No content

3 Kong features that make it easier to extend Kong 

3 Senior Engineer Vincent Behar https://twitter.com/vbehar Twitter French video game company Ubisoft https://hachyderm.io/@vbehar Mastodon ABOUT ME @vbehar Slack Kong Community https://github.com/vbehar GitHub 

4 Building a Control Plane on top of Kong’s Control Plane 3 Kong features that make it easier to extend Kong • Context • DecK – as a Go library • Dry Run mode • Event Hooks 

5 API Gateway for an Internal Developer Platform - KubeCon Talk on youtube CONTEXT Internal Developer Platform • Multiple services / teams • Managed Kubernetes clusters • MongoDB • Unified experience • JSON REST APIs • OpenAPI API Gateway • Single entry point • Gateway admins • Enforce rules (security) • Service developers • Self-service • OpenAPI integration • Kong knowledge? 

6 CONTEXT Gateway Admin Service Developers Self-service Enforce security Sync Automatic ingestion 

7 Control Plane on top of Kong’s Control Plane CONTEXT Kubernetes Operator • ✅ Self-service • ✅ Self-healing • Kong’s Kubernetes Ingress Controller? • ❌ OpenAPI integration • ❌ Enforcing our own rules Implementation • Workspaces (admins) • Services (developers) • Routes (OpenAPI) • Plugins 

8 CONTEXT Gateway Admin Service Developers Plugins configs 

9 Workspace & Service USAGE 

10 3 features that makes it easier to extend Kong WHY KONG? • DecK – as a Go library • Dry Run mode • Event Hooks 

11 As a Go library DECK Challenges • Source of truth « outside » Kong • Kubernetes API • Declarative Config Management • Reconciliation with Kong API • Creations • Updates • Deletions DecK • CLI tool to sync state with Kong API • Written in Go • Load, merge & sync state • JSON/YAML support • Embed as a Go lib • ✅ Integration • ✅ Parsable output 

12 USING DECK Dev Generate desired state Get current state DecK Merge both states Sync new state with Kong Render final state JSON diff JSON / YAML Final state 

13 Safe & early feedback DRY RUN MODE Why? • Test config changes • Very early feedback • Safe operations • State never persisted on disk Flow • Client • Kubernetes API Server • Admission webhook • Kubernetes Operator • DecK Sync • Dry-run Flag • Kong • Validations, … 

14 With Kubernetes USING DRY RUN MODE • Server-side apply • Server-side dry-run • Mutating admission webhook 

15 Avoid configuration drift EVENT HOOKS Event Hooks? • Kong Enterprise feature • Notify our operator for each change • HTTP Webhook • Avoid configuration drift • Force people to use the operator Using Event Hooks • Tag every entity • Filter on the tag • To trigger the reconciliation • Kubernetes internal queue • Kong 2.x • Needs to be restarted before… 

16 CONCLUSION Putting it all together • DecK • Easy reconciliation • JSON/YAML output • Dry Run Mode • Safe operations • Event Hooks • Avoid config drift User Experience • ✅ Self-service • ✅ Self-healing • ✅ Safe 

Thank you. Questions?