docs: 西工大部署脚本
diff --git "a/project/nwpu/k8s-rancher/0.0.1.\345\274\200\346\224\276\345\271\263\345\217\260\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md" "b/project/nwpu/k8s-rancher/0.0.1.\345\274\200\346\224\276\345\271\263\345\217\260\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md"
new file mode 100644
index 0000000..8fe7936
--- /dev/null
+++ "b/project/nwpu/k8s-rancher/0.0.1.\345\274\200\346\224\276\345\271\263\345\217\260\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214.md"
@@ -0,0 +1,226 @@
+# 安装部署手册
+
+**开放平台**
+
+* 修订历史
+
+版本 | 作者 | 日期 | 备注
+- | - | - | -
+v1 | 郝江涛 | 2020-10-30 | 初稿
+
+[TOC]
+
+## 安装准备
+
+### mysql 初始配置
+
+* 创建数据库帐号
+
+ 参考命令:
+ ```
+ create user 'developer_center'@'%' identified with mysql_native_password by 'your_password';
+ ```
+
+* 创建 database
+
+ ```
+ developer_center
+ ```
+
+ 参考命令:
+ ```
+ create database `developer_center` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ ```
+
+* 授予权限
+
+ 将 database 的权限授予对应的帐号
+
+ 参考命令:
+ ```
+ grant all privileges on `developer_center`.* to 'developer_center'@'%' with grant option;
+ ```
+
+
+* 备份与还原
+
+ 参考命令:
+ 备份:
+ ```
+ mysqldump -u root -p developer_center > developer_center.sql
+ ```
+
+ 还原:
+ ```
+ mysql -u root -p developer_center < admin_center.sql
+
+
+### harbor 准备
+
+* 创建 devops 帐号(如已存在,请忽略)
+
+ 用于 rancher 部署时拉取镜像
+
+ 用户管理 下 创建用户
+ 如 devops
+
+
+* 镜像同步
+
+ 从 https://harbor.supwisdom.com 中同步镜像
+
+ 仓库管理 下 新建目标
+ ```
+ supwisdom https://harbor.supwisdom.com rancher.devops / PWMgP85qiLFC
+ ```
+
+ 同步管理 下 新建规则
+
+ ```
+ developer-center developer-center/*
+
+ ```
+
+ 同步规则,创建完成后,进行镜像同步
+
+ 选择某个同步规则,点击 同步,等待任务完成
+
+
+* 授予 devops 帐号 对各个项目的 访客 权限
+
+ 项目 下,点击 项目名称,进入到 成员,添加用户,查找用户 devops,选择角色 访客,确定,添加即可
+
+### rancher 准备
+
+* 创建项目
+
+ 进入 全局 - 集群(具体名称视项目安装而定) - 项目/命名空间,添加项目
+
+ 输入 项目名称,保存
+
+
+* 创建命名空间
+
+ 进入 全局 - 集群(具体名称视项目安装而定) - 项目/命名空间
+
+ 在新建的项目中,添加命名空间
+
+ 输入 名称,保存
+
+* 导入YAML
+
+ 进入 全局 - 集群(具体名称视项目安装而定) - 项目(某个项目)
+
+ 进入 资源 - 工作负载
+
+### 域名准备
+
+* 确定域名
+
+ 首先明确是否使用泛域名,如:`*.paas.xxx.edu.cn`,或 直接使用学校域名 `xxx.edu.cn`
+
+ 本产品安装需要的域名如下:
+ ```
+ dev-center.paas.xxx.edu.cn 开放平台的网关api
+
+ dev-admin.paas.xxx.edu.cn 开放平台的前端后台UI
+ dev-portal.paas.xxx.edu.cn 开放平台的前端前台UI
+ ```
+
+
+ 如果使用 学校域名,则去除 .paas 即可,同时申请开通相关域名
+
+## 开始安装
+
+
+### 数据库创建
+
+* 数据库帐号
+
+ 服务 | 帐号
+ - | -
+ 管理中心 developer_center | developer_center
+
+ 创建命令
+
+ **请修改命令中的 `your_password` 为实际的数据库帐号的密码**
+ ```
+ create user 'developer_center'@'%' identified with mysql_native_password by 'your_password';
+ ```
+
+
+
+
+### rancher 容器部署
+
+* 修改 yaml 中的相关配置
+
+ 具体参考 yaml 文件中的说明
+
+
+ open-platform
+
+ 开放平台
+
+ ```
+ 0.developer-center
+
+ 此为 开放平台
+
+
+ 1.minio-sa
+
+ 此为 文件基础能力(此服务部署可选。如果已有,可以考虑不部署)。
+
+ ```
+
+
+* 添加项目、命名空间
+
+ 项目
+
+ 在集群下创建 项目:
+
+ ```
+ open-platform # 开放平台
+
+ ```
+
+ 命名空间
+
+ 在项目 developer-center 下创建 命名空间:
+
+ ```
+ developer-center
+
+ minio-sa (如果不部署minio-sa 服务,此命名空间可以不创建)
+
+ ```
+
+
+* 导入YAML
+
+ 在项目 open-platform 中,将 0.developer-center 和 1.minio-sa 下的 yaml 按编号依次导入
+
+ 务必确保 `4.0.developer-center-backend-installer.yaml` 执行成功
+
+
+### 数据配置
+
+ 数据脚本初始化
+
+ 先修改 脚本中的数据库名称,和属性中存在的域名
+
+
+* **必选,open-platform/1.0.init.sql**
+
+ 修改 数据库数据初始化时的默认配置
+
+### 服务依赖
+
+ user-data-service 服务版本请确保在1.1或者更高
+
+## 结合云平台的使用(可选)
+
+ 请参考open-platform/1.0.云平台-开放平台使用手册.md .
+
diff --git a/project/nwpu/k8s-rancher/open-platform/0.developer-center/0.developer-center-base.yaml b/project/nwpu/k8s-rancher/open-platform/0.developer-center/0.developer-center-base.yaml
new file mode 100644
index 0000000..3de87d8
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/0.developer-center/0.developer-center-base.yaml
@@ -0,0 +1,210 @@
+# 0.developer-center-base.yaml
+
+####################################################
+# namespace
+####################################################
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: developer-center
+ # labels:
+ # istio-injection: enabled
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+ namespace: developer-center
+ name: harbor-registry
+data:
+ # 修改harbor仓库配置,并使用 base64 工具进行编码
+ # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
+ # .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQzIwIiwidXNlcm5hbWUiOiJyYW5jaGVyLmRldm9wcyJ9fX0=
+ # {"auths":{"paas.harbor.nwpu.edu.cn":{"password":"0nJq1KievrNOt2GT7L","username":"nwpu.devops"}}}
+ .dockerconfigjson: eyJhdXRocyI6eyJwYWFzLmhhcmJvci5ud3B1LmVkdS5jbiI6eyJwYXNzd29yZCI6IjBuSnExS2lldnJOT3QyR1Q3TCIsInVzZXJuYW1lIjoibndwdS5kZXZvcHMifX19
+
+####################################################
+# mysql-server
+####################################################
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: developer-center
+ name: mysql-server
+spec:
+ ports:
+ - name: tcp-mysql
+ port: 3306
+ protocol: TCP
+ targetPort: 3306
+---
+kind: Endpoints
+apiVersion: v1
+metadata:
+ namespace: developer-center
+ name: mysql-server
+#在这里正确修改你的数据库配置,包括端口和地址
+subsets:
+ - addresses:
+ - ip: 10.40.10.52
+ ports:
+ - name: tcp-mysql
+ port: 3306
+ protocol: TCP
+
+
+
+####################################################
+# redis-server
+####################################################
+
+# 若存在存储,可使用PVC
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ namespace: developer-center
+ name: redis-data-pvc
+spec:
+ accessModes:
+ - ReadWriteMany
+ # 根据情况修改,修改 存储类 的名称
+ storageClassName: nfs-client-new2
+ resources:
+ requests:
+ storage: 20Gi
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ labels:
+ app: redis
+ release: redis-server
+ name: redis-server
+ namespace: developer-center
+type: Opaque
+data:
+ REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: redis
+ release: redis-server
+ name: redis-server
+ namespace: developer-center
+spec:
+ ports:
+ - name: redis
+ port: 6379
+ protocol: TCP
+ targetPort: redis
+ selector:
+ app: redis
+ release: redis-server
+ role: master
+ type: ClusterIP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ labels:
+ app: redis
+ release: redis-server
+ name: redis-server
+ namespace: developer-center
+spec:
+ podManagementPolicy: OrderedReady
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app: redis
+ release: redis-server
+ role: master
+ serviceName: redis-master
+ template:
+ metadata:
+ labels:
+ app: redis
+ release: redis-server
+ role: master
+ spec:
+ containers:
+ - name: redis-server
+ env:
+ - name: REDIS_DISABLE_COMMANDS
+ value: FLUSHDB,FLUSHALL
+ - name: REDIS_REPLICATION_MODE
+ value: master
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: redis-server
+ key: REDIS_PASSWORD
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/bitnami/redis:4.0
+ # 若使用了学校搭设的私有仓库,请修改 为 Always
+ imagePullPolicy: IfNotPresent
+ # imagePullPolicy: Always
+ livenessProbe:
+ exec:
+ command:
+ - redis-cli
+ - ping
+ failureThreshold: 5
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ ports:
+ - containerPort: 6379
+ name: redis
+ protocol: TCP
+ readinessProbe:
+ exec:
+ command:
+ - redis-cli
+ - ping
+ failureThreshold: 5
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ volumeMounts:
+ - mountPath: /bitnami/redis/data
+ name: redis-data
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ securityContext:
+ fsGroup: 0
+ # runAsUser: 1001
+ # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+ # runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ # 若存在存储,可使用PVC,否则使用 emptyDir(注意空格)
+ # - name: redis-data
+ # emptyDir: {}
+ - name: redis-data
+ persistentVolumeClaim:
+ claimName: redis-data-pvc
+ # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可,注意空格)
+ imagePullSecrets:
+ - name: harbor-registry
+ updateStrategy:
+ rollingUpdate:
+ partition: 0
+ type: RollingUpdate
diff --git a/project/nwpu/k8s-rancher/open-platform/0.developer-center/1.developer-center-env.yaml b/project/nwpu/k8s-rancher/open-platform/0.developer-center/1.developer-center-env.yaml
new file mode 100644
index 0000000..771347c
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/0.developer-center/1.developer-center-env.yaml
@@ -0,0 +1,68 @@
+# 1.developer-center-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: developer-center
+ name: jvm-env
+data:
+ MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: developer-center
+ name: datasource-env-secret
+type: Opaque
+data:
+ # 这里填写正确的数据库配置,参考部署文件0
+ # jdbc:mysql://mysql-server:3306/developer_center?serverTimezone=Asia/Shanghai
+ JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlcjozMzA2L2RldmVsb3Blcl9jZW50ZXI/c2VydmVyVGltZXpvbmU9QXNpYS9TaGFuZ2hhaQ==
+ # developer_center
+ JDBC_USERNAME: ZGV2ZWxvcGVyX2NlbnRlcg==
+ # Nwpu@Supwisdom123
+ JDBC_PASSWORD: TndwdUBTdXB3aXNkb20xMjM=
+
+# ---
+# apiVersion: v1
+# kind: Secret
+# metadata:
+# namespace: developer-center
+# name: datasource-env-secret
+# type: Opaque
+# data:
+# # 这里填写正确的数据库配置,参考部署文件0
+# # jdbc:mysql://mysql-server:3306/developer_center_test?serverTimezone=Asia/Shanghai
+# JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlcjozMzA2L2RldmVsb3Blcl9jZW50ZXJfdGVzdD9zZXJ2ZXJUaW1lem9uZT1Bc2lhL1NoYW5naGFp
+# # developer_center_test
+# JDBC_USERNAME: ZGV2ZWxvcGVyX2NlbnRlcl90ZXN0
+# # Nwpu@Supwisdom123_test
+# JDBC_PASSWORD: TndwdUBTdXB3aXNkb20xMjNfdGVzdA==
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: developer-center
+ name: redis-env-secret
+type: Opaque
+data:
+ SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+ SPRING_REDIS_PORT: NjM3OQ==
+ SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
+# ---
+# apiVersion: v1
+# kind: Secret
+# metadata:
+# namespace: developer-center
+# name: rabbitmq-env-secret
+# type: Opaque
+# data:
+# SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVy
+# SPRING_RABBITMQ_PORT: NTY3Mg==
+# SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
+# SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
diff --git a/project/nwpu/k8s-rancher/open-platform/0.developer-center/2.developer-center-ingresses.yaml b/project/nwpu/k8s-rancher/open-platform/0.developer-center/2.developer-center-ingresses.yaml
new file mode 100644
index 0000000..7ac856c
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/0.developer-center/2.developer-center-ingresses.yaml
@@ -0,0 +1,68 @@
+# 2.developer-center-ingresses.yaml
+
+#这个文件中,你要将对外暴露的地址修改为实际分配的地址
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: developer-center
+ name: developer-center-gateway-zuul-ingress
+spec:
+ rules:
+ - host: dev-center.paas.nwpu.edu.cn
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: developer-center-gateway-zuul-svc
+ servicePort: http
+
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: developer-center
+ name: developer-center-admin-ui-spa-ingress
+spec:
+ rules:
+ - host: dev-admin.paas.nwpu.edu.cn
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: developer-center-admin-ui-spa-svc
+ servicePort: http
+
+# ---
+# apiVersion: extensions/v1beta1
+# kind: Ingress
+# metadata:
+# namespace: developer-center
+# name: developer-center-admin-ui-ingress
+# spec:
+# rules:
+# - host: dev-admin.paas.nwpu.edu.cn
+# http:
+# paths:
+# - path: /
+# backend:
+# serviceName: developer-center-admin-ui-svc
+# servicePort: http
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: developer-center
+ name: developer-center-portal-ui-ingress
+spec:
+ rules:
+ - host: dev-portal.paas.nwpu.edu.cn
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: developer-center-portal-ui-svc
+ servicePort: http
diff --git a/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.0.developer-center-backend-installer.yaml b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.0.developer-center-backend-installer.yaml
new file mode 100644
index 0000000..2d96766
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.0.developer-center-backend-installer.yaml
@@ -0,0 +1,47 @@
+# 4.0.developer-center-backend-installer.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: developer-center
+ name: developer-center-backend-installer-env
+data:
+ DB_TYPE: mysql8
+
+
+---
+# 这个任务用来初始化数据库脚本,执行这里前请确定数据连接配置信息正确,并且已经有了相应的数据库
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: developer-center-backend-installer
+ namespace: developer-center
+spec:
+ completions: 1
+ parallelism: 1
+ template:
+ metadata:
+ labels:
+ app: developer-center-backend-installer
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: developer-center-backend-installer
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/developer-center/developer-center-backend-installer:1.0.2-SNAPSHOT
+ imagePullPolicy: Always
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: datasource-env-secret
+ - configMapRef:
+ name: developer-center-backend-installer-env
+ resources:
+ requests:
+ memory: "256Mi"
+ limits:
+ memory: "256Mi"
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.10.developer-center-minio.yaml b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.10.developer-center-minio.yaml
new file mode 100644
index 0000000..8206d04
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.10.developer-center-minio.yaml
@@ -0,0 +1,114 @@
+# 2.authx-service-minio.yaml
+
+####################################################
+# minio
+# 文件服务器,对象存储
+####################################################
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: minio-data-pvc
+ namespace: developer-center
+spec:
+ accessModes:
+ - ReadWriteMany
+ # 根据情况修改
+ storageClassName: supwisdom-nfs-storage
+ resources:
+ requests:
+ storage: 5Gi
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: minio-env-secret
+ namespace: developer-center
+type: Opaque
+data:
+ # 修改 access_key,并使用 base64 工具进行编码
+ # 默认值:1y8N@8R@a_2u
+ MINIO_ACCESS_KEY: bWluaW9hZG1pbg==
+ # 修改 secret_key,并使用 base64 工具进行编码
+ # 默认至:8pxlIe9#lN7Q
+ MINIO_SECRET_KEY: bWluaW9hZG1pbg==
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: developer-center
+ name: minio-svc
+ labels:
+ app: minio
+spec:
+ ports:
+ - port: 9000
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ app: minio
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: developer-center
+ name: minio
+spec:
+ selector:
+ matchLabels:
+ app: minio
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: minio
+ spec:
+ containers:
+ - name: minio
+ image: minio/minio:RELEASE.2020-04-23T00-58-49Z
+ imagePullPolicy: Always
+ args:
+ - "server"
+ - "/data"
+ ports:
+ - containerPort: 9000
+ name: http
+ envFrom:
+ - secretRef:
+ name: minio-env-secret
+ volumeMounts:
+ - mountPath: /data
+ name: minio-data
+ resources:
+ requests:
+ memory: "256Mi"
+ limits:
+ memory: "256Mi"
+ volumes:
+ - name: minio-data
+ persistentVolumeClaim:
+ claimName: minio-data-pvc
+
+
+# 该 ingress 配置可选
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: minio-ingress
+ namespace: developer-center
+spec:
+ rules:
+ # 修改为学校的根域名
+ - host: developer-center-minio-test.paas.newcapec.cn
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: minio-svc
+ servicePort: http
+
diff --git a/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.2.developer-center-backend-sa.yaml b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.2.developer-center-backend-sa.yaml
new file mode 100644
index 0000000..58e6248
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.2.developer-center-backend-sa.yaml
@@ -0,0 +1,101 @@
+# 4.2.developer-center-backend-sa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: developer-center
+ name: developer-center-backend-sa-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: developer-center
+ name: developer-center-backend-sa-env-secret
+type: Opaque
+data:
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: developer-center
+ name: developer-center-backend-sa-svc
+ labels:
+ app: developer-center-backend-sa
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: developer-center-backend-sa
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: developer-center
+ name: developer-center-backend-sa
+spec:
+ selector:
+ matchLabels:
+ app: developer-center-backend-sa
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: developer-center-backend-sa
+ spec:
+ containers:
+ - name: developer-center-backend-sa
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/developer-center/developer-center-backend-sa:1.0.2-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: datasource-env-secret
+ - secretRef:
+ name: developer-center-backend-sa-env-secret
+ - configMapRef:
+ name: developer-center-backend-sa-env
+ resources:
+ requests:
+ memory: "512Mi"
+ limits:
+ memory: "512Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+
diff --git a/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.4.developer-center-bff.yaml b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.4.developer-center-bff.yaml
new file mode 100644
index 0000000..07576ab
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.4.developer-center-bff.yaml
@@ -0,0 +1,281 @@
+# 4.4.developer-center-bff.yaml
+
+#ConfigMap 中的地址要替换相应实际环境中的地址
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: developer-center
+ name: developer-center-bff-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+
+ LOGGING_LEVEL_ROOT: INFO
+
+ #同环境中backend服务的地址
+ DEVELOPER_CENTER_SA_SERVER_URL: http://developer-center-backend-sa-svc.developer-center.svc.cluster.local:8080
+ DEVELOPER_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
+ # DEVELOPER_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ # DEVELOPER_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # DEVELOPER_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ # DEVELOPER_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # DEVELOPER_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ #本服务依赖到的文件上传服务
+ TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
+ TPAS_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ #同环境中poa服务的地址
+ PLATFORM_OPENAPI_SA_SERVER_URL: http://poa-sa-svc.poa.svc.cluster.local:8443
+ PLATFORM_OPENAPI_SA_CLIENT_AUTH_ENABLED: "false"
+ # PLATFORM_OPENAPI_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ # PLATFORM_OPENAPI_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # PLATFORM_OPENAPI_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ # PLATFORM_OPENAPI_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # PLATFORM_OPENAPI_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ #同环境中授权服务的地址
+ USER_AUTHZ_SA_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+ USER_AUTHZ_SA_CLIENT_AUTH_ENABLED: "false"
+ # USER_AUTHZ_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ # USER_AUTHZ_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # USER_AUTHZ_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ # USER_AUTHZ_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # USER_AUTHZ_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ #同环境中用户服务的地址
+ USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ # USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ # USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ # USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ #同环境中认证服务的地址
+ CAS_SA_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
+ CAS_SA_CLIENT_AUTH_ENABLED: "false"
+ # CAS_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ # CAS_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # CAS_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ # CAS_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # CAS_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ UNIAUTH_SA_SERVER_URL: https://uniauth.nwpu.edu.cn
+ UNIAUTH_SA_CLIENT_AUTH_ENABLED: "false"
+ # UNIAUTH_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ # UNIAUTH_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # UNIAUTH_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ # UNIAUTH_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # UNIAUTH_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ #同环境中文件服务的地址
+ MINIO_SA_SERVER_URL: http://minio-sa.minio-sa.svc.cluster.local:9090
+ MINIO_SA_CLIENT_AUTH_ENABLED: "false"
+ # MINIO_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ # MINIO_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # MINIO_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ # MINIO_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # MINIO_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ #同环境中消息服务的地址
+ MESSAGE_MANAGER_SERVER_URL: http://message-service-manager.message-service.svc.cluster.local:8080/manager
+ MESSAGE_MANAGER_CLIENT_AUTH_ENABLED: "false"
+ # MESSAGE_MANAGER_AUTH_KEY_PASSWORD: ""
+ # MESSAGE_MANAGER_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # MESSAGE_MANAGER_AUTH_KEYSTORE_PASSWORD: ""
+ # MESSAGE_MANAGER_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # MESSAGE_MANAGER_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ FLOW_SERVER_URL: https://formflow.nwpu.edu.cn/formflow
+ FLOW_CLIENT_AUTH_ENABLED: "false"
+ # FLOW_CLIENT_AUTH_KEY_PASSWORD: ""
+ # FLOW_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # FLOW_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ # FLOW_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # FLOW_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ TTC_SERVER_URL: https://formflow.nwpu.edu.cn/ttc
+ TTC_CLIENT_AUTH_ENABLED: "false"
+ # TTC_CLIENT_AUTH_KEY_PASSWORD: ""
+ # TTC_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ # TTC_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ # TTC_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ # TTC_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ FLOW_KEYS: "TtcTmxwbGJ6VnZhVE0xV1dGR05XRTJOVFZaY1djMVlTdEg="
+
+ FLOW_ABILITY_MESSAGE_APPID: "32d20532-b37a-402d-88a6-d5475e764e4e"
+ FLOW_ABILITY_TTC_APPID: "f74f0f9b-8a1f-41e6-b488-c8874228cc31"
+ FLOW_ABILITY_MINIO_APPID: "11ce12f3-7eef-404e-a087-738147090850"
+ FLOW_ABILITY_AUTH_APPID: "fc8a8d1-9455-4f69-b999-b866f89c9472"
+ FLOW_ABILITY_CAS_APPID: "73b541e5-1344-44bf-9fad-c5f1b033e9fc"
+
+ FLOW_APIVERSION_APPID: "6a7fc2f9-fcc0-4a2d-9f67-0943213a7aad"
+
+ FLOW_SCOPE_APPID: 315b8be1-649f-401c-80c3-419ff395d7ae
+ FLOW_SCOPE_SONFORM: sonform_colorful_egg_1616843524737_3
+ FLOW_SCOPE_API_SONFORM: sonform_colorful_egg_1616843524737_4
+
+ FLOW_APPLICATION_SCOPES_APPID: 4661bc95-38dd-4e88-9514-dc93f1e95223
+ FLOW_APPLICATION_SCOPES_SCOPES_SONFORM: sonform_colorful_egg_1616498573794
+ FLOW_APPLICATION_SCOPES_API_FIELDS_SONFORM: sonform_colorful_egg_1616556009894
+
+ FLOW_NEW_API_APPID: aced312b-b933-4ec1-b123-92abb61ab9be
+
+
+ POA_SA_API_SEPCS_UPLOAD_CHECK_CASE: "false"
+
+ MINIO_SA_BASIC_AUTH_USERNAME: saadmin
+ MINIO_SA_BASIC_AUTH_PASSWORD: saadmin
+
+ UNIAUTH_SA_BASIC_AUTH_USERNAME: saadmin
+ UNIAUTH_SA_BASIC_AUTH_PASSWORD: saadminfoobar
+
+ USER_IDENTITY_TYPE_DEVELOPER_INDIVIDUAL: D01
+ USER_IDENTITY_TYPE_DEVELOPER_ENTERPRISE: D02
+ USER_ORGANIZATION: "1"
+
+ USER_AUTHZ_BUSINESSDOMAINID: "1"
+ USER_AUTHZ_SYSTEMID: "1"
+
+
+ # 用于替换 OAS 文档 里的 变量 ${POA_SERVER_URL}
+ POA_SERVER_URL: https://poa.nwpu.edu.cn
+
+ POA_DOCS_SERVER_URL: https://poa-docs.nwpu.edu.cn
+
+ FORM_DESIGN_SERVER_URL: https://form-design.nwpu.edu.cn
+
+ DEV_CENTER_SERVER_URL: https://dev-center.nwpu.edu.cn
+ DEV_PORTAL_SERVER_URL: https://dev-portal.nwpu.edu.cn
+
+
+ DEVELOPER-CENTER-BFF.NONCE.STORE.IMPL: redis
+ # DEVELOPER-CENTER-BFF_SERVER_PREFIX: http://localhost:8080
+
+ SMS_TEMPLATE_APPLY_ACCOUNT_REGISTER_SEND_CODE_BY_MOBILE : "{prefix}:您当前正在注册账号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。"
+
+
+ # 基础能力开通后,自动添加scopes
+ ABILITY_POA_SCOPES_AUTO_USER_AUTH: "authz:v1:readRole"
+ ABILITY_POA_SCOPES_AUTO_MESSAGE: "messagecenter:v1:readMessage,messagecenter:v1:writeMessage,messagecenter:v1:sendMessage"
+ ABILITY_POA_SCOPES_AUTO_TTC: "ttc:v1:writeTtc"
+
+
+ # POA API 对接配置
+ POA_API_SERVER_URL: https://poa.nwpu.edu.cn
+ POA_API_CLIENT_ID: "hHPqzPSSpXptVMlkZhsZWziO42c="
+ POA_API_CLIENT_SECRET: "w_HhrhdoQYIw6-FIvDbBZsLKTbRWuHfhRFWC1tS_wm0="
+ POA_API_SCOPES: "user:v1:readGroup"
+
+ # POA_API_SERVER_URL: http://poa.paas.nwpu.edu.cn
+ # POA_API_CLIENT_ID: "e7EB5MTxWNPtrOU3wGrcx07epq8="
+ # POA_API_CLIENT_SECRET: "6PPy0C1jpeQiBfKTEwfXVAfXvz65s3fD9l1AGTCVoPQ="
+ # POA_API_SCOPES: "user:v1:readGroup"
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: developer-center
+ name: developer-center-bff-env-secret
+type: Opaque
+data:
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: developer-center
+ name: developer-center-bff-svc
+ labels:
+ app: developer-center-bff
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: developer-center-bff
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: developer-center
+ name: developer-center-bff
+spec:
+ selector:
+ matchLabels:
+ app: developer-center-bff
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: developer-center-bff
+ spec:
+ containers:
+ - name: developer-center-bff
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/developer-center/developer-center-bff:1.0.2-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - secretRef:
+ name: developer-center-bff-env-secret
+ - configMapRef:
+ name: developer-center-bff-env
+ resources:
+ requests:
+ memory: "512Mi"
+ limits:
+ memory: "512Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+
diff --git a/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.5.developer-center-gateway-zuul.yaml b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.5.developer-center-gateway-zuul.yaml
new file mode 100644
index 0000000..9fffc66
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.5.developer-center-gateway-zuul.yaml
@@ -0,0 +1,187 @@
+# 4.5.developer-center-gateway-zuul.yaml
+
+#ConfigMap 中的地址要替换相应实际环境中的地址
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: developer-center
+ name: developer-center-gateway-zuul-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+ SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
+ SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
+ SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
+
+ SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+ SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+ SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
+
+
+ ZUUL_HOST_MAX_PER_ROUTE_CONNECTIONS: "1000"
+ ZUUL_HOST_MAX_TOTAL_CONNECTIONS: "1000"
+ ZUUL_SEMAPHORE_MAX_SEMAPHORES: "10000"
+
+
+ INFRAS_SECURITY_BASIC_ENABLED: "false"
+ INFRAS_SECURITY_JWT_ENABLED: "true"
+
+ INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas
+ INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: ""
+ # 这里依赖cas 服务
+ INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey"
+ INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: ""
+ INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: ""
+
+
+ INFRAS_SECURITY_CAS_ENABLED: "true"
+ #这里的地址对应ingress配置文件里网关服务的对外地址
+ APP_SERVER_HOST_URL: "http://dev-center.paas.nwpu.edu.cn"
+ #APP_LOGIN_URL: "/cas/login"
+ #APP_LOGOUT_URL: "/cas/logout"
+ CAS_SERVER_HOST_URL: "http://uis.paas.nwpu.edu.cn/cas"
+
+
+ ##
+ # userDetailsService 的实现配置
+ # memery,基于内存,用户名任意,角色固定,一般用于开发调试
+ # authn, 基于后端管理,采用本地帐号、角色的数据接口
+ # sa, 中台后端服务,建议和cas一起使用
+ #
+ DEVELOPER_CENTER_GATEWAY_ZUUL_SECURITY_USERDETAILS_SERVICE_IMPL: sa
+
+
+ ## 用户授权服务
+ # USER_AUTHORIZATION_SERVICE_APPLICATION_ID: "6"
+
+
+ ZUUL_HTTPCLIENT_CLIENT_AUTH_ENABLED: "false"
+ #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEY_PASSWORD: ""
+ #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #ZUUL_HTTPCLIENT_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+
+ DEVELOPER_CENTER_SA_SERVER_URL: http://developer-center-backend-sa-svc.developer-center.svc.cluster.local:8080
+ DEVELOPER_CENTER_SA_CLIENT_AUTH_ENABLED: "false"
+ #DEVELOPER_CENTER_SA_CLIENT_AUTH_KEY_PASSWORD: ""
+ #DEVELOPER_CENTER_SA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #DEVELOPER_CENTER_SA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #DEVELOPER_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #DEVELOPER_CENTER_SA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+ USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ ZUUL_ROUTES_BFF_ABILITY_MESSAGE_URL: http://message-manager-svc.message-service.svc.cluster.local:8080/manager/api/v1
+ ZUUL_ROUTES_BFF_ADMIN_URL: http://developer-center-bff-svc.developer-center.svc.cluster.local:8080
+ ZUUL_ROUTES_BFF_PORTAL_URL: http://developer-center-bff-svc.developer-center.svc.cluster.local:8080
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: developer-center
+ name: developer-center-gateway-zuul-env-secret
+type: Opaque
+data:
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: developer-center
+ name: developer-center-gateway-zuul-svc
+ labels:
+ app: developer-center-gateway-zuul
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: developer-center-gateway-zuul
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: developer-center
+ name: developer-center-gateway-zuul
+spec:
+ selector:
+ matchLabels:
+ app: developer-center-gateway-zuul
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: developer-center-gateway-zuul
+ spec:
+ containers:
+ - name: developer-center-gateway-zuul
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/developer-center/developer-center-gateway-zuul:1.0.2-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - secretRef:
+ name: developer-center-gateway-zuul-env-secret
+ - configMapRef:
+ name: developer-center-gateway-zuul-env
+ resources:
+ requests:
+ memory: "512Mi"
+ limits:
+ memory: "512Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+
diff --git a/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.9.developer-center-admin-ui-spa.yaml b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.9.developer-center-admin-ui-spa.yaml
new file mode 100644
index 0000000..180f949
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.9.developer-center-admin-ui-spa.yaml
@@ -0,0 +1,101 @@
+# 4.9.developer-center-admin-ui-spa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: developer-center
+ name: developer-center-admin-ui-spa-env
+data:
+ # 如果配置值中 存在 & 的,需要用 \& 进行转义(此说明只在该镜像配置中有效)
+ # 这里需要替换实际环境中的地址
+ MAIN_SERVER: https://dev-admin.nwpu.edu.cn
+
+ DEVELOPER_CENTER_API: https://dev-center.nwpu.edu.cn
+ MESSAGE_SERVICE_API: https://message-service.nwpu.edu.cn/manager
+
+ AUTH_TYPE: cas
+ AUTH_CAS: https://uis.nwpu.edu.cn/cas
+ JWT_ISS: https://uis.nwpu.edu.cn/cas
+ JWT_SECRET: (@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: developer-center
+ name: developer-center-admin-ui-spa-env-secret
+type: Opaque
+data:
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: developer-center
+ name: developer-center-admin-ui-spa-svc
+ labels:
+ app: developer-center-admin-ui-spa
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 80
+ targetPort: http
+ protocol: TCP
+ name: http
+ # - port: 6060
+ # targetPort: http-metrics
+ # protocol: TCP
+ # name: http-metrics
+ selector:
+ app: developer-center-admin-ui-spa
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: developer-center
+ name: developer-center-admin-ui-spa
+spec:
+ selector:
+ matchLabels:
+ app: developer-center-admin-ui-spa
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: developer-center-admin-ui-spa
+ spec:
+ containers:
+ - name: developer-center-admin-ui-spa
+ # 若使用了学校搭设的私有仓库,请修改
+ image: paas.harbor.nwpu.edu.cn/developer-center/developer-center-admin-ui-spa:0.0.2
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 80
+ name: http
+ # - containerPort: 6060
+ # name: http-metrics
+ envFrom:
+ - secretRef:
+ name: developer-center-admin-ui-spa-env-secret
+ - configMapRef:
+ name: developer-center-admin-ui-spa-env
+ resources:
+ requests:
+ memory: "128Mi"
+ limits:
+ memory: "128Mi"
+ # readinessProbe:
+ # httpGet:
+ # path: /actuator/health
+ # port: 8080
+ # initialDelaySeconds: 20
+ # periodSeconds: 5
+ # timeoutSeconds: 5
+ # successThreshold: 1
+ # failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+
diff --git a/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.9.developer-center-portal-ui.yaml b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.9.developer-center-portal-ui.yaml
new file mode 100644
index 0000000..7d470ab
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/0.developer-center/4.9.developer-center-portal-ui.yaml
@@ -0,0 +1,104 @@
+# 4.9.developer-center-portal-ui.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: developer-center
+ name: developer-center-portal-ui-env
+data:
+ # 如果配置值中 存在 & 的,需要用 \& 进行转义(此说明只在该镜像配置中有效)
+ # 这里需要替换实际环境中的地址
+ MAIN_SERVER: https://dev-portal.nwpu.edu.cn
+
+ BASE_API: https://dev-center.nwpu.edu.cn
+
+ MESSAGE_SERVICE_API: https://message-service.nwpu.edu.cn/manager
+ DEVELOPER_API: https://dev-center.nwpu.edu.cn
+
+ AUTH_TYPE: cas
+
+ AUTH_CAS: https://uis.nwpu.edu.cn/cas
+ JWT_ISS: https://uis.nwpu.edu.cn/cas
+ JWT_SECRET: (@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2
+
+ DOC_API: https://dev-center.nwpu.edu.cn
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: developer-center
+ name: developer-center-portal-ui-env-secret
+type: Opaque
+data:
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: developer-center
+ name: developer-center-portal-ui-svc
+ labels:
+ app: developer-center-portal-ui
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 80
+ targetPort: http
+ protocol: TCP
+ name: http
+ # - port: 6060
+ # targetPort: http-metrics
+ # protocol: TCP
+ # name: http-metrics
+ selector:
+ app: developer-center-portal-ui
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: developer-center
+ name: developer-center-portal-ui
+spec:
+ selector:
+ matchLabels:
+ app: developer-center-portal-ui
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: developer-center-portal-ui
+ spec:
+ containers:
+ - name: developer-center-portal-ui
+ image: paas.harbor.nwpu.edu.cn/developer-center/developer-center-portal-ui:0.0.2
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 80
+ name: http
+ # - containerPort: 6060
+ # name: http-metrics
+ envFrom:
+ - secretRef:
+ name: developer-center-portal-ui-env-secret
+ - configMapRef:
+ name: developer-center-portal-ui-env
+ resources:
+ requests:
+ memory: "128Mi"
+ limits:
+ memory: "128Mi"
+ # readinessProbe:
+ # httpGet:
+ # path: /actuator/health
+ # port: 8080
+ # initialDelaySeconds: 20
+ # periodSeconds: 5
+ # timeoutSeconds: 5
+ # successThreshold: 1
+ # failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
+
diff --git a/project/nwpu/k8s-rancher/open-platform/1.0.init.sql b/project/nwpu/k8s-rancher/open-platform/1.0.init.sql
new file mode 100644
index 0000000..299dcc9
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/1.0.init.sql
@@ -0,0 +1,170 @@
+
+use cas_server;
+
+INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+ `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`,
+ `RESPONSE_TYPE`, `LOGOUT_TYPE`,
+ `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`,
+ `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`,
+ `APPLICATION_ID`, `EXTERNAL_ID`,
+ `ID_TOKEN_ENABLED`, `JWT_AS_SERVICE_TICKET`,
+ `APPLICATION_DOMAIN`
+)
+VALUES ('31', '1', 0, 'admin', '2020-07-01 00:00:00',
+ '开发者门户', '开发者门户', 'https://dev-portal.nwpu.edu.cn', 'https://dev-portal.nwpu.edu.cn/slo?clearToken=clearToken',
+ 'REDIRECT', 'FRONT_CHANNEL',
+ 31, '开发者门户', 31, 'https://dev-portal.nwpu.edu.cn/(.*)',
+ 1, 1, 1,
+ '31', '31',
+ 1, 1,
+ 'dev-portal.nwpu.edu.cn'
+);
+
+
+use developer_center;
+
+INSERT INTO `TB_DEV_ACCOUNT` (`ID`, `COMPANY_ID`, `DELETED`, `USERNAME`, `PASSWORD`, `IS_DEVELOPER`,
+ `TYPE`, `NAME`, `STATUS`, `CERTIFICATE_TYPE`, `CERTIFICATE_NUMBER`, `EXTERNAL_ID`
+)
+VALUES ('150', '1', '0', 'defaultDeveloper', 'defaultDeveloper', '1',
+'individual', '上海树维', '1', '1', '150', '150');
+
+INSERT INTO `TB_DEV_ACCOUNT` (`ID`, `COMPANY_ID`, `DELETED`, `USERNAME`, `PASSWORD`, `IS_OPERATOR`,
+ `TYPE`, `NAME`, `STATUS`, `CERTIFICATE_TYPE`, `CERTIFICATE_NUMBER`, `EXTERNAL_ID`
+)
+VALUES ('151', '1', '0', 'defaultOperator', 'defaultOperator', '1',
+'individual', '上海树维管理员', '1', '1', '151','151');
+
+
+INSERT INTO `TB_DEV_ACCOUNT` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+ `USERNAME`, `PASSWORD`, `ENABLED`, `ACCOUNT_NON_EXPIRED`, `ACCOUNT_NON_LOCKED`, `CREDENTIALS_NON_EXPIRED`,
+ `IS_DEVELOPER`, `IS_OPERATOR`, `IS_SCOPE_AUDIT`, `IS_ADMINISTRATOR`, `IS_SCHOOL_ACCOUNT`,
+ `TYPE`, `NAME`, `STATUS`
+)
+VALUES ('13', '1', 0, 'admin', '2020-07-01 00:00:00',
+ 'openadmin', 'openadmin', 1, 1, 1, 1,
+ 0, 0, 0, 1, 0,
+ 'admin', '开放平台管理员', '1'
+);
+
+
+use user;
+
+-- 身份
+INSERT INTO `TB_B_IDENTITY_TYPE`(`ID`, `DELETED`, `PARENT_IDENTITY_TYPE_ID`,
+ `CODE`, `NAME`, `ENABLE`, `SORT`)
+VALUES ('D01', 0, null, 'D01', '个人开发者', 1, 0);
+
+INSERT INTO `TB_B_IDENTITY_TYPE`(`ID`, `DELETED`, `PARENT_IDENTITY_TYPE_ID`,
+ `CODE`, `NAME`, `ENABLE`, `SORT`)
+VALUES ('D02', 0, null, 'D02', '企业开发者', 1, 0);
+commit;
+
+
+-- defaultDeveloper
+INSERT INTO `TB_B_USER` (`ID`, `DELETED`,
+ `UID`, `PASSWORD`, `NAME`, `NAME_SPELLING`, `FULL_NAME_SPELLING`,
+ `CERTIFICATE_TYPE_ID`, `CERTIFICATE_NUMBER`, `PHONE_NUMBER`, `EMAIL`,
+ `GENDER_ID`, `NATION_ID`, `COUNTRY_ID`, `ADDRESS_ID`)
+VALUES ('150', 0,
+ '150', 'defaultDeveloper', '上海树维', 'defaultDeveloper', 'defaultDeveloper',
+ '20001', '150', null, 'defaultDeveloper@supwisdom.com',
+ '30001', '40001', '50156', null);
+
+INSERT INTO `TB_B_SAFETY`(`ID`, `DELETED`, `USER_ID`, `SCORE`, `PASSWORD_SCORE`, `SECURE_EMAIL`, `SECURE_PHONE`)
+VALUES ('150', 0, '150', '0', '0', null, null);
+
+
+INSERT INTO `TB_B_ACCOUNT` (`ID`, `DELETED`, `USER_ID`,
+ `ACCOUNT_NAME`, `ACCOUNT_EXPIRY_DATE`, `ORGANIZATION_ID`, `IDENTITY_TYPE_ID`,
+ `ACTIVATION`, `STATE`, `IS_DATA_CENTER`,
+ `USER_UID`, `USER_NAME`, `CERTIFICATE_TYPE_ID`, `CERTIFICATE_NUMBER`)
+VALUES ('150', 0, '150',
+ 'defaultDeveloper', null, '0', 'D01',
+ 1, 'NORMAL', 0,
+ '150', '上海树维', '20001', '150');
+
+INSERT INTO `TB_B_ACCOUNT_ORGANIZATION` (`ID`, `DELETED`,
+ `ROOT_ORGANIZATION_ID`, `ACCOUNT_ID`, `ORGANIZATION_ID`)
+VALUES ('150_0', 0,
+ '0', '150', '0');
+
+/*
+INSERT INTO `TB_B_ACCOUNT_LABEL`(`ID`, `DELETED`,
+ `ACCOUNT_ID`, `LABEL_ID`)
+VALUES ('150_1', 0, '150', '1');
+*/
+
+commit;
+
+-- defaultOperator
+INSERT INTO `TB_B_USER` (`ID`, `DELETED`,
+ `UID`, `PASSWORD`, `NAME`, `NAME_SPELLING`, `FULL_NAME_SPELLING`,
+ `CERTIFICATE_TYPE_ID`, `CERTIFICATE_NUMBER`, `PHONE_NUMBER`, `EMAIL`,
+ `GENDER_ID`, `NATION_ID`, `COUNTRY_ID`, `ADDRESS_ID`)
+VALUES ('151', 0,
+ '151', 'defaultOperator', '上海树维业务管理员', 'defaultOperator', 'defaultOperator',
+ '20001', '151', null, 'defaultOperator@supwisdom.com',
+ '30001', '40001', '50156', null);
+
+INSERT INTO `TB_B_SAFETY`(`ID`, `DELETED`, `USER_ID`, `SCORE`, `PASSWORD_SCORE`, `SECURE_EMAIL`, `SECURE_PHONE`)
+VALUES ('151', 0, '151', '0', '0', null, null);
+
+
+INSERT INTO `TB_B_ACCOUNT` (`ID`, `DELETED`, `USER_ID`,
+ `ACCOUNT_NAME`, `ACCOUNT_EXPIRY_DATE`, `ORGANIZATION_ID`, `IDENTITY_TYPE_ID`,
+ `ACTIVATION`, `STATE`, `IS_DATA_CENTER`,
+ `USER_UID`, `USER_NAME`, `CERTIFICATE_TYPE_ID`, `CERTIFICATE_NUMBER`)
+VALUES ('151', 0, '151',
+ 'defaultOperator', null, '0', 'D02',
+ 1, 'NORMAL', 0,
+ '151', '上海树维业务管理员', '20001', '151');
+
+INSERT INTO `TB_B_ACCOUNT_ORGANIZATION` (`ID`, `DELETED`,
+ `ROOT_ORGANIZATION_ID`, `ACCOUNT_ID`, `ORGANIZATION_ID`)
+VALUES ('151_0', 0,
+ '0', '151', '0');
+
+/*
+INSERT INTO `TB_B_ACCOUNT_LABEL`(`ID`, `DELETED`,
+ `ACCOUNT_ID`, `LABEL_ID`)
+VALUES ('151_1', 0, '151', '1');
+*/
+
+commit;
+
+-- 平台管理员
+INSERT INTO `TB_B_USER` (`ID`, `DELETED`,
+ `UID`, `PASSWORD`, `NAME`, `NAME_SPELLING`, `FULL_NAME_SPELLING`,
+ `CERTIFICATE_TYPE_ID`, `CERTIFICATE_NUMBER`, `PHONE_NUMBER`, `EMAIL`,
+ `GENDER_ID`, `NATION_ID`, `COUNTRY_ID`, `ADDRESS_ID`)
+VALUES ('13', 0,
+ '13', 'openadmin', '开放平台管理员', 'openadmin', 'openadmin',
+ '20001', '13', null, 'openadmin@supwisdom.com',
+ '30001', '40001', '50156', null);
+
+INSERT INTO `TB_B_SAFETY`(`ID`, `DELETED`, `USER_ID`, `SCORE`, `PASSWORD_SCORE`, `SECURE_EMAIL`, `SECURE_PHONE`)
+VALUES ('13', 0, '13', '0', '0', null, null);
+
+
+INSERT INTO `TB_B_ACCOUNT` (`ID`, `DELETED`, `USER_ID`,
+ `ACCOUNT_NAME`, `ACCOUNT_EXPIRY_DATE`, `ORGANIZATION_ID`, `IDENTITY_TYPE_ID`,
+ `ACTIVATION`, `STATE`, `IS_DATA_CENTER`,
+ `USER_UID`, `USER_NAME`, `CERTIFICATE_TYPE_ID`, `CERTIFICATE_NUMBER`)
+VALUES ('13', 0, '13',
+ 'openadmin', null, '0', 'D02',
+ 1, 'NORMAL', 0,
+ '13', '开放平台管理员', '20001', '13');
+
+INSERT INTO `TB_B_ACCOUNT_ORGANIZATION` (`ID`, `DELETED`,
+ `ROOT_ORGANIZATION_ID`, `ACCOUNT_ID`, `ORGANIZATION_ID`)
+VALUES ('13_0', 0,
+ '0', '13', '0');
+
+/*
+INSERT INTO `TB_B_ACCOUNT_LABEL`(`ID`, `DELETED`,
+ `ACCOUNT_ID`, `LABEL_ID`)
+VALUES ('13_1', 0, '13', '1');
+*/
+
+commit;
diff --git "a/project/nwpu/k8s-rancher/open-platform/1.0.\344\272\221\345\271\263\345\217\260-\345\274\200\346\224\276\345\271\263\345\217\260\344\275\277\347\224\250\346\211\213\345\206\214.md" "b/project/nwpu/k8s-rancher/open-platform/1.0.\344\272\221\345\271\263\345\217\260-\345\274\200\346\224\276\345\271\263\345\217\260\344\275\277\347\224\250\346\211\213\345\206\214.md"
new file mode 100644
index 0000000..2e0cb08
--- /dev/null
+++ "b/project/nwpu/k8s-rancher/open-platform/1.0.\344\272\221\345\271\263\345\217\260-\345\274\200\346\224\276\345\271\263\345\217\260\344\275\277\347\224\250\346\211\213\345\206\214.md"
@@ -0,0 +1,148 @@
+# 云平台-开放平台使用手册
+
+
+## 部署更新
+
+ DEVELOPER_CENTER_SPA_URL: https://dev-admin.nwpu.edu.cn
+
+ DEVELOPER_CENTER_API_PREFIX: https://dev-center.nwpu.edu.cn
+ MESSAGE_SERVICE_API_PREFIX: https://message-service.nwpu.edu.cn/manager
+
+
+{
+ "DEVELOPER_CENTER_API": "https://dev-center.nwpu.edu.cn",
+ "MESSAGE_SERVICE_API": "https://message-service.nwpu.edu.cn/manager",
+}
+
+
+## 1.添加角色
+
+云平台菜单里:
+
+ 基础管理-角色管理-添加:
+ 代码 :open-platform-admin
+ 名称: 开放平台管理员
+
+## 2.添加菜单
+
+可以选择手动添加或者数据导入,步骤:
+
+数据导入:
+
+ 基础管理-菜单管理-导入:
+
+注意修改为实际环境中的地址
+
+```json
+
+[
+ {
+ "id": "90000",
+ "parentIdOrCode": "1",
+ "code": "developer-center",
+ "name": "开放平台",
+ "memo": "",
+ "status": "1",
+ "origin": "https://admin-platform.nwpu.edu.cn",
+ "order": 90000,
+ "resourceIdOrCodes": [],
+ "url": "/developer-center/application",
+ "icon": ""
+ },
+ {
+ "id": "90100",
+ "parentIdOrCode": "90000",
+ "code": "developerAccount",
+ "name": "开发者账号管理",
+ "memo": "",
