Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / 94920fd68b0f0ebe0e00da06d08858758df6fd94 / . / deploy-manifests / k8s-rancher / 1.authx-service / 5.token-server / 4.1.token-server.yaml
blob: 418383a525b92baf0f5a935bfd33f0fe6621fbaf [file] [log] [blame]
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]1# 4.1.token-server.yaml
2
3---
4apiVersion: v1
5kind: ConfigMap
6metadata:
7 namespace: token-server
8 name: token-server-env
9data:
10 SERVER_PORT: "8080"
11 SSL_ENABLED: "false"
12 #SSL_KEY_PASSWORD: ""
13 #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
14 #SSL_KEYSTORE_PASSWORD: ""
15
16 SERVER_MAXHTTPHEADERSIZE: "10240"
17
18 SERVER_TOMCAT_ACCEPT_COUNT: "5000"
19 SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
20 SERVER_TOMCAT_MAX_THREADS: "800"
21 SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
22
刘洪青9c2687b2020-09-10 15:53:39 +0800[diff] [blame]23 LOGGING_LEVEL_COM_SUPWISDOM_INSITITUTE_TOKEN_SERVER: INFO
24
25
刘洪青94920fd2022-01-10 14:09:53 +0800[diff] [blame^]26 SPRING_DATASOURCE_HIKARI_MAXIMUM_POOL_SIZE: "50"
27 SPRING_DATASOURCE_HIKARI_MINIMUM_IDLE: "10"
28
刘洪青9c2687b2020-09-10 15:53:39 +0800[diff] [blame]29 SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
30 SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "50"
31 SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
32
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]33 SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
34 SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
35 SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
36
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]37
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]38 # **修改** 学校的根域名
39 TOKEN_SERVER_PREFIX: https://token.paas.xxx.edu.cn
40 # **修改** 学校的根域名
41 TOKEN_SERVER_SECURITY_JWT_ISS: token.paas.xxx.edu.cn
42 #TOKEN_SERVER_SECURITY_JWT_EXPIRATION: 2592000
43 #TOKEN_SERVER_SECURITY_JWT_KICKOUT_ENABLED: "false"
44 # **修改**
45 # 请使用与 cas-server 一致的公私钥
46 TOKEN_SERVER_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgShIdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyqfNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0+Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+95sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtWLiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCPWbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7MsmcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/DmcgSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8lXDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsSDS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr94RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1bLsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dOjAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvistOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38voNcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtksniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNmJMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8evFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Aiut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/cUPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdTWVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8KLdTYUkvPHsEAtxR+kwTAg=="
47 TOKEN_SERVER_SECURITY_JWT_PUBLIC_KEY_PEM: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQAB"
48
49
50 # face
51 # aiface 新开普人脸,aipface 百度人脸
52 TOKEN_SERVER_FACE_SOURCE_TYPE: aiface
53
54 # 若须对接新开普人脸,须由新开普人脸系统提供相关配置
55 TOKEN_SERVER_FACE_AIFACE_URL: ""
56 TOKEN_SERVER_FACE_AIFACE_APPKEY: ""
57 TOKEN_SERVER_FACE_AIFACE_APPSECRET: ""
58 TOKEN_SERVER_FACE_AIFACE_SECRETKEY: ""
59 TOKEN_SERVER_FACE_AIFACE_TERM_CODE: ""
60
61 # 若须对接百度人脸,须在百度开放平台注册应用
62 TOKEN_SERVER_FACE_AIPFACE_APPID: ""
63 TOKEN_SERVER_FACE_AIPFACE_APIKEY: ""
64 TOKEN_SERVER_FACE_AIPFACE_SECRETKEY: ""
65
66
67 # passwordless
68 TOKEN_SERVER_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300"
刘洪青ad59f942020-10-14 16:44:50 +0800[diff] [blame]69 TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】您正在进行登录,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]70 TOKEN_SERVER_PASSWORDLESS_SMS_FROM: 认证中心
71
72
刘洪青4332f612021-09-07 22:29:44 +0800[diff] [blame]73 # 手机号登录时,是否自动注册 guest 帐号
74 TOKEN_SERVER_AUTO_REGISTER_GUEST_ACCOUNT_BY_MOBILE_ENABLED: "false"
75
76
刘洪青4984a062021-07-17 15:49:10 +0800[diff] [blame]77 ## 密码验证接口(外部接口)
78 TOKEN_SERVER_SECURITY_PASSWORD_VERIFY_URL: ""
79 # http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080/api/v1/security/accounts/verifyAccountPassword
80
81
