Kong ships a Kubernetes ingress controller implementation which translates Ingress resources into Kong configuration. In this configuration a Kong cluster is created within the cluster.


Installation is either via Kubernetes manifests or a Helm chart (kong, in https://charts.konghq.com).


Kong's configuration is managed by the Kong operator, which monitors the various CRDs:

  • KongIngress is an extension resource that stores Kong-specific configuration, associated with either an Ingress or Service resource:
    • When associated with an Ingress all routes associated with the Ingress resource are updated using each KongIngress.route.
    • When associated with a Service all services and upstreams in Kong are updated using each KongIngress.proxy and KongIngress.upstream.
  • KongPlugin resources configure plugins against Ingress, Service, and KongConsumer resources. They're namespace scoped.
  • KongClusterPlugin is a non-namespaced KongPlugin.
  • KongConsumer configures Kong consumers.
  • TCPIngress allows exposing non-HTTP and non-gRPC services.
  • KongCredential is deprecated in favour of Secret.