转载

KubeSphere平台APIGateWay命令行参数说明

1. 背景

  • KubeSphere-V2.1.1-GA版本发布
  • 了解Caddy实现的路由分发信息
  • KS-APIGateWay加载/etc/caddy/Caddyfile方式

2. 路由信息

源码路径

apiVersion: v1
data:
  Caddyfile: |
    :2018 {
      root /home
      authenticate {
        token-idle-timeout 40m
        redis-url redis://redis.kubesphere-system.svc:6379
        secret {$JWT_SECRET}
        path /
        except GET /kapis/openpitrix.io/v1/apps /kapis/openpitrix.io/v1/attachments /kapis/openpitrix.io/v1/categories
        except * /apis/account.kubesphere.io/v1alpha1/authenticate /kapis/iam.kubesphere.io/v1alpha2/login /kapis/iam.kubesphere.io/v1alpha2/authenticate /images /kapis/devops.kubesphere.io/v1alpha2/webhook/github /kapis/devops.kubesphere.io/v1alpha2/webhook/git /swagger /kapis/v1alpha1/configz
      }

      authentication {
        path /
        except * /kapis/tenant.kubesphere.io/v1alpha2 /kapis/alerting.kubesphere.io/v1/comment /kapis/alerting.kubesphere.io/v1/resource_type /kapis/alerting.kubesphere.io/v1/metric /kapis/notification.kubesphere.io /kapis/resources.kubesphere.io/v1alpha2/registry /kapis/iam.kubesphere.io/v1alpha2/rulesmapping /kapis/jenkins.kubesphere.io /kapis/devops.kubesphere.io /apis/devops.kubesphere.io /kapis/resources.kubesphere.io/v1alpha2/git/verify
      }
      
      swagger

      # k8s api
      proxy /api https://kubernetes.default {
        header_upstream Authorization "Bearer {$KUBESPHERE_TOKEN}"
        insecure_skip_verify
        transparent
        websocket
      }

      # fix jenkins auth plugin
      proxy /apis/account.kubesphere.io/v1alpha1/authenticate http://ks-account.kubesphere-system.svc/kapis/iam.kubesphere.io/v1alpha2/authenticate {
        without /apis/account.kubesphere.io/v1alpha1/authenticate
        transparent
      }

      # jenkins
      proxy /kapis/jenkins.kubesphere.io http://ks-jenkins.kubesphere-devops-system.svc {
        without /kapis/jenkins.kubesphere.io
        transparent
      }
      
      proxy /job http://ks-jenkins.kubesphere-devops-system.svc {
        transparent
      }

      # old devops api
      proxy /kapis/devops.kubesphere.io/v1alpha/ http://ks-devops.kubesphere-devops-system.svc/api {
        without /kapis/devops.kubesphere.io
        transparent
      }

      # new devops api
      proxy /kapis/devops.kubesphere.io/v1alpha2/ http://ks-apiserver.kubesphere-system.svc {
        transparent
      }
      
      # iam
      proxy /kapis/iam.kubesphere.io http://ks-account.kubesphere-system.svc {
        transparent
      }

      # tenant
      proxy /kapis/tenant.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # operations
      proxy /kapis/operations.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # openpitrix
      proxy /kapis/openpitrix.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # logging
      proxy /kapis/logging.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # alerting
      proxy /kapis/alerting.kubesphere.io http://alerting-client-server.kubesphere-alerting-system.svc:9200/api {
        without /kapis/alerting.kubesphere.io
        transparent
      }

      # servicemesh
      proxy /kapis/servicemesh.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      proxy /kapis/resources.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      proxy /kapis/metrics.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # terminal
      proxy /kapis/terminal.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
        websocket
      }

      # monitoring
      proxy /kapis/monitoring.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # notification
      proxy /kapis/notification.kubesphere.io http://notification.kubesphere-alerting-system.svc:9200 {
        without /kapis/notification.kubesphere.io
        transparent
      }

      # everything else goes to ks-apiserver
      proxy /kapis http://ks-apiserver.kubesphere-system.svc {
        transparent
      }
      
      log / stdout "{remote} {when} {method} {uri} {proto} {status} {size} {latency_ms}ms"
    }
kind: ConfigMap
metadata:
  name: caddyfile
  namespace: kubesphere-system

3. 命令行参数

  • 容器内启动命令
export KUBESPHERE_TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token` && ks-apigateway --conf=/etc/caddy/Caddyfile --log=stderr
  • 命令参数说明
--conf    指定Caddyfile路径,由Caddy读取配置文件内容
--log     指定Caddy日志文件路径,由Caddy识别日志存储方式

4. 源码片段

原文  https://studygolang.com/articles/27543
正文到此结束
Loading...