Slide 1

Slide 1 text

THE CLOUD CONNECTIVITY COMPANY 1 © Kong Inc. THE CLOUD CONNECTIVITY COMPANY Kong Gateway 入門編 施文翰(Wenhan Shi) – Solution Engineer Aug 2022

Slide 2

Slide 2 text

THE CLOUD CONNECTIVITY COMPANY 2 © Kong Inc. 2 Agenda

Slide 3

Slide 3 text

THE CLOUD CONNECTIVITY COMPANY 3 © Kong Inc. 3 Kong Manager

Slide 4

Slide 4 text

THE CLOUD CONNECTIVITY COMPANY 4 © Kong Inc. ブラウザベースの UI で、Kong Gateway をモニタリングおよび設定 - ルートとサービスの作成 - プラグインの有効化・無効化 - パフォーマンスとトラフィックを監視 - ユーザーとグループをRBACで管理 Kong Managerとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager 8002(HTTP) 8445(HTTPS) Upstream targets

Slide 5

Slide 5 text

THE CLOUD CONNECTIVITY COMPANY 5 © Kong Inc. - Managerにログインした後、Defaultの Workspacesをクリック - Workspacesはそれぞれ独立している 領域です。プロジェクト別、リージョン別 などにして利用するケースが多いで す。 Kong ManagerのWorkspace

Slide 6

Slide 6 text

THE CLOUD CONNECTIVITY COMPANY 6 © Kong Inc. Kong Manager Dashboard ワークスペース 項目を追加&修正 レポーティング セキュリティ&分析 ライブデータ 利用情報の統計 Adminメニュー

Slide 7

Slide 7 text

THE CLOUD CONNECTIVITY COMPANY 7 © Kong Inc. 7 Services / Routes

Slide 8

Slide 8 text

THE CLOUD CONNECTIVITY COMPANY 8 © Kong Inc. - 外部のupstream APIまたはマイクロサービスを表すものです。 - 一番重要な属性は、トラフィックの転送先 URL です。 - URL の指定方法 - 1 つの文字列で指定 - プロトコル、ホスト、ポート、およびパスを個別に指定 Servicesとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets

Slide 9

Slide 9 text

THE CLOUD CONNECTIVITY COMPANY 9 © Kong Inc. 9 - ServicesのページからNew Service - Nameにserviceの名前を入力 - Add using URLにhttp://httpbin.org/anythingを 入力 - httpbin.org はシンプルなHTTPリクエスト&レ スポンスサービス - Createをクリック デモ - Kong Manager からserviceを作る

Slide 10

Slide 10 text

THE CLOUD CONNECTIVITY COMPANY 10 © Kong Inc. - 外部からServiceにアクセスするために、Routesの追加が必要 - RoutesはServiceを外部へ公開する仕様を定義 - Routesは、リクエストがサービスに送信される方法 (送信するかどうか) を決定 - 1 つのServiceに複数のRoutesを設定可能 - リクエストでのパスはRoutesで定義したパスと一致したら、関連する Serviceにリクエストを送信。 Routesとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets

Slide 11

Slide 11 text

THE CLOUD CONNECTIVITY COMPANY 11 © Kong Inc. 11 - RoutesのページからNew Route - Serviceにhttpbinを選択 - Nameにhttpbinを入力 - Method(s)にGETを入力 - Path(s)に/echoを入力 - Createをクリック デモ - Kong Manager からrouteを作る

Slide 12

Slide 12 text

THE CLOUD CONNECTIVITY COMPANY 12 © Kong Inc. - Kong Gatewayが/echoへのGETリクエストを受付可能 - このリクエストはserviceのhttpbinにマップされ、http://httpbin.org/anythingへ転送 ここまでできたこと KONG GATEWAY API Request GET /echo Backend API Service httpbin Route httpbin Kong Manager 8002(HTTP) 8445(HTTPS) Upstream target http://httpbin.org/anything 8000(HTTP) 8443(HTTPS)

Slide 13

Slide 13 text

THE CLOUD CONNECTIVITY COMPANY 13 © Kong Inc. 13 デモ - Kong Gatewayにリクエストを送る ❯ http http://13.112.75.208:8000/echo HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 502 Content-Type: application/json Date: Tue, 23 Aug 2022 16:07:38 GMT Server: gunicorn/19.9.0 Via: kong/2.8.1.3-enterprise-edition X-Kong-Proxy-Latency: 3 X-Kong-Upstream-Latency: 292 { "args": {}, "data": "", "files": {}, "form": {}, "headers": { "Accept": "*/*", "Accept-Encoding": "gzip, deflate", "Host": "httpbin.org", "User-Agent": "HTTPie/2.6.0", "X-Amzn-Trace-Id": "Root=1-6304fb4a-63ae355f788b5a166ccf733b", "X-Forwarded-Host": "localhost", "X-Forwarded-Path": "/echo", "X-Forwarded-Prefix": "/echo" }, "json": null, "method": "GET", "origin": "172.18.0.1, 13.112.75.208", "url": "http://localhost/anything" } - ブラウザまたはコマンドラインで送信

Slide 14

Slide 14 text

THE CLOUD CONNECTIVITY COMPANY 14 © Kong Inc. 14 デモ - Kong Gatewayにリクエストを送る ❯ http http://localhost:8000/ foo HTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 48 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 16:31:45 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Response-Latency: 0 { "message": "no Route matched with those values" } - 定義されていないパスがリクエストされたら、下記のように 404エラーとなります。

Slide 15

Slide 15 text

THE CLOUD CONNECTIVITY COMPANY 15 © Kong Inc. 15 Plugins

Slide 16

Slide 16 text

THE CLOUD CONNECTIVITY COMPANY 16 © Kong Inc. - 様々な機能を容易にAPIへ追加可能 - 認証(Authentication)、流量制限(rate limit)、ログ出力、リクエスト変換など - Service単位、Route単位、Consumer単位、もしくはGlobalでの有効化が可能 - RequestとResponse両方設定可能 プラグインとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets

Slide 17

Slide 17 text

THE CLOUD CONNECTIVITY COMPANY 17 © Kong Inc. Kong Plugin Hub - Official Kong Plugins - https://docs.konghq.com/hub/ - 8カテゴリ、総数100近く - 認証 - セキュリティ - トラフィックコントロール - サーバーレス - 分析&モニタリング - トラフィック変換 - ログ関連 - デプロイ関連 - Luaまたは他の言語でプラグイン開発

Slide 18

Slide 18 text

THE CLOUD CONNECTIVITY COMPANY 18 © Kong Inc. - 複数のプラグインを同時に利用可能 プラグインの組み合わせ API KONG GATEWAY API Consumer Plugin: Authorization API Keyを 確認 Plugin: Rate Limiting アクセス回数を 確認 Plugin: Transformation Headerを追加 401 Unauthorized 429 Too Many Request Add a header foo: bar API Key なし アクセス回数が 上限以上

Slide 19

Slide 19 text

THE CLOUD CONNECTIVITY COMPANY 19 © Kong Inc. 19 - PluginsのページからNew Plugin - Key Authenticationをクリック - apikeyがConfig.keyに設定されたことを確 認 - Createをクリック - Global範囲に有効 - Scopedを選択したらServiceやRouteが選択 可能 デモ - Key認証(Key Authentication)プラグインの実装

Slide 20

Slide 20 text

THE CLOUD CONNECTIVITY COMPANY 20 © Kong Inc. 20 - apikeyを持たないリクエストが接続拒否(401) デモ - Key認証(Key Authentication)プラグインの実装 ❯ http http://localhost:8000/echo HTTP/1.1 401 Unauthorized Connection: keep-alive Content-Length: 45 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 17:20:56 GMT Server: kong/2.8.1.3-enterprise-edition WWW-Authenticate: Key realm="kong" X-Kong-Response-Latency: 74 { "message": "No API key found in request" }

Slide 21

Slide 21 text

THE CLOUD CONNECTIVITY COMPANY 21 © Kong Inc. 21 Consumers

Slide 22

Slide 22 text

THE CLOUD CONNECTIVITY COMPANY 22 © Kong Inc. - APIをアクセスするエンドユーザー、またはアプリケーションを代表 - アクセス可否を管理 - アクセス履歴を記録 - Consumerに対し、リクエストやレスポンスをプラグインでカスタマイズ可能 Consumersとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets

Slide 23

Slide 23 text

THE CLOUD CONNECTIVITY COMPANY 23 © Kong Inc. 23 - ConsumersのページからNew Consumer - UsernameにJoeを入力 - Createをクリック デモ - Consumerを作る

Slide 24

Slide 24 text

THE CLOUD CONNECTIVITY COMPANY 24 © Kong Inc. 24 - ConsumersのページJoeをクリック - CredentialsタブでNew Key Auth Credential をクリック - KeyにJoePasswordを入力し - Createをクリック デモ - Consumer Joeにkey認証情報を設定

Slide 25

Slide 25 text

THE CLOUD CONNECTIVITY COMPANY 25 © Kong Inc. 25 - 正しい認証情報でアクセス可能 デモ - Consumer認証情報でアクセス確認 ❯ http http://localhost:8000/echo apikey:JoePassword HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 701 Content-Type: application/json Date: Wed, 24 Aug 2022 17:34:01 GMT Server: gunicorn/19.9.0 Via: kong/2.8.1.3-enterprise-edition X-Kong-Proxy-Latency: 13 X-Kong-Upstream-Latency: 294 { "args": {}, "data": "", "files": {}, "form": {}, "headers": { "Accept": "*/*", …

Slide 26

Slide 26 text

THE CLOUD CONNECTIVITY COMPANY 26 © Kong Inc. 26 - 認証情報が間違ったら接続拒否(401) デモ - Consumer認証情報でアクセス確認 ❯ http http://localhost:8000/echo apikey:JoeTest HTTP/1.1 401 Unauthorized Connection: keep-alive Content-Length: 52 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 17:36:06 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Response-Latency: 2 { "message": "Invalid authentication credentials" }

Slide 27

Slide 27 text

THE CLOUD CONNECTIVITY COMPANY 27 © Kong Inc. 27 Upstream

Slide 28

Slide 28 text

THE CLOUD CONNECTIVITY COMPANY 28 © Kong Inc. - 複数のBackend APIをまとめる - Backend APIの増減はKong Gateway側で設定可能 - 三つのLBポリシー - consistent-hashing - least-connections - round-robin (default) Upstreamとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets

Slide 29

Slide 29 text

THE CLOUD CONNECTIVITY COMPANY 29 © Kong Inc. 29 Vitals

Slide 30

Slide 30 text

THE CLOUD CONNECTIVITY COMPANY 30 © Kong Inc. 30 Vitalsとは - Kong Gatewayのパフォーマンスとヘルスチェック - Kong Gateway経由のAPIトランザクションを可視化 - Kong ManagerまたはAdmin APIで参照可能

Slide 31

Slide 31 text

THE CLOUD CONNECTIVITY COMPANY 31 © Kong Inc. 31 - 以下の事例でVitalsをデモ - Consumer Joeに対しRate Limitingのプラグインを実装 - Joeがアクセス上限以上のトラフィックを送信し、 4xxエラーを確認 - アクセス上限を引き上げして、エラーの減少を確認 デモ - Vitalsでモニタリング

Slide 32

Slide 32 text

THE CLOUD CONNECTIVITY COMPANY 32 © Kong Inc. 32 - PluginsのページからNew Plugin - Rate Limitingをクリック - Config.Minuteを5に設定 - Createをクリック - Global範囲に有効 - Scopedを選択したらService、Routeまたは Consumerが選択可能 デモ - Vitalsでモニタリング

Slide 33

Slide 33 text

THE CLOUD CONNECTIVITY COMPANY 33 © Kong Inc. 33 - スクリプトでリクエストを継続的に送信 - アクセス上限値を超えたら429エラーとなる デモ - Vitalsでモニタリング for ((i=1;i<=300;i++)); do sleep 1; http http://localhost:8000/echo apikey:JoePassword done HTTP/1.1 429 Too Many Requests Connection: keep-alive Content-Length: 41 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 18:02:41 GMT RateLimit-Limit: 5 RateLimit-Remaining: 0 RateLimit-Reset: 19 … { "message": "API rate limit exceeded" }

Slide 34

Slide 34 text

THE CLOUD CONNECTIVITY COMPANY 34 © Kong Inc. 34 - VitalsのStatus Codesの画面 デモ - Vitalsでモニタリング

Slide 35

Slide 35 text

THE CLOUD CONNECTIVITY COMPANY 35 © Kong Inc. 35 - Workspacesの画面 デモ - Vitalsでモニタリング

Slide 36

Slide 36 text

THE CLOUD CONNECTIVITY COMPANY 36 © Kong Inc. 36 - Top MenuのVitalsの画面 デモ - Vitalsでモニタリング

Slide 37

Slide 37 text

THE CLOUD CONNECTIVITY COMPANY 37 © Kong Inc. 37 Kong Admin API

Slide 38

Slide 38 text

THE CLOUD CONNECTIVITY COMPANY 38 © Kong Inc. - CLIベースで、Kong Gateway をモニタリングおよび設定するRESTfulのAPI - Kong GatewayをFull Controlできるため、内部で使用すべき Kong Admin APIとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Admin API 8001(HTTP) 8444(HTTPS) Upstream targets

Slide 39

Slide 39 text

THE CLOUD CONNECTIVITY COMPANY 39 © Kong Inc. 39 1. Kong Admin APIの状態を確認 2. http://mockbin.orgに接続するServiceを作成 3. Serviceを確認 4. 2. のServiceを/mockでマッピングするRouteを作成 5. Route を確認 6. Authentication Pluginを実装 7. Consumerを作成し、認証情報を登録 デモ - Admin APIでKong Gatewayを操作

Slide 40

Slide 40 text

THE CLOUD CONNECTIVITY COMPANY 40 © Kong Inc. 40 - 8001ポートに対しGET - 200がレスポンスされたらRunning状態 デモ - Kong Admin APIの状態を確認 ❯ http GET http://localhost:8001 --headers HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 17412 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 01:31:30 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 2 X-Kong-Admin-Request-ID: qbhK8ClS8LItUKKUB4egcsLsWBHfsENp vary: Origin

Slide 41

Slide 41 text

THE CLOUD CONNECTIVITY COMPANY 41 © Kong Inc. 41 - 必要な情報とを/servicesにPOST - 201がレスポンスされたら作成が成功 デモ - http://mockbin.orgに接続するServiceを作成 ❯ http POST http://localhost:8001/services name=mocking_service url='http://mockbin.org' HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 376 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 01:35:06 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 11 X-Kong-Admin-Request-ID: gqAkxWRVAAJ5WdQMSMDAO9tHBGfdbwbb vary: Origin { "ca_certificates": null, "client_certificate": null, "connect_timeout": 60000, "created_at": 1661391306, "enabled": true, "host": "mockbin.org", "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2", "name": "mocking_service", "path": null, … … "port": 80, "protocol": "http", "read_timeout": 60000, "retries": 5, "tags": null, "tls_verify": null, "tls_verify_depth": null, "updated_at": 1661391306, "write_timeout": 60000 }

Slide 42

Slide 42 text

THE CLOUD CONNECTIVITY COMPANY 42 © Kong Inc. 42 - 8001ポートの/servicesに対しGET - 全Servicesの内容がJSONで出力される デモ - Serviceを確認 ❯ http GET http://localhost:8001/services { "tls_verify_depth": null, "write_timeout": 60000, "tls_verify": null, "protocol": "http", "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2", "retries": 5, "enabled": true, "created_at": 1661391306, "port": 80, "updated_at": 1661391306, "client_certificate": null, "tags": null, "ca_certificates": null, "read_timeout": 60000, "name": "mocking_service", "connect_timeout": 60000, "path": null, "host": "mockbin.org" } … … { "tls_verify_depth": null, "write_timeout": 60000, "tls_verify": null, "protocol": "http", "id": "d86c56e0-90b8-4bdd-a57a-3bfcf73fbd16", "retries": 5, "enabled": true, "created_at": 1661269723, "port": 80, "updated_at": 1661269723, "client_certificate": null, "tags": null, "ca_certificates": null, "read_timeout": 60000, "name": "httpbin", "connect_timeout": 60000, "path": "/anything", "host": "httpbin.org" }

