deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml - institute/deploy-authx-service - Gitiles

 # cas-server-security-engine.yaml

 ---
 apiVersion: v1
 kind: Secret
 metadata:
   namespace: cas-server
   name: cas-server-security-engine-env-secret
 type: Opaque
 data:
   #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: Y2xpZW50
   #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: Y2xpZW50
   #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: Y2xpZW50

 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: cas-server
   name: cas-server-security-engine-env
 data:
   CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
   CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
   #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
   #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore


 ---
 apiVersion: v1
 kind: Service
 metadata:
   namespace: cas-server
   name: cas-server-security-engine-svc
   labels:
     app: cas-server-security-engine
     needMonitor: 'true'
 spec:
   ports:
     - port: 6060
       targetPort: http-metrics
       protocol: TCP
       name: http-metrics
   selector:
     app: cas-server-security-engine

 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   namespace: cas-server
   name: cas-server-security-engine
 spec:
   selector:
     matchLabels:
       app: cas-server-security-engine
   replicas: 1
   template:
     metadata:
       labels:
         app: cas-server-security-engine
     spec:
       containers:
       - name: cas-server-security-engine
         # 若使用了学校搭设的私有仓库，请修改
         image: harbor.supwisdom.com/cas-server/cas-server-security-engine:1.4.0-RELEASE
         imagePullPolicy: Always
         ports:
         - containerPort: 6060
           name: http-metrics
         envFrom:
         - configMapRef:
             name: jvm-env
         - secretRef:
             name: datasource-env-secret
         - secretRef:
             name: rabbitmq-env-secret
         - configMapRef:
             name: cas-server-security-engine-env
         - secretRef:
             name: cas-server-security-engine-env-secret
         resources:
           requests:
             memory: "512Mi"
           limits:
             memory: "512Mi"
       imagePullSecrets:
         - name: harbor-registry
	# cas-server-security-engine.yaml

	---
	apiVersion: v1
	kind: Secret
	metadata:
	namespace: cas-server
	name: cas-server-security-engine-env-secret
	type: Opaque
	data:
	#CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: Y2xpZW50
	#CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: Y2xpZW50
	#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: Y2xpZW50

	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	namespace: cas-server
	name: cas-server-security-engine-env
	data:
	CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
	CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
	#CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
	#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore


	---
	apiVersion: v1
	kind: Service
	metadata:
	namespace: cas-server
	name: cas-server-security-engine-svc
	labels:
	app: cas-server-security-engine
	needMonitor: 'true'
	spec:
	ports:
	- port: 6060
	targetPort: http-metrics
	protocol: TCP
	name: http-metrics
	selector:
	app: cas-server-security-engine

	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	namespace: cas-server
	name: cas-server-security-engine
	spec:
	selector:
	matchLabels:
	app: cas-server-security-engine
	replicas: 1
	template:
	metadata:
	labels:
	app: cas-server-security-engine
	spec:
	containers:
	- name: cas-server-security-engine
	# 若使用了学校搭设的私有仓库，请修改
	image: harbor.supwisdom.com/cas-server/cas-server-security-engine:1.4.0-RELEASE
	imagePullPolicy: Always
	ports:
	- containerPort: 6060
	name: http-metrics
	envFrom:
	- configMapRef:
	name: jvm-env
	- secretRef:
	name: datasource-env-secret
	- secretRef:
	name: rabbitmq-env-secret
	- configMapRef:
	name: cas-server-security-engine-env
	- secretRef:
	name: cas-server-security-engine-env-secret
	resources:
	requests:
	memory: "512Mi"
	limits:
	memory: "512Mi"
	imagePullSecrets:
	- name: harbor-registry