Comments (15)
I can't provide a timeline for this feature yet but this is something that would solve multiple problems.
Alternatively, is there a way to add a global plugin with Kubernetes Ingress? That would help a lot.
Unfortunately no. There is no mechanism to apply global plugins via the ingress controller yet. Stay tuned, this might be a smaller problem to solve.
from kubernetes-ingress-controller.
Last question (because I'm derailing here): until labels are added, which resources are unsafe to manually add? I assume I can probably manually configure the global plugins at least and save 100s of resources here.
I'm sorry to say but you shouldn't manage any resource manually in Kong when you're using Kong as an Ingress controller. At this point, the only resort here is to temporarily create all KongPlugin
resources. We will be trying to figure out an approach to make it possible to create global plugins via the ingress controller for the short term but in future, KongPlugin
resources will be reusable.
from kubernetes-ingress-controller.
So the re-use of plugins works with Service annotations, but not Ingress? That seems to be what @Dag24 is saying but I would have expected similar behavior based on the problem's description.
You can't reuse plugin configurations in services either but you can apply the plugin at the service level instead of route level using an annotation in the k8s service.
from kubernetes-ingress-controller.
Ah, that makes sense. I didn't realize they'd actually be applied at the service level in kong. That might be more fitting for my use-case anyway from a logical perspective since each domain/entrypoint never uses different plugins.
from kubernetes-ingress-controller.
A bit more information on this:
I tried splitting the example into 3 different Ingress
resources and got the same result... the plugin would only create on one of the routes. I thought for sure that would be an ugly workaround at least.
I then tried duplicating the KongPlugin
resource with a different name for each route and using that. This worked, but is obviously even more messy than the duplicate Ingress
idea because it requires duplicating both.
Here's an example showing this
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: add-header
config:
header_name: X-Request-ID
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: mytest-foo
annotations:
kubernetes.io/ingress.class: kong
correlation-id.plugin.konghq.com: add-header
spec:
rules:
- host: foo.com
http:
paths:
- path: /foo
backend:
serviceName: myservice
servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: mytest-bar
annotations:
correlation-id.plugin.konghq.com: add-header
spec:
rules:
- host: bar.com
http:
paths:
- path: /bar
backend:
serviceName: myservice
servicePort: 80
The result from the above is that 2 routes and 1 service are created, as expected. But unfortunately only one plugin is created and it is assigned to one of the two routes.
from kubernetes-ingress-controller.
Hello @jaygorrell,
The duplication of KongPlugin
resource is a known limitation currently which is necessitated by the fact that UUID of the KongPlugin
k8s resource is used as the UUID of the plugin entity in Kong.
We've on our roadmap to avoid this duplication. But as you found out, the temporary workaround is to create a dedicated Ingress and KongPlugin resource.
from kubernetes-ingress-controller.
Eek, I was afraid of that.
Thanks for the response but we essentially have 6 global plugins in our current Kong setup so to expose all 50 services, it sounds like we would need to have 300 plugin resources. Do you have a rough timeline on that being addressed? If it's relatively soon (month or two) I could set things up for how we expect it to work and just wait on the fixes.
Alternatively, is there a way to add a global plugin with Kubernetes Ingress? That would help a lot.
from kubernetes-ingress-controller.
Last question (because I'm derailing here): until labels are added, which resources are unsafe to manually add? I assume I can probably manually configure the global plugins at least and save 100s of resources here.
from kubernetes-ingress-controller.
Not sure if this helps @jaygorrell but I have a very similar setup to yours, and it's also possible to set plugin annotations on the Service itself which is how I achieve a plugin being applied to multiple hosts, as follows. (I don't work for Kong, I'm just a user.)
