PROGRAMMING

Kong API Gateway With Kubernetes

Install Kong to control access to our API

Lightphos
Lightphos
Jul 7, 2020 · 5 min read

Previously, we created a basic spring-boot service on Kubernetes. The service did not have any logic to control access, limit the requests, perform load balancing or any such concerns. To manage these concerns we will use Kong API Gateway. We will create a similar echo service with no discovery annotation, circuit breaker or security added. With this architectural pattern, your services remain focused on the business capability, while the non-functional concerns above are handled by the API gateway.

In this article, we install Kong, use it to access our echo service, introduce Kong’s correlation id plugin and a GUI dashboard.

Vadal Echo Example Service

We are going to use this VadalEcho service.

Set the resources in application.yml as follows:

spring:
application:
name: vadalecho

server.port: 8080

Build and deploy to K8s as per previous blogs.

Add as a service, but no need to expose the NodePort, we will access this from Kong as a K8s ingress path.

Install Kong

In installing Kong we will also add the database (not enabled by default) and expose the admin port on 8001.

Note: if you delete the chart and re-install also delete the PVC holding the db in storage.

Check our kong services.

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kong-kong-admin NodePort 10.110.21.157 8001:31846/TCP,8444:31320/TCP 1s
kong-kong-proxy LoadBalancer 10.97.155.4 localhost 80:32109/TCP,443:32390/TCP 1s
kong-postgresql ClusterIP 10.96.43.206 5432/TCP 1s
kong-postgresql-headless ClusterIP None 5432/TCP 1s

The password for postgresql will be in secrets but we will not be needing it (we added postgres in order for the Konga dashboard to update plugin details).

We will use the admin port 31846 to connect the Konga dashboard to Konga.

If you are using Lens (highly recommended), we can see the services in Lens -> Network -> Services.

Kong Gateway

{“message”:”no Route matched with those values”}

We need to add a route to our echo service above.

Load balance our service with the following:

Kong is now serving our service.

Now we can call our service with the path defined.

{
timestamp: "2020-07-06T18:56:26.169",
headers: {
host: "localhost",
connection: "keep-alive",
x-forwarded-proto: "http",
x-forwarded-host: "localhost",
x-forwarded-port: "8000",
x-real-ip: "192.168.65.3",
upgrade-insecure-requests: "1",
user-agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
sec-fetch-site: "none",
sec-fetch-mode: "navigate",
sec-fetch-user: "?1",
sec-fetch-dest: "document",
accept-encoding: "gzip, deflate, br",
accept-language: "en-GB,en-US;q=0.9,en;q=0.8",
cookie: "io=27Pjzcnt6E6AEnt1AAAA"
}
}

It should return a json payload like the above.

Note the setting of this annotation:
konghq.com/strip-path: “true”

This is needed if you want to access subpaths

eg:

localhost:31638/echo/actuator/health

Correlation Plugin

Kong provides us with the option of adding a custom correlation id (vadal-request-id) via it’s plugin mechanism. We can do this as follows:

Add it to the ingress file above

Call the echo service and notice the vadal-request-id, added by Kong.

{
timestamp: "2020-07-04T22:03:01.78",
headers: {
host: "localhost",
connection: "keep-alive",
vadal-request-id: "51835d40-967d-448c-9055-57df9f347a6d#2",
x-forwarded-proto: "http",
x-forwarded-host: "localhost",
x-forwarded-port: "8000",
x-real-ip: "192.168.65.3",
upgrade-insecure-requests: "1",
user-agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
sec-fetch-site: "none",
sec-fetch-mode: "navigate",
sec-fetch-user: "?1",
sec-fetch-dest: "document",
accept-encoding: "gzip, deflate, br",
accept-language: "en-GB,en-US;q=0.9,en;q=0.8"
}
}

Konga Dashboard

Konga provides use with a UI dashboard over Kong. To implement it, create a file konga.yml with following content:

apiVersion: v1
kind: Service
metadata:
name: konga-svc
spec:
type: NodePort
ports:
- name: kong-proxy
port: 1337
targetPort: 1337
protocol: TCP
selector:
app: konga
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: konga
spec:
replicas: 1
selector:
matchLabels:
app: konga
template:
metadata:
labels:
name: konga
app: konga
spec:
containers:
- name: konga
image: pantsel/konga
ports:
- containerPort: 1337
env:
- name: NO_AUTH
value: "true"

Apply the file above

Check it is up and running:

konga-svc NodePort 10.98.39.197 1337:32615/TCP 33m

Navigate to the dashboard

http://localhost:32615/

Connect to Kong with host ip (not localhost) and admin port (8001: -> 31846 in this blog). Eg http://192.168.0.111:31846 (ip of your machine and the port from the helm installation). Note: the connection to kong can be a bit flaky. If it doesn’t connect delete the connection, try again and check the pod logs.

Conclusion

We installed Kong in Kubernetes, deployed a service vadal-echo, managed by Kong, added a custom correlation id and added Konga, an open source GUI dashboard for Kong.

Next time we will add security features such as API Keys and JWTs to secure access to the service.

Resources

The source code can be found here, under directory vadal-echo and under infra/kong:

https://gitlab.com/lightphos/spring/vadal

Further Details

For more details on the chart values see: https://github.com/Kong/charts/blob/master/charts/kong/values.yaml

Kong Ingress:
https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/guides/getting-started.md

For more details on the postgres chart see: https://github.com/helm/charts/tree/master/stable/postgresql

Originally published at https://blog.ramjee.uk on July 7, 2020.

actual-tech

Software Technology Articles

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store