Merge branch '1.2.x' into 1.3.x
diff --git a/project/nwpu/.DS_Store b/project/nwpu/.DS_Store
new file mode 100644
index 0000000..9972e4e
--- /dev/null
+++ b/project/nwpu/.DS_Store
Binary files differ
diff --git a/project/nwpu/k8s-rancher/.DS_Store b/project/nwpu/k8s-rancher/.DS_Store
new file mode 100644
index 0000000..0bdc8a2
--- /dev/null
+++ b/project/nwpu/k8s-rancher/.DS_Store
Binary files differ
diff --git "a/project/nwpu/k8s-rancher/0.1.1.\344\272\221\345\271\263\345\217\260\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md" "b/project/nwpu/k8s-rancher/0.1.1.\344\272\221\345\271\263\345\217\260\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md"
new file mode 100644
index 0000000..33d1357
--- /dev/null
+++ "b/project/nwpu/k8s-rancher/0.1.1.\344\272\221\345\271\263\345\217\260\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md"
@@ -0,0 +1,425 @@
+
+# 安装部署手册
+
+**云平台**
+
+
+* 修订历史
+
+版本 | 作者 | 日期 | 备注
+- | - | - | -
+v1 | 刘洪青 | 2020-06-10 | 初稿
+
+
+[TOC]
+
+
+## 安装准备
+
+### mysql 初始配置
+
+* 创建数据库帐号
+
+ 参考命令:
+ ```
+ create user 'admin_center'@'%' identified with mysql_native_password by 'your_password';
+ ```
+
+* 创建 database
+
+ ```
+ admin_center
+ ```
+
+ 参考命令:
+ ```
+ create database `admin_center` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ ```
+
+* 授予权限
+
+ 将 database 的权限授予对应的帐号
+
+ 参考命令:
+ ```
+ grant all privileges on `admin_center`.* to 'admin_center'@'%' with grant option;
+ ```
+
+
+* 备份与还原
+
+ 参考命令:
+ 备份:
+ ```
+ mysqldump -u root -p admin_center > admin_center.sql
+ ```
+
+ 还原:
+ ```
+ mysql -u root -p admin_center < admin_center.sql
+ ```
+
+
+### harbor 准备
+
+* 创建 devops 帐号(如已存在,请忽略)
+
+ 用于 rancher 部署时拉取镜像
+
+ 用户管理 下 创建用户
+ 如 devops
+
+
+* 镜像同步
+
+ 从 https://harbor.supwisdom.com 中同步镜像
+
+ 仓库管理 下 新建目标
+ ```
+ supwisdom https://harbor.supwisdom.com rancher.devops / PWMgP85qiLFC
+ ```
+
+ 同步管理 下 新建规则
+
+ ```
+ admin-center admin-center/*
+
+ admin-platform admin-platform/*
+ ```
+
+ 同步规则,创建完成后,进行镜像同步
+
+ 选择某个同步规则,点击 同步,等待任务完成
+
+
+* 授予 devops 帐号 对各个项目的 访客 权限
+
+ 项目 下,点击 项目名称,进入到 成员,添加用户,查找用户 devops,选择角色 访客,确定,添加即可
+
+
+### rancher 准备
+
+* 创建项目
+
+ 进入 全局 - 集群(具体名称视项目安装而定) - 项目/命名空间,添加项目
+
+ 输入 项目名称,保存
+
+
+* 创建命名空间
+
+ 进入 全局 - 集群(具体名称视项目安装而定) - 项目/命名空间
+
+ 在新建的项目中,添加命名空间
+
+ 输入 名称,保存
+
+* 导入YAML
+
+ 进入 全局 - 集群(具体名称视项目安装而定) - 项目(某个项目)
+
+ 进入 资源 - 工作负载
+
+
+### 域名准备
+
+* 确定域名
+
+ 首先明确是否使用泛域名,如:`*.paas.xxx.edu.cn`,或 直接使用学校域名 `xxx.edu.cn`
+
+ 本产品安装需要的域名如下:
+ ```
+ admin-center.paas.xxx.edu.cn 云平台的后端API
+
+ admin-management.paas.xxx.edu.cn 云平台基础管理的前端UI
+ admin-platform.paas.xxx.edu.cn 云平台的前端UI
+ ```
+
+ 如果使用 学校域名,则去除 .paas 即可,同时申请开通相关域名
+
+
+### 应用配置项说明
+
+#### 公共配置项
+
+* JVM 相关
+
+ ConfigMap,jvm-env
+
+ key | 说明 | 配置示例
+ - | - | -
+ MAX_RAM_PERCENTAGE | JAVA 应用,JVM内存 占 POD内存的比例 | 75.0
+
+
+* 数据库连接配置相关
+
+ Secret,datasource-env-secret
+
+ key | 说明 | 配置示例
+ - | - | -
+ JDBC_URL | 数据源连接配置(base64加密) | amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvdXNlcj9zZXJ2ZXJUaW1lem9uZT1Bc2lhL1NoYW5naGFp
+ JDBC_USERNAME | 数据库用户(base64加密) | dXNlcg==
+ JDBC_PASSWORD | 数据库密码(base64加密) | a2luZ3N0YXI=
+
+
+* redis 连接配置相关
+
+ Secret,redis-env-secret
+
+ key | 说明 | 配置示例
+ - | - | -
+ SPRING_REDIS_HOST | redis 服务(base64加密),默认为 redis-server | cmVkaXMtc2VydmVy
+ SPRING_REDIS_PORT | redis 服务端口(base64加密),默认为 6379 | NjM3OQ==
+ SPRING_REDIS_PASSWORD | redis 服务密码(base64加密) |
+
+
+#### 服务配置项
+
+注:
+外部访问地址,一般为域名地址,需要根据学校域名进行修改
+k8s集群内部地址,为集群内部,跨namespace访问的域名地址,一般无须修改
+
+
+* admin-center 下的 admin-center-poa
+
+ ConfigMap,admin-center-poa-env
+
+ key | 说明 | 配置示例
+ - | - | -
+ ADMIN_CENTER_SA_SERVER_URL | 管理中心管理接口地址(k8s集群内部地址) | http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
+ USER_DATA_SERVICE_SERVER_URL | 用户服务管理接口地址(k8s集群内部地址) | http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_AUTHZ_SERVICE_SERVER_URL | 授权服务管理接口地址(k8s集群内部地址) | http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+
+
+* admin-center 下的 admin-center-sa
+
+ ConfigMap,admin-center-sa-env
+
+ key | 说明 | 配置示例
+ - | - | -
+ 暂无 | |
+
+
+* admin-center 下的 admin-center-bff
+
+ ConfigMap,admin-center-bff-env
+
+ key | 说明 | 配置示例
+ - | - | -
+ ADMIN_CENTER_SA_SERVER_URL | 管理中心管理接口地址(k8s集群内部地址) | http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
+ - | - | -
+ CASSERVER_SA_API_SERVER_URL | CAS认证服务管理接口地址(k8s集群内部地址) | http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
+ - | - | -
+ USER_DATA_SERVICE_SA_API_SERVER_URL | 用户服务开放接口地址(k8s集群内部地址) | http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ - | - | -
+ USER_AUTHZ_SERVICE_SERVER_URL | 授权服务开放接口地址(k8s集群内部地址) | http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+ - | - | -
+ TPAS_FILE_API_URL | 文件服务接口地址(k8s集群内部地址)<br/>默认:minio文件服务 | http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
+
+
+* admin-center 下的 admin-center-zuul
+
+ ConfigMap,admin-center-zuul-env
+
+ key | 说明 | 配置示例
+ - | - | -
+ APP_SERVER_HOST_URL | 管理中心访问地址(外部访问地址) | http://admin-center.paas.xxx.edu.cn
+ CAS_SERVER_HOST_URL | CAS认证地址(外部访问地址) | https://cas.paas.xxx.edu.cn
+ - | - | -
+ APPLICATION_INDEX_REDIRECT_URI | 网关服务的默认首页,云平台访问地址(外部访问地址) | http://admin-platform.paas.xxx.edu.cn
+
+
+* admin-center 下的 admin-center-management
+
+ ConfigMap,admin-center-management-env
+
+ key | 说明 | 配置示例
+ - | - | -
+ SERVER_URL | 基础管理访问地址(外部访问地址) | http://admin-management.paas.xxx.edu.cn
+ BACKEND_URL | 后端API,管理中心访问地址(外部访问地址) | http://admin-center.paas.xxx.edu.cn
+ AUTH_URL | 管理中心认证地址(外部访问地址) | http://admin-center.paas.xxx.edu.cn/jwt/cas
+
+
+* admin-center 下的 poa-api-docs-installer
+
+ ConfigMap,poa-api-docs-installer-env
+
+ key | 说明 | 配置示例
+ - | - | -
+ POA_SERVER_URL | POA网关地址(外部访问地址) | http://poa.paas.xxx.edu.cn
+ POA_SA_SERVER_URL | POA管理接口地址(k8s集群内部地址) | http://poa-sa-svc.poa.svc.cluster.local:8443
+ - | - | -
+ ADMIN_CENTER_SERVER_URL | 管理中心开放接口地址(k8s集群内部地址) | http://admin-center-poa-svc.admin-center.svc.cluster.local:8080
+
+
+* admin-platform 下的 admin-platform
+
+ ConfigMap,admin-platform-env
+
+ key | 说明 | 配置示例
+ - | - | -
+ MAIN_SERVER | 云平台访问地址(外部访问地址) | https://admin-platform.paas.xxx.edu.cn
+ RESOURCE_PREFIX | LOGO、FAVICON 等资源地址 | http://authx-minio.paas.xxx.edu.cn/admin-platform
+ - | - | -
+ AUTH_TYPE | 认证方式 | idToken-cas
+ - | - | -
+ AUTH_CAS | CAS认证地址(外部访问地址) | http://cas.paas.xxx.edu.cn/cas
+ JWT_ISS | JWT Token 签名方标识 | http://cas.paas.xxx.edu.cn/cas
+ JWT_SECRET | JWT Token 签名密钥 | 固定值,`(@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2`
+
+ ConfigMap,admin-platform-spa-env
+ 前端SPA页面地址
+
+ key | 说明 | 配置示例
+ - | - | -
+ LAYOUT_SPA_URL | 云平台框架 | https://admin-platform.paas.xxx.edu.cn/layout
+ CAS_SERVER_SPA_URL | 认证管理 | https://admin-platform.paas.xxx.edu.cn/cas-server
+ USER_SERVER_SPA_URL | 用户管理 | https://admin-platform.paas.xxx.edu.cn/user-server
+ AUTH_SERVER_SPA_URL | 授权管理 | https://admin-platform.paas.xxx.edu.cn/auth-server
+ ACCOUNT_CENTER_SPA_URL | 个人中心(废弃) | https://admin-platform.paas.xxx.edu.cn/account-center
+ FORM_FLOW_SPA_URL | 流程表单 | https://admin-platform.paas.xxx.edu.cn/form-flow
+ FORM_FLOW_SPA_ZZU_URL | 流程表单(郑大) |
+ FORM_FLOW_SPA_TEST_URL | 流程表单(测试) |
+ MESSAGE_BACKSTAGE_SPA_URL | 消息管理 | https://admin-platform.paas.xxx.edu.cn/message-backstage
+ PORTAL_ADMIN_SPA_URL | 门户管理 | https://portal-admin.paas.xxx.edu.cn
+ DEVELOPER_CENTER_SPA_URL | 开放平台管理 | https://dev-admin.paas.xxx.edu.cn
+ INFO_STANDARD_SPA_URL | | https://admin-platform.paas.xxx.edu.cn/info_standard
+ BOOK_CATALOG_MANAGEMENT_SPA_URL | |
+ MEETING_RESERVATION_SPA_URL | |
+
+ ConfigMap,admin-platform-server-config-env
+ 配置参数
+
+ key | 说明 | 配置示例
+ - | - | -
+ ADMIN_PLATFORM_SERVER_URL | 云平台访问地址(外部访问地址) | https://admin-platform.paas.xxx.edu.cn/
+ ADMIN_CENTER_AUTH_URL | 管理中心认证地址(外部访问地址) | https://admin-center.paas.xxx.edu.cn/jwt/cas
+ ADMIN_CENTER_BACK_API_PREFIX | 后端API,管理中心访问地址(外部访问地址) | https://admin-center.paas.xxx.edu.cn/
+ - | - | -
+ PERSONAL_CENTER_SERVER_URL | 个人中心访问地址(外部访问地址) | https://admin-platform.paas.xxx.edu.cn/personal-center/
+ PERSONAL_CENTER_AUTH_URL | 管理中心认证地址(外部访问地址) | https://admin-center.paas.xxx.edu.cn/jwt/cas
+ PERSONAL_CENTER_BACK_API_PREFIX | 后端API,管理中心访问地址(外部访问地址) | https://admin-center.paas.xxx.edu.cn/
+ - | - | -
+ ACCOUNT_CENTER_SERVER_URL | 个人中心地址(跳转,外部访问地址) | https://security-center.paas.xxx.edu.cn/
+ - | - | -
+ FORMFLOW_AUTH_URL | 流程表单认证地址(外部访问地址) | https://formflow.paas.xxx.edu.cn/formflow/cas/authen/redirect
+ FORMFLOW_FORM_DESIGN_SERVER_URL | 流程表单-表单设计地址(外部访问地址) | https://form-design.paas.xxx.edu.cn
+ FORMFLOW_FLOW_DESIGN_SERVER_URL | 流程表单-流程设计地址(外部访问地址) | https://formflow.paas.xxx.edu.cn/formflow
+ FORMFLOW_FORM_FILE_PREFIX | 流程表单-文件服务地址(外部访问地址) | https://formflow.paas.xxx.edu.cn/fileservice
+ FORMFLOW_FORM_CENTER_API_PREFIX | 流程表单-后端API,管理中心访问地址(外部访问地址) | https://admin-center.paas.xxx.edu.cn/api/v1/flow-release
+ FORMFLOW_FORM_UEDITOR_URL | 流程表单-编辑器地址(外部访问地址) | https://admin-platform.paas.xxx.edu.cn/form-flow/UEditor/
+ FORMFLOW_SIGNATURE_IMAGE_URL | 流程表单-签章图片地址 |
+ - | - | -
+ MESSAGE_BACKSTAGE_API_PREFIX | 消息管理-后端API(外部访问地址) | http://message-service.paas.xxx.edu.cn/manager
