►
Description
In this session, DevRel Director Micheal Heap will show you Kong’s declarative configuration capabilities and how to use your CI system to lint and apply these configurations in a variety of environments. Test your changes in a staging environment, then apply exactly the same config to production with a click of a button.
Kong’s User Calls are a place to learn about technologies within the Kong open source ecosystem. This interactive forum will give you the chance to ask our engineers questions and get ramped up on information relevant to your Kong journey.
#KongGateway #decK #CICD #Kong
A
We're
going
to
be
talking
about
controlling
your
kong
gateway
with
dec
and
cicd
and
presenting
today
we
have
our
director
of
developer
relations
michael
heap
at
the
end
of
michael's
presentation,
we'll
open
it
up
for
q,
a
and
discussion
you
will
be
able
to
unmute
yourself
and
turn
on
your
video
if
you'd
like,
but
you're,
also
welcome
to
just
post
your
questions
in
the
chat
at
the
bottom
of
your
screen
and
we'll
make
sure
and
get
to
those.
B
Thank
you,
taran,
oh
welcome
everyone
good
morning
afternoon
or
evening,
depending
on
wherever
you
may
be
joining
us
from
now.
It's
getting
a
little
bit
dark
over
here
in
england,
but
I'm
really
looking
forward
to
our
time
together
this
evening
today
we're
going
to
talk
about
configuring,
your
congate
we're
using
deck,
which
is
kong's,
declarative
configuration
tool,
and
you
might
be
wondering
why
you'd
actually
want
to
do
this.
B
After
all,
you've
been
using
the
api
or
the
ui
just
configure
services,
routes,
plugins
and
that's
worked
just
fine
in
the
past,
but
how
many
times
have
you
heard
this?
What
do
you
mean
productions
down?
It
was
only
a
conflict
change,
it's
easily
done
and
it's
not
just
small
companies.
Some
of
you
may
have
seen
the
facebook
dropped
off
the
face
of
the
earth
the
other
week.
That
was
just
a
conflict
change.
B
B
A
few
years
ago
I
wrote
a
book
on
configuration
change
management
using
ansible
with
from
red
hat
and
despite
that,
I've
still
broken
production,
with
a
configuration
change
recently
like
the
last
four
weeks.
So.
B
B
Well
that
can
both
export
and
import
your
service
configuration
providing
backups
and
a
way
to
see
your
states
as
a
text
file.
It
can
run
a
diff
between
your
proposed
configuration
and
your
actual
config.
It
can
validate
a
declarative
configuration
file
and
it
can
automate
distributed
configuration
changes
in
the
cicd
platform.
B
B
You
can
see
it's
source
code
on
github,
it's
written
in,
go
that
also
means
that
you
can
contribute
if
you
have
any
issues
or
feature
requests,
we'd
love
to
hear
them
and
if
you've
not
got
yourself
and
want
to
contribute,
we'd
love
to
help
you
on
your
journey.
You
can
learn
more
about
slash
github.com.
B
B
B
Edit
inbound
rules,
so
you
don't
want
to
be
exposing
your
kong
manager,
admin
port
to
the
whole
internet,
which
is
why
I've
got
it
behind
the
firewall.
So
I'm
just
going
to
add
a
quick
rule
to
open
it
up
to
the
entire
internet
for
demo
purposes.
Only
just
so
we
can
see
what's
going
on.
B
That
and
then
try
again
here
we
are
now
it
says
here:
kong
is
running
in
free
mode.
That's
true,
and
this
is
important
to
note,
because
it
means
that
you
can
use
it
too.
You
don't
have
to
have
an
enterprise
license
to
use
kung
manager,
it's
not
in
the
open
source
version,
but
it
is
in
the
the
free
version.
B
So
if
the
important
thing
to
you
is
that
kong
is
free,
not
kong
is
open
source.
You
can
get
this
for
free
and
try
it
out.
It's
really
quite
nice.
B
Live
demos.
Hey
give
me
a
second.
I
am
going
to
apply
a
license
just
to
get
this
working
very
quickly.
B
B
B
We
want
to
add
a
single
route,
we'll
call
it
sessions,
because
what
this
api
does
is.
It
returns
the
sessions
that
were
happening
at
summit.
So
it's
a
get
request
to
slash
sessions
and
we
don't
want
to
strip
the
path
and
let's
just
check
that
that
works.
B
B
B
B
B
Now,
usually,
when
I
run
deck
dump
or
deck,
sync
I'd
have
to
specify
the
admin
api
address
too,
but
in
order
to
simplify
things
for
this
demo,
I've
added
the
con
address
to
my
deck
configuration
file
which
lives
at
dot
deck.yaml
in
your
home
folder
and
that's
what
it
looks
like
the
alternative
would
be
to
run
deck
dump.
B
B
B
B
B
We
need
to
run
some
jobs
and
call
it
run
deck
and
it
runs
on
ubuntu.
Latest
deck
will
run
on
windows,
ubuntu
and
mac,
but
for
this
demo
I'm
gonna
use
the
ubuntu
runner.
B
B
B
A
Michael
while
we
have
just
a
moment
here,
mert
has
a
question:
should
you
should
have
we
multiple
repositories
for
multiple
applications?
I
imagine
each
application
has
different
config
files.
B
B
B
B
B
B
B
So
we're
halfway
through
we've
introduced
deck
configured
a
new
instance:
we've
used
deck
dump
indexing
and
we
applied
changes
to
the
github
actions.
So
now
we
should
get
onto
the
more
complex
usage
things
like
reviewing
changes,
because
perhaps
you
don't
want
configuration
changes
applying
directly
to
production?
B
B
B
B
But
if
I
click
into
run
deck,
it
says
it
needs
approval
to
start
deploying
the
changes,
and
I
can
review
that
want
to
go
to
production.
Yes
looks
good
to
me
proven
deploy
so
now.
We've
got
that
governance
step.
Not
only
are
people
not
making
changes
on
the
through
the
ui
through
the
api
it's
going
into
github,
but
they
can't
just
make
changes
themselves.
B
B
Now
we've
been
working
with
a
small
configuration
file
so
far,
but
it's
unlikely
to
be
this
straightforward.
B
B
So
here's
a
config
file
with
I
can't
even
remember
how
many
services
one
two
three
four
fives,
six
services.
There
are
only
six
services
in
here
and
they're,
not
even
big.
Some
of
the
services
don't
even
have
roots
or
plugins,
with
six
we're
already
at
250
files
and
it's
easier
for
these
configuration
files
to
get
to
a
thousand
two
thousand
five
thousand
files,
long
five
thousand
lines
long.
B
It
gets
unmanageable,
and
this
is
still
a
small
configuration
file
to
help
with
this
deck
supports,
distributed
configuration
where
you
can
manage
each
service
as
its
own
file,
and
it
will
merge
them
all
together
when
applying
changes.
So
this
is
where
we
get
back
to
motor's
question
about.
Should
we
have
these
configurations
in
different
vpus?
B
B
B
B
That
won't
work
because
I
don't
have
anything
created.
Yet
that's
fine,
let's
go
ahead
and
apply
this
distributed.
Configuration
I'll
show
you
how
to
do
that.
Then
I'll
show
you
what
the
end
point
returns.
B
B
I
should
be
able
to
yeah
call
that
slash
products
endpoint
and
we
can
see
con
cars.
The
gateway
has
insomnia,
has
developer
portal
and
some
of
which
are
open
source,
some
of
which
are
enterprise.
And
if
I
go
back
to
the
ui,
I
can
see
multiple
services
now
and
there's
the
product
route,
with
the
rare,
limiting
plugin.
B
B
B
B
So
we
need
to
get
the
ami
id
we're
going
to
create
a
new
security
group
ports
8000
for
hosting
the
block
set
in
8001
to
be
able
to
run
deck
against
it
again.
B
You
wouldn't
have
this
publicly
accessible
on
the
internet,
usually,
but
for
this
demo,
I'm
just
going
to
do
it
for
ease
of
use
want
to
create
a
new
ec2
instance,
put
it
in
the
security
grid
that
we
just
created
and
it's
accessible
using
the
key
name
of
key
name,
which
is
m
heap
gateway
testing,
which
is
just
a
key
that
I've
got
on.
My
ec2
instance
on
my
aws
account.
Sorry
now,
if
I
jump
back
to
the
console,
that's
created,
so
that's
we've
got
an
issue
to
instance.
Next
thing
is
to
install
kong.
B
And
I'll
show
you
what
this
is
doing
so
ansible
is
a
yaml-based
configuration
management
system.
We've
just
got
a
set
of
tasks
that
it
runs
in
order.
It
adds
to
the
kong
app
to
repo
because
we're
using
ubuntu
it
installs
the
required
packages,
a
python
3
and
acl
for
ansible
and
then
postgres
and
kong
enterprise
edition.
B
B
And
then
we
want
to
run
migrations,
so
kong,
migrations,
bootstrap
and
then
restart
cong.
Those
are
all
the
steps
you
need
to
deploy.
Kong
so
add.
The
report
install
the
package
create
the
database,
create
the
user
copy,
the
config
file
run
migrations
and
then
restart
cong.
B
B
B
And
now,
if
I
go
back
and
refresh,
we
get
all
of
our
session
information
now
this
machine
didn't
exist.
Less
than
five
minutes
ago,
we've
just
provisioned
a
new
machine,
provisioned
kong
install
and
restored
all
of
our
service
route
plug-in
configuration
using
deck.
If
I
just
refresh
a
few
times
the
limit
exceeded
just
what
we
were
expecting.
B
A
A
It
is
yes,
okay,
so
whatever
you
go
and
deploy,
it
would
be
there
from
an
admin
perspective,
but
suppose
I
deploy
everything
through
kubernetes
using
the
kic
ingress
controller.
I
wouldn't
be
able
to
view
that
from
a
tech
perspective
right
is
that
a
right
statement.
B
It
is
if
you've
deployed
using
the
ingress
controller.
You
probably
wouldn't
use
declarative
config
to
configure
things.
Instead,
you
will
be
using
crds,
so
your
crds
ideally
would
also
be
managed
through
a
github
stack
type.
Workflow,
so
you'll
be
committing
them
to
github,
and
then
your
icd
platform
will
be
running.
Cue.
Control
apply
on.
A
And
looks
like
we
had
a
couple
of
questions
in
the
chat
some
of
these
kind
of
came
in
towards
the
middle,
so
I'm
not
sure
regan
did
you
still?
Did
you
get
your
answer
to
that
question?
He
has
yeah
go
ahead.
It's
the
same
question.
B
And
another
one
from
did
I
integrate
github
in
aws
earlier?
No,
I
didn't.
I
did
something
very
naughty
and
opened
up
my
admin
port
to
the
entire
world
and
that's
how
github
could
reach
my
cloud
provider.
I
just
gave
the
address
and
anyone
could
have
called
that
admin
port.
B
If
I
were
to
do
this
properly,
I
should
be
limiting
it
to
the
github
actions
runners
ip
addresses
only
which
you
can
get
at
api.github.com
forward,
slash
meta.
They
return
all
their
ip
addresses,
though,
alternatively,
you
can
add
a
necessary
step
to
your
workflow,
so
that
your
github
action
actually
logs
in
to
your
kong
machine
and
then
uses
the
admin
api
locally
on
localhost,
rather
than
connecting
to
it
over
the
internet,
which
is
a
much
more
secure
way
to
do
things.
B
A
And
the
con
manager
that
you
showed
right
so
can
that
be
I
mean?
Is
it
a
pre
free
version?
Can
we
use
like
open
source
or
should
be,
should
we
have
a
license
for
that.