Installing Kong Gateway, Hybrid Mode on Amazon Linux 2 with Terraform

This example stands up two Amazon Linux 2 instances and a single postres (RDS) instance with Terraform. From there, a procedure is given to install Kong gateway running in hybrid mode, with separate control and data planes.

Prerequisites

  1. AWS Credentials (Access Key ID and Secret Access Key)
  2. AWS Key Pair for SSH
  3. Terraform CLI

Default Ports

Make sure to create inbound rules for these ports.

Procedure

  1. Via the CLI, login to AWS using aws configure.
  2. Open tf/main.tf and update the key_name to match your AWS keypair (SSH)
  3. In the same file, update the Tags/Name to something unique that identifies you.
  4. Via the CLI, run the following Terraform commands to standup your Linux and Postgres instances:
terraform init
terraform apply
  1. Once terraform has stoodup the instances, SSH via the shell using the public_ip output:
ssh -i /path/to/<SSH keypair>.pem ec2-user@<public_ip>

Setup Control Plan instance

  1. Setup the database connection from the control plane EC2 instance using the following commands (password will be Abcd1234):
sudo amazon-linux-extras install postgresql13
psql --host <enter-rds-hostname> --port 5432 --username=postgres
psql -c "CREATE USER kong;"
psql -c "GRANT kong TO postgres;"
psql -c "CREATE DATABASE kong OWNER kong;"
psql -c "ALTER USER kong WITH PASSWORD 'kong';"
exit
  1. Via the regular shell, install Kong:
curl -Lo kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm "https://download.konghq.com/gateway-2.x-amazonlinux-2/Packages/k/kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm"
sudo yum install kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm
sudo chmod -R 777 /usr/local/kong
  1. scp over the kong/ directory to EC2

  2. In cp-example.conf, update the pg_host and pg_password to match your credentials.

  3. Copy certs over to /var/certs:

sudo cp -r certs/ /var/certs
  1. Run the following commands to setup the database and start the Kong control plane:
kong migrations bootstrap -c cp-example.conf 
kong start -c cp-example.conf
  1. Test the admin API locally on ec2 using curl:
curl -i -X GET --url http://localhost:8001/services
  1. Test the Management GUI via the browser: http://<public_ip>:8002/overview

  2. Via the CLI, apply your Enterprise license:

curl -i -X POST http://<hostname>:8001/licenses \
  -d payload='<insert license>'
  1. Restart kong:
kong stop
kong start -c cp-example.conf

Setup Data Plan instance

  1. Via the CLI, ssh to the SimonGreen_DP_AmznLinux2 instance

  2. Via the regular shell, install Kong:

curl -Lo kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm "https://download.konghq.com/gateway-2.x-amazonlinux-2/Packages/k/kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm"
sudo yum install kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm
sudo chmod -R 777 /usr/local/kong
  1. scp over the kong/ directory to EC2

  2. Update cluster_control_plane and cluster_telemetary_endpoint with the external IP of you CP instance.

  3. Copy certs over to /var/certs:

sudo cp -r certs/ /var/certs
  1. Run the following commands to start the Kong data plane:
kong start -c dp-example.conf
  1. From the CP instance shell, test the admin API locally on ec2 using curl to view the dataplane has conneted:
curl -i -X GET http://localhost:8001/clustering/data-planes
  1. Test the DP proxy via your dev machine browser: curl http://<dp public IP>:8000