微服务之API网关：Kong

Kong 是在客户端和（微）服务间转发API通信的API网关，通过插件扩展功能。Kong 有两个主要组件：

1、Kong Server ：基于nginx的服务器，用来接收 API 请求。

2、Apache Cassandra：用来存储操作数据。

你可以通过增加更多 Kong Server 机器对 Kong 服务进行水平扩展，通过前置的负载均衡器向这些机器分发请求。根据文档描述，两个Cassandra节点就足以支撑绝大多数情况，但如果网络非常拥挤，可以考虑适当增加更多节点。

对于开源社区来说，Kong 中最诱人的一个特性是可以通过插件扩展已有功能，这些插件在 API 请求响应循环的生命周期中被执行。插件使用 Lua 编写，而且Kong还有如下几个基础功能：HTTP 基本认证、密钥认证、CORS（ Cross-origin Resource Sharing，跨域资源共享）、TCP、UDP、文件日志、API 请求限流、请求转发以及 nginx 监控。

Kong Gateway

The world’s most popular open source API gateway. Built for multi-cloud and hybrid, optimized for microservices and distributed architectures.

kong在openresty基础上进行的开发，而openresty基于nginx，所以kong的很多概念和用法都是nginx特色，包括对功能进行描述的词汇，比如upstream services就是nginx设定的upstream。kong很好地封装了nginx，并对外提供了如下的功能接口：

- 云原生：具有平台无关性，kong即可以运行在物理设备也可以运行在kubernetes上

- 动态负载均衡：在多个upstream services基础上进行负载均衡设定

- 基于hash的负载均衡：基于hashing/sticky session的负载均衡

- 断路器：能追踪不健康的upstream services

- 健康检测：对upstream services进行主动或者被动地监控

- 服务发现：可结合consul提供服务注册等功能

- WebSockets：通过WebSockets和upstream service进行通信

- OAuth2.0：可对API方便地添加OAuth2.0进行授权

- 日志：通过HTTP/TCP/UDP等方式进行日志相关操作

- 安全：ACL，机器人检测，黑白名单IP等

- 系统日志：日志可输入到系统日志中

- 监控：提供实时监控功能

- 认证：HMAC/JWT以及基本认证方式

- 限流（Rate-Limiting）：基于多变量对请求进行阻塞或者限制

- 转换：对TTP请求和相应进行添加/删除/操纵等操作

- 缓存：在代理层进行缓存和响应处理

- CLI：通过命令行对kong的集群进行控制

- REST API：可灵活地通过RESTful API对kong进行操作

- 失败检测与恢复：Cassandra某一节点停止也不会影响kong的功能

- 集群：所有的kong节点都能自动加入集群，并保证配置在整个节点间得到更新

- 可扩展性：kong可以通过添加节点很容易地实现横向扩展

- 性能：使用nginx作为内核，kong具有nginx的高性能

- plugin：可以对kong和API进行扩展

Features

• Cloud-Native: Platform agnostic, Kong can run from bare metal to Kubernetes.
• Dynamic Load Balancing: Load balance traffic across multiple upstream services.
• Hash-based Load Balancing: Load balance with consistent hashing/sticky sessions.
• Circuit-Breaker: Intelligent tracking of unhealthy upstream services.
• Health Checks: Active and passive monitoring of your upstream services.
• Service Discovery: Resolve SRV records in third-party DNS resolvers like Consul.
• Serverless: Invoke and secure AWS Lambda or OpenWhisk functions directly from Kong.
• WebSockets: Communicate to your upstream services via WebSockets.
• gRPC: Communicate to your gRPC services and observe your traffic with logging and observability plugins
• OAuth2.0: Easily add OAuth2.0 authentication to your APIs.
• Logging: Log requests and responses to your system over HTTP, TCP, UDP, or to disk.
• Security: ACL, Bot detection, whitelist/blacklist IPs, etc...
• Syslog: Logging to System log.
• SSL: Setup a Specific SSL Certificate for an underlying service or API.
• Monitoring: Live monitoring provides key load and performance server metrics.
• Forward Proxy: Make Kong connect to intermediary transparent HTTP proxies.
• Authentications: HMAC, JWT, Basic, and more.
• Rate-limiting: Block and throttle requests based on many variables.
• Transformations: Add, remove, or manipulate HTTP requests and responses.
• Caching: Cache and serve responses at the proxy layer.
• CLI: Control your Kong cluster from the command line.
• REST API: Kong can be operated with its RESTful API for maximum flexibility.
• Geo-Replicated: Configs are always up-to-date across different regions.
• Failure Detection & Recovery: Kong is unaffected if one of your Cassandra nodes goes down.
• Clustering: All Kong nodes auto-join the cluster keeping their config updated across nodes.
• Scalability: Distributed by nature, Kong scales horizontally by simply adding nodes.
• Performance: Kong handles load with ease by scaling and using NGINX at the core.
• Plugins: Extendable architecture for adding functionality to Kong and APIs.