This assumes you have installed Terraform, as described at https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/aws-get-started.

This also assumes you have installed Kong and that Kong is up and running (check out my article Install Kong on Docker).

Let's say you have the following files on your Terraform server.

├── locals.tf
├── modules.tf
├── outputs.tf
├── provider.tf
├── terraform.tfstate
├── variables.tf
├── services (directory, child module)
│   ├── data.tf
│   ├── outputs.tf
│   ├── provider.tf

provider.tf could have something like this.

If you have a single Kong instance, then the kong_admin_uri can simply be the hostname and admin port of the single Kong instance, such as http://kong.example.com:8001. However, if you have a cluster of two or more Kong nodes, it is probably the case that you have a load balancer forwarding requests onto the cluster of Kong nodes. In this scenario, the kong_admin_uri can be the load balancer URL, something like http://balancer.example.com. In this scenario, you wouldn't want to target one of the nodes in the cluster, as this would cause objects to get created on a single node in the cluster, which defeats the purpose of having a cluster of Kong nodes.

AVOID TROUBLE

The name of the provider must be an exact match of the name of the required_provider, "kong" in this example.

terraform {
  required_providers {
    kong = {
      source  = "philips-labs/kong"
    }
  }
}

provider "kong" {
  kong_admin_uri = "http://kong.example.com:8001"
  kong_admin_username = "admin"
  kong_admin_password = "itsasecret"
}

And use the terraform init command to initialize the Kong provider.

~]# terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of philips-labs/kong...
- Installing philips-labs/kong v6.630.0...
- Installed philips-labs/kong v6.630.0 (self-signed, key ID C0E4EB79E9E6A23D)

Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Let's say modules.tf contains the following.

module "services" {
  source = "./services"
}

Add resources.tf in your services module contains the following.

resource "kong_service" "my-service" {
    name        = "foo"
    protocol    = "http"
    host        = "foo.example.com"
    port        = 8080
    path        = "/foo"
    retries     = 5
    connect_timeout = 1000
    write_timeout   = 2000
    read_timeout    = 3000
}

The terraform plan command can be used to see what Terraform will try to do.

terraform plan

The terraform apply command from your root module directory (/usr/local/terraform/kong in this example) can be used to create the service. 

terraform apply

Something like this should be displayed, and you will be prompted to enter yes.

Terraform will perform the following actions:

  # module.services.kong_service.my-service will be created
  + resource "kong_service" "my-service" {
      + connect_timeout = 1000
      + host            = "foo.example.com"
      + id              = (known after apply)
      + name            = "foo"
      + path            = "/foo"
      + port            = 8080
      + protocol        = "http"
      + read_timeout    = 3000
      + retries         = 5
      + write_timeout   = 2000
    }

Plan: 1 to add, 0 to change, 0 to destroy.

After entering yes, the following should be displayed.

kong_service.my-service: Creation complete after 0s [id=6c7e44b3-35c6-4e85-b3ed-78f96dab2d88]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.