接入指南
<p class="shortdesc"></p>
<section class="section" id="access_guide__section_r2y_1r5_3sb"><h2 class="doc-tairway">准备工作</h2>
<p class="p">已完成“创建应用”、“创建环境”、“开启容器服务”、“创建资源池”、“创建集群”。</p>
</section>
<section class="section" id="access_guide__section_wyz_pr5_3sb"><h2 class="doc-tairway">创建命名空间</h2>
<p class="p">请查看《命名空间》帮助文档。</p>
</section>
<section class="section" id="access_guide__section_bzz_rr5_3sb"><h2 class="doc-tairway">创建并部署pafa-cloud-kong</h2>
<p class="p">具体操作步骤请查看“创建服务”、“部署服务”指南。</p>
<ol class="ol" id="access_guide__ol_u55_tr5_3sb">
<li class="li"><strong class="ph b">部署配置-KONG配置中心</strong><p class="p">选择关联的命名空间。</p></li>
<li class="li"><strong class="ph b">部署配置-环境变量</strong><ol class="ol" type="a" id="access_guide__ol_pvw_zr5_3sb">
<li class="li"><strong class="ph b">基础环境变量</strong><div class="p">
<table class="table" id="access_guide__table_xh2_bs5_3sb"><caption></caption><colgroup><col style="width:22.60127931769723%"><col style="width:21.321961620469086%"><col style="width:56.07675906183369%"></colgroup><thead class="thead">
<tr class="row">
<th class="entry align-left" id="access_guide__table_xh2_bs5_3sb__entry__1"><strong class="ph b">环境变量KEY</strong></th>
<th class="entry align-left" id="access_guide__table_xh2_bs5_3sb__entry__2"><strong class="ph b">值</strong></th>
<th class="entry align-left" id="access_guide__table_xh2_bs5_3sb__entry__3"><strong class="ph b">说明</strong></th>
</tr>
</thead><tbody class="tbody">
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_PROXY_LISTEN</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">0.0.0.0:80, 0.0.0.0:443 ssl</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 ">
<p class="p">设置Kong监听的端口</p>
</td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_PG_HOST</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">PAFA配置中心IP</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "></td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_PG_PORT</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">PAFA配置中心Port</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "></td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_CONFIG_TOKEN</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">租户凭据</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 ">
<p class="p">此处必填。</p>
</td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_PG_TIMEOUT</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">连接数据库或配置中心的超时时间,2.0.3以后默认30000</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 ">
<p class="p">如果静态资源文件较大,下载时间会比较长,需要将此项设置大一些。</p>
</td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_PROXY_ACCESS_LOG</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">1.2.6及以下版本是写入到docker镜像内的/usr/local/kong/logs/目录下。1.2.7及以上版本是写入/dev/stdout(可以通过docker日志查看)。</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 ">
<p class="p">非必填建议设置或升级版本,防止日志文件过大</p>
</td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_PROXY_ERROR_LOG</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">1.2.6及以下版本是写入到docker镜像内的/usr/local/kong/logs/目录下。1.2.7及以上版本是写入/dev/stderr(可以通过docker日志查看)。</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 ">
<p class="p">非必填建议设置或升级版本,防止日志文件过大</p>
</td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_WEB_ACCESS_LOG</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">1.3.1及以下版本是写入到docker镜像内的/usr/local/kong/logs/目录下。1.3.2及以上版本是写入/dev/stdout(可以通过docker日志查看)。</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 ">
<p class="p">非必填建议设置或升级版本,防止日志文件过大</p>
</td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_WEB_ERROR_LOG</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">1.3.1及以下版本是写入到docker镜像内的/usr/local/kong/logs/目录下。1.3.2及以上版本是写入/dev/stderr(可以通过docker日志查看)。</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 ">
<p class="p">非必填建议设置或升级版本,防止日志文件过大</p>
</td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_PG_PASSWORD_ALG</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">aesecb</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 ">
<p class="p">当前只支持 aesecb,请参考《<a class="xref" href="https://fincloud.pinganyun.com/ssr/help/manage/gihong/Service_governance.configue_access_gateway.SecKey" target="_blank" rel="external noopener">密码加密 </a></p>
</td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_PG_PASSWORD_ALG_AES_KEY</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">aes加密Key(长度必须是16/24/32)</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "></td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_PG_PASSWORD</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">真实密码需要先AES/ECB/PKCS5Padding加密,然后再base64编码</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 "></td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_STREAM_CONF_FILE</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">stream流配置文件名</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 ">
<p class="p">配置TCP 四层代理。具体请参考:<a class="xref" href="http://pafa-cloud.paic.com.cn/docs/pafa-cloud_doc/pafa-cloud_doc-1bpaf8ui4bmdm" target="_blank" rel="external noopener">http://pafa-cloud.paic.com.cn/docs/pafa-cloud_doc/pafa-cloud_doc-1bpaf8ui4bmdm</a></p>
</td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__1 ">
<p class="p">KONG_GRAY_RELEASE</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__2 ">
<p class="p">on/off,默认off</p>
</td>
<td class="entry align-left" headers="access_guide__table_xh2_bs5_3sb__entry__3 ">
<p class="p">是否开启页面灰度。具体请参考:<a class="xref" href="http://pafa-cloud.paic.com.cn/docs/pafa-cloud_doc/pafa-cloud_doc-1bpaf837rf3qs" target="_blank" rel="external noopener">http://pafa-cloud.paic.com.cn/docs/pafa-cloud_doc/pafa-cloud_doc-1bpaf837rf3qs</a></p>
</td>
</tr>
</tbody></table>
</div></li>
<li class="li"><strong class="ph b">内置缓存大小设置</strong><p class="p">Kong新增功能里面有很多用到Nginx内存,此处可以设置内存大小</p><div class="p">
<table class="table" id="access_guide__table_clx_gs5_3sb"><caption></caption><colgroup><col style="width:35.892514395393476%"><col style="width:19.193857965451055%"><col style="width:44.913627639155465%"></colgroup><thead class="thead">
<tr class="row">
<th class="entry align-left" id="access_guide__table_clx_gs5_3sb__entry__1"><strong class="ph b">配置项</strong></th>
<th class="entry align-left" id="access_guide__table_clx_gs5_3sb__entry__2"><strong class="ph b">默认值</strong></th>
<th class="entry align-left" id="access_guide__table_clx_gs5_3sb__entry__3"><strong class="ph b">说明</strong></th>
</tr>
</thead><tbody class="tbody">
<tr class="row">
<td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__1 ">
<p class="p">KONG_CACHE_SIZE_FILE_CACHE</p>
</td>
<td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__2 ">
<p class="p">20m</p>
</td>
<td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__3 ">
<p class="p">file-cache缓存插件用到的共享内存,用于存储匹配需求的缓存文件的header(即首次请求返回的key)。</p>
<p class="p">如果需要缓存的文件比较多,相应设置大一些。</p>
</td>
</tr>
<tr class="row">
<td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__1 ">
<p class="p">KONG_CACHE_SIZE_FILE_CACHE_KEY</p>
</td>
<td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__2 ">
<p class="p">20m</p>
</td>
<td class="entry align-left" headers="access_guide__table_clx_gs5_3sb__entry__3 ">
<p class="p">file-cache缓存插件用到的共享内存,用于存储匹配需求的请求信息。如果需要缓存的文件比较多,相应设置大一些。</p>
</td>
</tr>
</tbody></table>
</div></li>
<li class="li"><strong class="ph b">cyberark设置</strong><p class="p">kong中有些插件(需先确定是否支持)用到cyberark,可以通过这个添加cyber的相关配置。</p><p class="p">在插件中如果有用到cyberark密码的,直接用CyberArk(object)即可。</p><div class="p">
<table class="table frame-all" id="access_guide__table_tjy_ns5_3sb"><caption><span class="table--title-label">表1 </span><span class="title"></span></caption><colgroup><col style="width:33.33333333333333%"><col style="width:33.33333333333333%"><col style="width:33.33333333333333%"></colgroup><thead class="thead">
<tr class="row">
<th class="entry colsep-1 rowsep-1" id="access_guide__table_tjy_ns5_3sb__entry__1">环境变量KEY</th>
<th class="entry colsep-1 rowsep-1" id="access_guide__table_tjy_ns5_3sb__entry__2">值</th>
<th class="entry colsep-1 rowsep-1" id="access_guide__table_tjy_ns5_3sb__entry__3">说明</th>
</tr>
</thead><tbody class="tbody">
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__1 ">
<p class="p">KONG_CYBERARKS</p>
</td>
<td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__2 "></td>
<td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__3 ">
<p class="p">cyberark的相关配置格式为
object:app_id:app_key:safe:folder</p>
</td>
</tr>
<tr class="row">
<td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__1 ">
<p class="p">KONG_CYBERARK_URL</p>
</td>
<td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__2 ">
<p class="p"><a class="xref" href="https://prd-ccp.paic.com.cn/pidms/rest/pwd/getPassword" target="_blank" rel="external noopener">https://prd-ccp.paic.com.cn/pidms/rest/pwd/getPassword</a></p>
</td>
<td class="entry colsep-1 rowsep-1" headers="access_guide__table_tjy_ns5_3sb__entry__3 ">
<p class="p">cyberark接口地址</p>
</td>
</tr>
</tbody></table>
</div></li>
</ol></li>
</ol>
</section>
提交成功!非常感谢您的反馈,我们会继续努力做到更好!