碼上歡樂
相關內容    簡體    繁體

kong服務網關API

本文轉載自   查看原文   2020-02-26 21:39   453    kong

kong服務網關API

pingforever
0.1762017.05.23 11:16:08字數 834閱讀 7,367

kong簡介

Kong 是在客戶端和(微)服務間轉發API通信的API網關,通過插件擴展功能。Kong 有兩個主要組件:
Kong Server :基於 openresty 的服務器,用來接收 API 請求。

Apache Cassandra或者PG :用來存儲操作數據。

你可以通過增加更多 Kong Server 機器對 Kong 服務進行水平擴展,通過前置的負載均衡器向這些機器分發請求。根據文檔描述,兩個Cassandra節點就足以支撐絕大多數情況,但如果網絡非常擁擠,可以考慮適當增加更多節點。
對於開源社區來說,Kong 中最誘人的一個特性是可以通過插件擴展已有功能,這些插件在 API 請求響應循環的生命周期中被執行。插件使用 Lua 編寫,而且 Kong 還有如下幾個基礎功能:HTTP 基本認證、密鑰認證、CORS( Cross-origin Resource Sharing,跨域資源共享)、TCP、UDP、文件日志、API 請求限流、請求轉發以及 nginx 監控。
Kong包可運行在某些 Linux 發行版、Mac OS X 和 Docker 中,無論是本地機還是雲端服務器皆可運行。
除了免費的開源版本,Mashape 還提供了付費的企業版,其中包括技術支持、使用培訓服務以及 API 分析插件。

 
Paste_Image.png

kong安裝

官網提供了多種安裝方式https://getkong.org/install/,采用yum或者docker安裝較為方便。docker安裝需要先安裝數據庫,本文使用PG數據庫。

安裝過程

因為現場網絡不通在家里測試環境安裝好save下,在現場load使用即可。使用了export和import裝載是報錯,因為安裝時也沒有進行其他配置,索性使用save進行拷貝。

docker save -o kong-database-postgres-docker-9.4.tar.gz docker.io/postgres
docker save -o kong.tar.gz docker.io/kong

docker load -i kong-database-postgres-docker-9.4.tar.gz
docker load -i kong.tar.gz

1. 安裝kong

[slview@DEMO:~]$ docker search  kong
INDEX       NAME                                DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
docker.io   docker.io/kong                      Open-source Microservice & API Management ...   73        [OK]       
docker.io   docker.io/pgbi/kong-dashboard       Web UI for managing your Kong setup.            14                   [OK]
docker.io   docker.io/pantsel/konga             More than just another GUI to KONG Admin API.   3                    [OK]
docker.io   docker.io/articulate/kong-wait      Waits for Cassandra to be connectable befo...   1                    [OK]
docker.io   docker.io/galacticfog/kong          A fork mashape/kong, with a bias towards p...   1                    [OK]
docker.io   docker.io/littlebaydigital/kong     Extension of official docker kong image wi...   1                    [OK]
docker.io   docker.io/mesoshq/kong              Run Kong clusters on Mesos/Marathon!            1                    [OK]
docker.io   docker.io/wmzhong/docker-kong       For adding solutions for clustering...          1                    [OK]
docker.io   docker.io/anduin/kong               kong                                            0                    [OK]
docker.io   docker.io/articulate/kong-monit     Adds monit to the base kong image.              0                    [OK]
docker.io   docker.io/bakstad/kong              Extension of the official Docker image for...   0                    [OK]
docker.io   docker.io/cknowles/kong             Fork of official repo to ensure logs work ...   0                    [OK]
docker.io   docker.io/dasudian/kong             Build kong docker image.                        0                    [OK]
docker.io   docker.io/derdiedasjojo/kong        kong with piwik-log plugin                      0                    [OK]
docker.io   docker.io/derdiedasjojo/kong-conf   create an api in kong by making an api-call     0                    [OK]
docker.io   docker.io/koudaiii/kong             docker-kong                                     0                    [OK]
docker.io   docker.io/misfit/kong               Kong in Docker                                  0                    [OK]
docker.io   docker.io/mrsaints/kong-aws         An extension of Kong with a plugin that ca...   0                    [OK]
docker.io   docker.io/mrsaints/kong-dev         A test / development sandbox for Kong, a s...   0                    [OK]
docker.io   docker.io/sikmi/nendo-docker-kong   nendo kong                                      0                    [OK]
docker.io   docker.io/sneck/kong                Kong(Open-Source API Management and Micros...   0                    [OK]
docker.io   docker.io/supermp/kong              Kong                                            0                    [OK]
docker.io   docker.io/vikingco/kong             Microservice & API Management Layer (https...   0                    [OK]
docker.io   docker.io/vikingco/kong-admin       Standalone Kong Admin Service                   0                    [OK]
docker.io   docker.io/zymbit/kong               Mashape Kong                                    0                    [OK]
[slview@DEMO:~]$ 
[slview@DEMO:~]$ 
[slview@DEMO:~]$ 
[slview@DEMO:~]$ 
[slview@DEMO:~]$ docker pull  kong:0.10
Trying to pull repository 192.168.5.249:5000/kong ... 
Pulling repository 192.168.5.249:5000/kong
Trying to pull repository docker.io/library/kong ... 
sha256:ff6dd0495f1a5b312bff9fd42f6aee6437200a337e190eb0ddc8e5ca83482995: Pulling from docker.io/library/kong
343b09361036: Pull complete 
eb953d76e90b: Pull complete 
ebdf6ecbe509: Pull complete 
24f20231ced9: Pull complete 
Digest: sha256:ff6dd0495f1a5b312bff9fd42f6aee6437200a337e190eb0ddc8e5ca83482995
Status: Downloaded newer image for docker.io/kong:0.10

