I have K8s cluster on bare machines (Rancher), with ingress-nginx from Rancher.
I deployed kong with official chart (1.1.1), with “proxy.type: ClusterIP” (I left the other settings by default).
So, from outside of cluster I have to redirect traffic to kong-ingress by ingress-nginx.
I created in kong namespace ingress, which is set to service kong-kong-proxy
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: echo2-frontend-rke-to-kong namespace: kong spec: rules: - host: my.host.name http: paths: - backend: serviceName: kong-kong-proxy servicePort: 80 tls: # < placing a host in the TLS config will indicate a cert should be created - hosts: - my.host.name secretName: echo2-frontend-rke-to-kong-tls-cert
In different namespace I created kong-ingres, with plugins etc (and with echo service for testing purpose):
apiVersion: extensions/v1beta1
kind: Ingress metadata: name: echo2-ingress-kong annotations: kubernetes.io/ingress.class: "kong" plugins.konghq.com: acl,jwt spec: rules: - host: my.host.name http: paths: - backend: serviceName: echo servicePort: 80
This works fine (I can curl https://my.host.name, JWT authentication + ACL works).
When I tried to add second host (ingress-nginx + kong-ingress as above, only with different host and secretName), I get immediately “Request Header Or Cookie Too Large” (for both hosts), and in kong proxy logs:
2020/02/04 12:20:24 [warn] 24#0: *42315 [lua] reports.lua:73: log(): [reports] unknown request scheme: http while logging request, client: 10.42.4.65, server: kong, request: “GET / HTTP/1.1”, host: “my.host.name”
10.42.4.65 - - [04/Feb/2020:12:20:24 +0000] “GET / HTTP/1.1” 494 46 “-” “curl/7.67.0”
(…)
10.42.4.65 - - [04/Feb/2020:12:20:24 +0000] “GET / HTTP/1.1” 494 46 “-” “curl/7.67.0”
10.42.5.1 - - [04/Feb/2020:12:20:24 +0000] “GET / HTTP/1.1” 494 46 “-” “curl/7.67.0”
Is any way to use many hosts/ingresses in this scenario (traffic from outsite of cluster by ingress-nginx to one kong-ingress deployment?)