安装

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
# db-less模式
docker run -d --name kong888 -e "KONG_DATABASE=off" \
     -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
     -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
     -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
     -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
     -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
     -p 8000:8000 \
     -p 8443:8443 \
     -p 8001:8001 \
     -p 8444:8444 kong:1.1.2-centos
# 测试     
curl -i http://localhost:8001/
curl http://localhost:8001/metrics
curl http://localhost:8001/status |jq
docker exec -it kong888 kong reload

# 端口说明
:8000 on which Kong listens for incoming HTTP traffic from your clients, and forwards it to your upstream services.
:8443 on which Kong listens for incoming HTTPS traffic. This port has a similar behavior as the :8000 port, except that it expects HTTPS traffic only. This port can be disabled via the configuration file.
:8001 on which the Admin API used to configure Kong listens.
:8444 on which the Admin API listens for HTTPS traffic.
1
2
3
4
# 配置文件
/usr/local/kong/nginx-kong-stream.conf
/usr/local/kong/nginx-kong.conf
/usr/local/kong/nginx.conf

测试

Admin API

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
curl -X POST http://192.168.33.26:8001/upstreams --data "name=hello"
curl -X POST http://192.168.33.26:8001/upstreams/hello/targets --data "target=localhost:3000" --data "weight=100"
curl -X POST http://192.168.33.26:8001/upstreams/hello/targets --data "target=localhost:3001" --data "weight=100"
curl -X POST http://192.168.33.26:8001/services --data "name=hello" --data "host=hello"
curl -X POST http://192.168.33.26:8001/routes --data "paths[]=/" --data "service.id=8695cc65-16c1-43b1-95a1-5d30d0a50409"

# 插件
curl -X POST http://localhost:8001/services/hello/plugins --data "name=rate-limiting" --data "config.second=50"
curl -X POST http://localhost:8001/services/login/plugins --data "name=jwt"

# 同理,插件也可以安装在 route 之上
curl -X POST http://localhost:8001/routes/{routeId}/plugins --data "name=rate-limiting" --data "config.second=50"
curl -X POST http://localhost:8001/routes/{routeId}/plugins --data "name=jwt"


{"name":"operation unsupported","message":"cannot create 'upstreams' entities when not using a database","code":12}

DB-less and Declarative Configuration

1
2
3
docker exec -it kong888 /bin/bash
kong config -c kong.conf init
cat kong.yml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# ------------------------------------------------------------------------------
# This is an example file to get you started with using
# declarative configuration in Kong.
# ------------------------------------------------------------------------------

# Metadata fields start with an underscore (_)
# Fields that do not start with an underscore represent Kong entities and attributes

# _format_version is mandatory,
# it specifies the minimum version of Kong that supports the format

_format_version: "1.1"

# Each Kong entity (core entity or custom entity introduced by a plugin)
# can be listed in the top-level as an array of objects:

upstreams:
- name: hello
  targets:
  - target: 192.168.33.26:30741
    weight: 100
  - target: 192.168.33.27:30741
    weight: 100


services:
- name: example-service
#  url: http://example.com
  host: hello
#  routes:
#  - name: example-route
#    paths:
#    - /


routes:
- name: another-route
  service: example-service
  hosts: ["hello.com"]
#  paths:
#  - /


# services:
# - name: example-service
#   url: http://example.com
#   # Entities can store tags as metadata
#   tags:
#   - example
#   # Entities that have a foreign-key relationship can be nested:
#   routes:
#   - name: example-route
#     paths:
#     - /
#   plugins:
#   - name: key-auth
# - name: another-service
#   url: https://example.org

# routes:
# - name: another-route
#   # Relationships can also be specified between top-level entities,
#   # either by name or by id
#   service: example-service
#   hosts: ["hello.com"]

# consumers:
# - username: example-user
#   # Custom entities from plugin can also be specified
#   # If they specify a foreign-key relationshp, they can also be nested
#   keyauth_credentials:
#   - key: my-key
#   plugins:
#   - name: rate-limiting
#     _comment: "these are default rate-limits for user example-user"
#     config:
#       policy: local
#       second: 5
#       hour: 10000

# When an entity has multiple foreign-key relationships
# (e.g. a plugin matching on both consumer and service)
# it must be specified as a top-level entity, and not through
# nesting.

# plugins:
# - name: rate-limiting
#   consumer: example-user
#   service: another-service
#   _comment: "example-user is extra limited when using another-service"
#   config:
#     hour: 2
#   # tags are for your organization only and have no meaning for Kong:
#   tags:
#   - extra_limits
#   - my_tag
1
curl  -X POST -F "config=@kong.yml" --url http://192.168.33.26:8001/config
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
{
  "services": {
    "3749d4d5-2d37-410a-aaa8-2dba315f34ac": {
      "host": "hello",
      "created_at": 1561446130,
      "connect_timeout": 60000,
      "id": "3749d4d5-2d37-410a-aaa8-2dba315f34ac",
      "protocol": "http",
      "name": "example-service",
      "read_timeout": 60000,
      "port": 80,
      "updated_at": 1561446130,
      "write_timeout": 60000,
      "retries": 5
    }
  },
  "routes": {
    "b7fb6999-3803-4480-bb2d-731e5f9e0874": {
      "service": {
        "id": "3749d4d5-2d37-410a-aaa8-2dba315f34ac"
      },
      "created_at": 1561446130,
      "id": "b7fb6999-3803-4480-bb2d-731e5f9e0874",
      "hosts": [
        "hello.com"
      ],
      "name": "another-route",
      "strip_path": true,
      "preserve_host": false,
      "regex_priority": 0,
      "updated_at": 1561446130,
      "protocols": [
        "http",
        "https"
      ]
    }
  },
  "targets": {
    "35c40828-f4e7-40a6-b740-88e7b8d3ba4d": {
      "created_at": 1561446130.703,
      "upstream": {
        "id": "45ceaabf-975b-4ec2-a5c0-6ff6783e34d6"
      },
      "id": "35c40828-f4e7-40a6-b740-88e7b8d3ba4d",
      "target": "192.168.33.26:30741",
      "weight": 100
    },
    "27475efd-437f-4e0d-b48f-2e5e0817e87f": {
      "created_at": 1561446130.703,
      "upstream": {
        "id": "45ceaabf-975b-4ec2-a5c0-6ff6783e34d6"
      },
      "id": "27475efd-437f-4e0d-b48f-2e5e0817e87f",
      "target": "192.168.33.27:30741",
      "weight": 100
    }
  },
  "upstreams": {
    "45ceaabf-975b-4ec2-a5c0-6ff6783e34d6": {
      "created_at": 1561446130,
      "hash_on": "none",
      "id": "45ceaabf-975b-4ec2-a5c0-6ff6783e34d6",
      "name": "hello",
      "healthchecks": {
        "active": {
          "https_verify_certificate": true,
          "http_path": "/",
          "timeout": 1,
          "concurrency": 10,
          "healthy": {
            "http_statuses": [
              200,
              302
            ],
            "interval": 0,
            "successes": 0
          },
          "unhealthy": {
            "http_statuses": [
              429,
              404,
              500,
              501,
              502,
              503,
              504,
              505
            ],
            "tcp_failures": 0,
            "timeouts": 0,
            "http_failures": 0,
            "interval": 0
          },
          "type": "http"
        },
        "passive": {
          "unhealthy": {
            "http_failures": 0,
            "http_statuses": [
              429,
              500,
              503
            ],
            "tcp_failures": 0,
            "timeouts": 0
          },
          "type": "http",
          "healthy": {
            "http_statuses": [
              200,
              201,
              202,
              203,
              204,
              205,
              206,
              207,
              208,
              226,
              300,
              301,
              302,
              303,
              304,
              305,
              306,
              307,
              308
            ],
            "successes": 0
          }
        }
      },
      "hash_on_cookie_path": "/",
      "hash_fallback": "none",
      "slots": 10000
    }
  }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
curl -H "host:hello.com" http://192.168.33.26:8000
Hostname: who333
IP: 127.0.0.1
IP: 172.20.1.22
GET / HTTP/1.1
Host: 192.168.33.26:30741
User-Agent: curl/7.58.0
Accept: */*
Connection: keep-alive
X-Forwarded-For: 192.168.33.1
X-Forwarded-Host: hello.com
X-Forwarded-Port: 8000
X-Forwarded-Proto: http
X-Real-Ip: 192.168.33.1

dashboard

kong-dashboard

1
2
# https://github.com/PGBI/kong-dashboard
docker run --rm -p 27071:8080 pgbi/kong-dashboard start --kong-url http://192.168.33.26:8001

konga

1
2
3
4
5
6
7
8
9
docker run -d --name konga -p 21337:1337 -e "DB_ADAPTER=postgres" \
             -e "DB_HOST=192.168.33.26" \
             -e "DB_PORT=30007" \
             -e "DB_USER=postgres" \
             -e "DB_PASSWORD=postgres" \
             -e "DB_DATABASE=konga" \
             -e "NODE_ENV=development" \
             pantsel/konga
docker stop konga && docker rm konga             

集群

参考