1. Using kubernetes cilium.io with configuration.konghq.com

    TypeScript

    When you want to use Cilium as a networking plugin for Kubernetes along with introducing Kong as an API gateway, you will have to understand both components and how they integrate within a Kubernetes cluster.

    Cilium acts as the CNI (Container Network Interface) plugin that provides advanced networking capabilities like API-aware network security, load balancing, and visibility for container-based workloads. Cilium is built on top of eBPF, which is a powerful Linux kernel technology that allows it to enforce network policies, manipulate traffic, and monitor network activity.

    Kong, on the other hand, is an API gateway that you can run on Kubernetes. It handles external requests and manages traffic to your internal services. With the configuration.konghq.com annotations, you can define plugins or additional behavior for the resources managed by Kong.

    Here is a high-level overview of using Cilium and Kong with Kubernetes in Pulumi TypeScript:

    1. Install Cilium: Deploy Cilium to your Kubernetes cluster as your CNI. You would generally install it using a Helm chart.

    2. Install Kong: Deploy Kong as your API gateway using its Helm chart. You need to configure it to effectively manage your Kubernetes services.

    3. Interoperability: Ensure that both Cilium and Kong are properly configured to work together. This involves setting up proper networking policies and service routing.

    Below is a Pulumi TypeScript program that shows you how to install Cilium using the Helm chart and also how to install Kong in a basic configuration. This is a starting point and you'll need to adjust configurations based on your specific requirements.

    Please note that you'll need to have a Kubernetes cluster up and running, and your kubeconfig file should be configured to connect to it.

    import * as kubernetes from "@pulumi/kubernetes"; // Create an instance of the kubernetes provider. const provider = new kubernetes.Provider("k8s-provider", { kubeconfig: // your kubeconfig }); // Install Cilium using the Helm chart const ciliumChart = new kubernetes.helm.v3.Chart("cilium", { chart: "cilium", version: "1.9.1", // Use the appropriate chart version fetchOpts:{ repo: "https://helm.cilium.io/" }, }, { provider: provider }); // Install Kong using the Helm chart const kongChart = new kubernetes.helm.v3.Chart("kong", { chart: "kong", version: "2.1.0", // Use the appropriate chart version fetchOpts:{ repo: "https://charts.konghq.com" }, values: { // Place your configuration values here. An example is: // ingressController: { // installCRDs: false, // enabled: true, // service: { // type: "NodePort", // Use ClusterIP if you are not on a local cluster // externalIPs: [], // Add your external IP's if needed // } // } }, }, { provider: provider }); // Export endpoints (if needed) export const ciliumEndpoint = ciliumChart.getResourceProperty("v1/Service", "cilium", "status"); export const kongEndpoint = kongChart.getResourceProperty("v1/Service", "kong", "status");

    In the program above:

    • We import the necessary Pulumi and Kubernetes packages.
    • We create a Kubernetes provider instance that allows Pulumi to communicate with your Kubernetes cluster using your kubeconfig.
    • We use the @pulumi/kubernetes module to deploy Cilium and Kong using their Helm charts.
    • The fetchOpts.repo property specifies the Helm chart repositories for Cilium and Kong.
    • Placeholder comments indicate where you should place the configuration values for your instance of Kong. You'll need to fill in the configuration values to suit your use case.
    • Finally, we optionally export the service status for both Cilium and Kong, which can be useful for debugging or for CI/CD purposes.

    Remember that both Cilium and Kong have various configuration options that you might need to set according to your needs. The above example demonstrates a basic deployment, and you'll need to review the documentation for each to decide on the actual configuration that is right for your use case.

    Documentation for further reading and detailed configuration:

    After the Pulumi program runs successfully, Cilium and Kong will be installed in your Kubernetes cluster, and you can then start defining your network policies via Cilium and route your ingress traffic through Kong.