前言
环境:k8s1.22.17
nacos配置登录认证密码
新版本的nacos需要自己设置参数来启动配置nacos的登录认证密码,因为默认nacos是没有账号密码可以直接登录的,这样显得不安全,而且新旧版本的配置还不一样,在官网说了:https://nacos.io/zh-cn/docs/v2/guide/user/auth.html
下面是k8s中部署nacos:2.3.1版本,启动nacos的授权登录:
# 单机版的nacos
[root@dev-master ruoyi]# cat nacos.yaml
---
apiVersion: v1
kind: Service
metadata:
name: nacos-svc
namespace: default
labels:
app: nacos
spec:
ports:
- port: 8848
name: server
targetPort: 8848
nodePort: 8848
type: NodePort
selector:
app: nacos
---
apiVersion: v1
kind: Service
metadata:
name: nacos-headless
namespace: default
labels:
app: nacos
spec:
publishNotReadyAddresses: true
ports:
- port: 8848
name: server
targetPort: 8848
clusterIP: None
selector:
app: nacos
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nacos-cm
namespace: default
data:
mysql.host: "mysql-svc.default"
mysql.db.name: "ry-config"
mysql.port: "3306"
mysql.user: "root"
mysql.password: "Aa123456"
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nacos
namespace: default
spec:
serviceName: nacos-headless
replicas: 1
template:
metadata:
labels:
app: nacos
annotations:
pod.alpha.kubernetes.io/initialized: "true"
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- nacos
topologyKey: "kubernetes.io/hostname"
containers:
- name: nacos
imagePullPolicy: Always
image: nacos/nacos-server
resources:
requests:
memory: "1Gi"
cpu: "800m"
ports:
- containerPort: 8848
name: client-port
env:
- name: NACOS_AUTH_ENABLE # 开启鉴权
value: "true"
- name: NACOS_AUTH_TOKEN # token
value: "Ym1GamIzTWdhWE1nZG1WeWVTQm5iMjlrSUhOdlpuUjNZWEpsQ2c9PQo="
- name: NACOS_AUTH_IDENTITY_KEY # 账号
value: "nacos"
- name: NACOS_AUTH_IDENTITY_VALUE # 密码
value: "nacos"
- name: MODE # nacos的模式,这里是单机
value: "standalone"
- name: NACOS_REPLICAS
value: "1"
- name: SERVICE_NAME
value: "nacos-headless"
- name: DOMAIN_NAME
value: "cluster.local"
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: MYSQL_SERVICE_HOST
valueFrom:
configMapKeyRef:
name: nacos-cm
key: mysql.host
- name: MYSQL_SERVICE_DB_NAME
valueFrom:
configMapKeyRef:
name: nacos-cm
key: mysql.db.name
- name: MYSQL_SERVICE_PORT
valueFrom:
configMapKeyRef:
name: nacos-cm
key: mysql.port
- name: MYSQL_SERVICE_USER
valueFrom:
configMapKeyRef:
name: nacos-cm
key: mysql.user
- name: MYSQL_SERVICE_PASSWORD
valueFrom:
configMapKeyRef:
name: nacos-cm
key: mysql.password
- name: SPRING_DATASOURCE_PLATFORM
value: "mysql"
- name: NACOS_SERVER_PORT
value: "8848"
- name: NACOS_APPLICATION_PORT
value: "8848"
volumeMounts:
- name: data
mountPath: /home/nacos/data
subPath: data
- name: data
mountPath: /home/nacos/logs
subPath: logs
volumeClaimTemplates:
- metadata:
name: data
annotations:
volume.beta.kubernetes.io/storage-class: "nfs-storageclass"
spec:
accessModes: [ "ReadWriteMany" ]
resources:
requests:
storage: 1Gi
selector:
matchLabels:
app: nacos
[root@dev-master ruoyi]#