Hi, I have setup kong inside my kubernetes cluster using the official kong helm chart. I have two types of urls that I want to access through kong gateway:
Public urls accessible to everyone. For this I have created a Public Load Balancer by setting the proxy service type to LoadBalancer and adding a CNAME record api.mysite.com -> elb-address
Internal URLS that i want accessible only to employees within company (preferably using VPN).
My idea of setting up 2) was to setup an internal load balancer and map the internal urls to that load balancer. The issue with that approach being official kong chart doesn’t let me create multiple load balancers. Moreover, even if I setup two load balancers by modifying the helm chart, the internal urls will still be accessible from public elb since they share the same kong cluster.
I am sure, i am missing something basic here. All, I want is to use same kong cluster for two different types or urls, preferably with vpn only access for private urls
Yes. But I found setting up separate kongs a cleaner and easier to manage approach. Now i have two kongs with their separate ingress controllers(kong-internal, kong-public) within my k8s cluster. I control the ingress by using separate ingress annotations.
I have a similar problem: I need two load-balancers (privater and public). It’s easy to achieve in the way @mukesh did but the problem is that resources like KongPlugin, KongConsumer and so on would have to be duplicated since all of them require kubernetes.io/ingress.class: <ingress-class> which ties them to specific controller. Better solution would be to have a single KIC and two k8s LoadBalancer services (one that creates public lb and the other one internal lb). Ingress-nginx has controller.service.internal.* config which allows doing exactly that.
@hbagdi I’m happy to open PR with this functionality added for KIC if you think it’s OK to implement it.
