arvin.he@vk ~/go/src/kubesphere.io/kubesphere (master●●)$ telepresence --namespace kubesphere-system --swap-deployment ks-apiserver --expose 9090:9090 --run go run ./cmd/ks-apiserver/apiserver.go
T: Starting proxy with method 'vpn-tcp', which has the following limitations: All processes are affected, only one telepresence can run per machine, and you
T: can't use other VPNs. You may need to add cloud hosts and headless services with --also-proxy. For a full list of method limitations see
T: https://telepresence.io/reference/methods.html
T: Volumes are rooted at $TELEPRESENCE_ROOT. See https://telepresence.io/howto/volumes.html for details.
T: Starting network proxy to cluster by swapping out Deployment ks-apiserver with a proxy
T: Forwarding remote port 9090 to local port 9090.
T: Connected. Flushing DNS cache.
T: Setup complete. Launching your command.
Error: factory is not able to fill the pool: LDAP Result Code 200 "Network Error": dial tcp 10.233.71.55:389: i/o timeout
Usage:
ks-apiserver [flags]
Flags:
--access-token-max-age duration AccessTokenMaxAgeSeconds control the lifetime of access tokens, 0 means no expiration. (default 24h0m0s)
--add-dir-header If true, adds the file directory to the header
--agent-image string This field is used when generating deployment yaml for agent. (default "kubesphere/tower:v1.0")
--alsologtostderr log to standard error as well as files
--auditing-elasticsearch-host string Elasticsearch service host. KubeSphere is using elastic as auditing store, if this filed left blank, KubeSphere will use kubernetes builtin event API instead, and the following elastic search options will be ignored.
--auditing-elasticsearch-version string Elasticsearch major version, e.g. 5/6/7, if left blank, will detect automatically.Currently, minimum supported version is 5.x
--auditing-enabled Enable auditing component or not.
--auditing-index-prefix string Index name prefix. KubeSphere will retrieve auditing against indices matching the prefix. (default "ks-logstash-auditing")
--auditing-webhook-url string Auditing wehook url
--authenticate-max-retries int
--authenticate-rate-limiter-duration duration (default 30m0s)
--authenticate-rate-limiter-max-retries int (default 5)
--authorization string Authorization setting, allowed values: AlwaysDeny, AlwaysAllow, RBAC. (default "RBAC")
--bind-address string server bind address (default "0.0.0.0")
--debug Don't enable this if you don't know what it means.
--elasticsearch-host string Elasticsearch logging service host. KubeSphere is using elastic as log store, if this filed left blank, KubeSphere will use kubernetes builtin log API instead, and the following elastic search options will be ignored. (default "http://elasticsearch-logging-data.kubesphere-logging-system.svc.cluster.local:9200")
--elasticsearch-version string Elasticsearch major version, e.g. 5/6/7, if left blank, will detect automatically.Currently, minimum supported version is 5.x
--enable-network-policy This field instructs KubeSphere to enable network policy or not.
-h, --help help for ks-apiserver
--index-prefix string Index name prefix. KubeSphere will retrieve logs against indices matching the prefix. (default "ks-logstash-log")
--insecure-port int insecure port number (default 9090)
--istio-pilot-host string istio pilot discovery service url
--jaeger-query-host string jaeger query service url
--jenkins-host string Jenkins service host address. If left blank, means Jenkins is unnecessary. (default "http://ks-jenkins.kubesphere-devops-system.svc/")
--jenkins-max-connections int Maximum allowed connections to Jenkins. (default 100)
--jenkins-password string Password for access to Jenkins service, used pair with username. (default "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImFkbWluQGt1YmVzcGhlcmUuaW8iLCJleHAiOjE4MTYyMzkwMjIsInVzZXJuYW1lIjoiYWRtaW4ifQ.okmNepQvZkBRe1M8z2HAWRN0AVj9ooVu79IafHKCjZI")
--jenkins-username string Username for access to Jenkins service. Leave it blank if there isn't any. (default "admin")
--jwt-secret string Secret to sign jwt token, must not be empty.
--kubeconfig string Path for kubernetes kubeconfig file, if left blank, will use in cluster way. (default "/Users/arvin.he/.kube/config")
--ldap-group-search-base string Ldap group search base. (default "ou=Groups,dc=kubesphere,dc=io")
--ldap-host string Ldap service host, if left blank, all of the following ldap options will be ignored and ldap will be disabled. (default "openldap.kubesphere-system.svc:389")
--ldap-manager-dn string Ldap manager account domain name. (default "cn=admin,dc=kubesphere,dc=io")
--ldap-manager-password string Ldap manager account password. (default "P@88w0rd")
--ldap-user-search-base string Ldap user search base. (default "ou=Users,dc=kubesphere,dc=io")
--log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log-dir string If non-empty, write log files in this directory
--log-file string If non-empty, use this log file
--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--master string Used to generate kubeconfig for downloading, if not specified, will use host in kubeconfig. (default "https://172.16.98.150:6443")
--multiple-clusters This field instructs KubeSphere to enter multiple-cluster mode or not.
--multiple-login Allow multiple login with the same account, disable means only one user can login at the same time.
--openpitrix-app-manager-endpoint string OpenPitrix app manager endpoint (default "openpitrix-app-manager.openpitrix-system.svc:9102")
--openpitrix-attachment-manager-endpoint string OpenPitrix attachment manager endpoint (default "openpitrix-attachment-manager.openpitrix-system.svc:9122")
--openpitrix-category-manager-endpoint string OpenPitrix category manager endpoint (default "openpitrix-category-manager.openpitrix-system.svc:9113")
--openpitrix-cluster-manager-endpoint string OpenPitrix cluster manager endpoint (default "openpitrix-cluster-manager.openpitrix-system.svc:9104")
--openpitrix-repo-indexer-endpoint string OpenPitrix repo indexer endpoint (default "openpitrix-repo-indexer.openpitrix-system.svc:9108")
--openpitrix-repo-manager-endpoint string OpenPitrix repo manager endpoint (default "openpitrix-repo-manager.openpitrix-system.svc:9101")
--openpitrix-runtime-manager-endpoint string OpenPitrix runtime manager endpoint (default "openpitrix-runtime-manager.openpitrix-system.svc:9103")
--prometheus-endpoint string Prometheus service endpoint which stores KubeSphere monitoring data, if left blank, will use builtin metrics-server as data source. (default "http://prometheus-k8s.kubesphere-monitoring-system.svc:9090")
--proxy-publish-address string Public address of tower, APIServer will use this field as proxy publish address. This field takes precedence over field proxy-publish-service. For example, http://139.198.121.121:8080.
--proxy-publish-service string Service name of tower. APIServer will use its ingress address as proxy publish address.For example, tower.kubesphere-system.svc.
--redis-db int
--redis-host string Redis connection URL. If left blank, means redis is unnecessary, redis will be disabled. (default "redis.kubesphere-system.svc")
--redis-password string
--redis-port int (default 6379)
--s3-access-key-id string access key of s2i s3 (default "openpitrixminioaccesskey")
--s3-bucket string bucket name of s2i s3 (default "s2i-binaries")
--s3-disable-SSL disable ssl (default true)
--s3-endpoint string Endpoint to access to s3 object storage service, if left blank, the following options will be ignored. (default "http://minio.kubesphere-system.svc:9000")
--s3-force-path-style force path style (default true)
--s3-region string Region of s3 that will access to, like us-east-1. (default "us-east-1")
--s3-secret-access-key string secret access key of s2i s3 (default "openpitrixminiosecretkey")
--s3-session-token string session token of s2i s3
--secure-port int secure port number
--servicemesh-prometheus-host string prometheus service for servicemesh
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files
--sonarqube-host string Sonarqube service address, if left empty, following sonarqube options will be ignored. (default "http://172.16.98.150:32297")
--sonarqube-token string Sonarqube service access token. (default "4e51de276f1fd0eb3a20b58e523d43ce76347302")
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--tls-cert-file string tls cert file
--tls-private-key string tls private key
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
2020/06/24 22:33:51 factory is not able to fill the pool: LDAP Result Code 200 "Network Error": dial tcp 10.233.71.55:389: i/o timeout
exit status 1
T: Your process exited with return code 1.
T: Exit cleanup in progress
T: Swapping Deployment ks-apiserver back to its original state
arvin.he@vk ~/go/src/kubesphere.io/kubesphere (master●●)$
arvin.he@vk ~/go/src/kubesphere.io/kubesphere (master●●)$ ls
CONTRIBUTING.md OWNERS README_zh.md build coverage.txt go.mod install telepresence.log vendor
LICENSE PROJECT api cmd doc.go go.sum kubesphere.yaml test
Makefile README.md bin config docs hack pkg tools
kubernetes:
kubeconfig: "/Users/arvin.he/.kube/config"
master: https://172.16.98.150:6443
qps: 1e+06
burst: 1000000
ldap:
host: openldap.kubesphere-system.svc:389
managerDN: cn=admin,dc=kubesphere,dc=io
managerPassword: P@88w0rd
userSearchBase: ou=Users,dc=kubesphere,dc=io
groupSearchBase: ou=Groups,dc=kubesphere,dc=io
redis:
host: redis.kubesphere-system.svc
port: 6379
password: ""
db: 0
s3:
endpoint: http://minio.kubesphere-system.svc:9000
region: us-east-1
disableSSL: true
forcePathStyle: true
accessKeyID: openpitrixminioaccesskey
secretAccessKey: openpitrixminiosecretkey
bucket: s2i-binaries
mysql:
host: mysql.kubesphere-system.svc:3306
username: root
password: password
maxIdleConnections: 100
maxOpenConnections: 100
maxConnectionLifeTime: 10s
devops:
host: http://ks-jenkins.kubesphere-devops-system.svc/
username: admin
password: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImFkbWluQGt1YmVzcGhlcmUuaW8iLCJleHAiOjE4MTYyMzkwMjIsInVzZXJuYW1lIjoiYWRtaW4ifQ.okmNepQvZkBRe1M8z2HAWRN0AVj9ooVu79IafHKCjZI
maxConnections: 100
sonarQube:
host: http://172.16.98.150:32297
token: 4e51de276f1fd0eb3a20b58e523d43ce76347302
openpitrix:
runtimeManagerEndpoint: "openpitrix-runtime-manager.openpitrix-system.svc:9103"
clusterManagerEndpoint: "openpitrix-cluster-manager.openpitrix-system.svc:9104"
repoManagerEndpoint: "openpitrix-repo-manager.openpitrix-system.svc:9101"
appManagerEndpoint: "openpitrix-app-manager.openpitrix-system.svc:9102"
categoryManagerEndpoint: "openpitrix-category-manager.openpitrix-system.svc:9113"
attachmentManagerEndpoint: "openpitrix-attachment-manager.openpitrix-system.svc:9122"
repoIndexerEndpoint: "openpitrix-repo-indexer.openpitrix-system.svc:9108"
monitoring:
endpoint: http://prometheus-k8s.kubesphere-monitoring-system.svc:9090
secondaryEndpoint: http://prometheus-k8s-system.kubesphere-monitoring-system.svc:9090
logging:
host: http://elasticsearch-logging-data.kubesphere-logging-system.svc.cluster.local:9200
indexPrefix: ks-logstash-log
alerting:
endpoint: http://alerting.kubesphere-alerting-system.svc
notification:
endpoint: http://notification.kubesphere-alerting-system.svc
arvin.he@vk ~/go/src/kubesphere.io/kubesphere (master●●)$ curl http://ks-apigateway.kubesphere-system
401 Unauthorized