chore: nwpu,1.2
diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/0.user-data-service-base.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/0.user-data-service-base.yaml
new file mode 100644
index 0000000..a9d74c3
--- /dev/null
+++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/0.user-data-service-base.yaml
@@ -0,0 +1,255 @@
+# user-data-service-base.yaml
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+ namespace: user-data-service
+ name: harbor-registry
+data:
+ # 修改harbor仓库配置,并使用 base64 工具进行编码
+ # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+ .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+
+####################################################
+# redis-server
+####################################################
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ namespace: user-data-service
+ name: redis-data-pvc
+spec:
+ accessModes:
+ - ReadWriteMany
+ # 根据情况修改
+ storageClassName: nfs-client
+ resources:
+ requests:
+ storage: 50Gi
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ labels:
+ app: redis
+ release: redis-server
+ name: redis-server
+ namespace: user-data-service
+type: Opaque
+data:
+ REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: redis
+ release: redis-server
+ name: redis-server
+ namespace: user-data-service
+spec:
+ ports:
+ - name: redis
+ port: 6379
+ protocol: TCP
+ targetPort: redis
+ selector:
+ app: redis
+ release: redis-server
+ role: master
+ type: ClusterIP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ labels:
+ app: redis
+ release: redis-server
+ name: redis-server
+ namespace: user-data-service
+spec:
+ podManagementPolicy: OrderedReady
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app: redis
+ release: redis-server
+ role: master
+ serviceName: redis-master
+ template:
+ metadata:
+ labels:
+ app: redis
+ release: redis-server
+ role: master
+ spec:
+ containers:
+ - name: redis-server
+ env:
+ - name: REDIS_DISABLE_COMMANDS
+ value: FLUSHDB,FLUSHALL
+ - name: REDIS_REPLICATION_MODE
+ value: master
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: redis-server
+ key: REDIS_PASSWORD
+ # 若使用了学校搭设的私有仓库,请修改
+ image: bitnami/redis:4.0
+ # 若使用了学校搭设的私有仓库,请修改 为 Always
+ imagePullPolicy: IfNotPresent
+ # imagePullPolicy: Always
+ livenessProbe:
+ exec:
+ command:
+ - redis-cli
+ - ping
+ failureThreshold: 5
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ ports:
+ - containerPort: 6379
+ name: redis
+ protocol: TCP
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
+ readinessProbe:
+ exec:
+ command:
+ - redis-cli
+ - ping
+ failureThreshold: 5
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ volumeMounts:
+ - mountPath: /bitnami/redis/data
+ name: redis-data
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ securityContext:
+ fsGroup: 1001
+ # runAsUser: 1001
+ # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+ runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ # - name: redis-data
+ # emptyDir: {}
+ - name: redis-data
+ persistentVolumeClaim:
+ claimName: redis-data-pvc
+ # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可,注意这里的缩进,imagePullSecrets要对齐到本行#符号)
+ # imagePullSecrets:
+ # - name: harbor-registry
+ updateStrategy:
+ rollingUpdate:
+ partition: 0
+ type: RollingUpdate
+
+
+
+# ####################################################
+# # rabbitmq-server
+# ####################################################
+# ---
+# apiVersion: v1
+# kind: Secret
+# metadata:
+# labels:
+# app: rabbitmq
+# release: rabbitmq-server
+# name: rabbitmq-server
+# namespace: user-data-service
+# type: Opaque
+# data:
+# RABBITMQ_USERNAME: Z3Vlc3Q=
+# RABBITMQ_PASSWORD: Z3Vlc3Q=
+# ---
+# apiVersion: v1
+# kind: Service
+# metadata:
+# name: rabbitmq-server
+# namespace: user-data-service
+# labels:
+# app: rabbitmq-server
+# spec:
+# ports:
+# - port: 5672
+# targetPort: tcp-1
+# protocol: TCP
+# name: tcp-1
+# - port: 15672
+# targetPort: tcp-2
+# protocol: TCP
+# name: tcp-2
+# selector:
+# app: rabbitmq-server
+# ---
+# apiVersion: apps/v1
+# kind: Deployment
+# metadata:
+# name: rabbitmq-server
+# namespace: user-data-service
+# spec:
+# selector:
+# matchLabels:
+# app: rabbitmq-server
+# replicas: 1
+# template:
+# metadata:
+# labels:
+# app: rabbitmq-server
+# annotations:
+# sidecar.istio.io/inject: "false"
+# spec:
+# containers:
+# - name: rabbitmq-server
+# env:
