Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / d0187d0aad431504515d724f0d75a0e731c2bddc / . / project / newcapec-test / k8s-rancher / 1.authx-service / 6.personal-security-center / 4.4.personal-security-center-bff.yaml
blob: 49f640a1254bd3f6f77a6018a73c8a2d4d82bd2b [file] [log] [blame]
刘洪青d0187d02020-08-19 14:55:05 +0800[diff] [blame^]1# personal-security-center-bff.yaml
2
3---
4apiVersion: v1
5kind: ConfigMap
6metadata:
7 namespace: personal-security-center-test
8 name: personal-security-center-bff-template-env
9data:
10 # 根据情况,修改邮件模板
11 EMAIL_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在激活帐号,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
12 EMAIL_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
13
14 EMAIL_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
15 EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
16 EMAIL_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE_BY_EMAIL_ADDRESS: '{name}:您正在修改安全邮箱,须验证邮箱有效,验证码{code},有效期5分钟,请尽快完成验证。'
17 EMAIL_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
18
19 EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
20 EMAIL_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
21 EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
22 EMAIL_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
23 EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
24 EMAIL_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
25 EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
26 EMAIL_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
27
28 # 根据情况,修改短信模板
29 SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_PRE_MOBILE: '{prefix}{name}:您正在激活帐号,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
30 SMS_TEMPLATE_ACTIVE_USER_SEND_CODE_BY_MOBILE: '{prefix}{name}:您正在激活帐号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
31 SMS_TEMPLATE_FORGOT_PASSWORD_SEND_CODE: '{prefix}{name}:您正在找回密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
32
33 SMS_TEMPLATE_USER_SECURITY_PASSWORD_SEND_CODE: '{prefix}{name}:您正在修改密码,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
34 SMS_TEMPLATE_USER_SECURITY_EMAIL_ADDRESS_SEND_CODE: '{prefix}{name}:您正在修改安全邮箱,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
35 SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE: '{prefix}{name}:您正在修改安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
36 SMS_TEMPLATE_USER_SECURITY_MOBILE_SEND_CODE_BY_MOBILE: '{prefix}{name}:您正在修改安全手机,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
37
38 SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE: '{prefix}{name}:您正在绑定QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
39 SMS_TEMPLATE_USER_FEDERATION_QQ_SEND_CODE_UNBIND_QQ: '{prefix}{name}:您正在解绑QQ,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
40 SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE: '{prefix}{name}:您正在绑定微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
41 SMS_TEMPLATE_USER_FEDERATION_OPENWEIXIN_SEND_CODE_UNBIND_OPENWEIXIN: '{prefix}{name}:您正在解绑微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
42 SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE: '{prefix}{name}:您正在绑定企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
43 SMS_TEMPLATE_USER_FEDERATION_WORKWEIXIN_SEND_CODE_UNBIND_WORKWEIXIN: '{prefix}{name}:您正在解绑企业微信,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
44 SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE: '{prefix}{name}:您正在绑定支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
45 SMS_TEMPLATE_USER_FEDERATION_ALIPAY_SEND_CODE_UNBIND_ALIPAY: '{prefix}{name}:您正在解绑支付宝,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
46
47 SMS_TEMPLATE_PREFIX: ''
48
49
50---
51apiVersion: v1
52kind: ConfigMap
53metadata:
54 namespace: personal-security-center-test
55 name: personal-security-center-bff-env
56data:
57 SERVER_PORT: "8080"
58 SSL_ENABLED: "false"
59 #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
60 #SSL_KEYSTORE_PASSWORD: ""
61 #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
62 #SSL_TRUSTSTORE_PASSWORD: ""
63
64 SERVER_MAXHTTPHEADERSIZE: "10240"
65
66 SERVER_TOMCAT_ACCEPT_COUNT: "5000"
67 SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
68 SERVER_TOMCAT_MAX_THREADS: "800"
69 SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
70
71 SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
72 SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
73 SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
74
75 LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_PERSONAL_SECURITY_CENTER_BFF: INFO
76
77
78 # 修改为学校的 personal-security-center 的访问域名
79 PERSONAL_SECURITY_CENTER_SERVER_PREFIX: https://personal-security-center-test.newcapec.edu.cn
80 # 修改为学校的 cas 的访问域名
81 CAS_SERVER_PREFIX: https://cas-test.paas.newcapec.cn/cas
82
83 PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
84
85
86 # 新开普人脸对接配置
87 # 修改为实际项目配置
88 PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
89 PERSONAL_SECURITY_BFF_FACE_AIFACE_APPKEY: "GcacXnw46DxMAApNoSTX"
90 PERSONAL_SECURITY_BFF_FACE_AIFACE_APPSECRET: "eXl15kcYGBdCYTOCFD21"
91 PERSONAL_SECURITY_BFF_FACE_AIFACE_SECRETKEY: "12345678abcdefgh87654321"
92 PERSONAL_SECURITY_BFF_FACE_AIFACE_TERM_CODE: "12"
93
94
95 CASSERVER_SITE_SERVER_URL: http://cas-server-site-webapp-svc.cas-server-test.svc.cluster.local:8080/cas
96 CASSERVER_SITE_CLIENT_AUTH_ENABLED: "false"
97 #CASSERVER_SITE_CLIENT_AUTH_KEY_PASSWORD: ""
98 #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
99 #CASSERVER_SITE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
100 #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
101 #CASSERVER_SITE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
102
103 CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server-test.svc.cluster.local:8080
104 CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
105 #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
106 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
107 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
108 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
109 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
110
111 USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service-test.svc.cluster.local:8080
112 USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
113 #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
114 #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
115 #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
116 #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
117 #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
118
119
120 TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/file/db
121 TPAS_MAIL_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/mail/smtp
122 TPAS_SMS_API_URL: http://agent-service-svc.thirdparty-agent-service-test.svc.cluster.local:8080/api/v1/tpas/sms/console
123 TPAS_CLIENT_AUTH_ENABLED: "false"
124 #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
125 #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
126 #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
127 #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
128 #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
129
130
131 # COMMUNICATOR_EMAIL_MAIL_SERVER_HOST: "smtp.supwisdom.com"
132 # COMMUNICATOR_EMAIL_MAIL_SERVER_PORT: "25"
133 # COMMUNICATOR_EMAIL_USER_NAME: "security.institute@supwisdom.com"
134 # COMMUNICATOR_EMAIL_PASSWORD: "Security2019"
135 # COMMUNICATOR_EMAIL_VALIDATE: "true"
136
137 # COMMUNICATOR_SMS_SENDER_URL: https://agent-service-api.supwisdom.com/api/v1/tpas/sms/console/send
138
139---
140apiVersion: v1
141kind: Secret
142metadata:
143 namespace: personal-security-center-test
144 name: personal-security-center-bff-env-secret
145type: Opaque
146data:
147
148
149
150---
151apiVersion: v1
152kind: Service
153metadata:
154 namespace: personal-security-center-test
155 name: personal-security-center-bff-svc
156 labels:
157 app: personal-security-center-bff
158 needMonitor: 'true'
159spec:
160 ports:
161 - port: 8080
162 targetPort: http
163 protocol: TCP
164 name: http
165 - port: 6060
166 targetPort: http-metrics
167 protocol: TCP
168 name: http-metrics
169 selector:
170 app: personal-security-center-bff
171
172---
173apiVersion: apps/v1
174kind: Deployment
175metadata:
176 namespace: personal-security-center-test
177 name: personal-security-center-bff
178spec:
179 selector:
180 matchLabels:
181 app: personal-security-center-bff
182 replicas: 1
183 template:
184 metadata:
185 labels:
186 app: personal-security-center-bff
187 spec:
188 containers:
189 - name: personal-security-center-bff
190 # 若使用了学校搭设的私有仓库,请修改
191 image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.0.2-SNAPSHOT
192 imagePullPolicy: Always
193 ports:
194 - containerPort: 8080
195 name: http
196 - containerPort: 6060
197 name: http-metrics
198 envFrom:
199 - configMapRef:
200 name: jvm-env
201 - secretRef:
202 name: redis-env-secret
203 - secretRef:
204 name: personal-security-center-bff-env-secret
205 - configMapRef:
206 name: personal-security-center-bff-env
207 - configMapRef:
208 name: personal-security-center-bff-template-env
209 resources:
210 requests:
211 memory: "1024Mi"
212 limits:
213 memory: "1024Mi"
214 readinessProbe:
215 httpGet:
216 path: /actuator/health
217 port: 8080
218 initialDelaySeconds: 20
219 periodSeconds: 5
220 timeoutSeconds: 5
221 successThreshold: 1
222 failureThreshold: 10
223 imagePullSecrets:
224 - name: harbor-registry
225