应用管理 REST API 需要指向集群的接入点地址, 并通过自签名证书的 HTTPS 请求和集群进行交互。
获取集群 Endpoint 和证书
控制台方式
- 登录 容器服务管理控制台。
- 在 Swarm 菜单下,单击左侧导航栏中的 集群。
- 选择需要查看的集群并单击 管理。
- 您可以查看集群的 endpoint 并单击 下载证书 下载集群证书。
通过 API 访问,您需要将截图里命令中的 tcp 相应改为 https。
编程方式获取
您需要先通过集群管理的 API 获取:
API 返回结果:
{
"ca": "string", ##认证机构证书,ca.pem
"cert": "string", ##用户公钥证书,cert.pem
"key": "string" ##用户私钥证书,key.pem
}
推荐将返回结果的三个 string 的内容保存为一个目录下的三个文件 ca.pem、cert.pem、key.pem。大部分的工具或编程框架都是以文件的方式加载 https 证书.
调用应用管理的 API
假设您的集群名称为 ClusterName
,并且已经将上面三个证书存储到 ~/.docker/aliyun/ClusterName 目录下。上面获得的 master_url
地址为 https://123.123.123.123:1234
。
应用 API 列表
详见 应用API列表。
下面以查看应用列表接口为例 (context path
为 /projects/
)。
curl 方式
# 提示: 请注意你的 curl 版本,您可能需要升级你的 curl.
curl --insecure --cert ~/.docker/aliyun/ClusterName/cert.pem --key ~/.docker/aliyun/ClusterName/key.pem https://123.123.123.123:1234/projects/
PHP 方式
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://123.123.123.123:1234/projects/");
curl_setopt($ch, CURLOPT_SSLKEY, "~/.docker/aliyun/ClusterName/key.pem");
curl_setopt($ch, CURLOPT_CAINFO, "~/.docker/aliyun/ClusterName/ca.pem");
curl_setopt($ch, CURLOPT_SSLCERT, "~/.docker/aliyun/ClusterName/cert.pem");
$result=curl_exec($ch);
echo $result;
curl_close($ch);
?>
Python 方式
import requests
res = requests.get('https://123.123.123.123:1234/projects/', verify='~/.docker/aliyun/ClusterName/ca.pem', cert=('~/.docker/aliyun/ClusterName/cert.pem', '~/.docker/aliyun/ClusterName/key.pem'))
print res.content
JAVA 方式
添加 Maven 依赖:
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.1</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.52</version>
</dependency>
代码示例:
import java.nio.file.Path;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.net.ssl.SSLContext;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
public class Test {
public static void main(String[] argc) throws Exception {
final char[] KEY_STORE_PASSWORD = "".toCharArray();
//获取证书地址
Path caCertPath = Paths.get("~/.docker/aliyun/ClusterName/ca.pem");
Path clientCertPath = Paths.get("~/.docker/aliyun/ClusterName/cert.pem");
Path clientKeyPath = Paths.get("~/.docker/aliyun/ClusterName/key.pem");
final CertificateFactory cf = CertificateFactory.getInstance("X.509");
final Certificate caCert = cf.generateCertificate(Files.newInputStream(caCertPath));
final Certificate clientCert = cf.generateCertificate(
Files.newInputStream(clientCertPath));
final PEMKeyPair clientKeyPair = (PEMKeyPair) new PEMParser(
Files.newBufferedReader(clientKeyPath,
Charset.defaultCharset()))
.readObject();
final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(
clientKeyPair.getPrivateKeyInfo().getEncoded());
final KeyFactory kf = KeyFactory.getInstance("RSA");
final PrivateKey clientKey = kf.generatePrivate(spec);
//设置信任的证书
final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
trustStore.setEntry("ca", new KeyStore.TrustedCertificateEntry(caCert), null);
//设置私钥
final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("client", clientCert);
keyStore.setKeyEntry("key", clientKey, KEY_STORE_PASSWORD, new Certificate[]{clientCert});
SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(trustStore, null)
.loadKeyMaterial(keyStore, KEY_STORE_PASSWORD)
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
//httpclient连接
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.build();
try {
HttpGet httpget = new HttpGet("https://123.123.123.123:1234/projects/");
CloseableHttpResponse response = httpclient.execute(httpget);
try {
System.out.println("----------------------------------------");
String bodyAsString = EntityUtils.toString(response.getEntity());
System.out.println(bodyAsString);
} finally {
response.close();
}
} finally {
httpclient.close();
}
}
}
在文档使用中是否遇到以下问题
更多建议
匿名提交