How Ubisoft Extends Kong to Level Up Its Developer Platform

Ubisoft built an Internal Developer Platform that hosts multiple services, allowing users to create Kubernetes clusters or a MongoDB and manage them through the platform. 

“All these services are created and managed by different teams,” Behar said, "So what we really want for that platform is to unify the experience.”

Ubisoft asked teams providing services to the platform to use JSON REST APIs and document them with OpenAI. With so many exposed APIs, Ubisoft needed a powerful API gateway to seamlessly and securely manage requests — which is where Kong Gateway comes in.

Ubisoft's custom gateway has a single entry point with two user types: gateway admins who manage security and service developers who utilize a self-service model and OpenAPI integrations. With all of these users and services, Ubisoft opted to use a Kubernetes operator for its self-service and self-healing functionalities. They also wanted the ability to enforce their own rules. 

Ubisoft implemented the operator with its own workspaces, services, routes, and plugins to sync with Kong Gateway. To help Ubisoft achieve the perfect configuration, Behar said, "We built a Kubernetes operator that constitutes a control plane on top of Kong’s control plane."

So, why did Ubisoft ultimately choose Kong? Behar shares that the company has been a longtime customer of Kong, and with so many existing custom plugins, they knew it would be quick and painless to build a control plane on top of Kong’s control plane. 

Read on to learn about three features that make it easy to extend Kong. 

decK

Because they built their own control plane in Kubernetes, Ubisoft has a source of truth outside of Kong. They use declarative configuration management, meaning they need to reconcile with Kong API about what to create, update, and delete in the platform. This task can be difficult to set up and implement.

Fortunately, Kong offers decK, a CLI tool with a declarative configuration format that allows users to export, import, or sync entities to Kong in simple files. These configuration files serve as the source of truth and can be used to manage Kong infrastructure-as-code, making it simple to merge, load, and sync states. decK offers both JSON and YAML support, and because it’s written in Go, users can embed the operator as a Go library to integrate it with the application in parsable outputs.

All users need to do is generate a desired state and merge it with the current state from Kong using decK. They can then ask decK to sync the new state with Kong as a JSON diff and render the final state as a JSON or YAML to present to the user. 

Dry run mode

The second feature that gives Kong an edge is dry run mode. It lets users test configuration changes before applying them, giving them early feedback in the development process. When users test configuration changes, the system returns errors to catch issues and subsequently validate configurations. Users can also perform safe operations without the risk of persisting states on the database.

For Ubisoft, this process begins with the client — in their case, Kubecti CLI. They add the dry run mode flag, and the request goes to the Kubernetes API server, the admission webhook, and the operator. Ubisoft then asks decK to sync the state and throw out the dry run flag, which proceeds to Kong. Kong performs overall validations but doesn't store the state in its database. Instead, it returns to decK with errors and the expected final state to present to the user. 

Event hooks

The last feature to extend Kong — which is available with an Enterprise plan — is event hooks. Event hooks allow users to trigger custom logic in response to gateway events through webhooks. For example, Kong can notify operators with each change using HTTP webhooks. This process helps avoid configuration drift by immediately notifying operators of changes and encourages people to use the operator altogether.

To employ event hooks, Ubisoft tags every Kong entity with the name of their own services in Kubernetes, including plugins, routes, and services. Then, they place a filter on the tag to trigger the reconciliation.

By leveraging decK, dry run mode, and event hooks, Ubisoft unlocked just a few of the features that extend Kong according to their needs — helping them to scale with ultimate customization. The flexibility of Kong Gateway makes it a competitive option for any organization looking to add an API management solution that is self-service, self-healing, and safe.