You are browsing documentation for an older version.
See the latest documentation here.
Kong for Kubernetes Enterprise
Kong for Kubernetes Enterprise is an enhanced version of
the Open-Source Ingress Controller. It includes all
Enterprise plugins and comes with 24x7 support for worry-free
production deployment.
This is available only for enterprise customers of Kong, Inc.
Before you begin
-
Create the kong
namespace in the cluster to create a secret.
$ kubectl create namespace kong
The results should look like this:
-
Create Kong Gateway Enterprise License secret
Kong Gateway Enterprise License secret
Enterprise version requires a valid license to run.
As part of sign up for Kong Gateway Enterprise, you should have received a license file.
If you do not have one, please contact your sales representative.
- Save the license file temporarily to disk with filename
license.json
.
-
Deploy Kong Gateway Enterprise in the kong
namespace.
Ensure that you provide the file path where you have stored license.json
file when you run the command. To deploy Kong Ingress Controller in a different namespace, change the value of -n kong
.
$ kubectl create secret generic kong-enterprise-license --from-file=license=./license.json -n kong
The results should look like this:
secret/kong-enterprise-license created
Installing Kong Gateway Enterprise
Kong for Kubernetes Enterprise can be installed using an installer of your choice. After the installation is complete, see the getting started tutorial to learn more.
YAML manifests
Kustomize
Helm
-
Install Kong for Kubernetes Enterprise using YAML manifests.
kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.12.6/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml
The results should look like this:
role.rbac.authorization.k8s.io/kong-leader-election created
clusterrole.rbac.authorization.k8s.io/kong-ingress created
clusterrole.rbac.authorization.k8s.io/kong-ingress-crds created
clusterrole.rbac.authorization.k8s.io/kong-ingress-gateway created
clusterrole.rbac.authorization.k8s.io/kong-ingress-knative created
rolebinding.rbac.authorization.k8s.io/kong-leader-election created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress-crds created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress-gateway created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress-knative created
service/kong-admin created
service/kong-proxy created
service/kong-validation-webhook created
deployment.apps/ingress-kong created
deployment.apps/proxy-kong created
ingressclass.networking.k8s.io/kong created
- Check if the Kong Ingress Controller is ready.
$ kubectl get pods -n kong
The results should look like this:
NAME READY STATUS RESTARTS AGE
ingress-kong-6ffcf8c447-5qv6z 2/2 Running 1 44m
It takes a few minutes the first time you set this up.
-
Check if the kong-proxy
service is deployed.
$ kubectl get service kong-proxy -n kong
The results should look like this:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kong-proxy LoadBalancer 10.63.254.78 192.168.99.100 80:32697/TCP,443:32365/TCP 22h
Note: Depending on the Kubernetes distribution you are using, you might or might not see an external IP address assigned to the service. To obtain an IP address for a Kubernetes Service of type LoadBalancer
, see your cloud provider’s documentation.
-
Kubernetes exposes the proxy through a Kubernetes service. Run the following commands to store the load balancer IP address in a variable named PROXY_IP
:
$ export PROXY_IP=$(kubectl get -o jsonpath="{.status.loadBalancer.ingress[0].ip}" service -n kong kong-proxy)
echo $PROXY_IP
The results should look like this:
Note: It may take a while for your cloud provider to actually associate the
IP address to the kong-proxy
Service.
Kustomize manifests are provided for illustration purposes only and are not officially supported by Kong.
There is no guarantee of backwards compatibility or upgrade capabilities for our Kustomize manifests.
For a production setup with Kong support, use the Helm chart.
-
Install Kong for Kubernetes using Kustomize:
kubectl apply -k github.com/kong/kubernetes-ingress-controller/config/variants/enterprise
You can use this as a base kustomization and build on top of it for your cluster and use-case.
The results should look like this:
role.rbac.authorization.k8s.io/kong-leader-election created
clusterrole.rbac.authorization.k8s.io/kong-ingress created
clusterrole.rbac.authorization.k8s.io/kong-ingress-crds created
clusterrole.rbac.authorization.k8s.io/kong-ingress-gateway created
clusterrole.rbac.authorization.k8s.io/kong-ingress-knative created
rolebinding.rbac.authorization.k8s.io/kong-leader-election created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress-crds created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress-gateway created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress-knative created
service/kong-admin created
service/kong-proxy created
service/kong-validation-webhook created
deployment.apps/ingress-kong created
deployment.apps/proxy-kong created
ingressclass.networking.k8s.io/kong created
-
Kubernetes exposes the proxy through a Kubernetes service. Run the following commands to store the load balancer IP address in a variable named PROXY_IP
:
HOST=$(kubectl get svc --namespace kong kong-proxy -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
PORT=$(kubectl get svc --namespace kong kong-proxy -o jsonpath='{.spec.ports[0].port}')
export PROXY_IP=${HOST}:${PORT}
echo $PROXY_IP
The results should look like this:
You can use Helm to install Kong using the official Helm chart:
- Create a
values.yaml
file with these details to deploy using Helm charts.
gateway:
image:
repository: kong/kong-gateway
tag: 3.9.0.0
env:
LICENSE_DATA:
valueFrom:
secretKeyRef:
name: kong-enterprise-license
key: license
-
Install Kong Ingress Controller and Kong Gateway with Helm:
$ helm repo add kong https://charts.konghq.com
$ helm repo update
$ helm install kong kong/ingress -n kong --create-namespace --values ./values.yaml
The results should look like this:
NAME: kong
LAST DEPLOYED: Fri Oct 6 14:41:16 2023
NAMESPACE: kong
STATUS: deployed
REVISION: 1
TEST SUITE: None
-
Kubernetes exposes the proxy through a Kubernetes service. Run the following commands to store the load balancer IP address in a variable named PROXY_IP
:
HOST=$(kubectl get svc --namespace kong kong-gateway-proxy -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
PORT=$(kubectl get svc --namespace kong kong-gateway-proxy -o jsonpath='{.spec.ports[0].port}')
export PROXY_IP=${HOST}:${PORT}
echo $PROXY_IP
The results should look like this: