Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / d0187d0aad431504515d724f0d75a0e731c2bddc / . / project / newcapec-test / k8s-rancher / 1.authx-service / 6.personal-security-center / 4.4.personal-security-center-bff.yaml
blob: 49f640a1254bd3f6f77a6018a73c8a2d4d82bd2b [file] [log] [blame]
# personal-security-center-bff.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: personal-security-center-test
name: personal-security-center-bff-template-env
data:
# 根据情况,修改邮件模板
EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在激活帐号,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在修改安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
# 根据情况,修改短信模板
SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_PRE_MOBILE: '{prefix}{name}:您正在激活帐号,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: '{prefix}{name}:您正在激活帐号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{prefix}{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{prefix}{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{prefix}{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{prefix}{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: '{prefix}{name}:您正在修改安全手机,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{prefix}{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{prefix}{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{prefix}{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{prefix}{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{prefix}{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{prefix}{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_PREFIX: ''
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: personal-security-center-test
name: personal-security-center-bff-env
data:
SERVER_PORT: "8080"
SSL_ENABLED: "false"
#SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
#SSL_KEYSTORE_PASSWORD: ""
#SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
#SSL_TRUSTSTORE_PASSWORD: ""
SERVER_MAXHTTPHEADERSIZE: "10240"
SERVER_TOMCAT_ACCEPT_COUNT: "5000"
SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
SERVER_TOMCAT_MAX_THREADS: "800"
SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
# 修改为学校的 personal-security-center 的访问域名
PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://personal-security-center-test.newcapec.edu.cn
# 修改为学校的 cas 的访问域名
CAS_SERVER_PREFIX: https://cas-test.paas.newcapec.cn/cas
PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
# 新开普人脸对接配置
# 修改为实际项目配置
PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server-test.svc.cluster.local:8080/cas
CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
#CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
#CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
#CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
#CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
#CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
#CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
#CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
#USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
#USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
#USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
#USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/file/db
TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/mail/smtp
TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/sms/console
TPAS_CLIENT_AUTH_ENABLED: "false"
#TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
#TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
#TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
#TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
# COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
# COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
# COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
# COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
# COMMUNICATOR_EMAIL_VALIDATE: "true"
# COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
---
apiVersion: v1
kind: Secret
metadata:
namespace: personal-security-center-test
name: personal-security-center-bff-env-secret
type: Opaque
data:
---
apiVersion: v1
kind: Service
metadata:
namespace: personal-security-center-test
name: personal-security-center-bff-svc
labels:
app: personal-security-center-bff
needMonitor: 'true'
spec:
ports:
- port: 8080
targetPort: http
protocol: TCP
name: http
- port: 6060
targetPort: http-metrics
protocol: TCP
name: http-metrics
selector:
app: personal-security-center-bff
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: personal-security-center-test
name: personal-security-center-bff
spec:
selector:
matchLabels:
app: personal-security-center-bff
replicas: 1
template:
metadata:
labels:
app: personal-security-center-bff
spec:
containers:
- name: personal-security-center-bff
# 若使用了学校搭设的私有仓库,请修改
image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.0.2-SNAPSHOT
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
- containerPort: 6060
name: http-metrics
envFrom:
- configMapRef:
name: jvm-env
- secretRef:
name: redis-env-secret
- secretRef:
name: personal-security-center-bff-env-secret
- configMapRef:
name: personal-security-center-bff-env
- configMapRef:
name: personal-security-center-bff-template-env
resources:
requests:
memory: "1024Mi"
limits:
memory: "1024Mi"
readinessProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 10
imagePullSecrets:
- name: harbor-registry