Architecture

The gateway is deployed using a number of Scaleway resources, all run in your Scaleway account.

The gateway itself is an instance of Kong Gateway, which we package in a Docker image on Docker Hub.

The following services are used to run the gateway:

• Serverless Containers - two containers are used to run Kong, one is a private container which exposes the Kong Admin API (behind token-based auth), and the other is a public container for the Kong Gateway nodes. The Kong Gateway container has auto-scaling enabled, so more instances will be created in response to increased load.

• Managed Databases (Postgres) - a single managed database instance is used to run the Kong database. This is how the different Kong nodes communicate with each other, and where the gateway configuration is stored. You can read more in the Kong traditional mode docs.

• Secret Manager - Secret Manager is used to share the database credentials between containers.

• Observability Cockpit - the Kong Gateway nodes forward metrics to Cockpit using statsd, while Cockpit also captures all the logs from the underlying Serverless Containers.

The Kong plugins used are:

• jwt - used to add JWT auth to routes (see Authentication and authorization)

• cors - used to add CORS headers to responses from routes (see CORS)

• statsd - used to export metrics from gateway nodes to the Scaleway Cockpit

You can see an architecture diagram with more explanation in our blog post.