¥å£ï¼é¡»è¿è¡äºå¼å®å¶
+  TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
+
+
+  CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
+  CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+  USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
+  USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+  USER_AUTHZ_SERVICE_SA_API_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service-test.svc.cluster.local:8080
+  USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  ##
+  # è¶çº§APP Token çéªç­¾å¬é¥
+  # å¦é¡»å è¶çº§APP è¿è¡å¯¹æ¥ï¼ä¿®æ¹æ­¤éç½®
+  # **ä¿®æ¹** å­¦æ ¡çæ ¹åå
+  SUPERAPP_TOKEN_SIGNING_KEY_URL: https://token-test.paas.newcapec.cn/jwt/publicKey
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: cas-server-test
+  name: cas-server-site-webapp-svc
+  labels:
+    app: cas-server-site-webapp
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: cas-server-site-webapp
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cas-server-test
+  name: cas-server-site-webapp
+spec:
+  selector:
+    matchLabels:
+      app: cas-server-site-webapp
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cas-server-site-webapp
+    spec:
+      containers:
+      - name: cas-server-site-webapp
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/cas-server/cas-server-site-webapp:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: redis-env-secret
+        - secretRef:
+            name: rabbitmq-env-secret
+        - configMapRef:
+            name: cas-server-site-webapp-env
+        resources:
+          requests:
+            memory: "800Mi"
+          limits:
+            memory: "800Mi"
+        readinessProbe:
+          tcpSocket:
+            port: 8080
+          initialDelaySeconds: 30
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml
new file mode 100644
index 0000000..0c3c254
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml
@@ -0,0 +1,57 @@
+# cas-server-datax-job.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cas-server-test
+  name: cas-server-datax-job-env
+data:
+  JOB_ACCOUNT_USER2CAS_MYSQLREADER8_USERNAME: "user"
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç 
+  JOB_ACCOUNT_USER2CAS_MYSQLREADER8_PASSWORD: "kingstar"
+  JOB_ACCOUNT_USER2CAS_MYSQLREADER8_JDBC_URL: "jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai"
+
+  JOB_ACCOUNT_USER2CAS_MYSQLWRITER8_USERNAME: "cas_server"
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç 
+  JOB_ACCOUNT_USER2CAS_MYSQLWRITER8_PASSWORD: "kingstar"
+  JOB_ACCOUNT_USER2CAS_MYSQLWRITER8_JDBC_URL: "jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/cas_server?serverTimezone=Asia/Shanghai"
+
+
+---
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  namespace: cas-server-test
+  name: cas-server-datax-job
+spec:
+  schedule: "*/5 * * * *"
+  jobTemplate:
+    metadata:
+      labels:
+        app: cas-server-datax-job
+    spec:
+      completions: 1
+      parallelism: 1
+      template:
+        metadata:
+          labels:
+            app: cas-server-datax-job
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: cas-server-datax-job
+            # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+            image: harbor.supwisdom.com/cas-server/cas-server-datax-job:1.0.0-SNAPSHOT
+            imagePullPolicy: Always
+            envFrom:
+            - configMapRef:
+                name: cas-server-datax-job-env
+            # resources:
+            #   requests:
+            #     memory: "400Mi"
+            #   limits:
+            #     memory: "400Mi"
+          imagePullSecrets:
+            - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/jwt_private_key.pem b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/jwt_private_key.pem
new file mode 100644
index 0000000..e1c0db0
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/jwt_private_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrV
+SeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3
+tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn
+5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMlto
+PmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0
+MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQABAoIBAFbVhx3B54Cemyt9
+uS0mRpuU80wMG/xOqtcDtjrxjDVAj1m4cJLRh48swl62sulHMx0A4IgIYGR4IHbj
+NphTPqIASR0lmE6P14smZs6egksbzuCxlkCAW38TpQiBqZ5A3najTU3U75rkNpFA
+FVNciYV8NR+T5YvG26ZCJFMYW4+zLJnEmUuF2qo9Y4TlqAc7dUmRKR4A2eJvDBDA
+X4y7vv0kACFhnSZsgDXbFN1f3/w5nIEqru6ExWGYhBciak0cglRyZsiKgDgLah5C
+pyXBn3rq8FCLl+TVanWIY/yTPt5PJVw0cqMgtEAA4Z30fObl1fzp1wlQQvBgAbjD
++A2oh8kCgYEA48I7W1W/40Lq9iWLEg0tLGSN0uF/dvYFlOugMgpZ1DW0SFXDeC8o
+Z6fPnf5vfqFVepA340w57hM+01h6/eERXHnHYr3oc8UR3UZUafiIZrQrc7LT4UuX
+9FOv3ufQq8sYMVfoeYw1LLKJM3c9Wy7JwvPlYCjS9o1V6pLi5Bd0aoUCgYEA46hN
+fOlV96Ho+WJZi5qouC1RRVc6V++XTowBXPpHv0j15tdaO5Y9Tja/rfWSnMLz8fY+
+Tj1yWo22hNkMdSl80zykE+OBnaTr4rLTiUEjacdntNCuEp/+27CavvlCexbZkfoi
+b32Ktbltc+bWlSI4eYYcBbSAVt/L6DXIIQl1bzMCgYAFMEaT5RczATJDG0XYym4O
+BdhpRnPV7PLhmqCSo0O6nuKVh0altUVRXzROoB5AH0LIQQLU7cagEtYqkGh04iy4
+E5okOLlT8dhfVxvTMjNBS7d1skw7ZLJ4gXOPO264iy7o6NzF8BjCBOs1PfEq45z7
+EP1XvHZZ4YxkhKYglhwz1QKBgGcDZiTKlMrb6cbG2QwRrJzCbM76nHzj/kxdj9RZ
+sBN/WT3eXocuAYmdvnhh8bibgrUPHrxak58kFt3gNQHjBweynfAd9y21TcOj9ZJa
+9kJMJ8Iq10m4OiOAs1UNBycZfNPQIrreTODUChHy91A+Tt22cIGoXpZw6ByoEWnZ
+lNj/AoGADQW8aQ09UnciVBbisyef3FDwRczp93jRkaP0Xo10gouUqXfTqE8A4enW
+335O6VFi2B/wRSC1vfkS/LoTLfJnU1lYAyqza3WS3VlATbG/PUrfcfycJbnKoG07
+839BtIf2Yhjc8j4YBgAUa5VlWCHUvCi3U2FJLzx7BALcUfpMEwI=
+-----END RSA PRIVATE KEY-----
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/jwt_private_key_pkcs8.pem b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/jwt_private_key_pkcs8.pem
new file mode 100644
index 0000000..4c9e224
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/jwt_private_key_pkcs8.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgSh
+IdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyq
+fNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0
++Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+9
+5sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtW
+LiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4
+jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCP
+WbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO
+4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7Ms
+mcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/Dmc
+gSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8l
+XDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsS
+DS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr9
+4RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1b
+LsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dO
+jAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvi
+stOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38vo
+NcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1
+RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtk
+sniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNm
+JMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8e
+vFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Ai
+ut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/c
+UPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdT
+WVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8
+KLdTYUkvPHsEAtxR+kwTAg==
+-----END PRIVATE KEY-----
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/jwt_public_key.pem b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/jwt_public_key.pem
new file mode 100644
index 0000000..7523d69
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/jwt_public_key.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtAL
+iJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qv
+rn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjj
+zP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4
+O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K
+5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginj
+fwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/readme.md b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/readme.md
new file mode 100644
index 0000000..81ac267
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/certs/jwt/readme.md
@@ -0,0 +1,98 @@
+# readme.md
+
+
+## ä½¿ç¨ openssl çæ å¬ç§é¥
+
+
+1. çæç§é¥ App Private Key
+
+å¿é¡»ä¸º RSA2(SHA256)
+
+```bash
+openssl genrsa -out jwt_private_key.pem 2048
+```
+
+2. å°ç§é¥è½¬æ¢ä¸º PKCS8 æ ¼å¼
+
+```bash
+openssl pkcs8 -topk8 -inform PEM -in jwt_private_key.pem -outform PEM -nocrypt -out jwt_private_key_pkcs8.pem
+```
+
+3. å¯¼åºå¬é¥ App Public Key
+
+```bash
+openssl rsa -in jwt_private_key.pem -pubout -out jwt_public_key.pem
+```
+
+4. å° jwt_public_key.pem ä¸­çåå®¹ï¼å»é¤æ¢è¡åç©ºæ ¼ï¼è½¬æå­ç¬¦ä¸²ã
+
+å¤çåï¼
+```language
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwow0APEh9F91vvtAzl7V
+FmXRAOGhlo+22KX+rqC3ziGg4+yIk8evAL1T97XEuK1huqcAp+p4PIG2t/Rb3FBD
++vVJGoXKsyLCMUmT4Sy5/TRhb3TM0CHefvMZTSMwcVzKT07DtxyGgFZj9WsUYZWr
+BUPcu0vD6s7m5Qe3qFJJWVeRX8NDnVAxySzrz4bI4+1qvtyey/uap3I6txxRxUlI
+aMyTsD8pl63u14dD2FHRM6JY3tmdEpBEMWI91qmYbl9HkH/D6Xtumg0Hmzh06bdr
+lO3YNscpr6iN2ug6yGNtAh4/ug4P4ZV9nxImcj8l8Pt3jio1O0IIpf4MUCMD+C7P
+rQIDAQAB
+-----END PUBLIC KEY-----
+```
+å¤çåï¼
+```language
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwow0APEh9F91vvtAzl7VFmXRAOGhlo+22KX+rqC3ziGg4+yIk8evAL1T97XEuK1huqcAp+p4PIG2t/Rb3FBD+vVJGoXKsyLCMUmT4Sy5/TRhb3TM0CHefvMZTSMwcVzKT07DtxyGgFZj9WsUYZWrBUPcu0vD6s7m5Qe3qFJJWVeRX8NDnVAxySzrz4bI4+1qvtyey/uap3I6txxRxUlIaMyTsD8pl63u14dD2FHRM6JY3tmdEpBEMWI91qmYbl9HkH/D6Xtumg0Hmzh06bdrlO3YNscpr6iN2ug6yGNtAh4/ug4P4ZV9nxImcj8l8Pt3jio1O0IIpf4MUCMD+C7PrQIDAQAB
+-----END PUBLIC KEY-----
+```
+
+4. å° jwt_private_key_pkcs8.pem ä¸­çåå®¹ï¼å»é¤æ¢è¡åç©ºæ ¼ï¼è½¬æå­ç¬¦ä¸²ã
+
+å¤çåï¼
+```language
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDCjDQA8SH0X3W+
++0DOXtUWZdEA4aGWj7bYpf6uoLfOIaDj7IiTx68AvVP3tcS4rWG6pwCn6ng8gba3
+9FvcUEP69UkahcqzIsIxSZPhLLn9NGFvdMzQId5+8xlNIzBxXMpPTsO3HIaAVmP1
+axRhlasFQ9y7S8PqzublB7eoUklZV5Ffw0OdUDHJLOvPhsjj7Wq+3J7L+5qncjq3
+HFHFSUhozJOwPymXre7Xh0PYUdEzolje2Z0SkEQxYj3WqZhuX0eQf8Ppe26aDQeb
+OHTpt2uU7dg2xymvqI3a6DrIY20CHj+6Dg/hlX2fEiZyPyXw+3eOKjU7Qgil/gxQ
+IwP4Ls+tAgMBAAECggEAaQOlTpza5z5gIKcfZEZsX5q2JvOkddE9sdRolXrLvMkK
+P/39+0def9ey65OCjO2KQ2bCQ+Gc5YxfRQzySQpKp7yfqWFu+SNaD6DX4kRyYOtV
+bQRvSin+ICi5D5pfG9IqooSxwLX1JHF9o4wZhFN17XGkRLWxG55zpE12JbXFQiPB
+pck6hcMfx+r5wk7t4ret/8P/MDcyrPuUavJemd4D2jRrD7AmOGJDvElioFcOKA+V
+S8oe/uBdpU8cbYJvct68fHOzG9IW3hdqYV18fhNtWqp9WeuUP+F2UMmOXbAtZ106
+Zcd+V/jsse2G9KvGzmDA61ZGxzHUjt+JNIpN+V2HQQKBgQDkfYb8vIMc2yV0CM30
+mAaPIapgpw8brYS8v+azQR/jjsuHFJ1CQJAih79y2gwdjKbDl0XByjj/qiHLTPcu
+6dkuavdsV9MrlFfVqAXUMNDHrWEn5nMahlq3UZbflBqlavTr0gvEA8Da+ZXcRvWg
+TP5+g5RFrKHJVOyQ+GzgDggQawKBgQDZ+IDRthf0UHvvZsoUbeb37Wut9jdjRgLJ
+S1X4RtH+NPN23lvtTKJmUNfrFxiOfeVBfCXmGep0ibTqDVo0zBeHSu4BFM3BsICu
+7xafmLafZxZqHcgWuF9keOCWjKN5fzub5xGqd2yge9hGN2zA2U9qp4mltGzeoZ/0
+TuLuR59GRwKBgCGga7ZUVANyKQ/rn8vod8am0LlKvMl4/vj8UQp+gh/uSvvFR+OR
+NuUuDznq5y+OHJjacXS0uzC9LB4MZLBtz/2p1mIGhth6C3cxNDJnQMKyPIMvwi7c
+KQujoU2kMUu48vSlw/+EAeT4KFrzwoBl9GpQGQkr/99udSZcuUE8L2mjAoGAPRLn
+LVuDTL58a3D2sFC3BcLth/nUPSmxwCsutHlLf5ngme7l/RCa9GY0ibeX9t0JrpaV
+m+qpCexH18jT/LUu5oa1N3JX0Kye8eUmBqPoj7N30VX06YDRobpI24Yei/19e0p8
+ZbI+qpzo1YvUGhkJqo21AMwUMTFCO1cbOL6yvyMCgYAHUNBLhSOaIZpvbmyh5uz5
+Va/IIYU5nJcVAan8ExzdVBqeiDqlIDsUt/4xoV2sWOK1lDmL1QYeOOTOHdVcSUyN
+ZpvB3b/9RZ1bNQZA1trBBxjY7dXNwZZp0ah/bmO+i4dPXl+bU2mUqdyb1emFwcj0
+uNGn7GMQXLxalpCkz4SXRg==
+-----END PRIVATE KEY-----
+```
+å¤çåï¼
+```language
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDCjDQA8SH0X3W++0DOXtUWZdEA4aGWj7bYpf6uoLfOIaDj7IiTx68AvVP3tcS4rWG6pwCn6ng8gba39FvcUEP69UkahcqzIsIxSZPhLLn9NGFvdMzQId5+8xlNIzBxXMpPTsO3HIaAVmP1axRhlasFQ9y7S8PqzublB7eoUklZV5Ffw0OdUDHJLOvPhsjj7Wq+3J7L+5qncjq3HFHFSUhozJOwPymXre7Xh0PYUdEzolje2Z0SkEQxYj3WqZhuX0eQf8Ppe26aDQebOHTpt2uU7dg2xymvqI3a6DrIY20CHj+6Dg/hlX2fEiZyPyXw+3eOKjU7Qgil/gxQIwP4Ls+tAgMBAAECggEAaQOlTpza5z5gIKcfZEZsX5q2JvOkddE9sdRolXrLvMkKP/39+0def9ey65OCjO2KQ2bCQ+Gc5YxfRQzySQpKp7yfqWFu+SNaD6DX4kRyYOtVbQRvSin+ICi5D5pfG9IqooSxwLX1JHF9o4wZhFN17XGkRLWxG55zpE12JbXFQiPBpck6hcMfx+r5wk7t4ret/8P/MDcyrPuUavJemd4D2jRrD7AmOGJDvElioFcOKA+VS8oe/uBdpU8cbYJvct68fHOzG9IW3hdqYV18fhNtWqp9WeuUP+F2UMmOXbAtZ106Zcd+V/jsse2G9KvGzmDA61ZGxzHUjt+JNIpN+V2HQQKBgQDkfYb8vIMc2yV0CM30mAaPIapgpw8brYS8v+azQR/jjsuHFJ1CQJAih79y2gwdjKbDl0XByjj/qiHLTPcu6dkuavdsV9MrlFfVqAXUMNDHrWEn5nMahlq3UZbflBqlavTr0gvEA8Da+ZXcRvWgTP5+g5RFrKHJVOyQ+GzgDggQawKBgQDZ+IDRthf0UHvvZsoUbeb37Wut9jdjRgLJS1X4RtH+NPN23lvtTKJmUNfrFxiOfeVBfCXmGep0ibTqDVo0zBeHSu4BFM3BsICu7xafmLafZxZqHcgWuF9keOCWjKN5fzub5xGqd2yge9hGN2zA2U9qp4mltGzeoZ/0TuLuR59GRwKBgCGga7ZUVANyKQ/rn8vod8am0LlKvMl4/vj8UQp+gh/uSvvFR+ORNuUuDznq5y+OHJjacXS0uzC9LB4MZLBtz/2p1mIGhth6C3cxNDJnQMKyPIMvwi7cKQujoU2kMUu48vSlw/+EAeT4KFrzwoBl9GpQGQkr/99udSZcuUE8L2mjAoGAPRLnLVuDTL58a3D2sFC3BcLth/nUPSmxwCsutHlLf5ngme7l/RCa9GY0ibeX9t0JrpaVm+qpCexH18jT/LUu5oa1N3JX0Kye8eUmBqPoj7N30VX06YDRobpI24Yei/19e0p8ZbI+qpzo1YvUGhkJqo21AMwUMTFCO1cbOL6yvyMCgYAHUNBLhSOaIZpvbmyh5uz5Va/IIYU5nJcVAan8ExzdVBqeiDqlIDsUt/4xoV2sWOK1lDmL1QYeOOTOHdVcSUyNZpvB3b/9RZ1bNQZA1trBBxjY7dXNwZZp0ah/bmO+i4dPXl+bU2mUqdyb1emFwcj0uNGn7GMQXLxalpCkz4SXRg==
+-----END PRIVATE KEY-----
+```
+
+
+5. ï¼å¯éï¼å°pemåå®¹è¿è¡ base64 ç¼ç åï¼éç½®å°k8s
+
+echo -n '-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwow0APEh9F91vvtAzl7VFmXRAOGhlo+22KX+rqC3ziGg4+yIk8evAL1T97XEuK1huqcAp+p4PIG2t/Rb3FBD+vVJGoXKsyLCMUmT4Sy5/TRhb3TM0CHefvMZTSMwcVzKT07DtxyGgFZj9WsUYZWrBUPcu0vD6s7m5Qe3qFJJWVeRX8NDnVAxySzrz4bI4+1qvtyey/uap3I6txxRxUlIaMyTsD8pl63u14dD2FHRM6JY3tmdEpBEMWI91qmYbl9HkH/D6Xtumg0Hmzh06bdrlO3YNscpr6iN2ug6yGNtAh4/ug4P4ZV9nxImcj8l8Pt3jio1O0IIpf4MUCMD+C7PrQIDAQAB
+-----END PUBLIC KEY-----' |base64
+
+
+echo -n '-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDCjDQA8SH0X3W++0DOXtUWZdEA4aGWj7bYpf6uoLfOIaDj7IiTx68AvVP3tcS4rWG6pwCn6ng8gba39FvcUEP69UkahcqzIsIxSZPhLLn9NGFvdMzQId5+8xlNIzBxXMpPTsO3HIaAVmP1axRhlasFQ9y7S8PqzublB7eoUklZV5Ffw0OdUDHJLOvPhsjj7Wq+3J7L+5qncjq3HFHFSUhozJOwPymXre7Xh0PYUdEzolje2Z0SkEQxYj3WqZhuX0eQf8Ppe26aDQebOHTpt2uU7dg2xymvqI3a6DrIY20CHj+6Dg/hlX2fEiZyPyXw+3eOKjU7Qgil/gxQIwP4Ls+tAgMBAAECggEAaQOlTpza5z5gIKcfZEZsX5q2JvOkddE9sdRolXrLvMkKP/39+0def9ey65OCjO2KQ2bCQ+Gc5YxfRQzySQpKp7yfqWFu+SNaD6DX4kRyYOtVbQRvSin+ICi5D5pfG9IqooSxwLX1JHF9o4wZhFN17XGkRLWxG55zpE12JbXFQiPBpck6hcMfx+r5wk7t4ret/8P/MDcyrPuUavJemd4D2jRrD7AmOGJDvElioFcOKA+VS8oe/uBdpU8cbYJvct68fHOzG9IW3hdqYV18fhNtWqp9WeuUP+F2UMmOXbAtZ106Zcd+V/jsse2G9KvGzmDA61ZGxzHUjt+JNIpN+V2HQQKBgQDkfYb8vIMc2yV0CM30mAaPIapgpw8brYS8v+azQR/jjsuHFJ1CQJAih79y2gwdjKbDl0XByjj/qiHLTPcu6dkuavdsV9MrlFfVqAXUMNDHrWEn5nMahlq3UZbflBqlavTr0gvEA8Da+ZXcRvWgTP5+g5RFrKHJVOyQ+GzgDggQawKBgQDZ+IDRthf0UHvvZsoUbeb37Wut9jdjRgLJS1X4RtH+NPN23lvtTKJmUNfrFxiOfeVBfCXmGep0ibTqDVo0zBeHSu4BFM3BsICu7xafmLafZxZqHcgWuF9keOCWjKN5fzub5xGqd2yge9hGN2zA2U9qp4mltGzeoZ/0TuLuR59GRwKBgCGga7ZUVANyKQ/rn8vod8am0LlKvMl4/vj8UQp+gh/uSvvFR+ORNuUuDznq5y+OHJjacXS0uzC9LB4MZLBtz/2p1mIGhth6C3cxNDJnQMKyPIMvwi7cKQujoU2kMUu48vSlw/+EAeT4KFrzwoBl9GpQGQkr/99udSZcuUE8L2mjAoGAPRLnLVuDTL58a3D2sFC3BcLth/nUPSmxwCsutHlLf5ngme7l/RCa9GY0ibeX9t0JrpaVm+qpCexH18jT/LUu5oa1N3JX0Kye8eUmBqPoj7N30VX06YDRobpI24Yei/19e0p8ZbI+qpzo1YvUGhkJqo21AMwUMTFCO1cbOL6yvyMCgYAHUNBLhSOaIZpvbmyh5uz5Va/IIYU5nJcVAan8ExzdVBqeiDqlIDsUt/4xoV2sWOK1lDmL1QYeOOTOHdVcSUyNZpvB3b/9RZ1bNQZA1trBBxjY7dXNwZZp0ah/bmO+i4dPXl+bU2mUqdyb1emFwcj0uNGn7GMQXLxalpCkz4SXRg==
+-----END PRIVATE KEY-----' |base64
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/0.token-server-base.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/0.token-server-base.yaml
new file mode 100644
index 0000000..aeda1f2
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/0.token-server-base.yaml
@@ -0,0 +1,143 @@
+# 0.token-server-base.yaml
+
+####################################################
+# harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: token-server-test
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+
+####################################################
+# redis-server
+####################################################
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: token-server-test
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+type: Opaque
+data:
+  REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: token-server-test
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+spec:
+  ports:
+  - name: redis
+    port: 6379
+    protocol: TCP
+    targetPort: redis
+  selector:
+    app: redis
+    release: redis-server
+    role: master
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: token-server-test
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: redis
+      release: redis-server
+      role: master
+  serviceName: redis-master
+  template:
+    metadata:
+      labels:
+        app: redis
+        release: redis-server
+        role: master
+    spec:
+      containers:
+      - name: redis-server
+        env:
+        - name: REDIS_DISABLE_COMMANDS
+          value: FLUSHDB,FLUSHALL
+        - name: REDIS_REPLICATION_MODE
+          value: master
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-server
+              key: REDIS_PASSWORD
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: bitnami/redis:4.0
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹ ä¸º Always
+        imagePullPolicy: IfNotPresent
+        # imagePullPolicy: Always
+        livenessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        ports:
+        - containerPort: 6379
+          name: redis
+          protocol: TCP
+        readinessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+        - mountPath: /bitnami/redis/data
+          name: redis-data
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      securityContext:
+        fsGroup: 0
+        # fsGroup: 1001
+        # runAsUser: 1001
+        # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+        runAsUser: 0
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: redis-data
+      # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·å¢å ä»¥ä¸éç½®ï¼åæ¶æ³¨éå³å¯ï¼
+      # imagePullSecrets:
+      #   - name: harbor-registry
+  updateStrategy:
+    rollingUpdate:
+      partition: 0
+    type: RollingUpdate
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/1.token-server-env.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/1.token-server-env.yaml
new file mode 100644
index 0000000..684344b
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/1.token-server-env.yaml
@@ -0,0 +1,38 @@
+# 1.token-server-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: token-server-test
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: token-server-test
+  name: datasource-env-secret
+type: Opaque
+data:
+  # jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/token_server?serverTimezone=Asia/Shanghai
+  JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLXRlc3Quc3ZjLmNsdXN0ZXIubG9jYWw6MzMwNi90b2tlbl9zZXJ2ZXI/c2VydmVyVGltZXpvbmU9QXNpYS9TaGFuZ2hhaQ==
+  # token_server
+  JDBC_USERNAME: dG9rZW5fc2VydmVy
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # Nwpu@Supwisdom123
+  JDBC_PASSWORD: TndwdUBTdXB3aXNkb20xMjM=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: token-server-test
+  name: redis-env-secret
+type: Opaque
+data:
+  SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+  SPRING_REDIS_PORT: NjM3OQ==
+  SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml
new file mode 100644
index 0000000..78c316c
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml
@@ -0,0 +1,23 @@
+# 2.token-server-ingresses.yaml
+
+
+# ç§»å¨ç«¯åºç¨è®¤è¯æå¡
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: token-server-test
+  name: token-server-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+spec:
+  rules:
+  # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+  - host: token-test.paas.newcapec.cn
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: token-server-svc
+          servicePort: http
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml
new file mode 100644
index 0000000..4a48a3d
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml
@@ -0,0 +1,47 @@
+# 4.0.token-server-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: token-server-test
+  name: token-server-installer-env
+data:
+  DB_TYPE: mysql8
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: token-server-test
+  name: token-server-installer
+spec:
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: token-server-installer
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: token-server-installer
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/token-server/token-server-installer:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: token-server-installer-env
+        resources:
+          requests:
+            memory: "256Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
new file mode 100644
index 0000000..dbf24f4
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
@@ -0,0 +1,176 @@
+# 4.1.token-server.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: token-server-test
+  name: token-server-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEY_PASSWORD: ""
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+  SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  SERVER_TOMCAT_MAX_THREADS: "800"
+  SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+  SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+  SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+  SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
+
+
+  # **ä¿®æ¹** ä»æ¶æ¯ä¸­å¿ç³è¯·
+  MESSAGECENTER_ENABLED: "false"
+  MESSAGECENTER_APP_ID: ""
+  MESSAGECENTER_MESSAGE_TYPE_CODE_APP_LOGIN: APP_LOGIN
+
+  # **ä¿®æ¹** ä»POAç³è¯·
+  POA_SERVER_URL: https://poa-test.paas.newcapec.cn
+  POA_CLIENT_ID: ""
+  POA_CLIENT_SECRET: ""
+  POA_SCOPES: messagecenter:v1:sendMessage
+
+
+  # **ä¿®æ¹** å­¦æ ¡çæ ¹åå
+  TOKEN_SERVER_PREFIX: https://token-test.paas.newcapec.cn
+  # **ä¿®æ¹** å­¦æ ¡çæ ¹åå
+  TOKEN_SERVER_SECURITY_JWT_ISS: token-test.paas.newcapec.cn
+  #TOKEN_SERVER_SECURITY_JWT_EXPIRATION: 2592000
+  #TOKEN_SERVER_SECURITY_JWT_KICKOUT_ENABLED: "false"
+  # **ä¿®æ¹**
+  # è¯·ä½¿ç¨ä¸ cas-server ä¸è´çå¬ç§é¥
+  TOKEN_SERVER_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgShIdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyqfNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0+Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+95sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtWLiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCPWbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7MsmcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/DmcgSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8lXDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsSDS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr94RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1bLsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dOjAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvistOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38voNcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtksniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNmJMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8evFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Aiut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/cUPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdTWVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8KLdTYUkvPHsEAtxR+kwTAg=="
+  TOKEN_SERVER_SECURITY_JWT_PUBLIC_KEY_PEM: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQAB"
+
+
+  # face
+  # aiface æ°å¼æ®äººè¸ï¼aipface ç¾åº¦äººè¸
+  TOKEN_SERVER_FACE_SOURCE_TYPE: aiface
+
+  # è¥é¡»å¯¹æ¥æ°å¼æ®äººè¸ï¼é¡»ç±æ°å¼æ®äººè¸ç³»ç»æä¾ç¸å³éç½®
+  TOKEN_SERVER_FACE_AIFACE_URL: ""
+  TOKEN_SERVER_FACE_AIFACE_APPKEY: ""
+  TOKEN_SERVER_FACE_AIFACE_APPSECRET: ""
+  TOKEN_SERVER_FACE_AIFACE_SECRETKEY: ""
+  TOKEN_SERVER_FACE_AIFACE_TERM_CODE: ""
+
+  # è¥é¡»å¯¹æ¥ç¾åº¦äººè¸ï¼é¡»å¨ç¾åº¦å¼æ¾å¹³å°æ³¨ååºç¨
+  TOKEN_SERVER_FACE_AIPFACE_APPID: ""
+  TOKEN_SERVER_FACE_AIPFACE_APIKEY: ""
+  TOKEN_SERVER_FACE_AIPFACE_SECRETKEY: ""
+
+
+  # passwordless
+  TOKEN_SERVER_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300"
+  TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE: ãè®¤è¯ä¸­å¿ã{name}ï¼æ¨æ­£å¨è¿è¡ç»å½ï¼æ¬æ¬¡ç»å½çå¨æå¯ç ä¸º{token}ï¼æææ5åéï¼è¯·å°½å¿«å®æç»å½ã
+  TOKEN_SERVER_PASSWORDLESS_SMS_FROM: è®¤è¯ä¸­å¿
+
+
+  CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
+  CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
+  USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+  TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080
+  TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: token-server-test
+  name: token-server-svc
+  labels:
+    app: token-server
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: token-server
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: token-server-test
+  name: token-server
+spec:
+  selector:
+    matchLabels:
+      app: token-server
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: token-server
+    spec:
+      containers:
+      - name: token-server
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯· **ä¿®æ¹**
+        image: harbor.supwisdom.com/token-server/token-server:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - secretRef:
+            name: redis-env-secret
+        - configMapRef:
+            name: token-server-env
+        resources:
+          requests:
+            memory: "512Mi"
+          limits:
+            memory: "512Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/0.personal-security-center-base.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/0.personal-security-center-base.yaml
new file mode 100644
index 0000000..fc26858
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/0.personal-security-center-base.yaml
@@ -0,0 +1,144 @@
+# personal-security-center-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: personal-security-center-test
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+
+####################################################
+# redis-server
+####################################################
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: personal-security-center-test
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+type: Opaque
+data:
+  REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: personal-security-center-test
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+spec:
+  ports:
+  - name: redis
+    port: 6379
+    protocol: TCP
+    targetPort: redis
+  selector:
+    app: redis
+    release: redis-server
+    role: master
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: personal-security-center-test
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: redis
+      release: redis-server
+      role: master
+  serviceName: redis-master
+  template:
+    metadata:
+      labels:
+        app: redis
+        release: redis-server
+        role: master
+    spec:
+      containers:
+      - name: redis-server
+        env:
+        - name: REDIS_DISABLE_COMMANDS
+          value: FLUSHDB,FLUSHALL
+        - name: REDIS_REPLICATION_MODE
+          value: master
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-server
+              key: REDIS_PASSWORD
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: bitnami/redis:4.0
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹ ä¸º Always
+        imagePullPolicy: IfNotPresent
+        # imagePullPolicy: Always
+        livenessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        ports:
+        - containerPort: 6379
+          name: redis
+          protocol: TCP
+        readinessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+        - mountPath: /bitnami/redis/data
+          name: redis-data
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      securityContext:
+        fsGroup: 1001
+        # runAsUser: 1001
+        # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+        runAsUser: 0
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: redis-data
+      # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·å¢å ä»¥ä¸éç½®ï¼åæ¶æ³¨éå³å¯ï¼
+      # imagePullSecrets:
+      #   - name: harbor-registry
+  updateStrategy:
+    rollingUpdate:
+      partition: 0
+    type: RollingUpdate
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/1.personal-security-center-env.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/1.personal-security-center-env.yaml
new file mode 100644
index 0000000..09f2982
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/1.personal-security-center-env.yaml
@@ -0,0 +1,22 @@
+# personal-security-center-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: personal-security-center-test
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: personal-security-center-test
+  name: redis-env-secret
+type: Opaque
+data:
+  SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+  SPRING_REDIS_PORT: NjM3OQ==
+  SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/2.personal-security-center-ingresses.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/2.personal-security-center-ingresses.yaml
new file mode 100644
index 0000000..1835d17
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/2.personal-security-center-ingresses.yaml
@@ -0,0 +1,41 @@
+# personal-security-center-ingresses.yaml
+
+
+# ä¸ªäººä¸­å¿åç«¯æ¥å£
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: personal-security-center-test
+  name: personal-security-center-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+spec:
+  rules:
+  # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+  - host: personal-security-center-test.paas.newcapec.cn
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: personal-security-center-zuul-svc
+          servicePort: http
+
+
+# å®å¨ä¸­å¿åç«¯
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: personal-security-center-test
+  name: security-center-ui-ingress
+spec:
+  rules:
+  # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+  - host: security-center-test.paas.newcapec.cn
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: security-center-ui-svc
+          servicePort: http
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml
new file mode 100644
index 0000000..49f640a
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml
@@ -0,0 +1,225 @@
+# personal-security-center-bff.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: personal-security-center-test
+  name: personal-security-center-bff-template-env
+data:
+  # æ ¹æ®æåµï¼ä¿®æ¹é®ä»¶æ¨¡æ¿
+  EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: '{name}ï¼æ¨æ­£å¨æ¿æ´»å¸å·ï¼é¡»éªè¯é®ç®±ææï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{name}ï¼æ¨æ­£å¨æ¾åå¯ç ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  
+  EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{name}ï¼æ¨æ­£å¨ä¿®æ¹å¯ç ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{name}ï¼æ¨æ­£å¨ä¿®æ¹å®å¨é®ç®±ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}ï¼æ¨æ­£å¨ä¿®æ¹å®å¨é®ç®±ï¼é¡»éªè¯é®ç®±ææï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{name}ï¼æ¨æ­£å¨ä¿®æ¹å®å¨ææºï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+
+  EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{name}ï¼æ¨æ­£å¨ç»å®QQï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{name}ï¼æ¨æ­£å¨è§£ç»QQï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{name}ï¼æ¨æ­£å¨ç»å®å¾®ä¿¡ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{name}ï¼æ¨æ­£å¨è§£ç»å¾®ä¿¡ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{name}ï¼æ¨æ­£å¨ç»å®ä¼ä¸å¾®ä¿¡ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{name}ï¼æ¨æ­£å¨è§£ç»ä¼ä¸å¾®ä¿¡ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{name}ï¼æ¨æ­£å¨ç»å®æ¯ä»å®ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{name}ï¼æ¨æ­£å¨è§£ç»æ¯ä»å®ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+
+  # æ ¹æ®æåµï¼ä¿®æ¹ç­ä¿¡æ¨¡æ¿
+  SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_PRE_MOBILE: '{prefix}{name}ï¼æ¨æ­£å¨æ¿æ´»å¸å·ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: '{prefix}{name}ï¼æ¨æ­£å¨æ¿æ´»å¸å·ï¼é¡»éªè¯ææºææï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{prefix}{name}ï¼æ¨æ­£å¨æ¾åå¯ç ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+
+  SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{prefix}{name}ï¼æ¨æ­£å¨ä¿®æ¹å¯ç ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{prefix}{name}ï¼æ¨æ­£å¨ä¿®æ¹å®å¨é®ç®±ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{prefix}{name}ï¼æ¨æ­£å¨ä¿®æ¹å®å¨ææºï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: '{prefix}{name}ï¼æ¨æ­£å¨ä¿®æ¹å®å¨ææºï¼é¡»éªè¯ææºææï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+
+  SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{prefix}{name}ï¼æ¨æ­£å¨ç»å®QQï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{prefix}{name}ï¼æ¨æ­£å¨è§£ç»QQï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{prefix}{name}ï¼æ¨æ­£å¨ç»å®å¾®ä¿¡ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{prefix}{name}ï¼æ¨æ­£å¨è§£ç»å¾®ä¿¡ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{prefix}{name}ï¼æ¨æ­£å¨ç»å®ä¼ä¸å¾®ä¿¡ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{prefix}{name}ï¼æ¨æ­£å¨è§£ç»ä¼ä¸å¾®ä¿¡ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}{name}ï¼æ¨æ­£å¨ç»å®æ¯ä»å®ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+  SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}{name}ï¼æ¨æ­£å¨è§£ç»æ¯ä»å®ï¼é¡»éªè¯èº«ä»½ï¼éªè¯ç {code}ï¼æææ5åéï¼è¯·å°½å¿«å®æéªè¯ã'
+
+  SMS_TEMPLATE_PREFIX: ''
+
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: personal-security-center-test
+  name: personal-security-center-bff-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+  SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  SERVER_TOMCAT_MAX_THREADS: "800"
+  SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+  SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+  SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+  SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
+
+  LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
+
+
+  # ä¿®æ¹ä¸ºå­¦æ ¡ç personal-security-center çè®¿é®åå
+  PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://personal-security-center-test.newcapec.edu.cn
+  # ä¿®æ¹ä¸ºå­¦æ ¡ç cas çè®¿é®åå
+  CAS_SERVER_PREFIX: https://cas-test.paas.newcapec.cn/cas
+
+  PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
+
+
+  # æ°å¼æ®äººè¸å¯¹æ¥éç½®
+  # ä¿®æ¹ä¸ºå®éé¡¹ç®éç½®
+  PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
+  PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
+  PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
+  PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
+  PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
+
+
+  CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server-test.svc.cluster.local:8080/cas
+  CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
+  #CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
+  CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
+  USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+  TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/file/db
+  TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/mail/smtp
+  TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/sms/console
+  TPAS_CLIENT_AUTH_ENABLED: "false"
+  #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+  #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+  # COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
+  # COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
+  # COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
+  # COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
+  # COMMUNICATOR_EMAIL_VALIDATE: "true"
+
+  # COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: personal-security-center-test
+  name: personal-security-center-bff-env-secret
+type: Opaque
+data:
+
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: personal-security-center-test
+  name: personal-security-center-bff-svc
+  labels:
+    app: personal-security-center-bff
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: personal-security-center-bff
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: personal-security-center-test
+  name: personal-security-center-bff
+spec:
+  selector:
+    matchLabels:
+      app: personal-security-center-bff
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: personal-security-center-bff
+    spec:
+      containers:
+      - name: personal-security-center-bff
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.0.2-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: redis-env-secret
+        - secretRef:
+            name: personal-security-center-bff-env-secret
+        - configMapRef:
+            name: personal-security-center-bff-env
+        - configMapRef:
+            name: personal-security-center-bff-template-env
+        resources:
+          requests:
+            memory: "1024Mi"
+          limits:
+            memory: "1024Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml
new file mode 100644
index 0000000..b031443
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml
@@ -0,0 +1,169 @@
+# personal-security-center-zuul.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: personal-security-center-test
+  name: personal-security-center-zuul-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+  SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  SERVER_TOMCAT_MAX_THREADS: "800"
+  SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+  ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000"
+  ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000"
+
+  ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000"
+
+  LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER: INFO
+
+
+  ZUUL_ROUTES_PERSONAL_ME_URL: http://personal-security-center-bff-svc.personal-security-center-test.svc.cluster.local:8080/api/v1/me
+  ZUUL_ROUTES_PERSONAL_BFF_URL: http://personal-security-center-bff-svc.personal-security-center-test.svc.cluster.local:8080/api/v1
+
+  ZUUL_ROUTES_USER_BIZ_URL: http://user-data-service-biz-svc.user-data-service-test.svc.cluster.local:8080/api/v1/user/biz
+
+  # ä¿®æ¹ä¸ºå­¦æ ¡ç portal çè®¿é®åå
+  ZUUL_ROUTES_PORTAL_URL: https://portal.paas.newcapec.cn/portal-web/api
+
+
+  INFRAS_SECURITY_BASIC_ENABLED: "false"
+  
+  INFRAS_SECURITY_JWT_ENABLED: "true"
+  #INFRAS_SECURITY_JWT_KEY_ALIAS: "supwisdom-jwt-key"
+  #INFRAS_SECURITY_JWT_KEY_PASSWORD: "changeit"
+  #INFRAS_SECURITY_JWT_KEY_STORE: "file:/certs/jwt/jwt.keystore"
+  #INFRAS_SECURITY_JWT_KEY_STORE_PASSWORD: "changeit"
+
+  INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas
+  INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: ""
+  INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server-test.svc.cluster.local:8080/cas/jwt/publicKey"
+
+
+  INFRAS_SECURITY_CAS_ENABLED: "true"
+  # ä¿®æ¹ä¸ºå­¦æ ¡ç personal-security-center çè®¿é®åå
+  APP_SERVER_HOST_URL: "https://personal-security-center-test.paas.newcapec.cn"
+  #APP_LOGIN_URL: "/cas/login"
+  #APP_LOGOUT_URL: "/cas/logout"
+  # ä¿®æ¹ä¸ºå­¦æ ¡ç cas çè®¿é®åå
+  CAS_SERVER_HOST_URL: "https://cas-test.paas.newcapec.cn/cas"
+
+
+  ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
+  #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: ""
+  #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+
+
+  USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
