Home / Kong Gateway / Install Kong Gateway
Edit
Report

Install Kong Gateway in Konnect with Helm

Uses: Kong Gateway
Related Documentation
All Gateway Documentation
Incompatible with
on-prem
TL;DR

Create a Control Plane in Konnect, populate a values.yaml file with the Control Plane details, and run helm install kong kong/kong --values ./values.yaml -n kong --create-namespace.

Konnect setup

If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.

  1. The following Konnect items are required to complete this tutorial:
    • Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.

  2. Set the personal access token as an environment variable:

    export KONNECT_TOKEN='YOUR KONNECT TOKEN'

Helm setup

 
helm repo add kong https://charts.konghq.com
helm repo update

Create certificates

 
openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout ./tls.key -out ./tls.crt -days 1095 -subj "/CN=kong_clustering"

Create a Secret containing the certificate:

kubectl create namespace kong
kubectl create secret tls kong-cluster-cert --cert=./tls.crt --key=./tls.key -n kong

Create a Control Plane

Konnect allows you to create a Control Plane in a single API request.

Create a Control Plane and capture the details for later:

CONTROL_PLANE_DETAILS=$(curl -X POST "https://us.api.konghq.com/v2/control-planes" \
     -H "Authorization: Bearer $KONNECT_TOKEN" \
     --json '{
       "name": "demo-control-plane"
     }')

Upload the certificates to this Control Plane:

CONTROL_PLANE_ID=$(echo $CONTROL_PLANE_DETAILS | jq -r .id)
CERT=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' tls.crt);

curl -X POST "https://us.api.konghq.com/v2/control-planes/$CONTROL_PLANE_ID/dp-client-certificates" \
     -H "Authorization: Bearer $KONNECT_TOKEN" \
     --json '{
       "cert": "'$CERT'"
     }'

Deploy a Data Plane

Export the Control Plane ID and telemetry endpoint for later:

CONTROL_PLANE_ENDPOINT=$(echo $CONTROL_PLANE_DETAILS | jq -r '.config.control_plane_endpoint | sub("https://";"")')
CONTROL_PLANE_TELEMETRY=$(echo $CONTROL_PLANE_DETAILS | jq -r '.config.telemetry_endpoint | sub("https://";"")')

Create a values-dp.yaml file with the following content:

echo '
ingressController:
 enabled: false
  
image:
 repository: kong/kong-gateway
 tag: ""
  
# Mount the secret created earlier
secretVolumes:
 - kong-cluster-cert
  
env:
  # data_plane nodes do not have a database
  role: data_plane
  database: "off"
  konnect_mode: 'on'
  vitals: "off"
  cluster_mtls: pki

  cluster_control_plane: "'$CONTROL_PLANE_ENDPOINT'"
  cluster_telemetry_endpoint: "'$CONTROL_PLANE_ENDPOINT':443"
  cluster_telemetry_server_name: "'$CONTROL_PLANE_ENDPOINT'"
  cluster_cert: /etc/secrets/kong-cluster-cert/tls.crt
  cluster_cert_key: /etc/secrets/kong-cluster-cert/tls.key

  lua_ssl_trusted_certificate: system
  proxy_access_log: "off"
  dns_stale_ttl: "3600"
resources:
  requests:
    cpu: 1
    memory: "2Gi"
secretVolumes:
  - kong-cluster-cert
  
# The data plane handles proxy traffic only
proxy:
 enabled: true
  
admin:
 enabled: false
  
manager:
 enabled: false
' > values-dp.yaml

helm install kong kong/kong --values ./values-dp.yaml -n kong --create-namespace
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support