Red Hat OpenShift is the industry's [leading](https://www.redhat.com/en/engage/forrester-wave-multicloud-container-platform-analyst-material)leading enterprise Kubernetes platform that runs ubiquitously across on-prem, and the cloud. With [Red Hat OpenShift Service on AWS (ROSA)](https://www.redhat.com/en/technologies/cloud-computing/openshift/aws)Red Hat OpenShift Service on AWS (ROSA), a managed Red Hat OpenShift platform that runs natively on AWS, it is even easier to get kick-started on an enterprise-ready instance of Red Hat OpenShift in the cloud.
Kong similarly distinguishes itself as a multi-platform, multi-cloud API Management solution pushing the vision of APIs. Here at Kong, we want to demonstrate to the Red Hat community that we are committed to delivering enterprise-grade solutions.
In this climate of technology, the top two concerns organizations are facing today are, first, how to manage the sprawl of APIs as they distribute across a multi-platform, [hybrid cloud ecosystem](https://konghq.com/resources/case-study/vestas-powers-its-hybrid-cloud-api-platform-with-kong-enterprise)hybrid cloud ecosystem. Second, in this same landscape, [how to deliver secure APIs](https://securityboulevard.com/2023/01/the-security-challenges-of-api-sprawl/)how to deliver secure APIs with a strategy that can be applied ubiquitously across their hybrid cloud infrastructure.
[APISecOps](https://konghq.com/blog/apisecops)APISecOps in a Hybrid Cloud. How do we take action on this?
To answer this question, we built a tutorial to walk you through an end-to-end APISecOps solution. You will learn how the four principles of APISecOps — Centralization, Governance, [API Design-First](https://konghq.com/resources/reports/unlocking-the-api-first-operating-model)API Design-First, and GitOps — can be applied to build secure APIs in a hybrid cloud ecosystem.
For this tutorial the tooling will be as follows:
You will start with configuring the infrastructure by running an Ansible playbook to configure Kong Konnect Gateways on ROSA. Each gateway will be associated with a Konnect Runtime Group (Sandbox/Default and Dev) to demonstrate the API promotion scheme.
[
Then you will get your hands dirty by walking through the APISecOps pipeline yourself. APISecOps begins with API Design-First phase by updating an API Spec in Kong Insomnia, Kong's API design and testing suite.
This will follow with stepping through several Tekton Pipelines to pass the API spec through governance review, convert the API Spec to Kong's decK manifest and finally, promoted to the two environments. For this demo, we've taken the time to build Tekton Tasks for the Inso CLI and deck CLI too that are designed to support API pipelines and Kong gateway manifests.
Then you will close off with a demonstration of how to host your API documentation in Konnect with Service Hub and Dev Portal.
Check out the [Kong APISecOps repository](https://github.com/Kong/kong-apisecops-redhat)Kong APISecOps repository on GitHub!
We also have corresponding videos on YouTube that walk you through the entire tutorial! Don't be too nervous, each video is about 5-8 min long:
Check out our blog post [*How APISecOps Protects Against API Abuse*](https://konghq.com/blog/apisecops)*How APISecOps Protects Against API Abuse* to learn about APISecOps best practices.
A quick refresher: Kong Cloud Gateways Kong Cloud Gateways are fully managed, high-performance data planes running on customer-dedicated infrastructure, orchestrated and operated by Kong through Kong Konnect . Customers can choose between: Serverle
[](https://konghq.com/blog/product-releases/kong-cloud-gateways-2025-news-recap)
Feed Agents (and humans, too) with *all* of your APIs While multi-gateway vendor deployments have been found to be lacking as a long-term strategy, the reality is that every large organization is — at some point — going to struggle with trying to wr
[](https://konghq.com/blog/enterprise/enable-enterprise-wide-agentic-access-to-apis)Managed Redis cache is a turnkey "Shared State" add-on for Kong Dedicated Cloud Gateways. It is designed to combine the performance of an in-memory data store with the simplicity of a SaaS product. When you spin up a Dedicated Cloud Gateway in Kong
[](https://konghq.com/blog/product-releases/multicloud-cloud-gateways-managed-redis-cache)
In the SaaS world, providers must offer tenant isolations for their customers and their data. This is a key requirement when offering services at scale. At Kong, we've invested a lot of time to provide a scalable and seamless approach for developers
[](https://konghq.com/blog/engineering/ensuring-tenant-scoping-row-level-security)
Using Konnect Advanced Analytics for a faster real-time measurement of what your users are experiencing Earlier this year the Kong Konnect Analytics team was looking to leverage the stability and flexibility of our own Kong Gateway to handle the e
[](https://konghq.com/blog/engineering/konnect-advanced-analytics-faster-than-statsd)
Deploying Kong Mesh on ECS The focus of this blog is to provide step-by-step instructions for deploying and configuring Kong Mesh with Kong Konnect on an AWS ECS instance so that anyone will be able to get pre-production installation of Kong Mesh st
[](https://konghq.com/blog/engineering/kong-mesh-with-konnect-on-aws-ecs)
Zero to Hero on Amazon EKS with Konnect’s Mesh Manager We’re excited to announce a new addition to our Kong Konnect EKS Blueprint Family: the Kong Konnect Mesh EKS Blueprint Add-on to deploy your Mesh Zones. Deploy your zones securely on AWS with
[](https://konghq.com/blog/engineering/konnect-mesh-eks-blueprint-add-on)