KONG Gateway

Kong Gateway is an API Gateway and microservices management layer that provides high-performance traffic control, security, and analytics for APIs and microservices. It is widely used to manage, route, and secure API traffic efficiently.?

Key Concepts:

• Plugins: Kong’s core functionality is extended through plugins. These pre-built modules handle various tasks, from authentication (e.g., OAuth 2.0, JWT) to transformations (e.g., request/response modification) and traffic control (e.g., rate limiting, circuit breaking).
• Routes: Routes define how incoming requests are matched and forwarded to specific backend services. They are configured based on criteria like path, HTTP method, and headers.
• Services: Services represent your backend APIs. They define the upstream URL that Kong proxies’ requests to.
• Upstreams: Upstreams represent a group of target services that Kong load balances across. This provides high availability and fault tolerance.
• Consumers: Consumers represent the entities that access your APIs. They can be applications, users, or other services.

Benefits of using Kong:

1. API Gateway: KONG Gateway functions as a reverse proxy and load balancer for APIs, routing incoming requests to appropriate backend services. It provides essential features like rate-limiting, authentication, and authorization to ensure secure and efficient management of API traffic.
2. Microservices Management: It helps in managing the communication between microservices, offering service discovery, dynamic routing, and traffic control. It can manage a large number of microservices and complex routing logic in distributed systems.
3. Extensibility: KONG supports a wide range of plugins, both official and community-built, that can extend its functionality. These plugins cover use cases such as security, observability, traffic management, and more.
4. Security: KONG Gateway offers a comprehensive suite of security features, including authentication, encryption, rate-limiting, IP filtering, and more. It integrates with identity management solutions like OAuth2, JWT, and LDAP to provide secure access to APIs.
5. Observability: With built-in support for logging, monitoring, and tracing, KONG allows organizations to gain deep insights into API traffic and microservices performance. Integration with monitoring tools such as Prometheus and Grafana is possible for custom visualizations and alerts.
6. High Availability and Scalability: KONG Gateway is designed to scale horizontally, allowing it to handle large amounts of traffic while maintaining high availability. It supports clustering and distributed configurations to meet the needs of enterprise-grade deployments.
7. Multicloud Support: KONG Gateway supports deployment across multiple cloud environments, making it a suitable choice for hybrid or multicloud architectures.
8. Service Mesh Integration: KONG can also be integrated with service mesh architectures, providing advanced features for inter-service communication and fine-grained traffic control.
9. Enhanced Performance: Kong can improve API performance through caching, load balancing, and other features.
10. Simplified Development: Kong reduces the complexity of backend development by handling common API management tasks

Kong Gateway Application structure:

• NGINX: A highly performance-oriented web server which handles routing, load balancing, authentication, security, traffic control and analytics
• OpenResty: Its a opensource framework that extends NGINX web server with additional programming capabilities through ‘lua’ scripting language for creating custom plugins in KONG
• Cong clustering & Datastore: This holds the configuration in PostgreSQL
• Plugins: These allow adding additional capabilities using Kong plugin development kit using languages like lua, python, JavaScript, GO
• Restful Admin API: This helps in configuring and managing gateway programmatically

Kong Gateway installation:

Kong Gateway can be installed in various environments, including Docker, Kubernetes, and traditional virtual machines. The installation steps vary based on the deployment method:

Installation on?Docker:

docker run -d - name kong \
 -e KONG_DATABASE=off \
 -e KONG_PROXY_ACCESS_LOG=/dev/stdout \
 -e KONG_ADMIN_ACCESS_LOG=/dev/stdout \
 -e KONG_PROXY_ERROR_LOG=/dev/stderr \
 -e KONG_ADMIN_ERROR_LOG=/dev/stderr \
 -p 8000:8000 \
 -p 8443:8443 \
 -p 8001:8001 \
 -p 8444:8444 \
 kong        

Kong Gateway deployment Modes:

• DB-less Mode: Uses declarative configuration and YAML files instead of a database.
• Hybrid Mode: Separates control and data planes for better scalability and security.
• Kubernetes Ingress Controller: Integrates Kong with Kubernetes for service discovery and API gateway functionality.

Hybrid mode of deployment with Kong?Konnect:

In a self-managed hybrid gateway deployment, Kong separates the Control Plane (CP) and Data Plane (DP) to optimize API management across different environments while maintaining security and scalability.

Key Components:

Control Plane (CP):

• Manages API configurations and distributes them to the data planes.
• Runs Kong Admin API and requires a database (PostgreSQL).
• Can be deployed in a central location (on-premises or cloud).

Data Plane (DP):

• Responsible for processing API traffic.
• Runs Kong Gateway in DB-less mode.
• Connects to the Control Plane to receive configuration updates.

Benefits:

• Centralized API management while keeping API traffic localized.
• Greater scalability by adding independent Data Plane nodes.
• Enhanced security as the Control Plane does not process API traffic.
• Supports multi-region or multi-cloud deployments.

Deployment Steps:

Deploy the Control Plane:

KONG_DATABASE=postgres \ KONG_ROLE=control_plane \ KONG_CLUSTER_CERT=/path/to/cert \ KONG_CLUSTER_CERT_KEY=/path/to/key \ kong star        

Deploy the Data Plane:

KONG_DATABASE=off \ KONG_ROLE=data_plane \ KONG_CLUSTER_CONTROL_PLANE=cp_host:cp_port \ KONG_CLUSTER_CERT=/path/to/cert \ KONG_CLUSTER_CERT_KEY=/path/to/key \ kong start        

Verify Synchronization:

• Ensure the Data Plane is successfully connected to the Control Plane using logs and Kong’s Admin API.

Kong Gateway configuration:

Configuring Kong

Kong can be configured via its configuration file, environment variables, or the Admin API. Some key configuration options include:

• Database Mode: DB-less or Postgres
• Service and Route Definitions: Mapping incoming requests to upstream services
• Plugins: Enhancing API functionality with authentication, logging, etc.

Example Configuration File (kong.conf):

# Database settings
database = off # Use 'postgres' for database-backed mode
# Admin API settings
admin_listen = 0.0.0.0:8001
# Proxy settings
proxy_listen = 0.0.0.0:8000        

Kong Gateway?Plugin:

What are Plugins?

Plugins are middleware components that extend Kong’s functionality. They can be used for authentication, security, traffic control, and logging.

Common Plugins:

• Authentication: Key-auth, JWT, OAuth2
• Traffic Control: Rate limiting, request size limiting
• Security: CORS, bot detection
• Logging & Monitoring: Prometheus, Datadog, Loggly

Example: Enabling Rate Limiting?Plugin

curl -X POST https://localhost:8001/services/{service}/plugins \
    --data "name=rate-limiting" \
    --data "config.second=5" \
    --data "config.minute=100"        

Securing Kong?Gateway

Security Best Practices

• Use HTTPS for all admin and proxy endpoints
• Enable authentication and authorization for APIs
• Restrict access using ACLs and IP whitelisting
• Regularly update Kong to patch security vulnerabilities

Enforcing Authentication with Key Auth

curl -X POST https://localhost:8001/services/{service}/plugins \
    --data "name=key-auth"        

API Request and Response?Flow:

Learnings with Kong Academy:

For further reading register by using your email address and Enroll in the below recommended courses.

● KGAC-101: Kong Gateway Foundations

● KDAC-201: Kong for Developers

● KGLL-115: Getting Started with Konnect Gateway

● KGLL-118: Introduction to Kong Gateway

● KGLL-120: Introduction to Kong Plugins

This article refers to Kong Academy learnings for images and contents.?

If you liked this article, please ?? below, so that other people can find it! ??