We are starting to adopt Kong in my organization and would like to setup a global gateway supporting multiple projects (sets of separated microservices) maintained by separate teams. We deploy Kong using the Hybrid Mode with a single (global) CP node and multiple DP nodes - the idea is to have one DP node per project. Each project would have its own Workspace where admins would configure their own routing, plugins, etc. with access limited to team members.
We are wondering what would be the best way to manage the configuration in such setup - the key requirement is to have it tracked in source control, so that it’s possible to automatically (re)apply the configuration as part of Kong’s deployment process. We don’t really want to depend on storing the configuration in the database only. This is also the main reason we think the Manager UI should not be used for purposes other than viewing the config.
Since we deploy Kong to a k8s cluster (GKE) with Kong Ingress Controller, the best approach seems to be using Kubernetes resources, such as Ingress to configure routing or KongPlugin custom resource to configure plugins. The teams would then add YAML files to the repository and the resources would automatically be created during the deployment. Unfortunately, I don’t think KIC can handle multiple workspaces, which makes the solution irrelevant. According to THIS thread, we would need to deploy a separate KIC per workspace, which would make the setup much more complicated and, if I’m not mistaken, defeat the purpose of having a single CP - we would need to deploy many of them, each with a separate KIC.
Last thing that comes to my mind is to get rid of KIC altogether and have teams create scripts containing calls to the Admin API and push them to the repository - the scripts would be executed as part of the deployment process, after Kong has been installed. However, I have hard time considering such solution elegant.
I’d much appreciate any tips and comments!