how to install and config kong2.0

2020-04-10 15:26:20
k8s环境如下
1
2
3
4
5
[root@master ~]# kubectl get nodes
NAME     STATUS   ROLES    AGE    VERSION
master   Ready    master   115d   v1.17.0
node01   Ready    <none>   115d   v1.17.0
node02   Ready    <none>   115d   v1.17.0
install using YAMLs
1
2
3
4
5
6
dbless 安装
kubectl apply -f https://bit.ly/k4k8s

db安装参考(注意kong版本为2.0,官网此处为1.3,没有安装成功)
https://github.com/Kong/kubernetes-ingress-controller/blob/master/deploy/single/all-in-one-postgres.yaml
kubectl apply -f all-in-one-postgres.yaml

需要调整配置如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
---
apiVersion: v1
kind: Service
metadata:
  annotations: {}
    #service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    #service.beta.kubernetes.io/aws-load-balancer-type: nlb
  name: kong-proxy
  namespace: kong
spec:
  externalTrafficPolicy: Local
  ports:
  - name: proxy
    port: 80
    protocol: TCP
    targetPort: 8000
    nodePort: 80
  - name: proxy-ssl
    port: 443
    protocol: TCP
    targetPort: 8443
    nodePort: 443
  selector:
    app: ingress-kong
  #type: LoadBalancer
  type: NodePort

需要增加配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
apiVersion: v1
kind: Service
metadata:
  name: kong-proxy-admin
  namespace: kong
spec:
  ports:
  - name: kong-proxy-admin
    port: 8001
    targetPort: 8001
    protocol: TCP
  - name: kong-proxy-admin-ssl
    port: 8444
    targetPort: 8444
    protocol: TCP
  selector:
    app: ingress-kong
---
apiVersion: v1
kind: Service
metadata:
  name: kong-validation-webhook
  namespace: kong
spec:
  ports:
  - name: webhook
    port: 443
    protocol: TCP
    targetPort: 8080
  selector:
    app: ingress-kong

为node2节点打上标签,增加nodeSelector,便于dns指向固定的IP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@master ~]# kubectl label nodes node02 ingress=proxy 
node/node02 labeled

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ingress-kong
  name: ingress-kong
  namespace: kong
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ingress-kong
  template:
    metadata:
      annotations: 
#        kuma.io/gateway: enabled
        prometheus.io/port: "9542"
        prometheus.io/scrape: "true"
        traffic.sidecar.istio.io/includeInboundPorts: ""
      labels:
        app: ingress-kong
    spec:
      nodeSelector:
        ingress: proxy

安装完成后查看服务

1
2
3
4
5
6
7

[root@master ~]# kubectl get svc -nkong 
NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                 AGE
kong-proxy                NodePort    10.96.3.92      <none>        80:80/TCP,443:443/TCP   45h
kong-proxy-admin          ClusterIP   10.96.208.161   <none>        8001/TCP,8444/TCP       21h
kong-validation-webhook   ClusterIP   10.96.173.105   <none>        443/TCP                 45h
postgres                  ClusterIP   10.96.23.49     <none>        5432/TCP                45h

install kong dashboard konga
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
[root@master kong]# cat konga.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: konga
  labels:
    app: konga
  namespace: kong
spec:
  replicas: 1
  selector:
    matchLabels:
      app: konga
  template:
    metadata:
      labels:
        app: konga
    spec:
      containers:
      - name: konga
        image: pantsel/konga
        env:
        - name: DB_ADAPTER
          value: postgres
        - name: DB_HOST
          value: postgres.kong.svc.cluster.local
        - name: DB_USER
          value: kong
        - name: DB_PASSWORD
          value: kong
        - name: DB_DATABASE
          value: kong
        - name: TOKEN_SECRET
          value: kongadmin
        ports:
        - containerPort: 1337
          protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: konga-svc
  namespace: kong
spec:
  type: NodePort
  ports:
  - name: kong-proxy
    port: 1337
    targetPort: 1337
    nodePort: 30337
    protocol: TCP
  selector:
    app: konga
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
  name: konga-ingress
  namespace: kong
spec:
  rules:
  - host: konga.whistle.ruijie.com.cn
    http:
      paths:
      - path: /
        backend:
          serviceName: konga-svc
          servicePort: 80
1
2
3
4
5
6
7
8
9
kubectl apply -f  konga.yaml 

[root@master kong]# kubectl get svc -nkong 
NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                 AGE
kong-proxy                NodePort    10.96.3.92      <none>        80:80/TCP,443:443/TCP   45h
kong-proxy-admin          ClusterIP   10.96.208.161   <none>        8001/TCP,8444/TCP       21h
kong-validation-webhook   ClusterIP   10.96.173.105   <none>        443/TCP                 45h
konga-svc                 NodePort    10.96.223.218   <none>        1337:30337/TCP          24h
postgres                  ClusterIP   10.96.23.49     <none>        5432/TCP                45h

之后就可以访问http://node1:30337/ 访问konga 相关使用参考这里

可能遇到问题

1
provided port is not in the valid range. The range of valid ports is 30000-32767

解决:
vi /etc/kubernetes/manifests/kube-apiserver.yaml
–service-cluster-ip-range 这一行,在这一行的下一行增加 如下内容

1
- --service-node-port-range=1-65535

systemctl daemon-reload
systemctl restart kubelet

ref
konga的安装与配置
konga
kong
konga–添加service和rouce详细步骤konga–添加service和rouce详细步骤