Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / c6782856673e868d1d28f3a19d2a0aee6e5c9759 / . / deploy-manifests / k8s-rancher / 1.authx-service / 6.personal-security-center / 4.4.personal-security-center-bff.yaml
blob: aa24ace9e26d59026a4c7d478d3a125526d3769f [file] [log] [blame]
# personal-security-center-bff.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: personal-security-center
name: personal-security-center-bff-template-env
data:
# 根据情况,修改邮件模板
EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在激活帐号,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在修改安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE: '{name}:您正在绑定钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE_UNBIND_DINGTALK: '{name}:您正在解绑钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_COMPLETED_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在绑定安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
# 根据情况,修改短信模板
SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_PRE_MOBILE: '{prefix}您正在激活帐号,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: '{prefix}您正在激活帐号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{prefix}您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{prefix}您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{prefix}您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{prefix}您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: '{prefix}您正在修改安全手机,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{prefix}您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{prefix}您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{prefix}您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{prefix}您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{prefix}您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{prefix}您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE: '{prefix}{name}:您正在绑定钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE_UNBIND_DINGTALK: '{prefix}{name}:您正在解绑钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_COMPLETED_SECURITY_MOBILE_SEND_CODE: '{name}:您正在绑定安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_COMPLETED_REALNAME_SEND_CODE_BY_PRE_MOBILE: '{name}:您正在实名认证,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_ACCOUNT_INFO_SEND_CODE_BY_MOBILE: '{prefix}您当前正在查询账号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_ACCOUNT_INFO_SEND_ACCOUNT_NAME: '{prefix}您当前正在查询账号,查询结果为:{accountName},账号是您在学校中的重要信息,请妥善保管。'
SMS_TEMPLATE_PREFIX: ''
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: personal-security-center
name: personal-security-center-bff-env
data:
SERVER_PORT: "8080"
SSL_ENABLED: "false"
#SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
#SSL_KEYSTORE_PASSWORD: ""
#SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
#SSL_TRUSTSTORE_PASSWORD: ""
SERVER_MAXHTTPHEADERSIZE: "10240"
SERVER_TOMCAT_ACCEPT_COUNT: "5000"
SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
SERVER_TOMCAT_MAX_THREADS: "800"
SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
SPRING_SERVLET_MULTIPART_MAX_FILE_SIZE: 10Mb
# SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE: 10Mb
SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
# 修改为学校的 personal-security-center 的访问域名
PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://authx-service.paas.xxx.edu.cn/personal
# 修改为学校的 cas 的访问域名
CAS_SERVER_PREFIX: https://cas.paas.xxx.edu.cn/cas
PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
## 密码验证接口(外部接口)
PERSONAL_SECURITY_BFF_SECURITY_PASSWORD_VERIFY_URL: ""
# http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080/api/v1/security/accounts/verifyAccountPassword
# 新开普人脸对接配置
# 修改为实际项目配置
PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas
CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
#CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
#CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
#CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
#CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
#CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
#CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
#CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
#USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
#USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
#USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
#USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
# PERSONAL_SECURITY_CENTER_SA_API_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
# PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_ENABLED: "false"
#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/smtp
TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console
TPAS_FACE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/face/aiface
TPAS_CLIENT_AUTH_ENABLED: "false"
#TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
#TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
#TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
#TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
# COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
# COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
# COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
# COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
# COMMUNICATOR_EMAIL_VALIDATE: "true"
# COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
AUTHX_LOG_ENABLED: "true"
AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
AUTHX_LOG_RABBITMQ_PORT: "5672"
AUTHX_LOG_RABBITMQ_USERNAME: guest
AUTHX_LOG_RABBITMQ_PASSWORD: guest
---
apiVersion: v1
kind: Secret
metadata:
namespace: personal-security-center
name: personal-security-center-bff-env-secret
type: Opaque
data:
---
apiVersion: v1
kind: Service
metadata:
namespace: personal-security-center
name: personal-security-center-bff-svc
labels:
app: personal-security-center-bff
needMonitor: 'true'
spec:
ports:
- port: 8080
targetPort: http
protocol: TCP
name: http
- port: 6060
targetPort: http-metrics
protocol: TCP
name: http-metrics
selector:
app: personal-security-center-bff
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: personal-security-center
name: personal-security-center-bff
spec:
selector:
matchLabels:
app: personal-security-center-bff
replicas: 1
template:
metadata:
labels:
app: personal-security-center-bff
spec:
containers:
- name: personal-security-center-bff
# 若使用了学校搭设的私有仓库,请修改
image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.5.0-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
- containerPort: 6060
name: http-metrics
envFrom:
- configMapRef:
name: jvm-env
- secretRef:
name: redis-env-secret
- secretRef:
name: personal-security-center-bff-env-secret
- configMapRef:
name: personal-security-center-bff-env
- configMapRef:
name: personal-security-center-bff-template-env
resources:
requests:
memory: "512Mi"
limits:
memory: "512Mi"
readinessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 10
imagePullSecrets:
- name: harbor-registry