naveenzhang 这个用户量级比较大, 全部同步过来也不方便管理,可以稍微等等我们的oauth2 方式的账户接入

    KubeSphere作为一个管理平台,会有几十万的用户需要访问么?如果不需要,是否可以加一些filter,减少同步的数量

      hongming 嗯,userSearchBase规则最初定义不严谨,导致用户是全量同步了,已同步的用户,数据量比较大了,怎么删除比较好?

      calvinyu 没有这么多访问kubesphere平台的用户需求,最初对接ldap不熟悉,userSearchBase规则写的不严禁,所以同步了过多的数据,这个有什么方法停止同步吗?或后台如何批量删除已同步的大量用户?

      先把 ks-account 中的 ad-sidecar 给删除掉,再把 ks-account 这个service targetPort 还原成 9090

        hongming 您好,我删除了ad-sidecar,把ks-account 调整为9090,查看服务没异常
        # kubectl get pods -n kubesphere-system
        NAME READY STATUS RESTARTS AGE
        etcd-5769d4997f-bmdvj 1/1 Running 0 8d
        ks-account-5c5fcf6d9d-5xktf 1/1 Running 0 2m31s
        ks-account-5c5fcf6d9d-ch872 1/1 Running 0 2m35s
        ks-account-5c5fcf6d9d-k6mlq 1/1 Running 0 2m26s
        ks-apigateway-d899b7b98-48gzs 1/1 Running 0 8d
        ks-apigateway-d899b7b98-r2d4c 1/1 Running 0 3d22h
        ks-apigateway-d899b7b98-vrxzc 1/1 Running 1 3d22h
        ks-apiserver-5c5759c866-ctsrb 1/1 Running 4 3d22h
        ks-apiserver-5c5759c866-hjkpl 1/1 Running 4 3d22h
        ks-apiserver-5c5759c866-m6bwm 1/1 Running 0 8d
        ks-console-97cf4db85-9jhkz 1/1 Running 0 8d
        ks-console-97cf4db85-h7qzp 1/1 Running 0 8d
        ks-console-97cf4db85-wgcn6 1/1 Running 0 8d
        ks-controller-manager-9dcc6599f-99sgk 1/1 Running 0 8d
        ks-controller-manager-9dcc6599f-bch4w 1/1 Running 1 8d
        ks-controller-manager-9dcc6599f-hdqtc 1/1 Running 0 8d
        ks-installer-7d9fb945c7-gpj2d 1/1 Running 0 8d
        minio-845b7bd867-qvqmm 1/1 Running 1 8d
        mysql-66df969d-4lxff 1/1 Running 0 8d
        openldap-0 1/1 Running 0 8d
        openldap-1 1/1 Running 0 8d
        redis-ha-haproxy-ffb8d889d-9rlwv 1/1 Running 0 8d
        redis-ha-haproxy-ffb8d889d-g5jzh 1/1 Running 0 8d
        redis-ha-haproxy-ffb8d889d-pn6qx 1/1 Running 0 8d
        redis-ha-server-0 2/2 Running 0 8d
        redis-ha-server-1 2/2 Running 0 8d
        redis-ha-server-2 2/2 Running 0 8d

        web console无法打开访问,查看log
        # kubectl logs ks-account-5c5fcf6d9d-k6mlq -n kubesphere-system
        W0318 12:01:07.590918 1 client_config.go:549] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
        I0318 12:01:16.021698 1 server.go:113] Server listening on 0.0.0.0:9090

        是哪操作有问题吗?怎么恢复呀

        hongming
        # kubectl -n kubesphere-system get svc
        NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
        etcd ClusterIP 10.233.11.206 <none> 2379/TCP 8d
        ks-account ClusterIP 10.233.52.215 <none> 80/TCP 8d
        ks-apigateway ClusterIP 10.233.5.166 <none> 80/TCP 8d
        ks-apiserver ClusterIP 10.233.40.187 <none> 80/TCP 8d
        ks-console NodePort 10.233.38.21 <none> 80:30880/TCP 8d
        minio ClusterIP 10.233.24.30 <none> 9000/TCP 8d
        mysql ClusterIP 10.233.3.239 <none> 3306/TCP 8d
        openldap ClusterIP None <none> 389/TCP 8d
        redis ClusterIP 10.233.63.74 <none> 6379/TCP 8d
        redis-ha ClusterIP None <none> 6379/TCP,26379/TCP 8d
        redis-ha-announce-0 ClusterIP 10.233.27.202 <none> 6379/TCP,26379/TCP 8d
        redis-ha-announce-1 ClusterIP 10.233.5.158 <none> 6379/TCP,26379/TCP 8d
        redis-ha-announce-2 ClusterIP 10.233.30.54 <none> 6379/TCP,26379/TCP 8d

        kubectl -n kubesphere-system get ep
        NAME ENDPOINTS AGE
        etcd 10.233.100.1:2379 8d
        ks-account 10.233.109.21:19090,10.233.116.18:19090,10.233.91.27:19090 8d
        ks-apigateway 10.233.116.12:2018,10.233.64.12:2018,10.233.92.12:2018 8d
        ks-apiserver 10.233.100.5:9090,10.233.116.13:9090,10.233.92.13:9090 8d
        ks-console 10.233.109.9:8000,10.233.91.19:8000,10.233.92.11:8000 8d
        ks-controller-manager-leader-election <none> 8d
        minio 10.233.65.1:9000 8d
        mysql 10.233.120.1:3306 8d
        openldap 10.233.64.5:389,10.233.92.3:389 8d
        redis 10.233.116.2:6379,10.233.64.3:6379,10.233.92.2:6379 8d
        redis-ha 10.233.116.3:6379,10.233.64.4:6379,10.233.92.4:6379 + 3 more... 8d
        redis-ha-announce-0 10.233.64.4:6379,10.233.64.4:26379 8d
        redis-ha-announce-1 10.233.116.3:6379,10.233.116.3:26379 8d
        redis-ha-announce-2 10.233.92.4:6379,10.233.92.4:26379 8d

        好像是改的不对?还是没生效,我是
        kubectl -n kubesphere-system edit deploy ks-account 修改的

        1. kubectl -n kubesphere-system edit deploy ks-account 移除ad-sidecar 这个 container
        2. kubectl -n kubesphere-system edit svc ks-account 把targetPort 改成 9090

          hongming 谢谢,能正常登录主界面了;ad-sidecar已经移除,之前已同步的垃圾用户数据还在,这个是不是得需要修改数据库进行清理?

            naveenzhang 最快的方式肯定是到ldap 里直接删, 如果嫌弃麻烦的话可以把ldap 挂载的pvc删掉, 重启 ldap 和 ks-account 重新初始化账户

            2 个月 后
            10 个月 后