Managing Kong API Gateway with Terraform

Transcript

1. Byungjin Park · posquit0.com · posquit0 Copyright © 2018 All

   Rights Reserved. ߅ ߽૓(Byungjin Park) · Site Reliability Engineer @ KASA Managing Kong API Gateway with Terraform Terraformਵ۽ Kong API Gateway ҙܻೞӝ ࢲ਎ ޿স #2 at HashiCorp KRUG Oct 23, 2018

2. Copyright © 2018 All Rights Reserved. speaker ߊ಴੗ ࣗѐ Byungjin

   Park · posquit0.com · posquit0 ߅߽૓ / @posquit0 (അ) Site Reliability Engineer @ Kasa (੹) Software Architect @ OMNIOUS DEFCON CTF Ҵઁ೧ఊ؀ഥ World Final 5ഥ ૓୹ Node.js৬ Pythonਸ જই೤פ׮. ఠ޷օ ജ҃ਸ ࢎیೞח ҭ੢ೠ Vim ؋റੑפ׮. GitHubীࢲ ഝߊೞѱ য়೑ࣗझ ഝزਸ ೞҊ ੓णפ׮. ࢲ࠺झ ѐߊ ߂ ਍৔җ ҙ۲ػ ݽٚ ੌਸ ૌӤפ׮.

3. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com

   · posquit0 api gateway

4. Copyright © 2018 All Rights Reserved. api gateway MSA (MICROSERVICES

   ARCHITECTURE) Byungjin Park · posquit0.com · posquit0 API Gatewayח ݃੉௼۽ ࢲ࠺झ ইఃఫ୊৬ ݆਷ োҙਸ о૑Ҋ ੓णפ׮. MSA ח ೞա੄ ௾ য೒ܻா੉࣌ਸ ة݀੸ੋ ৉ೡਸ ࣻ೯ೞח ৈ۞ ݃੉௼۽ ࢲ࠺झ۽ ଂѐয ઑ೤ೣਵ۽ॄ ѐ߹ ࢲ࠺झ੄ ࠂ੟بܳ ઴੉ח ࢸ҅ ಁఢ ੑפ׮. Monolithic Micro-services Architecture User Auth Order Payment Notification CAR RENTAL SERVICE CAR RENTAL SERVICE User Auth Payment Noti Order

5. Copyright © 2018 All Rights Reserved. api gateway COMMUNICATION IN

   MSA Byungjin Park · posquit0.com · posquit0 о੢ ௾ ױ੼ ઺ ೞաח ਍৔೧ঠ ೞח ࢲ࠺झ੄ ࣻо טযաݶࢲ ҭ੢൤ ࠂ੟೧૑ח ాन(Communication) ޙઁ ੑפ׮. ೞ૑݅, MSA о ੢੼݅ਸ о૑ח Ѫ਷ ইתפ׮. Client-Server Communication Inter Service Communication North - South East - West

6. Copyright © 2018 All Rights Reserved. api gateway COMMUNICATION IN

   MSA Byungjin Park · posquit0.com · posquit0 ੉۞ೠ ޙઁٜਸ ബਯ੸ਵ۽ ೧Ѿೞӝ ਤ೧ API Gateway ৬ Service Mesh ١੉ աఋլणפ׮. MSA ীࢲח ௿ۄ੉঱౟৬ ࢲ࠺झ р੄ ాन ࡺ݅ ইפۄ ࢲ࠺झ р੄ ాन ژೠ Ҋ۰ ೧ঠ ೤פ׮. Client-Server Communication Inter Service Communication North - South East - West

7. Copyright © 2018 All Rights Reserved. api gateway WHY USE

   API GATEWAY? Byungjin Park · posquit0.com · posquit0 API Gatewayח MSA ীࢲ ௿ۄ੉঱౟৬ ࢲߡ р੄ ాन ޙઁܳ ೧Ѿೞӝ ਤೠ ࣛܖ࣌ ੑפ׮. ೞա੄ ѱ੉౟ਝ੉۽ࢲ ௿ۄ੉঱౟৬੄ ాनਸ ׸׼ೡ ࣻ ੓ਵݴ, п ݃੉௼۽ࢲ࠺झо ઺ࠂਵ۽ оઉঠ ೮؍ ӝמ ۨ੉যٜਸ ؀न ୊ܻೡ ࣻ ੓णפ׮.

8. Copyright © 2018 All Rights Reserved. api gateway CANDIDATES Byungjin

   Park · posquit0.com · posquit0 ੉۞ೠ API Gateway ܳ ҳഅೠ য়೑ࣗझ ೐۽ં౟ ഑਷ ূఠ೐ۄ੉ૉ ࢲ࠺झ ٜ੉ ੉޷ द੢ী ݆੉ ઓ੤ ೤פ׮.

9. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com

   · posquit0 kong

10. Copyright © 2018 All Rights Reserved. kong KONG API GATEWAY

    Byungjin Park · posquit0.com · posquit0 Apache ۄ੉ࣃझ۽ ੉ਊ оמೠ ழޭפ౭ ী٣࣌җ, Ҋә ӝמ ߂ ӝࣿ ૑ਗ੉ ઁҕغח ূఠ೐ۄ੉ૉ ী٣࣌੉ ੓णפ׮. Kongח ੉޷ օܻ ࢎਊغҊ ੓ח Nginx ਢ ࢲߡܳ ӝ߈ਵ۽ Lua ܳ ా೧ ӝמ੉ ഛ੢ػ য়೑ࣗझ API ѱ੉౟ਝ੉ ੑפ׮. Cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway, or in some cases Service Mesh) https://github.com/kong/kong License Model - Community Edition (CE) - Enterprise Edition (EE) Nginx / OpenResty ਸ ӝ߈ਵ۽ೞৈ Lua۽ ഛ੢ оמೠ য়೑ࣗझ API ѱ੉౟ਝ੉ NGINX OpenResty Clustering & Datastore Plugins RESTful Administration API

11. Copyright © 2018 All Rights Reserved. kong WHY USE KONG?

    Byungjin Park · posquit0.com · posquit0 ׼ো൤ Lua झ௼݀౟ܳ ా೧ ૒੽ ழझథ ೒۞Ӓੋਸ ઁ੘ೞৈ ഝਊೡ ࣻب ੓णפ׮. Kong਷ ੋૐ, ࠁউ, ݽפఠ݂, ۽Ӧ ١ API Gateway ী ೙ਃೠ ݆਷ ӝמਸ ӝࠄ ೒۞Ӓੋਸ ా೧ ઁҕೞҊ ੓णפ׮. Features API Gatewayܳ ਤೠ ׮নೠ ӝמਸ ӝࠄ ೒۞Ӓੋਵ۽ ઁҕ - Authentication - Security - Traffic Control - Request / Response Transformation - Serverless - Analytics & Monitoring - Logging

12. Copyright © 2018 All Rights Reserved. kong WHY USE KONG?

    Byungjin Park · posquit0.com · posquit0 ੹ࣁ҅ ѐߊ੗ٜ੉ ҙ۲ ೐۽ં౟ ߂ ೒۞Ӓੋਸ ѐߊೞҊ ੓ਵݴ, Kongਸ ઱ઁ۽ೠ ޿স ژೠ ੹ࣁ҅ীࢲ ૓೯غҊ ੓णפ׮. Kong਷ ழޭפ౭ ী٣࣌ਸ ా೧ ъ۱ೠ ழޭפ౭ ࢤక҅ܳ о૑Ҋ ੓णפ׮. Ecosystem ޖܐ ழޭפ౭ ী٣࣌(CE) ਸ ઺बਵ۽ ೠ ъ۱ೠ য়೑ࣗझ ࢤక҅ - 4,500,000+ ׮਍۽٘ ࣻ - 100+ য়೑ࣗझ ஶ౟ܻ࠭ఠ - 36,000+ ழޭפ౭ ଵৈ੗ - 100+ ੹ࣁ҅ ޿স ૓೯ - 4000+ Kong ҙ۲ ೐۽ં౟ - 500+ Kong ೒۞Ӓੋ Kong Hub: Kong ӝמ ഛ੢ ݽ਺ (https://docs.konghq.com/hub/) Kong Nation: Kong ழޭפ౭ ನۢ (https://discuss.konghq.com)

13. Copyright © 2018 All Rights Reserved. kong ENTERPRISE EDITION Byungjin

    Park · posquit0.com · posquit0 ׮݅, оѺ੉… Kong ূఠ೐ۄ੉ૉ ী٣࣌਷ ӝࣿ ૑ਗ, ୶о ೒۞Ӓੋ, ҙܻ੗ ؀दࠁ٘ ١ਸ ୶о ૑ਗ೤פ׮. Benefits - Kong Manager: ਢ ӝ߈ ҙܻ੗ ؀दࠁ٘ - Kong Vitals: ੗୓ ݽפఠ݂ ؀दࠁ٘ - Kong Dev Portal: ѐߊ੗ ನఎ. OpenAPI ӝ߈੄ API ޙࢲ ઁҕ - Admin APIী ؀ೠ RBAC(Role Based Access Control) ૑ਗ - 24/7 ӝࣿ ૑ਗ - ୶о੸ੋ Ҋә ೒۞Ӓੋ ׮ࣻ ઁҕ - OpenID Connect - OAuth 2.0 Introspection - Enterprise Rate Limiting - Edge Caching

14. Copyright © 2018 All Rights Reserved. kong COMPONENTS Byungjin Park

    · posquit0.com · posquit0 അ੤ Kong੉ ҕध ૑ਗೞח ؘ੉ఠ ੷੢ࣗח PostgreSQLҗ Cassandrda ੑפ׮. Kong CEח ҙܻ੗ API, ೐۾द API, ؘ੉ఠ ੷੢ࣗ۽ ҳࢿ ؾפ׮. Kong Proxy API Kong Admin API Data Store Kong Admin API API Gateway ࢸ੿ ҙܻ ݾ੸੄ ҙܻ੗ API ӝࠄ 8001(HTTP), 8444(HTTPS) ನ౟ ੉ਊ Kong Proxy API Admin APIܳ ా೧ ҳࢿػ API Gateway੄ ূ٘ನੋ౟ ݽ਺ ӝࠄ 8000(HTTP), 8443(HTTPS) ನ౟ ੉ਊ Data Store Kong ੄ API য়࠳ં౟(ࢲ࠺झ, ۄ਋౟, ஶगݠ ١) ੷੢ࣗ Postgres, Cassandra ૑ਗ

15. Copyright © 2018 All Rights Reserved. kong API OBJECTS Byungjin

    Park · posquit0.com · posquit0 ԙ ঌইفযঠ ೡ API য়࠳ં౟۽ח Service, Route, Consumer, Credential, Plugin ੉ ੓णפ׮. Kong API Gatewayܳ ҳࢿೞח ੘স਷ Kong Admin API੄ য়࠳ં౟ܳ ҙܻೞח Ѫ੉ۄ ࢤпೞݶ ؾפ׮. Service Route Consumer Plugin Upstream Target Credential SNI Certificate API deprecated

16. Copyright © 2018 All Rights Reserved. kong API OBJECTS Byungjin

    Park · posquit0.com · posquit0 ೐۽ష௒਷ അ੤ HTTP/S, HTTP2, WebSocketਸ ૑ਗ ೤פ׮. ࢲ࠺झ(Service) য়࠳ં౟ח API Gatewayী োѾ غয ௿ۄ੉঱౟ ਃ୒ਸ ੹׳ ೡ সझ౟ܿ ࢲ࠺झܳ ੿੄೤פ׮. Service Kong API Gatewayী োѾ ؼ সझ౟ܿ ࢲ࠺झܳ ੄޷ ೐۽ష௒, ഐझ౟, ನ౟, ҃۽ ࢸ੿ User Service

17. Copyright © 2018 All Rights Reserved. kong API OBJECTS Byungjin

    Park · posquit0.com · posquit0 ੿ӏ಴അधҗ ਋ࢶࣽਤܳ ૑ਗೞৈ ਬোೞѱ ࢸ੿ਸ ೡ ࣻ ੓णפ׮. ۄ਋౟(Route) য়࠳ં౟ח ௿ۄ੉঱౟੄ ਃ୒(HTTP Method, Path ١)ী ٮۄ ౠ੿ ࢲ࠺झ۽ ೧׼ ਃ୒ਸ ੹׳ೞӝ ਤೠ ӏ஗ਸ ੿੄೤פ׮. Service Kong API Gatewayী োѾ ؼ সझ౟ܿ ࢲ࠺झ ೐۽ష௒, ഐझ౟, ನ౟, ҃۽ ࢸ੿ User Service Route ௿ۄ੉঱౟੄ ਃ୒ਸ ࢲ࠺झ۽ ನਕ٬ೞӝ ਤೠ ӏ஗(Rule) ೐۽ష௒, ഐझ౟, ҃۽, HTTP ݫࣗ٘ ࢸ੿ ੿ӏ಴അधҗ ਋ࢶࣽਤ ૑ਗ POST /users GET /users/me

18. Copyright © 2018 All Rights Reserved. kong API OBJECTS Byungjin

    Park · posquit0.com · posquit0 সझ౟ܿ ё୓ܳ ࢎਊೞ૑ ঋইب Kong API Gatewayח ࢎਊ оמ೤פ׮. সझ౟ܿ(Upstream) য়࠳ં౟ח Kong API Gateway ੗୓੸ਵ۽ L7 ۽٘ߖ۠य ӝמਸ ૑ਗೞҊ੗ بੑػ о࢚ഐझ౟ ѐ֛ੑפ׮. Upstream ۽٘ߖ۠यਸ ૑ਗೞӝ ਤೠ о࢚ ഐझ౟(Virtual Host) Active Health Check ߂ Passive Health Check (Circuit Breaker) ૑ਗ user.service POST /users GET /users/me User Service

19. Copyright © 2018 All Rights Reserved. kong API OBJECTS Byungjin

    Park · posquit0.com · posquit0 о઺஖ чਸ ഝਊೞৈ ஠աܻ ߓನ(Canary Deployment)ܳ ҳഅೞח Ѫب оמ೤פ׮. ఋѶ(Target) য়࠳ં౟ח সझ౟ܿী োѾغয ࠙ߓػ ਃ୒ਸ ୊ܻ ೡ ߔূ٘ ࢲ࠺झܳ ੿੄೤פ׮. Upstream ۽٘ߖ۠यਸ ૑ਗೞӝ ਤೠ о࢚ ഐझ౟(Virtual Host) Active Health Check ߂ Passive Health Check (Circuit Breaker) ૑ਗ User v1 User v2 Target ഐझ౟৬ ನ౟ हਵ۽ ҳࢿػ о࢚ഐझ౟۽੄ ਃ୒ਸ ࠙ߓೡ ఋѶ ۽٘ߖ۠य о઺஖(Weight) ૑ਗ user.service POST /users GET /users/me User Service

20. Copyright © 2018 All Rights Reserved. kong API OBJECTS Byungjin

    Park · posquit0.com · posquit0 э਷ ࢲ࠺झ ࢎਊ੗ۄب ೒ۖಬ ߹(Web, Android, iOS ١)۽ ஶगݠܳ ٜ݅য োѾೞח Ѫب оמೞ׮. ஶगݠ(Consumer) য়࠳ં౟ח APIܳ ࣗ࠺ೡ ࢎਊ੗ܳ ੿੄ೞݴ, ੉ܳ ా೧ ੋૐ / ੽Ӕઁয / ౟ېఊ ١ API Gateway੄ ৈ۞ ӝמਸ ഝਊೡ ࣻ ੓णפ׮. Consumer API ࣗ࠺੗ܳ աఋղݴ ੋૐ / ੽Ӕઁয / ౟ېఊ ١ ৈ۞ ݾ੸ਵ۽ ഝਊ custom_id ೙٘ܳ ా೧ ࢲ࠺झ ࢚੄ ࢎਊ੗ ID৬ ݒೝ оמ ஶगݠ৬ ࢎਊ੗о ߈٘द 1:1 ҙ҅ੌ ೙ਃח হ਺ user.service consumer POST /users GET /users/me User Service User v1 User v2

21. Copyright © 2018 All Rights Reserved. kong API OBJECTS Byungjin

    Park · posquit0.com · posquit0 ੉޷ ઁҕغח ೒۞Ӓੋਸ ഝਊೡ ࡺ݅ ইפۄ, Lua۽ ૒੽ ழझథ ೒۞Ӓੋਸ ઁ੘ೞৈ ഝਊೡ ࣻ ੓णפ׮. ೒۞Ӓੋ(Plugin) য়࠳ં౟ח Kong API Gateway੄ о੢ ъ۱ೠ ӝמਵ۽ HTTP ਃ୒-਽׹ ೒۽਋ ࢚ী ਗೞח ӝמਸ ഛ੢ೡ ࣻ ੓णפ׮. Consumer API ࣗ࠺੗ܳ աఋղݴ ੋૐ / ੽Ӕઁয / ౟ېఊ ١ ৈ۞ ݾ੸ਵ۽ ഝਊ custom_id ೙٘ܳ ా೧ ࢲ࠺झ ࢚੄ ࢎਊ੗ ID৬ ݒೝ оמ ஶगݠ৬ ࢎਊ੗о ߈٘द 1:1 ҙ҅ੌ ೙ਃח হ਺ user.service consumer Plugin HTTP ਃ୒-਽׹ ൒ܴ ࢚ী प೯ؼ ࣻ ੓ח ഛ੢ ӝמ ੋૐ / ੽Ӕ ઁয / ਃ୒, ਽׹ оҕ / ۽Ӓ, ݫ౟ܼ ੹׳ ١ plugin POST /users GET /users/me User Service User v1 User v2

