Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kong Gateway 入門編

Wenhan Shi
August 25, 2022

Kong Gateway 入門編

Wenhan Shi

August 25, 2022
Tweet

More Decks by Wenhan Shi

Other Decks in Technology

Transcript

  1. THE CLOUD CONNECTIVITY COMPANY 1 © Kong Inc. THE CLOUD

    CONNECTIVITY COMPANY Kong Gateway 入門編 施文翰(Wenhan Shi) – Solution Engineer Aug 2022
  2. THE CLOUD CONNECTIVITY COMPANY 4 © Kong Inc. ブラウザベースの UI

    で、Kong Gateway をモニタリングおよび設定 - ルートとサービスの作成 - プラグインの有効化・無効化 - パフォーマンスとトラフィックを監視 - ユーザーとグループをRBACで管理 Kong Managerとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager 8002(HTTP) 8445(HTTPS) Upstream targets
  3. THE CLOUD CONNECTIVITY COMPANY 5 © Kong Inc. - Managerにログインした後、Defaultの

    Workspacesをクリック - Workspacesはそれぞれ独立している 領域です。プロジェクト別、リージョン別 などにして利用するケースが多いで す。 Kong ManagerのWorkspace
  4. THE CLOUD CONNECTIVITY COMPANY 6 © Kong Inc. Kong Manager

    Dashboard ワークスペース 項目を追加&修正 レポーティング セキュリティ&分析 ライブデータ 利用情報の統計 Adminメニュー
  5. THE CLOUD CONNECTIVITY COMPANY 8 © Kong Inc. - 外部のupstream

    APIまたはマイクロサービスを表すものです。 - 一番重要な属性は、トラフィックの転送先 URL です。 - URL の指定方法 - 1 つの文字列で指定 - プロトコル、ホスト、ポート、およびパスを個別に指定 Servicesとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets
  6. THE CLOUD CONNECTIVITY COMPANY 9 © Kong Inc. 9 -

    ServicesのページからNew Service - Nameにserviceの名前を入力 - Add using URLにhttp://httpbin.org/anythingを 入力 - httpbin.org はシンプルなHTTPリクエスト&レ スポンスサービス - Createをクリック デモ - Kong Manager からserviceを作る
  7. THE CLOUD CONNECTIVITY COMPANY 10 © Kong Inc. - 外部からServiceにアクセスするために、Routesの追加が必要

    - RoutesはServiceを外部へ公開する仕様を定義 - Routesは、リクエストがサービスに送信される方法 (送信するかどうか) を決定 - 1 つのServiceに複数のRoutesを設定可能 - リクエストでのパスはRoutesで定義したパスと一致したら、関連する Serviceにリクエストを送信。 Routesとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets
  8. THE CLOUD CONNECTIVITY COMPANY 11 © Kong Inc. 11 -

    RoutesのページからNew Route - Serviceにhttpbinを選択 - Nameにhttpbinを入力 - Method(s)にGETを入力 - Path(s)に/echoを入力 - Createをクリック デモ - Kong Manager からrouteを作る
  9. THE CLOUD CONNECTIVITY COMPANY 12 © Kong Inc. - Kong

    Gatewayが<IP address>/echoへのGETリクエストを受付可能 - このリクエストはserviceのhttpbinにマップされ、http://httpbin.org/anythingへ転送 ここまでできたこと KONG GATEWAY API Request GET <IP address>/echo Backend API Service httpbin Route httpbin Kong Manager 8002(HTTP) 8445(HTTPS) Upstream target http://httpbin.org/anything 8000(HTTP) 8443(HTTPS)
  10. THE CLOUD CONNECTIVITY COMPANY 13 © Kong Inc. 13 デモ

