KubeSphere平台APIGateWay命令行参数说明

1. 背景

  • KubeSphere-V2.1.1-GA版本发布
  • 了解Caddy实现的路由分发信息
  • KS-APIGateWay加载/etc/caddy/Caddyfile方式

2. 路由信息

源码路径

apiVersion: v1
data:
  Caddyfile: |
    :2018 {
      root /home
      authenticate {
        token-idle-timeout 40m
        redis-url redis://redis.kubesphere-system.svc:6379
        secret {$JWT_SECRET}
        path /
        except GET /kapis/openpitrix.io/v1/apps /kapis/openpitrix.io/v1/attachments /kapis/openpitrix.io/v1/categories
        except * /apis/account.kubesphere.io/v1alpha1/authenticate /kapis/iam.kubesphere.io/v1alpha2/login /kapis/iam.kubesphere.io/v1alpha2/authenticate /images /kapis/devops.kubesphere.io/v1alpha2/webhook/github /kapis/devops.kubesphere.io/v1alpha2/webhook/git /swagger /kapis/v1alpha1/configz
      }

      authentication {
        path /
        except * /kapis/tenant.kubesphere.io/v1alpha2 /kapis/alerting.kubesphere.io/v1/comment /kapis/alerting.kubesphere.io/v1/resource_type /kapis/alerting.kubesphere.io/v1/metric /kapis/notification.kubesphere.io /kapis/resources.kubesphere.io/v1alpha2/registry /kapis/iam.kubesphere.io/v1alpha2/rulesmapping /kapis/jenkins.kubesphere.io /kapis/devops.kubesphere.io /apis/devops.kubesphere.io /kapis/resources.kubesphere.io/v1alpha2/git/verify
      }
      
      swagger

      # k8s api
      proxy /api https://kubernetes.default {
        header_upstream Authorization "Bearer {$KUBESPHERE_TOKEN}"
        insecure_skip_verify
        transparent
        websocket
      }

      # fix jenkins auth plugin
      proxy /apis/account.kubesphere.io/v1alpha1/authenticate http://ks-account.kubesphere-system.svc/kapis/iam.kubesphere.io/v1alpha2/authenticate {
        without /apis/account.kubesphere.io/v1alpha1/authenticate
        transparent
      }

      # jenkins
      proxy /kapis/jenkins.kubesphere.io http://ks-jenkins.kubesphere-devops-system.svc {
        without /kapis/jenkins.kubesphere.io
        transparent
      }
      
      proxy /job http://ks-jenkins.kubesphere-devops-system.svc {
        transparent
      }

      # old devops api
      proxy /kapis/devops.kubesphere.io/v1alpha/ http://ks-devops.kubesphere-devops-system.svc/api {
        without /kapis/devops.kubesphere.io
        transparent
      }

      # new devops api
      proxy /kapis/devops.kubesphere.io/v1alpha2/ http://ks-apiserver.kubesphere-system.svc {
        transparent
      }
      
      # iam
      proxy /kapis/iam.kubesphere.io http://ks-account.kubesphere-system.svc {
        transparent
      }

      # tenant
      proxy /kapis/tenant.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # operations
      proxy /kapis/operations.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # openpitrix
      proxy /kapis/openpitrix.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # logging
      proxy /kapis/logging.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # alerting
      proxy /kapis/alerting.kubesphere.io http://alerting-client-server.kubesphere-alerting-system.svc:9200/api {
        without /kapis/alerting.kubesphere.io
        transparent
      }

      # servicemesh
      proxy /kapis/servicemesh.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      proxy /kapis/resources.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      proxy /kapis/metrics.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # terminal
      proxy /kapis/terminal.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
        websocket
      }

      # monitoring
      proxy /kapis/monitoring.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # notification
      proxy /kapis/notification.kubesphere.io http://notification.kubesphere-alerting-system.svc:9200 {
        without /kapis/notification.kubesphere.io
        transparent
      }

      # everything else goes to ks-apiserver
      proxy /kapis http://ks-apiserver.kubesphere-system.svc {
        transparent
      }
      
      log / stdout "{remote} {when} {method} {uri} {proto} {status} {size} {latency_ms}ms"
    }
kind: ConfigMap
metadata:
  name: caddyfile
  namespace: kubesphere-system

3. 命令行参数

  • 容器内启动命令
export KUBESPHERE_TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token` && ks-apigateway --conf=/etc/caddy/Caddyfile --log=stderr
  • 命令参数说明
--conf    指定Caddyfile路径,由Caddy读取配置文件内容
--log     指定Caddy日志文件路径,由Caddy识别日志存储方式

4. 源码片段

原文 

https://studygolang.com/articles/27543

本站部分文章源于互联网,本着传播知识、有益学习和研究的目的进行的转载,为网友免费提供。如有著作权人或出版方提出异议,本站将立即删除。如果您对文章转载有任何疑问请告之我们,以便我们及时纠正。

PS:推荐一个微信公众号: askHarries 或者qq群:474807195,里面会分享一些资深架构师录制的视频录像:有Spring,MyBatis,Netty源码分析,高并发、高性能、分布式、微服务架构的原理,JVM性能优化这些成为架构师必备的知识体系。还能领取免费的学习资源,目前受益良多

转载请注明原文出处:Harries Blog™ » KubeSphere平台APIGateWay命令行参数说明

赞 (0)
分享到:更多 ()

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址