## 安装 ```bash # db-less模式 docker run -d --name kong888 -e "KONG_DATABASE=off" \ -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \ -p 8000:8000 \ -p 8443:8443 \ -p 8001:8001 \ -p 8444:8444 kong:1.1.2-centos # 测试 curl -i http://localhost:8001/ curl http://localhost:8001/metrics curl http://localhost:8001/status |jq docker exec -it kong888 kong reload # 端口说明 :8000 on which Kong listens for incoming HTTP traffic from your clients, and forwards it to your upstream services. :8443 on which Kong listens for incoming HTTPS traffic. This port has a similar behavior as the :8000 port, except that it expects HTTPS traffic only. This port can be disabled via the configuration file. :8001 on which the Admin API used to configure Kong listens. :8444 on which the Admin API listens for HTTPS traffic. ``` ```bash # 配置文件 /usr/local/kong/nginx-kong-stream.conf /usr/local/kong/nginx-kong.conf /usr/local/kong/nginx.conf ``` ## 测试 ### Admin API ```bash curl -X POST http://192.168.33.26:8001/upstreams --data "name=hello" curl -X POST http://192.168.33.26:8001/upstreams/hello/targets --data "target=localhost:3000" --data "weight=100" curl -X POST http://192.168.33.26:8001/upstreams/hello/targets --data "target=localhost:3001" --data "weight=100" curl -X POST http://192.168.33.26:8001/services --data "name=hello" --data "host=hello" curl -X POST http://192.168.33.26:8001/routes --data "paths[]=/" --data "service.id=8695cc65-16c1-43b1-95a1-5d30d0a50409" # 插件 curl -X POST http://localhost:8001/services/hello/plugins --data "name=rate-limiting" --data "config.second=50" curl -X POST http://localhost:8001/services/login/plugins --data "name=jwt" # 同理,插件也可以安装在 route 之上 curl -X POST http://localhost:8001/routes/{routeId}/plugins --data "name=rate-limiting" --data "config.second=50" curl -X POST http://localhost:8001/routes/{routeId}/plugins --data "name=jwt" {"name":"operation unsupported","message":"cannot create 'upstreams' entities when not using a database","code":12} ``` ### DB-less and Declarative Configuration ```bash docker exec -it kong888 /bin/bash kong config -c kong.conf init cat kong.yml ``` ```yaml # ------------------------------------------------------------------------------ # This is an example file to get you started with using # declarative configuration in Kong. # ------------------------------------------------------------------------------ # Metadata fields start with an underscore (_) # Fields that do not start with an underscore represent Kong entities and attributes # _format_version is mandatory, # it specifies the minimum version of Kong that supports the format _format_version: "1.1" # Each Kong entity (core entity or custom entity introduced by a plugin) # can be listed in the top-level as an array of objects: upstreams: - name: hello targets: - target: 192.168.33.26:30741 weight: 100 - target: 192.168.33.27:30741 weight: 100 services: - name: example-service # url: http://example.com host: hello # routes: # - name: example-route # paths: # - / routes: - name: another-route service: example-service hosts: ["hello.com"] # paths: # - / # services: # - name: example-service # url: http://example.com # # Entities can store tags as metadata # tags: # - example # # Entities that have a foreign-key relationship can be nested: # routes: # - name: example-route # paths: # - / # plugins: # - name: key-auth # - name: another-service # url: https://example.org # routes: # - name: another-route # # Relationships can also be specified between top-level entities, # # either by name or by id # service: example-service # hosts: ["hello.com"] # consumers: # - username: example-user # # Custom entities from plugin can also be specified # # If they specify a foreign-key relationshp, they can also be nested # keyauth_credentials: # - key: my-key # plugins: # - name: rate-limiting # _comment: "these are default rate-limits for user example-user" # config: # policy: local # second: 5 # hour: 10000 # When an entity has multiple foreign-key relationships # (e.g. a plugin matching on both consumer and service) # it must be specified as a top-level entity, and not through # nesting. # plugins: # - name: rate-limiting # consumer: example-user # service: another-service # _comment: "example-user is extra limited when using another-service" # config: # hour: 2 # # tags are for your organization only and have no meaning for Kong: # tags: # - extra_limits # - my_tag ``` ```bash curl -X POST -F "config=@kong.yml" --url http://192.168.33.26:8001/config ``` ```json { "services": { "3749d4d5-2d37-410a-aaa8-2dba315f34ac": { "host": "hello", "created_at": 1561446130, "connect_timeout": 60000, "id": "3749d4d5-2d37-410a-aaa8-2dba315f34ac", "protocol": "http", "name": "example-service", "read_timeout": 60000, "port": 80, "updated_at": 1561446130, "write_timeout": 60000, "retries": 5 } }, "routes": { "b7fb6999-3803-4480-bb2d-731e5f9e0874": { "service": { "id": "3749d4d5-2d37-410a-aaa8-2dba315f34ac" }, "created_at": 1561446130, "id": "b7fb6999-3803-4480-bb2d-731e5f9e0874", "hosts": [ "hello.com" ], "name": "another-route", "strip_path": true, "preserve_host": false, "regex_priority": 0, "updated_at": 1561446130, "protocols": [ "http", "https" ] } }, "targets": { "35c40828-f4e7-40a6-b740-88e7b8d3ba4d": { "created_at": 1561446130.703, "upstream": { "id": "45ceaabf-975b-4ec2-a5c0-6ff6783e34d6" }, "id": "35c40828-f4e7-40a6-b740-88e7b8d3ba4d", "target": "192.168.33.26:30741", "weight": 100 }, "27475efd-437f-4e0d-b48f-2e5e0817e87f": { "created_at": 1561446130.703, "upstream": { "id": "45ceaabf-975b-4ec2-a5c0-6ff6783e34d6" }, "id": "27475efd-437f-4e0d-b48f-2e5e0817e87f", "target": "192.168.33.27:30741", "weight": 100 } }, "upstreams": { "45ceaabf-975b-4ec2-a5c0-6ff6783e34d6": { "created_at": 1561446130, "hash_on": "none", "id": "45ceaabf-975b-4ec2-a5c0-6ff6783e34d6", "name": "hello", "healthchecks": { "active": { "https_verify_certificate": true, "http_path": "/", "timeout": 1, "concurrency": 10, "healthy": { "http_statuses": [ 200, 302 ], "interval": 0, "successes": 0 }, "unhealthy": { "http_statuses": [ 429, 404, 500, 501, 502, 503, 504, 505 ], "tcp_failures": 0, "timeouts": 0, "http_failures": 0, "interval": 0 }, "type": "http" }, "passive": { "unhealthy": { "http_failures": 0, "http_statuses": [ 429, 500, 503 ], "tcp_failures": 0, "timeouts": 0 }, "type": "http", "healthy": { "http_statuses": [ 200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308 ], "successes": 0 } } }, "hash_on_cookie_path": "/", "hash_fallback": "none", "slots": 10000 } } } ``` ```bash curl -H "host:hello.com" http://192.168.33.26:8000 Hostname: who333 IP: 127.0.0.1 IP: 172.20.1.22 GET / HTTP/1.1 Host: 192.168.33.26:30741 User-Agent: curl/7.58.0 Accept: */* Connection: keep-alive X-Forwarded-For: 192.168.33.1 X-Forwarded-Host: hello.com X-Forwarded-Port: 8000 X-Forwarded-Proto: http X-Real-Ip: 192.168.33.1 ``` ## dashboard ### kong-dashboard ```bash # https://github.com/PGBI/kong-dashboard docker run --rm -p 27071:8080 pgbi/kong-dashboard start --kong-url http://192.168.33.26:8001 ``` ### konga ```bash docker run -d --name konga -p 21337:1337 -e "DB_ADAPTER=postgres" \ -e "DB_HOST=192.168.33.26" \ -e "DB_PORT=30007" \ -e "DB_USER=postgres" \ -e "DB_PASSWORD=postgres" \ -e "DB_DATABASE=konga" \ -e "NODE_ENV=development" \ pantsel/konga docker stop konga && docker rm konga ``` ## 集群 ## 参考 * [全部的插件](https://konghq.com/plugins/) * [DB-less and Declarative Configuration](https://docs.konghq.com/1.2.x/db-less-and-declarative-config/) * [API网关Kong学习笔记(二十六):Kong 1.1引入db-less模式,无数据库部署](https://www.lijiaocn.com/%E9%A1%B9%E7%9B%AE/2019/05/06/kong-1-0-db-less-mode.html) * [Kong 1.1 Released!](https://konghq.com/blog/kong-1-1-released/) * [Admin API for DB-less Mode](https://docs.konghq.com/1.2.x/db-less-admin-api/) * [初识 Kong 之负载均衡](https://www.cnkirito.moe/kong-loadbalance/) * [使用 Nginx 实现灰度发布](https://www.hi-linux.com/posts/34319.html) * [蓝绿部署、金丝雀发布(灰度发布)、A/B测试的准确定义](https://www.lijiaocn.com/%E6%96%B9%E6%B3%95/2018/10/23/devops-blue-green-deployment-ab-test-canary.html) * [A/B testing + Canary releasing](https://github.com/Kong/kong/issues/210) * [Blue-green Deployments, A/B Testing, and Canary Releases](https://blog.christianposta.com/deploy/blue-green-deployments-a-b-testing-and-canary-releases/) * [How To Target Your Users with Nginx Analytics and A/B Testing](https://www.digitalocean.com/community/tutorials/how-to-target-your-users-with-nginx-analytics-and-a-b-testing) * [nginx map配置根据请求头不同分配流量到不同后端服务](https://www.jianshu.com/p/0897e16f7ea2) * [nginx使用map配置AB测试环境](http://ju.outofmemory.cn/entry/340498) * [Nginx map 使用详解](https://blog.51cto.com/tchuairen/2175525) * [kong插件应用(熔断 限流,黑白名单,认证(basic,key,jwt,hmac,),授权,加密,zipkin链路跟踪,日志, prometheus可视化, 爬虫控制插件)](https://blog.csdn.net/luanpeng825485697/article/details/85326831)