Home / Kong Ingress Controller
Edit
Report

Understanding IngressClass / GatewayClass

Uses: Kong Ingress Controller
Related Documentation
All KIC Documentation
Tags
#kubernetes
Related Resources
Gateway API
Ingress

IngressClass

IngressClass in Kubernetes allows Ingress definitions to be processed by different controllers. Kong Ingress Controller reconciles any resources attached to a resource that has an IngressClass of kong. This IngressClass can be set in the spec.ingressClassName field, or using the kubernetes.io/ingress.class annotation.

kong is the default value and can be changed using the --ingress-class CLI flag, or the CONTROLLER_INGRESS_CLASS environment variable.

If the IngressClass used by Kong Ingress Controller (specified in flag --ingress-class) has ingressclass.kubernetes.io/is-default-class set to true, all resources that don’t have an explicit Ingress Class set are also reconciled by Kong Ingress Controller. This doesn’t include Gateway API resources.

GatewayClass

Kong Ingress Controller reconciles any resources attached to a GatewayClass that has a spec.controllerName of konghq.com/kic-gateway-controller.

Gateway API resources are attached to a Gateway object using the spec.parentRefs field, and the Gateway references a GatewayClass using the spec.gatewayClassName field.

konghq.com/kic-gateway-controller is the default value and can be changed using the --gateway-api-controller-name CLI flag, or the CONTROLLER_GATEWAY_API_CONTROLLER_NAME environment variable.

Resource types

Kong CRDs can be one of three types:

  • Global: Used by all Kong Ingress Controller installations.
  • Dependent: Included if they reference a resource that contains an IngressClass or a GatewayClass. For example, a KongPlugin that refers to an Ingress.
  • Independent: Resources that don’t rely on a resource containing an IngressClass. These resources must be annotated with the kubernetes.io/ingress.class annotation.

Global resources

The KongLicense resource is the only global resource. If a KongLicense resource exists in the cluster, all Kong Ingress Controller instances will send it in the configuration payload to Kong Gateway.

Dependent resources

Any resources that are attached to a resource containing an IngressClass or GatewayClass that Kong Ingress Controller reconciles will be automatically included in reconciliation.

This includes:

  • KongCustomEntity
  • KongPlugin
  • KongUpstreamPolicy

Independent resources

The following resources require the kubernetes.io/ingress.class annotation to be added explicitly:

  • KongClusterPlugin
  • KongConsumer
  • KongConsumerGroup
  • KongVault
  • TCPIngress
  • UDPIngress

The kubernetes.io/ingress.class annotation is used even when using Gateway API CRDs. This annotation is how Kong Ingress Controller selects resources to reconcile.

Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support