API Gateway : Kong
what
problems
多个服务要写自己的log,auth,对于比较耗时的,有时还要高流量限制。
solution intro
单点部署的情况:
why not just haproxy log (kinbana)
haproxy rate limit http://blog.serverfault.com/2010/08/26/1016491873/
simple version:
frontend fe_api_ssl
acl too_many_uploads_by_user sc0_gpc0_rate() gt 100
acl mark_seen sc0_inc_gpc0 gt 0
stick-table type string size 100k store gpc0_rate(60s)
tcp-request content track-sc0 hdr(Authorization) if METH_POST document_request is_upload
use_backend be_429_slow_down if mark_seen too_many_uploads_by_user
backend be_429_slow_down
timeout tarpit 2s
errorfile 500 /etc/haproxy/errorfiles/429.http
http-request tarpit
backend be_api
feature
- logs
- rate-limit
- auth
- monitoring
more plugin
install
try to use docker instead of pkg/deb/vagrant
docker run -d --name kong-database -p 5432:5432 -e "POSTGRES_USER=kong" -e "POSTGRES_DB=kong" postgres:9.4
docker run -d --name kong-database -p 9042:9042 cassandra:3
dengwei@RMBAP:~/projects/github/kong$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1b969345f2c kong:latest "/docker-entrypoin..." 16 hours ago Up 16 hours 0.0.0.0:7946->7946/tcp, 0.0.0.0:8000-8001->8000-8001/tcp, 0.0.0.0:8443->8443/tcp, 0.0.0.0:7946->7946/udp kong
9d73317da8e3 cassandra:3 "/docker-entrypoin..." 16 hours ago Up 16 hours 7000-7001/tcp, 7199/tcp, 9160/tcp, 0.0.0.0:9042->9042/tcp kong-database
kong-database
config
http localhost:8001
HTTP/1.1 200 OK
...
Server: kong/0.10.2
{
"configuration": {
"admin_ip": "0.0.0.0",
"admin_listen": "0.0.0.0:8001",
"admin_listen_ssl": "0.0.0.0:8444",
"admin_port": 8001,
"admin_ssl": true,
...
"admin_ssl_ip": "0.0.0.0",
"admin_ssl_port": 8444,
"anonymous_reports": true,
"cassandra_consistency": "ONE",
"cassandra_contact_points": [
"kong-database"
],
"cassandra_data_centers": [
"dc1:2",
"dc2:3"
],
"cassandra_keyspace": "kong",
"cassandra_lb_policy": "RoundRobin",
"cassandra_port": 9042,
...
"pg_user": "kong",
"plugins": {
"acl": true,
...
},
"prefix": "/usr/local/kong",
"proxy_ip": "0.0.0.0",
"proxy_listen": "0.0.0.0:8000",
...
},
"hostname": "b1b969345f2c",
"lua_version": "LuaJIT 2.1.0-beta2",
"plugins": {
"available_on_server": {
"acl": true,
...
},
"enabled_in_cluster": {}
},
...
"tagline": "Welcome to kong",
"timers": {
"pending": 4,
"running": 0
},
"version": "0.10.2"
}
adding an api:
http POST localhost:8001/apis name=demo upstream_url=http://mockbin.org/request request_host=mockbin.org
host with port
http POST localhost:8001/apis name=localdemo upstream_url=http://localhost:3010/request hosts=localhost
list apis:
http localhost:8001/apis
check admin log
in docker container:
sh-4.2# ls
access.log admin_access.log error.log serf.log
use plugin
auth example
http POST localhost:8001/apis/0ee4b228-3089-4ae9-b13a-09ba4df8004e/plugins name=key-auth config.key_names=X-AUTH
http POST localhost:8001/consumers/b7199b84-cbe6-47ef-9cd0-c68ab27dfee0/key-auth key=abc123
verify :
http localhost:8000 HOST:mockbin.org X-AUTH:1234
http localhost:8000 HOST:mockbin.org X-AUTH:abc123
previous one won't work , latter one works, which with the right key
rate limit example:
find your api id by list apishttp localhost:8001/apis
in my example the api id is: 0ee4b228-3089-4ae9-b13a-09ba4df8004e
http POST localhost:8001/apis/0ee4b228-3089-4ae9-b13a-09ba4df8004e/plugin;5Cs name=rate-limiting config.minute=5 config.hour=10
test it:
http localhost:8000 Host:mockbin.org X-AUTH:abc123
HTTP/1.1 200 OK
after 5 times with 1 minute:
dengwei@RMBAP:~/projects/work$ http localhost:8000 Host:mockbin.org X-AUTH:abc123
HTTP/1.1 429
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 May 2017 12:18:35 GMT
Server: kong/0.10.2
Transfer-Encoding: chunked
X-RateLimit-Limit-hour: 10
X-RateLimit-Limit-minute: 5
X-RateLimit-Remaining-hour: 0
X-RateLimit-Remaining-minute: 5
{
"message": "API rate limit exceeded"
}
how does it work
rest api with other url in sub page
ui for monitor(need enterprise)
plugin with other language?
to do or not
api gateway: to be or not to be
ref
API & Microservices Management with Kong
kong基础使用
kong ui
kong dashboard
docker
使用Kong来管理业务restful api
[聊聊架构:深入浅出聊聊企业级API网关](https://mp.weixin.qq.com/s?__biz=MzA5Nzc4OTA1Mw==&mid=2659599286&idx=1&sn=f41c9dc7f9f2027eab97889b1b01a391&chksm=8be996a4bc9e1fb29ea77d0941bedb60714c6a7ae94edd44bf705a0910979e18e631210ab326)
problems
in docker you will not success in forward your request via kong. issue here
dengwei@RMBAP:~/projects/work$ http POST localhost:8001/apis name=localdemoabc upstream_url=http://localhost:3010/ uris=/abc
HTTP/1.1 201 Created
dengwei@RMBAP:~/projects/work$ http localhost:8000/abc host=localhost
HTTP/1.1 502 Bad Gateway
todo:
nginx + koa sample
how routing work and verify
ui page
speed lost
comparing with other api gateway: loopback.io http://orange.sumory.com/
API Gateway : Kong的更多相关文章
- API Gateway - KONG 安装与配置
简介 Kong,是由Mashape公司开源的,基于Nginx的API gateway 特点 可扩展,支持分布式 模块化 功能:授权.日志.ip限制.限流.api 统计分析(存在商业插件Galileo等 ...
- kong API gateway
参考:https://www.cnblogs.com/chenjinxi/p/8724564.html 一.简介 Kong,是由Mashape公司开源的,基于Nginx的API gateway. 二. ...
- API gateway 之 kong 基本操作 (三)
一.演示环境准备 1.nginx配置 [root@nginx conf.d]# pwd /etc/nginx/conf.d [root@nginx conf.d]# ls conf_bak kong_ ...
- API gateway 之 kong 基本介绍 (一)
一.API网关概念介绍 API 网关,即API Gateway,是大型分布式系统中,为了保护内部服务而设计的一道屏障,可以提供高性能.高可用的 API托管服务,从而帮助服务的开发者便捷地对外提供服务, ...
- 关于kong | API Gateway
目录 为什么需要 API 网关(more) kong的概念 为什么使用Kong Kong 的管理方式 高可扩展性的背后-插件机制 [前言]: Kong是一个云原生,高效,可扩展的分布式 API 网关. ...
- Docker安装Kong API Gateway并使用
我最新最全的文章都在南瓜慢说 www.pkslow.com,文章更新也只在官网,欢迎大家来喝茶~~ 1 简介 Kong不是一个简单的产品,本文讲的Kong主要指的是Kong API Gateway,即 ...
- 谈谈微服务中的 API 网关(API Gateway)
前言 又是很久没写博客了,最近一段时间换了新工作,比较忙,所以没有抽出来太多的时间写给关注我的粉丝写一些干货了,就有人问我怎么最近没有更新博客了,在这里给大家抱歉. 那么,在本篇文章中,我们就一起来探 ...
- 聊聊 API Gateway 和 Netflix Zuul
最近参与了公司 API Gateway 的搭建工作,技术选型是 Netflix Zuul,主要聊一聊其中的一些心得和体会. 本文主要是介绍使用 Zuul 且在不强制使用其他 Neflix OSS 组件 ...
- 微服务中的 API 网关(API Gateway)
API 网关(API Gateway)提供高性能.高可用的 API 托管服务,帮助用户对外开放其部署在 ECS.容器服务等云产品上的应用,提供完整的 API 发布.管理.维护生命周期管理.用户只需进行 ...
随机推荐
- Static需谨慎
Static Cling Sticking Your Code To Things Unnecessarily Static Cling is a code smell used to describ ...
- 为虚拟机配置固定ip地址
vim /etc/sysconfig/network-scripts/ifcfg-eth0 修改BOOTPROTO为static 新增IPADDR即可 如下图所示
- vue-先渲染dom载执行js
价格判断v-if=“dataList”有数据的时候才渲染
- 二叉树放置照相机 Binary Tree Cameras
2019-03-27 15:39:37 问题描述: 问题求解: 很有意思的问题,问题描述简单,求解过程也可以非常的简洁,是个难得的好题. 求解的过程是自底向上进行分析,对于叶子节点,如果在叶子上放置照 ...
- PAT 1073 Scientific Notation
1073 Scientific Notation (20 分) Scientific notation is the way that scientists easily handle very ...
- PAT 1054 The Dominant Color
1054 The Dominant Color (20 分) Behind the scenes in the computer's memory, color is always talked ...
- 64位win7连接ACCESS报错“Microsoft.Jet.OLEDB.4.0”问题
本人开发了桌面软件,关于事务提醒,自己一直在用,很喜欢,但是在64位win7上无法运行,网上说多种方法,都觉得麻烦.后来自己在vs2012下编译成x86版本,结果可以运行在64位win7下了. 原来如 ...
- 十年京东Java程序员的工作总结,写给迷茫中的你!
很多年前,刚刚从大学毕业的时候,很多公司来校招.其中最烂俗的一个面试问题是:“你希望你之后三到五年的发展是什么?”.我当时的标准回答是(原话):“成为在某一方面能够独当一面的技术专家“.后来经历了几家 ...
- Java 实现缓存,一个线程存,一个线程取
缓存类: package com.zit.test; import java.util.concurrent.BlockingDeque; import java.util.concurrent.Li ...
- java 创建string对象机制 字符串缓冲池 字符串拼接机制 字符串中intern()方法
字符串常量池:字符串常量池在方法区中 为了优化空间,为了减少在JVM中创建的字符串的数量,字符串类维护了一个字符串池,每当代码创建字符串常量时,JVM会首先检查字符串常量池.如果字符串已经存在池中,就 ...