nacos踩坑:配置nacos登录认证

本文详细描述了如何在Kubernetes集群中部署Nacos2.3.1版本,包括设置服务、配置Map、启用认证以及配置数据库连接,以实现安全的单机模式登录
摘要由CSDN通过智能技术生成

前言

环境:k8s1.22.17

nacos配置登录认证密码

新版本的nacos需要自己设置参数来启动配置nacos的登录认证密码,因为默认nacos是没有账号密码可以直接登录的,这样显得不安全,而且新旧版本的配置还不一样,在官网说了:https://nacos.io/zh-cn/docs/v2/guide/user/auth.html
下面是k8s中部署nacos:2.3.1版本,启动nacos的授权登录:

# 单机版的nacos
[root@dev-master ruoyi]# cat nacos.yaml 
---
apiVersion: v1
kind: Service
metadata:
  name: nacos-svc
  namespace: default
  labels:
    app: nacos
spec:
  ports:
    - port: 8848
      name: server
      targetPort: 8848
      nodePort: 8848
  type: NodePort
  selector:
    app: nacos
---
apiVersion: v1
kind: Service
metadata:
  name: nacos-headless
  namespace: default
  labels:
    app: nacos
spec:
  publishNotReadyAddresses: true 
  ports:
    - port: 8848
      name: server
      targetPort: 8848
  clusterIP: None
  selector:
    app: nacos
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nacos-cm
  namespace: default
data:
  mysql.host: "mysql-svc.default"
  mysql.db.name: "ry-config"
  mysql.port: "3306"
  mysql.user: "root"
  mysql.password: "Aa123456"
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: nacos
  namespace: default
spec:
  serviceName: nacos-headless
  replicas: 1 
  template:
    metadata:
      labels:
        app: nacos
      annotations:
        pod.alpha.kubernetes.io/initialized: "true"
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchExpressions:
                  - key: "app"
                    operator: In
                    values:
                      - nacos
              topologyKey: "kubernetes.io/hostname"
      containers:
        - name: nacos
          imagePullPolicy: Always
          image: nacos/nacos-server
          resources:
            requests:
              memory: "1Gi"
              cpu: "800m"
          ports:
            - containerPort: 8848
              name: client-port
          env:  
            - name: NACOS_AUTH_ENABLE			# 开启鉴权
              value: "true"
            - name: NACOS_AUTH_TOKEN     		# token    	   
              value: "Ym1GamIzTWdhWE1nZG1WeWVTQm5iMjlrSUhOdlpuUjNZWEpsQ2c9PQo="
            - name: NACOS_AUTH_IDENTITY_KEY		# 账号
              value: "nacos"
            - name: NACOS_AUTH_IDENTITY_VALUE	# 密码
              value: "nacos"
            - name: MODE						# nacos的模式,这里是单机
              value: "standalone"
            - name: NACOS_REPLICAS
              value: "1"
            - name: SERVICE_NAME
              value: "nacos-headless"
            - name: DOMAIN_NAME
              value: "cluster.local"
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.namespace
            - name: MYSQL_SERVICE_HOST
              valueFrom:
                configMapKeyRef:
                  name: nacos-cm
                  key: mysql.host
            - name: MYSQL_SERVICE_DB_NAME
              valueFrom:
                configMapKeyRef:
                  name: nacos-cm
                  key: mysql.db.name
            - name: MYSQL_SERVICE_PORT
              valueFrom:
                configMapKeyRef:
                  name: nacos-cm
                  key: mysql.port
            - name: MYSQL_SERVICE_USER
              valueFrom:
                configMapKeyRef:
                  name: nacos-cm
                  key: mysql.user
            - name: MYSQL_SERVICE_PASSWORD
              valueFrom:
                configMapKeyRef:
                  name: nacos-cm
                  key: mysql.password
            - name: SPRING_DATASOURCE_PLATFORM
              value: "mysql"
            - name: NACOS_SERVER_PORT
              value: "8848"
            - name: NACOS_APPLICATION_PORT
              value: "8848"
          volumeMounts:
            - name: data
              mountPath: /home/nacos/data
              subPath: data
            - name: data
              mountPath: /home/nacos/logs
              subPath: logs
  volumeClaimTemplates:
    - metadata:
        name: data
        annotations:
          volume.beta.kubernetes.io/storage-class: "nfs-storageclass"
      spec:
        accessModes: [ "ReadWriteMany" ]
        resources:
          requests:
            storage: 1Gi
  selector:     
    matchLabels:
      app: nacos
[root@dev-master ruoyi]# 

  • 9
    点赞
  • 9
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值