mirror of
https://github.com/openfaas/faas.git
synced 2025-06-16 12:16:47 +00:00
98 lines
2.9 KiB
Markdown
98 lines
2.9 KiB
Markdown
# Using Kong as an API gateway for OpenFaaS
|
|
|
|
[Kong](https://getkong.org) is an API gateway that provides features such as security, logging, and rate limiting. By putting this in front of OpenFaaS you can quickly get access to these things and a lot more via [the many other plugins written](https://getkong.org/plugins/) for it.
|
|
|
|
Below is a demo of how you could use Kong as an authentication layer for OpenFaaS. You should be able to paste this all (from its Markdown source) into [Play With Docker](http://labs.play-with-docker.com/) to see it in action.
|
|
|
|
## Setup OpenFaaS
|
|
|
|
docker swarm init --advertise-addr $(hostname -i)
|
|
git clone https://github.com/alexellis/faas
|
|
cd faas
|
|
./deploy_stack.sh
|
|
|
|
## Check that one of the sample functions works
|
|
|
|
curl localhost:8080/function/func_echoit -d 'hello world'
|
|
|
|
|
|
## Setup Kong
|
|
|
|
docker run -d --name kong-database \
|
|
-p 5432:5432 \
|
|
-e "POSTGRES_USER=kong" \
|
|
-e "POSTGRES_DB=kong" \
|
|
postgres:9.4
|
|
|
|
docker run --rm \
|
|
--link kong-database:kong-database \
|
|
-e "KONG_DATABASE=postgres" \
|
|
-e "KONG_PG_HOST=kong-database" \
|
|
kong:latest kong migrations up
|
|
|
|
docker run -d --name kong \
|
|
--link kong-database:kong-database \
|
|
-e "KONG_DATABASE=postgres" \
|
|
-e "KONG_PG_HOST=kong-database" \
|
|
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
|
|
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
|
|
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
|
|
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
|
|
-p 8000:8000 \
|
|
-p 8443:8443 \
|
|
-p 8001:8001 \
|
|
-p 8444:8444 \
|
|
kong:latest
|
|
|
|
|
|
## Get a route to the OpenFaaS server
|
|
|
|
FAASTHOST=`hostname -i`
|
|
|
|
|
|
## Put Kong in front of a single function
|
|
|
|
sleep 5 # wait for Kong to be ready
|
|
|
|
curl -i -X POST \
|
|
--url http://localhost:8001/apis/ \
|
|
--data 'name=echoit' \
|
|
--data 'uris=/echo' \
|
|
--data 'upstream_url=http://'$FAASTHOST':8080/function/func_echoit'
|
|
|
|
curl localhost:8000/echo -d 'hello there'
|
|
|
|
## or put Kong in front of all the functions
|
|
|
|
curl -i -X POST \
|
|
--url http://localhost:8001/apis/ \
|
|
--data 'name=functions' \
|
|
--data 'uris=/functs' \
|
|
--data 'upstream_url=http://'$FAASTHOST':8080/function'
|
|
|
|
curl localhost:8000/functs/func_echoit -d 'hello there'
|
|
|
|
|
|
## Add a some auth with a Kong plugin
|
|
|
|
curl -i -X POST \
|
|
--url http://localhost:8001/apis/echoit/plugins/ \
|
|
--data 'name=key-auth'
|
|
|
|
curl -i -X POST \
|
|
--url http://localhost:8001/consumers/ \
|
|
--data "username=jdoe"
|
|
|
|
curl -i -X POST \
|
|
--url http://localhost:8001/consumers/jdoe/key-auth/ \
|
|
--data 'key=longsecretkey'
|
|
|
|
|
|
## Verify the plugin worked
|
|
|
|
curl localhost:8000/echo -d 'hello there' # no key specified
|
|
|
|
curl localhost:8000/echo -d 'hello there' --header "apikey: badkey"
|
|
|
|
curl localhost:8000/echo -d 'hello there' --header "apikey: longsecretkey"
|