API gateway between namespaces in same cluster?

Hi, usually an API gateway is used for proxying traffic between out-cluster (k8s) and in-cluster. That’s why an ‘ingress’ resource needs to be added, and the routes are configured in the ‘ingress’.

My case here is to proxy traffic between all pods in namespace1 and those in namespace2. For example, pods in namespace1 needs to access services in namespace2 via an API gateway, along with auth/acl/rate-limit/…

Can Kong help in this case? Since no ‘ingress’ resource needed, can kong-ingress-controller work?


Yes. You are thinking along the lines of an internal API gateway.

You can deploy Kong Ingress Controller, and instead of using an External Load Balancer, use a Service of tyep ClusterIP. You can then create Ingress resources to configure Kong. The traffic will not be exposed externally as the Kong Service is internal only.

Do you mean configure it by admin api?
Then the CDR way won’t work in this case?

No. I mean use Ingress and CRDs to configure Kong.
You can use whatever you are already familiar with for an internal API Gateway for communication between namespaces as well.

But if an ‘ingress’ resource is created, wouldn’t external traffic visit it as well?
So do you mean both external and internal traffic can use the same ingress? Is there a method to prevent external traffic use it?

Not necessarily. If Kong is only an internal service and Kong can’t be accessed outside the cluster, then this won’t happen.

I’d recommend creating separate ingress resources for external and internal traffic.