Kong POST problems in Kubernetes with Kuma


I am setting up a test environment using Minikube and the Kuma Service Mesh to allow us to test out some services in a Kubernetes environment. I have deployed Kong Gateway into this using the Helm method described at Kong Ingress on Minikube - v1.2.x | Kong - Open-Source API Management and Microservice Management.
This seems to be mostly working, however the route to one of our services which has a GraphQL API is giving 405 when we attempt to post queries to it; e.g. from the Kong proxy log :
2021-04-28 10:16:27 - - [28/Apr/2021:09:16:27 +0000] “POST /acql/graphql? HTTP/1.1” 405 176 “” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36”

A corresponding trace also appears in the log of Kong’s sidecar proxy:

	2021-04-28 10:16:27	

[2021-04-28T10:16:27.459Z] default “POST /graphql? HTTP/1.1” 405 - 108 176 116 114 “” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36” “b386b641-2b25-91b4-a8bb-7fd1f371ea76” “” “kong-1618827503-kong-proxy_default_svc_443” “acql_default_svc_4242” “” “”

but no such entries in the sidecar for the ACQL service implying the problem is at the Kong end?

In the Kong deployment set up i have applied the “methods” annotation specifying GET and POST for matching but only GETs seem to be handled correctly
One thing I have noticed is that the Kuma dataplane proxy for Kong has been created as a ‘Standard’ proxy, not a ‘Gateway’ proxy as the Kuma documentation suggests it should be. This is despite the fact that the Helm chart contains the

kuma.io/gateway: “enabled”

annotation as required in the Kuma docs (though it is is metadata.annotations not spec.metadata.annotations).

I wondered if this incorrect dataplane proxy type could be significant in the problem I’m seeing or whether it is intentional in the recommended Kong setup and shouldn’t affect things in this way. In either case do you have any suggestions as to what might cause POST requests to be blocked in this way and what I can do I can fix it? I have confirmed that if I bypass Kong and make a direct connection to the ACQL service within Kubernetes, the application operates correctly.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