+  USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service-test.svc.cluster.local:8080
+  USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: personal-security-center-test
+  name: personal-security-center-zuul-env-secret
+type: Opaque
+data:
+  # åè certs/jwt/readme.md çæå¬ç§é¥pemï¼æ¿æ¢ç¸å³éç½®
+  INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDeW9BNzhMbTlHT3NlS1pPL1lZenlWWUJ6cQpaREVzdWlXNVFleXJDL2JFWFZrT2lKc0RnNFRjc2o5Vnp5dGp2MEFZVmxEcmkxdlExaWZhSG9HN0Z1dE40cTVICllxbGZDSzdvOXpNRWo2cU40NFIydUtjR3BCQnd0WlNCZGxWc2tLZ2NOWGlvU3RTRjZZTFp1Q25jWU5HUXZaOSsKeGY5bll5L09scXczWUFQRUx3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==
+  INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFMS2dEdnd1YjBZNng0cGsKNzloalBKVmdIT3BrTVN5NkpibEI3S3NMOXNSZFdRNkltd09EaE55eVAxWFBLMk8vUUJoV1VPdUxXOURXSjlvZQpnYnNXNjAzaXJrZGlxVjhJcnVqM013U1BxbzNqaEhhNHB3YWtFSEMxbElGMlZXeVFxQncxZUtoSzFJWHBndG00CktkeGcwWkM5bjM3Ri8yZGpMODZXckRkZ0E4UXZBZ01CQUFFQ2dZRUFuakhFczdDSUdlR0t3TlZkMlAwaU5ZU1cKZHp0ZWxhY1NLN3puMWlCVlhsanh1ejVlVXNGU2xJWkVNMEd6d3JZcEZLUzFLN1lURGFQc1RXOUJJNmxMb0FaawpnaU1vOUE5YnMzdW5XOEg3N2M5T3NTUXZpdHM1eGp3MEJ0dFo0dVhwYmdlUlJmS1dFOFp6MngyYWFIeVdyU1ZIClJINGVya3JYSTFrZzZwQTlyaWtDUVFEaVd0VW5kWktpWHFNTkhJb1RrOUpLNXFyaVJqdS9FTzdtVncvRGo4RmEKSVhFOTMvTkhSVllMZ3E2cFY4SUJiNmlhZnpXbittdkplR3AvbEJsaU81dHpBa0VBeWdUMTE4V25jaFl5elNlTAp3NlVDUkhIOHlJRGx6aGwzWFhxTnhDV2M5V1dGbVpZSERIVy92L2x5dnpwUEtmb3VucmhoUTVXY2g4eGVDSDVqCml1WjlWUUpCQUtsRkJkdUJSOHVXZTlaRlBsaFBsZFlmVXpEdEZxYldVZUQ4d0RRZFg1azRJd2dEWGxrdzE1eTUKK0VWNDlBTEE3bFBDeDJ3N2o3bFZERWNsaUNuMnExTUNRQnltSTI4Y0dxajFPUE1iSHBqNk41NFpSQzN6Q2FQMgp2SlRISW4ra2plUEhKL0VsODQzeXpPU2VyWVVzOGJrVVA3UkdsWlNPRFFxOUVzREZtN3hBLzVrQ1FRQ3A1ZldQCnNWbjFsek15ckYxNHJSK0ZSSWZMazBFMnBMdm5aYzV0NjB3OFpzSVFPRGlOTXZvSDRZUEdSemFpcG9LQnlSeE0KazR1WElVVTMxaVN6VGR4ZgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: personal-security-center-test
+  name: personal-security-center-zuul-svc
+  labels:
+    app: personal-security-center-zuul
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: personal-security-center-zuul
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: personal-security-center-test
+  name: personal-security-center-zuul
+spec:
+  selector:
+    matchLabels:
+      app: personal-security-center-zuul
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: personal-security-center-zuul
+    spec:
+      containers:
+      - name: personal-security-center-zuul
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/personal-security-center/personal-security-zuul:1.0.2-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: personal-security-center-zuul-env-secret
+        - configMapRef:
+            name: personal-security-center-zuul-env
+        resources:
+          requests:
+            memory: "512Mi"
+          limits:
+            memory: "512Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml
new file mode 100644
index 0000000..48d3bcc
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml
@@ -0,0 +1,70 @@
+# 4.9.security-center-ui.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: personal-security-center-test
+  name: security-center-ui-env
+data:
+  SCHOOL_NAME: sw
+  MAIN_SERVER: https://security-center-test.paas.newcapec.cn
+
+  PERSONAL_CENTER_API: https://personal-security-center-test.paas.newcapec.cn
+  
+  AUTH_CAS: https://cas-test.paas.newcapec.cn/cas
+  JWT_ISS: https://cas-test.paas.newcapec.cn/cas
+  JWT_SECRET: (@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: personal-security-center-test
+  name: security-center-ui-svc
+  labels:
+    app: security-center-ui-svc
+spec:
+  ports:
+  - port: 80
+    targetPort: http
+    protocol: TCP
+    name: http
+  selector:
+    app: security-center-ui
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: personal-security-center-test
+  name: security-center-ui
+spec:
+  selector:
+    matchLabels:
+      app: security-center-ui
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: security-center-ui
+    spec:
+      containers:
+      - name: security-center-ui
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/personal-security-center/security-center-ui:0.0.1
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+          name: http
+        envFrom:
+        - configMapRef:
+            name: security-center-ui-env
+        resources:
+          requests:
+            memory: "128Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/certs/jwt/readme.md b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/certs/jwt/readme.md
new file mode 100644
index 0000000..3c94b3e
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/6.personal-security-center/certs/jwt/readme.md
@@ -0,0 +1,83 @@
+# readme.md
+
+
+## ä½¿ç¨ openssl çæ å¬ç§é¥
+
+
+1. çæç§é¥ App Private Key
+
+å¿é¡»ä¸º RSA2(SHA256)
+
+```bash
+openssl genrsa -out jwt_private_key.pem 1024
+```
+
+2. å°ç§é¥è½¬æ¢ä¸º PKCS8 æ ¼å¼
+
+```bash
+openssl pkcs8 -topk8 -inform PEM -in jwt_private_key.pem -outform PEM -nocrypt -out jwt_private_key_pkcs8.pem
+```
+
+3. å¯¼åºå¬é¥ App Public Key
+
+```bash
+openssl rsa -in jwt_private_key.pem -pubout -out jwt_public_key.pem
+```
+
+4. å° jwt_public_key.pem ä¸­çåå®¹ï¼å»é¤æ¢è¡åç©ºæ ¼ï¼è½¬æå­ç¬¦ä¸²ã
+
+å¤çåï¼
+```language
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI
+2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbB
+XVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3
+FugvRF/6jdTQis2LcQIDAQAB
+-----END PUBLIC KEY-----
+```
+å¤çåï¼
+```language
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbBXVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3FugvRF/6jdTQis2LcQIDAQAB
+-----END PUBLIC KEY-----
+```
+
+4. å° jwt_private_key_pkcs8.pem ä¸­çåå®¹ï¼å»é¤æ¢è¡åç©ºæ ¼ï¼è½¬æå­ç¬¦ä¸²ã
+
+å¤çåï¼
+```language
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTX
+tPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRI
+H9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxE
+mbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7r
+Y0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+
+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH
+04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU
+/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/
+hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vq
+kcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f
+3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxam
+TnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZ
+y7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqR
+hh20uoiJ/Hfky6A=
+-----END PRIVATE KEY-----
+```
+å¤çåï¼
+```language
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTXtPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRIH9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxEmbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7rY0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vqkcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxamTnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZy7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqRhh20uoiJ/Hfky6A=
+-----END PRIVATE KEY-----
+```
+
+
+5. ï¼å¯éï¼å°pemåå®¹è¿è¡ base64 ç¼ç åï¼éç½®å°k8s
+
+echo -n '-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzgNo1jsexpIahW50bbEFcJV6qzOnjjMBum4jMB/CgkJqZHxEh9u1yhdzfdHI+TJREy9RuoqumdRGpVA+YXOwHZnPUU/cHQQkITViPVPSvIHLKA7eqHbmb9FZdQZfFmadBm+AcVpQG+h4SuJgD5yAtye7oRLzxEGXZM+trt8HoFwIDAQAB
+-----END PUBLIC KEY-----' |base64
+
+
+echo -n '-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAPOA2jWOx7GkhqFbnRtsQVwlXqrM6eOMwG6biMwH8KCQmpkfESH27XKF3N90cj5MlETL1G6iq6Z1EalUD5hc7Admc9RT9wdBCQhNWI9U9K8gcsoDt6oduZv0Vl1Bl8WZp0Gb4BxWlAb6HhK4mAPnIC3J7uhEvPEQZdkz62u3wegXAgMBAAECgYEA7mA8veOJsGjs9zd1ZKwki+11cGVrrjxTAbS3RW2cbcNB5RZZslNF/i/3mrUnRb+4AmU8EBalTS4b3RUSs0h8MZV9ObLazZg/c8GlLJeISuRWSuCG7ysvn4NS5ncCj5LW/0w6qKTtzIZqKdMbKfPl1xs+fPCaqlv7mpzIGUYGOKECQQD9125TlH6ftXoR5qaN6CLUuRpdpizjE59pmQMxgL/MQS45G9pUtTHfCZVDKgftqHFZEhL2ysrCbl7TFwHJ2wjHAkEA9ZLqvVPP4RLl78lt/OjLRliGDCeWkw5samzeveIsiaeWItsHzcGqipVw1zCaRRlY/hPs4uHSY0hWWV1+SGr2MQJAcgNdLnU4GovsdDXhAUQOwPUS/pUw/B1IMKnlYUqu2xM7q7Ly8bEg4UjwneY3AWvy3Urc8bRMNeBU/wMKbpvO6QJAVUuZQvdYbdmtidLR5BVLfXyD2rbpYtyQpYp490UWqR1PVX30QPAydv4e+m9ENhnuwhlTnx5Gf/uBGnsRwL9+EQJAcB6ptBg0drWmnpDC3HhFUSWaBVp6BAZic/YeC95pwynlcKScCTI+IY+wXKWRQwcqb2K+STaX4vhsTDLxDZaJAw==
+-----END PRIVATE KEY-----' |base64
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/0.communicate-center-base.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/0.communicate-center-base.yaml
new file mode 100644
index 0000000..43fd037
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/0.communicate-center-base.yaml
@@ -0,0 +1,17 @@
+# communicate-center-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: communicate-center-test
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/1.communicate-center-env.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/1.communicate-center-env.yaml
new file mode 100644
index 0000000..916e977
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/1.communicate-center-env.yaml
@@ -0,0 +1,27 @@
+# communicate-center-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: communicate-center-test
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: communicate-center-test
+  name: datasource-env-secret
+type: Opaque
+data:
+  # jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/communicate_center?serverTimezone=Asia/Shanghai
+  JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvY29tbXVuaWNhdGVfY2VudGVyP3NlcnZlclRpbWV6b25lPUFzaWEvU2hhbmdoYWk=
+  # communicate_center
+  JDBC_USERNAME: Y29tbXVuaWNhdGVfY2VudGVy
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # Nwpu@Supwisdom123
+  JDBC_PASSWORD: TndwdUBTdXB3aXNkb20xMjM=
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/2.communicate-center-ingresses.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/2.communicate-center-ingresses.yaml
new file mode 100644
index 0000000..13c6006
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/2.communicate-center-ingresses.yaml
@@ -0,0 +1,19 @@
+# communicate-center-ingresses.yaml
+
+# ææ¶ä¸ä½¿ç¨ï¼ç´æ¥ä½¿ç¨åé¨å°å
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+#   namespace: communicate-center-test
+#   name: communicate-center-api-ingress
+# spec:
+#   rules:
+#   # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+#   - host: communicate-center-api.paas.xxx.edu.cn
+#     http:
+#       paths:
+#       - path: /
+#         backend:
+#           serviceName: communicate-center-poa-svc
+#           servicePort: http
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/4.0.communicate-center-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/4.0.communicate-center-installer.yaml
new file mode 100644
index 0000000..017e5ae
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/4.0.communicate-center-installer.yaml
@@ -0,0 +1,46 @@
+# communicate-center-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: communicate-center-test
+  name: communicate-center-installer-env
+data:
+  DB_TYPE: mysql8
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: communicate-center-test
+  name: communicate-center-installer
+spec:
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: communicate-center-installer
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: communicate-center-installer
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/communicate-center/communicate-center-installer:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: communicate-center-installer-env
+        resources:
+          requests:
+            memory: "256Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/4.1.communicate-center-poa.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/4.1.communicate-center-poa.yaml
new file mode 100644
index 0000000..b31bb78
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/8.communicate-center/4.1.communicate-center-poa.yaml
@@ -0,0 +1,111 @@
+# communicate-center-poa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: communicate-center-test
+  name: communicate-center-poa-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+
+  USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
+  USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  # è¥é¡»å¯¹æ¥é®ä»¶æå¡ï¼é¡»æä¾ SMTP å¸å·
+  TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/mail/console
+  # è¥é¡»å¯¹æ¥sms æ¥å£ï¼é¡»è¿è¡äºå¼å®å¶
+  TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/sms/console
+  
+  TPAS_CLIENT_AUTH_ENABLED: "false"
+  #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+  #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: communicate-center-test
+  name: communicate-center-poa-svc
+  labels:
+    app: communicate-center-poa
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: communicate-center-poa
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: communicate-center-test
+  name: communicate-center-poa
+spec:
+  selector:
+    matchLabels:
+      app: communicate-center-poa
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: communicate-center-poa
+    spec:
+      containers:
+      - name: communicate-center-poa
