From: 刘洪青 <hongqing.liu@supwisdom.com>
Date: Sat, 15 May 2021 13:22:10 +0000 (+0800)
Subject: chore: 基于应用商店的部署文档
X-Git-Url: https://source.supwisdom.com/gerrit/gitweb?a=commitdiff_plain;h=d62e00bf928709ec09ddbd0e478db15153a99458;p=institute%2Fdeploy-authx-service.git

chore: 基于应用商店的部署文档
---

diff --git "a/deploy-manifests/charts/1.2.0000.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214\357\274\210\345\237\272\344\272\216\345\272\224\347\224\250\345\225\206\345\272\227\357\274\211.md" "b/deploy-manifests/charts/1.2.0000.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214\357\274\210\345\237\272\344\272\216\345\272\224\347\224\250\345\225\206\345\272\227\357\274\211.md"
index 3c4def5..5331b46 100644
--- "a/deploy-manifests/charts/1.2.0000.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214\357\274\210\345\237\272\344\272\216\345\272\224\347\224\250\345\225\206\345\272\227\357\274\211.md"
+++ "b/deploy-manifests/charts/1.2.0000.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214\357\274\210\345\237\272\344\272\216\345\272\224\347\224\250\345\225\206\345\272\227\357\274\211.md"
@@ -8,7 +8,7 @@
 
 çæ¬ | ä½è | æ¥æ | å¤æ³¨
 - | - | - | -
-v1 | åæ´ªé | 2020-06-10 | åç¨¿
+v1 | åæ´ªé | 2021-05-15 | åç¨¿
 
 
 [TOC]
@@ -264,7 +264,7 @@ v1 | åæ´ªé | 2020-06-10 | åç¨¿
   v4è®¤è¯è¿ç§»æ°æ® | tmp_data
 
   å½ä»¤ï¼
-  **è¯·ä¿®æ¹å½ä»¤ä¸­ç `your_password` ä¸ºå®éçæ°æ®åºå¸å·çå¯ç **
+  **è¯·ä¿®æ¹å½ä»¤ä¸­ç `your_password` ä¸ºå®éçæ°æ®åºç¨æ·çå¯ç **
   ```
   create user 'agent_service'@'%' identified with mysql_native_password  by 'your_password';
 
@@ -375,34 +375,295 @@ v1 | åæ´ªé | 2020-06-10 | åç¨¿
 
 #### minio
 
-æ¨¡å¼ï¼ standalone
+å½åç©ºé´ï¼ authx-minio
 
-Access Keyï¼ 1y8N@8R@a_2u
-Secret Keyï¼ 8pxlIe9#lN7Q
+* MINIOéç½®
+  æ¨¡å¼ï¼ standalone
 
-ååï¼ authx-minio.paas.xxx.edu.cn
+  Access Keyï¼ `1y8N@8R@a_2u`
+  Secret Keyï¼ `8pxlIe9#lN7Q`
+
+  ååï¼ `authx-minio.paas.xxx.edu.cn` ï¼è¯·ä¿®æ¹ä¸ºå®éçå­¦æ ¡åå
+
+  Default storageClassï¼ <è¯·éæ©å­å¨ç±»>
 
 
 #### agent-service
 
+å½åç©ºé´ï¼ agent-service
+
+* å¤é¨MYSQL-è¿æ¥éç½®
+  å¤é¨MySQL hostï¼ <è¯·å¡«åæ°æ®åºæå¡çIPå°å>
+  å¤é¨MySQL portï¼ <è¯·å¡«åæ°æ®åºæå¡çç«¯å£>
+
+* AGENT SERVICE - MYSQLæ°æ®åºéç½®
+  ç¨æ·åï¼ `agent_service` ï¼åºå®å¼
+  å¯ç ï¼ <è¯·å¡«ååå»ºçæ°æ®åºç¨æ·çå¯ç >
+  æ°æ®åºåï¼ `agent_service` ï¼åºå®å¼
+
+* æä»¶æå¡è®¾ç½®
+  Minio Urlï¼ `http://minio.authx-minio.svc.cluster.local:9000` ï¼è¥ minio çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+  Minio Access Keyï¼ `1y8N@8R@a_2u`
+  Minio Secret Keyï¼ `8pxlIe9#lN7Q`
+
+* é®ç®±æå¡éç½®
+  é®ä»¶åéæ¨¡å¼ï¼ smtp
+  SMTP Hostï¼ 
+  SMTP Portï¼ 
+  SMTP Secure Modeï¼ 
+  SMTP ç¨æ·åï¼ 
+  SMTP å¯ç ï¼ 
+  SMTP åä»¶äººåç§°ï¼ 
 
+* ç­ä¿¡æå¡éç½®
+  ç­ä¿¡åéæ¨¡å¼ï¼ aliyun å¯¹æ¥é¿éäºçç­ä¿¡æå¡
+  é¿éäºç­ä¿¡æ¥å£å°åï¼ cn-hangzhou
+  é¿éäºç­ä¿¡æ¥å£Access Keyï¼ 
+  é¿éäºç­ä¿¡æ¥å£Access Secretï¼ 
 
 
 #### authx-service
 
+å½åç©ºé´ï¼ authx-service
+
+* MYSQLæå¡ - æå¡å°å
+  MySQLæå¡ hostï¼ <è¯·å¡«åæ°æ®åºæå¡çIPå°å>
+  MySQLæå¡ portï¼ <è¯·å¡«åæ°æ®åºæå¡çç«¯å£>
+
+* REDISéç½® - å®å¨éç½®
+  Rediså¯ç ï¼ `OEt1d29zbE9pdXc3SA==`
+
+  Default Storage Classï¼ <è¯·éæ©å­å¨ç±»>
+
+* RABBITMQéç½® - å®å¨éç½®
+  ç¨æ·åï¼ guest
+  å¯ç ï¼ guest
+
+* ç®æçæ§è®¾ç½® - ç¨æ·å¯ç 
+  ç¨æ·åï¼ sbaadmin
+  å¯ç ï¼ nimdaabs
+
+
+* ä¾èµæå¡ - æä»¶æå¡è®¾ç½®
+
+  Minioå¤ç½å°åï¼ `http://authx-minio.paas.<school>.edu.cn` ï¼è¯·è®¾ç½®ä¸º minio çå¤ç½å°å
+
+* ä¾èµæå¡ - è®¤è¯è®¾ç½®
+
+  CASè®¤è¯å°åï¼ `http://cas.paas.<school>.edu.cn/cas` ï¼è¯·è®¾ç½®ä¸º cas è®¤è¯çå¤ç½å°å
+
+* ä¾èµæå¡ - POA è®¾ç½®
+
+  POAç½å³å°åï¼ `http://poa.paas.<school>.edu.cn` ï¼è¯·è®¾ç½®ä¸º poa ç½å³çå¤ç½å°å
+  POA SAå°åï¼ `http://poa-sa.paas.<school>.edu.cn` ï¼è¯·è®¾ç½®ä¸º poa-sa ç®¡çæ¥å£çå°åï¼ä¹å¯ä½¿ç¨ k8s åé¨å°åï¼
+
+* ä¾èµæå¡ - CAS SERVER
+
+  CASåé¨å°åï¼ `http://cas-server-webapp.cas-server.svc.cluster.local:8080/cas` ï¼åºå®å¼ï¼è¥ cas-server çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+  CAS SA APIåé¨å°åï¼ `http://cas-server-sa.cas-server.svc.cluster.local:8080` ï¼åºå®å¼ï¼è¥ cas-server çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+
+* ä¾èµæå¡ - AGENT SERVICE
+
+  Agent Service APIåé¨å°åï¼ `http://agent-service.agent-service.svc.cluster.local:8080` ï¼åºå®å¼ï¼è¥ agent-service çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+
+  Agent Service æä»¶ä¸ä¼ è·¯å¾ï¼ `/api/v1/tpas/file/minio` ï¼ä¸è¬ä¸ç¨ä¿®æ¹
+  Agent Service é®ä»¶åéè·¯å¾ï¼ `/api/v1/tpas/mail/smtp` ï¼ä¸è¬ä¸ç¨ä¿®æ¹
+  Agent Service ç­ä¿¡åéè·¯å¾ï¼ `/api/v1/tpas/sms/aliyun` ï¼ è¥ä¸ä½¿ç¨é¿éäºç­ä¿¡æå¡ï¼é¡»ä¿®æ¹
+
+
+* ç¨æ·æå¡ - MYSQLæ°æ®åºéç½®
+
+  ç¨æ·åï¼ `user` ï¼åºå®å¼
+  å¯ç ï¼ <è¯·å¡«ååå»ºçæ°æ®åºç¨æ·çå¯ç >
+  æ°æ®åºåï¼ `user` ï¼åºå®å¼
+
+* æææå¡ - MYSQLæ°æ®åºéç½®
+
+  ç¨æ·åï¼ `user_authz` ï¼åºå®å¼
+  å¯ç ï¼ <è¯·å¡«ååå»ºçæ°æ®åºç¨æ·çå¯ç >
+  æ°æ®åºåï¼ `user_authz` ï¼åºå®å¼
+
+* å®å¨ä¸­å¿ - ååéç½®
+
+  ååï¼ `security-center.paas.<school>.edu.cn` ï¼è¯·ä¿®æ¹ä¸ºå®éçå­¦æ ¡åå
 
 
 #### jobs-server
 
+å½åç©ºé´ï¼ jobs-server
+
+* å¤é¨RABBITMQ - è¿æ¥éç½®
+
+  å¤é¨RabbitMQ hostï¼ `authx-service-rabbitmq.authx-service.svc.cluster.local` ï¼è¿æ¥ authx-service çrabbitmqï¼ è¥ authx-service çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+  å¤é¨RabbitMQ portï¼ 5672
+
+* RABBITMQéç½® - å®å¨éç½®
+
+  ç¨æ·åï¼ guest
+  å¯ç ï¼ guest
+
+* ç¨æ·æ°æ® - æ°æ®æºéç½®
+
+  JDBC URLï¼ `jdbc:mysql://authx-service-mysql-server.authx-service.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai` ï¼è¿æ¥ authx-service çmysqlï¼è¥ authx-service çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+  JDBCç¨æ·åï¼ user
+  JDBCå¯ç ï¼ <è¯·å¡«ååå»ºçæ°æ®åºç¨æ·çå¯ç >
+
+* ç¨æ·æ°æ® - APIè®¾ç½®
+
+  GOA APIå°åï¼ `http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080` ï¼åºå®å¼ï¼è¥ authx-service çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
 
 
 #### cas-server
 
+å½åç©ºé´ï¼ cas-server
+
+* å¤é¨MYSQL-è¿æ¥éç½®
+  å¤é¨MySQL hostï¼ <è¯·å¡«åæ°æ®åºæå¡çIPå°å>
+  å¤é¨MySQL portï¼ <è¯·å¡«åæ°æ®åºæå¡çç«¯å£>
+
+* REDISéç½® - å®å¨éç½®
+  Rediså¯ç ï¼ `OEt1d29zbE9pdXc3SA==`
+
+  Default Storage Classï¼ <è¯·éæ©å­å¨ç±»>
+
+* RABBITMQéç½® - å®å¨éç½®
+  ç¨æ·åï¼ guest
+  å¯ç ï¼ guest
+
+
+* ä¾èµæå¡ - ç¨æ·æå¡
+
+  ç¨æ·æ°æ®APIåé¨å°åï¼ `http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080` ï¼åºå®å¼ï¼è¥ authx-service çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+
+* ä¾èµæå¡ - æææå¡
+
+  ç¨æ·ææAPIåé¨å°åï¼ `http://authx-service-user-authz-service-sa.authx-service.svc.cluster.local:8080` ï¼åºå®å¼ï¼è¥ authx-service çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+
+* ä¾èµæå¡ - AGENT SERVICE
+
+  Agent Service åé¨å°åï¼ `http://agent-service.agent-service.svc.cluster.local:8080` ï¼åºå®å¼ï¼è¥ agent-service çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+
+  Agent Serviceæä»¶æå¡APIè·¯å¾ï¼ `/api/v1/tpas/file/minio` ï¼ä¸è¬ä¸ç¨ä¿®æ¹
+  Agent Serviceç­ä¿¡åéAPIè·¯å¾ï¼ `/api/v1/tpas/sms/aliyun/send` ï¼ è¥ä¸ä½¿ç¨é¿éäºç­ä¿¡æå¡ï¼é¡»ä¿®æ¹
+
+* ä¾èµæå¡ - TOKEN SERVER
+
+  Token Server åé¨å°åï¼ `http://token-server.token-server.svc.cluster.local:8080` ï¼åºå®å¼ï¼è¥ token-server çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+
+
+* CAS è®¤è¯ - MYSQLæ°æ®åºéç½®
+  ç¨æ·åï¼ `cas_server` ï¼åºå®å¼
+  å¯ç ï¼ <è¯·å¡«ååå»ºçæ°æ®åºç¨æ·çå¯ç >
+  æ°æ®åºåï¼ `cas_server` ï¼åºå®å¼
+
+* SCHEMEè®¾ç½® - æä¹å·
+
+  Default Storage Classï¼ <è¯·éæ©å­å¨ç±»>
+
+* WEBAPPè®¾ç½®-ååéç½®
+
+  ååï¼ `cas.paas.<school>.edu.cn` ï¼è¯·ä¿®æ¹ä¸ºå®éçå­¦æ ¡åå
+
+* WEBAPPè®¾ç½®-å¾çéªè¯ç 
+
+  å¯ç¨å¾çéªè¯ç ï¼ æ¯ or å¦
+
+* WEBAPPè®¾ç½®-å¨æå¯ç 
+
+  å¨æå¯ç ç­ä¿¡æ é¢ï¼ è®¤è¯ä¸­å¿ï¼åºå®å¼
+  å¨æå¯ç ç­ä¿¡æ¨¡æ¿ï¼ è¯·ä¿®æ¹ä¸ºåéçç­ä¿¡æ¨¡æ¿
+
+* WEBAPPè®¾ç½®-JWT
+
+  åè certs/jwt/readme.md çæå¬ç§é¥pemï¼ä¿®æ¹ç¸å³éç½®ï¼è¯·ä½¿ç¨ä¸ token-server ä¸è´çå¬ç§é¥ï¼
+
+  JWTç§é¥ï¼ 
+  JWTå¬é¥ï¼ 
+
+* DATAXè®¾ç½®-åæ°éç½®
+
+  æ°æ®æºJdbcUrlï¼ `jdbc:mysql://authx-service-mysql-server.authx-service.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai` ï¼è¿æ¥ authx-service çmysqlï¼è¥ authx-service çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+  æ°æ®æºç¨æ·åï¼ user
+  æ°æ®æºå¯ç ï¼ <è¯·å¡«ååå»ºçæ°æ®åºç¨æ·çå¯ç >
 
 
 #### token-server
 
+å½åç©ºé´ï¼ token-server
+
+* å¤é¨MYSQL-è¿æ¥éç½®
+  å¤é¨MySQL hostï¼ <è¯·å¡«åæ°æ®åºæå¡çIPå°å>
+  å¤é¨MySQL portï¼ <è¯·å¡«åæ°æ®åºæå¡çç«¯å£>
+
+* REDISéç½® - å®å¨éç½®
+  Rediså¯ç ï¼ `OEt1d29zbE9pdXc3SA==`
+
+  Default Storage Classï¼ <è¯·éæ©å­å¨ç±»>
+
+
+* ä¾èµæå¡ - ç¨æ·æå¡
+
+  ç¨æ·æ°æ®APIåé¨å°åï¼ `http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080` ï¼åºå®å¼ï¼è¥ authx-service çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+
+* ä¾èµæå¡ - AGENT SERVICE
+
+  Agent Service åé¨å°åï¼ `http://agent-service.agent-service.svc.cluster.local:8080` ï¼åºå®å¼ï¼è¥ agent-service çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+
+  Agent Serviceç­ä¿¡åéAPIè·¯å¾ï¼ `/api/v1/tpas/sms/aliyun/send` ï¼ è¥ä¸ä½¿ç¨é¿éäºç­ä¿¡æå¡ï¼é¡»ä¿®æ¹
+
+* ä¾èµæå¡ - CAS SERVER
+
+  CAS SA APIåé¨å°åï¼ `http://cas-server-sa.cas-server.svc.cluster.local:8080` ï¼åºå®å¼ï¼è¥ cas-server çå½åç©ºé´æè°æ´ï¼è¯·ä¿®æ¹
+
+
+* TOKEN SERVER - MYSQLæ°æ®åºéç½®
+  ç¨æ·åï¼ `token_server` ï¼åºå®å¼
+  å¯ç ï¼ <è¯·å¡«ååå»ºçæ°æ®åºç¨æ·çå¯ç >
+  æ°æ®åºåï¼ `token_server` ï¼åºå®å¼
+
+* TOKEN SERVERè®¾ç½®-ååéç½®
+
+  ååï¼ `token.paas.<school>.edu.cn` ï¼è¯·ä¿®æ¹ä¸ºå®éçå­¦æ ¡åå
+
+* TOKEN SERVERè®¾ç½®-å¨æå¯ç 
+
+  å¨æå¯ç ç­ä¿¡æ é¢ï¼ è®¤è¯ä¸­å¿ï¼åºå®å¼
+  å¨æå¯ç ç­ä¿¡æ¨¡æ¿ï¼ è¯·ä¿®æ¹ä¸ºåéçç­ä¿¡æ¨¡æ¿
+
+* TOKEN SERVERè®¾ç½®-JWT
+
+  åè certs/jwt/readme.md çæå¬ç§é¥pemï¼ä¿®æ¹ç¸å³éç½®ï¼è¯·ä½¿ç¨ä¸ cas-server ä¸è´çå¬ç§é¥ï¼
+
+  JWTç§é¥ï¼ 
+  JWTå¬é¥ï¼ 
+
+
+* TOKEN SERVERè®¾ç½®-å¹³å°OPEN API
+
+  Platform OpenAPIå°åï¼ `https://poa.paas.<school>.edu.cn` ï¼è¯·è®¾ç½®ä¸º poa ç½å³çå¤ç½å°å
+  Platform OpenAPI Client Idï¼ ä» POA è¿è¡ç³è¯·
+  Platform OpenAPI Client Secretï¼ ä» POA è¿è¡ç³è¯·
+
+* TOKEN SERVERè®¾ç½®-æ¶æ¯æå¡
+
+  æ¯å¦å¼å¯æ¶æ¯æå¡-ä¸ªæ¨ï¼ true or false
+  æ¶æ¯æå¡åºç¨IDï¼ ä» æ¶æ¯æå¡ è¿è¡ç³è¯·
+
+
+* TOKEN SERVERè®¾ç½®-äººè¸æå¡éç½®
+  å¯ä¸ æ°å¼æ®äººè¸å¹³å° æ ç¾åº¦äººè¸æå¡ è¿è¡å¯¹æ¥
 
+  äººè¸ç»å½ç±»åï¼ aiface: æ°å¼æ®äººè¸, aipface: ç¾åº¦äººè¸
 
+  **ä»¥ä¸éç½®ä» æ°å¼æ®äººè¸å¹³å° ç³è¯·**
+  æ°å¼æ®äººè¸ç»å½Urlï¼ 
+  æ°å¼æ®äººè¸ç»å½App Keyï¼ 
+  æ°å¼æ®äººè¸ç»å½App Secretï¼ 
+  æ°å¼æ®äººè¸ç»å½Secret Keyï¼ 
+  æ°å¼æ®äººè¸ç»å½Term Codeï¼ 
 
+  **ä»¥ä¸éç½®ä» ç¾åº¦å¼æ¾å¹³å° ç³è¯·**
+  ç¾åº¦äººè¸ç»å½App Idï¼ 
+  ç¾åº¦äººè¸ç»å½Api Keyï¼ 
+  ç¾åº¦äººè¸ç»å½Secret Keyï¼ 
 
diff --git a/deploy-manifests/charts/certs/jwt/jwt_private_key.pem b/deploy-manifests/charts/certs/jwt/jwt_private_key.pem
new file mode 100644
index 0000000..e1c0db0
--- /dev/null
+++ b/deploy-manifests/charts/certs/jwt/jwt_private_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrV
+SeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3
+tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn
+5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMlto
+PmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0
+MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQABAoIBAFbVhx3B54Cemyt9
+uS0mRpuU80wMG/xOqtcDtjrxjDVAj1m4cJLRh48swl62sulHMx0A4IgIYGR4IHbj
