🐒 The API Gateway & Microservice Management Layer, built on NGINX
Lua Other
Latest commit 45f6b01 Dec 22, 2016 @thefosk thefosk committed on GitHub Merge pull request #1923 from Mashape/hotfix/oauth2-migration

README.md

API Gateway & Microservice Management Build Status

Kong is a scalable, open source API Layer (also known as an API Gateway, or API Middleware). Kong was originally built at Mashape to secure, manage and extend over 15,000 Microservices for its API Marketplace, which generates billions of requests per month.

Backed by the battle-tested NGINX with a focus on high performance, Kong was made available as an open-source platform in 2015. Under active development, Kong is now used in production at hundreds of organizations from startups, to large enterprises and government departments including: The New York Times, Expedia, Healthcare.gov, The Guardian, Condè Nast and The University of Auckland.

Website | Docs | Installation | Blog | Mailing List | Gitter Chat | freenode: #kong

Summary

Features

  • CLI: Control your Kong cluster from the command line just like Neo in The Matrix.
  • REST API: Kong can be operated with its RESTful API for maximum flexibility.
  • Geo-Replicated: Configs are always up-to-date across different regions.
  • Failure Detection & Recovery: Kong is unaffected if one of your Cassandra nodes goes down.
  • Cluster Awareness: All Kongs auto-join the cluster keeping config updated across nodes.
  • Scalability: Distributed by nature, Kong scales horizontally simply by adding nodes.
  • Performance: Kong handles load with ease by scaling and using NGINX at the core.
  • Developer Portal: With Gelato integration, build beautiful portals for easy developer on-boarding.
  • Plugins: Extendable architecture for adding functionality to Kong and APIs.
    • OAuth2.0: Add easily an OAuth2.0 authentication to your APIs.
    • Logging: Log requests and responses to your system over HTTP, TCP, UDP or to disk.
    • JWT: Verify and authenticate JSON Web Tokens.
    • HMAC: Add HMAC Authentication to your APIs.
    • ACL: Acccess Control for your API Consumers.
    • IP-restriction: Whitelist or blacklist IPs that can make requests.
    • Response-Rate-Limiting: Rate limiting based on custom response header value.
    • API Analytics: Visualize, Inspect and Monitor API traffic with Galileo.
    • Loggly Integration: Push your traffic data through your Loggly account.
    • DataDog Integration: Easy Data monitoring through DataDog. DevOps will love it!
    • Runscope Integration: Test and Monitor your APIs.
    • Syslog: Logging to System log.
    • SSL: Setup a Specific SSL Certificate for an underlying service or API.
    • Monitoring: Live monitoring provides key load and performance server metrics.
    • Authentication: Manage consumer credentials query string and header tokens.
    • Rate-limiting: Block and throttle requests based on IP, authentication or body size.
    • Transformations: Add, remove or manipulate HTTP requests and responses.
    • CORS: Enable cross-origin requests to your APIs that would otherwise be blocked.
    • Anything: Need custom functionality? Extend Kong with your own Lua plugins!

For more info about plugins, you can check out the Plugin Gallery.

Why Kong?

If you're building for web, mobile or IoT (Internet of Things) you will likely end up needing common functionality on top of your actual software. Kong can help by acting as a gateway for HTTP requests while providing logging, authentication, rate-limiting and more through plugins.

Benchmarks

We've load tested Kong and Cassandra on AWS; you can see our benchmark report here.

Distributions

Kong comes in many shapes. While this repository contains its core's source code, other repos are also under active development:

Community Resources and Tools

Resources:

Videos:

Podcasts:

Here is a list of third-party tools maintained by the community:

Roadmap

You can find a detailed Roadmap of Kong on the Wiki.

Development

If you are planning on developing on Kong, you'll need a development installation. The next branch holds the latest unreleased source code.

You can read more about writing your own plugins in the Plugin Development Guide, or browse an online version of Kong's source code documentation in the Public Lua API Reference.

Vagrant

You can use a Vagrant box running Kong and Cassandra that you can find at Mashape/kong-vagrant.

Source Install

Kong mostly is an OpenResty application made of Lua source files, but also requires some additional third-party dependencies. We recommend installing those by following the source install instructions at https://getkong.org/install/source/.

Instead of following the second step (Install Kong), clone this repository and install the latest Lua sources instead of the currently released ones:

$ git clone https://github.com/Mashape/kong
$ cd kong/

# you might want to switch to the development branch. See CONTRIBUTING.md
$ git checkout next

# install the Lua sources
$ luarocks make

Running for development

Check out the development section of the default configuration file for properties to tweak in order to ease the development process for Kong.

Modifying the lua_package_path and lua_package_cpath directives will allow Kong to find your custom plugin's source code wherever it might be in your system.

Tests

Install the development dependencies (busted, luacheck) with:

$ make dev

Kong relies on three test suites using the busted testing library:

  • Unit tests
  • Integration tests, which require Postgres and Cassandra to be up and running
  • Plugins tests, which require Postgres to be running

The first can simply be run after installing busted and running:

$ make test

However, the integration and plugins tests will spawn a Kong instance and perform their tests against it. As so, consult/edit the spec/kong_tests.conf configuration file to make your test instance point to your Postgres/Cassandra servers, depending on your needs.

You can run the integration tests (assuming both Postgres and Cassandra are running and configured according to spec/kong_tests.conf) with:

$ make test-integration

And the plugins tests with:

$ make test-plugins

Finally, all suites can be run at once by simply using:

$ make test-all

Consult the run_tests.sh script for a more advanced example usage of the tests suites and the Makefile.

Finally, a very useful tool in Lua development (as with many other dynamic languages) is performing static linting of your code. You can use luacheck (installed with make dev) for this:

$ make lint

Makefile

When developing, you can use the Makefile for doing the following operations:

Name Description
install Install the Kong luarock globally
dev Install development dependencies
lint Lint Lua files in kong/ and spec/
test Run the unit tests suite
test-integration Run the integration tests suite
test-plugins Run the plugins test suite
test-all Run all unit + integration tests at once

Enterprise Support & Demo

Learn more about Kong Priority Support, Products, HA, Demo, Training, API Certifications and Professional Services.

License

Copyright 2016 Mashape, Inc

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.