This is a short presentation about different ways to use the Kong KONNECT gateway. Essentially the Kong gateway sits in front of the application we are covering with it and it can be used as a protection mechanism for our application. With KONNECT we can establish that configuration and then launch different data node planes otherwise known as Kong gateways that we can start with a specific configuration already configured in KONNECT. This is a great achievement in API gateways when it comes to unserstanding how to guarantee the safety of our applications. In KONNECT we can implement different kinds of authentication namely and mostly used, a JWT token, an apikey and OAuth2 authentications. Another way to protect our application is to establish ACL's, which are access control lists for our users which then can be assigned different permissions and there for have selective access to our applications. Another aspect of application protection is when we avoid too many requests being made at the same time to our application. In these cases, there is always the question if we are dealing with a DDoS attack or if we are dealing with a mislead user. In any case rate limiting is something that we can easily configure in Kong allowing us to turn the tap to a comfortable an acceptable installation. With KONNECT we can also configure our Kong gateways to monitor, audit and save the logs of our application. Because KONNECT gets updated and the nodes get automatically updated, the control of the updates and new version is no longer part of our plate of responsibilities. Instead, Kong KONNECT deals with that for us.
9. 9
KONNECT Gateway Manager
Gateway Manager
..
.
Control Plane Control Plane Control Plane
..
.
Data
Node
Plane
Data
Node
Plane
Data
Node
Plane
10. 10
KONNECT Gateway Manager
What is a gateway service?
A gateway service is a service that is used to refer to a website.
In it we configure the websites URL where the data traffic is going to,
the protocol, the timeouts for read,
write and connection and number of retries.
17. 17
KONNECT Gateway Manager
1. Provide authentication:
Basic, Apikey, JWT token, OAuth2
2. Provide authorization:
ACL
3. Control Rate Limiting
Rate Limiting Plugin
4. Logging, Auditing, Monitoring
5. Data Encryption
6. Updates
How to secure Web applications:
18. 18
KONNECT Gateway Manager
1. https://github.com/jesperancinha/buy-odd-yucca-concert:
Study about the Kong Gateway in a standalone way (without KONNECT)
2. https://github.com/jesperancinha/healthy-cameras
Study about authentication in Kong Gateway in a standalone way.
There is no connection to KONNECT.
It includes a manually implemented OAuth2 mechanism.
And it includes instructions to connect to Okta
3. https://github.com/jesperancinha/kong-test-drives
Experimental project about Kong Gateway.
It is a loose project with constant additions
Find my Kong related work on these repos on GitHub:
