编辑
2022-05-18
探索与发现
00

前言

在 Kubernetes 上使用 Cert Manager 的 ACME DNS Challenge 方式能够很轻松的为域名签发一张受信任的泛域名证书。然而由于 ACME-DNS 为了能够验证域名的所有权需要修改 DNS 记录,因此需要提供 DNS 服务商的 API Secret,如果它被泄漏了呢?

更安全的实现

简单来说就是实现通过 A 域名为 B 域名申请证书。

在下面的例子中,我们使用 acme.exampleacmeverify.info 为 example.net 生成一张泛域名证书。你可以将 acme.exampleacmeverify.info 单独托管到一个 DNS 服务商(本文中将其单独托管到阿里云),从而无需使用 example.net 的 API Secret.

编辑
2022-02-18
探索与发现
00

有没有办法让同一个客户端的请求落在同一个 Pod 上面?

在回答这个问题之前我们先来看看 Ngin

编辑
2021-12-22
知识库
00

Infrastructure updates

Containerd

Bash
编辑
2021-12-22
知识库
00

In this section, I will show how to deploy Kubernetes 1.21 with Calico CNI plugin.

Please ensure that you have a sufficient number of nodes prepared and have already installed Ubuntu Server 20.04.

The same deployment method is applicable at least until version 1.23 and has been verified to be upgradable to the current latest version 1.27 in subsequent articles.

Add a Model

The model holds a specific deployment. It is a good idea to create a new one specifically for each deployment.

Bash
juju add-model k8s-lab

Remember that you can have multiple models on each controller, so you can deploy multiple Kubernetes clusters, or other applications.

编辑
2021-12-22
知识库
00

This section will cover how to deploy a Controller in a bare-metal environment.

For The official documentation is already well-prepared for public cloud environments. If you are not deploying in a bare-metal environment, Please refer to https://ubuntu.com/kubernetes/docs for more information.

Install Juju

Juju is a tool that helps automate the deployment, configuration, and management of applications in cloud environments. It makes it easier to manage multiple applications and their interactions within the cloud.

Bash
sudo snap install juju --channel=2.9 --classic