【kong 2.0.2研究】系列三:配置PostgreSQL-12以支持Kong

最近在研究Kong,上一篇文章说明了怎么在centos7.5安装PostgreSQL-12(https://blog.csdn.net/zzhongcy/article/details/105562372),这里简要说说怎么配置和使用PostgreSQL--Kong。

 

1 前言

可参考官网说明:https://docs.konghq.com/2.0.x/configuration/#database

这里只说明Kong对于PostgreSQL12数据库的使用。

Datastore section

Kong can run with a database to store coordinated data between Kong nodes in a cluster, or without a database, where each node stores its information independently in memory.

When using a database, Kong will store data for all its entities (such as Routes, Services, Consumers, and Plugins) in either Cassandra or PostgreSQL, and all Kong nodes belonging to the same cluster must connect themselves to the same database.

Kong supports the following database versions:

  • PostgreSQL: 9.5 and above.
  • Cassandra: 2.2 and above.

When not using a database, Kong is said to be in “DB-less mode”: it will keep its entities in memory, and each node needs to have this data entered via a declarative configuration file, which can be specified through the declarative_config property, or via the Admin API using the /config endpoint.


Permalinkdatabase

Determines which of PostgreSQL or Cassandra this node will use as its datastore.

Accepted values are postgrescassandra, and off.

Default: postgres


PermalinkPostgres settings

name description default
pg_host Host of the Postgres server. 127.0.0.1
pg_port Port of the Postgres server. 5432
pg_timeout Defines the timeout (in ms), for connecting, reading and writing. 5000
pg_user Postgres user. kong
pg_password Postgres user’s password. none
pg_database The database name to connect to. kong
pg_schema The database schema to use. If unspecified, Kong will respect the search_path value of your PostgreSQL instance. none
pg_ssl Toggles client-server TLS connections between Kong and PostgreSQL. off
pg_ssl_verify Toggles server certificate verification if pg_ssl is enabled. See the lua_ssl_trusted_certificate setting to specify a certificate authority. off
pg_max_concurrent_queries Sets the maximum number of concurrent queries that can be executing at any given time. This limit is enforced per worker process; the total number of concurrent queries for this node will be will be: pg_max_concurrent_queries * nginx_worker_processes. The default value of 0 removes this concurrency limitation. 0
pg_semaphore_timeout Defines the timeout (in ms) after which PostgreSQL query semaphore resource acquisition attempts will fail. Such failures will generally result in the associated proxy or Admin API request failing with an HTTP 500 status code. Detailed discussion of this behavior is available in the online documentation. 60000

2 安装数据库

具体可以参考:https://blog.csdn.net/zzhongcy/article/details/105562372

Kong 在运行过程中可以有数据库,也可以没有数据库。

如果你要使用数据库,你需要使用 kong.conf  配置文件中去配置启动数据库作为数据存储的方式,以及相应的路由或者 Kong 的代理。

如果你不需要使用数据数据库,那么你在 kong.conf 文件中指定一个 kong.yml的声明式配置文件来作为数据存储的文件。

Kong 支持 PostgreSQL 9.5+ 和 Cassandra 3.xx 来作为他的数据存储数据库。

2.1 如果使用PostgreSQL 数据库:

如果你使用 PostgreSQL ,需要初始化一个数据库和一个用户,例如:

CREATE USER kong; CREATE DATABASE kong OWNER kong;

现在 运行 Kong migrations

kong migrations bootstrap [-c /path/to/kong.conf]
#Database is already up-to-date

使用低版本kong的话,初始化数据库:
$ kong migrations up -c ./kong.conf

数据库表信息:

【kong 2.0.2研究】系列三:配置PostgreSQL-12以支持Kong_第1张图片

2.2 如果不使用数据库:

如果要以无db模式运行Kong,应该首先生成声明性配置文件。使用下面的命令在当前的文件夹下,生成一个普通的 kong.yml

kong config init 

在生成好 kong.yml 文件后,编辑你的 kong.conf 文件,设置如下参数:

database = off
declarative_config = /path/to/kong.yml

 

3 设置防火墙

sudo firewall-cmd --add-port=5432/tcp --permanent
sudo firewall-cmd --reload

sudo firewall-cmd --add-port=8001/tcp --permanent
sudo firewall-cmd --reload

4 启动关闭服务器

kong start -c ./kong.conf 

kong stop -p ./      #关闭服务器

服务已经正常启动

$ curl 127.0.0.1:8001
{"plugins":{"enabled_in_cluster":[],"available_on_server":{"response-transformer":true,"correlation-id":true,"statsd":true,"jwt":true,"cors":true,"basic-auth":true,"key-auth":true,"ldap-auth":true,"http-log":true,"oauth2":true,"hmac-auth":true,"acl":true,"datadog":true,"tcp-log":true,"ip-restriction":true,"request-transformer":true,"file-log":true,"bot-detection":true,"loggly":true,"request-size-limiting":true,"syslog":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"runscope":true,"rate-limiting":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"error_default_type":"text\/plain","client_ssl":false,"lua_ssl_verify_depth":1
....

5 添加路由

5.1 创建服务:

curl -i -X POST \
--url http://127.0.0.1:8001/services/ \
--data 'name=baidu-service' \
--data 'url=https://www.baidu.com/'

{"host":"www.baidu.com","created_at":1587015106,"connect_timeout":60000,"id":"a272217d-134c-435c-b7cf-e7273e809301","protocol":"https","name":"baidu-service","read_timeout":60000,"port":443,"path":"\/","updated_at":1587015106,"retries":5,"write_timeout":60000,"tags":null,"client_certificate":null}

5.2 创建服务路由

curl -i -X POST \
--url http://127.0.0.1:8001/services/baidu-service/routes \
--data 'hosts[]=baidu.com' \
--data 'paths[]=/api/baidu'

{"id":"9a3116d3-d1c9-4ea9-8d63-14dffc6d9292","path_handling":"v0","paths":["\/api\/baidu"],"destinations":null,"headers":null,"protocols":["http","https"],"methods":null,"snis":null,"service":{"id":"a272217d-134c-435c-b7cf-e7273e809301"},"name":null,"strip_path":true,"preserve_host":false,"regex_priority":0,"updated_at":1587015121,"sources":null,"hosts":["baidu.com"],"https_redirect_status_code":426,"tags":null,"created_at":1587015121}

5.3 访问路由:

curl http://127.0.0.1:8000/api/baidu --header 'Host: baidu.com'

查看结果是否正常。

 

6 问题

6.1 错误1: [postgres error] could not retrieve current migrations: [postgres error]

Error: /usr/local/share/lua/5.1/kong/cmd/start.lua:28: [postgres error] could not retrieve current migrations: [postgres error] 致命错误: 用户 "kong" Ident 认证失败

解决方法:
vi /var/lib/pgsql/12/data/pg_hba.conf

修改
把这个配置文件中的认证 METHOD的ident修改为trust,可以实现用账户和密码来访问数据库,

即解决psql: 致命错误: 用户 "postgres" Ident 认证失败 这个问题)


7 参考:

https://docs.konghq.com/install/source/

https://docs.konghq.com/2.0.x/configuration/#database

你可能感兴趣的:(Kong)