what

problems





多个服务要写自己的log,auth,对于比较耗时的,有时还要高流量限制。

solution intro

单点部署的情况:



why not just haproxy log (kinbana)

haproxy rate limit http://blog.serverfault.com/2010/08/26/1016491873/

simple version:

  frontend fe_api_ssl

    acl too_many_uploads_by_user sc0_gpc0_rate() gt 100

    acl mark_seen sc0_inc_gpc0 gt 0

    stick-table type string size 100k store gpc0_rate(60s)

    tcp-request content track-sc0 hdr(Authorization) if METH_POST document_request is_upload

    use_backend be_429_slow_down if mark_seen too_many_uploads_by_user  

  backend be_429_slow_down

    timeout tarpit 2s

    errorfile 500 /etc/haproxy/errorfiles/429.http

    http-request tarpit

  backend be_api

feature

install

try to use docker instead of pkg/deb/vagrant

docker run -d --name kong-database  -p 5432:5432   -e "POSTGRES_USER=kong"   -e "POSTGRES_DB=kong"   postgres:9.4

docker run -d --name kong-database  -p 9042:9042  cassandra:3

dengwei@RMBAP:~/projects/github/kong$ docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS                                                                                                      NAMES

b1b969345f2c        kong:latest         "/docker-entrypoin..."   16 hours ago        Up 16 hours                0.0.0.0:7946->7946/tcp, 0.0.0.0:8000-8001->8000-8001/tcp, 0.0.0.0:8443->8443/tcp, 0.0.0.0:7946->7946/udp   kong

9d73317da8e3        cassandra:3         "/docker-entrypoin..."   16 hours ago        Up 16 hours                7000-7001/tcp, 7199/tcp, 9160/tcp, 0.0.0.0:9042->9042/tcp                                                  kong-database

                                             kong-database

config

http localhost:8001


HTTP/1.1 200 OK

...

Server: kong/0.10.2

{

    "configuration": {

        "admin_ip": "0.0.0.0",

        "admin_listen": "0.0.0.0:8001",

        "admin_listen_ssl": "0.0.0.0:8444",

        "admin_port": 8001,

        "admin_ssl": true,

        ...

        "admin_ssl_ip": "0.0.0.0",

        "admin_ssl_port": 8444,

        "anonymous_reports": true,

        "cassandra_consistency": "ONE",

        "cassandra_contact_points": [

            "kong-database"

        ],

        "cassandra_data_centers": [

            "dc1:2",

            "dc2:3"

        ],

        "cassandra_keyspace": "kong",

        "cassandra_lb_policy": "RoundRobin",

        "cassandra_port": 9042,

        ...

        "pg_user": "kong",

        "plugins": {

            "acl": true,

            ...

        },

        "prefix": "/usr/local/kong",

        "proxy_ip": "0.0.0.0",

        "proxy_listen": "0.0.0.0:8000",

        ...

    },

    "hostname": "b1b969345f2c",

    "lua_version": "LuaJIT 2.1.0-beta2",

    "plugins": {

        "available_on_server": {

            "acl": true,

           ...

        },

        "enabled_in_cluster": {}

    },

   ...

    "tagline": "Welcome to kong",

    "timers": {

        "pending": 4,

        "running": 0

    },

    "version": "0.10.2"

}

adding an api:

http POST localhost:8001/apis name=demo upstream_url=http://mockbin.org/request request_host=mockbin.org

host with port

http POST localhost:8001/apis name=localdemo upstream_url=http://localhost:3010/request hosts=localhost

list apis:

http localhost:8001/apis

check admin log

in docker container:

sh-4.2# ls

access.log  admin_access.log  error.log  serf.log

use plugin

  • auth example

     http POST localhost:8001/apis/0ee4b228-3089-4ae9-b13a-09ba4df8004e/plugins name=key-auth config.key_names=X-AUTH
    
 http POST localhost:8001/consumers/b7199b84-cbe6-47ef-9cd0-c68ab27dfee0/key-auth key=abc123

verify :

http localhost:8000 HOST:mockbin.org X-AUTH:1234

http localhost:8000 HOST:mockbin.org X-AUTH:abc123

previous one won't work , latter one works, which with the right key

  • rate limit example:

    find your api id by list apis

    http localhost:8001/apis

in my example the api id is: 0ee4b228-3089-4ae9-b13a-09ba4df8004e

http POST localhost:8001/apis/0ee4b228-3089-4ae9-b13a-09ba4df8004e/plugin;5Cs name=rate-limiting config.minute=5 config.hour=10

test it:

http localhost:8000 Host:mockbin.org X-AUTH:abc123

HTTP/1.1 200 OK

after 5 times with 1 minute:

dengwei@RMBAP:~/projects/work$  http localhost:8000 Host:mockbin.org X-AUTH:abc123

HTTP/1.1 429

Connection: keep-alive

Content-Type: application/json; charset=utf-8

Date: Thu, 25 May 2017 12:18:35 GMT

Server: kong/0.10.2

Transfer-Encoding: chunked

X-RateLimit-Limit-hour: 10

X-RateLimit-Limit-minute: 5

X-RateLimit-Remaining-hour: 0

X-RateLimit-Remaining-minute: 5

{

    "message": "API rate limit exceeded"

}

how does it work

rest api with other url in sub page

ui for monitor(need enterprise)

plugin with other language?

to do or not

api gateway: to be or not to be

ref

API & Microservices Management with Kong

kong基础使用

kong ui

kong dashboard

docker

使用Kong来管理业务restful api

[聊聊架构:深入浅出聊聊企业级API网关](https://mp.weixin.qq.com/s?__biz=MzA5Nzc4OTA1Mw==&mid=2659599286&idx=1&sn=f41c9dc7f9f2027eab97889b1b01a391&chksm=8be996a4bc9e1fb29ea77d0941bedb60714c6a7ae94edd44bf705a0910979e18e631210ab326)

problems

in docker you will not success in forward your request via kong. issue here

    dengwei@RMBAP:~/projects/work$ http POST localhost:8001/apis name=localdemoabc upstream_url=http://localhost:3010/ uris=/abc

    HTTP/1.1 201 Created

    dengwei@RMBAP:~/projects/work$ http localhost:8000/abc host=localhost

    HTTP/1.1 502 Bad Gateway

todo:

nginx + koa sample

how routing work and verify

ui page

speed lost

comparing with other api gateway: loopback.io http://orange.sumory.com/

API Gateway : Kong的更多相关文章

  1. API Gateway - KONG 安装与配置

    简介 Kong,是由Mashape公司开源的,基于Nginx的API gateway 特点 可扩展,支持分布式 模块化 功能:授权.日志.ip限制.限流.api 统计分析(存在商业插件Galileo等 ...

  2. kong API gateway

    参考:https://www.cnblogs.com/chenjinxi/p/8724564.html 一.简介 Kong,是由Mashape公司开源的,基于Nginx的API gateway. 二. ...

  3. API gateway 之 kong 基本操作 (三)

    一.演示环境准备 1.nginx配置 [root@nginx conf.d]# pwd /etc/nginx/conf.d [root@nginx conf.d]# ls conf_bak kong_ ...

  4. API gateway 之 kong 基本介绍 (一)

    一.API网关概念介绍 API 网关,即API Gateway,是大型分布式系统中,为了保护内部服务而设计的一道屏障,可以提供高性能.高可用的 API托管服务,从而帮助服务的开发者便捷地对外提供服务, ...

  5. 关于kong | API Gateway

    目录 为什么需要 API 网关(more) kong的概念 为什么使用Kong Kong 的管理方式 高可扩展性的背后-插件机制 [前言]: Kong是一个云原生,高效,可扩展的分布式 API 网关. ...

  6. Docker安装Kong API Gateway并使用

    我最新最全的文章都在南瓜慢说 www.pkslow.com,文章更新也只在官网,欢迎大家来喝茶~~ 1 简介 Kong不是一个简单的产品,本文讲的Kong主要指的是Kong API Gateway,即 ...

  7. 谈谈微服务中的 API 网关(API Gateway)

    前言 又是很久没写博客了,最近一段时间换了新工作,比较忙,所以没有抽出来太多的时间写给关注我的粉丝写一些干货了,就有人问我怎么最近没有更新博客了,在这里给大家抱歉. 那么,在本篇文章中,我们就一起来探 ...

  8. 聊聊 API Gateway 和 Netflix Zuul

    最近参与了公司 API Gateway 的搭建工作,技术选型是 Netflix Zuul,主要聊一聊其中的一些心得和体会. 本文主要是介绍使用 Zuul 且在不强制使用其他 Neflix OSS 组件 ...

  9. 微服务中的 API 网关(API Gateway)

    API 网关(API Gateway)提供高性能.高可用的 API 托管服务,帮助用户对外开放其部署在 ECS.容器服务等云产品上的应用,提供完整的 API 发布.管理.维护生命周期管理.用户只需进行 ...

随机推荐

  1. [大数据从入门到放弃系列教程]第一个spark分析程序

    [大数据从入门到放弃系列教程]第一个spark分析程序 原文链接:http://www.cnblogs.com/blog5277/p/8580007.html 原文作者:博客园--曲高终和寡 **** ...

  2. Kafka-Record(消息格式)

    注:本文依赖于kafka-0.10.0.1-src kafka消息格式是经过多个版本的演变的,本文只说0.10.0.1版本的消息格式. 消息格式如图1所示: 图1 CRC:用于校验消息内容.占4个字节 ...

  3. 00-python-常用命令

    1. pip 加速命令 pip install --index-url https://pypi.douban.com/simple 或者 pip install -i https://pypi.tu ...

  4. zookeeper: zkServer.sh status没有到主机的路由

    zookeeper: zkServer.sh status没有到主机的路由 没有到主机的路由这种问题很常见,多数是由机器的防火墙没有关闭. Ubuntu查看防火墙状态ufw status 关闭防火墙u ...

  5. ranch 源码分析(三)

    接上ranch 源码分析(二) 上次讲到了ranch_conns_sup和ranch_acceptors_sup这2个ranch的核心模块,我们接着分析 首先查看ranch_conns_sup.erl ...

  6. 『TensorFlow』读书笔记_ResNet_V2

    『PyTorch × TensorFlow』第十七弹_ResNet快速实现 要点 神经网络逐层加深有Degradiation问题,准确率先上升到饱和,再加深会下降,这不是过拟合,是测试集和训练集同时下 ...

  7. eclipse添加js智能代码提示

    安装重启之后,在项目名上右键 结束

  8. Starting MySQL....The server quit without updating PID file[失败]/lib/mysql/ip12189.pid). 错误一例

    [root@ip12189 etc]# service mysqld startStarting MySQL....The server quit without updating PID file[ ...

  9. iTerm2 + oh my zsh +agnoster 打造最强Mac终端

    链接: http://www.siguoya.name/pc/home/article/256 http://www.jianshu.com/p/fabd40cf83fe http://www.jia ...

  10. session和cookie的应用场景和区别

    cookie存于客户端,session存于服务器端. cookie的作用是与服务器进行交互,作为http规范的一部分存在,而web storage是为了在本地存储“数据”而生. cookie应用场景: ...