Greetings,
Kubernetes Version: 1.27
Cloud Provider / Platform: AWS EKS
I have followed the installation instructions provided by Kong Konnect to create a new runtime group using the Kong Ingress Controller method. I am using the default Helm values provided, and successfully install Kong Ingress Controller in EKS.
You can see the pods are up and healthy (using Istio as well, so 2/2 containers are shown):
kubectl get pods -n kong
...
NAME READY STATUS RESTARTS AGE
kong-ingress-controller-controller-c4d8d9576-rm5dr 2/2 Running 1 (15h ago) 15h
kong-ingress-controller-gateway-74fc5c5965-tdmc8 2/2 Running 0 15h
kong-ingress-controller-postgresql-0 2/2 Running 0 17h
Similarly, you can see that AWS allocated a load balancer to the Kong gateway proxy:
kubectl get svc -n kong
...
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kong-ingress-controller-controller-validation-webhook ClusterIP 172.20.53.82 <none> 443/TCP 4d1h
kong-ingress-controller-gateway-admin ClusterIP None <none> 8444/TCP 4d1h
kong-ingress-controller-gateway-proxy LoadBalancer 172.20.77.88 <REDACTED>.elb.us-east-2.amazonaws.com 80:31323/TCP,443:30937/TCP 4d1h
kong-ingress-controller-postgresql ClusterIP 172.20.94.220 <none> 5432/TCP 4d1h
kong-ingress-controller-postgresql-hl ClusterIP None <none> 5432/TCP 4d1h
The Problem: Kong seems to be requesting a load balancer with scheme: internal as opposed to scheme: internet-facing.
I am coming from Istio, where you annotate the Istio IngressGateway in the Helm values to make it internet-facing:
# Istio IngressGateway values.yaml
...
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-type: nlb
...
How can I make Kong request an scheme: internet-facing load balancer instead of scheme: internal so I can bring internet traffic into my cluster?
Thanks in advance.