maxPods: 110
rotateCertificates: true
kubeReserved:
  cpu: 200m
  memory: 250Mi
systemReserved:
  cpu: 200m
  memory: 250Mi
evictionHard:
  memory.available: 5%
evictionSoft:
  memory.available: 10%
evictionSoftGracePeriod: 
  memory.available: 2m
evictionMaxPodGracePeriod: 120
evictionPressureTransitionPeriod: 30s

- {name: i-5boh9fm9, address: 192.168.100.7, internalAddress: 192.168.100.7, user: XXX, password: XXX}

  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FUR...
    client-key-data: LS0tLS1CRUdJTiBQUk...

  user:
    token: xxxxxxxx...

arvin.he@vk ~/go/src/kubesphere.io/kubesphere (master●●)$ telepresence --namespace kubesphere-system --swap-deployment ks-apiserver --expose 9090:9090 --run go run ./cmd/ks-apiserver/apiserver.go
T: Starting proxy with method 'vpn-tcp', which has the following limitations: All processes are affected, only one telepresence can run per machine, and you
T: can't use other VPNs. You may need to add cloud hosts and headless services with --also-proxy. For a full list of method limitations see
T: https://telepresence.io/reference/methods.html
T: Volumes are rooted at $TELEPRESENCE_ROOT. See https://telepresence.io/howto/volumes.html for details.
T: Starting network proxy to cluster by swapping out Deployment ks-apiserver with a proxy
T: Forwarding remote port 9090 to local port 9090.

T: Connected. Flushing DNS cache.
T: Setup complete. Launching your command.
Error: factory is not able to fill the pool: LDAP Result Code 200 "Network Error": dial tcp 10.233.71.55:389: i/o timeout
Usage:
  ks-apiserver [flags]

