Kong 插件ACL的使用方法(访问控制列表黑名单)

最新推荐文章于 2021-05-19 12:51:38 发布
最新推荐文章于 2021-05-19 12:51:38 发布
阅读量2.3k 收藏
点赞数
分类专栏: kong 文章标签: kong acl
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zxlhaoren/article/details/106928667
版权

 

 

---用Kong配置一个first-api服务
在安装并启动Kong之后,使用Kong的管理API端口8001添加一个名称为first-api的服务

curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=first-api' \
--data 'url=http://jcca.tech/first'

HTTP/1.1 201 Created
Date: Tue, 23 Jun 2020 09:36:50 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 293
X-Kong-Admin-Latency: 5

{"host":"jcca.tech","created_at":1592905010,"connect_timeout":60000,"id":"672bccd6-f72e-44dd-b601-dc13ba0c32fa","protocol":"http","name":"first-api","read_timeout":60000,"port":80,"path":"\/first","updated_at":1592905010,"retries":5,"write_timeout":60000,"tags":null,"client_certificate":null}r

-------添加一个路由(paths[]的值必须与first-api服务中的/v1/first-apis一致)

使first-api服务暴露出来以供用户访问,first-api服务没必要添加多个路由。

curl -i -X POST \
--url http://localhost:8001/services/first-api/routes \
--data 'hosts[]=jcca.tech' \
--data 'paths[]=/first'

HTTP/1.1 201 Created
Date: Tue, 23 Jun 2020 09:38:42 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 434
X-Kong-Admin-Latency: 7

{"id":"a852b4f5-fce4-4a59-a82b-c1993285770d","path_handling":"v0","paths":["\/first"],"destinations":null,"headers":null,"protocols":["http","https"],"methods":null,"snis":null,"service":{"id":"672bccd6-f72e-44dd-b601-dc13ba0c32fa"},"name":null,"strip_path":true,"preserve_host":false,"regex_priority":0,"updated_at":1592905122,"sources":null,"hosts":["jcca.tech"],"https_redirect_status_code":426,"tags":null,"created_at":1592905122}r

-------通过first-api服务的Path来验证服务是否成功


curl -i -X GET \
--url http://localhost:8000/first\
--header 'Host: jcca.tech'

HTTP/1.1 200 
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Tue, 23 Jun 2020 09:39:25 GMT
X-Kong-Upstream-Latency: 11
X-Kong-Proxy-Latency: 322
Via: kong/2.0.4

Hello World---------------first

-------通过first-api服务的Path来验证路由是否成功

curl -i -X GET \
--url http://localhost:8001/services/first-api/routes

HTTP/1.1 200 OK
Date: Tue, 23 Jun 2020 09:41:28 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 457
X-Kong-Admin-Latency: 2

{"next":null,"data":[{"id":"a852b4f5-fce4-4a59-a82b-c1993285770d","path_handling":"v0","paths":["\/first"],"destinations":null,"headers":null,"protocols":["http","https"],"methods":null,"snis":null,"service":{"id":"672bccd6-f72e-44dd-b601-dc13ba0c32fa"},"name":null,"strip_path":true,"preserve_host":false,"regex_priority":0,"updated_at":1592905122,"sources":null,"hosts":["jcca.tech"],"https_redirect_status_code":426,"tags":null,"created_at":1592905122}]}

为first-api服务的路由{route_id}启动Basic验证插件
URL格式:http://localhost:8001/routes/{route_id}/plugins
curl -i -X POST \
--url http://localhost:8001/routes/a852b4f5-fce4-4a59-a82b-c1993285770d/plugins \
--data "name=basic-auth"  \
--data "config.hide_credentials=true"

HTTP/1.1 201 Created
Date: Tue, 23 Jun 2020 09:44:18 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 297
X-Kong-Admin-Latency: 7

{"created_at":1592905458,"config":{"hide_credentials":true,"anonymous":null},"id":"c68dbdb9-4861-490a-8145-68b31118057e","service":null,"enabled":true,"protocols":["grpc","grpcs","http","https"],"name":"basic-auth","consumer":null,"route":{"id":"a852b4f5-fce4-4a59-a82b-c1993285770d"},"tags":null}

 

添加第1个username为jack的消费者,{custom_id}参数可省略,此参数是个自定义唯一标识,
它作用是把消费者jack映射到另外一个数据库上

curl -i -X POST \
--url http://localhost:8001/consumers/  \
--data "username=jack"
 

HTTP/1.1 201 Created
Date: Tue, 23 Jun 2020 09:45:50 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 116
X-Kong-Admin-Latency: 5

{"custom_id":null,"created_at":1592905550,"id":"d071e5e1-e017-44d6-bc06-50cb7aa9ad8b","tags":null,"username":"jack"}

为第1个用户jack启用Basic验证插件
URL格式:http://localhost:8001/consumers/{username or consumer_id}/basic-auth

curl -i -X POST \
--url http://localhost:8001/consumers/jack/basic-auth \
--data "username=jack" \
--data "password=123456"

HTTP/1.1 201 Created
Date: Tue, 23 Jun 2020 09:57:41 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 210
X-Kong-Admin-Latency: 6

{"created_at":1592906261,"consumer":{"id":"d071e5e1-e017-44d6-bc06-50cb7aa9ad8b"},"id":"b0c162d8-04e4-4df2-a70b-9e2ab7c0bc29","tags":null,"password":"c8fc1290af917665d0bb0e09500a2de6b1508829","username":"jack"}

在线base64编码工具http://tool.oschina.net/encrypt?type=3
键-值对{username:password}字符串
jack:123456 左边的键-值对字符串BASE64编码结果为:amFjazoxMjM0NTY=

使用用户jack的Basic验证方式访问first 数据接口
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic amFjazoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 200 
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 00:58:31 GMT
X-Kong-Upstream-Latency: 3
X-Kong-Proxy-Latency: 1
Via: kong/2.0.4

Hello World---------------firstroot

添加第2个username为john的消费者,{custom_id}参数可省略,此参数是个自定义唯一标识,
它作用是把消费者john映射到另外一个数据库上
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/consumers/  \
--data "username=john" \
--data "custom_id=abc12345"

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:03:32 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 122
X-Kong-Admin-Latency: 6

{"custom_id":"abc12345","created_at":1592960612,"id":"67b7abaf-cc01-4d78-8006-8d36fb46da11","tags":null,"username":"john"}

为第2个用户john启用Basic验证插件
URL格式:http://localhost:8001/consumers/{username or consumer_id}/basic-auth
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/consumers/john/basic-auth \
--data "username=john" \
--data "password=123456"
 

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:04:59 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 210
X-Kong-Admin-Latency: 6

{"created_at":1592960699,"consumer":{"id":"67b7abaf-cc01-4d78-8006-8d36fb46da11"},"id":"ca058e63-8d52-4d89-9317-77a082902cde","tags":null,"password":"5febf254a953961c96d7ceb868316a19b943ee28","username":"john"}

在线base64编码工具http://tool.oschina.net/encrypt?type=3
键-值对{username:password}字符串
john:123456 左边的键-值对字符串BASE64编码结果为:
am9objoxMjM0NTY=

使用用户john的Basic验证方式访问first 数据接口
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic am9objoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 200 
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 01:08:17 GMT
X-Kong-Upstream-Latency: 11
X-Kong-Proxy-Latency: 2
Via: kong/2.0.4

Hello World---------------first


添加第3个username为cathy的消费者,{custom_id}参数可省略,此参数是个自定义唯一标识,
它作用是把消费者cathy映射到另外一个数据库上

 curl -i -X POST \
--url http://localhost:8001/consumers/  \
--data "username=cathy"

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:09:38 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 117
X-Kong-Admin-Latency: 6

{"custom_id":null,"created_at":1592960978,"id":"98a8fcab-0a6b-4a0f-aea1-544e192571b7","tags":null,"username":"cathy"}

为第3个用户cathy启用Basic验证插件
URL格式:http://localhost:8001/consumers/{username or consumer_id}/basic-auth
curl -i -X POST \
--url http://localhost:8001/consumers/cathy/basic-auth \
--data "username=cathy" \
--data "password=123456"
 

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:10:36 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 211
X-Kong-Admin-Latency: 5

{"created_at":1592961036,"consumer":{"id":"98a8fcab-0a6b-4a0f-aea1-544e192571b7"},"id":"b6269ffc-50eb-40fe-957a-a5988551da06","tags":null,"password":"99579e578ced438e5d5959a9bc43b97ba7fb2667","username":"cathy"}r

在线base64编码工具http://tool.oschina.net/encrypt?type=3
键-值对{username:password}字符串
cathy@hotmail.com:123456 左边的键-值对字符串BASE64编码结果为:
Y2F0aHk6MTIzNDU2
使用用户cathy的Basic验证方式访问first数据接口curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic Y2F0aHk6MTIzNDU2" \
--header 'Host: jcca.tech'
 

HTTP/1.1 200 
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 01:15:09 GMT
X-Kong-Upstream-Latency: 8
X-Kong-Proxy-Latency: 257
Via: kong/2.0.4

Hello World---------------firstroot


为first-api服务启用ACL访问控制列表插件,并且定义黑名单group3和group4
URL格式:http://localhost:8001/services/{service}/plugins


curl -i -X POST \
--url http://localhost:8001/services/first-api/plugins \
--data "name=acl"  \
--data "config.blacklist=blacklist_group1, blacklist_group2"
 

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:19:06 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 344
X-Kong-Admin-Latency: 7

{
	"created_at": 1592961546,
	"config": {
		"hide_groups_header": false,
		"blacklist": ["blacklist_group1, blacklist_group2"],
		"whitelist": null
	},
	"id": "d2820ca9-4634-4bb5-bdc0-b25c439be8c9",
	"service": {
		"id": "672bccd6-f72e-44dd-b601-dc13ba0c32fa"
	},
	"enabled": true,
	"protocols": ["grpc", "grpcs", "http", "https"],
	"name": "acl",
	"consumer": null,
	"route": null,
	"tags": null
}

为first-api服务的路由{route_id}启动ACL访问控制列表插件,并且定义黑名单blacklist_group1,和blacklist_group2
URL格式:http://localhost:8001/routes/{route_id}/plugins 


curl -i -X POST \
--url http://localhost:8001/routes/a852b4f5-fce4-4a59-a82b-c1993285770d/plugins \
--data "name=acl"  \
--data "config.blacklist=blacklist_group1, blacklist_group2"


 

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:22:18 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 344
X-Kong-Admin-Latency: 7

{
	"created_at": 1592961738,
	"config": {
		"hide_groups_header": false,
		"blacklist": ["blacklist_group1, blacklist_group2"],
		"whitelist": null
	},
	"id": "1453eb6d-60f7-46da-af28-2166b439b40d",
	"service": null,
	"enabled": true,
	"protocols": ["grpc", "grpcs", "http", "https"],
	"name": "acl",
	"consumer": null,
	"route": {
		"id": "a852b4f5-fce4-4a59-a82b-c1993285770d"
	},
	"tags": null
}


如果建立黑名单列表blacklist_group1和blacklist_group2,只要没把用户jack、john和cathy任何一个人关联到黑名单blacklist_group1,或者黑名单blacklist_group2
那么以下命令依然可以访问first服务:


-----------------消费者用户jack- 的访问接口的url如下-----------
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic amFjazoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 200 
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 01:26:20 GMT
X-Kong-Upstream-Latency: 8
X-Kong-Proxy-Latency: 17
Via: kong/2.0.4

Hello World---------------firstroot

-----------------消费者用户john- 的访问接口的url如下-----------
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic  am9objoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 200 
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 01:26:57 GMT
X-Kong-Upstream-Latency: 5
X-Kong-Proxy-Latency: 2
Via: kong/2.0.4

Hello World---------------first

-----------------消费者用户cathy- 的访问接口的url如下-----------
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic Y2F0aHk6MTIzNDU2" \
--header 'Host: jcca.tech'

HTTP/1.1 200 
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 01:28:25 GMT
X-Kong-Upstream-Latency: 8
X-Kong-Proxy-Latency: 272
Via: kong/2.0.4

Hello World---------------first

有时间,我们需要把外部访问的消费者做鉴权,所以就可以把黑名单组blacklist_group2关联到消费者jack:
URL格式:http://localhost:8001/consumers/{consumer_id or username}/acls

curl -i -X POST \
--url http://localhost:8001/consumers/jack/acls \
--data "group=blacklist_group2"
 

HTTP/1.1 201 Created
Date: Wed, 24 Jun 2020 01:29:51 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/2.0.4
Content-Length: 165
X-Kong-Admin-Latency: 7

{"created_at":1592962191,"consumer":{"id":"d071e5e1-e017-44d6-bc06-50cb7aa9ad8b"},"id":"cd67bfa0-b376-49a5-af75-150acd70b9d5","group":"blacklist_group2","tags":null}

我们来看下黑名单组blacklist_group2关联到消费者jack的访问

-----------------消费者用户jack- 的访问接口的url如下-----------
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic amFjazoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 403 Forbidden
Date: Wed, 24 Jun 2020 02:00:59 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Content-Length: 45
X-Kong-Response-Latency: 2
Server: kong/2.0.4

{"message":"You cannot consume this service"}

没有加入黑名单的用户john和 cathy依然可以访问first服务

-----------------消费者用户john- 的访问接口的url如下-----------

curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic  am9objoxMjM0NTY=" \
--header 'Host: jcca.tech'

HTTP/1.1 200 
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 02:01:17 GMT
X-Kong-Upstream-Latency: 8
X-Kong-Proxy-Latency: 0
Via: kong/2.0.4

Hello World---------------firstroot

-----------------消费者用户cathy- 的访问接口的url如下-----------
curl -i -X GET \
--url http://localhost:8000/first \
--header "Authorization: Basic Y2F0aHk6MTIzNDU2" \
--header 'Host: jcca.tech'
 

HTTP/1.1 200 
Content-Type: text/plain;charset=UTF-8
Content-Length: 31
Connection: keep-alive
Date: Wed, 24 Jun 2020 02:05:05 GMT
X-Kong-Upstream-Latency: 8
X-Kong-Proxy-Latency: 1094
Via: kong/2.0.4

Hello World---------------first

 

 

 

幽默龙
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
kong api gateway 插件acl
偶爱喝可乐
11-03 3646
添加一个API curl -i -X POST \ --url http://localhost:8001/apis/ \ --data 'name=example-api' \ --data 'uris=/user' \ --data 'upstream_url=http://test.my' 返回值 { "created_at":1509616750000
基于kong + oauth2 + acl的用户访问权限管理
pushiqiang的博客
07-13 9551
需求说明 对admin进行分组管理,不同的用户有访问不同api(服务)的权限,类似django admin的用户组功能 由于认证系统是完全可信的内部系统,简单起见使用密码授权方式 在网关层做接入权限管控,而非后端应用的业务权限 启动kong # 启动kong使用的数据库postgres/cassandra docker run -d --name kong-database \ -...
Kong插件ACL
风一样的少年
09-12 1880
简述 这个插件使用控制谁可以访问,谁不能访问的。如果使用这个插件,就必须使用认证的插件了比如base-auth, key-auth等。拿base-auth举例: 我们在浏览器输入的用户和密码,在Kong内部会转化到group层。如果对应的group在白名单中,那么访问通过,如果在黑名单中则访问被禁止。 操作起来 环境准备 你应该有一个可以正常使用的service和route,如果没有的话可以参照...
kong系列七】之ACL策略插件
|] 大世界,小人物
08-18 6000
ACL策略插件 策略分组规则: 1).为用户分配授权策略组 2).为api添加授权策略分组插件。 3).只有拥有api授权策略分组的用户才可以调用该api。 4).授权策略分组,必须建立在认证机制上,该策略生效的前提,api至少要开启任意一个auth认证插件
apigateway-kong(三)Proxy规则
weixin_34376562的博客
05-29 514
本篇详细记录了Kong的代理功能及其路由功能和内部工作。   Kong公开了几个可以通过两个配置属性进行调整的接口:proxy_listen,默认8000,它定义Kong将接受来自客户端的公共流量并将其代理到您的上游服务的地址/端口列表。admin_listen,默认8001,它还定义了一个地址和端口列表,但这些列表应该仅限于管理员访问,因为它们揭示了K...
Kong】网关-ACL权限
WeiJiaXiaoBao的专栏
01-13 791
目录 ROUTES添加ACL插件 Consumers的Groups ROUTES添加ACL插件 ROUTES--》Plugins--》ADDPlugin allow里面填写consumers的group,这样路由这一层只授权在这个group的consumer访问权限 Consumers的Groups
kong-plugin:开始使用自定义 Kong 插件的简单模板
08-05
标题中的 "开始使用自定义 Kong 插件的简单模板" 暗示了这个项目是为了帮助开发者快速入门自定义插件的开发。Kong 插件通常是用 Lua 编程语言实现的,因为 Kong 内核是基于 Lua 的。因此,熟悉 Lua 是开发 Kong 插件...
kong-oauth2-demo:这是一个与Kong OAuth2插件一起使用的简单演示
03-07
demo 这是一个与Kong oauth2插件一起使用的简单演示,显示了4种不同的授权流程我还在fomm/kong-oauth2-demo制作了一个fomm/kong-oauth2-demo镜像您可以使用docker run -d -p 8080:80 fomm/kong-oauth2-demo来运行它...
docker安装kong网关的方法示例
09-29
在本教程中,我们将深入探讨如何使用Docker安装Kong网关,这是一个流行的API Gateway解决方案。Kong可以作为微服务架构中的代理服务器,提供安全、性能优化和管理API的能力。以下是一个详细的步骤指南: 1. **创建...
kong-plugin-template-transformer:Kong API Gateway插件使用Lua模板转换请求
02-03
1. 安装`kong-plugin-template-transformer`通常涉及将插件的源代码(如`kong-plugin-template-transformer-master`目录)编译为Kong可以加载的插件包,然后将其添加到Kong插件目录。 2. 配置插件需要在Kong的配置...
ACL鉴权 - 玩转Kong插件
chiqiao5151的博客
04-19 617
开启ACL建权插件 1、在服务上启用插件 $ curl -X POST http://kong:8001/services/{service}/plugins \ --data "name=acl" \ --data "config.whitelist=grou...
Kong系列-10-KongPlugin介绍
twingao的专栏
01-22 1658
KongPlugin资源的定义: apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: <名称> namespace: <命名空间> labels: global: "true" #可选,如果设置,该插件为全局插件,应该使用双引号将true引起来 disabl...
物联网网关神器 Kong ( 四 )- 利用 Konga 来配置生产环境安全连接 Kong
知无涯
05-19 4080
物联网网关神器 Kong ( 四 )- 利用 Konga 来配置生产环境安全连接 Kong 前言 上一篇我们讲解了 Konga 的搭建和与 Kong 进行默认连接,本篇文章将讲一下如何在生产环境中基于验证的连接 Kong ,并详细讲解其中的参数。 前期准备 如果你需要在生产环境使用,那么你可以将 admin 端口只监听 127.0.0.1 ,然后通过 Kong 自己进行代理并增加效验。 首先,你可以通过默认方法连接上你的 Kong admin,这样方便进行配置。而后创建 Service。 Service
kong系列四】之插件
|] 大世界,小人物
08-18 7210
插件之于kong,就像Spring中的aop功能。 在请求到达kong之后,转发给后端应用之前,你可以应用kong自带的插件对请求进行处理,合法认证,限流控制,黑白名单校验,日志采集等等。同时,你也可以按照kong的教程文档,定制开发属于自己的插件
API网关介绍及选型(kong)
pushiqiang的博客
07-13 9092
API网关是一个服务器,是系统的唯一入口。从面向对象设计的角度看,它与外观模式类似。API网关封装了系统内部架构,为每个客户端提供一个定制的API。它可能还具有其它职责,如身份验证、监控、负载均衡、缓存、请求分片与管理、静态响应处理。 API网关方式的核心要点是,所有的客户端和消费端都通过统一的网关接入微服务,在网关层处理所有的非业务功能。通常,网关也是提供REST/HTTP的访问API。服务端通...
kong 网关教程入门
热门推荐
全栈工程师开发手册(原创)https://github.com/tencentmusic/cube-studio
12-27 2万+
helm 安装 先创建pv kind: PersistentVolume apiVersion: v1 metadata: name: kong-postgre labels: release: stable spec: capacity: storage: 8Gi accessModes: - ReadWriteOnce persistentVolum...
kong系列三】之 kong简单使用
|] 大世界,小人物
08-18 9802
kong start 启动成功后简单使用
KONG -- 图形化管理(Kong Dashboard)
weixin_30767921的博客
01-22 1541
前面安装的KONG的版本是社区版的1.0.2,官方的 KONG Manager好像只有企业版才提供。在github上找了一个开源的图形化管理应用 --KongDashboard (https://github.com/PGBI/kong-dashboard),可惜只支持到 0.14的版本。 把前面安装的KONG卸载掉,下载https://b...
访问控制列表--基于时间的ACL、动态ACL
青红造了个大白之成长记
07-05 1万+
4.1 实验目的(1)掌握定义time-range;(2)掌握配置基于时间ACL;(3)掌握基于时间的ACL的测试4.2 实验原理1.基于时间ACL的配置基于时间的 ACL 功能类似于扩展 ACL,但它允许根据时间执行访问控制。要使用基于时间的 ACL,您需要创建一个时间范围,指定一周和一天内的时段。您可以为时间范围命名,然后对相应功能应用此范围。时间限制会应用到该功能本身。基于时间的 ACL 具...
kong acl和jwt如何一起在项目中使用
最新发布
03-04
Kong ACL 和 JWT 可以一起在项目中使用ACL 可以用于控制访问,而 JWT 可以用于身份验证。首先,需要在 Kong 中配置 ACL 插件和 JWT 插件。然后,在 API 中添加 ACL 和 JWT 插件。最后,可以使用 ACL 规则和 JWT 令牌来控制 API 的访问。具体的实现细节可以参考 Kong 的官方文档。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值