Swarm API参考  应用API调用方式  调用方式-问答-阿里云开发者社区-阿里云

开发者社区> 问答> 正文

Swarm API参考  应用API调用方式  调用方式

青蛙跳 2018-08-31 23:31:23 1073
应用管理 REST API 需要指向集群的接入点地址, 并通过自签名证书的 HTTPS 请求和集群进行交互。

获取集群 Endpoint 和证书


控制台方式
  1. 登录 容器服务管理控制台
  2. 在 Swarm 菜单下,单击左侧导航栏中的 集群。
  3. 选择需要查看的集群并单击 管理。
  4. 您可以查看集群的 endpoint 并单击 下载证书 下载集群证书。


通过 API 访问,您需要将截图里命令中的 tcp 相应改为 https。
编程方式获取
您需要先通过集群管理的 API 获取:
  1. 获取集群的 master_url 字段值。更多详细信息,参见 查看集群信息
  2. 获取集群的证书。更多详细信息,参见 查看集群证书

API 返回结果:
{
    "ca": "string",   ##认证机构证书,ca.pem
    "cert": "string", ##用户公钥证书,cert.pem
    "key": "string"   ##用户私钥证书,key.pem
}


推荐将返回结果的三个 string 的内容保存为一个目录下的三个文件 ca.pem、 cert.pem、 key.pem。大部分的工具或编程框架都是以文件的方式加载 https 证书.

调用应用管理的 API


假设您的集群名称为 ClusterName,并且已经将上面三个证书存储到 ~/.docker/aliyun/ClusterName 目录下。上面获得的 master_url 地址为 https://123.123.123.123:1234
应用 API 列表
详见 应用API列表
下面以查看应用列表接口为例 (context path 为 /projects/)。
curl 方式
# 提示: 请注意你的 curl 版本,您可能需要升级你的 curl.
curl --insecure --cert ~/.docker/aliyun/ClusterName/cert.pem --key ~/.docker/aliyun/ClusterName/key.pem https://123.123.123.123:1234/projects/
PHP 方式
<?php
     $ch = curl_init();
     curl_setopt($ch, CURLOPT_URL, "https://123.123.123.123:1234/projects/");
     curl_setopt($ch, CURLOPT_SSLKEY, "~/.docker/aliyun/ClusterName/key.pem");
     curl_setopt($ch, CURLOPT_CAINFO, "~/.docker/aliyun/ClusterName/ca.pem");
     curl_setopt($ch, CURLOPT_SSLCERT, "~/.docker/aliyun/ClusterName/cert.pem");
     $result=curl_exec($ch);
     echo $result;
     curl_close($ch);
?>

Python 方式
import requests
res = requests.get('https://123.123.123.123:1234/projects/', verify='~/.docker/aliyun/ClusterName/ca.pem', cert=('~/.docker/aliyun/ClusterName/cert.pem', '~/.docker/aliyun/ClusterName/key.pem'))
print res.content

JAVA 方式
添加 Maven 依赖:
<dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.5.1</version>
        </dependency>
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpkix-jdk15on</artifactId>
            <version>1.52</version>
        </dependency>



代码示例:
import java.nio.file.Path;
        import java.nio.charset.Charset;
        import java.nio.file.Files;
        import java.nio.file.Paths;
        import java.security.KeyFactory;
        import java.security.KeyStore;
        import java.security.PrivateKey;
        import java.security.cert.Certificate;
        import java.security.cert.CertificateFactory;
        import java.security.spec.PKCS8EncodedKeySpec;
        import javax.net.ssl.SSLContext;
        import org.bouncycastle.openssl.PEMKeyPair;
        import org.bouncycastle.openssl.PEMParser;
        import org.apache.http.client.methods.CloseableH ttpResponse;
        import org.apache.http.client.methods.HttpGet;
        import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
        import org.apache.http.impl.client.CloseableHt tpClient;
        import org.apache.http.impl.client.HttpClients;
        import org.apache.http.ssl.SSLContexts;
        import org.apache.http.util.EntityUtils;
        public class Test {
            public static void main(String[] argc) throws Exception {
                final char[] KEY_STORE_PASSWORD = "".toCharArray();
                //获取证书地址
                Path caCertPath = Paths.get("~/.docker/aliyun/ClusterName/ca.pem");
                Path clientCertPath = Paths.get("~/.docker/aliyun/ClusterName/cert.pem");
                Path clientKeyPath = Paths.get("~/.docker/aliyun/ClusterName/key.pem");
                final CertificateFactory cf = CertificateFactory.getInstance("X.509");
                final Certificate caCert = cf.generateCertificate(Files.newInputStream(caCertPath));
                final Certificate clientCert = cf.generateCertificate(
                        Files.newInputStream(clientCertPath));
                final PEMKeyPair clientKeyPair = (PEMKeyPair) new PEMParser(
                        Files.newBufferedReader(clientKeyPath,
                                Charset.defaultCharset()))
                        .readObject();
                final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(
                        clientKeyPair.getPrivateKeyInfo().getEncoded());
                final KeyFactory kf = KeyFactory.getInstance("RSA");
                final PrivateKey clientKey = kf.generatePrivate(spec);
                //设置信任的证书
                final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                trustStore.load(null, null);
                trustStore.setEntry("ca", new KeyStore.TrustedCertificateEntry(caCert), null);
                //设置私钥
                final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setCertificateEntry("client", clientCert);
                keyStore.setKeyEntry("key", clientKey, KEY_STORE_PASSWORD, new Certificate[]{clientCert});
                SSLContext sslContext = SSLContexts.custom()
                        .loadTrustMaterial(trustStore, null)
                        .loadKeyMaterial(keyStore, KEY_STORE_PASSWORD)
                        .build();
                SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
                        sslContext,
                        SSLConnectionSocketFactory.getDefaultHostnameVerifier());
                //httpclient连接
                CloseableH ttpClient httpclient = HttpClients.custom()
                        .setSSLSocketFactory(sslsf)
                        .build();
                try {
                    HttpGet httpget = new HttpGet("https://123.123.123.123:1234/projects/");
                    CloseableHt tpResponse response = httpclient.execute(httpget);
                    try {
                        System.out.println("----------------------------------------");
                        String bodyAsString = EntityUtils.toString(response.getEntity());
                        System.out.println(bodyAsString);
                    } finally {
                        response.close();
                    }
                } finally {
                    httpclient.close();
                }
            }
        }


存储 网络协议 Java API PHP Maven 网络架构 Docker Python 容器
分享到
取消 提交回答
全部回答(0)
开发与运维
使用钉钉扫一扫加入圈子
+ 订阅

集结各类场景实战经验,助你开发运维畅行无忧

推荐文章
相似问题
推荐课程