We are currently looking at an API gateway for our organisation and have decided on Kong for a number of reasons. Before asking my question I want to give a brief overview of of our landscape, we are moving to a microservice architecture and a Kubernetes cluster will host these new services but we also have legacy services that need to be secured by a gateway as well.
With that in mind, from my understanding we’ll need an ingress controller to expose any services out side of Kubernetes which will mostly likely be Kong Ingress Controller. But if we want to control external services sitting outside of Kubernetes cluster then we’ll also need Kong API gateway to sit in front of these services.
Does Kong Ingress Controller have any egress functionality? i.e. Can the Kong ingress controller act as a fully fledged API gateway or does as the name suggests only handle ingress for Kubernetes?
Hey, I know there’s “endpoint” in kubernetes, which can bring the out-of-cluster services into kubernetes, so even legacy services seem to be in cluster.
Never tried that but looks like it’s possible.
Thank you for the great question!
We see this use case all the time, where users have some services running in k8s while others are running elsewhere.
You have a two options:
Deploy two separate Kongs. One for your services running inside k8s and another for running outside your k8s cluster and then manage them separately.
As Davix mentioned, you can use ExternalName services in Kubernetes and manage all of Kong in k8s only. In this case, you will setup only a single Kong Ingress Controller in k8s and all traffic will flow via k8s and then to your services running outside k8s.
Depending on your architecture and requirements, you might want to chose one over the other.
Yes, Kong Ingress controller is not the best name. It provides the basic ingress functionality but can provide everything else that’s needed for API management as well, and act as a full fledged API gateway. You can leverage each and every feature of Kong when deployed as an Ingress Controller.
Can you elaborate on what you mean? Egress means different things to different people.