Hello,
I’m trying to understand if it is possible to handle requests with a Lambda function when Kong is installed as an ingress controller on EKS. I’ve been checking the examples here: https://docs.konghq.com/hub/kong-inc/aws-lambda/ and here: https://konghq.com/blog/secure-and-manage-aws-lambda-endpoints-with-kong/
Also, I’d like to mention that I’m running a db-less installation. From what I can see in the examples posted above, it definitely is possible to use a Lambda but I’m not sure if it is possible when Kong is installed as an ingress controller.
Could someone confirm that this is doable and, if yes, provide some examples on how this can be set up?
Thank you!
It is, yes. Using the controller changes the method you use to add configuration (you create Kubernetes manifests instead of using the Admin API directly) but generally doesn’t change what’s available (there are caveats, but they’re usually more related to DB-less support, which is common for controller-managed instances, rather than the controller itself limiting things), and the aws-lambda plugin is fully supported.
You’ll create your configuration using a KongPlugin custom resource and link it to your Ingress/Service/KongConsumer using a plugins annotation.
The plugin configuration itself (the content under the config
section of your KongPlugin) will look like the example shown under the “Without a database” example in the plugin documentation. You can ignore the content outside the config
block (it’s different from the KongPlugin metadata–reference the KongPlugin guide for that), but the content inside will look the same in your KongPlugin.
I managed to get it working. All that is needed is the plugin configuration and the ingress.
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: my-lambda-plugin
namespace: my-namespace
plugin: aws-lambda
config:
aws_key: <redacted>
aws_secret: <redacted>
aws_region: eu-central-1
function_name: MyLambda
timeout: 60000
keepalive: 60000
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
namespace: my-namespace
annotations:
konghq.com/strip-path: "true"
konghq.com/plugins: my-lambda-plugin
configuration.konghq.com: force-https
spec:
rules:
- host: api.mycompany.com
http:
paths:
- path: /some-path
# backend service is irrelevant as it will not be taken into consideration by Kong
backend:
serviceName: fakeapp-service
servicePort: 3000
The thing I couldn’t get my head around in the beginning is what backend service to set for the ingress. Turns out it doesn’t matter. Many thanks to @hbagdi for pointing this out in our chat in the Kubernetes#kong channel.
Hopefully this example will help others get up and running much faster with Kong + Lambda.