How enable Kong Ingress CUSTOM PLUGIN on k8s (AKS)

Kubernetes
1

Hi Kong Nation,

I’m new to Kubernetes and I have deployed Kong Ingress controller on AKS following this guide https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/deployment/aks.md
and it works fine :slight_smile:

I then developed a custom plugin (test-introspection) which I have tested on my local deployment which is not Kubernetes and it also works fine. Now I need to move it to my AKS environment and I’m stuck!! Looked for a step-by-step guide/documentation on how to do this and I can’t find any except this discussion Custom Plugin not enabled

From what I gathered I need to do the following steps

  1. Create a ConfigMap. - DONE

     $ kubectl get configMap
 NAME                             DATA   AGE
 test-custom-plugin           2      26h

  2. Mount the volumes to the pods - No idea how to do this but I created the chart below

     apiVersion: v1
 kind: Pod
 metadata:
   name: kongPlugin-config
   namespace: kong
 spec:
   serviceAccountName: kong-ingress-controller
   containers:
     - name: kong
       image: kong:1.2
       volumeMounts:
       - name: config-volume
         mountPath: /etc/kong/plugins/
   volumes:
     - name: config-volume
       configMap:
         name: test-custom-plugins

Questions

*** Is the chart correct?**

*** How do I run it?**

  1. Update the deployment YAML for both kong and ingress. Setting the KONG_PLUGINS environment variable to bundled, test-introspection. And set the KONG_LUA_PACKAGE_PATH environment variable as well.

Exec into the Kong container and curl the / on Admin interface and make sure that these properties are set correctly - How do I do this?

Question: Is the chart below enough?

    echo "
    apiVersion: apps/v1beta2
    kind: Deployment
    metadata:
    spec:
     template:
      spec:
        containers:
           env:
              - name: KONG_PLUGINS
                value: bundle, test-introspection
              - name: KONG_LUA_PACKAGE_PATH
                value: /etc/?.lua;/etc/kong/plugins/test-introspection/?.lua;;
    " | kubectl apply -f -

Question:
Is this correct?

  1. Enable plugin (kongPlugin.yaml)
    apiVersion: configuration.konghq.com/v1
    kind: KongPlugin
    metadata:
    name: test-introspection
    labels:
    global: “false”
    enabled: true
    plugin: test-introspection

Checking

        $ kubectl get Kongplugins
        NAME PLUGIN-TYPE AGE
        custom-introspection test-introspection 20h

Please guide me - especially mounting the volumes from my ConfigMap.
Thank you in advance

2
  1. Please mount at a location like /opt/kong. /etc/kong has a special meaning, where all the setting related to Kong are stored.
  2. Could you describe the content of your configMap?
  3. Please read mounting configmap on a pod using the deployment spec. You will need to combine the Pod manifest and the Deployment manifest.
3

Hi @hbagdi,

Thank you for your response. I will try mount as you have specified.

Yes, I can describe my configMap

$ kubectl describe configMap test-custom-plugins
Name:         test-custom-plugins
Namespace:    kong
Labels:       <none>
Annotations:  <none>

Data
====
handler.lua:
.......................
........................

Kind Regards

4

Hi @hbagdi ,

Do you have any news about it?
I have the same situation, doubts about how to install a custom plugin in kong ingress controller, and I am following up on this case.

Regards

1 Like
5

Hi @xpg0755

Let me see if I can help. Here are the steps I followed and eventually got my custom plugin working.
Please backup your deployment yaml for kong and kong-ingress-controller

  1. Create the configMap

kubectl get configMap
NAME DATA AGE
custom-plugin 2 26h

Make sure you can describe it
kubectl describe configMap custom-plugin

  1. Mount the configMap as Volume on your Kong and Ingress Deployments
    kubectl edit deployment kong and kubectl edit deployment kong-ingress-controller

Add the following

volumeMounts:
- mountPath: /opt/kong/plugins/custom-introspection
name: config-vol

and

volumes:
- configMap:
defaultMode: 511
name: custom-plugin
name: config-vol

  1. Set Environment variables (both Kong and Kong-Ingress) by editing your deplyments
    kubectl edit deployment kong and kubectl edit deployment kong-ingress-controller

Add the following lines

spec:
containers:
env:
- name: KONG_PLUGINS
value: bundle, custom-introspection
- name: KONG_LUA_PACKAGE_PATH
value: /etc/?.lua;/opt/kong/plugins/test-introspection/?.lua;;

  1. Enable plugin

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: custom-introspection
labels:
global: “false”
enabled: true
plugin: custom-introspection

Hope this helps…

Kind Regards

1 Like
6

Hi @Tavernt_Muchenje,

Thanks for the answer, as far as I tried, i managed to install my custom plugin, now I had another problem, if you could help me.

