运维部署

23 镜像仓库和k8环境 一篇就够

2022-07-14  本文已影响0人  starQuest

Harbor

<u>http://harbor.bicisims.com/harbor/projects</u>

admin/Harbor12345

kubesphere

<u>http://121.36.161.70:30880/</u>

xunxingzhe/Admin123

1.工作负载

①discover

kind: Deployment

apiVersion: apps/v1

metadata:

name: discover

namespace: pgxt-test

labels:

io.kompose.service: discover

annotations:

deployment.kubernetes.io/revision: '5'

kompose.cmd: kompose convert

kompose.version: 1.26.0 (40646f47)

kubesphere.io/creator: admin

spec:

replicas: 1

selector:

matchLabels:

  io.kompose.service: discover

template:

metadata:

  creationTimestamp: null

  labels:

    io.kompose.network/energy: 'true'

    io.kompose.service: discover

  annotations:

    kompose.cmd: kompose convert

    kompose.version: 1.26.0 (40646f47)

    kubesphere.io/restartedAt: '2022-05-20T08:46:16.819Z'

spec:

  containers:

    - name: discover

      image: 'harbor.bicisims.com/pgxt-test/pgxtmes-component-discover:latest'

      ports:

        - containerPort: 31001

          protocol: TCP

      resources: {}

      terminationMessagePath: /dev/termination-log

      terminationMessagePolicy: File

      imagePullPolicy: Always

  restartPolicy: Always

  terminationGracePeriodSeconds: 30

  dnsPolicy: ClusterFirst

  securityContext: {}

  imagePullSecrets:

    - name: harbor

  schedulerName: default-scheduler

strategy:

type: RollingUpdate

rollingUpdate:

  maxUnavailable: 25%

  maxSurge: 25%

revisionHistoryLimit: 10

progressDeadlineSeconds: 600

②gateway

kind: Deployment

apiVersion: apps/v1

metadata:

name: gateway

namespace: pgxt-test

labels:

io.kompose.service: gateway

annotations:

deployment.kubernetes.io/revision: '11'

kompose.cmd: kompose convert

kompose.version: 1.26.0 (40646f47)

kubesphere.io/creator: admin

spec:

replicas: 1

selector:

matchLabels:

  io.kompose.service: gateway

template:

metadata:

  creationTimestamp: null

  labels:

    io.kompose.network/energy: 'true'

    io.kompose.service: gateway

  annotations:

    kompose.cmd: kompose convert

    kompose.version: 1.26.0 (40646f47)

    kubesphere.io/restartedAt: '2022-05-20T08:56:06.051Z'

spec:

  containers:

    - name: gateway

      image: 'harbor.bicisims.com/pgxt-test/pgxtmes-component-gateway:latest'

      ports:

        - containerPort: 31099

          protocol: TCP

      env:

        - name: COMPONENT_DISCOVER_URL

          value: 'http://discover.pgxt-test:31001/eureka/'

        - name: EUREKA_INSTANCE_IP_ADDRESS

          valueFrom:

            fieldRef:

              apiVersion: v1

              fieldPath: status.podIP

      resources: {}

      terminationMessagePath: /dev/termination-log

      terminationMessagePolicy: File

      imagePullPolicy: Always

  restartPolicy: Always

  terminationGracePeriodSeconds: 30

  dnsPolicy: ClusterFirst

  securityContext: {}

  imagePullSecrets:

    - name: harbor

  schedulerName: default-scheduler

strategy:

type: RollingUpdate

rollingUpdate:

  maxUnavailable: 25%

  maxSurge: 25%

revisionHistoryLimit: 10

progressDeadlineSeconds: 600

③system-consumer

kind: Deployment

apiVersion: apps/v1

metadata:

name: system-consumer

namespace: pgxt-test

labels:

io.kompose.service: system-consumer

annotations:

deployment.kubernetes.io/revision: '7'

kompose.cmd: kompose convert

kompose.version: 1.26.0 (40646f47)

kubesphere.io/creator: admin

spec:

replicas: 1

selector:

matchLabels:

  io.kompose.service: system-consumer

template:

metadata:

  creationTimestamp: null

  labels:

    io.kompose.network/energy: 'true'

    io.kompose.service: system-consumer

  annotations:

    kompose.cmd: kompose convert

    kompose.version: 1.26.0 (40646f47)

    kubesphere.io/restartedAt: '2022-05-20T09:30:55.232Z'

spec:

  containers:

    - name: system-consumer

      image: 'harbor.bicisims.com/pgxt-test/pgxtmes-consumer-system:latest'

      ports:

        - containerPort: 32202

          protocol: TCP

      env:

        - name: COMPONENT_DISCOVER_URL

          value: 'http://discover.pgxt-test:31001/eureka/'

        - name: EUREKA_INSTANCE_IP_ADDRESS

          valueFrom:

            fieldRef:

              apiVersion: v1

              fieldPath: status.podIP

      resources: {}

      terminationMessagePath: /dev/termination-log

      terminationMessagePolicy: File

      imagePullPolicy: Always

  restartPolicy: Always

  terminationGracePeriodSeconds: 30

  dnsPolicy: ClusterFirst

  securityContext: {}

  imagePullSecrets:

    - name: harbor

  schedulerName: default-scheduler

strategy:

type: RollingUpdate

rollingUpdate:

  maxUnavailable: 25%

  maxSurge: 25%

revisionHistoryLimit: 10

progressDeadlineSeconds: 600

④system-provider

kind: Deployment

apiVersion: apps/v1

metadata:

name: stock-provider

namespace: pgxt-test

labels:

io.kompose.service: stock-provider

annotations:

deployment.kubernetes.io/revision: '1'

kompose.cmd: kompose convert

kompose.version: 1.26.0 (40646f47)

kubesphere.io/creator: admin

spec:

replicas: 1

selector:

matchLabels:

  io.kompose.service: stock-provider

template:

metadata:

  creationTimestamp: null

  labels:

    io.kompose.network/energy: 'true'

    io.kompose.service: stock-provider

  annotations:

    kompose.cmd: kompose convert

    kompose.version: 1.26.0 (40646f47)

    kubesphere.io/restartedAt: '2022-05-20T09:47:32.928Z'

spec:

  containers:

    - name: stock-provider

      image: 'harbor.bicisims.com/pgxt-test/pgxtmes-provider-stock:latest'

      ports:

        - containerPort: 31205

          protocol: TCP

      env:

        - name: COMPONENT_DISCOVER_URL

          value: 'http://discover.pgxt-test:31001/eureka/'

        - name: EUREKA_INSTANCE_IP_ADDRESS

          valueFrom:

            fieldRef:

              apiVersion: v1

              fieldPath: status.podIP

      resources: {}

      terminationMessagePath: /dev/termination-log

      terminationMessagePolicy: File

      imagePullPolicy: Always

  restartPolicy: Always

  terminationGracePeriodSeconds: 30

  dnsPolicy: ClusterFirst

  securityContext: {}

  imagePullSecrets:

    - name: harbor

  schedulerName: default-scheduler

strategy:

type: RollingUpdate

rollingUpdate:

  maxUnavailable: 25%

  maxSurge: 25%

revisionHistoryLimit: 10

progressDeadlineSeconds: 600

⑤Nginx-web

kind: Deployment

apiVersion: apps/v1

metadata:

name: nginx-web

namespace: pgxt-test

labels:

io.kompose.service: nginx-web

annotations:

deployment.kubernetes.io/revision: '10'

kompose.cmd: kompose convert

kompose.version: 1.26.0 (40646f47)

kubectl.kubernetes.io/last-applied-configuration: >

  {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"kompose.cmd":"kompose

  convert","kompose.version":"1.26.0

  (40646f47)"},"creationTimestamp":null,"labels":{"io.kompose.service":"nginx-web"},"name":"nginx-web","namespace":"default"},"spec":{"replicas":1,"selector":{"matchLabels":{"io.kompose.service":"nginx-web"}},"strategy":{"type":"Recreate"},"template":{"metadata":{"annotations":{"kompose.cmd":"kompose

  convert","kompose.version":"1.26.0

  (40646f47)"},"creationTimestamp":null,"labels":{"io.kompose.network/dp":"true","io.kompose.service":"nginx-web"}},"spec":{"containers":[{"image":"nginx:latest","name":"nginx-web","ports":[{"containerPort":80,"name":"java"},{"containerPort":81,"name":"static"}],"resources":{},"volumeMounts":[{"mountPath":"/etc/localtime","name":"timezone","readOnly":true},{"mountPath":"/etc/nginx/nginx.conf","name":"nginx-config","readOnly":true,"subPath":"nginx.conf"},{"mountPath":"/var/log/nginx","name":"nginx-web-log"},{"mountPath":"/opt/dist","name":"nginx-web-dist1","readOnly":true},{"mountPath":"/usr/share/nginx/html","name":"nginx-web-dist"}]}],"volumes":[{"hostPath":{"path":"/usr/share/zoneinfo/Asia/Shanghai"},"name":"timezone"},{"configMap":{"items":[{"key":"nginx.conf","path":"nginx.conf"}],"name":"nginx-config"},"name":"nginx-config"},{"name":"nginx-web-log","nfs":{"path":"/data/nginx-web/log","server":"192.168.0.190"}},{"name":"nginx-web-dist","nfs":{"path":"/data/nginx-web/dist","server":"192.168.0.190"}},{"name":"nginx-web-dist1","nfs":{"path":"/data/nginx-web/build","server":"192.168.0.190"}}]}}}}

kubesphere.io/creator: admin

spec:

replicas: 1

selector:

matchLabels:

  io.kompose.service: nginx-web

template:

metadata:

  creationTimestamp: null

  labels:

    io.kompose.network/nginx: 'true'

    io.kompose.service: nginx-web

  annotations:

    kompose.cmd: kompose convert

    kompose.version: 1.26.0 (40646f47)

    kubesphere.io/restartedAt: '2022-05-20T09:21:04.979Z'

spec:

  volumes:

    - name: timezone

      hostPath:

        path: /usr/share/zoneinfo/Asia/Shanghai

        type: ''

    - name: nginx-config

      configMap:

        name: nginx-config

        items:

          - key: nginx.conf

            path: nginx.conf

        defaultMode: 420

    - name: nginx-web-build

      nfs:

        server: 192.168.0.190

        path: /data/nginx-web/pgxt/build

  containers:

    - name: nginx-web

      image: 'nginx:latest'

      ports:

        - name: server

          containerPort: 80

          protocol: TCP

      resources: {}

      volumeMounts:

        - name: timezone

          readOnly: true

          mountPath: /etc/localtime

        - name: nginx-config

          readOnly: true

          mountPath: /etc/nginx/nginx.conf

          subPath: nginx.conf

        - name: nginx-web-build

          mountPath: /usr/share/nginx/build/html

      terminationMessagePath: /dev/termination-log

      terminationMessagePolicy: File

      imagePullPolicy: IfNotPresent

  restartPolicy: Always

  terminationGracePeriodSeconds: 30

  dnsPolicy: ClusterFirst

  securityContext: {}

  schedulerName: default-scheduler

strategy:

type: Recreate

revisionHistoryLimit: 10

progressDeadlineSeconds: 600

2.服务

①discover

kind: Service

apiVersion: v1

metadata:

name: discover

namespace: pgxt-test

labels:

app: discover

annotations:

kubesphere.io/creator: admin

spec:

ports:

- name: discover

  protocol: TCP

  port: 31001

  targetPort: 31001

  nodePort: 30621

selector:

io.kompose.network/energy: 'true'

io.kompose.service: discover

clusterIP: 10.96.7.13

clusterIPs:

- 10.96.7.13

type: NodePort

sessionAffinity: None

externalTrafficPolicy: Cluster

ipFamilies:

- IPv4

ipFamilyPolicy: SingleStack

internalTrafficPolicy: Cluster

②Nginx-web

kind: Service

apiVersion: v1

metadata:

name: nginx-web

namespace: pgxt-test

labels:

app: nginx-web

annotations:

kubesphere.io/creator: admin

spec:

ports:

- name: http-web

  protocol: TCP

  port: 80

  targetPort: 80

  nodePort: 30480

selector:

io.kompose.network/nginx: 'true'

io.kompose.service: nginx-web

clusterIP: 10.96.244.71

clusterIPs:

- 10.96.244.71

type: NodePort

sessionAffinity: None

externalTrafficPolicy: Cluster

ipFamilies:

- IPv4

ipFamilyPolicy: SingleStack

internalTrafficPolicy: Cluster

③gateway

kind: Service

apiVersion: v1

metadata:

name: gateway

namespace: pgxt-test

labels:

app: gateway

annotations:

kubesphere.io/creator: admin

spec:

ports:

- name: gateway

  protocol: TCP

  port: 31099

  targetPort: 31099

selector:

io.kompose.service: gateway

clusterIP: 10.96.212.251

clusterIPs:

- 10.96.212.251

type: ClusterIP

sessionAffinity: None

ipFamilies:

- IPv4

ipFamilyPolicy: SingleStack

internalTrafficPolicy: Cluster

3 应用路由

kind: Ingress

apiVersion: networking.k8s.io/v1

metadata:

name: pgxtmes

namespace: pgxt-test

annotations:

kubesphere.io/creator: admin

spec:

ingressClassName: nginx

rules:

- host: pgxtmes.bicitech.cn

  http:

    paths:

      - path: /

        pathType: Prefix

        backend:

          service:

            name: nginx-web

            port:

              number: 80

4 保密字典

①harbor

kind: Secret

apiVersion: v1

metadata:

name: harbor

namespace: pgxt-test

annotations:

kubesphere.io/creator: admin

secret.kubesphere.io/force-insecure: 'true'

data:

.dockerconfigjson: >-

eyJhdXRocyI6eyJodHRwOi8vaGFyYm9yLmJpY2lzaW1zLmNvbSI6eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJIYXJib3IxMjM0NSIsImVtYWlsIjoiIiwiYXV0aCI6IllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSJ9fX0=

type: kubernetes.io/dockerconfigjson

②default-token-g4mxn

kind: Secret

apiVersion: v1

metadata:

name: default-token-g4mxn

namespace: pgxt-test

annotations:

kubernetes.io/service-account.name: default

kubernetes.io/service-account.uid: 69c66e88-9aea-49a7-8a11-7a6b2c319629

data:

ca.crt: >-

LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1ETXhPREF4TlRZeE5Wb1hEVE15TURNeE5UQXhOVFl4TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTlp4Ck9VcHVuMEtNRTlrSkV1K3MrbUVlZkl4K2E2bW96cGdyMDJYclJLdTIzWUdJQVB1dGwrTnpjc2pacDZtRHZMZXYKK2FTOHFaMENFVFdYdC96bk5FclViVEEwbEtaV0ZrQmRtNFZUNStHdzR1YzNGbG1VbVRIRnJlNkMvWXJZSXNrZgphWkU3M1FyZDV3cnZUZS9Mcm9obUlZMGpjZGtudHJxSW9YK2Racm1TV3VJWlNvOHVNVkVKYlpjQXVHSTgxUmdjCkZtWlgwaVk2b1VXbDJpN00xRXZlVjFHY0p5L3JiNXFMcFZHMjNSTkFpcVpBYVlSQ21ZUjdSQ3EvTElSck9ra24KejREMXl5OXRZZm9wV1hxRG1oR3VKeXdhRU1CRnVyV3J3VGlITjkwdmdCSjJaQW1FRHNSNllTZk5UZmJ4L3QyUwpoWFhFaC9QQXJNWDBKV3EyVVBjQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZFbkVnUEJBZThVTVNoOSt3VUZmK3pMSkNZTE5NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRnNLdVh6Z0gwaVFoQVdrWHlyRApPRmYvdWc4NEZ5OU0xMGtmdXFFdTJvSkx2NUpreDVxQzgzQjduR1lYSTVQdnowM0tEUXdMeW9SOHI2b1Z5Y2Q0CmpGdnpqQjZsZEx6UTlsOGdNTk5rbmhhenJUNFBydzBoaXFwMlQ4aG0wWC91blNUVkZ6ZkxDcDhncUJ1VlBTTkoKc2tPM0Rka2lMTHc0YldMQ1draXFSUzBneXdGbmpFV3Voakw5R0NDWTBoUFMrSnBBVnFLT3R5YXZDemlhbHA0VgpMUFNEZWZtMi84bXkrV2ZuM3JtZGxSbC9sc29wMElRVzNiL3o5dWhYSVJ2RmpIZWhrZ2NxcGE1ZUtWR2JlUHAzCjByR1RSQU44QTd3bFU0bXFjRk5qckNvMlU3ZnZPSm1PZVRCclcrdmFSQ1ZLM1JLTHRrUGJscXlLZnoxR1pja0IKa1pNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==

namespace: cGd4dC10ZXN0

token: >-

ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNkluVkNSbFJpY1c1U1VIVlRkRE00UlhGNldXRlZaV00zTlhJMU9VcFRPVlF6WVdad2N6Z3haV3M1ZW1NaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUp3WjNoMExYUmxjM1FpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxZM0psZEM1dVlXMWxJam9pWkdWbVlYVnNkQzEwYjJ0bGJpMW5ORzE0YmlJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZ5ZG1salpTMWhZMk52ZFc1MExtNWhiV1VpT2lKa1pXWmhkV3gwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWRXbGtJam9pTmpsak5qWmxPRGd0T1dGbFlTMDBPV0UzTFRoaE1URXROMkUyWWpKak16RTVOakk1SWl3aWMzVmlJam9pYzNsemRHVnRPbk5sY25acFkyVmhZMk52ZFc1ME9uQm5lSFF0ZEdWemREcGtaV1poZFd4MEluMC5OaVd1YTJic21nZ3dQaElWc3p4UURmTEMtVFlOMXZVMDJiZjF1aEJZbWlUcVJuYnM1RWpiMk9MaWFOdzdHSVZDdTlLSDl6SjFDQWZOb3Via05ZaF9RNTJ0YmU4b1pKRHZnNXk1T1h4UXZjcXhuRnVtX19ZYU1MdFZsdS1MempGQzhpbVFNZFdDUUlMeF9vOElac1NOY0I2R1RsaktYcEZuUnMtZnRXN1dJOVFMbWR0RDQzMWtzNkd1aHdOQ25KTUx6dlRVNFVWcmplYnRMTEg4d3RONmZObnJzVndvMXI0MWhFMklfb3RrRFhpN2ota3hMV21rNmdGb0tqSTJ5eUdpRkprN0lxdlo0WVpnNU80WFlWaHdFejZ0TTgyc3Z1aU1zNkxDdWVDRHBIWmNtNVl4aUR1VkhtUy1SUXg1MFd3NHFJdVk0bEk5VzNJb0hBSzVQM1NFZ3c=

type: kubernetes.io/service-account-token

5 配置字段

①nginx-config

kind: ConfigMap

apiVersion: v1

metadata:

name: nginx-config

namespace: pgxt-test

annotations:

kubesphere.io/creator: admin

data:

nginx.conf: |

user  nginx;

worker_processes  auto;

error_log  /var/log/nginx/error.log notice;

pid        /var/run/nginx.pid;

events {

    worker_connections  1024;

}

http {

    include       /etc/nginx/mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;

    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

     map $http_upgrade $connection_upgrade {

    default          keep-alive;  #默认为keep-alive 可以支持 一般http请求

    'websocket'      upgrade;     #如果为websocket 则为 upgrade 可升级的。

}

 upstream gateway-service{

        server gateway:31099;

    }

server {

                listen      80;

                location / {

                root /usr/share/nginx/build/html;

                proxy_set_header Host $host;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_set_header X-Forwarded-For $remote_addr;

                index index.html;

                try_files $uri $uri/ /index.html;

                }

                # 静态资源

                location ~ .*\.(gif|jpg|jpeg|png|flac|mp3|mkv|apk)$ {

                root /usr/share/nginx/build/html;

                }

                location /api {

                proxy_connect_timeout 300;

                proxy_read_timeout 300;

                proxy_send_timeout 300;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_pass http://gateway-service/api;

                client_max_body_size 20m;

                }

}

}

②kube-root-ca.crt

kind: ConfigMap

apiVersion: v1

metadata:

name: kube-root-ca.crt

namespace: pgxt-test

annotations:

kubernetes.io/description: >-

  Contains a CA bundle that can be used to verify the kube-apiserver when

  using internal endpoints such as the internal service IP or

  kubernetes.default.svc. No other usage is guaranteed across distributions

  of Kubernetes clusters.

data:

ca.crt: |

-----BEGIN CERTIFICATE-----

MIIC/jCCAeagAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl

cm5ldGVzMB4XDTIyMDMxODAxNTYxNVoXDTMyMDMxNTAxNTYxNVowFTETMBEGA1UE

AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZx

OUpun0KME9kJEu+s+mEefIx+a6mozpgr02XrRKu23YGIAPutl+NzcsjZp6mDvLev

+aS8qZ0CETWXt/znNErUbTA0lKZWFkBdm4VT5+Gw4uc3FlmUmTHFre6C/YrYIskf

aZE73Qrd5wrvTe/LrohmIY0jcdkntrqIoX+dZrmSWuIZSo8uMVEJbZcAuGI81Rgc

FmZX0iY6oUWl2i7M1EveV1GcJy/rb5qLpVG23RNAiqZAaYRCmYR7RCq/LIRrOkkn

z4D1yy9tYfopWXqDmhGuJywaEMBFurWrwTiHN90vgBJ2ZAmEDsR6YSfNTfbx/t2S

hXXEh/PArMX0JWq2UPcCAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB

/wQFMAMBAf8wHQYDVR0OBBYEFEnEgPBAe8UMSh9+wUFf+zLJCYLNMBUGA1UdEQQO

MAyCCmt1YmVybmV0ZXMwDQYJKoZIhvcNAQELBQADggEBAFsKuXzgH0iQhAWkXyrD

OFf/ug84Fy9M10kfuqEu2oJLv5Jkx5qC83B7nGYXI5Pvz03KDQwLyoR8r6oVycd4

jFvzjB6ldLzQ9l8gMNNknhazrT4Prw0hiqp2T8hm0X/unSTVFzfLCp8gqBuVPSNJ

skO3DdkiLLw4bWLCWkiqRS0gywFnjEWuhjL9GCCY0hPS+JpAVqKOtyavCzialp4V

LPSDefm2/8my+Wfn3rmdlRl/lsop0IQW3b/z9uhXIRvFjHehkgcqpa5eKVGbePp3

0rGTRAN8A7wlU4mqcFNjrCo2U7fvOJmOeTBrW+vaRCVK3RKLtkPblqyKfz1GZckB

kZM=

-----END CERTIFICATE-----

③istio-ca-root-cert

kind: ConfigMap

apiVersion: v1

metadata:

name: istio-ca-root-cert

namespace: pgxt-test

labels:

istio.io/config: 'true'

data:

root-cert.pem: |

-----BEGIN CERTIFICATE-----

MIIC/TCCAeWgAwIBAgIRAKxlx4L9cVO+D1y3AlPLcygwDQYJKoZIhvcNAQELBQAw

GDEWMBQGA1UEChMNY2x1c3Rlci5sb2NhbDAeFw0yMjAzMjMwMjIxMDdaFw0zMjAz

MjAwMjIxMDdaMBgxFjAUBgNVBAoTDWNsdXN0ZXIubG9jYWwwggEiMA0GCSqGSIb3

DQEBAQUAA4IBDwAwggEKAoIBAQCZcjOqmmO1Yal3uaLs3qdAVXCn18GeuzE7cn0d

4eDQI5iiasYRqNsZblsAgFYiSkeBpHFO4Y3//ELvoxAyI4wutuW4mZGpL22ulH3x

i5IqNztQWHbEkLxw3vYVmVN4nGliSzd263QVU8FV+8XMqPOWqKcwUfdeIKo7RAgQ

/0tYWJKdWi4FcrKY0fWBJn1UngxJwTe+FIrBpETvTykSxSsI76sxL6zQ9V8quEDp

rrbu5QOFAf+lGD/b+MD8Cq/lI+H/6RAB93NOtQeXCZEyQblJy1MnFDDFQ9yxnZhX

CwRl/jfghRGvp/Yltn68KSXnmC6+/faQZT+gPZGJ7NTIYhnlAgMBAAGjQjBAMA4G

A1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSVqiJ5b94M

vDpLHmiJ3Ign9Vai8DANBgkqhkiG9w0BAQsFAAOCAQEAW4691l4hdC21ViO35a0H

EoL0DwpNO8IKoFS2JTFwm6jOEaDPo+6c9C2fVWtRBfxv0xNPmzFcv28RvhnRHHsw

nflaUAY5VO+A0QW1dGGDKR0z/IBJ8TMX6VaQM9CCXc/Wx8eU5IIbCbdqJCS4CEm3

706c4tYIV5UE21FBvS2EZsLZ1JfyxWuZl9ZR5r1RJ5tpeQhD2mYwJV6SWCh4RcQe

tI9DJMrmeZV9L4Y+cdYQNqd1xFymPjqfnXJNtj72fP3NYGl0c3ggbUpu2pRVef/z

vU8D++0gvBFfAzfocd115dyxsUdabcQhOWQAfx9trJHpcnCllg74N3nvRNkE1x2+

eA==

-----END CERTIFICATE-----
上一篇下一篇

猜你喜欢

热点阅读