Managing Kong API Gateway with Terraform

Transcript

1. Byungjin Park · posquit0.com · posquit0
   Copyright © 2018 All Rights Reserved.
   ߅ ߽૓(Byungjin Park) · Site Reliability Engineer @ KASA
   Managing Kong API Gateway with Terraform
   Terraformਵ۽ Kong API Gateway ҙܻೞӝ
   ࢲ਎ ޿স #2 at HashiCorp KRUG
   Oct 23, 2018
   

   View Slide

2. Copyright © 2018 All Rights Reserved.
   speaker
   ߊ಴੗ ࣗѐ
   Byungjin Park · posquit0.com · posquit0
   ߅߽૓ / @posquit0
   (അ) Site Reliability Engineer @ Kasa
   (੹) Software Architect @ OMNIOUS
   DEFCON CTF Ҵઁ೧ఊ؀ഥ World Final 5ഥ ૓୹
   Node.js৬ Pythonਸ જই೤פ׮.
   ఠ޷օ ജ҃ਸ ࢎیೞח ҭ੢ೠ Vim ؋റੑפ׮.
   GitHubীࢲ ഝߊೞѱ য়೑ࣗझ ഝزਸ ೞҊ ੓णפ׮.
   ࢲ࠺झ ѐߊ ߂ ਍৔җ ҙ۲ػ ݽٚ ੌਸ ૌӤפ׮.
   

   View Slide

3. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com · posquit0
   api gateway
   

   View Slide

4. Copyright © 2018 All Rights Reserved.
   api gateway
   MSA (MICROSERVICES ARCHITECTURE)
   Byungjin Park · posquit0.com · posquit0
   API Gatewayח ݃੉௼۽ ࢲ࠺झ ইఃఫ୊৬ ݆਷ োҙਸ о૑Ҋ ੓णפ׮.
   MSA ח ೞա੄ ௾ য೒ܻா੉࣌ਸ ة݀੸ੋ ৉ೡਸ ࣻ೯ೞח ৈ۞ ݃੉௼۽ ࢲ࠺झ۽ ଂѐয ઑ೤ೣਵ۽ॄ ѐ߹ ࢲ࠺झ੄ ࠂ੟بܳ ઴੉ח ࢸ҅ ಁఢ ੑפ׮.
   Monolithic Micro-services Architecture
   User
   Auth
   Order
   Payment
   Notification
   CAR RENTAL SERVICE CAR RENTAL SERVICE
   User
   Auth
   Payment Noti
   Order
   

   View Slide

5. Copyright © 2018 All Rights Reserved.
   api gateway
   COMMUNICATION IN MSA
   Byungjin Park · posquit0.com · posquit0
   о੢ ௾ ױ੼ ઺ ೞաח ਍৔೧ঠ ೞח ࢲ࠺झ੄ ࣻо טযաݶࢲ ҭ੢൤ ࠂ੟೧૑ח ాन(Communication) ޙઁ ੑפ׮.
   ೞ૑݅, MSA о ੢੼݅ਸ о૑ח Ѫ਷ ইתפ׮.
   Client-Server Communication Inter Service Communication
   North - South East - West
   

   View Slide

6. Copyright © 2018 All Rights Reserved.
   api gateway
   COMMUNICATION IN MSA
   Byungjin Park · posquit0.com · posquit0
   ੉۞ೠ ޙઁٜਸ ബਯ੸ਵ۽ ೧Ѿೞӝ ਤ೧ API Gateway ৬ Service Mesh ١੉ աఋլणפ׮.
   MSA ীࢲח ௿ۄ੉঱౟৬ ࢲ࠺झ р੄ ాन ࡺ݅ ইפۄ ࢲ࠺झ р੄ ాन ژೠ Ҋ۰ ೧ঠ ೤פ׮.
   Client-Server Communication Inter Service Communication
   North - South East - West
   

   View Slide

7. Copyright © 2018 All Rights Reserved.
   api gateway
   WHY USE API GATEWAY?
   Byungjin Park · posquit0.com · posquit0
   API Gatewayח MSA ীࢲ ௿ۄ੉঱౟৬ ࢲߡ р੄ ాन ޙઁܳ ೧Ѿೞӝ ਤೠ ࣛܖ࣌ ੑפ׮.
   ೞա੄ ѱ੉౟ਝ੉۽ࢲ ௿ۄ੉঱౟৬੄ ాनਸ ׸׼ೡ ࣻ ੓ਵݴ, п ݃੉௼۽ࢲ࠺झо ઺ࠂਵ۽ оઉঠ ೮؍ ӝמ ۨ੉যٜਸ ؀न ୊ܻೡ ࣻ ੓णפ׮.
   

   View Slide

8. Copyright © 2018 All Rights Reserved.
   api gateway
   CANDIDATES
   Byungjin Park · posquit0.com · posquit0
   ੉۞ೠ API Gateway ܳ ҳഅೠ য়೑ࣗझ ೐۽ં౟ ഑਷ ূఠ೐ۄ੉ૉ ࢲ࠺झ ٜ੉ ੉޷ द੢ী ݆੉ ઓ੤ ೤פ׮.
   

   View Slide

9. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com · posquit0
   kong
   

   View Slide

10. Copyright © 2018 All Rights Reserved.
    kong
    KONG API GATEWAY
    Byungjin Park · posquit0.com · posquit0
    Apache ۄ੉ࣃझ۽ ੉ਊ оמೠ ழޭפ౭ ী٣࣌җ, Ҋә ӝמ ߂ ӝࣿ ૑ਗ੉ ઁҕغח ূఠ೐ۄ੉ૉ ী٣࣌੉ ੓णפ׮.
    Kongח ੉޷ օܻ ࢎਊغҊ ੓ח Nginx ਢ ࢲߡܳ ӝ߈ਵ۽ Lua ܳ ా೧ ӝמ੉ ഛ੢ػ য়೑ࣗझ API ѱ੉౟ਝ੉ ੑפ׮.
    Cloud-native, fast, scalable, and distributed Microservice Abstraction Layer
    (also known as an API Gateway, or in some cases Service Mesh)
    https://github.com/kong/kong
    License Model
    - Community Edition (CE)
    - Enterprise Edition (EE)
    Nginx / OpenResty ਸ ӝ߈ਵ۽ೞৈ Lua۽ ഛ੢ оמೠ য়೑ࣗझ API ѱ੉౟ਝ੉
    NGINX
    OpenResty
    Clustering & Datastore
    Plugins
    RESTful Administration API
    

