DEV Community

Cover image for Automating Kong Konnect Configuration with Terraform
Robin Cher
Robin Cher

Posted on

Automating Kong Konnect Configuration with Terraform

Introduction

HashiCorp built Terraform on top of a plug-in system, where vendors can build their own extensions to Terraform. These extensions are called “providers.” Providers map the declarative configuration into the required API interactions, ensuring that the desired state is met. They act as a bridge between Terraform and a third-party API.

Kong has always placed developer experience as top priority, and building a terraform provider is a no-brainer since its widely adopted by the community at large

For today walkthrough, we will attempt to create a Control Plane, Service , Route and a Rate Limit Plugin in Kong Konnect. Kong Konnect is a hybrid saas platform where the control plane is hosted/managed by Kong, and customer will deploy Data Plane(proxy) on their own environment.

Kong Konnect Architecture

Getting Started

Ensure you have

  1. Terraform CLI installed
  2. Kong Konnect Control Plane Access

First ,lets create a auth.tf that will configure your Kong Konnect tf provider, and a personal access token for authentication with Kong Konnect.

You can generate a access token by navigating to the top right, click on** Personal Access Token*, and then * Generate Token**

Konnect Access Token



# auth.tf
# Configure the provider to use your Kong Konnect account
terraform {
  required_providers {
    konnect = {
      source  = "kong/konnect"
      version = "0.2.5"
    }
  }
}

provider "konnect" {
  personal_access_token = "kpat_xxxx"
  server_url            = "https://au.api.konghq.com"
}


Enter fullscreen mode Exit fullscreen mode

Subsequently, lets create the resources declarative file



#main.tf

# Create a new Control Plane
resource "konnect_gateway_control_plane" "tfdemo" {
  name         = "Terraform Control Plane"
  description  = "This is a sample description"
  cluster_type = "CLUSTER_TYPE_HYBRID"
  auth_type    = "pinned_client_certs"

  proxy_urls = [
    {
      host     = "example.com",
      port     = 443,
      protocol = "https"
    }
  ]
}

# Configure a service and a route that we can use to test
resource "konnect_gateway_service" "httpbin" {
  name             = "HTTPBin"
  protocol         = "https"
  host             = "httpbin.org"
  port             = 443
  path             = "/"
  control_plane_id = konnect_gateway_control_plane.tfdemo.id
}

resource "konnect_gateway_route" "anything" {
  methods = ["GET"]
  name    = "Anything"
  paths   = ["/anything"]

  strip_path = false

  control_plane_id = konnect_gateway_control_plane.tfdemo.id
  service = {
    id = konnect_gateway_service.httpbin.id
  }
}

resource "konnect_gateway_plugin_rate_limiting" "my_rate_limiting_plugin" {
  enabled = true
  config = {
    minute = 5
    policy = "local"
  }

  protocols        = ["http", "https"]
  control_plane_id = konnect_gateway_control_plane.tfdemo.id
  route = {
    id = konnect_gateway_route.anything.id
  }
}



Enter fullscreen mode Exit fullscreen mode

Run a terraform plan to validate what will be build



terraform plan


Enter fullscreen mode Exit fullscreen mode

You should have the following file in the directory

Directory

Run the terraform apply to commit the resources



terraform apply


Enter fullscreen mode Exit fullscreen mode

If everything went well, you should see a freshly created Control plane with a sample Service and Route attached with a Rate Limit Plugin

New CP

Route with Rate Limit Plugin

Summary

With a Konnect TF provider, customers can leverage on existing CI/CD pipeline to run Kong's api configuration automatically and consistently across different environment. DevEX is something Kong will be focusing on, and do expect more toolings from Kong in the coming months!

Resources

  1. Kong Konnect TF provider - https://github.com/Kong/terraform-provider-konnect
  2. Kong Konnect - https://docs.konghq.com/konnect/

Top comments (0)