-
Notifications
You must be signed in to change notification settings - Fork 593
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support single controller deployments #702
Comments
We are definitely interested in this capability. If you need help, please let me know. |
+1 |
Plan:
Notes:
|
After discussing further with @mflendrich we're going to take some time to do some further investigation on the problem domain here (as opposed to going right into implementation as currently written) as we feel that there's some potential for large gains in rethinking our approach to this crossroads in how we deploy and manage the proxy. |
The team has decided that we'll hold on this issue for now as we try to make some architectural changes to the KIC which will ultimately make implementing this easier. |
So does this mean, in future, kong would be able to support mTLS communication between kong <-> service?? We basically have a use-case where we have an outside service communicating with kong running over AKS. Now we wish to establish mTLS between the two. As we have installed kong from helm charts, we were not able to accomodate the variables as mentioned in the above given link. Hence wanted to know if it was possible with the current kong release or is the mTLS support by kong yet to be implemented? |
In this particular case: This covers mTLS between the Kubernete Ingress Controller This does not pertain to any other services (e.g. the services being proxied to) for this scope. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Several weeks ago we started some work on this but it was not finished due to a desire by the maintainers to wait until KIC 2.0 which will bring a major re-architecture that would better support this feature. We'll consider this blocked on the KIC 2.0 milestone for now and revisit once that is completed. |
This is currently being worked on. #3268 aims to enable rendering and sending configs for multiple Kong Gateways: this will be done via the same flag that's in place today When that's done then we'll work on making this not be bound to controller's Pod's lifetime, specifically to use a label selector for Kong's Admin API Service. If all that gets released we'll be able to then incorporate those changes into helm chart so that users can utilize that deployment method to deploy single controller with multiple Gateways. |
The remaining work here is to complete all the remaining checkboxes in the AC. |
We still have
in ACs which didn't have its tracking issue. I created one, but I'm not sure how would that work having gateways discovered dynamically via a headless service. 🤔 Did we try to design this anywhere? |
For posterity: as agreed on sync meeting #3603 will track this effort but it won't be land in v2.9. |
The core has been implemented and will ship in KIC 2.9 and the Helm chart 2.17. There are a few open items left:
Now that we have only those details to polish, I'm closing this huge issue in favor of the more targeted ones above. |
Problem Statement
Currently the ingress controller is only capable of deploying configuration to one Kong Gateway at a time, the consequence of which is that to horizontally scale the data-plane in DBLESS mode you must create an ingress controller for each gateway which has some performance costs and wastes associated with it. The purpose of this issue is to make it possible to configure the KIC with multiple Gateways so that they all receive the same configuration updates.
Proposed Solution
dataplane.KongClient
(or similar struct with a superset ofKongClient
's functionality) to provide multiple Admin API endpoints and update each inc.Update()
#3209Additional information
Acceptance Criteria
the KEP has been updated and moves to "implemented" state: https://github.com/Kong/kubernetes-ingress-controller/blob/main/keps/0001-single-controller-multi-proxy.mdThe text was updated successfully, but these errors were encountered: