kubernetes-handbook/practice/create-tls-and-secret-key.html

2135 lines
101 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE HTML>
<html lang="zh-hans" >
<head>
<meta charset="UTF-8">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>4.1.1 创建TLS证书和秘钥 · Kubernetes Handbook</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="description" content="">
<meta name="generator" content="GitBook 3.2.2">
<meta name="author" content="Jimmy Song">
<link rel="stylesheet" href="../gitbook/style.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-splitter/splitter.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-page-toc-button/plugin.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-image-captions/image-captions.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-back-to-top-button/plugin.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-search-plus/search.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-highlight/website.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-fontsettings/website.css">
<meta name="HandheldFriendly" content="true"/>
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
<link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
<link rel="next" href="create-kubeconfig.html" />
<link rel="prev" href="install-kbernetes1.6-on-centos.html" />
<link rel="shortcut icon" href='../favicon.ico' type="image/x-icon">
<link rel="bookmark" href='../favicon.ico' type="image/x-icon">
<style>
@media only screen and (max-width: 640px) {
.book-header .hidden-mobile {
display: none;
}
}
</style>
<script>
window["gitbook-plugin-github-buttons"] = {"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"};
</script>
</head>
<body>
<div class="book">
<div class="book-summary">
<div id="book-search-input" role="search">
<input type="text" placeholder="输入并搜索" />
</div>
<nav role="navigation">
<ul class="summary">
<li>
<a href="https://jimmysong.io" target="_blank" class="custom-link">Home</a>
</li>
<li class="divider"></li>
<li class="chapter " data-level="1.1" data-path="../">
<a href="../">
1. 前言
</a>
</li>
<li class="chapter " data-level="1.2" data-path="../concepts/">
<a href="../concepts/">
2. 概念原理
</a>
<ul class="articles">
<li class="chapter " data-level="1.2.1" data-path="../concepts/concepts.html">
<a href="../concepts/concepts.html">
2.1 设计理念
</a>
</li>
<li class="chapter " data-level="1.2.2" data-path="../concepts/objects.html">
<a href="../concepts/objects.html">
2.2 Objects
</a>
<ul class="articles">
<li class="chapter " data-level="1.2.2.1" data-path="../concepts/pod-overview.html">
<a href="../concepts/pod-overview.html">
2.2.1 Pod
</a>
<ul class="articles">
<li class="chapter " data-level="1.2.2.1.1" data-path="../concepts/pod.html">
<a href="../concepts/pod.html">
2.2.1.1 Pod解析
</a>
</li>
<li class="chapter " data-level="1.2.2.1.2" data-path="../concepts/init-containers.html">
<a href="../concepts/init-containers.html">
2.2.1.2 Init容器
</a>
</li>
<li class="chapter " data-level="1.2.2.1.3" data-path="../concepts/pod-security-policy.html">
<a href="../concepts/pod-security-policy.html">
2.2.1.3 Pod安全策略
</a>
</li>
<li class="chapter " data-level="1.2.2.1.4" data-path="../concepts/pod-lifecycle.html">
<a href="../concepts/pod-lifecycle.html">
2.2.1.4 Pod的生命周期
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.2.2.2" data-path="../concepts/node.html">
<a href="../concepts/node.html">
2.2.2 Node
</a>
</li>
<li class="chapter " data-level="1.2.2.3" data-path="../concepts/namespace.html">
<a href="../concepts/namespace.html">
2.2.3 Namespace
</a>
</li>
<li class="chapter " data-level="1.2.2.4" data-path="../concepts/service.html">
<a href="../concepts/service.html">
2.2.4 Service
</a>
</li>
<li class="chapter " data-level="1.2.2.5" data-path="../concepts/volume.html">
<a href="../concepts/volume.html">
2.2.5 Volume和Persistent Volume
</a>
</li>
<li class="chapter " data-level="1.2.2.6" data-path="../concepts/deployment.html">
<a href="../concepts/deployment.html">
2.2.6 Deployment
</a>
</li>
<li class="chapter " data-level="1.2.2.7" data-path="../concepts/secret.html">
<a href="../concepts/secret.html">
2.2.7 Secret
</a>
</li>
<li class="chapter " data-level="1.2.2.8" data-path="../concepts/statefulset.html">
<a href="../concepts/statefulset.html">
2.2.8 StatefulSet
</a>
</li>
<li class="chapter " data-level="1.2.2.9" data-path="../concepts/daemonset.html">
<a href="../concepts/daemonset.html">
2.2.9 DaemonSet
</a>
</li>
<li class="chapter " data-level="1.2.2.10" data-path="../concepts/serviceaccount.html">
<a href="../concepts/serviceaccount.html">
2.2.10 ServiceAccount
</a>
</li>
<li class="chapter " data-level="1.2.2.11" data-path="../concepts/replicaset.html">
<a href="../concepts/replicaset.html">
2.2.11 ReplicationController和ReplicaSet
</a>
</li>
<li class="chapter " data-level="1.2.2.12" data-path="../concepts/job.html">
<a href="../concepts/job.html">
2.2.12 Job
</a>
</li>
<li class="chapter " data-level="1.2.2.13" data-path="../concepts/cronjob.html">
<a href="../concepts/cronjob.html">
2.2.13 CronJob
</a>
</li>
<li class="chapter " data-level="1.2.2.14" data-path="../concepts/ingress.html">
<a href="../concepts/ingress.html">
2.2.14 Ingress
</a>
</li>
<li class="chapter " data-level="1.2.2.15" data-path="../concepts/configmap.html">
<a href="../concepts/configmap.html">
2.2.15 ConfigMap
</a>
</li>
<li class="chapter " data-level="1.2.2.16" data-path="../concepts/horizontal-pod-autoscaling.html">
<a href="../concepts/horizontal-pod-autoscaling.html">
2.2.16 Horizontal Pod Autoscaling
</a>
</li>
<li class="chapter " data-level="1.2.2.17" data-path="../concepts/label.html">
<a href="../concepts/label.html">
2.2.17 Label
</a>
</li>
<li class="chapter " data-level="1.2.2.18" data-path="../concepts/garbage-collection.html">
<a href="../concepts/garbage-collection.html">
2.2.18 垃圾收集
</a>
</li>
<li class="chapter " data-level="1.2.2.19" data-path="../concepts/network-policy.html">
<a href="../concepts/network-policy.html">
2.2.19 NetworkPolicy
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="1.3" data-path="../guide/">
<a href="../guide/">
3. 用户指南
</a>
<ul class="articles">
<li class="chapter " data-level="1.3.1" data-path="../guide/resource-configuration.html">
<a href="../guide/resource-configuration.html">
3.1 资源对象配置
</a>
<ul class="articles">
<li class="chapter " data-level="1.3.1.1" data-path="../guide/configure-liveness-readiness-probes.html">
<a href="../guide/configure-liveness-readiness-probes.html">
3.1.1 配置Pod的liveness和readiness探针
</a>
</li>
<li class="chapter " data-level="1.3.1.2" data-path="../guide/configure-pod-service-account.html">
<a href="../guide/configure-pod-service-account.html">
3.1.2 配置Pod的Service Account
</a>
</li>
<li class="chapter " data-level="1.3.1.3" data-path="../guide/secret-configuration.html">
<a href="../guide/secret-configuration.html">
3.1.3 Secret配置
</a>
</li>
<li class="chapter " data-level="1.3.1.4" data-path="../guide/resource-quota-management.html">
<a href="../guide/resource-quota-management.html">
3.2.3 管理namespace中的资源配额
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.3.2" data-path="../guide/command-usage.html">
<a href="../guide/command-usage.html">
3.2 命令使用
</a>
<ul class="articles">
<li class="chapter " data-level="1.3.2.1" data-path="../guide/using-kubectl.html">
<a href="../guide/using-kubectl.html">
3.2.1 使用kubectl
</a>
</li>
<li class="chapter " data-level="1.3.2.2" data-path="../guide/docker-cli-to-kubectl.html">
<a href="../guide/docker-cli-to-kubectl.html">
3.2.2 docker用户过度到kubectl命令行指南
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.3.3" data-path="../guide/cluster-security-management.html">
<a href="../guide/cluster-security-management.html">
3.3 集群安全性管理
</a>
<ul class="articles">
<li class="chapter " data-level="1.3.3.1" data-path="../guide/managing-tls-in-a-cluster.html">
<a href="../guide/managing-tls-in-a-cluster.html">
3.3.1 管理集群中的TLS
</a>
</li>
<li class="chapter " data-level="1.3.3.2" data-path="../guide/kubelet-authentication-authorization.html">
<a href="../guide/kubelet-authentication-authorization.html">
3.3.2 kubelet的认证授权
</a>
</li>
<li class="chapter " data-level="1.3.3.3" data-path="../guide/tls-bootstrapping.html">
<a href="../guide/tls-bootstrapping.html">
3.3.3 TLS bootstrap
</a>
</li>
<li class="chapter " data-level="1.3.3.4" data-path="../guide/kubectl-user-authentication-authorization.html">
<a href="../guide/kubectl-user-authentication-authorization.html">
3.3.4 kubectl的用户认证授权
</a>
</li>
<li class="chapter " data-level="1.3.3.5" data-path="../guide/rbac.html">
<a href="../guide/rbac.html">
3.3.5 RBAC——基于角色的访问控制
</a>
</li>
<li class="chapter " data-level="1.3.3.6" data-path="../guide/ip-masq-agent.html">
<a href="../guide/ip-masq-agent.html">
3.3.6 IP伪装代理
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.3.4" data-path="../guide/access-kubernetes-cluster.html">
<a href="../guide/access-kubernetes-cluster.html">
3.4 访问 Kubernetes 集群
</a>
<ul class="articles">
<li class="chapter " data-level="1.3.4.1" data-path="../guide/access-cluster.html">
<a href="../guide/access-cluster.html">
3.4.1 访问集群
</a>
</li>
<li class="chapter " data-level="1.3.4.2" data-path="../guide/authenticate-across-clusters-kubeconfig.html">
<a href="../guide/authenticate-across-clusters-kubeconfig.html">
3.4.2 使用 kubeconfig 文件配置跨集群认证
</a>
</li>
<li class="chapter " data-level="1.3.4.3" data-path="../guide/connecting-to-applications-port-forward.html">
<a href="../guide/connecting-to-applications-port-forward.html">
3.4.3 通过端口转发访问集群中的应用程序
</a>
</li>
<li class="chapter " data-level="1.3.4.4" data-path="../guide/service-access-application-cluster.html">
<a href="../guide/service-access-application-cluster.html">
3.4.4 使用 service 访问群集中的应用程序
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.3.5" data-path="../guide/application-development-deployment-flow.html">
<a href="../guide/application-development-deployment-flow.html">
3.5 在kubernetes中开发部署应用
</a>
<ul class="articles">
<li class="chapter " data-level="1.3.5.1" data-path="../guide/deploy-applications-in-kubernetes.html">
<a href="../guide/deploy-applications-in-kubernetes.html">
3.5.1 适用于kubernetes的应用开发部署流程
</a>
</li>
<li class="chapter " data-level="1.3.5.2" data-path="../guide/migrating-hadoop-yarn-to-kubernetes.html">
<a href="../guide/migrating-hadoop-yarn-to-kubernetes.html">
3.5.2 迁移传统应用到kubernetes中——以Hadoop YARN为例
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="1.4" data-path="./">
<a href="./">
4. 最佳实践
</a>
<ul class="articles">
<li class="chapter " data-level="1.4.1" data-path="install-kbernetes1.6-on-centos.html">
<a href="install-kbernetes1.6-on-centos.html">
4.1 在CentOS上部署kubernetes1.6集群
</a>
<ul class="articles">
<li class="chapter active" data-level="1.4.1.1" data-path="create-tls-and-secret-key.html">
<a href="create-tls-and-secret-key.html">
4.1.1 创建TLS证书和秘钥
</a>
</li>
<li class="chapter " data-level="1.4.1.2" data-path="create-kubeconfig.html">
<a href="create-kubeconfig.html">
4.1.2 创建kubeconfig文件
</a>
</li>
<li class="chapter " data-level="1.4.1.3" data-path="etcd-cluster-installation.html">
<a href="etcd-cluster-installation.html">
4.1.3 创建高可用etcd集群
</a>
</li>
<li class="chapter " data-level="1.4.1.4" data-path="kubectl-installation.html">
<a href="kubectl-installation.html">
4.1.4 安装kubectl命令行工具
</a>
</li>
<li class="chapter " data-level="1.4.1.5" data-path="master-installation.html">
<a href="master-installation.html">
4.1.5 部署master节点
</a>
</li>
<li class="chapter " data-level="1.4.1.6" data-path="node-installation.html">
<a href="node-installation.html">
4.1.6 部署node节点
</a>
</li>
<li class="chapter " data-level="1.4.1.7" data-path="kubedns-addon-installation.html">
<a href="kubedns-addon-installation.html">
4.1.7 安装kubedns插件
</a>
</li>
<li class="chapter " data-level="1.4.1.8" data-path="dashboard-addon-installation.html">
<a href="dashboard-addon-installation.html">
4.1.8 安装dashboard插件
</a>
</li>
<li class="chapter " data-level="1.4.1.9" data-path="heapster-addon-installation.html">
<a href="heapster-addon-installation.html">
4.1.9 安装heapster插件
</a>
</li>
<li class="chapter " data-level="1.4.1.10" data-path="efk-addon-installation.html">
<a href="efk-addon-installation.html">
4.1.10 安装EFK插件
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.4.2" data-path="service-discovery-and-loadbalancing.html">
<a href="service-discovery-and-loadbalancing.html">
4.2 服务发现与负载均衡
</a>
<ul class="articles">
<li class="chapter " data-level="1.4.2.1" data-path="traefik-ingress-installation.html">
<a href="traefik-ingress-installation.html">
4.2.1 安装Traefik ingress
</a>
</li>
<li class="chapter " data-level="1.4.2.2" data-path="distributed-load-test.html">
<a href="distributed-load-test.html">
4.2.2 分布式负载测试
</a>
</li>
<li class="chapter " data-level="1.4.2.3" data-path="network-and-cluster-perfermance-test.html">
<a href="network-and-cluster-perfermance-test.html">
4.2.3 网络和集群性能测试
</a>
</li>
<li class="chapter " data-level="1.4.2.4" data-path="edge-node-configuration.html">
<a href="edge-node-configuration.html">
4.2.4 边缘节点配置
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.4.3" data-path="operation.html">
<a href="operation.html">
4.3 运维管理
</a>
<ul class="articles">
<li class="chapter " data-level="1.4.3.1" data-path="service-rolling-update.html">
<a href="service-rolling-update.html">
4.3.1 服务滚动升级
</a>
</li>
<li class="chapter " data-level="1.4.3.2" data-path="app-log-collection.html">
<a href="app-log-collection.html">
4.3.2 应用日志收集
</a>
</li>
<li class="chapter " data-level="1.4.3.3" data-path="configuration-best-practice.html">
<a href="configuration-best-practice.html">
4.3.3 配置最佳实践
</a>
</li>
<li class="chapter " data-level="1.4.3.4" data-path="monitor.html">
<a href="monitor.html">
4.3.4 集群及应用监控
</a>
</li>
<li class="chapter " data-level="1.4.3.5" data-path="jenkins-ci-cd.html">
<a href="jenkins-ci-cd.html">
4.3.5 使用Jenkins进行持续构建与发布
</a>
</li>
<li class="chapter " data-level="1.4.3.6" data-path="data-persistence-problem.html">
<a href="data-persistence-problem.html">
4.3.6 数据持久化问题
</a>
</li>
<li class="chapter " data-level="1.4.3.7" data-path="manage-compute-resources-container.html">
<a href="manage-compute-resources-container.html">
4.3.7 管理容器的计算资源
</a>
</li>
<li class="chapter " data-level="1.4.3.8" data-path="using-prometheus-to-monitor-kuberentes-cluster.html">
<a href="using-prometheus-to-monitor-kuberentes-cluster.html">
4.3.8 使用Prometheus监控kubernetes集群
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.4.4" data-path="storage.html">
<a href="storage.html">
4.4 存储管理
</a>
<ul class="articles">
<li class="chapter " data-level="1.4.4.1" data-path="glusterfs.html">
<a href="glusterfs.html">
4.4.1 GlusterFS
</a>
<ul class="articles">
<li class="chapter " data-level="1.4.4.1.1" data-path="using-glusterfs-for-persistent-storage.html">
<a href="using-glusterfs-for-persistent-storage.html">
4.4.1.1 使用GlusterFS做持久化存储
</a>
</li>
<li class="chapter " data-level="1.4.4.1.2" data-path="storage-for-containers-using-glusterfs-with-openshift.html">
<a href="storage-for-containers-using-glusterfs-with-openshift.html">
4.4.1.2 在OpenShift中使用GlusterFS做持久化存储
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.4.4.2" data-path="cephfs.html">
<a href="cephfs.html">
4.4.2 CephFS
</a>
<ul class="articles">
<li class="chapter " data-level="1.4.4.2.1" data-path="using-ceph-for-persistent-storage.html">
<a href="using-ceph-for-persistent-storage.html">
4.4.2.1 使用Ceph做持久化存储
</a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="1.5" data-path="../usecases/">
<a href="../usecases/">
5. 领域应用
</a>
<ul class="articles">
<li class="chapter " data-level="1.5.1" data-path="../usecases/microservices.html">
<a href="../usecases/microservices.html">
5.1 微服务架构
</a>
<ul class="articles">
<li class="chapter " data-level="1.5.1.1" data-path="../usecases/service-discovery-in-microservices.html">
<a href="../usecases/service-discovery-in-microservices.html">
5.1.1 微服务中的服务发现
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.5.2" data-path="../usecases/service-mesh.html">
<a href="../usecases/service-mesh.html">
5.2 Service Mesh 服务网格
</a>
<ul class="articles">
<li class="chapter " data-level="1.5.2.1" data-path="../usecases/istio.html">
<a href="../usecases/istio.html">
5.1.1 Istio
</a>
<ul class="articles">
<li class="chapter " data-level="1.5.2.1.1" data-path="../usecases/istio-installation.html">
<a href="../usecases/istio-installation.html">
5.1.1.1 安装istio
</a>
</li>
<li class="chapter " data-level="1.5.2.1.2" data-path="../usecases/configuring-request-routing.html">
<a href="../usecases/configuring-request-routing.html">
5.1.1.2 配置请求的路由规则
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.5.2.2" data-path="../usecases/linkerd.html">
<a href="../usecases/linkerd.html">
5.1.2 Linkerd
</a>
<ul class="articles">
<li class="chapter " data-level="1.5.2.2.1" data-path="../usecases/linkerd-user-guide.html">
<a href="../usecases/linkerd-user-guide.html">
5.1.2.1 Linkerd 使用指南
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="1.5.3" data-path="../usecases/big-data.html">
