kong入门实战
kong安装
安装kong-database
docker run -d --name kong-database \
-p 5432:5432 \
-e "POSTGRES_USER=kong" \
-e "POSTGRES_DB=kong" \
postgres:9.4
安装kong
docker run -d --name kong \
--link kong-database:kong-database \
-e "KONG_DATABASE=postgres" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
-e "KONG_PG_HOST=kong-database" \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 7946:7946 \
-p 7946:7946/udp \
kong:latest
8000端口 http 监听客户端传入的HTTP流量
8443端口 https 监听客户端传入的HTTPS流量
8001端口 admin api监听端口
安装kong-dashboard
docker run -d -p 8080:8080 --name kong-dashboard pgbi/kong-dashboard:v2
kong-dashboard管控台访问地址http://172.16.222.115:8080
注册api服务
有如下两个api服务
http://172.16.222.115:8129/info
http://172.16.222.115:8129/users
向kong中添加api
curl -i -X POST --url http://172.16.222.115:8001/apis/ --data 'name=info' --data 'uris=/info,/getinfo' --data 'methods=GET' --data 'upstream_url=http://172.16.222.115:8129/info' --data 'strip_uri=true'
curl -i -X POST --url http://172.16.222.115:8001/apis/ --data 'name=users' --data 'uris=/users,/getusers' --data 'methods=GET' --data 'upstream_url=http://172.16.222.115:8129/users' --data 'strip_uri=true'
注意:
name为api服务名不能重复
hosts、uris、methods至少应指定一个,uris指定该api在kong上访问时的uri路径,当有多个时使用逗号分割
upstream_url为真正的api服务地址
strip_uri表示通过其中一个uris前缀匹配API时,是否从upstream_url中删除匹配到的uris前缀。默认值:true
kong-dashboard管控台api列表
访问注册在kong中的api服务
curl -i -X GET --url http://172.16.222.115:8000/info
curl -i -X GET --url http://172.16.222.115:8000/getinfo
curl -i -X GET --url http://172.16.222.115:8000/users
curl -i -X GET --url http://172.16.222.115:8000/getusers
从kong中删除api
curl -i -X DELETE http://172.16.222.115:8001/apis/info
curl -i -X DELETE http://172.16.222.115:8001/apis/users
查看apis列表
curl -i -X GET http://172.16.222.115:8001/apis
或浏览器访问http://172.16.222.115:8001/apis
插件管理
添加插件
/apis/{name or id}/plugins/
- 安装file-log插件
curl -X POST http://172.16.222.115:8001/apis/{api}/plugins \
--data "name=file-log" \
--data "config.path=/tmp/file.log"
- 安装rate-limiting
curl -X POST http://172.16.222.115:8001/apis/{api}/plugins \
--data "name=rate-limiting" \
--data "config.second=5" \
--data "config.hour=10000"
- 安装ip-restriction插件
curl -X POST http://172.16.222.115:8001/apis/{api}/plugins \
--data "name=ip-restriction" \
--data "config.whitelist=172.16.222.115"
--data "config.blacklist=143.1.0.0/24"
- 安装key-auth插件
curl -X POST http://172.16.222.115:8001/apis/{api}/plugins \
--data "name=key-auth" \
--data "config.hide_credentials=true"
--data "config.key_names=apikey"
创建Consumer
curl -X POST http://172.16.222.115:8001/consumers/ \
--data "username=admin" \
--data "custom_id=qtonecloud-admin"
curl -X POST http://172.16.222.115:8001/consumers/ \
--data "username=guest" \
--data "custom_id=qtonecloud-guest"
创建API Key
curl -X POST http://172.16.222.115:8001/consumers/{consumer}/key-auth -d ''
使用API Key调用服务
curl http://172.16.222.115:8000/getusers?apikey=ad097442ea4e4e0c911da52ad5c4cea2
- 安装basic-auth插件
curl -X POST http://172.16.222.115:8001/apis/{api}/plugins \
--data "name=basic-auth" \
--data "config.hide_credentials=true"
创建Consumer
curl -d "username=qtonecloud&custom_id=qtonecloud" http://172.16.222.115:8001/consumers/
创建Credential
curl -X POST http://172.16.222.115:8001/consumers/{consumer}/basic-auth \
--data "username=admin" \
--data "password=admin"
使用Credential调用api服务
curl http://172.16.222.115:8000/getusers \
-H 'Authorization: Basic YWRtaW46YWRtaW4='
其中YWRtaW46YWRtaW4=为上一步中username与password的Base64编码后的值即admin:admminBase64编码后的值
- 安装ACL插件
ACL依赖authentication plugin
安装acl,添加组白名单、黑名单
curl -X POST http://172.16.222.115:8001/apis/{api}/plugins \
--data "name=acl" \
--data "config.whitelist=user, admin"
--data "config.blacklist=guest"
关联Consumers
curl -X POST http://172.16.222.115:8001/consumers/{consumer}/acls \
--data "group=guest"
启用任何一种Authentication插件,如之前安装的basic-auth或key-auth插件
使用对应的Authentication插件认证方式调用api
查看插件列表
curl -i -X GET http://172.16.222.115:8001/plugins
或浏览器访问http://172.16.222.115:8001/plugins
kong-dashboard管控台插件列表
rate-limiting插件限流
ip-restriction插件IP黑名单
key-auth插件
basic-auth
acl
同时启用basic-auth和acl
参考资料
https://getkong.org/install/docker/
https://getkong.org/plugins/
https://github.com/PGBI/kong-dashboard