Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / 65b369ca2eed64d2b07f11df2602ea971ee07922 / . / deploy-manifests / k8s-rancher / 1.authx-service / 4.cas-server / 4.5.cas-server-site-webapp.yaml
blob: 2d67d844335b1f88a1133de28641995151ea50a2 [file] [log] [blame]
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]1# cas-server-site-webapp.yaml
2
3---
4apiVersion: v1
5kind: ConfigMap
6metadata:
7 namespace: cas-server
8 name: cas-server-site-webapp-env
9data:
10 SERVER_PORT: "8080"
11 SSL_ENABLED: "false"
12 #SSL_KEY_PASSWORD: ""
13 #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
14 #SSL_KEYSTORE_PASSWORD: ""
15
16 SERVER_MAXHTTPHEADERSIZE: "10240"
17
18 SERVER_TOMCAT_ACCEPT_COUNT: "5000"
19 SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
20 SERVER_TOMCAT_MAX_THREADS: "800"
21 SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
22
刘洪青9c2687b2020-09-10 15:53:39 +0800[diff] [blame]23
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]24 SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
25 SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
26 SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
27
28
29 LOGGING_CONFIG: file:/etc/cas/log4j2-file.xml
30
31
32 ##
33 # 认证服务的外网访问地址,
34 # **修改** 学校的根域名
刘洪青a505def2020-11-11 11:01:13 +0800[diff] [blame]35 CAS_SERVER_NAME: https://cas.paas.xxx.edu.cn
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]36
刘洪青a505def2020-11-11 11:01:13 +0800[diff] [blame]37 ##
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]38 # Ticket Granting Cookie
刘洪青a505def2020-11-11 11:01:13 +0800[diff] [blame]39 # 若未启用 https,**修改** 为 false
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]40 CAS_TGC_SECURE: "true"
41
42 # TGT Expiration Policy
43 CAS_TICKET_TGT_MAX_TIME_TO_LIVE_IN_SECONDS: "1209600"
44 CAS_TICKET_TGT_TIME_TO_KILL_IN_SECONDS: "172800"
45
46 # JWT Tickets
47 CAS_AUTHN_TOKEN_CRYPTO_SIGNING_KEY: "(@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2"
48
49 ##
50 # 登录UI,主题
刘洪青803447c2020-09-28 16:28:14 +0800[diff] [blame]51 SPRING_THYMELEAF_PREFIX: classpath:/templates/themes/classic/
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]52
53 ##
54 # 测试环境中可使用,正式环境下请配置为空
55 #
56 CAS_AUTHN_ACCEPT_USERS: ""
57
58
59 ## 配置第三方认证的相关参数
60 CASSERVER_FEDERATION_QQ_ENABLED: "true"
61 CASSERVER_FEDERATION_QQ_NAME: QQ
62 CASSERVER_FEDERATION_QQ_APPID: ""
63 CASSERVER_FEDERATION_QQ_APPKEY: ""
64
65 CASSERVER_FEDERATION_OPENWEIXIN_ENABLED: "true"
66 CASSERVER_FEDERATION_OPENWEIXIN_NAME: 微信
67 CASSERVER_FEDERATION_OPENWEIXIN_APPID: ""
68 CASSERVER_FEDERATION_OPENWEIXIN_APPSECRET: ""
69
70 CASSERVER_FEDERATION_WORKWEIXIN_ENABLED: "true"
71 CASSERVER_FEDERATION_WORKWEIXIN_NAME: 企业微信
72 CASSERVER_FEDERATION_WORKWEIXIN_CORPID: ""
73 CASSERVER_FEDERATION_WORKWEIXIN_AGENTID: ""
74 CASSERVER_FEDERATION_WORKWEIXIN_SECRET: ""
75
76 CASSERVER_FEDERATION_ALIPAY_ENABLED: "true"
77 CASSERVER_FEDERATION_ALIPAY_NAME: 支付宝
78 CASSERVER_FEDERATION_ALIPAY_APPID: ""
79 CASSERVER_FEDERATION_ALIPAY_APPPRIVATEKEY: ""
80 CASSERVER_FEDERATION_ALIPAY_ALIPAYPUBLICKEY: ""
81
刘洪青b6ce9af2020-11-25 23:27:30 +0800[diff] [blame]82 CASSERVER_FEDERATION_DINGTALK_ENABLED: "true"
83 CASSERVER_FEDERATION_DINGTALK_NAME: 钉钉
84 CASSERVER_FEDERATION_DINGTALK_APPID: ""
85 CASSERVER_FEDERATION_DINGTALK_APPSECRET: ""
86
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]87
88 # **修改**
89 # jwt 的签发方标识,一般为 认证的域名
90 CASSERVER_JWT_ISS: cas.paas.xxx.edu.cn
91 # **修改**
92 # 参考 certs/jwt/readme.md 生成公私钥pem,修改相关配置
93 CASSERVER_JWT_PRIVATE_KEY_PEM_PKCS8: "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgShIdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyqfNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0+Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+95sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtWLiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCPWbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7MsmcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/DmcgSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8lXDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsSDS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr94RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1bLsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dOjAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvistOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38voNcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtksniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNmJMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8evFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Aiut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/cUPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdTWVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8KLdTYUkvPHsEAtxR+kwTAg=="
94 CASSERVER_JWT_PUBLIC_KEY_PEM: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQAB"
95
96 # **视情况修改**
97 ## 是否启用登录验证码
98 CASSERVERSITE_CAPTCHA_ENABLED: "false"
99
100 ## 配置用户的登录名的正则校验(用于手机、邮箱登录的判断)
101 #CASSERVERSITE_USERNAME_REGEX_MOBILE: ""
102 # \d{11}$
103 #CASSERVERSITE_USERNAME_REGEX_EMAIL_ADDRESS: ""
104 # \w+\.?\w+@\w+\.[a-z]+(\.[a-z]+)?
105
106 ## 配置认证时,帐号服务的实现( redis 帐号数据存放在redis中, user-sa 帐号数据从用户服务获取)
107 CASSERVERSITE_ACCOUNT_SERVICE_IMPL: user-sa
108
109 ## 配置认证时,角色服务的实现( redis 角色数据存放在redis中, user-authz-sa 角色数据从授权服务获取)
110 CASSERVERSITE_ROLE_SERVICE_IMPL: user-authz-sa
111
112 ## 配置认证时,动态码的短信发送实现( default 控制台输出, agent-service 代理服务)
113 CASSERVERSITE_SMS_SENDER_IMPL: agent-service
114
115 # **修改** 学校的根域名
刘洪青a505def2020-11-11 11:01:13 +0800[diff] [blame]116 CASSERVERSITE_FORGOT_PASSWORD_URL: https://security-center.paas.xxx.edu.cn/find-pwd
117 CASSERVERSITE_ACTIVE_ACCOUNT_URL: https://security-center.paas.xxx.edu.cn/active-account
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]118
119 ## 动态码登录相关配置
120 CASSERVERSITE_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300"
121 CASSERVERSITE_PASSWORDLESS_SMS_FROM: 认证中心
122 # **修改** 根据实际情况,修改短信模板
刘洪青ad59f942020-10-14 16:44:50 +0800[diff] [blame]123 CASSERVERSITE_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】您正在登录统一身份认证,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]124
125
126 TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
127 TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
128 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
129 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
130 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
131 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
132 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
133
134 # **修改**
135 # 若须对接sms 接口,须进行二开定制
136 TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
137
刘洪青c0170fa2020-09-20 16:25:25 +0800[diff] [blame]138 TPAS_AGENT_SERVICE_FILE_PATH: /api/v1/tpas/file/minio
139
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]140
141 CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
142 CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
143 #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
144 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
145 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
146 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
147 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
148
149
150 USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
151 USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
152 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
153 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
154 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
155 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
156 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
157
158
159 USER_AUTHZ_SERVICE_SA_API_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
160 USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
161 #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
162 #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
163 #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
164 #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
165 #USER_AUTHZ_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
166
167 ##
168 # 超级APP Token 的验签公钥
169 # 如须和 超级APP 进行对接,修改此配置
170 # **修改** 学校的根域名
刘洪青a505def2020-11-11 11:01:13 +0800[diff] [blame]171 SUPERAPP_TOKEN_SIGNING_KEY_URL: https://token.paas.xxx.edu.cn/jwt/publicKey
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]172
173
刘洪青03307802021-04-08 22:45:25 +0800[diff] [blame]174 ##
175 # 第三方CAS 认证对接
176 #
177 CASCLIENT_ENABLED: "false"
178 CASCLIENT_CAS_SERVER_URL: http://third-party-cas/cas
179 CASCLIENT_CAS_CLIENT_URL: http://localhost:8080/cas/login
180 CASCLIENT_CAS_CLIENT_LOGOUT_URL: http://localhost:8080/cas/logout
181
182
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]183---
184apiVersion: v1
185kind: Service
186metadata:
187 namespace: cas-server
188 name: cas-server-site-webapp-svc
189 labels:
190 app: cas-server-site-webapp
191 needMonitor: 'true'
192spec:
193 ports:
194 - port: 8080
195 targetPort: http
196 protocol: TCP
197 name: http
198 - port: 6060
199 targetPort: http-metrics
200 protocol: TCP
201 name: http-metrics
202 selector:
203 app: cas-server-site-webapp
204---
205apiVersion: apps/v1
206kind: Deployment
207metadata:
208 namespace: cas-server
209 name: cas-server-site-webapp
210spec:
211 selector:
212 matchLabels:
213 app: cas-server-site-webapp
214 replicas: 1
215 template:
216 metadata:
217 labels:
218 app: cas-server-site-webapp
219 spec:
220 containers:
221 - name: cas-server-site-webapp
222 # 若使用了学校搭设的私有仓库,请修改
刘洪青1a366ec2021-04-17 13:58:52 +0800[diff] [blame]223 image: harbor.supwisdom.com/cas-server/cas-server-site-webapp:1.1.6-RELEASE
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]224 imagePullPolicy: Always
225 ports:
226 - containerPort: 8080
227 name: http
228 - containerPort: 6060
229 name: http-metrics
230 envFrom:
231 - configMapRef:
232 name: jvm-env
233 - secretRef:
234 name: redis-env-secret
235 - secretRef:
236 name: rabbitmq-env-secret
237 - configMapRef:
238 name: cas-server-site-webapp-env
239 resources:
240 requests:
刘洪青687d71f2020-10-09 15:32:45 +0800[diff] [blame]241 memory: "6000Mi"
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]242 limits:
刘洪青687d71f2020-10-09 15:32:45 +0800[diff] [blame]243 memory: "6000Mi"
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]244 readinessProbe:
245 tcpSocket:
246 port: 8080
247 initialDelaySeconds: 30
248 periodSeconds: 5
249 timeoutSeconds: 5
250 successThreshold: 1
251 failureThreshold: 10
252 imagePullSecrets:
253 - name: harbor-registry
254