hi, sorry for the late reply.
1. deploy the alb-ingress-controller
Instructions to install the alb-ingress-controller can be found here (I used helm ): https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html
2. deploy the kong-proxy
Deploy kong without creating a load balancer (use NodePort type). I used helm again: https://github.com/Kong/charts
3. Create your ingress
Then create your ingress pointing to the kong proxy service:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: default
name: ingres_name
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/healthcheck-port: "80"
alb.ingress.kubernetes.io/certificate-arn: "certificate arn here"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-FS-1-2-Res-2020-10
spec:
rules:
- host: your_host_here
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ssl-redirect
port:
name: use-annotation
- path: /
pathType: Prefix
backend:
service:
name: kong-proxy
port:
number: 80
Note: the above ingress creates an ALB that does some extra things like SSL termination, redirects HTTP to HTTPS, and sets a more strict ssl-policy.
Now you can integrate WAF with your newly created ALB, etc.
Hope this helps.