    View Slide

11. Copyright © 2018 All Rights Reserved.
    kong
    WHY USE KONG?
    Byungjin Park · posquit0.com · posquit0
    ׼ো൤ Lua झ௼݀౟ܳ ా೧ ૒੽ ழझథ ೒۞Ӓੋਸ ઁ੘ೞৈ ഝਊೡ ࣻب ੓णפ׮.
    Kong਷ ੋૐ, ࠁউ, ݽפఠ݂, ۽Ӧ ١ API Gateway ী ೙ਃೠ ݆਷ ӝמਸ ӝࠄ ೒۞Ӓੋਸ ా೧ ઁҕೞҊ ੓णפ׮.
    Features
    API Gatewayܳ ਤೠ ׮নೠ ӝמਸ ӝࠄ ೒۞Ӓੋਵ۽ ઁҕ
    - Authentication
    - Security
    - Traffic Control
    - Request / Response Transformation
    - Serverless
    - Analytics & Monitoring
    - Logging
    

    View Slide

12. Copyright © 2018 All Rights Reserved.
    kong
    WHY USE KONG?
    Byungjin Park · posquit0.com · posquit0
    ੹ࣁ҅ ѐߊ੗ٜ੉ ҙ۲ ೐۽ં౟ ߂ ೒۞Ӓੋਸ ѐߊೞҊ ੓ਵݴ, Kongਸ ઱ઁ۽ೠ ޿স ژೠ ੹ࣁ҅ীࢲ ૓೯غҊ ੓णפ׮.
    Kong਷ ழޭפ౭ ী٣࣌ਸ ా೧ ъ۱ೠ ழޭפ౭ ࢤక҅ܳ о૑Ҋ ੓णפ׮.
    Ecosystem
    ޖܐ ழޭפ౭ ী٣࣌(CE) ਸ ઺बਵ۽ ೠ ъ۱ೠ য়೑ࣗझ ࢤక҅
    - 4,500,000+ ׮਍۽٘ ࣻ
    - 100+ য়೑ࣗझ ஶ౟ܻ࠭ఠ
    - 36,000+ ழޭפ౭ ଵৈ੗
    - 100+ ੹ࣁ҅ ޿স ૓೯
    - 4000+ Kong ҙ۲ ೐۽ં౟
    - 500+ Kong ೒۞Ӓੋ
    Kong Hub: Kong ӝמ ഛ੢ ݽ਺ (https://docs.konghq.com/hub/)
    Kong Nation: Kong ழޭפ౭ ನۢ (https://discuss.konghq.com)
    

    View Slide

13. Copyright © 2018 All Rights Reserved.
    kong
    ENTERPRISE EDITION
    Byungjin Park · posquit0.com · posquit0
    ׮݅, оѺ੉…
    Kong ূఠ೐ۄ੉ૉ ী٣࣌਷ ӝࣿ ૑ਗ, ୶о ೒۞Ӓੋ, ҙܻ੗ ؀दࠁ٘ ١ਸ ୶о ૑ਗ೤פ׮.
    Benefits
    - Kong Manager: ਢ ӝ߈ ҙܻ੗ ؀दࠁ٘
    - Kong Vitals: ੗୓ ݽפఠ݂ ؀दࠁ٘
    - Kong Dev Portal: ѐߊ੗ ನఎ. OpenAPI ӝ߈੄ API ޙࢲ ઁҕ
    - Admin APIী ؀ೠ RBAC(Role Based Access Control) ૑ਗ
    - 24/7 ӝࣿ ૑ਗ
    - ୶о੸ੋ Ҋә ೒۞Ӓੋ ׮ࣻ ઁҕ
    - OpenID Connect
    - OAuth 2.0 Introspection
    - Enterprise Rate Limiting
    - Edge Caching
    

    View Slide

14. Copyright © 2018 All Rights Reserved.
    kong
    COMPONENTS
    Byungjin Park · posquit0.com · posquit0
    അ੤ Kong੉ ҕध ૑ਗೞח ؘ੉ఠ ੷੢ࣗח PostgreSQLҗ Cassandrda ੑפ׮.
    Kong CEח ҙܻ੗ API, ೐۾द API, ؘ੉ఠ ੷੢ࣗ۽ ҳࢿ ؾפ׮.
    Kong Proxy API
    Kong Admin API
    Data Store
    Kong Admin API
    API Gateway ࢸ੿ ҙܻ ݾ੸੄ ҙܻ੗ API
    ӝࠄ 8001(HTTP), 8444(HTTPS) ನ౟ ੉ਊ
    Kong Proxy API
    Admin APIܳ ా೧ ҳࢿػ API Gateway੄ ূ٘ನੋ౟ ݽ਺
    ӝࠄ 8000(HTTP), 8443(HTTPS) ನ౟ ੉ਊ
    Data Store
    Kong ੄ API য়࠳ં౟(ࢲ࠺झ, ۄ਋౟, ஶगݠ ١) ੷੢ࣗ
    Postgres, Cassandra ૑ਗ
    

    View Slide

15. Copyright © 2018 All Rights Reserved.
    kong
    API OBJECTS
    Byungjin Park · posquit0.com · posquit0
    ԙ ঌইفযঠ ೡ API য়࠳ં౟۽ח Service, Route, Consumer, Credential, Plugin ੉ ੓णפ׮.
    Kong API Gatewayܳ ҳࢿೞח ੘স਷ Kong Admin API੄ য়࠳ં౟ܳ ҙܻೞח Ѫ੉ۄ ࢤпೞݶ ؾפ׮.
    Service Route Consumer Plugin
    Upstream Target
    Credential
    SNI Certificate
    API
    deprecated
    

