Kong Mesh supports most ingress controllers. However, the recommended gateway in Kubernetes is Kong. You can use Kong Ingress Controller for Kubernetes to implement authentication, transformations, and other functionality across Kubernetes clusters with zero downtime.
Service upstream
Remember that Kong Mesh takes over from kube-proxy
when it comes to managing endpoints for Service
traffic.
Ingress controllers generally do the same thing for upstream traffic.
In order for these two functionalities not to conflict with each other, Services
are required to
have the ingress.kubernetes.io/service-upstream=true
annotation.
With this annotation the ingress controller sends traffic to the Service
IP instead of directly to the endpoints selected by the Service
.
Kong Mesh then routes this Service
traffic to endpoints as configured by the mesh.
Kong Mesh automatically injects this annotation for every
Service
that is in a namespace with the label kuma.io/sidecar-injection=enabled
.
For workloads (Deployment/StatefulSet, etc) enabled kuma sidecar injection by labeling the workload pod template rather than labeling on the namespace, Service
objects are not annotated automatically in these namespaces. So users need to add these annotations manually to the Service
objects:
ingress.kubernetes.io/service-upstream
nginx.ingress.kubernetes.io/service-upstream
Delegated gateway Dataplanes
To use the delegated gateway feature, mark your API Gateway’s Pod
with the kuma.io/gateway: enabled
annotation.
The control plane automatically generates Dataplane
objects.
For example:
apiVersion: apps/v1
kind: Deployment
metadata:
...
spec:
template:
metadata:
annotations:
kuma.io/gateway: enabled
...
Now the gateway can send traffic to any services in the mesh including other
zones.
Note that in order to send multi-zone traffic you can either use the
.mesh
address or create a Service
of type ExternalName
that points to that URL.
On Universal, you should define the Dataplane
entity like this:
type: Dataplane
mesh: default
name: kong-01
networking:
...
gateway:
type: DELEGATED
tags:
kuma.io/service: kong
...
Traffic that should go through the gateway should be sent directly to the
gateway process. When configuring your API Gateway to forward traffic into the
mesh, you configure the Dataplane
object as if it were any other Dataplane
on Universal.