Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
|
search
Kong Ingress Controller
2.6.x
github-edit-pageEdit this page
report-issueReport an issue
You are browsing documentation for an outdated version. See the latest documentation here.

Kong Ingress on Elastic Kubernetes Service (EKS)

Requirements

  1. A fully functional EKS cluster. Please follow Amazon’s Guide to set up an EKS cluster.
  2. Basic understanding of Kubernetes
  3. A working kubectl linked to the EKS Kubernetes cluster we will work on. The above EKS setup guide will help you set this up.

Deploy the Kong Ingress Controller

You can deploy the Kong Ingress Controller using kubectl or Helm:

$ kubectl create -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.6.0/deploy/single/all-in-one-dbless.yaml

helm repo add kong https://charts.konghq.com
helm repo update
helm install kongdocs kong/kong

The results should look like this:

namespace/kong created
customresourcedefinition.apiextensions.k8s.io/kongplugins.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/kongconsumers.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/kongcredentials.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/kongingresses.configuration.konghq.com created
serviceaccount/kong-serviceaccount created
clusterrole.rbac.authorization.k8s.io/kong-ingress-clusterrole created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress-clusterrole-nisa-binding created
configmap/kong-server-blocks created
service/kong-proxy created
service/kong-validation-webhook created
deployment.extensions/kong created

Note: this process could take up to five minutes the first time.

Setup environment variables

Next, create an environment variable with the IP address at which Kong is accessible. This IP address sends requests to the Kubernetes cluster.

Execute the following command to get the IP address at which Kong is accessible:

$ kubectl get services -n kong
NAME         TYPE           CLUSTER-IP      EXTERNAL-IP                           PORT(S)                      AGE
kong-proxy   LoadBalancer   10.63.250.199   example.eu-west-1.elb.amazonaws.com   80:31929/TCP,443:31408/TCP   57d

Create an environment variable to hold the ELB hostname:

$ export PROXY_IP=$(kubectl get -o jsonpath="{.status.loadBalancer.ingress[0].hostname}" service -n kong kong-proxy)

Note: It may take some time for Amazon to actually associate the IP address to the kong-proxy Service.

Once you’ve installed the Kong Ingress Controller, please follow our getting started tutorial to learn about how to use the Ingress Controller.

TLS configuration

Versions of Kong prior to 2.0.0 default to using the “modern” cipher suite list. This is not compatible with ELBs when the ELB terminates TLS at the edge and establishes a new session with Kong. This error will appear in Kong’s logs:

*7961 SSL_do_handshake() failed (SSL: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher) while SSL handshaking

To correct this issue, set KONG_SSL_CIPHER_SUITE=intermediate in your environment variables.