[{"data":1,"prerenderedAt":3442},["ShallowReactive",2],{"navigation":3,"posts-undefined-k8s-0-999":20},[4,8,12,16],{"title":5,"path":6,"stem":7},"首页","\u002F","00.index",{"title":9,"path":10,"stem":11},"文章","\u002Fposts","01.posts",{"title":13,"path":14,"stem":15},"动态","\u002Fmoments","02.moments",{"title":17,"path":18,"stem":19},"关于","\u002Fabout","09.about",[21,1153,3162],{"id":22,"title":23,"body":24,"class":1132,"cover":1133,"coverSize":1132,"date":1134,"description":1135,"draft":1136,"extension":1137,"hideComments":1136,"location":1132,"meta":1138,"navigation":113,"path":1139,"readingTime":1140,"seo":1145,"sitemap":1146,"stem":1147,"tags":1148,"time":1132,"weather":1132,"__hash__":1152},"posts\u002Fposts\u002F2020\u002F20201227.devops-gitlab-ci-aliyun-k8s.md","基于 GitLab CI 和阿里云 k8s 的持续交付解决方案",{"type":25,"value":26,"toc":1127},"minimark",[27,36,39,55,58,61,66,71,441,456,459,464,468,575,579,758,762,765,859,862,1103,1107,1110,1114,1117,1120,1123],[28,29,30,31,35],"p",{},"今年对于我个人而言，在 DevOps 上的最大收获，莫过于摸索了这套基于 GitLab CI 和 k8s 的持续交付解决方案，其实原理都很简单，在我去年的方案里又做了改进，实现了基于 ",[32,33,34],"code",{},"git tag"," 的触发方式，并且把原先的本地打包推镜像改为在 GitLab Runner 上打包推镜像。",[28,37,38],{},"这套解决方案大致流程是这样的：",[40,41,42,49,52],"ol",{},[43,44,45,46],"li",{},"推送代码，在代码中配置 ",[32,47,48],{},"gitlab-ci.yml",[43,50,51],{},"推送 tag，触发 GitLab Runner 编译 docker 镜像，并推送至阿里云镜像仓库",[43,53,54],{},"在阿里云 k8s 上基于镜像仓库创建应用，并创建重新部署的触发器，在镜像更新时触发该触发器",[28,56,57],{},"这样，以后每次推送新的 tag 上去，就可以实现自动打包&部署了。",[28,59,60],{},"下面，我来详细讲解下所有步骤。",[62,63,65],"h2",{"id":64},"配置-gitlab-runner","配置 GitLab Runner",[67,68,70],"h5",{"id":69},"configtoml","config.toml",[72,73,78],"pre",{"className":74,"code":75,"language":76,"meta":77,"style":77},"language-toml shiki shiki-themes material-theme-lighter github-light github-dark","concurrent = 1\ncheck_interval = 0\n\n[session_server]\nsession_timeout = 1800\n\n[[runners]]\nname = \"common-runner\"\nurl = \"https:\u002F\u002Fgit.xxx.xxx\"\ntoken = \"TOKEN\"\nexecutor = \"docker\"\n\n[runners.custom_build_dir]\n\n[runners.cache]\n\n[runners.cache.s3]\n\n[runners.cache.gcs]\n\n[runners.docker]\ntls_verify = false\nimage = \"docker:latest\"\nprivileged = false\ndisable_entrypoint_overwrite = false\noom_kill_disable = false\ndisable_cache = false\nvolumes = [\n  \"\u002Fvar\u002Frun\u002Fdocker.sock:\u002Fvar\u002Frun\u002Fdocker.sock\",\n  \"\u002Fxxx\u002Fgitlab-runner\u002Fcache:\u002Fcache\"\n]\nshm_size = 0\n","toml","",[32,79,80,97,108,115,128,139,144,156,175,190,205,220,225,240,245,259,264,282,287,305,310,323,335,350,360,370,380,390,401,416,426,431],{"__ignoreMap":77},[81,82,85,89,93],"span",{"class":83,"line":84},"line",1,[81,86,88],{"class":87},"su5hD","concurrent ",[81,90,92],{"class":91},"sP7_E","=",[81,94,96],{"class":95},"srdBf"," 1\n",[81,98,100,103,105],{"class":83,"line":99},2,[81,101,102],{"class":87},"check_interval ",[81,104,92],{"class":91},[81,106,107],{"class":95}," 0\n",[81,109,111],{"class":83,"line":110},3,[81,112,114],{"emptyLinePlaceholder":113},true,"\n",[81,116,118,121,125],{"class":83,"line":117},4,[81,119,120],{"class":91},"[",[81,122,124],{"class":123},"sbgvK","session_server",[81,126,127],{"class":91},"]\n",[81,129,131,134,136],{"class":83,"line":130},5,[81,132,133],{"class":87},"session_timeout ",[81,135,92],{"class":91},[81,137,138],{"class":95}," 1800\n",[81,140,142],{"class":83,"line":141},6,[81,143,114],{"emptyLinePlaceholder":113},[81,145,147,150,153],{"class":83,"line":146},7,[81,148,149],{"class":91},"[[",[81,151,152],{"class":123},"runners",[81,154,155],{"class":91},"]]\n",[81,157,159,162,164,168,172],{"class":83,"line":158},8,[81,160,161],{"class":87},"name ",[81,163,92],{"class":91},[81,165,167],{"class":166},"sjJ54"," \"",[81,169,171],{"class":170},"s_sjI","common-runner",[81,173,174],{"class":166},"\"\n",[81,176,178,181,183,185,188],{"class":83,"line":177},9,[81,179,180],{"class":87},"url ",[81,182,92],{"class":91},[81,184,167],{"class":166},[81,186,187],{"class":170},"https:\u002F\u002Fgit.xxx.xxx",[81,189,174],{"class":166},[81,191,193,196,198,200,203],{"class":83,"line":192},10,[81,194,195],{"class":87},"token ",[81,197,92],{"class":91},[81,199,167],{"class":166},[81,201,202],{"class":170},"TOKEN",[81,204,174],{"class":166},[81,206,208,211,213,215,218],{"class":83,"line":207},11,[81,209,210],{"class":87},"executor ",[81,212,92],{"class":91},[81,214,167],{"class":166},[81,216,217],{"class":170},"docker",[81,219,174],{"class":166},[81,221,223],{"class":83,"line":222},12,[81,224,114],{"emptyLinePlaceholder":113},[81,226,228,230,232,235,238],{"class":83,"line":227},13,[81,229,120],{"class":91},[81,231,152],{"class":123},[81,233,234],{"class":87},".",[81,236,237],{"class":123},"custom_build_dir",[81,239,127],{"class":91},[81,241,243],{"class":83,"line":242},14,[81,244,114],{"emptyLinePlaceholder":113},[81,246,248,250,252,254,257],{"class":83,"line":247},15,[81,249,120],{"class":91},[81,251,152],{"class":123},[81,253,234],{"class":87},[81,255,256],{"class":123},"cache",[81,258,127],{"class":91},[81,260,262],{"class":83,"line":261},16,[81,263,114],{"emptyLinePlaceholder":113},[81,265,267,269,271,273,275,277,280],{"class":83,"line":266},17,[81,268,120],{"class":91},[81,270,152],{"class":123},[81,272,234],{"class":87},[81,274,256],{"class":123},[81,276,234],{"class":87},[81,278,279],{"class":123},"s3",[81,281,127],{"class":91},[81,283,285],{"class":83,"line":284},18,[81,286,114],{"emptyLinePlaceholder":113},[81,288,290,292,294,296,298,300,303],{"class":83,"line":289},19,[81,291,120],{"class":91},[81,293,152],{"class":123},[81,295,234],{"class":87},[81,297,256],{"class":123},[81,299,234],{"class":87},[81,301,302],{"class":123},"gcs",[81,304,127],{"class":91},[81,306,308],{"class":83,"line":307},20,[81,309,114],{"emptyLinePlaceholder":113},[81,311,313,315,317,319,321],{"class":83,"line":312},21,[81,314,120],{"class":91},[81,316,152],{"class":123},[81,318,234],{"class":87},[81,320,217],{"class":123},[81,322,127],{"class":91},[81,324,326,329,331],{"class":83,"line":325},22,[81,327,328],{"class":87},"tls_verify ",[81,330,92],{"class":91},[81,332,334],{"class":333},"syTEX"," false\n",[81,336,338,341,343,345,348],{"class":83,"line":337},23,[81,339,340],{"class":87},"image ",[81,342,92],{"class":91},[81,344,167],{"class":166},[81,346,347],{"class":170},"docker:latest",[81,349,174],{"class":166},[81,351,353,356,358],{"class":83,"line":352},24,[81,354,355],{"class":87},"privileged ",[81,357,92],{"class":91},[81,359,334],{"class":333},[81,361,363,366,368],{"class":83,"line":362},25,[81,364,365],{"class":87},"disable_entrypoint_overwrite ",[81,367,92],{"class":91},[81,369,334],{"class":333},[81,371,373,376,378],{"class":83,"line":372},26,[81,374,375],{"class":87},"oom_kill_disable ",[81,377,92],{"class":91},[81,379,334],{"class":333},[81,381,383,386,388],{"class":83,"line":382},27,[81,384,385],{"class":87},"disable_cache ",[81,387,92],{"class":91},[81,389,334],{"class":333},[81,391,393,396,398],{"class":83,"line":392},28,[81,394,395],{"class":87},"volumes ",[81,397,92],{"class":91},[81,399,400],{"class":91}," [\n",[81,402,404,407,410,413],{"class":83,"line":403},29,[81,405,406],{"class":166},"  \"",[81,408,409],{"class":170},"\u002Fvar\u002Frun\u002Fdocker.sock:\u002Fvar\u002Frun\u002Fdocker.sock",[81,411,412],{"class":166},"\"",[81,414,415],{"class":91},",\n",[81,417,419,421,424],{"class":83,"line":418},30,[81,420,406],{"class":166},[81,422,423],{"class":170},"\u002Fxxx\u002Fgitlab-runner\u002Fcache:\u002Fcache",[81,425,174],{"class":166},[81,427,429],{"class":83,"line":428},31,[81,430,127],{"class":91},[81,432,434,437,439],{"class":83,"line":433},32,[81,435,436],{"class":87},"shm_size ",[81,438,92],{"class":91},[81,440,107],{"class":95},[28,442,443,444,447,448,451,452,455],{},"其中 ",[32,445,446],{},"token"," 从 ",[32,449,450],{},"GitLab Admin Area \u002F Overview \u002F Runners"," 中可以找到，或者也可以从 ",[32,453,454],{},"Project \u002F Settings \u002F CI\u002FCD"," 中找到项目专用的 Runner token。",[62,457,458],{"id":458},"代码配置",[460,461,463],"h4",{"id":462},"前端node","前端（node）",[67,465,467],{"id":466},"dockerfile","Dockerfile",[72,469,472],{"className":470,"code":471,"language":466,"meta":77,"style":77},"language-dockerfile shiki shiki-themes material-theme-lighter github-light github-dark","FROM node:10-alpine\n\nWORKDIR \u002Fapp\n\nCOPY package.json \u002Fapp\nCOPY yarn.lock \u002Fapp\nRUN yarn install\nCOPY . \u002Fapp\nRUN yarn build\n\nEXPOSE 8888\nENV APP_ENV $APP_ENV\nCMD [\"yarn\", \"start\"]\n",[32,473,474,483,487,495,499,507,514,522,529,536,540,548,556],{"__ignoreMap":77},[81,475,476,480],{"class":83,"line":84},[81,477,479],{"class":478},"sw1J6","FROM",[81,481,482],{"class":87}," node:10-alpine\n",[81,484,485],{"class":83,"line":99},[81,486,114],{"emptyLinePlaceholder":113},[81,488,489,492],{"class":83,"line":110},[81,490,491],{"class":478},"WORKDIR",[81,493,494],{"class":87}," \u002Fapp\n",[81,496,497],{"class":83,"line":117},[81,498,114],{"emptyLinePlaceholder":113},[81,500,501,504],{"class":83,"line":130},[81,502,503],{"class":478},"COPY",[81,505,506],{"class":87}," package.json \u002Fapp\n",[81,508,509,511],{"class":83,"line":141},[81,510,503],{"class":478},[81,512,513],{"class":87}," yarn.lock \u002Fapp\n",[81,515,516,519],{"class":83,"line":146},[81,517,518],{"class":478},"RUN",[81,520,521],{"class":87}," yarn install\n",[81,523,524,526],{"class":83,"line":158},[81,525,503],{"class":478},[81,527,528],{"class":87}," . \u002Fapp\n",[81,530,531,533],{"class":83,"line":177},[81,532,518],{"class":478},[81,534,535],{"class":87}," yarn build\n",[81,537,538],{"class":83,"line":192},[81,539,114],{"emptyLinePlaceholder":113},[81,541,542,545],{"class":83,"line":207},[81,543,544],{"class":478},"EXPOSE",[81,546,547],{"class":87}," 8888\n",[81,549,550,553],{"class":83,"line":222},[81,551,552],{"class":478},"ENV",[81,554,555],{"class":87}," APP_ENV $APP_ENV\n",[81,557,558,561,564,567,570,573],{"class":83,"line":227},[81,559,560],{"class":478},"CMD",[81,562,563],{"class":87}," [",[81,565,566],{"class":170},"\"yarn\"",[81,568,569],{"class":87},", ",[81,571,572],{"class":170},"\"start\"",[81,574,127],{"class":87},[67,576,578],{"id":577},"gitlab-ciyml",".gitlab-ci.yml",[72,580,584],{"className":581,"code":582,"language":583,"meta":77,"style":77},"language-yaml shiki shiki-themes material-theme-lighter github-light github-dark","image: docker:latest\n\nvariables:\n  REGISTRY: registry.cn-hangzhou.aliyuncs.com\n  USERNAME: your username\n  PASSWORD: your password\n  NAMESPACE: your namespace\n  PROJECT_NAME: your project name\n\nstages:\n  - build\n\ndocker-build:\n  stage: build\n  image: docker:latest\n  script:\n    - docker login --username=$USERNAME $REGISTRY -p $PASSWORD\n    - docker build -t $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:$CI_COMMIT_REF_NAME -t $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:latest .\n    - docker push $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:$CI_COMMIT_REF_NAME\n    - docker push $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:latest\n  only:\n    - tags\n","yaml",[32,585,586,598,602,610,620,630,640,650,660,664,671,679,683,690,699,708,715,723,730,737,744,751],{"__ignoreMap":77},[81,587,588,592,595],{"class":83,"line":84},[81,589,591],{"class":590},"sQzsp","image",[81,593,594],{"class":91},":",[81,596,597],{"class":170}," docker:latest\n",[81,599,600],{"class":83,"line":99},[81,601,114],{"emptyLinePlaceholder":113},[81,603,604,607],{"class":83,"line":110},[81,605,606],{"class":590},"variables",[81,608,609],{"class":91},":\n",[81,611,612,615,617],{"class":83,"line":117},[81,613,614],{"class":590},"  REGISTRY",[81,616,594],{"class":91},[81,618,619],{"class":170}," registry.cn-hangzhou.aliyuncs.com\n",[81,621,622,625,627],{"class":83,"line":130},[81,623,624],{"class":590},"  USERNAME",[81,626,594],{"class":91},[81,628,629],{"class":170}," your username\n",[81,631,632,635,637],{"class":83,"line":141},[81,633,634],{"class":590},"  PASSWORD",[81,636,594],{"class":91},[81,638,639],{"class":170}," your password\n",[81,641,642,645,647],{"class":83,"line":146},[81,643,644],{"class":590},"  NAMESPACE",[81,646,594],{"class":91},[81,648,649],{"class":170}," your namespace\n",[81,651,652,655,657],{"class":83,"line":158},[81,653,654],{"class":590},"  PROJECT_NAME",[81,656,594],{"class":91},[81,658,659],{"class":170}," your project name\n",[81,661,662],{"class":83,"line":177},[81,663,114],{"emptyLinePlaceholder":113},[81,665,666,669],{"class":83,"line":192},[81,667,668],{"class":590},"stages",[81,670,609],{"class":91},[81,672,673,676],{"class":83,"line":207},[81,674,675],{"class":91},"  -",[81,677,678],{"class":170}," build\n",[81,680,681],{"class":83,"line":222},[81,682,114],{"emptyLinePlaceholder":113},[81,684,685,688],{"class":83,"line":227},[81,686,687],{"class":590},"docker-build",[81,689,609],{"class":91},[81,691,692,695,697],{"class":83,"line":242},[81,693,694],{"class":590},"  stage",[81,696,594],{"class":91},[81,698,678],{"class":170},[81,700,701,704,706],{"class":83,"line":247},[81,702,703],{"class":590},"  image",[81,705,594],{"class":91},[81,707,597],{"class":170},[81,709,710,713],{"class":83,"line":261},[81,711,712],{"class":590},"  script",[81,714,609],{"class":91},[81,716,717,720],{"class":83,"line":266},[81,718,719],{"class":91},"    -",[81,721,722],{"class":170}," docker login --username=$USERNAME $REGISTRY -p $PASSWORD\n",[81,724,725,727],{"class":83,"line":284},[81,726,719],{"class":91},[81,728,729],{"class":170}," docker build -t $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:$CI_COMMIT_REF_NAME -t $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:latest .\n",[81,731,732,734],{"class":83,"line":289},[81,733,719],{"class":91},[81,735,736],{"class":170}," docker push $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:$CI_COMMIT_REF_NAME\n",[81,738,739,741],{"class":83,"line":307},[81,740,719],{"class":91},[81,742,743],{"class":170}," docker push $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:latest\n",[81,745,746,749],{"class":83,"line":312},[81,747,748],{"class":590},"  only",[81,750,609],{"class":91},[81,752,753,755],{"class":83,"line":325},[81,754,719],{"class":91},[81,756,757],{"class":170}," tags\n",[460,759,761],{"id":760},"后端spring-boot","后端（spring boot）",[67,763,467],{"id":764},"dockerfile-1",[72,766,768],{"className":470,"code":767,"language":466,"meta":77,"style":77},"FROM openjdk:11-jre-slim\n\nRUN ln -sf \u002Fusr\u002Fshare\u002Fzoneinfo\u002FAsia\u002FShanghai \u002Fetc\u002Flocaltime\n\nVOLUME \u002Ftmp\n\nCOPY target\u002Fxxx-api.jar app.jar\nENV SPRING_PROFILES_ACTIVE=\"prd\"\nENV JAVA_OPTS=\"-Xmx256m\"\nENTRYPOINT [ \"java\", \"-Djava.security.egd=file:\u002Fdev\u002F.\u002Furandom\", \"-jar\", \"\u002Fapp.jar\"]\n",[32,769,770,777,781,788,792,800,804,811,821,831],{"__ignoreMap":77},[81,771,772,774],{"class":83,"line":84},[81,773,479],{"class":478},[81,775,776],{"class":87}," openjdk:11-jre-slim\n",[81,778,779],{"class":83,"line":99},[81,780,114],{"emptyLinePlaceholder":113},[81,782,783,785],{"class":83,"line":110},[81,784,518],{"class":478},[81,786,787],{"class":87}," ln -sf \u002Fusr\u002Fshare\u002Fzoneinfo\u002FAsia\u002FShanghai \u002Fetc\u002Flocaltime\n",[81,789,790],{"class":83,"line":117},[81,791,114],{"emptyLinePlaceholder":113},[81,793,794,797],{"class":83,"line":130},[81,795,796],{"class":478},"VOLUME",[81,798,799],{"class":87}," \u002Ftmp\n",[81,801,802],{"class":83,"line":141},[81,803,114],{"emptyLinePlaceholder":113},[81,805,806,808],{"class":83,"line":146},[81,807,503],{"class":478},[81,809,810],{"class":87}," target\u002Fxxx-api.jar app.jar\n",[81,812,813,815,818],{"class":83,"line":158},[81,814,552],{"class":478},[81,816,817],{"class":87}," SPRING_PROFILES_ACTIVE=",[81,819,820],{"class":170},"\"prd\"\n",[81,822,823,825,828],{"class":83,"line":177},[81,824,552],{"class":478},[81,826,827],{"class":87}," JAVA_OPTS=",[81,829,830],{"class":170},"\"-Xmx256m\"\n",[81,832,833,836,839,842,844,847,849,852,854,857],{"class":83,"line":192},[81,834,835],{"class":478},"ENTRYPOINT",[81,837,838],{"class":87}," [ ",[81,840,841],{"class":170},"\"java\"",[81,843,569],{"class":87},[81,845,846],{"class":170},"\"-Djava.security.egd=file:\u002Fdev\u002F.\u002Furandom\"",[81,848,569],{"class":87},[81,850,851],{"class":170},"\"-jar\"",[81,853,569],{"class":87},[81,855,856],{"class":170},"\"\u002Fapp.jar\"",[81,858,127],{"class":87},[67,860,578],{"id":861},"gitlab-ciyml-1",[72,863,865],{"className":581,"code":864,"language":583,"meta":77,"style":77},"image: docker:latest\n\nvariables:\n  MAVEN_OPTS: -Dmaven.repo.local=\u002Fcache\u002F.m2\u002Frepository\n  REGISTRY: registry.cn-hangzhou.aliyuncs.com\n  USERNAME: your username\n  PASSWORD: your password\n  NAMESPACE: your namespace\n  PROJECT_NAME: your project name\n\nstages:\n  - package\n  - build\n\nmaven-package:\n  image: maven:3.6-jdk-11-slim\n  stage: package\n  script:\n    - mvn $MAVEN_OPTS clean package -Dmaven.test.skip=true\n    - cp target\u002F$PROJECT_NAME.jar \u002Fcache\u002Fjars\u002F\n  only:\n    - tags\n\ndocker-build:\n  stage: build\n  image: docker:latest\n  script:\n    - docker login --username=$USERNAME $REGISTRY -p $PASSWORD\n    - mkdir target\n    - cp \u002Fcache\u002Fjars\u002F$PROJECT_NAME.jar target\n    - docker build -t $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:$CI_COMMIT_REF_NAME -t $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:latest .\n    - docker push $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:$CI_COMMIT_REF_NAME\n    - docker push $REGISTRY\u002F$NAMESPACE\u002F$PROJECT_NAME:latest\n  only:\n    - tags\n",[32,866,867,875,879,885,895,903,911,919,927,935,939,945,952,958,962,969,978,986,992,999,1006,1012,1018,1022,1028,1036,1044,1050,1056,1063,1070,1076,1082,1089,1096],{"__ignoreMap":77},[81,868,869,871,873],{"class":83,"line":84},[81,870,591],{"class":590},[81,872,594],{"class":91},[81,874,597],{"class":170},[81,876,877],{"class":83,"line":99},[81,878,114],{"emptyLinePlaceholder":113},[81,880,881,883],{"class":83,"line":110},[81,882,606],{"class":590},[81,884,609],{"class":91},[81,886,887,890,892],{"class":83,"line":117},[81,888,889],{"class":590},"  MAVEN_OPTS",[81,891,594],{"class":91},[81,893,894],{"class":170}," -Dmaven.repo.local=\u002Fcache\u002F.m2\u002Frepository\n",[81,896,897,899,901],{"class":83,"line":130},[81,898,614],{"class":590},[81,900,594],{"class":91},[81,902,619],{"class":170},[81,904,905,907,909],{"class":83,"line":141},[81,906,624],{"class":590},[81,908,594],{"class":91},[81,910,629],{"class":170},[81,912,913,915,917],{"class":83,"line":146},[81,914,634],{"class":590},[81,916,594],{"class":91},[81,918,639],{"class":170},[81,920,921,923,925],{"class":83,"line":158},[81,922,644],{"class":590},[81,924,594],{"class":91},[81,926,649],{"class":170},[81,928,929,931,933],{"class":83,"line":177},[81,930,654],{"class":590},[81,932,594],{"class":91},[81,934,659],{"class":170},[81,936,937],{"class":83,"line":192},[81,938,114],{"emptyLinePlaceholder":113},[81,940,941,943],{"class":83,"line":207},[81,942,668],{"class":590},[81,944,609],{"class":91},[81,946,947,949],{"class":83,"line":222},[81,948,675],{"class":91},[81,950,951],{"class":170}," package\n",[81,953,954,956],{"class":83,"line":227},[81,955,675],{"class":91},[81,957,678],{"class":170},[81,959,960],{"class":83,"line":242},[81,961,114],{"emptyLinePlaceholder":113},[81,963,964,967],{"class":83,"line":247},[81,965,966],{"class":590},"maven-package",[81,968,609],{"class":91},[81,970,971,973,975],{"class":83,"line":261},[81,972,703],{"class":590},[81,974,594],{"class":91},[81,976,977],{"class":170}," maven:3.6-jdk-11-slim\n",[81,979,980,982,984],{"class":83,"line":266},[81,981,694],{"class":590},[81,983,594],{"class":91},[81,985,951],{"class":170},[81,987,988,990],{"class":83,"line":284},[81,989,712],{"class":590},[81,991,609],{"class":91},[81,993,994,996],{"class":83,"line":289},[81,995,719],{"class":91},[81,997,998],{"class":170}," mvn $MAVEN_OPTS clean package -Dmaven.test.skip=true\n",[81,1000,1001,1003],{"class":83,"line":307},[81,1002,719],{"class":91},[81,1004,1005],{"class":170}," cp target\u002F$PROJECT_NAME.jar \u002Fcache\u002Fjars\u002F\n",[81,1007,1008,1010],{"class":83,"line":312},[81,1009,748],{"class":590},[81,1011,609],{"class":91},[81,1013,1014,1016],{"class":83,"line":325},[81,1015,719],{"class":91},[81,1017,757],{"class":170},[81,1019,1020],{"class":83,"line":337},[81,1021,114],{"emptyLinePlaceholder":113},[81,1023,1024,1026],{"class":83,"line":352},[81,1025,687],{"class":590},[81,1027,609],{"class":91},[81,1029,1030,1032,1034],{"class":83,"line":362},[81,1031,694],{"class":590},[81,1033,594],{"class":91},[81,1035,678],{"class":170},[81,1037,1038,1040,1042],{"class":83,"line":372},[81,1039,703],{"class":590},[81,1041,594],{"class":91},[81,1043,597],{"class":170},[81,1045,1046,1048],{"class":83,"line":382},[81,1047,712],{"class":590},[81,1049,609],{"class":91},[81,1051,1052,1054],{"class":83,"line":392},[81,1053,719],{"class":91},[81,1055,722],{"class":170},[81,1057,1058,1060],{"class":83,"line":403},[81,1059,719],{"class":91},[81,1061,1062],{"class":170}," mkdir target\n",[81,1064,1065,1067],{"class":83,"line":418},[81,1066,719],{"class":91},[81,1068,1069],{"class":170}," cp \u002Fcache\u002Fjars\u002F$PROJECT_NAME.jar target\n",[81,1071,1072,1074],{"class":83,"line":428},[81,1073,719],{"class":91},[81,1075,729],{"class":170},[81,1077,1078,1080],{"class":83,"line":433},[81,1079,719],{"class":91},[81,1081,736],{"class":170},[81,1083,1085,1087],{"class":83,"line":1084},33,[81,1086,719],{"class":91},[81,1088,743],{"class":170},[81,1090,1092,1094],{"class":83,"line":1091},34,[81,1093,748],{"class":590},[81,1095,609],{"class":91},[81,1097,1099,1101],{"class":83,"line":1098},35,[81,1100,719],{"class":91},[81,1102,757],{"class":170},[62,1104,1106],{"id":1105},"阿里云-k8s-配置","阿里云 k8s 配置",[28,1108,1109],{},"应用创建触发器：",[1111,1112],"post-image",{"filename":1113},"01.png",[28,1115,1116],{},"复制触发器 URL 到镜像仓库中创建推送触发器：",[1111,1118],{"filename":1119},"02.png",[28,1121,1122],{},"完成。",[1124,1125,1126],"style",{},"html pre.shiki code .sw1J6, html code.shiki .sw1J6{--shiki-light:#F76D47;--shiki-default:#D73A49;--shiki-dark:#F97583}html pre.shiki code .su5hD, html code.shiki .su5hD{--shiki-light:#90A4AE;--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .s_sjI, html code.shiki .s_sjI{--shiki-light:#91B859;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sQzsp, html code.shiki .sQzsp{--shiki-light:#E53935;--shiki-default:#22863A;--shiki-dark:#85E89D}html pre.shiki code .sP7_E, html code.shiki .sP7_E{--shiki-light:#39ADB5;--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .srdBf, html code.shiki .srdBf{--shiki-light:#F76D47;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .sbgvK, html code.shiki .sbgvK{--shiki-light:#E2931D;--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sjJ54, html code.shiki .sjJ54{--shiki-light:#39ADB5;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .syTEX, html code.shiki .syTEX{--shiki-light:#FF5370;--shiki-default:#005CC5;--shiki-dark:#79B8FF}",{"title":77,"searchDepth":99,"depth":99,"links":1128},[1129,1130,1131],{"id":64,"depth":99,"text":65},{"id":458,"depth":99,"text":458},{"id":1105,"depth":99,"text":1106},null,"png","2020-12-27","今年对于我个人而言，在 DevOps 上的最大收获，莫过于摸索了这套基于 GitLab CI 和 k8s 的持续交付解决方案，其实原理都很简单，在我去年的方案里又做了改进，实现了基于 git tag 的触发方式，并且把原先的本地打包推镜像改为在 GitLab Runner 上打包推镜像。",false,"md",{},"\u002Fposts\u002F2020\u002Fdevops-gitlab-ci-aliyun-k8s",{"text":1141,"minutes":1142,"time":1143,"words":1144},"3 min read",2.635,158100,527,{"title":23,"description":1135},{"loc":1139},"posts\u002F2020\u002F20201227.devops-gitlab-ci-aliyun-k8s",[1149,1150,1151],"技术","DevOps","k8s","Jz27CSI5_8F6FrpDl81aWz-abbc2KGOJHbYI2yw83E8",{"id":1154,"title":1155,"body":1156,"class":1132,"cover":1133,"coverSize":1132,"date":3145,"description":3146,"draft":1136,"extension":1137,"hideComments":1136,"location":1132,"meta":3147,"navigation":113,"path":3148,"readingTime":3149,"seo":3154,"sitemap":3155,"stem":3156,"tags":3157,"time":1132,"weather":3160,"__hash__":3161},"posts\u002Fposts\u002F2020\u002F20200227.k8s-cert-manager-tls.md","k8s 上利用 cert-manager 自动签发 TLS 证书",{"type":25,"value":1157,"toc":3143},[1158,1165,1172,1181,1189,1198,1202,1209,1230,1233,1339,1344,1373,1379,1463,1467,1553,1557,1581,1736,1741,1759,1762,1798,1801,1808,1948,1952,1970,1973,2019,2033,2040,2048,2524,2547,2565,2574,2577,2585,2588,2592,2595,2633,2678,2683,2748,2756,2761,2972,2976,2992,2994,3024,3027,3030,3074,3092,3103,3140],[28,1159,1160,1161,1164],{},"很多博主的 ",[32,1162,1163],{},"https"," 证书经常容易忘记更新，虽说证书过期前都会有邮件提醒，但是万一确实忙得没时间去处理，忘记了，就会出现证书过期的情况了。",[28,1166,1167,1168,1171],{},"之前在服务器上自己搭博客服务的时候，用 ",[32,1169,1170],{},"Let's Encrypt"," 来自动创建并续签证书，确实省了不少事。",[28,1173,1174,1175,1177,1178,1180],{},"在我的博客部署到 ",[32,1176,1151],{}," 之后，就一直用的一年一签的免费证书，每年更新一次，也不算特别麻烦，但是总归不够高端，我又怀念起了 ",[32,1179,1170],{},"。",[28,1182,1183,1185,1186,1188],{},[32,1184,1170],{}," 是个好东西，",[32,1187,1151],{}," 也是个好东西，两个好东西怎么结合呢？搜寻了一番确实有方案，经过几天的尝试，终于弄好了。花了几天是因为第一天因为有个粗心导致的问题，导致搞了好久没成功，休息了几天再次尝试，才找到问题。",[28,1190,1191,1192,1194,1195,1197],{},"有关 ",[32,1193,1151],{}," 的基础知识，这里不做赘述，网上教程很多，这里假设大家对 ",[32,1196,1151],{}," 都有一定了解。",[460,1199,1201],{"id":1200},"安装-cert-manager","安装 cert-manager",[28,1203,1204,1205,1208],{},"安装 ",[32,1206,1207],{},"helm"," 到本地",[72,1210,1214],{"className":1211,"code":1212,"language":1213,"meta":77,"style":77},"language-bash shiki shiki-themes material-theme-lighter github-light github-dark","$ brew install helm\n","bash",[32,1215,1216],{"__ignoreMap":77},[81,1217,1218,1221,1224,1227],{"class":83,"line":84},[81,1219,1220],{"class":123},"$",[81,1222,1223],{"class":170}," brew",[81,1225,1226],{"class":170}," install",[81,1228,1229],{"class":170}," helm\n",[28,1231,1232],{},"添加仓库和命名空间",[72,1234,1236],{"className":1211,"code":1235,"language":1213,"meta":77,"style":77},"$ kubectl create namespace cert-manager # 创建 cert-manager 命名空间\n$ kubectl label namespace cert-manager certmanager.io\u002Fdisable-validation=true # 标记 cert-manager 命名空间以禁用资源验证\n$ kubectl apply --validate=false -f https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager\u002Freleases\u002Fdownload\u002Fv0.14.1\u002Fcert-manager-legacy.crds.yaml # 安装 CustomResourceDefinition 资源，注意 k8s 版本低于 1.15 需要用 legacy 版本\n$ helm repo add jetstack https:\u002F\u002Fcharts.jetstack.io # 添加 Jetstack Helm repository\n$ helm repo update # 更新本地 Helm chart repository\n",[32,1237,1238,1258,1281,1303,1325],{"__ignoreMap":77},[81,1239,1240,1242,1245,1248,1251,1254],{"class":83,"line":84},[81,1241,1220],{"class":123},[81,1243,1244],{"class":170}," kubectl",[81,1246,1247],{"class":170}," create",[81,1249,1250],{"class":170}," namespace",[81,1252,1253],{"class":170}," cert-manager",[81,1255,1257],{"class":1256},"sutJx"," # 创建 cert-manager 命名空间\n",[81,1259,1260,1262,1264,1267,1269,1271,1274,1278],{"class":83,"line":99},[81,1261,1220],{"class":123},[81,1263,1244],{"class":170},[81,1265,1266],{"class":170}," label",[81,1268,1250],{"class":170},[81,1270,1253],{"class":170},[81,1272,1273],{"class":170}," certmanager.io\u002Fdisable-validation=",[81,1275,1277],{"class":1276},"s39Yj","true",[81,1279,1280],{"class":1256}," # 标记 cert-manager 命名空间以禁用资源验证\n",[81,1282,1283,1285,1287,1290,1294,1297,1300],{"class":83,"line":110},[81,1284,1220],{"class":123},[81,1286,1244],{"class":170},[81,1288,1289],{"class":170}," apply",[81,1291,1293],{"class":1292},"stzsN"," --validate=false",[81,1295,1296],{"class":1292}," -f",[81,1298,1299],{"class":170}," https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager\u002Freleases\u002Fdownload\u002Fv0.14.1\u002Fcert-manager-legacy.crds.yaml",[81,1301,1302],{"class":1256}," # 安装 CustomResourceDefinition 资源，注意 k8s 版本低于 1.15 需要用 legacy 版本\n",[81,1304,1305,1307,1310,1313,1316,1319,1322],{"class":83,"line":117},[81,1306,1220],{"class":123},[81,1308,1309],{"class":170}," helm",[81,1311,1312],{"class":170}," repo",[81,1314,1315],{"class":170}," add",[81,1317,1318],{"class":170}," jetstack",[81,1320,1321],{"class":170}," https:\u002F\u002Fcharts.jetstack.io",[81,1323,1324],{"class":1256}," # 添加 Jetstack Helm repository\n",[81,1326,1327,1329,1331,1333,1336],{"class":83,"line":130},[81,1328,1220],{"class":123},[81,1330,1309],{"class":170},[81,1332,1312],{"class":170},[81,1334,1335],{"class":170}," update",[81,1337,1338],{"class":1256}," # 更新本地 Helm chart repository\n",[28,1340,1204,1341],{},[32,1342,1343],{},"cert-manager",[72,1345,1347],{"className":1211,"code":1346,"language":1213,"meta":77,"style":77},"$ helm install cert-manager --namespace cert-manager --version v0.14.1 jetstack\u002Fcert-manager\n",[32,1348,1349],{"__ignoreMap":77},[81,1350,1351,1353,1355,1357,1359,1362,1364,1367,1370],{"class":83,"line":84},[81,1352,1220],{"class":123},[81,1354,1309],{"class":170},[81,1356,1226],{"class":170},[81,1358,1253],{"class":170},[81,1360,1361],{"class":1292}," --namespace",[81,1363,1253],{"class":170},[81,1365,1366],{"class":1292}," --version",[81,1368,1369],{"class":170}," v0.14.1",[81,1371,1372],{"class":170}," jetstack\u002Fcert-manager\n",[28,1374,1375,1376,1378],{},"查看 ",[32,1377,1343],{}," 安装情况",[72,1380,1382],{"className":1211,"code":1381,"language":1213,"meta":77,"style":77},"$ kubectl get pods --namespace cert-manager\nNAME                                       READY   STATUS    RESTARTS   AGE\ncert-manager-6cff8dc7b9-8vxws              1\u002F1     Running   0          4d10h\ncert-manager-cainjector-795c46858f-txczb   1\u002F1     Running   0          4d10h\ncert-manager-webhook-5dfc77cd74-skgsv      1\u002F1     Running   0          4d10h\n",[32,1383,1384,1401,1418,1435,1449],{"__ignoreMap":77},[81,1385,1386,1388,1390,1393,1396,1398],{"class":83,"line":84},[81,1387,1220],{"class":123},[81,1389,1244],{"class":170},[81,1391,1392],{"class":170}," get",[81,1394,1395],{"class":170}," pods",[81,1397,1361],{"class":1292},[81,1399,1400],{"class":170}," cert-manager\n",[81,1402,1403,1406,1409,1412,1415],{"class":83,"line":99},[81,1404,1405],{"class":123},"NAME",[81,1407,1408],{"class":170},"                                       READY",[81,1410,1411],{"class":170},"   STATUS",[81,1413,1414],{"class":170},"    RESTARTS",[81,1416,1417],{"class":170},"   AGE\n",[81,1419,1420,1423,1426,1429,1432],{"class":83,"line":110},[81,1421,1422],{"class":123},"cert-manager-6cff8dc7b9-8vxws",[81,1424,1425],{"class":170},"              1\u002F1",[81,1427,1428],{"class":170},"     Running",[81,1430,1431],{"class":95},"   0",[81,1433,1434],{"class":170},"          4d10h\n",[81,1436,1437,1440,1443,1445,1447],{"class":83,"line":117},[81,1438,1439],{"class":123},"cert-manager-cainjector-795c46858f-txczb",[81,1441,1442],{"class":170},"   1\u002F1",[81,1444,1428],{"class":170},[81,1446,1431],{"class":95},[81,1448,1434],{"class":170},[81,1450,1451,1454,1457,1459,1461],{"class":83,"line":130},[81,1452,1453],{"class":123},"cert-manager-webhook-5dfc77cd74-skgsv",[81,1455,1456],{"class":170},"      1\u002F1",[81,1458,1428],{"class":170},[81,1460,1431],{"class":95},[81,1462,1434],{"class":170},[460,1464,1466],{"id":1465},"更新-cert-manager","更新 cert-manager",[72,1468,1470],{"className":1211,"code":1469,"language":1213,"meta":77,"style":77},"$ kubectl delete -n cert-manager deployment cert-manager cert-manager-cainjector cert-manager-webhook\n\n$ kubectl apply --validate=false -f https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager\u002Freleases\u002Fdownload\u002Fv0.14.1\u002Fcert-manager-legacy.crds.yaml\n\n$ helm repo update\n$ helm upgrade --version v0.14.1 cert-manager jetstack\u002Fcert-manager -n cert-manager\n",[32,1471,1472,1497,1501,1516,1520,1531],{"__ignoreMap":77},[81,1473,1474,1476,1478,1481,1484,1486,1489,1491,1494],{"class":83,"line":84},[81,1475,1220],{"class":123},[81,1477,1244],{"class":170},[81,1479,1480],{"class":170}," delete",[81,1482,1483],{"class":1292}," -n",[81,1485,1253],{"class":170},[81,1487,1488],{"class":170}," deployment",[81,1490,1253],{"class":170},[81,1492,1493],{"class":170}," cert-manager-cainjector",[81,1495,1496],{"class":170}," cert-manager-webhook\n",[81,1498,1499],{"class":83,"line":99},[81,1500,114],{"emptyLinePlaceholder":113},[81,1502,1503,1505,1507,1509,1511,1513],{"class":83,"line":110},[81,1504,1220],{"class":123},[81,1506,1244],{"class":170},[81,1508,1289],{"class":170},[81,1510,1293],{"class":1292},[81,1512,1296],{"class":1292},[81,1514,1515],{"class":170}," https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager\u002Freleases\u002Fdownload\u002Fv0.14.1\u002Fcert-manager-legacy.crds.yaml\n",[81,1517,1518],{"class":83,"line":117},[81,1519,114],{"emptyLinePlaceholder":113},[81,1521,1522,1524,1526,1528],{"class":83,"line":130},[81,1523,1220],{"class":123},[81,1525,1309],{"class":170},[81,1527,1312],{"class":170},[81,1529,1530],{"class":170}," update\n",[81,1532,1533,1535,1537,1540,1542,1544,1546,1549,1551],{"class":83,"line":141},[81,1534,1220],{"class":123},[81,1536,1309],{"class":170},[81,1538,1539],{"class":170}," upgrade",[81,1541,1366],{"class":1292},[81,1543,1369],{"class":170},[81,1545,1253],{"class":170},[81,1547,1548],{"class":170}," jetstack\u002Fcert-manager",[81,1550,1483],{"class":1292},[81,1552,1400],{"class":170},[460,1554,1556],{"id":1555},"创建-clusterissuer","创建 ClusterIssuer",[28,1558,1559,1560,1562,1563,1566,1567,1570,1571,1573,1574,1576,1577,1580],{},"我们需要创建一个签发机构，",[32,1561,1343],{}," 提供了",[32,1564,1565],{},"Issuer"," 和 ",[32,1568,1569],{},"ClusterIssuer"," 两种类型的签发机构，",[32,1572,1565],{}," 只能用来签发自己所在命名空间下的证书，ClusterIssuer 可以签发任意命名空间下的证书，我这里用 ",[32,1575,1569],{}," 为例，创建 ",[32,1578,1579],{},"letsencrypt-prod.yaml"," 文件：",[72,1582,1584],{"className":581,"code":1583,"language":583,"meta":77,"style":77},"apiVersion: cert-manager.io\u002Fv1alpha2\nkind: ClusterIssuer\nmetadata:\n  labels:\n    name: letsencrypt-prod\n  name: letsencrypt-prod # 自定义的签发机构名称，后面会引用\nspec:\n  acme:\n    email: yourname@youremail.com # 你的邮箱，证书快过期的时候会邮件提醒，不过我们可以设置自动续期\n    solvers:\n      - http01:\n          ingress:\n            class: nginx\n    privateKeySecretRef:\n      name: letsencrypt-prod # 指示此签发机构的私钥将要存储到哪个 Secret 对象中\n    server: https:\u002F\u002Facme-v02.api.letsencrypt.org\u002Fdirectory # acme 协议的服务端，我们用 Let's Encrypt\n",[32,1585,1586,1596,1606,1613,1620,1630,1643,1650,1657,1670,1677,1687,1694,1704,1711,1723],{"__ignoreMap":77},[81,1587,1588,1591,1593],{"class":83,"line":84},[81,1589,1590],{"class":590},"apiVersion",[81,1592,594],{"class":91},[81,1594,1595],{"class":170}," cert-manager.io\u002Fv1alpha2\n",[81,1597,1598,1601,1603],{"class":83,"line":99},[81,1599,1600],{"class":590},"kind",[81,1602,594],{"class":91},[81,1604,1605],{"class":170}," ClusterIssuer\n",[81,1607,1608,1611],{"class":83,"line":110},[81,1609,1610],{"class":590},"metadata",[81,1612,609],{"class":91},[81,1614,1615,1618],{"class":83,"line":117},[81,1616,1617],{"class":590},"  labels",[81,1619,609],{"class":91},[81,1621,1622,1625,1627],{"class":83,"line":130},[81,1623,1624],{"class":590},"    name",[81,1626,594],{"class":91},[81,1628,1629],{"class":170}," letsencrypt-prod\n",[81,1631,1632,1635,1637,1640],{"class":83,"line":141},[81,1633,1634],{"class":590},"  name",[81,1636,594],{"class":91},[81,1638,1639],{"class":170}," letsencrypt-prod",[81,1641,1642],{"class":1256}," # 自定义的签发机构名称，后面会引用\n",[81,1644,1645,1648],{"class":83,"line":146},[81,1646,1647],{"class":590},"spec",[81,1649,609],{"class":91},[81,1651,1652,1655],{"class":83,"line":158},[81,1653,1654],{"class":590},"  acme",[81,1656,609],{"class":91},[81,1658,1659,1662,1664,1667],{"class":83,"line":177},[81,1660,1661],{"class":590},"    email",[81,1663,594],{"class":91},[81,1665,1666],{"class":170}," yourname@youremail.com",[81,1668,1669],{"class":1256}," # 你的邮箱，证书快过期的时候会邮件提醒，不过我们可以设置自动续期\n",[81,1671,1672,1675],{"class":83,"line":192},[81,1673,1674],{"class":590},"    solvers",[81,1676,609],{"class":91},[81,1678,1679,1682,1685],{"class":83,"line":207},[81,1680,1681],{"class":91},"      -",[81,1683,1684],{"class":590}," http01",[81,1686,609],{"class":91},[81,1688,1689,1692],{"class":83,"line":222},[81,1690,1691],{"class":590},"          ingress",[81,1693,609],{"class":91},[81,1695,1696,1699,1701],{"class":83,"line":227},[81,1697,1698],{"class":590},"            class",[81,1700,594],{"class":91},[81,1702,1703],{"class":170}," nginx\n",[81,1705,1706,1709],{"class":83,"line":242},[81,1707,1708],{"class":590},"    privateKeySecretRef",[81,1710,609],{"class":91},[81,1712,1713,1716,1718,1720],{"class":83,"line":247},[81,1714,1715],{"class":590},"      name",[81,1717,594],{"class":91},[81,1719,1639],{"class":170},[81,1721,1722],{"class":1256}," # 指示此签发机构的私钥将要存储到哪个 Secret 对象中\n",[81,1724,1725,1728,1730,1733],{"class":83,"line":261},[81,1726,1727],{"class":590},"    server",[81,1729,594],{"class":91},[81,1731,1732],{"class":170}," https:\u002F\u002Facme-v02.api.letsencrypt.org\u002Fdirectory",[81,1734,1735],{"class":1256}," # acme 协议的服务端，我们用 Let's Encrypt\n",[28,1737,1738,1739],{},"应用 ",[32,1740,583],{},[72,1742,1744],{"className":1211,"code":1743,"language":1213,"meta":77,"style":77},"$ kubectl create -f letsencrypt-prod.yaml\n",[32,1745,1746],{"__ignoreMap":77},[81,1747,1748,1750,1752,1754,1756],{"class":83,"line":84},[81,1749,1220],{"class":123},[81,1751,1244],{"class":170},[81,1753,1247],{"class":170},[81,1755,1296],{"class":1292},[81,1757,1758],{"class":170}," letsencrypt-prod.yaml\n",[28,1760,1761],{},"查看状态",[72,1763,1765],{"className":1211,"code":1764,"language":1213,"meta":77,"style":77},"$ kubectl get clusterissuer\nNAME               READY   AGE\nletsencrypt-prod   True    51s\n",[32,1766,1767,1778,1787],{"__ignoreMap":77},[81,1768,1769,1771,1773,1775],{"class":83,"line":84},[81,1770,1220],{"class":123},[81,1772,1244],{"class":170},[81,1774,1392],{"class":170},[81,1776,1777],{"class":170}," clusterissuer\n",[81,1779,1780,1782,1785],{"class":83,"line":99},[81,1781,1405],{"class":123},[81,1783,1784],{"class":170},"               READY",[81,1786,1417],{"class":170},[81,1788,1789,1792,1795],{"class":83,"line":110},[81,1790,1791],{"class":123},"letsencrypt-prod",[81,1793,1794],{"class":170},"   True",[81,1796,1797],{"class":170},"    51s\n",[460,1799,1800],{"id":1800},"手动签发证书",[28,1802,1803,1804,1807],{},"手动签发证书，创建 ",[32,1805,1806],{},"test-monkeyrun-net-cert.yaml"," 文件",[72,1809,1811],{"className":581,"code":1810,"language":583,"meta":77,"style":77},"apiVersion: cert-manager.io\u002Fv1alpha2\nkind: Certificate\nmetadata:\n  name: test-monkeyrun-net-cert\n  namespace: test\nspec:\n  secretName: tls-test-monkeyrun-net # 证书保存的 secret 名\n  duration: 2160h # 90d\n  renewBefore: 720h # 30d\n  dnsNames:\n    - test.monkeyrun.net\n  issuerRef:\n    name: letsencrypt-prod\n    kind: ClusterIssuer\n    group: cert-manager.io\n",[32,1812,1813,1821,1830,1836,1845,1855,1861,1874,1887,1900,1907,1914,1921,1929,1938],{"__ignoreMap":77},[81,1814,1815,1817,1819],{"class":83,"line":84},[81,1816,1590],{"class":590},[81,1818,594],{"class":91},[81,1820,1595],{"class":170},[81,1822,1823,1825,1827],{"class":83,"line":99},[81,1824,1600],{"class":590},[81,1826,594],{"class":91},[81,1828,1829],{"class":170}," Certificate\n",[81,1831,1832,1834],{"class":83,"line":110},[81,1833,1610],{"class":590},[81,1835,609],{"class":91},[81,1837,1838,1840,1842],{"class":83,"line":117},[81,1839,1634],{"class":590},[81,1841,594],{"class":91},[81,1843,1844],{"class":170}," test-monkeyrun-net-cert\n",[81,1846,1847,1850,1852],{"class":83,"line":130},[81,1848,1849],{"class":590},"  namespace",[81,1851,594],{"class":91},[81,1853,1854],{"class":170}," test\n",[81,1856,1857,1859],{"class":83,"line":141},[81,1858,1647],{"class":590},[81,1860,609],{"class":91},[81,1862,1863,1866,1868,1871],{"class":83,"line":146},[81,1864,1865],{"class":590},"  secretName",[81,1867,594],{"class":91},[81,1869,1870],{"class":170}," tls-test-monkeyrun-net",[81,1872,1873],{"class":1256}," # 证书保存的 secret 名\n",[81,1875,1876,1879,1881,1884],{"class":83,"line":158},[81,1877,1878],{"class":590},"  duration",[81,1880,594],{"class":91},[81,1882,1883],{"class":170}," 2160h",[81,1885,1886],{"class":1256}," # 90d\n",[81,1888,1889,1892,1894,1897],{"class":83,"line":177},[81,1890,1891],{"class":590},"  renewBefore",[81,1893,594],{"class":91},[81,1895,1896],{"class":170}," 720h",[81,1898,1899],{"class":1256}," # 30d\n",[81,1901,1902,1905],{"class":83,"line":192},[81,1903,1904],{"class":590},"  dnsNames",[81,1906,609],{"class":91},[81,1908,1909,1911],{"class":83,"line":207},[81,1910,719],{"class":91},[81,1912,1913],{"class":170}," test.monkeyrun.net\n",[81,1915,1916,1919],{"class":83,"line":222},[81,1917,1918],{"class":590},"  issuerRef",[81,1920,609],{"class":91},[81,1922,1923,1925,1927],{"class":83,"line":227},[81,1924,1624],{"class":590},[81,1926,594],{"class":91},[81,1928,1629],{"class":170},[81,1930,1931,1934,1936],{"class":83,"line":242},[81,1932,1933],{"class":590},"    kind",[81,1935,594],{"class":91},[81,1937,1605],{"class":170},[81,1939,1940,1943,1945],{"class":83,"line":247},[81,1941,1942],{"class":590},"    group",[81,1944,594],{"class":91},[81,1946,1947],{"class":170}," cert-manager.io\n",[28,1949,1738,1950],{},[32,1951,583],{},[72,1953,1955],{"className":1211,"code":1954,"language":1213,"meta":77,"style":77},"$ kubectl apply -f test-monkeyrun-net-cert.yaml\n",[32,1956,1957],{"__ignoreMap":77},[81,1958,1959,1961,1963,1965,1967],{"class":83,"line":84},[81,1960,1220],{"class":123},[81,1962,1244],{"class":170},[81,1964,1289],{"class":170},[81,1966,1296],{"class":1292},[81,1968,1969],{"class":170}," test-monkeyrun-net-cert.yaml\n",[28,1971,1972],{},"检查是否生成证书文件",[72,1974,1976],{"className":1211,"code":1975,"language":1213,"meta":77,"style":77},"$ kubectl get certificate -n test\nNAME                      READY   SECRET                   AGE\ntest-monkeyrun-net-cert   True    test-monkeyrun-net-tls   99m\n",[32,1977,1978,1993,2006],{"__ignoreMap":77},[81,1979,1980,1982,1984,1986,1989,1991],{"class":83,"line":84},[81,1981,1220],{"class":123},[81,1983,1244],{"class":170},[81,1985,1392],{"class":170},[81,1987,1988],{"class":170}," certificate",[81,1990,1483],{"class":1292},[81,1992,1854],{"class":170},[81,1994,1995,1997,2000,2003],{"class":83,"line":99},[81,1996,1405],{"class":123},[81,1998,1999],{"class":170},"                      READY",[81,2001,2002],{"class":170},"   SECRET",[81,2004,2005],{"class":170},"                   AGE\n",[81,2007,2008,2011,2013,2016],{"class":83,"line":110},[81,2009,2010],{"class":123},"test-monkeyrun-net-cert",[81,2012,1794],{"class":170},[81,2014,2015],{"class":170},"    test-monkeyrun-net-tls",[81,2017,2018],{"class":170},"   99m\n",[28,2020,2021,2022,2025,2026,2029,2030,2032],{},"将该证书配置到 ",[32,2023,2024],{},"test.monkeyrun.net"," 的 ",[32,2027,2028],{},"ingress"," 上，测试 ",[32,2031,1163],{}," 访问，成功。",[460,2034,2036],{"id":2035},"创建deployment时自动签发证书",[2037,2038,2039],"del",{},"创建Deployment时自动签发证书",[28,2041,2042],{},[2037,2043,2044,2045],{},"创建 ",[32,2046,2047],{},"test-nginx.yaml",[72,2049,2051],{"className":581,"code":2050,"language":583,"meta":77,"style":77},"apiVersion: extensions\u002Fv1beta1\nkind: Deployment\nmetadata:\n  name: test-nginx\n  namespace: test\nspec:\n  replicas: 1\n  template:\n    metadata:\n      labels:\n        run: test-nginx\n    spec:\n      containers:\n        - name: test-nginx\n          image: nginx\n          ports:\n            - containerPort: 80\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: test-nginx\n  namespace: test\n  labels:\n    app: test-nginx\nspec:\n  ports:\n    - port: 80\n      protocol: TCP\n      name: http\n  selector:\n    run: test-nginx\n---\napiVersion: extensions\u002Fv1beta1\nkind: Ingress\nmetadata:\n  name: test-nginx\n  namespace: test\n  annotations:\n    kubernetes.io\u002Fingress.class: nginx\n    kubernetes.io\u002Ftls-acme: 'true'\n    certmanager.io\u002Fcluster-issuer: letsencrypt-prod\nspec:\n  rules:\n    - host: test.monkeyrun.net\n      http:\n        paths:\n          - backend:\n              serviceName: test-nginx\n              servicePort: 80\n            path: \u002F\n  tls:\n    - secretName: tls-test-monkeyrun-net\n      hosts:\n        - test.monkeyrun.net\n",[32,2052,2053,2062,2071,2077,2086,2094,2100,2109,2116,2123,2130,2139,2146,2153,2165,2174,2181,2194,2199,2208,2217,2223,2231,2239,2245,2254,2260,2267,2278,2288,2297,2304,2313,2317,2325,2334,2341,2350,2359,2367,2377,2393,2403,2410,2418,2430,2438,2446,2457,2467,2477,2488,2496,2509,2517],{"__ignoreMap":77},[81,2054,2055,2057,2059],{"class":83,"line":84},[81,2056,1590],{"class":590},[81,2058,594],{"class":91},[81,2060,2061],{"class":170}," extensions\u002Fv1beta1\n",[81,2063,2064,2066,2068],{"class":83,"line":99},[81,2065,1600],{"class":590},[81,2067,594],{"class":91},[81,2069,2070],{"class":170}," Deployment\n",[81,2072,2073,2075],{"class":83,"line":110},[81,2074,1610],{"class":590},[81,2076,609],{"class":91},[81,2078,2079,2081,2083],{"class":83,"line":117},[81,2080,1634],{"class":590},[81,2082,594],{"class":91},[81,2084,2085],{"class":170}," test-nginx\n",[81,2087,2088,2090,2092],{"class":83,"line":130},[81,2089,1849],{"class":590},[81,2091,594],{"class":91},[81,2093,1854],{"class":170},[81,2095,2096,2098],{"class":83,"line":141},[81,2097,1647],{"class":590},[81,2099,609],{"class":91},[81,2101,2102,2105,2107],{"class":83,"line":146},[81,2103,2104],{"class":590},"  replicas",[81,2106,594],{"class":91},[81,2108,96],{"class":95},[81,2110,2111,2114],{"class":83,"line":158},[81,2112,2113],{"class":590},"  template",[81,2115,609],{"class":91},[81,2117,2118,2121],{"class":83,"line":177},[81,2119,2120],{"class":590},"    metadata",[81,2122,609],{"class":91},[81,2124,2125,2128],{"class":83,"line":192},[81,2126,2127],{"class":590},"      labels",[81,2129,609],{"class":91},[81,2131,2132,2135,2137],{"class":83,"line":207},[81,2133,2134],{"class":590},"        run",[81,2136,594],{"class":91},[81,2138,2085],{"class":170},[81,2140,2141,2144],{"class":83,"line":222},[81,2142,2143],{"class":590},"    spec",[81,2145,609],{"class":91},[81,2147,2148,2151],{"class":83,"line":227},[81,2149,2150],{"class":590},"      containers",[81,2152,609],{"class":91},[81,2154,2155,2158,2161,2163],{"class":83,"line":242},[81,2156,2157],{"class":91},"        -",[81,2159,2160],{"class":590}," name",[81,2162,594],{"class":91},[81,2164,2085],{"class":170},[81,2166,2167,2170,2172],{"class":83,"line":247},[81,2168,2169],{"class":590},"          image",[81,2171,594],{"class":91},[81,2173,1703],{"class":170},[81,2175,2176,2179],{"class":83,"line":261},[81,2177,2178],{"class":590},"          ports",[81,2180,609],{"class":91},[81,2182,2183,2186,2189,2191],{"class":83,"line":266},[81,2184,2185],{"class":91},"            -",[81,2187,2188],{"class":590}," containerPort",[81,2190,594],{"class":91},[81,2192,2193],{"class":95}," 80\n",[81,2195,2196],{"class":83,"line":284},[81,2197,2198],{"class":123},"---\n",[81,2200,2201,2203,2205],{"class":83,"line":289},[81,2202,1590],{"class":590},[81,2204,594],{"class":91},[81,2206,2207],{"class":170}," v1\n",[81,2209,2210,2212,2214],{"class":83,"line":307},[81,2211,1600],{"class":590},[81,2213,594],{"class":91},[81,2215,2216],{"class":170}," Service\n",[81,2218,2219,2221],{"class":83,"line":312},[81,2220,1610],{"class":590},[81,2222,609],{"class":91},[81,2224,2225,2227,2229],{"class":83,"line":325},[81,2226,1634],{"class":590},[81,2228,594],{"class":91},[81,2230,2085],{"class":170},[81,2232,2233,2235,2237],{"class":83,"line":337},[81,2234,1849],{"class":590},[81,2236,594],{"class":91},[81,2238,1854],{"class":170},[81,2240,2241,2243],{"class":83,"line":352},[81,2242,1617],{"class":590},[81,2244,609],{"class":91},[81,2246,2247,2250,2252],{"class":83,"line":362},[81,2248,2249],{"class":590},"    app",[81,2251,594],{"class":91},[81,2253,2085],{"class":170},[81,2255,2256,2258],{"class":83,"line":372},[81,2257,1647],{"class":590},[81,2259,609],{"class":91},[81,2261,2262,2265],{"class":83,"line":382},[81,2263,2264],{"class":590},"  ports",[81,2266,609],{"class":91},[81,2268,2269,2271,2274,2276],{"class":83,"line":392},[81,2270,719],{"class":91},[81,2272,2273],{"class":590}," port",[81,2275,594],{"class":91},[81,2277,2193],{"class":95},[81,2279,2280,2283,2285],{"class":83,"line":403},[81,2281,2282],{"class":590},"      protocol",[81,2284,594],{"class":91},[81,2286,2287],{"class":170}," TCP\n",[81,2289,2290,2292,2294],{"class":83,"line":418},[81,2291,1715],{"class":590},[81,2293,594],{"class":91},[81,2295,2296],{"class":170}," http\n",[81,2298,2299,2302],{"class":83,"line":428},[81,2300,2301],{"class":590},"  selector",[81,2303,609],{"class":91},[81,2305,2306,2309,2311],{"class":83,"line":433},[81,2307,2308],{"class":590},"    run",[81,2310,594],{"class":91},[81,2312,2085],{"class":170},[81,2314,2315],{"class":83,"line":1084},[81,2316,2198],{"class":123},[81,2318,2319,2321,2323],{"class":83,"line":1091},[81,2320,1590],{"class":590},[81,2322,594],{"class":91},[81,2324,2061],{"class":170},[81,2326,2327,2329,2331],{"class":83,"line":1098},[81,2328,1600],{"class":590},[81,2330,594],{"class":91},[81,2332,2333],{"class":170}," Ingress\n",[81,2335,2337,2339],{"class":83,"line":2336},36,[81,2338,1610],{"class":590},[81,2340,609],{"class":91},[81,2342,2344,2346,2348],{"class":83,"line":2343},37,[81,2345,1634],{"class":590},[81,2347,594],{"class":91},[81,2349,2085],{"class":170},[81,2351,2353,2355,2357],{"class":83,"line":2352},38,[81,2354,1849],{"class":590},[81,2356,594],{"class":91},[81,2358,1854],{"class":170},[81,2360,2362,2365],{"class":83,"line":2361},39,[81,2363,2364],{"class":590},"  annotations",[81,2366,609],{"class":91},[81,2368,2370,2373,2375],{"class":83,"line":2369},40,[81,2371,2372],{"class":590},"    kubernetes.io\u002Fingress.class",[81,2374,594],{"class":91},[81,2376,1703],{"class":170},[81,2378,2380,2383,2385,2388,2390],{"class":83,"line":2379},41,[81,2381,2382],{"class":590},"    kubernetes.io\u002Ftls-acme",[81,2384,594],{"class":91},[81,2386,2387],{"class":166}," '",[81,2389,1277],{"class":170},[81,2391,2392],{"class":166},"'\n",[81,2394,2396,2399,2401],{"class":83,"line":2395},42,[81,2397,2398],{"class":590},"    certmanager.io\u002Fcluster-issuer",[81,2400,594],{"class":91},[81,2402,1629],{"class":170},[81,2404,2406,2408],{"class":83,"line":2405},43,[81,2407,1647],{"class":590},[81,2409,609],{"class":91},[81,2411,2413,2416],{"class":83,"line":2412},44,[81,2414,2415],{"class":590},"  rules",[81,2417,609],{"class":91},[81,2419,2421,2423,2426,2428],{"class":83,"line":2420},45,[81,2422,719],{"class":91},[81,2424,2425],{"class":590}," host",[81,2427,594],{"class":91},[81,2429,1913],{"class":170},[81,2431,2433,2436],{"class":83,"line":2432},46,[81,2434,2435],{"class":590},"      http",[81,2437,609],{"class":91},[81,2439,2441,2444],{"class":83,"line":2440},47,[81,2442,2443],{"class":590},"        paths",[81,2445,609],{"class":91},[81,2447,2449,2452,2455],{"class":83,"line":2448},48,[81,2450,2451],{"class":91},"          -",[81,2453,2454],{"class":590}," backend",[81,2456,609],{"class":91},[81,2458,2460,2463,2465],{"class":83,"line":2459},49,[81,2461,2462],{"class":590},"              serviceName",[81,2464,594],{"class":91},[81,2466,2085],{"class":170},[81,2468,2470,2473,2475],{"class":83,"line":2469},50,[81,2471,2472],{"class":590},"              servicePort",[81,2474,594],{"class":91},[81,2476,2193],{"class":95},[81,2478,2480,2483,2485],{"class":83,"line":2479},51,[81,2481,2482],{"class":590},"            path",[81,2484,594],{"class":91},[81,2486,2487],{"class":170}," \u002F\n",[81,2489,2491,2494],{"class":83,"line":2490},52,[81,2492,2493],{"class":590},"  tls",[81,2495,609],{"class":91},[81,2497,2499,2501,2504,2506],{"class":83,"line":2498},53,[81,2500,719],{"class":91},[81,2502,2503],{"class":590}," secretName",[81,2505,594],{"class":91},[81,2507,2508],{"class":170}," tls-test-monkeyrun-net\n",[81,2510,2512,2515],{"class":83,"line":2511},54,[81,2513,2514],{"class":590},"      hosts",[81,2516,609],{"class":91},[81,2518,2520,2522],{"class":83,"line":2519},55,[81,2521,2157],{"class":91},[81,2523,1913],{"class":170},[28,2525,2526],{},[2037,2527,2528,2529,2532,2533,2536,2537,1566,2540,2543,2544,2546],{},"删除之前手动创建的 ",[32,2530,2531],{},"Deployment","、",[32,2534,2535],{},"Service"," 、 ",[32,2538,2539],{},"Ingress",[32,2541,2542],{},"Secret"," 后， 应用 ",[32,2545,583],{}," 来自动创建",[72,2548,2550],{"className":1211,"code":2549,"language":1213,"meta":77,"style":77},"$ kubectl apply -f test-nginx.yaml\n",[32,2551,2552],{"__ignoreMap":77},[81,2553,2554,2556,2558,2560,2562],{"class":83,"line":84},[81,2555,1220],{"class":123},[81,2557,1244],{"class":170},[81,2559,1289],{"class":170},[81,2561,1296],{"class":1292},[81,2563,2564],{"class":170}," test-nginx.yaml\n",[28,2566,2567],{},[2037,2568,2569,2570,2573],{},"打开 ",[32,2571,2572],{},"https:\u002F\u002Ftest.monkeyrun.net"," 测试，成功！",[28,2575,2576],{},"不知为何再次使用自动签发证书的时候会报错：",[72,2578,2583],{"className":2579,"code":2581,"language":2582},[2580],"language-text","E0330 07:46:30.070412       1 sync.go:57] cert-manager\u002Fcontroller\u002Fingress-shim \"msg\"=\"failed to determine issuer to be used for ingress resource\" \"error\"=\"failed to determine issuer name to be used for ingress resource\" \"resource_kind\"=\"Ingress\" \"resource_name\"=\"xxx\" \"resource_namespace\"=\"xxx\"\n","text",[32,2584,2581],{"__ignoreMap":77},[28,2586,2587],{},"解决了半天都没能找到问题，所以还是用手动签发吧，反正也是一次性的操作。",[460,2589,2591],{"id":2590},"通过-dns-验证域名","通过 DNS 验证域名",[28,2593,2594],{},"刚才通过 http01 的方式验证域名会有个问题，对于已经部署上线的项目，没办法去验证，所以可以通过 dns 的方式来验证。",[28,2596,2597],{},[2037,2598,2599,2600,2607,2608,2613,2614,2617,2618,2620,2621,2626,2627,2632],{},"经过搜寻，找到了几篇文章，都是利用 ",[2601,2602,2606],"a",{"href":2603,"rel":2604},"https:\u002F\u002Fgithub.com\u002Fkevinniu666",[2605],"nofollow","kevinniu666"," 这位仁兄基于  ",[2601,2609,2612],{"href":2610,"rel":2611},"https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager-webhook-example",[2605],"jetstack\u002Fcert-manager-webhook-example"," 改成 ",[32,2615,2616],{},"alidns"," 的版本来搞的，不过尝试了下，他这里面 ",[32,2619,1343],{}," 版本太老已经跑不起来了，从 GitHub 的 forks 树里面找到了最新的一个 fork，",[2601,2622,2625],{"href":2623,"rel":2624},"https:\u002F\u002Fgithub.com\u002Fcolprog\u002Fcert-manager-webhook-alidns",[2605],"colprog\u002Fcert0manager-webhooks-alidns","，尝试了下，也不行，他应该是改了镜像，但是不可用了。重新尝试了下上一代 fork ",[2601,2628,2631],{"href":2629,"rel":2630},"https:\u002F\u002Fgithub.com\u002Fpangzineng\u002Fcert-manager-webhook-alidns",[2605],"pangzineng\u002Fcert-manager-webhook-alidns","，可用。",[72,2634,2636],{"className":1211,"code":2635,"language":1213,"meta":77,"style":77},"$ git clone https:\u002F\u002Fgithub.com\u002Fpangzineng\u002Fcert-manager-webhook-alidns.git\n$ cd cert-manager-webhook-alidns\n$ helm install cert-manager-webhook-alidns --namespace=cert-manager .\u002Fdeploy\u002Fwebhook-alidns\n",[32,2637,2638,2651,2661],{"__ignoreMap":77},[81,2639,2640,2642,2645,2648],{"class":83,"line":84},[81,2641,1220],{"class":123},[81,2643,2644],{"class":170}," git",[81,2646,2647],{"class":170}," clone",[81,2649,2650],{"class":170}," https:\u002F\u002Fgithub.com\u002Fpangzineng\u002Fcert-manager-webhook-alidns.git\n",[81,2652,2653,2655,2658],{"class":83,"line":99},[81,2654,1220],{"class":123},[81,2656,2657],{"class":170}," cd",[81,2659,2660],{"class":170}," cert-manager-webhook-alidns\n",[81,2662,2663,2665,2667,2669,2672,2675],{"class":83,"line":110},[81,2664,1220],{"class":123},[81,2666,1309],{"class":170},[81,2668,1226],{"class":170},[81,2670,2671],{"class":170}," cert-manager-webhook-alidns",[81,2673,2674],{"class":1292}," --namespace=cert-manager",[81,2676,2677],{"class":170}," .\u002Fdeploy\u002Fwebhook-alidns\n",[28,2679,2680],{},[2037,2681,2682],{},"创建 alidns AccessKey Id 和 Secret",[72,2684,2686],{"className":1211,"code":2685,"language":1213,"meta":77,"style":77},"$ kubectl -n cert-manager create secret generic alidns-access-key-id --from-literal=accessKeyId='xxxxxxx'\n$ kubectl -n cert-manager create secret generic alidns-access-key-secret --from-literal=accessKeySecret='xxxxxxx'\n",[32,2687,2688,2720],{"__ignoreMap":77},[81,2689,2690,2692,2694,2696,2698,2700,2703,2706,2709,2712,2715,2718],{"class":83,"line":84},[81,2691,1220],{"class":123},[81,2693,1244],{"class":170},[81,2695,1483],{"class":1292},[81,2697,1253],{"class":170},[81,2699,1247],{"class":170},[81,2701,2702],{"class":170}," secret",[81,2704,2705],{"class":170}," generic",[81,2707,2708],{"class":170}," alidns-access-key-id",[81,2710,2711],{"class":1292}," --from-literal=accessKeyId=",[81,2713,2714],{"class":166},"'",[81,2716,2717],{"class":170},"xxxxxxx",[81,2719,2392],{"class":166},[81,2721,2722,2724,2726,2728,2730,2732,2734,2736,2739,2742,2744,2746],{"class":83,"line":99},[81,2723,1220],{"class":123},[81,2725,1244],{"class":170},[81,2727,1483],{"class":1292},[81,2729,1253],{"class":170},[81,2731,1247],{"class":170},[81,2733,2702],{"class":170},[81,2735,2705],{"class":170},[81,2737,2738],{"class":170}," alidns-access-key-secret",[81,2740,2741],{"class":1292}," --from-literal=accessKeySecret=",[81,2743,2714],{"class":166},[81,2745,2717],{"class":170},[81,2747,2392],{"class":166},[28,2749,2750,2751],{},"更新：使用 ",[2601,2752,2755],{"href":2753,"rel":2754},"https:\u002F\u002Fgithub.com\u002Fpragkent\u002Falidns-webhook\u002Ftree\u002Fmaster",[2605],"pragkent\u002Falidns-webhook",[28,2757,2758,2759],{},"修改我们之前创建的 ",[32,2760,1579],{},[72,2762,2764],{"className":581,"code":2763,"language":583,"meta":77,"style":77},"apiVersion: cert-manager.io\u002Fv1\nkind: ClusterIssuer\nmetadata:\n  labels:\n    name: letsencrypt-prod\n  name: letsencrypt-prod # 自定义的签发机构名称，后面会引用\nspec:\n  acme:\n    email: yourname@youremail.com # 你的邮箱，证书快过期的时候会邮件提醒，不过我们可以设置自动续期\n    solvers:\n      - dns01:\n          webhook:\n            groupName: yourgroup.com\n            solverName: alidns\n            config:\n              region: ''\n              accessKeySecretRef:\n                name: alidns-secret\n                key: access-key\n              secretKeySecretRef:\n                name: alidns-secret\n                key: secret-key\n    privateKeySecretRef:\n      name: letsencrypt-prod-account-key # 指示此签发机构的私钥将要存储到哪个 Secret 对象中\n    server: https:\u002F\u002Facme-v02.api.letsencrypt.org\u002Fdirectory # acme 协议的服务端，我们用 Let's Encrypt\n",[32,2765,2766,2775,2783,2789,2795,2803,2813,2819,2825,2835,2841,2850,2857,2867,2877,2884,2894,2901,2911,2921,2928,2936,2945,2951,2962],{"__ignoreMap":77},[81,2767,2768,2770,2772],{"class":83,"line":84},[81,2769,1590],{"class":590},[81,2771,594],{"class":91},[81,2773,2774],{"class":170}," cert-manager.io\u002Fv1\n",[81,2776,2777,2779,2781],{"class":83,"line":99},[81,2778,1600],{"class":590},[81,2780,594],{"class":91},[81,2782,1605],{"class":170},[81,2784,2785,2787],{"class":83,"line":110},[81,2786,1610],{"class":590},[81,2788,609],{"class":91},[81,2790,2791,2793],{"class":83,"line":117},[81,2792,1617],{"class":590},[81,2794,609],{"class":91},[81,2796,2797,2799,2801],{"class":83,"line":130},[81,2798,1624],{"class":590},[81,2800,594],{"class":91},[81,2802,1629],{"class":170},[81,2804,2805,2807,2809,2811],{"class":83,"line":141},[81,2806,1634],{"class":590},[81,2808,594],{"class":91},[81,2810,1639],{"class":170},[81,2812,1642],{"class":1256},[81,2814,2815,2817],{"class":83,"line":146},[81,2816,1647],{"class":590},[81,2818,609],{"class":91},[81,2820,2821,2823],{"class":83,"line":158},[81,2822,1654],{"class":590},[81,2824,609],{"class":91},[81,2826,2827,2829,2831,2833],{"class":83,"line":177},[81,2828,1661],{"class":590},[81,2830,594],{"class":91},[81,2832,1666],{"class":170},[81,2834,1669],{"class":1256},[81,2836,2837,2839],{"class":83,"line":192},[81,2838,1674],{"class":590},[81,2840,609],{"class":91},[81,2842,2843,2845,2848],{"class":83,"line":207},[81,2844,1681],{"class":91},[81,2846,2847],{"class":590}," dns01",[81,2849,609],{"class":91},[81,2851,2852,2855],{"class":83,"line":222},[81,2853,2854],{"class":590},"          webhook",[81,2856,609],{"class":91},[81,2858,2859,2862,2864],{"class":83,"line":227},[81,2860,2861],{"class":590},"            groupName",[81,2863,594],{"class":91},[81,2865,2866],{"class":170}," yourgroup.com\n",[81,2868,2869,2872,2874],{"class":83,"line":242},[81,2870,2871],{"class":590},"            solverName",[81,2873,594],{"class":91},[81,2875,2876],{"class":170}," alidns\n",[81,2878,2879,2882],{"class":83,"line":247},[81,2880,2881],{"class":590},"            config",[81,2883,609],{"class":91},[81,2885,2886,2889,2891],{"class":83,"line":261},[81,2887,2888],{"class":590},"              region",[81,2890,594],{"class":91},[81,2892,2893],{"class":166}," ''\n",[81,2895,2896,2899],{"class":83,"line":266},[81,2897,2898],{"class":590},"              accessKeySecretRef",[81,2900,609],{"class":91},[81,2902,2903,2906,2908],{"class":83,"line":284},[81,2904,2905],{"class":590},"                name",[81,2907,594],{"class":91},[81,2909,2910],{"class":170}," alidns-secret\n",[81,2912,2913,2916,2918],{"class":83,"line":289},[81,2914,2915],{"class":590},"                key",[81,2917,594],{"class":91},[81,2919,2920],{"class":170}," access-key\n",[81,2922,2923,2926],{"class":83,"line":307},[81,2924,2925],{"class":590},"              secretKeySecretRef",[81,2927,609],{"class":91},[81,2929,2930,2932,2934],{"class":83,"line":312},[81,2931,2905],{"class":590},[81,2933,594],{"class":91},[81,2935,2910],{"class":170},[81,2937,2938,2940,2942],{"class":83,"line":325},[81,2939,2915],{"class":590},[81,2941,594],{"class":91},[81,2943,2944],{"class":170}," secret-key\n",[81,2946,2947,2949],{"class":83,"line":337},[81,2948,1708],{"class":590},[81,2950,609],{"class":91},[81,2952,2953,2955,2957,2960],{"class":83,"line":352},[81,2954,1715],{"class":590},[81,2956,594],{"class":91},[81,2958,2959],{"class":170}," letsencrypt-prod-account-key",[81,2961,1722],{"class":1256},[81,2963,2964,2966,2968,2970],{"class":83,"line":362},[81,2965,1727],{"class":590},[81,2967,594],{"class":91},[81,2969,1732],{"class":170},[81,2971,1735],{"class":1256},[28,2973,1738,2974],{},[32,2975,583],{},[72,2977,2978],{"className":1211,"code":1743,"language":1213,"meta":77,"style":77},[32,2979,2980],{"__ignoreMap":77},[81,2981,2982,2984,2986,2988,2990],{"class":83,"line":84},[81,2983,1220],{"class":123},[81,2985,1244],{"class":170},[81,2987,1247],{"class":170},[81,2989,1296],{"class":1292},[81,2991,1758],{"class":170},[28,2993,1761],{},[72,2995,2996],{"className":1211,"code":1764,"language":1213,"meta":77,"style":77},[32,2997,2998,3008,3016],{"__ignoreMap":77},[81,2999,3000,3002,3004,3006],{"class":83,"line":84},[81,3001,1220],{"class":123},[81,3003,1244],{"class":170},[81,3005,1392],{"class":170},[81,3007,1777],{"class":170},[81,3009,3010,3012,3014],{"class":83,"line":99},[81,3011,1405],{"class":123},[81,3013,1784],{"class":170},[81,3015,1417],{"class":170},[81,3017,3018,3020,3022],{"class":83,"line":110},[81,3019,1791],{"class":123},[81,3021,1794],{"class":170},[81,3023,1797],{"class":170},[28,3025,3026],{},"重新手动签发证书，验证，成功！",[28,3028,3029],{},"PS：需要注意的是，从 http01 认证修改到 dns01 认证后，有个坑，会一直失败，查看 cert-manager 的 Pod 日志，会发现如下错误：",[72,3031,3035],{"className":3032,"code":3033,"language":3034,"meta":77,"style":77},"language-log shiki shiki-themes material-theme-lighter github-light github-dark","cert-manager\u002Fcontroller\u002Forders \"msg\"=\"Failed to determine the list of Challenge resources needed for the Order\" \"error\"=\"no configured challenge solvers can be used for this challenge\" \"resource_kind\"=\"Order\" \"resource_name\"=\"xxx\"\n","log",[32,3036,3037],{"__ignoreMap":77},[81,3038,3039,3042,3045,3047,3050,3053,3055,3058,3061,3063,3066,3069,3071],{"class":83,"line":84},[81,3040,3041],{"class":87},"cert-manager\u002Fcontroller\u002Forders ",[81,3043,3044],{"class":170},"\"msg\"",[81,3046,92],{"class":87},[81,3048,3049],{"class":170},"\"Failed to determine the list of Challenge resources needed for the Order\"",[81,3051,3052],{"class":170}," \"error\"",[81,3054,92],{"class":87},[81,3056,3057],{"class":170},"\"no configured challenge solvers can be used for this challenge\"",[81,3059,3060],{"class":170}," \"resource_kind\"",[81,3062,92],{"class":87},[81,3064,3065],{"class":170},"\"Order\"",[81,3067,3068],{"class":170}," \"resource_name\"",[81,3070,92],{"class":87},[81,3072,3073],{"class":170},"\"xxx\"\n",[28,3075,3076,3077,3082,3083,3088,3089,3091],{},"研究了半天都没成功，后来在 GitHub 上找到了这个 ",[2601,3078,3081],{"href":3079,"rel":3080},"https:\u002F\u002Fgithub.com\u002Fjetstack\u002Fcert-manager\u002Fissues\u002F2494#issuecomment-585391545",[2605],"Issue","，按照 ",[2601,3084,3087],{"href":3085,"rel":3086},"https:\u002F\u002Fgithub.com\u002Fdemisx",[2605],"demisx"," 这位仁兄的建议，把所有和 ",[32,3090,1343],{}," 相关的东西全部删除重新用 dns01 的方式部署一遍就 OK 了。",[28,3093,3094,3095,3098,3099,3102],{},"另外，cert-manager 的 API group 从 ",[32,3096,3097],{},"certmanager.k8s.io"," 改到 ",[32,3100,3101],{},"certmanager.io"," 了，不少老教程里面仍然是前者，需要改为后者才能正常执行。",[3104,3105,3106,3109],"blockquote",{},[28,3107,3108],{},"参考链接",[3110,3111,3112,3119,3126,3133],"ul",{},[43,3113,3114],{},[2601,3115,3118],{"href":3116,"rel":3117},"https:\u002F\u002Fdocs.bitnami.com\u002Fkubernetes\u002Fhow-to\u002Fsecure-kubernetes-services-with-ingress-tls-letsencrypt\u002F",[2605],"Secure Kubernetes Services With Ingress, TLS And Let's Encrypt",[43,3120,3121],{},[2601,3122,3125],{"href":3123,"rel":3124},"https:\u002F\u002Fxuchao918.github.io\u002F2019\u002F03\u002F14\u002F%E2%95%A9%E2%95%A3%E2%95%99%E2%94%9Ccert-manager%E2%95%A9%E2%95%A1%E2%95%A7%E2%95%93Ingress-https\u002F",[2605],"使用 cert-manager 实现 Ingress https",[43,3127,3128],{},[2601,3129,3132],{"href":3130,"rel":3131},"https:\u002F\u002Fyq.aliyun.com\u002Farticles\u002F718711",[2605],"使用 cert-manager 给阿里云的 DNS 域名授权 SSL 证书",[43,3134,3135],{},[2601,3136,3139],{"href":3137,"rel":3138},"https:\u002F\u002Fcert-manager.io\u002Fdocs\u002F",[2605],"cert-manager docs",[1124,3141,3142],{},"html pre.shiki code .sbgvK, html code.shiki .sbgvK{--shiki-light:#E2931D;--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .s_sjI, html code.shiki .s_sjI{--shiki-light:#91B859;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sutJx, html code.shiki .sutJx{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#6A737D;--shiki-default-font-style:inherit;--shiki-dark:#6A737D;--shiki-dark-font-style:inherit}html pre.shiki code .s39Yj, html code.shiki .s39Yj{--shiki-light:#39ADB5;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .stzsN, html code.shiki .stzsN{--shiki-light:#91B859;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .srdBf, html code.shiki .srdBf{--shiki-light:#F76D47;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .sjJ54, html code.shiki .sjJ54{--shiki-light:#39ADB5;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .su5hD, html code.shiki .su5hD{--shiki-light:#90A4AE;--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .sQzsp, html code.shiki .sQzsp{--shiki-light:#E53935;--shiki-default:#22863A;--shiki-dark:#85E89D}html pre.shiki code .sP7_E, html code.shiki .sP7_E{--shiki-light:#39ADB5;--shiki-default:#24292E;--shiki-dark:#E1E4E8}",{"title":77,"searchDepth":99,"depth":99,"links":3144},[],"2020-02-27","很多博主的 https 证书经常容易忘记更新，虽说证书过期前都会有邮件提醒，但是万一确实忙得没时间去处理，忘记了，就会出现证书过期的情况了。",{},"\u002Fposts\u002F2020\u002Fk8s-cert-manager-tls",{"text":3150,"minutes":3151,"time":3152,"words":3153},"8 min read",7.465,447900,1493,{"title":1155,"description":3146},{"loc":3148},"posts\u002F2020\u002F20200227.k8s-cert-manager-tls",[1149,3158,1151,1150,3159],"阿里云","Docker","天气晴","2aJ6T7QGEjJQr4Yy8PkK08lqxa4n-rxsCy0mGJw2oBY",{"id":3163,"title":3164,"body":3165,"class":1132,"cover":1132,"coverSize":1132,"date":3429,"description":77,"draft":1136,"extension":1137,"hideComments":1136,"location":1132,"meta":3430,"navigation":113,"path":3431,"readingTime":3432,"seo":3437,"sitemap":3438,"stem":3439,"tags":3440,"time":1132,"weather":1132,"__hash__":3441},"posts\u002Fposts\u002F2019\u002F20191229.aliyun-k8s-setup.md","阿里云 k8s 集群搭建",{"type":25,"value":3166,"toc":3425},[3167,3172,3178,3183,3188,3255,3264,3269,3273,3276,3348,3351,3354,3410,3422],[3168,3169,3171],"h3",{"id":3170},"为-vpc-配置-snat","为 VPC 配置 SNAT",[28,3173,3174],{},[3175,3176,3177],"strong",{},"注：SNAT 已关闭，看起来两个 ECS 节点都有公网 IP，不需要了。（2024-06-04）",[28,3179,3180],{},[2037,3181,3182],{},"阿里云的 NAT 网关太贵，考虑自行搭建 SNAT。",[28,3184,3185],{},[2037,3186,3187],{},"购买最廉价 ECS，配置如下设置",[72,3189,3191],{"className":1211,"code":3190,"language":1213,"meta":77,"style":77},"sysctl net.ipv4.ip_forward # 查看当前 IP 转发配置，0 为关闭，1 为打开\nsysctl -w net.ipv4.ip_forward=1 # 打开 IP 转发\niptables -t nat -I POSTROUTING -s 172.16.0.0\u002F16 -j SNAT --to-source 172.16.117.66\n",[32,3192,3193,3204,3220],{"__ignoreMap":77},[81,3194,3195,3198,3201],{"class":83,"line":84},[81,3196,3197],{"class":123},"sysctl",[81,3199,3200],{"class":170}," net.ipv4.ip_forward",[81,3202,3203],{"class":1256}," # 查看当前 IP 转发配置，0 为关闭，1 为打开\n",[81,3205,3206,3208,3211,3214,3217],{"class":83,"line":99},[81,3207,3197],{"class":123},[81,3209,3210],{"class":1292}," -w",[81,3212,3213],{"class":170}," net.ipv4.ip_forward=",[81,3215,3216],{"class":95},"1",[81,3218,3219],{"class":1256}," # 打开 IP 转发\n",[81,3221,3222,3225,3228,3231,3234,3237,3240,3243,3246,3249,3252],{"class":83,"line":110},[81,3223,3224],{"class":123},"iptables",[81,3226,3227],{"class":1292}," -t",[81,3229,3230],{"class":170}," nat",[81,3232,3233],{"class":1292}," -I",[81,3235,3236],{"class":170}," POSTROUTING",[81,3238,3239],{"class":1292}," -s",[81,3241,3242],{"class":170}," 172.16.0.0\u002F16",[81,3244,3245],{"class":1292}," -j",[81,3247,3248],{"class":170}," SNAT",[81,3250,3251],{"class":1292}," --to-source",[81,3253,3254],{"class":95}," 172.16.117.66\n",[28,3256,3257],{},[2037,3258,3259,3260,3263],{},"去 VPC 路由表中添加 ",[32,3261,3262],{},"0.0.0.0\u002F0"," 下一跳为上述 ECS",[28,3265,3266],{},[2037,3267,3268],{},"设置 iptasbles 开机启动：",[3168,3270,3272],{"id":3271},"dnat","DNAT",[28,3274,3275],{},"通过 公网 IP 访问集群管理 API",[72,3277,3279],{"className":1211,"code":3278,"language":1213,"meta":77,"style":77},"iptables -t nat -I PREROUTING -p tcp --dport 6443 -j DNAT --to 172.16.117.67:6443\niptables -t nat -I POSTROUTING -d 172.16.117.67\u002F32 -p tcp --dport 6443 -j MASQUERADE\n",[32,3280,3281,3317],{"__ignoreMap":77},[81,3282,3283,3285,3287,3289,3291,3294,3297,3300,3303,3306,3308,3311,3314],{"class":83,"line":84},[81,3284,3224],{"class":123},[81,3286,3227],{"class":1292},[81,3288,3230],{"class":170},[81,3290,3233],{"class":1292},[81,3292,3293],{"class":170}," PREROUTING",[81,3295,3296],{"class":1292}," -p",[81,3298,3299],{"class":170}," tcp",[81,3301,3302],{"class":1292}," --dport",[81,3304,3305],{"class":95}," 6443",[81,3307,3245],{"class":1292},[81,3309,3310],{"class":170}," DNAT",[81,3312,3313],{"class":1292}," --to",[81,3315,3316],{"class":170}," 172.16.117.67:6443\n",[81,3318,3319,3321,3323,3325,3327,3329,3332,3335,3337,3339,3341,3343,3345],{"class":83,"line":99},[81,3320,3224],{"class":123},[81,3322,3227],{"class":1292},[81,3324,3230],{"class":170},[81,3326,3233],{"class":1292},[81,3328,3236],{"class":170},[81,3330,3331],{"class":1292}," -d",[81,3333,3334],{"class":170}," 172.16.117.67\u002F32",[81,3336,3296],{"class":1292},[81,3338,3299],{"class":170},[81,3340,3302],{"class":1292},[81,3342,3305],{"class":95},[81,3344,3245],{"class":1292},[81,3346,3347],{"class":170}," MASQUERADE\n",[28,3349,3350],{},"记得开启安全组规则允许 6443 端口",[28,3352,3353],{},"在 k8s 集群信息中设置 自定义证书 SAN 为 47.111.247.217 配置证书，解决以下证书问题：",[72,3355,3357],{"className":1211,"code":3356,"language":1213,"meta":77,"style":77},"Unable to connect to the server: x509: certificate is valid for 172.21.0.1, 127.0.0.1, 7.20.49.48, 172.16.117.67, not 47.111.247.217\n",[32,3358,3359],{"__ignoreMap":77},[81,3360,3361,3364,3367,3370,3372,3375,3378,3381,3383,3386,3389,3392,3395,3398,3401,3404,3407],{"class":83,"line":84},[81,3362,3363],{"class":123},"Unable",[81,3365,3366],{"class":170}," to",[81,3368,3369],{"class":170}," connect",[81,3371,3366],{"class":170},[81,3373,3374],{"class":170}," the",[81,3376,3377],{"class":170}," server:",[81,3379,3380],{"class":170}," x509:",[81,3382,1988],{"class":170},[81,3384,3385],{"class":170}," is",[81,3387,3388],{"class":170}," valid",[81,3390,3391],{"class":170}," for",[81,3393,3394],{"class":170}," 172.21.0.1,",[81,3396,3397],{"class":170}," 127.0.0.1,",[81,3399,3400],{"class":170}," 7.20.49.48,",[81,3402,3403],{"class":170}," 172.16.117.67,",[81,3405,3406],{"class":170}," not",[81,3408,3409],{"class":95}," 47.111.247.217\n",[3104,3411,3412,3415],{},[28,3413,3414],{},"参考链接：",[28,3416,3417],{},[2601,3418,3421],{"href":3419,"rel":3420},"https:\u002F\u002Fyq.aliyun.com\u002Farticles\u002F112497",[2605],"如何通过 EIP 实现 VPC 下的 SNAT 以及 DNAT",[1124,3423,3424],{},"html pre.shiki code .sbgvK, html code.shiki .sbgvK{--shiki-light:#E2931D;--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .s_sjI, html code.shiki .s_sjI{--shiki-light:#91B859;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .sutJx, html code.shiki .sutJx{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#6A737D;--shiki-default-font-style:inherit;--shiki-dark:#6A737D;--shiki-dark-font-style:inherit}html pre.shiki code .stzsN, html code.shiki .stzsN{--shiki-light:#91B859;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .srdBf, html code.shiki .srdBf{--shiki-light:#F76D47;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":77,"searchDepth":99,"depth":99,"links":3426},[3427,3428],{"id":3170,"depth":110,"text":3171},{"id":3271,"depth":110,"text":3272},"2019-12-29",{},"\u002Fposts\u002F2019\u002Faliyun-k8s-setup",{"text":3433,"minutes":3434,"time":3435,"words":3436},"2 min read",1.17,70200,234,{"title":3164,"description":77},{"loc":3431},"posts\u002F2019\u002F20191229.aliyun-k8s-setup",[1149,3158,1151,1150],"nx96pApv8oyqcXahwKsOs9Y-8UfgHxl4bCTvPo9djqQ",1777580269886]