Kong是在客户端和(微)服务间转发API通信的API网关,通过插件扩展功能。Kong有两个主要组件:
- Kong Server :基于nginx的服务器,用来接收API请求。
- Apache Cassandra :用来存储操作数据。
你可以通过增加更多Kong Server机器对Kong服务进行水平扩展,通过前置的负载均衡器向这些机器分发请求。根据文档描述,两个Cassandra节点就足以支撑绝大多数情况,但如果网络非常拥挤,可以考虑适当增加更多节点。
对于开源社区来说,Kong 中最诱人的一个特性是可以通过插件扩展已有功能,这些插件在 API 请求响应循环的生命周期中被执行。插件使用 Lua 编写,而且 Kong 还有如下几个基础功能:
- HTTP 基本认证
- 密钥认证
- CORS( Cross-origin Resource Sharing,跨域资源共享)
- TCP/UDP
- 文件日志
- API 请求限流
- 请求转发
- nginx 监控
更新日志
这个版本的主要焦点是Kong的新的CLI。与一个简单的配置文件,新设置环境变量支持,新命令,以及一个新的翻译,新的CLI给Kong用户提供了更多的强大功能和灵活性,允许更容易集成在您的部署工作流,以及更好的测试开发人员和插件作者。此外,包括一些新的插件和性能改进以及一些bug修复。
改变
- New CLI, with new commands and refined arguments. This new CLI uses the
resty-cli
interpreter (see lua-resty-cli) instead of LuaJIT. As a result, the resty
executable must be available in your $PATH
(resty-cli is shipped in the OpenResty bundle) as well as the bin/kong
executable. Kong does not rely on Luarocks installing the bin/kong
executable anymore. This change of behavior is taken care of if you are using one of the official Kong packages.
- Kong uses a new configuration file, with an easier syntax than the previous YAML file.
- New arguments for the CLI, such as verbose, debug and tracing flags. We also avoid requiring the configuration file as an argument to each command as per the previous CLI.
- Customization of the Nginx configuration can now be taken care of using two different approaches: with a custom Nginx configuration template and using
kong start --template <file>
, or by usingkong compile
to generate the Kong Nginx sub-configuration, and include
it in a custom Nginx instance.
- Plugins:
- Rate Limiting: the
continue_on_error
property is now called cluster_fault_tolerant
.
- Response Rate Limiting: the
continue_on_error
property is now calledcluster_fault_tolerant
.
新增
- Support for overriding configuration settings with environment variables.
- Support for SSL connections between Kong and PostgreSQL. #1425
- Ability to apply plugins with more granularity: per-consumer, and global plugins are now possible. #1403
- New
kong check
command: validates a Kong configuration file.
- Better version check for third-party dependencies (OpenResty, Serf, dnsmasq). #1307
- Ability to configure the validation depth of database SSL certificates from the configuration file.#1420
request_host
: internationalized url support; utf-8 domain names through punycode support and paths through %-encoding. #1300
- Implements caching locks when fetching database configuration (APIs, Plugins...) to avoid dog pile effect on cold nodes. #1402
- Internal locks when for datastore requests. Now Kong will only trigger maximum one request per node to the datastore when requesting a specific entity, which prevents the Dogpile effect. #1402
- Plugins:
- New bot-detection plugin: protect your APIs by detecting and rejecting common bots and crawlers. #1413
- correlation-id: new "tracker" generator, identifying requests per worker and connection. #1288
- request/response-transformer: ability to add strings including colon characters. #1353
- rate-limiting: support for new rate-limiting policies (
cluster
, local
and redis
), and for a newlimit_by
property to force rate-limiting by consumer
, credential
or ip
.
- response-rate-limiting: support for new rate-limiting policies (
cluster
, local
and redis
), and for a new limit_by
property to force rate-limiting by consumer
, credential
or ip
.
- galileo: performance improvements of ALF serialization. ALFs are not discarded when exceeding 20MBs anymore. #1463
- statsd: new
upstream_stream
latency metric. #1466
- datadog: new
upstream_stream
latency metric and tagging support for each metric. #1473
移除
- We now use lua-resty-jit-uuid for UUID generation, which is a pure Lua implementation of RFC 4122. As a result, libuuid is not a dependency of Kong anymore.
Bug修复
- Sensitive configuration settings are not printed to stdout anymore. #1256
- Fixed bug that caused nodes to remove themselves from the database when they attempted to join the cluster. #1437
- Plugins:
- request-size-limiting: use proper constant for MB units while setting the size limit. #1416
- OAuth2: security and config validation fixes. #1409 #1112
- request/response-transformer: better validation of fields provided without a value. #1399
- JWT: handle some edge-cases that could result in HTTP 500 errors. #1362
internal
- new test suite using resty-cli and removing the need to monkey-patch the
ngx
global.
- custom assertions and new helper methods (
wait_until()
) to gracefully fail in case of timeout.
- increase atomicity of the testing environment.
- lighter testing instance, only running 1 worker and not using dnsmasq by default.
下载
本站原创,转载时保留以下信息:
本文转自:深度开源(open-open.com)
原文地址:http://www.open-open.com/news/view/65914321