decK Installation with Kong

Hi!

is it a good idea to install decK directly within the Dockerfile together with Kong? Something like this:

ARG KONG_VERSION=3.6.1
FROM kong:${KONG_VERSION}-ubuntu as kong
USER root
RUN apt-get update \
    && apt-get upgrade -y \
    && apt-get install -y git luarocks curl wget unzip \
    && rm -rf /var/lib/apt/lists/*
# Plugin: Custom Plugin
ADD /config/kong.conf /etc/kong/kong.conf
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD http://localhost:8007/status/ready || exit 1
# Install decK
curl -sL https://github.com/kong/deck/releases/download/v1.38.1/deck_1.38.1_linux_amd64.tar.gz -o deck.tar.gz
tar -xf deck.tar.gz -C /tmp
sudo cp /tmp/deck /usr/local/bin/

Best Wishes,
Ritika

Hi @ritika -

Typically, decK is installed on a developer machine or CICD pipeline runner and manages the state of Kong Gateway remotely. If you add decK inside the docker image, then you are coupling the availability of the tools as well as their versions. I’d recommend running them as individual docker containers or running the gateway as a docker container and decK on your developer machine.

Hope this helps-

1 Like

Generally speaking, IMHO deck is used to apply/alter a Kong Gateway configuration. Kong deck need to read the configuration that can contain secrets or other reserved information so I think is not a good idea having and using deck deployed within the same container of the Kong Gateway.

I agree with @rick it sould be run externally in a CI/CD pipeline runner or outside Kong Gateway and the communication between deck and Kong Gateway should be secured with HTTPS and related authentication (via RBAC token).

HTH.
Denis

1 Like

Hi!

Thank you both of you (@rick and @Denis_Signoretto ) for your feedback! :slight_smile:
Have a great day! :slight_smile:

Best wishes,
Ritika