1

I deployed kong ingress controller for our kubernetes, and we are using it for routing our micro services.

Now I want to expose my admin API to use other features and get monitoring stats. Please someone could help me on this.

None of the documention helps me with this.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
BItabe - Prinson
  • 65
  • 1
  • 6
  • Hello, could you please tell if you are referring to the `CONTROLLER_KONG_ADMIN_URL` that is available on port `8444`? – Dawid Kruk Apr 08 '21 at 16:04

1 Answers1

4

Assuming that we are focusing on:

Admin API

This is the port where Kong exposes its management API. Hence in production this port should be firewalled to protect it from unauthorized access.

  • 8001 provides Kong’s Admin API that you can use to operate Kong with HTTP. See admin_listen.
  • 8444 provides the same Kong Admin API but using HTTPS. See admin_listen and the ssl suffix.

-- Docs.konghq.com: 2.3.X: Configuration: Admin listen

From Kubernetes/GKE perspective you can access this ports with either:

  • $ kubectl port-forward deployment/ingress-kong -n kong 8444:8444:
    • this option would allow you to query https://localhost:8444 from your host
  • Service:
    • Modify the Service of Kong Ingress
    • Modify the Deployment of Kong Ingress

A side note!

You could also expose it with Ingress resource but you would need to create a Service that is pointing to the Admin API, modify the Deployment and apply the Ingress resource that would point to this Service

Focusing on exposing this API with Service:

  • Edit the Service: kong-proxy and add:
  - name: api
    protocol: TCP
    port: 8444 
    targetPort: 8444
  • Edit the Deployment: kong-ingress
        - name: KONG_ADMIN_LISTEN
          value: 0.0.0.0:8444 ssl # <-- from 127.0.0.1

IMPORTANT!

Above edits will expose your API to the external sources (assuming no connection with the last question of yours with internal lb of GKE). Please refer to the documentation of Kong for support on that matter:

Additional resources:

Dawid Kruk
  • 8,982
  • 2
  • 22
  • 45
  • Thank you so much – BItabe - Prinson Apr 12 '21 at 17:38
  • Thank you. Kong really should do a better job writing documents. This took so much time from me. – Dryland Apr 19 '21 at 06:56
  • I cannot still send a request to the kong ingress controller's admin api. Neither through 127.0.0.1:8444 nor on the kong-proxy endpoint ip address:8444. I get connection refused error. What could be wrong? – Andy Dufresne Sep 15 '21 at 08:49
  • So you are saying that even when you are trying to connect to it from localhost (directly from a Pod) it doesn't work? I'd check the configuration of Kong, the ports that is listens on. – Dawid Kruk Sep 16 '21 at 12:06