kong2.0 ハイブリッドモード
kong2.0 が出ていた。ポイントは次の3点。
ハイブリッドモード
https://docs.konghq.com/2.0.x/hybrid-mode/
- コントロールプレーン/データプレーン分離
- コントロールプレーン(cp)のkong
- db アクセス有
- KONG_ROLE=control_plane
- データプレーン(dp)のkong
- db アクセス無
- db-less モードで cp から情報引っ張ってくる感じ?
- KONG_ROLE=data_plane
- cp/dpのセキュリティ
- 証明書/キーペアが必要
証明書/キーペアを生成
だいぶ忘れている。。。雑にやってみる。。。
dbレスモードのkong 起動
$ docker run -d --name kong-less \ -v "kong-vol:/usr/local/kong" \ -e "KONG_DATABASE=off" \ -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \ -p 8000:8000 \ -p 8443:8443 \ -p 8001:8001 \ -p 8444:8444 \ kong:2.0.0
証明書/キーペアを生成
$ docker exec -it kong-less sh / $ cd /usr/local/kong/ /usr/local/kong $ mkdir cert /usr/local/kong $ cd cert /usr/local/kong/cert $ kong hybrid gen_cert Successfully generated certificate/key pairs, they have been written to: '/usr/local/kong/cert/cluster.crt' and '/usr/local/kong /cert/cluster.key'. /usr/local/kong/cert $ ls -al total 16 drwxr-xr-x 2 kong nogroup 4096 Jan 23 11:31 . drwxrwxr-x 14 kong root 4096 Jan 23 11:31 .. -rw-r--r-- 1 kong nogroup 526 Jan 23 11:31 cluster.crt -rw------- 1 kong nogroup 306 Jan 23 11:31 cluster.key /usr/local/kong/cert $ exit $ docker stop kong-less $ docker rm kong-less
コントロールプレーンのkong起動
network 作って, cassandra 立ち上げて, マイグレーションして, kong 起動。kong-vol にはさっき作った証明書が入っている。
$ docker network create kong-net $ docker run -d --name kong-database \ --network=kong-net \ -p 9042:9042 \ cassandra:3 $ docker run --rm \ --network=kong-net \ -e "KONG_DATABASE=cassandra" \ -e "KONG_PG_HOST=kong-database" \ -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \ kong:2.0.0 kong migrations bootstrap : 23 migrations processed 23 executed Database is up-to-date $ docker run -d --name kong-cp \ --network=kong-net \ -v "kong-vol:/usr/local/kong" \ -e "KONG_ROLE=control_plane" \ -e "KONG_CLUSTER_CERT=/usr/local/kong/cert/cluster.crt" \ -e "KONG_CLUSTER_CERT_KEY=/usr/local/kong/cert/cluster.key" \ -e "KONG_DATABASE=cassandra" \ -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \ -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \ -p 8000:8000 \ -p 8443:8443 \ -p 8001:8001 \ -p 8444:8444 \ -p 8005:8005 \ kong:2.0.0
データプレーンのkong
$ docker run -d --name kong-dp \ --network=kong-net \ -v "kong-vol:/usr/local/kong" \ -e "KONG_ROLE=data_plane" \ -e "KONG_CLUSTER_CONTROL_PLANE=kong-cp:8005" \ -e "KONG_CLUSTER_CERT=/usr/local/kong/cert/cluster.crt" \ -e "KONG_CLUSTER_CERT_KEY=/usr/local/kong/cert/cluster.key" \ -e "KONG_LUA_SSL_TRUSTED_CERTIFICATE=/usr/local/kong/cert/cluster.crt" \ -e "KONG_DATABASE=off" \ -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \ -p 9000:8000 \ -p 9443:8443 \ -p 9001:8001 \ -p 9444:8444 \ kong:2.0.0
クラスターの状態を確認
コンテナ確認
# docker ps CONTAINER ID IMAGE COMMAND NAMES 2ff26508e7a2 kong:2.0.0 "/docker-entrypoint.…" kong-dp 5b597f17cb3a kong:2.0.0 "/docker-entrypoint.…" kong-cp 028369c521c1 cassandra:3 "docker-entrypoint.s…" kong-database
コントロールプレーンからクラスタを確認。kong-dp がいる。
curl http://localhost:8001/clustering/status | jq { "cf749b5e-0463-4142-8f26-86bd8343c915": { "config_hash": "f8adac67f709388993f9c8b52fe5f6ca", "last_seen": 1580380612, "ip": "172.19.0.4", "hostname": "2ff26508e7a2" } }
Configuring a Service を試す
https://docs.konghq.com/2.0.x/getting-started/configuring-a-service/
1. Add your Service using the Admin API
サービス追加
$ curl -i -X POST \ --url http://localhost:8001/services/ \ --data 'name=example-service' \ --data 'url=http://mockbin.org' HTTP/1.1 201 Created Date: Thu, 30 Jan 2020 10:45:27 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/2.0.0 Content-Length: 296 X-Kong-Admin-Latency: 127 {"host":"mockbin.org", "created_at":1580381127, "connect_timeout":60000, "id":"779925da-191c-487a-9666-5982f00b3fec", "protocol":"http", "name":"example-service", "read_timeout":60000, "port":80, "path":null, "updated_at":1580381127, "retries":5, "write_timeout":60000, "tags":null, "client_certificate":null}
サービス確認
$ curl -s http://localhost:8001/services | jq . { "next": null, "data": [ { "host": "mockbin.org", "created_at": 1580381127, "connect_timeout": 60000, "id": "779925da-191c-487a-9666-5982f00b3fec", "protocol": "http", "name": "example-service", "read_timeout": 60000, "port": 80, "path": null, "updated_at": 1580381127, "retries": 5, "write_timeout": 60000, "tags": null, "client_certificate": null } ] }
2. Add a Route for the Service
ルート追加
$ curl -i -X POST \ --url http://localhost:8001/services/example-service/routes \ --data 'hosts[]=example.com' HTTP/1.1 201 Created Date: Thu, 30 Jan 2020 10:46:43 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/2.0.0 Content-Length: 429 X-Kong-Admin-Latency: 67 {"id":"59d80700-d503-4b1a-bafe-d5bdaa92cb0f", "path_handling":"v0", "paths":null, "destinations":null, "headers":null, "protocols":["http","https"], "methods":null, "snis":null, "service":{"id":"779925da-191c-487a-9666-5982f00b3fec"}, "name":null, "strip_path":true, "preserve_host":false, "regex_priority":0, "updated_at":1580381203, "sources":null, "hosts":["example.com"], "https_redirect_status_code":426, "tags":null, "created_at":1580381203}
ルート確認
$ curl -s http://localhost:8001/services | jq . { "next": null, "data": [ { "host": "mockbin.org", "created_at": 1580381127, "connect_timeout": 60000, "id": "779925da-191c-487a-9666-5982f00b3fec", "protocol": "http", "name": "example-service", "read_timeout": 60000, "port": 80, "path": null, "updated_at": 1580381127, "retries": 5, "write_timeout": 60000, "tags": null, "client_certificate": null } ] }
3. Forward your requests through Kong
curl -i -X GET \ --url http://localhost:9000/ \ --header 'Host: example.com' HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 10695 Connection: keep-alive Server: Cowboy Etag: W/"29c7-XG+PICJmz/J+UYWt5gkKqqAUXjc" Vary: Accept-Encoding Date: Thu, 30 Jan 2020 10:47:58 GMT Via: kong/2.0.0 X-Kong-Upstream-Status: 200 X-Kong-Upstream-Latency: 367 X-Kong-Proxy-Latency: 70 Kong-Cloud-Request-ID: 782983cc8a4bdd4fb240efcfcf3546f1 <!DOCTYPE html><html><head><meta charset="utf-8"><title>Mockbin by Kong</title>...