> - ä½œè€…ï¼šé‚µæ¬¢åº† > - é“¾æŽ¥ï¼šhttps://kuboard.cn/guide/proxy/#%E4%BB%A3%E7%90%86%E9%85%8D%E7%BD%AE ## Kuboard Proxy å€ŸåŠ© `Kuboard Proxy`ï¼Œç™»å½• Kuboard çš„ç”¨æˆ·å¯ä»¥ç›´æŽ¥è®¿é—® Service/Podï¼Œè€Œæ— éœ€ä¸º Service åšé¢å¤–çš„ NodePortã€Ingress ç‰é…ç½®ã€‚Kuboard Proxy æ˜¯ `kubectl proxy` å‘½ä»¤ä¸€ç§æ›¿ä»£é€‰é¡¹ã€‚ ä¸Ž `kubectl proxy` ç›¸æ¯”ï¼š * ç”¨æˆ·å¯ä»¥ç›´æŽ¥åœ¨ Kuboard ç•Œé¢è¿›è¡Œæ“ä½œï¼Œè€Œæ— éœ€ä½¿ç”¨å‘½ä»¤è¡Œï¼› * ç”¨æˆ·æƒé™æŽ§åˆ¶ï¼› * æ”¯æŒæ›´åŠ ç»†è‡´çš„ rebase æŽ§åˆ¶ï¼› * å¯ä»¥å¯¹æŽ¥æ”¯æŒ Auth-Proxy è®¤è¯æ–¹å¼çš„åŽç«¯æœåŠ¡ï¼Œå®žçŽ°å•ç‚¹ç™»å½•ï¼Œä¾‹å¦‚ [Grafana](https://grafana.com/docs/grafana/v6.5/auth/auth-proxy/)ã€‚ æœ¬æ–‡åŽé¢çš„ç« èŠ‚å°†æè¿° Kuboard Proxy çš„åŸºæœ¬ä½¿ç”¨æ–¹æ³•ã€‚å¹¶æœ‰å¦å¤–ä¸‰ç¯‡æ–‡æ¡£å¯¹ Kuboard Proxy åšè¿›ä¸€æ¥çš„é˜è¿°ï¼š * [æŽˆæƒç”¨æˆ·è®¿é—® Kuboard Proxy](https://kuboard.cn/guide/proxy/authorization.html) * [ä¸ºä»€ä¹ˆæˆ‘çš„ç½‘é¡µé€šè¿‡ Kuboard Proxy ä»£ç†åŽæ˜¾ç¤ºä¸æ£å¸¸ - Rebase - ï¼ˆå°‘æ•°æƒ…å†µï¼‰](https://kuboard.cn/guide/proxy/rebase.html) * [é€šè¿‡ Auth-Proxy å®žçŽ° Grafana ä¸Ž Kuboard çš„å•ç‚¹ç™»å½•](https://kuboard.cn/guide/proxy/auth-proxy.html) ## ä½¿ç”¨ Kuboard Proxy è®¿é—® Service æŒ‰ç…§å¦‚ä¸‹æ¥éª¤ï¼Œå¯ä»¥éžå¸¸æ–¹ä¾¿åœ°ä½¿ç”¨ Kuboard Proxyï¼š * è¿›å…¥å·¥ä½œè´Ÿè½½æŸ¥çœ‹é¡µé¢ï¼Œæ¤å¤„ä»¥ [å¯¼å…¥ example](https://kuboard.cn/guide/example/import.html) ä¸å¯¼å…¥çš„ web-example ä½œä¸ºä¾‹åï¼Œå¦‚ä¸‹å›¾æ‰€ç¤ºï¼š ![Kubernetestæ•™ç¨‹_ä½¿ç”¨KuboardProxy](/img/image-20200225204455933.png) å¦‚æžœæ‚¨çœ‹ä¸åˆ°é€”ä¸çš„ ***ä»£ç†*** æŒ‰é’®ï¼Œå¾ˆå¯èƒ½æ˜¯æ‚¨çš„ Kuboard ç‰ˆæœ¬ä½ŽäºŽ v1.0.7-beta.4ï¼›ä¹Ÿå¯èƒ½æ˜¯å› ä¸ºæ‚¨æ²¡æœ‰è¯¥Service çš„ `service/proxy` å¯¹åº”çš„æƒé™ï¼Œè¯·å‚è€ƒ [æŽˆæƒç”¨æˆ·è®¿é—® KuboardProxy](https://kuboard.cn/guide/proxy/auth-proxy.html) * ç‚¹å‡»ä¸Šå›¾ä¸çš„ ***ä»£ç†*** æŒ‰é’®ï¼Œå°†æ‰“å¼€å¦‚ä¸‹ç•Œé¢ï¼š ç•Œé¢ä¸æ˜¾ç¤ºäº†ä¸‰ä¸ªåŒºåŸŸï¼š * KuboardProxy ä»£ç†é…ç½®ä¿¡æ¯ï¼Œç‚¹å‡» ***ä¿®æ”¹*** æŒ‰é’®åŽå¯ä»¥ [ä¿®æ”¹KuboardProxyé…ç½®](https://kuboard.cn/guide/proxy/#%E4%BF%AE%E6%94%B9KuboardProxy%E4%BB%A3%E7%90%86%E9%85%8D%E7%BD%AE)ï¼› * KuboardProxy ä»£ç†å‘çŽ°ä¿¡æ¯ï¼ˆæ˜¾ç¤ºäº†æ¤æ¬¡æ‰€èŽ·å¾— Token çš„æœ‰æ•ˆæœŸï¼‰ï¼› * è®¿é—®ä»£ç†ç›®æ ‡ï¼ˆæ˜¾ç¤ºäº†ä»£ç†çš„è¿›ä¸€æ¥æ“ä½œåŒºï¼‰ï¼š * é€‰æ‹©ä»£ç†åè®®ï¼Œæ¤å¤„æ”¯æŒ `http`ã€ `https` ä¸¤ç§é€‰æ‹©ï¼Œè¯¥åè®®è¦è®¿é—®çš„å®¹å™¨å†…ç«¯å£æ‰€æ”¯æŒçš„åè®®ï¼› * é€‰æ‹©è®¿é—®æ–¹æ³•ï¼Œå¯ä»¥ç›´æŽ¥åœ¨æµè§ˆå™¨ä¸æ‰“å¼€ç½‘é¡µï¼Œä¹Ÿå¯ä»¥é€šè¿‡ crul/postman ç‰æµ‹è¯•å·¥å…·è°ƒç”¨å®¹å™¨å†…çš„ restful æŽ¥å£ã€‚ ![Kubernetestæ•™ç¨‹_ä½¿ç”¨KuboardProxy](/img/image-20200225204706887.png) * é€šè¿‡ä»£ç†è®¿é—®ç›®æ ‡ Service * ç‚¹å‡» ***åœ¨æµè§ˆå™¨çª—å£ä¸æ‰“å¼€*** æŒ‰é’®ï¼Œå°†ç›´æŽ¥æ‰“å¼€ä¸€ä¸ªæ–°çª—å£ï¼Œå¹¶æ˜¾ç¤ºç›®æ ‡é¡µé¢ï¼Œå¦‚ä¸‹æ‰€ç¤ºï¼š ![Kubernetestæ•™ç¨‹_ä½¿ç”¨KuboardProxy](/img/image-20200225205535033.png) * ç‚¹å‡» ***ä½¿ç”¨ curl/postman è®¿é—®ç›®æ ‡ä»£ç†***ï¼Œå°†æ˜¾ç¤ºå¦‚ä¸‹å¯¹è¯æ¡†ï¼š å¤åˆ¶å¯¹è¯æ¡†ä¸çš„ä»£ç ï¼Œå¹¶åœ¨å‘½ä»¤è¡Œç»ˆç«¯æ‰§è¡Œï¼Œå¯ä»¥èŽ·å¾—ä»£ç†ç›®æ ‡æœåŠ¡è¿”å›žçš„å“åº”ã€‚ > è¿™ç§åšæ³•åœ¨è¿›è¡Œ API æµ‹è¯•æ—¶éžå¸¸æ–¹ä¾¿ã€‚ ![Kubernetestæ•™ç¨‹_ä½¿ç”¨KuboardProxy](/img/image-20200225205712284.png) ## ä¿®æ”¹KuboardProxyä»£ç†é…ç½® KuboardProxyä»£ç†çš„è®¾ç½®æœ‰ï¼š * çŽ¯å¢ƒå˜é‡ * å…¨å±€ç”Ÿæ•ˆï¼› * ä»£ç†è®¾ç½® * åªé’ˆå¯¹ Service/Pod çš„å•ä¸ªç«¯å£ä»£ç†ç”Ÿæ•ˆï¼› ### çŽ¯å¢ƒå˜é‡ ä¸Ž KuboardProxy ç›¸å…³çš„çŽ¯å¢ƒå˜é‡æœ‰å¦‚ä¸‹ä¸¤ä¸ªï¼š | åç§° | å˜é‡ç±»åž‹ | é»˜è®¤å€¼ | æè¿° | | ------------------------ | -------- | ------ | ------------------------------------------------------------ | | KUBOARD_AUTH_ENCRYPT_KEY | String | éšæœº |

å¦‚æžœä¸é…ç½®ï¼Œæ¯æ¬¡é‡å¯ Kuboard æ—¶ï¼Œéšæœºç”Ÿæˆï¼›

å¦‚æžœé…ç½®ï¼Œè¯¥å—æ®µå¿…é¡»ä¸ºä¸€ä¸ªé•¿åº¦ä¸º32çš„å—ç¬¦ä¸²ï¼Œå¯ä»¥ç”±å—æ¯å’Œæ•°å—ç»„æˆï¼›

Kuboard ä½¿ç”¨ [AES-256ç®—æ³•](https://www.zhihu.com/question/34563299/answer/59176478) ç”ŸæˆåŠ å¯† Cookieï¼Œå®¢æˆ·ç«¯ä½¿ç”¨æ¤ Cookieï¼Œå¯ä»¥é€šè¿‡ KuboardProxy è®¤è¯ï¼Œå¹¶å®žçŽ°ä»£ç†è®¿é—®ï¼›

å½“æ‚¨çš„ Kuboard å‰¯æœ¬æ•°å¤§äºŽ 1 æ—¶ï¼Œè¯·åŠ¡å¿…é…ç½®æ¤å‚æ•°ï¼Œå¦åˆ™ä¸åŒ Kuboard å‰¯æœ¬çš„ ENCRYPT_KEY ä¸åŒæ—¶ï¼ŒKuboard Proxy å°†ä¸èƒ½æ£å¸¸å·¥ä½œï¼›

å•ä½ç§’ï¼Œé»˜è®¤å€¼ä¸º36000ï¼ˆå³10å°æ—¶ï¼‰ï¼›

è®¿é—®ä»£ç†æ—¶ï¼Œæ‰€ç”¨ cookie çš„æœ‰æ•ˆæ—¶é•¿ï¼›

å¦‚æžœ Service/Pod ä¸Šæ²¡æœ‰ç‰¹æ®Šé…ç½®ï¼Œåˆ™ä½¿ç”¨æ¤å¤„çš„è®¾ç½®ã€‚

| ### ä»£ç†é…ç½® åœ¨ KuboardProxy å¯¹è¯æ¡†ä¸Šï¼Œç‚¹å‡» ***ä¿®æ”¹*** æŒ‰é’®ï¼Œå¯ä»¥ä¿®æ”¹é’ˆå¯¹è¯¥ç«¯å£çš„ KuboardProxy è®¾ç½®å‚æ•°ï¼Œå¦‚ä¸‹å›¾æ‰€ç¤ºï¼š ![Kubernetestæ•™ç¨‹_ä½¿ç”¨KuboardProxy](/img/image-20200225212104752.png) å¯ä»¥é…ç½®çš„å‚æ•°æœ‰ï¼š | åç§° | ç±»åž‹ | é»˜è®¤å€¼ | æè¿° | | --------------------- | ------- | --------------------------------------------- | ---------------------------------------- | | ç”¨æˆ·åæ·»åŠ åˆ° Header | String | X-WEBAUTH-USER | [Auth-Proxy](https://kuboard.cn/guide/proxy/auth-proxy.html) é‡è¦å‚æ•° | | ç»„åæ·»åŠ åˆ° Header | String | X-WEBAUTH-GROUP | [Auth-Proxy](https://kuboard.cn/guide/proxy/auth-proxy.html) é‡è¦å‚æ•° | | Cookie TTL / å•ä½ï¼šç§’ | Long | çŽ¯å¢ƒå˜é‡KUBOARD_PROXY_COOKIE_TTL
æˆ–36000 | Cookie çš„æœ‰æ•ˆæ—¶é•¿ | | ç¦ç”¨ Rebase | Boolean | false | ç¦ç”¨ [Rebase](https://kuboard.cn/guide/proxy/rebase.html) | ## ä½¿ç”¨ Kubectl Proxy ä½¿ç”¨ `kubectl proxy` ä¹‹å‰ï¼Œè¯·ç¡®ä¿æ‚¨å·²ç» [åœ¨å®¢æˆ·ç«¯é…ç½® kubectl](https://kuboard.cn/install/config-kubectl.html)ã€‚å¦‚æžœå·²ç»é…ç½®ï¼Œå¯æŒ‰ç…§å¦‚ä¸‹æ¥éª¤ä½¿ç”¨ `kubectl proxy`ã€‚ * æ‰§è¡Œå‘½ä»¤ä»¥å¯åŠ¨ `kubectl proxy` ç¨‹åº ```bash $ kubectl proxy ``` * é€šè¿‡ä»£ç†è®¿é—®æ‚¨çš„æœåŠ¡/Podï¼š * ä»¥ä¸Šè¿° `example` åç§°ç©ºé—´çš„ Service `web-example` ä¸ºä¾‹ï¼Œå¦‚éœ€è¦ä½¿ç”¨ http åè®®è®¿é—®è¯¥ Service çš„ 80 ç«¯å£ï¼Œå®žçŽ°ä¸Šé¢ä½¿ç”¨ Kuboard Proxy çš„ä¾‹åä¸ä¸€æ ·çš„è®¿é—®æ•ˆæžœï¼Œè¯·åœ¨æµè§ˆå™¨æ‰“å¼€å¦‚ä¸‹é“¾æŽ¥ï¼š ```bash http://localhost:8001/api/v1/namespaces/example/services/https:web-example:80/proxy/ ```