α’ααααααααααααΌαααΆαααααααααα»αααααααααααααΈααα·ααΆαααΆααα½α
α αΎα
αα αααα»αα’αααααααα αααα»αααΉαααααΆααα’αααααΈααααααα‘αΎα αα·αααααααα ααΆααααααααα
- ααα ααΊααΆαααααααααααααΎαα αα α ααααααααα ααα»α α αΌααααα½ααααααΆαααααααα·ααΈα ααααΎααΆαααΆαα½ααα·ααΈααΆαααΆα αααΎα αα½αααΆαα LDAP αα·α OpenID αααα αΆααα’αΆααααααα ααααααΎαα
- α’αααααΆαααααΆααα - αααααα·ααΈααααΌααααΈαααα αααΆααααα’αα»ααααΆαα±ααα’ααααααα αΌαααΆαα’αα»ααααΆαααΆαααα Keycloak α
- Gangway - αααααα·ααΈααααααααΎα config αααααΆαα kubectl αααα’αααα’αΆα α αΌαααΆαααα OpenID α αΎαααααΆαααα Kubernetes API α
αααααααααΆαα’αα»ααααΆαααααΎαααΆααα αααα»α Kubernetes α
ααΎαα’αΆα ααααααααααα·αααα·α’αααααααΎααααΆαα/αααα»ααααααααΎ RBAC α’αααααααΆα αααΎαααααΌαααΆααααααΎαα‘αΎααα½α α αΎαα’αααΈαααα αΆααα αααα»αααΉααα·αααααα ααΎααΏααααα±ααααΆααααα’α·αααα αααα αΆααΊααΆα’αααα’αΆα ααααΎ RBAC ααΎααααΈααΉααααααΉααα·αααα·α’αααααααΎααααΆαα ααα»αααα Kubernetes αα·αααΉαα’αααΈααΆααα’ααα’αααΈα’αααααααΎααααΆααα ααΆααααααΆααΎαααααΌαααΆαααααααΆαα ααα αΆαα’αααααααΎααααΆαααα αααα»α Kubernetes α ααΎααααΈααααΎααΌα αααα ααΎαααΉαααααααα’ααααααααααααΆαα Kuberntes OpenID αααααΉααααα αΆαααΆα’αααααααΎααααΆαααααααααα·αααΆααΆα α αΎα Kubernetes αααα½αα―αααΉαααααααα·αααα·α±ααααΆααα
ααΆααααα α
- α’αααααΉαααααΌαααΆαα ααααα Kubernetes α¬ minikube
- Active Directory
- αααα
keycloak.example.org
kubernetes-dashboard.example.org
gangway.example.org - αα·ααααΆαααααααααααΆααααα α¬αα·ααααΆαααααααααα α»αα αααααααΆααααααα½αα―αα
αααα»αααΉααα·ααα·ααΆααααα’α·αα’αααΈαααααααααΎααα·ααααΆαααααααααα α»αα αααααααΆααααααα½αα―ααα α’αααααααΌααααααΎααα·ααααΆααααααα ααα½α 2 αααααΊααΆ root (α’αΆααααΆαααα·ααααΆααααααα) αα·αα’αααααααα½αααααα’αα·αα·αααααααΆααααα *.example.org
