hello
How can i expose kong admin api using kong k8 ingress .so i can use this REST endpoint for creating consumers dynamically
Although the admin API is still present in ingress controller deployments, you shouldn’t add configuration via it directly. It’s only exposed for the ingress controller to add configuration based on your custom resources. Configuration added manually will be overwritten.
You’ll likely want to instead develop some means of generating KongConsumer resource definitions and applying updates via kubectl.
Kubernetes management is itself handled via a REST API; kubectl is essentially a specialized client for sending the appropriate calls. That API can be accessed via other means, so you should be able to write your own client to create KongConsumers through it if desired. Though I’m not particularly familiar with using the API directly and not sure how to work back from the source to determine the correct endpoints, it should be easy enough to reverse engineer from kubectl’s trace mode, which shows the calls it makes. For example:
$ kubectl --v=10 create -f consumer.yaml
...
I1105 16:46:40.588252 10905 request.go:897] Request Body: {"apiVersion":"configuration.konghq.com/v1","custom_id":"examplesumer","kind":"KongConsumer","metadata":{"name":"examplesumer","namespace":"kingress"},"username":"examplesumer"}
I1105 16:46:40.588289 10905 round_trippers.go:386] curl -k -v -XPOST -H "User-Agent: kubectl/v1.11.0 (linux/amd64) kubernetes/91e7b4f" -H "Accept: application/json" -H "Content-Type: application/json" 'https://127.0.0.1/apis/configuration.konghq.com/v1/namespaces/kingress/kongconsumers'
I1105 16:46:40.637651 10905 round_trippers.go:405] POST https://127.0.0.1/apis/configuration.konghq.com/v1/namespaces/kingress/kongconsumers 201 Created in 49 milliseconds
thank you.will try that way. i just tried the admin api because for the development and experiment purpose it is easy to use
Hello,
Is it still the case that I should not use admin APIs to create consumers dynamically when I am using Kong kubernetes ingress controller?
From the release talk, I see in roadmap that entities created using Admin APIs will be separated from those creating using k8s CRDs. But I can not find any info on it’s development, the roadmap doc itself is throwing a 404.
Can somebody help me please? Any reference docs / forums would also help. Thanks.
Hello @coco
Welcome to Kong Nation!
This feature was released in Kong Ingress Controller 0.5.0.
You can now use Kong Ingress Controller and still use Kong’s Admin API to create the consumers dynamically. The consumers created via the Admin API will not be deleted.
Apologies for the outdated docs, we are working on updating the docs to bring them to the latest feature parity.
3 Likes
Hello,
Thank you for your prompt response and clearing that up. Best wishes.
@hbagdi Thanks for your prompt replies. How do we access the Admin API through the latest release? I still can’t access through the port that the ingress-controller displays.
You will need to setup a Kubernetes service which exposes Kong Admin API to you.
We don’t expose it by default for security reasons.
I didn’t want it exposed, just making sure I couldn’t access it. Great 
@hbagdi I am trying to expose the Admin API as a service on my minikube cluster.
My cluster is based on https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/master/deploy/single/all-in-one-postgres.yaml
I changed the LoadBalancer service to expose the Admin API ports:
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-type: nlb
name: kong-proxy
namespace: kong
spec:
ports:
- name: proxy
port: 80
protocol: TCP
targetPort: 8000
- name: proxy-ssl
port: 443
protocol: TCP
targetPort: 8443
- name: admin
port: 8001
protocol: TCP
targetPort: 8001
- name: admin-ssl
port: 8444
protocol: TCP
targetPort: 8444
selector:
app: ingress-kong
type: LoadBalancer
I also tried changing the ingress-kong Deployment configuration container ports:
ports:
- containerPort: 8000
name: proxy
protocol: TCP
- containerPort: 8443
name: proxy-ssl
protocol: TCP
- containerPort: 8100
name: metrics
protocol: TCP
- containerPort: 8001
name: admin
protocol: TCP
- containerPort: 8444
name: admin-ssl
protocol: TCP
Still I am not receiving any response from the Admin API (port 8001/8001), while I am receiving 200 from the proxy (port 80/8000).
I’ll be grateful for your help
Please try port 8444 and using https protocol.
curl -k https://ip:8444
change “CONTROLLER_KONG_ADMIN_URL” env and “ KONG_ADMIN_LISTEN” env
@OmarBrown did it worked with the changes finally? I am facing the same problem for weeks and I haven’t find any solution? pls
Along with this, the following needs to be added to the kong proxy deployment
- env:
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2, 0.0.0.0:8001
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443, 8001:8001
- name: KONG_ADMIN_LISTEN
value: 127.0.0.1:8001
and this to the ingress controller
- env:
- name: CONTROLLER_KONG_ADMIN_URL
value: http://127.0.0.1:8001