Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / f947e97d141e233aa4602cb650e3a717e9c57737 / . / deploy-manifests / k8s-rancher / 1.authx-service / 7.attest-server / 4.1.attest-server.yaml
blob: fe104d34d575df32affa29259413b910fc64295a [file] [log] [blame]
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]1# 4.1.attest-server.yaml
2
3---
4apiVersion: v1
5kind: ConfigMap
6metadata:
7 namespace: attest-server
8 name: attest-server-env
9data:
10 SERVER_PORT: "8080"
11 SSL_ENABLED: "false"
12 #SSL_KEY_PASSWORD: ""
13 #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
14 #SSL_KEYSTORE_PASSWORD: ""
15
16 SERVER_SERVLET_CONTEXT_PATH: "/attest"
17
18 SERVER_MAXHTTPHEADERSIZE: "20480"
19
20 SERVER_TOMCAT_ACCEPT_COUNT: "500"
21 SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
22 SERVER_TOMCAT_MAX_THREADS: "500"
23 SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
24
25
26 # **修改** 从POA申请
27 POA_SERVER_URL: https://poa.paas.xxx.edu.cn
28 POA_CLIENT_ID: ""
29 POA_CLIENT_SECRET: ""
30 POA_SCOPES: appPush:v1:apppushByMessageType
31
32
33 # 修改为学校的根域名
刘洪青9b1e8942021-09-24 16:54:47 +0800[diff] [blame]34 ATTEST_SERVER_PREFIX: https://cas.paas.xxx.edu.cn/attest
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]35
36
37 # guard
38 ATTEST_SERVER_SECUREPHONE_SMS_TEXT_TEMPLATE: 【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。
39 ATTEST_SERVER_SECUREPHONE_SMS_FROM: 认证服务
40
41 ATTEST_SERVER_SECUREEMAIL_MAIL_TEXT_TEMPLATE: 【认证服务】{name}:您正在进行验证身份,验证码为{code},有效期5分钟,请尽快完成验证。
42 ATTEST_SERVER_SECUREEMAIL_MAIL_FROM: 认证服务
43
44 # 在超级APP 中唤起人脸识别的 URL Scheme
45 ATTEST_SERVER_FACEVERIFY_SUPERAPP_URL_SCHEME: superapp
46
47
48 # 超级APP Token 的验签公钥
刘洪青50e2f582021-09-21 17:10:31 +0800[diff] [blame]49 TOKEN_SERVER_TOKEN_SIGNING_KEY_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token/jwt/publicKey
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]50
51
52 USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
53 USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
54 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
55 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
56 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
57 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
58 #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
59
60
61 TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
62 TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
63 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
64 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
65 #TPAS_AGENT_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
66 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
67 #TPAS_AGENT_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
68
69 TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
70 TPAS_AGENT_SERVICE_MAIL_SENDER_PATH: /api/v1/tpas/mail/console/send
71 TPAS_AGENT_SERVICE_FACE_FACEVERIFY_PATH: /api/v1/tpas/face/aiface/faceverify
72
73
74 ##
75 # token-server
76 #
刘洪青50e2f582021-09-21 17:10:31 +0800[diff] [blame]77 TOKEN_SERVER_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080/token
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]78
79
80 ##
81 # 将 attest 数据 推送到 rabbitmq
82 #
83 # ATTEST_RABBITMQ_ENABLED: "false"
84 # ATTEST_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
85 # ATTEST_RABBITMQ_PORT: "5672"
86 # ATTEST_RABBITMQ_USERNAME: guest
87 # ATTEST_RABBITMQ_PASSWORD: guest
88 #
89 # ATTEST_RABBITMQ_APPPUSHATTEST2TOKENRABBITSENDER_ENABLED: "false"
90
91
92---
93apiVersion: v1
94kind: Secret
95metadata:
96 namespace: attest-server
97 name: attest-server-env-secret
98type: Opaque
99data:
100
101
102---
103apiVersion: v1
104kind: Service
105metadata:
106 namespace: attest-server
107 name: attest-server-svc
108 labels:
109 app: attest-server
110 needMonitor: 'true'
111spec:
112 ports:
113 - port: 8080
114 targetPort: http
115 protocol: TCP
116 name: http
117 - port: 6060
118 targetPort: http-metrics
119 protocol: TCP
120 name: http-metrics
121 selector:
122 app: attest-server
123
124---
125apiVersion: apps/v1
126kind: Deployment
127metadata:
128 namespace: attest-server
129 name: attest-server
130spec:
131 selector:
132 matchLabels:
133 app: attest-server
134 replicas: 1
135 template:
136 metadata:
137 labels:
138 app: attest-server
139 spec:
140 containers:
141 - name: attest-server
刘洪青c6782852021-12-27 13:31:09 +0800[diff] [blame]142 image: harbor.supwisdom.com/attest-server/attest-server:1.5.0-RELEASE
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]143 imagePullPolicy: Always
144 ports:
145 - containerPort: 8080
146 name: http
147 - containerPort: 6060
148 name: http-metrics
149 envFrom:
150 - configMapRef:
151 name: jvm-env
152 - configMapRef:
153 name: attest-server-env
154 - secretRef:
155 name: attest-server-env-secret
156 resources:
157 requests:
刘洪青50e2f582021-09-21 17:10:31 +0800[diff] [blame]158 memory: "1024Mi"
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]159 limits:
刘洪青50e2f582021-09-21 17:10:31 +0800[diff] [blame]160 memory: "1024Mi"
刘洪青94dba6c2021-09-18 11:24:08 +0800[diff] [blame]161 readinessProbe:
162 httpGet:
163 path: /attest/actuator/health
164 port: 8080
165 initialDelaySeconds: 20
166 periodSeconds: 5
167 timeoutSeconds: 5
168 successThreshold: 1
169 failureThreshold: 10
170 imagePullSecrets:
171 - name: harbor-registry
172