前言:
由于在docker下部署一些项目比较特殊,特别是网络这一块,如果没有搞清楚,是很容易出问题的。
先上docker-compose 编排
这里的docker-compose for kong可以在 kong-compose 获取代码
version: '3.9'
x-kong-config:
&kong-env
KONG_DATABASE: ${KONG_DATABASE:-off}
KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong}
KONG_PG_HOST: ip # ip地址
KONG_PG_USER: kong # 用户名直接写死为 kong
KONG_PG_PASSWORD: ggbhack # 密码直接写死为 ggbhack
volumes:
kong_data:
driver: local
driver_opts:
type: none
device: ./kong_data
o: bind
kong_prefix_vol:
driver: local
driver_opts:
type: none
device: ./kong_prefix_vol
o: bind
kong_tmp_vol:
driver: local
driver_opts:
type: none
device: ./kong_tmp_vol
o: bind
networks:
kong-net:
external: false
# driver: bridge
services:
kong-migrations:
image: "${KONG_DOCKER_TAG:-kong:latest}"
command: kong migrations bootstrap
profiles: ["database"]
depends_on:
- db
environment:
<<: *kong-env
networks:
- kong-net
restart: on-failure
kong-migrations-up:
image: "${KONG_DOCKER_TAG:-kong:latest}"
command: kong migrations up && kong migrations finish
profiles: ["database"]
depends_on:
- db
environment:
<<: *kong-env
networks:
- kong-net
restart: on-failure
kong:
image: "${KONG_DOCKER_TAG:-kong:latest}"
user: "${KONG_USER:-kong}"
container_name: kong
environment:
<<: *kong-env
KONG_ADMIN_ACCESS_LOG: /dev/stdout
KONG_ADMIN_ERROR_LOG: /dev/stderr
KONG_PROXY_LISTEN: "${KONG_PROXY_LISTEN:-0.0.0.0:8000}"
KONG_ADMIN_LISTEN: "${KONG_ADMIN_LISTEN:-0.0.0.0:8001}"
KONG_ADMIN_GUI_LISTEN: "${KONG_ADMIN_GUI_LISTEN:-0.0.0.0:8002}"
KONG_PROXY_ACCESS_LOG: /dev/stdout
KONG_PROXY_ERROR_LOG: /dev/stderr
KONG_PREFIX: ${KONG_PREFIX:-/var/run/kong}
KONG_DECLARATIVE_CONFIG: "/opt/kong/kong.yaml"
KONG_DNS_RESOLVER: "ip:8600" # 使用 consul 服务作为 DNS 解析器
networks:
- kong-net
ports:
- "${KONG_INBOUND_PROXY_LISTEN:-0.0.0.0}:8000:8000/tcp"
- "${KONG_INBOUND_SSL_PROXY_LISTEN:-0.0.0.0}:8443:8443/tcp"
- "8001:8001/tcp"
- "8444:8444/tcp"
- "8002:8002/tcp"
healthcheck:
test: ["CMD", "kong", "health"]
interval: 10s
timeout: 10s
retries: 10
restart: on-failure:5
read_only: true
volumes:
- kong_prefix_vol:${KONG_PREFIX:-/var/run/kong}
- kong_tmp_vol:/tmp
- ./config:/opt/kong
security_opt:
- no-new-privileges
consul:
image: hashicorp/consul:latest
container_name: consul
profiles: ["database"]
ports:
- "8500:8500" # Consul UI 和 API
- "8600:8600/udp" # DNS 解析端口(UDP)
environment:
CONSUL_BIND_INTERFACE: eth0
command: agent -server -ui -bootstrap-expect=1 -client=0.0.0.0
volumes:
- ./consul/data:/consul/data
- ./consul/config:/consul/config
networks:
- kong-net
db:
image: postgres:9.5
container_name: kong-db
profiles: ["database"]
environment:
POSTGRES_DB: ${KONG_PG_DATABASE:-kong}
POSTGRES_USER: kong # 用户名 kong
POSTGRES_PASSWORD: ggbhack # 密码 ggbhack
healthcheck:
test:
[
"CMD",
"pg_isready",
"-d",
"${KONG_PG_DATABASE:-kong}",
"-U",
"kong" # 使用 kong 作为数据库用户
]
interval: 30s
timeout: 30s
retries: 3
restart: on-failure
stdin_open: true
tty: true
networks:
- kong-net
volumes:
- kong_data:/var/lib/postgresql/data
ports:
- 5432:5432
konga:
image: pantsel/konga:latest
container_name: konga
environment:
KONGA_HOST: "http://kong:8001" # Kong Admin API 地址
DB_ADAPTER: "postgres" # 数据库适配器类型
DB_URI: "postgres://kong:password@db:5432/kong" # Konga 使用的数据库 URI
ports:
- "1337:1337" # Konga Web UI 端口
networks:
- kong-net
depends_on:
- kong
# - db
restart: always
遇到的问题
报错 访问接口 ip:port/g/v1/goods 【这是我go搭建的 微服务其中的一个服务接口】
Error
failed the initial dns/balancer resolve for 'goods-web.service.consul' with: failed to receive reply from UDP server ip(外网ip):8600: connection refused.
request_id: b0d489023418a7508565f5411b5a5f6c
总结下来就是 dns解析失败
nacos 配置
consul 状态
service+routes 定义
解决方案
① 确保 以上启动正常,并且kong和consul在同一个 编排下
② 我使用的是外网访问 - 将 consul 开放出去【一开始我开放的是tcp,后面改为了udp】这里是关键 - 之后就正常访问啦
我在网上找了,也没有找到什么方案 - 问题的关键还是在配置上;弄了几个小时,终于搞定