    - Kong Gatewayにリクエストを送る ❯ http http://13.112.75.208:8000/echo HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 502 Content-Type: application/json Date: Tue, 23 Aug 2022 16:07:38 GMT Server: gunicorn/19.9.0 Via: kong/2.8.1.3-enterprise-edition X-Kong-Proxy-Latency: 3 X-Kong-Upstream-Latency: 292 { "args": {}, "data": "", "files": {}, "form": {}, "headers": { "Accept": "*/*", "Accept-Encoding": "gzip, deflate", "Host": "httpbin.org", "User-Agent": "HTTPie/2.6.0", "X-Amzn-Trace-Id": "Root=1-6304fb4a-63ae355f788b5a166ccf733b", "X-Forwarded-Host": "localhost", "X-Forwarded-Path": "/echo", "X-Forwarded-Prefix": "/echo" }, "json": null, "method": "GET", "origin": "172.18.0.1, 13.112.75.208", "url": "http://localhost/anything" } - ブラウザまたはコマンドラインで送信
  11. THE CLOUD CONNECTIVITY COMPANY 14 © Kong Inc. 14 デモ

    - Kong Gatewayにリクエストを送る ❯ http http://localhost:8000/ foo HTTP/1.1 404 Not Found Connection: keep-alive Content-Length: 48 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 16:31:45 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Response-Latency: 0 { "message": "no Route matched with those values" } - 定義されていないパスがリクエストされたら、下記のように 404エラーとなります。
  12. THE CLOUD CONNECTIVITY COMPANY 16 © Kong Inc. - 様々な機能を容易にAPIへ追加可能

    - 認証(Authentication)、流量制限(rate limit)、ログ出力、リクエスト変換など - Service単位、Route単位、Consumer単位、もしくはGlobalでの有効化が可能 - RequestとResponse両方設定可能 プラグインとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets
  13. THE CLOUD CONNECTIVITY COMPANY 17 © Kong Inc. Kong Plugin

    Hub - Official Kong Plugins - https://docs.konghq.com/hub/ - 8カテゴリ、総数100近く - 認証 - セキュリティ - トラフィックコントロール - サーバーレス - 分析&モニタリング - トラフィック変換 - ログ関連 - デプロイ関連 - Luaまたは他の言語でプラグイン開発
  14. THE CLOUD CONNECTIVITY COMPANY 18 © Kong Inc. - 複数のプラグインを同時に利用可能

    プラグインの組み合わせ API KONG GATEWAY API Consumer Plugin: Authorization API Keyを 確認 Plugin: Rate Limiting アクセス回数を 確認 Plugin: Transformation Headerを追加 401 Unauthorized 429 Too Many Request Add a header foo: bar API Key なし アクセス回数が 上限以上
  15. THE CLOUD CONNECTIVITY COMPANY 19 © Kong Inc. 19 -

    PluginsのページからNew Plugin - Key Authenticationをクリック - apikeyがConfig.keyに設定されたことを確 認 - Createをクリック - Global範囲に有効 - Scopedを選択したらServiceやRouteが選択 可能 デモ - Key認証(Key Authentication)プラグインの実装
  16. THE CLOUD CONNECTIVITY COMPANY 20 © Kong Inc. 20 -

    apikeyを持たないリクエストが接続拒否(401) デモ - Key認証(Key Authentication)プラグインの実装 ❯ http http://localhost:8000/echo HTTP/1.1 401 Unauthorized Connection: keep-alive Content-Length: 45 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 17:20:56 GMT Server: kong/2.8.1.3-enterprise-edition WWW-Authenticate: Key realm="kong" X-Kong-Response-Latency: 74 { "message": "No API key found in request" }
  17. THE CLOUD CONNECTIVITY COMPANY 22 © Kong Inc. - APIをアクセスするエンドユーザー、またはアプリケーションを代表

    - アクセス可否を管理 - アクセス履歴を記録 - Consumerに対し、リクエストやレスポンスをプラグインでカスタマイズ可能 Consumersとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets
  18. THE CLOUD CONNECTIVITY COMPANY 23 © Kong Inc. 23 -

    ConsumersのページからNew Consumer - UsernameにJoeを入力 - Createをクリック デモ - Consumerを作る
  19. THE CLOUD CONNECTIVITY COMPANY 24 © Kong Inc. 24 -

