1 Konga UI基本使用
一般訪問地址:
1.1 Step1:創建upstream
1.1.1 【樣例】
Name=>VCSAPI_SERVER
Slot=>1000
1.2 Step2:配置upstream target
1.2.1 【樣例】
多個節點,配置多個target即可。
Target=>192.168.10.30:8080
Weight=>100
1.3 Step3:添加API Service
1.3.1 【樣例】
Name=>VCSAPI-SERVICE
HOST=>VCSAPI_SERVER(注:對應upstream name)
port=>80
path=>/vcs(注:對應目標轉發路徑,根據實際部署context調整)
1.4 Step4:配置API路由
1.4.1 【樣例】
Service=>VCSAPI-SERVICE
paths=>/vcs(注:客戶端請求路徑,根據實際部署調整)
Preserve Host:true 客戶端請求的HOST通過kong透傳到上游服務。
Strip path:true,是否刪除匹配的url前綴字符。
1.5 Step5:配置consumer
1.5.1 【樣例】
username=>icfw
1.6 Step6:配置用戶JWT認證
1.6.1 【樣例】
End-Point
Key(iss)
Secret
icfw
qD8WKwxQWQZVcdhc05yzqDpRLZMQjMH8
RE1NEaUcWBQFTj0Mxip1hy1PsFBoCVez
注:key secret創建時,可不用輸入,由系統自動生成隨機字符串。
1.7 Step7:配置服務JWT插件
1.7.1 【樣例】
Apply to=>VCSAPI_SERVICE,選擇service->plugins->jwt
Key_claim_name=>iss,固定寫法 ,對應key
Claims_to_verify=>exp,固定寫法,jwt token過期時間,unix時間數值串.(可選)
1.7.2 Jwt token 生成
通過訪問https://jwt.io/,生成JWT TOKEN
1.7.3 客戶端調用,設置HTTP頭(Authorization ):Bearer jwtkoken字符串。
1.8 Step7:配置限流插件
1.8.1 【樣例】
Apply to service=>,根據不同場景,選擇servcie即可
policy=>redis,限流策略方式,此處用redis
limit_by =>ip,限流維度,此處用以ip限流
second=>10,控制在每秒併發10以內(單ip訪問)
redis_password=>redis配置密碼
redis_host=>192.168.1.203
redis_database=>0,選擇數據庫序號,此處爲0
配置限流插件,注意數據庫PG中的時間,是否與北京時間同步。因爲是通過時間事件控制的,如果時間點不對,限流盡管配置了,也不會觸發的。
1.9 Step8:服務降級實現
通過Kong實現服務降級思路如下:
1> 梳理出需要走服務降級的接口
2> 按降級時返回數據進行歸類,相同的路由到同一個URI(kong配置預先配置的)
3> 訪問端走網關的不同路由配置
通過Kong的請求中斷插件實現服務降級,減少對後臺服務器(api等)的訪問壓力。
按理已經開啓限流策略,可以避免大部分惡意壓力***,但不排除模擬真實應用場景的***方式,可以通過服務降級做爲補充方案。
1.9.1 【樣例】
Apply to=>service,根據不同場景選擇指定的service
Status_code=>200,自定義,一般是200
Content_type=>application/json; charset=utf-8,自定義
Response body=>{"result": {},"code": 200,"message": "OK" },需要開發整理
2 訪問Kong管理接口
2.1 查看service:
http://192.168.20.22:8001/services
{
"next": null,
"data": [
{
"host": "VCSAPI_SERVER",
"created_at": 1551856065,
"connect_timeout": 6000,
"id": "4fc01ba9-6779-477d-8a49-76982650deed",
"protocol": "http",
"name": "VCSAPI_SERVICE",
"read_timeout": 6000,
"port": 80,
"path": "/vcs",
"updated_at": 1551944738,
"retries": 5,
"write_timeout": 6000
},
{
"host": "192.168.10.30",
"created_at": 1551851624,
"connect_timeout": 60000,
"id": "bc64c9c2-7399-4d2d-a616-2311f450160a",
"protocol": "http",
"name": "test-service",
"read_timeout": 60000,
"port": 8080,
"path": "/vcs/index.html",
"updated_at": 1551853564,
"retries": 5,
"write_timeout": 60000
}
]
}
2.2 查看路由(routes):
http://192.168.20.22:8001/routes
{
"next": null,
"data": [
{
"created_at": 1551856120,
"methods": [ ],
"id": "ead9e93a-7b74-4528-8df3-fe7963006317",
"service": {
"id": "4fc01ba9-6779-477d-8a49-76982650deed"
},
"name": "vcs",
"hosts": [ ],
"updated_at": 1551861483,
"preserve_host": true,
"regex_priority": 0,
"paths": [
"/vcs"
],
"sources": [ ],
"destinations": [ ],
"snis": [ ],
"protocols": [
"http",
"https"
],
"strip_path": true
},
{
"created_at": 1551851896,
"methods": [ ],
"id": "fd37c027-3ba3-49e1-9543-a4be07d499e2",
"service": {
"id": "bc64c9c2-7399-4d2d-a616-2311f450160a"
},
"name": "test",
"hosts": [ ],
"updated_at": 1551852181,
"preserve_host": false,
"regex_priority": 0,
"paths": [
"/test1"
],
"sources": [ ],
"destinations": [ ],
"snis": [ ],
"protocols": [
"http",
"https"
],
"strip_path": true
}
]
}
2.3 查看upstreams:
http://192.168.20.22:8001/upstreams
{
"next": null,
"data": [
{
"created_at": 1551943496,
"hash_on": "none",
"id": "e8910221-7302-4305-a3e6-e02ea5d673b4",
"name": "VCSAPI_SERVER",
"hash_fallback_header": null,
"hash_on_cookie": null,
"healthchecks": {
"active": {
"unhealthy": {
"http_statuses": [
429,
404,
500,
501,
502,
503,
504,
505
],
"tcp_failures": 0,
"timeouts": 0,
"http_failures": 0,
"interval": 0
},
"type": "http",
"http_path": "/",
"timeout": 1,
"healthy": {
"successes": 0,
"interval": 0,
"http_statuses": [
200,
302
]
},
"https_sni": null,
"https_verify_certificate": true,
"concurrency": 10
},
"passive": {
"unhealthy": {
"http_failures": 0,
"http_statuses": [
429,
500,
503
],
"tcp_failures": 0,
"timeouts": 0
},
"healthy": {
"http_statuses": [
200,
201,
202,
203,
204,
205,
206,
207,
208,
226,
300,
301,
302,
303,
304,
305,
306,
307,
308
],
"successes": 0
},
"type": "http"
}
},
"hash_on_cookie_path": "/",
"hash_fallback": "none",
"hash_on_header": null,
"slots": 1000
}
]
}
2.4 查看Plugins
http://192.168.20.22:8001/plugins
{
"next": null,
"data": [
{
"created_at": 1551945986,
"config": {
"secret_is_base64": false,
"key_claim_name": "iss",
"cookie_names": [ ],
"maximum_expiration": 0,
"claims_to_verify": null,
"anonymous": null,
"run_on_preflight": true,
"uri_param_names": [ ]
},
"id": "26105b8b-90e0-4e02-89b3-758f47ff74ce",
"service": {
"id": "4fc01ba9-6779-477d-8a49-76982650deed"
},
"enabled": true,
"run_on": "first",
"consumer": null,
"route": null,
"name": "jwt"
}
]
}