8000 使用operator 如何开启验证? · Issue #485 · nacos-group/nacos-k8s · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

使用operator 如何开启验证? #485

New issue

Have a question about this project? Sign up for a free GitHub 8000 account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ainy0293 opened this issue Apr 17, 2025 · 0 comments
Open

使用operator 如何开启验证? #485

ainy0293 opened this issue Apr 17, 2025 · 0 comments

Comments

@ainy0293
Copy link
ainy0293 commented Apr 17, 2025
edited
Loading

我根据 https://github.com/nacos-group/nacos-k8s/blob/master/operator/README-CN.md?spm=5238cd80.2ef5001f.0.0.3f613b7cjVXzyr&file=README-CN.md 这个文档进行了 nacos opeartor 部署,

之后创建了一个cdr, yaml如下

apiVersion: nacos.io/v1alpha1
kind: Nacos
metadata:
  name: nacos
  namespace: spark
spec:
  type: cluster
  image: nacos/nacos-server:v2.3.2
  replicas: 3
  resources:
    requests:
      cpu: 200m
      memory: 512Mi
    limits:
      cpu: 2
      memory: 4Gi
  database:
    type: mysql
    mysqlHost: nacos-mysql
    mysqlDb: nacos
    mysqlUser: nacos
    mysqlPort: "3306"
    mysqlPassword: "HHYonr7S2asXWGwzTssF5K8E9Vg96L8Sqsaf6Xd8"

nacos 可以正常启动,配置了ingress之类的,可以正常打开 console 管理页面,但这个是不需要验证的,谁可以看。我需要开启验证。

根据文档,以及示例文件,配置 spec.k8sWrapper, 文档说这里定义的是 k8s pod spec 以下的内容,但我添加后,不能提交。

apiVersion: nacos.io/v1alpha1
kind: Nacos
metadata:
  name: nacos
  namespace: spark
spec:
  type: cluster
  image: nacos/nacos-server:v2.3.2
  replicas: 3
  resources:
    requests:
      cpu: 200m
      memory: 512Mi
    limits:
      cpu: 2
      memory: 4Gi
  database:
    type: mysql
    mysqlHost: nacos-mysql
    mysqlDb: nacos
    mysqlUser: nacos
    mysqlPort: "3306"
    mysqlPassword: "HHYonr7S2asXWGwzTssF5K8E9Vg96L8Sqsaf6Xd8"
  k8sWrapper:
    PodSpec:
      containers:
        - name: nacos
          env:
            - name: NACOS_AUTH_ENABLE
              value: 'true'
            - name: NACOS_AUTH_TOKEN
              value: d0FxRTMyUzR2S041V1RTdzJmSGhKN0wyeldlYlpRU0g4OVRYUmR6Nk1t
            - name: NACOS_AUTH_TOKEN_EXPIRE_SECONDS
              value: '7200'
            - name: NACOS_AUTH_IDENTITY_KEY
              value: Mzo7C79SuL593JA4
            - name: NACOS_AUTH_IDENTITY_VALUE
              value: ejVg55ULJ4TtEd49ZBysfGAKtz5H62tf

我的k8s 版本:v1.31.3
不能提交至 API server, 报错为未知的字段strict decoding error: unknown field "spec.k8sWrapper.containers",具体报错如下:

The request is invalid: patch: Invalid value: "{\"apiVersion\":\"nacos.io/v1alpha1\",\"kind\":\"Nacos\",\"metadata\":{\"annotations\":{\"kubectl.kubernetes.io/last-applied-configuration\":\"{\\\"apiVersion\\\":\\\"nacos.io/v1alpha1\\\",\\\"kind\\\":\\\"Nacos\\\",\\\"metadata\\\":{\\\"annotations\\\":{},\\\"name\\\":\\\"nacos\\\",\\\"namespace\\\":\\\"spark\\\"},\\\"spec\\\":{\\\"database\\\":{\\\"mysqlDb\\\":\\\"nacos\\\",\\\"mysqlHost\\\":\\\"nacos-mysql\\\",\\\"mysqlPassword\\\":\\\"HHYonr7S2asXWGwzTssF5K8E9Vg96L8Sqsaf6Xd8\\\",\\\"mysqlPort\\\":\\\"3306\\\",\\\"mysqlUser\\\":\\\"nacos\\\",\\\"type\\\":\\\"mysql\\\"},\\\"image\\\":\\\"nacos/nacos-server:v2.3.2\\\",\\\"k8sWrapper\\\":{\\\"containers\\\":[{\\\"env\\\":[{\\\"name\\\":\\\"NACOS_AUTH_ENABLE\\\",\\\"value\\\":\\\"true\\\"},{\\\"name\\\":\\\"NACOS_AUTH_TOKEN\\\",\\\"value\\\":\\\"d0FxRTMyUzR2S041V1RTdzJmSGhKN0wyeldlYlpRU0g4OVRYUmR6Nk1t\\\"},{\\\"name\\\":\\\"NACOS_AUTH_TOKEN_EXPIRE_SECONDS\\\",\\\"value\\\":\\\"7200\\\"},{\\\"name\\\":\\\"NACOS_AUTH_IDENTITY_KEY\\\",\\\"value\\\":\\\"Mzo7C79SuL593JA4\\\"},{\\\"name\\\":\\\"NACOS_AUTH_IDENTITY_VALUE\\\",\\\"value\\\":\\\"ejVg55ULJ4TtEd49ZBysfGAKtz5H62tf\\\"}],\\\"name\\\":\\\"nacos\\\"}]},\\\"replicas\\\":3,\\\"resources\\\":{\\\"limits\\\":{\\\"cpu\\\":2,\\\"memory\\\":\\\"4Gi\\\"},\\\"requests\\\":{\\\"cpu\\\":\\\"200m\\\",\\\"memory\\\":\\\"512Mi\\\"}},\\\"type\\\":\\\"cluster\\\"}}\\n\",\"objectset.rio.cattle.io/applied\":\"H4sIAAAAAAAA/4RTbVPiMBD+L/sZsA19of2GWkHB4tAW5W4cJk0DRNumJikeMP3vN0FxOjd33ieyu89LnrA9Aq7YggrJeAk+lJhw2WP8YmfivNpiEzrwysoMfAj1CDpQUIUzrDD4R8BlyRVWjJdSlzx9oURJqnqC8R7BSuVUizHNdzOHWNlg0HVND3Ut17W7HjJo1xn0rfU6TQ3qEGg6kOOU5t/KbbHcgg9m6rhWtvZsFxPbdlLXyPoO9lDmEGSZNPVMZGKCbC1a4oKe48FHKStMdE9WWLxqjKwo0bY6XIol1ediL9/y67RFPXXGXKpzr3vqnCcPWMp3LnTg8XjJS+FGCMunx9H7IZbyxp4MAm+x8ZzpIHqTeO08ZYMvKhdatN83nHMrkVS0vNW+0jf+MGw6wAq8+Yp18XEbScWOCn+Hev0e0v/eQD4KXFVa6AgPPIs+YxJeKsxKKiT4P49Ay93p9/OlwuHVLFoNk3i8CsLh5TSADuxwXuuZEjWFpvM3bDybBGELmhk3v+bx/T45zFFkWObCnMfZ4a6IRttJaLzvaZ7ly7yaJ8bGmi3my6SYO+Grqb6TXwVPD7fzYBUFV7PwOmq5ucgw/sG8vQ7C+DZeribBssW4P3D3yvWiemp7/buh9T/2YjhN2k9BXxYb206md1asgszyflzu5Xo0nKiDPXaQWkPz/MfyNc9N0wFBq5wRLMHv60LyWhB6WvqcFUydTqSqwUf6gyu42IMP1ojBiftWU9nCADKMAlpA20T3DLTP58aQvJaKCmia3wEAAP//jX/pUPADAAA\",\"objectset.rio.cattle.io/id\":\"7d6c4d88-7192-4775-920e-6834ffbb0e6c\"},\"creationTimestamp\":\"2025-04-17T06:57:02Z\",\"generation\":2,\"labels\":{\"objectset.rio.cattle.io/hash\":\"1b674df957ac556b70d36a92d6c241eb9121ac25\"},\"managedFields\":[{\"apiVersion\":\"nacos.io/v1alpha1\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:status\":{\".\":{},\"f:phase\":{}}},\"manager\":\"manager\",\"operation\":\"Update\",\"subresource\":\"status\",\"time\":\"2025-04-17T06:57:02Z\"},{\"apiVersion\":\"nacos.io/v1alpha1\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:objectset.rio.cattle.io/applied\":{},\"f:objectset.rio.cattle.io/id\":{}},\"f:labels\":{\".\":{},\"f:objectset.rio.cattle.io/hash\":{}}},\"f:spec\":{\".\":{},\"f:database\":{\".\":{},\"f:mysqlDb\":{},\"f:mysqlHost\":{},\"f:mysqlPassword\":{},\"f:mysqlPort\":{},\"f:mysqlUser\":{},\"f:type\":{}},\"f:image\":{},\"f:k8sWrapper\":{\".\":{},\"f:PodSpec\":{}},\"f:replicas\":{},\"f:resources\":{\".\":{},\"f:limits\":{\".\":{},\"f:cpu\":{},\"f:memory\":{}},\"f:requests\":{\".\":{},\"f:cpu\":{},\"f:memory\":{}}},\"f:type\":{}}},\"manager\":\"agent\",\"operation\":\"Update\",\"time\":\"2025-04-17T09:38:38Z\"}],\"name\":\"nacos\",\"namespace\":\"spark\",\"resourceVersion\":\"94840654\",\"uid\":\"9230607a-2046-49ed-aa03-e4d29698684a\"},\"spec\":{\"database\":{\"mysqlDb\":\"nacos\",\"mysqlHost\":\"nacos-mysql\",\"mysqlPassword\":\"HHYonr7S2asXWGwzTssF5K8E9Vg96L8Sqsaf6Xd8\",\"mysqlPort\":\"3306\",\"mysqlUser\":\"nacos\",\"type\":\"mysql\"},\"image\":\"nacos/nacos-server:v2.3.2\",\"k8sWrapper\":{\"PodSpec\":{},\"containers\":[{\"env\":[{\"name\":\"NACOS_AUTH_ENABLE\",\"value\":\"true\"},{\"name\":\"NACOS_AUTH_TOKEN\",\"value\":\"d0FxRTMyUzR2S041V1RTdzJmSGhKN0wyeldlYlpRU0g4OVRYUmR6Nk1t\"},{\"name\":\"NACOS_AUTH_TOKEN_EXPIRE_SECONDS\",\"value\":\"7200\"},{\"name\":\"NACOS_AUTH_IDENTITY_KEY\",\"value\":\"Mzo7C79SuL593JA4\"},{\"name\":\"NACOS_AUTH_IDENTITY_VALUE\",\"value\":\"ejVg55ULJ4TtEd49ZBysfGAKtz5H62tf\"}],\"name\":\"nacos\"}]},\"replicas\":3,\"resources\":{\"limits\":{\"cpu\":2,\"memory\":\"4Gi\"},\"requests\":{\"cpu\":\"200m\",\"memory\":\"512Mi\"}},\"type\":\"cluster\"},\"status\":{\"phase\":\"Creating\"}}": strict decoding error: unknown field "spec.k8sWrapper.containers"

请问在使用 operator CDR 的情况下,如何开启身份验证?

PS: 这些ENV, 在我使用 nacos/nacos-server:v2.3.2镜像,自己写 k8s sts 来启动,是可以开启身份认证的。
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ainy0293
0