+# - name: RABBITMQ_VM_MEMORY_HIGH_WATERMARK
+# value: "0.6"
+# - name: RABBITMQ_DEFAULT_USER
+# valueFrom:
+# secretKeyRef:
+# name: rabbitmq-server
+# key: RABBITMQ_USERNAME
+# - name: RABBITMQ_DEFAULT_PASS
+# valueFrom:
+# secretKeyRef:
+# name: rabbitmq-server
+# key: RABBITMQ_PASSWORD
+# # 若使用了学校搭设的私有仓库,请修改
+# image: rabbitmq:management
+# # 若使用了学校搭设的私有仓库,请修改 为 Always
+# imagePullPolicy: IfNotPresent
+# # imagePullPolicy: Always
+# ports:
+# - containerPort: 5672
+# name: tcp-1
+# - containerPort: 15672
+# name: tcp-2
+# resources:
+# requests:
+# memory: "1024Mi"
+# limits:
+# memory: "1024Mi"
+# # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可)
+# # imagePullSecrets:
+# # - name: harbor-registry
diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/1.user-data-service-env.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/1.user-data-service-env.yaml
new file mode 100644
index 0000000..0f7e6e2
--- /dev/null
+++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/1.user-data-service-env.yaml
@@ -0,0 +1,53 @@
+# user-data-service-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: user-data-service
+ name: jvm-env
+data:
+ MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: user-data-service
+ name: datasource-env-secret
+type: Opaque
+data:
+ # jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai
+ JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlci5hdXRoeC1zZXJ2aWNlLnN2Yy5jbHVzdGVyLmxvY2FsOjMzMDYvdXNlcj9zZXJ2ZXJUaW1lem9uZT1Bc2lhL1NoYW5naGFp
+ # user
+ JDBC_USERNAME: dXNlcg==
+ # 修改为实际的数据库密码,并使用 base64 工具进行编码
+ # kingstar
+ JDBC_PASSWORD: a2luZ3N0YXI=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: user-data-service
+ name: redis-env-secret
+type: Opaque
+data:
+ SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+ SPRING_REDIS_PORT: NjM3OQ==
+ SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: user-data-service
+ name: rabbitmq-env-secret
+type: Opaque
+data:
+ # rabbitmq-server.authx-service.svc.cluster.local
+ SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVyLmF1dGh4LXNlcnZpY2Uuc3ZjLmNsdXN0ZXIubG9jYWw=
+ SPRING_RABBITMQ_PORT: NTY3Mg==
+ SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
+ SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/2.user-data-service-ingresses.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/2.user-data-service-ingresses.yaml
new file mode 100644
index 0000000..6680f1f
--- /dev/null
+++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/2.user-data-service-ingresses.yaml
@@ -0,0 +1,20 @@
+# user-data-service-ingresses.yaml
+
+# 暂时不使用,直接使用内部地址
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+# namespace: user-data-service
+# name: user-api-ingress
+# spec:
+# rules:
+# # 修改为学校的根域名
+# - host: user-api.paas.xxx.edu.cn
+# http:
+# paths:
+# - path: /
+# backend:
+# serviceName: user-data-service-poa-svc
+# servicePort: http
+
diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
new file mode 100644
index 0000000..7654c6f
--- /dev/null
+++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
@@ -0,0 +1,55 @@
+# user-data-service-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: user-data-service
+ name: user-data-service-installer-env
+data:
+ DB_TYPE: mysql8
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: user-data-service-installer
+ namespace: user-data-service
+spec:
+ completions: 1
+ parallelism: 1
+ template:
+ metadata:
+ labels:
+ app: user-data-service-installer
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: user-data-service-installer
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/goa/installer:1.2.10-RELEASE
+ imagePullPolicy: Always
+ env:
+ - name: DB_TYPE
+ value: mysql8
+ - name: JDBC_URL
+ value: jdbc:mysql://mysql-server:3306/user_test?serverTimezone=Asia/Shanghai
+ - name: JDBC_USERNAME
+ value: user_test
+ - name: JDBC_PASSWORD
+ value: Supwisdom!Nwpu123
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ # - secretRef:
+ # name: datasource-env-secret
+ - configMapRef:
+ name: user-data-service-installer-env
+ # resources:
+ # requests:
+ # memory: "256Mi"
+ # limits:
+ # memory: "256Mi"
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml
new file mode 100644
index 0000000..3f93f40
--- /dev/null
+++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml
@@ -0,0 +1,124 @@
+# user-data-service-poa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: user-data-service
+ name: user-data-service-poa-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+ SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+ SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "50"
+ SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
+
+ CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
+ CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
+ TPAS_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ # **修改** 学校的根域名
+ FILE_SERVER_TYPE: minio
+ FILE_SERVER_URL: https://authx-minio.paas.xxx.edu.cn
+
+
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: user-data-service
+ name: user-data-service-poa-svc
+ labels:
+ app: user-data-service-poa
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: user-data-service-poa
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: user-data-service
+ name: user-data-service-poa
+spec:
+ selector:
+ matchLabels:
+ app: user-data-service-poa
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: user-data-service-poa
+ spec:
+ containers:
+ - name: user-data-service-poa
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/goa/poa-api:1.2.10-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: datasource-env-secret
+ - configMapRef:
+ name: user-data-service-poa-env
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8888
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml
new file mode 100644
index 0000000..37c911f
--- /dev/null
+++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml
@@ -0,0 +1,146 @@
+# user-data-service-goa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: user-data-service
+ name: user-data-service-goa-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "20480"
+
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+ SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+ SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
+ SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
+ SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+ SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+ SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
+
+
+ # 加密算法的实现,默认 default,支持 bcrypt 等加密算法; SHA-256 支持 SHA-256 加密算法
+ PASSWORD_ENCODER_IMPL: default
+
+ PASSWORD_ENABLE_TRANS_UPDATE_PASSWORD: "false"
+
+ SECURITY_API_SECURITY_ACCOUNT_SERVICE_IMPL: redis
+
+
+ # 推送数据到 jobs-server 的配置
+ JOBS_RABBITMQ_ENABLED: "false"
+ JOBS_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ JOBS_RABBITMQ_PORT: "5672"
+ JOBS_RABBITMQ_USERNAME: guest
+ JOBS_RABBITMQ_PASSWORD: guest
+
+
+ # 是否同步帐号到 openldap(已弃用)
+ # JOBS_RABBITMQ_ACCOUNTUSERSVC2OPENLDAPRABBITSENDER_ENABLED: "false"
+
+ # 是否同步 帐号 数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
+ JOBS_RABBITMQ_ACCOUNTUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
+ # 是否同步 密码(明文密码)到 jobs 的 MQ,由 jobs 再进行分发(如分发到 城市热点)
+ JOBS_RABBITMQ_ACCOUNTUSERSVC2JOBSSYNCPASSWORDRABBITSENDER_ENABLED: "false"
+
+ # 是否同步 组织机构 数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
+ JOBS_RABBITMQ_ORGANIZATIONUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
+
+ # 是否同步 用户组 数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
+ JOBS_RABBITMQ_GROUPUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
+
+ # 是否同步 帐号用户组 数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
+ JOBS_RABBITMQ_ACCOUNTGROUPUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
+
+
+ LOGGING_LEVEL_COM_SUPWISDOM_GOA: INFO
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: user-data-service
+ name: user-data-service-goa-svc
+ labels:
+ app: user-data-service-goa
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: user-data-service-goa
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: user-data-service
+ name: user-data-service-goa
+spec:
+ selector:
+ matchLabels:
+ app: user-data-service-goa
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: user-data-service-goa
+ spec:
+ containers:
+ - name: user-data-service-goa
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/goa/goa-api:1.2.10-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: datasource-env-secret
+ - secretRef:
+ name: redis-env-secret
+ - secretRef:
+ name: rabbitmq-env-secret
+ - configMapRef:
+ name: user-data-service-goa-env
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8888
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml
new file mode 100644
index 0000000..2f72655
--- /dev/null
