Setup Kong Gateway with Docker

In this blog post, I will show you, how you can install Kong Gateway in the Docker.

Installation

Set up your directory like the following.

|-config/kong.yaml
|-output/
|-docker-compose.yaml
|-POSTGRES_PASSWORD

In your config/kong.yaml, add the following:

# a very minimal declarative config file
_format_version: "2.1"
_transform: true

In POSTGRES_PASSWORD, just add any password you want. For example:

password

Then, copy the following code snippet in your docker-compose.yaml.

version: '3.9'

x-kong-config: &kong-env
  KONG_DATABASE: postgres
  KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong}
  KONG_PG_HOST: kong-database
  KONG_PG_USER: ${POSTGRES_USER:-kong}
  KONG_PG_PASSWORD_FILE: /run/secrets/kong_postgres_password

services:
  kong-migrations:
    image: kong/kong-gateway:3.3.1.0
    command: kong migrations bootstrap
    depends_on:
      - kong-database
    environment:
      <<: *kong-env
    secrets:
      - kong_postgres_password
    networks:
      - kong-net
    restart: on-failure

  kong-migrations-up:
    image: kong/kong-gateway:3.3.1.0
    command: kong migrations up && kong migrations finish
    depends_on:
      - kong-database
    environment:
      <<: *kong-env
    secrets:
      - kong_postgres_password
    networks:
      - kong-net
    restart: on-failure

  kong-gateway:
    image: kong/kong-gateway:3.3.1.0
    user: "${KONG_USER:-kong}"
    networks:
      - kong-net
    environment:
      <<: *kong-env
      KONG_PROXY_ACCESS_LOG: /dev/stdout
      KONG_ADMIN_ACCESS_LOG: /dev/stdout
      KONG_PROXY_ERROR_LOG: /dev/stderr
      KONG_ADMIN_ERROR_LOG: /dev/stderr
      KONG_ADMIN_LISTEN: 0.0.0.0:${KONG_ADMIN_PORT:-8001}
      KONG_PROXY_LISTEN: 0.0.0.0:${KONG_PROXY_PORT:-8000}
    secrets:
      - kong_postgres_password
    ports:
      - '${KONG_PROXY_PORT:-8000}:8000'
      - '${KONG_ADMIN_PORT:-8001}:8001'
    depends_on:
      - kong-database
    healthcheck:
      test: ["CMD", "kong", "health"]
      interval: 10s
      timeout: 10s
      retries: 10
    restart: on-failure:5
  kong-database:
    image: postgres:13
    environment:
      - POSTGRES_DB=${KONG_PG_DATABASE:-kong}
      - POSTGRES_USER=${POSTGRES_USER:-kong}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-kongpass}
    networks:
      - kong-net
networks:
  kong-net:
    external: true

secrets:
  kong_postgres_password:
    file: ./POSTGRES_PASSWORD

Once all above completed, run the following command from terminal.

docker compose up -d

This command will create a docker container for Kong Gateway.

Hit your browser - http:/127.0.0.1:8000. You should see some JSON output in your browser.

Configuration

In this part, we will configure the most common setup in any Kong Gateway installation.

All the output of the CURL execution below will be stored in output/ directory.

By the end of this configuration, you should have:

• Securing Admin API with API Key
  • Created Administrator Consumer
  • Created Service for Admin API
  • Created Route for Admin API
• Enable a Globally Rate Limit of 60 requests per minute
• Enable a Globally Proxy Caching for 30 seconds

Export Default Configuration

curl -s localhost:8001 | jq '.configuration' > output/configuration-default.json

Set Rate Limit Globbaly to 60 requests per minute.

curl -X POST http://localhost:8001/plugins \
  --data name=rate-limiting \
  --data config.minute=60 \
  --data config.policy=local -o output/admin-api-rate-limit-global.json

Set Default Proxy Cache to 30 seconds

curl -X POST http://localhost:8001/plugins \
  --data "name=proxy-cache" \
  --data "config.request_method=GET" \
  --data "config.response_code=200" \
  --data "config.content_type=application/json; charset=utf-8" \
  --data "config.cache_ttl=30" \
  --data "config.strategy=memory" -o output/admin-api-proxy-cache-global.json

Creating Admin API Service

curl --request POST \
  --url http://localhost:8001/services \
  --data name=admin-api-service \
  --data url='http://localhost:8001' -o output/admin-api-service.json

Creating Admin API Route

curl --request POST \
  --url http://localhost:8001/services/admin-api-service/routes \
  --data 'paths[]=/admin-api' \
  --data name=admin-api-route -o output/admin-api-route.json

Enable Key Auth on Admin API Service

curl --request POST \
    --url http://localhost:8001/services/admin-api-service/plugins \
    --header 'Content-Type: application/json' \
    --header 'accept: application/json' \
    --data '{"name":"key-auth","config":{"key_names":["api-key"],"key_in_query":false}}' -o output/admin-api-key.json

Create Admin API Consumer

curl --request POST \
  --url http://localhost:8001/consumers \
  --header 'Content-Type: application/json' \
  --header 'accept: application/json' \
  --data '{"username":"administrator","custom_id":"administrator"}' -o output/admin-api-consumer.json

Creata Admin API Key

curl -X POST http://localhost:8001/consumers/administrator/key-auth -o output/admin-api-consumer-key.json

What's Next?

Once you are completed, you can start using the Kong Gateway locally - or if you want to use in production - you can install Kong Gateway based on your preferred Operating System and just follow the steps given above for minimal setup of your Kong Gateway.

You may want to put Kong Gateway behind a reverse proxy - e.g. api.dev.to is NGINX reverse proxy to a Kong Gateway, which put located at 127.0.0.1:8000.

Hopes this blog post helps you to setup Kong Gateway in your environment.