How can I expose kong admin api using kong k8 ingress?

Question

I deployed kong ingress controller for our kubernetes, and we are using it for routing our micro services.

Now I want to expose my admin API to use other features and get monitoring stats. Please someone could help me on this.

None of the documention helps me with this.

Dawid Kruk · Accepted Answer

Assuming that we are focusing on:

Admin API

This is the port where Kong exposes its management API. Hence in production this port should be firewalled to protect it from unauthorized access.

8001 provides Kong’s Admin API that you can use to operate Kong with HTTP. See admin_listen.

8444 provides the same Kong Admin API but using HTTPS. See admin_listen and the ssl suffix.

-- Docs.konghq.com: 2.3.X: Configuration: Admin listen

From Kubernetes/GKE perspective you can access this ports with either:

$ kubectl port-forward deployment/ingress-kong -n kong 8444:8444:
- this option would allow you to query https://localhost:8444 from your host
Service:
- Modify the Service of Kong Ingress
- Modify the Deployment of Kong Ingress

A side note!

You could also expose it with Ingress resource but you would need to create a Service that is pointing to the Admin API, modify the Deployment and apply the Ingress resource that would point to this Service

Focusing on exposing this API with Service:

Edit the Service: kong-proxy and add:

  - name: api
    protocol: TCP
    port: 8444 
    targetPort: 8444

Edit the Deployment: kong-ingress

        - name: KONG_ADMIN_LISTEN
          value: 0.0.0.0:8444 ssl # <-- from 127.0.0.1

IMPORTANT!

Above edits will expose your API to the external sources (assuming no connection with the last question of yours with internal lb of GKE). Please refer to the documentation of Kong for support on that matter:

Docs.konghq.com: Gateway OSS: 2.3.X: Secure admin api

Additional resources:

How can I expose kong admin api using kong k8 ingress?

Answers (1)

Admin API

Related Questions