1. Home
  2. Kong API Gateway - Using jwt token based authentication example Code

Kong API Gateway - Using jwt token based authentication example Code

Kong API Gateway - JWT Example Code

Image Source: https://pixabay.com

 

In Kong, there is a plugin which gives you option to enable jwt based authentication facility in your app.

 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: php-apache-deployment
spec:
  selector:
    matchLabels:
      app: php-apache
  replicas: 1
  template:
    metadata:
      labels:
        app: php-apache
    spec:
      containers:
        - name: php-apache
          image: php:7.2-apache
          ports:
            - containerPort: 80
          volumeMounts:
            - name: workdir
              mountPath: /var/www/html
      initContainers:
        - name: busybox1
          image: busybox
          command: [ "/bin/sh" ]
          args: [ "-c", "echo '<html><h1>Server Time is <?php echo date(\"l jS \\of F Y h:i:s A\"); ?></h1><html>' >> /work-dir/index.php" ]
          volumeMounts:
            - name: workdir
              mountPath: "/work-dir"

        - name: busybox2
          image: busybox
          command: [ "/bin/sh" ]
          args: [ "-c", "echo '<html><pre>Header Information <?php print_r(apache_request_headers()); ?></pre><html>' >> /work-dir/headers.php" ]
          volumeMounts:
            - name: workdir
              mountPath: "/work-dir"

      dnsPolicy: Default
      volumes:
        - name: workdir
          emptyDir: { }
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: php-apache-service
  name: php-apache-service
spec:
  selector:
    app: php-apache
  type: NodePort
  ports:
    - name: proxy-server-port
      port: 8080
      targetPort: 80
      nodePort: 32002
---
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: request-id
config:
  header_name: my-request-id
plugin: correlation-id
---
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: app-jwt
plugin: jwt
---
apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
  name: admin
  annotations:
    kubernetes.io/ingress.class: kong
username: admin
credentials:
  - app-admin-jwt
---
apiVersion: v1
kind: Secret
metadata:
  name: app-admin-jwt
  namespace: default
stringData:
  algorithm: RS256
  key: admin-issuer
  kongCredType: jwt
  rsa_public_key: |-
    -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis1ZjfNB0bBgKFMSv
    vkTtwlvBsaJq7S5wA+kzeVOVpVWwkWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHc
    aT92whREFpLv9cj5lTeJSibyr/Mrm/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIy
    tvHWTxZYEcXLgAXFuUuaS3uF9gEiNQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0
    e+lf4s4OxQawWD79J9/5d3Ry0vbV3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWb
    V6L11BWkpzGXSW4Hv43qa+GSYOD2QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9
    MwIDAQAB
    -----END PUBLIC KEY-----
type: Opaque
# use the following bearer token
# eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6ImFkbWluIiwiaXNzIjoiYWRtaW4taXNzdWVyIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.TZXtM_-PSWgpj6B93nPncggC_IwdGbt7SzSenm1ZNs2uBnONE2OEgC7j1PU-6jBInZTXK53Mei3eSXR15FXAFilV_CjnW7VxvaMsR-G587d0UUNAggVIH-M5T6UuiPBtj2uQnaila__OZcnmXis4qjlxb1CGir1V1xwaOBSfLZSsczqObhw4wf_84ShfZib3rO2b8hUOozA2tgTjKG4VB8ZWbEtC56CELpSHULKf8rvnNtYVibrfGAiT5B5HaIky_c-odc3HmcTkT8jCV1dqncJgUYidLe2G6beb4WfU-3H0FmNhAiUGJSmhCsocP2Dt7xIITFdBX4RJMpXEyiVd_w
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kong-demo-ingress
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/plugins: app-jwt
spec:
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: php-apache-service
                port:
                  number: 8080

Output:

 

Kong JWT example

Tags
Kubernetes
Kong API Gateway
Cloud