Kong介绍
本文介绍将 Kong 微服务网关作为 Kubernetes 集群内部业务项目之间通讯的最佳实践,之前写过一篇文章使用 Nginx Ingress Controller 作为集群统一的流量入口:使用 Kubernetes Ingress 对外暴露服务,但是相比于 Kong Ingress Controller来说,Kong 支持的功能更加强大,更适合微服务架构:
- 拥有庞大的插件生态,能轻易扩展 Kong 支持的功能,比如 API 认证,流控,访问限制等;
- Kong 服务本身和 Admin 管理 API 都集成在一个进程,通过端口区分两者,简化了部署的复杂度;
- Kong 节点的配置统一持久化到数据库,所有节点通过数据库共享数据,在 Ingress 更新后能实时同步到各个节点,而 Nginx Ingress Controller 是通过重新加载机制响应 Ingress 更新,这种方式代价比较大,可能会导致服务的短暂中断;
- Kong 有成熟的第三方管理 UI 和 Admin 管理 API 对接,从而能可视化管理 Kong 配置。
kong是一个云原生的、高性能的、可扩展的API网关(分布式微服务抽象层)。 kong基于openresty, nginx+lua模块开发,其核心价值就是高性能和可扩展性。
kong的基本运行情况如下图所示,kong可以通过充当微服务请求的网关, 同时通过插件提供负载均衡、日志记录、身份认证、速率限制(rate-limiting)、转换(transformations)等功能。
客户端请求到达kong网关后,经过一系列的插件处理之后才会将请求转发给指定的后端服务。
kong的主要组件包含:
- Kong Server: 基于nginx的服务器,用来接收API请求
- PostgreSQL或Apache Cassandra: 用来存储数据
- konga: 第三方开源的图形化管理工具,支持kong的最新版本(因为kong的社区版不提供dashboard)
- kong的三大基础特性:
可扩展性: 可以通过添加更多服务器进行横向扩展 模块化: 通过添加插件进行扩展其插件可定制开发 云原生: 可在任何基础架构上运行,如云环境或内部网络,对云原生、kubernetes天然支持
Kong依赖的技术
Kong部署在Nginx和Apache Cassandra或PostgreSQL等可靠技术之上,并提供了易于使用的RESTful API来操作和配置系统。下面是Kong的技术逻辑图。基于这些技术,Kong提供相关的特性支持:
- Nginx
- 经过验证的高性能基础;
- HTTP和反向代理服务器;
- 处理低层级的操作。
- OpenRestry
- 支持Lua脚本;
- 拦截请求/响应生命周期;
- 基于Nginx进行扩展。
- Clustering&Datastore
- 支持Cassandra或PostgreSQL数据库;
- 内存级的缓存;
- 支持水平扩展。
- Plugins
- 使用Lua创建插件;
- 功能强大的定制能力;
- 与第三方服务实现集成。
- Restful Administration API
- 通过Restful API管理Kong;
- 支持CI/CD&DevOps;
- 基于插件的可扩展。
线上购买阿里云POSTGRES数据库
创建用户及kong数据库
create database kong owner kong;映射集群外部数据库
IP方式
apiVersion: v1
kind: Service
metadata:
name: my-postgres
namespace: kong
spec:
type: ClusterIP
ports:
- port: 5432
protocol: TCP
targetPort: 1921
---
apiVersion: v1
kind: Endpoints
metadata:
name: my-postgres
namespace: kong
subsets:
- addresses:
- ip: 172.19.x.x
ports:
- port: 1921现在,可以在集群内使用简单的连接字符串访问数据库:
psql -U user_name -d database_name -h my-postgres.kongURL方式
kind: Service
apiVersion: v1
metadata:
name: my-postgres
namespace: kong
spec:
type: ExternalName
externalName: pgm-uf6ja8np76k4vmdk168190.pg.rds.aliyuncs.com现在,可以在集群内使用简单的连接字符串访问数据库:
# 测试是否引入成功
# curl my-postgres.kong:1921
curl: (52) Empty reply from server
# psql -U user_name -d database_name -h my-postgres.kong创建连接的目的是我们可以使用serviceName连接数据库,通常我们会建议将db/es/redis/mq/等非k8s必须资源独立于k8s的集群外部署,降低k8s管理的复杂度;而这种独立在外部部署的资源建议添加一个k8s的endpoint/service指向来描述其调用地址,便于灵活管理及调用方便。
kong安装
[root@node001 kong]# cat allinone-kong.yaml
apiVersion: v1
kind: Namespace
metadata:
name: kong
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: kong
labels:
k8s-app: filebeat
kubernetes.io/cluster-service: "true"
data:
filebeat.yml: |-
filebeat.inputs:
- type: log
enabled: true
paths:
- /data/access.log
tags: ["k8s_access", "SG", "kong"]
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
processors:
- add_cloud_metadata: ~
output.logstash:
hosts: ['${LOGSTASH_HOST:localhost}:${LOGSTASH_PORT:8888}']
# hosts: ["k8slogs.fxeyeinterface.com:8888"]
---
kind: Service
apiVersion: v1
metadata:
name: my-postgres
namespace: kong
spec:
type: ExternalName
externalName: pgm-xxxxxxxxxxxxx.pgsql.singapore.rds.aliyuncs.com
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kongclusterplugins.configuration.konghq.com
spec:
additionalPrinterColumns:
- JSONPath: .plugin
description: Name of the plugin
name: Plugin-Type
type: string
- JSONPath: .metadata.creationTimestamp
description: Age
name: Age
type: date
- JSONPath: .disabled
description: Indicates if the plugin is disabled
name: Disabled
priority: 1
type: boolean
- JSONPath: .config
description: Configuration of the plugin
name: Config
priority: 1
type: string
group: configuration.konghq.com
names:
kind: KongClusterPlugin
plural: kongclusterplugins
shortNames:
- kcp
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
config:
type: object
configFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
namespace:
type: string
required:
- name
- namespace
- key
type: object
type: object
disabled:
type: boolean
plugin:
type: string
protocols:
items:
enum:
- http
- https
- grpc
- grpcs
- tcp
- tls
type: string
type: array
run_on:
enum:
- first
- second
- all
type: string
required:
- plugin
version: v1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kongconsumers.configuration.konghq.com
spec:
additionalPrinterColumns:
- JSONPath: .username
description: Username of a Kong Consumer
name: Username
type: string
- JSONPath: .metadata.creationTimestamp
description: Age
name: Age
type: date
group: configuration.konghq.com
names:
kind: KongConsumer
plural: kongconsumers
shortNames:
- kc
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
credentials:
items:
type: string
type: array
custom_id:
type: string
username:
type: string
version: v1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kongingresses.configuration.konghq.com
spec:
group: configuration.konghq.com
names:
kind: KongIngress
plural: kongingresses
shortNames:
- ki
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
proxy:
properties:
connect_timeout:
minimum: 0
type: integer
path:
pattern: ^/.*$
type: string
protocol:
enum:
- http
- https
- grpc
- grpcs
- tcp
- tls
type: string
read_timeout:
minimum: 0
type: integer
retries:
minimum: 0
type: integer
write_timeout:
minimum: 0
type: integer
type: object
route:
properties:
headers:
additionalProperties:
items:
type: string
type: array
type: object
https_redirect_status_code:
type: integer
methods:
items:
type: string
type: array
path_handling:
enum:
- v0
- v1
type: string
preserve_host:
type: boolean
protocols:
items:
enum:
- http
- https
- grpc
- grpcs
- tcp
- tls
type: string
type: array
regex_priority:
type: integer
request_buffering:
type: boolean
response_buffering:
type: boolean
snis:
items:
type: string
type: array
strip_path:
type: boolean
upstream:
properties:
algorithm:
enum:
- round-robin
- consistent-hashing
- least-connections
type: string
hash_fallback:
type: string
hash_fallback_header:
type: string
hash_on:
type: string
hash_on_cookie:
type: string
hash_on_cookie_path:
type: string
hash_on_header:
type: string
healthchecks:
properties:
active:
properties:
concurrency:
minimum: 1
type: integer
healthy:
properties:
http_statuses:
items:
type: integer
type: array
interval:
minimum: 0
type: integer
successes:
minimum: 0
type: integer
type: object
http_path:
pattern: ^/.*$
type: string
timeout:
minimum: 0
type: integer
unhealthy:
properties:
http_failures:
minimum: 0
type: integer
http_statuses:
items:
type: integer
type: array
interval:
minimum: 0
type: integer
tcp_failures:
minimum: 0
type: integer
timeout:
minimum: 0
type: integer
type: object
type: object
passive:
properties:
healthy:
properties:
http_statuses:
items:
type: integer
type: array
interval:
minimum: 0
type: integer
successes:
minimum: 0
type: integer
type: object
unhealthy:
properties:
http_failures:
minimum: 0
type: integer
http_statuses:
items:
type: integer
type: array
interval:
minimum: 0
type: integer
tcp_failures:
minimum: 0
type: integer
timeout:
minimum: 0
type: integer
type: object
type: object
threshold:
type: integer
type: object
host_header:
type: string
slots:
minimum: 10
