如需转载文章,请保留文章出处(blog.csdn.net/knight_zhou)。因为我的很多文章一般是会进行更新的。也避免百度搜出来一大推相似的文章,却找不到原创博主。
前言Kong 分为企业版和OSS版本(社区版),社区版。企业直接用社区版即可。
官网The Kong Gateway software is governed by the Kong Software License Agreement. Kong Gateway (OSS) is licensed under an Apache 2.0 license.
Install Kong Gateway on CentOS - v2.6.x | Kong Docs
安装## Kong Gateway (OSS) curl -Lo kong-2.6.0.el8.amd64.rpm $(rpm --eval "https://download.konghq.com/gateway-2.x-centos-8/Packages/k/kong-2.6.0.el8.amd64.rpm") # rpm包安装 yum --nogpgcheck install -y kong-2.6.0.el7.amd64.rpm ### kong version --v ## 重启 kong restart数据库选择
我们选择 postgresql 作为数据库存储
postgresql 安装Kong Gateway supports both PostgreSQL and Cassandra as its datastore.
# 安装 sudo yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm sudo yum install -y postgresql11-server sudo /usr/pgsql-11/bin/postgresql-11-setup initdb sudo systemctl enable postgresql-11 sudo systemctl start postgresql-11 ### 查看版本 psql --version ## ss -ntlp|grep 5432 # 配置文件路径 vim /var/lib/pgsql/11/data/pg_hba.conf
创建用户
# su - postgres ## psql ## CREATE USER kong; CREATE DATABASE kong OWNER kong; ## postgres=# ALTER USER kong PASSWORD '123456'; ALTER ROLE postgres=#配置文件修改连接database
官网: https://docs.konghq.com/gateway/2.6.x/reference/configuration/#datastore-section
configure : /etc/kong/kong.conf
pg_host = 127.0.0.1 # Host of the Postgres server.
pg_port = 5432 # Port of the Postgres server.
pg_timeout = 5000 # Defines the timeout (in ms), for connecting,
# reading and writing.
pg_user = kong # Postgres user.
pg_password = 123456 # Postgres user's password.
pg_database = kong # The database name to connect to.
### 管理界面可以其他主机访问
admin_listen = 0.0.0.0:8001
初始化
Then, run the Kong Gateway migrations, using the following command
# 初始化 kong migrations bootstrap -c kong.conf ### Bootstrapping database... migrating core on database 'kong'... core migrated up to: 000_base (executed) core migrated up to: 003_100_to_110 (executed) core migrated up to: 004_110_to_120 (executed) core migrated up to: 005_120_to_130 (executed) core migrated up to: 006_130_to_140 (executed) .... 中间省略...... se_response_rate_limiting (executed) migrating session on database 'kong'... session migrated up to: 000_base_session (executed) session migrated up to: 001_add_ttl_index (executed) 41 migrations processed 41 executed Database is up-to-date
启动:
### kong start -c kong.conf ## 重启 kong restart -c kong.conf # 查看进程 $ps -ef |grep nginx root 3373 1 0 16:53 ? 00:00:00 nginx: master process /usr/local/openresty/nginx/sbin/nginx -p /usr/local/kong -c nginx.conf kong 3374 3373 0 16:53 ? 00:00:00 nginx: worker process kong 3375 3373 0 16:53 ? 00:00:00 nginx: worker process kong 3376 3373 0 16:53 ? 00:00:00 nginx: worker process kong 3377 3373 0 16:53 ? 00:00:00 nginx: worker process root 3493 16894 0 16:53 pts/1 00:00:00 grep --color=auto nginx
### curl -i -X GET --url http://127.0.0.1:8001/services ### $netstat -ntpl|grep nginx tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 14115/nginx: master tcp 0 0 127.0.0.1:8444 0.0.0.0:* LISTEN 14115/nginx: master tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 14115/nginx: master tcp 0 0 127.0.0.1:8001 0.0.0.0:* LISTEN 14115/nginx: master ###各个端口的作用
- :8000: Port on which listens for incoming HTTP traffic from your clients, and forwards it to your upstream services.
- :8443: Port on which listens for incoming HTTPS traffic. This port has similar behavior as the :8000 port, except that it expects HTTPS traffic only. This port can be disabled with the kong.confconfiguration file.
- :8001: Port on which the Admin API used to configure listens.
- :8444: Port on which the Admin API listens for HTTPS traffic.
# CREATE USER konga; CREATE DATABASE konga OWNER konga; ## CREATE USER konga WITH PASSWORD 'konga' CREATE DATABASE konga OWNER konga GRANT ALL PRIVILEGES ON DATABASE konga TO konga安装node环境
$ cd /opt/tools $ wget https://nodejs.org/dist/v10.16.0/node-v10.16.0-linux-x64.tar.xz $ tar xf node-v10.16.0-linux-x64.tar.xz $mv node-v10.16.0-linux-x64 /usr/local/node ## 加环境变量 ## set node env export NODE=/usr/local/node export PATH=$PATH:$NODE/bin ## node -v npm -v ### npm install -g pm2安装
$ git clone https://github.com/pantsel/konga.git $ cd konga $ cp .env_example .env $ vi .env
配置信息:
PORT=1337 # Konga的Web服务监听端口 NODE_ENV=production # 环境代码,建议使用production KONGA_HOOK_TIMEOUT=120000 # Konga调用管理API的最长回调等待时间 DB_ADAPTER=postgres # 数据库类型,支持mongo,mysql,postgres,sqlserver DB_HOST=localhost DB_PORT=5432 DB_DATABASE=konga DB_USER=konga # 数据库用户名 DB_PASSWORD=konga # 数据库密码 KONGA_LOG_LEVEL=warn # 日志等级 TOKEN_SECRET=some_secret_token
去掉注释:
PORT=1337 NODE_ENV=production KONGA_HOOK_TIMEOUT=120000 DB_ADAPTER=postgres DB_URI=postgresql://konga@127.0.0.1:5432/konga DB_PASSWORD=konga KONGA_LOG_LEVEL=warn TOKEN_SECRET=some_secret_token
安装依赖
$ cd konga # 安装npm 依赖 $ npm i $ npm install -g pm2 # 启动 pm2 start
结果如下:
$pm2 start >>>> In-memory PM2 is out-of-date, do: >>>> $ pm2 update In memory PM2 version: 5.1.0 Local PM2 version: 5.1.2 [PM2] Applying action restartProcessId on app [app](ids: 0) [PM2] [app](0) ✓ ┌─────┬────────┬─────────────┬─────────┬─────────┬──────────┬────────┬──────┬───────────┬──────────┬──────────┬──────────┬──────────┐ │ id │ name │ namespace │ version │ mode │ pid │ uptime │ ↺ │ status │ cpu │ mem │ user │ watching │ ├─────┼────────┼─────────────┼─────────┼─────────┼──────────┼────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────────┤ │ 0 │ app │ default │ 0.14.9 │ fork │ 26023 │ 0s │ 16 │ online │ 0% │ 16.1mb │ root │ disabled │ └─────┴────────┴─────────────┴─────────┴─────────┴──────────┴────────┴──────┴───────────┴──────────┴──────────┴──────────┴──────────┘ [root@hwy-hn1-carsales-baseservice-prd-03 konga]# cat .env PORT=1337 NODE_ENV=production KONGA_HOOK_TIMEOUT=120000 DB_ADAPTER=postgres DB_URI=postgresql://konga@127.0.0.1:5432/konga DB_PASSWORD=konga KONGA_LOG_LEVEL=warn TOKEN_SECRET=some_secret_token
图解:
Service 和upstream 的对应关系如下: Kong Gateway 集群部署比如我们要横向扩展kong的话,只需要安装多个kong,然后数据库指向同一个postgresql即可。
在多节点Kong集群中,节点A做了修改。连接到同一数据库的其他节点不会立即被通知修改。虽然,服务在数据库中修改,但它仍然存在其他节点的内存中。
所有节点都会执行一个定时任务,与其他节点触发的更改同步,从而保持最终一致性。这项工作的频率可以通过以下方式进行配置:
- db_update_frequency (默认: 5秒)
log_level = warn
proxy_access_log = /home/data/logs/car-kong-gateway/kong.access.logstash_json
proxy_error_log = /home/data/logs/car-kong-gateway/error.log
admin_access_log = /home/data/logs/car-kong-gateway/admin_access.log
admin_error_log = /home/data/logs/car-kong-gateway/error.log
proxy_listen = 0.0.0.0:80
admin_listen = 0.0.0.0:8001
nginx_main_worker_rlimit_nofile = 165535
nginx_events_worker_connections = 165535
nginx_events_use = epoll
##
pg_host = 127.0.0.1
pg_port = 5432
pg_timeout = 5000
pg_user = kong
pg_password = 123456
pg_database = kong
##
#db_update_frequency = 5 # Frequency (in seconds) at which to check for
# updated entities with the datastore.
修改kong的access日志方便elk采集
原理:
kong网关启动时,通过模板渲染的方式生成nginx.conf文件,在/usr/local/kong/目录下有两个文件。nginx.conf文件 include了nginx-kong.conf文件。
而nginx-kong.conf文件就是通过渲染方式得到,每次kong start,都会据/etc/kong/kong.conf文件和模板生成。主要用到lua第三方库penlight。
查看kong源码可以看到目录结构templates下的nginx_kong.lua文件,修改这个文件可以生成自定义的nginx-kong.conf文件。
vim /usr/local/share/lua/5.1/kong/templates/nginx_kong.lua
$sudo vim /usr/local/share/lua/5.1/kong/templates/nginx_kong.lua
... 省略
balancer_by_lua_block {
Kong.balancer()
}
}
## 日志格式定制
log_format logstash_json '{ "timestamp": "$time_local", '
'"domain": "$host", '
'"remote_addr": "$remote_addr", '
'"status": "$status", '
'"request_time": "$request_time", '
'"upstream_response_time": "$upstream_response_time", '
'"body_bytes_sent":"$body_bytes_sent", '
'"request": "$request", '
'"http_referrer": "$http_referer", '
'"upstream_status": "$upstream_status", '
'"upstream_addr": "$upstream_addr", '
'"http_x_real_ip": "$http_x_real_ip", '
'"http_x_forwarded_proto": "$http_x_forwarded_proto", '
'"http_x_forwarded_for": "$http_x_forwarded_for", '
'"http_user_agent": "$http_user_agent",'
'"request_filename": "$request_filename" }';
server {
server_name kong;
> for _, entry in ipairs(proxy_listeners) do
listen $(entry.listener);
> end
error_page 400 404 405 408 411 412 413 414 417 494 /kong_error_handler;
error_page 500 502 503 504 /kong_error_handler;
access_log ${{PROXY_ACCESS_LOG}} logstash_json;
error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}};
... 省略
重启进行生效:
## 配置生效
kong reload
## 查看结果
$tailf kong.access.logstash_json
172.30.202.64 - - [11/Jan/2022:13:47:02 +0800] "GET /crm HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"
172.30.202.64 - - [11/Jan/2022:13:51:25 +0800] "GET /crm HTTP/1.1" 200 12 "-" "curl/7.55.1"
{ "timestamp": "11/Jan/2022:14:03:04 +0800", "domain": "ops.com", "remote_addr": "172.30.202.64", "status": "200", "request_time": "0.005", "upstream_response_time": "0.004", "body_bytes_sent":"12", "request": "GET /crm HTTP/1.1", "http_referrer": "-", "upstream_status": "200", "upstream_addr": "172.19.192.248:5000", "http_x_real_ip": "-", "http_x_forwarded_proto": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.55.1","request_filename": "/usr/local/kong/html/crm" }
{ "timestamp": "11/Jan/2022:14:05:52 +0800", "domain": "ops.com", "remote_addr": "172.30.202.64", "status": "200", "request_time": "0.005", "upstream_response_time": "0.004", "body_bytes_sent":"12", "request": "GET /crm HTTP/1.1", "http_referrer": "-", "upstream_status": "200", "upstream_addr": "172.19.192.248:5000", "http_x_real_ip": "-", "http_x_forwarded_proto": "-", "http_x_forwarded_for": "-", "http_user_agent": "curl/7.55.1","request_filename": "/usr/local/kong/html/crm" }
