Architecture
graph RL
REST --> Konga
subgraph Kong
REST(Admin REST API)
OIDC(Plugin: kong-oidc)
end
Keycloak --> OIDC
Install Without DB
Docker
1
2
3
4
5
6
7
8
9
10
11
12
| docker run -d --name kong \
-e "KONG_DATABASE=off" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 8444:8444 \
kong
|
- Admin Port
8001``8444
- Gateway Port
8000 8443
Config
Default Configuration
1
2
| docker exec -it kong kong config init /home/kong/kong.yml
docker exec -it kong cat /home/kong/kong.yml >> kong.yml
|
Post new Config
1
2
3
| curl --location --request POST "http://localhost:8001/config" \
--header "Content-Type: text/yaml" \
--data-binary "@/kong.yml"
|
docker exec with root
1
| docker exec -it --user root kong bash
|
1
2
3
4
| # https://docs.konghq.com/install/source/
git clone https://github.com/Kong/kong-build-tools
|
Install With DB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
| docker run -d --name kong-database \
-p 5432:5432 \
-e "POSTGRES_USER=kong" \
-e "POSTGRES_DB=kong" \
-e "POSTGRES_PASSWORD=kong" \
postgres:9.6
docker run --rm \
--link kong-database:kong-database \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_USER=kong" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
kong kong migrations bootstrap
docker run -d --name kong \
--link kong-database:kong-database \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 8444:8444 \
kong
# add services, routes
docker exec -it --user root kong bash
# apk
apk update
apk add wget
apk add curl
# install plugins
luarocks install kong-oidc
cp /etc/kong/kong.conf.default /etc/kong/kong.conf
vi /etc/kong/kong.conf
# plugins = oidc
# exit kong container
docker restart kong
|
Keycloak
1
| docker run -d --name keycloak -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak
|
1
| curl -s http://dev:8080/auth/realms/master/.well-known/openid-configuration | python -mjson.tool
|
1
2
3
4
5
6
7
| CLIENT_SECRET=d1776f95-8a0b-4dc0-8e36-0a5a21b85bdf
curl -s -X POST http://dev:8001/plugins \
-d name=oidc \
-d config.client_id=kong \
-d config.client_secret=${CLIENT_SECRET} \
-d config.discovery=http://dev:8080/auth/realms/master/.well-known/openid-configuration \
| python -mjson.tool
|