Hi, There.
I’m a new user for Kong API Gateway.
[K8s Version]
Client Version: version.Info{Major:“1”, Minor:“17”, GitVersion:“v1.17.6”, GitCommit:“d32e40e20d167e103faf894261614c5b45c44198”, GitTreeState:“clean”, BuildDate:“2020-05-20T13:16:24Z”, GoVersion:“go1.13.9”, Compiler:“gc”, Platform:“linux/amd64”}
[Kong Version]
2.1.1
So, I’ve installed Kong on K8s with this URL
As we can see, Above Documents said DB-Less Mode recommended with K8s. So, I’ve configured the Kong with DB-Less Mode.
I have 2 questions for Kong Configuration.
Q1) The Declarative mode is required on db less mode with K8s.
But, The Kong’s declarative Configuration format is different with K8s’s general “YAML” file. So, I don’t know how can use Kong’s Declarative Configuration such as kong.yml. Could you please let me know in detail?
Q2) As far as I understand, K8s’s Service matchs to Kong’s Service and Ingress matchs with Kong’s routes. So, I’ve configured like this to use HTTPS for Service.
Backend pods(container)has installed with other namespace.
backend can accept https only. So, I’m trying to connect with https protocol.
But, I can’t see the https protocol on Kong’s Service and can’t connect with https protocol.
Please let me know how to connect with https protocol?
[Kong Admin API]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 418 100 418 0 0 290k 0 --:–:-- --:–:-- --:–:-- 408k
{
“next”: null,
“data”: [
{
“host”: “console-np.console-system.80.svc”,
“id”: “3926a8f9-c0b8-545f-bcbe-9bafe9f3c348”,
“protocol”: “http”,
“read_timeout”: 60000,
“tls_verify_depth”: null,
“port”: 80,
“updated_at”: 1597306618,
“ca_certificates”: null,
“created_at”: 1597306618,
“connect_timeout”: 60000,
“write_timeout”: 60000,
“name”: “console-system.console-np.80”,
“retries”: 5,
“path”: “/”,
“tls_verify”: null,
“client_certificate”: null,
“tags”: null
}
]
}
[Service]
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-type: nlb
konghq.com/override: “console-kong”
konghq.com/protocols: “https”
name: kong-proxy
namespace: kong
spec:
ports:
- name: proxy
port: 80
protocol: TCP
targetPort: 8000
nodePort: 30012 - name: proxy-ssl
port: 443
protocol: TCP
targetPort: 8443
nodePort: 30013
selector:
app: ingress-kong
type: NodePort
[DaemoinSet]
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: ingress-kong
name: ingress-kong
namespace: kong
spec:
selector:
matchLabels:
app: ingress-kong
template:
metadata:
annotations:
kuma.io/gateway: enabled
prometheus.io/port: “8100”
prometheus.io/scrape: “true”
traffic.sidecar.istio.io/includeInboundPorts: “”
labels:
app: ingress-kong
spec:
containers:
- env:
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, 0.0.0.0:8443 http2 ssl
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8001, 0.0.0.0:8444 http2 ssl
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100
- name: KONG_DATABASE
value: “off”
- name: KONG_NGINX_WORKER_PROCESSES
value: “1”
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
[KongIngress]
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: console-kong
namespace: console-system
annotations:
konghq.com/protocols: “https”
route:
https_redirect_status_code: 302
strip_path: false
protocols:
- https
proxy:
protocols: - https
path: /
port: 80
[Ingress]
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: console-kong
namespace: console-system
annotations:
kubernetes.io/ingress.class: “kong”
konghq.com/override: “console-kong”
konghq.com/protocols: “https”
spec:
tls:
- hosts:
-
thc.slcapidev.shinhan.com
secretName: console-https-secret
rules:
-
thc.slcapidev.shinhan.com
- host: thc.slcapidev.shinhan.com
http:
paths:- path: /
backend:
serviceName: console-np
servicePort: 80
- path: /
[Backend Service]
[root@pstest01 kong]# kubectl get svc -n console-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
console-np NodePort 10.96.192.212 80:30003/TCP 35d