最近在研究Kong,上一篇文章说明了怎么在centos7.5安装PostgreSQL-12(https://blog.csdn.net/zzhongcy/article/details/105562372),这里简要说说怎么配置和使用PostgreSQL--Kong。
可参考官网说明:https://docs.konghq.com/2.0.x/configuration/#database
这里只说明Kong对于PostgreSQL12数据库的使用。
Kong can run with a database to store coordinated data between Kong nodes in a cluster, or without a database, where each node stores its information independently in memory.
When using a database, Kong will store data for all its entities (such as Routes, Services, Consumers, and Plugins) in either Cassandra or PostgreSQL, and all Kong nodes belonging to the same cluster must connect themselves to the same database.
Kong supports the following database versions:
When not using a database, Kong is said to be in “DB-less mode”: it will keep its entities in memory, and each node needs to have this data entered via a declarative configuration file, which can be specified through the declarative_config
property, or via the Admin API using the /config
endpoint.
Permalinkdatabase
Determines which of PostgreSQL or Cassandra this node will use as its datastore.
Accepted values are postgres
, cassandra
, and off
.
Default: postgres
PermalinkPostgres settings
name | description | default |
---|---|---|
pg_host | Host of the Postgres server. | 127.0.0.1 |
pg_port | Port of the Postgres server. | 5432 |
pg_timeout | Defines the timeout (in ms), for connecting, reading and writing. | 5000 |
pg_user | Postgres user. | kong |
pg_password | Postgres user’s password. | none |
pg_database | The database name to connect to. | kong |
pg_schema | The database schema to use. If unspecified, Kong will respect the search_path value of your PostgreSQL instance. |
none |
pg_ssl | Toggles client-server TLS connections between Kong and PostgreSQL. | off |
pg_ssl_verify | Toggles server certificate verification if pg_ssl is enabled. See the lua_ssl_trusted_certificate setting to specify a certificate authority. |
off |
pg_max_concurrent_queries | Sets the maximum number of concurrent queries that can be executing at any given time. This limit is enforced per worker process; the total number of concurrent queries for this node will be will be: pg_max_concurrent_queries * nginx_worker_processes . The default value of 0 removes this concurrency limitation. |
0 |
pg_semaphore_timeout | Defines the timeout (in ms) after which PostgreSQL query semaphore resource acquisition attempts will fail. Such failures will generally result in the associated proxy or Admin API request failing with an HTTP 500 status code. Detailed discussion of this behavior is available in the online documentation. | 60000 |
具体可以参考:https://blog.csdn.net/zzhongcy/article/details/105562372
Kong 在运行过程中可以有数据库,也可以没有数据库。
如果你要使用数据库,你需要使用 kong.conf
配置文件中去配置启动数据库作为数据存储的方式,以及相应的路由或者 Kong 的代理。
如果你不需要使用数据数据库,那么你在 kong.conf
文件中指定一个 kong.yml
的声明式配置文件来作为数据存储的文件。
Kong 支持 PostgreSQL 9.5+ 和 Cassandra 3.xx 来作为他的数据存储数据库。
如果你使用 PostgreSQL ,需要初始化一个数据库和一个用户,例如:
CREATE USER kong; CREATE DATABASE kong OWNER kong;
现在 运行 Kong migrations
kong migrations bootstrap [-c /path/to/kong.conf]
#Database is already up-to-date
使用低版本kong的话,初始化数据库:
$ kong migrations up -c ./kong.conf
数据库表信息:
如果要以无db模式运行Kong,应该首先生成声明性配置文件。使用下面的命令在当前的文件夹下,生成一个普通的 kong.yml
kong config init
在生成好 kong.yml
文件后,编辑你的 kong.conf
文件,设置如下参数:
database = off
declarative_config = /path/to/kong.yml
sudo firewall-cmd --add-port=5432/tcp --permanent
sudo firewall-cmd --reload
sudo firewall-cmd --add-port=8001/tcp --permanent
sudo firewall-cmd --reload
kong start -c ./kong.conf
kong stop -p ./ #关闭服务器
服务已经正常启动
$ curl 127.0.0.1:8001 {"plugins":{"enabled_in_cluster":[],"available_on_server":{"response-transformer":true,"correlation-id":true,"statsd":true,"jwt":true,"cors":true,"basic-auth":true,"key-auth":true,"ldap-auth":true,"http-log":true,"oauth2":true,"hmac-auth":true,"acl":true,"datadog":true,"tcp-log":true,"ip-restriction":true,"request-transformer":true,"file-log":true,"bot-detection":true,"loggly":true,"request-size-limiting":true,"syslog":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"runscope":true,"rate-limiting":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"error_default_type":"text\/plain","client_ssl":false,"lua_ssl_verify_depth":1 ....
curl -i -X POST \
--url http://127.0.0.1:8001/services/ \
--data 'name=baidu-service' \
--data 'url=https://www.baidu.com/'
{"host":"www.baidu.com","created_at":1587015106,"connect_timeout":60000,"id":"a272217d-134c-435c-b7cf-e7273e809301","protocol":"https","name":"baidu-service","read_timeout":60000,"port":443,"path":"\/","updated_at":1587015106,"retries":5,"write_timeout":60000,"tags":null,"client_certificate":null}
curl -i -X POST \
--url http://127.0.0.1:8001/services/baidu-service/routes \
--data 'hosts[]=baidu.com' \
--data 'paths[]=/api/baidu'
{"id":"9a3116d3-d1c9-4ea9-8d63-14dffc6d9292","path_handling":"v0","paths":["\/api\/baidu"],"destinations":null,"headers":null,"protocols":["http","https"],"methods":null,"snis":null,"service":{"id":"a272217d-134c-435c-b7cf-e7273e809301"},"name":null,"strip_path":true,"preserve_host":false,"regex_priority":0,"updated_at":1587015121,"sources":null,"hosts":["baidu.com"],"https_redirect_status_code":426,"tags":null,"created_at":1587015121}
curl http://127.0.0.1:8000/api/baidu --header 'Host: baidu.com'
查看结果是否正常。
Error: /usr/local/share/lua/5.1/kong/cmd/start.lua:28: [postgres error] could not retrieve current migrations: [postgres error] 致命错误: 用户 "kong" Ident 认证失败
解决方法:
vi /var/lib/pgsql/12/data/pg_hba.conf
修改
把这个配置文件中的认证 METHOD的ident修改为trust,可以实现用账户和密码来访问数据库,
即解决psql: 致命错误: 用户 "postgres" Ident 认证失败 这个问题)
https://docs.konghq.com/install/source/
https://docs.konghq.com/2.0.x/configuration/#database