Migrating from Mule to Kong as an API gateway and integrating with PingFederate for security - ganmath/learners GitHub Wiki
- Install Java Development Kit (JDK)
- Install Maven: Required for building your Spring Boot application.
- Download and Install Kong: You can download the standalone Kong distribution from the official website.
- Mule Standalone: If you have a standalone Mule installation, ensure it is up and running for comparison/testing purposes.
- PingFederate: Ensure you have access to a PingFederate server for obtaining tokens.
- Download the latest Kong Community Edition for Windows from the Kong website.
- Extract the downloaded file to a directory, e.g.,
C:\Kong. - Add the Kong bin directory to your system PATH.
-
Create a configuration file,
kong.conf, in theC:\Kongdirectory with the following basic settings:database = off admin_listen = 127.0.0.1:8001 proxy_listen = 127.0.0.1:8000 -
Start Kong using the following command:
kong start -c C:\Kong\kong.conf
-
Verify Kong is running by accessing
http://127.0.0.1:8001in your browser.
Ensure your Spring Boot microservices are configured correctly and running. For this example, let's assume you have an application running on http://localhost:8080.
Ensure your PingFederate instance is set up to issue tokens. This typically involves configuring a client in PingFederate and ensuring the necessary endpoints are accessible.
Use Kong's Admin API to create routes and services.
curl -i -X POST http://localhost:8001/services/ \
--data name=my-service \
--data url='http://localhost:8080'curl -i -X POST http://localhost:8001/services/my-service/routes \
--data 'hosts[]=localhost' \
--data 'paths[]=/my-service'Use Kong's OpenID Connect plugin to secure your service with PingFederate.
-
Create a JSON file named
oidc-config.jsonwith the following content:{ "name": "openid-connect", "config": { "issuer": "https://<pingfederate-server>/as", "client_id": "<client-id>", "client_secret": "<client-secret>", "redirect_uri": "http://localhost:8000/callback", "ssl_verify": false, "scopes": "openid" } } -
Apply the configuration to your service:
curl -i -X POST http://localhost:8001/services/my-service/plugins --data @oidc-config.json --header "Content-Type: application/json" -
Verify the plugin is enabled by accessing
http://localhost:8001/services/my-service/plugins.
- Open your browser and navigate to
http://localhost:8000/my-service. - You should be redirected to PingFederate for authentication.
- After authentication, you should be redirected back and see the response from your Spring Boot application routed through Kong.
You may need to add plugins for features like rate limiting, logging, etc.
curl -i -X POST http://localhost:8001/services/my-service/plugins \
--data "name=rate-limiting" \
--data "config.second=5" \
--data "config.hour=10000"Update your Spring Boot application to use Kong instead of Mule for the API gateway. This might involve updating URLs and removing any Mule-specific configuration.
Once you have verified that everything works correctly with Kong, you can decommission your Mule setup.
- Install and Configure Kong: Set up Kong on your Windows laptop.
- Configure Spring Boot Microservices: Ensure they are running correctly.
- Configure PingFederate: Ensure it is set up to issue tokens.
- Create Kong Services and Routes: Use Kong’s Admin API to set up routes and services.
- Secure the Service with PingFederate: Use the OpenID Connect plugin.
- Test the Configuration: Ensure requests are routed through Kong and secured by PingFederate.
- Implement Additional Plugins: Add necessary plugins for additional functionality.
- Update Spring Boot Configuration: Adjust your application to use Kong.
- Decommission Mule: Remove Mule configuration once Kong is fully operational.
By following these steps, you can successfully migrate your Spring Boot microservice from Mule to Kong as an API gateway and integrate PingFederate for security.