k8s kong部署
阅读原文时间:2023年08月11日阅读:7
  1. docker部署postgres

    docker run -d <br /> --name kong-postgres <br /> -e POSTGRES_PASSWORD=kong <br /> -e PGDATA=/var/lib/postgresql/data/pgdata <br /> -p 5432:5432 <br /> postgres:9

    在postgres中创建kong、konga数据库

    su postgres

    psql

    create user kong;

    create database kong owner kong;

    create user konga;

    alter user kong with encrypted password 'kongpassword';

    grant all privileges on database kong to kong;

    grant all privileges on database konga to kong;

  2. 对PGSQL数据库初始化

    #脚本跑完容器就关闭了
    docker run -it --rm <br /> -e "KONG_DATABASE=postgres" <br /> -e "KONG_PG_HOST=192.167.0.12" <br /> -e "KONG_PG_PORT=5432" <br /> -e "KONG_PG_USER=kong" <br /> -e "KONG_PG_PASSWORD=kong" <br /> -e "KONG_PG_DATABASE=kong" <br /> -e "KONG_CASSANDRA_CONTACT_POINTS=kong" <br /> kong:latest kong migrations bootstrap

  3. 初始化konga数据库

    #脚本跑完容器就关闭了
    docker run --rm pantsel/konga <br /> -c prepare <br /> -a postgres <br /> -u postgresql://kong:kong@192.168.2.143:5432/konga

  4. 部署kong网关

    修改postgres数据库地址,账号密码

    apiVersion: v1
    kind: Namespace
    metadata:

    name: kong

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: kongclusterplugins.configuration.konghq.com
    spec:
    additionalPrinterColumns:

    • JSONPath: .plugin
      description: Name of the plugin
      name: Plugin-Type
      type: string
    • JSONPath: .metadata.creationTimestamp
      description: Age
      name: Age
      type: date
    • JSONPath: .disabled
      description: Indicates if the plugin is disabled
      name: Disabled
      priority: 1
      type: boolean
    • JSONPath: .config description: Configuration of the plugin name: Config priority: 1 type: string group: configuration.konghq.com names: kind: KongClusterPlugin plural: kongclusterplugins shortNames:
      • kcp scope: Cluster validation: openAPIV3Schema: properties: config: type: object configFrom: properties: secretKeyRef: properties: key: type: string name: type: string namespace: type: string required: - name - namespace - key type: object type: object disabled: type: boolean plugin: type: string protocols: items: enum: - http - https - grpc - grpcs - tcp - tls type: string type: array run_on: enum:
        • first
        • second
        • all type: string required:
          • plugin

    version: v1

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: kongconsumers.configuration.konghq.com
    spec:
    additionalPrinterColumns:

    • JSONPath: .username
      description: Username of a Kong Consumer
      name: Username
      type: string
    • JSONPath: .metadata.creationTimestamp description: Age name: Age type: date group: configuration.konghq.com names: kind: KongConsumer plural: kongconsumers shortNames:
      • kc
        scope: Namespaced
        validation:
        openAPIV3Schema:
        properties:
        credentials:
        items:
        type: string
        type: array
        custom_id:
        type: string
        username:
        type: string

    version: v1

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: kongcredentials.configuration.konghq.com
    spec:
    additionalPrinterColumns:

    • JSONPath: .type
      description: Type of credential
      name: Credential-type
      type: string
    • JSONPath: .metadata.creationTimestamp
      description: Age
      name: Age
      type: date
    • JSONPath: .consumerRef description: Owner of the credential name: Consumer-Ref type: string group: configuration.konghq.com names: kind: KongCredential plural: kongcredentials scope: Namespaced validation: openAPIV3Schema: properties: consumerRef: type: string type: type: string required:
      • consumerRef
      • type