22. Copyright © 2018 All Rights Reserved. kong DISTRIBUTIONS Byungjin Park

    · posquit0.com · posquit0 Kong਷ ׮নೠ ߓನ ߑߨਸ ૑ਗೞҊ ੓য औҊ ࡅܰѱ Kong API Gateayܳ ࢎਊ೧ࠅ ࣻ ੓णפ׮.

23. Copyright © 2018 All Rights Reserved. kong INSTALL Byungjin Park

    · posquit0.com · posquit0 ؘ੉ఠ߬੉झ ҳࢿ റ DB ݃੉Ӓۨ੉࣌ ੘সਸ ా೧ DB ప੉࠶ਸ ࢤࢿೞҊ, Kong ࢲ࠺झܳ ೧׼ DB৬ োѾೞৈ प೯ೞݶ ؾפ׮. Set-up DB Migrate DB Run Kong 1. Set up Database Kong੄ ؘ੉ఠ ੷੢ࣗ۽ Postgres ഑਷ Cassandra ۽ DB ҳࢿ 2. Migrate Database Kong੄ ؘ੉ఠ߬੉झ ݃੉Ӓۨ੉࣌ ݺ۸যܳ ࣻ೯ೞৈ DB झః݃ ࢤࢿ 3. Run Kong API Gateway ҳࢿೠ DB োѾ ੿ࠁ৬ ೣԋ Kong ࢲ࠺झ प೯ Kong੄ ࢸ஖ ੘স਷ ௼ѱ ࣁ ױ҅۽ ҳࢿؾפ׮.

24. Copyright © 2018 All Rights Reserved. kong INSTALL WITH DOCKER

    Byungjin Park · posquit0.com · posquit0 بழ(Docker)۽ Kongਸ ࢸ஖ೞӝ ਤ೧ࢲח ਋ࢶ ֎౟ਕ௼৬ ؘ੉ఠ߬੉झܳ ҳࢿ೧ঠ ೤פ׮. 1. Set up Database - ׮ܲ بழ ஶప੉ց৬ ాनೞӝ ਤೠ ֎౟ਕ௼ ࢤࢿ - Postgres بழ ஶప੉ց प೯ # Create a custom network to allow the containers # to discover and communicate with each other $ docker network create kong-net # Run Postgres container $ docker run -d --name kong-database \ --network=kong-net \ -p 5432:5432 \ -e "POSTGRES_USER=kong" \ -e "POSTGRES_DB=kong" \ postgres:9.6

25. Copyright © 2018 All Rights Reserved. kong INSTALL WITH DOCKER

    Byungjin Park · posquit0.com · posquit0 ؘ੉ఠ߬੉झ ҳز റীח DB ప੉࠶ਸ ࢤࢿೞӝ ਤೞৈ Kong ੉޷૑ܳ ా೧ ݃੉Ӓۨ੉࣌ ੘সਸ ࣻ೯೤פ׮. 2. Migrate Database - Kong بழ ੉޷૑ܳ ా೧ DB ݃੉Ӓۨ੉࣌ ੘স ࣻ೯ # Run the migrations with an Kong container $ docker run --rm \ --network=kong-net \ -e "KONG_DATABASE=postgres" \ -e "KONG_PG_HOST=kong-database" \ kong:latest kong migrations up

26. 3. Run Kong API Gateway - Kong API Gateway بழ

    ஶప੉ց प೯ - ನ౟ ߣഐ - 8000: Kong Proxy(HTTP) - 8443: Kong Proxy(HTTPS) - 8001: Kong Admin(HTTP) - 8444: Kong Admin(HTTPS) Copyright © 2018 All Rights Reserved. kong INSTALL WITH DOCKER Byungjin Park · posquit0.com · posquit0 ݃੉Ӓۨ੉࣌ ੘স੉ ՘աݶ, Kong بழ ஶప੉ցܳ प೯ೞৈ Kong Proxy৬ Kong Admin ࢲ࠺झ੄ ನ౟ܳ ѐߑ೤פ׮. # Start a Kong container that will connect to database $ docker run -d --name kong \ --network=kong-net \ -e "KONG_DATABASE=postgres" \ -e "KONG_PG_HOST=kong-database" \ -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \ -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \ -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \ -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \ -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \ -p 8000:8000 \ -p 8443:8443 \ -p 8001:8001 \ -p 8444:8444 \ kong:latest

27. Validate Kong is running - Kong Admin APIী ਃ୒ਸ ࠁղ

    Kong Admin ز੘ ഛੋ Copyright © 2018 All Rights Reserved. kong INSTALL WITH DOCKER Byungjin Park · posquit0.com · posquit0 Kong ࢸ஖о ৮ܐغݶ Admin APIী HTTP ਃ୒ਸ ࠁղ Kong੉ ੿࢚੸ਵ۽ ز੘ೞח૑ ഛੋ೤פ׮. $ curl -i http://localhost:8001/
 HTTP/1.1 200 OK Date: Sun, 21 Oct 2018 12:03:02 GMT Content-Type: application/json; charset=utf-8 Connection: keep-alive Access-Control-Allow-Origin: * Server: kong/0.14.1 Content-Length: 5659

28. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com

    · posquit0 kong management

29. Using CLI based HTTP Client Command - API First Design

    ਸ ӝ߈ਵ۽ ೞৈ HTTP۽ ݽٚ ӝמ ੉ਊ оמ - о੢ ࡅܰѱ Kong ਸ ҙܻ೧ ࠅ ࣻ ੓ח ߑߨ Copyright © 2018 All Rights Reserved. kong management USING CLI Byungjin Park · posquit0.com · posquit0 Kong ਷ HTTP ӝ߈੄ Admin API ܳ ઁҕ೧઱ӝ ٸޙী ׮ܲ بҳ ࢸ஖ হ੉ب ࡅܰѱ API Gatewayܳ ҳࢿ೧ ࠅ ࣻ ੓णפ׮. # Add user service $ curl -i -X POST \ --url http://localhost:8001/services/ \ --data 'name=user-service' \ --data 'protocol=http' \ --data 'host=user.service' \ --data 'port=80' \ --data 'path=/'

30. Using CLI based HTTP Client Command - API First Design

    ਸ ӝ߈ਵ۽ ೞৈ HTTP۽ ݽٚ ӝמ ੉ਊ оמ - о੢ ࡅܰѱ Kong ਸ ҙܻ೧ ࠅ ࣻ ੓ח ߑߨ Copyright © 2018 All Rights Reserved. kong management USING CLI Byungjin Park · posquit0.com · posquit0 ೞ૑݅ API Gatewayܳ ࢸ੿ೞӝ ਤೞৈ ݒߣ HTTP ਃ୒ ݺ۸যܳ ੘ࢿೞח Ѫ਷ ցޖա ߣѢ۽਍ ੌ ੑפ׮. # Add user service $ curl -i -X POST \ --url http://localhost:8001/services/ \ --data 'name=user-service' \ --data 'protocol=http' \ --data 'host=user.service' \ --data 'port=80' \ --data 'path=/' Problems - ݒߣ ௪ܻ ੘ࢿೞӝ ӈଳ਺…

31. Using GUI based HTTP Client - Kong Admin API ূ٘ನੋ౟ܳ

    ޷ܻ ١۾ - ٣۩షܻ ӝמਸ ాೠ API ূ٘ನੋ౟ ࠙ܨ - ജ҃(۽ஸ, ѐߊ, ਍৔ ١)ী ٮܲ ߸ࣻ ҙܻ - Postman / Insomnia / ETC Copyright © 2018 All Rights Reserved. USING GUI HTTP CLIENT Byungjin Park · posquit0.com · posquit0 Postman, Insomnia ৬ э਷ GUI ӝ߈੄ HTTP ௿ۄ੉঱౟ জਸ ࢎਊೠ׮ݶ Kong ਸ ࠁ׮ औѱ ҙܻೡ ࣻ ੓णפ׮. kong management

32. Using GUI based HTTP Client - Kong Admin API ূ٘ನੋ౟ܳ

    ޷ܻ ١۾ - ٣۩షܻ ӝמਸ ాೠ API ূ٘ನੋ౟ ࠙ܨ - ജ҃(۽ஸ, ѐߊ, ਍৔ ١)ী ٮܲ ߸ࣻ ҙܻ - Postman / Insomnia / ETC Copyright © 2018 All Rights Reserved. USING GUI HTTP CLIENT Byungjin Park · posquit0.com · posquit0 Ӓ۞ա, ੉ ژೠ അ੤ API Gatewayо যڌѱ ࢸ੿غয ੓ח૑ ೠ ׀ী ౵ঈೞӝо য۵णפ׮. kong management Problems - അ੤ API Gateway ੄ ࢸ੿ਸ ೠ ׀ী ࠁӝ য۰਑

33. Admin Dashboard for Kong CE - Kong CEܳ ਤೠ য়೑ࣗझ

    ҙܻ੗ ؀दࠁ٘ ਢ (࠺ҕध) - Kong DB ߔস/ࠂҳ ӝמ ઁҕ - LDAP ਸ ాೠ ؀दࠁ٘ ੽Ӕઁয ૑ਗ - ੉ݫੌ / ठۑ ঌܿ ӝמ Copyright © 2018 All Rights Reserved. USING DASHBOARD Byungjin Park · posquit0.com · posquit0 Kong EE ੄ ҙܻ੗ ؀दࠁ٘ীࢲ ઁҕೞח ӝמҗ Ѣ੄ ؀١ೡ ੿ب۽ ೂࠗೠ ӝמਸ ઁҕ೤פ׮. (٣੗ੋب ੉࡜ਃ ) Konga More than just another GUI to Kong Admin API https://github.com/pantsel/konga Kongaח Kong ழޭפ౭ীࢲ য়೑ࣗझ۽ ٜ݅যઉ ҙܻغҊ ੓ח Kong CE ਊ ҙܻ੗ ؀दࠁ٘ੑפ׮. kong management

