Public | Automated Build

Last pushed: a month ago
Short Description
Api router based on kong
Full Description

Kong Api Router

Kong is able to configure dynamic routes to apis. On top of that
it key management and user authorization, access control and a plugin
api whith which one can write more functionality in Lua. Kong is based
on Openresty.


This Image is used in the viccampo service cloud Cloudformation Template
as one of the containers that are not managed through ECS.

Concepts and Terminology

Where to fit the api router (kong) in?
The Router is located right after the Loadbalancer and is the first
to recieve a request. The main purpose of the router is to authenticate and
authorize requests before forwarding them to the services. Basically every
request to behind will be going through this router.

Development Setup / Installation

For local development (with which i assume you want to access the platform
running in vagrant) it is best to run kong outside of a container. Although
you can run kong localy in a container i leave it up to the Reader
to successfully configure (and document) how that would be done.

Install kong via homebrew:

brew tap mashape/kong
brew install kong


Copy the kong.conf file in the /etc folder. Most of the Settings are
'commented out' and have their defaults set. But Since homebrew does not
install that file (and i had a hard time finding it) it providdes a nice
starting point. Most of the Settings have a comment explaining them.

For Kong to be able to run, you need to provide a Datastore. Since postgres is
availbe through AWS-RDS you should use that. Thats hat the docker-compose file
provides. Just run that using 'docker-compose up '

Kong will connect as user 'kong' passwrd 'kong' to a database 'kong'. You need
to create that in postgres.

To start kong run

kong start

Use '-vv' to get more reporting during startup. (E.g. for problems)

You can use the rest api http://localhost:8001/ or e.g.
to manage your apis.

Kong configuration with kongfig

Kong stores all of its configuration in a database. Kongfig allows to write
configurations in yaml files and loads these into kong using the Rest api.
Have a look at kongfig.local.yaml which defines most of the needed apis. To
use (load) that file into a running kong use kongfig like this:

kongfig apply --path kongfig.local.yml --host localhost:8001

Where localhost:8001 is the host:port where the admin api listens. For more on
kongfig see:

Apis, Consumer and Plugings configured in the konfig.local.yml


  • Service Cloud Restricted (service-cloud-protected)

Access to the Services. The upstream_url points to HAProxy, where Service
discovery takes place. This api is only availbe to authorized Users.

All Requests To services go over this

  • Platform API ()

Accesses the Platform.


Loging, Correlation-id and request-transformer are the plugins currently used.

While logging and correlation-id might be obvious what they do, the request-transformer
maybe needs a little more explanation. The Pluins pupose is to alter the request
before it is send to the upstream_url of given api. In our case, we want to make
sure that every request made to the platform is secured using a pre shared secret.


Mos of the consumers are dynamically created when accessing the Api for the first
time. But some need to be always present. E.g. For the Services that need access to
the platform.

Docker Pull Command
Source Repository

Comments (0)