84、 k8s的pod基础+https-harbor

一、pod基础:

pod进阶:探针(面试必问—扩缩容,挂载)

1.1、pod的定义

pod是k8s里面的最小单位,pod也是最小运行容器的资源对象。

容器时基于pod在k8s集群当中工作。

在k8s集群当中,一个pod就代表一个运行的进程,k8s的大部分组件都是围绕pod来进行的,对pod进行支撑,扩展。

deployment service都是围绕pod来进行部署的。

1.2、k8s的pod的两种使用方式:

1、一个pod一个容器,这是最常见的方式,k8s管理的是pod,不是容器。

2、一个pod里面有多个容器。多个容器,也是共享网络,挂载卷。

现在的容器的技术要求,一个pod下的必须运行在同一个节点上。

共享网络,挂载卷并不是pod自身提供的功能。

pause容器提供的共享和挂载卷共享。

[root@master01 ~]# kubectl run --image=nginx:1.22 test1
pod/test1 created
[root@master01 ~]# kubectl get pod -o wide
NAME    READY   STATUS    RESTARTS   AGE   IP            NODE     NOMINATED NODE   READINESS GATES
test1   1/1     Running   0          61s   10.244.2.70   node02   <none>           <none>

在这里插入图片描述

pause管理系统重要的组件

在这里插入图片描述

1.3、pod的分类

1、基础容器-------pause

共享网络和共享挂载卷

2、初始化容器:

这种初始化容器包含在pod容器内部的,属于pod的组成部分之一,而且伴随着pod生命周期当中的一个环节:启动环节。

当我们拉起一个pod时,先构建pause,构建完成之后,如果包含初始化容器,必须要等初始化容器部署完成之后,才会部署应用容器。

1.3.1、1、3个容器怎么查看

kubectl exec -it init-pod(pod的名称) -c centos2(容器名)
初始化容器运行完成之后,使命完成之后即退出,节点上的容器还在,这个时候只能查询到业务容器的日志和状态。
初始化容器运行完毕之后必须要退出,否则后续的容器无法继续构建。
查看日志:kubectl logs -f init-pod(pod的名称) -c centos2(容器名)

1.3.2、启动的先后顺序

先有初始化的容器,再启动业务容器。
#初始化启动失败,pod能否进入ready状态

[root@master01 k8s-yaml]# vim init.yml第一种:业务容器在后
apiVersion: v1
kind: Pod
metadata:name: init-podlabels:app: test1
spec:initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器- name: centos1image: centos:7command: ["/bin/bash","-c","echo 123 > /opt/123.txt && sleep 2"]
#多个命令   :用逻辑或,&&表示逻辑且- name: centos2image: centos:7command: ["/bin/bash","-c","echo 345 > /opt/345.txt && sleep 50"]containers:- name: centos3image: centos:7command: ["/bin/bash","-c","echo system is running && sleep 3600"]
#1、3个容器怎么查看
kubectl exec -it init-pod(pod的名称) -c centos2(容器名)
初始化容器运行完成之后,使命完成之后即退出,节点上的容器还在,这个时候只能查询到业务容器的日志和状态。
初始化容器运行完毕之后必须要退出,否则后续的容器无法继续构建。
查看日志:kubectl logs -f init-pod -c centos2
#2、启动的先后顺序, 
先有初始化的容器,再启动业务容器。
#初始化启动失败,pod能否进入ready状态[root@master01 k8s-yaml]# kubectl apply -f init.yml 
pod/init-pod created
[root@master01 k8s-yaml]# kubectl get pod -o wide
[root@master01 k8s-yaml]# kubectl describe pod init-pod Events:Type    Reason     Age   From               Message----    ------     ----  ----               -------Normal  Scheduled  55s   default-scheduler  Successfully assigned default/init-pod to node02Normal  Pulled     54s   kubelet            Container image "centos:7" already present on machineNormal  Created    54s   kubelet            Created container centos1Normal  Started    54s   kubelet            Started container centos1Normal  Pulled     52s   kubelet            Container image "centos:7" already present on machineNormal  Created    52s   kubelet            Created container centos2Normal  Started    52s   kubelet            Started container centos2Normal  Pulled     2s    kubelet            Container image "centos:7" already present on machineNormal  Created    2s    kubelet            Created container centos3Normal  Started    2s    kubelet            Started container centos3第二种:业务容器在前
[root@master01 k8s-yaml]# vim init.ymlapiVersion: v1
kind: Pod
metadata:name: init-podlabels:app: test1
spec:containers:- name: centos3image: centos:7command: ["/bin/bash","-c","echo system is running && sleep 3600"]initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器- name: centos1image: centos:7command: ["/bin/bash","-c","echo 123 > /opt/123.txt && sleep 2"]
#多个命令   :用逻辑或,&&表示逻辑且- name: centos2image: centos:7command: ["/bin/bash","-c","echo 345 > /opt/345.txt && sleep 50"]
[root@master01 k8s-yaml]# kubectl apply -f init.yml [root@master01 k8s-yaml]# kubectl get pod
NAME        READY   STATUS    RESTARTS   AGE
init-pod    1/1     Running   0          107s[root@master01 k8s-yaml]# kubectl describe pod init-pod Events:Type    Reason     Age    From               Message----    ------     ----   ----               -------Normal  Scheduled  3m6s   default-scheduler  Successfully assigned default/init-pod to node02Normal  Pulled     3m6s   kubelet            Container image "centos:7" already present on machineNormal  Created    3m6s   kubelet            Created container centos1Normal  Started    3m6s   kubelet            Started container centos1Normal  Pulled     3m4s   kubelet            Container image "centos:7" already present on machineNormal  Created    3m4s   kubelet            Created container centos2Normal  Started    3m4s   kubelet            Started container centos2Normal  Pulled     2m13s  kubelet            Container image "centos:7" already present on machineNormal  Created    2m13s  kubelet            Created container centos3Normal  Started    2m13s  kubelet            Started container centos3
进入容器
kubectl exec -it init-pod(pod名称) -c centos2(容器)
查看日志
kubectl logs -f init-pod(pod名称) -c centos2(容器)
初始化nginx容器一直再运行,容器启动不了
[root@master01 k8s-yaml]# vim init1.yml apiVersion: v1
kind: Pod
metadata:name: init1-podlabels:app: test1
spec:initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器- name: nginx1image: nginx:1.22
#多个命令   :用逻辑或,&&表示逻辑且- name: nginx2image: nginx:1.22containers:- name: nginx3image: nginx:1.22[root@master01 k8s-yaml]# kubectl apply -f init1.yml 
[root@master01 k8s-yaml]# kubectl get pod -o wide
[root@master01 k8s-yaml]# kubectl describe pod init1-pod
Events:Type    Reason     Age    From               Message----    ------     ----   ----               -------Normal  Scheduled  2m33s  default-scheduler  Successfully assigned default/init1-pod to node01Normal  Pulled     2m33s  kubelet            Container image "nginx:1.22" already present on machineNormal  Created    2m33s  kubelet            Created container nginx1Normal  Started    2m33s  kubelet            Started container nginx1
command–/bin/bash命令进行覆盖
[root@master01 k8s-yaml]# vim init1.yml apiVersion: v1
kind: Pod
metadata:name: init1-podlabels:app: test1
spec:initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器- name: nginx1image: nginx:1.22command: ["/bin/bash","-c","touch /opt/123.txt"]
#多个命令   :用逻辑或,&&表示逻辑且- name: nginx2image: nginx:1.22command: ["/bin/bash","-c","touch /opt/123.txt"]containers:- name: nginx3image: nginx:1.22command: ["/bin/bash","-c","touch /opt/123.txt"][root@master01 k8s-yaml]# kubectl apply -f init1.yml --force
[root@master01 k8s-yaml]# kubectl get pod -o wide
[root@master01 k8s-yaml]# kubectl describe pod init1-pod Events:Type     Reason     Age                From               Message----     ------     ----               ----               -------Normal   Scheduled  86s                default-scheduler  Successfully assigned default/init1-pod to node01Normal   Pulled     86s                kubelet            Container image "nginx:1.22" already present on machineNormal   Created    85s                kubelet            Created container nginx1Normal   Started    85s                kubelet            Started container nginx1Normal   Pulled     85s                kubelet            Container image "nginx:1.22" already present on machineNormal   Created    85s                kubelet            Created container nginx2Normal   Started    84s                kubelet            Started container nginx2Normal   Pulled     39s (x4 over 84s)  kubelet            Container image "nginx:1.22" already present on machineNormal   Created    39s (x4 over 83s)  kubelet            Created container nginx3Normal   Started    39s (x4 over 83s)  kubelet            Started container nginx3Warning  BackOff    14s (x7 over 81s)  kubelet            Back-off restarting failed container[root@master01 k8s-yaml]# kubectl exec -it init1-pod -c nginx3 bash  ##已经退出,进去[root@master01 k8s-yaml]# vim init1.yml apiVersion: v1
kind: Pod
metadata:name: init1-podlabels:app: test1
spec:initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器- name: nginx1image: nginx:1.22command: ["/bin/bash","-c","touch /opt/123.txt"]
#多个命令   :用逻辑或,&&表示逻辑且- name: nginx2image: nginx:1.22command: ["/bin/bash","-c","touch /opt/123.txt"]containers:- name: nginx3image: nginx:1.22[root@master01 k8s-yaml]# kubectl apply -f init1.yml --force
[root@master01 k8s-yaml]# kubectl get pod -o wide
[root@master01 k8s-yaml]# kubectl describe pod init1-pod 
Events:Type    Reason     Age   From               Message----    ------     ----  ----               -------Normal  Scheduled  44s   default-scheduler  Successfully assigned default/init1-pod to node01Normal  Pulled     43s   kubelet            Container image "nginx:1.22" already present on machineNormal  Created    43s   kubelet            Created container nginx1Normal  Started    43s   kubelet            Started container nginx1Normal  Pulled     43s   kubelet            Container image "nginx:1.22" already present on machineNormal  Created    43s   kubelet            Created container nginx2Normal  Started    43s   kubelet            Started container nginx2Normal  Pulled     42s   kubelet            Container image "nginx:1.22" already present on machineNormal  Created    42s   kubelet            Created container nginx3Normal  Started    42s   kubelet            Started container nginx3[root@master01 k8s-yaml]# kubectl exec -it init1-pod -c nginx3 bash  ##-c 登录容器
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@init1-pod:/# 
root@init1-pod:/# exit
exit[root@master01 k8s-yaml]# kubectl logs -f init1-pod -c nginx3      ##查看容器日志
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/08/30 03:06:28 [notice] 1#1: using the "epoll" event method
2024/08/30 03:06:28 [notice] 1#1: nginx/1.22.1
2024/08/30 03:06:28 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 
2024/08/30 03:06:28 [notice] 1#1: OS: Linux 3.10.0-957.el7.x86_64
2024/08/30 03:06:28 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 65536:65536
2024/08/30 03:06:28 [notice] 1#1: start worker processes
2024/08/30 03:06:28 [notice] 1#1: start worker process 29
2024/08/30 03:06:28 [notice] 1#1: start worker process 30
2024/08/30 03:06:28 [notice] 1#1: start worker process 31
2024/08/30 03:06:28 [notice] 1#1: start worker process 32
错误的初始化nginx容器启动失败,后续的业务容器也起不来
[root@master01 k8s-yaml]# vim init1.yml apiVersion: v1
kind: Pod
metadata:name: init1-podlabels:app: test1
spec:initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器- name: nginx1image: nginx:1.22command: ["/bin/bash","-c","touch /uipt/123.txt"]
#多个命令   :用逻辑或,&&表示逻辑且- name: nginx2image: nginx:1.22command: ["/bin/bash","-c","touch /opt/123.txt"]containers:- name: nginx3image: nginx:1.22
[root@master01 k8s-yaml]# kubectl apply -f init1.yml --force
[root@master01 k8s-yaml]# kubectl describe pod init1-pod Events:Type     Reason     Age              From               Message----     ------     ----             ----               -------Normal   Scheduled  7s               default-scheduler  Successfully assigned default/init1-pod to node01Normal   Pulled     6s (x2 over 7s)  kubelet            Container image "nginx:1.22" already present on machineNormal   Created    6s (x2 over 7s)  kubelet            Created container nginx1Normal   Started    6s (x2 over 7s)  kubelet            Started container nginx1Warning  BackOff    4s (x2 over 5s)  kubelet            Back-off restarting failed container
[root@master01 k8s-yaml]# kubectl get pod
NAME        READY   STATUS                  RESTARTS   AGE
init-pod    1/1     Running                 0          39m
init1-pod   0/1     Init:CrashLoopBackOff   2          35s

1.4、init容器的作用:

1、创建pod的时候,可以位业务容器初始化运行条件以及提供环境变量和一些软件(自定义)

2、权限,初始化容器可以访问Serects权限,不需要配置。业务容器必须要配置之后才能访问serect。

可以业务容器运行之前,提供一些必要的条件,前置条件满足之后,业务容器才会运行。

1.5、镜像拉取策略:

1、IfNotPresent:镜像在本地已经存在,就不会到镜像仓库再一次拉取镜像。(默认方式)
2、Always: 每次创建pod都会拉取镜像
3、Never:从来不去仓库拉取镜像,只使用本地镜像

镜像的标签:nginx:1.22 nginx 1.22

如果不加标签 nginx 默认 nginx:laster laster指的是最新版

如果没有镜像拉取策略,默认策略就默认策略就是IfNotPresent,但是如果镜像没有指定标签,即使没有声明镜像的拉取策略。默认就是始终。

nginx:1.22----IfNotPresent-------指定版本号镜像拉取策略就是IfNotPresent

nginx:laster----Always-------不指定版本号镜像拉取策略就是Always

[root@master01 k8s-yaml]# vim init.yml apiVersion: v1
kind: Pod
metadata:name: init-podlabels:app: test1
spec:volumes:- name: testdataemptyDir: {}initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器- name: centos1image: centos:7command: ["/bin/bash","-c","echo 123 > /opt/data/123.txt && sleep 2"]
#多个命令   :用逻辑或,&&表示逻辑且volumeMounts:- name: testdatamountPath: /opt/data- name: centos2image: centos:7command: ["/bin/bash","-c","echo 345 > /opt/data/345.txt && sleep 50"]volumeMounts:- name: testdatamountPath: /opt/datacontainers:- name: centos3image: centos:7command: ["/bin/bash","-c","echo 567 > /opt/data/567.txt && sleep 3600"]volumeMounts:- name: testdatamountPath: /opt/data[root@master01 k8s-yaml]# kubectl apply -f init.yml --force[root@master01 k8s-yaml]# kubectl describe pod init-pod [root@master01 k8s-yaml]# kubectl get pod
NAME        READY   STATUS                  RESTARTS   AGE
init-pod    0/1     Init:1/2                0          44s
init1-pod   0/1     Init:CrashLoopBackOff   7          11m
[root@master01 k8s-yaml]# kubectl get pod
NAME        READY   STATUS                  RESTARTS   AGE
init-pod    0/1     PodInitializing         0          54s
init1-pod   0/1     Init:CrashLoopBackOff   7          11m
[root@master01 k8s-yaml]# kubectl exec -it init-pod bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[root@init-pod /]# cd /opt/
[root@init-pod opt]# ls
data
[root@init-pod opt]# cd data/
[root@init-pod data]# ls
123.txt  345.txt  567.txt
[root@init-pod data]# cat 123.txt 
123
镜像拉取策略imagePullPolicy: Always
[root@master01 k8s-yaml]# vim init2.yml apiVersion: v1
kind: Pod
metadata:name: init2-podlabels:app: test1
spec:containers:- name: centos3image: centos:7imagePullPolicy: Always
~                             
[root@master01 k8s-yaml]# kubectl apply -f init2.yml --force
[root@master01 k8s-yaml]# kubectl describe pod init2-pod Events:Type     Reason     Age                   From               Message----     ------     ----                  ----               -------Normal   Scheduled  3m19s                 default-scheduler  Successfully assigned default/init2-pod to node02Normal   Pulled     2m31s                 kubelet            Successfully pulle
镜像拉取策略imagePullPolicy: Never
[root@master01 k8s-yaml]# vim init2.yml apiVersion: v1
kind: Pod
metadata:name: init2-podlabels:app: test1
spec:containers:- name: centos3image: centosimagePullPolicy: Never
[root@master01 k8s-yaml]# kubectl apply -f init2.yml --force
[root@master01 k8s-yaml]# kubectl describe pod init2-pod 
Events:Type     Reason     Age               From               Message----     ------     ----              ----               -------Normal   Scheduled  10s               default-scheduler  Successfully assigned default/init2-pod to node02Normal   Pulled     9s (x2 over 10s)  kubelet            Container image "centos" already present on machineNormal   Created    9s (x2 over 10s)  kubelet            Created container centos3Normal   Started    9s (x2 over 10s)  kubelet            Started container centos3Warning  BackOff    7s (x2 over 8s)   kubelet            Back-off restarting failed container
镜像拉取策略imagePullPolicy: IfNotPresent
[root@master01 k8s-yaml]# vim init2.yml apiVersion: v1
kind: Pod
metadata:name: init2-podlabels:app: test1
spec:containers:- name: centos3image: centos:7imagePullPolicy: IfNotPresent    [root@master01 k8s-yaml]# kubectl describe pod init2-pod Events:Type     Reason     Age                From               Message----     ------     ----               ----               -------Normal   Scheduled  34s                default-scheduler  Successfully assigned default/init2-pod to node02Normal   Pulled     16s (x3 over 34s)  kubelet            Container image "centos:7" already present on machine
镜像拉取策略imagePullPolicy: IfNotPresent----未指定版本
[root@master01 k8s-yaml]# vim init2.yml apiVersion: v1
kind: Pod
metadata:name: init2-podlabels:app: test1
spec:containers:- name: centos3image: centosimagePullPolicy: IfNotPresent
[root@master01 k8s-yaml]# kubectl apply -f init2.yml --force
[root@master01 k8s-yaml]# kubectl describe pod init2-pod 
Events:Type     Reason     Age                From               Message----     ------     ----               ----               -------Normal   Scheduled  14s                default-scheduler  Successfully assigned default/init2-pod to node02Normal   Pulled     12s (x2 over 13s)  kubelet            Container image "centos" already present on machineNormal   Created    12s (x2 over 13s)  kubelet            Created container centos3Normal   Started    12s (x2 over 13s)  kubelet            Started container centos3Warning  BackOff    10s (x2 over 11s)  kubelet            Back-off restarting failed container
镜像拉取策略未指定版本,未指定策略
[root@master01 k8s-yaml]# vim init2.yml apiVersion: v1
kind: Pod
metadata:name: init2-podlabels:app: test1
spec:containers:- name: centos3image: centos# imagePullPolicy: IfNotPresent [root@master01 k8s-yaml]# kubectl apply -f init2.yml --force
[root@master01 k8s-yaml]# kubectl describe pod init2-pod 
Events:Type     Reason     Age              From               Message----     ------     ----             ----               -------Normal   Scheduled  7s               default-scheduler  Successfully assigned default/init2-pod to node02Normal   Pulling    5s (x2 over 7s)  kubelet            Pulling image "centos"
[root@master01 k8s-yaml]# kubectl describe pod init2-pod 
Events:Type     Reason     Age                From               Message----     ------     ----               ----               -------Normal   Scheduled  86s                default-scheduler  Successfully assigned default/init2-pod to node02Normal   Pulled     84s                kubelet            Successfully pulled image "centos" in 1.127308104sNormal   Pulled     83s                kubelet            Successfully pulled image "centos" in 1.190259011sNormal   Pulled     66s                kubelet            Successfully pulled image "centos" in 1.472428673s

