faas-rs/faas
1
0
Fork 0
mirror of https://github.com/openfaas/faas.git synced 2025-06-15 19:56:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
faas/guide/kong_integration.md
Jono ab1e913492 Updating Kong to use the same network as FaaS 
Signed-off-by: Jono <jono@foodnotblogs.com>
2017-09-23 20:46:27 +01:00

3.0 KiB
Raw Blame History

Using Kong as an API gateway for OpenFaaS

Kong is an API gateway that provides features such as security, logging, and rate limiting. By putting this in front of OpenFaaS you can quickly get access to these things and a lot more via the many other plugins written for it.

Below is a demo of how you could use Kong as an authentication layer for OpenFaaS. You should be able to paste this all (from its Markdown source) into Play With Docker to see it in action.

Setup OpenFaaS

docker swarm init --advertise-addr $(hostname -i)
git clone https://github.com/alexellis/faas
cd faas
./deploy_stack.sh

Check that one of the sample functions works

curl localhost:8080/function/func_echoit -d 'hello world'

Setup Kong

docker service create --network func_functions --detach=false \
    --name kong-database \
    -p 5432:5432 \
    -e "POSTGRES_USER=kong" \
    -e "POSTGRES_DB=kong" \
    postgres:9.4

docker service create --network func_functions --detach=false \
    --restart-condition=none --name=kong-migrations \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=kong-database" \
    kong:latest kong migrations up

docker service create --network func_functions --name kong \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=kong-database" \
    -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
    -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
    -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
    -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
    -p 8000:8000 \
    -p 8443:8443 \
    -p 8001:8001 \
    -p 8444:8444 \
    kong:latest

Put Kong in front of a single function

echo Waiting for Kong to be ready
until $(curl --output /dev/null --silent --head --fail http://localhost:8001); do
    printf '.'
    sleep 2
done

curl -i -X POST \
  --url http://localhost:8001/apis/ \
  --data 'name=echoit' \
  --data 'uris=/echo' \
  --data 'upstream_url=http://gateway:8080/function/func_echoit'

curl localhost:8000/echo -d 'hello there'

or put Kong in front of all the functions

curl -i -X POST \
  --url http://localhost:8001/apis/ \
  --data 'name=functions' \
  --data 'uris=/functs' \
  --data 'upstream_url=http://gateway:8080/function'

curl localhost:8000/functs/func_echoit -d 'hello there'

Add a some auth with a Kong plugin

curl -i -X POST \
  --url http://localhost:8001/apis/echoit/plugins/ \
  --data 'name=key-auth'

curl -i -X POST \
  --url http://localhost:8001/consumers/ \
  --data "username=jdoe"

curl -i -X POST \
  --url http://localhost:8001/consumers/jdoe/key-auth/ \
  --data 'key=longsecretkey'

Verify the plugin worked

curl localhost:8000/echo -d 'hello there'   # no key specified

curl localhost:8000/echo -d 'hello there' --header "apikey: badkey"

curl localhost:8000/echo -d 'hello there' --header "apikey: longsecretkey"