<a href="../usecases/big-data.html">
5.2 大数据
</a>
<ul class="articles">
<li class="chapter " data-level="1.5.3.1" data-path="../usecases/spark-standalone-on-kubernetes.html">
<a href="../usecases/spark-standalone-on-kubernetes.html">
5.2.1 Spark standalone on Kubernetes
</a>
</li>
<li class="chapter " data-level="1.5.3.2" data-path="../usecases/running-spark-with-kubernetes-native-scheduler.html">
<a href="../usecases/running-spark-with-kubernetes-native-scheduler.html">
5.2.2 运行支持kubernetes原生调度的Spark程序
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.5.4" data-path="../usecases/serverless.html">
<a href="../usecases/serverless.html">
5.3 Serverless架构
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.6" data-path="../develop/">
<a href="../develop/">
6. 开发指南
</a>
<ul class="articles">
<li class="chapter " data-level="1.6.1" data-path="../develop/developing-environment.html">
<a href="../develop/developing-environment.html">
6.1 开发环境搭建
</a>
</li>
<li class="chapter " data-level="1.6.2" data-path="../develop/testing.html">
<a href="../develop/testing.html">
6.2 单元测试和集成测试
</a>
</li>
<li class="chapter " data-level="1.6.3" data-path="../develop/client-go-sample.html">
<a href="../develop/client-go-sample.html">
6.3 client-go示例
</a>
</li>
<li class="chapter " data-level="1.6.4" data-path="../develop/contribute.html">
<a href="../develop/contribute.html">
6.4 社区贡献
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="1.7" data-path="../appendix/">
<a href="../appendix/">
7. 附录
</a>
<ul class="articles">
<li class="chapter " data-level="1.7.1" data-path="../appendix/docker-best-practice.html">
<a href="../appendix/docker-best-practice.html">
7.1 Docker最佳实践
</a>
</li>
<li class="chapter " data-level="1.7.2" data-path="../appendix/issues.html">
<a href="../appendix/issues.html">
7.2 问题记录
</a>
</li>
<li class="chapter " data-level="1.7.3" data-path="../appendix/tricks.html">
<a href="../appendix/tricks.html">
7.3 使用技巧
</a>
</li>
<li class="chapter " data-level="1.7.4" data-path="../appendix/debug-kubernetes-services.html">
<a href="../appendix/debug-kubernetes-services.html">
7.4 kubernetes service中的故障排查
</a>
</li>
</ul>
</li>
<li class="divider"></li>
<li>
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
本书使用 GitBook 发布
</a>
</li>
</ul>
</nav>
</div>
<div class="book-body">
<div class="body-inner">
<div class="book-header" role="navigation">
<!-- Title -->
<h1>
<i class="fa fa-circle-o-notch fa-spin"></i>
<a href=".." >4.1.1 创建TLS证书和秘钥</a>
</h1>
</div>
<div class="page-wrapper" tabindex="-1" role="main">
<div class="page-inner">
<div class="search-plus" id="book-search-results">
<div class="search-noresults">
<section class="normal markdown-section">
<h1 id="&#x521B;&#x5EFA;tls&#x8BC1;&#x4E66;&#x548C;&#x79D8;&#x94A5;">&#x521B;&#x5EFA;TLS&#x8BC1;&#x4E66;&#x548C;&#x79D8;&#x94A5;</h1>
<h2 id="&#x524D;&#x8A00;">&#x524D;&#x8A00;</h2>
<p>&#x6267;&#x884C;&#x4E0B;&#x5217;&#x6B65;&#x9AA4;&#x524D;&#x5EFA;&#x8BAE;&#x4F60;&#x5148;&#x9605;&#x8BFB;&#x4EE5;&#x4E0B;&#x5185;&#x5BB9;&#xFF1A;</p>
<ul>
<li><a href="../guide/managing-tls-in-a-cluster.html">&#x7BA1;&#x7406;&#x96C6;&#x7FA4;&#x4E2D;&#x7684;TLS</a>&#xFF1A;&#x6559;&#x60A8;&#x5982;&#x4F55;&#x521B;&#x5EFA;TLS&#x8BC1;&#x4E66;</li>
<li><a href="../guide/kubelet-authentication-authorization.html">kubelet&#x7684;&#x8BA4;&#x8BC1;&#x6388;&#x6743;</a>&#xFF1A;&#x5411;&#x60A8;&#x63CF;&#x8FF0;&#x5982;&#x4F55;&#x901A;&#x8FC7;&#x8BA4;&#x8BC1;&#x6388;&#x6743;&#x6765;&#x8BBF;&#x95EE; kubelet &#x7684; HTTPS &#x7AEF;&#x70B9;&#x3002;</li>
<li><a href="../guide/tls-bootstrapping.html">TLS bootstrap</a>&#xFF1A;&#x4ECB;&#x7ECD;&#x5982;&#x4F55;&#x4E3A; kubelet &#x8BBE;&#x7F6E; TLS &#x5BA2;&#x6237;&#x7AEF;&#x8BC1;&#x4E66;&#x5F15;&#x5BFC;&#xFF08;bootstrap&#xFF09;&#x3002;</li>
</ul>
<p><strong>&#x6CE8;&#x610F;&#xFF1A;</strong>&#x8FD9;&#x4E00;&#x6B65;&#x662F;&#x5728;&#x5B89;&#x88C5;&#x914D;&#x7F6E;kubernetes&#x7684;&#x6240;&#x6709;&#x6B65;&#x9AA4;&#x4E2D;&#x6700;&#x5BB9;&#x6613;&#x51FA;&#x9519;&#x4E5F;&#x6700;&#x96BE;&#x4E8E;&#x6392;&#x67E5;&#x95EE;&#x9898;&#x7684;&#x4E00;&#x6B65;&#xFF0C;&#x800C;&#x8FD9;&#x5374;&#x521A;&#x597D;&#x662F;&#x7B2C;&#x4E00;&#x6B65;&#xFF0C;&#x4E07;&#x4E8B;&#x5F00;&#x5934;&#x96BE;&#xFF0C;&#x4E0D;&#x8981;&#x56E0;&#x4E3A;&#x8FD9;&#x70B9;&#x56F0;&#x96BE;&#x5C31;&#x671B;&#x800C;&#x5374;&#x6B65;&#x3002;</p>
<p><strong>&#x5982;&#x679C;&#x60A8;&#x8DB3;&#x591F;&#x6709;&#x4FE1;&#x5FC3;&#x5728;&#x5B8C;&#x5168;&#x4E0D;&#x4E86;&#x89E3;&#x81EA;&#x5DF1;&#x5728;&#x505A;&#x4EC0;&#x4E48;&#x7684;&#x60C5;&#x51B5;&#x4E0B;&#x80FD;&#x591F;&#x6210;&#x529F;&#x5730;&#x5B8C;&#x6210;&#x4E86;&#x8FD9;&#x4E00;&#x6B65;&#x7684;&#x914D;&#x7F6E;&#xFF0C;&#x90A3;&#x4E48;&#x60A8;&#x53EF;&#x4EE5;&#x5C3D;&#x7BA1;&#x8DF3;&#x8FC7;&#x4E0A;&#x9762;&#x7684;&#x51E0;&#x7BC7;&#x6587;&#x7AE0;&#x76F4;&#x63A5;&#x8FDB;&#x884C;&#x4E0B;&#x9762;&#x7684;&#x64CD;&#x4F5C;&#x3002;</strong></p>
<p><code>kubernetes</code> &#x7CFB;&#x7EDF;&#x7684;&#x5404;&#x7EC4;&#x4EF6;&#x9700;&#x8981;&#x4F7F;&#x7528; <code>TLS</code> &#x8BC1;&#x4E66;&#x5BF9;&#x901A;&#x4FE1;&#x8FDB;&#x884C;&#x52A0;&#x5BC6;&#xFF0C;&#x672C;&#x6587;&#x6863;&#x4F7F;&#x7528; <code>CloudFlare</code> &#x7684; PKI &#x5DE5;&#x5177;&#x96C6; <a href="https://github.com/cloudflare/cfssl" target="_blank">cfssl</a> &#x6765;&#x751F;&#x6210; Certificate Authority (CA) &#x548C;&#x5176;&#x5B83;&#x8BC1;&#x4E66;&#xFF1B;</p>
<p><strong>&#x751F;&#x6210;&#x7684; CA &#x8BC1;&#x4E66;&#x548C;&#x79D8;&#x94A5;&#x6587;&#x4EF6;&#x5982;&#x4E0B;&#xFF1A;</strong></p>
<ul>
<li>ca-key.pem</li>
<li>ca.pem</li>
<li>kubernetes-key.pem</li>
<li>kubernetes.pem</li>
<li>kube-proxy.pem</li>
<li>kube-proxy-key.pem</li>
<li>admin.pem</li>
<li>admin-key.pem</li>
</ul>
<p><strong>&#x4F7F;&#x7528;&#x8BC1;&#x4E66;&#x7684;&#x7EC4;&#x4EF6;&#x5982;&#x4E0B;&#xFF1A;</strong></p>
<ul>
<li>etcd&#xFF1A;&#x4F7F;&#x7528; ca.pem&#x3001;kubernetes-key.pem&#x3001;kubernetes.pem&#xFF1B;</li>
<li>kube-apiserver&#xFF1A;&#x4F7F;&#x7528; ca.pem&#x3001;kubernetes-key.pem&#x3001;kubernetes.pem&#xFF1B;</li>
<li>kubelet&#xFF1A;&#x4F7F;&#x7528; ca.pem&#xFF1B;</li>
<li>kube-proxy&#xFF1A;&#x4F7F;&#x7528; ca.pem&#x3001;kube-proxy-key.pem&#x3001;kube-proxy.pem&#xFF1B;</li>
<li>kubectl&#xFF1A;&#x4F7F;&#x7528; ca.pem&#x3001;admin-key.pem&#x3001;admin.pem&#xFF1B;</li>
</ul>
<p><code>kube-controller</code>&#x3001;<code>kube-scheduler</code> &#x5F53;&#x524D;&#x9700;&#x8981;&#x548C; <code>kube-apiserver</code> &#x90E8;&#x7F72;&#x5728;&#x540C;&#x4E00;&#x53F0;&#x673A;&#x5668;&#x4E0A;&#x4E14;&#x4F7F;&#x7528;&#x975E;&#x5B89;&#x5168;&#x7AEF;&#x53E3;&#x901A;&#x4FE1;&#xFF0C;&#x6545;&#x4E0D;&#x9700;&#x8981;&#x8BC1;&#x4E66;&#x3002;</p>
<p><strong>&#x6CE8;&#x610F;&#xFF1A;&#x4EE5;&#x4E0B;&#x64CD;&#x4F5C;&#x90FD;&#x5728; master &#x8282;&#x70B9;&#x5373; 172.20.0.113 &#x8FD9;&#x53F0;&#x4E3B;&#x673A;&#x4E0A;&#x6267;&#x884C;&#xFF0C;&#x8BC1;&#x4E66;&#x53EA;&#x9700;&#x8981;&#x521B;&#x5EFA;&#x4E00;&#x6B21;&#x5373;&#x53EF;&#xFF0C;&#x4EE5;&#x540E;&#x5728;&#x5411;&#x96C6;&#x7FA4;&#x4E2D;&#x6DFB;&#x52A0;&#x65B0;&#x8282;&#x70B9;&#x65F6;&#x53EA;&#x8981;&#x5C06; /etc/kubernetes/ &#x76EE;&#x5F55;&#x4E0B;&#x7684;&#x8BC1;&#x4E66;&#x62F7;&#x8D1D;&#x5230;&#x65B0;&#x8282;&#x70B9;&#x4E0A;&#x5373;&#x53EF;&#x3002;</strong></p>
<h2 id="&#x5B89;&#x88C5;-cfssl">&#x5B89;&#x88C5; <code>CFSSL</code></h2>
<p><strong>&#x65B9;&#x5F0F;&#x4E00;&#xFF1A;&#x76F4;&#x63A5;&#x4F7F;&#x7528;&#x4E8C;&#x8FDB;&#x5236;&#x6E90;&#x7801;&#x5305;&#x5B89;&#x88C5;</strong></p>
<pre><code class="lang-bash">wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
chmod +x cfssl_linux-amd64
mv cfssl_linux-amd64 /root/<span class="hljs-built_in">local</span>/bin/cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x cfssljson_linux-amd64
mv cfssljson_linux-amd64 /root/<span class="hljs-built_in">local</span>/bin/cfssljson
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl-certinfo_linux-amd64
mv cfssl-certinfo_linux-amd64 /root/<span class="hljs-built_in">local</span>/bin/cfssl-certinfo
<span class="hljs-built_in">export</span> PATH=/root/<span class="hljs-built_in">local</span>/bin:<span class="hljs-variable">$PATH</span>
</code></pre>
<p><strong>&#x65B9;&#x5F0F;&#x4E8C;&#xFF1A;&#x4F7F;&#x7528;go&#x547D;&#x4EE4;&#x5B89;&#x88C5;</strong></p>
<p>&#x6211;&#x4EEC;&#x7684;&#x7CFB;&#x7EDF;&#x4E2D;&#x5B89;&#x88C5;&#x4E86;Go1.7.5&#xFF0C;&#x4F7F;&#x7528;&#x4EE5;&#x4E0B;&#x547D;&#x4EE4;&#x5B89;&#x88C5;&#x66F4;&#x5FEB;&#x6377;&#xFF1A;</p>
<pre><code class="lang-bash">$ go get -u github.com/cloudflare/cfssl/cmd/...
