docker部署postgres

docker run -d <br /> --name kong-postgres <br /> -e POSTGRES_PASSWORD=kong <br /> -e PGDATA=/var/lib/postgresql/data/pgdata <br /> -p 5432:5432 <br /> postgres:9

在postgres中创建kong、konga数据库

su postgres

psql

create user kong;

create database kong owner kong;

create user konga;

alter user kong with encrypted password 'kongpassword';

grant all privileges on database kong to kong;

grant all privileges on database konga to kong;

对PGSQL数据库初始化

#脚本跑完容器就关闭了
docker run -it --rm <br /> -e "KONG_DATABASE=postgres" <br /> -e "KONG_PG_HOST=192.167.0.12" <br /> -e "KONG_PG_PORT=5432" <br /> -e "KONG_PG_USER=kong" <br /> -e "KONG_PG_PASSWORD=kong" <br /> -e "KONG_PG_DATABASE=kong" <br /> -e "KONG_CASSANDRA_CONTACT_POINTS=kong" <br /> kong:latest kong migrations bootstrap

初始化konga数据库

#脚本跑完容器就关闭了
docker run --rm pantsel/konga <br /> -c prepare <br /> -a postgres <br /> -u postgresql://kong:kong@192.168.2.143:5432/konga

部署kong网关

修改postgres数据库地址，账号密码

apiVersion: v1
kind: Namespace
metadata:

name: kong

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kongclusterplugins.configuration.konghq.com
spec:
additionalPrinterColumns:

• JSONPath: .plugin
  description: Name of the plugin
  name: Plugin-Type
  type: string
• JSONPath: .metadata.creationTimestamp
  description: Age
  name: Age
  type: date
• JSONPath: .disabled
  description: Indicates if the plugin is disabled
  name: Disabled
  priority: 1
  type: boolean
• JSONPath: .config description: Configuration of the plugin name: Config priority: 1 type: string group: configuration.konghq.com names: kind: KongClusterPlugin plural: kongclusterplugins shortNames:
  • kcp scope: Cluster validation: openAPIV3Schema: properties: config: type: object configFrom: properties: secretKeyRef: properties: key: type: string name: type: string namespace: type: string required: - name - namespace - key type: object type: object disabled: type: boolean plugin: type: string protocols: items: enum: - http - https - grpc - grpcs - tcp - tls type: string type: array run_on: enum:
    • first
    • second
    • all type: string required:
      • plugin

version: v1

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kongconsumers.configuration.konghq.com
spec:
additionalPrinterColumns:

• JSONPath: .username
  description: Username of a Kong Consumer
  name: Username
  type: string
• JSONPath: .metadata.creationTimestamp description: Age name: Age type: date group: configuration.konghq.com names: kind: KongConsumer plural: kongconsumers shortNames:
  • kc
    scope: Namespaced
    validation:
    openAPIV3Schema:
    properties:
    credentials:
    items:
    type: string
    type: array
    custom_id:
    type: string
    username:
    type: string

version: v1

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kongcredentials.configuration.konghq.com
spec:
additionalPrinterColumns:

• JSONPath: .type
  description: Type of credential
  name: Credential-type
  type: string
• JSONPath: .metadata.creationTimestamp
  description: Age
  name: Age
  type: date
• JSONPath: .consumerRef description: Owner of the credential name: Consumer-Ref type: string group: configuration.konghq.com names: kind: KongCredential plural: kongcredentials scope: Namespaced validation: openAPIV3Schema: properties: consumerRef: type: string type: type: string required:
  • consumerRef
  • type