34. Problems API ѱ੉౟ਝ੉ ࢸ੿ ߸҃ী ؀ೠ ୶੸(Tracking) ೙ਃ - “־о

    ৘ড ۄ਋౟ ࢸ੿ਸ ߸҃೮૑?” - “ࢎਊ੗ ࢲ࠺झ ನ౟ ߣഐח ৵ ߸҃ػѢ૑?” - “IP ࠶ۑ ܻझ౟ ೒۞Ӓੋ਷ ঱ઁ ୶оೠѢ૑?” - “ղо ੉ ࢸ੿ਸ ߸҃೧ب غա?” - “যઁө૑݅ ೧ب ੜ ز੘ ೞ؍ѱ ৵ উغ૑!?” Copyright © 2018 All Rights Reserved. USING DASHBOARD Byungjin Park · posquit0.com · posquit0 ־о, ঱ઁ, ޖट ࢸ੿ਸ, যڌѱ, ৵ ߸҃೧ঠ ೞח૑ ୶੸ೡ ࣻ ੓যঠ ೤פ׮. API Gateway੄ ࢸ੿੉ ੼੼ ࠂ੟೧૑Ҋ, ੉ܳ ׮ܖח ূ૑פয੄ ࣻо ૐоೣী ٮۄ ژ ׮ܲ ޙઁ৬ ݃઱ೞѱ ؾפ׮. kong management

35. Copyright © 2018 All Rights Reserved. TRACKING CHANGES Byungjin Park

    · posquit0.com · posquit0 ࢸ੿੄ ߸҃ࢎ೦ਸ ୶੸ೞӝ ਤ೧ࢲח хࢎ ۽Ӓ(Audit Log)ܳ թѹ ୶੸ೞѢա, ࢶ঱ध ࢸ੿(Declarative Configuration)ਸ ੉ਊೡ ࣻ ੓णפ׮. kong management OR Audit Log Declarative Configuration

36. Copyright © 2018 All Rights Reserved. TRACKING CHANGES Byungjin Park

    · posquit0.com · posquit0 ࢶ঱ध ࢸ੿ਸ ੉ਊೞח Ѫী ࠺ೞৈ ੉੼੉ হणפ׮. kong management Audit Log - ־о, ঱ઁ, ޖ঺ਸ, যڌѱ ߸҃ ೞ৓ח૑ ӝ۾ - ۽Ӓܳ औѱ Ѩ࢝ೡ ࣻ ੓Ҋ оदചೞӝ ਤೠ ژ ׮ܲ بҳ ೙ਃ - ౠ੿ Ӓܛী ঌܿ(Notification) ࢸ੿ ೙ਃ хࢎ ۽Ӓ(Audit Log)ܳ ੉ਊೞח Ѫ਷ ߓࠁ׮ ߓԞ੉ ؊ ௾ ೧Ѿ଼੉ ؼ ࣻ ੓ਵݴ,

37. Copyright © 2018 All Rights Reserved. TRACKING CHANGES Byungjin Park

    · posquit0.com · posquit0 ౵ੌਸ ా೧ ࢸ੿ਸ ҙܻೡࣻ ੓ӝ ٸޙী ৈ۞ ੉੼ਸ ஂೡ ࣻ ੓णפ׮. kong management Declarative Configuration - ݺ۸ध ࢸ੿(Imperative Configuration)җ ׮ܰѱ അ੤ ࢸ੿ਸ ࢶ঱ - ࢸ੿ ౵ੌਸ ా೧ ߡ੹ ҙܻо оמ - Terraform, Ansible, Puppet, Kubernetes ١ ࢶ঱ध ࢸ੿(Declarative Configuration)਷ ࠁా ݺ۸ध ࢸ੿(Imperative Configuration)җ ݆੉ ࠺Ү ؾפ׮.

38. Copyright © 2018 All Rights Reserved. TERRAFORM Byungjin Park ·

    posquit0.com · posquit0 AWS ੋ೐ۄܳ ௏٘۽ ҙܻೞӝ ਤ೧ ݆੉ ࢎਊغҌ ೤פ׮. HashiCorp੄ పۄಬ(Terraform)਷ ׮নೠ ೒ۖಬীࢲ ࢎਊೡ ࣻ ੓ח য়೑ࣗझ IaC(Infrastructure as Code) بҳ ੑפ׮. kong management A tool for building, changing, and combining infrastructure safely and efficiently https://www.terraform.io/ IaC (Infrastructure as Code) - ࢸ੿(Configuration)ਸ ௏٘۽ ߡ੹ҙܻ - ௏٘ ܻ࠭ܳ ాೠ ഈসҗ पࣻ ߑ૑ - పझ౟ оמ - ௏٘ प೯ਸ ాೠ ੗زച(Automation) ߂ ੤ࢎਊ(Reuse)

39. Copyright © 2018 All Rights Reserved. USING DECLARATIVE CONFIGURATION Byungjin

    Park · posquit0.com · posquit0 (ҕध ೐۽߄੉؊ח ইתפ׮…) য়೑ࣗझ۽ ҕѐغয ੓ח terraform-provider-kong ਸ ੉ਊೞݶ, పۄಬਵ۽ ੋ೐ۄܳ ҙܻೞ؍ ҃೷ਸ Ӓ؀۽ Kong ҙܻী оઉৢ ࣻ ੓णפ׮. kong management Kong Provider for Terraform https://github.com/kevholditch/terraform-provider-kong Terraform Community Provider for Kong - పۄಬਵ۽ Kong API Gateway ࢸ੿ оמ - Admin API ূ٘ನੋ౟ী ؀ೠ Basic Auth৬ API Key Auth ૑ਗ - Ѣ੄ ݽٚ API য়࠳ં౟ী ؀ೠ ࢸ੿ оמ - పۄಬ ؘ੉ఠ ࣗझ ߂ ੐ನ౟ ૑ਗ

40. Copyright © 2018 All Rights Reserved. USING DECLARATIVE CONFIGURATION Byungjin

    Park · posquit0.com · posquit0 ਤ৬ э੉ HCL(HashiCorp Configuration Language) ۽ ࢶ঱ध ࢸ੿ਸ ೡ ࣻ ੓णפ׮. kong management Kong Provider for Terraform https://github.com/kevholditch/terraform-provider-kong provider "kong" { kong_admin_uri = "http://admin.my-kong.com:8001" kong_admin_username = "youruser" kong_admin_password = "yourpass" } resource "kong_route" "route" { protocols = [ "http", "https" ] methods = [ "GET", "POST" ] hosts = [ "example2.com" ] paths = [ "/test" ] strip_path = false preserve_host = true service_id = "${kong_service.service.id}" }

