PermalinkKubernetes Topologies
Running Kong Gateway on Kubernetes is a common deployment pattern. When running on Kubernetes, there are two configuration options available:
- Hybrid mode, with a CP (either on-prem or via Konnect) and multiple DPs
- DB-less mode, configured using CRDs and the Kubernetes Ingress Controller
Running Kong in Hybrid mode is commonly referred to as “Kong on Kubernetes”. Running Kong with Kubernetes Ingress Controller is commonly referred to as “Kong for Kubernetes”, as it provides a Kubernetes native way of configuring Kong entities using Kubernetes Ingress Controller.
You can also use Kubernetes Ingress Controller to configure a Hybrid mode deployment. This should only be used in a small set of circumstances. We recommend using Hybrid mode without KIC, or DB-less mode with KIC, unless you’ve been otherwise advised by a member of the Kong team.
PermalinkHybrid mode
Deploying Kong Gateway in Hybrid mode uses Kubernetes as a runtime for your data planes.
Configuring Kong on Kubernetes is identical to deploying Kong running on a virtual machine or bare metal. The Data Planes connect to a Control Plane (Konnect, or an in-cluster control plane) and receive configuration from the CP. Configuration is managed using the UI, the Kong Admin API or via deck.
We provide detailed installation instructions for Hybrid mode, including ingress definitions for EKS, GKE and AKS.
PermalinkDB-less mode with Kubernetes Ingress Controller
Kubernetes Ingress Controller provides a Kubernetes native way to configure Kong Gateway using custom resource definitions (CRDs). In this deployment pattern, Kong Gateway is deployed in DB-less mode, where the data plane configuration is held in memory.
Operators configure Kong Gateway using standard CRDs such as Ingress
and HTTPRoute
, and Kubernetes Ingress Controller translates those resources in to Kong entities before sending a request to update the running data plane configurations.
In this topology, the Kubernetes API server is your source of truth. Kubernetes Ingress Controller reads resources stored on the API server and translates them in to a valid Kong configuration object. You can think of Kubernetes Ingress Controller as the control plane for your DB-less data planes.
For more information about Kong Gateway and Kubernetes Ingress Controller, see the Kubernetes Ingress Controller getting started guide. This guide walks you through installing Kong Gateway, configuring a service and route, then adding a rate limiting and caching plugin to your deployment.
PermalinkDeciding which to use
Both topologies are supported by Kong, and deciding between the two options depends on your team’s capabilities.
If you’re a Kubernetes-native company who are comfortable managing CRDs and have pre-existing workflows around Kubernetes resources, we recommend using Kubernetes Ingress Controller to manage your deployment. Kubernetes Ingress Controller can be attached to Konnect to provide visibility in to the generated configuration and live traffic through analytics. Kubernetes Ingress Controller is not currently compatible with the Konnect Developer Portal. If you are using Developer Portal, choose Hybrid mode.
If your team is not familiar with CRDs, or you’re migrating an existing configuration from bare metal machines or VMs to Kubernetes, you should choose Hybrid mode. In this topology, Kubernetes is a place to run your data planes and nothing more. There are no CRDs to learn, no Ingress Controller to maintain and update. All configuration is stored in the control plane and send to data planes using the Hybrid mode protocol.