Amazon EKS
To install Kong Ingress Controller for Konnect, select a Kong Ingress Controller Control Plane in Gateway Manager and follow the instructions in the UI
Prerequisites
- Set up an EKS cluster.
- Install
kubectl
and update yourkubeconfig
to point to the EKS Kubernetes cluster by runningaws eks --region $AWS_REGION update-kubeconfig --name $CLUSTER_NAME
Deploy the Kong Ingress Controller
-
Add the Kong Helm repo
helm repo add kong https://charts.konghq.com helm repo update
-
Deploy the Kong Ingress Controller using
Helm
:helm install kong kong/ingress -n kong --create-namespace
The results should look like this:
NAME: kong LAST DEPLOYED: Tue Oct 3 15:12:38 2023 NAMESPACE: kong STATUS: deployed REVISION: 1 TEST SUITE: None
Note: this process could take up to five minutes the first time.
Setup environment variables
Create an environment variable with the address at which Kong is accessible. This address sends requests to the Kubernetes cluster.
-
Get the IP address at which Kong is accessible:
$ kubectl get services -n kong
The results should look like this:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kong-gateway-proxy LoadBalancer 10.63.250.199 example.eu-west-1.elb.amazonaws.com 80:31929/TCP,443:31408/TCP 4m41s
-
Create an environment variable to hold the ELB hostname:
$ export PROXY_IP=$(kubectl get -o jsonpath="{.status.loadBalancer.ingress[0].hostname}" service -n kong kong-gateway-proxy)
It may take some time for Amazon to associate the IP address to the
kong-gateway-proxy
Service.
After you’ve installed the Kong Ingress Controller, learn to use Ingress Controller, see the getting started tutorial.
Troubleshooting
In versions of Kong earlier than 2.0.0 default to using the “modern” cipher suite list. This is not compatible with ELBs when the ELB terminates TLS at the edge and establishes a new session with Kong. This error appears in the logs:
*7961 SSL_do_handshake() failed (SSL: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher) while SSL handshaking
The solution is to set KONG_SSL_CIPHER_SUITE=intermediate
in your environment variables.