一、Kong安裝
1.創建網絡
sudo docker network create kong-net
2.創建數據庫(采用postgres)
sudo docker run -d --name kong-database \
--network=kong-net \
-p 5432:5432 \
-e "POSTGRES_USER=kong" \
-e "POSTGRES_DB=kong" \
-e "POSTGRES_PASSWORD=kong" \
postgres:9.6
3.數據庫管理工具(非必須)
sudo docker run -d -p 5433:80 --name pgadmin4 \
--network=kong-net \
-e PGADMIN_DEFAULT_EMAIL=admin@123.com \
-e PGADMIN_DEFAULT_PASSWORD=123456 \
dpage/pgadmin4
4.初始化Kong數據庫
sudo docker run --rm \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
kong:latest kong migrations bootstrap
5.創建Kong
sudo docker run -d --name kong \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 8444:8444 \
kong:latest
6.初始化Konga數據庫(推薦的Kong管理后台,實力允許可以進行二開!)
sudo docker run --rm --network=kong-net pantsel/konga -c prepare -a postgres -u postgresql://kong:kong@kong-database:5432/konga_db
7.創建Konga
sudo docker run -p 1337:1337 \
--network=kong-net \
-e "DB_ADAPTER=postgres" \
-e "DB_HOST=kong-database" \
-e "DB_USER=kong" \
-e "DB_PASSWORD=kong" \
-e "DB_DATABASE=konga_db" \
-e "KONGA_HOOK_TIMEOUT=120000" \
-e "NODE_ENV=production" \
--name konga \
pantsel/konga
8.萬事大吉
登錄http://localhost:1337進入Konga,配置 Kong's admin API的連接,然后激活此鏈接,炫酷的面板,大吉大利!!!
二、服務初體驗
1.添加服務
curl -i -X POST http://localhost:8001/services \
--data name=example_service \
--data url='http://mockbin.org'
http://mockbin.org ,點進入你就知道是干啥的了!以下驗證此服務
curl -i http://localhost:8001/services/example_service
2.添加路由
curl -i -X POST http://localhost:8001/services/example_service/routes \
--data 'paths[]=/mock' \
--data 'name=mocking'
以下驗證此服務
curl -i -X GET http://localhost:8000/mock
3.添加限流
curl -i -X POST http://localhost:8001/plugins \
--data "name=rate-limiting" \
--data "config.minute=5" \
--data "config.policy=local"
以下驗證此服務,每分鍾只能請求5次
curl -i -X GET http://localhost:8000/mock/request
超過5次,
{
"message":"API rate limit exceeded"
}
如下圖
4.代理緩存
curl -i -X POST http://localhost:8001/plugins \
--data name=proxy-cache \
--data config.content_type="application/json" \
--data config.cache_ttl=30 \
--data config.strategy=memory
注意抓取請求頭的變化(與教程有點出入,不太好使!)
curl -i -X GET http://localhost:8000/mock/request
刪除緩存
curl -i -X DELETE http://localhost:8001/proxy-cache
5.身份驗證
curl -X POST http://localhost:8001/routes/mocking/plugins \
--data name=key-auth
再次訪問服務,HTTP/1.1 401 Unauthorized
設置使用者
curl -i -X POST -d "username=consumer&custom_id=consumer" http://localhost:8001/consumers/
創建憑據,對於此示例,將密鑰設置為apikey。如果未輸入任何密鑰,則Kong將自動生成密鑰。
curl -i -X POST http://localhost:8001/consumers/consumer/key-auth -d 'key=apikey'
返回結果如下:
{
"created_at": 1611110699,
"id": "6695bd72-16e6-490d-b983-c141c39b5da8",
"tags": null,
"ttl": null,
"key": "apikey",
"consumer": {
"id": "cbdec9e6-70aa-4166-9289-e1fe5737ab6e"
}
}
再次訪問服務,返回正常
curl -i http://localhost:8000/mock/request -H 'apikey:apikey'
6.禁用插件(可選)
curl -X GET http://localhost:8001/routes/mocking/plugins/
以下是返回的數據
{
"next": null,
"data": [{
"created_at": 1611109944,
"id": "e488b6e6-6183-499c-b430-0aa676245ee5",
"tags": null,
"enabled": true,
"protocols": ["grpc", "grpcs", "http", "https"],
"name": "key-auth",
"consumer": null,
"service": null,
"route": {
"id": "ed6baf5a-5d32-4550-91d8-661fc3539e44"
},
"config": {
"key_in_query": true,
"key_names": ["apikey"],
"key_in_header": true,
"run_on_preflight": true,
"anonymous": null,
"hide_credentials": false,
"key_in_body": false
}
}]
}
禁用此插件
curl -X PATCH http://localhost:8001/routes/mocking/plugins/e488b6e6-6183-499c-b430-0aa676245ee5 \
--data "enabled=false"
7.負載均衡
配置上游服務
curl -X POST http://localhost:8001/upstreams \
--data name=upstream
以前配置的服務指向上游
curl -X PATCH http://localhost:8001/services/example_service \
--data host='upstream'
向上游添加目標,此處玩脫了容器卡住多次也不能添加成功
curl -X POST http://localhost:8001/upstreams/upstream/targets \
--data target='mockbin.org:80'
curl -X POST http://localhost:8001/upstreams/upstream/targets \
--data target='httpbin.org:80'
瀏覽器中訪問 http://localhost:8000/mock 進行驗證