zoukankan      html  css  js  c++  java

  • Consul-ACL添加Token

    开启ACL

    创建acl.json配置文件放在容器中/consul/config并重启节点

    {
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache"
  }
}

    创建启动Token

    [root@k8s-master config]# docker exec -it  consul-server1  /bin/sh         
/ # consul acl bootstrap
AccessorID:       0dc490ee-3d55-3cf5-8645-ff47d116140f
SecretID:         2a558506-4c4b-4f3a-d0cf-c092b01303d0
Description:      Bootstrap Token (Global Management)
Local:            false
Create Time:      2021-06-01 08:52:05.501103749 +0000 UTC
Policies:
   00000000-0000-0000-0000-000000000001 - global-management

    当我们执行完上面的命令后,日志就会输出 consul.acl: ACL bootstrap completed这段提示。

     查看节点需要加入token,并重启节点

    {
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "enable_token_persistence": true,
    "tokens": {
        "master": "2a558506-4c4b-4f3a-d0cf-c092b01303d0"
    }
  }
}

    设定策略

    可以通过命令设定,也可以登陆consul设定

    创建策略文件

    key_prefix "" {
   policy = "write"
}
node_prefix "" {
   policy = "write"
}
service_prefix "" {
   policy = "read"
}
perator = "read"

    创建策略

    export CONSUL_HTTP_TOKEN=2a558506-4c4b-4f3a-d0cf-c092b01303d0
    consul acl policy create -name "token" -description "Agent Token Policy" -rules @agent-policy.hcl

    本人是通过页面创建的,目前里面做了nginx服务发现

    测试结果如下:只有通过token才能查看到里面的服务

    [root@k8s-master config]# curl http://10.150.90.242:8500/v1/agent/services
{}

[root@k8s-master config]# curl http://10.150.90.242:8500/v1/agent/services?token=38af068f-7ded-9edd-d988-83e6c707bace
{"nginx":{"ID":"nginx","Service":"nginx","Tags":[],"Meta":{},"Port":8888,"Address":"10.150.90.243","TaggedAddresses":{"lan_ipv4":{"Address":"10.150.90.243","Port":8888},"wan_ipv4":{"Address":"10.150.90.243","Port":8888}},"Weights":{"Passing":1,"Warning":1},"EnableTagOverride":false,"Datacenter":"dc1"},"userServiceId":{"ID":"userServiceId","Service":"userService","Tags":["primary","v1"],"Meta":{},"Port":8000,"Address":"127.0.0.1","TaggedAddresses":{"lan_ipv4":{"Address":"127.0.0.1","Port":8000},"wan_ipv4":{"Address":"127.0.0.1","Port":8000}},"Weights":{"Passing":1,"Warning":1},"EnableTagOverride":false,"Datacenter":"dc1"}}

    参考:https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#rule-specification

    https://blog.csdn.net/YellowStar5/article/details/90966308
  • 相关阅读:
    利用vbs设置Java环境变量
    svg translate 操作
    JSTL详解(二)
    [Oracle]
    怎样搭建轻量级架构-设计原则
    数据结构--队列
    opencv中各种矩阵乘的差别
    多重背包
    Linux管理员必须知道的sudo命令
    大二上學期學習生活總結
  • 原文地址:https://www.cnblogs.com/fat-girl-spring/p/14838178.html
Copyright © 2011-2022 走看看