secret存在三种类型: docker-registry:
用于提供docker镜像仓库的认证配置。 generic: 比较通用的配置,即保存私有的铭感信息,比如MySQL的root密码,Redis进行同步的密码等。
tls: 专用于把ssl/tls中的x509格式的证书和私钥打包进一个secret当中。 这个证书和私钥本身就是base64编码的,因此它可能需要特有的逻辑来组织,而且不管你的证书和私钥源文件名称叫什么,在secret的tls创建时证书文件名称时必须叫"tls.crt",私钥文件名称只能叫"tls.key"
[root@master200.yinzhengjie.org.cn ~]# kubectl create secret -h
Create a secret using specified subcommand.
Available Commands:
docker -registry Create a secret for use with a Docker registry
generic Create a secret from a local file , directory or literal value
tls Create a TLS secret
Usage:
kubectl create secret [flags] [options]
Use " kubectl --help " for more information about a given command.
Use " kubectl options " for a list of global command-line options (applies to all commands).
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl create secret -h
[root@master200.yinzhengjie.org.cn ~]# kubectl create secret generic mysql-root-password -n yinzhengjie-config --from-literal=password=yinzhengjie
secret /mysql-root-password created
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get secret mysql-root-password -n yinzhengjie-config
NAME TYPE DATA AGE
mysql -root-password Opaque 1 22s
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl create secret generic mysql-root-password -n yinzhengjie-config --from-literal=password=yinzhengjie
[root@master200.yinzhengjie.org.cn ~]# kubectl get secret mysql-root-password -n yinzhengjie-config -o yaml
apiVersion: v1
data:
password: eWluemhlbmdqaWU =
kind: Secret
metadata:
creationTimestamp: " 2020-02-11T17:09:22Z "
name: mysql -root-password
namespace: yinzhengjie -config
resourceVersion: " 617061 "
selfLink: /api/v1/namespaces/yinzhengjie-config/secrets/mysql-root-password
uid: c992fb82 -86be-4c10-96dc-4ff603393bca
type: Opaque
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get secret mysql-root-password -n yinzhengjie-config -o yaml
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/basic/secret/mysql-pod.yaml
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/mysql-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: mysql
namespace: yinzhengjie -config
spec:
containers:
- name: mysql
image: mysql: 5.6
env :
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: mysql -root-password
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# vim /yinzhengjie/data/k8s/manifests/basic/secret/mysql-pod.yaml
[root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/basic/secret/mysql-pod.yaml
pod /mysql created
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n yinzhengjie-config
NAME READY STATUS RESTARTS AGE
mynginx 1 /1 Running 1 40h
mysql 1 /1 Running 0 57s
pod -cfg-dome 1 /1 Running 1 41h
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/basic/secret/mysql-pod.yaml
[root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n yinzhengjie-config
NAME READY STATUS RESTARTS AGE
mynginx 1 /1 Running 1 40h
mysql 1 /1 Running 0 7m14s
pod -cfg-dome 1 /1 Running 1 41h
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl describe pods mysql -n yinzhengjie-config
Name: mysql
Namespace: yinzhengjie -config
Priority: 0
Node: node201.yinzhengjie.org.cn /172.200 .1.201
Start Time: Wed, 12 Feb 2020 01 :27 :12 +0800
Labels:
Annotations: kubectl.kubernetes.io /last -applied-configuration:
{ " apiVersion " :" v1 " ," kind " :" Pod " ," metadata " :{" annotations " :{}," name " :" mysql " ," namespace " :" yinzhengjie-config " }," spec " :{" containers " :[{" env " ...
Status: Running
IP: 10.244 .1.33
IPs:
IP: 10.244 .1.33
Containers:
mysql:
Container ID: docker: // f970431d35c85ab7a57f0bb4b44207329878b515e723ae9498cb3fdb35585d21
Image: mysql:5.6
Image ID: docker -pullable:// mysql@sha256:bef096aee20d73cbfd87b02856321040ab1127e94b707b41927804776dca02fc
Port:
Host Port:
State: Running
Started: Wed, 12 Feb 2020 01 :27 :35 +0800
Ready: True
Restart Count: 0
Environment:
MYSQL_ROOT_PASSWORD: 'password ' in secret ' mysql-root-password ' > Optional: false
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-v9khz (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default -token-v9khz:
Type: Secret (a volume populated by a Secret)
SecretName: default -token-v9khz
Optional: false
QoS Class: BestEffort
Node -Selectors:
Tolerations: node.kubernetes.io /not-ready:NoExecute for 300s
node.kubernetes.io /unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled default-scheduler Successfully assigned yinzhengjie-config/mysql to node201.yinzhengjie.org.cn
Normal Pulling 7m23s kubelet, node201.yinzhengjie.org.cn Pulling image " mysql:5.6 "
Normal Pulled 7m1s kubelet, node201.yinzhengjie.org.cn Successfully pulled image " mysql:5.6 "
Normal Created 7m1s kubelet, node201.yinzhengjie.org.cn Created container mysql
Normal Started 7m1s kubelet, node201.yinzhengjie.org.cn Started container mysql
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl describe pods mysql -n yinzhengjie-config
[root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n yinzhengjie-config
NAME READY STATUS RESTARTS AGE
mynginx 1 /1 Running 1 40h
mysql 1 /1 Running 0 4m47s
pod -cfg-dome 1 /1 Running 1 41h
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl exec -it mysql -n yinzhengjie-config -- /bin/sh
#
# printenv
KUBERNETES_SERVICE_PORT =443
KUBERNETES_PORT =tcp:// 10.96.0.1:443
HOSTNAME=mysql
MYSQL_MAJOR =5.6
HOME =/root
MYSQL_ROOT_PASSWORD =yinzhengjie
TERM =xterm
KUBERNETES_PORT_443_TCP_ADDR =10.96 .0.1
PATH =/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MYSQL_VERSION =5.6 .47 -1debian9
KUBERNETES_PORT_443_TCP_PORT =443
KUBERNETES_PORT_443_TCP_PROTO =tcp
KUBERNETES_SERVICE_PORT_HTTPS =443
KUBERNETES_PORT_443_TCP =tcp:// 10.96.0.1:443
GOSU_VERSION=1.7
KUBERNETES_SERVICE_HOST =10.96 .0.1
PWD =/
#
# mysql -pyinzhengjie
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6 .47 MySQL Community Server (GPL)
Copyright (c) 2000 , 2020 , Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and /or its
affiliates. Other names may be trademarks of their respective
owners.
Type ' help; ' or ' \h ' for help. Type ' \c ' to clear the current input statement.
mysql >
[root@master200.yinzhengjie.org.cn ~]# kubectl exec -it mysql -n yinzhengjie-config -- /bin/sh
[root@master200.yinzhengjie.org.cn ~]# kubectl explain pods.spec.volumes.secret
KIND: Pod
VERSION: v1
RESOURCE: secret
DESCRIPTION:
Secret represents a secret that should populate this volume. More info :
https: // kubernetes.io/docs/concepts/storage/volumes#secret
Adapts a Secret into a volume. The contents of the target Secret ' s Data
field will be presented in a volume as files using the keys in the Data
field as the file names. Secret volumes support ownership management and
SELinux relabeling.
FIELDS:
defaultMode
Optional: mode bits to use on created files by default. Must be a value
between 0 and 0777 . Defaults to 0644 . Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
items <[]Object>
If unspecified, each key -value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the ' .. ' path or start with ' .. ' .
optional
Specify whether the Secret or its keys must be defined
secretName <string >
Name of the secret in the pod' s namespace to use. More info:
https:// kubernetes.io/docs/concepts/storage/volumes#secret
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain pods.spec.volumes.secret.defaultMode
KIND: Pod
VERSION: v1
FIELD: defaultMode
DESCRIPTION:
Optional: mode bits to use on created files by default. Must be a value
between 0 and 0777 . Defaults to 0644 . Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain pods.spec.volumes.secret.defaultMode
[root@master200.yinzhengjie.org.cn ~]# kubectl explain pods.spec.volumes.secret.items
KIND: Pod
VERSION: v1
RESOURCE: items <[]Object>
DESCRIPTION:
If unspecified, each key -value pair in the Data field of the referenced
Secret will be projected into the volume as a file whose name is the key
and content is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be present. If a key
is specified which is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative and may not
contain the ' .. ' path or start with ' .. ' .
Maps a string key to a path within a volume.
FIELDS:
key <string > -required-
The key to project.
mode
Optional: mode bits to use on this file , must be a value between 0 and
0777 . If not specified, the volume defaultMode will be used. This might be
in conflict with other options that affect the file mode, like fsGroup, and
the result can be other mode bits set.
path <string > -required-
The relative path of the file to map the key to. May not be an absolute
path. May not contain the path element ' .. ' . May not start with the string
' .. ' .
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain pods.spec.volumes.secret.items
[root@master200.yinzhengjie.org.cn ~]# kubectl explain pods.spec.volumes.secret.optional
KIND: Pod
VERSION: v1
FIELD: optional
DESCRIPTION:
Specify whether the Secret or its keys must be defined
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain pods.spec.volumes.secret.optional
[root@master200.yinzhengjie.org.cn ~]# kubectl explain pods.spec.volumes.secret.secretName
KIND: Pod
VERSION: v1
FIELD: secretName <string >
DESCRIPTION:
Name of the secret in the pod' s namespace to use. More info:
https:// kubernetes.io/docs/concepts/storage/volumes#secret
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl explain pods.spec.volumes.secret.secretName
二.创建tls类型案例
1>.自建证书
[root@master200.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/k8s/manifests/basic/secret/
total 4
-rw-r--r-- 1 root root 278 Feb 12 01 :27 mysql-pod.yaml
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# openssl genrsa -out /yinzhengjie/data/k8s/manifests/basic/secret/mysql.key 4096 #创建私钥
Generating RSA private key, 4096 bit long modulus
............................................................... ++
..... ++
e is 65537 (0x10001 )
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/k8s/manifests/basic/secret/
total 8
-rw-r--r-- 1 root root 3243 Feb 12 02 :07 mysql.key
-rw-r--r-- 1 root root 278 Feb 12 01 :27 mysql-pod.yaml
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# openssl genrsa -out /yinzhengjie/data/k8s/manifests/basic/secret/mysql.key 4096 #创建私钥
[root@master200.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/k8s/manifests/basic/secret/
total 8
-rw-r--r-- 1 root root 3243 Feb 12 02 :07 mysql.key
-rw-r--r-- 1 root root 278 Feb 12 01 :27 mysql-pod.yaml
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cd /yinzhengjie/data/k8s/manifests/basic/secret/
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]#
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]# openssl req -new -x509 -key mysql.key -out mysql.crt -subj /C=CN/ST=Beijing/L=Beijing/O=Ops/CN=master200.yinzhengjie.org.cn -days 3650
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]#
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]# ll
total 12
-rw-r--r-- 1 root root 2009 Feb 12 02 :10 mysql.crt
-rw-r--r-- 1 root root 3243 Feb 12 02 :07 mysql.key
-rw-r--r-- 1 root root 278 Feb 12 01 :27 mysql-pod.yaml
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]#
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]#
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]# openssl req -new -x509 -key mysql.key -out mysql.crt -subj /C=CN/ST=Beijing/L=Beijing/O=Ops/CN=master200.yinzhengjie.org.cn -days 3650 #生成自签证书
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/mysql.crt
-----BEGIN CERTIFICATE-----
MIIFnzCCA4egAwIBAgIJAPwwKhWyxksIMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV
BAYTAkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAwDgYDVQQHDAdCZWlqaW5nMQwwCgYD
VQQKDANPcHMxJTAjBgNVBAMMHG1hc3RlcjIwMC55aW56aGVuZ2ppZS5vcmcuY24w
HhcNMjAwMjExMTgxMDQyWhcNMzAwMjA4MTgxMDQyWjBmMQswCQYDVQQGEwJDTjEQ
MA4GA1UECAwHQmVpamluZzEQMA4GA1UEBwwHQmVpamluZzEMMAoGA1UECgwDT3Bz
MSUwIwYDVQQDDBxtYXN0ZXIyMDAueWluemhlbmdqaWUub3JnLmNuMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtWxMDOMHXUn70wT +plCv9Lnty9oqzdxv
DTPbDZjypCIN4kIczuXLRJMhnT1Xqikc3fE3WAAURKl0RQsZfoBk94lONgCfpp3 /
1D0LIOERUMEnnQ +WeNkuTp1iN9G1RYUhfygcskeO1SV44K1koNo2yagJhlEKqS7D
mBVJk3jODQNQXoR13IAszL7FDk9hLAEmY /3v2/l486KmmGaX5jJ4c36LOewimHK8
NSFIOcRPJTMCFWncSryR9zsPbtqhChHDSyhUowbydaJicVzGPNFG15VJ9jdiuKza
KQKemd3GWsbVDxMqApDViSnsERM3NthWDEXF +3giOvVhlSFClVMBT365MBAUSOQ+
CCZYBm1nI /JL9n7KnJFQc3xjKKiou2VEUfnznXqVgHMQtaZ9j0ATRmU5V3SyRSoD
00037vfMu8Luzpfqcfco5WcM1nzMwl6mOqBU3tx5C7VmTAYKpc9QxvquqXOtE +dy
y6XQ9B /mtVe3QsCBB0+03ga6HUw+8Ibt4EXblPCdvcprbSpm6K84JWES8N8GzIms
zAZe2pqwwjP3xKX1xu4LrKXbXL2SUUSl11 +jS+b1QmvMQR1MMCjFKv9uAnaXnvzm
9dDrULd4kJTJIlxHNBxOtP +CO5coWFP0aTGuDkR/lhwEZ6edk0/+cFZ6tOEtF7nl
fAkweFmMEssCAwEAAaNQME4wHQYDVR0OBBYEFPMKNre6vUYCmndVuaQKHW3bP0TN
MB8GA1UdIwQYMBaAFPMKNre6vUYCmndVuaQKHW3bP0TNMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggIBAI9JxfIHZUMlo /LMzYQ70Fmz6F+fGBt9f8CtnLY8
jmok9KoJef9NWwL +7my+K+CuILeRyzkW7KgSAjxNIme/Cm55krhWB5PX9Gt5mSPZ
cXl5GjLaaOTh36XQsBDhM0rf5j4VKkhxJDUZbp /QAseLEAwi/uGhb5lKvjjOLg3U
KVMGSUYLCA8QFizspk2OG5YMT6JPevWVsh /two7BlWHoxgNwyvRB8BI9QCA2UuHb
Onglgf +MmVVin6ZETMMsXytwD2faJGwOFdxYToJXmChCSehu5qpNOaFt7PHXVm27
mD +GnxEX9wU3eRK8J2jft5m1DiIW9/K55ayZF/dYUYGkByw2CpvmJh5MEpeBbyb/
QKi79F5J5jihbxpj03E6RBPCpSqTRanRqQnOMIfH3AA +uDYDDQsMDHdJGOicQqXr
tDT2vEwRrpQ /MOSFo5JK33fp2jzaQvf3yBn5eOc4v624eD0IxR6V+kAAmQql8QWS
RGV6HYO0mZLw49M4d /0ho76YgY9kRsZ5qiyim6npUT+MV3fCHtXM03eBeu5WSpFh
ORhF6xgaWyq7r2xasGk5o5il194J /g8Nwa50iSScrO1ByEF48NQEAXckJZD8b4RG
9nHC17No4ZvyY4 +tW7qRu5v5SjbkHrSa/g8riSYVwjRC9fdXg7bLgGll6GrrLwcP
rEAp
-----END CERTIFICATE-----
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/mysql.crt
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/mysql.key
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAtWxMDOMHXUn70wT +plCv9Lnty9oqzdxvDTPbDZjypCIN4kIc
zuXLRJMhnT1Xqikc3fE3WAAURKl0RQsZfoBk94lONgCfpp3 /1D0LIOERUMEnnQ+W
eNkuTp1iN9G1RYUhfygcskeO1SV44K1koNo2yagJhlEKqS7DmBVJk3jODQNQXoR1
3IAszL7FDk9hLAEmY /3v2/l486KmmGaX5jJ4c36LOewimHK8NSFIOcRPJTMCFWnc
SryR9zsPbtqhChHDSyhUowbydaJicVzGPNFG15VJ9jdiuKzaKQKemd3GWsbVDxMq
ApDViSnsERM3NthWDEXF +3giOvVhlSFClVMBT365MBAUSOQ+CCZYBm1nI/JL9n7K
nJFQc3xjKKiou2VEUfnznXqVgHMQtaZ9j0ATRmU5V3SyRSoD00037vfMu8Luzpfq
cfco5WcM1nzMwl6mOqBU3tx5C7VmTAYKpc9QxvquqXOtE +dyy6XQ9B/mtVe3QsCB
B0 +03ga6HUw+8Ibt4EXblPCdvcprbSpm6K84JWES8N8GzImszAZe2pqwwjP3xKX1
xu4LrKXbXL2SUUSl11 +jS+b1QmvMQR1MMCjFKv9uAnaXnvzm9dDrULd4kJTJIlxH
NBxOtP +CO5coWFP0aTGuDkR/lhwEZ6edk0/+cFZ6tOEtF7nlfAkweFmMEssCAwEA
AQKCAgEAra7Y +7lY8omCiRmOBIDYgsyBCBh7xAsVUalkO5dCK7niWsp6M+SwfZzx
oEv6og +r8BoepqOkw7sKcZLXvFCE2KndczuTm/pE0dYC0l5Fqm7QUr96iYU5nM91
GQUtqjlywP4QwuhYqFuwZj /5RzjBHLs/KxRoxWDcpbszbfhIIxMaHPJot0kKGpVD
p5h86ZjMPQv9VjV2AqCjJuGI6DtHLyJlfXVABXxKC /8p2wvBzVYQ15k56V6vyuUC
uFibtT0eHtSkelKLSezEm8x6h /y9+mOUpB+P5kassHguiBVV8M/LZxwsqrong6Hb
utkPkfT4I9WkXUM8Wf9ShWeLC9OkOu6j6mvQK /3PSZaL6vcQ/98lpz31gyl07i73
1JejLUIekbpd /5jrNYCYvRc2u91ulQrlZ+LGygnhqCY+s2hA/2YdWteFylJK/H1Q
hsPIUQByOTvKLW0Uo9zag6dUnJouzDEYihWFyXWFNVzajQaNNARtDCaY12pfWL8B
OpCwVnj8YU8g /tCm/qFvbeYIDFxCnqco3qTGH+deTkFEQgCnmie+XpXuOssonEsQ
gRsKAgACJ /UHeyDt2r1NxUvXjTSRQ+fc0npZPpJY8FqG8MQsVSNsML/HF2sH3RGI
o3D4AHcMD5J9IaTg2T1fw3p9E5SgwNFQIXdDyBQnRvOdQTKpA /kCggEBAN/GUX8H
sgZ5ml5wwYO7ID6E6W5yR /4WrvnGihgWw7bBJ2px9LggbAvzBfEVvegHy9X8kfAu
T /JyyzHJd2lLrXmum5rvXLaIJgigVdSW1UIhQXXiNzdctaqndTvOkECtI4LHINn5
Nzau0vSyDRPh1Wr3oXnE2BqaZmqzXYmr7FDpv4vGwRT8zhAVOUJQMDS9pyCJnbQs
lqPL2e7E2 +eH18+QQdEH28Azk9SBbMat23LkFQsFjjUMXbRGdDseymfIN+QJJzs0
nRGS /YrUI87aPlMEsQnvDyL4K/huUnSGrekWcm6Qze0l75ujlhG8SemhGqlJvKwU
6Gr6H0DRB5l +qT8CggEBAM+MpGQp8IF3aYSGHa9m27gYreOeP9O67xrBuA5rNaCI
uWUHJ0flJHrWx +BQeFtRyKydDOe9nvc0pWoAca1bgavpoeYEv/M3QdisMfjR76NX
vq7sngKpqymYRjwkdbF0Wc7JYTN67iDX +CUWGQm3grJA60X9CknOwNlMwYXnuvPb
+hB0jQSM6Mon2ojeJ39E0EQvpkrC0dbzxPyRU8xZUxxfjZ5mxOV8s4KaXj9rL7db
XnkxqH4CQfmNMPpk8zp7 +HGHjbbhmBEKMhwTJ7jhAPuqwsF4lO2GRiNiP3FTZ4eJ
dHodjHRXsgogw2B /7VzMkKPjdBx6KrsBErbNZnn4B3UCggEAaB8BAJh2D2k5mMPi
ZwcE49I4Q3nNYb7wP6xPyRGek0SgsHjBo4MCgzTbCOhS6snl4HWa +iSycl9TiKDz
fP0HhNzn7ll9zDjhaZYhGb /tDs4mhVFy28G5jeRJOkDNAisNoOZCtOmu9TS3V8AZ
Ma0c /p6mdeBPpWE+UluPJGXomWWKCOG8KaXPw8/8SozBQWkVgKBHzvQIS8Kobt8O
a1bb5ep7lWWQrIfTO0fVc0SmHXlfCTfWiXxthVpa7r9O8qdIykQwCu5aPzkj3BsF
ZlRKN5qxPawMYPsUio3as /mOpiwZprSd/MBwEv008J+pzJl3rFlw/qjj1BL5w9D/
Nj6nRQKCAQB0hed9fLZUWXBaQNnFsh /FWcW2tw/qlVbMVNo67iHrgRdlCwEYsiMq
/A63dzY7Ps1Fa97k9GadL2d2/czUoT1KAR8t/pitueYz+WkM4wCBWi/qEVoc8Jjx
/1XfSjDxcftBx3nU5z1uHxJn7+IavHaaESyF3Ky8B2HqHdfAj/s8EdJxDp5lYZ8I
cBuXH /JY14992Kqp6nrZDX8YtZawca3hjhv6RIRiuwIlXvlu7YSakqeVrzWDmUzl
CEnpKmgL +7HeO1ZqyHkRiAHeFTsF5v0gThyNdl9Wgz45e11XCJZlV9yW+qPyZZHF
ceN ++BOROCA0guybWFNJLi8Nhn/0FjZJAoIBAFOtBAd5+2qbmURSsRZT4W1BMMGt
F7zPI4ScoDHJOjVYBDjdfGjtO6ycCvh /6sH0wAyFH1WAN/tLQHVls1BrJLpAeHcM
PUxdrMd8z60T2bYAPDHCeAH /7SGfnrlQVA6Ss8OxnBaEex9ossBDrz1lq8/HZ1xR
VtlQ26yvDs /HjYQX+T+MdUCPSrgtGXGY7nbnAqZd2mE2ewlIr7/Wv57LHGg7biCB
n8KLvylb28aRXUzPGvJZDO5ZMx948y2d527 +mh7Gm7td/yM+Of7xxy+hlFWajvkj
J99LVZPmfD4kr9ZnIN32HlNCTUU1PS1UcTFgBnLv2bZUOJiWBLRrECw4akg =
-----END RSA PRIVATE KEY-----
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/mysql.key
2>.基于证书创建secret资源
[root@master200.yinzhengjie.org.cn ~]# kubectl create secret tls -h
Create a TLS secret from the given public /private key pair.
The public /private key pair must exist before hand. The public key certificate must be .PEM encoded and match the given
private key.
Examples:
# Create a new TLS secret named tls -secret with the given key pair:
kubectl create secret tls tls -secret --cert=path/to/tls.cert --key=path/to/tls.key
Options:
--allow-missing-template-keys=true : If true , ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
--append-hash=false : Append a hash of the secret to its name.
--cert='' : Path to PEM encoded public key certificate.
--dry-run=false : If true , only print the object that would be sent, without sending it.
--generator=' secret-for-tls/v1 ' : The name of the API generator to use.
--key='' : Path to private key associated with given certificate.
-o, --output='' : Output format. One of:
json |yaml|name|go-template|go-template-file |template|templatefile|jsonpath|jsonpath-file .
--save-config=false : If true , the configuration of current object will be saved in its annotation. Otherwise, the
annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--template='' : Template string or path to template file to use when -o=go-template, -o=go-template-file . The
template format is golang templates [http: // golang.org/pkg/text/template/#pkg-overview].
--validate=true : If true , use a schema to validate the input before sending it
Usage:
kubectl create secret tls NAME --cert=path/to/cert/file --key=path/to/key/file [--dry-run] [options]
Use " kubectl options " for a list of global command-line options (applies to all commands).
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl create secret tls -h
[root@master200.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/k8s/manifests/basic/secret/
total 12
-rw-r--r-- 1 root root 2009 Feb 12 02 :10 mysql.crt
-rw-r--r-- 1 root root 3243 Feb 12 02 :07 mysql.key
-rw-r--r-- 1 root root 278 Feb 12 01 :27 mysql-pod.yaml
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cd /yinzhengjie/data/k8s/manifests/basic/secret/
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]#
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]# kubectl create secret tls mysql-cert --cert=./mysql.crt --key=./mysql.key -n yinzhengjie-config
secret /mysql-cert created
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]#
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]# ll
total 12
-rw-r--r-- 1 root root 2009 Feb 12 02 :10 mysql.crt
-rw-r--r-- 1 root root 3243 Feb 12 02 :07 mysql.key
-rw-r--r-- 1 root root 278 Feb 12 01 :27 mysql-pod.yaml
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]#
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]# cd
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get secrets -n yinzhengjie-config
NAME TYPE DATA AGE
default -token-v9khz kubernetes.io/service-account-token 3 42h
mysql -cert kubernetes.io/tls 2 26s
mysql -root-password Opaque 1 71m
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn /yinzhengjie/data/k8s/manifests/basic/secret]# kubectl create secret tls mysql-cert --cert=./mysql.crt --key=./mysql.key -n yinzhengjie-config
3>.查看tls类型的secrets资源(看到下图所示的信息,你就会发现使用资源清单的方式创建secret并不是明智之举哟~)
[root@master200.yinzhengjie.org.cn ~]# kubectl get secrets -n yinzhengjie-config
NAME TYPE DATA AGE
default -token-v9khz kubernetes.io/service-account-token 3 42h
mysql -cert kubernetes.io/tls 2 2m35s
mysql -root-password Opaque 1 73m
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get secrets mysql-cert -n yinzhengjie-config -o yaml
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZuekNDQTRlZ0F3SUJBZ0lKQVB3d0toV3l4a3NJTUEwR0NTcUdTSWIzRFFFQkN3VUFNR1l4Q3pBSkJnTlYKQkFZVEFrTk9NUkF3RGdZRFZRUUlEQWRDWldscWFXNW5NUkF3RGdZRFZRUUhEQWRDWldscWFXNW5NUXd3Q2dZRApWUVFLREFOUGNITXhKVEFqQmdOVkJBTU1IRzFoYzNSbGNqSXd
NQzU1YVc1NmFHVnVaMnBwWlM1dmNtY3VZMjR3CkhoY05NakF3TWpFeE1UZ3hNRFF5V2hjTk16QXdNakE0TVRneE1EUXlXakJtTVFzd0NRWURWUVFHRXdKRFRqRVEKTUE0R0ExVUVDQXdIUW1WcGFtbHVaekVRTUE0R0ExVUVCd3dIUW1WcGFtbHVaekVNTUFvR0ExVUVDZ3dEVDNCegpNU1V3SXdZRFZRUUREQnh0WVhOMFpYSXlNREF1ZVdsdWVtaGxibWRxYVdVdWIzSm5MbU51TUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBdFd4TURPTUhYVW43MHdUK3BsQ3Y5TG50eTlvcXpkeHYKRFRQYkRaanlwQ0lONGtJY3p1WExSSk1oblQxWHFpa2MzZkUzV0FBVVJLbDBSUXNaZm9Cazk0bE9OZ0NmcHAzLwoxRDBMSU9FUlVNRW5uUStXZU5rdVRwMWlOOUcxUllVaGZ5Z2Nza2VPMVNWNDRLMWtvTm8yeWFnSmhsRUtxUzdECm1CVkprM2pPRFFOUVhvUjEzSUFzekw3RkRrOWhMQUVtWS8zdjIvbDQ4NkttbUdhWDVqSjRjMzZMT2V3aW1ISzgKTlNGSU9jUlBKVE1DRlduY1NyeVI5enNQYnRxaENoSERTeWhVb3dieWRhSmljVnpHUE5GRzE1Vko5amRpdUt6YQpLUUtlbWQzR1dzYlZEeE1xQXBEVmlTbnNFUk0zTnRoV0RFWEYrM2dpT3ZWaGxTRkNsVk1CVDM2NU1CQVVTT1ErCkNDWllCbTFuSS9KTDluN0tuSkZRYzN4aktLaW91MlZFVWZuem5YcVZnSE1RdGFaOWowQVRSbVU1VjNTeVJTb0QKMDAwMzd2Zk11OEx1enBmcWNmY281V2NNMW56TXdsNm1PcUJVM3R4NUM3Vm1UQVlLcGM5UXh2cXVxWE90RStkeQp5NlhROUIvbXRWZTNRc0NCQjArMDNnYTZIVXcrOElidDRFWGJsUENkdmNwcmJTcG02Szg0SldFUzhOOEd6SW1zCnpBWmUycHF3d2pQM3hLWDF4dTRMcktYYlhMMlNVVVNsMTEralMrYjFRbXZNUVIxTU1DakZLdjl1QW5hWG52em0KOWREclVMZDRrSlRKSWx4SE5CeE90UCtDTzVjb1dGUDBhVEd1RGtSL2xod0VaNmVkazAvK2NGWjZ0T0V0RjdubApmQWt3ZUZtTUVzc0NBd0VBQWFOUU1FNHdIUVlEVlIwT0JCWUVGUE1LTnJlNnZVWUNtbmRWdWFRS0hXM2JQMFROCk1COEdBMVVkSXdRWU1CYUFGUE1LTnJlNnZVWUNtbmRWdWFRS0hXM2JQMFROTUF3R0ExVWRFd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUk5SnhmSUhaVU1sby9MTXpZUTcwRm16NkYrZkdCdDlmOEN0bkxZOApqbW9rOUtvSmVmOU5Xd0wrN215K0srQ3VJTGVSeXprVzdLZ1NBanhOSW1lL0NtNTVrcmhXQjVQWDlHdDVtU1BaCmNYbDVHakxhYU9UaDM2WFFzQkRoTTByZjVqNFZLa2h4SkRVWmJwL1FBc2VMRUF3aS91R2hiNWxLdmpqT0xnM1UKS1ZNR1NVWUxDQThRRml6c3BrMk9HNVlNVDZKUGV2V1ZzaC90d283QmxXSG94Z053eXZSQjhCSTlRQ0EyVXVIYgpPbmdsZ2YrTW1WVmluNlpFVE1Nc1h5dHdEMmZhSkd3T0ZkeFlUb0pYbUNoQ1NlaHU1cXBOT2FGdDdQSFhWbTI3Cm1EK0dueEVYOXdVM2VSSzhKMmpmdDVtMURpSVc5L0s1NWF5WkYvZFlVWUdrQnl3MkNwdm1KaDVNRXBlQmJ5Yi8KUUtpNzlGNUo1amloYnhwajAzRTZSQlBDcFNxVFJhblJxUW5PTUlmSDNBQSt1RFlERFFzTURIZEpHT2ljUXFYcgp0RFQydkV3UnJwUS9NT1NGbzVKSzMzZnAyanphUXZmM3lCbjVlT2M0djYyNGVEMEl4UjZWK2tBQW1RcWw4UVdTClJHVjZIWU8wbVpMdzQ5TTRkLzBobzc2WWdZOWtSc1o1cWl5aW02bnBVVCtNVjNmQ0h0WE0wM2VCZXU1V1NwRmgKT1JoRjZ4Z2FXeXE3cjJ4YXNHazVvNWlsMTk0Si9nOE53YTUwaVNTY3JPMUJ5RUY0OE5RRUFYY2tKWkQ4YjRSRwo5bkhDMTdObzRadnlZNCt0VzdxUnU1djVTamJrSHJTYS9nOHJpU1lWd2pSQzlmZFhnN2JMZ0dsbDZHcnJMd2NQCnJFQXAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo = tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBdFd4TURPTUhYVW43MHdUK3BsQ3Y5TG50eTlvcXpkeHZEVFBiRFpqeXBDSU40a0ljCnp1WExSSk1oblQxWHFpa2MzZkUzV0FBVVJLbDBSUXNaZm9Cazk0bE9OZ0NmcHAzLzFEMExJT0VSVU1Fbm5RK1cKZU5rdVRwMWlOOUcxUllVaGZ5Z2Nza2VPMVNWNDRLMWt
vTm8yeWFnSmhsRUtxUzdEbUJWSmszak9EUU5RWG9SMQozSUFzekw3RkRrOWhMQUVtWS8zdjIvbDQ4NkttbUdhWDVqSjRjMzZMT2V3aW1ISzhOU0ZJT2NSUEpUTUNGV25jClNyeVI5enNQYnRxaENoSERTeWhVb3dieWRhSmljVnpHUE5GRzE1Vko5amRpdUt6YUtRS2VtZDNHV3NiVkR4TXEKQXBEVmlTbnNFUk0zTnRoV0RFWEYrM2dpT3ZWaGxTRkNsVk1CVDM2NU1CQVVTT1ErQ0NaWUJtMW5JL0pMOW43SwpuSkZRYzN4aktLaW91MlZFVWZuem5YcVZnSE1RdGFaOWowQVRSbVU1VjNTeVJTb0QwMDAzN3ZmTXU4THV6cGZxCmNmY281V2NNMW56TXdsNm1PcUJVM3R4NUM3Vm1UQVlLcGM5UXh2cXVxWE90RStkeXk2WFE5Qi9tdFZlM1FzQ0IKQjArMDNnYTZIVXcrOElidDRFWGJsUENkdmNwcmJTcG02Szg0SldFUzhOOEd6SW1zekFaZTJwcXd3alAzeEtYMQp4dTRMcktYYlhMMlNVVVNsMTEralMrYjFRbXZNUVIxTU1DakZLdjl1QW5hWG52em05ZERyVUxkNGtKVEpJbHhICk5CeE90UCtDTzVjb1dGUDBhVEd1RGtSL2xod0VaNmVkazAvK2NGWjZ0T0V0RjdubGZBa3dlRm1NRXNzQ0F3RUEKQVFLQ0FnRUFyYTdZKzdsWThvbUNpUm1PQklEWWdzeUJDQmg3eEFzVlVhbGtPNWRDSzduaVdzcDZNK1N3Zlp6eApvRXY2b2crcjhCb2VwcU9rdzdzS2NaTFh2RkNFMktuZGN6dVRtL3BFMGRZQzBsNUZxbTdRVXI5NmlZVTVuTTkxCkdRVXRxamx5d1A0UXd1aFlxRnV3WmovNVJ6akJITHMvS3hSb3hXRGNwYnN6YmZoSUl4TWFIUEpvdDBrS0dwVkQKcDVoODZaak1QUXY5VmpWMkFxQ2pKdUdJNkR0SEx5SmxmWFZBQlh4S0MvOHAyd3ZCelZZUTE1azU2VjZ2eXVVQwp1RmlidFQwZUh0U2tlbEtMU2V6RW04eDZoL3k5K21PVXBCK1A1a2Fzc0hndWlCVlY4TS9MWnh3c3Fyb25nNkhiCnV0a1BrZlQ0STlXa1hVTThXZjlTaFdlTEM5T2tPdTZqNm12UUsvM1BTWmFMNnZjUS85OGxwejMxZ3lsMDdpNzMKMUplakxVSWVrYnBkLzVqck5ZQ1l2UmMydTkxdWxRcmxaK0xHeWduaHFDWStzMmhBLzJZZFd0ZUZ5bEpLL0gxUQpoc1BJVVFCeU9UdktMVzBVbzl6YWc2ZFVuSm91ekRFWWloV0Z5WFdGTlZ6YWpRYU5OQVJ0RENhWTEycGZXTDhCCk9wQ3dWbmo4WVU4Zy90Q20vcUZ2YmVZSURGeENucWNvM3FUR0grZGVUa0ZFUWdDbm1pZStYcFh1T3Nzb25Fc1EKZ1JzS0FnQUNKL1VIZXlEdDJyMU54VXZYalRTUlErZmMwbnBaUHBKWThGcUc4TVFzVlNOc01ML0hGMnNIM1JHSQpvM0Q0QUhjTUQ1SjlJYVRnMlQxZnczcDlFNVNnd05GUUlYZER5QlFuUnZPZFFUS3BBL2tDZ2dFQkFOL0dVWDhICnNnWjVtbDV3d1lPN0lENkU2VzV5Ui80V3J2bkdpaGdXdzdiQkoycHg5TGdnYkF2ekJmRVZ2ZWdIeTlYOGtmQXUKVC9KeXl6SEpkMmxMclhtdW01cnZYTGFJSmdpZ1ZkU1cxVUloUVhYaU56ZGN0YXFuZFR2T2tFQ3RJNExISU5uNQpOemF1MHZTeURSUGgxV3Izb1huRTJCcWFabXF6WFltcjdGRHB2NHZHd1JUOHpoQVZPVUpRTURTOXB5Q0puYlFzCmxxUEwyZTdFMitlSDE4K1FRZEVIMjhBems5U0JiTWF0MjNMa0ZRc0ZqalVNWGJSR2REc2V5bWZJTitRSkp6czAKblJHUy9ZclVJODdhUGxNRXNRbnZEeUw0Sy9odVVuU0dyZWtXY202UXplMGw3NXVqbGhHOFNlbWhHcWxKdkt3VQo2R3I2SDBEUkI1bCtxVDhDZ2dFQkFNK01wR1FwOElGM2FZU0dIYTltMjdnWXJlT2VQOU82N3hyQnVBNXJOYUNJCnVXVUhKMGZsSkhyV3grQlFlRnRSeUt5ZERPZTludmMwcFdvQWNhMWJnYXZwb2VZRXYvTTNRZGlzTWZqUjc2TlgKdnE3c25nS3BxeW1ZUmp3a2RiRjBXYzdKWVRONjdpRFgrQ1VXR1FtM2dySkE2MFg5Q2tuT3dObE13WVhudXZQYgoraEIwalFTTTZNb24yb2plSjM5RTBFUXZwa3JDMGRienhQeVJVOHhaVXh4ZmpaNW14T1Y4czRLYVhqOXJMN2RiClhua3hxSDRDUWZtTk1QcGs4enA3K0hHSGpiYmhtQkVLTWh3VEo3amhBUHVxd3NGNGxPMkdSaU5pUDNGVFo0ZUoKZEhvZGpIUlhzZ29ndzJCLzdWek1rS1BqZEJ4Nktyc0JFcmJOWm5uNEIzVUNnZ0VBYUI4QkFKaDJEMms1bU1QaQpad2NFNDlJNFEzbk5ZYjd3UDZ4UHlSR2VrMFNnc0hqQm80TUNnelRiQ09oUzZzbmw0SFdhK2lTeWNsOVRpS0R6CmZQMEhoTnpuN2xsOXpEamhhWlloR2IvdERzNG1oVkZ5MjhHNWplUkpPa0ROQWlzTm9PWkN0T211OVRTM1Y4QVoKTWEwYy9wNm1kZUJQcFdFK1VsdVBKR1hvbVdXS0NPRzhLYVhQdzgvOFNvekJRV2tWZ0tCSHp2UUlTOEtvYnQ4TwphMWJiNWVwN2xXV1FySWZUTzBmVmMwU21IWGxmQ1RmV2lYeHRoVnBhN3I5TzhxZEl5a1F3Q3U1YVB6a2ozQnNGClpsUktONXF4UGF3TVlQc1VpbzNhcy9tT3Bpd1pwclNkL01Cd0V2MDA4SitwekpsM3JGbHcvcWpqMUJMNXc5RC8KTmo2blJRS0NBUUIwaGVkOWZMWlVXWEJhUU5uRnNoL0ZXY1cydHcvcWxWYk1WTm82N2lIcmdSZGxDd0VZc2lNcQovQTYzZHpZN1BzMUZhOTdrOUdhZEwyZDIvY3pVb1QxS0FSOHQvcGl0dWVZeitXa000d0NCV2kvcUVWb2M4Smp4Ci8xWGZTakR4Y2Z0QngzblU1ejF1SHhKbjcrSWF2SGFhRVN5RjNLeThCMkhxSGRmQWovczhFZEp4RHA1bFlaOEkKY0J1WEgvSlkxNDk5MktxcDZuclpEWDhZdFphd2NhM2hqaHY2UklSaXV3SWxYdmx1N1lTYWtxZVZyeldEbVV6bApDRW5wS21nTCs3SGVPMVpxeUhrUmlBSGVGVHNGNXYwZ1RoeU5kbDlXZ3o0NWUxMVhDSlpsVjl5VytxUHlaWkhGCmNlTisrQk9ST0NBMGd1eWJXRk5KTGk4TmhuLzBGalpKQW9JQkFGT3RCQWQ1KzJxYm1VUlNzUlpUNFcxQk1NR3QKRjd6UEk0U2NvREhKT2pWWUJEamRmR2p0TzZ5Y0N2aC82c0gwd0F5RkgxV0FOL3RMUUhWbHMxQnJKTHBBZUhjTQpQVXhkck1kOHo2MFQyYllBUERIQ2VBSC83U0dmbnJsUVZBNlNzOE94bkJhRWV4OW9zc0JEcnoxbHE4L0haMXhSClZ0bFEyNnl2RHMvSGpZUVgrVCtNZFVDUFNyZ3RHWEdZN25ibkFxWmQybUUyZXdsSXI3L1d2NTdMSEdnN2JpQ0IKbjhLTHZ5bGIyOGFSWFV6UEd2SlpETzVaTXg5NDh5MmQ1MjcrbWg3R203dGQveU0rT2Y3eHh5K2hsRldhanZragpKOTlMVlpQbWZENGtyOVpuSU4zMkhsTkNUVVUxUFMxVWNURmdCbkx2MmJaVU9KaVdCTFJyRUN3NGFrZz0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0Kkind: Secret
metadata:
creationTimestamp: " 2020-02-11T18:20:33Z "
name: mysql -cert
namespace: yinzhengjie -config
resourceVersion: " 628384 "
selfLink: /api/v1/namespaces/yinzhengjie-config/secrets/mysql-cert
uid: 93a1bd84 -888e-4c41-8cf0-910efcf86416
type: kubernetes.io /tls
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get secrets mysql-cert -n yinzhengjie-config -o yaml
4>.创建nginx的配置文件
[root@master200.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/k8s/manifests/basic/secret/
total 24
-rw-r--r-- 1 root root 2009 Feb 12 02 :10 mysql.crt
-rw-r--r-- 1 root root 3243 Feb 12 02 :07 mysql.key
-rw-r--r-- 1 root root 278 Feb 12 01 :27 mysql-pod.yaml
-rw-r--r-- 1 root root 668 Feb 12 02 :38 pod-mynginx-tls.yaml
-rw-r--r-- 1 root root 116 Feb 12 02 :38 server01.conf
-rw-r--r-- 1 root root 122 Feb 12 02 :38 server02.conf
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/server01.conf
server {
server_name master.yinzhengjie.org.cn;
listen 80 ;
location / {
root " /yinzhengjie/master/html/ " ;
}
}
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/server01.conf
[root@master200.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/k8s/manifests/basic/secret/
total 24
-rw-r--r-- 1 root root 2009 Feb 12 02 :10 mysql.crt
-rw-r--r-- 1 root root 3243 Feb 12 02 :07 mysql.key
-rw-r--r-- 1 root root 278 Feb 12 01 :27 mysql-pod.yaml
-rw-r--r-- 1 root root 668 Feb 12 02 :38 pod-mynginx-tls.yaml
-rw-r--r-- 1 root root 116 Feb 12 02 :38 server01.conf
-rw-r--r-- 1 root root 122 Feb 12 02 :38 server02.conf
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/server02.conf
server {
server_name master200.yinzhengjie.org.cn;
listen 80 ;
location / {
root " /yinzhengjie/master200/html/ " ;
}
}
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/server02.conf
5>.编辑Pod的配置文件并创建Pod
[root@master200.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/k8s/manifests/basic/secret/
total 24
-rw-r--r-- 1 root root 2009 Feb 12 02 :10 mysql.crt
-rw-r--r-- 1 root root 3243 Feb 12 02 :07 mysql.key
-rw-r--r-- 1 root root 278 Feb 12 01 :27 mysql-pod.yaml
-rw-r--r-- 1 root root 668 Feb 12 02 :38 pod-mynginx-tls.yaml
-rw-r--r-- 1 root root 116 Feb 12 02 :38 server01.conf
-rw-r--r-- 1 root root 122 Feb 12 02 :38 server02.conf
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/pod-mynginx-tls.yaml
apiVersion: v1
