旧バージョンのドキュメントを参照しています。最新のドキュメントはこちらをご参照ください。

Kong for Kubernetes Enterprise (DB Mode)

Learn to set up the Kong Ingress Controller using Kong Gateway Enterprise. This architecture is described in detail in Kong for Kubernetes with Kong Gateway Enterprise.

To start from scratch deploy Kong Gateway Enterprise and its database in Kubernetes itself. You can safely run them outside Kubernetes as well.

Before you begin

Create the kong namespace.

  $ kubectl create namespace kong

The results should look like this:

  namespace/kong created

Create Kong Gateway Enterprise bootstrap password. Replace cloudnative with a random password of your choice and note it down

  $ kubectl create secret generic kong-enterprise-superuser-password  -n kong --from-literal=password=cloudnative

The results should look like this:

  secret/kong-enterprise-superuser-password created

Create Kong Gateway Enterprise License secret

Kong Gateway Enterprise License secret

Enterprise version requires a valid license to run. As part of sign up for Kong Gateway Enterprise, you should have received a license file. If you do not have one, please contact your sales representative.

Save the license file temporarily to disk with filename license.json.
Deploy Kong Gateway Enterprise in the kong namespace. Ensure that you provide the file path where you have stored license.json file when you run the command. To deploy Kong Ingress Controller in a different namespace, change the value of -n kong.
```
 $ kubectl create secret generic kong-enterprise-license --from-file=license=./license.json -n kong
```
The results should look like this:
```
 secret/kong-enterprise-license created
```

Install Kong Gateway Enterprise Ingress Controller

Deploy Kong Gateway Enterprise Ingress Controller.
```
 kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/v2.12.8/deploy/single/all-in-one-postgres-enterprise.yaml
```
It takes a little while to bootstrap the database. Once bootstrapped, you should see the Kong Ingress Controller running with Kong Gateway Enterprise as its core

Check if Kong Ingress Controller and the database is deployed.

 $ kubectl get pods -n kong

The results should look like this:

 NAME                            READY   STATUS      RESTARTS   AGE
 ingress-kong-548b9cff98-n44zj   2/2     Running     0          21s
 kong-migrations-pzrzz           0/1     Completed   0          4m3s
 postgres-0                      1/1     Running     0          4m3s

Check if the kong-proxy service is running in the cluster.

 $ kubectl get services -n kong

The results should look like this:

 NAME                      TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                      AGE
 kong-admin                LoadBalancer   10.63.255.85    34.83.95.105    80:30574/TCP                 4m35s
 kong-manager              LoadBalancer   10.63.247.16    34.83.242.237   80:31045/TCP                 4m34s
 kong-proxy                LoadBalancer   10.63.242.31    35.230.122.13   80:32006/TCP,443:32007/TCP   4m34s
 kong-validation-webhook   ClusterIP      10.63.240.154   <none>          443/TCP                      4m34s
 postgres                  ClusterIP      10.63.241.104   <none>          5432/TCP                     4m34s

Note: Depending on the Kubernetes distribution you are using, you might or might not see an external IP assigned to the three LoadBalancer type services. Please see your provider’s documentation to obtain an IP address for a Kubernetes Service of type LoadBalancer. If you are running minikube, an external IP address may not be listed. For more information about accessing the service of type LoadBalancer in minikube, see LoadBalancer access.

Setup Kong Manager. If you browse to Kong Manager with the ip address and login as kong_admin and the password you provided in the earlier step, it fails. You need to take the External IP address of kong-admin service and set the environment variable KONG_ADMIN_IP:
```
 export KONG_ADMIN_IP=$(kubectl get svc -n kong kong-admin --output=jsonpath='{.status.loadBalancer.ingress[0].ip}')
 kubectl patch deployment -n kong ingress-kong -p "{\"spec\": { \"template\" : { \"spec\" : {\"containers\":[{\"name\":\"proxy\",\"env\": [{ \"name\" : \"KONG_ADMIN_API_URI\", \"value\": \"${KONG_ADMIN_IP}\" }]}]}}}}"
```
It takes a few minutes to roll out the updated deployment and after the new ingress-kong pod is up and running, you should be able to log into the Kong Manager UI.

As you follow along with other guides on how to use your newly deployed the Kong Ingress Controller, you can browse Kong Manager and see changes reflected in the UI as Kong’s configuration changes.

Setup an environment variable to hold the IP address of kong-proxy service.

$ export PROXY_IP=$(kubectl get -o jsonpath="{.status.loadBalancer.ingress[0].ip}" service -n kong kong-proxy)

After you’ve installed Kong for Kong Gateway Enterprise, follow our getting started tutorial to learn more.

Customizing by use-case

The deployment in this guide is a point to start using Ingress Controller. Based on your existing architecture, this deployment requires custom work to make sure that it needs all of your requirements.

In this guide, there are three load-balancers deployed for each of Kong Proxy, Kong Admin and Kong Manager services. It is possible and recommended to instead have a single Load balancer and then use DNS names and Ingress resources to expose the Admin and Manager services outside the cluster.