Linux教程FG515-Linux综合实战案例二十一

内容简介：本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方学习交流加群风哥QQ113257174文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容，详细介绍了相关技术的配置和使用方法。

本文档介绍企业级API网关部署综合实战案例。

风哥提示：

Part01-Kong网关部署

1.1 Kong安装配置

# 安装Kong
[root@fgedu-kong ~]# yum install -y kong

# 配置数据库
[root@fgedu-kong ~]# cat > /etc/kong/kong.conf << 'EOF' database = postgres pg_host = 192.168.1.10 pg_port = 5432 pg_user = kong pg_password = Kong@123 pg_database = kong proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl admin_listen = 127.0.0.1:8001 log_level = notice EOF # 初始化数据库 [root@fgedu-kong ~]# kong migrations bootstrap Bootstrapping database... migrating core on database 'kong'... core migrated up to: 000_base (executed) core migrated up to: 001_14_to_15 (executed) core migrated up to: 002_15_to_1 (executed) ... 128 migrations processed 128 executed Database is up-to-date # 启动Kong [root@fgedu-kong ~]# systemctl enable kong --now # 验证Kong状态 [root@fgedu-kong ~]# curl -s http://localhost:8001/status | jq { "database": { "reachable": true }, "memory": { "workers_lua_vms": [ { "http_allocated_gc": "12.34 MiB", "pid": 12345 } ], "lua_shared_dicts": { "kong": { "allocated_slabs": "1.23 MiB", "capacity": "128.00 MiB" } } } }

Part02-服务路由配置

2.1 创建服务和路由

# 创建服务
[root@fgedu-kong ~]# curl -i -X POST http://localhost:8001/services \
–data name=fgedu-api \
–data url=’http://192.168.1.20:8080′
HTTP/1.1 201 Created
Date: Sat, 04 Apr 2026 15:00:00 GMT
Co更多学习教程公众号风哥教程itpux_comntent-Type: application/json; charset=utf-8

{
“host”: “192.168.1.20”,
“id”: “abc123-456def-789ghi”,
“name”: “fgedu-api”,
“path”: null,
“port”: 8080,
“protocol”: “http”,
“retries”: 5,
“updated_at”: 1712246400
}

# 创建路由
[root@fgedu-kong ~]# curl -i -X POST http://localhost:8001/services/fgedu-api/routes \
–data ‘paths[]=/api’ \
–data name=api-route
HTTP/1.1 201 Created

{
“id”: “def456-ghi789-jkl012”,
“name”: “api-route”,
“paths”: [“/api”],
“preserve_host”: false,
“protocols”: [“http”, “https”],
“regex_priority”: 0,
“service”: {“id”:”abc123-456def-789ghi”},
“strip_path”: true
}

# 测试路由
[root@fgedu-client ~]# curl http://192.168.1.100:8000/api/users
{“users”: [{“id”: 1, “name”: “风哥1号”}, {“id”: 2, “name”: “风哥2号”}]}

# 创建多个服务
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/services -d name=user-service -d url=’http://192.168.1.30:8080′
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/services/user-service/routes -d ‘paths[]=/users’

[root@fgedu-kong ~]# curl -X POST http://localhost:8001/services -d name=order-service -d url=’http://192.168.1.31:8080′
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/services/order-service/routes -d ‘paths[]=/orders’

Part03-插件配置

3.1 常用插件配置

# 配置JWT认证
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/services/fgedu-api/plugins \
–data name=jwt
{
“id”: “jwt-123”,
“name”: “jwt”,
“service”: {“id”: “abc123-456def-789ghi”},
“config”: {
“claims_to_verify”: [“exp”],
“secret_is_base64”: false
}
}

# 创建消费者
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/consumers -d username=fgedu-app
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/consumers/fgedu-app/jwt \
–data key=fgedu-app-key \
–data secret=fgedu-app-secret-123456

# 配置限流
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/services/fgedu-api/plugins \
–data name=rate-limiting \
–data config.minute=100 \
–data config.policy=local
{
“id”: “rate-123”,
“name”: “rate-limiting”,
“config”: {
“minute”: 100,
“policy”: “local”
}
}

# 配置请求大小限制
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/services/fgedu-api/plugins \
–data name=request-size-limiting \
–data config.allowed_payload_size=10

# 配置CORS
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/services/fgedu-api/plugins \
–data name=cors \
–data config.origins=* \
–data config.methods=GET,POST,PUT,DELETE \
–data config.headers=Accept,Accept-Version,Content-Type,Authorization

# 配置日志
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/services/fgedu-api/plugins \
–data name=file-log \
–data config.path=/var/log/kong/api-access.log

# 配置Prometheus监控
[root@fgedu-kong ~]# curl -X POST http://localhost:8001/plugins \
–data name=prometheus

Part04-API网关监控

4.1 监控配置

# 查看Prometheus指标
[root@fgedu-kong ~]# curl http://localhost:8001/metrics | head -30
# HELP kong_bandwidth_bytes Total bandwidth in bytes
# TYPE kong_bandwidth_bytes counter
kong_bandwidth_bytes{type=”ingress”,service=”fgedu-api”} 12345678
kong_bandwidth_bytes{type=”egress”,service=”fgedu-api”} 87654321

# HELP kong_http_status HTTP status codes per service
# TYPE kong_http_status counter
kong_http_status{code=”200″,service=”fgedu-api”} 10000
kong_http_status{code=”404″,service=”fgedu-api”} 100
kong_http_status{code=”500″,service=”fgedu-api”} 10

# 配置Prometheus
[root@fgedu-prometheus ~]# cat >> /etc/prometheus/prometheus.yml << 'EOF' - job_name: 'kong' static_configs: - targets: ['192.168.1.100:8001'] EOF # 创建Kong监控脚本 [root@fgedu-kong ~]# cat > /usr/local/bin/kong-monitor.sh << 'EOF' #!/bin/bash # kong-monitor.sh # from:www.itpux.com.qq113257174.wx:itpux-com # web: http://www.fgedu.net.cn echo "=== Kong网关监控 ===" echo "监控时间: $(date)" echo "" echo "1. Kong状态" curl -s http://localhost:8001/status | jq echo "" echo "2. 服务列表" curl -s http://localhost:8001/services | jq '.data[] | {name, host, port}' echo "" echo "3. 路由列表" curl -s http://localhost:8001/routes | jq '.data[] | {name, paths}' echo "" echo "4. 插件列表" curl -s http://localhost:8001/plugins | jq '.data[] | {name, enabled}' echo "" echo "5. 消费者列表" curl -s http://localhost:8001/consumers | jq '.data[] | {username}' echo "" echo "6. 连接统计" ss -tuln | grep -E "8000|8001|8443" echo "" echo "=== 监控完成 ===" EOF [root@fgedu-kong ~]# chmod +x /usr/local/bin/kong-monitor.sh

风哥针对API网关建议：

配置服务发现机制
实施认证授权策略
配置限流熔断
启用日志记录
监控API性能指标

本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html