Custom Resources

Custom Resources (CRDs) in Kubernetes allow controllers to extend Kubernetes-style declarative APIs that are specific to certain applications.

A few custom resources are bundled with the Kong Ingress Controller to configure settings that are specific to Kong Gateway and provide fine-grained control over the proxying behavior.

The Kong Ingress Controller uses the configuration.konghq.com API group for storing configuration specific to Kong Gateway.

These CRDs allow users to declaratively configure all aspects of Kong Gateway:

• KongPlugin
• KongClusterPlugin
• KongConsumer
• KongConsumerGroup
• TCPIngress
• UDPIngress

Kong Gateway is designed around an extensible plugin architecture and comes with a wide variety of plugins already bundled inside it. These plugins can be used to modify the request or impose restrictions on the traffic.

Once this resource is created, the resource needs to be associated with an Ingress, Service, HTTPRoute, KongConsumer or KongConsumerGroup resource in Kubernetes.

This diagram shows how you can link a KongPlugin resource to an Ingress, Service, or KongConsumer.

This resource requires the kubernetes.io/ingress.class annotation.

KongClusterPlugin resource is exactly same as KongPlugin, except that it is a Kubernetes cluster-level resource rather than a namespaced resource. This can help when the configuration of the plugin needs to be centralized and the permissions to add or update plugin configuration rests with a different persona other than the application owners.

This resource can be associated with an Ingress, Service, or KongConsumer, and can be used in the exact same way as KongPlugin.

A namespaced KongPlugin resource takes priority over a KongClusterPlugin with the same name.

This resource requires the kubernetes.io/ingress.class annotation. Its value must match the value of the controller’s --ingress-class argument, which is kong by default.

This custom resource configures Consumers in Kong Gateway. Every KongConsumer resource in Kubernetes directly translates to a Consumer object in Kong Gateway.

This resource requires the kubernetes.io/ingress.class annotation. Its value must match the value of the controller’s --ingress-class argument, which is kong by default.

This Custom Resource is used for exposing non-HTTP and non-GRPC services running inside Kubernetes to the outside world through Kong Gateway. This proves to be useful when you want to use a single cloud LoadBalancer for all kinds of traffic into your Kubernetes cluster.

It is very similar to the Ingress resource that ships with Kubernetes.

This resource requires the kubernetes.io/ingress.class annotation. Its value must match the value of the controller’s --ingress-class argument, which is kong by default.

This Custom Resource is used for exposing UDP services running inside Kubernetes to the outside world through Kong Gateway.

This is useful for services such as DNS servers, game servers, VPN software and a variety of other applications.

This resource requires the kubernetes.io/ingress.class annotation. Its value must match the value of the controller’s --ingress-class argument, which is kong by default.

KongConsumerGroup creates a Consumer Group, which associates KongPlugin resources with a collection of KongConsumers.

KongConsumers have a consumerGroups array. Adding a KongConsumerGroup’s name to that array adds that Consumer to that Consumer Group.

Applying a konghq.com/plugins: <KongPlugin name> annotation to a KongConsumerGroup then executes that plugin on every consumer in the consumer group.