要在k8s:prometheus页面添加鉴权,需要进行以下步骤:
- 创建一个Kubernetes Secret对象,用于存储用户名和密码。
$ kubectl create secret generic prometheus-basic-auth --from-literal=username=myuser --from-literal=password=mypass
- 创建一个ConfigMap对象,用于存储nginx配置文件。
$ kubectl create configmap prometheus-nginx-conf --from-file=nginx.conf
- 创建一个Deployment对象,用于运行nginx容器,并挂载上面创建的Secret和ConfigMap。
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus-nginx
spec:
replicas: 1
selector:
matchLabels:
app: prometheus-nginx
template:
metadata:
labels:
app: prometheus-nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
volumeMounts:
- name: nginx-conf-volume
mountPath: /etc/nginx/conf.d/
- name: basic-auth-volume
mountPath: /etc/nginx/.htpasswd/
subPath: .htpasswd
volumes:
- name: nginx-conf-volume
configMap:
name: prometheus-nginx-conf
items:
- key : nginx.conf
path : default.conf
- name : basic-auth-volume
secret :
secretName : prometheus-basic-auth
- 创建一个Service对象,将Deployment暴露为NodePort类型的Service。
apiVersion : v1
kind : Service
metadata :
name : prometheus-service
spec :
type : NodePort
selector :
app : prometheus-nginx
ports :
- name : http
port : 80
targetPort : 80
- 配置Ingress对象,将请求转发到Service。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: prometheus-ingress
spec:
rules:
- host: prometheus.example.com # Replace with your domain name
http:
paths:
- backend:
serviceName: prometheus-service
servicePort: http
path: /prometheus/
- 在ConfigMap中创建nginx.conf文件,配置鉴权相关的内容。
server {
listen 80;
server_name localhost;
location /prometheus/ {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd/default;
proxy_pass http://prometheus-service/;
}
}
这样就完成了在k8s:prometheus页面添加鉴权的步骤。用户访问/prometheus路径时会弹出认证框,输入正确的用户名和密码后才能访问Prometheus页面。
![5-01-15T13:58:44+08:00 [FATA][LIB][MonDB] server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: 127.0.0.1:27017, Type: Unknown, Last error: connection() error occured during connection handshake: di...](https://linuxcpp.0voice.com/zb_users/upload/2023/05/202305162215397523846.png)
