Kong 練習小記
Kong 網站上面有 Webinars 可以參考
這次的練習是基於下面這個
Install and Scale Kong on Kubernetes
要觀看要給 First / Last Name 還有 e-mail
我是使用之前架設 kong 0.11.1 版本
Kong 的 demo 都會使用 httpbin.org 來進行測試
網站內容如下
先使用 http 指令來進行測試 ( 可以安裝 httpie 套件取得 )
# http httpbin.org/ip
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 33
Content-Type: application/json
Date: Thu, 25 Jan 2018 06:49:11 GMT
Server: meinheld/0.6.1
Via: 1.1 vegur
X-Powered-By: Flask
X-Processed-Time: 0.000645160675049
{
"origin": "xxx.xxx.xxx.xx"
}
檢查 kong 目前的 api
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 06:54:51 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"data": [],
"total": 0
}
建立一個 demo 的 api 將 httpbin.org 都導向過來
# http http://localhost:8001/apis name=demo uris=/ upstream_url=http://httpbin.org
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 06:58:26 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"created_at": 1516863506953,
"http_if_terminated": false,
"https_only": false,
"id": "174d014f-96d2-454e-b222-1083d92569f6",
"name": "demo",
"preserve_host": false,
"retries": 5,
"strip_uri": true,
"upstream_connect_timeout": 60000,
"upstream_read_timeout": 60000,
"upstream_send_timeout": 60000,
"upstream_url": "http://httpbin.org",
"uris": [
"/"
]
}
再次確認 kong 上面的 api
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 07:00:07 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"data": [
{
"created_at": 1516863506953,
"http_if_terminated": false,
"https_only": false,
"id": "174d014f-96d2-454e-b222-1083d92569f6",
"name": "demo",
"preserve_host": false,
"retries": 5,
"strip_uri": true,
"upstream_connect_timeout": 60000,
"upstream_read_timeout": 60000,
"upstream_send_timeout": 60000,
"upstream_url": "http://httpbin.org",
"uris": [
"/"
]
}
],
"total": 1
}
測試是否可以使用, 這邊要注意的是, 因為我們是要使用, 所以不是使用 :8001 的 admin port, 而是使用 :8000 的 proxy port , 然後後面接要他回應的部份, 例如 /ip
# http http://localhost:8000/ip
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Date: Thu, 25 Jan 2018 07:04:02 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 0
X-Kong-Upstream-Latency: 491
X-Powered-By: Flask
X-Processed-Time: 0.00064492225647
{
"origin": "172.17.0.1, xxx.xxx.xx.xxx"
}
可以觀察上面的 X-Kong-Proxy-Latency 部份, 重複執行之後, 應該是有 cache 機制, 所以 latency 就會降低
所以如果是用 :8001 就會回應錯誤
# http http://localhost:8001/ip
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 07:06:55 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"message": "Not found"
}
這個時候可以思考為, 將原本要對 httpbin.org 的所有請求都可以用 kong 來進行要求
例如
# http http://localhost:8000/user-agent
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 35
Content-Type: application/json
Date: Thu, 25 Jan 2018 07:08:39 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 137
X-Kong-Upstream-Latency: 496
X-Powered-By: Flask
X-Processed-Time: 0.000699996948242
{
"user-agent": "HTTPie/0.9.8"
}
接下來建立 plugin , 限制流量, 一分鐘能個使用 7 次
# http http://localhost:8001/plugins name=rate-limiting config.minute=7
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 07:23:26 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"config": {
"fault_tolerant": true,
"hide_client_headers": false,
"limit_by": "consumer",
"minute": 7,
"policy": "cluster",
"redis_database": 0,
"redis_port": 6379,
"redis_timeout": 2000
},
"created_at": 1516865005000,
"enabled": true,
"id": "a8918be7-5f1c-41c9-9e90-73bcd62f9767",
"name": "rate-limiting"
}
檢查 kong 上面的 plugins
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 07:26:04 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"data": [
{
"config": {
"fault_tolerant": true,
"hide_client_headers": false,
"limit_by": "consumer",
"minute": 7,
"policy": "cluster",
"redis_database": 0,
"redis_port": 6379,
"redis_timeout": 2000
},
"created_at": 1516865005000,
"enabled": true,
"id": "a8918be7-5f1c-41c9-9e90-73bcd62f9767",
"name": "rate-limiting"
}
],
"total": 1
}
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Date: Thu, 25 Jan 2018 07:27:30 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 269
X-Kong-Upstream-Latency: 449
X-Powered-By: Flask
X-Processed-Time: 0.000438928604126
X-RateLimit-Limit-minute: 7
X-RateLimit-Remaining-minute: 6
{
"origin": "172.17.0.1, 140.110.30.105"
}
如果重複執行, 就會發現 他的 remaining-minute 次數會減少
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Date: Thu, 25 Jan 2018 07:28:23 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 2
X-Kong-Upstream-Latency: 524
X-Powered-By: Flask
X-Processed-Time: 0.000830173492432
X-RateLimit-Limit-minute: 7
X-RateLimit-Remaining-minute: 4
{
"origin": "172.17.0.1, 140.110.30.105"
}
如果超過限定的次數就會產生錯誤, 不給進行請求
HTTP/1.1 429
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 07:29:47 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
X-RateLimit-Limit-minute: 7
X-RateLimit-Remaining-minute: 0
{
"message": "API rate limit exceeded"
}
接下來觀察 consumers
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:22:28 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"data": [],
"total": 0
}
建立 consumer
# http http://localhost:8001/consumers username=gold-partner
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:23:29 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"created_at": 1516868609000,
"id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
"username": "gold-partner"
}
進行觀察
# http http://localhost:8001/consumers
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:24:33 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"data": [
{
"created_at": 1516868609000,
"id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
"username": "gold-partner"
}
],
"total": 1
}
嘗試建立 gold-partner 的 key
# http http://localhost:8001/consumers/gold-partner/key-auth key=gold
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:25:44 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"consumer_id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
"created_at": 1516868745000,
"id": "ba986917-9bd9-4548-803e-5d15a318af3e",
"key": "gold"
}
進行觀察
# http http://localhost:8001/consumers
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:27:18 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"data": [
{
"created_at": 1516868609000,
"id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
"username": "gold-partner"
}
],
"total": 1
}
# http http://localhost:8001/consumers/gold-partner/key-auth
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:28:37 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"data": [
{
"consumer_id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
"created_at": 1516868745000,
"id": "ba986917-9bd9-4548-803e-5d15a318af3e",
"key": "gold"
}
],
"total": 1
}
還沒啟用檢查 key驗證前, 先觀察 plugins
# http http://localhost:8001/plugins
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:32:03 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"data": [
{
"config": {
"fault_tolerant": true,
"hide_client_headers": false,
"limit_by": "consumer",
"minute": 7,
"policy": "cluster",
"redis_database": 0,
"redis_port": 6379,
"redis_timeout": 2000
},
"created_at": 1516865005000,
"enabled": true,
"id": "a8918be7-5f1c-41c9-9e90-73bcd62f9767",
"name": "rate-limiting"
}
],
"total": 1
}
啟用 key-auth plugin
# http http://localhost:8001/plugins name=key-auth
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:33:10 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"config": {
"anonymous": "",
"hide_credentials": false,
"key_in_body": false,
"key_names": [
"apikey"
],
"run_on_preflight": true
},
"created_at": 1516869190000,
"enabled": true,
"id": "e461bc07-2f59-44f8-abfc-d10cacb17f3e",
"name": "key-auth"
}
再次觀察 plugins
# http http://localhost:8001/plugins
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:34:42 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"data": [
{
"config": {
"fault_tolerant": true,
"hide_client_headers": false,
"limit_by": "consumer",
"minute": 7,
"policy": "cluster",
"redis_database": 0,
"redis_port": 6379,
"redis_timeout": 2000
},
"created_at": 1516865005000,
"enabled": true,
"id": "a8918be7-5f1c-41c9-9e90-73bcd62f9767",
"name": "rate-limiting"
},
{
"config": {
"anonymous": "",
"hide_credentials": false,
"key_in_body": false,
"key_names": [
"apikey"
],
"run_on_preflight": true
},
"created_at": 1516869190000,
"enabled": true,
"id": "e461bc07-2f59-44f8-abfc-d10cacb17f3e",
"name": "key-auth"
}
],
"total": 2
}
嘗試執行 api 請求, 就會得到 No API Key 錯誤, 因為現在有用 key-auth
# http http://localhost:8000/ip
HTTP/1.1 401 Unauthorized
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:35:49 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
WWW-Authenticate: Key realm="kong"
{
"message": "No API key found in request"
}
先測試一個錯誤的 apikey
# http http://localhost:8000/ip?apikey=hello
HTTP/1.1 403 Forbidden
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:37:09 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"message": "Invalid authentication credentials"
}
使用剛剛建立的 apikey 進行測試
# http http://localhost:8000/ip?apikey=gold
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Date: Thu, 25 Jan 2018 08:38:09 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 447
X-Kong-Upstream-Latency: 457
X-Powered-By: Flask
X-Processed-Time: 0.000466823577881
X-RateLimit-Limit-minute: 7
X-RateLimit-Remaining-minute: 6
{
"origin": "172.17.0.1, xxx.xxx.xxx.xxx"
}
建立另外一個 consumer
# http http://localhost:8001/consumers username=free-user
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:40:15 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"created_at": 1516869615000,
"id": "3c3c554f-a4b9-460d-8d45-93252d5f3f5d",
"username": "free-user"
}
建立 key-auth 的 key
# http http://localhost:8001/consumers/free-user/key-auth key=free
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:41:51 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"consumer_id": "3c3c554f-a4b9-460d-8d45-93252d5f3f5d",
"created_at": 1516869711000,
"id": "1baf16ad-4d65-47b1-8f7a-f8016f179a1e",
"key": "free"
}
測試目前 free and gold 這兩個 key 都可以使用
# http http://localhost:8000/ip?apikey=free
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Date: Thu, 25 Jan 2018 08:43:05 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 103
X-Kong-Upstream-Latency: 447
X-Powered-By: Flask
X-Processed-Time: 0.000643968582153
X-RateLimit-Limit-minute: 7
X-RateLimit-Remaining-minute: 6
{
"origin": "172.17.0.1, xxx.xxx.xxx.xxx"
}
# http http://localhost:8001/consumers/free-user/plugins name=rate-limiting config.minute=10
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:45:59 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"config": {
"fault_tolerant": true,
"hide_client_headers": false,
"limit_by": "consumer",
"minute": 10,
"policy": "cluster",
"redis_database": 0,
"redis_port": 6379,
"redis_timeout": 2000
},
"consumer_id": "3c3c554f-a4b9-460d-8d45-93252d5f3f5d",
"created_at": 1516869959000,
"enabled": true,
"id": "dff9419b-c144-44c0-859c-939eb6e3ac0b",
"name": "rate-limiting"
}
設定 gold-partner 有比較多的次數
# http http://localhost:8001/consumers/gold-partner/plugins name=rate-limiting config.minute=15
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:48:25 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
{
"config": {
"fault_tolerant": true,
"hide_client_headers": false,
"limit_by": "consumer",
"minute": 15,
"policy": "cluster",
"redis_database": 0,
"redis_port": 6379,
"redis_timeout": 2000
},
"consumer_id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
"created_at": 1516870106000,
"enabled": true,
"id": "8bb32dfb-d005-432c-8178-1ed8548c7cf9",
"name": "rate-limiting"
}
以上, 又跨出 kong 一小步
~ enjoy it
沒有留言:
張貼留言