The previous blog posts about Kong from last year were about the API Gateway, which is provided as an open source product. Since the end of September / beginning of October 2019, codecentric has been a Go-To-Market Partner in EMEA, but especially in the DACH region. As a Go-To-Market Partner we also have a focus on Kong Enterprise, a platform that supports the entire life cycle of APIs and services.
The product consists of several components, which I would like to address in a new blog post series. The first component is already familiar to us from previous blog posts: the gateway. It is currently (end of May 2020) shipped with version number 1.5 at Kong Enterprise. This number reveals a big difference to the open source product, which has been available in version 2.0 since March 2020. At the same time, it shows how important the enterprise product is for Kong as a manufacturer, because new features of the open source product first need to reach a certain level of maturity before they become part of the enterprise product. The following diagram shows the individual components schematically.
In contrast to the Kong Gateway as an open source product, the first thing that stands out is the possibility of role-based access control (RBAC) for the administration of the gateway. Although the teams of an organization can share the same Kong cluster, it is possible to divide the cluster into logical groups with restricted access. These workspaces enable clearer segmentation of traffic and entities. Each team’s access can be restricted to its own workspace, supporting the principle of least privilege.
Besides the open source plugins, Kong Enterprise also offers “Enterprise Plugins”. These will be introduced in future blog posts along with corresponding use cases.
The component “Kong Manager” represents the graphical user interface of the platform. Here, various metrics can be viewed directly through Kong Vitals.
Last but not least, a developer portal is also part of the functional scope of Kong Enterprise. The portal enables developers to find, access, and use services.
The two modules “Brain” and “Immunity” are still to be considered separately, since they are not directly part of Kong Enterprise. With Brain, creating API and service documentation can be automated. Supported by machine learning, Immunity helps fanalyze traffic patterns to increase the security of the gateway.
Setting up a secure development environment
After reviewing some of the components of Kong Enterprise, I will now show how to create a secure local environment. Through automation, the configuration can be transferred to a productive environment later.
The foundation of our local environments is a docker-compose-file, just like in earlier posts on the Kong Gateway.
test: ["CMD", "pg_isready", "-U", "postgres"]
command: kong migrations bootstrap
- KONG_PROXY_LISTEN=0.0.0.1:8000, 0.0.0.1:8443 ssl
- KONG_ADMIN_LISTEN=0.0.0.1:8001, 0.0.0.1:8444 ssl
- KONG_ADMIN_GUI_LISTEN=0.0.0.0:8002, 0.0.0.0:8445 ssl
- KONG_PORTAL_GUI_LISTEN=0.0.0.0:8003, 0.0.0.0:8446 ssl
- KONG_PORTAL_API_LISTEN=0.0.0.0:8004, 0.0.0.0:8447 ssl
The corresponding Docker image of Kong Enterprise can be downloaded via a customer-specific bintray access. Additionally, a license key is required. This only needs to be stored in an .env file.
KONG_PASSWORD, the built-in super-admin account is activated, which, among other things, ensures that every call to the REST admin API additionally requires the Kong admin token as a parameter. We have already secured our development environment in this relatively simple way. And this is now the starting point for the following blog posts.
Further information on our partnership with Kong is outlined here.