41. Copyright © 2018 All Rights Reserved. ALTERNATIVES: KONGFIG Byungjin Park

    · posquit0.com · posquit0 Kong ݅ਸ ࢶ঱ध ࢸ੿ਵ۽ ҙܻೞӝ ਤೠ بҳب ੓঻؊ۉפ׮…ƑƑ kong management Declarative configuration for Kong https://github.com/mybuilder/kongfig - Kong ਸ ࢶ঱ध ࢸ੿ਵ۽ ҙܻೞӝ ਤ೧ ٜ݅য૓ Node.js ӝ߈ بҳ - పۄಬҗ ࢎਊߨ ਬࢎ - সؘ੉౟ উػ૑ য়ې ؽ… - ୭न API য়࠳ં౟ ޷૑ਗ… $ kongfig apply --path config.yml --host localhost:8001 plugins: - name: cors attributes: username: enabled: true config: credentials: false preflight_continue: false max_age: 7000 consumers: - username: iphone-app custom_id: foobar-1234

42. Copyright © 2018 All Rights Reserved. ALTERNATIVES: KUBERNETES INGRESS CONTROLLER

    Byungjin Park · posquit0.com · posquit0 ੉ܳ ੉ਊೞݶ Kubernetes Manifest ౵ੌਸ ా೧ ೒۞Ӓੋ / ஶगݠ / ੋૐࢲ ҙܻܳ ೡ ࣻ ੓णפ׮. kong management Use Kong for Kubernetes Ingress https://github.com/Kong/kubernetes-ingress-controller - NGINX ੋӒۨझ ஶ౟܀۞ܳ ӝ߈ਵ۽ ೠ Kong ੋӒۨझ ஶ౟܀۞ - Ingress য়࠳ં౟ܳ ా೧ ࢲ࠺झ / ۄ਋౟ / সझ౟ܿ / ఋѶ ҙܻ ੗زച - CRD(Custom Resource Definition)ਸ ా೧ ೒۞Ӓੋ / ஶगݠ / ੋૐࢲ ҙܻ - Kong ੄ ҕध ௢ߡ֎౭झ ߓನ౸ apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: http-svc-consumer-ratelimiting namespace: default config: key: value plugin: my-plugin Kong Ingress Controllerח Kong Inc. ীࢲ ௢ߡ֎౭झܳ ੸ӓ ૑ਗೞӝ ਤ೧ ഝߊ൤ ѐߊ઺ੋ ҕध ௢ߡ֎౭झ ߓನ౸ੑפ׮. $ kubectl apply -f kong-plugin.yaml

43. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com

    · posquit0 demo

44. Copyright © 2018 All Rights Reserved. GOALS Byungjin Park ·

    posquit0.com · posquit0 ઱ਃ Kong API য়࠳ં౟ ߂ ೒۞Ӓੋਸ ׮ܖয ࠁѷणפ׮. demo ੉ߣ ؘݽীࢲח ࢎਊ੗ ࢲ࠺झ৬ ೡ ੌ ࢲ࠺झ۽ ҳࢿػ API Gatewayܳ పۄಬਸ ੉ਊೞৈ ҳࢿ೧ࠁ۰ ೤פ׮. ݽٚ ؘݽ ௏٘ח https://github.com/posquit0/demo-terraform-provider-kong ীࢲ ഛੋೡ ࣻ ੓णפ׮. Services - User Service - TODO Service Routes - User Routes - TODO Routes - Fallback Route Consumers - User - Admin - Anonymous Auth - Basic Auth Plugins - CORS - Rate Limiting - Correlation ID - Bot Detection

45. Copyright © 2018 All Rights Reserved. ENVIRONMENTS Byungjin Park ·

    posquit0.com · posquit0 ੉ߣ ؘݽীࢲ ࢎਊೞח Terraform, Kong CE, Terraform Provider Kong ੄ ߡ੹਷ ਤ৬ эणפ׮. demo ݽٚ ؘݽ ௏٘ח https://github.com/posquit0/demo-terraform-provider-kong ীࢲ ഛੋೡ ࣻ ੓णפ׮. Terraform v0.11.9 Kong CE v0.14.1 Terraform Kong Povider v1.7.0

46. Copyright © 2018 All Rights Reserved. INSTALL TERRAFORM KONG PROVIDER

    Byungjin Park · posquit0.com · posquit0 ਤ৬ э੉ ૒੽ Kong ೐۽߄੉؊ܳ ׮਍۽٘ ߉ই ࢸ੿೧ঠ ೤פ׮. demo Kong਷ పۄಬ੄ ҕध ೐۽߄੉؊о ইפӝ ٸޙী terraform init ਸ ా೧ ੗ز ࢸ஖ غ૑ ঋणפ׮. ݽٚ ؘݽ ௏٘ח https://github.com/posquit0/demo-terraform-provider-kong ীࢲ ഛੋೡ ࣻ ੓णפ׮. $ wget https://github.com/kevholditch/terraform-provider-kong/releases/download/v1.7.0/terraform-provider-kong_1.7.0_darwin_amd64.zip $ unzip -j terraform-provider-kong_1.7.0_darwin_amd64.zip terraform-provider-kong_v1.7.0 -d ~/.terraform.d/plugins/

47. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com

    · posquit0 retrospective

48. Copyright © 2018 All Rights Reserved. retrospective GOOD THINGS Byungjin

    Park · posquit0.com · posquit0 ௏٘ܳ ాೠ ߡ੹ ҙܻ৬ ੗زചܳ ೡ ࣻ ੓׮ח ֈա ೯ࠂ೤פ׮… Kong API Gateway ਍৔ਸ ਤೞৈ పۄಬਸ بੑೞѱ غݶࢲ ݆਷ ੉ٙਸ ࠅ ࣻ ੓঻णפ׮. Version Control хࢎ ۽Ӓ(Audit Log) হ੉ API Gateway ࢸ੿੄ ߸҃ ੉۱ ҙܻ Collaboration GitHub৬ S3 ࢚క ੷੢ࣗܳ ࢎਊೞৈ ౱ਗҗ ࢸ੿ਸ ೣԋ ҙܻ No GUI Konga ഑਷ Kong EE ৬ э਷ GUI ؀दࠁ٘ হ੉ ਍৔ оמ Automation ௏٘ प೯ ೠ ߣਵ۽ ݽٚ ࢸ੿ਸ ࡅܰѱ ੸ਊ Testing ਍৔ ജ҃ ੸ਊ ੹ పझ౟ਊ API Gateway ࢸ੿ ਊ੉ Documentation పۄಬ ௏٘ ੗୓о API Gateway ࢸ੿ী ؀ೠ ޙࢲ ৉ೡ

49. Copyright © 2018 All Rights Reserved. retrospective FUTURE WORKS Byungjin

    Park · posquit0.com · posquit0 ژ, അ੤ పۄಬ Kong Providerח Consumer Credential য়࠳ં౟ܳ ૑ਗೞ૑ ঋਵݴ, Ӓ ৻ীب ࠗ઒ೠ ӝמ੉ ઓ੤ೞחѱ ࢎप ੑפ׮. ই૒ IaC ౱ ޙച ੹౵ ߂ ੗زച ஏݶীࢲ ݾ಴ೞח ߄ө૑ ب׳ೞ૑ח ޅೞ৓णפ׮. Access Control CI / CD ౵੉೐ۄੋ ࢚੄ ౠ੿ ࢲ࠺झ ҅੿݅ Admin API ੽Ӕ ೲо Pull Request + Code Review GitHub ࢚ীࢲ ௏ܻ٘࠭ܳ ా೧ PR੉ ߽೤غযঠ ߸҃ࢎ೦ ੸ਊ CI / CD Pipeline Jenkins ৬ ా೤ೞৈ ਍৔ / झప੉૚ ജ҃ ߓನ ੗زച Terraform Kong Provider য়೑ࣗझ ӝৈܳ ాೠ ࠛ৮੹ೠ ӝמ ࠁ৮

50. Copyright © 2018 All Rights Reserved. retrospective AWESOME KONG Byungjin

    Park · posquit0.com · posquit0 Kong CEOо ߹ೂࢶ ઱Ҋ щযਃ! Kong API Gatewayܳ بੑೞݶࢲ ب਑੉ غ঻؍ ܻࣗझܳ ௸ۨ੉࣌ೞৈ GitHubী ҕਬೞҊ ੓णפ׮. https://github.com/posquit0/awesome-kong

51. Copyright © 2018 All Rights Reserved. retrospective V1 RELEASE Byungjin

    Park · posquit0.com · posquit0 ࢲ࠺झ ݫद ಁఢ ૑ਗ੉ ӝ؀ غ֎ਃ! (Istioب ই૒ ޅ ॄࠁওחؘ…) Kong ߡ੹ 1੉ ҍ ੿ध ܾܻૉ ػ׮Ҋ ೤פ׮.. v1.0 GA Release in 2018 !? AI / ݠन۞׬ ӝ߈੄ ࠺੿࢚ ೯ਤ ఐ૑ (Anomaly Detection) ࢲ࠺झ ݫद(Service Mesh) ಁఢ ૑ਗ ௢ߡ֎౭झ ૑ਗ ъച https://konghq.com/blog/announcing-kong-1-0/

52. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com

    · posquit0 API Gatewayо ೙ਃೞ׮ݶ Kongਸ ୶ୌೠ׮. API Gateway੄ ҙܻী Terraformਸ بੑ೧ࠁ੗. SUMMARY

53. Copyright © 2018 All Rights Reserved. recruiting ஠ࢎ৬ ೣԋ ࢿ੢ೡ

    ѐߊ੗ܳ ଺णפ׮. Byungjin Park · posquit0.com · posquit0 ஠ࢎ(Kasa)ীࢲח ূ૑פয ٜ࠙ਸ ࢚द ଻ਊೞҊ ੓ਵפ ҙब੉ ੓ਵद׮ݶ ಞೞѱ োۅ ઱ࣁਃ! Open Positions Backend / DevOps / BigData Platform / Security Compliance ஠ࢎח ੹ࣁ҅ ݽٚ ੗࢑ী ־ҳٚ ై੗ೡ ࣻ ੓ѱ ೠ׮ח ޷࣌ ইې ࠗز࢑ ై੗੄ ֫਷ ੢߷ਸ ࠶۾୓ੋਸ ഝਊೠ ӝࣿ ഄनਵ۽ ೧Ѿೞח ೐܂ప௼(PropTech) ӝসੑפ׮. Make the world’s assets accessible to all ஠ࢎ ূ૑פয݂ ଻ਊী ҙब੉ ੓աਃ?
 рױೠ ࠄੋ ࣗѐ৬ ೣԋ ۨૅݫ ഋध੄ ੉۱ࢲܳ ୎ࠗೞৈ [email protected] ۽ োۅ઱दݶ, ׸׼੗о ഛੋ റ োۅ ܻ٘ѷणפ׮.

54. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com

    · posquit0 THE END Thank you for attention :) Visit my AMA (https://github.com/posquit0/ama) for any question! хࢎ೤פ׮!

55. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com

    · posquit0