Kong API Gateway on Kubernetes with Pulumi
The Kong Laboratory – Kong API Gateway
The quest for resilience and agility has driven us into the modern age of microservices. Bringing services to market on a microservice architecture demands the utilization of sprawling technology offerings and tooling. While daunting at first glance, we can break down the process into 3 major categories:
- Infrastructure Orchestration
- Application Deployment
- Service Publishing
In this hands-on series, we will use:
- Kubernetes-in-Docker (Kind) as our infrastructure platform.
- Pulumi to orchestrate our supporting infrastructure and deploy our applications.
- And finally, Kong API Gateway for publishing the services that we have deployed.
Key Concepts
Kong API Gateway is an API Gateway and Ingress Controller. At its core, Kong is a reverse proxy that allows an organization to offer APIs as a product to internal and external clients via a centralized ingress point. An API Gateway truly begins to shine when leveraged to consolidate capabilities such as authentication, RBAC, session handling, rate limiting, request & response transformation, redirection, load balancing, traffic monitoring, and logging. These advanced routing features offload enforcement, maintenance, and visibility from the application teams, improving their agility and consolidating this functional ownership into a central location for improved global consistency and visibility.
Pulumi is an Infrastructure as Code (IaC) or Infrastructure as Software (IaS) cloud engineering platform. Pulumi supports IaC/IaS patterns using popular programming languages including Python, JavaScript, TypeScript, Golang, and .NET/C#. At it's heart, the Pulumi ecosystem is a cloud engineering platform and SDK offering that brings together developer, operations, and security teams through a unified software engineering process to accelerate innovation with more confidence via a full suite of OpenGitOps compliant tools.
Host Setup
This article is designed for you to follow along with your MacOS or Linux laptop. Before starting, please check that you have installed all dependencies.
Okay, now that you have your dependencies, let's grab the code and get your system ready to build the lab platform.
- Write Hosts File Entries to resolve your lab domain names locally
- Create docker volumes for persistent local container image caching
- Clone TheKongLaboratory git repo
Pulumi Infrastructure as Code
Great! Reviewing our checklist, we now have:
- ✓ Installed all dependencies.
- ✓ Configured
/etc/hosts
to resolve our domain names to our local IP. - ✓ Created local cache volumes for kind node images.
- ✓ Cloned the demo repo codebase.
Your system is ready to run the lab and we have the code! Next, before we can deploy the Kong API Gateway we need to initialize the Pulumi codebase and configure a Stack.
- Configure Pulumi local state provider
- Initialize & Select Pulumi Stack
- Set Pulumi Stack Configuration Variables
Deploy Kong API Gateway
Reviewing our checklist again, we now have:
- ✓ Installed all dependencies.
- ✓ Configured
/etc/hosts
to resolve our domain names to our local IP. - ✓ Created local cache volumes for kind node images.
- ✓ Cloned the demo repo codebase.
- ✓ Initialized & Configured your Pulumi Stack
Now, it is time to start your Kind cluster and deploy Kong to it!
- Deploy Kong Gateway Stack
- Go ahead and open up the Kong Manager UI !!
>> https://manager.kong.kind.home.arpa/
Deploy a Sample App
Let's go ahead and test our new Kong API Gateway by deploying Podinfo as a sample application to experiment with.
- Deploy a simple Podinfo Sample application.
- Now go check out your Podinfo app at:
>> https://podinfo.apps.kind.home.arpa/
Conclusion
Congratulations! In roughly 1000 lines of TypeScript code, we have deployed a working Kong API Gateway and all supporting services with Pulumi! For transparency, I want to briefly list the scope of what you just deployed.
- Kubernetes:
- Namespaces:
- ✓ The namespace for Kong
- ✓ The namespace for Cert Manager
- Certificates:
- ✓ Chain of Trust for a Cert Manager Self Signed Issuer
- ✓ Default certificate for Kong API Gateway services & proxy
- ✓ Kong controlplane <> dataplane mTLS certificate
- Secrets:
- ✓ Postgres database credentials
- ✓ Kong Manager GUI session configuration
- ✓ Kong API Gateway admin credentials
- ✓ Kong Enterprise License
- Helm Charts:
Now that you have Kong installed and ready to use, this will be the foundation for future posts in the DevMyOps series and is also a great way to get started with Kong for evaluation and local development purposes.
From here you can continue with configuring Kong Manager and Kong plugins, or you can start using the Kong Ingress Controller to publish services on your kind cluster via Kong.
Appendix
Dependencies
DependencyInstallation DocsCleanup
When you are finished with your local deployment you can clean up all lab artifacts in this order:
- Destroy Kong Pulumi Stack
- Delete Kind Cluster
- Remove Docker Volumes
- Remove TheKongLaboratory Git Repo
- Manually cleanup
/etc/hosts
entries
- Unlock your local secret store.
- Destroy Kong Pulumi Stack
- Delete Kind Cluster
- Remove Docker Volumes
- Remove TheKongLaboratory Git Repo
- Open the
/etc/hosts
file and remove the following entries: