chore: 新增新开普郑州测试环境的部署脚本
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
new file mode 100644
index 0000000..6a782d3
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
@@ -0,0 +1,235 @@
+# cas-server-site-webapp.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: cas-server-test
+ name: cas-server-site-webapp-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEY_PASSWORD: ""
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+ SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+ SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+ SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
+
+
+ LOGGING_CONFIG: file:/etc/cas/log4j2-file.xml
+
+
+ ##
+ # 认证服务的外网访问地址,
+ # **修改** 学校的根域名
+ CAS_SERVER_NAME: https://cas-test.paas.newcapec.cn
+
+ # Ticket Granting Cookie
+ CAS_TGC_SECURE: "true"
+
+ # TGT Expiration Policy
+ CAS_TICKET_TGT_MAX_TIME_TO_LIVE_IN_SECONDS: "1209600"
+ CAS_TICKET_TGT_TIME_TO_KILL_IN_SECONDS: "172800"
+
+ # JWT Tickets
+ CAS_AUTHN_TOKEN_CRYPTO_SIGNING_KEY: "(@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2"
+
+ ##
+ # 登录UI,主题
+ SPRING_THYMELEAF_PREFIX: classpath:/templates/themes/classic/
+
+ ##
+ # 测试环境中可使用,正式环境下请配置为空
+ #
+ CAS_AUTHN_ACCEPT_USERS: ""
+
+
+ ## 配置第三方认证的相关参数
+ CASSERVER_FEDERATION_QQ_ENABLED: "true"
+ CASSERVER_FEDERATION_QQ_NAME: QQ
+ CASSERVER_FEDERATION_QQ_APPID: ""
+ CASSERVER_FEDERATION_QQ_APPKEY: ""
+
+ CASSERVER_FEDERATION_OPENWEIXIN_ENABLED: "true"
+ CASSERVER_FEDERATION_OPENWEIXIN_NAME: 微信
+ CASSERVER_FEDERATION_OPENWEIXIN_APPID: ""
+ CASSERVER_FEDERATION_OPENWEIXIN_APPSECRET: ""
+
+ CASSERVER_FEDERATION_WORKWEIXIN_ENABLED: "true"
+ CASSERVER_FEDERATION_WORKWEIXIN_NAME: 企业微信
+ CASSERVER_FEDERATION_WORKWEIXIN_CORPID: ""
+ CASSERVER_FEDERATION_WORKWEIXIN_AGENTID: ""
+ CASSERVER_FEDERATION_WORKWEIXIN_SECRET: ""
+
+ CASSERVER_FEDERATION_ALIPAY_ENABLED: "true"
+ CASSERVER_FEDERATION_ALIPAY_NAME: 支付宝
+ CASSERVER_FEDERATION_ALIPAY_APPID: ""
+ CASSERVER_FEDERATION_ALIPAY_APPPRIVATEKEY: ""
+ CASSERVER_FEDERATION_ALIPAY_ALIPAYPUBLICKEY: ""
+
+
+ # **修改**
+ # jwt 的签发方标识,一般为 认证的域名
+ CASSERVER_JWT_ISS: cas-test.paas.newcapec.cn
+ # **修改**
+ # 参考 certs/jwt/readme.md 生成公私钥pem,修改相关配置
+ CASSERVER_JWT_PRIVATE_KEY_PEM_PKCS8: "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgShIdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyqfNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0+Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+95sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtWLiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCPWbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7MsmcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/DmcgSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8lXDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsSDS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr94RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1bLsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dOjAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvistOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38voNcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtksniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNmJMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8evFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Aiut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/cUPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdTWVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8KLdTYUkvPHsEAtxR+kwTAg=="
+ CASSERVER_JWT_PUBLIC_KEY_PEM: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQAB"
+
+ # **视情况修改**
+ ## 是否启用登录验证码
+ CASSERVERSITE_CAPTCHA_ENABLED: "false"
+
+ ## 配置用户的登录名的正则校验(用于手机、邮箱登录的判断)
+ #CASSERVERSITE_USERNAME_REGEX_MOBILE: ""
+ # \d{11}$
+ #CASSERVERSITE_USERNAME_REGEX_EMAIL_ADDRESS: ""
+ # \w+\.?\w+@\w+\.[a-z]+(\.[a-z]+)?
+
+ ## 配置认证时,帐号服务的实现( redis 帐号数据存放在redis中, user-sa 帐号数据从用户服务获取)
+ CASSERVERSITE_ACCOUNT_SERVICE_IMPL: user-sa
+
+ ## 配置认证时,角色服务的实现( redis 角色数据存放在redis中, user-authz-sa 角色数据从授权服务获取)
+ CASSERVERSITE_ROLE_SERVICE_IMPL: user-authz-sa
+
+ ## 配置认证时,动态码的短信发送实现( default 控制台输出, agent-service 代理服务)
+ CASSERVERSITE_SMS_SENDER_IMPL: agent-service
+
+ # **修改** 学校的根域名
+ CASSERVERSITE_FORGOT_PASSWORD_URL: https://security-center-test.paas.newcapec.cn/find-pwd
+ CASSERVERSITE_ACTIVE_ACCOUNT_URL: https://security-center-test.paas.newcapec.cn/active-account
+
+ ## 动态码登录相关配置
+ CASSERVERSITE_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300"
+ CASSERVERSITE_PASSWORDLESS_SMS_FROM: 认证中心
+ # **修改** 根据实际情况,修改短信模板
+ CASSERVERSITE_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】{name}:您正在登录统一身份认证,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。
+
+
+ TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080
+ TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ # **修改**
+ # 若须对接sms 接口,须进行二开定制
+ TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
+
+
+ CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
+ CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
+ USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ USER_AUTHZ_SERVICE_SA_API_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service-test.svc.cluster.local:8080
+ USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ ##
+ # 超级APP Token 的验签公钥
+ # 如须和 超级APP 进行对接,修改此配置
+ # **修改** 学校的根域名
+ SUPERAPP_TOKEN_SIGNING_KEY_URL: https://token-test.paas.newcapec.cn/jwt/publicKey
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: cas-server-test
+ name: cas-server-site-webapp-svc
+ labels:
+ app: cas-server-site-webapp
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: cas-server-site-webapp
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: cas-server-test
+ name: cas-server-site-webapp
+spec:
+ selector:
+ matchLabels:
+ app: cas-server-site-webapp
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: cas-server-site-webapp
+ spec:
+ containers:
+ - name: cas-server-site-webapp
+ # 若使用了学校搭设的私有仓库,请修改
+ image: harbor.supwisdom.com/cas-server/cas-server-site-webapp:1.0.0-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - secretRef:
+ name: rabbitmq-env-secret
+ - configMapRef:
+ name: cas-server-site-webapp-env
+ resources:
+ requests:
+ memory: "800Mi"
+ limits:
+ memory: "800Mi"
+ readinessProbe:
+ tcpSocket:
+ port: 8080
+ initialDelaySeconds: 30
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+