kandi background
Explore Kits

sa-token | 这可能是史上功能最全的Java权限认证框架!目前已集成——登录认证、权限认证、分布式Session会话、微服务网关鉴权、单点登录、OAuth2.0、踢人下线、Redis集成、前后台分离、记住我模式、模拟他人账号、临时身份切换、账号封禁、多账号认证体系、注解式鉴权、路由拦截式鉴权、花式token生成、 | Microservice library

 by   dromara Java Version: v1.20.0 License: Apache-2.0

 by   dromara Java Version: v1.20.0 License: Apache-2.0

Download this library from

kandi X-RAY | sa-token Summary

sa-token is a Java library typically used in Architecture, Microservice, Spring Boot, Spring applications. sa-token has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has medium support. You can download it from GitHub, Maven.
这可能是史上功能最全的Java权限认证框架!目前已集成——登录认证、权限认证、分布式Session会话、微服务网关鉴权、单点登录、OAuth2.0、踢人下线、Redis集成、前后台分离、记住我模式、模拟他人账号、临时身份切换、账号封禁、多账号认证体系、注解式鉴权、路由拦截式鉴权、花式token生成、自动续签、同端互斥登录、会话治理、密码加密、jwt集成、Spring集成、WebFlux集成...
Support
Support
Quality
Quality
Security
Security
License
License
Reuse
Reuse

kandi-support Support

  • sa-token has a medium active ecosystem.
  • It has 3542 star(s) with 670 fork(s). There are 53 watchers for this library.
  • It had no major release in the last 12 months.
  • There are 44 open issues and 41 have been closed. On average issues are closed in 23 days. There are no pull requests.
  • It has a neutral sentiment in the developer community.
  • The latest version of sa-token is v1.20.0
sa-token Support
Best in #Microservice
Average in #Microservice
sa-token Support
Best in #Microservice
Average in #Microservice

quality kandi Quality

  • sa-token has no bugs reported.
sa-token Quality
Best in #Microservice
Average in #Microservice
sa-token Quality
Best in #Microservice
Average in #Microservice

securitySecurity

  • sa-token has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
sa-token Security
Best in #Microservice
Average in #Microservice
sa-token Security
Best in #Microservice
Average in #Microservice

license License

  • sa-token is licensed under the Apache-2.0 License. This license is Permissive.
  • Permissive licenses have the least restrictions, and you can use them in most projects.
sa-token License
Best in #Microservice
Average in #Microservice
sa-token License
Best in #Microservice
Average in #Microservice

buildReuse

  • sa-token releases are available to install and integrate.
  • Deployable package is available in Maven.
  • Build file is available. You can build the component from source.
  • Installation instructions are not available. Examples and code snippets are available.
sa-token Reuse
Best in #Microservice
Average in #Microservice
sa-token Reuse
Best in #Microservice
Average in #Microservice
Top functions reviewed by kandi - BETA

Coming Soon for all Libraries!

Currently covering the most popular Java, JavaScript and Python libraries. See a SAMPLE HERE.
kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.

sa-token Key Features

这可能是史上功能最全的Java权限认证框架!目前已集成——登录认证、权限认证、分布式Session会话、微服务网关鉴权、单点登录、OAuth2.0、踢人下线、Redis集成、前后台分离、记住我模式、模拟他人账号、临时身份切换、账号封禁、多账号认证体系、注解式鉴权、路由拦截式鉴权、花式token生成、自动续签、同端互斥登录、会话治理、密码加密、jwt集成、Spring集成、WebFlux集成...

代码示例

copy iconCopydownload iconDownload
// 在登录时写入当前会话的账号id
StpUtil.login(10001);

// 然后在任意需要校验登录处调用以下API
// 如果当前会话未登录,这句代码会抛出 `NotLoginException`异常
StpUtil.checkLogin();

Pod is restarting when one of container terminates to successful completion

copy iconCopydownload iconDownload
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-name
  labels:
    key: value
spec:
  replicas: 1
  selector:
    matchLabels:
      key: value
  template:
    metadata:
      key: value
    spec:
      serviceAccountName: air-run-sa
      containers:
        - name: deployment-main
          image: deployment-image-here
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP
      initContainers:
        - name: deployment-poll
          image: alpine:3.9
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh" ]
          args:
            - /scripts/user-deployment-poll.sh
apiVersion: batch/v1
kind: Job
metadata:
  name: pi
spec:
  template:
    spec:
      containers:
        - name: deployment-poll
          image: alpine:3.9
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh" ]
          args:
            - /scripts/user-deployment-poll.sh
      restartPolicy: Never
  backoffLimit: 4
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-name
  labels:
    key: value
spec:
  replicas: 1
  selector:
    matchLabels:
      key: value
  template:
    metadata:
      key: value
    spec:
      serviceAccountName: air-run-sa
      containers:
        - name: deployment-main
          image: deployment-image-here
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP
-----------------------
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-name
  labels:
    key: value
spec:
  replicas: 1
  selector:
    matchLabels:
      key: value
  template:
    metadata:
      key: value
    spec:
      serviceAccountName: air-run-sa
      containers:
        - name: deployment-main
          image: deployment-image-here
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP
      initContainers:
        - name: deployment-poll
          image: alpine:3.9
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh" ]
          args:
            - /scripts/user-deployment-poll.sh
apiVersion: batch/v1
kind: Job
metadata:
  name: pi
spec:
  template:
    spec:
      containers:
        - name: deployment-poll
          image: alpine:3.9
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh" ]
          args:
            - /scripts/user-deployment-poll.sh
      restartPolicy: Never
  backoffLimit: 4
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-name
  labels:
    key: value
spec:
  replicas: 1
  selector:
    matchLabels:
      key: value
  template:
    metadata:
      key: value
    spec:
      serviceAccountName: air-run-sa
      containers:
        - name: deployment-main
          image: deployment-image-here
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP
-----------------------
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-name
  labels:
    key: value
spec:
  replicas: 1
  selector:
    matchLabels:
      key: value
  template:
    metadata:
      key: value
    spec:
      serviceAccountName: air-run-sa
      containers:
        - name: deployment-main
          image: deployment-image-here
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP
      initContainers:
        - name: deployment-poll
          image: alpine:3.9
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh" ]
          args:
            - /scripts/user-deployment-poll.sh
apiVersion: batch/v1
kind: Job
metadata:
  name: pi
spec:
  template:
    spec:
      containers:
        - name: deployment-poll
          image: alpine:3.9
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh" ]
          args:
            - /scripts/user-deployment-poll.sh
      restartPolicy: Never
  backoffLimit: 4
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-name
  labels:
    key: value
spec:
  replicas: 1
  selector:
    matchLabels:
      key: value
  template:
    metadata:
      key: value
    spec:
      serviceAccountName: air-run-sa
      containers:
        - name: deployment-main
          image: deployment-image-here
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP
-----------------------
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-name
  labels:
    key: value
spec:
  replicas: 1
  selector:
    matchLabels:
      key: value
  template:
    metadata:
      key: value
    spec:
      containers:
        - name: deployment-main
          image: deployment-image-here
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP
      initContainers:
        - name: deployment-poll
          image: alpine:3.9
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh" ]

