From 13852a930dc16c74dbd7c6e2a63fdac5c451015f Mon Sep 17 00:00:00 2001 From: Jono <jono@foodnotblogs.com> Date: Sun, 17 Sep 2017 14:52:49 -0700 Subject: [PATCH] Adding Kong integration guide Signed-off-by: Jono Finger <jono@foodnotblogs.com> --- guide/kong_integration.md | 97 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 guide/kong_integration.md diff --git a/guide/kong_integration.md b/guide/kong_integration.md new file mode 100644 index 00000000..804d3f59 --- /dev/null +++ b/guide/kong_integration.md @@ -0,0 +1,97 @@ +# Using Kong as an API gateway for OpenFaaS + +[Kong](https://getkong.org) is an API gateway that provides features such as security, logging, and rate limiting. By putting this in front of OpenFaaS you can quickly get access to these things and a lot more via [the many other plugins written](https://getkong.org/plugins/) for it. + +Below is a demo of how you could use Kong as an authentication layer for OpenFaaS. You should be able to paste this all (from its Markdown source) into [Play With Docker](http://labs.play-with-docker.com/) to see it in action. + +## Setup OpenFaaS + + docker swarm init --advertise-addr $(hostname -i) + git clone https://github.com/alexellis/faas + cd faas + ./deploy_stack.sh + +## Check that one of the sample functions works + + curl localhost:8080/function/func_echoit -d 'hello world' + + +## Setup Kong + + docker run -d --name kong-database \ + -p 5432:5432 \ + -e "POSTGRES_USER=kong" \ + -e "POSTGRES_DB=kong" \ + postgres:9.4 + + docker run --rm \ + --link kong-database:kong-database \ + -e "KONG_DATABASE=postgres" \ + -e "KONG_PG_HOST=kong-database" \ + kong:latest kong migrations up + + docker run -d --name kong \ + --link kong-database:kong-database \ + -e "KONG_DATABASE=postgres" \ + -e "KONG_PG_HOST=kong-database" \ + -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ + -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ + -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \ + -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \ + -p 8000:8000 \ + -p 8443:8443 \ + -p 8001:8001 \ + -p 8444:8444 \ + kong:latest + + +## Get a route to the OpenFaaS server + + FAASTHOST=`hostname -i` + + +## Put Kong in front of a single function + + sleep 5 # wait for Kong to be ready + + curl -i -X POST \ + --url http://localhost:8001/apis/ \ + --data 'name=echoit' \ + --data 'uris=/echo' \ + --data 'upstream_url=http://'$FAASTHOST':8080/function/func_echoit' + + curl localhost:8000/echo -d 'hello there' + +## or put Kong in front of all the functions + + curl -i -X POST \ + --url http://localhost:8001/apis/ \ + --data 'name=functions' \ + --data 'uris=/functs' \ + --data 'upstream_url=http://'$FAASTHOST':8080/function' + + curl localhost:8000/functs/func_echoit -d 'hello there' + + +## Add a some auth with a Kong plugin + + curl -i -X POST \ + --url http://localhost:8001/apis/echoit/plugins/ \ + --data 'name=key-auth' + + curl -i -X POST \ + --url http://localhost:8001/consumers/ \ + --data "username=jdoe" + + curl -i -X POST \ + --url http://localhost:8001/consumers/jdoe/key-auth/ \ + --data 'key=longsecretkey' + + +## Verify the plugin worked + + curl localhost:8000/echo -d 'hello there' # no key specified + + curl localhost:8000/echo -d 'hello there' --header "apikey: badkey" + + curl localhost:8000/echo -d 'hello there' --header "apikey: longsecretkey" -- GitLab