摘要:注意,此標(biāo)志不反映數(shù)據(jù)庫本身的健康狀況�����。每一個匹配給定路線的請求都將被提交給它的相關(guān)服務(wù)��。字段解釋是否必填協(xié)議列表����,。
部署好kong之后����,則需要將我們自己的接口加入到kong中管理,kong提供了比較全面的restful api�,每個版本會有所不同,下面的記錄基于kong v0.14.x
kong的8001端口是resful admin api���,服務(wù)�、路由����、配置都是通過這個端口進(jìn)行管理,所以部署好之后頁面可以直接訪問localhost:8001
參考: https://docs.konghq.com/0.14....
一��、Retrieve node information(介紹節(jié)點信息)
獲取kong節(jié)點的通用詳細(xì)信息
1,查詢節(jié)點信息
curl http://localhost:8001
Endpoint
{
"plugins": {
"enabled_in_cluster": [],
"available_on_server": {
"response-transformer": true,
"oauth2": true,
"acl": true,
"correlation-id": true,
"pre-function": true,
"jwt": true,
"cors": true,
"ip-restriction": true,
"basic-auth": true,
"key-auth": true,
"rate-limiting": true,
"request-transformer": true,
"http-log": true,
"file-log": true,
"hmac-auth": true,
"ldap-auth": true,
"datadog": true,
"tcp-log": true,
"zipkin": true,
"post-function": true,
"request-size-limiting": true,
"bot-detection": true,
"syslog": true,
"loggly": true,
"azure-functions": true,
"udp-log": true,
"response-ratelimiting": true,
"aws-lambda": true,
"statsd": true,
"prometheus": true,
"request-termination": true
}
},
"tagline": "Welcome to kong",
"configuration": {
"plugins": [
"bundled"
],
"admin_ssl_enabled": true,
"lua_ssl_verify_depth": 1,
"trusted_ips": {},
"prefix": "/usr/local/kong",
"loaded_plugins": {
"response-transformer": true,
"request-termination": true,
"prometheus": true,
"ip-restriction": true,
"pre-function": true,
"jwt": true,
"cors": true,
"statsd": true,
"basic-auth": true,
"key-auth": true,
"ldap-auth": true,
"aws-lambda": true,
"http-log": true,
"response-ratelimiting": true,
"hmac-auth": true,
"request-size-limiting": true,
"datadog": true,
"tcp-log": true,
"zipkin": true,
"post-function": true,
"bot-detection": true,
"acl": true,
"loggly": true,
"syslog": true,
"azure-functions": true,
"udp-log": true,
"file-log": true,
"request-transformer": true,
"correlation-id": true,
"rate-limiting": true,
"oauth2": true
},
"cassandra_username": "kong",
"admin_ssl_cert_csr_default": "/usr/local/kong/ssl/admin-kong-default.csr",
"ssl_cert_key": "/usr/local/kong/ssl/kong-default.key",
"admin_ssl_cert_key": "/usr/local/kong/ssl/admin-kong-default.key",
"dns_resolver": {},
"pg_user": "kong",
"mem_cache_size": "128m",
"cassandra_data_centers": [
"dc1:2",
"dc2:3"
],
"nginx_admin_directives": {},
"custom_plugins": {},
"pg_host": "127.0.0.1",
"nginx_acc_logs": "/usr/local/kong/logs/access.log",
"proxy_listen": [
"0.0.0.0:8000",
"0.0.0.0:8443 ssl"
],
"client_ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt",
"ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key",
"dns_no_sync": false,
"db_update_propagation": 0,
"nginx_err_logs": "/usr/local/kong/logs/error.log",
"cassandra_port": 9042,
"dns_order": [
"LAST",
"SRV",
"A",
"CNAME"
],
"dns_error_ttl": 1,
"headers": [
"server_tokens",
"latency_tokens"
],
"dns_stale_ttl": 4,
"nginx_optimizations": true,
"database": "postgres",
"pg_database": "kong",
"nginx_worker_processes": "auto",
"lua_package_cpath": "",
"admin_acc_logs": "/usr/local/kong/logs/admin_access.log",
"lua_package_path": "./?.lua;./?/init.lua;",
"nginx_pid": "/usr/local/kong/pids/nginx.pid",
"upstream_keepalive": 60,
"cassandra_contact_points": [
"127.0.0.1"
],
"client_ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr",
"proxy_listeners": [
{
"ssl": false,
"ip": "0.0.0.0",
"proxy_protocol": false,
"port": 8000,
"http2": false,
"listener": "0.0.0.0:8000"
},
{
"ssl": true,
"ip": "0.0.0.0",
"proxy_protocol": false,
"port": 8443,
"http2": false,
"listener": "0.0.0.0:8443 ssl"
}
],
"proxy_ssl_enabled": true,
"admin_access_log": "logs/admin_access.log",
"ssl_ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"enabled_headers": {
"latency_tokens": true,
"X-Kong-Proxy-Latency": true,
"Via": true,
"server_tokens": true,
"Server": true,
"X-Kong-Upstream-Latency": true,
"X-Kong-Upstream-Status": false
},
"cassandra_ssl": false,
"ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr",
"db_resurrect_ttl": 30,
"client_max_body_size": "0",
"cassandra_consistency": "ONE",
"db_cache_ttl": 0,
"admin_error_log": "logs/error.log",
"pg_ssl_verify": false,
"dns_not_found_ttl": 30,
"pg_ssl": false,
"client_ssl": false,
"db_update_frequency": 5,
"cassandra_repl_strategy": "SimpleStrategy",
"nginx_kong_conf": "/usr/local/kong/nginx-kong.conf",
"cassandra_repl_factor": 1,
"nginx_http_directives": [
{
"value": "prometheus_metrics 5m",
"name": "lua_shared_dict"
}
],
"error_default_type": "text/plain",
"kong_env": "/usr/local/kong/.kong_env",
"real_ip_header": "X-Real-IP",
"dns_hostsfile": "/etc/hosts",
"admin_listeners": [
{
"ssl": false,
"ip": "0.0.0.0",
"proxy_protocol": false,
"port": 8001,
"http2": false,
"listener": "0.0.0.0:8001"
},
{
"ssl": true,
"ip": "0.0.0.0",
"proxy_protocol": false,
"port": 8444,
"http2": false,
"listener": "0.0.0.0:8444 ssl"
}
],
"admin_ssl_cert": "/usr/local/kong/ssl/admin-kong-default.crt",
"ssl_cert": "/usr/local/kong/ssl/kong-default.crt",
"proxy_access_log": "logs/access.log",
"admin_ssl_cert_key_default": "/usr/local/kong/ssl/admin-kong-default.key",
"cassandra_ssl_verify": false,
"cassandra_lb_policy": "RoundRobin",
"ssl_cipher_suite": "modern",
"real_ip_recursive": "off",
"proxy_error_log": "logs/error.log",
"client_ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key",
"nginx_daemon": "on",
"anonymous_reports": true,
"cassandra_timeout": 5000,
"nginx_proxy_directives": {},
"pg_port": 5432,
"log_level": "notice",
"client_body_buffer_size": "8k",
"cassandra_schema_consensus_timeout": 10000,
"lua_socket_pool_size": 30,
"admin_ssl_cert_default": "/usr/local/kong/ssl/admin-kong-default.crt",
"cassandra_keyspace": "kong",
"ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt",
"nginx_conf": "/usr/local/kong/nginx.conf",
"admin_listen": [
"0.0.0.0:8001",
"0.0.0.0:8444 ssl"
]
},
"version": "0.14.1",
"node_id": "fee222ae-7871-49e5-a47c-bdc55410dc2a",
"lua_version": "LuaJIT 2.1.0-beta3",
"prng_seeds": {
"pid: 2328": 177223337424,
"pid: 2326": 145810617621,
"pid: 2327": 712547711113,
"pid: 2329": 114129841275
},
"timers": {
"pending": 5,
"running": 0
},
"hostname": "localhost.localdomain"
}
部分返回字段含義:
node_id : 正在運行的kong節(jié)點的uuid,當(dāng)kong啟動時隨機生成��,每次kong重啟時這個uuid都會變availabel_on_server : kong節(jié)點上安裝的plugins的名稱
enabled_in_cluster : kong節(jié)點中啟用的插件����,即在數(shù)據(jù)庫中生成了對應(yīng)存儲表
2,查詢節(jié)點狀態(tài)
curl http://localhost:8001/status
{
"database": {
"reachable": true
},
"server": {
"connections_writing": 1,
"total_requests": 67,
"connections_handled": 46,
"connections_accepted": 46,
"connections_reading": 0,
"connections_active": 2,
"connections_waiting": 1
}
}
**字段解釋
| 字段 |
解釋 |
| total_requests |
客戶端請求總數(shù) |
| connections_active |
包括等待連接的活動客戶端連接的當(dāng)前數(shù)量 |
| connections_accepted |
接受的客戶端連接的總數(shù) |
| connections_handled |
處理連接的總數(shù)。一般來說��,除非達(dá)到一定的資源限制��,否則參數(shù)值與接受值相同 |
| connections_reading |
當(dāng)前Kong正在讀取請求頭的連接數(shù) |
| connections_writing |
NGINX將響應(yīng)寫入客戶端的連接的當(dāng)前數(shù)量 |
| connections_waiting |
等待請求的空閑客戶端連接的當(dāng)前數(shù)量 |
| reachable |
反映數(shù)據(jù)庫連接狀態(tài)的布爾值����。注意,此標(biāo)志不反映數(shù)據(jù)庫本身的健康狀況�。 |
二,service服務(wù)
kong v0.13.x官方建議用Service和Route模塊來管理API���,這樣可以更好的管理����,比如認(rèn)證和策略統(tǒng)一配置���。
1����,Add Service(添加服務(wù))
參數(shù)
| 字段 |
解釋 |
備注 |
| name |
服務(wù)名稱 |
無 |
| protocol |
協(xié)議:http or https 默認(rèn)是 http |
你后端服務(wù)用什么協(xié)議訪問就寫什么協(xié)議 |
| host |
后端服務(wù)域名 |
無 |
| port |
后端服務(wù)端口 |
無 |
| path |
后端服務(wù)子路徑�;沒有就填 "/" |
無 |
| retries |
重試次數(shù):默認(rèn) 5次 |
默認(rèn)就行 |
| connect_timeout |
請求后端服務(wù)的超時時間:默認(rèn)60000 ms |
1秒(s)=1000毫秒(ms) |
| write_timeout |
寫超時時間:默認(rèn)60000 ms |
1秒(s)=1000毫秒(ms) |
| read_timeout |
讀超時時間:默認(rèn)60000 ms |
1秒(s)=1000毫秒(ms) |
| url |
后端服務(wù)url地址 |
一般就用這種方式,可以直接指定:protocol�、host、port and path�, 不用多帶帶指定啦 |
使用:
curl -i -X POST http://localhost:8001/services -d "name=test.service" -d "url=http://你的后端服務(wù)域名/api"
返回:
{
"host": "你的后端服務(wù)域名",
"created_at": 1538093069,
"connect_timeout": 60000,
"id": "85c4d968-7b6f-48fc-b5b0-260cf8493821",
"protocol": "http",
"name": "test.service",
"read_timeout": 60000,
"port": 80,
"path": "/api",
"updated_at": 1538093069,
"retries": 5,
"write_timeout": 60000
}
*注:url 這個屬性很好用,可以直接指定 protocol���、host��、port and path�。
也 可以這么寫
curl -i -X POST http://localhost:8001/services -d "name=test.service" -d "protocol=http" -d "host=hxonline.hxsd.cn" -d "path=/api"
2,Retrieve Service(查詢服務(wù))
查詢所有服務(wù)
curl -i -X GET http://1localhost:8001/services
查詢某個服務(wù)
curl -i -X GET http://localhost:8001/services/{服務(wù)名稱 or 服務(wù)id}
EXP:
curl -i -X GET http://localhost:8001/services/test.service #我的服務(wù)名稱
獲取某個路由下的服務(wù)
curl -i -X GET http://localhost:8001/routes/{路由ID}/service
EXP:
curl -i -X GET http://localhost:8001/routes/xxxx-xxx-xxx-xx/service
更新服務(wù)
可以用 PATCH 和 PUT���,PATCH可以修改已存在的服務(wù)�,PUT 如果服務(wù)不存在則新建一個�����。
curl -i -X PUT http://localhost:8001/services/{服務(wù)名稱或ID} -d "name=test.service" -d "protocol=http" -d "host=hxonline.hxsd.cn" -d "path=/api"
刪除服務(wù)
curl -i -X DELETE http://localhost:8001/services/{服務(wù)名稱或ID}
EXP:
curl -i -X DELETE http://localhost:8001/services/test.service
返回
HTTP 204 No Content (看到這個就成功啦)
三���、Route Object(路由)
路由是真正對外提供接口的實體���,每個路由都與一個服務(wù)相關(guān)聯(lián)����,而服務(wù)可能有多個與之相關(guān)聯(lián)的路由����。每一個匹配給定路線的請求都將被提交給它的相關(guān)服務(wù)。
| 字段 |
解釋 |
是否必填 |
| protocols |
協(xié)議列表���,http�、https�����。設(shè)置:protocols[]=http&protocols[]=https |
必填 |
| methods |
接受請求的方法:GET 或 POST �,二者都行。設(shè)置 methods[]=GET&methods[]=POST |
半選填:默認(rèn)是二者都行 |
| hosts |
與此路由匹配的域名列表���。例如:example.com��。用作form-encode��, 設(shè)置:hosts[]= Foo.com和hosts[]= BAR.com |
半選填 |
| paths |
與此路由匹配的路徑列表�����。例如:/test |
必填:這個很重要����,區(qū)分多服務(wù) |
| strip_path |
|
選填 |
| preserve_host |
|
選填 |
| service |
與此路由綁定的服務(wù)�����。設(shè)置:service.id= |
必填 |
1�����,Add Route(添加路由)
curl -i -X POST --url http://localhost:8001/routes/
-d "protocols[]=http&protocols[]=https"
-d "paths=/test"
-d "service.id=xxx-xxxx-xxxx-xx" #服務(wù)ID
訪問接口
curl -i -X GET http://localhost:8000/test/{后端服務(wù)路由}
注:test 是創(chuàng)建路由是的 paths 字段�。
EXP:
curl -i -X GET http://localhost:8000/test/userinfo
2,Retrieve Route (獲取路由信息)
獲取全部路由
curl -i -X GET http://localhost:8001/routes/
獲取某個路由
curl -i -X GET http://localhost:8001/routes/xxx-xxx-xxx #路由ID
獲取某服務(wù)下的路由
curl -i -X GET http://localhost:8001/services/{服務(wù)名或服務(wù)ID}/routes
更新路由
可以用 PATCH 和 PUT�����,PATCH可以修改已存在的路由�,PUT 如果路由不存在則新建一個。
curl -i -X PUT http://localhost:8001/routes/xxx-xxx-xxx #路由ID
-d "protocols[]=http&protocols[]=https"
-d "paths=test"
刪除路由
curl -i -X DELETE http://localhost:8001/routes/xxx-xxx-xxx #路由ID
總結(jié)
到這里kong的服務(wù)和路由的設(shè)置已經(jīng)完事了�,接下來認(rèn)證插件和acl的配合來保證對外接口的安全性。
文章來源:http://www.yuanmaketang.com/i...
