As organizations adopt a microservices architecture, API gateway usage has increased. Kong Gateway is one of the promising API gateways in the market. It has both OSS and enterprise support, releases multiple features and is easy to use.
Kong Admin API helps administrators configure the system easily, but it's still error-prone. That's because the user has to hit many curl calls for creating all the configs. When numerous folks are managing the system, this becomes difficult.
The simplistic approach to solving all these issues is to move all the configurations to the GitOps model. Then, move all the configs to a VCS repository and follow the PR model to apply all the changes to any environment. To do this, you must have:
Combining the benefits of GitOps and Terraform as IAC gives us the following advantages over the conventional manual curl calls:
For this demo, I'll be doing the following:
Prerequisites:
For making configurations more simple and easy to manage, I published a module in the Terraform Registry.
The code used in this demo is also there in the GitHub repo for reference.
Before moving ahead with the code, verify that your Kong Admin API is working and that you have this configuration:
Kong Configurations at Start
From the above picture, it is clear that Kong Admin API is accessible and has no configurations.
This file contains the state information, including the backend and the providers I will be using.
Note: Please replace the kong_admin_uri with the admin URI of your Kong Gateway.
provider "kong" {
kong_admin_uri = "http://127.0.0.1:8001"
}
terraform {
required_version = "0.12.20"
}Pro Tip: You should use remote backend storage like S3 for storing the state.
Create this file and use the below code for creating all the required resources.
module base-svc {
source = "vaibhavkhurana2018/kong-module/kong"
name = "base-svc"
upstream_config = {
targets = {
"base-svc.cluster.local:8001" = {
weight = 100
}
}
}
route_config = {
hosts = ["basesvc.example.com"]
paths = {
all_route={
path=[""]
},
}
}
}This code is required for creating a service called base-svc, which will forward all the requests to the target base-svc.cluster.local:8001 for the requests matching route https://basesvc.example.com/ or http://basesvc.example.com.
Successful Terraform Init
If your Terraform provider configuration is correct, then you will get the above success message.
Terraform Plan Output
`
If you have followed everything until now, you will get a similar output of the plan that will show you all the resources that are getting created.
Successful Apply
http://<admin-uri>/services
http://<admin-uri>/routes
http://<admin-uri>/upstreams
Verified Creation of Service
Verified Creation of Route
Verified Creation-Upstream
For example, I added another host header in the above configuration and planned again. The below shows that I added another host, base1.svc.example.com, in my route config. The system will update it in place.
The module gives the flexibility of configuring all the required things by providing minimal information and code as well as the ability to do customizations on the default values from the callers, which is in the module's README.
In the demo above, I did the Terraform plan and applied it from my local machine. That might work for smaller teams, but that will not be something you'll want with a big team. For achieving a true GitOps model, you can use Atlantis for Terraform planning and apply it directly from the PR.
Plan via Atlantis
In this article, I configured a Kong Gateway service using the module with minimal code and no hassle by ensuring that all configurations exist in a VCS repo. This solved issues like audit, approvals, reverts, etc., thus helping me follow the GitOps model. Along with Atlantis, this gives me a way to make sure that all the changes to Kong configurations are on track, audited and have clear visibility on the changes made as part of a PR.
If you have any additional questions, post them on Kong Nation.
To stay in touch, join the Kong Community.
Once you've successfully set up Kong Configurations Using Terraform, you may find these other tutorials helpful:
The pace of the industry today is pressuring software developers to build, test, and release software more frequently than ever. To achieve this pace, teams have built two core processes into their workflow: Continuous Integration and Continuous Dep
We're pleased to announce the launch of Standard Webhooks! Kong has been part of the Technical Committee of this standard with other great companies like Svix (the initiator of the project), Ngrok, Zapier, Twillio, Lob, Mux, and Supabase. This was
This post is part of a series on becoming a secure API-first company. For a deeper dive, check out the eBook Leading Digital Transformation: Best Practices for Becoming a Secure API-First Company . The growth of APIs isn't just rapid — it's a seism
In this Kong Konnect tutorial, you'll learn how to leverage the platform to manage your API ecosystem from a single easy-to-use interface. We’ll run through how to: Use Konnect Runtime Manager to set up your own Kong Gateway runtime instance i
In today's cloud ecosystem the demands for high functioning and high performance observability, security and networking functionality for applications and their network traffic are as high as ever. Historically a great deal of this kind of functio