二、https就是加密的http

端口443

tcp,建立连接和普通的tcp是一样的

三次握手------->SSL/TCL握手,握手过程是为了建立安全的加密通信通道

SSL/TCL握手的过程:

1、客户端向服务端发送一个信息,包含客户端支持的SSL/TCL的协议版本,加密算法的列表,随机数等等。

2、服务端收到消息之后,回复客户端,确认使用的SSL/TCL的加密版本,加密算法,发送随机数给客户端

发送随机数是为了双方确认身份。

3、服务端发送数字证书给客户端,数字证书包含服务器的公匙

数字证书.……买,第二种,服务器自己签发(自己做)客户端有了公钥之后,就可以确认服务器的真实身份。

4、密钥交换,服务端和客户端协商一个对称加密的密钥,用于后续的加密通信。密钥怎么生成:服务器的公钥加密之后生成客户端的对称密钥,然后服务器解密,得到密钥。

5、只有上述完成之后,服务端和客户端才能进行加密的通信。加密的本质就是服务器和客户端之间互相认证的密钥对。

在这里插入图片描述

三、https和docker harbor仓库:

------------------安装docker------------------[root@k8s4 ~]#systemctl stop firewalld[root@k8s4 ~]#setenforce 0yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install -y docker-ce-24.0.1 docker-ce-cli-24.0.1 containerd.io[root@k8s4 ~]#vim /etc/docker/daemon.json {"registry-mirrors": ["https://hub-mirror.c.163.com","https://docker.m.daocloud.io","https://ghcr.io","https://mirror.baidubce.com","https://docker.nju.edu.cn"]
}[root@k8s4 ~]# systemctl daemon-reload 
[root@k8s4 ~]# systemctl restart docker
[root@k8s4 ~]# systemctl enable docker
------------------------------------------------------------------安装docker-compose、harbor-offline-installer-------------------------
[root@k8s4 ~]# cd /opt/
[root@k8s4 opt]# rz -E
rz waiting to receive.
[root@k8s4 opt]# rz -E
rz waiting to receive.
[root@k8s4 opt]# ls
containerd                   harbor-offline-installer-v2.8.1.tgz  test
docker-compose-linux-x86_64  jenkins-2.396-1.1.noarch.rpm
[root@k8s4 opt]#  mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
[root@k8s4 opt]# chmod +x /usr/local/bin/docker-compose
[root@k8s4 opt]# tar zxvf harbor-offline-installer-v2.8.1.tgz
harbor/harbor.v2.8.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
--------------------安装完成---------------------------------------制作https-------------------
[root@k8s4 harbor]# cp harbor.yml.tmpl harbor.yml
[root@k8s4 harbor]# mkdir -p /data/cert
[root@k8s4 harbor]# cd /data/cert/
[root@k8s4 cert]# ls
[root@k8s4 cert]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
................................................................+++
...............................................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:123456
Verifying - Enter pass phrase for server.key:123456解释:
openssl genrsa -des3 -out server.key 2048openssl :生成RSA的密钥genrsa 生成RSA的密钥-des3 :DES的加密算法对私钥进程加密-out server.key :私钥文件的文件名2048:指定 RSA 密钥的位数为 2048 位根据私钥文件按签发请求文件:
[root@k8s4 cert]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:123456
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:JS
Locality Name (eg, city) [Default City]:NJ
Organization Name (eg, company) [Default Company Ltd]:XY
Organizational Unit Name (eg, section) []:XY
Common Name (eg, your name or your server's hostname) []:hub.dn.com
Email Address []:admin@qq.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@k8s4 cert]# ls
server.csr  server.key
[root@k8s4 cert]# cp server.key server.key.org
[root@k8s4 cert]# ls
server.csr  server.key  server.key.org
[root@k8s4 cert]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:123456
writing RSA key
[root@k8s4 cert]# openssl x509 -req -days 1000 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=JS/L=NJ/O=XY/OU=XY/CN=hub.dn.com/emailAddress=admin@qq.com
Getting Private key解释:
openssl x509 -req -days 1000 -in server.csr -signkey server.key -out server.crt对证书进行签名:x509:x509证书是openssl常用的公钥证书的标准-req:输入的文件内置一个证书签名请求,CSR来对CRT文件进行签名证书-days 1000:证书的有效期是1000天-in server.csr指定证书签名请求文件.csr-signkey server.key :用私钥文件对生成的证书进行私自签名,私钥CSR中的公钥是匹配的-out server.crt:生成自签名证书文件[root@k8s4 cert]# chmod 777 /data/cert/*
[root@k8s4 cert]# ls
server.crt  server.csr  server.key  server.key.org
[root@k8s4 cert]# cd /opt/harbor/
[root@k8s4 harbor]# ls
common.sh             harbor.yml       install.sh  prepare
harbor.v2.8.1.tar.gz  harbor.yml.tmpl  LICENSE
[root@k8s4 harbor]# vim harbor.yml
harbor.yml       harbor.yml.tmpl  
[root@k8s4 harbor]# vim harbor.yml5 hostname: hub.test.com17   certificate: /data/cert/server.crt18   private_key: /data/cert/server.key34 harbor_admin_password: 123456
[root@k8s4 harbor]# ./prepare 
[root@k8s4 harbor]# ./install.sh 
[root@k8s4 /]# scp -r /data root@192.168.168.81:/
[root@k8s4 /]# scp -r /data root@192.168.168.82:/
[root@k8s4 /]# scp -r /data root@192.168.168.83:/
------------------https完成-----------------------------------三台k8s一起操作-----------------------
[root@master01 k8s-yaml]# mkdir -p /etc/docker/certs.d/hub.test.com
[root@master01 k8s-yaml]# cd /data/cert/
[root@master01 cert]# ls
server.crt  server.csr  server.key  server.key.org
[root@master01 cert]# cp server.crt server.csr server.key /etc/docker/certs.d/hub.test.com/
[root@master01 cert]# cd /etc/docker/certs.d/hub.test.com/
[root@master01 hub.test.com]# ls
server.crt  server.csr  server.key
[root@master01 hub.test.com]# vim /etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.168.81 master01
192.168.168.82 node01
192.168.168.83 node02
192.168.168.84 hub.test.com
[root@master01 hub.test.com]# vim /lib/systemd/system/docker.service前面已经做好映射,指定镜像仓库13 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=hub.test.com
[root@master01 hub.test.com]# systemctl daemon-reload 
[root@master01 hub.test.com]# systemctl restart docker[root@master01 hub.test.com]# docker login -u admin -p 123456 https://hub.test.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
--------------------结束同步操作---------------------
[root@node02 hub.test.com]# docker images
[root@node02 hub.test.com]# docker tag nginx:1.22 hub.test.com/test1/nginx:v1
[root@node02 hub.test.com]# docker push hub.test.com/test1/nginx:v1##此处删除标签镜像,是为了从远程仓库中拉取
[root@node02 hub.test.com]# docker rmi -f hub.test.com/test1/nginx:v1
Untagged: hub.test.com/test1/nginx:v1
Untagged: hub.test.com/test1/nginx@sha256:9081064712674ffcff7b7bdf874c75bcb8e5fb933b65527026090dacda36ea8b[root@master01 k8s-yaml]# vim init1.yml apiVersion: v1
kind: Pod
metadata:name: init1-podlabels:app: test1
spec:containers:- name: nginx1image: hub.test.com/test1/nginx:v1
[root@master01 k8s-yaml]# kubectl apply -f init1.yml
[root@master01 k8s-yaml]# kubectl get pod
[root@master01 k8s-yaml]# kubectl describe pod init1-pod Events:Type    Reason     Age   From               Message----    ------     ----  ----               -------Normal  Scheduled  10s   default-scheduler  Successfully assigned default/init1-pod to node02Normal  Pulling    10s   kubelet            Pulling image "hub.test.com/test1/nginx:v1"Normal  Pulled     10s   kubelet            Successfully pulled image "hub.test.com/test1/nginx:v1" in 84.327079msNormal  Created    10s   kubelet            Created container nginx1Normal  Started    10s   kubelet            Started container nginx1

