Edit
Report

Kong ❤️ Terraform

What is Terraform?

Terraform is an infrastructure as code tool from HashiCorp. Primarily used for managing infrastructure such as AWS, GCP or Azure deployments, Terraform can also be used to manage your Kong configuration.

When should I use Terraform?

A common question we hear from you all is:

“Why would I choose Terraform, and when would I choose deck?”

You should choose Terraform if one or more of the following is true:

  • You have existing review and approval processes built around Terraform
  • Your internal users are already familiar with HCL / Terraform

Available Providers

Recommended

Konnect

This is the official Konnect Terraform provider. You can use it to configure Dedicated Cloud Gateways, Control Planes, Gateway Entities, Portal, Teams, and more

GitHub Terraform Registry Examples

Konnect (Beta)

Konnect regularly ships new features, and they start out as a beta release. In order to provide early access to these features using Terraform, we provide the konnect-beta provider.

The BETA provider currently supports:

  • Kong Mesh
  • Portal v3
GitHub Terraform Registry Examples

Kong Gateway

Designed for use with Kong Gateway on-prem, the kong-gateway provider allows you to manage Kong Entities using Terraform

This provider is currently available as a BETA release

GitHub Terraform Registry Examples

Kong Mesh

The kong-mesh provider allows you to manage Mesh policies in an on-prem deployment of Kong Mesh

This provider is currently available as a BETA release

GitHub Terraform Registry Examples

Sample Workflows

The GitHub repositories for each provider contain pre-built scenarios. Here are a couple of examples of what's possible:

Rate Limit a Service

Deploy a Gateway Control Plane with a Gateway Service, Route, and a rate limiting policy of 5 requests per minute on the Route. 

# Create a new Control Plane
resource "konnect_gateway_control_plane" "tfdemo" {
  name         = "Terraform Control Plane"
  description  = "This is a sample description"
  cluster_type = "CLUSTER_TYPE_CONTROL_PLANE"
  auth_type    = "pinned_client_certs"

  proxy_urls = [
    {
      host     = "example.com",
      port     = 443,
      protocol = "https"
    }
  ]
}

# Configure a service and a route that we can use to test
resource "konnect_gateway_service" "httpbin" {
  name             = "HTTPBin"
  protocol         = "https"
  host             = "httpbin.org"
  port             = 443
  path             = "/"
  control_plane_id = konnect_gateway_control_plane.tfdemo.id
}

resource "konnect_gateway_route" "anything" {
  methods = ["GET"]
  name    = "Anything"
  paths   = ["/anything"]

  strip_path = false

  control_plane_id = konnect_gateway_control_plane.tfdemo.id
  service = {
    id = konnect_gateway_service.httpbin.id
  }
}

# Apply a rate limit of 5 requests per minute
resource "konnect_gateway_plugin_rate_limiting" "my_rate_limiting_plugin" {
  enabled = true
  config = {
    minute = 5
    policy = "local"
  }

  protocols        = ["http", "https"]
  control_plane_id = konnect_gateway_control_plane.tfdemo.id
  route = {
    id = konnect_gateway_route.anything.id
  }
}

Manage a Konnect team

Configure a new team in your Konnect org with admin access to all Control Planes in the US region. 

resource "konnect_team" "my_team" {
  name        = "My Terraform Team"
  description = "This is a team that is managed by Terraform"

  labels = {
    example = "here"
  }
}

resource "konnect_team_role" "my_team_role" {
  entity_id        = "*"
  entity_region    = "us"
  entity_type_name = "Control Planes"
  role_name        = "Admin"
  team_id          = konnect_team.my_team.id
}

Manage Consumers and Consumer Groups

Create a Consumer and a Consumer Group, then add the Consumer to the group. 

# Create a consumer and a basic auth credential for that consumer
resource "konnect_gateway_consumer" "alice" {
  username         = "alice"
  custom_id        = "alice"
  control_plane_id = konnect_gateway_control_plane.tfdemo.id
}

# Then a consumer group, and add the consumer to a group
resource "konnect_gateway_consumer_group" "gold" {
  name             = "gold"
  control_plane_id = konnect_gateway_control_plane.tfdemo.id
}

resource "konnect_gateway_consumer_group_member" "ag" {
  consumer_id       = konnect_gateway_consumer.alice.id
  consumer_group_id = konnect_gateway_consumer_group.gold.id
  control_plane_id  = konnect_gateway_control_plane.tfdemo.id
}

Create a Basic Auth credential

Add an authentication mechanism for a Kong Gateway Consumer 

resource "konnect_gateway_basic_auth" "my_basicauth" {
  username = "alice"
  password = "demo"

  consumer_id      = konnect_gateway_consumer.alice.id
  control_plane_id = konnect_gateway_control_plane.tfdemo.id
}
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support