kubernetes-handbook/practice/create-tls-and-secret-key.html

3242 lines
156 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE HTML>
<html lang="zh-hans" >
<head>
<meta charset="UTF-8">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>创建TLS证书和秘钥 · Kubernetes Handbook - jimmysong.io</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="description" content="">
<meta name="generator" content="GitBook 3.2.2">
<meta name="author" content="Jimmy Song">
<link rel="stylesheet" href="../gitbook/style.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-splitter/splitter.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-page-toc-button/plugin.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-image-captions/image-captions.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-back-to-top-button/plugin.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-search-plus/search.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-highlight/website.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-fontsettings/website.css">
<meta name="HandheldFriendly" content="true"/>
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
<link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
<link rel="next" href="create-kubeconfig.html" />
<link rel="prev" href="install-kubernetes-on-centos.html" />
<link rel="shortcut icon" href='../favicon.ico' type="image/x-icon">
<link rel="bookmark" href='../favicon.ico' type="image/x-icon">
<style>
@media only screen and (max-width: 640px) {
.book-header .hidden-mobile {
display: none;
}
}
</style>
<script>
window["gitbook-plugin-github-buttons"] = {"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"};
</script>
</head>
<body>
<div class="book">
<div class="book-summary">
<div id="book-search-input" role="search">
<input type="text" placeholder="输入并搜索" />
</div>
<nav role="navigation">
<ul class="summary">
<li>
<a href="https://jimmysong.io" target="_blank" class="custom-link">Jimmy Song</a>
</li>
<li class="divider"></li>
<li class="header">前言</li>
<li class="chapter " data-level="1.1" data-path="../">
<a href="../">
<b>1.1.</b>
序言
</a>
</li>
<li class="header">云原生</li>
<li class="chapter " data-level="2.1" data-path="../cloud-native/kubernetes-and-cloud-native-app-overview.html">
<a href="../cloud-native/kubernetes-and-cloud-native-app-overview.html">
<b>2.1.</b>
Kubernetes与云原生应用概览
</a>
</li>
<li class="chapter " data-level="2.2" data-path="../cloud-native/from-kubernetes-to-cloud-native.html">
<a href="../cloud-native/from-kubernetes-to-cloud-native.html">
<b>2.2.</b>
云原生应用之路——从Kubernetes到Cloud Native
</a>
</li>
<li class="header">概念与原理</li>
<li class="chapter " data-level="3.1" data-path="../concepts/">
<a href="../concepts/">
<b>3.1.</b>
Kubernetes架构
</a>
</li>
<li class="chapter " data-level="3.2" data-path="../concepts/concepts.html">
<a href="../concepts/concepts.html">
<b>3.2.</b>
设计理念
</a>
</li>
<li class="chapter " data-level="3.3" data-path="../concepts/objects.html">
<a href="../concepts/objects.html">
<b>3.3.</b>
资源对象与基本概念解析
</a>
<ul class="articles">
<li class="chapter " data-level="3.3.1" data-path="../concepts/pod-overview.html">
<a href="../concepts/pod-overview.html">
<b>3.3.1.</b>
Pod
</a>
<ul class="articles">
<li class="chapter " data-level="3.3.1.1" data-path="../concepts/pod.html">
<a href="../concepts/pod.html">
<b>3.3.1.1.</b>
Pod解析
</a>
</li>
<li class="chapter " data-level="3.3.1.2" data-path="../concepts/init-containers.html">
<a href="../concepts/init-containers.html">
<b>3.3.1.2.</b>
Init容器
</a>
</li>
<li class="chapter " data-level="3.3.1.3" data-path="../concepts/pod-security-policy.html">
<a href="../concepts/pod-security-policy.html">
<b>3.3.1.3.</b>
Pod安全策略
</a>
</li>
<li class="chapter " data-level="3.3.1.4" data-path="../concepts/pod-lifecycle.html">
<a href="../concepts/pod-lifecycle.html">
<b>3.3.1.4.</b>
Pod的生命周期
</a>
</li>
<li class="chapter " data-level="3.3.1.5" data-path="../concepts/pod-hook.html">
<a href="../concepts/pod-hook.html">
<b>3.3.1.5.</b>
Pod Hook
</a>
</li>
<li class="chapter " data-level="3.3.1.6" data-path="../concepts/pod-preset.html">
<a href="../concepts/pod-preset.html">
<b>3.3.1.6.</b>
Pod Preset
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="3.3.2" data-path="../concepts/node.html">
<a href="../concepts/node.html">
<b>3.3.2.</b>
Node
</a>
</li>
<li class="chapter " data-level="3.3.3" data-path="../concepts/namespace.html">
<a href="../concepts/namespace.html">
<b>3.3.3.</b>
Namespace
</a>
</li>
<li class="chapter " data-level="3.3.4" data-path="../concepts/service.html">
<a href="../concepts/service.html">
<b>3.3.4.</b>
Service
</a>
</li>
<li class="chapter " data-level="3.3.5" data-path="../concepts/volume.html">
<a href="../concepts/volume.html">
<b>3.3.5.</b>
Volume和Persistent Volume
</a>
</li>
<li class="chapter " data-level="3.3.6" data-path="../concepts/deployment.html">
<a href="../concepts/deployment.html">
<b>3.3.6.</b>
Deployment
</a>
</li>
<li class="chapter " data-level="3.3.7" data-path="../concepts/secret.html">
<a href="../concepts/secret.html">
<b>3.3.7.</b>
Secret
</a>
</li>
<li class="chapter " data-level="3.3.8" data-path="../concepts/statefulset.html">
<a href="../concepts/statefulset.html">
<b>3.3.8.</b>
StatefulSet
</a>
</li>
<li class="chapter " data-level="3.3.9" data-path="../concepts/daemonset.html">
<a href="../concepts/daemonset.html">
<b>3.3.9.</b>
DaemonSet
</a>
</li>
<li class="chapter " data-level="3.3.10" data-path="../concepts/serviceaccount.html">
<a href="../concepts/serviceaccount.html">
<b>3.3.10.</b>
ServiceAccount
</a>
</li>
<li class="chapter " data-level="3.3.11" data-path="../concepts/replicaset.html">
<a href="../concepts/replicaset.html">
<b>3.3.11.</b>
ReplicationController和ReplicaSet
</a>
</li>
<li class="chapter " data-level="3.3.12" data-path="../concepts/job.html">
<a href="../concepts/job.html">
<b>3.3.12.</b>
Job
</a>
</li>
<li class="chapter " data-level="3.3.13" data-path="../concepts/cronjob.html">
<a href="../concepts/cronjob.html">
<b>3.3.13.</b>
CronJob
</a>
</li>
<li class="chapter " data-level="3.3.14" data-path="../concepts/ingress.html">
<a href="../concepts/ingress.html">
<b>3.3.14.</b>
Ingress
</a>
<ul class="articles">
<li class="chapter " data-level="3.3.14.1" data-path="../concepts/traefik-ingress-controller.html">
<a href="../concepts/traefik-ingress-controller.html">
<b>3.3.14.1.</b>
Traefik Ingress Controller
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="3.3.15" data-path="../concepts/configmap.html">
<a href="../concepts/configmap.html">
<b>3.3.15.</b>
ConfigMap
</a>
<ul class="articles">
<li class="chapter " data-level="3.3.15.1" data-path="../concepts/configmap-hot-update.html">
<a href="../concepts/configmap-hot-update.html">
<b>3.3.15.1.</b>
ConfigMap的热更新
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="3.3.16" data-path="../concepts/horizontal-pod-autoscaling.html">
<a href="../concepts/horizontal-pod-autoscaling.html">
<b>3.3.16.</b>
Horizontal Pod Autoscaling
</a>
<ul class="articles">
<li class="chapter " data-level="3.3.16.1" data-path="../concepts/custom-metrics-hpa.html">
<a href="../concepts/custom-metrics-hpa.html">
<b>3.3.16.1.</b>
自定义指标HPA
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="3.3.17" data-path="../concepts/label.html">
<a href="../concepts/label.html">
<b>3.3.17.</b>
Label
</a>
</li>
<li class="chapter " data-level="3.3.18" data-path="../concepts/garbage-collection.html">
<a href="../concepts/garbage-collection.html">
<b>3.3.18.</b>
垃圾收集
</a>
</li>
<li class="chapter " data-level="3.3.19" data-path="../concepts/network-policy.html">
<a href="../concepts/network-policy.html">
<b>3.3.19.</b>
NetworkPolicy
</a>
</li>
<li class="chapter " data-level="3.3.20" data-path="../concepts/annotation.html">
<a href="../concepts/annotation.html">
<b>3.3.20.</b>
Annotation
</a>
</li>
<li class="chapter " data-level="3.3.21" data-path="../concepts/aggregated-api-server.html">
<a href="../concepts/aggregated-api-server.html">
<b>3.3.21.</b>
Aggregated API Server
</a>
</li>
<li class="chapter " data-level="3.3.22" data-path="../concepts/custom-resource.html">
<a href="../concepts/custom-resource.html">
<b>3.3.22.</b>
使用自定义资源扩展API
</a>
</li>
<li class="chapter " data-level="3.3.23" data-path="../concepts/apiservice.html">
<a href="../concepts/apiservice.html">
<b>3.3.23.</b>
APIService
</a>
</li>
</ul>
</li>
<li class="header">用户指南</li>
<li class="chapter " data-level="4.1" data-path="../guide/">
<a href="../guide/">
<b>4.1.</b>
用户指南
</a>
</li>
<li class="chapter " data-level="4.2" data-path="../guide/resource-configuration.html">
<a href="../guide/resource-configuration.html">
<b>4.2.</b>
资源对象配置
</a>
<ul class="articles">
<li class="chapter " data-level="4.2.1" data-path="../guide/configure-liveness-readiness-probes.html">
<a href="../guide/configure-liveness-readiness-probes.html">
<b>4.2.1.</b>
配置Pod的liveness和readiness探针
</a>
</li>
<li class="chapter " data-level="4.2.2" data-path="../guide/configure-pod-service-account.html">
<a href="../guide/configure-pod-service-account.html">
<b>4.2.2.</b>
配置Pod的Service Account
</a>
</li>
<li class="chapter " data-level="4.2.3" data-path="../guide/secret-configuration.html">
<a href="../guide/secret-configuration.html">
<b>4.2.3.</b>
Secret配置
</a>
</li>
<li class="chapter " data-level="4.2.4" data-path="../guide/resource-quota-management.html">
<a href="../guide/resource-quota-management.html">
<b>4.2.4.</b>
管理namespace中的资源配额
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.3" data-path="../guide/command-usage.html">
<a href="../guide/command-usage.html">
<b>4.3.</b>
命令使用
</a>
<ul class="articles">
<li class="chapter " data-level="4.3.1" data-path="../guide/docker-cli-to-kubectl.html">
<a href="../guide/docker-cli-to-kubectl.html">
<b>4.3.1.</b>
docker用户过度到kubectl命令行指南
</a>
</li>
<li class="chapter " data-level="4.3.2" data-path="../guide/using-kubectl.html">
<a href="../guide/using-kubectl.html">
<b>4.3.2.</b>
kubectl命令概览
</a>
</li>
<li class="chapter " data-level="4.3.3" data-path="../guide/kubectl-cheatsheet.html">
<a href="../guide/kubectl-cheatsheet.html">
<b>4.3.3.</b>
kubectl命令技巧大全
</a>
</li>
<li class="chapter " data-level="4.3.4" data-path="../guide/using-etcdctl-to-access-kubernetes-data.html">
<a href="../guide/using-etcdctl-to-access-kubernetes-data.html">
<b>4.3.4.</b>
使用etcdctl访问kubernetes数据
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.4" data-path="../guide/cluster-security-management.html">
<a href="../guide/cluster-security-management.html">
<b>4.4.</b>
集群安全性管理
</a>
<ul class="articles">
<li class="chapter " data-level="4.4.1" data-path="../guide/managing-tls-in-a-cluster.html">
<a href="../guide/managing-tls-in-a-cluster.html">
<b>4.4.1.</b>
管理集群中的TLS
</a>
</li>
<li class="chapter " data-level="4.4.2" data-path="../guide/kubelet-authentication-authorization.html">
<a href="../guide/kubelet-authentication-authorization.html">
<b>4.4.2.</b>
kubelet的认证授权
</a>
</li>
<li class="chapter " data-level="4.4.3" data-path="../guide/tls-bootstrapping.html">
<a href="../guide/tls-bootstrapping.html">
<b>4.4.3.</b>
TLS bootstrap
</a>
</li>
<li class="chapter " data-level="4.4.4" data-path="../guide/kubectl-user-authentication-authorization.html">
<a href="../guide/kubectl-user-authentication-authorization.html">
<b>4.4.4.</b>
创建用户认证授权的kubeconfig文件
</a>
</li>
<li class="chapter " data-level="4.4.5" data-path="../guide/rbac.html">
<a href="../guide/rbac.html">
<b>4.4.5.</b>
RBAC——基于角色的访问控制
</a>
</li>
<li class="chapter " data-level="4.4.6" data-path="../guide/ip-masq-agent.html">
<a href="../guide/ip-masq-agent.html">
<b>4.4.6.</b>
IP伪装代理
</a>
</li>
<li class="chapter " data-level="4.4.7" data-path="../guide/auth-with-kubeconfig-or-token.html">
<a href="../guide/auth-with-kubeconfig-or-token.html">
<b>4.4.7.</b>
使用kubeconfig或token进行用户身份认证
</a>
</li>
<li class="chapter " data-level="4.4.8" data-path="../guide/authentication.html">
<a href="../guide/authentication.html">
<b>4.4.8.</b>
Kubernetes中的用户与身份认证授权
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.5" data-path="../guide/access-kubernetes-cluster.html">
<a href="../guide/access-kubernetes-cluster.html">
<b>4.5.</b>
访问Kubernetes集群
</a>
<ul class="articles">
<li class="chapter " data-level="4.5.1" data-path="../guide/access-cluster.html">
<a href="../guide/access-cluster.html">
<b>4.5.1.</b>
访问集群
</a>
</li>
<li class="chapter " data-level="4.5.2" data-path="../guide/authenticate-across-clusters-kubeconfig.html">
<a href="../guide/authenticate-across-clusters-kubeconfig.html">
<b>4.5.2.</b>
使用kubeconfig文件配置跨集群认证
</a>
</li>
<li class="chapter " data-level="4.5.3" data-path="../guide/connecting-to-applications-port-forward.html">
<a href="../guide/connecting-to-applications-port-forward.html">
<b>4.5.3.</b>
通过端口转发访问集群中的应用程序
</a>
</li>
<li class="chapter " data-level="4.5.4" data-path="../guide/service-access-application-cluster.html">
<a href="../guide/service-access-application-cluster.html">
<b>4.5.4.</b>
使用service访问群集中的应用程序
</a>
</li>
<li class="chapter " data-level="4.5.5" data-path="../guide/accessing-kubernetes-pods-from-outside-of-the-cluster.html">
<a href="../guide/accessing-kubernetes-pods-from-outside-of-the-cluster.html">
<b>4.5.5.</b>
从外部访问Kubernetes中的Pod
</a>
</li>
<li class="chapter " data-level="4.5.6" data-path="../guide/carbin-mobile-dashboard-for-kubernetes.html">
<a href="../guide/carbin-mobile-dashboard-for-kubernetes.html">
<b>4.5.6.</b>
Carbin - Kubernetes手机客户端
</a>
</li>
<li class="chapter " data-level="4.5.7" data-path="../guide/kubernetes-desktop-client.html">
<a href="../guide/kubernetes-desktop-client.html">
<b>4.5.7.</b>
Kubernetic - Kubernetes桌面客户端
</a>
</li>
<li class="chapter " data-level="4.5.8" data-path="../guide/kubernator-kubernetes-ui.html">
<a href="../guide/kubernator-kubernetes-ui.html">
<b>4.5.8.</b>
Kubernator - 更底层的Kubernetes UI
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.6" data-path="../guide/application-development-deployment-flow.html">
<a href="../guide/application-development-deployment-flow.html">
<b>4.6.</b>
在Kubernetes中开发部署应用
</a>
<ul class="articles">
<li class="chapter " data-level="4.6.1" data-path="../guide/deploy-applications-in-kubernetes.html">
<a href="../guide/deploy-applications-in-kubernetes.html">
<b>4.6.1.</b>
适用于kubernetes的应用开发部署流程
</a>
</li>
<li class="chapter " data-level="4.6.2" data-path="../guide/migrating-hadoop-yarn-to-kubernetes.html">
<a href="../guide/migrating-hadoop-yarn-to-kubernetes.html">
<b>4.6.2.</b>
迁移传统应用到Kubernetes中——以Hadoop YARN为例
</a>
</li>
<li class="chapter " data-level="4.6.3" data-path="../guide/using-statefulset.html">
<a href="../guide/using-statefulset.html">
<b>4.6.3.</b>
使用StatefulSet部署用状态应用
</a>
</li>
</ul>
</li>
<li class="header">最佳实践</li>
<li class="chapter " data-level="5.1" data-path="./">
<a href="./">
<b>5.1.</b>
最佳实践概览
</a>
</li>
<li class="chapter " data-level="5.2" data-path="install-kubernetes-on-centos.html">
<a href="install-kubernetes-on-centos.html">
<b>5.2.</b>
在CentOS上部署Kubernetes集群
</a>
<ul class="articles">
<li class="chapter active" data-level="5.2.1" data-path="create-tls-and-secret-key.html">
<a href="create-tls-and-secret-key.html">
<b>5.2.1.</b>
创建TLS证书和秘钥
</a>
</li>
<li class="chapter " data-level="5.2.2" data-path="create-kubeconfig.html">
<a href="create-kubeconfig.html">
<b>5.2.2.</b>
创建kubeconfig文件
</a>
</li>
<li class="chapter " data-level="5.2.3" data-path="etcd-cluster-installation.html">
<a href="etcd-cluster-installation.html">
<b>5.2.3.</b>
创建高可用etcd集群
</a>
</li>
<li class="chapter " data-level="5.2.4" data-path="kubectl-installation.html">
<a href="kubectl-installation.html">
<b>5.2.4.</b>
安装kubectl命令行工具
</a>
</li>
<li class="chapter " data-level="5.2.5" data-path="master-installation.html">
<a href="master-installation.html">
<b>5.2.5.</b>
部署master节点
</a>
</li>
<li class="chapter " data-level="5.2.6" data-path="flannel-installation.html">
<a href="flannel-installation.html">
<b>5.2.6.</b>
安装flannel网络插件
</a>
</li>
<li class="chapter " data-level="5.2.7" data-path="node-installation.html">
<a href="node-installation.html">
<b>5.2.7.</b>
部署node节点
</a>
</li>
<li class="chapter " data-level="5.2.8" data-path="kubedns-addon-installation.html">
<a href="kubedns-addon-installation.html">
<b>5.2.8.</b>
安装kubedns插件
</a>
</li>
<li class="chapter " data-level="5.2.9" data-path="dashboard-addon-installation.html">
<a href="dashboard-addon-installation.html">
<b>5.2.9.</b>
安装dashboard插件
</a>
</li>
<li class="chapter " data-level="5.2.10" data-path="heapster-addon-installation.html">
<a href="heapster-addon-installation.html">
<b>5.2.10.</b>
安装heapster插件
</a>
</li>
<li class="chapter " data-level="5.2.11" data-path="efk-addon-installation.html">
<a href="efk-addon-installation.html">
<b>5.2.11.</b>
安装EFK插件
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="5.3" data-path="service-discovery-and-loadbalancing.html">
<a href="service-discovery-and-loadbalancing.html">
<b>5.3.</b>
服务发现与负载均衡
</a>
<ul class="articles">
<li class="chapter " data-level="5.3.1" data-path="traefik-ingress-installation.html">
<a href="traefik-ingress-installation.html">
<b>5.3.1.</b>
安装Traefik ingress
</a>
</li>
<li class="chapter " data-level="5.3.2" data-path="distributed-load-test.html">
<a href="distributed-load-test.html">
<b>5.3.2.</b>
分布式负载测试
</a>
</li>
<li class="chapter " data-level="5.3.3" data-path="network-and-cluster-perfermance-test.html">
<a href="network-and-cluster-perfermance-test.html">
<b>5.3.3.</b>
网络和集群性能测试
</a>
</li>
<li class="chapter " data-level="5.3.4" data-path="edge-node-configuration.html">
<a href="edge-node-configuration.html">
<b>5.3.4.</b>
边缘节点配置
</a>
</li>
<li class="chapter " data-level="5.3.5" data-path="nginx-ingress-installation.html">
<a href="nginx-ingress-installation.html">
<b>5.3.5.</b>
安装Nginx ingress
</a>
</li>
<li class="chapter " data-level="5.3.6" data-path="configuring-dns.html">
<a href="configuring-dns.html">
<b>5.3.6.</b>
配置DNS
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="5.4" data-path="operation.html">
<a href="operation.html">
<b>5.4.</b>
运维管理
</a>
<ul class="articles">
<li class="chapter " data-level="5.4.1" data-path="service-rolling-update.html">
<a href="service-rolling-update.html">
<b>5.4.1.</b>
服务滚动升级
</a>
</li>
<li class="chapter " data-level="5.4.2" data-path="app-log-collection.html">
<a href="app-log-collection.html">
<b>5.4.2.</b>
应用日志收集
</a>
</li>
<li class="chapter " data-level="5.4.3" data-path="configuration-best-practice.html">
<a href="configuration-best-practice.html">
<b>5.4.3.</b>
配置最佳实践
</a>
</li>
<li class="chapter " data-level="5.4.4" data-path="monitor.html">
<a href="monitor.html">
<b>5.4.4.</b>
集群及应用监控
</a>
</li>
<li class="chapter " data-level="5.4.5" data-path="data-persistence-problem.html">
<a href="data-persistence-problem.html">
<b>5.4.5.</b>
数据持久化问题
</a>
</li>
<li class="chapter " data-level="5.4.6" data-path="manage-compute-resources-container.html">
<a href="manage-compute-resources-container.html">
<b>5.4.6.</b>
管理容器的计算资源
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="5.5" data-path="storage.html">
<a href="storage.html">
<b>5.5.</b>
存储管理
</a>
<ul class="articles">
<li class="chapter " data-level="5.5.1" data-path="glusterfs.html">
<a href="glusterfs.html">
<b>5.5.1.</b>
GlusterFS
</a>
<ul class="articles">
<li class="chapter " data-level="5.5.1.1" data-path="using-glusterfs-for-persistent-storage.html">
<a href="using-glusterfs-for-persistent-storage.html">
<b>5.5.1.1.</b>
使用GlusterFS做持久化存储
</a>
</li>
<li class="chapter " data-level="5.5.1.2" data-path="storage-for-containers-using-glusterfs-with-openshift.html">
<a href="storage-for-containers-using-glusterfs-with-openshift.html">
<b>5.5.1.2.</b>
在OpenShift中使用GlusterFS做持久化存储
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="5.5.2" data-path="cephfs.html">
<a href="cephfs.html">
<b>5.5.2.</b>
CephFS
</a>
<ul class="articles">
<li class="chapter " data-level="5.5.2.1" data-path="using-ceph-for-persistent-storage.html">
<a href="using-ceph-for-persistent-storage.html">
<b>5.5.2.1.</b>
使用Ceph做持久化存储
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="5.6" data-path="monitoring.html">
<a href="monitoring.html">
<b>5.6.</b>
集群与应用监控
</a>
<ul class="articles">
<li class="chapter " data-level="5.6.1" data-path="heapster.html">
<a href="heapster.html">
<b>5.6.1.</b>
Heapster
</a>
<ul class="articles">
<li class="chapter " data-level="5.6.1.1" data-path="using-heapster-to-get-object-metrics.html">
<a href="using-heapster-to-get-object-metrics.html">
<b>5.6.1.1.</b>
使用Heapster获取集群和对象的metric数据
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="5.6.2" data-path="prometheus.html">
<a href="prometheus.html">
<b>5.6.2.</b>
Prometheus
</a>
<ul class="articles">
<li class="chapter " data-level="5.6.2.1" data-path="using-prometheus-to-monitor-kuberentes-cluster.html">
<a href="using-prometheus-to-monitor-kuberentes-cluster.html">
<b>5.6.2.1.</b>
使用Prometheus监控kubernetes集群
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="5.7" data-path="services-management-tool.html">
<a href="services-management-tool.html">
<b>5.7.</b>
服务编排管理
</a>
<ul class="articles">
<li class="chapter " data-level="5.7.1" data-path="helm.html">
<a href="helm.html">
<b>5.7.1.</b>
使用Helm管理kubernetes应用
</a>
</li>
<li class="chapter " data-level="5.7.2" data-path="create-private-charts-repo.html">
<a href="create-private-charts-repo.html">
<b>5.7.2.</b>
构建私有Chart仓库
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="5.8" data-path="ci-cd.html">
<a href="ci-cd.html">
<b>5.8.</b>
持续集成与发布
</a>
<ul class="articles">
<li class="chapter " data-level="5.8.1" data-path="jenkins-ci-cd.html">
<a href="jenkins-ci-cd.html">
<b>5.8.1.</b>
使用Jenkins进行持续集成与发布
</a>
</li>
<li class="chapter " data-level="5.8.2" data-path="drone-ci-cd.html">
<a href="drone-ci-cd.html">
<b>5.8.2.</b>
使用Drone进行持续集成与发布
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="5.9" data-path="update-and-upgrade.html">
<a href="update-and-upgrade.html">
<b>5.9.</b>
更新与升级
</a>
<ul class="articles">
<li class="chapter " data-level="5.9.1" data-path="manually-upgrade.html">
<a href="manually-upgrade.html">
<b>5.9.1.</b>
手动升级Kubernetes集群
</a>
</li>
<li class="chapter " data-level="5.9.2" data-path="dashboard-upgrade.html">
<a href="dashboard-upgrade.html">
<b>5.9.2.</b>
升级dashboard
</a>
</li>
</ul>
</li>
<li class="header">领域应用</li>
<li class="chapter " data-level="6.1" data-path="../usecases/">
<a href="../usecases/">
<b>6.1.</b>
领域应用概览
</a>
</li>
<li class="chapter " data-level="6.2" data-path="../usecases/microservices.html">
<a href="../usecases/microservices.html">
<b>6.2.</b>
微服务架构
</a>
<ul class="articles">
<li class="chapter " data-level="6.2.1" data-path="../usecases/service-discovery-in-microservices.html">
<a href="../usecases/service-discovery-in-microservices.html">
<b>6.2.1.</b>
微服务中的服务发现
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="6.3" data-path="../usecases/service-mesh.html">
<a href="../usecases/service-mesh.html">
<b>6.3.</b>
Service Mesh 服务网格
</a>
<ul class="articles">
<li class="chapter " data-level="6.3.1" data-path="../usecases/istio.html">
<a href="../usecases/istio.html">
<b>6.3.1.</b>
Istio
</a>
<ul class="articles">
<li class="chapter " data-level="6.3.1.1" data-path="../usecases/istio-installation.html">
<a href="../usecases/istio-installation.html">
<b>6.3.1.1.</b>
安装并试用Istio service mesh
</a>
</li>
<li class="chapter " data-level="6.3.1.2" data-path="../usecases/configuring-request-routing.html">
<a href="../usecases/configuring-request-routing.html">
<b>6.3.1.2.</b>
配置请求的路由规则
</a>
</li>
<li class="chapter " data-level="6.3.1.3" data-path="../usecases/install-and-expand-istio-mesh.html">
<a href="../usecases/install-and-expand-istio-mesh.html">
<b>6.3.1.3.</b>
安装和拓展Istio service mesh
</a>
</li>
<li class="chapter " data-level="6.3.1.4" data-path="../usecases/integrating-vms.html">
<a href="../usecases/integrating-vms.html">
<b>6.3.1.4.</b>
集成虚拟机
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="6.3.2" data-path="../usecases/linkerd.html">
<a href="../usecases/linkerd.html">
<b>6.3.2.</b>
Linkerd
</a>
<ul class="articles">
<li class="chapter " data-level="6.3.2.1" data-path="../usecases/linkerd-user-guide.html">
<a href="../usecases/linkerd-user-guide.html">
<b>6.3.2.1.</b>
Linkerd 使用指南
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="6.3.3" data-path="../usecases/conduit.html">
<a href="../usecases/conduit.html">
<b>6.3.3.</b>
Conduit
</a>
<ul class="articles">
<li class="chapter " data-level="6.3.3.1" data-path="../usecases/conduit-overview.html">
<a href="../usecases/conduit-overview.html">
<b>6.3.3.1.</b>
Condiut概览
</a>
</li>
<li class="chapter " data-level="6.3.3.2" data-path="../usecases/conduit-installation.html">
<a href="../usecases/conduit-installation.html">
<b>6.3.3.2.</b>
安装Conduit
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="6.4" data-path="../usecases/big-data.html">
<a href="../usecases/big-data.html">
<b>6.4.</b>
大数据
</a>
<ul class="articles">
<li class="chapter " data-level="6.4.1" data-path="../usecases/spark-standalone-on-kubernetes.html">
<a href="../usecases/spark-standalone-on-kubernetes.html">
<b>6.4.1.</b>
Spark standalone on Kubernetes
</a>
</li>
<li class="chapter " data-level="6.4.2" data-path="../usecases/running-spark-with-kubernetes-native-scheduler.html">
<a href="../usecases/running-spark-with-kubernetes-native-scheduler.html">
<b>6.4.2.</b>
运行支持Kubernetes原生调度的Spark程序
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="6.5" data-path="../usecases/serverless.html">
<a href="../usecases/serverless.html">
<b>6.5.</b>
Serverless架构
</a>
<ul class="articles">
<li class="chapter " data-level="6.5.1" data-path="../usecases/understanding-serverless.html">
<a href="../usecases/understanding-serverless.html">
<b>6.5.1.</b>
理解Serverless
</a>
</li>
<li class="chapter " data-level="6.5.2" data-path="../usecases/faas.html">
<a href="../usecases/faas.html">
<b>6.5.2.</b>
FaaS-函数即服务
</a>
<ul class="articles">
<li class="chapter " data-level="6.5.2.1" data-path="../usecases/openfaas-quick-start.html">
<a href="../usecases/openfaas-quick-start.html">
<b>6.5.2.1.</b>
OpenFaaS快速入门指南
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="6.6" data-path="../usecases/edge-computing.html">
<a href="../usecases/edge-computing.html">
<b>6.6.</b>
边缘计算
</a>
</li>
<li class="header">开发指南</li>
<li class="chapter " data-level="7.1" data-path="../develop/">
<a href="../develop/">
<b>7.1.</b>
开发指南概览
</a>
</li>
<li class="chapter " data-level="7.2" data-path="../develop/sigs-and-working-group.html">
<a href="../develop/sigs-and-working-group.html">
<b>7.2.</b>
SIG和工作组
</a>
</li>
<li class="chapter " data-level="7.3" data-path="../develop/developing-environment.html">
<a href="../develop/developing-environment.html">
<b>7.3.</b>
开发环境搭建
</a>
</li>
<li class="chapter " data-level="7.4" data-path="../develop/testing.html">
<a href="../develop/testing.html">
<b>7.4.</b>
单元测试和集成测试
</a>
</li>
<li class="chapter " data-level="7.5" data-path="../develop/client-go-sample.html">
<a href="../develop/client-go-sample.html">
<b>7.5.</b>
client-go示例
</a>
</li>
<li class="chapter " data-level="7.6" data-path="../develop/contribute.html">
<a href="../develop/contribute.html">
<b>7.6.</b>
社区贡献
</a>
</li>
<li class="chapter " data-level="7.7" data-path="../develop/minikube.html">
<a href="../develop/minikube.html">
<b>7.7.</b>
Minikube
</a>
</li>
<li class="header">附录</li>
<li class="chapter " data-level="8.1" data-path="../appendix/">
<a href="../appendix/">
<b>8.1.</b>
附录说明
</a>
</li>
<li class="chapter " data-level="8.2" data-path="../appendix/debug-kubernetes-services.html">
<a href="../appendix/debug-kubernetes-services.html">
<b>8.2.</b>
Kubernetes中的应用故障排查
</a>
</li>
<li class="chapter " data-level="8.3" data-path="../appendix/material-share.html">
<a href="../appendix/material-share.html">
<b>8.3.</b>
Kubernetes相关资讯和情报链接
</a>
</li>
<li class="chapter " data-level="8.4" data-path="../appendix/docker-best-practice.html">
<a href="../appendix/docker-best-practice.html">
<b>8.4.</b>
Docker最佳实践
</a>
</li>
<li class="chapter " data-level="8.5" data-path="../appendix/tricks.html">
<a href="../appendix/tricks.html">
<b>8.5.</b>
使用技巧
</a>
</li>
<li class="chapter " data-level="8.6" data-path="../appendix/issues.html">
<a href="../appendix/issues.html">
<b>8.6.</b>
问题记录
</a>
</li>
<li class="chapter " data-level="8.7" data-path="../appendix/kubernetes-changelog.html">
<a href="../appendix/kubernetes-changelog.html">
<b>8.7.</b>
Kubernetes版本更新日志
</a>
<ul class="articles">
<li class="chapter " data-level="8.7.1" data-path="../appendix/kubernetes-1.7-changelog.html">
<a href="../appendix/kubernetes-1.7-changelog.html">
<b>8.7.1.</b>
Kubernetes1.7更新日志
</a>
</li>
<li class="chapter " data-level="8.7.2" data-path="../appendix/kubernetes-1.8-changelog.html">
<a href="../appendix/kubernetes-1.8-changelog.html">
<b>8.7.2.</b>
Kubernetes1.8更新日志
</a>
</li>
<li class="chapter " data-level="8.7.3" data-path="../appendix/kubernetes-1.9-changelog.html">
<a href="../appendix/kubernetes-1.9-changelog.html">
<b>8.7.3.</b>
Kubernetes1.9更新日志
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="8.8" data-path="../appendix/summary-and-outlook.html">
<a href="../appendix/summary-and-outlook.html">
<b>8.8.</b>
Kubernetes及云原生年度总结及展望
</a>
<ul class="articles">
<li class="chapter " data-level="8.8.1" data-path="../appendix/kubernetes-and-cloud-native-summary-in-2017-and-outlook-for-2018.html">
<a href="../appendix/kubernetes-and-cloud-native-summary-in-2017-and-outlook-for-2018.html">
<b>8.8.1.</b>
Kubernetes与云原生2017年年终总结及2018年展望
</a>
</li>
</ul>
</li>
<li class="divider"></li>
<li>
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
本书使用 GitBook 发布
</a>
</li>
</ul>
</nav>
</div>
<div class="book-body">
<div class="body-inner">
<div class="book-header" role="navigation">
<!-- Title -->
<h1>
<i class="fa fa-circle-o-notch fa-spin"></i>
<a href=".." >创建TLS证书和秘钥</a>
</h1>
</div>
<div class="page-wrapper" tabindex="-1" role="main">
<div class="page-inner">
<div class="search-plus" id="book-search-results">
<div class="search-noresults">
<section class="normal markdown-section">
<h1 id="&#x521B;&#x5EFA;tls&#x8BC1;&#x4E66;&#x548C;&#x79D8;&#x94A5;">&#x521B;&#x5EFA;TLS&#x8BC1;&#x4E66;&#x548C;&#x79D8;&#x94A5;</h1>
<h2 id="&#x524D;&#x8A00;">&#x524D;&#x8A00;</h2>
<p>&#x6267;&#x884C;&#x4E0B;&#x5217;&#x6B65;&#x9AA4;&#x524D;&#x5EFA;&#x8BAE;&#x4F60;&#x5148;&#x9605;&#x8BFB;&#x4EE5;&#x4E0B;&#x5185;&#x5BB9;&#xFF1A;</p>
<ul>
<li><a href="../guide/managing-tls-in-a-cluster.html">&#x7BA1;&#x7406;&#x96C6;&#x7FA4;&#x4E2D;&#x7684;TLS</a>&#xFF1A;&#x6559;&#x60A8;&#x5982;&#x4F55;&#x521B;&#x5EFA;TLS&#x8BC1;&#x4E66;</li>
<li><a href="../guide/kubelet-authentication-authorization.html">kubelet&#x7684;&#x8BA4;&#x8BC1;&#x6388;&#x6743;</a>&#xFF1A;&#x5411;&#x60A8;&#x63CF;&#x8FF0;&#x5982;&#x4F55;&#x901A;&#x8FC7;&#x8BA4;&#x8BC1;&#x6388;&#x6743;&#x6765;&#x8BBF;&#x95EE; kubelet &#x7684; HTTPS &#x7AEF;&#x70B9;&#x3002;</li>
<li><a href="../guide/tls-bootstrapping.html">TLS bootstrap</a>&#xFF1A;&#x4ECB;&#x7ECD;&#x5982;&#x4F55;&#x4E3A; kubelet &#x8BBE;&#x7F6E; TLS &#x5BA2;&#x6237;&#x7AEF;&#x8BC1;&#x4E66;&#x5F15;&#x5BFC;&#xFF08;bootstrap&#xFF09;&#x3002;</li>
</ul>
<p><strong>&#x6CE8;&#x610F;</strong>&#xFF1A;&#x8FD9;&#x4E00;&#x6B65;&#x662F;&#x5728;&#x5B89;&#x88C5;&#x914D;&#x7F6E;kubernetes&#x7684;&#x6240;&#x6709;&#x6B65;&#x9AA4;&#x4E2D;&#x6700;&#x5BB9;&#x6613;&#x51FA;&#x9519;&#x4E5F;&#x6700;&#x96BE;&#x4E8E;&#x6392;&#x67E5;&#x95EE;&#x9898;&#x7684;&#x4E00;&#x6B65;&#xFF0C;&#x800C;&#x8FD9;&#x5374;&#x521A;&#x597D;&#x662F;&#x7B2C;&#x4E00;&#x6B65;&#xFF0C;&#x4E07;&#x4E8B;&#x5F00;&#x5934;&#x96BE;&#xFF0C;&#x4E0D;&#x8981;&#x56E0;&#x4E3A;&#x8FD9;&#x70B9;&#x56F0;&#x96BE;&#x5C31;&#x671B;&#x800C;&#x5374;&#x6B65;&#x3002;</p>
<p><strong>&#x5982;&#x679C;&#x60A8;&#x8DB3;&#x591F;&#x6709;&#x4FE1;&#x5FC3;&#x5728;&#x5B8C;&#x5168;&#x4E0D;&#x4E86;&#x89E3;&#x81EA;&#x5DF1;&#x5728;&#x505A;&#x4EC0;&#x4E48;&#x7684;&#x60C5;&#x51B5;&#x4E0B;&#x80FD;&#x591F;&#x6210;&#x529F;&#x5730;&#x5B8C;&#x6210;&#x4E86;&#x8FD9;&#x4E00;&#x6B65;&#x7684;&#x914D;&#x7F6E;&#xFF0C;&#x90A3;&#x4E48;&#x60A8;&#x53EF;&#x4EE5;&#x5C3D;&#x7BA1;&#x8DF3;&#x8FC7;&#x4E0A;&#x9762;&#x7684;&#x51E0;&#x7BC7;&#x6587;&#x7AE0;&#x76F4;&#x63A5;&#x8FDB;&#x884C;&#x4E0B;&#x9762;&#x7684;&#x64CD;&#x4F5C;&#x3002;</strong></p>
<p><code>kubernetes</code> &#x7CFB;&#x7EDF;&#x7684;&#x5404;&#x7EC4;&#x4EF6;&#x9700;&#x8981;&#x4F7F;&#x7528; <code>TLS</code> &#x8BC1;&#x4E66;&#x5BF9;&#x901A;&#x4FE1;&#x8FDB;&#x884C;&#x52A0;&#x5BC6;&#xFF0C;&#x672C;&#x6587;&#x6863;&#x4F7F;&#x7528; <code>CloudFlare</code> &#x7684; PKI &#x5DE5;&#x5177;&#x96C6; <a href="https://github.com/cloudflare/cfssl" target="_blank">cfssl</a> &#x6765;&#x751F;&#x6210; Certificate Authority (CA) &#x548C;&#x5176;&#x5B83;&#x8BC1;&#x4E66;&#xFF1B;</p>
<p><strong>&#x751F;&#x6210;&#x7684; CA &#x8BC1;&#x4E66;&#x548C;&#x79D8;&#x94A5;&#x6587;&#x4EF6;&#x5982;&#x4E0B;&#xFF1A;</strong></p>
<ul>
<li>ca-key.pem</li>
<li>ca.pem</li>
<li>kubernetes-key.pem</li>
<li>kubernetes.pem</li>
<li>kube-proxy.pem</li>
<li>kube-proxy-key.pem</li>
<li>admin.pem</li>
<li>admin-key.pem</li>
</ul>
<p><strong>&#x4F7F;&#x7528;&#x8BC1;&#x4E66;&#x7684;&#x7EC4;&#x4EF6;&#x5982;&#x4E0B;&#xFF1A;</strong></p>
<ul>
<li>etcd&#xFF1A;&#x4F7F;&#x7528; ca.pem&#x3001;kubernetes-key.pem&#x3001;kubernetes.pem&#xFF1B;</li>
<li>kube-apiserver&#xFF1A;&#x4F7F;&#x7528; ca.pem&#x3001;kubernetes-key.pem&#x3001;kubernetes.pem&#xFF1B;</li>
<li>kubelet&#xFF1A;&#x4F7F;&#x7528; ca.pem&#xFF1B;</li>
<li>kube-proxy&#xFF1A;&#x4F7F;&#x7528; ca.pem&#x3001;kube-proxy-key.pem&#x3001;kube-proxy.pem&#xFF1B;</li>
<li>kubectl&#xFF1A;&#x4F7F;&#x7528; ca.pem&#x3001;admin-key.pem&#x3001;admin.pem&#xFF1B;</li>
<li>kube-controller-manager&#xFF1A;&#x4F7F;&#x7528; ca-key.pem&#x3001;ca.pem</li>
</ul>
<p><strong>&#x6CE8;&#x610F;&#xFF1A;&#x4EE5;&#x4E0B;&#x64CD;&#x4F5C;&#x90FD;&#x5728; master &#x8282;&#x70B9;&#x5373; 172.20.0.113 &#x8FD9;&#x53F0;&#x4E3B;&#x673A;&#x4E0A;&#x6267;&#x884C;&#xFF0C;&#x8BC1;&#x4E66;&#x53EA;&#x9700;&#x8981;&#x521B;&#x5EFA;&#x4E00;&#x6B21;&#x5373;&#x53EF;&#xFF0C;&#x4EE5;&#x540E;&#x5728;&#x5411;&#x96C6;&#x7FA4;&#x4E2D;&#x6DFB;&#x52A0;&#x65B0;&#x8282;&#x70B9;&#x65F6;&#x53EA;&#x8981;&#x5C06; /etc/kubernetes/ &#x76EE;&#x5F55;&#x4E0B;&#x7684;&#x8BC1;&#x4E66;&#x62F7;&#x8D1D;&#x5230;&#x65B0;&#x8282;&#x70B9;&#x4E0A;&#x5373;&#x53EF;&#x3002;</strong></p>
<h2 id="&#x5B89;&#x88C5;-cfssl">&#x5B89;&#x88C5; <code>CFSSL</code></h2>
<p><strong>&#x65B9;&#x5F0F;&#x4E00;&#xFF1A;&#x76F4;&#x63A5;&#x4F7F;&#x7528;&#x4E8C;&#x8FDB;&#x5236;&#x6E90;&#x7801;&#x5305;&#x5B89;&#x88C5;</strong></p>
<pre><code class="lang-bash">wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
chmod +x cfssl_linux-amd64
mv cfssl_linux-amd64 /usr/<span class="hljs-built_in">local</span>/bin/cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x cfssljson_linux-amd64
mv cfssljson_linux-amd64 /usr/<span class="hljs-built_in">local</span>/bin/cfssljson
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl-certinfo_linux-amd64
mv cfssl-certinfo_linux-amd64 /usr/<span class="hljs-built_in">local</span>/bin/cfssl-certinfo
<span class="hljs-built_in">export</span> PATH=/usr/<span class="hljs-built_in">local</span>/bin:<span class="hljs-variable">$PATH</span>
</code></pre>
<p><strong>&#x65B9;&#x5F0F;&#x4E8C;&#xFF1A;&#x4F7F;&#x7528;go&#x547D;&#x4EE4;&#x5B89;&#x88C5;</strong></p>
<p>&#x6211;&#x4EEC;&#x7684;&#x7CFB;&#x7EDF;&#x4E2D;&#x5B89;&#x88C5;&#x4E86;Go1.7.5&#xFF0C;&#x4F7F;&#x7528;&#x4EE5;&#x4E0B;&#x547D;&#x4EE4;&#x5B89;&#x88C5;&#x66F4;&#x5FEB;&#x6377;&#xFF1A;</p>
<pre><code class="lang-bash">$ go get -u github.com/cloudflare/cfssl/cmd/...
$ <span class="hljs-built_in">echo</span> <span class="hljs-variable">$GOPATH</span>
/usr/<span class="hljs-built_in">local</span>
<span class="hljs-variable">$ls</span> /usr/<span class="hljs-built_in">local</span>/bin/cfssl*
cfssl cfssl-bundle cfssl-certinfo cfssljson cfssl-newkey cfssl-scan
</code></pre>
<p>&#x5728;<code>$GOPATH/bin</code>&#x76EE;&#x5F55;&#x4E0B;&#x5F97;&#x5230;&#x4EE5;cfssl&#x5F00;&#x5934;&#x7684;&#x51E0;&#x4E2A;&#x547D;&#x4EE4;&#x3002;</p>
<p>&#x6CE8;&#x610F;&#xFF1A;&#x4EE5;&#x4E0B;&#x6587;&#x7AE0;&#x4E2D;&#x51FA;&#x73B0;&#x7684;cat&#x7684;&#x6587;&#x4EF6;&#x540D;&#x5982;&#x679C;&#x4E0D;&#x5B58;&#x5728;&#x9700;&#x8981;&#x624B;&#x5DE5;&#x521B;&#x5EFA;&#x3002;</p>
<h2 id="&#x521B;&#x5EFA;-ca-certificate-authority">&#x521B;&#x5EFA; CA (Certificate Authority)</h2>
<p><strong>&#x521B;&#x5EFA; CA &#x914D;&#x7F6E;&#x6587;&#x4EF6;</strong></p>
<pre><code class="lang-bash">mkdir /root/ssl
<span class="hljs-built_in">cd</span> /root/ssl
cfssl <span class="hljs-built_in">print</span>-defaults config &gt; config.json
cfssl <span class="hljs-built_in">print</span>-defaults csr &gt; csr.json
<span class="hljs-comment"># &#x6839;&#x636E;config.json&#x6587;&#x4EF6;&#x7684;&#x683C;&#x5F0F;&#x521B;&#x5EFA;&#x5982;&#x4E0B;&#x7684;ca-config.json&#x6587;&#x4EF6;</span>
<span class="hljs-comment"># &#x8FC7;&#x671F;&#x65F6;&#x95F4;&#x8BBE;&#x7F6E;&#x6210;&#x4E86; 87600h</span>
cat &gt; ca-config.json &lt;&lt;EOF
{
<span class="hljs-string">&quot;signing&quot;</span>: {
<span class="hljs-string">&quot;default&quot;</span>: {
<span class="hljs-string">&quot;expiry&quot;</span>: <span class="hljs-string">&quot;87600h&quot;</span>
},
<span class="hljs-string">&quot;profiles&quot;</span>: {
<span class="hljs-string">&quot;kubernetes&quot;</span>: {
<span class="hljs-string">&quot;usages&quot;</span>: [
<span class="hljs-string">&quot;signing&quot;</span>,
<span class="hljs-string">&quot;key encipherment&quot;</span>,
<span class="hljs-string">&quot;server auth&quot;</span>,
<span class="hljs-string">&quot;client auth&quot;</span>
],
<span class="hljs-string">&quot;expiry&quot;</span>: <span class="hljs-string">&quot;87600h&quot;</span>
}
}
}
}
EOF
</code></pre>
<p>&#x5B57;&#x6BB5;&#x8BF4;&#x660E;</p>
<ul>
<li><code>ca-config.json</code>&#xFF1A;&#x53EF;&#x4EE5;&#x5B9A;&#x4E49;&#x591A;&#x4E2A; profiles&#xFF0C;&#x5206;&#x522B;&#x6307;&#x5B9A;&#x4E0D;&#x540C;&#x7684;&#x8FC7;&#x671F;&#x65F6;&#x95F4;&#x3001;&#x4F7F;&#x7528;&#x573A;&#x666F;&#x7B49;&#x53C2;&#x6570;&#xFF1B;&#x540E;&#x7EED;&#x5728;&#x7B7E;&#x540D;&#x8BC1;&#x4E66;&#x65F6;&#x4F7F;&#x7528;&#x67D0;&#x4E2A; profile&#xFF1B;</li>
<li><code>signing</code>&#xFF1A;&#x8868;&#x793A;&#x8BE5;&#x8BC1;&#x4E66;&#x53EF;&#x7528;&#x4E8E;&#x7B7E;&#x540D;&#x5176;&#x5B83;&#x8BC1;&#x4E66;&#xFF1B;&#x751F;&#x6210;&#x7684; ca.pem &#x8BC1;&#x4E66;&#x4E2D; <code>CA=TRUE</code>&#xFF1B;</li>
<li><code>server auth</code>&#xFF1A;&#x8868;&#x793A;client&#x53EF;&#x4EE5;&#x7528;&#x8BE5; CA &#x5BF9;server&#x63D0;&#x4F9B;&#x7684;&#x8BC1;&#x4E66;&#x8FDB;&#x884C;&#x9A8C;&#x8BC1;&#xFF1B;</li>
<li><code>client auth</code>&#xFF1A;&#x8868;&#x793A;server&#x53EF;&#x4EE5;&#x7528;&#x8BE5;CA&#x5BF9;client&#x63D0;&#x4F9B;&#x7684;&#x8BC1;&#x4E66;&#x8FDB;&#x884C;&#x9A8C;&#x8BC1;&#xFF1B;</li>
</ul>
<p><strong>&#x521B;&#x5EFA; CA &#x8BC1;&#x4E66;&#x7B7E;&#x540D;&#x8BF7;&#x6C42;</strong></p>
<p>&#x521B;&#x5EFA; <code>ca-csr.json</code> &#x6587;&#x4EF6;&#xFF0C;&#x5185;&#x5BB9;&#x5982;&#x4E0B;&#xFF1A;</p>
<pre><code class="lang-json">{
<span class="hljs-string">&quot;CN&quot;</span>: <span class="hljs-string">&quot;kubernetes&quot;</span>,
<span class="hljs-string">&quot;key&quot;</span>: {
<span class="hljs-string">&quot;algo&quot;</span>: <span class="hljs-string">&quot;rsa&quot;</span>,
<span class="hljs-string">&quot;size&quot;</span>: <span class="hljs-number">2048</span>
},
<span class="hljs-string">&quot;names&quot;</span>: [
{
<span class="hljs-string">&quot;C&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;ST&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;L&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;O&quot;</span>: <span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;OU&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>
}
]
}
</code></pre>
<ul>
<li>&quot;CN&quot;&#xFF1A;<code>Common Name</code>&#xFF0C;kube-apiserver &#x4ECE;&#x8BC1;&#x4E66;&#x4E2D;&#x63D0;&#x53D6;&#x8BE5;&#x5B57;&#x6BB5;&#x4F5C;&#x4E3A;&#x8BF7;&#x6C42;&#x7684;&#x7528;&#x6237;&#x540D; (User Name)&#xFF1B;&#x6D4F;&#x89C8;&#x5668;&#x4F7F;&#x7528;&#x8BE5;&#x5B57;&#x6BB5;&#x9A8C;&#x8BC1;&#x7F51;&#x7AD9;&#x662F;&#x5426;&#x5408;&#x6CD5;&#xFF1B;</li>
<li>&quot;O&quot;&#xFF1A;<code>Organization</code>&#xFF0C;kube-apiserver &#x4ECE;&#x8BC1;&#x4E66;&#x4E2D;&#x63D0;&#x53D6;&#x8BE5;&#x5B57;&#x6BB5;&#x4F5C;&#x4E3A;&#x8BF7;&#x6C42;&#x7528;&#x6237;&#x6240;&#x5C5E;&#x7684;&#x7EC4; (Group)&#xFF1B;</li>
</ul>
<p><strong>&#x751F;&#x6210; CA &#x8BC1;&#x4E66;&#x548C;&#x79C1;&#x94A5;</strong></p>
<pre><code class="lang-bash">$ cfssl gencert -initca ca-csr.json | cfssljson -bare ca
$ ls ca*
ca-config.json ca.csr ca-csr.json ca-key.pem ca.pem
</code></pre>
<h2 id="&#x521B;&#x5EFA;-kubernetes-&#x8BC1;&#x4E66;">&#x521B;&#x5EFA; kubernetes &#x8BC1;&#x4E66;</h2>
<p>&#x521B;&#x5EFA; kubernetes &#x8BC1;&#x4E66;&#x7B7E;&#x540D;&#x8BF7;&#x6C42;&#x6587;&#x4EF6; <code>kubernetes-csr.json</code>&#xFF1A;</p>
<pre><code class="lang-json">{
<span class="hljs-string">&quot;CN&quot;</span>: <span class="hljs-string">&quot;kubernetes&quot;</span>,
<span class="hljs-string">&quot;hosts&quot;</span>: [
<span class="hljs-string">&quot;127.0.0.1&quot;</span>,
<span class="hljs-string">&quot;172.20.0.112&quot;</span>,
<span class="hljs-string">&quot;172.20.0.113&quot;</span>,
<span class="hljs-string">&quot;172.20.0.114&quot;</span>,
<span class="hljs-string">&quot;172.20.0.115&quot;</span>,
<span class="hljs-string">&quot;10.254.0.1&quot;</span>,
<span class="hljs-string">&quot;kubernetes&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc.cluster&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc.cluster.local&quot;</span>
],
<span class="hljs-string">&quot;key&quot;</span>: {
<span class="hljs-string">&quot;algo&quot;</span>: <span class="hljs-string">&quot;rsa&quot;</span>,
<span class="hljs-string">&quot;size&quot;</span>: <span class="hljs-number">2048</span>
},
<span class="hljs-string">&quot;names&quot;</span>: [
{
<span class="hljs-string">&quot;C&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;ST&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;L&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;O&quot;</span>: <span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;OU&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>
}
]
}
</code></pre>
<ul>
<li>&#x5982;&#x679C; hosts &#x5B57;&#x6BB5;&#x4E0D;&#x4E3A;&#x7A7A;&#x5219;&#x9700;&#x8981;&#x6307;&#x5B9A;&#x6388;&#x6743;&#x4F7F;&#x7528;&#x8BE5;&#x8BC1;&#x4E66;&#x7684; <strong>IP &#x6216;&#x57DF;&#x540D;&#x5217;&#x8868;</strong>&#xFF0C;&#x7531;&#x4E8E;&#x8BE5;&#x8BC1;&#x4E66;&#x540E;&#x7EED;&#x88AB; <code>etcd</code> &#x96C6;&#x7FA4;&#x548C; <code>kubernetes master</code> &#x96C6;&#x7FA4;&#x4F7F;&#x7528;&#xFF0C;&#x6240;&#x4EE5;&#x4E0A;&#x9762;&#x5206;&#x522B;&#x6307;&#x5B9A;&#x4E86; <code>etcd</code> &#x96C6;&#x7FA4;&#x3001;<code>kubernetes master</code> &#x96C6;&#x7FA4;&#x7684;&#x4E3B;&#x673A; IP &#x548C; <strong><code>kubernetes</code> &#x670D;&#x52A1;&#x7684;&#x670D;&#x52A1; IP</strong>&#xFF08;&#x4E00;&#x822C;&#x662F; <code>kube-apiserver</code> &#x6307;&#x5B9A;&#x7684; <code>service-cluster-ip-range</code> &#x7F51;&#x6BB5;&#x7684;&#x7B2C;&#x4E00;&#x4E2A;IP&#xFF0C;&#x5982; 10.254.0.1&#x3002;</li>
<li>hosts &#x4E2D;&#x7684;&#x5185;&#x5BB9;&#x53EF;&#x4EE5;&#x4E3A;&#x7A7A;&#xFF0C;&#x5373;&#x4F7F;&#x6309;&#x7167;&#x4E0A;&#x9762;&#x7684;&#x914D;&#x7F6E;&#xFF0C;&#x5411;&#x96C6;&#x7FA4;&#x4E2D;&#x589E;&#x52A0;&#x65B0;&#x8282;&#x70B9;&#x540E;&#x4E5F;&#x4E0D;&#x9700;&#x8981;&#x91CD;&#x65B0;&#x751F;&#x6210;&#x8BC1;&#x4E66;&#x3002;</li>
</ul>
<p><strong>&#x751F;&#x6210; kubernetes &#x8BC1;&#x4E66;&#x548C;&#x79C1;&#x94A5;</strong></p>
<pre><code class="lang-bash">$ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
$ ls kubernetes*
kubernetes.csr kubernetes-csr.json kubernetes-key.pem kubernetes.pem
</code></pre>
<p>&#x6216;&#x8005;&#x76F4;&#x63A5;&#x5728;&#x547D;&#x4EE4;&#x884C;&#x4E0A;&#x6307;&#x5B9A;&#x76F8;&#x5173;&#x53C2;&#x6570;&#xFF1A;</p>
<pre><code class="lang-bash"><span class="hljs-built_in">echo</span> <span class="hljs-string">&apos;{&quot;CN&quot;:&quot;kubernetes&quot;,&quot;hosts&quot;:[&quot;&quot;],&quot;key&quot;:{&quot;algo&quot;:&quot;rsa&quot;,&quot;size&quot;:2048}}&apos;</span> | cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes -hostname=<span class="hljs-string">&quot;127.0.0.1,172.20.0.112,172.20.0.113,172.20.0.114,172.20.0.115,kubernetes,kubernetes.default&quot;</span> - | cfssljson -bare kubernetes
</code></pre>
<h2 id="&#x521B;&#x5EFA;-admin-&#x8BC1;&#x4E66;">&#x521B;&#x5EFA; admin &#x8BC1;&#x4E66;</h2>
<p>&#x521B;&#x5EFA; admin &#x8BC1;&#x4E66;&#x7B7E;&#x540D;&#x8BF7;&#x6C42;&#x6587;&#x4EF6; <code>admin-csr.json</code>&#xFF1A;</p>
<pre><code class="lang-json">{
<span class="hljs-string">&quot;CN&quot;</span>: <span class="hljs-string">&quot;admin&quot;</span>,
<span class="hljs-string">&quot;hosts&quot;</span>: [],
<span class="hljs-string">&quot;key&quot;</span>: {
<span class="hljs-string">&quot;algo&quot;</span>: <span class="hljs-string">&quot;rsa&quot;</span>,
<span class="hljs-string">&quot;size&quot;</span>: <span class="hljs-number">2048</span>
},
<span class="hljs-string">&quot;names&quot;</span>: [
{
<span class="hljs-string">&quot;C&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;ST&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;L&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;O&quot;</span>: <span class="hljs-string">&quot;system:masters&quot;</span>,
<span class="hljs-string">&quot;OU&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>
}
]
}
</code></pre>
<ul>
<li>&#x540E;&#x7EED; <code>kube-apiserver</code> &#x4F7F;&#x7528; <code>RBAC</code> &#x5BF9;&#x5BA2;&#x6237;&#x7AEF;(&#x5982; <code>kubelet</code>&#x3001;<code>kube-proxy</code>&#x3001;<code>Pod</code>)&#x8BF7;&#x6C42;&#x8FDB;&#x884C;&#x6388;&#x6743;&#xFF1B;</li>
<li><code>kube-apiserver</code> &#x9884;&#x5B9A;&#x4E49;&#x4E86;&#x4E00;&#x4E9B; <code>RBAC</code> &#x4F7F;&#x7528;&#x7684; <code>RoleBindings</code>&#xFF0C;&#x5982; <code>cluster-admin</code> &#x5C06; Group <code>system:masters</code> &#x4E0E; Role <code>cluster-admin</code> &#x7ED1;&#x5B9A;&#xFF0C;&#x8BE5; Role &#x6388;&#x4E88;&#x4E86;&#x8C03;&#x7528;<code>kube-apiserver</code> &#x7684;<strong>&#x6240;&#x6709; API</strong>&#x7684;&#x6743;&#x9650;&#xFF1B;</li>
<li>OU &#x6307;&#x5B9A;&#x8BE5;&#x8BC1;&#x4E66;&#x7684; Group &#x4E3A; <code>system:masters</code>&#xFF0C;<code>kubelet</code> &#x4F7F;&#x7528;&#x8BE5;&#x8BC1;&#x4E66;&#x8BBF;&#x95EE; <code>kube-apiserver</code> &#x65F6; &#xFF0C;&#x7531;&#x4E8E;&#x8BC1;&#x4E66;&#x88AB; CA &#x7B7E;&#x540D;&#xFF0C;&#x6240;&#x4EE5;&#x8BA4;&#x8BC1;&#x901A;&#x8FC7;&#xFF0C;&#x540C;&#x65F6;&#x7531;&#x4E8E;&#x8BC1;&#x4E66;&#x7528;&#x6237;&#x7EC4;&#x4E3A;&#x7ECF;&#x8FC7;&#x9884;&#x6388;&#x6743;&#x7684; <code>system:masters</code>&#xFF0C;&#x6240;&#x4EE5;&#x88AB;&#x6388;&#x4E88;&#x8BBF;&#x95EE;&#x6240;&#x6709; API &#x7684;&#x6743;&#x9650;&#xFF1B;</li>
</ul>
<p>&#x751F;&#x6210; admin &#x8BC1;&#x4E66;&#x548C;&#x79C1;&#x94A5;</p>
<pre><code class="lang-bash">$ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
$ ls admin*
admin.csr admin-csr.json admin-key.pem admin.pem
</code></pre>
<h2 id="&#x521B;&#x5EFA;-kube-proxy-&#x8BC1;&#x4E66;">&#x521B;&#x5EFA; kube-proxy &#x8BC1;&#x4E66;</h2>
<p>&#x521B;&#x5EFA; kube-proxy &#x8BC1;&#x4E66;&#x7B7E;&#x540D;&#x8BF7;&#x6C42;&#x6587;&#x4EF6; <code>kube-proxy-csr.json</code>&#xFF1A;</p>
<pre><code class="lang-json">{
<span class="hljs-string">&quot;CN&quot;</span>: <span class="hljs-string">&quot;system:kube-proxy&quot;</span>,
<span class="hljs-string">&quot;hosts&quot;</span>: [],
<span class="hljs-string">&quot;key&quot;</span>: {
<span class="hljs-string">&quot;algo&quot;</span>: <span class="hljs-string">&quot;rsa&quot;</span>,
<span class="hljs-string">&quot;size&quot;</span>: <span class="hljs-number">2048</span>
},
<span class="hljs-string">&quot;names&quot;</span>: [
{
<span class="hljs-string">&quot;C&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;ST&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;L&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;O&quot;</span>: <span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;OU&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>
}
]
}
</code></pre>
<ul>
<li>CN &#x6307;&#x5B9A;&#x8BE5;&#x8BC1;&#x4E66;&#x7684; User &#x4E3A; <code>system:kube-proxy</code>&#xFF1B;</li>
<li><code>kube-apiserver</code> &#x9884;&#x5B9A;&#x4E49;&#x7684; RoleBinding <code>cluster-admin</code> &#x5C06;User <code>system:kube-proxy</code> &#x4E0E; Role <code>system:node-proxier</code> &#x7ED1;&#x5B9A;&#xFF0C;&#x8BE5; Role &#x6388;&#x4E88;&#x4E86;&#x8C03;&#x7528; <code>kube-apiserver</code> Proxy &#x76F8;&#x5173; API &#x7684;&#x6743;&#x9650;&#xFF1B;</li>
</ul>
<p>&#x751F;&#x6210; kube-proxy &#x5BA2;&#x6237;&#x7AEF;&#x8BC1;&#x4E66;&#x548C;&#x79C1;&#x94A5;</p>
<pre><code class="lang-bash">$ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
$ ls kube-proxy*
kube-proxy.csr kube-proxy-csr.json kube-proxy-key.pem kube-proxy.pem
</code></pre>
<h2 id="&#x6821;&#x9A8C;&#x8BC1;&#x4E66;">&#x6821;&#x9A8C;&#x8BC1;&#x4E66;</h2>
<p>&#x4EE5; kubernetes &#x8BC1;&#x4E66;&#x4E3A;&#x4F8B;</p>
<h3 id="&#x4F7F;&#x7528;-opsnssl-&#x547D;&#x4EE4;">&#x4F7F;&#x7528; <code>opsnssl</code> &#x547D;&#x4EE4;</h3>
<pre><code class="lang-bash">$ openssl x509 -noout -text -in kubernetes.pem
...