αααααΆααααΈα’αααααα½α/ααααααα·ααααΆαααααα α’αααααααΌααααααααα·ααααΆααααααα’αα·αα·αααα Kubernetes ααΎααααΈααααΎααΌα αααα αααααΎαα’αΆααααααΆαααααααΆααααΆα
kubectl create secret tls tls-keycloak --cert=example.org.crt --key=example.org.pem
αααααΆααααααΎαααΉαααααΎααΆαααααΆααα§ααααααααααΆ Ingress ααααααΎαα
ααΆαααα‘αΎααα
αααα»αααΆααααααα α α·αααααΆαααααααΆαααΆααααα½ααααα»αααΊααααΌαααααΎαααααααααΆααααααααααα½α ααΆααααα αααααΆαααααα αΆααα αααααΊααΆααΆααα½ααα»ααααα·ααΆαα
ααα‘αΎαααααΆαα α αΎαααααΎαα αα α»ααααααααΆαααΆα
helm repo add codecentric https://codecentric.github.io/helm-charts
helm repo update
αααααΎαα―αααΆα keycloak.yml αααααΆαααααΉαααΆαααΌα ααΆααααααα
keycloak.yml
keycloak:
# ΠΠΌΡ Π°Π΄ΠΌΠΈΠ½ΠΈΡΡΡΠ°ΡΠΎΡΠ°
username: "test_admin"
# ΠΠ°ΡΠΎΠ»Ρ Π°Π΄ΠΌΠΈΠ½ΠΈΡΡΡΠ°ΡΠΎΡ
password: "admin"
# ΠΡΠΈ ΡΠ»Π°Π³ΠΈ Π½ΡΠΆΠ½Ρ ΡΡΠΎ Π±Ρ ΠΏΠΎΠ·Π²ΠΎΠ»ΠΈΡΡ Π·Π°Π³ΡΡΠΆΠ°ΡΡ Π² Keycloak ΡΠΊΡΠΈΠΏΡΡ ΠΏΡΡΠΌΠΎ ΡΠ΅ΡΠ΅Π· web ΠΌΠΎΡΠ΄Ρ. ΠΡΠΎ Π½Π°ΠΌ
ΠΏΠΎΠ½Π°Π΄ΠΎΠ±ΠΈΡΡΡΡ ΡΡΠΎ Π±Ρ ΠΏΠΎΡΠΈΠ½ΠΈΡΡ ΠΎΠ΄ΠΈΠ½ Π±Π°Π³, ΠΎ ΠΊΠΎΡΠΎΡΠΎΠΌ Π½ΠΈΠΆΠ΅.
extraArgs: "-Dkeycloak.profile.feature.script=enabled -Dkeycloak.profile.feature.upload_scripts=enabled"
# ΠΠΊΠ»ΡΡΠ°Π΅ΠΌ ingress, ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΈΠΌΡ Ρ
ΠΎΡΡΠ° ΠΈ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ ΠΊΠΎΡΠΎΡΡΠΉ ΠΌΡ ΠΏΡΠ΅Π΄Π²Π°ΡΠΈΡΠ΅Π»ΡΠ½ΠΎ ΡΠΎΡ
ΡΠ°Π½ΠΈΠ»ΠΈ Π² secrets
ingress:
enabled: true
path: /
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/affinity: cookie
hosts:
- keycloak.example.org
tls:
- hosts:
- keycloak.example.org
secretName: tls-keycloak
# Keycloak Π΄Π»Ρ ΡΠ²ΠΎΠ΅ΠΉ ΡΠ°Π±ΠΎΡΡ ΡΡΠ΅Π±ΡΠ΅Ρ Π±Π°Π·Ρ Π΄Π°Π½Π½ΡΡ
, Π² ΡΠ΅ΡΡΠΎΠ²ΡΡ
ΡΠ΅Π»ΡΡ
Ρ ΡΠ°Π·Π²ΠΎΡΠ°ΡΠΈΠ²Π°Ρ Postgresql ΠΏΡΡΠΌΠΎ Π² Kuberntes, Π² ΠΏΡΠΎΠ΄Π°ΠΊΡΠ΅Π½Π΅ ΡΠ°ΠΊ Π»ΡΡΡΠ΅ Π½Π΅ Π΄Π΅Π»Π°ΡΡ!
