add:
This commit is contained in:
wwweww
@@ -0,0 +1,55 @@
|
||||
#!/bin/bash
|
||||
|
||||
# JWT 和认证配置完整设置脚本
|
||||
|
||||
set -e
|
||||
|
||||
echo "🔐 Juwan JWT 认证配置脚本"
|
||||
echo "===================================="
|
||||
|
||||
NAMESPACE="juwan"
|
||||
JWT_SECRET=$(openssl rand -hex 32)
|
||||
JWKS_KEY_ID="juwan-key-2026"
|
||||
|
||||
echo "✅ 生成 JWT 密钥..."
|
||||
echo " Secret: $JWT_SECRET"
|
||||
|
||||
# Step 1: 创建 JWT Secret
|
||||
echo ""
|
||||
echo "📝 创建 K8s Secret..."
|
||||
kubectl create secret generic jwt-secret \
|
||||
--from-literal=key=$JWT_SECRET \
|
||||
-n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
# Step 2: 生成 JWKS JSON(包含公钥)
|
||||
# 注意:对于 HMAC 算法,JWKS 包含密钥本身
|
||||
JWKS_JSON=$(cat <<EOF
|
||||
{
|
||||
"keys": [
|
||||
{
|
||||
"kty": "oct",
|
||||
"kid": "$JWKS_KEY_ID",
|
||||
"k": "$(echo -n $JWT_SECRET | base64 -w 0)",
|
||||
"alg": "HS256",
|
||||
"use": "sig"
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
)
|
||||
|
||||
echo "📝 创建 JWKS ConfigMap..."
|
||||
kubectl create configmap jwks-config \
|
||||
--from-literal=jwks.json="$JWKS_JSON" \
|
||||
-n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
echo ""
|
||||
echo "✅ JWT 认证配置完成!"
|
||||
echo ""
|
||||
echo "后续步骤:"
|
||||
echo "1. 更新 Envoy ConfigMap,挂载 JWKS 文件"
|
||||
echo "2. 在各 API 服务中配置 JWT_SECRET 环境变量"
|
||||
echo "3. 登录端点使用此密钥签名 Token"
|
||||
echo ""
|
||||
echo "JWT 密钥已保存到 K8s Secret: jwt-secret"
|
||||
echo "JWKS 已保存到 K8s ConfigMap: jwks-config"
|
||||
Reference in New Issue
Block a user