not able to connect kong proxy

[arundeepkurni]

followed steps what ever specified in docs and domains, kong wit postgres running. and exposed kong deployment as proxy on 8000, added apps (web and hello) with ingress. but, not able to connect web/hello apps.

trying this "http://acme.local:8000" outside and getting "This site can’t be reached" and even no logs observed in ingress and kong (/usr/local/kong/logs/) pods. What could be the issue? how to debug this issues.

[sandromello]

You need to check if the proxy is exposed properly, another way of testing is using the port-forward command:

# It will expose the port to port 8000 in your localhost machine
kubectl port-forward <kong-pod> 8000:8000 -n kong-system
# Must return the response below
curl http://127.0.0.1:8000
{"message":"no API found with those values"}

After that you could test faking the Host header

curl http://127.0.0.1:8000 -H 'Host: acme.local'
curl http://127.0.0.1:8000 -H 'Host: marvin.acme.local'

If the first step didn't return the expected result, you need to check if kong is running and the service is properly exposed. You could exec the ingress and curl the service endpoint to check if the service is working properly:

kubectl exec -it <kong-ingress-pod> /bin/bash
curl http://kong-proxy:8000
{"message":"no API found with those values"}

Check if kong is alive and running also:

kubectl exec -it <kong-pod> /bin/bash
curl http://kong-proxy:8000
{"message":"no API found with those values"}

[arundeepkurni]

Thanks sandromello, IP-forward is helping and working from K8S master. But, trying from outside master (from my laptop by using google app Virtual Hosts)

[sandromello]

If you have any problems let me know. May I close this issue then?

[arundeepkurni]

half solved, failing to connect from outside k8s master

[sandromello]

If the controller isn't managing the routes reopen this issue please.

[arundeepkurni]

from ingress controller, i am able to connect kong. But, ultimately it suppose to connect (http://acme.local:8000) from outside master/minion as per document specified. which is not happen.

If we draw diagram, it should work like below: (1)Client ==>(2) Ingress ==> (3)Kong ==> (4)App I can see communication from 2 to 4, but, I don't see communication from Client (1) to ingress Controller (2).

I added /etc/hosts file (acme.local with one of the minion ip), it is resolving Ip address, but it is not hitting ingress, even there is no logs in ingress container.

[sandromello]

You misunderstood how ingress works:

An Ingress is a collection of rules that allow inbound connections to reach the cluster services.

The kong ingress controller will enforce the rules created in an ingress resource to Kong. So your workflow is wrong and it works like:

[Client] ==> [Kong] ==> [Service] ==> [App]

You need to expose only Kong and then you could reach all your virtual hosts (created by the ingress controller) inside a Kubernetes cluster

[arundeepkurni]

Ok fine.

I want to know how to access [Client] ==> [Kong] when we are trying from outside k8s environment (i.e.., master, minion)? without kubectl?

[sandromello]

Have you tried to expose the Kong Pod Service as NodePort?

If you're in a Cloud Provider you need to expose the traffic to this port on the Node.

[arundeepkurni]

Kong pod service as Nodeport we succeeded by following : https://getkong.org/install/kubernetes/ Also, come across with Nginx-ingress controller to avoid Nodeport.

But, we are looking for kong-ingress controller, where it works without assigning Nodeport and all the application tie up with kong-ingress like domain, routers what you mentioned in the DOC section, So that we completely avoid usage of NodePorts.

Is kong-ingress is providing something different which I should aware?

[sandromello]

NodePort is only an option to expose your service, you could choose between other kind of scenarios like:

• LoadBalancer
• ExternalIPs

Reference: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types.

[arundeepkurni]

how this project( kong-ingress) exposes their service, name sense me as ingress, is it not true?

[cainelli]

Hi @arundeepkurni, our ingress controller will be responsible for creating the APIs on Kong, as an ingress controller should. A Kubernetes ingress resource will determine how this API will be created by the controller in Kong.

If there's any other question I'll be glad to assist you, feel free to ping me on Kubernetes's slack group as @cainelli.