Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / 4720585551b4a34091ec115bb50f0b684ce99b64 / . / deploy-manifests / k8s-rancher / 1.authx-service / 6.personal-security-center / 4.4.personal-security-center-bff.yaml
blob: 4da5aa2b9616984a158d240e0cf019681f710c5f [file] [log] [blame]
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame^]1# personal-security-center-bff.yaml
2
3---
4apiVersion: v1
5kind: ConfigMap
6metadata:
7 namespace: personal-security-center
8 name: personal-security-center-bff-template-env
9data:
10 # 根据情况,修改邮件模板
11 EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: "{name}:您正在激活帐号,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。"
12 EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: "{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
13
14 EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: "{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
15 EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: "{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
16 EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: "{name}:您正在修改安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。"
17 EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: "{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
18
19 EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: "{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
20 EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: "{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
21 EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: "{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
22 EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: "{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
23 EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: "{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
24 EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: "{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
25 EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: "{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
26 EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: "{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
27
28 # 根据情况,修改短信模板
29 SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: "{prefix}{name}:您正在激活帐号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。"
30 SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: "{prefix}{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
31
32 SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: "{prefix}{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
33 SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: "{prefix}{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
34 SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: "{prefix}{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
35 SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: "{prefix}{name}:您正在修改安全手机,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。"
36
37 SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: "{prefix}{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
38 SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: "{prefix}{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
39 SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: "{prefix}{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
40 SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: "{prefix}{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
41 SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: "{prefix}{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
42 SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: "{prefix}{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
43 SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: "{prefix}{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
44 SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: "{prefix}{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。"
45
46 SMS_TEMPLATE_PREFIX: ""
47
48
49---
50apiVersion: v1
51kind: ConfigMap
52metadata:
53 namespace: personal-security-center
54 name: personal-security-center-bff-env
55data:
56 SERVER_PORT: "8080"
57 SSL_ENABLED: "false"
58 #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
59 #SSL_KEYSTORE_PASSWORD: ""
60 #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
61 #SSL_TRUSTSTORE_PASSWORD: ""
62
63 SERVER_MAXHTTPHEADERSIZE: "10240"
64
65 SERVER_TOMCAT_ACCEPT_COUNT: "5000"
66 SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
67 SERVER_TOMCAT_MAX_THREADS: "800"
68 SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
69
70 SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
71 SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
72 SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
73
74 LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
75
76
77 # 修改为学校的 personal-security-center 的访问域名
78 PERSONAL_SECURITY_CENTER_SERVER_PREFIX: http://personal-security-center.paas.xxx.edu.cn
79 # 修改为学校的 cas 的访问域名
80 CAS_SERVER_PREFIX: http://cas.paas.xxx.edu.cn/cas
81
82 PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
83
84
85 # 新开普人脸对接配置
86 # 修改为实际项目配置
87 PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
88 PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
89 PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
90 PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
91 PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
92
93
94 CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas
95 CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
96 #CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
97 #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
98 #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
99 #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
100 #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
101
102 CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
103 CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
104 #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
105 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
106 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
107 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
108 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
109
110 USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
111 USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
112 #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
113 #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
114 #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
115 #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
116 #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
117
118 # PERSONAL_SECURITY_CENTER_SA_API_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
119 # PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_ENABLED: "false"
120 #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
121 #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
122 #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
123 #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
124 #PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
125
126
127 TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/db
128 TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/smtp
129 TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console
130 TPAS_CLIENT_AUTH_ENABLED: "false"
131 #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
132 #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
133 #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
134 #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
135 #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
136
137
138 # COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
139 # COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
140 # COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
141 # COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
142 # COMMUNICATOR_EMAIL_VALIDATE: "true"
143
144 # COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
145
146---
147apiVersion: v1
148kind: Secret
149metadata:
150 namespace: personal-security-center
151 name: personal-security-center-bff-env-secret
152type: Opaque
153data:
154
155
156
157---
158apiVersion: v1
159kind: Service
160metadata:
161 namespace: personal-security-center
162 name: personal-security-center-bff-svc
163 labels:
164 app: personal-security-center-bff
165 needMonitor: 'true'
166spec:
167 ports:
168 - port: 8080
169 targetPort: http
170 protocol: TCP
171 name: http
172 - port: 6060
173 targetPort: http-metrics
174 protocol: TCP
175 name: http-metrics
176 selector:
177 app: personal-security-center-bff
178
179---
180apiVersion: apps/v1
181kind: Deployment
182metadata:
183 namespace: personal-security-center
184 name: personal-security-center-bff
185spec:
186 selector:
187 matchLabels:
188 app: personal-security-center-bff
189 replicas: 1
190 template:
191 metadata:
192 labels:
193 app: personal-security-center-bff
194 spec:
195 containers:
196 - name: personal-security-center-bff
197 # 若使用了学校搭设的私有仓库,请修改
198 image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.0.2-SNAPSHOT
199 imagePullPolicy: Always
200 ports:
201 - containerPort: 8080
202 name: http
203 - containerPort: 6060
204 name: http-metrics
205 envFrom:
206 - configMapRef:
207 name: jvm-env
208 - secretRef:
209 name: redis-env-secret
210 - secretRef:
211 name: personal-security-center-bff-env-secret
212 - configMapRef:
213 name: personal-security-center-bff-env
214 - configMapRef:
215 name: personal-security-center-bff-template-env
216 resources:
217 requests:
218 memory: "400Mi"
219 limits:
220 memory: "400Mi"
221 readinessProbe:
222 httpGet:
223 path: /actuator/health
224 port: 8080
225 initialDelaySeconds: 20
226 periodSeconds: 5
227 timeoutSeconds: 5
228 successThreshold: 1
229 failureThreshold: 10
230 imagePullSecrets:
231 - name: harbor-registry
232