在k8s中给zookeeper集群设置登录密码
时间: 2024-02-26 08:58:43 浏览: 16
在Kubernetes中给Zookeeper集群设置登录密码,可以通过配置Kubernetes中的ConfigMap实现。具体步骤如下:
1. 创建一个ConfigMap,将Zookeeper的配置文件放入ConfigMap中,如:
```
apiVersion: v1
kind: ConfigMap
metadata:
name: zookeeper-config
data:
zoo.cfg: |
tickTime=2000
dataDir=/data
clientPort=2181
authProvider.1=org.apache.zookeeper.server.auth.DigestAuthenticationProvider
requireClientAuthScheme=sasl
jaasLoginRenew=3600000
# 添加以下内容
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
kerberos.removeHostFromPrincipal=true
kerberos.removeRealmFromPrincipal=true
```
2. 在Zookeeper的配置文件中添加以下内容:
```
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000
kerberos.removeHostFromPrincipal=true
kerberos.removeRealmFromPrincipal=true
```
3. 在Kubernetes的Secret中创建一个用户名和密码,如:
```
apiVersion: v1
kind: Secret
metadata:
name: zookeeper-auth
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
```
4. 在Zookeeper的配置文件中设置ACL,如:
```
setAcl /zookeeper digest:username:password:rwca
```
其中,`username`和`password`是在步骤3中创建的用户名和密码。
5. 在Zookeeper的Pod的配置文件中设置环境变量,将用户名和密码传递给Zookeeper,如:
```
apiVersion: v1
kind: Pod
metadata:
name: zookeeper-0
spec:
containers:
- name: zookeeper
image: zookeeper:3.5.8
env:
- name: ZOO_MY_ID
value: "0"
- name: ZOO_SERVERS
value: "server.0=zookeeper-0.zookeeper:2888:3888;server.1=zookeeper-1.zookeeper:2888:3888;server.2=zookeeper-2.zookeeper:2888:3888"
- name: ZOO_ADMINSERVER_ENABLED
value: "false"
- name: ZOO_AUTH_PROVIDER_1
value: "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"
- name: ZOO_JAAS_LOGIN_RENEW
value: "3600000"
- name: ZOO_KERBEROS_REMOVE_HOST_FROM_PRINCIPAL
value: "true"
- name: ZOO_KERBEROS_REMOVE_REALM_FROM_PRINCIPAL
value: "true"
- name: ZOO_SERVER_PRINCIPAL
value: "zookeeper/_HOST@EXAMPLE.COM"
- name: ZOO_CLIENT_PRINCIPAL
value: "zookeeper@EXAMPLE.COM"
- name: ZOO_CLIENT_KEYTAB
value: "/etc/security/keytabs/zookeeper.keytab"
- name: ZOO_AUTHORIZATION
value: "true"
- name: ZOO_REQUIRES_AUTH
value: "true"
- name: ZOO_USERNAME
valueFrom:
secretKeyRef:
name: zookeeper-auth
key: username
- name: ZOO_PASSWORD
valueFrom:
secretKeyRef:
name: zookeeper-auth
key: password
```
其中,`ZOO_AUTH_PROVIDER_1`、`ZOO_JAAS_LOGIN_RENEW`、`ZOO_KERBEROS_REMOVE_HOST_FROM_PRINCIPAL`、`ZOO_KERBEROS_REMOVE_REALM_FROM_PRINCIPAL`、`ZOO_SERVER_PRINCIPAL`、`ZOO_CLIENT_PRINCIPAL`、`ZOO_CLIENT_KEYTAB`、`ZOO_AUTHORIZATION`和`ZOO_REQUIRES_AUTH`是为了启用Kerberos认证,如果不需要可以不配置。
这样就可以在Kubernetes中给Zookeeper集群设置登录密码了。