Access public and private endpoints differently


Hi, I have setup kong inside my kubernetes cluster using the official kong helm chart. I have two types of urls that I want to access through kong gateway:

  1. Public urls accessible to everyone. For this I have created a Public Load Balancer by setting the proxy service type to LoadBalancer and adding a CNAME record -> elb-address

  2. Internal URLS that i want accessible only to employees within company (preferably using VPN).

My idea of setting up 2) was to setup an internal load balancer and map the internal urls to that load balancer. The issue with that approach being official kong chart doesn’t let me create multiple load balancers. Moreover, even if I setup two load balancers by modifying the helm chart, the internal urls will still be accessible from public elb since they share the same kong cluster.

I am sure, i am missing something basic here. All, I want is to use same kong cluster for two different types or urls, preferably with vpn only access for private urls



Have you considered using ip-restrictions plugin in Kong to solve the problem?

You use the DNS to point the two sites to the same Kong cluster.



Yes. But I found setting up separate kongs a cleaner and easier to manage approach. Now i have two kongs with their separate ingress controllers(kong-internal, kong-public) within my k8s cluster. I control the ingress by using separate ingress annotations.

1 Like


Glad it worked out and that indeed is a much saner way to manage your Ingress on Kubernetes. :slight_smile: