Skip to content

Latest commit

 

History

History
38 lines (34 loc) · 1.94 KB

README.md

File metadata and controls

38 lines (34 loc) · 1.94 KB

Kong setup

This repo shows a setup of using Kong as ingress controller in Kubernetes. It is configured with one endpoint that has rate limiting applied based on the client id for an OAuth Bearer token in the request Authorization header.

The client id is read from the token using a token introspection request to a specified endpoint.

The following steps shows how to run it locally, using Minikube:

  • Build Docker image for Kong, including custom plugins, and make sure the image is available in Minikube:
    $ minikube start
    $ eval $(minikube docker-env)
    $ docker build -t kong-with-local-plugin .
  • Run Kong in k8s:
    $ helm repo add kong https://charts.konghq.com
    $ helm repo update
    $ helm init
    $ helm install -f kong-override.yaml --name kong kong/kong
    $ export PROXY_IP=$(minikube service kong-kong-proxy --url | head -1)
  • Setup echo-server (from here):
    $ kubectl apply -f https://bit.ly/echo-service
  • First, configure introspection_endpoint and introspection_client_credentials in ingress.yaml, then add ingress rule with Kong plugins configured:
    $ kubectl apply -f ingress.yaml

To test it, make some requests and check the returned rate limiting headers:

$ curl -i ${PROXY_IP}/foo # without authorization, rate limiting defaults to client IP
$ curl -i ${PROXY_IP}/foo -H 'Authorization: Bearer <token>' # with authorization, rate limiting will use client id from valid token