Edit
Report

Kong Ingress Controller (KIC)

Configure Kong Gateway using Kubernetes CRDs with Kong Ingress Controller
All KIC Documentation

What is the Kong Ingress Controller?

Kong Ingress Controller allows you to run Kong Gateway as a Kubernetes Ingress to handle inbound requests for a Kubernetes cluster.

Kong Ingress Controller takes Kubernetes resources such as Ingress and HTTPRoute and converts them into a valid Kong Gateway configuration. It enables you to configure all the features of Kong Gateway using Kubernetes CRDs.

KIC supports all Kong Gateway entities, and can be deployed multiple times within a single cluster to provide traffic splitting.

 
flowchart TB
   A( Cluster Operator)
   B( API server)
   C( Kong Ingress Controller)

   D@{ shape: processes, label: " Kong Gateways"}

    A -->|kubectl apply| B
    C <-->|Reads configuration| B
    C -->|POST /config| D

Gateway API support

Kong is proud to be a driving force behind the Kubernetes Gateway API standard. With multiple contributors in maintainer and reviewer roles, Kong is all-in on Gateway API as the future of Kubernetes networking.

Kong Ingress Controller was the first submitted conformance report, and is 100% compliant with the core conformance tests, and many other additional extended tests. Kong has implemented the Gateway API resources as first-class citizens, converting them directly in to Kong Gateway configuration rather than using intermediate CRDs. This makes the Gateway API CRDs a native language for Kong Ingress Controller.

Learn more about the Gateway API →

Deployment topologies

Recommended

Gateway Discovery

Kong’s recommended deployment topology. Use one Kong Ingress Controller instance to configure multiple Kong Gateway instances

DB-Backed

Use Kong Ingress Controller to configure a Kong Gateway Control Plane that is attached to a PostgreSQL database.

Sidecar (Traditional)

Deploy Kong Ingress Controller and Kong Gateway as containers within the same Pod. This topology is deprecated.

Common use cases

Many Kong Ingress Controller users have the same questions when adding an ingress controller to their cluster:

  • How do I expose my service on a specific path?
  • How do I protect the service with rate limiting?
  • How do I cache responses for a period of time to reduce load?
  • How do I add authentication to my service?

Follow our getting started guide which takes you through all of these in under 10 minutes, step-by-step. Each page contains copy/paste instructions, and links to additional documentation if you want to learn more.

Troubleshooting

If Kong Ingress Controller is not working for you the following pages may help:

  • Troubleshooting: Common issues that people encounter when running Kong Ingress Controller.
  • FAQ: Specific questions about routing behavior, plugin compatibility and more.
  • Feature gates: If something isn’t working as expected, ensure that you have the correct feature gates enabled
  • Create a GitHub issue: Report a bug or make a feature request for Kong Ingress Controller.
  • Join the Kong Slack community: Get help from the team

Supported entities

Gateway Services

Gateway Services represent the upstream services in your system. These applications are the business logic components of your system responsible for responding to requests.

See reference →

Routes

A Route uses specific URL patterns and HTTP verbs to match incoming requests and pass them to a Gateway Service. This determines which upstream services will process a given request.

See reference →

Consumers

A Consumer typically refers to an entity that consumes or uses the APIs managed by Kong Gateway.

See reference →

Consumer Groups

Consumer Groups let you apply common configurations to groups of Consumers, such as rate limiting policies or request and response transformation.

See reference →

Plugins

Plugins are modules that extend the functionality of Kong Gateway.

See reference →

Certificates

A Certificate object represents a public certificate, and can be optionally paired with the corresponding private key.

See reference →

CA Certificates

A CA Certificate object represents a trusted certificate authority. These objects are used by Kong Gateway to verify the validity of a client or server certificate.

See reference →

Vaults

Vaults allow you to securely store and then reference secrets from within other entities, ensuring that secrets aren’t visible in plaintext throughout the platform.

See reference →
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support