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/communicate-center/communicate-center-poa:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: communicate-center-poa-env
+        resources:
+          requests:
+            memory: "512Mi"
+          limits:
+            memory: "512Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/9.jobs-server/0.jobs-server-base.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/9.jobs-server/0.jobs-server-base.yaml
new file mode 100644
index 0000000..5dc3dda
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/9.jobs-server/0.jobs-server-base.yaml
@@ -0,0 +1,88 @@
+# jobs-server-base.yaml
+
+####################################################
+# harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: jobs-server-test
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+
+####################################################
+# rabbitmq-server
+####################################################
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: jobs-server-test
+  name: rabbitmq-server
+  labels:
+    app: rabbitmq
+    release: rabbitmq-server
+type: Opaque
+data:
+  RABBITMQ_USERNAME: Z3Vlc3Q=
+  RABBITMQ_PASSWORD: Z3Vlc3Q=
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: jobs-server-test
+  name: rabbitmq-server
+  labels:
+    app: rabbitmq-server
+spec:
+  ports:
+    - port: 5672
+      targetPort: tcp-1
+      protocol: TCP
+      name: tcp-1
+    - port: 15672
+      targetPort: tcp-2
+      protocol: TCP
+      name: tcp-2
+  selector:
+    app: rabbitmq-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: jobs-server-test
+  name: rabbitmq-server
+spec:
+  selector:
+    matchLabels:
+      app: rabbitmq-server
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: rabbitmq-server
+      annotations:
+        sidecar.istio.io/inject: "false"
+    spec:
+      containers:
+      - name: rabbitmq-server
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: rabbitmq:management
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹ ä¸º Always
+        imagePullPolicy: IfNotPresent
+        # imagePullPolicy: Always
+        ports:
+        - containerPort: 5672
+          name: tcp-1
+        - containerPort: 15672
+          name: tcp-2
+      # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·å¢å ä»¥ä¸éç½®ï¼åæ¶æ³¨éå³å¯ï¼
+      # imagePullSecrets:
+      #   - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/9.jobs-server/1.jobs-server-env.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/9.jobs-server/1.jobs-server-env.yaml
new file mode 100644
index 0000000..8a292a7
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/9.jobs-server/1.jobs-server-env.yaml
@@ -0,0 +1,23 @@
+# 1.jobs-server-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: jobs-server-test
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: jobs-server-test
+  name: rabbitmq-env-secret
+type: Opaque
+data:
+  SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVy
+  SPRING_RABBITMQ_PORT: NTY3Mg==
+  SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
+  SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/9.jobs-server/4.1.jobs-server.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/9.jobs-server/4.1.jobs-server.yaml
new file mode 100644
index 0000000..8962a42
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/9.jobs-server/4.1.jobs-server.yaml
@@ -0,0 +1,191 @@
+# 4.1.jobs-server.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: jobs-server-test
+  name: jobs-server-env
+data:
+  LOGGING_LEVEL_COM_SUPWISDOM_INSITITUTE_JOBS_SERVER: INFO
+
+
+---
+# ç»ç»æºææ°æ®ï¼å®æ¶è§¦å OrganizationTrans2UserSvcJob
+# éç¨äºç±äº¤æ¢åæ­¥å°è½¬æ¢è¡¨çåºæ¯
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: jobs-server-test
+  name: jobs-server-organizationtriggertransjob-env
+data:
+  ORGANIZATIONTRIGGERTRANSJOB_ENABLED: "false"
+  # cron å fixedDelay åªè½ äºéä¸ï¼éç½®ä¸ä¸ªå³å¯
+  # 0 0 2 * * *
+  ORGANIZATIONTRIGGERTRANSJOB_SCHEDULED_CRON: ""
+  # 120 ç§
+  ORGANIZATIONTRIGGERTRANSJOB_SCHEDULED_FIXED_DELAY: "1200000"
+  ORGANIZATIONTRIGGERTRANSJOB_WRITER_DATASOURCE_JDBC_URL: "jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai"
+  ORGANIZATIONTRIGGERTRANSJOB_WRITER_DATASOURCE_USERNAME: "user"
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç 
+  ORGANIZATIONTRIGGERTRANSJOB_WRITER_DATASOURCE_PASSWORD: "Nwpu@Supwisdom123"
+
+
+---
+# ç»ç»æºææ°æ®ï¼ä¸´æ¶è¡¨ - æ­£å¼
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: jobs-server-test
+  name: jobs-server-organizationtrans2usersvcjob-env
+data:
+  ORGANIZATIONTRANS2USERSVCJOB_ENABLED: "false"
+  ORGANIZATIONTRANS2USERSVCJOB_PAGE_SIZE: "1000"
+  ORGANIZATIONTRANS2USERSVCJOB_READER_DATASOURCE_JDBC_URL: "jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai"
+  ORGANIZATIONTRANS2USERSVCJOB_READER_DATASOURCE_USERNAME: "user"
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç 
+  ORGANIZATIONTRANS2USERSVCJOB_READER_DATASOURCE_PASSWORD: "Nwpu@Supwisdom123"
+  
+  ORGANIZATIONTRANS2USERSVCJOB_WRITE_USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
+
+
+---
+# å¸å·æ°æ®ï¼å®æ¶è§¦å AccountTrans2UserSvcJob
+# éç¨äºç±äº¤æ¢åæ­¥å°è½¬æ¢è¡¨çåºæ¯
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: jobs-server-test
+  name: jobs-server-accounttriggertransjob-env
+data:
+  ACCOUNTTRIGGERTRANSJOB_ENABLED: "false"
+  # cron å fixedDelay åªè½ äºéä¸ï¼éç½®ä¸ä¸ªå³å¯
+  # 0 0 2 * * *
+  ACCOUNTTRIGGERTRANSJOB_SCHEDULED_CRON: ""
+  # 120 ç§
+  ACCOUNTTRIGGERTRANSJOB_SCHEDULED_FIXED_DELAY: "1200000"
+  ACCOUNTTRIGGERTRANSJOB_WRITER_DATASOURCE_JDBC_URL: "jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai"
+  ACCOUNTTRIGGERTRANSJOB_WRITER_DATASOURCE_USERNAME: "user"
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç 
+  ACCOUNTTRIGGERTRANSJOB_WRITER_DATASOURCE_PASSWORD: "Nwpu@Supwisdom123"
+
+
+---
+# å¸å·æ°æ®ï¼ä¸´æ¶è¡¨ - æ­£å¼
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: jobs-server-test
+  name: jobs-server-accounttrans2usersvcjob-env
+data:
+  ACCOUNTTRANS2USERSVCJOB_ENABLED: "false"
+  ACCOUNTTRANS2USERSVCJOB_PAGE_SIZE: "1000"
+  ACCOUNTTRANS2USERSVCJOB_READER_DATASOURCE_JDBC_URL: "jdbc:mysql://mysql-server.authx-service-test.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai"
+  ACCOUNTTRANS2USERSVCJOB_READER_DATASOURCE_USERNAME: "user"
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç 
+  ACCOUNTTRANS2USERSVCJOB_READER_DATASOURCE_PASSWORD: "Nwpu@Supwisdom123"
+
+  ACCOUNTTRANS2USERSVCJOB_WRITE_USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
+
+
+
+## é¡»ç¡®ä¿ ç¨æ·æå¡ å°åæ´æ°æ®æ¨éå° rabbit mq ä¸­
+
+---
+# å¸å·ï¼ç¨æ·æå¡ - jobs
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: jobs-server-test
+  name: jobs-server-accountusersvc2jobsrabbitreceiver-env
+data:
+  ACCOUNTUSERSVC2JOBSRABBITRECEIVER_ENABLED: "false"
+  ACCOUNTUSERSVC2JOBSRABBITRECEIVER_TRIGGER_EVENTS: ""
+  # jobs2NwpuOpenldapEventJob
+
+---
+# ç»ç»æºæï¼ç¨æ·æå¡ - jobs
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: jobs-server-test
+  name: jobs-server-organizationusersvc2jobsrabbitreceiver-env
+data:
+  ORGANIZATIONUSERSVC2JOBSRABBITRECEIVER_ENABLED: "false"
+  ORGANIZATIONUSERSVC2JOBSRABBITRECEIVER_TRIGGER_EVENTS: ""
+  # jobs2NwpuOpenldapEventJob
+
+---
+# ç¨æ·ç»ï¼ç¨æ·æå¡ - jobs
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: jobs-server-test
+  name: jobs-server-groupusersvc2jobsrabbitreceiver-env
+data:
+  GROUPUSERSVC2JOBSRABBITRECEIVER_ENABLED: "false"
+  GROUPUSERSVC2JOBSRABBITRECEIVER_TRIGGER_EVENTS: ""
+  # jobs2NwpuOpenldapEventJob
+
+
+---
+# Openldapåæ­¥ï¼jobs - openldap
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: jobs-server-test
+  name: jobs-server-jobs2openldapeventjob-env
+data:
+  JOBS_2_OPENLDAP_EVENT_JOB_ENABLED: "false"
+  JOBS_2_OPENLDAP_EVENT_JOB_OPENLDAP_LDAP_PROVIDER_URL: ldap://10.40.8.96:389/
+  JOBS_2_OPENLDAP_EVENT_JOB_OPENLDAP_LDAP_SECURITY_PRINCIPAL: cn=root,dc=nwpu,dc=edu,dc=cn
+  JOBS_2_OPENLDAP_EVENT_JOB_OPENLDAP_LDAP_SECURITY_CREDENTIALS: kingstar
+
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: jobs-server-test
+  name: jobs-server
+spec:
+  selector:
+    matchLabels:
+      app: jobs-server
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: jobs-server
+    spec:
+      containers:
+      - name: jobs-server
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/jobs-server/jobs-server:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: rabbitmq-env-secret
+        - configMapRef:
+            name: jobs-server-env
+        - configMapRef:
+            name: jobs-server-organizationtriggertransjob-env
+        - configMapRef:
+            name: jobs-server-organizationtrans2usersvcjob-env
+        - configMapRef:
+            name: jobs-server-accounttriggertransjob-env
+        - configMapRef:
+            name: jobs-server-accounttrans2usersvcjob-env
+        resources:
+          requests:
+            memory: "1000Mi"
+          limits:
+            memory: "1000Mi"
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/10.0.init.sql b/project/newcapec-test/k8s-rancher/6.admin-platform/10.0.init.sql
new file mode 100644
index 0000000..579d3db
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/10.0.init.sql
@@ -0,0 +1,73 @@
+-- 10.1.init.sql
+
+/*
+å° paas.example.com æ¿æ¢ä¸º paas.å­¦æ ¡åå.edu.cn
+*/
+
+
+use cas_server;
+
+-- æ´æ° æå¡ admin-center çä¿¡æ¯
+
+update TB_SERVICE 
+set 
+  INFORMATION_URL='http://admin-center.paas.example.com', 
+  LOGOUT_URL='http://admin-center.paas.example.com/cas/slo',
+  SERVICE_ID='http://admin-center.paas.example.com/cas/(.*)'
+where ID='1';  -- todo, modify
+
+-- æ´æ° æå¡ personal-security-center çä¿¡æ¯
+
+update TB_SERVICE 
+set 
+  INFORMATION_URL='http://personal-security-center.paas.example.com', 
+  LOGOUT_URL='http://personal-security-center.paas.example.com/cas/slo',
+  SERVICE_ID='http://personal-security-center.paas.example.com/cas/(.*)'
+where ID='2';  -- todo, modify
+
+commit;
+
+
+use user_authz;
+
+-- æ´æ° admin-center ä¸çè§è²åæ­¥å°å
+
+update TB_APPLICATION
+set
+  SYNC_URL='http://admin-center.paas.example.com/api/v1/open/sync/roles'
+where ID='1';  -- todo, modify
+
+commit;
+
+
+use admin_center;
+
+-- æ´æ° admin-management ä¸èåçè®¿é®å
+
+update TB_MGT_PERMISSION
+set 
+  ORIGIN='http://admin-management.paas.example.com'
+where APPLICATION_ID='00000'
+;
+
+commit;
+
+
+-- æ´æ° admin-platform ä¸èåçè®¿é®å
+
+update TB_MGT_PERMISSION
+set 
+  ORIGIN='http://admin-platform.paas.example.com'
+where APPLICATION_ID='1'
+;
+
+commit;
+
+/*
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) 
+values ('23', 0, 'user-biz', 'ç¨æ·æå¡ - ä¸å¡æ¥å£', '1', '/api/v1/user/biz', 'http://localhost:8023/api/v1/biz', 1);
+
+update TB_MGT_ROUTE set URL='http://user-data-service-biz-svc.user-data-service.svc.cluster.local:8080/api/v1/biz' where ID='23';
+
+commit;
+*/
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/10.1.init-flow.sql b/project/newcapec-test/k8s-rancher/6.admin-platform/10.1.init-flow.sql
new file mode 100644
index 0000000..019bfb5
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/10.1.init-flow.sql
@@ -0,0 +1,96 @@
+-- 10.1.init.sql
+
+/*
+å° paas.example.com æ¿æ¢ä¸º paas.å­¦æ ¡åå.edu.cn
+*/
+
+-- ä»¥ä¸èæ¬ä¸ºå¯éæä½
+
+/*
+ * è¥é¨ç½²äºæµç¨å¹³å°ãé¨æ·çäº§å
+ * å¯åå§åäºå¹³å°ä¸çç¸å³èåæ°æ®
+ */
+
+use admin_center;
+
+-- flow
+-- å¦æé¨ç½²ï¼æµç¨å¹³å°ï¼è¯·å¤ç
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) 
+values ('50', 0, 'flow-api', 'ç®¡çé¨æ· - æµç¨æ¥å£', '1', '/api/v1/flow-release', 'http://formflow-formflow-svc.formflow.svc.cluster.local:8080/formflow', 1);
+
+commit;
+
+/*
+update TB_MGT_ROUTE 
+set 
+  URL='http://formflow.paas.example.com' 
+where ID='50';  -- todo, modify
+
+commit;
+*/
+
+insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS) 
+values ('50', 0, 'flow-admin', 'æµç¨è¡¨åç®¡çå', '', '1');
+insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS) 
+values ('51', 0, 'flow-biz', 'æµç¨æä½å', 'ä¸å¡ãåºç¨ç»ãåºç¨ç¸å³ç®¡ççæä½äººå', '1');
+
+commit;
+
+
+update TB_MGT_PERMISSION
+  set LFT = LFT+10
+where LFT>=82
+;
+
+update TB_MGT_PERMISSION
+  set RGT = RGT+10
+where RGT>=82
+;
+
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('50000', 0, 'formflow-manager', 'æµç¨ç®¡ç', '1', '2', '', '/', '1', '1', 50000, 1, 82, 91);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('50100', 0, 'formflow', 'æµç¨è¡¨å', '1', '2', 'su-icon-liuchengbiaodan', '/formflow', '1', '50000', 50100, 2, 83, 84);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('50200', 0, 'workbench', 'å·¥ä½å°', '1', '2', 'su-icon-gongzuotai', '/formflow/workbench', '1', '50000', 50200, 2, 85, 86);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('50300', 0, 'instanceManage', 'å®ä¾ç®¡ç', '1', '2', 'su-icon-shiliguanli', '/formflow/instanceManage', '1', '50000', 50300, 2, 87, 88);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('50400', 0, 'agent', 'ä»£çä»£å', '0', '2', 'su-icon-dailidaiban', '/formflow/agent', '1', '50000', 50400, 2, 89, 90);
+
+commit;
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) 
+
+select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID 
+from TB_MGT_PERMISSION
+where (ID like '5____' or ID='1')
+  and CONCAT('1_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
+;
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) 
+
+select CONCAT('50_', ID) as ID, 0 as DELETED, '50' as ROLE_ID, ID as PERMISSION_ID 
+from TB_MGT_PERMISSION
+where (ID like '5____' or ID='1')
+  and CONCAT('50_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
+;
+
+commit;
+
+
+-- æ´æ° admin-platform ä¸èåçè®¿é®å
+
+update TB_MGT_PERMISSION
+set 
+  ORIGIN='http://admin-platform.paas.example.com'
+where LFT >= 82
+  and RGT <= 91
+;
+
+commit;
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/10.1.init-message.sql b/project/newcapec-test/k8s-rancher/6.admin-platform/10.1.init-message.sql
new file mode 100644
index 0000000..1a03689
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/10.1.init-message.sql
@@ -0,0 +1,105 @@
+-- 10.1.init-message.sql
+
+
+/*
+å° paas.example.com æ¿æ¢ä¸º paas.å­¦æ ¡åå.edu.cn
+*/
+
+-- ä»¥ä¸èæ¬ä¸ºå¯éæä½
+
+/*
+ * è¥é¨ç½²äºæµç¨å¹³å°ãé¨æ·çäº§å
+ * å¯åå§åäºå¹³å°ä¸çç¸å³èåæ°æ®
+ */
+
+use admin_center;
+
+-- message
+-- å¦æé¨ç½²ï¼æµç¨å¹³å°ï¼è¯·å¤ç
+
+
+insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS) 
+values ('80', 0, 'message-admin', 'æ¶æ¯å¹³å°ç®¡çå', '', '1');
+insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS) 
+values ('81', 0, 'message-opt', 'æ¶æ¯å¹³å°æä½å', '', '1');
+
+commit;
+
+
+/*
+æ¶æ¯æå¡ message-backstage
+åç§°  è·¯ç±  å¾æ 
+æ¶æ¯ç½å³ç®¡ç  /message-backstage/msgGateWay su-icon-xiaoxiwangguan
+ç­ä¿¡æ¨¡æ¿ç®¡ç  /message-backstage/SMSTemplateManage  su-icon-mobanguanli
+æ¶æ¯ç±»å«ç®¡ç  /message-backstage/msgTypes su-icon-xiaoxileibie
+æ¶æ¯ä»»å¡çæ§  /message-backstage/msgTaskMonitor su-icon-renwujiankong
+æ¶æ¯æ¥å¿å®¡è®¡  /message-backstage/msgLogAudit  su-icon-details
+åºç¨ç®¡ç  /message-backstage/msgSoftManage  su-icon-sort
+ææè¯ç®¡ç /message-backstage/SensitiveWords su-icon-lock-w
+è®¾ç½®  /message-backstage/msgSendCondition su-icon-print
+*/
+
+update TB_MGT_PERMISSION
+  set LFT = LFT+18
+where LFT>=92
+;
+
+update TB_MGT_PERMISSION
+  set RGT = RGT+18
+where RGT>=92
+;
+
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('80000', 0, 'message-backstage', 'æ¶æ¯æå¡', '1', '2', '', '/', '1', '1', 80000, 1, 92, 109);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('80100', 0, 'formflow', 'æ¶æ¯ç½å³ç®¡ç', '1', '2', 'su-icon-xiaoxiwangguan', '/message-backstage/msgGateWay', '1', '80000', 80100, 2, 93, 94);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('80200', 0, 'workbench', 'ç­ä¿¡æ¨¡æ¿ç®¡ç', '1', '2', 'su-icon-mobanguanli', '/message-backstage/SMSTemplateManage', '1', '80000', 80200, 2, 95, 96);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('80300', 0, 'instanceManage', 'æ¶æ¯ç±»å«ç®¡ç', '1', '2', 'su-icon-xiaoxileibie', '/message-backstage/msgTypes', '1', '80000', 80300, 2, 97, 98);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('80400', 0, 'agent', 'æ¶æ¯ä»»å¡çæ§', '1', '2', 'su-icon-renwujiankong', '/message-backstage/msgTaskMonitor', '1', '80000', 80400, 2, 99, 100);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('80500', 0, 'agent', 'æ¶æ¯æ¥å¿å®¡è®¡', '1', '2', 'su-icon-details', '/message-backstage/msgLogAudit', '1', '80000', 80500, 2, 101, 102);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('80600', 0, 'agent', 'åºç¨ç®¡ç', '1', '2', 'su-icon-sort', '/message-backstage/msgSoftManage', '1', '80000', 80600, 2, 103, 104);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('80700', 0, 'agent', 'ææè¯ç®¡ç', '1', '2', 'su-icon-lock-w', '/message-backstage/SensitiveWords', '1', '80000', 80700, 2, 105, 106);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('80800', 0, 'agent', 'è®¾ç½®', '1', '2', 'su-icon-print', '/message-backstage/msgSendCondition', '1', '80000', 80800, 2, 107, 108);
+
+commit;
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) 
+
+select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID 
+from TB_MGT_PERMISSION
+where (ID like '8____' or ID='1')
+  and CONCAT('1_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
+;
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) 
+
+select CONCAT('80_', ID) as ID, 0 as DELETED, '50' as ROLE_ID, ID as PERMISSION_ID 
+from TB_MGT_PERMISSION
+where (ID like '8____' or ID='1')
+  and CONCAT('80_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
+;
+
+commit;
+
+
+-- æ´æ° admin-platform ä¸èåçè®¿é®å
+
+update TB_MGT_PERMISSION
+set 
+  ORIGIN='http://admin-platform.paas.example.com'
+where LFT >= 92
+  and RGT <= 109
+;
+
+commit;
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/10.1.init-portal.sql b/project/newcapec-test/k8s-rancher/6.admin-platform/10.1.init-portal.sql
new file mode 100644
index 0000000..d7357e6
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/10.1.init-portal.sql
@@ -0,0 +1,287 @@
+-- 10.1.init.sql
+
+/*
+å° paas.example.com æ¿æ¢ä¸º paas.å­¦æ ¡åå.edu.cn
+*/
+
+-- ä»¥ä¸èæ¬ä¸ºå¯éæä½
+
+/*
+ * è¥é¨ç½²äºæµç¨å¹³å°ãé¨æ·çäº§å
+ * å¯åå§åäºå¹³å°ä¸çç¸å³èåæ°æ®
+ */
+
+use admin_center;
+
+-- portal
+-- å¦æé¨ç½²ï¼é¨æ·V5ï¼è¯·å¤ç
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) 
+values ('60', 0, 'portal-api', 'ç®¡çé¨æ· - é¨æ·æ¥å£', '1', '/api/v1/portal', 'http://ecampus.paas.example.com/', 1);
+
+commit;
+
+
+update TB_MGT_ROUTE 
+set 
+  URL='http://ecampus.paas.example.com' 
+where ID='60';  -- todo, modify
+
+commit;
+/*
+http://portal-web.portal.svc.cluster.local:8080/portal-web/api
+*/
+
+
+insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS) 
+values ('60', 0, 'portal-admin', 'é¨æ·ç®¡çå', '', '1');
+
+commit;
+
+
+/*
+update TB_MGT_PERMISSION
+  set LFT = LFT+10
+where LFT>=89
+;
+
+update TB_MGT_PERMISSION
+  set RGT = RGT+10
+where RGT>=89
+;
+*/
+
+
+/*
+é¨æ·ç®¡ç
+  webç«¯ç®¡ç
+    ç³»ç»ç®¡ç
+    ç»ä»¶æ¨¡æ¿
+    ä¸»é¢ç®¡ç
+    ä¸»é¢æ¹æ¡
+  ææç®¡ç
+    è§è²ç®¡ç
+  æå¡ç®¡ç
+    æå¡ç®¡ç
+    æå¡è¯ä»·ç®¡ç
+    æ ç­¾åç±»ç®¡ç
+  CMSç®¡ç
+    å¹»ç¯çç®¡ç
+    æ ç®ç®¡ç
+    åå®¹ç®¡ç
+    æµç¨ç®¡ç
+    æ¨¡æ¿ç®¡ç
+    æ»å¨å¬åç®¡ç
+  æ¶æ¯ç®¡ç
+    ç¬¬ä¸æ¹æ¶æ¯åéè®¾ç½®
+    æ¶æ¯ç±»åç®¡ç
+    æ¶æ¯åéè¯¦æ
+*/
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('60', 0, 'portal-manage', 'é¨æ·ç®¡ç', '1', '1', 'el-icon-s-help', '/', 
+  '60', '0', 60, 1, 93, 136);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6010000', 0, 'web', 'webç«¯ç®¡ç', 
+  '1', '2', null, null, 
+  '60', '60', 6010000, 1, 94, 105);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6010001', 0, 'web-systemManager', 'ç³»ç»ç®¡ç', 
+  '1', '2', 'su-icon-xitongguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/systemManager/view.html', 
+  '60', '6010000', 6010001, 2, 95, 96);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6010002', 0, 'web-widgetTemplate', 'ç»ä»¶æ¨¡æ¿', 
+  '1', '2', 'su-icon-zujianmoban', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/widgetTemplate/view.html', 
+  '60', '6010000', 6010002, 2, 97, 98);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6010003', 0, 'web-themeManager', 'ä¸»é¢ç®¡ç', 
+  '1', '2', 'su-icon-hutiguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/themeManager/view.html', 
+  '60', '6010000', 6010003, 2, 99, 100);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6010004', 0, 'web-themeScheme', 'ä¸»é¢æ¹æ¡', 
+  '1', '2', 'su-icon-zhutifangan', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/themeScheme/view.html', 
+  '60', '6010000', 6010004, 2, 101, 102);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6010005', 0, 'web-oauthManager', 'oauthç®¡ç', 
+  '1', '2', 'su-icon-authguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/oauthManager/view.html', 
+  '60', '6010000', 6010005, 2, 103, 104);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6020000', 0, 'auth', 'ææç®¡ç', 
+  '1', '2', null, null, 
+  '60', '60', 6020000, 1, 106, 109);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6020003', 0, 'auth-roleManager', 'è§è²ç®¡ç', 
+  '1', '2', 'su-icon-jiaoseguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#auth/roleManager/view.html', 
+  '60', '6020000', 6020003, 2, 107, 108);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6030000', 0, 'service', 'æå¡ç®¡ç', 
+  '1', '2', null, null, 
+  '60', '60', 6030000, 1, 110, 117);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6030001', 0, 'service-appservice', 'æå¡ç®¡ç', 
+  '1', '2', 'su-icon-fuwuguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/appservice/tabs.html', 
+  '60', '6030000', 6030001, 2, 111, 112);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6030002', 0, 'service-evaluate', 'æå¡è¯ä»·ç®¡ç', 
+  '1', '2', 'su-icon-fuwupingjiaguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/evaluate/form.html', 
+  '60', '6030000', 6030002, 2, 113, 114);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6030003', 0, 'service-tagging', 'æ ç­¾åç±»ç®¡ç', 
+  '1', '2', 'su-icon-biaoqianfenleiguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/tagging/form.html', 
+  '60', '6030000', 6030003, 2, 115, 116);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6040000', 0, 'cms', 'CMSç®¡ç', 
+  '1', '2', null, null, 
+  '60', '60', 6040000, 1, 118, 131);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6040001', 0, 'cms-slide', 'å¹»ç¯çç®¡ç', 
+  '1', '2', 'su-icon-huandengpianguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/slide/list.html', 
+  '60', '6040000', 6040001, 2, 119, 120);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6040002', 0, 'cms-column', 'æ ç®ç®¡ç', 
+  '1', '2', 'su-icon-lanmuguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/column/list.html', 
+  '60', '6040000', 6040002, 2, 121, 122);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6040003', 0, 'cms-content', 'åå®¹ç®¡ç', 
+  '1', '2', 'su-icon-neirongguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/content/list-manage.html', 
+  '60', '6040000', 6040003, 2, 123, 124);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6040004', 0, 'cms-flow', 'æµç¨ç®¡ç', 
+  '1', '2', 'su-icon-liuchengguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/flow/list.html', 
+  '60', '6040000', 6040004, 2, 125, 126);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6040005', 0, 'cms-template', 'æ¨¡æ¿ç®¡ç', 
+  '1', '2', 'su-icon-mobanguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/template/list.html', 
+  '60', '6040000', 6040005, 2, 127, 128);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6040006', 0, 'cms-notice', 'æ»å¨å¬åç®¡ç', 
+  '1', '2', 'su-icon-gundonggonggaoguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/notice/list.html', 
+  '60', '6040000', 6040006, 2, 129, 130);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6050000', 0, 'message', 'æ¶æ¯ç®¡ç', 
+  '1', '2', null, null, 
+  '60', '60', 6050000, 1, 132, 139);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6050001', 0, 'message-sendsetting', 'ç¬¬ä¸æ¹æ¶æ¯åéè®¾ç½®', 
+  '1', '2', 'su-icon-disanfangxiaoxifasongshezhi', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/sendsetting/tabs.html', 
+  '60', '6050000', 6050001, 2, 133, 134);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6050002', 0, 'message-type', 'æ¶æ¯ç±»åç®¡ç', 
+  '1', '2', 'su-icon-xiaoxileixingguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/type/form.html', 
+  '60', '6050000', 6050002, 2, 135, 136);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, 
+  STATUS, TYPE_, ICON, URL, 
+  APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) 
+values ('6050003', 0, 'message-log', 'æ¶æ¯åéè¯¦æ', 
+  '1', '2', 'su-icon-xiaoxifasongxiangqing', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/sendlog/list.html', 
+  '60', '6050000', 6050003, 2, 137, 138);
+
+
+commit;
+
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) 
+
+select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID 
+from TB_MGT_PERMISSION
+where ID like '60_____' or ID='60'
+;
+
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) 
+
+select CONCAT('60_', ID) as ID, 0 as DELETED, '60' as ROLE_ID, ID as PERMISSION_ID 
+from TB_MGT_PERMISSION
+where ID like '60_____' or ID='60' or ID='1'
+;
+
+commit;
+
+
+/* æ´æ° TB_MGT_PERMISSION ç ORIGIN */
+/*
+select * 
+from TB_MGT_PERMISSION
+where LFT >= (select LFT from TB_MGT_PERMISSION where ID='1')
+  and RGT <= (select RGT from TB_MGT_PERMISSION where ID='1')
+;
+*/
+
+update TB_MGT_PERMISSION
+set 
+  ORIGIN='http://ecampus.paas.example.com'
+where APPLICATION_ID = '60'
+;
+
+commit;
+
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/0.admin-center-base.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/0.admin-center-base.yaml
new file mode 100644
index 0000000..9aeb1f2
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/0.admin-center-base.yaml
@@ -0,0 +1,188 @@
+# admin-center-base.yaml
+
+# å¨ rancher ä¸­ å½åç©ºé´ é¡»æå¨åå»º
+
+####################################################
+# namespace
+####################################################
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: admin-center
+  # labels:
+  #   istio-injection: enabled
+
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: admin-center
+  name: harbor-registry
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+
+####################################################
