資訊專欄INFORMATION COLUMN
摘要:注意,此標志不反映數據庫本身的健康狀況。每一個匹配給定路線的請求都將被提交給它的相關服務。字段解釋是否必填協議列表,。
部署好kong之后,則需要將我們自己的接口加入到kong中管理,kong提供了比較全面的restful api,每個版本會有所不同,下面的記錄基于kong v0.14.x
kong的8001端口是resful admin api,服務、路由、配置都是通過這個端口進行管理,所以部署好之后頁面可以直接訪問localhost:8001
參考: https://docs.konghq.com/0.14....
一、Retrieve node information(介紹節點信息)獲取kong節點的通用詳細信息
1,查詢節點信息curl http://localhost:8001
Endpoint
{
"plugins": {
"enabled_in_cluster": [],
"available_on_server": {
"response-transformer": true,
"oauth2": true,
"acl": true,
"correlation-id": true,
"pre-function": true,
"jwt": true,
"cors": true,
"ip-restriction": true,
"basic-auth": true,
"key-auth": true,
"rate-limiting": true,
"request-transformer": true,
"http-log": true,
"file-log": true,
"hmac-auth": true,
"ldap-auth": true,
"datadog": true,
"tcp-log": true,
"zipkin": true,
"post-function": true,
"request-size-limiting": true,
"bot-detection": true,
"syslog": true,
"loggly": true,
"azure-functions": true,
"udp-log": true,
"response-ratelimiting": true,
"aws-lambda": true,
"statsd": true,
"prometheus": true,
"request-termination": true
}
},
"tagline": "Welcome to kong",
"configuration": {
"plugins": [
"bundled"
],
"admin_ssl_enabled": true,
"lua_ssl_verify_depth": 1,
"trusted_ips": {},
"prefix": "/usr/local/kong",
"loaded_plugins": {
"response-transformer": true,
"request-termination": true,
"prometheus": true,
"ip-restriction": true,
"pre-function": true,
"jwt": true,
"cors": true,
"statsd": true,
"basic-auth": true,
"key-auth": true,
"ldap-auth": true,
"aws-lambda": true,
"http-log": true,
"response-ratelimiting": true,
"hmac-auth": true,
"request-size-limiting": true,
"datadog": true,
"tcp-log": true,
"zipkin": true,
"post-function": true,
"bot-detection": true,
"acl": true,
"loggly": true,
"syslog": true,
"azure-functions": true,
"udp-log": true,
"file-log": true,
"request-transformer": true,
"correlation-id": true,
"rate-limiting": true,
"oauth2": true
},
"cassandra_username": "kong",
"admin_ssl_cert_csr_default": "/usr/local/kong/ssl/admin-kong-default.csr",
"ssl_cert_key": "/usr/local/kong/ssl/kong-default.key",
"admin_ssl_cert_key": "/usr/local/kong/ssl/admin-kong-default.key",
"dns_resolver": {},
"pg_user": "kong",
"mem_cache_size": "128m",
"cassandra_data_centers": [
"dc1:2",
"dc2:3"
],
"nginx_admin_directives": {},
"custom_plugins": {},
"pg_host": "127.0.0.1",
"nginx_acc_logs": "/usr/local/kong/logs/access.log",
"proxy_listen": [
"0.0.0.0:8000",
"0.0.0.0:8443 ssl"
],
"client_ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt",
"ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key",
"dns_no_sync": false,
"db_update_propagation": 0,
"nginx_err_logs": "/usr/local/kong/logs/error.log",
"cassandra_port": 9042,
"dns_order": [
"LAST",
"SRV",
"A",
"CNAME"
],
