Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kong Gateway 入門編

Wenhan Shi
August 25, 2022
Technology
0
380

Kong Gateway 入門編

Wenhan Shi

August 25, 2022
Tweet

More Decks by Wenhan Shi

See All by Wenhan Shi
Kongではじめる APIマネジメント入門編
xibuka
0
140
Service Mesh Tracing Observability with Kuma and OpenTelemetry
xibuka
0
25
CNDT2023 - Kong Konnectで実現する APIマネジメントの世界
xibuka
0
240
Kongと共に、 APIジャングルを制覇せよ!
xibuka
0
140
Kong の最新情報
xibuka
0
110
[CI/CD2023]OSSで構築するOpenAPI開発のCI/CD
xibuka
2
580
Kong Ingress Controllerで実現multiple rate limiting
xibuka
0
150
Kong Summit 2022まとめおよび最新製品情報
xibuka
0
130
[Kong Gateway]Product Overview, Strategy, and Roadmap Update
xibuka
0
340

Other Decks in Technology

See All in Technology
社内で最大の技術的負債のリファクタリングに取り組んだお話し
kidooonn
1
550
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.4k
複雑なState管理からの脱却
sansantech
PRO
1
140
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
410
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
500
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
これまでの計測・開発・デプロイ方法全部見せます! / Findy ISUCON 2024-11-14
tohutohu
3
370
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
590
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
28
12k
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
110

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Producing Creativity
orderedlist
PRO
341
39k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Facilitating Awesome Meetings
lara
50
6.1k
KATA
mclloyd
29
14k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Statistics for Hackers
jakevdp
796
220k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
A designer walks into a library…
pauljervisheath
204
24k
GraphQLとの向き合い方2022年版
quramy
43
13k

Transcript

  1. THE CLOUD CONNECTIVITY COMPANY 1 © Kong Inc. THE CLOUD

    CONNECTIVITY COMPANY Kong Gateway 入門編 施文翰(Wenhan Shi) – Solution Engineer Aug 2022

  2. THE CLOUD CONNECTIVITY COMPANY 2 © Kong Inc. 2 Agenda

  3. THE CLOUD CONNECTIVITY COMPANY 3 © Kong Inc. 3 Kong

    Manager

  4. THE CLOUD CONNECTIVITY COMPANY 4 © Kong Inc. ブラウザベースの UI

    で、Kong Gateway をモニタリングおよび設定 - ルートとサービスの作成 - プラグインの有効化・無効化 - パフォーマンスとトラフィックを監視 - ユーザーとグループをRBACで管理 Kong Managerとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager 8002(HTTP) 8445(HTTPS) Upstream targets

  5. THE CLOUD CONNECTIVITY COMPANY 5 © Kong Inc. - Managerにログインした後、Defaultの

    Workspacesをクリック - Workspacesはそれぞれ独立している 領域です。プロジェクト別、リージョン別 などにして利用するケースが多いで す。 Kong ManagerのWorkspace

  6. THE CLOUD CONNECTIVITY COMPANY 6 © Kong Inc. Kong Manager

    Dashboard ワークスペース 項目を追加&修正 レポーティング セキュリティ&分析 ライブデータ 利用情報の統計 Adminメニュー

  7. THE CLOUD CONNECTIVITY COMPANY 7 © Kong Inc. 7 Services

    / Routes

  8. THE CLOUD CONNECTIVITY COMPANY 8 © Kong Inc. - 外部のupstream

    APIまたはマイクロサービスを表すものです。 - 一番重要な属性は、トラフィックの転送先 URL です。 - URL の指定方法 - 1 つの文字列で指定 - プロトコル、ホスト、ポート、およびパスを個別に指定 Servicesとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets

  9. THE CLOUD CONNECTIVITY COMPANY 9 © Kong Inc. 9 -

    ServicesのページからNew Service - Nameにserviceの名前を入力 - Add using URLにhttp://httpbin.org/anythingを 入力 - httpbin.org はシンプルなHTTPリクエスト&レ スポンスサービス - Createをクリック デモ - Kong Manager からserviceを作る

  10. THE CLOUD CONNECTIVITY COMPANY 10 © Kong Inc. - 外部からServiceにアクセスするために、Routesの追加が必要

    - RoutesはServiceを外部へ公開する仕様を定義 - Routesは、リクエストがサービスに送信される方法 (送信するかどうか) を決定 - 1 つのServiceに複数のRoutesを設定可能 - リクエストでのパスはRoutesで定義したパスと一致したら、関連する Serviceにリクエストを送信。 Routesとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets

  11. THE CLOUD CONNECTIVITY COMPANY 11 © Kong Inc. 11 -

    RoutesのページからNew Route - Serviceにhttpbinを選択 - Nameにhttpbinを入力 - Method(s)にGETを入力 - Path(s)に/echoを入力 - Createをクリック デモ - Kong Manager からrouteを作る

  12. THE CLOUD CONNECTIVITY COMPANY 12 © Kong Inc. - Kong

    Gatewayが<IP address>/echoへのGETリクエストを受付可能 - このリクエストはserviceのhttpbinにマップされ、http://httpbin.org/anythingへ転送 ここまでできたこと KONG GATEWAY API Request GET <IP address>/echo Backend API Service httpbin Route httpbin Kong Manager 8002(HTTP) 8445(HTTPS) Upstream target http://httpbin.org/anything 8000(HTTP) 8443(HTTPS)

  13. THE CLOUD CONNECTIVITY COMPANY 13 © Kong Inc. 13 デモ

    - Kong Gatewayにリクエストを送る ❯ http http://13.112.75.208:8000/echo HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 502 Content-Type: application/json Date: Tue, 23 Aug 2022 16:07:38 GMT Server: gunicorn/19.9.0 Via: kong/2.8.1.3-enterprise-edition X-Kong-Proxy-Latency: 3 X-Kong-Upstream-Latency: 292 { "args": {}, "data": "", "files": {}, "form": {}, "headers": { "Accept": "*/*", "Accept-Encoding": "gzip, deflate", "Host": "httpbin.org", "User-Agent": "HTTPie/2.6.0", "X-Amzn-Trace-Id": "Root=1-6304fb4a-63ae355f788b5a166ccf733b", "X-Forwarded-Host": "localhost", "X-Forwarded-Path": "/echo", "X-Forwarded-Prefix": "/echo" }, "json": null, "method": "GET", "origin": "172.18.0.1, 13.112.75.208", "url": "http://localhost/anything" } - ブラウザまたはコマンドラインで送信

  14. THE CLOUD CONNECTIVITY COMPANY 14 © Kong Inc. 14 デモ

    - Kong Gatewayにリクエストを送る ❯ http http://localhost:8000/ foo HTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 48 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 16:31:45 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Response-Latency: 0 { "message": "no Route matched with those values" } - 定義されていないパスがリクエストされたら、下記のように 404エラーとなります。

  15. THE CLOUD CONNECTIVITY COMPANY 15 © Kong Inc. 15 Plugins

  16. THE CLOUD CONNECTIVITY COMPANY 16 © Kong Inc. - 様々な機能を容易にAPIへ追加可能

    - 認証(Authentication)、流量制限(rate limit)、ログ出力、リクエスト変換など - Service単位、Route単位、Consumer単位、もしくはGlobalでの有効化が可能 - RequestとResponse両方設定可能 プラグインとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets

  17. THE CLOUD CONNECTIVITY COMPANY 17 © Kong Inc. Kong Plugin

    Hub - Official Kong Plugins - https://docs.konghq.com/hub/ - 8カテゴリ、総数100近く - 認証 - セキュリティ - トラフィックコントロール - サーバーレス - 分析&モニタリング - トラフィック変換 - ログ関連 - デプロイ関連 - Luaまたは他の言語でプラグイン開発

  18. THE CLOUD CONNECTIVITY COMPANY 18 © Kong Inc. - 複数のプラグインを同時に利用可能

    プラグインの組み合わせ API KONG GATEWAY API Consumer Plugin: Authorization API Keyを 確認 Plugin: Rate Limiting アクセス回数を 確認 Plugin: Transformation Headerを追加 401 Unauthorized 429 Too Many Request Add a header foo: bar API Key なし アクセス回数が 上限以上

  19. THE CLOUD CONNECTIVITY COMPANY 19 © Kong Inc. 19 -

    PluginsのページからNew Plugin - Key Authenticationをクリック - apikeyがConfig.keyに設定されたことを確 認 - Createをクリック - Global範囲に有効 - Scopedを選択したらServiceやRouteが選択 可能 デモ - Key認証(Key Authentication)プラグインの実装

  20. THE CLOUD CONNECTIVITY COMPANY 20 © Kong Inc. 20 -

    apikeyを持たないリクエストが接続拒否(401) デモ - Key認証(Key Authentication)プラグインの実装 ❯ http http://localhost:8000/echo HTTP/1.1 401 Unauthorized Connection: keep-alive Content-Length: 45 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 17:20:56 GMT Server: kong/2.8.1.3-enterprise-edition WWW-Authenticate: Key realm="kong" X-Kong-Response-Latency: 74 { "message": "No API key found in request" }

  21. THE CLOUD CONNECTIVITY COMPANY 21 © Kong Inc. 21 Consumers

  22. THE CLOUD CONNECTIVITY COMPANY 22 © Kong Inc. - APIをアクセスするエンドユーザー、またはアプリケーションを代表

    - アクセス可否を管理 - アクセス履歴を記録 - Consumerに対し、リクエストやレスポンスをプラグインでカスタマイズ可能 Consumersとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets

  23. THE CLOUD CONNECTIVITY COMPANY 23 © Kong Inc. 23 -

    ConsumersのページからNew Consumer - UsernameにJoeを入力 - Createをクリック デモ - Consumerを作る

  24. THE CLOUD CONNECTIVITY COMPANY 24 © Kong Inc. 24 -

    ConsumersのページJoeをクリック - CredentialsタブでNew Key Auth Credential をクリック - KeyにJoePasswordを入力し - Createをクリック デモ - Consumer Joeにkey認証情報を設定

  25. THE CLOUD CONNECTIVITY COMPANY 25 © Kong Inc. 25 -

    正しい認証情報でアクセス可能 デモ - Consumer認証情報でアクセス確認 ❯ http http://localhost:8000/echo apikey:JoePassword HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 701 Content-Type: application/json Date: Wed, 24 Aug 2022 17:34:01 GMT Server: gunicorn/19.9.0 Via: kong/2.8.1.3-enterprise-edition X-Kong-Proxy-Latency: 13 X-Kong-Upstream-Latency: 294 { "args": {}, "data": "", "files": {}, "form": {}, "headers": { "Accept": "*/*", …

  26. THE CLOUD CONNECTIVITY COMPANY 26 © Kong Inc. 26 -

    認証情報が間違ったら接続拒否(401) デモ - Consumer認証情報でアクセス確認 ❯ http http://localhost:8000/echo apikey:JoeTest HTTP/1.1 401 Unauthorized Connection: keep-alive Content-Length: 52 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 17:36:06 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Response-Latency: 2 { "message": "Invalid authentication credentials" }

  27. THE CLOUD CONNECTIVITY COMPANY 27 © Kong Inc. 27 Upstream

  28. THE CLOUD CONNECTIVITY COMPANY 28 © Kong Inc. - 複数のBackend

    APIをまとめる - Backend APIの増減はKong Gateway側で設定可能 - 三つのLBポリシー - consistent-hashing - least-connections - round-robin (default) Upstreamとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets

  29. THE CLOUD CONNECTIVITY COMPANY 29 © Kong Inc. 29 Vitals

  30. THE CLOUD CONNECTIVITY COMPANY 30 © Kong Inc. 30 Vitalsとは

    - Kong Gatewayのパフォーマンスとヘルスチェック - Kong Gateway経由のAPIトランザクションを可視化 - Kong ManagerまたはAdmin APIで参照可能

  31. THE CLOUD CONNECTIVITY COMPANY 31 © Kong Inc. 31 -

    以下の事例でVitalsをデモ - Consumer Joeに対しRate Limitingのプラグインを実装 - Joeがアクセス上限以上のトラフィックを送信し、 4xxエラーを確認 - アクセス上限を引き上げして、エラーの減少を確認 デモ - Vitalsでモニタリング

  32. THE CLOUD CONNECTIVITY COMPANY 32 © Kong Inc. 32 -

    PluginsのページからNew Plugin - Rate Limitingをクリック - Config.Minuteを5に設定 - Createをクリック - Global範囲に有効 - Scopedを選択したらService、Routeまたは Consumerが選択可能 デモ - Vitalsでモニタリング

  33. THE CLOUD CONNECTIVITY COMPANY 33 © Kong Inc. 33 -

    スクリプトでリクエストを継続的に送信 - アクセス上限値を超えたら429エラーとなる デモ - Vitalsでモニタリング for ((i=1;i<=300;i++)); do sleep 1; http http://localhost:8000/echo apikey:JoePassword done HTTP/1.1 429 Too Many Requests Connection: keep-alive Content-Length: 41 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 18:02:41 GMT RateLimit-Limit: 5 RateLimit-Remaining: 0 RateLimit-Reset: 19 … { "message": "API rate limit exceeded" }

  34. THE CLOUD CONNECTIVITY COMPANY 34 © Kong Inc. 34 -

    VitalsのStatus Codesの画面 デモ - Vitalsでモニタリング

  35. THE CLOUD CONNECTIVITY COMPANY 35 © Kong Inc. 35 -

    Workspacesの画面 デモ - Vitalsでモニタリング

  36. THE CLOUD CONNECTIVITY COMPANY 36 © Kong Inc. 36 -

    Top MenuのVitalsの画面 デモ - Vitalsでモニタリング

  37. THE CLOUD CONNECTIVITY COMPANY 37 © Kong Inc. 37 Kong

    Admin API

  38. THE CLOUD CONNECTIVITY COMPANY 38 © Kong Inc. - CLIベースで、Kong

    Gateway をモニタリングおよび設定するRESTfulのAPI - Kong GatewayをFull Controlできるため、内部で使用すべき Kong Admin APIとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Admin API 8001(HTTP) 8444(HTTPS) Upstream targets

  39. THE CLOUD CONNECTIVITY COMPANY 39 © Kong Inc. 39 1.

    Kong Admin APIの状態を確認 2. http://mockbin.orgに接続するServiceを作成 3. Serviceを確認 4. 2. のServiceを/mockでマッピングするRouteを作成 5. Route を確認 6. Authentication Pluginを実装 7. Consumerを作成し、認証情報を登録 デモ - Admin APIでKong Gatewayを操作

  40. THE CLOUD CONNECTIVITY COMPANY 40 © Kong Inc. 40 -

    8001ポートに対しGET - 200がレスポンスされたらRunning状態 デモ - Kong Admin APIの状態を確認 ❯ http GET http://localhost:8001 --headers HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 17412 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 01:31:30 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 2 X-Kong-Admin-Request-ID: qbhK8ClS8LItUKKUB4egcsLsWBHfsENp vary: Origin

  41. THE CLOUD CONNECTIVITY COMPANY 41 © Kong Inc. 41 -

    必要な情報<name>と<url>を/servicesにPOST - 201がレスポンスされたら作成が成功 デモ - http://mockbin.orgに接続するServiceを作成 ❯ http POST http://localhost:8001/services name=mocking_service url='http://mockbin.org' HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 376 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 01:35:06 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 11 X-Kong-Admin-Request-ID: gqAkxWRVAAJ5WdQMSMDAO9tHBGfdbwbb vary: Origin { "ca_certificates": null, "client_certificate": null, "connect_timeout": 60000, "created_at": 1661391306, "enabled": true, "host": "mockbin.org", "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2", "name": "mocking_service", "path": null, … … "port": 80, "protocol": "http", "read_timeout": 60000, "retries": 5, "tags": null, "tls_verify": null, "tls_verify_depth": null, "updated_at": 1661391306, "write_timeout": 60000 }

  42. THE CLOUD CONNECTIVITY COMPANY 42 © Kong Inc. 42 -

    8001ポートの/servicesに対しGET - 全Servicesの内容がJSONで出力される デモ - Serviceを確認 ❯ http GET http://localhost:8001/services { "tls_verify_depth": null, "write_timeout": 60000, "tls_verify": null, "protocol": "http", "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2", "retries": 5, "enabled": true, "created_at": 1661391306, "port": 80, "updated_at": 1661391306, "client_certificate": null, "tags": null, "ca_certificates": null, "read_timeout": 60000, "name": "mocking_service", "connect_timeout": 60000, "path": null, "host": "mockbin.org" } … … { "tls_verify_depth": null, "write_timeout": 60000, "tls_verify": null, "protocol": "http", "id": "d86c56e0-90b8-4bdd-a57a-3bfcf73fbd16", "retries": 5, "enabled": true, "created_at": 1661269723, "port": 80, "updated_at": 1661269723, "client_certificate": null, "tags": null, "ca_certificates": null, "read_timeout": 60000, "name": "httpbin", "connect_timeout": 60000, "path": "/anything", "host": "httpbin.org" }

