Kongfig allow declarative configuration. We can define our list of APIs and consumers in json/yaml and then run kongfig to ensure that our Kong is configured correctly. Kong Publisher is an interface that use Kongfig to allow us manage the upstream, build the routes and back-up the entire Kong data as snapshot.
At the simplest form, your config.yml can be just :
---
apis:
-
name: "mockbin"
attributes:
upstream_url: "http://mockbin.com/"
request_host: "mockbin.com"
You can refer to Kong Documentation for available attributes.
Kong Publisher has 4 core functionalities atm.
In this page, we can add our microservice name and the config.yml relative to its internal kube adresss. For example, Contact Microservice use contact-microservice-dev as its internal kube address, so we can register it with http://contact-microservice-dev/config.yml. When we save this, Kong Publisher will fetch the config, resolve the Environment Variables and store it. If developer update the config.yml, we can refresh the config by clicking the refresh button accordingly.
When we define some plugin information within our Kong routes, some of this values most likely will change over time. Or they may be sensitive data that shouldn't go to our git repo. To alleviate this issue, Kong Publisher provide a convinient way to abstracting this value away from the config.yml by providing environment variables resolution. Here is the example real-world schema that used by Contact Microservice utilize Environment Variables.
# Mandatory Consumer
consumers:
- acls: []
credentials: []
custom_id: "0"
username: anonymous
apis:
# Main Endpoint
- attributes:
methods:
- OPTIONS
- GET
- POST
- PUT
- PATCH
- DELETE
upstream_url: http://$upstream_host/api/v1/contacts
uris:
- /contacts
name: contacts
plugins:
- attributes:
config:
anonymous_username: anonymous
key_claim_name: iss
run_on_preflight: true
secret_is_base64: false
uri_param_names:
- jwt
enabled: true
name: jwt
- attributes:
config:
client_id: $client_id
client_secret: $client_secret
discovery: $discovery_url
introspection_endpoint: $introspection_url
response_type: token
scope: openid email profile
ssl_verify: "no"
token_endpoint_auth_method: client_secret_basic
enabled: true
name: oidc
- attributes:
config:
uri_param_names:
- jwt
enabled: true
name: jwt-claim-headers
Any of $variable value will be resolved by Kong Publisher when developer submit the Upstream.
We can take a snapshot of the entire Kong Data in a single click, that can be restored later.
Once we get the Upstream, or some Backup, we can then do the actual route publishing via build menu. There is a slack notification each time the build is completed. Also, the result of each build can be seen by clicking "Result" button. Below is an example of the successfull build :
Loading config /srv/storage/3d9e8c217a63cb84ba10390bf6166702.yml
Apply config to kong-dev:8001
Kong version: 0.31.0
consumer anonymous is up to date
POST http://kong-dev:8001/apis
{ methods: [ 'OPTIONS', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE' ],
upstream_url: 'http://twitter-microservice-dev/api/v1/twitter',
uris: [ '/twitter' ],
name: 'twitter' }
201 Created { created_at: 1528218889150,
strip_uri: true,
id: '88849f4e-bf75-45bd-bd9f-d73ccb5fe1ad',
name: 'twitter',
methods: [ 'OPTIONS', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE' ],
http_if_terminated: false,
preserve_host: false,
upstream_url: 'http://twitter-microservice-dev/api/v1/twitter',
uris: [ '/twitter' ],
upstream_send_timeout: 60000,
upstream_connect_timeout: 60000,
upstream_read_timeout: 60000,
retries: 5,
https_only: false }
POST http://kong-dev:8001/apis/88849f4e-bf75-45bd-bd9f-d73ccb5fe1ad/plugins
{ config:
{ anonymous: '66112692-1537-45e1-9cec-b0397014a708',
key_claim_name: 'iss',
run_on_preflight: true,
secret_is_base64: false,
uri_param_names: [ 'jwt' ] },
enabled: true,
name: 'jwt' }
201 Created { created_at: 1528218891000,
config:
{ cookie_names: {},
secret_is_base64: false,
key_claim_name: 'iss',
anonymous: '66112692-1537-45e1-9cec-b0397014a708',
run_on_preflight: true,
uri_param_names: [ 'jwt' ] },
id: '64bd26f0-a20e-4cb2-93ec-aa7afb00a8dc',
name: 'jwt',
api_id: '88849f4e-bf75-45bd-bd9f-d73ccb5fe1ad',
enabled: true }
POST http://kong-dev:8001/apis/88849f4e-bf75-45bd-bd9f-d73ccb5fe1ad/plugins
{ config:
{ client_id: '7ba6d840-ee71-0135-0840-06778a3b422066467',
client_secret: '*****6877',
discovery: 'https://kw.onelogin.com/oidc/.well-known/openid-configuration',
introspection_endpoint: 'https://kw.onelogin.com/oidc/token/introspection',
response_type: 'token',
scope: 'openid email profile',
ssl_verify: 'no',
token_endpoint_auth_method: 'client_secret_basic' },
enabled: true,
name: 'oidc' }
201 Created { created_at: 1528218893000,
config:
{ response_type: 'token',
client_id: '7ba6d840-ee71-0135-0840-06778a3b422066467',
introspection_endpoint: 'https://kw.onelogin.com/oidc/token/introspection',
ssl_verify: 'no',
scope: 'openid email profile',
token_endpoint_auth_method: 'client_secret_basic',
discovery: 'https://kw.onelogin.com/oidc/.well-known/openid-configuration',
client_secret: '*****6877' },
id: '04c78a33-32a7-4b60-b359-761422648207',
name: 'oidc',
api_id: '88849f4e-bf75-45bd-bd9f-d73ccb5fe1ad',
enabled: true }
POST http://kong-dev:8001/apis/88849f4e-bf75-45bd-bd9f-d73ccb5fe1ad/plugins
{ config: { uri_param_names: [ 'jwt' ] },
enabled: true,
name: 'jwt-claim-headers' }
201 Created { created_at: 1528218894000,
config: { uri_param_names: [ 'jwt' ] },
id: '54cc0beb-266a-4d9c-b08c-f29e9224614d',
name: 'jwt-claim-headers',
api_id: '88849f4e-bf75-45bd-bd9f-d73ccb5fe1ad',
enabled: true }
POST http://kong-dev:8001/apis
{ methods: [ 'OPTIONS', 'GET' ],
upstream_url: 'http://twitter-microservice-dev/health_check',
uris: [ '/twitter/health_check' ],
name: 'twitter.health_check' }
201 Created { created_at: 1528218896020,
strip_uri: true,
id: '0cb6b302-d5f5-434a-a91a-d36ec6523223',
name: 'twitter.health_check',
methods: [ 'OPTIONS', 'GET' ],
http_if_terminated: false,
preserve_host: false,
upstream_url: 'http://twitter-microservice-dev/health_check',
uris: [ '/twitter/health_check' ],
upstream_send_timeout: 60000,
upstream_connect_timeout: 60000,
upstream_read_timeout: 60000,
retries: 5,
https_only: false }
POST http://kong-dev:8001/apis
{ methods: [ 'OPTIONS', 'GET' ],
upstream_url: 'http://twitter-microservice-dev/logs',
uris: [ '/twitter/logs' ],
name: 'twitter.logs' }
201 Created { created_at: 1528218897736,
strip_uri: true,
id: '9f0c4b7d-bb59-4986-9149-c373388f6388',
name: 'twitter.logs',
methods: [ 'OPTIONS', 'GET' ],
http_if_terminated: false,
preserve_host: false,
upstream_url: 'http://twitter-microservice-dev/logs',
uris: [ '/twitter/logs' ],
upstream_send_timeout: 60000,
upstream_connect_timeout: 60000,
upstream_read_timeout: 60000,
retries: 5,
https_only: false }
POST http://kong-dev:8001/apis
{ methods: [ 'OPTIONS', 'GET' ],
upstream_url: 'http://twitter-microservice-dev/version.txt',
uris: [ '/twitter/version.txt' ],
name: 'twitter.version' }
201 Created { created_at: 1528218899300,
strip_uri: true,
id: '0ed6f409-ecba-4082-9a40-1ca7770a77db',
name: 'twitter.version',
methods: [ 'OPTIONS', 'GET' ],
http_if_terminated: false,
preserve_host: false,
upstream_url: 'http://twitter-microservice-dev/version.txt',
uris: [ '/twitter/version.txt' ],
upstream_send_timeout: 60000,
upstream_connect_timeout: 60000,
upstream_read_timeout: 60000,
retries: 5,
https_only: false }