说明

如果不知道kong怎么部署，参考Kong API网关搭建部署记录
这里简单描述一下怎么修改官方的YAML文件，不保证ctrl+c和ctrl+v可以直接跑起来!
Github项目地址
kong-ingress-controller的版本号是0.5.0
kong的版本号是1.2

Kong-Ingress-Controller介绍

这里是参考项目文档，简单的翻译一下。

简介

Kong Ingress Controller是一个动态且高度可用的Ingress Controller。

它使用在Kubernetes集群中创建的Ingress资源来配置Kong。

此外，它还可以为Kubernetes中运行的服务配置插件，负载平衡和运行状况检查。

部署方式

kong的ingress-controller是Go编写的程序，作用机制类似于Adapter，将Kubernetes里面的资源对象转换成Kong的配置规则。

支持backed with a database模式和backed without a database模式。

DBless模式

运行在DBless模式下，Kong ingress controller会作为sidecar容器与Kong容器一起运行在同一个Pod里面，并且会根据从Kubernetes API Server接收到的信息动态配置Kong。

支持增加kong容器副本数量来实现高可用和负载均衡。

后端数据库模式

运行在基于后端数据库的模式时，ingress controller与kong的控制平面部署在一起，kong的数据平面分开部署。

在下图可以看明显看到kong的控制平面和数据平面是分开的。

高可用

当部署多个kong ingress controller时，多个kong ingress controller之间会选举出leader。同一时间只有leader能配置kong的规则，并且leader失效后会自动选主。

横向扩展

如果是基于后端数据库模式，kong的控制平面和数据平面分开部署，可以单独增加kong的数据平面来实现横向扩展。

规则转换

下图是Kubernetes资源对象怎么转换成Kong配置规则的过程

PS：这个图感觉怪怪的，这哪里有转换过程，不是Kubernetes的Ingress对象模型吗

CRD资源

Kong ingress controller可以配置以下CRD资源对象，实现对kong更加精细的配置管理，官方文档在这里

KongIngress
KongPlugin
KongConsumer
KongCredential

官方YAML模板

说明

链接在这里YAML模板，下面几个资源对象可以直接套官方

Namespace
CustomResourceDefinition
ServiceAccount
ClusterRole
ClusterRoleBinding

其他的资源对象的定义还是有点不适合生产环境，需要改。

基于后端数据库模式部署

说明

Kubernetes集群环境不一定有ELB或者SLB，可以在Ingress节点上部署keepalived+haproxy实现高可用和负载均衡
使用外部独立的PostgreSQL，部署方式见PostgreSQL10安装部署和初始化，数据库用户kong，密码kong
kong数据平面
- 通过nodeSelector加tolerations将Pod调度到Kubernetes指定的Ingress节点
- 修改kong数据平面运行参数
- 共享宿主机网络栈

PostgreSQL数据库

这里使用Service配合Endpoints，将外部PostgreSQL声明为Kubernetes内部的服务。
这样Kubernetes内部的Pod可以通过SVC访问外部PostgreSQL。

---
apiVersion: v1
kind: Service
metadata:
  name: postgres
  namespace: kong
spec:
  ports:
  - name: pgsql
    port: 5432
    targetPort: 5432
    protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
  name: postgres
subsets:
  - addresses:
      - ip: 192.168.1.1
    ports:
      - port: 5432

Kong Bootstrap Job

kong-ingress-migrations

---
apiVersion: batch/v1
kind: Job
metadata:
  name: kong-migrations
  namespace: kong
spec:
  template:
    metadata:
      name: kong-migrations
    spec:
      initContainers:
      - name: wait-for-postgres
        image: busybox
        env:
        - name: KONG_PG_HOST
          value: "postgres.kong.svc.cluster.local"
        - name: KONG_PG_PORT
          value: "5432"
        command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ]
      containers:
      - name: kong-migrations
        image: kong:1.2
        env:
        - name: KONG_PG_HOST
          value: "postgres.kong.svc.cluster.local"
        - name: KONG_PG_PORT
          value: "5432"
        - name: KONG_PG_DATABASE
          value: "kong"
        - name: KONG_PG_USER
          value: "kong"
        - name: KONG_PG_PASSWORD
          value: "kong"
        command: [ "/bin/sh", "-c", "kong migrations bootstrap" ]
      restartPolicy: OnFailure
---

Kong数据平面

kong-proxy TLS证书

可以通过kubectl命令生成Secret

1	kubectl -n kong create secret tls kong-tls-secret --key ./tls.key --cert ./tls.crt

kong-ingress-proxy.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: kong-ingress-proxy
  namespace: kong
spec:
  type: ClusterIP
  ports:
  - name: kong-proxy
    port: 80
    targetPort: 80
    protocol: TCP
  - name: kong-proxy-ssl
    port: 443
    targetPort: 443
    protocol: TCP
  selector:
    app: kong-ingres-proxy
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: kong-ingress-proxy
  namespace: kong
spec:
  template:
    metadata:
      labels:
        name: kong-ingress-proxy
        app: kong-ingress-proxy
    spec:
      # 共享宿主机网络栈
      hostNetwork: true
      # 选择节点标签为node-role=kong的节点
      nodeSelector:
        node-role: kong
      # 容忍node-role=kong的污点
      tolerations:
        - effect: NoSchedule
          key: "node-role"
          operator: "Equal"
          value: "kong"
      dnsPolicy: ClusterFirstWithHostNet
      initContainers:
      # hack to verify that the DB is up to date or not
      # TODO remove this for Kong >= 0.15.0
      - name: wait-for-migrations
        image: kong:1.2
        command: [ "/bin/sh", "-c", "kong migrations list" ]
        env:
        - name: KONG_ADMIN_LISTEN
          value: 'off'
        - name: KONG_PROXY_LISTEN
          value: 'off'
        - name: KONG_PROXY_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PROXY_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PG_HOST
          value: "postgres.kong.svc.cluster.local"
        - name: KONG_PG_PORT
          value: "5432"
        - name: KONG_PG_DATABASE
          value: "kong"
        - name: KONG_PG_USER
          value: "kong"
        - name: KONG_PG_PASSWORD
          value: "kong"
      containers:
      - name: kong-proxy
        image: kong:1.2
        env:
        - name: KONG_NGINX_DAEMON
          value: "off"
        - name: KONG_PG_HOST
          value: "postgres.kong.svc.cluster.local"
        - name: KONG_PG_PORT
          value: "5432"
        - name: KONG_PG_DATABASE
          value: "kong"
        - name: KONG_PG_USER
          value: "kong"
        - name: KONG_PG_PASSWORD
          value: "kong"
        - name: KONG_PROXY_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PROXY_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_LISTEN
          value: 'off'
        - name: KONG_PROXY_LISTEN
          value: '0.0.0.0:80, 0.0.0.0:443 ssl'
        - name: KONG_SSL_CIPHER_SUITE
          value: "modern"
        - name: KONG_SSL_CERT
          value: "/opt/tls/tls.crt"
        - name: KONG_SSL_CERT_KEY
          value: "/opt/tls/tls.key"
        - name: KONG_CLIENT_MAX_BODY_SIZE
          value: "0"
        - name: KONG_CLIENT_BODY_BUFFER_SIZE
          value: "16k"
        - name: KONG_UPSTREAM_KEEPALIVE
          value: "60"
        - name: KONG_REAL_IP_HEADER
          value: "X-Real-IP"
        - name: KONG_DB_UPDATE_FREQUENCY
          value: "5"
        #- name: KONG_MEM_CACHE_SIZE
        #  value: "128m"
        command:
        - /usr/local/bin/kong
        - start
        #securityContext:
        #  capabilities:
        #    add:
        #    - NET_BIND_SERVICE
        ports:
        - name: proxy
          containerPort: 8000
          protocol: TCP
        - name: proxy-ssl
          containerPort: 8443
          protocol: TCP
        lifecycle:
          preStop:
            exec:
              command: [ "/bin/sh", "-c", "kong quit" ]
        volumeMounts:
          - name: timezone-volume
            mountPath: /etc/localtime
            readOnly: true
          - name: tls-volume
            mountPath: /opt/tls/
            readOnly: true
      volumes:
        - name: timezone-volume
          hostPath:
            path: /usr/share/zoneinfo/Asia/Shanghai
        - name: tls-volume
          secret:
            secretName: kong-tls-secret
---

Kong控制平面

kong-ingress-controller.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: kong-ingress-controller
  namespace: kong
spec:
  type: ClusterIP
  ports:
  - name: kong-admin
    port: 8001
    targetPort: 8001
    protocol: TCP
  selector:
    app: ingress-kong
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: ingress-kong
  name: kong-ingress-controller
  namespace: kong
spec:
  selector:
    matchLabels:
      app: ingress-kong
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      annotations:
        # the returned metrics are related to the kong ingress controller not kong itself
        prometheus.io/port: "10254"
        prometheus.io/scrape: "true"
      labels:
        app: ingress-kong
    spec:
      serviceAccountName: kong-serviceaccount
      initContainers:
      - name: wait-for-migrations
        image: kong:1.2
        command: [ "/bin/sh", "-c", "kong migrations list" ]
        env:
        - name: KONG_ADMIN_LISTEN
          value: 'off'
        - name: KONG_PROXY_LISTEN
          value: 'off'
        - name: KONG_PROXY_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_PROXY_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_PG_HOST
          value: "postgres.kong.svc.cluster.local"
        - name: KONG_PG_PORT
          value: "5432"
        - name: KONG_PG_DATABASE
          value: "kong"
        - name: KONG_PG_USER
          value: "kong"
        - name: KONG_PG_PASSWORD
          value: "kong"
      containers:
      - name: admin-api
        image: kong:1.2
        env:
        - name: KONG_NGINX_DAEMON
          value: "off"
        - name: KONG_PG_HOST
          value: "postgres.kong.svc.cluster.local"
        - name: KONG_PG_PORT
          value: "5432"
        - name: KONG_PG_DATABASE
          value: "kong"
        - name: KONG_PG_USER
          value: "kong"
        - name: KONG_PG_PASSWORD
          value: "kong"
        - name: KONG_ADMIN_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_LISTEN
          value: "0.0.0.0:8001, 0.0.0.0:8444 ssl"
        - name: KONG_PROXY_LISTEN
          value: 'off'
        ports:
        - name: kong-admin
          containerPort: 8001
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: 8001
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: 8001
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        volumeMounts:
          - name: timezone-volume
            mountPath: /etc/localtime
            readOnly: true
      - name: ingress-controller
        args:
        - /kong-ingress-controller
        # the kong URL points to the kong admin api server
        - --kong-url=https://localhost:8444
        - --admin-tls-skip-verify
        # Service from were we extract the IP address/es to use in Ingress status
        - --publish-service=kong/kong-proxy
        - --sync-period=10m0s
        - --v=2
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller:0.5.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        volumeMounts:
          - name: timezone-volume
            mountPath: /etc/localtime
            readOnly: true
      volumes:
        - name: timezone-volume
          hostPath:
            path: /usr/share/zoneinfo/Asia/Shanghai

基于无数据库模式部署

说明

在DBless模式中，每个kong都是独立工作的，由Kong-Ingress-Controller作为sidecar调用kong的config接口来实现配置更新。
这样就有点像把kong的配置保存在Kubernetes里面，每个kong都是独立配置，不需要依赖外部数据库，避免因为数据库故障影响所有的kong。
DBless模式有些限制，可以看这里

KongIngressDBless

kong-proxy TLS证书

可以通过kubectl命令生成Secret

1	kubectl -n kong create secret tls kong-tls-secret --key ./tls.key --cert ./tls.crt

kong-ingress-controller-dbless-cm.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: kong-server-blocks
  namespace: kong
data:
  servers.conf: |
    # Prometheus metrics server
    server {
        server_name kong_prometheus_exporter;
        listen 0.0.0.0:9542; # can be any other port as well

        access_log off;
        location /metrics {
            default_type text/plain;
            content_by_lua_block {
                 local prometheus = require "kong.plugins.prometheus.exporter"
                 prometheus:collect()
            }
        }

        location /nginx_status {
            internal;
            access_log off;
            stub_status;
        }
    }
    # Health check server
    # TODO how to health check kong in dbless?
    server {
        server_name kong_health_check;
        listen 0.0.0.0:9001; # can be any other port as well

        access_log off;
        location /health {
          return 200;
        }
    }

kong-ingress-controller-dbless-ds.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: kong-ingress-proxy
  namespace: kong
spec:
  type: ClusterIP
  ports:
  - name: kong-proxy
    port: 80
    targetPort: 80
    protocol: TCP
  - name: kong-proxy-ssl
    port: 443
    targetPort: 443
    protocol: TCP
  selector:
    app: kong-ingres-proxy
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: kong-ingress-proxy
  namespace: kong
spec:
  template:
    metadata:
      labels:
        name: kong-ingress-proxy
        app: kong-ingress-proxy
      annotations:
        prometheus.io/port: "9542"
        prometheus.io/scrape: "true"
    spec:
      # 共享宿主机网络栈
      hostNetwork: true
      # 选择节点标签为node-role=kong的节点
      nodeSelector:
        node-role: kong
      # 容忍node-role=kong的污点
      tolerations:
        - effect: NoSchedule
          key: "node-role"
          operator: "Equal"
          value: "kong"
      dnsPolicy: ClusterFirstWithHostNet
      serviceAccountName: kong-serviceaccount
      containers:
      - name: proxy
        image: kong:1.2
        env:
        - name: KONG_NGINX_DAEMON
          value: "off"
        - name: KONG_DATABASE
          value: "off"
        - name: KONG_NGINX_HTTP_INCLUDE
          value: "/kong/servers.conf"
        - name: KONG_ADMIN_ACCESS_LOG
          value: "/dev/stdout"
        - name: KONG_ADMIN_ERROR_LOG
          value: "/dev/stderr"
        - name: KONG_ADMIN_LISTEN
          value: "127.0.0.1:8444 ssl"
        - name: KONG_PROXY_LISTEN
          value: '0.0.0.0:80, 0.0.0.0:443 ssl'
        - name: KONG_SSL_CIPHER_SUITE
          value: "modern"
        - name: KONG_SSL_CERT
          value: "/opt/tls/tls.crt"
        - name: KONG_SSL_CERT_KEY
          value: "/opt/tls/tls.key"
        - name: KONG_CLIENT_MAX_BODY_SIZE
          value: "0"
        - name: KONG_CLIENT_BODY_BUFFER_SIZE
          value: "16k"
        - name: KONG_UPSTREAM_KEEPALIVE
          value: "60"
        - name: KONG_REAL_IP_HEADER
          value: "X-Real-IP"
        - name: KONG_MEM_CACHE_SIZE
          value: "128m"
        command:
        - /usr/local/bin/kong
        - start
        #securityContext:
        #  capabilities:
        #    add:
        #    - NET_BIND_SERVICE
        lifecycle:
          preStop:
            exec:
              command: [ "/bin/sh", "-c", "kong quit" ]
        ports:
        - name: proxy
          containerPort: 80
          protocol: TCP
        - name: proxy-ssl
          containerPort: 443
          protocol: TCP
        - name: metrics
          containerPort: 9542
          protocol: TCP
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /health
            port: 9001
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /health
            port: 9001
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        volumeMounts:
        - name: kong-server-blocks
          mountPath: /kong
        - name: timezone-volume
          mountPath: /etc/localtime
          readOnly: true
        - name: tls-volume
          mountPath: /opt/tls/
          readOnly: true
      - name: ingress-controller
        args:
        - /kong-ingress-controller
        # the kong URL points to the kong admin api server
        - --kong-url=https://localhost:8444
        - --admin-tls-skip-verify
        # Service from were we extract the IP address/es to use in Ingress status
        - --publish-service=kong/kong-proxy
        - --sync-period=10m0s
        - --v=2
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller:0.5.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        volumeMounts:
        - name: timezone-volume
          mountPath: /etc/localtime
          readOnly: true
      volumes:
      - name: kong-server-blocks
        configMap:
          name: kong-server-blocks
      - name: timezone-volume
        hostPath:
          path: /usr/share/zoneinfo/Asia/Shanghai
      - name: tls-volume
        secret:
          secretName: kong-tls-secret

CRD资源

关于CRD资源怎么用，在Github上面是有相关的说明文档

KongPlugin

在kong官方网站是有关于Plugin的介绍

开启IP黑白名单

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: ip-restriction
  namespace: default
disabled: false  # optional
plugin: ip-restriction
config:
#  whitelist:     # 黑名单和白名单只能选一
#  - 8.8.8.8
#  - 8.8.4.4
  blacklist: 
  - 8.8.8.8
  - 8.8.4.4

开启prometheus

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: kong-prometheus
  namespace: kong
  label:
    global: true
plugin: prometheus
disabled: false
config:
  status_code: 503
  content_type: null
  body: null
  message: null

开启rate-limiting

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: rate-limit
  namespace: default
  labels:
    global: "false"
plugin: rate-limiting
disabled: false
config:
  second: 5
  hour: 10000
  limit_by: ip
  policy: local  #local,cluster,redis

开启zipkin链路追踪

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: echo-http-zipkin-trace
  namespace: default
  labels:
    global: "false"
disabled: false
plugin: zipkin
config:
  http_endpoint: "http://your.zipkin.collector:9411/api/v2/spans"
  sample_ratio: 1  # 不带tracid的请求的采样比率，1是100%，全部采集

开启Basic Authentication

这里认证的时候会查找KongConsumer和KongCredential

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: demo-basic-auth
  namespace: default
disabled: false
plugin: basic-auth

配置Response Header

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: response-transformer
  namespace: default
  label:
    global: false
disable: false
plugin: response-transformer
config:
  replace:
    json: []
    headers: []
  append:
    json: []
    headers: []
  add:
    json: []
    headers:
    - "abc: def"
  remove:
    json: []
    headers:
    - Last-Modified

KongIngress

apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
  name: configuration-demo
upstream:
  hash_on: none
  hash_fallback: none
  healthchecks:
    active:
      concurrency: 10
      healthy:
        http_statuses:
        - 200
        - 302
        interval: 0
        successes: 0
      http_path: "/"
      timeout: 1
      unhealthy:
        http_failures: 0
        http_statuses:
        - 429
        interval: 0
        tcp_failures: 0
        timeouts: 0
    passive:
      healthy:
        http_statuses:
        - 200
        successes: 0
      unhealthy:
        http_failures: 0
        http_statuses:
        - 429
        - 503
        tcp_failures: 0
        timeouts: 0
    slots: 10
proxy:
  protocol: http
  path: /
  connect_timeout: 10000
  retries: 10
  read_timeout: 10000
  write_timeout: 10000
route:
  methods:
  - GET
  - HEAD
  - POST
  - PUT
  - DELETE
  #- CONNECT
  #- OPTIONS
  #- TRACE
  #- PATCH
  regex_priority: 0
  strip_path: false
  preserve_host: true
  protocols:
  - http
  - https

KongConsumer

示例

apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
  name: consumer-team-x
username: team-X
custom_id: my_team_x

KongCredential

示例

apiVersion: configuration.konghq.com/v1
kind: KongCredential
metadata:
  name: credential-team-x
consumerRef: consumer-team-x
type: key-auth
config:
  key: 62eb165c070a41d5c1b58d9d3d725ca1

Kubernetes Ingress配置

在Ingress里面声明annotations属性，可以调用Kong Ingress Controller定义的CRD资源
Github文档说明在此

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tomcat-ingress
  namespace: default
  annotations:
    # 这里声明使用kong ingress controller
    kubernetes.io/ingress.class: "kong"
    # 声明使用kongIngress配置
    configuration.konghq.com: "configuration-demo"
    # 声明使用KongPlugin
    plugins.konghq.com: "ip-restriction,kong-prometheus,response-transformer"
spec:
  tls:
    - secretName: example-com-secret
      hosts:
        - "*.example.com"
  rules:
    # host定义域名
    - host: tomcat.example.com
      # 定义HTTP服务
      http:
        paths:
          - path: /
            backend:
              serviceName: tomcat-service
              # 这里可以写端口号或者端口别名http
              servicePort: 8080

“不知道”的五大理由，不读，不查，不试，理解能力差，满脑子想着怎么利用他人

Kong Ingress Controller部署

说明

Kong-Ingress-Controller介绍

简介

部署方式

DBless模式

后端数据库模式

高可用

横向扩展

规则转换

CRD资源

官方YAML模板

说明

基于后端数据库模式部署

说明

PostgreSQL数据库

Kong Bootstrap Job

Kong数据平面

Kong控制平面

基于无数据库模式部署

说明

KongIngressDBless

CRD资源

KongPlugin

开启IP黑白名单

开启prometheus

开启rate-limiting

开启zipkin链路追踪

开启Basic Authentication

配置Response Header

KongIngress

KongConsumer

KongCredential

Kubernetes Ingress配置