Flags:
      --access-token-max-age duration                   AccessTokenMaxAgeSeconds  control the lifetime of access tokens, 0 means no expiration. (default 24h0m0s)
      --add-dir-header                                  If true, adds the file directory to the header
      --agent-image string                              This field is used when generating deployment yaml for agent. (default "kubesphere/tower:v1.0")
      --alsologtostderr                                 log to standard error as well as files
      --auditing-elasticsearch-host string              Elasticsearch service host. KubeSphere is using elastic as auditing store, if this filed left blank, KubeSphere will use kubernetes builtin event API instead, and the following elastic search options will be ignored.
      --auditing-elasticsearch-version string           Elasticsearch major version, e.g. 5/6/7, if left blank, will detect automatically.Currently, minimum supported version is 5.x
      --auditing-enabled                                Enable auditing component or not.
      --auditing-index-prefix string                    Index name prefix. KubeSphere will retrieve auditing against indices matching the prefix. (default "ks-logstash-auditing")
      --auditing-webhook-url string                     Auditing wehook url
      --authenticate-max-retries int
      --authenticate-rate-limiter-duration duration      (default 30m0s)
      --authenticate-rate-limiter-max-retries int        (default 5)
      --authorization string                            Authorization setting, allowed values: AlwaysDeny, AlwaysAllow, RBAC. (default "RBAC")
      --bind-address string                             server bind address (default "0.0.0.0")
      --debug                                           Don't enable this if you don't know what it means.
      --elasticsearch-host string                       Elasticsearch logging service host. KubeSphere is using elastic as log store, if this filed left blank, KubeSphere will use kubernetes builtin log API instead, and the following elastic search options will be ignored. (default "http://elasticsearch-logging-data.kubesphere-logging-system.svc.cluster.local:9200")
      --elasticsearch-version string                    Elasticsearch major version, e.g. 5/6/7, if left blank, will detect automatically.Currently, minimum supported version is 5.x
      --enable-network-policy                           This field instructs KubeSphere to enable network policy or not.
  -h, --help                                            help for ks-apiserver
      --index-prefix string                             Index name prefix. KubeSphere will retrieve logs against indices matching the prefix. (default "ks-logstash-log")
      --insecure-port int                               insecure port number (default 9090)
      --istio-pilot-host string                         istio pilot discovery service url
      --jaeger-query-host string                        jaeger query service url
      --jenkins-host string                             Jenkins service host address. If left blank, means Jenkins is unnecessary. (default "http://ks-jenkins.kubesphere-devops-system.svc/")
      --jenkins-max-connections int                     Maximum allowed connections to Jenkins.  (default 100)
      --jenkins-password string                         Password for access to Jenkins service, used pair with username. (default "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImFkbWluQGt1YmVzcGhlcmUuaW8iLCJleHAiOjE4MTYyMzkwMjIsInVzZXJuYW1lIjoiYWRtaW4ifQ.okmNepQvZkBRe1M8z2HAWRN0AVj9ooVu79IafHKCjZI")
      --jenkins-username string                         Username for access to Jenkins service. Leave it blank if there isn't any. (default "admin")
      --jwt-secret string                               Secret to sign jwt token, must not be empty.
      --kubeconfig string                               Path for kubernetes kubeconfig file, if left blank, will use in cluster way. (default "/Users/arvin.he/.kube/config")
      --ldap-group-search-base string                   Ldap group search base. (default "ou=Groups,dc=kubesphere,dc=io")
      --ldap-host string                                Ldap service host, if left blank, all of the following ldap options will be ignored and ldap will be disabled. (default "openldap.kubesphere-system.svc:389")
      --ldap-manager-dn string                          Ldap manager account domain name. (default "cn=admin,dc=kubesphere,dc=io")
      --ldap-manager-password string                    Ldap manager account password. (default "P@88w0rd")
      --ldap-user-search-base string                    Ldap user search base. (default "ou=Users,dc=kubesphere,dc=io")
      --log-backtrace-at traceLocation                  when logging hits line file:N, emit a stack trace (default :0)
      --log-dir string                                  If non-empty, write log files in this directory
      --log-file string                                 If non-empty, use this log file
      --log-file-max-size uint                          Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                                     log to standard error instead of files (default true)
      --master string                                   Used to generate kubeconfig for downloading, if not specified, will use host in kubeconfig. (default "https://172.16.98.150:6443")
      --multiple-clusters                               This field instructs KubeSphere to enter multiple-cluster mode or not.
      --multiple-login                                  Allow multiple login with the same account, disable means only one user can login at the same time.
      --openpitrix-app-manager-endpoint string          OpenPitrix app manager endpoint (default "openpitrix-app-manager.openpitrix-system.svc:9102")
      --openpitrix-attachment-manager-endpoint string   OpenPitrix attachment manager endpoint (default "openpitrix-attachment-manager.openpitrix-system.svc:9122")
      --openpitrix-category-manager-endpoint string     OpenPitrix category manager endpoint (default "openpitrix-category-manager.openpitrix-system.svc:9113")
      --openpitrix-cluster-manager-endpoint string      OpenPitrix cluster manager endpoint (default "openpitrix-cluster-manager.openpitrix-system.svc:9104")
      --openpitrix-repo-indexer-endpoint string         OpenPitrix repo indexer endpoint (default "openpitrix-repo-indexer.openpitrix-system.svc:9108")
      --openpitrix-repo-manager-endpoint string         OpenPitrix repo manager endpoint (default "openpitrix-repo-manager.openpitrix-system.svc:9101")
      --openpitrix-runtime-manager-endpoint string      OpenPitrix runtime manager endpoint (default "openpitrix-runtime-manager.openpitrix-system.svc:9103")
      --prometheus-endpoint string                      Prometheus service endpoint which stores KubeSphere monitoring data, if left blank, will use builtin metrics-server as data source. (default "http://prometheus-k8s.kubesphere-monitoring-system.svc:9090")
      --proxy-publish-address string                    Public address of tower, APIServer will use this field as proxy publish address. This field takes precedence over field proxy-publish-service. For example, http://139.198.121.121:8080.
      --proxy-publish-service string                    Service name of tower. APIServer will use its ingress address as proxy publish address.For example, tower.kubesphere-system.svc.
      --redis-db int
      --redis-host string                               Redis connection URL. If left blank, means redis is unnecessary, redis will be disabled. (default "redis.kubesphere-system.svc")
      --redis-password string
      --redis-port int                                   (default 6379)
      --s3-access-key-id string                         access key of s2i s3 (default "openpitrixminioaccesskey")
      --s3-bucket string                                bucket name of s2i s3 (default "s2i-binaries")
      --s3-disable-SSL                                  disable ssl (default true)
      --s3-endpoint string                              Endpoint to access to s3 object storage service, if left blank, the following options will be ignored. (default "http://minio.kubesphere-system.svc:9000")
      --s3-force-path-style                             force path style (default true)
      --s3-region string                                Region of s3 that will access to, like us-east-1. (default "us-east-1")
      --s3-secret-access-key string                     secret access key of s2i s3 (default "openpitrixminiosecretkey")
      --s3-session-token string                         session token of s2i s3
      --secure-port int                                 secure port number
      --servicemesh-prometheus-host string              prometheus service for servicemesh
      --skip-headers                                    If true, avoid header prefixes in the log messages
      --skip-log-headers                                If true, avoid headers when opening log files
      --sonarqube-host string                           Sonarqube service address, if left empty, following sonarqube options will be ignored. (default "http://172.16.98.150:32297")
      --sonarqube-token string                          Sonarqube service access token. (default "4e51de276f1fd0eb3a20b58e523d43ce76347302")
      --stderrthreshold severity                        logs at or above this threshold go to stderr (default 2)
      --tls-cert-file string                            tls cert file
      --tls-private-key string                          tls private key
  -v, --v Level                                         number for the log level verbosity
      --vmodule moduleSpec                              comma-separated list of pattern=N settings for file-filtered logging

2020/06/24 22:33:51 factory is not able to fill the pool: LDAP Result Code 200 "Network Error": dial tcp 10.233.71.55:389: i/o timeout
exit status 1
T: Your process exited with return code 1.
T: Exit cleanup in progress
T: Swapping Deployment ks-apiserver back to its original state
arvin.he@vk ~/go/src/kubesphere.io/kubesphere (master●●)$

arvin.he@vk ~/go/src/kubesphere.io/kubesphere (master●●)$ ls
CONTRIBUTING.md  OWNERS           README_zh.md     build            coverage.txt     go.mod           install          telepresence.log vendor
LICENSE          PROJECT          api              cmd              doc.go           go.sum           kubesphere.yaml  test
Makefile         README.md        bin              config           docs             hack             pkg              tools

kubernetes:
  kubeconfig: "/Users/arvin.he/.kube/config"
  master: https://172.16.98.150:6443
  qps: 1e+06
  burst: 1000000

ldap:
  host: openldap.kubesphere-system.svc:389
  managerDN: cn=admin,dc=kubesphere,dc=io
  managerPassword: P@88w0rd
  userSearchBase: ou=Users,dc=kubesphere,dc=io
  groupSearchBase: ou=Groups,dc=kubesphere,dc=io

redis:
  host: redis.kubesphere-system.svc
  port: 6379
  password: ""
  db: 0

s3:
  endpoint: http://minio.kubesphere-system.svc:9000
  region: us-east-1
  disableSSL: true
  forcePathStyle: true
  accessKeyID: openpitrixminioaccesskey
  secretAccessKey: openpitrixminiosecretkey
  bucket: s2i-binaries

mysql:
  host: mysql.kubesphere-system.svc:3306
  username: root
  password: password
  maxIdleConnections: 100
  maxOpenConnections: 100
  maxConnectionLifeTime: 10s

devops:
  host: http://ks-jenkins.kubesphere-devops-system.svc/
  username: admin
  password: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImFkbWluQGt1YmVzcGhlcmUuaW8iLCJleHAiOjE4MTYyMzkwMjIsInVzZXJuYW1lIjoiYWRtaW4ifQ.okmNepQvZkBRe1M8z2HAWRN0AVj9ooVu79IafHKCjZI
  maxConnections: 100

sonarQube:
  host: http://172.16.98.150:32297
  token: 4e51de276f1fd0eb3a20b58e523d43ce76347302

openpitrix:
  runtimeManagerEndpoint:    "openpitrix-runtime-manager.openpitrix-system.svc:9103"
  clusterManagerEndpoint:    "openpitrix-cluster-manager.openpitrix-system.svc:9104"
  repoManagerEndpoint:       "openpitrix-repo-manager.openpitrix-system.svc:9101"
  appManagerEndpoint:        "openpitrix-app-manager.openpitrix-system.svc:9102"
  categoryManagerEndpoint:   "openpitrix-category-manager.openpitrix-system.svc:9113"
  attachmentManagerEndpoint: "openpitrix-attachment-manager.openpitrix-system.svc:9122"
  repoIndexerEndpoint:       "openpitrix-repo-indexer.openpitrix-system.svc:9108"

monitoring:
  endpoint: http://prometheus-k8s.kubesphere-monitoring-system.svc:9090
  secondaryEndpoint: http://prometheus-k8s-system.kubesphere-monitoring-system.svc:9090

logging:
  host: http://elasticsearch-logging-data.kubesphere-logging-system.svc.cluster.local:9200
  indexPrefix: ks-logstash-log

alerting:
  endpoint: http://alerting.kubesphere-alerting-system.svc

notification:
  endpoint: http://notification.kubesphere-alerting-system.svc

arvin.he@vk ~/go/src/kubesphere.io/kubesphere (master●●)$ curl http://ks-apigateway.kubesphere-system
401 Unauthorized

Sending build context to Docker daemon  141.6MB
Step 1/8 : FROM golang:1.12 as controller-manager-builder
 ---> ffcaee6f7d8b
Step 2/8 : COPY / /go/src/kubesphere.io/kubesphere
 ---> ce4ec5aec998
Step 3/8 : WORKDIR /go/src/kubesphere.io/kubesphere
 ---> Running in 653b62e681e8
Removing intermediate container 653b62e681e8
 ---> fd87a5dbab82
Step 4/8 : RUN CGO_ENABLED=0 GO111MODULE=on GOOS=linux GOARCH=amd64 GOFLAGS=-mod=vendor go build --ldflags "-extldflags -static" -o controller-manager ./cmd/controller-manager/
 ---> Running in a9dda2856eed
Removing intermediate container a9dda2856eed
 ---> 88b836d3e8e7
Step 5/8 : FROM alpine:3.7
 ---> 6d1ef012b567
Step 6/8 : RUN echo -e "https://mirrors.ustc.edu.cn/alpine/latest-stable/main\nhttps://mirrors.ustc.edu.cn/alpine/latest-stable/community" > /etc/apk/repositories && apk add --update ca-certificates && update-ca-certificates
 ---> Running in 4e038f46cf66
fetch https://mirrors.ustc.edu.cn/alpine/latest-stable/main/x86_64/APKINDEX.tar.gz
fetch https://mirrors.ustc.edu.cn/alpine/latest-stable/community/x86_64/APKINDEX.tar.gz
(1/2) Installing libcrypto1.1 (1.1.1g-r0)
**ERROR: libcrypto1.1-1.1.1g-r0: trying to overwrite etc/ssl/openssl.cnf owned by libressl2.6-libcrypto-2.6.5-r0.**
(2/2) Installing ca-certificates (20191127-r1)
Executing busybox-1.27.2-r11.trigger
Executing ca-certificates-20191127-r1.trigger
1 error; 8 MiB in 15 packages
**The command '/bin/sh -c echo -e "https://mirrors.ustc.edu.cn/alpine/latest-stable/main\nhttps://mirrors.ustc.edu.cn/alpine/latest-stable/community" > /etc/apk/repositories && apk add --update ca-certificates && update-ca-certificates' returned a non-zero code: 1**