+# mysql-server
+####################################################
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: admin-center
+  name: mysql-server
+spec:
+  ports:
+  - name: tcp-mysql
+    port: 3306
+    protocol: TCP
+    targetPort: 3306
+---
+kind: Endpoints
+apiVersion: v1
+metadata:
+  namespace: admin-center
+  name: mysql-server
+subsets:
+  - addresses:
+      # ä¿®æ¹å®éMySQLæå¡å¨çIPå°å
+      - ip: 172.30.104.82
+    ports:
+      - name: tcp-mysql
+        port: 3306
+        protocol: TCP
+
+
+####################################################
+# redis-server
+####################################################
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: redis
+    release: redis-server
+  name: redis-server
+  namespace: admin-center
+type: Opaque
+data:
+  REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: redis
+    release: redis-server
+  name: redis-server
+  namespace: admin-center
+spec:
+  ports:
+  - name: redis
+    port: 6379
+    protocol: TCP
+    targetPort: redis
+  selector:
+    app: redis
+    release: redis-server
+    role: master
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: redis
+    release: redis-server
+  name: redis-server
+  namespace: admin-center
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: redis
+      release: redis-server
+      role: master
+  serviceName: redis-master
+  template:
+    metadata:
+      labels:
+        app: redis
+        release: redis-server
+        role: master
+    spec:
+      containers:
+      - name: redis-server
+        env:
+        - name: REDIS_DISABLE_COMMANDS
+          value: FLUSHDB,FLUSHALL
+        - name: REDIS_REPLICATION_MODE
+          value: master
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-server
+              key: REDIS_PASSWORD
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: bitnami/redis:4.0
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹ ä¸º Always
+        imagePullPolicy: IfNotPresent
+        # imagePullPolicy: Always
+        livenessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        ports:
+        - containerPort: 6379
+          name: redis
+          protocol: TCP
+        readinessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+        - mountPath: /bitnami/redis/data
+          name: redis-data
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      securityContext:
+        fsGroup: 1001
+        # runAsUser: 1001
+        # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+        runAsUser: 0
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: redis-data
+      # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·å¢å ä»¥ä¸éç½®ï¼åæ¶æ³¨éå³å¯ï¼
+      # imagePullSecrets:
+      #   - name: harbor-registry
+  updateStrategy:
+    rollingUpdate:
+      partition: 0
+    type: RollingUpdate
+
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/1.admin-center-env.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/1.admin-center-env.yaml
new file mode 100644
index 0000000..faaad82
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/1.admin-center-env.yaml
@@ -0,0 +1,39 @@
+# admin-center-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: admin-center
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: admin-center
+  name: datasource-env-secret
+type: Opaque
+data:
+  # jdbc:mysql://mysql-server:3306/admin_center?serverTimezone=Asia/Shanghai
+  JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlcjozMzA2L2FkbWluX2NlbnRlcj9zZXJ2ZXJUaW1lem9uZT1Bc2lhL1NoYW5naGFp
+  # admin_center
+  JDBC_USERNAME: YWRtaW5fY2VudGVy
+  # ä¿®æ¹ä¸ºå®éçæ°æ®åºå¯ç ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # kingstar
+  JDBC_PASSWORD: a2luZ3N0YXI=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: admin-center
+  name: redis-env-secret
+type: Opaque
+data:
+  SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+  SPRING_REDIS_PORT: NjM3OQ==
+  SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/2.admin-center-ingresses.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/2.admin-center-ingresses.yaml
new file mode 100644
index 0000000..ec07477
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/2.admin-center-ingresses.yaml
@@ -0,0 +1,62 @@
+# admin-center-ingresses.yaml
+
+
+# äºå¹³å°ç®¡çåç«¯æ¥å£
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: admin-center
+  name: admin-center-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+spec:
+  rules:
+  # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+  - host: admin-center.paas.xxx.edu.cn
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: admin-center-zuul-svc
+          servicePort: http
+
+
+# äºå¹³å°èåå¼æ¾æ¥å£
+# ææ¶ä¸ä½¿ç¨ï¼ç´æ¥ä½¿ç¨åé¨å°å
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+#   namespace: admin-center
+#   name: admin-center-api-ingress
+# spec:
+#   rules:
+#   # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+#   - host: admin-center-api.paas.xxx.edu.cn
+#     http:
+#       paths:
+#       - path: /
+#         backend:
+#           serviceName: admin-center-poa-svc
+#           servicePort: http
+
+
+# äºå¹³å°ç®¡çåç«¯
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: admin-center
+  name: admin-center-management-ingress
+spec:
+  rules:
+  # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+  - host: admin-management.paas.xxx.edu.cn
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: admin-center-management-svc
+          servicePort: http
+
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml
new file mode 100644
index 0000000..7f456ce
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml
@@ -0,0 +1,47 @@
+# admin-center-sa-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: admin-center
+  name: admin-center-sa-installer-env
+data:
+  DB_TYPE: mysql8
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: admin-center
+  name: admin-center-sa-installer
+spec:
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: admin-center-sa-installer
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: admin-center-sa-installer
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/admin-center/admin-center-sa-installer:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - configMapRef:
+            name: admin-center-sa-installer-env
+        resources:
+          requests:
+            memory: "256Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml
new file mode 100644
index 0000000..1534603
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml
@@ -0,0 +1,117 @@
+# admin-center-poa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: admin-center
+  name: admin-center-poa-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_ADMIN_CENTER_POA: INFO
+
+
+  ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
+  ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
+  #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+  #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+  USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+  USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: admin-center
+  name: admin-center-poa-svc
+  labels:
+    app: admin-center-poa
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: admin-center-poa
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: admin-center
+  name: admin-center-poa
+spec:
+  selector:
+    matchLabels:
+      app: admin-center-poa
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: admin-center-poa
+    spec:
+      containers:
+      - name: admin-center-poa
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/admin-center/admin-center-poa:1.0.2-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: redis-env-secret
+        - configMapRef:
+            name: admin-center-poa-env
+        resources:
+          requests:
+            memory: "400Mi"
+          limits:
+            memory: "400Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml
new file mode 100644
index 0000000..d7c8aee
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml
@@ -0,0 +1,101 @@
+# admin-center-sa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: admin-center
+  name: admin-center-sa-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: admin-center
+  name: admin-center-sa-env-secret
+type: Opaque
+data:
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: admin-center
+  name: admin-center-sa-svc
+  labels:
+    app: admin-center-sa
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: admin-center-sa
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: admin-center
+  name: admin-center-sa
+spec:
+  selector:
+    matchLabels:
+      app: admin-center-sa
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: admin-center-sa
+    spec:
+      containers:
+      - name: admin-center-sa
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/admin-center/admin-center-sa:1.0.0-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - secretRef:
+            name: admin-center-sa-env-secret
+        - configMapRef:
+            name: admin-center-sa-env
+        resources:
+          requests:
+            memory: "400Mi"
+          limits:
+            memory: "400Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml
new file mode 100644
index 0000000..f03a397
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml
@@ -0,0 +1,143 @@
+# admin-center-bff.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: admin-center
+  name: admin-center-bff-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_ADMIN_CENTER_BFF: INFO
+
+
+  ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
+  ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
+  #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+  #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
+  CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+  #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+  USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+  USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  # PERSONAL_SECURITY_CENTER_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
+  # PERSONAL_SECURITY_CENTER_CLIENT_AUTH_ENABLED: "false"
+  #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEY_PASSWORD: ""
+  #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+  TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/db
+  TPAS_CLIENT_AUTH_ENABLED: "false"
+  #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+  #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+  #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+  #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: admin-center
+  name: admin-center-bff-svc
+  labels:
+    app: admin-center-bff
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: admin-center-bff
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: admin-center
+  name: admin-center-bff
+spec:
+  selector:
+    matchLabels:
+      app: admin-center-bff
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: admin-center-bff
+    spec:
+      containers:
+      - name: admin-center-bff
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/admin-center/admin-center-bff:1.0.2-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: redis-env-secret
+        - configMapRef:
+            name: admin-center-bff-env
+        resources:
+          requests:
+            memory: "400Mi"
+          limits:
+            memory: "400Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml
new file mode 100644
index 0000000..71ed6d3
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml
@@ -0,0 +1,170 @@
+# admin-center-zuul.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: admin-center
+  name: admin-center-zuul-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  SERVER_MAXHTTPHEADERSIZE: "10240"
+
+  # SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+  # SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+  # SERVER_TOMCAT_MAX_THREADS: "800"
+  # SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+  # SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+
+
+  ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000"
+  ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000"
+
+  ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000"
+
+
+  INFRAS_SECURITY_BASIC_ENABLED: "false"
+
+  INFRAS_SECURITY_JWT_ENABLED: "true"
+  #INFRAS_SECURITY_JWT_KEY_ALIAS: "supwisdom-jwt-key"
+  #INFRAS_SECURITY_JWT_KEY_PASSWORD: "changeit"
+  #INFRAS_SECURITY_JWT_KEY_STORE: "file:/certs/jwt/jwt.keystore"
+  #INFRAS_SECURITY_JWT_KEY_STORE_PASSWORD: "changeit"
+
+  INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas
+  INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: ""
+  INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey"
+
+
+  INFRAS_SECURITY_CAS_ENABLED: "true"
+  # ä¿®æ¹ä¸ºå­¦æ ¡çadmin-centerçè®¿é®åå
+  APP_SERVER_HOST_URL: "http://admin-center.paas.xxx.edu.cn"
+  #APP_LOGIN_URL: "/cas/login"
+  #APP_LOGOUT_URL: "/cas/logout"
+  # ä¿®æ¹ä¸ºå­¦æ ¡çcasçè®¿é®åå
+  CAS_SERVER_HOST_URL: "http://cas.paas.xxx.edu.cn/cas"
+
+
+  ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
