Shulou(Shulou.com)06/02 Report--

An overview

Kong is a clould-native, fast, extensible, distributed micro-service abstraction layer (also known as API gateway, API middleware or, in some cases, service grid) framework. More specifically, Kong is a Lua application that runs in Nginx and can be implemented through the lua-nginx module. Instead of compiling Nginx with this module, Kong is released with OpenResty, which already includes lua-nginx-module. OpenResty is not a branch of Nginx, but a set of modules that extend its functionality.

This lays the foundation for a pluggable architecture that enables and executes Lua scripts (called "plug-ins") at run time. Therefore, we think of Kong as a model of micro-service architecture: its core is to implement database abstraction, routing and plug-in management. Plug-ins can exist in a separate code base and can be injected anywhere in the request life cycle in several lines of code. Kong was launched in 2015 as an open source project, and its core values are high performance and scalability.

Kong is widely used in production environments ranging from startups to 5000 companies around the world and government organizations.

If you build Web, mobile, or IoT (Internet of things) applications, you may eventually need to use common features to implement these applications. Kong acts as a gateway (or side car) for micro-service requests, providing load balancing, logging, authentication, rate limiting, conversion and other capabilities through plug-ins.

The creation of multiple routes,routes in a service is equivalent to the front-end configuration, which can hide the real interface address of the business. The service specifies the real forwarding interface address of the backend, and performs authentication / authentication / log / analysis / monitoring and other controls on the kong.

Feature Cloud Native (Cloud-Native): Kong can run on Kubernetes or physical environment; dynamic load balancing (Dynamic Load Balancing): load balancing business across multiple upstream services. Hash-based load balancing (Hash-based Load Balancing): consistent hash / sticky session load balancing. Circuit breaker (Circuit-Breaker): intelligent tracking of unhealthy upstream services. Health check (Health Checks): actively and passively monitor your upstream services. Service Discovery (Service Discovery): resolves SRV records of third-party DNS parsers such as Consul. Serverless (Serverless): calls and secures AWS or OpenWhisk functions directly from Kong. WebSockets: communicates with upstream services through WebSockets. OAuth3.0: easily add OAuth3.0 authentication to API. Logging: records requests or corresponding logs through HTTP, TCP, UDP, and stores them on disk. Security (Security): ACL,Bot detection, IPs whitelist / blacklist, etc. System log (Syslog): records information to the system log. SSL: set a specific SSL certificate for the basic service or API. Monitoring: the ability to monitor key loads and performance indicators in real time. Forwarding agent (Forward Proxy): connects the port to a transparent HTTP proxy in the middle. Authentications: supports HMAC,JWT and BASIC authentication and so on. Rate limit (Rate-limiting): blocking and throttling requests based on multiple variables. Transformations: add, delete, or manipulate HTTP requests and responses. Caching (Caching): caching and service responses at the proxy layer. Command line tool (CLI): the cluster of Kong can be controlled from the command line. REST API: you can manipulate Kong flexibly through REST API. GEO replication: in different regions, the configuration is always up to date. Fault detection and recovery (Failure Detection & Recovery): if the Cassandra node fails, the Kong will not be affected. Clustering: all Kong nodes automatically join the cluster and update the configuration on each node. Scalability: horizontal scaling is achieved by adding nodes. Performance (Performance): the load can be easily handled by scaling and using Nigix,Kong. Plug-ins (Plugins): plug-in-based extensible architecture that can easily add functionality to Kong and API. Three dependent components

Kong is deployed on top of reliable technologies such as Nginx and Apache Cassandra or PostgreSQL, and provides easy-to-use RESTful API to operate and configure the system. The following is the technical logic diagram of Kong. Based on these technologies, Kong provides related feature support:

Nginx's proven high-performance foundation; HTTP and reverse proxy servers; handles low-level operations. 3.2 OpenRestry supports Lua scripts; intercepts request / response lifecycles; and extends based on Nginx. Clustering&Datastore supports Cassandra or PostgreSQL databases, memory-level caching, and horizontal scaling. 3.4 Plugins uses Lua to create plug-ins; powerful customization capabilities; and integration with third-party services. Restful Administration API supports plug-in-based extensibility of CI/CD&DevOps; through Restful API Management Kong;. Four architecture diagrams

5 deployment 5.1 physical server deployment 5.1.1 configure yum source sudo yum update-ysudo yum install-y wgetwget https://bintray.com/kong/kong-rpm/rpm-O bintray-kong-kong-rpm.repoexport major_version= `grep-oE'[0-9] +\. [0-9] +'/ etc/redhat-release | cut-d "."-f1`se d-I-e's Universe baseurl.Universe &\ / centos\ /'$major_version'' / bintray-kong-kong-rpm.reposudo mv bintray-kong-kong-rpm.repo / etc/yum.repos.d/sudo yum update-ysudo yum install-y kong5.1.2 database installation

Kong supports PostgreSQL v9.5 + and Cassandra 3.x.x as data stores.

Follow the documentation to install PostgreSQL v11: https://www.postgresql.org/download/linux/redhat/

# install PostgreSQL v11yum install-y https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpmyum install-y postgresql11 postgresql11-server# Boot / usr/pgsql-11/bin/postgresql-11-setup initdbsystemctl enable postgresql-11systemctl start postgresql-11# login psqlsudo su postgrespsql# to create a database. Officially, there is no password. Here I use the password # CREATE USER kong;CREATE DATABASE kong OWNER kong;CREATE USER kong with password 'kong' CREATE DATABASE kong OWNER kong; grant all privileges on database kong to kong;# may report connection error # psql: fatal error: failed peer authentication to user "kong" sudo find /-name pg_hba.conf/var/lib/pgsql/11/data/pg_hba.conf# modify security configuration vim / var/lib/pgsql/11/data/pg_hba.conf# METHOD specifies how to handle client authentication. Ident,md5,password,trust,reject# ident is the default local authentication method for PostgreSQL under Linux. Operating system users who can log on to the server correctly (note: not database users) can use the database users mapped by this user to log in to the database without a password. # md5 is a commonly used password authentication method. If you don't use ident, you'd better use md5. The password is transmitted to the database in the form of md5, which is more secure and does not require the establishment of an operating system user with the same name. # password is sent to the database with a clear text password and is not recommended for use in a production environment. # trust does not require a password or ident to log in as long as you know the database user name. It is not recommended to use it in a production environment. # reject denies authentication. # "local" is for Unix domain socket connections onlylocal all all md5# IPv4 local connections:host all all 127.0.0.1 md5# 32 md5# IPv6 local connections:host all all:: 1 peer 128 change peer to md5 () # "local" is for Unix domain socket connections onlylocal all all md5# IPv4 local connections:host all all 127.0.0.1 ident# IPv6 local connections:host all all 32 ident# IPv6 local connections:host all all:: 1 ident# 128 restart psqlsystemctl restart postgresql-11 # Log in to postgrepsql-U kong# and enter your password # View help\ h# exit\ q# here you need to configure the kong configuration file in advance Modify the database configuration by default / etc/kong/kong.conf.defaultcp / etc/kong/kong.conf.default / etc/kong/kong.conf# Write users, passwords, databases, Port and other information vim / etc/kong/kong.conf [root@kong-server software] # egrep-v "^ # | ^ $| ^ [: space:]] + #" / etc/kong/kong.confdatabase = postgres # Determines which of PostgreSQL or Cassandrapg_host = 127.0.0.1 # Host of the Postgres server.pg_port = 5432 # Port of the Postgres server.pg_timeout = 5000 # Defines the timeout (in ms) For connecting,pg_user = kong # Postgres user.pg_password = kong # Postgres user's password.pg_database = kong # The database name to connect to. # Kong migrationskong migrations bootstrap [- c / path/to/kong.conf] [root@kong-server software] # kong migrations bootstrap-c / etc/kong/kong.confBootstrapping database...migrating core on database 'kong'...core migrated up to: 000_base (executed) core migrated up to: 001_14_to_15 (executed) core migrated up to: 002_15_to_1 (executed) core migrated up to: 003_100_to_110 (executed) core migrated up to: 004 Core migrated up to: 005_120_to_130 (executed) migrating hmac-auth on database 'kong'...hmac-auth migrated up to: 000_base_hmac_auth (executed) hmac-auth migrated up to: 001_14_to_15 (executed) migrating oauth3 on database' kong'...oauth3 migrated up to: 000_base_oauth3 (executed) oauth3 migrated up to: 001_14_to_15 (executed) oauth3 migrated up to: 002_15_to_10 (executed) migrating jwt On database 'kong'...jwt migrated up to: 000_base_jwt (executed) jwt migrated up to: 001_14_to_15 (executed) migrating basic-auth on database' kong'...basic-auth migrated up to: 000_base_basic_auth (executed) basic-auth migrated up to: 001_14_to_15 (executed) migrating key-auth on database 'kong'...key-auth migrated up to: 000_base_key_auth (executed) key-auth migrated up to: 001 _ 14_to_15 (executed) migrating rate-limiting on database 'kong'...rate-limiting migrated up to: 000_base_rate_limiting (executed) rate-limiting migrated up to: 001_14_to_15 (executed) rate-limiting migrated up to: 002_15_to_10 (executed) rate-limiting migrated up to: 003_10_to_112 (executed) migrating acl on database' kong'...acl migrated up to: 000_base_acl (executed) acl migrated up to: 001mm 14 _ To_15 (executed) migrating response-ratelimiting on database 'kong'...response-ratelimiting migrated up to: 000_base_response_rate_limiting (executed) response-ratelimiting migrated up to: 001_14_to_15 (executed) response-ratelimiting migrated up to: 002_15_to_10 (executed) migrating session on database' kong'...session migrated up to: 000_base_session (executed) 27 migrations processed27 executedDatabase is up-to-date5.1.2 launch kong

Configure Kong in no database mode, and once Kong is started, the / root endpoint that accesses Admin API has verified that it is running without a database.

# Setting Up Kong in DB-less mode to use Kong in no database mode, there are two ways: modify the configuration file kong.confvim / etc/kong/kong.conf# database= postgresdatabase=off# or export KONG_DATABASE=off# to check the configuration. This command will take into account the environment variables you currently set, and will make an error when setting invalid. In addition, you can use CLI in debug mode To learn more about Kong startup properties kong start-c-- vv# launch kongkong start-c / etc/kong/kong.confkong start [- c / path/to/kong.conf] [root@kong-server software] # kong start-c / etc/kong/kong.confKong started [root@kong-server software] # kong healthnginx.runningKong is healthy at / usr/local/kong [root@kong-server software] # netstat-lntupActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 00 127.0.0.1 mastertcp 8444 0.0.0.0 * LISTEN 31050/nginx: mastertcp 00 0.0.0.0 8000 0.0.0.0 * LISTEN 31050/nginx: mastertcp 0 0 127.0.0.1 LISTEN 1453/sshdtcp 8001 0.0.0.0 LISTEN 31050/nginx: LISTEN 1453/sshdtcp 00 0.0.0.0 22 0.0.0.0 LISTEN 1453/sshdtcp 00 5432 0.0.0.0 * LISTEN 30638/postmastertcp 0 0 0 LISTEN 30638/postmastertcp 8443 0 0 0 LISTEN 31050/nginx: mastertcp6 0 0:: 1 LISTEN 30638/postmasterudp 0 0 0 8 0 0 0 : * 780/dhclientudp 00 172.16.16.16 3006/ntpdudp6 123 0.0.0.0 fe80::5054 * 3006/ntpdudp6 00 127.0.1 3006/ntpdudp6 00 0.0.0.0 fe80::5054: Ff:fe94::123: * 3006/ntpdudp6 00:: 13006/ntpdudp6 123: * 3006/ntpd [root@kong-server software] # curl http://localhost:8001 stop: kong stop reload: kong reload5.1.3 install konga

Konga is the dashboard of the earliest version of kong. Since kong-dashboard is currently updated to adapt to the new version of kong, konga is recommended.

One of the greatest conveniences brought by konga is that all the current configurations of kong can be well observed through UI, and you can view, monitor and warn the situation of managing kong nodes. The main features of konga are as follows:

Multi-user management multiple Kong nodes email exception information notification management all Kong Admin API using snapshot backups, restoring and migrating Kong nodes using health checks to monitor node and API status

Easy database integration (MySQL,postgresSQL,MongoDB)

Node installation yum-y install gitcd / data/software & & wget https://npm.taobao.org/mirrors/node/v10.16.2/node-v10.16.2-linux-x64.tar.xztar-xf node-v10.16.2-linux-x64.tar.xz mv node-v10.16.2-linux-x64 node# is modified to the permission of root chown root.root node- Rcat > / etc/profile.d/node.sh

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.