APISecOps Tutorial: Delivering APIs Securely Together with Kong Konnect and Red Hat OpenShift Service on AWS (ROSA)

Red Hat OpenShift is the industry's leading enterprise Kubernetes platform that runs ubiquitously across on-prem, and the cloud. With Red Hat OpenShift Service on AWS (ROSA), a managed Red Hat OpenShift platform that runs natively on AWS, it is even easier to get kick-started on an enterprise-ready instance of Red Hat OpenShift in the cloud.

Kong similarly distinguishes itself as a multi-platform, multi-cloud API Management solution pushing the vision of APIs. Here at Kong, we want to demonstrate to the Red Hat community that we are committed to delivering enterprise-grade solutions.

In this climate of technology, the top two concerns organizations are facing today are, first, how to manage the sprawl of APIs as they distribute across a multi-platform, hybrid cloud ecosystem. Second, in this same landscape, how to deliver secure APIs with a strategy that can be applied ubiquitously across their hybrid cloud infrastructure.

APISecOps in a Hybrid Cloud. How do we take action on this?

To answer this question, we built a tutorial to walk you through an end-to-end APISecOps solution. You will learn how the four principles of APISecOps — Centralization, Governance, API Design-First, and GitOps — can be applied to build secure APIs in a hybrid cloud ecosystem.

APISecOps Tutorial

For this tutorial the tooling will be as follows:

• Kong Konnect for API Management
• Kong Insomnia for API Design
• Kong's API pipeline tools: Inso CLI and decK CLI
• Red Hat OpenShift Pipelines for building out the CI/CD solution
• ROSA for the platform of choice

You will start with configuring the infrastructure by running an Ansible playbook to configure Kong Konnect Gateways on ROSA. Each gateway will be associated with a Konnect Runtime Group (Sandbox/Default and Dev) to demonstrate the API promotion scheme.

Then you will get your hands dirty by walking through the APISecOps pipeline yourself. APISecOps begins with API Design-First phase by updating an API Spec in Kong Insomnia, Kong's API design and testing suite.

This will follow with stepping through several Tekton Pipelines to pass the API spec through governance review, convert the API Spec to Kong's decK manifest and finally, promoted to the two environments. For this demo, we've taken the time to build Tekton Tasks for the Inso CLI and deck CLI too that are designed to support API pipelines and Kong gateway manifests.

Then you will close off with a demonstration of how to host your API documentation in Konnect with Service Hub and Dev Portal.

Get Started

Check out the Kong APISecOps repository on GitHub!

We also have corresponding videos on YouTube that walk you through the entire tutorial! Don't be too nervous, each video is about 5-8 min long:

• 1. Intro
• 2. Getting Started Part 1 – Deploy Infrastructure
• 3. Getting Started Part 2 – Infrastructure Review
• 4. API Design in Insomnia
• 5. Tekton Pipeline 1 – Submit APISpec to Review
• 6. Tekton Pipeline 2 – Governance and Deploy to Sandbox
• 7. Tekton Pipeline 3 – Deploy to Dev
• 8. Documentation with Service Hub and Dev Portal

Check out our blog post How APISecOps Protects Against API Abuse to learn about APISecOps best practices.