Expose admin API in kong k8 ingress

hello

How can i expose kong admin api using kong k8 ingress .so i can use this REST endpoint for creating consumers dynamically

Although the admin API is still present in ingress controller deployments, you shouldn’t add configuration via it directly. It’s only exposed for the ingress controller to add configuration based on your custom resources. Configuration added manually will be overwritten.

You’ll likely want to instead develop some means of generating KongConsumer resource definitions and applying updates via kubectl.

Kubernetes management is itself handled via a REST API; kubectl is essentially a specialized client for sending the appropriate calls. That API can be accessed via other means, so you should be able to write your own client to create KongConsumers through it if desired. Though I’m not particularly familiar with using the API directly and not sure how to work back from the source to determine the correct endpoints, it should be easy enough to reverse engineer from kubectl’s trace mode, which shows the calls it makes. For example:

$ kubectl --v=10 create -f consumer.yaml
...
I1105 16:46:40.588252   10905 request.go:897] Request Body: {"apiVersion":"configuration.konghq.com/v1","custom_id":"examplesumer","kind":"KongConsumer","metadata":{"name":"examplesumer","namespace":"kingress"},"username":"examplesumer"}
I1105 16:46:40.588289   10905 round_trippers.go:386] curl -k -v -XPOST  -H "User-Agent: kubectl/v1.11.0 (linux/amd64) kubernetes/91e7b4f" -H "Accept: application/json" -H "Content-Type: application/json" 'https://127.0.0.1/apis/configuration.konghq.com/v1/namespaces/kingress/kongconsumers'
I1105 16:46:40.637651   10905 round_trippers.go:405] POST https://127.0.0.1/apis/configuration.konghq.com/v1/namespaces/kingress/kongconsumers 201 Created in 49 milliseconds

thank you.will try that way. i just tried the admin api because for the development and experiment purpose it is easy to use

Hello,

Is it still the case that I should not use admin APIs to create consumers dynamically when I am using Kong kubernetes ingress controller?

From the release talk, I see in roadmap that entities created using Admin APIs will be separated from those creating using k8s CRDs. But I can not find any info on it’s development, the roadmap doc itself is throwing a 404.

Can somebody help me please? Any reference docs / forums would also help. Thanks.

Hello @coco

Welcome to Kong Nation!

This feature was released in Kong Ingress Controller 0.5.0.
You can now use Kong Ingress Controller and still use Kong’s Admin API to create the consumers dynamically. The consumers created via the Admin API will not be deleted.

Apologies for the outdated docs, we are working on updating the docs to bring them to the latest feature parity.

3 Likes

Hello,

Thank you for your prompt response and clearing that up. Best wishes.

@hbagdi Thanks for your prompt replies. How do we access the Admin API through the latest release? I still can’t access through the port that the ingress-controller displays.

You will need to setup a Kubernetes service which exposes Kong Admin API to you.
We don’t expose it by default for security reasons.

I didn’t want it exposed, just making sure I couldn’t access it. Great :slight_smile:

@hbagdi I am trying to expose the Admin API as a service on my minikube cluster.
My cluster is based on https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/master/deploy/single/all-in-one-postgres.yaml

I changed the LoadBalancer service to expose the Admin API ports:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
  name: kong-proxy
  namespace: kong
spec:
  ports:
  - name: proxy
    port: 80
    protocol: TCP
    targetPort: 8000
  - name: proxy-ssl
    port: 443
    protocol: TCP
    targetPort: 8443
  - name: admin
    port: 8001
    protocol: TCP
    targetPort: 8001
  - name: admin-ssl
    port: 8444
    protocol: TCP
    targetPort: 8444
  selector:
    app: ingress-kong
  type: LoadBalancer

I also tried changing the ingress-kong Deployment configuration container ports:

ports:
        - containerPort: 8000
          name: proxy
          protocol: TCP
        - containerPort: 8443
          name: proxy-ssl
          protocol: TCP
        - containerPort: 8100
          name: metrics
          protocol: TCP
        - containerPort: 8001
          name: admin
          protocol: TCP
        - containerPort: 8444
          name: admin-ssl
          protocol: TCP

Still I am not receiving any response from the Admin API (port 8001/8001), while I am receiving 200 from the proxy (port 80/8000).

I’ll be grateful for your help

Please try port 8444 and using https protocol.

curl -k https://ip:8444

change “CONTROLLER_KONG_ADMIN_URL” env and “ KONG_ADMIN_LISTEN” env

@OmarBrown did it worked with the changes finally? I am facing the same problem for weeks and I haven’t find any solution? pls

Along with this, the following needs to be added to the kong proxy deployment

      - env:
        - name: KONG_PROXY_LISTEN
          value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2, 0.0.0.0:8001
        - name: KONG_PORT_MAPS
          value: 80:8000, 443:8443, 8001:8001
        - name: KONG_ADMIN_LISTEN
          value: 127.0.0.1:8001

and this to the ingress controller

      - env:
        - name: CONTROLLER_KONG_ADMIN_URL
          value: http://127.0.0.1:8001