2.2、安装postgres,kong依赖于postgres
1、下载镜像
docker pull postgres:9.6-bullseye
docker pull kong/kong-gateway:2.4.1.0-alpine
docker pull pantsel/konga:0.14.9- 这3个镜像的版本必须匹配,否则初始化kong、konga数据时会出现各种问题。
2、安装
2.1、创建网络
docker network create yanshao_net2.2、安装postgres,kong依赖于postgres
docker run -d --network=yanshao_net --name postgres \
-p 5432:5432 \
-e "POSTGRES_USER=kong" \
-e "POSTGRES_DB=kong" \
-e "POSTGRES_PASSWORD=kong" \
postgres:9.6-bullseye备注:
- postgres默认端口5432,通过 -p 5432:5432,将5432暴露出来,当前主机可访问,否则只能在容器内访问。
- -e "POSTGRES_USER=kong"、e "POSTGRES_DB=kong"、-e "POSTGRES_PASSWORD=kong"创建指定的库、用户名、密码
- 启动成功之后,在数据库客户端检查postgres是否安装成功
2.3、初始化kong数据表信息
docker run --rm --network=yanshao_net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=postgres" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_PASSWORD=kong" \
kong/kong-gateway:2.4.1.0-alpine kong migrations bootstrap- -e "KONG_PG_HOST=postgres":是启动posgres数据库时,--name指定的名称
- -e "KONG_DATABASE=postgres": 指定当前kong使用的数据库类型,这里就是postgres
- -e "KONG_PG_PASSWORD=kong" : 数据库密码
- -e "KONG_PASSWORD=kong":数据库用户名
Bootstrapping database...
migrating core on database 'kong'...
core migrated up to: 000_base (executed)
core migrated up to: 003_100_to_110 (executed)
core migrated up to: 004_110_to_120 (executed)
core migrated up to: 005_120_to_130 (executed)
core migrated up to: 006_130_to_140 (executed)
core migrated up to: 007_140_to_150 (executed)
core migrated up to: 008_150_to_200 (executed)
core migrated up to: 009_200_to_210 (executed)
core migrated up to: 010_210_to_211 (executed)
core migrated up to: 011_212_to_213 (executed)
core migrated up to: 012_213_to_220 (executed)
core migrated up to: 013_220_to_230 (executed)
migrating acl on database 'kong'...
acl migrated up to: 000_base_acl (executed)
acl migrated up to: 002_130_to_140 (executed)
acl migrated up to: 003_200_to_210 (executed)
acl migrated up to: 004_212_to_213 (executed)
migrating acme on database 'kong'...
acme migrated up to: 000_base_acme (executed)
migrating basic-auth on database 'kong'...
basic-auth migrated up to: 000_base_basic_auth (executed)
basic-auth migrated up to: 002_130_to_140 (executed)
basic-auth migrated up to: 003_200_to_210 (executed)
migrating bot-detection on database 'kong'...
bot-detection migrated up to: 001_200_to_210 (executed)
migrating canary on database 'kong'...
canary migrated up to: 001_200_to_210 (executed)
migrating degraphql on database 'kong'...
degraphql migrated up to: 000_base (executed)
migrating graphql-rate-limiting-advanced on database 'kong'...
graphql-rate-limiting-advanced migrated up to: 000_base_gql_rate_limiting (executed)
migrating hmac-auth on database 'kong'...
hmac-auth migrated up to: 000_base_hmac_auth (executed)
hmac-auth migrated up to: 002_130_to_140 (executed)
hmac-auth migrated up to: 003_200_to_210 (executed)
migrating ip-restriction on database 'kong'...
ip-restriction migrated up to: 001_200_to_210 (executed)
migrating jwt on database 'kong'...
jwt migrated up to: 000_base_jwt (executed)
jwt migrated up to: 002_130_to_140 (executed)
jwt migrated up to: 003_200_to_210 (executed)
migrating jwt-signer on database 'kong'...
jwt-signer migrated up to: 000_base_jwt_signer (executed)
jwt-signer migrated up to: 001_200_to_210 (executed)
migrating key-auth on database 'kong'...
key-auth migrated up to: 000_base_key_auth (executed)
key-auth migrated up to: 002_130_to_140 (executed)
key-auth migrated up to: 003_200_to_210 (executed)
migrating key-auth-enc on database 'kong'...
key-auth-enc migrated up to: 000_base_key_auth_enc (executed)
key-auth-enc migrated up to: 001_200_to_210 (executed)
migrating mtls-auth on database 'kong'...
mtls-auth migrated up to: 000_base_mtls_auth (executed)
mtls-auth migrated up to: 001_200_to_210 (executed)
mtls-auth migrated up to: 002_2200_to_2300 (executed)
migrating oauth2 on database 'kong'...
oauth2 migrated up to: 000_base_oauth2 (executed)
oauth2 migrated up to: 003_130_to_140 (executed)
oauth2 migrated up to: 004_200_to_210 (executed)
oauth2 migrated up to: 005_210_to_211 (executed)
migrating openid-connect on database 'kong'...
openid-connect migrated up to: 000_base_openid_connect (executed)
openid-connect migrated up to: 001_14_to_15 (executed)
openid-connect migrated up to: 002_200_to_210 (executed)
migrating proxy-cache-advanced on database 'kong'...
proxy-cache-advanced migrated up to: 001_035_to_050 (executed)
migrating rate-limiting on database 'kong'...
rate-limiting migrated up to: 000_base_rate_limiting (executed)
rate-limiting migrated up to: 003_10_to_112 (executed)
rate-limiting migrated up to: 004_200_to_210 (executed)
migrating response-ratelimiting on database 'kong'...
response-ratelimiting migrated up to: 000_base_response_rate_limiting (executed)
migrating session on database 'kong'...
session migrated up to: 000_base_session (executed)
session migrated up to: 001_add_ttl_index (executed)
migrating vault-auth on database 'kong'...
vault-auth migrated up to: 000_base_vault_auth (executed)
migrating enterprise on database 'kong'...
enterprise migrated up to: 000_base (executed)
enterprise migrated up to: 006_1301_to_1500 (executed)
enterprise migrated up to: 006_1301_to_1302 (executed)
enterprise migrated up to: 010_1500_to_2100 (executed)
enterprise migrated up to: 007_1500_to_1504 (executed)
enterprise migrated up to: 008_1504_to_1505 (executed)
enterprise migrated up to: 007_1500_to_2100 (executed)
enterprise migrated up to: 009_1506_to_1507 (executed)
enterprise migrated up to: 009_2100_to_2200 (executed)
enterprise migrated up to: 010_2200_to_2211 (executed)
enterprise migrated up to: 010_2200_to_2300 (executed)
enterprise migrated up to: 010_2200_to_2300_1 (executed)
migrating enterprise.acl on database 'kong'...
enterprise.acl migrated up to: 001_1500_to_2100 (executed)
migrating enterprise.basic-auth on database 'kong'...
enterprise.basic-auth migrated up to: 001_1500_to_2100 (executed)
migrating enterprise.hmac-auth on database 'kong'...
enterprise.hmac-auth migrated up to: 001_1500_to_2100 (executed)
migrating enterprise.jwt on database 'kong'...
enterprise.jwt migrated up to: 001_1500_to_2100 (executed)
migrating enterprise.key-auth on database 'kong'...
enterprise.key-auth migrated up to: 001_1500_to_2100 (executed)
migrating enterprise.key-auth-enc on database 'kong'...
enterprise.key-auth-enc migrated up to: 001_1500_to_2100 (executed)
migrating enterprise.mtls-auth on database 'kong'...
enterprise.mtls-auth migrated up to: 001_1500_to_2100 (executed)
enterprise.mtls-auth migrated up to: 002_2200_to_2300 (executed)
migrating enterprise.oauth2 on database 'kong'...
enterprise.oauth2 migrated up to: 001_1500_to_2100 (executed)
enterprise.oauth2 migrated up to: 002_2200_to_2211 (executed)
migrating enterprise.request-transformer-advanced on database 'kong'...
enterprise.request-transformer-advanced migrated up to: 001_1500_to_2100 (executed)
migrating enterprise.response-transformer-advanced on database 'kong'...
enterprise.response-transformer-advanced migrated up to: 001_1500_to_2100 (executed)
80 migrations processed
80 executed- 成功之后,可以在客户端看到创建了74张表
2.4、启动kong
docker run -d --name kong-ee --network=yanshao_net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=postgres" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
-e "KONG_ADMIN_GUI_URL=http://127.0.0.1:9002" \
-p 9000:8000 \
-p 9443:8443 \
-p 9001:8001 \
-p 9444:8444 \
-p 9002:8002 \
kong/kong-gateway:2.4.1.0-alpinekong有5个端口需要对外暴露
- 8000:对应的http请求代理端口,后面配置代理时,需要用到它,这里对外暴露端口改成了9000
- 8001: http接口的管理端口
- 8443: 对应的https请求的代理端口
- 8444: https接口的管理端口
- 8002: 对api做了一些数据分析
- kong启动之后,可以在浏览器输入:http://127.0.0.1:9002/overview,可以通过这个链接,检查kong是否安装成功
2.5、初始化konga数据信息
docker run --rm --network=yanshao_net pantsel/konga:latest -c prepare -a postgres -u postgresql://kong:kong@postgres:5432/kongdebug: Preparing database...
Using postgres DB Adapter.
Database exists. Continue...
debug: Hook:api_health_checks:process() called
debug: Hook:health_checks:process() called
debug: Hook:start-scheduled-snapshots:process() called
debug: Hook:upstream_health_checks:process() called
debug: Hook:user_events_hook:process() called
debug: Seeding User...
debug: User seed planted
debug: Seeding Kongnode...
debug: Kongnode seed planted
debug: Seeding Emailtransport...
debug: Emailtransport seed planted
debug: Database migrations completed!- 初始化成功之后,在postgres新增了11张表(现在是85张表,之前kong初始化时,创建了74张)
2.6、启动konga
docker run -d -p 1337:1337 --network yanshao_net --name konga \
-e "DB_ADAPTER=postgres" \
-e "DB_URI=postgresql://kong:kong@postgres:5432/kong" \
-e "DB_PASSWORD=kong" \
-e "NODE_ENV=production" \
pantsel/konga:0.14.9- konga默认端口是1337,这里也需要对外暴露
- 启动成功之后,输入http://127.0.0.1:1337/register,检查konga是否安装成功
- 注册konga管理员账号
2.7、创建连接节点
- ip是当前主机ip地址,端口是9001(默认是8001,本文对外映射时设置成9001了)
2.8、创建Upstreams
- 输入name,然后提交
- 点击刚添加的upstream点击DETAILS添加targets,然后点击ADD TARGET输入target(ip+port)后点击SUBMIT TARGET即可,ip为本地电脑ip保证kong容器内可访问,端口为本地服务端口
- 本地起一个简单的springboot服务,上面配置的ip + 端口,可直接访问这个springboot服务
2.9、配置services和routes
- 输入name、host(可以与前面Upstreams的name保持一致,也可以跟前面配置的ip保持一致)
- protocol(协议类型,这里是http)
- port这里是9000,kong启动之后,http的代理端口是8000,启动时做了对外映射,所以这里是9000
- service保存后,点击service name进入详情页面,然后点击Routes添加路由规则
- 点击ADD ROUTE输入name、paths(输入转发规则需按回车才生效),Strip Path(是否把匹配成功的paths删除后在转发后端服务器.),Preserve Host(转发后端是否带host参数,默认不带,Protocols 只保留http即可,最后点击SUBMIT ROUTE
3.0、验证
@RestController
@RequestMapping("/user")
public class UserController {
@PostMapping("/v1/userInfo")
public Map<String,String> userInfo1(){
Map<String,String> res = new HashMap<>();
res.put("version","v1");
res.put("userName","Tiger");
res.put("address","beijing");
return res;
}
}
到这里,说明kong可以配置代理并且使用了!
3.1、其它
- postgres的版本最好选择9.6.X(尝试过12.XX以上的版本都失败了,貌似konga最新的版本只能使用9.6.X以下的版本)
- kong/kong-gateway最新版本需要当前主机安装openssl,而且需要安装openssl.rand等命令(尝试过,失败了)
- pantsel/konga无法兼容12.0以上的版本(10.0和11.0没有试过),会有ssl验证的问题