【实战】CentOS 7 部署Kong API网关

小渣渣

Kong是一个可扩展的开源API层（也称为API网关或API中间件）。 Kong运行在任何RESTful API的前面，并通过插件扩展，它们提供超出核心平台的额外功能和服务。

Kong最初是在Mashape建立的，用于为其API Marketplace提供超过15,000个API和Microservices，并为超过20万的开发者每月生成数十亿个请求。 今天，Kong被用于小型和大型组织的关键任务部署

当前最新版本是：0.14.1



官网：https://konghq.com/install/

GitHub：https://github.com/Kong/kong

kong插件介绍地址：https://konghq.com/plugins/.

kong相关文档地址：https://getkong.org/docs/

kong有社区版和企业版，两者的区别介绍：https://konghq.com/subscrip{过滤}tions/
Kong支持PostgreSQL 9.5+和Cassandra 3.xx作为其数据存储。

我已经安装好了PostgreSQL，教程如下：

CentOS 7 Docker部署PostgreSQL 9.6
https://www.itsvse.com/thread-5683-1-1.html
(出处: 架构师_程序员)

本文以kong社区版为例子进行安装部署

下载包：

登录可见。

安装：

登录可见。

查看版本

登录可见。

或者

登录可见。

创建配置文件：

登录可见。

如果您的配置中的所有值都被注释掉，Kong将使用默认设置运行。启动时，Kong会查找可能包含配置文件的多个默认位置：

/etc/kong/kong.conf
/etc/kong.conf

kong模板目录是在：/usr/local/share/lua/5.1/kong/templates 下面，包含下面3个文件

kong_defaults.lua
nginx.lua
nginx_kong.lua

修改/etc/kong/kong.conf配置文件，取消注释，并根据自己实际情况修改

登录可见。

初始化数据库

登录可见。

启动

登录可见。

在初始化数据库和启动kong的时候，都可以带有[-c /path/to/kong.conf]参数，指定配置文件。

Kong 在启动后，一个是 8000，一个是 8001，8000端口是请求进入端口，用户发送请求先到 Kong 项目的 8000 端口，kong根据配置的规则转发到真实的后台服务地址。而8001 端口则是管理端口，插件设置、API的增删改查、以及负载均衡等一系列的配置都是通过8001端口进行管理。

