Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / 1466ae1cd1a0e1e9938cebb23e3722ca03a3c91f / . / project / newcapec-test / k8s-rancher / 1.authx-service / 5.token-server / 4.1.token-server.yaml
blob: 47af3c14d49e66519526f6a17d210b942b0eface [file] [log] [blame]
刘洪青d0187d02020-08-19 14:55:05 +0800[diff] [blame]1# 4.1.token-server.yaml
2
3---
4apiVersion: v1
5kind: ConfigMap
6metadata:
7 namespace: token-server-test
8 name: token-server-env
9data:
10 SERVER_PORT: "8080"
11 SSL_ENABLED: "false"
12 #SSL_KEY_PASSWORD: ""
13 #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
14 #SSL_KEYSTORE_PASSWORD: ""
15
16 SERVER_MAXHTTPHEADERSIZE: "10240"
17
18 SERVER_TOMCAT_ACCEPT_COUNT: "5000"
19 SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
20 SERVER_TOMCAT_MAX_THREADS: "800"
21 SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
22
23 SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
24 SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
25 SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
26
27
28 # **修改** 从消息中心申请
29 MESSAGECENTER_ENABLED: "false"
30 MESSAGECENTER_APP_ID: ""
31 MESSAGECENTER_MESSAGE_TYPE_CODE_APP_LOGIN: APP_LOGIN
32
33 # **修改** 从POA申请
34 POA_SERVER_URL: https://poa-test.paas.newcapec.cn
35 POA_CLIENT_ID: ""
36 POA_CLIENT_SECRET: ""
37 POA_SCOPES: messagecenter:v1:sendMessage
38
39
40 # **修改** 学校的根域名
41 TOKEN_SERVER_PREFIX: https://token-test.paas.newcapec.cn
42 # **修改** 学校的根域名
43 TOKEN_SERVER_SECURITY_JWT_ISS: token-test.paas.newcapec.cn
44 #TOKEN_SERVER_SECURITY_JWT_EXPIRATION: 2592000
45 #TOKEN_SERVER_SECURITY_JWT_KICKOUT_ENABLED: "false"
46 # **修改**
47 # 请使用与 cas-server 一致的公私钥
48 TOKEN_SERVER_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgShIdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyqfNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0+Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+95sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtWLiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCPWbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7MsmcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/DmcgSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8lXDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsSDS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr94RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1bLsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dOjAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvistOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38voNcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtksniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNmJMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8evFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Aiut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/cUPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdTWVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8KLdTYUkvPHsEAtxR+kwTAg=="
49 TOKEN_SERVER_SECURITY_JWT_PUBLIC_KEY_PEM: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQAB"
50
51
52 # face
53 # aiface 新开普人脸,aipface 百度人脸
54 TOKEN_SERVER_FACE_SOURCE_TYPE: aiface
55
56 # 若须对接新开普人脸,须由新开普人脸系统提供相关配置
57 TOKEN_SERVER_FACE_AIFACE_URL: ""
58 TOKEN_SERVER_FACE_AIFACE_APPKEY: ""
59 TOKEN_SERVER_FACE_AIFACE_APPSECRET: ""
60 TOKEN_SERVER_FACE_AIFACE_SECRETKEY: ""
61 TOKEN_SERVER_FACE_AIFACE_TERM_CODE: ""
62
63 # 若须对接百度人脸,须在百度开放平台注册应用
64 TOKEN_SERVER_FACE_AIPFACE_APPID: ""
65 TOKEN_SERVER_FACE_AIPFACE_APIKEY: ""
66 TOKEN_SERVER_FACE_AIPFACE_SECRETKEY: ""
67
68
69 # passwordless
70 TOKEN_SERVER_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300"
刘洪青d0187d02020-08-19 14:55:05 +0800[diff] [blame]71 TOKEN_SERVER_PASSWORDLESS_SMS_FROM: 认证中心
刘洪青2a8d4c52020-10-15 16:21:23 +0800[diff] [blame]72 #TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】{name}:您正在进行登录,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。
73 TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE: '{"signName": "树维认证", "templateCode": "SMS_184545298", "templateParam": {"code": "{token}"}}'
刘洪青d0187d02020-08-19 14:55:05 +0800[diff] [blame]74
75
76 CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
77 CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
78 #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
79 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
80 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
81 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
82 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
83
84 USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
85 USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
86 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
87 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
88 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
89 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
90 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
91
92
93 TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080
94 TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
95 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
96 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
97 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
98 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
99 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
100
101 TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
102
103
104---
105apiVersion: v1
106kind: Service
107metadata:
108 namespace: token-server-test
109 name: token-server-svc
110 labels:
111 app: token-server
112 needMonitor: 'true'
113spec:
114 ports:
115 - port: 8080
116 targetPort: http
117 protocol: TCP
118 name: http
119 - port: 6060
120 targetPort: http-metrics
121 protocol: TCP
122 name: http-metrics
123 selector:
124 app: token-server
125
126---
127apiVersion: apps/v1
128kind: Deployment
129metadata:
130 namespace: token-server-test
131 name: token-server
132spec:
133 selector:
134 matchLabels:
135 app: token-server
136 replicas: 1
137 template:
138 metadata:
139 labels:
140 app: token-server
141 spec:
142 containers:
143 - name: token-server
144 # 若使用了学校搭设的私有仓库,请 **修改**
145 image: harbor.supwisdom.com/token-server/token-server:1.0.0-SNAPSHOT
146 imagePullPolicy: Always
147 ports:
148 - containerPort: 8080
149 name: http
150 - containerPort: 6060
151 name: http-metrics
152 envFrom:
153 - configMapRef:
154 name: jvm-env
155 - secretRef:
156 name: datasource-env-secret
157 - secretRef:
158 name: redis-env-secret
159 - configMapRef:
160 name: token-server-env
161 resources:
162 requests:
163 memory: "512Mi"
164 limits:
165 memory: "512Mi"
166 readinessProbe:
167 httpGet:
168 path: /actuator/health
169 port: 8080
170 initialDelaySeconds: 20
171 periodSeconds: 5
172 timeoutSeconds: 5
173 successThreshold: 1
174 failureThreshold: 10
175 imagePullSecrets:
176 - name: harbor-registry
177