This example stands up two Amazon Linux 2 instances and a single postres (RDS) instance with Terraform. From there, a procedure is given to install Kong gateway running in hybrid mode, with separate control and data planes.
- AWS Credentials (Access Key ID and Secret Access Key)
- AWS Key Pair for SSH
- Terraform CLI
Make sure to create inbound rules for these ports.
- Via the CLI, login to AWS using
aws configure
. - Open
tf/main.tf
and update the key_name to match your AWS keypair (SSH) - In the same file, update the Tags/Name to something unique that identifies you.
- Via the CLI, run the following Terraform commands to standup your Linux and Postgres instances:
terraform init
terraform apply
- Once terraform has stoodup the instances, SSH via the shell using the
public_ip
output:
ssh -i /path/to/<SSH keypair>.pem ec2-user@<public_ip>
- Setup the database connection from the control plane EC2 instance using the following commands (password will be
Abcd1234
):
sudo amazon-linux-extras install postgresql13
psql --host <enter-rds-hostname> --port 5432 --username=postgres
psql -c "CREATE USER kong;"
psql -c "GRANT kong TO postgres;"
psql -c "CREATE DATABASE kong OWNER kong;"
psql -c "ALTER USER kong WITH PASSWORD 'kong';"
exit
- Via the regular shell, install Kong:
curl -Lo kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm "https://download.konghq.com/gateway-2.x-amazonlinux-2/Packages/k/kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm"
sudo yum install kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm
sudo chmod -R 777 /usr/local/kong
-
scp over the
kong/
directory to EC2 -
In
cp-example.conf
, update the pg_host and pg_password to match your credentials. -
Copy certs over to
/var/certs
:
sudo cp -r certs/ /var/certs
- Run the following commands to setup the database and start the Kong control plane:
kong migrations bootstrap -c cp-example.conf
kong start -c cp-example.conf
- Test the admin API locally on ec2 using
curl
:
curl -i -X GET --url http://localhost:8001/services
-
Test the Management GUI via the browser:
http://<public_ip>:8002/overview
-
Via the CLI, apply your Enterprise license:
curl -i -X POST http://<hostname>:8001/licenses \
-d payload='<insert license>'
- Restart kong:
kong stop
kong start -c cp-example.conf
-
Via the CLI, ssh to the
SimonGreen_DP_AmznLinux2
instance -
Via the regular shell, install Kong:
curl -Lo kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm "https://download.konghq.com/gateway-2.x-amazonlinux-2/Packages/k/kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm"
sudo yum install kong-enterprise-edition-2.8.1.0.amzn2.noarch.rpm
sudo chmod -R 777 /usr/local/kong
-
scp over the
kong/
directory to EC2 -
Update
cluster_control_plane
andcluster_telemetary_endpoint
with the external IP of you CP instance. -
Copy certs over to
/var/certs
:
sudo cp -r certs/ /var/certs
- Run the following commands to start the Kong data plane:
kong start -c dp-example.conf
- From the CP instance shell, test the admin API locally on ec2 using
curl
to view the dataplane has conneted:
curl -i -X GET http://localhost:8001/clustering/data-planes
- Test the DP proxy via your dev machine browser:
curl http://<dp public IP>:8000