Kong dbless-mode 配置手册
版本:
v0.4
日期:
2020年02月28日
目录
[TOC]
背景
本文档针对Kong使用dbless-mode时,对配置文件(yaml格式)进行详细说明
Kong Version:2.0.1
在线文档:https://docs.konghq.com/2.0.x/db-less-and-declarative-config/
测试
- 安装
sudo yum install -y wget jq
wget https://bintray.com/kong/kong-rpm/rpm -O bintray-kong-kong-rpm.repo
export major_version=`grep -oE '[0-9]+\.[0-9]+' /etc/redhat-release | cut -d "." -f1`
sed -i -e 's/baseurl.*/&\/centos\/'$major_version''/ bintray-kong-kong-rpm.repo
sudo mv bintray-kong-kong-rpm.repo /etc/yum.repos.d/
sudo yum install -y kong
2.使用dbless-mode
# 配置
cp /etc/kong/kong.conf.default /etc/kong/kong.conf
# 使用db-lessmode
sed -i "/^#database/i\database = off" /etc/kong/kong.conf
# 启动
kong start
# 验证
curl http://127.0.0.1:8001 2>/dev/null | jq .configuration.database
3.创建配置文件apis.yml
cat > apis.yml <<EOF
_format_version: "1.1"
services:
- name: httpbin-service
url: http://httpbin.org/
routes:
- name: httpbin-route
paths:
- /
EOF
4.验证接口文件
kong config parse apis.yml
5.上传配置文件
# 重启后,接口配置不会自动加载
curl http://127.0.0.1:8001/config -F "config=@apis.yml"
# 或者在kong.conf中指定,重启后会自动加载接口配置
sed -i "/^#declarative_config/i\declarative_config = /root/apis.yml" /etc/kong/kong.conf
kong restart
6.测试
curl -i -H "host: httpbin-test.local" \
http://127.0.0.1:8000/ip
配置
对象关系图
client -> route -> service -> upstream -> taraget
插件可以是全局的,也可以只绑定到某个Route对象,或者是某个Service对象。以下列出的字段都是API网关1.0必须要在前端显示的,后续版本再添加更多的字段。下面是示例配置文件
_format_version: '1.1'
routes:
- name: route-httpbin-1
protocols:
- http
- https
hosts:
- route-httpbin-1.local
paths:
- /
strip_path: true
preserve_host: false
regex_priority: 0
service: service-httpbin
tags:
- "group-1"
- "api-1"
- name: route-httpbin-2
protocols:
- http
- https
hosts:
- route-httpbin-2.local
paths:
- /httpbin
strip_path: true
preserve_host: false
regex_priority: 0
service: service-httpbin
tags:
- "group-2"
- "api-2"
- name: route-httpbin-3
protocols:
- http
- https
hosts:
- route-httpbin-3.local
paths:
- /anything
- /get
strip_path: false
preserve_host: false
regex_priority: 0
service: service-httpbin
tags:
- "group-3"
- "api-3"
- name: route-httpbin-4
protocols:
- http
- https
hosts:
- route-httpbin-4.local
paths:
- /
strip_path: false
preserve_host: false
regex_priority: 0
service: service-httpbin
tags:
- "group-4"
- "api-4"
services:
- name: service-httpbin
host: upstream-httpbin
protocol: http
port: 80
connect_timeout: 60000
read_timeout: 60000
write_timeout: 60000
retries: 5
upstreams:
- name: upstream-httpbin
algorithm: round-robin
tags:
- "v1"
targets:
- upstream: upstream-httpbin
tags:
- "zone1"
target: 35.170.216.115:80
weight: 100
#
# global plugin config
#
plugins:
- name: correlation-id
config:
header_name: "X-Request-Id"
echo_downstream: true
- name: request-size-limiting
config:
allowed_payload_size: 1
size_unit: megabytes
- name: request-termination
config:
status_code: 403
message: So long and thanks for all the fish
route: route-httpbin-4
通过tag的方式注入API管理平台的扩展信息,如下
tags/group-1: API分组ID
tags/api-1: APIID
tags/v1: 后端服务的版本号
tags/zone1: 后端服务节点所在的机房信息
注意:所有对象的name字段必须保证唯一性。
route-httpbin-1.local
# status code: 200
curl -i -X GET \
--url http://localhost:8000/anything \
--header 'Host: route-httpbin-1.local'
# status code: 200
curl -i -X GET \
--url http://localhost:8000/get \
--header 'Host: route-httpbin-1.local'
# status code: 200
curl -i -X GET \
--url http://localhost:8000/ip \
--header 'Host: route-httpbin-1.local'
route-httpbin-2.local
# status code: 200
curl -i -X GET \
--url http://localhost:8000/httpbin/anything \
--header 'Host: route-httpbin-2.local'
# status code: 200
curl -i -X GET \
--url http://localhost:8000/httpbin/get \
--header 'Host: route-httpbin-2.local'
# status code: 200
curl -i -X GET \
--url http://localhost:8000/httpbin/ip \
--header 'Host: route-httpbin-2.local'
route-httpbin-3.local
# status code: 200
curl -i -X GET \
--url http://localhost:8000/anything \
--header 'Host: route-httpbin-3.local'
# status code: 200
curl -i -X GET \
--url http://localhost:8000/get \
--header 'Host: route-httpbin-3.local'
# status code: 404
curl -i -X GET \
--url http://localhost:8000/ip \
--header 'Host: route-httpbin-3.local'
所有域名限制请求大小为1M,测试请求为1K
dd if=/dev/zero of=1k.data bs=1k count=1
# status code: 200
curl -i -H "host: route-httpbin-1.local" -F "config=@1k.data" \
http://127.0.0.1:8000/post
# status code: 200
curl -i -H "host: route-httpbin-2.local" -F "config=@1k.data" \
http://127.0.0.1:8000/httpbin/post
# status code: 404
curl -i -H "host: route-httpbin-3.local" -F "config=@1k.data" \
http://127.0.0.1:8000/post
所有域名限制请求大小为1M,测试请求为2M
dd if=/dev/zero of=2m.data bs=1M count=2
# status code: 417
curl -i -H "host: route-httpbin-1.local" -F "config=@2m.data" \
http://127.0.0.1:8000/post
# status code: 417
curl -i -H "host: route-httpbin-2.local" -F "config=@2m.data" \
http://127.0.0.1:8000/httpbin/post
# status code: 417
curl -i -H "host: route-httpbin-3.local" -F "config=@2m.data" \
http://127.0.0.1:8000/post
route-httpbin-2.local限制请求大小为4M,测试请求为2M
dd if=/dev/zero of=2m.data bs=1M count=2
# status code: 417
curl -i -H "host: route-httpbin-1.local" -F "config=@2m.data" \
http://127.0.0.1:8000/post
熔断
# status code: 403
curl -i -H "host: route-httpbin-4.local" \
http://127.0.0.1:8000/anything
流量染色(X-RequestId)
# status code: 200
curl -i -H "host: route-httpbin-3.local" \
http://127.0.0.1:8000/anything
官方插件
Request Size Limiting
Block incoming requests whose body is greater than a specific size in megabytes.
Ref:https://docs.konghq.com/hub/kong-inc/request-size-limiting/
Rate Limiting
Rate limit how many HTTP requests a developer can make in a given period of seconds, minutes, hours, days, months or years
Ref:https://docs.konghq.com/hub/kong-inc/rate-limiting/
CORS
Easily add Cross-origin resource sharing (CORS) to a Service, a Route by enabling this plugin.
Ref:https://docs.konghq.com/hub/kong-inc/cors/
IP Restriction
Restrict access to a Service or a Route by either whitelisting or blacklisting IP addresses. Single IPs, multiple IPs or ranges in CIDR notation like 10.10.10.0/24 can be used.
Ref:https://docs.konghq.com/hub/kong-inc/ip-restriction/
Request Termination
This plugin terminates incoming requests with a specified status code and message. This allows to (temporarily) stop traffic on a Service or a Route, or even block a Consumer.
Ref:https://docs.konghq.com/hub/kong-inc/request-termination/
Correlation ID
Correlate requests and responses using a unique ID transmitted over an HTTP header.
Ref:https://docs.konghq.com/hub/kong-inc/correlation-id/
自定义插件
无。
网友评论