Blame - deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml - institute/deploy-authx-service

blob: dc93b5453ca0d3a000ed2c70dd575e42b386abe4 [file] [log] [blame]

刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	1	# personal-security-center-bff.yaml
				2
				3	---
				4	apiVersion: v1
				5	kind: ConfigMap
				6	metadata:
				7	namespace: personal-security-center
				8	name: personal-security-center-bff-template-env
				9	data:
				10	# 根据情况，修改邮件模板
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame]	11	EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: '{name}：您正在激活帐号，须验证邮箱有效，验证码{code}，有效期5分钟，请尽快完成验证。'
				12	EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{name}：您正在找回密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	13
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame]	14	EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{name}：您正在修改密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				15	EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{name}：您正在修改安全邮箱，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				16	EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}：您正在修改安全邮箱，须验证邮箱有效，验证码{code}，有效期5分钟，请尽快完成验证。'
				17	EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{name}：您正在修改安全手机，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	18
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame]	19	EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{name}：您正在绑定QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				20	EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{name}：您正在解绑QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				21	EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{name}：您正在绑定微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				22	EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{name}：您正在解绑微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				23	EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{name}：您正在绑定企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				24	EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{name}：您正在解绑企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				25	EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{name}：您正在绑定支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				26	EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{name}：您正在解绑支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	27
				28	# 根据情况，修改短信模板
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame]	29	SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_PRE_MOBILE: '{prefix}{name}：您正在激活帐号，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				30	SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: '{prefix}{name}：您正在激活帐号，须验证手机有效，验证码{code}，有效期5分钟，请尽快完成验证。'
				31	SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{prefix}{name}：您正在找回密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	32
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame]	33	SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{prefix}{name}：您正在修改密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				34	SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{prefix}{name}：您正在修改安全邮箱，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				35	SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{prefix}{name}：您正在修改安全手机，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				36	SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: '{prefix}{name}：您正在修改安全手机，须验证手机有效，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	37
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame]	38	SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{prefix}{name}：您正在绑定QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				39	SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{prefix}{name}：您正在解绑QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				40	SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{prefix}{name}：您正在绑定微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				41	SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{prefix}{name}：您正在解绑微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				42	SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{prefix}{name}：您正在绑定企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				43	SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{prefix}{name}：您正在解绑企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				44	SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}{name}：您正在绑定支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				45	SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}{name}：您正在解绑支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	46
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame]	47	SMS_TEMPLATE_PREFIX: ''
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	48
				49
				50	---
				51	apiVersion: v1
				52	kind: ConfigMap
				53	metadata:
				54	namespace: personal-security-center
				55	name: personal-security-center-bff-env
				56	data:
				57	SERVER_PORT: "8080"
				58	SSL_ENABLED: "false"
				59	#SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
				60	#SSL_KEYSTORE_PASSWORD: ""
				61	#SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
				62	#SSL_TRUSTSTORE_PASSWORD: ""
				63
				64	SERVER_MAXHTTPHEADERSIZE: "10240"
				65
				66	SERVER_TOMCAT_ACCEPT_COUNT: "5000"
				67	SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
				68	SERVER_TOMCAT_MAX_THREADS: "800"
				69	SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
				70
刘洪青	9c2687b	2020-09-10 15:53:39 +0800	[diff] [blame^]	71	LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
				72
				73
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	74	SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
				75	SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
				76	SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
				77
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	78
				79	# 修改为学校的 personal-security-center 的访问域名
				80	PERSONAL_SECURITY_CENTER_SERVER_PREFIX: http://personal-security-center.paas.xxx.edu.cn
				81	# 修改为学校的 cas 的访问域名
				82	CAS_SERVER_PREFIX: http://cas.paas.xxx.edu.cn/cas
				83
				84	PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
				85
				86
				87	# 新开普人脸对接配置
				88	# 修改为实际项目配置
				89	PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
				90	PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
				91	PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
				92	PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
				93	PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
				94
				95
				96	CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas
				97	CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
				98	#CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
				99	#CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
				100	#CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
				101	#CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
				102	#CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
				103
				104	CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
				105	CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
				106	#CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
				107	#CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
				108	#CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
				109	#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
				110	#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
				111
				112	USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
				113	USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
				114	#USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
				115	#USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
				116	#USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
				117	#USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
				118	#USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
				119
				120	# PERSONAL_SECURITY_CENTER_SA_API_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
				121	# PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_ENABLED: "false"
				122	#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
				123	#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
				124	#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
				125	#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
				126	#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
				127
				128
				129	TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/db
				130	TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/smtp
				131	TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console
				132	TPAS_CLIENT_AUTH_ENABLED: "false"
				133	#TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
				134	#TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
				135	#TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
				136	#TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
				137	#TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
				138
				139
				140	# COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
				141	# COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
				142	# COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
				143	# COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
				144	# COMMUNICATOR_EMAIL_VALIDATE: "true"
				145
				146	# COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
				147
				148	---
				149	apiVersion: v1
				150	kind: Secret
				151	metadata:
				152	namespace: personal-security-center
				153	name: personal-security-center-bff-env-secret
				154	type: Opaque
				155	data:
				156
				157
				158
				159	---
				160	apiVersion: v1
				161	kind: Service
				162	metadata:
				163	namespace: personal-security-center
				164	name: personal-security-center-bff-svc
				165	labels:
				166	app: personal-security-center-bff
				167	needMonitor: 'true'
				168	spec:
				169	ports:
				170	- port: 8080
				171	targetPort: http
				172	protocol: TCP
				173	name: http
				174	- port: 6060
				175	targetPort: http-metrics
				176	protocol: TCP
				177	name: http-metrics
				178	selector:
				179	app: personal-security-center-bff
				180
				181	---
				182	apiVersion: apps/v1
				183	kind: Deployment
				184	metadata:
				185	namespace: personal-security-center
				186	name: personal-security-center-bff
				187	spec:
				188	selector:
				189	matchLabels:
				190	app: personal-security-center-bff
				191	replicas: 1
				192	template:
				193	metadata:
				194	labels:
				195	app: personal-security-center-bff
				196	spec:
				197	containers:
				198	- name: personal-security-center-bff
				199	# 若使用了学校搭设的私有仓库，请修改
				200	image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.0.2-SNAPSHOT
				201	imagePullPolicy: Always
				202	ports:
				203	- containerPort: 8080
				204	name: http
				205	- containerPort: 6060
				206	name: http-metrics
				207	envFrom:
				208	- configMapRef:
				209	name: jvm-env
				210	- secretRef:
				211	name: redis-env-secret
				212	- secretRef:
				213	name: personal-security-center-bff-env-secret
				214	- configMapRef:
				215	name: personal-security-center-bff-env
				216	- configMapRef:
				217	name: personal-security-center-bff-template-env
				218	resources:
				219	requests:
				220	memory: "400Mi"
				221	limits:
				222	memory: "400Mi"
				223	readinessProbe:
				224	httpGet:
				225	path: /actuator/health
				226	port: 8080
				227	initialDelaySeconds: 20
				228	periodSeconds: 5
				229	timeoutSeconds: 5
				230	successThreshold: 1
				231	failureThreshold: 10
				232	imagePullSecrets:
				233	- name: harbor-registry
				234