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: add-header
config:
header_name: X-Request-ID
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: mytest-foo
annotations:
kubernetes.io/ingress.class: kong
spec:
rules:
- host: foo.com
http: &http_rules
paths:
- path: /foo
backend:
serviceName: myservice
servicePort: 80
- host: bar.com
http: *http_rules
---
apiVersion: v1
kind: Service
metadata:
name: myservice
annotations:
correlation-id.plugin.konghq.com: add-header
spec:
selector:
app: myservice
ports:
- port: 80
targetPort: 3000
Obviously, this requires that you are in a position to apply such an annotation on your Service
. But now, myservice
will get the add-header
plugin on foo.com/foo
and bar.com/foo
.
from kubernetes-ingress-controller.
@Dag24 Thanks, that's pretty interesting but I wonder if it's intentional or not. The documentation indicates that annotations are for the Ingress resource. It feels a little disconnected in a weird way, too.
If this is intentional though, it really isn't a bad workaround at all and could fit in my use-case.
from kubernetes-ingress-controller.
@jaygorrell @Dag24
As documented here, this is indeed intentional.
Having said that, the underlying problem here is the controller currently doesn't reuse KongPlugin
objects. I've been thinking a little bit about the problem.
It seems it is possible to avoid this duplication if we rewrite the plugin sync logic in the controller.
The controller would not compare IDs of the plugin but compare the plugin names and their configs.
This would complicate the logic a little bit but is worth it.
Once the reuse of KongPlugin
problem is solved, it will open up doors for a lot of usability enhancements like this current issue.
Stay tuned for updates!
from kubernetes-ingress-controller.
I stand corrected! I missed that plugins can be applied to services instead of Ingress. Thanks @hbagdi!
So the re-use of plugins works with Service annotations, but not Ingress? That seems to be what @Dag24 is saying but I would have expected similar behavior based on the problem's description.
from kubernetes-ingress-controller.
After #121, KongPlugin resource can be reused across multiple Ingress and/or Service objects.
This feature is now merged into master.
@jaygorrell Next release of Ingress Controller will introduce support for Global plugins as well allow reusing KongPlugin resources across services.
Closing this, please re-open if otherwise.
Thank you!
from kubernetes-ingress-controller.
@hbagdi Awesome. Does that also address the multiple host
entry issue in Ingress resources? That was the scope of this issue originally.
from kubernetes-ingress-controller.
@hbagdi Awesome. Does that also address the multiple host entry issue in Ingress resources? That was the scope of this issue originally.
Yes, it will create a plugin for each host
entry.
from kubernetes-ingress-controller.
Related Issues (20)
- Use `name` in `KongVault` as prefix of vault in translation HOT 1
- Duplicate consumers cause a JSON unmarshal error HOT 1
- Test Request: Kong Gateway EE 2.8.4.6-rc1 HOT 2
- `KongLicense` CRD
- Release v3.1.0 HOT 2
- Last valid config (KongRawStateToKongState) doesn't support Licenses field HOT 1
- Remove the validation for HTTPRouteTimeoutBackendRequest during admission. HOT 1
- Test Request: Kong Gateway EE version 3.5.0.3-rc.1 HOT 3
- Feature gate limiting the scope of Konnect dump HOT 1
- `KongVault` add RBAC rules in controller role to chart
- Race condition in diagnostics server
- Enhanced support for HTTPRouteTimeoutBackendRequest
- Support path segment matching
- Kong on Kubernetes / after securing the admin api , how to instruct the manager GUI to use the appropriate authentication HOT 2
- TCPRoute don't connects to Gateway HOT 2
- Flaky test: TestValidationWebhook/verify_validation_webhook_on_creating_KongVaults/should_fail_the_validation_if_the_spec.config_does_not_pass_the_schema_check_of_Kong_gateway HOT 2
- Test Request: Kong Gateway EE version 3.6.0.0-rc.1 HOT 3
- [Ingress with http path regex] regex parse error: look-around, including look-ahead and look-behind, is not supported HOT 1
- Constant e2e failures against unreleased Kong with Kuma HOT 3
- Defining multiple backend references for HTTPRoute paralyzes upstream updates
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-ingress-controller.