API gateways serve as the final checkpoint for your APIs. As such, gateway configuration is critical to ensuring that your APIs remain secure, available, and responsive. Ensuring that all changes to these configurations are intentional and follow your organization's best practices is key to maintaining a robust API gateway deployment.
decK 1.28 adds a brand new feature that allows you to natively validate your gateway configurations against custom rule sets. This helps ensure that best practices are followed and further fortifies your gateway deployments.
Linting is a common development process for validating code against a set of rules by looking for potential errors, stylistic issues, or deviations from standards. The code is flagged when rule violations are detected, allowing developers to intervene before potentially damaging changes make their way into production systems. Often, linting is performed within code editors and integrated development environments (IDEs). However, its integration into CI/CD pipelines is equally vital, to ensure that all changes — regardless of their source — adhere to established coding standards before merging into the codebase.
We have introduced linting capabilities directly into the decK command line tool, allowing you to perform a linting process for your API gateway configurations without introducing additional tools into your CI/CD pipelines.
deck file lintThe deck file lint command at its core is a flexible JSON/YAML linter that allows you to build rules to validate any file in these formats.
There are a few key concepts to understand for linting with decK:
Rules also provide the flexibility to define severity levels and output formats adding to the command’s versatility. Let’s look at an example usage of the command to validate a common Kong Gateway configuration value.
Kong Gateway services are defined in the services block in the decK file. Services support a number of configuration values including a protocol field which specifies the communication protocol used between the gateway and the upstream service. To ensure this traffic is secure, you may want to validate that only https protocols are used. Here is a sample Ruleset file containing a single Rule that accomplishes this.
In the given field, a JSONPath selector is specified that reads the protocol field in every service under the services key from the incoming file. With each of those values, the pattern function is applied which evaluates the value against a regular expression pattern specified in the match field. In this example, we assert that the string value in the protocol field must match the string https exactly. Let’s assume the example Ruleset file is stored in a file named ruleset.yaml, and look at the deck file lint command in practice.
Assume you have the following decK declarative configuration file (kong.yaml) that defines a service and a route for a simple task tracking system:
Validating this configuration against the example ruleset results in the following violations:
Modifying the declarative configuration as follows resolves this violation:
Notice that the command results in a 0 (Success) return code. In situations where violations are detected, a non-zero return code is emitted allowing you to abort automated processes and help prevent problematic configurations from leaking into your production codebase and systems.
Deck uses the GoLang-based Vacuum library for the linting implementation. For more details on the library's support for Rules, Rulesets, and more examples of what can be done, see the Vacuum documentation. For APIOps and Kong-specific use cases, we hope to add more helpful examples to our APIOps library documentation. Please feel free to reach out in the GitHub repository by filing an issue for any common use cases you’d like to see documented.
Starting with Kong Gateway and decK is easy with Kong Konnect. Try this new decK feature with your Kong Konnect free trial today!
Built for developers We’ve taken the best parts of Terraform, deck, the AWS CLI, and more of your favorite tools and combined them into something that’s really special. kongctl takes inspiration from the AWS CLI, with support for profiles. Profiles
If you've not heard of decK (our declarative configuration and drift detection tool for Kong Gateway ) before, now's a great time to get hands-on with it as we've just shipped decK v1.7.0 with a whole host of new goodies. Oh, and it's all open sou
Simplified controller configuration When using the Kong Ingress Controller, a significant amount of effort was needed to apply configuration to the controller by setting environment variables. The new ControlPlane resource greatly simplifies this an
As the world's most popular API Gateway , Kong Gateway is flexible and can be adapted to various environments and deployment configurations. This flexibility means some time should be taken to make good architectural decisions for the use cases i
We understand that our customers need to deploy Kong in a variety of environments and with different deployment mode needs. That is why two years ago, in Kong 1.1, we introduced DB-less mode, the ability to run Kong without the need of connecting to
Continuous integration and continuous deployment—known colloquially as CI/CD—are essential strategies for building modern software applications. The goal of these processes is to foster a culture of continuous updates. CI is the process by which an
