API 网关 kong/konga 安装部署
程序员文章站
2022-06-22 15:56:23
...
一、概述
Kong是Mashape开源的高性能高可用API网关和API服务管理层。自2015年在github开源后,广泛受到关注。它基于OpenResty,进行API管理,并提供了插件实现API的AOP。Kong在Mashape 管理了超过15,000 个API,为200,000开发者提供了每月数十亿的请求支持。
在微服务架构之下,服务被拆的非常零散,降低了耦合度的同时也给服务的统一管理增加了难度。如上图左所示,在旧的服务治理体系之下,鉴权,限流,日志,监控等通用功能需要在每个服务中单独实现,这使得系统维护者没有一个全局的视图来统一管理这些功能。API 网关致力于解决的问题便是为微服务纳管这些通用的功能,在此基础上提高系统的可扩展性。如右图所示,微服务搭配上 API 网关,可以使得服务本身更专注于自己的领域,很好地对服务调用者和服务提供者做了隔离。
为什么使用API-Gateway:
1. 方便客户端维护-- 每个请求方不用管理多个api url,统一访问api-gateway即可
2. 接口重构时调用方不须了解接口本身等拆分和聚合
3. 客户端无须关心接口协议
4. 统一权限控制、接口请求访问日志统计
5. 安全,是保护内部服务而设计的一道屏障
5. 开源-最大好处
Kong是一款基于Nginx_Lua模块写的高可用,由于Kong是基于Nginx的,所以可以水平扩展多个Kong服务器,通过前置的负载均衡配置把请求均匀地分发到各个Server,来应对大批量的网络请求。
Kong主要有三个组件:
Kong Server :基于nginx的服务器,用来接收API请求。
Apache Cassandra/PostgreSQL :用来存储操作数据。
Kong dashboard:官方推荐UI管理工具,当然,也可以使用 restfull 方式 管理 admin api。
Kong采用插件机制进行功能定制,插件集(可以是0或N个)在API请求响应循环的生命周期中被执行,插件使用Lua编写。
目前已有几个基础功能:HTTP基本认证、密钥认证、CORS(Cross-Origin Resource Sharing,跨域资源共享)、TCP、UDP、文件日志、API请求限流、请求转发以及Nginx监控。
Kong 的插件机制是其高可扩展性的根源,Kong 可以很方便地为路由和服务提供各种插件,网关所需要的基本特性,Kong 都如数支持:
Cloud-Native:与平台无关,Kong可以从裸机运行到Kubernetes。
动态负载平衡:在多个上游服务之间平衡流量。
基于哈希的负载平衡:具有一致的哈希/粘性会话的负载平衡。
断路器:智能跟踪不健康的上游服务。
运行状况检查:主动和被动监视上游服务。
服务发现:在第三方DNS解析器(例如Consul)中解析SRV记录。
无服务器:直接从Kong调用和保护AWS Lambda或OpenWhisk功能。
WebSockets:通过WebSockets与您的上游服务进行通信。
gRPC:与gRPC服务进行通信,并通过日志记录和可观察性插件观察流量
OAuth2.0:轻松将OAuth2.0身份验证添加到您的API。
日志记录:通过HTTP,TCP,UDP或磁盘记录对系统的请求和响应。
安全性:ACL,僵尸程序检测,白名单/黑名单IP等。
Syslog:登录到系统日志。
SSL:为基础服务或API设置特定的SSL证书。
监视:实时监视提供关键的负载和性能服务器指标。
转发代理:使Kong连接到透明的中介HTTP代理。
认证:HMAC,JWT,Basic等。
速率限制:基于许多变量的阻止和限制请求。
转换:添加,删除或处理HTTP请求和响应。
缓存:在代理层缓存并提供响应。
CLI:从命令行控制Kong群集。
REST API:Kong可以使用其RESTful API进行操作,以实现最大的灵活性。
地理复制:跨不同区域的配置始终是最新的。
故障检测和恢复:如果您的Cassandra节点之一发生故障,则 Kong不会受到影响。
群集:所有Kong节点自动加入群集,并在各个节点之间更新其配置。
可伸缩性:Kong本质上分布,只需添加节点即可水平扩展。
性能:Kong通过扩展和使用NGINX作为核心轻松处理负载。
插件:可扩展的体系结构,用于向Kong和API添加功能。
Kong网关插件:
身份认证插件:Kong提供了Basic Authentication、Key authentication、OAuth2.0 authentication、HMAC authentication、JWT、LDAP authentication认证实现。
安全控制插件:ACL(访问控制)、CORS(跨域资源共享)、动态SSL、IP限制、爬虫检测实现。
流量控制插件:请求限流(基于请求计数限流)、上游响应限流(根据upstream响应计数限流)、请求大小限制。限流支持本地、Redis和集群限流模式。
分析监控插件:Galileo(记录请求和响应数据,实现API分析)、Datadog(记录API Metric如请求次数、请求大小、响应状态和延迟,可视化API Metric)、Runscope(记录请求和响应数据,实现API性能测试和监控)。
协议转换插件:请求转换(在转发到upstream之前修改请求)、响应转换(在upstream响应返回给客户端之前修改响应)。
日志应用插件:TCP、UDP、HTTP、File、Syslog、StatsD、Loggly等。
请求流程:
当Kong运行时,每个对API的请求将先被Kong命中,然后这个请求将会被代理转发到最终的API接口。在请求(Requests)和响应(Responses)之间,Kong将会执行已经事先安装和配置好的任何插件,授权您的API访问操作。Kong是每个API请求的入口点(Endpoint)
二、安装Kong:
安装准备:
yum -y install epel-release
下载kong rpm:
https://kong.bintray.com/kong-community-edition-rpm/centos/7/:kong-community-edition-1.1.2.el7.noarch.rpm
上传服务器:
/opt/kong
安装kong:
cd /opt/kong
yum install kong-community-edition-1.1.2.el7.noarch.rpm --nogpgcheck
三、安装 PostgreSQL 11.9
官网下载PostgreSQL 11.9
https://www.postgresql.org/ftp/source/
官网下载PostgreSQL 12.4
https://www.postgresql.org/ftp/source/v12.4/
上传服务器:
/opt/kong
解压:
cd /opt/kong
tar -zvxf postgresql-11.9.tar.gz
mv postgresql-11.9 /usr/local/
编译:
cd /usr/local/postgresql-11.9/
./configure --prefix=/usr/local/postgresql
安装:
# make
# make install
以下为官方安装(https://www.postgresql.org/download/linux/redhat/)
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install -y postgresql12-server
/usr/pgsql-12/bin/postgresql-12-setup initdb
systemctl enable postgresql-12
systemctl start postgresql-12
四、PostgreSQL用户权限和环境变量设置
提示:默认root用户不能启动postgresql数据库
创建postgres用户:
# useradd postgres
# passwd postgres ## 密码 postgres
设置权限:
# mkdir -p /data/postgresql/data/
# mkdir -p /data/postgresql/log/
# chown -R postgres:postgres /data/postgresql/data/
# chown -R postgres:postgres /data/postgresql/log/
# chown -R postgres:postgres /usr/local/postgresql/
添加环境变量:
#postgresql
export POSTGRESQL_HOME=/usr/local/postgresql
export PGDATA=/data/postgresql/data/
export PATH=$PATH:$POSTGRESQL_HOME/bin:$PGDATA
检查是否配置成功:
[root@hadoop000 ~]$ /usr/local/postgresql/bin/psql -V
psql (PostgreSQL) 11.9
切换用户:
su - postgres
初始化数据库(用户postgres执行)
[postgres@hadoop000 ~]$ /usr/local/postgresql/bin/initdb -D /data/postgresql/data/
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /data/postgresql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default timezone ... PRC
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
Success. You can now start the database server using:
/usr/local/postgresql/bin/pg_ctl -D /data/postgresql/data/ -l logfile start
检查数据库文件:
# cd /data/postgresql/data
[postgres@hadoop000 ~]$ ls
base pg_commit_ts pg_hba.conf pg_logical pg_notify pg_serial pg_stat pg_subtrans pg_twophase pg_wal postgresql.auto.conf
global pg_dynshmem pg_ident.conf pg_multixact pg_replslot pg_snapshots pg_stat_tmp pg_tblspc PG_VERSION pg_xact postgresql.conf
修改访问控制配置:pg_hba.conf文件,添加host all all 0.0.0.0/0 md5可使其远程访问,加密方式改为MD5(密码访问)
[postgres@hadoop000 ~]$ vi pg_hba.conf
.........................
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 0.0.0.0/0 md5
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
提示:
(1)host all all 127.0.0.1/32 trust表示本地连接数据库不需要输入密码(即使有密码,设为trust后就不需要密码)
(2)host all all 0.0.0.0/0 md5 表示所有主机连接数据库需要输入密码
(3)当然,这两个综合后表现的结果就是:对于本机链接表示信任(不需要输入密码),对于非本机链接需要输入密码
修改postgresql.conf 主配置文件,将localhost 改为*,表示监听整个网络
[postgres@hadoop000 ~]$ vi postgresql.conf
..............
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
#unix_socket_directories = '/tmp' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
................
五、启动 PostgreSQL
启动数据库(用户postgres执行):
[postgres@hadoop000 ~]$ /usr/local/postgresql/bin/pg_ctl start -D /data/postgresql/data/ -l /data/postgresql/log/pg_server.log
waiting for server to start.... done
server started
查看是否安装成功:
[root@hadoop000 data]# netstat -tlun | grep 5432 #postgres是占用5432端口
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
重启数据库:
[postgres@hadoop000 ~]$ /usr/local/postgresql/bin/pg_ctl restart -D /data/postgresql/data/ -l /data/postgresql/log/pg_server.log
关闭postgresql数据库:
pg_ctl stop -m fast
连接数据库(用户postgres执行):
[postgres@hadoop000 ~]$ /usr/local/postgresql/bin/psql
修改密码:
连接成功后,直接输入\password 可修改密码 (password=postgres)
创建Kong用户和数据库:
postgres=# create user kong;
CREATE ROLE
postgres=#alter role kong with password 'kongpw';
postgres=# create database kong owner kong;
CREATE DATABASE
补存:
查看系统用户信息:
SELECT usename FROM pg_user;
获得当前postgresql版本:
SELECT version();
查看数据库用户列表:
SELECT * FROM pg_shadow;
查看客户端编码:
show client_encoding;
查看客户端连接情况:
SELECT client_addr,client_port,query_start,state,query FROM pg_stat_activity;
查看被锁定表:
SELECT pg_class.relname AS table, pg_database.datname AS database, pid, mode, granted FROM pg_locks, pg_class, pg_database WHERE pg_locks.relation = pg_class.oid AND pg_locks.database = pg_database.oid;
查看数据库大小:
SELECT pg_size_pretty(pg_database_size('kong')) As fulldbsize;
六、启动Kong:
导入Kong数据:
[root@hadoop000 ~]$ cp /etc/kong/kong.conf.default /etc/kong/kong.conf ##root 用户执行
[root@hadoop000 ~]$ vi /etc/kong/kong.conf
修改以上配置文件
#------------------------------------------------------------------------------
# GENERAL
#------------------------------------------------------------------------------
prefix = /usr/local/kong/ # Working directory. Equivalent to Nginx's
# prefix path, containing temporary files
# and logs.
# Each Kong process must have a separate
# working directory.
log_level = notice # Log level of the Nginx server. Logs are
# found at `<prefix>/logs/error.log`.
proxy_access_log = logs/access.log # Path for proxy port request access
# logs. Set this value to `off` to
# disable logging proxy requests.
# If this value is a relative path,
# it will be placed under the
# `prefix` location.
proxy_error_log = logs/error.log # Path for proxy port request error
# logs. The granularity of these logs
# is adjusted by the `log_level`
# property.
admin_access_log = logs/admin_access.log # Path for Admin API request access
# logs. Set this value to `off` to
# disable logging Admin API requests.
# If this value is a relative path,
# it will be placed under the
# `prefix` location.
admin_error_log = logs/error.log # Path for Admin API request error
# logs. The granularity of these logs
# is adjusted by the `log_level`
# property.
#------------------------------------------------------------------------------
# NGINX
#------------------------------------------------------------------------------
proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl
admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl
nginx_worker_processes = auto
nginx_daemon = on
#------------------------------------------------------------------------------
# DATASTORE
#------------------------------------------------------------------------------
database = postgres # Determines which of PostgreSQL or Cassandra
# this node will use as its datastore.
# Accepted values are `postgres`,
# `cassandra`, and `off`.
pg_host = 192.101.11.152 # Host of the Postgres server.
pg_port = 5432 # Port of the Postgres server.
#pg_timeout = 5000 # Defines the timeout (in ms), for connecting,
# reading and writing.
pg_user = kong # Postgres user.
pg_password = kongpw # Postgres user's password.
pg_database = kong # The database name to connect to.
导入:
[postgres@hadoop000 ~]$ kong migrations bootstrap -c /etc/kong/kong.conf
2020/08/21 22:24:32 [warn] 27376#0: *2 [lua] client.lua:568: init(): [dns-client] Invalid configuration, no valid nameservers found, context: ngx.timer
bootstrapping database...
migrating core on database 'kong'...
core migrated up to: 000_base (executed)
core migrated up to: 001_14_to_15 (executed)
core migrated up to: 002_15_to_1 (executed)
core migrated up to: 003_100_to_110 (executed)
migrating oauth2 on database 'kong'...
oauth2 migrated up to: 000_base_oauth2 (executed)
oauth2 migrated up to: 001_14_to_15 (executed)
oauth2 migrated up to: 002_15_to_10 (executed)
migrating acl on database 'kong'...
acl migrated up to: 000_base_acl (executed)
acl migrated up to: 001_14_to_15 (executed)
migrating jwt on database 'kong'...
jwt migrated up to: 000_base_jwt (executed)
jwt migrated up to: 001_14_to_15 (executed)
migrating basic-auth on database 'kong'...
basic-auth migrated up to: 000_base_basic_auth (executed)
basic-auth migrated up to: 001_14_to_15 (executed)
migrating key-auth on database 'kong'...
key-auth migrated up to: 000_base_key_auth (executed)
key-auth migrated up to: 001_14_to_15 (executed)
migrating rate-limiting on database 'kong'...
rate-limiting migrated up to: 000_base_rate_limiting (executed)
rate-limiting migrated up to: 001_14_to_15 (executed)
rate-limiting migrated up to: 002_15_to_10 (executed)
rate-limiting migrated up to: 003_10_to_112 (executed)
migrating hmac-auth on database 'kong'...
hmac-auth migrated up to: 000_base_hmac_auth (executed)
hmac-auth migrated up to: 001_14_to_15 (executed)
migrating response-ratelimiting on database 'kong'...
response-ratelimiting migrated up to: 000_base_response_rate_limiting (executed)
response-ratelimiting migrated up to: 001_14_to_15 (executed)
response-ratelimiting migrated up to: 002_15_to_10 (executed)
24 migrations processed
24 executed
database is up-to-date
报错问题:
2020/08/21 21:46:45 [warn] 25091#0: *2 [lua] client.lua:568: init(): [dns-client] Invalid configuration, no valid nameservers found, context: ngx.timer
2020-08-21 21:46:45.934 CST [25093] FATAL: no pg_hba.conf entry for host "192.101.11.152", user "kong", database "kong"
Error: [PostgreSQL error] failed to retrieve server_version_num: FATAL: no pg_hba.conf entry for host "192.101.11.152", user "kong", database "kong"
Run with --v (verbose) or --vv (debug) for more details
解决方法:
vi /etc/kong/kong.conf ##修改 pg_host 从192.101.11.152 改为127.0.0.1
pg_host = 127.0.0.1 # Host of the Postgres server.
启动:
[root@hadoop000 ~]# kong start
2020/08/21 22:28:24 [warn] 27673#0: *2 [lua] client.lua:568: init(): [dns-client] Invalid configuration, no valid nameservers found, context: ngx.timer
2020/08/21 22:28:24 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n"
Kong started
验证Kong是否成功启动:
[root@hadoop000 local]# curl -I -m 10 -o /dev/null -s -w '%{http_code}\n' http://localhost:8001/
200
提示:
停止kong:
# kong stop
重新启动
# kong restart
重新加载:
# kong reload
Kong默认监听下面端口:
8000,监听来自客户端的HTTP流量,转发到你的upstream服务上。
8443,监听HTTPS的流量,功能跟8000一样。可以通过配置文件禁止。
8001,Kong的HTTP监听的api管理接口。
8444,Kong的HTTPS监听的API管理接口。
检查kong是否安装成功:
curl -i http://localhost:8001/
或者
curl 127.0.0.1:8001 #也可以用浏览器访问:ip:8001
七、安装 Konga:
konga介绍:
konga带来的一个最大的便利就是可以很好地通过UI观察到现在kong的所有的配置,并且可以对于管理kong节点情况进行查看、监控和预警,konga主要特性如下:
多用户管理
管理多个Kong节点
电子邮件异常信息通知
管理所有Kong Admin API
使用快照备份,还原和迁移Kong节点
使用运行状况检查监控节点和API状态
轻松的数据库集成(MySQL,postgresSQL,MongoDB)
1、拉取镜像
docker pull pantsel/konga:0.14.6
2、创建konga数据库:
su - postgres
/usr/local/postgresql/bin/psql
create user konga with password 'konga';
CREATE DATABASE "konga" WITH ENCODING='UTF8';
给konga分配数据库:
ALTER DATABASE konga OWNER TO konga;
赋予用户konga权限:
grant all privileges on database konga to konga;
修改用户密码:
alter role konga with password 'kongapw';
查询用户信息:
SELECT * FROM pg_roles WHERE rolname='konga';
提示:
创建数据库:
CREATE DATABASE name
[ [ WITH ] [ OWNER [=] user_name ]
[ TEMPLATE [=] template ]
[ ENCODING [=] encoding ]
[ LC_COLLATE [=] lc_collate ]
[ LC_CTYPE [=] lc_ctype ]
[ TABLESPACE [=] tablespace_name ]
[ CONNECTION LIMIT [=] connlimit ] ]
create database school with owner=president template=template0 encoding='UTF8' lc_collate='C' lc_ctype='C' tablespace=tbs_test connection limit = 100;
修改数据库:
ALTER DATABASE name RENAME TO new_name;
ALTER DATABASE name OWNER TO new_owner;
ALTER DATABASE name SET TABLESPACE new_tablespace;
删除数据库:
DROP DATABASE IF EXISTS konga;
3、初始化konga数据库:
docker run --rm pantsel/konga:0.14.6 -c prepare -a postgres -u postgresql://{DB-user}:{DB-pass}@{DB-host}:{DB-port}/konga
相关命令解读:
命令 描述 默认
-c 执行的命令,这里我们执行的是prepare -
-a adapter 简写 ,可以是postgres 或者mysql -
-u db url 数据库连接全称 -
docker run --rm pantsel/konga:0.14.6 -c prepare -a postgres -u postgresql://konga:konga@192.101.11.152:5432/konga
debug: Preparing database...
Using postgres DB Adapter.
Database exists. Continue...
debug: Hook:api_health_checks:process() called
debug: Hook:health_checks:process() called
debug: Hook:start-scheduled-snapshots:process() called
debug: Hook:upstream_health_checks:process() called
debug: Hook:user_events_hook:process() called
debug: Seeding User...
debug: User seed planted
debug: Seeding Kongnode...
debug: Kongnode seed planted
debug: Seeding Emailtransport...
debug: Emailtransport seed planted
debug: Database migrations completed!
到此Konga的数据库环境就搞定了。
遇到问题1:
debug: Preparing database...
Using postgres DB Adapter.
Failed to connect to DB { Error: connect ECONNREFUSED 127.0.0.1:5432
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1106:14)
errno: 'ECONNREFUSED',
code: 'ECONNREFUSED',
syscall: 'connect',
address: '127.0.0.1',
port: 5432 }
解决方案:
修改:vi /etc/kong/kong.conf
pg_host = 127.0.0.1
修改为:
pg_host = 192.101.11.152
重新启动:
# kong restart
遇到问题2:
Failed to connect to DB { error: no pg_hba.conf entry for host "172.17.0.3", user "konga", database "konga"
遇到问题2:
Failed to connect to DB { error: no pg_hba.conf entry for host "172.17.0.3", user "konga", database "konga"
致命错误: 用户 "postgres" Ident 认证失败
解决方案:
修改vi /data/postgresql/data/pg_hba.conf
host all all 0.0.0.0/32 trust ##修改为下面方式:
host all all 0.0.0.0/0 md5
重启数据库:
su - postgres
[postgres@hadoop000 ~]$ /usr/local/postgresql/bin/pg_ctl restart -D /data/postgresql/data/ -l /data/postgresql/log/pg_server.log
再次执行:
su - root
docker run --rm pantsel/konga:0.14.6 -c prepare -a postgres -u postgresql://konga:konga@192.101.11.152:5432/konga
4、启动Konga
docker run -d -p 1337:1337 \
-e "DB_ADAPTER=postgres" \
-e "DB_HOST=192.101.11.152" \
-e "DB_PORT=5432" \
-e "DB_USER=konga" \
-e "DB_PASSWORD=kongapw" \
-e "DB_DATABASE=konga" \
-e "DB_PG_SCHEMA=public" \
-e "NODE_ENV=production" \
--restart=on-failure:3 \
--name konga \
pantsel/konga:0.14.6
注意:"DB_ADAPTER=postgres" ##支持mongo,postgres,mysql和sqlserver
安装完成之后直接访问1337端口即可访问konga首页,并且注册自己的账号
http://192.101.11.152:1337
kong网关默认日志在/usr/local/kong/logs,主要有access.log,admin_access.log,error.log,access.log和nginx的access日志类似,这里会记录所所有通过kong网关的日志
八、安装 Kong-dashboard:
# docker pull pgbi/kong-dashboard
# Start Kong Dashboard
docker run -d --name kong-dashboard -p 8080:8080 pgbi/kong-dashboard start --kong-url http://192.101.11.152:8001
# Start Kong Dashboard on a custom port
docker run -d --name kong-dashboard -p [port]:8080 pgbi/kong-dashboard start --kong-url http://localhost:8001
# Start Kong Dashboard with basic auth
docker run -d --name kong-dashboard -p 8080:8080 pgbi/kong-dashboard start --kong-url http://kong:8001 --basic-auth user1=password1 user2=password2
访问Kong Dashboard:
http://192.101.11.152:8080
九、安装pgadmin:
pgadmin:postgres数据库管理工具
# docker pull dpage/gpadmin4
# docker run -d -p 8090:80 --name pgadmin --link kong-database:kong-database -e "PGADMIN_DEFAULT_EMAIL=user@domain.com" -e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" --restart always dpage/pgadmin4
注意:
Username: user@domain.com
Password: SuperSecret
登录用户是: user@domain.com 密码是:SuperSecret
Kong是Mashape开源的高性能高可用API网关和API服务管理层。自2015年在github开源后,广泛受到关注。它基于OpenResty,进行API管理,并提供了插件实现API的AOP。Kong在Mashape 管理了超过15,000 个API,为200,000开发者提供了每月数十亿的请求支持。
在微服务架构之下,服务被拆的非常零散,降低了耦合度的同时也给服务的统一管理增加了难度。如上图左所示,在旧的服务治理体系之下,鉴权,限流,日志,监控等通用功能需要在每个服务中单独实现,这使得系统维护者没有一个全局的视图来统一管理这些功能。API 网关致力于解决的问题便是为微服务纳管这些通用的功能,在此基础上提高系统的可扩展性。如右图所示,微服务搭配上 API 网关,可以使得服务本身更专注于自己的领域,很好地对服务调用者和服务提供者做了隔离。
为什么使用API-Gateway:
1. 方便客户端维护-- 每个请求方不用管理多个api url,统一访问api-gateway即可
2. 接口重构时调用方不须了解接口本身等拆分和聚合
3. 客户端无须关心接口协议
4. 统一权限控制、接口请求访问日志统计
5. 安全,是保护内部服务而设计的一道屏障
5. 开源-最大好处
Kong是一款基于Nginx_Lua模块写的高可用,由于Kong是基于Nginx的,所以可以水平扩展多个Kong服务器,通过前置的负载均衡配置把请求均匀地分发到各个Server,来应对大批量的网络请求。
Kong主要有三个组件:
Kong Server :基于nginx的服务器,用来接收API请求。
Apache Cassandra/PostgreSQL :用来存储操作数据。
Kong dashboard:官方推荐UI管理工具,当然,也可以使用 restfull 方式 管理 admin api。
Kong采用插件机制进行功能定制,插件集(可以是0或N个)在API请求响应循环的生命周期中被执行,插件使用Lua编写。
目前已有几个基础功能:HTTP基本认证、密钥认证、CORS(Cross-Origin Resource Sharing,跨域资源共享)、TCP、UDP、文件日志、API请求限流、请求转发以及Nginx监控。
Kong 的插件机制是其高可扩展性的根源,Kong 可以很方便地为路由和服务提供各种插件,网关所需要的基本特性,Kong 都如数支持:
Cloud-Native:与平台无关,Kong可以从裸机运行到Kubernetes。
动态负载平衡:在多个上游服务之间平衡流量。
基于哈希的负载平衡:具有一致的哈希/粘性会话的负载平衡。
断路器:智能跟踪不健康的上游服务。
运行状况检查:主动和被动监视上游服务。
服务发现:在第三方DNS解析器(例如Consul)中解析SRV记录。
无服务器:直接从Kong调用和保护AWS Lambda或OpenWhisk功能。
WebSockets:通过WebSockets与您的上游服务进行通信。
gRPC:与gRPC服务进行通信,并通过日志记录和可观察性插件观察流量
OAuth2.0:轻松将OAuth2.0身份验证添加到您的API。
日志记录:通过HTTP,TCP,UDP或磁盘记录对系统的请求和响应。
安全性:ACL,僵尸程序检测,白名单/黑名单IP等。
Syslog:登录到系统日志。
SSL:为基础服务或API设置特定的SSL证书。
监视:实时监视提供关键的负载和性能服务器指标。
转发代理:使Kong连接到透明的中介HTTP代理。
认证:HMAC,JWT,Basic等。
速率限制:基于许多变量的阻止和限制请求。
转换:添加,删除或处理HTTP请求和响应。
缓存:在代理层缓存并提供响应。
CLI:从命令行控制Kong群集。
REST API:Kong可以使用其RESTful API进行操作,以实现最大的灵活性。
地理复制:跨不同区域的配置始终是最新的。
故障检测和恢复:如果您的Cassandra节点之一发生故障,则 Kong不会受到影响。
群集:所有Kong节点自动加入群集,并在各个节点之间更新其配置。
可伸缩性:Kong本质上分布,只需添加节点即可水平扩展。
性能:Kong通过扩展和使用NGINX作为核心轻松处理负载。
插件:可扩展的体系结构,用于向Kong和API添加功能。
Kong网关插件:
身份认证插件:Kong提供了Basic Authentication、Key authentication、OAuth2.0 authentication、HMAC authentication、JWT、LDAP authentication认证实现。
安全控制插件:ACL(访问控制)、CORS(跨域资源共享)、动态SSL、IP限制、爬虫检测实现。
流量控制插件:请求限流(基于请求计数限流)、上游响应限流(根据upstream响应计数限流)、请求大小限制。限流支持本地、Redis和集群限流模式。
分析监控插件:Galileo(记录请求和响应数据,实现API分析)、Datadog(记录API Metric如请求次数、请求大小、响应状态和延迟,可视化API Metric)、Runscope(记录请求和响应数据,实现API性能测试和监控)。
协议转换插件:请求转换(在转发到upstream之前修改请求)、响应转换(在upstream响应返回给客户端之前修改响应)。
日志应用插件:TCP、UDP、HTTP、File、Syslog、StatsD、Loggly等。
请求流程:
当Kong运行时,每个对API的请求将先被Kong命中,然后这个请求将会被代理转发到最终的API接口。在请求(Requests)和响应(Responses)之间,Kong将会执行已经事先安装和配置好的任何插件,授权您的API访问操作。Kong是每个API请求的入口点(Endpoint)
二、安装Kong:
安装准备:
yum -y install epel-release
下载kong rpm:
https://kong.bintray.com/kong-community-edition-rpm/centos/7/:kong-community-edition-1.1.2.el7.noarch.rpm
上传服务器:
/opt/kong
安装kong:
cd /opt/kong
yum install kong-community-edition-1.1.2.el7.noarch.rpm --nogpgcheck
三、安装 PostgreSQL 11.9
官网下载PostgreSQL 11.9
https://www.postgresql.org/ftp/source/
官网下载PostgreSQL 12.4
https://www.postgresql.org/ftp/source/v12.4/
上传服务器:
/opt/kong
解压:
cd /opt/kong
tar -zvxf postgresql-11.9.tar.gz
mv postgresql-11.9 /usr/local/
编译:
cd /usr/local/postgresql-11.9/
./configure --prefix=/usr/local/postgresql
安装:
# make
# make install
以下为官方安装(https://www.postgresql.org/download/linux/redhat/)
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install -y postgresql12-server
/usr/pgsql-12/bin/postgresql-12-setup initdb
systemctl enable postgresql-12
systemctl start postgresql-12
四、PostgreSQL用户权限和环境变量设置
提示:默认root用户不能启动postgresql数据库
创建postgres用户:
# useradd postgres
# passwd postgres ## 密码 postgres
设置权限:
# mkdir -p /data/postgresql/data/
# mkdir -p /data/postgresql/log/
# chown -R postgres:postgres /data/postgresql/data/
# chown -R postgres:postgres /data/postgresql/log/
# chown -R postgres:postgres /usr/local/postgresql/
添加环境变量:
#postgresql
export POSTGRESQL_HOME=/usr/local/postgresql
export PGDATA=/data/postgresql/data/
export PATH=$PATH:$POSTGRESQL_HOME/bin:$PGDATA
检查是否配置成功:
[root@hadoop000 ~]$ /usr/local/postgresql/bin/psql -V
psql (PostgreSQL) 11.9
切换用户:
su - postgres
初始化数据库(用户postgres执行)
[postgres@hadoop000 ~]$ /usr/local/postgresql/bin/initdb -D /data/postgresql/data/
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /data/postgresql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default timezone ... PRC
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
Success. You can now start the database server using:
/usr/local/postgresql/bin/pg_ctl -D /data/postgresql/data/ -l logfile start
检查数据库文件:
# cd /data/postgresql/data
[postgres@hadoop000 ~]$ ls
base pg_commit_ts pg_hba.conf pg_logical pg_notify pg_serial pg_stat pg_subtrans pg_twophase pg_wal postgresql.auto.conf
global pg_dynshmem pg_ident.conf pg_multixact pg_replslot pg_snapshots pg_stat_tmp pg_tblspc PG_VERSION pg_xact postgresql.conf
修改访问控制配置:pg_hba.conf文件,添加host all all 0.0.0.0/0 md5可使其远程访问,加密方式改为MD5(密码访问)
[postgres@hadoop000 ~]$ vi pg_hba.conf
.........................
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 0.0.0.0/0 md5
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
提示:
(1)host all all 127.0.0.1/32 trust表示本地连接数据库不需要输入密码(即使有密码,设为trust后就不需要密码)
(2)host all all 0.0.0.0/0 md5 表示所有主机连接数据库需要输入密码
(3)当然,这两个综合后表现的结果就是:对于本机链接表示信任(不需要输入密码),对于非本机链接需要输入密码
修改postgresql.conf 主配置文件,将localhost 改为*,表示监听整个网络
[postgres@hadoop000 ~]$ vi postgresql.conf
..............
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
#unix_socket_directories = '/tmp' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
................
五、启动 PostgreSQL
启动数据库(用户postgres执行):
[postgres@hadoop000 ~]$ /usr/local/postgresql/bin/pg_ctl start -D /data/postgresql/data/ -l /data/postgresql/log/pg_server.log
waiting for server to start.... done
server started
查看是否安装成功:
[root@hadoop000 data]# netstat -tlun | grep 5432 #postgres是占用5432端口
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
重启数据库:
[postgres@hadoop000 ~]$ /usr/local/postgresql/bin/pg_ctl restart -D /data/postgresql/data/ -l /data/postgresql/log/pg_server.log
关闭postgresql数据库:
pg_ctl stop -m fast
连接数据库(用户postgres执行):
[postgres@hadoop000 ~]$ /usr/local/postgresql/bin/psql
修改密码:
连接成功后,直接输入\password 可修改密码 (password=postgres)
创建Kong用户和数据库:
postgres=# create user kong;
CREATE ROLE
postgres=#alter role kong with password 'kongpw';
postgres=# create database kong owner kong;
CREATE DATABASE
补存:
查看系统用户信息:
SELECT usename FROM pg_user;
获得当前postgresql版本:
SELECT version();
查看数据库用户列表:
SELECT * FROM pg_shadow;
查看客户端编码:
show client_encoding;
查看客户端连接情况:
SELECT client_addr,client_port,query_start,state,query FROM pg_stat_activity;
查看被锁定表:
SELECT pg_class.relname AS table, pg_database.datname AS database, pid, mode, granted FROM pg_locks, pg_class, pg_database WHERE pg_locks.relation = pg_class.oid AND pg_locks.database = pg_database.oid;
查看数据库大小:
SELECT pg_size_pretty(pg_database_size('kong')) As fulldbsize;
六、启动Kong:
导入Kong数据:
[root@hadoop000 ~]$ cp /etc/kong/kong.conf.default /etc/kong/kong.conf ##root 用户执行