kind: Pod
metadata:
name: mynginx -pod
namespace: yinzhengjie -config
spec:
containers:
- name: mynginx
image: nginx: 1.14 -alpine
volumeMounts:
- name: config
mountPath: /etc/nginx/conf.d/
- name: tls
mountPath: /etc/nginx/certs
volumes:
- name: config
configMap:
name: nginx -cfg
items:
- key: server01.conf
path: server -first.conf
- key: server-second.conf
path: server -second.conf
- name: tls
secret:
secretName: mysql -cert
items:
- key: tls.crt
path: mynginx -pod.crt
- key: tls.key
path: mynginx -pod.key
mode: 0600
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/k8s/manifests/basic/secret/pod-mynginx-tls.yaml
[root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/basic/secret/pod-mynginx-tls.yaml
pod /mynginx-pod created
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n yinzhengjie-config
NAME READY STATUS RESTARTS AGE
mynginx 1 /1 Running 1 41h
mynginx -pod 1 /1 Running 0 32s
mysql 1 /1 Running 0 72m
pod -cfg-dome 1 /1 Running 1 42h
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl apply -f /yinzhengjie/data/k8s/manifests/basic/secret/pod-mynginx-tls.yaml
6>.连接Pod中的nginx容器验证配置是否生效
[root@master200.yinzhengjie.org.cn ~]# kubectl get pods -n yinzhengjie-config
NAME READY STATUS RESTARTS AGE
mynginx 1 /1 Running 1 41h
mynginx -pod 1 /1 Running 0 32s
mysql 1 /1 Running 0 72m
pod -cfg-dome 1 /1 Running 1 42h
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]# kubectl exec -it mynginx-pod -n yinzhengjie-config -- /bin/sh
/ #
/ # ls /etc/nginx/
certs fastcgi.conf fastcgi_params koi -utf mime.types modules nginx.conf.default scgi_params.default uwsgi_params.default
conf.d fastcgi.conf.default fastcgi_params.default koi -win mime.types.default nginx.conf scgi_params uwsgi_params win-utf
/ #
/ # ls -l /etc/nginx/certs/
total 0
lrwxrwxrwx 1 root root 22 Feb 11 18 :38 mynginx-pod.crt -> ..data/mynginx-pod.crt
lrwxrwxrwx 1 root root 22 Feb 11 18 :38 mynginx-pod.key -> ..data/mynginx-pod.key
/ #
/ # cat /etc/nginx/certs/mynginx-pod.crt
-----BEGIN CERTIFICATE-----
MIIFnzCCA4egAwIBAgIJAPwwKhWyxksIMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV
BAYTAkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAwDgYDVQQHDAdCZWlqaW5nMQwwCgYD
VQQKDANPcHMxJTAjBgNVBAMMHG1hc3RlcjIwMC55aW56aGVuZ2ppZS5vcmcuY24w
HhcNMjAwMjExMTgxMDQyWhcNMzAwMjA4MTgxMDQyWjBmMQswCQYDVQQGEwJDTjEQ
MA4GA1UECAwHQmVpamluZzEQMA4GA1UEBwwHQmVpamluZzEMMAoGA1UECgwDT3Bz
MSUwIwYDVQQDDBxtYXN0ZXIyMDAueWluemhlbmdqaWUub3JnLmNuMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtWxMDOMHXUn70wT +plCv9Lnty9oqzdxv
DTPbDZjypCIN4kIczuXLRJMhnT1Xqikc3fE3WAAURKl0RQsZfoBk94lONgCfpp3 /
1D0LIOERUMEnnQ +WeNkuTp1iN9G1RYUhfygcskeO1SV44K1koNo2yagJhlEKqS7D
mBVJk3jODQNQXoR13IAszL7FDk9hLAEmY /3v2/l486KmmGaX5jJ4c36LOewimHK8
NSFIOcRPJTMCFWncSryR9zsPbtqhChHDSyhUowbydaJicVzGPNFG15VJ9jdiuKza
KQKemd3GWsbVDxMqApDViSnsERM3NthWDEXF +3giOvVhlSFClVMBT365MBAUSOQ+
CCZYBm1nI /JL9n7KnJFQc3xjKKiou2VEUfnznXqVgHMQtaZ9j0ATRmU5V3SyRSoD
00037vfMu8Luzpfqcfco5WcM1nzMwl6mOqBU3tx5C7VmTAYKpc9QxvquqXOtE +dy
y6XQ9B /mtVe3QsCBB0+03ga6HUw+8Ibt4EXblPCdvcprbSpm6K84JWES8N8GzIms
zAZe2pqwwjP3xKX1xu4LrKXbXL2SUUSl11 +jS+b1QmvMQR1MMCjFKv9uAnaXnvzm
9dDrULd4kJTJIlxHNBxOtP +CO5coWFP0aTGuDkR/lhwEZ6edk0/+cFZ6tOEtF7nl
fAkweFmMEssCAwEAAaNQME4wHQYDVR0OBBYEFPMKNre6vUYCmndVuaQKHW3bP0TN
MB8GA1UdIwQYMBaAFPMKNre6vUYCmndVuaQKHW3bP0TNMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggIBAI9JxfIHZUMlo /LMzYQ70Fmz6F+fGBt9f8CtnLY8
jmok9KoJef9NWwL +7my+K+CuILeRyzkW7KgSAjxNIme/Cm55krhWB5PX9Gt5mSPZ
cXl5GjLaaOTh36XQsBDhM0rf5j4VKkhxJDUZbp /QAseLEAwi/uGhb5lKvjjOLg3U
KVMGSUYLCA8QFizspk2OG5YMT6JPevWVsh /two7BlWHoxgNwyvRB8BI9QCA2UuHb
Onglgf +MmVVin6ZETMMsXytwD2faJGwOFdxYToJXmChCSehu5qpNOaFt7PHXVm27
mD +GnxEX9wU3eRK8J2jft5m1DiIW9/K55ayZF/dYUYGkByw2CpvmJh5MEpeBbyb/
QKi79F5J5jihbxpj03E6RBPCpSqTRanRqQnOMIfH3AA +uDYDDQsMDHdJGOicQqXr
tDT2vEwRrpQ /MOSFo5JK33fp2jzaQvf3yBn5eOc4v624eD0IxR6V+kAAmQql8QWS
RGV6HYO0mZLw49M4d /0ho76YgY9kRsZ5qiyim6npUT+MV3fCHtXM03eBeu5WSpFh
ORhF6xgaWyq7r2xasGk5o5il194J /g8Nwa50iSScrO1ByEF48NQEAXckJZD8b4RG
9nHC17No4ZvyY4 +tW7qRu5v5SjbkHrSa/g8riSYVwjRC9fdXg7bLgGll6GrrLwcP
rEAp
-----END CERTIFICATE-----
/ #
/ # cat /etc/nginx/certs/mynginx-pod.key
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAtWxMDOMHXUn70wT +plCv9Lnty9oqzdxvDTPbDZjypCIN4kIc
zuXLRJMhnT1Xqikc3fE3WAAURKl0RQsZfoBk94lONgCfpp3 /1D0LIOERUMEnnQ+W
eNkuTp1iN9G1RYUhfygcskeO1SV44K1koNo2yagJhlEKqS7DmBVJk3jODQNQXoR1
3IAszL7FDk9hLAEmY /3v2/l486KmmGaX5jJ4c36LOewimHK8NSFIOcRPJTMCFWnc
SryR9zsPbtqhChHDSyhUowbydaJicVzGPNFG15VJ9jdiuKzaKQKemd3GWsbVDxMq
ApDViSnsERM3NthWDEXF +3giOvVhlSFClVMBT365MBAUSOQ+CCZYBm1nI/JL9n7K
nJFQc3xjKKiou2VEUfnznXqVgHMQtaZ9j0ATRmU5V3SyRSoD00037vfMu8Luzpfq
cfco5WcM1nzMwl6mOqBU3tx5C7VmTAYKpc9QxvquqXOtE +dyy6XQ9B/mtVe3QsCB
B0 +03ga6HUw+8Ibt4EXblPCdvcprbSpm6K84JWES8N8GzImszAZe2pqwwjP3xKX1
xu4LrKXbXL2SUUSl11 +jS+b1QmvMQR1MMCjFKv9uAnaXnvzm9dDrULd4kJTJIlxH
NBxOtP +CO5coWFP0aTGuDkR/lhwEZ6edk0/+cFZ6tOEtF7nlfAkweFmMEssCAwEA
AQKCAgEAra7Y +7lY8omCiRmOBIDYgsyBCBh7xAsVUalkO5dCK7niWsp6M+SwfZzx
oEv6og +r8BoepqOkw7sKcZLXvFCE2KndczuTm/pE0dYC0l5Fqm7QUr96iYU5nM91
GQUtqjlywP4QwuhYqFuwZj /5RzjBHLs/KxRoxWDcpbszbfhIIxMaHPJot0kKGpVD
p5h86ZjMPQv9VjV2AqCjJuGI6DtHLyJlfXVABXxKC /8p2wvBzVYQ15k56V6vyuUC
uFibtT0eHtSkelKLSezEm8x6h /y9+mOUpB+P5kassHguiBVV8M/LZxwsqrong6Hb
utkPkfT4I9WkXUM8Wf9ShWeLC9OkOu6j6mvQK /3PSZaL6vcQ/98lpz31gyl07i73
1JejLUIekbpd /5jrNYCYvRc2u91ulQrlZ+LGygnhqCY+s2hA/2YdWteFylJK/H1Q
hsPIUQByOTvKLW0Uo9zag6dUnJouzDEYihWFyXWFNVzajQaNNARtDCaY12pfWL8B
OpCwVnj8YU8g /tCm/qFvbeYIDFxCnqco3qTGH+deTkFEQgCnmie+XpXuOssonEsQ
gRsKAgACJ /UHeyDt2r1NxUvXjTSRQ+fc0npZPpJY8FqG8MQsVSNsML/HF2sH3RGI
o3D4AHcMD5J9IaTg2T1fw3p9E5SgwNFQIXdDyBQnRvOdQTKpA /kCggEBAN/GUX8H
sgZ5ml5wwYO7ID6E6W5yR /4WrvnGihgWw7bBJ2px9LggbAvzBfEVvegHy9X8kfAu
T /JyyzHJd2lLrXmum5rvXLaIJgigVdSW1UIhQXXiNzdctaqndTvOkECtI4LHINn5
Nzau0vSyDRPh1Wr3oXnE2BqaZmqzXYmr7FDpv4vGwRT8zhAVOUJQMDS9pyCJnbQs
lqPL2e7E2 +eH18+QQdEH28Azk9SBbMat23LkFQsFjjUMXbRGdDseymfIN+QJJzs0
nRGS /YrUI87aPlMEsQnvDyL4K/huUnSGrekWcm6Qze0l75ujlhG8SemhGqlJvKwU
6Gr6H0DRB5l +qT8CggEBAM+MpGQp8IF3aYSGHa9m27gYreOeP9O67xrBuA5rNaCI
uWUHJ0flJHrWx +BQeFtRyKydDOe9nvc0pWoAca1bgavpoeYEv/M3QdisMfjR76NX
vq7sngKpqymYRjwkdbF0Wc7JYTN67iDX +CUWGQm3grJA60X9CknOwNlMwYXnuvPb
+hB0jQSM6Mon2ojeJ39E0EQvpkrC0dbzxPyRU8xZUxxfjZ5mxOV8s4KaXj9rL7db
XnkxqH4CQfmNMPpk8zp7 +HGHjbbhmBEKMhwTJ7jhAPuqwsF4lO2GRiNiP3FTZ4eJ
dHodjHRXsgogw2B /7VzMkKPjdBx6KrsBErbNZnn4B3UCggEAaB8BAJh2D2k5mMPi
ZwcE49I4Q3nNYb7wP6xPyRGek0SgsHjBo4MCgzTbCOhS6snl4HWa +iSycl9TiKDz
fP0HhNzn7ll9zDjhaZYhGb /tDs4mhVFy28G5jeRJOkDNAisNoOZCtOmu9TS3V8AZ
Ma0c /p6mdeBPpWE+UluPJGXomWWKCOG8KaXPw8/8SozBQWkVgKBHzvQIS8Kobt8O
a1bb5ep7lWWQrIfTO0fVc0SmHXlfCTfWiXxthVpa7r9O8qdIykQwCu5aPzkj3BsF
ZlRKN5qxPawMYPsUio3as /mOpiwZprSd/MBwEv008J+pzJl3rFlw/qjj1BL5w9D/
Nj6nRQKCAQB0hed9fLZUWXBaQNnFsh /FWcW2tw/qlVbMVNo67iHrgRdlCwEYsiMq
/A63dzY7Ps1Fa97k9GadL2d2/czUoT1KAR8t/pitueYz+WkM4wCBWi/qEVoc8Jjx
/1XfSjDxcftBx3nU5z1uHxJn7+IavHaaESyF3Ky8B2HqHdfAj/s8EdJxDp5lYZ8I
cBuXH /JY14992Kqp6nrZDX8YtZawca3hjhv6RIRiuwIlXvlu7YSakqeVrzWDmUzl
CEnpKmgL +7HeO1ZqyHkRiAHeFTsF5v0gThyNdl9Wgz45e11XCJZlV9yW+qPyZZHF
ceN ++BOROCA0guybWFNJLi8Nhn/0FjZJAoIBAFOtBAd5+2qbmURSsRZT4W1BMMGt
F7zPI4ScoDHJOjVYBDjdfGjtO6ycCvh /6sH0wAyFH1WAN/tLQHVls1BrJLpAeHcM
PUxdrMd8z60T2bYAPDHCeAH /7SGfnrlQVA6Ss8OxnBaEex9ossBDrz1lq8/HZ1xR
VtlQ26yvDs /HjYQX+T+MdUCPSrgtGXGY7nbnAqZd2mE2ewlIr7/Wv57LHGg7biCB
n8KLvylb28aRXUzPGvJZDO5ZMx948y2d527 +mh7Gm7td/yM+Of7xxy+hlFWajvkj
J99LVZPmfD4kr9ZnIN32HlNCTUU1PS1UcTFgBnLv2bZUOJiWBLRrECw4akg =
-----END RSA PRIVATE KEY-----
/ #
/ #
[root@master200.yinzhengjie.org.cn ~]# kubectl exec -it mynginx-pod -n yinzhengjie-config -- /bin/sh
三.创建镜像仓库类型的secret
[root@master200.yinzhengjie.org.cn ~]# kubectl create secret docker-registry -h
Create a new secret for use with Docker registries.
Dockercfg secrets are used to authenticate against Docker registries.
When using the Docker command line to push images, you can authenticate to a given registry by running:
' $ docker login DOCKER_REGISTRY_SERVER --username=DOCKER_USER --password=DOCKER_PASSWORD --email=DOCKER_EMAIL ' .
That produces a ~/.dockercfg file that is used by subsequent ' docker push ' and ' docker pull ' commands to authenticate
to the registry. The email address is optional.
When creating applications, you may have a Docker registry that requires authentication. In order for the
nodes to pull images on your behalf, they have to have the credentials. You can provide this information
by creating a dockercfg secret and attaching it to your service account.
Examples:
# If you don ' t already have a .dockercfg file, you can create a dockercfg secret directly by using:
kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER
--docker-password=DOCKER_PASSWORD --docker-email= DOCKER_EMAIL
Options:
--allow-missing-template-keys=true : If true , ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
--append-hash=false : Append a hash of the secret to its name.
--docker-email='' : Email for Docker registry
--docker-password='' : Password for Docker registry authentication
--docker-server=' https://index.docker.io/v1/ ' : Server location for Docker registry
--docker-username='' : Username for Docker registry authentication
--dry-run=false : If true , only print the object that would be sent, without sending it.
--from-file =[]: Key files can be specified using their file path, in which case a default name will be given to
them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will
iterate each named file in the directory that is a valid secret key.
--generator=' secret-for-docker-registry/v1 ' : The name of the API generator to use.
-o, --output='' : Output format. One of:
json |yaml|name|go-template|go-template-file |template|templatefile|jsonpath|jsonpath-file .
--save-config=false : If true , the configuration of current object will be saved in its annotation. Otherwise, the
annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--template='' : Template string or path to template file to use when -o=go-template, -o=go-template-file . The
template format is golang templates [http: // golang.org/pkg/text/template/#pkg-overview].
--validate=true : If true , use a schema to validate the input before sending it
Usage:
kubectl create secret docker -registry NAME --docker-username=user --docker-password=password --docker-email=email
[ --docker-server=string ] [--from-literal=key1=value1] [--dry-run] [options]
Use " kubectl options " for a list of global command-line options (applies to all commands).
[root@master200.yinzhengjie.org.cn ~]#
[root@master200.yinzhengjie.org.cn ~]#
你可能感兴趣的:(Kerbernetes使用Secret资源配置铭感信息)
如何在Pycharm等Terminal中获取当前的环境变量信息
潇囧囧
pycharm python
目标:查看当前编程环境变量信息。方法:直接使用os库即可查看当前虚拟环境对应的全局变量。importos#打印所有环境变量forkey,valueinos.environ.items():print(f"{key}:{value}")#获取特定环境变量的值path=os.environ.get("PATH")print(f"PATH:{path}")需求:有时会遇到虚拟环境的某些配置和我们系统的配
Sentinel实战:构建可靠的微服务防护系统
ivwdcwso
安全 sentinel 微服务 架构 防护 安全 java 开发
1.引言在微服务架构中,保障系统的可用性和稳定性至关重要。Sentinel作为一个强大的流量控制组件,为我们提供了实现熔断、限流、系统保护等功能的有力工具。本文将通过实际案例,详细介绍Sentinel的使用方法和最佳实践,并探讨如何在容器环境中部署Sentinel。2.Sentinel简介Sentinel是阿里巴巴开源的面向分布式服务架构的流量控制组件,主要以流量为切入点,从流量控制、熔断降级、系
1-刷力扣问题记录
leaf_leaves_leaf
算法 数据结构
25.1.191.size()和.length()有什么区别2.result.push_back({nums[i],nums[left],nums[right]});为什么用大括号?使用大括号{}是C++11引入的初始化列表语法,它允许我们在构造或初始化对象时直接传入一组值。大括号的使用在许多情况下都能让代码更加简洁和直观。{nums[i],nums[left],nums[right]}是一个初始
QT界面自适应
天生爱打工
qt qt 开发语言
一自适应工具类介绍:1.1功能控件能跟随界面大小的变化实现字体、大小同比例的变化1.2优点控件大小,字体可跟随界面大小同比例任意变化。同一套程序能兼容不同分辨率及不同DPI的显示器对于控件数目固定不变的UI区域:只需要将控件拖拽到指定位置即可,不需要使用弹簧及布局等qt属性对于控件数目有可能会根据需求变化的UI区域:可以使用qt原有的布局,但解放了qt原有布局中不能改变字体的属性。二自适应工具类使
[QT] 断点调试
天生爱打工
qt qt 开发语言
目录一设置断点二调试窗口信息2.1默认窗口2.2详细窗口属性三调试方法和技巧一设置断点在QtCreator中我们有两种方式添加断点。用鼠标直接点击代码编辑窗口中的某一行按下F9添加/取消断点(操作的是当前鼠标光标所在的代码行)二调试窗口信息2.1默认窗口这里列出几个默认的窗口红色圆点表示断点,黄色箭头表示当前程序运行位置。stack:堆栈表示当前函数之间的调用关系,比如位于哪个函数体中。Local
百度地图显示多个infoWindow信息窗口时只展示最后一条数据
射手buff
前端 百度
这两天遇到一个问题,百度地图在循环加载多个信息窗口的时候所有的窗口显示的都是最后一条数据的内容效果如下:如图所示两个信息窗口都是一样的值,代码如下$.ajax({type:"POST",url:"../api/zhandian.json",success:function(res){vardata=res.data;for(vari=0;i联系电话:"+data[i].phone,opts);//
责任链模式原理详解和源码实例以及Spring AOP拦截器链的执行源码如何使用责任链模式?
一个儒雅随和的男子
spring 设计模式 责任链模式 spring java
前言 本文首先介绍了责任链的基本原理,并附带一个例子说明责任链模式,确保能够理解责任链的前提下,在进行SpringAOP执行责任链的源码分析。责任链模式允许将多个处理对象连接成链,请求沿着链传递,直到被处理或结束。每个处理者可以选择处理请求或传递给下一个。 SpringAOP的拦截器链,拦截器或者过滤器链,都是典型的责任链应用。比如,当一个方法被调用时,多个拦截器按顺序执行,每个拦截器可以决定
【部署】Ktransformer是什么、如何利用单卡24GB显存部署Deepseek-R1 和 Deepseek-V3
仙人掌_lz
人工智能 人工智能 AI 部署 自然语言处理
简介KTransformers是一个灵活的、以Python为中心的框架,旨在通过先进的内核优化和放置/并行策略提升HuggingFaceTransformers的使用体验。它具有高度的可扩展性,用户可通过单行代码注入优化模块,获得兼容Transformers的接口、符合OpenAI和Ollama的RESTfulAPI,甚至简化的ChatGPT风格的WebUI。KTransformers的性能优化基
技术分享:MyBatis SQL 日志解析脚本
£漫步 云端彡
运维趣分享 sql java mybatis 日志解析
技术分享:MyBatisSQL日志解析脚本1.脚本功能概述2.实现细节2.1HTML结构2.2JavaScript逻辑3.脚本代码4.使用方法4.1示例5.总结在日常开发中,使用MyBatis作为持久层框架时,我们经常需要查看SQL日志以调试和优化查询。然而,MyBatis的日志输出通常包含占位符和参数信息,这使得直接执行这些SQL语句变得困难。为了解决这个问题,我们开发了一个简单的HTML和Ja
C语言-回调函数的应用
woainizhongguo.
C/C++ c语言
什么是回调函数回调函数就是一个被作为参数传递的函数。在C语言中,回调函数只能使用函数指针实现,在C++、Python、ECMAScript等更现代的编程语言中还可以使用仿函数或匿名函数。工作机制⑴定义一个回调函数;⑵提供函数实现的一方在初始化的时候,将回调函数的函数指针注册给调用者;⑶当特定的事件或条件发生的时候,调用者使用函数指针调用回调函数对事件进行处理。应用案例(1)应用层:通过调用hal层
C语言结构体学习笔记
BUG 劝退师
c语言 c语言 学习 笔记
C语言结构体学习笔记目录结构体基本概念结构体变量定义结构体初始化结构体数组结构体指针共用体枚举类型typedef自定义类型总结结构体基本概念1.什么是结构体?结构体:一种用户自定义的数据类型,用于将多个不同类型的变量组合成一个整体。用途:表示复杂数据(如学生信息:学号、姓名、成绩等)。2.结构体定义struct结构体名{数据类型成员1;数据类型成员2;//可以嵌套结构体struct子结构体名子成员
前端:纯前端快速实现html导出word和pdf
m0_74823715
前端 html word
实现html导出word,需要使用两个库。html-docx-js和file-saver导出word的js方法>npminstallhtml-docx-js>npminstallfile-saverjs引入importFileSaverfrom“file-saver”;importhtmlDocxfrom“html-docx-js/dist/html-docx”;/**导出word方法*/expo
Python Union 联合类型注解详解
人才程序员
杂谈 python 服务器 java linux 后端 软件工程 开发语言
文章目录PythonUnion联合类型注解详解1.什么是Union联合类型?**语法(Python3.9及之前版本)**:**语法(Python3.10及之后版本)**:2.Union联合类型注解示例**(1)使用Union来表示多个类型的参数****(2)使用`|`来表示联合类型(Python3.10及之后版本)**3.使用Union进行复杂类型注解**(1)使用Union与列表结合****(2
macOS Catalina 10.15 - 新增功能及其他信息记录
伊织code
Apple 开发+ 10.15 macOS Catalina Sidecar
文章目录推荐阅读参考一、基本信息WWDC2019壁纸二、beta版本安装macOS10.15Xcode11三、新功能添加屏幕使用时间iPadOS应用可在Mac上运行APFS宗卷被拆分为只读的系统宗卷(System)和用户数据宗卷(Data)增加Findmy查找添加由Siri控制的「捷径」和「屏幕时间」AppleWatch可解锁MacSidecar:将iPad作为副显示屏四、其他变更终端shell建
Spring Bean 生命周期详解
黑风风
java 多线程 spring java 数据库
SpringBean生命周期详解在Spring框架中,Bean的生命周期由Spring容器全权管理。了解和掌握Bean的生命周期对于使用Spring开发稳定且高效的应用程序至关重要。本文将详细介绍SpringBean生命周期的五个主要阶段:实例化、属性注入、初始化、使用和销毁,并涵盖各个阶段的关键步骤和扩展点。1.实例化(Instantiation)实例化阶段包括以下关键步骤:BeanNameAw
释放 DeepSeek 的力量:像专家一样本地安装与探索!
guzhoumingyue
AI python
要在本地运行DeepSeek,您需要遵循以下步骤。请确保您的计算机上已安装Python和Git,并且满足DeepSeek的依赖项。步骤1:安装依赖项安装Python和pip确保您已安装Python(建议使用Python3.6及以上版本)。您可以通过在终端/命令提示符中输入以下命令来检查Python是否已安装:bash复制代码python--version或者bash复制代码python3--ver
FPGA设计怎么学?薪资前景好吗?
博览鸿蒙
FPGA fpga开发
FPGA前端设计和各岗位之间有着很多联系,是一个薪资待遇高,前景发展好的岗位。但这个岗位的门槛也比较高,很多人不知道怎么学习,下面就和宸极教育一起来了解一下吧。数字前端设计必备技能1、熟悉数字电路设计2、熟悉Verilog或VHDL3、熟悉异步电路设计4、熟悉FIFO的设计5、熟悉UNIX系统及其工具的使用6、熟悉脚本语言Perl、Shell、Tcl等7、熟悉C/C++语言、SystemVeril
Unity3D使用鼠标旋转缩放平移视角
肚皮朝上的刺猬
unity3D Unity3D视角变换实现
Unity使用鼠标旋转缩放平移视角用代码在Game界面完美实现Scene界面的操作方法。使用方法:把脚本挂在相机上,把跟踪的target拖到脚本上。视角跟踪的是一个空物体,当然如果你是做RPG游戏需要跟踪某一角色的视角,那就不需要中键平移功能,把空物体换成角色就行。代码主要是分三部分功能进行实现。右键拖动控制视角的旋转;滚轮旋转控制视角的缩放;中键拖动控制视角的平移。右键拖动控制旋转主要是用Get
Kate文本编辑器 v24.12.9013 开源高级文本代码编辑器
SSASASA11
编辑器
链接:https://pan.quark.cn/s/5577e74ab648Kate是一个可以跨平台使用的免费高级文本编辑器,支持标签页、代码高亮、显示行号、显示缩略图的滚动条、多文件查找、横向或者纵向显示多个视图等众多高级特性。软件功能1、双击当前标签页创建新标签页。2、支持启用/禁用自动换行。3、强大的多文件查找和替换功能。利用这个功能可以一键查找/替换所有已打开的文本中的内容。支持正则表达式
Linux-ISCSI
DC_BLOG
Linux linux 服务器
文章目录iSCSIiSCSI配置作者主页:点击!Linux专栏:点击!⏰️创作时间:2025年02月17日19点50分iSCSI协议是没有同步机制的,要想解决同步机制,需要配置集群文件系统或者是分布式文件系统,防止数据不同步的问题iSCSI基于IP协议的技术标准,该技术允许用户通过TCP/IP网络来构建SANiSCCI的基本组成使用3260端口进行传输iSCCI会话的建立是通过启动器(Initat
Linux-GlusterFS操作子卷
DC_BLOG
Linux linux wpf 运维 服务器 分布式
文章目录分布式卷添加卷分布式卷删除子卷删除总卷作者主页:点击!Linux专栏:点击!⏰️创作时间:2025年02月20日19点30分分布式卷添加卷Node1上进行操作扩容#服务器端glustervolumeadd-brickgv-disNode3:/exp/vdb1/brick#在分布式卷中添加卷glustervolumeinfogv-dis#之后查看分布式卷的详细信息之后就会发现新增了Node3
Vue3 vuex
*且听风吟
# Vue 3 javascript vue.js 前端
概念Vuex:状态管理工具使用场景有时候,需要在多个组件中共享状态,并且是响应式的状态,一个变,全都跟着发生改变的场景。例如,一些全局要用的的状态信息:用户登录状态、用户信息等等;这时候,就需要这样的一个工具来进行全局的状态管理,而Vuex就是这样的一个工具。Vue2.xvuex基本结构store/index.js:importVuefrom'vue'importVuexfrom'vuex'Vue
SMT贴片加工_锡膏的作用
CIT_PCBA
PCBA pcb工艺 贴片 smt 制造
随着现代电子制造业的飞速发展,表面贴装技术(SurfaceMountTechnology,简称SMT)已成为电子组装领域的核心技术。在SMT生产过程中,对于锡膏的使用是非常多的,它直接影响到电路板的质量与性能。本文旨在深入探讨锡膏在SMT中的作用及其对电子制造业的重要性。锡膏及其在SMT中的作用锡膏是一种由微细金属粒子(通常为锡和铅或无铅合金)、助焊剂和少量其他化学品组成的浆料。在SMT生产线上,
Spring Bean 生命周期的执行流程
涛粒子
spring 数据库 java
1.Bean定义阶段在Spring应用启动时,会读取配置文件(如XML配置、Java注解配置等)或者扫描带有特定注解(如@Component、@Service、@Repository等)的类,将这些Bean的定义信息加载到Spring的BeanFactory或ApplicationContext中。这些定义信息包括Bean的类名、作用域、依赖关系等。2.Bean实例化阶段调用构造函数:Spring
Spring Bean 生命周期
CT随
spring java 后端
SpringBean生命周期是Spring框架中一个非常重要的概念,它描述了一个Bean从创建到销毁的完整过程。这个生命周期可以分为五个主要阶段:创建前准备阶段、创建实例阶段、依赖注入阶段、容器缓存阶段和销毁实例阶段。下面我们将详细介绍每个阶段的作用,并通过生活中的例子来帮助理解。创建前准备阶段定义与作用:在这一阶段,Spring容器会解析配置文件或注解,查找并加载需要被管理的Bean的相关信息。
“深入浅出”系列之QT:(10)Qt接入Deepseek
我真不会起名字啊
qt 开发语言
项目配置:在.pro文件中添加网络模块:QT+=corenetworkAPI配置:将apiUrl替换为实际的DeepSeekAPI端点将apiKey替换为你的有效API密钥根据API文档调整请求参数(模型名称、温度值等)功能说明:使用QNetworkAccessManager处理HTTP请求自动处理JSON序列化/反序列化支持异步请求处理包含基本的错误处理扩展建议:添加更完善的错误处理(HTTP状
pycharm画图程序如何一步一步的调试
leaf_leaves_leaf
pycharm ide python
1.设置合适的Matplotlib后端在PyCharm中,有时需要手动指定Matplotlib后端。你可以尝试在脚本的最开始加入以下代码,强制使用TkAgg后端,这样可以保证图形更新的实时性:importmatplotlibmatplotlib.use('TkAgg')#指定TkAgg后端importmatplotlib.pyplotaspltimportnumpyasnp#启用交互模式plt.i
Hadoop之HDFS的使用
想要变瘦的小码头
hadoop hdfs 大数据
HDFS是什么:HDFS是一个分布式的文件系统,是个网盘,HDFS是一种适合大文件存储的分布式文件系统HDFS的Shell操作1、查看hdfs根目录下的内容-lshdfsdfs-lshdfs://hadoop01:9000/url在使用时默认是可以省略的,因为hdfs在执行的时候会根据HDOOP_HOME自动识别配置文件中的fs.defaultFS属性可以写成:hdfsdfs-ls/还有一版旧版写
22.4.3.1 IPGlobalProperties类
.Net学习
C# 教程 c# 网络
版权声明:本文为博主原创文章,转载请在显著位置标明本文出处以及作者网名,未经作者允许不得用于商业目的。IPGlobalProperties类提供有关本地计算机的网络接口和网络连接的配置和统计信息。此类提供的信息与IPHelperAPI函数提供的信息相似。IPGlobalProperties常用属性:DhcpScopeName:动态主机配置协议(DHCP)范围名。DomainName:在其中注册本地
Spring Bean 生命周期的执行流程
涛粒子
spring java 后端
1.Bean定义阶段解析配置元数据:Spring容器会读取配置信息,这些配置信息可以是XML文件、Java注解或者Java配置类。容器根据这些配置信息解析出Bean的定义,包括Bean的类名、作用域、依赖关系等。注册Bean定义:解析完成后,Spring会将Bean定义信息注册到BeanDefinitionRegistry中,BeanDefinitionRegistry是一个存储Bean定义的注册
统一思想认识
永夜-极光
思想
1.统一思想认识的基础,才能有的放矢
原因:
总有一种描述事物的方式最贴近本质,最容易让人理解.
