現在的版本默認只開啟了6443安全端口,需要證書驗證才能訪問api,實現起來稍微有點麻煩,這里提供一個簡單的方法。
先來看看官方說明:
Complete API details are documented using Swagger v1.2 and OpenAPI. The Kubernetes apiserver (aka “master”) exposes an API that can be used to retrieve the Swagger v1.2 Kubernetes API spec located at /swaggerapi. You can also enable a UI to browse the API documentation at /swagger-ui by passing the --enable-swagger-ui=true flag to apiserver.
這段話是說可以通過一個參數開啟swagger-ui。
1、修改apiserver的配置,添加三個參數。
# vim /etc/kubernetes/manifests/kube-apiserver.yaml
- --enable-swagger-ui=true
- --insecure-bind-address=0.0.0.0
- --insecure-port=8080
第一個是開啟swagger-ui,另外兩個是暴露非安全端口,亦即可以不用證書驗證。
2、設置nginx代理。由於頁面加載特別慢,而且每次刷新都會重新加載一次,所以這里我在nginx加了一層緩存。
# vim swagger.oupeng.com.conf
upstream swagger-oupeng-com {
server 192.168.5.42:8088 weight=10 max_fails=3 fail_timeout=10;
server 192.168.5.104:8088 weight=10 max_fails=3 fail_timeout=10;
server 192.168.5.105:8088 weight=10 max_fails=3 fail_timeout=10;
check interval=5000 rise=2 fall=5 timeout=1000 type=tcp;
ip_hash;
}
proxy_cache_path /usr/local/nginx/proxy_cache_dir/cache_k8s levels=1:2 keys_zone=k8s:1g max_size=10g inactive=100m use_temp_path=off;
server{
listen 80;
server_name swagger.oupeng.com;
auth_ldap "Forbidden";
auth_ldap_servers ldapsv;
location / {
proxy_cache k8s;
proxy_cache_key "$host$request_uri$cookie_user";
proxy_cache_valid any 1h;
proxy_cache_revalidate on;
proxy_cache_min_uses 1;
proxy_cache_lock on;
proxy_cache_lock_timeout 5s;
proxy_pass http://swagger-oupeng-com;
include proxy.conf;
break;
}
access_log /usr/local/nginx/logs/swagger.oupeng.com.access.log json;
error_log /usr/local/nginx/logs/swagger.oupeng.com.error.log;
}
3、重載nginx就可以通過域名訪問了。
用瀏覽器訪問:http://swagger.oupeng.com/swagger-ui/ 注意url最后面一定要加"/",要不然不會跳轉到html頁面。
參考:
https://kubernetes.io/docs/concepts/overview/kubernetes-api/
https://kubernetes.io/docs/reference/generated/kube-apiserver/