Skip to content
|
Kong Ingress Controller
2.6.x
github-edit-pageEdit this page
report-issueReport an issue
You are browsing documentation for an older version. See the latest documentation here.

Kong Ingress on Elastic Kubernetes Service (EKS)

Requirements

  1. A fully functional EKS cluster. Please follow Amazon’s Guide to set up an EKS cluster.
  2. Basic understanding of Kubernetes
  3. A working kubectl linked to the EKS Kubernetes cluster we will work on. The above EKS setup guide will help you set this up.

Deploy the Kong Ingress Controller

You can deploy the Kong Ingress Controller using kubectl or Helm:

$ kubectl create -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.6.0/deploy/single/all-in-one-dbless.yaml

helm repo add kong https://charts.konghq.com
helm repo update
helm install kong kong/ingress -n kong --create-namespace

The results should look like this:

   namespace/kong created
   customresourcedefinition.apiextensions.k8s.io/kongplugins.configuration.konghq.com created
   customresourcedefinition.apiextensions.k8s.io/kongconsumers.configuration.konghq.com created
   customresourcedefinition.apiextensions.k8s.io/kongcredentials.configuration.konghq.com created
   customresourcedefinition.apiextensions.k8s.io/kongingresses.configuration.konghq.com created
   serviceaccount/kong-serviceaccount created
   clusterrole.rbac.authorization.k8s.io/kong-ingress-clusterrole created
   clusterrolebinding.rbac.authorization.k8s.io/kong-ingress-clusterrole-nisa-binding created
   service/kong-proxy created
   service/kong-validation-webhook created
   deployment.apps/ingress-kong created
   deployment.apps/proxy-kong created
   ingressclass.networking.k8s.io/kong created

NAME: kong
LAST DEPLOYED: Tue Oct  3 15:12:38 2023
NAMESPACE: kong
STATUS: deployed
REVISION: 1
TEST SUITE: None

Note: this process could take up to five minutes the first time.

Setup environment variables

Next, create an environment variable with the IP address at which Kong is accessible. This IP address sends requests to the Kubernetes cluster.

Execute the following command to get the IP address at which Kong is accessible:

$ kubectl get services -n kong
NAME         TYPE           CLUSTER-IP      EXTERNAL-IP                           PORT(S)                      AGE
kong-proxy   LoadBalancer   10.63.250.199   example.eu-west-1.elb.amazonaws.com   80:31929/TCP,443:31408/TCP   57d

Create an environment variable to hold the ELB hostname:

$ export PROXY_IP=$(kubectl get -o jsonpath="{.status.loadBalancer.ingress[0].hostname}" service -n kong kong-proxy)

Note: It may take some time for Amazon to actually associate the IP address to the kong-proxy Service.

Once you’ve installed the Kong Ingress Controller, please follow our getting started tutorial to learn about how to use the Ingress Controller.

TLS configuration

Versions of Kong prior to 2.0.0 default to using the “modern” cipher suite list. This is not compatible with ELBs when the ELB terminates TLS at the edge and establishes a new session with Kong. This error will appear in Kong’s logs:

*7961 SSL_do_handshake() failed (SSL: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher) while SSL handshaking

To correct this issue, set KONG_SSL_CIPHER_SUITE=intermediate in your environment variables.