• Stars
    star
    121
  • Rank 293,924 (Top 6 %)
  • Language
    Shell
  • Created over 7 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Samples Kong integration.

Kong integration samples

This project is a small collection of demonstration showing how to integrate Kong with other systems:

Prerequisites

Before starting you have to install those tools.

Setup our sample API

First we deploy Kong stack:

$ make deploy

Then we create a service endpoint:

$ http --form POST :8001/services/ name='chuck' url='http://api.icndb.com/jokes/random'

Then, we expose this service by providing a routing strategy:

$ http --form POST :8001/services/chuck/routes paths\[\]='/chuck'

We should be able to test our new API end point.

$ http :8000/chuck

Now we are ready to play.

Kong with Keycloak (OIDC)

This demonstration setup:

  • a Keycloak instance with a minimal configuration: a realm, a client and an user.
  • a Kong instance with a minimal configuration: an API with the OIDC plugin.

The OIDC plugin is not available with the open-source version of Kong. Therefore we have to install a similar plugin coming from Nokia: kong-oidc. This is why we build our own Docker image for Kong.

Because we don't have proper DNS configuration and in order to not break the OIDC redirection you have to do some modification into the /etc/hosts file of your Docker host:

127.0.1.1 keycloak

You are now ready to setup the demo.

Deploy and configure the stack

$ make with-keycloak deploy

Type the following command in order to retrieve the client secret:

$ client_secret=`make secret | jq -r .value`
$ cat $client_secret

Let's create a service endpoint:

We assume that we have already setup our sample API.

Now we can secure our API:

$ http --form POST :8001/services/chuck/plugins \
  name=oidc \
  config.scope=openid \
  config.session_secret=623q4hR325t36VsCD3g567922IC0073T \
  config.response_type=code \
  config.token_endpoint_auth_method=client_secret_post \
  config.ssl_verify=no \
  config.client_id=sample-api \
  config.discovery="http://keycloak:8080/auth/realms/sample/.well-known/openid-configuration" \
  config.client_secret=$client_secret

Playground

If you try to access to the API you will receive a redirect response:

$ http :8000/chuck
HTTP/1.1 302 Moved Temporarily
...

Open your browser and browse to the API (http://localhost:8000/chuck). You are redirected to the Keycloak login page of the Sample realm. You can log in by using test/test as credentials. Once logged in you will be redirect to the API and you will be able to interact with.

The API is now protected using a simple session id. Kong act as an OIDC client with Keycloak.

Kong with Keycloak (JWT)

In the previous demonstration we used Kong as a OIDC client. This is cool but with such a solution Kong is tightly linked with OIDC provider. Something maybe more interesting is to use JWT in order to decoupling both systems.

This demonstration setup:

  • a Keycloak instance with a minimal configuration: a realm, a client and an user.
  • a Kong instance with a minimal configuration: an API with the JWT plugin.

Deploy and configure the stack

$ make with-keycloak deploy

TODO...

See: https://ncarlier.gitbooks.io/oss-api-management/content/howto-kong_with_keycloak.html

Kong with TIG (Telegraf, InfluxDB and Grafana)

This demonstration setup:

  • a time series database (InfluxDB)
  • a StatsD agent (Telegraf)
  • a data visualization & monitoring platform (Grafana)
  • a Kong instance with a minimal configuration: an API with the StatsD plugin.

The purpose of this demo is to produce metrics from the API gateway and build some visualization dashboard.

Deploy and configure the stack

$ make with-tig deploy

Let's configure Kong in order to activate the StatsD plugin:

$ http --form POST :8001/services/chuck/plugins \
  name=statsd \
  config.host=statsd

Playground

Now any access of the API will produce some StatsD metrics gathered by Telegraf and stored into InfluxDB.

Let's call the API several times:

$ watch -n 2 http :8000/chuck

Open your browser and go to the Grafana console (http://localhost:3000):

  • Login: admin/admin
  • Add a data source:
    • Name: influxdb
    • Type: InfluxDB
    • Url: http://influxdb:8086
    • Access: proxy
    • Database: telegraf
  • Import new dashboard:
    • Dashboards->Import
    • Choose ./dashboards/grafana.json

You should visualize some metrics. You can play with Grafana to modify or create great dashboard. This is super cool but this plugin is quite limited. You only have very basic metrics (count, latency, status and size) by API. It's a good start but there is little work to do to make this plugin great (by using tagged metrics for instance).

Kong with ELK (Elasticsearch, Logstash, Kibana)

This demonstration setup:

  • a indexed document database (Elasticksearch)
  • a log collector and transformer (Logstash)
  • a data visualization & monitoring platform (Kibana)
  • a Kong instance with a minimal configuration: an API with the UDP-log plugin.

The purpose of this demo is to produce logs from the API gateway and build some visualization dashboard.

Deploy and configure the stack

Deploy and configure the stack:

$ make with-elk deploy

Note that elasticsearch may fail to start:

$ make logs service=elasticsearch
...
max virtual memory areas vm.max_map_count [65530] is too low, increase to atleast [262144]
...

If so, you have to increase the following system property and restart the service:

sudo sysctl -w vm.max_map_count=262144
make with-elk restart service=elasticsearch

Let's configure Kong in order to activate the UDP log plugin:

$ http --form POST :8001/services/chuck/plugins \
  name=udp-log \
  config.host=logstash \
  config.port=5000

Playground

Now any access of the API will produce JSON logs gathered by Logstash and stored into Elasticsearch.

Let's call the API several times:

$ watch -n 2 http :8000/chuck

Open your browser and go to the Kibana console (http://localhost:5601):

Note that Kibana is very long to start the first time.

  • Configure an index pattern: logstash-*
  • You should see many fields.
  • Click on Discover and you should see incoming events.
  • Import new dashboard:
    • Management->Saved Objects->Import
    • Choose ./kibana/dashboard.json

You should visualize some metrics. Feel free to play with Kibana and improve this dashboard.

Cleanup

You can undeploy all stacks with:

$ make undeploy

More Repositories

1

webhookd

A very simple webhook server launching shell scripts.
Go
742
star
2

readflow

readflow is a news-reading (or read-it-later) solution focused on versatility and simplicity.
Go
335
star
3

feedpushr

A simple feed aggregator daemon with sugar on top.
Go
295
star
4

nunux-keeper

A open source content curation system.
JavaScript
74
star
5

nunux-reader

The super-fast-minimalist-nosql-opensource Google Reader revival.
HTML
66
star
6

dockerfiles

My dockerfiles.
Dockerfile
50
star
7

apimon

APImon is a simple tool for monitoring HTTP endpoints and sending metrics to a robust monitoring platform (such as TICK, Prometheus, ELK, etc.).
Go
40
star
8

za

ZerØ Analytics is a Google Analytics alternative focused on privacy and simplicity.
Go
34
star
9

dynamic-ambassador

Dynamic ambassador based on etcd, confd and haproxy.
Shell
21
star
10

devbox

My dev box based on debian.
Shell
11
star
11

goaccess-docker-stack

A simple Docker stack to illustrate the usage of GoAccess with NGINX.
Makefile
10
star
12

keycloak-todomvc

A demonstration of using Keycloak with a Todo application.
Go
8
star
13

htmlgrabr

A Node.js library to grab and clean HTML content.
TypeScript
5
star
14

makefiles

My makefiles.
5
star
15

kong-docker-daemon

This is a sidekick docker daemon used to automatically declare upstreams and targets into Kong.
Go
5
star
16

node-red-contrib-openid

Node-RED node to use OpenID Connect with HTTP nodes
HTML
4
star
17

node-red-contrib-auth-oidc

Node-RED node to use OpenID Connect with HTTP input nodes.
JavaScript
4
star
18

genjson

A simple CLI used to produce a JSON stream with fake data using JSON schema
JavaScript
3
star
19

nunux-keeper-android

Nunux Keeper Android application. http://keeper.nunux.org
Java
3
star
20

elk-docker-stack

A simple Docker stack to illustrate the usage of ELK as log concentration tool.
Shell
3
star
21

cloudconfd

A very simple cloud-config http server.
Go
2
star
22

nunux-orbino

Nunux Orbino is a simple node.js app that controls an RGB LED over the network.
JavaScript
1
star
23

mqtt-rf-gw

MQTT to RF gateway
C++
1
star
24

nunux-droid

Nunux Droid is a XMPP bot for Android device.
Java
1
star
25

proxy-portal

Logon portal who forward backend request (keeping backend session)
Java
1
star