高性能API网关Kong介绍

天翼云开发者社区
• 阅读 224

本文关键词:高性能、API网关、Kong、微服务

1.Introduction API网关是随着微服务(Microservice)概念兴起的一种架构模式。原本一个庞大的单体应用(All in one)业务系统被拆分成许多微服务(Microservice)系统进行独立的维护和部署,服务拆分带来的变化是API的规模成倍增长,API的管理难度也在日益增加,使用API网关发布和管理API逐渐成为一种趋势。一般来说,API网关是运行于外部请求与内部服务之间的一个流量入口,实现对外部请求的协议转换、鉴权、流控、参数校验、监控等通用功能。 本文即将介绍的Kong,是一个开源的API gateway和微服务管理的工具,基于Nginx和lua-nginx-module(特殊的OpenResty),Kong具有可插拔的架构,使其功能强大且灵活。 2.Key Concepts Service: Kong的一个实体对象,表示了外部的上游API或者微服务 Route: Kong的一个实体对象,表示了一种将下游请求映射到上游服务的路由 Consumer: Kong的一个实体对象,表示使用API的开发者或者机器,在使用Kong时,一个Consumer仅与Kong交互。 Plugin:插件用于是Kong内部将请求转发给上游API前后执行的一系列动作,Kong在其插件库中提供了非常强大的插件 Credential: A certificate object represents a public certificate/private key pair for an SSL certificate. SNI: An SNI object represents a many-to-one mapping of hostnames to a certificate. That is, a certificate object can have many hostnames associated with it Upstream: 上游服务,指代Kong背后的API或者服务,也是客户端请求转发的目的端,The upstream object represents a virtual hostname and can be used to loadbalance incoming requests over multiple services (targets). Target: A target is an ip address/hostname with a port that identifies an instance of a backend service. Every upstream can have many targets, and the targets can be dynamically added. Changes are effectuated on the fly. Admin API -用于管理Kong配置,端点,使用者,插件等的RESTful API端点 下图展示了Kong和其他传统架构的区别,可以帮助我们理解为什么有Kong: 高性能API网关Kong介绍

大概有鉴权、监控、日志、安全审计、ACL、缓存、限流、serverless等等。 3.Setup 官方文档提供了多种环境下详细的安装说明。我们这里使用docker进行安装(docker安装过程略): #1.create docker network $ docker network create kong-net

#2.run PostgreSQL database $ docker run -d --name kong-database
--network=kong-net
-p 5432:5432
-e "POSTGRES_USER=kong"
-e "POSTGRES_DB=kong"
postgres:9.6

#3.prepare database $ docker run --rm
--network=kong-net
-e "KONG_DATABASE=postgres"
-e "KONG_PG_HOST=kong-database"
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database"
kong:latest kong migrations bootstrap

Unable to find image 'kong:latest' locally latest: Pulling from library/kong 59265c40e257: Pull complete 6389eff8e6ff: Pull complete f58488256be6: Pull complete Digest: sha256:f7ed033bb9955da0fcefa034d07fee324cad6d01c12ebf54268dfe825ba2e92c Status: Downloaded newer image for kong:latest bootstrapping database... migrating core on database 'kong'... core migrated up to: 000_base (executed) core migrated up to: 001_14_to_15 (executed) core migrated up to: 002_15_to_1 (executed) migrating oauth2 on database 'kong'... oauth2 migrated up to: 000_base_oauth2 (executed) oauth2 migrated up to: 001_14_to_15 (executed) oauth2 migrated up to: 002_15_to_10 (executed) migrating acl on database 'kong'... acl migrated up to: 000_base_acl (executed) acl migrated up to: 001_14_to_15 (executed) migrating jwt on database 'kong'... jwt migrated up to: 000_base_jwt (executed) jwt migrated up to: 001_14_to_15 (executed) migrating basic-auth on database 'kong'... basic-auth migrated up to: 000_base_basic_auth (executed) basic-auth migrated up to: 001_14_to_15 (executed) migrating key-auth on database 'kong'... key-auth migrated up to: 000_base_key_auth (executed) key-auth migrated up to: 001_14_to_15 (executed) migrating rate-limiting on database 'kong'... rate-limiting migrated up to: 000_base_rate_limiting (executed) rate-limiting migrated up to: 001_14_to_15 (executed) rate-limiting migrated up to: 002_15_to_10 (executed) migrating hmac-auth on database 'kong'... hmac-auth migrated up to: 000_base_hmac_auth (executed) hmac-auth migrated up to: 001_14_to_15 (executed) migrating response-ratelimiting on database 'kong'... response-ratelimiting migrated up to: 000_base_response_rate_limiting (executed) response-ratelimiting migrated up to: 001_14_to_15 (executed) response-ratelimiting migrated up to: 002_15_to_10 (executed) 22 migrations processed 22 executed database is up-to-date

#4.start Kong $ docker run -d --name kong
--network=kong-net
-e "KONG_DATABASE=postgres"
-e "KONG_PG_HOST=kong-database"
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database"
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout"
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout"
-e "KONG_PROXY_ERROR_LOG=/dev/stderr"
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr"
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl"
-p 8000:8000
-p 8443:8443
-p 8001:8001
-p 8444:8444
kong:latest 999a5cf1db1a8c23ca870933b73407d7ae5f0fd2d9a895a78627a9c27e08045c

$ docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 999a5cf1db1a kong:latest "/docker-entrypoint.…" 8 seconds ago Up 7 seconds 0.0.0.0:8000-8001->8000-8001/tcp, 0.0.0.0:8443-8444->8443-8444/tcp kong ecb50c2f7307 postgres:9.6 "docker-entrypoint.s…" About an hour ago Up About an hour 0.0.0.0:5432->5432/tcp 容器启动完毕后,尝试curl -i http://localhost:8001/,得到如下: { "plugins": { "enabled_in_cluster": [ ], "available_on_server": { "response-transformer": true, "oauth2": true, "acl": true, "correlation-id": true, "pre-function": true, "jwt": true, "cors": true, "ip-restriction": true, "basic-auth": true, "key-auth": true, "rate-limiting": true, "request-transformer": true, "http-log": true, "file-log": true, "hmac-auth": true, "ldap-auth": true, "datadog": true, "tcp-log": true, "zipkin": true, "post-function": true, "request-size-limiting": true, "bot-detection": true, "syslog": true, "loggly": true, "azure-functions": true, "udp-log": true, "response-ratelimiting": true, "aws-lambda": true, "statsd": true, "prometheus": true, "request-termination": true } }, "tagline": "Welcome to kong", "configuration": { "plugins": [ "bundled" ], "admin_ssl_enabled": true, "lua_ssl_verify_depth": 1, "trusted_ips": { }, "prefix": "/usr/local/kong", "loaded_plugins": { "response-transformer": true, "request-termination": true, "prometheus": true, "ip-restriction": true, "pre-function": true, "jwt": true, "cors": true, "statsd": true, "basic-auth": true, "key-auth": true, "ldap-auth": true, "aws-lambda": true, "http-log": true, "response-ratelimiting": true, "hmac-auth": true, "request-size-limiting": true, "datadog": true, "tcp-log": true, "zipkin": true, "post-function": true, "bot-detection": true, "acl": true, "loggly": true, "syslog": true, "azure-functions": true, "udp-log": true, "file-log": true, "request-transformer": true, "correlation-id": true, "rate-limiting": true, "oauth2": true }, "cassandra_username": "kong", "ssl_cert_key": "/usr/local/kong/ssl/kong-default.key", "admin_ssl_cert_key": "/usr/local/kong/ssl/admin-kong-default.key", "dns_resolver": { }, "pg_user": "kong", "mem_cache_size": "128m", "ssl_ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256", "nginx_admin_directives": { }, "nginx_http_directives": [ { "value": "prometheus_metrics 5m", "name": "lua_shared_dict" } ], "pg_host": "kong-database", "nginx_acc_logs": "/usr/local/kong/logs/access.log", "proxy_listen": [ "0.0.0.0:8000", "0.0.0.0:8443 ssl" ], "client_ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt", "ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key", "db_update_frequency": 5, "db_update_propagation": 0, "stream_listen": [ "off" ], "nginx_err_logs": "/usr/local/kong/logs/error.log", "cassandra_port": 9042, "dns_order": [ "LAST", "SRV", "A", "CNAME" ], "dns_error_ttl": 1, "headers": [ "server_tokens", "latency_tokens" ], "cassandra_lb_policy": "RequestRoundRobin", "nginx_optimizations": true, "pg_timeout": 5000, "database": "postgres", "pg_database": "kong", "nginx_worker_processes": "auto", "lua_package_cpath": "", "admin_acc_logs": "/usr/local/kong/logs/admin_access.log", "lua_package_path": "./?.lua;./?/init.lua;", "nginx_pid": "/usr/local/kong/pids/nginx.pid", "upstream_keepalive": 60, "client_ssl": false, "admin_access_log": "/dev/stdout", "cassandra_data_centers": [ "dc1:2", "dc2:3" ], "cassandra_ssl": false, "proxy_listeners": [ { "transparent": false, "ssl": false, "ip": "0.0.0.0", "proxy_protocol": false, "port": 8000, "http2": false, "listener": "0.0.0.0:8000" }, { "transparent": false, "ssl": true, "ip": "0.0.0.0", "proxy_protocol": false, "port": 8443, "http2": false, "listener": "0.0.0.0:8443 ssl" } ], "proxy_ssl_enabled": true, "client_max_body_size": "0", "proxy_error_log": "/dev/stderr", "enabled_headers": { "latency_tokens": true, "X-Kong-Proxy-Latency": true, "Via": true, "server_tokens": true, "Server": true, "X-Kong-Upstream-Latency": true, "X-Kong-Upstream-Status": false }, "dns_stale_ttl": 4, "lua_socket_pool_size": 30, "db_resurrect_ttl": 30, "origins": { }, "cassandra_consistency": "ONE", "db_cache_ttl": 0, "admin_error_log": "/dev/stderr", "pg_ssl_verify": false, "dns_not_found_ttl": 30, "pg_ssl": false, "nginx_daemon": "off", "nginx_kong_stream_conf": "/usr/local/kong/nginx-kong-stream.conf", "cassandra_repl_strategy": "SimpleStrategy", "error_default_type": "text/plain", "dns_no_sync": false, "nginx_proxy_directives": { }, "proxy_access_log": "/dev/stdout", "nginx_kong_conf": "/usr/local/kong/nginx-kong.conf", "cassandra_schema_consensus_timeout": 10000, "dns_hostsfile": "/etc/hosts", "admin_listeners": [ { "transparent": false, "ssl": false, "ip": "0.0.0.0", "proxy_protocol": false, "port": 8001, "http2": false, "listener": "0.0.0.0:8001" }, { "transparent": false, "ssl": true, "ip": "0.0.0.0", "proxy_protocol": false, "port": 8444, "http2": false, "listener": "0.0.0.0:8444 ssl" } ], "ssl_cipher_suite": "modern", "ssl_cert": "/usr/local/kong/ssl/kong-default.crt", "cassandra_timeout": 5000, "admin_ssl_cert_key_default": "/usr/local/kong/ssl/admin-kong-default.key", "cassandra_ssl_verify": false, "cassandra_contact_points": [ "kong-database" ], "real_ip_header": "X-Real-IP", "real_ip_recursive": "off", "cassandra_repl_factor": 1, "client_ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key", "admin_ssl_cert": "/usr/local/kong/ssl/admin-kong-default.crt", "anonymous_reports": true, "log_level": "notice", "kong_env": "/usr/local/kong/.kong_env", "pg_port": 5432, "admin_ssl_cert_default": "/usr/local/kong/ssl/admin-kong-default.crt", "client_body_buffer_size": "8k", "ssl_preread_enabled": true, "ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr", "stream_listeners": { }, "cassandra_keyspace": "kong", "ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt", "nginx_conf": "/usr/local/kong/nginx.conf", "admin_listen": [ "0.0.0.0:8001", "0.0.0.0:8444 ssl" ] }, "version": "1.0.3", "node_id": "3ccef799-3037-4a8f-8ccd-2e60326b4444", "lua_version": "LuaJIT 2.1.0-beta3", "prng_seeds": { "pid: 36": 229762112224, "pid: 37": 131951181922, "pid: 1": 136391662351 }, "timers": { "pending": 5, "running": 0 }, "hostname": "999a5cf1db1a" } 上面几个端口,分别是: :8000 on which Kong listens for incoming HTTP traffic from your clients, and forwards it to your upstream services. :8443 on which Kong listens for incoming HTTPS traffic. This port has a similar behavior as the :8000 port, except that it expects HTTPS traffic only. This port can be disabled via the configuration file. :8001 on which the Admin API used to configure Kong listens. :8444 on which the Admin API listens for HTTPS traffic. 4.API Management 在本地配置Kong完毕后,我们来感受一下Kong强大的特性。首先我们有一个简单的API服务,之前已经写好的一个flavors的增删改查,以flavors的查询为例,我们将GET /flavors/detail添加到Kong中。 我们的API server地址是http://127.0.0.1:8080/flavors/detail,于是我们有: route path: /flavors/detail service host: http://127.0.0.1:8080 4.1 Add a service curl -i -X POST
--url http://localhost:8001/services/ \ --data 'name=example-flavors'\ --data 'url=http://127.0.0.1:8080/flavors/detail' 得到的响应: HTTP/1.1 201 Created Date: Wed, 27 Feb 2019 06:08:25 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/1.0.3 Content-Length: 273

{ "host": "127.0.0.1", "created_at": 1551247705, "connect_timeout": 60000, "id": "abba6d52-b239-4b8f-ad11-1e7389d4cf71", "protocol": "http", "name": "example-flavors", "read_timeout": 60000, "port": 8080, "path": "/flavors/detail", "updated_at": 1551247705, "retries": 5, "write_timeout": 60000 } 4.2 List current services curl -i -X GET
--url http://localhost:8001/services/ 得到的响应: HTTP/1.1 200 OK Date: Wed, 27 Feb 2019 06:11:07 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/1.0.3 Content-Length: 296

{ "next": null, "data": [ { "host": "127.0.0.1", "created_at": 1551247705, "connect_timeout": 60000, "id": "abba6d52-b239-4b8f-ad11-1e7389d4cf71", "protocol": "http", "name": "example-flavors", "read_timeout": 60000, "port": 8080, "path": "/flavors/detail", "updated_at": 1551247705, "retries": 5, "write_timeout": 60000 } ] } 可以看到目前就我们前面添加的一个。 4.3 Add a route to service 有了服务之后,我们为服务填一个转发路由: curl -i -X POST
--url http://localhost:8001/services/example-flavors/routes \ --data 'hosts[]=hb.ctyun.com' \ --data 'paths[]=/flavors/detail' \ --data 'name=flavor-detail' 得到的响应是: HTTP/1.1 201 Created Date: Wed, 27 Feb 2019 06:24:00 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/1.0.3 Content-Length: 377

{ "created_at": 1551248640, "methods": null, "id": "11dbb4a1-7452-4d40-a45a-de3f3cad5275", "service": { "id": "abba6d52-b239-4b8f-ad11-1e7389d4cf71" }, "name": "flavor-detail", "hosts": [ "hb.ctyun.com" ], "updated_at": 1551248640, "preserve_host": false, "regex_priority": 0, "paths": [ "/flavors/detail" ], "sources": null, "destinations": null, "snis": null, "protocols": [ "http", "https" ], "strip_path": true } 原先获取flavors列表,我们是通过: curl -X GET http://localhost:8080/flavors/detail 而我们现在可以直接通过Kong进行访问,注意,我们必须修改Header,添加指定的Host信息: curl -X GET http://localhost:8000/flavors/detail -H 'Host:hb.ctyun.com' 结果遇到了报错,提示: 172.18.0.1 - - [27/Feb/2019:06:43:17 +0000] "GET /flavors/detail HTTP/1.1" 502 69 "-" "curl/7.54.0" 2019/02/27 06:43:17 [error] 36#0: *35879 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: kong, request: "GET /flavors/detail HTTP/1.1", upstream: "http://127.0.0.1:8080/flavors/detail", host: "hb.ctyun.com" 可以看到能够按照路由规则进行转发,但是由于网络问题(kong部署在了docker容器中),所以没有办法进行访问。 我们重新创建service、route,并使用kennethreitz/httpbin来验证:

运行一个容器,将本地的8080的请求转发到容器的80端口

docker run -d --name simple-web-server
--network kong-net
-p 8080:80 kennethreitz/httpbin

创建名为demo的service

curl -i -X POST
--url http://localhost:8001/services/
--data 'name=demo'
--data 'url=http://simple-web-server/get'

HTTP/1.1 201 Created Date: Wed, 27 Feb 2019 07:51:45 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/1.0.3 Content-Length: 256

{ "host": "simple-web-server", "created_at": 1551253905, "connect_timeout": 60000, "id": "978de8a6-6767-4741-baca-a25c9a131f9d", "protocol": "http", "name": "demo", "read_timeout": 60000, "port": 80, "path": "/get", "updated_at": 1551253905, "retries": 5, "write_timeout": 60000 }

为service demo配置route规则

curl -i -X POST
--url http://localhost:8001/services/demo/routes
--data 'hosts[]=api.ctyun.com'
--data 'paths[]=/get'
--data 'name=demo-get'

HTTP/1.1 201 Created Date: Wed, 27 Feb 2019 07:52:40 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/1.0.3 Content-Length: 361

{ "created_at": 1551253960, "methods": null, "id": "06d6754e-a4ae-4be6-9b87-b64ccfe6c920", "service": { "id": "978de8a6-6767-4741-baca-a25c9a131f9d" }, "name": "demo-get", "hosts": [ "api.ctyun.com" ], "updated_at": 1551253960, "preserve_host": false, "regex_priority": 0, "paths": [ "/get" ], "sources": null, "destinations": null, "snis": null, "protocols": [ "http", "https" ], "strip_path": true } 然后我们尝试通过访问kong,转发到httpbin: curl -i -X GET http://localhost:8000/get -H 'Host:api.ctyun.com'

HTTP/1.1 200 OK Content-Type: application/json Content-Length: 266 Connection: keep-alive Server: gunicorn/19.9.0 Date: Wed, 27 Feb 2019 07:56:50 GMT Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true X-Kong-Upstream-Latency: 9 X-Kong-Proxy-Latency: 84 Via: kong/1.0.3

{ "args": {}, "headers": { "Accept": "/", "Connection": "keep-alive", "Host": "simple-web-server", "User-Agent": "curl/7.54.0", "X-Forwarded-Host": "api.ctyun.com" }, "origin": "172.18.0.1", "url": "http://api.ctyun.com/get" } 至此,我们已经可以通过来源host、route将请求换发到指定的目标host,并且得到了返回值,这就算完成了基本API转发流程。 4.4 Plugins Kong提供了非常丰富的插件,都可以在Kong Hub找得到。这里我们简单为我们的服务配置一个Key Authentication的plugin。 在服务demo上启用key-auth的插件: curl -X POST http://localhost:8001/services/demo/plugins
--data "name=key-auth" { "created_at": 1551256029, "config": { "key_names": [ "apikey" ], "run_on_preflight": true, "anonymous": null, "hide_credentials": false, "key_in_body": false }, "id": "4eaa000f-0fa2-4b3e-8c13-2db4c6b7ce49", "service": { "id": "978de8a6-6767-4741-baca-a25c9a131f9d" }, "enabled": true, "run_on": "first", "consumer": null, "route": null, "name": "key-auth" } 也可以在具体的route上启用插件,比如: curl -X POST http://:8001/routes/{route_id}/plugins
--data "name=key-auth" 我们这里就不再赘述了。 开启插件后,再次访问前面的simple-web-server,则有: curl -i -X GET http://localhost:8000/get -H 'Host:api.ctyun.com' HTTP/1.1 401 Unauthorized Date: Wed, 27 Feb 2019 08:27:13 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive WWW-Authenticate: Key realm="kong" Content-Length: 41 Server: kong/1.0.3

{"message":"No API key found in request"} 此时插件key-auth已经开启了,开启之后怎么用呢?要想使用鉴权插件,离不开Consumer。如何创建Consumer并使用指定的插件,我们放到4.5 Add Consumers中尽心更详细的介绍。 4.5 Add Consumers 添加一个consumer,username和custom_id指定任一即可: curl -i -X POST
--url http://localhost:8001/consumers/ \ --data "username=" \ --data "custom_id=" 如: curl -i -X POST
--url http://localhost:8001/consumers/
--data "username=elbarco"

HTTP/1.1 201 Created Date: Wed, 27 Feb 2019 08:47:50 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/1.0.3 Content-Length: 107

{ "custom_id": null, "created_at": 1551257270, "username": "elbarco", "id": "738627ae-57e9-4b20-9d1d-fb12998d5296" } 为用户提供一个key: curl -i -X POST
--url http://localhost:8001/consumers/elbarco/key-auth/
--data 'key=hola-elbarco'

HTTP/1.1 201 Created Date: Wed, 27 Feb 2019 09:12:12 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/1.0.3 Content-Length: 147

{ "key": "hola-elbarco", "created_at": 1551258732, "consumer": { "id": "738627ae-57e9-4b20-9d1d-fb12998d5296" }, "id": "b9cb021d-cb37-4841-b172-40ff2dcacb5e" } 此时,我们就可以带着鉴权访问前面的simple-web-server了,有两种方式: curl http://kong:8000/{proxy path}?apikey=

curl http://kong:8000/{proxy path}
-H 'apikey: ' 我们这里任选一种即可: curl -i -X GET http://localhost:8000/get -H 'Host:api.ctyun.com' -H 'apikey:hola-elbarco'

HTTP/1.1 200 OK Content-Type: application/json Content-Length: 398 Connection: keep-alive Server: gunicorn/19.9.0 Date: Wed, 27 Feb 2019 09:19:31 GMT Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true X-Kong-Upstream-Latency: 68 X-Kong-Proxy-Latency: 26 Via: kong/1.0.3

{ "args": {}, "headers": { "Accept": "/", "Apikey": "hola-elbarco", "Connection": "keep-alive", "Host": "simple-web-server", "User-Agent": "curl/7.54.0", "X-Consumer-Id": "738627ae-57e9-4b20-9d1d-fb12998d5296", "X-Consumer-Username": "elbarco", "X-Forwarded-Host": "api.ctyun.com" }, "origin": "172.18.0.1", "url": "http://api.ctyun.com/get" } 4.6 Rate limiting 额外的,我们再看一下限流插件:Rate Limiting。 5.Advanced Features 5.1 Load balancing Loadbalancing reference 6.Kong Dashboard (From community) Kong的商业版中,提供了一个可视化界面工具,叫做Kong Manager,功能很是强大,比如:

试用需要申请,我们转而在社区中寻求替代工具,于是在Github上搜到了Kong Dashboard,提供了使用npm和docker安装两种方式,这里采用docker的方式安装一下,看看效果:

Start Kong Dashboard

docker run --rm -p 9090:8080 pgbi/kong-dashboard start --kong-url http://locahost:8001

Start Kong Dashboard on a custom port

docker run --rm -p [port]:8080 pgbi/kong-dashboard start --kong-url http://kong:8001

Start Kong Dashboard with basic auth

docker run --rm -p 8080:8080 pgbi/kong-dashboard start \ --kong-url http://kong:8001 --basic-auth user1=password1 user2=password2

See full list of start options

docker run --rm -p 8080:8080 pgbi/kong-dashboard start --help docker run --rm --name kong-dashboard -p 9090:808i0 pgbi/kong-dashboard start --kong-url http://locahost:8001 docker run --rm --network kong-net --name kong-dashboard -p 9090:8080 pgbi/kong-dashboard start --kong-url http://kong:8001 Connecting to Kong on http://kong:8001 ... This version of Kong dashboard doesn't support Kong v0.15 and higher. 受限于Kong的版本: docker container exec 999a5cf1db1a kong version 1.0.3 我们没办法接入kong-dashboard,后面再进行调研吧。 7.Summary kong的模型比较清晰,从service、route、plugin到upstream、consumer,通用性比较强,因为插件的存在,功能扩展性也很高。从我们的实际业务触发,也可以参考借鉴这种模型方式,先从核心功能出发。 8.Reference [1].An Introduction to Kong [2].Kong Admin API

点赞
收藏
评论区
推荐文章
徐小夕 徐小夕
3年前
微前端架构初探以及我的前端技术盘点
前言最近几年微前端一直是前端界的热门议题,它类似于微服务架构,主要面向于浏览器端,能将一个复杂而庞大的单体应用拆分为多个功能模块清晰且独立的子应用,且共同服于务同一个主应用。各个子应用可以独立运行、独立开发和独立部署。微前端架构概念的诞生及应用对于提供复杂应用服务的企业来说显然是一种机遇,同样也是一种挑战.本文主要就微前端架构的概念和实现方案做一
Easter79 Easter79
2年前
springboot2.0下的zuul路由网关初探
Zuul作为微服务系统的网关组件,用于构建边界服务,致力于动态路由、过滤、监控、弹性伸缩和安全。为什么需要ZuulZuul、Ribbon以及Eureka结合可以实现智能路由和负载均衡的功能;网关将所有服务的API接口统一聚合,统一对外暴露。外界调用API接口时,不需要知道微服务系统中各服务相互调用的复杂性,保护了内部微服务单元的API接口;网关可以做
日均数十亿访问量!解读个推API网关高能演进
近日,个推服务端技术专家李白受邀参与SegmentFaultDDay线上技术直播活动,与来自头部互联网企业的后端技术专家们共探“后端架构演进之路”。李白以“API网关演进之路”为主题,分享了个推基于golang进行API网关建设的实践经验和深度思考。★以下为李白演讲干货整理:API网关之源起API网关是随“微服务”概念而兴起的一种架构模式。在微服务
Stella981 Stella981
2年前
API网关 kong 的初步认识
Kong是Mashape开源的高性能高可用API网关和API服务管理层。自2015年在github开源后,广泛受到关注。它基于OpenResty,进行API管理,并提供了插件实现API的AOP。Kong的插件机制是其高可扩展性的根源,Kong可以很方便地为路由和服务提供各种插件,网关所需要的基本特性。Kong支持特性:云原生:与平台无关,K
Wesley13 Wesley13
2年前
HTTP API网关选择之一Kong介绍
转自张开涛的博客(https://www.oschina.net/action/GoToLink?urlhttp%3A%2F%2Fmp.weixin.qq.com%2Fs%2FLIq2CiXJQmmjBC0yvYLY5A)Kong是Mashape开源的高性能高可用API网关和API服务管理层。它基于OpenResty,进行API管理,并提供了插件
Wesley13 Wesley13
2年前
Kong的简介和安装
Kong是在客户端和(微)服务间转发API通信的API网关,通过插件扩展功能。Kong有两个主要组件:1、KongServer:基于nginx的服务器,用来接收API请求。2、ApacheCassandra:用来存储操作数据。你可以通过增加更多KongServer机器对Kong服务进行水平扩展,通过前置的负载均衡器向这些机
Wesley13 Wesley13
2年前
vivo 微服务 API 网关架构实践
一、背景介绍网关作为微服务生态中的重要一环,由于历史原因,中间件团队没有统一的微服务API网关,为此准备技术预研打造一个功能齐全、可用性高的业务网关。二、技术选型常见的开源网关按照语言分类有如下几类:NginxLua:OpenResty、Kong等;Java:Zuul1/Zuu
Wesley13 Wesley13
2年前
API网关原理
1、API网关介绍 API网关是一个服务器,是系统的唯一入口。从面向对象设计的角度看,它与外观模式类似。API网关封装了系统内部架构,为每个客户端提供一个定制的API。它可能还具有其它职责,如身份验证、监控、负载均衡、缓存、请求分片与管理、静态响应处理。 API网关方式的核心要点是,所有的客户端和消费端都通过统一的网关接入微服务,在网关层处理所有
helloworld_40038029 helloworld_40038029
9个月前
Netty+Nacos+Disruptor自研企业级API网关
NettyNacosDisruptor自研企业级API网关download:https://www.zxit666.com/6191/使用NettyNacosDisruptor构建高性能分布式系统在分布式系统开发中,需要使用可靠的网络通信框架、服务
API网关-APISIX简介
ApacheAPISIX是一个动态、实时、高性能的云原生API网关,提供了负载均衡、动态上游、灰度发布、服务熔断、身份认证、可观测性等丰富的流量管理功能。APISIX构建于nginxngx_lua的技术基础之上,充分利用了LuaJIT所提供的强大性能,基于openrestyetcd实现了云原生,高性能,可扩展的微服务API网关。
天翼云开发者社区
天翼云开发者社区
Lv1
天翼云是中国电信倾力打造的云服务品牌,致力于成为领先的云计算服务提供商。提供云主机、CDN、云电脑、大数据及AI等全线产品和场景化解决方案。
文章
469
粉丝
8
获赞
37