部署好kong之后，则需要将我们自己的接口加入到kong中管理，kong提供了比较全面的restful api，每个版本会有所不同，下面的记录基于kong v0.14.x

kong的8001端口是resful admin api，服务、路由、配置都是通过这个端口进行管理，所以部署好之后页面可以直接访问localhost:8001

参考： https://docs.konghq.com/0.14.x/admin-api/#add-service

一、Retrieve node information（介绍节点信息）

获取kong节点的通用详细信息

1,查询节点信息

 http://localhost:8001

Endpoint

{
 "plugins": {
 "enabled_in_cluster": [],
 "available_on_server": {
 "response-transformer": true,
 "oauth2": true,
 "acl": true,
 "correlation-id": true,
 "pre-function": true,
 "jwt": true,
 "cors": true,
 "ip-restriction": true,
 "basic-auth": true,
 "key-auth": true,
 "rate-limiting": true,
 "request-transformer": true,
 "http-log": true,
 "file-log": true,
 "hmac-auth": true,
 "ldap-auth": true,
 "datadog": true,
 "tcp-log": true,
 "zipkin": true,
 "post-function": true,
 "request-size-limiting": true,
 "bot-detection": true,
 "syslog": true,
 "loggly": true,
 "azure-functions": true,
 "udp-log": true,
 "response-ratelimiting": true,
 "aws-lambda": true,
 "statsd": true,
 "prometheus": true,
 "request-termination": true
 }
 },
 "tagline": "Welcome to kong",
 "configuration": {
 "plugins": [
 "bundled"
 ],
 "admin_ssl_enabled": true,
 "lua_ssl_verify_depth": 1,
 "trusted_ips": {},
 "prefix": "/usr/local/kong",
 "loaded_plugins": {
 "response-transformer": true,
 "request-termination": true,
 "prometheus": true,
 "ip-restriction": true,
 "pre-function": true,
 "jwt": true,
 "cors": true,
 "statsd": true,
 "basic-auth": true,
 "key-auth": true,
 "ldap-auth": true,
 "aws-lambda": true,
 "http-log": true,
 "response-ratelimiting": true,
 "hmac-auth": true,
 "request-size-limiting": true,
 "datadog": true,
 "tcp-log": true,
 "zipkin": true,
 "post-function": true,
 "bot-detection": true,
 "acl": true,
 "loggly": true,
 "syslog": true,
 "azure-functions": true,
 "udp-log": true,
 "file-log": true,
 "request-transformer": true,
 "correlation-id": true,
 "rate-limiting": true,
 "oauth2": true
 },
 "cassandra_username": "kong",
 "admin_ssl_cert_csr_default": "/usr/local/kong/ssl/admin-kong-default.csr",
 "ssl_cert_key": "/usr/local/kong/ssl/kong-default.key",
 "admin_ssl_cert_key": "/usr/local/kong/ssl/admin-kong-default.key",
 "dns_resolver": {},
 "pg_user": "kong",
 "mem_cache_size": "128m",
 "cassandra_data_centers": [
 "dc1:2",
 "dc2:3"
 ],
 "nginx_admin_directives": {},
 "custom_plugins": {},
 "pg_host": "127.0.0.1",
 "nginx_acc_logs": "/usr/local/kong/logs/access.log",
 "proxy_listen": [
 "0.0.0.0:8000",
 "0.0.0.0:8443 ssl"
 ],
 "client_ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt",
 "ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key",
 "dns_no_sync": false,
 "db_update_propagation": 0,
 "nginx_err_logs": "/usr/local/kong/logs/error.log",
 "cassandra_port": 9042,
 "dns_order": [
 "LAST",
 "SRV",
 "A",
 "CNAME"
 ],
 "dns_error_ttl": 1,
 "headers": [
 "server_tokens",
 "latency_tokens"
 ],
 "dns_stale_ttl": 4,
 "nginx_optimizations": true,
 "database": "postgres",
 "pg_database": "kong",
 "nginx_worker_processes": "auto",
 "lua_package_cpath": "",
 "admin_acc_logs": "/usr/local/kong/logs/admin_access.log",
 "lua_package_path": "./?.lua;./?/init.lua;",
