Automating digital transformation API deployments can help speed time to market and minimize the resources required for the deployments — if developers can be assured that the automated process meets all necessary security requirements.
It's a topic that Kong Senior CustomerExperience Manager Peggy Guyott and Kong Senior Solutions Engineer Ned Harris discussed on a recent webinar as part of the Destination: Automation 2021 digital event. Guyott and Harris explained how the Kong Developer Portal, Kong's Inso (CLI) command line interface offering and other tools can give developers the ability to complete API deployments in an automated and secure manner.
"The great news is that with APIOps, security testing and performance testing is frequent, continuous and guaranteed because you're going to publish it in each and every API across the business," observed Guyott.
Kong defines APIOps as "end-to-end automation throughout the API lifecycle."
Using this approach makes deployments more consistent and predictable, Guyott and Harris explained.
Harris walked webinar attendees through a hypothetical automated API deployment using the Kong Developer Portal. The demo used what Harris called a "spec-first" approach, but he noted that other approaches also are supported.
"That spec is going to become that source of truth for all of our configuration, including our documentation and even how the gateway is configured," he explained.
The demo also assumed the API would be deployed in two Kubernetes clusters - a development cluster and a QA (quality assurance) cluster. The idea was to deploy the configuration to a development cluster for testing to make sure it was compliant before sending it to the QA cluster.
In addition, the demo assumed there was an open API spec already set up in Insomnia, the open source GraphQL and REST client designed to make testing and debugging APIs easier.
The documentation was tied to Git Repo, a tool built on top of Git, the free and open source distributed version control system. Git Repo helps manage Git repositories, handles the uploads to revision control systems and automates part of the development workflow.
In the demo, the API didn't pass the testing in the development cluster because it did not support the required rate limiting policy or OpenID Connect (OIDC) policy.
Kong, however, offers a variety of plug-ins that can enforce policies such as OIDC and rate limiting. By declaring these plug-ins in the OpenAPI Specification, Harris was then able to do a pull request to advise collaborators about the changes, and had this been a real-world deployment rather than a demo, he could have reviewed any needed changes with the colleagues before the changes were finalized.
In the demo, Harris pushed the plug-ins needed to implement OIDC and rate limiting through to GitHub Actions, a tool designed to automate software workflows and to enable developers to build, test and deploy code directly from GitHub, the cloud native API gateway.
In the demo, the API was deployed to development but not to QA because it failed the policy test. Because it was deployed to development, it was possible to run commands and get results back, however, as Harris demonstrated.
Before the API could be deployed to QA, Harris had to finalize the addition of the rate limiting and OIDC plug-ins, which he did through a merge-to-master using continuous integration/continuous delivery (CI/CD).
He also could have used Insomnia to enable the OpenAPI Spec to generate "Kong config" for a Kubernetes deployment or, alternatively, for a "dec declarative" configuration.
"This is the magic that Inso is doing," said Harris. "It's taking that OpenAPI Spec, turning that into configuration and then taking that configuration and basically putting it into the GitHub Action so it can ultimately deploy it to those clusters."
As part of the demo, Harris installed the Insomnia CLI tool using Node Package Manager, a tool that automates software installation and dependencies, simplifying the task of incorporating existing code into a project. The package manager fetches the code from a library and includes it in the project.
Once the tool was installed, Harris was able to export the OpenAPI Spec and essentially convert it to a Kong configuration. This in turn, enabled that configuration to be deployed to the development environment and when the required tests were run, the spec was able to pass all the tests because the necessary policies had been added.
While the demo involved rate limiting and OICD policies, Kong offers a wide range of plug-ins, including other security plugins.
As Harris put it, "Really, the sky's the limit. It's really up to what your organization needs."
Ever feel like you're fighting an uphill battle with your API strategy? You're building APIs faster than ever, but somehow everything feels harder. Wasn’t API-first supposed to make all this easier? Well, you're not alone. And now industry analys
Survey Says: Google LLMs See Usage Surge, Most OK with DeepSeek in the Workplace Enterprise adoption of large language models (LLMs) is surging. According to Gartner , more than 80% of enterprises will have deployed generative AI (GenAI) applicatio
Kafka delivers massive value for real-time businesses — but that value comes at a cost. As usage grows, so does complexity: more clusters, more topics, more partitions, more ACLs, more custom tooling. But it doesn’t have to be that way. If your tea
A Practical Look at When (and When Not) to Use Ambient Mesh The word on the street is that ambient mesh is the obvious evolution of service mesh technology — leaner, simpler, and less resource-intensive. But while ambient mesh is an exciting develop
I'm commonly asked by customers for advice on how they can build a good platform cross-charging model for their organization. And my gut reaction is nearly always "don't." We'll come back to why I think that later, but first let's look at what cross
Unify the API and Eventing Developer Experience with the Kong Event Gateway and API Platform Introduction: The EDA and API worlds are converging . . . finally For the past several years, there have been murmurs of an incoming convergence between API
Kong customers include some of the most forward-thinking, tech-savvy organizations in the world. And while we’re proud to help them innovate through traditional APIs, the reality is that their ambitions don’t stop there. Increasingly, our customers a