KONG-ADMIN演示 

1、创建服务

curl -i -X POST \
  --url http://localhost:8001/services/ \
  --data 'name=example-service' \
  --data 'url=http://mockbin.org'
     url--对应services 表 protocol-host-port(http---mockbin.org)

2. Add a Route for the Service(一个服务有多个路由)

$ curl -i -X POST \
  --url http://localhost:8001/services/baidu-service/routes \
  --data 'hosts[]=t1.com'  --data 'hosts[]=t2.com'

//多种方式

hosts accepts multiple values, which must be comma-separated when specifying them via the Admin API, and is represented in a JSON payload:

$ curl -i -X POST http://localhost:8001/routes/ \
    -H 'Content-Type: application/json' \
    -d '{"hosts":["example.com", "foo-service.com"]}'
HTTP/1.1 201 Created
...

But since the Admin API also supports form-urlencoded content types, you can specify an array via the [] notation:

$ curl -i -X POST http://localhost:8001/routes/ \
    -d 'hosts[]=example.com' \
    -d 'hosts[]=foo-service.com'
HTTP/1.1 201 Created


3. Forward your requests through Kong---TEST

Issue the following cURL request to verify that Kong is properly forwarding requests to your Service. Note that by default Kong handles proxy requests on port :8000:

$ curl -i -X GET \
  --url http://localhost:8000/ \
  --header 'Host: example.com'

4、给服务添加启用插件
     请求访问时,会检查:
   keyauth_credentials--这个表里存储着身份凭证
----key,consumerid---统一认证时候,需要提供来访的apikey,按照apikey找到consumerid,进而查询到consumer,设置
          后续请求头里面。
      ----访问key的发放服务(登录服务)--这个不需要启用认证
 

Configure the key-auth plugin

To configure the key-auth plugin for the Service you configured in Kong, issue the following cURL request:

A、为服务启用插件

$ curl -i -X POST \
  --url http://localhost:8001/services/baidu-service/plugins/ \
  --data 'name=key-auth'

当系统初始化时,读表plugins(读取插件配置)---会为每个服务加载插件列表,当请求来临时,调用插件的拦截方法,传递conf---
插件内会去从请求中找出访问key,然后差找访问凭证,进而查询出消费者,把消费者信息,写到后续请求头中
测试访问,返回

  curl -i -X GET --url http://t1.com:8000 --header 'HOST:t1.com'
HTTP/1.1 401 Unauthorized
Date: Sun, 29 Mar 2020 13:02:57 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
WWW-Authenticate: Key realm="kong"
Content-Length: 41
X-Kong-Response-Latency: 1
Server: kong/2.0.2

{"message":"No API key found in request"}

B、建立访问者身份凭证

//创建消费者----增加应用的用户

curl -i -X POST \
  --url http://localhost:8001/consumers/ \
  --data "username=Jason"

//创建消费者访问凭证----keyauth_credentials--增加记录

curl -i -X POST \
  --url http://localhost:8001/consumers/Jason/key-auth/ \
  --data 'key=123456'

//验证访问
curl -i -X GET --url http://t1.com:8000 --header 'HOST:t1.com'  --header 'apikey:123456'


 

posted @ 2020-03-29 22:17  FromScratch  阅读(743)  评论(0编辑  收藏  举报