 "nginx_pid": "/usr/local/kong/pids/nginx.pid",
 "upstream_keepalive": 60,
 "cassandra_contact_points": [
 "127.0.0.1"
 ],
 "client_ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr",
 "proxy_listeners": [
 {
 "ssl": false,
 "ip": "0.0.0.0",
 "proxy_protocol": false,
 "port": 8000,
 "http2": false,
 "listener": "0.0.0.0:8000"
 },
 {
 "ssl": true,
 "ip": "0.0.0.0",
 "proxy_protocol": false,
 "port": 8443,
 "http2": false,
 "listener": "0.0.0.0:8443 ssl"
 }
 ],
 "proxy_ssl_enabled": true,
 "admin_access_log": "logs/admin_access.log",
 "ssl_ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
 "enabled_headers": {
 "latency_tokens": true,
 "X-Kong-Proxy-Latency": true,
 "Via": true,
 "server_tokens": true,
 "Server": true,
 "X-Kong-Upstream-Latency": true,
 "X-Kong-Upstream-Status": false
 },
 "cassandra_ssl": false,
 "ssl_cert_csr_default": "/usr/local/kong/ssl/kong-default.csr",
 "db_resurrect_ttl": 30,
 "client_max_body_size": "0",
 "cassandra_consistency": "ONE",
 "db_cache_ttl": 0,
 "admin_error_log": "logs/error.log",
 "pg_ssl_verify": false,
 "dns_not_found_ttl": 30,
 "pg_ssl": false,
 "client_ssl": false,
 "db_update_frequency": 5,
 "cassandra_repl_strategy": "SimpleStrategy",
 "nginx_kong_conf": "/usr/local/kong/nginx-kong.conf",
 "cassandra_repl_factor": 1,
 "nginx_http_directives": [
 {
 "value": "prometheus_metrics 5m",
 "name": "lua_shared_dict"
 }
 ],
 "error_default_type": "text/plain",
 "kong_env": "/usr/local/kong/.kong_env",
 "real_ip_header": "X-Real-IP",
 "dns_hostsfile": "/etc/hosts",
 "admin_listeners": [
 {
 "ssl": false,
 "ip": "0.0.0.0",
 "proxy_protocol": false,
 "port": 8001,
 "http2": false,
 "listener": "0.0.0.0:8001"
 },
 {
 "ssl": true,
 "ip": "0.0.0.0",
 "proxy_protocol": false,
 "port": 8444,
 "http2": false,
 "listener": "0.0.0.0:8444 ssl"
 }
 ],
 "admin_ssl_cert": "/usr/local/kong/ssl/admin-kong-default.crt",
 "ssl_cert": "/usr/local/kong/ssl/kong-default.crt",
 "proxy_access_log": "logs/access.log",
 "admin_ssl_cert_key_default": "/usr/local/kong/ssl/admin-kong-default.key",
 "cassandra_ssl_verify": false,
 "cassandra_lb_policy": "RoundRobin",
 "ssl_cipher_suite": "modern",
 "real_ip_recursive": "off",
 "proxy_error_log": "logs/error.log",
 "client_ssl_cert_key_default": "/usr/local/kong/ssl/kong-default.key",
 "nginx_daemon": "on",
 "anonymous_reports": true,
 "cassandra_timeout": 5000,
 "nginx_proxy_directives": {},
 "pg_port": 5432,
 "log_level": "notice",
 "client_body_buffer_size": "8k",
 "cassandra_schema_consensus_timeout": 10000,
 "lua_socket_pool_size": 30,
 "admin_ssl_cert_default": "/usr/local/kong/ssl/admin-kong-default.crt",
 "cassandra_keyspace": "kong",
 "ssl_cert_default": "/usr/local/kong/ssl/kong-default.crt",
 "nginx_conf": "/usr/local/kong/nginx.conf",
 "admin_listen": [
 "0.0.0.0:8001",
 "0.0.0.0:8444 ssl"
 ]
 },
 "version": "0.14.1",
 "node_id": "fee222ae-7871-49e5-a47c-bdc55410dc2a",
 "lua_version": "LuaJIT 2.1.0-beta3",
 "prng_seeds": {
 "pid: 2328": 177223337424,
 "pid: 2326": 145810617621,
 "pid: 2327": 712547711113,
 "pid: 2329": 114129841275
 },
 "timers": {
 "pending": 5,
 "running": 0
 },
 "hostname": "localhost.localdomain"
}

部分返回字段含义：

node_id : 正在运行的kong节点的uuid，当kong启动时随机生成，每次kong重启时这个uuid都会变availabel_on_server : kong节点上安装的plugins的名称enabled_in_cluster : kong节点中启用的插件，即在数据库中生成了对应存储表

2,查询节点状态

curl http://localhost:8001/status
{
 "database": {
 "reachable": true
 },
 "server": {
 "connections_writing": 1,
 "total_requests": 67,
 "connections_handled": 46,
 "connections_accepted": 46,
 "connections_reading": 0,
 "connections_active": 2,
 "connections_waiting": 1
 }
}

**字段解释

字段解释total_requests客户端请求总数connections_active包括等待连接的活动客户端连接的当前数量connections_accepted接受的客户端连接的总数connections_handled处理连接的总数。一般来说，除非达到一定的资源限制，否则参数值与接受值相同connections_reading当前Kong正在读取请求头的连接数connections_writingNGINX将响应写入客户端的连接的当前数量connections_waiting等待请求的空闲客户端连接的当前数量reachable反映数据库连接状态的布尔值。注意，此标志不反映数据库本身的健康状况。

二，service服务

 kong v0.13.x官方建议用Service和Route模块来管理API，这样可以更好的管理，比如认证和策略统一配置。

1，Add Service（添加服务）

参数

字段解释备注name服务名称无protocol协议：http or https 默认是 http你后端服务用什么协议访问就写什么协议host后端服务域名无port后端服务端口无path后端服务子路径；没有就填 ‘/‘无retries重试次数：默认 5次默认就行connect_timeout请求后端服务的超时时间：默认60000 ms1秒(s)=1000毫秒(ms)write_timeout写超时时间：默认60000 ms1秒(s)=1000毫秒(ms)read_timeout读超时时间：默认60000 ms1秒(s)=1000毫秒(ms)url后端服务url地址一般就用这种方式，可以直接指定：protocol、host、port and path， 不用单独指定啦

使用：

curl -i -X POST http://localhost:8001/services -d "name=test.service" -d "url=http://你的后端服务域名/api"

返回：

{
 "host": "你的后端服务域名",
 "created_at": 1538093069,
 "connect_timeout": 60000,
 "id": "85c4d968-7b6f-48fc-b5b0-260cf8493821",
 "protocol": "http",
 "name": "test.service",
 "read_timeout": 60000,
 "port": 80,
 "path": "/api",
 "updated_at": 1538093069,
 "retries": 5,
 "write_timeout": 60000
}

注：url 这个属性很好用，可以直接指定 protocol、host、port and path。

**也 可以这么写*

curl -i -X POST http://localhost:8001/services -d "name=test.service" -d "protocol=http" -d "host=hxonline.hxsd.cn" -d "path=/api"

2,Retrieve Service（查询服务）

查询所有服务

curl -i -X GET http://1localhost:8001/services

查询某个服务

curl -i -X GET http://localhost:8001/services/{服务名称 or 服务id}
EXP：
curl -i -X GET http://localhost:8001/services/test.service #我的服务名称

获取某个路由下的服务

curl -i -X GET http://localhost:8001/routes/{路由ID}/service 
EXP：
curl -i -X GET http://localhost:8001/routes/xxxx-xxx-xxx-xx/service

更新服务

可以用 PATCH 和 PUT，PATCH可以修改已存在的服务，PUT 如果服务不存在则新建一个。

curl -i -X PUT http://localhost:8001/services/{服务名称或ID} -d "name=test.service" -d "protocol=http" -d "host=hxonline.hxsd.cn" -d "path=/api"

删除服务

curl -i -X DELETE http://localhost:8001/services/{服务名称或ID}
EXP：
curl -i -X DELETE http://localhost:8001/services/test.service

返回

HTTP 204 No Content （看到这个就成功啦）

三、Route Object（路由）

路由是真正对外提供接口的实体，每个路由都与一个服务相关联，而服务可能有多个与之相关联的路由。每一个匹配给定路线的请求都将被提交给它的相关服务。

字段解释是否必填protocols协议列表，http、https。设置：protocols[]=http&protocols[]=https必填methods接受请求的方法：GET 或 POST ，二者都行。设置 methods[]=GET&methods[]=POST半选填：默认是二者都行hosts与此路由匹配的域名列表。例如：example.com。用作form-encode， 设置：hosts[]= Foo.com和hosts[]= BAR.com半选填paths与此路由匹配的路径列表。例如：/test必填：这个很重要，区分多服务strip_path选填preserve_host选填service与此路由绑定的服务。设置：service.id=<service_id>必填

1，Add Route（添加路由）

curl -i -X POST --url http://localhost:8001/routes/ \
 -d 'protocols[]=http&protocols[]=https' \
 -d 'paths=/test' \
 -d 'service.id=xxx-xxxx-xxxx-xx' #服务ID

访问接口

curl -i -X GET http://localhost:8000/test/{后端服务路由}
注：test 是创建路由是的 paths 字段。
EXP：
curl -i -X GET http://localhost:8000/test/userinfo

2，Retrieve Route （获取路由信息）

获取全部路由

curl -i -X GET http://localhost:8001/routes/

获取某个路由

curl -i -X GET http://localhost:8001/routes/xxx-xxx-xxx #路由ID

获取某服务下的路由

curl -i -X GET http://localhost:8001/services/{服务名或服务ID}/routes

更新路由

可以用 PATCH 和 PUT，PATCH可以修改已存在的路由，PUT 如果路由不存在则新建一个。

curl -i -X PUT http://localhost:8001/routes/xxx-xxx-xxx \ #路由ID
 -d 'protocols[]=http&protocols[]=https' \
 -d 'paths=test' \

删除路由

curl -i -X DELETE http://localhost:8001/routes/xxx-xxx-xxx #路由ID

总结

到这里kong的服务和路由的设置已经完事了，接下来认证插件和acl的配合来保证对外接口的安全性。