刘洪青4332f612021-09-07 22:29:44 +0800[diff] [blame]82 # **修改** 从个推申请
83 GETUI_SERVER_URL: https://openapi-gy.getui.com
84 GETUI_GEYAN_APP_ID: ""
85 GETUI_GEYAN_APP_KEY: ""
86 GETUI_GEYAN_APP_SECRET: ""
87 GETUI_GEYAN_MASTER_SECRET: ""
88
刘洪青15c7a3a2020-11-28 12:03:49 +0800[diff] [blame]89 # **修改** 从消息中心申请
90 MESSAGECENTER_ENABLED: "false"
91 MESSAGECENTER_APP_ID: ""
92 MESSAGECENTER_MESSAGE_TYPE_CODE_APP_LOGIN: APP_LOGIN
刘洪青2c4d8ba2021-06-29 16:59:01 +0800[diff] [blame]93 MESSAGECENTER_MESSAGE_TYPE_CODE_PASSWORD: PASSWORD
刘洪青15c7a3a2020-11-28 12:03:49 +0800[diff] [blame]94
95 # **修改** 从POA申请
96 POA_SERVER_URL: https://poa.paas.xxx.edu.cn
97 POA_CLIENT_ID: ""
98 POA_CLIENT_SECRET: ""
99 POA_SCOPES: messagecenter:v1:sendMessage
100
101
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]102 CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
103 CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
104 #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
105 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
106 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
107 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
108 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
109
110 USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
111 USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
112 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
113 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
114 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
115 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
116 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
117
118
119 TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
120 TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
121 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
122 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
123 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
124 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
125 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
126
127 TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
128
刘洪青78b003b2021-06-24 14:59:57 +0800[diff] [blame]129---
130apiVersion: v1
131kind: Secret
132metadata:
133 namespace: token-server
134 name: token-server-env-secret
135type: Opaque
136data:
137 SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVyLmF1dGh4LXNlcnZpY2Uuc3ZjLmNsdXN0ZXIubG9jYWw=
138 # rabbitmq-server.authx-service.svc.cluster.local
139 SPRING_RABBITMQ_PORT: NTY3Mg==
140 SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
141 SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
142
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]143
144---
145apiVersion: v1
146kind: Service
147metadata:
148 namespace: token-server
149 name: token-server-svc
150 labels:
151 app: token-server
152 needMonitor: 'true'
153spec:
154 ports:
155 - port: 8080
156 targetPort: http
157 protocol: TCP
158 name: http
159 - port: 6060
160 targetPort: http-metrics
161 protocol: TCP
162 name: http-metrics
163 selector:
164 app: token-server
165
166---
167apiVersion: apps/v1
168kind: Deployment
169metadata:
170 namespace: token-server
171 name: token-server
172spec:
173 selector:
174 matchLabels:
175 app: token-server
176 replicas: 1
177 template:
178 metadata:
179 labels:
180 app: token-server
181 spec:
182 containers:
183 - name: token-server
184 # 若使用了学校搭设的私有仓库,请 **修改**
刘洪青dc0a64f2021-10-30 10:09:16 +0800[diff] [blame]185 image: harbor.supwisdom.com/token-server/token-server:1.2.4-RELEASE
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]186 imagePullPolicy: Always
187 ports:
188 - containerPort: 8080
189 name: http
190 - containerPort: 6060
191 name: http-metrics
192 envFrom:
193 - configMapRef:
194 name: jvm-env
195 - secretRef:
196 name: datasource-env-secret
197 - secretRef:
198 name: redis-env-secret
刘洪青78b003b2021-06-24 14:59:57 +0800[diff] [blame]199 - secretRef:
200 name: rabbitmq-env-secret
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]201 - configMapRef:
202 name: token-server-env
203 resources:
204 requests:
刘洪青687d71f2020-10-09 15:32:45 +0800[diff] [blame]205 memory: "1024Mi"
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]206 limits:
刘洪青687d71f2020-10-09 15:32:45 +0800[diff] [blame]207 memory: "1024Mi"
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]208 readinessProbe:
209 httpGet:
210 path: /actuator/health
211 port: 8080
212 initialDelaySeconds: 20
213 periodSeconds: 5
214 timeoutSeconds: 5
215 successThreshold: 1
216 failureThreshold: 10
217 imagePullSecrets:
218 - name: harbor-registry
219