New Kubernetes service account appears to have cluster admin permissions

copy iconCopydownload iconDownload
kubectl auth can-i --list --as=system:serviceaccount:test-namespace:test-sa
Resources                                       Non-Resource URLs   Resource Names   Verbs
selfsubjectaccessreviews.authorization.k8s.io   []                  []               [create]
selfsubjectrulesreviews.authorization.k8s.io    []                  []               [create]
                                                [/api/*]            []               [get]
                                                [/api]              []               [get]
                                                [/apis/*]           []               [get]
                                                [/apis]             []               [get]
                                                [/healthz]          []               [get]
                                                [/healthz]          []               [get]
                                                [/livez]            []               [get]
                                                [/livez]            []               [get]
                                                [/openapi/*]        []               [get]
                                                [/openapi]          []               [get]
                                                [/readyz]           []               [get]
                                                [/readyz]           []               [get]
                                                [/version/]         []               [get]
                                                [/version/]         []               [get]
                                                [/version]          []               [get]
                                                [/version]          []               [get]
-----------------------
kubectl auth can-i --list --as=system:serviceaccount:test-namespace:test-sa
Resources                                       Non-Resource URLs   Resource Names   Verbs
selfsubjectaccessreviews.authorization.k8s.io   []                  []               [create]
selfsubjectrulesreviews.authorization.k8s.io    []                  []               [create]
                                                [/api/*]            []               [get]
                                                [/api]              []               [get]
                                                [/apis/*]           []               [get]
                                                [/apis]             []               [get]
                                                [/healthz]          []               [get]
                                                [/healthz]          []               [get]
                                                [/livez]            []               [get]
                                                [/livez]            []               [get]
                                                [/openapi/*]        []               [get]
                                                [/openapi]          []               [get]
                                                [/readyz]           []               [get]
                                                [/readyz]           []               [get]
                                                [/version/]         []               [get]
                                                [/version/]         []               [get]
                                                [/version]          []               [get]
                                                [/version]          []               [get]
-----------------------
kubectl create clusterrolebinding serviceaccounts-cluster-admin --clusterrole=cluster-admin  --group=system:serviceaccounts

openshift: allow serviceaccount to create project

copy iconCopydownload iconDownload
oc adm policy add-cluster-role-to-user self-provisioner -z [service-account-username] -n [namespace]

which token to use for kubernetes-dashboard login with Google cloud platform

copy iconCopydownload iconDownload
kubectl config view | grep -A10 "name: $(kubectl config current-context)" | awk '$1=="access-token:"{print $2}'
-----------------------
[...]
users:
- name: <YOUR CLUSTER NAME>
  user:
    auth-provider:
      config:
        access-token: <YOUR ACCESS TOKEN>
        cmd-args: config config-helper --format=json
        cmd-path: /usr/local/lib/google-cloud-sdk/bin/gcloud
        expiry: 2018-02-12T13:36:51Z
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
[...]
-----------------------
kubectl config view -o jsonpath="{.users[?(@.name == \"$(kubectl config current-context)\")].user.auth-provider.config.access-token}"
-----------------------
gcloud get-credentials <GKE cluster name> --zone <zone> --project <project>
gcloud config config-helper --format=json | jq .credential.access_token

Community Discussions

Trending Discussions on sa-token
  • Pod is restarting when one of container terminates to successful completion
  • New Kubernetes service account appears to have cluster admin permissions
  • openshift: allow serviceaccount to create project
  • which token to use for kubernetes-dashboard login with Google cloud platform
Trending Discussions on sa-token

QUESTION

Pod is restarting when one of container terminates to successful completion

Asked 2021-Apr-08 at 16:34

I have this kind of deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-name
  labels:
    key: value
spec:
  replicas: 1
  selector:
    matchLabels:
      key: value
  template:
    metadata:
      key: value
    spec:
      serviceAccountName: air-run-sa
      containers:
        - name: deployment-main
          image: deployment-image-here
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP
        - name: deployment-poll
          image: alpine:3.9
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh" ]
          args:
            - /scripts/user-deployment-poll.sh
# --- snip ---

The pod contains two containers- deployment-main and deployment-poll. The deployment-main is a web server and deployment-poll container runs a bash script user-deployment-poll.sh provided to by a config map (not shown here and is irrelevant). The script runs to completion and exists successfully, so is the container deployment-poll. As soon as deployment-poll is terminated, the pod is restarted, and it happens multiple times. I don't want the pod to restart after deployment-poll is completed.