[root@hadoop000 ~]$ vi /etc/kong/kong.conf
修改以上配置文件
#------------------------------------------------------------------------------
# GENERAL
#------------------------------------------------------------------------------
prefix = /usr/local/kong/ # Working directory. Equivalent to Nginx's
# prefix path, containing temporary files
# and logs.
# Each Kong process must have a separate
# working directory.
log_level = notice # Log level of the Nginx server. Logs are
# found at `<prefix>/logs/error.log`.
proxy_access_log = logs/access.log # Path for proxy port request access
# logs. Set this value to `off` to
# disable logging proxy requests.
# If this value is a relative path,
# it will be placed under the
# `prefix` location.
proxy_error_log = logs/error.log # Path for proxy port request error
# logs. The granularity of these logs
# is adjusted by the `log_level`
# property.
admin_access_log = logs/admin_access.log # Path for Admin API request access
# logs. Set this value to `off` to
# disable logging Admin API requests.
# If this value is a relative path,
# it will be placed under the
# `prefix` location.
admin_error_log = logs/error.log # Path for Admin API request error
# logs. The granularity of these logs
# is adjusted by the `log_level`
# property.
#------------------------------------------------------------------------------
# NGINX
#------------------------------------------------------------------------------
proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl
admin_listen = 0.0.0.0:8001, 0.0.0.0:8444 ssl
nginx_worker_processes = auto
nginx_daemon = on
#------------------------------------------------------------------------------
# DATASTORE
#------------------------------------------------------------------------------
database = postgres # Determines which of PostgreSQL or Cassandra
# this node will use as its datastore.
# Accepted values are `postgres`,
# `cassandra`, and `off`.
pg_host = 192.101.11.152 # Host of the Postgres server.
pg_port = 5432 # Port of the Postgres server.
#pg_timeout = 5000 # Defines the timeout (in ms), for connecting,
# reading and writing.
pg_user = kong # Postgres user.
pg_password = kongpw # Postgres user's password.
pg_database = kong # The database name to connect to.
导入:
[postgres@hadoop000 ~]$ kong migrations bootstrap -c /etc/kong/kong.conf
2020/08/21 22:24:32 [warn] 27376#0: *2 [lua] client.lua:568: init(): [dns-client] Invalid configuration, no valid nameservers found, context: ngx.timer
bootstrapping database...
migrating core on database 'kong'...
core migrated up to: 000_base (executed)
core migrated up to: 001_14_to_15 (executed)
core migrated up to: 002_15_to_1 (executed)
core migrated up to: 003_100_to_110 (executed)
migrating oauth2 on database 'kong'...
oauth2 migrated up to: 000_base_oauth2 (executed)
oauth2 migrated up to: 001_14_to_15 (executed)
oauth2 migrated up to: 002_15_to_10 (executed)
migrating acl on database 'kong'...
acl migrated up to: 000_base_acl (executed)
acl migrated up to: 001_14_to_15 (executed)
migrating jwt on database 'kong'...
jwt migrated up to: 000_base_jwt (executed)
jwt migrated up to: 001_14_to_15 (executed)
migrating basic-auth on database 'kong'...
basic-auth migrated up to: 000_base_basic_auth (executed)
basic-auth migrated up to: 001_14_to_15 (executed)
migrating key-auth on database 'kong'...
key-auth migrated up to: 000_base_key_auth (executed)
key-auth migrated up to: 001_14_to_15 (executed)
migrating rate-limiting on database 'kong'...
rate-limiting migrated up to: 000_base_rate_limiting (executed)
rate-limiting migrated up to: 001_14_to_15 (executed)
rate-limiting migrated up to: 002_15_to_10 (executed)
rate-limiting migrated up to: 003_10_to_112 (executed)
migrating hmac-auth on database 'kong'...
hmac-auth migrated up to: 000_base_hmac_auth (executed)
hmac-auth migrated up to: 001_14_to_15 (executed)
migrating response-ratelimiting on database 'kong'...
response-ratelimiting migrated up to: 000_base_response_rate_limiting (executed)
response-ratelimiting migrated up to: 001_14_to_15 (executed)
response-ratelimiting migrated up to: 002_15_to_10 (executed)
24 migrations processed
24 executed
database is up-to-date
报错问题:
2020/08/21 21:46:45 [warn] 25091#0: *2 [lua] client.lua:568: init(): [dns-client] Invalid configuration, no valid nameservers found, context: ngx.timer
2020-08-21 21:46:45.934 CST [25093] FATAL: no pg_hba.conf entry for host "192.101.11.152", user "kong", database "kong"
Error: [PostgreSQL error] failed to retrieve server_version_num: FATAL: no pg_hba.conf entry for host "192.101.11.152", user "kong", database "kong"
Run with --v (verbose) or --vv (debug) for more details
解决方法:
vi /etc/kong/kong.conf ##修改 pg_host 从192.101.11.152 改为127.0.0.1
pg_host = 127.0.0.1 # Host of the Postgres server.
