Kong Ingress Controller + Lambda Plugin


I’m trying to understand if it is possible to handle requests with a Lambda function when Kong is installed as an ingress controller on EKS. I’ve been checking the examples here: https://docs.konghq.com/hub/kong-inc/aws-lambda/ and here: https://konghq.com/blog/secure-and-manage-aws-lambda-endpoints-with-kong/

Also, I’d like to mention that I’m running a db-less installation. From what I can see in the examples posted above, it definitely is possible to use a Lambda but I’m not sure if it is possible when Kong is installed as an ingress controller.

Could someone confirm that this is doable and, if yes, provide some examples on how this can be set up?

Thank you!

It is, yes. Using the controller changes the method you use to add configuration (you create Kubernetes manifests instead of using the Admin API directly) but generally doesn’t change what’s available (there are caveats, but they’re usually more related to DB-less support, which is common for controller-managed instances, rather than the controller itself limiting things), and the aws-lambda plugin is fully supported.

You’ll create your configuration using a KongPlugin custom resource and link it to your Ingress/Service/KongConsumer using a plugins annotation.

The plugin configuration itself (the content under the config section of your KongPlugin) will look like the example shown under the “Without a database” example in the plugin documentation. You can ignore the content outside the config block (it’s different from the KongPlugin metadata–reference the KongPlugin guide for that), but the content inside will look the same in your KongPlugin.

I managed to get it working. All that is needed is the plugin configuration and the ingress.

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
  name: my-lambda-plugin
  namespace: my-namespace
plugin: aws-lambda
  aws_key: <redacted>
  aws_secret: <redacted>
  aws_region: eu-central-1
  function_name: MyLambda
  timeout: 60000
  keepalive: 60000

apiVersion: extensions/v1beta1
kind: Ingress
  name: my-ingress
  namespace: my-namespace
    konghq.com/strip-path: "true"
    konghq.com/plugins: my-lambda-plugin
    configuration.konghq.com: force-https
  - host: api.mycompany.com
      - path: /some-path
        # backend service is irrelevant as it will not be taken into consideration by Kong
          serviceName: fakeapp-service
          servicePort: 3000

The thing I couldn’t get my head around in the beginning is what backend service to set for the ingress. Turns out it doesn’t matter. Many thanks to @hbagdi for pointing this out in our chat in the Kubernetes#kong channel.

Hopefully this example will help others get up and running much faster with Kong + Lambda.