Manual test of Kong Ingress functionality

Documentation of how to test the ingress functionality of Kong Proxy.

Step 0: Prerequisites

  • external-dns-app >3.1.0
helm list -n kube-system | grep external-dns
# Example Output
# external-dns   kube-system   4   2024-04-23 09:37:02 UTC deployed   external-dns-app-3.1.0
  • Workload Cluster base domain
# Vintage clusters

kubectl get -n giantswarm configmap chart-operator-chart-values -o jsonpath='{.data.values}' | grep baseDomain

# CAPI clusters
kubectl get -n giantswarm configmap <wc-name>-chart-operator-chart-values -o jsonpath='{.data.values}' | grep baseDomain

# Example Output
# baseDomain:

Step 1: Deploy Kong OSS

Ensure you’re using at least version 3.1.0 of the external-dns-app. Check your cluster release requirements to confirm this version is supported.

Deploy kong-app with at least the following values to:

  • configure the OSS image repository and tag
  • disable enterprise
  • configure the external-dns annotations for the proxy service:
  repository: giantswarm/kong
  tag: "<kong-image-tag>"
  enabled: false
  annotations: "*.kong.<wc-cluster-base-domain>" managed

Make sure that the Kong Proxy service is configured with an attached Amazon Web Services (AWS) Load Balancer (LB).

k get -n kong-app svc kong-app-kong-app-proxy -o jsonpath='{.status.loadBalancer.ingress[].hostname}'
# Example Output

Step 2: Deploy the hello-world-app

Deploy the hello-world-app with the following values.yaml config:

  className: kong
  - host: hello.kong.<wc-cluster-base-domain>
    - path: /
      pathType: Prefix
  - secretName: hello-world-tls
    - hello.kong.<wc-cluster-base-domain>

Step 4: Test the Kong Proxy

After applying the ingress configuration, test the Kong proxy functionality by sending requests to the hello-world-app. Verify the routing of requests through the Kong proxy and check the responses to ensure they are being processed correctly. Additionally, you can test the SSL/TLS configuration by accessing the hello.kong.<wc-cluster-base-domain> URL over HTTPS and ensuring that the hello-world-tls certificate is being served correctly.

Replace <wc-cluster-base-domain> above with your actual wildcard cluster base domain and <kong-image-tag> with the specific image tag you are using for the Kong installation.