Create/activate link
The first step in using Kong is to activate the link, log in to the Kong management background, find Connections, and link Kong's Api. Because my local port is mapped, I need to find the ip on the Docker network and bind it. The ip address172.19.0.3
docker network inspect gateway_net
"dcb524ba2b30e16e6453b9159ceb4edb642c42ea84dd00ee4ce1cd158737a118": {
"Name": "kong-ee",
"EndpointID": "4bcabe9c26cb082ba55f95ff9257b5cc3ff57d6f80059ac76501c7bd7eeba09f",
"MacAddress": "02:42:ac:13:00:03",
"IPv4Address": "172.19.0.3/16",
"IPv6Address": ""
},
Configure load balancing
The above figure is the flowchart of Kong's load balancing for services. The use of Kong is very simple, and it is added by using Http Api:
1. Add upstreams
POST http://127.0.0.1:9001/upstreams
{
"name":"audio-upstream"
}
2. Add Target
POST http://127.0.0.1:9001/upstreams/audio-upstream/targets
{
"target":"127.0.0.1:9502",
"weight":100
}
192.168.251.2
3. Configure Service
POST http://127.0.0.1:9001/services
{
"name":"audio-service",
"host":"audio-upstream"
}
4. Configure Route
When configuring Route, the paths parameter must /
start with
POST http://127.0.0.1:9001/services/audio-service/routes
{
"name":"audio-service-route",
"paths[]":"/audio"
}
certified
1.Basic certification
The authentication method of username and password can be added in Konga's Consumers
POST http://127.0.0.1:9001/routes/audio-service-route/plugins
{
"name":"basic-auth",
"config.hide_credentials":"true"
}
2. jwt authentication
1. Add jwt authentication operation component operation
POST http://127.0.0.1:9001/services/audio-service/plugins
{
"name":"jwt"
}
2. Set the jwt encryption method, parameter description:
- algorithm : encryption method
- key : the key set in Consumers
- secret: custom 32-bit encrypted string
POST http://127.0.0.1:9001/consumers/test/jwt
{
"algorithm":"HS256",
"key":"test",
"secret":"UmVZkyvSPOiGgVW2B1g1uhkM0tSPl5o3"
}
Limiting
Compared with permission verification, Kong's current limiting is much simpler. Kong uses counters for current limiting.
- config.minute : no minutes 5 times
- config.limit_by: limit flow according to ip
POST http://127.0.0.1:9001/services/audio-service/plugins
{
"name":"rate-limiting",
"config.minute":5,
"config.limit_by":"ip"
}
Black and white list
Kong's black/white list function is implemented based on restricting ip.
POST http://127.0.0.1:9001/services/audio-service/plugins
{
"name":"ip-restriction",
"config.deny":"127.0.0.1"
}