k8s - 二进制部署[阿里云]
概述
- 部署前先了解一下 k8s 需要的组件, 负责的功能和所处的位置
- 为了保证安全,k8s各组件之间通信都需要信任,这就引出了k8s从入门到放弃的证书
部署步骤
云产品
我这次是在阿里云上部署,所以包括了一些云产品
- eip 动态公网ip,和nat网关绑定后,内网服务器才可以访问公网
- nat 网关,所有k8s集群内主机通过nat网关与外界进行通信,可以简单理解成硬件设备防火墙
- vpc 虚拟专用网络,用于设计和预留所需的网段
- ecs 服务器,这个不多说了
遇到了一些问题
- 购买 vpc 和 nat 网关时要确认,该 vpc 区域是否支持 nat 网关
- 不同 vpc 区域支持的 ecs 资源型号不同,有强烈配置要求或者预算要求的同学们要注意
达到效果
- 将eip和nat绑定后,集群中所有机器能通过nat网关访问公网,用于yum和docker
[========]
待优化部分
Q:此时只能通过阿里云平台页面登录到服务器中,若希望 ssh 远程登录
- 云端可以通过购买公网ip,绑定到master实现登录
- 可以通过部署frp实现登录
- 如果纯内网部署,则需要自己准备后续所需所有的安装包
[========]
IP 和角色规划
- master 10.0.0.10
- node-01 10.0.0.20
- node-02 10.0.0.30
服务器标准化
关闭相关:关闭防火墙、关闭selinux、关闭swap准备工作:内核升级、yum升级、ipvs模块安装、常用软件安装保障:时间同步优化:修改内核参数
标准化步骤,集群任一机器都需要执行
# 关闭selinux
# 修改 /etc/sysconfig/selinux 值为 disable
# set enforce 0 # 临时修改
# getenforce # 查看
# 关闭防火墙
systemctl stop firewalld.service
systemctl disable firewalld
# 关闭swap分区
swapoff -a
# 修改/etc/fstab,注释掉 swap 相关行
# echo 'KUBELET_EXTRA_ARGS="--fail-swap-on=false"' > /etc/sysconfig/kubelet # kubelet 忽略 swap
# 做免密登录
# 参考 https://www.cnblogs.com/yangkaiyue/p/18234811
# 时间同步
*/10 * * * * ntpdate time1.aliyun.com
# 更新 yum
cp /etc/yum/repos.d/CentOS-Base.repo /etc/yum/repos.d/CentOS-Base.repo.bak
curl -o /etc/yum.repos.d/CentOS-Base.repo https://repo.huaweicloud.com/repository/conf/CentOS-7-reg.repo
yum clean all && yum makecache && yum update -y --exclud=kernel*
# 安装基础常用软件
yum install wget expect vim net-tools ntp bash-completion ipvsadm ipset jq iptables conntrack sysstat libseccomp -y
# 更新系统内核
# 下载,去这里找 https://elrepo.org/linux/kernel/el7/x86_64/RPMS
wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-lt-5.4.277-1.el7.elrepo.x86_64.rpm
wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-lt-devel-5.4.276-1.el7.elrepo.x86_64.rpm
# 安装
yum localinstall -y kernel-lt*
# 调到默认启动
grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg
# 查看当前默认启动的内核
grubby --default-kernel
# 重启
reboot
# 安装IPVS
yum install -y conntrack-tools ipvsadm ipset conntrack libseccomp
# 加载IPVS模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in \${ipvs_modules}; do
/sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/modprobe \${kernel_module}
fi
done
EOF
# 引用模块并设置自动引用
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
# 修改内核启动参数
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp.keepaliv.probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp.max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp.max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.top_timestamps = 0
net.core.somaxconn = 16384
EOF
# 立即生效
sysctl --system
[========]
待优化部分
- 由于是阿里云,所以标准化只有一部分,如果是自己的服务器,还需根据各自配置进行内核参数优化
- 可以将该步骤整理为脚本,一键优化
[========]
安装docker
centos
# 安装
yum install -y yum-utils device-mapper-persistent-data lvm2
wget -O /etc/yum.repos.d/docker-ce.repo https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo
yum clean all && yum makecache
yum -y install docker-ce
# 镜像优化
# 产品 --> 镜像容器服务 --> 镜像工具 --> 镜像加速器 --> CentOS
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://oylk2x3t.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
如果docker-ce.repo yum源显示不能用,替换如下内容重试
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-edge]
name=Docker CE Edge - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[========]
优化
- 如果纯内网环境或者对docker版本有要求,需要准备docker安装包,并且补充线下环境安装文档
[========]
CA
很多人都是难在这里,大概解释一下
- CA 是一个可以信任的机构
- CA 根证书就是 CA 的公钥,其他证书是根据 CA证书进行签发的,根据同一CA(或者继承CA)签发的证书都是互信的
- 创建证书需要两个内容,一个是证书配置(xx-conf.json),另一个是证书请求(xx-csr.json),然后通过签发工具进行签发
- 签发工具有 openssl cfssl 等,k8s 常用的一般是 cfssl
签发工具
# 下载
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
# 加权限
chmod +x cfssl_linux-amd64
chmod +x cfssljson_linux-amd64
# 移到可执行目录
mv cfssl_linux-amd64 /usr/local/bin
mv cfssljson_linux-amd64 /usr/local/bin
签发根证书(CA证书)
# /opt/cert/ca 作为临时目录
mkdir -p /opt/cert/ca
# 证书配置文件
# signing 认证
# key encipherment 私钥
# server auth 服务端认证
# client auth 客户端认证
cat > /opt/cert/ca/ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"kubernetes": {
"usages": ["signing","key encipherment","server auth","client auth"],
"expiry": "8760h"
}
}
}
}
EOF
# 证书请求文件
# C 国家
# ST 省份
# T 城市
# O 公司
# OU 部门
# CN 产品线
cat > /opt/cert/ca/ca-csr.json << EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names":[{
"C": "CN",
"ST": "ShangHai",
"L": "ShangHai",
}]
}
EOF
# 执行签发
# 生成文件
# ca-key.pem:根证书私钥
# ca.pem:根证书
# ca.csr:根证书请求签名文件
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
etcd
签发 etcd 证书
# /opt/cert/etcd 作为临时目录
# hosts 字段包含所有节点ip
cat > /opt/cert/etcd/etcd-csr.json << EOF
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
"10.0.0.10",
"10.0.0.20",
"10.0.0.30",
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "ShangHai",
"L": "ShangHai"
}
]
}
EOF
# 生成 etcd 证书
cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes etcd-csr.json | cfssljson -bare etcd
# 分发证书
# 使用 /etc/etcd/ssl 作为存放目录,将 ca 中 *.pem 和 etcd 中 *.pem 都放进来
部署服务
一般情况下 etcd 会部署到 master 节点上
# 下载安装包
wget https://mirrors.huaweicloud.com/etcd/v3.3.24/etcd-v3.3.24-linux-amd64.tar.gz
# 解压
tar xf etcd-v3.3.24-linux-amd64
# 复制命令到执行目录(所有etcd主机)
cp etcd-v3.3.24-linux-amd64/etcd* /usr/local/bin/
# 在所有master节点上执行
mkdir -pv /etc/kubernetes/conf/etcd
注册服务
ETCD_NAME=`hostname`
INTERNAL_IP="10.0.0.10"
# master是主机名
INITIAL_CLUSTER="master=https://10.0.0.10:2380"
cat << EOF | sudo tee /usr/lib/systemd/system/etcd.service
[Unit]
Description=etcd
Documentation=https://github.com/coreos
[Service]
# --name 本member的名字
# --initial-advertise-peer-urls 其他member和自己通信时使用
# --listen-client-urls client和自己通信时使用
# --listen-peer-urls 监听其他member通信
# --listen-client-urls 监听client通信
# --initial-cluster-token etcd-cluster 区分不同集群
# --initial-cluster-state new 声明是否为新集群,参考值 new|existing
# --initial-cluster 描述所有节点,根据此信息联系其他节点 --initial-cluster etcd0=http://192.168.2.55:2380,etcd1=http://192.168.2.54:2380
ExecStart=/usr/local/bin/etcd \\
--name ${ETCD_NAME} \\
--cert-file=/etc/etcd/ssl/etcd.pem \\
--key-file=/etc/etcd/ssl/etcd-key.pem \\
--peer-cert-file=/etc/etcd/ssl/etcd.pem \\
--peer-key-file=/etc/etcd/ssl/etcd-key.pem \\
--trusted-ca-file=/etc/etcd/ssl/ca.pem \\
--peer-trusted-ca-file=/etc/etcd/ssl/ca.pem \\
--peer-client-cert-auth \\
--client-cert-auth \\
--initial-advertise-peer-urls https://${INTERNAL_IP}:2380 \\
--listen-client-urls https://${INTERNAL_IP}:2379,https://127.0.0.1:2379 \\
--listen-peer-urls https://${INTERNAL_IP}:2380 \\
--advertise-client-urls https://${INTERNAL_IP}:2379 \\
--initial-cluster-token etcd-cluster \\
--initial-cluster ${INITIAL_CLUSTER} \\
--initial-cluster-state new \\
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
# 启动ETCD服务
systemctl start etcd
systemctl enable etcd
验证
# 第一种方式
ETCDCTL_API=3 etcdctl \
--cacert=/etc/etcd/ssl/etcd.pem \
--cert=/etc/etcd/ssl/etcd.pem \
--key=/etc/etcd/ssl/etcd-key.pem \
--endpoints="https://10.0.0.10:2379" \
endpoint status --write-out='table'
# 第二种方式
ETCDCTL_API=3 etcdctl \
--cacert=/etc/etcd/ssl/etcd.pem \
--cert=/etc/etcd/ssl/etcd.pem \
--key=/etc/etcd/ssl/etcd-key.pem \
--endpoints="https://10.0.0.10:2379" \
member list --write-out='table'
# 验证示例
[root@master ssl]# ETCDCTL_API=3 etcdctl --cacert=/etc/etcd/ssl/etcd.pem --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem --endpoints="https://10.0.0.10:2379" endpoint status --write-out='table'
+------------------------+-----------------+---------+---------+-----------+-----------+------------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
+------------------------+-----------------+---------+---------+-----------+-----------+------------+
| https://10.0.0.10:2379 | 3b17aaa147134dd | 3.3.24 | 16 kB | true | 2 | 4 |
+------------------------+-----------------+---------+---------+-----------+-----------+------------+
[root@master ~]# etcd --version
etcd Version: 3.3.24
Git SHA: bdd57848d
Go Version: go1.12.17
Go OS/Arch: linux/amd64
[========]
问题
- 签发etcd证书时,hosts配置段”所有节点“是etcd集群所有节点还是k8s所有节点
- 如果添加节点,是否需要重新签发该证书,如何操作
- /etc/kubernetes/conf/etcd 这个目录的作用
优化
- 是否可以使用docker安装etcd(制作镜像,打包等工作)
[========]
k8s集群
签发 api-server 证书
编辑请求文件+签发
mkdir /opt/cert/k8s
cat > /opt/cert/k8s/apiserver-csr.json << EOF
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"10.0.0.10",
"10.0.0.20",
"10.0.0.30",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "ShangHai",
"ST": "ShangHai"
}
]
}
EOF
[root@master k8s]# cfssl gencert -ca ../ca/ca.pem -ca-key ../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes apiserver-csr.json | cfssljson -bare apiserver
2024/06/06 02:31:03 [INFO] generate received request
2024/06/06 02:31:03 [INFO] received CSR
2024/06/06 02:31:03 [INFO] generating key: rsa-2048
2024/06/06 02:31:03 [INFO] encoded CSR
2024/06/06 02:31:03 [INFO] signed certificate with serial number 557394068489830964640071197282989587628110442011
2024/06/06 02:31:03 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[========]
问题
- 请求文件中的非ip配置是否必填,填其他的有没有用,后续作用是什么
[========]
签发 scheduler 证书
编辑请求文件+签发
cat > /opt/cert/k8s/kube-controller-manager-csr.json << EOF
{
"CN": "system:kube-controller-manager",
"hosts": [
"127.0.0.1",
"10.0.0.10",
"10.0.0.20",
"10.0.0.30"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "ShangHai",