+++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml
@@ -0,0 +1,130 @@
+# user-data-service-biz.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: user-data-service
+ name: user-data-service-biz-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+ SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+ SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
+ SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
+
+ CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
+ CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+ USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
+ TPAS_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: user-data-service
+ name: user-data-service-biz-svc
+ labels:
+ app: user-data-service-biz
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: user-data-service-biz
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: user-data-service
+ name: user-data-service-biz
+spec:
+ selector:
+ matchLabels:
+ app: user-data-service-biz
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: user-data-service-biz
+ spec:
+ containers:
+ - name: user-data-service-biz
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/goa/biz-api:1.2.10-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: datasource-env-secret
+ - secretRef:
+ name: rabbitmq-env-secret
+ - configMapRef:
+ name: user-data-service-biz-env
+ resources:
+ requests:
+ memory: "512Mi"
+ limits:
+ memory: "512Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8888
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml
new file mode 100644
index 0000000..361c963
--- /dev/null
+++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml
@@ -0,0 +1,56 @@
+# user-data-service-datax-job.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: user-data-service
+ name: user-data-service-datax-job-env
+data:
+ JOB_APPLICATION_AUTHZ2USER_MYSQLREADER8_USERNAME: "user_authz"
+ # 修改为实际的数据库密码
+ JOB_APPLICATION_AUTHZ2USER_MYSQLREADER8_PASSWORD: "kingstar"
+ JOB_APPLICATION_AUTHZ2USER_MYSQLREADER8_JDBC_URL: "jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/user_authz?serverTimezone=Asia/Shanghai"
+
+ JOB_APPLICATION_AUTHZ2USER_MYSQLWRITER8_USERNAME: "user"
+ # 修改为实际的数据库密码
+ JOB_APPLICATION_AUTHZ2USER_MYSQLWRITER8_PASSWORD: "kingstar"
+ JOB_APPLICATION_AUTHZ2USER_MYSQLWRITER8_JDBC_URL: "jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai"
+
+---
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: user-data-service-datax-job
+ namespace: user-data-service
+spec:
+ schedule: "30 */4 * * *"
+ jobTemplate:
+ metadata:
+ labels:
+ app: user-data-service-datax-job
+ spec:
+ completions: 1
+ parallelism: 1
+ template:
+ metadata:
+ labels:
+ app: user-data-service-datax-job
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: user-data-service-datax-job
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/goa/datax-job:1.2.10-RELEASE
+ imagePullPolicy: Always
+ envFrom:
+ - configMapRef:
+ name: user-data-service-datax-job-env
+ # resources:
+ # requests:
+ # memory: "400Mi"
+ # limits:
+ # memory: "400Mi"
+ imagePullSecrets:
+ - name: harbor-registry
+
diff --git a/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml
new file mode 100644
index 0000000..53ff777
--- /dev/null
+++ b/project/nwpu/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml
@@ -0,0 +1,52 @@
+# 9.api-docs-installer.yaml
+
+# 依赖平台OpenAPI的部署
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: user-data-service
+ name: api-docs-installer-env
+data:
+ ##
+ # 平台OpenAPI的外网访问地址,
+ # **修改** 学校的根域名
+ POA_SERVER_URL: http://poa.paas.nwpu.edu.cn
+
+ # **修改** poa-sa 服务的k8s内部地址
+ POA_SA_SERVER_URL: http://platform-openapi-sa.poa.svc.cluster.local:8443
+
+ USER_API_SERVER_URL: http://user-data-service-poa-svc.user-data-service.svc.cluster.local:8080
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ namespace: user-data-service
+ name: api-docs-installer
+spec:
+ completions: 1
+ parallelism: 1
+ template:
+ metadata:
+ labels:
+ app: api-docs-installer
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: api-docs-installer
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/goa/api-docs-installer:1.2.10-RELEASE
+ imagePullPolicy: Always
+ envFrom:
+ - configMapRef:
+ name: api-docs-installer-env
+ # resources:
+ # requests:
+ # memory: "256Mi"
+ # limits:
+ # memory: "256Mi"
+ imagePullSecrets:
+ - name: harbor-registry