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.rhkb.cn/news/415609.html

如若内容造成侵权/违法违规/事实不符,请联系长河编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

第二阶段:机器学习经典算法-02决策树与随机森林-1.决策树概述

该视频主要讲述了决策树与随机森林算法的基本概念和构造过程。决策树是一个树形结构&#xff0c;用于进行一系列的决策&#xff0c;可以用于分类和回归问题。随机森林算法是基于决策树的集成学习算法&#xff0c;通过构建多棵决策树并结合它们的预测结果来提高分类准确率。视频…

asp.net core web api项目添加自定义中间件

前言 在asp.net core web api项目中&#xff0c;默认提供了很多的中间件&#xff0c;比如访问静态文件中间件UseStaticFiles&#xff0c;跨域配置中间件UseCors&#xff0c;路由中间件UseRouting,身份验证中间件UseAuthentication。 那么如何添加一些自定义的中间件呢。 需求…

java SpringBoot 使用ijpay对接微信支付-商家转账到零钱

使用的maven版本&#xff1a;2.9.11 由于ijpay中提供的实体类没有设置回调参数的属性&#xff0c; 这里是自定义一个实体类:InitiateBatchTransferRequest代码如下&#xff1a; package com.foo.web.controller.pay.wxpay;import com.ijpay.wxpay.model.v3.TransferDetailInput…

【办公软件】Excel如何开n次方根

在文章&#xff1a;【分立元件】电阻的基础知识中我们学习电阻值、电阻值容差标注相关标准。知道了标准将电阻值标准数列化。因此电阻值并非1Ω、2Ω、3Ω那样的整数&#xff0c;而是2.2Ω、4.7Ω那样的小数。 这是因为电阻值以标准数(E系列)为准。系列的“E”是Exponent(指数)…

react vant 在使用dialog.confirm取消报错 Uncaught (in promise) undefined

项目场景&#xff1a; 在使用react做移动端开发时&#xff0c;需要使用Dialog.confirm确认框来做弹框选项&#xff0c;这是在操作中非常常用的一种场景。 问题描述 在列表中&#xff0c;使用弹框时&#xff0c;点击取消时&#xff0c;语法报错&#xff1b;导致后面再触发弹框…

【RabbitMQ之一:windows环境下安装RabbitMQ】

目录 一、下载并安装Erlang1、下载Erlang2、安装Erlang3、配置环境变量4、验证erlang是否安装成功 二、下载并安装RabbitMQ1、下载RabbitMQ2、安装RabbitMQ3、配置环境变量4、验证RabbitMQ是否安装成功5、启动RabbitMQ服务&#xff08;安装后服务默认自启动&#xff09; 三、安…

作业0903

1.封装栈 #include <iostream>using namespace std;class myStack { private:int size; // 大小int capacity;int *ptr;int top; // 栈顶下标 public:// 无参构造函数myStack():size(0), top(-1), capacity(10) {ptr new int[capacity];}// 有参构造函数myStack(in…

Linux Debian12使用flameshot或gnome-screenshot和ImageMagick垂直合并多张图片后组成一张滚动长图

在发布博客&#xff0c;有时需要滚动截长图&#xff0c;虽然在windows系统有滚动截长图的工具&#xff0c;例如&#xff1a;FastStone Capture等&#xff0c;但是Linux Debian系统&#xff0c;这种滚动截长图的工具没有找到合适的。经过自己筛选验证&#xff0c;发现Linux Debi…

基于Bert-base-chinese训练多分类文本模型(代码详解)

目录 一、简介 二、模型训练 三、模型推理 一、简介 BERT&#xff08;Bidirectional Encoder Representations from Transformers&#xff09;是基于深度学习在自然语言处理&#xff08;NLP&#xff09;领域近几年出现的、影响深远的创新模型之一。在BERT之前&#xff0c;已…