My custom plugin uses https://luarocks.org/modules/cdbattags/lua-resty-jwt as a dependency, when the containers are deployed again, the kong container fails because it does not find this dependency, therefore, there would be a way to add this dependency without modifying the image of Kong?

So far I was able to operate by installing the dependency on the kong image with luarocks, but I don’t think it is a clean solution when touching the image, I would like a more dynamic strategy similar to that of ConfigMaps, if it exists.

Thanks and regards

7

If you don’t want to install it in the image itself, you have two options that I can think of:

  1. You can run luarocks install <lib> as an init-container. This means that luarocks should be reachable and up whenever your Kong container starts, which is a little risky.
  2. Copy the code for the above lib, put it in another ConfigMap, mount that as a volume and include it in lua package path like you did for the plugin.
1 Like
8

I have created the custom plugin “Creating and Installing Custom Lua Plugins in Kong | by Andrew Scott | The Startup | Medium” using this reference, and we are successfully able to build and deploy the plugin in KONG 2.0 using docker image.

Now we are trying to deploy the same plugin in the KONG as ingress controller (we are using AKS) but i am facing issue

what we had did till now

  • Created the configMap and successfully able to describe it by following above steps

*Now we are trying to deploy the same plugin but facing if we follow the above steps and deployment file looks like

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
name: kong-ingress-custom-plugin
namespace: konga-test
spec:
selector:
matchLabels:
app: konga-test
template:
metadata:
name: kong-ingress-custom-plugin
labels:
app: kong-ingress-custom-plugin
spec:
containers:
- name: proxy
env:
- name: KONG_PLUGINS
value: ‘bundled,cutom-auth’
- name: KONG_LUA_PACKAGE_PATH
value: /opt/?.lua;;
volumeMounts:
- name: kong-plugin-cutom-auth
mountPath: /opt/kong/plugins/cutom-auth
volumes:
- defaultMode: 755
- name: kong-plugin-cutom-auth
configMap:
name: kong-plugin-cutom-auth

we are executing the same below command to apply the change

kubectl apply -f miniorange-auth-deployment.yaml --validate=false

and error we got

The Deployment “kong-plugin-miniorange-auth” is invalid: spec.template.spec.containers[0].image: Required value

Here i don’t understand, if we created the ConfigMap for same plugin then why its asking for docker image.

Kindly assist.

Thanks & Regards
Jaiswar Vipin Kumar R.

9

After updating the YAML finally custom pluing get install but after that got next issue. Now same POD, Deployment and Replicaset throwing “CrashloopOff”. After checking the log of the pod we got following error.

init_by_lua error: /usr/local/share/lua/5.1/kong/init.lua:389: [PostgreSQL error] failed to retrieve PostgreSQL server_version_num: connection refused stack traceback:

However Updated YAML is

apiVersion: apps/v1
kind: Deployment
metadata:
name: kong-ingress-custom-plugin
namespace: konga-test
spec:
selector:
matchLabels:
app: konga-test
replicas: 1
template:
metadata:
name: kong-ingress-custom-plugin
labels:
app: kong-ingress-custom-plugin
spec:
containers:
name: proxy
image: ‘kong:2.0’
volumeMounts:
- name: kong-plugin-custom-auth
mountPath: /opt/kong/plugins/kong-plugin-custom-auth
- env:
- name: KONG_PG_DATABASE
value: kong
- name: KONG_PG_HOST
value: postgres
- name: KONG_PG_PORT
value: ‘5432’
- name: KONG_PG_PASSWORD
value: kong
- name: KONG_PG_USER
value: kong
- name: KONG_LOG_LEVEL
value: info
- name: KONG_PLUGINS
value: ‘bundled,kong-plugin-custom-auth’
- name: KONG_LUA_PACKAGE_PATH
value: /etc/?./opt/?.lua;;
volumes:
- defaultMode: 755
- name: kong-plugin-custom-auth
configMap:
name: kong-plugin-custom-auth

Thanks & Regards
Jaiswar Vipin Kumar R.