Kong Ingress Controller (OSS) #1122
-
|
I am planning to use Kong API Gateway / Ingress Controller for a kube-hetzner cluster. Before I start to figure out all the details on my own I just want to ask here if probably someone has experience with that and can share a solution which uses a Hetzner Load Balancer (like the bundled nginx and traefik controllers)? In general I prefer Bitnami Helm charts and would give this one a try: https://github.com/bitnami/charts/tree/main/bitnami/kong/ But I would be interested in any solution (e.g. with the official Kong Helm charts). Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
I successfully installed Kong Ingress Controller. I used the official Kong chart https://github.com/Kong/charts/blob/main/charts/ingress/README.md These are my values to make it work with Hetzner load balancer: k8s-kong.tf # Docs: https://github.com/Kong/charts/blob/main/charts/ingress/README.md
resource "helm_release" "kong" {
name = "kong"
repository = "https://charts.konghq.com"
chart = "ingress"
namespace = "kong"
version = "0.10.1"
values = [file("yaml/kong/helm-kong.yml")]
create_namespace = true
}yaml/kong/helm-kong.yml gateway:
# use three replicas and prevent running two instances on the same host
replicaCount: 3
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: gateway
app.kubernetes.io/component: app
app.kubernetes.io/instance: kong
# apply Hetzner load balancer annotations
proxy:
type: LoadBalancer
annotations:
load-balancer.hetzner.cloud/name: kong
load-balancer.hetzner.cloud/hostname: kong.example.com
load-balancer.hetzner.cloud/location: fsn1
load-balancer.hetzner.cloud/type: lb11
load-balancer.hetzner.cloud/use-private-ip: "true"
load-balancer.hetzner.cloud/disable-private-ingress: "true"
# activate proxy protocol to get real client ip addresses
load-balancer.hetzner.cloud/uses-proxyprotocol: "true"
env:
# no database, just CRD driven configuration, easy stateless HA setup
database: "off"
# use Load Balancer proxy protocol to get real client ips
proxy_listen: "0.0.0.0:8000 proxy_protocol, 0.0.0.0:8443 ssl proxy_protocol"
real_ip_header: "proxy_protocol"
trusted_ips: "0.0.0.0/0,::/0"
controller:
replicaCount: 3
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: controller
app.kubernetes.io/component: app
app.kubernetes.io/instance: kongAs well I added another Let's Encrypt ClusterIssuer for the cluster-issuer-kong.yml apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod-kong
namespace: cert-manager
spec:
acme:
email: letsencrypt_k8s@example.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod-account-key
solvers:
- http01:
ingress:
class: kongAn example Ingress looks like this: hello-world-ingress-kong.yml apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-kong
namespace: hello-world
annotations:
kubernetes.io/ingress.class: kong
cert-manager.io/cluster-issuer: "letsencrypt-prod-kong"
kubernetes.io/tls-acme: "true"
spec:
rules:
- host: hello.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hello-world
port:
number: 80
tls:
- secretName: hello-world-kong-tls
hosts:
- hello.example.com |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for sharing @jr-dimedis, but why are you not using a Hetzner-managed certificate? |
Beta Was this translation helpful? Give feedback.
-
|
Hey @tobiasehlert, I must admit that I was not aware of the possibility to use Hetzner-managed certificates. We use Let's Encrypt certificates for all our servers and have never had any problems with them, so we haven't looked for alternatives. |
Beta Was this translation helpful? Give feedback.
I successfully installed Kong Ingress Controller.
I used the official Kong chart
kong/ingress, because I had trouble with the Bitnami chart and after some investigation using the Kong chart was straight forward.https://github.com/Kong/charts/blob/main/charts/ingress/README.md
These are my values to make it work with Hetzner load balancer:
k8s-kong.tf
yaml/kong/helm-kong.yml
…