Deploy

Exposing your APIs in the cluster

Fury Kubernetes modules are deployed using the furyctl command line tool.

Packages are then customized with kustomize. It lets you create customized Kubernetes resources based on other Kubernetes resource files (bases) using patches or additional resources, leaving the original YAML untouched. To learn how to create you own customization layer with it, please see the kustomize official repository.

Requirements

Compatibility

Module Version / Kubernetes Version 1.14.X 1.15.X 1.16.X
v1.0.0
  • Compatible
  • Has issues
  • Incompatible

Default Configuration

The Fury Kubernetes Kong module is deployed with the following default configuration:

  • Metrics are scraped by Prometheus every 10s
  • Kong ingress controller is a DaemonSet and not a Deployment
  • Service is exposed as NodePort on ports:
    • 31081 for HTTP
    • 31444 for HTTPS
  • Set externalTrafficPolicy: Local on kong service

Additionaly, the following Prometheus alerts are setup by default:

Parameter Description Severity Interval
KongIngressDown This alert fires if Prometheus target discovery was not able to reach kong ingress metrics in the last 15 minutes. critical 15m

Deploying the Ingress Controller

You can download the packages for a given Kong Module package with the default configuration using one of the following provided Furyfile.yml:

Single Ingress:

bases:
  - name: kong/kong
    version: "v1.0.0"

once you have the Furyfile.yml ready, then execute

$ furyctl vendor

to download the packages under ./vendor/katalog/kong/kong.

See furyctl documentation for mode details.

To deploy the packages to your cluster, define a kustomization.yaml with the following content:

bases:
- ./vendor/katalog/kong/kong

and execute the following command to deploy the Fury Kubernetes Kong module package:

$ kustomize build . | kubectl apply -f -

See kustomize documentation for details about kustomization.yaml format.

Test Kong Ingress Controller

To test that everything is working, you can apply these example manifests:

An ingress with a rate-limiting plugin:

cat <<EOF | kubectl apply -f - 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-kong-ingress
  namespace: default
  annotations:
    konghq.com/plugins: rate-limiting
    kubernetes.io/ingress.class: 'kong'
spec:
  rules:
    - http:
        paths:
          - path: /testkong
            backend:
              serviceName: nonexistent
              servicePort: 8080
EOF

The rate-limiting plugin CRD:

cat <<EOF | kubectl apply -f - 
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: rate-limiting
  namespace: default
  annotations:
    kubernetes.io/ingress.class: 'kong'
config:
  minute: 5
  limit_by: ip
  policy: local
plugin: rate-limiting
EOF

Then, you can test your ingress via cURL:

curl "http://$(kubectl get pods -n kong -o jsonpath="{.items[*].status.hostIP}" | head -1):31081/testkong" -s -o /dev/null -w "%{http_code}"

You should receive a 503 HTTP code the first five time, then a 429 HTTP code indicating that the kong plugin was triggered correctly!


Last modified 19.05.2020: Adding Kong docs (e5d1ed9)