文档章节

【微服务】部署Api网关Kong

Tree
 Tree
发布于 2018/01/04 16:12
字数 985
阅读 561
收藏 1

Kong 是在客户端和(微)服务间转发 API 通信的 API 网关,通过插件扩展功能。持久化支持Postgresql和Cassandra。鉴于做测试,使用搭建简便的Postgresql作为DB存储。

IP分配

192.168.0.181:CentOS7 部署Kong服务; 192.168.0.184:CentOS7 部署postgresql 10;

部署postgresql

首先在192.168.0.184上部署postgresql,命令如下:

 yum install https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-1.noarch.rpm
 yum install postgresql10
 yum install postgresql10-server


 /usr/pgsql-10/bin/postgresql-10-setup initdb
 systemctl enable postgresql-10
 systemctl start postgresql-10

安装完毕后进入db创建用户;

#首先进入postgres用户
su postgres

#进入sql命令行
/usr/pgsql-10/bin/psql

#创建用户和库
CREATE USER kong; CREATE DATABASE kong OWNER kong;

#修改用户kong的密码
ALTER USER kong WITH PASSWORD 'kong';

安装kong

接下来在192.168.0.181上安装kong,首先下载对应CentOS7的rpm文件:kong-community-edition-0.11.2.el7.noarch.rpm

yum install epel-release
yum install kong-community-edition-0.11.2.*.noarch.rpm --nogpgcheck

然后修改配置文件,默认在/etc/kong/kong.conf.default

database = postgres
pg_host = 192.168.0.184
pg_port = 5432
pg_user = kong
pg_password = kong
pg_database = kong

然后重命名为kong.conf

再初始化db

kong migrations up -c /etc/kong/kong.conf

启动:

kong start -c /etc/kong/kong.conf

kong开放4个端口,分别用途如下:

  • 8000: 监听HTTP请求,向后端服务进行转发;
  • 8443: 监听HTTPS请求,同8000;
  • 8001: 用户管理api访问端口;
  • 8444: 监听HTTPS用于管理api端口;

停止和reload命令:

kong stop
kong reload

Kong管理接口

状态相关接口

查看kong信息
GET http://192.168.0.181:8001/
  • available_on_server: 查看开启的插件列表
  • enabled_in_cluster:查看集群中开启插件的信息
{
    "version": "0.11.2", 
    "plugins": {
        "enabled_in_cluster": [ ], 
        "available_on_server": {
            "response-transformer": true, 
            "correlation-id": true, 
            "statsd": true, 
            "jwt": true, 
            "cors": true, 
            "basic-auth": true, 
            "key-auth": true, 
            "ldap-auth": true, 
            "oauth2": true, 
            "http-log": true, 
            "ip-restriction": true, 
            "hmac-auth": true, 
            "request-size-limiting": true, 
            "datadog": true, 
            "tcp-log": true, 
            "request-transformer": true, 
            "file-log": true, 
            "acl": true, 
            "bot-detection": true, 
            "loggly": true, 
            "galileo": true, 
            "syslog": true, 
            "udp-log": true, 
            "response-ratelimiting": true, 
            "aws-lambda": true, 
            "runscope": true, 
            "rate-limiting": true, 
            "request-termination": true
        }
    }, 
    "tagline": "Welcome to kong", 
    "configuration": {
        "error_default_type": "text/plain", 
        "admin_listen": "0.0.0.0:8001", 
        "lua_ssl_verify_depth": 1, 
        "trusted_ips": { }, 
        "prefix": "/usr/local/kong", 
        "nginx_conf": "/usr/local/kong/nginx.conf", 
        "cassandra_username": "kong", 
        "proxy_ip": "0.0.0.0", 
        "ssl_cert_key": "/usr/local/kong/ssl/kong-default.key", 
        "admin_ssl_cert_key": "/usr/local/kong/ssl/admin-kong-default.key", 
        "dns_resolver": { }, 
        "pg_user": "kong", 
        "mem_cache_size": "128m", 
        "server_tokens": true, 
        "proxy_ssl_port": 8443, 
        "admin_ip": "0.0.0.0", 
        "custom_plugins": { }, 
        "pg_host": "192.168.0.184", 
        "nginx_acc_logs": "/usr/local/kong/logs/access.log", 
        "proxy_listen": "0.0.0.0:8000", 
        "client_ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt", 
        "cassandra_ssl": false, 
        "dns_no_sync": false, 
        "db_update_propagation": 0, 
        "nginx_err_logs": "/usr/local/kong/logs/error.log", 
        "cassandra_port": 9042, 
        "dns_order": [
            "LAST", 
            "SRV", 
            "A", 
            "CNAME"
        ], 
        "admin_ssl_ip": "0.0.0.0", 
        "dns_stale_ttl": 4, 
        "nginx_optimizations": true, 
        "proxy_ssl_ip": "0.0.0.0", 
        "database": "postgres", 
        "ssl": true, 
        "pg_database": "kong", 
        "nginx_worker_processes": "auto", 
        "admin_ssl_port": 8444, 
        "lua_package_cpath": "", 
        "admin_port": 8001, 
        "nginx_pid": "/usr/local/kong/pids/nginx.pid", 
        "upstream_keepalive": 60, 
        "proxy_access_log": "logs/access.log", 
        "ssl_ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256", 
        "ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr", 
        "admin_access_log": "logs/admin_access.log", 
        "dns_error_ttl": 1, 
        "client_ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr", 
        "pg_password": "******", 
        "client_ssl": false, 
        "cassandra_contact_points": [
            "127.0.0.1"
        ], 
        "admin_ssl_cert_csr_default": "/usr/local/kong/ssl/admin-kong-default.csr", 
        "lua_socket_pool_size": 30, 
        "real_ip_header": "X-Real-IP", 
        "ssl_cipher_suite": "modern", 
        "cassandra_consistency": "ONE", 
        "http2": false, 
        "proxy_listen_ssl": "0.0.0.0:8443", 
        "client_max_body_size": "0", 
        "admin_error_log": "logs/error.log", 
        "pg_ssl_verify": false, 
        "dns_not_found_ttl": 30, 
        "pg_ssl": false, 
        "proxy_error_log": "logs/error.log", 
        "proxy_port": 8000, 
        "cassandra_repl_strategy": "SimpleStrategy", 
        "latency_tokens": true, 
        "admin_listen_ssl": "0.0.0.0:8444", 
        "admin_ssl_cert": "/usr/local/kong/ssl/admin-kong-default.crt", 
        "admin_http2": false, 
        "nginx_kong_conf": "/usr/local/kong/nginx-kong.conf", 
        "cassandra_schema_consensus_timeout": 10000, 
        "dns_hostsfile": "/etc/hosts", 
        "log_level": "notice", 
        "cassandra_timeout": 5000, 
        "ssl_cert": "/usr/local/kong/ssl/kong-default.crt", 
        "admin_ssl": true, 
        "admin_ssl_cert_key_default": "/usr/local/kong/ssl/admin-kong-default.key", 
        "cassandra_ssl_verify": false, 
        "db_cache_ttl": 3600, 
        "cassandra_lb_policy": "RoundRobin", 
        "real_ip_recursive": "off", 
        "cassandra_repl_factor": 1, 
        "client_ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key", 
        "nginx_daemon": "on", 
        "anonymous_reports": true, 
        "kong_env": "/usr/local/kong/.kong_env", 
        "cassandra_data_centers": [
            "dc1:2", 
            "dc2:3"
        ], 
        "pg_port": 5432, 
        "plugins": {
            "response-transformer": true, 
            "correlation-id": true, 
            "statsd": true, 
            "jwt": true, 
            "cors": true, 
            "basic-auth": true, 
            "key-auth": true, 
            "ldap-auth": true, 
            "request-termination": true, 
            "http-log": true, 
            "rate-limiting": true, 
            "hmac-auth": true, 
            "runscope": true, 
            "datadog": true, 
            "tcp-log": true, 
            "aws-lambda": true, 
            "response-ratelimiting": true, 
            "bot-detection": true, 
            "request-size-limiting": true, 
            "syslog": true, 
            "galileo": true, 
            "loggly": true, 
            "udp-log": true, 
            "file-log": true, 
            "request-transformer": true, 
            "acl": true, 
            "ip-restriction": true, 
            "oauth2": true
        }, 
        "client_body_buffer_size": "8k", 
        "nginx_admin_acc_logs": "/usr/local/kong/logs/admin_access.log", 
        "admin_ssl_cert_default": "/usr/local/kong/ssl/admin-kong-default.crt", 
        "db_update_frequency": 5, 
        "cassandra_keyspace": "kong", 
        "ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt", 
        "ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key", 
        "lua_package_path": "./?.lua;./?/init.lua;"
    }, 
    "lua_version": "LuaJIT 2.1.0-beta2", 
    "prng_seeds": {
        "pid: 15093": 961939718379
    }, 
    "timers": {
        "pending": 5, 
        "running": 0
    }, 
    "hostname": "tree81"
}
获取kong状态
GET http://192.168.0.181:8001/status
{
    "database": {
        "reachable": true #数据库的连接状态
    },
    "server": {
        "connections_writing": 1, #正在响应的请求数
        "total_requests": 8,  #总请求数
        "connections_handled": 7, #处理连接总数
        "connections_accepted": 7, #客户端连接总数
        "connections_reading": 0, #正在读取请求头的连接数
        "connections_active": 1, #活动连接数,含等待
        "connections_waiting": 0 #正在等待请求的连接数
    }
}

© 著作权归作者所有

Tree

Tree

粉丝 15
博文 23
码字总数 20448
作品 0
黄浦
技术主管
私信 提问
【微服务】网关Kong整合SpringBoot和Consul设计

前面的博客已经整理了SpringBoot整合Consul以及Kong的相关文章。这次讲讲对于这套微服务架构如何实施我的理解。 先上图,整体架构图如下: 模块说明: Client: 外部访问应用 Api-GateWay-Cl...

Tree
2018/01/11
3.5K
3
【微服务】之七:轻松搞定SpringCloud微服务-API权限控制

【微服务】之七:轻松搞定SpringCloud微服务-API权限控制 Harries Blog™2017-12-210 阅读 httpSpringAppcatbeanAPIhttps 【微服务】轻松搞定SpringCloud微服务 目录 本系列为连载 文章 ,阅...

Harries Blog™
2017/12/21
0
0
云原生架构下的 API 网关实践: Kong (二)

Kong 是 Mashape 开源的一款云原生架构下的分布式 API 网关,其性能和可扩展性在同类组件中,表现都很优异。Kong 官方提供了很多直接可用的插件,此外,Kong 还可以通过插件扩展已有功能。 ...

aoho
08/26
0
0
kong api 网关访问异常

刚开始接触kong网关,在本地环境中部署kong网关,可能正常添加接口,但是测试访问接口是出现异常. 运行环境 mac kong 版本:0.12.1 /etc/kong/kong.conf文件 kong start 启动后 生成的.kong_evn...

天马行空&
2018/01/24
1K
0
云原生架构下的 API 网关实践:Kong (一)

API 网关选型 业界有很多流行的 API 网关,开源的有 Nginx、Netflix Zuul、Kong 等。当然 Kong 还有商业版,类似的商业版网关还有 GoKu API Gateway 和 Tyk 等。 GoKu API Gateway 是由国内公...

aoho
07/24
0
0

没有更多内容

加载失败,请刷新页面

加载更多

基于CentOS7搭建GitLab

基于CentOS7搭建GitLab 12018.11.02 16:38:51字数 959阅读 3791 本文作者:蓝雄威,叩丁狼高级讲师。原创文章,转载请注明出处。 一、简介 Git Lab GitLab是利用 Ruby on Rails 一个开源的版...

linjin200
7分钟前
2
0
random生成随机数

随机生成0到100之间的10个随机数,然后使用冒泡排序将这10个数按从小到大的顺序排序 生成10个随机数 import randomnum = range(0, 100) # 范围在0到100之间,需要用到range()函数。nums...

彩色泡泡糖
10分钟前
1
0
kubernetes 环境搭建 —— kubeadm

主从节点需要安装的服务 Master 节点 Node 节点 etcd-master Control plane(如:calico,fannel) kube-apiserver kube-proxy kube-controller-manager other apps kube-dns Control plane(如:......

lemos
13分钟前
1
0
php将字符串中的中英文数字分割

$str = "php如何将字 符串中322的字母数字Asf f45d和中文_分割?"; $arr = preg_split("/([a-zA-Z0-9]+)/", $str, 0, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); print_r($arr); Arr......

小小小壮
13分钟前
1
0
茑屋书店理解(一)

说到实体书店,你可能会想到两个字“难做”。一是电子书大为盛行,二是纸书作为标准品,完全可以在网上购买,因此国内许多实体书店的日子是举步维艰。但是在日本有这么一家实体书店,目前已经...

Idea
17分钟前
1
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部