建立/激活鏈接
使用Kong的第一步是激活鏈接��,登錄Kong管理后臺��,找到 Connections�����,把Kong的Api鏈接上,因為我本地的端口進行了映射��,所以需要找到Docker的network 上的ip�����,進行綁定, ip 地址 172.19.0.3
(相關資料圖)
docker network inspect gateway_net
"dcb524ba2b30e16e6453b9159ceb4edb642c42ea84dd00ee4ce1cd158737a118": { "Name": "kong-ee", "EndpointID": "4bcabe9c26cb082ba55f95ff9257b5cc3ff57d6f80059ac76501c7bd7eeba09f", "MacAddress": "02:42:ac:13:00:03", "IPv4Address": "172.19.0.3/16", "IPv6Address": ""},
配置負載均衡
上圖是Kong實現負載均衡的流程圖����,Kong的使用非常簡單�����,使用 Http Api的方式添加:
1.添加upstreams
POST http://127.0.0.1:9001/upstreams{ "name":"audio-upstream"}
2.添加Target
POST http://127.0.0.1:9001/upstreams/audio-upstream/targets{ "target":"127.0.0.1:9502", "weight":100}
192.168.251.2
3.配置Service
POST http://127.0.0.1:9001/services{ "name":"audio-service", "host":"audio-upstream"}
4.配置Route
配置Route的時候�����,paths參數必須以/開頭
POST http://127.0.0.1:9001/services/audio-service/routes{ "name":"audio-service-route", "paths[]":"/audio"}
認證
1.Basic認證
用戶名密碼的認證方式�,在Konga的Consumers添加就可以了
POST http://127.0.0.1:9001/routes/audio-service-route/plugins{ "name":"basic-auth", "config.hide_credentials":"true"}
2.jwt認證
1.添加jwt認證操作組件操作
POST http://127.0.0.1:9001/services/audio-service/plugins{ "name":"jwt"}
2.設置jwt加密方式����,參數說明:
algorithm : 加密方式key :Consumers里面設置的keysecret:自定義32位的加密串
POST http://127.0.0.1:9001/consumers/test/jwt{ "algorithm":"HS256", "key":"test", "secret":"UmVZkyvSPOiGgVW2B1g1uhkM0tSPl5o3"}
限流
相較于權限驗證�����,Kong的限流就比較簡單了許多��,Kong采用計數器的形式進行限流���。
config.minute :沒分5次config.limit_by:根據ip限流
POST http://127.0.0.1:9001/services/audio-service/plugins{ "name":"rate-limiting", "config.minute":5, "config.limit_by":"ip"}
黑/白名單
Kong的黑/白名單功能是根據限制ip實現的����。
POST http://127.0.0.1:9001/services/audio-service/plugins{ "name":"ip-restriction", "config.deny":"127.0.0.1"}
責編:BKM355
關鍵詞:
