A minimalist introduction to the Kong gateway

/ Steve Sun | 电波障害

Original link: https://sund.site/posts/2023/kong-gateway/

basic concept

Kong Gateway is a Lua application running in Nginx. Kong Gateway is distributed along with OpenResty, which is a bundle of modules that extend the lua-nginx-module.

Kong is a Lua program running on Nginx. It improves the shortcomings of Nginx based on static configuration, and can dynamically add plug-ins and hot deployment.

Kong’s basic modules

Service is an abstraction of backend services.

Routes is an abstraction of routing rules from client to backend services. For example, set different authentication rules for different clients.

Kong’s routes have two modes traditional_compat and expressions .

  • traditional_compat : The old pattern based on matching precedence such as wildcards.
  • expressions : New expression-based matching modes.

Upstreams is an operation and maintenance object, which is used for load balancing between Services and the real background API service.

Plugins are plug-ins written in lua or go, which are divided into official plug-ins provided by Kong and third-party plug-ins.

How Kong works

Kong supports three types of protocols: HTTP/HTTPS, TCL/TLS and GRPC/GRPCS. Each protocol consists of different parameters:

  • http : methods , hosts , headers , paths (and snis , if https )
  • tcp : sources , destinations (and snis , if tls )
  • grpc : hosts , headers , paths (and snis , if grpcs )

Kong supports routing requests by HTTP header, URL, method, source address, destination address, and Server Name Indication .

By default, Kong uses the RFC 3986 protocol to process the requested path.

Priority of Kong matching rules

Routing by the rule with the most matches.

The rule is: when evaluating a request, Kong Gateway first tries to match the
routes with the most rules .

When all matching rules are checked, Kong will send the request through the underlying Nginx module. After the Response returns, Kong will modify the response header and body through two hooks, header_filter and body_filter .

Support for WebSockets

There are two configurations to route wss requests:

  • HTTP(S) services and routes: Treat wss traffic as an opaque stream of bytes.
  • WS(S) services and routes ( Enterprise Edition feature ): You can better control traffic with websocket plug-ins.

load balancing

Kong supports two types of load balancing methods

  • DNS based (service registration and discovery are static)
  • Dynamic load balancing based on hash ring (service registration discovery is managed by Kong, which can be dynamically added or deleted)

This part is similar to Nginx.

health examination

  • active checks (heartbeat check)
  • Passive checks (passive checks, that is, circuit breakers, check according to traffic)

This article is transferred from: https://sund.site/posts/2023/kong-gateway/
This site is only for collection, and the copyright belongs to the original author.