This is output of kubectl describe pod <pod-id>-

# --- snip ---
Containers:
  deployment-main:
    Container ID:   docker://ef230d6465c9bc70f07ed90822e573c27ff83ceaeb24439edba27838ce45b81e
    Image:          k8s-registry:31320/my-project-image:19
    Image ID:       docker-pullable://k8s-registry:31320/my-project-image@sha256:f767dce7f405c232e88b599a48bd1fe612db6c1465e805b04c08a093d4fd618e
    Port:           5000/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Thu, 08 Apr 2021 15:41:05 +0530
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from air-run-sa-token-zp8dk (ro)
  deployment-poll:
    Container ID:  docker://31aa899b6cdf83d45933bffca660564f93de6018af7d28fbdb55fe4c63c7b589
    Image:         alpine:3.9
    Image ID:      docker-pullable://alpine@sha256:414e0518bb9228d35e4cd5165567fb91d26c6a214e9c95899e1e056fcd349011
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/sh
    Args:
      /scripts/user-deployment-poll.sh
    State:          Waiting
      Reason:       CrashLoopBackOff
    Last State:     Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Thu, 08 Apr 2021 15:43:47 +0530
      Finished:     Thu, 08 Apr 2021 15:44:04 +0530
    Ready:          False
    Restart Count:  4
    Environment:
      DEPLOYMENT_NAME:           my-project-19-deployment
      SERVICE_ACCOUNT_USERNAME:  <set to the key 'username' in secret 'air-run-service-account-basic-auth'>  Optional: false
      SERVICE_ACCOUNT_PASSWORD:  <set to the key 'password' in secret 'air-run-service-account-basic-auth'>  Optional: false
# --- snip ---

It cleary shows that deployment-poll is completed and terminated. It is currently in Waiting state due to CrashLoopBackOff.

Edit

The deployment-poll container checks the status of deployment-main container. As soon as deployment-main reaches a particular state, deployment-poll calls a service on the cluster notifying that the pod is ok and then it terminates. In other words, both the containers should start at the same time. In the case of init containers, the main container will be run after init container completes.

ANSWER

Answered 2021-Apr-08 at 11:49

Assuming that the deployment-poll has to run only once, you can use the init-containers to run the bash script. The container will perform its job and exit and the pod will not restart.

In your case its restarting because the kubernetes tries to maintain the state of deployment which in your case requires both the containers to be running at all time. But you want the second container to perform its job and exit.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-name
  labels:
    key: value
spec:
  replicas: 1
  selector:
    matchLabels:
      key: value
  template:
    metadata:
      key: value
    spec:
      serviceAccountName: air-run-sa
      containers:
        - name: deployment-main
          image: deployment-image-here
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP
      initContainers:
        - name: deployment-poll
          image: alpine:3.9
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh" ]
          args:
            - /scripts/user-deployment-poll.sh

This is only useful if the script part has to run first. Otherwise we should try the Job resource type to run the bash container and Deployment resource type to run the other container. Of-course the metadata of the Job resource type should change accordingly.

apiVersion: batch/v1
kind: Job
metadata:
  name: pi
spec:
  template:
    spec:
      containers:
        - name: deployment-poll
          image: alpine:3.9
          imagePullPolicy: IfNotPresent
          command: [ "/bin/sh" ]
          args:
            - /scripts/user-deployment-poll.sh
      restartPolicy: Never
  backoffLimit: 4

And the other resource type should be deployment.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-name
  labels:
    key: value
spec:
  replicas: 1
  selector:
    matchLabels:
      key: value
  template:
    metadata:
      key: value
    spec:
      serviceAccountName: air-run-sa
      containers:
        - name: deployment-main
          image: deployment-image-here
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP

Source https://stackoverflow.com/questions/67002139

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install sa-token

You can download it from GitHub, Maven.
You can use sa-token like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the sa-token component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

DOWNLOAD this Library from

Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

Share this Page

share link
Consider Popular Microservice Libraries
Compare Microservice Libraries with Highest Support
Compare Microservice Libraries with Highest Security
Compare Microservice Libraries with Permissive License
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

  • © 2022 Open Weaver Inc.