报错(1): MongoNetworkError: Authentication failed., mongodb Authentication failed
解决方法: 如果确认了客户端或者命令行都能了连接mongodb,但是yapi连接却报错的话,那么authSource 不能默认写admin,要改成空串就可以了
报错(2): 配置完了ldap却说找不到用户
若要用邮件作为账号,则YAPI_LDAP_LOGIN_SEARCH_STANDARD=mail即可,而且最后三项非必填,如果不确定就都不写了
参考:YAPI工具配置LDAP统一用户认证 - ouhy - 博客园 (cnblogs.com)
(3)最后贴上完整的yaml文件:
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: yapi-pod
namespace: public-service
name: yapi-deployment
spec:
selector:
matchLabels:
app: yapi-pod
template:
metadata:
labels:
app: yapi-pod
spec:
restartPolicy: Always
containers:
#yapi
- image: jayfong/yapi:1.10.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
name: yapi
env:
#管理员账号,禁止注册,默认密码: ymfe.org 登录请修改
- name: YAPI_ADMIN_ACCOUNT
value: "xxxx@qq.com"
- name: YAPI_ADMIN_PASSWORD
value: "123456"
- name: YAPI_CLOSE_REGISTER
value: "true"
#mongodb 配置
- name: YAPI_DB_SERVERNAME
value: "dds123456.mongodb.rds.aliyuncs.com"
- name: YAPI_DB_PORT
value: "27017"
- name: YAPI_DB_DATABASE
value: "yapi"
- name: YAPI_DB_USER
value: "yapi"
- name: YAPI_DB_PASS
value: "123456"
- name: YAPI_DB_AUTH_SOURCE
value: ""
#mail 邮件功能
- name: YAPI_MAIL_ENABLE
value: "true"
- name: YAPI_MAIL_HOST
value: "smtp.exmail.qq.com"
- name: YAPI_MAIL_PORT
value: "465"
- name: YAPI_MAIL_FROM
value: "xxxx@qq.com"
- name: YAPI_MAIL_AUTH_USER
value: "xxxx@qq.com"
- name: YAPI_MAIL_AUTH_PASS
value: "123456"
#ldap 功能
- name: YAPI_LDAP_LOGIN_ENABLE
value: "true"
- name: YAPI_LDAP_LOGIN_SERVER
value: "ldap://ldap-service.kube-system.svc.cluster.local:389" #这里使用的是内网poddns来找到ldap服务
- name: YAPI_LDAP_LOGIN_BASE_DN
value: "cn=admin,dc=example,dc=com"
- name: YAPI_LDAP_LOGIN_BIND_PASSWORD
value: "123456"
- name: YAPI_LDAP_LOGIN_SEARCH_DN
value: "dc=example,dc=com"
- name: YAPI_LDAP_LOGIN_SEARCH_STANDARD #若要用邮件作为账号,则YAPI_LDAP_LOGIN_SEARCH_STANDARD=mail即可
value: "mail"
---
apiVersion: v1
kind: Service
metadata:
name: yapi-service
namespace: public-service
spec:
selector:
app: yapi-pod
ports:
- name: yapi-port
protocol: TCP
port: 8080
targetPort: 3000
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: yapi-ingress
namespace: public-service
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive"
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
nginx.ingress.kubernetes.io/proxy-body-size: 80m
spec:
tls:
- hosts:
- 'www.xxxx.com'
secretName: xxx-com-secret #https的证书 这里可以参考另外一篇《Kubernetes Ingress配置HTTPS》
rules:
- host: www.xxxx.com
http:
paths:
- path: /
backend:
serviceName: yapi-service
servicePort: 8080
参考:
https://github.com/fjc0k/docker-YApi
https://www.icode9.com/content-4-1069439.html
https://www.leeguangxing.cn/blog_post_92.html
https://blog.csdn.net/weixin_45444133/article/details/118673418
http://t.zoukankan.com/sddai-p-13807310.html
https://blog.csdn.net/weixin_45444133/article/details/118673418