Shulou(Shulou.com)06/01 Report--

Foreword:

Micro-service architecture is a hot technical topic now, its essence is to split the large and complex system into tiny service modules, so that the services can be decoupled, and each module can be developed, upgraded and deployed independently. The difficulty of operation, maintenance and development of the system is greatly reduced.

However, due to the split of services, clients may need to interact with multiple services at the same time. With the increase of the scale of micro-services, this interaction mode has great inconvenience in performance and management. So how can clients based on micro-services better access these independent services? then we need a unified entrance to provide services to the outside world. This is what we call the API gateway.

API Gateway is a middleman between the client and the service. The client does not have to access the server directly, but delivers intermediate messages through API Gateway. API Gateway can achieve load balancing, caching, access control, API billing monitoring and other functions. The following is a picture of API Gateway on the Internet.

Kong is an API Gateway software developed by Mashape. Kong is based on nginx and is used to receive API requests from the client. At the same time, it also needs a database to store operation data. At the time of writing, the latest version of Kong is 0. 9. 3 and its supporting databases are PostgreSQL 9. 4 + and Cassandra 2. 2. X.

One: installation

Centos

(1): install kong

$sudo yum install epel-release$ sudo yum install kong-0.9.3.*.noarch.rpm-nogpgcheck

Or

Download kong-0.9.3.el7.noarch.rpm

$wget kong-0.9.3.el7.noarch.rpm

(2): configuration database

Kong supports PostgreSQL 9.4 + and Cassandra 2.2.x.

If you are using a PostgreSQL database, create a user and the corresponding database

$CREATE USER kong; CREATE DATABASE kong OWNER kong

(3): start

$kong start# Kong is running$ curl 127.0.0.1purl 8001

When Kong starts, it listens on ports 8000 and 8001, respectively. Port 8000 is used to provide services and 8001 is used to manage API.

Docker

(1): start the database

Cassandra

$docker run-d-name kong-database\-p 9042 cassandra:2.2

OR PostgreSQL

$docker run-d-name kong-database\-p 5432 POSTGRES_DB=kong 5432\-e "POSTGRES_USER=kong"\-e "POSTGRES_DB=kong"\ postgres:9.4

(2): start kong

$docker run-d-- name kong\-- link kong-database:kong-database\-e "KONG_DATABASE=cassandra"\-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database"\-e "KONG_PG_HOST=kong-database"\-p 8000 KONG_DATABASE=cassandra 8000\-p 8443 P 8001 7946:7946/udp 8001\-p 7946 Viru 7946\-p 7946:7946/udp\ kong

Docker-compose.yml is attached

Kong-database: p_w_picpath: postgres:9.4 ports:-5432:5432/tcp environment:-POSTGRES_USER=kong-POSTGRES_DB=kongkong: p_w_picpath: kong links:-kong-database:kong-database environment:-KONG_DATABASE=postgres-KONG_CASSANDRA_CONTACT_POINTS=kong-database-KONG_PG_HOST=kong-database ports:-8000:8000/tcp-8443:8443/tcp-8001:8001/tcp-7946:7946/tcp-7946:7946/udp

Two: use kong

(1): add api to kong

$curl-I-X POST\-- url http://localhost:8001/apis/\-- data 'name=baidu'\-- data' upstream_url= http://baidu.com/'\-- data 'request_host=baidu.com'

-- the url:8001 port is the management port of Kong.

Upstream_url: the back-end url that provides services.

Request_path: the service interface that is added to the path when the path parameter is used.

When request_host uses this parameter, all service interfaces of the host are added:

(2): query the added API

$curl localhost:8001/apis/

(3): visit API

$curl-I-X POST-- url http://localhost:8000/-- header 10.100.55.1

(4): delete API

Delete the specified api according to API_NAME or API_ID

$curl-I-X DELETE localhost:8001/apis/00f90ca9-cf2d-4830-c842-3b90f6cd08af$curl-I-X DELETE localhost:8001/apis/test1

(5): add an instance

Example 1 (request_path restricts interfaces within path)

URL:

Http://10.100.55.1/hello1/index.html

Add:

$curl-I-X POST-- url http://localhost:8001/apis/\-- data name=test1\-- data 'upstream_url= http://10.100.55.1'\-- data' request_path=/hello1/'

Access interface:

$curl-I-X GET-- url http://localhost:8000/hello1/

The so-called request_path means that you can only access the content under the hello1. If there are hello2 and hello3 in the www directory of the host, you cannot access the content in this directory through the gateway. For example, you cannot access the content below because it is not added to the Kong.

$curl-I-X GET-- url http://localhost:8000/hello2/

Example 2 (request_host can access all interfaces of host)

URL:

Http://10.100.55.1

Add:

$curl-I-X POST-- url http://localhost:8001/apis/\-- data name=test2\-- data 'upstream_url= http://10.100.55.1'\-- data' request_host=10.100.55.1'

Access interface:

After using request_host, all the api of the host are added to the Kong, and all of the following are accessible through the gateway.

$curl-I-X GET-- url http://localhost:8000/hello1-- header host:10.100.55.1$ curl-I-X GET-- url http://localhost:8000/hello2-- header host:10.100.55.1

Instance 3 (request_host port:8080)

URL:

Http://10.100.55.2:8080

Add:

$curl-I-X POST-- url http://localhost:8001/apis/\-- data name=test3\-- data 'upstream_url= http://10.100.55.2:8080'\-- data' request_host=10.100.55.2'

Access interface:

$curl-I-X GET-url http://localhost:8000/-header host:10.100.55.2

Example 4 (addition and access of complex url)

URL:

Http://10.100.55.3:8000/opj/list?serviceId=box&c=nanjing

Add:

$curl-I-X POST-- url http://localhost:8001/apis/-- data 'name=test4'-- data' upstream_url= http://10.100.55.3:8000/'-- data 'request_path=/opj/list'

Access interface:

$curl-I-X GET-- url http://localhost:8000/opj/list?serviceId=box&c=nanjing

Three: create certification

(1) configure API with pulgin authentication

1: add api

$curl-I-X POST-- url http://localhost:8001/apis/-- data 'name=test5'-- data' upstream_url= http://10.100.55.1/'-- data 'request_host=10.100.55.1'$curl-I-X GET-- url http://localhost:8000/-- header host:10.100.55.1 visits normal Connect Success...

2: add plugin authentication

$curl-I-X POST-- url http://localhost:8001/apis/test5/plugins/-- data 'name=key-auth'$curl-I-X GET-- url http://localhost:8000/-- header host:10.100.55.1 access failed HTTP/1.1 401 UnauthorizedWWW-Authenticate: Key realm= "kong" Server: kong/0.9.3 {"message": "No API key found in headers or querystring"}

(2) add users

1: create a user

$curl-I-X POST-- url http://localhost:8001/consumers/-- data "username=heqin" {"username": "heqin", "created_at": 1477382339000, "id": "8e6273c9-f332-4d68-b74c-73ae9f82f150"}

2: create a key for the user

$curl-I-X POST-- url http://localhost:8001/consumers/heqin/key-auth/-- data 'key=helloworld' {"created_at": 1477382483000, "consumer_id": "8e6273c9-f332-4d68-b74c-73ae9f82f150", "key": "helloworld", "id": "62c0d640-b1bd-4f3b-aa6e-ba3adaf8ec38"}

3: take key to visit

$curl-I-X GET-- url http://localhost:8000/-- header host:10.100.55.1-- header apikey:helloworld visited Connect Success... successfully

Through the above two steps, you can achieve access control over the API interface.

To be continued.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.