调用方式

应用管理 REST API 需要指向集群的接入点地址, 并通过自签名证书的 HTTPS 请求和集群进行交互。

获取集群 Endpoint 和证书

控制台方式

1. 登录 容器服务管理控制台。

2. 单击左侧导航栏中的 集群。

3. 选择需要查看的集群并单击 管理。

   

4. 您可以查看集群的 endpoint 并单击 下载证书 下载集群证书。

   

通过 API 访问，您需要将截图里的 tcp 需要改为 https。

编程方式获取

您需要先通过集群管理的 API 获取:

1. 获取集群的 master_url 字段值。更多详细信息，参见 查看集群信息。

2. 获取集群的证书。更多详细信息，参见 查看集群证书。

API 返回结果：

{
    "ca": "string",   ##认证机构证书，ca.pem
    "cert": "string", ##用户公钥证书，cert.pem
    "key": "string"   ##用户私钥证书，key.pem
}

推荐将返回结果的三个 string 的内容保存为一个目录下的三个文件 ca.pem、cert.pem、key.pem。大部分的工具或编程框架都是以文件的方式加载 https 证书.

调用应用管理的 API

假设您的集群名称为 ClusterName，并且已经将上面三个证书存储到 ~/.docker/aliyun/ClusterName 目录下。上面获得的 master_url 地址为 https://123.123.123.123:1234。

应用 API 列表

详见 应用API列表。

下面以查看应用列表接口为例 (context path 为 /projects/)。

curl 方式

# 提示: 请注意你的 curl 版本，您可能需要升级你的 curl.
curl --insecure --cert ~/.docker/aliyun/ClusterName/cert.pem --key ~/.docker/aliyun/ClusterName/key.pem https://123.123.123.123:1234/projects/

PHP 方式

<?php
     $ch = curl_init();
     curl_setopt($ch, CURLOPT_URL, "https://123.123.123.123:1234/projects/");
     curl_setopt($ch, CURLOPT_SSLKEY, "~/.docker/aliyun/ClusterName/key.pem");
     curl_setopt($ch, CURLOPT_CAINFO, "~/.docker/aliyun/ClusterName/ca.pem");
     curl_setopt($ch, CURLOPT_SSLCERT, "~/.docker/aliyun/ClusterName/cert.pem");
     $result=curl_exec($ch);
     echo $result;
     curl_close($ch);
?>

Python 方式

import requests
res = requests.get('https://123.123.123.123:1234/projects/', verify='~/.docker/aliyun/ClusterName/ca.pem', cert=('~/.docker/aliyun/ClusterName/cert.pem', '~/.docker/aliyun/ClusterName/key.pem'))
print res.content

JAVA 方式

添加 Maven 依赖：

        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.5.1</version>
        </dependency>
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpkix-jdk15on</artifactId>
            <version>1.52</version>
        </dependency>

代码示例：

        import java.nio.file.Path;
        import java.nio.charset.Charset;
        import java.nio.file.Files;
        import java.nio.file.Paths;
        import java.security.KeyFactory;
        import java.security.KeyStore;
        import java.security.PrivateKey;
        import java.security.cert.Certificate;
        import java.security.cert.CertificateFactory;
        import java.security.spec.PKCS8EncodedKeySpec;
        import javax.net.ssl.SSLContext;
        import org.bouncycastle.openssl.PEMKeyPair;
        import org.bouncycastle.openssl.PEMParser;
        import org.apache.http.client.methods.CloseableHttpResponse;
        import org.apache.http.client.methods.HttpGet;
        import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
        import org.apache.http.impl.client.CloseableHttpClient;
        import org.apache.http.impl.client.HttpClients;
        import org.apache.http.ssl.SSLContexts;
        import org.apache.http.util.EntityUtils;
        public class Test {
            public static void main(String[] argc) throws Exception {
                final char[] KEY_STORE_PASSWORD = "".toCharArray();
                //获取证书地址
                Path caCertPath = Paths.get("~/.docker/aliyun/ClusterName/ca.pem");
                Path clientCertPath = Paths.get("~/.docker/aliyun/ClusterName/cert.pem");
                Path clientKeyPath = Paths.get("~/.docker/aliyun/ClusterName/key.pem");
                final CertificateFactory cf = CertificateFactory.getInstance("X.509");
                final Certificate caCert = cf.generateCertificate(Files.newInputStream(caCertPath));
                final Certificate clientCert = cf.generateCertificate(
                        Files.newInputStream(clientCertPath));
                final PEMKeyPair clientKeyPair = (PEMKeyPair) new PEMParser(
                        Files.newBufferedReader(clientKeyPath,
                                Charset.defaultCharset()))
                        .readObject();
                final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(
                        clientKeyPair.getPrivateKeyInfo().getEncoded());
                final KeyFactory kf = KeyFactory.getInstance("RSA");
                final PrivateKey clientKey = kf.generatePrivate(spec);
                //设置信任的证书
                final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                trustStore.load(null, null);
                trustStore.setEntry("ca", new KeyStore.TrustedCertificateEntry(caCert), null);
                //设置私钥
                final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setCertificateEntry("client", clientCert);
                keyStore.setKeyEntry("key", clientKey, KEY_STORE_PASSWORD, new Certificate[]{clientCert});
                SSLContext sslContext = SSLContexts.custom()
                        .loadTrustMaterial(trustStore, null)
                        .loadKeyMaterial(keyStore, KEY_STORE_PASSWORD)
                        .build();
                SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
                        sslContext,
                        SSLConnectionSocketFactory.getDefaultHostnameVerifier());
                //httpclient连接
                CloseableHttpClient httpclient = HttpClients.custom()
                        .setSSLSocketFactory(sslsf)
                        .build();
                try {
                    HttpGet httpget = new HttpGet("https://123.123.123.123:1234/projects/");
                    CloseableHttpResponse response = httpclient.execute(httpget);
                    try {
                        System.out.println("----------------------------------------");
                        String bodyAsString = EntityUtils.toString(response.getEntity());
                        System.out.println(bodyAsString);
                    } finally {
                        response.close();
                    }
                } finally {
                    httpclient.close();
                }
            }
        }