kong的理解和使用

APi整理
参考文档
https://www.lijiaocn.com/项目/2018/11/20/kong-features-16-work-process.html
https://blog.csdn.net/weixin_34293246/article/details/87767561
https://www.lijiaocn.com/项目/2018/11/20/kong-features-16-work-process.html
https://linuxops.org/blog/kong/admin.html
插件使用方法
https://docs.konghq.com/hub/
slots作用:就是配合权重等信息，将请求合理的分配到不同的后端服务的实体机上。
流程原理
Route -> service -> upstream -> target
Route -> service
upstream 是对上游服务器的抽象；target 代表了一个物理服务，是 ip + port 的抽象；service 是抽象层面的服务，他可以直接映射到一个物理服务(host 指向 ip + port)，也可以指向一个 upstream 来做到负载均衡；route 是路由的抽象，他负责将实际的 request 映射到 service。他们的关系如下 upstream 和 target ：1 对 n service 和 upstream ：1 对 1 或 1 对 0 （service 也可以直接指向具体的 target，相当于不做负载均衡） service 和 route：1 对 n

Route 路由
对请求进行路由功能。可以有多个，每个route中包含了serviceid。
路由用来匹配客户端请求的规则，每一个路由都要与一个服务相关联，当一个请求到达Kong的时候，会先给路由匹配，如果匹配成功，那么会将请求转发给服务，服务再去后端请求数据。所以路由是Kong的入口。
在Kong0.13.0之前的版本有API实体，因为API实体使用用起来并不方便，所以将API实体拆分成路由和服务，这样提供了最大的自由度。

{
“id”: “51e77dc2-8f3e-4afa-9d0e-0e3bbbcfd515”,
“created_at”: 1422386534,
“updated_at”: 1422386534,
“name”: “my-route”,路由名字
“protocols”: [“http”, “https”], 此路由允许的协议，取值http或https
“methods”: [“GET”, “POST”], 此路由允许的方法
“hosts”: [“example.com”, “foo.test”], 此路由允许的域名
“paths”: ["/foo", “/bar”],匹配的路径
“https_redirect_status_code”: 426,
“regex_priority”: 0, 匹配优先级。优先级一样使用最新的
“strip_path”: true, 当通过其中一个路径匹配路由时，从上游请求URL中除去匹配前缀。匹配到path时，是否删除匹配到的前缀。
“preserve_host”: false, Route将请求代理给Service时，默认将请求头中的host修改为Route中配置的host，如果不希望这样，可以设置preserve_host，使用原始请求头中的host。
匹配到hosts时，使用请求头部的值为域名向后端发起请求，请求的头部为"host",例如"host:api.abc.com"
“tags”: [“user-level”, “low-priority”],
“service”: {“id”:“fc73f2af-890d-4f9b-8363-af8945001f7f”}}
在上面的示例中，我们创建了一个路由并且关联了一个服务，在创建路由的时候并没有指定hosts，路由匹配到host的时候会允许所有，因为默认值为null。当然如果不指定其他的也是一样的。
值得注意的是，methods，hosts，paths这三个参数必须要指定一个，否则无法创建路由。

Route中的匹配条件有host、path、method三个，条件越多的Route的优先级越高。可以创建一个优先级最低的Route作为最后的“兜底”Route：
Service 服务
服务，如果不需要负载均衡可以直接指定路径和url即可。可以不是Upstream的名字，可以是一个外部的域名，做DNS平衡(里面有坑，转发会在后面加主机名，导致转发不成功，具体参考官方文档DNS-based loadbalancing)，这样请求直接被转发给外部。
服务是每一个后端真实接口的抽象，它与路由关联，客户端发起请求，如果路由匹配到了，那么会将这个请求代理到与匹配路由相关联的服务中。
在服务对象中，能组合起来成为上游服务也是唯一的，也就是说，在一个服务中无法同时存在 http和https，如果上游提供http和https服务，同时也需要Kong代理它们的话，那必须要设置两个服务。

如果是websocket请求，kong会设置下面的请求头，升级为websocket连接：{
“id”: “9748f662-7711-4a90-8186-dc02f10eb0f5”,
“created_at”: 1422386534,
“updated_at”: 1422386534,
“name”: “my-service”,如果在创建服务的时候没有指定name，那么Kong并不会自动创建name，但是会创建UUID形式的ID，Kong在调用、匹配等等的操作都是可以基于这个ID，所以这个ID绝对是全局唯一的。

"retries": 5, 代理失败时要执行的重试次数

“protocol”: “http”,和上游通讯的协议取值http或https
配置upstream或外部域信息。
“host”: “example.com”,上游服务器的主机
“port”: 80, 上游服务器的端口
“path”: “/some_api”,上游服务器请求中的路径，必须以/开头
下三个参数设置太短容易超时，出现请求失败的可能
“connect_timeout”: 60000, 与上游连接的超时时间，单位毫秒
“write_timeout”: 60000, 向上游发送请求两次连续写操作的超时时间，单位毫秒
“read_timeout”: 60000, 用于向上游服务器发送请求的两次连续读取操作之间的超时，单位毫秒
“tags”: [“user-level”, “low-priority”]}

Upstream 负载均衡
对请求进行代理的时候，主要有两项处理，一是进行负载均衡，二是调用插件进行处理。
一个Upstream可以包含多个Target，负载均衡的过程，就是为当前的请求选择一个Target的过程。
Target是IP或者host加端口，是提供服务的最小单位，每个target可以设置不同的权重：
第一种负载均衡方式是通过DNS进行负载均衡，这是Service中直接配置的是外部服务的域名或者IP，而不是Upstream的name的时候，可以采用的方法。
这种方式其实是把负载均衡放在kong外部做的，kong只需要把请求转发给对应域名，具体的负载均衡方法在DNS中设置，涉及不到Upstream和Target，kong的文档中把这也算作一种kong的负载均衡方法。
第二种方式是Ring-balancer，这种方式是kong管理的，kong相当于一个服务注册中心，负责动态增删后端服务（也就是Target），以及平衡负载，这种方式通过upstream和target设置。
Upstream是对多个target封装，多个target封装成一个虚拟的host，这个虚拟的host就是upstream的name，被用在Service的host中。
每个upstream中有一个预先设置好的slot数量，upstream中的多个target按照各自的权重分到slot中的一块，slot需要是预计的target数量的100倍。
Target可以通过admin api进行增加、删除，变更target的开销很小，upstream变更的开销比较大，因为涉及到slot的重新分配。
Target的权重设置为0，target将不被选用。
Upstream的api
Target的api
负载均衡算法默认是带有权重的轮询（weighted-round-robin ），除此之外还可使用hash的方式，hash的输入可以是：none（不使用hash的方式）, consumer, ip, header, cookie。
使用hash方式的时候，要注意，第一，target地址要使用IP，不能是域名，域名解析会带来开销，而且有些域名服务器不会返回所有可用IP，第二，选择的hash输入要是足够变化多端的，使hash的输出要足够分散。