2. 安裝PG

[slview@DEMO:~]$ docker search postgres
INDEX       NAME                                DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
docker.io   docker.io/postgres                  The PostgreSQL object-relational database ...   3552      [OK]       
docker.io   docker.io/kiasaki/alpine-postgres   PostgreSQL docker image based on Alpine Linux   30                   [OK]
docker.io   docker.io/abevoelker/postgres       Postgres 9.3 + WAL-E + PL/V8 and PL/Python...   10                   [OK]
docker.io   docker.io/macadmins/postgres        Postgres that accepts remote connections b...   8                    [OK]
docker.io   docker.io/jamesbrink/postgres       Highly configurable PostgreSQL container.       5                    [OK]
docker.io   docker.io/eeacms/postgres           Docker image for PostgreSQL (RelStorage re...   4                    [OK]
docker.io   docker.io/blacklabelops/postgres    Postgres Image for Atlassian Applications       3                    [OK]
docker.io   docker.io/azukiapp/postgres         Docker image to run PostgreSQL by Azuki - ...   2                    [OK]
docker.io   docker.io/clkao/postgres-plv8       Docker image for running PLV8 1.4 on Postg...   2                    [OK]
docker.io   docker.io/publysher/postgres-s3     A Docker-based solution for Postgres backu...   2                    [OK]
docker.io   docker.io/2020ip/postgres           Docker image for PostgreSQL with PLV8           1                    [OK]
docker.io   docker.io/eccube/postgres           Docker image for PostgreSQL extended local...   1                    [OK]
docker.io   docker.io/steenzout/postgres        Steenzout's docker image packaging for Pos...   1                    [OK]
docker.io   docker.io/1maa/postgres             PostgreSQL base image                           0                    [OK]
docker.io   docker.io/beorc/postgres            Ubuntu-based PostgreSQL server                  0                    [OK]
docker.io   docker.io/camptocamp/postgres       Docker image for PostgreSQL including some...   0                    [OK]
docker.io   docker.io/coreroller/postgres       official postgres:9.4 image but it adds 2 ...   0                    [OK]
docker.io   docker.io/debezium/postgres         PostgreSQL for use with Debezium change da...   0                    [OK]
docker.io   docker.io/examus/postgres           Postgres with change password                   0                    [OK]
docker.io   docker.io/kobotoolbox/postgres      Postgres image for KoBo Toolbox.                0                    [OK]
docker.io   docker.io/opencog/postgres          This is a configured postgres database for...   0                    [OK]
docker.io   docker.io/studionone/postgres       Postgres Docker image with postgres uuid-o...   0                    [OK]
docker.io   docker.io/timbira/postgres          Postgres  containers                            0                    [OK]
docker.io   docker.io/travix/postgres           A container to run the PostgreSQL database.     0                    [OK]
docker.io   docker.io/vrtsystems/postgres       PostgreSQL image with added init hooks, bu...   0                    [OK]
[slview@DEMO:~]$ 
[slview@DEMO:~]$ 
[slview@DEMO:~]$ 
[slview@DEMO:~]$ docker pull  postgres:9.4
Trying to pull repository 192.168.5.249:5000/postgres ... 
Pulling repository 192.168.5.249:5000/postgres
Trying to pull repository docker.io/library/postgres ... 
sha256:8988064772fc8a39f0be47f7f2557788559221b27a51cbba595f23868edbc426: Pulling from docker.io/library/postgres
10a267c67f42: Pull complete 
e9a920522e33: Pull complete 
6888e696bd71: Pull complete 
798096eed143: Pull complete 
fb58419959b5: Pull complete 
97f9ec09cb68: Pull complete 
94972b6e82a0: Pull complete 
a281bad165d7: Pull complete 
080dd452e4af: Pull complete 
e04973558177: Pull complete 
79155f9ed5e1: Pull complete 
010432309d6c: Pull complete 
d1d8761b1fae: Pull complete 
Digest: sha256:8988064772fc8a39f0be47f7f2557788559221b27a51cbba595f23868edbc426
Status: Downloaded newer image for docker.io/postgres:9.4

安裝后啟動

  • 啟動pg
docker run -d --name kong-database \
                -p 5432:5432 \
                -e "POSTGRES_USER=kong" \
                -e "POSTGRES_DB=kong" \
                postgres:9.4
  • 啟動kong
docker run -d --name kong \
    --link kong-database:kong-database \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
    -e "KONG_PG_HOST=kong-database" \
    -p 8000:8000 \
    -p 8443:8443 \
    -p 8001:8001 \
    -p 7946:7946 \
    -p 7946:7946/udp \
    kong:0.10

API

  1. 增加API
    strip_uri :When matching an API via one of the uris prefixes, strip that matching prefix from the upstream URI to be requested. Default: true. 默認會刪除uris前綴
curl -i -X POST --url http://127.0.0.1:8001/apis/ --data 'name=iot_user_app' --data 'upstream_url=http://127.0.0.1:16666/' --data 'uris=/getuserinfo,/getnatipmapinfo,/getimeibindinfo' --data 'strip_uri=false'
curl -i -X POST --url http://127.0.0.1:8001/apis/ --data 'name=iot_vpdn_app' --data 'upstream_url=http://127.0.0.1:16666/' --data 'uris=/getvpdnuserinfo,/getvpdnservinfo' --data 'strip_uri=false'
  1. 刪除API
curl -i -X DELETE http://127.0.0.1:8001/apis/iot_user_app
  1. 查詢API http://127.0.0.1:8001/apis/
{ data: [ { uris: [ "/getuserinfo", "/getnatipmapinfo", "/getimeibindinfo" ], id: "65dd8d1a-aea5-449d-a1d4-e705a4c88d1c", upstream_read_timeout: 60000, preserve_host: false, created_at: 1495682904000, upstream_connect_timeout: 60000, upstream_url: "http://127.0.0.1:20000/", strip_uri: false, https_only: false, name: "iot_user_app", http_if_terminated: true, upstream_send_timeout: 60000, retries: 5 }, { uris: [ "/getvpdnuserinfo", "/getvpdnservinfo" ], id: "146df495-455d-48dd-a051-eaefacbd7b1e", upstream_read_timeout: 60000, preserve_host: false, created_at: 1495682920000, upstream_connect_timeout: 60000, upstream_url: "http://127.0.0.1:16666/", strip_uri: false, https_only: false, name: "iot_vpdn_app", http_if_terminated: true, upstream_send_timeout: 60000, retries: 5 } ], total: 2 }
  1. 訪問
-bash-4.4$ curl http://127.0.0.1:8000/getuserinfo?Type=hss\&IMSI=46003xxxxx\&REVLP=1 { "86xxxxxxx": { "CDMA_IMSI": "46003xxxxxxxxxx", "ISDN": "86xxxxxxxxx", "LTE_IMSI": "46011xxxxxxx", "TYPE": "2/3/4G" } }

插件

kong提供了很多插件,一般使用的是授權和流量控制。

{ enabled_plugins: [ "syslog", "ldap-auth", "rate-limiting", "correlation-id", "jwt", "request-termination", "runscope", "request-transformer", "http-log", "loggly", "response-transformer", "basic-auth", "tcp-log", "hmac-auth", "oauth2", "acl", "bot-detection", "udp-log", "cors", "file-log", "ip-restriction", "datadog", "request-size-limiting", "galileo", "aws-lambda", "statsd", "response-ratelimiting", "key-auth" ] } 
{ data: [ { api_id: "ff315a1a-d98d-4a62-aad9-7bc6bb063e22", id: "65146028-c231-4618-82d4-02f8cc2b6e57", created_at: 1495684427000, enabled: true, name: "ip-restriction", config: { whitelist: [ "59.43.53.0/24", "100.66.124.0/24", "100.66.44.0/24", "172.16.0.0/18" ] } }, { api_id: "ff315a1a-d98d-4a62-aad9-7bc6bb063e22", id: "2aa6b021-cf73-4651-9c07-a3d5c60b900f", created_at: 1495684482000, enabled: true, name: "rate-limiting", config: { fault_tolerant: true, limit_by: "consumer", policy: "cluster", redis_database: 0, second: 100, hour: 6000, redis_timeout: 2000, redis_port: 6379 } }, { api_id: "ff315a1a-d98d-4a62-aad9-7bc6bb063e22", id: "c53fa430-1b2a-47e8-a093-3c19a23bd87b", created_at: 1495684523000, enabled: true, name: "request-size-limiting", config: { allowed_payload_size: 128 } } ], total: 3 }
  • 安全插件
    通過設置安全插件可以控制IP白名單、黑名單以及ACL來控制訪問范圍,多個IP段使用逗號分隔:
curl -X POST http://127.0.0.1:8001/apis/iot_user_app/plugins  \
--data "name=ip-restriction"  \
--data "config.whitelist=59.43.53.0/24,100.66.124.0/24,100.66.44.0/24,172.16.0.0/18"
  • 訪問速率插件
    通過設置訪問速率插件可以訪問速率,防止訪問速率過大造成服務器壓力,目前支持每秒、每小時進行限制:
curl -X POST http://127.0.0.1:8001/apis/iot_user_app/plugins \
--data "name=rate-limiting" \
--data "config.second=1000" \
--data "config.hour=60000"
  • 訪問速率插件
    通過設置訪問速率插件可以訪問速率,防止訪問速率過大造成服務器壓力,目前支持每秒、每小時進行限制:
curl -X POST http://127.0.0.1:8001/apis/iot_user_app/plugins \
--data "name=rate-limiting" \
--data "config.second=1000" \
--data "config.hour=60000"
  • 訪問包大小控制
curl -X POST http://127.0.0.1:8001/apis/iot_user_app/plugins \
--data "name=request-size-limiting" \
--data "config.allowed_payload_size=128"

遺留問題

  1. kong可以做oauth2.0和jwt做鑒權。
  2. 未進行壓力測試,后面再探索吧。


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 使用Kong作為微服務網關 對微服務API服務網關的理解 API網關Kong系列(三)添加服務 API 網關 Kong 09-微服務網關(API網關)之GateWay API網關之Kong網關簡介 API網關--Kong的實踐 高性能微服務網關.NETCore客戶端Kong.Net開源發布 服務網關之SpringCloudGateway 微服務網關
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM