├── .gitignore ├── README.md ├── all-in-one ├── echo-all-in-one.yaml ├── envoy-all-in-one.yaml ├── iperf-server-all-in-one.yaml ├── kong-all-in-one.yaml ├── kong-ingress-controller.only.yaml ├── nginx-tranproxy.yaml ├── webshell-all-in-one.yaml └── websocket-all-in-one.yaml ├── api-v1-example ├── namespace.json ├── pod-sshproxy.json ├── resourcequotas.json ├── secrets-registry.local.json ├── webshell-rc.json └── webshell-service.json ├── ingress-nginx ├── 00-basic │ └── basic-echo-example-ingress.yaml ├── 01-tls │ ├── 01-create-cert.sh │ ├── ca.crt │ ├── ca.key │ ├── server.crt │ ├── server.csr │ ├── server.key │ └── tls-echo-example-ingress.yaml ├── 02-auth-basic │ ├── 01-create-user.sh │ ├── auth │ └── auth-basic-ingress.yaml ├── 03-auth-cert │ ├── 01-create-cert.sh │ ├── auth-cert-ingress.yaml │ ├── ca.crt │ ├── ca.key │ ├── client.crt │ ├── client.csr │ ├── client.key │ ├── server.crt │ ├── server.csr │ └── server.key ├── 04-auth-basic-ext │ └── auth-basic-ext-ingress.yaml ├── 05-1-external-svc │ ├── external-github-oauth2-proxy.yaml │ ├── github-oauth-proxy.yaml │ └── start-github-oauth2-proxy.sh ├── 05-2-auth-oauth-ext │ ├── 01-create-cert.sh │ ├── 02-github-oauth2-proxy.sh │ ├── auth-oauth2-ext-ingress.yaml │ ├── ca.crt │ ├── ca.key │ ├── external-github-oauth2-proxy.yaml │ ├── github-oauth-proxy.yaml │ ├── server.crt │ ├── server.csr │ └── server.key ├── 06-rewrite │ ├── app-root-echo-example-ingress.yaml │ └── rewrite-echo-example-ingress.yaml ├── 07-mirror-2 │ ├── http-record.yaml │ ├── mirror2-echo-example-ingress.yaml │ └── mirror3-echo-example-ingress.yaml ├── 07-mirror │ ├── http-record.yaml │ └── mirror-echo-example-ingress.yaml ├── 08-ratelimit │ ├── nginx.conf │ └── ratelimit-echo-example-ingress.yaml ├── 09-canary │ ├── canary-master-echo-example-ingress.yaml │ └── canary-version-echo-example-ingress.yaml └── ingress-nginx-0.25.1.yaml ├── kong-crd ├── 0.14.3 │ ├── 01_echo_user1_auth_plugins.yaml │ ├── 02_echo_security_plugins.yaml │ └── 03_echo_http_rewrite_plugin.yaml └── 1.0.3 │ ├── 01_echo_user1_auth_plugins.yaml │ ├── 02_echo_security_plugins.yaml │ ├── 03_echo_redirect_plugin.yaml │ ├── 04_log_plugins.yaml │ ├── 05_http_transformer.yaml │ ├── 06_monitor.yaml │ ├── 07_rate_limit.yaml │ ├── 08_trace.yaml │ └── kongingress-demo-echo.yaml ├── kong-deploy ├── kong-dashboard.yaml └── kong-ingress-controller-0.3.0-with-kong-1.0.3.yaml └── kubelet_manifests └── v1.12.1 ├── admin.conf ├── controller-manager.conf ├── kubelet.conf ├── manifests ├── etcd.yaml ├── kube-apiserver.yaml ├── kube-controller-manager.yaml └── kube-scheduler.yaml ├── pki ├── apiserver-etcd-client.crt ├── apiserver-etcd-client.key ├── apiserver-kubelet-client.crt ├── apiserver-kubelet-client.key ├── apiserver.crt ├── apiserver.key ├── ca.crt ├── ca.key ├── etcd │ ├── ca.crt │ ├── ca.key │ ├── healthcheck-client.crt │ ├── healthcheck-client.key │ ├── peer.crt │ ├── peer.key │ ├── server.crt │ └── server.key ├── front-proxy-ca.crt ├── front-proxy-ca.key ├── front-proxy-client.crt ├── front-proxy-client.key ├── sa.key └── sa.pub └── scheduler.conf /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | title: README 4 | author: lijiaocn 5 | createdate: 2018/07/12 14:09:00 6 | changedate: 2018/07/12 14:12:39 7 | 8 | --- 9 | 10 | 整理的一些kubernetes的资源yaml。 11 | -------------------------------------------------------------------------------- /all-in-one/echo-all-in-one.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: demo-echo 6 | generateName: demo-echo 7 | labels: 8 | name: demo-echo 9 | purpose: "API_Gateway_Test" 10 | annotations: 11 | describe: "be used in API Gateway test" 12 | --- 13 | apiVersion: extensions/v1beta1 14 | kind: Ingress 15 | metadata: 16 | name: ingress-echo 17 | namespace: demo-echo 18 | spec: 19 | rules: 20 | - host: echo.example 21 | http: 22 | paths: 23 | - path: / 24 | backend: 25 | serviceName: echo 26 | servicePort: 80 27 | --- 28 | apiVersion: v1 29 | kind: Service 30 | metadata: 31 | name: echo 32 | namespace: demo-echo 33 | spec: 34 | # type: ClusterIP 35 | type: NodePort 36 | ports: 37 | - name: echo 38 | port: 80 39 | targetPort: 8080 40 | protocol: TCP 41 | - name: ssh 42 | port: 22 43 | targetPort: 22 44 | protocol: TCP 45 | selector: 46 | app: echo 47 | --- 48 | apiVersion: apps/v1beta1 #1.8 v1beta1 49 | kind: Deployment 50 | metadata: 51 | name: echo 52 | namespace: demo-echo 53 | spec: 54 | replicas: 1 55 | selector: 56 | matchLabels: 57 | app: echo 58 | template: 59 | metadata: 60 | labels: 61 | name: echo 62 | app: echo 63 | spec: 64 | containers: 65 | - name: echo 66 | image: mirrorgooglecontainers/echoserver:1.8 67 | resources: 68 | limits: 69 | cpu: 1 70 | memory: 128Mi 71 | requests: 72 | cpu: 0.1 73 | memory: 32Mi 74 | readinessProbe: 75 | failureThreshold: 3 76 | httpGet: 77 | path: /ping 78 | port: 8080 79 | scheme: HTTP 80 | initialDelaySeconds: 10 81 | periodSeconds: 5 82 | successThreshold: 1 83 | timeoutSeconds: 10 84 | livenessProbe: 85 | tcpSocket: 86 | port: 8080 87 | initialDelaySeconds: 5 88 | timeoutSeconds: 5 89 | periodSeconds: 10 90 | successThreshold: 1 91 | failureThreshold: 3 92 | imagePullPolicy: IfNotPresent 93 | securityContext: 94 | privileged: false 95 | runAsNonRoot: false 96 | stdin: false 97 | stdinOnce: false 98 | tty: false 99 | - name: sshproxy 100 | image: lijiaocn/sshproxy:1.0 101 | env: 102 | - name: ROOTPASS 103 | value: '123456' 104 | resources: 105 | limits: 106 | cpu: 2 107 | memory: 128Mi 108 | requests: 109 | cpu: 0.1 110 | memory: 32Mi 111 | livenessProbe: 112 | tcpSocket: 113 | port: 22 114 | initialDelaySeconds: 5 115 | timeoutSeconds: 5 116 | imagePullPolicy: IfNotPresent 117 | securityContext: 118 | privileged: false 119 | runAsNonRoot: false 120 | stdin: false 121 | stdinOnce: false 122 | tty: false 123 | restartPolicy: Always 124 | dnsPolicy: Default 125 | serviceAccountName: default 126 | hostNetwork: false 127 | hostPID: false 128 | hostIPC: false 129 | -------------------------------------------------------------------------------- /all-in-one/envoy-all-in-one.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: gateway-envoy 6 | generateName: gateway 7 | labels: 8 | name: gateway-envoy 9 | purpose: "gateway-envoy" 10 | annotations: 11 | describe: "gateway-envoy" 12 | --- 13 | apiVersion: v1 14 | kind: ConfigMap 15 | metadata: 16 | name: envoy-v1 17 | namespace: gateway-envoy 18 | data: 19 | envoy.yaml: | 20 | node: 21 | cluster: "dev-cluster" 22 | id: "group1-v1.11.1" 23 | #runtime: 24 | # symlink_root: /srv/runtime/current 25 | # subdirectory: envoy 26 | # override_subdirectory: envoy_override 27 | watchdog: 28 | miss_timeout: 0.2s 29 | megamiss_timeout: 1s 30 | kill_timeout: 0s 31 | multikill_timeout: 0s 32 | flags_path: /etc/envoy/flags/ 33 | stats_flush_interval: 5s 34 | stats_config: 35 | use_all_default_tags: true 36 | stats_sinks: 37 | name: envoy.stat_sinks.hystrix 38 | config: 39 | num_buckets: 10 40 | admin: 41 | access_log_path: /var/log/envoy/admin_access.log 42 | profile_path: /var/log/envoy/envoy.prof 43 | address: 44 | socket_address: 45 | protocol: TCP 46 | address: 0.0.0.0 47 | port_value: 9901 48 | dynamic_resources: 49 | ads_config: 50 | api_type: GRPC 51 | grpc_services: 52 | envoy_grpc: 53 | cluster_name: ads_cluster 54 | cds_config: {ads: {}} 55 | lds_config: {ads: {}} 56 | static_resources: 57 | clusters: 58 | - name: ads_cluster 59 | connect_timeout: 0.25s 60 | type: STATIC 61 | lb_policy: ROUND_ROBIN 62 | http2_protocol_options: {} 63 | load_assignment: 64 | cluster_name: ads_cluster 65 | endpoints: 66 | - lb_endpoints: 67 | - endpoint: 68 | address: 69 | socket_address: 70 | address: 192.168.99.1 71 | port_value: 5678 72 | --- 73 | apiVersion: extensions/v1beta1 74 | kind: DaemonSet 75 | metadata: 76 | name: envoy-v1.11.1 77 | namespace: gateway-envoy 78 | spec: 79 | selector: 80 | matchLabels: 81 | app: envoy-v1.11.1 82 | template: 83 | metadata: 84 | labels: 85 | app: envoy-v1.11.1 86 | spec: 87 | containers: 88 | - name: nginx-ingress-controller 89 | image: envoyproxy/envoy:v1.11.1 90 | imagePullPolicy: IfNotPresent 91 | env: 92 | - name: loglevel 93 | value: info 94 | ports: 95 | - containerPort: 9901 96 | hostPort: 9901 97 | name: admin 98 | protocol: TCP 99 | - containerPort: 8080 100 | hostPort: 8080 101 | name: http 102 | protocol: TCP 103 | - containerPort: 8443 104 | hostPort: 8443 105 | name: https 106 | protocol: TCP 107 | volumeMounts: 108 | - name: envoy-v1-volume 109 | mountPath: /etc/envoy 110 | - name: admin-log-volume 111 | mountPath: /var/log/envoy 112 | volumes: 113 | - name: admin-log-volume 114 | hostPath: 115 | path: /data/log/envoy 116 | type: Directory 117 | - name: envoy-v1-volume 118 | configMap: 119 | name: envoy-v1 120 | items: 121 | - key: envoy.yaml 122 | path: envoy.yaml 123 | dnsPolicy: ClusterFirst 124 | hostNetwork: true 125 | nodeSelector: 126 | applyinfo: gateway-envoy 127 | -------------------------------------------------------------------------------- /all-in-one/iperf-server-all-in-one.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: demo-iperf 6 | generateName: demo-iperf 7 | labels: 8 | name: demo-iperf 9 | purpose: "iperf_server" 10 | annotations: 11 | describe: "be used in API Gateway test" 12 | status: 13 | phase: '' 14 | --- 15 | apiVersion: v1 16 | kind: Service 17 | metadata: 18 | name: iperf-server 19 | namespace: demo-iperf 20 | spec: 21 | type: ClusterIP 22 | ports: 23 | - name: iperf-server 24 | port: 5001 25 | targetPort: 5001 26 | protocol: TCP 27 | - name: ssh 28 | port: 22 29 | targetPort: 22 30 | protocol: TCP 31 | selector: 32 | app: iperf-server 33 | --- 34 | apiVersion: apps/v1 35 | kind: Deployment 36 | metadata: 37 | name: iperf-server 38 | namespace: demo-iperf 39 | spec: 40 | replicas: 1 41 | selector: 42 | matchLabels: 43 | app: iperf-server 44 | template: 45 | metadata: 46 | labels: 47 | name: iperf-server 48 | app: iperf-server 49 | spec: 50 | containers: 51 | - name: iperf-server 52 | image: lijiaocn/iperf-server:1.0 53 | resources: 54 | limits: 55 | cpu: 1 56 | memory: 1024Mi 57 | requests: 58 | cpu: 0.1 59 | memory: 512Mi 60 | livenessProbe: 61 | tcpSocket: 62 | port: 5001 63 | initialDelaySeconds: 5 64 | timeoutSeconds: 5 65 | periodSeconds: 10 66 | successThreshold: 1 67 | failureThreshold: 3 68 | imagePullPolicy: IfNotPresent 69 | securityContext: 70 | privileged: false 71 | runAsNonRoot: false 72 | stdin: false 73 | stdinOnce: false 74 | tty: false 75 | - name: sshproxy 76 | image: lijiaocn/sshproxy:1.0 77 | env: 78 | - name: ROOTPASS 79 | value: '123456' 80 | resources: 81 | limits: 82 | cpu: 2 83 | memory: 128Mi 84 | requests: 85 | cpu: 0.1 86 | memory: 32Mi 87 | livenessProbe: 88 | tcpSocket: 89 | port: 22 90 | initialDelaySeconds: 5 91 | timeoutSeconds: 5 92 | imagePullPolicy: IfNotPresent 93 | securityContext: 94 | privileged: false 95 | runAsNonRoot: false 96 | stdin: false 97 | stdinOnce: false 98 | tty: false 99 | restartPolicy: Always 100 | dnsPolicy: Default 101 | serviceAccountName: default 102 | hostNetwork: false 103 | hostPID: false 104 | hostIPC: false 105 | -------------------------------------------------------------------------------- /all-in-one/kong-all-in-one.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: kongplugins.configuration.konghq.com 5 | spec: 6 | group: configuration.konghq.com 7 | version: v1 8 | scope: Namespaced 9 | names: 10 | kind: KongPlugin 11 | plural: kongplugins 12 | shortNames: 13 | - kp 14 | 15 | --- 16 | 17 | apiVersion: apiextensions.k8s.io/v1beta1 18 | kind: CustomResourceDefinition 19 | metadata: 20 | name: kongconsumers.configuration.konghq.com 21 | spec: 22 | group: configuration.konghq.com 23 | version: v1 24 | scope: Namespaced 25 | names: 26 | kind: KongConsumer 27 | plural: kongconsumers 28 | shortNames: 29 | - kc 30 | 31 | --- 32 | 33 | apiVersion: apiextensions.k8s.io/v1beta1 34 | kind: CustomResourceDefinition 35 | metadata: 36 | name: kongcredentials.configuration.konghq.com 37 | spec: 38 | group: configuration.konghq.com 39 | version: v1 40 | scope: Namespaced 41 | names: 42 | kind: KongCredential 43 | plural: kongcredentials 44 | 45 | --- 46 | 47 | apiVersion: apiextensions.k8s.io/v1beta1 48 | kind: CustomResourceDefinition 49 | metadata: 50 | name: kongingresses.configuration.konghq.com 51 | spec: 52 | group: configuration.konghq.com 53 | version: v1 54 | scope: Namespaced 55 | names: 56 | kind: KongIngress 57 | plural: kongingresses 58 | shortNames: 59 | - ki 60 | 61 | --- 62 | 63 | apiVersion: v1 64 | kind: Namespace 65 | metadata: 66 | name: kong 67 | 68 | --- 69 | 70 | apiVersion: v1 71 | kind: ServiceAccount 72 | metadata: 73 | name: kong-serviceaccount 74 | namespace: kong 75 | 76 | --- 77 | 78 | apiVersion: rbac.authorization.k8s.io/v1beta1 79 | kind: ClusterRole 80 | metadata: 81 | name: kong-ingress-clusterrole 82 | rules: 83 | - apiGroups: 84 | - "" 85 | resources: 86 | - endpoints 87 | - nodes 88 | - pods 89 | - secrets 90 | verbs: 91 | - list 92 | - watch 93 | - apiGroups: 94 | - "" 95 | resources: 96 | - nodes 97 | verbs: 98 | - get 99 | - apiGroups: 100 | - "" 101 | resources: 102 | - services 103 | verbs: 104 | - get 105 | - list 106 | - watch 107 | - apiGroups: 108 | - "extensions" 109 | resources: 110 | - ingresses 111 | verbs: 112 | - get 113 | - list 114 | - watch 115 | - apiGroups: 116 | - "" 117 | resources: 118 | - events 119 | verbs: 120 | - create 121 | - patch 122 | - apiGroups: 123 | - "extensions" 124 | resources: 125 | - ingresses/status 126 | verbs: 127 | - update 128 | - apiGroups: 129 | - "configuration.konghq.com" 130 | resources: 131 | - kongplugins 132 | - kongcredentials 133 | - kongconsumers 134 | - kongingresses 135 | verbs: 136 | - get 137 | - list 138 | - watch 139 | 140 | --- 141 | 142 | apiVersion: rbac.authorization.k8s.io/v1beta1 143 | kind: ClusterRoleBinding 144 | metadata: 145 | name: kong-ingress-clusterrole-nisa-binding 146 | roleRef: 147 | apiGroup: rbac.authorization.k8s.io 148 | kind: ClusterRole 149 | name: kong-ingress-clusterrole 150 | subjects: 151 | - kind: ServiceAccount 152 | name: kong-serviceaccount 153 | namespace: kong 154 | 155 | --- 156 | 157 | apiVersion: rbac.authorization.k8s.io/v1beta1 158 | kind: Role 159 | metadata: 160 | name: kong-ingress-role 161 | namespace: kong 162 | rules: 163 | - apiGroups: 164 | - "" 165 | resources: 166 | - configmaps 167 | - pods 168 | - secrets 169 | - namespaces 170 | verbs: 171 | - get 172 | - apiGroups: 173 | - "" 174 | resources: 175 | - configmaps 176 | resourceNames: 177 | # Defaults to "-" 178 | # Here: "-" 179 | # This has to be adapted if you change either parameter 180 | # when launching the nginx-ingress-controller. 181 | - "ingress-controller-leader-nginx" 182 | verbs: 183 | - get 184 | - update 185 | - apiGroups: 186 | - "" 187 | resources: 188 | - configmaps 189 | verbs: 190 | - create 191 | - apiGroups: 192 | - "" 193 | resources: 194 | - endpoints 195 | verbs: 196 | - get 197 | 198 | --- 199 | 200 | apiVersion: rbac.authorization.k8s.io/v1beta1 201 | kind: RoleBinding 202 | metadata: 203 | name: kong-ingress-role-nisa-binding 204 | namespace: kong 205 | roleRef: 206 | apiGroup: rbac.authorization.k8s.io 207 | kind: Role 208 | name: kong-ingress-role 209 | subjects: 210 | - kind: ServiceAccount 211 | name: kong-serviceaccount 212 | namespace: kong 213 | 214 | --- 215 | 216 | 217 | apiVersion: v1 218 | kind: Service 219 | metadata: 220 | name: kong-ingress-controller 221 | namespace: kong 222 | spec: 223 | type: NodePort 224 | ports: 225 | - name: kong-admin 226 | port: 8001 227 | targetPort: 8001 228 | protocol: TCP 229 | selector: 230 | app: ingress-kong 231 | 232 | --- 233 | 234 | apiVersion: v1 235 | kind: Service 236 | metadata: 237 | name: postgres 238 | namespace: kong 239 | spec: 240 | ports: 241 | - name: pgql 242 | port: 5432 243 | targetPort: 5432 244 | protocol: TCP 245 | selector: 246 | app: postgres 247 | 248 | --- 249 | 250 | apiVersion: apps/v1beta1 # for k8s versions before 1.9.0 use apps/v1beta2 and before 1.8.0 use extensions/v1beta1 251 | kind: StatefulSet 252 | metadata: 253 | name: postgres 254 | namespace: kong 255 | spec: 256 | serviceName: "postgres" 257 | replicas: 1 258 | selector: 259 | matchLabels: 260 | app: postgres 261 | template: 262 | metadata: 263 | labels: 264 | app: postgres 265 | spec: 266 | containers: 267 | - name: postgres 268 | image: postgres:9.5 269 | env: 270 | - name: POSTGRES_USER 271 | value: kong 272 | - name: POSTGRES_PASSWORD 273 | value: kong 274 | - name: POSTGRES_DB 275 | value: kong 276 | - name: PGDATA 277 | value: /var/lib/postgresql/data/pgdata 278 | ports: 279 | - containerPort: 5432 280 | # No pre-stop hook is required, a SIGTERM plus some time is all that's 281 | # needed for graceful shutdown of a node. 282 | terminationGracePeriodSeconds: 60 283 | # volumes: 284 | # - name: datadir 285 | # persistentVolumeClaim: 286 | # claimName: datadir 287 | # volumeClaimTemplates: 288 | # - metadata: 289 | # name: datadir 290 | # spec: 291 | # accessModes: 292 | # - "ReadWriteOnce" 293 | # resources: 294 | # requests: 295 | # storage: 1Gi 296 | 297 | --- 298 | 299 | apiVersion: extensions/v1beta1 300 | kind: Deployment 301 | metadata: 302 | labels: 303 | app: ingress-kong 304 | name: kong-ingress-controller 305 | namespace: kong 306 | spec: 307 | selector: 308 | matchLabels: 309 | app: ingress-kong 310 | strategy: 311 | rollingUpdate: 312 | maxSurge: 1 313 | maxUnavailable: 0 314 | type: RollingUpdate 315 | template: 316 | metadata: 317 | annotations: 318 | # the returned metrics are related to the kong ingress controller not kong itself 319 | prometheus.io/port: "10254" 320 | prometheus.io/scrape: "true" 321 | labels: 322 | app: ingress-kong 323 | spec: 324 | serviceAccountName: kong-serviceaccount 325 | initContainers: 326 | - name: kong-migration 327 | image: kong:0.14.1-centos 328 | env: 329 | - name: KONG_PG_PASSWORD 330 | value: kong 331 | - name: KONG_PG_HOST 332 | value: postgres 333 | command: [ "/bin/sh", "-c", "kong migrations up" ] 334 | containers: 335 | - name: admin-api 336 | image: kong:0.14.1-centos 337 | env: 338 | - name: KONG_PG_PASSWORD 339 | value: kong 340 | - name: KONG_PG_HOST 341 | value: postgres 342 | - name: KONG_ADMIN_ACCESS_LOG 343 | value: /dev/stdout 344 | - name: KONG_ADMIN_ERROR_LOG 345 | value: /dev/stderr 346 | - name: KONG_ADMIN_LISTEN 347 | value: 0.0.0.0:8001 348 | - name: KONG_PROXY_LISTEN 349 | value: 'off' 350 | ports: 351 | - name: kong-admin 352 | containerPort: 8001 353 | livenessProbe: 354 | failureThreshold: 3 355 | httpGet: 356 | path: /status 357 | port: 8001 358 | scheme: HTTP 359 | initialDelaySeconds: 30 360 | periodSeconds: 10 361 | successThreshold: 1 362 | timeoutSeconds: 1 363 | readinessProbe: 364 | failureThreshold: 3 365 | httpGet: 366 | path: /status 367 | port: 8001 368 | scheme: HTTP 369 | periodSeconds: 10 370 | successThreshold: 1 371 | timeoutSeconds: 1 372 | - name: ingress-controller 373 | args: 374 | - /kong-ingress-controller 375 | # the kong URL points to the kong admin api server 376 | - --kong-url=http://localhost:8001 377 | # the default service is the kong proxy service 378 | - --default-backend-service=kong/kong-proxy 379 | # Service from were we extract the IP address/es to use in Ingress status 380 | - --publish-service=kong/kong-proxy 381 | env: 382 | - name: POD_NAME 383 | valueFrom: 384 | fieldRef: 385 | apiVersion: v1 386 | fieldPath: metadata.name 387 | - name: POD_NAMESPACE 388 | valueFrom: 389 | fieldRef: 390 | apiVersion: v1 391 | fieldPath: metadata.namespace 392 | image: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller:0.2.0 393 | imagePullPolicy: IfNotPresent 394 | livenessProbe: 395 | failureThreshold: 3 396 | httpGet: 397 | path: /healthz 398 | port: 10254 399 | scheme: HTTP 400 | initialDelaySeconds: 30 401 | periodSeconds: 10 402 | successThreshold: 1 403 | timeoutSeconds: 1 404 | readinessProbe: 405 | failureThreshold: 3 406 | httpGet: 407 | path: /healthz 408 | port: 10254 409 | scheme: HTTP 410 | periodSeconds: 10 411 | successThreshold: 1 412 | timeoutSeconds: 1 413 | 414 | --- 415 | 416 | apiVersion: v1 417 | kind: Service 418 | metadata: 419 | name: kong-proxy 420 | namespace: kong 421 | spec: 422 | type: NodePort 423 | ports: 424 | - name: kong-proxy 425 | port: 80 426 | targetPort: 8000 427 | protocol: TCP 428 | - name: kong-proxy-ssl 429 | port: 443 430 | targetPort: 8443 431 | protocol: TCP 432 | selector: 433 | app: kong 434 | --- 435 | 436 | apiVersion: extensions/v1beta1 437 | kind: Deployment 438 | metadata: 439 | name: kong 440 | namespace: kong 441 | spec: 442 | template: 443 | metadata: 444 | labels: 445 | name: kong 446 | app: kong 447 | spec: 448 | containers: 449 | - name: kong-proxy 450 | image: kong:0.14.1-centos 451 | env: 452 | - name: KONG_PG_PASSWORD 453 | value: kong 454 | - name: KONG_PG_HOST 455 | value: postgres 456 | - name: KONG_PROXY_ACCESS_LOG 457 | value: "/dev/stdout" 458 | - name: KONG_PROXY_ERROR_LOG 459 | value: "/dev/stderr" 460 | - name: KONG_ADMIN_LISTEN 461 | value: 'off' 462 | ports: 463 | - name: proxy 464 | containerPort: 8000 465 | protocol: TCP 466 | - name: proxy-ssl 467 | containerPort: 8443 468 | protocol: TCP 469 | 470 | --- 471 | apiVersion: v1 472 | kind: Service 473 | metadata: 474 | name: kong-dashboard 475 | namespace: kong 476 | spec: 477 | type: NodePort 478 | ports: 479 | - name: kong-dashboard 480 | port: 80 481 | targetPort: 8080 482 | protocol: TCP 483 | selector: 484 | app: dashboard 485 | --- 486 | 487 | apiVersion: extensions/v1beta1 488 | kind: Deployment 489 | metadata: 490 | name: dashboard 491 | namespace: kong 492 | spec: 493 | template: 494 | metadata: 495 | labels: 496 | name: dashboard 497 | app: dashboard 498 | spec: 499 | containers: 500 | - name: kong-dashboard 501 | args: 502 | - start 503 | - --kong-url http://kong-ingress-controller:8001 504 | #- --basic-auth admin=admin 505 | image: pgbi/kong-dashboard:latest 506 | ports: 507 | - name: http 508 | containerPort: 8080 509 | protocol: TCP 510 | -------------------------------------------------------------------------------- /all-in-one/kong-ingress-controller.only.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | annotations: 5 | deployment.kubernetes.io/revision: "4" 6 | creationTimestamp: 2018-11-13T15:03:48Z 7 | generation: 4 8 | labels: 9 | app: ingress-kong 10 | name: kong-ingress-controller 11 | namespace: kong 12 | resourceVersion: "19080" 13 | selfLink: /apis/extensions/v1beta1/namespaces/kong/deployments/kong-ingress-controller 14 | uid: 5306dd38-e755-11e8-8c37-525400c042d5 15 | spec: 16 | progressDeadlineSeconds: 2147483647 17 | replicas: 1 18 | revisionHistoryLimit: 10 19 | selector: 20 | matchLabels: 21 | app: ingress-kong 22 | strategy: 23 | rollingUpdate: 24 | maxSurge: 1 25 | maxUnavailable: 0 26 | type: RollingUpdate 27 | template: 28 | metadata: 29 | annotations: 30 | prometheus.io/port: "10254" 31 | prometheus.io/scrape: "true" 32 | creationTimestamp: null 33 | labels: 34 | app: ingress-kong 35 | spec: 36 | containers: 37 | - args: 38 | - /kong-ingress-controller 39 | - --kong-url=http://192.168.33.12:8001 40 | - --default-backend-service=kong/kong-proxy 41 | - --publish-service=kong/kong-proxy 42 | env: 43 | - name: POD_NAME 44 | valueFrom: 45 | fieldRef: 46 | apiVersion: v1 47 | fieldPath: metadata.name 48 | - name: POD_NAMESPACE 49 | valueFrom: 50 | fieldRef: 51 | apiVersion: v1 52 | fieldPath: metadata.namespace 53 | image: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller:0.2.0 54 | imagePullPolicy: IfNotPresent 55 | livenessProbe: 56 | failureThreshold: 3 57 | httpGet: 58 | path: /healthz 59 | port: 10254 60 | scheme: HTTP 61 | initialDelaySeconds: 30 62 | periodSeconds: 10 63 | successThreshold: 1 64 | timeoutSeconds: 1 65 | name: ingress-controller 66 | readinessProbe: 67 | failureThreshold: 3 68 | httpGet: 69 | path: /healthz 70 | port: 10254 71 | scheme: HTTP 72 | periodSeconds: 10 73 | successThreshold: 1 74 | timeoutSeconds: 1 75 | resources: {} 76 | terminationMessagePath: /dev/termination-log 77 | terminationMessagePolicy: File 78 | dnsPolicy: ClusterFirst 79 | restartPolicy: Always 80 | schedulerName: default-scheduler 81 | securityContext: {} 82 | serviceAccount: kong-serviceaccount 83 | serviceAccountName: kong-serviceaccount 84 | terminationGracePeriodSeconds: 30 85 | status: 86 | availableReplicas: 1 87 | conditions: 88 | - lastTransitionTime: 2018-11-13T18:02:53Z 89 | lastUpdateTime: 2018-11-13T18:02:53Z 90 | message: Deployment has minimum availability. 91 | reason: MinimumReplicasAvailable 92 | status: "True" 93 | type: Available 94 | observedGeneration: 4 95 | readyReplicas: 1 96 | replicas: 2 97 | unavailableReplicas: 1 98 | updatedReplicas: 1 99 | -------------------------------------------------------------------------------- /all-in-one/nginx-tranproxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | run: nginx-tranproxy 6 | name: nginx-tranproxy 7 | spec: 8 | progressDeadlineSeconds: 600 9 | replicas: 1 10 | revisionHistoryLimit: 10 11 | selector: 12 | matchLabels: 13 | run: nginx-tranproxy 14 | strategy: 15 | rollingUpdate: 16 | maxSurge: 25% 17 | maxUnavailable: 25% 18 | type: RollingUpdate 19 | template: 20 | metadata: 21 | creationTimestamp: null 22 | labels: 23 | run: nginx-tranproxy 24 | spec: 25 | containers: 26 | - image: lijiaocn/nginx-tranproxy:0.1 27 | imagePullPolicy: Always 28 | name: nginx-tranproxy 29 | resources: {} 30 | securityContext: 31 | capabilities: 32 | add: 33 | - NET_ADMIN 34 | terminationMessagePath: /dev/termination-log 35 | terminationMessagePolicy: File 36 | dnsPolicy: ClusterFirst 37 | restartPolicy: Always 38 | schedulerName: default-scheduler 39 | securityContext: {} 40 | terminationGracePeriodSeconds: 30 41 | -------------------------------------------------------------------------------- /all-in-one/webshell-all-in-one.