Skip to content
|
search
Kubernetes Ingress Controller
2.9.x (latest)

Kubernetes Ingress Controller Design

Overview

The Kubernetes Ingress Controller configures Kong Gateway using Ingress or Gateway API resources created inside a Kubernetes cluster.

The Kubernetes Ingress Controller is made up of two high level components:

  • Kong, the core proxy that handles all the traffic
  • Controller Manager, a series of processes that synchronize the configuration from Kubernetes to Kong

The Kubernetes Ingress Controller performs more than just proxying the traffic coming into a Kubernetes cluster. It is possible to configure plugins, load balancing, health checking and leverage all that Kong offers in a standalone installation.

The following figure shows how it works:

high-level-design

The Controller Manager listens for changes happening inside the Kubernetes cluster and updates Kong in response to those changes to correctly proxy all the traffic.

Kong is updated dynamically to respond to changes around scaling, configuration changes, failures that are happening inside a Kubernetes cluster.

For more information on how Kong works with routes, services, and upstreams, please see the proxy and load balancing references.

Translation

Kubernetes resources are mapped to Kong resources to proxy traffic.

There exist 2 flavors of objects in Kubernetes that can be used with Kubernetes Ingress Controller in order to procure a working Kong Gateway.

Generic Kubernetes resources

In Kubernetes, there are several main concepts that are used to logically identify workloads and route traffic between them. Some of them are:

  • A Service inside Kubernetes is a way to abstract an application that is running on a set of pods. This maps to two objects in Kong: Service and Upstream. The service object in Kong holds the information on the protocol to use to talk to the upstream service and various other protocol specific settings. The Upstream object defines load-balancing and health-checking behavior.
  • Pods associated with a Service in Kubernetes map as a Target belonging to the Upstream (the upstream corresponding to the Kubernetes Service) in Kong. Kong load balances across the Pods of your service. This means that all requests flowing through Kong are not directed via kube-proxy but directly to the pod.

Ingress

An Ingress resource in Kubernetes defines a set of rules for proxying traffic. These rules correspond to the concept of a route in Kong.

The following image describes the relationship between Kubernetes concepts and Kong’s Ingress configuration.

translating Kubernetes to Kong

Gateway API

Gateway API resources can also be used to produce running instances and configurations for Kong Gateway.

The main concepts here are:

  • A Gateway resource in Kubernetes describes how traffic can be translated to services within the cluster.
  • A GatewayClass defines a set of Gateways that share a common configuration and behaviour. Each GatewayClass will be handled by a single controller, although controllers may handle more than one GatewayClass.
  • HTTPRoute can be attached to a Gateway which will configure the HTTP routing behavior.

You can find more details about Gateway API concepts supported by Kubernetes Ingress Controller here.