After deploying kong, we need to add our own interface to Kong management. Kong provides a more comprehensive restful api. Each version will be different. The following record is based on kong v0.14.x
kong's 8001 port is resful admin api, through which services, routing and configuration are managed, so after deployment, pages can access localhost:8001 directly.
Reference resources: https://docs.konghq.com/0.14....
Retrieve node information
Get general details of kong nodes
1. Query node information
curl http://localhost:8001
Endpoint
{ "plugins": { "enabled_in_cluster": [], "available_on_server": { "response-transformer": true, "oauth2": true, "acl": true, "correlation-id": true, "pre-function": true, "jwt": true, "cors": true, "ip-restriction": true, "basic-auth": true, "key-auth": true, "rate-limiting": true, "request-transformer": true, "http-log": true, "file-log": true, "hmac-auth": true, "ldap-auth": true, "datadog": true, "tcp-log": true, "zipkin": true, "post-function": true, "request-size-limiting": true, "bot-detection": true, "syslog": true, "loggly": true, "azure-functions": true, "udp-log": true, "response-ratelimiting": true, "aws-lambda": true, "statsd": true, "prometheus": true, "request-termination": true } }, "tagline": "Welcome to kong", "configuration": { "plugins": [ "bundled" ], "admin_ssl_enabled": true, "lua_ssl_verify_depth": 1, "trusted_ips": {}, "prefix": "/usr/local/kong", "loaded_plugins": { "response-transformer": true, "request-termination": true, "prometheus": true, "ip-restriction": true, "pre-function": true, "jwt": true, "cors": true, "statsd": true, "basic-auth": true, "key-auth": true, "ldap-auth": true, "aws-lambda": true, "http-log": true, "response-ratelimiting": true, "hmac-auth": true, "request-size-limiting": true, "datadog": true, "tcp-log": true, "zipkin": true, "post-function": true, "bot-detection": true, "acl": true, "loggly": true, "syslog": true, "azure-functions": true, "udp-log": true, "file-log": true, "request-transformer": true, "correlation-id": true, "rate-limiting": true, "oauth2": true }, "cassandra_username": "kong", "admin_ssl_cert_csr_default": "/usr/local/kong/ssl/admin-kong-default.csr", "ssl_cert_key": "/usr/local/kong/ssl/kong-default.key", "admin_ssl_cert_key": "/usr/local/kong/ssl/admin-kong-default.key", "dns_resolver": {}, "pg_user": "kong", "mem_cache_size": "128m", "cassandra_data_centers": [ "dc1:2", "dc2:3" ], "nginx_admin_directives": {}, "custom_plugins": {}, "pg_host": "127.0.0.1", "nginx_acc_logs": "/usr/local/kong/logs/access.log", "proxy_listen": [ "0.0.0.0:8000", "0.0.0.0:8443 ssl" ], "client_ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt", "ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key", "dns_no_sync": false, "db_update_propagation": 0, "nginx_err_logs": "/usr/local/kong/logs/error.log", "cassandra_port": 9042, "dns_order": [ "LAST", "SRV", "A", "CNAME" ], "dns_error_ttl": 1, "headers": [ "server_tokens", "latency_tokens" ], "dns_stale_ttl": 4, "nginx_optimizations": true, "database": "postgres", "pg_database": "kong", "nginx_worker_processes": "auto", "lua_package_cpath": "", "admin_acc_logs": "/usr/local/kong/logs/admin_access.log", "lua_package_path": "./?.lua;./?/init.lua;", "nginx_pid": "/usr/local/kong/pids/nginx.pid", "upstream_keepalive": 60, "cassandra_contact_points": [ "127.0.0.1" ], "client_ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr", "proxy_listeners": [ { "ssl": false, "ip": "0.0.0.0", "proxy_protocol": false, "port": 8000, "http2": false, "listener": "0.0.0.0:8000" }, { "ssl": true, "ip": "0.0.0.0", "proxy_protocol": false, "port": 8443, "http2": false, "listener": "0.0.0.0:8443 ssl" } ], "proxy_ssl_enabled": true, "admin_access_log": "logs/admin_access.log", "ssl_ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256", "enabled_headers": { "latency_tokens": true, "X-Kong-Proxy-Latency": true, "Via": true, "server_tokens": true, "Server": true, "X-Kong-Upstream-Latency": true, "X-Kong-Upstream-Status": false }, "cassandra_ssl": false, "ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr", "db_resurrect_ttl": 30, "client_max_body_size": "0", "cassandra_consistency": "ONE", "db_cache_ttl": 0, "admin_error_log": "logs/error.log", "pg_ssl_verify": false, "dns_not_found_ttl": 30, "pg_ssl": false, "client_ssl": false, "db_update_frequency": 5, "cassandra_repl_strategy": "SimpleStrategy", "nginx_kong_conf": "/usr/local/kong/nginx-kong.conf", "cassandra_repl_factor": 1, "nginx_http_directives": [ { "value": "prometheus_metrics 5m", "name": "lua_shared_dict" } ], "error_default_type": "text/plain", "kong_env": "/usr/local/kong/.kong_env", "real_ip_header": "X-Real-IP", "dns_hostsfile": "/etc/hosts", "admin_listeners": [ { "ssl": false, "ip": "0.0.0.0", "proxy_protocol": false, "port": 8001, "http2": false, "listener": "0.0.0.0:8001" }, { "ssl": true, "ip": "0.0.0.0", "proxy_protocol": false, "port": 8444, "http2": false, "listener": "0.0.0.0:8444 ssl" } ], "admin_ssl_cert": "/usr/local/kong/ssl/admin-kong-default.crt", "ssl_cert": "/usr/local/kong/ssl/kong-default.crt", "proxy_access_log": "logs/access.log", "admin_ssl_cert_key_default": "/usr/local/kong/ssl/admin-kong-default.key", "cassandra_ssl_verify": false, "cassandra_lb_policy": "RoundRobin", "ssl_cipher_suite": "modern", "real_ip_recursive": "off", "proxy_error_log": "logs/error.log", "client_ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key", "nginx_daemon": "on", "anonymous_reports": true, "cassandra_timeout": 5000, "nginx_proxy_directives": {}, "pg_port": 5432, "log_level": "notice", "client_body_buffer_size": "8k", "cassandra_schema_consensus_timeout": 10000, "lua_socket_pool_size": 30, "admin_ssl_cert_default": "/usr/local/kong/ssl/admin-kong-default.crt", "cassandra_keyspace": "kong", "ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt", "nginx_conf": "/usr/local/kong/nginx.conf", "admin_listen": [ "0.0.0.0:8001", "0.0.0.0:8444 ssl" ] }, "version": "0.14.1", "node_id": "fee222ae-7871-49e5-a47c-bdc55410dc2a", "lua_version": "LuaJIT 2.1.0-beta3", "prng_seeds": { "pid: 2328": 177223337424, "pid: 2326": 145810617621, "pid: 2327": 712547711113, "pid: 2329": 114129841275 }, "timers": { "pending": 5, "running": 0 }, "hostname": "localhost.localdomain" }
Partial Return Field Meaning:
node_id: The uuid of the running kong node, which is generated randomly when kong is started, changes every time kong is restarted
Availabel_on_server: Name of plugins installed on Kong node
Enabled_in_cluster: A plug-in enabled in the Kong node that generates a corresponding storage table in the database
2. Query node status
curl http://localhost:8001/status
{ "database": { "reachable": true }, "server": { "connections_writing": 1, "total_requests": 67, "connections_handled": 46, "connections_accepted": 46, "connections_reading": 0, "connections_active": 2, "connections_waiting": 1 } }
** Field Interpretation
| field | explain |
|---|---|
| total_requests | Total number of client requests |
| connections_active | Includes the current number of active client connections waiting to be connected |
| connections_accepted | Total number of client connections accepted |
| connections_handled | The total number of connections processed. Generally speaking, unless certain resource constraints are met, the parameter values are the same as the accepted values. |
| connections_reading | Currently Kong is reading the number of connections in the request header |
| connections_writing | NGINX Writes Responses to the Current Number of Connections on the Client |
| connections_waiting | Current number of idle client connections waiting for requests |
| reachable | Boolean values that reflect the state of database connections. Note that this flag does not reflect the health of the database itself. |
Second, service services
kong v0.13.x officially recommends using Service and Route modules to manage API s, which can be better managed, such as unified authentication and policy configuration.
1, Add Service (Add Service)
parameter
| field | explain | Remarks |
|---|---|---|
| name | Service name | nothing |
| protocol | Protocol: http or https defaults to http | Write whatever protocol your back-end service accesses with |
| host | Backend Service Domain Name | nothing |
| port | Backend service port | nothing |
| path | Backend service subpath; fill in'/'if not | nothing |
| retries | Retry times: default 5 times | Default is OK. |
| connect_timeout | Timeout for requesting back-end services: default 60000 ms | 1 second (s)=1000 milliseconds (ms) |
| write_timeout | Write timeout: default 60000 ms | 1 second (s)=1000 milliseconds (ms) |
| read_timeout | Read timeout: default 60000 ms | 1 second (s)=1000 milliseconds (ms) |
| url | Backend service url address | In this way, you can specify protocol, host, port and path directly, instead of specifying them separately. |
Use:
curl -i -X POST http://localhost:8001/services -d "name=test.service" -d "url=http://your back-end service domain name / api"
Return:
{ "host": "Your Backend Service Domain Name", "created_at": 1538093069, "connect_timeout": 60000, "id": "85c4d968-7b6f-48fc-b5b0-260cf8493821", "protocol": "http", "name": "test.service", "read_timeout": 60000, "port": 80, "path": "/api", "updated_at": 1538093069, "retries": 5, "write_timeout": 60000 }
* Note: The url attribute is very useful and can directly specify protocol, host, port and path.
It can also be written like this.
curl -i -X POST http://localhost:8001/services -d "name=test.service" -d "protocol=http" -d "host=hxonline.hxsd.cn" -d "path=/api"
2. Retrieve Service
Query all services
curl -i -X GET http://1localhost:8001/services
Query a service
curl -i -X GET http://localhost:8001/services/{service name or service id} EXP: curl -i -X GET http://localhost:8001/services/test.service My service name
Getting services under a route
curl -i -X GET http://localhost:8001/routes/{routing ID}/service EXP: curl -i -X GET http://localhost:8001/routes/xxxx-xxx-xxx-xx/service
Update service
PATCH and PUT can be used, PATCH can modify existing services, and PUT can create a new one if the service does not exist.
curl -i -X PUT http://localhost:8001/services/{service name or ID} -d "name=test.service" -d "protocol=http" -d "host=hxonline.hxsd.cn" -d "path=/api"
Delete service
curl -i -X DELETE http://localhost:8001/services/{service name or ID} EXP: curl -i -X DELETE http://localhost:8001/services/test.service
Return
HTTP 204 No Content
Route Object (Routing)
Routing is an entity that really provides interfaces to the outside world. Each route is associated with a service, and a service may have multiple routes associated with it. Each request matching a given route will be submitted to its related services.
| field | explain | Is it necessary to fill in? |
|---|---|---|
| protocols | Protocol list, http, https. Settings: protocols []= HTTP & protocols []= HTTPS | Must fill |
| methods | Method of accepting requests: GET or POST, both of which work. Set methods []= GET & methods []= POST | Semi-optional Filling: By default, both are OK |
| hosts | A list of domain names that match this route. For example: example.com. As form-encode, set: hosts[]= Foo.com and hosts[]= BAR.com | Semi selective filling |
| paths | A list of paths that match this route. For example: / test | Mandatory: This is important to differentiate between multiple services |
| strip_path | Selective filling | |
| preserve_host | Selective filling | |
| service | Services bound to this route. Settings: service.id=<service_id> | Must fill |
1, Add Route (add routing)
curl -i -X POST --url http://localhost:8001/routes/ \ -d 'protocols[]=http&protocols[]=https' \ -d 'paths=/test' \ -d 'service.id=xxx-xxxx-xxxx-xx' #Service ID
Access interface
Curl-i-X GET http://localhost:8000/test/{back-end service routing}
Note: test is the paths field where the creation route is.
EXP:
curl -i -X GET http://localhost:8000/test/userinfo2. Retrieve Route
Get all routes
curl -i -X GET http://localhost:8001/routes/
Get a route
curl -i -X GET http://localhost:8001/routes/xxx-xxx-xxx# routing ID
Getting Routes under a Service
curl -i -X GET http://localhost:8001/services/{service name or service ID}/routes
Update routing
PATCH and PUT can be used, PATCH can modify the existing routing, and PUT can create a new one if the routing does not exist.
curl -i -X PUT http://localhost:8001/routes/xxx-xxx-xxx\ Routing ID -d 'protocols[]=http&protocols[]=https' \ -d 'paths=test' \
Delete route
curl -i -X DELETE http://localhost:8001/routes/xxx-xxx-xxx# routing ID
summary
Now that kong's service and routing settings have been completed, the authentication plug-ins and acl cooperate to ensure the security of the external interface.
Source of the article: http://www.yuanmaketang.com/i...