Skip to content

Decide which kong proxy port to use in ingress based on kong setting #10278

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Decide which kong proxy port to use in ingress based on kong setting #10278

wants to merge 1 commit into from
+3 −3

Conversation

@tomty89
Copy link

@tomty89 tomty89 commented Aug 2, 2025
edited
Loading

Coupling the ingress setting with which kong proxy port to use is not exactly logical in at least some scenarios. One example would be that TLS passthrough is not supported / enabled / desired (but TLS termination is).

Since the kong proxy http port needs to be enabled for it to be usable anyway, this change should not cause current setup that have TLS ingress disabled to break, while it should at the same time offer some extra flexibility (and compatibility, for e.g. "nginx/kubernetes-ingress", which apparently does not support the nginx.ingress.kubernetes.io/ssl-passthrough annotation).

It does break TLS passthrough setup that for some reason have http kong proxy enabled though.

/cc @hamadodene @floreks @maciaszczykm

Ref.: #9861 #9863

@k8s-ci-robot k8s-ci-robot requested a review from floreks August 2, 2025 12:33
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Aug 2, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@k8s-ci-robot
Copy link
Contributor

@tomty89: GitHub didn't allow me to request PR reviews from the following users: hamadodene.

Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

Coupling the ingress setting with which kong proxy port to use is not exactly logical in at least some scenarios. One example would be that TLS passthrough is not supported / enabled / desired (but TLS termination is).

Since the kong proxy http port needs to be enabled for it to be usable anyway, this change should not cause current setup that have TLS ingress disabled to break, while it should at the same time offer some extra flexibility (and compatibility, for e.g. "nginx/kubernetes-ingress", which apparently does not support the nginx.ingress.kubernetes.io/ssl-passthrough annotation).

It does break TLS passthrough setup that for some reason have http kong proxy enabled though.

/cc @hamadodene @floreks @maciaszczykm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: tomty89
Once this PR has been reviewed and has the lgtm label, please assign shu-mutou for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. label Aug 2, 2025
@k8s-ci-robot
Copy link
Contributor

Welcome @tomty89!

It looks like this is your first PR to kubernetes/dashboard 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/dashboard has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Aug 2, 2025
@tomty89
Decide which kong proxy port to use in ingress based on kong setting
23863a3 
Coupling the ingress setting with which kong proxy port to use is
not exactly logical in at least some scenarios. One example would
be that TLS passthrough is not supported / enabled / desired (but
TLS termination is).

Since the kong proxy http port needs to be enabled for it to be
usable anyway, this change should not cause current setup that
have TLS ingress disabled to break, while it should at the same
time offer some extra flexibility (and compatibility, for e.g.
"nginx/kubernetes-ingress", which apparently does not support
the nginx.ingress.kubernetes.io/ssl-passthrough annotation).

It does break TLS passthrough setup that for some reason have http
kong proxy enabled though.
@tomty89
Copy link
Author

tomty89 commented Aug 2, 2025

Hmm just noticed that @mrjoshuap filed a similar PR earlier already, albeit with a slightly different approach and extra polish for the annotations.

I'll leave this open and let you guys decide which one to merge. Close as you wish. :)

@mrjoshuap
Copy link

Yes indeed, @tomty89. I put in #10086 to accomodate my installation and have been maintaining my own fork... not ideal, but it works.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@floreks floreks Awaiting requested review from floreks

@maciaszczykm maciaszczykm Awaiting requested review from maciaszczykm

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tomty89 @k8s-ci-robot @mrjoshuap @k8s-triage-robot