Ndizvozvo, mushure mekusunungurwa pakutanga kwaMay 2019, muConsul unogona kubvumidza zvikumbiro uye masevhisi anomhanya muKubernetes natively.
Muchidzidzo ichi tichagadzira nhanho nhanho (Proof of concept, PoC) inoratidza chimiro chitsva ichi.Unotarisirwa kuve neruzivo rwekutanga rweKubernetes neHashicorp's Consul.Nepo uchigona kushandisa chero cloud platform kana on-premises environment, muchidzidzo chino tichashandisa Cloud Platform yeGoogle.
tsananguro
Kana tikaenda , tichawana mhedziso yekukurumidza yechinangwa chayo uye kesi yekushandisa, pamwe neruzivo rwetekinoroji uye mhedziso yepfungwa. Ini ndinokurudzira zvikuru kuiverenga kamwechete kamwe ndisati ndaenderera, sezvo ini ndichave ndichitsanangura uye kutsenga pazviri zvese.
Dhiagiramu 1: Kutariswa kwepamutemo kweiyo Consul mvumo nzira
Ngatitarisei mukati .
Chokwadi, pane ruzivo runobatsira ipapo, asi hapana gwara rekuti unganyatso shandisa sei zvese. Saka, semumwe munhu ane njere, unotsvaga paInternet kuti uwane gwara. Uye zvino... Unokundikana. Zvinoitika. Ngatigadzirise izvi.
Tisati taenderera mberi nekugadzira yedu POC, ngatidzokerei kune mhedziso yenzira dzemvumo dzeConsul (Dhiagiramu 1) uye tigadzirise mumamiriro eKubernetes.
akitekicha
Muchidzidzo ichi, isu tichagadzira Consul server pamushini wakasiyana unotaurirana neKubernetes cluster ine Consul mutengi akaiswa. Isu tichazogadzira yedu dummy application mupodhi uye toshandisa yedu yakagadziriswa mvumo nzira kuverenga kubva kune yedu Consul kiyi / kukosha chitoro.
Dhiagiramu iri pazasi inodonongodza mavakirwo atiri kugadzira muchidzidzo chino, pamwe neruzivo rwekuseri kwenzira yemvumo, inozotsanangurwa gare gare.
Dhiagiramu 2: Kubernetes Authorization Method Overview
Chinyorwa chinokurumidza: iyo Consul server haidi kugara kunze kweKubernetes cluster kuti izvi zvishande. Asi hongu, anogona kuzviita nenzira iyi uye iyo.
Saka, tichitora iyo Consul overview dhizaini (Dhiagiramu 1) uye nekushandisa Kubernetes kwairi, tinowana iyo dhayagiramu iri pamusoro (Diagiramu 2), uye pfungwa iri pano ndeiyi inotevera:
- Imwe neimwe pod ichave neakaundi yebasa yakasungirirwa kwairi ine chiratidzo cheJWT chakagadzirwa uye chinozivikanwa naKubernetes. Ichi chiratidzo chinoiswawo mupodhi nekukasira.
- Yedu yekushandisa kana sevhisi mukati mepod inotanga murairo wekupinda kune yedu Consul mutengi. Chikumbiro chekupinda chichabatanidzawo chiratidzo chedu uye zita zvakanyatsogadzirwa mvumo nzira (Kubernetes type). Iyi nhanho #2 inoenderana nedanho 1 reConsul diagraph (Scheme 1).
- Yedu Consul mutengi anozoendesa chikumbiro ichi kune yedu Consul server.
- MAGIC! Apa ndipo apo Consul server inosimbisa huchokwadi hwechikumbiro, inounganidza ruzivo nezve kuzivikanwa kwechikumbiro uye ichienzanisa nechero yakabatana mitemo yakafanotsanangurwa. Pazasi pane mumwe dhayagiramu kuratidza izvi. Danho iri rinoenderana nenhanho 3, 4 uye 5 yeConsul overview diagram (Dhiagiramu 1).
- Yedu Consul server inogadzira Consul tokeni ine mvumo zvinoenderana neyakatsanangurwa nzira yemvumo mitemo (yatakatsanangura) maererano nekuzivikanwa kweanokumbira. Inobva yatumira chiratidzo ichocho kumashure. Izvi zvinoenderana nedanho rechitanhatu reConsul diagram (Dhiagiramu 6).