启动:
[root@hadoop000 ~]# kong start
2020/08/21 22:28:24 [warn] 27673#0: *2 [lua] client.lua:568: init(): [dns-client] Invalid configuration, no valid nameservers found, context: ngx.timer
2020/08/21 22:28:24 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n"
Kong started
验证Kong是否成功启动:
[root@hadoop000 local]# curl -I -m 10 -o /dev/null -s -w '%{http_code}\n' http://localhost:8001/
200
提示:
停止kong:
# kong stop
重新启动
# kong restart
重新加载:
# kong reload
Kong默认监听下面端口:
8000,监听来自客户端的HTTP流量,转发到你的upstream服务上。
8443,监听HTTPS的流量,功能跟8000一样。可以通过配置文件禁止。
8001,Kong的HTTP监听的api管理接口。
8444,Kong的HTTPS监听的API管理接口。
检查kong是否安装成功:
curl -i http://localhost:8001/
或者
curl 127.0.0.1:8001 #也可以用浏览器访问:ip:8001
七、安装 Konga:
konga介绍:
konga带来的一个最大的便利就是可以很好地通过UI观察到现在kong的所有的配置,并且可以对于管理kong节点情况进行查看、监控和预警,konga主要特性如下:
多用户管理
管理多个Kong节点
电子邮件异常信息通知
管理所有Kong Admin API
使用快照备份,还原和迁移Kong节点
使用运行状况检查监控节点和API状态
轻松的数据库集成(MySQL,postgresSQL,MongoDB)
1、拉取镜像
docker pull pantsel/konga:0.14.6
2、创建konga数据库:
su - postgres
/usr/local/postgresql/bin/psql
create user konga with password 'konga';
CREATE DATABASE "konga" WITH ENCODING='UTF8';
给konga分配数据库:
ALTER DATABASE konga OWNER TO konga;
赋予用户konga权限:
grant all privileges on database konga to konga;
修改用户密码:
alter role konga with password 'kongapw';
查询用户信息:
SELECT * FROM pg_roles WHERE rolname='konga';
提示:
创建数据库:
CREATE DATABASE name
[ [ WITH ] [ OWNER [=] user_name ]
[ TEMPLATE [=] template ]
[ ENCODING [=] encoding ]
[ LC_COLLATE [=] lc_collate ]
[ LC_CTYPE [=] lc_ctype ]
[ TABLESPACE [=] tablespace_name ]
[ CONNECTION LIMIT [=] connlimit ] ]
create database school with owner=president template=template0 encoding='UTF8' lc_collate='C' lc_ctype='C' tablespace=tbs_test connection limit = 100;
修改数据库:
ALTER DATABASE name RENAME TO new_name;
ALTER DATABASE name OWNER TO new_owner;
ALTER DATABASE name SET TABLESPACE new_tablespace;
删除数据库:
DROP DATABASE IF EXISTS konga;
3、初始化konga数据库:
docker run --rm pantsel/konga:0.14.6 -c prepare -a postgres -u postgresql://{DB-user}:{DB-pass}@{DB-host}:{DB-port}/konga
相关命令解读:
命令 描述 默认
-c 执行的命令,这里我们执行的是prepare -
-a adapter 简写 ,可以是postgres 或者mysql -
-u db url 数据库连接全称 -
docker run --rm pantsel/konga:0.14.6 -c prepare -a postgres -u postgresql://konga:konga@192.101.11.152:5432/konga
debug: Preparing database...
Using postgres DB Adapter.
Database exists. Continue...
debug: Hook:api_health_checks:process() called
debug: Hook:health_checks:process() called
debug: Hook:start-scheduled-snapshots:process() called
debug: Hook:upstream_health_checks:process() called
debug: Hook:user_events_hook:process() called
debug: Seeding User...
debug: User seed planted
debug: Seeding Kongnode...
debug: Kongnode seed planted
debug: Seeding Emailtransport...
debug: Emailtransport seed planted
debug: Database migrations completed!
到此Konga的数据库环境就搞定了。
遇到问题1:
debug: Preparing database...
Using postgres DB Adapter.
Failed to connect to DB { Error: connect ECONNREFUSED 127.0.0.1:5432
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1106:14)
errno: 'ECONNREFUSED',
code: 'ECONNREFUSED',
syscall: 'connect',
address: '127.0.0.1',
port: 5432 }
解决方案:
修改:vi /etc/kong/kong.conf
pg_host = 127.0.0.1
修改为:
pg_host = 192.101.11.152
重新启动:
# kong restart
遇到问题2:
Failed to connect to DB { error: no pg_hba.conf entry for host "172.17.0.3", user "konga", database "konga"
遇到问题2:
Failed to connect to DB { error: no pg_hba.conf entry for host "172.17.0.3", user "konga", database "konga"
致命错误: 用户 "postgres" Ident 认证失败
解决方案:
修改vi /data/postgresql/data/pg_hba.conf
host all all 0.0.0.0/32 trust ##修改为下面方式:
host all all 0.0.0.0/0 md5
重启数据库:
su - postgres
[postgres@hadoop000 ~]$ /usr/local/postgresql/bin/pg_ctl restart -D /data/postgresql/data/ -l /data/postgresql/log/pg_server.log
再次执行:
su - root
docker run --rm pantsel/konga:0.14.6 -c prepare -a postgres -u postgresql://konga:konga@192.101.11.152:5432/konga
4、启动Konga
docker run -d -p 1337:1337 \
-e "DB_ADAPTER=postgres" \
-e "DB_HOST=192.101.11.152" \
-e "DB_PORT=5432" \
-e "DB_USER=konga" \
-e "DB_PASSWORD=kongapw" \
-e "DB_DATABASE=konga" \
-e "DB_PG_SCHEMA=public" \
-e "NODE_ENV=production" \
--restart=on-failure:3 \
--name konga \
pantsel/konga:0.14.6
注意:"DB_ADAPTER=postgres" ##支持mongo,postgres,mysql和sqlserver
安装完成之后直接访问1337端口即可访问konga首页,并且注册自己的账号
http://192.101.11.152:1337
kong网关默认日志在/usr/local/kong/logs,主要有access.log,admin_access.log,error.log,access.log和nginx的access日志类似,这里会记录所所有通过kong网关的日志
八、安装 Kong-dashboard:
# docker pull pgbi/kong-dashboard
# Start Kong Dashboard
docker run -d --name kong-dashboard -p 8080:8080 pgbi/kong-dashboard start --kong-url http://192.101.11.152:8001
# Start Kong Dashboard on a custom port
docker run -d --name kong-dashboard -p [port]:8080 pgbi/kong-dashboard start --kong-url http://localhost:8001
# Start Kong Dashboard with basic auth
docker run -d --name kong-dashboard -p 8080:8080 pgbi/kong-dashboard start --kong-url http://kong:8001 --basic-auth user1=password1 user2=password2
访问Kong Dashboard:
http://192.101.11.152:8080
九、安装pgadmin:
pgadmin:postgres数据库管理工具
# docker pull dpage/gpadmin4
# docker run -d -p 8090:80 --name pgadmin --link kong-database:kong-database -e "PGADMIN_DEFAULT_EMAIL=user@domain.com" -e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" --restart always dpage/pgadmin4
注意:
Username: user@domain.com
Password: SuperSecret
登录用户是: user@domain.com 密码是:SuperSecret