Kong Api Router
Kong is able to configure dynamic routes to apis. On top of that
it key management and user authorization, access control and a plugin
api whith which one can write more functionality in Lua. Kong is based
This Image is used in the viccampo service cloud Cloudformation Template
as one of the containers that are not managed through ECS.
Concepts and Terminology
Where to fit the api router (kong) in?
The Router is located right after the Loadbalancer and is the first
to recieve a request. The main purpose of the router is to authenticate and
authorize requests before forwarding them to the services. Basically every
request to behind .vicampo.io will be going through this router.
Api that provides endpoints to register, login and logout.
- Endpoiunts are public.
- Routes to platform /v1/auth/
This service is provides readonly catalog functionality.
- Routes to platform /v1/catalog/
- Adds Token to Request to authenticate at platforms api.
Every Service will automagically beavailable
Development Setup / Installation
For local development (with which i assume you want to access the platform
running in vagrant) it is best to run kong outside of a container. Although
you can run kong localy in a container i leave it up to the Reader
to successfully configure (and document) how that would be done.
Install kong via homebrew:
brew tap mashape/kong brew install kong
Copy the kong.conf file in the /etc folder. Most of the Settings are
'commented out' and have their defaults set. But Since homebrew does not
install that file (and i had a hard time finding it) it providdes a nice
starting point. Most of the Settings have a comment explaining them.
For Kong to be able to run, you need to provide a Datastore. Since postgres is
availbe through AWS-RDS you should use that. Thats hat the docker-compose file
provides. Just run that using 'docker-compose up '
Kong will connect as user 'kong' passwrd 'kong' to a database 'kong'. You need
to create that in postgres.
To start kong run
Use '-vv' to get more reporting during startup. (E.g. for problems)
Kong configuration with kongfig
Kong stores all of its configuration in a database. Kongfig allows to write
configurations in yaml files and loads these into kong using the Rest api.
Have a look at kongfig.local.yaml which defines most of the needed apis. To
use (load) that file into a running kong use kongfig like this:
kongfig apply --path kongfig.local.yml --host localhost:8001
Where localhost:8001 is the host:port where the admin api listens. For more on
kongfig see: https://github.com/mybuilder/kongfig
Apis, Consumer and Plugings configured in the konfig.local.yml
- Service Cloud Restricted (service-cloud-protected)
Access to the Services. The upstream_url points to HAProxy, where Service
discovery takes place. This api is only availbe to authorized Users.
All Requests To services go over this
- Platform API ()
Accesses the Platform.
Loging, Correlation-id and request-transformer are the plugins currently used.
While logging and correlation-id might be obvious what they do, the request-transformer
maybe needs a little more explanation. The Pluins pupose is to alter the request
before it is send to the upstream_url of given api. In our case, we want to make
sure that every request made to the platform is secured using a pre shared secret.
Mos of the consumers are dynamically created when accessing the Api for the first
time. But some need to be always present. E.g. For the Services that need access to