Home / Kong Operator / Gateway Deployment / Get Started
Edit
Report

Create a Gateway

Uses: Kong Operator
Deployment Platform
Related Documentation
Operator Documentation
In This Series
  1. Install Kong Operator with self-managed Control Plane
  2. Create a Gateway
  3. Create a Route with Kong Operator with self-managed Control Plane
TL;DR

Create a GatewayConfiguration object, then create a GatewayClass instance and a Gateway resource.

Prerequisites

Series Prerequisites

This page is part of the Deploy self-managed Control Plane with Kong Operator series.

Complete the previous page, Install Kong Operator with self-managed Control Plane before completing this page.

Kong Konnect

If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.

  1. The following Konnect items are required to complete this tutorial:
    • Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.

  2. Set the personal access token as an environment variable:

    export KONNECT_TOKEN='YOUR KONNECT TOKEN'

Create a KonnectAPIAuthConfiguration resource

 
kubectl create namespace kong --dry-run=client -o yaml | kubectl apply -f -
echo '
kind: KonnectAPIAuthConfiguration
apiVersion: konnect.konghq.com/v1alpha1
metadata:
  name: konnect-api-auth
  namespace: kong
spec:
  type: token
  token: "'$KONNECT_TOKEN'"
  serverURL: us.api.konghq.com
' | kubectl apply -f -

Create a KonnectGatewayControlPlane resource

 
echo '
kind: KonnectGatewayControlPlane
apiVersion: konnect.konghq.com/v1alpha2
metadata:
  name: gateway-control-plane
  namespace: kong
spec:
  createControlPlaneRequest:
    name: gateway-control-plane
    cluster_type: CLUSTER_TYPE_K8S_INGRESS_CONTROLLER
  konnect:
    authRef:
      name: konnect-api-auth
' | kubectl apply -f -

Create a KonnectExtension resource

 
echo '
kind: KonnectExtension
apiVersion: konnect.konghq.com/v1alpha2
metadata:
  name: my-konnect-config
  namespace: kong
spec:
  clientAuth:
    certificateSecret:
      provisioning: Automatic
  konnect:
    controlPlane:
      ref:
        type: konnectNamespacedRef
        konnectNamespacedRef:
          name: gateway-control-plane' | kubectl apply -f -

ControlPlane and DataPlane resources

Creating GatewayClass and Gateway resources in Kubernetes causes Kong Operator to create a Kong Gateway deployment and manage its configuration with a self-managed Control Plane.

You can customize your Kong Gateway deployments and the self-managed Control Plane configuration using the GatewayConfiguration CRD. This allows you to control the image being used, and set any required environment variables.

Create the GatewayConfiguration

In order to specify the KonnectExtension in Gateway’s configuration you need to create a GatewayConfiguration object which will hold the KonnectExtension reference.

echo '
kind: GatewayConfiguration
apiVersion: gateway-operator.konghq.com/v2beta1
metadata:
  name: kong
  namespace: kong
spec:
  extensions:
  - kind: KonnectExtension
    name: my-konnect-config
    group: konnect.konghq.com
  dataPlaneOptions:
    deployment:
      replicas: 2' | kubectl apply -f -

Create the kong namespace

Create the kong namespace in your Kubernetes cluster, which is where the demo will run:

kubectl create namespace kong

GatewayConfiguration

 
echo 'kind: GatewayConfiguration
apiVersion: gateway-operator.konghq.com/v2beta1
metadata:
  name: kong
  namespace: kong
spec:
  dataPlaneOptions:
    deployment:
      podTemplateSpec:
        spec:
          containers:
          - name: proxy
            image: kong:3.9.1' | kubectl apply -f -

GatewayClass

To use the Gateway API resources to configure your Routes, you need to create a GatewayClass instance and create a Gateway resource that listens on the ports that you need.

echo '
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: kong
  namespace: kong
spec:
  controllerName: konghq.com/gateway-operator
  parametersRef:
    group: gateway-operator.konghq.com
    kind: GatewayConfiguration
    name: kong
    namespace: kong
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: kong
  namespace: kong
spec:
  gatewayClassName: kong
  listeners:
  - name: http
    protocol: HTTP
    port: 80' | kubectl apply -f -

You can verify that everything works by checking the Gateway resource via kubectl:

kubectl get -n kong gateway kong -o wide

You should see the following output:

NAME   CLASS   ADDRESS        PROGRAMMED   AGE
kong   kong    172.18.0.102   True         9m5s

Check the Programmed status

If the Gateway has Programmed condition set to True, you can visit Konnect and see your configuration being synced by the self-managed Control Plane.

Check that Programmed is True on the kong resource:

You can verify the Gateway was reconciled successfully by checking its Programmed condition.

kubectl get -n kong gateway kong \
  -o=jsonpath='{.status.conditions[?(@.type=="Programmed")]}' | jq

The output should look similar to this:

{
  "observedGeneration": 1,
  "reason": "Programmed",
  "status": "True",
  "type": "Programmed"
}
← Previous 1. Install Kong Operator with self-managed Control Plane Next → 3. Create a Route with Kong Operator with self-managed Control Plane
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support