"L": "ShangHai",
"O": "System",
"OU": "system:kube-controller-manager"
}
]
}
EOF
[root@master k8s]# cfssl gencert -ca ../ca/ca.pem -ca-key ../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
2024/06/06 02:47:03 [INFO] generate received request
2024/06/06 02:47:03 [INFO] received CSR
2024/06/06 02:47:03 [INFO] generating key: rsa-2048
2024/06/06 02:47:03 [INFO] encoded CSR
2024/06/06 02:47:03 [INFO] signed certificate with serial number 226372380520580811572224409225582048871883372273
2024/06/06 02:47:03 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
签发 controller-manager 证书
编辑请求文件+签发
cat > /opt/cert/k8s/kube-scheduler-csr.json << EOF
{
"CN": "system:kube-scheduler",
"hosts": [
"127.0.0.1",
"10.0.0.10",
"10.0.0.20",
"10.0.0.30"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "ShangHai",
"L": "ShangHai",
"O": "System",
"OU": "system:kube-scheduler"
}
]
}
EOF
[root@master k8s]# cfssl gencert -ca ../ca/ca.pem -ca-key ../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
2024/06/06 02:49:02 [INFO] generate received request
2024/06/06 02:49:02 [INFO] received CSR
2024/06/06 02:49:02 [INFO] generating key: rsa-2048
2024/06/06 02:49:03 [INFO] encoded CSR
2024/06/06 02:49:03 [INFO] signed certificate with serial number 58249715503468500807936900491069268842572535004
2024/06/06 02:49:03 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
签发 kube-proxy 证书
编辑请求文件+签发
cat > /opt/cert/k8s/kube-proxy-csr.json << EOF
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "ShangHai",
"L": "ShangHai",
"O": "System",
"OU": "system:kube-proxy"
}
]
}
EOF
[root@master k8s]# cfssl gencert -ca ../ca/ca.pem -ca-key ../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
2024/06/06 02:58:11 [INFO] generate received request
2024/06/06 02:58:11 [INFO] received CSR
2024/06/06 02:58:11 [INFO] generating key: rsa-2048
2024/06/06 02:58:11 [INFO] encoded CSR
2024/06/06 02:58:11 [INFO] signed certificate with serial number 327340135658261424119687228141151273303797638362
2024/06/06 02:58:11 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
签发 admin 证书
编辑请求文件+签发
cat > /opt/cert/k8s/admin-csr.json << EOF
{
"CN": "admin",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "ShangHai",
"L": "ShangHai",
"O": "System",
"OU": "system:admin"
}
]
}
EOF
[root@master k8s]# cfssl gencert -ca ../ca/ca.pem -ca-key ../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
2024/06/06 03:00:53 [INFO] generate received request
2024/06/06 03:00:53 [INFO] received CSR
2024/06/06 03:00:53 [INFO] generating key: rsa-2048
2024/06/06 03:00:53 [INFO] encoded CSR
2024/06/06 03:00:53 [INFO] signed certificate with serial number 560570762215518106998861592161303850708073823699
2024/06/06 03:00:53 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
签发 kubelet 证书
# 分发所有 pem 文件到各 node 主机的 /etc/k8s/ssl/ 下
签发 tls 证书
服务
欢迎加 1092845214 交流沟通呀~
本文来自博客园,作者:难德糊涂,转载请注明原文链接:https://www.cnblogs.com/yangkaiyue/p/18234157
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· Docker 太简单,K8s 太复杂?w7panel 让容器管理更轻松!