Open source API gateway Kong

Kong is a Lua application running on Nginx, implemented by lua-nginx-Module. Kong is packaged with OpenResty, which already includes lua-nginx-Module. OpenResty is not an offshoot of Nginx, but a set of modules that extend its functionality.

1. Two main components

• Kong Server, an Nginx-based Server, is used to receive API requests.
• Apache Cassandra, for storing operational data.

2. Installation and deployment (test environment:konga.local/#! / dashboar…, host: 192.168.0.231 konga.local), current version: V1.3.0

A. Basic Installation (Docker as an example)

Kong supports installation and deployment in various common operating environments, such as CentOS, Debian, Ubuntu, Docker, and K8S. For installation details, refer to the official documents. Kong supports database and non-database deployment in various environments.

The Docker deployment script is used as an example

• Database schema

#Create an Exclusive Kong network
> docker network create kong-net
#Creating a database
>docker run -d --name kong-database \
    --network=kong-net \
    -p 5432:5432 \
    -e "POSTGRES_USER=kong" \
    -e "POSTGRES_DB=kong" \
    postgres:9.6

#Initialize data
> docker run --rm \
    --network=kong-net \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=kong-database" \
    -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
    kong:latest kong migrations bootstrap

#Run Kong
#Port: 8000 Http, 8443 Https,8001 Admin API Http,8444 Admin API Https
> docker run -d --name kong \--network=kong-net \ -e "KONG_DATABASE=postgres" \ -e "KONG_PG_HOST=kong-database" \ -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \ -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_LISTEN = 0.0.0.0:8001, 0.0.0.0:8444 SSL "\ -p 8000:8000 \ -p 8001:8443 \ -p 8001:8001 \ -p 8444:8444 \ kong:latestCopy the code

• File storage mode

#Creating an Exclusive Network
> docker network create kong-net

#Create a Docker volume
> docker volume create kong-vol

#Check the volume
> docker volume inspect kong-vol

#Run Kong,kong.yml as the configuration file
#Port: 8000 Http, 8443 Https,8001 Admin API Http,8444 Admin API Https
> docker run -d --name kong \--network=kong-net \ -v "kong-vol:/usr/local/kong/declarative" \ -e "KONG_DATABASE=off" \ -e "KONG_DECLARATIVE_CONFIG=/usr/local/kong/declarative/kong.yml" \ -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_LISTEN = 0.0.0.0:8001, 0.0.0.0:8444 SSL "\ -p 8000:8000 \ -p 8001:8443 \ -p 8001:8001 \ -p 8444:8444 \ kong:latestCopy the code

B. Kong Dashboard

#Konga (recommended)
> docker run -p 1337:1337--network {{kong-network}} \ // optional -e "TOKEN_SECRET={{somerandomstring}}" \ -e "DB_ADAPTER=the-name-of-the-adapter" \ // 'mongo','postgres','sqlserver' or 'mysql' -e "DB_HOST=your-db-hostname" \ -e "DB_PORT=your-db-port" \ // Defaults to the default db port -e "DB_USER=your-db-user" \ // Omit if not relevant -e "DB_PASSWORD=your-db-password" \ // Omit if not relevant -e "DB_DATABASE=your-db-name" \ // Defaults to 'konga_database'  -e "DB_PG_SCHEMA=my-schema"\ // Optionally define a schema when integrating with prostgres -e "NODE_ENV=production" \ // or 'development' | defaults to 'development' --name konga \ pantsel/konga
# kong-dashboard
> docker run --name=kong-dashboard -p 8080:8080 pgbi/kong-dashboard start \
  --kong-url http://kong:8001
  --basic-auth user1=password1 user2=password2
Copy the code

3. Basic functions (konga as an example)

Application level menu

1. Connections Kong connection, used to configure the AdminAPI address of Kong. After the configuration is successful, the Kong-level menu is displayed.
2. Snapshots that store Snapshots of Kong nodes and quickly restore node configurations.

API Gateway Menu

1. Consumers API gateway Consumers, used for various authentication and traffic limiting control, etc.
2. Services Specifies the upstream service information, including the service name, Host, and Port.
3. The Routes route is used to configure downstream routing information and define the egress Path of the service, including the route name, Host, Path, Methods, and Http/Https.
4. Plugins, which can be configured in Service or Route, mainly include authentication, security, traffic limiting, monitoring, logging and customization modules. It officially provides relatively comprehensive basic plug-in functions.
5. Upstream in the Upstreams nginx class to configure Upstream service information.
6. Certificates management.

1. Add Services: Services -> Create Services

Note: Since Kong is deployed in a K8S environment, you can directly use the service name in K8S + Port number to define the Host and Port of the service.

2. Add Route: Services -> Service Detail -> Routes -> Add Route

Once configured, we can access our service.

#Host: https://192.168.0.231:31617/config or http://192.168.0.231:32740/config config. Kong
> curl -ik -H "Host":"config.kong" https://192.168.0.231:31617/config/basic/devHTTP/1.1 200 OK Content-type: Application /json; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Date: Thu, 17 Oct 2019 02:05:16 GMT Server: Kestrel X - Kong - Upstream - Latency: 3 X - Kong - Proxy - Latency: 10007 Via: Kong / 1.3.0 {" logLevel ":" Debug ",... }Copy the code

The plug-in configuration

There are two ways to Add Plugin: 1. Service Plugin Servcies -> Service Detail -> Plugins -> Add Plugin 2. Plugins -> Routes -> details -> Plugins -> Add Plugin

certification

1.Basic authentication # Header: Authorization Basic Base64 (USERNAME :password) # 2. Cookie and header, can be customized key name # key claim general iss # JWT generation & validation: https://jwt.io/ # 3.OAuth2 authentication # authentication address: Oauth2 /authorize # Obtain token address: oAuth2 /token # Refresh token address: oAuth2 /tokenCopy the code

security

Cors cross-domain resource sharing # 4 Ip Restriction # 4 Bot DetectionCopy the code

Current limiting

Response Ratelimiting Response speed limit Request Size limit Request Termination The request is blocked/terminatedCopy the code

The log

monitoring

Forward requests

The custom

4. Admin API

AdminAPI