+ - | - | -
+ PORTAL_V5_PERSONAL_CENTER_API_L | 门户V5,后端接口(外部访问地址)(废弃) | http://portal.paas.xxx.edu.cn/portal-web/
+ PORTAL_V5_PERSONAL_CENTER_IMAGE_API | 门户V5,资源地址(外部访问地址)(废弃) | http://portal.paas.xxx.edu.cn/resources/
+ - | - | -
+ DEVELOPER_CENTER_API_PREFIX | 开放平台,后端接口(外部访问地址) | http://dev-center.paas.xxx.edu.cn
+ - | - | -
+ DS_VUE_APP_AUTH_TYPE | 数据资产,认证方式 | jwt-cas
+ DS_VUE_APP_AUTH_TYPE_LOGIN_URL | 数据资产,本地认证地址 | http://ds.paas.xxx.edu.cn/gateway/jwt/token/login
+ DS_VUE_APP_AUTH_TYPE_CAS_URL | 数据资产,CAS认证地址 | http://ds.paas.xxx.edu.cn/gateway/jwt/cas
+ DS_VUE_APP_DOCUMENT_API | 数据资产,后端接口 | http://ds.paas.xxx.edu.cn/gateway/api/agent/document
+ DS_VUE_APP_SYSTEM_API | 数据资产,后端接口 | http://ds.paas.xxx.edu.cn/gateway/api/agent/system
+
+
+
+## 开始安装
+
+
+### 数据库创建
+
+* 数据库帐号
+
+ 服务 | 帐号
+ - | -
+ 管理中心 admin-center | admin_center
+
+ 创建命令
+
+ **请修改命令中的 `your_password` 为实际的数据库帐号的密码**
+ ```
+ create user 'admin_center'@'%' identified with mysql_native_password by 'your_password';
+ ```
+
+
+### rancher 容器部署
+
+* 修改 yaml 中的相关配置
+
+ 具体参考 yaml 文件中的说明
+
+
+ 6.admin-platform
+
+ 云平台
+
+ ```
+
+ 6.admin-center
+
+ 此为 云平台 后端API
+
+
+ 7.admin-platform
+
+ 此为 云平台 前端UI
+
+ ```
+
+
+* 添加项目、命名空间
+
+ 项目
+
+ 在集群下创建 项目:
+
+ ```
+ admin-platform # 云平台
+
+ ```
+
+ 命名空间
+
+ 在项目 admin-platform 下创建 命名空间:
+
+ ```
+ admin-center
+
+ admin-platform
+
+ ```
+
+
+* 导入YAML
+
+ 在项目 admin-platform 中,将 6.admin-platform 下的 yaml 按编号依次导入
+
+ 务必确保 `4.0.*-installer.yaml` 执行成功
+
+
+### 数据配置
+
+ 数据脚本初始化
+
+ 先修改 脚本中的域名(如果存在)
+
+
+* **必选,6.admin-platform/10.0.init.sql**
+
+ 修改 数据库数据初始化时的默认配置
+
+
+* 可选,6.admin-platform/10.1.init-authx.sql
+
+ 若部署了 认证授权 的产品
+
+ 将 认证授权 的管理菜单 添加到 云平台中
+
+
+* 可选,6.admin-platform/10.1.init-flow.sql
+
+ 若部署了 流程平台 的产品
+
+ 将 流程平台 的管理菜单 添加到 云平台中
diff --git "a/project/nwpu/k8s-rancher/0.1.1.\344\272\221\345\271\263\345\217\260\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.pdf" "b/project/nwpu/k8s-rancher/0.1.1.\344\272\221\345\271\263\345\217\260\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.pdf"
new file mode 100644
index 0000000..b184a69
--- /dev/null
+++ "b/project/nwpu/k8s-rancher/0.1.1.\344\272\221\345\271\263\345\217\260\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.pdf"
Binary files differ
diff --git "a/project/nwpu/k8s-rancher/0.1.2.\344\272\221\345\271\263\345\217\260\345\215\207\347\272\247\346\226\207\346\241\243\357\274\210V1.0-V1.2\357\274\211.md" "b/project/nwpu/k8s-rancher/0.1.2.\344\272\221\345\271\263\345\217\260\345\215\207\347\272\247\346\226\207\346\241\243\357\274\210V1.0-V1.2\357\274\211.md"
new file mode 100644
index 0000000..973d242
--- /dev/null
+++ "b/project/nwpu/k8s-rancher/0.1.2.\344\272\221\345\271\263\345\217\260\345\215\207\347\272\247\346\226\207\346\241\243\357\274\210V1.0-V1.2\357\274\211.md"
@@ -0,0 +1,124 @@
+
+# 云平台升级文档(V1.0 ~ V1.2)
+
+
+## 部署变更说明
+
+1. admin-center/admin-center-bff 的 用户授权认证相关的管理接口,迁移至 authx-service/authx-service-bff 中,并使用了 /api/v2/** 的接口路径
+
+2. admin-center/admin-center-management 变更为 admin-platform/admin-management
+
+3. admin-center/poa-api-docs-installer 变更为 admin-center/api-docs-installer
+
+4. 删除 Ingress admin-center/admin-center-management-ingress
+5. 新增 Ingerss admin-platform/admin-management-ingress
+
+
+## 升级说明
+
+1. 将 工作负载 下的服务 升级到 1.2.x 版本
+
+2. 重新执行 admin-center/admin-center-sa-installer , 对数据库进行升级
+
+3. admin-center/admin-center-management, 可以删除
+
+4. admin-platform/admin-management, 根据 yaml 新增
+
+5. admin-center/poa-api-docs-installer, 可以删除
+
+6. admin-center/api-docs-installer, 根据 yaml 重新执行
+
+7. 新增 Ingerss , admin-platform/admin-management-ingress , 执行 yaml 。 原来的 ingress 删除
+
+ 即,将原来的 域名 `admin-management.paas.xxx.edu.cn` 指向到新的前端服务 `admin-platform/admin-management`
+
+ ```
+ # 基础管理
+ ---
+ apiVersion: extensions/v1beta1
+ kind: Ingress
+ metadata:
+ namespace: admin-platform
+ name: admin-management-ingress
+ spec:
+ rules:
+ # 修改为学校的根域名
+ - host: admin-management.paas.xxx.edu.cn
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: admin-management-svc
+ servicePort: http
+ ```
+
+
+## 初始化脚本
+
+1. 新增 认证对接配置
+
+ 注:如果已经存在,请忽略
+
+ ```sql
+ use cas_server;
+
+ -- admin-management 的认证对接信息
+
+ INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+ `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`,
+ `RESPONSE_TYPE`, `LOGOUT_TYPE`,
+ `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`,
+ `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`,
+ `APPLICATION_ID`, `EXTERNAL_ID`)
+ VALUES ('20', '1', 0, 'admin', '2020-07-01 00:00:00',
+ '基础管理', '基础管理', 'https://admin-management.paas.example.com', 'https://admin-management.paas.example.com/?clearToken=clearToken',
+ 'REDIRECT', 'FRONT_CHANNEL',
+ 20, '基础管理', 20, 'https://admin-management.paas.example.com/(.*)',
+ 1, 1, 1,
+ '20', '20');
+
+ commit;
+
+ -- 修改根域名
+ update TB_SERVICE
+ set
+ INFORMATION_URL='https://admin-management.nwpu.edu.cn',
+ LOGOUT_URL='https://admin-management.nwpu.edu.cn/?clearToken=clearToken',
+ SERVICE_ID='https://admin-management.nwpu.edu.cn/(.*)',
+ ID_TOKEN_ENABLED=1,
+ JWT_AS_SERVICE_TICKET=1,
+ APPLICATION_DOMAIN='admin-management.nwpu.edu.cn'
+ where ID='20'; -- todo, modify
+
+ commit;
+
+ -- admin-platform 的认证对接信息
+
+ INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+ `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`,
+ `RESPONSE_TYPE`, `LOGOUT_TYPE`,
+ `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`,
+ `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`,
+ `APPLICATION_ID`, `EXTERNAL_ID`)
+ VALUES ('21', '1', 0, 'admin', '2020-07-01 00:00:00',
+ '云平台', '云平台', 'https://admin-platform.paas.example.com', 'https://admin-platform.paas.example.com/?clearCertification=clearCertification',
+ 'REDIRECT', 'FRONT_CHANNEL',
+ 21, '云平台', 21, 'https://admin-platform.paas.example.com/(.*)',
+ 1, 1, 1,
+ '21', '21');
+
+ commit;
+
+ -- 修改根域名
+ update TB_SERVICE
+ set
+ INFORMATION_URL='https://admin-platform.nwpu.edu.cn',
+ LOGOUT_URL='https://admin-platform.nwpu.edu.cn/?clearCertification=clearCertification',
+ SERVICE_ID='https://admin-platform.nwpu.edu.cn/(.*)',
+ ID_TOKEN_ENABLED=1,
+ JWT_AS_SERVICE_TICKET=1,
+ APPLICATION_DOMAIN='admin-platform.nwpu.edu.cn'
+ where ID='21'; -- todo, modify
+
+ commit;
+ ```
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/.DS_Store b/project/nwpu/k8s-rancher/6.admin-platform/.DS_Store
new file mode 100644
index 0000000..12eebfd
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/.DS_Store
Binary files differ
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/10.0.init copy.sql b/project/nwpu/k8s-rancher/6.admin-platform/10.0.init copy.sql
new file mode 100644
index 0000000..be9126f
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/10.0.init copy.sql
@@ -0,0 +1,129 @@
+-- 10.1.init.sql
+
+/*
+将 paas.example.com 替换为 paas.学校域名.edu.cn
+*/
+
+
+use admin_center;
+
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('9', 0, 'management-api', '管理门户 - 管理接口', '1', '/api/v1/mgt', 'http://admin-center-sa-svc.admin-center.svc.cluster.local:8080/v1/admin', 1);
+
+commit;
+
+update TB_MGT_ROUTE set URL='http://admin-center-sa-svc.admin-center.svc.cluster.local:8080/v1/admin' where ID='9';
+
+commit;
+
+
+-- 更新 admin-management 下菜单的访问域
+
+update TB_MGT_PERMISSION
+set
+ ORIGIN='http://admin-management.paas.example.com'
+where APPLICATION_ID='00000'
+;
+
+commit;
+
+
+-- 更新 admin-platform 下菜单的访问域
+
+update TB_MGT_PERMISSION
+set
+ ORIGIN='http://admin-platform.paas.example.com'
+where APPLICATION_ID='1'
+;
+
+commit;
+
+
+use cas_server;
+
+-- 更新 服务 admin-center 的信息
+
+update TB_SERVICE
+set
+ INFORMATION_URL='http://admin-center.paas.example.com',
+ LOGOUT_URL='https://admin-center.paas.example.com/slo?redirect_uri=https://admin-platform.paas.example.com?clearCertification=Admin-Token',
+ SERVICE_ID='http://admin-center.paas.example.com/cas/(.*)'
+where ID='1'; -- todo, modify
+
+commit;
+
+
+-- admin-management 的认证对接信息
+
+INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+ `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`,
+ `RESPONSE_TYPE`, `LOGOUT_TYPE`,
+ `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`,
+ `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`,
+ `APPLICATION_ID`, `EXTERNAL_ID`)
+VALUES ('20', '1', 0, 'admin', '2020-07-01 00:00:00',
+ '云平台管理', '云平台管理', 'https://admin-management.paas.example.com', 'https://admin-management.paas.example.com/?clearToken=clearToken',
+ 'REDIRECT', 'FRONT_CHANNEL',
+ 20, '云平台管理', 20, 'https://admin-management.paas.example.com/(.*)',
+ 1, 1, 1,
+ '20', '20');
+
+commit;
+
+-- 修改根域名
+update TB_SERVICE
+set
+ INFORMATION_URL='http://admin-management.paas.example.com',
+ LOGOUT_URL='http://admin-management.paas.example.com/?clearToken=clearToken',
+ SERVICE_ID='http://admin-management.paas.example.com/(.*)',
+ ID_TOKEN_ENABLED=1,
+ JWT_AS_SERVICE_TICKET=1,
+ APPLICATION_DOMAIN='admin-management.paas.example.com'
+where ID='20'; -- todo, modify
+
+commit;
+
+
+-- admin-platform 的认证对接信息
+
+INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+ `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`,
