Shulou(Shulou.com)06/02 Report--

Kong is an API gateway that forwards API traffic between clients and (micro) services, extending functionality through plug-ins.

Conceptual terminology

Upstream: an abstraction of upstream servers

Target: represents a physical service and is an abstraction of ip + port

Service: an abstract service that can be mapped directly to a physical service (host points to ip + port) or to a upstream to achieve load balancing

Route: is the abstraction of routing, which is responsible for mapping the actual request to service.

By default, the port on which KONG listens is:

8000: this port is used by KONG to listen for incoming HTTP requests from the client and forward the request to the server on board.

8443: this port is used by KONG to listen for incoming HTTP requests from the client. It is similar to the function of port 8000, but it is only used to listen for HTTP requests and has no forwarding function. You can disable it by modifying the configuration file

8001: Admin API, through this port, managers can configure the listening service of KONG

8444: through this port, managers can monitor HTTP requests.

Environmental deployment

1. Install docker

Export REGISTRY_MIRROR= https://registry.cn-hangzhou.aliyuncs.comyum install-y yum-utils device-mapper-persistent-data lvm2yum-config-manager-- add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repoyum repolistyum remove-y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engineyum install-y docker-ce-18.09.7 docker-ce-cli-18. 09.7 containerd.iosystemctl start docker & & systemctl status docker & & systemctl daemon-reload

two。 Disable the firewall

Systemctl disable firewalld & systemctl stop firewalld & & systemctl status firewalldsetenforce 0 & & sed-I "s/SELINUX=enforcing/SELINUX=disabled/g" / etc/selinux/config

3. Disable switching zones and set route forwarding

Swapoff-a & & yes | cp / etc/fstab / etc/fstab_bakcat / etc/fstab_bak | grep-v swap > / etc/fstabcat / etc/fstabsudo vi / etc/sysctl.confnet.ipv4.ip_forward = 1net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1

Installation

1. Create a docker network

Docker network create kong-net

two。 Run prostgres 9.6 database mirroring

Docker run-d-- name kong-database\-- network=kong-net\-p 5432pur5432\-e "POSTGRES_USER=kong"\-e "POSTGRES_DB=kong"\ postgres:9.6

3. Database preparation, initializing Kong data

Docker run-- rm\-- network=kong-net\-e "KONG_DATABASE=postgres"\-e "KONG_PG_HOST=kong-database"\ kong:0.14.1 kong migrations up

4. Start kong

Docker run-d-name kong\-network=kong-net\-e "KONG_DATABASE=postgres"\-e "KONG_PG_HOST=kong-database"\-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database"\-e "KONG_PROXY_ACCESS_LOG=/dev/stdout"\-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout"\-e "KONG_PROXY_ERROR_LOG=/dev/stderr"\-e "KONG_ADMIN_ERROR_LOG=/dev/stderr"\ -e "KONG_ADMIN_LISTEN=0.0.0.0:8001 0.0.0.0 8444 ssl "\-p 8000V 8000\-p 8443 V 8443\-p 8001 V 8001\-p 8444V 8444\ kong:0.14.1

5. Create and run a Kong dashboard container

Docker run-d\-- network=kong-net\-- link kong:kong-p 8008 network=kong-net 8080 pgbi/kong-dashboard start\-- kong-url http://kong:8001\-- basic-auth kong=kong

Then visit http://, your IP:8008.

Login account is kong and password is kong

1. Add a service named example-service for http://mockbin.org

Using Admin API to add services, issue the following cURL request to add your first service (pointing to Mockbin API) to Kong:

Curl-I-X POST\-- url http://localhost:8001/services/\-- data 'name=example-service'-- data' url= http://mockbin.org'

two。 Add a route to the service created above

Curl-I-X POST\-- url http://localhost:8001/services/example-service/routes\-- data 'hosts [] = example.com'

Check the "strip_path" option and click "updata"

3. Running the following command will return the information of http://mockbin.org

Curl-I-X GET-- url http://localhost:8000/-- header 'Host: example.com'

Add Certification

1. Configure the key authentication plug-in

Curl-I-X POST\-- url http://localhost:8001/services/example-service/plugins/\-- data 'name=key-auth'

Note: this plug-in also accepts a config.key_names parameter, which defaults to ['apikey']. It is a list of apikey headers and parameter names (both supported) that should be included during the request

two。 Confirm that the plug-in is configured correctly

Curl-I-X GET-- url http://localhost:8000/-- header 'Host: example.com'

Since you did not specify the required apikey title or parameter, the response should be 401 Unauthorized

Increase consumers

Curl-I-X POST\-url http://localhost:8001/consumers/\-data "username=Jason"

Add a key for the user above. The "ENTER_KEY_HERE" in the following command needs to be replaced with the key you want to set.

Curl-I-X POST\-- url http://localhost:8001/consumers/Jason/key-auth/\-- data 'key=ENTER_KEY_HERE'

After adding the key information to the request in step 3, you can access it normally. The command is as follows:

Curl-I-X GET\-url http://localhost:8000\-header "Host: example.com"\-header "apikey: ENTER_KEY_HERE"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.