星期五, 2月 02, 2018

Kong 練習小記 by kong webinars

Kong 練習小記

Kong 網站上面有 Webinars 可以參考

這次的練習是基於下面這個
Install and Scale Kong on Kubernetes

要觀看要給 First / Last Name 還有 e-mail


我是使用之前架設 kong 0.11.1 版本

Kong 的 demo 都會使用 httpbin.org 來進行測試


網站內容如下


先使用 http 指令來進行測試 ( 可以安裝 httpie 套件取得 )

# http   httpbin.org/ip

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 33
Content-Type: application/json
Date: Thu, 25 Jan 2018 06:49:11 GMT
Server: meinheld/0.6.1
Via: 1.1 vegur
X-Powered-By: Flask
X-Processed-Time: 0.000645160675049

{
   "origin": "xxx.xxx.xxx.xx"
}

檢查 kong 目前的 api

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 06:54:51 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "data": [],
   "total": 0
}


建立一個 demo 的 api 將 httpbin.org 都導向過來

# http  http://localhost:8001/apis  name=demo  uris=/   upstream_url=http://httpbin.org

HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 06:58:26 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "created_at": 1516863506953,
   "http_if_terminated": false,
   "https_only": false,
   "id": "174d014f-96d2-454e-b222-1083d92569f6",
   "name": "demo",
   "preserve_host": false,
   "retries": 5,
   "strip_uri": true,
   "upstream_connect_timeout": 60000,
   "upstream_read_timeout": 60000,
   "upstream_send_timeout": 60000,
   "upstream_url": "http://httpbin.org",
   "uris": [
       "/"
   ]
}


再次確認 kong 上面的 api
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 07:00:07 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "data": [
       {
           "created_at": 1516863506953,
           "http_if_terminated": false,
           "https_only": false,
           "id": "174d014f-96d2-454e-b222-1083d92569f6",
           "name": "demo",
           "preserve_host": false,
           "retries": 5,
           "strip_uri": true,
           "upstream_connect_timeout": 60000,
           "upstream_read_timeout": 60000,
           "upstream_send_timeout": 60000,
           "upstream_url": "http://httpbin.org",
           "uris": [
               "/"
           ]
       }
   ],
   "total": 1
}


測試是否可以使用, 這邊要注意的是, 因為我們是要使用, 所以不是使用 :8001 的 admin port, 而是使用 :8000 的 proxy port ,  然後後面接要他回應的部份, 例如 /ip

# http  http://localhost:8000/ip

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Date: Thu, 25 Jan 2018 07:04:02 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 0
X-Kong-Upstream-Latency: 491
X-Powered-By: Flask
X-Processed-Time: 0.00064492225647

{
   "origin": "172.17.0.1, xxx.xxx.xx.xxx"
}

可以觀察上面的 X-Kong-Proxy-Latency 部份, 重複執行之後, 應該是有 cache 機制, 所以 latency 就會降低

所以如果是用  :8001 就會回應錯誤

# http  http://localhost:8001/ip
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 07:06:55 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "message": "Not found"
}


這個時候可以思考為, 將原本要對 httpbin.org 的所有請求都可以用  kong 來進行要求
例如

# http   http://localhost:8000/user-agent
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 35
Content-Type: application/json
Date: Thu, 25 Jan 2018 07:08:39 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 137
X-Kong-Upstream-Latency: 496
X-Powered-By: Flask
X-Processed-Time: 0.000699996948242

{
   "user-agent": "HTTPie/0.9.8"
}


接下來建立 plugin , 限制流量, 一分鐘能個使用 7 次

# http   http://localhost:8001/plugins  name=rate-limiting   config.minute=7

HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 07:23:26 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "config": {
       "fault_tolerant": true,
       "hide_client_headers": false,
       "limit_by": "consumer",
       "minute": 7,
       "policy": "cluster",
       "redis_database": 0,
       "redis_port": 6379,
       "redis_timeout": 2000
   },
   "created_at": 1516865005000,
   "enabled": true,
   "id": "a8918be7-5f1c-41c9-9e90-73bcd62f9767",
   "name": "rate-limiting"
}


檢查 kong 上面的 plugins

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 07:26:04 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "data": [
       {
           "config": {
               "fault_tolerant": true,
               "hide_client_headers": false,
               "limit_by": "consumer",
               "minute": 7,
               "policy": "cluster",
               "redis_database": 0,
               "redis_port": 6379,
               "redis_timeout": 2000
           },
           "created_at": 1516865005000,
           "enabled": true,
           "id": "a8918be7-5f1c-41c9-9e90-73bcd62f9767",
           "name": "rate-limiting"
       }
   ],
   "total": 1
}





HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Date: Thu, 25 Jan 2018 07:27:30 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 269
X-Kong-Upstream-Latency: 449
X-Powered-By: Flask
X-Processed-Time: 0.000438928604126
X-RateLimit-Limit-minute: 7
X-RateLimit-Remaining-minute: 6

{
   "origin": "172.17.0.1, 140.110.30.105"
}

如果重複執行, 就會發現 他的 remaining-minute 次數會減少

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Date: Thu, 25 Jan 2018 07:28:23 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 2
X-Kong-Upstream-Latency: 524
X-Powered-By: Flask
X-Processed-Time: 0.000830173492432
X-RateLimit-Limit-minute: 7
X-RateLimit-Remaining-minute: 4

{
   "origin": "172.17.0.1, 140.110.30.105"
}


如果超過限定的次數就會產生錯誤, 不給進行請求

HTTP/1.1 429
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 07:29:47 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
X-RateLimit-Limit-minute: 7
X-RateLimit-Remaining-minute: 0

{
   "message": "API rate limit exceeded"
}


接下來觀察 consumers

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:22:28 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "data": [],
   "total": 0
}


建立 consumer

# http  http://localhost:8001/consumers  username=gold-partner
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:23:29 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "created_at": 1516868609000,
   "id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
   "username": "gold-partner"
}


進行觀察

# http  http://localhost:8001/consumers
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:24:33 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "data": [
       {
           "created_at": 1516868609000,
           "id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
           "username": "gold-partner"
       }
   ],
   "total": 1
}

嘗試建立 gold-partner 的 key

# http  http://localhost:8001/consumers/gold-partner/key-auth  key=gold
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:25:44 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "consumer_id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
   "created_at": 1516868745000,
   "id": "ba986917-9bd9-4548-803e-5d15a318af3e",
   "key": "gold"
}



進行觀察
# http  http://localhost:8001/consumers
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:27:18 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "data": [
       {
           "created_at": 1516868609000,
           "id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
           "username": "gold-partner"
       }
   ],
   "total": 1
}


# http   http://localhost:8001/consumers/gold-partner/key-auth  
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:28:37 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "data": [
       {
           "consumer_id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
           "created_at": 1516868745000,
           "id": "ba986917-9bd9-4548-803e-5d15a318af3e",
           "key": "gold"
       }
   ],
   "total": 1
}

還沒啟用檢查 key驗證前, 先觀察 plugins

# http   http://localhost:8001/plugins
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:32:03 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "data": [
       {
           "config": {
               "fault_tolerant": true,
               "hide_client_headers": false,
               "limit_by": "consumer",
               "minute": 7,
               "policy": "cluster",
               "redis_database": 0,
               "redis_port": 6379,
               "redis_timeout": 2000
           },
           "created_at": 1516865005000,
           "enabled": true,
           "id": "a8918be7-5f1c-41c9-9e90-73bcd62f9767",
           "name": "rate-limiting"
       }
   ],
   "total": 1
}


啟用 key-auth plugin

# http  http://localhost:8001/plugins  name=key-auth
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:33:10 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "config": {
       "anonymous": "",
       "hide_credentials": false,
       "key_in_body": false,
       "key_names": [
           "apikey"
       ],
       "run_on_preflight": true
   },
   "created_at": 1516869190000,
   "enabled": true,
   "id": "e461bc07-2f59-44f8-abfc-d10cacb17f3e",
   "name": "key-auth"
}

再次觀察 plugins

# http   http://localhost:8001/plugins
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:34:42 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "data": [
       {
           "config": {
               "fault_tolerant": true,
               "hide_client_headers": false,
               "limit_by": "consumer",
               "minute": 7,
               "policy": "cluster",
               "redis_database": 0,
               "redis_port": 6379,
               "redis_timeout": 2000
           },
           "created_at": 1516865005000,
           "enabled": true,
           "id": "a8918be7-5f1c-41c9-9e90-73bcd62f9767",
           "name": "rate-limiting"
       },
       {
           "config": {
               "anonymous": "",
               "hide_credentials": false,
               "key_in_body": false,
               "key_names": [
                   "apikey"
               ],
               "run_on_preflight": true
           },
           "created_at": 1516869190000,
           "enabled": true,
           "id": "e461bc07-2f59-44f8-abfc-d10cacb17f3e",
           "name": "key-auth"
       }
   ],
   "total": 2
}


嘗試執行 api 請求, 就會得到 No API Key 錯誤, 因為現在有用 key-auth

# http   http://localhost:8000/ip
HTTP/1.1 401 Unauthorized
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:35:49 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked
WWW-Authenticate: Key realm="kong"

{
   "message": "No API key found in request"
}




先測試一個錯誤的 apikey


# http  http://localhost:8000/ip?apikey=hello
HTTP/1.1 403 Forbidden
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:37:09 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "message": "Invalid authentication credentials"
}

使用剛剛建立的 apikey 進行測試

# http http://localhost:8000/ip?apikey=gold
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Date: Thu, 25 Jan 2018 08:38:09 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 447
X-Kong-Upstream-Latency: 457
X-Powered-By: Flask
X-Processed-Time: 0.000466823577881
X-RateLimit-Limit-minute: 7
X-RateLimit-Remaining-minute: 6

{
   "origin": "172.17.0.1, xxx.xxx.xxx.xxx"
}


建立另外一個 consumer

# http   http://localhost:8001/consumers  username=free-user
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:40:15 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "created_at": 1516869615000,
   "id": "3c3c554f-a4b9-460d-8d45-93252d5f3f5d",
   "username": "free-user"
}


建立 key-auth 的 key

# http  http://localhost:8001/consumers/free-user/key-auth  key=free
HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:41:51 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "consumer_id": "3c3c554f-a4b9-460d-8d45-93252d5f3f5d",
   "created_at": 1516869711000,
   "id": "1baf16ad-4d65-47b1-8f7a-f8016f179a1e",
   "key": "free"
}


測試目前 free and gold 這兩個 key 都可以使用

# http  http://localhost:8000/ip?apikey=free
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Date: Thu, 25 Jan 2018 08:43:05 GMT
Server: meinheld/0.6.1
Via: kong/0.11.1
X-Kong-Proxy-Latency: 103
X-Kong-Upstream-Latency: 447
X-Powered-By: Flask
X-Processed-Time: 0.000643968582153
X-RateLimit-Limit-minute: 7
X-RateLimit-Remaining-minute: 6

{
   "origin": "172.17.0.1, xxx.xxx.xxx.xxx"
}



# http  http://localhost:8001/consumers/free-user/plugins  name=rate-limiting config.minute=10

HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:45:59 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "config": {
       "fault_tolerant": true,
       "hide_client_headers": false,
       "limit_by": "consumer",
       "minute": 10,
       "policy": "cluster",
       "redis_database": 0,
       "redis_port": 6379,
       "redis_timeout": 2000
   },
   "consumer_id": "3c3c554f-a4b9-460d-8d45-93252d5f3f5d",
   "created_at": 1516869959000,
   "enabled": true,
   "id": "dff9419b-c144-44c0-859c-939eb6e3ac0b",
   "name": "rate-limiting"
}


設定 gold-partner 有比較多的次數

# http  http://localhost:8001/consumers/gold-partner/plugins  name=rate-limiting config.minute=15

HTTP/1.1 201 Created
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Jan 2018 08:48:25 GMT
Server: kong/0.11.1
Transfer-Encoding: chunked

{
   "config": {
       "fault_tolerant": true,
       "hide_client_headers": false,
       "limit_by": "consumer",
       "minute": 15,
       "policy": "cluster",
       "redis_database": 0,
       "redis_port": 6379,
       "redis_timeout": 2000
   },
   "consumer_id": "55cfe8f7-8a0f-4432-bdf0-935c1b8af062",
   "created_at": 1516870106000,
   "enabled": true,
   "id": "8bb32dfb-d005-432c-8178-1ed8548c7cf9",
   "name": "rate-limiting"
}


以上, 又跨出 kong 一小步

~ enjoy it

沒有留言: