Konga: Setup Dashboard for Kong on Kubernetes Cluster
Konga is an open-source, community-developed management dashboard designed specifically for the Kong API Gateway.
Introduction
Konga is an open-source, community-developed management dashboard designed specifically for the Kong API Gateway. It delivers a user-friendly graphical interface, enabling you to efficiently manage and monitor your Kong infrastructure. Wondering what Kong is? We've got you covered with a comprehensive technical article that you can explore using the link provided below:
Utilizing Konga to manage Kong deployed within a Kubernetes Cluster implies that we can't directly manage Kong resources like routes, consumers, plugins, and so on. This is due to the fact that only the DB-less version of Kong can operate on Kubernetes, making Konga a read-only GUI for viewing the current state of Kong configurations. Nonetheless, this remains quite beneficial as it enables us to observe all configurations through a user-friendly graphical interface.
Installing Konga on Kubernetes
Prerequisites
Before installing Konga, we must first ensure we have a running Kong service. You can refer to the article mentioned earlier to learn how to install Kong on a Kubernetes cluster.
Konga requires a database to store basic configurations related to itself, as well as user configurations. As such, we'll need a PostgreSQL database. To get started with PostgreSQL on a Kubernetes cluster, you can follow the guide provided in the link below.
Keep in mind that Konga currently only supports PostgreSQL 9.6, so be sure to install the correct version. This guide assumes that you've followed the instructions below and created a database called konga with a username admin and password xxx.
Create Deployment, Services, and Ingress
Next, we need to create Deployment, Service, and Ingress resources. The Ingress will utilize an SSL Certificate from Let's Encrypt, provided by Cert Manager. To learn how to generate a free SSL Certificate on Kubernetes, you can check out the article linked below:
Create Kubernetes resources
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: konga
labels:
app: konga
spec:
selector:
matchLabels:
app: konga
template:
metadata:
labels:
app: konga
spec:
containers:
- name: konga
image: pantsel/konga
imagePullPolicy: Always
envFrom:
- configMapRef:
name: konga-cm
restartPolicy: Always
---
apiVersion: v1
kind: ConfigMap
metadata:
name: konga-cm
type: Opaque
data:
NODE_ENV = "production"
BASE_URL = "https://konga.example.com/"
KONGA_LOG_LEVEL = "debug"
NO_AUTH = "false"
DB_ADAPTER = "postgres"
DB_URI = "postgresql://admin:xxx@postgresql.database:5432/konga"
---
apiVersion: v1
kind: Service
metadata:
name: konga
labels:
app: konga
spec:
selector:
app: konga
ports:
- protocol: TCP
port: 80
targetPort: 1337
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: konga
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: konga.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: konga
port:
number: 80
tls:
- hosts:
- konga.example.com
secretName: tls-secret-konga
---Install to Kubernetes
~$ kubectl apply -f deployment.ymlTo run Konga migration, first enter the Konga pod, and then execute the migration script within the pod. This will ensure that the necessary database schema and configurations are set up for Konga to function correctly.
~$ kubectl get pods | grep "konga"
konga-xxx 1/1 Running
~$ kubectl exec konga-xxx -it -- /bin/sh
/app# node ./bin/konga.js prepare --adapter postgres --uri postgresql://admin:xxx@postgresql.database:5432/konga
Preparing database...
debug: Hook:api_health_checks:process() called
debug: Hook:health_checks:process() called
debug: Hook:start-scheduled-snapshots:process() called
debug: Hook:upstream_health_checks:process() called
debug: Hook:user_events_hook:process() called
debug: User had models, so no seed needed
debug: Kongnode had models, so no seed needed
debug: Emailtransport seeds updated
debug: Database migrations completed!Exposing Kong Admin API
Konga relies on Kong's Admin API to access Kong configurations. By default, the Kong Admin API is not accessible by other services. For the sake of simplicity, we will publicly expose it in this example; however, keep in mind that this is not considered best practice. Ideally, access should be limited to specific IP addresses (for instance, the Kubernetes cluster's private IP CIDR).
First, let's update the Kong Admin API Deployment to expose its API to other services:
~$ kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
ingress-kong 1/1 1 1 5m
~$ kubectl edit deployment ingress-kongUpdate spec.containers.env:
- name: KONG_PROXY_LISTEN
value: >-
0.0.0.0:8000 reuseport backlog=16384, 0.0.0.0:8443 http2 ssl
reuseport backlog=16384
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8444 http2 ssl reuseport backlog=16384
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100and expose it via Ingress
---
apiVersion: v1
kind: Service
metadata:
name: kong-admin
labels:
app: kong-admin
spec:
selector:
app: ingress-kong
ports:
- protocol: TCP
port: 8444
targetPort: 8444
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kong-admin
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: kong-admin-api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kong-admin
port:
number: 8444
tls:
- hosts:
- kong-admin-api.example.com
secretName: tls-secret-pmp-kong-admin-api
---Great! Everything is properly set up.
Initial Konga Setup
Now, simply open your browser and navigate to the URL corresponding to your Konga instance (e.g., https://konga.example.com) to access the Konga dashboard and start managing your Kong API Gateway.
Upon initial login, if no users exist, you'll be prompted to create a new user. After logging in, you'll need to set up a new connection by filling in the Kong Admin URL field with https://kong-admin-api.example.com (based on the Ingress configuration provided earlier). This will ensure that Konga can access the Kong Admin API and manage your Kong infrastructure.
About 8grams
We are a small DevOps Consulting Firm that has a mission to empower businesses with modern DevOps practices and technologies, enabling them to achieve digital transformation, improve efficiency, and drive growth.
Ready to transform your IT Operations and Software Development processes? Let's join forces and create innovative solutions that drive your business forward.