"dns_error_ttl": 1,
"headers": [
"server_tokens",
"latency_tokens"
],
"dns_stale_ttl": 4,
"nginx_optimizations": true,
"database": "postgres",
"pg_database": "kong",
"nginx_worker_processes": "auto",
"lua_package_cpath": "",
"admin_acc_logs": "/usr/local/kong/logs/admin_access.log",
"lua_package_path": "./?.lua;./?/init.lua;",
"nginx_pid": "/usr/local/kong/pids/nginx.pid",
"upstream_keepalive": 60,
"cassandra_contact_points": [
"127.0.0.1"
],
"client_ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr",
"proxy_listeners": [
{
"ssl": false,
"ip": "0.0.0.0",
"proxy_protocol": false,
"port": 8000,
"http2": false,
"listener": "0.0.0.0:8000"
},
{
"ssl": true,
"ip": "0.0.0.0",
"proxy_protocol": false,
"port": 8443,
"http2": false,
"listener": "0.0.0.0:8443 ssl"
}
],
"proxy_ssl_enabled": true,
"admin_access_log": "logs/admin_access.log",
"ssl_ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"enabled_headers": {
"latency_tokens": true,
"X-Kong-Proxy-Latency": true,
"Via": true,
"server_tokens": true,
"Server": true,
"X-Kong-Upstream-Latency": true,
"X-Kong-Upstream-Status": false
},
"cassandra_ssl": false,
"ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr",
"db_resurrect_ttl": 30,
"client_max_body_size": "0",
"cassandra_consistency": "ONE",
"db_cache_ttl": 0,
"admin_error_log": "logs/error.log",
"pg_ssl_verify": false,
"dns_not_found_ttl": 30,
"pg_ssl": false,
"client_ssl": false,
"db_update_frequency": 5,
"cassandra_repl_strategy": "SimpleStrategy",
"nginx_kong_conf": "/usr/local/kong/nginx-kong.conf",
"cassandra_repl_factor": 1,
"nginx_http_directives": [
{
"value": "prometheus_metrics 5m",
"name": "lua_shared_dict"
}
],
"error_default_type": "text/plain",
"kong_env": "/usr/local/kong/.kong_env",
"real_ip_header": "X-Real-IP",
"dns_hostsfile": "/etc/hosts",
"admin_listeners": [
{
"ssl": false,
"ip": "0.0.0.0",
"proxy_protocol": false,
"port": 8001,
"http2": false,
"listener": "0.0.0.0:8001"
},
{
"ssl": true,
"ip": "0.0.0.0",
"proxy_protocol": false,
"port": 8444,
"http2": false,
"listener": "0.0.0.0:8444 ssl"
}
],
"admin_ssl_cert": "/usr/local/kong/ssl/admin-kong-default.crt",
"ssl_cert": "/usr/local/kong/ssl/kong-default.crt",
"proxy_access_log": "logs/access.log",
"admin_ssl_cert_key_default": "/usr/local/kong/ssl/admin-kong-default.key",
"cassandra_ssl_verify": false,
"cassandra_lb_policy": "RoundRobin",
"ssl_cipher_suite": "modern",
"real_ip_recursive": "off",
"proxy_error_log": "logs/error.log",
"client_ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key",
"nginx_daemon": "on",
"anonymous_reports": true,
"cassandra_timeout": 5000,
"nginx_proxy_directives": {},
"pg_port": 5432,
"log_level": "notice",
"client_body_buffer_size": "8k",
"cassandra_schema_consensus_timeout": 10000,
"lua_socket_pool_size": 30,
"admin_ssl_cert_default": "/usr/local/kong/ssl/admin-kong-default.crt",
"cassandra_keyspace": "kong",
"ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt",
"nginx_conf": "/usr/local/kong/nginx.conf",
"admin_listen": [
"0.0.0.0:8001",
"0.0.0.0:8444 ssl"
]
},
"version": "0.14.1",
"node_id": "fee222ae-7871-49e5-a47c-bdc55410dc2a",
"lua_version": "LuaJIT 2.1.0-beta3",
"prng_seeds": {
"pid: 2328": 177223337424,
"pid: 2326": 145810617621,
"pid: 2327": 712547711113,
"pid: 2329": 114129841275
},
"timers": {
"pending": 5,
"running": 0
},
"hostname": "localhost.localdomain"
}
部分返回字段含義:
node_id : 正在運行的kong節點的uuid,當kong啟動時隨機生成,每次kong重啟時這個uuid都會變2,查詢節點狀態availabel_on_server : kong節點上安裝的plugins的名稱
enabled_in_cluster : kong節點中啟用的插件,即在數據庫中生成了對應存儲表
curl http://localhost:8001/status
{
"database": {
"reachable": true
},
"server": {
"connections_writing": 1,
"total_requests": 67,
"connections_handled": 46,
"connections_accepted": 46,
"connections_reading": 0,
"connections_active": 2,
"connections_waiting": 1
}
}
**字段解釋
| 字段 | 解釋 |
|---|---|
| total_requests | 客戶端請求總數 |
| connections_active | 包括等待連接的活動客戶端連接的當前數量 |
| connections_accepted | 接受的客戶端連接的總數 |
| connections_handled | 處理連接的總數。一般來說,除非達到一定的資源限制,否則參數值與接受值相同 |
| connections_reading | 當前Kong正在讀取請求頭的連接數 |
| connections_writing | NGINX將響應寫入客戶端的連接的當前數量 |
| connections_waiting | 等待請求的空閑客戶端連接的當前數量 |
| reachable | 反映數據庫連接狀態的布爾值。注意,此標志不反映數據庫本身的健康狀況。 |
kong v0.13.x官方建議用Service和Route模塊來管理API,這樣可以更好的管理,比如認證和策略統一配置。1,Add Service(添加服務)
參數
| 字段 | 解釋 | 備注 |
|---|---|---|
| name | 服務名稱 | 無 |
| protocol | 協議:http or https 默認是 http | 你后端服務用什么協議訪問就寫什么協議 |
| host | 后端服務域名 | 無 |
| port | 后端服務端口 | 無 |
| path | 后端服務子路徑;沒有就填 "/" | 無 |
| retries | 重試次數:默認 5次 | 默認就行 |
| connect_timeout | 請求后端服務的超時時間:默認60000 ms | 1秒(s)=1000毫秒(ms) |
| write_timeout | 寫超時時間:默認60000 ms | 1秒(s)=1000毫秒(ms) |
| read_timeout | 讀超時時間:默認60000 ms | 1秒(s)=1000毫秒(ms) |
| url | 后端服務url地址 | 一般就用這種方式,可以直接指定:protocol、host、port and path, 不用多帶帶指定啦 |
使用:
curl -i -X POST http://localhost:8001/services -d "name=test.service" -d "url=http://你的后端服務域名/api"
返回:
{
"host": "你的后端服務域名",
"created_at": 1538093069,
"connect_timeout": 60000,
"id": "85c4d968-7b6f-48fc-b5b0-260cf8493821",
"protocol": "http",
"name": "test.service",
"read_timeout": 60000,
"port": 80,
"path": "/api",
"updated_at": 1538093069,
"retries": 5,
"write_timeout": 60000
}
*注:url 這個屬性很好用,可以直接指定 protocol、host、port and path。
也 可以這么寫
curl -i -X POST http://localhost:8001/services -d "name=test.service" -d "protocol=http" -d "host=hxonline.hxsd.cn" -d "path=/api"2,Retrieve Service(查詢服務)
查詢所有服務
curl -i -X GET http://1localhost:8001/services
查詢某個服務
curl -i -X GET http://localhost:8001/services/{服務名稱 or 服務id}
EXP:
curl -i -X GET http://localhost:8001/services/test.service #我的服務名稱
獲取某個路由下的服務
curl -i -X GET http://localhost:8001/routes/{路由ID}/service
EXP:
curl -i -X GET http://localhost:8001/routes/xxxx-xxx-xxx-xx/service
更新服務
可以用 PATCH 和 PUT,PATCH可以修改已存在的服務,PUT 如果服務不存在則新建一個。
curl -i -X PUT http://localhost:8001/services/{服務名稱或ID} -d "name=test.service" -d "protocol=http" -d "host=hxonline.hxsd.cn" -d "path=/api"
刪除服務
curl -i -X DELETE http://localhost:8001/services/{服務名稱或ID}
EXP:
curl -i -X DELETE http://localhost:8001/services/test.service
返回
HTTP 204 No Content (看到這個就成功啦)三、Route Object(路由)
路由是真正對外提供接口的實體,每個路由都與一個服務相關聯,而服務可能有多個與之相關聯的路由。每一個匹配給定路線的請求都將被提交給它的相關服務。
| 字段 | 解釋 | 是否必填 |
|---|---|---|
| protocols | 協議列表,http、https。設置:protocols[]=http&protocols[]=https | 必填 |
| methods | 接受請求的方法:GET 或 POST ,二者都行。設置 methods[]=GET&methods[]=POST | 半選填:默認是二者都行 |
| hosts | 與此路由匹配的域名列表。例如:example.com。用作form-encode, 設置:hosts[]= Foo.com和hosts[]= BAR.com | 半選填 |
| paths | 與此路由匹配的路徑列表。例如:/test | 必填:這個很重要,區分多服務 |
| strip_path | 選填 | |
| preserve_host | 選填 | |
| service | 與此路由綁定的服務。設置:service.id= |
必填 |
curl -i -X POST --url http://localhost:8001/routes/ -d "protocols[]=http&protocols[]=https" -d "paths=/test" -d "service.id=xxx-xxxx-xxxx-xx" #服務ID
訪問接口
curl -i -X GET http://localhost:8000/test/{后端服務路由}
注:test 是創建路由是的 paths 字段。
EXP:
curl -i -X GET http://localhost:8000/test/userinfo
2,Retrieve Route (獲取路由信息)
獲取全部路由
curl -i -X GET http://localhost:8001/routes/
獲取某個路由
curl -i -X GET http://localhost:8001/routes/xxx-xxx-xxx #路由ID
獲取某服務下的路由
curl -i -X GET http://localhost:8001/services/{服務名或服務ID}/routes
更新路由
可以用 PATCH 和 PUT,PATCH可以修改已存在的路由,PUT 如果路由不存在則新建一個。
curl -i -X PUT http://localhost:8001/routes/xxx-xxx-xxx #路由ID
-d "protocols[]=http&protocols[]=https"
-d "paths=test"
刪除路由
curl -i -X DELETE http://localhost:8001/routes/xxx-xxx-xxx #路由ID總結
到這里kong的服務和路由的設置已經完事了,接下來認證插件和acl的配合來保證對外接口的安全性。
文章來源:http://www.yuanmaketang.com/i...
文章版權歸作者所有,未經允許請勿轉載,若此文章存在違規行為,您可以聯系管理員刪除。
轉載請注明本文地址:http://specialneedsforspecialkids.com/yun/40165.html
摘要:基于的的環境搭建本次操作都是基于進行操作的,使用的的版本是,使用的版本是。初始化數據庫使用官方鏡像提供的功能初始化數據庫。安裝安裝完成后在宿主機請求,能正常響應則表示部署成功了。配置連接新增一個連接至剛剛新建的,填,選擇。 基于 Docker 的 Kong 的環境搭建 本次操作都是基于 Docker 進行操作的,使用的 Kong 的版本是 1.2.0 ,使用的 PostgreSQL 版...
摘要:搭建的安裝部署方式有很多中,官方提供了如下幾種的安裝方式。還有一些社區提供的安裝方式注每種方式的具體如何安裝部署,請移駕到官網安裝部署下面我們來詳細介紹下使用來部署過程需要創建一個自定義網絡,以允許容器相互發現和通信。 1、Kong搭建 kong 的安裝部署方式有很多中,官方提供了如下幾種的安裝方式。showImg(https://segmentfault.com/img/bVbvv3...
摘要:自定義配置文件鏡像的配置文件路徑為如需自定義配置文件,自行掛載即可。配置項手冊管理網關的的使用教程這里就不寫了,自行覓食吧簡單的看看下面這篇可以的集成插件服務網關 Kong 鏡像: https://hub.docker.com/_/kong 官網給定的用戶安裝手冊上并沒有設置 PG 的密碼,導致如下問題無法啟動 nginx: [error] init_by_lua error: /us...
閱讀 3499·2021-11-24 11:17
閱讀 2285·2021-11-15 11:38
閱讀 3371·2021-10-14 09:42
閱讀 2943·2019-08-30 15:54
閱讀 2028·2019-08-28 18:09
閱讀 542·2019-08-26 11:48
閱讀 1635·2019-08-26 10:48
閱讀 2154·2019-08-26 10:45
