当使用kubeadm工具搭建一个k8s集群之后,会自动的创建一个admin.conf文件。
同时,会建议将这个文件拷贝到$HOME/.kube/config,kubectl会使用这个配置文件来访问k8s集群,也可以说是访问apiserver。
那么,在admin.conf中,到底设置的是哪个用户呢?
下面,我们就来看下。
1、首先,获取admin中的客户端证书信息
[root@nccztsjb-node-23 .kube]# cd $HOME/.kube
[root@nccztsjb-node-23 .kube]# cat config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ESXlOekEzTXpFeE5sb1hEVE16TURJeU5EQTNNekV4Tmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTUZoClNxaXNMalFIS29MMDlCWlJtUG12bkgwbzcwZWlmOXpZTCtROXlNUzlVODNwRXQ5dk93VnhvWk1JOWdqSEhxMnAKZjNlYk8xaktYVEhscnpmQ3VTL1pMSW1yRjF6ZElIV0NJb281dlRPbWxSbjNlQlNBNGZiUnhXQVBtTlZLc2txKwpxRmJ0NmhXM0pqaXFSZGdzSGd2ZnZGU0szZktmMmdRdjNpUDljb2p1NG5lNHRYWHUyVUIxSFZGY2l4UUxHK3NGCmNUektCU2RSSFJncXhiMUJWWEJXT2pmdjVqUGo4WFhxWEdFbVdLZ0czV0FQVkRQSjZqUWFQZ1VsWWNURmhpOTMKZHZwSTduanhxaXhCdm1XZEV4ZXorcVRJa0Z0N1p5bUpjdUVuWlNmK2E3UFZwWENhc2tiVUJnRmxkVHp5eVFUKwpwVnlZR1gzc3pOUGRJQndWNjdzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZGT1QyTzhvYlJXdWFrRHIxck1mZklqK0NGcVZNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQnRld3lIaitYaGZmUElIQ2p4YwpockpkcFNIdTJZbElsL3BhOFFGTHdyZUtQZHpzYXNYUElhUUJyU2FsNUQ0TTlQVVFwSk9XMzhpQjBqUnpXZU9FCmJWN25jNnhTOVZJWThSSEdmSytDWGlqbGowYWFFNHFERm9oWUZQeCtHVlV6SG1YdUp6bXlGSnhPYVc2VG9XSkIKYXE0OFY1YktBSzBHaTJnUlA5Q053d01DQTBBeFV2Y25HUHJWVjNDckNnMFhxcElQc2dyTWdkUFpwbllkdUk3RApydnZXZkFvZU9QL2w0SzJrSkw5QWJTMG91Z0F0cy9GTFB1dEhRbFNLWDZ2T0FtUWtVNzFtbXBuNDkzUEt0ckNjCllHamFxQjZnbFpzVGI0emovdlBDMUJIbTM2S2JUeHptckRVWXd2Z2oxQWhOSmtuNDE5MlFRRExwTzMzdGFaTkUKdFZJPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://172.20.58.83:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJYlU0Q2orYkRzSEV3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpBeU1qY3dOek14TVRaYUZ3MHlOREF5TWpjd056TXhNVGxhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXZIQmk2WEJ4WTBKVUNvdFoKYStlSHU2T3VSYlhIZGZVclRUS1RWaXFkU1IzYzZFdmprTUo0SityeThwbFdRVHduUldoQlNIM0k5MXorUlpldQo1MW5naFQ4R0dmMXBuRlg3ODZyRnl4UmF1SUVmWXozVWhnNEVlS1VxZkFFWjFXSkhEUDlWTjhxem01SmpuZDF0ClJ5MGI5TENqOFVLYUkrbnVieXhwOXl0VVA3TTZsRW83VUNieEc5S3FUSUlTWU14LzdQeGpWUmFGRlk4VjIvK2wKeUpQa25KUVNON3prK01PU29QWTAvWU8xajRnY3I2eDc5MDdYL1dGdHR6OGs2NDR0UkZXYm54Wk5JZWpqdEdjZAp3MXNZYm4zNmFVZ2kxRS9udDdUQm5LOVlBUE5IcGFLU0tYcG0yM1hVcC91ZmwzUjFUS0dQSnRHczZJaEZHRmJEClpNRkZMUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSVGs5anZLRzBWcm1wQTY5YXpIM3lJL2doYQpsVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbXQ0eVBuQ0d2ZUVnZE5XRFFqZ0pja3pKVkhneGhYaUxoUlJyClVFcDd1Z2ZoVFJoSmxnTHlPajJvb0wrMnpKOFFvdC8zaG9xNzFGTXlFcnFubEdUZitKay9IdUlwUkNIM2JlWmwKWmpvZkY0QW5RbU5LL2NjS2VVZGFERFBHeHFPaWFDME15MWN0cDZ6VnltUXkvSklScmlMUEFrYjhSekREN2ZDVQo5QzhFS0I3dEFlTThaZ2ZBZmhxUHVPcEttRXkySU81V042SE51UWRsenNpN0F3UEdhcVNxclNwaW9wV2NQaUxqCm1GMXV6cWQ2d08xTHQzTi9kZENKejFhSWMzL0VoNE1qTmpiTmRzbFJTK3p4Q2U2SnFIU0ppeXZFS2hPZTFyN1UKakhLa3Zxanh2enBvT2N2OTNSZ3NIM3orcmN0REx6YVV6MlJNQ1hZRG1NQVQzOFRqR2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdkhCaTZYQnhZMEpVQ290WmErZUh1Nk91UmJYSGRmVXJUVEtUVmlxZFNSM2M2RXZqCmtNSjRKK3J5OHBsV1FUd25SV2hCU0gzSTkxeitSWmV1NTFuZ2hUOEdHZjFwbkZYNzg2ckZ5eFJhdUlFZll6M1UKaGc0RWVLVXFmQUVaMVdKSERQOVZOOHF6bTVKam5kMXRSeTBiOUxDajhVS2FJK251Ynl4cDl5dFVQN002bEVvNwpVQ2J4RzlLcVRJSVNZTXgvN1B4alZSYUZGWThWMi8rbHlKUGtuSlFTTjd6aytNT1NvUFkwL1lPMWo0Z2NyNng3CjkwN1gvV0Z0dHo4azY0NHRSRldibnhaTkllamp0R2NkdzFzWWJuMzZhVWdpMUUvbnQ3VEJuSzlZQVBOSHBhS1MKS1hwbTIzWFVwL3VmbDNSMVRLR1BKdEdzNkloRkdGYkRaTUZGTFFJREFRQUJBb0lCQVFDaXVPWWhNWEVveHJFdAovZEYxUlpWSGFudm1SS2YrYTMwK0I0dUZuL3o4azZZY2p0UHZRSTlqNFJaMGVnY3JCQmZoYnJyWkw0Mm9WZ3hZCjZqZ21IYzJ0SXBSUlF5eTh6TjlxTmpEaFFpMXBJRStMY213Z2F1QmZramtTcGh5NTBFa01wenplbGRMdFo4ZFEKSGxMc1lMN0FXUHpwTEp0UW9nUzh5ZnlqYlM0dVprcWwyZTF1MVl0MnpHUUp2WWEzT1piR3I3RXNGaWp4U3J5Sgo5QmNLbDcxT0hOaUJ3ZTlpRFYzNXplbWRFb0prSVd2Q2hlcDc4QVEvKzFuTGRZSmNCYWVldHkyYjhFWWx2c01BClFENnMwR3hZUms2TWNiQTJTT2ZydXVad3pKaFlhdnpEWEVOM1Nnc0Z5MFlZdW95YXJ1SlZGVlUzRDBWaEgzVnUKTk1hcWxwZDlBb0dCQU5iTktxNjZDTGpNbHNJbFpBUmNCNVJzV3VkQzVzL3dBdW94Nlp1V2Jna2VlaXdKRXV2YgpNOEZ4NTFHTWk2ZFFKaUg0aHJYRHRtRE50OE1yUDR4bzR4LzlIMVAvd2txZWkwaDQzeXFyQzVORHpCdWl4OGVqCkdDSno0bjlHdDc3UFpSRlhxaXlyNVFsNVEvNS9tRndxY3crclhsRjJlMHhmNGZFRjFzeW9qbDdiQW9HQkFPQ1UKMElJZXVvcnMrRmJ6bFRQUmY0aVYwa2ZVYnlaaStWWnVaVEp5bXNndy9PZXg1eTlTS3NIQ0FEMUhVeWNqUGlLcQozMFpuVEJib1RTZ1RXKzBoTU12TmpxUVJ0ZXFxUHV0L2VsUmZoMUphK0xJbHUvRVNCeENYcEtKUlA3MHRuVEJQCkw5K3Z4MXQrVkdXVXFoMG4zSExoSm1ONDJZRE1YMGVGWDdoK2laYVhBb0dBUElzSGhNZ2F2VHV0SW51M2ZTTVQKWDlwS3BQUk9hajJVRkw2TXdiWGN2ZVZCT2pnMGhSWDd1SUtLV0luc3N2UDhTNGJwTVVKQW5YaGVXenhOWlI0TApKbkVKNjNzaklEVWZ2UVdVb1Vva3NSVmk2a2N2V0MyNEY3M2lFVTIxYktxNEtmTXptL08zVXJ4RFZmQlEyV2w5CmxPVVFhSldrbXhwTGJNdmdoejdiSWhFQ2dZQUJwN2Nkcm1KTGtkR0d1b2JYK2V4SnNtajVWSXg1S1BPVGVuN08KYjEvS3ArbkZQMTluenVBM3kxazdHbUozZ0YvOTIycUgxMDBOUWlzSFo1VWUyMGJEeWNFS1hvTUx0ck4rQXRPQQorYTlDb1I4Q0dSc1lmTHlHbDhlRDFydDBobmlKR1p4TnRycnVackR5aXJUeVFBLzAzTW51bzc1ZW42TDRJUGlDCm9KUWRBd0tCZ1FEU2pVTWNhWE1KVW5BMWlsdHdCcXJtckttZGlIa1dPY25jVG9IVDVyWDAzcjRZU2krREdRZlkKRDRBTGlEVDBRNVNqSGJGRGxqcTdFNWhHR1RhUEFQS3VNbGdBME05L1VQSXRma2RNZGwvRkVPTW9PYTFQT055WQozLyswUzFtOXJmVHcrUzZScVAwUElKVlY4dVlPT3FyWXJUQjloMHp6NDRHNjdCS0Q4b2U5R0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
2、获取client-certificate-data的部分
[root@nccztsjb-node-23 .kube]# cat config | grep client-certificate-data | awk -F ":" '{print $2}' | tr -d " "
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJYlU0Q2orYkRzSEV3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpBeU1qY3dOek14TVRaYUZ3MHlOREF5TWpjd056TXhNVGxhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXZIQmk2WEJ4WTBKVUNvdFoKYStlSHU2T3VSYlhIZGZVclRUS1RWaXFkU1IzYzZFdmprTUo0SityeThwbFdRVHduUldoQlNIM0k5MXorUlpldQo1MW5naFQ4R0dmMXBuRlg3ODZyRnl4UmF1SUVmWXozVWhnNEVlS1VxZkFFWjFXSkhEUDlWTjhxem01SmpuZDF0ClJ5MGI5TENqOFVLYUkrbnVieXhwOXl0VVA3TTZsRW83VUNieEc5S3FUSUlTWU14LzdQeGpWUmFGRlk4VjIvK2wKeUpQa25KUVNON3prK01PU29QWTAvWU8xajRnY3I2eDc5MDdYL1dGdHR6OGs2NDR0UkZXYm54Wk5JZWpqdEdjZAp3MXNZYm4zNmFVZ2kxRS9udDdUQm5LOVlBUE5IcGFLU0tYcG0yM1hVcC91ZmwzUjFUS0dQSnRHczZJaEZHRmJEClpNRkZMUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSVGs5anZLRzBWcm1wQTY5YXpIM3lJL2doYQpsVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbXQ0eVBuQ0d2ZUVnZE5XRFFqZ0pja3pKVkhneGhYaUxoUlJyClVFcDd1Z2ZoVFJoSmxnTHlPajJvb0wrMnpKOFFvdC8zaG9xNzFGTXlFcnFubEdUZitKay9IdUlwUkNIM2JlWmwKWmpvZkY0QW5RbU5LL2NjS2VVZGFERFBHeHFPaWFDME15MWN0cDZ6VnltUXkvSklScmlMUEFrYjhSekREN2ZDVQo5QzhFS0I3dEFlTThaZ2ZBZmhxUHVPcEttRXkySU81V042SE51UWRsenNpN0F3UEdhcVNxclNwaW9wV2NQaUxqCm1GMXV6cWQ2d08xTHQzTi9kZENKejFhSWMzL0VoNE1qTmpiTmRzbFJTK3p4Q2U2SnFIU0ppeXZFS2hPZTFyN1UKakhLa3Zxanh2enBvT2N2OTNSZ3NIM3orcmN0REx6YVV6MlJNQ1hZRG1NQVQzOFRqR2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
保存在config文件中的值,是经过base64加密的
进行解密,就是原始的证书的值
[root@nccztsjb-node-23 .kube]# cat config | grep client-certificate-data | awk -F ":" '{print $2}' | tr -d " " | base64 -d
-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIIbU4Cj+bDsHEwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
AxMKa3ViZXJuZXRlczAeFw0yMzAyMjcwNzMxMTZaFw0yNDAyMjcwNzMxMTlaMDQx
FzAVBgNVBAoTDnN5c3RlbTptYXN0ZXJzMRkwFwYDVQQDExBrdWJlcm5ldGVzLWFk
bWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHBi6XBxY0JUCotZ
a+eHu6OuRbXHdfUrTTKTViqdSR3c6EvjkMJ4J+ry8plWQTwnRWhBSH3I91z+RZeu
51nghT8GGf1pnFX786rFyxRauIEfYz3Uhg4EeKUqfAEZ1WJHDP9VN8qzm5Jjnd1t
Ry0b9LCj8UKaI+nubyxp9ytUP7M6lEo7UCbxG9KqTIISYMx/7PxjVRaFFY8V2/+l
yJPknJQSN7zk+MOSoPY0/YO1j4gcr6x7907X/WFttz8k644tRFWbnxZNIejjtGcd
w1sYbn36aUgi1E/nt7TBnK9YAPNHpaKSKXpm23XUp/ufl3R1TKGPJtGs6IhFGFbD
ZMFFLQIDAQABo1YwVDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRTk9jvKG0VrmpA69azH3yI/gha
lTANBgkqhkiG9w0BAQsFAAOCAQEAmt4yPnCGveEgdNWDQjgJckzJVHgxhXiLhRRr
UEp7ugfhTRhJlgLyOj2ooL+2zJ8Qot/3hoq71FMyErqnlGTf+Jk/HuIpRCH3beZl
ZjofF4AnQmNK/ccKeUdaDDPGxqOiaC0My1ctp6zVymQy/JIRriLPAkb8RzDD7fCU
9C8EKB7tAeM8ZgfAfhqPuOpKmEy2IO5WN6HNuQdlzsi7AwPGaqSqrSpiopWcPiLj
mF1uzqd6wO1Lt3N/ddCJz1aIc3/Eh4MjNjbNdslRS+zxCe6JqHSJiyvEKhOe1r7U
jHKkvqjxvzpoOcv93RgsH3z+rctDLzaUz2RMCXYDmMAT38TjGg==
-----END CERTIFICATE-----
[root@nccztsjb-node-23 .kube]
3、通过openssl工具,查看这个证书的内容
[root@nccztsjb-node-23 .kube]# cat config | grep client-certificate-data | awk -F ":" '{print $2}' | tr -d " " | base64 -d > admin.crt
[root@nccztsjb-node-23 .kube]#
[root@nccztsjb-node-23 .kube]# openssl x509 -in admin.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7876235615392739441 (0x6d4e028fe6c3b071)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: Feb 27 07:31:16 2023 GMT
Not After : Feb 27 07:31:19 2024 GMT
