A short introductory talk given as part of the April 2018 Kong meetup "Introducing Kubernetes Ingress Controller for Kong". This talk covers the new features and improvements made to Kong from 2017 to 2018, including the groundwork conducted by Kong Inc. and open source contributors that allowed for the development of the Kong Ingress Controller for Kubernetes. The Kong Ingress Controller for Kubernetes was then announced during the meetup: https://github.com/Kong/kubernetes-ingress-controller

1. konghq.comMeetup
Meetup

2. konghq.comMeetup 2
● When was our last Kong meetup?
○ March 2017!
○ Kong 0.10
● What happened since then?
○ 3 major releases (0.11, 0.12, 0.13)
■ Numerous new features
■ Many efforts in usability and platform agnosticity
○ Community growth
■ Contributors
■ Kong Nation
Retrospective

3. konghq.comMeetup 3
● 0.10 -> 0.13 is a large Changelog
○ https://github.com/Kong/kong/blob/master/CHANGELOG.md
● Some of these laid out the foundations for the Kubernetes
integration:
○ Native clustering: getting rid of our Serf dependency
○ DNS: SRV & non-FQDN resolution
○ Health-checks & circuit breakers
○ Control/data plane separation
○ Services & Routes
Laying out the
groundwork for…
Kubernetes!

4. Native clustering

5. konghq.comMeetup 5
● A cluster is made of stateless peers connected to the same
database (PostgreSQL/Cassandra).
● Kong maintains a cache of the configuration stored in the
database.
● What about… cache invalidation?
Clustering

6. konghq.comMeetup 6
Serf Clustering
us-west-1 us-east-1
K K K K K K
LB LB
Cassandra Cassandra
Serf Serf Serf Serf Serf Serf
0.10 Kong + Serf pattern
overhead cross-DC
communication
sidecar daemon with
overhead TCP/UDP ports

7. konghq.comMeetup 7
Native Clustering
Kong 0.11 and above
us-west-1 us-east-1
K K K K K
LB LB
Cassandra Cassandra
K

8. konghq.comMeetup 8
● Serf was retired in favor of a pub/sub mechanism between
Kong and PostgreSQL/Cassandra
○ https://github.com/Kong/kong/pull/2561
○ https://github.com/thibaultcha/lua-resty-mlcache
● Reduce configuration/operations overhead
● Fully stateless
● More robust
● Got rid of some blocking I/O at the same time
Native Clustering
Kong 0.11 and above

9. DNS

10. konghq.comMeetup 10
● Kong maintains a user-land DNS resolver (in Lua)
○ Performance (NGINX)
○ SRV records
○ /etc/hosts
○ /etc/resolv.conf
○ DNS load-balancing
○ https://github.com/Kong/lua-resty-dns-client/
DNS resolution

11. konghq.comMeetup 11
● /etc/resolv.conf
○ Honour MAXNS (3)
○ Parse search and ndots options for non-FQDNs
● SRV records load-balancing
● Performance and memory footprint improvements
Kubernetes-ready
DNS resolution

12. Health-checks & circuit breakers

13. konghq.comMeetup
Load balancing &
retry policy
● Kong can act as a L7 load balancer
○ Round-robin
○ Weighted round-robin
○ Consistent hashing
● Retry policy for L3/L4 errors on a per-request basis
Let’s be more proactive!
13

14. konghq.comMeetup
Health-checks &
circuit breakers ● Landed in Kong CE 0.12
○ https://github.com/Kong/kong/pull/3096
○ https://getkong.org/docs/0.12.x/health-checks-circuit-breakers/
● Each node maintains the health of its upstreams
● Active checks: recurring probe
● Passive checks: tracks proxied requests
● Configurable L3/L4 errors and L7 HTTP status codes
Kong 0.12 and above
14

15. Control & Data Planes

16. konghq.comMeetup
Control & Data Planes
● How to disable the Admin API in Kong 0.12 and below?
○ Custom nginx.conf template
○ Remove the server {} block
● Disable the proxy: ditto!
16

17. konghq.comMeetup
Control & Data Planes
Kong 0.13 and above
● Landed in Kong CE 0.13
○ https://github.com/Kong/kong/pull/3147
● New configuration syntax for listeners
○ Support for disabling components
○ Support disabling plain text
○ Support for multiple listeners
○ Overall simplification of configuration parameters
proxy_listen = [off] | <address:port> [ssl] [http2] [proxy_protocol], [...next...]
17

18. konghq.comMeetup
Control & Data Planes
Kong 0.13 and above
proxy_listen = 0.0.0.0:443 ssl http2
admin_listen = 127.0.0.1:8443 ssl
ssl = on
http2 = on
proxy_listen = 0.0.0.0:80
proxy_listen_ssl = 0.0.0.0:443
admin_ssl = on
admin_http2 = off
admin_listen = 127.0.0.1:8001
admin_listen_ssl = 127.0.0.1:8443
18

19. konghq.comMeetup
Control & Data Planes
Kong 0.13 and above
proxy_listen = 0.0.0.0:443 ssl
admin_listen = off Data plane
proxy_listen = off
admin_listen = 127.0.0.1:8443 Control plane
19

20. Services & Routes

21. konghq.comMeetup
Services & Routes
● How to apply plugins per endpoint in Kong 0.12 and below?
● What about plugins that do not proxy requests?
21

22. konghq.comMeetup
Services & Routes
22

23. konghq.comMeetup
Services & Routes
$ curl -X POST http://localhost:8001/apis
-d 'name=example-api'
-d 'uris=/profile'
-d 'upstream_url=http://example-api.local'
HTTP/1.1 201 Created
Connection: close
…
$ curl -X POST http://localhost:8001/apis/example-api
-d 'name=key-auth'
-d config.key_names=apikey'
HTTP/1.1 201 Created
Connection: close
…
23

24. konghq.comMeetup
Services & Routes
24

25. konghq.comMeetup
Services & Routes
25

26. konghq.comMeetup
● Landed in Kong CE 0.13
○ https://github.com/Kong/kong/pull/3224
○ https://konghq.com/blog/kong-ce-0-13-0-released
26
Services & Routes

27. Demo

28. Community milestones

29. konghq.comMeetup
Community Milestones
29
Kong Nation
https://discuss.konghq.com

30. konghq.comMeetup
Community Milestones
30
100 contributors!
To all our contributors: thank you!

31. konghq.comMeetup 31

32. konghq.comMeetup
Community Milestones
32
Contributor T-shirt!

33. Thank you
Now: Kong Ingress Controller