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=BeiJing, L=BeiJing, O=k8s, OU=System, CN=Kubernetes
Validity
Not Before: Apr 5 05:36:00 2017 GMT
Not After : Apr 5 05:36:00 2018 GMT
Subject: C=CN, ST=BeiJing, L=BeiJing, O=k8s, OU=System, CN=kubernetes
...
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
DD:52:04:43:10:13:A9:29:24:17:3A:0E:D7:14:DB:36:F8:6C:E0:E0
X509v3 Authority Key Identifier:
keyid:44:04:3B:60:BD:69:78:14:68:AF:A0:41:13:F6:17:07:13:63:58:CD
X509v3 Subject Alternative Name:
DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster, DNS:kubernetes.default.svc.cluster.local, IP Address:127.0.0.1, IP Address:172.20.0.112, IP Address:172.20.0.113, IP Address:172.20.0.114, IP Address:172.20.0.115, IP Address:10.254.0.1
...
</code></pre>
<ul>
<li>&#x786E;&#x8BA4; <code>Issuer</code> &#x5B57;&#x6BB5;&#x7684;&#x5185;&#x5BB9;&#x548C; <code>ca-csr.json</code> &#x4E00;&#x81F4;&#xFF1B;</li>
<li>&#x786E;&#x8BA4; <code>Subject</code> &#x5B57;&#x6BB5;&#x7684;&#x5185;&#x5BB9;&#x548C; <code>kubernetes-csr.json</code> &#x4E00;&#x81F4;&#xFF1B;</li>
<li>&#x786E;&#x8BA4; <code>X509v3 Subject Alternative Name</code> &#x5B57;&#x6BB5;&#x7684;&#x5185;&#x5BB9;&#x548C; <code>kubernetes-csr.json</code> &#x4E00;&#x81F4;&#xFF1B;</li>
<li>&#x786E;&#x8BA4; <code>X509v3 Key Usage&#x3001;Extended Key Usage</code> &#x5B57;&#x6BB5;&#x7684;&#x5185;&#x5BB9;&#x548C; <code>ca-config.json</code> &#x4E2D; <code>kubernetes</code> profile &#x4E00;&#x81F4;&#xFF1B;</li>
</ul>
<h3 id="&#x4F7F;&#x7528;-cfssl-certinfo-&#x547D;&#x4EE4;">&#x4F7F;&#x7528; <code>cfssl-certinfo</code> &#x547D;&#x4EE4;</h3>
<pre><code class="lang-bash">$ cfssl-certinfo -cert kubernetes.pem
...
{
<span class="hljs-string">&quot;subject&quot;</span>: {
<span class="hljs-string">&quot;common_name&quot;</span>: <span class="hljs-string">&quot;kubernetes&quot;</span>,
<span class="hljs-string">&quot;country&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;organization&quot;</span>: <span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;organizational_unit&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>,
<span class="hljs-string">&quot;locality&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;province&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;names&quot;</span>: [
<span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;System&quot;</span>,
<span class="hljs-string">&quot;kubernetes&quot;</span>
]
},
<span class="hljs-string">&quot;issuer&quot;</span>: {
<span class="hljs-string">&quot;common_name&quot;</span>: <span class="hljs-string">&quot;Kubernetes&quot;</span>,
<span class="hljs-string">&quot;country&quot;</span>: <span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;organization&quot;</span>: <span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;organizational_unit&quot;</span>: <span class="hljs-string">&quot;System&quot;</span>,
<span class="hljs-string">&quot;locality&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;province&quot;</span>: <span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;names&quot;</span>: [
<span class="hljs-string">&quot;CN&quot;</span>,
<span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;BeiJing&quot;</span>,
<span class="hljs-string">&quot;k8s&quot;</span>,
<span class="hljs-string">&quot;System&quot;</span>,
<span class="hljs-string">&quot;Kubernetes&quot;</span>
]
},
<span class="hljs-string">&quot;serial_number&quot;</span>: <span class="hljs-string">&quot;174360492872423263473151971632292895707129022309&quot;</span>,
<span class="hljs-string">&quot;sans&quot;</span>: [
<span class="hljs-string">&quot;kubernetes&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc.cluster&quot;</span>,
<span class="hljs-string">&quot;kubernetes.default.svc.cluster.local&quot;</span>,
<span class="hljs-string">&quot;127.0.0.1&quot;</span>,
<span class="hljs-string">&quot;10.64.3.7&quot;</span>,
<span class="hljs-string">&quot;10.254.0.1&quot;</span>
],
<span class="hljs-string">&quot;not_before&quot;</span>: <span class="hljs-string">&quot;2017-04-05T05:36:00Z&quot;</span>,
<span class="hljs-string">&quot;not_after&quot;</span>: <span class="hljs-string">&quot;2018-04-05T05:36:00Z&quot;</span>,
<span class="hljs-string">&quot;sigalg&quot;</span>: <span class="hljs-string">&quot;SHA256WithRSA&quot;</span>,
...
</code></pre>
<h2 id="&#x5206;&#x53D1;&#x8BC1;&#x4E66;">&#x5206;&#x53D1;&#x8BC1;&#x4E66;</h2>
<p>&#x5C06;&#x751F;&#x6210;&#x7684;&#x8BC1;&#x4E66;&#x548C;&#x79D8;&#x94A5;&#x6587;&#x4EF6;&#xFF08;&#x540E;&#x7F00;&#x540D;&#x4E3A;<code>.pem</code>&#xFF09;&#x62F7;&#x8D1D;&#x5230;&#x6240;&#x6709;&#x673A;&#x5668;&#x7684; <code>/etc/kubernetes/ssl</code> &#x76EE;&#x5F55;&#x4E0B;&#x5907;&#x7528;&#xFF1B;</p>
<pre><code class="lang-bash">mkdir -p /etc/kubernetes/ssl
cp *.pem /etc/kubernetes/ssl
</code></pre>
<h2 id="&#x53C2;&#x8003;">&#x53C2;&#x8003;</h2>
<ul>
<li><a href="https://coreos.com/os/docs/latest/generate-self-signed-certificates.html" target="_blank">Generate self-signed certificates</a></li>
<li><a href="https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/02-certificate-authority.md" target="_blank">Setting up a Certificate Authority and Creating TLS Certificates</a></li>
<li><a href="https://blogs.msdn.microsoft.com/kaushal/2012/02/17/client-certificates-vs-server-certificates/" target="_blank">Client Certificates V/s Server Certificates</a></li>
<li><a href="http://blog.jobbole.com/104919/" target="_blank">&#x6570;&#x5B57;&#x8BC1;&#x4E66;&#x53CA; CA &#x7684;&#x626B;&#x76F2;&#x4ECB;&#x7ECD;</a></li>
<li><a href="../guide/tls-bootstrapping.html">TLS bootstrap &#x5F15;&#x5BFC;&#x7A0B;&#x5E8F;</a> </li>
</ul>
<footer class="page-footer"><span class="copyright">Copyright &#xA9; jimmysong.io 2017 all right reserved&#xFF0C;powered by Gitbook</span><span class="footer-modification">Updated:
2017-11-09 17:50:24
</span></footer>
</section>
</div>
<div class="search-results">
<div class="has-results">
<h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
<ul class="search-results-list"></ul>
</div>
<div class="no-results">
<h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
</div>
</div>
</div>
</div>
</div>
</div>
<a href="install-kubernetes-on-centos.html" class="navigation navigation-prev " aria-label="Previous page: 在CentOS上部署Kubernetes集群">
<i class="fa fa-angle-left"></i>
</a>
<a href="create-kubeconfig.html" class="navigation navigation-next " aria-label="Next page: 创建kubeconfig文件">
<i class="fa fa-angle-right"></i>
</a>
</div>
<script>
var gitbook = gitbook || [];
gitbook.push(function() {
gitbook.page.hasChanged({"page":{"title":"创建TLS证书和秘钥","level":"5.2.1","depth":2,"next":{"title":"创建kubeconfig文件","level":"5.2.2","depth":2,"path":"practice/create-kubeconfig.md","ref":"practice/create-kubeconfig.md","articles":[]},"previous":{"title":"在CentOS上部署Kubernetes集群","level":"5.2","depth":1,"path":"practice/install-kubernetes-on-centos.md","ref":"practice/install-kubernetes-on-centos.md","articles":[{"title":"创建TLS证书和秘钥","level":"5.2.1","depth":2,"path":"practice/create-tls-and-secret-key.md","ref":"practice/create-tls-and-secret-key.md","articles":[]},{"title":"创建kubeconfig文件","level":"5.2.2","depth":2,"path":"practice/create-kubeconfig.md","ref":"practice/create-kubeconfig.md","articles":[]},{"title":"创建高可用etcd集群","level":"5.2.3","depth":2,"path":"practice/etcd-cluster-installation.md","ref":"practice/etcd-cluster-installation.md","articles":[]},{"title":"安装kubectl命令行工具","level":"5.2.4","depth":2,"path":"practice/kubectl-installation.md","ref":"practice/kubectl-installation.md","articles":[]},{"title":"部署master节点","level":"5.2.5","depth":2,"path":"practice/master-installation.md","ref":"practice/master-installation.md","articles":[]},{"title":"安装flannel网络插件","level":"5.2.6","depth":2,"path":"practice/flannel-installation.md","ref":"practice/flannel-installation.md","articles":[]},{"title":"部署node节点","level":"5.2.7","depth":2,"path":"practice/node-installation.md","ref":"practice/node-installation.md","articles":[]},{"title":"安装kubedns插件","level":"5.2.8","depth":2,"path":"practice/kubedns-addon-installation.md","ref":"practice/kubedns-addon-installation.md","articles":[]},{"title":"安装dashboard插件","level":"5.2.9","depth":2,"path":"practice/dashboard-addon-installation.md","ref":"practice/dashboard-addon-installation.md","articles":[]},{"title":"安装heapster插件","level":"5.2.10","depth":2,"path":"practice/heapster-addon-installation.md","ref":"practice/heapster-addon-installation.md","articles":[]},{"title":"安装EFK插件","level":"5.2.11","depth":2,"path":"practice/efk-addon-installation.md","ref":"practice/efk-addon-installation.md","articles":[]}]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","editlink","back-to-top-button","-lunr","-search","search-plus","github-buttons@2.1.0","favicon@^0.0.2","tbfed-pagefooter@^0.0.1","3-ba","theme-default"],"styles":{"ebook":"styles/ebook.css","epub":"styles/epub.css","mobi":"styles/mobi.css","pdf":"styles/pdf.css","print":"styles/print.css","website":"styles/website.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"Copyright © jimmysong.io 2017","modify_label":"Updated:","modify_format":"YYYY-MM-DD HH:mm:ss"},"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"splitter":{},"codesnippet":{},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"favicon":{"shortcut":"favicon.ico","bookmark":"favicon.ico"},"page-toc-button":{},"back-to-top-button":{},"github-buttons":{"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"},"3-ba":{"configuration":"auto","token":"11f7d254cfa4e0ca44b175c66d379ecc"},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"showLevel":true,"styles":{"ebook":"styles/ebook.css","epub":"styles/epub.css","mobi":"styles/mobi.css","pdf":"styles/pdf.css","print":"styles/print.css","website":"styles/website.css"}},"search-plus":{},"image-captions":{"caption":"图片 - _CAPTION_","variable_name":"_pictures"}},"theme":"default","author":"Jimmy Song","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.1","level":"2.1","list_caption":"Figure: 云计算演进历程","alt":"云计算演进历程","nro":1,"url":"../images/cloud-computing-evolution-road.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"云计算演进历程","attributes":{},"skip":false,"key":"2.1.1"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.2","level":"2.1","list_caption":"Figure: 来自Twitter @MarcWilczek","alt":"来自Twitter @MarcWilczek","nro":2,"url":"../images/cloud-native-comes-of-age.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"来自Twitter @MarcWilczek","attributes":{},"skip":false,"key":"2.1.2"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.3","level":"2.1","list_caption":"Figure: Cloud native思维导图","alt":"Cloud native思维导图","nro":3,"url":"../images/cloud-native-architecutre-mindnode.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Cloud native思维导图","attributes":{},"skip":false,"key":"2.1.3"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.4","level":"2.1","list_caption":"Figure: 十二因素应用","alt":"十二因素应用","nro":4,"url":"../images/12-factor-app.png","index":4,"caption_template":"图片 - _CAPTION_","label":"十二因素应用","attributes":{},"skip":false,"key":"2.1.4"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.5","level":"2.1","list_caption":"Figure: 容器生态","alt":"容器生态","nro":5,"url":"../images/container-ecosystem.png","index":5,"caption_template":"图片 - _CAPTION_","label":"容器生态","attributes":{},"skip":false,"key":"2.1.5"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.6","level":"2.1","list_caption":"Figure: 使用Jenkins进行持续集成与发布流程图","alt":"使用Jenkins进行持续集成与发布流程图","nro":6,"url":"../images/kubernetes-jenkins-ci-cd.png","index":6,"caption_template":"图片 - _CAPTION_","label":"使用Jenkins进行持续集成与发布流程图","attributes":{},"skip":false,"key":"2.1.6"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.7","level":"2.1","list_caption":"Figure: filebeat日志收集架构图","alt":"filebeat日志收集架构图","nro":7,"url":"../images/filebeat-log-collector-arch.png","index":7,"caption_template":"图片 - _CAPTION_","label":"filebeat日志收集架构图","attributes":{},"skip":false,"key":"2.1.7"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.8","level":"2.1","list_caption":"Figure: API文档","alt":"API文档","nro":8,"url":"../images/k8s-app-monitor-test-api-doc.jpg","index":8,"caption_template":"图片 - _CAPTION_","label":"API文档","attributes":{},"skip":false,"key":"2.1.8"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.9","level":"2.1","list_caption":"Figure: 迁移步骤示意图","alt":"迁移步骤示意图","nro":9,"url":"../images/migrating-hadoop-yarn-to-kubernetes.png","index":9,"caption_template":"图片 - _CAPTION_","label":"迁移步骤示意图","attributes":{},"skip":false,"key":"2.1.9"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.10","level":"2.1","list_caption":"Figure: service mesh架构图","alt":"service mesh架构图","nro":10,"url":"../images/serivce-mesh-control-plane.png","index":10,"caption_template":"图片 - _CAPTION_","label":"service mesh架构图","attributes":{},"skip":false,"key":"2.1.10"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.11","level":"2.1","list_caption":"Figure: kibana界面","alt":"kibana界面","nro":11,"url":"../images/filebeat-docker-test.jpg","index":11,"caption_template":"图片 - _CAPTION_","label":"kibana界面","attributes":{},"skip":false,"key":"2.1.11"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.12","level":"2.1","list_caption":"Figure: Grafana界面示意图1","alt":"Grafana界面示意图1","nro":12,"url":"../images/kubernetes-devops-example-grafana-1.png","index":12,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图1","attributes":{},"skip":false,"key":"2.1.12"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.13","level":"2.1","list_caption":"Figure: Grafana界面示意图2","alt":"Grafana界面示意图2","nro":13,"url":"../images/kubernetes-devops-example-grafana-2.png","index":13,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图2","attributes":{},"skip":false,"key":"2.1.13"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.14","level":"2.1","list_caption":"Figure: Grafana界面示意图3","alt":"Grafana界面示意图3","nro":14,"url":"../images/kubernetes-devops-example-grafana-3.png","index":14,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图3","attributes":{},"skip":false,"key":"2.1.14"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.15","level":"2.1","list_caption":"Figure: dashboard","alt":"dashboard","nro":15,"url":"../images/spark-job-on-kubernetes-example-1.jpg","index":15,"caption_template":"图片 - _CAPTION_","label":"dashboard","attributes":{},"skip":false,"key":"2.1.15"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.1.16","level":"2.1","list_caption":"Figure: Grafana","alt":"Grafana","nro":16,"url":"../images/spark-job-on-kubernetes-example-2.jpg","index":16,"caption_template":"图片 - _CAPTION_","label":"Grafana","attributes":{},"skip":false,"key":"2.1.16"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.1","level":"2.2","list_caption":"Figure: Cloud Native容器实验室","alt":"Cloud Native容器实验室","nro":17,"url":"https://res.cloudinary.com/jimmysong/image/upload/images/cloud-native-container-lab.