By on November 20, 2019

Introducing Kong for Kubernetes: Kubernetes-Native Ingress and API Management

At this year’s KubeCon, we debuted Kong for Kubernetes, the industry’s only fully Kubernetes-native ingress controller that supports end-to-end API management and is backed by an enterprise support subscription. Kong for Kubernetes builds on Kong’s open source Ingress Controller with Kong Enterprise plugins to provide Kubernetes deployments, native integration with Prometheus, Jeager, and other cloud native projects, enterprise-grade authentication, traffic control, transformations and more.    

Over the past few years, Kubernetes has become the de-facto standard for container orchestration. However, despite its broadscale adoption, Kubernetes ingress solutions have to date failed to provide a comprehensive solution for end-to-end API management and traffic control for all applications deployed on a cluster. Legacy API management platforms cannot easily integrate with Kubernetes due to their monolithic runtime architecture and fail to provide native management of APIs within Kubernetes via the Kubernetes APIs (kubectl and CRDs). Similarly, dedicated Kubernetes ingress solutions lack the comprehensive security capabilities and support needed within enterprise organizations. Kong for Kubernetes provides the industry’s only solution that addresses all of these concerns.

Kong for Kubernetes addresses these concerns by providing a Kubernetes-native ingress and API management solution, complete with out-of-the-box security, traffic control and enterprise support. Kong for Kubernetes differentiates from other solutions by enabling end-to-end workflows for managing APIs and ingress traffic within kubectl to facilitate a GitOps-based operational change model. Below, we detail some of the key capabilities of Kong for Kubernetes that make it the ideal fit for organizations leveraging Kubernetes in production.

Kong Enterprise

With Kong for Kubernetes as an ingress point, you get a number of enhancements to your experience by enabling Kong Enterprise plugins that help you further extend Kong use cases and customization specific to your organizational needs. Some of our popular plug-ins include:

  • OIDC Connect to integrate Kong with third party OpenID Connect 1.0 Provider
  • Advanced Rate Limiting to rate limit how many HTTP requests developers can make
  • Advanced Proxy Caching to cache and serve commonly requested responses in Kong
  • Advanced Request Transformer to use powerful regular expressions, variables and templates to transform API requests

Kong for Kubernetes allows Kong Enterprise customers to implement the same authentication and traffic control policies for Kubernetes as their other API gateways to ensure consistent access control.  

Furthermore, the Kong Ingress Controller automatically maps  Kubernetes namespaces to Kong Enterprise Workspaces and Kong RBAC to Kubernetes RBAC, leading to a fluid experience of managing policies and privileges within Kubernetes. 

Service Mesh Integration with Kuma and Istio

The Kong Ingress Controller can now be integrated with service meshes such as Istio and Kuma by acting as an ingress point in a service mesh deployment. This setup makes the Kong Ingress Controller the single port of entry for all external traffic coming into the service mesh.

Kong Ingress handles all external client-facing routing, policies, documentation and metrics, while load-balancing and service-to-service policy enforcement is performed through the underlying service mesh solution.

This flexible architecture allows Kubernetes cluster owners to use their preferred service mesh to manage east-west traffic while benefiting from the capabilities of the Kong Ingress Controller for all north-south traffic.

The following graphic shows a high-level deployment of Kong Ingress Controller using either the Kuma or Istio service mesh. Envoy is injected as a sidecar to Kong Ingress pod and handles the routing for all traffic upstream.

Getting Started

Wondering whether Kong for Kubernetes will meet the needs of your service environment? Kong Ingress Controller supports flexible deployment options, with installation using a Kubernetes Operator, Helm Chart, YAML manifests and Kustomize.

We are excited to provide a flexible Kubernetes-native ingress and API management solution, complete with out-of-the-box security, traffic control and enterprise support.

Ready to get your hands dirty with K4K8S? Our live tutorial lets you start playing with K4K8S immediately. 

Visit our installation documentation page to learn how to download K4K8S and get running.