Merge pull request #1 from ClassConnect-org/init

Init

Author: maxogod

.github/workflows/deploy.yml

@@ -0,0 +1,43 @@
+name: Deploy Kong API Gateway
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy-kong:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: Set Kubeconfig as Environment Variable
+        run: |
+          mkdir -p $HOME/.kube
+          printf "%s" "${{ secrets.KUBE_CONFIG }}" | base64 --decode > $HOME/.kube/config
+          export KUBECONFIG=$HOME/.kube/config
+          chmod 600 $HOME/.kube/config
+          echo "KUBECONFIG set."
+
+      - name: Add Kong Helm Repo
+        run: |
+          helm repo add kong https://charts.konghq.com
+          helm repo update
+
+      - name: Deploy Kong with Helm
+        run: |
+          helm upgrade --install kong kong/kong \
+            --namespace kong \
+            --create-namespace \
+            --values helm/values.yaml
+
+      - name: Wait for Kong to be Ready
+        run: |
+          kubectl rollout status deployment/kong -n kong --timeout=180s
+
+      - name: Apply Kong Plugin and Ingress Resources
+        run: |
+          kubectl apply -f k8s/
+

helm/values.yaml

@@ -0,0 +1,10 @@
+ingressController:
+  enabled: true
+  installCRDs: true
+
+proxy:
+  type: LoadBalancer
+
+env:
+  KONG_LOG_LEVEL: debug
+  KONG_PLUGINS: bundled,pre-function

k8s/ingress-administration.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: admin-ingress
+  namespace: default
+  annotations:
+    konghq.com/strip-path: "true"
+    konghq.com/plugins: check-user-auth
+spec:
+  ingressClassName: kong
+  rules:
+    - http:
+        paths:
+          - path: /admin
+            pathType: Prefix
+            backend:
+              service:
+                name: administration-microservice
+                port:
+                  number: 8080

k8s/ingress-users.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: users-ingress
+  namespace: default
+  annotations:
+    konghq.com/strip-path: "true"
+spec:
+  ingressClassName: kong
+  rules:
+    - http:
+        paths:
+          - path: /users
+            pathType: Prefix
+            backend:
+              service:
+                name: users-microservice
+                port:
+                  number: 8080

k8s/kong-plugin-auth.yaml

@@ -0,0 +1,25 @@
+apiVersion: configuration.konghq.com/v1
+kind: KongPlugin
+metadata:
+  name: check-user-auth
+  namespace: default
+config:
+  access:
+    - |
+      local http = require "resty.http"
+      local req = kong.request
+      local user_id = req.get_header("X-User-ID")
+      if not user_id then
+        return kong.response.exit(400, "Missing user ID")
+      end
+
+      local httpc = http.new()
+      local res, err = httpc:request_uri("http://users-microservice.default.svc.cluster.local:8080/users/" .. user_id, {
+        method = "GET"
+      })
+
+      if not res or res.status ~= 200 then
+        return kong.response.exit(403, "Access denied")
+      end
+plugin: pre-function
+