新ingress-kong安装(ingress-kong konga postgres)
2024-04-21 12:48:19
Kong是一款基于OpenResty(Nginx + Lua模块)编写的高可用、易扩展的,由Mashape公司开源的API Gateway项目。Kong是基于NGINX和Apache Cassandra或PostgreSQL构建的
在k8s集群内部创建kong网关
kong-ingress.yaml
apiVersion: v1
kind: Namespace
metadata:name: kong
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: kongclusterplugins.configuration.konghq.com
spec:additionalPrinterColumns:- JSONPath: .plugindescription: Name of the pluginname: Plugin-Typetype: string- JSONPath: .metadata.creationTimestampdescription: Agename: Agetype: date- JSONPath: .disableddescription: Indicates if the plugin is disabledname: Disabledpriority: 1type: boolean- JSONPath: .configdescription: Configuration of the pluginname: Configpriority: 1type: stringgroup: configuration.konghq.comnames:kind: KongClusterPluginplural: kongclusterpluginsshortNames:- kcpscope: Clustersubresources:status: {}validation:openAPIV3Schema:properties:config:type: objectconfigFrom:properties:secretKeyRef:properties:key:type: stringname:type: stringnamespace:type: stringrequired:- name- namespace- keytype: objecttype: objectdisabled:type: booleanplugin:type: stringprotocols:items:enum:- http- https- grpc- grpcs- tcp- tlstype: stringtype: arrayrun_on:enum:- first- second- alltype: stringrequired:- pluginversion: v1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: kongconsumers.configuration.konghq.com
spec:additionalPrinterColumns:- JSONPath: .usernamedescription: Username of a Kong Consumername: Usernametype: string- JSONPath: .metadata.creationTimestampdescription: Agename: Agetype: dategroup: configuration.konghq.comnames:kind: KongConsumerplural: kongconsumersshortNames:- kcscope: Namespacedsubresources:status: {}validation:openAPIV3Schema:properties:credentials:items:type: stringtype: arraycustom_id:type: stringusername:type: stringversion: v1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: kongingresses.configuration.konghq.com
spec:group: configuration.konghq.comnames:kind: KongIngressplural: kongingressesshortNames:- kiscope: Namespacedsubresources:status: {}validation:openAPIV3Schema:properties:proxy:properties:connect_timeout:minimum: 0type: integerpath:pattern: ^/.*$type: stringprotocol:enum:- http- https- grpc- grpcs- tcp- tlstype: stringread_timeout:minimum: 0type: integerretries:minimum: 0type: integerwrite_timeout:minimum: 0type: integertype: objectroute:properties:headers:additionalProperties:items:type: stringtype: arraytype: objecthttps_redirect_status_code:type: integermethods:items:type: stringtype: arraypath_handling:enum:- v0- v1type: stringpreserve_host:type: booleanprotocols:items:enum:- http- https- grpc- grpcs- tcp- tlstype: stringtype: arrayregex_priority:type: integerrequest_buffering:type: booleanresponse_buffering:type: booleansnis:items:type: stringtype: arraystrip_path:type: booleanupstream:properties:algorithm:enum:- round-robin- consistent-hashing- least-connectionstype: stringhash_fallback:type: stringhash_fallback_header:type: stringhash_on:type: stringhash_on_cookie:type: stringhash_on_cookie_path:type: stringhash_on_header:type: stringhealthchecks:properties:active:properties:concurrency:minimum: 1type: integerhealthy:properties:http_statuses:items:type: integertype: arrayinterval:minimum: 0type: integersuccesses:minimum: 0type: integertype: objecthttp_path:pattern: ^/.*$type: stringtimeout:minimum: 0type: integerunhealthy:properties:http_failures:minimum: 0type: integerhttp_statuses:items:type: integertype: arrayinterval:minimum: 0type: integertcp_failures:minimum: 0type: integertimeout:minimum: 0type: integertype: objecttype: objectpassive:properties:healthy:properties:http_statuses:items:type: integertype: arrayinterval:minimum: 0type: integersuccesses:minimum: 0type: integertype: objectunhealthy:properties:http_failures:minimum: 0type: integerhttp_statuses:items:type: integertype: arrayinterval:minimum: 0type: integertcp_failures:minimum: 0type: integertimeout:minimum: 0type: integertype: objecttype: objectthreshold:type: integertype: objecthost_header:type: stringslots:minimum: 10type: integertype: objectversion: v1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: kongplugins.configuration.konghq.com
spec:additionalPrinterColumns:- JSONPath: .plugindescription: Name of the pluginname: Plugin-Typetype: string- JSONPath: .metadata.creationTimestampdescription: Agename: Agetype: date- JSONPath: .disableddescription: Indicates if the plugin is disabledname: Disabledpriority: 1type: boolean- JSONPath: .configdescription: Configuration of the pluginname: Configpriority: 1type: stringgroup: configuration.konghq.comnames:kind: KongPluginplural: kongpluginsshortNames:- kpscope: Namespacedsubresources:status: {}validation:openAPIV3Schema:properties:config:type: objectconfigFrom:properties:secretKeyRef:properties:key:type: stringname:type: stringrequired:- name- keytype: objecttype: objectdisabled:type: booleanplugin:type: stringprotocols:items:enum:- http- https- grpc- grpcs- tcp- tlstype: stringtype: arrayrun_on:enum:- first- second- alltype: stringrequired:- pluginversion: v1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:name: tcpingresses.configuration.konghq.com
spec:additionalPrinterColumns:- JSONPath: .status.loadBalancer.ingress[*].ipdescription: Address of the load balancername: Addresstype: string- JSONPath: .metadata.creationTimestampdescription: Agename: Agetype: dategroup: configuration.konghq.comnames:kind: TCPIngressplural: tcpingressesscope: Namespacedsubresources:status: {}validation:openAPIV3Schema:properties:apiVersion:type: stringkind:type: stringmetadata:type: objectspec:properties:rules:items:properties:backend:properties:serviceName:type: stringservicePort:format: int32type: integertype: objecthost:type: stringport:format: int32type: integertype: objecttype: arraytls:items:properties:hosts:items:type: stringtype: arraysecretName:type: stringtype: objecttype: arraytype: objectstatus:type: objectversion: v1beta1
status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
metadata:name: kong-serviceaccountnamespace: kong
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:name: kong-ingress-clusterrole
rules:
- apiGroups:- ""resources:- endpoints- nodes- pods- secretsverbs:- list- watch
- apiGroups:- ""resources:- nodesverbs:- get
- apiGroups:- ""resources:- servicesverbs:- get- list- watch
- apiGroups:- networking.k8s.io- extensions- networking.internal.knative.devresources:- ingressesverbs:- get- list- watch
- apiGroups:- ""resources:- eventsverbs:- create- patch
- apiGroups:- networking.k8s.io- extensions- networking.internal.knative.devresources:- ingresses/statusverbs:- update
- apiGroups:- configuration.konghq.comresources:- tcpingresses/statusverbs:- update
- apiGroups:- configuration.konghq.comresources:- kongplugins- kongclusterplugins- kongcredentials- kongconsumers- kongingresses- tcpingressesverbs:- get- list- watch
- apiGroups:- ""resources:- configmapsverbs:- create- get- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:name: kong-ingress-clusterrole-nisa-binding
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kong-ingress-clusterrole
subjects:
- kind: ServiceAccountname: kong-serviceaccountnamespace: kong
---
apiVersion: v1
kind: Service
metadata:annotations:service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcpservice.beta.kubernetes.io/aws-load-balancer-type: nlbname: kong-proxynamespace: kong
spec:type: NodePortports:- name: proxyport: 80protocol: TCPtargetPort: 8000nodePort: 80- name: proxy-sslport: 443protocol: TCPtargetPort: 8443nodePort: 443selector:app: ingress-kong
---
apiVersion: v1
kind: Service
metadata:name: kong-adminnamespace: konglabels:k8s-app: kong
