Last active
September 19, 2023 17:57
-
-
Save bastosmichael/5fc4ee00cd821f3bb0bfa2345da1739e to your computer and use it in GitHub Desktop.
Automated Kong Setup with Self-Signed Certificate in Docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Generate a self-signed certificate | |
| openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=localhost" | |
| # Read the contents of the certificate and private key into environment variables | |
| CA_CERT=$(cat cert.pem) | |
| CA_KEY=$(cat key.pem) | |
| # Cleanup the generated certificate and key files from the local file system | |
| rm -f cert.pem key.pem | |
| # Create Docker network | |
| docker network create kong-net | |
| # Run a PostgreSQL container with a specified superuser password | |
| docker run -d --name kong-database \ | |
| --network=kong-net \ | |
| -p 5432:5432 \ | |
| -e "POSTGRES_USER=kong" \ | |
| -e "POSTGRES_DB=kong" \ | |
| -e "POSTGRES_PASSWORD=supersecurepassword" \ | |
| postgres:latest | |
| # Give the database a moment to initialize | |
| sleep 20 | |
| # Prepare the Kong database | |
| docker run --rm \ | |
| --network=kong-net \ | |
| -e "KONG_DATABASE=postgres" \ | |
| -e "KONG_PG_HOST=kong-database" \ | |
| -e "KONG_PG_USER=kong" \ | |
| -e "KONG_PG_DATABASE=kong" \ | |
| -e "KONG_PG_PASSWORD=supersecurepassword" \ | |
| kong:latest kong migrations bootstrap | |
| # Run the Kong container | |
| docker run -d --name kong \ | |
| --network=kong-net \ | |
| -e "KONG_DATABASE=postgres" \ | |
| -e "KONG_PG_HOST=kong-database" \ | |
| -e "KONG_PG_USER=kong" \ | |
| -e "KONG_PG_DATABASE=kong" \ | |
| -e "KONG_PG_PASSWORD=supersecurepassword" \ | |
| -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ | |
| -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ | |
| -e "KONG_PROXY_ERROR_LOG=/dev/stdout" \ | |
| -e "KONG_ADMIN_ERROR_LOG=/dev/stdout" \ | |
| -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \ | |
| -p 8000:8000 \ | |
| -p 8443:8443 \ | |
| -p 8001:8001 \ | |
| -p 8444:8444 \ | |
| kong:latest | |
| # Allow Kong to start up | |
| sleep 10 | |
| # Add the self-signed certificate to Kong using temporary files for cert and key | |
| echo "$CA_CERT" > temp_cert.pem | |
| echo "$CA_KEY" > temp_key.pem | |
| curl -i -X POST --url http://localhost:8001/certificates/ \ | |
| --form "cert=@temp_cert.pem" \ | |
| --form "key=@temp_key.pem" | |
| rm temp_key.pem | |
| # Add the CA certificate to Kong's ca_certificates endpoint | |
| echo "$CA_CERT" > temp_ca_cert.pem | |
| curl -i -X POST --url http://localhost:8001/ca_certificates/ \ | |
| --form "cert=@temp_ca_cert.pem" | |
| rm temp_ca_cert.pem | |
| # Setup a mock backend API using httpbin | |
| docker run -d --name httpbin --network=kong-net kennethreitz/httpbin | |
| # Verify if the certificate was added | |
| curl -i -X GET --url http://localhost:8001/ca_certificates/ | |
| # Verify if the certificate was added | |
| curl -i -X GET --url http://localhost:8001/certificates/ | |
| echo "Kong is setup with a Postgres database and httpbin as a mock backend. You can access it via http://localhost:8000/httpbin" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment