As organizations adopt a [microservices architecture](https://konghq.com/learning-center/microservices/microservices-architectures)microservices architecture, API gateway usage has increased. [Kong Gateway](https://konghq.com/kong)Kong Gateway is one of the promising [API gateways](https://konghq.com/blog/learning-center/what-is-an-api-gateway)API gateways in the market. It has both OSS and enterprise support, releases multiple features and is easy to use.
[Kong Admin API](https://docs.konghq.com/gateway-oss/2.4.x/admin-api)Kong Admin API helps administrators configure the system easily, but it's still error-prone. That's because the user has to hit many curl calls for creating all the configs. When numerous folks are managing the system, this becomes difficult.
The simplistic approach to solving all these issues is to move all the configurations to the GitOps model. Then, move all the configs to a VCS repository and follow the PR model to apply all the changes to any environment. To do this, you must have:
Combining the benefits of GitOps and Terraform as IAC gives us the following advantages over the conventional manual curl calls:
For this demo, I'll be doing the following:
**Prerequisites:**
For making configurations more simple and easy to manage, I published a [module in the Terraform Registry](https://registry.terraform.io/modules/vaibhavkhurana2018/kong-module/kong/latest)module in the Terraform Registry.
Before moving ahead with the code, verify that your Kong Admin API is working and that you have this configuration:
Kong Configurations at Start
From the above picture, it is clear that Kong Admin API is accessible and has no configurations.
This file contains the state information, including the backend and the providers I will be using.
*Note: Please replace the **kong_admin_uri** with the admin URI of your Kong Gateway.*
provider "kong" {
kong_admin_uri = "http://127.0.0.1:8001"
}
terraform {
required_version = "0.12.20"
}*Pro Tip: You should use remote backend storage like S3 for storing the state.*
Create this file and use the below code for creating all the required resources.
module base-svc {
source = "vaibhavkhurana2018/kong-module/kong"
name = "base-svc"
upstream_config = {
targets = {
"base-svc.cluster.local:8001" = {
weight = 100
}
}
}
route_config = {
hosts = ["basesvc.example.com"]
paths = {
all_route={
path=[""]
},
}
}
}This code is required for creating a service called base-svc, which will forward all the requests to the target base-svc.cluster.local:8001 for the requests matching route https://basesvc.example.com/ or http://basesvc.example.com.
Successful Terraform Init
If your Terraform provider configuration is correct, then you will get the above success message.
Terraform Plan Output
`
If you have followed everything until now, you will get a similar output of the plan that will show you all the resources that are getting created.
Successful Apply
http://<admin-uri>/services
http://<admin-uri>/routes
http://<admin-uri>/upstreams
Verified Creation of Service
Verified Creation of Route
Verified Creation-Upstream
For example, I added another host header in the above configuration and planned again. The below shows that I added another host, base1.svc.example.com, in my route config. The system will update it in place.
The module gives the flexibility of configuring all the required things by providing minimal information and code as well as the ability to do customizations on the default values from the callers, which is in the module's [README](https://github.com/vaibhavkhurana2018/terraform-kong-kong-module/blob/main/README.md)README.
In the demo above, I did the Terraform plan and applied it from my local machine. That might work for smaller teams, but that will not be something you'll want with a big team. For achieving a true GitOps model, you can use [Atlantis](https://www.runatlantis.io)Atlantis for Terraform planning and apply it directly from the PR.
Plan via Atlantis
In this article, I configured a Kong Gateway service using the module with minimal code and no hassle by ensuring that all configurations exist in a VCS repo. This solved issues like audit, approvals, reverts, etc., thus helping me follow the GitOps model. Along with Atlantis, this gives me a way to make sure that all the changes to Kong configurations are on track, audited and have clear visibility on the changes made as part of a PR.
If you have any additional questions, [post them on Kong Nation](https://discuss.konghq.com)post them on Kong Nation.
To stay in touch, [join the Kong Community](https://konghq.com/community)join the Kong Community.
Once you've successfully set up Kong Configurations Using Terraform, you may find these other tutorials helpful:
The pace of the industry today is pressuring software developers to build, test, and release software more frequently than ever. To achieve this pace, teams have built two core processes into their workflow: Continuous Integration and Continuous Dep
[](https://konghq.com/blog/engineering/what-is-ci-cd)
We're pleased to announce the launch of Standard Webhooks! Kong has been part of the Technical Committee of this standard with other great companies like Svix (the initiator of the project), Ngrok, Zapier, Twillio, Lob, Mux, and Supabase. This was
[](https://konghq.com/blog/engineering/announcing-standard-webhooks)
This post is part of a series on becoming a secure API-first company. For a deeper dive, check out the eBook Leading Digital Transformation: Best Practices for Becoming a Secure API-First Company . The growth of APIs isn't just rapid — it's a seism
[](https://konghq.com/blog/engineering/consistent-controls-api-security)
In this Kong Konnect tutorial, you'll learn how to leverage the platform to manage your API ecosystem from a single easy-to-use interface. We’ll run through how to: Use Konnect Runtime Manager to set up your own Kong Gateway runtime instance i
[](https://konghq.com/blog/engineering/getting-started-konnect)
In today's cloud ecosystem the demands for high functioning and high performance observability, security and networking functionality for applications and their network traffic are as high as ever. Historically a great deal of this kind of functio
[](https://konghq.com/blog/engineering/writing-an-ebpf-xdp-load-balancer-in-rust)
As engineers and architects, we automatically build resilience into platforms as far as possible. But what about the unknown failures? What about the unknown behavior of your platform? The philosopher, Socrates, once said "You don’t know what you do
[](https://konghq.com/blog/engineering/optimize-your-api-gateway-with-chaos-engineering)
In this Kongcast episode , Henrik Blixt, Product Manager for Argo at Intuit, gives an introduction to Argo, an open source tool for Kubernetes and incubating project of CNCF. Check out the transcript and video from our conversation below, and be su
[](https://konghq.com/blog/engineering/argo-use-cases-for-gitops-ml)