Slide 43

Slide 43 text

THE CLOUD CONNECTIVITY COMPANY 43 © Kong Inc. 43 - 必要な情報とを/services//routesにPOST - 201がレスポンスされたら作成が成功 デモ - /mockでマッピングするRouteを作成 ❯ http POST :8001/services/mocking_service/routes name=mocking paths:='["/mock"]' HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 479 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 01:47:44 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 16 X-Kong-Admin-Request-ID: gFDkgLlXDGMnc7vxQMgwfQKQrwS60dry vary: Origin { "created_at": 1661392064, "destinations": null, "headers": null, "hosts": null, "https_redirect_status_code": 426, "id": "7eb7cd24-4326-41ab-8863-f3e7ff61ef97", "methods": null, "name": "mocking", "path_handling": "v0", … "paths": [ "/mock" ], "preserve_host": false, "protocols": [ "http", "https" ], "regex_priority": 0, "request_buffering": true, "response_buffering": true, "service": { "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2" }, "snis": null, "sources": null, "strip_path": true, "tags": null, "updated_at": 1661392064 }

Slide 44

Slide 44 text

THE CLOUD CONNECTIVITY COMPANY 44 © Kong Inc. 44 - 8001ポートの/routesに対しGET - 全Servicesの内容がJSONで出力される デモ - Routeを確認 ❯ http GET http://localhost:8001/routes { "regex_priority": 0, "hosts": null, "name": "mocking", "id": "7eb7cd24-4326-41ab-8863-f3e7ff61ef97", "request_buffering": true, "response_buffering": true, "updated_at": 1661392064, "path_handling": "v0", "preserve_host": false, "https_redirect_status_code": 426, "paths": [ "/mock" ], "service": { "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2" }, "sources": null, "destinations": null, "tags": null, "created_at": 1661392064, … … { "regex_priority": 0, "hosts": null, "name": "httpbin", "id": "dd46e2cb-71b8-4171-809b-05be32bfe270", "request_buffering": true, "response_buffering": true, "updated_at": 1661270047, "path_handling": "v0", "preserve_host": false, "https_redirect_status_code": 426, "paths": [ "/echo" ], "service": { "id": "d86c56e0-90b8-4bdd-a57a-3bfcf73fbd16" }, "sources": null, "destinations": null, "tags": null, "created_at": 1661269929, ...

Slide 45

Slide 45 text

THE CLOUD CONNECTIVITY COMPANY 45 © Kong Inc. 45 - Joeの認証情報を使ってアクセス デモ - 新規作成したServiceとRouteを確認 ❯ http -h http://localhost:8000/mock apikey:JoePassword HTTP/1.1 200 OK CF-Cache-Status: DYNAMIC CF-RAY: 7400b4eb3c9f3547-NRT Connection: keep-alive Content-Encoding: gzip Content-Type: text/html; charset=utf-8 Date: Thu, 25 Aug 2022 01:55:39 GMT NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} RateLimit-Limit: 5 RateLimit-Remaining: 4 RateLimit-Reset: 21 …

Slide 46

Slide 46 text

THE CLOUD CONNECTIVITY COMPANY 46 © Kong Inc. 46 - 必要な情報を/services//pluginsにPOST - nameにプラグインの名前を入力 デモ - Authentication Pluginを実装 ❯ http POST localhost:8001/services/mocking_service/plugins name=key-auth HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 404 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 04:35:30 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 11 X-Kong-Admin-Request-ID: hraDhaXcq6UGvYJyGhZRAqauNlK3B1M6 vary: Origin { "config": { … "key_names": [ "apikey" ],

Slide 47

Slide 47 text

THE CLOUD CONNECTIVITY COMPANY 47 © Kong Inc. 47 - 8001ポートの/services//pluginsに対しGET - service_nameに関連する全てのプラグインの内容が JSONで出力される デモ - Pluginsを確認 ❯ http GET :8001/services/mocking_service/plugins { "data": [ { "config": { … "key_names": [ "apikey" ], "run_on_preflight": true }, "consumer": null, "created_at": 1661402130, "enabled": true, "id": "52f1a770-a94a-490c-a55c-28be6471e2d0", "name": "key-auth", … "route": null, "service": { "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2" }, …

Slide 48

Slide 48 text

THE CLOUD CONNECTIVITY COMPANY 48 © Kong Inc. 48 - 必要な情報を/consumersにPOST - 201がレスポンスされたら作成が成功 デモ - Consumerを作成 ❯ http POST localhost:8001/consumers username=Tom HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 147 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 04:59:41 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 14 X-Kong-Admin-Request-ID: A2FuWJQ1HvzdMqaQxcetySUIn4Rfy18g vary: Origin { "created_at": 1661403581, "custom_id": null, "id": "904514e3-9b06-4013-8c83-bf6155a61a50", "tags": null, "type": 0, "username": "Tom", "username_lower": "tom" }

Slide 49

Slide 49 text

THE CLOUD CONNECTIVITY COMPANY 49 © Kong Inc. 49 - 必要な情報を/consumers//key-authにPOST - 201がレスポンスされたら作成が成功 デモ - Consumerに認証情報を付与 ❯ http POST localhost:8001/consumers/Tom/key-auth key=TomPassword HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 169 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 05:08:57 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 7 X-Kong-Admin-Request-ID: 5bkALo4FgScQDYMGwX0xwe35bmYAAhul vary: Origin { "consumer": { "id": "904514e3-9b06-4013-8c83-bf6155a61a50" }, "created_at": 1661404137, "id": "46239379-571c-460e-b395-74cd8bf47051", "key": "TomPassword", "tags": null, "ttl": null }

Slide 50

Slide 50 text

THE CLOUD CONNECTIVITY COMPANY 50 © Kong Inc. 50 - Tomの認証情報を使ってアクセス デモ - 新規作成したCousumerと認証情報を確認 ❯ http -h http://localhost:8000/mock apikey:TomPassword HTTP/1.1 200 OK CF-Cache-Status: DYNAMIC CF-RAY: 7401d97c3ae980ad-NRT Connection: keep-alive Content-Encoding: gzip Content-Type: text/html; charset=utf-8 Date: Thu, 25 Aug 2022 05:15:23 GMT NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} RateLimit-Limit: 5 RateLimit-Remaining: 4 RateLimit-Reset: 38 …

Slide 51

Slide 51 text

THE CLOUD CONNECTIVITY COMPANY 51 © Kong Inc. 51 - 以下の各EndpointにHTTP GETをすると情報が確認可能 デモ - Admin APIで全Itemsを確認 $ http GET :8001/services $ http GET :8001/routes $ http GET :8001/consumers $ http GET :8001/plugins

Slide 52

Slide 52 text

THE CLOUD CONNECTIVITY COMPANY 52 © Kong Inc. 52 Workspaces, Teams, and RBAC

Slide 53

Slide 53 text

THE CLOUD CONNECTIVITY COMPANY 53 © Kong Inc. 53 - ワークスペースにより、同じ Kong クラスターを共有しながら、チーム管理者が関連するエンティ ティ(services/routes/plugins…)のみと処理できます。 - Workspacesを作成 Workspaces

Slide 54

Slide 54 text

THE CLOUD CONNECTIVITY COMPANY 54 © Kong Inc. 54 - 管理者のグループです。 Teams

Slide 55

Slide 55 text

THE CLOUD CONNECTIVITY COMPANY 55 © Kong Inc. 55 - RBACで複数のリソースに対し異なるロールを付与 RBAC

Slide 56

Slide 56 text

THE CLOUD CONNECTIVITY COMPANY 56 © Kong Inc. 56 まとめ

Slide 57

Slide 57 text

THE CLOUD CONNECTIVITY COMPANY 57 © Kong Inc. 57 まとめ - Kong Gatewayは8000と8443でリクエストを受信 - 二つの方法でKong Gatewayの設定を編集 - GUIのKong Manager(8002, 8445) - CLIのKong Admin API(8001, 8444) - 紹介したKong GatewayのItems - Service - Route - Plugin - Consumer - Vitalsの機能を利用し、Kong ManagerのUIでKong Gatewayの状態をモニタリング - 性能、エラー率、レイテンシなど - WorkspacesやTeams単位のRBACが可能

Slide 58

Slide 58 text

THE CLOUD CONNECTIVITY COMPANY 58 © Kong Inc. Thank You ご不明点、案件のご相談などございましたら [email protected] までご連絡ください