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Cloud Native容器实验室","attributes":{},"skip":false,"key":"2.2.1"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.2","level":"2.2","list_caption":"Figure: 容器生态图 Container ecosystem","alt":"容器生态图 Container ecosystem","nro":18,"url":"../images/container-ecosystem.png","index":2,"caption_template":"图片 - _CAPTION_","label":"容器生态图 Container ecosystem","attributes":{},"skip":false,"key":"2.2.2"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.3","level":"2.2","list_caption":"Figure: Cloud Native油井","alt":"Cloud Native油井","nro":19,"url":"https://res.cloudinary.com/jimmysong/image/upload/images/cloud-native-oil-well.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Cloud Native油井","attributes":{},"skip":false,"key":"2.2.3"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.4","level":"2.2","list_caption":"Figure: Kuberentes架构","alt":"Kuberentes架构","nro":20,"url":"../images/kubernetes-high-level-component-archtecture.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Kuberentes架构","attributes":{},"skip":false,"key":"2.2.4"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.5","level":"2.2","list_caption":"Figure: Cloud Native Core target","alt":"Cloud Native Core target","nro":21,"url":"../images/cloud-native-core-target.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Cloud Native Core target","attributes":{},"skip":false,"key":"2.2.5"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.6","level":"2.2","list_caption":"Figure: FaaS Landscape","alt":"FaaS Landscape","nro":22,"url":"../images/redpoint-faas-landscape.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"FaaS Landscape","attributes":{},"skip":false,"key":"2.2.6"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.7","level":"2.2","list_caption":"Figure: Workloads running on Kubernetes","alt":"Workloads running on Kubernetes","nro":23,"url":"https://res.cloudinary.com/jimmysong/image/upload/images/workloads-running-on-kubernetes-2017-thenewstack.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"Workloads running on Kubernetes","attributes":{},"skip":false,"key":"2.2.7"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.8","level":"2.2","list_caption":"Figure: Gartner技术爆发趋势图2017","alt":"Gartner技术爆发趋势图2017","nro":24,"url":"https://res.cloudinary.com/jimmysong/image/upload/images/gartner-hype-cycle-for-emerging-technologies-2017.jpg","index":8,"caption_template":"图片 - _CAPTION_","label":"Gartner技术爆发趋势图2017","attributes":{},"skip":false,"key":"2.2.8"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.9","level":"2.2","list_caption":"Figure: Microservices concerns","alt":"Microservices concerns","nro":25,"url":"../images/microservices-concerns.jpg","index":9,"caption_template":"图片 - _CAPTION_","label":"Microservices concerns","attributes":{},"skip":false,"key":"2.2.9"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.10","level":"2.2","list_caption":"Figure: 两种服务发现方式","alt":"两种服务发现方式","nro":26,"url":"../images/service-discovery-in-microservices.png","index":10,"caption_template":"图片 - _CAPTION_","label":"两种服务发现方式","attributes":{},"skip":false,"key":"2.2.10"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.11","level":"2.2","list_caption":"Figure: Cloud Native Pipeline","alt":"Cloud Native Pipeline","nro":27,"url":"https://res.cloudinary.com/jimmysong/image/upload/images/cloud-natvie-pipeline.jpg","index":11,"caption_template":"图片 - _CAPTION_","label":"Cloud Native Pipeline","attributes":{},"skip":false,"key":"2.2.11"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.12","level":"2.2","list_caption":"Figure: Cloud Native Features","alt":"Cloud Native Features","nro":28,"url":"https://jimmysong.io/kubernetes-handbook/images/cloud-native-architecutre-mindnode.jpg","index":12,"caption_template":"图片 - _CAPTION_","label":"Cloud Native Features","attributes":{},"skip":false,"key":"2.2.12"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.13","level":"2.2","list_caption":"Figure: Cloud Native Landscape v1.0","alt":"Cloud Native Landscape v1.0","nro":29,"url":"https://raw.githubusercontent.com/cncf/landscape/master/landscape/CloudNativeLandscape_v1.0.jpg","index":13,"caption_template":"图片 - _CAPTION_","label":"Cloud Native Landscape v1.0","attributes":{},"skip":false,"key":"2.2.13"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.14","level":"2.2","list_caption":"Figure: Building a Cloud Native Architecture with Kubernetes followed 12 factor app","alt":"Building a Cloud Native Architecture with Kubernetes followed 12 factor app","nro":30,"url":"../images/building-cloud-native-architecture-with-kubernetes.png","index":14,"caption_template":"图片 - _CAPTION_","label":"Building a Cloud Native Architecture with Kubernetes followed 12 factor app","attributes":{},"skip":false,"key":"2.2.14"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.15","level":"2.2","list_caption":"Figure: Creating Kubernetes native app","alt":"Creating Kubernetes native app","nro":31,"url":"../images/creating-kubernetes-native-app.jpg","index":15,"caption_template":"图片 - _CAPTION_","label":"Creating Kubernetes native app","attributes":{},"skip":false,"key":"2.2.15"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.16","level":"2.2","list_caption":"Figure: Service Mesh中国社区slogan","alt":"Service Mesh中国社区slogan","nro":32,"url":"https://res.cloudinary.com/jimmysong/image/upload/images/service-meshes-pro.jpg","index":16,"caption_template":"图片 - _CAPTION_","label":"Service Mesh中国社区slogan","attributes":{},"skip":false,"key":"2.2.16"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.17","level":"2.2","list_caption":"Figure: istio vs linkerd","alt":"istio vs linkerd","nro":33,"url":"../images/istio-vs-linkerd.jpg","index":17,"caption_template":"图片 - _CAPTION_","label":"istio vs linkerd","attributes":{},"skip":false,"key":"2.2.17"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.18","level":"2.2","list_caption":"Figure: Cloud Native factory","alt":"Cloud Native factory","nro":34,"url":"https://res.cloudinary.com/jimmysong/image/upload/images/cloud-native-factory.jpg","index":18,"caption_template":"图片 - _CAPTION_","label":"Cloud Native factory","attributes":{},"skip":false,"key":"2.2.18"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.19","level":"2.2","list_caption":"Figure: Deployment pipeline","alt":"Deployment pipeline","nro":35,"url":"https://res.cloudinary.com/jimmysong/image/upload/images/deployment-pipeline-comic.jpg","index":19,"caption_template":"图片 - _CAPTION_","label":"Deployment pipeline","attributes":{},"skip":false,"key":"2.2.19"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.20","level":"2.2","list_caption":"Figure: Spark on Kubernetes with different schedulers","alt":"Spark on Kubernetes with different schedulers","nro":36,"url":"../images/spark-on-kubernetes-with-different-schedulers.jpg","index":20,"caption_template":"图片 - _CAPTION_","label":"Spark on Kubernetes with different schedulers","attributes":{},"skip":false,"key":"2.2.20"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.21","level":"2.2","list_caption":"Figure: Kubernetes solutions","alt":"Kubernetes solutions","nro":37,"url":"https://res.cloudinary.com/jimmysong/image/upload/images/kubernetes-solutions-choices.jpg","index":21,"caption_template":"图片 - _CAPTION_","label":"Kubernetes solutions","attributes":{},"skip":false,"key":"2.2.21"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.2.22","level":"2.2","list_caption":"Figure: Kubernetes SIG","alt":"Kubernetes SIG","nro":38,"url":"../images/kubernetes-sigs.jpg","index":22,"caption_template":"图片 - _CAPTION_","label":"Kubernetes SIG","attributes":{},"skip":false,"key":"2.2.22"},{"backlink":"concepts/index.html#fig3.1.1","level":"3.1","list_caption":"Figure: Borg架构","alt":"Borg架构","nro":39,"url":"../images/borg.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Borg架构","attributes":{},"skip":false,"key":"3.1.1"},{"backlink":"concepts/index.html#fig3.1.2","level":"3.1","list_caption":"Figure: Kubernetes架构","alt":"Kubernetes架构","nro":40,"url":"../images/architecture.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes架构","attributes":{},"skip":false,"key":"3.1.2"},{"backlink":"concepts/index.html#fig3.1.3","level":"3.1","list_caption":"Figure: Kuberentes架构图片来自于网络","alt":"Kuberentes架构图片来自于网络","nro":41,"url":"../images/kubernetes-high-level-component-archtecture.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Kuberentes架构图片来自于网络","attributes":{},"skip":false,"key":"3.1.3"},{"backlink":"concepts/index.html#fig3.1.4","level":"3.1","list_caption":"Figure: kubernetes整体架构示意图","alt":"kubernetes整体架构示意图","nro":42,"url":"../images/kubernetes-whole-arch.png","index":4,"caption_template":"图片 - _CAPTION_","label":"kubernetes整体架构示意图","attributes":{},"skip":false,"key":"3.1.4"},{"backlink":"concepts/index.html#fig3.1.5","level":"3.1","list_caption":"Figure: Kubernetes master架构示意图","alt":"Kubernetes master架构示意图","nro":43,"url":"../images/kubernetes-master-arch.png","index":5,"caption_template":"图片 - _CAPTION_","label":"Kubernetes master架构示意图","attributes":{},"skip":false,"key":"3.1.5"},{"backlink":"concepts/index.html#fig3.1.6","level":"3.1","list_caption":"Figure: kubernetes node架构示意图","alt":"kubernetes node架构示意图","nro":44,"url":"../images/kubernetes-node-arch.png","index":6,"caption_template":"图片 - _CAPTION_","label":"kubernetes node架构示意图","attributes":{},"skip":false,"key":"3.1.6"},{"backlink":"concepts/index.html#fig3.1.7","level":"3.1","list_caption":"Figure: Kubernetes分层架构示意图","alt":"Kubernetes分层架构示意图","nro":45,"url":"../images/kubernetes-layers-arch.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"Kubernetes分层架构示意图","attributes":{},"skip":false,"key":"3.1.7"},{"backlink":"concepts/concepts.html#fig3.2.1","level":"3.2","list_caption":"Figure: 分层架构示意图","alt":"分层架构示意图","nro":46,"url":"../images/kubernetes-layers-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"分层架构示意图","attributes":{},"skip":false,"key":"3.2.1"},{"backlink":"concepts/pod-overview.html#fig3.3.1.1","level":"3.3.1","list_caption":"Figure: pod diagram","alt":"pod diagram","nro":47,"url":"../images/pod-overview.png","index":1,"caption_template":"图片 - _CAPTION_","label":"pod diagram","attributes":{},"skip":false,"key":"3.3.1.1"},{"backlink":"concepts/pod.html#fig3.3.1.1.1","level":"3.3.1.1","list_caption":"Figure: Pod示意图","alt":"Pod示意图","nro":48,"url":"../images/pod-overview.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Pod示意图","attributes":{},"skip":false,"key":"3.3.1.1.1"},{"backlink":"concepts/pod.html#fig3.3.1.1.2","level":"3.3.1.1","list_caption":"Figure: Pod Cheatsheet","alt":"Pod Cheatsheet","nro":49,"url":"../images/kubernetes-pod-cheatsheet.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Pod Cheatsheet","attributes":{},"skip":false,"key":"3.3.1.1.2"},{"backlink":"concepts/service.html#fig3.3.4.1","level":"3.3.4","list_caption":"Figure: userspace代理模式下Service概览图","alt":"userspace代理模式下Service概览图","nro":50,"url":"../images/services-userspace-overview.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"userspace代理模式下Service概览图","attributes":{},"skip":false,"key":"3.3.4.1"},{"backlink":"concepts/service.html#fig3.3.4.2","level":"3.3.4","list_caption":"Figure: iptables代理模式下Service概览图","alt":"iptables代理模式下Service概览图","nro":51,"url":"../images/services-iptables-overview.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"iptables代理模式下Service概览图","attributes":{},"skip":false,"key":"3.3.4.2"},{"backlink":"concepts/deployment.html#fig3.3.6.1","level":"3.3.6","list_caption":"Figure: kubernetes deployment cheatsheet","alt":"kubernetes deployment cheatsheet","nro":52,"url":"../images/deployment-cheatsheet.png","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes deployment cheatsheet","attributes":{},"skip":false,"key":"3.3.6.1"},{"backlink":"concepts/horizontal-pod-autoscaling.html#fig3.3.16.1","level":"3.3.16","list_caption":"Figure: horizontal-pod-autoscaler","alt":"horizontal-pod-autoscaler","nro":53,"url":"../images/horizontal-pod-autoscaler.png","index":1,"caption_template":"图片 - _CAPTION_","label":"horizontal-pod-autoscaler","attributes":{},"skip":false,"key":"3.3.16.1"},{"backlink":"concepts/label.html#fig3.3.17.1","level":"3.3.17","list_caption":"Figure: label示意图","alt":"label示意图","nro":54,"url":"../images/labels.png","index":1,"caption_template":"图片 - _CAPTION_","label":"label示意图","attributes":{},"skip":false,"key":"3.3.17.1"},{"backlink":"guide/using-kubectl.html#fig4.3.2.1","level":"4.3.2","list_caption":"Figure: kubectl cheatsheet","alt":"kubectl cheatsheet","nro":55,"url":"../images/kubernetes-kubectl-cheatsheet.png","index":1,"caption_template":"图片 - _CAPTION_","label":"kubectl cheatsheet","attributes":{},"skip":false,"key":"4.3.2.1"},{"backlink":"guide/using-kubectl.html#fig4.3.2.2","level":"4.3.2","list_caption":"Figure: kube-shell页面","alt":"kube-shell页面","nro":56,"url":"../images/kube-shell.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"kube-shell页面","attributes":{},"skip":false,"key":"4.3.2.2"},{"backlink":"guide/ip-masq-agent.html#fig4.4.6.1","level":"4.4.6","list_caption":"Figure: IP伪装代理示意图","alt":"IP伪装代理示意图","nro":57,"url":"../images/ip-masq.png","index":1,"caption_template":"图片 - _CAPTION_","label":"IP伪装代理示意图","attributes":{},"skip":false,"key":"4.4.6.1"},{"backlink":"guide/auth-with-kubeconfig-or-token.html#fig4.4.7.1","level":"4.4.7","list_caption":"Figure: kubeconfig文件","alt":"kubeconfig文件","nro":58,"url":"../images/brand-kubeconfig-yaml.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubeconfig文件","attributes":{},"skip":false,"key":"4.4.7.1"},{"backlink":"guide/authentication.html#fig4.4.8.1","level":"4.4.8","list_caption":"Figure: Kubernetes OpenID Connect Flow","alt":"Kubernetes OpenID Connect Flow","nro":59,"url":"../images/kubernetes-oidc-login.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes OpenID Connect Flow","attributes":{},"skip":false,"key":"4.4.8.1"},{"backlink":"guide/carbin-mobile-dashboard-for-kubernetes.html#fig4.5.6.1","level":"4.5.6","list_caption":"Figure: App Store","alt":"App Store","nro":60,"url":"../images/carbin-kubernetes-mobile-dashboard-1.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"App Store","attributes":{},"skip":false,"key":"4.5.6.1"},{"backlink":"guide/carbin-mobile-dashboard-for-kubernetes.html#fig4.5.6.2","level":"4.5.6","list_caption":"Figure: 在手机上操作Kubernetes集群","alt":"在手机上操作Kubernetes集群","nro":61,"url":"../images/carbin-kubernetes-mobile-dashboard-4.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"在手机上操作Kubernetes集群","attributes":{},"skip":false,"key":"4.5.6.2"},{"backlink":"guide/kubernetes-desktop-client.html#fig4.5.7.1","level":"4.5.7","list_caption":"Figure: Kubernetic客户端","alt":"Kubernetic客户端","nro":62,"url":"../images/kubernetic-desktop-ui.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetic客户端","attributes":{},"skip":false,"key":"4.5.7.1"},{"backlink":"guide/kubernator-kubernetes-ui.html#fig4.5.8.1","level":"4.5.8","list_caption":"Figure: Kubernator catalog页面","alt":"Kubernator catalog页面","nro":63,"url":"../images/kubernator-catalog.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernator catalog页面","attributes":{},"skip":false,"key":"4.5.8.1"},{"backlink":"guide/kubernator-kubernetes-ui.html#fig4.5.8.2","level":"4.5.8","list_caption":"Figure: Kubernator rbac页面","alt":"Kubernator rbac页面","nro":64,"url":"../images/kubernator-rbac.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernator rbac页面","attributes":{},"skip":false,"key":"4.5.8.2"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig4.6.1.1","level":"4.6.1","list_caption":"Figure: API","alt":"API","nro":65,"url":"../images/k8s-app-monitor-test-api-doc.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"API","attributes":{},"skip":false,"key":"4.6.1.1"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig4.6.1.2","level":"4.6.1","list_caption":"Figure: wercker","alt":"wercker","nro":66,"url":"../images/k8s-app-monitor-agent-wercker.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"wercker","attributes":{},"skip":false,"key":"4.6.1.2"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig4.6.1.3","level":"4.6.1","list_caption":"Figure: 图表","alt":"图表","nro":67,"url":"../images/k8s-app-monitor-agent.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"图表","attributes":{},"skip":false,"key":"4.6.1.3"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig4.6.2.1","level":"4.6.2","list_caption":"Figure: spark on yarn with kubernetes","alt":"spark on yarn with kubernetes","nro":68,"url":"../images/spark-on-yarn-with-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"spark on yarn with kubernetes","attributes":{},"skip":false,"key":"4.6.2.1"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig4.6.2.2","level":"4.6.2","list_caption":"Figure: Terms","alt":"Terms","nro":69,"url":"../images/terms-in-kubernetes-app-deployment.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Terms","attributes":{},"skip":false,"key":"4.6.2.2"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig4.6.2.3","level":"4.6.2","list_caption":"Figure: 分解步骤解析","alt":"分解步骤解析","nro":70,"url":"../images/migrating-hadoop-yarn-to-kubernetes.png","index":3,"caption_template":"图片 - _CAPTION_","label":"分解步骤解析","attributes":{},"skip":false,"key":"4.6.2.3"},{"backlink":"practice/node-installation.html#fig5.2.7.1","level":"5.2.7","list_caption":"Figure: welcome nginx","alt":"welcome nginx","nro":71,"url":"../images/kubernetes-installation-test-nginx.png","index":1,"caption_template":"图片 - _CAPTION_","label":"welcome nginx","attributes":{},"skip":false,"key":"5.2.7.1"},{"backlink":"practice/dashboard-addon-installation.html#fig5.2.9.1","level":"5.2.9","list_caption":"Figure: kubernetes dashboard","alt":"kubernetes dashboard","nro":72,"url":"../images/kubernetes-dashboard-raw.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes dashboard","attributes":{},"skip":false,"key":"5.2.9.1"},{"backlink":"practice/dashboard-addon-installation.html#fig5.2.9.2","level":"5.2.9","list_caption":"Figure: V1.6.3版本的dashboard界面","alt":"V1.6.3版本的dashboard界面","nro":73,"url":"../images/dashboard-v163.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"V1.6.3版本的dashboard界面","attributes":{},"skip":false,"key":"5.2.9.2"},{"backlink":"practice/heapster-addon-installation.html#fig5.2.10.1","level":"5.2.10","list_caption":"Figure: dashboard-heapster","alt":"dashboard-heapster","nro":74,"url":"../images/kubernetes-dashboard-with-heapster.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"dashboard-heapster","attributes":{},"skip":false,"key":"5.2.10.1"},{"backlink":"practice/heapster-addon-installation.html#fig5.2.10.2","level":"5.2.10","list_caption":"Figure: grafana","alt":"grafana","nro":75,"url":"../images/kubernetes-heapster-grafana.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"grafana","attributes":{},"skip":false,"key":"5.2.10.2"},{"backlink":"practice/heapster-addon-installation.html#fig5.2.10.3","level":"5.2.10","list_caption":"Figure: kubernetes-influxdb-heapster","alt":"kubernetes-influxdb-heapster","nro":76,"url":"../images/kubernetes-influxdb-heapster.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"kubernetes-influxdb-heapster","attributes":{},"skip":false,"key":"5.2.10.3"},{"backlink":"practice/heapster-addon-installation.html#fig5.2.10.4","level":"5.2.10","list_caption":"Figure: 修改grafana模板","alt":"修改grafana模板","nro":77,"url":"../images/grafana-dashboard-setting.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"修改grafana模板","attributes":{},"skip":false,"key":"5.2.10.4"},{"backlink":"practice/efk-addon-installation.html#fig5.2.11.1","level":"5.2.11","list_caption":"Figure: es-setting","alt":"es-setting","nro":78,"url":"../images/es-setting.png","index":1,"caption_template":"图片 - _CAPTION_","label":"es-setting","attributes":{},"skip":false,"key":"5.2.11.1"},{"backlink":"practice/efk-addon-installation.html#fig5.2.11.2","level":"5.2.11","list_caption":"Figure: es-home","alt":"es-home","nro":79,"url":"../images/kubernetes-efk-kibana.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"es-home","attributes":{},"skip":false,"key":"5.2.11.2"},{"backlink":"practice/traefik-ingress-installation.html#fig5.3.1.1","level":"5.3.1","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":80,"url":"../images/traefik-dashboard.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"5.3.1.1"},{"backlink":"practice/traefik-ingress-installation.html#fig5.3.1.2","level":"5.3.1","list_caption":"Figure: traefik-nginx","alt":"traefik-nginx","nro":81,"url":"../images/traefik-nginx.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"traefik-nginx","attributes":{},"skip":false,"key":"5.3.1.2"},{"backlink":"practice/traefik-ingress-installation.html#fig5.3.1.3","level":"5.3.1","list_caption":"Figure: traefik-guestbook","alt":"traefik-guestbook","nro":82,"url":"../images/traefik-guestbook.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"traefik-guestbook","attributes":{},"skip":false,"key":"5.3.1.3"},{"backlink":"practice/distributed-load-test.html#fig5.3.2.1","level":"5.3.2","list_caption":"Figure: 使用dashboard来扩容","alt":"使用dashboard来扩容","nro":83,"url":"../images/dashbaord-scale.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"使用dashboard来扩容","attributes":{},"skip":false,"key":"5.3.2.1"},{"backlink":"practice/distributed-load-test.html#fig5.3.2.2","level":"5.3.2","list_caption":"Figure: Traefik的UI","alt":"Traefik的UI","nro":84,"url":"../images/traefik-dashboard-locust.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Traefik的UI","attributes":{},"skip":false,"key":"5.3.2.2"},{"backlink":"practice/distributed-load-test.html#fig5.3.2.3","level":"5.3.2","list_caption":"Figure: Locust启动界面","alt":"Locust启动界面","nro":85,"url":"../images/locust-start-swarming.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Locust启动界面","attributes":{},"skip":false,"key":"5.3.2.3"},{"backlink":"practice/distributed-load-test.html#fig5.3.2.4","level":"5.3.2","list_caption":"Figure: Dashboard查看页面","alt":"Dashboard查看页面","nro":86,"url":"../images/sample-webapp-rc.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Dashboard查看页面","attributes":{},"skip":false,"key":"5.3.2.4"},{"backlink":"practice/distributed-load-test.html#fig5.3.2.5","level":"5.3.2","list_caption":"Figure: Locust测试结果页面","alt":"Locust测试结果页面","nro":87,"url":"../images/locust-dashboard.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Locust测试结果页面","attributes":{},"skip":false,"key":"5.3.2.5"},{"backlink":"practice/network-and-cluster-perfermance-test.html#fig5.3.3.1","level":"5.3.3","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":88,"url":"../images/kubenetes-e2e-test.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"5.3.3.1"},{"backlink":"practice/network-and-cluster-perfermance-test.html#fig5.3.3.2","level":"5.3.3","list_caption":"Figure: locust测试页面","alt":"locust测试页面","nro":89,"url":"../images/kubernetes-locust-test.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"locust测试页面","attributes":{},"skip":false,"key":"5.3.3.2"},{"backlink":"practice/edge-node-configuration.html#fig5.3.4.1","level":"5.3.4","list_caption":"Figure: 边缘节点架构","alt":"边缘节点架构","nro":90,"url":"../images/kubernetes-edge-node-architecture.png","index":1,"caption_template":"图片 - _CAPTION_","label":"边缘节点架构","attributes":{},"skip":false,"key":"5.3.4.1"},{"backlink":"practice/configuring-dns.html#fig5.3.6.1","level":"5.3.6","list_caption":"Figure: DNS lookup flow","alt":"DNS lookup flow","nro":91,"url":"https://d33wubrfki0l68.cloudfront.net/340889cb80e81dcd19a16bc34697a7907e2b229a/24ad0/docs/tasks/administer-cluster/dns-custom-nameservers/dns.png","index":1,"caption_template":"图片 - _CAPTION_","label":"DNS lookup flow","attributes":{},"skip":false,"key":"5.3.6.1"},{"backlink":"practice/app-log-collection.html#fig5.4.2.1","level":"5.4.2","list_caption":"Figure: filebeat日志收集架构图","alt":"filebeat日志收集架构图","nro":92,"url":"../images/filebeat-log-collector.png","index":1,"caption_template":"图片 - _CAPTION_","label":"filebeat日志收集架构图","attributes":{},"skip":false,"key":"5.4.2.1"},{"backlink":"practice/app-log-collection.html#fig5.4.2.2","level":"5.4.2","list_caption":"Figure: Kibana页面","alt":"Kibana页面","nro":93,"url":"../images/filebeat-docker-test.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kibana页面","attributes":{},"skip":false,"key":"5.4.2.2"},{"backlink":"practice/app-log-collection.html#fig5.4.2.3","level":"5.4.2","list_caption":"Figure: filebeat收集的日志详细信息","alt":"filebeat收集的日志详细信息","nro":94,"url":"../images/kubernetes-filebeat-detail.png","index":3,"caption_template":"图片 - _CAPTION_","label":"filebeat收集的日志详细信息","attributes":{},"skip":false,"key":"5.4.2.3"},{"backlink":"practice/monitor.html#fig5.4.4.1","level":"5.4.4","list_caption":"Figure: Kubernetes集群中的监控","alt":"Kubernetes集群中的监控","nro":95,"url":"../images/monitoring-in-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes集群中的监控","attributes":{},"skip":false,"key":"5.4.4.1"},{"backlink":"practice/monitor.html#fig5.4.4.2","level":"5.4.4","list_caption":"Figure: kubernetes的容器命名规则示意图","alt":"kubernetes的容器命名规则示意图","nro":96,"url":"../images/kubernetes-container-naming-rule.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"kubernetes的容器命名规则示意图","attributes":{},"skip":false,"key":"5.4.4.2"},{"backlink":"practice/monitor.html#fig5.4.4.3","level":"5.4.4","list_caption":"Figure: Heapster架构图改进版","alt":"Heapster架构图改进版","nro":97,"url":"../images/kubernetes-heapster-monitoring.png","index":3,"caption_template":"图片 - _CAPTION_","label":"Heapster架构图改进版","attributes":{},"skip":false,"key":"5.4.4.3"},{"backlink":"practice/monitor.html#fig5.4.4.4","level":"5.4.4","list_caption":"Figure: 应用监控架构图","alt":"应用监控架构图","nro":98,"url":"../images/kubernetes-app-monitoring.png","index":4,"caption_template":"图片 - _CAPTION_","label":"应用监控架构图","attributes":{},"skip":false,"key":"5.4.4.4"},{"backlink":"practice/monitor.html#fig5.4.4.5","level":"5.4.4","list_caption":"Figure: 应用拓扑图","alt":"应用拓扑图","nro":99,"url":"../images/weave-scope-service-topology.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"应用拓扑图","attributes":{},"skip":false,"key":"5.4.4.5"},{"backlink":"practice/data-persistence-problem.html#fig5.4.5.1","level":"5.4.5","list_caption":"Figure: 日志持久化收集解决方案示意图","alt":"日志持久化收集解决方案示意图","nro":100,"url":"../images/log-persistence-logstash.png","index":1,"caption_template":"图片 - _CAPTION_","label":"日志持久化收集解决方案示意图","attributes":{},"skip":false,"key":"5.4.5.1"},{"backlink":"practice/storage-for-containers-using-glusterfs-with-openshift.html#fig5.5.1.2.1","level":"5.5.1.2","list_caption":"Figure: 创建存储","alt":"创建存储","nro":101,"url":"../images/create-gluster-storage.png","index":1,"caption_template":"图片 - _CAPTION_","label":"创建存储","attributes":{},"skip":false,"key":"5.5.1.2.1"},{"backlink":"practice/storage-for-containers-using-glusterfs-with-openshift.html#fig5.5.1.2.2","level":"5.5.1.2","list_caption":"Figure: Screen Shot 2017-03-24 at 11.09.34.png","alt":"Screen Shot 2017-03-24 at 11.09.34.png","nro":102,"url":"https://keithtenzer.files.wordpress.com/2017/03/screen-shot-2017-03-24-at-11-09-341.png?w=440","index":2,"caption_template":"图片 - _CAPTION_","label":"Screen Shot 2017-03-24 at 11.09.34.png","attributes":{},"skip":false,"key":"5.5.1.2.2"},{"backlink":"practice/using-heapster-to-get-object-metrics.html#fig5.6.1.1.1","level":"5.6.1.1","list_caption":"Figure: Heapster架构图","alt":"Heapster架构图","nro":103,"url":"../images/heapster-architecture.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Heapster架构图","attributes":{},"skip":false,"key":"5.6.1.1.1"},{"backlink":"practice/prometheus.html#fig5.6.2.1","level":"5.6.2","list_caption":"Figure: Prometheus 架构图","alt":"Prometheus 架构图","nro":104,"url":"../images/prometheus-architecture.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Prometheus 架构图","attributes":{},"skip":false,"key":"5.6.2.1"},{"backlink":"practice/using-prometheus-to-monitor-kuberentes-cluster.html#fig5.6.2.1.1","level":"5.6.2.1","list_caption":"Figure: Grafana页面","alt":"Grafana页面","nro":105,"url":"../images/kubernetes-prometheus-monitoring.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Grafana页面","attributes":{},"skip":false,"key":"5.6.2.1.1"},{"backlink":"practice/helm.html#fig5.7.1.1","level":"5.7.1","list_caption":"Figure: Helm chart源","alt":"Helm chart源","nro":106,"url":"../images/helm-charts-repository.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Helm chart源","attributes":{},"skip":false,"key":"5.7.1.1"},{"backlink":"practice/helm.html#fig5.7.1.2","level":"5.7.1","list_caption":"Figure: TODO应用的Web页面","alt":"TODO应用的Web页面","nro":107,"url":"../images/helm-mean-todo-aholic.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"TODO应用的Web页面","attributes":{},"skip":false,"key":"5.7.1.2"},{"backlink":"practice/create-private-charts-repo.html#fig5.7.2.1","level":"5.7.2","list_caption":"Figure: Helm monocular界面","alt":"Helm monocular界面","nro":108,"url":"../images/helm-monocular-jimmysong.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Helm monocular界面","attributes":{},"skip":false,"key":"5.7.2.1"},{"backlink":"practice/jenkins-ci-cd.html#fig5.8.1.1","level":"5.8.1","list_caption":"Figure: 基于Jenkins的持续集成与发布","alt":"基于Jenkins的持续集成与发布","nro":109,"url":"../images/kubernetes-jenkins-ci-cd.png","index":1,"caption_template":"图片 - _CAPTION_","label":"基于Jenkins的持续集成与发布","attributes":{},"skip":false,"key":"5.8.1.1"},{"backlink":"practice/drone-ci-cd.html#fig5.8.2.1","level":"5.8.2","list_caption":"Figure: OAuth注册","alt":"OAuth注册","nro":110,"url":"../images/github-oauth-register.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"OAuth注册","attributes":{},"skip":false,"key":"5.8.2.1"},{"backlink":"practice/drone-ci-cd.html#fig5.8.2.2","level":"5.8.2","list_caption":"Figure: OAuth key","alt":"OAuth key","nro":111,"url":"../images/github-oauth-drone-key.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"OAuth key","attributes":{},"skip":false,"key":"5.8.2.2"},{"backlink":"practice/drone-ci-cd.html#fig5.8.2.3","level":"5.8.2","list_caption":"Figure: Drone登陆界面","alt":"Drone登陆界面","nro":112,"url":"../images/drone-login-github.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Drone登陆界面","attributes":{},"skip":false,"key":"5.8.2.3"},{"backlink":"practice/drone-ci-cd.html#fig5.8.2.4","level":"5.8.2","list_caption":"Figure: Github启用repo设置","alt":"Github启用repo设置","nro":113,"url":"../images/drone-github-active.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Github启用repo设置","attributes":{},"skip":false,"key":"5.8.2.4"},{"backlink":"practice/drone-ci-cd.html#fig5.8.2.5","level":"5.8.2","list_caption":"Figure: Github单个repo设置","alt":"Github单个repo设置","nro":114,"url":"../images/drone-github-repo-setting.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Github单个repo设置","attributes":{},"skip":false,"key":"5.8.2.5"},{"backlink":"practice/manually-upgrade.html#fig5.9.1.1","level":"5.9.1","list_caption":"Figure: Kubernetes零宕机时间升级建议","alt":"Kubernetes零宕机时间升级建议","nro":115,"url":"../images/zero-downtime-kubernetes-upgrade-tips.