+  #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: ""
+  #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+
+  ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
+  ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
+  #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+  #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+  USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+  USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+  #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: admin-center
+  name: admin-center-zuul-env-secret
+type: Opaque
+data:
+  # åè certs/jwt/readme.md çæå¬ç§é¥pemï¼æ¿æ¢ç¸å³éç½®
+  INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDcWUzYUpRVm1VNWY1VDhIdU1PcEloMjhrZQpNU3hpUkh2NXNNa29iVGd5T3VRaVVYVEJLS3JwUjVNUWFiaERFZG1WSHlVWFowUFRLRHJCYk9rWkVwTVRmbXBHCnBibE5hOHJkS0RRZG5MYVFLNHBkKzN1clJSdDQzYXhISTdQZHdnRmx3ZThybmYvZllVK3lpcWhDaFBjbkdSNXAKUE9hOE4xZFkzQXlwWWhZa2dRSURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==
+  INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFLcDdkb2xCV1pUbC9sUHcKZTR3NmtpSGJ5UjR4TEdKRWUvbXd5U2h0T0RJNjVDSlJkTUVvcXVsSGt4QnB1RU1SMlpVZkpSZG5ROU1vT3NGcwo2UmtTa3hOK2FrYWx1VTFyeXQwb05CMmN0cEFyaWwzN2U2dEZHM2pkckVjanM5M0NBV1hCN3l1ZC85OWhUN0tLCnFFS0U5eWNaSG1rODVydzNWMWpjREtsaUZpU0JBZ01CQUFFQ2dZRUFuNXN2QXBrMzhQclIvR3ZzZndCbXgyUXAKQ2ljblVtaWpXTVIxejI5UmFWVlJOLy9pdXVRRC9wcVB5Skh4ZkhrOXB5cWRZeWUraS9YaDdDeTJuazZSZWVyMAowcG5lbUFJNFpNVnFaWW8rUHFIdU1ZSnRjS1ZpSHRLUElVZFVEaGpleE1iVjhPdXdFRjdDNERsNXhveXV6cUZvClZzRTFlaVNpVERmQWNUcmc4SEVDUVFEYjVrZU5FUUxtMEFPK0I3TDZvUi9URExHODZiaXU1Szc0VEVzMmphM0gKQ0JBa1FLUXJvMWwxS3c2Y1ZKcXlGR09SMEI1ZG9Mc2V2cVNTWVV5KytrZGpBa0VBeG5oUzh5SnF1Z3ordFV2ZApKMW1sSm9UbTFxNjFHNDBzTFhMY1RtU3F1a2dyTDBDMm1ycXJGQUF4MjF2ek83azF0NU44aEZUY1VnR3BMa015CjNiOGp5d0pBWEFBVk1XekxsUHUwaFIyOWdPUkdaMHNwVll0SFRFeTY4NEVmK3B2OTk0WmxFblhFK2NqbTFZR0YKSkZ5MU9Bb1Z1bHlqUjdMR2RzOTJGUlFHUXVSOVZ3SkJBS1JNUlhicS9la3BDczR3a0ZLYi9vQ2xzcWIwR0E5SAp6ZE9ONjF5bUwwTm9yUDlBRmlwKzcxTHVXbGVhaGYvaDhkc1hxQk93WUhjdTBzdnVhelJ3b0FNQ1FRQ05yM0FrCkZ6aUZBZGQvWkFmaFhpSURHemo1dlRCRkpaQ01TR1hXbVBJcTdnWEN0RUM4Y2VvRHhOY0JLRGtxeEQvaGJVcmwKZStmeDdqeE9kUXhwQkF1RQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: admin-center
+  name: admin-center-zuul-svc
+  labels:
+    app: admin-center-zuul
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: admin-center-zuul
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: admin-center
+  name: admin-center-zuul
+spec:
+  selector:
+    matchLabels:
+      app: admin-center-zuul
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: admin-center-zuul
+    spec:
+      containers:
+      - name: admin-center-zuul
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/admin-center/admin-center-zuul:1.0.2-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: redis-env-secret
+        - secretRef:
+            name: admin-center-zuul-env-secret
+        - configMapRef:
+            name: admin-center-zuul-env
+        resources:
+          requests:
+            memory: "400Mi"
+          limits:
+            memory: "400Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-registry
+
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.9.admin-center-management.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.9.admin-center-management.yaml
new file mode 100644
index 0000000..4684a8c
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/4.9.admin-center-management.yaml
@@ -0,0 +1,69 @@
+# 4.9.admin-center-management.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: admin-center
+  name: admin-center-management-env
+data:
+  SCHOOL_NAME: "none"
+  # ä¿®æ¹ä¸ºå­¦æ ¡ç admin-center çè®¿é®åå
+  AUTH_URL: http://admin-center.paas.xxx.edu.cn/jwt/cas
+  # ä¿®æ¹ä¸ºå­¦æ ¡ç admin-center çè®¿é®åå
+  BACKEND_URL: http://admin-center.paas.xxx.edu.cn
+  # ä¿®æ¹ä¸ºå­¦æ ¡ç admin-management çè®¿é®åå
+  SERVER_URL: http://admin-management.paas.xxx.edu.cn
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: admin-center
+  name: admin-center-management-svc
+  labels:
+    app: admin-center-management-svc
+spec:
+  ports:
+  - port: 80
+    targetPort: http
+    protocol: TCP
+    name: http
+  selector:
+    app: admin-center-management
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: admin-center
+  name: admin-center-management
+spec:
+  selector:
+    matchLabels:
+      app: admin-center-management
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: admin-center-management
+    spec:
+      containers:
+      - name: admin-center-management
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/admin-center/admin-center-management:0.0.1-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+          name: http
+        envFrom:
+        - configMapRef:
+            name: admin-center-management-env
+        resources:
+          requests:
+            memory: "128Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/certs/jwt/readme.md b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/certs/jwt/readme.md
new file mode 100644
index 0000000..5ea3539
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/6.admin-center/certs/jwt/readme.md
@@ -0,0 +1,83 @@
+# readme.md
+
+
+## ä½¿ç¨ openssl çæ å¬ç§é¥
+
+
+1. çæç§é¥ App Private Key
+
+å¿é¡»ä¸º RSA2(SHA256)
+
+```bash
+openssl genrsa -out jwt_private_key.pem 1024
+```
+
+2. å°ç§é¥è½¬æ¢ä¸º PKCS8 æ ¼å¼
+
+```bash
+openssl pkcs8 -topk8 -inform PEM -in jwt_private_key.pem -outform PEM -nocrypt -out jwt_private_key_pkcs8.pem
+```
+
+3. å¯¼åºå¬é¥ App Public Key
+
+```bash
+openssl rsa -in jwt_private_key.pem -pubout -out jwt_public_key.pem
+```
+
+4. å° jwt_public_key.pem ä¸­çåå®¹ï¼å»é¤æ¢è¡åç©ºæ ¼ï¼è½¬æå­ç¬¦ä¸²ã
+
+å¤çåï¼
+```language
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI
+2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbB
+XVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3
+FugvRF/6jdTQis2LcQIDAQAB
+-----END PUBLIC KEY-----
+```
+å¤çåï¼
+```language
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbBXVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3FugvRF/6jdTQis2LcQIDAQAB
+-----END PUBLIC KEY-----
+```
+
+4. å° jwt_private_key_pkcs8.pem ä¸­çåå®¹ï¼å»é¤æ¢è¡åç©ºæ ¼ï¼è½¬æå­ç¬¦ä¸²ã
+
+å¤çåï¼
+```language
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTX
+tPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRI
+H9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxE
+mbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7r
+Y0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+
+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH
+04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU
+/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/
+hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vq
+kcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f
+3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxam
+TnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZ
+y7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqR
+hh20uoiJ/Hfky6A=
+-----END PRIVATE KEY-----
+```
+å¤çåï¼
+```language
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTXtPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRIH9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxEmbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7rY0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vqkcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxamTnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZy7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqRhh20uoiJ/Hfky6A=
+-----END PRIVATE KEY-----
+```
+
+
+5. ï¼å¯éï¼å°pemåå®¹è¿è¡ base64 ç¼ç åï¼éç½®å°k8s
+
+echo -n '-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbBXVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3FugvRF/6jdTQis2LcQIDAQAB
+-----END PUBLIC KEY-----' |base64
+
+
+echo -n '-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTXtPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRIH9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxEmbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7rY0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vqkcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxamTnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZy7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqRhh20uoiJ/Hfky6A=
+-----END PRIVATE KEY-----' |base64
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/7.admin-platform/0.admin-platform-base.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/7.admin-platform/0.admin-platform-base.yaml
new file mode 100644
index 0000000..3777c8e
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/7.admin-platform/0.admin-platform-base.yaml
@@ -0,0 +1,29 @@
+# 0.admin-platform-base.yaml
+
+# å¨ rancher ä¸­ å½åç©ºé´ é¡»æå¨åå»º
+
+####################################################
+# namespace
+####################################################
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: admin-platform
+  # labels:
+  #   istio-injection: enabled
+
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  name: harbor-registry
+  namespace: admin-platform
+data:
+  # ä¿®æ¹harborä»åºéç½®ï¼å¹¶ä½¿ç¨ base64 å·¥å·è¿è¡ç¼ç 
+  # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/7.admin-platform/2.admin-platform-ingresses.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/7.admin-platform/2.admin-platform-ingresses.yaml
new file mode 100644
index 0000000..f8c644b
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/7.admin-platform/2.admin-platform-ingresses.yaml
@@ -0,0 +1,36 @@
+# 2.admin-platform-ingresses.yaml
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: admin-platform-ingress
+  namespace: admin-platform
+spec:
+  rules:
+  # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+  - host: admin-platform.paas.xxx.edu.cn
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: admin-platform-svc
+          servicePort: http
+
+
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+#   name: personal-center-ingress
+#   namespace: admin-platform
+# spec:
+#   rules:
+#   # ä¿®æ¹ä¸ºå­¦æ ¡çæ ¹åå
+#   - host: personal-center.paas.supwisdom.com
+#     http:
+#       paths:
+#       - path: /
+#         backend:
+#           serviceName: personal-center-svc
+#           servicePort: http
diff --git a/project/newcapec-test/k8s-rancher/6.admin-platform/7.admin-platform/4.2.admin-platform.yaml b/project/newcapec-test/k8s-rancher/6.admin-platform/7.admin-platform/4.2.admin-platform.yaml
new file mode 100644
index 0000000..c0f91f4
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/6.admin-platform/7.admin-platform/4.2.admin-platform.yaml
@@ -0,0 +1,74 @@
+# 04-2-admin-platform.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: admin-platform
+  name: admin-platform-env
+data:
+  # ä¿®æ¹ä¸ºå­¦æ ¡ç admin-platform çè®¿é®åå
+  LAYOUT_SPA_URL: http://admin-platform.paas.xxx.edu.cn/layout
+  CAS_SERVER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/cas-server
+  USER_SERVER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/user-server
+  AUTH_SERVER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/auth-server
+  ACCOUNT_CENTER_SPA_URL: http://admin-platform.paas.xxx.edu.cn/account-center
+  FORM_FLOW_SPA_URL: http://admin-platform.paas.xxx.edu.cn/form-flow
+
+  SCHOOL_NAME: "none"
+  MAIN_SERVER: http://admin-platform.paas.xxx.edu.cn
+
+  # ä¿®æ¹ä¸ºå­¦æ ¡çè®¿é®åå
+  SERVER_CONFIG: '{"ROOT": "http://admin-platform.paas.xxx.edu.cn/","AUTH": "http://admin-center.paas.xxx.edu.cn/jwt/cas","BASE_BACK_API": "http://admin-center.paas.xxx.edu.cn/","AUTH_PERSONAL": "http://admin-center.paas.xxx.edu.cn/jwt/cas","PERSONAL_CENTER_API": "http://admin-center.paas.xxx.edu.cn/","PERSONAL_CENTER": "http://admin-platform.paas.xxx.edu.cn/personal-center/","AUTH_FORMFLOW": "http://formflow.paas.xxx.edu.cn/release/cas/authen/redirect","FORM_DESIGN": "http://formflow.paas.xxx.edu.cn/form-design","FORM_DESIGN_PORTAL": "http://formflow.paas.xxx.edu.cn/form-design-portal","FORM_FILE": "http://formflow.paas.xxx.edu.cn/form-file","PERSONAL_CENTER_API_L": "http://portal.paas.xxx.edu.cn/portal-web/","PERSONAL_CENTER_IMAGE_API": "http://portal.paas.xxx.edu.cn/resources/",}'
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: admin-platform
+  name: admin-platform-svc
+  labels:
+    app: admin-platform-svc
+spec:
+  ports:
+  - port: 80
+    targetPort: http
+    protocol: TCP
+    name: http
+  selector:
+    app: admin-platform
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: admin-platform
+  name: admin-platform
+spec:
+  selector:
+    matchLabels:
+      app: admin-platform
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: admin-platform
+    spec:
+      containers:
+      - name: admin-platform
+        # è¥ä½¿ç¨äºå­¦æ ¡æ­è®¾çç§æä»åºï¼è¯·ä¿®æ¹
+        image: harbor.supwisdom.com/admin-platform/admin-platform:1.0.0
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+          name: http
+        envFrom:
+        - configMapRef:
+            name: admin-platform-env
+        resources:
+          requests:
+            memory: "128Mi"
+          limits:
+            memory: "256Mi"
+      imagePullSecrets:
+        - name: harbor-registry