Microservices-Kong Http Api implements load balancing, jwt authentication, current limiting, black and white lists

Language 2023-08-08 19:27:15 views: null

kong1.png

Create/activate link

The first step in using Kong is to activate the link, log in to the Kong management background, find Connections, and link Kong's Api. Because my local port is mapped, I need to find the ip on the Docker network and bind it. The ip address172.19.0.3

docker network inspect gateway_net

"dcb524ba2b30e16e6453b9159ceb4edb642c42ea84dd00ee4ce1cd158737a118": {
    "Name": "kong-ee",
    "EndpointID": "4bcabe9c26cb082ba55f95ff9257b5cc3ff57d6f80059ac76501c7bd7eeba09f",
    "MacAddress": "02:42:ac:13:00:03",
    "IPv4Address": "172.19.0.3/16",
    "IPv6Address": ""
},

Configure load balancing

kong-2.png

The above figure is the flowchart of Kong's load balancing for services. The use of Kong is very simple, and it is added by using Http Api:

1. Add upstreams

POST http://127.0.0.1:9001/upstreams
{
    "name":"audio-upstream"
}

2. Add Target

POST http://127.0.0.1:9001/upstreams/audio-upstream/targets
{
    "target":"127.0.0.1:9502",
    "weight":100
}

192.168.251.2

3. Configure Service

POST http://127.0.0.1:9001/services

{
    "name":"audio-service",
    "host":"audio-upstream"
}

4. Configure Route

When configuring Route, the paths parameter must /start with

POST http://127.0.0.1:9001/services/audio-service/routes
{
    "name":"audio-service-route",
    "paths[]":"/audio"
}

certified

1.Basic certification

The authentication method of username and password can be added in Konga's Consumers

POST http://127.0.0.1:9001/routes/audio-service-route/plugins
{
    "name":"basic-auth",
    "config.hide_credentials":"true"
}

2. jwt authentication

1. Add jwt authentication operation component operation

POST http://127.0.0.1:9001/services/audio-service/plugins
{
    "name":"jwt"
}

2. Set the jwt encryption method, parameter description:

  • algorithm : encryption method
  • key : the key set in Consumers
  • secret: custom 32-bit encrypted string
POST http://127.0.0.1:9001/consumers/test/jwt
{
    "algorithm":"HS256",
    "key":"test",
    "secret":"UmVZkyvSPOiGgVW2B1g1uhkM0tSPl5o3"
}

Limiting

Compared with permission verification, Kong's current limiting is much simpler. Kong uses counters for current limiting.

  • config.minute : no minutes 5 times
  • config.limit_by: limit flow according to ip
POST http://127.0.0.1:9001/services/audio-service/plugins
{
    "name":"rate-limiting",
    "config.minute":5, 
    "config.limit_by":"ip"
}

Black and white list

Kong's black/white list function is implemented based on restricting ip.

POST http://127.0.0.1:9001/services/audio-service/plugins
{
    "name":"ip-restriction",
    "config.deny":"127.0.0.1"
}

Guess you like

Origin blog.csdn.net/xuezhiwu001/article/details/130532506
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com