Kong Kubernetes-Native 实战

2024-06-16 05:08
文章标签 实战 kubernetes native kong

本文主要是介绍Kong Kubernetes-Native 实战,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

前言

Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway or API Middleware). Made available as an open-source project in 2015, its core values are high performance and extensibility.
Actively maintained, Kong is widely used in production at companies ranging from startups to Global 5000 as well as government organizations.

Kong是目前社区最流行的云原生API网关。高性能可扩展两大特性使得Kong被各大厂商广泛使用

在深入Kong使用前有必要对Kong的作用进行概述:

If you are building for the web, mobile, or IoT (Internet of Things) you will likely end up needing common functionality to run your actual software. Kong can help by acting as a gateway (or a sidecar) for microservices requests while providing load balancing, logging, authentication, rate-limiting, transformations, and more through plugins.

也即在进行微服务开发时,我们需要一些公共的特性和功能,例如:日志、负载均衡、认证以及Rate limiting等。而Kong(API网关)便充当着这个角色,使服务与这些公共功能解耦,让开发者更加专注于自身的服务开发和运维,从这些繁琐的外围事情中解脱出来。更直观的对比如下:
在这里插入图片描述
在旧的服务管理体制下,各个服务需要各自开发具有相同功能的诸如日志、认证以及Rate limiting等模块,不仅增加了开发者负担也增加了整个系统的冗余度;而对比Kong(API网关)作为这些公共服务的统一接入层,所有外围服务均由Kong实现,整个系统结构清晰且易维护

Kong

这里我们从Kong Admin API为切入点深入Kong的使用

一、Kong Admin API

By default Kong listens on the following ports:

  • :8000 on which Kong listens for incoming HTTP traffic from your clients, and forwards it to your upstream services.
  • :8443 on which Kong listens for incoming HTTPS traffic. This port has a similar behavior as the :8000 port, except that it expects HTTPS traffic only. This port can be disabled via the configuration file.
  • :8001 on which the Admin API used to configure Kong listens.
  • :8444 on which the Admin API listens for HTTPS traffic.

如图:
在这里插入图片描述

  • 1、Proxy端口(8000 or 8443)用于代理后端服务
  • 2、Admin端口(8001 or 8444)用于管理Kong配置,对Kong配置进行CRUD操作(Konga就是利用Admin API实现的GUI)

二、Kong Configuration Mode

在详细介绍Kong具体使用之前,我们先介绍一下Kong的两种使用模式:

  • DB-less mode:使用declarative configuration,所有配置存放于一个配置文件中(YAML or JSON格式),不需要使用数据库,而修改配置的方法有两种:
    • 1、静态——在kong初始化时指定declarative_config文件路径:
      $ export KONG_DATABASE=off
      $ export KONG_DECLARATIVE_CONFIG=kong.yml
      $ kong start -c kong.conf
      
    • 2、动态——在kong运行期间,调用Kong Admin API:
      $ http :8001/config config=@kong.yml
      
    另外,由于是采用declarative configuration设计,所以只支持Read-Only Admin API,也即:只支持GET;不支持POST, PATCH, PUT or DELETE等Methods
  • DB mode: 使用imperative configuration,需要使用数据库(PostgreSQL or Cassandra),并通过Kong Admin API对配置进行CRUD操作

这两种模式各有优缺点,如下:

  • DB-less mode

    • Pros:
      • 1、无需使用数据库,减少了对数据库的依赖,减少部署&运维成本
    • Cons:
      • 1、由于采用declarative configuration设计,更新规则必须全量更新,重置整个配置文件,无法做到局部更新(调用Kong Admin API/config)
      • 2、不支持Konga对Kong的管理
      • 3、插件兼容性较差,无法支持所有Kong插件,详情见Plugin Compatibility
  • DB mode

    • Pros:
      • 1、支持调用Kong Admin API CRUD,支持局部更新
      • 2、支持Konga对Kong的管理
      • 3、插件兼容性好,可以支持所有Kong插件
    • Cons:
      • 1、需要使用数据库,增加了对数据库的依赖,增加部署&运维成本

三、Kong Used As HTTP Proxy

由于Kong DB mode更加便于举例说明,这里我们采用Kong DB mode展示如何使用Kong代理HTTP请求

首先介绍一下Kong Proxy几个关键概念:

  • client: Refers to the downstream client making requests to Kong’s proxy port.
  • upstream service: Refers to your own API/service sitting behind Kong, to which client requests/connections are forwarded.
  • Service: Service entities, as the name implies, are abstractions of each of your own upstream services. Examples of Services would be a data transformation microservice, a billing API, etc.
  • Route: This refers to the Kong Routes entity. Routes are entrypoints into Kong, and defining rules for a request to be matched, and routed to a given Service.
  • Target: A target is an ip address/hostname with a port that identifies an instance of a backend service. Every upstream can have many targets, and the targets can be dynamically added. Changes are effectuated on the fly.
  • Plugin: This refers to Kong “plugins”, which are pieces of business logic that run in the proxying lifecycle. Plugins can be configured through the Admin API - either globally (all incoming traffic) or on specific Routes and Services.

举一个例子对上述概念进行说明:

一个典型的 Nginx 配置:

upstream testUpstream {server localhost:3000 weight=100;
}server {listen  80;location /test {proxy_pass http://testUpstream;}
}

转换为Kong Admin API请求如下:

# configurate service
curl -X POST http://localhost:8001/services --data "name=test" --data "host=testUpstream"
# configurate route
curl -X POST http://localhost:8001/routes --data "paths[]=/test" --data "service.id=92956672-f5ea-4e9a-b096-667bf55bc40c"
# configurate upstream
curl -X POST http://localhost:8001/upstreams --data "name=testUpstream"
# configurate target
curl -X POST http://localhost:8001/upstreams/testUpstream/targets --data "target=localhost:3000" --data "weight=100"

从这个例子可以看出:

  • Service:Kong服务抽象层,可以直接映射到一个物理服务,也可以指向一个Upstream来做到负载均衡
  • Route:Kong路由抽象层,负责将实际请求映射到相应的Service
  • Upstream:后端服务抽象,主要用于负载均衡
  • Target:代表了Upstream中的一个后端服务,是 ip(hostname) + port 的抽象

也即访问链路:Route => Service => Upstream => Target

下面给一个Kong Used As HTTP Proxy的例子,如下:

# step1: create nginx service
$ cat << EOF > nginx-svc.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:name: nginxlabels:app: nginx
spec:replicas: 3selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- name: nginximage: nginx:1.15ports:- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: nginx
spec:selector:app: nginxports:- protocol: TCPport: 80targetPort: 80
EOF$ kubectl apply -f nginx-svc.yml
deployment.apps/nginx created
service/nginx created$ kubectl get svc 
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
nginx        ClusterIP   172.28.255.197   <none>        80/TCP    5h18m# step2: create kong nginx service
$ curl -s -X POST --url http://172.28.255.207:8001/services/ \
> -d 'name=nginx' \
> -d 'protocol=http' \
> -d 'host=nginxUpstream' \
> -d 'port=80' \
> -d 'path=/' \
> | python -m json.tool
{"client_certificate": null,"connect_timeout": 60000,"created_at": 1580560293,"host": "nginxUpstream","id": "14100336-f5d2-48ef-a720-d341afceb466","name": "nginx","path": "/","port": 80,"protocol": "http","read_timeout": 60000,"retries": 5,"tags": null,"updated_at": 1580560293,"write_timeout": 60000
}# step3: create kong nginx route
$ curl -s -X POST --url http://172.28.255.207:8001/services/nginx/routes \
> -d 'name=nginx' \
> -d 'hosts[]=nginx-test.duyanghao.com' \
> -d 'paths[]=/' \
> -d 'strip_path=true' \
> -d 'preserve_host=true' \
> -d 'protocols[]=http' \
> | python -m json.tool
{"created_at": 1580560619,"destinations": null,"headers": null,"hosts": ["nginx-test.duyanghao.com"],"https_redirect_status_code": 426,"id": "bb678485-0b3e-4e8a-9a46-3e5464fedffc","methods": null,"name": "nginx","paths": ["/"],"preserve_host": true,"protocols": ["http"],"regex_priority": 0,"service": {"id": "14100336-f5d2-48ef-a720-d341afceb466"},"snis": null,"sources": null,"strip_path": true,"tags": null,"updated_at": 1580560619
}# step4: create kong nginx upstream
$ curl -s -X POST --url http://172.28.255.207:8001/upstreams \
> -d 'name=nginxUpstream' \
> | python -m json.tool
{&

这篇关于Kong Kubernetes-Native 实战的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/1065526

相关文章

Python并行处理实战之如何使用ProcessPoolExecutor加速计算

《Python并行处理实战之如何使用ProcessPoolExecutor加速计算》Python提供了多种并行处理的方式,其中concurrent.futures模块的ProcessPoolExecu... 目录简介完整代码示例代码解释1. 导入必要的模块2. 定义处理函数3. 主函数4. 生成数字列表5.

Java Spring 中的监听器Listener详解与实战教程

《JavaSpring中的监听器Listener详解与实战教程》Spring提供了多种监听器机制,可以用于监听应用生命周期、会话生命周期和请求处理过程中的事件,:本文主要介绍JavaSprin... 目录一、监听器的作用1.1 应用生命周期管理1.2 会话管理1.3 请求处理监控二、创建监听器2.1 Ser

Apache 高级配置实战之从连接保持到日志分析的完整指南

《Apache高级配置实战之从连接保持到日志分析的完整指南》本文带你从连接保持优化开始,一路走到访问控制和日志管理,最后用AWStats来分析网站数据,对Apache配置日志分析相关知识感兴趣的朋友... 目录Apache 高级配置实战:从连接保持到日志分析的完整指南前言 一、Apache 连接保持 - 性

MQTT SpringBoot整合实战教程

《MQTTSpringBoot整合实战教程》:本文主要介绍MQTTSpringBoot整合实战教程,本文通过实例代码给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友参考... 目录MQTT-SpringBoot创建简单 SpringBoot 项目导入必须依赖增加MQTT相关配置编写

JavaScript实战:智能密码生成器开发指南

本文通过JavaScript实战开发智能密码生成器,详解如何运用crypto.getRandomValues实现加密级随机密码生成,包含多字符组合、安全强度可视化、易混淆字符排除等企业级功能。学习密码强度检测算法与信息熵计算原理,获取可直接嵌入项目的完整代码,提升Web应用的安全开发能力 目录

Redis迷你版微信抢红包实战

《Redis迷你版微信抢红包实战》本文主要介绍了Redis迷你版微信抢红包实战... 目录1 思路分析1.1hCckRX 流程1.2 注意点①拆红包:二倍均值算法②发红包:list③抢红包&记录:hset2 代码实现2.1 拆红包splitRedPacket2.2 发红包sendRedPacket2.3 抢

springboot项目redis缓存异常实战案例详解(提供解决方案)

《springboot项目redis缓存异常实战案例详解(提供解决方案)》redis基本上是高并发场景上会用到的一个高性能的key-value数据库,属于nosql类型,一般用作于缓存,一般是结合数据... 目录缓存异常实践案例缓存穿透问题缓存击穿问题(其中也解决了穿透问题)完整代码缓存异常实践案例Red

Spring Boot拦截器Interceptor与过滤器Filter深度解析(区别、实现与实战指南)

《SpringBoot拦截器Interceptor与过滤器Filter深度解析(区别、实现与实战指南)》:本文主要介绍SpringBoot拦截器Interceptor与过滤器Filter深度解析... 目录Spring Boot拦截器(Interceptor)与过滤器(Filter)深度解析:区别、实现与实

基于C#实现MQTT通信实战

《基于C#实现MQTT通信实战》MQTT消息队列遥测传输,在物联网领域应用的很广泛,它是基于Publish/Subscribe模式,具有简单易用,支持QoS,传输效率高的特点,下面我们就来看看C#实现... 目录1、连接主机2、订阅消息3、发布消息MQTT(Message Queueing Telemetr

Nginx使用Keepalived部署web集群(高可用高性能负载均衡)实战案例

《Nginx使用Keepalived部署web集群(高可用高性能负载均衡)实战案例》本文介绍Nginx+Keepalived实现Web集群高可用负载均衡的部署与测试,涵盖架构设计、环境配置、健康检查、... 目录前言一、架构设计二、环境准备三、案例部署配置 前端 Keepalived配置 前端 Nginx