碼上快樂

相關內容    簡體    繁體

Consul-ACL添加Token

本文轉載自   查看原文   2021-06-01 18:10   1559    consul

開啟ACL

創建acl.json配置文件放在容器中/consul/config並重啟節點

{
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache"
  }
}

創建啟動Token

[root@k8s-master config]# docker exec -it  consul-server1  /bin/sh         
/ # consul acl bootstrap
AccessorID:       0dc490ee-3d55-3cf5-8645-ff47d116140f
SecretID:         2a558506-4c4b-4f3a-d0cf-c092b01303d0
Description:      Bootstrap Token (Global Management)
Local:            false
Create Time:      2021-06-01 08:52:05.501103749 +0000 UTC
Policies:
   00000000-0000-0000-0000-000000000001 - global-management

當我們執行完上面的命令后,日志就會輸出 consul.acl: ACL bootstrap completed這段提示。

 查看節點需要加入token,並重啟節點

{
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "enable_token_persistence": true,
    "tokens": {
        "master": "2a558506-4c4b-4f3a-d0cf-c092b01303d0"
    }
  }
}

設定策略

可以通過命令設定,也可以登陸consul設定

創建策略文件

key_prefix "" {
   policy = "write"
}
node_prefix "" {
   policy = "write"
}
service_prefix "" {
   policy = "read"
}
perator = "read"

創建策略

export CONSUL_HTTP_TOKEN=2a558506-4c4b-4f3a-d0cf-c092b01303d0
consul acl policy create -name "token" -description "Agent Token Policy" -rules @agent-policy.hcl

本人是通過頁面創建的,目前里面做了nginx服務發現

測試結果如下:只有通過token才能查看到里面的服務

[root@k8s-master config]# curl http://10.150.90.242:8500/v1/agent/services
{}

[root@k8s-master config]# curl http://10.150.90.242:8500/v1/agent/services?token=38af068f-7ded-9edd-d988-83e6c707bace
{"nginx":{"ID":"nginx","Service":"nginx","Tags":[],"Meta":{},"Port":8888,"Address":"10.150.90.243","TaggedAddresses":{"lan_ipv4":{"Address":"10.150.90.243","Port":8888},"wan_ipv4":{"Address":"10.150.90.243","Port":8888}},"Weights":{"Passing":1,"Warning":1},"EnableTagOverride":false,"Datacenter":"dc1"},"userServiceId":{"ID":"userServiceId","Service":"userService","Tags":["primary","v1"],"Meta":{},"Port":8000,"Address":"127.0.0.1","TaggedAddresses":{"lan_ipv4":{"Address":"127.0.0.1","Port":8000},"wan_ipv4":{"Address":"127.0.0.1","Port":8000}},"Weights":{"Passing":1,"Warning":1},"EnableTagOverride":false,"Datacenter":"dc1"}}

參考:https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#rule-specification

https://blog.csdn.net/YellowStar5/article/details/90966308


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 consul之:ACL配置使用 Consul ACL使用 Consul 入門實戰(4)--ACL 使用 ACL emqx 添加 mysql 插件進行acl驗證 selenium 添加cookie和token git添加token認證 JS全局添加token Axios請求添加token 運維小姐姐說這篇Consul集群和ACL配置超給力(保姆級)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM