最近在研究Kong,上一篇文章說明了怎麼在centos7.5安裝PostgreSQL-12(https://blog.csdn.net/zzhongcy/article/details/105562372),這裏簡要說說怎麼配置和使用PostgreSQL--Kong。
1 前言
可參考官網說明:https://docs.konghq.com/2.0.x/configuration/#database
這裏只說明Kong對於PostgreSQL12數據庫的使用。
Datastore section
Kong can run with a database to store coordinated data between Kong nodes in a cluster, or without a database, where each node stores its information independently in memory.
When using a database, Kong will store data for all its entities (such as Routes, Services, Consumers, and Plugins) in either Cassandra or PostgreSQL, and all Kong nodes belonging to the same cluster must connect themselves to the same database.
Kong supports the following database versions:
- PostgreSQL: 9.5 and above.
- Cassandra: 2.2 and above.
When not using a database, Kong is said to be in “DB-less mode”: it will keep its entities in memory, and each node needs to have this data entered via a declarative configuration file, which can be specified through the declarative_config
property, or via the Admin API using the /config
endpoint.
Permalinkdatabase
Determines which of PostgreSQL or Cassandra this node will use as its datastore.
Accepted values are postgres
, cassandra
, and off
.
Default: postgres
PermalinkPostgres settings
name | description | default |
---|---|---|
pg_host | Host of the Postgres server. | 127.0.0.1 |
pg_port | Port of the Postgres server. | 5432 |
pg_timeout | Defines the timeout (in ms), for connecting, reading and writing. | 5000 |
pg_user | Postgres user. | kong |
pg_password | Postgres user’s password. | none |
pg_database | The database name to connect to. | kong |
pg_schema | The database schema to use. If unspecified, Kong will respect the search_path value of your PostgreSQL instance. |
none |
pg_ssl | Toggles client-server TLS connections between Kong and PostgreSQL. | off |
pg_ssl_verify | Toggles server certificate verification if pg_ssl is enabled. See the lua_ssl_trusted_certificate setting to specify a certificate authority. |
off |
pg_max_concurrent_queries | Sets the maximum number of concurrent queries that can be executing at any given time. This limit is enforced per worker process; the total number of concurrent queries for this node will be will be: pg_max_concurrent_queries * nginx_worker_processes . The default value of 0 removes this concurrency limitation. |
0 |
pg_semaphore_timeout | Defines the timeout (in ms) after which PostgreSQL query semaphore resource acquisition attempts will fail. Such failures will generally result in the associated proxy or Admin API request failing with an HTTP 500 status code. Detailed discussion of this behavior is available in the online documentation. | 60000 |
2 安裝數據庫
具體可以參考:https://blog.csdn.net/zzhongcy/article/details/105562372
Kong 在運行過程中可以有數據庫,也可以沒有數據庫。
如果你要使用數據庫,你需要使用 kong.conf
配置文件中去配置啓動數據庫作爲數據存儲的方式,以及相應的路由或者 Kong 的代理。
如果你不需要使用數據數據庫,那麼你在 kong.conf
文件中指定一個 kong.yml
的聲明式配置文件來作爲數據存儲的文件。
Kong 支持 PostgreSQL 9.5+ 和 Cassandra 3.xx 來作爲他的數據存儲數據庫。
2.1 如果使用PostgreSQL 數據庫:
如果你使用 PostgreSQL ,需要初始化一個數據庫和一個用戶,例如:
CREATE USER kong; CREATE DATABASE kong OWNER kong;
現在 運行 Kong migrations
kong migrations bootstrap [-c /path/to/kong.conf]
#Database is already up-to-date
使用低版本kong的話,初始化數據庫:
$ kong migrations up -c ./kong.conf
數據庫表信息:
2.2 如果不使用數據庫:
如果要以無db模式運行Kong,應該首先生成聲明性配置文件。使用下面的命令在當前的文件夾下,生成一個普通的 kong.yml
kong config init
在生成好 kong.yml
文件後,編輯你的 kong.conf
文件,設置如下參數:
database = off
declarative_config = /path/to/kong.yml
3 設置防火牆
sudo firewall-cmd --add-port=5432/tcp --permanent
sudo firewall-cmd --reload
sudo firewall-cmd --add-port=8001/tcp --permanent
sudo firewall-cmd --reload
4 啓動關閉服務器
kong start -c ./kong.conf
kong stop -p ./ #關閉服務器
服務已經正常啓動
$ curl 127.0.0.1:8001 {"plugins":{"enabled_in_cluster":[],"available_on_server":{"response-transformer":true,"correlation-id":true,"statsd":true,"jwt":true,"cors":true,"basic-auth":true,"key-auth":true,"ldap-auth":true,"http-log":true,"oauth2":true,"hmac-auth":true,"acl":true,"datadog":true,"tcp-log":true,"ip-restriction":true,"request-transformer":true,"file-log":true,"bot-detection":true,"loggly":true,"request-size-limiting":true,"syslog":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"runscope":true,"rate-limiting":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"error_default_type":"text\/plain","client_ssl":false,"lua_ssl_verify_depth":1 ....
5 添加路由
5.1 創建服務:
curl -i -X POST \
--url http://127.0.0.1:8001/services/ \
--data 'name=baidu-service' \
--data 'url=https://www.baidu.com/'
{"host":"www.baidu.com","created_at":1587015106,"connect_timeout":60000,"id":"a272217d-134c-435c-b7cf-e7273e809301","protocol":"https","name":"baidu-service","read_timeout":60000,"port":443,"path":"\/","updated_at":1587015106,"retries":5,"write_timeout":60000,"tags":null,"client_certificate":null}
5.2 創建服務路由
curl -i -X POST \
--url http://127.0.0.1:8001/services/baidu-service/routes \
--data 'hosts[]=baidu.com' \
--data 'paths[]=/api/baidu'
{"id":"9a3116d3-d1c9-4ea9-8d63-14dffc6d9292","path_handling":"v0","paths":["\/api\/baidu"],"destinations":null,"headers":null,"protocols":["http","https"],"methods":null,"snis":null,"service":{"id":"a272217d-134c-435c-b7cf-e7273e809301"},"name":null,"strip_path":true,"preserve_host":false,"regex_priority":0,"updated_at":1587015121,"sources":null,"hosts":["baidu.com"],"https_redirect_status_code":426,"tags":null,"created_at":1587015121}
5.3 訪問路由:
curl http://127.0.0.1:8000/api/baidu --header 'Host: baidu.com'
查看結果是否正常。
6 問題
6.1 錯誤1: [postgres error] could not retrieve current migrations: [postgres error]
Error: /usr/local/share/lua/5.1/kong/cmd/start.lua:28: [postgres error] could not retrieve current migrations: [postgres error] 致命錯誤: 用戶 "kong" Ident 認證失敗
解決方法:
vi /var/lib/pgsql/12/data/pg_hba.conf
修改
把這個配置文件中的認證 METHOD的ident修改爲trust,可以實現用賬戶和密碼來訪問數據庫,
即解決psql: 致命錯誤: 用戶 "postgres" Ident 認證失敗 這個問題)