authDfs网关部署文档

1.新增authDfs网关服务

服务名:rabc-saas-fastdfs-gateway

端口9998

2.新增authDfs网关Apollo配置

id:rabc-saas-fastdfs-gateway

3.新增nginx配置

配置防盗链:校验rerfer

1
2
3
4
5
6
# 拦截非法referer 
    valid_referers none 172.31.70.136; 
    if ($invalid_referer) { 
        return 403 ; 
        #rewrite ^.*$ http://www.baidu.com/403.jpg; 
    }

image-20230321165948689

配置authDfs路由

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
upstream dfsGateway {
       server 172.31.70.137:9998 weight=1 max_fails=3 fail_timeout=180s;
       server 172.31.70.136:9998 weight=1 max_fails=3 fail_timeout=180s;
       server 172.31.70.139:9998 weight=1 max_fails=3 fail_timeout=180s;
       server 172.31.70.140:9998 weight=1 max_fails=3 fail_timeout=180s;
       server 172.31.70.113:9998 weight=1 max_fails=3 fail_timeout=180s;
       server 172.31.70.114:9998 weight=1 max_fails=3 fail_timeout=180s;
       }

# authDfs网关
       location /authDfs/ {
           proxy_pass http://dfsGateway/;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Real-Port $remote_port;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           add_header Access-Control-Allow-Headers $http_access_control_request_headers;
           #上传文件大小配置
           client_max_body_size 100m;
       }

4.新增authDfs网关Jenkins项目

复制堡准正常-网关项目,配置文件修改为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
node {
    stage('scm') {
        checkout([$class: 'GitSCM', branches: [[name: '${branchName}']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'xjcares_git', url: 'http://172.31.70.132:33788/necares/snowlotus-authority.git']]])
        sh 'echo \'nodefinished:<\'$(date +%Y-%m-%d\\ %H:%M:%S)\'>\''
    }
    stage('Build core') {
        sh '''
            cd core-paas-component
            mvn clean deploy -Dmaven.test.skip=true -U
            
            '''
        sh 'echo \'nodefinished:<\'$(date +%Y-%m-%d\\ %H:%M:%S)\'>\''
    }
    stage('Build dao') {
        sh '''
            cd dao-paas-component
            mvn clean deploy -Dmaven.test.skip=true -U
            
            '''
        sh 'echo \'nodefinished:<\'$(date +%Y-%m-%d\\ %H:%M:%S)\'>\''
    }
    stage('Build common') {
        sh '''
            cd rabc-saas-service/rabc-saas-common
            mvn clean install -U -Dmaven.test.skip=true 
            '''
        sh 'echo \'nodefinished:<\'$(date +%Y-%m-%d\\ %H:%M:%S)\'>\''
    }
    stage('Build') {
        sh '''
            cd rabc-saas-service/rabc-saas-gateway
            mvn clean package -U -Dmaven.test.skip=true 
            '''
        sh 'echo \'nodefinished:<\'$(date +%Y-%m-%d\\ %H:%M:%S)\'>\''
    }
    stage('build and push image') {
        sh '''
            cd rabc-saas-service/rabc-saas-gateway/target
            REPOSITORY=172.31.70.135:8443/xjcares/rabc-saas-gateway
            cat >> Dockerfile <<EOF
            FROM newjava:9
            VOLUME /tmp
            ADD rabc-saas-gateway-1.0-SNAPSHOT.jar app.jar
            RUN bash -c 'touch /app.jar'
            ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","-Denv=pro","/app.jar", "--spring.profiles.active=dfsFat", "-Xmx=768m", "-Xms=768m"]
EOF
            docker build -t $REPOSITORY .
            docker login -u admin -p Cmcc@#123 172.31.70.135:8443
            docker push $REPOSITORY
            docker logout 172.31.70.135:8443
            docker rmi $REPOSITORY
            '''
        sh 'echo \'nodefinished:<\'$(date +%Y-%m-%d\\ %H:%M:%S)\'>\''
    }
    stage('deploy to k8s') {
        def remote = [:]
        remote.name = 'kubernetes'
        remote.host = '172.31.70.137'
        remote.allowAnyHosts = true
        withCredentials([usernamePassword(credentialsId: 'sshUser', passwordVariable: 'passWord', usernameVariable: 'userName')]) {
            remote.user = userName
            remote.password = passWord         
            catchError(buildResult: 'SUCCESS', message: '未部署') {
                sshCommand remote: remote, command: "kubectl delete -f /gateway/rabc-saas-fastdfs-gateway.yaml"
            }
            sshCommand remote: remote, command: "kubectl apply -f /gateway/rabc-saas-fastdfs-gateway.yaml"
            sh 'echo \'nodefinished:<\'$(date +%Y-%m-%d\\ %H:%M:%S)\'>\''
        }
    }
}

文件位置:/gateway/rabc-saas-fastdfs-gateway.yaml

rabc-saas-fastdfs-gateway.yaml如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
apiVersion: apps/v1
kind: Deployment
metadata:
  name: rabc-saas-fastdfs-gateway
spec:
  selector:
    matchLabels:
      name: rabc-saas-fastdfs-gateway
  template:
    metadata:
      labels:
        name: rabc-saas-fastdfs-gateway
    spec:
      initContainers:
      - image: spring2go/skywalkwing-agent-sidecar:8.3.0
        name: sw-agent-sidecar
        imagePullPolicy: IfNotPresent
        command: ['sh']
        args:
            [
                '-c',
                'mkdir -p /skywalking/agent && cp -r /usr/skywalking/agent/* /skywalking/agent'
            ]
        volumeMounts:
        - mountPath: /skywalking/agent
          name: sw-agent
      containers:
      - name: rabc-gateway-service
        image: 172.31.70.135:8443/xjcares/rabc-saas-gateway:latest
        ports:
        - containerPort: 9998
          hostPort: 9998
        livenessProbe:
          httpGet:
            path: /actuator/health
            port: 9998
          initialDelaySeconds: 120
          periodSeconds: 30
          timeoutSeconds: 3
          successThreshold: 1
          failureThreshold: 5
        readinessProbe:
          httpGet:
            path: /actuator/health
            port: 9998
          initialDelaySeconds: 120
          periodSeconds: 30
          timeoutSeconds: 3
          successThreshold: 1
          failureThreshold: 5
        env:
        - name: JAVA_TOOL_OPTIONS
          value: -javaagent:/usr/skywalking/agent/skywalking-agent.jar
        - name: SW_AGENT_NAME
          value: gateway
        - name: SW_AGENT_COLLECTOR_BACKEND_SERVICES
          value: oap.skywalking:11800
        volumeMounts:
        - name: sw-agent
          mountPath: /usr/skywalking/agent
        resources:
          limits:
            cpu: "1"
            memory: 1024Mi
          requests:
            cpu: "0.2"
            memory: 256Mi
      volumes:
        - name: sw-agent
          emptyDir: {}
      # nodeSelector:
        # used: bzzc