This repo shows a setup of using Kong as ingress controller in Kubernetes.
It is configured with one endpoint that has rate limiting applied based on the client id for an OAuth Bearer token
in the request Authorization header.
The client id is read from the token using a token introspection request to a specified endpoint.
The following steps shows how to run it locally, using Minikube:
- Build Docker image for Kong, including custom plugins, and make sure the image is available in Minikube:
$ minikube start $ eval $(minikube docker-env) $ docker build -t kong-with-local-plugin .
- Run Kong in k8s:
$ helm repo add kong https://charts.konghq.com $ helm repo update $ helm init $ helm install -f kong-override.yaml --name kong kong/kong $ export PROXY_IP=$(minikube service kong-kong-proxy --url | head -1)
- Setup echo-server (from here):
$ kubectl apply -f https://bit.ly/echo-service - First, configure
introspection_endpointandintrospection_client_credentialsiningress.yaml, then add ingress rule with Kong plugins configured:$ kubectl apply -f ingress.yaml
To test it, make some requests and check the returned rate limiting headers:
$ curl -i ${PROXY_IP}/foo # without authorization, rate limiting defaults to client IP
$ curl -i ${PROXY_IP}/foo -H 'Authorization: Bearer <token>' # with authorization, rate limiting will use client id from valid token