docs: 部署yaml 整理
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-ingresses.yaml b/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-ingresses.yaml
index abf1755..c8f87da 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-ingresses.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-ingresses.yaml
@@ -6,14 +6,14 @@
kind: Ingress
metadata:
namespace: authx-service
- name: authx-management-ingress
+ name: authx-service-authx-management-ingress
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
# 修改为学校的根域名
- - host: admin-platform.paas.xxx.edu.cn
+ - host: authx-service.paas.xxx.edu.cn
http:
paths:
- path: /authx-management/(.*)
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/2.cas-server-ingresses.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/2.cas-server-ingresses.yaml
index 9ffc2a6..c2761e7 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/2.cas-server-ingresses.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/2.cas-server-ingresses.yaml
@@ -17,16 +17,7 @@
name: cas-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
- # cert-manager.io/cluster-issuer: "letsencrypt-staging"
- # nginx.ingress.kubernetes.io/ssl-redirect: "true"
- # nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
- # nginx.ingress.kubernetes.io/auth-tls-secret: "cas-server/ca-secret"
- # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
spec:
- # tls:
- # - hosts:
- # - cas.paas.xxx.edu.cn
- # secretName: cas-ingress-tls
rules:
# 修改为学校的根域名
- host: cas.paas.xxx.edu.cn
@@ -40,6 +31,3 @@
backend:
serviceName: cas-server-site-scheme-svc
servicePort: http
-
-
-# TODO: https 配置说明
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
index 293e787..930843c 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
@@ -116,8 +116,8 @@
CASSERVERSITE_SMS_SENDER_IMPL: agent-service
# **修改** 学校的根域名
- CASSERVERSITE_FORGOT_PASSWORD_URL: https://security-center.paas.xxx.edu.cn/find-pwd
- CASSERVERSITE_ACTIVE_ACCOUNT_URL: https://security-center.paas.xxx.edu.cn/active-account
+ CASSERVERSITE_FORGOT_PASSWORD_URL: https://authx-service.paas.xxx.edu.cn/find-pwd
+ CASSERVERSITE_ACTIVE_ACCOUNT_URL: https://authx-service.paas.xxx.edu.cn/active-account
## 动态码登录相关配置
CASSERVERSITE_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300"
@@ -133,9 +133,7 @@
##
# 超级APP Token 的验签公钥
- # 如须和 超级APP 进行对接,修改此配置
- # **修改** 学校的根域名
- SUPERAPP_TOKEN_SIGNING_KEY_URL: https://token.paas.xxx.edu.cn/jwt/publicKey
+ SUPERAPP_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token/jwt/publicKey
TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
@@ -180,6 +178,24 @@
#USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+ ATTEST_SERVER_URL: http://attest-server-svc.attest-server.svc.cluster.local:8080/attest
+ ATTEST_CLIENT_AUTH_ENABLED: "false"
+ #ATTEST_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #ATTEST_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090
+ IPADDR_CLIENT_AUTH_ENABLED: "false"
+ #IPADDR_CLIENT_AUTH_KEY_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
AUTHX_LOG_ENABLED: "true"
AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
AUTHX_LOG_RABBITMQ_PORT: "5672"
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml
index 37808ab..3634ed7 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml
@@ -13,7 +13,7 @@
spec:
rules:
# 修改为学校的根域名
- - host: token.paas.xxx.edu.cn
+ - host: cas.paas.xxx.edu.cn
http:
paths:
- path: /token
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
index f116acc..89706ed 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
@@ -35,7 +35,7 @@
# **修改** 学校的根域名
- TOKEN_SERVER_PREFIX: https://token.paas.xxx.edu.cn
+ TOKEN_SERVER_PREFIX: https://token.paas.xxx.edu.cn/token
# **修改** 学校的根域名
TOKEN_SERVER_SECURITY_JWT_ISS: token.paas.xxx.edu.cn
#TOKEN_SERVER_SECURITY_JWT_EXPIRATION: 2592000
@@ -100,6 +100,18 @@
POA_SCOPES: messagecenter:v1:sendMessage
+ TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
+ TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
+ TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
+
+
CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
#CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
@@ -117,18 +129,27 @@
#USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
- TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
- TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
- TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
+ ATTEST_SERVER_URL: http://attest-server-svc.attest-server.svc.cluster.local:8080/attest
+ ATTEST_CLIENT_AUTH_ENABLED: "false"
+ #ATTEST_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #ATTEST_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+ IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090
+ IPADDR_CLIENT_AUTH_ENABLED: "false"
+ #IPADDR_CLIENT_AUTH_KEY_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ ##
+ # authx-log rabbitmq
+ #
AUTHX_LOG_ENABLED: "true"
AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
AUTHX_LOG_RABBITMQ_PORT: "5672"
@@ -136,6 +157,18 @@
AUTHX_LOG_RABBITMQ_PASSWORD: guest
+ ##
+ # 接收 user 推送的 rabbitmq 数据
+ #
+ USER_RABBITMQ_ENABLED: "true"
+ USER_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ USER_RABBITMQ_PORT: "5672"
+ USER_RABBITMQ_USERNAME: guest
+ USER_RABBITMQ_PASSWORD: guest
+
+ USER_RABBITMQ_CONSUMER_ENABLED: "true"
+
+
---
apiVersion: v1
kind: Secret
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/2.personal-security-center-ingresses.yaml b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/2.personal-security-center-ingresses.yaml
index 36bfc6a..3039a40 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/2.personal-security-center-ingresses.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/2.personal-security-center-ingresses.yaml
@@ -1,7 +1,7 @@
# personal-security-center-ingresses.yaml
-# 废弃,合并到 安全中心
+# 废弃,合并到 authx-service
# # 个人中心后端接口
# ---
# apiVersion: extensions/v1beta1
@@ -22,18 +22,39 @@
# serviceName: personal-security-center-zuul-svc
# servicePort: http
+# 废弃,合并到 authx-service
+# # 安全中心
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+# namespace: personal-security-center
+# name: security-center-ingress
+# spec:
+# rules:
+# # 修改为学校的根域名
+# - host: security-center.paas.xxx.edu.cn
+# http:
+# paths:
+# - path: /
+# backend:
+# serviceName: security-center-ui-svc
+# servicePort: http
-# 安全中心
+
+# 安全中心 前端UI、后端API
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: personal-security-center
- name: security-center-ingress
+ name: authx-service-security-center-ingress
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
spec:
rules:
# 修改为学校的根域名
- - host: security-center.paas.xxx.edu.cn
+ - host: authx-service.paas.xxx.edu.cn
http:
paths:
- path: /
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml
index c3613c1..9f93bb9 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml
@@ -93,7 +93,7 @@
# 修改为学校的 personal-security-center 的访问域名
- PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://security-center.paas.xxx.edu.cn/personal
+ PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://authx-service.paas.xxx.edu.cn/personal
# 修改为学校的 cas 的访问域名
CAS_SERVER_PREFIX: https://cas.paas.xxx.edu.cn/cas
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml
index 1dfe99f..32c52ba 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml
@@ -66,7 +66,7 @@
INFRAS_SECURITY_CAS_ENABLED: "false"
# 修改为学校的 security-center 的访问域名
- APP_SERVER_HOST_URL: "https://security-center.paas.xxx.edu.cn/personal"
+ APP_SERVER_HOST_URL: "https://authx-service.paas.xxx.edu.cn/personal"
#APP_LOGIN_URL: "/cas/login"
#APP_LOGOUT_URL: "/cas/logout"
# 修改为学校的 cas 的访问域名
@@ -75,7 +75,7 @@
# 后端API服务,域名访问时,默认跳转地址
# 修改为学校的 security-center 安全中心的访问域名
- APPLICATION_INDEX_REDIRECT_URI: "https://security-center.paas.xxx.edu.cn"