如何让教育更轻松,在于找到最适合学生的方式.
难点在于,如何模拟对方的思维基础选择合适的方式. &
Joda Time使用笔记
bylijinnan
java joda time
Joda Time的介绍可以参考这篇文章:
http://www.ibm.com/developerworks/cn/java/j-jodatime.html
工作中也常常用到Joda Time,为了避免每次使用都查API,记录一下常用的用法:
/**
* DateTime变化(增减)
*/
@Tes
FileUtils API
eksliang
FileUtils FileUtils API
转载请出自出处:http://eksliang.iteye.com/blog/2217374 一、概述
这是一个Java操作文件的常用库,是Apache对java的IO包的封装,这里面有两个非常核心的类FilenameUtils跟FileUtils,其中FilenameUtils是对文件名操作的封装;FileUtils是文件封装,开发中对文件的操作,几乎都可以在这个框架里面找到。 非常的好用。
各种新兴技术
不懂事的小屁孩
技术
1:gradle Gradle 是以 Groovy 语言为基础,面向Java应用为主。基于DSL(领域特定语言)语法的自动化构建工具。
现在构建系统常用到maven工具,现在有更容易上手的gradle,
搭建java环境:
http://www.ibm.com/developerworks/cn/opensource/os-cn-gradle/
搭建android环境:
http://m
tomcat6的https双向认证
酷的飞上天空
tomcat6
1.生成服务器端证书
keytool -genkey -keyalg RSA -dname "cn=localhost,ou=sango,o=none,l=china,st=beijing,c=cn" -alias server -keypass password -keystore server.jks -storepass password -validity 36
托管虚拟桌面市场势不可挡
蓝儿唯美
用户还需要冗余的数据中心,dinCloud的高级副总裁兼首席营销官Ali Din指出。该公司转售一个MSP可以让用户登录并管理和提供服务的用于DaaS的云自动化控制台,提供服务或者MSP也可以自己来控制。
在某些情况下,MSP会在dinCloud的云服务上进行服务分层,如监控和补丁管理。
MSP的利润空间将根据其参与的程度而有所不同,Din说。
“我们有一些合作伙伴负责将我们推荐给客户作为个
spring学习——xml文件的配置
a-john
spring
在Spring的学习中,对于其xml文件的配置是必不可少的。在Spring的多种装配Bean的方式中,采用XML配置也是最常见的。以下是一个简单的XML配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.or
HDU 4342 History repeat itself 模拟
aijuans
模拟
来源:http://acm.hdu.edu.cn/showproblem.php?pid=4342
题意:首先让求第几个非平方数,然后求从1到该数之间的每个sqrt(i)的下取整的和。
思路:一个简单的模拟题目,但是由于数据范围大,需要用__int64。我们可以首先把平方数筛选出来,假如让求第n个非平方数的话,看n前面有多少个平方数,假设有x个,则第n个非平方数就是n+x。注意两种特殊情况,即
java中最常用jar包的用途
asia007
java
java中最常用jar包的用途
jar包用途axis.jarSOAP引擎包commons-discovery-0.2.jar用来发现、查找和实现可插入式接口,提供一些一般类实例化、单件的生命周期管理的常用方法.jaxrpc.jarAxis运行所需要的组件包saaj.jar创建到端点的点到点连接的方法、创建并处理SOAP消息和附件的方法,以及接收和处理SOAP错误的方法. w
ajax获取Struts框架中的json编码异常和Struts中的主控制器异常的解决办法
百合不是茶
js json编码返回异常
一:ajax获取自定义Struts框架中的json编码 出现以下 问题:
1,强制flush输出 json编码打印在首页
2, 不强制flush js会解析json 打印出来的是错误的jsp页面 却没有跳转到错误页面
3, ajax中的dataType的json 改为text 会
JUnit使用的设计模式
bijian1013
java 设计模式 JUnit
JUnit源代码涉及使用了大量设计模式
1、模板方法模式(Template Method)
定义一个操作中的算法骨架,而将一些步骤延伸到子类中去,使得子类可以不改变一个算法的结构,即可重新定义该算法的某些特定步骤。这里需要复用的是算法的结构,也就是步骤,而步骤的实现可以在子类中完成。
Linux常用命令(摘录)
sunjing
crond chkconfig
chkconfig --list 查看linux所有服务
chkconfig --add servicename 添加linux服务
netstat -apn | grep 8080 查看端口占用
env 查看所有环境变量
echo $JAVA_HOME 查看JAVA_HOME环境变量
安装编译器
yum install -y gcc
【Hadoop一】Hadoop伪集群环境搭建
bit1129
hadoop
结合网上多份文档,不断反复的修正hadoop启动和运行过程中出现的问题,终于把Hadoop2.5.2伪分布式安装起来,跑通了wordcount例子。Hadoop的安装复杂性的体现之一是,Hadoop的安装文档非常多,但是能一个文档走下来的少之又少,尤其是Hadoop不同版本的配置差异非常的大。Hadoop2.5.2于前两天发布,但是它的配置跟2.5.0,2.5.1没有分别。 &nb
Anychart图表系列五之事件监听
白糖_
chart
创建图表事件监听非常简单:首先是通过addEventListener('监听类型',js监听方法)添加事件监听,然后在js监听方法中定义具体监听逻辑。
以钻取操作为例,当用户点击图表某一个point的时候弹出point的name和value,代码如下:
<script>
//创建AnyChart
var chart = new AnyChart();
//添加钻取操作&quo
Web前端相关段子
braveCS
web前端
Web标准:结构、样式和行为分离
使用语义化标签
0)标签的语义:使用有良好语义的标签,能够很好地实现自我解释,方便搜索引擎理解网页结构,抓取重要内容。去样式后也会根据浏览器的默认样式很好的组织网页内容,具有很好的可读性,从而实现对特殊终端的兼容。
1)div和span是没有语义的:只是分别用作块级元素和行内元素的区域分隔符。当页面内标签无法满足设计需求时,才会适当添加div
编程之美-24点游戏
bylijinnan
编程之美
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Random;
import java.util.Set;
public class PointGame {
/**编程之美
主页面子页面传值总结
chengxuyuancsdn
总结
1、showModalDialog
returnValue是javascript中html的window对象的属性,目的是返回窗口值,当用window.showModalDialog函数打开一个IE的模式窗口时,用于返回窗口的值
主界面
var sonValue=window.showModalDialog("son.jsp");
子界面
window.retu
[网络与经济]互联网+的含义
comsci
互联网+
互联网+后面是一个人的名字 = 网络控制系统
互联网+你的名字 = 网络个人数据库
每日提示:如果人觉得不舒服,千万不要外出到处走动,就呆在床上,玩玩手游,更不能够去开车,现在交通状况不
oracle 创建视图 with check option
daizj
视图 view oralce
我们来看下面的例子:
create or replace view testview
as
select empno,ename from emp where ename like ‘M%’
with check option;
这里我们创建了一个视图,并使用了with check option来限制了视图。 然后我们来看一下视图包含的结果:
select * from testv
ToastPlugin插件在cordova3.3下使用
dibov
Cordova
自己开发的Todos应用,想实现“
再按一次返回键退出程序 ”的功能,采用网上的ToastPlugins插件,发现代码或文章基本都是老版本,运行问题比较多。折腾了好久才弄好。下面吧基于cordova3.3下的ToastPlugins相关代码共享。
ToastPlugin.java
package&nbs
C语言22个系统函数
dcj3sjt126com
c function
C语言系统函数一、数学函数下列函数存放在math.h头文件中Double floor(double num) 求出不大于num的最大数。Double fmod(x, y) 求整数x/y的余数。Double frexp(num, exp); double num; int *exp; 将num分为数字部分(尾数)x和 以2位的指数部分n,即num=x*2n,指数n存放在exp指向的变量中,返回x。D
开发一个类的流程
dcj3sjt126com
开发
本人近日根据自己的开发经验总结了一个类的开发流程。这个流程适用于单独开发的构件,并不适用于对一个项目中的系统对象开发。开发出的类可以存入私人类库,供以后复用。
以下是开发流程:
1. 明确类的功能,抽象出类的大概结构
2. 初步设想类的接口
3. 类名设计(驼峰式命名)
4. 属性设置(权限设置)
判断某些变量是否有必要作为成员属
java 并发
shuizhaosi888
java 并发
能够写出高伸缩性的并发是一门艺术
在JAVA SE5中新增了3个包
java.util.concurrent
java.util.concurrent.atomic
java.util.concurrent.locks
在java的内存模型中,类的实例字段、静态字段和构成数组的对象元素都会被多个线程所共享,局部变量与方法参数都是线程私有的,不会被共享。
Spring Security(11)——匿名认证
234390216
Spring Security ROLE_ANNOYMOUS 匿名
匿名认证
目录
1.1 配置
1.2 AuthenticationTrustResolver
对于匿名访问的用户,Spring Security支持为其建立一个匿名的AnonymousAuthenticat
NODEJS项目实践0.2[ express,ajax通信...]
逐行分析JS源代码
Ajax nodejs express
一、前言
通过上节学习,我们已经 ubuntu系统搭建了一个可以访问的nodejs系统,并做了nginx转发。本节原要做web端服务 及 mongodb的存取,但写着写着,web端就
在Struts2 的Action中怎样获取表单提交上来的多个checkbox的值
lhbthanks
java html struts checkbox
第一种方法:获取结果String类型
在 Action 中获得的是一个 String 型数据,每一个被选中的 checkbox 的 value 被拼接在一起,每个值之间以逗号隔开(,)。
所以在 Action 中定义一个跟 checkbox 的 name 同名的属性来接收这些被选中的 checkbox 的 value 即可。
以下是实现的代码:
前台 HTML 代码:
003.Kafka基本概念
nweiren
hadoop kafka
Kafka基本概念:Topic、Partition、Message、Producer、Broker、Consumer。 Topic: 消息源(Message)的分类。 Partition: Topic物理上的分组,一
Linux环境下安装JDK
roadrunners
jdk linux
1、准备工作
创建JDK的安装目录:
mkdir -p /usr/java/
下载JDK,找到适合自己系统的JDK版本进行下载:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
把JDK安装包下载到/usr/java/目录,然后进行解压:
tar -zxvf jre-7
Linux忘记root密码的解决思路
tomcat_oracle
linux
1:使用同版本的linux启动系统,chroot到忘记密码的根分区passwd改密码 2:grub启动菜单中加入init=/bin/bash进入系统,不过这时挂载的是只读分区。根据系统的分区情况进一步判断. 3: grub启动菜单中加入 single以单用户进入系统. 4:用以上方法mount到根分区把/etc/passwd中的root密码去除 例如: ro
跨浏览器 HTML5 postMessage 方法以及 message 事件模拟实现
xueyou
jsonp jquery 框架 UI html5
postMessage 是 HTML5 新方法,它可以实现跨域窗口之间通讯。到目前为止,只有 IE8+, Firefox 3, Opera 9, Chrome 3和 Safari 4 支持,而本篇文章主要讲述 postMessage 方法与 message 事件跨浏览器实现。postMessage 方法 JSONP 技术不一样,前者是前端擅长跨域文档数据即时通讯,后者擅长针对跨域服务端数据通讯,p