Observability (monitoring functionality) has always played an important role in system maintenance. A good monitoring system can help engineers quickly understand the status of services running in production environments and can locate problems or give early warning of anomalies when they occur.
Prometheus is a leading open-source project focused on metrics and alerting that has changed the way the world does monitoring and observability. And Apache APISIX Ingress Controller has enhanced its support for Prometheus Metrics in recent releases, adding a new feature for use in conjunction with the public-api plugin. This article will introduce how to configure public-api to protect Prometheus to collect Apache APISIX Ingress Controller's Metrics data.
It’s recommended to install the graphical pinentry program for macOS.
$ brew install pinentry-mac
Add to your ~/.gnupg/gpg-agent.conf file(这边需要注意的是,是在文件里添加下面一行,不是傻乎乎的在终端一直输入下面的东西):
pinentry-program /usr/local/bin/pinentry-mac
Add to your ~/.gnupg/scdaemon.conf file:
disable-ccid (From the man page: Disable the integrated support for CCID compliant readers. This allows falling back to one of the other drivers even if the internal CCID driver can handle the reader.)
We want to make sure we’re using the strongest key types that are available for GPG. For our purposes, we need to use RSA keys for all key types. Set the key size to the maximum supported by the YubiKey (4096 bits).
gpg/card> key-attr Changing card key attribute for: Signature key Please select what kind of key you want: (1) RSA (2) ECC Your selection? 1 What keysize do you want? (2048) 4096 The card will now be re-configured to generate a key of 4096 bits Changing card key attribute for: Encryption key Please select what kind of key you want: (1) RSA (2) ECC Your selection? 1 What keysize do you want? (2048) 4096 The card will now be re-configured to generate a key of 4096 bits Changing card key attribute for: Authentication key Please select what kind of key you want: (1) RSA (2) ECC Your selection? 1 What keysize do you want? (2048) 4096 The card will now be re-configured to generate a key of 4096 bits
gpg/card>passwd gpg: OpenPGP card no. D2760001240102010006078005150000 detected 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Your selection? 1 << Enter PIN. (Default is 123456)>> PIN changed. 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Your selection? 3 << Enter admin PIN. (Default is 12345678)>> 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Your selection? Q
然后生成你的 gpg 混合加密系统的三个加密密钥
gpg/card> generate Make off-card backup of encryption key? (Y/n) n Please note that the factory settings of the PINs are PIN ='123456' Admin PIN ='12345678' You should change them using the command --change-pin Please specify how long the key should be valid. 0= key does not expire <n>= key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: You Name must be at least 5 characters long Real name: You McEngineer Email address: you@example.com Comment: You selected this USER-ID: "You McEngineer <you@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O gpg: key 109F2428DD97A597 marked as ultimately trusted gpg: revocation certificate stored as 'C:/Users/you/AppData/Roaming/gnupg/openpgp-revocs.d\2F28DCB202028A5A2FE5A45D109F2428DD97A597.rev' public and secret key created and signed.
list 命令列出所有的 密钥
gpg/card> list Reader ...........: Yubico YubiKey OTP CCID 0 Application ID ...: D2760001240103030006000152110000 Version ..........: 3.3 Manufacturer .....: Yubico Serial number ....: 00015211 Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key :[not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa4096 rsa4096 rsa4096 Max. PIN lengths .: 127127127 PIN retry counter :333 Signature counter :4 KDF setting ......: on Signature key ....: 2F28 DCB2 0202 8A5A 2FE5 A45D 109F 2428 DD97 A597 created ....: 2019-12-03 01:21:36 Encryption key....: 4E14 0FFF B296 D2D5 6CD0 A654 C821 9CCE 0DAB FC09 created ....: 2019-12-03 01:21:36 Authentication key: 529E FBFD BF0C 5908 79A5 4FAB 23DC 6210 FD32 B9BF created ....: 2019-12-03 01:21:36 General key info..: pub rsa4096/109F2428DD97A597 2019-12-03 You McEngineer <you@example.com> sec> rsa4096/109F2428DD97A597 created: 2019-12-03 expires: never card-no: 0006 00015211 ssb> rsa4096/23DC6210FD32B9BF created: 2019-12-03 expires: never card-no: 0006 00015211 ssb> rsa4096/C8219CCE0DABFC09 created: 2019-12-03 expires: never card-no: 0006 00015211
$ git show HEAD --show-signature commit 552b36ec86790bfdac679ab23e6d61133ff0b383 gpg: Signature made Sat 22 Feb 201411:00:00 CEST using RSA key ID AABBCCDD gpg: Good signature from "Committer Name <committer@example.com>" Author: Committer Name <committer@example.com> Date: Sat Feb 2211:00:00 2014 +0200 Fixed a small undocumented feature that made foo crash
GPG必须拥有签名者的公钥才能成功验证签名。
前面的命令假设感兴趣的提交是最后一次。要验证一个普通的提交,请将 HEAD 替换为提交 ID(本例中为 552b36ec86790bfdac679ab23e6d61133ff0b383)。
验证提交签名的替代命令是
git log --show-signature # Displays all commits and verify signed ones
git verify-commit HEAD # Displays and verify the latest commit
I’m having trouble integrating openid-connect plugin with apisix gateway. When I have it enabled I end up getting no response from the API. Any idea what am I doing wrong or how to troubleshoot it? in slack
大家好,首先肯定得自我介绍一下,我是编码练习三年半的 JUST 应届毕业老学长 CheverJohn,虽然按照实打实算,我只是在18年秋天步入软件工程的课堂才算是入了门,但是我自以为三年半个年头里,学习的路线并没有太大问题,甚至可能自诩有一个还不错的规划?!目前个人最为感兴趣的一块就是编译原理、以及各种编程语言的实现这一块,毕竟学习各种编程语言的艺术看,多是一件美事。
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). if [ "$PS1" ]; then if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then # The file bash.bashrc already sets the default PS1. # PS1='\h:\w\$ ' if [ -f /etc/bash.bashrc ]; then . /etc/bash.bashrc fi else if [ "`id -u`" -eq 0 ]; then PS1='# ' else PS1='$ ' fi fi fi if [ -d /etc/profile.d ]; then for i in /etc/profile.d/*.sh; do if [ -r $i ]; then . $i fi done unset i fi
其次再打开~/.profile文件,会发现该文件中加载了~/.bashrc文件。
# if running bash if [ -n "$BASH_VERSION" ]; then # include .bashrc if it exists if [ -f "$HOME/.bashrc" ]; then . "$HOME/.bashrc" fi fi # set PATH so it includes user's private bin directories PATH="$HOME/bin:$HOME/.local/bin:$PATH"