docs: 认证授权服务部署文档
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/2.cas-server-ingresses.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/2.cas-server-ingresses.yaml
new file mode 100644
index 0000000..19a5a9f
--- /dev/null
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/2.cas-server-ingresses.yaml
@@ -0,0 +1,41 @@
+# cas-server-ingresses.yaml
+
+# 创建 ca-secret
+
+# cd PATH/ca/certs/client
+
+# kubectl describe secret ca-secret -n cas-server
+
+# kubectl create secret generic ca-secret --from-file=client.truststore=client.truststore -n cas-server
+
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: cas-server
+ name: cas-ingress
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+ # cert-manager.io/cluster-issuer: "letsencrypt-staging"
+ # nginx.ingress.kubernetes.io/ssl-redirect: "true"
+ # nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+ # nginx.ingress.kubernetes.io/auth-tls-secret: "cas-server/ca-secret"
+ # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
+spec:
+ tls:
+ # - hosts:
+ # - cas.paas.xxx.edu.cn
+ # secretName: cas-ingress-tls
+ rules:
+ # 修改为学校的根域名
+ - host: cas.paas.xxx.edu.cn
+ http:
+ paths:
+ - path: /cas
+ backend:
+ serviceName: cas-server-site-webapp-svc
+ servicePort: http
+
+
+# TODO: https 配置说明