某个 elasticsearch 带认证帐号密码,需要调整代码的地方太多,因为是 Basic 认证,考虑临时做一个 nginx 转发自动把 elasticsearch 的认证信息填上,这样应用这边就能免密码访问
仅当作应急方案
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
data:
nginx.conf: |
user nginx;
worker_processes 2;
events {
worker_connections 10240;
}
error_log /dev/stdout info;
http {
access_log /dev/stdout;
server {
listen 9200;
location / {
proxy_pass http://elasticsearch:9200;
proxy_set_header Authorization "Basic xxxxxxx"; // echo -n 'user:password' | base64
}
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.18.0
ports:
- containerPort: