KubeSphere平台APIGateWay命令行参数说明

道九言 · · 592 次点击 · · 开始浏览    
这是一个创建于 的文章,其中的信息可能已经有所发展或是发生改变。

1. 背景

  • KubeSphere-V2.1.1-GA版本发布
  • 了解Caddy实现的路由分发信息
  • KS-APIGateWay加载/etc/caddy/Caddyfile方式

2. 路由信息

源码路径
apiVersion: v1
data:
  Caddyfile: |
    :2018 {
      root /home
      authenticate {
        token-idle-timeout 40m
        redis-url redis://redis.kubesphere-system.svc:6379
        secret {$JWT_SECRET}
        path /
        except GET /kapis/openpitrix.io/v1/apps /kapis/openpitrix.io/v1/attachments /kapis/openpitrix.io/v1/categories
        except * /apis/account.kubesphere.io/v1alpha1/authenticate /kapis/iam.kubesphere.io/v1alpha2/login /kapis/iam.kubesphere.io/v1alpha2/authenticate /images /kapis/devops.kubesphere.io/v1alpha2/webhook/github /kapis/devops.kubesphere.io/v1alpha2/webhook/git /swagger /kapis/v1alpha1/configz
      }

      authentication {
        path /
        except * /kapis/tenant.kubesphere.io/v1alpha2 /kapis/alerting.kubesphere.io/v1/comment /kapis/alerting.kubesphere.io/v1/resource_type /kapis/alerting.kubesphere.io/v1/metric /kapis/notification.kubesphere.io /kapis/resources.kubesphere.io/v1alpha2/registry /kapis/iam.kubesphere.io/v1alpha2/rulesmapping /kapis/jenkins.kubesphere.io /kapis/devops.kubesphere.io /apis/devops.kubesphere.io /kapis/resources.kubesphere.io/v1alpha2/git/verify
      }
      
      swagger

      # k8s api
      proxy /api https://kubernetes.default {
        header_upstream Authorization "Bearer {$KUBESPHERE_TOKEN}"
        insecure_skip_verify
        transparent
        websocket
      }

      # fix jenkins auth plugin
      proxy /apis/account.kubesphere.io/v1alpha1/authenticate http://ks-account.kubesphere-system.svc/kapis/iam.kubesphere.io/v1alpha2/authenticate {
        without /apis/account.kubesphere.io/v1alpha1/authenticate
        transparent
      }

      # jenkins
      proxy /kapis/jenkins.kubesphere.io http://ks-jenkins.kubesphere-devops-system.svc {
        without /kapis/jenkins.kubesphere.io
        transparent
      }
      
      proxy /job http://ks-jenkins.kubesphere-devops-system.svc {
        transparent
      }

      # old devops api
      proxy /kapis/devops.kubesphere.io/v1alpha/ http://ks-devops.kubesphere-devops-system.svc/api {
        without /kapis/devops.kubesphere.io
        transparent
      }

      # new devops api
      proxy /kapis/devops.kubesphere.io/v1alpha2/ http://ks-apiserver.kubesphere-system.svc {
        transparent
      }
      
      # iam
      proxy /kapis/iam.kubesphere.io http://ks-account.kubesphere-system.svc {
        transparent
      }

      # tenant
      proxy /kapis/tenant.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # operations
      proxy /kapis/operations.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # openpitrix
      proxy /kapis/openpitrix.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # logging
      proxy /kapis/logging.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # alerting
      proxy /kapis/alerting.kubesphere.io http://alerting-client-server.kubesphere-alerting-system.svc:9200/api {
        without /kapis/alerting.kubesphere.io
        transparent
      }

      # servicemesh
      proxy /kapis/servicemesh.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      proxy /kapis/resources.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      proxy /kapis/metrics.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # terminal
      proxy /kapis/terminal.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
        websocket
      }

      # monitoring
      proxy /kapis/monitoring.kubesphere.io http://ks-apiserver.kubesphere-system.svc {
        transparent
      }

      # notification
      proxy /kapis/notification.kubesphere.io http://notification.kubesphere-alerting-system.svc:9200 {
        without /kapis/notification.kubesphere.io
        transparent
      }

      # everything else goes to ks-apiserver
      proxy /kapis http://ks-apiserver.kubesphere-system.svc {
        transparent
      }
      
      log / stdout "{remote} {when} {method} {uri} {proto} {status} {size} {latency_ms}ms"
    }
kind: ConfigMap
metadata:
  name: caddyfile
  namespace: kubesphere-system

3. 命令行参数

  • 容器内启动命令
export KUBESPHERE_TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token` && ks-apigateway --conf=/etc/caddy/Caddyfile --log=stderr
  • 命令参数说明
--conf    指定Caddyfile路径,由Caddy读取配置文件内容
--log     指定Caddy日志文件路径,由Caddy识别日志存储方式

4. 源码片段

ks-apigateway.main函数源码
ks-apigateway.go.mod文件
caddymain.Run函数源码
  • ks-apigateway项目中main函数

image.png

  • ks-apigateway中caddy使用版本

image.png

  • caddymain中的Run函数

image.png


有疑问加站长微信联系(非本文作者)

本文来自:Segmentfault

感谢作者:道九言

查看原文:KubeSphere平台APIGateWay命令行参数说明

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:701969077

592 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传