<p class="shortdesc"></p> <section class="section" id="access_guide__section_r2y_1r5_3sb"><h2 class="doc-tairway">准备工作</h2> <p class="p">已完成“创建应用”、“创建环境”、“开启容器服务”、“创建资源池”、“创建集群”。</p> </section> <section class="section" id="access_guide__section_wyz_pr5_3sb"><h2 class="doc-tairway">创建命名空间</h2> <p class="p">请查看《命名空间》帮助文档。</p> </section> <section class="section" id="access_guide__section_bzz_rr5_3sb"><h2 class="doc-tairway">创建并部署pafa-cloud-kong</h2> <p class="p">具体操作步骤请查看“创建服务”、“部署服务”指南。</p> <ol class="ol" id="access_guide__ol_u55_tr5_3sb"> <li class="li"><strong class="ph b">部署配置-KONG配置中心</strong><p class="p">选择关联的命名空间。</p></li> <li class="li"><strong class="ph b">部署配置-环境变量</strong><ol class="ol" type="a" id="access_guide__ol_pvw_zr5_3sb"> <li class="li"><strong class="ph b">基础环境变量</strong><div class="p"> <table class="table" id="access_guide__table_xh2_bs5_3sb"><caption></caption><colgroup><col style="width:22.60127931769723%"><col style="width:21.321961620469086%"><col style="width:56.07675906183369%"></colgroup><thead class="thead"> <tr class="row"> <th class="entry align-left" id="access_guide__table_xh2_bs5_3sb__entry__1"><strong class="ph b">环境变量KEY</strong></th> <th class="entry align-left" id="access_guide__table_xh2_bs5_3sb__entry__2"><strong class="ph b">值</strong></th> <th class="entry align-left" id="access_guide__table_xh2_bs5_3sb__entry__3"><strong class="ph b">说明</strong></th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_PROXY_LISTEN</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">0.0.0.0:80, 0.0.0.0:443 ssl</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "> <p class="p">设置Kong监听的端口</p> </td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_PG_HOST</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">PAFA配置中心IP</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "></td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_PG_PORT</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">PAFA配置中心Port</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "></td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_CONFIG_TOKEN</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">租户凭据</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "> <p class="p">此处必填。</p> </td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_PG_TIMEOUT</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">连接数据库或配置中心的超时时间，2.0.3以后默认30000</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "> <p class="p">如果静态资源文件较大，下载时间会比较长，需要将此项设置大一些。</p> </td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_PROXY_ACCESS_LOG</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">1.2.6及以下版本是写入到docker镜像内的/usr/local/kong/logs/目录下。1.2.7及以上版本是写入/dev/stdout（可以通过docker日志查看）。</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "> <p class="p">非必填建议设置或升级版本，防止日志文件过大</p> </td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_PROXY_ERROR_LOG</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">1.2.6及以下版本是写入到docker镜像内的/usr/local/kong/logs/目录下。1.2.7及以上版本是写入/dev/stderr（可以通过docker日志查看）。</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "> <p class="p">非必填建议设置或升级版本，防止日志文件过大</p> </td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_WEB_ACCESS_LOG</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">1.3.1及以下版本是写入到docker镜像内的/usr/local/kong/logs/目录下。1.3.2及以上版本是写入/dev/stdout（可以通过docker日志查看）。</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "> <p class="p">非必填建议设置或升级版本，防止日志文件过大</p> </td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_WEB_ERROR_LOG</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">1.3.1及以下版本是写入到docker镜像内的/usr/local/kong/logs/目录下。1.3.2及以上版本是写入/dev/stderr（可以通过docker日志查看）。</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "> <p class="p">非必填建议设置或升级版本，防止日志文件过大</p> </td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_PG_PASSWORD_ALG</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">aesecb</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "> <p class="p">当前只支持 aesecb，请参考《<a class="xref" href="https://fincloud.pinganyun.com/ssr/help/manage/gihong/Service_governance.configue_access_gateway.SecKey" target="_blank" rel="external noopener">密码加密 </a></p> </td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_PG_PASSWORD_ALG_AES_KEY</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">aes加密Key（长度必须是16/24/32）</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "></td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_PG_PASSWORD</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">真实密码需要先AES/ECB/PKCS5Padding加密，然后再base64编码</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "></td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_STREAM_CONF_FILE</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">stream流配置文件名</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "> <p class="p">配置TCP 四层代理。具体请参考：<a class="xref" href="http://pafa-cloud.paic.com.cn/docs/pafa-cloud_doc/pafa-cloud_doc-1bpaf8ui4bmdm" target="_blank" rel="external noopener">http://pafa-cloud.paic.com.cn/docs/pafa-cloud_doc/pafa-cloud_doc-1bpaf8ui4bmdm</a></p> </td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 "> <p class="p">KONG_GRAY_RELEASE</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 "> <p class="p">on/off，默认off</p> </td> <td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "> <p class="p">是否开启页面灰度。具体请参考：<a class="xref" href="http://pafa-cloud.paic.com.cn/docs/pafa-cloud_doc/pafa-cloud_doc-1bpaf837rf3qs" target="_blank" rel="external noopener">http://pafa-cloud.paic.com.cn/docs/pafa-cloud_doc/pafa-cloud_doc-1bpaf837rf3qs</a></p> </td> </tr> </tbody></table> </div></li> <li class="li"><strong class="ph b">内置缓存大小设置</strong><p class="p">Kong新增功能里面有很多用到Nginx内存，此处可以设置内存大小</p><div class="p"> <table class="table" id="access_guide__table_clx_gs5_3sb"><caption></caption><colgroup><col style="width:35.892514395393476%"><col style="width:19.193857965451055%"><col style="width:44.913627639155465%"></colgroup><thead class="thead"> <tr class="row"> <th class="entry align-left" id="access_guide__table_clx_gs5_3sb__entry__1"><strong class="ph b">配置项</strong></th> <th class="entry align-left" id="access_guide__table_clx_gs5_3sb__entry__2"><strong class="ph b">默认值</strong></th> <th class="entry align-left" id="access_guide__table_clx_gs5_3sb__entry__3"><strong class="ph b">说明</strong></th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__1 "> <p class="p">KONG_CACHE_SIZE_FILE_CACHE</p> </td> <td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__2 "> <p class="p">20m</p> </td> <td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__3 "> <p class="p">file-cache缓存插件用到的共享内存，用于存储匹配需求的缓存文件的header（即首次请求返回的key）。</p> <p class="p">如果需要缓存的文件比较多，相应设置大一些。</p> </td> </tr> <tr class="row"> <td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__1 "> <p class="p">KONG_CACHE_SIZE_FILE_CACHE_KEY</p> </td> <td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__2 "> <p class="p">20m</p> </td> <td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__3 "> <p class="p">file-cache缓存插件用到的共享内存，用于存储匹配需求的请求信息。如果需要缓存的文件比较多，相应设置大一些。</p> </td> </tr> </tbody></table> </div></li> <li class="li"><strong class="ph b">cyberark设置</strong><p class="p">kong中有些插件（需先确定是否支持）用到cyberark，可以通过这个添加cyber的相关配置。</p><p class="p">在插件中如果有用到cyberark密码的，直接用CyberArk(object)即可。</p><div class="p"> <table class="table frame-all" id="access_guide__table_tjy_ns5_3sb"><caption><span class="table--title-label">表1 </span><span class="title"></span></caption><colgroup><col style="width:33.33333333333333%"><col style="width:33.33333333333333%"><col style="width:33.33333333333333%"></colgroup><thead class="thead"> <tr class="row"> <th class="entry colsep-1 rowsep-1" id="access_guide__table_tjy_ns5_3sb__entry__1">环境变量KEY</th> <th class="entry colsep-1 rowsep-1" id="access_guide__table_tjy_ns5_3sb__entry__2">值</th> <th class="entry colsep-1 rowsep-1" id="access_guide__table_tjy_ns5_3sb__entry__3">说明</th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__1 "> <p class="p">KONG_CYBERARKS</p> </td> <td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__2 "></td> <td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__3 "> <p class="p">cyberark的相关配置格式为 object:app_id:app_key:safe:folder</p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__1 "> <p class="p">KONG_CYBERARK_URL</p> </td> <td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__2 "> <p class="p"><a class="xref" href="https://prd-ccp.paic.com.cn/pidms/rest/pwd/getPassword" target="_blank" rel="external noopener">https://prd-ccp.paic.com.cn/pidms/rest/pwd/getPassword</a></p> </td> <td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__3 "> <p class="p">cyberark接口地址</p> </td> </tr> </tbody></table> </div></li> </ol></li> </ol> </section>