Kong: [community feedback requested] A new way to install and configure Kong

Summary

1. Problem
2. Proposed new approach
   a. Installing
   b. Configuring
3. Pros and Cons
4. Community Feedback

1. Problem

Today's Kong can be quite un-intuitive and painful to both install and configure:

• For a source install, it requires installing separately several third-party software components (Serf/OpenResty/LuaRocks).
• Said source installs need a few flags during the Nginx compilation that Kong requires and that users need to add manually.
• Customizing the Nginx configuration requires creating a Penlight template with its own syntax and quirks, and users must update their template manually between Kong versions if new directives are added.
• When using a custom Nginx configuration, users have to maintain 2 configuration files: kong.conf, and nginx.conf.
• The Kong CLI is a process sitting between the user and the Nginx master process, and makes things like stdout logging or non-daemon mode harder for containers setups.
• Several Kong instances cannot run on the same machine at the same time.
• Installing the Kong Lua sources and dependencies requires an Internet access to luarocks.org and hosting code services like github.com.

Source installs are quite common because they allow building Nginx with custom flags (and custom Nginx C modules), and custom Nginx configurations are even more common, because kong.conf does not (and should not because it is not "scalable") support each and every Nginx directive.

2. Proposed new approach

a. Installing

Release Kong as an archive like kong-0.12.0.tar.gz containing:

• The OpenResty sources (which themselves contain the Nginx sources)
• LuaRocks
• The Kong core Lua sources
• The Kong community-edition, OSS plugins (currently, they live in the same repository but not for long)

The installation process for Kong would consist of:

$ wget http://getkong.org/download/kong-0.12.0.tar.gz
$ tar -xvf kong-0.12.0.tar.gz
$ cd kong-0.12.0
$ ./configure --prefix=/usr/local/kong
$ make
$ [sudo] make install

And that's it. Let's walk through the steps and what they achieved here:

$ wget http://getkong.org/download/kong-0.12.0.tar.gz
$ tar -xvf kong-0.12.0.tar.gz
$ cd kong-0.12.0

Here, we just downloaded the latest release archive and extracted it. Such an archive should be PGP signed by the core Kong contributors for each release, ensuring users get what they want.

$ ./configure --prefix=/usr/local/kong

This is a configure script that wraps the OpenResty one (which installs LuaJIT + Nginx). It allows any OpenResty flag, and thus, any Nginx flag as well. It also adds the flags required by Kong automatically, (such as --with-pcre-jit or --with-http_realip_module) so users don't have to worry about it. One can compile Kong like so:

$ ./configure --prefix=/usr/local/kong \
    --user=foobar \
    --with-http_v2_module \
    --with-http_geoip_module \
    --add-module=/path/to/custom/nginx/module \
    --add-module=/path/to/custom/nginx/module_2 \
    --with-debug

We now allow Kong users to very easily customize the underlying Nginx instance running Kong, without compromising the minimum flags required by Kong.

This step will also take care of installing LuaRocks with the newly compiled LuaJIT (from the OpenResty ./configure).

$ make
$ [sudo] make install

Just compilation and installation steps. During installation, we copy the Kong Lua sources into the prefix's lualib (the place where Lua modules required from an OpenResty installation should go to). LuaRocks mostly is bundled for future kong install [plugin] features relying on it.

b. Configuring

Let's see what the previous installation step actually installed:

bin    luajit    lualib    nginx    pod    luarocks    nginx.conf

Here, most of those files come from a regular OpenResty installation, but luarocks and nginx.conf are added by Kong (among other files in lualib and bin like the Lua sources and the CLI, but not detailed here).

What interests us here is the nginx.conf file, because it would be the only configuration file needed. That's right, no kong.conf.

Here is what such a nginx.conf file might look like, but take it with a grain of salt as it is a very early, draft document:

error_log logs/error.log notice;
access_log logs/access.log;

events {

}

http {
    server {
        listen 0.0.0.0:8000;

        location = / {
            # serve a webpage, like a developer portal at "api.example.com"
            # with Nginx settings optimized for assets serving/caching.
        }

        location / {
            # serve the API itself, at "api.example.com/v1"
            # with Nginx settings optimized for an API's reverse-proxy.

            kong_cassandra_contact_points 10.0.0.1,10.0.0.2;
            kong_cassandra_keyspace       kong;
            kong_cassandra_user           kong_user;
            kong_cassandra_password       password;

            kong_serve_proxy;
        }
    }


    # un-comment this block if you wish this node to also expose an Admin API
    # on localhost:8001
    #
    # server {
    #    listen 127.0.0.1:8001;
    #
    #    location / {
    #        # serve the Kong API, and maybe use any Nginx module to protect it,
    #        # such as HTTP Basic Auth if desired.
    #        # auth_basic_user_file conf/htpasswd;
    #
    #        kong_serve_admin_api;
    #    }
    #  }
}

This is achieved through a custom Nginx C module, that is transparent to the user because it is added under the hood by the Kong install phase (shipped in kong-0.12.0.tar.gz and automatically added to ./configure flags).

Thus, we allow any user to easily customize their Nginx instance to do anything they'd like:

• run another Nginx server block
• use a customized setting for a given block (tweak buffer size? use third-party module? serve a website? etc...)
• ability to enable/disable the Admin API on given nodes, chosen by the user

This is very beneficial in the sense that users now don't need to maintain two configuration files. The Kong C module will try to avoid as many required changes to the Nginx configuration as possible (like manually adding lua_shared_dict directives, and so).

Kong is now not started from its CLI anymore, but directly from Nginx, as in:

$ nginx -p /usr/local/kong

3. Pros and Cons

Going down this road has numeral benefits for users, power-users and contributors. Here is a non-exhaustive list:

• Easy and fast source installation for power-users and contributors, everything-in-one-(signed)-archive
• Easier maintainability for official Kong package maintainers (rpm, Homebrew, etc)
• Easier customization of the Nginx configuration, and avoid the 2 config files pattern
• No need to learn a new config file format (Kong's) or a new CLI (Kong's). We are Nginx-like.
• No process in between the user and the Nginx master process. We easily integrate into containers, and users can apply any Nginx technique they know (daemon off;, error_log stdout;...). This could potentially mean that Kong could come back on Heroku as well.
• No need for an access to luarocks.org and github.com when installing from source.
• Less need for users to track configuration changes: the C modules offloads as much as possible
• Ability to include any OpenResty or Nginx custom match that we'd like. No need for long waits between releases if we need something.
• Ability to use Nginx idioms like init.d scripts or monitoring solutions out of the box.
• Lock on our side the OpenResty/Nginx version shipped with Kong to ensure the best compatibility. Users cannot use Kong with just any version out there and end up with issues they are not supposed to.

There are a few losses as well that I will try to list objectively:

• Less "Kong brand" (our config lives in nginx.conf).
• The Nginx configuration might be harder to grasp for users who have never seen it before.

Those lists should be maintained and updated (edit this issue).

4. Community Feedback

Would love community feedback on this one! Thoughts? Concerns? Better ideas? Please comment and share!