- Yedu Consul mutengi anoendesa chiratidzo kune chikumbiro chikumbiro kana sevhisi.
Chishandiso chedu kana sevhisi zvino inogona kushandisa iyi Consul tokeni kutaurirana neConsul data yedu, sezvakatemwa neropafadzo dzechiratidzo.
Mashiripiti anoratidzwa!
Kune vausina kufara netsuro yabuda muheti ndoda kuziva kuti inoshanda sei...regai ndimbokuratidzai kudzika gomba retsuro".
Sezvambotaurwa, nhanho yedu ye "mashiripiti" (Mufananidzo 2: Nhanho 4) ndipo iyo Consul server inosimbisa chikumbiro, inounganidza ruzivo pamusoro pechikumbiro, uye ichienzanisa nemitemo ipi zvayo yakafanotaurwa. Danho iri rinoenderana nenhanho 3, 4 uye 5 yeConsul overview diagram (Dhiagiramu 1). Pazasi pane dhayagiramu (Dhiagiramu 3), chinangwa chayo kuratidza zvakajeka zviri kuitika chaizvo pasi pehodhi chaiyo Kubernetes mvumo nzira.
Mufananidzo 3: Mashiripiti anoratidzwa!
- Sekutanga, mutengi wedu weConsul anoendesa chikumbiro chekupinda kune yedu Consul server neKubernetes account tokeni uye zita remuenzaniso wenzira yekubvumidza iyo yakagadzirwa kare. Iyi nhanho inoenderana nedanho rechitatu mune yakapfuura dunhu tsananguro.
- Iye zvino Consul server (kana mutungamiri) inoda kuona chokwadi chechiratidzo chakagamuchirwa. Naizvozvo, ichabvunza iyo Kubernetes cluster (kuburikidza neConsul mutengi) uye, nemvumo dzakakodzera, tichaona kana chiratidzo chiri chechokwadi uye kuti ndechaani.
- Chikumbiro chakasimbiswa chinozodzoserwa kumutungamiriri weConsul, uye Consul server inotarisa kumusoro kwemvumo nzira yemuenzaniso ine zita rakataurwa kubva pachikumbiro chekupinda (uye Kubernetes mhando).
- Mutungamiriri wemumiriri anozivisa yakatsanangurwa nzira yekubvumidza muenzaniso (kana yawanikwa) uye anoverenga seti yemitemo inosunga inonamirwa pairi. Inobva yaverenga mitemo iyi uye yoienzanisa neyakasimbiswa hunhu.
- TA-dah! Ngatienderei kunhanho yechishanu mutsananguro yedunhu yapfuura.
Mhanya Consul-server pane yenguva dzose virtual muchina
Kubva zvino zvichienda mberi, ini ndichave ndichipa mirairo yekugadzira iyi POC, kazhinji mumabullet point, pasina tsananguro izere yemitsara. Zvakare, sezvambotaurwa, ini ndichashandisa GCP kugadzira zvese zvivakwa, asi iwe unogona kugadzira zvivakwa zvakafanana chero kupi zvako.
- Tanga iyo chaiyo muchina (muenzaniso / server).
- Gadzira mutemo weiyo firewall (boka rekuchengetedza muAWS):
- Ini ndinoda kugovera zita remuchina mumwechete kune ese mutemo uye netiweki tag, mune iyi kesi "skywiz-consul-server-poc".
- Tsvaga IP kero yekombuta yako uye woiwedzera kune rondedzero yeanobva IP kero kuti tigone kuwana iyo mushandisi interface (UI).
- Vhura port 8500 yeUI. Dzvanya Gadzira. Tichachinja iyi firewall zvakare munguva pfupi [].
- Wedzera mutemo we firewall kune muenzaniso. Dzokera kuVM dashboard paConsul Server uye wedzera "skywiz-consul-server-poc" kune network tags field. Dzvanya Save.
- Isa Consul pamushini chaiwo, tarisa pano. Rangarira kuti unoda Consul vhezheni β₯ 1.5 [link]
- Ngatigadzire imwe node Consul - iyo gadziriso ndeyotevera.
groupadd --system consul
useradd -s /sbin/nologin --system -g consul consul
mkdir -p /var/lib/consul
chown -R consul:consul /var/lib/consul
chmod -R 775 /var/lib/consul
mkdir /etc/consul.d
chown -R consul:consul /etc/consul.d- Kuti uwane rumwe ruzivo rwakadzama rwekuisa Consul uye kumisikidza sumbu remanodhi matatu, ona .
- Gadzira faira /etc/consul.d/agent.json sezvinotevera []:
### /etc/consul.d/agent.json
{
"acl" : {
"enabled": true,
"default_policy": "deny",
"enable_token_persistence": true
}
}- Tanga yedu Consul server:
consul agent
-server
-ui
-client 0.0.0.0
-data-dir=/var/lib/consul
-bootstrap-expect=1
-config-dir=/etc/consul.d- Iwe unofanirwa kuona boka rezvakabuda uye wozopedzisira ne "... update yakavharwa ne ACLs."
- Tsvaga yekunze IP kero yeConsul server uye vhura browser neiyi IP kero pachiteshi 8500. Iva nechokwadi chekuti UI inovhura.
- Edza kuwedzera kiyi/value peya. Panofanira kunge paine kukanganisa. Izvi zvinodaro nekuti takaisa Consul server neACL uye takadzima mitemo yese.
- Dzokera kugomba rako pane Consul server uye tanga maitiro kumashure kana imwe nzira yekuita kuti ishande uye isa zvinotevera:
consul acl bootstrap- Tsvaga iyo "SecretID" kukosha uye dzokera kuUI. Mune iyo ACL tab, isa chakavanzika ID chechiratidzo chawabva kukopa. Kopira SecretID kumwe kunhu, tichaida gare gare.
- Zvino wedzera kiyi / kukosha peya. Kune iyi POC, wedzera zvinotevera: kiyi: "custom-ns/test_key", kukosha: "Ndiri mucustom-ns folda!"
Kutangisa sumbu reKubernetes rekushandisa kwedu neConsul mutengi seDaemoset
- Gadzira boka reK8s (Kubernetes) Tichaigadzira munzvimbo imwechete sevhavha yekukurumidza kuwana, uye saka tinogona kushandisa imwechete subnet kuti tibatane nyore nemukati IP kero. Tichazvidaidza kuti "skywiz-app-ne-consul-client-poc".
- Sechinyorwa chepadivi, heino dzidziso yakanaka yandakawana ndichigadzira POC Consul cluster neConsul Connect.
- Isu tichave zvakare tichishandisa Hashicorp helm chati ine yakawedzera kukosha faira.
- Isa uye gadzirisa Helm. Kugadzirisa matanho:
kubectl create serviceaccount tiller --namespace kube-system
kubectl create clusterrolebinding tiller-admin-binding
--clusterrole=cluster-admin --serviceaccount=kube-system:tiller
./helm init --service-account=tiller
./helm update- helm chart:
- Shandisa iyo inotevera kukosha faira (noti ini ndakaremara zvakanyanya):
### poc-helm-consul-values.yaml
global:
enabled: false
image: "consul:latest"
# Expose the Consul UI through this LoadBalancer
ui:
enabled: false
# Allow Consul to inject the Connect proxy into Kubernetes containers
connectInject:
enabled: false
# Configure a Consul client on Kubernetes nodes. GRPC listener is required for Connect.
client:
enabled: true
join: ["<PRIVATE_IP_CONSUL_SERVER>"]
extraConfig: |
{
"acl" : {
"enabled": true,
"default_policy": "deny",
"enable_token_persistence": true
}
}
# Minimal Consul configuration. Not suitable for production.
server:
enabled: false
# Sync Kubernetes and Consul services
syncCatalog:
enabled: false- Shandisa helm chart:
./helm install -f poc-helm-consul-values.yaml ./consul-helm - name skywiz-app-with-consul-client-poc- Painoyedza kumhanya, inoda mvumo yeConsul server, saka ngativawedzere.
- Ziva iyo "Pod Kero Range" iri pane cluster dashboard uye dzokera kune yedu "skywiz-consul-server-poc" firewall mutemo.
- Wedzera kero renji yepodhi kune rondedzero yeIP kero uye vhura ports 8301 uye 8300.
- Enda kuConsul UI uye mushure memaminitsi mashoma iwe uchaona sumbu redu richionekwa mune nodes tab.
