Kong APIPatrick Pierson

DevOps Engineer

Ion Channel

What is an API Gateway?Is the single entry point for all clients. The API gateway handles requests in one of two

ways. Some requests are simply proxied/routed to the appropriate service. It handles

other requests by fanning out to multiple services.

What is Kong?Kong is a scalable, open source API Layer (also known as an API Gateway, or API

Middleware). Kong runs in front of any RESTful API and is extended through Plugins,

which provide extra functionalities and services beyond the core platform.

What is Kong?

Kong ports● 8000 - for proxying. This is where Kong listens for HTTP traffic.

● 8443 - for proxying HTTPS traffic.

● 8001 - provides Kong's Admin API that you can use to operate Kong.

● 7946 - which Kong uses for inter-nodes communication with other Kong nodes.

Both UDP and TCP traffic must be allowed.

● 7373 - used by Kong to communicate with the local clustering agent.

Docker Demo

Logs Demo

Logs Demo ViewView virus scan check against Ion Channel API

Our setup● Test has 4 hosts, api/apimgmt container always on same host

● Prod has 3 hosts, api/apimgmt container always on same host

● Api/apimgmt kept on same host by AWS Lambda job that scans for apimgmt to

be on the same host, if not apimgmt is moved

● Api exposed by public ELB

● Apimgmt exposed to vpn users via private ELB

● Each service exposed by private ELB, api communicates with that

● TCP log plugin pushes usage logs to a syslog logstash container

api apimgmt

https://api.domain.io https://apimgmt.domain.internal

/service1 /service2 /service3 /service1 /service2 /service3

/service1

/service2

/service3

Our next steps● Using Kongfig to replicate test to prod - https://github.com/mybuilder/kongfig

○ YML configuration management

○ Cronjob to continually apply correct Kong configuration to keep it in compliance

● Compare Kong vs just Nginx

● Weave networking

○ Remove internal ELBs. Kong would talk to services directly.