0/16 \ # service网段，即cluster ip网段 --ignore-preflight-errors=Swap \ #忽略swap未关闭而导致的检查错误 --image-repository="cof- lee.com:5443/k8s" #指定为集群内部的docker镜像源 如果指定使用集群内部的docker镜像仓库，要提前在docker的daemon.json文件 里配置信任此镜像仓库地址！ com:5443/k8s/etcd:3.4.13-0 #可见镜像名已由默认的k8s.gcr.io/换成了配置文件里指定的docker镜像源 # kubeadm config images pull --image-repository="cof-lee.com:5443/k8s" #提前 下载需要的镜像 # kubeadm init --config /etc/kubeadm-init.yaml 加到操作系统的ca证 书库里 # cat ca.com.crt >> /etc/pki/tls/certs/ca-bundle.crt #将ca证书添加到centos系统证书信任列表中，链接到： /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem ②安装k8s二进制组件 #使用aliyun的源（如果用的是RHEL8系列的系统，也是用的el7的仓库源，因为

com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce- 3D645A26AB9FBD22.pub.gpg sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt metadata_expire=300 [gitlab_gitlab-ce-source] name=gitlab_gitlab-ce-source baseurl=h�ps://packages com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce- 3D645A26AB9FBD22.pub.gpg sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt metadata_expire=300 # yum install gitlab-ce -y #如果报gpg验证错误，可带上参数 ★普通用户登录并创建项目 普通用户首次登录要求修改密码，然后再次登录 创建一个名为pro-1的项目（仓库） ★允许客户端push到main分支 Se�ngs→Repository→Protected branches 勾选“Allowed to force push” 客户端上传分支代码： # cd ~/testgit

expressed as code.” c. CREATE A SINGLE, SHARED SOURCE CODE REPOSITORY FOR OUR ENTIRE ORGANIZATION i. Firm-wide shared source code repository is powerful way to share local discoveries to the entire organization pipeline tools 5. Monitoring and analysis tools 6. Tutorials and standards ii. Google – Single repository with over 1B files and over 2B SLOC, over 25K engineers for every Google property d. SPREAD KNOWLEDGE work i. Make security part of everyone’s jobii. Integrate preventative controls into our shared repository iii. Integrate security with our deployment pipeline iv. Integrate security with our telemetry

& secure c. CREATE OUR SINGLE REPOSITORY OF TRUTH FOR THE ENTIRE SYSTEM i. ALL parts (code & environments) of the system are shared in a version control repository ii. Version control is for everyone without accompanying automated tests. Spread Testing Grouplet team approach. Google – single, share repository of billions of files. 50% of code is changed each month. 40K code commits/day, 120K automated

Program-specific Log Storage and Retrieval Service 2. Service Mesh 3. Program-specific artifact repository 4. Runtime Behavior Analysis Artificial Intelligence (AI) service 5. DCAR for the hardened https://www.csiac.org/podcast/dod-enterprise-devsecops-initiative/ DoD Centralized Container Source Code Repository (DCCSCR) https://dcar.dsop.io/ DSOP Group Workspace https://dccscr.dsop.io/dsopDCCSCR Project

Created a self-improvement project  2 week iterations, planning and demos  Put everything into a repository (configurations, scripts, etc.) Infrastructure as Code  Turned over repeatable and automatable