Subject: O=system:masters, CN=kubernetes-admin
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bc:70:62:e9:70:71:63:42:54:0a:8b:59:6b:e7:
87:bb:a3:ae:45:b5:c7:75:f5:2b:4d:32:93:56:2a:
9d:49:1d:dc:e8:4b:e3:90:c2:78:27:ea:f2:f2:99:
56:41:3c:27:45:68:41:48:7d:c8:f7:5c:fe:45:97:
ae:e7:59:e0:85:3f:06:19:fd:69:9c:55:fb:f3:aa:
c5:cb:14:5a:b8:81:1f:63:3d:d4:86:0e:04:78:a5:
2a:7c:01:19:d5:62:47:0c:ff:55:37:ca:b3:9b:92:
63:9d:dd:6d:47:2d:1b:f4:b0:a3:f1:42:9a:23:e9:
ee:6f:2c:69:f7:2b:54:3f:b3:3a:94:4a:3b:50:26:
f1:1b:d2:aa:4c:82:12:60:cc:7f:ec:fc:63:55:16:
85:15:8f:15:db:ff:a5:c8:93:e4:9c:94:12:37:bc:
e4:f8:c3:92:a0:f6:34:fd:83:b5:8f:88:1c:af:ac:
7b:f7:4e:d7:fd:61:6d:b7:3f:24:eb:8e:2d:44:55:
9b:9f:16:4d:21:e8:e3:b4:67:1d:c3:5b:18:6e:7d:
fa:69:48:22:d4:4f:e7:b7:b4:c1:9c:af:58:00:f3:
47:a5:a2:92:29:7a:66:db:75:d4:a7:fb:9f:97:74:
75:4c:a1:8f:26:d1:ac:e8:88:45:18:56:c3:64:c1:
45:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:53:93:D8:EF:28:6D:15:AE:6A:40:EB:D6:B3:1F:7C:88:FE:08:5A:95
Signature Algorithm: sha256WithRSAEncryption
9a:de:32:3e:70:86:bd:e1:20:74:d5:83:42:38:09:72:4c:c9:
54:78:31:85:78:8b:85:14:6b:50:4a:7b:ba:07:e1:4d:18:49:
96:02:f2:3a:3d:a8:a0:bf:b6:cc:9f:10:a2:df:f7:86:8a:bb:
d4:53:32:12:ba:a7:94:64:df:f8:99:3f:1e:e2:29:44:21:f7:
6d:e6:65:66:3a:1f:17:80:27:42:63:4a:fd:c7:0a:79:47:5a:
0c:33:c6:c6:a3:a2:68:2d:0c:cb:57:2d:a7:ac:d5:ca:64:32:
fc:92:11:ae:22:cf:02:46:fc:47:30:c3:ed:f0:94:f4:2f:04:
28:1e:ed:01:e3:3c:66:07:c0:7e:1a:8f:b8:ea:4a:98:4c:b6:
20:ee:56:37:a1:cd:b9:07:65:ce:c8:bb:03:03:c6:6a:a4:aa:
ad:2a:62:a2:95:9c:3e:22:e3:98:5d:6e:ce:a7:7a:c0:ed:4b:
b7:73:7f:75:d0:89:cf:56:88:73:7f:c4:87:83:23:36:36:cd:
76:c9:51:4b:ec:f1:09:ee:89:a8:74:89:8b:2b:c4:2a:13:9e:
d6:be:d4:8c:72:a4:be:a8:f1:bf:3a:68:39:cb:fd:dd:18:2c:
1f:7c:fe:ad:cb:43:2f:36:94:cf:64:4c:09:76:03:98:c0:13:
df:c4:e3:1a
[root@nccztsjb-node-23 .kube]#
通过上面的输出,可以知道:
Subject: O=system:masters, CN=kubernetes-admin
证书的用户是kubernetes-admin
所在的用户组是system:masters
system:masters是超级用户组,可以绕过授权层。
标签:kubernetes,23,admin,nccztsjb,conf,kubeadm,kube,root From: https://www.cnblogs.com/chuanzhang053/p/17719567.html