deploy-manifests/k8s-rancher/1.authx-service/7.attest-server/4.1.attest-server.yaml - institute/deploy-authx-service - Gitiles

 # 4.1.attest-server.yaml

 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: attest-server
   name: attest-server-env
 data:
   SERVER_PORT: "8080"
   SSL_ENABLED: "false"
   #SSL_KEY_PASSWORD: ""
   #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
   #SSL_KEYSTORE_PASSWORD: ""

   SERVER_SERVLET_CONTEXT_PATH: "/attest"

   SERVER_MAXHTTPHEADERSIZE: "20480"

   SERVER_TOMCAT_ACCEPT_COUNT: "500"
   SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
   SERVER_TOMCAT_MAX_THREADS: "500"
   SERVER_TOMCAT_MIN_SPARE_THREADS: "100"


   # **修改** 从POA申请
   POA_SERVER_URL: https://poa.paas.xxx.edu.cn
   POA_CLIENT_ID: ""
   POA_CLIENT_SECRET: ""
   POA_SCOPES: appPush:v1:apppushByMessageType


   # 修改为学校的根域名
   ATTEST_SERVER_PREFIX: https://attest.paas.xxx.edu.cn/attest


   # guard
   ATTEST_SERVER_SECUREPHONE_SMS_TEXT_TEMPLATE: 【认证服务】{name}：您正在进行验证身份，验证码为{code}，有效期5分钟，请尽快完成验证。
   ATTEST_SERVER_SECUREPHONE_SMS_FROM: 认证服务

   ATTEST_SERVER_SECUREEMAIL_MAIL_TEXT_TEMPLATE: 【认证服务】{name}：您正在进行验证身份，验证码为{code}，有效期5分钟，请尽快完成验证。
   ATTEST_SERVER_SECUREEMAIL_MAIL_FROM: 认证服务

   # 在超级APP 中唤起人脸识别的 URL Scheme
   ATTEST_SERVER_FACEVERIFY_SUPERAPP_URL_SCHEME: superapp


   # 超级APP Token 的验签公钥
   TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/jwt/publicKey


   USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
   USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
   #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
   #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
   #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
   #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
   #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""


   TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
   TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
   #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
   #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
   #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
   #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
   #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""

   TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
   TPAS_AGENT_SERVICE_MAIL_SENDER_PATH: /api/v1/tpas/mail/console/send
   TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify


   ##
   # token-server
   #
   TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080


   ##
   # 将 attest 数据 推送到 rabbitmq
   #
   # ATTEST_RABBITMQ_ENABLED: "false"
   # ATTEST_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
   # ATTEST_RABBITMQ_PORT: "5672"
   # ATTEST_RABBITMQ_USERNAME: guest
   # ATTEST_RABBITMQ_PASSWORD: guest
   #
   # ATTEST_RABBITMQ_APPPUSHATTEST2TOKENRABBITSENDER_ENABLED: "false"


 ---
 apiVersion: v1
 kind: Secret
 metadata:
   namespace: attest-server
   name: attest-server-env-secret
 type: Opaque
 data:


 ---
 apiVersion: v1
 kind: Service
 metadata:
   namespace: attest-server
   name: attest-server-svc
   labels:
     app: attest-server
     needMonitor: 'true'
 spec:
   ports:
     - port: 8080
       targetPort: http
       protocol: TCP
       name: http
     - port: 6060
       targetPort: http-metrics
       protocol: TCP
       name: http-metrics
   selector:
     app: attest-server

 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   namespace: attest-server
   name: attest-server
 spec:
   selector:
     matchLabels:
       app: attest-server
   replicas: 1
   template:
     metadata:
       labels:
         app: attest-server
     spec:
       containers:
       - name: attest-server
         image: harbor.supwisdom.com/attest-server/attest-server:1.0.0-SNAPSHOT-DEV
         imagePullPolicy: Always
         ports:
         - containerPort: 8080
           name: http
         - containerPort: 6060
           name: http-metrics
         envFrom:
         - configMapRef:
             name: jvm-env
         - configMapRef:
             name: attest-server-env
         - secretRef:
             name: attest-server-env-secret
         resources:
           requests:
             memory: "512Mi"
           limits:
             memory: "512Mi"
         readinessProbe:
           httpGet:
             path: /attest/actuator/health
             port: 8080
           initialDelaySeconds: 20
           periodSeconds: 5
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 10
       imagePullSecrets:
         - name: harbor-registry
	# 4.1.attest-server.yaml

	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	namespace: attest-server
	name: attest-server-env
	data:
	SERVER_PORT: "8080"
	SSL_ENABLED: "false"
	#SSL_KEY_PASSWORD: ""
	#SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
	#SSL_KEYSTORE_PASSWORD: ""

	SERVER_SERVLET_CONTEXT_PATH: "/attest"

	SERVER_MAXHTTPHEADERSIZE: "20480"

	SERVER_TOMCAT_ACCEPT_COUNT: "500"
	SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
	SERVER_TOMCAT_MAX_THREADS: "500"
	SERVER_TOMCAT_MIN_SPARE_THREADS: "100"


	# 修改从POA申请
	POA_SERVER_URL: https://poa.paas.xxx.edu.cn
	POA_CLIENT_ID: ""
	POA_CLIENT_SECRET: ""
	POA_SCOPES: appPush:v1:apppushByMessageType


	# 修改为学校的根域名
	ATTEST_SERVER_PREFIX: https://attest.paas.xxx.edu.cn/attest


	# guard
	ATTEST_SERVER_SECUREPHONE_SMS_TEXT_TEMPLATE: 【认证服务】{name}：您正在进行验证身份，验证码为{code}，有效期5分钟，请尽快完成验证。
	ATTEST_SERVER_SECUREPHONE_SMS_FROM: 认证服务

	ATTEST_SERVER_SECUREEMAIL_MAIL_TEXT_TEMPLATE: 【认证服务】{name}：您正在进行验证身份，验证码为{code}，有效期5分钟，请尽快完成验证。
	ATTEST_SERVER_SECUREEMAIL_MAIL_FROM: 认证服务

	# 在超级APP 中唤起人脸识别的 URL Scheme
	ATTEST_SERVER_FACEVERIFY_SUPERAPP_URL_SCHEME: superapp


	# 超级APP Token 的验签公钥
	TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/jwt/publicKey


	USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
	USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
	#USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
	#USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
	#USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
	#USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
	#USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""


	TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
	TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
	#TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
	#TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
	#TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
	#TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
	#TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""

	TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
	TPAS_AGENT_SERVICE_MAIL_SENDER_PATH: /api/v1/tpas/mail/console/send
	TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify


	##
	# token-server
	#
	TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080


	##
	# 将 attest 数据推送到 rabbitmq
	#
	# ATTEST_RABBITMQ_ENABLED: "false"
	# ATTEST_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
	# ATTEST_RABBITMQ_PORT: "5672"
	# ATTEST_RABBITMQ_USERNAME: guest
	# ATTEST_RABBITMQ_PASSWORD: guest
	#
	# ATTEST_RABBITMQ_APPPUSHATTEST2TOKENRABBITSENDER_ENABLED: "false"


	---
	apiVersion: v1
	kind: Secret
	metadata:
	namespace: attest-server
	name: attest-server-env-secret
	type: Opaque
	data:


	---
	apiVersion: v1
	kind: Service
	metadata:
	namespace: attest-server
	name: attest-server-svc
	labels:
	app: attest-server
	needMonitor: 'true'
	spec:
	ports:
	- port: 8080
	targetPort: http
	protocol: TCP
	name: http
	- port: 6060
	targetPort: http-metrics
	protocol: TCP
	name: http-metrics
	selector:
	app: attest-server

	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	namespace: attest-server
	name: attest-server
	spec:
	selector:
	matchLabels:
	app: attest-server
	replicas: 1
	template:
	metadata:
	labels:
	app: attest-server
	spec:
	containers:
	- name: attest-server
	image: harbor.supwisdom.com/attest-server/attest-server:1.0.0-SNAPSHOT-DEV
	imagePullPolicy: Always
	ports:
	- containerPort: 8080
	name: http
	- containerPort: 6060
	name: http-metrics
	envFrom:
	- configMapRef:
	name: jvm-env
	- configMapRef:
	name: attest-server-env
	- secretRef:
	name: attest-server-env-secret
	resources:
	requests:
	memory: "512Mi"
	limits:
	memory: "512Mi"
	readinessProbe:
	httpGet:
	path: /attest/actuator/health
	port: 8080
	initialDelaySeconds: 20
	periodSeconds: 5
	timeoutSeconds: 5
	successThreshold: 1
	failureThreshold: 10
	imagePullSecrets:
	- name: harbor-registry