docs: 部署yaml 整理
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml
index 37808ab..3634ed7 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/2.token-server-ingresses.yaml
@@ -13,7 +13,7 @@
spec:
rules:
# 修改为学校的根域名
- - host: token.paas.xxx.edu.cn
+ - host: cas.paas.xxx.edu.cn
http:
paths:
- path: /token
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
index f116acc..89706ed 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
@@ -35,7 +35,7 @@
# **修改** 学校的根域名
- TOKEN_SERVER_PREFIX: https://token.paas.xxx.edu.cn
+ TOKEN_SERVER_PREFIX: https://token.paas.xxx.edu.cn/token
# **修改** 学校的根域名
TOKEN_SERVER_SECURITY_JWT_ISS: token.paas.xxx.edu.cn
#TOKEN_SERVER_SECURITY_JWT_EXPIRATION: 2592000
@@ -100,6 +100,18 @@
POA_SCOPES: messagecenter:v1:sendMessage
+ TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
+ TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
+ TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
+
+
CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
#CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
@@ -117,18 +129,27 @@
#USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
- TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
- TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
- #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
-
- TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
- TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
+ ATTEST_SERVER_URL: http://attest-server-svc.attest-server.svc.cluster.local:8080/attest
+ ATTEST_CLIENT_AUTH_ENABLED: "false"
+ #ATTEST_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #ATTEST_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #ATTEST_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+ IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090
+ IPADDR_CLIENT_AUTH_ENABLED: "false"
+ #IPADDR_CLIENT_AUTH_KEY_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ ##
+ # authx-log rabbitmq
+ #
AUTHX_LOG_ENABLED: "true"
AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
AUTHX_LOG_RABBITMQ_PORT: "5672"
@@ -136,6 +157,18 @@
AUTHX_LOG_RABBITMQ_PASSWORD: guest
+ ##
+ # 接收 user 推送的 rabbitmq 数据
+ #
+ USER_RABBITMQ_ENABLED: "true"
+ USER_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ USER_RABBITMQ_PORT: "5672"
+ USER_RABBITMQ_USERNAME: guest
+ USER_RABBITMQ_PASSWORD: guest
+
+ USER_RABBITMQ_CONSUMER_ENABLED: "true"
+
+
---
apiVersion: v1
kind: Secret