Kong Ingress Controller on Kubernetes

Question

I'm trying to deploy Kong Ingress Controller into my K8s cluster deployed using kubeadm in virtualbox.

It's composed of a master and two worker nodes.

According to the documentation, I'm using a DBless deploy:

kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/master/deploy/single/all-in-one-dbless.yaml

The result is this:

namespace/kong created
customresourcedefinition.apiextensions.k8s.io/kongclusterplugins.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/kongconsumers.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/kongingresses.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/kongplugins.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/tcpingresses.configuration.konghq.com created
customresourcedefinition.apiextensions.k8s.io/udpingresses.configuration.konghq.com created
serviceaccount/kong-serviceaccount created
role.rbac.authorization.k8s.io/kong-leader-election created
clusterrole.rbac.authorization.k8s.io/kong-ingress created
rolebinding.rbac.authorization.k8s.io/kong-leader-election created
clusterrolebinding.rbac.authorization.k8s.io/kong-ingress created
service/kong-proxy created
service/kong-validation-webhook created
deployment.apps/ingress-kong created

So far, so good. Here are the components it creates:

NAME                                READY   STATUS    RESTARTS        AGE
pod/ingress-kong-7498964bb6-ddbfw   2/2     Running   2 (7m37s ago)   7m41s

NAME                              TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
service/kong-proxy                LoadBalancer   10.110.24.254   <pending>     80:31345/TCP,443:31076/TCP   7m41s
service/kong-validation-webhook   ClusterIP      10.108.43.162   <none>        443/TCP                      7m41s

NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-kong   1/1     1            1           7m41s

NAME                                      DESIRED   CURRENT   READY   AGE
replicaset.apps/ingress-kong-7498964bb6   1         1         1       7m41s

I'm exposing the loadbalancer using port-forward:

kubectl port-forward svc/kong-proxy -n kong 80:80

Then I curl http://localhost the result is as expected:

curl : {"message":"no Route matched with those values"}

And finally, I deploy a set of ingress rules to test it:

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  strategy: {}
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:alpine
        name: nginx
        ports:
        - containerPort: 80
        resources: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: httpd
  name: httpd
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpd
  strategy: {}
  template:
    metadata:
      labels:
        app: httpd
    spec:
      containers:
      - image: httpd:alpine
        name: httpd
        ports:
        - containerPort: 80
        resources: {}
status: {}
---
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: nginx
  name: nginx-service
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: ClusterIP
status:
  loadBalancer: {}
---
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: httpd
  name: httpd-service
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: httpd
  type: ClusterIP
status:
  loadBalancer: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    konghq.com/strip-path: "true"
  name: nginx-ingress
spec:
  ingressClassName: kong
  rules:
  - http:
      paths:
      - backend:
          service:
            name: nginx-service
            port:
              number: 80
        path: /nginx
        pathType: Prefix
status:
  loadBalancer: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    konghq.com/strip-path: "true"
  name: httpd-ingress
spec:
  ingressClassName: kong
  rules:
  - http:
      paths:
      - backend:
          service:
            name: httpd-service
            port:
              number: 80
        path: /httpd
        pathType: Prefix

When I try to curl any path defined in my ingress rules, for instance, curl http://localhost/httpd it throws this error:

curl : An invalid response was received from the upstream server

The logs from the kong proxy shows this error:

[error] 1097#0: *6474 connect() failed (113: Host is unreachable) while connecting to upstream, client: 127.0.0.1, server: kong, request: "GET /httpd HTTP/1.1", upstream: "http://10.88.0.58:80/", host: "localhost"

The IP shows when I list the endpoints:

httpd-service   10.88.0.58:80       14m
nginx-service   10.88.0.59:80       14m

Both services (httpd-service and nginx-service) are correct and I'm able to access them when I port forward their service to my local machine.

I did the same deploy into another cluster on DigitalOcean and besides provisioning a loadbalacer, the result was pretty much the same.

Can anyone help me on this?

Thanks!

Answer 1

This is because of Internal Load balancer IP in which kong-proxy is installed.

Your getting curl : {"message":"no Route matched with those values"} after port forwarding is because URL hit internally.

When you created ingress httpd service which is hosted remotely. Using the internal load balancer we cannot able to reach the external hosted domain.

So try installing kong ingress as external load balancer IP which is exposed to outside network. So that you can access the hosted service.

Get the installation yaml for kong which has external load balancer in it.