  43. THE CLOUD CONNECTIVITY COMPANY 43 © Kong Inc. 43 -

    必要な情報<name>と<paths>を/services/<service-name>/routesにPOST - 201がレスポンスされたら作成が成功 デモ - /mockでマッピングするRouteを作成 ❯ http POST :8001/services/mocking_service/routes name=mocking paths:='["/mock"]' HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 479 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 01:47:44 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 16 X-Kong-Admin-Request-ID: gFDkgLlXDGMnc7vxQMgwfQKQrwS60dry vary: Origin { "created_at": 1661392064, "destinations": null, "headers": null, "hosts": null, "https_redirect_status_code": 426, "id": "7eb7cd24-4326-41ab-8863-f3e7ff61ef97", "methods": null, "name": "mocking", "path_handling": "v0", … "paths": [ "/mock" ], "preserve_host": false, "protocols": [ "http", "https" ], "regex_priority": 0, "request_buffering": true, "response_buffering": true, "service": { "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2" }, "snis": null, "sources": null, "strip_path": true, "tags": null, "updated_at": 1661392064 }

  44. THE CLOUD CONNECTIVITY COMPANY 44 © Kong Inc. 44 -

    8001ポートの/routesに対しGET - 全Servicesの内容がJSONで出力される デモ - Routeを確認 ❯ http GET http://localhost:8001/routes { "regex_priority": 0, "hosts": null, "name": "mocking", "id": "7eb7cd24-4326-41ab-8863-f3e7ff61ef97", "request_buffering": true, "response_buffering": true, "updated_at": 1661392064, "path_handling": "v0", "preserve_host": false, "https_redirect_status_code": 426, "paths": [ "/mock" ], "service": { "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2" }, "sources": null, "destinations": null, "tags": null, "created_at": 1661392064, … … { "regex_priority": 0, "hosts": null, "name": "httpbin", "id": "dd46e2cb-71b8-4171-809b-05be32bfe270", "request_buffering": true, "response_buffering": true, "updated_at": 1661270047, "path_handling": "v0", "preserve_host": false, "https_redirect_status_code": 426, "paths": [ "/echo" ], "service": { "id": "d86c56e0-90b8-4bdd-a57a-3bfcf73fbd16" }, "sources": null, "destinations": null, "tags": null, "created_at": 1661269929, ...

  45. THE CLOUD CONNECTIVITY COMPANY 45 © Kong Inc. 45 -

    Joeの認証情報を使ってアクセス デモ - 新規作成したServiceとRouteを確認 ❯ http -h http://localhost:8000/mock apikey:JoePassword HTTP/1.1 200 OK CF-Cache-Status: DYNAMIC CF-RAY: 7400b4eb3c9f3547-NRT Connection: keep-alive Content-Encoding: gzip Content-Type: text/html; charset=utf-8 Date: Thu, 25 Aug 2022 01:55:39 GMT NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} RateLimit-Limit: 5 RateLimit-Remaining: 4 RateLimit-Reset: 21 …

  46. THE CLOUD CONNECTIVITY COMPANY 46 © Kong Inc. 46 -

    必要な情報<name>を/services/<service_name>/pluginsにPOST - nameにプラグインの名前を入力 デモ - Authentication Pluginを実装 ❯ http POST localhost:8001/services/mocking_service/plugins name=key-auth HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 404 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 04:35:30 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 11 X-Kong-Admin-Request-ID: hraDhaXcq6UGvYJyGhZRAqauNlK3B1M6 vary: Origin { "config": { … "key_names": [ "apikey" ],

  47. THE CLOUD CONNECTIVITY COMPANY 47 © Kong Inc. 47 -

    8001ポートの/services/<service_name>/pluginsに対しGET - service_nameに関連する全てのプラグインの内容が JSONで出力される デモ - Pluginsを確認 ❯ http GET :8001/services/mocking_service/plugins { "data": [ { "config": { … "key_names": [ "apikey" ], "run_on_preflight": true }, "consumer": null, "created_at": 1661402130, "enabled": true, "id": "52f1a770-a94a-490c-a55c-28be6471e2d0", "name": "key-auth", … "route": null, "service": { "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2" }, …

  48. THE CLOUD CONNECTIVITY COMPANY 48 © Kong Inc. 48 -

    必要な情報<username>を/consumersにPOST - 201がレスポンスされたら作成が成功 デモ - Consumerを作成 ❯ http POST localhost:8001/consumers username=Tom HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 147 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 04:59:41 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 14 X-Kong-Admin-Request-ID: A2FuWJQ1HvzdMqaQxcetySUIn4Rfy18g vary: Origin { "created_at": 1661403581, "custom_id": null, "id": "904514e3-9b06-4013-8c83-bf6155a61a50", "tags": null, "type": 0, "username": "Tom", "username_lower": "tom" }

  49. THE CLOUD CONNECTIVITY COMPANY 49 © Kong Inc. 49 -

    必要な情報<key>を/consumers/<name>/key-authにPOST - 201がレスポンスされたら作成が成功 デモ - Consumerに認証情報を付与 ❯ http POST localhost:8001/consumers/Tom/key-auth key=TomPassword HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 169 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 05:08:57 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 7 X-Kong-Admin-Request-ID: 5bkALo4FgScQDYMGwX0xwe35bmYAAhul vary: Origin { "consumer": { "id": "904514e3-9b06-4013-8c83-bf6155a61a50" }, "created_at": 1661404137, "id": "46239379-571c-460e-b395-74cd8bf47051", "key": "TomPassword", "tags": null, "ttl": null }

  50. THE CLOUD CONNECTIVITY COMPANY 50 © Kong Inc. 50 -

    Tomの認証情報を使ってアクセス デモ - 新規作成したCousumerと認証情報を確認 ❯ http -h http://localhost:8000/mock apikey:TomPassword HTTP/1.1 200 OK CF-Cache-Status: DYNAMIC CF-RAY: 7401d97c3ae980ad-NRT Connection: keep-alive Content-Encoding: gzip Content-Type: text/html; charset=utf-8 Date: Thu, 25 Aug 2022 05:15:23 GMT NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} RateLimit-Limit: 5 RateLimit-Remaining: 4 RateLimit-Reset: 38 …

  51. THE CLOUD CONNECTIVITY COMPANY 51 © Kong Inc. 51 -

    以下の各EndpointにHTTP GETをすると情報が確認可能 デモ - Admin APIで全Itemsを確認 $ http GET <ip address>:8001/services $ http GET <ip address>:8001/routes $ http GET <ip address>:8001/consumers $ http GET <ip address>:8001/plugins

  52. THE CLOUD CONNECTIVITY COMPANY 52 © Kong Inc. 52 Workspaces,

    Teams, and RBAC

  53. THE CLOUD CONNECTIVITY COMPANY 53 © Kong Inc. 53 -

    ワークスペースにより、同じ Kong クラスターを共有しながら、チーム管理者が関連するエンティ ティ(services/routes/plugins…)のみと処理できます。 - Workspacesを作成 Workspaces

  54. THE CLOUD CONNECTIVITY COMPANY 54 © Kong Inc. 54 -

    管理者のグループです。 Teams

  55. THE CLOUD CONNECTIVITY COMPANY 55 © Kong Inc. 55 -

    RBACで複数のリソースに対し異なるロールを付与 RBAC

  56. THE CLOUD CONNECTIVITY COMPANY 56 © Kong Inc. 56 まとめ

  57. THE CLOUD CONNECTIVITY COMPANY 57 © Kong Inc. 57 まとめ

    - Kong Gatewayは8000と8443でリクエストを受信 - 二つの方法でKong Gatewayの設定を編集 - GUIのKong Manager(8002, 8445) - CLIのKong Admin API(8001, 8444) - 紹介したKong GatewayのItems - Service - Route - Plugin - Consumer - Vitalsの機能を利用し、Kong ManagerのUIでKong Gatewayの状態をモニタリング - 性能、エラー率、レイテンシなど - WorkspacesやTeams単位のRBACが可能

  58. THE CLOUD CONNECTIVITY COMPANY 58 © Kong Inc. Thank You

    ご不明点、案件のご相談などございましたら [email protected] までご連絡ください