I currently have kong-0.10.1
deployed in a Kubernetes container behind an AWS ELB. The ELB is configured as follows:
You’ll notice the protocol setup is --https–>
ELB
; then ELB
--https–> Kong
With this setup, I am able to successfully curl
the DNS name of the ELB, and get a response back from Kong.
However, if I leave the ELB configured as shown above and upgrade Kong to 0.10.2
(or really any version after 0.10.1
– I tried all the way up to 0.15
), the request seems to hang in the ELB, and I never see any logs written to stdout
(or /usr/local/kong/logs
)
Here’s what my k8s resource definitions look like:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kong
labels:
app: kong
spec:
replicas: 1
selector:
matchLabels:
app: kong
template:
metadata:
labels:
app: kong
spec:
containers:
- name: kong
image: kong:0.14.1
ports:
- containerPort: 8000
- containerPort: 8443
- containerPort: 8001
- containerPort: 8444
- containerPort: 7946
env:
- name: KONG_DATABASE
value: "postgres"
- name: KONG_PG_HOST
value: "postgres"
- name: KONG_PG_DATABASE
value: "kong"
- name: KONG_PG_USER
value: "kong"
- name: KONG_PG_PASSWORD
value: "kong"
- name: KONG_PROXY_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_PROXY_ERROR_LOG
value: "/dev/stderr"
- name: KONG_PROXY_ADMIN_LOG
value: "/dev/stdout"
- name: KONG_PROXY_ADMIN_LOG
value: "/dev/stderr"
---
kind: Service
apiVersion: v1
metadata:
name: kong
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ redacted }}
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
spec:
type: LoadBalancer
selector:
app: kong
ports:
- name: ssl
protocol: TCP
port: 443
targetPort: 8443
externalTrafficPolicy: Cluster
loadBalancerSourceRanges:
- {{ redacted }}
I’ve also tried having the ELB have to endpoints: TLS and non-TLS. Both endpoints work with 0.10.1
; only the non-TLS endpoint works with 0.10.2
.
I didn’t notice anything in the kong CHANGELOG (specifically between 0.10.1
and 0.10.2
, although I did look all the up to 0.15
) that jumped out at me as something that would affect this behavior.
Thanks in advance for your help!