Install and configure Kong gateway and Konga console in Docker mode
preface
This article describes how to install and configure Kong gateway and Konga console in Docker mode.
Install Kong
Docker compose, which is officially provided by Kong and installed in the form of docker compose YML has a problem, so it is installed directly in the form of docker.
Reference documents:
Create container network
docker network create kong-net
Start the PostgreSQL database
docker run -d --name kong-database \
--network=kong-net \
-p 5432:5432 \
-v $HOME/kong/postgres-data:/var/lib/postgresql/data \
-e "POSTGRES_USER=kong" \
-e "POSTGRES_DB=kong" \
-e "POSTGRES_PASSWORD=kong" \
postgres:9.6
explain:
- Kong supports Cassandra and PostgreSQL databases, and PostgreSQL relational database is selected here.
- Mount the volume to the $home / Kong / Postgres data directory of the local host.
Initialization data
docker run --rm \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_USER=kong" \
-e "KONG_PG_PASSWORD=kong" \
kong:latest kong migrations bootstrap
Security protection for Kong Admin API
See:
It is set that the Kong Admin API cannot be accessed through http: / / < Kong host >: 8001. The Kong Admin API can only be accessed through the < Kong host >: 8000 agent, such as http: / / < Kong host >: 8000 / Admin API /? apikey=<secret> .
Put the following Kong Put the YML file in the $HOME/kong/config directory.
_format_version: "1.1"
services:
- name: admin-api
url: http://127.0.0.1:8001
routes:
- paths:
- /admin-api
plugins:
- name: key-auth
consumers:
- username: admin
keyauth_credentials:
- key: secret
explain:
- Here we use Key Authentiaction , set the key to secret. In actual use, you need to set the key to a complex and hard to guess string.
- In addition, for the sake of security, the server running Kong in actual use should not open port 8001. All traffic accessing Kong comes in through 8000.
Import Kong configuration:
docker run --rm \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_USER=kong" \
-e "KONG_PG_PASSWORD=kong" \
-v $HOME/kong/config:/home/kong \
kong:latest kong config db_import /home/kong/kong.yml
Start Kong
docker run -d --name kong \
--network=kong-net \
-e "KONG_DATABASE=postgres" \
-e "KONG_PG_HOST=kong-database" \
-e "KONG_PG_USER=kong" \
-e "KONG_PG_PASSWORD=kong" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
-p 8000:8000 \
-p 8443:8443 \
-p 127.0.0.1:8001:8001 \
-p 127.0.0.1:8444:8444 \
kong:latest
The Kong Admin API can be accessed in the following ways:
- http://localhost:8001
- http://localhost:8000/admin-api?apikey=secret
- http://<kong-host>:8000/admin-api? Apikey = secret, for example http://192.168.0.100:8000/admin-api?apikey=secret
Tips: on MacOS, you can obtain the local IP through ipconfig getifaddr en0.
Install Konga
Because the Kong Community version does not have a Web console, for ease of management, choose to install Konga as the Kong Admin Web console.
See:
- https://github.com/pantsel/konga
- https://hub.docker.com/r/pantsel/konga/
- https://pantsel.github.io/konga/
Start the PostgresSQL database
Start the konga PostgresSQL database.
docker run -d --name konga-database \
--network=kong-net \
-p 5433:5432 \
-v $HOME/kong/konga/postgres-data:/var/lib/postgresql/data \
-e "POSTGRES_USER=konga" \
-e "POSTGRES_DB=konga" \
-e "POSTGRES_PASSWORD=konga" \
postgres:9.6
explain:
- Konga needs to have its own database to save the corresponding configuration instead of directly using Kong's database.
- When Konga reads Kong data, it reads it through the Kong Admin API instead of directly reading Kong's database.
- Mount the volume to the $home / Kong / Konga / Postgres data directory of the local host.
Initialization data
docker run --rm \
--network=kong-net \
pantsel/konga:latest \
-c prepare \
-a "postgres" \
-u "postgres://konga:konga@konga-database:5432/konga"
Start Konga
docker run -d --name konga \
--network kong-net \
-e "TOKEN_SECRET=secret123" \
-e "DB_ADAPTER=postgres" \
-e "DB_URI=postgres://konga:konga@konga-database:5432/konga" \
-e "NODE_ENV=development" \
-p 1337:1337 \
pantsel/konga
visit http://localhost:1337 To visit Konga.
Configure on Konga
Register admin user
Before using Konga for the first time, you need to register an Admin user.
Configure Kong Connection
On Konga, open Connections and select Create a new Kong connection.
Select the connection type as Kong Auth, and enter the connection name, Loopback API URL and API Key.
Example:
Name: `kong-key` Loopback API URL: `http://192.168.0.100:8000/admin-api/` API KEy: `secret`
explain:
- localhost or 127.0.0.1 cannot be used in the API URL, otherwise the connection cannot be activated. See: https://github.com/pantsel/konga/issues/136
After creating the connection, click the Active button to activate the Kong connection.
After activating the connection, you can see that Konga can read the relevant data of Kong through the Kong Admin API.