| 刘洪青 | 4720585 | 2020-08-14 13:39:30 +0800 | [diff] [blame^] | 1 | # personal-security-center-zuul.yaml |
| 2 | |
| 3 | --- |
| 4 | apiVersion: v1 |
| 5 | kind: ConfigMap |
| 6 | metadata: |
| 7 | namespace: personal-security-center |
| 8 | name: personal-security-center-zuul-env |
| 9 | data: |
| 10 | SERVER_PORT: "8080" |
| 11 | SSL_ENABLED: "false" |
| 12 | #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore |
| 13 | #SSL_KEYSTORE_PASSWORD: "" |
| 14 | #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore |
| 15 | #SSL_TRUSTSTORE_PASSWORD: "" |
| 16 | |
| 17 | SERVER_MAXHTTPHEADERSIZE: "10240" |
| 18 | |
| 19 | SERVER_TOMCAT_ACCEPT_COUNT: "5000" |
| 20 | SERVER_TOMCAT_MAX_CONNECTIONS: "10000" |
| 21 | SERVER_TOMCAT_MAX_THREADS: "800" |
| 22 | SERVER_TOMCAT_MIN_SPARE_THREADS: "100" |
| 23 | |
| 24 | ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000" |
| 25 | ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000" |
| 26 | |
| 27 | ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000" |
| 28 | |
| 29 | LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER: INFO |
| 30 | |
| 31 | |
| 32 | ZUUL_ROUTES_PERSONAL_ME_URL: http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1/me |
| 33 | ZUUL_ROUTES_PERSONAL_BFF_URL: http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1 |
| 34 | |
| 35 | ZUUL_ROUTES_USER_BIZ_URL: http://user-data-service-biz-svc.user-data-service.svc.cluster.local:8080/api/v1/user/biz |
| 36 | |
| 37 | # 修改为学校的 portal 的访问域名 |
| 38 | ZUUL_ROUTES_PORTAL_URL: http://portal.paas.xxx.edu.cn/portal-web/api |
| 39 | |
| 40 | |
| 41 | INFRAS_SECURITY_BASIC_ENABLED: "false" |
| 42 | |
| 43 | INFRAS_SECURITY_JWT_ENABLED: "true" |
| 44 | #INFRAS_SECURITY_JWT_KEY_ALIAS: "supwisdom-jwt-key" |
| 45 | #INFRAS_SECURITY_JWT_KEY_PASSWORD: "changeit" |
| 46 | #INFRAS_SECURITY_JWT_KEY_STORE: "file:/certs/jwt/jwt.keystore" |
| 47 | #INFRAS_SECURITY_JWT_KEY_STORE_PASSWORD: "changeit" |
| 48 | |
| 49 | INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas |
| 50 | INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: "" |
| 51 | INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey" |
| 52 | |
| 53 | |
| 54 | INFRAS_SECURITY_CAS_ENABLED: "true" |
| 55 | # 修改为学校的 personal-security-center 的访问域名 |
| 56 | APP_SERVER_HOST_URL: "http://personal-security-center.paas.xxx.edu.cn" |
| 57 | #APP_LOGIN_URL: "/cas/login" |
| 58 | #APP_LOGOUT_URL: "/cas/logout" |
| 59 | # 修改为学校的 cas 的访问域名 |
| 60 | CAS_SERVER_HOST_URL: "http://cas.paas.xxx.edu.cn/cas" |
| 61 | |
| 62 | |
| 63 | ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false" |
| 64 | #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: "" |
| 65 | #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore |
| 66 | #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: "" |
| 67 | |
| 68 | |
| 69 | USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080 |
| 70 | USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false" |
| 71 | #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" |
| 72 | #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore |
| 73 | #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" |
| 74 | #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore |
| 75 | #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" |
| 76 | |
| 77 | USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080 |
| 78 | USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false" |
| 79 | #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" |
| 80 | #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore |
| 81 | #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" |
| 82 | #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore |
| 83 | #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" |
| 84 | |
| 85 | --- |
| 86 | apiVersion: v1 |