version: v1

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kongingresses.configuration.konghq.com
spec:
group: configuration.konghq.com
names:
kind: KongIngress
plural: kongingresses
shortNames:
- ki
scope: Namespaced
validation:
openAPIV3Schema:
properties:
proxy:
properties:
connect_timeout:
minimum: 0
type: integer
path:
pattern: ^/.$ type: string protocol: enum: - http - https - grpc - grpcs - tcp - tls type: string read_timeout: minimum: 0 type: integer retries: minimum: 0 type: integer write_timeout: minimum: 0 type: integer type: object route: properties: headers: additionalProperties: items: type: string type: array type: object https_redirect_status_code: type: integer methods: items: type: string type: array path_handling: enum: - v0 - v1 type: string preserve_host: type: boolean protocols: items: enum: - http - https - grpc - grpcs - tcp - tls type: string type: array regex_priority: type: integer strip_path: type: boolean upstream: properties: algorithm: enum: - round-robin - consistent-hashing - least-connections type: string hash_fallback: type: string hash_fallback_header: type: string hash_on: type: string hash_on_cookie: type: string hash_on_cookie_path: type: string hash_on_header: type: string healthchecks: properties: active: properties: concurrency: minimum: 1 type: integer healthy: properties: http_statuses: items: type: integer type: array interval: minimum: 0 type: integer successes: minimum: 0 type: integer type: object http_path: pattern: ^/.$
type: string
timeout:
minimum: 0
type: integer
unhealthy:
properties:
http_failures:
minimum: 0
type: integer
http_statuses:
items:
type: integer
type: array
interval:
minimum: 0
type: integer
tcp_failures:
minimum: 0
type: integer
timeout:
minimum: 0
type: integer
type: object
type: object
passive:
properties:
healthy:
properties:
http_statuses:
items:
type: integer
type: array
interval:
minimum: 0
type: integer
successes:
minimum: 0
type: integer
type: object
unhealthy:
properties:
http_failures:
minimum: 0
type: integer
http_statuses:
items:
type: integer
type: array
interval:
minimum: 0
type: integer
tcp_failures:
minimum: 0
type: integer
timeout:
minimum: 0
type: integer
type: object
type: object
threshold:
type: integer
type: object
host_header:
type: string
slots:
minimum: 10
type: integer
type: object

version: v1

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kongplugins.configuration.konghq.com
spec:
additionalPrinterColumns:

• JSONPath: .plugin
  description: Name of the plugin
  name: Plugin-Type
  type: string
• JSONPath: .metadata.creationTimestamp
  description: Age
  name: Age
  type: date
• JSONPath: .disabled
  description: Indicates if the plugin is disabled
  name: Disabled
  priority: 1
  type: boolean
• JSONPath: .config description: Configuration of the plugin name: Config priority: 1 type: string group: configuration.konghq.com names: kind: KongPlugin plural: kongplugins shortNames:
  • kp scope: Namespaced validation: openAPIV3Schema: properties: config: type: object configFrom: properties: secretKeyRef: properties: key: type: string name: type: string required: - name - key type: object type: object disabled: type: boolean plugin: type: string protocols: items: enum: - http - https - grpc - grpcs - tcp - tls type: string type: array run_on: enum:
    • first
    • second
    • all type: string required:
      • plugin

version: v1

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tcpingresses.configuration.konghq.com
spec:
additionalPrinterColumns:

• JSONPath: .status.loadBalancer.ingress[*].ip
  description: Address of the load balancer
  name: Address
  type: string
• JSONPath: .metadata.creationTimestamp
  description: Age
  name: Age
  type: date
  group: configuration.konghq.com
  names:
  kind: TCPIngress
  plural: tcpingresses
  scope: Namespaced
  subresources:
  status: {}
  validation:
  openAPIV3Schema:
  properties:
  apiVersion:
  type: string
  kind:
  type: string
  metadata:
  type: object
  spec:
  properties:
  rules:
  items:
  properties:
  backend:
  properties:
  serviceName:
  type: string
  servicePort:
  format: int32
  type: integer
  type: object
  host:
  type: string
  port:
  format: int32
  type: integer
  type: object
  type: array
  tls:
  items:
  properties:
  hosts:
  items:
  type: string
  type: array
  secretName:
  type: string
  type: object
  type: array
  type: object
  status:
  type: object
  version: v1beta1
  status:
  acceptedNames:
  kind: ""
  plural: ""
  conditions: []

storedVersions: []

apiVersion: v1
kind: ServiceAccount
metadata:
name: kong-serviceaccount

namespace: kong

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kong-ingress-clusterrole
rules:

• apiGroups:
  • ""
    resources:
  • endpoints
  • nodes
  • pods
  • secrets
    verbs:
  • list
  • watch
• apiGroups:
  • ""
    resources:
  • nodes
    verbs:
  • get
• apiGroups:
  • ""
    resources:
  • services
    verbs:
  • get
  • list
  • watch
• apiGroups:
  • networking.k8s.io
  • extensions
  • networking.internal.knative.dev
    resources:
  • ingresses
    verbs:
  • get
  • list
  • watch
• apiGroups:
  • ""
    resources:
  • events
    verbs:
  • create
  • patch
• apiGroups:
  • networking.k8s.io
  • extensions
  • networking.internal.knative.dev
    resources:
  • ingresses/status
    verbs:
  • update
• apiGroups:
  • configuration.konghq.com
    resources:
  • tcpingresses/status
    verbs:
  • update
• apiGroups:
  • configuration.konghq.com
    resources:
  • kongplugins
  • kongclusterplugins
  • kongcredentials
  • kongconsumers
  • kongingresses
  • tcpingresses
    verbs:
  • get
  • list
  • watch
• apiGroups:
  • ""
    resources:
  • configmaps
    verbs:
  • create
  • get

- update

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kong-ingress-clusterrole-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kong-ingress-clusterrole
subjects:

• kind: ServiceAccount
  name: kong-serviceaccount

namespace: kong

apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-type: nlb
name: kong-proxy
namespace: kong
spec:
ports:

• name: proxy
  port: 80
  protocol: TCP
  targetPort: 8000
• name: proxy-ssl
  port: 443
  protocol: TCP
  targetPort: 8443
  selector:
  app: ingress-kong

type: LoadBalancer

apiVersion: v1
kind: Service
metadata:
name: kong-validation-webhook
namespace: kong
spec:
ports:

• name: webhook
  port: 443
  protocol: TCP
  targetPort: 8080
  selector:

app: ingress-kong

apiVersion: v1
kind: Service
metadata:
name: kong-ingress-controller
namespace: kong
spec:
type: NodePort
ports:

• name: konga
  port: 8001
  targetPort: 8001
  nodePort: 30001
  protocol: TCP
  selector:

app: ingress-kong

apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-kong
name: ingress-kong
namespace: kong
spec:
replicas: 1
selector:
matchLabels:
app: ingress-kong
template:
metadata:
annotations:
kuma.io/gateway: enabled
prometheus.io/port: "8100"
prometheus.io/scrape: "true"
traffic.sidecar.istio.io/includeInboundPorts: ""
labels:
app: ingress-kong
spec:
containers:
- env:
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8001,0.0.0.0:8444 ssl
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100
#设置数据库
- name: KONG_DATABASE
value: "postgres"
- name: KONG_PG_HOST
value: "192.167.0.12"
- name: KONG_PG_USER
value: "kong"
- name: KONG_PG_PASSWORD
value: "kong"
- name: KONG_CASSANDRA_CONTACT_POINTS
value: "postgres"

    - name: KONG_NGINX_WORKER_PROCESSES
      value: "1"
    - name: KONG_ADMIN_ACCESS_LOG
      value: /dev/stdout
    - name: KONG_ADMIN_ERROR_LOG
      value: /dev/stderr
    - name: KONG_PROXY_ERROR_LOG
      value: /dev/stderr
    image: kong:2.1
    lifecycle:
      preStop:
        exec:
          command:
          - /bin/sh
          - -c
          - kong quit
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /status
        port: 8100
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    name: proxy
    ports:
    - containerPort: 8000
      name: proxy
      protocol: TCP
    - containerPort: 8443
      name: proxy-ssl
      protocol: TCP
    - containerPort: 8100
      name: metrics
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /status
        port: 8100
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    securityContext:
      runAsUser: 1000
  - env:
    - name: CONTROLLER_KONG_ADMIN_URL
      value: https://127.0.0.1:8444
    - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
      value: "true"
    - name: CONTROLLER_PUBLISH_SERVICE
      value: kong/kong-proxy
    - name: POD_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.name
    - name: POD_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    image: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller:0.9.1
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /healthz
        port: 10254
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    name: ingress-controller
    ports:
    - containerPort: 8080
      name: webhook
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /healthz
        port: 10254
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
  serviceAccountName: kong-serviceaccount

部署konga

修改postgres数据库地址，账号密码

kind: Deployment
apiVersion: apps/v1
metadata:
name: konga
namespace: kong
labels:
app: dashboard-konga
spec:
replicas: 1
selector:
matchLabels:
app: dashboard-konga
template:
metadata:
labels:
app: dashboard-konga
spec:
containers:
- name: konga
image: pantsel/konga
ports:
- containerPort: 1337
env:
- name: TOKEN_SECRET
value: kong
- name: NODE_ENV
value: production
- name: DB_ADAPTER
value: postgres
- name: DB_URI
#修改该数据库连接信息
value: postgresql://kong:kong@192.167.0.12:5432/konga
imagePullPolicy: IfNotPresent
restartPolicy: Always

apiVersion: v1
kind: Service
metadata:
name: svc-konga
namespace: kong
spec:
type: NodePort
selector:
app: dashboard-konga
ports:

• protocol: TCP
  port: 1441
  targetPort: 1337

测试

访问 svc-konga:1337