+NphTPqIASR0lmE6P14smZs6egksbzuCxlkCAW38TpQiBqZ5A3najTU3U75rkNpFA
+FVNciYV8NR+T5YvG26ZCJFMYW4+zLJnEmUuF2qo9Y4TlqAc7dUmRKR4A2eJvDBDA
+X4y7vv0kACFhnSZsgDXbFN1f3/w5nIEqru6ExWGYhBciak0cglRyZsiKgDgLah5C
+pyXBn3rq8FCLl+TVanWIY/yTPt5PJVw0cqMgtEAA4Z30fObl1fzp1wlQQvBgAbjD
++A2oh8kCgYEA48I7W1W/40Lq9iWLEg0tLGSN0uF/dvYFlOugMgpZ1DW0SFXDeC8o
+Z6fPnf5vfqFVepA340w57hM+01h6/eERXHnHYr3oc8UR3UZUafiIZrQrc7LT4UuX
+9FOv3ufQq8sYMVfoeYw1LLKJM3c9Wy7JwvPlYCjS9o1V6pLi5Bd0aoUCgYEA46hN
+fOlV96Ho+WJZi5qouC1RRVc6V++XTowBXPpHv0j15tdaO5Y9Tja/rfWSnMLz8fY+
+Tj1yWo22hNkMdSl80zykE+OBnaTr4rLTiUEjacdntNCuEp/+27CavvlCexbZkfoi
+b32Ktbltc+bWlSI4eYYcBbSAVt/L6DXIIQl1bzMCgYAFMEaT5RczATJDG0XYym4O
+BdhpRnPV7PLhmqCSo0O6nuKVh0altUVRXzROoB5AH0LIQQLU7cagEtYqkGh04iy4
+E5okOLlT8dhfVxvTMjNBS7d1skw7ZLJ4gXOPO264iy7o6NzF8BjCBOs1PfEq45z7
+EP1XvHZZ4YxkhKYglhwz1QKBgGcDZiTKlMrb6cbG2QwRrJzCbM76nHzj/kxdj9RZ
+sBN/WT3eXocuAYmdvnhh8bibgrUPHrxak58kFt3gNQHjBweynfAd9y21TcOj9ZJa
+9kJMJ8Iq10m4OiOAs1UNBycZfNPQIrreTODUChHy91A+Tt22cIGoXpZw6ByoEWnZ
+lNj/AoGADQW8aQ09UnciVBbisyef3FDwRczp93jRkaP0Xo10gouUqXfTqE8A4enW
+335O6VFi2B/wRSC1vfkS/LoTLfJnU1lYAyqza3WS3VlATbG/PUrfcfycJbnKoG07
+839BtIf2Yhjc8j4YBgAUa5VlWCHUvCi3U2FJLzx7BALcUfpMEwI=
+-----END RSA PRIVATE KEY-----
diff --git a/deploy-manifests/charts/certs/jwt/jwt_private_key_pkcs8.pem b/deploy-manifests/charts/certs/jwt/jwt_private_key_pkcs8.pem
new file mode 100644
index 0000000..4c9e224
--- /dev/null
+++ b/deploy-manifests/charts/certs/jwt/jwt_private_key_pkcs8.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgSh
+IdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyq
+fNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0
++Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+9
+5sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtW
+LiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4
+jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCP
+WbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO
+4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7Ms
+mcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/Dmc
+gSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8l
+XDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsS
+DS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr9
+4RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1b
+LsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dO
+jAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvi
+stOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38vo
+NcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1
+RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtk
+sniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNm
+JMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8e
+vFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Ai
+ut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/c
+UPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdT
+WVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8
+KLdTYUkvPHsEAtxR+kwTAg==
+-----END PRIVATE KEY-----
diff --git a/deploy-manifests/charts/certs/jwt/jwt_public_key.pem b/deploy-manifests/charts/certs/jwt/jwt_public_key.pem
new file mode 100644
index 0000000..7523d69
--- /dev/null
+++ b/deploy-manifests/charts/certs/jwt/jwt_public_key.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtAL
+iJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qv
+rn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjj
+zP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4
+O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K
+5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginj
+fwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/deploy-manifests/charts/certs/jwt/readme.md b/deploy-manifests/charts/certs/jwt/readme.md
new file mode 100644
index 0000000..81ac267
--- /dev/null
+++ b/deploy-manifests/charts/certs/jwt/readme.md
@@ -0,0 +1,98 @@
+# readme.md
+
+
+## ä½¿ç¨ openssl çæ å¬ç§é¥
+
+
+1. çæç§é¥ App Private Key
+
+å¿é¡»ä¸º RSA2(SHA256)
+
+```bash
+openssl genrsa -out jwt_private_key.pem 2048
+```
+
+2. å°ç§é¥è½¬æ¢ä¸º PKCS8 æ ¼å¼
+
+```bash
+openssl pkcs8 -topk8 -inform PEM -in jwt_private_key.pem -outform PEM -nocrypt -out jwt_private_key_pkcs8.pem
+```
+
+3. å¯¼åºå¬é¥ App Public Key
+
+```bash
+openssl rsa -in jwt_private_key.pem -pubout -out jwt_public_key.pem
+```
+
+4. å° jwt_public_key.pem ä¸­çåå®¹ï¼å»é¤æ¢è¡åç©ºæ ¼ï¼è½¬æå­ç¬¦ä¸²ã
+
+å¤çåï¼
+```language
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwow0APEh9F91vvtAzl7V
+FmXRAOGhlo+22KX+rqC3ziGg4+yIk8evAL1T97XEuK1huqcAp+p4PIG2t/Rb3FBD
++vVJGoXKsyLCMUmT4Sy5/TRhb3TM0CHefvMZTSMwcVzKT07DtxyGgFZj9WsUYZWr
+BUPcu0vD6s7m5Qe3qFJJWVeRX8NDnVAxySzrz4bI4+1qvtyey/uap3I6txxRxUlI
+aMyTsD8pl63u14dD2FHRM6JY3tmdEpBEMWI91qmYbl9HkH/D6Xtumg0Hmzh06bdr
+lO3YNscpr6iN2ug6yGNtAh4/ug4P4ZV9nxImcj8l8Pt3jio1O0IIpf4MUCMD+C7P
+rQIDAQAB
+-----END PUBLIC KEY-----
+```
+å¤çåï¼
+```language
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwow0APEh9F91vvtAzl7VFmXRAOGhlo+22KX+rqC3ziGg4+yIk8evAL1T97XEuK1huqcAp+p4PIG2t/Rb3FBD+vVJGoXKsyLCMUmT4Sy5/TRhb3TM0CHefvMZTSMwcVzKT07DtxyGgFZj9WsUYZWrBUPcu0vD6s7m5Qe3qFJJWVeRX8NDnVAxySzrz4bI4+1qvtyey/uap3I6txxRxUlIaMyTsD8pl63u14dD2FHRM6JY3tmdEpBEMWI91qmYbl9HkH/D6Xtumg0Hmzh06bdrlO3YNscpr6iN2ug6yGNtAh4/ug4P4ZV9nxImcj8l8Pt3jio1O0IIpf4MUCMD+C7PrQIDAQAB
+-----END PUBLIC KEY-----
+```
+
+4. å° jwt_private_key_pkcs8.pem ä¸­çåå®¹ï¼å»é¤æ¢è¡åç©ºæ ¼ï¼è½¬æå­ç¬¦ä¸²ã
+
+å¤çåï¼
+```language
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDCjDQA8SH0X3W+
++0DOXtUWZdEA4aGWj7bYpf6uoLfOIaDj7IiTx68AvVP3tcS4rWG6pwCn6ng8gba3
+9FvcUEP69UkahcqzIsIxSZPhLLn9NGFvdMzQId5+8xlNIzBxXMpPTsO3HIaAVmP1
+axRhlasFQ9y7S8PqzublB7eoUklZV5Ffw0OdUDHJLOvPhsjj7Wq+3J7L+5qncjq3
+HFHFSUhozJOwPymXre7Xh0PYUdEzolje2Z0SkEQxYj3WqZhuX0eQf8Ppe26aDQeb
+OHTpt2uU7dg2xymvqI3a6DrIY20CHj+6Dg/hlX2fEiZyPyXw+3eOKjU7Qgil/gxQ
+IwP4Ls+tAgMBAAECggEAaQOlTpza5z5gIKcfZEZsX5q2JvOkddE9sdRolXrLvMkK
+P/39+0def9ey65OCjO2KQ2bCQ+Gc5YxfRQzySQpKp7yfqWFu+SNaD6DX4kRyYOtV
+bQRvSin+ICi5D5pfG9IqooSxwLX1JHF9o4wZhFN17XGkRLWxG55zpE12JbXFQiPB
+pck6hcMfx+r5wk7t4ret/8P/MDcyrPuUavJemd4D2jRrD7AmOGJDvElioFcOKA+V
+S8oe/uBdpU8cbYJvct68fHOzG9IW3hdqYV18fhNtWqp9WeuUP+F2UMmOXbAtZ106
+Zcd+V/jsse2G9KvGzmDA61ZGxzHUjt+JNIpN+V2HQQKBgQDkfYb8vIMc2yV0CM30
+mAaPIapgpw8brYS8v+azQR/jjsuHFJ1CQJAih79y2gwdjKbDl0XByjj/qiHLTPcu
+6dkuavdsV9MrlFfVqAXUMNDHrWEn5nMahlq3UZbflBqlavTr0gvEA8Da+ZXcRvWg
+TP5+g5RFrKHJVOyQ+GzgDggQawKBgQDZ+IDRthf0UHvvZsoUbeb37Wut9jdjRgLJ
+S1X4RtH+NPN23lvtTKJmUNfrFxiOfeVBfCXmGep0ibTqDVo0zBeHSu4BFM3BsICu
+7xafmLafZxZqHcgWuF9keOCWjKN5fzub5xGqd2yge9hGN2zA2U9qp4mltGzeoZ/0
+TuLuR59GRwKBgCGga7ZUVANyKQ/rn8vod8am0LlKvMl4/vj8UQp+gh/uSvvFR+OR
+NuUuDznq5y+OHJjacXS0uzC9LB4MZLBtz/2p1mIGhth6C3cxNDJnQMKyPIMvwi7c
+KQujoU2kMUu48vSlw/+EAeT4KFrzwoBl9GpQGQkr/99udSZcuUE8L2mjAoGAPRLn
+LVuDTL58a3D2sFC3BcLth/nUPSmxwCsutHlLf5ngme7l/RCa9GY0ibeX9t0JrpaV
+m+qpCexH18jT/LUu5oa1N3JX0Kye8eUmBqPoj7N30VX06YDRobpI24Yei/19e0p8
+ZbI+qpzo1YvUGhkJqo21AMwUMTFCO1cbOL6yvyMCgYAHUNBLhSOaIZpvbmyh5uz5
+Va/IIYU5nJcVAan8ExzdVBqeiDqlIDsUt/4xoV2sWOK1lDmL1QYeOOTOHdVcSUyN
+ZpvB3b/9RZ1bNQZA1trBBxjY7dXNwZZp0ah/bmO+i4dPXl+bU2mUqdyb1emFwcj0
+uNGn7GMQXLxalpCkz4SXRg==
+-----END PRIVATE KEY-----
+```
+å¤çåï¼
+```language
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDCjDQA8SH0X3W++0DOXtUWZdEA4aGWj7bYpf6uoLfOIaDj7IiTx68AvVP3tcS4rWG6pwCn6ng8gba39FvcUEP69UkahcqzIsIxSZPhLLn9NGFvdMzQId5+8xlNIzBxXMpPTsO3HIaAVmP1axRhlasFQ9y7S8PqzublB7eoUklZV5Ffw0OdUDHJLOvPhsjj7Wq+3J7L+5qncjq3HFHFSUhozJOwPymXre7Xh0PYUdEzolje2Z0SkEQxYj3WqZhuX0eQf8Ppe26aDQebOHTpt2uU7dg2xymvqI3a6DrIY20CHj+6Dg/hlX2fEiZyPyXw+3eOKjU7Qgil/gxQIwP4Ls+tAgMBAAECggEAaQOlTpza5z5gIKcfZEZsX5q2JvOkddE9sdRolXrLvMkKP/39+0def9ey65OCjO2KQ2bCQ+Gc5YxfRQzySQpKp7yfqWFu+SNaD6DX4kRyYOtVbQRvSin+ICi5D5pfG9IqooSxwLX1JHF9o4wZhFN17XGkRLWxG55zpE12JbXFQiPBpck6hcMfx+r5wk7t4ret/8P/MDcyrPuUavJemd4D2jRrD7AmOGJDvElioFcOKA+VS8oe/uBdpU8cbYJvct68fHOzG9IW3hdqYV18fhNtWqp9WeuUP+F2UMmOXbAtZ106Zcd+V/jsse2G9KvGzmDA61ZGxzHUjt+JNIpN+V2HQQKBgQDkfYb8vIMc2yV0CM30mAaPIapgpw8brYS8v+azQR/jjsuHFJ1CQJAih79y2gwdjKbDl0XByjj/qiHLTPcu6dkuavdsV9MrlFfVqAXUMNDHrWEn5nMahlq3UZbflBqlavTr0gvEA8Da+ZXcRvWgTP5+g5RFrKHJVOyQ+GzgDggQawKBgQDZ+IDRthf0UHvvZsoUbeb37Wut9jdjRgLJS1X4RtH+NPN23lvtTKJmUNfrFxiOfeVBfCXmGep0ibTqDVo0zBeHSu4BFM3BsICu7xafmLafZxZqHcgWuF9keOCWjKN5fzub5xGqd2yge9hGN2zA2U9qp4mltGzeoZ/0TuLuR59GRwKBgCGga7ZUVANyKQ/rn8vod8am0LlKvMl4/vj8UQp+gh/uSvvFR+ORNuUuDznq5y+OHJjacXS0uzC9LB4MZLBtz/2p1mIGhth6C3cxNDJnQMKyPIMvwi7cKQujoU2kMUu48vSlw/+EAeT4KFrzwoBl9GpQGQkr/99udSZcuUE8L2mjAoGAPRLnLVuDTL58a3D2sFC3BcLth/nUPSmxwCsutHlLf5ngme7l/RCa9GY0ibeX9t0JrpaVm+qpCexH18jT/LUu5oa1N3JX0Kye8eUmBqPoj7N30VX06YDRobpI24Yei/19e0p8ZbI+qpzo1YvUGhkJqo21AMwUMTFCO1cbOL6yvyMCgYAHUNBLhSOaIZpvbmyh5uz5Va/IIYU5nJcVAan8ExzdVBqeiDqlIDsUt/4xoV2sWOK1lDmL1QYeOOTOHdVcSUyNZpvB3b/9RZ1bNQZA1trBBxjY7dXNwZZp0ah/bmO+i4dPXl+bU2mUqdyb1emFwcj0uNGn7GMQXLxalpCkz4SXRg==
+-----END PRIVATE KEY-----
+```
+
+
+5. ï¼å¯éï¼å°pemåå®¹è¿è¡ base64 ç¼ç åï¼éç½®å°k8s
+
+echo -n '-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwow0APEh9F91vvtAzl7VFmXRAOGhlo+22KX+rqC3ziGg4+yIk8evAL1T97XEuK1huqcAp+p4PIG2t/Rb3FBD+vVJGoXKsyLCMUmT4Sy5/TRhb3TM0CHefvMZTSMwcVzKT07DtxyGgFZj9WsUYZWrBUPcu0vD6s7m5Qe3qFJJWVeRX8NDnVAxySzrz4bI4+1qvtyey/uap3I6txxRxUlIaMyTsD8pl63u14dD2FHRM6JY3tmdEpBEMWI91qmYbl9HkH/D6Xtumg0Hmzh06bdrlO3YNscpr6iN2ug6yGNtAh4/ug4P4ZV9nxImcj8l8Pt3jio1O0IIpf4MUCMD+C7PrQIDAQAB
+-----END PUBLIC KEY-----' |base64
+
+
+echo -n '-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDCjDQA8SH0X3W++0DOXtUWZdEA4aGWj7bYpf6uoLfOIaDj7IiTx68AvVP3tcS4rWG6pwCn6ng8gba39FvcUEP69UkahcqzIsIxSZPhLLn9NGFvdMzQId5+8xlNIzBxXMpPTsO3HIaAVmP1axRhlasFQ9y7S8PqzublB7eoUklZV5Ffw0OdUDHJLOvPhsjj7Wq+3J7L+5qncjq3HFHFSUhozJOwPymXre7Xh0PYUdEzolje2Z0SkEQxYj3WqZhuX0eQf8Ppe26aDQebOHTpt2uU7dg2xymvqI3a6DrIY20CHj+6Dg/hlX2fEiZyPyXw+3eOKjU7Qgil/gxQIwP4Ls+tAgMBAAECggEAaQOlTpza5z5gIKcfZEZsX5q2JvOkddE9sdRolXrLvMkKP/39+0def9ey65OCjO2KQ2bCQ+Gc5YxfRQzySQpKp7yfqWFu+SNaD6DX4kRyYOtVbQRvSin+ICi5D5pfG9IqooSxwLX1JHF9o4wZhFN17XGkRLWxG55zpE12JbXFQiPBpck6hcMfx+r5wk7t4ret/8P/MDcyrPuUavJemd4D2jRrD7AmOGJDvElioFcOKA+VS8oe/uBdpU8cbYJvct68fHOzG9IW3hdqYV18fhNtWqp9WeuUP+F2UMmOXbAtZ106Zcd+V/jsse2G9KvGzmDA61ZGxzHUjt+JNIpN+V2HQQKBgQDkfYb8vIMc2yV0CM30mAaPIapgpw8brYS8v+azQR/jjsuHFJ1CQJAih79y2gwdjKbDl0XByjj/qiHLTPcu6dkuavdsV9MrlFfVqAXUMNDHrWEn5nMahlq3UZbflBqlavTr0gvEA8Da+ZXcRvWgTP5+g5RFrKHJVOyQ+GzgDggQawKBgQDZ+IDRthf0UHvvZsoUbeb37Wut9jdjRgLJS1X4RtH+NPN23lvtTKJmUNfrFxiOfeVBfCXmGep0ibTqDVo0zBeHSu4BFM3BsICu7xafmLafZxZqHcgWuF9keOCWjKN5fzub5xGqd2yge9hGN2zA2U9qp4mltGzeoZ/0TuLuR59GRwKBgCGga7ZUVANyKQ/rn8vod8am0LlKvMl4/vj8UQp+gh/uSvvFR+ORNuUuDznq5y+OHJjacXS0uzC9LB4MZLBtz/2p1mIGhth6C3cxNDJnQMKyPIMvwi7cKQujoU2kMUu48vSlw/+EAeT4KFrzwoBl9GpQGQkr/99udSZcuUE8L2mjAoGAPRLnLVuDTL58a3D2sFC3BcLth/nUPSmxwCsutHlLf5ngme7l/RCa9GY0ibeX9t0JrpaVm+qpCexH18jT/LUu5oa1N3JX0Kye8eUmBqPoj7N30VX06YDRobpI24Yei/19e0p8ZbI+qpzo1YvUGhkJqo21AMwUMTFCO1cbOL6yvyMCgYAHUNBLhSOaIZpvbmyh5uz5Va/IIYU5nJcVAan8ExzdVBqeiDqlIDsUt/4xoV2sWOK1lDmL1QYeOOTOHdVcSUyNZpvB3b/9RZ1bNQZA1trBBxjY7dXNwZZp0ah/bmO+i4dPXl+bU2mUqdyb1emFwcj0uNGn7GMQXLxalpCkz4SXRg==
+-----END PRIVATE KEY-----' |base64