Introduction
HashiCorp built Terraform on top of a plug-in system, where vendors can build their own extensions to Terraform. These extensions are called “providers.” Providers map the declarative configuration into the required API interactions, ensuring that the desired state is met. They act as a bridge between Terraform and a third-party API.
Kong has always placed developer experience as top priority, and building a terraform provider is a no-brainer since its widely adopted by the community at large
For today walkthrough, we will attempt to create a Control Plane, Service , Route and a Rate Limit Plugin in Kong Konnect. Kong Konnect is a hybrid saas platform where the control plane is hosted/managed by Kong, and customer will deploy Data Plane(proxy) on their own environment.
Getting Started
Ensure you have
- Terraform CLI installed
- Kong Konnect Control Plane Access
First ,lets create a auth.tf that will configure your Kong Konnect tf provider, and a personal access token for authentication with Kong Konnect.
You can generate a access token by navigating to the top right, click on** Personal Access Token*, and then * Generate Token**
# auth.tf
# Configure the provider to use your Kong Konnect account
terraform {
required_providers {
konnect = {
source = "kong/konnect"
version = "0.2.5"
}
}
}
provider "konnect" {
personal_access_token = "kpat_xxxx"
server_url = "https://au.api.konghq.com"
}
Subsequently, lets create the resources declarative file
#main.tf
# Create a new Control Plane
resource "konnect_gateway_control_plane" "tfdemo" {
name = "Terraform Control Plane"
description = "This is a sample description"
cluster_type = "CLUSTER_TYPE_HYBRID"
auth_type = "pinned_client_certs"
proxy_urls = [
{
host = "example.com",
port = 443,
protocol = "https"
}
]
}
# Configure a service and a route that we can use to test
resource "konnect_gateway_service" "httpbin" {
name = "HTTPBin"
protocol = "https"
host = "httpbin.org"
port = 443
path = "/"
control_plane_id = konnect_gateway_control_plane.tfdemo.id
}
resource "konnect_gateway_route" "anything" {
methods = ["GET"]
name = "Anything"
paths = ["/anything"]
strip_path = false
control_plane_id = konnect_gateway_control_plane.tfdemo.id
service = {
id = konnect_gateway_service.httpbin.id
}
}
resource "konnect_gateway_plugin_rate_limiting" "my_rate_limiting_plugin" {
enabled = true
config = {
minute = 5
policy = "local"
}
protocols = ["http", "https"]
control_plane_id = konnect_gateway_control_plane.tfdemo.id
route = {
id = konnect_gateway_route.anything.id
}
}
Run a terraform plan to validate what will be build
terraform plan
You should have the following file in the directory
Run the terraform apply to commit the resources
terraform apply
If everything went well, you should see a freshly created Control plane with a sample Service and Route attached with a Rate Limit Plugin
Summary
With a Konnect TF provider, customers can leverage on existing CI/CD pipeline to run Kong's api configuration automatically and consistently across different environment. DevEX is something Kong will be focusing on, and do expect more toolings from Kong in the coming months!
Resources
- Kong Konnect TF provider - https://github.com/Kong/terraform-provider-konnect
- Kong Konnect - https://docs.konghq.com/konnect/
Top comments (0)