将用户添加到您的InfluxDB集群
通过您的身份提供者和InfluxDB AppInstance资源,将具有管理访问权限的用户添加到您的InfluxDB集群。
使用您的身份提供者为需要访问您的InfluxDB集群管理权限的用户创建OAuth2账户。
有关添加用户的信息,请参阅您的身份提供者的文档。
将用户添加到您的InfluxDB
AppInstance资源。您可以直接在您的myinfluxdb.yml配置文件中编辑AppInstance资源,或者如果您正在使用InfluxDB集群Helm图表,您可以将用户添加到您的values.yaml以修改AppInstance资源。所需的凭证取决于您的身份提供者。如果您直接编辑
AppInstance资源,请在您的myinfluxdb.yml配置文件中提供以下字段的值spec.package.spec.adminidentityProvider:身份提供者名称。如果您使用Microsoft Entra ID(以前称为Azure Active Directory),请将名称设置为azure。jwksEndpoint:由您的身份提供者提供的JWKS端点。users:授予对您的InfluxDB集群管理访问权限的OAuth2用户列表。ID由您的身份提供者提供。
以下为Keycloak、Auth0和Microsoft Entra ID的示例,但其他OAuth2提供者也应适用
apiVersion: kubecfg.dev/v1alpha1 kind: AppInstance # ... spec: package: spec: admin: identityProvider: keycloak jwksEndpoint: |- https://KEYCLOAK_HOST/auth/realms/KEYCLOAK_REALM/protocol/openid-connect/certs users: # All fields are required but `firstName`, `lastName`, and `email` can be # arbitrary values. However, `id` must match the user ID provided by Keycloak. - id:KEYCLOAK_USER_IDfirstName: Marty lastName: McFly email: mcfly@influxdata.com替换以下内容
KEYCLOAK_HOST:您的Keycloak服务器的主机名和端口号KEYCLOAK_REALM:Keycloak域KEYCLOAK_USER_ID:授予InfluxDB管理访问权限的Keycloak用户ID (参见使用Keycloak查找用户ID)
apiVersion: kubecfg.dev/v1alpha1 kind: AppInstance # ... spec: package: spec: admin: identityProvider: auth0 jwksEndpoint: |- https://AUTH0_HOST/.well-known/openid-configuration users: # All fields are required but `firstName`, `lastName`, and `email` can be # arbitrary values. However, `id` must match the user ID provided by Auth0. - id:AUTH0_USER_IDfirstName: Marty lastName: McFly email: mcfly@influxdata.com替换以下内容
AUTH0_HOST:您的Auth0服务器的主机名和端口号AUTH0_USER_ID:授予InfluxDB管理访问权限的Auth0用户ID
apiVersion: kubecfg.dev/v1alpha1 kind: AppInstance # ... spec: package: spec: admin: identityProvider: azure jwksEndpoint: |- https://login.microsoftonline.com/AZURE_TENANT_ID/discovery/v2.0/keys users: # All fields are required but `firstName`, `lastName`, and `email` can be # arbitrary values. However, `id` must match the user ID provided by Azure. - id:AZURE_USER_IDfirstName: Marty lastName: McFly email: mcfly@influxdata.com替换以下内容
AZURE_TENANT_ID:Microsoft Entra租户IDAZURE_USER_ID:授予InfluxDB管理访问权限的Microsoft Entra用户ID (参见使用Microsoft Entra ID查找用户ID)
如果使用InfluxDB集群Helm图表,请在您的
values.yaml中提供以下字段的值管理员identityProvider:身份提供者名称。如果您使用Microsoft Entra ID(以前称为Azure Active Directory),请将名称设置为azure。jwksEndpoint:由您的身份提供者提供的JWKS端点。users:授予对您的InfluxDB集群管理访问权限的OAuth2用户列表。ID由您的身份提供者提供。
以下为Keycloak、Auth0和Microsoft Entra ID的示例,但其他OAuth2提供者也应适用
admin: # The identity provider to be used (such as "keycloak", "auth0", or "azure") # Note, use "azure" for Azure Active Directory identityProvider: keycloak # The JWKS endpoint provided by the Identity Provider jwksEndpoint: |- https://KEYCLOAK_HOST/auth/realms/KEYCLOAK_REALM/protocol/openid-connect/certs # The list of users to grant access to Clustered via influxctl users: # All fields are required but `firstName`, `lastName`, and `email` can be # arbitrary values. However, `id` must match the user ID provided by Keycloak. - id:KEYCLOAK_USER_IDfirstName: Marty lastName: McFly email: mcfly@influxdata.com替换以下内容
KEYCLOAK_HOST:您的Keycloak服务器的主机名和端口号KEYCLOAK_REALM:Keycloak域KEYCLOAK_USER_ID:授予InfluxDB管理访问权限的Keycloak用户ID
admin: # The identity provider to be used e.g. "keycloak", "auth0", "azure", etc # Note, use "azure" for Azure Active Directory. identityProvider: auth0 # The JWKS endpoint provided by the Identity Provider jwksEndpoint: |- https://AUTH0_HOST/.well-known/openid-configuration # The list of users to grant access to Clustered via influxctl users: # All fields are required but `firstName`, `lastName`, and `email` can be # arbitrary values. However, `id` must match the user ID provided by Auth0. - id:AUTH0_USER_IDfirstName: Marty lastName: McFly email: mcfly@influxdata.com替换以下内容
AUTH0_HOST:您的Auth0服务器的主机名和端口号AUTH0_USER_ID:授予InfluxDB管理访问权限的Auth0用户ID
admin: # The identity provider to be used e.g. "keycloak", "auth0", "azure", etc # Note, use "azure" for Azure Active Directory. identityProvider: azure # The JWKS endpoint provided by the Identity Provider jwksEndpoint: |- https://login.microsoftonline.com/AZURE_TENANT_ID/discovery/v2.0/keys # The list of users to grant access to Clustered via influxctl users: # All fields are required but `firstName`, `lastName`, and `email` can be # arbitrary values. However, `id` must match the user ID provided by Azure. - id:AZURE_USER_IDfirstName: Marty lastName: McFly email: mcfly@influxdata.com替换以下内容
AZURE_TENANT_ID:Microsoft Entra租户IDAZURE_USER_ID:授予InfluxDB管理访问权限的Microsoft Entra用户ID (参见使用Microsoft Entra ID查找用户ID)
将更改应用到您的InfluxDB集群。
- 如果直接更新
AppInstance资源,请使用kubectl应用更改。 - 如果使用InfluxDB集群Helm图表,请使用
helm应用更改。
- 如果直接更新
kubectl apply \
--filename myinfluxdb.yml \
--namespace influxdb
helm upgrade \
influxdb \
influxdata/influxdb3-clustered \
-f ./values.yaml \
--namespace influxdb
应用后,添加的用户将获得对InfluxDB集群的管理访问权限,并可以使用influxctl执行管理操作。有关如何配置新用户的influxctl客户端以与InfluxDB集群的身份提供者进行通信和认证的信息,请参阅设置授权–配置influxctl。
这个页面有帮助吗?
感谢您的反馈!