一、概述
Rancher提供了api給我們調用,從而實現不用通過訪問Rancher UI 或使用 Rancher CLI 來對應用服務進行例如啟動,停止,創建,升級等一系列的操作;
API權限認證 (AUTHENTICATION)
在訪問控制(Access Control)生效時,進行API 請求需要包含認證信息,在Rancher UI 創建使用 API Keys的步驟如下:
API KEYS FOR AN ENVIRONMENT
密鑰由Environment擁有,並具有管理該環境的完全訪問權限,但不能訪問任何其他環境。這些密鑰不適用於用戶身份
API KEYS FOR AN ACCOUNT
賬號API Keys與你的用戶賬號綁定, (admin) 能夠創建、刪除及管理您有權限訪問的所有環境。
二、Rancher創建api key
點擊用戶右上角-->API & Keys
添加key
輸入描述,選擇永不過期,這里不指定作用范圍。
請根據實際情況來原則
創建成功后,一定要保存。它只會顯示一次
我只需要用到2個:
Access Key(用戶名): token-v82g7 Secret Key(密碼): zzph8mnrv7r2q5qqt9kds85xvjcwzpg5btkttpvj72nmfll8jmxn67
三、調用api修改鏡像地址
curl方式(錯誤)
先找到我需要發布的應用admin-master-->api查看
跳轉的url為:
https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/statefulset:default:admin-master
點擊右側的編輯按鈕
進入編輯頁面,這里面有很多參數
什么都不要改,直接拖到最下面,點擊Show Request
它顯示了2段信息:
第一段是curl的請求命令,注意:它不是完整的命令。
第二段是請求數據,它是一段json內容。由於參數比較多,圖片展示不全。
前方高能預警,上面給出的curl命令,是絕對不能用的。
顯示的請求數據,也不是標准的json,是錯誤的json。
如果你用的老版本Rancher 2.3.x,顯示的curl命令,是正確的。其中包括-d參數,也就是標准的json數據。這里面就包括了鏡像地址,映射端口,映射目錄等等配置信息。
那么問題來了,怎么操作才是正確的姿勢呢?
經過我不斷的努力嘗試,終於測試出來了!!!
curl(正確)
還是回到上面的編譯頁面,之前我已經點擊了Show Requests。
先按F12,打開瀏覽器調試工具。點擊網絡,清空里面的連接。
再下面,點擊Send Request。
此時會出現一個PUT請求
找到Request Payload,這里就是發送的請求數據。
點擊view source,顯示源格式
這里,就是發送的數據,把它給復制出來。后面會用到!
將壓縮后的數據復制一下,那么完整的curl命令為:
export RANCHER_ACCESS_KEY="token-v82g7" export RANCHER_SECRET_KEY="zzph8mnrv7r2q5qqt9kds85xvjcwzpg5btkttpvj72nmfll8jmxn67" curl -u "${RANCHER_ACCESS_KEY}:${RANCHER_SECRET_KEY}" \ -X PUT \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{"annotations":{"cattle.io/timestamp":"2020-06-22T10:42:46Z"},"containers":[{"allowPrivilegeEscalation":false,"image":"10.212.82.86:1180/java/admin-master:32","imagePullPolicy":"Always","initContainer":false,"name":"admin-master","ports":[{"containerPort":8088,"dnsName":"admin-master-nodeport","hostPort":0,"kind":"NodePort","name":"tcp-8088","protocol":"TCP","sourcePort":0,"type":"/v3/project/schemas/containerPort"}],"privileged":false,"readOnly":false,"resources":{"type":"/v3/project/schemas/resourceRequirements"},"restartCount":0,"runAsNonRoot":false,"stdin":true,"stdinOnce":false,"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","tty":true,"type":"/v3/project/schemas/container"}],"created":"2020-06-22T10:42:46Z","creatorId":null,"deploymentConfig":{"maxSurge":1,"maxUnavailable":0,"minReadySeconds":0,"progressDeadlineSeconds":600,"revisionHistoryLimit":10,"strategy":"RollingUpdate"},"deploymentStatus":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2020-06-22T10:42:48Z","lastTransitionTimeTS":1592822568000,"lastUpdateTime":"2020-06-22T10:42:48Z","lastUpdateTimeTS":1592822568000,"message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"},{"lastTransitionTime":"2020-06-22T10:42:46Z","lastTransitionTimeTS":1592822566000,"lastUpdateTime":"2020-06-22T10:54:54Z","lastUpdateTimeTS":1592823294000,"message":"ReplicaSet \"admin-master-6c49c7c4b\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"}],"observedGeneration":7,"readyReplicas":1,"replicas":1,"type":"/v3/project/schemas/deploymentStatus","unavailableReplicas":0,"updatedReplicas":1},"dnsConfig":null,"dnsPolicy":"ClusterFirst","ephemeralContainers":[],"gids":[],"hostAliases":[],"hostIPC":false,"hostNetwork":false,"hostPID":false,"imagePullSecrets":[],"labels":{"workload.user.cattle.io/workloadselector":"deployment-default-admin-master"},"name":"admin-master","namespaceId":"default","nodeId":"","ownerReferences":[],"paused":false,"projectId":"c-l5nxb:p-dghs7","publicEndpoints":[],"readinessGates":[],"restartPolicy":"Always","scale":1,"scheduling":{"scheduler":"default-scheduler"},"selector":{"matchLabels":{"workload.user.cattle.io/workloadselector":"deployment-default-admin-master"},"type":"/v3/project/schemas/labelSelector"},"state":"active","sysctls":[],"terminationGracePeriodSeconds":30,"topologySpreadConstraints":[],"transitioning":"no","transitioningMessage":"","uuid":"96952959-73f4-48eb-9c8a-0476689c85f0","volumes":[],"windowsOptions":null,"workloadAnnotations":{"deployment.kubernetes.io/revision":"2","field.cattle.io/creatorId":"user-kmvzg"},"workloadLabels":{"cattle.io/creator":"norman","workload.user.cattle.io/workloadselector":"deployment-default-admin-master"},"workloadMetrics":[]}' \ 'https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master' --insecure
參數解釋:
export 用了定義全局變量。RANCHER_ACCESS_KEY和RANCHER_SECRET_KEY分別對應Access Key(用戶名)和Secret Key(密碼)
-u 設置服務器的用戶和密碼
-X 指定什么訪問類型。curl默認的HTTP動詞是GET,使用-X參數可以支持其他動詞。
-H 指定請求頭參數
-d HTTP POST方式傳送數據,也適用於其他方式。比如:PUT
--insecure 允許不使用證書到SSL站點。注意:由於我這里是ip訪問,所以提示不安全。如果是通過域名訪問,並且是安全的,不需要此參數。
執行之后,會返回一段json,比如:
{"actions":{"pause":"https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master?action=pause","redeploy":"https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master?action=redeploy","resume":"https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master?action=resume","rollback":"https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master?action=rollback"},"annotations":{"cattle.io/timestamp":"2020-06-22T10:42:46Z"},"baseType":"workload","containers":[{"allowPrivilegeEscalation":false,"image":"10.212.82.86:1180/java/admin-master:32","imagePullPolicy":"Always","initContainer":false,"name":"admin-master","ports":[{"containerPort":8088,"dnsName":"admin-master-nodeport","hostPort":0,"kind":"NodePort","name":"tcp-8088","protocol":"TCP","sourcePort":0,"type":"/v3/project/schemas/containerPort"}],"privileged":false,"readOnly":false,"resources":{"type":"/v3/project/schemas/resourceRequirements"},"restartCount":0,"runAsNonRoot":false,"stdin":true,"stdinOnce":false,"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","tty":true,"type":"/v3/project/schemas/container"}],"created":"2020-06-22T10:42:46Z","createdTS":1592822566000,"creatorId":null,"deploymentConfig":{"maxSurge":1,"maxUnavailable":0,"minReadySeconds":0,"progressDeadlineSeconds":600,"revisionHistoryLimit":10,"strategy":"RollingUpdate"},"deploymentStatus":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2020-06-22T10:42:48Z","lastTransitionTimeTS":1592822568000,"lastUpdateTime":"2020-06-22T10:42:48Z","lastUpdateTimeTS":1592822568000,"message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"},{"lastTransitionTime":"2020-06-22T10:42:46Z","lastTransitionTimeTS":1592822566000,"lastUpdateTime":"2020-06-22T10:54:54Z","lastUpdateTimeTS":1592823294000,"message":"ReplicaSet \"admin-master-6c49c7c4b\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"}],"observedGeneration":7,"readyReplicas":1,"replicas":1,"type":"/v3/project/schemas/deploymentStatus","unavailableReplicas":0,"updatedReplicas":1},"dnsPolicy":"ClusterFirst","hostIPC":false,"hostNetwork":false,"hostPID":false,"id":"deployment:default:admin-master","labels":{"workload.user.cattle.io/workloadselector":"deployment-default-admin-master"},"links":{"remove":"https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master","revisions":"https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master/revisions","self":"https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master","update":"https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master","yaml":"https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master/yaml"},"name":"admin-master","namespaceId":"default","paused":false,"projectId":"c-l5nxb:p-dghs7","publicEndpoints":[{"addresses":["10.212.21.159"],"allNodes":true,"ingressId":null,"nodeId":null,"podId":null,"port":32572,"protocol":"TCP","serviceId":"default:admin-master-nodeport"}],"restartPolicy":"Always","scale":1,"scheduling":{"scheduler":"default-scheduler"},"selector":{"matchLabels":{"workload.user.cattle.io/workloadselector":"deployment-default-admin-master"},"type":"/v3/project/schemas/labelSelector"},"state":"active","terminationGracePeriodSeconds":30,"transitioning":"no","transitioningMessage":"","type":"deployment","uuid":"96952959-73f4-48eb-9c8a-0476689c85f0","workloadAnnotations":{"deployment.kubernetes.io/revision":"2","field.cattle.io/creatorId":"user-kmvzg"},"workloadLabels":{"cattle.io/creator":"norman","workload.user.cattle.io/workloadselector":"deployment-default-admin-master"},"workloadMetrics":null}
注意:返回上面的json格式,才是正確的。
此時,rancher中的鏡像地址並沒有更改。因為我的-d里面的json數據中,
"image": "10.212.82.86:1180/java/admin-master:32"
鏡像地址還是原來的,如果需要更改。只需要更改這個值,再次發送PUT請求,就可以了。
那么我來測試一下,更改為:
"image": "10.212.82.86:1180/java/admin-master:33"
再次發送PUT請求,完整命令我就不貼了。更改image的值即可。
查看pod詳情,發現已經更改過來了。
Postman
關閉SSL驗證
點擊扳手按鈕
點擊settings,關閉ssl驗證。
如果不這么做,會提示:Error: unable to verify the first certificate
發送請求
選擇PUT請求,url地址為:https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master
增加Headers參數
Accept=application/json Content-Type=application/json Authorization=Bearer token-v82g7:zzph8mnrv7r2q5qqt9kds85xvjcwzpg5btkttpvj72nmfll8jmxn67
其中Authorization參數的格式為:
Bearer Access Key(用戶名):Secret Key(密碼)
注意:Bearer后面接空格,Access Key和Secret Key中間用冒號間隔。
效果如下:
點擊body-->raw-->json,粘貼上面的json數據
點擊send按鈕,發送請求。
可以看到返回HTTP 200,響應數據為一段json數據。
如果要更改鏡像地址,只需要修改json數據中的image地址即可。
python
下面使用python 3.x的request模塊,發送PUT請求。
rancher_deploy.py
#!usr/bin/python # -*- coding: utf-8 -*- import requests # 去除requests警告信息 from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) CATTLE_ACCESS_KEY = 'token-v82g7' RANCHER_SECRET_KEY = 'zzph8mnrv7r2q5qqt9kds85xvjcwzpg5btkttpvj72nmfll8jmxn67' # 請求頭 header = {'Accept': 'application/json', 'Content-Type': 'application/json', 'Authorization': 'Bearer {}:{}'.format(CATTLE_ACCESS_KEY, RANCHER_SECRET_KEY)} # 請求數據,r表示保留數據源格式。格式為:r"""json數據""" content = r"""{"annotations":{"cattle.io/timestamp":"2020-06-22T10:42:46Z"},"containers":[{"allowPrivilegeEscalation":false,"image":"10.212.82.86:1180/java/admin-master:33","imagePullPolicy":"Always","initContainer":false,"name":"admin-master","ports":[{"containerPort":8088,"dnsName":"admin-master-nodeport","hostPort":0,"kind":"NodePort","name":"tcp-8088","protocol":"TCP","sourcePort":0,"type":"/v3/project/schemas/containerPort"}],"privileged":false,"readOnly":false,"resources":{"type":"/v3/project/schemas/resourceRequirements"},"restartCount":0,"runAsNonRoot":false,"stdin":true,"stdinOnce":false,"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","tty":true,"type":"/v3/project/schemas/container"}],"created":"2020-06-22T10:42:46Z","creatorId":null,"deploymentConfig":{"maxSurge":1,"maxUnavailable":0,"minReadySeconds":0,"progressDeadlineSeconds":600,"revisionHistoryLimit":10,"strategy":"RollingUpdate"},"deploymentStatus":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2020-06-22T10:42:48Z","lastTransitionTimeTS":1592822568000,"lastUpdateTime":"2020-06-22T10:42:48Z","lastUpdateTimeTS":1592822568000,"message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"},{"lastTransitionTime":"2020-06-22T10:42:46Z","lastTransitionTimeTS":1592822566000,"lastUpdateTime":"2020-06-22T10:54:54Z","lastUpdateTimeTS":1592823294000,"message":"ReplicaSet \"admin-master-6c49c7c4b\" has successfully progressed.","reason":"NewReplicaSetAvailable","status":"True","type":"Progressing"}],"observedGeneration":7,"readyReplicas":1,"replicas":1,"type":"/v3/project/schemas/deploymentStatus","unavailableReplicas":0,"updatedReplicas":1},"dnsConfig":null,"dnsPolicy":"ClusterFirst","ephemeralContainers":[],"gids":[],"hostAliases":[],"hostIPC":false,"hostNetwork":false,"hostPID":false,"imagePullSecrets":[],"labels":{"workload.user.cattle.io/workloadselector":"deployment-default-admin-master"},"name":"admin-master","namespaceId":"default","nodeId":"","ownerReferences":[],"paused":false,"projectId":"c-l5nxb:p-dghs7","publicEndpoints":[],"readinessGates":[],"restartPolicy":"Always","scale":1,"scheduling":{"scheduler":"default-scheduler"},"selector":{"matchLabels":{"workload.user.cattle.io/workloadselector":"deployment-default-admin-master"},"type":"/v3/project/schemas/labelSelector"},"state":"active","sysctls":[],"terminationGracePeriodSeconds":30,"topologySpreadConstraints":[],"transitioning":"no","transitioningMessage":"","uuid":"96952959-73f4-48eb-9c8a-0476689c85f0","volumes":[],"windowsOptions":null,"workloadAnnotations":{"deployment.kubernetes.io/revision":"2","field.cattle.io/creatorId":"user-kmvzg"},"workloadLabels":{"cattle.io/creator":"norman","workload.user.cattle.io/workloadselector":"deployment-default-admin-master"},"workloadMetrics":[]}""" # 應用服務api地址 api_url = 'https://10.212.82.86/v3/project/c-l5nxb:p-dghs7/workloads/deployment:default:admin-master' # 發送put請求,verify=False表示關閉驗證證書 r = requests.put(api_url, data=content, headers=header, verify=False) # print(r.text) # print(r.status_code) # 判斷返回狀態碼 if (r.status_code == 200): print('ok') else: print('error')
執行腳本,輸出:
ok
說明:雖然關閉了ssl證書驗證,但是還是會彈出警告信息。因此我在上面,專門屏蔽了警告信息。參考鏈接:
https://blog.csdn.net/mike_Cui_LS/article/details/84249315
注意:代碼中的json數據,是當前的服務狀態設置而來的。如果后續服務有更新,比如增加環境,掛載目錄之類的。還得重新獲取json數據,並更新python代碼才行。
本文參考鏈接:
https://rancher.com/docs/rancher/v1.1/en/api/v1/api-resources/apiKey/
http://www.dockerinfo.net/3723.html
https://www.jianshu.com/p/2821da562ecd