【k8s】集群中部署kong网关及添加插件
1.本地运行的设置service router的参考这篇 : 传送门
·
一.本地Docker部署及添加配置
1.docker 部署kong konga参考:https://www.cnblogs.com/jerryqm/p/12901036.html
- 创建kong-net网络
docker network create kong-net
- 启动PostgreSQL容器
docker run -d --name kong-database \
--network=kong-net \
-p 5432:5432 \
-e "POSTGRES_USER=kong" \
-e "POSTGRES_DB=kong" \
-e "POSTGRES_PASSWORD=kong" \
postgres:11.7
- 运行临时Kong容器迁移数据库
docker run --rm \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
kong:latest kong migrations bootstrap
- 启动Kong容器
docker run -d --name kong \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
-p 80:8000 \
-p 443:8443 \
-p 8001:8001 \
-p 8444:8444 \
kong:latest
测试kong
curl -i http://localhost:8001/
konga dashboard
# 迁移konga数据表到pgsql
docker run --name konga --rm \
--network=kong-net \
pantsel/konga -c prepare -a postgres -u postgresql://kong:kong@kong-database:5432/kong
# 启动konga
docker run -p 1337:1337 -d \
--network=kong-net \
-e "DB_ADAPTER=postgres" \
-e "DB_HOST=kong-database" \
-e "DB_USER=kong" \
-e "DB_PASSWORD=kong" \
-e "DB_DATABASE=kong" \
-e "KONGA_HOOK_TIMEOUT=120000" \
-e "DB_PG_SCHEMA=public" \
-e "NODE_ENV=production" \
--name konga \
pantsel/konga
2.添加插件可以在 /usr/local/share/lua/5.1/kong/plugins下 挂载插件的文件夹,配置参考:https://blog.csdn.net/weixin_40027906/article/details/86679366,修改的运行kong命令如下
docker run -d --name kong \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
-p 8000:8000 \
-p 8443:8443 \
-p 127.0.0.1:8001:8001 \
-p 127.0.0.1:8444:8444 \
# 挂载插件
-v /Users//k8s/kong/kong/plugins/ipFilter/schema.lua:/usr/local/share/lua/5.1/kong/plugins/ipFilter/schema.lua \
-v /Users//k8s/kong/kong/plugins/ipFilter/handler.lua:/usr/local/share/lua/5.1/kong/plugins/ipFilter/handler.lua \
# 注册插件
-v /Users/k8s/kong/kong/plugins/constants.lua:/usr/local/share/lua/5.1/kong/constants.lua \
kong:latest
常用的命令
进入容器 docker exec -it --user root ce2b9f93f3c5 /bin/bash
插件目录:/usr/local/share/lua/5.1/kong/plugins/
kong admin url: http://kong:8001
可以看见,ipFilter插件挂载成功
3.设置service router的参考这篇 : 传送门
4. 使用redis 设置黑名单
查看容器log
docker log -f 容器id
172.22.0.1 - - [03/Dec/2020:06:07:03 +0000] "GET /hao123 HTTP/1.1" 200 76914 "-" "PostmanRuntime/7.26.8"
2020/12/03 06:07:33 [error] 24#0: *72799 [kong] handler.lua:32 [ipFilter] IP 172.22.0.1 access denied, client: 172.22.0.1, server: kong, request: "GET /hao123 HTTP/1.1", host: "127.0.0.1:8000"
172.22.0.1 - - [03/Dec/2020:06:07:33 +0000] "GET /hao123 HTTP/1.1" 403 30 "-" "PostmanRuntime/7.26.8"
二.k8s集群部署
k8s配置管理
kubectl create configmap kong-plugin-auth --from-file=auth -n dev
auth是当前目录下的的文件夹,里面是自定义插件的lua script
plugins:
configMaps:
- name: kong-plugin-auth
pluginName: auth
遇见的错误
1.k8s 集群内 Redis: ERR illegal address
Redis-正确设置Redis的的白名单,应该在白名单中添加 ECS的私有IP及密码(k8s节点ip) 如果想使用公共IP,则需要两个都换成公有地址
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献8条内容
所有评论(0)