istio kong istio-gateway servicemesh kong-ingress

Kong with AWS Application Load Balancer

I was trying to create an alb-ingress-controller and point to kong-proxy. Since kong controller supports only classic loadbalancer and network loadbalancer

I followed all the mentioned steps from [https://discuss.konghq.com/t/kong-with-aws-application-load-balancer/6568] and created an alb ingress which points to the kong-proxy service.

Suppose i want to create an ingress resource for some application, previously i was creating using the kong ingress for example like this

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: foo
  namespace: default
spec:
  ingressClassName: kong
  rules:
  - http:
      paths:
      - path: /foo
        pathType: Prefix
        backend:
          service:
            name: foo-service
            port:
              number: 5000

Now since we have an alb infront of the kong proxy, i am creating the ingress like this

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: foo
  namespace: default
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/certificate-arn: "certificate arn here"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/target-type: ip 
spec:
  rules:
  - http:
      paths:
      - path: /foo
        pathType: Prefix
        backend:
          service:
            name: foo-service
            port:
              number: 5000

My doubt is how will this go through the kong gateway? Because it just seems like an another alb ingress resource.

I am new to this, so please enlighten me ,if i made any mistakes here

Solution

Your alb ingress should point to the kong proxy. The request will go through your alb -> kong-proxy -> foo-service.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: foo
  namespace: default
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/certificate-arn: "certificate arn here"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/target-type: ip 
spec:
  rules:
  - http:
      paths:
      - path: /foo
        pathType: Prefix
        backend:
          service:
            name: kong-proxy 
            port:
              number: 80

The above ingress will mean that the ingress controller configures the alb with the following:

two listeners: HTTP : 80 and HTTPS : 443
HTTP : 80 rules that will forward traffic to the kong-target-group
the HTTPS : 443 will have the specified SSL certificate set
HTTPS : 443 rules that will forward traffic to the kong-target-group
the kong-target-group will use the NodePort of the kong-proxy service and will have your k8s cluster nodes as the registered targets