介紹

yapi是api 文檔管理系統(tǒng)殴泰，基于nodejs和mongodb。官方?jīng)]有提供標(biāo)準(zhǔn)的docker鏡像都是自己搞的浮驳。我也來搞一個(gè)

制作yapi docker鏡像

yapi容器使用非root權(quán)限悍汛，使用默認(rèn)node賬號(hào)，使用node:11-alpine作為基礎(chǔ)鏡像至会，使用多階段構(gòu)建

編寫entrypoint,sh

因?yàn)閏onfig.json這個(gè)配置离咐，通過環(huán)境變量來配置比較方便，所以我們寫一個(gè)entrypoint.sh文件奉件，主要使用sed方法宵蛀，用環(huán)境變量來替換json字段。具體如下县貌，另外再加一個(gè)啟動(dòng)yapi的語句术陶。

#!/bin/sh
#update config file with env var
if [ $YAPI_SERVER_PORT ]; then
    sed -i 2c\"port\":\"$YAPI_SERVER_PORT\", ../config.json
fi
if [ $YAPI_ADMINACCOUNT ]; then
    sed -i 3c\"adminAccount\":\"$YAPI_ADMINACCOUNT\", ../config.json
fi
if [ $YAPI_TIMEOUT ]; then
    sed -i 4c\"timeout\":\"$YAPI_TIMEOUT\", ../config.json
fi
if [ $YAPI_DB_SERVERNAME ]; then
    sed -i 6c\"servername\":\"$YAPI_DB_SERVERNAME\", ../config.json
fi
if [ $YAPI_DB_DATABASE ]; then
    sed -i 7c\"DATABASE\":\"$YAPI_DB_DATABASE\", ../config.json
fi
if [ $YAPI_DB_PORT ]; then
    sed -i 8c\"port\":\"$YAPI_DB_PORT\", ../config.json
fi
if [ $YAPI_DB_USER ]; then
    sed -i 9c\"user\":\"$YAPI_DB_USER\", ../config.json
fi
if [ $YAPI_DB_PASS ]; then
    sed -i 10c\"pass\":\"$YAPI_DB_PASS\", ../config.json
fi
if [ $YAPI_DB_AUTHSOURCE ]; then
    sed -i 11c\"authSource\":\"$YAPI_DB_AUTHSOURCE\" ../config.json
fi
if [ $YAPI_MAIL_ENABLE ]; then
    sed -i 13c\"mail\":\"$YAPI_MAIL_ENABLE\", ../config.json
fi
if [ $YAPI_MAIL_HOST ]; then
    sed -i 14c\"enable\":\"$YAPI_MAIL_HOST\", ../config.json
fi
if [ $YAPI_MAIL_PORT ]; then
    sed -i 15c\"host\":\"$YAPI_MAIL_PORT\", ../config.json
fi
if [ $YAPI_MAIL_FROM ]; then
    sed -i 16c\"port\":\"$YAPI_MAIL_FROM\", ../config.json
fi
if [ $YAPI_MAIL_AUTH ]; then
    sed -i 17c\"from\":\"$YAPI_MAIL_AUTH\", ../config.json
fi
if [ $YAPI_MAIL_USER ]; then
    sed -i 18c\"auth\":\"$YAPI_MAIL_USER\", ../config.json
fi
if [ $YAPI_MAIL_PASS ]; then
    sed -i 19c\"user\":\"$YAPI_MAIL_PASS\" ../config.json
fi
#start yapi
node server/app.js

編寫yapi的dockerfile

基礎(chǔ)鏡像是node:11-alpine,因?yàn)檫@個(gè)鏡像沒有nodejs編譯需要的python make，所以需要加進(jìn)來煤痕。
把entrypoint.sh從本人github下載下來梧宫，加入到鏡像中，修改node可以運(yùn)行的權(quán)限

FROM node:11-alpine as builder
WORKDIR /home/node
RUN wget https://github.com/YMFE/yapi/archive/refs/tags/v1.9.2.tar.gz
RUN tar -zxvf v1.9.2.tar.gz
RUN mv yapi-1.9.2 vendors
WORKDIR /home/node/vendors
RUN apk add python make
RUN npm install --production
RUN wget https://raw.githubusercontent.com/xie-shujian/k3s/main/yapi/entrypoint.sh
RUN chmod a+x entrypoint.sh

FROM node:11-alpine
LABEL maintainer="xiesj@live.com"
USER node
ENV TZ="Asia/Shanghai"
WORKDIR /home/node/vendors
COPY --from=builder /home/node/vendors /home/node/vendors
RUN cp config_example.json ../config.json
EXPOSE 3000
ENTRYPOINT ["sh", "entrypoint.sh"]

這里使用了多重鏡像摆碉，使用 copy --from 命令塘匣，第一個(gè)鏡像作為builder鏡像，把第一個(gè)鏡像的builder結(jié)果巷帝，復(fù)制到第二個(gè)鏡像里

制作成鏡像

docker build -t xieshujian/yapi:1.9.2 .

鏡像大小大概是164m忌卤，還是很小的

為了安全我們使用非root賬號(hào)，為了安全我們不新建賬號(hào)楞泼，直接使用node賬號(hào)

k8s部署yaml文件

• 創(chuàng)建secret
• 創(chuàng)建部署
  編寫環(huán)境變量驰徊，包含mongodb的連接信息
  編寫探針
• 創(chuàng)建service
  service端口是80，容器端口是3000

---

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: yapi-secret
stringData:
  YAPI_DB_PASS: yapipassword

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: yapi
  labels:
    app: yapi
spec:
  replicas: 1
  selector:
    matchLabels:
      app: yapi
  template:
    metadata:
      labels:
        app: yapi
    spec:
      containers:
      - name: yapi
        image: xieshujian/yapi:1.9.2
        env:
        - name: YAPI_DB_SERVERNAME
          value: mongodb
        - name: YAPI_DB_DATABASE
          value: yapidb
        - name: YAPI_DB_USER
          value: yapiuser
        - name: YAPI_DB_PASS
          valueFrom:
            secretKeyRef:
              name: yapi-secret
              key: YAPI_DB_PASS
        - name: YAPI_DB_AUTHSOURCE
          value: yapidb
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 3000
        livenessProbe:
          httpGet:
            path: /
            port: 3000
          initialDelaySeconds: 5
          periodSeconds: 5

---
apiVersion: v1
kind: Service
metadata:
  name: yapi
spec:
  selector:
    app: yapi
  ports:
    - protocol: TCP
      port: 80
      targetPort: 3000

config.json

{
  "port": "3000",
  "adminAccount": "admin@admin.com",
  "timeout":120000,
  "db": {
    "servername": "mongodb",
    "DATABASE": "yapidb",
    "port": 27017,
    "user": "yapiuser",
    "pass": "yapipassword",
    "authSource": "yapidb"
  },
  "mail": {
    "enable": false,
    "host": "smtp.163.com",
    "port": 465,
    "from": "***@163.com",
    "auth": {
      "user": "***@163.com",
      "pass": "*****"
    }
  }
}

我們會(huì)用mongodb堕阔，servername就是service name就叫mongodb

探針辣垒，這里使用http探針，5秒跑一次

建立service叫yapi

創(chuàng)建命名空間

kubectl create ns yapi

安裝mongodb

把mongodb chart下載解壓印蔬，找到values.yaml,打開勋桶，修改里面的rootPassword的值改為taihu123
另外把useStatefulSet設(shè)置成true，我們使用statefull
執(zhí)行下面命令安裝mongodb
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install mongodb bitnami/mongodb -n yapi -f values.yaml
安裝完畢之后進(jìn)入容器侥猬，執(zhí)行下面命令例驹，新建普通賬號(hào)，和數(shù)據(jù)庫

mongo -u root -p taihu123
use yapidb
db.createUser({user: "yapiuser",pwd: "yapipassword",roles: [ { role: "dbOwner", db: "yapidb" } ]} )

安裝yapi

kubectl apply -f yapi.yaml -n yapi
安裝完畢之后退唠，進(jìn)入其中一個(gè)pod
執(zhí)行下面命令
npm run install-server
初始化數(shù)據(jù)庫
接下來就可以登錄yapi了鹃锈，賬號(hào)是admin@admin.com,密碼是ymfe.org

k3s界面

image.png

image.png

image.png

image.png

image.png

yapi界面

image.png