• Binary deployment kubernetes – 1.20.4


    1. Environmental preparation Operating system: ecntos7 sixContainer engine: docker-ce-19 kubernetes:1.20.4 2. Overall server planning k8s-master1 kube-apiserver,kube-controller-manager,kube-scheduler,kubelet,kube-proxy,docker k8s-node1 kubelet,kube-proxy,docker k8s-node2 kubelet,kube-proxy,docker k8s-etcd-1 etcd k8s-etcd-2 etcd k8s-etcd-3 etcd 3. System initialization configuration 3.1. Close the firewall (all nodes) systemctl stop firewalld systemctl disable firewalld 3.2. Close SELinux (all nodes) Setenforce0 # […]

  • I drew 13 pictures and spoke HTTPS in the most easy to understand words. Take it!


    preface Hello, I’m Lin Sanxin,Speak the most difficult knowledge points in the most easy to understand wordsIt’s my motto,Foundation is the premise of advancedIs my first heart. I’m sure you always talk to me HTTPS Dealing with, for exampleRequest interface, visit websitewait.. Then we will often think: HTTPS What is it? HTTPS What is the […]

  • 22. Kubernetes (k8s) note authentication, authorization and access control (II) authentication users account


    Users accounts authentication Kubeconfig configuration file As mentioned earlier, the communication between k8s is realized through HTTPS. HTTPS communication requires authentication every time. For example, we enter a command on the command line [[email protected] ~]# kubectl get pod Both require HTTPS authentication, and HTTPS is a stateless link, which means that each access needs to […]

  • Docker introduction practice


    Docker introduction reference resources:Why docker? Docker is an open source application container engine, which is based on go language and complies with Apache 2.0 0 protocol is open source. The main application scenarios are as follows: Environmental isolation The environment between containers is independent and does not affect each other. Similar to virtual machines, but […]

  • How to view mobile Internet data? Introduction to IOS system packet capture


    Hello, I’m Xiaobai. In modern society, people are increasingly inseparable from mobile phones, let alone the Internet. Do you know what is included in the network data when you access the network? Next, let’s introduce a term: packet capture. The process of intercepting and analyzing network data is called packet capturing. By packet capturing, you […]

  • Hyperledger fabric is deployed on multiple hosts


    preface In the experiment, hyperledger fabric unordered organization starts multiple orderer services with raft protocol and TLS organization runs and maintains orderer services, we have completed the operation and maintenance of three orderer nodes of raft protocol with Council organization providing tls-ca service. However, at present, we all start the fabric network on a single […]

  • Things about state secret HTTPS (I)


    Things about state secret HTTPS (I)   With the promulgation and implementation of the code law, the application and promotion of state secrets finally have laws to follow. For the application of state secrets, it is an important part—-State secret HTTPSCommunication also came into being. In order to better understand the relevant knowledge of state […]

  • HTTPS on the intranet web penetrated by FRP


    In 2021, who doesn’t have an HTTPS? It’s out without an SSL certificate Nginx The first method is to use nginx on the server side. Nginx monitors ports 80 and 443, forwards the request from the domain name to the port monitored by FRPs (such as 7000) through the reverse proxy of nginx, and then […]

  • Apiserver deployment of kubernetes


    1. Environmental preparation IP address host name k8s-master-001 k8s-master-002 k8s-master-003 K8s API external domain name: Noah api. frank. com. cn kubernettes Version: 1.18.8 2. Certificate issuance 2.1 certificate environment variables # touch k8s_env.sh #Setting certificate environment variables #Set the certificate service time 87600h for 10 years export EXPIRY_TIME=”87600h” #Kube apiserver server IP […]

  • Using OpenSSL to make CA certificate and SSL certificate


    A local anti belt of steam community has been carried out for a whole dayInstallation of OpenSSL Server private key openssl genrsa -out server.key 1024 Server public key openssl rsa -in server.key -pubout -out server.pem Client private key openssl genrsa -out client.key 1024 Client public key openssl rsa -in client.key -pubout -out client.pem Register Ca, […]

  • Parameter interpretation of Kube apiserver startup command


    During apiserver startup, there are many parameters to configure the startup command. Sometimes I don’t quite understand what these parameters mean. My Kube apiserver startup command parameters: cat > /usr/lib/systemd/system/kube-apiserver.service << EOF [Unit] Description=Kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes After=network.target [Service] ExecStart=/usr/local/bin/kube-apiserver \ –v=2 \ –logtostderr=true \ –allow-privileged=true \ –bind-address= \ –secure-port=6443 \ –insecure-port=0 \ –advertise-address= \ […]

  • Fiddler grabs the HTTPS interface data. The installation certificate is not complex. It has a super detailed graphic explanation. I don’t believe you!


    @ catalogue preface Installation environment configure network IP port configure network The browser opens the download link Download certificate Installation certificate Certificate installation pit preface Packet capturing is a tool that I must learn in my testing work. We all know that the certificate needs to be installed in the HTTPS interface, but many small […]