Kugadzirisa Nzira yeMvumo nekubatanidza Consul neKubernetes
- Dzokera kuConsul server shell uye tumira kunze chiratidzo chawakachengeta kare:
export CONSUL_HTTP_TOKEN=<SecretID>- Isu tichada ruzivo kubva kune yedu Kubernetes cluster kugadzira muenzaniso weiyo auth nzira:
- kubernetes-host
kubectl get endpoints | grep kubernetes- kubernetes-service-account-jwt
kubectl get sa <helm_deployment_name>-consul-client -o yaml | grep "- name:"
kubectl get secret <secret_name_from_prev_command> -o yaml | grep token:- Chiratidzo chacho chiri base64 chakavharidzirwa, saka chibvise uchishandisa chako chaunofarira []
- kubernetes-ca-cert
kubectl get secret <secret_name_from_prev_command> -o yaml | grep ca.crt:- Tora "ca.crt" chitupa (mushure mebase64 decoding) uye nyora mu "ca.crt" faira.
- Zvino simbisa iyo auth nzira, kutsiva vanobata nzvimbo nehunhu hwauchangobva kugamuchira.
consul acl auth-method create
-type "kubernetes"
-name "auth-method-skywiz-consul-poc"
-description "This is an auth method using kubernetes for the cluster skywiz-app-with-consul-client-poc"
-kubernetes-host "<k8s_endpoint_retrieved earlier>"
[email protected]
-kubernetes-service-account-
jwt="<decoded_token_retrieved_earlier>"- Zvadaro tinoda kugadzira mutemo uye kuubatanidza kune basa idzva. Kune chikamu ichi unogona kushandisa Consul UI, asi isu tichashandisa mutsara wekuraira.
- Nyora mutemo
### kv-custom-ns-policy.hcl
key_prefix "custom-ns/" {
policy = "write"
}- Shandisa mutemo
consul acl policy create
-name kv-custom-ns-policy
-description "This is an example policy for kv at custom-ns/"
-rules @kv-custom-ns-policy.hcl- Tsvaga ID yemutemo wauchangobva kugadzira kubva pane zvakabuda.
- Gadzira basa nemutemo mutsva.
consul acl role create
-name "custom-ns-role"
-description "This is an example role for custom-ns namespace"
-policy-id <policy_id>- Iye zvino tichabatanidza basa redu idzva neyouth nzira muenzaniso. Ziva kuti mureza we "selector" unoona kana chikumbiro chedu chekupinda chichagamuchira basa iri. Tarisa pano kune dzimwe sarudzo dzekusarudza:
consul acl binding-rule create
-method=auth-method-skywiz-consul-poc
-bind-type=role
-bind-name='custom-ns-role'
-selector='serviceaccount.namespace=="custom-ns"'Pakupedzisira zvigadziriso
Kodzero dzekuwana
- Gadzira kodzero dzekuwana. Isu tinofanirwa kupa Consul mvumo yekuona uye kuona kuzivikanwa kweK8s service account tokeni.
- Nyora zvinotevera kufaira :
###skywiz-poc-consul-server_rbac.yaml
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: review-tokens
namespace: default
subjects:
- kind: ServiceAccount
name: skywiz-app-with-consul-client-poc-consul-client
namespace: default
roleRef:
kind: ClusterRole
name: system:auth-delegator
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: service-account-getter
namespace: default
rules:
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: get-service-accounts
namespace: default
subjects:
- kind: ServiceAccount
name: skywiz-app-with-consul-client-poc-consul-client
namespace: default
roleRef:
kind: ClusterRole
name: service-account-getter
apiGroup: rbac.authorization.k8s.io- Ngatigadzire kodzero dzekuwana
kubectl create -f skywiz-poc-consul-server_rbac.yamlKubatanidza kune Consul Client
- Sezvakataurwa Pane akati wandei sarudzo dzekubatanidza kune daemoset, asi isu tichaenda kune inotevera mhinduro iri nyore:
- Isa faira rinotevera [].
### poc-consul-client-ds-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: consul-ds-client
spec:
selector:
app: consul
chart: consul-helm
component: client
hasDNS: "true"
release: skywiz-app-with-consul-client-poc
ports:
- protocol: TCP
port: 80
targetPort: 8500- Wobva washandisa iyo inotevera buildin command kugadzira configmap []. Tapota cherechedza kuti tiri kureva zita rebasa redu, ritsive kana zvakakodzera.
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
labels:
addonmanager.kubernetes.io/mode: EnsureExists
name: kube-dns
namespace: kube-system
data:
stubDomains: |
{"consul": ["$(kubectl get svc consul-ds-client -o jsonpath='{.spec.clusterIP}')"]}
EOFKuedza nzira yechokwadi
Zvino ngationei mashiripiti ari kuita!
- Gadzira akati wandei mamwe makiyi maforodha ane imwechete yepamusoro-level kiyi (kureva. /sample_key) uye kukosha kwesarudzo yako. Gadzira marongero akakodzera uye mabasa enzira nyowani dzakakosha. Tichazoita mabindings gare gare.
Custom namespace test:
- Ngatigadzirei nzvimbo yedu yezita:
kubectl create namespace custom-ns- Ngatigadzirei pod munzvimbo yedu itsva yemazita. Nyora gadziriro yepodhi.
###poc-ubuntu-custom-ns.yaml
apiVersion: v1
kind: Pod
metadata:
name: poc-ubuntu-custom-ns
namespace: custom-ns
spec:
containers:
- name: poc-ubuntu-custom-ns
image: ubuntu
command: ["/bin/bash", "-ec", "sleep infinity"]
restartPolicy: Never- Gadzira pasi:
kubectl create -f poc-ubuntu-custom-ns.yaml- Kana mudziyo uchinge uchishanda, enda ikoko uye isa curl.
kubectl exec poc-ubuntu-custom-ns -n custom-ns -it /bin/bash
apt-get update && apt-get install curl -y- Iye zvino tichatumira chikumbiro chekupinda kuConsul tichishandisa nzira yemvumo yatakagadzira kare [].
- Kuti uone chiratidzo chakapinda kubva kuakaundi yako yebasa:
cat /run/secrets/kubernetes.io/serviceaccount/token- Nyora zvinotevera kune faira mukati memudziyo:
### payload.json
{
"AuthMethod": "auth-method-test",
"BearerToken": "<jwt_token>"
}- Login!
curl
--request POST
--data @payload.json
consul-ds-client.default.svc.cluster.local/v1/acl/login- Kuti upedze matanho ari pamusoro mumutsara mumwe (sezvo tichange tichiita bvunzo dzakawanda), unogona kuita zvinotevera:
echo "{
"AuthMethod": "auth-method-skywiz-consul-poc",
"BearerToken": "$(cat /run/secrets/kubernetes.io/serviceaccount/token)"
}"
| curl
--request POST
--data @-
consul-ds-client.default.svc.cluster.local/v1/acl/login- Works! Zvirinani zvinofanira. Zvino tora SecretID uye edza kuwana kiyi / kukosha kwatinofanira kuwana.
curl
consul-ds-client.default.svc.cluster.local/v1/kv/custom-ns/test_key --header βX-Consul-Token: <SecretID_from_prev_response>β- Unogona base64 decode "Kukosha" uye woona kuti inofanana nehukoshi mutsika-ns/test_key muUI. Kana iwe wakashandisa kukosha kwakafanana pamusoro pechidzidzo chino, kukosha kwako kwakakodhwa kungave IkknbSBpbiB0aGUgY3VzdG9tLW5zIGZvbGRlciEi.
Mushandisi weakaundi account bvunzo:
- Gadzira tsika ServiceAccount uchishandisa murairo unotevera [].
kubectl apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: custom-sa
EOF- Gadzira faira nyowani yekumisikidza yepodhi. Ndokumbira utarise kuti ini ndakasanganisira kuisirwa curl kuchengetedza basa :)
###poc-ubuntu-custom-sa.yaml
apiVersion: v1
kind: Pod
metadata:
name: poc-ubuntu-custom-sa
namespace: default
spec:
serviceAccountName: custom-sa
containers:
- name: poc-ubuntu-custom-sa
image: ubuntu
command: ["/bin/bash","-ec"]
args: ["apt-get update && apt-get install curl -y; sleep infinity"]
restartPolicy: Never- Mushure meizvozvo, shandisa goko mukati memudziyo.
kubectl exec -it poc-ubuntu-custom-sa /bin/bash- Login!
echo "{
"AuthMethod": "auth-method-skywiz-consul-poc",
"BearerToken": "$(cat /run/secrets/kubernetes.io/serviceaccount/token)"
}"
| curl
--request POST
--data @-
consul-ds-client.default.svc.cluster.local/v1/acl/login- Mvumo yarambwa. Ah, takanganwa kuwedzera mutemo mutsva unosunga nemvumo dzakakodzera, ngatiite izvozvi.
Dzokorora matanho apfuura pamusoro:
a) Gadzira yakafanana Policy ye prefix "custom-sa/".
b) Gadzira Basa, ridaidze "custom-sa-role"
c) Batanidza Policy kune Basa.
- Gadzira Rule-Kusunga (zvinogoneka chete kubva cli/api). Cherechedza zvinoreva zvakasiyana zvemureza wekusarudza.
consul acl binding-rule create
-method=auth-method-skywiz-consul-poc
-bind-type=role
-bind-name='custom-sa-role'
-selector='serviceaccount.name=="custom-sa"'- Pinda zvakare kubva ku "poc-ubuntu-custom-sa" mudziyo. Success!
- Tarisa uone kuwana kwedu kune tsika-sa/ kiyi nzira.
curl
consul-ds-client.default.svc.cluster.local/v1/kv/custom-sa/test_key --header βX-Consul-Token: <SecretID>β- Iwe unogona zvakare kuve nechokwadi chekuti chiratidzo ichi hachipi mukana we kv mu "custom-ns/". Ingodzokorora murairo uri pamusoro mushure mekutsiva "custom-sa" nechivakashure "custom-ns".
Mvumo yarambwa.
Overlay muenzaniso:
- Zvakakosha kucherechedza kuti mamepu ese anosunga mutemo anozowedzerwa kune tokeni ine kodzero idzi.
- Chigadziko chedu "poc-ubuntu-custom-sa" chiri munzvimbo yezita - saka ngatiishandise kune imwe yemitemo-inosunga.
- Dzokorora matanho apfuura:
a) Gadzira yakafanana Policy ye "default/" kiyi prefix.
b) Gadzira Basa, ripe zita rekuti "default-ns-role"
c) Batanidza Policy kune Basa. - Gadzira Rule-Kusunga (zvinogoneka chete kubva cli/api)
consul acl binding-rule create
-method=auth-method-skywiz-consul-poc
-bind-type=role
-bind-name='default-ns-role'
-selector='serviceaccount.namespace=="default"'- Dzokera kune yedu "poc-ubuntu-custom-sa" mudziyo uye edza kuwana iyo "default/" kv nzira.
- Mvumo yarambwa.
Iwe unogona kuona zvakatarwa zvitupa zvechiratidzo chega chega muUI pasi pe ACL> Tokens. Sezvauri kuona, chiratidzo chedu chazvino chine chete "custom-sa-role" yakabatanidzwa pairi. Chiratidzo chatiri kushandisa parizvino chakagadzirwa patakapinda mukati uye kwaingova nemutemo mumwe chete unosunga waienderana ipapo. Tinofanira kupinda zvakare uye kushandisa chiratidzo chitsva. - Ita shuwa kuti unokwanisa kuverenga kubva kune ese "custom-sa/" uye "default/" kv nzira.
Kubudirira!
Izvi zvinodaro nekuti yedu "poc-ubuntu-custom-sa" inofanana ne "custom-sa" uye "default-ns" yemitemo inosunga.
mhedziso
TTL chiratidzo mgmt?
Panguva yekunyora uku, hapana nzira yakabatanidzwa yekuona iyo TTL yematokeni anogadzirwa neiyi nzira yekubvumidza. Ungave mukana unoshamisa wekupa yakachengeteka otomatiki yemvumo yeConsul.
Pane sarudzo yekugadzira nemaoko tokeni neTTL:
Nguva Yekupera - Nguva iyo chiratidzo ichi chichabviswa. (Sarudzo; yakawedzerwa muConsul 1.5.0)- Iripo chete pakugadzira nemaoko / kugadzirisa
Tinovimba munguva pfupi iri kutevera tichakwanisa kudzora kuti tokens inogadzirwa sei (pamutemo kana mvumo nzira) uye kuwedzera TTL.
Kusvika panguva iyoyo, zvinokurudzirwa kuti ushandise yekubuda kwekupedzisira mune yako logic.
Verengawo zvimwe zvinyorwa pane yedu blog:
Source: www.habr.com