Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / 8cbef0e258aa0a72a9a80c14976f55aed3d05e0e / . / project / nwpu / k8s-rancher / 1.authx-service / 7.attest-server / 4.1.attest-server.yaml
blob: 6da9590a7975ba84ab29cb008b5ff3201b1944f0 [file] [log] [blame]
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame]1# 4.1.attest-server.yaml
2
3---
4apiVersion: v1
5kind: ConfigMap
6metadata:
7 namespace: attest-server
8 name: attest-server-env
9data:
10 SERVER_PORT: "8080"
11 SSL_ENABLED: "false"
12 #SSL_KEY_PASSWORD: ""
13 #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
14 #SSL_KEYSTORE_PASSWORD: ""
15
16 SERVER_SERVLET_CONTEXT_PATH: "/attest"
17
18 SERVER_MAXHTTPHEADERSIZE: "20480"
19
20 SERVER_TOMCAT_ACCEPT_COUNT: "500"
21 SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
22 SERVER_TOMCAT_MAX_THREADS: "500"
23 SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
24
25
26 # **修改** 从POA申请
刘洪青8cbef0e2022-04-19 17:04:49 +0800[diff] [blame^]27 POA_SERVER_URL: https://poa.nwpu.edu.cn
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame]28 POA_CLIENT_ID: ""
29 POA_CLIENT_SECRET: ""
30 POA_SCOPES: appPush:v1:apppushByMessageType
31
32
33 # 修改为学校的根域名
刘洪青8cbef0e2022-04-19 17:04:49 +0800[diff] [blame^]34 ATTEST_SERVER_PREFIX: https://uis.nwpu.edu.cn/attest
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame]35
36
37 # guard
刘洪青8cbef0e2022-04-19 17:04:49 +0800[diff] [blame^]38 # **修改** 根据实际情况,修改短信模板
39 ATTEST_SERVER_SECUREPHONE_SMS_TEXT_TEMPLATE: "【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。"
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame]40 ATTEST_SERVER_SECUREPHONE_SMS_FROM: 认证服务
41
刘洪青8cbef0e2022-04-19 17:04:49 +0800[diff] [blame^]42 # **修改** 根据实际情况,修改邮件模板
43 ATTEST_SERVER_SECUREEMAIL_MAIL_TEXT_TEMPLATE: "【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。"
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame]44 ATTEST_SERVER_SECUREEMAIL_MAIL_FROM: 认证服务
45
46 # 在超级APP 中唤起人脸识别的 URL Scheme
47 ATTEST_SERVER_FACEVERIFY_SUPERAPP_URL_SCHEME: superapp
48
49
50 # 超级APP Token 的验签公钥
刘洪青8cbef0e2022-04-19 17:04:49 +0800[diff] [blame^]51 TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/jwt/publicKey
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame]52
53
54 USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
55 USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
56 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
57 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
58 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
59 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
60 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
61
62
63 TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
64 TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
65 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
66 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
67 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
68 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
69 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
70
71 # **修改**
72 # 若须对接sms 接口,须进行二开定制
刘洪青8cbef0e2022-04-19 17:04:49 +0800[diff] [blame^]73 TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/nwpu/send
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame]74 TPAS_AGENT_SERVICE_MAIL_SENDER_PATH: /api/v1/tpas/mail/smtp/send
75 TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
76
77
78 ##
79 # token-server
80 #
刘洪青8cbef0e2022-04-19 17:04:49 +0800[diff] [blame^]81 TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame]82
83
84 ##
85 # 将 attest 数据 推送到 rabbitmq
86 #
87 # ATTEST_RABBITMQ_ENABLED: "false"
88 # ATTEST_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
89 # ATTEST_RABBITMQ_PORT: "5672"
90 # ATTEST_RABBITMQ_USERNAME: guest
91 # ATTEST_RABBITMQ_PASSWORD: guest
92 #
93 # ATTEST_RABBITMQ_APPPUSHATTEST2TOKENRABBITSENDER_ENABLED: "false"
94
95
96---
97apiVersion: v1
98kind: Secret
99metadata:
100 namespace: attest-server
101 name: attest-server-env-secret
102type: Opaque
103data:
104
105
106---
107apiVersion: v1
108kind: Service
109metadata:
110 namespace: attest-server
111 name: attest-server-svc
112 labels:
113 app: attest-server
114 needMonitor: 'true'
115spec:
116 ports:
117 - port: 8080
118 targetPort: http
119 protocol: TCP
120 name: http
121 - port: 6060
122 targetPort: http-metrics
123 protocol: TCP
124 name: http-metrics
125 selector:
126 app: attest-server
127
128---
129apiVersion: apps/v1
130kind: Deployment
131metadata:
132 namespace: attest-server
133 name: attest-server
134spec:
135 selector:
136 matchLabels:
137 app: attest-server
138 replicas: 1
139 template:
140 metadata:
141 labels:
142 app: attest-server
143 spec:
144 containers:
145 - name: attest-server
刘洪青8cbef0e2022-04-19 17:04:49 +0800[diff] [blame^]146 image: paas.harbor.nwpu.edu.cn/attest-server/attest-server:1.4.4-RELEASE
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame]147 imagePullPolicy: Always
148 ports:
149 - containerPort: 8080
150 name: http
151 - containerPort: 6060
152 name: http-metrics
153 envFrom:
154 - configMapRef:
155 name: jvm-env
156 - configMapRef:
157 name: attest-server-env
158 - secretRef:
159 name: attest-server-env-secret
160 resources:
161 requests:
162 memory: "1024Mi"
163 limits:
164 memory: "1024Mi"
165 readinessProbe:
166 httpGet:
167 path: /attest/actuator/health
168 port: 8080
169 initialDelaySeconds: 20
170 periodSeconds: 5
171 timeoutSeconds: 5
172 successThreshold: 1
173 failureThreshold: 10
174 imagePullSecrets:
175 - name: harbor-registry
176