Install Kong Gateway in Konnect with Helm
Uses:
Kong Gateway
Related Documentation
TL;DR
Create a Control Plane in Konnect, populate a values.yaml file with the Control Plane details, and run helm install kong kong/kong --values ./values.yaml -n kong --create-namespace.
Konnect setup
If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.
- The following Konnect items are required to complete this tutorial:
- Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
-
Set the personal access token as an environment variable:
export KONNECT_TOKEN='YOUR KONNECT TOKEN'Copied!
Helm setup
helm repo add kong https://charts.konghq.com
helm repo update
Copied!
Create certificates
Create a certificate and key:
openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout ./tls.key -out ./tls.crt -days 1095 -subj "/CN=kong_clustering"
Copied!
Create a Secret containing the certificate:
kubectl create namespace kong
kubectl create secret tls kong-cluster-cert --cert=./tls.crt --key=./tls.key -n kong
Copied!
Create a Control Plane
Konnect allows you to create a Control Plane in a single API request.
Create a Control Plane and capture the details for later:
CONTROL_PLANE_DETAILS=$( curl -X POST "https://us.api.konghq.com/v2/control-planes" \
-H "Authorization: Bearer $KONNECT_TOKEN" \
--json '{
"name": "demo-control-plane"
}')
Copied!
Upload the certificates to this Control Plane:
CONTROL_PLANE_ID=$(echo $CONTROL_PLANE_DETAILS | jq -r .id)
CERT=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' tls.crt);
Copied!
curl -X POST "https://us.api.konghq.com/v2/control-planes/$CONTROL_PLANE_ID/dp-client-certificates" \
-H "Authorization: Bearer $KONNECT_TOKEN" \
--json '{
"cert": "'$CERT'"
}'
Copied!
Deploy a Data Plane
Export the Control Plane ID and telemetry endpoint for later:
CONTROL_PLANE_ENDPOINT=$(echo $CONTROL_PLANE_DETAILS | jq -r '.config.control_plane_endpoint | sub("https://";"")')
CONTROL_PLANE_TELEMETRY=$(echo $CONTROL_PLANE_DETAILS | jq -r '.config.telemetry_endpoint | sub("https://";"")')
Copied!
Create a values-dp.yaml file with the following content:
echo '
ingressController:
enabled: false
image:
repository: kong/kong-gateway
tag: ""
# Mount the secret created earlier
secretVolumes:
- kong-cluster-cert
env:
# data_plane nodes do not have a database
role: data_plane
database: "off"
konnect_mode: 'on'
vitals: "off"
cluster_mtls: pki
cluster_control_plane: "'$CONTROL_PLANE_ENDPOINT'"
cluster_telemetry_endpoint: "'$CONTROL_PLANE_ENDPOINT':443"
cluster_telemetry_server_name: "'$CONTROL_PLANE_ENDPOINT'"
cluster_cert: /etc/secrets/kong-cluster-cert/tls.crt
cluster_cert_key: /etc/secrets/kong-cluster-cert/tls.key
lua_ssl_trusted_certificate: system
proxy_access_log: "off"
dns_stale_ttl: "3600"
resources:
requests:
cpu: 1
memory: "2Gi"
secretVolumes:
- kong-cluster-cert
# The data plane handles proxy traffic only
proxy:
enabled: true
admin:
enabled: false
manager:
enabled: false
' > values-dp.yaml
Copied!
Deploy the Data Plane using the values-dp.yaml:
helm install kong kong/kong --values ./values-dp.yaml -n kong --create-namespace
Copied!