API gateway / API gateway (II) - use of Kong - load balancing

  One 、 Preface

Load balancing is a traffic distribution control service that distributes the access traffic to multiple servers at the back end according to the forwarding policy , The external service capability of application system can be extended through traffic distribution , Eliminate single point of failure and improve the availability of application system , Common load balancing methods include Alibaba cloud SLB, Huawei cloud ELB,Nginx etc. .

Here is Nginx An example of load balancing configuration ：

upstream hello {
	server 172.17.0.1:3000 weight=100;
	server 172.17.0.1:3001 weight=100;
}

server {
	listen	80;
	location /hello {
		proxy_pass http://hello;
	}
}

Next use Kong To achieve the same function . 

Two 、 Internet Information

My computer's IP yes 192.168.1.51, install Kong The host of IP yes 192.168.1.57 and 172.17.0.1（docker0）,kong2_kong-net The network segment of is 172.29.0.0,kong2_kong-net yes docker-compose.yml Network configured in .

[root@localhost kong2]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
8702510e499c        bridge              bridge              local
d6460928cb8a        host                host                local
1ade10679e59        kong2_kong-net      bridge              local
e00def8c74a2        none                null                local

[root@localhost kong2]# docker network inspect kong2_kong-net
[
    {
        "Name": "kong2_kong-net",
        "Id": "1ade10679e59ba51f64113f42a18cdb49f5029f73475650237cc9f10415aa34c",
        "Created": "2020-04-29T00:09:04.748628001+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.29.0.0/16",
                    "Gateway": "172.29.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "260a383f32c5a82d828a262fd26f9bb677a06f86b38d288d1c9fe03a9dc3a8e2": {
                "Name": "kong-database",
                "EndpointID": "a702002370d45dc6930c2379740762a59c4decfe6e54332f802d2ecb348f6e49",
                "MacAddress": "02:42:ac:1d:00:03",
                "IPv4Address": "172.29.0.2/16",
                "IPv6Address": ""
            },
            "88c47fc737d002b9ffebb8e2ff604306997ed4388654477a157a68363f727b6d": {
                "Name": "kong",
                "EndpointID": "8ff362c0497e3664d43cf6e6564e558ee583b07dfb03b7a7617b4ca3f1aec12c",
                "MacAddress": "02:42:ac:1d:00:06",
                "IPv4Address": "172.29.0.4/16",
                "IPv6Address": ""
            },
            "daa627c41d351331af22683d5bc29574c1fc703bcdd5df3f66e753d38b83dfd1": {
                "Name": "konga",
                "EndpointID": "4ea04ec7d9fa5bd8540f82e9c5c17540db4ebd074e20024a6d778fcb32c3b65a",
                "MacAddress": "02:42:ac:1d:00:04",
                "IPv4Address": "172.29.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {
            "com.docker.compose.network": "kong-net",
            "com.docker.compose.project": "kong2",
            "com.docker.compose.version": "1.25.0"
        }
    }
]

3、 ... and 、 Firewall configuration

CentOS7 use firewalld Instead of the original iptables, stay 192.168.1.57 through firewalld-cmd Open the port or close it directly firewalld A firewall

（1） Open port ：3000、3001、8000、8443

firewall-cmd --zone=public --add-port=3000/tcp --permanent
firewall-cmd --zone=public --add-port=3001/tcp --permanent
firewall-cmd --zone=public --add-port=8000/tcp --permanent
firewall-cmd --zone=public --add-port=8443/tcp --permanent

The parameter meaning of the command

--zone              # Scope 
--add-port=80/tcp   # Add port , The format is ： port / Communication protocol 
--permanent         # permanent , Failure after restart without this parameter 

（2） Reload the firewall settings , Make settings effective

firewall-cmd --reload

（3） Query port number 3000、3001、8000、8443 Open or not

firewall-cmd --query-port=3000/tcp
firewall-cmd --query-port=3001/tcp
firewall-cmd --query-port=8000/tcp
firewall-cmd --query-port=8443/tcp

