源码路径
apiVersion: v1 data: Caddyfile: | :2018 { root /home authenticate { token-idle-timeout 40m redis-url redis://redis.kubesphere-system.svc:6379 secret {$JWT_SECRET} path / except GET /kapis/openpitrix.io/v1/apps /kapis/openpitrix.io/v1/attachments /kapis/openpitrix.io/v1/categories except * /apis/account.kubesphere.io/v1alpha1/authenticate /kapis/iam.kubesphere.io/v1alpha2/login /kapis/iam.kubesphere.io/v1alpha2/authenticate /images /kapis/devops.kubesphere.io/v1alpha2/webhook/github /kapis/devops.kubesphere.io/v1alpha2/webhook/git /swagger /kapis/v1alpha1/configz } authentication { path / except * /kapis/tenant.kubesphere.io/v1alpha2 /kapis/alerting.kubesphere.io/v1/comment /kapis/alerting.kubesphere.io/v1/resource_type /kapis/alerting.kubesphere.io/v1/metric /kapis/notification.kubesphere.io /kapis/resources.kubesphere.io/v1alpha2/registry /kapis/iam.kubesphere.io/v1alpha2/rulesmapping /kapis/jenkins.kubesphere.io /kapis/devops.kubesphere.io /apis/devops.kubesphere.io /kapis/resources.kubesphere.io/v1alpha2/git/verify } swagger # k8s api proxy /api https://kubernetes.default { header_upstream Authorization "Bearer {$KUBESPHERE_TOKEN}" insecure_skip_verify transparent websocket } # fix jenkins auth plugin proxy /apis/account.kubesphere.io/v1alpha1/authenticate http://ks-account.kubesphere-system.svc/kapis/iam.kubesphere.io/v1alpha2/authenticate { without /apis/account.kubesphere.io/v1alpha1/authenticate transparent } # jenkins proxy /kapis/jenkins.kubesphere.io http://ks-jenkins.kubesphere-devops-system.svc { without /kapis/jenkins.kubesphere.io transparent } proxy /job http://ks-jenkins.kubesphere-devops-system.svc { transparent } # old devops api proxy /kapis/devops.kubesphere.io/v1alpha/ http://ks-devops.kubesphere-devops-system.svc/api { without /kapis/devops.kubesphere.io transparent } # new devops api proxy /kapis/devops.kubesphere.io/v1alpha2/ http://ks-apiserver.kubesphere-system.svc { transparent } # iam proxy /kapis/iam.kubesphere.io http://ks-account.kubesphere-system.svc { transparent } # tenant proxy /kapis/tenant.kubesphere.io http://ks-apiserver.kubesphere-system.svc { transparent } # operations proxy /kapis/operations.kubesphere.io http://ks-apiserver.kubesphere-system.svc { transparent } # openpitrix proxy /kapis/openpitrix.io http://ks-apiserver.kubesphere-system.svc { transparent } # logging proxy /kapis/logging.kubesphere.io http://ks-apiserver.kubesphere-system.svc { transparent } # alerting proxy /kapis/alerting.kubesphere.io http://alerting-client-server.kubesphere-alerting-system.svc:9200/api { without /kapis/alerting.kubesphere.io transparent } # servicemesh proxy /kapis/servicemesh.kubesphere.io http://ks-apiserver.kubesphere-system.svc { transparent } proxy /kapis/resources.kubesphere.io http://ks-apiserver.kubesphere-system.svc { transparent } proxy /kapis/metrics.kubesphere.io http://ks-apiserver.kubesphere-system.svc { transparent } # terminal proxy /kapis/terminal.kubesphere.io http://ks-apiserver.kubesphere-system.svc { transparent websocket } # monitoring proxy /kapis/monitoring.kubesphere.io http://ks-apiserver.kubesphere-system.svc { transparent } # notification proxy /kapis/notification.kubesphere.io http://notification.kubesphere-alerting-system.svc:9200 { without /kapis/notification.kubesphere.io transparent } # everything else goes to ks-apiserver proxy /kapis http://ks-apiserver.kubesphere-system.svc { transparent } log / stdout "{remote} {when} {method} {uri} {proto} {status} {size} {latency_ms}ms" } kind: ConfigMap metadata: name: caddyfile namespace: kubesphere-system
export KUBESPHERE_TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token` && ks-apigateway --conf=/etc/caddy/Caddyfile --log=stderr
--conf 指定Caddyfile路径,由Caddy读取配置文件内容 --log 指定Caddy日志文件路径,由Caddy识别日志存储方式