Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / f69336edbeadb33bee7f372f39fe9db38070b4f6 / . / project / nwpu / k8s-rancher / 1.authx-service / 5.token-server / 4.1.token-server.yaml
blob: 666c65c05d05a2be8e92b96bb1efa9ac05890907 [file] [log] [blame]
刘洪青a1bab152022-03-11 14:30:36 +0800[diff] [blame]1# 4.1.token-server.yaml
2
3---
4apiVersion: v1
5kind: ConfigMap
6metadata:
7 namespace: token-server
8 name: token-server-env
9data:
10 SERVER_PORT: "8080"
11 SSL_ENABLED: "false"
12 #SSL_KEY_PASSWORD: ""
13 #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
14 #SSL_KEYSTORE_PASSWORD: ""
15
16 SERVER_MAXHTTPHEADERSIZE: "10240"
17
18 SERVER_TOMCAT_ACCEPT_COUNT: "5000"
19 SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
20 SERVER_TOMCAT_MAX_THREADS: "800"
21 SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
22
23 LOGGING_LEVEL_COM_SUPWISDOM_INSITITUTE_TOKEN_SERVER: INFO
24
25
26 SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
27 SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "50"
28 SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
29
30 SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
31 SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
32 SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
33
34
35 # **修改** 学校的根域名
36 TOKEN_SERVER_PREFIX: https://token.paas.xxx.edu.cn
37 # **修改** 学校的根域名
38 TOKEN_SERVER_SECURITY_JWT_ISS: token.paas.xxx.edu.cn
39 #TOKEN_SERVER_SECURITY_JWT_EXPIRATION: 2592000
40 #TOKEN_SERVER_SECURITY_JWT_KICKOUT_ENABLED: "false"
41 # **修改**
42 # 请使用与 cas-server 一致的公私钥
43 TOKEN_SERVER_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgShIdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyqfNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0+Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+95sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtWLiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCPWbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7MsmcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/DmcgSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8lXDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsSDS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr94RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1bLsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dOjAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvistOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38voNcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtksniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNmJMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8evFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Aiut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/cUPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdTWVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8KLdTYUkvPHsEAtxR+kwTAg=="
44 TOKEN_SERVER_SECURITY_JWT_PUBLIC_KEY_PEM: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQAB"
45
46
47 # face
48 # aiface 新开普人脸,aipface 百度人脸
49 TOKEN_SERVER_FACE_SOURCE_TYPE: aiface
50
51 # 若须对接新开普人脸,须由新开普人脸系统提供相关配置
52 TOKEN_SERVER_FACE_AIFACE_URL: ""
53 TOKEN_SERVER_FACE_AIFACE_APPKEY: ""
54 TOKEN_SERVER_FACE_AIFACE_APPSECRET: ""
55 TOKEN_SERVER_FACE_AIFACE_SECRETKEY: ""
56 TOKEN_SERVER_FACE_AIFACE_TERM_CODE: ""
57
58 # 若须对接百度人脸,须在百度开放平台注册应用
59 TOKEN_SERVER_FACE_AIPFACE_APPID: ""
60 TOKEN_SERVER_FACE_AIPFACE_APIKEY: ""
61 TOKEN_SERVER_FACE_AIPFACE_SECRETKEY: ""
62
63
64 # passwordless
65 TOKEN_SERVER_PASSWORDLESS_TOKEN_EXPIRATION_IN_SECONDS: "300"
66 TOKEN_SERVER_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】您正在进行登录,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。
67 TOKEN_SERVER_PASSWORDLESS_SMS_FROM: 认证中心
68
69
70 ## 密码验证接口(外部接口)
71 TOKEN_SERVER_SECURITY_PASSWORD_VERIFY_URL: ""
72 # http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080/api/v1/security/accounts/verifyAccountPassword
73
74
75 # **修改** 从消息中心申请
76 MESSAGECENTER_ENABLED: "false"
77 MESSAGECENTER_APP_ID: ""
78 MESSAGECENTER_MESSAGE_TYPE_CODE_APP_LOGIN: APP_LOGIN
79 MESSAGECENTER_MESSAGE_TYPE_CODE_PASSWORD: PASSWORD
80
81 # **修改** 从POA申请
82 POA_SERVER_URL: https://poa.paas.xxx.edu.cn
83 POA_CLIENT_ID: ""
84 POA_CLIENT_SECRET: ""
85 POA_SCOPES: messagecenter:v1:sendMessage
86
87
88 CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
89 CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
90 #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
91 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
92 #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
93 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
94 #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
95
96 USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
97 USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
98 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
99 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
100 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
101 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
102 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
103
104
105 TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
106 TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
107 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
108 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
109 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
110 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
111 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
112
113 TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
114
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame^]115
116 ATTEST_SERVER_URL: http://attest-server-svc.attest-server.svc.cluster.local:8080/attest
117 ATTEST_CLIENT_AUTH_ENABLED: "false"
118 #ATTEST_CLIENT_AUTH_KEY_PASSWORD: ""
119 #ATTEST_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
120 #ATTEST_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
121 #ATTEST_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
122 #ATTEST_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
123
124
125 IPADDR_SERVER_URL: http://ipaddr.ipaddr.svc.cluster.local:9090
126 IPADDR_CLIENT_AUTH_ENABLED: "false"
127 #IPADDR_CLIENT_AUTH_KEY_PASSWORD: ""
128 #IPADDR_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
129 #IPADDR_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
130 #IPADDR_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
131 #IPADDR_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
132
133
134 ##
135 # authx-log rabbitmq
136 #
137 AUTHX_LOG_ENABLED: "true"
138 AUTHX_LOG_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
139 AUTHX_LOG_RABBITMQ_PORT: "5672"
140 AUTHX_LOG_RABBITMQ_USERNAME: guest
141 AUTHX_LOG_RABBITMQ_PASSWORD: guest
142
143
144 ##
145 # 接收 user 推送的 rabbitmq 数据
146 #
147 USER_RABBITMQ_ENABLED: "true"
148 USER_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
149 USER_RABBITMQ_PORT: "5672"
150 USER_RABBITMQ_USERNAME: guest
151 USER_RABBITMQ_PASSWORD: guest
152
153 USER_RABBITMQ_CONSUMER_ENABLED: "true"
154
155
刘洪青a1bab152022-03-11 14:30:36 +0800[diff] [blame]156---
157apiVersion: v1
158kind: Secret
159metadata:
160 namespace: token-server
161 name: token-server-env-secret
162type: Opaque
163data:
164 SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVyLmF1dGh4LXNlcnZpY2Uuc3ZjLmNsdXN0ZXIubG9jYWw=
165 # rabbitmq-server.authx-service.svc.cluster.local
166 SPRING_RABBITMQ_PORT: NTY3Mg==
167 SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
168 SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
169
170
171---
172apiVersion: v1
173kind: Service
174metadata:
175 namespace: token-server
176 name: token-server-svc
177 labels:
178 app: token-server
179 needMonitor: 'true'
180spec:
181 ports:
182 - port: 8080
183 targetPort: http
184 protocol: TCP
185 name: http
186 - port: 6060
187 targetPort: http-metrics
188 protocol: TCP
189 name: http-metrics
190 selector:
191 app: token-server
192
193---
194apiVersion: apps/v1
195kind: Deployment
196metadata:
197 namespace: token-server
198 name: token-server
199spec:
200 selector:
201 matchLabels:
202 app: token-server
203 replicas: 1
204 template:
205 metadata:
206 labels:
207 app: token-server
208 spec:
209 containers:
210 - name: token-server
211 # 若使用了学校搭设的私有仓库,请 **修改**
刘洪青f69336e2022-03-15 13:50:11 +0800[diff] [blame^]212 image: paas.harbor.nwpu.edu.cn/token-server/token-server:1.4.3-RELEASE
刘洪青a1bab152022-03-11 14:30:36 +0800[diff] [blame]213 imagePullPolicy: Always
214 ports:
215 - containerPort: 8080
216 name: http
217 - containerPort: 6060
218 name: http-metrics
219 envFrom:
220 - configMapRef:
221 name: jvm-env
222 - secretRef:
223 name: datasource-env-secret
224 - secretRef:
225 name: redis-env-secret
226 - secretRef:
227 name: rabbitmq-env-secret
228 - configMapRef:
229 name: token-server-env
230 resources:
231 requests:
232 memory: "1024Mi"
233 limits:
234 memory: "1024Mi"
235 readinessProbe:
236 httpGet:
237 path: /actuator/health
238 port: 8080
239 initialDelaySeconds: 20
240 periodSeconds: 5
241 timeoutSeconds: 5
242 successThreshold: 1
243 failureThreshold: 10
244 imagePullSecrets:
245 - name: harbor-registry
246