$ <span class="hljs-built_in">echo</span> <span class="hljs-variable">$GOPATH</span>
/usr/<span class="hljs-built_in">local</span>
<span class="hljs-variable">$ls</span> /usr/<span class="hljs-built_in">local</span>/bin/cfssl*
cfssl cfssl-bundle cfssl-certinfo cfssljson cfssl-newkey cfssl-scan
</code></pre>
<p>&#x5728;<code>$GOPATH/bin</code>&#x76EE;&#x5F55;&#x4E0B;&#x5F97;&#x5230;&#x4EE5;cfssl&#x5F00;&#x5934;&#x7684;&#x51E0;&#x4E2A;&#x547D;&#x4EE4;&#x3002;</p>
<p>&#x6CE8;&#x610F;&#xFF1A;&#x4EE5;&#x4E0B;&#x6587;&#x7AE0;&#x4E2D;&#x51FA;&#x73B0;&#x7684;cat&#x7684;&#x6587;&#x4EF6;&#x540D;&#x5982;&#x679C;&#x4E0D;&#x5B58;&#x5728;&#x9700;&#x8981;&#x624B;&#x5DE5;&#x521B;&#x5EFA;&#x3002;</p>
<h2 id="&#x521B;&#x5EFA;-ca-certificate-authority">&#x521B;&#x5EFA; CA (Certificate Authority)</h2>
<p><strong>&#x521B;&#x5EFA; CA &#x914D;&#x7F6E;&#x6587;&#x4EF6;</strong></p>
<pre><code class="lang-bash">mkdir /root/ssl
<span class="hljs-built_in">cd</span> /root/ssl
cfssl <span class="hljs-built_in">print</span>-defaults config &gt; config.json
cfssl <span class="hljs-built_in">print</span>-defaults csr &gt; csr.json
<span class="hljs-comment"># &#x6839;&#x636E;config.json&#x6587;&#x4EF6;&#x7684;&#x683C;&#x5F0F;&#x521B;&#x5EFA;&#x5982;&#x4E0B;&#x7684;ca-config.json&#x6587;&#x4EF6;</span>
<span class="hljs-comment"># &#x8FC7;&#x671F;&#x65F6;&#x95F4;&#x8BBE;&#x7F6E;&#x6210;&#x4E86; 87600h</span>
cat &gt; ca-config.json &lt;&lt;EOF
{
<span class="hljs-string">&quot;signing&quot;</span>: {
<span class="hljs-string">&quot;default&quot;</span>: {
<span class="hljs-string">&quot;expiry&quot;</span>: <span class="hljs-string">&quot;87600h&quot;</span>
},
<span class="hljs-string">&quot;profiles&quot;</span>: {
<span class="hljs-string">&quot;kubernetes&quot;</span>: {
<span class="hljs-string">&quot;usages&quot;</span>: [
<span class="hljs-string">&quot;signing&quot;</span>,
<span class="hljs-string">&quot;key encipherment&quot;</span>,
<span class="hljs-string">&quot;server auth&quot;</span>,
<span class="hljs-string">&quot;client auth&quot;</span>
],
<span class="hljs-string">&quot;expiry&quot;</span>: <span class="hljs-string">&quot;87600h&quot;</span>
}
}
}
}
EOF
</code></pre>
<p>&#x5B57;&#x6BB5;&#x8BF4;&#x660E;</p>
<ul>
<li><code>ca-config.json</code>&#xFF1A;&#x53EF;&#x4EE5;&#x5B9A;&#x4E49;&#x591A;&#x4E2A; profiles&#xFF0C;&#x5206;&#x522B;&#x6307;&#x5B9A;&#x4E0D;&#x540C;&#x7684;&#x8FC7;&#x671F;&#x65F6;&#x95F4;&#x3001;&#x4F7F;&#x7528;&#x573A;&#x666F;&#x7B49;&#x53C2;&#x6570;&#xFF1B;&#x540E;&#x7EED;&#x5728;&#x7B7E;&#x540D;&#x8BC1;&#x4E66;&#x65F6;&#x4F7F;&#x7528;&#x67D0;&#x4E2A; profile&#xFF1B;</li>
<li><code>signing</code>&#xFF1A;&#x8868;&#x793A;&#x8BE5;&#x8BC1;&#x4E66;&#x53EF;&#x7528;&#x4E8E;&#x7B7E;&#x540D;&#x5176;&#x5B83;&#x8BC1;&#x4E66;&#xFF1B;&#x751F;&#x6210;&#x7684; ca.pem &#x8BC1;&#x4E66;&#x4E2D; <code>CA=TRUE</code>&#xFF1B;</li>
<li><code>server auth</code>&#xFF1A;&#x8868;&#x793A;client&#x53EF;&#x4EE5;&#x7528;&#x8BE5; CA &#x5BF9;server&#x63D0;&#x4F9B;&#x7684;&#x8BC1;&#x4E66;&#x8FDB;&#x884C;&#x9A8C;&#x8BC1;&#xFF1B;</li>
<li><code>client auth</code>&#xFF1A;&#x8868;&#x793A;server&#x53EF;&#x4EE5;&#x7528;&#x8BE5;CA&#x5BF9;client&#x63D0;&#x4F9B;&#x7684;&#x8BC1;&#x4E66;&#x8FDB;&#x884C;&#x9A8C;&#x8BC1;&#xFF1B;</li>
</ul>
<p><strong>&#x521B;&#x5EFA; CA &#x8BC1;&#x4E66;&#x7B7E;&#x540D;&#x8BF7;&#x6C42;</strong></p>
<p>&#x521B;&#x5EFA; <code>ca-csr.json</code> &#x6587;&#x4EF6;&#xFF0C;&#x5185;&#x5BB9;&#x5982;&#x4E0B;&#xFF1A;</p>
<pre><code class="lang-json">{
<span class="hljs-string">&quot;CN&quot;</span>: <span class="hljs-string">&quot;kubernetes&quot;</span>,
<span class="hljs-string">&quot;key&quot;</span>: {
<span class="hljs-string">&quot;algo&quot;</span>: <span class="hljs-string">&quot;rsa&quot;</span>,
<span class="hljs-string">&quot;size&quot;</span>: <span class="hljs-number">2048</span>
},
<span class="hljs-string">&quot;names&quot;</span>: [
{
<span class="hljs-string">&quot;C&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;ST&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;L&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;O&quot;</span>: <span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;OU&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>
}
]
}
</code></pre>
<ul>
<li>&quot;CN&quot;&#xFF1A;<code>Common Name</code>&#xFF0C;kube-apiserver &#x4ECE;&#x8BC1;&#x4E66;&#x4E2D;&#x63D0;&#x53D6;&#x8BE5;&#x5B57;&#x6BB5;&#x4F5C;&#x4E3A;&#x8BF7;&#x6C42;&#x7684;&#x7528;&#x6237;&#x540D; (User Name)&#xFF1B;&#x6D4F;&#x89C8;&#x5668;&#x4F7F;&#x7528;&#x8BE5;&#x5B57;&#x6BB5;&#x9A8C;&#x8BC1;&#x7F51;&#x7AD9;&#x662F;&#x5426;&#x5408;&#x6CD5;&#xFF1B;</li>
<li>&quot;O&quot;&#xFF1A;<code>Organization</code>&#xFF0C;kube-apiserver &#x4ECE;&#x8BC1;&#x4E66;&#x4E2D;&#x63D0;&#x53D6;&#x8BE5;&#x5B57;&#x6BB5;&#x4F5C;&#x4E3A;&#x8BF7;&#x6C42;&#x7528;&#x6237;&#x6240;&#x5C5E;&#x7684;&#x7EC4; (Group)&#xFF1B;</li>
</ul>
<p><strong>&#x751F;&#x6210; CA &#x8BC1;&#x4E66;&#x548C;&#x79C1;&#x94A5;</strong></p>
<pre><code class="lang-bash">$ cfssl gencert -initca ca-csr.json | cfssljson -bare ca
$ ls ca*
ca-config.json ca.csr ca-csr.json ca-key.pem ca.pem
</code></pre>
<h2 id="&#x521B;&#x5EFA;-kubernetes-&#x8BC1;&#x4E66;">&#x521B;&#x5EFA; kubernetes &#x8BC1;&#x4E66;</h2>
<p>&#x521B;&#x5EFA; kubernetes &#x8BC1;&#x4E66;&#x7B7E;&#x540D;&#x8BF7;&#x6C42;&#x6587;&#x4EF6; <code>kubernetes-csr.json</code>&#xFF1A;</p>
<pre><code class="lang-json">{
<span class="hljs-string">&quot;CN&quot;</span>: <span class="hljs-string">&quot;kubernetes&quot;</span>,
<span class="hljs-string">&quot;hosts&quot;</span>: [
<span class="hljs-string">&quot;127.0.0.1&quot;</span>,
<span class="hljs-string">&quot;172.20.0.112&quot;</span>,
<span class="hljs-string">&quot;172.20.0.113&quot;</span>,
<span class="hljs-string">&quot;172.20.0.114&quot;</span>,
<span class="hljs-string">&quot;172.20.0.115&quot;</span>,
<span class="hljs-string">&quot;10.254.0.1&quot;</span>,
<span class="hljs-string">&quot;kubernetes&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc.cluster&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc.cluster.local&quot;</span>
],
<span class="hljs-string">&quot;key&quot;</span>: {
<span class="hljs-string">&quot;algo&quot;</span>: <span class="hljs-string">&quot;rsa&quot;</span>,
<span class="hljs-string">&quot;size&quot;</span>: <span class="hljs-number">2048</span>
},
<span class="hljs-string">&quot;names&quot;</span>: [
{
<span class="hljs-string">&quot;C&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;ST&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;L&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;O&quot;</span>: <span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;OU&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>
}
]
}
</code></pre>
<ul>
<li>&#x5982;&#x679C; hosts &#x5B57;&#x6BB5;&#x4E0D;&#x4E3A;&#x7A7A;&#x5219;&#x9700;&#x8981;&#x6307;&#x5B9A;&#x6388;&#x6743;&#x4F7F;&#x7528;&#x8BE5;&#x8BC1;&#x4E66;&#x7684; <strong>IP &#x6216;&#x57DF;&#x540D;&#x5217;&#x8868;</strong>&#xFF0C;&#x7531;&#x4E8E;&#x8BE5;&#x8BC1;&#x4E66;&#x540E;&#x7EED;&#x88AB; <code>etcd</code> &#x96C6;&#x7FA4;&#x548C; <code>kubernetes master</code> &#x96C6;&#x7FA4;&#x4F7F;&#x7528;&#xFF0C;&#x6240;&#x4EE5;&#x4E0A;&#x9762;&#x5206;&#x522B;&#x6307;&#x5B9A;&#x4E86; <code>etcd</code> &#x96C6;&#x7FA4;&#x3001;<code>kubernetes master</code> &#x96C6;&#x7FA4;&#x7684;&#x4E3B;&#x673A; IP &#x548C; <strong><code>kubernetes</code> &#x670D;&#x52A1;&#x7684;&#x670D;&#x52A1; IP</strong>&#xFF08;&#x4E00;&#x822C;&#x662F; <code>kube-apiserver</code> &#x6307;&#x5B9A;&#x7684; <code>service-cluster-ip-range</code> &#x7F51;&#x6BB5;&#x7684;&#x7B2C;&#x4E00;&#x4E2A;IP&#xFF0C;&#x5982; 10.254.0.1&#x3002;</li>
</ul>
<p><strong>&#x751F;&#x6210; kubernetes &#x8BC1;&#x4E66;&#x548C;&#x79C1;&#x94A5;</strong></p>
<pre><code class="lang-bash">$ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
$ ls kubernetes*
kubernetes.csr kubernetes-csr.json kubernetes-key.pem kubernetes.pem
</code></pre>
<p>&#x6216;&#x8005;&#x76F4;&#x63A5;&#x5728;&#x547D;&#x4EE4;&#x884C;&#x4E0A;&#x6307;&#x5B9A;&#x76F8;&#x5173;&#x53C2;&#x6570;&#xFF1A;</p>
<pre><code class="lang-bash"><span class="hljs-built_in">echo</span> <span class="hljs-string">&apos;{&quot;CN&quot;:&quot;kubernetes&quot;,&quot;hosts&quot;:[&quot;&quot;],&quot;key&quot;:{&quot;algo&quot;:&quot;rsa&quot;,&quot;size&quot;:2048}}&apos;</span> | cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes -hostname=<span class="hljs-string">&quot;127.0.0.1,172.20.0.112,172.20.0.113,172.20.0.114,172.20.0.115,kubernetes,kubernetes.default&quot;</span> - | cfssljson -bare kubernetes
</code></pre>
<h2 id="&#x521B;&#x5EFA;-admin-&#x8BC1;&#x4E66;">&#x521B;&#x5EFA; admin &#x8BC1;&#x4E66;</h2>
<p>&#x521B;&#x5EFA; admin &#x8BC1;&#x4E66;&#x7B7E;&#x540D;&#x8BF7;&#x6C42;&#x6587;&#x4EF6; <code>admin-csr.json</code>&#xFF1A;</p>
<pre><code class="lang-json">{
<span class="hljs-string">&quot;CN&quot;</span>: <span class="hljs-string">&quot;admin&quot;</span>,
<span class="hljs-string">&quot;hosts&quot;</span>: [],
<span class="hljs-string">&quot;key&quot;</span>: {
<span class="hljs-string">&quot;algo&quot;</span>: <span class="hljs-string">&quot;rsa&quot;</span>,
<span class="hljs-string">&quot;size&quot;</span>: <span class="hljs-number">2048</span>
},
<span class="hljs-string">&quot;names&quot;</span>: [
{
<span class="hljs-string">&quot;C&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;ST&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;L&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;O&quot;</span>: <span class="hljs-string">&quot;system:masters&quot;</span>,
<span class="hljs-string">&quot;OU&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>
}
]
}
</code></pre>
<ul>
<li>&#x540E;&#x7EED; <code>kube-apiserver</code> &#x4F7F;&#x7528; <code>RBAC</code> &#x5BF9;&#x5BA2;&#x6237;&#x7AEF;(&#x5982; <code>kubelet</code>&#x3001;<code>kube-proxy</code>&#x3001;<code>Pod</code>)&#x8BF7;&#x6C42;&#x8FDB;&#x884C;&#x6388;&#x6743;&#xFF1B;</li>
<li><code>kube-apiserver</code> &#x9884;&#x5B9A;&#x4E49;&#x4E86;&#x4E00;&#x4E9B; <code>RBAC</code> &#x4F7F;&#x7528;&#x7684; <code>RoleBindings</code>&#xFF0C;&#x5982; <code>cluster-admin</code> &#x5C06; Group <code>system:masters</code> &#x4E0E; Role <code>cluster-admin</code> &#x7ED1;&#x5B9A;&#xFF0C;&#x8BE5; Role &#x6388;&#x4E88;&#x4E86;&#x8C03;&#x7528;<code>kube-apiserver</code> &#x7684;<strong>&#x6240;&#x6709; API</strong>&#x7684;&#x6743;&#x9650;&#xFF1B;</li>
<li>OU &#x6307;&#x5B9A;&#x8BE5;&#x8BC1;&#x4E66;&#x7684; Group &#x4E3A; <code>system:masters</code>&#xFF0C;<code>kubelet</code> &#x4F7F;&#x7528;&#x8BE5;&#x8BC1;&#x4E66;&#x8BBF;&#x95EE; <code>kube-apiserver</code> &#x65F6; &#xFF0C;&#x7531;&#x4E8E;&#x8BC1;&#x4E66;&#x88AB; CA &#x7B7E;&#x540D;&#xFF0C;&#x6240;&#x4EE5;&#x8BA4;&#x8BC1;&#x901A;&#x8FC7;&#xFF0C;&#x540C;&#x65F6;&#x7531;&#x4E8E;&#x8BC1;&#x4E66;&#x7528;&#x6237;&#x7EC4;&#x4E3A;&#x7ECF;&#x8FC7;&#x9884;&#x6388;&#x6743;&#x7684; <code>system:masters</code>&#xFF0C;&#x6240;&#x4EE5;&#x88AB;&#x6388;&#x4E88;&#x8BBF;&#x95EE;&#x6240;&#x6709; API &#x7684;&#x6743;&#x9650;&#xFF1B;</li>
</ul>
<p>&#x751F;&#x6210; admin &#x8BC1;&#x4E66;&#x548C;&#x79C1;&#x94A5;</p>
<pre><code class="lang-bash">$ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
$ ls admin*
admin.csr admin-csr.json admin-key.pem admin.pem
</code></pre>
<h2 id="&#x521B;&#x5EFA;-kube-proxy-&#x8BC1;&#x4E66;">&#x521B;&#x5EFA; kube-proxy &#x8BC1;&#x4E66;</h2>
<p>&#x521B;&#x5EFA; kube-proxy &#x8BC1;&#x4E66;&#x7B7E;&#x540D;&#x8BF7;&#x6C42;&#x6587;&#x4EF6; <code>kube-proxy-csr.json</code>&#xFF1A;</p>
<pre><code class="lang-json">{
<span class="hljs-string">&quot;CN&quot;</span>: <span class="hljs-string">&quot;system:kube-proxy&quot;</span>,
<span class="hljs-string">&quot;hosts&quot;</span>: [],
<span class="hljs-string">&quot;key&quot;</span>: {
<span class="hljs-string">&quot;algo&quot;</span>: <span class="hljs-string">&quot;rsa&quot;</span>,
<span class="hljs-string">&quot;size&quot;</span>: <span class="hljs-number">2048</span>
},
<span class="hljs-string">&quot;names&quot;</span>: [
{
<span class="hljs-string">&quot;C&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;ST&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;L&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;O&quot;</span>: <span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;OU&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>
}
]
}
</code></pre>
<ul>
<li>CN &#x6307;&#x5B9A;&#x8BE5;&#x8BC1;&#x4E66;&#x7684; User &#x4E3A; <code>system:kube-proxy</code>&#xFF1B;</li>
<li><code>kube-apiserver</code> &#x9884;&#x5B9A;&#x4E49;&#x7684; RoleBinding <code>cluster-admin</code> &#x5C06;User <code>system:kube-proxy</code> &#x4E0E; Role <code>system:node-proxier</code> &#x7ED1;&#x5B9A;&#xFF0C;&#x8BE5; Role &#x6388;&#x4E88;&#x4E86;&#x8C03;&#x7528; <code>kube-apiserver</code> Proxy &#x76F8;&#x5173; API &#x7684;&#x6743;&#x9650;&#xFF1B;</li>
</ul>
<p>&#x751F;&#x6210; kube-proxy &#x5BA2;&#x6237;&#x7AEF;&#x8BC1;&#x4E66;&#x548C;&#x79C1;&#x94A5;</p>
<pre><code class="lang-bash">$ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
$ ls kube-proxy*
kube-proxy.csr kube-proxy-csr.json kube-proxy-key.pem kube-proxy.pem
</code></pre>
<h2 id="&#x6821;&#x9A8C;&#x8BC1;&#x4E66;">&#x6821;&#x9A8C;&#x8BC1;&#x4E66;</h2>
<p>&#x4EE5; kubernetes &#x8BC1;&#x4E66;&#x4E3A;&#x4F8B;</p>
<h3 id="&#x4F7F;&#x7528;-opsnssl-&#x547D;&#x4EE4;">&#x4F7F;&#x7528; <code>opsnssl</code> &#x547D;&#x4EE4;</h3>
<pre><code class="lang-bash">$ openssl x509 -noout -text -in kubernetes.pem
...
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=BeiJing, L=BeiJing, O=k8s, OU=System, CN=Kubernetes
Validity
Not Before: Apr 5 05:36:00 2017 GMT
Not After : Apr 5 05:36:00 2018 GMT
Subject: C=CN, ST=BeiJing, L=BeiJing, O=k8s, OU=System, CN=kubernetes
...
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
DD:52:04:43:10:13:A9:29:24:17:3A:0E:D7:14:DB:36:F8:6C:E0:E0
X509v3 Authority Key Identifier:
keyid:44:04:3B:60:BD:69:78:14:68:AF:A0:41:13:F6:17:07:13:63:58:CD
X509v3 Subject Alternative Name:
DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster, DNS:kubernetes.default.svc.cluster.local, IP Address:127.0.0.1, IP Address:172.20.0.112, IP Address:172.20.0.113, IP Address:172.20.0.114, IP Address:172.20.0.115, IP Address:10.254.0.1
...
</code></pre>
<ul>
<li>&#x786E;&#x8BA4; <code>Issuer</code> &#x5B57;&#x6BB5;&#x7684;&#x5185;&#x5BB9;&#x548C; <code>ca-csr.json</code> &#x4E00;&#x81F4;&#xFF1B;</li>
<li>&#x786E;&#x8BA4; <code>Subject</code> &#x5B57;&#x6BB5;&#x7684;&#x5185;&#x5BB9;&#x548C; <code>kubernetes-csr.json</code> &#x4E00;&#x81F4;&#xFF1B;</li>
<li>&#x786E;&#x8BA4; <code>X509v3 Subject Alternative Name</code> &#x5B57;&#x6BB5;&#x7684;&#x5185;&#x5BB9;&#x548C; <code>kubernetes-csr.json</code> &#x4E00;&#x81F4;&#xFF1B;</li>
<li>&#x786E;&#x8BA4; <code>X509v3 Key Usage&#x3001;Extended Key Usage</code> &#x5B57;&#x6BB5;&#x7684;&#x5185;&#x5BB9;&#x548C; <code>ca-config.json</code> &#x4E2D; <code>kubernetes</code> profile &#x4E00;&#x81F4;&#xFF1B;</li>
</ul>
<h3 id="&#x4F7F;&#x7528;-cfssl-certinfo-&#x547D;&#x4EE4;">&#x4F7F;&#x7528; <code>cfssl-certinfo</code> &#x547D;&#x4EE4;</h3>
<pre><code class="lang-bash">$ cfssl-certinfo -cert kubernetes.pem
...
{
<span class="hljs-string">&quot;subject&quot;</span>: {
<span class="hljs-string">&quot;common_name&quot;</span>: <span class="hljs-string">&quot;kubernetes&quot;</span>,
<span class="hljs-string">&quot;country&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;organization&quot;</span>: <span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;organizational_unit&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>,
<span class="hljs-string">&quot;locality&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;province&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;names&quot;</span>: [
<span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;System&quot;</span>,
<span class="hljs-string">&quot;kubernetes&quot;</span>
]
},
<span class="hljs-string">&quot;issuer&quot;</span>: {
<span class="hljs-string">&quot;common_name&quot;</span>: <span class="hljs-string">&quot;Kubernetes&quot;</span>,
<span class="hljs-string">&quot;country&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;organization&quot;</span>: <span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;organizational_unit&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>,
<span class="hljs-string">&quot;locality&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;province&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;names&quot;</span>: [
<span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;System&quot;</span>,
<span class="hljs-string">&quot;Kubernetes&quot;</span>
]
},
<span class="hljs-string">&quot;serial_number&quot;</span>: <span class="hljs-string">&quot;174360492872423263473151971632292895707129022309&quot;</span>,
<span class="hljs-string">&quot;sans&quot;</span>: [
<span class="hljs-string">&quot;kubernetes&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc.cluster&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc.cluster.local&quot;</span>,
<span class="hljs-string">&quot;127.0.0.1&quot;</span>,
<span class="hljs-string">&quot;10.64.3.7&quot;</span>,
<span class="hljs-string">&quot;10.254.0.1&quot;</span>
],
<span class="hljs-string">&quot;not_before&quot;</span>: <span class="hljs-string">&quot;2017-04-05T05:36:00Z&quot;</span>,
<span class="hljs-string">&quot;not_after&quot;</span>: <span class="hljs-string">&quot;2018-04-05T05:36:00Z&quot;</span>,
<span class="hljs-string">&quot;sigalg&quot;</span>: <span class="hljs-string">&quot;SHA256WithRSA&quot;</span>,
...
</code></pre>
<h2 id="&#x5206;&#x53D1;&#x8BC1;&#x4E66;">&#x5206;&#x53D1;&#x8BC1;&#x4E66;</h2>
<p>&#x5C06;&#x751F;&#x6210;&#x7684;&#x8BC1;&#x4E66;&#x548C;&#x79D8;&#x94A5;&#x6587;&#x4EF6;&#xFF08;&#x540E;&#x7F00;&#x540D;&#x4E3A;<code>.pem</code>&#xFF09;&#x62F7;&#x8D1D;&#x5230;&#x6240;&#x6709;&#x673A;&#x5668;&#x7684; <code>/etc/kubernetes/ssl</code> &#x76EE;&#x5F55;&#x4E0B;&#x5907;&#x7528;&#xFF1B;</p>
<pre><code class="lang-bash">mkdir -p /etc/kubernetes/ssl
cp *.pem /etc/kubernetes/ssl
</code></pre>
<h2 id="&#x53C2;&#x8003;">&#x53C2;&#x8003;</h2>
<ul>
<li><a href="https://coreos.com/os/docs/latest/generate-self-signed-certificates.html" target="_blank">Generate self-signed certificates</a></li>
<li><a href="https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/02-certificate-authority.md" target="_blank">Setting up a Certificate Authority and Creating TLS Certificates</a></li>
<li><a href="https://blogs.msdn.microsoft.com/kaushal/2012/02/17/client-certificates-vs-server-certificates/" target="_blank">Client Certificates V/s Server Certificates</a></li>
<li><a href="http://blog.jobbole.com/104919/" target="_blank">&#x6570;&#x5B57;&#x8BC1;&#x4E66;&#x53CA; CA &#x7684;&#x626B;&#x76F2;&#x4ECB;&#x7ECD;</a></li>
<li><a href="../guide/tls-bootstrapping.html">TLS bootstrap &#x5F15;&#x5BFC;&#x7A0B;&#x5E8F;</a> </li>
</ul>
<footer class="page-footer"><span class="copyright">Copyright &#xA9; jimmysong.io 2017 all right reserved&#xFF0C;powered by Gitbook</span><span class="footer-modification">Updated:
2017-08-31 22:33:56
</span></footer>
</section>
</div>
<div class="search-results">
<div class="has-results">
<h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
<ul class="search-results-list"></ul>
</div>
<div class="no-results">
<h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
</div>
</div>
</div>
</div>
</div>
</div>
<a href="install-kbernetes1.6-on-centos.html" class="navigation navigation-prev " aria-label="Previous page: 4.1 在CentOS上部署kubernetes1.6集群">
<i class="fa fa-angle-left"></i>
</a>
<a href="create-kubeconfig.html" class="navigation navigation-next " aria-label="Next page: 4.1.2 创建kubeconfig文件">
<i class="fa fa-angle-right"></i>
</a>
</div>
<script>
var gitbook = gitbook || [];
gitbook.push(function() {
gitbook.page.hasChanged({"page":{"title":"4.1.1 创建TLS证书和秘钥","level":"1.4.1.1","depth":3,"next":{"title":"4.1.2 创建kubeconfig文件","level":"1.4.1.2","depth":3,"path":"practice/create-kubeconfig.md","ref":"practice/create-kubeconfig.md","articles":[]},"previous":{"title":" 4.1 在CentOS上部署kubernetes1.6集群","level":"1.4.1","depth":2,"path":"practice/install-kbernetes1.6-on-centos.md","ref":"practice/install-kbernetes1.6-on-centos.md","articles":[{"title":"4.1.1 创建TLS证书和秘钥","level":"1.4.1.1","depth":3,"path":"practice/create-tls-and-secret-key.md","ref":"practice/create-tls-and-secret-key.md","articles":[]},{"title":"4.1.2 创建kubeconfig文件","level":"1.4.1.2","depth":3,"path":"practice/create-kubeconfig.md","ref":"practice/create-kubeconfig.md","articles":[]},{"title":"4.1.3 创建高可用etcd集群","level":"1.4.1.3","depth":3,"path":"practice/etcd-cluster-installation.md","ref":"practice/etcd-cluster-installation.md","articles":[]},{"title":"4.1.4 安装kubectl命令行工具","level":"1.4.1.4","depth":3,"path":"practice/kubectl-installation.md","ref":"practice/kubectl-installation.md","articles":[]},{"title":"4.1.5 部署master节点","level":"1.4.1.5","depth":3,"path":"practice/master-installation.md","ref":"practice/master-installation.md","articles":[]},{"title":"4.1.6 部署node节点","level":"1.4.1.6","depth":3,"path":"practice/node-installation.md","ref":"practice/node-installation.md","articles":[]},{"title":"4.1.7 安装kubedns插件","level":"1.4.1.7","depth":3,"path":"practice/kubedns-addon-installation.md","ref":"practice/kubedns-addon-installation.md","articles":[]},{"title":"4.1.8 安装dashboard插件","level":"1.4.1.8","depth":3,"path":"practice/dashboard-addon-installation.md","ref":"practice/dashboard-addon-installation.md","articles":[]},{"title":"4.1.9 安装heapster插件","level":"1.4.1.9","depth":3,"path":"practice/heapster-addon-installation.md","ref":"practice/heapster-addon-installation.md","articles":[]},{"title":"4.1.10 安装EFK插件","level":"1.4.1.10","depth":3,"path":"practice/efk-addon-installation.md","ref":"practice/efk-addon-installation.md","articles":[]}]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","editlink","back-to-top-button","-lunr","-search","search-plus","github-buttons@2.1.0","favicon@^0.0.2","tbfed-pagefooter@^0.0.1","3-ba"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"Copyright © jimmysong.io 2017","modify_label":"Updated:","modify_format":"YYYY-MM-DD HH:mm:ss"},"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"splitter":{},"codesnippet":{},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"favicon":{"shortcut":"favicon.ico","bookmark":"favicon.ico"},"page-toc-button":{},"back-to-top-button":{},"github-buttons":{"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"},"3-ba":{"configuration":"auto","token":"11f7d254cfa4e0ca44b175c66d379ecc"},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false},"search-plus":{},"image-captions":{"caption":"图片 - _CAPTION_","variable_name":"_pictures"}},"theme":"default","author":"Jimmy Song","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"concepts/index.html#fig1.2.1","level":"1.2","list_caption":"Figure: Borg架构","alt":"Borg架构","nro":1,"url":"../images/borg.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Borg架构","attributes":{},"skip":false,"key":"1.2.1"},{"backlink":"concepts/index.html#fig1.2.2","level":"1.2","list_caption":"Figure: Kubernetes架构","alt":"Kubernetes架构","nro":2,"url":"../images/architecture.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes架构","attributes":{},"skip":false,"key":"1.2.2"},{"backlink":"concepts/index.html#fig1.2.3","level":"1.2","list_caption":"Figure: kubernetes整体架构示意图","alt":"kubernetes整体架构示意图","nro":3,"url":"../images/kubernetes-whole-arch.png","index":3,"caption_template":"图片 - _CAPTION_","label":"kubernetes整体架构示意图","attributes":{},"skip":false,"key":"1.2.3"},{"backlink":"concepts/index.html#fig1.2.4","level":"1.2","list_caption":"Figure: Kubernetes master架构示意图","alt":"Kubernetes master架构示意图","nro":4,"url":"../images/kubernetes-master-arch.png","index":4,"caption_template":"图片 - _CAPTION_","label":"Kubernetes master架构示意图","attributes":{},"skip":false,"key":"1.2.4"},{"backlink":"concepts/index.html#fig1.2.5","level":"1.2","list_caption":"Figure: kubernetes node架构示意图","alt":"kubernetes node架构示意图","nro":5,"url":"../images/kubernetes-node-arch.png","index":5,"caption_template":"图片 - _CAPTION_","label":"kubernetes node架构示意图","attributes":{},"skip":false,"key":"1.2.5"},{"backlink":"concepts/index.html#fig1.2.6","level":"1.2","list_caption":"Figure: Kubernetes分层架构示意图","alt":"Kubernetes分层架构示意图","nro":6,"url":"../images/kubernetes-layers-arch.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"Kubernetes分层架构示意图","attributes":{},"skip":false,"key":"1.2.6"},{"backlink":"concepts/concepts.html#fig1.2.1.1","level":"1.2.1","list_caption":"Figure: 分层架构示意图","alt":"分层架构示意图","nro":7,"url":"../images/kubernetes-layers-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"分层架构示意图","attributes":{},"skip":false,"key":"1.2.1.1"},{"backlink":"concepts/pod-overview.html#fig1.2.2.1.1","level":"1.2.2.1","list_caption":"Figure: pod diagram","alt":"pod diagram","nro":8,"url":"../images/pod-overview.png","index":1,"caption_template":"图片 - _CAPTION_","label":"pod diagram","attributes":{},"skip":false,"key":"1.2.2.1.1"},{"backlink":"concepts/pod.html#fig1.2.2.1.1.1","level":"1.2.2.1.1","list_caption":"Figure: Pod示意图","alt":"Pod示意图","nro":9,"url":"../images/pod-overview.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Pod示意图","attributes":{},"skip":false,"key":"1.2.2.1.1.1"},{"backlink":"concepts/pod.html#fig1.2.2.1.1.2","level":"1.2.2.1.1","list_caption":"Figure: Pod Cheatsheet","alt":"Pod Cheatsheet","nro":10,"url":"../images/kubernetes-pod-cheatsheet.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Pod Cheatsheet","attributes":{},"skip":false,"key":"1.2.2.1.1.2"},{"backlink":"concepts/service.html#fig1.2.2.4.1","level":"1.2.2.4","list_caption":"Figure: userspace代理模式下Service概览图","alt":"userspace代理模式下Service概览图","nro":11,"url":"https://d33wubrfki0l68.cloudfront.net/b8e1022c2dd815d8dd36b1bc4f0cc3ad870a924f/1dd12/images/docs/services-userspace-overview.svg","index":1,"caption_template":"图片 - _CAPTION_","label":"userspace代理模式下Service概览图","attributes":{},"skip":false,"key":"1.2.2.4.1"},{"backlink":"concepts/service.html#fig1.2.2.4.2","level":"1.2.2.4","list_caption":"Figure: iptables代理模式下Service概览图","alt":"iptables代理模式下Service概览图","nro":12,"url":"https://d33wubrfki0l68.cloudfront.net/837afa5715eb31fb9ca6516ec6863e810f437264/42951/images/docs/services-iptables-overview.svg","index":2,"caption_template":"图片 - _CAPTION_","label":"iptables代理模式下Service概览图","attributes":{},"skip":false,"key":"1.2.2.4.2"},{"backlink":"concepts/deployment.html#fig1.2.2.6.1","level":"1.2.2.6","list_caption":"Figure: kubernetes deployment cheatsheet","alt":"kubernetes deployment cheatsheet","nro":13,"url":"../images/deployment-cheatsheet.png","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes deployment cheatsheet","attributes":{},"skip":false,"key":"1.2.2.6.1"},{"backlink":"concepts/horizontal-pod-autoscaling.html#fig1.2.2.16.1","level":"1.2.2.16","list_caption":"Figure: horizontal-pod-autoscaler","alt":"horizontal-pod-autoscaler","nro":14,"url":"../images/horizontal-pod-autoscaler.png","index":1,"caption_template":"图片 - _CAPTION_","label":"horizontal-pod-autoscaler","attributes":{},"skip":false,"key":"1.2.2.16.1"},{"backlink":"concepts/label.html#fig1.2.2.17.1","level":"1.2.2.17","list_caption":"Figure: label示意图","alt":"label示意图","nro":15,"url":"../images/labels.png","index":1,"caption_template":"图片 - _CAPTION_","label":"label示意图","attributes":{},"skip":false,"key":"1.2.2.17.1"},{"backlink":"guide/using-kubectl.html#fig1.3.2.1.1","level":"1.3.2.1","list_caption":"Figure: kubectl cheatsheet","alt":"kubectl cheatsheet","nro":16,"url":"../images/kubernetes-kubectl-cheatsheet.png","index":1,"caption_template":"图片 - _CAPTION_","label":"kubectl cheatsheet","attributes":{},"skip":false,"key":"1.3.2.1.1"},{"backlink":"guide/using-kubectl.html#fig1.3.2.1.2","level":"1.3.2.1","list_caption":"Figure: kube-shell页面","alt":"kube-shell页面","nro":17,"url":"../images/kube-shell.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"kube-shell页面","attributes":{},"skip":false,"key":"1.3.2.1.2"},{"backlink":"guide/ip-masq-agent.html#fig1.3.3.6.1","level":"1.3.3.6","list_caption":"Figure: IP伪装代理示意图","alt":"IP伪装代理示意图","nro":18,"url":"../images/ip-masq.png","index":1,"caption_template":"图片 - _CAPTION_","label":"IP伪装代理示意图","attributes":{},"skip":false,"key":"1.3.3.6.1"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig1.3.5.1.1","level":"1.3.5.1","list_caption":"Figure: API","alt":"API","nro":19,"url":"../images/k8s-app-monitor-test-api-doc.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"API","attributes":{},"skip":false,"key":"1.3.5.1.1"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig1.3.5.1.2","level":"1.3.5.1","list_caption":"Figure: wercker","alt":"wercker","nro":20,"url":"../images/k8s-app-monitor-agent-wercker.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"wercker","attributes":{},"skip":false,"key":"1.3.5.1.2"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig1.3.5.1.3","level":"1.3.5.1","list_caption":"Figure: 图表","alt":"图表","nro":21,"url":"../images/k8s-app-monitor-agent.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"图表","attributes":{},"skip":false,"key":"1.3.5.1.3"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig1.3.5.2.1","level":"1.3.5.2","list_caption":"Figure: spark on yarn with kubernetes","alt":"spark on yarn with kubernetes","nro":22,"url":"../images/spark-on-yarn-with-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"spark on yarn with kubernetes","attributes":{},"skip":false,"key":"1.3.5.2.1"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig1.3.5.2.2","level":"1.3.5.2","list_caption":"Figure: Terms","alt":"Terms","nro":23,"url":"../images/terms-in-kubernetes-app-deployment.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Terms","attributes":{},"skip":false,"key":"1.3.5.2.2"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig1.3.5.2.3","level":"1.3.5.2","list_caption":"Figure: 分解步骤解析","alt":"分解步骤解析","nro":24,"url":"../images/migrating-hadoop-yarn-to-kubernetes.png","index":3,"caption_template":"图片 - _CAPTION_","label":"分解步骤解析","attributes":{},"skip":false,"key":"1.3.5.2.3"},{"backlink":"practice/node-installation.html#fig1.4.1.6.1","level":"1.4.1.6","list_caption":"Figure: welcome-nginx","alt":"welcome-nginx","nro":25,"url":"http://olz1di9xf.bkt.clouddn.com/kubernetes-installation-test-nginx.png","index":1,"caption_template":"图片 - _CAPTION_","label":"welcome-nginx","attributes":{},"skip":false,"key":"1.4.1.6.1"},{"backlink":"practice/dashboard-addon-installation.html#fig1.4.1.8.1","level":"1.4.1.8","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":26,"url":"http://olz1di9xf.bkt.clouddn.com/kubernetes-dashboard-raw.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"1.4.1.8.1"},{"backlink":"practice/dashboard-addon-installation.html#fig1.4.1.8.2","level":"1.4.1.8","list_caption":"Figure: V1.6.3版本的dashboard界面","alt":"V1.6.3版本的dashboard界面","nro":27,"url":"../images/dashboard-v163.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"V1.6.3版本的dashboard界面","attributes":{},"skip":false,"key":"1.4.1.8.2"},{"backlink":"practice/heapster-addon-installation.html#fig1.4.1.9.1","level":"1.4.1.9","list_caption":"Figure: dashboard-heapster","alt":"dashboard-heapster","nro":28,"url":"../images/kubernetes-dashboard-with-heapster.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"dashboard-heapster","attributes":{},"skip":false,"key":"1.4.1.9.1"},{"backlink":"practice/heapster-addon-installation.html#fig1.4.1.9.2","level":"1.4.1.9","list_caption":"Figure: grafana","alt":"grafana","nro":29,"url":"../images/kubernetes-heapster-grafana.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"grafana","attributes":{},"skip":false,"key":"1.4.1.9.2"},{"backlink":"practice/heapster-addon-installation.html#fig1.4.1.9.3","level":"1.4.1.9","list_caption":"Figure: kubernetes-influxdb-heapster","alt":"kubernetes-influxdb-heapster","nro":30,"url":"../images/kubernetes-influxdb-heapster.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"kubernetes-influxdb-heapster","attributes":{},"skip":false,"key":"1.4.1.9.3"},{"backlink":"practice/heapster-addon-installation.html#fig1.4.1.9.4","level":"1.4.1.9","list_caption":"Figure: 修改grafana模板","alt":"修改grafana模板","nro":31,"url":"../images/grafana-dashboard-setting.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"修改grafana模板","attributes":{},"skip":false,"key":"1.4.1.9.4"},{"backlink":"practice/efk-addon-installation.html#fig1.4.1.10.1","level":"1.4.1.10","list_caption":"Figure: es-setting","alt":"es-setting","nro":32,"url":"../images/es-setting.png","index":1,"caption_template":"图片 - _CAPTION_","label":"es-setting","attributes":{},"skip":false,"key":"1.4.1.10.1"},{"backlink":"practice/efk-addon-installation.html#fig1.4.1.10.2","level":"1.4.1.10","list_caption":"Figure: es-home","alt":"es-home","nro":33,"url":"../images/kubernetes-efk-kibana.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"es-home","attributes":{},"skip":false,"key":"1.4.1.10.2"},{"backlink":"practice/traefik-ingress-installation.html#fig1.4.2.1.1","level":"1.4.2.1","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":34,"url":"../images/traefik-dashboard.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"1.4.2.1.1"},{"backlink":"practice/traefik-ingress-installation.html#fig1.4.2.1.2","level":"1.4.2.1","list_caption":"Figure: traefik-nginx","alt":"traefik-nginx","nro":35,"url":"../images/traefik-nginx.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"traefik-nginx","attributes":{},"skip":false,"key":"1.4.2.1.2"},{"backlink":"practice/traefik-ingress-installation.html#fig1.4.2.1.3","level":"1.4.2.1","list_caption":"Figure: traefik-guestbook","alt":"traefik-guestbook","nro":36,"url":"../images/traefik-guestbook.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"traefik-guestbook","attributes":{},"skip":false,"key":"1.4.2.1.3"},{"backlink":"practice/distributed-load-test.html#fig1.4.2.2.1","level":"1.4.2.2","list_caption":"Figure: 使用dashboard来扩容","alt":"使用dashboard来扩容","nro":37,"url":"../images/dashbaord-scale.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"使用dashboard来扩容","attributes":{},"skip":false,"key":"1.4.2.2.1"},{"backlink":"practice/distributed-load-test.html#fig1.4.2.2.2","level":"1.4.2.2","list_caption":"Figure: Traefik的UI","alt":"Traefik的UI","nro":38,"url":"../images/traefik-dashboard-locust.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Traefik的UI","attributes":{},"skip":false,"key":"1.4.2.2.2"},{"backlink":"practice/distributed-load-test.html#fig1.4.2.2.3","level":"1.4.2.2","list_caption":"Figure: Locust启动界面","alt":"Locust启动界面","nro":39,"url":"../images/locust-start-swarming.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Locust启动界面","attributes":{},"skip":false,"key":"1.4.2.2.3"},{"backlink":"practice/distributed-load-test.html#fig1.4.2.2.4","level":"1.4.2.2","list_caption":"Figure: Dashboard查看页面","alt":"Dashboard查看页面","nro":40,"url":"../images/sample-webapp-rc.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Dashboard查看页面","attributes":{},"skip":false,"key":"1.4.2.2.4"},{"backlink":"practice/distributed-load-test.html#fig1.4.2.2.5","level":"1.4.2.2","list_caption":"Figure: Locust测试结果页面","alt":"Locust测试结果页面","nro":41,"url":"../images/locust-dashboard.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Locust测试结果页面","attributes":{},"skip":false,"key":"1.4.2.2.5"},{"backlink":"practice/network-and-cluster-perfermance-test.html#fig1.4.2.3.1","level":"1.4.2.3","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":42,"url":"http://olz1di9xf.bkt.clouddn.com/kubenetes-e2e-test.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"1.4.2.3.1"},{"backlink":"practice/network-and-cluster-perfermance-test.html#fig1.4.2.3.2","level":"1.4.2.3","list_caption":"Figure: locust-test","alt":"locust-test","nro":43,"url":"http://olz1di9xf.bkt.clouddn.com/kubernetes-locust-test.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"locust-test","attributes":{},"skip":false,"key":"1.4.2.3.2"},{"backlink":"practice/edge-node-configuration.html#fig1.4.2.4.1","level":"1.4.2.4","list_caption":"Figure: 边缘节点架构","alt":"边缘节点架构","nro":44,"url":"../images/kubernetes-edge-node-architecture.png","index":1,"caption_template":"图片 - _CAPTION_","label":"边缘节点架构","attributes":{},"skip":false,"key":"1.4.2.4.1"},{"backlink":"practice/app-log-collection.html#fig1.4.3.2.1","level":"1.4.3.2","list_caption":"Figure: filebeat日志收集架构图","alt":"filebeat日志收集架构图","nro":45,"url":"../images/filebeat-log-collector.png","index":1,"caption_template":"图片 - _CAPTION_","label":"filebeat日志收集架构图","attributes":{},"skip":false,"key":"1.4.3.2.1"},{"backlink":"practice/app-log-collection.html#fig1.4.3.2.2","level":"1.4.3.2","list_caption":"Figure: Kibana页面","alt":"Kibana页面","nro":46,"url":"../images/filebeat-docker-test.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kibana页面","attributes":{},"skip":false,"key":"1.4.3.2.2"},{"backlink":"practice/app-log-collection.html#fig1.4.3.2.3","level":"1.4.3.2","list_caption":"Figure: filebeat收集的日志详细信息","alt":"filebeat收集的日志详细信息","nro":47,"url":"../images/kubernetes-filebeat-detail.png","index":3,"caption_template":"图片 - _CAPTION_","label":"filebeat收集的日志详细信息","attributes":{},"skip":false,"key":"1.4.3.2.3"},{"backlink":"practice/monitor.html#fig1.4.3.4.1","level":"1.4.3.4","list_caption":"Figure: Kubernetes集群中的监控","alt":"Kubernetes集群中的监控","nro":48,"url":"../images/monitoring-in-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes集群中的监控","attributes":{},"skip":false,"key":"1.4.3.4.1"},{"backlink":"practice/monitor.html#fig1.4.3.4.2","level":"1.4.3.4","list_caption":"Figure: kubernetes的容器命名规则示意图","alt":"kubernetes的容器命名规则示意图","nro":49,"url":"../images/kubernetes-container-naming-rule.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"kubernetes的容器命名规则示意图","attributes":{},"skip":false,"key":"1.4.3.4.2"},{"backlink":"practice/monitor.html#fig1.4.3.4.3","level":"1.4.3.4","list_caption":"Figure: Heapster架构图改进版","alt":"Heapster架构图改进版","nro":50,"url":"../images/kubernetes-heapster-monitoring.png","index":3,"caption_template":"图片 - _CAPTION_","label":"Heapster架构图改进版","attributes":{},"skip":false,"key":"1.4.3.4.3"},{"backlink":"practice/monitor.html#fig1.4.3.4.4","level":"1.4.3.4","list_caption":"Figure: 应用监控架构图","alt":"应用监控架构图","nro":51,"url":"../images/kubernetes-app-monitoring.png","index":4,"caption_template":"图片 - _CAPTION_","label":"应用监控架构图","attributes":{},"skip":false,"key":"1.4.3.4.4"},{"backlink":"practice/monitor.html#fig1.4.3.4.5","level":"1.4.3.4","list_caption":"Figure: 应用拓扑图","alt":"应用拓扑图","nro":52,"url":"../images/weave-scope-service-topology.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"应用拓扑图","attributes":{},"skip":false,"key":"1.4.3.4.5"},{"backlink":"practice/jenkins-ci-cd.html#fig1.4.3.5.1","level":"1.4.3.5","list_caption":"Figure: 基于Jenkins的持续集成与发布","alt":"基于Jenkins的持续集成与发布","nro":53,"url":"../images/kubernetes-jenkins-ci-cd.png","index":1,"caption_template":"图片 - _CAPTION_","label":"基于Jenkins的持续集成与发布","attributes":{},"skip":false,"key":"1.4.3.5.1"},{"backlink":"practice/data-persistence-problem.html#fig1.4.3.6.1","level":"1.4.3.6","list_caption":"Figure: 日志持久化收集解决方案示意图","alt":"日志持久化收集解决方案示意图","nro":54,"url":"../images/log-persistence-logstash.png","index":1,"caption_template":"图片 - _CAPTION_","label":"日志持久化收集解决方案示意图","attributes":{},"skip":false,"key":"1.4.3.6.1"},{"backlink":"practice/using-prometheus-to-monitor-kuberentes-cluster.html#fig1.4.3.8.1","level":"1.4.3.8","list_caption":"Figure: Grafana页面","alt":"Grafana页面","nro":55,"url":"../images/kubernetes-prometheus-monitoring.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Grafana页面","attributes":{},"skip":false,"key":"1.4.3.8.1"},{"backlink":"practice/storage-for-containers-using-glusterfs-with-openshift.html#fig1.4.4.1.2.1","level":"1.4.4.1.2","list_caption":"Figure: Screen Shot 2017-03-23 at 21.50.34","alt":"Screen Shot 2017-03-23 at 21.50.34","nro":56,"url":"https://keithtenzer.files.wordpress.com/2017/03/screen-shot-2017-03-23-at-21-50-34.png?w=440","index":1,"caption_template":"图片 - _CAPTION_","label":"Screen Shot 2017-03-23 at 21.50.34","attributes":{},"skip":false,"key":"1.4.4.1.2.1"},{"backlink":"practice/storage-for-containers-using-glusterfs-with-openshift.html#fig1.4.4.1.2.2","level":"1.4.4.1.2","list_caption":"Figure: Screen Shot 2017-03-24 at 11.09.34.png","alt":"Screen Shot 2017-03-24 at 11.09.34.png","nro":57,"url":"https://keithtenzer.files.wordpress.com/2017/03/screen-shot-2017-03-24-at-11-09-341.png?w=440","index":2,"caption_template":"图片 - _CAPTION_","label":"Screen Shot 2017-03-24 at 11.09.34.png","attributes":{},"skip":false,"key":"1.4.4.1.2.2"},{"backlink":"usecases/service-discovery-in-microservices.html#fig1.5.1.1.1","level":"1.5.1.1","list_caption":"Figure: 微服务中的服务发现","alt":"微服务中的服务发现","nro":58,"url":"../images/service-discovery-in-microservices.png","index":1,"caption_template":"图片 - _CAPTION_","label":"微服务中的服务发现","attributes":{},"skip":false,"key":"1.5.1.1.1"},{"backlink":"usecases/service-mesh.html#fig1.5.2.1","level":"1.5.2","list_caption":"Figure: Service Mesh 架构图","alt":"Service Mesh 架构图","nro":59,"url":"../images/serivce-mesh-control-plane.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Service Mesh 架构图","attributes":{},"skip":false,"key":"1.5.2.1"},{"backlink":"usecases/istio.html#fig1.5.2.1.1","level":"1.5.2.1","list_caption":"Figure: Istio架构图","alt":"Istio架构图","nro":60,"url":"../images/istio-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Istio架构图","attributes":{},"skip":false,"key":"1.5.2.1.1"},{"backlink":"usecases/istio-installation.html#fig1.5.2.1.1.1","level":"1.5.2.1.1","list_caption":"Figure: BookInfo Sample应用架构图","alt":"BookInfo Sample应用架构图","nro":61,"url":"../images/bookinfo-sample-arch.png","index":1,"caption_template":"图片 - _CAPTION_","label":"BookInfo Sample应用架构图","attributes":{},"skip":false,"key":"1.5.2.1.1.1"},{"backlink":"usecases/istio-installation.html#fig1.5.2.1.1.2","level":"1.5.2.1.1","list_caption":"Figure: BookInfo Sample页面","alt":"BookInfo Sample页面","nro":62,"url":"../images/bookinfo-sample.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"BookInfo Sample页面","attributes":{},"skip":false,"key":"1.5.2.1.1.2"},{"backlink":"usecases/istio-installation.html#fig1.5.2.1.1.3","level":"1.5.2.1.1","list_caption":"Figure: Istio Grafana界面","alt":"Istio Grafana界面","nro":63,"url":"../images/istio-grafana.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Istio Grafana界面","attributes":{},"skip":false,"key":"1.5.2.1.1.3"},{"backlink":"usecases/istio-installation.html#fig1.5.2.1.1.4","level":"1.5.2.1.1","list_caption":"Figure: Prometheus页面","alt":"Prometheus页面","nro":64,"url":"../images/istio-prometheus.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Prometheus页面","attributes":{},"skip":false,"key":"1.5.2.1.1.4"},{"backlink":"usecases/istio-installation.html#fig1.5.2.1.1.5","level":"1.5.2.1.1","list_caption":"Figure: Zipkin页面","alt":"Zipkin页面","nro":65,"url":"../images/istio-zipkin.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Zipkin页面","attributes":{},"skip":false,"key":"1.5.2.1.1.5"},{"backlink":"usecases/istio-installation.html#fig1.5.2.1.1.6","level":"1.5.2.1.1","list_caption":"Figure: ServiceGraph页面","alt":"ServiceGraph页面","nro":66,"url":"../images/istio-servicegraph.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"ServiceGraph页面","attributes":{},"skip":false,"key":"1.5.2.1.1.6"},{"backlink":"usecases/linkerd.html#fig1.5.2.2.1","level":"1.5.2.2","list_caption":"Figure: source https://linkerd.io","alt":"source https://linkerd.io","nro":67,"url":"https://linkerd.io/images/diagram-individual-instance.png","index":1,"caption_template":"图片 - _CAPTION_","label":"source https://linkerd.io","attributes":{},"skip":false,"key":"1.5.2.2.1"},{"backlink":"usecases/linkerd-user-guide.html#fig1.5.2.2.1.1","level":"1.5.2.2.1","list_caption":"Figure: Jenkins pipeline","alt":"Jenkins pipeline","nro":68,"url":"../images/linkerd-jenkins-pipeline.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Jenkins pipeline","attributes":{},"skip":false,"key":"1.5.2.2.1.1"},{"backlink":"usecases/linkerd-user-guide.html#fig1.5.2.2.1.2","level":"1.5.2.2.1","list_caption":"Figure: Jenkins config","alt":"Jenkins config","nro":69,"url":"../images/linkerd-jenkins.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Jenkins config","attributes":{},"skip":false,"key":"1.5.2.2.1.2"},{"backlink":"usecases/linkerd-user-guide.html#fig1.5.2.2.1.3","level":"1.5.2.2.1","list_caption":"Figure: namerd","alt":"namerd","nro":70,"url":"../images/namerd-internal.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"namerd","attributes":{},"skip":false,"key":"1.5.2.2.1.3"},{"backlink":"usecases/linkerd-user-guide.html#fig1.5.2.2.1.4","level":"1.5.2.2.1","list_caption":"Figure: linkerd监控","alt":"linkerd监控","nro":71,"url":"../images/linkerd-helloworld-outgoing.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"linkerd监控","attributes":{},"skip":false,"key":"1.5.2.2.1.4"},{"backlink":"usecases/linkerd-user-guide.html#fig1.5.2.2.1.5","level":"1.5.2.2.1","list_caption":"Figure: linkerd监控","alt":"linkerd监控","nro":72,"url":"../images/linkerd-helloworld-incoming.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"linkerd监控","attributes":{},"skip":false,"key":"1.5.2.2.1.5"},{"backlink":"usecases/linkerd-user-guide.html#fig1.5.2.2.1.6","level":"1.5.2.2.1","list_caption":"Figure: linkerd性能监控","alt":"linkerd性能监控","nro":73,"url":"../images/linkerd-grafana.png","index":6,"caption_template":"图片 - _CAPTION_","label":"linkerd性能监控","attributes":{},"skip":false,"key":"1.5.2.2.1.6"},{"backlink":"usecases/linkerd-user-guide.html#fig1.5.2.2.1.7","level":"1.5.2.2.1","list_caption":"Figure: Linkerd ingress controller","alt":"Linkerd ingress controller","nro":74,"url":"../images/linkerd-ingress-controller.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"Linkerd ingress controller","attributes":{},"skip":false,"key":"1.5.2.2.1.7"},{"backlink":"usecases/spark-standalone-on-kubernetes.html#fig1.5.3.1.1","level":"1.5.3.1","list_caption":"Figure: spark master ui","alt":"spark master ui","nro":75,"url":"../images/spark-ui.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"spark master ui","attributes":{},"skip":false,"key":"1.5.3.1.1"},{"backlink":"usecases/spark-standalone-on-kubernetes.html#fig1.5.3.1.2","level":"1.5.3.1","list_caption":"Figure: zeppelin ui","alt":"zeppelin ui","nro":76,"url":"../images/zeppelin-ui.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"zeppelin ui","attributes":{},"skip":false,"key":"1.5.3.1.2"},{"backlink":"develop/client-go-sample.html#fig1.6.3.1","level":"1.6.3","list_caption":"Figure: 使用kubernetes dashboard进行故障排查","alt":"使用kubernetes dashboard进行故障排查","nro":77,"url":"../images/kubernetes-client-go-sample-update.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"使用kubernetes dashboard进行故障排查","attributes":{},"skip":false,"key":"1.6.3.1"},{"backlink":"appendix/issues.html#fig1.7.2.1","level":"1.7.2","list_caption":"Figure: pvc-storage-limit","alt":"pvc-storage-limit","nro":78,"url":"../images/pvc-storage-limit.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"pvc-storage-limit","attributes":{},"skip":false,"key":"1.7.2.1"}]},"title":"Kubernetes Handbook","language":"zh-hans","links":{"sidebar":{"Home":"https://jimmysong.io"}},"gitbook":"*","description":"Kubernetes中文指南/实践手册"},"file":{"path":"practice/create-tls-and-secret-key.md","mtime":"2017-08-31T14:33:56.000Z","type":"markdown"},"gitbook":{"version":"3.2.2","time":"2017-10-13T17:24:47.063Z"},"basePath":"..","book":{"language":""}});
});
</script>
</div>
<script src="../gitbook/gitbook.js"></script>
<script src="../gitbook/theme.js"></script>
<script src="../gitbook/gitbook-plugin-github/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-splitter/splitter.js"></script>
<script src="../gitbook/gitbook-plugin-page-toc-button/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-editlink/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-back-to-top-button/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js"></script>
<script src="../gitbook/gitbook-plugin-search-plus/search.js"></script>
<script src="../gitbook/gitbook-plugin-github-buttons/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-3-ba/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-sharing/buttons.js"></script>
<script src="../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
</body>
</html>