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: demo-webshell 6 | generateName: demo-webshell 7 | labels: 8 | name: demo-webshell 9 | purpose: Demonstration 10 | annotations: 11 | describe: Just show how to create 12 | status: 13 | phase: '' 14 | --- 15 | apiVersion: extensions/v1beta1 16 | kind: Ingress 17 | metadata: 18 | name: webshell-ingress 19 | namespace: demo-webshell 20 | spec: 21 | rules: 22 | - host: webshell.com 23 | http: 24 | paths: 25 | - path: / 26 | backend: 27 | serviceName: webshell 28 | servicePort: 80 29 | - path: /ping 30 | backend: 31 | serviceName: webshell 32 | servicePort: 80 33 | --- 34 | apiVersion: v1 35 | kind: Service 36 | metadata: 37 | name: webshell 38 | namespace: demo-webshell 39 | spec: 40 | type: ClusterIP 41 | ports: 42 | - name: webshell 43 | port: 80 44 | targetPort: 80 45 | protocol: TCP 46 | - name: ssh 47 | port: 22 48 | targetPort: 22 49 | protocol: TCP 50 | selector: 51 | app: webshell 52 | --- 53 | apiVersion: v1 54 | kind: Service 55 | metadata: 56 | name: webshell-nodeport 57 | namespace: demo-webshell 58 | spec: 59 | type: NodePort 60 | ports: 61 | - name: webshell 62 | port: 80 63 | targetPort: 80 64 | protocol: TCP 65 | - name: ssh 66 | port: 22 67 | targetPort: 22 68 | protocol: TCP 69 | selector: 70 | app: webshell 71 | --- 72 | apiVersion: apps/v1 73 | kind: Deployment 74 | metadata: 75 | name: webshell 76 | namespace: demo-webshell 77 | spec: 78 | replicas: 1 79 | selector: 80 | matchLabels: 81 | app: webshell 82 | template: 83 | metadata: 84 | labels: 85 | name: webshell 86 | app: webshell 87 | spec: 88 | containers: 89 | - name: webshell 90 | image: lijiaocn/webshell:1.0 91 | resources: 92 | limits: 93 | cpu: 3 94 | memory: 128Mi 95 | requests: 96 | cpu: 0.1 97 | memory: 32Mi 98 | livenessProbe: 99 | tcpSocket: 100 | port: 80 101 | initialDelaySeconds: 5 102 | timeoutSeconds: 5 103 | periodSeconds: 10 104 | successThreshold: 1 105 | failureThreshold: 3 106 | imagePullPolicy: Always 107 | securityContext: 108 | privileged: false 109 | runAsNonRoot: false 110 | stdin: false 111 | stdinOnce: false 112 | tty: false 113 | - name: sshproxy 114 | image: lijiaocn/sshproxy:1.0 115 | env: 116 | - name: ROOTPASS 117 | value: '123456' 118 | resources: 119 | limits: 120 | cpu: 3 121 | memory: 128Mi 122 | requests: 123 | cpu: 0.1 124 | memory: 32Mi 125 | livenessProbe: 126 | tcpSocket: 127 | port: 22 128 | initialDelaySeconds: 5 129 | timeoutSeconds: 5 130 | imagePullPolicy: Always 131 | securityContext: 132 | privileged: false 133 | runAsNonRoot: false 134 | stdin: false 135 | stdinOnce: false 136 | tty: false 137 | restartPolicy: Always 138 | dnsPolicy: Default 139 | serviceAccountName: default 140 | hostNetwork: false 141 | hostPID: false 142 | hostIPC: false 143 | -------------------------------------------------------------------------------- /all-in-one/websocket-all-in-one.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: demo-websocket 6 | generateName: demo-websocket 7 | labels: 8 | name: demo-websocket 9 | purpose: Demonstration 10 | annotations: 11 | describe: Just show how to create 12 | status: 13 | phase: '' 14 | --- 15 | apiVersion: extensions/v1beta1 16 | kind: Ingress 17 | metadata: 18 | name: websocket-ingress 19 | namespace: demo-websocket 20 | spec: 21 | rules: 22 | - host: websocket.com 23 | http: 24 | paths: 25 | - path: / 26 | backend: 27 | serviceName: websocket 28 | servicePort: 80 29 | - path: /echo 30 | backend: 31 | serviceName: websocket 32 | servicePort: 8080 33 | --- 34 | apiVersion: v1 35 | kind: Service 36 | metadata: 37 | name: websocket 38 | namespace: demo-websocket 39 | spec: 40 | type: ClusterIP 41 | ports: 42 | - name: websocket 43 | port: 80 44 | targetPort: 8080 45 | protocol: TCP 46 | - name: ssh 47 | port: 22 48 | targetPort: 22 49 | protocol: TCP 50 | selector: 51 | app: websocket 52 | --- 53 | apiVersion: apps/v1beta1 54 | kind: Deployment 55 | metadata: 56 | name: websocket 57 | namespace: demo-websocket 58 | spec: 59 | replicas: 1 60 | selector: 61 | matchLabels: 62 | app: websocket 63 | template: 64 | metadata: 65 | labels: 66 | name: websocket 67 | app: websocket 68 | spec: 69 | containers: 70 | - name: websocket 71 | image: lijiaocn/websocket:1.0 72 | resources: 73 | limits: 74 | cpu: 3 75 | memory: 128Mi 76 | requests: 77 | cpu: 0.1 78 | memory: 32Mi 79 | livenessProbe: 80 | tcpSocket: 81 | port: 8080 82 | initialDelaySeconds: 5 83 | timeoutSeconds: 5 84 | periodSeconds: 10 85 | successThreshold: 1 86 | failureThreshold: 3 87 | imagePullPolicy: Always 88 | securityContext: 89 | privileged: false 90 | runAsNonRoot: false 91 | stdin: false 92 | stdinOnce: false 93 | tty: false 94 | - name: sshproxy 95 | image: lijiaocn/sshproxy:1.0 96 | env: 97 | - name: ROOTPASS 98 | value: '123456' 99 | resources: 100 | limits: 101 | cpu: 3 102 | memory: 128Mi 103 | requests: 104 | cpu: 0.1 105 | memory: 32Mi 106 | livenessProbe: 107 | tcpSocket: 108 | port: 22 109 | initialDelaySeconds: 5 110 | timeoutSeconds: 5 111 | imagePullPolicy: Always 112 | securityContext: 113 | privileged: false 114 | runAsNonRoot: false 115 | stdin: false 116 | stdinOnce: false 117 | tty: false 118 | restartPolicy: Always 119 | dnsPolicy: Default 120 | serviceAccountName: default 121 | hostNetwork: false 122 | hostPID: false 123 | hostIPC: false 124 | -------------------------------------------------------------------------------- /api-v1-example/namespace.json: -------------------------------------------------------------------------------- 1 | { 2 | "kind": "Namespace", 3 | "apiVersion": "v1", 4 | "metadata": { 5 | "name": "demo1", 6 | "generateName": "demo1", 7 | "labels":{ 8 | "name": "demo1", 9 | "purpose": "Demonstration" 10 | }, 11 | "annotations": { 12 | "describe": "Just show how to create" 13 | } 14 | }, 15 | "status": { 16 | "phase": "" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /api-v1-example/pod-sshproxy.json: -------------------------------------------------------------------------------- 1 | { 2 | "kind": "Pod", 3 | "apiVersion": "v1", 4 | "metadata": { 5 | "name": "sshproxy", 6 | "namespace": "demo1", 7 | "deletionGracePeriodSeconds": 5, 8 | "labels": { 9 | "type": "Independent", 10 | "name":"sshproxy", 11 | "owner":"demo1" 12 | }, 13 | "annotations": { 14 | "describe": "just sshd servcie" 15 | } 16 | }, 17 | "spec": { 18 | "containers": [ 19 | { 20 | "name": "sshproxy", 21 | "image": "lijiaocn/sshproxy:1.0", 22 | "env": [ 23 | { 24 | "name": "ROOTPASS", 25 | "value": "123456" 26 | } 27 | ], 28 | "resources": { 29 | "limits": { 30 | "cpu": 3.0, 31 | "memory": "128Mi" 32 | }, 33 | "requests": { 34 | "cpu": 1.0, 35 | "memory": "32Mi" 36 | } 37 | }, 38 | "livenessProbe": { 39 | "tcpSocket": { 40 | "port": 22 41 | }, 42 | "initialDelaySeconds": 5, 43 | "timeoutSeconds": 5 44 | }, 45 | "imagePullPolicy": "Always", 46 | "securityContext": { 47 | "privileged": false, 48 | "runAsNonRoot": false 49 | }, 50 | "stdin": false, 51 | "stdinOnce": false, 52 | "tty": false 53 | } 54 | ], 55 | "restartPolicy": "Never", 56 | "dnsPolicy": "Default", 57 | "serviceAccountName": "default", 58 | "hostNetwork": false, 59 | "hostPID": false, 60 | "hostIPC": false 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /api-v1-example/resourcequotas.json: -------------------------------------------------------------------------------- 1 | { 2 | "kind": "ResourceQuota", 3 | "apiVersion": "v1", 4 | "metadata": { 5 | "name": "demo1-quota", 6 | "namespace": "demo1", 7 | "deletionGracePeriodSeconds": 5, 8 | "annotations": { 9 | "describe":"demo1-quota for demo1" 10 | } 11 | }, 12 | "spec": { 13 | "hard": { 14 | "cpu": "10", 15 | "memory": "128Mi", 16 | "pods": "5", 17 | "services": "3", 18 | "replicationcontrollers": "3", 19 | "resourcequotas": "1", 20 | "secrets": "3", 21 | "persistentvolumeclaims": "3" 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /api-v1-example/secrets-registry.local.json: -------------------------------------------------------------------------------- 1 | { 2 | "kind": "", 3 | "apiVersion": "", 4 | "metadata": { 5 | "name": "", 6 | "generateName": "", 7 | "namespace": "", 8 | "selfLink": "", 9 | "uid": "", 10 | "resourceVersion": "", 11 | "generation": {}, 12 | "creationTimestamp": "", 13 | "deletionTimestamp": "", 14 | "deletionGracePeriodSeconds": {}, 15 | "labels": "any", 16 | "annotations": "any" 17 | }, 18 | "data": "any", 19 | "type": "" 20 | } 21 | -------------------------------------------------------------------------------- /api-v1-example/webshell-rc.json: -------------------------------------------------------------------------------- 1 | { 2 | "kind": "ReplicationController", 3 | "apiVersion": "v1", 4 | "metadata": { 5 | "name": "webshell-rc", 6 | "namespace": "demo1", 7 | "deletionGracePeriodSeconds": 5, 8 | "labels": { 9 | "type":"rc", 10 | "name":"webshell-rc" 11 | }, 12 | "annotations": { 13 | "describe": "webshell rc" 14 | } 15 | }, 16 | "spec": { 17 | "replicas": 1, 18 | "selector": { 19 | "name": "webshell", 20 | "type": "pod" 21 | }, 22 | "template": { 23 | "metadata": { 24 | "name": "webshell", 25 | "namespace": "demo1", 26 | "labels": { 27 | "name": "webshell", 28 | "type": "pod" 29 | }, 30 | "annotations": { 31 | "describe": "webshell pod" 32 | } 33 | }, 34 | "spec": { 35 | "containers": [ 36 | { 37 | "name": "webshell", 38 | "image": "lijiaocn/webshell:1.0", 39 | "resources": { 40 | "limits": { 41 | "cpu": 3.0, 42 | "memory": "128Mi" 43 | }, 44 | "requests": { 45 | "cpu": 0.1, 46 | "memory": "32Mi" 47 | } 48 | }, 49 | "livenessProbe": { 50 | "tcpSocket": { 51 | "port": 80 52 | }, 53 | "initialDelaySeconds": 5, 54 | "timeoutSeconds": 5, 55 | "periodSeconds": 10, 56 | "successThreshold": 1, 57 | "failureThreshold": 3 58 | }, 59 | "imagePullPolicy": "Always", 60 | "securityContext": { 61 | "privileged": false, 62 | "runAsNonRoot": false 63 | }, 64 | "stdin": false, 65 | "stdinOnce": false, 66 | "tty": false 67 | }, 68 | { 69 | "name": "sshproxy", 70 | "image": "lijiaocn/sshproxy:1.0", 71 | "env": [ 72 | { 73 | "name": "ROOTPASS", 74 | "value": "123456" 75 | } 76 | ], 77 | "resources": { 78 | "limits": { 79 | "cpu": 3.0, 80 | "memory": "128Mi" 81 | }, 82 | "requests": { 83 | "cpu": 0.1, 84 | "memory": "32Mi" 85 | } 86 | }, 87 | "livenessProbe": { 88 | "tcpSocket": { 89 | "port": 22 90 | }, 91 | "initialDelaySeconds": 5, 92 | "timeoutSeconds": 5 93 | }, 94 | "imagePullPolicy": "Always", 95 | "securityContext": { 96 | "privileged": false, 97 | "runAsNonRoot": false 98 | }, 99 | "stdin": false, 100 | "stdinOnce": false, 101 | "tty": false 102 | } 103 | ], 104 | "restartPolicy": "Always", 105 | "dnsPolicy": "Default", 106 | "serviceAccountName": "default", 107 | "hostNetwork": false, 108 | "hostPID": false, 109 | "hostIPC": false 110 | } 111 | } 112 | } 113 | } 114 | -------------------------------------------------------------------------------- /api-v1-example/webshell-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "kind": "Service", 3 | "apiVersion": "v1", 4 | "metadata": { 5 | "name": "webshell-service", 6 | "namespace": "demo1", 7 | "deletionGracePeriodSeconds": 5, 8 | "labels": { 9 | "type": "service", 10 | "name": "webshell-service" 11 | }, 12 | "annotations": { 13 | "describe": "webshell service" 14 | } 15 | }, 16 | "spec": { 17 | "ports": [ 18 | { 19 | "name": "http", 20 | "protocol": "TCP", 21 | "port": 80, 22 | "targetPort": 80 23 | }, 24 | { 25 | "name": "ssh", 26 | "protocol": "TCP", 27 | "port": 22, 28 | "targetPort": 22 29 | } 30 | ], 31 | "selector": { 32 | "name": "webshell", 33 | "type": "pod" 34 | }, 35 | "type": "ClusterIP", 36 | "sessionAffinity": "ClientIP" 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /ingress-nginx/00-basic/basic-echo-example-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-basic 5 | spec: 6 | rules: 7 | - host: basic.echo.example 8 | http: 9 | paths: 10 | - path: / 11 | backend: 12 | serviceName: echo 13 | servicePort: 80 14 | - host: wenda.iqianzhan.com 15 | http: 16 | paths: 17 | - path: / 18 | backend: 19 | serviceName: echo 20 | servicePort: 80 21 | - host: jisuanqi.iqianzhan.com 22 | http: 23 | paths: 24 | - path: / 25 | backend: 26 | serviceName: http-record 27 | servicePort: 80 28 | -------------------------------------------------------------------------------- /ingress-nginx/01-tls/01-create-cert.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # 01-create-cert.sh 4 | # Copyright (C) 2019 lijiaocn 5 | # 6 | # Distributed under terms of the GPL license. 7 | # 8 | 9 | echo "生成自签署的 ca 证书" 10 | openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=My Cert Authority' 11 | 12 | echo "生成用上述 ca 签署的 server 证书" 13 | openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=tls.echo.example' 14 | openssl x509 -req -sha256 -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt 15 | -------------------------------------------------------------------------------- /ingress-nginx/01-tls/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFDjCCAvagAwIBAgIJAJPDn6LJxy1ZMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNV 3 | BAMMEU15IENlcnQgQXV0aG9yaXR5MB4XDTE5MTAxNTA5MDg0OFoXDTI5MDcxNDA5 4 | MDg0OFowHDEaMBgGA1UEAwwRTXkgQ2VydCBBdXRob3JpdHkwggIiMA0GCSqGSIb3 5 | DQEBAQUAA4ICDwAwggIKAoICAQCyNNDlB03UwXKfQCzMlJFshFO3pOiFTbK9L8wF 6 | Pto0nllvKD2qFju37iHziMp/jNttExPJdJN7tkmZhX/HKT8PlYi/vGaU+rzl3bcJ 7 | 0qZJB9x1MZeyOLKUubxfdE/aJsRKRmPk0zpD+q0i/kkockBcTBb9Gg3eLTvgDWBl 8 | 6Kuz15Br6DgIX85VqG/uxxlSEo6olQzZvmvOXtxC1sXbCYPBOzuyp9JLKPiZbLSD 9 | P7yS+XJZJiF1Iop3N6We9X+e7+8wysCOo3lTai78fR5cgzLIqx2J6YMiH7BsmqcI 10 | OssQ891djkm4ao1E7HtLE180Koq+Z/79f3RFrN3+RTRhS+s8v/CeEGWThgYZGR9Z 11 | WW8rU3FGjRsGoWPiYFIc/sRPjxiMk11TPi3EW1nkJxVFPcxGQXSmERaGGrt3iKFR 12 | Ks4SXyHq3pE9reTUeRsuTHs3n2vKQRaAbh872gOaXQifREaUd+XHNtBKBYACoaol 13 | omKrEf2sJnF7u/cUg4Fpn4E6R5S02vL/Bmpy7GDZWbSWAuht3ngho2yDfGlZe8b9 14 | ZtMcVUGbB68MvdBWRK+nRts4ByVW8AoxhpkHc0YhrSNfglrT8Dfj7w4HCqHCzeGA 15 | 88clkInwqeIYAH5z6QN8YvwRsa7/RX2ZhaLYcj/KWp7GQxaJ238pYM0+LiIFOqId 16 | nc8d+wIDAQABo1MwUTAdBgNVHQ4EFgQUMIpoH3tdEBPMonMwVGszRS8Nct0wHwYD 17 | VR0jBBgwFoAUMIpoH3tdEBPMonMwVGszRS8Nct0wDwYDVR0TAQH/BAUwAwEB/zAN 18 | BgkqhkiG9w0BAQsFAAOCAgEACRVsjx5iDyMcwVyahvgj+zxgk9Ib5ivn6tz3oTb7 19 | aAzelQklWR/YxZ8VSETm0P03AKMz6dAhsohMG855HV7c/PfA6eKbq8KWLazy2rbo 20 | 37h2U9XHW1nuNNfJl/qvznGPBlYn4jWclk9U5Z82FJdFL6fIB/1XrgPbIURGQt6K 21 | JObXWLnkB+EVAHEtEYBPMSo71zJq8xFN+2cZe1/X8CGrU+OOnecpIHeZmTL1to92 22 | PVFgNi3vdnLmTB3CcKUL0vO4nv9ghaWFzXDdvYCQuNgPelvvP1+s1oyFLe8n4nuF 23 | wYmFM9XCIfGCRixy3hUKXcrlOFK+OJ5J77dlsuQNHCuvmEVvAsSGjEc3c1Gkwtxv 24 | c3j+vQfSb55oxtBAKmznTKv5nhxf44G8VzNO6ow6toc3vhdZ43hiDQ1iCvhXFaKo 25 | 4ZuHaR2yedNl5xvfl3yHX1zc2aYA0sYHWjNuPbJsEgPzfZwHiWxN7gEFf+FsiAkW 26 | +CiDkAK/V5Ld18wrMlF/rUdchgK0zVfLZ4o238RyzJxw14f1L/yQRHjHGM71EAPe 27 | SeIChp8Flm3yyVT3lTqDpfQMwihAbWyao3e4XCtIahmq5AY8X7+eTInhICSPXgEC 28 | 9UCPNYQlIYrA3fBl3bnrmWZU8FHbRjVupEQJvhllyCZc+f2NT8egz90IOoNNmZXU 29 | GFw= 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /ingress-nginx/01-tls/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCyNNDlB03UwXKf 3 | QCzMlJFshFO3pOiFTbK9L8wFPto0nllvKD2qFju37iHziMp/jNttExPJdJN7tkmZ 4 | hX/HKT8PlYi/vGaU+rzl3bcJ0qZJB9x1MZeyOLKUubxfdE/aJsRKRmPk0zpD+q0i 5 | /kkockBcTBb9Gg3eLTvgDWBl6Kuz15Br6DgIX85VqG/uxxlSEo6olQzZvmvOXtxC 6 | 1sXbCYPBOzuyp9JLKPiZbLSDP7yS+XJZJiF1Iop3N6We9X+e7+8wysCOo3lTai78 7 | fR5cgzLIqx2J6YMiH7BsmqcIOssQ891djkm4ao1E7HtLE180Koq+Z/79f3RFrN3+ 8 | RTRhS+s8v/CeEGWThgYZGR9ZWW8rU3FGjRsGoWPiYFIc/sRPjxiMk11TPi3EW1nk 9 | JxVFPcxGQXSmERaGGrt3iKFRKs4SXyHq3pE9reTUeRsuTHs3n2vKQRaAbh872gOa 10 | XQifREaUd+XHNtBKBYACoaolomKrEf2sJnF7u/cUg4Fpn4E6R5S02vL/Bmpy7GDZ 11 | WbSWAuht3ngho2yDfGlZe8b9ZtMcVUGbB68MvdBWRK+nRts4ByVW8AoxhpkHc0Yh 12 | rSNfglrT8Dfj7w4HCqHCzeGA88clkInwqeIYAH5z6QN8YvwRsa7/RX2ZhaLYcj/K 13 | Wp7GQxaJ238pYM0+LiIFOqIdnc8d+wIDAQABAoICAEdHxP63KzScpCJ64vB5xKlp 14 | TKs6NR+M8p+lzK+Ucmd1p0RFDlVIS17Iy5/D6WuXhfVdGh8MmCl1wn673V5mayjq 15 | oSZAT6/rkz9Grf4p2gWANXhS++B3uUav/F8aAQ67Tux+t1pB+x5R2IsUt2KMQJ4q 16 | eU+H6mAiK7702sgohvWKlePzoOYInFm64/rYfJJNhe58oAVAm5KScvvxOHbimWbj 17 | MH/HjOAvZTDJQHL3PZB0Yn6yN9PImyYQhhjNDd0fD8eucdMcJF1vLZgk284ZVGjb 18 | uRb+5krx7fmi6ojqK2t+f976GRbA1/znsnFXME+HbLO4mVAAeRudh7Y7LDZ2zYJ2 19 | CWGWIjvcDAEwponf4JaGddGbPjAnOGpyYgbS+soRBgROAGU10dIP7OptXYFlYIMA 20 | 1c5qRVpD6xFWL+F3owIx6ydnaD8/hUs4TcBlnmTE4/IgsnS2cd6LVVmHcKC+c7VL 21 | Ym5FTnses78EchOlnHpbjr7zcn9jgd1MPYELXFc/8pxDliHvEjtvL5d7mRAIazUo 22 | oSiM1sjRUGqhu/caVwPrX+RlHrtA0fdxdiFSSFdAcO9HQH/tcYYo2aaIcHqMBldb 23 | cuiM0m4IT/3TrCdElMMWpF0MEjtyP1Vsk8XUqynhMTMQCcn+x3PjAnkaLUm2IkVB 24 | JZFAPiWbPm5Ms9npsQVhAoIBAQDh00zleiuu8JqRN0TDzy7Cv+945QlEvOWu26Rg 25 | Z9V7WfEpnvZOsbbNw7Xoetwx8oJShGRg5+YvbR6wdqzs/tblbfhYlGMdjBo8ENkd 26 | dbhNTUXzhl24/BXtk+WlOT9rJ7+sljw8LcVHRsG2m/Kcrezk+ZOr2u8olfCIz1cm 27 | Aof4qyKyZp+AJsW0Kr3Sp9N1B5Rjqi6xQBPllkZwLICDcSvemoySxhcJb8+C4vKm 28 | 2Q97BGCRrwQneBa2ms9jOFZ1DErKE5yL+XInUYfoxwx5jJAXVZKKz7ZSs8VxvwUD 29 | O5Hzg9fMbFbJ7puraR3eXqQ21BRV17VliGrTH22n0tdi1drJAoIBAQDKBKIDcrNi 30 | rWEIJ0KEw8Oy2Z0R1H59orGCLBpPeiKT3uY3/WsnALFd3IyjRPjPNMJWkKMwXrTE 31 | Ndyci117vUjTb+zzkCeAOk9EoO8FMluGxO9oX8f+h/rYQuRjBaaZsnQBM3C7MGQ7 32 | I5OI5hSiXgrqOhNrFd37r2pFtVxGnwjoh4U/AXguWesK6F2NVWvC1fR+USuCZqms 33 | zhMpOhxrPiys6b1LD/rshLI9ZkFEhqU6qS2aGvcsDxyo57gRF0jCTAWvJyZmoCVM 34 | BZRBSt1QzVjfdSMmwTaRbJ7rbe2EHCe673GaQ0LYSLqxLLCKpDa3ySyT03QovoI1 35 | N1nrvD6eFlCjAoIBAQC0/vVf65Z9hUxtXX3Y7wKMhud53yCZnkj86AAMYMyjLAh1 36 | knnZwuhAbT8sUOSRh8xaNNB7NwKwOmZhiwy4etxkUMq+vFfgg703LU3HJeYM1wVc 37 | 1PHjZPByVZq23XZt/RLMUjF/DjRTF2wFX2KJn4ECWOK52CTdQ6fhD0XLKjYu4YNS 38 | t5vZS7oj2CoCYA7Eesm9Q9ZerHwGBHb6S0DJmPhPV1GaBfjK0HnibuGLRuf4ch6w 39 | RTUwKTkTLGtSHAJ3l92Nr0BGlCyhROCIepkOBtIqUaS9axO3n2x96VssJx+orKBW 40 | sPKysHLGZN7SrsoxQ7P0xYoXEcqE4miyHPQSvFK5AoIBAQCfSp/lUCAagtOr9ikB 41 | PsukzuqHEKLctdh56ASm/osdRfkJ1Q0Up/szI6DRbKUz3UoPr+S9Uy/+NupJlaqU 42 | 02AFOJACTXyYI2I1nyBZXKfG0KpmBoBQNzCYLcagPehr8MZ/2+vb7gBakWbX33QN 43 | w1Gf90MwgQGUX3DQnnywQt5nW9S5JZN6GPS4mRiLRPu/ma07nQ1NuV25IJUDQQr/ 44 | lPrtLTFRarxUmx1gRKzaN8E5TATlKrYTS6cxl+UPtOhuLDufLKOe8E/4bb3E7h8s 45 | g368VETvXhKFAL0eroNGVF0PjZZqKPcgS9jJs49RAsMSj9JSjb1eEzngdFC3DKvj 46 | Q305AoIBAQCZ53VTNQFr5zYWSjT6kNol9YpVmRwa88N/qiYvWsE305aCeu3FUIdq 47 | /ey2znhslhRlh/+M+l4Z+AXuOeZF7+mKiDuszNR+7BziYf26+ux93sUCfjvEMRmk 48 | V+zXgasEZGWxC6ujHTbWvY/iERIznlgxQ5g9LlM5wW/IqRWz0FFnFPp1q09inv5X 49 | dTkDtxp6R/ZhrbbLtm9OVRwLgv1JIgtoerrf6B8wAerBsMtxMj0gIH4Rz/Qo6+hs 50 | Bv8C4QQRvTeoFt0g4183FMHW24Avx/4dExVscWKgN1CQyCPWv6Smw7wotpWBI/hn 51 | 9LDEut8rTgxa0fO1DXt84ZllKLvnkkXR 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /ingress-nginx/01-tls/server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEqzCCApMCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRTXkgQ2VydCBB 3 | dXRob3JpdHkwHhcNMTkxMDE1MDkwODQ5WhcNMjkxMDEyMDkwODQ5WjAbMRkwFwYD 4 | VQQDDBB0bHMuZWNoby5leGFtcGxlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC 5 | CgKCAgEAzqWx23fJ+27W3SkEJ3vmcTOLT1XNfN6wbsItnuIaIlU6AvwFylubx3xG 6 | q7gve10XnIZkqnXi3XStCmHp2+B1aXtg7EfqXG+PdXwROaulWmOexTW+PEkxgC3r 7 | BGslxjdtKUfE0ipT8HSFxuIqnugOdXi+Q41oStYaKY8//xQdRs9OSgn7nfvuhpKc 8 | Q/FOzp0fupXHLia0TFjZ4lhdLTQG5NMZZqhqUvaZPKV1nIN4X3DLnyx7HJ8NDfVe 9 | scM5d1r92k94GmFsLQ8w0yWHwJoDKdq2dlwYm5f1Tham9VIfDTm3Cj1g5kt3EvcJ 10 | 678SEITkgruZaKk/qoMT/IFnxTfCSlphwm8p7lVRmF1GFD7hyvMsxnDYLZAXvseT 11 | 4KpDrtePIhJV96uJ1PF/3sWv13qlPKgjllg5lt/LjeoZ1IW8vLiqJ7pKQpCgXRgP 12 | PaFJfKJFy+5U3+L6Rx4U70gWqaWvi/bIVfJVYDv+6wvTHRX55YsXR1IyZf/l5c+H 13 | htzNeffNU7vnLrjMB0Q1/9Ipw3g4ZbSq4DCxXGG4V9PtseZkg0C0P54dEgBQHDZ3 14 | QkbrOZuD2qgjiXU1wdNxmrBIgqihNyh/evOj7qv5grtBQMHnSsRvBh9RCI9xkGnq 15 | bnrc5K2/ebF8CmN3cTbhH10Ru6P7lKgdbWlu+VvE3vMb2isQZ50CAwEAATANBgkq 16 | hkiG9w0BAQsFAAOCAgEAh+0kG6tfAqrYZxnbDFlinzCmExSjfEcAgiMYiiHTUZmR 17 | YyE+HLMPq76iGJAd6rEAP04tkiaTrrnkUxKceY+RQhnOlZLi9OvYkLI2+oRjLd5z 18 | tJQH2WRPoEIdHNRWD8SfmTU9rj5raxVHnsssiIKl3U0L5vE81pXjKC1RFzap4rWV 19 | hGWRpCLzpcG/CmrZgROcnebPSvmrD67HV++OWPXY9WbsV7lVZoPyrPaRcwGxlolc 20 | 9fyLJ0MsXr5pQc4c1mpq0AHSvBP3CTUWvfMne1b0ctyWuvGIhVi/yFyltdH4d6tN 21 | t3C/Rl4sX9srF6uicITAMaYs79W1NabKcdDi4mvk0N4RcLoiTuvDZ/Bop71LBTae 22 | ox9hvZjLh+hBn+jghhf04MW3PAGCjIBKgC4fXEiFuLPM1UBw2Uq0D1SlDjFGNBP9 23 | 8ZnJWllZ/Z5iwr30Nzj18l0DIXWVnAHEiEoSOndDbX/Z/jYzRFyWicI9vH79ajB5 24 | hEz0Ovp26DC1FRGM4OKehgVJP09m9ugVEYfJ49S++VTT0kVrUFBHaqoNy93fJGon 25 | uSxSzZuuG/5Zc76cbQU3dUQfODSrqAoMUTjpNzfW02BnzFMYOvs9R9AT9geBJPKa 26 | fTBvCTAR+QrYXHXHA3wrDbKzkJbcNtnlJ5PVOs/kC3xX1/CMFwxOWnRDknXB0L4= 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /ingress-nginx/01-tls/server.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIEYDCCAkgCAQAwGzEZMBcGA1UEAwwQdGxzLmVjaG8uZXhhbXBsZTCCAiIwDQYJ 3 | KoZIhvcNAQEBBQADggIPADCCAgoCggIBAM6lsdt3yftu1t0pBCd75nEzi09VzXze 4 | sG7CLZ7iGiJVOgL8Bcpbm8d8Rqu4L3tdF5yGZKp14t10rQph6dvgdWl7YOxH6lxv 5 | j3V8ETmrpVpjnsU1vjxJMYAt6wRrJcY3bSlHxNIqU/B0hcbiKp7oDnV4vkONaErW 6 | GimPP/8UHUbPTkoJ+5377oaSnEPxTs6dH7qVxy4mtExY2eJYXS00BuTTGWaoalL2 7 | mTyldZyDeF9wy58sexyfDQ31XrHDOXda/dpPeBphbC0PMNMlh8CaAynatnZcGJuX 8 | 9U4WpvVSHw05two9YOZLdxL3Ceu/EhCE5IK7mWipP6qDE/yBZ8U3wkpaYcJvKe5V 9 | UZhdRhQ+4crzLMZw2C2QF77Hk+CqQ67XjyISVferidTxf97Fr9d6pTyoI5ZYOZbf 10 | y43qGdSFvLy4qie6SkKQoF0YDz2hSXyiRcvuVN/i+kceFO9IFqmlr4v2yFXyVWA7 11 | /usL0x0V+eWLF0dSMmX/5eXPh4bczXn3zVO75y64zAdENf/SKcN4OGW0quAwsVxh 12 | uFfT7bHmZINAtD+eHRIAUBw2d0JG6zmbg9qoI4l1NcHTcZqwSIKooTcof3rzo+6r 13 | +YK7QUDB50rEbwYfUQiPcZBp6m563OStv3mxfApjd3E24R9dEbuj+5SoHW1pbvlb 14 | xN7zG9orEGedAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAoZcYga6jgkbV9Nlp 15 | gjScjYlu6vyzC6sBjl+RTjgoRIsXAebX4JMuENEShfp0yO4jF0eKzM2jyRiuZeHs 16 | gRxII5mTAfMpK7lso2jkzAgRdIPoWsfb3WFG9b+bW+x+KWRiMrjiteORU2Jc2Al8 17 | 2CU1HorqyOVKu6LBeUdKjFofcUvCFw9xH3rxmPkEWqrR9JB0tWx14+PyOltcOqAs 18 | Z+8h01H/IBw6W5Gz6R41SdFUriLZPKOxYistXhzV98jizlu48LD53rAAvUIU0tPq 19 | NTRDvzPTw+w2Ay8EHMhLMJqjG+1vPHr1iYqeNDXvsCUt44aPhTNM2/9Ghw5sSBuz 20 | no5Hqt/grWEANir6Ptr1wvJmdUr35wJmlQb8gpff0BUNBl77To/zC2301SJnGHSK 21 | vMnDFjoXi6E73VY08MYayk4s97qe+jlatshSwtT99+8U7R+MZSKtz7TQ59sXtbHd 22 | Zxq3cMFdBa4ksO3+6u+IgAevoU/6iz/ge6Jp3blcn8kiby7EaXmPC416yuMkLdpC 23 | cTBFw5tssJa5J62ptaAw6QQdI9b1Jp9j8a3xGqTtvf89isYOj5j/iNKIoa2kZzF/ 24 | /GG4f00u9FrpJsIHLhOv4gmYpYJ1m8hXdqR93721BlvF3fEQtU4HmNoxv1CiRZp1 25 | Ldp0AlLhCEjvkMoMU1hoC+J2Y5M= 26 | -----END CERTIFICATE REQUEST----- 27 | -------------------------------------------------------------------------------- /ingress-nginx/01-tls/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDOpbHbd8n7btbd 3 | KQQne+ZxM4tPVc183rBuwi2e4hoiVToC/AXKW5vHfEaruC97XRechmSqdeLddK0K 4 | Yenb4HVpe2DsR+pcb491fBE5q6VaY57FNb48STGALesEayXGN20pR8TSKlPwdIXG 5 | 4iqe6A51eL5DjWhK1hopjz//FB1Gz05KCfud++6GkpxD8U7OnR+6lccuJrRMWNni 6 | WF0tNAbk0xlmqGpS9pk8pXWcg3hfcMufLHscnw0N9V6xwzl3Wv3aT3gaYWwtDzDT 7 | JYfAmgMp2rZ2XBibl/VOFqb1Uh8NObcKPWDmS3cS9wnrvxIQhOSCu5loqT+qgxP8 8 | gWfFN8JKWmHCbynuVVGYXUYUPuHK8yzGcNgtkBe+x5PgqkOu148iElX3q4nU8X/e 9 | xa/XeqU8qCOWWDmW38uN6hnUhby8uKonukpCkKBdGA89oUl8okXL7lTf4vpHHhTv 10 | SBappa+L9shV8lVgO/7rC9MdFfnlixdHUjJl/+Xlz4eG3M15981Tu+cuuMwHRDX/ 11 | 0inDeDhltKrgMLFcYbhX0+2x5mSDQLQ/nh0SAFAcNndCRus5m4PaqCOJdTXB03Ga 12 | sEiCqKE3KH9686Puq/mCu0FAwedKxG8GH1EIj3GQaepuetzkrb95sXwKY3dxNuEf 13 | XRG7o/uUqB1taW75W8Te8xvaKxBnnQIDAQABAoICAAgl0FVu66/WNvKRY3CLGhLs 14 | jVmbcHaz8RDs5w+UqqMf6SGk/jV0VzgOVlr+8CBVE1FAm0d9Tmyc5RW7tpTMzNRT 15 | 4QZv73WlkGp5cdRsSCDAPMpZzB5kZGdBaDrMXrjqBovSIJiIwraAYaXt1PBfBfLr 16 | x9SyBqKsvmtVEpjkGiNomRWiPyGDhWwY68BiC1FqMI4Syb+wFvvLpQufoEzf+EWd 17 | bSr3CPosbu5NN83sARsCP4UPI+uE+ebK/ejUYberBsdMytd/b9x29N3eZPPbHrTP 18 | wtH336CC5VEm435YtpC27dihguiRoShGRUXeSsAL/VaKPwo5YiE++dLC52yHPknO 19 | Btfy5yXeKLacZaOZ0zF87oKR4KODtW5gO/pne6odV02UC27+4tDR3WSqjGvIhFUC 20 | GEWpJ87ZtzZZdmyIOQBpwqu6mtJ65S6EVjwkTq9jDId+yMkdpL6XpTS4BnUZJRvP 21 | +ndbRTLEYQKN3F29XsvLapgYKNWnLcbWew6kcxclNrA7mohCyTJCF6/0fGo1J8BV 22 | /3JelRZhHCmJGNBpgjDWau0j75mwQJZgcDto2hL+0Ean3IfRRGh2y8YsNO9tPXWg 23 | 2eG0rvvJYbrG8xQVLSCzTApV/nRCTleKFmRVFPQyIhRDg3JLxi9YdARQ7ijuB8wk 24 | p7EKOeO2Eb8vpbKh+/OhAoIBAQD3eIZUTCQfWhAHEyF0QlWma3TjnoiSACyhPl55 25 | K31mJr68Br51YAzGhDCRgMRrfWfTB+D+BQdu9DMWTtoutk2bA09gMAdjfjdl3nsO 26 | +BYDPFFjhokAt/63PTSOSSuztT9CC+vFYRFtpNPkSUawGP3/r8EOD1kQshOvRb3h 27 | IVJxPxV6d1uEe0c21Na6wuIkFPypRHYjaAD0gnUyeD6y0e3Z18BawDxrDN/BArcb 28 | eSHpoU4URVxlgoavbcyqYjozFXa3PhKQEPkFULKdjqVa0uc1+b+WGp6RISXzF5A4 29 | +ymlAbYo/wutEEsmxIldZIE/mzKWfxi+aJFrRM7/0nif374zAoIBAQDVxPomDUSI 30 | iOSPorNwY6/wBlJOS1bj1/VzxcrD6UXzP62BzPDboX0z4ODvH2Npf0Jc6DcxPhIQ 31 | VvO59S7Im1/Iio+0mVTDwVBYKMlz65YA7XyXdZTcIV4opV16FRu0uzIMFtVlkW5a 32 | QzYtMYFrxQyTfV5daDiGPlIZuoprQM0kfdoqLair2V1yor2uWYkyqAScdjqxZvu0 33 | Sjrgoa805l0RrvfYsEoa+z+HB5SSuqC4sakYtDOevJIBg7V0jSe/kDkUksoEZbyM 34 | wC2SavmxdhXXsomz7twMUpxafwMp+ix2SWo2Fvhy/KKhnIJ8qEnUDoh2r/7hbA8s 35 | /MSEorcsONLvAoIBADlV40mEmpno8+2vsQCOnemA3AQgpuOsxqpVGO5Z9SPFtks6 36 | BMaNCmi0F8yeWOPOmk96c9Zms+IxEeUJP+OyuShBDBLtDckvZQZlFX3SXMdDIlg8 37 | w2E3P/yUYajVqxpn09ApkuaYJsGQfsdVcts57x9eSQxI4gnMOGNTdTrDzaYPR5qo 38 | LLv1E/rQNS/wFxTlB+Tvx69MWWxNDXo0AdLMcJ8YLajZASaMRQsi5emnlwPaK4zm 39 | xRF/vFTIy7JuL63GO0sZRpO6WvewSrHWatkwJAGNa6YLZNGbLH+15eRNzMg+LUYy 40 | UTI3pDHHN0w8DPX/ryjPKZxz/b0spAkBapEf9aECggEAP6J8aJloflBp4YwoaFt0 41 | gzoOhDoPKpIeAhGuE3W8mfWpu8r7JBZFhAz8SJKKcFwusCN8Uo9Mp0qLER84hwUh 42 | lTwSHUvLnN5OAYBav8QwiiQoA5o/7uuL8QOQ+QeRkNJsyoZ9jdemBv6dAQUMpr0o 43 | yjr2vU2KDgQ9QmVyUQ0gRC2mpQmkfUuecsKZPm5u1gKIJN9ZB3hFk1zJfBcFZfTx 44 | XZM9Omb4GGIUfii2hJtDvtc8JBt4hldSC1tex8xBOdg/9azgsEBsyWVn638mxzoE 45 | tIn0TfjbzltFKfdHRNaxJ6EhGerqmKg17W/+tAcQuyx8WQB5GjelqNmx0l3xsxtT 46 | RwKCAQAUvMAGVb1YCnpGE13hd0rRwdKE2uI9iEq5hkOtrs3TyjOCytAKNdgb9r48 47 | 7428ZxpY0Mu5vyyIk/VRHRM2rIr6oQqkp5cVtbCnnrxH2NZcGRgvchqLThAlSo+K 48 | bQFwXuZblqk6eUD67P002lx92Pttb/fE3dOU1LHdt3duBWvARvBgmpWRYRHPsRni 49 | 6KqYCRD8OrQW+1u2f2H53cDc/ZoMwQKjFB8vJjo6mEI81fWl2BX24Pa9H8F/uNfP 50 | V6LuhU5MWeihan48p20wjt386y8Mm+7A+3f6AMbA1p3S7c66OWgdrzRKFJXvN4A6 51 | rJAcOdzrFXJX/mcyMC++NwfnBbCe 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /ingress-nginx/01-tls/tls-echo-example-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-tls 5 | spec: 6 | rules: 7 | - host: tls.echo.example 8 | http: 9 | paths: 10 | - path: / 11 | backend: 12 | serviceName: echo 13 | servicePort: 80 14 | tls: 15 | - hosts: 16 | - tls.echo.example 17 | secretName: tls-echo-exmaple-secret 18 | -------------------------------------------------------------------------------- /ingress-nginx/02-auth-basic/01-create-user.