persistence:
deployPostgres: true
dbVendor: postgres
postgresql:
postgresUser: keycloak
postgresPassword: ""
postgresDatabase: keycloak
persistence:
enabled: true
ααΆααααα ααα ααααα
αααααΆααααα
αΌααα
ααΆααα
ααα»α
αααααΆαααααααΆα
αα αααα»αααΆααααααα α»α ααααααα’αΆααΆα ααα
αααααΉα
ααααα
ααααα
Kubernetes
αααα αΆαααααα
Kubernetes
αα·αααΆααααα½ααα·αα·αααααΆααααααΆααα’ααΈαααααααα’αααααααΎα
αα·ααΆαααΆαααααα’αα·αα·αα β> α’ααΈααα β> α’αααααααΎαααααΈ β> α’ααΈααααααααΆααααααααααΆαα (αα»α)
ααΎααααα»ααααααΎααα αααααααΎααααΈααΆαα αΌαα’αααααααΎααααΆααααΈ ActiveDirectory αααα»αααΉααα»αααΌαααα’ααααααααΆαααααα αααα»ααα·αααΆααΆααΉαααΆααααα αααΆααα
αα αααααα’αααααααΎααααΆαα β> ααααααα’ααααααααααααΆβ¦ β> ldap
ααΆααααα
ααα ααααα
ααααα·αααΎα’αααΈαααααααααΆαααα’αααααΆαααααααααΆααααΈα
α»α
αααΌαα»α ααααΎααααΆαααααα’αααααααΎααααΆααααΆααα’ααα α’αααααΉαααΎαααΆαααααααα αΆαααΈααΆαααΆαα
αΌααααααααααααααα’αααααααΎααααΆααα
αααααΆααααΎαααααΌαααΌααααααΈαααα»αααααααΎαα
αα αααααα’αααααααΎααααΆαα -> ldap_localhost -> Mappers -> αααααΎα
ααΆααααααΎααααααΈ
ααΆαααα‘αΎαα’αα·αα·αα
α’αααβααααΌαβααΆαβαααααΎαβαααΆαααΈαβαααααβαααα»αβααααααααβαα Keycloak αααβααΊβααΆβαααααα·ααΈβαααβααΉαβααααΌαβααΆαβα’αα»ααααΆαβαααβααΆβα αααα»αααΉαααΌααααααΆααα ααα»α ααααΆαααααΆααααααα ααα αααα»αααΌαααα’ααααααα
α’αα·αα·αα -> αααααΎα
ααΆαααα‘αΎαα’αα·αα·αα
ααααααααΎα scupe αααααΆαααααα»αα
αα·ααΆαααΆαα’αα·αα·αα -> αααααΎα
ααΆααααααΎααα·ααΆαααΆα
α αΎααααα
ααααααΈαααααΆαααα½αααα
αα·ααΆαααΆαα’αα·αα·αα -> αααα»α -> α’αααααααΎαααααΈ -> αααααΎα
α’αααααααΎαααααΈ
ααΎαααααααααΆαααΌααααααΈαααα»αααααααΎααα
αα·ααΆαααΆαα’αα·αα·ααααααΆαααΎαα
α’αα·αα·αα -> kubernetes -> αα·ααΆαααΆαα’αα·αα·αα -> αα·ααΆαααΆαα’αα·αα·ααααααΆαααΎα
ααααΎαααΎα αααα»α Π² αα·ααΆαααΆαα’αα·αα·αααααααΆαα
α»α
αααααααααααΆαααααΎαααΎα
ααΎαααα½αααΆαα’αΆααααααΆαα (α αΎααααααααΆαα ααααααααΆαα½α) αααααΎαααΉαααααΎαααααΆααααΆαα’αα»ααααΆααα αααα»α Keycloakα
α’αα·αα·αα -> kubernetes -> Credentials -> Secret
ααΆαααα
ααααΆαααα‘αΎα ααα»αααααααα»αααΆαααα α»ααα
αααααααααααΆααααΈααΆαα’αα»ααααΆαααααααααα αααα»αααΆαααα½αααα α»α 403 α
αα½ααα»αα
αα·ααΆαααΆαα’αα·αα·αα -> αα½ααΆααΈ -> α’αααααααΎαααααΈ -> αααααΎα
α’αααααααΎαααααΈ
ααΌαααααααΈα
// add current client-id to token audience
token.addAudience(token.getIssuedFor());
// return token issuer as dummy result assigned to iss again
token.getIssuer();
ααααααα ααΆαααααααα Kubernetes
ααΎαααααΌαα
ααα’α»ααααα αΆαααααααααααα·ααααΆααααααα«ααααααααααΎαααΈααα ααααααααα·ααα
αα·ααααααααααα’ααααααααααααΆ ODC αααα·ααα
α
ααΎααααΈααααΎααΌα
αααααααααα½αα―αααΆα /etc/kubernetes/manifests/kube-apiserver.yaml
kube-apiserver.yaml
...
spec:
containers:
- command:
- kube-apiserver
...
- --oidc-ca-file=/var/lib/minikube/certs/My_Root.crt
- --oidc-client-id=kubernetes
- --oidc-groups-claim=groups
- --oidc-issuer-url=https://keycloak.example.org/auth/realms/kubernetes
- --oidc-username-claim=email
...
ααααΎαα αα α»ααααααααΆαααΆαααααααα ααΆαααααααα kubeadm αα αααα»αα αααααα
ααΆαααααααα ααΆαααααααα kubeadm
kubectl edit -n kube-system configmaps kubeadm-config
...
data:
ClusterConfiguration: |
apiServer:
extraArgs:
oidc-ca-file: /var/lib/minikube/certs/My_Root.crt
oidc-client-id: kubernetes
oidc-groups-claim: groups
oidc-issuer-url: https://keycloak.example.org/auth/realms/kubernetes
oidc-username-claim: email
...
ααΆααααααα’ααααααααΆαααααΌααααΈ
ααΎααααΈααΆαααΆααααααα·ααΈααα αααααααααα’ααα α’αααα’αΆα ααααΎ keycloak gatekeeper α ααααααααΈααΎααΆααα·ααααααΆααααΌααααΈαααα αααΆααααααΉαααααααα·αααα·α±ααα’αααααααΎααααΆαααα»αααααααα αΆααααααααα ααΆααααΉααααααΌαααααααΆαα’αααΈα’ααααα αααα»αααααααΆαα αααααα·ααΈα α»αααααααααααα ααΌα αααα ααααα·αααΎαααααα·ααΈααααα’αααααΆαααα OpenID αααα’αααααααΎααααΆααααααΌαααΆαα’αα»ααααΆαααααΆααα ααΌααααα‘ααααΎαα§ααΆα αααααααααΆααααααααααα Kubernetes
ααΆαααα‘αΎαααααΆααααααααααα Kubernetes
helm install stable/kubernetes-dashboard --name dashboard -f values_dashboard.yaml
values_dashboard.yaml
enableInsecureLogin: true
service:
externalPort: 80
rbac:
clusterAdminRole: true
create: true
serviceAccount:
create: true
name: 'dashboard-test'
ααΆαααααααα·αααα·α αΌαααααΎα
ααααααααΎα ClusterRoleBinding αααααΉαααααααα·αααα·αααααααααα ααααα (αααααααΆα ClusterRole cluster-admin) αααααΆααα’αααααααΎααααΆαααα αααα»ααααα»α DataOPSα
kubectl apply -f rbac.yaml
rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dataops_group
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: DataOPS
ααΆαααα‘αΎαααααααΆαααααΆαα
helm repo add gabibbo97 https://gabibbo97.github.io/charts/
helm repo update
helm install gabibbo97/keycloak-gatekeeper --version 2.1.0 --name keycloak-gatekeeper -f values_proxy.yaml
values_proxy.yaml
# ΠΠΊΠ»ΡΡΠ°Π΅ΠΌ ingress
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
path: /
hosts:
- kubernetes-dashboard.example.org
tls:
- secretName: tls-keycloak
hosts:
- kubernetes-dashboard.example.org
# ΠΠΎΠ²ΠΎΡΠΈΠΌ Π³Π΄Π΅ ΠΌΡ Π±ΡΠ΄Π΅ΠΌ Π°Π²ΡΠΎΡΠΈΠ·ΠΎΠ²ΡΠ²Π°ΡΡΡΡ Ρ OIDC ΠΏΡΠΎΠ²Π°ΠΉΠ΄Π΅ΡΠ°
discoveryURL: "https://keycloak.example.org/auth/realms/kubernetes"
# ΠΠΌΡ ΠΊΠ»ΠΈΠ΅Π½ΡΠ° ΠΊΠΎΡΠΎΡΠΎΠ³ΠΎ ΠΌΡ ΡΠΎΠ·Π΄Π°Π»ΠΈ Π² Keycloak
ClientID: "kubernetes"
# Secret ΠΊΠΎΡΠΎΡΡΠΉ Ρ ΠΏΡΠΎΡΠΈΠ» Π·Π°ΠΏΠΈΡΠ°ΡΡ
ClientSecret: "c6ec03b8-d0b8-4cb6-97a0-03becba1d727"
# ΠΡΠ΄Π° ΠΏΠ΅ΡΠ΅Π½Π°ΠΏΡΠ°Π²ΠΈΡΡ Π² ΡΠ»ΡΡΠ°Π΅ ΡΡΠΏΠ΅ΡΠ½ΠΎΠΉ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ. Π€ΠΎΡΠΌΠ°Ρ <SCHEMA>://<SERVICE_NAME>.><NAMESAPCE>.<CLUSTER_NAME>
upstreamURL: "http://dashboard-kubernetes-dashboard.default.svc.cluster.local"
# ΠΡΠΎΠΏΡΡΠΊΠ°Π΅ΠΌ ΠΏΡΠΎΠ²Π΅ΡΠΊΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ°, Π΅ΡΠ»ΠΈ Ρ Π½Π°Ρ ΡΠ°ΠΌΠΎΠΏΠΎΠ΄ΠΏΠΈΡΠ°Π½Π½ΡΠΉ
skipOpenidProviderTlsVerify: true
# ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° ΠΏΡΠ°Π² Π΄ΠΎΡΡΡΠΏΠ°, ΠΏΡΡΠΊΠ°Π΅ΠΌ Π½Π° Π²ΡΠ΅ path Π΅ΡΠ»ΠΈ ΠΌΡ Π² Π³ΡΡΠΏΠΏΠ΅ DataOPS
rules:
- "uri=/*|groups=DataOPS"
αααααΆααααΈααααα
ααααααα’αααααααΆααΆαα
αΌα
ααΆαααα‘αΎα Gangway
ααΎααααΈααΆαααΆααααα½α α’αααα’αΆα ααααααααααΌα gangway αααααΉααααααΎαα―αααΆα config αααααΆαα kubectl αααααΆααααα½ααααααΎαααΉαα αΌααα αααα»α Kubernetes αα αααααα’αααααααΎααααΆααααααααΎαα
helm install --name gangway stable/gangway -f values_gangway.yaml
values_gangway.yaml
gangway:
# ΠΡΠΎΠΈΠ·Π²ΠΎΠ»ΡΠ½ΠΎΠ΅ ΠΈΠΌΡ ΠΊΠ»Π°ΡΡΠ΅ΡΠ°
clusterName: "my-k8s"
# ΠΠ΄Π΅ Ρ Π½Π°Ρ OIDC ΠΏΡΠΎΠ²Π°ΠΉΠ΄Π΅Ρ
authorizeURL: "https://keycloak.example.org/auth/realms/kubernetes/protocol/openid-connect/auth"
tokenURL: "https://keycloak.example.org/auth/realms/kubernetes/protocol/openid-connect/token"
audience: "https://keycloak.example.org/auth/realms/kubernetes/protocol/openid-connect/userinfo"
# Π’Π΅ΠΎΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈ ΡΡΠ΄Π° ΠΌΠΎΠΆΠ½ΠΎ Π΄ΠΎΠ±Π°Π²ΠΈΡΡ groups ΠΊΠΎΡΠΎΡΡΠ΅ ΠΌΡ Π·Π°ΠΌΠ°ΠΏΠΈΠ»ΠΈ
scopes: ["openid", "profile", "email", "offline_access"]
redirectURL: "https://gangway.example.org/callback"
# ΠΠΌΡ ΠΊΠ»ΠΈΠ΅Π½ΡΠ°
clientID: "kubernetes"
# Π‘Π΅ΠΊΡΠ΅Ρ
clientSecret: "c6ec03b8-d0b8-4cb6-97a0-03becba1d727"
# ΠΡΠ»ΠΈ ΠΎΡΡΠ°Π²ΠΈΡΡ Π΄Π΅ΡΠΎΠ»ΡΠ½ΠΎΠ΅ Π·Π½Π°ΡΠ½ΠΈΠ΅, ΡΠΎ Π·Π° ΠΈΠΌΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ Π±ΡΠ΄Π΅Ρ Π±ΡΠ°ΡΡΡ <b>Frist name</b> <b>Second name</b>, Π° ΠΏΡΠΈ "sub" Π΅Π³ΠΎ Π»ΠΎΠ³ΠΈΠ½
usernameClaim: "sub"
# ΠΠΎΠΌΠ΅Π½Π½ΠΎΠ΅ ΠΈΠΌΡ ΠΈΠ»ΠΈ IP Π°Π΄ΡΠ΅ΡΡ API ΡΠ΅ΡΠ²Π΅ΡΠ°
apiServerURL: "https://192.168.99.111:8443"
# ΠΠΊΠ»ΡΡΠ°Π΅ΠΌ Ingress
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-buffer-size: "64k"
path: /
hosts:
- gangway.example.org
tls:
- secretName: tls-keycloak
hosts:
- gangway.example.org
# ΠΡΠ»ΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ ΡΠ°ΠΌΠΎΠΏΠΎΠ΄ΠΏΠΈΡΠ°Π½Π½ΡΠΉ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ, ΡΠΎ Π΅Π³ΠΎ(ΠΎΡΠΊΡΡΡΡΠΉ ΠΊΠΎΡΠ½Π΅Π²ΠΎΠΉ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ) Π½Π°Π΄ΠΎ ΡΠΊΠ°Π·Π°ΡΡ.
trustedCACert: |-
-----BEGIN CERTIFICATE-----
MIIDVzCCAj+gAwIBAgIBATANBgkqhkiG9w0BAQsFADA1MQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRGF0YU9QUzEUMBIGA1UEAxMLbXkgcm9vdCBrZXkwHhcNMjAwMjE0MDkxODAwWhcNMzAwMjE0MDkxODAwWjA1MQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRGF0YU9QUzEUMBIGA1UEAxMLbXkgcm9vdCBrZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyP749PqqIRwNSqaK6qr0Zsi03G4PTCUlgaYTPZuMrwUVPK8xX2dWWs9MPRMOdXpgr8aSTZnVfmelIlVz4D7o2vK5rfmAe9GPcK0WbwKwXyhFU0flS9sU/g46ogHFrk03SZxQAeJhMLfEmAJm8LF5HghtGDs3t4uwGsB95o+lqPLiBvxRB8ZS3jSpYpvPgXAuZWKdZUQ3UUZf0X3hGLp7uIcIwJ7i4MduOGaQEO4cePeEJy9aDAO6qV78YmHbyh9kaW+1DL/Sgq8NmTgHGV6UOnAPKHTnMKXl6KkyUz8uLBGIdVhPxrlzG1EzXresJbJenSZ+FZqm3oLqZbw54Yp5hAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHISTOU/6BQqqnOZj+1xJfxpjiG0MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAj7HC8ObibwOLT4ZYmISJZwub9lcE0AZ5cWkPW39j/syhdbbqjK/6jy2D3WUEbR+s1Vson5Ov7JhN5In2yfZ/ByDvBnoj7CP8Q/ZMjTJgwN7j0rgmEb3CTZvnDPAz8Ijw3FP0cjxfoZ1Z0V2F44Ry7gtLJWr06+MztXVyto3aIz1/XbMQnXYlzc3c3B5yUQIy44Ce5aLRVsAjmXNqVRmDJ2QPNLicvrhnUJsO0zFWI+zZ2hc4Ge1RotCrjfOc9hQY63jZJ17myCZ6QCD7yzMzAob4vrgmkD4q7tpGrhPY/gDcE+lUNhC7DO3l0oPy2wsnT2TEn87eyWmDiTFG9zWDew==
-----END CERTIFICATE-----
ααΆααΎααα ααΌα αααα α’αα»ααααΆαα±ααα’αααααΆαααα―αααΆαααααααα ααΆααααααααααααΆαα α αΎααααααΎαααΆαααααααΎαααα»αααααΆααααααααΆα
ααααα: www.habr.com