From f69336edbeadb33bee7f372f39fe9db38070b4f6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?=E5=88=98=E6=B4=AA=E9=9D=92?= Date: Tue, 15 Mar 2022 13:50:11 +0800 Subject: [PATCH] =?utf8?q?chore:=20nwpu=20=E5=8D=87=E7=BA=A71.4?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- .../4.4.authx-service-bff.yaml | 10 +- .../0.authx-service/4.9.authx-management.yaml | 2 +- .../k8s-rancher/1.authx-service/10.0.init.sql | 5 + .../4.0.user-data-service-installer.yaml | 2 +- .../4.1.user-data-service-poa.yaml | 9 +- .../4.2.user-data-service-goa.yaml | 18 +- .../4.3.user-data-service-biz.yaml | 9 +- .../5.user-data-service-datax-job.yaml | 2 +- .../9.api-docs-installer.yaml | 2 +- .../4.0.user-authorization-installer.yaml | 2 +- .../4.1.user-authorization-poa.yaml | 10 +- .../4.2.user-authorization-sa.yaml | 10 +- .../5.user-authorization-datax-job.yaml | 2 +- .../9.api-docs-installer.yaml | 2 +- .../4.cas-server/4.2.cas-server-sa-api.yaml | 9 +- .../4.3.cas-server-security-engine.yaml | 2 +- .../4.5.cas-server-site-webapp.yaml | 27 ++- .../4.6.cas-server-site-scheme.yaml | 2 +- .../4.cas-server/5.cas-server-datax-job.yaml | 2 +- .../4.0.token-server-installer.yaml | 2 +- .../5.token-server/4.1.token-server.yaml | 43 ++++- .../5.token-server/9.api-docs-installer.yaml | 2 +- .../4.4.personal-security-center-bff.yaml | 10 +- .../4.5.personal-security-center-zuul.yaml | 2 +- .../4.9.security-center-ui.yaml | 2 +- .../7.attest-server/0.attest-server-base.yaml | 16 ++ .../7.attest-server/1.attest-server-env.yaml | 10 + .../2.attest-server-ingresses.yaml | 21 +++ .../7.attest-server/4.1.attest-server.yaml | 175 ++++++++++++++++++ .../8.authx-log/0.authx-log-base.yaml | 16 ++ .../8.authx-log/1.authx-log-env.yaml | 29 +++ .../8.authx-log/4.0.authx-log-installer.yaml | 49 +++++ .../8.authx-log/4.2.authx-log-sa.yaml | 116 ++++++++++++ 33 files changed, 596 insertions(+), 24 deletions(-) create mode 100644 project/nwpu/k8s-rancher/1.authx-service/7.attest-server/0.attest-server-base.yaml create mode 100644 project/nwpu/k8s-rancher/1.authx-service/7.attest-server/1.attest-server-env.yaml create mode 100644 project/nwpu/k8s-rancher/1.authx-service/7.attest-server/2.attest-server-ingresses.yaml create mode 100644 project/nwpu/k8s-rancher/1.authx-service/7.attest-server/4.1.attest-server.yaml create mode 100644 project/nwpu/k8s-rancher/1.authx-service/8.authx-log/0.authx-log-base.yaml create mode 100644 project/nwpu/k8s-rancher/1.authx-service/8.authx-log/1.authx-log-env.yaml create mode 100644 project/nwpu/k8s-rancher/1.authx-service/8.authx-log/4.0.authx-log-installer.yaml create mode 100644 project/nwpu/k8s-rancher/1.authx-service/8.authx-log/4.2.authx-log-sa.yaml diff --git a/project/nwpu/k8s-rancher/1.authx-service/0.authx-service/4.4.authx-service-bff.yaml b/project/nwpu/k8s-rancher/1.authx-service/0.authx-service/4.4.authx-service-bff.yaml index 5d56fbf..18160d3 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/0.authx-service/4.4.authx-service-bff.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/0.authx-service/4.4.authx-service-bff.yaml @@ -62,6 +62,14 @@ data: #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" + + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + --- apiVersion: v1 kind: Service @@ -102,7 +110,7 @@ spec: spec: containers: - name: authx-service-bff - image: paas.harbor.nwpu.edu.cn/authx-service/authx-service-bff:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/authx-service/authx-service-bff:1.4.4-RELEASE imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/0.authx-service/4.9.authx-management.yaml b/project/nwpu/k8s-rancher/1.authx-service/0.authx-service/4.9.authx-management.yaml index 7a0fda4..f1b17fd 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/0.authx-service/4.9.authx-management.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/0.authx-service/4.9.authx-management.yaml @@ -44,7 +44,7 @@ spec: spec: containers: - name: authx-management - image: paas.harbor.nwpu.edu.cn/authx-service/authx-management:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/authx-service/authx-management:1.4.4-RELEASE imagePullPolicy: Always ports: - containerPort: 80 diff --git a/project/nwpu/k8s-rancher/1.authx-service/10.0.init.sql b/project/nwpu/k8s-rancher/1.authx-service/10.0.init.sql index d206414..74983be 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/10.0.init.sql +++ b/project/nwpu/k8s-rancher/1.authx-service/10.0.init.sql @@ -85,6 +85,9 @@ values ('21', 0, 'authx-service-admin-api', '认证授权 - 聚合接口(认 insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) values ('22', 0, 'authx-service-open-api', '认证授权 - 聚合接口(公开)', '1', '/api/v2/open', 'http://localhost:8009', 0); +insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) +values ('25', 0, 'authx-service-log-api', '认证授权 - 日志接口', '1', '/api/v2/log', 'http://localhost:8009', 0); + commit; update TB_MGT_ROUTE set URL='http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080' where ID='20'; @@ -94,6 +97,8 @@ update TB_MGT_ROUTE set URL='http://personal-security-center-bff-svc.personal-se update TB_MGT_ROUTE set URL='http://authx-service-bff.authx-service.svc.cluster.local:8080' where ID='21'; update TB_MGT_ROUTE set URL='http://authx-service-bff.authx-service.svc.cluster.local:8080' where ID='22'; +update TB_MGT_ROUTE set URL='http://authx-log-sa.authx-log.svc.cluster.local:8080' where ID='25'; + commit; diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml index efbf7d7..4718907 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml @@ -28,7 +28,7 @@ spec: containers: - name: user-data-service-installer # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/goa/installer:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/goa/installer:1.4.4-RELEASE imagePullPolicy: Always env: - name: DB_TYPE diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml index ef4e6c1..3e852e5 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml @@ -51,6 +51,13 @@ data: LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + --- apiVersion: v1 kind: Service @@ -92,7 +99,7 @@ spec: containers: - name: user-data-service-poa # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/goa/poa-api:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/goa/poa-api:1.4.4-RELEASE imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml index e11a8fc..92304b1 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml @@ -69,6 +69,22 @@ data: IPADDR_API_URL: http://ipaddr.ipaddr.svc.cluster.local:9090/v1/find + CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080 + CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false" + #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: "" + #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore + #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: "" + #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore + #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" + + + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + LOGGING_LEVEL_COM_SUPWISDOM_GOA: INFO LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO @@ -114,7 +130,7 @@ spec: containers: - name: user-data-service-goa # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/goa/goa-api:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/goa/goa-api:1.4.4-RELEASE imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml index 3da7391..ccfb2b9 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml @@ -55,6 +55,13 @@ data: LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + --- apiVersion: v1 kind: Service @@ -96,7 +103,7 @@ spec: containers: - name: user-data-service-biz # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/goa/biz-api:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/goa/biz-api:1.4.4-RELEASE imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml index 782a16e..a38445a 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml @@ -41,7 +41,7 @@ spec: containers: - name: user-data-service-datax-job # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/goa/datax-job:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/goa/datax-job:1.4.4-RELEASE imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml index 3b891ad..c3792c6 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml @@ -38,7 +38,7 @@ spec: containers: - name: api-docs-installer # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/goa/api-docs-installer:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/goa/api-docs-installer:1.4.4-RELEASE imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml b/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml index 23833c8..6018932 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml @@ -28,7 +28,7 @@ spec: containers: - name: user-authorization-installer # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-installer:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-installer:1.4.4-RELEASE imagePullPolicy: Always env: - name: DB_TYPE diff --git a/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml b/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml index 4c9355f..e2ba731 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml @@ -37,6 +37,14 @@ data: LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_COMMON_LOG: INFO + + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + --- apiVersion: v1 kind: Service @@ -78,7 +86,7 @@ spec: containers: - name: user-authorization-poa # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-poa:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-poa:1.4.4-RELEASE imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml b/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml index e74484a..7d0a6f3 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml @@ -36,6 +36,14 @@ data: LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_COMMON_LOG: INFO + + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + # SBA_URL: http://spring-boot-admin-svc.base.svc.cluster.local:8080 @@ -80,7 +88,7 @@ spec: containers: - name: user-authorization-sa # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-sa:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-sa:1.4.4-RELEASE imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml b/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml index d57ba7c..4eaa1b9 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml @@ -41,7 +41,7 @@ spec: containers: - name: user-authorization-datax-job # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-datax-job:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/user-authorization-service/user-authorization-datax-job:1.4.4-RELEASE imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/9.api-docs-installer.yaml b/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/9.api-docs-installer.yaml index e45a4f5..c8d1c62 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/9.api-docs-installer.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/3.user-authorization-service/9.api-docs-installer.yaml @@ -38,7 +38,7 @@ spec: containers: - name: api-docs-installer # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/user-authorization-service/api-docs-installer:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/user-authorization-service/api-docs-installer:1.4.4-RELEASE imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml b/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml index 8e13081..48b6733 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml @@ -42,6 +42,13 @@ data: #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + --- apiVersion: v1 kind: Secret @@ -95,7 +102,7 @@ spec: containers: - name: cas-server-sa-api # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-sa-api:1.3.4-RELEASE + image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-sa-api:1.4.4-SNAPSHOT imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml b/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml index 8a37597..af1e69e 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml @@ -66,7 +66,7 @@ spec: containers: - name: cas-server-security-engine # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-security-engine:1.3.4-RELEASE + image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-security-engine:1.4.4-SNAPSHOT imagePullPolicy: Always ports: - containerPort: 6060 diff --git a/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml b/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml index b932091..9d87be0 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml @@ -179,6 +179,31 @@ data: SUPERAPP_TOKEN_SIGNING_KEY_URL: https://token.paas.xxx.edu.cn/jwt/publicKey + ATTEST_SERVER_URL: http://attest-server-svc.attest-server.svc.cluster.local:8080/attest + ATTEST_CLIENT_AUTH_ENABLED: "false" + #ATTEST_CLIENT_AUTH_KEY_PASSWORD: "" + #ATTEST_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore + #ATTEST_CLIENT_AUTH_KEYSTORE_PASSWORD: "" + #ATTEST_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore + #ATTEST_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" + + + IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090 + IPADDR_CLIENT_AUTH_ENABLED: "false" + #IPADDR_CLIENT_AUTH_KEY_PASSWORD: "" + #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore + #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: "" + #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore + #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" + + + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + ## # 第三方CAS 认证对接 # @@ -228,7 +253,7 @@ spec: containers: - name: cas-server-site-webapp # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-site-webapp:1.3.4-RELEASE + image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-site-webapp:1.4.4-SNAPSHOT imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.6.cas-server-site-scheme.yaml b/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.6.cas-server-site-scheme.yaml index 16f6fee..382a7cb 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.6.cas-server-site-scheme.