{
“id”: “91020192-062d-416f-a275-9addeeaffaf2”,
“created_at”: 1422386534,
“name”: “my-upstream”,
“hash_on”: “none”,
“hash_fallback”: “none”,
“hash_on_cookie_path”: “/”,
“slots”: 10000,
健康检查
“healthchecks”: {
主动检查
“active”: {
“https_verify_certificate”: true,
不正常条件
“unhealthy”: {
“http_statuses”: [429, 404, 500, 501, 502, 503, 504, 505],
“tcp_failures”: 0,
“timeouts”: 0,秒，默认1秒
“http_failures”: 0,
“interval”: 0 秒。默认0.
},
检验的服务的路径
“http_path”: “/”,
“timeout”: 1, 秒
“healthy”: {
“http_statuses”: [200, 302],
“interval”: 0,
“successes”: 0
},
“https_sni”: “example.com”,
在活动运行状况检查中要同时检查的目标数。应该是需要保证至少多少台存活的意思。默认10
“concurrency”: 10,
“type”: “http”
},
被动检测
“passive”: {
“unhealthy”: {
“http_failures”: 0,
“http_statuses”: [429, 500, 503],
“tcp_failures”: 0,
“timeouts”: 0
},
“type”: “http”,
“healthy”: {
“successes”: 0,默认为0，
“http_statuses”: [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
}
}
},
“tags”: [“user-level”, “low-priority”]}
Target 后端服务器
负载均衡下真实的服务器。

{
“id”: “a3ad71a8-6685-4b03-a101-980a953544f6”,
“created_at”: 1422386534,
“upstream”: {“id”:“b87eb55d-69a1-41d2-8653-8d706eecefc0”},
“target”: “example.com:8000”,
权重
“weight”: 100,
“tags”: [“user-level”, “low-priority”]}
Consumer 消费者
配合授权插件，进行权限控制的用处。
{
“id”: “127dfc88-ed57-45bf-b77a-a9d3a152ad31”,
“created_at”: 1422386534,
“username”: “my-username”,
“custom_id”: “my-custom-id”,
“tags”: [“user-level”, “low-priority”]
}

Certificate 证书
证书配置
{
“id”: “ce44eef5-41ed-47f6-baab-f725cecf98c7”,
“created_at”: 1422386534,
“cert”: “-----BEGIN CERTIFICATE-----…”,
“key”: “-----BEGIN RSA PRIVATE KEY-----…”,
“tags”: [“user-level”, “low-priority”]
}
SNI
sni对象表示主机名到证书的多对一映射。也就是说，一个证书对象可以有许多与其关联的主机名；当Kong收到一个SSL请求时，它使用客户端hello中的sni字段根据与证书关联的sni查找证书对象。
{
“id”: “7fca84d6-7d37-4a74-a7b0-93e576089a41”,
“name”: “my-sni”,
“created_at”: 1422386534,
“tags”: [“user-level”, “low-priority”],
“certificate”: {“id”:“d044b7d4-3dc2-4bbc-8e9f-6b7a69416df6”}
}

API请求类型
获取使用GET
修改使用 PATCH
创建使用 POST方法.添加
删除使用 DELETE 方法
经验:post做添加时出现错误与，会给出具体的错误原因。Put只提供方法不允许的提示。
Delete 永远是204，不管是否成功。删完注意检查一下路由。
常用APi
/status 获取系统状态信息
/services?tags=example,admin 查询服务tags同时为example和admin
/services?tags=example/admin 查询服务tags为example或admin。

List All Tags
/tags
List Entity Ids by Tag
/tags/:tags

Service Object

Request Body
ATTRIBUTES DESCRIPTION
name
optional The Service name.
retries
optional The number of retries to execute upon failure to proxy. Defaults to 5.
protocol The protocol used to communicate with the upstream. It can be one of http or https. Defaults to “http”.
host The host of the upstream server.
port The upstream server port. Defaults to 80.
path
optional The path to be used in requests to the upstream server.
connect_timeout
optional The timeout in milliseconds for establishing a connection to the upstream server. Defaults to 60000.
write_timeout
optional The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server. Defaults to 60000.
read_timeout
optional The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server. Defaults to 60000.
tags
optional An optional set of strings associated with the Service, for grouping and filtering.
url
shorthand-attribute Shorthand attribute to set protocol, host, port and path at once. This attribute is write-only (the Admin API never “returns” the url).
Inserts (or replaces) the Service under the requested resource with the definition specified in the body. The Service will be identified via the name or id attribute.
When the name or id attribute has the structure of a UUID, the Service being inserted/replaced will be identified by its id. Otherwise it will be identified by its name.
When creating a new Service without specifying id (neither in the URL nor in the body), then it will be auto-generated.
Notice that specifying a name in the URL and a different one in the request body is not allowed.
Response
HTTP 201 Created or HTTP 200 OK

List All Services
/services
Retrieve Service
/services/{name or id}
/routes/{route name or id}/service
/plugins/{plugin id}/service
Create Service
/services
Update Service
/services/{name or id}
/routes/{route name or id}/service
/plugins/{plugin id}/service
Delete Service
/services/{name or id}
/routes/{route name or id}/service
/plugins/{plugin id}/service

Update Or Create Service
/services/{name or id}
/routes/{route name or id}/service
/plugins/{plugin id}/service

/services/{name or id}
ATTRIBUTES DESCRIPTION
name or id
required The unique identifier or the name of the Service to create or update

Create Or Update Service Associated to a Specific Route
/routes/{route name or id}/service
ATTRIBUTES DESCRIPTION
route name or id
required The unique identifier or the name of the Route associated to the Service to be created or updated

Create Or Update Service Associated to a Specific Plugin
/plugins/{plugin id}/service
ATTRIBUTES DESCRIPTION
plugin id
required The unique identifier of the Plugin a

Route Object
Request Body
ATTRIBUTES DESCRIPTION
name
optional The name of the Route.
protocols A list of the protocols this Route should allow. When set to [“https”], HTTP requests are answered with a request to upgrade to HTTPS. Defaults to [“http”, “https”].
methods
semi-optional A list of HTTP methods that match this Route. When using http or httpsprotocols, at least one of hosts, paths, or methods must be set.
hosts
semi-optional A list of domain names that match this Route. When using http or httpsprotocols, at least one of hosts, paths, or methods must be set. With form-encoded, the notation is hosts[]=example.com&hosts[]=foo.test. With JSON, use an Array.
paths
semi-optional A list of paths that match this Route. When using http or https protocols, at least one of hosts, paths, or methods must be set. With form-encoded, the notation is paths[]=/foo&paths[]=/bar. With JSON, use an Array.
https_redirect_status_code The status code Kong responds with when all properties of a Route match except the protocol i.e. if the protocol of the request is HTTP instead of HTTPS. Location header is injected by Kong if the field is set to 301, 302, 307 or 308. Defaults to 426.
regex_priority
optional A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same regex_priority, the older one (lowest created_at) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones). Defaults to 0.
strip_path
optional When matching a Route via one of the paths, strip the matching prefix from the upstream request URL. Defaults to true.
preserve_host
optional When matching a Route via one of the hosts domain names, use the request Host header in the upstream request headers. If set to false, the upstream Host header will be that of the Service’s host.
snis
semi-optional A list of SNIs that match this Route when using stream routing. When using tcp or tls protocols, at least one of snis, sources, or destinations must be set.
sources
semi-optional A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields “ip” (optionally in CIDR range notation) and/or “port”. When using tcp or tls protocols, at least one of snis, sources, or destinations must be set.
destinations
semi-optional A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields “ip” (optionally in CIDR range notation) and/or “port”. When using tcp or tls protocols, at least one of snis, sources, or destinations must be set.
tags
optional An optional set of strings associated with the Route, for grouping and filtering.
service
optional The Service this Route is associated to. This is where the Route proxies traffic to. With form-encoded, the notation is service.id=<service_id>. With JSON, use “service”:{“id”:"<service_id>"}.
Inserts (or replaces) the Route under the requested resource with the definition specified in the body. The Route will be identified via the name or id attribute.
When the name or id attribute has the structure of a UUID, the Route being inserted/replaced will be identified by its id. Otherwise it will be identified by its name.
When creating a new Route without specifying id (neither in the URL nor in the body), then it will be auto-generated.
Notice that specifying a name in the URL and a different one in the request body is not allowed.
Response

