# Kong : API Gateway and Auth0 ###### tags: `Gateway` `Proxy` `Auth0` `Ingress` ## Install : - From market place [Market place](https://github.com/Kong/google-marketplace-kong-app/blob/master/README.md#basic-usage) - From [other way](https://docs.konghq.com/install/kubernetes/) ``` $ kubectl get svc kong-1-kong-admin-svc ClusterIP 10.3.243.51 <none> 8001/TCP,8444/TCP 7m kong-1-kong-proxy-svc LoadBalancer 10.3.245.230 34.76.169.92 80:32682/TCP,443:31525/TCP 7m kong-1-postgres-svc ClusterIP None <none> 5432/TCP 7m $ k port-forward svc/kong-1-kong-proxy-svc 8080:80 $ curl http://localhost:8080 {"message":"no route and no API found with those values"} ``` IT'OK ## Connect to Admin API from within the cluster ``` $ kubectl port-forward svc/kong-1-kong-admin-svc 8001:8001 $ curl http://localhost:8001 ``` OR ``` $ export NAME=kong-1 $ export NAMESPACE=kong $ export KONG_NODE=$(kubectl get pods --namespace=$NAMESPACE \ --selector=app.kubernetes.io/component=kong-node,app.kubernetes.io/name=$NAME \ -o go-template='{{(index .items 0).metadata.name}}') ``` ## Deploy Nginx service ``` $ kubectl run nginx --image nginx --port 80 $ kubectl expose deployment nginx --port 8080 --target-port 80 ``` ## ADD service & route to Kong - add service : ``` http POST 'http://localhost:8001/services/' 'name=nginx-service' 'url=http://nginx.default.svc.cluster.local:8080' ``` - add route : ``` http POST 'http://localhost:8001/services/nginx-service/routes' 'paths[]=/myroute' ``` ## Kong with Auth0 ### 1) Activer le plugin jwt : ``` $ http POST :8001/services/nginx-service/plugins/ 'name=jwt' ``` ### 2) Récupération de votre certificat Auth0 : ``` $ http GET 'https://{COMPANYNAME}.eu.auth0.com/pem' > {COMPANYNAME}.pem ``` ###### Extraire la clé public : ``` $ openssl x509 -pubkey -noout -in {COMPANYNAME}.pem > pubkey.pem ``` ### 3) Creation d'un consumer : ``` http POST :8001/consumers/ 'username={CUSTOM_USERNAME}' 'custom_id={AUTH0_CLIENT_ID}' ``` (me : POC H in auth0) - Ajout de la clé Auth0 récupérée en 2): ``` http post :8001/consumers/adama/jwt algorithm=RS256 rsa_public_key@./pubkey.pem key=https://{COMPANYNAME}.eu.auth0.com/ -f ``` ### 4) Test : - Récupération d'un token : Aller dans Auth0, et faire une demande de token : ``` http POST https://{COMPANYNAME}.eu.auth0.com/oauth/token 'content-type: application/json' client_id={AUTH0_CLIENT_ID} client_secret={AUTH0_CLIENT_SECRET} audience={AUTH0_API_AUDIENCE} grant_type=client_credentials ``` - Utilisation du token : ``` $ http GET 'https://api.gke.khalydethylis.com/' 'authorization:Bearer {TOKEN}' ``` https://scaleout.ninja/post/kong-meets-auth0/ https://docs.konghq.com/hub/kong-inc/jwt/#using-the-jwt-plugin-with-auth0 ## ADMIN UI https://github.com/pocketdigi/kong-admin-ui DEMO -> https://pocketdigi.github.io/kong-admin-ui