+ "status": "1",
+ "origin": "https://admin-platform.nwpu.edu.cn",
+ "order": 90100,
+ "resourceIdOrCodes": [],
+ "url": "/developer-center/developerAccount",
+ "icon": "su-icon-yingyongjuese"
+ },
+ {
+ "id": "90200",
+ "parentIdOrCode": "90000",
+ "code": "businessManage",
+ "name": "业务管理员账号管理",
+ "memo": "",
+ "status": "1",
+ "origin": "https://admin-platform.nwpu.edu.cn",
+ "order": 90200,
+ "resourceIdOrCodes": [],
+ "url": "/developer-center/businessManage",
+ "icon": "su-icon-fuwupingjiaguanli"
+ },
+ {
+ "id": "90300",
+ "parentIdOrCode": "90000",
+ "code": "scopeManage",
+ "name": "Scope审核员账号管理",
+ "memo": "",
+ "status": "0",
+ "origin": "https://admin-platform.nwpu.edu.cn",
+ "order": 90300,
+ "url": "/developer-center/scopeManage",
+ "icon": "su-icon-daifasong"
+ },
+ {
+ "id": "90400",
+ "parentIdOrCode": "90000",
+ "code": "applicationManage",
+ "name": "应用服务管理",
+ "memo": "",
+ "status": "1",
+ "origin": "https://admin-platform.nwpu.edu.cn",
+ "order": 90400,
+ "url": "/developer-center/applicationManage",
+ "icon": "su-icon-calendar-1"
+ },
+ {
+ "id": "90500",
+ "parentIdOrCode": "90000",
+ "code": "basicAbilityManagement",
+ "name": "基础能力管理",
+ "memo": "",
+ "status": "1",
+ "origin": "https://admin-platform.nwpu.edu.cn",
+ "order": 90500,
+ "url": "/developer-center/basicAbilityManagement",
+ "icon": "su-icon-neirongguanli"
+ },
+ {
+ "id": "90600",
+ "parentIdOrCode": "90000",
+ "code": "businessDomainManage",
+ "name": "业务域管理",
+ "memo": "",
+ "status": "1",
+ "origin": "https://admin-platform.nwpu.edu.cn",
+ "order": 90600,
+ "url": "/developer-center/businessDomainManage",
+ "icon": "su-icon-fuwupingjiaguanli"
+ },
+ {
+ "id": "90700",
+ "parentIdOrCode": "90000",
+ "code": "auditManagement",
+ "name": "审核管理",
+ "memo": "",
+ "status": "1",
+ "origin": "https://admin-platform.nwpu.edu.cn",
+ "order": 90700,
+ "url": "/developer-center/auditManagement",
+ "icon": "su-icon-biaoqian"
+ }
+]
+
+```
+
+## 3.关联权限
+
+云平台菜单里:基础管理-角色管理,选择创建的角色进行权限关联。在展开的菜单中,选择刚刚添加的菜单,然后保存。
+
+## 4.账号关联角色
+
+云平台菜单里:授权管理-应用角色管理,选择创建的角色,将开放平台管理员账号设置为开放平台管理员这个角色。
diff --git a/project/nwpu/k8s-rancher/open-platform/1.minio-sa/01-namespace.yaml b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/01-namespace.yaml
new file mode 100644
index 0000000..230f587
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/01-namespace.yaml
@@ -0,0 +1,7 @@
+####################################################
+# namespace
+####################################################
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: developer-center-minio-sa
diff --git a/project/nwpu/k8s-rancher/open-platform/1.minio-sa/02-registry.yaml b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/02-registry.yaml
new file mode 100644
index 0000000..8884c36
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/02-registry.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+ name: harbor-supwisdom
+ namespace: developer-center-minio-sa
+data:
+ # 替换成自己的仓库用户名密码配置
+ .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQzIwIiwidXNlcm5hbWUiOiJyYW5jaGVyLmRldm9wcyJ9fX0=
diff --git a/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-1-configmap.yaml b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-1-configmap.yaml
new file mode 100644
index 0000000..d4416a2
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-1-configmap.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: developer-center-minio-sa
+ name: minio-sa-config
+data:
+ # Minio参数,这里需要改为依赖的minio服务的地址
+ MINIO_ENDPOINT: developer-center-minio-test.paas.newcapec.cn
+ MINIO_USE_SSL: "false"
diff --git a/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-2-secret.yaml b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-2-secret.yaml
new file mode 100644
index 0000000..37fdf3d
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-2-secret.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: developer-center-minio-sa
+ name: minio-sa-secret
+type: Opaque
+data:
+ # Minio参数
+ MINIO_ACCESS_KEY: bWluaW9hZG1pbg==
+ MINIO_SECRET_KEY: bWluaW9hZG1pbg==
+ # API Http basic auth参数
+ SA_API_USERNAME: c2FhZG1pbg==
+ SA_API_PASSWORD: c2FhZG1pbg==
+ # Pprof参数
+ PPROF_USERNAME: cHByb2ZhZG1pbg==
+ PPROF_PASSWORD: cHByb2ZhZG1pbg==
+
diff --git a/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-3-svc.yaml b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-3-svc.yaml
new file mode 100644
index 0000000..8b4af2f
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-3-svc.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: developer-center-minio-sa
+ name: minio-sa-svc
+ labels:
+ app: minio-sa-svc
+spec:
+ ports:
+ - port: 9090
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: minio-sa
diff --git a/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-4-deployment.yaml b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-4-deployment.yaml
new file mode 100644
index 0000000..3a58ea0
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/03-4-deployment.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: minio-sa
+ namespace: developer-center-minio-sa
+spec:
+ selector:
+ matchLabels:
+ app: minio-sa
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: minio-sa
+ spec:
+ containers:
+ - name: minio-sa
+ # 根据情况修改镜像地址
+ image: harbor.supwisdom.com/institute/minio-sa:0.1.0
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 9090
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: minio-sa-config
+ - secretRef:
+ name: minio-sa-secret
+ resources:
+ requests:
+ cpu: 100m
+ memory: "64Mi"
+ limits:
+ cpu: 1000m
+ memory: "128Mi"
+ imagePullSecrets:
+ - name: harbor-supwisdom
diff --git a/project/nwpu/k8s-rancher/open-platform/1.minio-sa/04-ingress.yaml b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/04-ingress.yaml
new file mode 100644
index 0000000..06d991d
--- /dev/null
+++ b/project/nwpu/k8s-rancher/open-platform/1.minio-sa/04-ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: minio-sa-ingress
+ namespace: developer-center-minio-sa
+ # annotations:
+ # cert-manager.io/cluster-issuer: "letsencrypt-prod"
+ # 如果采用letsencrypt自动签发证书
+ # nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+ # tls:
+ ## 替换成正确的域名
+ # - hosts:
+ # - minio-sa-test.paas.<xxx>.edu.cn
+ # secretName: minio-sa-tls
+ rules:
+ # 替换成正确的域名
+ - host: develop-center-minio-sa-test.paas.newcapec.cn
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: minio-sa-svc
+ servicePort: http
\ No newline at end of file