Kong系列文章

1、微服务网关Kong - 简介

2、微服务网关Kong - 安装

3、微服务网关Konga - 安装

4、微服务网关Kong - 代理

5、微服务网关Kong - 身份验证

6、微服务网关Kong - 安全

7、微服务网关Kong - 流量控制

本地部署

1、配置YUM仓库

sudo yum install -y wget
wget https://bintray.com/kong/kong-rpm/rpm -O bintray-kong-kong-rpm.repo
export major_version=`grep -oE '[0-9]+\.[0-9]+' /etc/redhat-release | cut -d "." -f1`
sed -i -e 's/baseurl.*/&\/centos\/'$major_version''/ bintray-kong-kong-rpm.repo
sudo mv bintray-kong-kong-rpm.repo /etc/yum.repos.d/
sudo yum install -y kong

2、安装Postgresql

yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install -y postgresql11 postgresql11-server
/usr/pgsql-11/bin/postgresql-11-setup initdb
systemctl enable postgresql-11
systemctl start postgresql-11
# 登录psql
sudo su postgres
psql

# 设置密码
postgres=# \password
Enter new password: 
Enter it again: 
postgres=# 
​
# 创建数据库
CREATE USER kong with password 'kong';
CREATE DATABASE kong OWNER kong; 
grant all privileges on database kong to kong;

# 修改安全配置
vim /var/lib/pgsql/11/data/pg_hba.conf
# 修改最下面几行
# "local" is for Unix domain socket connections only
local   all             all                                     md5
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     md5
host    replication     all             127.0.0.1/32            ident
host    replication     all             ::1/128                 ident

#重启Postgresql
systemctl restart postgresql-11

3、配置kong

# 这里需要提前配置kong配置文件，默认/etc/kong/kong.conf.default

cp /etc/kong/kong.conf.default /etc/kong/kong.conf
​
# 修改里面的数据库配置，写入用户、密码、数据库、端口等信息
vim /etc/kong/kong.conf
​
[root@master /]# egrep -v "^#|^$|^[[:space:]]+#" /etc/kong/kong.conf
database = postgres             # Determines which of PostgreSQL or Cassandra
pg_host = 127.0.0.1             # Host of the Postgres server.
pg_port = 5432                  # Port of the Postgres server.
pg_timeout = 5000               # Defines the timeout (in ms), for connecting,
pg_user = kong                  # Postgres user.
pg_password = kong                # Postgres user's password.
pg_database = kong              # The database name to connect to.

4、执行Migration

[root@master ~]# kong migrations bootstrap -c /etc/kong/kong.conf
Bootstrapping database...
migrating core on database 'kong'...
core migrated up to: 000_base (executed)
core migrated up to: 001_14_to_15 (executed)
core migrated up to: 002_15_to_1 (executed)
core migrated up to: 003_100_to_110 (executed)
core migrated up to: 004_110_to_120 (executed)
core migrated up to: 005_120_to_130 (executed)
core migrated up to: 006_130_to_140 (executed)
core migrated up to: 007_140_to_200 (executed)
migrating hmac-auth on database 'kong'...
hmac-auth migrated up to: 000_base_hmac_auth (executed)
hmac-auth migrated up to: 001_14_to_15 (executed)
hmac-auth migrated up to: 002_130_to_140 (executed)
migrating oauth2 on database 'kong'...
oauth2 migrated up to: 000_base_oauth2 (executed)
oauth2 migrated up to: 001_14_to_15 (executed)
oauth2 migrated up to: 002_15_to_10 (executed)
oauth2 migrated up to: 003_130_to_140 (executed)
migrating jwt on database 'kong'...
jwt migrated up to: 000_base_jwt (executed)
jwt migrated up to: 001_14_to_15 (executed)
jwt migrated up to: 002_130_to_140 (executed)
migrating basic-auth on database 'kong'...
basic-auth migrated up to: 000_base_basic_auth (executed)
basic-auth migrated up to: 001_14_to_15 (executed)
basic-auth migrated up to: 002_130_to_140 (executed)
migrating key-auth on database 'kong'...
key-auth migrated up to: 000_base_key_auth (executed)
key-auth migrated up to: 001_14_to_15 (executed)
key-auth migrated up to: 002_130_to_140 (executed)
migrating acl on database 'kong'...
acl migrated up to: 000_base_acl (executed)
acl migrated up to: 001_14_to_15 (executed)
acl migrated up to: 002_130_to_140 (executed)
migrating session on database 'kong'...
session migrated up to: 000_base_session (executed)
migrating response-ratelimiting on database 'kong'...
response-ratelimiting migrated up to: 000_base_response_rate_limiting (executed)
response-ratelimiting migrated up to: 001_14_to_15 (executed)
response-ratelimiting migrated up to: 002_15_to_10 (executed)
migrating rate-limiting on database 'kong'...
rate-limiting migrated up to: 000_base_rate_limiting (executed)
rate-limiting migrated up to: 001_14_to_15 (executed)
rate-limiting migrated up to: 002_15_to_10 (executed)
rate-limiting migrated up to: 003_10_to_112 (executed)
35 migrations processed
35 executed
Database is up-to-date

5、启动

修改配置文件kong.conf

vim /etc/kong/kong.conf​
database=off
[root@master ~]# kong start -c /etc/kong/kong.conf
Kong started
[root@master ~]# kong health
nginx.......running
​
Kong is healthy at /usr/local/kong

6、测试使用

创建一个Service

如我们在术语部分的介绍，服务是上游服务的抽象，可以是一个应用，或者具体某个接口。Kong 提供了管理接口，我们可以通过请求 8001 管理接口直接创建，也可以通过安装的管理界面，实现的效果是一样的。

curl -i -X POST \

--url http://139.196.189.67:8001/services/ \ --data 'name=baidu-service' \ --data 'url=https://www.baidu.com/'

创建一个routes

创建好服务之后，我们需要创建具体的 API 路由。路由是请求的转发规则，根据 Hostname 和 PATH，将请求转发。

curl -ik -X POST \

--url http://139.196.189.67:8001/services/baidu-service/routes \ --data 'hosts[]=baidu.com' \ --data 'paths[]=/api/baidu'

访问测试

curl -k http://139.196.189.67:8000/api/baidu --header 'Host: baidu.com'

容器部署

1、部署postgresql

1.1 创建网络

docker network create kong-net

1.2 创建数据卷

docker volume create pgsql docker volume create kong konga

1.3 部署postgres:

docker run -d --name kong-database \ 
--network=kong-net \ 
-p 54432:5432 \ 
-e "POSTGRES_PASSWORD=pgsql" \ 
-v /$your_path/pgsql/data:/var/lib/postgresql/data \ 
-v /$your_path/pgsql/etc:/etc/postgresql \
postgres:9.6 

1.4 添加数据库信息

docker exec -it kong-database bash 
> su postgres 
> psql -h localhost --password 
# 输入密码
# 通过一下语句创建账户和数据库
CREATE USER kong password 'kong'; 
CREATE DATABASE kong OWNER kong; 
grant all privileges on database kong to kong;   

CREATE USER konga password 'konga'; 
CREATE DATABASE konga OWNER konga; 
grant all privileges on database konga to konga;

2、部署kong

2.1 准备数据

docker run --rm \ 
--network=kong-net \ 
-e "KONG_DATABASE=postgres" \ 
-e "KONG_PG_HOST=kong-database" \ 
-e "KONG_PG_USER=kong" \ 
-e "KONG_PG_PASSWORD=kong" \ 
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \ 
kong:latest kong migrations bootstrap

2.2 启动kong

docker run -d --name kong \ 
--network=kong-net \ 
-e "KONG_DATABASE=postgres" \ 
-e "KONG_PG_HOST=kong-database" \ 
-e "KONG_PG_USER=kong" \ 
-e "KONG_PG_PASSWORD=kong" \ 
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \ 
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ 
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ 
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \ 
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \ 
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \ 
-p 8000:8000 \ 
-p 8443:8443 \ 
-p 8001:8001 \
-p 8444:8444 \ 
kong:latest

参考文档

https://hub.docker.com/_/kong

https://hub.docker.com/_/postgres

https://hub.docker.com/r/pantsel/konga