spec:ports:- name: adminport: 8001protocol: TCPtargetPort: 8001- name: admin-sslport: 8444protocol: TCPtargetPort: 8444selector:app: ingress-kong
---
apiVersion: v1
kind: Service
metadata:name: kong-validation-webhooknamespace: kong
spec:ports:- name: webhookport: 443protocol: TCPtargetPort: 8080selector:app: ingress-kong
---
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: ingress-kongname: ingress-kongnamespace: kong
spec:replicas: 1selector:matchLabels:app: ingress-kongtemplate:metadata:annotations:kuma.io/gateway: enabledprometheus.io/port: "8100"prometheus.io/scrape: "true"traffic.sidecar.istio.io/includeInboundPorts: ""labels:app: ingress-kongspec:tolerations:- effect: NoSchedulekey: node-role.kubernetes.io/mastercontainers:- env:- name: KONG_DATABASEvalue: postgres- name: KONG_PG_HOSTvalue: postgres- name: KONG_PG_PASSWORDvalue: kong- name: KONG_PROXY_LISTENvalue: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2- name: KONG_PORT_MAPSvalue: 80:8000, 443:8443- name: KONG_ADMIN_LISTENvalue: 0.0.0.0:8001, 0.0.0.0:8444 ssl- name: KONG_STATUS_LISTENvalue: 0.0.0.0:8100- name: KONG_NGINX_WORKER_PROCESSESvalue: "2"- name: KONG_ADMIN_ACCESS_LOGvalue: /dev/stdout- name: KONG_ADMIN_ERROR_LOGvalue: /dev/stderr- name: KONG_PROXY_ERROR_LOGvalue: /dev/stderrimage: kong:2.3lifecycle:preStop:exec:command:- /bin/sh- -c- kong quitlivenessProbe:failureThreshold: 3httpGet:path: /statusport: 8100scheme: HTTPinitialDelaySeconds: 5periodSeconds: 10successThreshold: 1timeoutSeconds: 1name: proxyports:- containerPort: 8000name: proxyprotocol: TCP- containerPort: 8443name: proxy-sslprotocol: TCP- containerPort: 8100name: metricsprotocol: TCPreadinessProbe:failureThreshold: 3httpGet:path: /statusport: 8100scheme: HTTPinitialDelaySeconds: 5periodSeconds: 10successThreshold: 1timeoutSeconds: 1- env:- name: CONTROLLER_KONG_ADMIN_URLvalue: http://127.0.0.1:8001- name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFYvalue: "false"- name: CONTROLLER_PUBLISH_SERVICEvalue: kong/kong-proxy- name: POD_NAMEvalueFrom:fieldRef:apiVersion: v1fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:apiVersion: v1fieldPath: metadata.namespaceimage: kong/kubernetes-ingress-controller:1.2imagePullPolicy: IfNotPresentlivenessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 5periodSeconds: 10successThreshold: 1timeoutSeconds: 1name: ingress-controllerports:- containerPort: 8080name: webhookprotocol: TCPreadinessProbe:failureThreshold: 3httpGet:path: /healthzport: 10254scheme: HTTPinitialDelaySeconds: 5periodSeconds: 10successThreshold: 1timeoutSeconds: 1initContainers:- command:- /bin/sh- -c- while true; do kong migrations list; if [[ 0 -eq $? ]]; then exit 0; fi; sleep 2; done;env:- name: KONG_PG_HOSTvalue: postgres- name: KONG_PG_PASSWORDvalue: kongimage: kong:2.3name: wait-for-migrationsserviceAccountName: kong-serviceaccount
---
apiVersion: apps/v1
kind: StatefulSet
metadata:name: postgresnamespace: kong
spec:replicas: 1selector:matchLabels:app: postgresserviceName: postgrestemplate:metadata:labels:app: postgresspec:containers:- env:- name: POSTGRES_USERvalue: kong- name: POSTGRES_PASSWORDvalue: kong- name: POSTGRES_DBvalue: kong- name: PGDATAvalue: /var/lib/postgresql/data/pgdataimage: postgres:11.5name: postgresports:- containerPort: 5432volumeMounts:- mountPath: /var/lib/postgresql/dataname: kong-pgsubPath: pgdataterminationGracePeriodSeconds: 60volumeClaimTemplates:- metadata:name: kong-pgspec:accessModes:- ReadWriteOncestorageClassName: "nfs-storage"resources:requests:storage: 3Gi
---
apiVersion: v1
kind: Service
metadata:name: postgresnamespace: kong
spec:ports:- name: pgqlport: 5432protocol: TCPtargetPort: 5432selector:app: postgres
---
apiVersion: batch/v1
kind: Job
metadata:name: kong-migrationsnamespace: kong
spec:template:metadata:name: kong-migrationsspec:containers:- command:- /bin/sh- -c- kong migrations bootstrapenv:- name: KONG_PG_PASSWORDvalue: kong- name: KONG_PG_HOSTvalue: postgres- name: KONG_PG_PORTvalue: "5432"image: kong:2.3name: kong-migrationsinitContainers:- command:- /bin/sh- -c- until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; doneenv:- name: KONG_PG_HOSTvalue: postgres- name: KONG_PG_PORTvalue: "5432"image: busyboxname: wait-for-postgresrestartPolicy: OnFailure---
apiVersion: apps/v1
kind: Deployment
metadata:name: konganamespace: kong
spec:replicas: 1selector:matchLabels:app: kongatemplate:metadata:labels:app: kongaspec:containers:- name: kongaimage: pantsel/kongaenv:- name: DB_ADAPTERvalue: postgres- name: DB_HOSTvalue: postgres- name: DB_PORTvalue: '5432'- name: DB_PASSWORDvalue: kong- name: DB_USERvalue: kong- name: DB_DATABASEvalue: kongaports:- containerPort: 1337name: webinitContainers:- command:- /bin/sh- -c- while true; do kong migrations list; if [[ 0 -eq $? ]]; then exit 0; fi; sleep 2; done;env:- name: KONG_PG_HOSTvalue: postgres- name: KONG_PG_PASSWORDvalue: kongimage: kong:2.3name: wait-for-migrations---
apiVersion: v1
kind: Service
metadata:name: konganamespace: kong
spec:ports:- port: 1337protocol: TCPtargetPort: 1337selector:app: konga
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: web-ingressnamespace: kongannotations:kubernetes.io/ingress.class: "kong"
spec:rules:- host: konga.test.lanhttp:paths:- path: /backend:serviceName: kongaservicePort: 1337
先把上面这个文件下载下来,了解以下里面主要的架构
kong网关几个注意的架构
ingress-kong 以kong网关建立的 Kubernetes 入口控制器
konga 网关管理界面
postgres 网关数据存储
job 初始化结构表数据
一般在新的集群内创建kong网关的时候是需要先进行postgres数据库的创建,数据库正常运行之后,再进行job初始化数据库表数据。最后再创建ingress-kong和konga。现在我进行将这些资源整合,变成了一个ingress-kong.yaml,我们直接通过一条命令就可以部署起来。
$ kubectl apply -f ingress-kong.yaml
等待3分钟,查看运行创建情况
$ kubectl get po -n kong
NAME READY STATUS RESTARTS AGE
ingress-kong-f7bd9f9f-bb6rg 2/2 Running 9 126d
kong-migrations-w2v4b 0/1 Completed 0 168d
konga-85fd66dcff-jw8gn 1/1 Running 0 97d
postgres-0 1/1 Running 1 168d配置host
ingress-kong节点ip konga.test.lan
访问konga管理平台http://konga.nq.lan
新ingress-kong安装(ingress-kong konga postgres)相关推荐
- docker安装nginx kong konga
一.docker安装nginx 1. 外网直接拉取,拉取后跳转至第三步 docker pull nginx:1.23.3 2. 内网 (1)找一个外网电脑拉取镜像 docker pull nginx ...
- 【API网关】Kong安装和基本操作
文章目录 前言 一.API网关选型和Kong的安装 1. 什么是API网关 2. API网关技术选型 3. 安装postgresql和migrations 4. 安装kong 5. 安装konga 二 ...
- kong 安装与配置
安装kong $ curl -Lo kong-2.5.0.amd64.rpm $( rpm --eval "https://download.konghq.com/gateway-2.x-c ...
- Kong安装教程(docker-compose)
软件部署 部署postgresql数据库(暂做测试) #下载仓库文件 yum install -y https://download.postgresql.org/pub/repos/yum/repo ...
- kubernetes资源控制与及ingress插件安装(容忍策略)
一.Daemonset 控制器(不支持滚动更新) 该文中的所有容器需自己创建 1.DaemonSet的概述 DaemonSet 每个机器斗要启动运行的Pod,确保全部或一些Node上运行Pod副本 - ...
- kong安装配置手册
下载OneSQL for PostgreSQL mkdir -p /root/source/kong cd /root/source/kong wget http://www.onexsoft.cn/ ...
- centos7 docker 安装企业版kong
1.安装postgres postgres最新版本 docker run -d --name kong-ee-database \-p 5432:5432 \-e "POSTGRES_USE ...
- Kong Api 初体验、Kong安装教程
见:https://blog.csdn.net/forezp/article/details/79383631 Kong是一个可扩展的开源API层(也称为API网关或API中间件). Kong运行在任 ...
- ingress controller安装总结
本文主要介绍kubernetes官方推荐的ingress控制器ingress-Nginx controller在bare-metal环境中搭建的经验总结,因为我是在私有的服务器上搭建的kubernet ...
最新文章
- 【JS】两种计时器/定时器
- matlab怎么重复一个数字,有 1、2、3、4 个数字,能组成多少个互不相同且无重复数字的三位数?都是多少?用matlab编程怎么编...
- python二:注释
- Java锁详解:“独享锁/共享锁+公平锁/非公平锁+乐观锁/悲观锁+线程锁”
- Jetty和Tomcat的比较
- javaweb(三十八)——mysql事务和锁InnoDB(扩展)
- python调用百度接口实现ocr识别_Python调用百度OCR实现图片文字识别的示例代码
- python字典速度能比字典高多少_python – 字典访问速度比较与整数键对字符串键...
- 5nm及3nm推动 台积电2024及2025年产能将主要集中在台南科学园
- java开发按键精灵_一个使用JAVA编写的类似按键精灵的程序
- 考研数据结构中的代码如何写——线性表的顺序存储
- RSA因数分解工具yafu下载地址及使用方法介绍
- windows电脑如何设置定时关机?电脑设置定时关机的方法
- 微博上一些有用的话(六)
- 推荐10款一直在使用的Chrome提效插件
- Context-Free Grammar及形状规则集
- 自然语言生成技术现状调查:核心任务、应用和评估(2)
- 三星 android 4.4 kitkat 刷机包,三星 Galaxy S III LTE(i9305) 刷机包 CM11 KitKat 安卓Android4.4 非官方版...
- [Mysql]查看mysql默认密码
- jeesite后台快速搭建