From b4a84b76fcc92841fc3612cfd1ce25f19bf47c7e Mon Sep 17 00:00:00 2001 From: hailin Date: Fri, 9 Jan 2026 19:36:06 -0800 Subject: [PATCH] refactor(kong): use DB-less mode with declarative config - Remove kong-database, kong-migrations, kong-init services - Use KONG_DATABASE=off with declarative config file - Add kong/kong.yml with all services, routes, and plugins - Remove kong_data volume (no longer needed) Co-Authored-By: Claude Opus 4.5 --- docker-compose.yml | 69 ++------------ kong/init-kong.sh | 167 ---------------------------------- kong/kong.yml | 217 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 222 insertions(+), 231 deletions(-) delete mode 100644 kong/init-kong.sh create mode 100644 kong/kong.yml diff --git a/docker-compose.yml b/docker-compose.yml index 8c9b34f..1073ef7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -81,65 +81,24 @@ services: - iconsulting-network #============================================================================= - # Kong API 网关 + # Kong API 网关 (DB-less 模式) #============================================================================= - kong-database: - image: postgres:15-alpine - container_name: iconsulting-kong-db - restart: unless-stopped - environment: - POSTGRES_USER: kong - POSTGRES_PASSWORD: kong - POSTGRES_DB: kong - volumes: - - kong_data:/var/lib/postgresql/data - healthcheck: - test: ["CMD-SHELL", "pg_isready -U kong"] - interval: 10s - timeout: 5s - retries: 5 - networks: - - iconsulting-network - - kong-migrations: - image: kong:3.4 - container_name: iconsulting-kong-migrations - command: kong migrations bootstrap - depends_on: - kong-database: - condition: service_healthy - environment: - KONG_DATABASE: postgres - KONG_PG_HOST: kong-database - KONG_PG_USER: kong - KONG_PG_PASSWORD: kong - KONG_PG_DATABASE: kong - networks: - - iconsulting-network - restart: on-failure - kong: image: kong:3.4 container_name: iconsulting-kong restart: unless-stopped - depends_on: - kong-database: - condition: service_healthy - kong-migrations: - condition: service_completed_successfully environment: - KONG_DATABASE: postgres - KONG_PG_HOST: kong-database - KONG_PG_USER: kong - KONG_PG_PASSWORD: kong - KONG_PG_DATABASE: kong + KONG_DATABASE: "off" + KONG_DECLARATIVE_CONFIG: /etc/kong/kong.yml KONG_PROXY_ACCESS_LOG: /dev/stdout KONG_ADMIN_ACCESS_LOG: /dev/stdout KONG_PROXY_ERROR_LOG: /dev/stderr KONG_ADMIN_ERROR_LOG: /dev/stderr KONG_ADMIN_LISTEN: 0.0.0.0:8001 KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 ssl + volumes: + - ./kong/kong.yml:/etc/kong/kong.yml:ro ports: - "8000:8000" # Proxy - "8443:8443" # Proxy SSL @@ -152,22 +111,6 @@ services: networks: - iconsulting-network - # Kong 配置初始化 - 使用统一的初始化脚本 - kong-init: - image: curlimages/curl:latest - container_name: iconsulting-kong-init - depends_on: - kong: - condition: service_healthy - volumes: - - ./kong/init-kong.sh:/init-kong.sh:ro - environment: - KONG_ADMIN_URL: http://kong:8001 - command: ["/bin/sh", "/init-kong.sh"] - networks: - - iconsulting-network - restart: on-failure:3 - #============================================================================= # 后端微服务 #============================================================================= @@ -375,5 +318,3 @@ volumes: driver: local neo4j_logs: driver: local - kong_data: - driver: local diff --git a/kong/init-kong.sh b/kong/init-kong.sh deleted file mode 100644 index b7d149e..0000000 --- a/kong/init-kong.sh +++ /dev/null @@ -1,167 +0,0 @@ -#!/bin/sh -#=============================================================================== -# Kong API Gateway 初始化脚本 -# -# 配置所有微服务的路由和全局插件 -# 此脚本可在容器内或主机上运行 -# -# 用法: -# 在 Docker 容器内: KONG_ADMIN_URL=http://kong:8001 ./init-kong.sh -# 在主机上: KONG_ADMIN_URL=http://localhost:8001 ./init-kong.sh -#=============================================================================== - -set -e - -KONG_ADMIN_URL="${KONG_ADMIN_URL:-http://kong:8001}" - -echo "==============================================" -echo "Kong API Gateway Configuration" -echo "Admin URL: $KONG_ADMIN_URL" -echo "==============================================" - -# 等待 Kong 就绪 -echo "" -echo "Waiting for Kong to be ready..." -max_retries=30 -retry_count=0 -until curl -s "$KONG_ADMIN_URL/status" > /dev/null 2>&1; do - retry_count=$((retry_count + 1)) - if [ $retry_count -ge $max_retries ]; then - echo "ERROR: Kong is not ready after $max_retries attempts" - exit 1 - fi - echo " Attempt $retry_count/$max_retries - Kong is not ready yet..." - sleep 2 -done -echo "Kong is ready!" - -#=============================================================================== -# 创建服务和路由 -#=============================================================================== - -echo "" -echo "Configuring services and routes..." - -# User Service - 用户认证和管理 -echo " [1/5] user-service..." -curl -s -X PUT "$KONG_ADMIN_URL/services/user-service" \ - -d url=http://user-service:3001 \ - -d connect_timeout=60000 \ - -d write_timeout=60000 \ - -d read_timeout=60000 > /dev/null -curl -s -X PUT "$KONG_ADMIN_URL/services/user-service/routes/user-routes" \ - -d "paths[]=/api/v1/users" \ - -d "paths[]=/api/v1/auth" \ - -d strip_path=false \ - -d preserve_host=true > /dev/null - -# Payment Service - 支付处理 -echo " [2/5] payment-service..." -curl -s -X PUT "$KONG_ADMIN_URL/services/payment-service" \ - -d url=http://payment-service:3002 \ - -d connect_timeout=60000 \ - -d write_timeout=60000 \ - -d read_timeout=60000 > /dev/null -curl -s -X PUT "$KONG_ADMIN_URL/services/payment-service/routes/payment-routes" \ - -d "paths[]=/api/v1/payments" \ - -d "paths[]=/api/v1/subscriptions" \ - -d strip_path=false \ - -d preserve_host=true > /dev/null - -# Knowledge Service - 知识库 -echo " [3/5] knowledge-service..." -curl -s -X PUT "$KONG_ADMIN_URL/services/knowledge-service" \ - -d url=http://knowledge-service:3003 \ - -d connect_timeout=60000 \ - -d write_timeout=60000 \ - -d read_timeout=60000 > /dev/null -curl -s -X PUT "$KONG_ADMIN_URL/services/knowledge-service/routes/knowledge-routes" \ - -d "paths[]=/api/v1/knowledge" \ - -d strip_path=false \ - -d preserve_host=true > /dev/null - -# Conversation Service - 对话服务 (需要更长的超时) -echo " [4/5] conversation-service..." -curl -s -X PUT "$KONG_ADMIN_URL/services/conversation-service" \ - -d url=http://conversation-service:3004 \ - -d connect_timeout=60000 \ - -d write_timeout=120000 \ - -d read_timeout=120000 > /dev/null -curl -s -X PUT "$KONG_ADMIN_URL/services/conversation-service/routes/conversation-routes" \ - -d "paths[]=/api/v1/conversations" \ - -d "paths[]=/api/v1/messages" \ - -d strip_path=false \ - -d preserve_host=true > /dev/null - -# Evolution Service - 进化服务 -echo " [5/5] evolution-service..." -curl -s -X PUT "$KONG_ADMIN_URL/services/evolution-service" \ - -d url=http://evolution-service:3005 \ - -d connect_timeout=60000 \ - -d write_timeout=60000 \ - -d read_timeout=60000 > /dev/null -curl -s -X PUT "$KONG_ADMIN_URL/services/evolution-service/routes/evolution-routes" \ - -d "paths[]=/api/v1/evolution" \ - -d strip_path=false \ - -d preserve_host=true > /dev/null - -#=============================================================================== -# 配置全局插件 -#=============================================================================== - -echo "" -echo "Configuring global plugins..." - -# 检查 CORS 插件是否已存在 -cors_exists=$(curl -s "$KONG_ADMIN_URL/plugins" | grep -c '"name":"cors"' || true) -if [ "$cors_exists" = "0" ]; then - echo " Adding CORS plugin..." - curl -s -X POST "$KONG_ADMIN_URL/plugins" \ - -d name=cors \ - -d "config.origins[]=https://iconsulting.szaiai.com" \ - -d "config.origins[]=http://localhost:5173" \ - -d "config.origins[]=http://localhost:3000" \ - -d "config.methods[]=GET" \ - -d "config.methods[]=POST" \ - -d "config.methods[]=PUT" \ - -d "config.methods[]=PATCH" \ - -d "config.methods[]=DELETE" \ - -d "config.methods[]=OPTIONS" \ - -d "config.headers[]=Accept" \ - -d "config.headers[]=Accept-Version" \ - -d "config.headers[]=Content-Type" \ - -d "config.headers[]=Content-Length" \ - -d "config.headers[]=Authorization" \ - -d "config.headers[]=X-User-Id" \ - -d "config.headers[]=X-Request-Id" \ - -d "config.exposed_headers[]=X-Request-Id" \ - -d config.credentials=true \ - -d config.max_age=3600 > /dev/null -else - echo " CORS plugin already exists, skipping..." -fi - -#=============================================================================== -# 显示配置结果 -#=============================================================================== - -echo "" -echo "==============================================" -echo "Kong configuration completed!" -echo "==============================================" -echo "" -echo "Services:" -curl -s "$KONG_ADMIN_URL/services" 2>/dev/null | \ - grep -o '"name":"[^"]*"' | sed 's/"name":"//g; s/"//g' | \ - while read name; do echo " - $name"; done -echo "" -echo "Routes:" -curl -s "$KONG_ADMIN_URL/routes" 2>/dev/null | \ - grep -o '"name":"[^"]*"' | sed 's/"name":"//g; s/"//g' | \ - while read name; do echo " - $name"; done -echo "" -echo "Plugins:" -curl -s "$KONG_ADMIN_URL/plugins" 2>/dev/null | \ - grep -o '"name":"[^"]*"' | sed 's/"name":"//g; s/"//g' | \ - while read name; do echo " - $name"; done -echo "" diff --git a/kong/kong.yml b/kong/kong.yml new file mode 100644 index 0000000..4232dcd --- /dev/null +++ b/kong/kong.yml @@ -0,0 +1,217 @@ +#=============================================================================== +# Kong API Gateway 声明式配置 +# +# 此文件定义所有服务、路由和插件配置 +# 可用于 DB-less 模式或作为配置参考文档 +# +# 服务架构: +# - user-service: 用户认证和管理 (3001) +# - payment-service: 支付处理 (3002) +# - knowledge-service: 知识库服务 (3003) +# - conversation-service: 对话服务 (3004) +# - evolution-service: 进化服务 (3005) +# +#=============================================================================== + +_format_version: "3.0" +_transform: true + +#=============================================================================== +# 服务和路由定义 +#=============================================================================== + +services: + #----------------------------------------------------------------------------- + # User Service - 用户认证和管理 + #----------------------------------------------------------------------------- + - name: user-service + url: http://user-service:3001 + connect_timeout: 60000 + write_timeout: 60000 + read_timeout: 60000 + retries: 3 + routes: + - name: user-routes + paths: + - /api/v1/users + - /api/v1/auth + strip_path: false + preserve_host: true + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + + #----------------------------------------------------------------------------- + # Payment Service - 支付处理 + #----------------------------------------------------------------------------- + - name: payment-service + url: http://payment-service:3002 + connect_timeout: 60000 + write_timeout: 60000 + read_timeout: 60000 + retries: 3 + routes: + - name: payment-routes + paths: + - /api/v1/payments + - /api/v1/subscriptions + strip_path: false + preserve_host: true + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + + #----------------------------------------------------------------------------- + # Knowledge Service - 知识库服务 + #----------------------------------------------------------------------------- + - name: knowledge-service + url: http://knowledge-service:3003 + connect_timeout: 60000 + write_timeout: 60000 + read_timeout: 60000 + retries: 3 + routes: + - name: knowledge-routes + paths: + - /api/v1/knowledge + strip_path: false + preserve_host: true + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + + #----------------------------------------------------------------------------- + # Conversation Service - 对话服务 + # 注意: 需要更长的超时时间以支持 AI 流式响应 + #----------------------------------------------------------------------------- + - name: conversation-service + url: http://conversation-service:3004 + connect_timeout: 60000 + write_timeout: 120000 + read_timeout: 120000 + retries: 2 + routes: + - name: conversation-routes + paths: + - /api/v1/conversations + - /api/v1/messages + strip_path: false + preserve_host: true + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + + #----------------------------------------------------------------------------- + # Evolution Service - 进化服务 + #----------------------------------------------------------------------------- + - name: evolution-service + url: http://evolution-service:3005 + connect_timeout: 60000 + write_timeout: 60000 + read_timeout: 60000 + retries: 3 + routes: + - name: evolution-routes + paths: + - /api/v1/evolution + strip_path: false + preserve_host: true + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + +#=============================================================================== +# 全局插件配置 +#=============================================================================== + +plugins: + #----------------------------------------------------------------------------- + # CORS - 跨域资源共享 + #----------------------------------------------------------------------------- + - name: cors + config: + origins: + - https://iconsulting.szaiai.com + - http://localhost:5173 + - http://localhost:3000 + methods: + - GET + - POST + - PUT + - PATCH + - DELETE + - OPTIONS + headers: + - Accept + - Accept-Version + - Content-Type + - Content-Length + - Authorization + - X-User-Id + - X-Request-Id + exposed_headers: + - X-Request-Id + credentials: true + max_age: 3600 + preflight_continue: false + + #----------------------------------------------------------------------------- + # Request Transformer - 添加请求头 + #----------------------------------------------------------------------------- + # - name: request-transformer + # config: + # add: + # headers: + # - X-Kong-Proxy: "true" + + #----------------------------------------------------------------------------- + # Rate Limiting - 请求限流 (可选) + #----------------------------------------------------------------------------- + # - name: rate-limiting + # config: + # minute: 100 + # hour: 1000 + # policy: local + # fault_tolerant: true + # hide_client_headers: false + + #----------------------------------------------------------------------------- + # Request Size Limiting - 请求大小限制 + #----------------------------------------------------------------------------- + # - name: request-size-limiting + # config: + # allowed_payload_size: 10 + # size_unit: megabytes + +#=============================================================================== +# 消费者配置 (用于认证) +#=============================================================================== + +# consumers: +# - username: web-client +# keyauth_credentials: +# - key: your-api-key-here + +# - username: admin-client +# keyauth_credentials: +# - key: your-admin-api-key-here