See what makes Kong the fastest, most-adopted API gateway
Check out the latest Kong feature releases and updates
Single platform for SaaS end-to-end connectivity
Enterprise service mesh based on Kuma and Envoy
Collaborative API design platform
How to Scale High-Performance APIs and Microservices
Call for speakers & sponsors, Kong API Summit 2023!
5 MIN READ
As organizations adopt a microservices architecture, API gateway usage has increased. Kong Gateway is one of the promising API gateways in the market. It has both OSS and enterprise support, releases multiple features and is easy to use.
Kong Admin API helps administrators configure the system easily, but it’s still error-prone. That’s because the user has to hit many curl calls for creating all the configs. When numerous folks are managing the system, this becomes difficult.
The simplistic approach to solving all these issues is to move all the configurations to the GitOps model. Then, move all the configs to a VCS repository and follow the PR model to apply all the changes to any environment. To do this, you must have:
Combining the benefits of GitOps and Terraform as IAC gives us the following advantages over the conventional manual curl calls:
For this demo, I’ll be doing the following:
Prerequisites:
For making configurations more simple and easy to manage, I published a module in the Terraform Registry.
The code used in this demo is also there in the GitHub repo for reference.
Before moving ahead with the code, verify that your Kong Admin API is working and that you have this configuration:
Kong Configurations at Start
From the above picture, it is clear that Kong Admin API is accessible and has no configurations.
This file contains the state information, including the backend and the providers I will be using.
Note: Please replace the kong_admin_uri with the admin URI of your Kong Gateway.
provider "kong" { kong_admin_uri = "http://127.0.0.1:8001" } terraform { required_version = "0.12.20" }
Pro Tip: You should use remote backend storage like S3 for storing the state.
Create this file and use the below code for creating all the required resources.
module base-svc { source = "vaibhavkhurana2018/kong-module/kong" name = "base-svc" upstream_config = { targets = { "base-svc.cluster.local:8001" = { weight = 100 } } } route_config = { hosts = ["basesvc.example.com"] paths = { all_route={ path=[""] }, } } }
This code is required for creating a service called base-svc, which will forward all the requests to the target base-svc.cluster.local:8001 for the requests matching route https://basesvc.example.com/ or http://basesvc.example.com.
Successful Terraform Init
If your Terraform provider configuration is correct, then you will get the above success message.
Terraform Plan Output
`
If you have followed everything until now, you will get a similar output of the plan that will show you all the resources that are getting created.
Successful Apply
http://<admin-uri>/services http://<admin-uri>/routes http://<admin-uri>/upstreams
Verified Creation of Service
Verified Creation of Route
Verified Creation-Upstream
For example, I added another host header in the above configuration and planned again. The below shows that I added another host, base1.svc.example.com, in my route config. The system will update it in place.
The module gives the flexibility of configuring all the required things by providing minimal information and code as well as the ability to do customizations on the default values from the callers, which is in the module’s README.
In the demo above, I did the Terraform plan and applied it from my local machine. That might work for smaller teams, but that will not be something you’ll want with a big team. For achieving a true GitOps model, you can use Atlantis for Terraform planning and apply it directly from the PR.
Plan via Atlantis
In this article, I configured a Kong Gateway service using the module with minimal code and no hassle by ensuring that all configurations exist in a VCS repo. This solved issues like audit, approvals, reverts, etc., thus helping me follow the GitOps model. Along with Atlantis, this gives me a way to make sure that all the changes to Kong configurations are on track, audited and have clear visibility on the changes made as part of a PR.
If you have any additional questions, post them on Kong Nation.
To stay in touch, join the Kong Community.
Once you’ve successfully set up Kong Configurations Using Terraform, you may find these other tutorials helpful:
Share Post
Learn how to make your API strategy a competitive advantage.