15308555518/ website
1
0
Fork 0
mirror of https://github.com/kubesphere/website.git synced 2026-01-01 03:33:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

【documentation】Update docs for KubeSphere 4.1.3 (#3244) 

* fixes and improvements

Signed-off-by: zhuxiujuan28 <562873187@qq.com>

* update 4.1.3

Signed-off-by: zhuxiujuan28 <562873187@qq.com>

* add Vulnerability Advisory

Signed-off-by: zhuxiujuan28 <562873187@qq.com>

* add Vulnerability Advisory

Signed-off-by: zhuxiujuan28 <562873187@qq.com>

---------

Signed-off-by: zhuxiujuan28 <562873187@qq.com>
This commit is contained in:
zhuxiujuan28 2025-04-02 18:36:48 +08:00 committed by GitHub
parent 95f3725341
commit ce68cd57be
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
62 changed files with 1667 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
content/en/docs/_custom-en/clusterManagement/routes/routes-oper-viewRouteDetails_v413.adoc Normal file
View File

@ -0,0 +1,73 @@
// :ks_include_id: 02ac1cebc06f4893a036c2e77c21d999
. View the detailed information of the Ingress in the **Attributes** area on the left side of the Ingress details page.
+
--
[%header,cols="1a,4a"]
|===
|Parameter |Description
|Cluster
|The cluster to which the Ingress belongs.
|Project
|The project to which the Ingress belongs.
|Application
|The application corresponding to the Ingress.
|Gateway Address
|
include::../gatewaySettings/gatewaySettings-para-address.adoc[]
|Ingress Class
|Ingress Controller that handles routing rules.
|Creation Time
|The creation time of the Ingress.
|Creator
|The user who created the Ingress.
|===
--
. View the routing rules of the Ingress in the **Resource Status** tab on the right side of the Ingress details page.
+
--
The **Resource Status** tab displays all routing rules of the current Ingress.
[%header,cols="1a,4a"]
|===
|Parameter |Description
|Domain and Port
|The domain name and node port of the Ingress. The node port is only displayed when the external access of the cluster gateway or project gateway is NodePort.
* If the external access mode of the cluster gateway or project gateway is NodePort, the client needs to resolve the domain name to the IP address of any node in the cluster through the DNS service or the local **hosts** file, and access the Ingress through the domain name, path, and port number (e.g., **example.com/test:30240**).
* If the external access mode of the cluster gateway or project gateway is LoadBalancer, the client needs to resolve the domain name to the IP address of the project gateway load balancer through the DNS service or the local **hosts** file, and access the Ingress through the domain name and path (e.g., **example.com/test**).
|Protocol
|The protocol supported by the Ingress, which can be **HTTP** or **HTTPS**.
|Certificate
|The name of the Secret containing the certificate and private key used when the Ingress protocol is HTTPS. Only displayed when the Ingress protocol is HTTPS.
|Path
|The path of the domain name, each path corresponds to a service.
|Service
|The name of the service corresponding to the domain name path.
|Port
|The port number of the service corresponding to the domain name path.
|===
Click **Access Service** on the right side of the routing rule to access the backend service of the Ingress.
--
. Click the **Metadata** tab on the right side of the Ingress details page to view the **Labels** and **Annotations** of the Ingress.
. Click the **Events** tab on the right side of the Ingress details page to view the events of the Ingress.
+
--
include::../clusterManagement-para-eventsTab.adoc[]
--

28
content/en/docs/_custom-en/clusterManagement/routes/routes-para-routeList-cluster_v413.adoc Normal file
View File

@ -0,0 +1,28 @@
// :ks_include_id: ae74df332c484c09b5ea8272c0d8193c
* The Ingress list provides the following information:
+
--
[%header,cols="1a,4a"]
|===
|Parameter |Description
|Name
|The name and description of the Ingress.
|Gateway Address
|
include::../gatewaySettings/gatewaySettings-para-address.adoc[]
|Ingress Class
|Ingress Controller that handles routing rules.
|Project
|The project to which Ingress belongs.
// |Application
// |The name of the application corresponding to the Ingress.
|Creation Time
|The creation time of the Ingress.
|===
--

28
content/en/docs/_custom-en/clusterManagement/routes/routes-para-routeList-project_v413.adoc Normal file
View File

@ -0,0 +1,28 @@
// :ks_include_id: ae74df332c484c09b5ea8272c0d8193c
* The Ingress list provides the following information:
+
--
[%header,cols="1a,4a"]
|===
|Parameter |Description
|Name
|The name and description of the Ingress.
|Gateway Address
|
include::../gatewaySettings/gatewaySettings-para-address.adoc[]
|Ingress Class
|Ingress Controller that handles routing rules.
// |Project
// |The project to which Ingress belongs.
|Application
|The name of the application corresponding to the Ingress.
|Creation Time
|The creation time of the Ingress.
|===
--

9
content/en/docs/v4.1/02-quickstart/01-install-kubesphere.adoc
View File

@ -39,10 +39,19 @@ curl -sfL https://get-kk.kubesphere.io | sh -
.. Run the following command to install dependencies.
+
--
[,bash]
----
apt install socat conntrack -y
----
[.admon.note,cols="a"]
|===
|Note
|
If the cluster nodes use other operating systems, please replace apt with the corresponding package management tool for that OS.
|===
--
.. Run the following command to quickly create a Kubernetes cluster.
+

165
content/en/docs/v4.1/02-quickstart/08-access-a-service.adoc Normal file
View File

@ -0,0 +1,165 @@
---
title: "Access Services from Outside the Cluster"
keywords: "Kubernetes, {ks_product-en}, Access Services, External Access, Application Access"
description: "Introduces how to access services from outside the cluster."
weight: 08
---
**Services** expose applications running on Pods as network services by providing stable endpoints (domain names or IP addresses) for client access. Accessing a Service means accessing applications deployed in the cluster.
{ks_product-en} supports accessing services from outside the cluster through NodePort, LoadBalancer, Ingress, or port forwarding.
This section uses the Bookinfo application as an example to demonstrate external service access. Before proceeding, please ensure you have deployed link:../06-deploy-bookinfo/[Bookinfo] or other applications in your project.
== Access Services via NodePort
**NodePort**: Maps a node's port to the service port, enabling access via the node's IP address and port.
. In the cluster or project's left navigation bar, select **Application Workloads** > **Services**.
. Click image:/images/ks-qkcp/zh/icons/more.svg[more,18,18] next to your target service (e.g., `productpage`) and select **Edit External Access**.
. Select **NodePort** under **Access Mode**, then click **OK**.
. Check the exposed node port in the **External Access** column of the service list.
. Access the service from outside the cluster by entering `<Node IP>:<Node Port>` in your browser.
+
--
// Note
include::../../../_ks_components-en/admonitions/note.adoc[]
You may need to configure port forwarding rules and allow the port in your security group before accessing the service.
include::../../../_ks_components-en/admonitions/admonEnd.adoc[]
--
== Access Services via LoadBalancer
**LoadBalancer**: The system assigns an external IP to the service (based on NodePort) and binds it to an external load balancer. The load balancer listens on the node port, enabling external access via the IP. This requires load balancer plugin support, infrastructure configuration, and proper annotations. For details, contact your infrastructure provider.
=== Prerequisites
* Prepare an external load balancer (cloud provider's solution or open-source like OpenELB).
* Load balancer must be in the same private network as KubeSphere cluster with a bound public IP.
+
[.admon.note,cols="a"]
|===
|Note
|
Consult your cloud provider's documentation for specific configurations.
|===
=== Steps
. In the left navigation pane of the cluster or project, select **Application Workloads** > **Services**.
. Click image:/images/ks-qkcp/zh/icons/more.svg[more,18,18] next to the target service (e.g., `productpage`) and select **Edit External Access**.
. In **Access Mode**, select **LoadBalancer**, choose **Load Balancer Provider** and add relevant **Annotations**, then click **OK**.
+
[.admon.note,cols="a"]
|===
|Note
|
If a load balancer provider is selected, the system will display annotation suggestions in the dropdown when clicking the **Key** field.
|===
. Check the external IP address exposed by the load balancer in the **External Access** column of the service list.
. Click the service name to view details, then navigate to the **Ports** section under the **Resource Status** tab to view service ports.
. Enter `<External IP>:<Service Port>` in your browser to access the service from outside the cluster.
== Access Services via Ingress
**Ingress**: Ingress aggregates services and exposes them to external cluster access. Each Ingress contains mapping rules between domains (and their subpaths) to different services. Client traffic is first sent to either the cluster gateway or project gateway, which then forwards the traffic to different services based on the rules defined in the Ingress, thereby implementing reverse proxy for multiple services.
=== Prerequisites
* link:../../09-project-management/03-application-workloads/05-routes/01-create-a-route/[Create an Ingress]. The sample application `bookinfo` automatically creates an Ingress.
* link:../../11-use-extensions/12-gateway/03-cluster-gateway/01-enable-a-cluster-gateway/[Enable cluster gateway] or link:../../11-use-extensions/12-gateway/01-project-gateway/01-enable-a-project-gateway/[Enable project gateway].
=== Steps
After creating an Ingress, you can access its backend services through any HTTP or HTTPS client.
. In the left navigation pane of the cluster or project, select **Application Workloads** > **Ingress**.
. Click an Ingress name from the Ingress list to open its details page.
. Under the **Resource Status** tab, click **Access Service** next to the desired routing rule.
+
--
* If the external access mode of the cluster or project gateway is NodePort: Clients need to resolve the domain name to any node's IP address via DNS service or local **hosts** file, and access the Ingress using domain, path and NodePort (e.g., **example.com/test:30240**).
* If the external access mode is LoadBalancer: Clients need to resolve the domain name to the project gateway's load balancer IP via DNS service or local **hosts** file, and access using domain and path (e.g., **example.com/test**).
If the Ingress is configured correctly, the browser will display the backend service's response.
--
== Access Services via Port Forwarding
Port forwarding establishes a connection between your local machine and services inside the cluster, typically used for local development and debugging. When executing port forwarding in the cluster, it usually maps a service's port to your local machine, allowing local access to cluster services.
=== Prerequisites
* At least one service exists in the project. The sample application `bookinfo` automatically creates multiple services.
* The local machine must have kubectl installed and be able to communicate normally with the KubeSphere cluster.
=== Steps
. On a cluster node, run the following command to check existing services:
+
--
[source,bash]
----
kubectl get service <service-name> -n <project-name>
----
Example:
[source,bash]
----
[root@node1 ~]# kubectl get service productpage -n demo-project
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
productpage ClusterIP 10.233.22.245 <none> 9080/TCP 6d23h
----
--
. On your local machine, use `kubectl port-forward` for port forwarding:
+
--
[source,bash]
----
kubectl port-forward service/<service-name> <local-port>:<service-port> -n <project-name>
----
Example:
[source,bash]
----
[xxx@xxx ~]# kubectl port-forward service/productpage 34841:9080 -n demo-project
Forwarding from 127.0.0.1:34841 -> 9080
Forwarding from [::1]:34841 -> 9080
----
Alternatively, you can let kubectl automatically select and assign a local port to avoid port conflicts:
[source,bash]
----
kubectl port-forward service/<service-name> :<service-port> -n <project-name>
----
[.admon.note,cols="a"]
|===
|Note
|
You can also perform port forwarding using other resource types like Deployment names or Pod names. For more information, see link:https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/#forward-a-local-port-to-a-port-on-the-pod[Kubernetes Documentation].
|===
--
. In your local browser, enter `127.0.0.1:<local-port>` or `localhost:<local-port>` to access the cluster service.

2
content/en/docs/v4.1/02-quickstart/_index.adoc
View File

@ -8,6 +8,6 @@ weight: 02
icon: "/images/docs/common/docs.svg"
---
This section provides a brief overview of how to install {ks_product-en}, as well as how to control user permissions, helping you quickly get started with {ks_product-en}.
This section provides a brief overview of how to install {ks_product-en}, control user permissions and deploy applications, helping you quickly get started with {ks_product-en}.
For more information on installing and using {ks_product-en}, please refer to other sections in the documentation.

4
content/en/docs/v4.1/11-use-extensions/12-gateway/05-routes/01-create-a-route.adoc → content/en/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/01-create-a-route.adoc
View File

@ -15,7 +15,7 @@ include::../../../../_custom-en/clusterManagement/routes/routes-desc-createARout
== Prerequisites
* {empty}
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
* To create an Ingress that supports the HTTPS protocol, you need to create a Secret of type **TLS Information**, which must contain Base64-encoded certificates and private keys.
@ -24,7 +24,7 @@ include::../../../../_custom-en/clusterManagement/clusterManagement-prer-require
== Steps
. Log in to the {ks_product-en} web console with a user who has the pass:a,q[{ks_permission}] permission and enter your cluster or project.
include::../../../../_custom-en/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+

8
content/en/docs/v4.1/11-use-extensions/12-gateway/05-routes/02-view-a-route-list.adoc → content/en/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/02-view-a-route-list.adoc
View File

@ -14,19 +14,21 @@ include::../../../../_custom-en/clusterManagement/routes/routes-desc-viewARouteL
== Prerequisites
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== Steps
. Log in to the {ks_product-en} web console with a user who has the pass:a,q[{ks_permission}] permission and enter your cluster or project.
include::../../../../_custom-en/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
include::../../../../../_ks_components-en/oper-navigate.adoc[]
+
====
include::../../../../_custom-en/clusterManagement/routes/routes-para-routeList.adoc[]
include::../../../../_custom-en/clusterManagement/routes/routes-para-routeList-cluster_v413.adoc[]
* From the drop-down list in the upper left corner, select a project to view the Ingress in that specific project.
include::../../../../_custom-en/clusterManagement/routes/routes-oper-searchForRoutes.adoc[]

6
content/en/docs/v4.1/11-use-extensions/12-gateway/05-routes/03-view-route-details.adoc → content/en/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/03-view-route-details.adoc
View File

@ -14,11 +14,11 @@ include::../../../../_custom-en/clusterManagement/routes/routes-desc-viewRouteDe
== Prerequisites
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== Steps
. Log in to the {ks_product-en} web console with a user who has the pass:a,q[{ks_permission}] permission and enter your cluster or project.
include::../../../../_custom-en/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
@ -30,4 +30,4 @@ include::../../../../_custom-en/clusterManagement/routes/routes-oper-openDetails
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-viewRouteDetails.adoc[]
include::../../../../_custom-en/clusterManagement/routes/routes-oper-viewRouteDetails_v413.adoc[]

4
content/en/docs/v4.1/11-use-extensions/12-gateway/05-routes/04-access-a-backend-service-of-a-route.adoc → content/en/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/04-access-a-backend-service-of-a-route.adoc
View File

@ -14,7 +14,7 @@ include::../../../../_custom-en/clusterManagement/routes/routes-desc-accessABack
== Prerequisites
* {empty}
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
* You should install the **KubeSphere Gateway** extension and enable the cluster gateway or project gateway. For more information, see link:../../../../11-use-extensions/12-gateway[KubeSphere Gateway].
@ -23,7 +23,7 @@ include::../../../../_custom-en/clusterManagement/routes/routes-prer-accessABack
== Steps
. Log in to the {ks_product-en} web console with a user who has the pass:a,q[{ks_permission}] permission and enter your cluster or project.
include::../../../../_custom-en/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+

4
content/en/docs/v4.1/11-use-extensions/12-gateway/05-routes/05-edit-route-information.adoc → content/en/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/05-edit-route-information.adoc
View File

@ -14,11 +14,11 @@ include::../../../../_custom-en/clusterManagement/routes/routes-desc-editRouteIn
== Prerequisites
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== Steps
. Log in to the {ks_product-en} web console with a user who has the pass:a,q[{ks_permission}] permission and enter your cluster or project.
include::../../../../_custom-en/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+

4
content/en/docs/v4.1/11-use-extensions/12-gateway/05-routes/06-edit-routing-rules.adoc → content/en/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/06-edit-routing-rules.adoc
View File

@ -14,11 +14,11 @@ include::../../../../_custom-en/clusterManagement/routes/routes-desc-editingRuti
== Prerequisites
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== Steps
. Log in to the {ks_product-en} web console with a user who has the pass:a,q[{ks_permission}] permission and enter your cluster or project.
include::../../../../_custom-en/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+

4
content/en/docs/v4.1/11-use-extensions/12-gateway/05-routes/07-edit-route-annotations.adoc → content/en/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/07-edit-route-annotations.adoc
View File

@ -14,11 +14,11 @@ include::../../../../_custom-en/clusterManagement/routes/routes-desc-editRouteAn
== Prerequisites
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== Steps
. Log in to the {ks_product-en} web console with a user who has the pass:a,q[{ks_permission}] permission and enter your cluster or project.
include::../../../../_custom-en/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+

6
content/en/docs/v4.1/11-use-extensions/12-gateway/05-routes/08-delete-routes.adoc → content/en/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/08-delete-routes.adoc
View File

@ -14,11 +14,11 @@ include::../../../../_custom-en/clusterManagement/routes/routes-desc-deleteMulti
== Prerequisites
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom-en/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== Delete a Single Ingress
. Log in to the {ks_product-en} web console with a user who has the pass:a,q[{ks_permission}] permission and enter your cluster or project.
include::../../../../_custom-en/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
@ -31,7 +31,7 @@ include::../../../../_custom-en/clusterManagement/routes/routes-oper-deleteASing
== Delete Multiple Ingresses
. Log in to the {ks_product-en} web console with a user who has the pass:a,q[{ks_permission}] permission and enter your cluster or project.
include::../../../../_custom-en/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+

0
content/en/docs/v4.1/11-use-extensions/12-gateway/05-routes/_index.adoc → content/en/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/_index.adoc
View File

2
content/en/docs/v4.1/07-cluster-management/05-application-workloads/_index.adoc
View File

@ -8,4 +8,4 @@ weight: 05
---
This section explains how to manage workloads, jobs, pods, and services.
This section explains how to manage workloads, jobs, pods, services and ingresses.

2
content/en/docs/v4.1/08-workspace-management/06-workspace-settings/03-workspace-members/02-view-a-workspace-member-list.adoc
View File

@ -32,7 +32,7 @@ include::../../../../../_ks_components-en/oper-navigate.adoc[]
|===
|Parameter |Description
|Username
|Name
|The username of the workspace member.
|Status

39
content/en/docs/v4.1/09-project-management/03-application-workloads/05-routes/01-create-a-route.adoc Normal file
View File

@ -0,0 +1,39 @@
---
title: "Create Ingresses"
keywords: "Kubernetes, {ks_product-en}, project management, application workloads, Ingress, create Ingress"
description: "Learn how to create an Ingress."
weight: 01
---
:ks_permission: **Application Workload Management**
:ks_navigation: **Application Workloads > Ingresses**
include::../../../../_custom-en/clusterManagement/routes/routes-desc-createARoute.adoc[]
== Prerequisites
* {empty}
include::../../../../_custom-en/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
* To create an Ingress that supports the HTTPS protocol, you need to create a Secret of type **TLS Information**, which must contain Base64-encoded certificates and private keys.
* There must be at least one service in the project to which the Ingress belongs.
== Steps
include::../../../../_custom-en/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components-en/oper-navigate.adoc[]
+
include::../../../../../_ks_components-en/oper-clickCreate.adoc[]
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-createARoute_v4.adoc[]

36
content/en/docs/v4.1/09-project-management/03-application-workloads/05-routes/02-view-a-route-list.adoc Normal file
View File

@ -0,0 +1,36 @@
---
title: "View Ingress List"
keywords: "Kubernetes, {ks_product-en}, project management, application workloads, Ingress, view Ingress list"
description: "Learn how to view the Ingress list."
weight: 02
---
:ks_permission: **Application Workload Viewing**
:ks_navigation: **Application Workloads > Ingresses**
include::../../../../_custom-en/clusterManagement/routes/routes-desc-viewARouteList.adoc[]
== Prerequisites
include::../../../../_custom-en/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
== Steps
include::../../../../_custom-en/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components-en/oper-navigate.adoc[]
+
====
include::../../../../_custom-en/clusterManagement/routes/routes-para-routeList-project_v413.adoc[]
include::../../../../_custom-en/clusterManagement/routes/routes-oper-searchForRoutes.adoc[]
include::../../../../../_ks_components-en/oper-refreshListData.adoc[]
include::../../../../../_ks_components-en/oper-customizeColumns.adoc[]
====

33
content/en/docs/v4.1/09-project-management/03-application-workloads/05-routes/03-view-route-details.adoc Normal file
View File

@ -0,0 +1,33 @@
---
title: "View Ingress Details"
keywords: "Kubernetes, {ks_product-en}, project management, application workloads, Ingress, view Ingress details"
description: "Learn how to view Ingress details."
weight: 03
---
:ks_permission: **Application Workload Viewing**
:ks_navigation: **Application Workloads > Ingresses**
include::../../../../_custom-en/clusterManagement/routes/routes-desc-viewRouteDetails.adoc[]
== Prerequisites
include::../../../../_custom-en/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
== Steps
include::../../../../_custom-en/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components-en/oper-navigate.adoc[]
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-openDetailsPage.adoc[]
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-viewRouteDetails_v413.adoc[]

38
content/en/docs/v4.1/09-project-management/03-application-workloads/05-routes/04-access-a-backend-service-of-a-route.adoc Normal file
View File

@ -0,0 +1,38 @@
---
title: "Access the Backend Service of an Ingress"
keywords: "Kubernetes, {ks_product-en}, project management, application workloads, Ingress, access the backend service of an Ingress"
description: "Learn how to access the backend service of an Ingress."
weight: 04
---
:ks_permission: **Application Workload Viewing**
:ks_navigation: **Application Workloads > Ingresses**
include::../../../../_custom-en/clusterManagement/routes/routes-desc-accessABackendServiceOfARoute.adoc[]
== Prerequisites
* {empty}
include::../../../../_custom-en/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
* You should install the **KubeSphere Gateway** extension and enable the cluster gateway or project gateway. For more information, see link:../../../../11-use-extensions/12-gateway[KubeSphere Gateway].
include::../../../../_custom-en/clusterManagement/routes/routes-prer-accessABackendServiceOfARoute.adoc[]
== Steps
include::../../../../_custom-en/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components-en/oper-navigate.adoc[]
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-openDetailsPage.adoc[]
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-accessABackendServiceOfARoute.adoc[]

29
content/en/docs/v4.1/09-project-management/03-application-workloads/05-routes/05-edit-route-information.adoc Normal file
View File

@ -0,0 +1,29 @@
---
title: "Edit Ingress Information"
keywords: "Kubernetes, {ks_product-en}, project management, application workloads, Ingress, edit Ingress information"
description: "Learn how to edit Ingress information."
weight: 05
---
:ks_permission: **Application Workload Management**
:ks_navigation: **Application Workloads > Ingresses**
include::../../../../_custom-en/clusterManagement/routes/routes-desc-editRouteInformation.adoc[]
== Prerequisites
include::../../../../_custom-en/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
== Steps
include::../../../../_custom-en/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components-en/oper-navigate.adoc[]
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-editRouteInformation.adoc[]

29
content/en/docs/v4.1/09-project-management/03-application-workloads/05-routes/06-edit-routing-rules.adoc Normal file
View File

@ -0,0 +1,29 @@
---
title: "Edit Routing Rules"
keywords: "Kubernetes, {ks_product-en}, project management, application workloads, Ingress, edit routing rules"
description: "Learn how to edit routing rules."
weight: 06
---
:ks_permission: **Application Workload Management**
:ks_navigation: **Application Workloads > Ingresses**
include::../../../../_custom-en/clusterManagement/routes/routes-desc-editingRutingRules.adoc[]
== Prerequisites
include::../../../../_custom-en/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
== Steps
include::../../../../_custom-en/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components-en/oper-navigate.adoc[]
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-editRoutingRules.adoc[]

29
content/en/docs/v4.1/09-project-management/03-application-workloads/05-routes/07-edit-route-annotations.adoc Normal file
View File

@ -0,0 +1,29 @@
---
title: "Edit Ingress Annotations"
keywords: "Kubernetes, {ks_product-en}, project management, application workloads, Ingress, edit Ingress annotations"
description: "Learn how to edit Ingress annotations."
weight: 07
---
:ks_permission: **Application Workload Management**
:ks_navigation: **Application Workloads > Ingresses**
include::../../../../_custom-en/clusterManagement/routes/routes-desc-editRouteAnnotations.adoc[]
== Prerequisites
include::../../../../_custom-en/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
== Steps
include::../../../../_custom-en/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components-en/oper-navigate.adoc[]
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-editRouteAnnotations.adoc[]

42
content/en/docs/v4.1/09-project-management/03-application-workloads/05-routes/08-delete-routes.adoc Normal file
View File

@ -0,0 +1,42 @@
---
title: "Delete Ingresses"
keywords: "Kubernetes, {ks_product-en}, project management, application workloads, Ingress, delete Ingress"
description: "Learn how to delete an Ingress."
weight: 08
---
:ks_permission: **Application Workload Management**
:ks_navigation: **Application Workloads > Ingresses**
include::../../../../_custom-en/clusterManagement/routes/routes-desc-deleteMultipleRoutes.adoc[]
== Prerequisites
include::../../../../_custom-en/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
== Delete a Single Ingress
include::../../../../_custom-en/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components-en/oper-navigate.adoc[]
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-deleteASingleRoute.adoc[]
== Delete Multiple Ingresses
include::../../../../_custom-en/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components-en/oper-navigate.adoc[]
+
include::../../../../_custom-en/clusterManagement/routes/routes-oper-deleteRoutes.adoc[]

9
content/en/docs/v4.1/09-project-management/03-application-workloads/05-routes/_index.adoc Normal file
View File

@ -0,0 +1,9 @@
---
title: "Ingresses"
keywords: "Kubernetes, {ks_product-en}, project management, application workloads, Ingress"
description: "Learn how to manage Ingresses."
weight: 05
layout: "second"
---
include::../../../../_custom-en/clusterManagement/routes/routes-desc-routes.adoc[]

2
content/en/docs/v4.1/09-project-management/03-application-workloads/_index.adoc
View File

@ -7,4 +7,4 @@ layout: "second"
weight: 03
---
This section explains how to manage applications, services, workloads, jobs, and pods.
This section explains how to manage applications, services, workloads, jobs, ingresses and pods.

104
content/en/docs/v4.1/11-use-extensions/01-devops/03-how-to-use/02-pipelines/07-access-jenkins-console.adoc
View File

@ -1,87 +1,53 @@
---
title: "Access Jenkins Dashboard"
keywords: "Kubernetes, {ks_product-en}, DevOps project, use DevOps, access Jenkins"
description: "Learn how to access the Jenkins dashboard."
title: "Log in to Jenkins Dashboard"
keywords: "Kubernetes, {ks_product-en}, DevOps project, Using DevOps, Access Jenkins"
description: "Introduces how to log in to the Jenkins dashboard."
weight: 07
---
When DevOps is installed, the Jenkins dashboard is also installed by default. However, you need to configure it according to the following steps before you can access the Jenkins dashboard.
Jenkins dashboard is installed by default when you install DevOps.
== Prerequisites
**DevOps** must have been installed and enabled.
{ks_product-en} platform needs to have the **DevOps** extension installed and enabled.
== Steps
. Run the following command on the cluster node to get the Jenkins address.
. Check the service corresponding to the Jenkins dashboard, then refer to link:../../../../../02-quickstart/08-access-a-service/[Access a Service] to access Jenkins dashboard.
+
--
// Bash
[,bash]
----
export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services devops-jenkins)
export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
----
You will get output similar to the following:
[,bash]
----
http://10.77.1.201:30180
----
--
. Check the `jenkins.securityRealm.openIdConnect.kubesphereCoreApi` and `jenkins.securityRealm.openIdConnect.jenkinsURL` in the DevOps configuration, ensuring they are modified to the actual accessible addresses of the kubesphere-console and devops-jenkins services, respectively. If not, modify them and wait for the extension to update.
+
[,yaml]
----
jenkins:
securityRealm:
openIdConnect:
# The kubesphere-core api used for jenkins OIDC
# If you want to access to jenkinsWebUI, the kubesphereCoreApi must be specified and browser-accessible
# Modifying this configuration will take effect only during installation
# If you wish for changes to take effect after installation, you need to update the jenkins-casc-config ConfigMap, copy the securityRealm configuration from jenkins.yaml to jenkins_user.yaml, save, and wait for approximately 70 seconds for the changes to take effect.
kubesphereCoreApi: "http://192.168.1.1:30880"
# The jenkins web URL used for OIDC redirect
jenkinsURL: "http://192.168.1.1:30180"
----
. Check all addresses under `securityRealm.oic` in the `jenkins_user.yaml` of the `jenkins-casc-config` ConfigMap, ensuring they are the same as those under `securityRealm.oic` in `jenkins.yaml`, and are modified to the actual accessible address of kubesphere-console. If they are not the same, modify them and wait for them to take effect.
+
[,yaml]
----
securityRealm:
oic:
clientId: "jenkins"
clientSecret: "jenkins"
tokenServerUrl: "http://192.168.1.1:30880/oauth/token"
authorizationServerUrl: "http://192.168.1.1:30880/oauth/authorize"
userInfoServerUrl: "http://192.168.1.1:30880/oauth/userinfo"
endSessionEndpoint: "http://192.168.1.1:30880/oauth/logout"
logoutFromOpenidProvider: true
scopes: openid profile email
fullNameFieldName: url
userNameField: preferred_username
----
. Check the `authentication.issuer.url` in the `kubesphere-config` ConfigMap, ensuring it is modified to the actual accessible address of kubesphere-console. If not, modify it and restart the deployment `ks-apiserver` for it to take effect.
+
--
[,yaml]
----
authentication:
issuer:
url: "http://192.168.1.1:30880"
----
[source,bash]
----
kubectl -n kubesphere-system rollout restart deploy ks-apiserver
kubectl -n kubesphere-devops-system get svc devops-jenkins
----
--
. Use the address http://NodeIP:30180 to access the Jenkins dashboard.
. Get the username and password for Jenkins admin.
+
Jenkins is configured with KubeSphere LDAP, which means you can log in to Jenkins directly using your KubeSphere account (e.g., `admin/P@88w0rd`).
--
[source,bash]
----
kubectl -n kubesphere-devops-system get secret devops-jenkins -o yaml
----
Sample output:
[source,yaml]
----
data:
jenkins-admin-password: aXMxZno1Z3lnQWFTaGRIU2EwUDZkbg==
jenkins-admin-token: MTE5NTQ4NDY3MTE4MDQ4ODAzMDI1MTc3MDk1OTUwNTM2MQ==
jenkins-admin-user: YWRtaW4=
----
Decode the base64 encoded `jenkins-admin-user` and `jenkins-admin-password` to get the username and password for Jenkins admin.
--
. Use the obtained username and password to log in to Jenkins dashboard.
[.admon.note,cols="a"]
|===
|Note
|
To log in to Jenkins dashboard through LDAP or OpenID Connect, please refer to the instructions on the details page of DevOps extension in Extensions Center.
|===

4
content/en/docs/v4.1/11-use-extensions/12-gateway/_index.adoc
View File

@ -5,7 +5,7 @@ weight: 12
layout: "second"
---
This section introduces how to use the "KubeSphere Gateway" extension to enable and manage gateways for clusters, workspaces, and projects, as well as manage application routes for clusters and projects.
This section introduces how to use the "KubeSphere Gateway" extension to enable and manage gateways for clusters, workspaces, and projects.
include::../../../_custom-en/clusterManagement/gatewaySettings/gatewaySettings-desc-gateway.adoc[]
@ -16,7 +16,7 @@ After installing the "KubeSphere Gateway" extension,
* The **Gateway Settings** option will be displayed under the **Cluster Settings** menu in the left navigation pane of the cluster;
* The **Gateway Settings** option will be displayed under the **Workspace Settings** menu in the left navigation pane of the workspace;
* The **Gateway Settings** option will be displayed under the **Project Settings** menu in the left navigation pane of the project.
* Ingresses can be created and managed under clusters and projects.
[.admon.tip,cols="a"]
|===

73
content/zh/docs/_custom/clusterManagement/routes/routes-oper-viewRouteDetails_v413.adoc Normal file
View File

@ -0,0 +1,73 @@
// :ks_include_id: 02ac1cebc06f4893a036c2e77c21d999
. 在应用路由详情页面左侧的**属性**区域查看应用路由的详细信息。
+
--
[%header,cols="1a,4a"]
|===
|参数 |描述
|集群
|应用路由的所属集群。
|项目
|应用路由的所属项目。
|应用
|应用路由对应的应用。
|网关地址
|
include::../gatewaySettings/gatewaySettings-para-address.adoc[]
|Ingress Class
|处理路由规则的 Ingress Controller。
|创建时间
|应用路由的创建时间。
|创建者
|创建应用路由的用户。
|===
--
. 在应用路由详情页面右侧的**资源状态**页签查看应用路由的路由规则。
+
--
**资源状态**页签显示当前应用路由的所有路由规则。
[%header,cols="1a,4a"]
|===
|参数 |描述
|域名和端口
|应用路由的域名和节点端口号。节点端口号仅在集群网关或项目网关的外部访问为 NodePort 时显示。
* 如果集群网关或项目网关的外部访问模式为 NodePort客户端需要通过 DNS 服务或本地 **hosts** 文件将域名解析为集群中任意节点的 IP 地址,并通过域名、路径和端口号(例如 **example.com/test:30240**)访问应用路由。
* 如果集群网关或项目网关的外部访问模式为 LoadBalancer客户端需要通过 DNS 服务或本地 **hosts** 文件将域名解析为项目网关负载均衡器的 IP 地址,并通过域名和路径(例如 **example.com/test**)访问应用路由。
|协议
|应用路由支持的协议,取值为**HTTP** 或 **HTTPS**。
|证书
|应用路由协议为 HTTPS 时,所使用的包含证书和私钥的保密字典的名称。仅在应用路由协议为 HTTPS 时显示。
|路径
|域名的路径,每条路径对应一个服务。
|服务
|域名路径所对应的服务的名称。
|端口
|域名路径所对应的服务的端口号。
|===
在路由规则右侧点击**访问服务**可访问应用路由的后端服务。
--
. 在应用路由详情页面右侧点击**元数据**页签查看应用路由的**标签**和**注解**。
. 在应用路由详情页面右侧点击**事件**页签查看应用路由的事件。
+
--
include::../clusterManagement-para-eventsTab.adoc[]
--

29
content/zh/docs/_custom/clusterManagement/routes/routes-para-routeList-cluster_v413.adoc Normal file
View File

@ -0,0 +1,29 @@
// :ks_include_id: ae74df332c484c09b5ea8272c0d8193c
* 应用路由列表提供以下信息:
+
--
[%header,cols="1a,4a"]
|===
|参数 |描述
|名称
|应用路由的名称和描述。
|网关地址
|
include::../gatewaySettings/gatewaySettings-para-address.adoc[]
|Ingress Class
|处理路由规则的 Ingress Controller。
|项目
|应用路由的所属项目。
// |应用
// |应用路由所对应的应用名称。
// 唯此处与项目不同
|创建时间
|应用路由的创建时间。
|===
--

25
content/zh/docs/_custom/clusterManagement/routes/routes-para-routeList-project_v413.adoc Normal file
View File

@ -0,0 +1,25 @@
// :ks_include_id: ae74df332c484c09b5ea8272c0d8193c
* 应用路由列表提供以下信息:
+
--
[%header,cols="1a,4a"]
|===
|参数 |描述
|名称
|应用路由的名称和描述。
|网关地址
|
include::../gatewaySettings/gatewaySettings-para-address.adoc[]
|Ingress Class
|处理路由规则的 Ingress Controller。
|应用
|应用路由所对应的应用名称。
|创建时间
|应用路由的创建时间。
|===
--

10
content/zh/docs/v4.1/02-quickstart/01-install-kubesphere.adoc
View File

@ -40,11 +40,21 @@ curl -sfL https://get-kk.kubesphere.io | sh -
.. 执行以下命令安装依赖项。
+
--
[,bash]
----
apt install socat conntrack -y
----
[.admon.note,cols="a"]
|===
|说明
|
如果集群节点使用其他操作系统,请将 **apt** 替换为操作系统对应的软件包管理工具。
|===
--
.. 执行以下命令快速创建一个 Kubernetes 集群。
+
[,bash]

170
content/zh/docs/v4.1/02-quickstart/08-access-a-service.adoc Normal file
View File

@ -0,0 +1,170 @@
---
title: "从集群外访问服务"
keywords: "Kubernetes, {ks_product}, 访问服务, 集群外, 访问应用"
description: "介绍如何从集群外访问服务。"
weight: 08
---
**服务Service**将运行在容器组pod上的应用程序公开为网络服务提供了固定的地址域名或 IP 地址)供客⼾端访问。访问服务即可访问部署在集群中的应用程序。
{ks_product_right}支持通过 NodePort、LoadBalancer、Ingress 或端口转发的方式,从集群外访问服务。
本节以应用程序 Bookinfo 为例介绍如何从集群外访问服务。在进行以下步骤之前请先在项目中link:../06-deploy-bookinfo/[部署 Bookinfo] 或其他应用程序。
== 通过 NodePort 访问服务
**NodePort**:系统将节点的端口映射到服务端口,可通过节点的 IP 地址和节点端口访问服务。
. 在集群或项目的左侧导航栏,选择**应用负载** > **服务**。
. 点击应用相应服务(如 `productpage`右侧的image:/images/ks-qkcp/zh/icons/more.svg[more,18,18],选择**编辑外部访问**。
. 在**访问模式**中选择 **NodePort**,点击**确定**。
. 在服务列表的**外部访问**列,查看暴露的节点端口。
. 在浏览器中输入 `<节点 IP>:<节点端口>`,即可从集群外访问服务。
+
--
// Note
include::../../../_ks_components/admonitions/note.adoc[]
访问服务前,您可能需要配置端口转发规则并在安全组中放行该端口。
include::../../../_ks_components/admonitions/admonEnd.adoc[]
--
== 通过 LoadBalancer 访问服务
**LoadBalancer**:系统在 NodePort 服务的基础上为服务分配一个外部 IP 地址,并将外部 IP 地址与一个外部负载均衡器绑定。外部负载均衡器监听服务对应的节点端口,从而可以通过外部 IP 地址访问服务。为实现上述功能LoadBalancer 类型的服务需要负载均衡器插件和基础设施环境提供支持,并且需要设置相关注解。有关更多信息,请联系您的基础设施环境提供商。
=== 前提条件
* 请提前创建好用于绑定服务的外部负载均衡器。可使用云服务商提供的负载均衡器,或开源负载均衡方案,如 OpenELB。
* 负载均衡器与 KubeSphere 集群在同一私有网络下,且负载均衡器已绑定公网 IP。
+
[.admon.note,cols="a"]
|===
|说明
|
有关具体操作,请参阅云环境的用户指南或联系您的云服务提供商。
|===
=== 操作步骤
. 在集群或项目的左侧导航栏,选择**应用负载** > **服务**。
. 点击应用相应服务(如 `productpage`右侧的image:/images/ks-qkcp/zh/icons/more.svg[more,18,18],选择**编辑外部访问**。
. 在**访问模式**中选择 **LoadBalancer**,选择**负载均衡器提供商**并添加相应**注解**,点击**确定**。
+
[.admon.note,cols="a"]
|===
|说明
|如果已选择负载均衡器提供商,点击**键**文本框时系统将在下拉列表中显示注解提示。
|===
. 在服务列表的**外部访问**列,查看通过负载均衡器暴露的外部 IP 地址。
. 点击服务名称进入详情页,在**资源状态**页签下的**端口**区域,查看服务端口。
. 在浏览器中输入 `<外部 IP 地址>:<服务端口>`,即可从集群外访问服务。
== 通过 Ingress 访问服务
**Ingress**应⽤路由Ingress对服务进⾏聚合并提供给集群外部访问。每个应⽤路由包含域名及其⼦路径到不同服务的映射规则。来自客户端的业务流量先发送给集群网关或项目网关集群网关或项目网关根据应用路由中定义的规则将业务流量转发给不同的服务从而实现对多个服务的反向代理。
=== 前提条件
* link:../../09-project-management/03-application-workloads/05-routes/01-create-a-route/[创建应用路由]。示例应用 bookinfo 已自动创建应用路由。
* link:../../11-use-extensions/12-gateway/03-cluster-gateway/01-enable-a-cluster-gateway/[启用集群网关]或link:../../11-use-extensions/12-gateway/01-project-gateway/01-enable-a-project-gateway/[启用项目网关]。
=== 操作步骤
应用路由创建完成后,您可通过任意 HTTP 或 HTTPS 客户端访问应用路由的后端服务。
. 在集群或项目的左侧导航栏,选择**应用负载** > **应用路由**。
. 在应用路由列表中点击一个应用路由的名称打开其详情页面。
. 在**资源状态**页签,在需要访问的路由规则右侧点击**访问服务**。
+
--
* 如果集群网关或项目网关的外部访问模式为 NodePort客户端需要通过 DNS 服务或本地 **hosts** 文件将域名解析为集群中任意节点的 IP 地址,并通过域名、路径和 NodePort 端口号(例如 **example.com/test:30240**)访问应用路由。
* 如果集群网关或项目网关的外部访问模式为 LoadBalancer客户端需要通过 DNS 服务或本地 **hosts** 文件将域名解析为项目网关负载均衡器的 IP 地址,并通过域名和路径(例如 **example.com/test**)访问应用路由。
如果应用路由设置正确,浏览器将显示后端服务的响应信息。
--
== 通过端口转发访问服务
端口转发是一种在本地计算机与集群内部服务之间建立连接的方法,通常用于本地开发和调试目的。当您在集群中执行端口转发时,它通常是将集群内部服务的端口映射到本地计算机上,以便您可以在本地计算机上访问这些服务。
=== 前提条件
* 集群的项目中存在至少一个服务。示例应用 bookinfo 已自动创建多个服务。
* 本地计算机需要安装 kubectl 工具,并且能与 KubeSphere 集群正常通信。
=== 操作步骤
. 在集群节点上,执行以下命令,检查已创建的服务。
+
--
[source,bash]
----
kubectl get service <service-name> -n <project-name>
----
示例:
[source,bash]
----
[root@node1 ~]# kubectl get service productpage -n demo-project
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
productpage ClusterIP 10.233.22.245 <none> 9080/TCP 6d23h
----
--
. 在本地计算机上使用 `kubectl port-forward` 进行端口转发。
+
--
[source,bash]
----
kubectl port-forward service/<service-name> <local-port>:<service-port> -n <project-name>
----
示例:
[source,bash]
----
[xxx@xxx ~]# kubectl port-forward service/productpage 34841:9080 -n demo-project
Forwarding from 127.0.0.1:34841 -> 9080
Forwarding from [::1]:34841 -> 9080
----
也可以不指定本地端口,让 kubectl 来选择和分配本地端口,这样您就不需要管理本地端口冲突。命令如下:
[source,bash]
----
kubectl port-forward service/<service-name> :<service-port> -n <project-name>
----
[.admon.note,cols="a"]
|===
|说明
|
您还可以用其他资源名称,如 Deployment 名称、Pod 名称等来进行端口转发。有关更多信息,请参阅 link:https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/port-forward-access-application-cluster/#forward-a-local-port-to-a-port-on-the-pod[Kubernetes 官方文档]。
|===
--
. 在本地计算机上的浏览器中输入 `127.0.0.1:<local-port>` 或者 `localhost:<local-port>` 来访问集群中的服务。

2
content/zh/docs/v4.1/02-quickstart/_index.adoc
View File

@ -8,6 +8,6 @@ weight: 02
icon: "/images/docs/common/docs.svg"
---
本节简要介绍如何安装{ks_product_left},以及如何控制用户权限,帮助您快速了解使用{ks_product_left}。
本节简要介绍如何安装{ks_product_left}、控制用户权限、部署应用程序等,帮助您快速了解使用{ks_product_left}。
有关{ks_product_both}安装和使用的更多信息,请参阅文档的其他章节。

2
content/zh/docs/v4.1/07-cluster-management/05-application-workloads/03-pods/03-view-container-details.adoc
View File

@ -6,7 +6,7 @@ description: "介绍如何查看容器详情。"
weight: 03
---
:ks_permission: **应用负载管理**
:ks_permission: **应用负载查看**
:ks_navigation: **应用负载 > 容器组**

14
content/zh/docs/v4.1/11-use-extensions/12-gateway/05-routes/01-create-a-route.adoc → content/zh/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/01-create-a-route.adoc
View File

@ -1,6 +1,6 @@
---
title: "创建应用路由"
keywords: "Kubernetes, {ks_product}, 项目管理, 应用负载, 应用路由, 创建应用路由"
keywords: "Kubernetes, {ks_product}, 集群管理, 应用负载, 应用路由, 创建应用路由"
description: "介绍如何创建应用路由。"
weight: 01
---
@ -14,20 +14,19 @@ include::../../../../_custom/clusterManagement/routes/routes-desc-createARoute.a
== 前提条件
:relfileprefix: ../../../../
* {empty}
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
:relfileprefix: ./
* 如需创建支持 HTTPS 协议的应用路由,您需要创建 **TLS 信息**类型的保密字典,保密字典中必须包含 Base64 编码的证书和私钥。
* 如需创建支持 HTTPS 协议的应用路由,您需要创建 **TLS 信息**类型的保密字典,保密字典中必须包含 Base64 编码的证书和私钥。有关更多信息请参阅link:../../../06-configuration/02-configmaps/[创建保密字典]。
* 应用路由所属的项目中存在至少一个服务。有关更多信息请参阅link:../../04-services/01-create-a-service/[创建服务]。
* 应用路由所属的项目中存在至少一个服务。
== 操作步骤
. 以具有pass:a,q[{ks_permission}]权限的用户登录{ks_product_left} Web 控制台并进入您的集群或项目。
include::../../../../_custom/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
@ -40,3 +39,4 @@ include::../../../../../_ks_components/oper-clickCreate.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-createARoute_v4.adoc[]

41
content/zh/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/02-view-a-route-list.adoc Normal file
View File

@ -0,0 +1,41 @@
---
title: "查看应用路由列表"
keywords: "Kubernetes, {ks_product}, 集群管理, 应用负载, 应用路由, 查看应用路由列表"
description: "介绍如何查看应用路由列表。"
weight: 02
---
:ks_permission: **应用负载查看**
:ks_navigation: **应用负载 > 应用路由**
include::../../../../_custom/clusterManagement/routes/routes-desc-viewARouteList.adoc[]
== 前提条件
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== 操作步骤
include::../../../../_custom/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
include::../../../../../_ks_components/oper-navigate.adoc[]
+
====
include::../../../../_custom/clusterManagement/routes/routes-para-routeList-cluster_v413.adoc[]
* 在列表左上角的下拉列表中选择一个项目,可以查看特定项目中的应用路由。
include::../../../../_custom/clusterManagement/routes/routes-oper-searchForRoutes.adoc[]
include::../../../../../_ks_components/oper-refreshListData.adoc[]
include::../../../../../_ks_components/oper-customizeColumns.adoc[]
====

36
content/zh/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/03-view-route-details.adoc Normal file
View File

@ -0,0 +1,36 @@
---
title: "查看应用路由详情"
keywords: "Kubernetes, {ks_product}, 集群管理, 应用负载, 应用路由, 查看应用路由列表"
description: "介绍如何查看应用路由详情。"
weight: 03
---
:ks_permission: **应用负载查看**
:ks_navigation: **应用负载 > 应用路由**
include::../../../../_custom/clusterManagement/routes/routes-desc-viewRouteDetails.adoc[]
== 前提条件
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== 操作步骤
include::../../../../_custom/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
include::../../../../../_ks_components/oper-navigate.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-openDetailsPage.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-viewRouteDetails_v413.adoc[]

41
content/zh/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/04-access-a-backend-service-of-a-route.adoc Normal file
View File

@ -0,0 +1,41 @@
---
title: "访问应用路由的后端服务"
keywords: "Kubernetes, {ks_product}, 集群管理, 应用负载, 应用路由, 访问应用路由的后端服务"
description: "介绍如何访问应用路由的后端服务。"
weight: 04
---
:ks_permission: **应用负载查看**
:ks_navigation: **应用负载 > 应用路由**
include::../../../../_custom/clusterManagement/routes/routes-desc-accessABackendServiceOfARoute.adoc[]
== 前提条件
* {empty}
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
* KubeSphere 平台需要安装并启用 **KubeSphere 网关**扩展组件,然后启用集群网关或项目网关。有关更多信息,请参阅 link:../../../../11-use-extensions/12-gateway[KubeSphere 网关]。
include::../../../../_custom/clusterManagement/routes/routes-prer-accessABackendServiceOfARoute.adoc[]
== 操作步骤
include::../../../../_custom/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
include::../../../../../_ks_components/oper-navigate.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-openDetailsPage.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-accessABackendServiceOfARoute.adoc[]

31
content/zh/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/05-edit-route-information.adoc Normal file
View File

@ -0,0 +1,31 @@
---
title: "编辑应用路由信息"
keywords: "Kubernetes, {ks_product}, 集群管理, 应用负载, 应用路由, 编辑应用路由信息"
description: "介绍如何编辑应用路由信息。"
weight: 05
---
:ks_permission: **应用负载管理**
:ks_navigation: **应用负载 > 应用路由**
include::../../../../_custom/clusterManagement/routes/routes-desc-editRouteInformation.adoc[]
== 前提条件
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== 操作步骤
include::../../../../_custom/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
include::../../../../../_ks_components/oper-navigate.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-editRouteInformation.adoc[]

32
content/zh/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/06-edit-routing-rules.adoc Normal file
View File

@ -0,0 +1,32 @@
---
title: "编辑路由规则"
keywords: "Kubernetes, {ks_product}, 集群管理, 应用负载, 应用路由, 编辑路由规则"
description: "介绍如何编辑路由规则。"
weight: 06
---
:ks_permission: **应用负载管理**
:ks_navigation: **应用负载 > 应用路由**
include::../../../../_custom/clusterManagement/routes/routes-desc-editingRutingRules.adoc[]
== 前提条件
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== 操作步骤
include::../../../../_custom/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
include::../../../../../_ks_components/oper-navigate.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-editRoutingRules.adoc[]

32
content/zh/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/07-edit-route-annotations.adoc Normal file
View File

@ -0,0 +1,32 @@
---
title: "编辑应用路由注解"
keywords: "Kubernetes, {ks_product}, 集群管理, 应用负载, 应用路由, 编辑应用路由注解"
description: "介绍如何编辑应用路由注解。"
weight: 07
---
:ks_permission: **应用负载管理**
:ks_navigation: **应用负载 > 应用路由**
include::../../../../_custom/clusterManagement/routes/routes-desc-editRouteAnnotations.adoc[]
== 前提条件
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== 操作步骤
include::../../../../_custom/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
include::../../../../../_ks_components/oper-navigate.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-editRouteAnnotations.adoc[]

44
content/zh/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/08-delete-routes.adoc Normal file
View File

@ -0,0 +1,44 @@
---
title: "删除应用路由"
keywords: "Kubernetes, {ks_product}, 集群管理, 应用负载, 应用路由, 删除应用路由"
description: "介绍如何删除应用路由。"
weight: 08
---
:ks_permission: **应用负载管理**
:ks_navigation: **应用负载 > 应用路由**
include::../../../../_custom/clusterManagement/routes/routes-desc-deleteMultipleRoutes.adoc[]
== 前提条件
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_new.adoc[]
== 删除单个应用路由
include::../../../../_custom/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
include::../../../../../_ks_components/oper-navigate.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-deleteASingleRoute.adoc[]
== 批量删除应用路由
include::../../../../_custom/clusterManagement/clusterManagement-oper-openClusterPage.adoc[]
+
include::../../../../../_ks_components/oper-navigate.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-deleteRoutes.adoc[]

10
content/zh/docs/v4.1/07-cluster-management/05-application-workloads/05-routes/_index.adoc Normal file
View File

@ -0,0 +1,10 @@
---
title: "应用路由"
keywords: "Kubernetes, {ks_product}, 集群管理, 应用路由"
description: "介绍如何管理应用路由。"
weight: 05
layout: "second"
---
include::../../../../_custom/clusterManagement/routes/routes-desc-routes.adoc[]

2
content/zh/docs/v4.1/07-cluster-management/05-application-workloads/_index.adoc
View File

@ -9,4 +9,4 @@ weight: 05
本节介绍如何管理工作负载、任务、容器组和服务
本节介绍如何管理工作负载、任务、容器组、服务和应用路由

2
content/zh/docs/v4.1/08-workspace-management/06-workspace-settings/03-workspace-members/02-view-a-workspace-member-list.adoc
View File

@ -36,7 +36,7 @@ include::../../../../../_ks_components/oper-navigate.adoc[]
|===
|参数 |描述
|用户
|名
|企业空间成员的用户名。
|状态

3
content/zh/docs/v4.1/08-workspace-management/06-workspace-settings/_index.adoc
View File

@ -9,6 +9,5 @@ weight: 06
本节介绍如何上设置企业空间基本信息、修改企业空间配额、设置企业空间角色和企业空间成员。
本节介绍如何设置企业空间基本信息、修改企业空间配额、设置企业空间角色和企业空间成员。

42
content/zh/docs/v4.1/09-project-management/03-application-workloads/05-routes/01-create-a-route.adoc Normal file
View File

@ -0,0 +1,42 @@
---
title: "创建应用路由"
keywords: "Kubernetes, {ks_product}, 项目管理, 应用负载, 应用路由, 创建应用路由"
description: "介绍如何创建应用路由。"
weight: 01
---
:ks_permission: **应用负载管理**
:ks_navigation: **应用负载 > 应用路由**
include::../../../../_custom/clusterManagement/routes/routes-desc-createARoute.adoc[]
== 前提条件
:relfileprefix: ../../../../
* {empty}
include::../../../../_custom/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
:relfileprefix: ./
* 如需创建支持 HTTPS 协议的应用路由,您需要创建 **TLS 信息**类型的保密字典,保密字典中必须包含 Base64 编码的证书和私钥。有关更多信息请参阅link:../../../05-configuration/01-secrets/01-create-a-secret/[创建保密字典]。
* 应用路由所属的项目中存在至少一个服务。有关更多信息请参阅link:../../02-services/01-create-a-service/01-create-a-stateful-or-stateless-service/[创建服务]。
== 操作步骤
include::../../../../_custom/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components/oper-navigate.adoc[]
+
include::../../../../../_ks_components/oper-clickCreate.adoc[]
+
include::../../../../_custom/clusterManagement/routes/routes-oper-createARoute_v4.adoc[]

6
content/zh/docs/v4.1/11-use-extensions/12-gateway/05-routes/02-view-a-route-list.adoc → content/zh/docs/v4.1/09-project-management/03-application-workloads/05-routes/02-view-a-route-list.adoc
View File

@ -17,7 +17,7 @@ include::../../../../_custom/clusterManagement/routes/routes-desc-viewARouteList
:relfileprefix: ../../../../
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
:relfileprefix: ./
@ -25,14 +25,14 @@ include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPe
== 操作步骤
. 以具有pass:a,q[{ks_permission}]权限的用户登录{ks_product_left} Web 控制台并进入您的集群或项目。
include::../../../../_custom/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
include::../../../../../_ks_components/oper-navigate.adoc[]
+
====
include::../../../../_custom/clusterManagement/routes/routes-para-routeList.adoc[]
include::../../../../_custom/clusterManagement/routes/routes-para-routeList-project_v413.adoc[]
include::../../../../_custom/clusterManagement/routes/routes-oper-searchForRoutes.adoc[]

6
content/zh/docs/v4.1/11-use-extensions/12-gateway/05-routes/03-view-route-details.adoc → content/zh/docs/v4.1/09-project-management/03-application-workloads/05-routes/03-view-route-details.adoc
View File

@ -17,7 +17,7 @@ include::../../../../_custom/clusterManagement/routes/routes-desc-viewRouteDetai
:relfileprefix: ../../../../
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
:relfileprefix: ./
@ -25,7 +25,7 @@ include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPe
== 操作步骤
. 以具有pass:a,q[{ks_permission}]权限的用户登录{ks_product_left} Web 控制台并进入您的集群或项目。
include::../../../../_custom/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
@ -37,4 +37,4 @@ include::../../../../_custom/clusterManagement/routes/routes-oper-openDetailsPag
+
include::../../../../_custom/clusterManagement/routes/routes-oper-viewRouteDetails.adoc[]
include::../../../../_custom/clusterManagement/routes/routes-oper-viewRouteDetails_v413.adoc[]

7
content/zh/docs/v4.1/11-use-extensions/12-gateway/05-routes/04-access-a-backend-service-of-a-route.adoc → content/zh/docs/v4.1/09-project-management/03-application-workloads/05-routes/04-access-a-backend-service-of-a-route.adoc
View File

@ -14,11 +14,8 @@ include::../../../../_custom/clusterManagement/routes/routes-desc-accessABackend
== 前提条件
:relfileprefix: ../../../../
* {empty}
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
:relfileprefix: ./
include::../../../../_custom/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
* {ks_product_right}平台需要安装并启用 **KubeSphere 网关**扩展组件,然后启用集群网关或项目网关。有关更多信息,请参阅 link:../../../../11-use-extensions/12-gateway[KubeSphere 网关]。
@ -27,7 +24,7 @@ include::../../../../_custom/clusterManagement/routes/routes-prer-accessABackend
== 操作步骤
. 以具有pass:a,q[{ks_permission}]权限的用户登录{ks_product_left} Web 控制台并进入您的集群或项目。
include::../../../../_custom/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+

4
content/zh/docs/v4.1/11-use-extensions/12-gateway/05-routes/05-edit-route-information.adoc → content/zh/docs/v4.1/09-project-management/03-application-workloads/05-routes/05-edit-route-information.adoc
View File

@ -17,7 +17,7 @@ include::../../../../_custom/clusterManagement/routes/routes-desc-editRouteInfor
:relfileprefix: ../../../../
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
:relfileprefix: ./
@ -25,7 +25,7 @@ include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPe
== 操作步骤
. 以具有pass:a,q[{ks_permission}]权限的用户登录{ks_product_left} Web 控制台并进入您的集群或项目。
include::../../../../_custom/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+

4
content/zh/docs/v4.1/11-use-extensions/12-gateway/05-routes/06-edit-routing-rules.adoc → content/zh/docs/v4.1/09-project-management/03-application-workloads/05-routes/06-edit-routing-rules.adoc
View File

@ -17,7 +17,7 @@ include::../../../../_custom/clusterManagement/routes/routes-desc-editingRutingR
:relfileprefix: ../../../../
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
:relfileprefix: ./
@ -25,7 +25,7 @@ include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPe
== 操作步骤
. 以具有pass:a,q[{ks_permission}]权限的用户登录{ks_product_left} Web 控制台并进入您的集群或项目。
include::../../../../_custom/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+

4
content/zh/docs/v4.1/11-use-extensions/12-gateway/05-routes/07-edit-route-annotations.adoc → content/zh/docs/v4.1/09-project-management/03-application-workloads/05-routes/07-edit-route-annotations.adoc
View File

@ -17,7 +17,7 @@ include::../../../../_custom/clusterManagement/routes/routes-desc-editRouteAnnot
:relfileprefix: ../../../../
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
:relfileprefix: ./
@ -25,7 +25,7 @@ include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPe
== 操作步骤
. 以具有pass:a,q[{ks_permission}]权限的用户登录{ks_product_left} Web 控制台并进入您的集群或项目。
include::../../../../_custom/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+

6
content/zh/docs/v4.1/11-use-extensions/12-gateway/05-routes/08-delete-routes.adoc → content/zh/docs/v4.1/09-project-management/03-application-workloads/05-routes/08-delete-routes.adoc
View File

@ -17,7 +17,7 @@ include::../../../../_custom/clusterManagement/routes/routes-desc-deleteMultiple
:relfileprefix: ../../../../
include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPermission_clusterandproject.adoc[]
include::../../../../_custom/projectManagement/projectManagement-prer-requiredPermission_new.adoc[]
:relfileprefix: ./
@ -25,7 +25,7 @@ include::../../../../_custom/clusterManagement/clusterManagement-prer-requiredPe
== 删除单个应用路由
. 以具有pass:a,q[{ks_permission}]权限的用户登录{ks_product_left} Web 控制台并进入您的集群或项目。
include::../../../../_custom/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+
@ -38,7 +38,7 @@ include::../../../../_custom/clusterManagement/routes/routes-oper-deleteASingleR
== 批量删除应用路由
. 以具有pass:a,q[{ks_permission}]权限的用户登录{ks_product_left} Web 控制台并进入您的集群或项目。
include::../../../../_custom/projectManagement/projectManagement-oper-openProjectPage.adoc[]
+

0
content/zh/docs/v4.1/11-use-extensions/12-gateway/05-routes/_index.adoc → content/zh/docs/v4.1/09-project-management/03-application-workloads/05-routes/_index.adoc
View File

2
content/zh/docs/v4.1/09-project-management/03-application-workloads/_index.adoc
View File

@ -8,4 +8,4 @@ weight: 03
---
本节介绍如何管理应用、服务、工作负载、任务和容器组。
本节介绍如何管理应用、服务、工作负载、任务、应用路由和容器组。

96
content/zh/docs/v4.1/11-use-extensions/01-devops/03-how-to-use/02-pipelines/07-access-jenkins-console.adoc
View File

@ -6,7 +6,7 @@ weight: 07
---
安装 DevOps 时,默认情况下也会安装 Jenkins 仪表板。但需按照以下步骤配置后,才能访问 Jenkins 仪表板。
安装 DevOps 时,默认情况下也会安装 Jenkins 仪表板。
== 前提条件
@ -14,75 +14,41 @@ weight: 07
== 操作步骤
. 在集群节点上执行以下命令获取 Jenkins 的地址
. 查看 jenkins 仪表盘对应的服务然后参阅link:../../../../../02-quickstart/08-access-a-service/[如何访问服务],访问 Jenkins 仪表板
+
--
// Bash
[,bash]
----
export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services devops-jenkins)
export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
----
您将获得如下输出:
[,bash]
----
http://10.77.1.201:30180
----
--
. 检查 DevOps 扩展组件配置中的 `jenkins.securityRealm.openIdConnect.kubesphereCoreApi` 和 `jenkins.securityRealm.openIdConnect.jenkinsURL` ,确保已经分别修改为 kubesphere-console 和 devops-jenkins 服务实际可访问的地址。如果不是,请修改并等待组件更新完成。
+
[,yaml]
----
jenkins:
securityRealm:
openIdConnect:
# The kubesphere-core api used for jenkins OIDC
# If you want to access to jenkinsWebUI, the kubesphereCoreApi must be specified and browser-accessible
# Modifying this configuration will take effect only during installation
# If you wish for changes to take effect after installation, you need to update the jenkins-casc-config ConfigMap, copy the securityRealm configuration from jenkins.yaml to jenkins_user.yaml, save, and wait for approximately 70 seconds for the changes to take effect.
kubesphereCoreApi: "http://192.168.1.1:30880"
# The jenkins web URL used for OIDC redirect
jenkinsURL: "http://192.168.1.1:30180"
----
. 检查配置字典 `jenkins-casc-config` 中 `jenkins_user.yaml` 下 `securityRealm.oic` 的所有地址,确保与 `jenkins.yaml` 下 `securityRealm.oic` 中的一样,都改为 kubesphere-console 实际可访问的地址。如果不一样,请修改并等待其生效。
+
[,yaml]
----
securityRealm:
oic:
clientId: "jenkins"
clientSecret: "jenkins"
tokenServerUrl: "http://192.168.1.1:30880/oauth/token"
authorizationServerUrl: "http://192.168.1.1:30880/oauth/authorize"
userInfoServerUrl: "http://192.168.1.1:30880/oauth/userinfo"
endSessionEndpoint: "http://192.168.1.1:30880/oauth/logout"
logoutFromOpenidProvider: true
scopes: openid profile email
fullNameFieldName: url
userNameField: preferred_username
----
. 检查配置字典 `kubesphere-config` 中的 `authentication.issuer.url`,确保已经修改为 kubesphere-console 实际可访问的地址。如果不是,请修改并重启 Deployment ks-apiserver 使其生效。
+
--
[,yaml]
----
authentication:
issuer:
url: "http://192.168.1.1:30880"
----
[source,bash]
----
kubectl -n kubesphere-system rollout restart deploy ks-apiserver
kubectl -n kubesphere-devops-system get svc devops-jenkins
----
--
. 使用地址 http://NodeIP:30180 访问 Jenkins 仪表板
. 获取 jenkins 管理员的用户名和密码。
+
Jenkins 配置有{ks_product_left} LDAP这意味着您可以直接使用{ks_product_both}账户(例如 `admin/P@88w0rd`)登录 Jenkins。
--
[source,bash]
----
kubectl -n kubesphere-devops-system get secret devops-jenkins -o yaml
----
输出示例:
[source,yaml]
----
data:
jenkins-admin-password: aXMxZno1Z3lnQWFTaGRIU2EwUDZkbg==
jenkins-admin-token: MTE5NTQ4NDY3MTE4MDQ4ODAzMDI1MTc3MDk1OTUwNTM2MQ==
jenkins-admin-user: YWRtaW4=
----
将 `jenkins-admin-user` 和 `jenkins-admin-password` 对应的内容 base64 解码后,即得到 jenkins 管理员的用户名和密码。
--
. 使用获取的用户名和密码,登录 Jenkins 仪表板。
[.admon.note,cols="a"]
|===
|说明
|
若想以 LDAP 或 OpenId Connect 的方式登录 jenkins 仪表板,请参阅扩展中心 DevOps 扩展组件的详情页说明。
|===

4
content/zh/docs/v4.1/11-use-extensions/12-gateway/_index.adoc
View File

@ -5,7 +5,7 @@ weight: 12
layout: "second"
---
本节介绍如何使用“KubeSphere 网关”扩展组件,启用和管理集群、企业空间和项目的网关,以及管理集群和项目的应用路由
本节介绍如何使用“KubeSphere 网关”扩展组件,启用和管理集群、企业空间和项目的网关。
include::../../../_custom/clusterManagement/gatewaySettings/gatewaySettings-desc-gateway.adoc[]
@ -16,7 +16,7 @@ include::../../../_custom/clusterManagement/gatewaySettings/gatewaySettings-desc
* 集群左侧导航栏的**集群设置**菜单下将显⽰**网关设置**选项;
* 企业空间左侧导航栏的**企业空间设置**菜单下将显⽰**网关设置**选项;
* 项目左侧导航栏的**项目设置**菜单下将显⽰**网关设置**选项。
* 集群和项目下才能创建和管理应用路由。
[.admon.tip,cols="a"]
|===

2
content/zh/docs/v4.1/21-security/01-security-policy.adoc
View File

@ -2,7 +2,7 @@
title: "安全策略"
keywords: "Kubernetes, KubeSphere, 安全策略"
description: "介绍 KubeSphere 安全策略。"
weight: 05
weight: 01
---
== 支持的版本

338
content/zh/docs/v4.1/21-security/02-vulnerability-advisory.adoc Normal file
View File

