Install on Kubernetes

This page explains how to install Kong Gateway with Kong Ingress Controller in DB-less mode. To install with a database, see the documentation on installing with Helm.

This page also includes the equivalent commands for OpenShift.

In DB-less mode on Kubernetes, the config is stored in etcd, the Kubernetes native data store. For more information, see Kubernetes Deployment Options.

The Kong Gateway software is governed by the Kong Software License Agreement. Kong Gateway (OSS) is licensed under an Apache 2.0 license.

Prerequisites

  • A Kubernetes cluster v1.19 or later
  • kubectl v1.19 or later
  • (Enterprise only) A license.json file from Kong

Create namespace

Create the namespace for Kong Gateway with Kong Ingress Controller. For example:

Kubernetes

OpenShift

  1. kubectl create namespace kong
  1. oc new-project kong

Create license secret

  1. Save your license file temporarily with the filename license (no file extension).

  2. Run:

Kubernetes

OpenShift

  1. kubectl create secret generic kong-enterprise-license --from-file=<absolute-path-to>/license -n kong
  1. oc create secret generic kong-enterprise-license --from-file=./license -n kong

Deploy

  1. Run one of the following:

Kubernetes

Kubernetes (OSS)

OpenShift

  1. kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v3.0.0/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml
  1. kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v3.0.0/deploy/single/all-in-one-dbless.yaml
  1. oc create -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v3.0.0/deploy/single/all-in-one-dbless-k4k8s-enterprise.yaml
  1. This might take a few minutes.
  1. Check the install status:

Kubernetes

OpenShift

  1. kubectl get pods -n kong
  1. oc get pods -n kong
  1. To make HTTP requests, you need the IP address of the load balancer. Get the loadBalancer address and store it in a local PROXY_IP environment variable:

    Note: Some cluster providers only provide a DNS name for load balancers. In this case, specify .hostname instead of .ip.

    1. export PROXY_IP=$(kubectl get -o jsonpath="{.status.loadBalancer.ingress[0].ip}" service -n kong kong-proxy)

    If you’re testing locally and have not deployed a loadbalancer, you can port forward the kong-proxy service to test:

    1. kubectl port-forward -n kong svc/kong-proxy 8000:80

    Then in a different terminal window:

    1. export PROXY_IP=localhost:8000
  2. Verify that the value of $PROXY_IP matches the value of the external host:

    1. echo $PROXY_IP

    This should match the EXTERNAL_IP value of the kong-proxy service returned by the Kubernetes API:

Kubernetes

OpenShift

  1. kubectl get service kong-proxy -n kong
  1. oc get service kong-proxy -n kong
  1. Invoke a test request:

    1. curl $PROXY_IP

    This should return the following response from Gateway:

    1. {"message":"no Route matched with those values"}

Next steps

See the Kong Ingress Controller docs for how-to guides, reference guides, and more.