You are browsing documentation for an outdated version. See the latest documentation here.

Install Kong Gateway on Docker

Kong Gateway supports both PostgreSQL 9.5+ and Cassandra 3.11.* as its datastore. This guide provides steps to configure PostgreSQL.

If you prefer to use the open-source Kong Gateway image with Docker Compose, Kong also provides a Docker Compose template with built-in orchestration and scalability.

Some older Kong Gateway images are not publicly accessible. If you need a specific patch version and can’t find it on Kong’s public Docker Hub page, contact Kong Support.

The Kong Gateway software is governed by the Kong Software License Agreement. Kong Gateway (OSS) is licensed under an Apache 2.0 license.

Prerequisites

A Docker-enabled system with proper Docker access
(Enterprise only) A license.json file from Kong

Choose a path to install Kong Gateway:

With a database: Use a database to store Kong entity configurations. Can use the Admin API or declarative configuration files to configure Kong.
Without a database (DB-less mode): Store Kong configuration in-memory on the node. In this mode, the Admin API is read only, and you have to manage Kong using declarative configuration.

If this is your first time trying out Kong Gateway, we recommend installing it with a database.

Install Kong Gateway with a database

Set up a Kong Gateway container with a PostgreSQL database to store Kong configuration.

Deprecation warning: Cassandra as a backend database for Kong Gateway is deprecated. Support for Cassandra will be removed in a future release.
Our target for Cassandra removal is the Kong Gateway 3.4 release. Starting with the Kong Gateway 3.0 release, some new features might not be supported with Cassandra.

Prepare the database

Create a custom Docker network to allow the containers to discover and communicate with each other:
```
 docker network create kong-net
```
You can name this network anything you want. We use kong-net as an example throughout this guide.
Start a PostgreSQL container:
```
 docker run -d --name kong-database \
  --network=kong-net \
  -p 5432:5432 \
  -e "POSTGRES_USER=kong" \
  -e "POSTGRES_DB=kong" \
  -e "POSTGRES_PASSWORD=kongpass" \
  postgres:9.6
```
- POSTGRES_USER and POSTGRES_DB: Set these values to kong. This is the default value that Kong Gateway expects.
- POSTGRES_PASSWORD: Set the database password to any string.
In this example, the Postgres container named kong-database can communicate with any containers on the kong-net network.
Prepare the Kong database:
Kong Gateway

Kong Gateway (OSS)
docker run --rm --network=kong-net \ -e "KONG_DATABASE=postgres" \ -e "KONG_PG_HOST=kong-database" \ -e "KONG_PG_PASSWORD=kongpass" \ -e "KONG_PASSWORD=test" \ kong/kong-gateway:2.7.2.0-alpine kong migrations bootstrap
docker run --rm --network=kong-net \ -e "KONG_DATABASE=postgres" \ -e "KONG_PG_HOST=kong-database" \ -e "KONG_PG_PASSWORD=kongpass" \ kong:2.7.2-alpine kong migrations bootstrap
Where:
- KONG_DATABASE: Specifies the type of database that Kong is using.
- KONG_PG_HOST: The name of the Postgres Docker container that is communicating over the kong-net network, from the previous step.
- KONG_PG_PASSWORD: The password that you set when bringing up the Postgres container in the previous step.
- KONG_PASSWORD (Enterprise only): The default password for the admin super user for Kong Gateway.
- {IMAGE-NAME:TAG} kong migrations bootstrap: In order, this is the Kong Gateway container name and tag, followed by the command to Kong to prepare the Postgres database.

Start Kong Gateway

Important: The settings below are intended for non-production use only, as they override the default admin_listen setting to listen for requests from any source. Do not use these settings in environments directly exposed to the internet.

If you need to expose the admin_listen port to the internet in a production environment,

secure it with authentication.

Run the following command to start a container with Kong Gateway:

      Kong Gateway
    

      Kong Gateway (OSS)
    
docker run -d --name kong-gateway \
 --network=kong-net \
 -e "KONG_DATABASE=postgres" \
 -e "KONG_PG_HOST=kong-database" \
 -e "KONG_PG_USER=kong" \
 -e "KONG_PG_PASSWORD=kongpass" \
 -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
 -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
 -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
 -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
 -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
 -e "KONG_ADMIN_GUI_URL=http://localhost:8002" \
 -p 8000:8000 \
 -p 8443:8443 \
 -p 8001:8001 \
 -p 8444:8444 \
 -p 8002:8002 \
 -p 8445:8445 \
 -p 8003:8003 \
 -p 8004:8004 \
 kong/kong-gateway:2.7.2.0-alpine
docker run -d --name kong-gateway \
 --network=kong-net \
 -e "KONG_DATABASE=postgres" \
 -e "KONG_PG_HOST=kong-database" \
 -e "KONG_PG_USER=kong" \
 -e "KONG_PG_PASSWORD=kongpass" \
 -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
 -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
 -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
 -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
 -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
 -p 8000:8000 \
 -p 8443:8443 \
 -p 127.0.0.1:8001:8001 \
 -p 127.0.0.1:8444:8444 \
 kong:2.7.2-alpine

Where:

--name and --network: The name of the container to create, and the Docker network it communicates on.
KONG_DATABASE: Specifies the type of database that Kong is using.
KONG_PG_HOST: The name of the Postgres Docker container that is communicating over the kong-net network.
KONG_PG_USER and KONG_PG_PASSWORD: The Postgres username and password. Kong Gateway needs the login information to store configuration data in the KONG_PG_HOST database.
All _LOG parameters: set filepaths for the logs to output to, or use the values in the example to print messages and errors to stdout and stderr.
KONG_ADMIN_LISTEN: The port that the Kong Admin API listens on for requests.
KONG_ADMIN_GUI_URL: (Enterprise only) The URL for accessing Kong Manager, preceded by a protocol (for example, http://).

Verify your installation:

Access the /services endpoint using the Admin API:
```
 curl -i -X GET --url http://localhost:8001/services
```
You should receive a 200 status code.
(Not available in OSS) Verify that Kong Manager is running by accessing it using the URL specified in KONG_ADMIN_GUI_URL:
```
 http://localhost:8002
```

Get started with Kong Gateway

Now that you have a running Gateway instance, Kong provides a series of getting started guides to help you set up and enhance your first Service.

In particular, right after installation you might want to:

Clean up containers

If you’re done testing Kong Gateway and no longer need the containers, you can clean them up using the following commands:

docker kill kong-gateway
docker kill kong-database
docker container rm kong-gateway
docker container rm kong-database
docker network rm kong-net

Install Kong Gateway in DB-less mode

The following steps walk you through starting Kong Gateway in DB-less mode.

Create a Docker network

Run the following command:

docker network create kong-net

You can name this network anything you want. We use kong-net as an example throughout this guide.

This step is not strictly needed for running Kong in DB-less mode, but it is a good precaution in case you want to add other things in the future (like a Rate Limiting plugin backed up by a Redis cluster).

Prepare your configuration file

Prepare your declarative configuration file in .yml or .json format.

The syntax and properties are described in the Declarative Configuration format guide. Add whatever core entities (Services, Routes, Plugins, Consumers, etc) you need to this file.

For example, a simple file with a Service and a Route could look something like this:
```
 _format_version: "1.1"
 _transform: true

 services:
 - host: mockbin.org
   name: example_service
   port: 80
   protocol: http
   routes:
   - name: example_route
     paths:
     - /mock
     strip_path: true
```
This guide assumes you named the file kong.yml.
Save your declarative configuration locally, and note the filepath.

Start Kong Gateway in DB-less mode

Important: The settings below are intended for non-production use only, as they override the default admin_listen setting to listen for requests from any source. Do not use these settings in environments directly exposed to the internet.

If you need to expose the admin_listen port to the internet in a production environment,

secure it with authentication.

From the same directory where you just created the kong.yml file, run the following command to start a container with Kong Gateway:

      Kong Gateway
    

      Kong Gateway (OSS)
    
docker run -d --name kong-dbless \
 --network=kong-net \
 -v "$(pwd):/kong/declarative/" \
 -e "KONG_DATABASE=off" \
 -e "KONG_DECLARATIVE_CONFIG=/kong/declarative/kong.yml" \
 -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
 -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
 -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
 -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
 -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
 -e "KONG_ADMIN_GUI_URL=http://localhost:8002" \
 -p 8000:8000 \
 -p 8443:8443 \
 -p 8001:8001 \
 -p 8444:8444 \
 -p 8002:8002 \
 -p 8445:8445 \
 -p 8003:8003 \
 -p 8004:8004 \
 kong/kong-gateway:2.7.2.0-alpine
docker run -d --name kong-dbless \
 --network=kong-net \
 -v "$(pwd):/kong/declarative/" \
 -e "KONG_DATABASE=off" \
 -e "KONG_DECLARATIVE_CONFIG=/kong/declarative/kong.yml" \
 -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
 -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
 -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
 -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
 -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
 -p 8000:8000 \
 -p 8443:8443 \
 -p 127.0.0.1:8001:8001 \
 -p 127.0.0.1:8444:8444 \
 kong:2.7.2-alpine

Where:

--name and --network: The name of the container to create, and the Docker network it communicates on.
-v $(pwd):/path/to/target/: Mount the current directory on your local filesystem to a directory in the Docker container. This makes the kong.yml file visible from the Docker container.
KONG_DATABASE: Sets the database to off to tell Kong not to use any backing database for configuration storage.
KONG_DECLARATIVE_CONFIG: The path to a declarative configuration file inside the container. This path should match the target path that you’re mapping with -v.
All _LOG parameters: set filepaths for the logs to output to, or use the values in the example to print messages and errors to stdout and stderr.
KONG_ADMIN_LISTEN: The port that the Kong Admin API listens on for requests.
KONG_ADMIN_GUI_URL: (Enterprise only) The URL for accessing Kong Manager, preceded by a protocol (for example, http://).

Verify that Kong Gateway is running:
```
 curl -i http://localhost:8001
```
Test an endpoint. For example, get a list of services:
```
 curl -i http://localhost:8001/services
```

Get started with Kong Gateway

Now that you have a running Gateway instance, Kong provides a series of getting started guides to help you set up and enhance your first Service.

If you use the sample kong.yml in this guide, you already have a Service and a Route configured. Here are a few more things to check out:

Clean up containers

If you’re done testing Kong Gateway and no longer need the containers, you can clean them up using the following commands:

docker kill kong-dbless
docker container rm kong-dbless
docker network rm kong-net

Troubleshooting

If you did not receive a 200 OK status code or need assistance completing setup, reach out to your support contact or head over to the Support Portal.