docs: 认证授权服务部署文档
diff --git a/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml
new file mode 100644
index 0000000..71ed6d3
--- /dev/null
+++ b/deploy-manifests/k8s-rancher/6.admin-platform/6.admin-center/4.5.admin-center-zuul.yaml
@@ -0,0 +1,170 @@
+# admin-center-zuul.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: admin-center
+ name: admin-center-zuul-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ # SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ # SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ # SERVER_TOMCAT_MAX_THREADS: "800"
+ # SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+ # SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+
+
+ ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000"
+ ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000"
+
+ ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000"
+
+
+ INFRAS_SECURITY_BASIC_ENABLED: "false"
+
+ INFRAS_SECURITY_JWT_ENABLED: "true"
+ #INFRAS_SECURITY_JWT_KEY_ALIAS: "supwisdom-jwt-key"
+ #INFRAS_SECURITY_JWT_KEY_PASSWORD: "changeit"
+ #INFRAS_SECURITY_JWT_KEY_STORE: "file:/certs/jwt/jwt.keystore"
+ #INFRAS_SECURITY_JWT_KEY_STORE_PASSWORD: "changeit"
+
+ INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas
+ INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: ""
+ INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey"
+
+
+ INFRAS_SECURITY_CAS_ENABLED: "true"
+ # 修改为学校的admin-center的访问域名
+ APP_SERVER_HOST_URL: "http://admin-center.paas.xxx.edu.cn"
+ #APP_LOGIN_URL: "/cas/login"
+ #APP_LOGOUT_URL: "/cas/logout"
+ # 修改为学校的cas的访问域名
+ CAS_SERVER_HOST_URL: "http://cas.paas.xxx.edu.cn/cas"
+
+
+ ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
+ #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+
+ ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080
+ ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+ USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: admin-center
+ name: admin-center-zuul-env-secret
+type: Opaque
+data:
+ # 参考 certs/jwt/readme.md 生成公私钥pem,替换相关配置
+ INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDcWUzYUpRVm1VNWY1VDhIdU1PcEloMjhrZQpNU3hpUkh2NXNNa29iVGd5T3VRaVVYVEJLS3JwUjVNUWFiaERFZG1WSHlVWFowUFRLRHJCYk9rWkVwTVRmbXBHCnBibE5hOHJkS0RRZG5MYVFLNHBkKzN1clJSdDQzYXhISTdQZHdnRmx3ZThybmYvZllVK3lpcWhDaFBjbkdSNXAKUE9hOE4xZFkzQXlwWWhZa2dRSURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==
+ INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFLcDdkb2xCV1pUbC9sUHcKZTR3NmtpSGJ5UjR4TEdKRWUvbXd5U2h0T0RJNjVDSlJkTUVvcXVsSGt4QnB1RU1SMlpVZkpSZG5ROU1vT3NGcwo2UmtTa3hOK2FrYWx1VTFyeXQwb05CMmN0cEFyaWwzN2U2dEZHM2pkckVjanM5M0NBV1hCN3l1ZC85OWhUN0tLCnFFS0U5eWNaSG1rODVydzNWMWpjREtsaUZpU0JBZ01CQUFFQ2dZRUFuNXN2QXBrMzhQclIvR3ZzZndCbXgyUXAKQ2ljblVtaWpXTVIxejI5UmFWVlJOLy9pdXVRRC9wcVB5Skh4ZkhrOXB5cWRZeWUraS9YaDdDeTJuazZSZWVyMAowcG5lbUFJNFpNVnFaWW8rUHFIdU1ZSnRjS1ZpSHRLUElVZFVEaGpleE1iVjhPdXdFRjdDNERsNXhveXV6cUZvClZzRTFlaVNpVERmQWNUcmc4SEVDUVFEYjVrZU5FUUxtMEFPK0I3TDZvUi9URExHODZiaXU1Szc0VEVzMmphM0gKQ0JBa1FLUXJvMWwxS3c2Y1ZKcXlGR09SMEI1ZG9Mc2V2cVNTWVV5KytrZGpBa0VBeG5oUzh5SnF1Z3ordFV2ZApKMW1sSm9UbTFxNjFHNDBzTFhMY1RtU3F1a2dyTDBDMm1ycXJGQUF4MjF2ek83azF0NU44aEZUY1VnR3BMa015CjNiOGp5d0pBWEFBVk1XekxsUHUwaFIyOWdPUkdaMHNwVll0SFRFeTY4NEVmK3B2OTk0WmxFblhFK2NqbTFZR0YKSkZ5MU9Bb1Z1bHlqUjdMR2RzOTJGUlFHUXVSOVZ3SkJBS1JNUlhicS9la3BDczR3a0ZLYi9vQ2xzcWIwR0E5SAp6ZE9ONjF5bUwwTm9yUDlBRmlwKzcxTHVXbGVhaGYvaDhkc1hxQk93WUhjdTBzdnVhelJ3b0FNQ1FRQ05yM0FrCkZ6aUZBZGQvWkFmaFhpSURHemo1dlRCRkpaQ01TR1hXbVBJcTdnWEN0RUM4Y2VvRHhOY0JLRGtxeEQvaGJVcmwKZStmeDdqeE9kUXhwQkF1RQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: admin-center
+ name: admin-center-zuul-svc
+ labels:
+ app: admin-center-zuul
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: admin-center-zuul
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: admin-center
+ name: admin-center-zuul
+spec:
+ selector:
+ matchLabels:
+ app: admin-center-zuul
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: admin-center-zuul
+ spec:
+ containers:
+ - name: admin-center-zuul
+ # 若使用了学校搭设的私有仓库,请修改
+ image: harbor.supwisdom.com/admin-center/admin-center-zuul:1.0.2-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - secretRef:
+ name: admin-center-zuul-env-secret
+ - configMapRef:
+ name: admin-center-zuul-env
+ resources:
+ requests:
+ memory: "400Mi"
+ limits:
+ memory: "400Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+