Gravitee使用指南(一)网关部署-官方镜像部署

1,906 阅读5分钟

首先,我们需要准备部署网关的物理环境,我搭建测试环境使用的是:
1.8核16G的Centos服务器两台
2.三节点的Mongodb集群一个
3.2核4G Redis实例一个
4.一套完整的ELK环境,主要是elaticsearch

本文章是用过的官方编译好放在DockerHub的镜像进项部署,所以我们需要先准备好Docker环境,Docker的安装我这里不再赘述,可以直接看官方文档。

根据官方文档描述,我们在启动网关时,需要配置网关的限流中间件数据库,可以使用redis和mongodb两种数据来进行限制,和进行统计报表的elaticsearch
注意这有个坑,最新的版本已经不再支持redis作为reate limit来进行使用

1626249726752.jpg

所以我们在准备好数据库环境之后,开始部署网关应用,我们来看一下官方文档的部署命令

docker run  \
        --publish 82:8082  \
        --name gateway  \
        --env GRAVITEE_MANAGEMENT_MONGODB_URI=mongodb://username:password@mongohost:27017/dbname
        --detach  \
        graviteeio/apim-gateway:latest

官方实例中式通过环境变量来指定了mongodb的信息,然后告诉你,如果想进行更多详细的配置,需要自己编写yml文件来进行更详细的配置,我这里贴一下完整的全量配置yml文件,量非常的大,大家慢慢看。

############################################################################################################
#################################### Gravitee.IO Gateway - Configuration ###################################
############################################################################################################

############################################################################################################
# This file is the general configuration of Gravitee.IO Gateway:
# - Properties (and respective default values) in comment are provided for information.
# - You can reference other property by using ${property.name} syntax
# - gravitee.home property is automatically set-up by launcher and refers to the installation path. Do not override it !
#
# Please have a look to http://docs.gravitee.io/ for more options and fine-grained granularity
############################################################################################################

# Gateway HTTP server
#http:
#  port: 8082
#  host: 0.0.0.0
#  idleTimeout: 0
#  tcpKeepAlive: true
#  compressionSupported: false
#  maxHeaderSize: 8192
#  maxChunkSize: 8192
#  maxInitialLineLength: 4096
#  instances: 0
#  requestTimeout: 0
#  secured: false
#  alpn: false
#  ssl:
#    sni: false
#    clientAuth: none # Supports none, request, requires
#    tlsProtocols: TLSv1.2, TLSv1.3
#    tlsCiphers: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
#    keystore:
#      type: jks # Supports jks, pem, pkcs12
#      path: ${gravitee.home}/security/keystore.jks
#      password: secret
#    truststore:
#      type: jks # Supports jks, pem, pkcs12
#      path: ${gravitee.home}/security/truststore.jks
#      password: secret
#  websocket:
#    enabled: false
#    subProtocols: v10.stomp, v11.stomp, v12.stomp
#    perMessageWebSocketCompressionSupported: true
#    perFrameWebSocketCompressionSupported: true

# Plugins repository
#plugins:
#  path:
#    - ${gravitee.home}/plugins
#    - ${gravitee.home}/my-custom-plugins

# If a plugin is already installed (but with a different version), management node does not start anymore
#  failOnDuplicate: true

# Management repository is used to store global configuration such as APIs, applications, apikeys, ...
# This is the default configuration using MongoDB (single server)
# For more information about MongoDB configuration, please have a look to:
# - http://api.mongodb.org/java/current/com/mongodb/MongoClientOptions.html
management:
  type: mongodb
  mongodb:
    dbname: ${ds.mongodb.dbname}
    host: ${ds.mongodb.host}
    port: ${ds.mongodb.port}
#    username:
#    password:
#    connectionsPerHost: 0
#    connectTimeout: 500
#    maxWaitTime: 120000
#    socketTimeout: 500
#    socketKeepAlive: false
#    maxConnectionLifeTime: 0
#    maxConnectionIdleTime: 0
#    serverSelectionTimeout: 0
#    description: gravitee.io
#    heartbeatFrequency: 10000
#    minHeartbeatFrequency: 500
#    heartbeatConnectTimeout: 1000
#    heartbeatSocketTimeout: 20000
#    localThreshold: 15
#    minConnectionsPerHost: 0
#    sslEnabled: false
#    keystore:                   # path to KeyStore (when sslEnabled is true)
#    keystorePassword:           # KeyStore password
#    keyPassword:                # password for recovering keys in the KeyStore
#    threadsAllowedToBlockForConnectionMultiplier: 5
#    cursorFinalizerEnabled: true
# possible values are 1,2,3... (the number of node) or 'majority'
#    writeConcern: 1
#    wtimeout: 0
#    journal: true

# Management repository: single MongoDB using URI
# For more information about MongoDB configuration using URI, please have a look to:
# - http://api.mongodb.org/java/current/com/mongodb/MongoClientURI.html
#management:
#  type: mongodb
#  mongodb:
#    uri: mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]

# Management repository: clustered MongoDB
#management:
#  type: mongodb
#  mongodb:
#    servers:
#      - host: mongo1
#        port: 27017
#      - host: mongo2
#        port: 27017
#    dbname: ${ds.mongodb.dbname}
#    connectTimeout: 500
#    socketTimeout: 250

# When defining rate-limiting policy, the gateway has to store data to share with other gateway instances.
# In this example, we are using MongoDB to store counters.
ratelimit:
  type: mongodb
  mongodb:
    uri: mongodb://${ds.mongodb.host}:${ds.mongodb.port}/${ds.mongodb.dbname}

cache:
  type: ehcache

# Reporters configuration (used to store reporting monitoring data, request metrics, healthchecks and others...
# All reporters are enabled by default. To stop one of them, you have to add the property 'enabled: false'
reporters:
  # logging configuration
#  logging:
#    max_size: -1 # max size per API log content respectively : client-request, client-response, proxy-request and proxy-response in MB (-1 means no limit)
#    excluded_response_types: video.*|audio.*|image.*|application\/octet-stream|application\/pdf # Response content types to exclude in logging (must be a regular expression)
  # Elasticsearch reporter
  elasticsearch:
    enabled: true # Is the reporter enabled or not (default to true)
    endpoints:
      - http://${ds.elastic.host}:${ds.elastic.port}
#    lifecycle:
#      policy_property_name: index.lifecycle.name   #for openDistro, use 'opendistro.index_state_management.policy_id' instead of 'index.lifecycle.name'
#      policies:
#        monitor: my_policy ## ILM policy for the gravitee-monitor-* indexes
#        request: my_policy ## ILM policy for the gravitee-request-* indexes
#        health: my_policy ## ILM policy for the gravitee-health-* indexes
#        log: my_policy ## ILM policy for the gravitee-log-* indexes
#    index: gravitee
#    index_per_type: true
#    bulk:
#      actions: 1000           # Number of requests action before flush
#      flush_interval: 5       # Flush interval in seconds
#    settings:
#      number_of_shards: 1
#      number_of_replicas: 1
#      refresh_interval: 5s
#    pipeline:
#      plugins:
#        ingest: geoip, user_agent      # geoip and user_agent are enabled by default for elasticsearch version above 7.x
#    security:
#      username: user
#      password: secret
#    http:
#      timeout: 30000 # in milliseconds
#      proxy:
#        type: HTTP #HTTP, SOCK4, SOCK5
#        http:
#          host: localhost
#          port: 3128
#          username: user
#          password: secret
#        https:
#          host: localhost
#          port: 3128
#          username: user
#          password: secret
#    template_mapping:
#      path: ${gravitee.home}/config/reporter/elasticsearch/templates
#      extended_request_mapping: request.ftl
  file:
    enabled: false # Is the reporter enabled or not (default to false)
#    fileName: ${gravitee.home}/metrics/%s-yyyy_mm_dd
#    output: json # Can be csv, json, elasticsearch or message_pack

# Gateway service configurations. Provided values are default values.
# All services are enabled by default. To stop one of them, you have to add the property 'enabled: false' (See the
# 'local' service for an example).
services:
  core:
    http:
      enabled: true
      port: 18082
      host: localhost
      authentication:
        # authentication type to be used for the core services
        # - none : to disable authentication
        # - basic : to use basic authentication
        # default is "basic"
        type: basic
        users:
          admin: adminadmin

  # The thresholds to determine if a probe is healthy or not
#  health:
#    threshold:
#      cpu: # Default is 80%
#      memory: # Default is 80%

  # Synchronization daemon used to keep the gateway state in sync with the configuration from the management repository
  # Be aware that, by disabling it, the gateway will not be sync with the configuration done through management API
  # and management UI
  sync:
    # Synchronization is done each 5 seconds
    cron: '*/5 * * * * *'
    distributed: false # By enabling this mode, data synchronization process is distributed over clustered API gateways.

  # Service used to store and cache api-keys from the management repository to avoid direct repository communication
  # while serving requests.
  apikeyscache:
    delay: 10000
    unit: MILLISECONDS
    threads: 3 # Threads core size used to retrieve api-keys from repository.

  # Service used to store and cache subscriptions from the management repository to avoid direct repository communication
  # while serving requests.
  subscriptions:
    delay: 10000
    unit: MILLISECONDS
    threads: 3 # Threads core size used to retrieve subscriptions from repository.

  # Local registry service.
  # This registry is used to load API Definition with json format from the file system. By doing so, you do not need
  # to configure your API using the web console or the rest API (but you need to know and understand the json descriptor
  # format to make it work....)
  local:
    enabled: false
    path: ${gravitee.home}/apis # The path to API descriptors

  # Gateway monitoring service.
  # This service retrieves metrics like os / process / jvm metrics and send them to an underlying reporting service.
  monitoring:
    delay: 5000
    unit: MILLISECONDS
    distributed: false # By enabling this mode, data monitoring gathering process is distributed over clustered API gateways.

  # metrics service
  metrics:
    enabled: false
# default: local, http_method, http_code
#    labels:
#      - local
#      - remote
#      - http_method
#      - http_code
#      - http_path
    prometheus:
      enabled: true

  # heartbeat
#  heartbeat:
#    enabled: true
#    delay: 5000
#    unit: MILLISECONDS
#    storeSystemProperties: true

#handlers:
#  request:
#    # manage traceparent header defined by W3C trace-context specification
#    trace-context:
#      enabled: false
#    # possible values: hex, uuid. Default: uuid.
#    format: uuid
#    transaction:
#      # Default: X-Gravitee-Transaction-Id.
#      header: X-Gravitee-Transaction-Id
#    headers:
#      # Override X-Forwarded-Prefix with context path. Disabled by default.
#      x-forwarded-prefix: false
#    request:
#      # Default: X-Gravitee-Request-Id.
#      header: X-Gravitee-Request-Id

# Referenced properties
ds:
  mongodb:
    dbname: gravitee
    host: localhost
    port: 27017
  elastic:
    host: localhost
    port: 9200

#system:
#  # Proxy configuration that can be used to proxy request to api endpoints (see endpoint http configuration -> Use system proxy).
#  proxy:
#    type: HTTP #HTTP, SOCK4, SOCK5
#    host: localhost
#    port: 3128
#    username: user
#    password: secret

# Organizations and Environments configuration
# Associate this gateway to a list of environments belonging to organizations. This is a list of environment hrids.
#organizations: mycompany
#environments: dev,qa

# Sharding tags configuration
# Allows to define inclusion/exclusion sharding tags to only deploy a part of APIs. To exclude just prefix the tag with '!'.
#tags: products,stocks,!international
#zone: national-products

# Multi-tenant configuration
# Allow only a single-value
#tenant: europe

#policy:
# Customize the api-key header and / or query parameter.
# Set an empty value to prohibit its use.
#  api-key:
#    header: X-Gravitee-Api-Key
#    param: api-key

#el:
  # Allows to define which methods or classes are accessible to the Expression Language engine (/!\ caution, changing default whitelist may expose you to security issues).
  # A complete list of default whitelist methods can be found here (https://raw.githubusercontent.com/gravitee-io/gravitee-expression-language/master/src/main/resources/whitelist).
#  whitelist:
    # Allows to define if the specified list of method or classes should be append to the default one or should replace it.
    # We recommend you to always choose 'append' unless you absolutely know what you are doing.
#    mode: append
    # Define the list of classes or methods to append (or set) to made accessible to the Expression Language.
    # start with 'method' to allow a specific method (complete signature).
    # start with 'class' to allow a complete class. All methods of the class will then be accessible.
#    list:
      # Ex: allow access to DateTimeFormatter.ofLocalizedDate(FormatStyle) method
      # - method java.time.format.DateTimeFormatter ofLocalizedDate java.time.format.FormatStyle
      # Ex: allow access to all methods of DateTimeFormatter class
      # - class java.time.format.DateTimeFormatter

