Kong Gateway - 16 基于网关服务的速率限制(Rate Limiting)

Configure a Service in Kong
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=book' \

--data 'url=http://contoso.com/v1/books'

HTTP/1.1 201 Created
Date: Wed, 16 May 2018 06:40:36 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "host": "contoso.com", 
    "created_at": 1526424036, 
    "connect_timeout": 60000, 
    "id": "debbf1b5-0db1-46e3-87e7-6c1fbaf11646", 
    "protocol": "http", 
    "name": "book", 
    "read_timeout": 60000, 
    "port": 80, 
    "path": "/v1/books", 
    "updated_at": 1526424036, 
    "retries": 5, 
    "write_timeout": 60000
}
Add a Route to expose the Service
URL Format http://localhost:8001/services/{name of servie}/routes
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/book/routes \
--data 'paths[]=/v1/books'
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 06:41:02 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526424062, 
    "strip_path": true, 
    "hosts": null, 
    "preserve_host": false, 
    "regex_priority": 0, 
    "updated_at": 1526424062, 
    "paths": [
        "/v1/books"
    ], 
    "service": {
        "id": "debbf1b5-0db1-46e3-87e7-6c1fbaf11646"
    }, 
    "methods": null, 
    "protocols": [
        "http", 
        "https"
    ], 
    "id": "74a0df39-0b01-43b9-813f-b8f14d096cf8"    // {route_id} = id
}
Enabling the CORS plugin for a Service
URL Format http://localhost:8001/services/{name of servie}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=cors"  \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 06:41:37 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526452896000, 
    "config": {
        "methods": [
            "GET", 
            "POST"
        ], 
        "exposed_headers": [
            "X-Auth-Token"
        ], 
        "max_age": 3600, 
        "headers": [
            "Accept", 
            "Accept-Version", 
            "Content-Length", 
            "Content-MD5", 
            "Content-Type", 
            "Date", 
            "X-Auth-Token"
        ], 
        "credentials": true, 
        "origins": [
            "http://contoso.com"
        ], 
        "preflight_continue": false
    }, 
    "id": "1d9dd37a-ea45-4bfd-a3e1-cd12abd83d8a", 
    "enabled": true, 
    "service_id": "debbf1b5-0db1-46e3-87e7-6c1fbaf11646", 
    "name": "cors"
}
Enabling the CORS plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/routes/74a0df39-0b01-43b9-813f-b8f14d096cf8/plugins \
--data "name=cors"  \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 06:44:49 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526453089000, 
    "config": {
        "methods": [
            "GET", 
            "POST"
        ], 
        "exposed_headers": [
            "X-Auth-Token"
        ], 
        "max_age": 3600, 
        "headers": [
            "Accept", 
            "Accept-Version", 
            "Content-Length", 
            "Content-MD5", 
            "Content-Type", 
            "Date", 
            "X-Auth-Token"
        ], 
        "credentials": true, 
        "origins": [
            "http://contoso.com"
        ], 
        "preflight_continue": false
    }, 
    "id": "fa6af8d6-8564-4fbf-a62e-7318b69691e8", 
    "enabled": true, 
    "route_id": "74a0df39-0b01-43b9-813f-b8f14d096cf8", 
    "name": "cors"
}
参数说明:
config.second=5 表示服务器1秒钟内只接受5个链接请求,
超过链接个数时kong服务器返回{"message":"API rate limit exceeded"}
config.hour=10000 表示服务器1个小时内只接受1万个链接请求,
超过链接个数时kong服务器返回{"message":"API rate limit exceeded"}
上面的参数配置我们很难直接测试出效果来,不过我们可以定义一个1分钟内只接受2个链接请求的配置
来看看测试效果,命令如下
curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=rate-limiting"  \
--data "config.minute=2"    // 只允许接受2个链接/分钟,
为了看到返回{"message":"API rate limit exceeded"},下面的命令我们只要在1分钟内一共提交3次就能看到它。
curl -i -X GET \

--url http://localhost:8000/v1/books

尤其要注意GET请求Header头部的这两个参数值的变化X-RateLimit-Limit-minute: 2
和 X-RateLimit-Remaining-minute: 0  ------ 每分钟剩余0次接受请求的许可,过1分钟后GET可以再次正常发出请求,如此往复,周而复始被限制访问,这在官网上是没有说明的,你可能在整个互联网上都很难找到我们应该如何测试返回{"message":"API rate limit exceeded"}这样的返回值的范例啦

为了接着执行下面的命令,你一定会用到删除命令
curl -i -X DELETE http://localhost:8001/plugins/{id of plugin} // 把只允许接受2个链接/分钟范例干掉

Enabling the Rate Limiting plugin for a Service
URL Format http://localhost:8001/services/{service}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=rate-limiting"  \
--data "config.second=5" \
--data "config.hour=10000"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 06:46:17 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526453177000, 
    "config": {
        "redis_database": 0, 
        "policy": "cluster", 
        "redis_timeout": 2000, 
        "hide_client_headers": false, 
        "second": 5, 
        "limit_by": "consumer", 
        "redis_port": 6379, 
        "hour": 10000, 
        "fault_tolerant": true
    }, 
    "id": "90e44ca4-4f5f-48ad-bd69-4b4f5547e49a", 
    "enabled": true, 
    "service_id": "debbf1b5-0db1-46e3-87e7-6c1fbaf11646", 
    "name": "rate-limiting"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 244
Connection: keep-alive
X-RateLimit-Limit-hour: 10000
X-RateLimit-Remaining-hour: 9999
X-RateLimit-Limit-second: 5
X-RateLimit-Remaining-second: 4
Date: Wed, 16 May 2018 06:47:29 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 29
X-Kong-Proxy-Latency: 43
Via: kong/0.13.1

[
    {
        "id": 1, 
        "title": "Fashion That Changed the World", 
        "author": "Jennifer Croll"
    }, 
    {
        "id": 2, 
        "title": "Brigitte Bardot - My Life in Fashion", 
        "author": "Henry-Jean Servat and Brigitte Bardot"
    }, 
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]
Enabling the Rate Limiting plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/routes/74a0df39-0b01-43b9-813f-b8f14d096cf8/plugins \
--data "name=rate-limiting"  \
--data "config.second=5" \
--data "config.hour=10000"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 07:09:24 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526454564000, 
    "config": {
        "redis_database": 0, 
        "policy": "cluster", 
        "redis_timeout": 2000, 
        "hide_client_headers": false, 
        "second": 5, 
        "limit_by": "consumer", 
        "redis_port": 6379, 
        "hour": 10000, 
        "fault_tolerant": true
    }, 
    "id": "df247ebf-35e9-488c-b393-3829786a5616", 
    "enabled": true, 
    "route_id": "74a0df39-0b01-43b9-813f-b8f14d096cf8", 
    "name": "rate-limiting"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# curl -i -X GET \
--url http://localhost:8000/v1/books
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 244
Connection: keep-alive
X-RateLimit-Limit-hour: 10000
X-RateLimit-Remaining-hour: 9999
X-RateLimit-Limit-second: 5
X-RateLimit-Remaining-second: 4
Date: Wed, 16 May 2018 07:12:19 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 27
X-Kong-Proxy-Latency: 2
Via: kong/0.13.1

[
    {
        "id": 1, 
        "title": "Fashion That Changed the World", 
        "author": "Jennifer Croll"
    }, 
    {
        "id": 2, 
        "title": "Brigitte Bardot - My Life in Fashion", 
        "author": "Henry-Jean Servat and Brigitte Bardot"
    }, 
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]
Enabling the Basic Authentication plugin for a Service
URL Format http://localhost:8001/services/{service}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/book/plugins \
--data "name=basic-auth"  \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 12:01:43 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526472103000, 
    "config": {
        "hide_credentials": true, 
        "anonymous": ""
    }, 
    "id": "abd20a18-126f-4509-9399-df9384d4bb86", 
    "enabled": true, 
    "service_id": "debbf1b5-0db1-46e3-87e7-6c1fbaf11646", 
    "name": "basic-auth"
}
Enabling the Basic Authentication plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/routes/74a0df39-0b01-43b9-813f-b8f14d096cf8/plugins \
--data "name=basic-auth"  \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 12:02:20 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526472140000, 
    "config": {
        "hide_credentials": true, 
        "anonymous": ""
    }, 
    "id": "13f1f891-9f2d-414d-a179-26728abbd00f", 
    "enabled": true, 
    "route_id": "74a0df39-0b01-43b9-813f-b8f14d096cf8", 
    "name": "basic-auth"
}
Create a Consumer
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/consumers/  \
--data "username=jack"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 07:16:47 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526455008000, 
    "username": "jack", 
    "id": "7b07ebe0-c53b-409b-a19b-be64aed6cae0"  //{consumer_id} = id
}
Create a Credential
URL Format  http://localhost:8001/consumers/{username or consumer_id}/basic-auth    
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/consumers/jack/basic-auth \
--data "username=jack@hotmail.com" \
--data "password=123456"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 07:21:58 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526455319000, 
    "id": "f6baffc8-14e6-4c43-bd18-0556b4901448", 
    "username": "jack@hotmail.com", 
    "password": "5652766f4dde3989b9168eef8679f8004a5c8633", 
    "consumer_id": "7b07ebe0-c53b-409b-a19b-be64aed6cae0"
}
On line base64 tool address is http://tool.oschina.net/encrypt?type=3    
Key-Value about jack@hotmail.com:123456,its base64 value is :    
amFja0Bob3RtYWlsLmNvbToxMjM0NTY=    
for user jack sign in to pass Basic Authenctiaction,we'll get a book record(id = 3)  

A client-user requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
X-RateLimit-Limit-hour: 10000
X-RateLimit-Remaining-hour: 9998
X-RateLimit-Limit-second: 5
X-RateLimit-Remaining-second: 4
Date: Wed, 16 May 2018 07:23:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 30
X-Kong-Proxy-Latency: 8
Via: kong/0.13.1

[
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]
Enabling the plugin for a Consumer
consumer_id={consumer_id}
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/plugins \
--data "name=rate-limiting" \
--data "consumer_id=7b07ebe0-c53b-409b-a19b-be64aed6cae0"  \
--data "config.second=5" \
--data "config.hour=10000"
HTTP/1.1 201 Created
Date: Wed, 16 May 2018 07:25:36 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526455536000, 
    "config": {
        "redis_database": 0, 
        "policy": "cluster", 
        "redis_timeout": 2000, 
        "hide_client_headers": false, 
        "hour": 10000, 
        "limit_by": "consumer", 
        "redis_port": 6379, 
        "second": 5, 
        "fault_tolerant": true
    }, 
    "id": "28c944be-24e1-41ad-86cd-476f84f1a779", 
    "name": "rate-limiting", 
    "enabled": true, 
    "consumer_id": "7b07ebe0-c53b-409b-a19b-be64aed6cae0"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# curl -i -X GET \
--url http://localhost:8000/v1/books/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: keep-alive
X-RateLimit-Limit-hour: 10000
X-RateLimit-Remaining-hour: 9997
X-RateLimit-Limit-second: 5
X-RateLimit-Remaining-second: 4
Date: Wed, 16 May 2018 07:27:37 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-Kong-Upstream-Latency: 25
X-Kong-Proxy-Latency: 5
Via: kong/0.13.1

[
    {
        "id": 3, 
        "title": "The Fashion Image", 
        "author": "Thomas Werner"
    }
]
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多程序园信息
开发小院