认证授权的地方没有示例，导致从2.0.x版本升级到2.1.x用户切换不丝滑

[andotorg]

项目不维护了吗？怎么不升级nacos版本了都2.2.3了

[andotorg]

2.0.x升级2.2.x需要修改以下两项

数据库表增加字段

ALTER TABLE config_info ADD encrypted_data_key TEXT NOT NULL;

ALTER TABLE config_info_beta ADD encrypted_data_key TEXT NOT NULL;

ALTER TABLE his_config_info ADD encrypted_data_key TEXT NOT NULL;

增加环境变量

- name: SPRING_DATASOURCE_PLATFORM

value: "mysql"

[andotorg]

没有了 custom.properties之后，对于k8s怎么去把applications.properties挂载呢？

[andotorg]

@paderlol 最新镜像里面把开启鉴权放在了start脚本中读取环境变量，但是k8s设置了环境变量不起作用

[andotorg]

通过查看代码原来是在这里配置 `// 设置认证环境变量 if nacos.Spec.Certification.Enabled { env = append(env, v1.EnvVar{ Name: "NACOS_AUTH_ENABLE", Value: strconv.FormatBool(nacos.Spec.Certification.Enabled), })

    env = append(env, v1.EnvVar{
        Name:  "NACOS_AUTH_TOKEN_EXPIRE_SECONDS",
        Value: nacos.Spec.Certification.TokenExpireSeconds,
    })

    env = append(env, v1.EnvVar{
        Name:  "NACOS_AUTH_TOKEN",
        Value: nacos.Spec.Certification.Token,
    })

    env = append(env, v1.EnvVar{
        Name:  "NACOS_AUTH_CACHE_ENABLE",
        Value: strconv.FormatBool(nacos.Spec.Certification.CacheEnabled),
    })
}`

[andotorg]

但是配置了 certification.enabled: true 并没有什么软用

[zx900930]

nacos-k8s这个项目的文档落后版本太多了 2.2.x以上只能手动挂载application.properties 以2.3.0 cluster mysql为例： 先创建一个configMap：

kind: ConfigMap
apiVersion: v1
metadata:
  name: nacos-config
  namespace: nacos
data:
  application.properties: >
    # spring

    server.servlet.contextPath=${SERVER_SERVLET_CONTEXTPATH:/nacos}

    server.contextPath=/nacos

    server.port=${NACOS_APPLICATION_PORT:8848}

    server.tomcat.accesslog.max-days=30

    server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %{User-Agent}i
    %{Request-Source}i

    server.tomcat.accesslog.enabled=${TOMCAT_ACCESSLOG_ENABLED:false}

    server.error.include-message=ALWAYS

    # default current work dir

    server.tomcat.basedir=file:.

    #*************** Config Module Related Configurations ***************#

    ### Deprecated configuration property, it is recommended to use
    `spring.sql.init.platform` replaced.

    #spring.datasource.platform=${SPRING_DATASOURCE_PLATFORM:}

    spring.sql.init.platform=${SPRING_DATASOURCE_PLATFORM:}

    nacos.cmdb.dumpTaskInterval=3600

    nacos.cmdb.eventTaskInterval=10

    nacos.cmdb.labelTaskInterval=300

    nacos.cmdb.loadDataAtStart=false

    db.num=${MYSQL_DATABASE_NUM:1}

    db.url.0=jdbc:mysql://${MYSQL_SERVICE_HOST}:${MYSQL_SERVICE_PORT:3306}/${MYSQL_SERVICE_DB_NAME}?${MYSQL_SERVICE_DB_PARAM   
    :characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useSSL=false}

    db.user.0=${MYSQL_SERVICE_USER}

    db.password.0=${MYSQL_SERVICE_PASSWORD}

    ## DB connection pool settings

    db.pool.config.connectionTimeout=${DB_POOL_CONNECTION_TIMEOUT:30000}

    db.pool.config.validationTimeout=10000

    db.pool.config.maximumPoolSize=20

    db.pool.config.minimumIdle=2

    ### The auth system to use, currently only 'nacos' and 'ldap' is supported:
    ### 重要，开启身份认证
    nacos.core.auth.enabled=true

    nacos.core.auth.system.type=${NACOS_AUTH_SYSTEM_TYPE:nacos}

    ### worked when nacos.core.auth.system.type=nacos

    ### The token expiration in seconds:

    nacos.core.auth.plugin.nacos.token.expire.seconds=${NACOS_AUTH_TOKEN_EXPIRE_SECONDS:18000}

    ### The default token:

    nacos.core.auth.plugin.nacos.token.secret.key=${NACOS_AUTH_TOKEN:你的TOKEN, 参见官方文档设置}

    ### Turn on/off caching of auth information. By turning on this switch, the
    update of auth information would have a 15 seconds delay.
    ### 身份认证缓存, 可选开启
    nacos.core.auth.caching.enabled=${NACOS_AUTH_CACHE_ENABLE:true}

    nacos.core.auth.enable.userAgentAuthWhite=${NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE:false}
    ### 此处修改用户名无效，要改请去数据库修改！
    nacos.core.auth.server.identity.key=${NACOS_AUTH_IDENTITY_KEY:}
    ### 此处修改密码无效，要改请去数据库修改！
    nacos.core.auth.server.identity.value=${NACOS_AUTH_IDENTITY_VALUE:}

    ## spring security config

    ### turn off security

    nacos.security.ignore.urls=${NACOS_SECURITY_IGNORE_URLS:/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico   
    ,/console-fe/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/**}

    # metrics for elastic search

    management.metrics.export.elastic.enabled=false

    management.metrics.export.influx.enabled=false

    nacos.naming.distro.taskDispatchThreadCount=10

    nacos.naming.distro.taskDispatchPeriod=200

    nacos.naming.distro.batchSyncKeyCount=1000

    nacos.naming.distro.initDataRatio=0.9

    nacos.naming.distro.syncRetryDelay=5000

    nacos.naming.data.warmup=true

    nacos.console.ui.enabled=true

    nacos.core.param.check.enabled=true

然后在集群启动后在deployment里添加如下挂载:

spec:
      volumes:
        # 默认的custom.properties, 已经无效
        - name: config
          configMap:
            name: nacos-bybrvi
            items:
              - key: custom.properties
                path: custom.properties
            defaultMode: 420
        # 这里是我们刚添加的 application.properties, 注意按照实际情况调整name
        - name: volume-gxre3k
          configMap:
            name: nacos-config
            items:
              - key: application.properties
                path: application.properties
            defaultMode: 420

volumeMounts:
            # 默认的custom.properties, 已经无效
            - name: config
              mountPath: /home/nacos/init.d/custom.properties
              subPath: custom.properties
            # 这里是我们刚添加的 application.properties, 注意按照实际情况调整name
            - name: volume-gxre3k
              mountPath: /home/nacos/conf/application.properties
              subPath: application.properties

再重新创建pod即可

默认用户名和密码还是 nacos:nacos 修改要改数据库这个去网上搜一下就有了