1.
Kong API
Patrick Pierson
DevOps Engineer
Ion Channel

2.
What is an API Gateway?
Is the single entry point for all clients. The API gateway handles requests in one of two
ways. Some requests are simply proxied/routed to the appropriate service. It handles
other requests by fanning out to multiple services.

3.
What is Kong?
Kong is a scalable, open source API Layer (also known as an API Gateway, or API
Middleware). Kong runs in front of any RESTful API and is extended through Plugins,
which provide extra functionalities and services beyond the core platform.

4.
What is Kong?

5.
Kong ports
● 8000 - for proxying. This is where Kong listens for HTTP traffic.
● 8443 - for proxying HTTPS traffic.
● 8001 - provides Kong's Admin API that you can use to operate Kong.
● 7946 - which Kong uses for inter-nodes communication with other Kong nodes.
Both UDP and TCP traffic must be allowed.
● 7373 - used by Kong to communicate with the local clustering agent.

6.
Docker Demo

7.
Logs Demo

8.
Logs Demo View
View virus scan check against Ion Channel API

9.
Our setup
● Test has 4 hosts, api/apimgmt container always on same host
● Prod has 3 hosts, api/apimgmt container always on same host
● Api/apimgmt kept on same host by AWS Lambda job that scans for apimgmt to
be on the same host, if not apimgmt is moved
● Api exposed by public ELB
● Apimgmt exposed to vpn users via private ELB
● Each service exposed by private ELB, api communicates with that
● TCP log plugin pushes usage logs to a syslog logstash container

10.
api apimgmt
https://api.domain.io https://apimgmt.domain.internal
/service1 /service2 /service3 /service1 /service2 /service3
/service1
/service2
/service3

11.
Our next steps
● Using Kongfig to replicate test to prod - https://github.com/mybuilder/kongfig
○ YML configuration management
○ Cronjob to continually apply correct Kong configuration to keep it in compliance
● Compare Kong vs just Nginx
● Weave networking
○ Remove internal ELBs. Kong would talk to services directly.