Blame - deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml - institute/deploy-authx-service

blob: 3c380e6243d003add329b3d0e833b3dd02da4519 [file] [log] [blame]

刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	1	# personal-security-center-bff.yaml
				2
				3	---
				4	apiVersion: v1
				5	kind: ConfigMap
				6	metadata:
				7	namespace: personal-security-center
				8	name: personal-security-center-bff-template-env
				9	data:
				10	# 根据情况，修改邮件模板
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame^]	11	EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: '{name}：您正在激活帐号，须验证邮箱有效，验证码{code}，有效期5分钟，请尽快完成验证。'
				12	EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{name}：您正在找回密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	13
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame^]	14	EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{name}：您正在修改密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				15	EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{name}：您正在修改安全邮箱，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				16	EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}：您正在修改安全邮箱，须验证邮箱有效，验证码{code}，有效期5分钟，请尽快完成验证。'
				17	EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{name}：您正在修改安全手机，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	18
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame^]	19	EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{name}：您正在绑定QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				20	EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{name}：您正在解绑QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				21	EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{name}：您正在绑定微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				22	EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{name}：您正在解绑微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				23	EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{name}：您正在绑定企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				24	EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{name}：您正在解绑企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				25	EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{name}：您正在绑定支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				26	EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{name}：您正在解绑支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	27
				28	# 根据情况，修改短信模板
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame^]	29	SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_PRE_MOBILE: '{prefix}{name}：您正在激活帐号，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				30	SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: '{prefix}{name}：您正在激活帐号，须验证手机有效，验证码{code}，有效期5分钟，请尽快完成验证。'
				31	SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{prefix}{name}：您正在找回密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	32
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame^]	33	SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{prefix}{name}：您正在修改密码，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				34	SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{prefix}{name}：您正在修改安全邮箱，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				35	SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{prefix}{name}：您正在修改安全手机，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				36	SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: '{prefix}{name}：您正在修改安全手机，须验证手机有效，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	37
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame^]	38	SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{prefix}{name}：您正在绑定QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				39	SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{prefix}{name}：您正在解绑QQ，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				40	SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{prefix}{name}：您正在绑定微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				41	SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{prefix}{name}：您正在解绑微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				42	SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{prefix}{name}：您正在绑定企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				43	SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{prefix}{name}：您正在解绑企业微信，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				44	SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}{name}：您正在绑定支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
				45	SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}{name}：您正在解绑支付宝，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。'
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	46
刘洪青	c31902b	2020-08-19 14:52:46 +0800	[diff] [blame^]	47	SMS_TEMPLATE_PREFIX: ''
刘洪青	4720585	2020-08-14 13:39:30 +0800	[diff] [blame]	48
				49
				50	---
				51	apiVersion: v1
				52	kind: ConfigMap
				53	metadata:
				54	namespace: personal-security-center
				55	name: personal-security-center-bff-env
				56	data:
				57	SERVER_PORT: "8080"
				58	SSL_ENABLED: "false"
				59	#SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
				60	#SSL_KEYSTORE_PASSWORD: ""
				61	#SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
				62	#SSL_TRUSTSTORE_PASSWORD: ""
				63
				64	SERVER_MAXHTTPHEADERSIZE: "10240"
				65
				66	SERVER_TOMCAT_ACCEPT_COUNT: "5000"
				67	SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
				68	SERVER_TOMCAT_MAX_THREADS: "800"
				69	SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
				70
				71	SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
				72	SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
				73	SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
				74
				75	LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
				76
				77
				78	# 修改为学校的 personal-security-center 的访问域名
				79	PERSONAL_SECURITY_CENTER_SERVER_PREFIX: http://personal-security-center.paas.xxx.edu.cn
				80	# 修改为学校的 cas 的访问域名
				81	CAS_SERVER_PREFIX: http://cas.paas.xxx.edu.cn/cas
				82
				83	PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
				84
				85
				86	# 新开普人脸对接配置
				87	# 修改为实际项目配置
				88	PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
				89	PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
				90	PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
				91	PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
				92	PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
				93
				94
				95	CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas
				96	CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
				97	#CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
				98	#CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
				99	#CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
				100	#CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
				101	#CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
				102
				103	CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
				104	CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
				105	#CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
				106	#CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
				107	#CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
				108	#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
				109	#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
				110
				111	USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
				112	USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
				113	#USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
				114	#USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
				115	#USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
				116	#USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
				117	#USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
				118
				119	# PERSONAL_SECURITY_CENTER_SA_API_SERVER_URL: http://personal-security-center-sa-api-svc.personal-security-center.svc.cluster.local:8080
				120	# PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_ENABLED: "false"
				121	#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
				122	#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
				123	#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
				124	#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
				125	#PERSONAL_SECURITY_CENTER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
				126
				127
				128	TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/db
				129	TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/mail/smtp
				130	TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/sms/console
				131	TPAS_CLIENT_AUTH_ENABLED: "false"
				132	#TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
				133	#TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
				134	#TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
				135	#TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
				136	#TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
				137
				138
				139	# COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
				140	# COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
				141	# COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
				142	# COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
				143	# COMMUNICATOR_EMAIL_VALIDATE: "true"
				144
				145	# COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
				146
				147	---
				148	apiVersion: v1
				149	kind: Secret
				150	metadata:
				151	namespace: personal-security-center
				152	name: personal-security-center-bff-env-secret
				153	type: Opaque
				154	data:
				155
				156
				157
				158	---
				159	apiVersion: v1
				160	kind: Service
				161	metadata:
				162	namespace: personal-security-center
				163	name: personal-security-center-bff-svc
				164	labels:
				165	app: personal-security-center-bff
				166	needMonitor: 'true'
				167	spec:
				168	ports:
				169	- port: 8080
				170	targetPort: http
				171	protocol: TCP
				172	name: http
				173	- port: 6060
				174	targetPort: http-metrics
				175	protocol: TCP
				176	name: http-metrics
				177	selector:
				178	app: personal-security-center-bff
				179
				180	---
				181	apiVersion: apps/v1
				182	kind: Deployment
				183	metadata:
				184	namespace: personal-security-center
				185	name: personal-security-center-bff
				186	spec:
				187	selector:
				188	matchLabels:
				189	app: personal-security-center-bff
				190	replicas: 1
				191	template:
				192	metadata:
				193	labels:
				194	app: personal-security-center-bff
				195	spec:
				196	containers:
				197	- name: personal-security-center-bff
				198	# 若使用了学校搭设的私有仓库，请修改
				199	image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.0.2-SNAPSHOT
				200	imagePullPolicy: Always
				201	ports:
				202	- containerPort: 8080
				203	name: http
				204	- containerPort: 6060
				205	name: http-metrics
				206	envFrom:
				207	- configMapRef:
				208	name: jvm-env
				209	- secretRef:
				210	name: redis-env-secret
				211	- secretRef:
				212	name: personal-security-center-bff-env-secret
				213	- configMapRef:
				214	name: personal-security-center-bff-env
				215	- configMapRef:
				216	name: personal-security-center-bff-template-env
				217	resources:
				218	requests:
				219	memory: "400Mi"
				220	limits:
				221	memory: "400Mi"
				222	readinessProbe:
				223	httpGet:
				224	path: /actuator/health
				225	port: 8080
				226	initialDelaySeconds: 20
				227	periodSeconds: 5
				228	timeoutSeconds: 5
				229	successThreshold: 1
				230	failureThreshold: 10
				231	imagePullSecrets:
				232	- name: harbor-registry
				233