Allure报告下载不同格式的文件

支持类型&#xff1a; class AttachmentType(Enum):def __init__(self, mime_type, extension):self.mime_type mime_typeself.extension extensionTEXT ("text/plain", "txt")CSV ("text/csv", "csv")TSV ("text/tab-sep…

搭建 xxl-job 调度中心

文章目录 1、初始化“调度数据库”2、修改“调度中心”配置3、打包运行”调度中心“ 1、初始化“调度数据库” 请下载项目源码并解压&#xff0c;获取 “调度数据库初始化SQL脚本” 并执行即可。 “调度数据库初始化SQL脚本” 位置为&#xff1a;/xxl-job/doc/db/tables_xxl_j…

【Qt】QLCDNumber | QProgressBar | QCalendarWidget

文章目录 QLCDNumber —— 显示数字QLCDNumber 的属性QLCDNumber 的使用 QProgressBar —— 进度条QProgressBar 的属性创建一个进度条修改为 红色的进度条 QCalendarWidget —— 日历QCalendarWidget 的属性QCalendarWidget 的使用 QLCDNumber —— 显示数字 QLCDNumber 的属…

C++基础多态

目录 学习内容&#xff1a; 1. 多态 1.1 多态的实现 1.2 函数重写&#xff08;override&#xff09; 1.3 虚函数 1.4 使用多态实现的实例 1.5 虚函数的底层实现 1.6 重载&#xff08;voerload&#xff09;、重写&#xff08;override&#xff09;和隐藏&#xff08;h…

DeepWalk【图神经网络论文精读】笔记

链接: DeepWalk【图神经网络论文精读】_哔哩哔哩_bilibili [内容总结::] - deep walk 解决图嵌入问题&#xff1a;将结点压缩成低维向量随机游走&#xff08;类似NLP生成句子&#xff09; 优点与缺点: 相关学习资料 - word2vec 开山必读论文 - DeepWalk 论文阅读 - 代…

若楠带你初识OpenCV(1)-- 视频、图片基础处理,颜色获取

文章目录 OpenCV一、核心功能二、初识OpenCV1. 安装OpenCV2. 读取图片3. 读取灰度图4. 图片保存5. 视频文件读取6. 区域截取7. 提取RGB通道颜色8. 合并颜色通道 总结 OpenCV OpenCV&#xff08;Open Source Computer Vision Library&#xff09;是一个开源的计算机视觉和机器学…

MES 系统中工艺管理--工艺指令管理

一.生产系统柔性&#xff0c;高复用性需求。 工艺路线---------生产线 工序------工位 工艺指令-----具体工步 二.工艺指令分类 1、工艺要求支持配置指令、站点后在过点时&#xff0c;自动调用指令执行。物料、工步、人员作为预留设置&#xff1b; 2、指令主要分ABCD四类&…

Git基础教程:掌握版本控制的秘密

&#x1f308; 个人主页&#xff1a;Zfox_ &#x1f525; 系列专栏&#xff1a;C从入门到精通 目录 &#x1f680; 什么是Git &#x1f680; 在本系列博客中所实现的目标 一&#xff1a; &#x1f525; Git 初识 二&#xff1a; &#x1f525; Git 安装 &#x1f34a; Linux-c…

GAMES202——作业4 Kulla-Conty BRDF(BRDF的预计算、重要性采样)

目录 任务 实现 预计算E() 预计算Eavg Bonus1&#xff1a;重要性采样 在实时渲染中使用预计算数据 结果 任务 完成 Kulla-Conty BRDF 模型&#xff0c;关键在于计算 BRDF 的补偿项 f ms &#xff0c;而 f ms 的计算需要 E ( ) 和 E avg 两个前置变量。 1.预计算E() …

【pgAdmin4】创建/删除:数据库Database和数据库表Table

目录 0.环境 1.简介 2.详细步骤 1&#xff09;创建数据库 法一&#xff1a;UI界面创建 法二&#xff1a;sql语句创建数据库 2&#xff09;创建数据库表 查看数据库表 查看数据库表内容 法一&#xff1a;UI界面创建数据库表 法二&#xff1a;sql语句创建数据库表 3&…

快专利与慢专利:速度与质量的天平

在当今快速发展的科技时代&#xff0c;专利成为了创新成果的重要保护手段。然而&#xff0c;不同的创新有着不同的节奏&#xff0c;由此也产生了“快专利”与“慢专利”之分。快专利以其迅速的申请和应用&#xff0c;为创新者抢占市场先机&#xff1b;慢专利则凭借深度的研发和…