Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 2.8.x (latest)
  • 2.7.x
  • 2.6.x
  • 2.5.x
  • 2.4.x
  • 2.3.x
  • 2.2.x
  • 2.1.x
  • 2.0.x
  • 1.3.x
  • 1.2.x
  • 1.1.x
  • 1.0.x
    • FAQ
    • Version Support Policy
    • Stages of Software Availability
    • Changelog
    • Architecture
    • Custom Resources
    • Deployment Methods
    • Kong for Kubernetes with Kong Enterprise
    • High-Availability and Scaling
    • Resource Classes
    • Security
    • Ingress Resource API Versions
    • Gateway API
    • Kong Ingress on Minikube
    • Kong for Kubernetes
    • Kong for Kubernetes Enterprise
    • Kong for Kubernetes with Kong Enterprise
    • Kong Ingress on AKS
    • Kong Ingress on EKS
    • Kong Ingress on GKE
    • Admission Webhook
    • Installing Gateway APIs
    • Getting Started with KIC
    • Upgrading from previous versions
    • Upgrading to Kong 3.x
    • Getting Started using Istio
      • Using the KongPlugin Resource
      • Using the KongIngress Resource
      • Using KongConsumer and KongCredential Resources
      • Using the TCPIngress Resource
      • Using the UDPIngress Resource
    • Using the ACL and JWT Plugins
    • Using cert-manager with Kong
    • Allowing Multiple Authentication Methods
    • Configuring a Fallback Service
    • Using an External Service
    • Configuring HTTPS Redirects for Services
    • Using Redis for Rate Limiting
    • Integrate KIC with Prometheus/Grafana
    • Configuring Circuit-Breaker and Health-Checking
    • Setting up a Custom Plugin
    • Using Ingress with gRPC
    • Setting up Upstream mTLS
    • Exposing a TCP Service
    • Exposing a UDP Service
    • Using the mTLS Auth Plugin
    • Configuring Custom Entities
    • Using the OpenID Connect Plugin
    • Rewriting Hosts and Paths
    • Preserving Client IP Address
    • Using Kong with Knative
    • Using Multiple Backend Services
    • KIC Annotations
    • CLI Arguments
    • Custom Resource Definitions
    • Plugin Compatibility
    • Version Compatibility
    • Supported Kong Router Flavors
    • Troubleshooting
    • Prometheus Metrics
    • Feature Gates
    • Supported Gateway API Features

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Environment variables
  • Flags
Kubernetes Ingress Controller
2.8.x (latest)
  • Home
  • Kubernetes Ingress Controller
  • References
  • CLI Arguments

CLI Arguments

Various settings and configurations of the controller can be tweaked using CLI flags.

Environment variables

Each flag defined in the table below can also be configured using an environment variable. The name of the environment variable is CONTROLLER_ string followed by the name of flag in uppercase.

For example, --ingress-class can be configured using the following environment variable:

CONTROLLER_INGRESS_CLASS=kong-foobar

It is recommended that all the configuration is done via environment variables and not CLI flags.

Flags

Following table describes all the flags that are available:

Flag Type Description Default
--admission-webhook-cert string Admission server PEM certificate. value  
--admission-webhook-cert-file string Admission server PEM certificate file path; if both this and the cert value is unset a default is provided. /admission-webhook/tls.crt
--admission-webhook-key string Admission server PEM private key value  
--admission-webhook-key-file string Admission server PEM private key file path; if both this and the key value is unset a default is provided. /admission-webhook/tls.key
--admission-webhook-listen string The address to start admission controller on (ip:port). Setting it to off disables the admission controller. "off"
--anonymous-reports string Send anonymized usage data to help improve Kong. true
--apiserver-burst int The Kubernetes API server burst queries limit, to temporarily exceed the --apiserver-qps limit. 300
--apiserver-host string The Kubernetes API server URL. If not set, the controller will use cluster config discovery.  
--apiserver-qps int The Kubernetes API server queries per second limit. 100
--dump-config boolean Enable config dumps via web interface host:10256/debug/config. false
--dump-sensitive-config boolean Include credentials and TLS secrets in configs exposed with --dump-config. false
--election-id string Election id to use for status update. "5b374a9e.konghq.com"
--election-namespace string Namespace to use for election ConfigMap. Only necessary for development environments running outside a Kubernetes cluster.  
--enable-controller-ingress-extensionsv1beta1 boolean Enable the extensions/v1beta1 Ingress controller. true
--enable-controller-ingress-networkingv1 boolean Enable the networking.k8s.io/v1 Ingress controller. true
--enable-controller-ingress-networkingv1beta1 boolean Enable the networking.k8s.io/v1beta1 Ingress controller. true
--enable-controller-knativeingress boolean Enable the KnativeIngress controller. true
--enable-controller-kongclusterplugin boolean Enable the KongClusterPlugin controller. true
--enable-controller-kongconsumer boolean Enable the KongConsumer controller. true
--enable-controller-kongingress boolean Enable the KongIngress controller. true
--enable-controller-kongplugin boolean Enable the KongPlugin controller. true
--enable-controller-service boolean Enable the Service controller. true
--enable-controller-tcpingress boolean Enable the TCPIngress controller. true
--enable-controller-udpingress boolean Enable the UDPIngress controller. true
--enable-reverse-sync boolean Send configuration to Kong even if the configuration checksum has not changed since previous update. false
--feature-gates strings A set of key=value pairs that describe feature gates for alpha/beta/experimental features. see feature-gates
--gateway-api-controller-name string Controller name of the Kubernetes Gateway API. Gateway resources are reconciled only when their GatewayClass has the same value in spec.controllerName. konghq.com/kic-gateway-controller
--health-probe-bind-address string The address the probe endpoint binds to. ":10254"
--help boolean Help for this command. false
--ingress-class string Name of the ingress class to route through this controller. "kong"
--kong-admin-ca-cert string PEM-encoded CA certificate to verify Kong’s Admin SSL certificate.  
--kong-admin-ca-cert-file string Path to PEM-encoded CA certificate file to verify Kong’s Admin SSL certificate.  
--kong-admin-concurrency int Max number of concurrent requests sent to Kong’s Admin API. 10
--kong-admin-filter-tag strings The tag used to manage and filter entities in Kong. This flag can be specified multiple times to specify multiple tags. [managed-by-ingress-controller]
--kong-admin-header strings Add a header (key:value) to every Admin API call, this flag can be used multiple times to specify multiple headers.  
--kong-admin-init-retries int Number of attempts that will be made initially on controller startup to connect to the Kong Admin API. 60
--kong-admin-init-retry-delay duration The time delay between every attempt (on controller startup) to connect to the Kong Admin API.  
--kong-admin-tls-server-name string SNI name to use to verify the certificate presented by Kong in TLS.  
--kong-admin-tls-skip-verify boolean Disable verification of TLS certificate of Kong’s Admin endpoint. false
--kong-admin-token string The Kong Enterprise RBAC token used by the controller.  
--kong-admin-url string The Kong Admin URL to connect to in the format “protocol://address:port”. "http://localhost:8001"
--kong-custom-entities-secret string A Secret containing custom entities for DB-less mode, in “namespace/name” format.  
--kong-workspace string Kong Enterprise workspace to configure. Leave this empty if not using Kong workspaces.  
--kubeconfig string Path to the kubeconfig file.  
--log-format string Format of logs of the controller. Allowed values are text and json. "text"
--log-level string Level of logging for the controller. Allowed values are trace, debug, info, warn, error, fatal and panic. "info"
--metrics-bind-address string The address the metric endpoint binds to. ":10255"
--profiling boolean Enable profiling via web interface host:10256/debug/pprof/. false
--proxy-sync-seconds float32 Define the rate (in seconds) in which configuration updates will be applied to the Kong Admin API. 3
--proxy-timeout-seconds float32 Define the rate (in seconds) in which the timeout configuration will be applied to the Kong client. 10
--publish-service string Service fronting Ingress resources in “namespace/name” format. The controller will update Ingress status information with this Service’s endpoints.  
--publish-status-address strings User-provided addresses in comma-separated string format, for use in lieu of “publish-service” when that Service lacks useful address information.  
--skip-ca-certificates boolean Disable CA certificate handling. When using multiple controllers for separate workspaces in the same Kong instance, all but one controller should have this set to true. false
--sync-period duration Relist and confirm cloud resources this often. 48h
--term-delay duration The time delay to sleep before SIGTERM or SIGINT shuts down the Ingress Controller. 0s
--update-status boolean Indicates if the ingress controller should update the status of resources (e.g. IP/Hostname for v1.Ingress, e.t.c.). true
--watch-namespace strings Namespace(s) to watch for Kubernetes resources. Defaults to all namespaces. To watch multiple namespaces, use a comma-separated list of namespaces. all
Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023