浏览器访问IP:8000，返回如下：

{"message":"no route and no API found with those values"}

kong admin管理接口（外网无法访问，可以修改绑定配置，允许外网访问）

登录可见。

{"plugins":{"enabled_in_cluster":[],"available_on_server":{"response-transformer":true,"oauth2":true,"acl":true,"correlation-id":true,"pre-function":true,"jwt":true,"cors":true,"ip-restriction":true,"basic-auth":true,"key-auth":true,"rate-limiting":true,"request-transformer":true,"http-log":true,"file-log":true,"hmac-auth":true,"ldap-auth":true,"datadog":true,"tcp-log":true,"zipkin":true,"post-function":true,"request-size-limiting":true,"bot-detection":true,"syslog":true,"loggly":true,"azure-functions":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"statsd":true,"prometheus":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"plugins":["bundled"],"admin_ssl_enabled":true,"lua_ssl_verify_depth":1,"trusted_ips":{},"prefix":"\/usr\/local\/kong","loaded_plugins":{"response-transformer":true,"request-termination":true,"prometheus":true,"ip-restriction":true,"pre-function":true,"jwt":true,"cors":true,"statsd":true,"basic-auth":true,"key-auth":true,"ldap-auth":true,"aws-lambda":true,"http-log":true,"response-ratelimiting":true,"hmac-auth":true,"request-size-limiting":true,"datadog":true,"tcp-log":true,"zipkin":true,"post-function":true,"bot-detection":true,"acl":true,"loggly":true,"syslog":true,"azure-functions":true,"udp-log":true,"file-log":true,"request-transformer":true,"correlation-id":true,"rate-limiting":true,"oauth2":true},"cassandra_username":"kong","admin_ssl_cert_csr_default":"\/usr\/local\/kong\/ssl\/admin-kong-default.csr","ssl_cert_key":"\/usr\/local\/kong\/ssl\/kong-default.key","admin_ssl_cert_key":"\/usr\/local\/kong\/ssl\/admin-kong-default.key","dns_resolver":{},"pg_user":"kong","mem_cache_size":"128m","cassandra_data_centers":["dc1:2","dc2:3"],"nginx_admin_directives":{},"custom_plugins":{},"pg_host":"127.0.0.1","nginx_acc_logs":"\/usr\/local\/kong\/logs\/access.log","proxy_listen":["0.0.0.0:8000","0.0.0.0:8443 ssl"],"client_ssl_cert_default":"\/usr\/local\/kong\/ssl\/kong-default.crt","ssl_cert_key_default":"\/usr\/local\/kong\/ssl\/kong-default.key","dns_no_sync":false,"db_update_propagation":0,"nginx_err_logs":"\/usr\/local\/kong\/logs\/error.log","cassandra_port":9042,"dns_order":["LAST","SRV","A","CNAME"],"dns_error_ttl":1,"headers":["server_tokens","latency_tokens"],"dns_stale_ttl":4,"nginx_optimizations":true,"database":"postgres","pg_database":"kong","nginx_worker_processes":"auto","lua_package_cpath":"","admin_acc_logs":"\/usr\/local\/kong\/logs\/admin_access.log","lua_package_path":".\/?.lua;.\/?\/init.lua;","nginx_pid":"\/usr\/local\/kong\/pids\/nginx.pid","upstream_keepalive":60,"cassandra_contact_points":["127.0.0.1"],"admin_access_log":"logs\/admin_access.log","client_ssl_cert_csr_default":"\/usr\/local\/kong\/ssl\/kong-default.csr","proxy_listeners":[{"ssl":false,"ip":"0.0.0.0","proxy_protocol":false,"port":8000,"http2":false,"listener":"0.0.0.0:8000"},{"ssl":true,"ip":"0.0.0.0","proxy_protocol":false,"port":8443,"http2":false,"listener":"0.0.0.0:8443 ssl"}],"proxy_ssl_enabled":true,"pg_password":"******","cassandra_ssl":false,"enabled_headers":{"latency_tokens":true,"X-Kong-Proxy-Latency":true,"Via":true,"server_tokens":true,"Server":true,"X-Kong-Upstream-Latency":true,"X-Kong-Upstream-Status":false},"ssl_cert_csr_default":"\/usr\/local\/kong\/ssl\/kong-default.csr","client_ssl":false,"db_resurrect_ttl":30,"error_default_type":"text\/plain","cassandra_consistency":"ONE","client_max_body_size":"0","admin_error_log":"logs\/error.log","pg_ssl_verify":false,"dns_not_found_ttl":30,"pg_ssl":false,"db_update_frequency":5,"ssl_ciphers":"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256","cassandra_repl_strategy":"SimpleStrategy","cassandra_repl_factor":1,"log_level":"notice","admin_ssl_cert":"\/usr\/local\/kong\/ssl\/admin-kong-default.crt","real_ip_header":"X-Real-IP","kong_env":"\/usr\/local\/kong\/.kong_env","cassandra_schema_consensus_timeout":10000,"dns_hostsfile":"\/etc\/hosts","admin_listeners":[{"ssl":false,"ip":"127.0.0.1","proxy_protocol":false,"port":8001,"http2":false,"listener":"127.0.0.1:8001"},{"ssl":true,"ip":"127.0.0.1","proxy_protocol":false,"port":8444,"http2":false,"listener":"127.0.0.1:8444 ssl"}],"cassandra_timeout":5000,"ssl_cert":"\/usr\/local\/kong\/ssl\/kong-default.crt","proxy_access_log":"logs\/access.log","admin_ssl_cert_key_default":"\/usr\/local\/kong\/ssl\/admin-kong-default.key","cassandra_ssl_verify":false,"ssl_cipher_suite":"modern","cassandra_lb_policy":"RoundRobin","real_ip_recursive":"off","proxy_error_log":"logs\/error.log","client_ssl_cert_key_default":"\/usr\/local\/kong\/ssl\/kong-default.key","nginx_daemon":"on","anonymous_reports":true,"db_cache_ttl":0,"nginx_proxy_directives":{},"pg_port":5432,"nginx_kong_conf":"\/usr\/local\/kong\/nginx-kong.conf","client_body_buffer_size":"8k","lua_socket_pool_size":30,"admin_ssl_cert_default":"\/usr\/local\/kong\/ssl\/admin-kong-default.crt","nginx_http_directives":[{"value":"prometheus_metrics 5m","name":"lua_shared_dict"}],"cassandra_keyspace":"kong","ssl_cert_default":"\/usr\/local\/kong\/ssl\/kong-default.crt","nginx_conf":"\/usr\/local\/kong\/nginx.conf","admin_listen":["127.0.0.1:8001","127.0.0.1:8444 ssl"]},"version":"0.14.1","node_id":"23886866-845c-450b-9e9d-4b74b5267eb9","lua_version":"LuaJIT 2.1.0-beta3","prng_seeds":{"pid: 30380":521312001726},"timers":{"pending":5,"running":0},"hostname":"VM_0_9_centos"}

全局参数

即所有命令都可加下面都参数

--help   帮助命令

--v    开启详细信息模式

--vv　开启debug模式


命令行


kong check

检查kong.conf有效性

用法: kong check [conf]
[conf] (默认check  /etc/kong.conf or /etc/kong/kong.conf)

kong prepare


准备kong的前置文件夹和子文件夹和文件---讲真，我不清楚这个命令的用处，反正我没用到过

登录可见。

kong health

检查kong 节点健康状况

登录可见。

kong migrations

管理kong数据库

登录可见。

参考文章：

kong配置文档：https://docs.konghq.com/0.14.x/configuration/
kong cli命令：https://docs.konghq.com/0.14.x/cli/

小渣渣

关于kong网关的教程：

【实战】Docker部署kong-dashboard教程
https://www.itsvse.com/thread-5684-1-1.html
(出处: 架构师_程序员)

【实战】使用kong rate-limiting插件控制接口请求速率
https://www.itsvse.com/thread-5685-1-1.html
(出处: 架构师_程序员)

【实战】CentOS 安装Konga管理面板
https://www.itsvse.com/thread-5916-1-1.html
(出处: 架构师_程序员)

lgf228

CentOS 7 部署Kong API网关