edit-icon download-icon

Call methods

Last Updated: Jan 24, 2018

The REST API of application management needs to point to the cluster access point address and interact with the cluster by using the HTTPS request of self-signed certificate.

Obtain access point and certificate of the cluster

Obtain in Container Service console

  1. Log on to the Container Service console.

  2. Click Clusters in the left-side navigation pane.

  3. Click Manage at the right of the cluster.

    1

  4. View the cluster access point and click Download Certificate to download the cluster certificate.

    1

To use API access, change the tcp in the command of the preceding figure to https.

Obtain by programming

Obtain the following items by using the cluster management API:

  1. The master_url field value of the cluster. For more information, see View a cluster.
  2. The cluster certificate. For more information, see Obtain cluster certificate.

The API returned results:

  1. {
  2. "ca": "string", ##Certificate issued by the Certification Authority, ca.pem
  3. "cert": "string", ##Your public key certificate, cert.pem
  4. "key": "string" #Your private key certificate, key.pem
  5. }

We recommend that you save the three strings in the returned results as three files, namely, ca.pem, cert.pem, and key.pem, in one directory. For most tools or programming frameworks, the HTTPS certificate is loaded as a file.

Call application management API

Assume that your cluster name is ClusterName, the preceding three certificates are saved to the ~/.docker/aliyun/ClusterName directory, and the obtained master_url address is https://123.123.123.123:1234.

Application API list

For more information, see View application list.

The following example describes how to view application list interfaces (the context path is /projects/).

CURL

  1. # Note: You might need to upgrade your CURL to the correct version.
  2. curl --insecure --cert ~/.docker/aliyun/ClusterName/cert.pem --key ~/.docker/aliyun/ClusterName/key.pem https://123.123.123.123:1234/projects/

PHP

  1. <?php
  2. $ch = curl_init();
  3. curl_setopt($ch, CURLOPT_URL, "https://123.123.123.123:1234/projects/");
  4. curl_setopt($ch, CURLOPT_SSLKEY, "~/.docker/aliyun/ClusterName/key.pem");
  5. curl_setopt($ch, CURLOPT_CAINFO, "~/.docker/aliyun/ClusterName/ca.pem");
  6. curl_setopt($ch, CURLOPT_SSLCERT, "~/.docker/aliyun/ClusterName/cert.pem");
  7. $result=curl_exec($ch);
  8. echo $result;
  9. curl_close($ch);
  10. ?>

Python

  1. import requests
  2. res = requests.get('https://123.123.123.123:1234/projects/', verify='~/.docker/aliyun/ClusterName/ca.pem', cert=('~/.docker/aliyun/ClusterName/cert.pem', '~/.docker/aliyun/ClusterName/key.pem'))
  3. print res.content

Java

Add Maven dependency

  1. <dependency>
  2. <groupId>org.apache.httpcomponents</groupId>
  3. <artifactId>httpclient</artifactId>
  4. <version>4.5.1</version>
  5. </dependency>
  6. <dependency>
  7. <groupId>org.bouncycastle</groupId>
  8. <artifactId>bcpkix-jdk15on</artifactId>
  9. <version>1.52</version>
  10. </dependency>

Code sample:

  1. import java.nio.file.Path;
  2. import java.nio.charset.Charset;
  3. import java.nio.file.Files;
  4. import java.nio.file.Paths;
  5. import java.security.KeyFactory;
  6. import java.security.KeyStore;
  7. import java.security.PrivateKey;
  8. import java.security.cert.Certificate;
  9. import java.security.cert.CertificateFactory;
  10. import java.security.spec.PKCS8EncodedKeySpec;
  11. import javax.net.ssl.SSLContext;
  12. import org.bouncycastle.openssl.PEMKeyPair;
  13. import org.bouncycastle.openssl.PEMParser;
  14. import org.apache.http.client.methods.CloseableHttpResponse;
  15. import org.apache.http.client.methods.HttpGet;
  16. import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
  17. import org.apache.http.impl.client.CloseableHttpClient;
  18. import org.apache.http.impl.client.HttpClients;
  19. import org.apache.http.ssl.SSLContexts;
  20. import org.apache.http.util.EntityUtils;
  21. public class Test {
  22. public static void main(String[] argc) throws Exception {
  23. final char[] KEY_STORE_PASSWORD = "".toCharArray();
  24. //Obtain the certificate address
  25. Path caCertPath = Paths.get("~/.docker/aliyun/ClusterName/ca.pem");
  26. Path clientCertPath = Paths.get("~/.docker/aliyun/ClusterName/cert.pem");
  27. Path clientKeyPath = Paths.get("~/.docker/aliyun/ClusterName/key.pem");
  28. final CertificateFactory cf = CertificateFactory.getInstance("X.509");
  29. final Certificate caCert = cf.generateCertificate(Files.newInputStream(caCertPath));
  30. final Certificate clientCert = cf.generateCertificate(
  31. Files.newInputStream(clientCertPath));
  32. final PEMKeyPair clientKeyPair = (PEMKeyPair) new PEMParser(
  33. Files.newBufferedReader(clientKeyPath,
  34. Charset.defaultCharset()))
  35. .readObject();
  36. final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(
  37. clientKeyPair.getPrivateKeyInfo().getEncoded());
  38. final KeyFactory kf = KeyFactory.getInstance("RSA");
  39. final PrivateKey clientKey = kf.generatePrivate(spec);
  40. //Set the trusted certificate
  41. final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
  42. trustStore.load(null, null);
  43. trustStore.setEntry("ca", new KeyStore.TrustedCertificateEntry(caCert), null);
  44. //Set the private key
  45. final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
  46. keyStore.load(null, null);
  47. keyStore.setCertificateEntry("client", clientCert);
  48. keyStore.setKeyEntry("key", clientKey, KEY_STORE_PASSWORD, new Certificate[]{clientCert});
  49. SSLContext sslContext = SSLContexts.custom()
  50. .loadTrustMaterial(trustStore, null)
  51. .loadKeyMaterial(keyStore, KEY_STORE_PASSWORD)
  52. .build();
  53. SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
  54. sslContext,
  55. SSLConnectionSocketFactory.getDefaultHostnameVerifier());
  56. //httpclient connection
  57. CloseableHttpClient httpclient = HttpClients.custom()
  58. .setSSLSocketFactory(sslsf)
  59. .build();
  60. try {
  61. HttpGet httpget = new HttpGet("https://123.123.123.123:1234/projects/");
  62. CloseableHttpResponse response = httpclient.execute(httpget);
  63. try {
  64. System.out.println("----------------------------------------");
  65. String bodyAsString = EntityUtils.toString(response.getEntity());
  66. System.out.println(bodyAsString);
  67. } finally {
  68. response.close();
  69. }
  70. } finally {
  71. httpclient.close();
  72. }
  73. }
  74. }
Thank you! We've received your feedback.