What is Kong API Gateway?

Kong API Gateway is an open-source API management tool that provides authentication, rate-limiting, logging, and security for microservices.

How do I install Kong API Gateway locally?

You can install Kong API Gateway locally using Docker or a package manager like APT or YUM, depending on your operating system.

Setting Up an API Gateway with Kong Locally

Set Up API Gateway with Kong - Step-by-Step Guide (2025)

API gateways play a crucial role in modern microservices architectures by managing API traffic, enforcing security policies, and improving performance through caching and rate limiting. Kong API Gateway is one of the most powerful and widely used open-source API gateways, offering features like authentication, rate limiting, and traffic control.

In this article, we will cover:

Installing Kong API Gateway
Configuring rate limiting, authentication, and caching
Testing API traffic management

1. Installing Kong API Gateway

Step 1: Prerequisites

Ensure you have the following dependencies installed:

Docker (preferred for ease of setup)
PostgreSQL (for Kong's database mode)
Kong Gateway

Step 2: Install Kong using Docker

Run the following command to start Kong using PostgreSQL:

docker network create kong-net

docker run -d --name kong-database \
  --network=kong-net \
  -p 5432:5432 \
  -e POSTGRES_USER=kong \
  -e POSTGRES_DB=kong \
  postgres:latest

docker run --rm --network=kong-net \
  kong/kong-gateway:latest kong migrations bootstrap

docker run -d --name kong \
  --network=kong-net \
  -e KONG_DATABASE=postgres \
  -e KONG_PG_HOST=kong-database \
  -e KONG_PROXY_ACCESS_LOG=/dev/stdout \
  -e KONG_ADMIN_ACCESS_LOG=/dev/stdout \
  -e KONG_PROXY_ERROR_LOG=/dev/stderr \
  -e KONG_ADMIN_ERROR_LOG=/dev/stderr \
  -e KONG_ADMIN_LISTEN=0.0.0.0:8001 \
  -p 8000:8000 -p 8443:8443 -p 8001:8001 -p 8444:8444 \
  kong/kong-gateway:latest

Verify that Kong is running:

curl -i http://localhost:8001

2. Configuring Rate Limiting, Authentication, and Caching

Step 1: Adding a Service and Route

Create a sample service:

curl -i -X POST http://localhost:8001/services \
  --data "name=mock-service" \
  --data "url=http://mockbin.org/request"

Expose the service via a route:

curl -i -X POST http://localhost:8001/services/mock-service/routes \
  --data "paths[]=/mock"

Step 2: Enabling Rate Limiting

Enable rate limiting to restrict excessive API requests:

curl -i -X POST http://localhost:8001/services/mock-service/plugins \
  --data "name=rate-limiting" \
  --data "config.second=5" \
  --data "config.minute=100"

Test rate limiting:

for i in {1..10}; do curl -i http://localhost:8000/mock; done

Step 3: Enabling Authentication

Kong supports various authentication mechanisms. Enable key-auth for our service:

curl -i -X POST http://localhost:8001/services/mock-service/plugins \
  --data "name=key-auth"

Create a consumer and assign an API key:

curl -i -X POST http://localhost:8001/consumers \
  --data "username=test-user"

curl -i -X POST http://localhost:8001/consumers/test-user/key-auth \
  --data "key=my-secret-key"

Test the authentication mechanism:

curl -i http://localhost:8000/mock -H "apikey: my-secret-key"

Step 4: Enabling Caching

Enable caching to reduce backend load:

curl -i -X POST http://localhost:8001/services/mock-service/plugins \
  --data "name=proxy-cache"

Test caching by making repeated requests:

curl -i http://localhost:8000/mock

3. Testing API Traffic Management

Step 1: Load Testing with Apache Benchmark

To simulate high traffic, use ab (Apache Benchmark):

ab -n 100 -c 10 http://localhost:8000/mock/

Step 2: Analyzing Logs and Metrics

Use Kong Admin API to check logs and monitor API traffic:

curl -i http://localhost:8001/status

Step 3: Monitoring with Prometheus and Grafana

To visualize traffic data, integrate Kong with Prometheus and Grafana:

docker run -d --name kong-prometheus \
  --network=kong-net \
  -p 9090:9090 \
  prom/prometheus

Use Grafana to create dashboards for API analytics.

Conclusion

Setting up Kong API Gateway locally enables API traffic management, security enforcement, and performance improvements. With features like rate limiting, authentication, and caching, Kong ensures scalable and secure API interactions.

Key takeaways:

Install Kong Gateway using Docker and PostgreSQL.
Configure services and routes to manage API endpoints.
Implement rate limiting, authentication, and caching for security and performance.
Monitor and test API traffic using benchmarking tools and observability platforms.

By following this guide, you can efficiently deploy and manage a production-ready Kong API Gateway for microservices architectures.

Setting Up an API Gateway with Kong Locally

1. Installing Kong API Gateway

Step 1: Prerequisites

Step 2: Install Kong using Docker

2. Configuring Rate Limiting, Authentication, and Caching

Step 1: Adding a Service and Route

Step 2: Enabling Rate Limiting

Step 3: Enabling Authentication

Step 4: Enabling Caching

3. Testing API Traffic Management

Step 1: Load Testing with Apache Benchmark

Step 2: Analyzing Logs and Metrics

Step 3: Monitoring with Prometheus and Grafana

Conclusion

Post a Comment

Career Roadmap for 2-5 Years Experienced Developers

Explore Cloud-Based Logging Options with Serilog Sinks

Email Id

Info

Follow US

Contact Form