#groovy:
  # Allows to define which methods, fields, constructors, annotations or classes are accessible to the Groovy Script (/!\ caution, changing default whitelist may expose you to security issues).
  # A complete list of default whitelist methods can be found here (https://raw.githubusercontent.com/gravitee-io/gravitee-policy-groovy/master/src/main/resources/groovy-whitelist).
#  whitelist:
    # Allows to define if the specified list of methods, fields, constructors or classes should be append to the default one or should replace it.
    # We recommend you to always choose 'append' unless you absolutely know what you are doing.
#    mode: append
    # Define the list of classes, methods, constructors, fields or annotations to append (or set) to made accessible to the Groovy Script.
    # start with 'method' to allow a specific method (complete signature).
    # start with 'class' to allow a complete class. All methods, constructors and fields of the class will then be accessible.
    # start with 'new' to allow a specific constructor (complete signature).
    # start with 'field' to allow access to a specific field of a class.
    # start with 'annotation' to allow use of a specific annotation.
#    list:
      # Ex: allow access to DateTimeFormatter.ofLocalizedDate(FormatStyle) method
      # - method java.time.format.DateTimeFormatter ofLocalizedDate java.time.format.FormatStyle
      # Ex: allow access to all methods, constructors and fields of DateTimeFormatter class
      # - class java.time.format.DateTimeFormatter
      # Ex: allow usage of field Integer.MAX_VALUE
      # - field java.lang.Integer MAX_VALUE
      # Ex: allow usage of @Override annotation
      # - annotation java.lang.Override

# If you want to create cluster of nodes, you can change the Hazelcast file to configure the Hz network
# Clustering capabilities can be used for:
#   - Distributed sync process
#   - Distributed rate-limiting / quota counters
#cluster:
#  hazelcast:
#    config:
#      path: ${gravitee.home}/config/hazelcast.xml

问题来了,文档中告诉了你配置文件怎么写,但是愣是没告诉你怎么让容器正确的读取到这个配置文件,我一句MMP就爆出了口,然后我去翻了一下源代码,找到了答案,网关会默认读取:/etc/gravitee-gateway/gravitee.yml这个位置的配置文件,所以我们在启动容器时需要给他挂载一个写好的配置文件到容器的这个目录上去,当然你也可以直接在build的时候就把配置就打到镜像的这个位置上去,我选择的是挂载,方便修改,所以最后的部署命令变为了:

docker run -p 8082:8082 --name openapi-gateway -v /home/openapi/gateway:/etc/gravitee-gateway -d graviteeio/apim-gateway:latest

这里给贴一个最基础的核心配置文件出来,只要写上这几个核心配置,就可以启动网关,别问我为什么知道,说出来全是泪。。。

management:
  type: mongodb
  mongodb:
    uri: mongodb://你的mongodb数据库
ratelimit:     #这个老版本的可以选redis MongoDB jdbc 新版本不在支持redis,我都是全量用mongodb
  type: mongodb
  mongodb:
    uri: mongodb://你的mongodb数据库
cache:
  type: ehcache #这玩意是必须配置的,不配置会报错
reporters:
  elasticsearch:
    enabled: true
    endpoints:
      - http://172.17.0.1:9200

正常启动网关之后,我们看一下网关的日志,我们会看到网关读取了我们挂载的配置文件,加载了所有默认插件并且开始监听8082端口开始处理请求,如果启动失败查看一下日志信息,大多数都是因为配置不正确或者数据库连接不上等问题。
从输出日志中我们还可以看出来几个坑就是jvm参数和一些系统的时区之类的配置,默认最大的jvm内存只有256,需要我们去自行更改,但是官方文档中并没有标注通过哪些地方进行修改,所以下一篇文章我们会采用源码编译然后自己编译镜像的方式去进行部署,来修改一些关键的自定义配置。

image.png