15. 微服務API網關-kong初探-2(15.5系統怎么樣)
五 部署
5.1 物理服務器部署
5.1.1 配置yum源
sudo yum update -y sudo yum install -y wget wget https://bintray.com/kong/kong-rpm/rpm -O bintray-kong-kong-rpm.repo export major_version=`grep -oE '[0-9]+\.[0-9]+' /etc/redhat-release | cut -d "." -f1` sed -i -e 's/baseurl.*/&\/centos\/'$major_version''/ bintray-kong-kong-rpm.repo sudo mv bintray-kong-kong-rpm.repo /etc/yum.repos.d/ sudo yum update -y sudo yum install -y kong
5.1.2 數據庫安裝
Kong支持PostgreSQL v9.5+和Cassandra 3.x.x作為數據存儲。
按照文檔安裝PostgreSQL v11: https://www.postgresql.org/download/linux/redhat/
# 安裝PostgreSQL v11 yum install -y https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm yum install -y postgresql11 postgresql11-server # 自啟 /usr/pgsql-11/bin/postgresql-11-setup initdb systemctl enable postgresql-11 systemctl start postgresql-11
# 登錄psql sudo su postgres psql # 創建數據庫,官方默認無密碼,此處我使用密碼 # CREATE USER kong; CREATE DATABASE kong OWNER kong; CREATE USER kong with password 'kong'; CREATE DATABASE kong OWNER kong; grant all privileges on database kong to kong; # 這里可能會報連接錯誤 # psql: 致命錯誤: 對用戶"kong"的對等認證失敗 sudo find / -name pg_hba.conf /var/lib/pgsql/11/data/pg_hba.conf # 修改安全配置 vim /var/lib/pgsql/11/data/pg_hba.conf # METHOD指定如何處理客戶端的認證。常用的有ident,md5,password,trust,reject # ident是Linux下PostgreSQL默認的local認證方式,凡是能正確登錄服務器的操作系統用戶(注:不是數據庫用戶)就能使用本用戶映射的數據庫用戶不需密碼登錄數據庫。 # md5是常用的密碼認證方式,如果你不使用ident,最好使用md5。密碼是以md5形式傳送給數據庫,較安全,且不需建立同名的操作系統用戶。 # password是以明文密碼傳送給數據庫,建議不要在生產環境中使用。 # trust是只要知道數據庫用戶名就不需要密碼或ident就能登錄,建議不要在生產環境中使用。 # reject是拒絕認證。 # "local" is for Unix domain socket connections only local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 # 將peer改為md5() # "local" is for Unix domain socket connections only local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 ident # IPv6 local connections: host all all ::1/128 ident # 重啟psql systemctl restart postgresql-11 # 登錄postgre psql -U kong # 輸入密碼 # 查看幫助 \h # 退出 \q
# 這里需要提前配置kong配置文件,默認/etc/kong/kong.conf.default cp /etc/kong/kong.conf.default /etc/kong/kong.conf # 修改里面的數據庫配置,寫入用戶、密碼、數據庫、端口等信息 vim /etc/kong/kong.conf [root@kong-server software]# egrep -v "^#|^$|^[[:space:]]+#" /etc/kong/kong.conf database = postgres # Determines which of PostgreSQL or Cassandra pg_host = 127.0.0.1 # Host of the Postgres server. pg_port = 5432 # Port of the Postgres server. pg_timeout = 5000 # Defines the timeout (in ms), for connecting, pg_user = kong # Postgres user. pg_password = kong # Postgres user's password. pg_database = kong # The database name to connect to. # Kong migrations kong migrations bootstrap [-c /path/to/kong.conf] [root@kong-server software]# kong migrations bootstrap -c /etc/kong/kong.conf Bootstrapping database... migrating core on database 'kong'... core migrated up to: 000_base (executed) core migrated up to: 001_14_to_15 (executed) core migrated up to: 002_15_to_1 (executed) core migrated up to: 003_100_to_110 (executed) core migrated up to: 004_110_to_120 (executed) core migrated up to: 005_120_to_130 (executed) migrating hmac-auth on database 'kong'... hmac-auth migrated up to: 000_base_hmac_auth (executed) hmac-auth migrated up to: 001_14_to_15 (executed) migrating oauth2 on database 'kong'... oauth2 migrated up to: 000_base_oauth2 (executed) oauth2 migrated up to: 001_14_to_15 (executed) oauth2 migrated up to: 002_15_to_10 (executed) migrating jwt on database 'kong'... jwt migrated up to: 000_base_jwt (executed) jwt migrated up to: 001_14_to_15 (executed) migrating basic-auth on database 'kong'... basic-auth migrated up to: 000_base_basic_auth (executed) basic-auth migrated up to: 001_14_to_15 (executed) migrating key-auth on database 'kong'... key-auth migrated up to: 000_base_key_auth (executed) key-auth migrated up to: 001_14_to_15 (executed) migrating rate-limiting on database 'kong'... rate-limiting migrated up to: 000_base_rate_limiting (executed) rate-limiting migrated up to: 001_14_to_15 (executed) rate-limiting migrated up to: 002_15_to_10 (executed) rate-limiting migrated up to: 003_10_to_112 (executed) migrating acl on database 'kong'... acl migrated up to: 000_base_acl (executed) acl migrated up to: 001_14_to_15 (executed) migrating response-ratelimiting on database 'kong'... response-ratelimiting migrated up to: 000_base_response_rate_limiting (executed) response-ratelimiting migrated up to: 001_14_to_15 (executed) response-ratelimiting migrated up to: 002_15_to_10 (executed) migrating session on database 'kong'... session migrated up to: 000_base_session (executed) 27 migrations processed 27 executed Database is up-to-date
5.1.2 啟動kong
在無數據庫模式配置Kong,一旦Kong啟動,訪問Admin API的/根端點已驗證它是否在沒有數據庫的情況下運行。
# Setting Up Kong in DB-less mode 要在無數據庫模式下使用Kong,有兩種方式: 修改配置文件kong.conf vim /etc/kong/kong.conf # database = postgres database=off # 或 export KONG_DATABASE=off # 檢查配置,此命令將考慮您當前設置的環境變量,并在設置無效時報錯。此外,您還可以在調試模式下使用CLI,以便更深入地了解Kong的啟動屬性 kong start -c
kong start [-c /path/to/kong.conf] [root@kong-server software]# kong start -c /etc/kong/kong.conf Kong started [root@kong-server software]# kong health nginx.......running Kong is healthy at /usr/local/kong [root@kong-server software]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:8444 0.0.0.0:* LISTEN 31050/nginx: master tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 31050/nginx: master tcp 0 0 127.0.0.1:8001 0.0.0.0:* LISTEN 31050/nginx: master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1453/sshd tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 30638/postmaster tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 31050/nginx: master tcp6 0 0 ::1:5432 :::* LISTEN 30638/postmaster udp 0 0 0.0.0.0:68 0.0.0.0:* 780/dhclient udp 0 0 172.16.16.16:123 0.0.0.0:* 3006/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 3006/ntpd udp6 0 0 fe80::5054:ff:fe94::123 :::* 3006/ntpd udp6 0 0 ::1:123 :::* 3006/ntpd [root@kong-server software]# curl http://localhost:8001 停止: kong stop 重新加載: kong reload
5.1.3 安裝konga
konga為目前最先版本的kong的dashboard,由于kong-dashboard目前為更新適應新版本的kong,推薦使用konga
konga帶來的一個最大的便利就是可以很好地通過UI觀察到現在kong的所有的配置,并且可以對于管理kong節點情況進行查看、監控和預警,konga主要特性如下:
多用戶管理
管理多個Kong節點
電子郵件異常信息通知
管理所有Kong Admin API
使用快照備份,還原和遷移Kong節點
使用運行狀況檢查監控節點和API狀態
輕松的數據庫集成(MySQL,postgresSQL,MongoDB)
node安裝
yum -y install git cd /data/software && wget https://npm.taobao.org/mirrors/node/v10.16.2/node-v10.16.2-linux-x64.tar.xz tar -xf node-v10.16.2-linux-x64.tar.xz mv node-v10.16.2-linux-x64 node # 修改為root的權限 chown root.root node -R cat > /etc/profile.d/node.sh << EOF export PATH=$PATH:/data/software/node/bin EOF source /etc/profile.d/node.sh node -v # 安裝插件 npm install -g glup npm install -g bower npm install -g sails npm install -g node-gyp npm install -g grunt-sass npm install -g node-sass npm run bower-deps npm install sails-postgresql
安裝konga
git clone https://github.com/pantsel/konga.git cd konga npm install konga #使用postgresql CREATE USER konga with password 'konga'; CREATE DATABASE konga OWNER konga; grant all privileges on database konga to konga;
配置
cp config/local_example.js config/local.js # 配置默認數據庫 vi ./local.js models: { connection: process.env.DB_ADAPTER || 'localDiskDb', }, # 改成 models: { connection: process.env.DB_ADAPTER || 'postgres', // 這里可以用‘mysql’,‘mongo’,‘sqlserver’,‘postgres’ }, # 保存 # 修改數據庫默認配置 vi connections.js postgres: { adapter: 'sails-postgresql', url: process.env.DB_URI, host: process.env.DB_HOST || 'localhost', user: process.env.DB_USER || 'konga', password: process.env.DB_PASSWORD || 'konga', port: process.env.DB_PORT || 5432, database: process.env.DB_DATABASE ||'konga', // schema: process.env.DB_PG_SCHEMA ||'public', poolSize: process.env.DB_POOLSIZE || 10, ssl: process.env.DB_SSL ? true : false // If set, assume it's true }, # 保存 # 啟動 cd ../ npm start # pm2 管理 npm install -g pm2 cd konga pm2 start app.js --name konga pm2 logs 0|konga | info: Sails <| .-..-. 0|konga | info: v0.12.14 |\ 0|konga | info: /|.\ 0|konga | info: / || \ 0|konga | info: ,' |' \ 0|konga | info: .-'.-==|/_--' 0|konga | info: `--'-------' 0|konga | info: __---___--___---___--___---___--___ 0|konga | info: ____---___--___---___--___---___--___-__ 0|konga | info: 0|konga | info: Server lifted in `/data/software/konga` 0|konga | info: To see your app, visit http://localhost:1338 0|konga | info: To shut down Sails, press
訪問
IP:1338,默認用戶:admin,密碼:adminadminadmin
配置鏈接kong, http://localhost:8001
5.2 docker中運行
5.2.1 Docker中部署
1.您需要創建一個自定義網絡,以允許容器相互發現和通信。在此示例中kong-net是網絡名稱,您可以使用任何名稱。 docker network create kong-net 2.啟動數據庫PostgreSQL docker run -d --name kong-database --network=kong-net -p 5432:5432 -e "POSTGRES_USER=kong" -e "POSTGRES_DB=kong" -e "POSTGRES_PASSWORD=kong" postgres 3.準備數據庫 docker run --rm --network=kong-net -e "KONG_DATABASE=postgres" -e "KONG_PG_HOST=kong-database" -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" -e "KONG_PG_PASSWORD=kong" kong kong migrations bootstrap 4.啟動kong docker run -d --name kong --network=kong-net -e "KONG_DATABASE=postgres" -e "KONG_PG_HOST=kong-database" -e "KONG_PG_PASSWORD=kong" -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" -e "KONG_PROXY_ERROR_LOG=/dev/stderr" -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" -p 8000:8000 -p 8443:8443 -p 8001:8001 -p 8444:8444 kong 5.運行konga 注意DB_HOST為自己的ip地址 docker run -d -p 1337:1337 --network kong-net -e "TOKEN_SECRET=mark666" -e "DB_ADAPTER=postgres" -e "DB_HOST=10.234.2.204" -e "DB_PORT=5432:5432" -e "DB_USER=kong" -e "DB_PASSWORD=kong" -e "DB_DATABASE=kong_database" --name konga pantsel/konga
5.2.2 docker-compose部署
創建虛擬網絡
docker network create kong-net
后續的應用及數據庫都使用這個虛擬網絡。
編寫docker-compose.yaml
version: "3.7" services: kong: # 鏡像版本,目前最新 image: kong:1.1.2 environment: # 數據持久化方式,使用postgres數據庫 - "KONG_DATABASE=postgres" # 數據庫容器名稱,Kong連接數據時使用些名稱 - "KONG_PG_HOST=kong-database" # 數據庫名稱 - "KONG_CASSANDRA_CONTACT_POINTS=kong-database" # 日志記錄目錄 - "KONG_PROXY_ACCESS_LOG=/dev/stdout" - "KONG_ADMIN_ACCESS_LOG=/dev/stdout" - "KONG_PROXY_ERROR_LOG=/dev/stderr" - "KONG_ADMIN_ERROR_LOG=/dev/stderr" # 暴露的端口 - "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" ports: - 8000:8000 - 8443:8443 - 8001:8001 - 8444:8444 # 使用docker網絡 networks: - kong-net # 依賴數據庫服務 depends_on: - kong-database # kong 管理界面 konga: image: pantsel/konga environment: - "TOKEN_SECRET=51liveup.cn" - "NODE_ENV=production" ports: - 8080:1337 networks: - kong-net depends_on: - kong-database - # 數據庫服務 kong-database: image: postgres:9.6 ports: - "5432:5432" environment: # 訪問數據庫的用戶 - POSTGRES_USER=kong - POSTGRES_DB=kong networks: - kong-net volumes: # 同步時間 - /etc/localtime:/etc/localtime:ro # 數據庫持久化目錄 - /data/data/postgresql:/var/lib/postgresql/data networks: kong-net: external: true
使用docker-compose up 命令啟動服務。會發現啟動時報數據庫錯誤,這是因為kong 使用的postgres 數據還需要進行初始化才能使用。
初始化數據庫
docker run --rm \ --network=kong-net \ -e "KONG_DATABASE=postgres" \ -e "KONG_PG_HOST=kong-database" \ -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \ kong:latest kong migrations bootstrap
一定要在創建數據庫容器之后,并且保持數據庫的Docker容器在運行狀態,再執行初始化數據庫,數據庫初始化成功后,再次使用docker-compose up -d 啟動服務就可以了。
驗證
curl -i http://localhost:8001/
dashboard
另外,也可以安裝一個Kong的客戶端來驗證。在安裝有Docker引擎的操作系統上執行如下的命令:
1.0之后的kong-dashboard就已經不兼容了,建議使用konga
5.2.3 安裝kong-dashboard
Kong Dashboard 3.3.0 is only partially compatible with Kong 0.13. It does not support the new Service and Route objects introduced in Kong 0.13.
# 下載鏡像pgbi/kong-dashboard [root@master data]# docker run --rm -p 8080:8080 pgbi/kong-dashboard start --kong-url http://10.234.2.204:30493 --basic-auth admin=kong@anchnet.com Connecting to Kong on http://10.234.2.204:30493 ... What's on http://10.234.2.204:30493 isn't Kong [root@master data]# kubectl get svc |grep kong kong-kong-admin NodePort 10.104.75.151
通過docker安裝一個Kong-Dashboard,安裝完成后,通過瀏覽器訪問:
5.3 kubernetes部署
5.3.1 前置條件
已有Kubernetes 1.6+環境;
已部署helm客戶端和tiller服務端(請參考:https://docs.helm.sh/using_helm/#installing-helm)
在Kubernetes中創建了具備足夠權限訪問權限的service account;
并通過此service account在Kubernetes部署了tiller服務端(請參考:https://docs.helm.sh/using_helm/#role-based-access-control)。
5.3.2 helm char配置
下表列示了Kong chart的配置參數和默認值:
5.3.3 安裝chart
啟用數據庫需要先安裝pvc
--- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: data-kong-postgresql-0 spec: storageClassName: ceph-rdb accessModes: - ReadWriteOnce resources: requests: storage: 4Gi # 部署pvc [root@master data]# kubectl get pvc |grep api-gateway data-api-gateway-postgresql-0 Bound pvc-d280166c-c03d-11e9-a45a-facf8ddba000 8Gi RWO ceph-rdb 11s
helm fetch stable/kong --version 0.13.0 [root@master kong-deploy]# helm install -n api-gateway kong/ NAME: api-gateway LAST DEPLOYED: Fri Aug 16 23:53:37 2019 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Job NAME COMPLETIONS DURATION AGE api-gateway-kong-init-migrations 0/1 0s 0s ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE api-gateway-kong-79f697ff7c-bcr7m 0/1 Init:0/1 0 0s api-gateway-kong-init-migrations-hxgd6 0/1 Init:0/1 0 0s api-gateway-postgresql-0 0/1 Init:0/1 0 0s ==> v1/Secret NAME TYPE DATA AGE api-gateway-postgresql Opaque 1 0s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE api-gateway-kong-admin NodePort 10.100.226.67
API API網關 APIG 微服務 數據庫
版權聲明:本文內容由網絡用戶投稿,版權歸原作者所有,本站不擁有其著作權,亦不承擔相應法律責任。如果您發現本站中有涉嫌抄襲或描述失實的內容,請聯系我們jiasou666@gmail.com 處理,核實后本網站將在24小時內刪除侵權內容。
版權聲明:本文內容由網絡用戶投稿,版權歸原作者所有,本站不擁有其著作權,亦不承擔相應法律責任。如果您發現本站中有涉嫌抄襲或描述失實的內容,請聯系我們jiasou666@gmail.com 處理,核實后本網站將在24小時內刪除侵權內容。
相關文章