+ `RESPONSE_TYPE`, `LOGOUT_TYPE`,
+ `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`,
+ `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`,
+ `APPLICATION_ID`, `EXTERNAL_ID`)
+VALUES ('21', '1', 0, 'admin', '2020-07-01 00:00:00',
+ '云平台', '云平台', 'https://admin-platform.paas.example.com', 'https://admin-platform.paas.example.com/?clearToken=clearToken',
+ 'REDIRECT', 'FRONT_CHANNEL',
+ 21, '云平台', 21, 'https://admin-platform.paas.example.com/(.*)',
+ 1, 1, 1,
+ '21', '21');
+
+commit;
+
+-- 修改根域名
+update TB_SERVICE
+set
+ INFORMATION_URL='http://admin-platform.paas.example.com',
+ LOGOUT_URL='http://admin-platform.paas.example.com/?clearToken=clearToken',
+ SERVICE_ID='http://admin-platform.paas.example.com/(.*)',
+ ID_TOKEN_ENABLED=1,
+ JWT_AS_SERVICE_TICKET=1,
+ APPLICATION_DOMAIN='admin-platform.paas.example.com'
+where ID='21'; -- todo, modify
+
+commit;
+
+
+use user_authz;
+
+-- 更新 admin-center 下的角色同步地址
+
+update TB_APPLICATION
+set
+ SYNC_URL='http://admin-center.paas.example.com/api/v1/open/sync/roles'
+where ID='1'; -- todo, modify
+
+commit;
+
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/10.0.init.sql b/project/nwpu/k8s-rancher/6.admin-platform/10.0.init.sql
new file mode 100644
index 0000000..b2f3450
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/10.0.init.sql
@@ -0,0 +1,118 @@
+-- 10.1.init.sql
+
+/*
+将 paas.example.com 替换为 paas.学校域名.edu.cn
+*/
+
+
+use admin_center;
+
+-- 更新 admin-management 下菜单的访问域
+
+update TB_MGT_PERMISSION
+set
+ ORIGIN='http://admin-management.paas.example.com'
+where APPLICATION_ID='00000'
+;
+
+commit;
+
+
+-- 更新 admin-platform 下菜单的访问域
+
+update TB_MGT_PERMISSION
+set
+ ORIGIN='http://admin-platform.paas.example.com'
+where APPLICATION_ID='1'
+;
+
+commit;
+
+
+use cas_server;
+
+-- 更新 服务 admin-center 的信息
+
+update TB_SERVICE
+set
+ INFORMATION_URL='http://admin-center.paas.example.com',
+ LOGOUT_URL='https://admin-center.paas.example.com/slo?redirect_uri=https://admin-platform.paas.example.com/?clearCertification=clearCertification',
+ SERVICE_ID='http://admin-center.paas.example.com/cas/(.*)'
+where ID='1'; -- todo, modify
+
+commit;
+
+
+-- admin-management 的认证对接信息
+
+INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+ `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`,
+ `RESPONSE_TYPE`, `LOGOUT_TYPE`,
+ `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`,
+ `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`,
+ `APPLICATION_ID`, `EXTERNAL_ID`)
+VALUES ('20', '1', 0, 'admin', '2020-07-01 00:00:00',
+ '基础管理', '基础管理', 'https://admin-management.paas.example.com', 'https://admin-management.paas.example.com/?clearToken=clearToken',
+ 'REDIRECT', 'FRONT_CHANNEL',
+ 20, '基础管理', 20, 'https://admin-management.paas.example.com/(.*)',
+ 1, 1, 1,
+ '20', '20');
+
+commit;
+
+-- 修改根域名
+update TB_SERVICE
+set
+ INFORMATION_URL='http://admin-management.paas.example.com',
+ LOGOUT_URL='http://admin-management.paas.example.com/?clearToken=clearToken',
+ SERVICE_ID='http://admin-management.paas.example.com/(.*)',
+ ID_TOKEN_ENABLED=1,
+ JWT_AS_SERVICE_TICKET=1,
+ APPLICATION_DOMAIN='admin-management.paas.example.com'
+where ID='20'; -- todo, modify
+
+commit;
+
+
+-- admin-platform 的认证对接信息
+
+INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+ `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`,
+ `RESPONSE_TYPE`, `LOGOUT_TYPE`,
+ `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`,
+ `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`,
+ `APPLICATION_ID`, `EXTERNAL_ID`)
+VALUES ('21', '1', 0, 'admin', '2020-07-01 00:00:00',
+ '云平台', '云平台', 'https://admin-platform.paas.example.com', 'https://admin-platform.paas.example.com/?clearCertification=clearCertification',
+ 'REDIRECT', 'FRONT_CHANNEL',
+ 21, '云平台', 21, 'https://admin-platform.paas.example.com/(.*)',
+ 1, 1, 1,
+ '21', '21');
+
+commit;
+
+-- 修改根域名
+update TB_SERVICE
+set
+ INFORMATION_URL='http://admin-platform.paas.example.com',
+ LOGOUT_URL='http://admin-platform.paas.example.com/?clearCertification=clearCertification',
+ SERVICE_ID='http://admin-platform.paas.example.com/(.*)',
+ ID_TOKEN_ENABLED=1,
+ JWT_AS_SERVICE_TICKET=1,
+ APPLICATION_DOMAIN='admin-platform.paas.example.com'
+where ID='21'; -- todo, modify
+
+commit;
+
+
+use user_authz;
+
+-- 更新 admin-center 下的角色同步地址
+
+update TB_APPLICATION
+set
+ SYNC_URL='http://admin-center.paas.example.com/api/v1/open/sync/roles'
+where ID='1'; -- todo, modify
+
+commit;
+
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-authx.sql b/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-authx.sql
new file mode 100644
index 0000000..68dfd25
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-authx.sql
@@ -0,0 +1,47 @@
+-- 10.1.init-authx.sql
+
+
+/* 升级认证授权接口时,执行 */
+/*
+update TB_MGT_ROUTE set MEMO='废弃', STATUS='0' where ID='1';
+
+commit;
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('30', 0, 'authx-admin-api', '认证授权 - 认证授权接口', '1', '/api/v1/admin', 'http://localhost:8009', 0);
+
+update TB_MGT_ROUTE set URL='http://authx-service-bff-svc.authx-service.svc.cluster.local:8080' where ID='30';
+
+*/
+
+
+/* 部署云平台2.0时,执行以下脚本 */
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('1', 0, 'bff-admin-api', '管理门户 - 聚合接口', '1', '/api/v1/admin', 'http://localhost:8081', 0);
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('2', 0, 'bff-me-api', '管理门户 - 聚合接口(当前用户)', '1', '/api/v1/me', 'http://localhost:8081', 0);
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('3', 0, 'bff-open-api', '管理门户 - 聚合接口(公开)', '1', '/api/v1/open', 'http://localhost:8081', 0);
+
+update TB_MGT_ROUTE set URL='http://admin-center-bff-svc.admin-center.svc.cluster.local:8080' where ID='1';
+update TB_MGT_ROUTE set URL='http://admin-center-bff-svc.admin-center.svc.cluster.local:8080' where ID='2';
+update TB_MGT_ROUTE set URL='http://admin-center-bff-svc.admin-center.svc.cluster.local:8080' where ID='3';
+
+commit;
+
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('20', 0, 'user-api', '认证授权 - 用户接口', '1', '/api/v1/base', 'https://localhost:8022', 0);
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('40', 0, 'personal-api', '认证授权 - 个人信息接口', '1', '/api/v1/personal', 'http://localhost:8041/api/v1', 1);
+
+update TB_MGT_ROUTE set URL='http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080' where ID='20';
+update TB_MGT_ROUTE set URL='http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1' where ID='40';
+
+commit;
+
+
+/* 菜单、角色的初始化,请参考《认证授权菜单初始化》 */
+
+
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-flow.sql b/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-flow.sql
new file mode 100644
index 0000000..019bfb5
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-flow.sql
@@ -0,0 +1,96 @@
+-- 10.1.init.sql
+
+/*
+将 paas.example.com 替换为 paas.学校域名.edu.cn
+*/
+
+-- 以下脚本为可选操作
+
+/*
+ * 若部署了流程平台、门户的产品
+ * 可初始化云平台下的相关菜单数据
+ */
+
+use admin_center;
+
+-- flow
+-- 如果部署,流程平台,请处理
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('50', 0, 'flow-api', '管理门户 - 流程接口', '1', '/api/v1/flow-release', 'http://formflow-formflow-svc.formflow.svc.cluster.local:8080/formflow', 1);
+
+commit;
+
+/*
+update TB_MGT_ROUTE
+set
+ URL='http://formflow.paas.example.com'
+where ID='50'; -- todo, modify
+
+commit;
+*/
+
+insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS)
+values ('50', 0, 'flow-admin', '流程表单管理员', '', '1');
+insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS)
+values ('51', 0, 'flow-biz', '流程操作员', '业务、应用组、应用相关管理的操作人员', '1');
+
+commit;
+
+
+update TB_MGT_PERMISSION
+ set LFT = LFT+10
+where LFT>=82
+;
+
+update TB_MGT_PERMISSION
+ set RGT = RGT+10
+where RGT>=82
+;
+
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('50000', 0, 'formflow-manager', '流程管理', '1', '2', '', '/', '1', '1', 50000, 1, 82, 91);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('50100', 0, 'formflow', '流程表单', '1', '2', 'su-icon-liuchengbiaodan', '/formflow', '1', '50000', 50100, 2, 83, 84);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('50200', 0, 'workbench', '工作台', '1', '2', 'su-icon-gongzuotai', '/formflow/workbench', '1', '50000', 50200, 2, 85, 86);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('50300', 0, 'instanceManage', '实例管理', '1', '2', 'su-icon-shiliguanli', '/formflow/instanceManage', '1', '50000', 50300, 2, 87, 88);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('50400', 0, 'agent', '代理代办', '0', '2', 'su-icon-dailidaiban', '/formflow/agent', '1', '50000', 50400, 2, 89, 90);
+
+commit;
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where (ID like '5____' or ID='1')
+ and CONCAT('1_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
+;
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('50_', ID) as ID, 0 as DELETED, '50' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where (ID like '5____' or ID='1')
+ and CONCAT('50_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
+;
+
+commit;
+
+
+-- 更新 admin-platform 下菜单的访问域
+
+update TB_MGT_PERMISSION
+set