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/4.6.cas-server-site-scheme.yaml @@ -95,7 +95,7 @@ spec: memory: "256Mi" - name: cas-server-site-scheme-generator # 根据情况修改镜像地址 - image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-site-scheme:1.3.4-RELEASE + image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-site-scheme:1.4.4-SNAPSHOT imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml b/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml index 13a1c6f..dea8876 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml @@ -42,7 +42,7 @@ spec: containers: - name: cas-server-datax-job # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-datax-job:1.3.4-RELEASE + image: paas.harbor.nwpu.edu.cn/cas-server/cas-server-datax-job:1.4.4-SNAPSHOT imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/nwpu/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml b/project/nwpu/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml index e8681a9..34e1339 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml @@ -28,7 +28,7 @@ spec: containers: - name: token-server-installer # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/token-server/token-server-installer:1.3.4-RELEASE + image: paas.harbor.nwpu.edu.cn/token-server/token-server-installer:1.4.3-RELEASE imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/nwpu/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml b/project/nwpu/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml index c065ccd..666c65c 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml @@ -112,6 +112,47 @@ data: TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send + + ATTEST_SERVER_URL: http://attest-server-svc.attest-server.svc.cluster.local:8080/attest + ATTEST_CLIENT_AUTH_ENABLED: "false" + #ATTEST_CLIENT_AUTH_KEY_PASSWORD: "" + #ATTEST_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore + #ATTEST_CLIENT_AUTH_KEYSTORE_PASSWORD: "" + #ATTEST_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore + #ATTEST_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" + + + IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090 + IPADDR_CLIENT_AUTH_ENABLED: "false" + #IPADDR_CLIENT_AUTH_KEY_PASSWORD: "" + #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore + #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: "" + #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore + #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" + + + ## + # authx-log rabbitmq + # + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + + ## + # 接收 user 推送的 rabbitmq 数据 + # + USER_RABBITMQ_ENABLED: "true" + USER_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + USER_RABBITMQ_PORT: "5672" + USER_RABBITMQ_USERNAME: guest + USER_RABBITMQ_PASSWORD: guest + + USER_RABBITMQ_CONSUMER_ENABLED: "true" + + --- apiVersion: v1 kind: Secret @@ -168,7 +209,7 @@ spec: containers: - name: token-server # 若使用了学校搭设的私有仓库,请 **修改** - image: paas.harbor.nwpu.edu.cn/token-server/token-server:1.3.4-RELEASE + image: paas.harbor.nwpu.edu.cn/token-server/token-server:1.4.3-RELEASE imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/5.token-server/9.api-docs-installer.yaml b/project/nwpu/k8s-rancher/1.authx-service/5.token-server/9.api-docs-installer.yaml index 169135d..603786b 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/5.token-server/9.api-docs-installer.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/5.token-server/9.api-docs-installer.yaml @@ -38,7 +38,7 @@ spec: containers: - name: api-docs-installer # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/token-server/api-docs-installer:1.3.4-RELEASE + image: paas.harbor.nwpu.edu.cn/token-server/api-docs-installer:1.4.3-RELEASE imagePullPolicy: Always envFrom: - configMapRef: diff --git a/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml b/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml index c5490dc..225fa76 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml @@ -166,6 +166,14 @@ data: # COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send + + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + --- apiVersion: v1 kind: Secret @@ -218,7 +226,7 @@ spec: containers: - name: personal-security-center-bff # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/personal-security-center/personal-security-bff:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/personal-security-center/personal-security-bff:1.4.4-RELEASE imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml b/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml index 9cf30a0..9b04196 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml @@ -152,7 +152,7 @@ spec: containers: - name: personal-security-center-zuul # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/personal-security-center/personal-security-zuul:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/personal-security-center/personal-security-zuul:1.4.4-RELEASE imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml b/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml index 05a453e..3063d89 100644 --- a/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml +++ b/project/nwpu/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml @@ -65,7 +65,7 @@ spec: containers: - name: security-center-ui # 若使用了学校搭设的私有仓库,请修改 - image: paas.harbor.nwpu.edu.cn/personal-security-center/security-center-ui:1.3.6-RELEASE + image: paas.harbor.nwpu.edu.cn/personal-security-center/security-center-ui:1.4.4-RELEASE imagePullPolicy: Always ports: - containerPort: 80 diff --git a/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/0.attest-server-base.yaml b/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/0.attest-server-base.yaml new file mode 100644 index 0000000..44f84d4 --- /dev/null +++ b/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/0.attest-server-base.yaml @@ -0,0 +1,16 @@ +# 0.attest-server-base.yaml + +#################################################### +# supwisdom harbor private docker registry +#################################################### +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/dockerconfigjson +metadata: + namespace: attest-server + name: harbor-registry +data: + # 修改harbor仓库配置,并使用 base64 工具进行编码 + # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}} + .dockerconfigjson: eyJhdXRocyI6eyJwYWFzLmhhcmJvci5ud3B1LmVkdS5jbiI6eyJwYXNzd29yZCI6IjBuSnExS2lldnJOT3QyR1Q3TCIsInVzZXJuYW1lIjoibndwdS5kZXZvcHMifX19 diff --git a/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/1.attest-server-env.yaml b/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/1.attest-server-env.yaml new file mode 100644 index 0000000..c6be3bc --- /dev/null +++ b/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/1.attest-server-env.yaml @@ -0,0 +1,10 @@ +# 1.attest-server-env.yaml + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: attest-server + name: jvm-env +data: + MAX_RAM_PERCENTAGE: "75.0" diff --git a/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/2.attest-server-ingresses.yaml b/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/2.attest-server-ingresses.yaml new file mode 100644 index 0000000..5935d11 --- /dev/null +++ b/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/2.attest-server-ingresses.yaml @@ -0,0 +1,21 @@ +# 2.attest-server-ingresses.yaml + +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: attest-server-ingress + namespace: attest-server + annotations: + nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" +spec: + rules: + # 修改为学校的根域名 + - host: uis.paas.nwpu.edu.cn + http: + paths: + - path: /attest + backend: + serviceName: attest-server-svc + servicePort: http + diff --git a/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/4.1.attest-server.yaml b/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/4.1.attest-server.yaml new file mode 100644 index 0000000..9088b39 --- /dev/null +++ b/project/nwpu/k8s-rancher/1.authx-service/7.attest-server/4.1.attest-server.yaml @@ -0,0 +1,175 @@ +# 4.1.attest-server.yaml + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: attest-server + name: attest-server-env +data: + SERVER_PORT: "8080" + SSL_ENABLED: "false" + #SSL_KEY_PASSWORD: "" + #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore + #SSL_KEYSTORE_PASSWORD: "" + + SERVER_SERVLET_CONTEXT_PATH: "/attest" + + SERVER_MAXHTTPHEADERSIZE: "20480" + + SERVER_TOMCAT_ACCEPT_COUNT: "500" + SERVER_TOMCAT_MAX_CONNECTIONS: "10000" + SERVER_TOMCAT_MAX_THREADS: "500" + SERVER_TOMCAT_MIN_SPARE_THREADS: "100" + + + # **修改** 从POA申请 + POA_SERVER_URL: http://poa.paas.nwpu.edu.cn + POA_CLIENT_ID: "" + POA_CLIENT_SECRET: "" + POA_SCOPES: appPush:v1:apppushByMessageType + + + # 修改为学校的根域名 + ATTEST_SERVER_PREFIX: http://uis.paas.nwpu.edu.cn/attest + + + # guard + ATTEST_SERVER_SECUREPHONE_SMS_TEXT_TEMPLATE: 【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。 + ATTEST_SERVER_SECUREPHONE_SMS_FROM: 认证服务 + + # **修改** 根据实际情况,修改短信模板 + ATTEST_SERVER_SECUREEMAIL_MAIL_TEXT_TEMPLATE: 【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。 + ATTEST_SERVER_SECUREEMAIL_MAIL_FROM: 认证服务 + + # 在超级APP 中唤起人脸识别的 URL Scheme + ATTEST_SERVER_FACEVERIFY_SUPERAPP_URL_SCHEME: superapp + + + # 超级APP Token 的验签公钥 + TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token/jwt/publicKey + + + USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080 + USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false" + #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: "" + #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore + #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: "" + #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore + #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" + + + TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080 + TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false" + #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" + #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore + #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" + #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore + #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" + + # **修改** + # 若须对接sms 接口,须进行二开定制 + TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send + TPAS_AGENT_SERVICE_MAIL_SENDER_PATH: /api/v1/tpas/mail/smtp/send + TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify + + + ## + # token-server + # + TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token + + + ## + # 将 attest 数据 推送到 rabbitmq + # + # ATTEST_RABBITMQ_ENABLED: "false" + # ATTEST_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + # ATTEST_RABBITMQ_PORT: "5672" + # ATTEST_RABBITMQ_USERNAME: guest + # ATTEST_RABBITMQ_PASSWORD: guest + # + # ATTEST_RABBITMQ_APPPUSHATTEST2TOKENRABBITSENDER_ENABLED: "false" + + +--- +apiVersion: v1 +kind: Secret +metadata: + namespace: attest-server + name: attest-server-env-secret +type: Opaque +data: + + +--- +apiVersion: v1 +kind: Service +metadata: + namespace: attest-server + name: attest-server-svc + labels: + app: attest-server + needMonitor: 'true' +spec: + ports: + - port: 8080 + targetPort: http + protocol: TCP + name: http + - port: 6060 + targetPort: http-metrics + protocol: TCP + name: http-metrics + selector: + app: attest-server + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: attest-server + name: attest-server +spec: + selector: + matchLabels: + app: attest-server + replicas: 1 + template: + metadata: + labels: + app: attest-server + spec: + containers: + - name: attest-server + image: paas.harbor.nwpu.edu.cn/attest-server/attest-server:1.4.3-RELEASE + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + - containerPort: 6060 + name: http-metrics + envFrom: + - configMapRef: + name: jvm-env + - configMapRef: + name: attest-server-env + - secretRef: + name: attest-server-env-secret + resources: + requests: + memory: "1024Mi" + limits: + memory: "1024Mi" + readinessProbe: + httpGet: + path: /attest/actuator/health + port: 8080 + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 10 + imagePullSecrets: + - name: harbor-registry + diff --git a/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/0.authx-log-base.yaml b/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/0.authx-log-base.yaml new file mode 100644 index 0000000..a82d6b3 --- /dev/null +++ b/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/0.authx-log-base.yaml @@ -0,0 +1,16 @@ +# 0.authx-log-base.yaml + +#################################################### +# supwisdom harbor private docker registry +#################################################### +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/dockerconfigjson +metadata: + namespace: authx-log + name: harbor-registry +data: + # 修改harbor仓库配置,并使用 base64 工具进行编码 + # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}} + .dockerconfigjson: eyJhdXRocyI6eyJwYWFzLmhhcmJvci5ud3B1LmVkdS5jbiI6eyJwYXNzd29yZCI6IjBuSnExS2lldnJOT3QyR1Q3TCIsInVzZXJuYW1lIjoibndwdS5kZXZvcHMifX19 diff --git a/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/1.authx-log-env.yaml b/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/1.authx-log-env.yaml new file mode 100644 index 0000000..15c2e89 --- /dev/null +++ b/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/1.authx-log-env.yaml @@ -0,0 +1,29 @@ +# 1.authx-log-env.yaml + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: authx-log + name: jvm-env +data: + MAX_RAM_PERCENTAGE: "75.0" + +--- +apiVersion: v1 +kind: Secret +metadata: + namespace: authx-log + name: datasource-env-secret +type: Opaque +data: + # jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/authx_log?serverTimezone=Asia/Shanghai + # JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvYXV0aHhfbG9nP3NlcnZlclRpbWV6b25lPUFzaWEvU2hhbmdoYWk= + JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvYXV0aHhfbG9nX3Rlc3Q/c2VydmVyVGltZXpvbmU9QXNpYS9TaGFuZ2hhaQ== + # authx_log + # JDBC_USERNAME: YXV0aHhfbG9n + JDBC_USERNAME: YXV0aHhfbG9nX3Rlc3Q= + # 修改为实际的数据库密码,并使用 base64 工具进行编码 + # kingstar + # JDBC_PASSWORD: a2luZ3N0YXI= + JDBC_PASSWORD: U3Vwd2lzZG9tIU53cHUxMjM= diff --git a/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/4.0.authx-log-installer.yaml b/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/4.0.authx-log-installer.yaml new file mode 100644 index 0000000..88abd06 --- /dev/null +++ b/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/4.0.authx-log-installer.yaml @@ -0,0 +1,49 @@ +# 4.0.authx-log-installer.yaml + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: authx-log + name: authx-log-installer-env +data: + DB_TYPE: mysql8 + + +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: authx-log + name: authx-log-installer +spec: + completions: 1 + parallelism: 1 + template: + metadata: + labels: + app: authx-log-installer + spec: + restartPolicy: Never + containers: + - name: authx-log-installer + image: harbor.supwisdom.com/authx-log/authx-log-installer:1.4.4-RELEASE + imagePullPolicy: Always + env: + - name: DB_TYPE + value: mysql8 + - name: JDBC_URL + value: jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/authx_log_test?serverTimezone=Asia/Shanghai + - name: JDBC_USERNAME + value: authx_log_test + - name: JDBC_PASSWORD + value: Supwisdom!Nwpu123 + envFrom: + - configMapRef: + name: jvm-env + # - secretRef: + # name: datasource-env-secret + - configMapRef: + name: authx-log-installer-env + imagePullSecrets: + - name: harbor-registry diff --git a/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/4.2.authx-log-sa.yaml b/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/4.2.authx-log-sa.yaml new file mode 100644 index 0000000..e71f30c --- /dev/null +++ b/project/nwpu/k8s-rancher/1.authx-service/8.authx-log/4.2.authx-log-sa.yaml @@ -0,0 +1,116 @@ +# 4.2.authx-log-sa.yaml + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: authx-log + name: authx-log-sa-env +data: + SERVER_PORT: "8080" + SSL_ENABLED: "false" + #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore + #SSL_KEYSTORE_PASSWORD: "" + #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore + #SSL_TRUSTSTORE_PASSWORD: "" + + SERVER_MAXHTTPHEADERSIZE: "10240" + + #同环境中用户的地址 + USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080 + USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false" + # USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" + # USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore + # USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" + # USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore + # USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" + + #ipaddr + IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090 + IPADDR_CLIENT_AUTH_ENABLED: "false" + #IPADDR_CLIENT_AUTH_KEY_PASSWORD: "" + #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore + #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: "" + #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore + #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" + + + AUTHX_LOG_ENABLED: "true" + AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local + AUTHX_LOG_RABBITMQ_PORT: "5672" + AUTHX_LOG_RABBITMQ_USERNAME: guest + AUTHX_LOG_RABBITMQ_PASSWORD: guest + + +--- +apiVersion: v1 +kind: Service +metadata: + namespace: authx-log + name: authx-log-sa-svc + labels: + app: authx-log-sa + needMonitor: 'true' +spec: + ports: + - port: 8080 + targetPort: http + protocol: TCP + name: http + - port: 6060 + targetPort: http-metrics + protocol: TCP + name: http-metrics + selector: + app: authx-log-sa + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: authx-log + name: authx-log-sa +spec: + selector: + matchLabels: + app: authx-log-sa + replicas: 1 + template: + metadata: + labels: + app: authx-log-sa + annotations: + co.elastic.logs/enabled: "true" + spec: + containers: + - name: authx-log-sa + image: paas.harbor.nwpu.edu.cn/authx-log/authx-log-sa:1.4.4-RELEASE + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + - containerPort: 6060 + name: http-metrics + envFrom: + - configMapRef: + name: jvm-env + - secretRef: + name: datasource-env-secret + - configMapRef: + name: authx-log-sa-env + resources: + requests: + memory: "1024Mi" + limits: + memory: "1024Mi" + readinessProbe: + httpGet: + path: /actuator/health + port: 8080 + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 10 + imagePullSecrets: + - name: harbor-registry -- 2.17.1