kubernetes1.8开启swagger-ui
现在的版本默认只开启了6443安全端口,需要证书验证才能访问api,实现起来稍微有点麻烦,这里提供一个简单的方法。
先来看看官方说明:
Complete API details are documented using Swagger v1.2 and OpenAPI. The Kubernetes apiserver (aka “master”) exposes an API that can be used to retrieve the Swagger v1.2 Kubernetes API spec located at /swaggerapi. You can also enable a UI to browse the API documentation at /swagger-ui by passing the --enable-swagger-ui=true flag to apiserver.
这段话是说可以通过一个参数开启swagger-ui。
1、修改apiserver的配置,添加三个参数。
# vim /etc/kubernetes/manifests/kube-apiserver.yaml
- --enable-swagger-ui=true
- --insecure-bind-address=0.0.0.0
- --insecure-port=8080
第一个是开启swagger-ui,另外两个是暴露非安全端口,亦即可以不用证书验证。
2、设置nginx代理apiserver。由于页面加载特别慢,而且每次刷新都会重新加载一次,所以这里我在nginx加了一层缓存。
# vim swagger.oupeng.com.conf
upstream swagger-oupeng-com {
server 192.168.5.42:8080 weight=10 max_fails=3 fail_timeout=10;
server 192.168.5.104:8080 weight=10 max_fails=3 fail_timeout=10;
server 192.168.5.105:8080 weight=10 max_fails=3 fail_timeout=10;
check interval=5000 rise=2 fall=5 timeout=1000 type=tcp;
ip_hash;
}
proxy_cache_path /usr/local/nginx/proxy_cache_dir/cache_k8s levels=1:2 keys_zone=k8s:1g max_size=10g inactive=100m use_temp_path=off;
server{
listen 80;
server_name swagger.oupeng.com;
auth_ldap "Forbidden";
auth_ldap_servers ldapsv;
location / {
proxy_cache k8s;
proxy_cache_key "$host$request_uri$cookie_user";
proxy_cache_valid any 1h;
proxy_cache_revalidate on;
proxy_cache_min_uses 1;
proxy_cache_lock on;
proxy_cache_lock_timeout 5s;
proxy_pass http://swagger-oupeng-com;
include proxy.conf;
break;
}
access_log /usr/local/nginx/logs/swagger.oupeng.com.access.log json;
error_log /usr/local/nginx/logs/swagger.oupeng.com.error.log;
}
3、重载nginx就可以通过域名访问了。
用浏览器访问:http://swagger.oupeng.com/swagger-ui/ 注意url最后面一定要加"/",要不然不会跳转到html页面。
参考:
https://kubernetes.io/docs/concepts/overview/kubernetes-api/
https://kubernetes.io/docs/reference/generated/kube-apiserver/