API Gateway : Kong

时间:2023-03-09 03:27:55
API Gateway : Kong

what

problems

API Gateway : Kong

API Gateway : Kong

多个服务要写自己的log,auth,对于比较耗时的,有时还要高流量限制。

solution intro

API Gateway : Kong

单点部署的情况:

API Gateway : Kong

API Gateway : Kong

why not just haproxy log (kinbana)

haproxy rate limit http://blog.serverfault.com/2010/08/26/1016491873/

simple version:

  frontend fe_api_ssl

    acl too_many_uploads_by_user sc0_gpc0_rate() gt 100
acl mark_seen sc0_inc_gpc0 gt 0 stick-table type string size 100k store gpc0_rate(60s) tcp-request content track-sc0 hdr(Authorization) if METH_POST document_request is_upload use_backend be_429_slow_down if mark_seen too_many_uploads_by_user backend be_429_slow_down
timeout tarpit 2s
errorfile 500 /etc/haproxy/errorfiles/429.http
http-request tarpit backend be_api

feature

install

try to use docker instead of pkg/deb/vagrant

docker run -d --name kong-database  -p 5432:5432   -e "POSTGRES_USER=kong"   -e "POSTGRES_DB=kong"   postgres:9.4
docker run -d --name kong-database -p 9042:9042 cassandra:3 dengwei@RMBAP:~/projects/github/kong$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1b969345f2c kong:latest "/docker-entrypoin..." 16 hours ago Up 16 hours 0.0.0.0:7946->7946/tcp, 0.0.0.0:8000-8001->8000-8001/tcp, 0.0.0.0:8443->8443/tcp, 0.0.0.0:7946->7946/udp kong
9d73317da8e3 cassandra:3 "/docker-entrypoin..." 16 hours ago Up 16 hours 7000-7001/tcp, 7199/tcp, 9160/tcp, 0.0.0.0:9042->9042/tcp kong-database
kong-database

config

http localhost:8001
HTTP/1.1 200 OK
...
Server: kong/0.10.2 {
"configuration": {
"admin_ip": "0.0.0.0",
"admin_listen": "0.0.0.0:8001",
"admin_listen_ssl": "0.0.0.0:8444",
"admin_port": 8001,
"admin_ssl": true,
...
"admin_ssl_ip": "0.0.0.0",
"admin_ssl_port": 8444,
"anonymous_reports": true,
"cassandra_consistency": "ONE",
"cassandra_contact_points": [
"kong-database"
],
"cassandra_data_centers": [
"dc1:2",
"dc2:3"
],
"cassandra_keyspace": "kong",
"cassandra_lb_policy": "RoundRobin",
"cassandra_port": 9042,
...
"pg_user": "kong",
"plugins": {
"acl": true,
...
},
"prefix": "/usr/local/kong",
"proxy_ip": "0.0.0.0",
"proxy_listen": "0.0.0.0:8000",
...
},
"hostname": "b1b969345f2c",
"lua_version": "LuaJIT 2.1.0-beta2",
"plugins": {
"available_on_server": {
"acl": true,
...
},
"enabled_in_cluster": {}
},
...
"tagline": "Welcome to kong",
"timers": {
"pending": 4,
"running": 0
},
"version": "0.10.2"
}

adding an api:

http POST localhost:8001/apis name=demo upstream_url=http://mockbin.org/request request_host=mockbin.org

host with port

http POST localhost:8001/apis name=localdemo upstream_url=http://localhost:3010/request hosts=localhost

list apis:

http localhost:8001/apis

check admin log

in docker container:

sh-4.2# ls
access.log admin_access.log error.log serf.log

use plugin

  • auth example

     http POST localhost:8001/apis/0ee4b228-3089-4ae9-b13a-09ba4df8004e/plugins name=key-auth config.key_names=X-AUTH
    http POST localhost:8001/consumers/b7199b84-cbe6-47ef-9cd0-c68ab27dfee0/key-auth key=abc123

verify :

http localhost:8000 HOST:mockbin.org X-AUTH:1234
http localhost:8000 HOST:mockbin.org X-AUTH:abc123

previous one won't work , latter one works, which with the right key

  • rate limit example:

    find your api id by list apis

    http localhost:8001/apis

in my example the api id is: 0ee4b228-3089-4ae9-b13a-09ba4df8004e

http POST localhost:8001/apis/0ee4b228-3089-4ae9-b13a-09ba4df8004e/plugin;5Cs name=rate-limiting config.minute=5 config.hour=10

test it:

http localhost:8000 Host:mockbin.org X-AUTH:abc123
HTTP/1.1 200 OK

after 5 times with 1 minute:

dengwei@RMBAP:~/projects/work$  http localhost:8000 Host:mockbin.org X-AUTH:abc123
HTTP/1.1 429
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 May 2017 12:18:35 GMT
Server: kong/0.10.2
Transfer-Encoding: chunked
X-RateLimit-Limit-hour: 10
X-RateLimit-Limit-minute: 5
X-RateLimit-Remaining-hour: 0
X-RateLimit-Remaining-minute: 5 {
"message": "API rate limit exceeded"
}

how does it work

rest api with other url in sub page

ui for monitor(need enterprise)

plugin with other language?

to do or not

api gateway: to be or not to be

ref

API & Microservices Management with Kong

kong基础使用

kong ui

kong dashboard

docker

使用Kong来管理业务restful api

[聊聊架构:深入浅出聊聊企业级API网关](https://mp.weixin.qq.com/s?__biz=MzA5Nzc4OTA1Mw==&mid=2659599286&idx=1&sn=f41c9dc7f9f2027eab97889b1b01a391&chksm=8be996a4bc9e1fb29ea77d0941bedb60714c6a7ae94edd44bf705a0910979e18e631210ab326)

problems

in docker you will not success in forward your request via kong. issue here

    dengwei@RMBAP:~/projects/work$ http POST localhost:8001/apis name=localdemoabc upstream_url=http://localhost:3010/ uris=/abc

    HTTP/1.1 201 Created

    dengwei@RMBAP:~/projects/work$ http localhost:8000/abc host=localhost
HTTP/1.1 502 Bad Gateway

todo:

nginx + koa sample

how routing work and verify

ui page

speed lost

comparing with other api gateway: loopback.io http://orange.sumory.com/