type: integer
type: object
version: v1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kongplugins.configuration.konghq.com
spec:
additionalPrinterColumns:
- JSONPath: .plugin
description: Name of the plugin
name: Plugin-Type
type: string
- JSONPath: .metadata.creationTimestamp
description: Age
name: Age
type: date
- JSONPath: .disabled
description: Indicates if the plugin is disabled
name: Disabled
priority: 1
type: boolean
- JSONPath: .config
description: Configuration of the plugin
name: Config
priority: 1
type: string
group: configuration.konghq.com
names:
kind: KongPlugin
plural: kongplugins
shortNames:
- kp
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
config:
type: object
configFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- name
- key
type: object
type: object
disabled:
type: boolean
plugin:
type: string
protocols:
items:
enum:
- http
- https
- grpc
- grpcs
- tcp
- tls
type: string
type: array
run_on:
enum:
- first
- second
- all
type: string
required:
- plugin
version: v1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tcpingresses.configuration.konghq.com
spec:
additionalPrinterColumns:
- JSONPath: .status.loadBalancer.ingress[*].ip
description: Address of the load balancer
name: Address
type: string
- JSONPath: .metadata.creationTimestamp
description: Age
name: Age
type: date
group: configuration.konghq.com
names:
kind: TCPIngress
plural: tcpingresses
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
rules:
items:
properties:
backend:
properties:
serviceName:
type: string
servicePort:
format: int32
type: integer
type: object
host:
type: string
port:
format: int32
type: integer
type: object
type: array
tls:
items:
properties:
hosts:
items:
type: string
type: array
secretName:
type: string
type: object
type: array
type: object
status:
type: object
version: v1beta1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kong-serviceaccount
namespace: kong
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kong-ingress-clusterrole
rules:
- apiGroups:
- ""
resources:
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
- extensions
- networking.internal.knative.dev
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
- extensions
- networking.internal.knative.dev
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- configuration.konghq.com
resources:
- tcpingresses/status
verbs:
- update
- apiGroups:
- configuration.konghq.com
resources:
- kongplugins
- kongclusterplugins
- kongcredentials
- kongconsumers
- kongingresses
- tcpingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kong-ingress-clusterrole-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kong-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: kong-serviceaccount
namespace: kong
---
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-type: nlb
name: kong-proxy
namespace: kong
spec:
ports:
- name: proxy
port: 80
protocol: TCP
targetPort: 8000
- name: proxy-ssl
port: 8443
protocol: TCP
targetPort: 8443
- name: proxy-http2
port: 8888
protocol: TCP
targetPort: 8888
- name: proxy-http2-ssl
port: 8844
protocol: TCP
targetPort: 8844
- name: kong-admin
port: 8001
protocol: TCP
targetPort: 8001
- name: kong-admin-ssl
port: 8444
protocol: TCP
targetPort: 8444
selector:
app: ingress-kong
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: kong-validation-webhook
namespace: kong
spec:
ports:
- name: webhook
port: 443
protocol: TCP
targetPort: 8080
selector:
app: ingress-kong
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ingress-kong
name: ingress-kong
namespace: kong
spec:
replicas: 2
selector:
matchLabels:
app: ingress-kong
template:
metadata:
annotations:
kuma.io/gateway: enabled
prometheus.io/port: "8100"
prometheus.io/scrape: "true"
traffic.sidecar.istio.io/includeInboundPorts: ""
labels:
app: ingress-kong
spec:
volumes:
- hostPath:
path: /tmp
type: DirectoryOrCreate
name: konglogs
- name: config
configMap:
defaultMode: 0444
name: filebeat-config
containers:
- env:
- name: LOGSTASH_HOST
value: k8slogs.fxeyeinterface.com
- name: LOGSTASH_PORT
value: "8888"
name: logscollection
image: registry.cn-shanghai.aliyuncs.com/wikifx/base:filebeat-7.4.1
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
imagePullPolicy: IfNotPresent
resources:
requests:
memory: 100Mi
cpu: 500m
limits:
memory: 1024Mi
cpu: 2000m
readinessProbe:
exec:
command:
- ls
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 5
volumeMounts:
- name: konglogs
mountPath: /data/
- name: config
mountPath: /etc/filebeat.yml
readOnly: true
subPath: filebeat.yml
- env:
- name: KONG_DATABASE
value: postgres
- name: KONG_PG_HOST
value: my-postgres.kong
- name: KONG_PG_PASSWORD
value: Abc123@@
- name: KONG_PG_PORT
value: "1921"
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, 0.0.0.0:8443 ssl, 0.0.0.0:8888 http2, 0.0.0.0:8844 ssl http2
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8001,0.0.0.0:8444 ssl #修改
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100
- name: KONG_NGINX_WORKER_PROCESSES
value: "2"
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_PROXY_ACCESS_LOG
value: /tmp/access.log custom_fmt
- name: KONG_NGINX_HTTP_LOG_FORMAT
# value: custom_fmt '$remote_addr - $remote_user [$time_local] "$request" $http_host $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" $upstream_addr $upstream_status $upstream_cache_status "$upstream_http_content_type" $upstream_response_time > $request_time'
value: custom_fmt '$remote_addr - $remote_user [$time_local] "$request" $http_host $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" "$upstream_addr" "$upstream_status" $upstream_cache_status "$upstream_http_content_type" "$upstream_response_time" > $request_time'
image: registry.cn-shanghai.aliyuncs.com/wikifx/kong:kong-2.5
lifecycle:
postStart:
exec:
command:
- /bin/bash
- '-c'
- '> /tmp/access.log'
preStop:
exec:
command:
- /bin/bash
- '-c'
- 'kong quit;'
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8100
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: proxy
volumeMounts:
- mountPath: /tmp
name: konglogs
ports:
- containerPort: 8000
name: proxy
protocol: TCP
- containerPort: 8844
name: proxy-http2-ssl
protocol: TCP
- containerPort: 8443
name: proxy-ssl
protocol: TCP
- containerPort: 8100
name: metrics
protocol: TCP
- containerPort: 8444
name: kong-admin-ssl
protocol: TCP
- containerPort: 8888
name: kong-http2
protocol: TCP
- containerPort: 8844
name: kong-http2-ssl
protocol: TCP
- containerPort: 8001
name: kong-admin
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8100
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
- env:
- name: CONTROLLER_KONG_ADMIN_URL
value: https://127.0.0.1:8444
- name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
value: "true"
- name: CONTROLLER_PUBLISH_SERVICE
value: kong/kong-proxy
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: registry.cn-shanghai.aliyuncs.com/wikifx/kong:kubernetes-ingress-controller-1.3
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: ingress-controller
ports:
- containerPort: 8080
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
initContainers:
- command:
- /bin/sh
- -c
- while true; do kong migrations list; if [[ 0 -eq $? ]]; then exit 0; fi;
sleep 2; done;
env:
- name: KONG_PG_HOST
value: my-postgres.kong
- name: KONG_PG_PASSWORD
value: Abc123@@
- name: KONG_PG_PORT
value: "1921"
image: registry.cn-shanghai.aliyuncs.com/wikifx/kong:kong-2.5
name: wait-for-migrations
serviceAccountName: kong-serviceaccount
---
apiVersion: batch/v1
kind: Job
metadata:
name: kong-migrations
namespace: kong
spec:
template:
metadata:
name: kong-migrations
spec:
containers:
- command:
- /bin/sh
- -c
- kong migrations bootstrap
env:
- name: KONG_PG_PASSWORD
value: Abc123@@
- name: KONG_PG_HOST
value: my-postgres.kong
- name: KONG_PG_PORT
value: "1921"
image: registry.cn-shanghai.aliyuncs.com/wikifx/kong:kong-2.5
name: kong-migrations
initContainers:
- command:
- /bin/sh
- -c
- until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db';
sleep 1; done
env:
- name: KONG_PG_HOST
value: my-postgres.kong
- name: KONG_PG_PORT
value: "1921"
image: busybox
name: wait-for-postgres
restartPolicy: OnFailure上面的YAML需要注意修改PG的外部地址和端口,以及kong环境变量和PG配置一致
安装konga管理UI
Kong 企业版提供了管理UI,开源版本是没有的。但是有很多的开源的管理 UI ,其中比较好用的是Konga。 项目地址:https://github.com/pantsel/konga
Konga 特性
Konga 主要是用 AngularJS 写的,运行于nodejs服务端。具有以下特性:
- 管理所有Kong Admin API对象。
- 支持从远程源(数据库,文件,API等)导入使用者。
- 管理多个Kong节点。使用快照备份,还原和迁移Kong节点。
- 使用运行状况检查监视节点和API状态。
- 支持电子邮件和闲置通知。
- 支持多用户。
- 易于数据库集成(MySQL,postgresSQL,MongoDB,SQL Server)。
安装konga
konga提供了自己的持久化机制来存储它的用户信息和配置信息,支持的数据库包括MySQL、MongoDB、PostgresSQL,可通过DB_ADAPTER等环境变量指定。 这里使用的是外部的MySQL数据库。下面分别在k8s上创建如下konga的deployment、service和ingress。
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kong-konga
namespace: kong
spec:
selector:
matchLabels:
app: kong-konga
replicas: 1
template:
metadata:
labels:
app: kong-konga
spec:
initContainers:
- name: dbmigration
image: pantsel/konga
command:
- node
- /app/bin/konga.js
- prepare
- --adapter
- mysql
- --uri
- mysql://wikifx:Wikifx123@rm-uf6458d05c7fhmo7w90110.mysql.rds.aliyuncs.com:3306/kongadb
containers:
- name: kong-konga
image: pantsel/konga:0.14.9
imagePullPolicy: IfNotPresent
env:
# - name: DB_ADAPTER
# value: postgres
# - name: DB_HOST
# #服务名.命名空间
# value: my-postgres.kong
# - name: DB_PORT
# value: "1921"
# - name: DB_USER
# value: kong
# - name: DB_DATABASE
# value: konga
# - name: DB_PASSWORD
# value: "Abc123@@" #注意修改
- name: DB_ADAPTER
value: mysql
- name: DB_URI
value: mysql://wikifx:Wikifx123@rm-uf6458d05c7fhmo7w90110.mysql.rds.aliyuncs.com:3306/kongadb
- name: NODE_ENV
#value: production
value: development
- name: TZ
value: Asia/Shanghai
ports:
- containerPort: 1337
---
#service
apiVersion: v1
kind: Service
metadata:
name: kong-konga
namespace: kong
spec:
ports:
- port: 80
protocol: TCP
targetPort: 1337
nodePort: 32222
type: NodePort
selector:
app: kong-konga
管理员用户创建完成后,就可以登录到konga中,之后出现创建konga到kong admin api连接的页面,在连接创建页面填入如下图所示内容:
Prometheus 监控 Kong
参见: https://cakepanit.com/forward/dc57d8c5.html
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app: kong
name: kong-ingress-scraping
namespace: kong
spec:
endpoints:
- interval: 30s
path: /metrics
port: http-metrics
jobLabel: app
namespaceSelector:
matchNames:
- kong
selector:
matchLabels:
k8s-app: kong-metrics
---
apiVersion: v1
kind: Service
metadata:
annotations: {}
labels:
k8s-app: kong-metrics
name: kong-metrics
namespace: kong
spec:
clusterIP: None
ports:
- name: http-metrics
port: 8100
protocol: TCP
targetPort: 8100
selector:
app: ingress-kong
type: ClusterIP