    View Slide

16. Copyright © 2018 All Rights Reserved.
    kong
    API OBJECTS
    Byungjin Park · posquit0.com · posquit0
    ೐۽ష௒਷ അ੤ HTTP/S, HTTP2, WebSocketਸ ૑ਗ ೤פ׮.
    ࢲ࠺झ(Service) য়࠳ં౟ח API Gatewayী োѾ غয ௿ۄ੉঱౟ ਃ୒ਸ ੹׳ ೡ সझ౟ܿ ࢲ࠺झܳ ੿੄೤פ׮.
    Service
    Kong API Gatewayী োѾ ؼ সझ౟ܿ ࢲ࠺झܳ ੄޷
    ೐۽ష௒, ഐझ౟, ನ౟, ҃۽ ࢸ੿
    User Service
    

    View Slide

17. Copyright © 2018 All Rights Reserved.
    kong
    API OBJECTS
    Byungjin Park · posquit0.com · posquit0
    ੿ӏ಴അधҗ ਋ࢶࣽਤܳ ૑ਗೞৈ ਬোೞѱ ࢸ੿ਸ ೡ ࣻ ੓णפ׮.
    ۄ਋౟(Route) য়࠳ં౟ח ௿ۄ੉঱౟੄ ਃ୒(HTTP Method, Path ١)ী ٮۄ ౠ੿ ࢲ࠺झ۽ ೧׼ ਃ୒ਸ ੹׳ೞӝ ਤೠ ӏ஗ਸ ੿੄೤פ׮.
    Service
    Kong API Gatewayী োѾ ؼ সझ౟ܿ ࢲ࠺झ
    ೐۽ష௒, ഐझ౟, ನ౟, ҃۽ ࢸ੿
    User Service
    Route
    ௿ۄ੉঱౟੄ ਃ୒ਸ ࢲ࠺झ۽ ನਕ٬ೞӝ ਤೠ ӏ஗(Rule)
    ೐۽ష௒, ഐझ౟, ҃۽, HTTP ݫࣗ٘ ࢸ੿
    ੿ӏ಴അधҗ ਋ࢶࣽਤ ૑ਗ
    POST /users GET /users/me
    

    View Slide

18. Copyright © 2018 All Rights Reserved.
    kong
    API OBJECTS
    Byungjin Park · posquit0.com · posquit0
    সझ౟ܿ ё୓ܳ ࢎਊೞ૑ ঋইب Kong API Gatewayח ࢎਊ оמ೤פ׮.
    সझ౟ܿ(Upstream) য়࠳ં౟ח Kong API Gateway ੗୓੸ਵ۽ L7 ۽٘ߖ۠य ӝמਸ ૑ਗೞҊ੗ بੑػ о࢚ഐझ౟ ѐ֛ੑפ׮.
    Upstream
    ۽٘ߖ۠यਸ ૑ਗೞӝ ਤೠ о࢚ ഐझ౟(Virtual Host)
    Active Health Check ߂ Passive Health Check (Circuit Breaker) ૑ਗ
    user.service
    POST /users GET /users/me
    User Service
    

    View Slide

19. Copyright © 2018 All Rights Reserved.
    kong
    API OBJECTS
    Byungjin Park · posquit0.com · posquit0
    о઺஖ чਸ ഝਊೞৈ ஠աܻ ߓನ(Canary Deployment)ܳ ҳഅೞח Ѫب оמ೤פ׮.
    ఋѶ(Target) য়࠳ં౟ח সझ౟ܿী োѾغয ࠙ߓػ ਃ୒ਸ ୊ܻ ೡ ߔূ٘ ࢲ࠺झܳ ੿੄೤פ׮.
    Upstream
    ۽٘ߖ۠यਸ ૑ਗೞӝ ਤೠ о࢚ ഐझ౟(Virtual Host)
    Active Health Check ߂ Passive Health Check (Circuit Breaker) ૑ਗ
    User v1 User v2
    Target
    ഐझ౟৬ ನ౟ हਵ۽ ҳࢿػ о࢚ഐझ౟۽੄ ਃ୒ਸ ࠙ߓೡ ఋѶ
    ۽٘ߖ۠य о઺஖(Weight) ૑ਗ
    user.service
    POST /users GET /users/me
    User Service
    

    View Slide

20. Copyright © 2018 All Rights Reserved.
    kong
    API OBJECTS
    Byungjin Park · posquit0.com · posquit0
    э਷ ࢲ࠺झ ࢎਊ੗ۄب ೒ۖಬ ߹(Web, Android, iOS ١)۽ ஶगݠܳ ٜ݅য োѾೞח Ѫب оמೞ׮.
    ஶगݠ(Consumer) য়࠳ં౟ח APIܳ ࣗ࠺ೡ ࢎਊ੗ܳ ੿੄ೞݴ, ੉ܳ ా೧ ੋૐ / ੽Ӕઁয / ౟ېఊ ١ API Gateway੄ ৈ۞ ӝמਸ ഝਊೡ ࣻ ੓णפ׮.
    Consumer
    API ࣗ࠺੗ܳ աఋղݴ ੋૐ / ੽Ӕઁয / ౟ېఊ ١ ৈ۞ ݾ੸ਵ۽ ഝਊ
    custom_id ೙٘ܳ ా೧ ࢲ࠺झ ࢚੄ ࢎਊ੗ ID৬ ݒೝ оמ
    ஶगݠ৬ ࢎਊ੗о ߈٘द 1:1 ҙ҅ੌ ೙ਃח হ਺
    user.service
    consumer
    POST /users GET /users/me
    User Service
    User v1 User v2
    