@ -0,0 +1,338 @@
---
title: "KubeSphere 网关组件ingress-nginx安全漏洞公告"
linkTitle: "KubeSphere 网关组件安全漏洞公告"
keywords: "Kubernetes, KubeSphere, 安全漏洞, 公告"
description: "介绍 KubeSphere 安全漏洞公告。"
weight: 02
---
== 漏洞概述
**影响版本**
- KubeSphere & KubeSphere 企业版 v3.x 所有版本
- KubeSphere & KubeSphere 企业版 v4.1.x 所有版本
**漏洞等级**:严重
**漏洞类型**:权限提升、信息泄露、安全绕过、目录遍历
**漏洞一览表:**
[%header,cols="1a,1a,1a,3a,1a"]
|===
|漏洞编号 |类型 |CVSS 评分 |简述 |详细信息
|CVE-2025-1097 |配置注入 |8.8(高危) |通过 `auth-tls-match-cn` 注解注入恶意配置,可导致任意代码执行和信息泄露 |link:https://github.com/kubernetes/kubernetes/issues/131007[官方链接]
|CVE-2025-24514 |配置注入 |8.8(高危) |通过 `auth-url` 注解注入恶意配置,可导致任意代码执行和信息泄露 |link:https://github.com/kubernetes/kubernetes/issues/131006[官方链接]
|CVE-2025-24513 |目录遍历 |4.8(中危)|Admission Controller 中的文件路径遍历,可能导致拒绝服务和信息泄露 |link:https://github.com/kubernetes/kubernetes/issues/131005[官方链接]
|CVE-2025-1974 |远程代码执行 |9.8(严重) |Pod 网络可达的未授权远程代码执行漏洞,可导致完全控制集群 |link:https://github.com/kubernetes/kubernetes/issues/131009[官方链接]
|CVE-2025-1098 |配置注入 |8.8(高危) |通过 `mirror-target` 和 `mirror-host` 注解注入恶意配置,可导致任意代码执行和信息泄露 |link:https://github.com/kubernetes/kubernetes/issues/131008[官方链接]
|===
== 漏洞影响分析
这些漏洞主要通过以下方式影响系统:
. **代码执行风险**CVE-2025-1097、CVE-2025-24514、CVE-2025-1098 和 CVE-2025-1974 都可能导致在 ingress-nginx 控制器上下文中执行任意代码。
. **信息泄露**由于默认情况下ingress-nginx 控制器可访问集群内所有命名空间中的 Secrets这可能导致敏感凭证泄露。
. **未授权访问**:特别是 CVE-2025-1974任何能够访问 Pod 网络的攻击者无需认证即可获取集群控制权CVSS 评分高达 9.8(严重)。
. **缓解条件**:对于 CVE-2025-24514如果已启用 `enable-annotation-validation` 参数v1.12.0 起默认启用),则不受该漏洞影响。
== 验证是否受影响
请执行以下步骤检查您的系统是否受影响。
. 确认是否使用 ingress-nginx 组件。
+
--
[source,bash]
----
kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx
----
如果命令返回结果,表明您正在使用 ingress-nginx。
--
. 检查已安装的 ingress-nginx 版本。
+
--
[source,bash]
----
kubectl exec -it -n ingress-nginx deploy/ingress-nginx-controller -- /nginx-ingress-controller --version
----
**受影响版本:**
- < v1.11.0
- v1.11.0 - v1.11.4
- v1.12.0
[.admon.attention,cols="a"]
|===
|注意
|如果您使用的是受影响版本,请立即采取本文档中的解决方案或缓解措施。
|===
--
== 解决方案
=== 1. 升级nginx 社区推荐方案)
升级至以下安全版本之一:
- v1.11.5
- v1.12.1
- 或更高版本
=== 2. 升级修复KubeSphere 产品中的网关)
对于 KubeSphere 和 KubeSphere 企业版 v4.1.3,将 Kubesphere 网关升级到 v1.0.4 版本Ingress-Nginx controller 版本 v1.12.1)。
对于 v4.1.3 之前的 KubeSphere 和 KubeSphere 企业版,请先升级至 v4.1.3。
// Gateway 扩展组件升级方法可参考https://cwiki.yunify.com/pages/viewpage.action?pageId=224896073
=== 3. 临时缓解措施
如无法立即升级,可执行以下临时缓解措施。
==== CVE-2025-1097 缓解措施
检查并移除所有 Ingress 中的 `auth-tls-match-cn` 注解。
. 检查注解。
+
[source,bash]
----
kubectl get ingress -A -o custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name,AUTH_TLS_MATCH_CN:.metadata.annotations.nginx\.ingress\.kubernetes\.io/auth-tls-match-cn'
----
. 移除注解。
+
[source,bash]
----
kubectl annotate ingress -n <namespace-name> <Ingress-name> nginx.ingress.kubernetes.io/auth-tls-match-cn-
----
==== CVE-2025-24514 缓解措施
- 检查并移除所有 Ingress 中的 `auth-url` 注解。
+
--
. 检查注解。
+
[source,bash]
----
kubectl get ingress -A -o custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name,AUTH_URL:.metadata.annotations.nginx\.ingress\.kubernetes\.io/auth-url'
----
. 移除注解。
+
[source,bash]
----
kubectl annotate ingress -n <namespace-name> <Ingress-name> nginx.ingress.kubernetes.io/auth-url-
----
--
- 或启用 `enable-annotation-validation` 参数(此参数从 v1.12.0 起默认启用,但低版本需手动配置)。
+
--
. 检查是否启用了注解验证功能。
+
[source,bash]
----
kubectl get deployment -n ingress-nginx ingress-nginx-controller -o yaml | grep enable-annotation-validation
----
. 如未启用,编辑 deployment 添加参数 `--enable-annotation-validation=true`,保存后 ingress-nginx-controller 会自动重启。
+
[source,bash]
----
kubectl edit deployment -n ingress-nginx ingress-nginx-controller
----
--
==== CVE-2025-24513 和 CVE-2025-1974 缓解措施
KubeSphere 网关默认不开启 Admission Controller通过以下方法检查您的网关是否开启了 Admission Controller。
. 检查所有网关的 release。
+
[source,bash]
----
helm list -n A | grep kubesphere-router
----
. 查看所有 release 是否开启了 Admission Controller。
+
--
[source,bash]
----
helm get values [RELEASE_NAME] -n [RELEASE_NAMESPACE]
----
若 `controller.admissionWebhooks.enabled` 为 true请立即联系 KubeSphere 安全团队为您解决。
--
. 如果您自行安装了 ingress-nginx且 `controller.admissionWebhooks.enabled` 为 true可使用以下方法检查和禁用 Admission Controller。
+
====
[.admon.attention,cols="a"]
|===
|注意
|
这仅作为临时缓解措施,如果已升级到安全版本 v1.11.5 或 v1.12.1,则无需禁用 Admission Controller。
|===
* 若使用 Helm 安装了 ingress-nginx您需要重新安装设置 Helm 参数,禁用 admission webhook
+
[source,bash]
----
helm upgrade [RELEASE_NAME] ingress-nginx/ingress-nginx \
--set controller.admissionWebhooks.enabled=false \
-n ingress-nginx
----
* 若手动安装了 ingress-nginx
+
--
* 方法 1删除 `ValidatingWebhookConfiguration`。
+
[source,bash]
----
kubectl delete validatingwebhookconfigurations ingress-nginx-admission
----
* 方法 2编辑 Deployment 或 DaemonSet在 `spec.containers.args` 部分,删除 `--validating-webhook` 相关行。
+
[source,bash]
----
kubectl edit deployment -n ingress-nginx ingress-nginx-controller
----
+
[source,yaml]
----
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
----
--
[.admon.warning,cols="a"]
|===
|重要提示
|
升级到安全版本v1.11.5、v1.12.1 或更高版本)是解决所有漏洞的完整修复方案。禁用 Admission Controller 仅是在无法立即升级时的临时措施。升级后应保持 Admission Controller 启用,以确保正常功能。
|===
====
==== CVE-2025-1098 缓解措施
检查并移除所有 Ingress 中的 `mirror-target` 和 `mirror-host` 注解。
. 检查注解。
+
[source,bash]
----
kubectl get ingress -A -o custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name,MIRROR_TARGET:.metadata.annotations.nginx\.ingress\.kubernetes\.io/mirror-target,MIRROR_HOST:.metadata.annotations.nginx\.ingress\.kubernetes\.io/mirror-host'
----
. 移除注解。
+
[source,bash]
----
kubectl annotate ingress -n <namespace-name> <Ingress-name> nginx.ingress.kubernetes.io/mirror-target-
kubectl annotate ingress -n <namespace-name> <Ingress-name> nginx.ingress.kubernetes.io/mirror-host-
----
== 检测方法
使用以下命令检查可能被利用的配置或可疑活动:
. 检查可能被用于攻击的 `auth-tls-match-cn` 注解CVE-2025-1097
+
--
[source,bash]
----
kubectl get ingress -A -o custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name,AUTH_TLS_MATCH_CN:.metadata.annotations.nginx\.ingress\.kubernetes\.io/auth-tls-match-cn'
----
检查返回结果中是否有可疑内容,特别注意包含特殊字符如 `#`、`}}`、换行符等的注解值。
--
. 检查可能被用于攻击的 `auth-url` 注解CVE-2025-24514
+
--
[source,bash]
----
kubectl get ingress -A -o custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name,AUTH_URL:.metadata.annotations.nginx\.ingress\.kubernetes\.io/auth-url'
----
检查返回结果中是否有可疑内容,特别注意包含 `#`、`;` 或换行符的 URL。
--
. 检查 Admission Controller 是否开启,这与 CVE-2025-24513 和 CVE-2025-1974 相关。
+
--
[source,bash]
----
kubectl get validatingwebhookconfigurations -l app.kubernetes.io/name=ingress-nginx
----
如果返回结果,表示 Admission Controller 已开启,可能存在被攻击的风险。
--
. 检查可能被用于攻击的 `mirror-target` 或 `mirror-host` 注解CVE-2025-1098
+
--
[source,bash]
----
kubectl get ingress -A -o custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name,MIRROR_TARGET:.metadata.annotations.nginx\.ingress\.kubernetes\.io/mirror-target,MIRROR_HOST:.metadata.annotations.nginx\.ingress\.kubernetes\.io/mirror-host'
----
检查返回结果中是否有可疑内容。
--
. 检查 Pod 日志中是否有可疑活动。
+
[source,bash]
----
kubectl logs -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx --tail=1000 | grep -E "error|warn|critical|suspicious|unauthorized"
----
如果发现可疑配置或活动,请立即隔离受影响的资源并联系 KubeSphere 安全团队进行进一步分析。
== 安全最佳实践
- 实施严格的网关访问控制
- 配置网关路由隔离策略
- 启用 TLS
- 限制 Ingress 资源访问权限
- 启用审计日志监控
- 实施 RBAC 最小权限原则
- 定期检查和升级 ingress-nginx 控制器
- 确保 Admission Controller 不对外暴露
- 实施网络策略限制 Pod 网络通信
== 技术支持
如发现漏洞利用证据或需要技术支持,请联系:
- KubeSphere 安全团队security@kubesphere.io
- GitHub Issueslink:https://github.com/kubesphere/kubesphere/issues[]
== 参考信息
- link:https://kubernetes.github.io/ingress-nginx/deploy/upgrade/[ingress-nginx 升级文档]
- link:https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities[Wiz Research: IngressNightmare 漏洞分析]
- link:https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/[Kubernetes 官方博客: CVE-2025-1974 简介]