代理协议Kong支持http/https、tcp/tls和grpc/grpcs协议的代理。
http: methods,hosts,headers,Paths(andsnis,if https ) tcp: sources,destinations (ands NIS,if tls ) grpc3360HHHz
请求必须包括所有配置属性(and )
请求必须至少有一个属性值(或)匹配
{
“hosts”3360 [“example.com”、“foo-service.com”],
" paths " : [ '/foo ',"/bar”] ",
“方法”: [“get”]
}
以下要求可以一致。
get/foo http/1.1 host : example.com get/bar http/1.1 host : foo-service.com get/foo/hello/world http/1.1.1 host
get/http/1.1 host 3360 example.com post/foo http/1.1 host 3360 example.com get/foo http/1.1 host 3360 foo.com示例。
VI echo-server-service.yamlapiversion : v1 kind : service metadata 3360 labels : app : echoname 3360 echo spec 3360 porrata cptargetport :8080 selector : app : echo---- API version : apps/v1 kind :部署元数据:标签: app : echoname : echo spec : replicas :1 selector :匹配标签3360 app 3: template :元数据:创建时间标签3360空标签: app : echo spec 3360 containers 3360-image 3360 echo server :2.2 ntainerport :8080 env :-name : node _ namevaluefrom 3360 field ref : nodename-name : pod _ namevaluevalue 60 metadata.name-name : pod _ namespacevaluefrom 3360 h : metadata.namespace-name 3360 pod _ ipvaluefrom 3360 field red
curl-xpost--URL http://192.168.1.55336032444/services/-data ' name=echo-service '- data ' URL-s ' connect_timeout': 60000,' created _ at ' 336660 ' id ' : ' 6160 de1d-0d 86-4b1a-b317-66f 422 e 02780 ',',' ' 6160 ' porra th ' 3360 ' read _ time out ' : 60000,' retries': 5,' tags': null,' updated_at': 1576925889
//192.168.1.55:32444/services/echo-service/routes -H 'Content-Type: application/json' --data '{ "name":"echo-service-route", "hosts":["example.com","foo-service.com"], "paths":["/foo", "/bar"], "methods":["GET"] }' -s | python -m json.tool或curl -X POST --url http://192.168.1.55:32444/services/echo-service/routes --data 'name=echo-service-route' --data 'hosts[]=example.com' --data 'hosts[]=foo-service.com' --data 'paths[]=/foo' --data 'paths[]=/bar' --data 'methods[]=GET' -s | python -m json.tool{ "created_at": 1576925902, "destinations": null, "headers": null, "hosts": [ "example.com", "foo-service.com" ], "https_redirect_status_code": 426, "id": "f38e0dcf-8801-46c8-bfba-3f7efcd6c92c", "methods": [ "GET" ], "name": "echo-service-route", "paths": [ "/foo", "/bar" ], "preserve_host": false, "protocols": [ "http", "https" ], "regex_priority": 0, "service": { "id": "6160de1d-0d86-4b1a-b317-66f422e02780" }, "snis": null, "sources": null, "strip_path": true, "tags": null, "updated_at": 1576925902}测试一下效果。
curl -i -X GET --url http://192.168.1.55:32080/foo -H "Host: example.com"HTTP/1.1 200 OKContent-Type: text/plain; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveDate: Sat, 21 Dec 2019 11:05:34 GMTServer: echoserverX-Kong-Upstream-Latency: 5X-Kong-Proxy-Latency: 86Via: kong/1.3.0curl -I -X GET --url http://192.168.1.55:32080/bar/hello/world -H "Host: foo-service.com"HTTP/1.1 200 OKContent-Type: text/plain; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveDate: Sat, 21 Dec 2019 11:08:08 GMTServer: echoserverX-Kong-Upstream-Latency: 2X-Kong-Proxy-Latency: 2Via: kong/1.3.0curl -I -X GET --url http://192.168.1.55:32080/ -H "Host: foo-service.com"HTTP/1.1 404 Not FoundDate: Sat, 21 Dec 2019 11:09:20 GMTContent-Type: application/json; charset=utf-8Connection: keep-aliveContent-Length: 48Server: kong/1.3.0curl -I -X GET --url http://192.168.1.55:32080/foo -H "Host: foo.com"HTTP/1.1 404 Not FoundDate: Sat, 21 Dec 2019 11:10:02 GMTContent-Type: application/json; charset=utf-8Connection: keep-aliveContent-Length: 48Server: kong/1.3.0 hosts支持通配符,通配符只能在主机名的最左边或者最右边。
{ "hosts": ["*.example.com", "service*"]} preserve_hostKong的默认行为是将上游请求host请求头设置为service的host中指定的主机名,preserve_host: true时将客户端请求时host上传给上游服务。
{ "hosts": ["service.com"], "preserve_host": true, "service": { "id": "..." }} pathspaths支持正则表达式。
regex_priority:正则表达式优先级。
strip_path:指定一个路径前缀来匹配某个路由,但不要将其包含在上游请求中。
[ { "paths": ["/status/d+"], "regex_priority": 0 }, { "paths": ["/version/d+/status/d+"], "regex_priority": 6 }, { "paths": ["/version"], }, { "paths": ["/version/any/"], }] methods可以有多个值,可以为空。
{ "methods": ["GET", "HEAD"], "service": { "id": "..." }} headers除了host之外的其它header,可以有多个值,可以为空。
{ "headers": { "version": ["v1", "v2"] }, "service": { "id": "..." }} sources和destinations源sources属性和目的destinations属性仅适用于tcp/tls路由,可以通过源和目的IP和/或端口匹配路由。
{ "protocols": ["tcp", "tls"], "sources": [{"ip":"10.1.0.0/16", "port":1234}, {"ip":"10.2.2.2"}, {"port":9123}], "id": "...",} 后备路由如果没有路由能否匹配,Kong网关将返回HTTP 404,可以通过配置后备路由,转发到统一的上游服务器中处理404错误。
{ "paths": ["/"], "service": { "id": "..." }} SSL路由Kong提供一种根据每个连接动态提供SSL证书的方法,SSL证书由核心直接处理,通过管理API进行配置。
curl -i -X POST http://localhost:8001/certificates -F "cert=@/path/to/cert.pem" -F "key=@/path/to/cert.key" -F "snis=*.ssl-example.com,other-ssl-example.com"HTTP/1.1 201 Created... WebSocket和TLS路由 gRPC路由