Kong enterprise free mode kubernetes with db-less and external db

Hi guys!

I’m testing the kong enterprise free mode in my cluster and i had a problem. When i run kong with helm in db-less mode everyting works fine, but i don’t have some resources like RBAC. So i trying to use with DB, im working with RDS AWS, and configuring like is recommend in kong docummentation. But the controller stop and my redirecting ingress and everyting else stoping the kong manager, admin etc.

Do you have some idea for what i can do?

Thx.

At a baseline, I’d check your controller and proxy container logs to see if there’s an issue with either coming online or with the controller not being able to send configuration. Absent any other information, my first guess would be that the proxy container isn’t actually able to connect to the database, which will cascade into the controller not being able to start because Kong isn’t running. If that’s so, the proxy container error logs should give you a better indication of exactly why it can’t connect to the database.

Hi Traines, thx for the reply!

I get the logs and here is:

log from container ingress-controller:
time=“2021-05-14T18:17:37Z” level=info msg=“syncing configuration” component=controller
time=“2021-05-14T18:17:38Z” level=error msg=“failed to update kong configuration: loading configuration from kong: mtls-auths: HTTP status 403 (message: “Forbidden”)” component=controller
time=“2021-05-14T18:17:38Z” level=error msg=“failed to sync: loading configuration from kong: mtls-auths: HTTP status 403 (message: “Forbidden”)” component=sync-queue
time=“2021-05-14T18:17:38Z” level=warning msg=“requeuing sync for ‘kong/my-kong-kong-token-kwqcl’” component=sync-queue

**log from proxy:**
2021/05/14 18:19:18 [crit] 25#0: *10035 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /consumers?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:18 [crit] 25#0: *10039 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /plugins?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:18 [crit] 25#0: *10037 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /acls?size=1000 HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:18 [crit] 25#0: *10038 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /snis?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:18 [crit] 25#0: *10033 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /routes?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:18 [crit] 25#0: *10040 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /jwts?size=1000 HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:21 [crit] 25#0: *10070 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /hmac-auths?size=1000 HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:21 [crit] 25#0: *10078 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /upstreams?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:21 [crit] 25#0: *10068 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /consumers?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:24 [crit] 25#0: *10117 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /certificates?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:41 [crit] 25#0: *10293 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /plugins?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:41 [crit] 25#0: *10301 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /certificates?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:41 [crit] 25#0: *10302 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /routes?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:51 [crit] 25#0: *10406 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /upstreams?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:51 [crit] 25#0: *10407 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /acls?size=1000 HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:51 [crit] 25#0: *10410 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /jwts?size=1000 HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:51 [crit] 25#0: *10408 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /consumers?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:19:51 [crit] 25#0: *10398 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /key-auths?size=1000 HTTP/1.1", host: "localhost:8444"
2021/05/14 18:20:04 [crit] 25#0: *10559 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /hmac-auths?size=1000 HTTP/1.1", host: "localhost:8444"
2021/05/14 18:20:04 [crit] 25#0: *10564 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /upstreams?size=1000&tags=managed-by-ingress-controller HTTP/1.1", host: "localhost:8444"
2021/05/14 18:20:04 [crit] 25#0: *10563 SSL_write() failed, client: 127.0.0.1, server: kong_admin, request: "GET /acls?size=1000 HTTP/1.1", host: "localhost:8444"

I really don’t know what’s happen, i just try to set a DB and when i look the jobs for migration they was executed wheel ok.

I missed to say im using kong with Istio, when i try to do a request on NLB for my app I can saw the request hitting the istio-proxy and the proxy of Kong. This just happened when i Use the db-mode, everything works fine when i use db-less mode, my ingress routes, istio side car, etc…

The 403 for mtls-auths is an outstanding issue that we’ve fixed, but not yet released. https://github.com/Kong/deck/pull/321 is the fix for the library that KIC uses to interact with Kong.

Unfortunately there’s no workaround for that other than using the OSS image, so for now you’ll just need to wait for an upcoming KIC release.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