It has been about a year since I last configed Kong Ingress Controller in kubernetes, yesterday when I was trying to config Kong Ingress controller to expose an API on kubernetes, I met a new concept KongIngress.
Kong is an API gateway platform , it start to support kubernetes since May 2018,it's a great platform to manage APIs, Kong has a plugin system to offer large amount of capability to manage open APIs, e.g: authentication, load balancing, traffic control, analytics, logging etc. with Kong , the developer could focus on business logic development and let Kong to do all the generic api management work.
Kong Ingress controllere could be deployed into multiple platforms, e.g EKS, GKE, AKS etc when it's deployed to EKS , Kong Ingress controller will create a ELB it process all the request on layer4, the ELB could handle both http and https , the port will map to NodePort in kubernetes ec2 instance
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"kong-proxy","namespace":"kong"},"spec":{"ports":[{"name":"kong-proxy","port":80,"protocol":"TCP","targetPort":8000},{"name":"kong-proxy-ssl","port":443,"protocol":"TCP","targetPort":8443}],"selector":{"app":"kong"},"type":"LoadBalancer"}}
name: kong-proxy
namespace: kong
selfLink: /api/v1/namespaces/kong/services/kong-proxy
spec:
clusterIP: xxx.xxx.xxx.xxx
externalTrafficPolicy: Cluster
ports:
- name: kong-proxy
nodePort: 30232
port: 80
protocol: TCP
targetPort: 8000
- name: kong-proxy-ssl
nodePort: 32021
port: 443
protocol: TCP
targetPort: 8443
selector:
app: kong
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- hostname: xxxxx.xxxx.elb.amazonaws.com
each Kong Ingress controller will monitor the Ingress resources in all the namespaces in the EKS clustter and create route rull based on Ingress resources, Kong Ingress controller could live other ingress controller as well, we need to speicfy kubernetes.io/ingress.class: "kong" in Ingress annotation to tell Kong to react on this Ingress creation
previously the Ingress below will work, it will route all the request match path /api to service my-api on port 9000
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-api
namespace: api
annotations:
kubernetes.io/ingress.class: "kong"
spec:
rules:
- host: api.vipmind.me
http:
paths:
- path: /api
backend:
serviceName: my-api
servicePort: 9000
when we upgrade to Kong 1.2, it stops working, all the path we got in service my-api is just /, here comes KongIngress to resolve the issue, we need to first create a KongIngress resources like below
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: api-kong-ingress
namespace: api
route:
strip_path: false
then patch configuration.konghq.com: "api-kong-ingress" as Ingress annotation to avoid Kong to strip the path.
KongIngress is acting as an extenion of Ingress resources,it could also be used as a way to remap url for banckend services, please see KongIngress custom resources for details.