| # 4.1.token-server.yaml |
| |
| --- |
| apiVersion: v1 |
| kind: ConfigMap |
| metadata: |
| namespace: token-server-test |
| name: token-server-env |
| data: |
| SERVER_PORT: "8080" |
| SSL_ENABLED: "false" |
| #SSL_KEY_PASSWORD: "" |
| #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore |
| #SSL_KEYSTORE_PASSWORD: "" |
| |
| SERVER_MAXHTTPHEADERSIZE: "10240" |
| |
| SERVER_TOMCAT_ACCEPT_COUNT: "5000" |
| SERVER_TOMCAT_MAX_CONNECTIONS: "10000" |
| SERVER_TOMCAT_MAX_THREADS: "800" |
| SERVER_TOMCAT_MIN_SPARE_THREADS: "100" |
| |
| SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800" |
| SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100" |
| SPRING_REDIS_JEDIS_POOL_MINIDLE: "100" |
| |
| |
| # **修改** 从消息中心申请 |
| MESSAGECENTER_ENABLED: "false" |
| MESSAGECENTER_APP_ID: "" |
| MESSAGECENTER_MESSAGE_TYPE_CODE_APP_LOGIN: APP_LOGIN |
| |
| # **修改** 从POA申请 |
| POA_SERVER_URL: https://poa-test.paas.newcapec.cn |
| POA_CLIENT_ID: "" |
| POA_CLIENT_SECRET: "" |
| POA_SCOPES: messagecenter:v1:sendMessage |
| |
| |
| # **修改** 学校的根域名 |
| TOKEN_SERVER_PREFIX: https://token-test.paas.newcapec.cn |
| # **修改** 学校的根域名 |
| TOKEN_SERVER_SECURITY_JWT_ISS: token-test.paas.newcapec.cn |
| #TOKEN_SERVER_SECURITY_JWT_EXPIRATION: 2592000 |
| #TOKEN_SERVER_SECURITY_JWT_KICKOUT_ENABLED: "false" |
| # **修改** |
| # 请使用与 cas-server 一致的公私钥 |
| TOKEN_SERVER_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgShIdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyqfNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0+Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+95sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtWLiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCPWbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7MsmcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/DmcgSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8lXDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsSDS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr94RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1bLsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dOjAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvistOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38voNcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtksniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNmJMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8evFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Aiut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/cUPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdTWVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8KLdTYUkvPHsEAtxR+kwTAg==" |
| TOKEN_SERVER_SECURITY_JWT_PUBLIC_KEY_PEM: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQAB" |
| |
| |
| # face |
| # aiface 新开普人脸,aipface 百度人脸 |
| TOKEN_SERVER_FACE_SOURCE_TYPE: aiface |
| |
| # 若须对接新开普人脸,须由新开普人脸系统提供相关配置 |
| TOKEN_SERVER_FACE_AIFACE_URL: "" |
| TOKEN_SERVER_FACE_AIFACE_APPKEY: "" |
| TOKEN_SERVER_FACE_AIFACE_APPSECRET: "" |
| TOKEN_SERVER_FACE_AIFACE_SECRETKEY: "" |
| TOKEN_SERVER_FACE_AIFACE_TERM_CODE: "" |
| |
| # 若须对接百度人脸,须在百度开放平台注册应用 |
| TOKEN_SERVER_FACE_AIPFACE_APPID: "" |
| TOKEN_SERVER_FACE_AIPFACE_APIKEY: "" |
| TOKEN_SERVER_FACE_AIPFACE_SECRETKEY: "" |
| |
| |
| # passwordless |
| TOKEN_SERVER_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300" |
| TOKEN_SERVER_PASSWORDLESS_SMS_FROM: 认证中心 |
| #TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】{name}:您正在进行登录,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。 |
| TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE: '{"signName": "树维认证", "templateCode": "SMS_184545298", "templateParam": {"code": "{token}"}}' |
| |
| |
| CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080 |
| CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false" |
| #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: "" |
| #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore |
| #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: "" |
| #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore |
| #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" |
| |
| USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080 |
| USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false" |
| #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: "" |
| #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore |
| #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: "" |
| #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore |
| #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" |
| |
| |
| TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080 |
| TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false" |
| #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" |
| #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore |
| #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" |
| #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore |
| #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" |
| |
| TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send |
| |
| |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| namespace: token-server-test |
| name: token-server-svc |
| labels: |
| app: token-server |
| needMonitor: 'true' |
| spec: |
| ports: |
| - port: 8080 |
| targetPort: http |
| protocol: TCP |
| name: http |
| - port: 6060 |
| targetPort: http-metrics |
| protocol: TCP |
| name: http-metrics |
| selector: |
| app: token-server |
| |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| namespace: token-server-test |
| name: token-server |
| spec: |
| selector: |
| matchLabels: |
| app: token-server |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: token-server |
| spec: |
| containers: |
| - name: token-server |
| # 若使用了学校搭设的私有仓库,请 **修改** |
| image: harbor.supwisdom.com/token-server/token-server:1.0.0-SNAPSHOT |
| imagePullPolicy: Always |
| ports: |
| - containerPort: 8080 |
| name: http |
| - containerPort: 6060 |
| name: http-metrics |
| envFrom: |
| - configMapRef: |
| name: jvm-env |
| - secretRef: |
| name: datasource-env-secret |
| - secretRef: |
| name: redis-env-secret |
| - configMapRef: |
| name: token-server-env |
| resources: |
| requests: |
| memory: "512Mi" |
| limits: |
| memory: "512Mi" |
| readinessProbe: |
| httpGet: |
| path: /actuator/health |
| port: 8080 |
| initialDelaySeconds: 20 |
| periodSeconds: 5 |
| timeoutSeconds: 5 |
| successThreshold: 1 |
| failureThreshold: 10 |
| imagePullSecrets: |
| - name: harbor-registry |
| |