Kong as gateway for configuring multi-domain kubernetes env

we are having 2 different domains for 2 different namespaces
host 1 : dev.example.com mapped to dev namespace
host 2: qa.example.com mapped to qa namespace
and there is service1 in both of them
When I am accessing dev.example.com/service1 it is rendering correctly
But when I am acessing qa.example.com/service1 it is rendering dev service1 pages and not qa ones .
Could you please help

Replicate above scenario - create kong gateway and other resources in kong namespace ( kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/master/deploy/single/all-in-one-dbless.yaml -n kong)

I have edited the kong-proxy service from the above file to point to an External ip

apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-type: elb
name: kong-proxy
namespace: kong
spec:
ports:

  • name: proxy
    port: 80
    targetPort: 8000
    protocol: TCP
  • name: proxy-ssl
    port: 443
    targetPort: 8443
    protocol: TCP
    selector:
    app: ingress-kong
    type: LoadBalancer
    externalIPs:
    • X.Y.Z

Api services are in respective namespaces (dev and qa) .

I have configured devingress(Ingress resources) in dev namespace and qaingress(Ingress resources) which maps to respective hosts


apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: devingress
namespace: dev
annotations:
configuration.konghq.com: do-not-preserve-host
kubernetes.io/ingress.class: “devingress”
spec:
rules:

  • host: dev.example.com
    http:
    paths:
    • path: /service1/
      backend:
      serviceName: service1-api
      servicePort: 80

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: qaingress
namespace: qa
annotations:
configuration.konghq.com: do-not-preserve-host
kubernetes.io/ingress.class: “qaingress”
spec:
rules:

  • host: qa.example.com
    http:
    paths:
    • path: /service1/
      backend:
      serviceName: service1-api
      servicePort: 80

After adding ingress.class my qa host is not finding host it’s saying
@hbagdi , Could you or anybody else please help

Your Ingress class annotation should be same for both the Ingress resource since they are both being controlled by the same kong ingress controller.

Yes that works … Thank you @hbagdi

Hello, I have the same issue too, please give me a help.
First of all, I deployed a Rocketmq into the DEV namespace, and I created an Ingress by the following command and yaml.

kubectl apply -f ingress.yaml -ndev
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: redirect
  annotations:
    konghq.com/strip-path: "true"
    kubernetes.io/ingress.class: "kong"
spec:
  rules:
    - host: ybd.k8s.dev.com
    - http:
        paths:
          - path: /rocketmq
            pathType: ImplementationSpecific
            backend:
              service:
                name: console-service
                port:
                  number: 8080

for now, all is right, and I can access the Rocketmq successful.
but when I create a Rockermq into TEST namespace and I apply the ingress to TEST namespace too,

kubectl apply -f ingress.yaml -ntest
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: redirect
  annotations:
    konghq.com/strip-path: "true"
    kubernetes.io/ingress.class: "kong"
spec:
  rules:
    - host: ybd.k8s.test.com
    - http:
        paths:
          - path: /rocketmq
            pathType: ImplementationSpecific
            backend:
              service:
                name: console-service
                port:
                  number: 8080

I can not access both the DEV and TEST Rocketmq services with a 503 error code, here are the logs in KONG CONTROLLER proxy pod.

10.96.14.128 - - [28/Aug/2021:15:40:37 +0000] "GET /rocketmq/ HTTP/1.1" 503 58 "http://ybd.k8s.dev.com/rocketmq/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"

by the way, I deploy kong by daemonset.

apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: ingress-kong
  name: ingress-kong
  namespace: kong
spec:
  selector:
    matchLabels:
      app: ingress-kong
  template:
    metadata:
      annotations:
        kuma.io/gateway: enabled
        prometheus.io/port: "8100"
        prometheus.io/scrape: "true"
        traffic.sidecar.istio.io/includeInboundPorts: ""
      labels:
        app: ingress-kong
    spec:
      containers:
      - env:
        - name: KONG_PROXY_LISTEN
          value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2
        - name: KONG_PORT_MAPS
          value: 80:8000, 443:8443
        - name: KONG_ADMIN_LISTEN
          value: 127.0.0.1:8444 ssl
        - name: KONG_STATUS_LISTEN
          value: 0.0.0.0:8100
        - name: KONG_DATABASE
          value: "off"
        - name: KONG_NGINX_WORKER_PROCESSES
          value: "2"
        - name: KONG_ADMIN_ACCESS_LOG
          value: /dev/stdout
        - name: KONG_ADMIN_ERROR_LOG
          value: /dev/stderr
        - name: KONG_PROXY_ERROR_LOG
          value: /dev/stderr
        image: kong:2.5
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - kong quit
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: 8100
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: proxy
        ports:
        - containerPort: 8000
          name: proxy
          protocol: TCP
        - containerPort: 8443
          name: proxy-ssl
          protocol: TCP
        - containerPort: 8100
          name: metrics
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: 8100
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
      - env:
        - name: CONTROLLER_KONG_ADMIN_URL
          value: https://127.0.0.1:8444
        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
          value: "true"
        - name: CONTROLLER_PUBLISH_SERVICE
          value: kong/kong-proxy
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: kong/kubernetes-ingress-controller:1.3
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: ingress-controller
        ports:
        - containerPort: 8080
          name: webhook
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
      serviceAccountName: kong-serviceaccount

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