We have it now running wtih Version 2.23.0 of the Kong helm chart. As an example configuration would have been helpful, I provide the relevant sections of the values.yaml file below. My it help you setting it up.
We use the AWS load-balancer controller, so external DNS is not supported. This config also assumes that the Kong pods are directly reachable in the VPC and no node port setup is needed.
proxy:
type: ClusterIP
ingress:
enabled: true
ingressClassName: alb
path: "/*"
annotations:
# Documentation on the annotations is under
# https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/backend-protocol: HTTPS
# Healthcheck config
alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
# There is no route and service for "/" so Kong returns a 404.
# If Kong is not running the health check will time out instead.
# We could use an url where Kong returns 200, but this URL will depend
# on a backend service. So Kong would be down, when this service is down.
alb.ingress.kubernetes.io/healthcheck-path: /
alb.ingress.kubernetes.io/success-codes: '404'
# SSL config
alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-FS-1-2-Res-2020-10"
alb.ingress.kubernetes.io/ssl-redirect: 443
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:YOUR_ACM_ARN"
alb.ingress.kubernetes.io/tags: "Environment=dev,Team=my"
alb.ingress.kubernetes.io/load-balancer-attributes: "access_logs.s3.enabled=true,access_logs.s3.bucket=MY_LOG_BUCKET,access_logs.s3.prefix=kong-dev,deletion_protection.enabled=true"