    View Slide

21. Copyright © 2018 All Rights Reserved.
    kong
    API OBJECTS
    Byungjin Park · posquit0.com · posquit0
    ੉޷ ઁҕغח ೒۞Ӓੋਸ ഝਊೡ ࡺ݅ ইפۄ, Lua۽ ૒੽ ழझథ ೒۞Ӓੋਸ ઁ੘ೞৈ ഝਊೡ ࣻ ੓णפ׮.
    ೒۞Ӓੋ(Plugin) য়࠳ં౟ח Kong API Gateway੄ о੢ ъ۱ೠ ӝמਵ۽ HTTP ਃ୒-਽׹ ೒۽਋ ࢚ী ਗೞח ӝמਸ ഛ੢ೡ ࣻ ੓णפ׮.
    Consumer
    API ࣗ࠺੗ܳ աఋղݴ ੋૐ / ੽Ӕઁয / ౟ېఊ ١ ৈ۞ ݾ੸ਵ۽ ഝਊ
    custom_id ೙٘ܳ ా೧ ࢲ࠺झ ࢚੄ ࢎਊ੗ ID৬ ݒೝ оמ
    ஶगݠ৬ ࢎਊ੗о ߈٘द 1:1 ҙ҅ੌ ೙ਃח হ਺
    user.service
    consumer
    Plugin
    HTTP ਃ୒-਽׹ ൒ܴ ࢚ী प೯ؼ ࣻ ੓ח ഛ੢ ӝמ
    ੋૐ / ੽Ӕ ઁয / ਃ୒, ਽׹ оҕ / ۽Ӓ, ݫ౟ܼ ੹׳ ١
    plugin
    POST /users GET /users/me
    User Service
    User v1 User v2
    

    View Slide

22. Copyright © 2018 All Rights Reserved.
    kong
    DISTRIBUTIONS
    Byungjin Park · posquit0.com · posquit0
    Kong਷ ׮নೠ ߓನ ߑߨਸ ૑ਗೞҊ ੓য औҊ ࡅܰѱ Kong API Gateayܳ ࢎਊ೧ࠅ ࣻ ੓णפ׮.
    

    View Slide

23. Copyright © 2018 All Rights Reserved.
    kong
    INSTALL
    Byungjin Park · posquit0.com · posquit0
    ؘ੉ఠ߬੉झ ҳࢿ റ DB ݃੉Ӓۨ੉࣌ ੘সਸ ా೧ DB ప੉࠶ਸ ࢤࢿೞҊ, Kong ࢲ࠺झܳ ೧׼ DB৬ োѾೞৈ प೯ೞݶ ؾפ׮.
    Set-up DB
    Migrate DB
    Run Kong
    1. Set up Database
    Kong੄ ؘ੉ఠ ੷੢ࣗ۽ Postgres ഑਷ Cassandra ۽ DB ҳࢿ
    2. Migrate Database
    Kong੄ ؘ੉ఠ߬੉झ ݃੉Ӓۨ੉࣌ ݺ۸যܳ ࣻ೯ೞৈ DB झః݃ ࢤࢿ
    3. Run Kong API Gateway
    ҳࢿೠ DB োѾ ੿ࠁ৬ ೣԋ Kong ࢲ࠺झ प೯
    Kong੄ ࢸ஖ ੘স਷ ௼ѱ ࣁ ױ҅۽ ҳࢿؾפ׮.
    

    View Slide

24. Copyright © 2018 All Rights Reserved.
    kong
    INSTALL WITH DOCKER
    Byungjin Park · posquit0.com · posquit0
    بழ(Docker)۽ Kongਸ ࢸ஖ೞӝ ਤ೧ࢲח ਋ࢶ ֎౟ਕ௼৬ ؘ੉ఠ߬੉झܳ ҳࢿ೧ঠ ೤פ׮.
    1. Set up Database
    - ׮ܲ بழ ஶప੉ց৬ ాनೞӝ ਤೠ ֎౟ਕ௼ ࢤࢿ
    - Postgres بழ ஶప੉ց प೯
    # Create a custom network to allow the containers
    # to discover and communicate with each other
    $ docker network create kong-net
    # Run Postgres container
    $ docker run -d --name kong-database \
    --network=kong-net \
    -p 5432:5432 \
    -e "POSTGRES_USER=kong" \
    -e "POSTGRES_DB=kong" \
    postgres:9.6
    

    View Slide

25. Copyright © 2018 All Rights Reserved.
    kong
    INSTALL WITH DOCKER
    Byungjin Park · posquit0.com · posquit0
    ؘ੉ఠ߬੉झ ҳز റীח DB ప੉࠶ਸ ࢤࢿೞӝ ਤೞৈ Kong ੉޷૑ܳ ా೧ ݃੉Ӓۨ੉࣌ ੘সਸ ࣻ೯೤פ׮.
    2. Migrate Database
    - Kong بழ ੉޷૑ܳ ా೧ DB ݃੉Ӓۨ੉࣌ ੘স ࣻ೯ # Run the migrations with an Kong container
    $ docker run --rm \
    --network=kong-net \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=kong-database" \
    kong:latest kong migrations up
    

    View Slide

26. 3. Run Kong API Gateway
    - Kong API Gateway بழ ஶప੉ց प೯
    - ನ౟ ߣഐ
    - 8000: Kong Proxy(HTTP)
    - 8443: Kong Proxy(HTTPS)
    - 8001: Kong Admin(HTTP)
    - 8444: Kong Admin(HTTPS)
    Copyright © 2018 All Rights Reserved.
    kong
    INSTALL WITH DOCKER
    Byungjin Park · posquit0.com · posquit0
    ݃੉Ӓۨ੉࣌ ੘স੉ ՘աݶ, Kong بழ ஶప੉ցܳ प೯ೞৈ Kong Proxy৬ Kong Admin ࢲ࠺झ੄ ನ౟ܳ ѐߑ೤פ׮.
    # Start a Kong container that will connect to database
    $ docker run -d --name kong \
    --network=kong-net \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=kong-database" \
    -e "KONG_CASSANDRA_CONTACT_POINTS=kong-database" \
    -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
    -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
    -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
    -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
    -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
    -p 8000:8000 \
    -p 8443:8443 \
    -p 8001:8001 \
    -p 8444:8444 \
    kong:latest
    

    View Slide

27. Validate Kong is running
    - Kong Admin APIী ਃ୒ਸ ࠁղ Kong Admin ز੘ ഛੋ
    Copyright © 2018 All Rights Reserved.
    kong
    INSTALL WITH DOCKER
    Byungjin Park · posquit0.com · posquit0
    Kong ࢸ஖о ৮ܐغݶ Admin APIী HTTP ਃ୒ਸ ࠁղ Kong੉ ੿࢚੸ਵ۽ ز੘ೞח૑ ഛੋ೤פ׮.
    $ curl -i http://localhost:8001/

    HTTP/1.1 200 OK
    Date: Sun, 21 Oct 2018 12:03:02 GMT
    Content-Type: application/json;
    charset=utf-8
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Server: kong/0.14.1
    Content-Length: 5659
    

    View Slide

28. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com · posquit0
    kong management
    

    View Slide

29. Using CLI based HTTP Client Command
    - API First Design ਸ ӝ߈ਵ۽ ೞৈ HTTP۽ ݽٚ ӝמ ੉ਊ оמ
    - о੢ ࡅܰѱ Kong ਸ ҙܻ೧ ࠅ ࣻ ੓ח ߑߨ
    Copyright © 2018 All Rights Reserved.
    kong management
    USING CLI
    Byungjin Park · posquit0.com · posquit0
    Kong ਷ HTTP ӝ߈੄ Admin API ܳ ઁҕ೧઱ӝ ٸޙী ׮ܲ بҳ ࢸ஖ হ੉ب ࡅܰѱ API Gatewayܳ ҳࢿ೧ ࠅ ࣻ ੓णפ׮.
    # Add user service
    $ curl -i -X POST \
    --url http://localhost:8001/services/ \
    --data 'name=user-service' \
    --data 'protocol=http' \
    --data 'host=user.service' \
    --data 'port=80' \
    --data 'path=/'
    

    View Slide

30. Using CLI based HTTP Client Command
    - API First Design ਸ ӝ߈ਵ۽ ೞৈ HTTP۽ ݽٚ ӝמ ੉ਊ оמ
    - о੢ ࡅܰѱ Kong ਸ ҙܻ೧ ࠅ ࣻ ੓ח ߑߨ
    Copyright © 2018 All Rights Reserved.
    kong management
    USING CLI
    Byungjin Park · posquit0.com · posquit0
    ೞ૑݅ API Gatewayܳ ࢸ੿ೞӝ ਤೞৈ ݒߣ HTTP ਃ୒ ݺ۸যܳ ੘ࢿೞח Ѫ਷ ցޖա ߣѢ۽਍ ੌ ੑפ׮.
    # Add user service
    $ curl -i -X POST \
    --url http://localhost:8001/services/ \
    --data 'name=user-service' \
    --data 'protocol=http' \
    --data 'host=user.service' \
    --data 'port=80' \
    --data 'path=/'
    Problems
    - ݒߣ ௪ܻ ੘ࢿೞӝ ӈଳ਺…
    

    View Slide

31. Using GUI based HTTP Client
    - Kong Admin API ূ٘ನੋ౟ܳ ޷ܻ ١۾
    - ٣۩షܻ ӝמਸ ాೠ API ূ٘ನੋ౟ ࠙ܨ
    - ജ҃(۽ஸ, ѐߊ, ਍৔ ١)ী ٮܲ ߸ࣻ ҙܻ
    - Postman / Insomnia / ETC
    Copyright © 2018 All Rights Reserved.
    USING GUI HTTP CLIENT
    Byungjin Park · posquit0.com · posquit0
    Postman, Insomnia ৬ э਷ GUI ӝ߈੄ HTTP ௿ۄ੉঱౟ জਸ ࢎਊೠ׮ݶ Kong ਸ ࠁ׮ औѱ ҙܻೡ ࣻ ੓णפ׮.
    kong management
    

    View Slide

32. Using GUI based HTTP Client
    - Kong Admin API ূ٘ನੋ౟ܳ ޷ܻ ١۾
    - ٣۩షܻ ӝמਸ ాೠ API ূ٘ನੋ౟ ࠙ܨ
    - ജ҃(۽ஸ, ѐߊ, ਍৔ ١)ী ٮܲ ߸ࣻ ҙܻ
    - Postman / Insomnia / ETC
    Copyright © 2018 All Rights Reserved.
    USING GUI HTTP CLIENT
    Byungjin Park · posquit0.com · posquit0
    Ӓ۞ա, ੉ ژೠ അ੤ API Gatewayо যڌѱ ࢸ੿غয ੓ח૑ ೠ ׀ী ౵ঈೞӝо য۵णפ׮.
    kong management
    Problems
    - അ੤ API Gateway ੄ ࢸ੿ਸ ೠ ׀ী ࠁӝ য۰਑
    

    View Slide

33. Admin Dashboard for Kong CE
    - Kong CEܳ ਤೠ য়೑ࣗझ ҙܻ੗ ؀दࠁ٘ ਢ (࠺ҕध)
    - Kong DB ߔস/ࠂҳ ӝמ ઁҕ
    - LDAP ਸ ాೠ ؀दࠁ٘ ੽Ӕઁয ૑ਗ
    - ੉ݫੌ / ठۑ ঌܿ ӝמ
    Copyright © 2018 All Rights Reserved.
    USING DASHBOARD
    Byungjin Park · posquit0.com · posquit0
    Kong EE ੄ ҙܻ੗ ؀दࠁ٘ীࢲ ઁҕೞח ӝמҗ Ѣ੄ ؀١ೡ ੿ب۽ ೂࠗೠ ӝמਸ ઁҕ೤פ׮. (٣੗ੋب ੉࡜ਃ )
    Konga
    More than just another GUI to Kong Admin API
    https://github.com/pantsel/konga
    Kongaח Kong ழޭפ౭ীࢲ য়೑ࣗझ۽ ٜ݅যઉ ҙܻغҊ ੓ח Kong CE ਊ ҙܻ੗ ؀दࠁ٘ੑפ׮.
    kong management
    

    View Slide

34. Problems
    API ѱ੉౟ਝ੉ ࢸ੿ ߸҃ী ؀ೠ ୶੸(Tracking) ೙ਃ
    - “־о ৘ড ۄ਋౟ ࢸ੿ਸ ߸҃೮૑?”
    - “ࢎਊ੗ ࢲ࠺झ ನ౟ ߣഐח ৵ ߸҃ػѢ૑?”
    - “IP ࠶ۑ ܻझ౟ ೒۞Ӓੋ਷ ঱ઁ ୶оೠѢ૑?”
    - “ղо ੉ ࢸ੿ਸ ߸҃೧ب غա?”
    - “যઁө૑݅ ೧ب ੜ ز੘ ೞ؍ѱ ৵ উغ૑!?”
    Copyright © 2018 All Rights Reserved.
    USING DASHBOARD
    Byungjin Park · posquit0.com · posquit0
    ־о, ঱ઁ, ޖट ࢸ੿ਸ, যڌѱ, ৵ ߸҃೧ঠ ೞח૑ ୶੸ೡ ࣻ ੓যঠ ೤פ׮.
    API Gateway੄ ࢸ੿੉ ੼੼ ࠂ੟೧૑Ҋ, ੉ܳ ׮ܖח ূ૑פয੄ ࣻо ૐоೣী ٮۄ ژ ׮ܲ ޙઁ৬ ݃઱ೞѱ ؾפ׮.
    kong management
    

    View Slide

35. Copyright © 2018 All Rights Reserved.
    TRACKING CHANGES
    Byungjin Park · posquit0.com · posquit0
    ࢸ੿੄ ߸҃ࢎ೦ਸ ୶੸ೞӝ ਤ೧ࢲח хࢎ ۽Ӓ(Audit Log)ܳ թѹ ୶੸ೞѢա, ࢶ঱ध ࢸ੿(Declarative Configuration)ਸ ੉ਊೡ ࣻ ੓णפ׮.
    kong management
    OR
    Audit Log Declarative Configuration
    

    View Slide

36. Copyright © 2018 All Rights Reserved.
    TRACKING CHANGES
    Byungjin Park · posquit0.com · posquit0
    ࢶ঱ध ࢸ੿ਸ ੉ਊೞח Ѫী ࠺ೞৈ ੉੼੉ হणפ׮.
    kong management
    Audit Log
    - ־о, ঱ઁ, ޖ঺ਸ, যڌѱ ߸҃ ೞ৓ח૑ ӝ۾
    - ۽Ӓܳ औѱ Ѩ࢝ೡ ࣻ ੓Ҋ оदചೞӝ ਤೠ ژ ׮ܲ بҳ ೙ਃ
    - ౠ੿ Ӓܛী ঌܿ(Notification) ࢸ੿ ೙ਃ
    хࢎ ۽Ӓ(Audit Log)ܳ ੉ਊೞח Ѫ਷ ߓࠁ׮ ߓԞ੉ ؊ ௾ ೧Ѿ଼੉ ؼ ࣻ ੓ਵݴ,
    

    View Slide

37. Copyright © 2018 All Rights Reserved.
    TRACKING CHANGES
    Byungjin Park · posquit0.com · posquit0
    ౵ੌਸ ా೧ ࢸ੿ਸ ҙܻೡࣻ ੓ӝ ٸޙী ৈ۞ ੉੼ਸ ஂೡ ࣻ ੓णפ׮.
    kong management
    Declarative Configuration
    - ݺ۸ध ࢸ੿(Imperative Configuration)җ ׮ܰѱ അ੤ ࢸ੿ਸ ࢶ঱
    - ࢸ੿ ౵ੌਸ ా೧ ߡ੹ ҙܻо оמ
    - Terraform, Ansible, Puppet, Kubernetes ١
    ࢶ঱ध ࢸ੿(Declarative Configuration)਷ ࠁా ݺ۸ध ࢸ੿(Imperative Configuration)җ ݆੉ ࠺Ү ؾפ׮.
    

    View Slide

38. Copyright © 2018 All Rights Reserved.
    TERRAFORM
    Byungjin Park · posquit0.com · posquit0
    AWS ੋ೐ۄܳ ௏٘۽ ҙܻೞӝ ਤ೧ ݆੉ ࢎਊغҌ ೤פ׮.
    HashiCorp੄ పۄಬ(Terraform)਷ ׮নೠ ೒ۖಬীࢲ ࢎਊೡ ࣻ ੓ח য়೑ࣗझ IaC(Infrastructure as Code) بҳ ੑפ׮.
    kong management
    A tool for building, changing, and combining infrastructure safely and efficiently
    https://www.terraform.io/
    IaC (Infrastructure as Code)
    - ࢸ੿(Configuration)ਸ ௏٘۽ ߡ੹ҙܻ
    - ௏٘ ܻ࠭ܳ ాೠ ഈসҗ पࣻ ߑ૑
    - పझ౟ оמ
    - ௏٘ प೯ਸ ాೠ ੗زച(Automation) ߂ ੤ࢎਊ(Reuse)
    

    View Slide

39. Copyright © 2018 All Rights Reserved.
    USING DECLARATIVE CONFIGURATION
    Byungjin Park · posquit0.com · posquit0
    (ҕध ೐۽߄੉؊ח ইתפ׮…)
    য়೑ࣗझ۽ ҕѐغয ੓ח terraform-provider-kong ਸ ੉ਊೞݶ, పۄಬਵ۽ ੋ೐ۄܳ ҙܻೞ؍ ҃೷ਸ Ӓ؀۽ Kong ҙܻী оઉৢ ࣻ ੓णפ׮.
    kong management
    Kong Provider for Terraform
    https://github.com/kevholditch/terraform-provider-kong
    Terraform Community Provider for Kong
    - పۄಬਵ۽ Kong API Gateway ࢸ੿ оמ
    - Admin API ূ٘ನੋ౟ী ؀ೠ Basic Auth৬ API Key Auth ૑ਗ
    - Ѣ੄ ݽٚ API য়࠳ં౟ী ؀ೠ ࢸ੿ оמ
    - పۄಬ ؘ੉ఠ ࣗझ ߂ ੐ನ౟ ૑ਗ
    

    View Slide

40. Copyright © 2018 All Rights Reserved.
    USING DECLARATIVE CONFIGURATION
    Byungjin Park · posquit0.com · posquit0
    ਤ৬ э੉ HCL(HashiCorp Configuration Language) ۽ ࢶ঱ध ࢸ੿ਸ ೡ ࣻ ੓णפ׮.
    kong management
    Kong Provider for Terraform
    https://github.com/kevholditch/terraform-provider-kong
    provider "kong" {
    kong_admin_uri = "http://admin.my-kong.com:8001"
    kong_admin_username = "youruser"
    kong_admin_password = "yourpass"
    }
    resource "kong_route" "route" {
    protocols = [ "http", "https" ]
    methods = [ "GET", "POST" ]
    hosts = [ "example2.com" ]
    paths = [ "/test" ]
    strip_path = false
    preserve_host = true
    service_id = "${kong_service.service.id}"
    }
    

    View Slide

41. Copyright © 2018 All Rights Reserved.
    ALTERNATIVES: KONGFIG
    Byungjin Park · posquit0.com · posquit0
    Kong ݅ਸ ࢶ঱ध ࢸ੿ਵ۽ ҙܻೞӝ ਤೠ بҳب ੓঻؊ۉפ׮…ƑƑ
    kong management
    Declarative configuration for Kong
    https://github.com/mybuilder/kongfig
    - Kong ਸ ࢶ঱ध ࢸ੿ਵ۽ ҙܻೞӝ ਤ೧ ٜ݅য૓ Node.js ӝ߈ بҳ
    - పۄಬҗ ࢎਊߨ ਬࢎ
    - সؘ੉౟ উػ૑ য়ې ؽ…
    - ୭न API য়࠳ં౟ ޷૑ਗ…
    $ kongfig apply --path config.yml --host localhost:8001
    plugins:
    - name: cors
    attributes:
    username:
    enabled: true
    config:
    credentials: false
    preflight_continue: false
    max_age: 7000
    consumers:
    - username: iphone-app
    custom_id: foobar-1234
    

    View Slide

42. Copyright © 2018 All Rights Reserved.
    ALTERNATIVES: KUBERNETES INGRESS CONTROLLER
    Byungjin Park · posquit0.com · posquit0
    ੉ܳ ੉ਊೞݶ Kubernetes Manifest ౵ੌਸ ా೧ ೒۞Ӓੋ / ஶगݠ / ੋૐࢲ ҙܻܳ ೡ ࣻ ੓णפ׮.
    kong management
    Use Kong for Kubernetes Ingress
    https://github.com/Kong/kubernetes-ingress-controller
    - NGINX ੋӒۨझ ஶ౟܀۞ܳ ӝ߈ਵ۽ ೠ Kong ੋӒۨझ ஶ౟܀۞
    - Ingress য়࠳ં౟ܳ ా೧ ࢲ࠺झ / ۄ਋౟ / সझ౟ܿ / ఋѶ ҙܻ ੗زച
    - CRD(Custom Resource Definition)ਸ ా೧ ೒۞Ӓੋ / ஶगݠ / ੋૐࢲ ҙܻ
    - Kong ੄ ҕध ௢ߡ֎౭झ ߓನ౸
    apiVersion: configuration.konghq.com/v1
    kind: KongPlugin
    metadata:
    name: http-svc-consumer-ratelimiting
    namespace: default
    config:
    key: value
    plugin: my-plugin
    Kong Ingress Controllerח Kong Inc. ীࢲ ௢ߡ֎౭झܳ ੸ӓ ૑ਗೞӝ ਤ೧ ഝߊ൤ ѐߊ઺ੋ ҕध ௢ߡ֎౭झ ߓನ౸ੑפ׮.
    $ kubectl apply -f kong-plugin.yaml
    

    View Slide

43. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com · posquit0
    demo
    

    View Slide

44. Copyright © 2018 All Rights Reserved.
    GOALS
    Byungjin Park · posquit0.com · posquit0
    ઱ਃ Kong API য়࠳ં౟ ߂ ೒۞Ӓੋਸ ׮ܖয ࠁѷणפ׮.
    demo
    ੉ߣ ؘݽীࢲח ࢎਊ੗ ࢲ࠺झ৬ ೡ ੌ ࢲ࠺झ۽ ҳࢿػ API Gatewayܳ పۄಬਸ ੉ਊೞৈ ҳࢿ೧ࠁ۰ ೤פ׮.
    ݽٚ ؘݽ ௏٘ח https://github.com/posquit0/demo-terraform-provider-kong ীࢲ ഛੋೡ ࣻ ੓णפ׮.
    Services
    - User Service
    - TODO Service
    Routes
    - User Routes
    - TODO Routes
    - Fallback Route
    Consumers
    - User
    - Admin
    - Anonymous
    Auth
    - Basic Auth
    Plugins
    - CORS
    - Rate Limiting
    - Correlation ID
    - Bot Detection
    

    View Slide

45. Copyright © 2018 All Rights Reserved.
    ENVIRONMENTS
    Byungjin Park · posquit0.com · posquit0
    ੉ߣ ؘݽীࢲ ࢎਊೞח Terraform, Kong CE, Terraform Provider Kong ੄ ߡ੹਷ ਤ৬ эणפ׮.
    demo
    ݽٚ ؘݽ ௏٘ח https://github.com/posquit0/demo-terraform-provider-kong ীࢲ ഛੋೡ ࣻ ੓णפ׮.
    Terraform v0.11.9
    Kong CE v0.14.1
    Terraform Kong Povider v1.7.0
    

    View Slide

46. Copyright © 2018 All Rights Reserved.
    INSTALL TERRAFORM KONG PROVIDER
    Byungjin Park · posquit0.com · posquit0
    ਤ৬ э੉ ૒੽ Kong ೐۽߄੉؊ܳ ׮਍۽٘ ߉ই ࢸ੿೧ঠ ೤פ׮.
    demo
    Kong਷ పۄಬ੄ ҕध ೐۽߄੉؊о ইפӝ ٸޙী terraform init ਸ ా೧ ੗ز ࢸ஖ غ૑ ঋणפ׮.
    ݽٚ ؘݽ ௏٘ח https://github.com/posquit0/demo-terraform-provider-kong ীࢲ ഛੋೡ ࣻ ੓णפ׮.
    $ wget https://github.com/kevholditch/terraform-provider-kong/releases/download/v1.7.0/terraform-provider-kong_1.7.0_darwin_amd64.zip
    $ unzip -j terraform-provider-kong_1.7.0_darwin_amd64.zip terraform-provider-kong_v1.7.0 -d ~/.terraform.d/plugins/
    

    View Slide

47. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com · posquit0
    retrospective
    

