API 使用指引
1. 调用方式
1.1. 创建访问凭证
访问【平台管理】控制台,在左侧找到【组织资源】,选择【访问凭证】,新建一个访问凭证。
1.2. 访问 API
TKEStack上各种资源的接口均以 Kubernetes 原生 API 的形式提供,所有接口使用统一的前缀: http://console.tke.com:8080/platform
,请求中需要将上一步申请的访问凭证以"Authorization: Bearer ${访问凭证}"
的形式放入 header。
以查询集群信息为例,使用的请求如下:
curl -H "Authorization: Bearer xxxxxxx" \
"http://console.tke.com:8080/platform/apis/platform.tkestack.io/v1/clusters"
1.3. 查看特定集群的 Namespace
查看集群所包含的 Namespace 需要传递 "X-TKE-ClusterName: cls-xxx" 的 header,cls-xxx 为特定集群 ID
curl -H "Authorization: Bearer xxxxxxx" \
-H "X-TKE-ClusterName: cls-xxx" \
"http://console.tke.com:8080/platform/api/v1/namespaces"
2. 通过 API 创建应用
2.1. 非 TApp 应用(deployment,statefulset,daemonset)
curl 'http://console.tke.com:8080/platform/apis/apps/v1/namespaces/命名空间/工作负载类型/工作负载名称'
-X PATCH
-H 'Content-Type:application/strategic-merge-patch+json'
-H 'X-TKE-ClusterName:所属集群'
-H 'Authorization: Bearer 访问凭证'
-d '{"spec":{"template":{"spec":{"containers":[{"name":"容器名称","image":"容器镜像"}]}}}}'
工作负载类型: 选择需要更新的工作负载类型(deployment,statefulset, daemonset) 所属集群:填写所要更新容器所属集群。 命名空间:填写所要更新容器所属的命名空间。 工作负载名称:填写所要更新容器的工作负载名称。 容器名称:填写所要更新容器的名称。 访问凭证:填写访问该容器资源的访问凭证,可以在“tkestack-组织资源-访问凭证“中获取该信息(访问凭证有过期时间,如过期需要重新创建)。 容器镜像:填写所要更新的Docker镜像
2.2. TApp
TApp 是自研的应用类型,更新镜像需要两步,首先获取当前的容器 spec,调整镜像名后在调用更新接口
2.2.1. 获取tapp spec
curl 'http://console.tke.com:8080/platform/apis/platform.tkestack.io/v1/clusters/所属集群/tapps?namespace=命名空间&name=工作负载名称'
-X GET
-H 'Authorization: Bearer 访问凭证'
返回值示例:
{"apiVersion":"apps.tkestack.io/v1","kind":"TApp","metadata":{"creationTimestamp":"2020-06-10T13:35:54Z","generation":8,"labels":{"k8s-app":"kevintest","qcloud-app":"kevintest"},"name":"kevintest","namespace":"default","resourceVersion":"13925571","selfLink":"/apis/apps.tkestack.io/v1/namespaces/default/tapps/kevintest","uid":"0269fb69-fa87-42f8-9c3a-e1f96cef40f1"},"spec":{"forceDeletePod":true,"replicas":1,"selector":{"matchLabels":{"k8s-app":"kevintest","qcloud-app":"kevintest"}},"template":{"metadata":{"creationTimestamp":null,"labels":{"k8s-app":"kevintest","qcloud-app":"kevintest","tapp_template_hash_key":"9636164821252331163","tapp_uniq_hash_key":"9518255606018677371"}},"spec":{"containers":[{"image":"mirrors.tencent.com/elsanli/devops-demo:62","imagePullPolicy":"Always","livenessProbe":{"failureThreshold":10,"periodSeconds":10,"successThreshold":1,"tcpSocket":{"port":8888},"timeoutSeconds":2},"name":"test","readinessProbe":{"failureThreshold":10,"periodSeconds":30,"successThreshold":1,"tcpSocket":{"port":8888},"timeoutSeconds":2},"resources":{"limits":{"cpu":"100m","memory":"48Mi"},"requests":{"cpu":"100m","memory":"25Mi"}}}],"restartPolicy":"Always"}},"updateStrategy":{}},"status":{"appStatus":"Running","observedGeneration":7,"readyReplicas":0,"replicas":1,"scaleLabelSelector":"k8s-app=kevintest,qcloud-app=kevintest","statuses":{"0":"Pending"}}}
2.3. 更新 TApp 镜像
从上一步返回值中获取想要更新的整个容器的 spec,替换其中的 image 字段,这样做是为了避免将其他字段覆盖为空
curl ''http://console.tke.com:8080/platform/apis/platform.tkestack.io/v1/clusters/所属集群/tapps?namespace=命名空间&name=工作负载名称'
-X PATCH
-H 'Content-Type:application/merge-patch+json'
-H 'X-TKE-ClusterName:所属集群'
-H 'Authorization: Bearer 访问凭证'
-d '{"spec":{"template":{"spec":{"containers":[{"name":"容器名称","image":"容器镜像","resources":{"limits":{"cpu":"100m","memory":"48Mi"},"requests":{"cpu":"100m","memory":"25Mi"}},"livenessProbe":{"tcpSocket":{"port":8888},"timeoutSeconds":2,"periodSeconds":10,"successThreshold":1,"failureThreshold":10},"readinessProbe":{"tcpSocket":{"port":8888},"timeoutSeconds":2,"periodSeconds":30,"successThreshold":1,"failureThreshold":10},"imagePullPolicy":"Always"}]}},"templates":null}}
所属集群:填写所要更新容器所属集群。 命名空间:填写所要更新容器所属的命名空间。 工作负载名称:填写所要更新容器的工作负载名称。 容器名称:填写所要更新容器的名称。 访问凭证:填写访问该容器资源的访问凭证,可以在“tkestack-组织资源-访问凭证“中获取该信息(访问凭证有过期时间,如过期需要重新创建)。 容器镜像:填写所要更新的Docker镜像
3. 通过 API 增删集群节点
只能对独立集群的节点进行增删操作,不可操作导入集群。
3.1. 增加节点
URL: http://console.tke.com:8080/platform/apis/platform.tkestack.io/v1/machines
Method: POST
Headers:
- Content-Type: application/json
- Authorization: Bearer xxx
按照以下命令的格式,将中文部分替换成实际值,发送请求。请求成功后,会返回被创建的Machine对象。
curl -X POST \
"http://console.tke.com:8080/platform/apis/platform.tkestack.io/v1/machines" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer 你的访问凭证" \
-d '
{
"kind": "Machine",
"apiVersion": "platform.tkestack.io/v1",
"metadata": {
"generateName": "mc-"
},
"spec": {
"finalizers": [
"machine"
],
"tenantID": "租户ID(联系平台管理员获取)",
"clusterName": "集群ID,可通过页面查看(不是集群名称)",
"type": "Baremetal",
"ip": "节点IP",
"port": 节点SSH端口(int),
"username": "root",
"password": "节点root密码(需经base64编码)"
}
}'
password base64编码:
echo -n $PASSWORD | base64
假设password原文为123456,则生成的base64编码为MTIzNDU2
PS: 使用 echo 命令时一定加上 -n 参数
3.2. 查看节点
URL: http://console.tke.com:8080/platform/apis/platform.tkestack.io/v1/machines/${machine.metadata.name}
Method: GET
Headers:
- Authorization: Bearer xxx
假设平台中有 name 为 mc-brd44nzd 的 Machine 对象:
{
"kind": "Machine",
"apiVersion": "platform.tkestack.io/v1",
"metadata": {
"name": "mc-brd44nzd",
"generateName": "mc-",
"selfLink": "/apis/platform.tkestack.io/v1/machines/mc-brd44nzd",
"uid": "9ef7c08f-c535-4e99-b11d-9f7d02be19f5",
"resourceVersion": "343953553",
"creationTimestamp": "2020-02-27T00:25:02Z"
},
"spec": {
"finalizers": [
"machine"
],
"tenantID": "default",
"clusterName": "xxxx",
"type": "Baremetal",
"ip": "xxxxxx",
"port": 36000,
"username": "root",
"password": "xxxxxx"
}
}
则查看该 Machine 部署进度的请求为:
curl "http://console.tke.com:8080/platform/apis/platform.tkestack.io/v1/machines/mc-brd44nzd" \
-H "Authorization: Bearer 你的访问凭证"
3.3. 删除节点
URL: http://console.tke.com:8080/platform/apis/platform.tkestack.io/v1/machines/${machine.metadata.name}
Method: DELETE
Headers:
- Authorization: Bearer xxx
假设平台中有 name 为 mc-brd44nzd 的 Machine 对象,则删除节点的请求为:
curl -X DELETE "http://console.tke.com:8080/platform/apis/platform.tkestack.io/v1/machines/mc-brd44nzd" \
-H "Authorization: Bearer 你的访问凭证"
4. 通过 API 获取业务信息
4.1. 查看自身所在业务
curl 'http://console.tke.com:8080/business/apis/business.tkestack.io/v1/portal' \
-X GET \
-H "Authorization: Bearer 访问凭证"
4.2. 查看特定业务包含的 Namespace 信息
curl 'http://console.tke.com:8080/business/apis/business.tkestack.io/v1/namespaces/prj-xxx/namespaces' \
-X GET \
-H "Authorization: Bearer 访问凭证"
prj-xxx 为业务 id
4.3. 查看特定业务信息
curl 'http://console.tke.com:8080/business/apis/business.tkestack.io/v1/projects/prj-xxx' \
-X GET \
-H 'Authorization: Bearer 访问凭证'
prj-xxx为业务id