如何在Kubernetes部署文件中启用Cassandra密码身份验证
[英]How to enable Cassandra Password Authentication in Kubernetes deployment file
问题描述
I've been struggling with this for quite a while now. 
我已经为此苦了很久了。 My effort so far is shown below. 到目前为止,我的努力如下所示。 The env variable, CASSANDRA_AUTHENTICATOR , in my opinion, is supposed to enable password authentication. 我认为env变量CASSANDRA_AUTHENTICATOR应该启用密码验证。 However, I'm still able to logon without a password after redeploying with this config. 但是,使用此配置重新部署后,我仍然可以在没有密码的情况下登录。 Any ideas on how to enable password authentication in a Kubernetes deployment file? 关于如何在Kubernetes部署文件中启用密码身份验证的任何想法?
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: cassandra
spec:
replicas: 1
template:
metadata:
labels:
app: cassandra
spec:
containers:
- name: cassandra
image: cassandra
env:
- name: CASSANDRA_CLUSTER_NAME
value: Cassandra
- name: CASSANDRA_AUTHENTICATOR
value: PasswordAuthenticator
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
name: cql
volumeMounts:
- mountPath: /var/lib/cassandra/data
name: data
volumes:
- name: data
emptyDir: {}
The environment is Google Cloud Platform. 环境是Google Cloud Platform。
1 个解决方案
解决方案1
1 2017-07-16 11:29:22
So I made few changes to the artifact you have mentioned: 因此,我对您提到的工件做了一些更改:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: cassandra
spec:
replicas: 1
template:
metadata:
labels:
app: cassandra
spec:
containers:
- name: cassandra
image: bitnami/cassandra:latest
env:
- name: CASSANDRA_CLUSTER_NAME
value: Cassandra
- name: CASSANDRA_PASSWORD
value: pass123
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
name: cql
volumeMounts:
- mountPath: /var/lib/cassandra/data
name: data
volumes:
- name: data
emptyDir: {}
The changes I made were: 我所做的更改是:
image name has been changed to bitnami/cassandra:latest and then replaced the env CASSANDRA_AUTHENTICATOR with CASSANDRA_PASSWORD . image名称已更改为bitnami/cassandra:latest再换成env CASSANDRA_AUTHENTICATOR与CASSANDRA_PASSWORD 。
After you deploy the above artifact then I could authenticate as shown below 部署上述工件后,我可以如下所示进行身份验证
Trying to exec into pod
试图执行到Pod fedora@dhcp35-42:~/tmp/cassandra$ oc exec -it cassandra-2750650372-g8l9s bash root@cassandra-2750650372-g8l9s:/#Once inside the pod trying to authenticate with the server
进入Pod后,尝试通过服务器进行身份验证 root@cassandra-2750650372-g8l9s:/# cqlsh 127.0.0.1 9042 -p pass123 -u cassandra Connected to Cassandra at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 3.11.0 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. cassandra@cqlsh>
This image documentation can be found at https://hub.docker.com/r/bitnami/cassandra/ 可以在https://hub.docker.com/r/bitnami/cassandra/中找到该图像文档
If you are not comfortable using the third party image and wanna use the image that upstream community manages then look for following solution, which is more DIY but also is more flexible. 如果您不习惯使用第三方映像,并且想使用上游社区管理的映像,则可以寻找以下解决方案,该解决方案更加DIY,但也更加灵活。
To setup the password you were trying to use the env CASSANDRA_AUTHENTICATOR but this is not merged proposal yet for the image cassandra . 要设置密码,您尝试使用env CASSANDRA_AUTHENTICATOR但是尚未将其合并为图像cassandra建议。 You can see the open PRs here . 您可以在此处查看打开的PR。
Right now the upstream suggest doing the mount of file cassandra.yaml at /etc/cassandra/cassandra.yaml , so that people can set whatever settings they want. 现在,上游建议在/etc/cassandra/cassandra.yaml挂载cassandra.yaml文件,以便人们可以设置所需的任何设置。
So follow the steps to do it: 因此,请按照以下步骤进行操作:
- Download the cassandra.yaml 下载cassandra.yaml
I have made following changes to the file: 我对文件进行了以下更改:
$ diff cassandra.yaml mycassandra.yaml
103c103
< authenticator: AllowAllAuthenticator
---
> authenticator: PasswordAuthenticator
- Create configmap with that file 使用该文件创建configmap
We have to create Kubernetes Configmap which then we will mount inside the container, we cannot do host mount similar to docker. 我们必须创建Kubernetes Configmap ,然后将其安装在容器内,我们无法像docker那样进行主机安装。
$ cp mycassandra.yaml cassandra.yaml
$ k create configmap cassandraconfig --from-file ./cassandra.yaml
The name of configmap is cassandraconfig . configmap的名称是cassandraconfig 。
Now edit the
deploymentto use this config and mount it in right place现在编辑deployment以使用此配置并将其安装在正确的位置apiVersion: extensions/v1beta1 kind: Deployment metadata: name: cassandra spec: replicas: 1 template: metadata: labels: app: cassandra spec: containers: - name: cassandra image: cassandra env: - name: CASSANDRA_CLUSTER_NAME value: Cassandra ports: - containerPort: 7000 name: intra-node - containerPort: 7001 name: tls-intra-node - containerPort: 7199 name: jmx - containerPort: 9042 name: cql volumeMounts: - mountPath: /var/lib/cassandra/data name: data - mountPath: /etc/cassandra/ name: cassandraconfig volumes: - name: data emptyDir: {} - name: cassandraconfig configMap: name: cassandraconfig
Once you create this deployment. 创建此部署后。
Now exec in the pod
现在在Pod中执行 $ k exec -it cassandra-1663662957-6tcj6 bash root@cassandra-1663662957-6tcj6:/#Try using the client
尝试使用客户端 root@cassandra-1663662957-6tcj6:/# cqlsh 127.0.0.1 9042 Connection error: ('Unable to connect to any servers', {'127.0.0.1': AuthenticationFailed('Remote end requires authentication.',)})
For more information on creating configMap and using it by mounting inside container you can read this doc , which helped me for this answer. 有关创建configMap以及通过在容器内安装来使用它的更多信息,您可以阅读此文档 , 该文档对我有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.