While the Kubernetes Gateway API is the preferred mechanism for configuring inbound routing, Kong Operator also supports the Kubernetes Ingress resource.
Route traffic with a Kubernetes Ingress resource
Uses:
Kong Operator
Incompatible with
konnect
Related Documentation
TL;DR
Set the spec.ingressClass field in the ControlPlane resource to match your Ingress resource’s spec.ingressClassName.
Prerequisites
Kong Operator running
-
Add the Kong Helm charts:
helm repo add kong https://charts.konghq.com helm repo updateCopied! -
Install Kong Operator using Helm:
helm upgrade --install kong-operator kong/kong-operator -n kong-system \ --create-namespace \ --set image.tag=2.1.0 \ --set env.ENABLE_CONTROLLER_KONNECT=trueCopied!helm upgrade --install kong-operator kong/kong-operator -n kong-system \ --create-namespace \ --set image.tag=2.1.0Copied!If you want cert-manager to issue and rotate the admission and conversion webhook certificates, install cert-manager to your cluster and enable cert-manager integration by passing the following argument while installing, in the next step:
--set global.webhooks.options.certManager.enabled=trueCopied!If you do not enable this, the chart will generate and inject self-signed certificates automatically. We recommend enabling cert-manager to manage the lifecycle of these certificates.
Kong Operator needs a certificate authority to sign the certificate for mTLS communication between the control plane and the data plane. This is handled automatically by the Helm chart. If you need to provide a custom CA certificate, refer to the
certificateAuthoritysection in thevalues.yamlof the Helm chart to learn how to create and reference your own CA certificate.
This tutorial doesn’t require a license, but you can add one using KongLicense. This assumes that your license is available in ./license.json.
echo "
apiVersion: configuration.konghq.com/v1alpha1
kind: KongLicense
metadata:
name: kong-license
rawLicenseString: '$(cat ./license.json)'
" | kubectl apply -f -
Copied!
Create the kong namespace
Create the kong namespace in your Kubernetes cluster, which is where the demo will run:
kubectl create namespace kong
Copied!
Create the GatewayConfiguration
Create a GatewayConfiguration resource to customize the deployment options for your data plane and control plane:
echo '
apiVersion: gateway-operator.konghq.com/v2beta1
kind: GatewayConfiguration
metadata:
name: kong-ingress-config
namespace: kong
spec:
dataPlaneOptions:
deployment:
replicas: 1
' | kubectl apply -f -
Copied!
Create the DataPlane
Create a DataPlane resource to define the Kong Gateway deployment:
echo '
apiVersion: gateway-operator.konghq.com/v1beta1
kind: DataPlane
metadata:
name: kong-ingress-dp
namespace: kong
spec:
deployment:
podTemplateSpec:
spec:
containers:
- name: proxy
image: kong/kong-gateway:3.13
' | kubectl apply -f -
Copied!
Create the ControlPlane
Create a ControlPlane resource to define the controller that will manage the DataPlane.
To enable Ingress support, you must specify the spec.ingressClass field:
echo '
apiVersion: gateway-operator.konghq.com/v2beta1
kind: ControlPlane
metadata:
name: kong-ingress-cp
namespace: kong
spec:
dataplane:
type: ref
ref:
name: kong-ingress-dp
ingressClass: kong
' | kubectl apply -f -
Copied!
Create the echo Service
Run the following command to create a sample echo Service:
kubectl apply -f https://developer.konghq.com/manifests/kic/echo-service.yaml -n kong
Copied!
Create the Ingress
Create an Ingress resource that points to the echo service and specify the spec.ingressClass configured in the ControlPlane resource in the spec;ingressClassName field:
echo '
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: echo-ingress
namespace: kong
spec:
ingressClassName: kong
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: echo
port:
number: 1027
' | kubectl apply -f -
Copied!
Validate
-
Check that the resources have been created:
kubectl get controlplane,dataplane,ingress -n kongCopied! -
Get the external IP of the
DataPlaneservice:export PROXY_IP=$(kubectl get svc -n kong -l app=kong-ingress-dp,gateway-operator.konghq.com/dataplane-service-type=ingress -o jsonpath='{.items[0].status.loadBalancer.ingress[0].ip}')Copied! -
Send a request to the Ingress:
curl -i http://$PROXY_IP/Copied!