docker.recipes

Kong API Gateway Enterprise Stack

advanced

Full Kong Gateway with plugins, Konga admin UI, and PostgreSQL backend.

Overview

Kong is a cloud-native API gateway built on OpenResty and designed to handle millions of API requests for modern architectures. Originally developed by Mashape (now Kong Inc.) in 2015, Kong has become one of the most widely adopted API gateways, offering traffic control, security, analytics, and transformation capabilities through its extensive plugin ecosystem. It serves as a central control point for API traffic, providing rate limiting, authentication, load balancing, and request/response transformation. This enterprise-grade deployment creates a comprehensive API management platform with six specialized services: a PostgreSQL database (kong-database) for Kong's configuration storage, an initialization service (kong-migrations) to bootstrap the database schema, the main Kong gateway instance, Konga as a web-based administration interface, Prometheus for metrics collection, and Grafana for visualization and monitoring dashboards. The stack uses PostgreSQL as Kong's backing store instead of the simpler DB-less mode, enabling advanced features like clustering and plugin data persistence. This configuration is ideal for organizations transitioning from monolithic architectures to microservices, platform teams building internal API platforms, and enterprises requiring sophisticated API governance with full observability. The combination of Kong's enterprise-class gateway capabilities with Konga's intuitive management interface and the Prometheus-Grafana monitoring stack provides everything needed to operate APIs at scale with proper visibility into performance and usage patterns.

Key Features

  • Plugin-based architecture with 50+ community and enterprise plugins for authentication, rate limiting, and transformations
  • Konga web interface for visual API gateway management, service configuration, and plugin administration
  • PostgreSQL-backed configuration enabling Kong clustering, plugin data persistence, and advanced routing rules
  • Prometheus metrics collection with Kong-specific performance indicators and API usage statistics
  • Grafana dashboards for real-time API gateway monitoring, traffic analysis, and SLA tracking
  • Declarative configuration support for GitOps workflows and infrastructure-as-code deployments
  • Multi-protocol support including HTTP/HTTPS, gRPC, WebSocket, and TCP stream proxying
  • Database migration automation ensuring proper Kong schema initialization and upgrades

Common Use Cases

  • 1Microservices API gateway providing unified entry point for distributed service architectures
  • 2Enterprise API management platform with centralized authentication, rate limiting, and analytics
  • 3Developer portal backend offering API discovery, documentation, and self-service onboarding
  • 4Multi-tenant SaaS platforms requiring per-customer rate limiting, authentication, and usage tracking
  • 5Legacy system modernization providing modern API interfaces over existing backend services
  • 6Internal API platform for large organizations standardizing service-to-service communication
  • 7E-commerce platforms managing high-volume API traffic with sophisticated caching and transformation needs

Prerequisites

  • Docker Engine 20.10+ and Docker Compose v2 with at least 4GB RAM available for the complete stack
  • Available ports 8000, 8001, 8002, 8443, 8444 for Kong services, plus 1337 for Konga, 9090 for Prometheus, and 3000 for Grafana
  • Understanding of API gateway concepts, HTTP routing, and basic Kong plugin configuration
  • Prometheus configuration file (prometheus.yml) in the project directory for metrics collection setup
  • Environment variables KONG_PG_PASSWORD and GRAFANA_PASSWORD configured for database and admin access
  • Basic knowledge of PostgreSQL administration for backup, maintenance, and performance tuning

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  kong-database: 
3    image: postgres:15-alpine
4    environment: 
5      POSTGRES_USER: kong
6      POSTGRES_DB: kong
7      POSTGRES_PASSWORD: ${KONG_PG_PASSWORD}
8    volumes: 
9      - kong_db:/var/lib/postgresql/data
10    healthcheck: 
11      test: ["CMD", "pg_isready", "-U", "kong"]
12      interval: 10s
13      timeout: 5s
14      retries: 5
15    networks: 
16      - kong_net
17
18  kong-migrations: 
19    image: kong:latest
20    command: kong migrations bootstrap
21    depends_on: 
22      kong-database: 
23        condition: service_healthy
24    environment: 
25      KONG_DATABASE: postgres
26      KONG_PG_HOST: kong-database
27      KONG_PG_USER: kong
28      KONG_PG_PASSWORD: ${KONG_PG_PASSWORD}
29    networks: 
30      - kong_net
31    restart: on-failure
32
33  kong: 
34    image: kong:latest
35    depends_on: 
36      kong-database: 
37        condition: service_healthy
38      kong-migrations: 
39        condition: service_completed_successfully
40    environment: 
41      KONG_DATABASE: postgres
42      KONG_PG_HOST: kong-database
43      KONG_PG_USER: kong
44      KONG_PG_PASSWORD: ${KONG_PG_PASSWORD}
45      KONG_PROXY_ACCESS_LOG: /dev/stdout
46      KONG_ADMIN_ACCESS_LOG: /dev/stdout
47      KONG_PROXY_ERROR_LOG: /dev/stderr
48      KONG_ADMIN_ERROR_LOG: /dev/stderr
49      KONG_ADMIN_LISTEN: 0.0.0.0:8001
50      KONG_ADMIN_GUI_URL: http://localhost:8002
51    ports: 
52      - "8000:8000"
53      - "8443:8443"
54      - "8001:8001"
55      - "8002:8002"
56      - "8444:8444"
57    healthcheck: 
58      test: ["CMD", "kong", "health"]
59      interval: 10s
60      timeout: 10s
61      retries: 10
62    networks: 
63      - kong_net
64
65  konga: 
66    image: pantsel/konga:latest
67    depends_on: 
68      kong: 
69        condition: service_healthy
70    environment: 
71      DB_ADAPTER: postgres
72      DB_HOST: kong-database
73      DB_USER: kong
74      DB_PASSWORD: ${KONG_PG_PASSWORD}
75      DB_DATABASE: konga
76      NODE_ENV: production
77    ports: 
78      - "1337:1337"
79    networks: 
80      - kong_net
81
82  prometheus: 
83    image: prom/prometheus:latest
84    ports: 
85      - "9090:9090"
86    volumes: 
87      - ./prometheus.yml:/etc/prometheus/prometheus.yml
88      - prometheus_data:/prometheus
89    networks: 
90      - kong_net
91
92  grafana: 
93    image: grafana/grafana:latest
94    ports: 
95      - "3000:3000"
96    environment: 
97      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
98    volumes: 
99      - grafana_data:/var/lib/grafana
100    networks: 
101      - kong_net
102
103volumes: 
104  kong_db: 
105  prometheus_data: 
106  grafana_data: 
107
108networks: 
109  kong_net:

.env Template

.env
1# Kong Gateway
2KONG_PG_PASSWORD=secure_kong_password
3GRAFANA_PASSWORD=secure_grafana_password
4
5# Proxy at http://localhost:8000
6# Admin API at http://localhost:8001
7# Konga at http://localhost:1337

Usage Notes

  1. 1Proxy at http://localhost:8000
  2. 2Admin API at http://localhost:8001
  3. 3Konga UI at http://localhost:1337
  4. 4SSL proxy at https://localhost:8443
  5. 5Configure routes and plugins via Admin API

Individual Services(6 services)

Copy individual services to mix and match with your existing compose files.

kong-database
kong-database:
  image: postgres:15-alpine
  environment:
    POSTGRES_USER: kong
    POSTGRES_DB: kong
    POSTGRES_PASSWORD: ${KONG_PG_PASSWORD}
  volumes:
    - kong_db:/var/lib/postgresql/data
  healthcheck:
    test:
      - CMD
      - pg_isready
      - "-U"
      - kong
    interval: 10s
    timeout: 5s
    retries: 5
  networks:
    - kong_net
kong-migrations
kong-migrations:
  image: kong:latest
  command: kong migrations bootstrap
  depends_on:
    kong-database:
      condition: service_healthy
  environment:
    KONG_DATABASE: postgres
    KONG_PG_HOST: kong-database
    KONG_PG_USER: kong
    KONG_PG_PASSWORD: ${KONG_PG_PASSWORD}
  networks:
    - kong_net
  restart: on-failure
kong
kong:
  image: kong:latest
  depends_on:
    kong-database:
      condition: service_healthy
    kong-migrations:
      condition: service_completed_successfully
  environment:
    KONG_DATABASE: postgres
    KONG_PG_HOST: kong-database
    KONG_PG_USER: kong
    KONG_PG_PASSWORD: ${KONG_PG_PASSWORD}
    KONG_PROXY_ACCESS_LOG: /dev/stdout
    KONG_ADMIN_ACCESS_LOG: /dev/stdout
    KONG_PROXY_ERROR_LOG: /dev/stderr
    KONG_ADMIN_ERROR_LOG: /dev/stderr
    KONG_ADMIN_LISTEN: 0.0.0.0:8001
    KONG_ADMIN_GUI_URL: http://localhost:8002
  ports:
    - "8000:8000"
    - "8443:8443"
    - "8001:8001"
    - "8002:8002"
    - "8444:8444"
  healthcheck:
    test:
      - CMD
      - kong
      - health
    interval: 10s
    timeout: 10s
    retries: 10
  networks:
    - kong_net
konga
konga:
  image: pantsel/konga:latest
  depends_on:
    kong:
      condition: service_healthy
  environment:
    DB_ADAPTER: postgres
    DB_HOST: kong-database
    DB_USER: kong
    DB_PASSWORD: ${KONG_PG_PASSWORD}
    DB_DATABASE: konga
    NODE_ENV: production
  ports:
    - "1337:1337"
  networks:
    - kong_net
prometheus
prometheus:
  image: prom/prometheus:latest
  ports:
    - "9090:9090"
  volumes:
    - ./prometheus.yml:/etc/prometheus/prometheus.yml
    - prometheus_data:/prometheus
  networks:
    - kong_net
grafana
grafana:
  image: grafana/grafana:latest
  ports:
    - "3000:3000"
  environment:
    - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
  volumes:
    - grafana_data:/var/lib/grafana
  networks:
    - kong_net

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  kong-database:
5    image: postgres:15-alpine
6    environment:
7      POSTGRES_USER: kong
8      POSTGRES_DB: kong
9      POSTGRES_PASSWORD: ${KONG_PG_PASSWORD}
10    volumes:
11      - kong_db:/var/lib/postgresql/data
12    healthcheck:
13      test: ["CMD", "pg_isready", "-U", "kong"]
14      interval: 10s
15      timeout: 5s
16      retries: 5
17    networks:
18      - kong_net
19
20  kong-migrations:
21    image: kong:latest
22    command: kong migrations bootstrap
23    depends_on:
24      kong-database:
25        condition: service_healthy
26    environment:
27      KONG_DATABASE: postgres
28      KONG_PG_HOST: kong-database
29      KONG_PG_USER: kong
30      KONG_PG_PASSWORD: ${KONG_PG_PASSWORD}
31    networks:
32      - kong_net
33    restart: on-failure
34
35  kong:
36    image: kong:latest
37    depends_on:
38      kong-database:
39        condition: service_healthy
40      kong-migrations:
41        condition: service_completed_successfully
42    environment:
43      KONG_DATABASE: postgres
44      KONG_PG_HOST: kong-database
45      KONG_PG_USER: kong
46      KONG_PG_PASSWORD: ${KONG_PG_PASSWORD}
47      KONG_PROXY_ACCESS_LOG: /dev/stdout
48      KONG_ADMIN_ACCESS_LOG: /dev/stdout
49      KONG_PROXY_ERROR_LOG: /dev/stderr
50      KONG_ADMIN_ERROR_LOG: /dev/stderr
51      KONG_ADMIN_LISTEN: 0.0.0.0:8001
52      KONG_ADMIN_GUI_URL: http://localhost:8002
53    ports:
54      - "8000:8000"
55      - "8443:8443"
56      - "8001:8001"
57      - "8002:8002"
58      - "8444:8444"
59    healthcheck:
60      test: ["CMD", "kong", "health"]
61      interval: 10s
62      timeout: 10s
63      retries: 10
64    networks:
65      - kong_net
66
67  konga:
68    image: pantsel/konga:latest
69    depends_on:
70      kong:
71        condition: service_healthy
72    environment:
73      DB_ADAPTER: postgres
74      DB_HOST: kong-database
75      DB_USER: kong
76      DB_PASSWORD: ${KONG_PG_PASSWORD}
77      DB_DATABASE: konga
78      NODE_ENV: production
79    ports:
80      - "1337:1337"
81    networks:
82      - kong_net
83
84  prometheus:
85    image: prom/prometheus:latest
86    ports:
87      - "9090:9090"
88    volumes:
89      - ./prometheus.yml:/etc/prometheus/prometheus.yml
90      - prometheus_data:/prometheus
91    networks:
92      - kong_net
93
94  grafana:
95    image: grafana/grafana:latest
96    ports:
97      - "3000:3000"
98    environment:
99      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
100    volumes:
101      - grafana_data:/var/lib/grafana
102    networks:
103      - kong_net
104
105volumes:
106  kong_db:
107  prometheus_data:
108  grafana_data:
109
110networks:
111  kong_net:
112EOF
113
114# 2. Create the .env file
115cat > .env << 'EOF'
116# Kong Gateway
117KONG_PG_PASSWORD=secure_kong_password
118GRAFANA_PASSWORD=secure_grafana_password
119
120# Proxy at http://localhost:8000
121# Admin API at http://localhost:8001
122# Konga at http://localhost:1337
123EOF
124
125# 3. Start the services
126docker compose up -d
127
128# 4. View logs
129docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/kong-enterprise-gateway/run | bash

Troubleshooting

  • Kong container fails with 'database not ready': Ensure kong-database health check passes before Kong starts, check PostgreSQL logs for connection issues
  • Konga shows 'Connection to Kong failed': Verify Kong admin API is accessible on port 8001 and kong service is healthy
  • kong-migrations service exits with schema errors: Clean kong_db volume and restart to reinitialize database with proper Kong schema
  • Prometheus shows no Kong metrics: Configure Kong Prometheus plugin and ensure metrics endpoint is enabled in Kong configuration
  • 502 Bad Gateway on proxy port 8000: Check that upstream services are configured correctly in Kong and target backends are reachable
  • Grafana dashboards show no data: Verify Prometheus data source configuration and ensure Kong metrics are being scraped successfully

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

kongpostgresqlkongaprometheusgrafana

Tags

#kong#api-gateway#microservices#plugins#konga

Category

DevOps & CI/CD

Related Recipes

Ad Space