如何使用 kong k8 ingress 公开 kong admin api?
How can I expose kong admin api using kong k8 ingress?
我为我们的 kubernetes 部署了 kong 入口控制器,我们正在使用它来路由我们的微服务。
现在我想公开我的管理员 API 以使用其他功能并获取监控统计信息。请有人可以帮助我。
None 的文档帮助我解决了这个问题。
假设我们关注:
Admin API
This is the port where Kong exposes its management API. Hence in production this port should be firewalled to protect it from unauthorized access.
8001 provides Kong’s Admin API that you can use to operate Kong with HTTP. See admin_listen.8444 provides the same Kong Admin API but using HTTPS. See admin_listen and the ssl suffix.
从 Kubernetes/GKE 的角度来看,您可以使用以下任一方式访问此端口:
$ kubectl port-forward deployment/ingress-kong -n kong 8444:8444:
- 此选项将允许您从您的主机
查询https://localhost:8444
Service:
- 修改Kong Ingress
Service
- 修改Kong Ingress
Deployment
A side note!
You could also expose it with Ingress resource but you would need to create a Service that is pointing to the Admin API, modify the Deployment and apply the Ingress resource that would point to this Service
专注于公开此 API 与 Service:
- 编辑
Service:kong-proxy 并添加:
- name: api
protocol: TCP
port: 8444
targetPort: 8444
- 编辑
Deployment:kong-ingress
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8444 ssl # <-- from 127.0.0.1
IMPORTANT!
Above edits will expose your API to the external sources (assuming no connection with the last question of yours with internal lb of GKE). Please refer to the documentation of Kong for support on that matter:
其他资源:
我为我们的 kubernetes 部署了 kong 入口控制器,我们正在使用它来路由我们的微服务。
现在我想公开我的管理员 API 以使用其他功能并获取监控统计信息。请有人可以帮助我。
None 的文档帮助我解决了这个问题。
假设我们关注:
Admin API
This is the port where Kong exposes its management API. Hence in production this port should be firewalled to protect it from unauthorized access.
8001provides Kong’s Admin API that you can use to operate Kong with HTTP. See admin_listen.8444provides the same Kong Admin API but using HTTPS. See admin_listen and the ssl suffix.
从 Kubernetes/GKE 的角度来看,您可以使用以下任一方式访问此端口:
$ kubectl port-forward deployment/ingress-kong -n kong 8444:8444:- 此选项将允许您从您的主机 查询
https://localhost:8444Service:- 修改Kong Ingress
Service - 修改Kong Ingress
Deployment
- 修改Kong Ingress
A side note!
You could also expose it with
Ingressresource but you would need to create aServicethat is pointing to theAdmin API, modify theDeploymentand apply theIngressresource that would point to thisService
专注于公开此 API 与 Service:
- 编辑
Service:kong-proxy并添加:
- name: api
protocol: TCP
port: 8444
targetPort: 8444
- 编辑
Deployment:kong-ingress
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8444 ssl # <-- from 127.0.0.1
IMPORTANT!
Above edits will expose your API to the external sources (assuming no connection with the last question of yours with internal lb of GKE). Please refer to the documentation of Kong for support on that matter:
其他资源: