The quest for resilience and agility has driven us into the modern age of microservices. Bringing services to market on a microservice architecture demands the utilization of sprawling technology offerings and tooling. While daunting at first glance, we can break down the process into 3 major categories:
In this hands-on series, we will use:
[**Kong API Gateway**](https://konghq.com/kong)**Kong API Gateway** is an [API Gateway](https://konghq.com/blog/learning-center/what-is-an-api-gateway)API Gateway and [Ingress Controller](https://htmlpreview.github.io/?https://github.com/usrbinkat/tkl/blob/main/index.html#what-is-ingress)Ingress Controller. At its core, Kong is a [reverse proxy](https://www.nginx.com/resources/glossary/reverse-proxy-server)reverse proxy that allows an organization to offer APIs as a product to internal and external clients via a centralized ingress point. An API Gateway truly begins to shine when leveraged to consolidate capabilities such as authentication, [RBAC](https://auth0.com/intro-to-iam/what-is-role-based-access-control-rbac)RBAC, session handling, rate limiting, request & response transformation, redirection, load balancing, traffic monitoring, and logging. These advanced routing features offload enforcement, maintenance, and visibility from the application teams, improving their agility and consolidating this functional ownership into a central location for improved global consistency and visibility.
[**Pulumi**](https://www.pulumi.com)**Pulumi** is an [Infrastructure as Code](https://docs.microsoft.com/en-us/devops/deliver/what-is-infrastructure-as-code)Infrastructure as Code ([IaC](https://docs.microsoft.com/en-us/devops/deliver/what-is-infrastructure-as-code)IaC) or [Infrastructure as Software](https://www.pulumi.com/what-is/what-is-infrastructure-as-software)Infrastructure as Software ([IaS](https://www.pulumi.com/what-is/what-is-infrastructure-as-software)IaS) cloud engineering platform. Pulumi supports IaC/IaS patterns using popular programming languages including Python, JavaScript, TypeScript, Golang, and .NET/C#. At it's heart, the Pulumi ecosystem is a cloud engineering platform and SDK offering that brings together developer, operations, and security teams through a unified software engineering process to accelerate innovation with more confidence via a full suite of [OpenGitOps](https://github.com/open-gitops/documents/blob/main/PRINCIPLES.md)OpenGitOps compliant tools.
This article is designed for you to follow along with your MacOS or Linux laptop. Before starting, please check that you have installed all [dependencies](#prerequisite_dependencies)dependencies.
Okay, now that you have your dependencies, let's grab the code and get your system ready to build the lab platform.
# Set ADDRESS to your host IP if you plan to use Keycloak
export ADDRESS=127.0.0.1
cat <<EOF | sudo tee -a /etc/hosts
${ADDRESS} apps.kind.home.arpa
${ADDRESS} portal.kong.kind.home.arpa
${ADDRESS} manager.kong.kind.home.arpa
${ADDRESS} keycloak.apps.kind.home.arpa
${ADDRESS} podinfo.apps.kind.home.arpa
EOFdocker volume create worker1
docker volume create controlplane1cd ~
git clone --depth 1 --branch v2.8.0 https://github.com/kong/TheKongLaboratory
cd ~/TheKongLaboratoryGreat! Reviewing our checklist, we now have:
/etc/hosts to resolve our domain names to our local IP.Your system is ready to run the lab and we have the code! Next, before we can deploy the Kong API Gateway we need to [initialize the Pulumi codebase](https://www.pulumi.com/docs/reference/cli/pulumi_stack_init)initialize the Pulumi codebase and configure a Stack.
# Set a Pulumi local state login password
export PULUMI_CONFIG_PASSPHRASE=mypassword
# Run pulumi login --help for more state backend and login information
pulumi login --local# Download npm packages for Pulumi typescript IaC
npm install
# Initialize and select your pulumi stack
pulumi stack init thekonglaboratory
pulumi stack select thekonglaboratory# Set Kong Enterprise License, an empty license enables free mode
pulumi config set --secret kong:license "'{}'"
# Set enterprise to true if deploying with an enterprise license
pulumi config set kong:enterprise falseReviewing our checklist again, we now have:
/etc/hosts to resolve our domain names to our local IP.Now, it is time to start your Kind cluster and deploy Kong to it!
# Start Kind Kubernetes Cluster
kind create cluster --config hack/kind/config.yml
# Pulumi Deploy Kong Gateway & Dependencies
pulumi up -yLet's go ahead and test our new Kong API Gateway by deploying [Podinfo](https://github.com/stefanprodan/podinfo)Podinfo as a sample application to experiment with.
# change directory to Podinfo App
cd ~/TheKongLaboratory/doc/gateway-s01e01-simple-app
# Set a Pulumi local state login password
export PULUMI_CONFIG_PASSPHRASE=mypassword
# Run pulumi login --help for more state backend and login information
pulumi login --local
# Download npm packages for Pulumi typescript IaC
npm install
# Initialize and select your pulumi stack
pulumi stack init podinfo
pulumi stack select podinfo
# Deploy Podinfo Sample App
pulumi up -yCongratulations! In roughly 1000 lines of TypeScript code, we have deployed a working Kong API Gateway and all supporting services with Pulumi! For transparency, I want to briefly list the scope of what you just deployed.
Now that you have Kong installed and ready to use, this will be the foundation for future posts in the DevMyOps series and is also a great way to get started with Kong for evaluation and local development purposes.
From here you can continue with configuring Kong Manager and Kong plugins, or you can start using the Kong Ingress Controller to publish services on your kind cluster via Kong.
[kubectl](https://kubernetes.io/docs/reference/kubectl/kubectl)kubectl
[Linux](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux)Linux / [Mac](https://kubernetes.io/docs/tasks/tools/install-kubectl-macos)Mac
[Docker](https://www.docker.com)Docker
[Linux](https://htmlpreview.github.io/?https://github.com/usrbinkat/tkl/blob/main/index.html#server)Linux / [Mac](https://docs.docker.com/desktop/mac/install)Mac
[Kind](https://kind.sigs.k8s.io)Kind
[Linux](https://htmlpreview.github.io/?https://github.com/usrbinkat/tkl/blob/main/index.html#installing-from-release-binaries)Linux / [Mac](https://htmlpreview.github.io/?https://github.com/usrbinkat/tkl/blob/main/index.html#installing-with-a-package-manager)Mac
[Helm](https://helm.sh/docs/intro/install)Helm
[Linux](https://htmlpreview.github.io/?https://github.com/usrbinkat/tkl/blob/main/index.html#from-script)Linux / [Mac](https://htmlpreview.github.io/?https://github.com/usrbinkat/tkl/blob/main/index.html#from-homebrew-macos)Mac
[Linux](https://htmlpreview.github.io/?https://github.com/usrbinkat/tkl/blob/main/index.html#installing-pulumi)Linux / [Mac](https://htmlpreview.github.io/?https://github.com/usrbinkat/tkl/blob/main/index.html#installing-pulumi)Mac
[Linux](https://htmlpreview.github.io/?https://github.com/usrbinkat/tkl/blob/main/index.html#installation-instructions)Linux / [Mac](https://nodejs.org/en/download)Mac
[git client](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)git client
[Linux](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)Linux / [Mac](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)Mac
[curl client](https://everything.curl.dev/get)curl client
[Linux](https://everything.curl.dev/get/linux)Linux / [Mac](https://everything.curl.dev/get/macos)Mac
When you are finished with your local deployment you can clean up all lab artifacts in this order:
/etc/hosts entriescd ~/TheKongLaboratory
export PULUMI_CONFIG_PASSPHRASE=mypasswordpulumi --stack podinfo destroy -ypulumi --stack thekonglaboratory destroy -y
kind delete cluster --name=kongdocker volume rm worker1 controlplane1pulumi --stack thekonglaboratory stack rm -y
cd ~ && rm -rf ~/TheKongLaboratory/etc/hosts file and remove the following entries:127.0.0.1 apps.kind.home.arpa
127.0.0.1 portal.kong.kind.home.arpa
127.0.0.1 manager.kong.kind.home.arpa
127.0.0.1 keycloak.apps.kind.home.arpa
127.0.0.1 podinfo.apps.kind.home.arpa
Imagine you have a single Service, order-api . You want to apply a strict rate limit to most traffic, but you want to bypass that limit—or apply a different one—if the request contains a specific X-App-Priority: High header. Previously, you had t
[](https://konghq.com/blog/engineering/conditional-policy-execution)
How OAuth 2.0 Token Exchange Reshapes Trust Between Services — and Why the API Gateway Is Exactly the Right Place to Enforce It Modern applications don’t run as a single monolithic. They are composed of services — frontend APIs, backend microservi
[](https://konghq.com/blog/engineering/token-exchange-at-the-gateway)
Traditional APIs are, in a word, predictable. You know what you're getting: Compute costs that don't surprise you Traffic patterns that behave themselves Clean, well-defined request and response cycles AI APIs, especially anything that runs on LLMs
[](https://konghq.com/blog/engineering/monetize-ai-apis)
Kubernetes is an open-source container orchestration system for automating deployment, scaling, and management of containerized applications. It groups containers into logical units for easy management and discovery. API gateways sit between client
[](https://konghq.com/blog/engineering/how-to-manage-your-kubernetes-services-with-an-api-gateway)
In this blog post, we’ll demonstrate how easy it is to use Gateway API HTTPRoutes to route traffic to workloads deployed in different namespaces in a single Kubernetes cluster — a process that’s easier than ever. Previously, we only had Ingress API
[](https://konghq.com/blog/engineering/sending-traffic-across-namespaces-with-gateway-api)
As Kubernetes has become the de facto orchestration platform for deploying cloud native applications , networking and traffic management have emerged as pivotal challenges when managing access to services and infrastructure. The core Kubernetes Ing
[](https://konghq.com/blog/engineering/gateway-api-vs-ingress)
Today, we’re excited to release the Kong Konnect EKS Marketplace add-on as a means to deploy your Kong Gateway dataplanes in AWS. The add-ons are a step forward in providing fully managed Kubernetes clusters. It is here to simplify the post-procurem
[](https://konghq.com/blog/engineering/kong-konnect-eks-marketplace-add-on)