+ ORIGIN='http://admin-platform.paas.example.com'
+where LFT >= 82
+ and RGT <= 91
+;
+
+commit;
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-message.sql b/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-message.sql
new file mode 100644
index 0000000..8db1d2c
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-message.sql
@@ -0,0 +1,105 @@
+-- 10.1.init-message.sql
+
+
+/*
+将 paas.example.com 替换为 paas.学校域名.edu.cn
+*/
+
+-- 以下脚本为可选操作
+
+/*
+ * 若部署了流程平台、门户的产品
+ * 可初始化云平台下的相关菜单数据
+ */
+
+use admin_center;
+
+-- message
+-- 如果部署,流程平台,请处理
+
+
+insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS)
+values ('80', 0, 'message-admin', '消息平台管理员', '', '1');
+insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS)
+values ('81', 0, 'message-opt', '消息平台操作员', '', '1');
+
+commit;
+
+
+/*
+消息服务 message-backstage
+名称 路由 图标
+消息网关管理 /message-backstage/msgGateWay su-icon-xiaoxiwangguan
+短信模板管理 /message-backstage/SMSTemplateManage su-icon-mobanguanli
+消息类别管理 /message-backstage/msgTypes su-icon-xiaoxileibie
+消息任务监控 /message-backstage/msgTaskMonitor su-icon-renwujiankong
+消息日志审计 /message-backstage/msgLogAudit su-icon-details
+应用管理 /message-backstage/msgSoftManage su-icon-sort
+敏感词管理 /message-backstage/SensitiveWords su-icon-lock-w
+设置 /message-backstage/msgSendCondition su-icon-print
+*/
+
+update TB_MGT_PERMISSION
+ set LFT = LFT+18
+where LFT>=92
+;
+
+update TB_MGT_PERMISSION
+ set RGT = RGT+18
+where RGT>=92
+;
+
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('80000', 0, 'message-backstage', '消息服务', '1', '2', '', '/', '1', '1', 80000, 1, 92, 109);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('80100', 0, 'msgGateWay', '消息网关管理', '1', '2', 'su-icon-xiaoxiwangguan', '/message-backstage/msgGateWay', '1', '80000', 80100, 2, 93, 94);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('80200', 0, 'SMSTemplateManage', '短信模板管理', '1', '2', 'su-icon-mobanguanli', '/message-backstage/SMSTemplateManage', '1', '80000', 80200, 2, 95, 96);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('80300', 0, 'msgTypes', '消息类别管理', '1', '2', 'su-icon-xiaoxileibie', '/message-backstage/msgTypes', '1', '80000', 80300, 2, 97, 98);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('80400', 0, 'msgTaskMonitor', '消息任务监控', '1', '2', 'su-icon-renwujiankong', '/message-backstage/msgTaskMonitor', '1', '80000', 80400, 2, 99, 100);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('80500', 0, 'msgLogAudit', '消息日志审计', '1', '2', 'su-icon-details', '/message-backstage/msgLogAudit', '1', '80000', 80500, 2, 101, 102);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('80600', 0, 'msgSoftManage', '应用管理', '1', '2', 'su-icon-sort', '/message-backstage/msgSoftManage', '1', '80000', 80600, 2, 103, 104);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('80700', 0, 'SensitiveWords', '敏感词管理', '1', '2', 'su-icon-lock-w', '/message-backstage/SensitiveWords', '1', '80000', 80700, 2, 105, 106);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('80800', 0, 'msgSendCondition', '设置', '1', '2', 'su-icon-print', '/message-backstage/msgSendCondition', '1', '80000', 80800, 2, 107, 108);
+
+commit;
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where (ID like '8____' or ID='1')
+ and CONCAT('1_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
+;
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('80_', ID) as ID, 0 as DELETED, '50' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where (ID like '8____' or ID='1')
+ and CONCAT('80_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
+;
+
+commit;
+
+
+-- 更新 admin-platform 下菜单的访问域
+
+update TB_MGT_PERMISSION
+set
+ ORIGIN='http://admin-platform.paas.example.com'
+where LFT >= 92
+ and RGT <= 109
+;
+
+commit;
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-portal.sql b/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-portal.sql
new file mode 100644
index 0000000..d7357e6
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/10.1.init-portal.sql
@@ -0,0 +1,287 @@
+-- 10.1.init.sql
+
+/*
+将 paas.example.com 替换为 paas.学校域名.edu.cn
+*/
+
+-- 以下脚本为可选操作
+
+/*
+ * 若部署了流程平台、门户的产品
+ * 可初始化云平台下的相关菜单数据
+ */
+
+use admin_center;
+
+-- portal
+-- 如果部署,门户V5,请处理
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('60', 0, 'portal-api', '管理门户 - 门户接口', '1', '/api/v1/portal', 'http://ecampus.paas.example.com/', 1);
+
+commit;
+
+
+update TB_MGT_ROUTE
+set
+ URL='http://ecampus.paas.example.com'
+where ID='60'; -- todo, modify
+
+commit;
+/*
+http://portal-web.portal.svc.cluster.local:8080/portal-web/api
+*/
+
+
+insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, MEMO, STATUS)
+values ('60', 0, 'portal-admin', '门户管理员', '', '1');
+
+commit;
+
+
+/*
+update TB_MGT_PERMISSION
+ set LFT = LFT+10
+where LFT>=89
+;
+
+update TB_MGT_PERMISSION
+ set RGT = RGT+10
+where RGT>=89
+;
+*/
+
+
+/*
+门户管理
+ web端管理
+ 系统管理
+ 组件模板
+ 主题管理
+ 主题方案
+ 授权管理
+ 角色管理
+ 服务管理
+ 服务管理
+ 服务评价管理
+ 标签分类管理
+ CMS管理
+ 幻灯片管理
+ 栏目管理
+ 内容管理
+ 流程管理
+ 模板管理
+ 滚动公告管理
+ 消息管理
+ 第三方消息发送设置
+ 消息类型管理
+ 消息发送详情
+*/
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('60', 0, 'portal-manage', '门户管理', '1', '1', 'el-icon-s-help', '/',
+ '60', '0', 60, 1, 93, 136);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6010000', 0, 'web', 'web端管理',
+ '1', '2', null, null,
+ '60', '60', 6010000, 1, 94, 105);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6010001', 0, 'web-systemManager', '系统管理',
+ '1', '2', 'su-icon-xitongguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/systemManager/view.html',
+ '60', '6010000', 6010001, 2, 95, 96);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6010002', 0, 'web-widgetTemplate', '组件模板',
+ '1', '2', 'su-icon-zujianmoban', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/widgetTemplate/view.html',
+ '60', '6010000', 6010002, 2, 97, 98);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6010003', 0, 'web-themeManager', '主题管理',
+ '1', '2', 'su-icon-hutiguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/themeManager/view.html',
+ '60', '6010000', 6010003, 2, 99, 100);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6010004', 0, 'web-themeScheme', '主题方案',
+ '1', '2', 'su-icon-zhutifangan', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/themeScheme/view.html',
+ '60', '6010000', 6010004, 2, 101, 102);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6010005', 0, 'web-oauthManager', 'oauth管理',
+ '1', '2', 'su-icon-authguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#web/oauthManager/view.html',
+ '60', '6010000', 6010005, 2, 103, 104);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6020000', 0, 'auth', '授权管理',
+ '1', '2', null, null,
+ '60', '60', 6020000, 1, 106, 109);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6020003', 0, 'auth-roleManager', '角色管理',
+ '1', '2', 'su-icon-jiaoseguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#auth/roleManager/view.html',
+ '60', '6020000', 6020003, 2, 107, 108);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6030000', 0, 'service', '服务管理',
+ '1', '2', null, null,
+ '60', '60', 6030000, 1, 110, 117);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6030001', 0, 'service-appservice', '服务管理',
+ '1', '2', 'su-icon-fuwuguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/appservice/tabs.html',
+ '60', '6030000', 6030001, 2, 111, 112);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6030002', 0, 'service-evaluate', '服务评价管理',
+ '1', '2', 'su-icon-fuwupingjiaguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/evaluate/form.html',
+ '60', '6030000', 6030002, 2, 113, 114);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6030003', 0, 'service-tagging', '标签分类管理',
+ '1', '2', 'su-icon-biaoqianfenleiguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#service/tagging/form.html',
+ '60', '6030000', 6030003, 2, 115, 116);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6040000', 0, 'cms', 'CMS管理',
+ '1', '2', null, null,
+ '60', '60', 6040000, 1, 118, 131);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6040001', 0, 'cms-slide', '幻灯片管理',
+ '1', '2', 'su-icon-huandengpianguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/slide/list.html',
+ '60', '6040000', 6040001, 2, 119, 120);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6040002', 0, 'cms-column', '栏目管理',
+ '1', '2', 'su-icon-lanmuguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/column/list.html',
+ '60', '6040000', 6040002, 2, 121, 122);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6040003', 0, 'cms-content', '内容管理',
+ '1', '2', 'su-icon-neirongguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/content/list-manage.html',
+ '60', '6040000', 6040003, 2, 123, 124);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6040004', 0, 'cms-flow', '流程管理',
+ '1', '2', 'su-icon-liuchengguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/flow/list.html',
+ '60', '6040000', 6040004, 2, 125, 126);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6040005', 0, 'cms-template', '模板管理',
+ '1', '2', 'su-icon-mobanguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/template/list.html',
+ '60', '6040000', 6040005, 2, 127, 128);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6040006', 0, 'cms-notice', '滚动公告管理',
+ '1', '2', 'su-icon-gundonggonggaoguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#cms/notice/list.html',
+ '60', '6040000', 6040006, 2, 129, 130);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6050000', 0, 'message', '消息管理',
+ '1', '2', null, null,
+ '60', '60', 6050000, 1, 132, 139);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6050001', 0, 'message-sendsetting', '第三方消息发送设置',
+ '1', '2', 'su-icon-disanfangxiaoxifasongshezhi', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/sendsetting/tabs.html',
+ '60', '6050000', 6050001, 2, 133, 134);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6050002', 0, 'message-type', '消息类型管理',
+ '1', '2', 'su-icon-xiaoxileixingguanli', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/type/form.html',
+ '60', '6050000', 6050002, 2, 135, 136);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME,
+ STATUS, TYPE_, ICON, URL,
+ APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('6050003', 0, 'message-log', '消息发送详情',
+ '1', '2', 'su-icon-xiaoxifasongxiangqing', 'http://ecampus.paas.example.com/portal-web/html/admin/index.html#message/sendlog/list.html',
+ '60', '6050000', 6050003, 2, 137, 138);
+
+
+commit;
+
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('1_', ID) as ID, 0 as DELETED, '1' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID like '60_____' or ID='60'
+;
+
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('60_', ID) as ID, 0 as DELETED, '60' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID like '60_____' or ID='60' or ID='1'
+;
+
+commit;
+
+
+/* 更新 TB_MGT_PERMISSION 的 ORIGIN */
+/*
+select *
+from TB_MGT_PERMISSION
+where LFT >= (select LFT from TB_MGT_PERMISSION where ID='1')
+ and RGT <= (select RGT from TB_MGT_PERMISSION where ID='1')
+;
+*/
+
+update TB_MGT_PERMISSION
+set
+ ORIGIN='http://ecampus.paas.example.com'
+where APPLICATION_ID = '60'
+;
+
+commit;
+
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/0.admin-center-base.yaml b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/0.admin-center-base.yaml
new file mode 100644
index 0000000..0f6c81f
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/0.admin-center-base.yaml
@@ -0,0 +1,176 @@
+# admin-center-base.yaml
+
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+ namespace: admin-center
+ name: harbor-registry
+data:
+ # 修改harbor仓库配置,并使用 base64 工具进行编码
+ # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+ .dockerconfigjson: eyJhdXRocyI6eyJwYWFzLmhhcmJvci5ud3B1LmVkdS5jbiI6eyJhdXRoIjoiYm5kd2RTNWtaWFp2Y0hNNk1HNUtjVEZMYVdWMmNrNVBkREpIVkRkTSIsInBhc3N3b3JkIjoiMG5KcTFLaWV2ck5PdDJHVDdMIiwidXNlcm5hbWUiOiJud3B1LmRldm9wcyJ9fX0=
+
+
+####################################################
+# mysql-server
+####################################################
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: admin-center
+ name: mysql-server
+spec:
+ ports:
+ - name: tcp-mysql
+ port: 3306
+ protocol: TCP
+ targetPort: 3306
+---
+kind: Endpoints
+apiVersion: v1
+metadata:
+ namespace: admin-center
+ name: mysql-server
+subsets:
+ - addresses:
+ # 修改实际MySQL服务器的IP地址
+ - ip: 172.30.104.82
+ ports:
+ - name: tcp-mysql
+ port: 3306
+ protocol: TCP
+
+
+####################################################
+# redis-server
+####################################################
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ labels:
+ app: redis
+ release: redis-server
+ name: redis-server
+ namespace: admin-center
+type: Opaque
+data:
+ REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: redis
+ release: redis-server
+ name: redis-server
+ namespace: admin-center
+spec:
+ ports:
+ - name: redis
+ port: 6379
+ protocol: TCP
+ targetPort: redis
+ selector:
+ app: redis
+ release: redis-server
+ role: master
+ type: ClusterIP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ labels:
+ app: redis
+ release: redis-server
+ name: redis-server
+ namespace: admin-center
+spec:
+ podManagementPolicy: OrderedReady
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app: redis
+ release: redis-server
+ role: master
+ serviceName: redis-master
+ template:
+ metadata:
+ labels:
+ app: redis
+ release: redis-server
+ role: master
+ spec:
+ containers:
+ - name: redis-server
+ env:
+ - name: REDIS_DISABLE_COMMANDS
+ value: FLUSHDB,FLUSHALL
+ - name: REDIS_REPLICATION_MODE
+ value: master
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: redis-server
+ key: REDIS_PASSWORD
+ # 若使用了学校搭设的私有仓库,请修改
+ image: bitnami/redis:4.0
+ # 若使用了学校搭设的私有仓库,请修改 为 Always
+ imagePullPolicy: IfNotPresent
+ # imagePullPolicy: Always
+ livenessProbe:
+ exec:
+ command:
+ - redis-cli
+ - ping
+ failureThreshold: 5
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ ports:
+ - containerPort: 6379
+ name: redis
+ protocol: TCP
+ readinessProbe:
+ exec:
+ command:
+ - redis-cli
+ - ping
+ failureThreshold: 5
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ volumeMounts:
+ - mountPath: /bitnami/redis/data
+ name: redis-data
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ securityContext:
+ fsGroup: 1001
+ # runAsUser: 1001
+ # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+ runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - emptyDir: {}
+ name: redis-data
+ # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可)
+ # imagePullSecrets:
+ # - name: harbor-registry
+ updateStrategy:
+ rollingUpdate:
+ partition: 0
+ type: RollingUpdate
+
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/1.admin-center-env.yaml b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/1.admin-center-env.yaml
new file mode 100644
index 0000000..faaad82
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/1.admin-center-env.yaml
@@ -0,0 +1,39 @@
+# admin-center-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-center
+ name: jvm-env
+data:
+ MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: admin-center
+ name: datasource-env-secret
+type: Opaque
+data:
+ # jdbc:mysql://mysql-server:3306/admin_center?serverTimezone=Asia/Shanghai
+ JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlcjozMzA2L2FkbWluX2NlbnRlcj9zZXJ2ZXJUaW1lem9uZT1Bc2lhL1NoYW5naGFp
+ # admin_center
+ JDBC_USERNAME: YWRtaW5fY2VudGVy
+ # 修改为实际的数据库密码,并使用 base64 工具进行编码
+ # kingstar
+ JDBC_PASSWORD: a2luZ3N0YXI=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: admin-center
+ name: redis-env-secret
+type: Opaque
+data:
+ SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+ SPRING_REDIS_PORT: NjM3OQ==
+ SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/2.admin-center-ingresses.yaml b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/2.admin-center-ingresses.yaml
new file mode 100644
index 0000000..b701016
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/2.admin-center-ingresses.yaml
@@ -0,0 +1,35 @@
+# admin-center-ingresses.yaml
+
+
+# 云平台管理后端接口
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: admin-center
+ name: admin-center-ingress
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+ nginx.ingress.kubernetes.io/proxy-body-size: 5m
+spec:
+ rules:
+ # 修改为学校的根域名
+ - host: admin-center.paas.xxx.edu.cn
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: admin-center-zuul-svc
+ servicePort: http
+ # - path: /jwt
+ # backend:
+ # serviceName: admin-center-zuul-svc
+ # servicePort: http
+ # - path: /cas
+ # backend:
+ # serviceName: admin-center-zuul-svc
+ # servicePort: http
+ # - path: /api
+ # backend:
+ # serviceName: admin-center-zuul-svc
+ # servicePort: http
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml
new file mode 100644
index 0000000..74241aa
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.0.admin-center-sa-installer.yaml
@@ -0,0 +1,47 @@
+# admin-center-sa-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-center
+ name: admin-center-sa-installer-env
+data:
+ DB_TYPE: mysql8
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ namespace: admin-center
+ name: admin-center-sa-installer
+spec:
+ completions: 1
+ parallelism: 1
+ template:
+ metadata:
+ labels:
+ app: admin-center-sa-installer
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: admin-center-sa-installer
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/admin-center/admin-center-sa-installer:1.2.3-RELEASE
+ imagePullPolicy: Always
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: datasource-env-secret
+ - configMapRef:
+ name: admin-center-sa-installer-env
+ # resources:
+ # requests:
+ # memory: "256Mi"
+ # limits:
+ # memory: "256Mi"
+ imagePullSecrets:
+ - name: harbor-registry
+
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml
new file mode 100644
index 0000000..d3e72fd
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.1.admin-center-poa.yaml
@@ -0,0 +1,122 @@
+# admin-center-poa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-center
+ name: admin-center-poa-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_ADMIN_CENTER_POA: INFO
+
+
+ ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
+ ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+ USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: admin-center
+ name: admin-center-poa-svc
+ labels:
+ app: admin-center-poa
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: admin-center-poa
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: admin-center
+ name: admin-center-poa
+spec:
+ selector:
+ matchLabels:
+ app: admin-center-poa
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: admin-center-poa
+ spec:
+ containers:
+ - name: admin-center-poa
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/admin-center/admin-center-poa:1.2.3-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - configMapRef:
+ name: admin-center-poa-env
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml
new file mode 100644
index 0000000..ad75c87
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.2.admin-center-sa.yaml
@@ -0,0 +1,106 @@
+# admin-center-sa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-center
+ name: admin-center-sa-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: admin-center
+ name: admin-center-sa-env-secret
+type: Opaque
+data:
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: admin-center
+ name: admin-center-sa-svc
+ labels:
+ app: admin-center-sa
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: admin-center-sa
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: admin-center
+ name: admin-center-sa
+spec:
+ selector:
+ matchLabels:
+ app: admin-center-sa
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: admin-center-sa
+ spec:
+ containers:
+ - name: admin-center-sa
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/admin-center/admin-center-sa:1.2.3-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: datasource-env-secret
+ - secretRef:
+ name: admin-center-sa-env-secret
+ - configMapRef:
+ name: admin-center-sa-env
+ resources:
+ requests:
+ memory: "512Mi"
+ limits:
+ memory: "512Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml
new file mode 100644
index 0000000..11c815a
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.4.admin-center-bff.yaml
@@ -0,0 +1,153 @@
+# admin-center-bff.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-center
+ name: admin-center-bff-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_ADMIN_CENTER_BFF: INFO
+
+
+ SPRING_SERVLET_MULTIPART_MAX_FILE_SIZE: 10Mb
+ # SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE: 10Mb
+
+
+ ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
+ ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
+ CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+ USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ # PERSONAL_SECURITY_CENTER_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
+ # PERSONAL_SECURITY_CENTER_CLIENT_AUTH_ENABLED: "false"
+ #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEY_PASSWORD: ""
+ #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #PERSONAL_SECURITY_CENTER_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
+ TPAS_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: admin-center
+ name: admin-center-bff-svc
+ labels:
+ app: admin-center-bff
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: admin-center-bff
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: admin-center
+ name: admin-center-bff
+spec:
+ selector:
+ matchLabels:
+ app: admin-center-bff
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: admin-center-bff
+ spec:
+ containers:
+ - name: admin-center-bff
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/admin-center/admin-center-bff:1.2.3-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - configMapRef:
+ name: admin-center-bff-env
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml
new file mode 100644
index 0000000..9922e7b
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml
@@ -0,0 +1,183 @@
+# admin-center-zuul.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-center
+ name: admin-center-zuul-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+ SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+ SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+ SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
+
+
+ SPRING_SERVLET_MULTIPART_MAX_FILE_SIZE: 10Mb
+ # SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE: 10Mb
+
+ ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000"
+ ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000"
+
+ ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000"
+
+
+ INFRAS_SECURITY_BASIC_ENABLED: "false"
+
+
+ INFRAS_SECURITY_JWT_ENABLED: "true"
+ #INFRAS_SECURITY_JWT_KEY_ALIAS: "supwisdom-jwt-key"
+ #INFRAS_SECURITY_JWT_KEY_PASSWORD: "changeit"
+ #INFRAS_SECURITY_JWT_KEY_STORE: "file:/certs/jwt/jwt.keystore"
+ #INFRAS_SECURITY_JWT_KEY_STORE_PASSWORD: "changeit"
+
+ INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas
+ INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: ""
+ INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey"
+ # 对接 uniauth认证时,使用以下配置
+ #INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://uniauth-prod-backend.uniauth.svc.cluster.local:9090/idtoken/publicKey"
+
+
+ INFRAS_SECURITY_CAS_ENABLED: "true"
+ # 修改为学校的admin-center的访问域名
+ APP_SERVER_HOST_URL: "http://admin-center.paas.xxx.edu.cn"
+ #APP_LOGIN_URL: "/cas/login"
+ #APP_LOGOUT_URL: "/cas/logout"
+ # 修改为学校的cas的访问域名
+ CAS_SERVER_HOST_URL: "http://cas.paas.xxx.edu.cn/cas"
+
+
+ # 后端API服务,域名访问时,默认跳转地址
+ # 修改为学校的 admin-platform 云平台的访问域名
+ APPLICATION_INDEX_REDIRECT_URI: "http://admin-platform.paas.xxx.edu.cn"
+
+
+ ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
+ #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+
+ ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
+ ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+ USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: admin-center
+ name: admin-center-zuul-env-secret
+type: Opaque
+data:
+ # 参考 certs/jwt/readme.md 生成公私钥pem,替换相关配置
+ INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDcWUzYUpRVm1VNWY1VDhIdU1PcEloMjhrZQpNU3hpUkh2NXNNa29iVGd5T3VRaVVYVEJLS3JwUjVNUWFiaERFZG1WSHlVWFowUFRLRHJCYk9rWkVwTVRmbXBHCnBibE5hOHJkS0RRZG5MYVFLNHBkKzN1clJSdDQzYXhISTdQZHdnRmx3ZThybmYvZllVK3lpcWhDaFBjbkdSNXAKUE9hOE4xZFkzQXlwWWhZa2dRSURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==
+ INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFLcDdkb2xCV1pUbC9sUHcKZTR3NmtpSGJ5UjR4TEdKRWUvbXd5U2h0T0RJNjVDSlJkTUVvcXVsSGt4QnB1RU1SMlpVZkpSZG5ROU1vT3NGcwo2UmtTa3hOK2FrYWx1VTFyeXQwb05CMmN0cEFyaWwzN2U2dEZHM2pkckVjanM5M0NBV1hCN3l1ZC85OWhUN0tLCnFFS0U5eWNaSG1rODVydzNWMWpjREtsaUZpU0JBZ01CQUFFQ2dZRUFuNXN2QXBrMzhQclIvR3ZzZndCbXgyUXAKQ2ljblVtaWpXTVIxejI5UmFWVlJOLy9pdXVRRC9wcVB5Skh4ZkhrOXB5cWRZeWUraS9YaDdDeTJuazZSZWVyMAowcG5lbUFJNFpNVnFaWW8rUHFIdU1ZSnRjS1ZpSHRLUElVZFVEaGpleE1iVjhPdXdFRjdDNERsNXhveXV6cUZvClZzRTFlaVNpVERmQWNUcmc4SEVDUVFEYjVrZU5FUUxtMEFPK0I3TDZvUi9URExHODZiaXU1Szc0VEVzMmphM0gKQ0JBa1FLUXJvMWwxS3c2Y1ZKcXlGR09SMEI1ZG9Mc2V2cVNTWVV5KytrZGpBa0VBeG5oUzh5SnF1Z3ordFV2ZApKMW1sSm9UbTFxNjFHNDBzTFhMY1RtU3F1a2dyTDBDMm1ycXJGQUF4MjF2ek83azF0NU44aEZUY1VnR3BMa015CjNiOGp5d0pBWEFBVk1XekxsUHUwaFIyOWdPUkdaMHNwVll0SFRFeTY4NEVmK3B2OTk0WmxFblhFK2NqbTFZR0YKSkZ5MU9Bb1Z1bHlqUjdMR2RzOTJGUlFHUXVSOVZ3SkJBS1JNUlhicS9la3BDczR3a0ZLYi9vQ2xzcWIwR0E5SAp6ZE9ONjF5bUwwTm9yUDlBRmlwKzcxTHVXbGVhaGYvaDhkc1hxQk93WUhjdTBzdnVhelJ3b0FNQ1FRQ05yM0FrCkZ6aUZBZGQvWkFmaFhpSURHemo1dlRCRkpaQ01TR1hXbVBJcTdnWEN0RUM4Y2VvRHhOY0JLRGtxeEQvaGJVcmwKZStmeDdqeE9kUXhwQkF1RQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: admin-center
+ name: admin-center-zuul-svc
+ labels:
+ app: admin-center-zuul
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: admin-center-zuul
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: admin-center
+ name: admin-center-zuul
+spec:
+ selector:
+ matchLabels:
+ app: admin-center-zuul
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: admin-center-zuul
+ spec:
+ containers:
+ - name: admin-center-zuul
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/admin-center/admin-center-zuul:1.2.3-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - secretRef:
+ name: admin-center-zuul-env-secret
+ - configMapRef:
+ name: admin-center-zuul-env
+ resources:
+ requests:
+ memory: "512Mi"
+ limits:
+ memory: "512Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/9.api-docs-installer.yaml b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/9.api-docs-installer.yaml
new file mode 100644
index 0000000..10f1593
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/9.api-docs-installer.yaml
@@ -0,0 +1,52 @@
+# 9.api-docs-installer.yaml
+
+# 依赖平台OpenAPI的部署
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-center
+ name: api-docs-installer-env
+data:
+ ##
+ # 平台OpenAPI的外网访问地址,
+ # **修改** 学校的根域名
+ POA_SERVER_URL: http://poa.paas.nwpu.edu.cn
+
+ # **修改** poa-sa 服务的k8s内部地址
+ POA_SA_SERVER_URL: http://platform-openapi-sa.poa.svc.cluster.local:8443
+
+ ADMIN_CENTER_SERVER_URL: http://admin-center-poa-svc.admin-center.svc.cluster.local:8080
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ namespace: admin-center
+ name: api-docs-installer
+spec:
+ completions: 1
+ parallelism: 1
+ template:
+ metadata:
+ labels:
+ app: api-docs-installer
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: api-docs-installer
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/admin-center/api-docs-installer:1.2.3-RELEASE
+ imagePullPolicy: Always
+ envFrom:
+ - configMapRef:
+ name: api-docs-installer-env
+ # resources:
+ # requests:
+ # memory: "256Mi"
+ # limits:
+ # memory: "256Mi"
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/certs/jwt/readme.md b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/certs/jwt/readme.md
new file mode 100644
index 0000000..5ea3539
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/6.admin-center/certs/jwt/readme.md
@@ -0,0 +1,83 @@
+# readme.md
+
+
+## 使用 openssl 生成 公私钥
+
+
+1. 生成私钥 App Private Key
+
+必须为 RSA2(SHA256)
+
+```bash
+openssl genrsa -out jwt_private_key.pem 1024
+```
+
+2. 将私钥转换为 PKCS8 格式
+
+```bash
+openssl pkcs8 -topk8 -inform PEM -in jwt_private_key.pem -outform PEM -nocrypt -out jwt_private_key_pkcs8.pem
+```
+
+3. 导出公钥 App Public Key
+
+```bash
+openssl rsa -in jwt_private_key.pem -pubout -out jwt_public_key.pem
+```
+
+4. 将 jwt_public_key.pem 中的内容,去除换行和空格,转成字符串。
+
+处理前:
+```language
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI
+2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbB
+XVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3
+FugvRF/6jdTQis2LcQIDAQAB
+-----END PUBLIC KEY-----
+```
+处理后:
+```language
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbBXVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3FugvRF/6jdTQis2LcQIDAQAB
+-----END PUBLIC KEY-----
+```
+
+4. 将 jwt_private_key_pkcs8.pem 中的内容,去除换行和空格,转成字符串。
+
+处理前:
+```language
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTX
+tPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRI
+H9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxE
+mbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7r
+Y0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+
+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH
+04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU
+/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/
+hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vq
+kcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f
+3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxam
+TnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZ
+y7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqR
+hh20uoiJ/Hfky6A=
+-----END PRIVATE KEY-----
+```
+处理后:
+```language
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTXtPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRIH9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxEmbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7rY0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vqkcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxamTnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZy7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqRhh20uoiJ/Hfky6A=
+-----END PRIVATE KEY-----
+```
+
+
+5. (可选)将pem内容进行 base64 编码后,配置到k8s
+
+echo -n '-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBr5wUHXSlLSFU17T4wDX8ehAI2nnZxCc2SnpgfNwuR3jvViSVyr+Pd6JJEeMcl397qKjWqFD/CRlUSB/UEPQRxxbBXVlXRB289KE9xteDk04bU17ILgX8Vz/7LFRLn2CpaCSICfWENhoMRJm7xIAodrI3FugvRF/6jdTQis2LcQIDAQAB
+-----END PUBLIC KEY-----' |base64
+
+
+echo -n '-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMGvnBQddKUtIVTXtPjANfx6EAjaednEJzZKemB83C5HeO9WJJXKv493okkR4xyXf3uoqNaoUP8JGVRIH9QQ9BHHFsFdWVdEHbz0oT3G14OTThtTXsguBfxXP/ssVEufYKloJIgJ9YQ2GgxEmbvEgCh2sjcW6C9EX/qN1NCKzYtxAgMBAAECgYBKBSjq7w7jCUpRuFYrMpnvMV7rY0NqG/K4ZuI5+b3T2fC31v4IWQG4fIoCztky1hscUSqlTpIVxY5ujVnMm+YKMXs+qW2zyUdvoqUbFNAZstYatg6FQ7QlwXMDnIzlq6w5lEofsO46+0kH/d9IX+cPN0nH04J1UKwg0ugyjYVUAQJBAP8di+ECIJkVTbi96JWMCfK1eYdxwe+8DEd7kcW2P6qU/0fxP6qExkbFqPWQbJVNvOKmH5tVW5oi4Q7vaT4MzJECQQDCW4kMG7a6yBKRWZ1/hAixqumBv5FFCnL/yzqH6a5n8tb91vcQCwBGfu+YeQt8zVI56BTP4AJDF5KQu1vqkcDhAkEA+YaHu2QeSDzrEShG5obbcBaKMK1WmEqg5AX8FZrleM5VRqOztvA5Ex3f3ZgObJZlinYb8g2yE/fLk5UdpgBU0QJAFw+FU0p2g/L5QQXBCkBAR9RfoGV6dxamTnNunnG7n9nQaI35Ao5LmhG1nAHAuy4hc311+rQ5kHxbh5Czd0GUAQJBALxZpqPZy7LrKmTbVLAdd0K1dQ3jWUsqk5HXwlxzrmmypn5ut41zwZQl0znyrv7XcfDZ6dqRhh20uoiJ/Hfky6A=
+-----END PRIVATE KEY-----' |base64
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/0.admin-platform-base.yaml b/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/0.admin-platform-base.yaml
new file mode 100644
index 0000000..7e855c1
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/0.admin-platform-base.yaml
@@ -0,0 +1,29 @@
+# 0.admin-platform-base.yaml
+
+# 在 rancher 中 命名空间 须手动创建
+
+####################################################
+# namespace
+####################################################
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: admin-platform
+ # labels:
+ # istio-injection: enabled
+
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+ name: harbor-registry
+ namespace: admin-platform
+data:
+ # 修改harbor仓库配置,并使用 base64 工具进行编码
+ # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+ .dockerconfigjson: eyJhdXRocyI6eyJwYWFzLmhhcmJvci5ud3B1LmVkdS5jbiI6eyJhdXRoIjoiYm5kd2RTNWtaWFp2Y0hNNk1HNUtjVEZMYVdWMmNrNVBkREpIVkRkTSIsInBhc3N3b3JkIjoiMG5KcTFLaWV2ck5PdDJHVDdMIiwidXNlcm5hbWUiOiJud3B1LmRldm9wcyJ9fX0=
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/2.admin-platform-ingresses.yaml b/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/2.admin-platform-ingresses.yaml
new file mode 100644
index 0000000..fce10fb
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/2.admin-platform-ingresses.yaml
@@ -0,0 +1,37 @@
+# 2.admin-platform-ingresses.yaml
+
+# 基础管理
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: admin-platform
+ name: admin-management-ingress
+spec:
+ rules:
+ # 修改为学校的根域名
+ - host: admin-management.paas.xxx.edu.cn
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: admin-management-svc
+ servicePort: http
+
+# 云平台
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: admin-platform
+ name: admin-platform-ingress
+spec:
+ rules:
+ # 修改为学校的根域名
+ - host: admin-platform.paas.xxx.edu.cn
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: admin-platform-svc
+ servicePort: http
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/4.1.admin-management.yaml b/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/4.1.admin-management.yaml
new file mode 100644
index 0000000..40f8bf2
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/4.1.admin-management.yaml
@@ -0,0 +1,80 @@
+# 4.1.admin-management.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-platform
+ name: admin-management-env
+data:
+ SCHOOL_NAME: sw
+ SERVER_URL: https://admin-management.nwpu.edu.cn
+ BACKEND_URL: https://admin-center.nwpu.edu.cn
+
+ # 可选 jwt-cas,idToken-cas,uniauth
+ AUTH_TYPE: idToken-cas
+
+ # # AUTH_TYPE 为 jwt-cas 时,配置 AUTH_URL
+ # AUTH_URL: http://admin-center.paas.nwpu.edu.cn/jwt/cas
+
+ # AUTH_TYPE 为 idToken-cas 时,配置 AUTH_CAS、JWT_ISS、JWT_SECRET
+ AUTH_CAS: https://uis.nwpu.edu.cn/cas
+ JWT_ISS: https://uis.nwpu.edu.cn/cas
+ JWT_SECRET: (@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2
+
+ # # AUTH_TYPE 为 uniauth 时,配置
+ # UNIAUTH_IDTOKEN: http://uniauth.paas.nwpu.edu.cn/idtoken
+ # UNIAUTH_IDTOKEN_ISS: "uniauth"
+ # UNIAUTH_CLIENT_ID: "20"
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: admin-platform
+ name: admin-management-svc
+ labels:
+ app: admin-management-svc
+spec:
+ ports:
+ - port: 80
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ app: admin-management
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: admin-platform
+ name: admin-management
+spec:
+ selector:
+ matchLabels:
+ app: admin-management
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: admin-management
+ spec:
+ containers:
+ - name: admin-management
+ image: paas.harbor.nwpu.edu.cn/admin-platform/admin-management:1.2.3-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 80
+ name: http
+ envFrom:
+ - configMapRef:
+ name: admin-management-env
+ resources:
+ requests:
+ memory: "128Mi"
+ limits:
+ memory: "256Mi"
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/4.2.admin-platform.yaml b/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/4.2.admin-platform.yaml
new file mode 100644
index 0000000..5221dba
--- /dev/null
+++ b/project/nwpu/k8s-rancher/6.admin-platform/7.admin-platform/4.2.admin-platform.yaml
@@ -0,0 +1,241 @@
+# 04-2-admin-platform.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-platform
+ name: admin-platform-env
+data:
+ SCHOOL_NAME: nwpu
+ MAIN_SERVER: http://admin-platform.paas.nwpu.edu.cn
+
+ RESOURCE_PREFIX: "http://admin-platform.paas.nwpu.edu.cn"
+ # RESOURCE_PREFIX: http://authx-minio.paas.nwpu.edu.cn/admin-platform
+
+ # SERVER_CONFIG, none 本地 serverConfig.json , remote 使用远程服务 jsonp , JSON对象 如 {}
+ SERVER_CONFIG: none
+ # SERVER_CONFIG: remote
+ # SERVER_CONFIG: {"ROOT": "https://admin-platform.dev.supwisdom.com/","AUTH": "https://admin-center-dev.supwisdom.com/jwt/cas","BASE_BACK_API": "https://admin-center-dev.supwisdom.com/","AUTH_PERSONAL": "https://personal-security-center-dev.supwisdom.com/jwt/cas","PERSONAL_CENTER_API": "https://personal-security-center-dev.supwisdom.com/","PERSONAL_CENTER": "https://admin-platform.dev.supwisdom.com/personal-center/","ACCOUNT_CENTER": "https://personal-center.dev.supwisdom.com/","ADMIN_CENTER": "http://101.231.81.202:9705/","USER_CENTER": "http://101.231.81.202:9704/","AUTHORISATION_CENTER": "http://localhost:9530/","AUTH_FORMFLOW": "http://formflow.supwisdom.com/release/cas/authen/redirect","FLOW_DESIGN": "http://101.231.81.202:9709","FORM_CENTER": "http://101.231.81.202:9715","FORM_CENTER_PROD": "http://101.231.81.202:9872","FORM_DESIGN": "http://formflow.supwisdom.com/form-design","FORM_DESIGN_PORTAL": "http://formflow.supwisdom.com/form-design-portal","FORM_FILE": "http://formflow.supwisdom.com/form-file","DATA_SERVER": "http://101.231.81.202:9820/","DATA_SERVER_HF": "http://192.168.0.27:5030/","DATA_SERVER_INIT": "http://192.168.0.32:5030/","PERSONAL_CENTER_API_L": "https://test-p.supwisdom.com/portal-web/","PERSONAL_CENTER_IMAGE_API": "https://dev-p.supwisdom.com/resources/",}
+
+ # SERVER_CONFIG 为 remote,以下配置有效
+ CONFIG_SERVER_URL: http://admin-platform.paas.nwpu.edu.cn/config-server
+
+ # SERVER_CONFIG 为 none,配置 admin-platform-server-config-env 有效
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-platform
+ name: admin-platform-server-config-env
+data:
+
+ # 可选 jwt-cas,idToken-cas,uniauth
+ AUTH_TYPE: jwt-cas
+
+ # AUTH_TYPE 为 jwt-cas 时,配置 ADMIN_CENTER_AUTH_URL
+ ADMIN_CENTER_AUTH_URL: http://admin-center.paas.nwpu.edu.cn/jwt/cas
+
+ # AUTH_TYPE 为 idToken-cas 时,配置 AUTH_CAS、JWT_ISS、JWT_SECRET
+ AUTH_CAS: http://uis.paas.nwpu.edu.cn/cas
+ JWT_ISS: http://uis.paas.nwpu.edu.cn/cas
+ JWT_SECRET: (@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2
+
+ # # AUTH_TYPE 为 uniauth 时,配置
+ # UNIAUTH_IDTOKEN: http://uniauth.paas.xxx.edu.cn/idtoken
+ # UNIAUTH_IDTOKEN_ISS: "uniauth"
+ # UNIAUTH_CLIENT_ID: "21"
+
+ PASSWORD_PREFIX: SEC@
+
+ ADMIN_PLATFORM_SERVER_URL: https://admin-platform.paas.nwpu.edu.cn/
+
+ # ADMIN_CENTER_AUTH_URL: http://admin-center.paas.nwpu.edu.cn/jwt/cas
+ ADMIN_CENTER_BACK_API_PREFIX: https://admin-center.paas.nwpu.edu.cn/
+
+ PERSONAL_CENTER_SERVER_URL: https://admin-platform.paas.nwpu.edu.cn/personal-center/
+ PERSONAL_CENTER_AUTH_URL: https://admin-center.paas.nwpu.edu.cn/jwt/cas
+ PERSONAL_CENTER_BACK_API_PREFIX: https://admin-center.paas.nwpu.edu.cn/
+
+ # 个人安全中心
+ ACCOUNT_CENTER_SERVER_URL: https://security-center.paas.nwpu.edu.cn/
+
+ # 云平台基础管理
+ ADMIN_MGT_SERVER_URL: https://admin-platform.paas.nwpu.edu.cn
+ ADMIN_MGT_BACKEND_API_PREFIX: https://admin-center.paas.nwpu.edu.cn
+
+ # 流程管理
+ FORMFLOW_AUTH_URL: https://formflow.paas.nwpu.edu.cn/formflow/cas/authen/redirect
+ FORMFLOW_FORM_DESIGN_SERVER_URL: https://form-design.paas.nwpu.edu.cn
+ FORMFLOW_FLOW_DESIGN_SERVER_URL: https://formflow.paas.nwpu.edu.cn/formflow
+ FORMFLOW_FORM_FILE_PREFIX: https://formflow.paas.nwpu.edu.cn/fileService
+ FORMFLOW_FORM_CENTER_API_PREFIX: https://admin-center.paas.nwpu.edu.cn/api/v1/flow-release
+ FORMFLOW_FORM_UEDITOR_URL: https://admin-platform.paas.nwpu.edu.cn/form-flow/UEditor/
+ FORMFLOW_SIGNATURE_IMAGE_URL: "https://formflow.nwpu.edu.cn/fileService/api/v1/file/service/file-upload/view-img?id=7c6c3840144811eb3f594f42f35680d7"
+
+ # 消息服务
+ MESSAGE_BACKSTAGE_API_PREFIX: http://message-service-test.paas.nwpu.edu.cn/manager
+
+ # 通讯录
+ ADDRESS_BOOK_API_PREFIX: http://address-book.paas.nwpu.edu.cn/manager/
+
+ # 门户
+ PORTAL_V5_PERSONAL_CENTER_API_L: http://portal.paas.xxx.edu.cn/portal-web/
+ PORTAL_V5_PERSONAL_CENTER_IMAGE_API: http://portal.paas.xxx.edu.cn/resources/
+
+ # 开放平台
+ DEVELOPER_CENTER_API_PREFIX: http://dev-center.paas.xxx.edu.cn
+ MESSAGE_SERVICE_API_PREFIX: http://message-service.paas.xxx.edu.cn/manager
+
+ # DEVELOPER_CENTER_AUTH_TYPE: cas
+ # DEVELOPER_CENTER_AUTH_CAS_SERVER_URL: http://cas.paas.xxx.edu.cn/cas
+ # DEVELOPER_CENTER_JWT_ISS: http://cas.paas.xxx.edu.cn/cas
+ # DEVELOPER_CENTER_JWT_SECRET: (@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2
+
+
+ # VUE_APP_AUTH_TYPE: jwt-cas
+ # VUE_APP_AUTH_TYPE_LOGIN_URL: http://ds.paas.xxx.edu.cn/gateway/jwt/token/login
+ # VUE_APP_AUTH_TYPE_CAS_URL: http://ds.paas.xxx.edu.cn/gateway/jwt/cas
+ # VUE_APP_DOCUMENT_API: http://ds.paas.xxx.edu.cn/gateway/api/agent/document
+ # VUE_APP_SYSTEM_API: http://ds.paas.xxx.edu.cn/gateway/api/agent/system
+
+
+# {
+# "ROOT": "https://admin-platform.dev.supwisdom.com/",
+# "AUTH": "https://admin-center-dev.supwisdom.com/jwt/cas",
+# "BASE_BACK_API": "https://admin-center-dev.supwisdom.com/",
+# "AUTH_PERSONAL": "https://personal-security-center-dev.supwisdom.com/jwt/cas",
+# "PERSONAL_CENTER_API": "https://personal-security-center-dev.supwisdom.com/",
+# "PERSONAL_CENTER": "https://admin-platform.dev.supwisdom.com/personal-center/",
+# "ACCOUNT_CENTER": "https://personal-center.dev.supwisdom.com/",
+# "ADMIN_CENTER": "http://101.231.81.202:9705/",
+# "USER_CENTER": "http://101.231.81.202:9704/",
+# "AUTHORISATION_CENTER": "http://localhost:9530/",
+# "AUTH_FORMFLOW": "http://formflow.supwisdom.com/release/cas/authen/redirect",
+# "FLOW_DESIGN": "http://101.231.81.202:9709",
+# "FORM_CENTER": "http://101.231.81.202:9715",
+# "FORM_CENTER_PROD": "http://101.231.81.202:9872",
+# "FORM_DESIGN": "http://formflow.supwisdom.com/form-design",
+# "FORM_DESIGN_PORTAL": "http://formflow.supwisdom.com/form-design-portal",
+# "FORM_FILE": "http://formflow.supwisdom.com/form-file",
+#
+# "DATA_SERVER": "http://101.231.81.202:9820/","DATA_SERVER_HF": "http://192.168.0.27:5030/","DATA_SERVER_INIT": "http://192.168.0.32:5030/",
+#
+# "PERSONAL_CENTER_API_L": "https://test-p.supwisdom.com/portal-web/",
+# "PERSONAL_CENTER_IMAGE_API": "https://dev-p.supwisdom.com/resources/",
+#
+# "MESSAGE_BACKSTAGE":"https://message-service.pdsu.edu.cn/manager/",
+#
+# "DEVELOPER_CENTER_API":"https://dev-center.dev.supwisdom.com",
+# "AUTH_TYPE":"cas",
+# "AUTH_CAS":"https://cas-dev.supwisdom.com/cas",
+# "JWT_ISS": "https://cas-dev.supwisdom.com/cas",
+# "JWT_SECRET": "(@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2"
+# }
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-platform
+ name: admin-platform-spa-env
+data:
+ LAYOUT_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/layout
+
+ # ADMIN_MGT_SPA_URL: "http://admin-management.paas.nwpu.edu.cn"
+
+ CAS_SERVER_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/cas-server-spa
+ USER_SERVER_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/user-server-spa
+ AUTH_SERVER_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/auth-server-spa
+
+ ACCOUNT_CENTER_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/account-center-spa
+
+ FORM_FLOW_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/form-flow-spa
+ FORM_FLOW_SPA_ZZU_URL: ""
+ FORM_FLOW_SPA_TEST_URL: ""
+
+ MESSAGE_BACKSTAGE_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/message-backstage-spa
+ ADDRESS_BOOK_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/address-book-spa
+
+ PORTAL_ADMIN_SPA_URL: http://portal-admin-test.paas.nwpu.edu.cn
+
+ DEVELOPER_CENTER_SPA_URL: http://open.paas.nwpu.edu.cn/dev-admin
+
+ # INFO_STANDARD_SPA_URL: https://admin-platform.paas.xxx.edu.cn/info_standard
+
+ # BOOK_CATALOG_MANAGEMENT_SPA_URL: ""
+
+ # MEETING_RESERVATION_SPA_URL: ""
+
+ # 数据资产
+ DATAASSETS_SPA_URL: ""
+
+ # 数据填报
+ DATA_FILLING_SPA_URL: ""
+
+ FORM_FLOW_PROD_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/form-flow-prod-spa
+
+ MEETING_RESERVATION_BACKEND_GZ_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/user-server-spa
+
+ MESSAGE_PROD_SPA_URL: http://admin-platform.paas.nwpu.edu.cn/message-prod-spa
+
+ NEW_MEETING_RESERVATION_BACKEND_SPA_URL: https://second-meeting.paas.nwpu.edu.cn/new-meeting-reservation
+
+ PORTAL_ADMIN1_SPA_URL: http://portal-admin-pro.paas.nwpu.edu.cn
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: admin-platform
+ name: admin-platform-svc
+ labels:
+ app: admin-platform-svc
+spec:
+ ports:
+ - port: 80
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ app: admin-platform
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: admin-platform
+ name: admin-platform
+spec:
+ selector:
+ matchLabels:
+ app: admin-platform
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: admin-platform
+ spec:
+ containers:
+ - name: admin-platform
+ # 若使用了学校搭设的私有仓库,请修改
+ image: harbor.supwisdom.com/admin-platform/admin-platform:1.2.3-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 80
+ name: http
+ envFrom:
+ - configMapRef:
+ name: admin-platform-env
+ - configMapRef:
+ name: admin-platform-spa-env
+ - configMapRef:
+ name: admin-platform-server-config-env
+ resources:
+ requests:
+ memory: "128Mi"
+ limits:
+ memory: "256Mi"
+ imagePullSecrets:
+ - name: harbor-registry