Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / bf267abc867f071ea7ec8e328f2af6be860944c6 / . / deploy-manifests / k8s-rancher / 1.authx-service / 7.attest-server / 4.1.attest-server.yaml
blob: ffc6db3a6d27cc10a3b404e6976232ffe455e39a [file] [log] [blame]
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]1# 4.1.attest-server.yaml
2
3---
4apiVersion: v1
5kind: ConfigMap
6metadata:
7 namespace: attest-server
8 name: attest-server-env
9data:
10 SERVER_PORT: "8080"
11 SSL_ENABLED: "false"
12 #SSL_KEY_PASSWORD: ""
13 #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
14 #SSL_KEYSTORE_PASSWORD: ""
15
16 SERVER_SERVLET_CONTEXT_PATH: "/attest"
17
18 SERVER_MAXHTTPHEADERSIZE: "20480"
19
20 SERVER_TOMCAT_ACCEPT_COUNT: "500"
21 SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
22 SERVER_TOMCAT_MAX_THREADS: "500"
23 SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
24
25
26 # **修改** 从POA申请
27 POA_SERVER_URL: https://poa.paas.xxx.edu.cn
28 POA_CLIENT_ID: ""
29 POA_CLIENT_SECRET: ""
30 POA_SCOPES: appPush:v1:apppushByMessageType
31
32
33 # 修改为学校的根域名
刘洪青9b1e8942021-09-24 16:54:47 +0800[diff] [blame]34 ATTEST_SERVER_PREFIX: https://cas.paas.xxx.edu.cn/attest
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]35
36
37 # guard
38 ATTEST_SERVER_SECUREPHONE_SMS_TEXT_TEMPLATE: 【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。
39 ATTEST_SERVER_SECUREPHONE_SMS_FROM: 认证服务
40
刘洪青a52e4df2021-12-31 15:20:32 +0800[diff] [blame]41 # **修改** 根据实际情况,修改短信模板
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]42 ATTEST_SERVER_SECUREEMAIL_MAIL_TEXT_TEMPLATE: 【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。
43 ATTEST_SERVER_SECUREEMAIL_MAIL_FROM: 认证服务
44
45 # 在超级APP 中唤起人脸识别的 URL Scheme
46 ATTEST_SERVER_FACEVERIFY_SUPERAPP_URL_SCHEME: superapp
47
48
49 # 超级APP Token 的验签公钥
刘洪青50e2f582021-09-21 17:10:31 +0800[diff] [blame]50 TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token/jwt/publicKey
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]51
52
53 USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
54 USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
55 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
56 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
57 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
58 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
59 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
60
61
62 TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
63 TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
64 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
65 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
66 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
67 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
68 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
69
刘洪青a52e4df2021-12-31 15:20:32 +0800[diff] [blame]70 # **修改**
71 # 若须对接sms 接口,须进行二开定制
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]72 TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
刘洪青a52e4df2021-12-31 15:20:32 +0800[diff] [blame]73 TPAS_AGENT_SERVICE_MAIL_SENDER_PATH: /api/v1/tpas/mail/smtp/send
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]74 TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
75
76
77 ##
78 # token-server
79 #
刘洪青50e2f582021-09-21 17:10:31 +0800[diff] [blame]80 TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]81
82
83 ##
84 # 将 attest 数据 推送到 rabbitmq
85 #
86 # ATTEST_RABBITMQ_ENABLED: "false"
87 # ATTEST_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
88 # ATTEST_RABBITMQ_PORT: "5672"
89 # ATTEST_RABBITMQ_USERNAME: guest
90 # ATTEST_RABBITMQ_PASSWORD: guest
91 #
92 # ATTEST_RABBITMQ_APPPUSHATTEST2TOKENRABBITSENDER_ENABLED: "false"
93
94
95---
96apiVersion: v1
97kind: Secret
98metadata:
99 namespace: attest-server
100 name: attest-server-env-secret
101type: Opaque
102data:
103
104
105---
106apiVersion: v1
107kind: Service
108metadata:
109 namespace: attest-server
110 name: attest-server-svc
111 labels:
112 app: attest-server
113 needMonitor: 'true'
114spec:
115 ports:
116 - port: 8080
117 targetPort: http
118 protocol: TCP
119 name: http
120 - port: 6060
121 targetPort: http-metrics
122 protocol: TCP
123 name: http-metrics
124 selector:
125 app: attest-server
126
127---
128apiVersion: apps/v1
129kind: Deployment
130metadata:
131 namespace: attest-server
132 name: attest-server
133spec:
134 selector:
135 matchLabels:
136 app: attest-server
137 replicas: 1
138 template:
139 metadata:
140 labels:
141 app: attest-server
142 spec:
143 containers:
144 - name: attest-server
刘洪青c6782852021-12-27 13:31:09 +0800[diff] [blame]145 image: harbor.supwisdom.com/attest-server/attest-server:1.5.0-RELEASE
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]146 imagePullPolicy: Always
147 ports:
148 - containerPort: 8080
149 name: http
150 - containerPort: 6060
151 name: http-metrics
152 envFrom:
153 - configMapRef:
154 name: jvm-env
155 - configMapRef:
156 name: attest-server-env
157 - secretRef:
158 name: attest-server-env-secret
159 resources:
160 requests:
刘洪青50e2f582021-09-21 17:10:31 +0800[diff] [blame]161 memory: "1024Mi"
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]162 limits:
刘洪青50e2f582021-09-21 17:10:31 +0800[diff] [blame]163 memory: "1024Mi"
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]164 readinessProbe:
165 httpGet:
166 path: /attest/actuator/health
167 port: 8080
168 initialDelaySeconds: 20
169 periodSeconds: 5
170 timeoutSeconds: 5
171 successThreshold: 1
172 failureThreshold: 10
173 imagePullSecrets:
174 - name: harbor-registry
175