| 刘洪青 | 4720585 | 2020-08-14 13:39:30 +0800 | [diff] [blame^] | 1 | # admin-center-zuul.yaml |
| 2 | |
| 3 | --- |
| 4 | apiVersion: v1 |
| 5 | kind: ConfigMap |
| 6 | metadata: |
| 7 | namespace: admin-center |
| 8 | name: admin-center-zuul-env |
| 9 | data: |
| 10 | SERVER_PORT: "8080" |
| 11 | SSL_ENABLED: "false" |
| 12 | #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore |
| 13 | #SSL_KEYSTORE_PASSWORD: "" |
| 14 | #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore |
| 15 | #SSL_TRUSTSTORE_PASSWORD: "" |
| 16 | |
| 17 | SERVER_MAXHTTPHEADERSIZE: "10240" |
| 18 | |
| 19 | # SERVER_TOMCAT_MAX_CONNECTIONS: "10000" |
| 20 | # SERVER_TOMCAT_ACCEPT_COUNT: "5000" |
| 21 | # SERVER_TOMCAT_MAX_THREADS: "800" |
| 22 | # SERVER_TOMCAT_MIN_SPARE_THREADS: "100" |
| 23 | |
| 24 | # SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800" |
| 25 | |
| 26 | |
| 27 | ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000" |
| 28 | ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000" |
| 29 | |
| 30 | ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000" |
| 31 | |
| 32 | |
| 33 | INFRAS_SECURITY_BASIC_ENABLED: "false" |
| 34 | |
| 35 | INFRAS_SECURITY_JWT_ENABLED: "true" |
| 36 | #INFRAS_SECURITY_JWT_KEY_ALIAS: "supwisdom-jwt-key" |
| 37 | #INFRAS_SECURITY_JWT_KEY_PASSWORD: "changeit" |
| 38 | #INFRAS_SECURITY_JWT_KEY_STORE: "file:/certs/jwt/jwt.keystore" |
| 39 | #INFRAS_SECURITY_JWT_KEY_STORE_PASSWORD: "changeit" |
| 40 | |
| 41 | INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas |
| 42 | INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: "" |
| 43 | INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey" |
| 44 | |
| 45 | |
| 46 | INFRAS_SECURITY_CAS_ENABLED: "true" |
| 47 | # 修改为学校的admin-center的访问域名 |
| 48 | APP_SERVER_HOST_URL: "http://admin-center.paas.xxx.edu.cn" |
| 49 | #APP_LOGIN_URL: "/cas/login" |
| 50 | #APP_LOGOUT_URL: "/cas/logout" |
| 51 | # 修改为学校的cas的访问域名 |
| 52 | CAS_SERVER_HOST_URL: "http://cas.paas.xxx.edu.cn/cas" |
| 53 | |
| 54 | |
| 55 | ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false" |
| 56 | #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: "" |
| 57 | #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore |
| 58 | #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: "" |
| 59 | |
| 60 | ADMIN_CENTER_SA_SERVER_URL: http://admin-center-sa-svc.admin-center.svc.cluster.local:8080 |
| 61 | ADMIN_CENTER_SA_CLIENT_AUTH_ENABLED: "false" |
| 62 | #ADMIN_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: "" |
| 63 | #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore |
| 64 | #ADMIN_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: "" |
| 65 | #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore |
| 66 | #ADMIN_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" |
| 67 | |
| 68 | USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080 |
| 69 | USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false" |
| 70 | #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" |
| 71 | #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore |
| 72 | #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" |
| 73 | #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore |
| 74 | #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" |
| 75 | |
| 76 | USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080 |
| 77 | USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false" |
| 78 | #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: "" |
| 79 | #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore |
| 80 | #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: "" |
| 81 | #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore |
| 82 | #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: "" |
| 83 | |
| 84 | --- |
| 85 | apiVersion: v1 |
| 86 | kind: Secret |
| 87 | metadata: |
| 88 | namespace: admin-center |
| 89 | name: admin-center-zuul-env-secret |
| 90 | type: Opaque |
| 91 | data: |
| 92 | # 参考 certs/jwt/readme.md 生成公私钥pem,替换相关配置 |
| 93 | INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDcWUzYUpRVm1VNWY1VDhIdU1PcEloMjhrZQpNU3hpUkh2NXNNa29iVGd5T3VRaVVYVEJLS3JwUjVNUWFiaERFZG1WSHlVWFowUFRLRHJCYk9rWkVwTVRmbXBHCnBibE5hOHJkS0RRZG5MYVFLNHBkKzN1clJSdDQzYXhISTdQZHdnRmx3ZThybmYvZllVK3lpcWhDaFBjbkdSNXAKUE9hOE4xZFkzQXlwWWhZa2dRSURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ== |
| 94 | INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFLcDdkb2xCV1pUbC9sUHcKZTR3NmtpSGJ5UjR4TEdKRWUvbXd5U2h0T0RJNjVDSlJkTUVvcXVsSGt4QnB1RU1SMlpVZkpSZG5ROU1vT3NGcwo2UmtTa3hOK2FrYWx1VTFyeXQwb05CMmN0cEFyaWwzN2U2dEZHM2pkckVjanM5M0NBV1hCN3l1ZC85OWhUN0tLCnFFS0U5eWNaSG1rODVydzNWMWpjREtsaUZpU0JBZ01CQUFFQ2dZRUFuNXN2QXBrMzhQclIvR3ZzZndCbXgyUXAKQ2ljblVtaWpXTVIxejI5UmFWVlJOLy9pdXVRRC9wcVB5Skh4ZkhrOXB5cWRZeWUraS9YaDdDeTJuazZSZWVyMAowcG5lbUFJNFpNVnFaWW8rUHFIdU1ZSnRjS1ZpSHRLUElVZFVEaGpleE1iVjhPdXdFRjdDNERsNXhveXV6cUZvClZzRTFlaVNpVERmQWNUcmc4SEVDUVFEYjVrZU5FUUxtMEFPK0I3TDZvUi9URExHODZiaXU1Szc0VEVzMmphM0gKQ0JBa1FLUXJvMWwxS3c2Y1ZKcXlGR09SMEI1ZG9Mc2V2cVNTWVV5KytrZGpBa0VBeG5oUzh5SnF1Z3ordFV2ZApKMW1sSm9UbTFxNjFHNDBzTFhMY1RtU3F1a2dyTDBDMm1ycXJGQUF4MjF2ek83azF0NU44aEZUY1VnR3BMa015CjNiOGp5d0pBWEFBVk1XekxsUHUwaFIyOWdPUkdaMHNwVll0SFRFeTY4NEVmK3B2OTk0WmxFblhFK2NqbTFZR0YKSkZ5MU9Bb1Z1bHlqUjdMR2RzOTJGUlFHUXVSOVZ3SkJBS1JNUlhicS9la3BDczR3a0ZLYi9vQ2xzcWIwR0E5SAp6ZE9ONjF5bUwwTm9yUDlBRmlwKzcxTHVXbGVhaGYvaDhkc1hxQk93WUhjdTBzdnVhelJ3b0FNQ1FRQ05yM0FrCkZ6aUZBZGQvWkFmaFhpSURHemo1dlRCRkpaQ01TR1hXbVBJcTdnWEN0RUM4Y2VvRHhOY0JLRGtxeEQvaGJVcmwKZStmeDdqeE9kUXhwQkF1RQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0t |
| 95 | |
| 96 | |
| 97 | --- |
| 98 | apiVersion: v1 |
| 99 | kind: Service |
| 100 | metadata: |
| 101 | namespace: admin-center |
| 102 | name: admin-center-zuul-svc |
| 103 | labels: |
| 104 | app: admin-center-zuul |
| 105 | needMonitor: 'true' |
| 106 | spec: |
| 107 | ports: |
| 108 | - port: 8080 |
| 109 | targetPort: http |
| 110 | protocol: TCP |
| 111 | name: http |
| 112 | - port: 6060 |
| 113 | targetPort: http-metrics |
| 114 | protocol: TCP |
| 115 | name: http-metrics |
| 116 | selector: |
| 117 | app: admin-center-zuul |
| 118 | |
| 119 | --- |
| 120 | apiVersion: apps/v1 |
| 121 | kind: Deployment |
| 122 | metadata: |
| 123 | namespace: admin-center |
| 124 | name: admin-center-zuul |
| 125 | spec: |
| 126 | selector: |
| 127 | matchLabels: |
| 128 | app: admin-center-zuul |
| 129 | replicas: 1 |
| 130 | template: |
| 131 | metadata: |
| 132 | labels: |
| 133 | app: admin-center-zuul |
| 134 | spec: |
| 135 | containers: |
| 136 | - name: admin-center-zuul |
| 137 | # 若使用了学校搭设的私有仓库,请修改 |
| 138 | image: harbor.supwisdom.com/admin-center/admin-center-zuul:1.0.2-SNAPSHOT |
| 139 | imagePullPolicy: Always |
| 140 | ports: |
| 141 | - containerPort: 8080 |
| 142 | name: http |
| 143 | - containerPort: 6060 |
| 144 | name: http-metrics |
| 145 | envFrom: |
| 146 | - configMapRef: |
| 147 | name: jvm-env |
| 148 | - secretRef: |
| 149 | name: redis-env-secret |
| 150 | - secretRef: |
| 151 | name: admin-center-zuul-env-secret |
| 152 | - configMapRef: |
| 153 | name: admin-center-zuul-env |
| 154 | resources: |
| 155 | requests: |
| 156 | memory: "400Mi" |
| 157 | limits: |
| 158 | memory: "400Mi" |
| 159 | readinessProbe: |
| 160 | httpGet: |
| 161 | path: /actuator/health |
| 162 | port: 8080 |
| 163 | initialDelaySeconds: 20 |
| 164 | periodSeconds: 5 |
| 165 | timeoutSeconds: 5 |
| 166 | successThreshold: 1 |
| 167 | failureThreshold: 10 |
| 168 | imagePullSecrets: |
| 169 | - name: harbor-registry |
| 170 | |