Tyk網關Docker安裝

文檔指南

官方文檔

查看官方Docker安裝指南，發現只提供了鏡像地址，並未給出詳細操做步驟

With Docker

Tyk has three containers that are available to set up a Docker installation:

• The Tyk Gateway container
• The Tyk Dashboard container
• The Tyk Pump container

All three are required for a full deployment. We recommend that each container is installed on a separate machine for optimum performance.

實踐

Tyk Gateway container

參考鏡像指南，此處的目標是搭建帶Dashboard的Tyk網關

Gateway - Pro installation with Dashboard

The gateway in a Pro installation is dependent on the dashboard service. We will assume that the dashboard service is installed, up and running. If not, we would recommend that you follow the dashboard installation guide here:

github.com/TykTechnolo…

The gateway relies upon the dashboard service to load it's api definitions & proxy configurations. As such, there is no need to mount any app directory.

docker run -d \
  --name tyk_gateway \
  --network tyk \
  -p 8080:8080 \
  -v $(pwd)/tyk.with_dashboard.conf:/opt/tyk-gateway/tyk.conf \
  tykio/tyk-gateway:latest
複製代碼

文檔中說明搭建網關須要先搭建Dashboard

Tyk Dashboard container

安裝指南，指南的第六步指向的鏈接已經失效，由此推斷以前存在一鍵安裝腳本

Quickstart

1. Ensure you have set up the Redis, MongoDB and Tyk Gateway containers

2. Set up the docker instance IP as the Dashboard hostname (in your /etc/hosts file or as a DNS):

   127.0.0.1 dashboard.tyk.docker

3. Run the Dashboard

   docker run -d --name tyk_dashboard -p 3000:3000 --link tyk_redis:redis --link tyk_mongo:mongo --link tyk_gateway:tyk_gateway tykio/tyk-dashboard

4. You should now be able to access your Dashboard at http://dashboard.tyk.docker:3000/ (note for OSX users, replace 127.0.0.1 with whatever IP address your docker VM runs)

5. Enter your Dashboard License. Go to http://dashboard.tyk.docker:3000/. You will see a screen asking for a license, enter it in the section marked 「Already have a license?」 and click Use this license.

6. Grab the bootstrap script from our tyk-dashboard github repo and run:

   ./bootstrap.sh dashboard.tyk.docker

To use an external configuration files, use the -v option to mount it over /opt/tyk-dashboard/tyk_analytics.conf

通過查找發現了舊版指南連接仍然能夠訪問，但不建議使用，舊版指南

按照文檔的說法須要申請許可證，官方提供開發許可證，提供郵箱便可獲取12個月的受權，申請地址

申請後根據文檔提供的Docker啓動語句準備環境和Docker-compose文件便於一鍵啓動

docker-compose.yml文件

version: "3.1"

services:

 tyk_gateway:
 image: tykio/tyk-gateway:latest
 restart: always
 networks:
 - tyk-service-bridge
 volumes:
 - /www/wwwroot/tyk-free/apps:/opt/tyk-gateway/apps
 depends_on:
 - tyk_dashboard

 tyk_dashboard:
 image: tykio/tyk-dashboard
 restart: always
 networks:
 - tyk-service-bridge
 ports:
 - 3000:3000
 depends_on:
 - mongo
 - redis

 mongo:
 image: mongo
 restart: always
 networks:
 - tyk-service-bridge

 redis:
 image: redis:4.0-alpine
 restart: always
 networks:
 - tyk-service-bridge

networks:
 tyk-service-bridge:
 driver: bridge
複製代碼

啓動

$ docker-compose up
複製代碼

放行防火牆

$ firewall-cmd --zone=public --add-port=3000/tcp --permanent 
$ firewall-cmd --reload
複製代碼

訪問瀏覽器IP:3000輸入祕鑰

許可證已經發送到註冊郵件中，激活後可登錄

但此時沒有默認的用戶名和密碼，而且暫時未找到配置的方式（差評），須要經過官方腳本註冊用戶名和密碼

但官方腳本依賴Python環境，若主機沒有python環境則沒法執行

啓動腳本：

#!/bin/bash
# Usage ./bootstrap.sh DASHBOARD_HOSTNAME

LOCALIP=$1
RANDOM_USER=$(env LC_CTYPE=C tr -dc "a-z0-9" < /dev/urandom | head -c 10)
PASS="test123"

echo "Creating Organisation"
ORGDATA=$(curl --silent --header "admin-auth: 12345" --header "Content-Type:application/json" --data '{"owner_name": "Default Org.","owner_slug": "default", "cname_enabled": true, "cname": ""}' http://$LOCALIP:3000/admin/organisations 2>&1)
#echo $ORGDATA
ORGID=$(echo $ORGDATA | python -c 'import json,sys;obj=json.load(sys.stdin);print(obj["Meta"])')
echo "ORGID: $ORGID"

echo "Adding new user"
USER_DATA=$(curl --silent --header "admin-auth: 12345" --header "Content-Type:application/json" --data '{"first_name": "John","last_name": "Smith","email_address": "'$RANDOM_USER'@example.com","password":"'$PASS'", "active": true,"org_id": "'$ORGID'"}' http://$LOCALIP:3000/admin/users 2>&1)
#echo $USER_DATA
USER_CODE=$(echo $USER_DATA | python -c 'import json,sys;obj=json.load(sys.stdin);print(obj["Message"])')
echo "USER AUTH: $USER_CODE"

USER_LIST=$(curl --silent --header "authorization: $USER_CODE" http://$LOCALIP:3000/api/users 2>&1)
#echo $USER_LIST

USER_ID=$(echo $USER_LIST | python -c 'import json,sys;obj=json.load(sys.stdin);print(obj["users"][0]["id"])')
echo "NEW ID: $USER_ID"

echo "Setting password"
OK=$(curl --silent --header "authorization: $USER_CODE" --header "Content-Type:application/json" http://$LOCALIP:3000/api/users/$USER_ID/actions/reset --data '{"new_password":"'$PASS'"}')

echo ""

echo "DONE"
echo "===="
echo "Login at http://$LOCALIP:3000/"
echo "User: $RANDOM_USER@example.com"
echo "Pass: $PASS"
echo ""
複製代碼

爲了方便使用，此處建立了包含啓動腳本的Docker鏡像

倉庫地址：fjy8018/tyk-bootstrap

使用方法：

$ docker run --rm -it --network tyk-free_tyk-service-bridge -e TARGET_IP=tyk_dashboard  fjy8018/tyk-bootstrap:0.1
複製代碼

隨即得到登錄名和密碼

登錄成功