YMFE/yapi: YApi 是一個可本地部署的、打通前后端及QA的营搅、可視化的接口管理平臺 (github.com)
YApi 接口管理平臺 (hellosean1025.github.io)
頂尖 API 文檔管理工具 (YAPI) - 簡書 (jianshu.com)
介紹
安全方面
yapi容器使用非root權限
mongodb使用非root賬號
首先我們創(chuàng)建一個dockerfile
FROM node:11-alpine as builder
WORKDIR /home/node
RUN wget https://github.com/YMFE/yapi/archive/refs/tags/v1.9.2.tar.gz
RUN tar -zxvf v1.9.2.tar.gz
RUN mv yapi-1.9.2 vendors
WORKDIR /home/node/vendors
RUN apk add python make
RUN npm install --production --registry https://registry.npm.taobao.org
FROM node:11-alpine
LABEL maintainer="xiesj@live.com"
WORKDIR /home/node/vendors
COPY --from=builder /home/node/vendors /home/node/vendors
USER node
ENV TZ="Asia/Shanghai"
EXPOSE 3000
CMD ["node","server/app.js"]
我們使用node11-alpine俐镐,需要額外安裝python和make
這里使用了多重鏡像,使用 copy --from 命令哺哼,第一個鏡像作為builder鏡像佩抹,把第一個鏡像的builder結果,復制到第二個鏡像里
制作成鏡像
docker build -t xieshujian/yapi:1.9.2 .
鏡像大小大概是164m取董,還是很小的
為了安全我們使用非root賬號棍苹,為了安全我們不新建賬號,直接使用node賬號
k8s部署yaml文件
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: yapi-secret
data:
config.json: |
ewogICJwb3J0IjogIjMwMDAiLAogICJhZG1pbkFjY291bnQiOiAiYWRtaW5AYWRtaW4uY29tIiwK
ICAidGltZW91dCI6MTIwMDAwLAogICJkYiI6IHsKICAgICJzZXJ2ZXJuYW1lIjogIm1vbmdvZGIi
LAogICAgIkRBVEFCQVNFIjogIm1vbmdvZGIiLAogICAgInBvcnQiOiAyNzAxNywKICAgICJ1c2Vy
IjogInJvb3QiLAogICAgInBhc3MiOiAidGFpaHUxMjMiLAogICAgImF1dGhTb3VyY2UiOiAiYWRt
aW4iCiAgfSwKICAibWFpbCI6IHsKICAgICJlbmFibGUiOiBmYWxzZSwKICAgICJob3N0IjogInNt
dHAuMTYzLmNvbSIsCiAgICAicG9ydCI6IDQ2NSwKICAgICJmcm9tIjogIioqKkAxNjMuY29tIiwK
ICAgICJhdXRoIjogewogICAgICAidXNlciI6ICIqKipAMTYzLmNvbSIsCiAgICAgICJwYXNzIjog
IioqKioqIgogICAgfQogIH0KfQo=
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: yapi
labels:
app: yapi
spec:
replicas: 2
selector:
matchLabels:
app: yapi
template:
metadata:
labels:
app: yapi
spec:
containers:
- name: yapi
image: xieshujian/yapi:1.9.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
livenessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
volumeMounts:
- name: config
mountPath: "/home/node/config.json"
subPath: "config.json"
volumes:
- name: config
secret:
secretName: yapi-secret
items:
- key: config.json
path: config.json
---
apiVersion: v1
kind: Service
metadata:
name: yapi
spec:
selector:
app: yapi
ports:
- protocol: TCP
port: 80
targetPort: 3000
我們把config.json這個文件制作成k8s secret文件茵汰,這里是用了base64,原始文件如下
{
"port": "3000",
"adminAccount": "admin@admin.com",
"timeout":120000,
"db": {
"servername": "mongodb",
"DATABASE": "yapidb",
"port": 27017,
"user": "yapiuser",
"pass": "yapipassword",
"authSource": "yapidb"
},
"mail": {
"enable": false,
"host": "smtp.163.com",
"port": 465,
"from": "***@163.com",
"auth": {
"user": "***@163.com",
"pass": "*****"
}
}
}
我們會用mongodb枢里,servername就是service name就叫mongodb
這里采用文件掛載,使用subPath蹂午,注意path要寫到config.json,因為/yapi是非空目錄栏豺,不是掛載整個目錄,是掛載單個文件豆胸,坑1
探針奥洼,這里使用http探針,5秒跑一次
建立service叫yapi
創(chuàng)建命名空間
kubectl create ns yapi
安裝mongodb
把mongodb chart下載解壓晚胡,找到values.yaml,打開灵奖,修改里面的rootPassword的值改為taihu123
另外把useStatefulSet設置成true嚼沿,我們使用statefull
執(zhí)行下面命令安裝mongodb
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install mongodb bitnami/mongodb -n yapi -f values.yaml
安裝完畢之后進入容器,執(zhí)行下面命令瓷患,新建普通賬號骡尽,和數(shù)據(jù)庫
mongo -u root -p taihu123
use yapidb
db.createUser({user: "yapiuser",pwd: "yapipassword",roles: [ { role: "dbOwner", db: "yapidb" } ]} )
安裝yapi
kubectl apply -f yapi yapi.yaml -n yapi
安裝完畢之后,進入其中一個pod
執(zhí)行下面命令
npm run install-server
初始化數(shù)據(jù)庫
接下來就可以登錄yapi了擅编,賬號是admin@admin.com,密碼是ymfe.org
k3s界面
yapi界面
方案已被更新攀细,請查看v2版本
