Install on Kubernetes
This page explains how to install Kong Gateway with Kubernetes Ingress Controller in DB-less mode. To install with a database, see the documentation on installing with Helm.
This page also includes the equivalent commands for OpenShift.
In DB-less mode on Kubernetes, the config is stored in etcd, the Kubernetes native data store. For more information, see Kubernetes Deployment Options.
The Kong Gateway software is governed by the Kong Software License Agreement. Kong Gateway (OSS) is licensed under an Apache 2.0 license.
Prerequisites
- A Kubernetes cluster, v1.19 or later
kubectl
v1.19 or later- (Enterprise only) A
license.json
file from Kong
Create namespace
Create the namespace for Kong Gateway with Kubernetes Ingress Controller. For example:
Kubernetes
OpenShift
kubectl create namespace kong
oc new-project kong
Create license secret
Save your license file temporarily with the filename
license
(no file extension).Run:
Kubernetes
OpenShift
kubectl create secret generic kong-enterprise-license --from-file=<absolute-path-to>/license -n kong
oc create secret generic kong-enterprise-license --from-file=./license -n kong
Deploy
- Run one of the following:
Kubernetes
Kubernetes (OSS)
OpenShift
kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.9.3/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml
kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.9.3/deploy/single/all-in-one-dbless.yaml
oc create -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.9.3/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml
This might take a few minutes.
- Check the install status:
Kubernetes
OpenShift
kubectl get pods -n kong
oc get pods -n kong
To make HTTP requests, you need the IP address of the load balancer. Get the
loadBalancer
address and store it in a localPROXY_IP
environment variable:Note: Some cluster providers only provide a DNS name for load balancers. In this case, specify
.hostname
instead of.ip
.export PROXY_IP=$(kubectl get -o jsonpath="{.status.loadBalancer.ingress[0].ip}" service -n kong kong-proxy)
If you’re testing locally and have not deployed a loadbalancer, you can port forward the
kong-proxy
service to test:kubectl port-forward -n kong svc/kong-proxy 8000:80
Then in a different terminal window:
export PROXY_IP=localhost:8000
Verify that the value of
$PROXY_IP
matches the value of the external host:echo $PROXY_IP
This should match the
EXTERNAL_IP
value of thekong-proxy
service returned by the Kubernetes API:
Kubernetes
OpenShift
kubectl get service kong-proxy -n kong
oc get service kong-proxy -n kong
Invoke a test request:
curl $PROXY_IP
This should return the following response from Gateway:
{"message":"no Route matched with those values"}
Next steps
See the Kong Ingress Controller docs for how-to guides, reference guides, and more.