A short introductory talk given as part of the April 2018 Kong meetup "Introducing Kubernetes Ingress Controller for Kong".
This talk covers the new features and improvements made to Kong from 2017 to 2018, including the groundwork conducted by Kong Inc. and open source contributors that allowed for the development of the Kong Ingress Controller for Kubernetes.
The Kong Ingress Controller for Kubernetes was then announced during the meetup:
https://github.com/Kong/kubernetes-ingress-controller
2. konghq.comMeetup 2
● When was our last Kong meetup?
○ March 2017!
○ Kong 0.10
● What happened since then?
○ 3 major releases (0.11, 0.12, 0.13)
■ Numerous new features
■ Many efforts in usability and platform agnosticity
○ Community growth
■ Contributors
■ Kong Nation
Retrospective
3. konghq.comMeetup 3
● 0.10 -> 0.13 is a large Changelog
○ https://github.com/Kong/kong/blob/master/CHANGELOG.md
● Some of these laid out the foundations for the Kubernetes
integration:
○ Native clustering: getting rid of our Serf dependency
○ DNS: SRV & non-FQDN resolution
○ Health-checks & circuit breakers
○ Control/data plane separation
○ Services & Routes
Laying out the
groundwork for…
Kubernetes!
5. konghq.comMeetup 5
● A cluster is made of stateless peers connected to the same
database (PostgreSQL/Cassandra).
● Kong maintains a cache of the configuration stored in the
database.
● What about… cache invalidation?
Clustering
6. konghq.comMeetup 6
Serf Clustering
us-west-1 us-east-1
K K K K K K
LB LB
Cassandra Cassandra
Serf Serf Serf Serf Serf Serf
0.10 Kong + Serf pattern
overhead cross-DC
communication
sidecar daemon with
overhead TCP/UDP ports
8. konghq.comMeetup 8
● Serf was retired in favor of a pub/sub mechanism between
Kong and PostgreSQL/Cassandra
○ https://github.com/Kong/kong/pull/2561
○ https://github.com/thibaultcha/lua-resty-mlcache
● Reduce configuration/operations overhead
● Fully stateless
● More robust
● Got rid of some blocking I/O at the same time
Native Clustering
Kong 0.11 and above
10. konghq.comMeetup 10
● Kong maintains a user-land DNS resolver (in Lua)
○ Performance (NGINX)
○ SRV records
○ /etc/hosts
○ /etc/resolv.conf
○ DNS load-balancing
○ https://github.com/Kong/lua-resty-dns-client/
DNS resolution
11. konghq.comMeetup 11
● /etc/resolv.conf
○ Honour MAXNS (3)
○ Parse search and ndots options for non-FQDNs
● SRV records load-balancing
● Performance and memory footprint improvements
Kubernetes-ready
DNS resolution
13. konghq.comMeetup
Load balancing &
retry policy
● Kong can act as a L7 load balancer
○ Round-robin
○ Weighted round-robin
○ Consistent hashing
● Retry policy for L3/L4 errors on a per-request basis
Let’s be more proactive!
13
14. konghq.comMeetup
Health-checks &
circuit breakers ● Landed in Kong CE 0.12
○ https://github.com/Kong/kong/pull/3096
○ https://getkong.org/docs/0.12.x/health-checks-circuit-breakers/
● Each node maintains the health of its upstreams
● Active checks: recurring probe
● Passive checks: tracks proxied requests
● Configurable L3/L4 errors and L7 HTTP status codes
Kong 0.12 and above
14
16. konghq.comMeetup
Control & Data Planes
● How to disable the Admin API in Kong 0.12 and below?
○ Custom nginx.conf template
○ Remove the server {} block
● Disable the proxy: ditto!
16
17. konghq.comMeetup
Control & Data Planes
Kong 0.13 and above
● Landed in Kong CE 0.13
○ https://github.com/Kong/kong/pull/3147
● New configuration syntax for listeners
○ Support for disabling components
○ Support disabling plain text
○ Support for multiple listeners
○ Overall simplification of configuration parameters
proxy_listen = [off] | <address:port> [ssl] [http2] [proxy_protocol], [...next...]
17
18. konghq.comMeetup
Control & Data Planes
Kong 0.13 and above
proxy_listen = 0.0.0.0:443 ssl http2
admin_listen = 127.0.0.1:8443 ssl
ssl = on
http2 = on
proxy_listen = 0.0.0.0:80
proxy_listen_ssl = 0.0.0.0:443
admin_ssl = on
admin_http2 = off
admin_listen = 127.0.0.1:8001
admin_listen_ssl = 127.0.0.1:8443
18
19. konghq.comMeetup
Control & Data Planes
Kong 0.13 and above
proxy_listen = 0.0.0.0:443 ssl
admin_listen = off Data plane
proxy_listen = off
admin_listen = 127.0.0.1:8443 Control plane
19