| 87 | kind: Secret |
| 88 | metadata: |
| 89 | namespace: personal-security-center |
| 90 | name: personal-security-center-zuul-env-secret |
| 91 | type: Opaque |
| 92 | data: |
| 93 | # 参考 certs/jwt/readme.md 生成公私钥pem,替换相关配置 |
| 94 | INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDeW9BNzhMbTlHT3NlS1pPL1lZenlWWUJ6cQpaREVzdWlXNVFleXJDL2JFWFZrT2lKc0RnNFRjc2o5Vnp5dGp2MEFZVmxEcmkxdlExaWZhSG9HN0Z1dE40cTVICllxbGZDSzdvOXpNRWo2cU40NFIydUtjR3BCQnd0WlNCZGxWc2tLZ2NOWGlvU3RTRjZZTFp1Q25jWU5HUXZaOSsKeGY5bll5L09scXczWUFQRUx3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ== |
| 95 | INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFMS2dEdnd1YjBZNng0cGsKNzloalBKVmdIT3BrTVN5NkpibEI3S3NMOXNSZFdRNkltd09EaE55eVAxWFBLMk8vUUJoV1VPdUxXOURXSjlvZQpnYnNXNjAzaXJrZGlxVjhJcnVqM013U1BxbzNqaEhhNHB3YWtFSEMxbElGMlZXeVFxQncxZUtoSzFJWHBndG00CktkeGcwWkM5bjM3Ri8yZGpMODZXckRkZ0E4UXZBZ01CQUFFQ2dZRUFuakhFczdDSUdlR0t3TlZkMlAwaU5ZU1cKZHp0ZWxhY1NLN3puMWlCVlhsanh1ejVlVXNGU2xJWkVNMEd6d3JZcEZLUzFLN1lURGFQc1RXOUJJNmxMb0FaawpnaU1vOUE5YnMzdW5XOEg3N2M5T3NTUXZpdHM1eGp3MEJ0dFo0dVhwYmdlUlJmS1dFOFp6MngyYWFIeVdyU1ZIClJINGVya3JYSTFrZzZwQTlyaWtDUVFEaVd0VW5kWktpWHFNTkhJb1RrOUpLNXFyaVJqdS9FTzdtVncvRGo4RmEKSVhFOTMvTkhSVllMZ3E2cFY4SUJiNmlhZnpXbittdkplR3AvbEJsaU81dHpBa0VBeWdUMTE4V25jaFl5elNlTAp3NlVDUkhIOHlJRGx6aGwzWFhxTnhDV2M5V1dGbVpZSERIVy92L2x5dnpwUEtmb3VucmhoUTVXY2g4eGVDSDVqCml1WjlWUUpCQUtsRkJkdUJSOHVXZTlaRlBsaFBsZFlmVXpEdEZxYldVZUQ4d0RRZFg1azRJd2dEWGxrdzE1eTUKK0VWNDlBTEE3bFBDeDJ3N2o3bFZERWNsaUNuMnExTUNRQnltSTI4Y0dxajFPUE1iSHBqNk41NFpSQzN6Q2FQMgp2SlRISW4ra2plUEhKL0VsODQzeXpPU2VyWVVzOGJrVVA3UkdsWlNPRFFxOUVzREZtN3hBLzVrQ1FRQ3A1ZldQCnNWbjFsek15ckYxNHJSK0ZSSWZMazBFMnBMdm5aYzV0NjB3OFpzSVFPRGlOTXZvSDRZUEdSemFpcG9LQnlSeE0KazR1WElVVTMxaVN6VGR4ZgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t |
| 96 | |
| 97 | |
| 98 | --- |
| 99 | apiVersion: v1 |
| 100 | kind: Service |
| 101 | metadata: |
| 102 | namespace: personal-security-center |
| 103 | name: personal-security-center-zuul-svc |
| 104 | labels: |
| 105 | app: personal-security-center-zuul |
| 106 | needMonitor: 'true' |
| 107 | spec: |
| 108 | ports: |
| 109 | - port: 8080 |
| 110 | targetPort: http |
| 111 | protocol: TCP |
| 112 | name: http |
| 113 | - port: 6060 |
| 114 | targetPort: http-metrics |
| 115 | protocol: TCP |
| 116 | name: http-metrics |
| 117 | selector: |
| 118 | app: personal-security-center-zuul |
| 119 | |
| 120 | --- |
| 121 | apiVersion: apps/v1 |
| 122 | kind: Deployment |
| 123 | metadata: |
| 124 | namespace: personal-security-center |
| 125 | name: personal-security-center-zuul |
| 126 | spec: |
| 127 | selector: |
| 128 | matchLabels: |
| 129 | app: personal-security-center-zuul |
| 130 | replicas: 1 |
| 131 | template: |
| 132 | metadata: |
| 133 | labels: |
| 134 | app: personal-security-center-zuul |
| 135 | spec: |
| 136 | containers: |
| 137 | - name: personal-security-center-zuul |
| 138 | # 若使用了学校搭设的私有仓库,请修改 |
| 139 | image: harbor.supwisdom.com/personal-security-center/personal-security-zuul:1.0.2-SNAPSHOT |
| 140 | imagePullPolicy: Always |
| 141 | ports: |
| 142 | - containerPort: 8080 |
| 143 | name: http |
| 144 | - containerPort: 6060 |
| 145 | name: http-metrics |
| 146 | envFrom: |
| 147 | - configMapRef: |
| 148 | name: jvm-env |
| 149 | - secretRef: |
| 150 | name: personal-security-center-zuul-env-secret |
| 151 | - configMapRef: |
| 152 | name: personal-security-center-zuul-env |
| 153 | resources: |
| 154 | requests: |
| 155 | memory: "400Mi" |
| 156 | limits: |
| 157 | memory: "400Mi" |
| 158 | readinessProbe: |
| 159 | httpGet: |
| 160 | path: /actuator/health |
| 161 | port: 8080 |
| 162 | initialDelaySeconds: 20 |
| 163 | periodSeconds: 5 |
| 164 | timeoutSeconds: 5 |
| 165 | successThreshold: 1 |
| 166 | failureThreshold: 10 |
| 167 | imagePullSecrets: |
| 168 | - name: harbor-registry |
| 169 | |