You are browsing documentation for an older version. See the latest documentation here.
Kong for Kubernetes Enterprise (DB Mode)
Learn to set up the Kong Ingress Controller using Kong Gateway Enterprise. This architecture is described in detail in Kong for Kubernetes with Kong Gateway Enterprise.
To start from scratch deploy Kong Gateway Enterprise and its database in Kubernetes itself. You can safely run them outside Kubernetes as well.
Before you begin
- Create the
kong
namespace.$ kubectl create namespace kong
The results should look like this:
namespace/kong created
- Create Kong Gateway Enterprise bootstrap password. Replace
cloudnative
with a random password of your choice and note it down$ kubectl create secret generic kong-enterprise-superuser-password -n kong --from-literal=password=cloudnative
The results should look like this:
secret/kong-enterprise-superuser-password created
- Create Kong Gateway Enterprise License secret
Kong Gateway Enterprise License secret
Enterprise version requires a valid license to run. As part of sign up for Kong Gateway Enterprise, you should have received a license file. If you do not have one, please contact your sales representative.
- Save the license file temporarily to disk with filename
license.json
. -
Deploy Kong Gateway Enterprise in the
kong
namespace. Ensure that you provide the file path where you have storedlicense.json
file when you run the command. To deploy Kong Ingress Controller in a different namespace, change the value of-n kong
.$ kubectl create secret generic kong-enterprise-license --from-file=license=./license.json -n kong
The results should look like this:
secret/kong-enterprise-license created
Install Kong Gateway Enterprise Ingress Controller
- Deploy Kong Gateway Enterprise Ingress Controller.
kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.7.0/deploy/single/all-in-one-postgres-enterprise.yaml
It takes a little while to bootstrap the database. Once bootstrapped, you should see the Kong Ingress Controller running with Kong Gateway Enterprise as its core
- Check if Kong Ingress Controller and the database is deployed.
$ kubectl get pods -n kong
The results should look like this:
NAME READY STATUS RESTARTS AGE ingress-kong-548b9cff98-n44zj 2/2 Running 0 21s kong-migrations-pzrzz 0/1 Completed 0 4m3s postgres-0 1/1 Running 0 4m3s
-
Check if the
kong-proxy
service is running in the cluster.$ kubectl get services -n kong
The results should look like this:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kong-admin LoadBalancer 10.63.255.85 34.83.95.105 80:30574/TCP 4m35s kong-manager LoadBalancer 10.63.247.16 34.83.242.237 80:31045/TCP 4m34s kong-proxy LoadBalancer 10.63.242.31 35.230.122.13 80:32006/TCP,443:32007/TCP 4m34s kong-validation-webhook ClusterIP 10.63.240.154 <none> 443/TCP 4m34s postgres ClusterIP 10.63.241.104 <none> 5432/TCP 4m34s
Note: Depending on the Kubernetes distribution you are using, you might or might not see an external IP assigned to the three
LoadBalancer
type services. Please see your provider’s documentation to obtain an IP address for a Kubernetes Service of typeLoadBalancer
. If you are running minikube, an external IP address may not be listed. For more information about accessing the service of typeLoadBalancer
in minikube, see LoadBalancer access. - Setup Kong Manager.
If you browse to Kong Manager with the ip address and login as
kong_admin
and the password you provided in the earlier step, it fails. You need to take the External IP address ofkong-admin
service and set the environment variableKONG_ADMIN_IP
:export KONG_ADMIN_IP=$(kubectl get svc -n kong kong-admin --output=jsonpath='{.status.loadBalancer.ingress[0].ip}') kubectl patch deployment -n kong ingress-kong -p "{\"spec\": { \"template\" : { \"spec\" : {\"containers\":[{\"name\":\"proxy\",\"env\": [{ \"name\" : \"KONG_ADMIN_API_URI\", \"value\": \"${KONG_ADMIN_IP}\" }]}]}}}}"
It takes a few minutes to roll out the updated deployment and after the new
ingress-kong
pod is up and running, you should be able to log into the Kong Manager UI.As you follow along with other guides on how to use your newly deployed the Kong Ingress Controller, you can browse Kong Manager and see changes reflected in the UI as Kong’s configuration changes.
-
Setup an environment variable to hold the IP address of
kong-proxy
service.$ export PROXY_IP=$(kubectl get -o jsonpath="{.status.loadBalancer.ingress[0].ip}" service -n kong kong-proxy)
After you’ve installed Kong for Kong Gateway Enterprise, follow our getting started tutorial to learn more.
Customizing by use-case
The deployment in this guide is a point to start using Ingress Controller. Based on your existing architecture, this deployment requires custom work to make sure that it needs all of your requirements.
In this guide, there are three load-balancers deployed for each of Kong Proxy, Kong Admin and Kong Manager services. It is possible and recommended to instead have a single Load balancer and then use DNS names and Ingress resources to expose the Admin and Manager services outside the cluster.