    ConsumersのページJoeをクリック - CredentialsタブでNew Key Auth Credential をクリック - KeyにJoePasswordを入力し - Createをクリック デモ - Consumer Joeにkey認証情報を設定
  20. THE CLOUD CONNECTIVITY COMPANY 25 © Kong Inc. 25 -

    正しい認証情報でアクセス可能 デモ - Consumer認証情報でアクセス確認 ❯ http http://localhost:8000/echo apikey:JoePassword HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 701 Content-Type: application/json Date: Wed, 24 Aug 2022 17:34:01 GMT Server: gunicorn/19.9.0 Via: kong/2.8.1.3-enterprise-edition X-Kong-Proxy-Latency: 13 X-Kong-Upstream-Latency: 294 { "args": {}, "data": "", "files": {}, "form": {}, "headers": { "Accept": "*/*", …
  21. THE CLOUD CONNECTIVITY COMPANY 26 © Kong Inc. 26 -

    認証情報が間違ったら接続拒否(401) デモ - Consumer認証情報でアクセス確認 ❯ http http://localhost:8000/echo apikey:JoeTest HTTP/1.1 401 Unauthorized Connection: keep-alive Content-Length: 52 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 17:36:06 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Response-Latency: 2 { "message": "Invalid authentication credentials" }
  22. THE CLOUD CONNECTIVITY COMPANY 28 © Kong Inc. - 複数のBackend

    APIをまとめる - Backend APIの増減はKong Gateway側で設定可能 - 三つのLBポリシー - consistent-hashing - least-connections - round-robin (default) Upstreamとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Kong Manager Upstream targets
  23. THE CLOUD CONNECTIVITY COMPANY 30 © Kong Inc. 30 Vitalsとは

    - Kong Gatewayのパフォーマンスとヘルスチェック - Kong Gateway経由のAPIトランザクションを可視化 - Kong ManagerまたはAdmin APIで参照可能
  24. THE CLOUD CONNECTIVITY COMPANY 31 © Kong Inc. 31 -

    以下の事例でVitalsをデモ - Consumer Joeに対しRate Limitingのプラグインを実装 - Joeがアクセス上限以上のトラフィックを送信し、 4xxエラーを確認 - アクセス上限を引き上げして、エラーの減少を確認 デモ - Vitalsでモニタリング
  25. THE CLOUD CONNECTIVITY COMPANY 32 © Kong Inc. 32 -

    PluginsのページからNew Plugin - Rate Limitingをクリック - Config.Minuteを5に設定 - Createをクリック - Global範囲に有効 - Scopedを選択したらService、Routeまたは Consumerが選択可能 デモ - Vitalsでモニタリング
  26. THE CLOUD CONNECTIVITY COMPANY 33 © Kong Inc. 33 -

    スクリプトでリクエストを継続的に送信 - アクセス上限値を超えたら429エラーとなる デモ - Vitalsでモニタリング for ((i=1;i<=300;i++)); do sleep 1; http http://localhost:8000/echo apikey:JoePassword done HTTP/1.1 429 Too Many Requests Connection: keep-alive Content-Length: 41 Content-Type: application/json; charset=utf-8 Date: Wed, 24 Aug 2022 18:02:41 GMT RateLimit-Limit: 5 RateLimit-Remaining: 0 RateLimit-Reset: 19 … { "message": "API rate limit exceeded" }
  27. THE CLOUD CONNECTIVITY COMPANY 34 © Kong Inc. 34 -

    VitalsのStatus Codesの画面 デモ - Vitalsでモニタリング
  28. THE CLOUD CONNECTIVITY COMPANY 35 © Kong Inc. 35 -

    Workspacesの画面 デモ - Vitalsでモニタリング
  29. THE CLOUD CONNECTIVITY COMPANY 36 © Kong Inc. 36 -

    Top MenuのVitalsの画面 デモ - Vitalsでモニタリング
  30. THE CLOUD CONNECTIVITY COMPANY 38 © Kong Inc. - CLIベースで、Kong

    Gateway をモニタリングおよび設定するRESTfulのAPI - Kong GatewayをFull Controlできるため、内部で使用すべき Kong Admin APIとは Target 1 KONG GATEWAY Target 2 API Client Load Balancer Plugins Backend API Service Route Consumer Admin API 8001(HTTP) 8444(HTTPS) Upstream targets
  31. THE CLOUD CONNECTIVITY COMPANY 39 © Kong Inc. 39 1.

    Kong Admin APIの状態を確認 2. http://mockbin.orgに接続するServiceを作成 3. Serviceを確認 4. 2. のServiceを/mockでマッピングするRouteを作成 5. Route を確認 6. Authentication Pluginを実装 7. Consumerを作成し、認証情報を登録 デモ - Admin APIでKong Gatewayを操作
  32. THE CLOUD CONNECTIVITY COMPANY 40 © Kong Inc. 40 -

    8001ポートに対しGET - 200がレスポンスされたらRunning状態 デモ - Kong Admin APIの状態を確認 ❯ http GET http://localhost:8001 --headers HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 17412 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 01:31:30 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 2 X-Kong-Admin-Request-ID: qbhK8ClS8LItUKKUB4egcsLsWBHfsENp vary: Origin
  33. THE CLOUD CONNECTIVITY COMPANY 41 © Kong Inc. 41 -

    必要な情報<name>と<url>を/servicesにPOST - 201がレスポンスされたら作成が成功 デモ - http://mockbin.orgに接続するServiceを作成 ❯ http POST http://localhost:8001/services name=mocking_service url='http://mockbin.org' HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 376 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 01:35:06 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 11 X-Kong-Admin-Request-ID: gqAkxWRVAAJ5WdQMSMDAO9tHBGfdbwbb vary: Origin { "ca_certificates": null, "client_certificate": null, "connect_timeout": 60000, "created_at": 1661391306, "enabled": true, "host": "mockbin.org", "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2", "name": "mocking_service", "path": null, … … "port": 80, "protocol": "http", "read_timeout": 60000, "retries": 5, "tags": null, "tls_verify": null, "tls_verify_depth": null, "updated_at": 1661391306, "write_timeout": 60000 }
  34. THE CLOUD CONNECTIVITY COMPANY 42 © Kong Inc. 42 -

    8001ポートの/servicesに対しGET - 全Servicesの内容がJSONで出力される デモ - Serviceを確認 ❯ http GET http://localhost:8001/services { "tls_verify_depth": null, "write_timeout": 60000, "tls_verify": null, "protocol": "http", "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2", "retries": 5, "enabled": true, "created_at": 1661391306, "port": 80, "updated_at": 1661391306, "client_certificate": null, "tags": null, "ca_certificates": null, "read_timeout": 60000, "name": "mocking_service", "connect_timeout": 60000, "path": null, "host": "mockbin.org" } … … { "tls_verify_depth": null, "write_timeout": 60000, "tls_verify": null, "protocol": "http", "id": "d86c56e0-90b8-4bdd-a57a-3bfcf73fbd16", "retries": 5, "enabled": true, "created_at": 1661269723, "port": 80, "updated_at": 1661269723, "client_certificate": null, "tags": null, "ca_certificates": null, "read_timeout": 60000, "name": "httpbin", "connect_timeout": 60000, "path": "/anything", "host": "httpbin.org" }
  35. THE CLOUD CONNECTIVITY COMPANY 43 © Kong Inc. 43 -

