
Discover Kong as a cloud native API gateway that serves as a centralized entry point and proxy between clients and backend services, handling authentication, rate limiting, and logging via plugins.
Explore Kong gateway's features, including lightweight performance, cloud-native design, and extensible plugins for OAuth, JWT, and validation, while securing APIs and enabling multi-cloud visibility with AI capabilities.
Explore Kong course timeline: install Kong with Docker, deploy to Kubernetes, use Kong admin UI and APIs to manage services, routes, and plugins; learn conga, authentication, logging, and Lua plugins.
Join a senior backend AIML full-stack developer who, after four years with Kong and grappling with scarce learning resources, created this course to simplify Kong concepts for future learners.
Install Docker on Windows by enabling Linux with WSL, then download and install Docker Desktop for Windows. Verify the setup by running Docker version in the command line.
Clone the repository, run the docker compose to start Kong gateway 3.7.1 with Postgres, and launch observability tools like Zipkin, Elasticsearch, Kibana, Logstash, Prometheus, Grafana, and conga web.
Learn to set up Kong gateway with Docker: create a Docker network, deploy a Postgres container, run migrations, and run Kong with Conga and PgAdmin for web access.
Install node and set up conga, either via Docker with Kong Gateway, Pgadmin, PostgreSQL, or by cloning the conga repo and running npm install and npm start on port 1337.
Download and install Postgres 16.2 for Windows 64-bit, then configure the database port (default 5432 or 5433 as shown). In the next video, install Pgadmin to access the database.
Install pgAdmin directly after setting up Postgres by downloading the latest pgAdmin for Windows, installing pgAdmin 4 for all users, and launching the application to get started.
Connect to the Postgres database with Pgadmin and explore the Gong database with its 84 pre-populated tables. Learn how to migrate this database for Kong, noting the Kong admin consumer.
Connect a Kong gateway to conga UI by creating an admin user and logging in, then connect to docker localhost instance to populate services, routes, consumers, plugins, upstreams, and certificates.
Learn Kong basics by creating a simple FastAPI endpoint, then mock an API to demonstrate how Kong interacts with an API and integrates with a Kong gateway.
Create your first api endpoint with fast API by building a simple health check at /health, running via uvicorn on localhost:5000, and exploring automatic swagger docs.
Explore Postman, a platform for api development, to create, test, and document apis using collections, workspaces, and environment variables with a user-friendly interface for sending http requests and managing endpoints.
Install Postman on Windows or Mac, log in to save endpoints, and test localhost:5000 for a healthy response. Use Insomnia as a Postman alternative for API testing and debugging.
Use mock api.io to create a simple api endpoint, test json data, and observe how Kong interacts with an api gateway by returning a healthy status.
Start the fastapi app with python main.py, then test the health endpoint in postman by sending a get request. Check the response and headers to confirm the service is healthy.
Kong Manager provides a user-friendly interface to administer Kong Gateway as a control plane for your API gateway. Open source Kong Manager enables routes, services, plugins, certificates management.
Explore Kong Manager in the open source edition, connect via Docker, review ports and the Postgres data store, and test a healthy endpoint with local and mock APIs.
Learn how Kong gateway services expose upstream APIs or microservices through an abstraction layer, configuring http protocol, host, path, and port, and saving gateway service entries.
Explore how routes in Kong gateway map requests to services using path, host, methods, and headers, with regex pattern match and strip path for forwarding from localhost 8000 to the backend.
learn how Kong API gateway uses consumers—application services or users—to interact with managed APIs, create a consumer with a custom ID, and attach plugins such as JWT authentication.
Explore Kong plugins, including standard Lua and custom options, and see rate limiting in action across global and route-specific scopes.
Configure Kong upstreams to route and load balance microservices with round robin, health checks, and circuit breaking. Learn how to set targets, slots, hashing options, and HTTP health checks.
Explore the Kong admin rest apis to administer and configure services, routes, plugins, and consumers, enabling automation and configuration consistency for the Kong gateway.
Master the Kong admin API to manage services, routes, plugins, and consumers via REST calls on localhost:8001, including creating, updating, deleting, and automating gateway configurations.
Learn to configure Kong API endpoints with the Konga UI, creating services and routes, inspecting plugins and consumers, and exporting configurations via snapshots for multi-environment use.
Explore the Kong conc plugin system, including built-in Lua plugins and custom plugins. Learn API key authentication and options: basic, Mac, JWT key, Ldap, OAuth 2.2, and session authentication.
Disable the rate limiting plugin, enable basic authentication globally in Kong, add credentials for consumers, and verify API responses across endpoints.
Learn how to enable key authentication in Kong by configuring API key headers or query parameters, creating credentials, and testing with APIs to ensure healthy responses.
Master jwt authentication in kong by enabling the jwt plugin globally, setting expiration to 600 seconds and issuer claims, and generating tokens with hs256 via jwt.io.
Explore Kong security plugins that protect APIs against unauthorized access, covering four inbuilt types, including bot detection and IP restriction plugins, with deeper dives in later sections.
Apply the bot detection plugin to identify and block bot traffic by inspecting the user agent header against configurable rules, denying clients like postman to protect API uptime.
Configure the cors plugin in Kong API Gateway to enable secure cross-origin communication, adding origins, methods, credentials, and max age to allow browser requests from specific domains.
Explore how the ip restriction plugin in kong api gateway controls access to services by using allow and deny lists, cidr ranges, and ipv4/ipv6, with positive and negative security models.
Explore Kong's traffic control plugins for the api gateway, gaining granular control over traffic to boost security, performance, and scalability, with acl, ai, prompt guard, proxy caching, and rate limiting.
Learn how the ACL plugin manages access with positive and negative security models by defining allow and deny groups, using consumers, and enforcing rules on routes, alongside authentication plugins.
Learn how the ai prompt guard plugin for Kong API gateway uses regular expressions as allow and deny lists to filter language model requests before they reach the model.
Learn how Kong gateway uses proxy caching to speed responses by serving cached results from memory or Redis, with per-route scope and TTL settings to reduce upstream load.
Explore how the rate limiting plugin caps HTTP requests to a service or route within a chosen time window, applying per-minute limits to prevent too many requests.
Explore the request size limiting plugin to block requests whose bodies exceed a set threshold, enabling 413 responses and defending against denial-of-service attacks while preserving backend efficiency.
Enable the request termination plugin to act as an emergency stop for your API, returning a 503 with a message to disable an endpoint, block a consumer, or aid debugging.
Explore Kong's response rate limiting using quotas and custom headers to cap requests by per-second to per-year limits, with IP or authenticated consumers and headers like x-limit videos per minute.
In this course, you will learn Kong, Kong API Gateway is a powerful tool for managing APIs in a microservices architecture. Here are some common use cases for Kong API Gateway and things we are going to cover in this course.
Installing Kong: Installing Kong via Docker
Interacting with Kong via Konga: Open-Source GUI to Kong Admin API
Interacting Kong via REST API: create services, Routes, Consumers, and plugins in Kong via REST APIs.
Microservices Abstraction: It acts as a single entry point for all backend services, simplifying the development, deployment, and management of systems.
Security and Authentication: Kong can manage security concerns like SSL/TLS termination, OAuth2.0, JWT, API keys, and more, ensuring secure access to your services.
Traffic Control: With features like rate limiting, request size limiting, and circuit breakers, Kong helps control the traffic flow to your services.
Analytics and Monitoring: Kong provides real-time analytics and monitoring capabilities, allowing you to track API performance and usage patterns.
AI Gateway with Multi-LLM Support: This allows developers who want to integrate one or more LLMs into their products to be more productive and ship AI capabilities faster while offering a solution to architects and platform teams that ensures visibility, control, and compliance on every AI request sent by the teams. And because it’s built on top of Kong Gateway, it will be possible to orchestrate AI flows in the cloud or on self-hosted LLMs with the best performance and the lowest latency, which are critical in AI-based applications.
High Availability: Kong supports clustering for high availability, ensuring that the API gateway remains operational even if some nodes fail.
Load Balancing: It can distribute incoming API traffic across multiple backend services, improving performance and reliability.
Request and Response Transformations: Kong can modify requests and responses on the fly, such as adding, removing, or modifying headers.
Decoupling: By decoupling the client-facing API endpoints from the underlying microservice architecture, Kong allows for seamless updates and changes to the services without affecting the clients.
Extending Kong via Creating Custom Plugins in Lua: Creating custom plugins in Lua for Kong API Gateway allows you to extend its functionality to suit your specific needs.
Learn Lua (Optional): We are going to learn Lua Programming Language.