Hello, everyone! Viktor Gamov, a developer advocate with Kong here. In this article, I would like to show you how to set up service connectivity using Kong Konnect and Kubernetes. I will deploy an application in Kubernetes, configure a runtime through Konnect and demonstrate some management capabilities like enabling plugins.
Let's dive right in!
As a prerequisite, I have created an account set up in Konnect. If you don't already have one, you can sign up for free and follow our getting started documentation, blog post or video.
Also, I have prepared my three-node Kubernetes cluster in GCP.
I also have Helm 3 installed on my computer.
Kong provides you with Helm Charts for Kong Gateway and Ingress Controller.
Follow this documentation to add the Kong repository to your computer.
Next, we'll securely establish a connection between our control plane and our data plane. To do this, click Generate Certificate in the Runtimes section of Konnect.
You need to copy the certificate, root certificate and server private key to your files system.
We will deploy those to Kubernetes in a few steps.
Next, we should connect the runtime to our data plane. Then, we need to create secrets inside our Kubernetes cluster. One secret for the Kong cluster certificate and the other for the Kong cluster certificate code. There's more detail on this in the Kong Konnect documentation.
Note: Make sure you've created the namespace.
The next thing we'll need is the values.yaml file.
We can put all our customizations for Kong Helm Charts.
In case you are interested in customizing this installation, take a look at a repository of examples. In your case, it might contain different links because you might be using different URLs.
Apply the values.yaml file.
To get Helm access to Kong, we need to get the external IP address. For example, when creating a service with a load balancer in Google Cloud, Google Cloud will provide us with an external address. So to communicate with our application service, we need this address.
Next, let's make sure we have a connection to this runtime in Konnect and K9s.
It's connected in my Konnect Runtime Manager.
Here's my pod in K9s. It's connected to my control plane.
Now we have our data plane, our applications are running and our API gateway is running. Next, we need to manage this API gateway from the outside world.
We'll create a new service in Konnect ServiceHub called mock service. I'm creating a service that will proxy the request to this Mockbin through my Kong Gateway.
To create a new implementation, we'll go into our current version for the mock service and click Add New Implementation.
From Mockbin, we can try testing with foo and bar (http://mockbin.com/request?foo=bar&foo=baz), and I get the following response.
If we try to hit the same URL through Kong, we'll see some extra headers.
We should also be able to see this traffic in our Konnect Vitals data. I just hit once, so there's one spike.
So far, in the Konnect UI, we configured a mock service. That configuration propagated into our data plane that deployed in Kubernetes. We didn’t configure anything in Kubernetes, but suddenly our Kong Gateway service running inside Kubernetes started understanding the mock URL.
I wrote a small application called Quote Service that shows random quotes from Back to the Future. Once the application deploys, we’ll create the port forwarding. Then, once port forwarding is enabled, we’ll get responses from the service.
We'll hit this Kubernetes service through service discovery. So this Quote Service is now available on port 8080.
We'll go back to Konnect and create a new service and implementation again.
We'll add the route.
When we hit this now, it immediately goes through our Kong Ingress Controller. That's because the communication between the Konnect control plane and the data plane in Kubernetes is super fast.
If we continue hitting this with requests on repeat, we should see that in the Konnect Vitals graph.
What should we do in real life to prevent this type of situation? That's where rate limiting policies come in.
We can quickly enable Kong's rate limiting plugin. Let's allow one request per second.
If we start getting too many requests, our mock service will push back with a 429.
And in Kong Vitals, we should be able to see errors in red.
Another thing we could do is enable Kong's request validator plugin.
When our application starts getting bad requests, we'll get a Bad Request that says, “request body doesn’t conform to the schema.”
However, when I enter the magic_word, the application works as it should.
All of these plugins are on the runtime and don't require changing the application service. I think that’s pretty powerful.
Start a free trial, or contact us if you have any questions as you're getting set up.
Once you've set up Kong Konnect and Kubernetes, you may find these other tutorials helpful:
We're very excited to announce Kong Mesh 2.12 to the world! Kong Mesh 2.12 delivers two very important features: SPIFFE / SPIRE support, which provides enterprise-class workload identity and trust models for your mesh, as well as a consistent Kuma R
Meet Emily. She’s an API product manager at ACME, Inc., an ecommerce company that runs on dozens of APIs. One morning, her team lead asks a simple question: “Who’s our top API consumer, and which of your APIs are causing the most issues right now?”
Today, we’re announcing that Kong has acquired OpenMeter , the open source and SaaS leader for real-time usage metering and billing. OpenMeter’s capabilities will be integrated into Kong Konnect, enabling usage-based pricing, entitlements, and invo
It’s been almost a year since we released our Konnect Terraform provider . In that time we’ve seen over 300,000 installs, have 1.7 times as many resources available, and have expanded the provider to include data sources to enable federated managem
In the last two parts of this series, we discussed How to Strengthen a ReAct AI Agent with Kong AI Gateway and How to Build a Single-LLM AI Agent with Kong AI Gateway and LangGraph . In this third and final part, we're going to evolve the AI Agen
In my previous post, we discussed how we can implement a basic AI Agent with Kong AI Gateway. In part two of this series, we're going to review LangGraph fundamentals, rewrite the AI Agent and explore how Kong AI Gateway can be used to protect an LLM