what

problems

多个服务要写自己的log，auth，对于比较耗时的，有时还要高流量限制。

solution intro

单点部署的情况：

why not just haproxy log (kinbana)

haproxy rate limit http://blog.serverfault.com/2010/08/26/1016491873/

simple version:

  frontend fe_api_ssl

    acl too_many_uploads_by_user sc0_gpc0_rate() gt 100

    acl mark_seen sc0_inc_gpc0 gt 0

    stick-table type string size 100k store gpc0_rate(60s)

    tcp-request content track-sc0 hdr(Authorization) if METH_POST document_request is_upload

    use_backend be_429_slow_down if mark_seen too_many_uploads_by_user  

  backend be_429_slow_down

    timeout tarpit 2s

    errorfile 500 /etc/haproxy/errorfiles/429.http

    http-request tarpit

  backend be_api

feature

• logs
• rate-limit
• auth
• monitoring
  
  more plugin

install

try to use docker instead of pkg/deb/vagrant

docker run -d --name kong-database  -p 5432:5432   -e "POSTGRES_USER=kong"   -e "POSTGRES_DB=kong"   postgres:9.4

docker run -d --name kong-database  -p 9042:9042  cassandra:3

dengwei@RMBAP:~/projects/github/kong$ docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS                                                                                                      NAMES

b1b969345f2c        kong:latest         "/docker-entrypoin..."   16 hours ago        Up 16 hours                0.0.0.0:7946->7946/tcp, 0.0.0.0:8000-8001->8000-8001/tcp, 0.0.0.0:8443->8443/tcp, 0.0.0.0:7946->7946/udp   kong

9d73317da8e3        cassandra:3         "/docker-entrypoin..."   16 hours ago        Up 16 hours                7000-7001/tcp, 7199/tcp, 9160/tcp, 0.0.0.0:9042->9042/tcp                                                  kong-database

                                             kong-database

config

http localhost:8001

HTTP/1.1 200 OK

...

Server: kong/0.10.2

{

    "configuration": {

        "admin_ip": "0.0.0.0",

        "admin_listen": "0.0.0.0:8001",

        "admin_listen_ssl": "0.0.0.0:8444",

        "admin_port": 8001,

        "admin_ssl": true,

        ...

        "admin_ssl_ip": "0.0.0.0",

        "admin_ssl_port": 8444,

        "anonymous_reports": true,

        "cassandra_consistency": "ONE",

        "cassandra_contact_points": [

            "kong-database"

        ],

        "cassandra_data_centers": [

            "dc1:2",

            "dc2:3"

        ],

        "cassandra_keyspace": "kong",

        "cassandra_lb_policy": "RoundRobin",

        "cassandra_port": 9042,

        ...

        "pg_user": "kong",

        "plugins": {

            "acl": true,

            ...

        },

        "prefix": "/usr/local/kong",

        "proxy_ip": "0.0.0.0",

        "proxy_listen": "0.0.0.0:8000",

        ...

    },

    "hostname": "b1b969345f2c",

    "lua_version": "LuaJIT 2.1.0-beta2",

    "plugins": {

        "available_on_server": {

            "acl": true,

           ...

        },

        "enabled_in_cluster": {}

    },

   ...

    "tagline": "Welcome to kong",

    "timers": {

        "pending": 4,

        "running": 0

    },

    "version": "0.10.2"

}

adding an api:

http POST localhost:8001/apis name=demo upstream_url=http://mockbin.org/request request_host=mockbin.org

host with port

http POST localhost:8001/apis name=localdemo upstream_url=http://localhost:3010/request hosts=localhost

list apis:

http localhost:8001/apis

check admin log

in docker container:

sh-4.2# ls

access.log  admin_access.log  error.log  serf.log

use plugin

• auth example

   http POST localhost:8001/apis/0ee4b228-3089-4ae9-b13a-09ba4df8004e/plugins name=key-auth config.key_names=X-AUTH
  
   http POST localhost:8001/consumers/b7199b84-cbe6-47ef-9cd0-c68ab27dfee0/key-auth key=abc123
  

verify :

http localhost:8000 HOST:mockbin.org X-AUTH:1234

http localhost:8000 HOST:mockbin.org X-AUTH:abc123

previous one won't work , latter one works, which with the right key

• rate limit example:
  
  find your api id by list apis

  http localhost:8001/apis

in my example the api id is: 0ee4b228-3089-4ae9-b13a-09ba4df8004e

http POST localhost:8001/apis/0ee4b228-3089-4ae9-b13a-09ba4df8004e/plugin;5Cs name=rate-limiting config.minute=5 config.hour=10

test it:

http localhost:8000 Host:mockbin.org X-AUTH:abc123

HTTP/1.1 200 OK

after 5 times with 1 minute:

dengwei@RMBAP:~/projects/work$  http localhost:8000 Host:mockbin.org X-AUTH:abc123

HTTP/1.1 429

Connection: keep-alive

Content-Type: application/json; charset=utf-8

Date: Thu, 25 May 2017 12:18:35 GMT

Server: kong/0.10.2

Transfer-Encoding: chunked

X-RateLimit-Limit-hour: 10

X-RateLimit-Limit-minute: 5

X-RateLimit-Remaining-hour: 0

X-RateLimit-Remaining-minute: 5

{

    "message": "API rate limit exceeded"

}

how does it work

rest api with other url in sub page

ui for monitor(need enterprise)

plugin with other language?

to do or not

api gateway: to be or not to be

ref

API & Microservices Management with Kong

kong基础使用

kong ui

kong dashboard

docker

使用Kong来管理业务restful api

[聊聊架构：深入浅出聊聊企业级API网关](https://mp.weixin.qq.com/s?__biz=MzA5Nzc4OTA1Mw==&mid=2659599286&idx=1&sn=f41c9dc7f9f2027eab97889b1b01a391&chksm=8be996a4bc9e1fb29ea77d0941bedb60714c6a7ae94edd44bf705a0910979e18e631210ab326）

problems

in docker you will not success in forward your request via kong. issue here

    dengwei@RMBAP:~/projects/work$ http POST localhost:8001/apis name=localdemoabc upstream_url=http://localhost:3010/ uris=/abc

    HTTP/1.1 201 Created

    dengwei@RMBAP:~/projects/work$ http localhost:8000/abc host=localhost

    HTTP/1.1 502 Bad Gateway

todo:

nginx + koa sample

how routing work and verify

ui page

speed lost

comparing with other api gateway: loopback.io http://orange.sumory.com/