{"id":26550156,"url":"https://github.com/mikyll/kong-kubernetes-example","last_synced_at":"2026-04-09T22:42:39.031Z","repository":{"id":227434094,"uuid":"771419954","full_name":"mikyll/Kong-kubernetes-example","owner":"mikyll","description":"Kong Ingress Controller example project","archived":false,"fork":false,"pushed_at":"2024-04-29T14:46:29.000Z","size":51,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-22T07:33:05.609Z","etag":null,"topics":["api-gateway","helm","kong","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mikyll.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-13T09:13:06.000Z","updated_at":"2024-08-05T07:54:15.000Z","dependencies_parsed_at":"2024-04-29T10:48:56.446Z","dependency_job_id":"e12a12bf-e38c-4e0c-86d7-83034f0b2b81","html_url":"https://github.com/mikyll/Kong-kubernetes-example","commit_stats":null,"previous_names":["mikyll/kong-kubernetes-example"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mikyll/Kong-kubernetes-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikyll%2FKong-kubernetes-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikyll%2FKong-kubernetes-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikyll%2FKong-kubernetes-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikyll%2FKong-kubernetes-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mikyll","download_url":"https://codeload.github.com/mikyll/Kong-kubernetes-example/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikyll%2FKong-kubernetes-example/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267400376,"owners_count":24081182,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-27T02:00:11.917Z","response_time":82,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-gateway","helm","kong","kubernetes"],"created_at":"2025-03-22T07:30:36.129Z","updated_at":"2026-04-09T22:42:33.987Z","avatar_url":"https://github.com/mikyll.png","language":"Lua","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Kong Kubernetes Example\n\nThis directory contains some examples for Kong Kubernetes installation (Kong Ingress Controller).\n\n\u003c/div\u003e\n\n## Prerequisites\n\n- Kubernetes Command Line Tools ([kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl));\n- Helm CLI ([helm](https://helm.sh/docs/intro/install/));\n- Linux shell, on Windows  you can obtain through many tools, such as [Git Bash](https://git-scm.com/downloads) and WSL.\n\n### Local Installation\n\n- [docker](https://www.docker.com/) (Docker Desktop for Windows users);\n- [minikube](https://minikube.sigs.k8s.io/docs/start/), to create a local Kubernetes cluster. It supports different drivers (including Docker, in which case Kubernetes will run as a Docker container).\n\n#### Minikube\n\n1. Start a minikube cluster:\n\n    ```bash\n    minikube start --driver=\"docker\"\n    ```\n\n    Running this command will automatically set the Kubernetes config file to point to the local Kubernetes cluster.\n\n2. Open a tunnel connection to LoadBalancer services (needed to be able to contact Kong proxy on localhost):\n\n    ```bash\n    minikube tunnel\n    ```\n\n    This command will keep running, so it's better to leave it in another terminal.\n\n## Test Resources\n\n[echo-test.yaml](./resources/echo-test.yaml) describes a set of resources that can be deployed to test the gateway features.\n\nThis manifest contains:\n\n- a *Deployment* that uses [kong/go-echo](https://hub.docker.com/r/kong/go-echo) Docker image;\n- a *Service* that points to that Deployment;\n- a set of *HTTPRoutes*, which maps an API endpoint on the gateway to the echo deployment and a specific plugin;\n- a set of *KongPlugins* to test different functionality;\n- a set of *KongConsumers* and *Secrets* to use the corresponding plugins;\n\n### API Endpoints\n\nIf deployed on a minikube cluster (with minikube tunnel), it will be accessible through `http://localhost:80`. The test resources expose the following API endpoints:\n\n- `/echo`, simple route that forwards requests directly to the backend, with no further processing/operations;\n- `/echo-ratelimit`, uses the rate limiting plugin, capped with 2 requests per minute;\n- `/echo-keyauth`, uses the key authentication plugin, allowing only requests that contains a valid API key (header `apikey:alex_api_key`) to be forwarded to the backend;\n- `/echo-basicauth`, uses the basic authentication plugin, allowing only requests that contains a valid basic authorization (basic authorization header with `joe:password` encoded in base64) to be forwarded to the backend;\n- `/echo-jwtauth`, uses the JWT plugin, allowing only requests that contains a valid JWT token (bearer authorization header with [`JWT_ADMIN.txt`](./resources/JWTs/JWT_ADMIN.txt) or [`JWT_USER.txt`](./resources/JWTs/JWT_USER.txt.txt)) to be forwarded to the backend;\n- `/echo-acl/admin`, uses the ACL plugin combined with the JWT plugin, to implement authentication + authorization. This endpoint allows forwarding to the backend service only for requests that contains a JWT corresponding to the group \"admin\" (such as [`JWT_ADMIN.txt`](./resources/JWTs/JWT_ADMIN.txt));\n- `/echo-acl/anyone`, uses the ACL plugin combined with the JWT plugin, to implement authentication + authorization. This endpoint allows forwarding to the backend service only for requests that contains a JWT corresponding to the group \"admin\" and \"user\" (such as [`JWT_ADMIN.txt`](./resources/JWTs/JWT_ADMIN.txt) and [`JWT_USER.txt`](./resources/JWTs/JWT_USER.txt.txt));\n- `/echo-loadtest`, uses a custom plugin to perform CPU intensive operation. It accepts the following query parameters:\n  - `load_test`, a boolean that specifies if the plugin must perform a loop;\n  - `load_loops`, an integer indicating the number of loops to be performed (CPU intensive operation, to be run on Kong gateway before the request forwarding);\n  - `load_log`, a boolean that specifies if the plugin must print information in Kong gateway logs (see [Kong Log Watcher](#kong-log-watcher) below);\n- `/echo-jwtchecker`, uses a custom plugin to check if the header contains a JWT. If it does, the response will have status code `200`, if it has an authorization header, but not containing a JWT, it will return `403`, in any other case it will return `401`. The body of the response will contain the response of the backend service, only if a JWT token was found. The plugin has the following configuration parameters:\n  - `verbose` (default true), if set to true will add a message to the body (if a JWT was found it will print also the payload).\n\n### Custom Plugins\n\n#### Load Test\n\nDirectory: [loadtest/](./resources/custom_plugins/loadtest/)\n\n#### JWT Checker\n\nDirectory: [jwtchecker/](./resources/custom_plugins/jwtchecker/)\n\n#### How To Use Custom Plugins\n\nCustom plugins are Lua scripts that can be injected in Kong gateway. In order to add them to Kong environment, we can create a config map:\n\n```bash\nkubectl create configmap \"my-customplugin-configmap\" --from-file=\"plugin_dir/\" -n \"kong\"\n```\n\nAnd add a entry in Kong [values.yaml](./values/ingress-values.yaml) file:\n\n```yaml\ngateway:\n  # [...]\n\n  plugins:\n    configMaps:\n    - name: \"my-customplugin-configmap\"\n      # This will be referenced by KongPlugin \"plugin\" field\n      pluginName: mycustom\n```\n\n## Utility Scripts\n\nThe following sections describe some utility Bash scripts.\n\n### Kong Installation\n\nScript [kong_install_gd.sh](./kong_install_gd.sh) installs Kong in [Gateway Discovery](https://docs.konghq.com/kubernetes-ingress-controller/3.1.x/production/deployment-topologies/gateway-discovery/) mode, with no database. This is the most common deployment mode, and consists of 2 separate Kong deployments (Kubernetes Deployment instances):\n\n- **Kong Controller** (Control Plane) is responsible for maintaining the Kong configuration and synching the gateway instances;\n- **Kong Gateway** (Data Plane) is the actual proxy that receives requests and forwards them to backend services;\n\nThis deployment mode allows for *independent scaling* of the two deployments, contrary to the more traditional \"sidecar\" where both the controller and the gateway are installed in a single deployment instance (and will run in the same pod).\n\n### Kong Uninstallation\n\nScript [kong_uninstall.sh](./kong_uninstall.sh) uninstall any Kong installation using the Helm release name.\n\n### Kong Echo Updater\n\nScript [kong_apply_echo.sh](./kong_apply_echo.sh) applies the configuration of the \"echo\" resources, located in [./resources/echo-test.yaml](./resources/echo-test.yaml).\n\n### Kong Log Watcher\n\nScript [kong_watch_logs_all.sh](./kong_watch_logs_all.sh) opens two terminal windows showing real-time logs for the controller and the gateway deployments.\n\n### Kong Manager\n\nScript [kong_open_kong_manager.sh](./kong_open_kong_manager.sh) runs kubectl port-forward on admin and manager HTTP services, and opens a browser window at the Kong Manager URL.\n\n### ConfigMap Creation\n\nScript [create_configmaps.sh](./resources/custom_plugins/create_configmaps.sh) loops over the directories in [resources/custom_plugins/](./resources/custom_plugins/) and creates a YAML manifest for each custom plugin directory not starting with an underscore character (`_`).\n\n## Extra\n\n### Database\n\n### Autoscaling\n\n## References\n\n- [Kong](https://konghq.com/)\n- [Kong Ingress Controller docs](https://docs.konghq.com/kubernetes-ingress-controller/latest/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikyll%2Fkong-kubernetes-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmikyll%2Fkong-kubernetes-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikyll%2Fkong-kubernetes-example/lists"}