介绍
yapi是api 文档管理系统,基于nodejs和mongodb。集成ldap
编写entrypoint,sh
因为config.json这个配置,通过环境变量来配置比较方便,所以我们写一个entrypoint.sh文件,主要使用sed方法,用环境变量来替换json字段。具体如下,另外再加一个启动yapi的语句。
#!/bin/sh
#update config file with env var
if [ $YAPI_SERVER_PORT ]; then
sed -i 2c\"port\":\"$YAPI_SERVER_PORT\", ../config.json
fi
if [ $YAPI_ADMINACCOUNT ]; then
sed -i 3c\"adminAccount\":\"$YAPI_ADMINACCOUNT\", ../config.json
fi
if [ $YAPI_TIMEOUT ]; then
sed -i 4c\"timeout\":\"$YAPI_TIMEOUT\", ../config.json
fi
if [ $YAPI_DB_SERVERNAME ]; then
sed -i 6c\"servername\":\"$YAPI_DB_SERVERNAME\", ../config.json
fi
if [ $YAPI_DB_DATABASE ]; then
sed -i 7c\"DATABASE\":\"$YAPI_DB_DATABASE\", ../config.json
fi
if [ $YAPI_DB_PORT ]; then
sed -i 8c\"port\":\"$YAPI_DB_PORT\", ../config.json
fi
if [ $YAPI_DB_USER ]; then
sed -i 9c\"user\":\"$YAPI_DB_USER\", ../config.json
fi
if [ $YAPI_DB_PASS ]; then
sed -i 10c\"pass\":\"$YAPI_DB_PASS\", ../config.json
fi
if [ $YAPI_DB_AUTHSOURCE ]; then
sed -i 11c\"authSource\":\"$YAPI_DB_AUTHSOURCE\" ../config.json
fi
if [ $YAPI_MAIL_ENABLE ]; then
sed -i 13c\"mail\":\"$YAPI_MAIL_ENABLE\", ../config.json
fi
if [ $YAPI_MAIL_HOST ]; then
sed -i 14c\"enable\":\"$YAPI_MAIL_HOST\", ../config.json
fi
if [ $YAPI_MAIL_PORT ]; then
sed -i 15c\"host\":\"$YAPI_MAIL_PORT\", ../config.json
fi
if [ $YAPI_MAIL_FROM ]; then
sed -i 16c\"port\":\"$YAPI_MAIL_FROM\", ../config.json
fi
if [ $YAPI_MAIL_AUTH ]; then
sed -i 17c\"from\":\"$YAPI_MAIL_AUTH\", ../config.json
fi
if [ $YAPI_MAIL_USER ]; then
sed -i 18c\"auth\":\"$YAPI_MAIL_USER\", ../config.json
fi
if [ $YAPI_MAIL_PASS ]; then
sed -i 19c\"user\":\"$YAPI_MAIL_PASS\" ../config.json
fi
#start yapi
node server/app.js
编写yapi的dockerfile
基础镜像是node:11.15-alpine,因为这个镜像没有nodejs编译需要的python make,所以需要加进来。
把entrypoint.sh从本人github下载下来,加入到镜像中。
把config.json也从本人github下载下来,放入镜像中。
FROM node:11.15-alpine as builder
RUN apk add python make
WORKDIR /yapi
RUN wget https://github.com/YMFE/yapi/archive/refs/tags/v1.9.2.tar.gz
RUN tar -zxvf v1.9.2.tar.gz
RUN mv yapi-1.9.2 vendors
RUN wget https://raw.githubusercontent.com/xie-shujian/yapi/main/ldap/config.json
WORKDIR /yapi/vendors
RUN npm install --production
RUN wget https://raw.githubusercontent.com/xie-shujian/yapi/main/ldap/entrypoint.sh
FROM node:11.15-alpine
LABEL maintainer="xiesj@live.com"
ENV TZ="Asia/Shanghai"
WORKDIR /yapi/vendors
COPY --from=builder /yapi/vendors /yapi/vendors
COPY --from=builder /yapi/config.json /yapi/config.json
EXPOSE 3000
ENTRYPOINT ["sh", "entrypoint.sh"]
这里使用了多重镜像,使用 copy --from 命令,第一个镜像作为builder镜像,把第一个镜像的builder结果,复制到第二个镜像里
制作成镜像
docker build -t xieshujian/yapi:1.9.2-ldap .
镜像大小大概是164m,还是很小的
k8s部署yaml文件
- 创建secret
- 创建部署
编写环境变量,包含mongodb的连接信息
编写探针 - 创建service
service端口是80,容器端口是3000
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: yapi-secret
stringData:
YAPI_DB_PASS: yapipassword
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: yapi
labels:
app: yapi
spec:
replicas: 1
selector:
matchLabels:
app: yapi
template:
metadata:
labels:
app: yapi
spec:
containers:
- name: yapi
image: xieshujian/yapi:1.9.2-ldap
env:
- name: YAPI_SERVER_PORT
value: "3000"
- name: YAPI_ADMINACCOUNT
value: admin@admin.com
- name: YAPI_TIMEOUT
value: "120000"
- name: YAPI_DB_SERVERNAME
value: mongodb
- name: YAPI_DB_PORT
value: "27017"
- name: YAPI_DB_DATABASE
value: yapidb
- name: YAPI_DB_USER
value: yapiuser
- name: YAPI_DB_PASS
valueFrom:
secretKeyRef:
name: yapi-secret
key: YAPI_DB_PASS
- name: YAPI_DB_AUTHSOURCE
value: yapidb
- name: YAPI_MAIL_ENABLE
value: "false"
- name: YAPI_MAIL_PORT
value: "465"
- name: YAPI_LDAP_ENABLE
value: "true"
- name: YAPI_LDAP_EMAILPOSTFIX
value: "@163.com"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
livenessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: yapi
spec:
selector:
app: yapi
ports:
- protocol: TCP
port: 80
targetPort: 3000
config.json是修改过的
{
"port": "YAPI_SERVER_PORT",
"adminAccount": "YAPI_ADMINACCOUNT",
"timeout": YAPI_TIMEOUT,
"db": {
"servername": "YAPI_DB_SERVERNAME",
"DATABASE": "YAPI_DB_DATABASE",
"port": YAPI_DB_PORT,
"user": "YAPI_DB_USER",
"pass": "YAPI_DB_PASS",
"authSource": "YAPI_DB_AUTHSOURCE"
},
"mail": {
"enable": YAPI_MAIL_ENABLE,
"host": "YAPI_MAIL_HOST",
"port": YAPI_MAIL_PORT,
"from": "YAPI_MAIL_FROM",
"auth": {
"user": "YAPI_MAIL_USER",
"pass": "YAPI_MAIL_PASS"
}
},
"ldapLogin": {
"enable": YAPI_LDAP_ENABLE,
"server": "YAPI_LDAP_SERVER",
"baseDn": "YAPI_LDAP_BASEDN",
"bindPassword": "YAPI_LDAP_BINDPASSWORD",
"searchDn": "YAPI_LDAP_SEARCHDN",
"searchStandard": "YAPI_LDAP_SEARCHSTANDARD",
"emailPostfix": "YAPI_LDAP_EMAILPOSTFIX",
"emailKey": "YAPI_LDAP_EMAILKEY",
"usernameKey": "YAPI_LDAP_USERNAMEKEY"
}
}
我们会用mongodb,servername就是service name就叫mongodb
探针,这里使用http探针,5秒跑一次
安全方面anyuid可选
在有些k8s发行版本里,会严格限制权限,比如禁用root账号,因为这个容器使用的是root账号,所以我们可以通过service account来实现
- 首先我们创建一个service account 叫sc-yapi
kubectl create serviceaccount sc-yapi - 其次我们赋予权限anyuid
kubectl admin policy add-scc-to-user anyuid -z sc-yapi - 然后我们修改上面的部署文件,加入部署时候使用的serviceaccount
apiVersion: apps/v1
kind: Deployment
metadata:
name: yapi
labels:
app: yapi
spec:
replicas: 1
selector:
matchLabels:
app: yapi
template:
metadata:
labels:
app: yapi
spec:
containers:
- name: yapi
image: xieshujian/yapi:1.9.2-ldap
env:
..............................................................................
省略环境变量
..............................................................................
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
livenessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
serviceAccountName: sc-yapi
建立service叫yapi
创建命名空间
kubectl create ns yapi
安装mongodb
把mongodb chart下载解压,找到values.yaml,打开,修改里面的rootPassword的值改为taihu123
另外把useStatefulSet设置成true,我们使用statefull
执行下面命令安装mongodb
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install mongodb bitnami/mongodb -n yapi -f values.yaml
安装完毕之后进入容器,执行下面命令,新建普通账号,和数据库
mongo -u root -p taihu123
use yapidb
db.createUser({user: "yapiuser",pwd: "yapipassword",roles: [ { role: "dbOwner", db: "yapidb" } ]} )
安装yapi
kubectl apply -f yapi.yaml -n yapi
安装完毕之后,进入其中一个pod
执行下面命令
npm run install-server
初始化数据库
接下来就可以登录yapi了,账号是admin@admin.com,密码是ymfe.org