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes零宕机时间升级建议","attributes":{},"skip":false,"key":"5.9.1.1"},{"backlink":"practice/dashboard-upgrade.html#fig5.9.2.1","level":"5.9.2","list_caption":"Figure: 登陆界面","alt":"登陆界面","nro":116,"url":"../images/kubernetes-dashboard-1.7.1-login.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"登陆界面","attributes":{},"skip":false,"key":"5.9.2.1"},{"backlink":"practice/dashboard-upgrade.html#fig5.9.2.2","level":"5.9.2","list_caption":"Figure: 首页","alt":"首页","nro":117,"url":"../images/kubernetes-dashboard-1.7.1-default-page.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"首页","attributes":{},"skip":false,"key":"5.9.2.2"},{"backlink":"practice/dashboard-upgrade.html#fig5.9.2.3","level":"5.9.2","list_caption":"Figure: 用户空间","alt":"用户空间","nro":118,"url":"../images/kubernetes-dashboard-1.7.1-brand.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"用户空间","attributes":{},"skip":false,"key":"5.9.2.3"},{"backlink":"practice/dashboard-upgrade.html#fig5.9.2.4","level":"5.9.2","list_caption":"Figure: kubeconfig文件","alt":"kubeconfig文件","nro":119,"url":"../images/brand-kubeconfig-yaml.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"kubeconfig文件","attributes":{},"skip":false,"key":"5.9.2.4"},{"backlink":"usecases/microservices.html#fig6.2.1","level":"6.2","list_caption":"Figure: 微服务关注的部分","alt":"微服务关注的部分","nro":120,"url":"../images/microservices-concerns.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"微服务关注的部分","attributes":{},"skip":false,"key":"6.2.1"},{"backlink":"usecases/service-discovery-in-microservices.html#fig6.2.1.1","level":"6.2.1","list_caption":"Figure: 微服务中的服务发现","alt":"微服务中的服务发现","nro":121,"url":"../images/service-discovery-in-microservices.png","index":1,"caption_template":"图片 - _CAPTION_","label":"微服务中的服务发现","attributes":{},"skip":false,"key":"6.2.1.1"},{"backlink":"usecases/service-mesh.html#fig6.3.1","level":"6.3","list_caption":"Figure: 下一代异构微服务架构","alt":"下一代异构微服务架构","nro":122,"url":"../images/polyglot-microservices-serivce-mesh.png","index":1,"caption_template":"图片 - _CAPTION_","label":"下一代异构微服务架构","attributes":{},"skip":false,"key":"6.3.1"},{"backlink":"usecases/service-mesh.html#fig6.3.2","level":"6.3","list_caption":"Figure: Service Mesh 架构图","alt":"Service Mesh 架构图","nro":123,"url":"../images/serivce-mesh-control-plane.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Service Mesh 架构图","attributes":{},"skip":false,"key":"6.3.2"},{"backlink":"usecases/service-mesh.html#fig6.3.3","level":"6.3","list_caption":"Figure: Istio vs linkerd","alt":"Istio vs linkerd","nro":124,"url":"../images/istio-vs-linkerd.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Istio vs linkerd","attributes":{},"skip":false,"key":"6.3.3"},{"backlink":"usecases/istio.html#fig6.3.1.1","level":"6.3.1","list_caption":"Figure: Istio架构图","alt":"Istio架构图","nro":125,"url":"../images/istio-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Istio架构图","attributes":{},"skip":false,"key":"6.3.1.1"},{"backlink":"usecases/istio-installation.html#fig6.3.1.1.1","level":"6.3.1.1","list_caption":"Figure: BookInfo Sample应用架构图","alt":"BookInfo Sample应用架构图","nro":126,"url":"../images/bookinfo-sample-arch.png","index":1,"caption_template":"图片 - _CAPTION_","label":"BookInfo Sample应用架构图","attributes":{},"skip":false,"key":"6.3.1.1.1"},{"backlink":"usecases/istio-installation.html#fig6.3.1.1.2","level":"6.3.1.1","list_caption":"Figure: BookInfo Sample页面","alt":"BookInfo Sample页面","nro":127,"url":"../images/bookinfo-sample.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"BookInfo Sample页面","attributes":{},"skip":false,"key":"6.3.1.1.2"},{"backlink":"usecases/istio-installation.html#fig6.3.1.1.3","level":"6.3.1.1","list_caption":"Figure: Istio Grafana界面","alt":"Istio Grafana界面","nro":128,"url":"../images/istio-grafana.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Istio Grafana界面","attributes":{},"skip":false,"key":"6.3.1.1.3"},{"backlink":"usecases/istio-installation.html#fig6.3.1.1.4","level":"6.3.1.1","list_caption":"Figure: Prometheus页面","alt":"Prometheus页面","nro":129,"url":"../images/istio-prometheus.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Prometheus页面","attributes":{},"skip":false,"key":"6.3.1.1.4"},{"backlink":"usecases/istio-installation.html#fig6.3.1.1.5","level":"6.3.1.1","list_caption":"Figure: Zipkin页面","alt":"Zipkin页面","nro":130,"url":"../images/istio-zipkin.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Zipkin页面","attributes":{},"skip":false,"key":"6.3.1.1.5"},{"backlink":"usecases/istio-installation.html#fig6.3.1.1.6","level":"6.3.1.1","list_caption":"Figure: ServiceGraph页面","alt":"ServiceGraph页面","nro":131,"url":"../images/istio-servicegraph.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"ServiceGraph页面","attributes":{},"skip":false,"key":"6.3.1.1.6"},{"backlink":"usecases/install-and-expand-istio-mesh.html#fig6.3.1.3.1","level":"6.3.1.3","list_caption":"Figure: BookInfo","alt":"BookInfo","nro":132,"url":"../images/noistio.png","index":1,"caption_template":"图片 - _CAPTION_","label":"BookInfo","attributes":{},"skip":false,"key":"6.3.1.3.1"},{"backlink":"usecases/install-and-expand-istio-mesh.html#fig6.3.1.3.2","level":"6.3.1.3","list_caption":"Figure: BookInfo","alt":"BookInfo","nro":133,"url":"../images/noistio.png","index":2,"caption_template":"图片 - _CAPTION_","label":"BookInfo","attributes":{},"skip":false,"key":"6.3.1.3.2"},{"backlink":"usecases/integrating-vms.html#fig6.3.1.4.1","level":"6.3.1.4","list_caption":"Figure: Bookinfo应用的拓展Mesh","alt":"Bookinfo应用的拓展Mesh","nro":134,"url":"../images/istio-mesh-expansion.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Bookinfo应用的拓展Mesh","attributes":{},"skip":false,"key":"6.3.1.4.1"},{"backlink":"usecases/linkerd.html#fig6.3.2.1","level":"6.3.2","list_caption":"Figure: source https://linkerd.io","alt":"source https://linkerd.io","nro":135,"url":"../images/diagram-individual-instance.png","index":1,"caption_template":"图片 - _CAPTION_","label":"source https://linkerd.io","attributes":{},"skip":false,"key":"6.3.2.1"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.2.1.1","level":"6.3.2.1","list_caption":"Figure: Jenkins pipeline","alt":"Jenkins pipeline","nro":136,"url":"../images/linkerd-jenkins-pipeline.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Jenkins pipeline","attributes":{},"skip":false,"key":"6.3.2.1.1"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.2.1.2","level":"6.3.2.1","list_caption":"Figure: Jenkins config","alt":"Jenkins config","nro":137,"url":"../images/linkerd-jenkins.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Jenkins config","attributes":{},"skip":false,"key":"6.3.2.1.2"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.2.1.3","level":"6.3.2.1","list_caption":"Figure: namerd","alt":"namerd","nro":138,"url":"../images/namerd-internal.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"namerd","attributes":{},"skip":false,"key":"6.3.2.1.3"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.2.1.4","level":"6.3.2.1","list_caption":"Figure: linkerd监控","alt":"linkerd监控","nro":139,"url":"../images/linkerd-helloworld-outgoing.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"linkerd监控","attributes":{},"skip":false,"key":"6.3.2.1.4"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.2.1.5","level":"6.3.2.1","list_caption":"Figure: linkerd监控","alt":"linkerd监控","nro":140,"url":"../images/linkerd-helloworld-incoming.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"linkerd监控","attributes":{},"skip":false,"key":"6.3.2.1.5"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.2.1.6","level":"6.3.2.1","list_caption":"Figure: linkerd性能监控","alt":"linkerd性能监控","nro":141,"url":"../images/linkerd-grafana.png","index":6,"caption_template":"图片 - _CAPTION_","label":"linkerd性能监控","attributes":{},"skip":false,"key":"6.3.2.1.6"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.2.1.7","level":"6.3.2.1","list_caption":"Figure: Linkerd ingress controller","alt":"Linkerd ingress controller","nro":142,"url":"../images/linkerd-ingress-controller.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"Linkerd ingress controller","attributes":{},"skip":false,"key":"6.3.2.1.7"},{"backlink":"usecases/conduit-installation.html#fig6.3.3.2.1","level":"6.3.3.2","list_caption":"Figure: Conduit dashboard","alt":"Conduit dashboard","nro":143,"url":"../images/conduit-dashboard.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Conduit dashboard","attributes":{},"skip":false,"key":"6.3.3.2.1"},{"backlink":"usecases/big-data.html#fig6.4.1","level":"6.4","list_caption":"Figure: Spark on yarn with kubernetes","alt":"Spark on yarn with kubernetes","nro":144,"url":"../images/spark-on-yarn-with-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Spark on yarn with kubernetes","attributes":{},"skip":false,"key":"6.4.1"},{"backlink":"usecases/big-data.html#fig6.4.2","level":"6.4","list_caption":"Figure: 在kubernetes上使用多种调度方式","alt":"在kubernetes上使用多种调度方式","nro":145,"url":"../images/spark-on-kubernetes-with-different-schedulers.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"在kubernetes上使用多种调度方式","attributes":{},"skip":false,"key":"6.4.2"},{"backlink":"usecases/spark-standalone-on-kubernetes.html#fig6.4.1.1","level":"6.4.1","list_caption":"Figure: spark master ui","alt":"spark master ui","nro":146,"url":"../images/spark-ui.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"spark master ui","attributes":{},"skip":false,"key":"6.4.1.1"},{"backlink":"usecases/spark-standalone-on-kubernetes.html#fig6.4.1.2","level":"6.4.1","list_caption":"Figure: zeppelin ui","alt":"zeppelin ui","nro":147,"url":"../images/zeppelin-ui.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"zeppelin ui","attributes":{},"skip":false,"key":"6.4.1.2"},{"backlink":"usecases/serverless.html#fig6.5.1","level":"6.5","list_caption":"Figure: 从物理机到函数计算","alt":"从物理机到函数计算","nro":148,"url":"../images/from-bare-metal-to-functions.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"从物理机到函数计算","attributes":{},"skip":false,"key":"6.5.1"},{"backlink":"usecases/serverless.html#fig6.5.2","level":"6.5","list_caption":"Figure: FaaS Landscape","alt":"FaaS Landscape","nro":149,"url":"../images/redpoint-faas-landscape.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"FaaS Landscape","attributes":{},"skip":false,"key":"6.5.2"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.1","level":"6.5.1","list_caption":"Figure: 服务端软件的运行环境","alt":"服务端软件的运行环境","nro":150,"url":"../images/serverless-server-side-software.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"服务端软件的运行环境","attributes":{},"skip":false,"key":"6.5.1.1"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.2","level":"6.5.1","list_caption":"Figure: FaaS应用架构","alt":"FaaS应用架构","nro":151,"url":"../images/serverless-faas-platform.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"FaaS应用架构","attributes":{},"skip":false,"key":"6.5.1.2"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.3","level":"6.5.1","list_caption":"Figure: 传统应用程序架构","alt":"传统应用程序架构","nro":152,"url":"../images/non-serverless-game-arch.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"传统应用程序架构","attributes":{},"skip":false,"key":"6.5.1.3"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.4","level":"6.5.1","list_caption":"Figure: Serverless架构","alt":"Serverless架构","nro":153,"url":"../images/serverless-game-arch.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Serverless架构","attributes":{},"skip":false,"key":"6.5.1.4"},{"backlink":"usecases/openfaas-quick-start.html#fig6.5.2.1.1","level":"6.5.2.1","list_caption":"Figure: OpenFaaS架构","alt":"OpenFaaS架构","nro":154,"url":"../images/openfaas-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"OpenFaaS架构","attributes":{},"skip":false,"key":"6.5.2.1.1"},{"backlink":"usecases/openfaas-quick-start.html#fig6.5.2.1.2","level":"6.5.2.1","list_caption":"Figure: OpenFaaS Prometheus","alt":"OpenFaaS Prometheus","nro":155,"url":"../images/openfaas-prometheus.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"OpenFaaS Prometheus","attributes":{},"skip":false,"key":"6.5.2.1.2"},{"backlink":"usecases/openfaas-quick-start.html#fig6.5.2.1.3","level":"6.5.2.1","list_caption":"Figure: OpenFaas Grafana监控","alt":"OpenFaas Grafana监控","nro":156,"url":"../images/openfaas-grafana.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"OpenFaas Grafana监控","attributes":{},"skip":false,"key":"6.5.2.1.3"},{"backlink":"usecases/openfaas-quick-start.html#fig6.5.2.1.4","level":"6.5.2.1","list_caption":"Figure: OpenFaas Dashboard","alt":"OpenFaas Dashboard","nro":157,"url":"../images/openfaas-deploy-a-function.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"OpenFaas Dashboard","attributes":{},"skip":false,"key":"6.5.2.1.4"},{"backlink":"usecases/openfaas-quick-start.html#fig6.5.2.1.5","level":"6.5.2.1","list_caption":"Figure: NodeInfo执行结果","alt":"NodeInfo执行结果","nro":158,"url":"../images/openfaas-nodeinfo.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"NodeInfo执行结果","attributes":{},"skip":false,"key":"6.5.2.1.5"},{"backlink":"develop/sigs-and-working-group.html#fig7.2.1","level":"7.2","list_caption":"Figure: Kubernetes SIG","alt":"Kubernetes SIG","nro":159,"url":"../images/kubernetes-sigs.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes SIG","attributes":{},"skip":false,"key":"7.2.1"},{"backlink":"develop/client-go-sample.html#fig7.5.1","level":"7.5","list_caption":"Figure: 使用kubernetes dashboard进行故障排查","alt":"使用kubernetes dashboard进行故障排查","nro":160,"url":"../images/kubernetes-client-go-sample-update.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"使用kubernetes dashboard进行故障排查","attributes":{},"skip":false,"key":"7.5.1"},{"backlink":"appendix/issues.html#fig8.6.1","level":"8.6","list_caption":"Figure: pvc-storage-limit","alt":"pvc-storage-limit","nro":161,"url":"../images/pvc-storage-limit.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"pvc-storage-limit","attributes":{},"skip":false,"key":"8.6.1"}]},"title":"Kubernetes Handbook - jimmysong.io","language":"zh-hans","links":{"sidebar":{"Jimmy Song":"https://jimmysong.io"}},"gitbook":"*","description":"Kubernetes中文指南/实践手册|kubernetes handbook|jimmysong.io|宋净超"},"file":{"path":"practice/create-tls-and-secret-key.md","mtime":"2017-11-09T09:50:24.041Z","type":"markdown"},"gitbook":{"version":"3.2.2","time":"2018-01-03T08:13:13.831Z"},"basePath":"..","book":{"language":""}});
});
</script>
</div>
<script src="../gitbook/gitbook.js"></script>
<script src="../gitbook/theme.js"></script>
<script src="../gitbook/gitbook-plugin-github/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-splitter/splitter.js"></script>
<script src="../gitbook/gitbook-plugin-page-toc-button/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-editlink/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-back-to-top-button/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js"></script>
<script src="../gitbook/gitbook-plugin-search-plus/search.js"></script>
<script src="../gitbook/gitbook-plugin-github-buttons/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-3-ba/plugin.js"></script>
<script src="../gitbook/gitbook-plugin-sharing/buttons.js"></script>
<script src="../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
</body>
</html>