Accessing admin api through custom service

crixo · December 20, 2019, 5:27pm

I’m testing the latest ingress-controller version available here.
This version uses kong1.3 that now has a single pod/deployment containing proxy and ingress-controller (while in version 1.1 they were still split having each of them their own service).

In version 1.3 there’s not a service exposing the kong admin api.
I found the following kong-url=https://localhost:8444 so created a service to expose it for testing purpose

apiVersion: v1
kind: Service
metadata:
  name: kong-admin-api
  namespace: kong
spec:
  type: NodePort
  ports:
  - port: 8001
    targetPort: 8444
    protocol: TCP
  selector:
    app: ingress-kong

through that service I’m able to connect me to the kong api using port-forwarding

kubectl port-forward -n kong svc/kong-admin-api 8002:8001

but If try to curl the following url within the cluster I got the following error

curl -k https://kong-admin-api.kong:8001
curl: (7) Failed to connect to kong-admin-api.kong port 8001: Connection refused

I also created the service to use konga ui to browse the kong api, but I’m getting the same error.

hbagdi · December 20, 2019, 5:40pm

You will need to change the KONG_ADMIN_LISTEN environment variable to 0.0.0.0:8444 ssl.
It is listening on localhost by default to avoid exposing it to the wider network.

crixo · December 20, 2019, 6:15pm

Great! It works perfectly!
Is ssl striclty required? Konga connected w/o problems, but I have a python script that complains about the certificate ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate)
UPDATE: Just tried to remove ssl from the KONG_ADMIN_LISTEN and also changed the kong-url=http://localhost:8444 args in the “ingress-controller” container and it works
Thanks a lot for the hint!