管理节点路由

在 DC/OS 管理节点上运行 Admin Router

Admin Router 在 DC/OS 管理节点上运行。它显示下面所示的 API 路由。Admin Router 侦听端口 80 (HTTP) 和 443 (HTTPS)。

有关 API 路由方式的详细信息，请参阅 DC/OS API 参考。

Routes

Show/Hide All

Legend

• Proxy retrieves resources from another address.
• File retrieves static files.
• Lua executes Lua code to generate response.
• Redirect redirects to another address.

• Rewrite retrieves resources from another route.

• Root

  Show/Hide

  • File /

    DC/OS GUI

    Path:

    /opt/mesosphere/active/dcos-ui/usr

• Agent

  Show/Hide

  • Proxy /(slave|agent)/(?[0-9a-zA-Z-]+)(?.+)

    API proxy to a specific agent node

    Rewrite:	Regex: ^/(slave|agent)/[0-9a-zA-Z-]+/.*$ Replacement: $url Type: break
    Proxy:	Path: $agentaddr:$agentport

• Authentication

  Show/Hide

  • File /acs/acl-schema.json

    Access Control List schema

    Path:

    /opt/mesosphere/active/acl-schema/etc/acl-schema.json

  • Proxy /acs/api/v1

    Access Control Service

    Path:	http://$backend/acs/api/v1
    Server:	127.0.0.1:8101
    Backend:	DC/OS Identity and Access Manager (Bouncer)
    API Reference:	https://docs.d2iq.com/1.11/security/ent/iam-api/

  • Proxy /acs/api/v1/auth/(login|logout|jwks|providers|oidc/callback|oidc/providers/?|saml/providers/?)

    Access Control Service (unauthenticated)

    Path:	http://$backend~ ^/acs/api/v1/auth/(login|logout|jwks|providers|oidc/callback|oidc/providers/?|saml/providers/?)$
    Server:	127.0.0.1:8101
    Backend:	DC/OS Identity and Access Manager (Bouncer)
    API Reference:	https://docs.d2iq.com/1.11/security/ent/iam-api/

  • Proxy /acs/api/v1/auth/saml/providers/[0-9a-zA-Z-]+/acs-callback

    Access Control Service SAML provider callback (unauthenticated)

    Path:	http://$backend~ ^/acs/api/v1/auth/saml/providers/[0-9a-zA-Z-]+/acs-callback$
    Server:	127.0.0.1:8101
    Backend:	DC/OS Identity and Access Manager (Bouncer)
    API Reference:	https://docs.d2iq.com/1.11/security/ent/iam-api/

  • Proxy /acs/api/v1/users/(?.*)/permissions

    Access Control List schema

    Path:	http://$backend~ ^/acs/api/v1/users/(?<uid_path>.*)/permissions$
    Server:	127.0.0.1:8101
    Backend:	DC/OS Identity and Access Manager (Bouncer)
    API Reference:	https://docs.d2iq.com/1.11/security/ent/iam-api/

  • Proxy /internal/acs/api/v1/

    Access Control Service policy query (unauthenticated, internal-only)

    Rewrite:	Regex: ^/internal/(.*) Replacement: /$1 Type: break
    Proxy:	Path: http://$backend/internal/acs/api/v1/ Server: 127.0.0.1:8101 Backend: DC/OS Identity and Access Manager (Bouncer) API Reference: https://docs.d2iq.com/1.11/security/ent/iam-api/

• Capabilities

  Show/Hide

  • Proxy /capabilities

    List of capabilities supported by DC/OS

    Path:

    $upstream_cosmos

• Certificate Authority

  Show/Hide

  • Proxy /ca/api/v2/(newcert|newkey|sign)

    Certificate Signing Request (CSR)

    Rewrite:	Regex: ^/ca/api/v2/(.*) Replacement: /api/v1/cfssl/$1 Type: break
    Proxy:	Path: http://$backend~ /ca/api/v2/(newcert|newkey|sign)$ Server: 127.0.0.1:8888 Backend: DC/OS Certificate Authority API Reference: https://docs.d2iq.com/1.11/security/ent/tls-ssl/ca-api/

  • Proxy /ca/api/v2/bundle

    Retrieve certificate chain without root CA cert for provided certificate

    Rewrite:	Regex: ^/ca/api/v2/(.*) Replacement: /api/v1/cfssl/$1 Type: break
    Proxy:	Path: http://$backend= /ca/api/v2/bundle Server: 127.0.0.1:8888 Backend: DC/OS Certificate Authority API Reference: https://docs.d2iq.com/1.11/security/ent/tls-ssl/ca-api/

  • Proxy /ca/api/v2/info

    Certificate and basic signing information

    Rewrite:	Regex: ^/ca/api/v2/(.*) Replacement: /api/v1/cfssl/$1 Type: break
    Proxy:	Path: http://$backend= /ca/api/v2/info Server: 127.0.0.1:8888 Backend: DC/OS Certificate Authority API Reference: https://docs.d2iq.com/1.11/security/ent/tls-ssl/ca-api/

  • File /ca/cacerts.jks

    Get CA public key Java Key Store file (unauthenticated)

    Path:

    /run/dcos/pki/CA/certs/cacerts.jks

  • File /ca/dcos-ca.crt

    Get CA public key Privacy Enhanced Mail file (unauthenticated)

    Path:

    /run/dcos/pki/CA/ca-bundle.crt

• Cluster

  Show/Hide

  • Proxy /cluster/

    Allow access to Cluster APIs

    Path:	http://$backend
    Server:	unix:/run/dcos/dcos-cluster-linker.sock
    Backend:	DC/OS Cluster Linker
    API Reference:	https://docs.d2iq.com/1.11/administering-clusters/multiple-clusters/cluster-link-api/

• CockroachDB

  Show/Hide

  • Redirect /cockroachdb

    Redirect to the CockroachDB Admin UI

    Regex:	^/cockroachdb$
    Replacement:	$scheme://$http_host/cockroachdb/
    Type:	permanent

  • Proxy /cockroachdb/

    The CockroachDB Admin UI

    Path:	https://$backend/
    Server:	127.0.0.1:8090
    Backend:	CockroachDB
    API Reference:	https://www.cockroachlabs.com/

• Cosmos

  Show/Hide

  • Proxy /cosmos/service/

    Start a DC/OS service from a DC/OS package

    Rewrite:	Regex: ^/cosmos/(.*) Replacement: /$1 Type: break
    Proxy:	Path: $upstream_cosmos

• DC/OS Net

  Show/Hide

  • Proxy /navstar/lashup/key

    Path:	http://$backend/lashup/key
    Server:	127.0.0.1:62080
    Backend:	DC/OS Net

• Exhibitor

  Show/Hide

  • Proxy /exhibitor/

    Manage Zookeeper

    Path:	http://$backend/
    Server:	127.0.0.1:8181
    Backend:	Exhibitor (Zookeeper)
    API Reference:	https://github.com/soabase/exhibitor/wiki/REST-Introduction

  • Proxy /exhibitor/exhibitor/v1/cluster/status

    Exhibitor cluster status (unauthenticated)

    Rewrite:	Regex: ^/exhibitor/(.*) Replacement: /$1 Type: break
    Proxy:	Path: http://$backend/ Server: 127.0.0.1:8181 Backend: Exhibitor (Zookeeper) API Reference: https://github.com/soabase/exhibitor/wiki/REST-Introduction

• History

  Show/Hide

  • Proxy /dcos-history-service/

    Path:

    $historyservice_upstream

• Marathon

  Show/Hide

  • Rewrite /marathon/

    Rewrite:	Regex: ^/marathon/(.*)$ Replacement: /service/marathon/$1 Type: last
    Deprecated:	Use /service/marathon/

• Mesos

  Show/Hide

  • Proxy /mesos/

    Apache Mesos

    Rewrite:	Regex: ^/mesos/(.*) Replacement: /$1 Type: break
    Proxy:	Path: $upstream_mesos

• Mesos DNS

  Show/Hide

  • Proxy /mesos_dns/

    Domain-based service discovery

    Path:	http://$backend/
    Server:	127.0.0.1:8123
    Backend:	Mesos DNS
    API Reference:	https://docs.d2iq.com/1.11/networking/DNS/mesos-dns/mesos-dns-api/

• Metadata

  Show/Hide

  • File /dcos-metadata/bootstrap-config.json

    DC/OS bootstrap configuration

    Path:

    /opt/mesosphere/etc/bootstrap-config.json

  • File /dcos-metadata/dcos-version.json

    DC/OS version (unauthenticated)

    Path:

    /opt/mesosphere/active/dcos-metadata/etc/dcos-version.json

  • File /dcos-metadata/ui-config.json

    DC/OS GUI configuration (unauthenticated)

    Path:

    /opt/mesosphere/etc/ui-config.json

  • Lua /metadata

    Public IP and Cluster ID

    Path:

    conf/lib/metadata.lua

• Network Metrics

  Show/Hide

  • Proxy /networking/api/v1/

    Networking-related metrics

    Rewrite:	Regex: ^/networking/api/v1/(.*) Replacement: /$1 Type: break
    Proxy:	Path: $upstream_dcos_netapi

• Other

  Show/Hide

  • Proxy /internal/mesos_dns/

    Path:	http://$backend/
    Server:	127.0.0.1:8123
    Backend:	Mesos DNS
    API Reference:	https://docs.d2iq.com/1.11/networking/DNS/mesos-dns/mesos-dns-api/

• Package

  Show/Hide

  • Proxy /package/

    Package Management

    Path:

    $upstream_cosmos

• Pkgpanda

  Show/Hide

  • Proxy /pkgpanda/

    DC/OS component package management

    Path:	http://$backend
    Server:	unix:/run/dcos/pkgpanda-api.sock
    Backend:	DC/OS Component Package Manager (Pkgpanda)
    API Reference:	https://docs.d2iq.com/1.11/administering-clusters/component-management/

  • File /pkgpanda/active.buildinfo.full.json

    List the active Pkgpanda packages

    Path:

    /opt/mesosphere/active.buildinfo.full.json

• Secrets

  Show/Hide

  • Proxy /secrets/v1/

    Securely store and retrieve secrets

    Path:

    $upstream_secrets

• Service

  Show/Hide

  • Proxy /service/(?.+)

    Proxy to services running on DC/OS

    Path:

    $upstream_url

• System

  Show/Hide

  • Proxy /system/health/v1

    Component service status

    Path:	http://$backend
    Server:	unix:/run/dcos/dcos-diagnostics.sock
    Backend:	DC/OS Diagnostics
    API Reference:	https://docs.d2iq.com/1.11/monitoring/#system-health-http-api-endpoint

  • Proxy /system/v1/agent/(?[0-9a-zA-Z-]+)(?/logs.*|/metrics/v0.*|/dcos-metadata/dcos-version.json)

    System proxy to a specific agent node

    Rewrite:	Regex: ^/system/v1/agent/[0-9a-zA-Z-]+/(logs.|metrics/v0.) Replacement: /system/v1$url Type: break
    Rewrite:	Regex: ^/system/v1/agent/[0-9a-zA-Z-]+/dcos-metadata/dcos-version.json Replacement: /dcos-metadata/dcos-version.json Type: break
    Proxy:	Path: $agentaddr:$adminrouter_agent_port

  • Proxy /system/v1/backup/

    Backup & Restore DC/OS Components

    Path:	http://$backend
    Server:	unix:/run/dcos/dcos-backup-master.sock
    Backend:	DC/OS Backup
    API Reference:	https://docs.d2iq.com/1.11/administering-clusters/backup-and-restore/backup-restore-api/

  • Proxy /system/v1/leader/marathon(?.*)

    System proxy to the master node with the Marathon leader

    Path:

    $mleader_host/system/v1$url$is_args$query_string

  • Proxy /system/v1/leader/mesos(?.*)

    System proxy to the master node with the Mesos leader

    Path:

    $system_v1_leader_mesos

  • Proxy /system/v1/logs/

    Node, component service, and container (task) logs

    Path:	http://$backend
    Server:	unix:/run/dcos/dcos-log.sock
    Backend:	DC/OS Log
    API Reference:	https://docs.d2iq.com/1.11/monitoring/logging/logging-api/

  • Proxy /system/v1/metrics/

    Node, container, and application metrics

    Path:	http://$backend
    Server:	unix:/run/dcos/dcos-metrics-master.sock
    Backend:	DC/OS Metrics
    API Reference:	https://docs.d2iq.com/1.11/metrics/metrics-api/