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # 01-create-user.sh 4 | # Copyright (C) 2019 lijiaocn 5 | # 6 | # Distributed under terms of the GPL license. 7 | # 8 | 9 | htpasswd -c auth foo 10 | 11 | kubectl -n demo-echo create secret generic basic-auth --from-file=auth 12 | 13 | kubectl -n demo-echo get secret basic-auth -o yaml 14 | -------------------------------------------------------------------------------- /ingress-nginx/02-auth-basic/auth: -------------------------------------------------------------------------------- 1 | foo:$apr1$zOo0Tcq6$vAkxPG6LagZ.5jw4EGTHK1 2 | -------------------------------------------------------------------------------- /ingress-nginx/02-auth-basic/auth-basic-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-auth-basic 5 | annotations: 6 | # type of authentication 7 | nginx.ingress.kubernetes.io/auth-type: basic 8 | # name of the secret that contains the user/password definitions 9 | nginx.ingress.kubernetes.io/auth-secret: basic-auth 10 | # message to display with an appropriate context why the authentication is required 11 | nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo' 12 | spec: 13 | rules: 14 | - host: auth-basic.echo.example 15 | http: 16 | paths: 17 | - path: / 18 | backend: 19 | serviceName: echo 20 | servicePort: 80 21 | -------------------------------------------------------------------------------- /ingress-nginx/03-auth-cert/01-create-cert.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # 01-create-cert.sh 4 | # Copyright (C) 2019 lijiaocn 5 | # 6 | # Distributed under terms of the GPL license. 7 | # 8 | 9 | echo "生成自签署的 ca 证书" 10 | openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=My Cert Authority' 11 | 12 | echo "生成用上述 ca 签署的 server 证书" 13 | openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=auth-cert.echo.example' 14 | openssl x509 -req -sha256 -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt 15 | 16 | echo "生成用上述 ca 签署的 client 证书" 17 | openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj '/CN=My Client' 18 | openssl x509 -req -sha256 -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt 19 | -------------------------------------------------------------------------------- /ingress-nginx/03-auth-cert/auth-cert-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-auth-cert 5 | annotations: 6 | # Enable client certificate authentication 7 | nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" 8 | # Create the secret containing the trusted ca certificates 9 | nginx.ingress.kubernetes.io/auth-tls-secret: "demo-echo/ca-secret" 10 | # Specify the verification depth in the client certificates chain 11 | nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" 12 | # Specify an error page to be redirected to verification errors 13 | nginx.ingress.kubernetes.io/auth-tls-error-page: "http://auth-cert.echo.example/error-cert.html" 14 | # Specify if certificates are passed to upstream server 15 | nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" 16 | spec: 17 | rules: 18 | - host: auth-cert.echo.example 19 | http: 20 | paths: 21 | - path: / 22 | backend: 23 | serviceName: echo 24 | servicePort: 80 25 | tls: 26 | - hosts: 27 | - auth-cert.echo.example 28 | secretName: tls-secret 29 | -------------------------------------------------------------------------------- /ingress-nginx/03-auth-cert/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFDjCCAvagAwIBAgIJAM4UkHEU5nsdMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNV 3 | BAMMEU15IENlcnQgQXV0aG9yaXR5MB4XDTE5MTAxMTExNDEzMloXDTI5MDcxMDEx 4 | NDEzMlowHDEaMBgGA1UEAwwRTXkgQ2VydCBBdXRob3JpdHkwggIiMA0GCSqGSIb3 5 | DQEBAQUAA4ICDwAwggIKAoICAQDDrh3CAeisHmpMdVK0ABAoQJ1AFGWIP9Eap6r/ 6 | WrOU3Skh2SNPM76vynuMbND6G7lfxv0rUoWMRBKfb4ycIcJR4N02BCznh/FGJcXw 7 | Wg068NeX0lMUewFGl9kKTDZ2INXbJXmpP62ymfYTpgeIM1OXU88/0gbFoBnlhwxP 8 | X2nztXDUxF+z+mMEhUiXWDkuMbJxtI/6xHr1SuPRCU0Bo95SAq+Cjz9by123aTMp 9 | rOufp4wxtlml1W+lLibF6Nj/2dWkw8ACRuWIC+Sn6O/D55rBdvCxBu/Jn2Dg+vf4 10 | jqc013ege7W4EnI9x+WjSFDrwVVAsLUmHJzhCitIS4mq5a034L+YEJ3v1b0z2+QJ 11 | /ptdxq8RyPre7HaNRWrIm1IUeuAjYQETlTTCV8vD7BbsapVp0UoAxU1ECtf70a5m 12 | UBA7w5BzD+zRSjLqwlTxQIojyXgLZr4KADNVcpzANnM09KxLQfQH6FhPgH/ld2zb 13 | zP2GK3QeissFiXkdZUA9lcptbaL6zPDh8eYuzvOPypodPYE4T3OWd2QvzkLtZddm 14 | 6qbvOudLhM7izOtYF5odOiuRdsuVvmKS1fvm3Vhf8LxkyymaPNmroYdBkIMdDb3v 15 | OjEf2gUTQI4zQjzITa8heQdPlwbWq5AxsGUtvHhhG13bs3i2X5V+ji7TRPGSJFvI 16 | Dyxu9QIDAQABo1MwUTAdBgNVHQ4EFgQUDuTjPfv8HVvXUGGhiO9DVRzYms0wHwYD 17 | VR0jBBgwFoAUDuTjPfv8HVvXUGGhiO9DVRzYms0wDwYDVR0TAQH/BAUwAwEB/zAN 18 | BgkqhkiG9w0BAQsFAAOCAgEAJF7miusJ1qnXTUAvMsmGlhWw5m4MPg1EtNLeUfDY 19 | kRzXcfPh5LYhN+I7QEb2vfb7lUixLsVRjLWnavjPytV0Xyu080V9Z9gugbwVtPMq 20 | YE+9T5EFNAm2wQ/+IbewWQKdiw0OTfETaxRqwWcWNxO/X05mWZLnKk1sWobKNsp2 21 | On7uwR32PT1U5NPdLQrCIwUopAlsbdrtBSklP4a/CxPh735h9+PdGIdwyEi0YovB 22 | rJTT6niiPrs2WusERyG1idSd0paWPWPmQWxEuaqzmONjBBruui3w2TPWvVCO0681 23 | Q2fKTIUbigCK4YCfRM7XEA0iFJKAHZx4BL/jhvhhJPuPUy8phyuzToQZ7AuD37ja 24 | toDoQJr6aCr9wNw3GlLqLTuNc38kz0uLdmomFngep7NTd3fOGuuiOtLx7CbLzodp 25 | sAGdDc/tVaUeIvbhyxOhs5gJn6ccwxbLztC2kvQL8uDJO5h7M6IqR4wUbhCzs8cq 26 | 3VwMWq4rBuSDbIWN85E6z4viQBBW0/l0JZ+AT+Tb6y9aUNsJ1k1kaYId8ALQeMNN 27 | K1jDT0J3mtdkvlqY9ebU++exQgLsJuqULgYdG3tjy/ZcpALeIEtwJXM0GI0PaMMh 28 | TlXht6bh1tmoMB4LxzuYK12vGLgdnUqC++8nIw0+V1sUAJJra0pmXFLhfPKfLwVK 29 | D7M= 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /ingress-nginx/03-auth-cert/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDDrh3CAeisHmpM 3 | dVK0ABAoQJ1AFGWIP9Eap6r/WrOU3Skh2SNPM76vynuMbND6G7lfxv0rUoWMRBKf 4 | b4ycIcJR4N02BCznh/FGJcXwWg068NeX0lMUewFGl9kKTDZ2INXbJXmpP62ymfYT 5 | pgeIM1OXU88/0gbFoBnlhwxPX2nztXDUxF+z+mMEhUiXWDkuMbJxtI/6xHr1SuPR 6 | CU0Bo95SAq+Cjz9by123aTMprOufp4wxtlml1W+lLibF6Nj/2dWkw8ACRuWIC+Sn 7 | 6O/D55rBdvCxBu/Jn2Dg+vf4jqc013ege7W4EnI9x+WjSFDrwVVAsLUmHJzhCitI 8 | S4mq5a034L+YEJ3v1b0z2+QJ/ptdxq8RyPre7HaNRWrIm1IUeuAjYQETlTTCV8vD 9 | 7BbsapVp0UoAxU1ECtf70a5mUBA7w5BzD+zRSjLqwlTxQIojyXgLZr4KADNVcpzA 10 | NnM09KxLQfQH6FhPgH/ld2zbzP2GK3QeissFiXkdZUA9lcptbaL6zPDh8eYuzvOP 11 | ypodPYE4T3OWd2QvzkLtZddm6qbvOudLhM7izOtYF5odOiuRdsuVvmKS1fvm3Vhf 12 | 8LxkyymaPNmroYdBkIMdDb3vOjEf2gUTQI4zQjzITa8heQdPlwbWq5AxsGUtvHhh 13 | G13bs3i2X5V+ji7TRPGSJFvIDyxu9QIDAQABAoICAE01r5I0dJ0tZx4CEP7rI3Tu 14 | gd2d7q4DGDvfOo6FOGSdmzQ63D7NGQl96J/w88gsFknfV1e3uPAuj/aO6jlU7Lqn 15 | 8kD1Bs7Yie/2yZJbxeqiyz6hg5yKKGe1VLNGfRrBPAC7WbTZZm0ZaMo58bDhJ7OH 16 | Izh4Y6mo0W8KiWXsLP83cWzSizyVqGpJOOpWqkE65MEO0NzOmAGfaiK5+8OQ6BEN 17 | 9Dic0xAiPzk2bjScgWA+mQeoftj7TZEsk6n1hWH2juDzSBjd5oV2w+Mo+yoegaai 18 | irgfF5BDrdM3044ko38rIY2WIo6d4KvV6xsxVpSfdUcQMnn2QkRdYdSl0Y04EM9R 19 | Z2fvKdtrIgfCA1Nl/Vr7AUjQi8B5wsiaxJKO7qwkL1ALH1SOSTBe6EKYJRjwXexO 20 | gQ2GO3xrH8VhfPwSYdaa+p7RUKDXjTR3aSlfBnFiN8HQD0YUGmQIfZ9edcR//Q5t 21 | jgyFos87RZq9cRU5yI5YMX7vT6FjLLCl9SySwBZrwjtSukep5ECeYXF33GzgDNrf 22 | 8dDX33LILKu14CJpbBTzrJyRFuHevXbu9Aue8bB1iCgkKR3zi28oROGLSEYBZj97 23 | RpgUYsZLOJsD4UwJTPEDgeunRMzaH6pXff5akY6vwIkW6SV/zHXd5Q3FMLznB1bh 24 | J1Fl+ew38qHFUANdpX+FAoIBAQDxCBlC4TR8rOqZyEm3I7fsuGAT7sagcqIr877i 25 | DKXGie4DisvVMQ3wQQ3gGtctrE885LB7nVTGLPfQc28LcrBWFX31iYQePGRtyObG 26 | cJiTSqFIA03DcBVUC9dK10LL0ZyuUK6qT8lMxiUHO30aGTwVkmBvvuoSKSeXEWeN 27 | //J3p/NO2vscYlTTVd/U7KnNQVMjqnwJNeCfWoCpoHExQGIho8NNOWapdxwfHFST 28 | SdNhLh96Gqhy83pO214ljSgtjekZYkZvpryCnON/74m7Y8RgavDdMDX3KNpl4fEv 29 | OfvpFcoTbNGd3rh/smRlTgh9OzIoBEcRa2246aMm/7+mAzTPAoIBAQDP1QXw1ZCU 30 | p/4PAS0EElpcj0rHvhBr5m7Z21R+AiwUdbAMrPXVKb5IlrRrUr7OxrSCEU2kSl2g 31 | KRXK0TNJgb76WlHV5XkQ21RmNkffuTbbwsDat3eMbA0i6l2/YBT9WUv6Z1M58P5d 32 | kueU7tOT4LHJ7oq1JINtHV+tg+ZvanrX9TKMHhhKvWn9VoJMcNjCNopkN7xvOjZb 33 | sLgvt7lorCIpu0c3vOWGqrxyWUR6rQqq2+dMys9nOgPrD7RnrtpQP5CxCxPeKliV 34 | kVdbiCDS+ImN6EWt4PaP6ATXg1FJ7n+r2byUUIO2W6yVegx9Nj7TUZWYpy3VBGWo 35 | PLPWs+gzN9j7AoIBAB5UrZEb89XokJEPgi84oHF6diSr/HS+WCf9wTyC6O2F99yc 36 | P7AxPxbHqO5VklReBY6dHJRBpSRXDkw96nBfW09J3xLh3i1L3jtud5PrIVgPoSIF 37 | wGhil1x/LPVvBynM09Gft4sZBTTTDl/NnZ2GJWh1hgsp1By67w90kjptRd7G1LhM 38 | mCLnQNNjUApkSa3ZlZO8ZWVnUT/cTKqL1RKkjnS7Pd1e5stWgMRtdTsfpCjre+yK 39 | pD3q464+rqc9DxxEalvWYRS1v60T/xDfXM6m7FRRwMOkyHW0v17owsf1nPyk0EwH 40 | eo1KNJ9lHHsfCbRwmYwtlZ/ci+8j/3Lt5fkHGEMCggEBAIfMQ1N32D6p/gFD3WwZ 41 | qd1s64nUENrP+IJ1I6IqPS8pLt05bm/YFLNNdZniuTZW879BGyBMTxzFe63IP+C5 42 | 3FWtCmfextpS1bTrps7yMHwrpuPCmWSxfWvhA1x2pYBdBp4ZQXJMm4f840CXRLwN 43 | R14QdaWitBVp6ghwdPM7+gR9/Ic9atX7KfQUwJK98YQFKywMlx1+ReJneBIF1Com 44 | vzPRYNl0nez+Rp/Y4DvgMWYuxdWRdy+V4tWGr3RH9fIVdq+X82Vo+fTQwOnX6sqv 45 | BwIoUM8qfTDOg8tlzImoQtfBL80hRs6y2/PXia2O8kIVvs+9/N6BPwNMlp2ldAVz 46 | al0CggEBALwC+jVV0rwZO9asUHHpc7A+REFJ2e9p0zH/hcENtV6/CY0fGHgTBcr4 47 | QEyK7vZfwt3GiuK4MH+4T7kF9hYfjOI1rMplf++A7fL0OVv0JJ3edS3YXxj6TpYD 48 | in7mwLj2T4ld29W/s7nRvvA2btUN8hO969pVsLEdhmc+Fd6rDmmJue+26Zjpnf1c 49 | h1yQojwWZXGqGju1XauRHQxWIK0XbRKfqnP7MfHzpKZ/Tvz3nEV0tduSyhz0LHap 50 | 7FNbfPOPQpZQap23i+89J7qKfza2KuXz60KfTVfm8dLm8Wl3VJ1KVNppSoiwIxch 51 | 2ykRu1u/dKCngbVeD74NLVh0vXAL+Sk= 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /ingress-nginx/03-auth-cert/client.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEpDCCAowCAQIwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRTXkgQ2VydCBB 3 | dXRob3JpdHkwHhcNMTkxMDExMTE0MTMzWhcNMjkxMDA4MTE0MTMzWjAUMRIwEAYD 4 | VQQDDAlNeSBDbGllbnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6 5 | lR0Gs9TI39Uke8c8R2dZrzTq/hJEE5M/ppIp3niij+kdyxUKNJAxj4a11nHhsRK+ 6 | g/78cHvRoF7JXhqq9MeHOJoNDCkQW9EyBX9vyTWuhBs8BYM+61ybIUGMqcEVciQK 7 | 1gc7m4ugea7EvRYD/vB6PGgaW4nxw16SlfamOj9YQ6W1cxnLz/Au1hSDjLNBTU/4 8 | YQRqkAGEs5KXARHcBLxNKSAJ4wveF4ZhEhGLnptIV2kLE8nqhtgkNxhwUazDJYDi 9 | PeV/f9A7TBKL225UPa/PlYEdNMvusTt95oqu1LVE4r/1wK0U5QLMPTiukEFMlHEk 10 | EeQ8Q12HKl3INYtCDvcJe2Q9Lbf3JEgzFqpK1pnP6mQAa7m99/O2nkY4g57LiUcd 11 | PLZ5dr9PgOe3K5WWi3lftlYV0Q9qjIk8AZY2wzYJdPnbZH8hMMr0zXJA+xIm7BXc 12 | zYNbg8wC7WuCsZTTnsVYmkHsBmvW6O6embpl9qsyJi2D5bpPSoLIA9dTixpe2mOu 13 | vkdZcN2+z+sHmHWQvF8V2KqpPMCfkFtQVUm0sRxINEB9NQeQwzJpZ1o2XHEM28ZD 14 | +3v+0saOK7BWnKw4hS8mQAH7fedLzboq++7GBZI4reO3LA7/fjo3pGzSOT/2dq5n 15 | 9QV2pZwrpxxKi18ZALGjyJWyLyIIlbgyiJEzhaE5PQIDAQABMA0GCSqGSIb3DQEB 16 | CwUAA4ICAQBBtqsLhqL7Q7hnde02BnzFUgaLIrCbljBdkqff1YuNhOsCEOQrMZzh 17 | wNDMmQ8gJyrcKHNYaL9SrEUki77QnKoCkbIEJw3+N6ikkyMYU8BD+hvR4t2o8pEp 18 | RyaWmqwVh/FkCwNGnJiq2g0DwtxkmbPUb4Ab2IxE4lXZ7SmbDCxNWlNH13goBm6N 19 | 347SR0TgK2tsVpz2f1hNqAE6S9/KyN3RWPAF0VHnYv+CC9ljEgEuULJR22iILFsN 20 | 1IyceONys4GfFT5/BmuYIxh3zV4I4D3MBa1EgK5y67fxd2qiq31LXGiBzbRxpN1b 21 | c1rqh2iUL7aiAmBHRNWz64eU1ZgxZXAaNE5Nk7Q7d/MmeVx0A8t/XrlJ/nvVNJcu 22 | hKyMzz7TuRMq4HlJ38vj6dAujquqJ/0JKNjbxuYHdVvCW1PKeJoUD+e7iEw2FEsD 23 | Nad5N6unThja3ugPVzN4gVUhh9rM7np3vDKpXRS6w8M3AErYJbLlqNKQ8s6HZyDM 24 | OLUtacT85gQeOEu6PSybrl3hUapehklNa1YxsLoglWCV2jD6RZPX2mfUM8HKGh+f 25 | JhUGK2omDQV8IBsGCstsvMuksbYpdDKKQwy7NJOZ+KGUkSCSThw6UoJbyW2eQo+r 26 | e/5lRh3TYz5+zqXWo2TK+xqdd9UUZJRtQ+S4yO6711qrBuKx29ZxjQ== 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /ingress-nginx/03-auth-cert/client.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIEWTCCAkECAQAwFDESMBAGA1UEAwwJTXkgQ2xpZW50MIICIjANBgkqhkiG9w0B 3 | AQEFAAOCAg8AMIICCgKCAgEAupUdBrPUyN/VJHvHPEdnWa806v4SRBOTP6aSKd54 4 | oo/pHcsVCjSQMY+GtdZx4bESvoP+/HB70aBeyV4aqvTHhziaDQwpEFvRMgV/b8k1 5 | roQbPAWDPutcmyFBjKnBFXIkCtYHO5uLoHmuxL0WA/7wejxoGluJ8cNekpX2pjo/ 6 | WEOltXMZy8/wLtYUg4yzQU1P+GEEapABhLOSlwER3AS8TSkgCeML3heGYRIRi56b 7 | SFdpCxPJ6obYJDcYcFGswyWA4j3lf3/QO0wSi9tuVD2vz5WBHTTL7rE7feaKrtS1 8 | ROK/9cCtFOUCzD04rpBBTJRxJBHkPENdhypdyDWLQg73CXtkPS239yRIMxaqStaZ 9 | z+pkAGu5vffztp5GOIOey4lHHTy2eXa/T4DntyuVlot5X7ZWFdEPaoyJPAGWNsM2 10 | CXT522R/ITDK9M1yQPsSJuwV3M2DW4PMAu1rgrGU057FWJpB7AZr1ujunpm6Zfar 11 | MiYtg+W6T0qCyAPXU4saXtpjrr5HWXDdvs/rB5h1kLxfFdiqqTzAn5BbUFVJtLEc 12 | SDRAfTUHkMMyaWdaNlxxDNvGQ/t7/tLGjiuwVpysOIUvJkAB+33nS826KvvuxgWS 13 | OK3jtywO/346N6Rs0jk/9nauZ/UFdqWcK6ccSotfGQCxo8iVsi8iCJW4MoiRM4Wh 14 | OT0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBuv87Wd5lTc7kM5PE9K4ap7+4/ 15 | XFp4FNp8gwNWnbhtgCl0svhPeZPQKLWoFS6auu8wNwckjta5SxCPKNNZ7scoZB8D 16 | B5cpZuhnGqM4DF9nNFJmfsmPbErQLBcauhET4y3qFo/bgCbTV04Q4fIpAJZezukU 17 | Gv9DziwODjqds3U5FWIcOJyI4HkVTklbMfbNdvSK6EsjUCbRQZMbpXiGzEY1hcOh 18 | SwDF6RRkVoJfBmMCuTBJUxyRGBB9lpEzjNHPriV1qtNGHs+/3a0mR4HzmOIeLGCo 19 | 71+0hVMEot+D6Hisd69+AdlJlZggA8CMjUKVmLBEOah4CCmu/TgVLQ5sYv9MVe2c 20 | gpw1xLzPlkFzelXLmo6EYMSWcHff9CCi7xR6A+8DX9B1UzP325qwl+gN9ysbijQ5 21 | CV8R0fH1RrMvFlcms+s7SaIywX7cduvF52uB81TUBK1nB8GNs6+QCs9I2KnvC04N 22 | yX100+TS3q/lDp1ar9m+bEmz6rwdj/hskPhiAVSdkK6JjxyUeQ2fqn5i5eFYRWzt 23 | VmCikyfUzevkyXJPn9lnuIMBsG9kNT3Q+JWIBPYGYYFLSp2jQJzQkLEWzg9+znWh 24 | DpVkYjH12iRiufsmJf86NxD1ezmPwmmpmrftctVqHld3FCbplyzaZInPXZN0DbgH 25 | GTIFlS0ZE0Z1Zerv2w== 26 | -----END CERTIFICATE REQUEST----- 27 | -------------------------------------------------------------------------------- /ingress-nginx/03-auth-cert/client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC6lR0Gs9TI39Uk 3 | e8c8R2dZrzTq/hJEE5M/ppIp3niij+kdyxUKNJAxj4a11nHhsRK+g/78cHvRoF7J 4 | Xhqq9MeHOJoNDCkQW9EyBX9vyTWuhBs8BYM+61ybIUGMqcEVciQK1gc7m4ugea7E 5 | vRYD/vB6PGgaW4nxw16SlfamOj9YQ6W1cxnLz/Au1hSDjLNBTU/4YQRqkAGEs5KX 6 | ARHcBLxNKSAJ4wveF4ZhEhGLnptIV2kLE8nqhtgkNxhwUazDJYDiPeV/f9A7TBKL 7 | 225UPa/PlYEdNMvusTt95oqu1LVE4r/1wK0U5QLMPTiukEFMlHEkEeQ8Q12HKl3I 8 | NYtCDvcJe2Q9Lbf3JEgzFqpK1pnP6mQAa7m99/O2nkY4g57LiUcdPLZ5dr9PgOe3 9 | K5WWi3lftlYV0Q9qjIk8AZY2wzYJdPnbZH8hMMr0zXJA+xIm7BXczYNbg8wC7WuC 10 | sZTTnsVYmkHsBmvW6O6embpl9qsyJi2D5bpPSoLIA9dTixpe2mOuvkdZcN2+z+sH 11 | mHWQvF8V2KqpPMCfkFtQVUm0sRxINEB9NQeQwzJpZ1o2XHEM28ZD+3v+0saOK7BW 12 | nKw4hS8mQAH7fedLzboq++7GBZI4reO3LA7/fjo3pGzSOT/2dq5n9QV2pZwrpxxK 13 | i18ZALGjyJWyLyIIlbgyiJEzhaE5PQIDAQABAoICAQCSetxl1aq45RkVYmOhDEG0 14 | JBv8XOkELwYME35uhmzY2vhd3oCvGWMWtaJBgZC4aebYURJPJxPeF/QyTMHM8wzu 15 | ON6gXaqjYCIVDkHlBecyEh67eWx3ahmy5GHsx5yBdLGdHDhjcJMmskElzXjKPEyY 16 | +nGUN8dNWV8W38ra56GxbrJaiHl5C895RbKnMD/OhZ7B1ZC9BD9c6gmsqTdXLxSR 17 | 0zaG7Iv1mSxzatcBcMxh99XMz4VWrPRlQifajhR+xCOx+nwBI9vbobZxvBya4C71 18 | Xl8WCcwMoXGePu8joHSLFyUzD0gSvlP6+hlU2oWZVHSap70yHoT/x6AGvRqOCuef 19 | X8A0+63WBWdtBW6C/BaIOfM4VCuoEudN/zwOZoo/Mj+G8n/wRLdmR53kS05kNI9T 20 | I2wNaxKshWcfJTBux1IOPXaZc1yXTY5aCmw5MudQGZX2oUV1Rk3O/6UuuOVIKkdx 21 | LOJmOTLEU3hyFrvqRNdMj2dbO1i5NhnvUtWWJozfo/fNo4xP2uwp02h/qVh0fewM 22 | wCf0XFZo/R0r5HIUZ6jh+NUup+wBR2iuXB/n4dTpTa7ATyb+U4jJ1aA/aypMzP+e 23 | Rzsdz2PjMz5BV5ZOTTTSBojxPjyPvRAx9Bo2nRvrjAtQTq1s5zU4u1NNQZmS6MsO 24 | I8Bjy3hTVlL8jsYEbxmL4QKCAQEA4VnG4gYa6RqD4z6me2QqP8V0o5tE2cuGIJK6 25 | 3JDjrzZUIlEG3i43h36uNXOcxo3GjhsddlLHrRlsS8mezNjP8VDJkJlWcrmOedcZ 26 | OfFO9WBZsGOI20RlRAUtJzYlzX6I6A1KA5o5azJLFYxZwy/E5OJFuvJou65q5nL9 27 | 1jHoE0LahOOZlBc6HxqAkBACDTXStA92EGHBvHBT/OAU/FRjJXlTBnQ6NnTWzJnT 28 | geQ7/tNWj6lxJaHw2eGVbfjHtol/FL1AqG7ZubmE62ODOcEYTc5Kq8rZYiMWQkXI 29 | /s195k4WROrFg1iR/HpGy+zMp2/rpbmZOBxAQQ3WYKas2AGM1QKCAQEA0/WC2YZ+ 30 | jyZJ279jriuXAYVkl4W4gl0lMtzdZSyOhbNWczYhebHc7wFkvtmtcthTAyVtMi4j 31 | B3ZbRj+Hwg5xbXcM30ldkSKNec1wz4UqsZKY5VPQtYVJKKFO5c57B1aqk5KpTqg1 32 | 5x18tBmVPZHhM//fyAPonR0hP9vBImQm01nhm1g9Juq6IX7bhPcnhy3yKfivG/oi 33 | OtewtoqRbrU6ZVKsZKCTwfRwmicydRBJIq/RBBMW82NZomHZKa1OT1G2jy/Ji1IN 34 | ByIi99T3FGzi/9sH/OazvL+ChpP9BD1/U3Sh+/vOMXbDxbrYUjuUNaQ4wvZUyEqE 35 | PH4K9xPh3t4OyQKCAQBeQ4WUCmW7WGIO7qgJOW8K2ffecBau3BmxCm+rz9fN9PXg 36 | nPA4hDCqNu18Ym4UCD4kN2dtlVb9K4NHeIE6wv7IvLh0ChBFUSUuBjIBMNWMgs9B 37 | n4Eh50xM1bV7j4Tknqd6GgT52Mtn8dPCocDyisrby2LLvpbc2yrQVw2jSaEAXZi2 38 | udYGQmkHlbhtiqSxDfCjbUw/sgSuZHZdcwaUPmByzntSWc/384vebgIxdV07TQAK 39 | fCBeU41CNsChDc3Mp1tHO5sOWcAtllLpe+jqgcE+2qoVjna8PF0VP8fB/gdKDSP3 40 | lBUmyifW6vcuWlGJQKHb4vUaqYafL8CbEV1/xbY5AoIBAQCLh4TZuUW66lOYiwcN 41 | crh3Ud6EOIzblIGWV/qOTaSMsx/nu+yRddqgo2Q0lostnOYYnhyh+ekpUmqHde7i 42 | eiuFCee5XUxw7DQByJHIqjsOphhsbp5nwBQG4RlVAnXOwOiNOPCnTOge+jRLQsQR 43 | weRkHL6tppUMSE7JANrEzvUYEIUJhC7NXZulzSKpByJIRKCzrHdpjWHXJoG3yMQw 44 | ArEsXh4KKALcnRM7By6aDVx3rxGDAyYKlo487PjODL4OTRZGcAjW4+6bkYc/ajw0 45 | f/F2yDMb8qrDR7ae7PCUR/93asHvZTW5Lht2IKeiioHoRfDvtsTdDOC8CaUiPT5l 46 | PfyxAoIBAQCS2+uvd1S9XJUE7jfaM126Gq6bN3c8s8YWDh2DYmjhWqxgw1qsVyMM 47 | AI2hYc1vqgPQwv2t73ccZ+8wcl7zOUpEmkmWIID3MU3G52bEIHIVzmXIY3KHMenR 48 | u4wSOU2F1cVaCs8kEC2KyGV10MEHntbm6fS7MddgJRTGhcWAZrcXfXlaXc2VsXsN 49 | xq0v7iHq1t4mZN50FNvy19zPx8lSIprCSReXRkmP+K+anm3YwHv9XelBJT7/j4nU 50 | 3k/x1oSRu8myVVcIEixSHG/8Nd9nm1A4Cg09LBh4MUJ5PYaeoIuW4sgYX2EvrpmN 51 | ZxkRg/G00abiFeLOoviDYrIrgysl0Ev4 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /ingress-nginx/03-auth-cert/server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEsTCCApkCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRTXkgQ2VydCBB 3 | dXRob3JpdHkwHhcNMTkxMDExMTE0MTMyWhcNMjkxMDA4MTE0MTMyWjAhMR8wHQYD 4 | VQQDDBZhdXRoLWNlcnQuZWNoby5leGFtcGxlMIICIjANBgkqhkiG9w0BAQEFAAOC 5 | Ag8AMIICCgKCAgEAnpBoJ9PamLnlLAdJZYRV9zPHg2kAfRP3kGUGs5WkCK/YWHeS 6 | pJ1DMgcgIlsBqpVYKA5wpEoP5zG/GpSiwX/yVgMz4bhKiiQl5sYmdyxlU9S+Vtbl 7 | /FuAP8MGCEpXNA0FV1GsrO87xDuSA2a7mMdpEPAWERPmqunP0tsO2ZTVtKtNXFc8 8 | grnRMP5Zj2LTCPpXzc/q46/HpmkoXAqHYJiDAFahZbAZJ38oSC4lmSr6oISBU3Ah 9 | HunRbt6wCjiJmYXJDzzcU1CmaO4ZJktrODnNtBheOh331XBTz5zcF+taoo/JYXz3 10 | UxW2fzw1rcRg49jz9bPN79gs/g+JcLiMKaPBoQuGwBexGJA51sB3zie9VOwpSIkI 11 | 6uW9CDPj4+G8FB0DG3k1XyXnmTxRZONdn5cn9mhqJbjc1u87ReQFsaV7TxqdmVcS 12 | cdZjm5vxVvS5HWzRyFQKR1Y4MvzD0AkZOFIQNwZBRIpTj8WrZXsepg5MsKOaJjyH 13 | qGX/h2a16W2E0DoDAkO1uhIcMANr6TwEmKTLWlZi8aNPDKnuMRLGTl7rV2TuiAx9 14 | n6H4Px2ZN8NsCgHJ4jh0j2/N74yNd/LSM9e9z2VEayTpcgxQwLW3tVQYJ0f1kAFD 15 | PswaL5+2Vmm6GnEYq6Dreg5UtJQzWmCw8533Z1WsFm/yjzmKwFLloRFvz5sCAwEA 16 | ATANBgkqhkiG9w0BAQsFAAOCAgEAe+bjYNPpdG86bcPQ/RCQwlWBwLlg7FjwHUH5 17 | UB1tKWdMqJW8Z6YkbX3VocQa0YbsCoRYALYvbI4qw3Zx+ooO4C0Q8/ofdzQkmZHS 18 | McRnPB9pi0udZ1RLVudFH5fdBPNtOWpppq1YFJeTkkp5SqWWfPMLIXLdwimrXxBI 19 | oT3xOYKY75cGFm/aNewh4mrs5FU3764G38FDaF1mqlj7EVpVWLzQ3/v8LkIxftQ8 20 | Xd65cXj/z9M3ct3Ius0KglDKOBKPsb6SzTNK6fzBy/hCYOaNKDGyxl1YkFYhInSa 21 | nlJsudW7PgQEA3ui4vdsdVTNActr+3+1zd3teNkw8SdQN/OfXW3NLlFzGaGF9ZFu 22 | 1N8IDsdIxWiGhvTuVWPv2wClF77wZb8c35Z0gM8O/+AZnlX6eWllrURVIM/QUBQi 23 | I73jjKCv6PZm/IBuOdBAJTmg6as/p55gZLLleKmXhxzQOKBpT1k1ktnnRqq+uLN5 24 | YAt7ogMVvwPkoAp4a2Ga0+IqLktx6zGdGNfviNgszbh0zO4mrEjvfpZPR9QApW44 25 | o75i+ML02IubBI/gESvAF8DJAEvEdKFyJ1GCBpsXyX0t+neu3edKLsikiLeiExT7 26 | GmRLK9kYhEGWpwXUxp40XlNiT/Fg1Rsm0mOcuINTo93fWjwdA0yZqzmZbGQOajO8 27 | QOotM/w= 28 | -----END CERTIFICATE----- 29 | -------------------------------------------------------------------------------- /ingress-nginx/03-auth-cert/server.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIEZjCCAk4CAQAwITEfMB0GA1UEAwwWYXV0aC1jZXJ0LmVjaG8uZXhhbXBsZTCC 3 | AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ6QaCfT2pi55SwHSWWEVfcz 4 | x4NpAH0T95BlBrOVpAiv2Fh3kqSdQzIHICJbAaqVWCgOcKRKD+cxvxqUosF/8lYD 5 | M+G4SookJebGJncsZVPUvlbW5fxbgD/DBghKVzQNBVdRrKzvO8Q7kgNmu5jHaRDw 6 | FhET5qrpz9LbDtmU1bSrTVxXPIK50TD+WY9i0wj6V83P6uOvx6ZpKFwKh2CYgwBW 7 | oWWwGSd/KEguJZkq+qCEgVNwIR7p0W7esAo4iZmFyQ883FNQpmjuGSZLazg5zbQY 8 | Xjod99VwU8+c3BfrWqKPyWF891MVtn88Na3EYOPY8/Wzze/YLP4PiXC4jCmjwaEL 9 | hsAXsRiQOdbAd84nvVTsKUiJCOrlvQgz4+PhvBQdAxt5NV8l55k8UWTjXZ+XJ/Zo 10 | aiW43NbvO0XkBbGle08anZlXEnHWY5ub8Vb0uR1s0chUCkdWODL8w9AJGThSEDcG 11 | QUSKU4/Fq2V7HqYOTLCjmiY8h6hl/4dmtelthNA6AwJDtboSHDADa+k8BJiky1pW 12 | YvGjTwyp7jESxk5e61dk7ogMfZ+h+D8dmTfDbAoByeI4dI9vze+MjXfy0jPXvc9l 13 | RGsk6XIMUMC1t7VUGCdH9ZABQz7MGi+ftlZpuhpxGKug63oOVLSUM1pgsPOd92dV 14 | rBZv8o85isBS5aERb8+bAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEATuZz+RWG 15 | NqtDGXf3FHLcQkx3QG9D33u6jYSXjG8CGHbXKkyjdaR+IS1ODL1nhHVhMcrYDM7p 16 | cbtHoZvla6FnGYDG317jfwKuScTLLDDzGSoTJvhZgHjulA00zSmPAsQ+gqMyxzpW 17 | EInjPsna8+vdVTCmJ3aV9wogIhaVhudlm6KB5vH1y5Hv1NAWjF7corFqgO+sTs+8 18 | s74QbMyX3PC2f7aeCQNaB5UzpEVQWFGlPfAxNVvZ6LPz73CUkt6VdzID0zCS2v9K 19 | ZdhnMbT8CAU3nGfaBVYEBhw/2zFe0L1sFRUy8JOkT6jE7xHm8DDFFSEMbMgmEnRB 20 | DzIAL0ygRR4B1vShN3R3Ffke+I59+lKD8VLusUZwr/wFwrmTe+tfoX8oidePYjrr 21 | X26AfqXqRL3DaIgBYu2UERrYhC/yUKyVp4Q29tr6yYdi7xaWbq9y+Bh7i8htlBuE 22 | m/QHiQE2YB56ytP0BRNThWq5kxMhqGL61YEeRltLOL7ipArY+gVlEAAKYe15D1Jo 23 | ypajhLw94jktDGg89ykL3KbbwFk5g4fQVg3nlcf/XoQZYf4TATV4pZk4YwgeUXfM 24 | 2UrhCiz59+RBu+J9RYHQnWZMbEQoQcJovpytI88pMbcfp7I3X3CXjU0rYuf7NJtJ 25 | 9Omd364G0InkGB2UqbpDyaNcfcpgYQp9Yx4= 26 | -----END CERTIFICATE REQUEST----- 27 | -------------------------------------------------------------------------------- /ingress-nginx/03-auth-cert/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCekGgn09qYueUs 3 | B0llhFX3M8eDaQB9E/eQZQazlaQIr9hYd5KknUMyByAiWwGqlVgoDnCkSg/nMb8a 4 | lKLBf/JWAzPhuEqKJCXmxiZ3LGVT1L5W1uX8W4A/wwYISlc0DQVXUays7zvEO5ID 5 | ZruYx2kQ8BYRE+aq6c/S2w7ZlNW0q01cVzyCudEw/lmPYtMI+lfNz+rjr8emaShc 6 | CodgmIMAVqFlsBknfyhILiWZKvqghIFTcCEe6dFu3rAKOImZhckPPNxTUKZo7hkm 7 | S2s4Oc20GF46HffVcFPPnNwX61qij8lhfPdTFbZ/PDWtxGDj2PP1s83v2Cz+D4lw 8 | uIwpo8GhC4bAF7EYkDnWwHfOJ71U7ClIiQjq5b0IM+Pj4bwUHQMbeTVfJeeZPFFk 9 | 412flyf2aGoluNzW7ztF5AWxpXtPGp2ZVxJx1mObm/FW9LkdbNHIVApHVjgy/MPQ 10 | CRk4UhA3BkFEilOPxatlex6mDkywo5omPIeoZf+HZrXpbYTQOgMCQ7W6EhwwA2vp 11 | PASYpMtaVmLxo08Mqe4xEsZOXutXZO6IDH2fofg/HZk3w2wKAcniOHSPb83vjI13 12 | 8tIz173PZURrJOlyDFDAtbe1VBgnR/WQAUM+zBovn7ZWaboacRiroOt6DlS0lDNa 13 | YLDznfdnVawWb/KPOYrAUuWhEW/PmwIDAQABAoICAAan6ydY1kE49Gy/tY4EWxNw 14 | YfybKMEXWHoAM6LQMj2HHB7Cji5Ix6xO7kNi7JP7huLPkFzlGvvKc8oq2RYkR8ji 15 | g4gDE2XvFIQ2ZyDzhSFauc6tYKQSNzT1+8fXTwfJUCMVM5lixXB8S6nG4zMLk9Z5 16 | LYP0AOfFvsqMFXh+reXSlwG8S7b1E9npo1rIfDFRSORDyQlbtJbArUgHzRz56e3W 17 | tRmupa+pv8gf38YpLrIUPdWBzHIewILV6C/VpbkDC6iPFnSM2x9mdznLSqnmi0L3 18 | DuWDooacG3iIjhiW8YwHWx2zgDJFpA59OYecybBmx/7VWFysB192yX8o0AFjdVo7 19 | Vae8hplZi9tYEMwW8EM8GCd2AJXmNQpqQnxj44LBPDNcC1vjQ3jCkiXoojUFaxnr 20 | UkPdHe+NDtqDfC1fGr5kxXLsnYmSP5hpOE6DTx+TQo7tNQwgkWKSAVAGCyVe9CDR 21 | CgoTF4dj4zaPtK60fUQyIPDTHlxEtmo28oQlKQ7BcUGGJbk8k6wDtAHd5ddBOJj6 22 | FZC/0Lg9vFUonVClVQOpV3PzEdYrieWqByKTb4XRxx4jY38tqGrh+Cn450Yih0pF 23 | ZvVHA0NpfL9rVIH8rKMMDtzYpUV1WEXx6w405iFJS9XNv2KFuKrE36y9YH4OGDW4 24 | QEfYHjxir7wl3/ULL1FJAoIBAQDNctY9eM5GCr8aMWG1Ne6FJKEpx/rGJe/t0kGo 25 | +1SNhrxRj63dnU1qiqALlyLC8HS6bdoaMqH3cGO9c6RtoYoJg7jJM8smNwLpM52u 26 | FGZwcPXiax5VnIl+N3nfzuHYXu+fehbi7ETZmcbln+wkjZMr+OKYVrgj6jasTJoS 27 | fAKGdcw9ulfHJM7AbKd3hZpAI3/cNiT00i6OSRTScdJXExNVnWRMzI5moiH8sG5g 28 | XcLbw9r0MxkisXFF4bmso7b1ya/Dullg9axR+5DlbM3KWip0lDafnIGH+UNaoXW5 29 | 1CFtyXGWg9LoBEixjIq9uHq/maZSWq4ULU20XYSTYIQkQGclAoIBAQDFlFNcv2uv 30 | CeE35XGXEUth9Pfx6EOFlhs5PHj2aZZETMOiOsa4e8ziuKwz++87IGWhUAePPG4y 31 | 2JpHcsw89USxc/wX1JVmRXlyvn44cIVB+PP3WN72+brcFNk+3SSuOSnjBcuPPtxs 32 | teqef7YswBMxuztCvkGVTkXmW/6E5CWYAXFDYGh/7J+TNdQP5kXa8eiO+CUM5aUF 33 | iXt0HmTka/Kx4IN0tSO3GJWNJ0PMA9TwhYY+Dgq2fVC8MpagJRXjB97MgqeXDGSZ 34 | d/+yJh4Nc/Cp4p1EDFkUUn7RIeThAEpl8EyZCzjd/b25qkpH8G3VUKZy5LVHkddx 35 | QFNT76vBgf+/AoIBAHnnpRXuo77Ny50YJhjnOnOIS5TGE5gVlKsx8kH5d69OflmK 36 | /qicGP6Z6ONXt4miMjEY06xt1MtExfn5L1zZ2FVS8od4kxdG1xRWyz4q3qnjbRL/ 37 | ao10B+V7t3ZEhJ/lnRuszv2xIh1X8Lv5y53Y37XcxV+NPVAaPny4K0fCi6ELLriF 38 | 5GXHAmMNVcVG4kMijVC2U/Fs8bD9zjwcy6ldKUDI1mX3jpt5ot8UNTo7CE9shHQY 39 | CdcbINJNYOX+cqafGQrzfOtaevheZBiuGeHy5HQuKcdFj1qGXh/d5EPyii9hs2OT 40 | Lsb7G8M2WHDAkR01Z4pAQkC4rP3T68GjKGV2TX0CggEBAJ1f1LqWegZVH0AvkLec 41 | fefLgMb9kvLPqmV/pnXXimpinp0Upf6CFaMtJ3TMojP9TRYdMbhEkR4M624noUiY 42 | sBuMX+r3V/y7L85WryDzdyEiU+jbr9UW+2CbdqMc8D+ZpqR+lDJIBrjMedG/tfKV 43 | F3TQRpaWBpUPYJvpAKUHOG6ID5h0LShf6IcQJBZ5+4A2mV9vhcttC3GKnXvTTden 44 | qAtI4kxOj+EiQtTIxra1AqKGKHQ7KQtMa8dLoDB0+ab5ONy64RRuOZ8INvHGbL+Y 45 | bsRSjaOLFlUalIqtraoOWjQyIEDy8FvZ5YoCeuIsPr/fWoU/aKlWID3D19uOlscu 46 | be8CggEACCZ5qOQxAgBlxz7TJEQrsKm6/lghdA8fG9KstA7J8A0PSLeWHiHGcVx2 47 | iKszqTOx0bd3sJm6jCQ2S1GJAyzlsmseZaTjDEneqk+3h7tW7JzBcaBogyxW+TtW 48 | RYwYXkdKnQezdg/NGIF1FfpIBFT0X9jFI+GreosKmSN1mqaDw+TuPsr0cYpGXZF1 49 | Utnm5/cVNqyD3tOw8805Kkh3SJ/+cVQxtySP1E/KTZ7dHXLuNHXzOpnHlBi9IHB0 50 | vFluT3WCQwfQ+QpmsTeAtPkzwYwpcBad81MC4eXXThS2DyZ263iIOVzGzbPD+DdJ 51 | v52Age3MbsCTYMgKizSdDO7V/brLbQ== 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /ingress-nginx/04-auth-basic-ext/auth-basic-ext-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-auth-basic-ext 5 | annotations: 6 | nginx.ingress.kubernetes.io/auth-url: "https://httpbin.org/basic-auth/user1/passwd1" 7 | spec: 8 | rules: 9 | - host: auth-basic-ext.echo.example 10 | http: 11 | paths: 12 | - path: / 13 | backend: 14 | serviceName: echo 15 | servicePort: 80 16 | -------------------------------------------------------------------------------- /ingress-nginx/05-1-external-svc/external-github-oauth2-proxy.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: external-github-oauth-proxy 5 | spec: 6 | type: ClusterIP 7 | ports: 8 | - port: 4180 9 | targetPort: 4180 10 | --- 11 | kind: Endpoints 12 | apiVersion: v1 13 | metadata: 14 | name: external-github-oauth-proxy 15 | subsets: 16 | - addresses: 17 | - ip: 192.168.99.1 18 | ports: 19 | - port: 4180 20 | -------------------------------------------------------------------------------- /ingress-nginx/05-1-external-svc/github-oauth-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: github-oauth2-proxy 5 | spec: 6 | rules: 7 | - host: github-oauth2.example 8 | http: 9 | paths: 10 | - backend: 11 | serviceName: github-oauth2-proxy 12 | servicePort: 4180 13 | path: / 14 | # tls: 15 | # - hosts: 16 | # - __INGRESS_HOST__ 17 | # secretName: __INGRESS_SECRET__ 18 | -------------------------------------------------------------------------------- /ingress-nginx/05-1-external-svc/start-github-oauth2-proxy.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # github-oauth-proxy.sh 4 | # Copyright (C) 2019 lijiaocn 5 | # 6 | # Distributed under terms of the GPL license. 7 | # 8 | 9 | # OAUTH2_PROXY_COOKIE_SECRET 的生成方法: 10 | # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));' 11 | 12 | docker rm -f github_oauth2_proxy 13 | docker run -idt \ 14 | --name=github_oauth2_proxy \ 15 | -e OAUTH2_PROXY_CLIENT_ID=7815f43623266fe99da8 \ 16 | -e OAUTH2_PROXY_CLIENT_SECRET=9a55d911ab2f93f9bbfbd44a7274d3255cd8b7b4 \ 17 | -e OAUTH2_PROXY_COOKIE_SECRET=dWJQL0pvN3NFY21UVVp3dGhUZHlpQT09 \ 18 | -p 4180:4180 \ 19 | lijiaocn/oauth2_proxy:v4.0.0 \ 20 | --provider=github \ 21 | --email-domain=* \ 22 | --upstream=file:///dev/null \ 23 | --http-address=0.0.0.0:4180 24 | 25 | #-redirect-url="http://auth-oauth2-ext.echo.example:30933/oauth2/callback" 26 | 27 | # -redirect-url string 28 | # | the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback" 29 | -------------------------------------------------------------------------------- /ingress-nginx/05-2-auth-oauth-ext/01-create-cert.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # 01-create-cert.sh 4 | # Copyright (C) 2019 lijiaocn 5 | # 6 | # Distributed under terms of the GPL license. 7 | # 8 | 9 | echo "生成自签署的 ca 证书" 10 | openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=My Cert Authority' 11 | 12 | echo "生成用上述 ca 签署的 server 证书" 13 | openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=auth-oauth2-ext.echo.example' 14 | openssl x509 -req -sha256 -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt 15 | -------------------------------------------------------------------------------- /ingress-nginx/05-2-auth-oauth-ext/02-github-oauth2-proxy.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # github-oauth-proxy.sh 4 | # Copyright (C) 2019 lijiaocn 5 | # 6 | # Distributed under terms of the GPL license. 7 | # 8 | 9 | # OAUTH2_PROXY_COOKIE_SECRET 的生成方法: 10 | # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));' 11 | 12 | docker rm -f github_oauth2_proxy 13 | docker run -idt \ 14 | --name=github_oauth2_proxy \ 15 | -e OAUTH2_PROXY_CLIENT_ID=7815f43623266fe99da8 \ 16 | -e OAUTH2_PROXY_CLIENT_SECRET=9a55d911ab2f93f9bbfbd44a7274d3255cd8b7b4 \ 17 | -e OAUTH2_PROXY_COOKIE_SECRET=dWJQL0pvN3NFY21UVVp3dGhUZHlpQT09 \ 18 | -p 4180:4180 \ 19 | lijiaocn/oauth2_proxy:v4.0.0 \ 20 | --provider=github \ 21 | --email-domain=* \ 22 | --upstream=file:///dev/null \ 23 | --http-address=0.0.0.0:4180 24 | 25 | #-redirect-url="http://auth-oauth2-ext.echo.example:30933/oauth2/callback" 26 | 27 | # -redirect-url string 28 | # | the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback" 29 | -------------------------------------------------------------------------------- /ingress-nginx/05-2-auth-oauth-ext/auth-oauth2-ext-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-auth-oauth2-ext 5 | annotations: 6 | nginx.ingress.kubernetes.io/auth-url: "http://192.168.99.1:4180/oauth2/auth" 7 | nginx.ingress.kubernetes.io/auth-signin: "https://auth-oauth2-ext.echo.example:30358/oauth2/start?rd=$escaped_request_uri" 8 | spec: 9 | rules: 10 | - host: auth-oauth2-ext.echo.example 11 | http: 12 | paths: 13 | - path: / 14 | backend: 15 | serviceName: echo 16 | servicePort: 80 17 | tls: 18 | - hosts: 19 | - auth-oauth2-ext.echo.example 20 | secretName: secret/oauth2-tls-secret 21 | --- 22 | apiVersion: extensions/v1beta1 23 | kind: Ingress 24 | metadata: 25 | name: ingress-echo-with-auth-oauth2-ext-proxy 26 | spec: 27 | rules: 28 | - host: auth-oauth2-ext.echo.example 29 | http: 30 | paths: 31 | - path: /oauth2 32 | backend: 33 | serviceName: external-github-oauth-proxy 34 | servicePort: 4180 35 | tls: 36 | - hosts: 37 | - auth-oauth2-ext.echo.example 38 | secretName: secret/oauth2-tls-secret 39 | -------------------------------------------------------------------------------- /ingress-nginx/05-2-auth-oauth-ext/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFDjCCAvagAwIBAgIJAIBrp1bgjhPeMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNV 3 | BAMMEU15IENlcnQgQXV0aG9yaXR5MB4XDTE5MTAxNDEyNDAzOVoXDTI5MDcxMzEy 4 | NDAzOVowHDEaMBgGA1UEAwwRTXkgQ2VydCBBdXRob3JpdHkwggIiMA0GCSqGSIb3 5 | DQEBAQUAA4ICDwAwggIKAoICAQDvoRYA+Rjlsiuzo3fZ/edPX5zvV0EtH00r3fRN 6 | 9d9qoKFmqgIwkkEgciY2fHQAHZfvsQXHL3lCl+wumN5QII6Hh4hKfXK6AGkn/fRp 7 | 6O62Fp5iSC6IoSzcMTHFcxQ7bz3O84v8N4/U+7mxwVcTSKiVwO8jkibXmMPINd/d 8 | lCQttlncWtPCy6IMcUiMNwJhqc2ywoiIDW47cKPZFcZUGp6naZnB9VAhTuQW/0km 9 | Vw8q3lYgFVtlq9CZTDDbeLb3hJw+8kbGDFvM0DqkkWZZOTEy17nH/rqB98kcyOGt 10 | EsaGrEMTAMeQMJ6vEDORfvTjE9+sNIDB00DMB3vjjMunuKUWZS5YPr6NzFShnbmA 11 | DoUZZg9aIAoPQHtBlsKDDZi8E2ZK/9km/+ISNkeaQxhDj1xpHJJ5EbdlcmeTAdVu 12 | 1FnAmb8cIFj33+i1RIrNYpKJHBL0zxAtRd0HIBFqBWJ5CDffPI7c3x5foVHiQcRq 13 | UdG9AiMQP0oJfV0ef1UndRfScPcgRavApV0JWHWvtcGpbVu9gxEs9sf445Zp33d4 14 | VT8ri7tPFVeHRZg3gCiRZppFYS+kP4dG2Cx4INBqyHZotWS9lZvngb4M+pH+TT9K 15 | zvtsTYGmrWhLh6AeRKRSMuR23l6GvK5JvSdsj0P0rb1Ga6Lfmow56UMXD8usIAI6 16 | Z1/G4QIDAQABo1MwUTAdBgNVHQ4EFgQUcvAVQKiozNbJdJFJhkNepHrcOz0wHwYD 17 | VR0jBBgwFoAUcvAVQKiozNbJdJFJhkNepHrcOz0wDwYDVR0TAQH/BAUwAwEB/zAN 18 | BgkqhkiG9w0BAQsFAAOCAgEA1qo/0PoWgJlCQ/vv2+UWBqce59EZRWIRXpa7v2wW 19 | LMbl5h9rnjNgFnleHM8XyiDhEWYLKM6KM88OMXCrzG6f9TGnacKfmssEwzrgaedL 20 | t9KDRIsWbh2g0/n69cFUNSBJ1ggTySDfiIG1HM+tBMcXU6ttuWUawbQRK3Zq8rOV 21 | ZeJEw5GXfrh61V7fsu0om4DZbsJ3E3Ns6bnSKBMVn3gTFu1039W2YQp/pihIUHaq 22 | e5l7zcVerXOFac4F1WHjyzZs8bKDtDgJxxJcnrGTJqGN1/6KIR/wUZC2utoC1+QC 23 | /ON4+V1mqI72gUtJVl1yyrE2vZ+KaGrGv/2XMvBIfUa+ijcZlwtHiUM4D+N6QlJ/ 24 | rFL55btn6SI4otEwxgt4SL30oqqctxmfIdKimbqzlmCY6oyva/zdD5+a2E3agBMz 25 | kl6OnaNp5/tD+IIKMUyeo3e4CrTpSWmqxMJaq6A4/uznjoxQZCRqFb6d2ZlSC4OS 26 | 8b6YyJ4sEUCQZqUUSzkm9Jiv7BvmY98XeK7uLlJgYJZaluCO8p4yQpVAIL/8zK0c 27 | f5iLo5FEHjGUYlmxvjr3nBAGN2ZAuCy3EQrG82VNbrjljt7Au59Yfk9p0Xy3bz1j 28 | tR3VSL6x5+bXwG7PuYoGn39GRpQYounvljztM5EVydIg8XS99IGU1lMmrHKSMSn3 29 | snM= 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /ingress-nginx/05-2-auth-oauth-ext/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDvoRYA+Rjlsiuz 3 | o3fZ/edPX5zvV0EtH00r3fRN9d9qoKFmqgIwkkEgciY2fHQAHZfvsQXHL3lCl+wu 4 | mN5QII6Hh4hKfXK6AGkn/fRp6O62Fp5iSC6IoSzcMTHFcxQ7bz3O84v8N4/U+7mx 5 | wVcTSKiVwO8jkibXmMPINd/dlCQttlncWtPCy6IMcUiMNwJhqc2ywoiIDW47cKPZ 6 | FcZUGp6naZnB9VAhTuQW/0kmVw8q3lYgFVtlq9CZTDDbeLb3hJw+8kbGDFvM0Dqk 7 | kWZZOTEy17nH/rqB98kcyOGtEsaGrEMTAMeQMJ6vEDORfvTjE9+sNIDB00DMB3vj 8 | jMunuKUWZS5YPr6NzFShnbmADoUZZg9aIAoPQHtBlsKDDZi8E2ZK/9km/+ISNkea 9 | QxhDj1xpHJJ5EbdlcmeTAdVu1FnAmb8cIFj33+i1RIrNYpKJHBL0zxAtRd0HIBFq 10 | BWJ5CDffPI7c3x5foVHiQcRqUdG9AiMQP0oJfV0ef1UndRfScPcgRavApV0JWHWv 11 | tcGpbVu9gxEs9sf445Zp33d4VT8ri7tPFVeHRZg3gCiRZppFYS+kP4dG2Cx4INBq 12 | yHZotWS9lZvngb4M+pH+TT9KzvtsTYGmrWhLh6AeRKRSMuR23l6GvK5JvSdsj0P0 13 | rb1Ga6Lfmow56UMXD8usIAI6Z1/G4QIDAQABAoICAQDsJQrSGqh2c4atmMJbiOOS 14 | TN8S3iHUnawnNquyyEJLidCEo7VUuEyF9PfDahHGq2M3SnQvPpF5Fs4hfXRX8j2D 15 | QgUFo2qT8iOuzY03cd0MhG3A3PE+o9bZh4FM24NsrstyTn/9JaQQd6EfkzCESG4a 16 | Ze9EVpsAjAMkIjNi4MJmafVUOg3FQXeIW3rq8qreI8AaEasKqHGhEfflzpeL+k+v 17 | G1ny0hUNPfl40Er+BX1k+YZWR7WyFAeViof7QJLOiViQj6E/Op6cz/d6he8erkXV 18 | nNHwTQ7vVYhTXYNIU+BghxHygCop5j/6tTSchUg/Hy6lPXhFijGo3xcvv2hS+Jt1 19 | 9jTwqL5a1fTZrTXU0gcZ5m5cJqvY6mJpuK6FAngPnyUwL54ykPoJy6Inh8zIdSgN 20 | vIq0U5MSoAn1X866Gr6z1ldlW+E8lNUusnNQkLd9GcU634dAoahDtSSeWeXedT1G 21 | yxCUpHL9Bt/nMXJxk6FHgCv2aScGMJSY7s+2vdK2X3w1YDcjotKDtS3M4EjCJ5DB 22 | pZE5qRBYUXgyF+/nXG1OLx0tn6NtFlYt76R1lAfkvMdF2Gb1aqU+bDOnLeKGQl+f 23 | Nt+BQYXNDv1HLsjRCntWmH8pdy58GpKz3fG7jQOiDk5SDOXrpwZCiU6iZ421aoYD 24 | vDiZrzBmibAqEbW8IRR5oQKCAQEA+9oJ3AOF+2hfxo/IDYXSw2J4mSzFkqLQTbVK 25 | +GiSFC+rC0Y1SABz9q9Kqc99CcFl+IKkdY56WDjvTLhNYRfDrPx3v5EJolO4pAdG 26 | iaDQbWQWSQM+xwBc1OCEkE/3f4ZcTV4gTeK2Td+wRI6QYUynDGkleHL0aiOJLzz1 27 | NN1kRNn3QZ20r9qVZ5vGZ4AXgr+RbvGT6/9myFDQTBSXbEQFdeCm/QibSOhIHa1M 28 | e04SDltycO3dX9ZvMFwFn/ZxuSg5eDHMxrhawch5ZuUbSSky6g3ST9YnzHUZ/muV 29 | xY1z2bzf2VAK1Nss98ZMFxSR2kVaTEyWIx/uHQlTFFrLNrlkSwKCAQEA85OCjxDj 30 | haSf0pk8roixu2iZBC9TKuYoLhi9O1j/wvGwRG2EWf/kDYIZ12uHgVKS3fKnPSg6 31 | VbdzDm0pJmtwfXmQ7StnszCTsq0ORIGqJ2Vw0VK54k2QxuSWL8SPUNYOzwGt3YfC 32 | 2HwAY2hCXsxTwhZsMwPsfK74VOl26ghwEPWZCDDpxGWqW4UTxhma24k0VHwRsSlI 33 | X0HoR/BPkCQbyymIrq0NTtYpQ+co6qxoU0HGsJT7LJGdbzm/r5y1vLJYtYD3n3AP 34 | La3f7Mof+LEE1Ck05jZTAetQ8rSPZyjYQ7PSGNUYU+JsfukUWTQNzPe8iWdJTen+ 35 | o1RD6zb/OXaOAwKCAQBGgWzfLhFVJ4wgf2IG/x7Y2flfEFyjR3c/OfCqCERU6F9f 36 | AaGq7Y2JUtt5HIApuf29C33U9zUi+5VqifIHq2p5RBiWBZmH2x5GtU62+tE+vpVK 37 | jWEGvwA+DDiwWeK0zb2LXz118HEO7f9fwfWDd70QSWNXC/+GszoVgmA3E3+dktOY 38 | h/jsfinzXnW1xfNPBChHwdOibtasX4tgsScPBR/uNx0omz81sul1fW1624lMgadR 39 | HBYsXVC1Xh2pAYomxq8IChEE1Nl7hI8QEjWITsNVKNdmyFJN9752LlI4gvgazbhx 40 | EuplWpKFLvtgPr7yNxYnZA1n+elkMZcTjLN1N4NvAoIBACSkZTimfsPFDzH8UW+k 41 | KrCZvKMvh2BlvVep6xW5fshR2YWBwC5V23XYw5BvobPnuyZecaA2pAfvEAT0kQMx 42 | mHuXxSCYrgH75cw0Ungl1XYVwZIL0uDjcEsrahiHhlPPz+x+QSyZVsuAZAKQVaOz 43 | M0p4WxCVn4bmP39um6/7UviKKdpcmV4tOSKJc38SrQQnsNKg03yGTFfgL1RbJ2z0 44 | saWvettkNyNL/mszpCkhhJQ5ye0YjGyY/0kTM+30MjbP0Z6EZzv5/J6PkKcrhQHB 45 | h4tvI4EaXQRl5QiN9yC6uUX+EDYiIIXGAzJYV/JPbWAPSLKW8iUhdWgWrhz9agm3 46 | 9wcCggEBALkHr8m2IQwU8n1MPWhUjbjKS5pfjnshtNFdS7SATixA+l+98P7k/9MG 47 | /V9I3JtQyGM++HxrrSwRZiIljX9/+AYS06HbcCihOFSolGXqG1FUqUS8EUW+OnyH 48 | +Ks4j/6boID2g68BUt0PV4HzRUQxdAywEjay4EyFNRQcDYN0by38b8PVJO4/L6zd 49 | sU0QLGSCsH/tLEK+GcQRWHg0CXGxuEw6FWauuriS1/+aLrTOtBfF1DKkBY2lUVAK 50 | n2JusaXTxGVXJSNOkvAlvZGjCt/KXitGIMlvOf16VCKYmwmjWLxJim4wmZPbfgk4 51 | TM0rBeAUGq0kxERrkUOfcBlw6TJbBGg= 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /ingress-nginx/05-2-auth-oauth-ext/external-github-oauth2-proxy.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: external-github-oauth-proxy 5 | spec: 6 | type: ClusterIP 7 | ports: 8 | - port: 4180 9 | targetPort: 4180 10 | --- 11 | kind: Endpoints 12 | apiVersion: v1 13 | metadata: 14 | name: external-github-oauth-proxy 15 | subsets: 16 | - addresses: 17 | - ip: 192.168.99.1 18 | ports: 19 | - port: 4180 20 | -------------------------------------------------------------------------------- /ingress-nginx/05-2-auth-oauth-ext/github-oauth-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | k8s-app: github-oauth2-proxy 6 | name: github-oauth2-proxy 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | k8s-app: github-oauth2-proxy 12 | template: 13 | metadata: 14 | labels: 15 | k8s-app: github-oauth2-proxy 16 | spec: 17 | containers: 18 | - args: 19 | - --provider=github 20 | - --email-domain=* 21 | - --upstream=file:///dev/null 22 | - --http-address=0.0.0.0:4180 23 | # Register a new application 24 | # https://github.com/settings/applications/new 25 | env: 26 | - name: OAUTH2_PROXY_CLIENT_ID 27 | value: 353670d0777c3f178fa0 28 | - name: OAUTH2_PROXY_CLIENT_SECRET 29 | value: a46bf5db3d2610b3878f04efaebfc3fe2afbe6b2 30 | # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));' 31 | - name: OAUTH2_PROXY_COOKIE_SECRET 32 | value: dWJQL0pvN3NFY21UVVp3dGhUZHlpQT09 33 | image: lijiaocn/oauth2_proxy:v4.0.0 34 | imagePullPolicy: Always 35 | name: github-oauth2-proxy 36 | ports: 37 | - containerPort: 4180 38 | protocol: TCP 39 | --- 40 | apiVersion: v1 41 | kind: Service 42 | metadata: 43 | labels: 44 | k8s-app: github-oauth2-proxy 45 | name: github-oauth2-proxy 46 | spec: 47 | ports: 48 | - name: http 49 | port: 4180 50 | protocol: TCP 51 | targetPort: 4180 52 | selector: 53 | k8s-app: github-oauth2-proxy 54 | --- 55 | apiVersion: extensions/v1beta1 56 | kind: Ingress 57 | metadata: 58 | name: github-oauth2-proxy 59 | spec: 60 | rules: 61 | #- host: github-oauth2-proxy.example 62 | - host: auth-oauth2-ext.echo.example 63 | http: 64 | paths: 65 | - backend: 66 | serviceName: github-oauth2-proxy 67 | servicePort: 4180 68 | path: /oauth2 69 | # tls: 70 | # - hosts: 71 | # - __INGRESS_HOST__ 72 | # secretName: __INGRESS_SECRET__ 73 | -------------------------------------------------------------------------------- /ingress-nginx/05-2-auth-oauth-ext/server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEtzCCAp8CAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRTXkgQ2VydCBB 3 | dXRob3JpdHkwHhcNMTkxMDE0MTI0MDQxWhcNMjkxMDExMTI0MDQxWjAnMSUwIwYD 4 | VQQDDBxhdXRoLW9hdXRoMi1leHQuZWNoby5leGFtcGxlMIICIjANBgkqhkiG9w0B 5 | AQEFAAOCAg8AMIICCgKCAgEA1KlWGSImVwvQlRnGWQmAMd5M+zFok342lm8MJrjz 6 | EtRk8UjePpKLpEytgRoL4AG3f45BRLYqtziwzOfGFCSSZXrIMx/0nvQY+0x6L/JH 7 | xCQz7jlovr7yoxHh8HtRFVhbHbeoGeb4s3GPUdVN4E7lD1HRBv2HbkUkSoWIeFI+ 8 | pYMAr2qUtupl/hq4kbwwmE2RMHAe/82Jkss1rsFuX38QxMKmB/9EivUsK3C/oWyc 9 | kEPi69jM4xxDhRIIMOZ1fRjnYssUont4Sudq6nN8BtIX0Uw+uyUKUcKI45y9/CRF 10 | gRBC+XIXpneC88QVRgBsMmFONPEmuIzROm22Up4S3e7RnJs6KCanLyIg5iMQ9Mcb 11 | FFZvSTnqvEqMp4jfJzpfGifpsDz8AUzwj6MyOOofb4fgbQW2dNh5WvZkYqicJ3tD 12 | nUFw7ffaIP+/k32yYZPY32QQsgbhKPL1M/EJjL6N4i8fBS1M50b8F+G+WwtSWMaD 13 | 54vw8pADxItGOj3CDHTATQnPVJ2veU/xhacY3h170Eu4zhtSVKOEm+dUWRIJWomH 14 | 7c02cbKpTx+KS7UpCOukMhUxa0HD74J/rwpqH7hOKF66G4zBCceJrNN0hrHwufyS 15 | 2CzcItGyp8TrWHqkNoAdEYHBDV8yBBdpSJNF6J5YOLZ9GfoQ7jpC3suXK4DG6Ohn 16 | b8kCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAqQzhUFJk5LpEuNkO4aAhvGZ6q+RC 17 | CHToCK1J0CNuEuk/f9VvXZz+uniLP9EizIW3JWt2kX56qhajA3OZ1dit8xFdhQZ/ 18 | VLDWjbB7+c66qBv1ItEBKYX5iIMTcleOFTC/g2Ed73Ym1w51v/T42q4XmktG5wh3 19 | 6mFWmvHWAD5QFBtllCT/P3pQMdYntXk2w8iCFNMOd1m0ZVer7LUMd7XUiU+wCCle 20 | QxLqUAsDoJq+A4bGusXy+t9ray2lHj2kPAih0SyY6NBo7KxZMwz3szlreIvRcBZM 21 | FeV+CAPGoIMguz1i01Z60Wpo3AoNoYpgjMVAwRvNEFELKJICd93Uq3A85NjvON+/ 22 | 0vqwtX58ZhIK4qK45tSv3RRmq6bS4u75NbMIYXQwuPr5lwmqTbjEq9KPmsV+Uzo/ 23 | rSQ7M0YO8THRUA+rhJSdYbqW5tB7oOMn3wMm3/sanuQAu2XhQcr5ywwSC2/rJ6c2 24 | 84Aq+G/r4qD7oIJ9dUbm10wHkH5hw1AmdXtNsgTSRYW617R+V9YnbZ+umeDds46J 25 | h4jbO4YZXLXMWJtlARI3JpWktR6hrT9cxKM6hhWHeO5dWbyQx24V9PoQ67ItKTlq 26 | xpDqw7TgDTT3JgkwDXeSBdGp2TLfL7amwAazA4xQM+wqS86oByl+unB2ARSV7hYV 27 | EuUTb8y96WVw7rw= 28 | -----END CERTIFICATE----- 29 | -------------------------------------------------------------------------------- /ingress-nginx/05-2-auth-oauth-ext/server.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIEbDCCAlQCAQAwJzElMCMGA1UEAwwcYXV0aC1vYXV0aDItZXh0LmVjaG8uZXhh 3 | bXBsZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANSpVhkiJlcL0JUZ 4 | xlkJgDHeTPsxaJN+NpZvDCa48xLUZPFI3j6Si6RMrYEaC+ABt3+OQUS2Krc4sMzn 5 | xhQkkmV6yDMf9J70GPtMei/yR8QkM+45aL6+8qMR4fB7URVYWx23qBnm+LNxj1HV 6 | TeBO5Q9R0Qb9h25FJEqFiHhSPqWDAK9qlLbqZf4auJG8MJhNkTBwHv/NiZLLNa7B 7 | bl9/EMTCpgf/RIr1LCtwv6FsnJBD4uvYzOMcQ4USCDDmdX0Y52LLFKJ7eErnaupz 8 | fAbSF9FMPrslClHCiOOcvfwkRYEQQvlyF6Z3gvPEFUYAbDJhTjTxJriM0TpttlKe 9 | Et3u0ZybOigmpy8iIOYjEPTHGxRWb0k56rxKjKeI3yc6Xxon6bA8/AFM8I+jMjjq 10 | H2+H4G0FtnTYeVr2ZGKonCd7Q51BcO332iD/v5N9smGT2N9kELIG4Sjy9TPxCYy+ 11 | jeIvHwUtTOdG/BfhvlsLUljGg+eL8PKQA8SLRjo9wgx0wE0Jz1Sdr3lP8YWnGN4d 12 | e9BLuM4bUlSjhJvnVFkSCVqJh+3NNnGyqU8fiku1KQjrpDIVMWtBw++Cf68Kah+4 13 | TiheuhuMwQnHiazTdIax8Ln8ktgs3CLRsqfE61h6pDaAHRGBwQ1fMgQXaUiTReie 14 | WDi2fRn6EO46Qt7LlyuAxujoZ2/JAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEA 15 | qTHns+J+NT+UAdH8AYz6Put73f6aJTksYo4UbrvUO3VHAdeItoef4uFdVh8FL9O1 16 | IVHrtBmh35Fq6felP8oNPfTKs5uMaCgvk6cKrY+7NfgG/ytERuLT+1o8WiGAK1uc 17 | /Pb+3p1hfy1FJf9JIZrZrGORtzHOuefhJFy4Pr6ZBA/nkraPhFyTjUKvIWKm/tGQ 18 | YCW/cHendy0lW4F96/HJUBl5krkwdNk/zS8hYfQE6Z3h043FOwQhVlBQny89fff/ 19 | jXDXXEAXkGvmoIJAzpTBlRh/xwkgqyw3UUXYJuG2oYBPaoubZvK/Y4ZerWICosrJ 20 | 3ptMuW33ab+V3wMv0sG+cVPPxXPfOhOjCGSyIdwh37H4t1njlG025BTTIm1kXCX8 21 | hYnLy6YPF+CSXWMBdRVgo3PlSLnd8+GHN+2g4kkXN6XA4Woup4ERhIMybXrkf92A 22 | Eyng3/rkIxiVB0CwCI3eRQWfIZnkBmU4ZAgMwNLfeUAKd7+NfEwfRqHoHpPqteeJ 23 | LDewgAewJZMYpzxly1pU74q4tZEYxbQuPdzW3PRuRqZl34NHSC8BTEt6nQvaqjsB 24 | TDXviRTJ16Ypl+em2zv4QIZbXE8ys5N2b6ATZmEjKxg9PB7cNZUJi9rD293CtIc/ 25 | +6dUTxI+4hoecV7dKdMRzn1HxK5Ps8kUODWQS7w/OGw= 26 | -----END CERTIFICATE REQUEST----- 27 | -------------------------------------------------------------------------------- /ingress-nginx/05-2-auth-oauth-ext/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDUqVYZIiZXC9CV 3 | GcZZCYAx3kz7MWiTfjaWbwwmuPMS1GTxSN4+koukTK2BGgvgAbd/jkFEtiq3OLDM 4 | 58YUJJJlesgzH/Se9Bj7THov8kfEJDPuOWi+vvKjEeHwe1EVWFsdt6gZ5vizcY9R 5 | 1U3gTuUPUdEG/YduRSRKhYh4Uj6lgwCvapS26mX+GriRvDCYTZEwcB7/zYmSyzWu 6 | wW5ffxDEwqYH/0SK9SwrcL+hbJyQQ+Lr2MzjHEOFEggw5nV9GOdiyxSie3hK52rq 7 | c3wG0hfRTD67JQpRwojjnL38JEWBEEL5chemd4LzxBVGAGwyYU408Sa4jNE6bbZS 8 | nhLd7tGcmzooJqcvIiDmIxD0xxsUVm9JOeq8SoyniN8nOl8aJ+mwPPwBTPCPozI4 9 | 6h9vh+BtBbZ02Hla9mRiqJwne0OdQXDt99og/7+TfbJhk9jfZBCyBuEo8vUz8QmM 10 | vo3iLx8FLUznRvwX4b5bC1JYxoPni/DykAPEi0Y6PcIMdMBNCc9Una95T/GFpxje 11 | HXvQS7jOG1JUo4Sb51RZEglaiYftzTZxsqlPH4pLtSkI66QyFTFrQcPvgn+vCmof 12 | uE4oXrobjMEJx4ms03SGsfC5/JLYLNwi0bKnxOtYeqQ2gB0RgcENXzIEF2lIk0Xo 13 | nlg4tn0Z+hDuOkLey5crgMbo6GdvyQIDAQABAoICAB/L/fKeF4t2WcahZvXTJNbP 14 | /USlu5QqD/FoQzHa/4U2Oq2VDp3efYCgcmTWRyZEO3KYC4xBjJt+n3jTwtsqKLWB 15 | qUNzqLjHmKCia7aVjEN4gkdBUDcNB+x39Qdm+NWvM1h7KGhPD6qM9TfwI8fBJCCp 16 | RA6+g6xqLCX0V1ZePb2zm7uevQOogn1+80/fCokLOAU9DnWC/uny9mDdzSn8Lr6s 17 | t/SEJ3R7ehI4tn5lZfdwHxLShLgEdtgDvTPKkZCV06sC4F/3BCJ2/ZZ2k/nVGfiS 18 | ZOLIhAV7h8o4mnOD3NySWOFBPOYIAo1+KQwhbgwOXoot8HMxousQkm1B82I5nh99 19 | k1zRgfdAhvQbgoTHKhrQULkTrY/GWSt1R3v8EmBTbk1rNdOEz6ezc785MlEWPCdm 20 | Gkd2iA4khsTkRQ18SrHebesZcmIcjmcSGVMJG/jSmz8PPghaNe/H3IcUF7bkhrSd 21 | qdD59Rra+/yKz3jO0FiyDEnbJevi02p7iZb7wV8syzo0j7m4hoCVUw3r2B7XqTn/ 22 | 72dhmu4EEOxbyGlBGAx5NoIUszflIRt7NJRBMnwTYoUeh5JZBHHfCpefTG1HFikY 23 | YDVadeadlRd+E749vg8mMInrJA6EVIe8Xy7wfE4JWHsB0hH75FSwgR4rfH/xNl3m 24 | 3GRfFnXp6Z0z8PdCl1QNAoIBAQDrNw31zGEMbmh6dx7GheXkkqsp484EnES8/uo9 25 | v+jhGVeHVs7gilv+bkaetTHyAmMdfhlCQv3WZ7L+NFFEMrqNfATNGVo8dMnqLVoM 26 | f06q+MZ6aR2ofjbMfc4zHpSM713j6RqgmSIPIUi+oSllD7P/x4c9r/oYxK2Y9Aiz 27 | GZX0R9qACX2y7CGkokAImpr6UiDD4baO14G3CIp34I9E+tuly1eKFFOTSZ9540Kg 28 | TNpP8QyBhdQ7+ksFWAJG6AXhvOklhMptauph1qYCOGdpIussDtKYqzX8X2Buz93y 29 | NF+n/e08W7E3LOyCANuyXqfdsmyaWn0oZG3HE4e7/+3H+66/AoIBAQDndBVIX3mB 30 | P7uW0cnWFIq73DcegoRP5OVbpNlUwjCThuL59MFI+BIsrsR4/T07O6eQwv0s8NPF 31 | IE9XYabJ/SgqmKzjBuhjMMbLO/Q1/v3Hv3FtWfwUZ4XjCsrVWR+YROO0VbOGA/K2 32 | JC1EGLqYDSaNkq4Iolkfhlktss4IwSfV9M+GOqCc79WojNfziwDqrOJYXq/56nrn 33 | aJyonNCO18zPo3JF6aN4lJIZJs3nDb3EMN1gyh0+3y+FkW51tVS9UuHshIrwzZzq 34 | X+guDg6PP9UQ5zoGWNVIqb/1SR3235A8myvHr0WUSCcrHMzY4tNlILRKhHwA8bjG 35 | CQgTGJB+2Qt3AoIBAQDCfX1vlxVQICMH0GOEJ8dV3ujk9FavfT9hPy8U7BB1wGyd 36 | nevlwsIaebivFog74jluc4wTPC2EEa7xfvULfR7ASqH1rVbt0mv61JE28DVuLdJ/ 37 | +VbqsaJCKGxN3KVce7iY8XBxBu4gsJbj+YKu6/McNjHfkhksTcR1SqO+5BMYMCm9 38 | 4RsszQ9sgDSOaLho72vkTEiViCDb5ZYJVYdhtEPWrXKu2+vXR/Mz5/R5c9K4c0qx 39 | 9qTtCyLpQkJvuv7SD1CBE3IGU3eGeuQ9xcHML3FhtsfwMPGswniMaBjPYvsNf2ug 40 | kvjP9LeDL455yMbpC9W9M8F1msUi7UU48H/+8l8lAoIBAQCq4AjWZaZOxb64milo 41 | 48GI8AvBepo0Ycjy38GT0coLIIpx/0CznnHMizqCGHQcRu5u8YX4p9OwtSneWTnJ 42 | 5hzBVfZNpcvrbxdU8+5X7ultjuku0kBI0CUIee9Fk4a/5Bw4Bw2C42dNEWhZ3efk 43 | WdEctC3IMhOaMpWkJ131GKVQUGzlrGLneilDRrgoFXeXygtRMpa462PRdGo0EZHn 44 | 42pR4Vl8RAFsBEPYTc21x29SaMEHtC/jOuLauYPTYwwsugQRmcj5/tLaNfQ0DCyz 45 | lWy4Df3IsczE2I3fiRuWJ3dVRzoLMlssHhjMu3aAqPVos7xnR2hFSjAgBIrxjjEf 46 | dR4BAoIBAQCvX9VJmCKWbka0evQVJLBTHuDhxrtUcGwOI7d4I5K6RZcNJ2GU/JCs 47 | alcSjm5eDtPxaDW7f8DedguwITcfu2CfmXxkoH1x0Gw1nSdPWhAbJzxwmaO9BRSJ 48 | LrNoiNOVU4pu+/rQoGe4+q0bATh+ryR7Zr8B98G0XHLu5pgPw3RmW3CbWjQl25BK 49 | 7+ysWoYZeIjc0Xdx1vjuNuBWq7v9AURQEPFMdA7423pgYiSBl4BZcR7W64gDOppJ 50 | EmUurdmloE9kK+jQ1tWo2wWfY5izVIHB9yu1bvt2LMeYrsrFCk6UWbG29uc3GOa5 51 | kMsaX8MQVMPHwptqaAalX8MlwnWynEwF 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /ingress-nginx/06-rewrite/app-root-echo-example-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-rewrite 5 | annotations: 6 | nginx.ingress.kubernetes.io/app-root: /app1 7 | spec: 8 | rules: 9 | - host: app-root.echo.example 10 | http: 11 | paths: 12 | - path: / 13 | backend: 14 | serviceName: echo 15 | servicePort: 80 16 | - path: /abc 17 | backend: 18 | serviceName: echo 19 | servicePort: 80 20 | -------------------------------------------------------------------------------- /ingress-nginx/06-rewrite/rewrite-echo-example-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-rewrite 5 | annotations: 6 | nginx.ingress.kubernetes.io/rewrite-target: /$1 7 | spec: 8 | rules: 9 | - host: rewrite.echo.example 10 | http: 11 | paths: 12 | - path: /rewrite/(.*) 13 | backend: 14 | serviceName: echo 15 | servicePort: 80 16 | - path: /abc(.*) 17 | backend: 18 | serviceName: echo 19 | servicePort: 80 20 | -------------------------------------------------------------------------------- /ingress-nginx/07-mirror-2/http-record.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: http-record 5 | namespace: demo-echo 6 | spec: 7 | # type: ClusterIP 8 | type: NodePort 9 | ports: 10 | - name: echo 11 | port: 80 12 | targetPort: 8080 13 | protocol: TCP 14 | - name: ssh 15 | port: 22 16 | targetPort: 22 17 | protocol: TCP 18 | selector: 19 | app: http-record 20 | --- 21 | apiVersion: apps/v1beta1 #1.8 v1beta1 22 | kind: Deployment 23 | metadata: 24 | name: http-record 25 | namespace: demo-echo 26 | spec: 27 | replicas: 1 28 | selector: 29 | matchLabels: 30 | app: http-record 31 | template: 32 | metadata: 33 | labels: 34 | name: http-record 35 | app: http-record 36 | spec: 37 | containers: 38 | - name: http-record 39 | image: lijiaocn/http-record:0.0.1 40 | resources: 41 | limits: 42 | cpu: 1 43 | memory: 64Mi 44 | requests: 45 | cpu: 0.1 46 | memory: 32Mi 47 | imagePullPolicy: IfNotPresent 48 | securityContext: 49 | privileged: false 50 | runAsNonRoot: false 51 | stdin: false 52 | stdinOnce: false 53 | tty: false 54 | restartPolicy: Always 55 | dnsPolicy: Default 56 | serviceAccountName: default 57 | hostNetwork: false 58 | hostPID: false 59 | hostIPC: false 60 | -------------------------------------------------------------------------------- /ingress-nginx/07-mirror-2/mirror2-echo-example-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-mirror2 5 | annotations: 6 | nginx.ingress.kubernetes.io/configuration-snippet: | 7 | mirror /mirror334556; # 配置多次该项则可放大N倍流量 8 | mirror /mirror334556; # 配置多次该项则可放大N倍流量 9 | nginx.ingress.kubernetes.io/server-snippet: | 10 | location = /mirror334556 { 11 | internal; 12 | #access_log off; # 关闭mirror请求日志 13 | if ($mirror_echo_to_http_record) { 14 | #set $proxy_host $host; # 是否更改 host 15 | set $proxy_host $mirror_echo_to_http_record; # 是否更改 host 16 | proxy_pass http://$mirror_echo_to_http_record$request_uri; 17 | } 18 | } 19 | spec: 20 | rules: 21 | - host: mirror2.echo.example 22 | http: 23 | paths: 24 | - path: / 25 | backend: 26 | serviceName: echo 27 | servicePort: 80 28 | -------------------------------------------------------------------------------- /ingress-nginx/07-mirror-2/mirror3-echo-example-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-mirror3 5 | annotations: 6 | nginx.ingress.kubernetes.io/configuration-snippet: | 7 | mirror /mirror334556; # 配置多次该项则可放大N倍流量 8 | nginx.ingress.kubernetes.io/server-snippet: | 9 | location = /mirror334556 { 10 | internal; 11 | #access_log off; # 关闭mirror请求日志 12 | set $target 10.106.66.216; 13 | set $proxy_host $target; # 是否更改 host 14 | #set $proxy_host $host; # 是否更改 host 15 | proxy_pass http://$target$request_uri; 16 | } 17 | spec: 18 | rules: 19 | - host: mirror3.echo.example 20 | http: 21 | paths: 22 | - path: / 23 | backend: 24 | serviceName: echo 25 | servicePort: 80 26 | -------------------------------------------------------------------------------- /ingress-nginx/07-mirror/http-record.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: http-record 5 | namespace: demo-echo 6 | spec: 7 | # type: ClusterIP 8 | type: NodePort 9 | ports: 10 | - name: echo 11 | port: 80 12 | targetPort: 8080 13 | protocol: TCP 14 | - name: ssh 15 | port: 22 16 | targetPort: 22 17 | protocol: TCP 18 | selector: 19 | app: http-record 20 | --- 21 | apiVersion: apps/v1beta1 #1.8 v1beta1 22 | kind: Deployment 23 | metadata: 24 | name: http-record 25 | namespace: demo-echo 26 | spec: 27 | replicas: 1 28 | selector: 29 | matchLabels: 30 | app: http-record 31 | template: 32 | metadata: 33 | labels: 34 | name: http-record 35 | app: http-record 36 | spec: 37 | containers: 38 | - name: http-record 39 | image: lijiaocn/http-record:0.0.1 40 | resources: 41 | limits: 42 | cpu: 1 43 | memory: 64Mi 44 | requests: 45 | cpu: 0.1 46 | memory: 32Mi 47 | imagePullPolicy: IfNotPresent 48 | securityContext: 49 | privileged: false 50 | runAsNonRoot: false 51 | stdin: false 52 | stdinOnce: false 53 | tty: false 54 | restartPolicy: Always 55 | dnsPolicy: Default 56 | serviceAccountName: default 57 | hostNetwork: false 58 | hostPID: false 59 | hostIPC: false 60 | -------------------------------------------------------------------------------- /ingress-nginx/07-mirror/mirror-echo-example-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-mirror 5 | annotations: 6 | nginx.ingress.kubernetes.io/mirror-uri: "/echo" 7 | spec: 8 | rules: 9 | - host: mirror.echo.example 10 | http: 11 | paths: 12 | - path: / 13 | backend: 14 | serviceName: echo 15 | servicePort: 80 16 | --- 17 | apiVersion: extensions/v1beta1 18 | kind: Ingress 19 | metadata: 20 | annotations: 21 | # 使用原始的 uri 22 | nginx.ingress.kubernetes.io/rewrite-target: $request_uri 23 | name: ingress-echo-with-mirror-backend 24 | spec: 25 | rules: 26 | - host: mirror.echo.example 27 | http: 28 | paths: 29 | - path: /echo 30 | backend: 31 | serviceName: http-record 32 | servicePort: 80 33 | -------------------------------------------------------------------------------- /ingress-nginx/08-ratelimit/ratelimit-echo-example-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-ratelimit 5 | annotations: 6 | # 每个源 IP 可以建立最大连接数 7 | nginx.ingress.kubernetes.io/limit-connections: 2 8 | # 每个源 IP 每分钟最大请求次数 9 | nginx.ingress.kubernetes.io/limit-rpm: "5" 10 | # 每个源 IP 每秒最大请求次数 11 | nginx.ingress.kubernetes.io/limit-rps: "1" 12 | spec: 13 | rules: 14 | - host: ratelimit.echo.example 15 | http: 16 | paths: 17 | - path: / 18 | backend: 19 | serviceName: echo 20 | servicePort: 80 21 | -------------------------------------------------------------------------------- /ingress-nginx/09-canary/canary-master-echo-example-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-canary-master 5 | spec: 6 | rules: 7 | - host: canary.echo.example 8 | http: 9 | paths: 10 | - path: / 11 | backend: 12 | serviceName: echo 13 | servicePort: 80 14 | -------------------------------------------------------------------------------- /ingress-nginx/09-canary/canary-version-echo-example-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-echo-with-canary-version 5 | annotations: 6 | nginx.ingress.kubernetes.io/canary: "true" 7 | nginx.ingress.kubernetes.io/canary-by-header: "version" 8 | nginx.ingress.kubernetes.io/canary-by-header-value: "canary" 9 | nginx.ingress.kubernetes.io/canary-by-cookie: "canary-cookie" 10 | nginx.ingress.kubernetes.io/canary-weight: "50" 11 | spec: 12 | rules: 13 | - host: canary.echo.example 14 | http: 15 | paths: 16 | - path: / 17 | backend: 18 | serviceName: http-record 19 | servicePort: 80 20 | -------------------------------------------------------------------------------- /ingress-nginx/ingress-nginx-0.25.1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ingress-nginx 5 | labels: 6 | app.kubernetes.io/name: ingress-nginx 7 | app.kubernetes.io/part-of: ingress-nginx 8 | 9 | --- 10 | 11 | kind: ConfigMap 12 | apiVersion: v1 13 | metadata: 14 | name: nginx-configuration 15 | namespace: ingress-nginx 16 | labels: 17 | app.kubernetes.io/name: ingress-nginx 18 | app.kubernetes.io/part-of: ingress-nginx 19 | 20 | --- 21 | kind: ConfigMap 22 | apiVersion: v1 23 | metadata: 24 | name: tcp-services 25 | namespace: ingress-nginx 26 | labels: 27 | app.kubernetes.io/name: ingress-nginx 28 | app.kubernetes.io/part-of: ingress-nginx 29 | 30 | --- 31 | kind: ConfigMap 32 | apiVersion: v1 33 | metadata: 34 | name: udp-services 35 | namespace: ingress-nginx 36 | labels: 37 | app.kubernetes.io/name: ingress-nginx 38 | app.kubernetes.io/part-of: ingress-nginx 39 | 40 | --- 41 | apiVersion: v1 42 | kind: ServiceAccount 43 | metadata: 44 | name: nginx-ingress-serviceaccount 45 | namespace: ingress-nginx 46 | labels: 47 | app.kubernetes.io/name: ingress-nginx 48 | app.kubernetes.io/part-of: ingress-nginx 49 | 50 | --- 51 | apiVersion: rbac.authorization.k8s.io/v1beta1 52 | kind: ClusterRole 53 | metadata: 54 | name: nginx-ingress-clusterrole 55 | labels: 56 | app.kubernetes.io/name: ingress-nginx 57 | app.kubernetes.io/part-of: ingress-nginx 58 | rules: 59 | - apiGroups: 60 | - "" 61 | resources: 62 | - configmaps 63 | - endpoints 64 | - nodes 65 | - pods 66 | - secrets 67 | verbs: 68 | - list 69 | - watch 70 | - apiGroups: 71 | - "" 72 | resources: 73 | - nodes 74 | verbs: 75 | - get 76 | - apiGroups: 77 | - "" 78 | resources: 79 | - services 80 | verbs: 81 | - get 82 | - list 83 | - watch 84 | - apiGroups: 85 | - "" 86 | resources: 87 | - events 88 | verbs: 89 | - create 90 | - patch 91 | - apiGroups: 92 | - "extensions" 93 | - "networking.k8s.io" 94 | resources: 95 | - ingresses 96 | verbs: 97 | - get 98 | - list 99 | - watch 100 | - apiGroups: 101 | - "extensions" 102 | - "networking.k8s.io" 103 | resources: 104 | - ingresses/status 105 | verbs: 106 | - update 107 | 108 | --- 109 | apiVersion: rbac.authorization.k8s.io/v1beta1 110 | kind: Role 111 | metadata: 112 | name: nginx-ingress-role 113 | namespace: ingress-nginx 114 | labels: 115 | app.kubernetes.io/name: ingress-nginx 116 | app.kubernetes.io/part-of: ingress-nginx 117 | rules: 118 | - apiGroups: 119 | - "" 120 | resources: 121 | - configmaps 122 | - pods 123 | - secrets 124 | - namespaces 125 | verbs: 126 | - get 127 | - apiGroups: 128 | - "" 129 | resources: 130 | - configmaps 131 | resourceNames: 132 | # Defaults to "-" 133 | # Here: "-" 134 | # This has to be adapted if you change either parameter 135 | # when launching the nginx-ingress-controller. 136 | - "ingress-controller-leader-nginx" 137 | verbs: 138 | - get 139 | - update 140 | - apiGroups: 141 | - "" 142 | resources: 143 | - configmaps 144 | verbs: 145 | - create 146 | - apiGroups: 147 | - "" 148 | resources: 149 | - endpoints 150 | verbs: 151 | - get 152 | 153 | --- 154 | apiVersion: rbac.authorization.k8s.io/v1beta1 155 | kind: RoleBinding 156 | metadata: 157 | name: nginx-ingress-role-nisa-binding 158 | namespace: ingress-nginx 159 | labels: 160 | app.kubernetes.io/name: ingress-nginx 161 | app.kubernetes.io/part-of: ingress-nginx 162 | roleRef: 163 | apiGroup: rbac.authorization.k8s.io 164 | kind: Role 165 | name: nginx-ingress-role 166 | subjects: 167 | - kind: ServiceAccount 168 | name: nginx-ingress-serviceaccount 169 | namespace: ingress-nginx 170 | 171 | --- 172 | apiVersion: rbac.authorization.k8s.io/v1beta1 173 | kind: ClusterRoleBinding 174 | metadata: 175 | name: nginx-ingress-clusterrole-nisa-binding 176 | labels: 177 | app.kubernetes.io/name: ingress-nginx 178 | app.kubernetes.io/part-of: ingress-nginx 179 | roleRef: 180 | apiGroup: rbac.authorization.k8s.io 181 | kind: ClusterRole 182 | name: nginx-ingress-clusterrole 183 | subjects: 184 | - kind: ServiceAccount 185 | name: nginx-ingress-serviceaccount 186 | namespace: ingress-nginx 187 | 188 | --- 189 | 190 | apiVersion: apps/v1 191 | kind: Deployment 192 | metadata: 193 | name: nginx-ingress-controller 194 | namespace: ingress-nginx 195 | labels: 196 | app.kubernetes.io/name: ingress-nginx 197 | app.kubernetes.io/part-of: ingress-nginx 198 | spec: 199 | replicas: 1 200 | selector: 201 | matchLabels: 202 | app.kubernetes.io/name: ingress-nginx 203 | app.kubernetes.io/part-of: ingress-nginx 204 | template: 205 | metadata: 206 | labels: 207 | app.kubernetes.io/name: ingress-nginx 208 | app.kubernetes.io/part-of: ingress-nginx 209 | annotations: 210 | prometheus.io/port: "10254" 211 | prometheus.io/scrape: "true" 212 | spec: 213 | serviceAccountName: nginx-ingress-serviceaccount 214 | containers: 215 | - name: nginx-ingress-controller 216 | image: lijiaocn/nginx-ingress-controller:0.25.1 217 | args: 218 | - /nginx-ingress-controller 219 | - --configmap=$(POD_NAMESPACE)/nginx-configuration 220 | - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services 221 | - --udp-services-configmap=$(POD_NAMESPACE)/udp-services 222 | - --publish-service=$(POD_NAMESPACE)/ingress-nginx 223 | - --annotations-prefix=nginx.ingress.kubernetes.io 224 | securityContext: 225 | allowPrivilegeEscalation: true 226 | capabilities: 227 | drop: 228 | - ALL 229 | add: 230 | - NET_BIND_SERVICE 231 | # www-data -> 33 232 | runAsUser: 33 233 | env: 234 | - name: POD_NAME 235 | valueFrom: 236 | fieldRef: 237 | fieldPath: metadata.name 238 | - name: POD_NAMESPACE 239 | valueFrom: 240 | fieldRef: 241 | fieldPath: metadata.namespace 242 | ports: 243 | - name: http 244 | containerPort: 80 245 | - name: https 246 | containerPort: 443 247 | livenessProbe: 248 | failureThreshold: 3 249 | httpGet: 250 | path: /healthz 251 | port: 10254 252 | scheme: HTTP 253 | initialDelaySeconds: 10 254 | periodSeconds: 10 255 | successThreshold: 1 256 | timeoutSeconds: 10 257 | readinessProbe: 258 | failureThreshold: 3 259 | httpGet: 260 | path: /healthz 261 | port: 10254 262 | scheme: HTTP 263 | periodSeconds: 10 264 | successThreshold: 1 265 | timeoutSeconds: 10 266 | 267 | --- 268 | apiVersion: v1 269 | kind: Service 270 | metadata: 271 | name: ingress-nginx 272 | namespace: ingress-nginx 273 | labels: 274 | app.kubernetes.io/name: ingress-nginx 275 | app.kubernetes.io/part-of: ingress-nginx 276 | spec: 277 | type: NodePort 278 | ports: 279 | - name: http 280 | port: 80 281 | targetPort: 80 282 | protocol: TCP 283 | - name: https 284 | port: 443 285 | targetPort: 443 286 | protocol: TCP 287 | selector: 288 | app.kubernetes.io/name: ingress-nginx 289 | app.kubernetes.io/part-of: ingress-nginx 290 | 291 | --- 292 | -------------------------------------------------------------------------------- /kong-crd/0.14.3/01_echo_user1_auth_plugins.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongConsumer 3 | metadata: 4 | name: user1 5 | namespace: demo-echo 6 | username: echo-user1 7 | custom_id: echo-user1 8 | 9 | --- 10 | 11 | apiVersion: configuration.konghq.com/v1 12 | kind: KongCredential 13 | metadata: 14 | name: user1-basic-auth 15 | namespace: demo-echo 16 | consumerRef: user1 17 | type: basic-auth 18 | config: 19 | username: user1 20 | password: "123456" 21 | 22 | --- 23 | 24 | apiVersion: configuration.konghq.com/v1 25 | kind: KongPlugin 26 | metadata: 27 | name: user1-basic-auth 28 | namespace: demo-echo 29 | disabled: false # optional 30 | plugin: basic-auth 31 | config: 32 | hide_credentials: true 33 | 34 | --- 35 | 36 | apiVersion: configuration.konghq.com/v1 37 | kind: KongCredential 38 | metadata: 39 | name: user1-key-auth 40 | namespace: demo-echo 41 | consumerRef: user1 42 | type: key-auth 43 | config: 44 | key: "123456" 45 | 46 | --- 47 | 48 | apiVersion: configuration.konghq.com/v1 49 | kind: KongPlugin 50 | metadata: 51 | name: user1-key-auth 52 | namespace: demo-echo 53 | disabled: false # optional 54 | plugin: key-auth 55 | config: 56 | hide_credentials: true 57 | 58 | --- 59 | 60 | apiVersion: configuration.konghq.com/v1 61 | kind: KongCredential 62 | metadata: 63 | name: user1-jwt-auth 64 | namespace: demo-echo 65 | consumerRef: user1 66 | type: jwt 67 | config: #如果设置,会使用默认配置,或者自动生成 68 | algorithm: HS256 69 | key: "a36c3049b36249a3c9f8891cb127243c" 70 | secret: "e71829c351aa4242c2719cbfbe671c09" 71 | 72 | --- 73 | 74 | apiVersion: configuration.konghq.com/v1 75 | kind: KongPlugin 76 | metadata: 77 | name: user1-jwt-auth 78 | namespace: demo-echo 79 | disabled: false # optional 80 | plugin: jwt 81 | config: 82 | key_claim_name: "iss" 83 | -------------------------------------------------------------------------------- /kong-crd/0.14.3/02_echo_security_plugins.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongPlugin 3 | metadata: 4 | name: echo-bot-detection 5 | namespace: demo-echo 6 | disabled: false # optional 7 | plugin: bot-detection 8 | config: 9 | # whitelist: #黑白名单是一组用“,”间隔的正则表达式,匹配的是User-Agent 10 | blacklist: curl/7.54.0 11 | 12 | --- 13 | 14 | apiVersion: configuration.konghq.com/v1 15 | kind: KongPlugin 16 | metadata: 17 | name: echo-cors 18 | namespace: demo-echo 19 | disabled: false # optional 20 | plugin: cors 21 | config: 22 | origins: "*" #用“,”间隔的一组域名或者PCRE正则,被添加到响应头的Access-Control-Allow-Origin字段 23 | methods: GET,POST #用“,”间隔的HTTP方法,被添加到响应头的Access-Control-Allow-Methods字段 24 | # headers: #Access-Control-Allow-Headers 25 | # exposed_headers: #Access-Control-Expose-Headers 26 | # credentials: #Access-Control-Allow-Credentials 27 | # max_age: #how long the results of the preflight request can be cached, in seconds 28 | # preflight_continue # A boolean value that instructs the plugin to proxy the OPTIONS preflight request to the upstream service. 29 | 30 | 31 | --- 32 | 33 | apiVersion: configuration.konghq.com/v1 34 | kind: KongPlugin 35 | metadata: 36 | name: echo-ip-restriction 37 | namespace: demo-echo 38 | disabled: false # optional 39 | plugin: ip-restriction 40 | config: 41 | # whitelist: #用“,”间隔的一组IP或者CIDR,黑名单和白名单只能选一 42 | blacklist: 43 | 1.1.1.1 44 | # 192.168.33.1,192.168.33.12,172.16.129.1 45 | -------------------------------------------------------------------------------- /kong-crd/0.14.3/03_echo_http_rewrite_plugin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongPlugin 3 | metadata: 4 | name: echo-http-redirect 5 | namespace: demo-echo 6 | disabled: false # optional 7 | plugin: http-redirect 8 | config: # 参照:http://nginx.org/en/docs/http/ngx_http_redirect_module.html#redirect 9 | regex: "^/abc(.*)" # nginx的正则表达式,匹配URI 10 | replacement: "/redirect/$1" # 可以使用捕获 11 | flag: "permanent" # 当前只支持permanent(301)和redirect(302) 12 | -------------------------------------------------------------------------------- /kong-crd/1.0.3/01_echo_user1_auth_plugins.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongConsumer 3 | metadata: 4 | name: user1 5 | namespace: demo-echo 6 | username: echo-user1 7 | custom_id: echo-user1 8 | 9 | --- 10 | 11 | apiVersion: configuration.konghq.com/v1 12 | kind: KongCredential 13 | metadata: 14 | name: user1-basic-auth 15 | namespace: demo-echo 16 | consumerRef: user1 17 | type: basic-auth 18 | config: 19 | username: user1 20 | password: "123456" 21 | 22 | --- 23 | 24 | apiVersion: configuration.konghq.com/v1 25 | kind: KongPlugin 26 | metadata: 27 | name: user1-basic-auth 28 | namespace: demo-echo 29 | disabled: false # optional 30 | plugin: basic-auth 31 | config: 32 | hide_credentials: true 33 | 34 | --- 35 | 36 | apiVersion: configuration.konghq.com/v1 37 | kind: KongCredential 38 | metadata: 39 | name: user1-key-auth 40 | namespace: demo-echo 41 | consumerRef: user1 42 | type: key-auth 43 | config: 44 | key: "123456" 45 | 46 | --- 47 | 48 | apiVersion: configuration.konghq.com/v1 49 | kind: KongPlugin 50 | metadata: 51 | name: user1-key-auth 52 | namespace: demo-echo 53 | disabled: false # optional 54 | plugin: key-auth 55 | config: 56 | hide_credentials: true 57 | 58 | --- 59 | 60 | apiVersion: configuration.konghq.com/v1 61 | kind: KongCredential 62 | metadata: 63 | name: user1-jwt-auth 64 | namespace: demo-echo 65 | consumerRef: user1 66 | type: jwt 67 | config: #如果设置,会使用默认配置,或者自动生成 68 | algorithm: HS256 69 | key: "a36c3049b36249a3c9f8891cb127243c" 70 | secret: "e71829c351aa4242c2719cbfbe671c09" 71 | 72 | --- 73 | 74 | apiVersion: configuration.konghq.com/v1 75 | kind: KongPlugin 76 | metadata: 77 | name: user1-jwt-auth 78 | namespace: demo-echo 79 | disabled: false # optional 80 | plugin: jwt 81 | config: 82 | key_claim_name: "iss" 83 | -------------------------------------------------------------------------------- /kong-crd/1.0.3/02_echo_security_plugins.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongPlugin 3 | metadata: 4 | name: echo-bot-detection 5 | namespace: demo-echo 6 | disabled: false # optional 7 | plugin: bot-detection 8 | config: 9 | # whitelist: #黑白名单是一组用“,”间隔的正则表达式,匹配的是User-Agent 10 | blacklist: [curl/7.54.0] 11 | 12 | --- 13 | 14 | apiVersion: configuration.konghq.com/v1 15 | kind: KongPlugin 16 | metadata: 17 | name: echo-cors 18 | namespace: demo-echo 19 | disabled: false # optional 20 | plugin: cors 21 | config: 22 | origins: "*" #用“,”间隔的一组域名或者PCRE正则,被添加到响应头的Access-Control-Allow-Origin字段 23 | methods: GET,POST #用“,”间隔的HTTP方法,被添加到响应头的Access-Control-Allow-Methods字段 24 | # headers: #Access-Control-Allow-Headers 25 | # exposed_headers: #Access-Control-Expose-Headers 26 | # credentials: #Access-Control-Allow-Credentials 27 | # max_age: #how long the results of the preflight request can be cached, in seconds 28 | # preflight_continue # A boolean value that instructs the plugin to proxy the OPTIONS preflight request to the upstream service. 29 | 30 | 31 | --- 32 | 33 | apiVersion: configuration.konghq.com/v1 34 | kind: KongPlugin 35 | metadata: 36 | name: echo-ip-restriction 37 | namespace: demo-echo 38 | disabled: false # optional 39 | plugin: ip-restriction 40 | config: 41 | whitelist: [192.168.33.1,192.168.33.12,172.16.129.1] 42 | #用“,”间隔的一组IP或者CIDR,黑名单和白名单只能选一 43 | # blacklist: [1.1.1.1,10.255.3.1] 44 | # [192.168.33.1,192.168.33.12,172.16.129.1] 45 | -------------------------------------------------------------------------------- /kong-crd/1.0.3/03_echo_redirect_plugin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongPlugin 3 | metadata: 4 | name: echo-http-redirect 5 | namespace: demo-echo 6 | labels: 7 | global: "true" 8 | disabled: false # optional 9 | plugin: http-redirect 10 | config: # 参照:http://nginx.org/en/docs/http/ngx_http_redirect_module.html#redirect 11 | regex: "^/123(.*)" # nginx的正则表达式,匹配URI 12 | replace: "/redirect/$1" # 可以使用捕获 13 | flag: "permanent" # 当前只支持permanent(301)和redirect(302) 14 | -------------------------------------------------------------------------------- /kong-crd/1.0.3/04_log_plugins.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongPlugin 3 | metadata: 4 | name: echo-file-log 5 | namespace: demo-echo 6 | labels: 7 | global: "false" 8 | disabled: false # optional 9 | plugin: file-log 10 | config: 11 | path: /tmp/req.log 12 | reopen: true 13 | 14 | #apiVersion: configuration.konghq.com/v1 15 | #kind: KongPlugin 16 | #metadata: 17 | # name: echo-http-log 18 | # namespace: demo-echo 19 | #disabled: false # optional 20 | #plugin: http-log 21 | #config: 22 | # http_endpoint: 23 | # method: POST 24 | # timeout: 10000 25 | # keepalive: 60000 26 | -------------------------------------------------------------------------------- /kong-crd/1.0.3/05_http_transformer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongPlugin 3 | metadata: 4 | name: echo-correlation-id 5 | namespace: demo-echo 6 | labels: 7 | global: "false" 8 | disabled: false # optional 9 | plugin: correlation-id 10 | config: 11 | header_name: kong-correlation-id 12 | generator: uuid#counter 13 | echo_downstream: true 14 | -------------------------------------------------------------------------------- /kong-crd/1.0.3/06_monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongPlugin 3 | metadata: 4 | name: echo-prometheus 5 | namespace: demo-echo 6 | labels: 7 | global: "false" 8 | disabled: false # optional 9 | plugin: prometheus 10 | -------------------------------------------------------------------------------- /kong-crd/1.0.3/07_rate_limit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongPlugin 3 | metadata: 4 | name: echo-req-rate-limit 5 | namespace: demo-echo 6 | labels: 7 | global: "false" 8 | disabled: false # optional 9 | plugin: rate-limiting 10 | config: 11 | second: 1 12 | limit_by: ip 13 | policy: local #local,cluster,redis 14 | -------------------------------------------------------------------------------- /kong-crd/1.0.3/08_trace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongPlugin 3 | metadata: 4 | name: echo-http-zipkin-trace 5 | namespace: demo-echo 6 | labels: 7 | global: "false" 8 | enabled: true # optional 9 | plugin: zipkin 10 | config: 11 | http_endpoint: "http://10.10.173.203:9411/api/v2/spans" 12 | sample_ratio: 1 13 | -------------------------------------------------------------------------------- /kong-crd/1.0.3/kongingress-demo-echo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: configuration.konghq.com/v1 2 | kind: KongIngress 3 | metadata: 4 | name: ingress-echo 5 | namespace: demo-echo 6 | upstream: 7 | hash_on: cookie 8 | hash_on_cookie: route 9 | hash_fallback: none 10 | healthchecks: 11 | active: 12 | concurrency: 10 13 | healthy: 14 | http_statuses: 15 | - 200 16 | - 302 17 | interval: 0 18 | successes: 0 19 | http_path: "/" 20 | timeout: 1 21 | unhealthy: 22 | http_failures: 0 23 | http_statuses: 24 | - 429 25 | interval: 0 26 | tcp_failures: 0 27 | timeouts: 0 28 | passive: 29 | healthy: 30 | http_statuses: 31 | - 200 32 | successes: 0 33 | unhealthy: 34 | http_failures: 0 35 | http_statuses: 36 | - 429 37 | - 503 38 | tcp_failures: 0 39 | timeouts: 0 40 | slots: 10 41 | proxy: 42 | protocol: http 43 | path: / 44 | connect_timeout: 10000 45 | retries: 10 46 | read_timeout: 10000 47 | write_timeout: 10000 48 | route: 49 | methods: 50 | - POST 51 | - GET 52 | regex_priority: 0 53 | strip_path: false 54 | preserve_host: true 55 | protocols: 56 | - http 57 | - https 58 | -------------------------------------------------------------------------------- /kong-deploy/kong-dashboard.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: kong-dashboard 6 | namespace: kong 7 | spec: 8 | type: NodePort 9 | ports: 10 | - name: kong-dashboard 11 | port: 80 12 | targetPort: 8080 13 | protocol: TCP 14 | selector: 15 | app: dashboard 16 | --- 17 | 18 | apiVersion: extensions/v1beta1 19 | kind: Deployment 20 | metadata: 21 | name: dashboard 22 | namespace: kong 23 | spec: 24 | template: 25 | metadata: 26 | labels: 27 | name: dashboard 28 | app: dashboard 29 | spec: 30 | containers: 31 | - name: kong-dashboard 32 | args: 33 | - start 34 | - --kong-url http://kong-ingress-controller:8001 35 | - --basic-auth admin=admin 36 | image: pgbi/kong-dashboard:latest 37 | ports: 38 | - name: http 39 | containerPort: 8080 40 | protocol: TCP 41 | -------------------------------------------------------------------------------- /kong-deploy/kong-ingress-controller-0.3.0-with-kong-1.0.3.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kong 6 | 7 | --- 8 | 9 | apiVersion: apiextensions.k8s.io/v1beta1 10 | kind: CustomResourceDefinition 11 | metadata: 12 | name: kongplugins.configuration.konghq.com 13 | spec: 14 | group: configuration.konghq.com 15 | version: v1 16 | scope: Namespaced 17 | names: 18 | kind: KongPlugin 19 | plural: kongplugins 20 | shortNames: 21 | - kp 22 | additionalPrinterColumns: 23 | - name: Plugin-Type 24 | type: string 25 | description: Name of the plugin 26 | JSONPath: .plugin 27 | - name: Age 28 | type: date 29 | description: Age 30 | JSONPath: .metadata.creationTimestamp 31 | - name: Disabled 32 | type: boolean 33 | description: Indicates if the plugin is disabled 34 | JSONPath: .disabled 35 | priority: 1 36 | - name: Config 37 | type: string 38 | description: Configuration of the plugin 39 | JSONPath: .config 40 | priority: 1 41 | validation: 42 | openAPIV3Schema: 43 | required: 44 | - plugin 45 | properties: 46 | plugin: 47 | type: string 48 | disabled: 49 | type: boolean 50 | config: 51 | type: object 52 | 53 | --- 54 | 55 | apiVersion: apiextensions.k8s.io/v1beta1 56 | kind: CustomResourceDefinition 57 | metadata: 58 | name: kongconsumers.configuration.konghq.com 59 | spec: 60 | group: configuration.konghq.com 61 | version: v1 62 | scope: Namespaced 63 | names: 64 | kind: KongConsumer 65 | plural: kongconsumers 66 | shortNames: 67 | - kc 68 | additionalPrinterColumns: 69 | - name: Username 70 | type: string 71 | description: Username of a Kong Consumer 72 | JSONPath: .username 73 | - name: Age 74 | type: date 75 | description: Age 76 | JSONPath: .metadata.creationTimestamp 77 | validation: 78 | openAPIV3Schema: 79 | properties: 80 | username: 81 | type: string 82 | custom_id: 83 | type: string 84 | 85 | --- 86 | 87 | apiVersion: apiextensions.k8s.io/v1beta1 88 | kind: CustomResourceDefinition 89 | metadata: 90 | name: kongcredentials.configuration.konghq.com 91 | spec: 92 | group: configuration.konghq.com 93 | version: v1 94 | scope: Namespaced 95 | names: 96 | kind: KongCredential 97 | plural: kongcredentials 98 | additionalPrinterColumns: 99 | - name: Credential-type 100 | type: string 101 | description: Type of credential 102 | JSONPath: .type 103 | - name: Age 104 | type: date 105 | description: Age 106 | JSONPath: .metadata.creationTimestamp 107 | - name: Consumer-Ref 108 | type: string 109 | description: Owner of the credential 110 | JSONPath: .consumerRef 111 | validation: 112 | openAPIV3Schema: 113 | required: 114 | - consumerRef 115 | - type 116 | properties: 117 | consumerRef: 118 | type: string 119 | type: 120 | type: string 121 | 122 | --- 123 | 124 | apiVersion: apiextensions.k8s.io/v1beta1 125 | kind: CustomResourceDefinition 126 | metadata: 127 | name: kongingresses.configuration.konghq.com 128 | spec: 129 | group: configuration.konghq.com 130 | version: v1 131 | scope: Namespaced 132 | names: 133 | kind: KongIngress 134 | plural: kongingresses 135 | shortNames: 136 | - ki 137 | validation: 138 | openAPIV3Schema: 139 | properties: 140 | upstream: 141 | type: object 142 | route: 143 | properties: 144 | methods: 145 | type: array 146 | items: 147 | type: string 148 | regex_priority: 149 | type: integer 150 | strip_path: 151 | type: boolean 152 | preserve_host: 153 | type: boolean 154 | protocols: 155 | type: array 156 | items: 157 | type: string 158 | enum: 159 | - http 160 | - https 161 | proxy: 162 | type: object 163 | properties: 164 | protocol: 165 | type: string 166 | enum: 167 | - http 168 | - https 169 | path: 170 | type: string 171 | pattern: ^/.*$ 172 | retries: 173 | type: integer 174 | minimum: 0 175 | connect_timeout: 176 | type: integer 177 | minimum: 0 178 | read_timeout: 179 | type: integer 180 | minimum: 0 181 | write_timeout: 182 | type: integer 183 | minimum: 0 184 | upstream: 185 | type: object 186 | properties: 187 | hash_on: 188 | type: string 189 | hash_on_cookie: 190 | type: string 191 | hash_on_cookie_path: 192 | type: string 193 | hash_on_header: 194 | type: string 195 | hash_fallback_header: 196 | type: string 197 | hash_fallback: 198 | type: string 199 | slots: 200 | type: integer 201 | minimum: 10 202 | healthchecks: 203 | type: object 204 | properties: 205 | active: 206 | type: object 207 | properties: 208 | concurrency: 209 | type: integer 210 | minimum: 1 211 | timeout: 212 | type: integer 213 | minimum: 0 214 | http_path: 215 | type: string 216 | pattern: ^/.*$ 217 | healthy: &healthy 218 | type: object 219 | properties: 220 | http_statuses: 221 | type: array 222 | items: 223 | type: integer 224 | interval: 225 | type: integer 226 | minimum: 0 227 | successes: 228 | type: integer 229 | minimum: 0 230 | unhealthy: &unhealthy 231 | type: object 232 | properties: 233 | http_failures: 234 | type: integer 235 | minimum: 0 236 | http_statuses: 237 | type: array 238 | items: 239 | type: integer 240 | interval: 241 | type: integer 242 | minimum: 0 243 | tcp_failures: 244 | type: integer 245 | minimum: 0 246 | timeout: 247 | type: integer 248 | minimum: 0 249 | passive: 250 | type: object 251 | properties: 252 | healthy: *healthy 253 | unhealthy: *unhealthy 254 | 255 | --- 256 | 257 | apiVersion: v1 258 | kind: ServiceAccount 259 | metadata: 260 | name: kong-serviceaccount 261 | namespace: kong 262 | 263 | --- 264 | 265 | apiVersion: rbac.authorization.k8s.io/v1beta1 266 | kind: ClusterRole 267 | metadata: 268 | name: kong-ingress-clusterrole 269 | rules: 270 | - apiGroups: 271 | - "" 272 | resources: 273 | - endpoints 274 | - nodes 275 | - pods 276 | - secrets 277 | verbs: 278 | - list 279 | - watch 280 | - apiGroups: 281 | - "" 282 | resources: 283 | - nodes 284 | verbs: 285 | - get 286 | - apiGroups: 287 | - "" 288 | resources: 289 | - services 290 | verbs: 291 | - get 292 | - list 293 | - watch 294 | - apiGroups: 295 | - "extensions" 296 | resources: 297 | - ingresses 298 | verbs: 299 | - get 300 | - list 301 | - watch 302 | - apiGroups: 303 | - "" 304 | resources: 305 | - events 306 | verbs: 307 | - create 308 | - patch 309 | - apiGroups: 310 | - "extensions" 311 | resources: 312 | - ingresses/status 313 | verbs: 314 | - update 315 | - apiGroups: 316 | - "configuration.konghq.com" 317 | resources: 318 | - kongplugins 319 | - kongcredentials 320 | - kongconsumers 321 | - kongingresses 322 | verbs: 323 | - get 324 | - list 325 | - watch 326 | 327 | --- 328 | 329 | apiVersion: rbac.authorization.k8s.io/v1beta1 330 | kind: Role 331 | metadata: 332 | name: kong-ingress-role 333 | namespace: kong 334 | rules: 335 | - apiGroups: 336 | - "" 337 | resources: 338 | - configmaps 339 | - pods 340 | - secrets 341 | - namespaces 342 | verbs: 343 | - get 344 | - apiGroups: 345 | - "" 346 | resources: 347 | - configmaps 348 | resourceNames: 349 | # Defaults to "-" 350 | # Here: "-" 351 | # This has to be adapted if you change either parameter 352 | # when launching the kong-ingress-controller. 353 | - "ingress-controller-leader-kong" 354 | verbs: 355 | - get 356 | - update 357 | - apiGroups: 358 | - "" 359 | resources: 360 | - configmaps 361 | verbs: 362 | - create 363 | - apiGroups: 364 | - "" 365 | resources: 366 | - endpoints 367 | verbs: 368 | - get 369 | 370 | --- 371 | 372 | apiVersion: rbac.authorization.k8s.io/v1beta1 373 | kind: RoleBinding 374 | metadata: 375 | name: kong-ingress-role-nisa-binding 376 | namespace: kong 377 | roleRef: 378 | apiGroup: rbac.authorization.k8s.io 379 | kind: Role 380 | name: kong-ingress-role 381 | subjects: 382 | - kind: ServiceAccount 383 | name: kong-serviceaccount 384 | namespace: kong 385 | 386 | --- 387 | 388 | apiVersion: rbac.authorization.k8s.io/v1beta1 389 | kind: ClusterRoleBinding 390 | metadata: 391 | name: kong-ingress-clusterrole-nisa-binding 392 | roleRef: 393 | apiGroup: rbac.authorization.k8s.io 394 | kind: ClusterRole 395 | name: kong-ingress-clusterrole 396 | subjects: 397 | - kind: ServiceAccount 398 | name: kong-serviceaccount 399 | namespace: kong 400 | 401 | --- 402 | 403 | apiVersion: v1 404 | kind: Service 405 | metadata: 406 | name: kong-ingress-controller 407 | namespace: kong 408 | spec: 409 | type: NodePort 410 | ports: 411 | - name: kong-admin 412 | port: 8001 413 | targetPort: 8001 414 | protocol: TCP 415 | selector: 416 | app: ingress-kong 417 | 418 | --- 419 | 420 | apiVersion: extensions/v1beta1 421 | kind: Deployment 422 | metadata: 423 | labels: 424 | app: ingress-kong 425 | name: kong-ingress-controller 426 | namespace: kong 427 | spec: 428 | selector: 429 | matchLabels: 430 | app: ingress-kong 431 | strategy: 432 | rollingUpdate: 433 | maxSurge: 1 434 | maxUnavailable: 0 435 | type: RollingUpdate 436 | template: 437 | metadata: 438 | annotations: 439 | # the returned metrics are related to the kong ingress controller not kong itself 440 | prometheus.io/port: "10254" 441 | prometheus.io/scrape: "true" 442 | labels: 443 | app: ingress-kong 444 | spec: 445 | serviceAccountName: kong-serviceaccount 446 | initContainers: 447 | - name: wait-for-migrations 448 | image: lijiaocn/kong:1.0.3 449 | command: [ "kong", "migrations", "list" ] 450 | env: 451 | - name: KONG_ADMIN_LISTEN 452 | value: 'off' 453 | - name: KONG_PROXY_LISTEN 454 | value: 'off' 455 | - name: KONG_PROXY_ACCESS_LOG 456 | value: "/dev/stdout" 457 | - name: KONG_ADMIN_ACCESS_LOG 458 | value: "/dev/stdout" 459 | - name: KONG_PROXY_ERROR_LOG 460 | value: "/dev/stderr" 461 | - name: KONG_ADMIN_ERROR_LOG 462 | value: "/dev/stderr" 463 | - name: KONG_PG_HOST 464 | value: 10.10.64.58 465 | - name: KONG_PG_PORT 466 | value: '5432' 467 | - name: KONG_PG_DATABASE 468 | value: kong 469 | - name: KONG_PG_USER 470 | value: kong 471 | - name: KONG_PG_PASSWORD 472 | value: kong-dev 473 | containers: 474 | - name: admin-api 475 | image: lijiaocn/kong:1.0.3 476 | env: 477 | - name: KONG_PG_HOST 478 | value: 10.10.64.58 479 | - name: KONG_PG_PORT 480 | value: '5432' 481 | - name: KONG_PG_DATABASE 482 | value: kong 483 | - name: KONG_PG_USER 484 | value: kong 485 | - name: KONG_PG_PASSWORD 486 | value: kong-dev 487 | - name: KONG_ADMIN_ACCESS_LOG 488 | value: /dev/stdout 489 | - name: KONG_ADMIN_ERROR_LOG 490 | value: /dev/stderr 491 | - name: KONG_ADMIN_LISTEN 492 | value: 0.0.0.0:8001, 0.0.0.0:8444 ssl 493 | - name: KONG_PROXY_LISTEN 494 | value: 'off' 495 | ports: 496 | - name: kong-admin 497 | containerPort: 8001 498 | livenessProbe: 499 | failureThreshold: 3 500 | httpGet: 501 | path: /status 502 | port: 8001 503 | scheme: HTTP 504 | initialDelaySeconds: 30 505 | periodSeconds: 10 506 | successThreshold: 1 507 | timeoutSeconds: 1 508 | readinessProbe: 509 | failureThreshold: 3 510 | httpGet: 511 | path: /status 512 | port: 8001 513 | scheme: HTTP 514 | periodSeconds: 10 515 | successThreshold: 1 516 | timeoutSeconds: 1 517 | - name: ingress-controller 518 | args: 519 | - /kong-ingress-controller 520 | # the kong URL points to the kong admin api server 521 | - --kong-url=https://localhost:8444 522 | - --admin-tls-skip-verify 523 | # the default service is the kong proxy service 524 | - --default-backend-service=kong/kong-proxy 525 | # Service from were we extract the IP address/es to use in Ingress status 526 | - --publish-service=kong/kong-proxy 527 | env: 528 | - name: POD_NAME 529 | valueFrom: 530 | fieldRef: 531 | apiVersion: v1 532 | fieldPath: metadata.name 533 | - name: POD_NAMESPACE 534 | valueFrom: 535 | fieldRef: 536 | apiVersion: v1 537 | fieldPath: metadata.namespace 538 | image: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller:0.3.0 539 | imagePullPolicy: IfNotPresent 540 | livenessProbe: 541 | failureThreshold: 3 542 | httpGet: 543 | path: /healthz 544 | port: 10254 545 | scheme: HTTP 546 | initialDelaySeconds: 30 547 | periodSeconds: 10 548 | successThreshold: 1 549 | timeoutSeconds: 1 550 | readinessProbe: 551 | failureThreshold: 3 552 | httpGet: 553 | path: /healthz 554 | port: 10254 555 | scheme: HTTP 556 | periodSeconds: 10 557 | successThreshold: 1 558 | timeoutSeconds: 1 559 | 560 | --- 561 | 562 | apiVersion: v1 563 | kind: Service 564 | metadata: 565 | name: kong-proxy 566 | namespace: kong 567 | spec: 568 | # type: LoadBalancer 569 | type: NodePort 570 | ports: 571 | - name: kong-proxy 572 | port: 80 573 | targetPort: 8000 574 | protocol: TCP 575 | - name: kong-proxy-ssl 576 | port: 443 577 | targetPort: 8443 578 | protocol: TCP 579 | selector: 580 | app: kong 581 | 582 | 583 | --- 584 | 585 | apiVersion: extensions/v1beta1 586 | kind: Deployment 587 | metadata: 588 | name: kong 589 | namespace: kong 590 | spec: 591 | template: 592 | metadata: 593 | labels: 594 | name: kong 595 | app: kong 596 | spec: 597 | initContainers: 598 | # hack to verify that the DB is up to date or not 599 | # TODO remove this for Kong >= 0.15.0 600 | - name: wait-for-migrations 601 | image: lijiaocn/kong:1.0.3 602 | command: [ "kong", "migrations", "list" ] 603 | env: 604 | - name: KONG_ADMIN_LISTEN 605 | value: 'off' 606 | - name: KONG_PROXY_LISTEN 607 | value: 'off' 608 | - name: KONG_PROXY_ACCESS_LOG 609 | value: "/dev/stdout" 610 | - name: KONG_ADMIN_ACCESS_LOG 611 | value: "/dev/stdout" 612 | - name: KONG_PROXY_ERROR_LOG 613 | value: "/dev/stderr" 614 | - name: KONG_ADMIN_ERROR_LOG 615 | value: "/dev/stderr" 616 | - name: KONG_PG_HOST 617 | value: 10.10.64.58 618 | - name: KONG_PG_PORT 619 | value: '5432' 620 | - name: KONG_PG_DATABASE 621 | value: kong 622 | - name: KONG_PG_USER 623 | value: kong 624 | - name: KONG_PG_PASSWORD 625 | value: kong-dev 626 | containers: 627 | - name: kong-proxy 628 | image: lijiaocn/kong:1.0.3 629 | env: 630 | - name: KONG_PG_HOST 631 | value: 10.10.64.58 632 | - name: KONG_PG_PORT 633 | value: '5432' 634 | - name: KONG_PG_DATABASE 635 | value: kong 636 | - name: KONG_PG_USER 637 | value: kong 638 | - name: KONG_PG_PASSWORD 639 | value: kong-dev 640 | - name: KONG_PROXY_ACCESS_LOG 641 | value: "/dev/stdout" 642 | - name: KONG_PROXY_ERROR_LOG 643 | value: "/dev/stderr" 644 | - name: KONG_ADMIN_LISTEN 645 | value: 'off' 646 | ports: 647 | - name: proxy 648 | containerPort: 8000 649 | protocol: TCP 650 | - name: proxy-ssl 651 | containerPort: 8443 652 | protocol: TCP 653 | 654 | --- 655 | apiVersion: batch/v1 656 | kind: Job 657 | metadata: 658 | name: kong-migrations 659 | namespace: kong 660 | spec: 661 | template: 662 | metadata: 663 | name: kong-migrations 664 | spec: 665 | initContainers: 666 | - name: wait-for-postgres 667 | image: busybox 668 | env: 669 | - name: KONG_PG_HOST 670 | value: 10.10.64.58 671 | - name: KONG_PG_PORT 672 | value: "5432" 673 | command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] 674 | containers: 675 | - name: kong-migrations 676 | image: lijiaocn/kong:1.0.3 677 | env: 678 | - name: KONG_PG_HOST 679 | value: 10.10.64.58 680 | - name: KONG_PG_PORT 681 | value: "5432" 682 | - name: KONG_PG_DATABASE 683 | value: kong 684 | - name: KONG_PG_USER 685 | value: kong 686 | - name: KONG_PG_PASSWORD 687 | value: kong-dev 688 | command: [ "kong", "migrations", "bootstrap" ] 689 | restartPolicy: OnFailure 690 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/admin.conf: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | clusters: 3 | - cluster: 4 | certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1UQXlNVEE1TlRRME1sb1hEVEk0TVRBeE9EQTVOVFEwTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS1J6ClJjQkN0akpERHNGUzRNRDJDbWRIUlZ4bStLTDc3Tk9MakNndlYzQUc0N3BtaEx1UiswMTNjSVdKRnEzUFZYVUYKT2NlSmxRRVpuUVFibXowRUMwcXdyVCs0T1QyTjZqalY5TzdVU0h3TFQyenpyTDVoNVA4Z0tFd01YdHZEWEZ0RAp3S0ZJUWtNajZQNHR4cWFQaC9WV2VzZThXZEl4N0p5RGM5RmRMREI3c3VaSGVySG0wZUpjL0VxTldwdFpLNDJGCm5pMmsxbjJOY2hXbnF3c2F6Wm1BT1dYcVlBZ3lqeWJqWVVsK1gzOFB1QUg5cTFQTXRYWk4wYjN4ZUdRL0ZIanYKNVN1WmRINVk4L2xRUXp2TVRJUU1WWlM5NmxabktHRHc0OHRxb0ducmd1T2xYYldCTy9pa2ROMGlpaExZRVRqagpHNWZtVE5sNUpsOFVqV1FwTm1rQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDWTBmamt1azBWUmJ0V2ErVGpiTjl1cnE0R2cKRGRrWlhQNy9mdDY3b0RmK0FzdzJKOVZrNU9GQjRuY2xXa0huNkdualc5Vm4rWGdDMUQ5VkJZOGV5MExlNndOawphSlkzdWxCVmV0cy82MzNWYkJjM1JvK1BEamROb0xyWThEQTZ4WGl5d2Z5RHA2Zk9oVW5NOE5xMmtaWTgzYmNXCmFleitzdmJyZ3ppMTJETU0vZ3FoWVNHRVM2NGZnTzBpLzduZ1ZXLzVUVFkrdC9pb0xnc1VwK3BXYlZ3SUdpZmQKQk96VlRZSXR5T3A1dUhxc1R0elpadnEvL3l3Y3JBMTZjOUhvc1Z1R3FXbHoycG9rTkdha3YzdC9tM2l0R04rRwpOMmVVd0dhZFdQNzVUU3hzSlorOENMQWVHTGl0bWRqajBlcFp3NHRJUS9iVjNROGhwSWMyV0Qwb05EST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 5 | server: https://192.168.33.11:6443 6 | name: kubernetes 7 | contexts: 8 | - context: 9 | cluster: kubernetes 10 | user: kubernetes-admin 11 | name: kubernetes-admin@kubernetes 12 | current-context: kubernetes-admin@kubernetes 13 | kind: Config 14 | preferences: {} 15 | users: 16 | - name: kubernetes-admin 17 | user: 18 | client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJRkZKa3MyaVlDWVV3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB4T0RFd01qRXdPVFUwTkRKYUZ3MHhPVEV3TWpFd09UVTBORFphTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQThkNkJvb25wNzF0VktSRkEKVU1iek9aSXZnZU03QnlUMGtkZGNzQ2VlR0pleFM3dkNlQkdTeU0reW1EVmVzejI5Y2tqb24rdURYLzlxODYvRQptSlNjbGd0Z2RCVzZHSFlMNkd2ZGg0d3o4cHVzbExoY2ZuaENodzY0T3pXMjJOcUZNM2pTM1E5SHA3TExCbjBvCklqTy9CeHloWTlaRFlIeTh6eG1aSHVXRGpNUUhYRGVrUjFSUkM3ODhqUmpnMk56WlpmNWZzVkhEM083eUY3cE8KdW5yNlMrMi9Ud3dDUHhMeXAyYnlXTWxrM1poWXphWVVObUx3OE5MV0dOR2JjRHlpeVJZL0k1NTByMm9zT25DeQp2OGV1NDNHN0orOHFjTXdyU08vZXE2YzhseHRZOTB2NEt1NTMyaVF6SS9QUnhyMUpaMmpycFlLNzkwUGVQZkYvCkFMWStxUUlEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFbG9pYklWcUVrc1ZlbXpXNmdGN0dtRnU3dTRBUHQ4aUdPSgpxK3YyVm5MaXExREY4ZHVWc2VhQ0hwY2Q0THF1eWRYQTVGNUJodHg5RnI2N3RJeUtPR1RMWDJabHBLOHp3KzI1Clh6S1ZiSHRRYkx3YW43UG92dXNFOWVoNHBmUUZqTFM5SDJSMzJRWHByck95UmgyZ0VQNWcrNlhiTjJyR0pSK0QKUjVzcG85YVJqZDNQN2Z4ZzQ1VEVoeW9zRHFSUFpnNzZta2U3eWZkay9yTGRyM3hZUlVLaUxaWGtZQlNLY2xPbQpLVFpTMzg0SXZBcE5ZOEJBdmZIV2pzWlFwbFRDZ0EzYXdVNU9XSW11QjZ3MjVyZGJjN2RQRWxJam9jVmM0WU01CkJxY2dPQmdQTFZaSTg4V1RLSWluZmo2Q0pvQVZodW9CWHNMS1dCZVRqY2J5dE1VK0RlST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 19 | client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBOGQ2Qm9vbnA3MXRWS1JGQVVNYnpPWkl2Z2VNN0J5VDBrZGRjc0NlZUdKZXhTN3ZDCmVCR1N5TSt5bURWZXN6Mjlja2pvbit1RFgvOXE4Ni9FbUpTY2xndGdkQlc2R0hZTDZHdmRoNHd6OHB1c2xMaGMKZm5oQ2h3NjRPelcyMk5xRk0zalMzUTlIcDdMTEJuMG9Jak8vQnh5aFk5WkRZSHk4enhtWkh1V0RqTVFIWERlawpSMVJSQzc4OGpSamcyTnpaWmY1ZnNWSEQzTzd5RjdwT3VucjZTKzIvVHd3Q1B4THlwMmJ5V01sazNaaFl6YVlVCk5tTHc4TkxXR05HYmNEeWl5UlkvSTU1MHIyb3NPbkN5djhldTQzRzdKKzhxY013clNPL2VxNmM4bHh0WTkwdjQKS3U1MzJpUXpJL1BSeHIxSloyanJwWUs3OTBQZVBmRi9BTFkrcVFJREFRQUJBb0lCQVFEWjlpMFdmM2djSms4NQpJZjIyallNVVI0T2VabHFFVnE0N1d6dUExMExtWUpUNmJhcVRMeXI2NGdqTWw1UE9yUDJ6SnJiVG5wWVdoWU1wCk5TVlNadUl4YVBFenkzeVhuSkdna3N2ZzRkelNiYTE1bkNabUpoTzF4L01JRUtERkRTOXFNaUM3NjVBa05NQTMKQ2NTSUJkL0pGZWp1b21DM2E5RnVSR0F6Y3BzNDFwSk5uZVJ6VkdmNHh2ZjNVRC81SkFSMC9HVzlLMmFaZDB4SQpxWlZvVFZFcTZzSXZ4U0lSWmVaL1h2WG1YNlB2TGlHWDFqV1hSTlkxazNCY1I4dENYWCtBSHlJeUxCOGdGVjlBCnp1eUkrR3pwVTZ1Q0dUOEIxaHZPRmlUU2V0dUtOTzk5WHhWQytnNlFkeExGbDJuQXVHcmdtWktTQmFEaHZQUmoKOUZOOFppY0JBb0dCQVB6Q0p0YUZVNlFjSUJrNTBNYnUxRmZZaWZjRVdaMHlDM1VkSkdCeWpIa1p6YjVBR0ZuUQpxKzd4OTR2ZElKRWI2aXdqZ1B4alBuRHJDcnFZZktCZy9WaTdidllNTTlKSHFBZ21hSzJuK1VCUm5nN0tmdG9ECkErUXBzZmliQ1RVd2ZMOHJHR1YrZHRFS1Uydi9LdnRBeTVOTWE2NWl4Rmp3UzZ3STcyV20vVStoQW9HQkFQVDQKbW4wOW90ZVRQZXJTYTVlUzdzN0VBS2hhZ0laQVhwSlYrVUFTYSs4eDllc29UL3Q0M3VjVHc0ZkVjYzVmcTFxRgpZUmRtK1ZJUnRrOUVVb20zYTJ6Y3VieWFyREx4ZWdZZ0F2T0IvZy9CTGl3ODlkUmQwM1EveksvT0w1VDh6d2RlCkdWSFBUSnN3TmdWeFZXZWhHOUwrNjZCN2lpd01ua2NSODJjVW9USUpBb0dBQ0s5elBqUGVwK2ovZ1Y1bk9pN0MKeFRIL3E2bE9td1E1T0pFRHl2eWtyeFNmNlVXeWtJT0hKUExUbXM3Q2E3b1YxZVp5YkRuTXozeUVKZDFQaXdOSwpNVjVmZGJ6OW11QXplZlEzN0orMUJPekpEYUVQc3RZZnNCdHVyaWhGckxvNXp5ZmY4cnpod0ZVbWdMT0grcEpECmJKQlhzdXBaN09SMDlUaHBZWWpYYzRFQ2dZRUFyNVNrUGxINExxVlZnc0tRNVZJbUlrTHY2YnI4VmIwN1M0MmQKbWVQYVF0WS9XZTVKN1lkRDFNSWdxbVlONEFwSUtoaGhiOEdadjgzOEtySmdxbDZ4KzVQMCtJNndEODl1VTRlTQpOZmFkSDdPcG9ZR0wvVXZHckpLeDVleFZ4R2F6Q0tmVVpBTzk5NWxGanY4ZFpLcGY1QXBjM21qTnJ5YllKejVoCmhDZVFKZWtDZ1lBd0tnK2pJTkNLMUsxR2RtRDV1ZTl0Z3EydUtpdkVtbTR2VURYVTE0ZDNibmwvNjRNRHl1ZUIKTTNLWm0wM2xLQTFXQzdZSEJrKzBzaDZ4MkdLcnVLb251dW1UQWQzdllVckdhSjNoamJFNkV3Rk5FQU11NUN3Qgp5dkFOT3kyckI5aDlmME1Ld0ZnM3RaRnZzMVoyVFFvK1dmSHdrRWwwUmlTaXM1RGgyY2lwcXc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= 20 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/controller-manager.conf: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | clusters: 3 | - cluster: 4 | certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1UQXlNVEE1TlRRME1sb1hEVEk0TVRBeE9EQTVOVFEwTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS1J6ClJjQkN0akpERHNGUzRNRDJDbWRIUlZ4bStLTDc3Tk9MakNndlYzQUc0N3BtaEx1UiswMTNjSVdKRnEzUFZYVUYKT2NlSmxRRVpuUVFibXowRUMwcXdyVCs0T1QyTjZqalY5TzdVU0h3TFQyenpyTDVoNVA4Z0tFd01YdHZEWEZ0RAp3S0ZJUWtNajZQNHR4cWFQaC9WV2VzZThXZEl4N0p5RGM5RmRMREI3c3VaSGVySG0wZUpjL0VxTldwdFpLNDJGCm5pMmsxbjJOY2hXbnF3c2F6Wm1BT1dYcVlBZ3lqeWJqWVVsK1gzOFB1QUg5cTFQTXRYWk4wYjN4ZUdRL0ZIanYKNVN1WmRINVk4L2xRUXp2TVRJUU1WWlM5NmxabktHRHc0OHRxb0ducmd1T2xYYldCTy9pa2ROMGlpaExZRVRqagpHNWZtVE5sNUpsOFVqV1FwTm1rQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDWTBmamt1azBWUmJ0V2ErVGpiTjl1cnE0R2cKRGRrWlhQNy9mdDY3b0RmK0FzdzJKOVZrNU9GQjRuY2xXa0huNkdualc5Vm4rWGdDMUQ5VkJZOGV5MExlNndOawphSlkzdWxCVmV0cy82MzNWYkJjM1JvK1BEamROb0xyWThEQTZ4WGl5d2Z5RHA2Zk9oVW5NOE5xMmtaWTgzYmNXCmFleitzdmJyZ3ppMTJETU0vZ3FoWVNHRVM2NGZnTzBpLzduZ1ZXLzVUVFkrdC9pb0xnc1VwK3BXYlZ3SUdpZmQKQk96VlRZSXR5T3A1dUhxc1R0elpadnEvL3l3Y3JBMTZjOUhvc1Z1R3FXbHoycG9rTkdha3YzdC9tM2l0R04rRwpOMmVVd0dhZFdQNzVUU3hzSlorOENMQWVHTGl0bWRqajBlcFp3NHRJUS9iVjNROGhwSWMyV0Qwb05EST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 5 | server: https://192.168.33.11:6443 6 | name: kubernetes 7 | contexts: 8 | - context: 9 | cluster: kubernetes 10 | user: system:kube-controller-manager 11 | name: system:kube-controller-manager@kubernetes 12 | current-context: system:kube-controller-manager@kubernetes 13 | kind: Config 14 | preferences: {} 15 | users: 16 | - name: system:kube-controller-manager 17 | user: 18 | client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lJZE9FdWhNdzRGYmt3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB4T0RFd01qRXdPVFUwTkRKYUZ3MHhPVEV3TWpFd09UVTBORFphTUNreApKekFsQmdOVkJBTVRIbk41YzNSbGJUcHJkV0psTFdOdmJuUnliMnhzWlhJdGJXRnVZV2RsY2pDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUw5WU5QeEc2MUxJdGdWNE9lNjd4R2o3TG5KRTlvRGkKdC9xT2U4cmFqYm9qdG51ZWZ6Zkt3SE5ERllnR285OEN5Zi9IZE0yUTUzZUV4cFp3N1pYWEdWeSt1VW1QN3N6NQoxYVQ2RmtIc3RzT0I1WlhxbFV5M2xpNVp5WXhDUFBCQWpiQnpTcWZCZUJVZm5jblU2TkQ0K21mMktpTEg4cG5wCkVQMlhGbFJFNXdobW1EUkFRN0JOYlJUaEtyaGJ2ZEIwWmlaTjljOUU1T0c2cHBGTGM4K2ZPYzdDUGlMM082VSsKTWJFN3lnT1VXRVZuLzFXdFJJT2c0dzFtb1l5L3lSdHZCMi81ZHk1d1liUmQyazNISmdWQUpzdVBPNzRNSkJwYgpLOStLaUVFN2pLaUZKKzVoMFhMYmZ6M01SWWFxNlNZNjBjOWdLZlY5b05RRWluQzB1TDdQSDhFQ0F3RUFBYU1uCk1DVXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBdjBTTXFlMS9iVEYrS3pUTGpWNVl6dE0rSU4zMDg5bnFqRno3N0o2c1ZaYWEvZ01wVApseWFMOFFzdDBmMU1VOC9LQTAwTm9ucHRQYUJKYTdPeStRYjcxVWx4ditUYlpTcklpV1REcmVGbmZ1d25JS3BvCm12WXNieUdIbkVQenRrRnpYQUdyL2tPM1VEeG1CbHdDdjlqQTF6ODd0cVQ4amRydjVnMW94aUtQRkp5dmxCR08KUjdabmZlOEd4U25yWUdmQStPVVFRSGFOQXV4ekpSTEhkbTFsVWxGTUFOMEV2M0RLamEzeEJyL0FXdkNFVG1iQQovYWlmd2FjcENoNFdZaVo0V1JIMFVZNzRlRnFSWE1XVkVlMVhzNStnbWZSeU1oUUdXTVZNMkh6czZVRC90ZGZwCnE0Wk5LT2N0NFVBQ0VCU2tWNnF6TEZUVGlMSDk1N3hKNDd2VwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 19 | client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdjFnMC9FYnJVc2kyQlhnNTdydkVhUHN1Y2tUMmdPSzMrbzU3eXRxTnVpTzJlNTUvCk44ckFjME1WaUFhajN3TEovOGQwelpEbmQ0VEdsbkR0bGRjWlhMNjVTWS91elBuVnBQb1dRZXkydzRIbGxlcVYKVExlV0xsbkpqRUk4OEVDTnNITktwOEY0RlIrZHlkVG8wUGo2Wi9ZcUlzZnltZWtRL1pjV1ZFVG5DR2FZTkVCRApzRTF0Rk9FcXVGdTkwSFJtSmszMXowVGs0YnFta1V0eno1ODV6c0krSXZjN3BUNHhzVHZLQTVSWVJXZi9WYTFFCmc2RGpEV2FoakwvSkcyOEhiL2wzTG5CaHRGM2FUY2NtQlVBbXk0ODd2Z3drR2xzcjM0cUlRVHVNcUlVbjdtSFIKY3R0L1BjeEZocXJwSmpyUnoyQXA5WDJnMUFTS2NMUzR2czhmd1FJREFRQUJBb0lCQURRVElYaDNKSnhIRzZLcApjYnJUUjBUNjkwMEtEN3hMOTU0dElPdTRSMUlkWGhDT3Rqak02VXQxT21ybXc3cHgyOS9NdkxFbGVwbEFmWHQ4CkNHejdPVi9RV0VUNDh4aTk5Yk1NalBvc0hpRmZQTWhzSzIzUm1RSE1WZG5pUFF0MXhobjdocG5aUVlFZU5hYzAKVnBobzZsMVkxV2JaMitDZldZeHFqaDBwRTJkcGEvMkhKOXpyeW4vMnlXYW5TNXRoUWx3UWZ3UGdQVnVYRlRpZQpPUldVbFRCNW10VEJGRjZmRWpzUWZKUVN1Sm5FOEtqSEtqK01LYmhWck0vbVBWTHJkcnJhSDBuRkh4R3hKdTFLCnJYN3FhL0szd21IbU1nYVEvVnc3eFpJak9ZUTFhM0d3U0x5cXpkOEt4djZxeG55MUo2YlJpNzhkUitaMC9vUXkKZEFkMDJuRUNnWUVBMVQ4L2pkbW9Ya1FrclE1NFA0ejU2Y0kvYTJKY1NKWXVVUGMxZXF5bDJ1MUMrVWc5Vit5VwpsOHI5VENwV090TVAvZjZwOFVRRnN4am9DcWZySVU1Y0ZYc0RpM2lMZXB6MlU2VytxeHYzcHJmNVp0YTVTRVA0CjRvc1pUeUtYQXBPSjFYdk5hYm1lMnJBd3Aza2xZL2lVWTE1UEhKL2JUajlGeHZLMEZPS0xWcU1DZ1lFQTViVFUKRk12NG1jR0E3MkJHeUpMZDVnS0h3Q2hla3czaG93NFE1WUVweVYxbzFMSG9VZGQrTWVWSldQdHBybGp5RUdvaQpPaEFtT0k5SkxnbDVINHU2VmJTbG9Nb1k1K21IY0N4WVBpV0NjZjZFNzg1WFZvUVJ2UTRKK0hKSDB2SWwzb3VzCk1rSm1reExMV3R3dDVKcTg3b2MxMzY2NUE3Tmo3SVpRTmJlQ0trc0NnWUVBck00WVBtY0hYWHh6REJvUnI4NGEKSnlmV0pMc01kWFhlQ3BhSnErT0VjNmlaQVZGZEJJY2djZGw0OGVQTkJOWk11MU5IZTgvWG5vNnNXeFpBSURsVAp2Y1IxMXV2VWU0UCt5VUlqQko0aFRlVUFJaW9XODB6QnZ6TmhTeE9Jcy9uRFZGQ0M0UTRlZ0xFT2ZHaGJ1R3VVCk5BSVVzZW1JMmh2RCs3aHAzaExIUDJrQ2dZQkxlOEMxbE5GOHRUbkpiN25TNzNBN3hWa1dyQzFuNVlmZ0xSOGcKUy9HUFdrSzRvajNWcHhxeENzZXZsZTZFZkhZUEx0RlFnejRNR0FuVU53aTJkUlFtVmRhWG45SFBZODQ5N2xTUgpGNEptTTEwNzhIS0MyNk40bk1ScUFDUGFEZmlqeVFJdEFlVHpMNW5qb2JiekNHWk5lK0VZUURKTUpRY1JFcElKCkZPU1JRUUtCZ0RJTHFBcFcxTVRtNTlpWGIwMm5NYUFwbno2NkVGRitOYjJlWktWcG9UUTlKVEd2MEV6MjhEQ2UKQ2d3NmdYdHlQOVp4UTVRUm10d3RwUGNtbThkazFvU05DYnJJRFlLaXNMQWpielNmRjUwaWtRSmhYdTV3NlNyTApNZkw2amdxTFRxa3hlcWluQnBZY215QTlwcUJrUjBIRmxwY28rL3dkOXZnTi9PUDdJOE1rCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== 20 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/kubelet.conf: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | clusters: 3 | - cluster: 4 | certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1UQXlNVEE1TlRRME1sb1hEVEk0TVRBeE9EQTVOVFEwTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS1J6ClJjQkN0akpERHNGUzRNRDJDbWRIUlZ4bStLTDc3Tk9MakNndlYzQUc0N3BtaEx1UiswMTNjSVdKRnEzUFZYVUYKT2NlSmxRRVpuUVFibXowRUMwcXdyVCs0T1QyTjZqalY5TzdVU0h3TFQyenpyTDVoNVA4Z0tFd01YdHZEWEZ0RAp3S0ZJUWtNajZQNHR4cWFQaC9WV2VzZThXZEl4N0p5RGM5RmRMREI3c3VaSGVySG0wZUpjL0VxTldwdFpLNDJGCm5pMmsxbjJOY2hXbnF3c2F6Wm1BT1dYcVlBZ3lqeWJqWVVsK1gzOFB1QUg5cTFQTXRYWk4wYjN4ZUdRL0ZIanYKNVN1WmRINVk4L2xRUXp2TVRJUU1WWlM5NmxabktHRHc0OHRxb0ducmd1T2xYYldCTy9pa2ROMGlpaExZRVRqagpHNWZtVE5sNUpsOFVqV1FwTm1rQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDWTBmamt1azBWUmJ0V2ErVGpiTjl1cnE0R2cKRGRrWlhQNy9mdDY3b0RmK0FzdzJKOVZrNU9GQjRuY2xXa0huNkdualc5Vm4rWGdDMUQ5VkJZOGV5MExlNndOawphSlkzdWxCVmV0cy82MzNWYkJjM1JvK1BEamROb0xyWThEQTZ4WGl5d2Z5RHA2Zk9oVW5NOE5xMmtaWTgzYmNXCmFleitzdmJyZ3ppMTJETU0vZ3FoWVNHRVM2NGZnTzBpLzduZ1ZXLzVUVFkrdC9pb0xnc1VwK3BXYlZ3SUdpZmQKQk96VlRZSXR5T3A1dUhxc1R0elpadnEvL3l3Y3JBMTZjOUhvc1Z1R3FXbHoycG9rTkdha3YzdC9tM2l0R04rRwpOMmVVd0dhZFdQNzVUU3hzSlorOENMQWVHTGl0bWRqajBlcFp3NHRJUS9iVjNROGhwSWMyV0Qwb05EST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 5 | server: https://192.168.33.11:6443 6 | name: kubernetes 7 | contexts: 8 | - context: 9 | cluster: kubernetes 10 | user: system:node:localhost.localdomain 11 | name: system:node:localhost.localdomain@kubernetes 12 | current-context: system:node:localhost.localdomain@kubernetes 13 | kind: Config 14 | preferences: {} 15 | users: 16 | - name: system:node:localhost.localdomain 17 | user: 18 | client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBVENDQWVtZ0F3SUJBZ0lJT2M1NTBoN3JJNWN3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB4T0RFd01qRXdPVFUwTkRKYUZ3MHhPVEV3TWpFd09UVTBORFphTUVNeApGVEFUQmdOVkJBb1RESE41YzNSbGJUcHViMlJsY3pFcU1DZ0dBMVVFQXhNaGMzbHpkR1Z0T201dlpHVTZiRzlqCllXeG9iM04wTG14dlkyRnNaRzl0WVdsdU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0MKQVFFQXhsNDdiaFhwMStQVDRLb0NSazdvQW45bStWSCtzZVR0M3FNbWUzMU5EaWlJOERMa3UzVEtEZkJ2d3kyMwpxWldhTHpsTTc2SFNtS0VNN0VndU5WSytqUVJ2M1RBdDhtcnJjbjdsLzdVTCtxbnBzRHBHaFJsNUZEeDZJUXhDCm54c2ovZkhCKzdObk1HeDVqTWVCQ0R0MDRNTFlyTzNuZ1hQNHh6d2dtYnRCeVE3U3MyZUpQdmF1RGR3a3hROUMKTWtNdlBaa3dVZ0pUcXhHaGhucEdQU2FmdzJwclFhWW9tRGJ3SE1id2o0OGRFMFV6UFdTTjFLWVI0VS9ZRFloQQpIeTFVTjNBMUhBeWVsQlRlTldMTFB5b2tYY0p2YTZ0UGhFOGpuVnk4K09ZUnpqWERnOTk3TDVRSnhka1JsUnJvCkM5OFRkczFXcmlWZXFySmtZN0VUeTJMaXd3SURBUUFCb3ljd0pUQU9CZ05WSFE4QkFmOEVCQU1DQmFBd0V3WUQKVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0l3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUN2MDJlb1FCakJHbVAxWQo1b1E5bkpjQ0c4RjRTaGxyMzJKL3hhTGsxY2lFWUxsVE5kM1J4UEhSWW1mMS9GYzJoeHRXY3ErbXB5TURtdStQCmFRbkhJRVNEYlE1T3VnbC9CeHhodDRCNzNqaXJ4OWtyOVR2UXM1RHpCTG9EYmMwSkRUY285bTBURmJCU0hRZkEKRzdSdDBYYW9wbDJLOTUzNzAyWWlQNmJCajk0amFlMUVvQ00xbysyNXhwc3YyZVRwMW1PWnYyZDI5akgxVFNWbgoxd2Y5a05adFZiV1dDQU5OOVNJdUJvYlN2U3ZCcUh4bzZuMmYwUjdYdVVxc1EvWU1uMkZDaTBPcHZISXJCSTdCCmF5ZWcrYTFIUHRSTTRVSit5MDN5M1N2TldSU2dnNmVLcXNsZXZHZlBNMnNWeWN5ejBQK2pKZEFlY01FUnl3Tm4KeGl1RW4yMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 19 | client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeGw0N2JoWHAxK1BUNEtvQ1JrN29BbjltK1ZIK3NlVHQzcU1tZTMxTkRpaUk4RExrCnUzVEtEZkJ2d3kyM3FaV2FMemxNNzZIU21LRU03RWd1TlZLK2pRUnYzVEF0OG1ycmNuN2wvN1VMK3FucHNEcEcKaFJsNUZEeDZJUXhDbnhzai9mSEIrN05uTUd4NWpNZUJDRHQwNE1MWXJPM25nWFA0eHp3Z21idEJ5UTdTczJlSgpQdmF1RGR3a3hROUNNa012UFprd1VnSlRxeEdoaG5wR1BTYWZ3MnByUWFZb21EYndITWJ3ajQ4ZEUwVXpQV1NOCjFLWVI0VS9ZRFloQUh5MVVOM0ExSEF5ZWxCVGVOV0xMUHlva1hjSnZhNnRQaEU4am5WeTgrT1lSempYRGc5OTcKTDVRSnhka1JsUnJvQzk4VGRzMVdyaVZlcXJKa1k3RVR5Mkxpd3dJREFRQUJBb0lCQUZoTkdCMWY2ZEV0WEdLVQpxeUNLL1dJblBqcGJrb216dzJNb3N2ZWpoa3A0SnNUdGtyNFROZUpRbGgrRzJVdkhDWFJlQ0c1ZlZYU1Z0RC8xCnZZUUZDa2VSb3c0TjVWWVUzQ3dDYXZXUnJQeHU2RlNIREY4eFFLR09ianNKenhvdUphNWtFSnF2ZUk2b3FzN00KL0JZakNWc0h3Ulh4Yk8xR0o0YmdzQTVldWVENlRJWTdCcDdKcVd1TGJsdGZVMTZRWjZNMU1KalpLRkhwV01HcwpQNHlBZjhVUmZnMk9uNXREbmpyQVk0VlBmK2I0dU15djN6TDJ3emVoemI2ZE9SN1VuM0luT1BFRlE5cnJnQ0luClBKa2hhVUhvbHVrU3k1MDM0R3J1ZmhiQ1o1WGF3QkdJZmdTbjFyalB3UDVhTnBlVE1HS29mYWhvR3AxSU40V0kKZ1pMTkxpRUNnWUVBMjhnZjVjVWsrRkN4Q0Nra1NheTJ2VHdOcjVQTFB5QkR6emZzaGdUbGRMNDZ4cXYzYkpJYwpVTVNiREFyREFxdHJDOEtxakVmZWxBUWx1MkY2Y0dsdW1RYTdCSFMvNlZFVHNqSXZxMmdSc2JpUEt6ZzN1eDdBCkVMQnBQelBJMnQ4VjFTTDlRUjV0TFZMVmdRNS9JM1BCbFdqQ3JTVHUwS2VScW1PSEVMUWtnTk1DZ1lFQTV3NjgKV2IwNlkwMXp3UWhMZVc1T0UvVFpReElBMXNwTjlkOXFVSU5ldzdqU1dqQVRzUy82T294K0pqcjRsVHpBWWlObAo5M040eVBNK0tQMGxiWWc0cTJOVnhHMG5NZXZQaWVrYmtLYkZLdHh1MVpWVEJIdVNWMjFCTWlKTmhPMFYvNDdSCk1IS3kxeVN3MVZUZVhSd1VRdDRCMEdURmljdjFtMVZZV0NuOVlGRUNnWUJNS25hamNrYjFwMEV5eXM5QW1SSmIKVWt5TDVIUXpWRU1ydFAzTEZEZFExZndZamRBWldDbG45RHFuV2JOcllXeWZqcjc4RG93Y1Q3T2oxSXhTR0xlegpZSm0vV1phSWpRaCtZTllVV09TSTZxVHpIWEJ5OEowdkszUE42MnhZTGFlclRZem0zRnlKc0lNOVRvRFJFSFN1CkNyZ3N1UGZxWjZnYm5KSmFQNVBHOFFLQmdHeXlxdnNRb1ZvOEFwdXAraytyQzhJcHF0ZjVyVGxldk9SUmNXTmwKR2Z5N2d3SDRvaHIyTmlLN0cxR0M1cFRXbXE3UWRsUytGdkY2TlNEMVRsbEQvMXpwZzF5LytQTnNPeHRtOVpmTQpUTzlIK2tBeVduYStaMjhIcitjVTZpRUJwQnF3cGtyRGVzenBydUw5WlFxcWZnR2pEWGxySHQ4ZmUzRFM2cGUzClVVS3hBb0dCQUwzMHJ2VFJadlVQVmlJMkV2eFczNlFiYk5sTUwzM1kyM09sQ1l3Y21yeU9ad3l6YS9PYk5EUm8KVjhFTk8rM1N0eS9hTmhrU1Q0Q1NVM1duSzc3emhJKzg4c0RjMkVIcE9oR1JGbHdQeVROTElwbGZpY2N3UFlnZgpSSEl5SDJtVi9ZUVlzSXRXbHd2MUF1L1Vvb3VreHpQUzcvcUdySVI4bHlETXJqWWtFWDlICi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== 20 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/manifests/etcd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | scheduler.alpha.kubernetes.io/critical-pod: "" 6 | creationTimestamp: null 7 | labels: 8 | component: etcd 9 | tier: control-plane 10 | name: etcd 11 | namespace: kube-system 12 | spec: 13 | containers: 14 | - command: 15 | - etcd 16 | - --advertise-client-urls=https://127.0.0.1:2379 17 | - --cert-file=/etc/kubernetes/pki/etcd/server.crt 18 | - --client-cert-auth=true 19 | - --data-dir=/var/lib/etcd 20 | - --initial-advertise-peer-urls=https://127.0.0.1:2380 21 | - --initial-cluster=localhost.localdomain=https://127.0.0.1:2380 22 | - --key-file=/etc/kubernetes/pki/etcd/server.key 23 | - --listen-client-urls=https://127.0.0.1:2379 24 | - --listen-peer-urls=https://127.0.0.1:2380 25 | - --name=localhost.localdomain 26 | - --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt 27 | - --peer-client-cert-auth=true 28 | - --peer-key-file=/etc/kubernetes/pki/etcd/peer.key 29 | - --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt 30 | - --snapshot-count=10000 31 | - --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt 32 | image: k8s.gcr.io/etcd:3.2.24 33 | imagePullPolicy: IfNotPresent 34 | livenessProbe: 35 | exec: 36 | command: 37 | - /bin/sh 38 | - -ec 39 | - ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt 40 | --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key 41 | get foo 42 | failureThreshold: 8 43 | initialDelaySeconds: 15 44 | timeoutSeconds: 15 45 | name: etcd 46 | resources: {} 47 | volumeMounts: 48 | - mountPath: /var/lib/etcd 49 | name: etcd-data 50 | - mountPath: /etc/kubernetes/pki/etcd 51 | name: etcd-certs 52 | hostNetwork: true 53 | priorityClassName: system-cluster-critical 54 | volumes: 55 | - hostPath: 56 | path: /var/lib/etcd 57 | type: DirectoryOrCreate 58 | name: etcd-data 59 | - hostPath: 60 | path: /etc/kubernetes/pki/etcd 61 | type: DirectoryOrCreate 62 | name: etcd-certs 63 | status: {} 64 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/manifests/kube-apiserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | scheduler.alpha.kubernetes.io/critical-pod: "" 6 | creationTimestamp: null 7 | labels: 8 | component: kube-apiserver 9 | tier: control-plane 10 | name: kube-apiserver 11 | namespace: kube-system 12 | spec: 13 | containers: 14 | - command: 15 | - kube-apiserver 16 | - --authorization-mode=Node,RBAC 17 | - --advertise-address=192.168.33.11 18 | - --allow-privileged=true 19 | - --client-ca-file=/etc/kubernetes/pki/ca.crt 20 | - --enable-admission-plugins=NodeRestriction 21 | - --enable-bootstrap-token-auth=true 22 | - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt 23 | - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt 24 | - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key 25 | - --etcd-servers=https://127.0.0.1:2379 26 | - --insecure-port=0 27 | - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt 28 | - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key 29 | - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 30 | - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt 31 | - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key 32 | - --requestheader-allowed-names=front-proxy-client 33 | - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt 34 | - --requestheader-extra-headers-prefix=X-Remote-Extra- 35 | - --requestheader-group-headers=X-Remote-Group 36 | - --requestheader-username-headers=X-Remote-User 37 | - --secure-port=6443 38 | - --service-account-key-file=/etc/kubernetes/pki/sa.pub 39 | - --service-cluster-ip-range=10.96.0.0/12 40 | - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt 41 | - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key 42 | image: k8s.gcr.io/kube-apiserver:v1.12.1 43 | imagePullPolicy: IfNotPresent 44 | livenessProbe: 45 | failureThreshold: 8 46 | httpGet: 47 | host: 192.168.33.11 48 | path: /healthz 49 | port: 6443 50 | scheme: HTTPS 51 | initialDelaySeconds: 15 52 | timeoutSeconds: 15 53 | name: kube-apiserver 54 | resources: 55 | requests: 56 | cpu: 250m 57 | volumeMounts: 58 | - mountPath: /etc/ssl/certs 59 | name: ca-certs 60 | readOnly: true 61 | - mountPath: /etc/pki 62 | name: etc-pki 63 | readOnly: true 64 | - mountPath: /etc/kubernetes/pki 65 | name: k8s-certs 66 | readOnly: true 67 | hostNetwork: true 68 | priorityClassName: system-cluster-critical 69 | volumes: 70 | - hostPath: 71 | path: /etc/kubernetes/pki 72 | type: DirectoryOrCreate 73 | name: k8s-certs 74 | - hostPath: 75 | path: /etc/ssl/certs 76 | type: DirectoryOrCreate 77 | name: ca-certs 78 | - hostPath: 79 | path: /etc/pki 80 | type: DirectoryOrCreate 81 | name: etc-pki 82 | status: {} 83 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/manifests/kube-controller-manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | scheduler.alpha.kubernetes.io/critical-pod: "" 6 | creationTimestamp: null 7 | labels: 8 | component: kube-controller-manager 9 | tier: control-plane 10 | name: kube-controller-manager 11 | namespace: kube-system 12 | spec: 13 | containers: 14 | - command: 15 | - kube-controller-manager 16 | - --address=127.0.0.1 17 | - --allocate-node-cidrs=true 18 | - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf 19 | - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf 20 | - --client-ca-file=/etc/kubernetes/pki/ca.crt 21 | - --cluster-cidr=10.244.0.0/16 22 | - --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt 23 | - --cluster-signing-key-file=/etc/kubernetes/pki/ca.key 24 | - --controllers=*,bootstrapsigner,tokencleaner 25 | - --kubeconfig=/etc/kubernetes/controller-manager.conf 26 | - --leader-elect=true 27 | - --node-cidr-mask-size=24 28 | - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt 29 | - --root-ca-file=/etc/kubernetes/pki/ca.crt 30 | - --service-account-private-key-file=/etc/kubernetes/pki/sa.key 31 | - --use-service-account-credentials=true 32 | image: k8s.gcr.io/kube-controller-manager:v1.12.1 33 | imagePullPolicy: IfNotPresent 34 | livenessProbe: 35 | failureThreshold: 8 36 | httpGet: 37 | host: 127.0.0.1 38 | path: /healthz 39 | port: 10252 40 | scheme: HTTP 41 | initialDelaySeconds: 15 42 | timeoutSeconds: 15 43 | name: kube-controller-manager 44 | resources: 45 | requests: 46 | cpu: 200m 47 | volumeMounts: 48 | - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec 49 | name: flexvolume-dir 50 | - mountPath: /etc/pki 51 | name: etc-pki 52 | readOnly: true 53 | - mountPath: /etc/kubernetes/pki 54 | name: k8s-certs 55 | readOnly: true 56 | - mountPath: /etc/ssl/certs 57 | name: ca-certs 58 | readOnly: true 59 | - mountPath: /etc/kubernetes/controller-manager.conf 60 | name: kubeconfig 61 | readOnly: true 62 | hostNetwork: true 63 | priorityClassName: system-cluster-critical 64 | volumes: 65 | - hostPath: 66 | path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec 67 | type: DirectoryOrCreate 68 | name: flexvolume-dir 69 | - hostPath: 70 | path: /etc/pki 71 | type: DirectoryOrCreate 72 | name: etc-pki 73 | - hostPath: 74 | path: /etc/kubernetes/pki 75 | type: DirectoryOrCreate 76 | name: k8s-certs 77 | - hostPath: 78 | path: /etc/ssl/certs 79 | type: DirectoryOrCreate 80 | name: ca-certs 81 | - hostPath: 82 | path: /etc/kubernetes/controller-manager.conf 83 | type: FileOrCreate 84 | name: kubeconfig 85 | status: {} 86 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/manifests/kube-scheduler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | scheduler.alpha.kubernetes.io/critical-pod: "" 6 | creationTimestamp: null 7 | labels: 8 | component: kube-scheduler 9 | tier: control-plane 10 | name: kube-scheduler 11 | namespace: kube-system 12 | spec: 13 | containers: 14 | - command: 15 | - kube-scheduler 16 | - --address=127.0.0.1 17 | - --kubeconfig=/etc/kubernetes/scheduler.conf 18 | - --leader-elect=true 19 | image: k8s.gcr.io/kube-scheduler:v1.12.1 20 | imagePullPolicy: IfNotPresent 21 | livenessProbe: 22 | failureThreshold: 8 23 | httpGet: 24 | host: 127.0.0.1 25 | path: /healthz 26 | port: 10251 27 | scheme: HTTP 28 | initialDelaySeconds: 15 29 | timeoutSeconds: 15 30 | name: kube-scheduler 31 | resources: 32 | requests: 33 | cpu: 100m 34 | volumeMounts: 35 | - mountPath: /etc/kubernetes/scheduler.conf 36 | name: kubeconfig 37 | readOnly: true 38 | hostNetwork: true 39 | priorityClassName: system-cluster-critical 40 | volumes: 41 | - hostPath: 42 | path: /etc/kubernetes/scheduler.conf 43 | type: FileOrCreate 44 | name: kubeconfig 45 | status: {} 46 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/apiserver-etcd-client.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC+TCCAeGgAwIBAgIIS7t3/nZ5ebgwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE 3 | AxMHZXRjZC1jYTAeFw0xODEwMjEwOTU0NDRaFw0xOTEwMjEwOTU0NDVaMD4xFzAV 4 | BgNVBAoTDnN5c3RlbTptYXN0ZXJzMSMwIQYDVQQDExprdWJlLWFwaXNlcnZlci1l 5 | dGNkLWNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLnUKXY 6 | rX0Mljmqani+7/zl9XrbIKIIIgInm2KbgMl02KWc42CTFtAH+OhZEEjVlow9LoRj 7 | PbuWFpld9an+qJXDcn80yImrnjQGxPTp1hEYwiCi243LzJox2LmnqeQQMrfFs0QG 8 | 2E7pxwQaRNDmNTqYLKYhULRjYNSnm/RjV1cCy3hLRrHbZbpEmqsfs57Qfn+uI39D 9 | GxVaF0eqz7awDtkqfrKJ+hJ5cOkdl+F4P/tPIVW8Mnf7SX3FydpjK2X2NrL9cf7P 10 | L45ImKCN1SKiT0lcwtk6jllLTVNvrT6PAkS3/1O8V4dXb0jeX/H6yDqItr3xH5PB 11 | j2ceO81EiivuzSUCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG 12 | CCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCOSnYU0b7a+Sr/Bs8tFEJ+Bbu6 13 | 0VoAd1kWiglu6uevkcyE+5UXkHEMhZ7bLErluM9w2Dgy/6PF8ka822PIazqS2sxk 14 | Dt89Fk3FH9WzzAwl016BeF4tZ4SkOwUcAhiZLJ7sS1WWTq1TsKsXP9T5tKS017vQ 15 | 19ffauxM2pimOHiO2zTiKC6xXKLgssPJ4UDhyHMl2/NjSmA8lw6Ylo/38vEUcHsC 16 | EZB0eEAkhBhgRswczLw9+Q32dONnf6eARGmY+WNqGWADXs+tn881Qm972+H6f9Y5 17 | 3u09mKT0+hbC+dUiZ/JNBUoBK60H7tdU0ItIwjqJZX+bHbTZ4P9qXtkSL3f/ 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/apiserver-etcd-client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAsudQpditfQyWOapqeL7v/OX1etsgoggiAiebYpuAyXTYpZzj 3 | YJMW0Af46FkQSNWWjD0uhGM9u5YWmV31qf6olcNyfzTIiaueNAbE9OnWERjCIKLb 4 | jcvMmjHYuaep5BAyt8WzRAbYTunHBBpE0OY1OpgspiFQtGNg1Keb9GNXVwLLeEtG 5 | sdtlukSaqx+zntB+f64jf0MbFVoXR6rPtrAO2Sp+son6Enlw6R2X4Xg/+08hVbwy 6 | d/tJfcXJ2mMrZfY2sv1x/s8vjkiYoI3VIqJPSVzC2TqOWUtNU2+tPo8CRLf/U7xX 7 | h1dvSN5f8frIOoi2vfEfk8GPZx47zUSKK+7NJQIDAQABAoIBAGPJFXiLlKis/pWH 8 | cf+LMDx03yj5VAhMVPuyr76eUYUMQVKOYVyabhz2dWTTWHvndiMedPWujN42ZsCA 9 | YefBfLKb4x8Eh94R9Rm7tNuOGbJLhuvBKoi6ZZKTvvg+hkoIpuFNyiFlV/0b879c 10 | D4oc/Q+DlVPMPUGANKAoJJp5VlvW6jM4vHh1fCXNaSv4VkJ2r/Fw54aL6Zycspr6 11 | r3ol32MMIikDgff/8kdQiLvXrIZMJey4JIm6P6Q7XXr6PskiW3bCJsuEF9jjBPfI 12 | LGT7P01d/V+/mIGbDfLYeTOBMRuSwKzf4OFUBSU/PW4+tKZ7WAb+4kk65iH3ZbIA 13 | fDJQ5bkCgYEA4OQxKRUdmswHbXADWnXBzTeccWP3y9MdVzdIdxg5aHgh/9qo3tXT 14 | +ghezfl4JQLhThIaO7wcflbAvcs/EdR0PlK5c9J4F+6t4e4TJsiHuLDycjsfTTJC 15 | nlp1ePdbYrBX2Lpv7oHhg2VtKbc2TwD7evQiXnyYkycaieKl+oEiujMCgYEAy6ac 16 | vnwM0/94Y9x8LisU7DFUkiIa+LGdwIAe0Rk8jbFdZT67j8agbxwAdzVM5sD1NlPL 17 | wDwcIho9E2kGFdGmd6kv4eVj4oRs4oS5tbmzsXhJ9+McTZ+/HAsSLu2AChvnuDqU 18 | 2r9AvBpRU/D6txHpsCOunS0yxDegsruq8RP3M0cCgYBzoqHsf+EDEVnYWbo/r0EB 19 | ZlDYtRBbC6iQieqG4jvSjcLdre8a9VPTwq4MtvOiBEMZQ5GdmXIFPFJKxNEfN+C1 20 | kw+skFIT7DQYcbQDQyUWQFXJisDjjq5WgijZFEc3DXl+BQ880ifEykhBJOWV5elp 21 | JVLuxp4lO/wXXiT+E5xppQKBgQCjixuZRVmv7hsqZug601IsE7mM2WK7kTfUXY9h 22 | 8FhWmbcdFXHelm5EjEI7eUxWi2LgzA52RE97e4LM0ayXXRPISNAxItxCDoK6rkfN 23 | DmKmBKmyLmqOU9lPlfx2Pzhx5dMCedkMikZcSO5C8OUGm5YFY8JYavG37cxZfKhc 24 | jeIZBQKBgDBXjYPb0MPTlnbq1CGVhAHFvY2cDQIXcEHeFBsX5T0NslBQOHhzvdh1 25 | oP/bIS7EQChrPa5rlvswJQYLZuVsZ76wmyQEGezKoaZjq3T+7z3QeFi9NICLqWgo 26 | XE8TSXyvHKd6KJhPuihH2wL47h4mzEjt4fR1mZTQCM2AY7byxEXl 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/apiserver-kubelet-client.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC/zCCAeegAwIBAgIIb9YP/GohsyIwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE 3 | AxMKa3ViZXJuZXRlczAeFw0xODEwMjEwOTU0NDJaFw0xOTEwMjEwOTU0NDNaMEEx 4 | FzAVBgNVBAoTDnN5c3RlbTptYXN0ZXJzMSYwJAYDVQQDEx1rdWJlLWFwaXNlcnZl 5 | ci1rdWJlbGV0LWNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 6 | ANiTRZ/VQtPlx68O0bzXxImFOYhWtegfBAiSvOmF4VGgO+uNNZOwM42bywabMdJ8 7 | tB29DTfo6MFjYPru69NTmTy58SrG+1rUHOM79n6/W0LATfYQrQlXo5JVeP3p8nBL 8 | kqRXvc/QuTL4+FdaAtgcFOTsuJuTL2C0OGNzFzkR7gzM8oY7nN0aNEwpYzjuqQ75 9 | HS3cOVq10EX/FI6buoG8P2sgDLiy0jB4Nm5QWcePiH+taF8LQuA9LPbMmPKPo7Kz 10 | +jM1MFYfw14392wLDKcb2Dx3U/Z11PHWT5/lU7AWUGdDon3lK3tYGb6OTWvWVfMX 11 | TFc/XQeLg0nNgYfNa2RsmW0CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgWgMBMGA1Ud 12 | JQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBNm1MvKP5sM5TBIbH4 13 | lFzxpslOrmHKm9MYPW5oqNQw1cAfzh5EOcH5OVMgpX40+tRuGPWvwRo8SAGyNob+ 14 | K8PkYYRfUqYE4CHD6rK4VrYMiKMHR6Re54+MaBnY3ePBblCb0mkRYc01JBDLRV35 15 | YhMSF/WLxGxJ679TZ6UhWQXM/Cuk3OQ7i2GGttwysoLwU4GpWDM+5Juwbc/vPRyc 16 | 9AdAek2jdAQ83tv1nnQa0ZMNzM+zqS2niRNOXN9xuLwZUuVJ3RLreP9SZ/eCvhuG 17 | qsnc/w8O8v2Uh//v7Cf7goIUiXLRZsrDRxw5UpoL1xWj9biLK6bLKHE5CqLgJD8f 18 | Pfp4 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/apiserver-kubelet-client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpQIBAAKCAQEA2JNFn9VC0+XHrw7RvNfEiYU5iFa16B8ECJK86YXhUaA76401 3 | k7AzjZvLBpsx0ny0Hb0NN+jowWNg+u7r01OZPLnxKsb7WtQc4zv2fr9bQsBN9hCt 4 | CVejklV4/enycEuSpFe9z9C5Mvj4V1oC2BwU5Oy4m5MvYLQ4Y3MXORHuDMzyhjuc 5 | 3Ro0TCljOO6pDvkdLdw5WrXQRf8Ujpu6gbw/ayAMuLLSMHg2blBZx4+If61oXwtC 6 | 4D0s9syY8o+jsrP6MzUwVh/DXjf3bAsMpxvYPHdT9nXU8dZPn+VTsBZQZ0OifeUr 7 | e1gZvo5Na9ZV8xdMVz9dB4uDSc2Bh81rZGyZbQIDAQABAoIBAQDTmhDMuXEx16/i 8 | OnhyKd68/o3Xx+CzippGRhiNkWE0f3oMC0vtoJq+IRmcusVTAsR4yd3AYrAHQzHd 9 | +tIvB98Qlhwrz36Gn/gZjNypug1QitOhN2nZVudacmhkrc9SKIR+TbwG78gDJX5+ 10 | 2lMtE0LW6PL2DjicI3l0sV5fREVx+oBMejlb36ET5rzaBPKBGpyGR1pctsOjmH7H 11 | ObhTC7SlOVT+Nicu5awKAep8YeflioSGu3yFDcaA/d2axEvT4rVftol1fP2CpNvi 12 | UBaSLLNNY9BOG5oS/SVyqUhPtFFm8iXNMGfyc1idyATMMJDQmeHgG6HJH36c6n0a 13 | Y0geNOABAoGBAOeqObcY2dXqvE9Ln3gZwYIqqFL0BLyNnlKLcLRfzue/jaRI63u6 14 | VCW52PzmRgyBWSZbibEPu6tjBcH6bwpXVRDKorLyQrRl5qBQZkw7Ttm7sNLOTo9S 15 | m0ktQA4xinfDA4HGVVhxdKfnq5NhtV2FX966ifkLaKiWbHE+g455hudBAoGBAO9T 16 | RARiBkxDdTLibXZGZ3aMFCtXp5u9IIZEcge+ofUXfnkaJRfhbYVR5lRQq3dbphi/ 17 | 0/KILk0xP53wcY5iu6Db7EOkkseVSSiCtk6tSno9pP6XJ37ARe4TqH1uLxaU4ky6 18 | zKMt23fpbw/uiYGSQ3G66VM0zoN2cfmfQo+CpDMtAoGBAILMH237P/KBZ/S1U8Ix 19 | eIoPn53GXG5A3yTnyahtd5ptEoGxEhN3bk8mkRaoxOAGn9kCUcmAgosPi46r4MnL 20 | 6SFj51x1X6gO6JmXC0r7KVfRmtJK3RwancZBICtjWTSpDG/XFRSsahrquHqr7gRx 21 | a2GLnJ7aDCszUuLVUt28S6iBAoGBANv+K3Dn9qgV/l62+y4Uy7iSTVwGKEEl2gby 22 | Veu+lbvpS83gdaZ9ByLdRR/OQ7/lFEp900OHYSB+G9+ADbJ4GcdlQcpwNqiWFvjR 23 | Juotq1+w2MFaiuidr+qIUYJzTX+xflBQChoZ5jtU7k2z1NyxaaPaz+43hXoc3+o5 24 | NoMa8PtFAoGAG45UKspr5LdfPbEFZUJ9tThayM0McfHqFRux5A3c27RIUmqLyA2F 25 | RMxKj64OniNip1QzH4JltaSPETRiZ2K36dvF5/HTwBZteiKBiY2AX6D3ZT+B5n2D 26 | q/30MAZbKrDAz16l3Pr22MSgzJxjBY3mnwCjKUJZVgtyxMf3YyyLnnY= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/apiserver.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDaDCCAlCgAwIBAgIIdRMjFgvi2UAwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE 3 | AxMKa3ViZXJuZXRlczAeFw0xODEwMjEwOTU0NDJaFw0xOTEwMjEwOTU0NDJaMBkx 4 | FzAVBgNVBAMTDmt1YmUtYXBpc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A 5 | MIIBCgKCAQEAsUhz5U+uUk/lpLouUl2AvWouWQtr6Oxav+4QLb8bT0PmMH076HGa 6 | z0dosapgKFagk+O0K7RTu42x+Wo+kL63aYI8KqgX30XwK4ETs7b20B7yDPzfyFJG 7 | FLqyZOiq26cIRAFaMkKA6scGz7r+GB64/VCNmHYv/d9sNF11ww+sGn0tKd3eeB9b 8 | YDhaEQnvNcZXqbWpJkpQndPagugkVhXrZgQ4fyf+6vMytyeV3lkr1LyDjeKB/7ip 9 | pKkbhNRZP1CP4KDWXhPrxBt4rw8mvsiy9+H3ZZdXzwvhAyQq3ZLzdIaprleOdta3 10 | 9KH98qrnzQ7fD6ZLyPCrsDjhJkY+RG7b/wIDAQABo4G3MIG0MA4GA1UdDwEB/wQE 11 | AwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATCBjAYDVR0RBIGEMIGBghVsb2NhbGhv 12 | c3QubG9jYWxkb21haW6CCmt1YmVybmV0ZXOCEmt1YmVybmV0ZXMuZGVmYXVsdIIW 13 | a3ViZXJuZXRlcy5kZWZhdWx0LnN2Y4Ika3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5j 14 | bHVzdGVyLmxvY2FshwQKYAABhwTAqCELMA0GCSqGSIb3DQEBCwUAA4IBAQANyZM2 15 | 8SxgcTAMqytqxYH6K1E8e8kXmHUc4080h/fjpEz2+4R/DJYnCf5GxX8VDlbx2W/f 16 | nYH2qN2cV2R6nNjRrCS/2mG76/eQ3eUcL9asjs9BE3E3HYqJUKVlcR/aAu1s0GJF 17 | BShRcUC1E4SFFBvmajEYJfmWDo9DJ4cCdup6ErPB2NW+fC4aEC/R72c8zQYYfGSm 18 | adJ+TPsWtEx13noncHxYmZDL8yH+RaV/QnpCT54HQZ9Y4VmbRovzchfhS6qE55S7 19 | zoYSVTG9CgPX6JYoCOQ5vTtlDiUakRwcbm63wDDucLU7J7bEU7h5R6r6SHZ5RYsg 20 | 2qxLAB5z2Ddo0jI3 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/apiserver.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAsUhz5U+uUk/lpLouUl2AvWouWQtr6Oxav+4QLb8bT0PmMH07 3 | 6HGaz0dosapgKFagk+O0K7RTu42x+Wo+kL63aYI8KqgX30XwK4ETs7b20B7yDPzf 4 | yFJGFLqyZOiq26cIRAFaMkKA6scGz7r+GB64/VCNmHYv/d9sNF11ww+sGn0tKd3e 5 | eB9bYDhaEQnvNcZXqbWpJkpQndPagugkVhXrZgQ4fyf+6vMytyeV3lkr1LyDjeKB 6 | /7ippKkbhNRZP1CP4KDWXhPrxBt4rw8mvsiy9+H3ZZdXzwvhAyQq3ZLzdIaprleO 7 | dta39KH98qrnzQ7fD6ZLyPCrsDjhJkY+RG7b/wIDAQABAoIBABuLvW5I9jYV8gGp 8 | aB8mJiXIRNFTI/46E1O1ItBo3E5xp2erXc6dMEe6ubq5VV2PMD4qaElOKKCAwMGX 9 | T4dgCtGbCcw6+BKaJFouISiQakMmO8fm1sKiff8kjyl8uWeNyYv/hcs/aBaSvC00 10 | ydxnkajShl3FJ2nT+FUenHili8FFpasyuSPHdHvdk1IUaPOTpVTf+c1A39RcVdoD 11 | PRsX+jGn33C7gg/tSXyK866N3S1D38qAxSh6T5PXd/v6yoRDFtaZ2EzZ8ErHS3+o 12 | 6mNtX55AN4cCUMMPar5E3v3ayBTMVPIDMk5YvlMXdZhtzj2kpBLe7JYVkBYuzwLy 13 | vFslBPECgYEAzaGo1msjadv5ggL9jx0YRYOkxTuEhAhY1WR4CmjYXsTaNUnWZgw+ 14 | E+hIVGLyCcJ5oklCk3/+BPxhXofYrI3rzOvECNoCMqH6maXcumyJqNcKXNDnx32P 15 | yl1/bxCDLCL0mwI1WRfjdVLfadVr9ZxaoAMA5MbgKUWQSyOYQPmmnhcCgYEA3LUs 16 | MubU+Eva6HRsyUhBPg4Zklt7rz1cZOsgAKCpfjVcxITpv80ADVcRuyv42ddOiyEQ 17 | EHTuqAWy9uY8svoB9YVMpyKFL/OnsJQVr90ZoVROzEBrsRDyLPqtLI9/54IhaWTO 18 | 3JAfag4xrglMwZVeDG4JzL/Kt3figOYm9IVzClkCgYEAtj/yaV/5uigp4s4Ntxr9 19 | WRcNIXXXxEG1oiPytJ8qLgxgrdwsdrOhDXnRKWGszXOc5HXz2NEW7YpWLjdOldkP 20 | RccsLwAx9HhVqHo1wNDTzV4SJCNPWiLyH1Rwzpoe+C5fB0eUysr+YQy7UIzEq6IR 21 | PEKNNzcAk/PAqKf6mJPr1a8CgYAdLXZiZFHTYXPXN00Kbxrw8TxANQfs6tfEH7Fj 22 | Y9oEbVmOQWQFjzxqhxA5Bl8nrWcczYoqIstKOzalnVp47sRDiRPRJKcm57dLiMg1 23 | L62rvlGMfxe9mNfrSliKg44NNQ7luAYA8qy0gJvgvin/jZeZXRK+lrxd9ONk1whf 24 | WyUSQQKBgQCXjtGu8yML3rlL5dL259QXdL5/PGsvHnmmnQEt47hUIj3D2QA46+Gt 25 | u13w5N6JGENtvBITO0/ETtJmCiyjwlPpyEqfwwmb6xbnM9YEB6rDVhe3VqtOYOVA 26 | teQWbK2iUIXmLqYJj2wa3tRKrAI9SIKFsp99VTRpY1GuKvqn7BokTQ== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl 3 | cm5ldGVzMB4XDTE4MTAyMTA5NTQ0MloXDTI4MTAxODA5NTQ0MlowFTETMBEGA1UE 4 | AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKRz 5 | RcBCtjJDDsFS4MD2CmdHRVxm+KL77NOLjCgvV3AG47pmhLuR+013cIWJFq3PVXUF 6 | OceJlQEZnQQbmz0EC0qwrT+4OT2N6jjV9O7USHwLT2zzrL5h5P8gKEwMXtvDXFtD 7 | wKFIQkMj6P4txqaPh/VWese8WdIx7JyDc9FdLDB7suZHerHm0eJc/EqNWptZK42F 8 | ni2k1n2NchWnqwsazZmAOWXqYAgyjybjYUl+X38PuAH9q1PMtXZN0b3xeGQ/FHjv 9 | 5SuZdH5Y8/lQQzvMTIQMVZS96lZnKGDw48tqoGnrguOlXbWBO/ikdN0iihLYETjj 10 | G5fmTNl5Jl8UjWQpNmkCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB 11 | /wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACY0fjkuk0VRbtWa+TjbN9urq4Gg 12 | DdkZXP7/ft67oDf+Asw2J9Vk5OFB4nclWkHn6GnjW9Vn+XgC1D9VBY8ey0Le6wNk 13 | aJY3ulBVets/633VbBc3Ro+PDjdNoLrY8DA6xXiywfyDp6fOhUnM8Nq2kZY83bcW 14 | aez+svbrgzi12DMM/gqhYSGES64fgO0i/7ngVW/5TTY+t/ioLgsUp+pWbVwIGifd 15 | BOzVTYItyOp5uHqsTtzZZvq//ywcrA16c9HosVuGqWlz2pokNGakv3t/m3itGN+G 16 | N2eUwGadWP75TSxsJZ+8CLAeGLitmdjj0epZw4tIQ/bV3Q8hpIc2WD0oNDI= 17 | -----END CERTIFICATE----- 18 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEApHNFwEK2MkMOwVLgwPYKZ0dFXGb4ovvs04uMKC9XcAbjumaE 3 | u5H7TXdwhYkWrc9VdQU5x4mVARmdBBubPQQLSrCtP7g5PY3qONX07tRIfAtPbPOs 4 | vmHk/yAoTAxe28NcW0PAoUhCQyPo/i3Gpo+H9VZ6x7xZ0jHsnINz0V0sMHuy5kd6 5 | sebR4lz8So1am1krjYWeLaTWfY1yFaerCxrNmYA5ZepgCDKPJuNhSX5ffw+4Af2r 6 | U8y1dk3RvfF4ZD8UeO/lK5l0fljz+VBDO8xMhAxVlL3qVmcoYPDjy2qgaeuC46Vd 7 | tYE7+KR03SKKEtgROOMbl+ZM2XkmXxSNZCk2aQIDAQABAoIBAHJh+1IPFMtA+TJe 8 | gxW0DOhpGkV7GdXDhKZfmc0ZoKe7Iwqz4/7TOwhW210GTU/3tmj+iYHQoGNzfVMu 9 | IHwAJBp/aQG5EZdO7ms55nN4FDKzaztNAgop7S3HIEBFGnWhHMweBA4qRGyOvbCO 10 | Bm4zx01OKXhj+dXKA9mZVSV6uRG+2nsGyphq63m3jc23IsLKYgewtc+K1BEiOein 11 | 4XKrqJUldyHgZqhnRD0zv86MLXAqbe795ErZ8l8u7WA/Fch18PakgvvfTUwsz74E 12 | r6W8+oaiblWk2KuSSDSW2otmnNA5i0UmMnm8Fc9Cjir2Y2nry51vQJFemXeNkmGu 13 | l3X67UECgYEAwclD9nolJ92v8mD1deHGVLMEH7nMiJuQDvQLt6CgFQyvTN17KF4E 14 | Fl6WlKH/rIj+GhUe4JKAsAn4wmFuhof2zs8MARjicEcl3plKUn8PgKfDw3rCbMfN 15 | igWdr5aldDjx/lIikxGb+fTnZ1cXNmN4oBGhjsDfYmxH4nByRQc66Y8CgYEA2T74 16 | 4cMuo0DFy/jXVEU52suqCHhVixjyRd3v/9i/wcz7/GVwKG39VuGvNWngTinIIBLn 17 | IVPFs7FVnlO5uR5wvooM5q1BKeQGoK5aVA8+jArYlQV6Mm9bxsDeIFXUq+2jAwDV 18 | mJc74bcLVPkf0r1lEmSoFlD3Zk20Cj+tu59pNIcCgYAytfaBA4nBmvO2G8VgKcr6 19 | 0zXbD4YEoaDbKOYAEZqSp5UgKj1WXPP43pvNHW+IuPi13p0L64qdhp6AT3ra3a2q 20 | hOgBSX/IHfY9ACRA3lsyMbS67N8AFHEnEz0me+ekOFqrUNcXYV5N1NbRZir+4pzo 21 | VnTOpI5QdUGCciaVBcVW5QKBgQCUmuzokfkvFzm2Y0v4izoeHr76+EWb1r6zaDOp 22 | 0XyqdyvP5RuprENl0Q9m/DvBe/c3aXbNZ16Porisix06MkZxMEHO8ajnnOGjvGBx 23 | q9PfO/QXTB3grigbdwb7G3tU+ENP5Jw3uwvtRKbtw1QvdfrTcCNC0LPLOU/0ysZu 24 | 14bBtQKBgCHaew2bQrqx0c8QmFMHMaOdi5D1oAuJ3urXA9HP6qCYXJJN+br+w55r 25 | MBeF2WDJG4lfbjiPAtjoQfN42XNAsgEMfBa3axkpogTwrYCHPEgqcnG+ruACSRis 26 | 6ZIgOB8isZlc14UKg9bShm1SroYcasjjK+NyBeJmqOC8M0n12IFk 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/etcd/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICwjCCAaqgAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdldGNk 3 | LWNhMB4XDTE4MTAyMTA5NTQ0NFoXDTI4MTAxODA5NTQ0NFowEjEQMA4GA1UEAxMH 4 | ZXRjZC1jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMjm1nqR/Ym+ 5 | bUzvMe5PGguiMU3lElByGRDYcV6fbX+yFzBnkj6GtG6LMZqrdf9Aeh0aVVZnFR2U 6 | 6j4cvGlOgDt2ki6m3a6acV4rUiErFf3H0ZwyhFR+JyzhymDJL3y+eZ8zxgqOwd8C 7 | PgTguAXiZUdZfO0B7w2cPOJtIN4OwpSEGelew7SXIsVDThH0PrfMPTtbTPWXSHn2 8 | GzXce9xWOI1r6cfhaKxuGOfc+AN+CfZ+wa7fHuULSb49QhyMF7SM7zsaB7tT+g89 9 | /6dInDBQNDfyEfbwgS+OEHBY/ogpbKJ3UZcfCFgyenqpfzVHaFV7TohEhzVDnDOr 10 | gdT4JGRDOw0CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMB 11 | Af8wDQYJKoZIhvcNAQELBQADggEBAG0ObbbLp5a2qmlZMA8K8/Wf7mq1HTnxXux7 12 | urDFYL5BRCVZWykHZvZmSgrfCy5APd5zOCsK2rOGXEAcksz3iFcqyD/jIaGiDB9M 13 | 5HWDW4OrPo3LBCplobdwIcG2785c4+HkSgleg3ziIOvJchvYoZCfZaZpC9UQpCMi 14 | Pux1r4qZw7ZQE3Lps2nIqHJsMHQdgo9Ia8EH5432z3Fs9kNzwpQA2Uo77b/sB5N2 15 | 0fonpTt/yXncJ+2FIuEF9EOAxBW5W/UbZsl5jx8IfQEi50ZWle/dMhoTaak9wqCd 16 | NYvraIcaZq726dJZUVB2gz0O7/N9kfeMopDj9d2l5N8oWaoezaU= 17 | -----END CERTIFICATE----- 18 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/etcd/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEogIBAAKCAQEAyObWepH9ib5tTO8x7k8aC6IxTeUSUHIZENhxXp9tf7IXMGeS 3 | Poa0bosxmqt1/0B6HRpVVmcVHZTqPhy8aU6AO3aSLqbdrppxXitSISsV/cfRnDKE 4 | VH4nLOHKYMkvfL55nzPGCo7B3wI+BOC4BeJlR1l87QHvDZw84m0g3g7ClIQZ6V7D 5 | tJcixUNOEfQ+t8w9O1tM9ZdIefYbNdx73FY4jWvpx+ForG4Y59z4A34J9n7Brt8e 6 | 5QtJvj1CHIwXtIzvOxoHu1P6Dz3/p0icMFA0N/IR9vCBL44QcFj+iClsondRlx8I 7 | WDJ6eql/NUdoVXtOiESHNUOcM6uB1PgkZEM7DQIDAQABAoIBAQCjJoOrSn/hqtnM 8 | jru30llOdUsg/RSga+hbO8rlkwczmocmchXb3T0OQM/p0bCjt9Lza30+C7ykJ1kL 9 | U/7Wbj/JCoOwiyagMyA532h1My5KyEk7VfMNQt3BnyPg8cE0xuKyHTOJQ2HCH2oK 10 | QAxyCudAyDWhq95c6TKwlvsIGmh+fk9lb1FLwSaGY+4doYN8BMT9jJPvrXZUdLWi 11 | Qvm7q4CBRRC3SbJAq2YKWOK2RFzFKAKd3ET2wGrmlNCaXOWoeALEqYUJTVr+EP6s 12 | q2l2yYv21D5/AW8/U/JfSOTpVJrXWgggoXE8kQf06YP7Mw+GEopZIcjlMyTQwocC 13 | 8xJxWgepAoGBAM/U7Y+GWv7zgOvvz+y3YDFKfnnaqyEM2R3lhz4cY5+UNC+F0Yej 14 | iB1AcgzGVUZxJycjF3/uSPpALNwFAAusRld5fQXu5YvBRFNBApQ7mvn1Lj+kGVzu 15 | pJuIubS5sPpfVCuOw6XdT9jxd2/F3RmT0/iB4UIsbG7W2ob1c7l5R1ejAoGBAPd2 16 | vJy1Dueqzi9LGKo/uJHNgsh7vet74ARZ3REyMw0fZuArShBCCxgI0QfuGKKwmZbE 17 | FPPsbhafknnRLbZeWSTcROhjUgpkqNUTJ9e10QuVFT1U1QOtIdJ5L+zgHbV6XKtm 18 | +29D22xMdPay0+nWGwta/umv5xa3pIbUHfd5kg2PAoGBAIx3NxBYGExUO4A7FubA 19 | kYz+8jhdaGfwDRY9uYhrG5IRUqwD37ey+R38HpkvuxbfBz1WZF2cqUop8afK4VsC 20 | VpBslelaq14ng4xZVerl1jq2UUnGGTZMPIi6gfj5v/mYUIUX+nex+nN/z9+FdYgB 21 | 97Pv5FUbPTY0lIG+hzaGF4fNAoGAD0UYZmMVxF3Z0zlDEF5WOUkBJPXdxkYikKIq 22 | 7gC2/bxOUM7bBx3MKXOB0odypbdYAuGemV6hfGvkUfgCZhp0Tb350o0uZs3HTT6d 23 | WsYxXBGa+eneKxfn2mD4ABnkO2qNhVYZdcguJgShwwdN5EP97zlyOWFNVS2HzXoR 24 | T1AFHykCf2Wdu7uhH4VHGVMcGKDqaYl7oasxIUl7ZqD7Hr/7pCQhABrGhMmV/xZA 25 | hW2PyvaOkZj9zTmjQPmM6h9AYcpJpQOKCl2UUbmfNiInPYGvwkCwNxdaojTtTJIx 26 | ChwmQzGoMH/LkNA+s8IIAAScssBHB7Wqxv+Yckbl3f+sLzDsro4= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/etcd/healthcheck-client.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC+zCCAeOgAwIBAgIIC0bTJYR/bPUwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE 3 | AxMHZXRjZC1jYTAeFw0xODEwMjEwOTU0NDRaFw0xOTEwMjEwOTU0NDRaMEAxFzAV 4 | BgNVBAoTDnN5c3RlbTptYXN0ZXJzMSUwIwYDVQQDExxrdWJlLWV0Y2QtaGVhbHRo 5 | Y2hlY2stY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/6w 6 | WRPlKjN8jIW0nVY/FhX9U7ao45BwK2JStXzqrvvpdlzNy64f1sygGOHpUNGfyx30 7 | PMxVswIEbGiPERwWcBNwgaqO7MXvn/EWm/3u6OZrtR0M1Cjvwv8HCeH2DHX6y+i7 8 | Pd0GuXNKBmGP+Sk+nPHbLcWwqzcEqQR9FpF0jjkHHVZsQWD4yVv5SpexR9+kWufq 9 | S9pPoSCHBnIPTwqlIRK7yzaY0e8tkSUmFOqofFeGD4oNeju2rpeVcBI2YmNsIQZj 10 | zvfOGvZo6JWHD1XJN7kR1IG22QRfzXdKzgujvJJKM4TvwzHDkumKuWTymNi8nMN0 11 | B3CoB9eweYX7zOaR0wIDAQABoycwJTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAww 12 | CgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAHYNEDbpauN0lnJqjvu23Zqd 13 | ClGRkH8jnP0cdoPzXURj2h2t2J/wNU7LdQhJ1CbR6e4C+JJt0qv/JCO8c+zUkj9d 14 | wDtkj+zL+aC2EJ45U6LOO1vMNoXQzlI2r+GDr6JW5TSnOOZAr3JtNjMMhAsa4P7c 15 | FZH9g2Pac5sedtBG2g/JKmuB5xvbXMNPWF5qsWdhDnn5/ey/NriozDGo52PqX001 16 | hMY0NhbMaDfcVPHuLokn8mU2akZ9cqb1071Ucon2BziyekQDbUfdHTYU+xHykWaf 17 | sMIFFOF39V2wO2UB6JPRO+cKr1Ix2xC4QpGrv6jo3ZbHzykndnYZW0e4aR8Q53g= 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/etcd/healthcheck-client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEogIBAAKCAQEAo/6wWRPlKjN8jIW0nVY/FhX9U7ao45BwK2JStXzqrvvpdlzN 3 | y64f1sygGOHpUNGfyx30PMxVswIEbGiPERwWcBNwgaqO7MXvn/EWm/3u6OZrtR0M 4 | 1Cjvwv8HCeH2DHX6y+i7Pd0GuXNKBmGP+Sk+nPHbLcWwqzcEqQR9FpF0jjkHHVZs 5 | QWD4yVv5SpexR9+kWufqS9pPoSCHBnIPTwqlIRK7yzaY0e8tkSUmFOqofFeGD4oN 6 | eju2rpeVcBI2YmNsIQZjzvfOGvZo6JWHD1XJN7kR1IG22QRfzXdKzgujvJJKM4Tv 7 | wzHDkumKuWTymNi8nMN0B3CoB9eweYX7zOaR0wIDAQABAoIBAEwKaFKlevkaboHp 8 | 7VmXCCGBiLksVRtPefNj393vUhJZFGOhnHr4/iJnN0TSW5Dx4hoYhYs7Y/Fg2hQ6 9 | VzwjvfOxz9UP9L2s+fM7orQqBoFPdlnAYpZtdN8ByY23jJMykVvDSi7hMaED6CsV 10 | SeDKUxIKwwpyQ/zfwfVs82Nnhpf681OozFBZz0CkNmdAwbhujllNrL69xmUWlTPx 11 | rY8go3Ngqk5YdSHSQm33/rWCXc319a6204noerOVWCownUq1ak3iMic7R33Dkov6 12 | 6zLZ7IEI32hU5Na/f/KKH65ZntHcwkHrN3+zaTlQNXdRDZnYJum/brCiJg36NCN8 13 | n/bcsuECgYEA0eWo6oA4FL9gL6mv4uNu9EwLb7FrX8jF6VHGxRRjUW7JKFtHbrQj 14 | 7d14L/h2FhI4S+WOT6dc8GC0mdEPnO76FuEWZa0N/kXedQoEMBQ8Cz4jYhoYxIF/ 15 | yt11OCKqNQljdfz4sSANRIt9pVDM271UBukJtmHZKjuctUNfRUVOOVcCgYEAyAP8 16 | FvUaeLm4d9DDVloPHCktxhUJkLFkM1XJTUFOpaYN4im4Es/sktTqJnz0urbJKrDw 17 | B4w01TtRpcwog3O5wqvmbBvv0h1zM+6hDLr2+MCOkpHV6h9on7QcNBfoyRS9o1RB 18 | sZ9Pa0axfeTQy2JlD7nOFyWZ/v4zng6vXG1FkeUCgYB9bnzvBgh9fZABa6oMMFWR 19 | 8A+1g5Ti/JwovhHGnFRtyYK0dzfM1CHUd9Dm+de3gNPbpybQOvezPlcuxFxMMBOL 20 | sJ8ty6jdFuvFjWLLSIxJO6zxZx7971Vq6cSu8yg74Yxqae5ECx9ioulG7W4+snmQ 21 | V5rSPs8ECfOv7r70KmKAqQKBgG8Wf3mEsiohBEpPgV5BcKj0Wf7tCj35uCwm1kH5 22 | JqQr4QQepaSVJNC8PjwYJJhbEsmKMhYPEfzoEEXkaQ/xQ1fSv4yFy6HIR4atX3dB 23 | lA++arEPHF8HCMXCc/Oe3+Rmh5jiIAZ189ciEUxZvHlpcbXVPZhvguMz7hk4EL9l 24 | 1UDdAoGARra+bli7+16lblY6TQ83Mi4LdVFIu7jQDA7gUjstLf3iItjc2syhwu3T 25 | j45VOCg1YXgP/fq3u3RS/9WxiCQt3pH39FiRbgkb21hWGCeaqdq/5z9+/7/X2Ber 26 | 4/1iK3CIq6VdFWKLm4lRGUK2iDFi1Jilp2QgyMeBnki/JtggXv8= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/etcd/peer.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDMDCCAhigAwIBAgIIFo6Da6pVOtswDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE 3 | AxMHZXRjZC1jYTAeFw0xODEwMjEwOTU0NDRaFw0xOTEwMjEwOTU0NDVaMCAxHjAc 4 | BgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQAD 5 | ggEPADCCAQoCggEBAMwqkqinHj3OUMexelJdySAtbjm2P5V9RDtiqK0QPFN6tTLY 6 | RCZSIYQ1TzxpaTVoUhzEnfm4Pd2NcY3Z+4UMolicSwdj93M99hUN7Dt89KmsaQ54 7 | DhJzpI6gRJQHlI6JJBOI3+zMKkcqYDBZ0pJOy2yDmdX7GBHvqa8mWNKZKbAcYNyh 8 | 6zo++Zt2V7aTfMUwxwOSOp9LiJVgZRj8J8HfLhh5Lyd8bioZhAF0Twp/geDdwRFV 9 | rgRospA7qS3y+KDxqVW45gE7U7NwxfL+t2O7fQACijUJXZQfTzxV0u8ayW7rCPaY 10 | B236Rxkw9Jmcg+aPWqNubZS2rG7IUBQLspLVJjkCAwEAAaN8MHowDgYDVR0PAQH/ 11 | BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHREEQjBA 12 | ghVsb2NhbGhvc3QubG9jYWxkb21haW6CCWxvY2FsaG9zdIcEwKghC4cEfwAAAYcQ 13 | AAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAc2r4jUUWs0XqMKSQ 14 | 0RLYMA9IxMAcwJ7NkjMq7MKa0WdTFtRT7g1xkzOM++E5KOzuhrYr9N/VsDOWIahI 15 | MPUytZ98VXCWuhZiikOanqQSBU029NXU6ntRE+wMzRARuROGSdnwjMDQpkvv1bIQ 16 | JeBpuXQwuwPPaJVtnIDtRXBbbUHvjF1QZFvNiHFMaQwGebt5q9GcW0qp0azNfG/t 17 | UsvRJmUUrsTukrTsQ5g+a8Dt3y7L9HYf90u9p8cZy4ihzC/D+6UP1Y7JmEaBREgQ 18 | 2tomGT1nqlpo/g0r7FvbzpahBfgcDTd9FKtxqI6B1yJMRQim+uCqdBh/7xUs897A 19 | zgXGjw== 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/etcd/peer.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAzCqSqKcePc5Qx7F6Ul3JIC1uObY/lX1EO2KorRA8U3q1MthE 3 | JlIhhDVPPGlpNWhSHMSd+bg93Y1xjdn7hQyiWJxLB2P3cz32FQ3sO3z0qaxpDngO 4 | EnOkjqBElAeUjokkE4jf7MwqRypgMFnSkk7LbIOZ1fsYEe+pryZY0pkpsBxg3KHr 5 | Oj75m3ZXtpN8xTDHA5I6n0uIlWBlGPwnwd8uGHkvJ3xuKhmEAXRPCn+B4N3BEVWu 6 | BGiykDupLfL4oPGpVbjmATtTs3DF8v63Y7t9AAKKNQldlB9PPFXS7xrJbusI9pgH 7 | bfpHGTD0mZyD5o9ao25tlLasbshQFAuyktUmOQIDAQABAoIBAQC+yHWdpfTLepTf 8 | 1kfg2gTMzcc3pMdL8O+msq2+cvJ8a6kRJyifypXJTmuJn1MR9jbs7QpWRUWCV98p 9 | 1+2CSekW9o3iDRc5mEfxKr56ZGzYdOUDAUrdETVPlhIfZen7O8n7eycMx0gmkkGq 10 | TPVJhNnwwBUr8ORwNk2Q/zt3KGrdRinTKq3/9OZ0M40Fi/bEfqRB2b9ewqEcIN/k 11 | o3E7jRkpVs5zGxcdq+JBSyUWeU+TxX+Sa1r0XZBVIa5iCuD4KQtGMCkMcwivOyG0 12 | oH8HzoEuuSR7ulSZipWbQ/YP3McLcfdXU3uMjgAS1cRkGFWrgQAPTGHQSAYvRgLj 13 | JunsS80BAoGBAP4KmcxypFNfgj0OP30nH2WvUTbU2sFEf99YkNuQZdAY9LkTrPq8 14 | Ij2WDVKqyE3sraS7sy6nxGl0OM2ftrbGgw58uYRJugjGJOfQttVEWpP18kMLKzX1 15 | jm1jrInxEZNddetR7N9OtjxyxFxLjQpS4aW8yXy18wB/r9y1Ws/CRTPhAoGBAM29 16 | iLgqX9pgrkkPxHLsHnYKPCtFTQ0HvX8WFBlcqrHfQ1nqa30blAdoCAfmeslFPedn 17 | s7Bq8suYh/UaHMJj5vns6ytfIHUokGgZM1bJY7T4PwY8tF9Kuyw4n7cbqWnvbSdE 18 | 3xzvjPVfn+1LE7GXoVXGYkDsKrDbZLSPPIzwmb1ZAoGAFdvFpgDLQN078JL0RYmD 19 | OxWdsFEaTXzeX9JYDHxdNk2faPlXbe+YJqJtnQpS19mgi0cXQNFwpf45EQBIEWv9 20 | RNbYg5hwaGbcMBIWWT1badXEtZ4VZrwtOB5WbzwN3hcxmUDgV8qHBaZ+XM6nYRcG 21 | kWMwFwn00bsq35u/J5c4qyECgYBCHRoGNHfA8TiQeeSjGYVgYUGclhSAj3AxmqKy 22 | 07h2mExIZLBN78LN7nxGLaZfb0TJS+XOV0/WZRmrhcygGwJqZdvcgCEqBPMCwLZi 23 | uSy1RuDZ3EAKLzWerEOGz/jM9geZiuQ3pDMj1qrJ0kpt01AhBDMmsb22P4pJC45l 24 | rBt7YQKBgQDAw5AoX2CeX8decCz4RUASuxPuSLOfoqrIMcNgZ3N/Z7zLi4eiA/dV 25 | 5nHSg8571N76XiVaGXnkm6yTMx1CipO/NimgRO3nivOmGU5bKsmL1HZoFdWMnidQ 26 | 6XRleVqfUrjanL5C/BN+y9BKPlHqxGg7Km1G2oEE6IyuYwteCfRT6Q== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/etcd/server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDKjCCAhKgAwIBAgIIZa97VJMZ5IwwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE 3 | AxMHZXRjZC1jYTAeFw0xODEwMjEwOTU0NDRaFw0xOTEwMjEwOTU0NDRaMCAxHjAc 4 | BgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQAD 5 | ggEPADCCAQoCggEBAMYJcqn5gwtQz6dkd+ZcyhGv6XLV2yKyQlnavfQzgRf06l9T 6 | RGz4XbjP2Gz51qo5jgNhuyScBTfHRGCoGaMB31sREKAI89/VoGxP7anc12rL2e2q 7 | PMbLe82vqZoCanwDZgGr7mulxpOgsU8hIdLxWsT/vt7CaYCE7yMX8Rmapb0GAq4T 8 | 2cpOmxPRHWgklYyB+WS6GL10CmkDLKqBJPYObcfnnXtkwHarLjXVeNmDsujOcSWD 9 | FzRQR8SeVsb3+YuWgnUsd4VjGN+EqxsNTO34oO9GmaLZvLSVTXb0NIC27EQrHjnq 10 | bPjux8f/x7RoXVN8vzOdveLEH5GEg6vq0BnB63kCAwEAAaN2MHQwDgYDVR0PAQH/ 11 | BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBDBgNVHREEPDA6 12 | ghVsb2NhbGhvc3QubG9jYWxkb21haW6CCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAA 13 | AAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEATgM4woL+U01ipbeOqt3Zirqo 14 | KNQDcgk7VLhdwApaVMYNd0OncpqWqGzysMlxM+KlLgr/D8fAySK7ibRjOgaZ4EcN 15 | Mrn3rLegKnvAI+K26RysT8+Q/URPoDbfz1dUD3buyjmnRcQyxpi9U0KqJh69Zg/k 16 | pVxBN87q25pjurS/No3lFeaVDJzIThoBkexXyTwYre7W+KrjpeH2BbWm3BSeN3nv 17 | lbhjbyNZpbcoUU+fDDgcwati3hjJ2a7duLRIq6yr9Yz0rpeqHIHmjHmdimwPiOc6 18 | Jm68PNiiARWXNw27PBCkduvpsSeFXhyN2WBkqWmtUkoJAlNezmRbqm0Bjf3PIQ== 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/etcd/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpQIBAAKCAQEAxglyqfmDC1DPp2R35lzKEa/pctXbIrJCWdq99DOBF/TqX1NE 3 | bPhduM/YbPnWqjmOA2G7JJwFN8dEYKgZowHfWxEQoAjz39WgbE/tqdzXasvZ7ao8 4 | xst7za+pmgJqfANmAavua6XGk6CxTyEh0vFaxP++3sJpgITvIxfxGZqlvQYCrhPZ 5 | yk6bE9EdaCSVjIH5ZLoYvXQKaQMsqoEk9g5tx+ede2TAdqsuNdV42YOy6M5xJYMX 6 | NFBHxJ5Wxvf5i5aCdSx3hWMY34SrGw1M7fig70aZotm8tJVNdvQ0gLbsRCseOeps 7 | +O7Hx//HtGhdU3y/M5294sQfkYSDq+rQGcHreQIDAQABAoIBAQCp6Q9FQLuraMFR 8 | SIUK08/XjwuHqG6kfTcqauARdmMrT8oK0aFisVGQMFvrXAxO7qSmyCJNzcM4UTKc 9 | j323evLM6n5OIIBFKr/CTm2GEOGOUqp/HFGa6pklJ7MnXS1Ji4zooEAmggw3O2cF 10 | klK37rZHUXnNHBZy2xtmC7OjmSjcXJdhNdwT780YhXzqk2SG+Q1nJxH9QuQDBHV8 11 | vv4QjxdKF/fr3Pu4w1bKsmNC3haGy9oNTcunMwwVtXn8dk630Z3NQ1VrKjIQnbz7 12 | NWTHDe8Ok2L7rmiPw+p3C3Exh4x2a7qQEH6BpHxEMdLtSso4Be8z5f9DJAxQ3gVX 13 | rYxDu9YBAoGBAP9P+q5i6ITe2udA2GpzTYQTSX21LmUOHRnLYbWvx2fNBQrYzjpd 14 | 4BsWMgvDzw2YVAd2rV2uK0zEtdGPfqBFa0DLBJykmbLveO4YN9/fQHz6cTrK4HFh 15 | qMrQMwtZpM1rT6CUFf3cuU9pa0MZIrbFnX+Ebt94yLN7fUSsqX+sqHZBAoGBAMaR 16 | +ybMIVknjRN3ITGjoWfDcv7DweG8IFxuLv89sdZpUkfOTfQy2UW7gxxGmetBUx9t 17 | B3uJmfWHPO94cPiCEZuRz6n4Mciz4aBsmSyWcJ2DnLZ3e/tHuMaVhJyhV51Y2q9e 18 | tclVJqIMHoWxsioeG+VOph/YqywbFJSPNyu3L9c5AoGBAIKGgBFhbaBoUp+BjmK1 19 | uf544cyLsUFmusfyK2z4hchyj05hUuWSEr2mVkWfgJ5hryv1p2JKZcaklpOheco0 20 | U0XXxO7UU+Of/EI1TXN9rnl2jCbTi3VLyUCOulnmJZQDdb0RmECl9HM94OF320B3 21 | vTJxIUHMfUcNLhjK8Qjd225BAoGAPtuzT2LLI7fbds/9WANecsRyQKejVlwBOoE+ 22 | q1nSU/dfLo/mKWl3UhW7uVW4H7q8H3SaK8cxT4ISDhRoXqJ+BGsx+7IvwEMBJ5F5 23 | I54z5AjnsPM98huQKHzoT9TbMVoRT/aBQUyNQDrp5pSLu71wQzSUbfxeo0WnTCfR 24 | 5SrGIDECgYEA7dB8ZiFfZ3px1ljxnAQprqbl3i98Xe8SUqsYSnxKxiAdVg73SBww 25 | Fy6Fx8Bp2z7i7Pd09ThmyweHMp7DWuiSeHJYzgC2VAlVlMPQBxa32nV5JV1B4EEI 26 | RHxVLe+wanqN+BbB9jn/MyrvaRL9LT3xDO/SlBZqHHk/92DpSS65xOs= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/front-proxy-ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC0DCCAbigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5mcm9u 3 | dC1wcm94eS1jYTAeFw0xODEwMjEwOTU0NDJaFw0yODEwMTgwOTU0NDJaMBkxFzAV 4 | BgNVBAMTDmZyb250LXByb3h5LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB 5 | CgKCAQEAvaGUmbYek7wIDGK0KxUqx0QFR3CYKEKYhHKpo7enauOnj29k1BD3L4TD 6 | BDBxOdDTenCQ5FoH9fs8z5kKOT1nbNzRP5edqdieUVNTtA0pNY3f2aNwMNO6R5xW 7 | rYYv8hkjtaB8wQFy8N72r5U2KbAAE5ahZa4/cTYEpW2xvRy8ArfLyly1QF0xPo30 8 | Fsj4SJGcLgKOxTKV845Cd1x2fsKEU8idIG1S6ajGd9GO/C+1aVF6U06RtR06emhE 9 | Mgh5SaxtSR3nGBm/4TGuZ9+9ZWbCrzALcAdQB175HzP/5S032dK65FdU5Koyqy8u 10 | ZhIaIt6bE3ofP0EBHfqBshEFDYsvNwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAqQw 11 | DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAPJhfuCPTZ8CXBQ/A 12 | 5oXTfpv61BNGAY0siYzD4hPsBNly8E6V7hlbVrv0UT4WlYFIoTUvGRwJJAHtH8nc 13 | YlP4+9zA3zb/AOcctTEIzmkPOrnosTSNcM5MHG75UKrE4taO6DquXspTsIc5P41X 14 | MBvENEJXFITMs5kloN+8uMZnVnj+wcgfXyEYXQOZ4ndBHAlrHhFh5Zle3ReGaw3q 15 | tWIRz/2CJ0YLt/0/kc0u5+6DijTTG4/B6rbbNAu+h3yNpvunhYpdQFR4kq6bKz+n 16 | 4mK7O70RGXqBX5wOgQnU1rAmA7ly2zdOK0iXmsN1yFJoi4i2kVxDSeWJD5+9simm 17 | jWYCOg== 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/front-proxy-ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAvaGUmbYek7wIDGK0KxUqx0QFR3CYKEKYhHKpo7enauOnj29k 3 | 1BD3L4TDBDBxOdDTenCQ5FoH9fs8z5kKOT1nbNzRP5edqdieUVNTtA0pNY3f2aNw 4 | MNO6R5xWrYYv8hkjtaB8wQFy8N72r5U2KbAAE5ahZa4/cTYEpW2xvRy8ArfLyly1 5 | QF0xPo30Fsj4SJGcLgKOxTKV845Cd1x2fsKEU8idIG1S6ajGd9GO/C+1aVF6U06R 6 | tR06emhEMgh5SaxtSR3nGBm/4TGuZ9+9ZWbCrzALcAdQB175HzP/5S032dK65FdU 7 | 5Koyqy8uZhIaIt6bE3ofP0EBHfqBshEFDYsvNwIDAQABAoIBAQCZEyDof+no6cU5 8 | ckfr6zdQCWmVhJ9fCHsjl4e2396mW0T8dThYM6XF1w6xiAUuXZMI6Gsd2ktI1lj9 9 | X5WwJRAjAZFsGxCrdXA/R9tuoZ0dXPxRLCy5TYC2o84YXxS/AmogCIAMMQY+yE0r 10 | 6XACcM9vAI4ijWkrEybm/0iV1ucx7RX/za4K5Bm4567Pdjur23iBXbktnbUNEr6m 11 | aCUwXgPH0GfLofeUG3uUkqtBnxBh98LlJGih6eDB0BkR1XZLeyQRLC0kkti6pmFr 12 | WasPp920AFu432s9qAX8KXsbgeVBVUxsilEgcLKtr/Aw1WZTP6zuffPzmD+7LeUE 13 | 8UhTSRc5AoGBAOSggOaO5jWgy9Iv1bKVcXZh5YAjmQxf2IabnnGlLItSRFb+Um2b 14 | lc5tYLtLIbjrhtGepNITY8slMLiJKjXhq8L4rGW0N1wQiCBLdGgORYueVJwDg+GF 15 | QTA8fF+942nSisqNTd7f9r9vzdsYwDtv5iHlBnsehTzVZQCVjbRxbs0bAoGBANRV 16 | 154WS5aTs2nWtJTwSljiR7I5I8za9MX9l6WzwNEeVk9MViiSeoGyY2UBuYy+Pzyy 17 | 3cdwvbbWCvCWgtpmNcVqjIF6fg5A50gZ2+buXp7vxHmueUdf4jfBxVQWrQQbxspt 18 | RgwmohoAwI213VDfjEHGCQ3eNwj1Cim/gA1UbtQVAoGBAON4Aefi448V5dTBPRgK 19 | cjI7orDEOkFCl1cOPC2MDm6rskzviql9NCaHUsfmL64hwCiNdCWDnzV+UiQ4bKPh 20 | XRiGfFhQXwgddqLTEAV7tZv9Mudq4+scvsg0VfaYIkymauqufnyyTnkXzzQfQxuf 21 | 8NNmX/VdX2kwU+ap5axTc89jAoGAOW//I4RkbhcGMVsi/icB9YlAW7WZOZEBJY2z 22 | t98oCWlrb4f2xoLZILxgprIQv0G3WXQJCio1J4A+9VXBj9KWORDZcSzxbGmiJp7Y 23 | HV/duKCjRUctB2Goj+yatGRt6O6al6d3i1HoB6Csdaj8dSQDjMdFK7swp/uhBCoJ 24 | OZHdaQECgYA3kRywonxlqzDzbjJ6L7p13NTbiaD6EqdY7Ame+lj00jkbWFo5vFij 25 | F2OOCqSQO2yUKeFDO/6J+6a5xTvYhM2Zjfd5OuuAaTFz/Gcs/IvN+IP+WhirDXUl 26 | d4QiieNBHRlChrrYqXU9REMSxSwN2Z9QPOdXEAUQknu149l3kTyoxQ== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/front-proxy-client.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC3zCCAcegAwIBAgIIPiTSgSmUOKMwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE 3 | AxMOZnJvbnQtcHJveHktY2EwHhcNMTgxMDIxMDk1NDQyWhcNMTkxMDIxMDk1NDQy 4 | WjAdMRswGQYDVQQDExJmcm9udC1wcm94eS1jbGllbnQwggEiMA0GCSqGSIb3DQEB 5 | AQUAA4IBDwAwggEKAoIBAQDhoZDYBVsrTxUKae/Aqg1AXE40Y+gXOnGVBULinqUr 6 | J+6JwYpaZjhqOg9PCc3FzuJhbLSrvdmFEuX+jj4RAJbUCjZyY15jjVanewGTt3nD 7 | OUkqGS+Wlmeo8wfe5O4gbyblqt3X6qk1K2aE0oh1vxiWVzHCipe74DEfPDY6gUCh 8 | LDyLZAfrgC6jD5qQGrmW8H0IAxGShiWUSQoeRSTQFYivsIMvMJmtxLgYZEH8BLSt 9 | vP0C7JZGaiUBF51e65TUnxASad8JnRNEXTG9LJPsf6N2MESRpgitwNCbpSw0LQYo 10 | 5o6xXmsLGKgpw/MjEYH040/4R/vcxMdwQ9MqRKQLCmBhAgMBAAGjJzAlMA4GA1Ud 11 | DwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOC 12 | AQEANMh0V5HErUwrVom8q0ef9lUN8KLFB6dVbLab4J3uw0ds7o0xIOXxrMNCgojZ 13 | NKbQE56ziGapmuwIt2wjcsmKycotsUoJpzYfMNpVRDqytJJEYIaLbzSRDD5PAs/q 14 | iPN1hjddqJkVE0+p/zqggL/srHX/7neqELGfkpvdb7tZZziLxeIqdAEttFmuFGxn 15 | JsOuMUl2n86kjdMTz+cgWnfNPAVyrJfqw4YlWYnkD645PpZXNfq8BeZxQt5fEpTg 16 | 60KjVUcCzhmvcUq/v8SkXs/xIXFUkm6DoktCwrAF7cjRa+Uxv7TqRs4sDPG2TKlL 17 | mfvSZIKCWCINu6mbflUbwm5Ddg== 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/front-proxy-client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpQIBAAKCAQEA4aGQ2AVbK08VCmnvwKoNQFxONGPoFzpxlQVC4p6lKyfuicGK 3 | WmY4ajoPTwnNxc7iYWy0q73ZhRLl/o4+EQCW1Ao2cmNeY41Wp3sBk7d5wzlJKhkv 4 | lpZnqPMH3uTuIG8m5ard1+qpNStmhNKIdb8YllcxwoqXu+AxHzw2OoFAoSw8i2QH 5 | 64Auow+akBq5lvB9CAMRkoYllEkKHkUk0BWIr7CDLzCZrcS4GGRB/AS0rbz9AuyW 6 | RmolARedXuuU1J8QEmnfCZ0TRF0xvSyT7H+jdjBEkaYIrcDQm6UsNC0GKOaOsV5r 7 | CxioKcPzIxGB9ONP+Ef73MTHcEPTKkSkCwpgYQIDAQABAoIBAQCqKR/EWp28FsMG 8 | fIhMo7KktDhieGojgncAbNxZbk2gM1hJWcXOkULAkhLTh9BA+tptoP7MerweCPed 9 | N4cFaY1WUnFnaRtZNtGAM1soHPneSkisUBw8lCePGeH4rmwL1+fc0zTFTnrX12hU 10 | iTZSnpCbaRzk24K9NMG3DcDT9IBaS0h9JbFQ5tPKSIa4f9q+MAkvGTYV5H/0Ruq9 11 | 8r1U7ZOfHXXsgidx6vTjwg6Lf9x1R1IuW+ekBvlT0X9G6dHwiv6eBUWanuPD90ig 12 | E84kmxgF5/qLltYEOkyDbGx9EgscX6vJi8MYaw6qQrxOA7wLLJonov69AU0EZRvU 13 | yQJzeMdVAoGBAPowmTVWmRU1HCsShjsBG4j+tj9lxslcplD1POlEvyzSSFQ0aF8R 14 | tJKAbjanPuq5V++iSWwUs1p+bS0zzN9tBQP0RtBiIgMYd2R6lz4O4K46KuapAvSW 15 | dM/ZiW6hHMrgPwXlt/sd9Ptv/UBFnbMgp6FD1cQeWepPDiXwIuKYj2dTAoGBAObe 16 | 9qZQYv8CCckKN8IfFMN6KnrCPLDiNwTxdUbKdLvxNUCtqHPakrrYIDb3Uh/OI72h 17 | H1xFRNVndAgRQgS6VIFzSM18SSfznG900AIlcdndmkg8B/5196O5bYAbI1/Sz2KV 18 | sRfrXf2yOOe5Syszrca0qwkfX55sHFedVj6AB2b7AoGBAK1BSletiIUvKjqJsXra 19 | 4X6VJQ/yIx7+kg4uRegkO1+Gn5/wSvbLBAkP90LRvrg9ca/46m92Rl28f052OMHg 20 | dUCvwPo9euA56TQj0Oig1ObSUTM6h1lpd6sYMhvyZkX31Kz4z9eOf0A/5VjE3NhX 21 | HL6Ig1g0zH9+D4YmLYJNs8ERAoGAUZj+PfvtcUnMIZUN7ftEQG6eMvMRtkbNwV6B 22 | 37pQldiDxM9b2U6oS4d1o1e4W+tksHIQ/nCxCmfdF7jZx4f/tB0F3zKNPKSaZr43 23 | gnqviZwMGnm1LZeOJfy0mfF9iDGfAK39gIG8n5ztBeF0ktlaEv/p73h6OCjnv4Op 24 | Zr+jXh8CgYEA2lcfiLRro2ObeRmMrLceJCid048lBnQv/zEGAdvKZs6PVMdAVGtb 25 | DBS9ckFPxiMlcDkUvoNoqbA8cMIh7olqPYST7pLsGrBsU0zaXLpvMZg8ArX5TWNt 26 | upeYX+pdbJ86rZ4dGc9N3JFEYR87+x/KHtZXN6LdLKvuR4uZVjKX3WE= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/sa.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpQIBAAKCAQEAzeGQOeBkKv0a0zMLjy7jROPo5wQQjH6EeCx/s9i0jav8OKpk 3 | MaRv6EdeEammytg5TUCqq1g5XsniBWJAADsuuhR4nzW7VE4C3u0jpTxniRWbZfhP 4 | /z2ndQmRGj00TRm/2tFArThO5EJkd6IV91kx/3KytayOu9baFlKQHHUj714Y0Ubh 5 | tsErILVBpMjX3zhePnxTBYyuVWsNgenA2/8UuEuo75CRBHC6KPhn10cCHMsBsIe7 6 | C90b8Hy1dD22zn42spPaBQBL6pw9EFhCyQhWPj4VNf037PPcn0Vk2LBIzTXz9n8v 7 | 0Y4GJINrl0z5gnbdly0W/80pfcG0sTZ1ivMIZwIDAQABAoIBAQCz0Qa/BhV21onP 8 | XQ4DiNhHGygYXZx2mSnqLDN9SRCpjEVG2MuZ8B0tquemVZ6wHBowNwLZlLzG5Vzb 9 | huyPRyGQtMCFjdCH2Xr4afZwI0nqmUyYy0BTle3kcu6hFEPR82N2Ir1yjXOaOcK2 10 | GoNE/kqE6hDcTFJ+DTF9va7QrB8uuFeyBuIR5r+QBdxH9nIhVh7ZiqP1eNMNp9PC 11 | 7FTQgLsIVPckOoInE/GA3XZ/SUO9OR0HwU15OPapk6Fyw+wHUqcQ2/ie2Yb1OEFc 12 | 0gzTrF8fDAH3uXe87xN7pALK/aNVlncfYCkWw/yZrmbTlSGCfXKpWpu4Ggx4NI1k 13 | pUxCW5QBAoGBAOJH4BoQ+vf/pOLkU5VXTfWF2t1ef2anUp8+8lnvzQbnctSiviZ5 14 | H4rH2p+PagCvvh9shjc+ExtwOOk3G0QtRIe6nJYWLHKZP7dFIU6qwW8ct423iUxO 15 | u3d9Bv3fFQ7u6RGBPwnTc5N9V+0KkYeu69z9FHKZSYsnZGRQwlPUtIWnAoGBAOjr 16 | zPJmcQDB8Erwmshq5crvwn60RM6TCJL+l40Bfr+rWbVPWtlz2sDfK8Zc+V1rxr8g 17 | acCChETT8SuPy9TvuxFz9oHjzEYFQzusJKCVhgpk2RE6Io+Z5XUB7/s2bdRrgz91 18 | LqZ6/FevmbEh8w74XUoP25SJxEBDikNrWrBLHz9BAoGBAN4aXI5ZUm1wASEvqhbw 19 | 7bVroEsewQA6hi+GsoyygtUfAqhR4UCULPCkgCOTuiFYXs4rUIYSqOCKw2GuVFYT 20 | 9Ksg8SekNhZ5839pHGtB0cHFNymkF+DNetaq4tz3RY011ZD4Aq8bXNtM8avabsP2 21 | Xs63noVpjjVHAhQw7L0qD9MLAoGBAMZwlvRx2Ja3pFyEbqqPgGWMLV07gl+onyZ1 22 | J3Lnsi/j8ZLqH9Ghxd6KhEYE0iMIfpQ5Lj/oMn5dP1xIr3UkJXFyJbN1+4QwWZ6O 23 | Q8pYeZGDZ/goWmeTyw0L8IRLU/kk+/XlhTArGbAvGDb0YJsBeKFvrzj2wq+pmzNj 24 | VClcZyvBAoGAVy2YBZoRiFU0iOtqdlcdE9biOjAFXA5jiVLfdjZmCA+jhV0AYrY0 25 | RhvnTYpeGBIDNarvauaHCi0k0g529Srsmoo6uBkPFMtqi3nA5PkTuP4JxVbosMie 26 | sli4rcoBPO+mb5rBp+9/3JXloBQrXNuFytKl9k49/zzlUiHw4br9nUw= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/pki/sa.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeGQOeBkKv0a0zMLjy7j 3 | ROPo5wQQjH6EeCx/s9i0jav8OKpkMaRv6EdeEammytg5TUCqq1g5XsniBWJAADsu 4 | uhR4nzW7VE4C3u0jpTxniRWbZfhP/z2ndQmRGj00TRm/2tFArThO5EJkd6IV91kx 5 | /3KytayOu9baFlKQHHUj714Y0UbhtsErILVBpMjX3zhePnxTBYyuVWsNgenA2/8U 6 | uEuo75CRBHC6KPhn10cCHMsBsIe7C90b8Hy1dD22zn42spPaBQBL6pw9EFhCyQhW 7 | Pj4VNf037PPcn0Vk2LBIzTXz9n8v0Y4GJINrl0z5gnbdly0W/80pfcG0sTZ1ivMI 8 | ZwIDAQAB 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /kubelet_manifests/v1.12.1/scheduler.conf: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | clusters: 3 | - cluster: 4 | certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNE1UQXlNVEE1TlRRME1sb1hEVEk0TVRBeE9EQTVOVFEwTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS1J6ClJjQkN0akpERHNGUzRNRDJDbWRIUlZ4bStLTDc3Tk9MakNndlYzQUc0N3BtaEx1UiswMTNjSVdKRnEzUFZYVUYKT2NlSmxRRVpuUVFibXowRUMwcXdyVCs0T1QyTjZqalY5TzdVU0h3TFQyenpyTDVoNVA4Z0tFd01YdHZEWEZ0RAp3S0ZJUWtNajZQNHR4cWFQaC9WV2VzZThXZEl4N0p5RGM5RmRMREI3c3VaSGVySG0wZUpjL0VxTldwdFpLNDJGCm5pMmsxbjJOY2hXbnF3c2F6Wm1BT1dYcVlBZ3lqeWJqWVVsK1gzOFB1QUg5cTFQTXRYWk4wYjN4ZUdRL0ZIanYKNVN1WmRINVk4L2xRUXp2TVRJUU1WWlM5NmxabktHRHc0OHRxb0ducmd1T2xYYldCTy9pa2ROMGlpaExZRVRqagpHNWZtVE5sNUpsOFVqV1FwTm1rQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDWTBmamt1azBWUmJ0V2ErVGpiTjl1cnE0R2cKRGRrWlhQNy9mdDY3b0RmK0FzdzJKOVZrNU9GQjRuY2xXa0huNkdualc5Vm4rWGdDMUQ5VkJZOGV5MExlNndOawphSlkzdWxCVmV0cy82MzNWYkJjM1JvK1BEamROb0xyWThEQTZ4WGl5d2Z5RHA2Zk9oVW5NOE5xMmtaWTgzYmNXCmFleitzdmJyZ3ppMTJETU0vZ3FoWVNHRVM2NGZnTzBpLzduZ1ZXLzVUVFkrdC9pb0xnc1VwK3BXYlZ3SUdpZmQKQk96VlRZSXR5T3A1dUhxc1R0elpadnEvL3l3Y3JBMTZjOUhvc1Z1R3FXbHoycG9rTkdha3YzdC9tM2l0R04rRwpOMmVVd0dhZFdQNzVUU3hzSlorOENMQWVHTGl0bWRqajBlcFp3NHRJUS9iVjNROGhwSWMyV0Qwb05EST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 5 | server: https://192.168.33.11:6443 6 | name: kubernetes 7 | contexts: 8 | - context: 9 | cluster: kubernetes 10 | user: system:kube-scheduler 11 | name: system:kube-scheduler@kubernetes 12 | current-context: system:kube-scheduler@kubernetes 13 | kind: Config 14 | preferences: {} 15 | users: 16 | - name: system:kube-scheduler 17 | user: 18 | client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNhZ0F3SUJBZ0lJWitMd2pvWDZVbzh3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB4T0RFd01qRXdPVFUwTkRKYUZ3MHhPVEV3TWpFd09UVTBORGRhTUNBeApIakFjQmdOVkJBTVRGWE41YzNSbGJUcHJkV0psTFhOamFHVmtkV3hsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCCkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtDbEI5YjJOWTRwOC81dGZrVFo4bXR4U24rMGg1NVU0Nld1aHhQR1VOSG0KNCt3RGhYV0RGUk9QNTY2VnZzZitjZm0rWUlLT21rQ2pNUFlGY0tTMFhtTzJ6ZmYvNWpOYTdrUHF2NGUrcHBwYgpnVldWb3I4eklvSlp1N1VVRFFuZVIzTmVPdGJZeUFkVkFad0xCbkl6NGNnNjByWFZ3RmJLVzdHRmx1V2tpb1h2CkJyVVE4WjU3bnJoUzRZSG03VE1zem1mTDVDQ0Q4Q2pHdzkvaHhZWFAra3hpRmM1aWZURUZxZTNhd2V6bEFXenMKUVViR2Q3bWRxMU9Ma2lsQWJjVFRmbGJDSTJRZ3I3aUcxbFNSQ0xRSXlRT1NGKytleWc0ZWZhaG5DYndpbDFTTApMY3RoZEFsTjR5UEo0UXdpRG9pa3d3Tzd2dVNwNVV3cmJ2WFBGQkRjdk1NQ0F3RUFBYU1uTUNVd0RnWURWUjBQCkFRSC9CQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUIKQVFDV3BaUkVxNDI3M3Y3ZjVyc3ZqOVlEU1BsOVRtUERjRGE1WFVFSzZDMFFucXN1WXFBc3FJaVFwakhhSkVuMQoyTW13T1FHeEowRm4yTU92TWw1R3VJYUcxWlRBSGNnRlRZWjJoZDhYMGI1TjZPbXFOUFFaS3lpKzZJdGlJMnFhClBpZWI2TldpdFA4ejZvQnhTYlB4TVVicDJacCthUFBLOEg1QitVNngvRlJ0UitsUHlXNEpnVEFoT3BoR1lvbFEKNTUwOXFVNnJ3S2tDdXdodlovb3c3UHBUZFgwdEJyaWdLMzZrcHF3Q0pLMzFwY3NhZjN1WG9YckZJUStOaXhDcApCUWFwN0pmYkYveGNzVER6dkZ3bVNBNjUzcWcvL2J5c3MwVHZ0cllma2RsTXBOYjZRTHBDMittY3BiVTZxQUlBCmxyUXNvOHpGVldlejcrZnVuZkpGbU9ReAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 19 | client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBb0tVSDF2WTFqaW56L20xK1JObnlhM0ZLZjdTSG5sVGpwYTZIRThaUTBlYmo3QU9GCmRZTVZFNC9ucnBXK3gvNXgrYjVnZ282YVFLTXc5Z1Z3cExSZVk3Yk45Ly9tTTFydVErcS9oNzZtbWx1QlZaV2kKdnpNaWdsbTd0UlFOQ2Q1SGMxNDYxdGpJQjFVQm5Bc0djalBoeURyU3RkWEFWc3Bic1lXVzVhU0toZThHdFJEeApubnVldUZMaGdlYnRNeXpPWjh2a0lJUHdLTWJEMytIRmhjLzZUR0lWem1KOU1RV3A3ZHJCN09VQmJPeEJSc1ozCnVaMnJVNHVTS1VCdHhOTitWc0lqWkNDdnVJYldWSkVJdEFqSkE1SVg3NTdLRGg1OXFHY0p2Q0tYVklzdHkyRjAKQ1Uzakk4bmhEQ0lPaUtUREE3dSs1S25sVEN0dTljOFVFTnk4d3dJREFRQUJBb0lCQUhjd212VjZMZGd4OW0rUwo2N25ILzE2S2F4ei9aQlFzcGM3N0JBdSsrNTRSY3BCZE9Ic3M2OGxjM3lnZ3dMR0FieTQrZXpyQzlWMzU5c3pDCjBvWFJzYXJJS2wvVUJRZWJjdWIvV0dZdUpVeW5rZmxmRWFaTkdWQ2ZwVzYvMXNDNHBFakw1Rm9kODZQRkJYR3kKbUhESlg3OEJMZTl1RGN3WFRoc1RwQmIwa3phMUtpdHZCK0FDb3M4TFBDMnFZYzNJSWR1MWV0ek1rM2p4STFaMgoweG03S01YV2ZiWUN0S3YxOWs3NkNpUkhBRUJZdHpWTUxzUlRQOFlHcXRJaFYrTHcyN3dzdFN2K2pMTG1JSnoxCklOZFNnbWxTSEpUOURuN0k0YWFyeXhCMTJDL3p1QUFXeXFUMGkvM3UxWSt4bitOZW9pQnZtUnhTd2NJR3VYVk0KeXVVSjMwRUNnWUVBMGFwd2pnYUVpa1RtcUgxdmVvMFBvY2NkTGx0MnFvNUZVOURqQ1YxS29jbGVtVzA5QXpOMgpiTUZFNEFacnUwRllOa2hxVEQxSWdidEk3UTZ1ekJNeDc0dE54Q3VGQ0pzbWFHL1g1akpTc1BNNWJYeWo4ckQxCityR3o2ZmgvREhPdkZDZFF0VkpSaGFEcXVWektYYm1NMzZvR0N5d0VGb2pQbnRXRXFuOTFoZU1DZ1lFQXhDVkoKVENJdkhTa1d6T3ZsN3B6UkV1VHRsRHlqbUlRUEF2RmIxdlZYTDg5TWhYS3p4bE9Ic3NqUTU3OXZRMUgxYnVjOQpoZktmSnpnSjh3WUx2NFhLNTJFNWlVUnB3cFFwWGhQZGlyUnlOM0ZlUmZoaTFDU0hQUTRVQ01nNFBOR0tMTlpZClhQc1FUYVFBL3BNaUExMno5YjF0R21Qa0FyanVqT2taUVF1OG82RUNnWUFZWCtzejU3Z1M1dzIxdXRkeDlPSkQKV1lXZjlRd25xZUNQYlBKb0RVdDI0WlU0MndWRDBRRE1oZTkrNStBd1pkbGVmaTYxYkU1NG5wQk0xdThsVkhueQpza3c1S1NJUExSSmJBOTJpcW1rSW4wNG0xMTJzQWp5bWgzQTJIQ2lSQndYc251RjRJdmpOUXpibWs4NEc5V0pXClFrcnZrNDlxR3orZjVJekcwWWlWSndLQmdBS2JXRUVKeDBTRThrZWc3dnBmM1N0NkhXbzE4QnFyenFORVgrc1kKY2FNeUJ4dFM3ZTY1MTNqWjBHVDBGMTkyckdOZjhXSmhXaG9rVllXRVZBMmtrcERHcXdRWEE2elJXVWRsempEMAp1dnZmcHRnWk4vOEh5VUJYZW82dlVvZ0VaT2k1cEl6L3pUU3E5RlJ0MGlyblNPZ0FMMzRGUzlkNWE3bzFzdDg1CmI3VmhBb0dBRlJTMnFBRTV2ZlRVckdsRkpvQ2VnTHU1UkZUQ3BjL05VOUFKQUxVT1dhVFdmSzhHTWZwTEx2d0oKdjU3Z0srR21OYUZBR1pnNXRramNFenRaaGdhb2hIOFZHUUIxaHVQVG8vUGpmWldKdFdGVDVFN1Myd2lNQXNNWQpFdnI5aElQYXRLaFo3azNreDU5QTd2bEFhaXBFemx2MEJKQVQvUzkzTlpvSGhsWVplRVU9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== 20 | --------------------------------------------------------------------------------