See what makes Kong the fastest, most-adopted API gateway
Check out the latest Kong feature releases and updates
Single platform for SaaS end-to-end connectivity
Enterprise service mesh based on Kuma and Envoy
Collaborative API design platform
API and Microservices Security for Gateways, Service Mesh, and Beyond
Call for speakers & sponsors, Kong API Summit 2023!
5 MIN READ
In today’s enterprise computing landscape, multi-cloud organizations are quickly becoming the norm rather than the exception. By leveraging an API-first strategy with a microservice-based architecture, companies can achieve significant speed to market across multiple clouds. In order to achieve this, container orchestration and a well-designed CI/CD strategy are essential components in this journey.
In this article, we will demonstrate how to create an automated workflow for deploying microservices as well as configuring an API gateway in front of those services. We will be using Kong Gateway as our API gateway. All of these components will run inside Kubernetes and be deployed using Github Actions. We will assume that you already have Kubernetes clusters available and that you can connect to each cluster from your local development machine. You will also need a Docker Hub account so you can build and push the images for our microservices. Additionally, you will need the Kubernetes package manager, Helm, installed.
We will show you how to do the following:
Upon successful execution of the action-runner, you will see:
Now that we have everything running, we can modify some code.
For this exercise, we are going to use a JavaScript action. In a new terminal window, cd your-github-repo, and run the following commmands which will download the necessary libraries for running JavaScript actions.
cd your-github-repo
npm init -y
npm install @actions/core
npm install @actions/github
Note: You will need NodeJS version 12.x or greater.
After the dependencies are installed, open the following files in your favorite text editor. Look for “TODO” and edit appropriately.
your-github-repo/.github/actions/multi-cloud-deploy-action/helm_deploy.sh
your-github-repo/.github/workflows/main.yml
your-github-repo/startrek/values.yaml
After you commit and push your changes, Github will start the workflow by running through steps in your main workflow file. See your-github-repo/.github/workflows/main.yml. The entire workflow will run on your local machine. Following are the main steps that our workflow performs.
Upon successful completion, you should see something similar in your terminal window that is running the self-hosted runner.
If you encounter an error deploying, please check the Github Action tab in your Github repository control panel.
kubectl get pods -n kong-ce
You should see output similar to the following:
NAME READY STATUS RESTARTS AGE blog-kong-85d9dfc685-b72fz 2/2 Running 0 4d5h startrek-7775df87bf-z6szr 1/1 Running 0 2d6h
Now that our project has been deployed successfully, we are free to make changes to both our services as well as the Kong configuration. First, we need the external host of your Kubernetes cluster.
Execute this command:
kubectl get svc -n kong-ce
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE blog-kong-proxy LoadBalancer 10.100.103.159 some-external-ip 80:30474/TCP,443:30084/TCP 46h startrek ClusterIP 10.100.133.50 <none> 5001 TCP 46h
Copy the EXTERNAL-IP from the blog-kong-proxy record and execute the following:
http http://your-external-host/startrek/ships host:startrek.com
Note: We are using the httpie command line client. See https://httpie.org for installation instructions.
You should see similar output:
HTTP/1.1 200 OK Connection: keep-alive Content-Length: 173 Content-Type: application/json Date: Fri, 13 Mar 2020 14:18:33 GMT Server: Werkzeug/1.0.0 Python/3.6.2 Via: kong/2.0.2 X-Kong-Proxy-Latency: 0 X-Kong-Upstream-Latency: 3 { "ships": [ { "id": "NCC-1701", "name": "USS Enterprise" }, { "id": "NCC-1764", "name": "USS Defiant" }, { "id": "NCC-1031", "name": "USS Discovery" }, { "id": "NCC-1864", "name": "USS Reliant" } ]
Now, let’s make some changes to the Kong gateway to enable some authentication, so we can secure our startrek service. Create a new file called security.yaml inside of your your-github-repo/startrek/templates directory and then paste the below contents. Then, uncomment line 44, # plugins.konghq.com: startrek-auth in your-github-repo/startrek/values.yaml. Save your changes, and then commit and push.
security.yaml
your-github-repo/startrek/templates
# plugins.konghq.com: startrek-auth
# security.yaml contents herez apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: startrek-auth annotations: kubernetes.io/ingress.class: kong-public plugin: key-auth --- apiVersion: v1 data: key: MTIzNDU= kongCredType: a2V5LWF1dGg= kind: Secret metadata: name: myapp-apikey annotations: kubernetes.io/ingress.class: kong-public type: Opaque --- apiVersion: configuration.konghq.com/v1 kind: KongConsumer metadata: name: myapp annotations: kubernetes.io/ingress.class: kong-public username: myapp credentials: - myapp-apikey
After that is finished deploying, execute http http://your-external-host/startrek/ships host:startrek.com again, and you should see the below output.
HTTP/1.1 401 Unauthorized Connection: keep-alive Content-Length: 41 Content-Type: application/json; charset=utf-8 Date: Fri, 13 Mar 2020 14:31:17 GMT Server: kong/2.0.2 WWW-Authenticate: Key realm="kong" X-Kong-Response-Latency: 1 { "message": "No API key found in request" }
Add the API key like this, and you should see successful results.
http http://your-external-host/startrek/ships host:startrek.com apikey:12345
Feel free to make changes to the startrek service code in your-github-repo/services/startrek/app.py. Commit and push, and your application code should reflect your changes. When you make changes to your application, the Github Action builds a Docker image and pushes it to your Docker Hub account, see your-github-repo/.github/workflows/main.yml. Login to your account to see the versioned images.
your-github-repo/services/startrek/app.py
For this exercise, we used the Kong Community Edition. Kong Enterprise provides additional management and security benefits for enterprise organizations like support for OIDC authentication, Mutual TLS, Vault integration and more. It also includes an out of the box Dev Portal for making your APIs discoverable throughout your organization.
Thank you for taking the time to read through this post. Hopefully, you have found this exercise useful. By no means is this a complete CI/CD solution, but it is a starting point and hopefully gets the creativity flowing for some good ideas within your organization.
Share Post
Learn more about the Kong Enterprise Service Control Platform
Request a Demo