List Routes
/routes
/services/{service name or id}/routes
Retrieve Route
/routes/{name or id}
/plugins/{plugin id}/route
Add Route
/routes/{name or id}
/plugins/{plugin id}/route

Update Route
/routes/{name or id}
/plugins/{plugin id}/route

Delete Route
/routes/{name or id}
/plugins/{plugin id}/route

Update Or Create Route
/routes/{name or id}
/plugins/{plugin id}/route

Consumer Object
Request Body
ATTRIBUTES DESCRIPTION
username
semi-optional The unique username of the consumer. You must send either this field or custom_id with the request.
custom_id
semi-optional Field for storing an existing unique ID for the consumer - useful for mapping Kong with users in your existing database. You must send either this field or username with the request.
tags
optional An optional set of strings associated with the Consumer, for grouping and filtering.
Inserts (or replaces) the Consumer under the requested resource with the definition specified in the body. The Consumer will be identified via the username or id attribute.
When the username or id attribute has the structure of a UUID, the Consumer being inserted/replaced will be identified by its id. Otherwise it will be identified by its username.
When creating a new Consumer without specifying id (neither in the URL nor in the body), then it will be auto-generated.
Notice that specifying a username in the URL and a different one in the request body is not allowed.
Response

List Consumers
/consumers
Retrieve Consumer
/consumers/{username or id}
/plugins/{plugin id}/consumer
Add Consumer
/consumers
Update Consumer
/consumers/{username or id}
/plugins/{plugin id}/consumer

Delete Consumer
/consumers/{username or id}

Update Or Create Consumer
/consumers/{username or id}
/plugins/{plugin id}/consumer

Target Object
Request Body
ATTRIBUTES DESCRIPTION
target The target address (ip or hostname) and port. If the hostname resolves to an SRV record, the portvalue will be overridden by the value from the DNS record.
weight
optional The weight this target gets within the upstream loadbalancer (0-1000). If the hostname resolves to an SRV record, the weight value will be overridden by the value from the DNS record. Defaults to 100.
tags
optional An optional set of strings associated with the Target, for grouping and filtering.
List All Targets
/upstreams/{name or id}/targets/all/
List Targets
/upstreams/{upstream host:port or id}/targets
Add Target
/upstreams/{upstream host:port or id}/targets
Delete Target
/upstreams/{upstream name or id}/targets/{host:port or id}
Set Target As Healthy
/upstreams/{upstream name or id}/targets/{target or id}/healthy
Set Target As Unhealthy
/upstreams/{upstream name or id}/targets/{target or id}/unhealthy
Upstream Object
Request Body
ATTRIBUTES DESCRIPTION
name This is a hostname, which must be equal to the host of a Service.
hash_on
optional What to use as hashing input: none (resulting in a weighted-round-robin scheme with no hashing), consumer, ip, header, or cookie. Defaults to “none”.
hash_fallback
optional What to use as hashing input if the primary hash_on does not return a hash (eg. header is missing, or no consumer identified). One of: none, consumer, ip, header, or cookie. Not available if hash_on is set to cookie. Defaults to “none”.
hash_on_header
semi-optional The header name to take the value from as hash input. Only required when hash_on is set to header.
hash_fallback_header
semi-optional The header name to take the value from as hash input. Only required when hash_fallback is set to header.
hash_on_cookie
semi-optional The cookie name to take the value from as hash input. Only required when hash_on or hash_fallback is set to cookie. If the specified cookie is not in the request, Kong will generate a value and set the cookie in the response.
hash_on_cookie_path
semi-optional The cookie path to set in the response headers. Only required when hash_on or hash_fallback is set to cookie. Defaults to “/”.
slots
optional The number of slots in the loadbalancer algorithm (10-65536). Defaults to 10000.
healthchecks.active.https_verify_certificate
optional Whether to check the validity of the SSL certificate of the remote host when performing active health checks using HTTPS. Defaults to true.
healthchecks.active.unhealthy.http_statuses
optional An array of HTTP statuses to consider a failure, indicating unhealthiness, when returned by a probe in active health checks. Defaults to [429, 404, 500, 501, 502, 503, 504, 505]. With form-encoded, the notation is http_statuses[]=429&http_statuses[]=404. With JSON, use an Array.
healthchecks.active.unhealthy.tcp_failures
optional Number of TCP failures in active probes to consider a target unhealthy. Defaults to 0.
healthchecks.active.unhealthy.timeouts
optional Number of timeouts in active probes to consider a target unhealthy. Defaults to 0.
healthchecks.active.unhealthy.http_failures
optional Number of HTTP failures in active probes (as defined by healthchecks.active.unhealthy.http_statuses) to consider a target unhealthy. Defaults to 0.
healthchecks.active.unhealthy.interval
optional Interval between active health checks for unhealthy targets (in seconds). A value of zero indicates that active probes for unhealthy targets should not be performed. Defaults to 0.
healthchecks.active.http_path
optional Path to use in GET HTTP request to run as a probe on active health checks. Defaults to “/”.
healthchecks.active.timeout
optional Socket timeout for active health checks (in seconds). Defaults to 1.
healthchecks.active.healthy.http_statuses
optional An array of HTTP statuses to consider a success, indicating healthiness, when returned by a probe in active health checks. Defaults to [200, 302]. With form-encoded, the notation is http_statuses[]=200&http_statuses[]=302. With JSON, use an Array.
healthchecks.active.healthy.interval
optional Interval between active health checks for healthy targets (in seconds). A value of zero indicates that active probes for healthy targets should not be performed. Defaults to 0.
healthchecks.active.healthy.successes
optional Number of successes in active probes (as defined by healthchecks.active.healthy.http_statuses) to consider a target healthy. Defaults to 0.
healthchecks.active.https_sni
optional The hostname to use as an SNI (Server Name Identification) when performing active health checks using HTTPS. This is particularly useful when Targets are configured using IPs, so that the target host’s certificate can be verified with the proper SNI.
healthchecks.active.concurrency
optional Number of targets to check concurrently in active health checks. Defaults to 10.
healthchecks.active.type
optional Whether to perform active health checks using HTTP or HTTPS, or just attempt a TCP connection. Possible values are tcp, http or https. Defaults to “http”.
healthchecks.passive.unhealthy.http_failures
optional Number of HTTP failures in proxied traffic (as defined by healthchecks.passive.unhealthy.http_statuses) to consider a target unhealthy, as observed by passive health checks. Defaults to 0.
healthchecks.passive.unhealthy.http_statuses
optional An array of HTTP statuses which represent unhealthiness when produced by proxied traffic, as observed by passive health checks. Defaults to [429, 500, 503]. With form-encoded, the notation is http_statuses[]=429&http_statuses[]=500. With JSON, use an Array.
healthchecks.passive.unhealthy.tcp_failures
optional Number of TCP failures in proxied traffic to consider a target unhealthy, as observed by passive health checks. Defaults to 0.
healthchecks.passive.unhealthy.timeouts
optional Number of timeouts in proxied traffic to consider a target unhealthy, as observed by passive health checks. Defaults to 0.
healthchecks.passive.type
optional Whether to perform passive health checks interpreting HTTP/HTTPS statuses, or just check for TCP connection success. Possible values are tcp, http or https (in passive checks, http and https options are equivalent.). Defaults to “http”.
healthchecks.passive.healthy.successes
optional Number of successes in proxied traffic (as defined by healthchecks.passive.healthy.http_statuses) to consider a target healthy, as observed by passive health checks. Defaults to 0.
healthchecks.passive.healthy.http_statuses
optional An array of HTTP statuses which represent healthiness when produced by proxied traffic, as observed by passive health checks. Defaults to [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]. With form-encoded, the notation is http_statuses[]=200&http_statuses[]=201. With JSON, use an Array.
tags
optional An optional set of strings associated with the Upstream, for grouping and filtering.
Inserts (or replaces) the Upstream under the requested resource with the definition specified in the body. The Upstream will be identified via the name or id attribute.
When the name or id attribute has the structure of a UUID, the Upstream being inserted/replaced will be identified by its id. Otherwise it will be identified by its name.
When creating a new Upstream without specifying id (neither in the URL nor in the body), then it will be auto-generated.
Notice that specifying a name in the URL and a different one in the request body is not allowed.
List Upstreams
/upstreams
Retrieve Upstream
/upstreams/{name or id}
/targets/{target host:port or id}/upstream
Add Upstream
/upstreams
Update Upstream
/upstreams/{name or id}
/targets/{target host:port or id}/upstream
Delete Upstream
/upstreams/{name or id}
/targets/{target host:port or id}/upstream
Update Or Create Upstream
/upstreams/{name or id}
/targets/{target host:port or id}/upstream

Show Upstream Health for Node
/upstreams/{name or id}/health/

Plugin Object
Request Body
ATTRIBUTES DESCRIPTION
name The name of the Plugin that’s going to be added. Currently the Plugin must be installed in every Kong instance separately.
route
optional If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the Route being used. Defaults to null. With form-encoded, the notation is route.id=<route_id>. With JSON, use “route”:{“id”:"<route_id>"}.
service
optional If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched. Defaults to null. With form-encoded, the notation is service.id=<service_id>. With JSON, use “service”:{“id”:"<service_id>"}.
consumer
optional If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated consumer. Defaults to null. With form-encoded, the notation is consumer.id=<consumer_id>. With JSON, use “consumer”:{“id”:"<consumer_id>"}.
config
optional The configuration properties for the Plugin which can be found on the plugins documentation page in the Kong Hub.

run_on Control on which Kong nodes this plugin will run, given a Service Mesh scenario. Accepted values are: * first, meaning “run on the first Kong node that is encountered by the request”. On an API Getaway scenario, this is the usual operation, since there is only one Kong node in between source and destination. In a sidecar-to-sidecar Service Mesh scenario, this means running the plugin only on the Kong sidecar of the outbound connection. * second, meaning “run on the second node that is encountered by the request”. This option is only relevant for sidecar-to-sidecar Service Mesh scenarios: this means running the plugin only on the Kong sidecar of the inbound connection. * all means “run on all nodes”, meaning both sidecars in a sidecar-to-sidecar scenario. This is useful for tracing/logging plugins. Defaults to “first”.
protocols A list of the request protocols that will trigger this plugin. Possible values are “http”, “https”, “tcp”, and “tls”. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will may only support “tcp” and “tls”. Defaults to [“http”, “https”].
enabled
optional Whether the plugin is applied. Defaults to true.
tags
optional An optional set of strings associated with the Plugin
List Plugins
/plugins
/routes/{route id}/plugins
/services/{service id}/plugins
/consumers/{consumer id}/plugins
Retrieve Plugin
/plugins/{plugin id}
Add Plugin
/plugins
/routes/{route id}/plugins
/services/{service id}/plugins
/consumers/{consumer id}/plugins
Update Plugin
/plugins/{plugin id}
Delete Plugin
/plugins/{plugin id}
Update Or Create Plugin
/plugins/{plugin id}
Retrieve Enabled Plugins
/plugins/enabled
Retrieve Plugin Schema
/plugins/schema/{plugin name}

Certificate Object
Request Body
ATTRIBUTES DESCRIPTION
cert PEM-encoded public certificate of the SSL key pair.
key PEM-encoded private key of the SSL key pair.
tags
optional An optional set of strings associated with the Certificate, for grouping and filtering.
snis
shorthand-attribute An array of zero or more hostnames to associate with this certificate as SNIs. This is a sugar parameter that will, under the hood, create an SNI object and associate it with this certificate for your convenience.

List Certificates
/certificates
Add Certificate
/certificates
Retrieve Certificate
/certificates/{certificate id}
Update Certificate
/certificates/{certificate id}
Delete Certificate
/certificates/{certificate id}

Update Or Create Certificate
/certificates/{certificate id}
SNI Object
Request Body
ATTRIBUTES DESCRIPTION
name The SNI name to associate with the given certificate.
tags
optional An optional set of strings associated with the SNIs, for grouping and filtering.
certificate The id (a UUID) of the certificate with which to associate the SNI hostname With form-encoded, the notation is certificate.id=<certificate_id>. With JSON, use “certificate”:{“id”:"<certificate_id>"}.

Add SNI
/snis
/certificates/{certificate name or id}/snis
List SNIs
/snis
/certificates/{certificate name or id}/snis
Retrieve SNI
/snis/{name or id}
Update SNI
/snis/{name or id}
Update Or Create SNI
/snis/{name or id}
Delete SNI
/snis/{name or id}

kong的理解和使用相关推荐

kong笔记——kong/konga的搭建
kong笔记目录导航本篇及以后的此系列文章皆为实战篇版本介绍(重点,重点,一定要观察版本,防止不兼容情况!!): kong 2.5.0 konga 0.14.9 pgsql 9.6 linux ...
Kong APIGW — Overview
目录文章目录目录 Kong Kong 的软件架构竞品对比 Kong Kong 是一款由 Mashape 公司开源的 APIGW 软件,基于 OpenResty(Nginx + Lua 模块)实现 ...
Kong 发布 Kong Brain 和 Kong Immunity，可进行智能自动化和适应性监控
四个月前,在Kong Summit我们做了API管理已死的主题演讲,并表达了想做服务控制平台的愿景.今天,我们正朝着实现这一愿景迈出关键的一步,在Kong企业版平台上推出了人工智能和机器学习的新功能- ...
花5分钟时间来了解一下高性能网关Kong会有意外收获
前言前几天开源发布了 Kong.Net 项目,收到了大量园友的反馈,开源当天就突破了 100 个star ,可喜可贺,但是从侧面也说明,我们 .NetCore 阵营真的非常需要拥抱开源,应该敞开心扉 ...
[云框架]KONG API Gateway v1.5 -框架说明、快速部署、插件开发
前些天发现了一个巨牛的人工智能学习网站,通俗易懂,风趣幽默,忍不住分享一下给大家.点击跳转到教程. 当前版本采用KONGv0.12.3 当我们决定对应用进行微服务改造时,应用客户端如何与微服务交互的问 ...
《深入理解 Spring Cloud 与微服务构建》第十一章服务网关
<深入理解 Spring Cloud 与微服务构建>第十一章服务网关文章目录 <深入理解 Spring Cloud 与微服务构建>第十一章服务网关一.服务网关简介二. ...
Kong API Gateway 配置文件详解
全栈工程师开发手册 (作者:栾鹏) 架构系列文章一.前言 Kong配置文件是Kong服务的核心文件,它配置了Kong以怎么的方式运行,并且依赖于这个配置生成Nginx的配置文件,本文通过解读Kong ...
kong 网关教程入门
全栈工程师开发手册 (作者:栾鹏) 架构系列文章为什么使用API-Gateway 1. 方便客户端维护-- 每个请求方不用管理多个api url,统一访问api-gateway即可 2. 接口重构时 ...
通过Keycloak API理解OAuth2与OpenID Connect
文章目录通过Keycloak API理解OAuth2与OpenID Connect 前言 OAuth2 介绍 OAuth2核心概念 OAuth2 核心数据 JWT OAuth2 flow Autho ...

kong的理解和使用

kong的理解和使用相关推荐

最新文章

热门文章