    必要な情報<name>と<paths>を/services/<service-name>/routesにPOST - 201がレスポンスされたら作成が成功 デモ - /mockでマッピングするRouteを作成 ❯ http POST :8001/services/mocking_service/routes name=mocking paths:='["/mock"]' HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 479 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 01:47:44 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 16 X-Kong-Admin-Request-ID: gFDkgLlXDGMnc7vxQMgwfQKQrwS60dry vary: Origin { "created_at": 1661392064, "destinations": null, "headers": null, "hosts": null, "https_redirect_status_code": 426, "id": "7eb7cd24-4326-41ab-8863-f3e7ff61ef97", "methods": null, "name": "mocking", "path_handling": "v0", … "paths": [ "/mock" ], "preserve_host": false, "protocols": [ "http", "https" ], "regex_priority": 0, "request_buffering": true, "response_buffering": true, "service": { "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2" }, "snis": null, "sources": null, "strip_path": true, "tags": null, "updated_at": 1661392064 }
  36. THE CLOUD CONNECTIVITY COMPANY 44 © Kong Inc. 44 -

    8001ポートの/routesに対しGET - 全Servicesの内容がJSONで出力される デモ - Routeを確認 ❯ http GET http://localhost:8001/routes { "regex_priority": 0, "hosts": null, "name": "mocking", "id": "7eb7cd24-4326-41ab-8863-f3e7ff61ef97", "request_buffering": true, "response_buffering": true, "updated_at": 1661392064, "path_handling": "v0", "preserve_host": false, "https_redirect_status_code": 426, "paths": [ "/mock" ], "service": { "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2" }, "sources": null, "destinations": null, "tags": null, "created_at": 1661392064, … … { "regex_priority": 0, "hosts": null, "name": "httpbin", "id": "dd46e2cb-71b8-4171-809b-05be32bfe270", "request_buffering": true, "response_buffering": true, "updated_at": 1661270047, "path_handling": "v0", "preserve_host": false, "https_redirect_status_code": 426, "paths": [ "/echo" ], "service": { "id": "d86c56e0-90b8-4bdd-a57a-3bfcf73fbd16" }, "sources": null, "destinations": null, "tags": null, "created_at": 1661269929, ...
  37. THE CLOUD CONNECTIVITY COMPANY 45 © Kong Inc. 45 -

    Joeの認証情報を使ってアクセス デモ - 新規作成したServiceとRouteを確認 ❯ http -h http://localhost:8000/mock apikey:JoePassword HTTP/1.1 200 OK CF-Cache-Status: DYNAMIC CF-RAY: 7400b4eb3c9f3547-NRT Connection: keep-alive Content-Encoding: gzip Content-Type: text/html; charset=utf-8 Date: Thu, 25 Aug 2022 01:55:39 GMT NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} RateLimit-Limit: 5 RateLimit-Remaining: 4 RateLimit-Reset: 21 …
  38. THE CLOUD CONNECTIVITY COMPANY 46 © Kong Inc. 46 -

    必要な情報<name>を/services/<service_name>/pluginsにPOST - nameにプラグインの名前を入力 デモ - Authentication Pluginを実装 ❯ http POST localhost:8001/services/mocking_service/plugins name=key-auth HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 404 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 04:35:30 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 11 X-Kong-Admin-Request-ID: hraDhaXcq6UGvYJyGhZRAqauNlK3B1M6 vary: Origin { "config": { … "key_names": [ "apikey" ],
  39. THE CLOUD CONNECTIVITY COMPANY 47 © Kong Inc. 47 -

    8001ポートの/services/<service_name>/pluginsに対しGET - service_nameに関連する全てのプラグインの内容が JSONで出力される デモ - Pluginsを確認 ❯ http GET :8001/services/mocking_service/plugins { "data": [ { "config": { … "key_names": [ "apikey" ], "run_on_preflight": true }, "consumer": null, "created_at": 1661402130, "enabled": true, "id": "52f1a770-a94a-490c-a55c-28be6471e2d0", "name": "key-auth", … "route": null, "service": { "id": "3ffa73d4-f058-4d9b-8384-78a29de135a2" }, …
  40. THE CLOUD CONNECTIVITY COMPANY 48 © Kong Inc. 48 -

    必要な情報<username>を/consumersにPOST - 201がレスポンスされたら作成が成功 デモ - Consumerを作成 ❯ http POST localhost:8001/consumers username=Tom HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 147 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 04:59:41 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 14 X-Kong-Admin-Request-ID: A2FuWJQ1HvzdMqaQxcetySUIn4Rfy18g vary: Origin { "created_at": 1661403581, "custom_id": null, "id": "904514e3-9b06-4013-8c83-bf6155a61a50", "tags": null, "type": 0, "username": "Tom", "username_lower": "tom" }
  41. THE CLOUD CONNECTIVITY COMPANY 49 © Kong Inc. 49 -

    必要な情報<key>を/consumers/<name>/key-authにPOST - 201がレスポンスされたら作成が成功 デモ - Consumerに認証情報を付与 ❯ http POST localhost:8001/consumers/Tom/key-auth key=TomPassword HTTP/1.1 201 Created Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://13.112.75.208:8002 Connection: keep-alive Content-Length: 169 Content-Type: application/json; charset=utf-8 Date: Thu, 25 Aug 2022 05:08:57 GMT Server: kong/2.8.1.3-enterprise-edition X-Kong-Admin-Latency: 7 X-Kong-Admin-Request-ID: 5bkALo4FgScQDYMGwX0xwe35bmYAAhul vary: Origin { "consumer": { "id": "904514e3-9b06-4013-8c83-bf6155a61a50" }, "created_at": 1661404137, "id": "46239379-571c-460e-b395-74cd8bf47051", "key": "TomPassword", "tags": null, "ttl": null }
  42. THE CLOUD CONNECTIVITY COMPANY 50 © Kong Inc. 50 -

    Tomの認証情報を使ってアクセス デモ - 新規作成したCousumerと認証情報を確認 ❯ http -h http://localhost:8000/mock apikey:TomPassword HTTP/1.1 200 OK CF-Cache-Status: DYNAMIC CF-RAY: 7401d97c3ae980ad-NRT Connection: keep-alive Content-Encoding: gzip Content-Type: text/html; charset=utf-8 Date: Thu, 25 Aug 2022 05:15:23 GMT NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} RateLimit-Limit: 5 RateLimit-Remaining: 4 RateLimit-Reset: 38 …
  43. THE CLOUD CONNECTIVITY COMPANY 51 © Kong Inc. 51 -

    以下の各EndpointにHTTP GETをすると情報が確認可能 デモ - Admin APIで全Itemsを確認 $ http GET <ip address>:8001/services $ http GET <ip address>:8001/routes $ http GET <ip address>:8001/consumers $ http GET <ip address>:8001/plugins
  44. THE CLOUD CONNECTIVITY COMPANY 53 © Kong Inc. 53 -

    ワークスペースにより、同じ Kong クラスターを共有しながら、チーム管理者が関連するエンティ ティ(services/routes/plugins…)のみと処理できます。 - Workspacesを作成 Workspaces
  45. THE CLOUD CONNECTIVITY COMPANY 54 © Kong Inc. 54 -

    管理者のグループです。 Teams
  46. THE CLOUD CONNECTIVITY COMPANY 55 © Kong Inc. 55 -

    RBACで複数のリソースに対し異なるロールを付与 RBAC
  47. THE CLOUD CONNECTIVITY COMPANY 57 © Kong Inc. 57 まとめ

    - Kong Gatewayは8000と8443でリクエストを受信 - 二つの方法でKong Gatewayの設定を編集 - GUIのKong Manager(8002, 8445) - CLIのKong Admin API(8001, 8444) - 紹介したKong GatewayのItems - Service - Route - Plugin - Consumer - Vitalsの機能を利用し、Kong ManagerのUIでKong Gatewayの状態をモニタリング - 性能、エラー率、レイテンシなど - WorkspacesやTeams単位のRBACが可能
  48. THE CLOUD CONNECTIVITY COMPANY 58 © Kong Inc. Thank You

    ご不明点、案件のご相談などございましたら [email protected] までご連絡ください