A demo academic project showcasing microservices architecture with JWT/JWKS authentication, Kong API Gateway, and Kubernetes (GKE) deployment.
This is an academic demonstration project that implements:
- Microservices Architecture: Auth Service and Users Service
- JWT Authentication with JWKS: RS256 algorithm with JSON Web Key Set endpoint
- Kong API Gateway: Request routing, rate limiting, and API management
- Kubernetes Deployment: Deployed on Google Kubernetes Engine (GKE)
┌─────────────┐
│ Clients │
└──────┬──────┘
│
┌──────▼──────────────────┐
│ Kong API Gateway │
│ (Routing, Rate Limit) │
└──────┬──────────────────┘
│
┌───┴───┐
│ │
┌──▼──┐ ┌──▼────┐
│Auth │ │Users │
│Svc │ │Svc │
└──┬──┘ └──┬───┘
│ │
┌──▼──┐ ┌──▼────┐
│Postgres│Postgres│
│Redis │RabbitMQ│
└───────┘ └───────┘
- JWT Tokens: RS256 algorithm with RSA key pairs
- JWKS Endpoint:
/.well-known/jwks.jsonfor public key distribution - Token Validation: Services validate tokens using JWKS
- Access & Refresh Tokens: Short-lived access tokens with refresh mechanism
- Routes requests to microservices (
/auth/*,/users/*) - Rate limiting (100 req/min, 1000 req/hour)
- CORS configuration
- Request size limiting (10MB)
Deployed on Google Kubernetes Engine with:
- Separate namespaces for staging and production
- Helm charts for infrastructure (PostgreSQL, Redis, RabbitMQ, Kong)
- ConfigMaps and Secrets for configuration
- Service deployments with health checks
- Docker & Docker Compose
- Node.js 20+
- pnpm 9+
-
Clone and setup environment
git clone <repository-url> cd <project-directory> cp env.example .env cp services/auth-service/.env.example services/auth-service/.env cp services/users-service/.env.example services/users-service/.env
-
Generate RSA keys for JWT
openssl genrsa -out auth_rsa_private.pem 2048 openssl rsa -in auth_rsa_private.pem -pubout -out auth_rsa_public.pem
-
Start services
make dev
- Kong Gateway: http://localhost:8000
- Kong Admin: http://localhost:8001
- Auth Service: http://localhost:4001
- Users Service: http://localhost:4002
- JWKS: http://localhost:4001/.well-known/jwks.json
# Development
make dev # Start development environment
make build-dev # Build development images
make up-dev # Start services
make logs # View logs
make down # Stop services
# Production
make prod # Start production environment
make build-prod # Build production images
# Utilities
make shell-auth-dev # Access auth-service container
make shell-users-dev # Access users-service container
make db-auth-dev # Access auth database
make db-users-dev # Access users database- Framework: NestJS (TypeScript)
- Database: PostgreSQL 16
- Cache: Redis 7
- Message Queue: RabbitMQ 3.13
- API Gateway: Kong
- Authentication: JWT (RS256) + JWKS
- Containerization: Docker
- Orchestration: Kubernetes (GKE)
- Package Manager: pnpm
microservices-demo/
├── services/
│ ├── auth-service/ # Authentication microservice (JWT + JWKS)
│ ├── users-service/ # Users management microservice
│ └── shared/ # Shared libraries (guards, strategies)
├── kong/ # Kong Gateway configuration
├── k8s/ # Kubernetes manifests (GKE)
│ ├── services/ # Service deployments
│ ├── gateway/ # Ingress & plugins
│ └── helm-values/ # Helm chart values
└── docker-compose.yml # Development environment
# Register
curl -X POST http://localhost:8000/auth/signup \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com", "password": "password123"}'
# Login
curl -X POST http://localhost:8000/auth/signin \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com", "password": "password123"}'
# Get JWKS
curl http://localhost:4001/.well-known/jwks.json
# Protected endpoint
curl -X GET http://localhost:8000/users/profile \
-H "Authorization: Bearer <access_token>"- Kong Setup: See
kong/README.md - Kubernetes Deployment: See
k8s/README.md
This is an academic demo project for learning purposes. For production use, ensure proper security hardening, monitoring, and scaling strategies.
Academic Demo Project | Microservices with JWT + JWKS | Kong Gateway | Kubernetes GKE