    View Slide

48. Copyright © 2018 All Rights Reserved.
    retrospective
    GOOD THINGS
    Byungjin Park · posquit0.com · posquit0
    ௏٘ܳ ాೠ ߡ੹ ҙܻ৬ ੗زചܳ ೡ ࣻ ੓׮ח ֈա ೯ࠂ೤פ׮…
    Kong API Gateway ਍৔ਸ ਤೞৈ పۄಬਸ بੑೞѱ غݶࢲ ݆਷ ੉ٙਸ ࠅ ࣻ ੓঻णפ׮.
    Version Control
    хࢎ ۽Ӓ(Audit Log) হ੉ API Gateway ࢸ੿੄ ߸҃ ੉۱ ҙܻ
    Collaboration
    GitHub৬ S3 ࢚క ੷੢ࣗܳ ࢎਊೞৈ ౱ਗҗ ࢸ੿ਸ ೣԋ ҙܻ
    No GUI
    Konga ഑਷ Kong EE ৬ э਷ GUI ؀दࠁ٘ হ੉ ਍৔ оמ
    Automation
    ௏٘ प೯ ೠ ߣਵ۽ ݽٚ ࢸ੿ਸ ࡅܰѱ ੸ਊ
    Testing
    ਍৔ ജ҃ ੸ਊ ੹ పझ౟ਊ API Gateway ࢸ੿ ਊ੉
    Documentation
    పۄಬ ௏٘ ੗୓о API Gateway ࢸ੿ী ؀ೠ ޙࢲ ৉ೡ
    

    View Slide

49. Copyright © 2018 All Rights Reserved.
    retrospective
    FUTURE WORKS
    Byungjin Park · posquit0.com · posquit0
    ژ, അ੤ పۄಬ Kong Providerח Consumer Credential য়࠳ં౟ܳ ૑ਗೞ૑ ঋਵݴ, Ӓ ৻ীب ࠗ઒ೠ ӝמ੉ ઓ੤ೞחѱ ࢎप ੑפ׮.
    ই૒ IaC ౱ ޙച ੹౵ ߂ ੗زച ஏݶীࢲ ݾ಴ೞח ߄ө૑ ب׳ೞ૑ח ޅೞ৓णפ׮.
    Access Control
    CI / CD ౵੉೐ۄੋ ࢚੄ ౠ੿ ࢲ࠺झ ҅੿݅ Admin API ੽Ӕ ೲо
    Pull Request + Code Review
    GitHub ࢚ীࢲ ௏ܻ٘࠭ܳ ా೧ PR੉ ߽೤غযঠ ߸҃ࢎ೦ ੸ਊ
    CI / CD Pipeline
    Jenkins ৬ ా೤ೞৈ ਍৔ / झప੉૚ ജ҃ ߓನ ੗زച
    Terraform Kong Provider
    য়೑ࣗझ ӝৈܳ ాೠ ࠛ৮੹ೠ ӝמ ࠁ৮
    

    View Slide

50. Copyright © 2018 All Rights Reserved.
    retrospective
    AWESOME KONG
    Byungjin Park · posquit0.com · posquit0
    Kong CEOо ߹ೂࢶ ઱Ҋ щযਃ!
    Kong API Gatewayܳ بੑೞݶࢲ ب਑੉ غ঻؍ ܻࣗझܳ ௸ۨ੉࣌ೞৈ GitHubী ҕਬೞҊ ੓णפ׮.
    https://github.com/posquit0/awesome-kong
    

    View Slide

51. Copyright © 2018 All Rights Reserved.
    retrospective
    V1 RELEASE
    Byungjin Park · posquit0.com · posquit0
    ࢲ࠺झ ݫद ಁఢ ૑ਗ੉ ӝ؀ غ֎ਃ! (Istioب ই૒ ޅ ॄࠁওחؘ…)
    Kong ߡ੹ 1੉ ҍ ੿ध ܾܻૉ ػ׮Ҋ ೤פ׮..
    v1.0 GA Release in 2018 !?
    AI / ݠन۞׬ ӝ߈੄ ࠺੿࢚ ೯ਤ ఐ૑ (Anomaly Detection)
    ࢲ࠺झ ݫद(Service Mesh) ಁఢ ૑ਗ
    ௢ߡ֎౭झ ૑ਗ ъച
    https://konghq.com/blog/announcing-kong-1-0/
    

    View Slide

52. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com · posquit0
    API Gatewayо ೙ਃೞ׮ݶ Kongਸ ୶ୌೠ׮.
    API Gateway੄ ҙܻী Terraformਸ بੑ೧ࠁ੗.
    SUMMARY
    

    View Slide

53. Copyright © 2018 All Rights Reserved.
    recruiting
    ஠ࢎ৬ ೣԋ ࢿ੢ೡ ѐߊ੗ܳ ଺णפ׮.
    Byungjin Park · posquit0.com · posquit0
    ஠ࢎ(Kasa)ীࢲח ূ૑פয ٜ࠙ਸ ࢚द ଻ਊೞҊ ੓ਵפ ҙब੉ ੓ਵद׮ݶ ಞೞѱ োۅ ઱ࣁਃ!
    Open Positions
    Backend / DevOps / BigData Platform / Security Compliance
    ஠ࢎח ੹ࣁ҅ ݽٚ ੗࢑ী ־ҳٚ ై੗ೡ ࣻ ੓ѱ ೠ׮ח ޷࣌ ইې ࠗز࢑ ై੗੄ ֫਷ ੢߷ਸ
    ࠶۾୓ੋਸ ഝਊೠ ӝࣿ ഄनਵ۽ ೧Ѿೞח ೐܂ప௼(PropTech) ӝসੑפ׮.
    Make the world’s assets accessible to all
    ஠ࢎ ূ૑פয݂ ଻ਊী ҙब੉ ੓աਃ?

    рױೠ ࠄੋ ࣗѐ৬ ೣԋ ۨૅݫ ഋध੄ ੉۱ࢲܳ ୎ࠗೞৈ [email protected] ۽ োۅ઱दݶ, ׸׼੗о ഛੋ റ োۅ ܻ٘ѷणפ׮.
    

    View Slide

54. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com · posquit0
    THE END
    Thank you for attention :)
    Visit my AMA (https://github.com/posquit0/ama) for any question!
    хࢎ೤פ׮!
    

    View Slide

55. Copyright © 2018 All Rights Reserved. Byungjin Park · posquit0.com · posquit0
    

    View Slide