Vicampo uses Kong to manage access to the different services. The APIs are
configured in Kong and Kong restricts access to these for each request.
The API router Kong is deployed as an ECS Service. Its ECS service and task
definition live in
routers/wms/. The service connects to a
target group of the load balancer, which is required if you want to load
balance traffic to an ECS service, seeeu-west-1
It was intended to have more than one router configuration in the routers/ folder. But as of now, there is only the need for one (wms).
Kong Development Setup
In this section: For development, the Docker compose utility can be used to run
the Vicampo Kong setup to a great extend in an automated manner.
<?php return [ 'resources' => [ 'variables' => [ # ... 'kong_api_url_dev' => 'http://192.168.33.1:8001', 'kong_api_key' => '9a41392542074ee4991d01fe798d888d', 'auth_access_token' => 'eeg2Doo2yighahlegohs7eewee0uoqu0oTh', # ... # 'static_cdn_domain' => 'vicampo.test', ], ], ];
Don't forget to clean the cache (e. g.
vagrant ssh -c vic-cache-clean).
Development Installation Script
To install Kong execute the install script:
Consider that the test request at the end of the script is expected to get a 400 Bad Request Response.
Verify the Installation
Fire an exemplary request against Kong (400 Bad Request expected):
$ curl -i -k -X POST -H 'host: api.vicampo.test' https://localhost:8443/v1/auth/login
In case of any issues, double check the configuration and re-run the installation from scratch:
$ ./uninstall.sh && ./install.sh
Update the Kongfig Configuration
While running the development setup, one might want to test a changed/updated
kongfig.yml file. This can be easily done via:
$ docker-compose run kongfig kongfig --path /config.yml --host kong:8001
kong/ folder lives the Dockerfile that defines the image that
will be run as ECS service. If you want to change the way Kong works change this
image. E.g., if you want to change configuration of either Nginx or Kong itself
After you have made your changes you need to build and publish the image using
The resulting image is pushed to ER (which is why you might need to login to
ECR first using the command
aws ecr login
After you have build the image you can deploy the new version using the
update-router.sh) script. It requires a single parameter
which is the name of the folder in
routers/ you want to update.
That will deploy the task definition and inactivate all others of the same
family. It will also restart the service.