快速生成自签证书,
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}"
kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
通过K8S CA证书创建证书
(umask 077; openssl genrsa -out lixiang.key 2048)
openssl req -new -key test.key -out lixiang.csr -subj "/CN=${HOST}/O=${HOST}"
openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out test.crt -days 3650
openssl x509 -in test.crt -text -nooutkubectl run nginx --image=nginx --replicas=3 --dry-run -o yaml 或者 kubectl get pods/nginx -o yaml --export可以在docker的systemd启动文件中加入Environment="HTTPS_PROXY=http://www.ik8s.io:10080" Environment="NO_PROXY=127.0.0.0/8,192.168.4.0/24" 来获取gcr.io的镜像文件helm init初始化需要连接google, 可定义export HTTPS_PROXY=‘http://www.ik8s.io:10080‘ export NO_PROXY=‘127.0.0.0/8,192.168.4.0/24‘helm安装需要得tiller镜像: docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.14.3原文:https://www.cnblogs.com/blackmood/p/11356710.html