    version: v1

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: kongingresses.configuration.konghq.com
    spec:
    group: configuration.konghq.com
    names:
    kind: KongIngress
    plural: kongingresses
    shortNames:
    - ki
    scope: Namespaced
    validation:
    openAPIV3Schema:
    properties:
    proxy:
    properties:
    connect_timeout:
    minimum: 0
    type: integer
    path:
    pattern: ^/.$ type: string protocol: enum: - http - https - grpc - grpcs - tcp - tls type: string read_timeout: minimum: 0 type: integer retries: minimum: 0 type: integer write_timeout: minimum: 0 type: integer type: object route: properties: headers: additionalProperties: items: type: string type: array type: object https_redirect_status_code: type: integer methods: items: type: string type: array path_handling: enum: - v0 - v1 type: string preserve_host: type: boolean protocols: items: enum: - http - https - grpc - grpcs - tcp - tls type: string type: array regex_priority: type: integer strip_path: type: boolean upstream: properties: algorithm: enum: - round-robin - consistent-hashing - least-connections type: string hash_fallback: type: string hash_fallback_header: type: string hash_on: type: string hash_on_cookie: type: string hash_on_cookie_path: type: string hash_on_header: type: string healthchecks: properties: active: properties: concurrency: minimum: 1 type: integer healthy: properties: http_statuses: items: type: integer type: array interval: minimum: 0 type: integer successes: minimum: 0 type: integer type: object http_path: pattern: ^/.$
    type: string
    timeout:
    minimum: 0
    type: integer
    unhealthy:
    properties:
    http_failures:
    minimum: 0
    type: integer
    http_statuses:
    items:
    type: integer
    type: array
    interval:
    minimum: 0
    type: integer
    tcp_failures:
    minimum: 0
    type: integer
    timeout:
    minimum: 0
    type: integer
    type: object
    type: object
    passive:
    properties:
    healthy:
    properties:
    http_statuses:
    items:
    type: integer
    type: array
    interval:
    minimum: 0
    type: integer
    successes:
    minimum: 0
    type: integer
    type: object
    unhealthy:
    properties:
    http_failures:
    minimum: 0
    type: integer
    http_statuses:
    items:
    type: integer
    type: array
    interval:
    minimum: 0
    type: integer
    tcp_failures:
    minimum: 0
    type: integer
    timeout:
    minimum: 0
    type: integer
    type: object
    type: object
    threshold:
    type: integer
    type: object
    host_header:
    type: string
    slots:
    minimum: 10
    type: integer
    type: object

    version: v1

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: kongplugins.configuration.konghq.com
    spec:
    additionalPrinterColumns:

    • JSONPath: .plugin
      description: Name of the plugin
      name: Plugin-Type
      type: string
    • JSONPath: .metadata.creationTimestamp
      description: Age
      name: Age
      type: date
    • JSONPath: .disabled
      description: Indicates if the plugin is disabled
      name: Disabled
      priority: 1
      type: boolean
    • JSONPath: .config description: Configuration of the plugin name: Config priority: 1 type: string group: configuration.konghq.com names: kind: KongPlugin plural: kongplugins shortNames:
      • kp scope: Namespaced validation: openAPIV3Schema: properties: config: type: object configFrom: properties: secretKeyRef: properties: key: type: string name: type: string required: - name - key type: object type: object disabled: type: boolean plugin: type: string protocols: items: enum: - http - https - grpc - grpcs - tcp - tls type: string type: array run_on: enum:
        • first
        • second
        • all type: string required:
          • plugin

    version: v1

    apiVersion: apiextensions.k8s.io/v1beta1
    kind: CustomResourceDefinition
    metadata:
    name: tcpingresses.configuration.konghq.com
    spec:
    additionalPrinterColumns:

    • JSONPath: .status.loadBalancer.ingress[*].ip
      description: Address of the load balancer
      name: Address
      type: string
    • JSONPath: .metadata.creationTimestamp
      description: Age
      name: Age
      type: date
      group: configuration.konghq.com
      names:
      kind: TCPIngress
      plural: tcpingresses
      scope: Namespaced
      subresources:
      status: {}
      validation:
      openAPIV3Schema:
      properties:
      apiVersion:
      type: string
      kind:
      type: string
      metadata:
      type: object
      spec:
      properties:
      rules:
      items:
      properties:
      backend:
      properties:
      serviceName:
      type: string
      servicePort:
      format: int32
      type: integer
      type: object
      host:
      type: string
      port:
      format: int32
      type: integer
      type: object
      type: array
      tls:
      items:
      properties:
      hosts:
      items:
      type: string
      type: array
      secretName:
      type: string
      type: object
      type: array
      type: object
      status:
      type: object
      version: v1beta1
      status:
      acceptedNames:
      kind: ""
      plural: ""
      conditions: []

    storedVersions: []

    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: kong-serviceaccount

    namespace: kong

    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRole
    metadata:
    name: kong-ingress-clusterrole
    rules:

    • apiGroups:
      • ""
        resources:
      • endpoints
      • nodes
      • pods
      • secrets
        verbs:
      • list
      • watch
    • apiGroups:
      • ""
        resources:
      • nodes
        verbs:
      • get
    • apiGroups:
      • ""
        resources:
      • services
        verbs:
      • get
      • list
      • watch
    • apiGroups:
      • networking.k8s.io
      • extensions
      • networking.internal.knative.dev
        resources:
      • ingresses
        verbs:
      • get
      • list
      • watch
    • apiGroups:
      • ""
        resources:
      • events
        verbs:
      • create
      • patch
    • apiGroups:
      • networking.k8s.io
      • extensions
      • networking.internal.knative.dev
        resources:
      • ingresses/status
        verbs:
      • update
    • apiGroups:
      • configuration.konghq.com
        resources:
      • tcpingresses/status
        verbs:
      • update
    • apiGroups:
      • configuration.konghq.com
        resources:
      • kongplugins
      • kongclusterplugins
      • kongcredentials
      • kongconsumers
      • kongingresses
      • tcpingresses
        verbs:
      • get
      • list
      • watch
    • apiGroups:
      • ""
        resources:
      • configmaps
        verbs:
      • create
      • get

    - update

    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
    name: kong-ingress-clusterrole-nisa-binding
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: kong-ingress-clusterrole
    subjects:

    • kind: ServiceAccount
      name: kong-serviceaccount

    namespace: kong

    apiVersion: v1
    kind: Service
    metadata:
    annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    name: kong-proxy
    namespace: kong
    spec:
    ports:

    • name: proxy
      port: 80
      protocol: TCP
      targetPort: 8000
    • name: proxy-ssl
      port: 443
      protocol: TCP
      targetPort: 8443
      selector:
      app: ingress-kong

    type: LoadBalancer

    apiVersion: v1
    kind: Service
    metadata:
    name: kong-validation-webhook
    namespace: kong
    spec:
    ports:

    • name: webhook
      port: 443
      protocol: TCP
      targetPort: 8080
      selector:

    app: ingress-kong

    apiVersion: v1
    kind: Service
    metadata:
    name: kong-ingress-controller
    namespace: kong
    spec:
    type: NodePort
    ports:

    • name: konga
      port: 8001
      targetPort: 8001
      nodePort: 30001
      protocol: TCP
      selector:

    app: ingress-kong

    apiVersion: apps/v1
    kind: Deployment
    metadata:
    labels:
    app: ingress-kong
    name: ingress-kong
    namespace: kong
    spec:
    replicas: 1
    selector:
    matchLabels:
    app: ingress-kong
    template:
    metadata:
    annotations:
    kuma.io/gateway: enabled
    prometheus.io/port: "8100"
    prometheus.io/scrape: "true"
    traffic.sidecar.istio.io/includeInboundPorts: ""
    labels:
    app: ingress-kong
    spec:
    containers:
    - env:
    - name: KONG_PROXY_LISTEN
    value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2
    - name: KONG_ADMIN_LISTEN
    value: 0.0.0.0:8001,0.0.0.0:8444 ssl
    - name: KONG_STATUS_LISTEN
    value: 0.0.0.0:8100
    #设置数据库
    - name: KONG_DATABASE
    value: "postgres"
    - name: KONG_PG_HOST
    value: "192.167.0.12"
    - name: KONG_PG_USER
    value: "kong"
    - name: KONG_PG_PASSWORD
    value: "kong"
    - name: KONG_CASSANDRA_CONTACT_POINTS
    value: "postgres"

        - name: KONG_NGINX_WORKER_PROCESSES
          value: "1"
        - name: KONG_ADMIN_ACCESS_LOG
          value: /dev/stdout
        - name: KONG_ADMIN_ERROR_LOG
          value: /dev/stderr
        - name: KONG_PROXY_ERROR_LOG
          value: /dev/stderr
        image: kong:2.1
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - kong quit
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: 8100
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: proxy
        ports:
        - containerPort: 8000
          name: proxy
          protocol: TCP
        - containerPort: 8443
          name: proxy-ssl
          protocol: TCP
        - containerPort: 8100
          name: metrics
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: 8100
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        securityContext:
          runAsUser: 1000
      - env:
        - name: CONTROLLER_KONG_ADMIN_URL
          value: https://127.0.0.1:8444
        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
          value: "true"
        - name: CONTROLLER_PUBLISH_SERVICE
          value: kong/kong-proxy
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller:0.9.1
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: ingress-controller
        ports:
        - containerPort: 8080
          name: webhook
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
      serviceAccountName: kong-serviceaccount
  5. 部署konga

    修改postgres数据库地址,账号密码

    kind: Deployment
    apiVersion: apps/v1
    metadata:
    name: konga
    namespace: kong
    labels:
    app: dashboard-konga
    spec:
    replicas: 1
    selector:
    matchLabels:
    app: dashboard-konga
    template:
    metadata:
    labels:
    app: dashboard-konga
    spec:
    containers:
    - name: konga
    image: pantsel/konga
    ports:
    - containerPort: 1337
    env:
    - name: TOKEN_SECRET
    value: kong
    - name: NODE_ENV
    value: production
    - name: DB_ADAPTER
    value: postgres
    - name: DB_URI
    #修改该数据库连接信息
    value: postgresql://kong:kong@192.167.0.12:5432/konga
    imagePullPolicy: IfNotPresent
    restartPolicy: Always


    apiVersion: v1
    kind: Service
    metadata:
    name: svc-konga
    namespace: kong
    spec:
    type: NodePort
    selector:
    app: dashboard-konga
    ports:

    • protocol: TCP
      port: 1441
      targetPort: 1337
  6. 测试

    访问 svc-konga:1337

手机扫一扫

移动阅读更方便

阿里云服务器
腾讯云服务器
七牛云服务器