+ APPLICATION_INDEX_REDIRECT_URI: "https://authx-service.paas.xxx.edu.cn"
ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml
index f75282b..671389a 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml
@@ -10,9 +10,9 @@
# **修改** 学校的根域名
RESOURCE_PREFIX: https://authx-minio.paas.xxx.edu.cn/security-center-ui
SCHOOL_NAME: ""
- MAIN_SERVER: https://security-center.paas.xxx.edu.cn
+ MAIN_SERVER: https://authx-service.paas.xxx.edu.cn
- PERSONAL_CENTER_API: https://security-center.paas.xxx.edu.cn/personal
+ PERSONAL_CENTER_API: https://authx-service.paas.xxx.edu.cn/personal
# 可选 cas,uniauth
AUTH_TYPE: cas
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/7.attest-server/2.attest-server-ingresses.yaml b/deploy-manifests/k8s-rancher/1.authx-service/7.attest-server/2.attest-server-ingresses.yaml
index 7a54b13..71f4d2a 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/7.attest-server/2.attest-server-ingresses.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/7.attest-server/2.attest-server-ingresses.yaml
@@ -6,10 +6,12 @@
metadata:
name: attest-server-ingress
namespace: attest-server
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
spec:
rules:
# 修改为学校的根域名
- - host: attest.paas.xxx.edu.cn
+ - host: cas.paas.xxx.edu.cn
http:
paths:
- path: /attest
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/7.attest-server/4.1.attest-server.yaml b/deploy-manifests/k8s-rancher/1.authx-service/7.attest-server/4.1.attest-server.yaml
index 0ce24eb..b5defbd 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/7.attest-server/4.1.attest-server.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/7.attest-server/4.1.attest-server.yaml
@@ -46,7 +46,7 @@
# 超级APP Token 的验签公钥
- TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/jwt/publicKey
+ TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token/jwt/publicKey
USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
@@ -74,7 +74,7 @@
##
# token-server
#
- TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080
+ TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token
##
@@ -139,7 +139,7 @@
spec:
containers:
- name: attest-server
- image: harbor.supwisdom.com/attest-server/attest-server:1.0.0-SNAPSHOT-DEV
+ image: harbor.supwisdom.com/attest-server/attest-server:1.4.0-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
@@ -155,9 +155,9 @@
name: attest-server-env-secret
resources:
requests:
- memory: "512Mi"
+ memory: "1024Mi"
limits:
- memory: "512Mi"
+ memory: "1024Mi"
readinessProbe:
httpGet:
path: /attest/actuator/health
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/8.authx-log/4.0.authx-log-installer.yaml b/deploy-manifests/k8s-rancher/1.authx-service/8.authx-log/4.0.authx-log-installer.yaml
index 91a19ba..bfc032f 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/8.authx-log/4.0.authx-log-installer.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/8.authx-log/4.0.authx-log-installer.yaml
@@ -36,10 +36,5 @@
name: datasource-env-secret
- configMapRef:
name: authx-log-installer-env
- resources:
- requests:
- memory: "256Mi"
- limits:
- memory: "256Mi"
imagePullSecrets:
- - name: harbor-supwisdom
+ - name: harbor-registry
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/8.authx-log/4.2.authx-log-sa.yaml b/deploy-manifests/k8s-rancher/1.authx-service/8.authx-log/4.2.authx-log-sa.yaml
index dc4facf..36bd04c 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/8.authx-log/4.2.authx-log-sa.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/8.authx-log/4.2.authx-log-sa.yaml
@@ -100,9 +100,9 @@
name: authx-log-sa-env
resources:
requests:
- memory: "400Mi"
+ memory: "1024Mi"
limits:
- memory: "400Mi"
+ memory: "1024Mi"
readinessProbe:
httpGet:
path: /actuator/health
@@ -113,4 +113,4 @@
successThreshold: 1
failureThreshold: 10
imagePullSecrets:
- - name: harbor-supwisdom
+ - name: harbor-registry