Skip to content

Latest commit

 

History

History
125 lines (97 loc) · 4.41 KB

README.md

File metadata and controls

125 lines (97 loc) · 4.41 KB
Raw

Kong API Gateway POC with Kubernetes

A proof of concept for setting up Kong API Gateway on Kubernetes using declarative configuration (DB-less) and custom Typescript plugins.

Kong is a highly configurable piece of software that can be deployed in a number of different ways, depending on your use-case.

The recommended deployment approach is to use the Ingress Controller based configuration along-with DB-less mode.

For more details, see Kubernetes Ingress Controller Design, Getting started with the Kubernetes Ingress Controller, Setting up custom plugin in Kubernetes environment, Use Plugins With Containers, Installing your plugin, Plugins in Other Languages and Plugins in Javascript/TypeScript. The official Kong Ingress Controller is open-source and available on this GitHub repository.

Kong can be installed on many systems. For Kubernetes, it can be installed using YAML Manifests or using a Helm Chart.

Local setup

To clone and run this POC, you’ll need to have Git, Docker, kubectl, Helm and minikube installed on your computer.

  • Clone this repository
git clone [email protected]:dyarleniber/kong-api-gateway-poc.git
  • Go into the repository folder
cd kong-api-gateway-poc/k8s
  • Start minikube
minikube start
  • It will take a few minutes to get all resources provisioned
kubectl get nodes
  • Set up the services
kubectl apply -f ./services --recursive
  • Set up Ingress rules
kubectl apply -f ./ingress --recursive
  • Make sure the pods are running
kubectl get pods
  • Create a new namespace for Kong
kubectl create ns kong
  • Create a ConfigMap with the custom plugins
kubectl create configmap kong-plugin-dummy-auth --from-file=plugins/dummy-auth -n kong
  • Install Kong Ingress Controller using Helm 3
helm repo add kong https://charts.konghq.com && \
helm repo update && \
helm install kong kong/kong \
--values kong/values.yaml \
--namespace kong
  • Make sure the Kong pods are running
kubectl get pods -n kong
  • Set up the custom plugins
kubectl apply -f plugins/dummy-auth.yaml && \
kubectl apply -f plugins/add-response-header.yaml && \
kubectl patch ingress kong-services -p '{"metadata":{"annotations":{"konghq.com/plugins":"add-response-header"}}}' && \
kubectl patch ingress secure-kong-services -p '{"metadata":{"annotations":{"konghq.com/plugins":"dummy-auth-plugin"}}}'
  • Use the minikube tunnel command to expose the Kong service to the localhost
minikube tunnel
  • Invoke a test request
curl localhost
  • This should return the following response from Gateway:
{"message":"no Route matched with those values"}

  • Access the API using the paths defined in the ingress rules (replace localhost with the minikube service IP address if you are not using the minikube tunnel command)

  • The following request to the echo service should return 200

curl -i localhost/echo
  • The following request to the httpbin service should return 200
curl -i localhost/httpbin/status/200
  • The following request to the secure httpbin service without userId should return 400
curl -i localhost/secure/httpbin/status/200
  • The following request to the secure httpbin service with wrong userId should return 403
curl -i localhost/secure/httpbin/status/200 -H 'userId: user-id'
  • The following request to the secure httpbin service should return 200
curl -i localhost/secure/httpbin/status/200 -H 'userId: 123'