[Kubernetes] Install Kong Ingress Controller - Gateway API

Helm 설치 및 설명 참고 {: .prompt-info }

Kong Ingress Controller 참고

https://docs.konghq.com/kubernetes-ingress-controller/latest/ {: .prompt-info }

Install the experimental Gateway API CRDs #

1kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/experimental-install.yaml

Install GatewayClass #

1apiVersion: gateway.networking.k8s.io/v1
2kind: GatewayClass
3metadata:
4  name: kong
5  annotations:
6    konghq.com/gatewayclass-unmanaged: 'true'
7
8spec:
9  controllerName: konghq.com/kic-gateway-controller

Install Gateway #

 1apiVersion: gateway.networking.k8s.io/v1
 2kind: Gateway
 3metadata:
 4  name: kong
 5spec:
 6  gatewayClassName: kong
 7  listeners:
 8  - name: proxy
 9    port: 80
10    protocol: HTTP
11    allowedRoutes:
12      namespaces:
13         from: All
14  - name: proxy-ssl
15    port: 443
16    protocol: HTTPS
17    hostname: kong.example.com
18    tls:
19      mode: Terminate
20      certificateRefs:
21        - kind: Secret
22          name: kong-example-com-cert
23  - name: proxy-tcp-9901
24    port: 9901
25    protocol: TCP
26  - name: proxy-udp-9902
27    port: 9902
28    protocol: UDP
29  - name: proxy-tls-9903
30    port: 9903
31    protocol: TLS

Add Kong Helm Chart #

1helm repo add kong https://charts.konghq.com
2helm repo update

Modify Values.yaml #

 1...✂...
 2
 3ingressController:
 4  enabled: true
 5  env:
 6    anonymous_reports: false
 7
 8...✂...
 9
10postgresql:
11  enabled: true
12
13...✂...

Install Kong #

1helm install kong kong/kong -n kong --create-namespace

Enable the Gateway API Alpha feature gate #

1kubectl set env -n kong deployment/kong-controller CONTROLLER_FEATURE_GATES="GatewayAlpha=true" -c ingress-controller

TCP Service #

포트 기반 라우팅: Kong Gateway는 특정 포트에서 수신한 모든 트래픽을 Kubernetes 서비스로 단순히 프록시한다. TCP 연결은 서비스의 모든 사용 가능한 Pods에 걸쳐 로드 밸런싱된다.
SNI 기반 라우팅: Kong Gateway는 지정된 포트에서 TLS 암호화된 스트림을 수락하고, TLS 핸드쉐이크에서 제공되는 SNI를 기준으로 트래픽을 다른 서비스로 라우팅할 수 있다. 또한 Kong Gateway는 TLS 핸드쉐이크를 종료하고 TCP 스트림을 Kubernetes 서비스로 전달한한다.

Patch Deployment kong-gateway #

 1kubectl patch deploy -n kong kong-gateway --patch '{
 2   "spec": {
 3     "template": {
 4       "spec": {
 5         "containers": [
 6           {
 7             "name": "proxy",
 8             "env": [
 9               {
10                 "name": "KONG_STREAM_LISTEN",
11                 "value": "0.0.0.0:9000, 0.0.0.0:9443 ssl"
12               }
13             ],
14             "ports": [
15               {
16                 "containerPort": 9000,
17                 "name": "stream9000",
18                 "protocol": "TCP"
19               },
20               {
21                 "containerPort": 9443,
22                 "name": "stream9443",
23                 "protocol": "TCP"
24               }
25             ]
26           }
27         ]
28       }
29     }
30   }
31 }'

Patch Service kong kong-gateway-proxy #

 1kubectl patch service -n kong kong-gateway-proxy --patch '{
 2  "spec": {
 3    "ports": [
 4      {
 5        "name": "stream9000",
 6        "port": 9000,
 7        "protocol": "TCP",
 8        "targetPort": 9000
 9      },
10      {
11        "name": "stream9443",
12        "port": 9443,
13        "protocol": "TCP",
14        "targetPort": 9443
15      }
16    ]
17  }
18}'

Create TCP Ingress #

 1echo "apiVersion: configuration.konghq.com/v1beta1
 2kind: TCPIngress
 3metadata:
 4  name: echo-tls
 5  annotations:
 6    kubernetes.io/ingress.class: kong
 7spec:
 8  tls:
 9  - secretName: tls9443.kong.example
10    hosts:
11      - tls9443.kong.example
12  rules:
13  - host: tls9443.kong.example
14    port: 9443
15    backend:
16      serviceName: echo
17      servicePort: 1025