Docker builds Kong -- configures Service and adds key auth

Kong is an API gateway that forwards API communication between the client and the (micro) service.
Conceptual terminology
Upstream: it is an abstraction of the upstream server;
target: represents a physical service, which is the abstraction of ip + port;
Service: it is an abstract level service. It can be directly mapped to a physical service (host points to ip + port) or an upstream to achieve load balancing;
Route: it is the abstraction of route. It is responsible for mapping the actual request to service.
By default, the port on which KONG listens is:
8000: this port is used by KONG to listen for incoming HTTP requests from clients and forward them to the server on the server;
8443: this port is used by KONG to listen for incoming HTTP requests from clients. It is similar to the function of port 8000, but it is only used to listen to HTTP requests, without forwarding function. You can disable it by modifying the configuration file;
8001: Admin API, through which the administrator can configure the monitoring service of KONG;
8444: through this port, the administrator can monitor HTTP requests

Environmental deployment
1. Install docker

export REGISTRY_MIRROR=https://registry.cn-hangzhou.aliyuncs.com
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum repolist
yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
yum install -y docker-ce-18.09.7 docker-ce-cli-18.09.7 containerd.io
systemctl start docker && systemctl status docker && systemctl daemon-reload

2. Disable firewall

systemctl disable firewalld && systemctl stop firewalld && systemctl status firewalld
setenforce 0 && sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

3. Disable switch partition and set route forwarding

swapoff -a && yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak | grep -v swap > /etc/fstab
cat /etc/fstab
sudo vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

install
1. Create a docker network

docker network create kong-net

2. Run progress 9.6 database image

docker run -d --name kong-database \
--network=kong-net \
-p 5432:5432 \
-e "POSTGRES_USER=kong" \
-e "POSTGRES_DB=kong" \
postgres:9.6

3. Prepare database and initialize Kong Data

docker run --rm \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
kong:0.14.1 kong migrations up

4. start kong

docker run -d --name kong \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 8444:8444 \
kong:0.14.1

5. Create and run the Kong dashboard container

docker run -d \
--network=kong-net \
--link kong:kong -p 8008:8080 pgbi/kong-dashboard start \
--kong-url http://kong:8001 \
--basic-auth kong=kong

Then visit http: / / your IP:8008,
The login account is kong and the password is kong

1. for http://mockbin.org Add a service named example service

Using the Admin API to add a service, issue the following cURL request to add your first service (pointing to the Mockbin API) to Kong:

curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=example-service'  --data 'url=http://mockbin.org'

2. Add a route for the service created above

curl -i -X POST \
--url http://localhost:8001/services/example-service/routes \
--data 'hosts[]=example.com'

Check the "strip path" option and click "updata"“

3. Run the following command to return http://mockbin.org Information

curl -i -X GET --url http://localhost:8000/ --header 'Host: example.com'

Add authentication

1. Configure the key authentication plug-in

curl -i -X POST \
  --url http://localhost:8001/services/example-service/plugins/ \
  --data 'name=key-auth'

Note: this plug-in also accepts a config.key_names parameter, which defaults to ['apikey ']. It is a list of apikey's header and parameter names (both supported) that should be included during the request

2. Confirm that the plug-in configuration is correct

curl -i -X GET --url http://localhost:8000/ --header 'Host: example.com'

Because you did not specify the required apikey title or parameter, the response should be 401 Unauthorized
DockerKong--ServiceKey-auth

Increase consumers

curl -i -X POST \
  --url http://localhost:8001/consumers/ \
  --data "username=Jason"

Add a key for the above user. "Enter key here" in the following command needs to be replaced with the key you want to set.

curl -i -X POST \
  --url http://localhost:8001/consumers/Jason/key-auth/ \
  --data 'key=ENTER_KEY_HERE'

After adding the key information in the request in step 3, it can be accessed normally. The command is as follows:

curl -i -X GET \
  --url http://localhost:8000 \
  --header "Host: example.com" \
  --header "apikey: ENTER_KEY_HERE"

Tags: Linux Docker curl yum network

Posted on Fri, 14 Feb 2020 04:42:41 -0800 by lovesmith