（4） Query which ports are open

firewall-cmd --list-port

（5） stop it firewalld service

systemctl stop firewalld.service 

（6） prohibit firewalld Service startup

systemctl disable firewalld.service

# After closing the firewall, you need to restart docker service , Otherwise, you will be prompted with a message 
ERROR: Failed to Setup IP tables: Unable to enable SKIP DNAT rule:

Four 、API Interface services

stay 192.168.1.57 Up operation 2 individual Jar Package supply API Interface services , Each runs on 3000 and 3001 port

4.1 AnronApplication.java file

package com.anron;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.core.env.Environment;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@SpringBootApplication
@RestController
public class AnronApplication {

    @Autowired
    private Environment environment;

    public static void main(String[] args) {
        SpringApplication.run(AnronApplication.class, args);
    }

    @RequestMapping("/hi")
    public String port() {
        return environment.getProperty("server.port");
    }
}

4.2 application.properties file

#server.port=3000
server.port=3001

4.3 stay 192.168.1.51 Up test

curl http://192.168.1.57:3000/hi
curl http://192.168.1.57:3001/hi

5、 ... and 、Konga UI Configure load balancing

5.1 register Administrator account

The first time Konga You need to sign up for an account

5.2 establish Connection

Kong Admin Url It can be used directly kong Host name （ Also the name of the container ）, Because they are all together kong2_kong-net In the network

 5.3  establish Upstream

Input name=hello That's all right.

 5.4 edit Upstream Medium Target 

add to 172.17.0.1:3000 and 172.17.0.1:3001 That's all right. , because 2 individual Jar The file is not running in docker-compose in , be not in Kong2_kong-net In the network （ Network segment ：172.29.0.0）, So fill in the host IP172.17.0.1

5.5 establish Service

Input name、host and port

host, namely upstream Medium name

port, The default is 80, and upstream Medium target Can be different , With upstream Medium target Subject to

 5.6 establish Router

Input paths and protocols,UI Your interaction is a little special , You need to enter after entering the content

 5.7 Configuration complete

Test load balancing , stay 192.168.1.51 Computer call API Interface test

curl http://192.168.1.57:8000/hello/hi

6、 ... and 、Kong API Configure load balancing

*** adopt Kong API It can also be achieved and Konga UI Same effect ***

Create a name hello Of upstream, by hello Add two load balancing nodes

curl -X POST http://localhost:8001/upstreams --data "name=hello"
curl -X POST http://localhost:8001/upstreams/hello/targets --data "target=172.17.0.1:3000" --data "weight=100"
curl -X POST http://localhost:8001/upstreams/hello/targets --data "target=172.17.0.1:3001" --data "weight=100"

To configure a service, host The value of corresponds to upstream The name of , After the configuration is successful, the generated... Will be returned service Of id

curl -X POST http://localhost:8001/services --data "name=service1" --data "host=hello"

For the above service Configure routing information ,service.id You need to correspond to the... Created above service

curl -X POST http://localhost:8001/routes --data "paths[]=/hello" --data "service.id=3cd79ba1-93e8-4c04-a04f-304873536fd0"

7、 ... and 、 summary

Kong After the process starts, multiple ports will be started , The function of each port is also different ：

• 8001 port ：http management API;

• 8444 port ：https management API;

• 8000 port ： Reception processing http Traffic ;

• 8443 port ： Reception processing https Traffic ;

Kong It's very easy to use , You need to understand a few concepts and you can use them quickly ：

• Service：Service It is the upstream service that needs to be exposed to the outside world ;

• Upstream： Be similar to Nginx Reverse proxy configuration upstream;

• Route：Route The routing rules are defined , How to route external traffic to the corresponding Service;

• Consumer： Similar to the concept of account number , You can set different Consumer Yes API Access restrictions .